Analysis Report image.exe

Overview

General Information

Joe Sandbox Version:	25.0.0 Tiger's Eye
Analysis ID:	786614
Start date:	13.02.2019
Start time:	16:35:19
Joe Sandbox Product:	Cloud
Overall analysis duration:	0h 13m 35s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	image.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 7 (Office 2010 SP2, Java 1.8.0_40 1.8.0_191, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 55, Firefox 43)
Number of analysed new started processes analysed:	40
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies	HCA enabled EGA enabled HDC enabled
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.adwa.spyw.evad.winEXE@63/14@6/0
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 53.9% (good quality ratio 50.8%) Quality average: 75.4% Quality standard deviation: 28.5%
HCA Information:	Successful, ratio: 100% Number of executed functions: 85 Number of non-executed functions: 196
Cookbook Comments:	Adjust boot time Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): dllhost.exe, conhost.exe Report creation exceeded maximum time and may have missing disassembly code information. Report size exceeded maximum capacity and may have missing behavior information. Report size exceeded maximum capacity and may have missing disassembly code. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtQueryValueKey calls found. Skipping Hybrid Code Analysis (implementation is based on Java, .Net, VB or Delphi, or parses a document) for: image.exe, bnmoc.exe, bnmoc.exe, bnmoc.exe

Detection

Strategy	Score	Range	Reporting	Whitelisted	Detection
Threshold	100	0 - 100	Report FP / FN	false

Confidence

Strategy	Score	Range	Further Analysis Required?	Confidence
Threshold	5	0 - 5	false

Classification

Analysis Advice

Sample has a GUI, but Joe Sandbox has not found any clickable buttons, likely more UI automation may extend behavior

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control
Valid Accounts	Command-Line Interface1	Startup Items2	Startup Items2	Software Packing2	Credentials in Files1	Process Discovery1	Application Deployment Software	Data from Local System1	Data Compressed	Standard Cryptographic Protocol1
Replication Through Removable Media	Exploitation for Client Execution1	Registry Run Keys / Start Folder21	Process Injection411	Disabling Security Tools111	Network Sniffing	Security Software Discovery231	Remote Services	Data from Removable Media	Exfiltration Over Other Network Medium	Standard Non-Application Layer Protocol1
Drive-by Compromise	Windows Management Instrumentation	Accessibility Features	Path Interception	Process Injection411	Input Capture	Remote System Discovery1	Windows Remote Management	Data from Network Shared Drive	Automated Exfiltration	Standard Application Layer Protocol1
Exploit Public-Facing Application	Scheduled Task	System Firmware	DLL Search Order Hijacking	Obfuscated Files or Information4	Credentials in Files	File and Directory Discovery1	Logon Scripts	Input Capture	Data Encrypted	Multiband Communication
Spearphishing Link	Command-Line Interface	Shortcut Modification	File System Permissions Weakness	Masquerading	Account Manipulation	System Information Discovery1	Shared Webroot	Data Staged	Scheduled Transfer	Standard Cryptographic Protocol

Signature Overview

Click to jump to signature section

AV Detection:

Antivirus detection for dropped file

Show sources

Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Avira: Label: TR/Dropper.Gen
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Avira: Label: TR/Dropper.Gen
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Avira: Label: TR/Dropper.Gen

Antivirus detection for submitted file

Show sources

Source: image.exe

Avira: Label: TR/Dropper.Gen

Multi AV Scanner detection for dropped file

Show sources

Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	virustotal: Detection: 72%	Perma Link
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	metadefender: Detection: 56%	Perma Link
Source: C:\Users\user~1\AppData\Local\Temp\Mdxylb\certmgrqrj8dx.exe	metadefender: Detection: 56%	Perma Link
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	metadefender: Detection: 56%	Perma Link

Multi AV Scanner detection for submitted file

Show sources

Source: image.exe	virustotal: Detection: 72%			Perma Link
Source: image.exe	metadefender: Detection: 56%			Perma Link

Antivirus detection for unpacked file

Show sources

Source: 27.2.bnmoc.exe.400000.1.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 14.2.bnmoc.exe.400000.1.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 37.2.bnmoc.exe.400000.1.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 8.2.bnmoc.exe.400000.1.unpack	Avira: Label: TR/Crypt.ZPACK.Gen

Spreading:

Enumerates the file system

Show sources

Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Roaming\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\	Jump to behavior

Software Vulnerabilities:

Found inlined nop instructions (likely shell or obfuscated code)

Show sources

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 4x nop then pop edi	8_2_0040BB2F
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 4x nop then pop esi	8_2_00414690
Source: C:\Windows\System32\msg.exe	Code function: 4x nop then pop esi	15_2_00074690
Source: C:\Windows\System32\msg.exe	Code function: 4x nop then pop edi	15_2_0006BB2F
Source: C:\Windows\System32\cmmon32.exe	Code function: 4x nop then pop esi	24_2_00074690
Source: C:\Windows\System32\cmmon32.exe	Code function: 4x nop then pop edi	24_2_0006BB2F

Networking:

Social media urls found in memory data

Show sources

Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.facebook.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.facebook.com/favicon.ico

Found strings which match to known social media urls

Show sources

Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: <SuggestionsURL>http://ie.search.yahoo.com/os?command={SearchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: <FavoriteIcon>http://search.yahoo.co.jp/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo)
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: <FavoriteIcon>http://search.yahoo.com/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo)
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: <FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: <URL>http://br.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: <URL>http://de.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: <URL>http://es.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: <URL>http://espanol.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: <URL>http://fr.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: <URL>http://in.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: <URL>http://it.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: <URL>http://kr.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: <URL>http://ru.search.yahoo.com</URL> equals www.yahoo.com (Yahoo)
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: <URL>http://sads.myspace.com/</URL> equals www.myspace.com (Myspace)
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: <URL>http://search.cn.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: <URL>http://search.yahoo.co.jp</URL> equals www.yahoo.com (Yahoo)
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: <URL>http://search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: <URL>http://tw.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: <URL>http://uk.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: <URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
Source: explorer.exe, 00000009.00000000.1692977138.06EE0000.00000008.sdmp	String found in binary or memory: Free Hotmail.url equals www.hotmail.com (Hotmail)

Performs DNS lookups

Show sources

Source: unknown

DNS traffic detected: queries for: www.evcvnymlarked.review

Urls found in memory or binary data

Show sources

Source: explorer.exe, 00000009.00000000.1692977138.06EE0000.00000008.sdmp	String found in binary or memory: http://%s.com
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://amazon.fr/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://ariadna.elmundo.es/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://ariadna.elmundo.es/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://arianna.libero.it/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://arianna.libero.it/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://asp.usatoday.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://asp.usatoday.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://auone.jp/favicon.ico
Source: explorer.exe, 00000009.00000000.1692977138.06EE0000.00000008.sdmp	String found in binary or memory: http://auto.search.msn.com/response.asp?MT=
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://br.search.yahoo.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://browse.guardian.co.uk/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://browse.guardian.co.uk/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://busca.buscape.com.br/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://busca.buscape.com.br/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://busca.estadao.com.br/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://busca.igbusca.com.br/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://busca.orange.es/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://busca.uol.com.br/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://busca.uol.com.br/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://buscador.lycos.es/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://buscador.terra.com.br/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://buscador.terra.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://buscador.terra.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://buscador.terra.es/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://buscar.ozu.es/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://buscar.ya.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://busqueda.aol.com.mx/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://cerca.lycos.it/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://cgi.search.biglobe.ne.jp/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://clients5.google.com/complete/search?hl=
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://cnet.search.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://corp.naukri.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://corp.naukri.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1703078184.02CBA000.00000004.sdmp	String found in binary or memory: http://crl.microso
Source: explorer.exe, 00000009.00000000.1706215274.0498C000.00000004.sdmp	String found in binary or memory: http://crl.microsoft$
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://de.search.yahoo.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://es.ask.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://es.search.yahoo.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://esearch.rakuten.co.jp/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://espanol.search.yahoo.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://espn.go.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://find.joins.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://fr.search.yahoo.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://google.pchome.com.tw/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://home.altervista.org/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://home.altervista.org/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://ie.search.yahoo.com/os?command=
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://images.monster.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://img.atlas.cz/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://in.search.yahoo.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://it.search.dada.net/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://it.search.dada.net/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://it.search.yahoo.com/
Source: explorer.exe, 00000009.00000000.1694243707.0011D000.00000004.sdmp	String found in binary or memory: http://java.sun.com
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://jobsearch.monster.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://kr.search.yahoo.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://list.taobao.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&q=
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://mail.live.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://mail.live.com/?rru=compose%3Fsubject%3D
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://msk.afisha.ru/
Source: explorer.exe, 00000009.00000000.1695567792.015AA000.00000004.sdmp	String found in binary or memory: http://ns.adobedel
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://ocnsearch.goo.ne.jp/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://openimage.interpark.com/interpark.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://p.zhongsou.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://p.zhongsou.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://price.ru/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://price.ru/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://recherche.linternaute.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://recherche.tf1.fr/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://recherche.tf1.fr/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://rover.ebay.com
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://ru.search.yahoo.com
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://sads.myspace.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search-dyn.tiscali.it/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.about.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.alice.it/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.alice.it/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.aol.co.uk/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.aol.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.aol.in/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.atlas.cz/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.auction.co.kr/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.auone.jp/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.books.com.tw/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.books.com.tw/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.centrum.cz/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.centrum.cz/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.chol.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.chol.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.cn.yahoo.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.daum.net/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.daum.net/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.dreamwiz.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.dreamwiz.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.ebay.co.uk/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.ebay.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.ebay.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.ebay.de/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.ebay.es/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.ebay.fr/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.ebay.in/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.ebay.it/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.empas.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.empas.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.espn.go.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.gamer.com.tw/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.gamer.com.tw/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.gismeteo.ru/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.goo.ne.jp/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.goo.ne.jp/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.hanafos.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.hanafos.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.interpark.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.ipop.co.kr/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.ipop.co.kr/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&q=
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&q=
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&q=
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.live.com/results.aspx?q=
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.livedoor.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.livedoor.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.lycos.co.uk/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.lycos.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.lycos.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.msn.co.jp/results.aspx?q=
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.msn.co.uk/results.aspx?q=
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.msn.com.cn/results.aspx?q=
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.msn.com/results.aspx?q=
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.nate.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.naver.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.naver.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.nifty.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.orange.co.uk/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.orange.co.uk/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.rediff.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.rediff.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.seznam.cz/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.seznam.cz/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.sify.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.yahoo.co.jp
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.yahoo.co.jp/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.yahoo.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.yahoo.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&p=
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search.yam.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search1.taobao.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://search2.estadao.com.br/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://searchresults.news.com.au/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://service2.bfast.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://sitesearch.timesonline.co.uk/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://so-net.search.goo.ne.jp/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://suche.aol.de/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://suche.freenet.de/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://suche.freenet.de/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://suche.lycos.de/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://suche.t-online.de/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://suche.web.de/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://suche.web.de/favicon.ico
Source: explorer.exe, 00000009.00000000.1692977138.06EE0000.00000008.sdmp	String found in binary or memory: http://treyresearch.net
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://tw.search.yahoo.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://udn.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://udn.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://uk.ask.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://uk.ask.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://uk.search.yahoo.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://vachercher.lycos.fr/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://video.globo.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://video.globo.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://web.ask.com/
Source: explorer.exe, 00000009.00000000.1692977138.06EE0000.00000008.sdmp	String found in binary or memory: http://www.%s.com
Source: explorer.exe, 00000009.00000000.1698938326.02080000.00000008.sdmp	String found in binary or memory: http://www.%s.comPA
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.abril.com.br/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.abril.com.br/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.alarabiya.net/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.alarabiya.net/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.amazon.co.jp/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.amazon.co.uk/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&keyword=
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.amazon.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&tag=ie8search-20&index=blended&linkCode=qs&c
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.amazon.de/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.aol.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.arrakis.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.arrakis.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.asharqalawsat.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.asharqalawsat.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.ask.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.auction.co.kr/auction.ico
Source: explorer.exe, 00000009.00000000.1694243707.0011D000.00000004.sdmp	String found in binary or memory: http://www.autoitscript.com/autoit3
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.baidu.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.baidu.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.cdiscount.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.cdiscount.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.ceneo.pl/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.ceneo.pl/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.cjmall.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.cjmall.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.clarin.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.cnet.co.uk/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.cnet.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1706215274.0498C000.00000004.sdmp	String found in binary or memory: http://www.d-trust.ne
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.dailymail.co.uk/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.dailymail.co.uk/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.etmall.com.tw/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.etmall.com.tw/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.excite.co.jp/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.expedia.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.expedia.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.gismeteo.ru/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.gmarket.co.kr/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.gmarket.co.kr/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.google.co.in/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.google.co.jp/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.google.co.uk/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.google.com.br/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.google.com.sa/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.google.com.tw/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.google.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.google.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.google.cz/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.google.de/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.google.es/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.google.fr/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.google.it/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.google.pl/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.google.ru/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.google.si/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.iask.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.iask.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.kkbox.com.tw/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.kkbox.com.tw/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.linternaute.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.maktoob.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.mercadolibre.com.mx/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.mercadolivre.com.br/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.merlin.com.pl/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.merlin.com.pl/favicon.ico
Source: explorer.exe, 00000009.00000000.1703078184.02CBA000.00000004.sdmp	String found in binary or memory: http://www.microsoft.c
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.microsofttranslator.com/?ref=IE8Activity
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.microsofttranslator.com/BV.aspx?ref=IE8Activity&a=
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.microsofttranslator.com/Default.aspx?ref=IE8Activity
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.microsofttranslator.com/DefaultPrev.aspx?ref=IE8Activity
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.mtv.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.mtv.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.myspace.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.najdi.si/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.najdi.si/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.nate.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.neckermann.de/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.neckermann.de/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.news.com.au/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.nifty.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.ocn.ne.jp/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.orange.fr/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.otto.de/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.ozon.ru/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.ozon.ru/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.ozu.es/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.paginasamarillas.es/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.paginasamarillas.es/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.pchome.com.tw/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.priceminister.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.priceminister.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.rakuten.co.jp/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.rambler.ru/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.rambler.ru/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.recherche.aol.fr/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.rtl.de/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.rtl.de/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.servicios.clarin.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.shopzilla.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.sify.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.sogou.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.sogou.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.soso.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.soso.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.t-online.de/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.taobao.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.taobao.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.target.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.target.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.tchibo.de/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.tchibo.de/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.tesco.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.tesco.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.tiscali.it/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.univision.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.univision.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.walmart.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.walmart.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.ya.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www.yam.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www3.fnac.com/
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://www3.fnac.com/favicon.ico
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&Version=2008-06-26&Operation
Source: explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	String found in binary or memory: http://z.about.com/m/a08.ico
Source: explorer.exe, 00000009.00000000.1694243707.0011D000.00000004.sdmp	String found in binary or memory: https://support.mozilla.org
Source: explorer.exe, 00000009.00000000.1694243707.0011D000.00000004.sdmp	String found in binary or memory: https://www.mozilla.org
Source: explorer.exe, 00000009.00000000.1694243707.0011D000.00000004.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/43.0.1/releasenotes
Source: msg.exe, 0000000F.00000002.1953565207.01ECF000.00000004.sdmp	String found in binary or memory: https://www.wendihutagaol.com/hu/?RN=kBvVMbxNpEnnNAgtDWXnr5DLJDjY6g37u8QPxKjeIinPPfxBfL5X92QC6Wo69Ol

System Summary:

FormBook malware detected

Show sources

Source: C:\Windows\System32\msg.exe	Dropped file: C:\Users\user\AppData\Roaming\K47N66PW\K47logri.ini	Jump to dropped file
Source: C:\Windows\System32\msg.exe	Dropped file: C:\Users\user\AppData\Roaming\K47N66PW\K47logrv.ini	Jump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Dropped file: C:\Users\user\AppData\Roaming\K47N66PW\K47logrf.ini	Jump to dropped file

Initial sample is a PE file and has a suspicious name

Show sources

Source: initial sample

Static PE information: Filename: image.exe

Contains functionality to call native functions

Show sources

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00416B50 NtCreateFile,	8_2_00416B50
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00416C00 NtReadFile,	8_2_00416C00
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00416D30 NtAllocateVirtualMemory,	8_2_00416D30
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00416B4A NtCreateFile,	8_2_00416B4A
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00416D2B NtAllocateVirtualMemory,	8_2_00416D2B
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00716070 NtResumeThread,NtResumeThread,	8_2_00716070
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00716130 NtSetContextThread,NtSetContextThread,	8_2_00716130
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00715190 NtCreateFile,NtCreateFile,	8_2_00715190
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_007152B0 NtCreateSection,NtCreateSection,	8_2_007152B0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00715390 NtDelayExecution,NtDelayExecution,	8_2_00715390
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00716460 NtSuspendThread,NtSuspendThread,	8_2_00716460
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_007155A0 NtFreeVirtualMemory,	8_2_007155A0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_007157F0 NtMapViewOfSection,NtMapViewOfSection,	8_2_007157F0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00715C10 NtQueryInformationProcess,NtQueryInformationProcess,	8_2_00715C10
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00715DC0 NtQuerySystemInformation,NtQuerySystemInformation,	8_2_00715DC0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00715E40 NtQueueApcThread,NtQueueApcThread,	8_2_00715E40
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00714E30 NtAdjustPrivilegesToken,NtAdjustPrivilegesToken,	8_2_00714E30
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00715EC0 NtReadVirtualMemory,NtReadVirtualMemory,	8_2_00715EC0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00714EA0 NtAllocateVirtualMemory,NtAllocateVirtualMemory,	8_2_00714EA0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00715E80 NtReadFile,NtReadFile,	8_2_00715E80
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00715090 NtClose,	8_2_00715090
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_007151D0 NtCreateKey,	8_2_007151D0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00715270 NtCreateProcessEx,	8_2_00715270
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00715210 NtCreateMutant,	8_2_00715210
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00716200 NtSetInformationFile,	8_2_00716200
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_007163D0 NtSetValueKey,	8_2_007163D0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_007154E0 NtEnumerateValueKey,	8_2_007154E0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_007154B0 NtEnumerateKey,	8_2_007154B0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_007165E0 NtWaitForSingleObject,	8_2_007165E0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_007155E0 NtGetContextThread,	8_2_007155E0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00716580 NtUnmapViewOfSection,	8_2_00716580
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00716660 NtWriteVirtualMemory,	8_2_00716660
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00716630 NtWriteFile,	8_2_00716630
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00715860 NtOpenDirectoryObject,	8_2_00715860
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00715960 NtOpenProcessToken,	8_2_00715960
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00715950 NtOpenProcess,	8_2_00715950
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00716070 NtResumeThread,NtResumeThread,	14_2_00716070
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00716130 NtSetContextThread,NtSetContextThread,	14_2_00716130
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00715190 NtCreateFile,NtCreateFile,	14_2_00715190
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_007152B0 NtCreateSection,NtCreateSection,	14_2_007152B0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00715390 NtDelayExecution,NtDelayExecution,	14_2_00715390
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00716460 NtSuspendThread,NtSuspendThread,	14_2_00716460
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_007155A0 NtFreeVirtualMemory,	14_2_007155A0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_007157F0 NtMapViewOfSection,NtMapViewOfSection,	14_2_007157F0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00715C10 NtQueryInformationProcess,NtQueryInformationProcess,	14_2_00715C10
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00715DC0 NtQuerySystemInformation,NtQuerySystemInformation,	14_2_00715DC0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00715E40 NtQueueApcThread,NtQueueApcThread,	14_2_00715E40
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00714E30 NtAdjustPrivilegesToken,NtAdjustPrivilegesToken,	14_2_00714E30
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00715EC0 NtReadVirtualMemory,NtReadVirtualMemory,	14_2_00715EC0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00714EA0 NtAllocateVirtualMemory,NtAllocateVirtualMemory,	14_2_00714EA0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00715E80 NtReadFile,NtReadFile,	14_2_00715E80
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00715090 NtClose,	14_2_00715090
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_007151D0 NtCreateKey,	14_2_007151D0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00715270 NtCreateProcessEx,	14_2_00715270
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00715210 NtCreateMutant,	14_2_00715210
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00716200 NtSetInformationFile,	14_2_00716200
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_007163D0 NtSetValueKey,	14_2_007163D0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_007154E0 NtEnumerateValueKey,	14_2_007154E0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_007154B0 NtEnumerateKey,	14_2_007154B0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_007155E0 NtGetContextThread,	14_2_007155E0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_007165E0 NtWaitForSingleObject,	14_2_007165E0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00716580 NtUnmapViewOfSection,	14_2_00716580
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00716660 NtWriteVirtualMemory,	14_2_00716660
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00716630 NtWriteFile,	14_2_00716630
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00715860 NtOpenDirectoryObject,	14_2_00715860
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00715960 NtOpenProcessToken,	14_2_00715960
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00715950 NtOpenProcess,	14_2_00715950
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_007159D0 NtOpenThread,	14_2_007159D0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00715AE0 NtProtectVirtualMemory,	14_2_00715AE0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00715BE0 NtQueryInformationFile,	14_2_00715BE0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00715C40 NtQueryInformationToken,	14_2_00715C40
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00715D50 NtQuerySection,	14_2_00715D50
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00715E20 NtQueryVirtualMemory,	14_2_00715E20
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00715E10 NtQueryValueKey,	14_2_00715E10
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01616130 NtSetContextThread,NtSetContextThread,	15_2_01616130
Source: C:\Windows\System32\msg.exe	Code function: 15_2_016151D0 NtCreateKey,NtCreateKey,	15_2_016151D0
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01615190 NtCreateFile,NtCreateFile,	15_2_01615190
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01616070 NtResumeThread,NtResumeThread,	15_2_01616070
Source: C:\Windows\System32\msg.exe	Code function: 15_2_016163D0 NtSetValueKey,NtSetValueKey,	15_2_016163D0
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01615390 NtDelayExecution,NtDelayExecution,	15_2_01615390
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01616200 NtSetInformationFile,NtSetInformationFile,	15_2_01616200
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01615210 NtCreateMutant,NtCreateMutant,	15_2_01615210
Source: C:\Windows\System32\msg.exe	Code function: 15_2_016152B0 NtCreateSection,NtCreateSection,	15_2_016152B0
Source: C:\Windows\System32\msg.exe	Code function: 15_2_016165E0 NtWaitForSingleObject,	15_2_016165E0
Source: C:\Windows\System32\msg.exe	Code function: 15_2_016155A0 NtFreeVirtualMemory,	15_2_016155A0
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01616460 NtSuspendThread,NtSuspendThread,	15_2_01616460
Source: C:\Windows\System32\msg.exe	Code function: 15_2_016154E0 NtEnumerateValueKey,NtEnumerateValueKey,	15_2_016154E0
Source: C:\Windows\System32\msg.exe	Code function: 15_2_016157F0 NtMapViewOfSection,NtMapViewOfSection,	15_2_016157F0
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01616630 NtWriteFile,NtWriteFile,	15_2_01616630
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01615DC0 NtQuerySystemInformation,NtQuerySystemInformation,	15_2_01615DC0
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01615C40 NtQueryInformationToken,NtQueryInformationToken,	15_2_01615C40
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01615C10 NtQueryInformationProcess,NtQueryInformationProcess,	15_2_01615C10
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01615E40 NtQueueApcThread,NtQueueApcThread,	15_2_01615E40
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01614E30 NtAdjustPrivilegesToken,NtAdjustPrivilegesToken,	15_2_01614E30
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01615E10 NtQueryValueKey,NtQueryValueKey,	15_2_01615E10
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01615EC0 NtReadVirtualMemory,NtReadVirtualMemory,	15_2_01615EC0
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01614EA0 NtAllocateVirtualMemory,NtAllocateVirtualMemory,	15_2_01614EA0
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01615E80 NtReadFile,NtReadFile,	15_2_01615E80
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01615090 NtClose,	15_2_01615090
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01615270 NtCreateProcessEx,	15_2_01615270
Source: C:\Windows\System32\msg.exe	Code function: 15_2_016155E0 NtGetContextThread,	15_2_016155E0
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01616580 NtUnmapViewOfSection,	15_2_01616580
Source: C:\Windows\System32\msg.exe	Code function: 15_2_016154B0 NtEnumerateKey,	15_2_016154B0
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01616660 NtWriteVirtualMemory,	15_2_01616660
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01615960 NtOpenProcessToken,	15_2_01615960
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01615950 NtOpenProcess,	15_2_01615950
Source: C:\Windows\System32\msg.exe	Code function: 15_2_016159D0 NtOpenThread,	15_2_016159D0
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01615860 NtOpenDirectoryObject,	15_2_01615860
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01615BE0 NtQueryInformationFile,	15_2_01615BE0
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01615AE0 NtProtectVirtualMemory,	15_2_01615AE0
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01615D50 NtQuerySection,	15_2_01615D50
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01615E20 NtQueryVirtualMemory,	15_2_01615E20
Source: C:\Windows\System32\msg.exe	Code function: 15_2_00076B50 NtCreateFile,	15_2_00076B50
Source: C:\Windows\System32\msg.exe	Code function: 15_2_00076C00 NtReadFile,	15_2_00076C00
Source: C:\Windows\System32\msg.exe	Code function: 15_2_00076D30 NtAllocateVirtualMemory,	15_2_00076D30
Source: C:\Windows\System32\msg.exe	Code function: 15_2_00076B4A NtCreateFile,	15_2_00076B4A
Source: C:\Windows\System32\msg.exe	Code function: 15_2_00076D2B NtAllocateVirtualMemory,	15_2_00076D2B
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00775210 NtCreateMutant,NtCreateMutant,	24_2_00775210
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007755A0 NtFreeVirtualMemory,	24_2_007755A0
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00775C10 NtQueryInformationProcess,NtQueryInformationProcess,	24_2_00775C10
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00775DC0 NtQuerySystemInformation,NtQuerySystemInformation,	24_2_00775DC0
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00774E30 NtAdjustPrivilegesToken,NtAdjustPrivilegesToken,	24_2_00774E30
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00774EA0 NtAllocateVirtualMemory,NtAllocateVirtualMemory,	24_2_00774EA0
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00776070 NtResumeThread,	24_2_00776070
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00775090 NtClose,	24_2_00775090
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00776130 NtSetContextThread,	24_2_00776130
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007751D0 NtCreateKey,	24_2_007751D0
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00775190 NtCreateFile,	24_2_00775190
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00775270 NtCreateProcessEx,	24_2_00775270
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00776200 NtSetInformationFile,	24_2_00776200
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007752B0 NtCreateSection,	24_2_007752B0
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007763D0 NtSetValueKey,	24_2_007763D0
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00775390 NtDelayExecution,	24_2_00775390
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00776460 NtSuspendThread,	24_2_00776460
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007754E0 NtEnumerateValueKey,	24_2_007754E0
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007754B0 NtEnumerateKey,	24_2_007754B0
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007755E0 NtGetContextThread,	24_2_007755E0
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007765E0 NtWaitForSingleObject,	24_2_007765E0
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00776580 NtUnmapViewOfSection,	24_2_00776580
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00776660 NtWriteVirtualMemory,	24_2_00776660
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00776630 NtWriteFile,	24_2_00776630
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007757F0 NtMapViewOfSection,	24_2_007757F0
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00775860 NtOpenDirectoryObject,	24_2_00775860
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00775960 NtOpenProcessToken,	24_2_00775960
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00775950 NtOpenProcess,	24_2_00775950
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007759D0 NtOpenThread,	24_2_007759D0
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00775AE0 NtProtectVirtualMemory,	24_2_00775AE0
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00775BE0 NtQueryInformationFile,	24_2_00775BE0
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00775C40 NtQueryInformationToken,	24_2_00775C40
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00775D50 NtQuerySection,	24_2_00775D50
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00775E40 NtQueueApcThread,	24_2_00775E40
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00775E20 NtQueryVirtualMemory,	24_2_00775E20
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00775E10 NtQueryValueKey,	24_2_00775E10
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00775EC0 NtReadVirtualMemory,	24_2_00775EC0
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00775E80 NtReadFile,	24_2_00775E80
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00076B50 NtCreateFile,	24_2_00076B50
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00076C00 NtReadFile,	24_2_00076C00
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00076D30 NtAllocateVirtualMemory,	24_2_00076D30
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00076B4A NtCreateFile,	24_2_00076B4A
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00076D2B NtAllocateVirtualMemory,	24_2_00076D2B

Detected potential crypto function

Show sources

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_004078EC	8_2_004078EC
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_004078F0	8_2_004078F0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_0041AA47	8_2_0041AA47
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00419AB3	8_2_00419AB3
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_0041A3B4	8_2_0041A3B4
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_0041ACA0	8_2_0041ACA0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_0041A64A	8_2_0041A64A
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00419E86	8_2_00419E86
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_006D7078	8_2_006D7078
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00727015	8_2_00727015
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_0079B0E7	8_2_0079B0E7
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_007950A5	8_2_007950A5
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_006F3109	8_2_006F3109
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_006F91F7	8_2_006F91F7
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_007372C3	8_2_007372C3
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_006D83EB	8_2_006D83EB
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_0072645A	8_2_0072645A
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_006FC447	8_2_006FC447
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_007A0404	8_2_007A0404
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_006D44FC	8_2_006D44FC
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_007324E1	8_2_007324E1
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_006FE4D7	8_2_006FE4D7
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00796500	8_2_00796500
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_0072B594	8_2_0072B594
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_006E96B9	8_2_006E96B9
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_007036AC	8_2_007036AC
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_007277C8	8_2_007277C8
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_007978EA	8_2_007978EA
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00743951	8_2_00743951
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_006D7078	14_2_006D7078
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00727015	14_2_00727015
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_0079B0E7	14_2_0079B0E7
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_007950A5	14_2_007950A5
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_006F3109	14_2_006F3109
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_006F91F7	14_2_006F91F7
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00792250	14_2_00792250
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_007372C3	14_2_007372C3
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_006D83EB	14_2_006D83EB
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_006FC447	14_2_006FC447
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_0072645A	14_2_0072645A
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_007A0404	14_2_007A0404
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_006D44FC	14_2_006D44FC
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_007324E1	14_2_007324E1
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_006FE4D7	14_2_006FE4D7
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00796500	14_2_00796500
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_0072B594	14_2_0072B594
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_006E96B9	14_2_006E96B9
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_007036AC	14_2_007036AC
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_007277C8	14_2_007277C8
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_007978EA	14_2_007978EA
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_0077C889	14_2_0077C889
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_0074B974	14_2_0074B974
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00743951	14_2_00743951
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_0072595C	14_2_0072595C
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00791907	14_2_00791907
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_007229EE	14_2_007229EE
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_007A4990	14_2_007A4990
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_006F3984	14_2_006F3984
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00729A68	14_2_00729A68
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00722ADC	14_2_00722ADC
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_006F0BFB	14_2_006F0BFB
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00794BBA	14_2_00794BBA
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_006DCBA7	14_2_006DCBA7
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_0073FBA6	14_2_0073FBA6
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_0077DB95	14_2_0077DB95
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00795C56	14_2_00795C56
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_006FDCFB	14_2_006FDCFB
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00735CCD	14_2_00735CCD
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_0077DD51	14_2_0077DD51
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00725DD8	14_2_00725DD8
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_006E0E52	14_2_006E0E52
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_0074AEF5	14_2_0074AEF5
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_006EEEC7	14_2_006EEEC7
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00771F48	14_2_00771F48
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00741FDB	14_2_00741FDB
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_006FDFD4	14_2_006FDFD4
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00727FAB	14_2_00727FAB
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_006D9F90	14_2_006D9F90
Source: C:\Windows\System32\msg.exe	Code function: 15_2_015F3109	15_2_015F3109
Source: C:\Windows\System32\msg.exe	Code function: 15_2_015F91F7	15_2_015F91F7
Source: C:\Windows\System32\msg.exe	Code function: 15_2_015D7078	15_2_015D7078
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01627015	15_2_01627015
Source: C:\Windows\System32\msg.exe	Code function: 15_2_0169B0E7	15_2_0169B0E7
Source: C:\Windows\System32\msg.exe	Code function: 15_2_016950A5	15_2_016950A5
Source: C:\Windows\System32\msg.exe	Code function: 15_2_015D83EB	15_2_015D83EB
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01696500	15_2_01696500
Source: C:\Windows\System32\msg.exe	Code function: 15_2_0162B594	15_2_0162B594
Source: C:\Windows\System32\msg.exe	Code function: 15_2_015FC447	15_2_015FC447
Source: C:\Windows\System32\msg.exe	Code function: 15_2_0162645A	15_2_0162645A
Source: C:\Windows\System32\msg.exe	Code function: 15_2_016A0404	15_2_016A0404
Source: C:\Windows\System32\msg.exe	Code function: 15_2_016324E1	15_2_016324E1
Source: C:\Windows\System32\msg.exe	Code function: 15_2_015FE4D7	15_2_015FE4D7
Source: C:\Windows\System32\msg.exe	Code function: 15_2_015D44FC	15_2_015D44FC
Source: C:\Windows\System32\msg.exe	Code function: 15_2_016277C8	15_2_016277C8
Source: C:\Windows\System32\msg.exe	Code function: 15_2_016036AC	15_2_016036AC
Source: C:\Windows\System32\msg.exe	Code function: 15_2_015E96B9	15_2_015E96B9
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01643951	15_2_01643951
Source: C:\Windows\System32\msg.exe	Code function: 15_2_0162595C	15_2_0162595C
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01691907	15_2_01691907
Source: C:\Windows\System32\msg.exe	Code function: 15_2_016229EE	15_2_016229EE
Source: C:\Windows\System32\msg.exe	Code function: 15_2_015F3984	15_2_015F3984
Source: C:\Windows\System32\msg.exe	Code function: 15_2_016A4990	15_2_016A4990
Source: C:\Windows\System32\msg.exe	Code function: 15_2_016978EA	15_2_016978EA
Source: C:\Windows\System32\msg.exe	Code function: 15_2_015F0BFB	15_2_015F0BFB
Source: C:\Windows\System32\msg.exe	Code function: 15_2_0163FBA6	15_2_0163FBA6
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01694BBA	15_2_01694BBA
Source: C:\Windows\System32\msg.exe	Code function: 15_2_0167DB95	15_2_0167DB95
Source: C:\Windows\System32\msg.exe	Code function: 15_2_015DCBA7	15_2_015DCBA7
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01629A68	15_2_01629A68
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01622ADC	15_2_01622ADC
Source: C:\Windows\System32\msg.exe	Code function: 15_2_0167DD51	15_2_0167DD51
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01625DD8	15_2_01625DD8
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01695C56	15_2_01695C56
Source: C:\Windows\System32\msg.exe	Code function: 15_2_015FDCFB	15_2_015FDCFB
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01635CCD	15_2_01635CCD
Source: C:\Windows\System32\msg.exe	Code function: 15_2_015FDFD4	15_2_015FDFD4
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01627FAB	15_2_01627FAB
Source: C:\Windows\System32\msg.exe	Code function: 15_2_015D9F90	15_2_015D9F90
Source: C:\Windows\System32\msg.exe	Code function: 15_2_015E0E52	15_2_015E0E52
Source: C:\Windows\System32\msg.exe	Code function: 15_2_015EEEC7	15_2_015EEEC7
Source: C:\Windows\System32\msg.exe	Code function: 15_2_0007A64B	15_2_0007A64B
Source: C:\Windows\System32\msg.exe	Code function: 15_2_000678EC	15_2_000678EC
Source: C:\Windows\System32\msg.exe	Code function: 15_2_000678F0	15_2_000678F0
Source: C:\Windows\System32\msg.exe	Code function: 15_2_0007AA47	15_2_0007AA47
Source: C:\Windows\System32\msg.exe	Code function: 15_2_00079AB3	15_2_00079AB3
Source: C:\Windows\System32\msg.exe	Code function: 15_2_0007ACA0	15_2_0007ACA0
Source: C:\Windows\System32\msg.exe	Code function: 15_2_00079E86	15_2_00079E86
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00737078	24_2_00737078
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00787015	24_2_00787015
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007FB0E7	24_2_007FB0E7
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007F50A5	24_2_007F50A5
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00753109	24_2_00753109
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007591F7	24_2_007591F7
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007F2250	24_2_007F2250
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007972C3	24_2_007972C3
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007383EB	24_2_007383EB
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_0078645A	24_2_0078645A
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_0075C447	24_2_0075C447
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00800404	24_2_00800404
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007344FC	24_2_007344FC
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007924E1	24_2_007924E1
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_0075E4D7	24_2_0075E4D7
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007F6500	24_2_007F6500
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_0078B594	24_2_0078B594
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007496B9	24_2_007496B9
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007636AC	24_2_007636AC
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007877C8	24_2_007877C8
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007F78EA	24_2_007F78EA
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007DC889	24_2_007DC889
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007AB974	24_2_007AB974
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00804990	24_2_00804990
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_0078595C	24_2_0078595C
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007A3951	24_2_007A3951
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007F1907	24_2_007F1907
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007829EE	24_2_007829EE
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00753984	24_2_00753984
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00789A68	24_2_00789A68
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00782ADC	24_2_00782ADC
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00750BFB	24_2_00750BFB
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007F4BBA	24_2_007F4BBA
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_0073CBA7	24_2_0073CBA7
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_0079FBA6	24_2_0079FBA6
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007DDB95	24_2_007DDB95
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007F5C56	24_2_007F5C56
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_0075DCFB	24_2_0075DCFB
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00795CCD	24_2_00795CCD
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007DDD51	24_2_007DDD51
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00785DD8	24_2_00785DD8
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00740E52	24_2_00740E52
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007AAEF5	24_2_007AAEF5
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_0074EEC7	24_2_0074EEC7
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007D1F48	24_2_007D1F48
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_0075DFD4	24_2_0075DFD4
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_007A1FDB	24_2_007A1FDB
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00787FAB	24_2_00787FAB
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00739F90	24_2_00739F90
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_0007A64B	24_2_0007A64B
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_000678EC	24_2_000678EC
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_000678F0	24_2_000678F0
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_0007AA47	24_2_0007AA47
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00079AB3	24_2_00079AB3
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_0007ACA0	24_2_0007ACA0
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00079E86	24_2_00079E86

Found potential string decryption / allocating functions

Show sources

Source: C:\Windows\System32\cmmon32.exe	Code function: String function: 00782824 appears 79 times
Source: C:\Windows\System32\cmmon32.exe	Code function: String function: 00751ACE appears 132 times
Source: C:\Windows\System32\cmmon32.exe	Code function: String function: 0074F63B appears 239 times
Source: C:\Windows\System32\cmmon32.exe	Code function: String function: 00763D00 appears 41 times
Source: C:\Windows\System32\cmmon32.exe	Code function: String function: 007CF3E2 appears 83 times
Source: C:\Windows\System32\msg.exe	Code function: String function: 01603D00 appears 38 times
Source: C:\Windows\System32\msg.exe	Code function: String function: 01622824 appears 70 times
Source: C:\Windows\System32\msg.exe	Code function: String function: 0166F3E2 appears 64 times
Source: C:\Windows\System32\msg.exe	Code function: String function: 015F1ACE appears 99 times
Source: C:\Windows\System32\msg.exe	Code function: String function: 015EF63B appears 213 times
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: String function: 0076F3E2 appears 125 times
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: String function: 006F1ACE appears 205 times
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: String function: 006EF63B appears 372 times
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: String function: 007172D0 appears 44 times
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: String function: 00703D00 appears 61 times
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: String function: 00722824 appears 122 times

Reads the hosts file

Show sources

Source: C:\Windows\explorer.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\explorer.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\msg.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Sample file is different than original file name gathered from version info

Show sources

Source: image.exe, 00000000.00000002.1668259647.002A8000.00000004.sdmp	Binary or memory string: OriginalFilenamebnm.exe4 vs image.exe
Source: image.exe, 00000000.00000002.1668108691.00263000.00000004.sdmp	Binary or memory string: OriginalFilenamemscorwks.dllT vs image.exe
Source: image.exe, 00000000.00000002.1669437521.00510000.00000004.sdmp	Binary or memory string: OriginalFilenameRunPEDll.dll2 vs image.exe
Source: image.exe, 00000000.00000002.1669910969.013B0000.00000002.sdmp	Binary or memory string: OriginalFilenamemscorrc.dllT vs image.exe
Source: image.exe, 00000000.00000002.1672009462.02A97000.00000004.sdmp	Binary or memory string: OriginalFilenamestub.exe4 vs image.exe
Source: image.exe	Binary or memory string: OriginalFilenamebnm.exe4 vs image.exe

Sample reads its own file content

Show sources

Source: C:\Users\user\Desktop\image.exe

File read: C:\Users\user\Desktop\image.exe

Jump to behavior

Searches the installation path of Mozilla Firefox

Show sources

Source: C:\Windows\System32\msg.exe

Registry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\43.0.1 (x86 en-US)\Main Install Directory

Jump to behavior

Tries to load missing DLLs

Show sources

Source: C:\Windows\System32\msg.exe	Section loaded: mozglue.dll			Jump to behavior
Source: C:\Windows\System32\msg.exe	Section loaded: winsqlite3.dll			Jump to behavior

Uses reg.exe to modify the Windows registry

Show sources

Source: unknown

Process created: C:\Windows\System32\reg.exe reg add 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run' /f /v 'bnmocxzasa' /d 'cmd /c type 'C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt' | cmd'

PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)

Show sources

Source: image.exe	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: bnmoc.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: certmgrqrj8dx.exe.9.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: certmgrqrj8dx.exe0.9.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: bnmoc.exe.29.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Classification label

Show sources

Source: classification engine

Classification label: mal100.adwa.spyw.evad.winEXE@63/14@6/0

Contains functionality to instantiate COM classes

Show sources

Source: C:\Windows\System32\msg.exe

Code function: 15_2_0006FB80 CoInitialize,CoCreateInstance,OleUninitialize,

15_2_0006FB80

Creates files inside the program directory

Show sources

Source: C:\Windows\explorer.exe

File created: C:\Program Files\Mdxylb

Jump to behavior

Creates files inside the user directory

Show sources

Source: C:\Users\user\Desktop\image.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe

Jump to behavior

Creates temporary files

Show sources

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe

File created: C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt

Jump to behavior

Found command line output

Show sources

Source: C:\Windows\System32\cmd.exe	Console Write: ........P#..........M.i.c.r.o.s.o.f.t. .W.i.n.d.o.w.s. .[.V.e.r.s.i.o.n. .6...1...7.6.0.1.].......Ww4...H...`.....,.....	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Console Write: ............................0.......4....s..........................P......o........\...j.]w...o....t........E.I....l...	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Console Write: ..T...................0.....0.......4....s..................................\...j.]w...o.......o......T.~....,.I....t...	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Console Write: ............................0.......4....s......................................\...j.]w...o...o....x........E.I....p...	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Console Write: ............................0.......4....s..............................C\.wPY.wl..............oh............E.I........	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Console Write: ....................C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.>.........4......w@..Ix.(.....................(...x......wX...	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Console Write: ..T...................0.....0.......4...-s..........................\...........`.(..............((...T.....5...........	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Console Write: ............................0.......4...fs...........................r.P.(.H.....(.P.(..r....oh............E.I........	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Console Write: ....................C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.>.................@..I8......w@..Ix.(.........(...x......wX...	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Console Write: ....................e.x.i.t.........4...rs..........................\...........;..w............P.(.\|.......5...........	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Console Write: ......................0.............4....w..........................D...........!...@@ ....."..m$............FWJ........	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Console Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........t....o/.....V.UJ............t.........WwH...&...`.....,.....	Jump to behavior

PE file has an executable .text section and no other executable section

Show sources

Source: image.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Parts of this applications are using the .NET runtime (Probably coded in C#)

Show sources

Source: C:\Users\user\Desktop\image.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\image.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\Desktop\image.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp

Reads ini files

Show sources

Source: C:\Windows\explorer.exe

File read: C:\Users\user\Searches\desktop.ini

Jump to behavior

Reads software policies

Show sources

Source: C:\Users\user\Desktop\image.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Sample is known by Antivirus

Show sources

Source: image.exe	virustotal: Detection: 72%
Source: image.exe	metadefender: Detection: 56%

Spawns processes

Show sources

Source: unknown	Process created: C:\Users\user\Desktop\image.exe 'C:\Users\user\Desktop\image.exe'
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd
Source: unknown	Process created: C:\Windows\System32\reg.exe reg add 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run' /f /v 'bnmocxzasa' /d 'cmd /c type 'C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt' \| cmd'
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd
Source: unknown	Process created: C:\Windows\System32\reg.exe reg add 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run' /f /v 'bnmocxzasa' /d 'cmd /c type 'C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt' \| cmd'
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'
Source: unknown	Process created: C:\Windows\System32\msg.exe C:\Windows\System32\msg.exe
Source: unknown	Process created: C:\Windows\System32\cmd.exe 'C:\Windows\system32\cmd.exe' /c type C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt \| cmd
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /S /D /c' type C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt '
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd
Source: unknown	Process created: C:\Windows\System32\reg.exe reg add 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run' /f /v 'bnmocxzasa' /d 'cmd /c type 'C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt' \| cmd'
Source: unknown	Process created: C:\Windows\System32\cmmon32.exe C:\Windows\System32\cmmon32.exe
Source: unknown	Process created: C:\Windows\System32\cmd.exe /c del 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'
Source: unknown	Process created: C:\Windows\System32\raserver.exe C:\Windows\System32\raserver.exe
Source: unknown	Process created: C:\Program Files\Mdxylb\certmgrqrj8dx.exe C:\Program Files\Mdxylb\certmgrqrj8dx.exe
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd
Source: unknown	Process created: C:\Windows\System32\reg.exe reg add 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run' /f /v 'bnmocxzasa' /d 'cmd /c type 'C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt' \| cmd'
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'
Source: unknown	Process created: C:\Windows\System32\msdt.exe C:\Windows\System32\msdt.exe
Source: unknown	Process created: C:\Program Files\Mdxylb\certmgrqrj8dx.exe 'C:\Program Files\Mdxylb\certmgrqrj8dx.exe'
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd
Source: C:\Users\user\Desktop\image.exe	Process created: C:\Windows\System32\cmd.exe cmd	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process created: C:\Windows\System32\cmd.exe cmd	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run' /f /v 'bnmocxzasa' /d 'cmd /c type 'C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt' \| cmd'	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\msg.exe C:\Windows\System32\msg.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\cmd.exe 'C:\Windows\system32\cmd.exe' /c type C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt \| cmd	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\cmmon32.exe C:\Windows\System32\cmmon32.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\raserver.exe C:\Windows\System32\raserver.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Program Files\Mdxylb\certmgrqrj8dx.exe C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\msdt.exe C:\Windows\System32\msdt.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Program Files\Mdxylb\certmgrqrj8dx.exe 'C:\Program Files\Mdxylb\certmgrqrj8dx.exe'	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process created: C:\Windows\System32\cmd.exe cmd	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run' /f /v 'bnmocxzasa' /d 'cmd /c type 'C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt' \| cmd'	Jump to behavior
Source: C:\Windows\System32\msg.exe	Process created: C:\Windows\System32\cmd.exe /c del 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'	Jump to behavior
Source: C:\Windows\System32\msg.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /S /D /c' type C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt '	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process created: C:\Windows\System32\cmd.exe cmd	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run' /f /v 'bnmocxzasa' /d 'cmd /c type 'C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt' \| cmd'	Jump to behavior
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process created: C:\Windows\System32\cmd.exe cmd
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process created: C:\Windows\System32\cmd.exe cmd
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run' /f /v 'bnmocxzasa' /d 'cmd /c type 'C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt' \| cmd'
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process created: C:\Windows\System32\cmd.exe cmd
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown

Uses an in-process (OLE) Automation server

Show sources

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InProcServer32

Jump to behavior

Writes ini files

Show sources

Source: C:\Windows\System32\msg.exe

File written: C:\Users\user\AppData\Roaming\K47N66PW\K47logri.ini

Jump to behavior

Found graphical window changes (likely an installer)

Show sources

Source: Window Recorder

Window detected: More than 3 window changes detected

Uses Microsoft Silverlight

Show sources

Source: C:\Users\user\Desktop\image.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Checks if Microsoft Office is installed

Show sources

Source: C:\Windows\System32\msg.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\

Jump to behavior

Creates a directory in C:\Program Files

Show sources

Source: C:\Windows\explorer.exe	Directory created: C:\Program Files\Mdxylb			Jump to behavior
Source: C:\Windows\explorer.exe	Directory created: C:\Program Files\Mdxylb\certmgrqrj8dx.exe			Jump to behavior

PE file contains a COM descriptor data directory

Show sources

Source: image.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Uses new MSVCR Dlls

Show sources

Source: C:\Users\user\Desktop\image.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80.dll

Jump to behavior

Contains modern PE file flags such as dynamic base (ASLR) or NX

Show sources

Source: image.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Binary contains paths to debug symbols

Show sources

Source:	Binary string: cmmon32.pdb source: bnmoc.exe, 00000008.00000002.1737711731.002B4000.00000004.sdmp
Source:	Binary string: cmmon32.pdbr2v source: bnmoc.exe, 00000008.00000002.1737711731.002B4000.00000004.sdmp
Source:	Binary string: msg.pdb source: bnmoc.exe, 0000000E.00000002.1723167362.002E4000.00000004.sdmp
Source:	Binary string: ntdll.pdb source: bnmoc.exe, msg.exe, cmmon32.exe
Source:	Binary string: ntdll.pdb3 source: bnmoc.exe, 00000008.00000003.1672350373.00430000.00000004.sdmp, bnmoc.exe, 0000000E.00000003.1694753168.00430000.00000004.sdmp
Source:	Binary string: objs\libjsoundds\jsoundds.pdb source: explorer.exe, 00000009.00000000.1706215274.0498C000.00000004.sdmp
Source:	Binary string: mscorrc.pdb source: image.exe, 00000000.00000002.1669910969.013B0000.00000002.sdmp, bnmoc.exe, 00000004.00000002.1675328490.005A0000.00000002.sdmp, bnmoc.exe, 0000000A.00000002.1697347055.01410000.00000002.sdmp

Data Obfuscation:

Detected unpacking (creates a PE file in dynamic memory)

Show sources

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Unpacked PE file: 8.2.bnmoc.exe.20000.0.unpack
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Unpacked PE file: 14.2.bnmoc.exe.20000.0.unpack

Uses code obfuscation techniques (call, push, ret)

Show sources

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_004199C5 push eax; ret	8_2_00419A18
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_0040B9A1 push eax; ret	8_2_0040B9A8
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00419A7C push eax; ret	8_2_00419A82
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00419A12 push eax; ret	8_2_00419A18
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00419A1B push eax; ret	8_2_00419A82
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00413A3D push edi; iretd	8_2_00413A3E
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_0041AE22 push ebp; ret	8_2_0041AE23
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_004186E2 push dword ptr [esi-6EDD6829h]; ret	8_2_004186EB
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_0041AF64 push 83D481C5h; ret	8_2_0041AF69
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_0041AF7C push edi; retf	8_2_0041AF7D
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 8_2_00722869 push ecx; ret	8_2_0072287C
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Code function: 14_2_00722869 push ecx; ret	14_2_0072287C
Source: C:\Windows\System32\msg.exe	Code function: 15_2_01622869 push ecx; ret	15_2_0162287C
Source: C:\Windows\System32\msg.exe	Code function: 15_2_0007A3C4 push cs; iretd	15_2_0007A3C5
Source: C:\Windows\System32\msg.exe	Code function: 15_2_000786E2 push dword ptr [esi-6EDD6829h]; ret	15_2_000786EB
Source: C:\Windows\System32\msg.exe	Code function: 15_2_0006B9A1 push eax; ret	15_2_0006B9A8
Source: C:\Windows\System32\msg.exe	Code function: 15_2_000799C5 push eax; ret	15_2_00079A18
Source: C:\Windows\System32\msg.exe	Code function: 15_2_00079A12 push eax; ret	15_2_00079A18
Source: C:\Windows\System32\msg.exe	Code function: 15_2_00079A1B push eax; ret	15_2_00079A82
Source: C:\Windows\System32\msg.exe	Code function: 15_2_00079A7C push eax; ret	15_2_00079A82
Source: C:\Windows\System32\msg.exe	Code function: 15_2_0007AE22 push ebp; ret	15_2_0007AE23
Source: C:\Windows\System32\msg.exe	Code function: 15_2_0007AF64 push 83D481C5h; ret	15_2_0007AF69
Source: C:\Windows\System32\msg.exe	Code function: 15_2_0007AF7C push edi; retf	15_2_0007AF7D
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00782869 push ecx; ret	24_2_0078287C
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_0007A3C4 push cs; iretd	24_2_0007A3C5
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_000786E2 push dword ptr [esi-6EDD6829h]; ret	24_2_000786EB
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_0006B9A1 push eax; ret	24_2_0006B9A8
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_000799C5 push eax; ret	24_2_00079A18
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00079A12 push eax; ret	24_2_00079A18
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00079A1B push eax; ret	24_2_00079A82
Source: C:\Windows\System32\cmmon32.exe	Code function: 24_2_00073A3D push edi; iretd	24_2_00073A3E

Binary may include packed or encrypted code

Show sources

Source: initial sample	Static PE information: section name: .text entropy: 7.38254453232
Source: initial sample	Static PE information: section name: .text entropy: 7.38254453232
Source: initial sample	Static PE information: section name: .text entropy: 7.38254453232
Source: initial sample	Static PE information: section name: .text entropy: 7.38254453232
Source: initial sample	Static PE information: section name: .text entropy: 7.38254453232

Persistence and Installation Behavior:

Uses cmd line tools excessively to alter registry or file data

Show sources

Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe

Drops PE files

Show sources

Source: C:\Windows\explorer.exe	File created: C:\Users\user~1\AppData\Local\Temp\Mdxylb\certmgrqrj8dx.exe	Jump to dropped file
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Jump to dropped file

Boot Survival:

Creates multiple autostart registry keys

Show sources

Source: C:\Windows\System32\msg.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LHD0DBCHQZC			Jump to behavior
Source: C:\Windows\System32\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run bnmocxzasa			Jump to behavior

Drops PE files to the startup folder

Show sources

Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe

Jump to dropped file

Creates a start menu entry (Start Menu\Programs\Startup)

Show sources

Source: C:\Users\user\Desktop\image.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe

Jump to behavior

Stores files to the Windows start menu directory

Show sources

Source: C:\Users\user\Desktop\image.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Jump to behavior
Source: C:\Users\user\Desktop\image.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe\:Zone.Identifier:$DATA	Jump to behavior
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe

Creates an autostart registry key

Show sources

Source: C:\Windows\System32\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run bnmocxzasa	Jump to behavior
Source: C:\Windows\System32\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run bnmocxzasa	Jump to behavior
Source: C:\Windows\System32\msg.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LHD0DBCHQZC	Jump to behavior
Source: C:\Windows\System32\msg.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LHD0DBCHQZC	Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Disables application error messsages (SetErrorMode)

Show sources

Source: C:\Users\user\Desktop\image.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\image.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\image.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\image.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\image.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\image.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\image.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\image.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\image.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\image.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\image.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\image.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\image.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\image.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\image.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\image.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\image.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\image.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\image.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\image.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\image.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\image.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msg.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msg.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Found evasive API chain (may stop execution after checking system information)

Show sources

Source: C:\Windows\System32\cmmon32.exe

Evasive API call chain: NtQuerySystemInformation,DecisionNodes,ExitProcess

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: image.exe, 00000000.00000002.1671280586.01A20000.00000004.sdmp, bnmoc.exe, 00000004.00000002.1676704295.01EA0000.00000004.sdmp, bnmoc.exe, 0000000A.00000002.1699513950.01960000.00000004.sdmp

Binary or memory string: SBIEDLL.DLL

Contains functionality for execution timing, often used to detect debuggers

Show sources

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe

Code function: 8_2_004073E0 rdtsc

8_2_004073E0

Contains long sleeps (>= 3 min)

Show sources

Source: C:\Users\user\Desktop\image.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Thread delayed: delay time: 922337203685477

Enumerates the file system

Show sources

Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Roaming\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Show sources

Source: C:\Users\user\Desktop\image.exe TID: 2304	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe TID: 2368	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 3828	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 3828	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe TID: 1888	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\msg.exe TID: 2240	Thread sleep time: -75000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe TID: 3420	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe TID: 3584	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe TID: 3080	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe TID: 3756	Thread sleep time: -922337203685477s >= -30000s

Sample execution stops while process was sleeping (likely an evasion)

Show sources

Source: C:\Windows\System32\msg.exe

Last function: Thread delayed

May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)

Show sources

Source: explorer.exe, 00000009.00000000.1705084626.04740000.00000004.sdmp

Binary or memory string: vmbusres.dll,

Queries a list of all running processes

Show sources

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging:

Found API chain indicative of debugger detection

Show sources

Source: C:\Windows\System32\cmmon32.exe

Debugger detection routine: NtQueryInformationProcess or NtQuerySystemInformation, DecisionNodes, ExitProcess or Sleep

Checks for debuggers (devices)

Show sources

Source: C:\Windows\explorer.exe	File opened: C:\Windows\WinSxS\FileMaps\users_user_appdata_roaming_microsoft_windows_start_menu_programs_startup_8dae6c61b8a77b32.cdf-ms
Source: C:\Windows\explorer.exe	File opened: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms
Source: C:\Windows\explorer.exe	File opened: C:\Windows\WinSxS\FileMaps\program_files_mdxylb_5f43f4ec563088db.cdf-ms

Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))

Show sources

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe

System information queried: KernelDebuggerInformation

Jump to behavior

Checks if the current process is being debugged

Show sources

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\System32\msg.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\System32\cmmon32.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\System32\raserver.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process queried: DebugPort
Source: C:\Windows\System32\msdt.exe	Process queried: DebugPort

Contains functionality for execution timing, often used to detect debuggers

Show sources

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe

Code function: 8_2_004073E0 rdtsc

8_2_004073E0

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Show sources

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe

Code function: 8_2_00408420 LdrLoadDll,

8_2_00408420

Enables debug privileges

Show sources

Source: C:\Users\user\Desktop\image.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\msg.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\cmmon32.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\raserver.exe	Process token adjusted: Debug
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process token adjusted: Debug
Source: C:\Windows\System32\msdt.exe	Process token adjusted: Debug
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process token adjusted: Debug

Creates guard pages, often used to prevent reverse engineering and debugging

Show sources

Source: C:\Users\user\Desktop\image.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Benign windows process drops PE files

Show sources

Source: C:\Windows\explorer.exe

File created: certmgrqrj8dx.exe.9.dr

Jump to dropped file

Injects a PE file into a foreign processes

Show sources

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Memory written: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Memory written: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Memory written: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Memory written: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe base: 400000 value starts with: 4D5A

Maps a DLL or memory area into another process

Show sources

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe

Section loaded: unknown target pid: 3768 protection: execute and read and write

Jump to behavior

Modifies the context of a thread in another process (thread injection)

Show sources

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Thread register set: target process: 2268	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Thread register set: target process: 3768	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Thread register set: target process: 3768	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Thread register set: target process: 4016	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Thread register set: target process: 3768	Jump to behavior
Source: C:\Windows\System32\msg.exe	Thread register set: target process: 3768	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Thread register set: target process: 1264	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Thread register set: target process: 3768	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Thread register set: target process: 3144
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Thread register set: target process: 3768

Queues an APC in another process (thread injection)

Show sources

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe

Thread APC queued: target process: C:\Windows\explorer.exe

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Show sources

Source: C:\Users\user\Desktop\image.exe	Process created: C:\Windows\System32\cmd.exe cmd	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process created: C:\Windows\System32\cmd.exe cmd	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run' /f /v 'bnmocxzasa' /d 'cmd /c type 'C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt' \| cmd'	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process created: C:\Windows\System32\cmd.exe cmd	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run' /f /v 'bnmocxzasa' /d 'cmd /c type 'C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt' \| cmd'	Jump to behavior
Source: C:\Windows\System32\msg.exe	Process created: C:\Windows\System32\cmd.exe /c del 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'	Jump to behavior
Source: C:\Windows\System32\msg.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /S /D /c' type C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt '	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process created: C:\Windows\System32\cmd.exe cmd	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run' /f /v 'bnmocxzasa' /d 'cmd /c type 'C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt' \| cmd'	Jump to behavior
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process created: C:\Windows\System32\cmd.exe cmd
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process created: C:\Windows\System32\cmd.exe cmd
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run' /f /v 'bnmocxzasa' /d 'cmd /c type 'C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt' \| cmd'
Source: C:\Program Files\Mdxylb\certmgrqrj8dx.exe	Process created: C:\Windows\System32\cmd.exe cmd
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown

May try to detect the Windows Explorer process (often used for injection)

Show sources

Source: explorer.exe, 00000009.00000000.1695133822.00840000.00000002.sdmp	Binary or memory string: Program Manager
Source: explorer.exe, 00000009.00000000.1695133822.00840000.00000002.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000009.00000000.1695133822.00840000.00000002.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000009.00000000.1694243707.0011D000.00000004.sdmp	Binary or memory string: Progmanp

Stealing of Sensitive Information:

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Windows\System32\msg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior
Source: C:\Windows\System32\msg.exe	File opened: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Login Data			Jump to behavior

Tries to steal Mail credentials (via file access)

Show sources

Source: C:\Windows\System32\msg.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

Jump to behavior

Signature Similarity

Sample Distance (10 = nearest)

10 9 8 7 6 5 4 3 2 1

Similar Samples

Samplename	Analysis ID	SHA256	Similarity

Behavior Graph

Simulations

Behavior and APIs

Time	Type	Description
16:37:08	API Interceptor	5232x Sleep call for process: image.exe modified
16:37:09	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe
16:37:10	API Interceptor	8x Sleep call for process: bnmoc.exe modified
16:37:14	API Interceptor	737x Sleep call for process: explorer.exe modified
16:37:23	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run bnmocxzasa cmd /c type C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt \| cmd
16:37:35	API Interceptor	1x Sleep call for process: msg.exe modified
16:37:40	API Interceptor	1x Sleep call for process: cmmon32.exe modified
16:37:49	API Interceptor	1x Sleep call for process: raserver.exe modified
16:38:36	API Interceptor	2x Sleep call for process: certmgrqrj8dx.exe modified
16:38:43	Autostart	Run: HKLM\Software\Microsoft\Windows\CurrentVersion\Run LHD0DBCHQZC C:\Program Files\Mdxylb\certmgrqrj8dx.exe
16:38:49	API Interceptor	1x Sleep call for process: msdt.exe modified

Antivirus Detection

Initial Sample

Source	Detection	Scanner	Label	Link
image.exe	73%	virustotal		Browse
image.exe	57%	metadefender		Browse
image.exe	100%	Avira	TR/Dropper.Gen

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Program Files\Mdxylb\certmgrqrj8dx.exe	100%	Avira	TR/Dropper.Gen
C:\Program Files\Mdxylb\certmgrqrj8dx.exe	100%	Avira	TR/Dropper.Gen
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	100%	Avira	TR/Dropper.Gen
C:\Program Files\Mdxylb\certmgrqrj8dx.exe	73%	virustotal		Browse
C:\Program Files\Mdxylb\certmgrqrj8dx.exe	57%	metadefender		Browse
C:\Users\user~1\AppData\Local\Temp\Mdxylb\certmgrqrj8dx.exe	57%	metadefender		Browse
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe	57%	metadefender		Browse

Unpacked PE Files

Source	Detection	Scanner	Label	Download
37.2.bnmoc.exe.a0000.0.unpack	100%	Avira	HEUR/AGEN.1029316	Download File
14.1.bnmoc.exe.1240000.0.unpack	100%	Avira	HEUR/AGEN.1029316	Download File
10.0.bnmoc.exe.1240000.0.unpack	100%	Avira	HEUR/AGEN.1029316	Download File
29.0.certmgrqrj8dx.exe.1160000.0.unpack	100%	Avira	HEUR/AGEN.1029316	Download File
8.2.bnmoc.exe.1240000.3.unpack	100%	Avira	HEUR/AGEN.1029316	Download File
14.0.bnmoc.exe.1240000.0.unpack	100%	Avira	HEUR/AGEN.1029316	Download File
39.1.certmgrqrj8dx.exe.11c0000.0.unpack	100%	Avira	HEUR/AGEN.1029316	Download File
27.2.bnmoc.exe.400000.1.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
27.2.bnmoc.exe.1240000.3.unpack	100%	Avira	HEUR/AGEN.1029316	Download File
14.2.bnmoc.exe.1240000.3.unpack	100%	Avira	HEUR/AGEN.1029316	Download File
14.2.bnmoc.exe.400000.1.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
8.0.bnmoc.exe.1240000.0.unpack	100%	Avira	HEUR/AGEN.1029316	Download File
37.2.bnmoc.exe.400000.1.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
20.1.bnmoc.exe.1240000.0.unpack	100%	Avira	HEUR/AGEN.1029316	Download File
20.0.bnmoc.exe.1240000.0.unpack	100%	Avira	HEUR/AGEN.1029316	Download File
10.1.bnmoc.exe.1240000.0.unpack	100%	Avira	HEUR/AGEN.1029316	Download File
8.1.bnmoc.exe.1240000.0.unpack	100%	Avira	HEUR/AGEN.1029316	Download File
0.0.image.exe.1350000.0.unpack	100%	Avira	HEUR/AGEN.1029316	Download File
27.0.bnmoc.exe.1240000.0.unpack	100%	Avira	HEUR/AGEN.1029316	Download File
8.2.bnmoc.exe.400000.1.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
27.1.bnmoc.exe.1240000.0.unpack	100%	Avira	HEUR/AGEN.1029316	Download File
32.0.bnmoc.exe.a0000.0.unpack	100%	Avira	HEUR/AGEN.1029316	Download File
4.0.bnmoc.exe.1240000.0.unpack	100%	Avira	HEUR/AGEN.1029316	Download File
4.1.bnmoc.exe.1240000.0.unpack	100%	Avira	HEUR/AGEN.1029316	Download File
29.1.certmgrqrj8dx.exe.1160000.0.unpack	100%	Avira	HEUR/AGEN.1029316	Download File
37.1.bnmoc.exe.a0000.0.unpack	100%	Avira	HEUR/AGEN.1029316	Download File
0.1.image.exe.1350000.0.unpack	100%	Avira	HEUR/AGEN.1029316	Download File
39.0.certmgrqrj8dx.exe.11c0000.0.unpack	100%	Avira	HEUR/AGEN.1029316	Download File
32.1.bnmoc.exe.a0000.0.unpack	100%	Avira	HEUR/AGEN.1029316	Download File
37.0.bnmoc.exe.a0000.0.unpack	100%	Avira	HEUR/AGEN.1029316	Download File

Domains

Source	Detection	Scanner	Link	Download
www.wendihutagaol.com	0%	virustotal	Browse	Download File
www.specialedtutors.com	0%	virustotal	Browse	Download File
www.evcvnymlarked.review	0%	virustotal	Browse	Download File

URLs

No Antivirus matches

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Startup

System is w7_1

image.exe (PID: 2528 cmdline: 'C:\Users\user\Desktop\image.exe' MD5: 287782734F94678617B7028B029320AB)

cmd.exe (PID: 896 cmdline: cmd MD5: AD7B9C14083B52BC532FBA5948342B98)

bnmoc.exe (PID: 396 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe' MD5: 287782734F94678617B7028B029320AB)

cmd.exe (PID: 2860 cmdline: cmd MD5: AD7B9C14083B52BC532FBA5948342B98)

reg.exe (PID: 1908 cmdline: reg add 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run' /f /v 'bnmocxzasa' /d 'cmd /c type 'C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt' | cmd' MD5: D69A9ABBB0D795F21995C2F48C1EB560)

bnmoc.exe (PID: 2268 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe' MD5: 287782734F94678617B7028B029320AB)

explorer.exe (PID: 3768 cmdline: C:\Windows\Explorer.EXE MD5: 6DDCA324434FFA506CF7DC4E51DB7935)

bnmoc.exe (PID: 1868 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe' MD5: 287782734F94678617B7028B029320AB)

cmd.exe (PID: 2908 cmdline: cmd MD5: AD7B9C14083B52BC532FBA5948342B98)

reg.exe (PID: 2932 cmdline: reg add 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run' /f /v 'bnmocxzasa' /d 'cmd /c type 'C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt' | cmd' MD5: D69A9ABBB0D795F21995C2F48C1EB560)

bnmoc.exe (PID: 4016 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe' MD5: 287782734F94678617B7028B029320AB)

msg.exe (PID: 4064 cmdline: C:\Windows\System32\msg.exe MD5: 835982D4DB80A9CC114E34E34E90E2A0)

cmd.exe (PID: 3004 cmdline: /c del 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe' MD5: AD7B9C14083B52BC532FBA5948342B98)

firefox.exe (PID: 524 cmdline: C:\Program Files\Mozilla Firefox\Firefox.exe MD5: 7F0E061F5B6F311013968503D4C1D052)

cmd.exe (PID: 1900 cmdline: 'C:\Windows\system32\cmd.exe' /c type C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt | cmd MD5: AD7B9C14083B52BC532FBA5948342B98)

cmd.exe (PID: 2960 cmdline: C:\Windows\system32\cmd.exe /S /D /c' type C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt ' MD5: AD7B9C14083B52BC532FBA5948342B98)

cmd.exe (PID: 3956 cmdline: cmd MD5: AD7B9C14083B52BC532FBA5948342B98)

bnmoc.exe (PID: 2852 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe MD5: 287782734F94678617B7028B029320AB)

cmd.exe (PID: 1992 cmdline: cmd MD5: AD7B9C14083B52BC532FBA5948342B98)

reg.exe (PID: 1884 cmdline: reg add 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run' /f /v 'bnmocxzasa' /d 'cmd /c type 'C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt' | cmd' MD5: D69A9ABBB0D795F21995C2F48C1EB560)

bnmoc.exe (PID: 1264 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe' MD5: 287782734F94678617B7028B029320AB)

cmmon32.exe (PID: 2360 cmdline: C:\Windows\System32\cmmon32.exe MD5: EA7BAAB0792C846DE451001FAE0FBD5F)

raserver.exe (PID: 2964 cmdline: C:\Windows\System32\raserver.exe MD5: 0842FB9AC27460E2B0107F6B3A872FD5)

certmgrqrj8dx.exe (PID: 1800 cmdline: C:\Program Files\Mdxylb\certmgrqrj8dx.exe MD5: 287782734F94678617B7028B029320AB)

cmd.exe (PID: 1876 cmdline: cmd MD5: AD7B9C14083B52BC532FBA5948342B98)

bnmoc.exe (PID: 2920 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe' MD5: 287782734F94678617B7028B029320AB)

cmd.exe (PID: 1360 cmdline: cmd MD5: AD7B9C14083B52BC532FBA5948342B98)

reg.exe (PID: 2496 cmdline: reg add 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run' /f /v 'bnmocxzasa' /d 'cmd /c type 'C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt' | cmd' MD5: D69A9ABBB0D795F21995C2F48C1EB560)

bnmoc.exe (PID: 3144 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe' MD5: 287782734F94678617B7028B029320AB)

msdt.exe (PID: 3444 cmdline: C:\Windows\System32\msdt.exe MD5: F67A64C46DE10425045AF682802F5BA6)

certmgrqrj8dx.exe (PID: 2352 cmdline: 'C:\Program Files\Mdxylb\certmgrqrj8dx.exe' MD5: 287782734F94678617B7028B029320AB)

cmd.exe (PID: 3416 cmdline: cmd MD5: AD7B9C14083B52BC532FBA5948342B98)

cleanup

Created / dropped Files

C:\Program Files\Mdxylb\certmgrqrj8dx.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Size (bytes):	309760
Entropy (8bit):	7.358279860983715
Encrypted:	false
MD5:	287782734F94678617B7028B029320AB
SHA1:	65A981AA37EB961D93A90CEFCF90560B30137AA4
SHA-256:	1FC2354D39643163CDF9DB2C8859CDDF7F92710495B66C9297F53A36A0F0A95F
SHA-512:	6F1B8DC8910600060FFF2F98BFA54D57BFB893FF3B64B615F99A66DE4571143EE698225DFE6AC35DD2CF688E47B7F5087F13791BBDAC43AE84A0A10191C74FC0
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%, Browse Antivirus: Avira, Detection: 100%, Browse Antivirus: virustotal, Detection: 73%, Browse Antivirus: metadefender, Detection: 57%, Browse

C:\Users\user~1\AppData\Local\Temp\Mdxylb\certmgrqrj8dx.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Size (bytes):	309760
Entropy (8bit):	7.358279860983715
Encrypted:	false
MD5:	287782734F94678617B7028B029320AB
SHA1:	65A981AA37EB961D93A90CEFCF90560B30137AA4
SHA-256:	1FC2354D39643163CDF9DB2C8859CDDF7F92710495B66C9297F53A36A0F0A95F
SHA-512:	6F1B8DC8910600060FFF2F98BFA54D57BFB893FF3B64B615F99A66DE4571143EE698225DFE6AC35DD2CF688E47B7F5087F13791BBDAC43AE84A0A10191C74FC0
Malicious:	true
Antivirus:	Antivirus: metadefender, Detection: 57%, Browse

C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt Download File
Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe
File Type:	ASCII text, with CRLF line terminators
Size (bytes):	103
Entropy (8bit):	4.773222980565118
Encrypted:	false
MD5:	E0CE0B0EDC14B6209A6656C5D2E392E7
SHA1:	10101FDE740B16AAAA9CA1294E45B22DEE29A872
SHA-256:	2F233F11954F6639EFF6249A78EDF640898811C5C69E6296FDF8B2913143755C
SHA-512:	E840E3900E28530CA3647EE3514CCBA20B078635381DECE042EACBCA5A1E578143C084F9E83CBCB1F7894F08089322A016E75027A27BD8DCB1DD8C6EF26F07A8
Malicious:	false

C:\Users\user\AppData\Roaming\K47N66PW\K47logim.jpeg Download File
Process:	C:\Windows\System32\msg.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, frames 3
Size (bytes):	83303
Entropy (8bit):	7.630189055060992
Encrypted:	false
MD5:	E2662C89CAEA5ED6DDB9647CA71FC073
SHA1:	56CF437F1199A497199209BD1CB3E81D74D2B443
SHA-256:	E7D007C705B23F810DE1E9AD1150EE7376AB9C4A624E5AC6B0F60CA7BC0D8E04
SHA-512:	9CAC7903B4586C7A340F7BA861A7B0FD6BA690E38D10F1E7B3B095A7FDB2265A0A000733D4982970F6242058A044DF87C61928093F8EFD20372AF177E0DB1AA5
Malicious:	false

C:\Users\user\AppData\Roaming\K47N66PW\K47logrf.ini Download File
Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	data
Size (bytes):	40
Entropy (8bit):	2.8420918598895937
Encrypted:	false
MD5:	2F245469795B865BDD1B956C23D7893D
SHA1:	6AD80B974D3808F5A20EA1E766C7D2F88B9E5895
SHA-256:	1662D01A2D47B875A34FC7A8CD92E78CB2BA7F34023C7FD2639CBB10B8D94361
SHA-512:	909F189846A5D2DB208A5EB2E7CB3042C0F164CAF437E2B1B6DE608C0A70E4F3510B81B85753DBEEC1E211E6A83E6EA8C96AFF896E9B6E8ED42014473A54DC4F
Malicious:	true

C:\Users\user\AppData\Roaming\K47N66PW\K47logri.ini Download File
Process:	C:\Windows\System32\msg.exe
File Type:	data
Size (bytes):	40
Entropy (8bit):	2.8420918598895937
Encrypted:	false
MD5:	D63A82E5D81E02E399090AF26DB0B9CB
SHA1:	91D0014C8F54743BBA141FD60C9D963F869D76C9
SHA-256:	EAECE2EBA6310253249603033C744DD5914089B0BB26BDE6685EC9813611BAAE
SHA-512:	38AFB05016D8F3C69D246321573997AAAC8A51C34E61749A02BF5E8B2B56B94D9544D65801511044E1495906A86DC2100F2E20FF4FCBED09E01904CC780FDBAD
Malicious:	true

C:\Users\user\AppData\Roaming\K47N66PW\K47logrv.ini Download File
Process:	C:\Windows\System32\msg.exe
File Type:	data
Size (bytes):	40
Entropy (8bit):	2.96096404744368
Encrypted:	false
MD5:	BA3B6BC807D4F76794C4B81B09BB9BA5
SHA1:	24CB89501F0212FF3095ECC0ABA97DD563718FB1
SHA-256:	6EEBF968962745B2E9DE2CA969AF7C424916D4E3FE3CC0BB9B3D414ABFCE9507
SHA-512:	ECD07E601FC9E3CFC39ADDD7BD6F3D7F7FF3253AFB40BF536E9EAAC5A4C243E5EC40FBFD7B216CB0EA29F2517419601E335E33BA19DEA4A46F65E38694D465BF
Malicious:	true

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe Download File
Process:	C:\Program Files\Mdxylb\certmgrqrj8dx.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Size (bytes):	309760
Entropy (8bit):	7.358279860983715
Encrypted:	false
MD5:	287782734F94678617B7028B029320AB
SHA1:	65A981AA37EB961D93A90CEFCF90560B30137AA4
SHA-256:	1FC2354D39643163CDF9DB2C8859CDDF7F92710495B66C9297F53A36A0F0A95F
SHA-512:	6F1B8DC8910600060FFF2F98BFA54D57BFB893FF3B64B615F99A66DE4571143EE698225DFE6AC35DD2CF688E47B7F5087F13791BBDAC43AE84A0A10191C74FC0
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%, Browse Antivirus: metadefender, Detection: 57%, Browse

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe:Zone.Identifier Download File
Process:	C:\Users\user\Desktop\image.exe
File Type:	ASCII text, with CRLF line terminators
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.wendihutagaol.com	unknown	unknown	true	0%, virustotal, Browse	unknown
www.specialedtutors.com	unknown	unknown	true	0%, virustotal, Browse	unknown
www.evcvnymlarked.review	unknown	unknown	true	0%, virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://search.chol.com/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.mercadolivre.com.br/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.merlin.com.pl/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://search.ebay.de/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.mtv.com/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.rambler.ru/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.nifty.com/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.dailymail.co.uk/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www3.fnac.com/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://buscar.ya.com/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://search.yahoo.com/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.sogou.com/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://asp.usatoday.com/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://fr.search.yahoo.com/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://rover.ebay.com	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://in.search.yahoo.com/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://img.shopzilla.com/shopzilla/shopzilla.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://crl.microso	explorer.exe, 00000009.00000000.1703078184.02CBA000.00000004.sdmp	false	high
http://search.ebay.in/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://image.excite.co.jp/jp/favicon/lep.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.autoitscript.com/autoit3	explorer.exe, 00000009.00000000.1694243707.0011D000.00000004.sdmp	false	high
http://%s.com	explorer.exe, 00000009.00000000.1692977138.06EE0000.00000008.sdmp	false	high
http://msk.afisha.ru/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://busca.igbusca.com.br//app/static/images/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://search.rediff.com/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.ya.com/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.etmall.com.tw/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://it.search.dada.net/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://search.naver.com/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.google.ru/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://search.hanafos.com/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://cgi.search.biglobe.ne.jp/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.abril.com.br/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://search.daum.net/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://search.naver.com/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://search.msn.co.jp/results.aspx?q=	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.clarin.com/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://buscar.ozu.es/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://kr.search.yahoo.com/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://search.about.com/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://busca.igbusca.com.br/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.ask.com/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.priceminister.com/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.cjmall.com/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://search.centrum.cz/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://suche.t-online.de/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.google.it/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://search.auction.co.kr/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.ceneo.pl/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.amazon.de/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://sads.myspace.com/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://busca.buscape.com.br/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.pchome.com.tw/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://browse.guardian.co.uk/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://google.pchome.com.tw/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://list.taobao.com/browse/search_visual.htm?n=15&q=	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.rambler.ru/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://uk.search.yahoo.com/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://espanol.search.yahoo.com/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.ozu.es/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://search.sify.com/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://openimage.interpark.com/interpark.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://search.yahoo.co.jp/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://search.ebay.com/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.gmarket.co.kr/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://search.nifty.com/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://searchresults.news.com.au/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.google.si/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.google.cz/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.soso.com/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.univision.com/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://search.ebay.it/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://images.joins.com/ui_c/fvc_joins.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.asharqalawsat.com/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://busca.orange.es/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://cnweb.search.live.com/results.aspx?q=	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://auto.search.msn.com/response.asp?MT=	explorer.exe, 00000009.00000000.1692977138.06EE0000.00000008.sdmp	false	high
http://search.yahoo.co.jp	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.target.com/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://buscador.terra.es/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://search.orange.co.uk/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.iask.com/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.tesco.com/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://cgi.search.biglobe.ne.jp/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://search.seznam.cz/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://suche.freenet.de/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://search.interpark.com/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://search.ipop.co.kr/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://search.espn.go.com/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.d-trust.ne	explorer.exe, 00000009.00000000.1706215274.0498C000.00000004.sdmp	false	high
http://www.myspace.com/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://search.centrum.cz/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://p.zhongsou.com/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://service2.bfast.com/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.%s.comPA	explorer.exe, 00000009.00000000.1698938326.02080000.00000008.sdmp	false	high
http://ariadna.elmundo.es/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.news.com.au/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.cdiscount.com/	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high
http://www.tiscali.it/favicon.ico	explorer.exe, 00000009.00000000.1693148616.06F99000.00000008.sdmp	false	high

Contacted IPs

No contacted IP infos

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.358279860983715
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	image.exe
File size:	309760
MD5:	287782734f94678617b7028b029320ab
SHA1:	65a981aa37eb961d93a90cefcf90560b30137aa4
SHA256:	1fc2354d39643163cdf9db2c8859cddf7f92710495b66c9297f53a36a0f0a95f
SHA512:	6f1b8dc8910600060fff2f98bfa54d57bfb893ff3b64b615f99a66de4571143ee698225dfe6ac35dd2cf688e47b7f5087f13791bbdac43ae84a0a10191c74fc0
SSDEEP:	6144:0sfrsfhibr/SguQAsJ1/y3UN8Xu8D5N1QSrziG0eXm7:lsfSSgUKNSvQWhm
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[............................^.... ........@.. ....................... ............@................................

File Icon


Icon Hash:	aab2e3e39383aa00

Static PE Info

General
Entrypoint:	0x44c35e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE
DLL Characteristics:	NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x5B35B48C [Fri Jun 29 04:24:44 2018 UTC]
TLS Callbacks:
CLR (.Net) Version:	v2.0.50727
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x4c304	0x57	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x4e000	0x1000	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x50000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x4a364	0x4a400	False	0.740122579966	data	7.38254453232	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rsrc	0x4e000	0x1000	0x1000	False	0.0751953125	data	0.65431333765	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x50000	0xc	0x200	False	0.044921875	data	0.101910425663	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_VERSION	0x4e058	0x234	data

Imports

DLL	Import
mscoree.dll	_CorExeMain

Version Infos

Description	Data
Translation	0x0000 0x04b0
LegalCopyright
Assembly Version	0.0.0.0
InternalName	bnm.exe
FileVersion	0.0.0.0
ProductVersion	0.0.0.0
FileDescription
OriginalFilename	bnm.exe

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 13, 2019 16:37:49.322345972 CET	51176	53	192.168.1.16	8.8.8.8
Feb 13, 2019 16:37:49.355587959 CET	53	51176	8.8.8.8	192.168.1.16
Feb 13, 2019 16:38:09.438657045 CET	49810	53	192.168.1.16	8.8.8.8
Feb 13, 2019 16:38:10.432919979 CET	49810	53	192.168.1.16	8.8.8.8
Feb 13, 2019 16:38:10.446954012 CET	53	49810	8.8.8.8	192.168.1.16
Feb 13, 2019 16:38:33.994622946 CET	55151	53	192.168.1.16	8.8.8.8
Feb 13, 2019 16:38:34.033061028 CET	53	55151	8.8.8.8	192.168.1.16
Feb 13, 2019 16:38:36.260667086 CET	53216	53	192.168.1.16	8.8.8.8
Feb 13, 2019 16:38:37.245091915 CET	53216	53	192.168.1.16	8.8.8.8
Feb 13, 2019 16:38:37.257396936 CET	53	53216	8.8.8.8	192.168.1.16

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 13, 2019 16:37:49.322345972 CET	51176	53	192.168.1.16	8.8.8.8
Feb 13, 2019 16:37:49.355587959 CET	53	51176	8.8.8.8	192.168.1.16
Feb 13, 2019 16:38:09.438657045 CET	49810	53	192.168.1.16	8.8.8.8
Feb 13, 2019 16:38:10.432919979 CET	49810	53	192.168.1.16	8.8.8.8
Feb 13, 2019 16:38:10.446954012 CET	53	49810	8.8.8.8	192.168.1.16
Feb 13, 2019 16:38:33.994622946 CET	55151	53	192.168.1.16	8.8.8.8
Feb 13, 2019 16:38:34.033061028 CET	53	55151	8.8.8.8	192.168.1.16
Feb 13, 2019 16:38:36.260667086 CET	53216	53	192.168.1.16	8.8.8.8
Feb 13, 2019 16:38:37.245091915 CET	53216	53	192.168.1.16	8.8.8.8
Feb 13, 2019 16:38:37.257396936 CET	53	53216	8.8.8.8	192.168.1.16

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Feb 13, 2019 16:37:49.322345972 CET	192.168.1.16	8.8.8.8	0x42ce	Standard query (0)	www.evcvnymlarked.review	A (IP address)	IN (0x0001)
Feb 13, 2019 16:38:09.438657045 CET	192.168.1.16	8.8.8.8	0x8828	Standard query (0)	www.wendihutagaol.com	A (IP address)	IN (0x0001)
Feb 13, 2019 16:38:10.432919979 CET	192.168.1.16	8.8.8.8	0x8828	Standard query (0)	www.wendihutagaol.com	A (IP address)	IN (0x0001)
Feb 13, 2019 16:38:33.994622946 CET	192.168.1.16	8.8.8.8	0xa314	Standard query (0)	www.specialedtutors.com	A (IP address)	IN (0x0001)
Feb 13, 2019 16:38:36.260667086 CET	192.168.1.16	8.8.8.8	0x5279	Standard query (0)	www.specialedtutors.com	A (IP address)	IN (0x0001)
Feb 13, 2019 16:38:37.245091915 CET	192.168.1.16	8.8.8.8	0x5279	Standard query (0)	www.specialedtutors.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Feb 13, 2019 16:37:49.355587959 CET	8.8.8.8	192.168.1.16	0x42ce	Name error (3)	www.evcvnymlarked.review	none	none	A (IP address)	IN (0x0001)
Feb 13, 2019 16:38:10.446954012 CET	8.8.8.8	192.168.1.16	0x8828	No error (0)	www.wendihutagaol.com	ghs.google.com		CNAME (Canonical name)	IN (0x0001)
Feb 13, 2019 16:38:34.033061028 CET	8.8.8.8	192.168.1.16	0xa314	Name error (3)	www.specialedtutors.com	none	none	A (IP address)	IN (0x0001)
Feb 13, 2019 16:38:37.257396936 CET	8.8.8.8	192.168.1.16	0x5279	Name error (3)	www.specialedtutors.com	none	none	A (IP address)	IN (0x0001)

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: image.exe PID: 2528 Parent PID: 1792

General

Start time:	16:37:07
Start date:	13/02/2019
Path:	C:\Users\user\Desktop\image.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Desktop\image.exe'
Imagebase:	0x1350000
File size:	309760 bytes
MD5 hash:	287782734F94678617B7028B029320AB
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	low

Chronological Activities

Analysis Process: cmd.exe PID: 896 Parent PID: 2528

General

Start time:	16:37:09
Start date:	13/02/2019
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd
Imagebase:	0x4a2a0000
File size:	302592 bytes
MD5 hash:	AD7B9C14083B52BC532FBA5948342B98
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: bnmoc.exe PID: 396 Parent PID: 896

General

Start time:	16:37:09
Start date:	13/02/2019
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'
Imagebase:	0x1240000
File size:	309760 bytes
MD5 hash:	287782734F94678617B7028B029320AB
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Antivirus matches:	Detection: 100%, Avira, Browse Detection: 57%, metadefender, Browse
Reputation:	low

Chronological Activities

Analysis Process: cmd.exe PID: 2860 Parent PID: 396

General

Start time:	16:37:11
Start date:	13/02/2019
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd
Imagebase:	0x4a2d0000
File size:	302592 bytes
MD5 hash:	AD7B9C14083B52BC532FBA5948342B98
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: reg.exe PID: 1908 Parent PID: 2860

General

Start time:	16:37:11
Start date:	13/02/2019
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run' /f /v 'bnmocxzasa' /d 'cmd /c type 'C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt' \| cmd'
Imagebase:	0xfd0000
File size:	62464 bytes
MD5 hash:	D69A9ABBB0D795F21995C2F48C1EB560
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: bnmoc.exe PID: 2268 Parent PID: 396

General

Start time:	16:37:11
Start date:	13/02/2019
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'
Imagebase:	0x1240000
File size:	309760 bytes
MD5 hash:	287782734F94678617B7028B029320AB
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: explorer.exe PID: 3768 Parent PID: 2268

General

Start time:	16:37:13
Start date:	13/02/2019
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x560000
File size:	2972672 bytes
MD5 hash:	6DDCA324434FFA506CF7DC4E51DB7935
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: bnmoc.exe PID: 1868 Parent PID: 3768

General

Start time:	16:37:18
Start date:	13/02/2019
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'
Imagebase:	0x1240000
File size:	309760 bytes
MD5 hash:	287782734F94678617B7028B029320AB
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	low

Chronological Activities

Analysis Process: cmd.exe PID: 2908 Parent PID: 1868

General

Start time:	16:37:20
Start date:	13/02/2019
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd
Imagebase:	0x4a610000
File size:	302592 bytes
MD5 hash:	AD7B9C14083B52BC532FBA5948342B98
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: reg.exe PID: 2932 Parent PID: 2908

General

Start time:	16:37:20
Start date:	13/02/2019
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run' /f /v 'bnmocxzasa' /d 'cmd /c type 'C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt' \| cmd'
Imagebase:	0x6a0000
File size:	62464 bytes
MD5 hash:	D69A9ABBB0D795F21995C2F48C1EB560
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: bnmoc.exe PID: 4016 Parent PID: 1868

General

Start time:	16:37:21
Start date:	13/02/2019
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'
Imagebase:	0x1240000
File size:	309760 bytes
MD5 hash:	287782734F94678617B7028B029320AB
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: msg.exe PID: 4064 Parent PID: 3768

General

Start time:	16:37:29
Start date:	13/02/2019
Path:	C:\Windows\System32\msg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\msg.exe
Imagebase:	0x9c0000
File size:	24576 bytes
MD5 hash:	835982D4DB80A9CC114E34E34E90E2A0
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: cmd.exe PID: 1900 Parent PID: 3768

General

Start time:	16:37:31
Start date:	13/02/2019
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	'C:\Windows\system32\cmd.exe' /c type C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt \| cmd
Imagebase:	0x49d20000
File size:	302592 bytes
MD5 hash:	AD7B9C14083B52BC532FBA5948342B98
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 2960 Parent PID: 1900

General

Start time:	16:37:31
Start date:	13/02/2019
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /S /D /c' type C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt '
Imagebase:	0x49d20000
File size:	302592 bytes
MD5 hash:	AD7B9C14083B52BC532FBA5948342B98
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 3956 Parent PID: 1900

General

Start time:	16:37:31
Start date:	13/02/2019
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd
Imagebase:	0x49d20000
File size:	302592 bytes
MD5 hash:	AD7B9C14083B52BC532FBA5948342B98
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: bnmoc.exe PID: 2852 Parent PID: 3956

General

Start time:	16:37:31
Start date:	13/02/2019
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe
Imagebase:	0x1240000
File size:	309760 bytes
MD5 hash:	287782734F94678617B7028B029320AB
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	low

Chronological Activities

Analysis Process: cmd.exe PID: 1992 Parent PID: 2852

General

Start time:	16:37:34
Start date:	13/02/2019
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd
Imagebase:	0x4a550000
File size:	302592 bytes
MD5 hash:	AD7B9C14083B52BC532FBA5948342B98
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: reg.exe PID: 1884 Parent PID: 1992

General

Start time:	16:37:34
Start date:	13/02/2019
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run' /f /v 'bnmocxzasa' /d 'cmd /c type 'C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt' \| cmd'
Imagebase:	0xa00000
File size:	62464 bytes
MD5 hash:	D69A9ABBB0D795F21995C2F48C1EB560
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: cmmon32.exe PID: 2360 Parent PID: 3768

General

Start time:	16:37:34
Start date:	13/02/2019
Path:	C:\Windows\System32\cmmon32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\cmmon32.exe
Imagebase:	0xef0000
File size:	43008 bytes
MD5 hash:	EA7BAAB0792C846DE451001FAE0FBD5F
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: cmd.exe PID: 3004 Parent PID: 4064

General

Start time:	16:37:35
Start date:	13/02/2019
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	/c del 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'
Imagebase:	0x4a550000
File size:	302592 bytes
MD5 hash:	AD7B9C14083B52BC532FBA5948342B98
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: bnmoc.exe PID: 1264 Parent PID: 2852

General

Start time:	16:37:40
Start date:	13/02/2019
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'
Imagebase:	0x1240000
File size:	309760 bytes
MD5 hash:	287782734F94678617B7028B029320AB
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: raserver.exe PID: 2964 Parent PID: 3768

General

Start time:	16:37:42
Start date:	13/02/2019
Path:	C:\Windows\System32\raserver.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\raserver.exe
Imagebase:	0xc70000
File size:	101888 bytes
MD5 hash:	0842FB9AC27460E2B0107F6B3A872FD5
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: certmgrqrj8dx.exe PID: 1800 Parent PID: 3768

General

Start time:	16:38:34
Start date:	13/02/2019
Path:	C:\Program Files\Mdxylb\certmgrqrj8dx.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Mdxylb\certmgrqrj8dx.exe
Imagebase:	0x1160000
File size:	309760 bytes
MD5 hash:	287782734F94678617B7028B029320AB
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Antivirus matches:	Detection: 100%, Avira, Browse Detection: 100%, Avira, Browse Detection: 73%, virustotal, Browse Detection: 57%, metadefender, Browse
Reputation:	low

Chronological Activities

Analysis Process: cmd.exe PID: 1876 Parent PID: 1800

General

Start time:	16:38:36
Start date:	13/02/2019
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd
Imagebase:	0x4a4b0000
File size:	302592 bytes
MD5 hash:	AD7B9C14083B52BC532FBA5948342B98
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: bnmoc.exe PID: 2920 Parent PID: 1876

General

Start time:	16:38:36
Start date:	13/02/2019
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'
Imagebase:	0xa0000
File size:	309760 bytes
MD5 hash:	287782734F94678617B7028B029320AB
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	low

Chronological Activities

Analysis Process: cmd.exe PID: 1360 Parent PID: 2920

General

Start time:	16:38:41
Start date:	13/02/2019
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd
Imagebase:	0x4a400000
File size:	302592 bytes
MD5 hash:	AD7B9C14083B52BC532FBA5948342B98
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: reg.exe PID: 2496 Parent PID: 1360

General

Start time:	16:38:41
Start date:	13/02/2019
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run' /f /v 'bnmocxzasa' /d 'cmd /c type 'C:\Users\user\AppData\Local\Temp\bnmocxzasa.txt' \| cmd'
Imagebase:	0xbb0000
File size:	62464 bytes
MD5 hash:	D69A9ABBB0D795F21995C2F48C1EB560
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: firefox.exe PID: 524 Parent PID: 4064

General

Start time:	16:38:42
Start date:	13/02/2019
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Mozilla Firefox\Firefox.exe
Imagebase:	0x9a0000
File size:	392872 bytes
MD5 hash:	7F0E061F5B6F311013968503D4C1D052
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: bnmoc.exe PID: 3144 Parent PID: 2920

General

Start time:	16:38:43
Start date:	13/02/2019
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnmoc.exe'
Imagebase:	0xa0000
File size:	309760 bytes
MD5 hash:	287782734F94678617B7028B029320AB
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: msdt.exe PID: 3444 Parent PID: 3768

General

Start time:	16:38:45
Start date:	13/02/2019
Path:	C:\Windows\System32\msdt.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\msdt.exe
Imagebase:	0xb30000
File size:	983040 bytes
MD5 hash:	F67A64C46DE10425045AF682802F5BA6
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: certmgrqrj8dx.exe PID: 2352 Parent PID: 3768

General

Start time:	16:38:52
Start date:	13/02/2019
Path:	C:\Program Files\Mdxylb\certmgrqrj8dx.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Mdxylb\certmgrqrj8dx.exe'
Imagebase:	0x11c0000
File size:	309760 bytes
MD5 hash:	287782734F94678617B7028B029320AB
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Chronological Activities

Analysis Process: cmd.exe PID: 3416 Parent PID: 2352

General

Start time:	16:38:54
Start date:	13/02/2019
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd
Imagebase:	0x4a580000
File size:	302592 bytes
MD5 hash:	AD7B9C14083B52BC532FBA5948342B98
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: bnmoc.exe PID: 2268 Parent PID: 396 bnmoc.exeUNIQUE

Execution Graph

Execution Coverage:	2.5%
Dynamic/Decrypted Code Coverage:	2.9%
Signature Coverage:	6.5%
Total number of Nodes:	491
Total number of Limit Nodes:	61

Executed Functions

Function 00416D2B, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30
memorynativeCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E00416D2B(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, char _a24, long _a28, intOrPtr _a1434652350) {
				long _t15;
				void* _t22;
				void* _t26;
				void* _t27;

				_t27 = _t26 + _a1434652350;
				_push(_t27);
				_t11 = _a4;
				_t4 = _t11 + 0xc58; // 0xc98
				E004174A0(_t22, _a4, _t4,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t6 =  &_a24; // 0x417644
				_t15 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20,  *_t6, _a28); // executed
				return _t15;
			}

0x00416d2b
0x00416d30
0x00416d33
0x00416d3f
0x00416d47
0x00416d4f
0x00416d69
0x00416d6d

APIs

NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,DvA,?,00000000,?,00003000,00000040,00000000,00000000,00407783), ref: 00416D69

Strings

DvA, xrefs: 00416D4F, 00416D5C

Memory Dump Source

Source File: 00000008.00000002.1737773117.00400000.00000040.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_bnmoc.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID: DvA
API String ID: 2167126740-4033631096
Opcode ID: 94208b693c48f3c02fa273950199e30b720e31969ba027b70396366d4b60460c
Instruction ID: 788fa35c1c2a6b970203cfebfce28dd947b82948a84630898cceaa281895ec9d
Opcode Fuzzy Hash: 94208b693c48f3c02fa273950199e30b720e31969ba027b70396366d4b60460c
Instruction Fuzzy Hash: 59F0F2B6214208ABCB18DF89CC81EEB77ADAF88354F018149BE1997341D630F950CBA4

Uniqueness

Uniqueness Score: 0.16%

Function 00416D30, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30
memorynativeCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00416D30(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, char _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc58; // 0xc98
				E004174A0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t5 =  &_a24; // 0x417644
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20,  *_t5, _a28); // executed
				return _t14;
			}

0x00416d3f
0x00416d47
0x00416d4f
0x00416d69
0x00416d6d

APIs

NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,DvA,?,00000000,?,00003000,00000040,00000000,00000000,00407783), ref: 00416D69

Strings

DvA, xrefs: 00416D4F, 00416D5C

Memory Dump Source

Source File: 00000008.00000002.1737773117.00400000.00000040.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_bnmoc.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID: DvA
API String ID: 2167126740-4033631096
Opcode ID: 0a05ee2b7fe0866ad4b14cf9f905fbe1fa9731d3c59323f66438c1333240966e
Instruction ID: a1cd83b9355041a363a65f5f70bb13b1b2a4d884d05ebbb9fbe0c38955963133
Opcode Fuzzy Hash: 0a05ee2b7fe0866ad4b14cf9f905fbe1fa9731d3c59323f66438c1333240966e
Instruction Fuzzy Hash: C2F015B6210208ABCB14DF89CC81EEB77ADAF88754F018149BE0997241C630F850CBA4

Uniqueness

Uniqueness Score: 0.16%

Function 00408420, Relevance: 1.5, APIs: 1, Instructions: 48
libraryloaderCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 93%

			E00408420(void* _a4, intOrPtr _a8) {
				intOrPtr* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				intOrPtr* _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_t24 = _a8;
				_v8 =  &_v536;
				_t15 = E00419160( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_push(_v8);
					_t17 = E00419580(_v8, _t24, __eflags);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E00419800(_t17,  &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E004179B0(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}

0x00408429
0x0040843c
0x0040843f
0x00408444
0x00408449
0x00408452
0x00408453
0x00408458
0x0040845b
0x0040845d
0x00408465
0x0040846a
0x0040846a
0x00408471
0x00408479
0x0040847c
0x0040847e
0x00408492
0x00000000
0x00408494
0x0040849a
0x0040844e
0x0040844e
0x0040844e

APIs

LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00408492

Memory Dump Source

Source File: 00000008.00000002.1737773117.00400000.00000040.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_bnmoc.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: b3b34b47e0dc5e907f57f4ed0efc9817218af35f32adb8d89895888b6ea7948c
Instruction ID: 8bd2afa6afb54e1d3ffde7fad7ab43dfa2b82a9d154af48fc3d2298e1908ab75
Opcode Fuzzy Hash: b3b34b47e0dc5e907f57f4ed0efc9817218af35f32adb8d89895888b6ea7948c
Instruction Fuzzy Hash: E60152B5D0010EBBDB10DBE5DD42FDEB7789B54308F0041A9E908A7281FA75EB58CB55

Uniqueness

Uniqueness Score: 0.03%

Function 00416B50, Relevance: 1.5, APIs: 1, Instructions: 40
filenativeCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00416B50(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc38; // 0xc38
				E004174A0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}

0x00416b5f
0x00416b67
0x00416b9d
0x00416ba1

APIs

NtCreateFile.NTDLL(00000060,00407783,?,00411FE7,00407783,FFFFFFFF,?,?,FFFFFFFF,00407783,00411FE7,?,00407783,00000060,00000000,00000000), ref: 00416B9D

Memory Dump Source

Source File: 00000008.00000002.1737773117.00400000.00000040.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_bnmoc.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 0ba49f2cc57004340c20390c8c504d427266341db59bf2cf14fd944458bd4fb8
Instruction ID: 6d234286df0bc5760579aec85cf79191bfe803853d29d02a3899f311b6b07e83
Opcode Fuzzy Hash: 0ba49f2cc57004340c20390c8c504d427266341db59bf2cf14fd944458bd4fb8
Instruction Fuzzy Hash: BEF0C4B2214208AFCB48DF89DC85EEB77EDAF8C754F018248BA0D97241D630F851CBA4

Uniqueness

Uniqueness Score: 0.01%

Function 00416B4A, Relevance: 1.5, APIs: 1, Instructions: 38
filenativeCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 79%

			E00416B4A(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t32;

				_t15 = _a4;
				_push(0xde35f9ae);
				_t3 = _t15 + 0xc38; // 0xc38
				E004174A0(_t32, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}

0x00416b53
0x00416b59
0x00416b5f
0x00416b67
0x00416b9d
0x00416ba1

APIs

NtCreateFile.NTDLL(00000060,00407783,?,00411FE7,00407783,FFFFFFFF,?,?,FFFFFFFF,00407783,00411FE7,?,00407783,00000060,00000000,00000000), ref: 00416B9D

Memory Dump Source

Source File: 00000008.00000002.1737773117.00400000.00000040.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_bnmoc.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 7f4c3111969b2fecd79312ea26d7c2f32d55bb000084d651b5decb17bffef5a9
Instruction ID: e67058110e09ce1df30c78e713d694f6ea5069b6d84f9b498f16f9bb2be815ba
Opcode Fuzzy Hash: 7f4c3111969b2fecd79312ea26d7c2f32d55bb000084d651b5decb17bffef5a9
Instruction Fuzzy Hash: 2FF037B2214149ABCB08DF98D884CEB77ADEF8C314B05864DFA4D93202D634EC51CBA0

Uniqueness

Uniqueness Score: 0.01%

Function 00416C00, Relevance: 1.5, APIs: 1, Instructions: 36
filenativeCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 37%

			E00416C00(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				void* _t28;
				intOrPtr* _t29;
				void* _t31;

				_t13 = _a4;
				_t29 = _a4 + 0xc40;
				E004174A0(_t27, _t13, _t29,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t18 =  *((intOrPtr*)( *_t29))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _t28, _t31); // executed
				return _t18;
			}

0x00416c03
0x00416c0f
0x00416c17
0x00416c45
0x00000000

APIs

NtReadFile.NTDLL(004121A2,5EAE521D,FFFFFFFF,00411E61,?,?,004121A2,?,00411E61,FFFFFFFF,5EAE521D,004121A2,?,00000000), ref: 00416C45

Memory Dump Source

Source File: 00000008.00000002.1737773117.00400000.00000040.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_bnmoc.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 95f1c6039904784f860925e592b8e489dce198337c553551a197f5f7d0add1dd
Instruction ID: be7848bc2954ea4e547be3e7bce6b444d5c8f4d9e5e0456886d15b5ad062c139
Opcode Fuzzy Hash: 95f1c6039904784f860925e592b8e489dce198337c553551a197f5f7d0add1dd
Instruction Fuzzy Hash: 52F0A4B2210208ABCB14DF89DC81EEB77ADAF8C754F158249BA1D97251D630E8118BA4

Uniqueness

Uniqueness Score: 0.01%

Function 00716070, Relevance: 1.5, APIs: 1, Instructions: 4nativethreadCOMMON

APIs

NtResumeThread.NTDLL ref: 0071607A

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 080925e694d01524c80d5f4b377ba9f9c7a2dc39432941c9a598def017c83e2a
Instruction ID: 756002dfa67ab6072fb7eb23fcd431384ba8e9d222e798093112385a1dd8c2de
Opcode Fuzzy Hash: 080925e694d01524c80d5f4b377ba9f9c7a2dc39432941c9a598def017c83e2a
Instruction Fuzzy Hash: 2EA02230A0000003CB82AA28C00828BF280EBE0302F0280A020008B008C020C8AAC320

Uniqueness

Uniqueness Score: 0.03%

Function 00716130, Relevance: 1.5, APIs: 1, Instructions: 4nativethreadCOMMON

APIs

NtSetContextThread.NTDLL ref: 0071613A

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: c178acdfe4dd67e048efb9f737dcb3fda63236469f66e23bfd8c1f6edbb74fa1
Instruction ID: 17512038b85279266ef17e1f14b8afea38d99825f2e6a32e5bbd068d49b6f799
Opcode Fuzzy Hash: c178acdfe4dd67e048efb9f737dcb3fda63236469f66e23bfd8c1f6edbb74fa1
Instruction Fuzzy Hash: 2CA0223020000003C380AE22C00820AB300EBA2302FA080A0A0008A208C020C88AC320

Uniqueness

Uniqueness Score: 0.04%

Function 00715190, Relevance: 1.5, APIs: 1, Instructions: 4filenativeCOMMON

APIs

NtCreateFile.NTDLL ref: 0071519A

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 11fda27dc496acbe6be9b5f481032f1bdb4f735730f26205e12126879a017f35
Instruction ID: b976461eebfec031f740e295ca302338c670d34dd5ee139811e2fffa04d00f7b
Opcode Fuzzy Hash: 11fda27dc496acbe6be9b5f481032f1bdb4f735730f26205e12126879a017f35
Instruction Fuzzy Hash: E4A022B0300000C3C3008A38C008B023280EBC0302F8280A030028A00AC0288CA28328

Uniqueness

Uniqueness Score: 0.01%

Function 007152B0, Relevance: 1.5, APIs: 1, Instructions: 4nativeCOMMON

APIs

NtCreateSection.NTDLL ref: 007152BA

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID: CreateSection
String ID:
API String ID: 2449625523-0
Opcode ID: 8645af1229857263bfe64f5efa26a9e0459778808bbda0dd2138edb0579ffb99
Instruction ID: fe69778134c3dabfb7b406b27c34eaf9ee3ee8b13530447927d9323eedccd540
Opcode Fuzzy Hash: 8645af1229857263bfe64f5efa26a9e0459778808bbda0dd2138edb0579ffb99
Instruction Fuzzy Hash: 8AA02230A00802EBCB00CB20C008B032280CBB230BF0080A020028A00AC230C8C8EF20

Uniqueness

Uniqueness Score: 0.02%

Function 00715390, Relevance: 1.5, APIs: 1, Instructions: 4nativeCOMMON

APIs

NtDelayExecution.NTDLL ref: 0071539A

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID: DelayExecution
String ID:
API String ID: 1249177460-0
Opcode ID: a0c3ceedbcd9e8c26f1f3f51ac5fd3b8bd1a41d9401ac76eb5425c1bef935207
Instruction ID: bd89520f284003a0712cec6bda573f74099660292f8d5b8362a25f12540fd8ce
Opcode Fuzzy Hash: a0c3ceedbcd9e8c26f1f3f51ac5fd3b8bd1a41d9401ac76eb5425c1bef935207
Instruction Fuzzy Hash: 6FA00231641511A7D795AAB5C008706A652FBA2706F15C0A164C18A54ACA66C8BDCB31

Uniqueness

Uniqueness Score: 0.03%

Function 00716460, Relevance: 1.5, APIs: 1, Instructions: 4nativethreadCOMMON

APIs

NtSuspendThread.NTDLL ref: 0071646A

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID: SuspendThread
String ID:
API String ID: 3178671153-0
Opcode ID: 7a0d3ba4f5a73e032e835ede19822e58a9453f16fafce5ca25b85d6f1eb9e08c
Instruction ID: f7e5f8e814acdb18e12e02c68131d8b0874c972ad9ed0ff06cabae511b1712e2
Opcode Fuzzy Hash: 7a0d3ba4f5a73e032e835ede19822e58a9453f16fafce5ca25b85d6f1eb9e08c
Instruction Fuzzy Hash: 6AA0223030000003C380BB20CC08083A202EBE0302F0280B820828A00CC02088BA8320

Uniqueness

Uniqueness Score: 0.03%

Function 00715C10, Relevance: 1.5, APIs: 1, Instructions: 4nativeCOMMON

APIs

NtQueryInformationProcess.NTDLL ref: 00715C1A

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID: InformationProcessQuery
String ID:
API String ID: 1778838933-0
Opcode ID: 4a1a31a73e7743a25c2a6779294edcf9e786a07379c69b3dfb7c82d93f735253
Instruction ID: a0630893221ddefb330370be130c29eba4703b5c90f1fba743b17af290a0e026
Opcode Fuzzy Hash: 4a1a31a73e7743a25c2a6779294edcf9e786a07379c69b3dfb7c82d93f735253
Instruction Fuzzy Hash: 15A022303000020BC3008A20C03830B3280CB82302F00C0A0A0028A00AC2308882F332

Uniqueness

Uniqueness Score: 0.02%

Function 00715DC0, Relevance: 1.5, APIs: 1, Instructions: 4nativeCOMMON

APIs

NtQuerySystemInformation.NTDLL ref: 00715DCA

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 3b20a5e3ab79c195542b79dadf1c5648d3f1181dbfe6322acba53db481d832db
Instruction ID: 63abb9d5a071080e288febaf0921b8fd02a4b1db857b15bb717c2feacf7944b9
Opcode Fuzzy Hash: 3b20a5e3ab79c195542b79dadf1c5648d3f1181dbfe6322acba53db481d832db
Instruction Fuzzy Hash: 05A0223020000003CF80CE20C0082832202CBE0302F0280A0A0828B08ACBA088C0EB28

Uniqueness

Uniqueness Score: 0.01%

Function 00715E40, Relevance: 1.5, APIs: 1, Instructions: 4nativethreadCOMMON

APIs

NtQueueApcThread.NTDLL ref: 00715E4A

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID: QueueThread
String ID:
API String ID: 1850944927-0
Opcode ID: e52769e7ac13d6f7fe592d683b0e35bf8eb870b2caa89ea3170c5c3d8f29706e
Instruction ID: a721d2abd2414c8bf3b8e2849c9256d9cfa75bc8b7ce31a0472d69b73401fe10
Opcode Fuzzy Hash: e52769e7ac13d6f7fe592d683b0e35bf8eb870b2caa89ea3170c5c3d8f29706e
Instruction Fuzzy Hash: 44A0223020000003E380CAE0C00C2022200CBC0302B0080A0A2028B00AC23088C0CB32

Uniqueness

Uniqueness Score: 0.03%

Function 00714E30, Relevance: 1.5, APIs: 1, Instructions: 4nativeCOMMON

APIs

NtAdjustPrivilegesToken.NTDLL ref: 00714E3A

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: ff42f5ea1c298ac1ddaebef82b1a2eb6c03a184a1c340ab9b8e8d3eccf1067cf
Instruction ID: 4b5d6a3faca19ada130a3763f1f5700346c1b5e3b18233667843357e2f251ca1
Opcode Fuzzy Hash: ff42f5ea1c298ac1ddaebef82b1a2eb6c03a184a1c340ab9b8e8d3eccf1067cf
Instruction Fuzzy Hash: 3EA022302800028BEB80AF20C008B02B382CBC0302F0082A0A0828A00BC32088ABAB20

Uniqueness

Uniqueness Score: 0.03%

Function 00715EC0, Relevance: 1.5, APIs: 1, Instructions: 4nativeCOMMON

APIs

NtReadVirtualMemory.NTDLL ref: 00715ECA

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID: MemoryReadVirtual
String ID:
API String ID: 2834387570-0
Opcode ID: f4bf5e48ffbb5bf1b9123f7816e51f07faa90584d28acf28c39b9ce006b621bc
Instruction ID: 5ecd04388c7df4ad7d242232ee2edeaf87d7febc7782cbd47fe93a7772b78373
Opcode Fuzzy Hash: f4bf5e48ffbb5bf1b9123f7816e51f07faa90584d28acf28c39b9ce006b621bc
Instruction Fuzzy Hash: ADA0223020000C83C380CE20C0080823282CBC0302B0080A022028B00ACB3088C0C332

Uniqueness

Uniqueness Score: 0.02%

Function 00714EA0, Relevance: 1.5, APIs: 1, Instructions: 4memorynativeCOMMON

APIs

NtAllocateVirtualMemory.NTDLL ref: 00714EAA

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: 896d2f43468edd1eb28e96cf35a0b26550132a80333aad8e1ccc6f28ddb761da
Instruction ID: 47eb5490523c98d508760fa28b9be87cda462c5fe30013590ec24983034b38dd
Opcode Fuzzy Hash: 896d2f43468edd1eb28e96cf35a0b26550132a80333aad8e1ccc6f28ddb761da
Instruction Fuzzy Hash: 32A02230A0000823CBB0AE32C00830A2280CB80302F20C0E020028B88ACB208A88FBA0

Uniqueness

Uniqueness Score: 0.01%

Function 00715E80, Relevance: 1.5, APIs: 1, Instructions: 4filenativeCOMMON

APIs

NtReadFile.NTDLL ref: 00715E8A

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: b534dfe268c61426672a6e7e2e54c8006ae77b905f6ea98577604744eb9d25d9
Instruction ID: 17295f8293a550602bbfd9c690afb6a7ca3812a95ee49ddc80259eaf46f36b29
Opcode Fuzzy Hash: b534dfe268c61426672a6e7e2e54c8006ae77b905f6ea98577604744eb9d25d9
Instruction Fuzzy Hash: 71A0223030000A33CFA88AB0C80808BA280CBC0302B0080A02B008B08BC83088A0C320

Uniqueness

Uniqueness Score: 0.01%

Function 007157F0, Relevance: 1.5, APIs: 1, Instructions: 4nativeCOMMON

APIs

NtMapViewOfSection.NTDLL ref: 007157FA

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID: SectionView
String ID:
API String ID: 1323581903-0
Opcode ID: 8308c0d440751f6a16a20317f7fafc36c751767fab9ce5abda6ad55bed33ba13
Instruction ID: 1c779bd16e4669d379c2d1615af1eea88fd0647ed8e4bfc99c86d145d1162fc2
Opcode Fuzzy Hash: 8308c0d440751f6a16a20317f7fafc36c751767fab9ce5abda6ad55bed33ba13
Instruction Fuzzy Hash: 6CA02230B202000BCBC0AA28C00820A3200CBC3303F02C0A020008A088C82888AC8322

Uniqueness

Uniqueness Score: 0.01%

Function 004073E0, Relevance: .1, Instructions: 92
COMMON

C-Code - Quality: 54%

			E004073E0(intOrPtr _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E004057E0(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E004059F0( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E00418320( &_v284, 0x104);
						E00418990( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_push( &_v284);
							_push(E004121C0(_t52, _t50));
							_t31 = E00412220();
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x14; // 0xffffdef5
						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E00405A20( &_v24,  &_v840);
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E00405AA0(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}

0x004073eb
0x004073f3
0x004073f5
0x004073fa
0x004073ff
0x00407412
0x00407417
0x00407420
0x0040742c
0x0040743f
0x00407444
0x00407447
0x00407450
0x00407456
0x00407461
0x00407462
0x00407467
0x0040746c
0x00000000
0x00000000
0x0040746e
0x00407472
0x00000000
0x00000000
0x00407474
0x00000000
0x00407472
0x00407476
0x00407479
0x0040747f
0x00407481
0x0040748c
0x00407491
0x00407494
0x004074a1
0x004074ac
0x004074ae
0x004074b4
0x004074b8
0x004074bb
0x004074bb
0x004074c2
0x004074c5
0x004074ca
0x004074d7
0x00407406
0x00407406
0x00407406

Memory Dump Source

Source File: 00000008.00000002.1737773117.00400000.00000040.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e375094d08fb6160e90a1f4774e9ee9f6892eeea94a7a0bb65276d54c6a531db
Instruction ID: 29b2f8b208b0f22ecfcf3a85888ab0b947633e300325dd2f3fe7f635fbff6e47
Opcode Fuzzy Hash: e375094d08fb6160e90a1f4774e9ee9f6892eeea94a7a0bb65276d54c6a531db
Instruction Fuzzy Hash: 47213AB2D4420857CB10D6649D42AFFB7BCAB50308F44057FE949A3182F63CBA498BA6

Uniqueness

Uniqueness Score: 0.00%

Function 007155A0, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb871876bb5a727520c50d0def39eae50c58e74c3e56d45e982d0db28daf8868
Instruction ID: 43e1b100674307e2f9d598f08a26df97b4c3a99b519d699182813007e70074e3
Opcode Fuzzy Hash: cb871876bb5a727520c50d0def39eae50c58e74c3e56d45e982d0db28daf8868
Instruction Fuzzy Hash: 26A02230A000020BC3028A20C00830A2202EBC2302F00C0A020C28B08ACBB08880B3E0

Uniqueness

Uniqueness Score: 0.00%

Function 00416E92, Relevance: 3.0, APIs: 2, Instructions: 45
memoryCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 79%

			E00416E92(void* __eax, signed int __ebx, intOrPtr _a4, int _a8, void* _a12, long _a16, void* _a20) {
				void* _v117;
				intOrPtr* __esi;
				void* __ebp;
				char _t16;
				signed char* _t20;
				void* _t27;

				asm("bound esi, [edx-0x7e2ca0e9]");
				if((__ebx | 0xffffffbc) == 0) {
					asm("in al, 0x57");
					__ebp = __esp;
					__esi = _a4 + 0xc74;
					ExitProcess(_a8);
				}
				 *_t20 =  *_t20 << 0x67;
				_t13 = _a8;
				_t4 = _t13 + 0xc6c; // 0xc6c
				E004174A0(_t27, _a8, _t4,  *((intOrPtr*)(_a8 + 0x10)), 0, 0x35);
				_t16 = RtlFreeHeap(_a12, _a16, _a20); // executed
				return _t16;
			}

0x00416e92
0x00416e9b
0x00416e9d
0x00416ea1
0x00416eb2
0x00416ec8
0x00416ec8
0x00416e5b
0x00416e63
0x00416e6f
0x00416e77
0x00416e8d
0x00416e91

APIs

RtlFreeHeap.NTDLL(00000060,00407783,?,?,00407783,00000060,00000000,00000000,?,?,00407783,?,00000000), ref: 00416E8D
ExitProcess.KERNELBASE(?,?,00000000,?,?,?), ref: 00416EC8

Memory Dump Source

Source File: 00000008.00000002.1737773117.00400000.00000040.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_bnmoc.jbxd

Similarity

API ID: ExitFreeHeapProcess
String ID:
API String ID: 1180424539-0
Opcode ID: a6a7c301875abc29a66b63b209f1ba01a526ef1f8946f124dae0d83aa11eb8d2
Instruction ID: 4f3b742e1202f28fc02e2d2ca9595479ef3206f4c92fdd8288daa78c23ad4ec4
Opcode Fuzzy Hash: a6a7c301875abc29a66b63b209f1ba01a526ef1f8946f124dae0d83aa11eb8d2
Instruction Fuzzy Hash: AC01DFB52042006FCB20CF68CC85ED77BA8AF85364F248689F999AB252C235E500CAA0

Uniqueness

Uniqueness Score: 0.84%

Function 00405C40, Relevance: 1.6, APIs: 1, Instructions: 55
threadwindowCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 82%

			E00405C40(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;

				_v68 = 0;
				E00418370( &_v67, 0, 0x3f);
				E00418F10( &_v68, 3);
				_t12 = E00408420(_a4 + 0x1c,  &_v68); // executed
				_t13 = E00412280(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E00407F10(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}

0x00405c4f
0x00405c53
0x00405c5e
0x00405c6e
0x00405c7e
0x00405c83
0x00405c8a
0x00405c8d
0x00405c9a
0x00405c9c
0x00405c9e
0x00405cbb
0x00405cbb
0x00000000
0x00405cbd
0x00405cc2

APIs

Part of subcall function 00408420: LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00408492

PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 00405C9A

Memory Dump Source

Source File: 00000008.00000002.1737773117.00400000.00000040.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_bnmoc.jbxd

Similarity

API ID: LoadMessagePostThread
String ID:
API String ID: 635653827-0
Opcode ID: f8cb9bb763ff9e02bf422dd47241909d94eab81eeb444992c7259a35d69fbba8
Instruction ID: df1f3458a277aeac272cf9c7e605c7b2aad6dd3bbff3b83dc78c0d335b365365
Opcode Fuzzy Hash: f8cb9bb763ff9e02bf422dd47241909d94eab81eeb444992c7259a35d69fbba8
Instruction Fuzzy Hash: 07018431A8122976E720A6958D03FFF766C9B40B54F04411EFF04BA1C1EAA8690646E9

Uniqueness

Uniqueness Score: 0.03%

Function 00416E52, Relevance: 1.5, APIs: 1, Instructions: 30
memoryCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 68%

			E00416E52(signed char* __ecx, void* __edx, intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				void* _v117;
				char _t12;
				void* _t21;

				asm("cdq");
				 *__ecx =  *__ecx << 0x67;
				_t9 = _a4;
				_push(_t22);
				_t4 = _t9 + 0xc6c; // 0xc6c
				E004174A0(_t21, _a4, _t4,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t12 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t12;
			}

0x00416e53
0x00416e5b
0x00416e63
0x00416e69
0x00416e6f
0x00416e77
0x00416e8d
0x00416e91

APIs

RtlFreeHeap.NTDLL(00000060,00407783,?,?,00407783,00000060,00000000,00000000,?,?,00407783,?,00000000), ref: 00416E8D

Memory Dump Source

Source File: 00000008.00000002.1737773117.00400000.00000040.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_bnmoc.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 47f80a2c067a329ed596bc7f1f6181c8a83b7733b93565a5d4984a60ca3ae8fc
Instruction ID: 3bd42e6f8c0f6c48ff0f48234b56751b22d79f467a0c9f1625b4c59331d0ab6d
Opcode Fuzzy Hash: 47f80a2c067a329ed596bc7f1f6181c8a83b7733b93565a5d4984a60ca3ae8fc
Instruction Fuzzy Hash: 94F0E5B1200204AFD724CF69CC84ED77BA9EF88354F10415CF94C97351C631E810CBA0

Uniqueness

Uniqueness Score: 0.04%

Function 00416E60, Relevance: 1.5, APIs: 1, Instructions: 24
memoryCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00416E60(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc6c; // 0xc6c
				E004174A0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}

0x00416e6f
0x00416e77
0x00416e8d
0x00416e91

APIs

RtlFreeHeap.NTDLL(00000060,00407783,?,?,00407783,00000060,00000000,00000000,?,?,00407783,?,00000000), ref: 00416E8D

Memory Dump Source

Source File: 00000008.00000002.1737773117.00400000.00000040.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_bnmoc.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: f6aa58c0471ebcee52fdf1a02490778cbc66a1823597dab86d8382cbc6c042cc
Instruction ID: 96c655b5d592e65df52a57f4499056bf6c3335a585bb954dd361317b447ebb6e
Opcode Fuzzy Hash: f6aa58c0471ebcee52fdf1a02490778cbc66a1823597dab86d8382cbc6c042cc
Instruction Fuzzy Hash: BBE046B1200208ABDB24EF89CC85EE777ACEF88764F018559FE095B252D630F910CAF0

Uniqueness

Uniqueness Score: 0.04%

Function 00416E20, Relevance: 1.5, APIs: 1, Instructions: 24
memoryCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00416E20(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E004174A0(_t15, _a4, _a4 + 0xc68,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}

0x00416e37
0x00416e4d
0x00416e51

APIs

RtlAllocateHeap.NTDLL(00411966,?,004120DF,004120DF,?,00411966,?,?,?,?,?,00000000,00407783,?), ref: 00416E4D

Memory Dump Source

Source File: 00000008.00000002.1737773117.00400000.00000040.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_bnmoc.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 27709202d9feb4eea64b415e12b7746c432efe3171a2dfc3cf9bb8f2cb4079c2
Instruction ID: e20dc4905ae135dd6a41934e5b574553db4ab9bb507eb47ff7f2a114747658ad
Opcode Fuzzy Hash: 27709202d9feb4eea64b415e12b7746c432efe3171a2dfc3cf9bb8f2cb4079c2
Instruction Fuzzy Hash: 9AE04FB12002046BD714DF49CC41EE777ACEF88754F014559FE095B241C530F914CAF0

Uniqueness

Uniqueness Score: 0.01%

Function 00416FC0, Relevance: 1.5, APIs: 1, Instructions: 24
COMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00416FC0(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E004174A0(_t15, _a4, _a4 + 0xc84,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}

0x00416fda
0x00416ff0
0x00416ff4

APIs

LookupPrivilegeValueW.ADVAPI32(00000000,?,0040C8A2,0040C8A2,?,00000000,?,004077F5), ref: 00416FF0

Memory Dump Source

Source File: 00000008.00000002.1737773117.00400000.00000040.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_bnmoc.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 9901e6cc4cea2ae1911420fd553ee0bbdcc9968d1f2417027b8d8768af816c3d
Instruction ID: c7c73d61ad7871c71f4257c82fef3877c8a2a3389e0b892db2c5c4f0ee9bd211
Opcode Fuzzy Hash: 9901e6cc4cea2ae1911420fd553ee0bbdcc9968d1f2417027b8d8768af816c3d
Instruction Fuzzy Hash: 5BE01AB12002086BDB14DF59CC45EE737ADAF88654F018155BA0D57242D934E8108BF5

Uniqueness

Uniqueness Score: 0.02%

Function 00416EA0, Relevance: 1.5, APIs: 1, Instructions: 20
COMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00416EA0(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E004174A0(_t10, _a4, _a4 + 0xc74,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}

0x00416ea3
0x00416eba
0x00416ec8

APIs

ExitProcess.KERNELBASE(?,?,00000000,?,?,?), ref: 00416EC8

Memory Dump Source

Source File: 00000008.00000002.1737773117.00400000.00000040.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_bnmoc.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 8d411bde3d3cde023b531ced3d95410a02006bc74c5ee52a30e481b59750373e
Instruction ID: f0169f7c71716d660dd0be55b697d3d819ffa931d9c1d9198c96446b1029d96e
Opcode Fuzzy Hash: 8d411bde3d3cde023b531ced3d95410a02006bc74c5ee52a30e481b59750373e
Instruction Fuzzy Hash: 1ED012716142147BD624DB99CC45FD777ACDF44764F014165BA0D5B241D531BA0086E1

Uniqueness

Uniqueness Score: 0.01%

Non-executed Functions

Function 007372C3, Relevance: 36.4, Strings: 28, Instructions: 1411
UNIQUECrypto

C-Code - Quality: 74%

			E007372C3(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v104;
				signed int _v108;
				signed int _v112;
				void* _v116;
				signed int _v120;
				signed int _v124;
				signed int _v126;
				signed int _v128;
				intOrPtr _v132;
				signed int _v136;
				short _v138;
				signed short _v140;
				char _v144;
				short* _v148;
				short _v150;
				char _v152;
				signed int _v156;
				char _v160;
				signed int _v164;
				signed int _v168;
				signed short _v172;
				signed int _v174;
				signed int _v176;
				intOrPtr _v180;
				char _v184;
				char _v188;
				char _v192;
				signed int _v196;
				char _v200;
				signed int _v204;
				intOrPtr* _v208;
				signed int _v212;
				signed int _v216;
				char* _v220;
				short _v222;
				char _v224;
				signed int _v228;
				signed int _v232;
				intOrPtr _v236;
				intOrPtr _v240;
				signed int _v244;
				char _v248;
				signed char _v252;
				unsigned int _v256;
				signed int _v260;
				signed int _v264;
				char _v268;
				char _v272;
				signed int _v296;
				signed short _v300;
				intOrPtr _v304;
				intOrPtr _v308;
				char _v320;
				void* _v336;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t470;
				short _t474;
				short _t475;
				signed int _t477;
				intOrPtr _t480;
				intOrPtr _t490;
				signed int _t493;
				signed int _t494;
				signed int _t496;
				signed int _t499;
				signed int _t504;
				signed int _t505;
				signed int _t506;
				signed int _t510;
				signed int _t511;
				signed int _t514;
				signed int _t516;
				signed int _t521;
				intOrPtr* _t530;
				intOrPtr _t537;
				intOrPtr* _t538;
				intOrPtr _t539;
				signed int _t542;
				signed int _t543;
				signed int _t544;
				signed int _t545;
				char _t550;
				signed int _t552;
				signed int _t553;
				signed int _t554;
				signed int _t562;
				signed int _t563;
				signed int _t565;
				signed short _t569;
				intOrPtr _t577;
				intOrPtr _t583;
				intOrPtr _t584;
				signed int _t585;
				signed int _t586;
				signed int _t587;
				signed int _t593;
				signed int _t594;
				intOrPtr _t597;
				intOrPtr _t599;
				signed short* _t604;
				signed int _t606;
				intOrPtr _t607;
				signed int _t609;
				intOrPtr _t612;
				void* _t616;
				void* _t618;
				intOrPtr _t632;
				intOrPtr _t634;
				signed int* _t637;
				intOrPtr _t639;
				intOrPtr _t640;
				signed int _t645;
				intOrPtr _t646;
				signed int _t650;
				signed int _t651;
				signed int _t653;
				signed int _t655;
				signed int _t657;
				signed int _t658;
				intOrPtr* _t659;
				signed int _t661;
				intOrPtr* _t665;
				intOrPtr _t666;
				signed int _t667;
				signed int _t669;
				signed int _t670;
				intOrPtr* _t671;
				intOrPtr* _t673;
				signed int _t676;
				signed int _t681;
				signed int _t682;
				signed int _t685;
				signed int _t687;
				unsigned int _t688;
				unsigned int _t689;
				signed int _t690;
				signed int _t691;
				signed int _t692;
				signed int _t694;
				signed int _t695;
				signed int _t696;
				signed int _t699;
				signed int _t700;
				signed int _t701;
				signed int _t702;
				signed int _t708;
				signed int _t709;
				signed short _t715;
				signed int _t716;
				signed short _t718;
				short _t719;
				signed int _t720;
				signed int _t721;
				signed int _t732;
				signed int _t733;
				signed int _t734;
				signed int _t739;
				signed int _t740;
				signed int _t741;
				signed int* _t745;
				signed int _t749;
				signed int _t750;
				signed short _t751;
				intOrPtr _t752;
				intOrPtr _t753;
				signed int _t755;
				intOrPtr _t763;
				intOrPtr* _t765;
				short* _t766;
				char _t767;
				signed int _t770;
				intOrPtr* _t772;
				intOrPtr _t779;
				signed int _t784;
				char _t786;
				signed int _t789;
				signed int _t790;
				intOrPtr _t793;
				intOrPtr _t794;
				signed short _t799;
				signed int _t804;
				char _t809;
				signed int _t818;
				signed int _t823;
				unsigned int _t824;
				signed int _t825;
				signed int _t826;
				signed int _t827;
				intOrPtr _t830;
				signed int _t832;
				void* _t833;
				void* _t851;
				signed short _t888;

				_t470 =  *0x7a81e8; // 0x77d55b89
				_v8 = _t470 ^ _t832;
				_v180 = _a4;
				_v132 = _a8;
				_t474 = 0x13;
				_v224 = _t474;
				_t475 = 0x14;
				_t821 = 0;
				_v222 = _t475;
				_v220 = "BaseQueryModuleData";
				L00737CCA(0);
				_t477 =  *[fs:0x18];
				_t763 =  *((intOrPtr*)(_t477 + 0x30));
				_v204 = _t477;
				if(( *(_t763 + 3) & 0x00000001) != 0) {
					_push(0);
					_push(0x10);
					_push( &_v336);
					_push(3);
					_push( *(_t763 + 8));
					_push(0xffffffff);
					L00715E20();
					_t480 =  *(_t763 + 8);
					_t765 = _v336;
					__eflags = _t765 - _t480;
					if(_t765 != _t480) {
						 *_t765 = _t480;
					}
				}
				 *0x7a8890 = 0x7a888c;
				 *0x7a888c = 0x7a888c;
				 *0x7a8898 = 0x7a8894;
				 *0x7a8894 = 0x7a8894;
				 *0x7a88a0 = 0x7a889c;
				 *0x7a889c = 0x7a889c;
				 *0x7a8880 = 0x30;
				 *0x7a8884 = 1;
				 *0x7a88a8 = 0;
				 *0x7a88ac = _t821;
				 *((intOrPtr*)(_t763 + 0xc)) = 0x7a8880;
				E007380F3( *((intOrPtr*)(_t763 + 0x58)),  *((intOrPtr*)(_t763 + 0x5c)),  *((intOrPtr*)(_t763 + 0x60)),  &_v104);
				E00738002(_t765,  &_v104);
				L00737FE7(_t763);
				L00737FCC(_t763);
				_t490 =  *((intOrPtr*)(_t763 + 0x10));
				__eflags =  *(_t490 + 8) & 0x00000001;
				_t766 =  *((intOrPtr*)(_t490 + 0x3c));
				if(( *(_t490 + 8) & 0x00000001) == 0) {
					_t766 = _t766 + _t490;
				}
				_v148 = _t766;
				_t808 =  *((intOrPtr*)(_t490 + 0x38));
				_v152 = _t808;
				_v150 = _v152 + 2;
				__eflags = _t808 - 8;
				if(__eflags >= 0) {
					__eflags =  *_t766 - 0x5c;
					if(__eflags == 0) {
						__eflags =  *((short*)(_t766 + 2)) - 0x3f;
						if(__eflags == 0) {
							__eflags =  *((short*)(_t766 + 4)) - 0x3f;
							if(__eflags == 0) {
								__eflags =  *((short*)(_t766 + 6)) - 0x5c;
								if(__eflags == 0) {
									_t808 = 0xfff8;
									_v148 = _t766 + 8;
									_v152 = _v152 + 0xfff8;
									_v150 = _v150 + 0xfff8;
									 *((intOrPtr*)(_t490 + 0x3a)) =  *((intOrPtr*)(_t490 + 0x3a)) + 0xfff8;
									 *((intOrPtr*)(_t490 + 0x3c)) =  *((intOrPtr*)(_t490 + 0x3c)) + 8;
									 *((intOrPtr*)(_t490 + 0x38)) =  *((intOrPtr*)(_t490 + 0x38)) + 0xfff8;
									_t821 = 0;
								}
							}
						}
					}
				}
				_push( &_v116);
				_push(_t821);
				_push(_t821);
				 *0x7aec45 = 0;
				_v196 = _t821;
				_push( *(_t763 + 8));
				_push(3);
				_v164 = 1;
				E0072F409(1, _t821, __eflags);
				__eflags =  *0x7ffe02d5;
				_t767 = _v116;
				if( *0x7ffe02d5 == 0) {
					_t493 = 0;
				} else {
					_t493 =  *(_t767 + 0x5f) & 0x00000001;
					__eflags = _t493;
				}
				__eflags = _t493;
				if(_t493 == 0) {
					_t494 = E006FF359(_t767);
					__eflags = _t494;
					if(_t494 == 0) {
						 *0x7aecd0 = 1;
					}
				} else {
					 *0x7a8028 = 1;
				}
				_t496 =  *(_v116 + 0x5c) & 0x0000ffff;
				_t818 = 2;
				__eflags = _t496 - _t818;
				if(_t496 == _t818) {
					L76:
					_push( &_v268);
					_push(4);
					_push( &_v252);
					_push(0x2e);
					_push(0xffffffff);
					_t499 = E00715C10();
					__eflags = _t499;
					if(_t499 >= 0) {
						__eflags = _v252 & 0x00000001;
						if(__eflags != 0) {
							E0076E31A(_t767, _t808, _t818, __eflags);
						}
					}
					L78:
					_t821 = L00737DA3(_t808,  &_v152, _t763, _v132,  &_v160,  &_v144);
					__eflags = _t821;
					if(_t821 < 0) {
						_t504 =  *0x7273a4; // 0x2
						_t505 = _t504 | 0x00000001;
						__eflags =  *0x7af9c0 & _t505;
						if(( *0x7af9c0 & _t505) == 0) {
							L180:
							_t506 =  *0x7af9c0;
							__eflags =  *0x7273a8 & _t506;
							if(( *0x7273a8 & _t506) != 0) {
								asm("int3");
							}
							_t507 = _t821;
							L66:
							__eflags = _v8 ^ _t832;
							return L00722F0C(_t507, _t763, _v8 ^ _t832, _t808, _t818, _t821);
						}
						_push(_t821);
						_push("Initializing the execution options for the process %lx failed with status 0x%08lx\n");
						_push(0);
						_push("LdrpInitializeProcess");
						_push(0x890);
						L179:
						_push("d:\\w7rtm\\minkernel\\ntdll\\ldrinit.c");
						E0076F3E2(_t763);
						goto L180;
					}
					__eflags =  *(_t763 + 0x68) & 0x00000002;
					if(( *(_t763 + 0x68) & 0x00000002) != 0) {
						 *0x7af9c0 =  *0x7af9c0 | 0x00000001;
					}
					_t510 =  *0x7273bc; // 0x4
					_t770 =  *0x7af9c0;
					_t511 = _t510 | 0x00000001;
					__eflags = _t770 & _t511;
					if((_t770 & _t511) != 0) {
						E0076F3E2(_t763, "d:\\w7rtm\\minkernel\\ntdll\\ldrinit.c", 0x89e, "LdrpInitializeProcess", _t818, "Initializing process 0x%lx\n",  *((intOrPtr*)(_v204 + 0x20)));
						_t833 = _t833 + 0x18;
					}
					_t514 =  *0x7af9c0;
					__eflags =  *0x7273c0 & _t514;
					if(( *0x7273c0 & _t514) != 0) {
						asm("int3");
					}
					_t516 = E0072F4BA( *(_t763 + 8), 1, 0xe,  &_v272);
					__eflags = _t516;
					if(_t516 != 0) {
						 *0x7aec45 = 1;
					}
					 *0x7aecb0 = _v132;
					_v208 =  *((intOrPtr*)(_t763 + 0x1e8));
					 *0x7a8318 =  *((intOrPtr*)(_t763 + 0x70));
					 *0x7a831c =  *((intOrPtr*)(_t763 + 0x74));
					_t521 = E00738229( *((intOrPtr*)(_t763 + 0x10)));
					__eflags = _t521;
					if(_t521 == 0) {
						_v124 = _v124 & 0;
						_v128 = 0;
						_v126 = 0;
					} else {
						_v128 =  *(_t521 + 0x38);
						_v124 =  *((intOrPtr*)(_t521 + 0x3c));
					}
					_v168 = _v168 & 0x00000000;
					_t821 = E0072F4BA( *(_t763 + 8), 1, 0xa,  &_v168);
					L00704EC0( &_v320, 0, 0x30);
					_t833 = _t833 + 0xc;
					_v120 = _t818;
					_v320 = 0x30;
					__eflags = _t821;
					if(__eflags == 0) {
						L104:
						if(( *(_t763 + 0x68) & 0x00000002) != 0) {
							 *0x7af9c0 =  *0x7af9c0 | 0x00000001;
						}
						_t851 =  *0x7a831c - 0xfffffff7;
						if(_t851 > 0) {
							L108:
							if(E0073836E(_t851) < 0) {
								goto L66;
							}
							 *((intOrPtr*)(_t763 + 0x218)) = 0x7a8270;
							 *((intOrPtr*)(_t763 + 0x40)) = 0x7a8260;
							 *((intOrPtr*)(_t763 + 0x150)) = 0x7a8268;
							E0073573A(0x7a8270, _t763 + 0x21c, 0x80);
							L00737CA5(0x7a8270, 0);
							_t530 = _t763 + 0x210;
							 *((intOrPtr*)(_t530 + 4)) = _t530;
							 *_t530 = _t530;
							E0073573A(0x7a8260, _t763 + 0x44, 0x40);
							L00737CA5(0x7a8260, 0);
							E0073573A(0x7a8268, _t763 + 0x154, 0x400);
							L00737CA5(0x7a8268, 0);
							_t537 =  *0x7a8340; // 0x77df8540
							_t772 =  *0x7a8564; // 0x2926f0
							_t538 = _t537 + 8;
							 *_t538 = 0x7a8560;
							 *((intOrPtr*)(_t538 + 4)) = _t772;
							 *_t772 = _t538;
							 *0x7a8564 = _t538;
							_t539 =  *0x7a8340; // 0x77df8540
							 *((intOrPtr*)(_t539 + 4)) = 0x7a8340;
							 *0x7a8061 = 1;
							if(( *(_t763 + 0x68) & 0x00001000) != 0 ||  *0x7afa09 != 0) {
								_t823 = 0x10;
								_t818 = 0;
								_v108 = _t823;
								_t542 = L0073CD48(_t808,  &_v152, L"StackTraceDatabaseSizeInMb", 4,  &_v108, 4, 0, 0);
								__eflags = _t542;
								if(_t542 < 0) {
									L198:
									_t824 = 0x1000000;
									L202:
									_t543 =  *0x7273bc; // 0x4
									_t544 = _t543 | 0x00000001;
									__eflags =  *0x7af9c0 & _t544;
									if(( *0x7af9c0 & _t544) != 0) {
										__eflags = _t824 >> 0x14;
										E0076F3E2(_t763, "d:\\w7rtm\\minkernel\\ntdll\\ldrinit.c", 0xa01, "LdrpInitializeProcess", 2, "Stack trace database size is %ld Mb\n", _t824 >> 0x14);
										_t833 = _t833 + 0x18;
									}
									_t545 =  *0x7af9c0;
									__eflags =  *0x7273c0 & _t545;
									if(( *0x7273c0 & _t545) != 0) {
										asm("int3");
									}
									_v264 = _t818;
									_v260 = _t818;
									_v256 = _t824;
									L0078DD5C(_t818, 0xc,  &_v264);
									goto L112;
								}
								_t749 = _v108;
								__eflags = _t749 - _t823;
								if(_t749 >= _t823) {
									__eflags = _t749 - 0x80;
									if(_t749 <= 0x80) {
										_t750 = _t749 << 0x14;
										__eflags = _t750;
										_t824 = _t750;
									} else {
										_t824 = 0x8000000;
									}
									goto L202;
								}
								goto L198;
							} else {
								_t818 = 0;
								L112:
								_t821 = 0x7a8380;
								_t507 = L00729FB6(0x7a8380);
								_t856 = _t507 - _t818;
								if(_t507 < _t818) {
									goto L66;
								}
								 *0x7a8284 = 0x7a8280;
								 *0x7a8280 = 0x7a8280;
								 *(_t763 + 0x1c) = 0x7a8380;
								E0073878B(_t772, _t808, _t856);
								_t550 = _v116;
								_t857 =  *((short*)(_t550 + 0x48)) - 3;
								if( *((short*)(_t550 + 0x48)) <= 3) {
									__eflags =  *((short*)(_t550 + 0x4a)) - 0x33;
									if(__eflags < 0) {
										_v120 = _v120 | 0x00010000;
									}
								}
								_t773 =  &_v320;
								_push( &_v320);
								_push(_t818);
								_push( *((intOrPtr*)(_t550 + 0x6c)));
								_push( *((intOrPtr*)(_t550 + 0x68)));
								_push(_t818);
								_push(_v120);
								_t821 = E00732730(_t763,  &_v320, _t818, _t821, _t857);
								_v120 = _t821;
								if(_t821 == _t818) {
									_t552 =  *0x7273a4; // 0x2
									_t553 = _t552 | 0x00000001;
									__eflags =  *0x7af9c0 & _t553;
									if(( *0x7af9c0 & _t553) == 0) {
										goto L212;
									}
									_push("Creating the process heap failed\n");
									_push(_t818);
									_push("LdrpInitializeProcess");
									_push(0xa43);
									goto L211;
								} else {
									 *(_t763 + 0x18) = _t821;
									if(E007333A6( *[fs:0x18] + 0x1a8) < _t818) {
										goto L66;
									}
									 *0x7a80e4 = _t821;
									_t507 = E00738646();
									_t860 = _t507 - _t818;
									if(_t507 < _t818) {
										goto L66;
									}
									_push(L"!Process");
									_push(L"NTDLL!");
									_push(_t818);
									_push(_t821);
									 *0x7aec78 = L00737CE5(_t763,  &_v320, _t818, _t821, _t860);
									if(E00738669(_t860) < _t818) {
										goto L66;
									}
									_push( *0x7aec78 + 0x1c0000);
									E00738364();
									if(E007384FA( &_v320) < _t818 || E007383CC(_t773) < _t818) {
										goto L66;
									} else {
										_t562 =  *((intOrPtr*)(_t763 + 0x10));
										_v156 = _t562;
										if(_t562 == _t818) {
											_t563 = 0;
											_v128 = 0;
											_v126 = 0;
										} else {
											_v128 =  *(_t562 + 0x38);
											_t563 =  *((intOrPtr*)(_t562 + 0x3c));
										}
										_v124 = _t563;
										_v148 = _t563;
										if(_v160 != _t818) {
											_t565 = L00735E9A(_v160, L"DebugProcessHeapOnly", 4,  &_v196, 4, _t818);
											__eflags = _t565;
											if(_t565 >= 0) {
												__eflags =  *0x7a807c - _t818; // 0x0
												if(__eflags != 0) {
													__eflags = _v196 - _t818;
													if(_v196 != _t818) {
														_t745 =  *0x7a8078; // 0x77dfee9c
														 *0x7a807c = _t818;
														 *_t745 =  *_t745 & 0xfffffbff;
													}
												}
											}
										}
										L00726D7A( &_v216, 0x7ffe0030);
										_t821 = (_v216 & 0x0000ffff) + ( *0x7350fc & 0x0000ffff) + 0x14;
										_t569 = L007229EE(_v120, _t818, _t821);
										if(_t569 == _t818) {
											L214:
											_t507 = 0xc0000017;
											goto L66;
										} else {
											_v172 = _t569;
											_v176 = 0;
											_v174 = _t821;
											E0072712E( &_v176,  &_v216);
											E0072712E( &_v176, 0x7350fc);
											if(( *(_t763 + 3) & 0x00000002) != 0) {
												L131:
												_t825 = _v156;
												if(_t825 == _t818) {
													_t821 = _v176 & 0x0000ffff;
													_v140 = _v216;
													_v136 = _v212;
													_t577 = L007229EE(_v120, _t818, _t821);
													__eflags = _t577 - _t818;
													if(_t577 == _t818) {
														goto L214;
													}
													 *0x7a82e4 = _t577;
													 *0x7a82e0 = 0;
													 *0x7a82e2 = _t821;
													E0072712E(0x7a82e0,  &_v176);
													_t808 =  *0x7a82e4; // 0x291610
													 *0x7a82e0 =  *0x7a82e0 + 0xfffe;
													 *((short*)(_t808 + (( *0x7a82e0 & 0x0000ffff) >> 1) * 2)) = 0;
													L137:
													_t583 =  *0x7aec54;
													_t877 = _t583 - _t818;
													if(_t583 != _t818) {
														__eflags = _t583 - 0xffffffff;
														if(__eflags != 0) {
															E00770835(_t763, __eflags,  &_v128);
														}
													}
													_t584 = E00738274(_t818, _t877,  *(_t763 + 8));
													 *0x7a81a8 = _t584;
													if(_t584 == _t818) {
														_t585 =  *0x7273a4; // 0x2
														_t586 = _t585 | 0x00000001;
														__eflags =  *0x7af9c0 & _t586;
														if(( *0x7af9c0 & _t586) == 0) {
															goto L240;
														}
														_push("Allocating a data table entry for the executable failed\n");
														_push(_t818);
														_push("LdrpInitializeProcess");
														_push(0xbfa);
														goto L239;
													} else {
														 *((short*)(_t584 + 0x38)) = 0xffff;
														_t809 = _v116;
														if( *((intOrPtr*)(_t809 + 0x28)) == _t818) {
															_t779 = 0;
														} else {
															_t779 =  *((intOrPtr*)(_t584 + 0x18)) +  *((intOrPtr*)(_t809 + 0x28));
														}
														 *((intOrPtr*)(_t584 + 0x1c)) = _t779;
														 *(_t584 + 0x24) = _v128;
														 *((intOrPtr*)(_t584 + 0x28)) = _v124;
														 *(_t584 + 0x48) = _t818;
														 *(_t584 + 0x34) = _t818;
														if( *0x7aec45 != 0) {
															 *(_t584 + 0x34) = 0x400000;
														}
														if(( *(_t763 + 3) & 0x00000008) == 0) {
															 *(_t584 + 0x6c) =  *(_v116 + 0x34);
														} else {
															 *(_t584 + 0x6c) = _t818;
														}
														_t784 = _v124;
														_t808 = (_v128 & 0x0000ffff) + _t784;
														if(_t808 == 0) {
															L4:
															 *(_t584 + 0x2c) =  *(_t584 + 0x24);
															_t786 =  *((intOrPtr*)(_t584 + 0x28));
															goto L151;
														} else {
															while(_t808 > _t784) {
																_t808 = _t808;
																if( *_t808 != 0x5c) {
																	continue;
																}
																_t808 = _t808 + 2;
																_v184 = _t808;
																if(_t808 == _t818) {
																	goto L4;
																}
																_t799 = _t784 - _t808 + _v128;
																 *(_t584 + 0x2c) = _t799;
																_t808 = (_v126 & 0x0000ffff) - (_v128 & 0x0000ffff);
																if((_v126 & 0x0000ffff) - (_v128 & 0x0000ffff) >= 2) {
																	_t799 = _t799 + 2;
																	_t888 = _t799;
																}
																 *(_t584 + 0x2e) = _t799;
																_t786 = _v184;
																L151:
																 *(_t584 + 0x34) =  *(_t584 + 0x34) | 0x00004000;
																 *((intOrPtr*)(_t584 + 0x30)) = _t786;
																E007382E7(_t763, _t808, _t584);
																_t821 = E00738274(_t818, _t888, _v132);
																_t889 = _t821 - _t818;
																if(_t821 == _t818) {
																	_t593 =  *0x7273a4; // 0x2
																	_t594 = _t593 | 0x00000001;
																	__eflags =  *0x7af9c0 & _t594;
																	if(( *0x7af9c0 & _t594) == 0) {
																		L240:
																		_t587 =  *0x7af9c0;
																		__eflags =  *0x7273a8 & _t587;
																		if(( *0x7273a8 & _t587) != 0) {
																			asm("int3");
																		}
																		__eflags = _v164 - _t818;
																		if(_v164 == _t818) {
																			L00722F1E( &_v140);
																		}
																		goto L214;
																	}
																	_push("Allocating a data table entry for the system DLL failed\n");
																	_push(_t818);
																	_push("LdrpInitializeProcess");
																	_push(0xc45);
																	L239:
																	_push("d:\\w7rtm\\minkernel\\ntdll\\ldrinit.c");
																	E0076F3E2(_t763);
																	goto L240;
																}
																_push( &_v200);
																_push(_t818);
																_push(_t818);
																_push( *((intOrPtr*)(_t821 + 0x18)));
																_push(3);
																E0072F409(_t818, _t821, _t889);
																_t597 = _v200;
																if( *((intOrPtr*)(_t597 + 0x28)) != _t818) {
																	_t599 =  *((intOrPtr*)(_t597 + 0x28)) +  *((intOrPtr*)(_t821 + 0x18));
																} else {
																	_t599 = 0;
																}
																 *((intOrPtr*)(_t821 + 0x1c)) = _t599;
																 *((intOrPtr*)(_t821 + 0x6c)) =  *((intOrPtr*)(_v200 + 0x34));
																 *((intOrPtr*)(_t821 + 0x34)) = 4;
																 *((intOrPtr*)(_t821 + 0x6c)) =  *((intOrPtr*)(_t821 + 0x6c)) -  *0x7af8d0;
																 *((short*)(_t821 + 0x38)) = 0xffff;
																 *(_t821 + 0x48) = _t818;
																_t282 = _t821 + 0x24; // 0x24
																_t604 = _t282;
																 *_t604 = _v176;
																_t788 = _v172;
																_t604[2] = _v172;
																E0072712E(_t604, 0x737c80);
																_t606 =  *0x737c80; // 0x140012
																 *(_t821 + 0x2c) = _t606;
																_t607 =  *0x737c84; // 0x738210
																 *((intOrPtr*)(_t821 + 0x30)) = _t607;
																E007382E7(_t763, _t808, _t821);
																_t609 =  *0x7273bc; // 0x4
																 *0x7a81ac = _t821;
																if(( *0x7af9c0 & (_t609 | 0x00000001)) != 0) {
																	_push(0x7a82e0);
																	_push( &_v140);
																	_t612 =  *0x7a81a8; // 0x291b68
																	_t391 = _t612 + 0x24; // 0x291b8c
																	_t788 = _t391;
																	_push(_t391);
																	E0076F3E2(_t763, "d:\\w7rtm\\minkernel\\ntdll\\ldrinit.c", 0xc97, "LdrpInitializeProcess", 2, "Beginning execution of %wZ (%wZ)\n\tCurrent directory: %wZ\n\tSearch path: %wZ\n", _t612 + 0x2c);
																	_t833 = _t833 + 0x24;
																}
																if(( *0x7273c0 &  *0x7af9c0) != 0) {
																	asm("int3");
																}
																_t616 =  *0x7a889c; // 0x291bf8
																_t826 = _t821 + 0x10;
																 *_t826 = _t616;
																 *(_t826 + 4) = 0x7a889c;
																 *(_t616 + 4) = _t826;
																 *0x7a889c = _t826;
																_t618 = L00737D40(_t763, _t788,  &_v140);
																if(_t618 < _t818) {
																	_t789 =  *0x7273a4; // 0x2
																	_t790 = _t789 | 0x00000001;
																	__eflags =  *0x7af9c0 & _t790;
																	if(( *0x7af9c0 & _t790) != 0) {
																		_push(_t618);
																		E0076F3E2(_t763, "d:\\w7rtm\\minkernel\\ntdll\\ldrinit.c", 0xcac, "LdrpInitializeProcess", _t818, "Initializing the current directory to \"%wZ\" failed with status 0x%08lx\n",  &_v140);
																		_t833 = _t833 + 0x1c;
																	}
																	__eflags =  *0x7273a8 &  *0x7af9c0;
																	if(__eflags != 0) {
																		asm("int3");
																	}
																}
																if(_v164 == _t818) {
																	L00722F1E( &_v140);
																}
																if(( *(_t763 + 0x68) & 0x02000100) != 0) {
																	_t821 = E00738274(_t818, __eflags,  *((intOrPtr*)(_v144 + 0x18)));
																	__eflags = _t821 - _t818;
																	if(_t821 != _t818) {
																		 *((intOrPtr*)(_t821 + 0x34)) =  *((intOrPtr*)(_v144 + 0x34));
																		 *((intOrPtr*)(_t821 + 0x1c)) =  *((intOrPtr*)(_v144 + 0x1c));
																		 *((intOrPtr*)(_t821 + 0x6c)) =  *((intOrPtr*)(_v144 + 0x6c));
																		 *((short*)(_t821 + 0x38)) = 0xffff;
																		 *((short*)(_t821 + 0x3a)) = 0;
																		 *(_t821 + 0x48) = _t818;
																		_t632 = _v144;
																		 *(_t821 + 0x24) =  *(_t632 + 0x24);
																		 *(_t821 + 0x28) =  *(_t632 + 0x28);
																		_t634 = _v144;
																		_t792 =  *(_t634 + 0x2c);
																		 *(_t821 + 0x2c) =  *(_t634 + 0x2c);
																		 *((intOrPtr*)(_t821 + 0x30)) =  *((intOrPtr*)(_t634 + 0x30));
																		E007382E7(_t763, _t808, _t821);
																		_t637 =  *0x7a88a0; // 0x291ef0
																		_t821 = _t821 + 0x10;
																		 *_t821 = 0x7a889c;
																		 *(_t821 + 4) = _t637;
																		 *_t637 = _t821;
																		 *0x7a88a0 = _t821;
																		__eflags =  *(_t763 + 0x68) & 0x00000100;
																		if(__eflags == 0) {
																			goto L159;
																		}
																		_t507 = L007759B4(_t808, _t818, _t818, _t818, 1, _v132, _t818);
																		__eflags = _t507 - _t818;
																		if(__eflags >= 0) {
																			goto L159;
																		} else {
																			goto L66;
																		}
																		goto L259;
																	}
																	_t708 =  *0x7273a4; // 0x2
																	_t709 = _t708 | 0x00000001;
																	__eflags =  *0x7af9c0 & _t709;
																	if(( *0x7af9c0 & _t709) == 0) {
																		L212:
																		_t554 =  *0x7af9c0;
																		__eflags =  *0x7273a8 & _t554;
																		if(( *0x7273a8 & _t554) != 0) {
																			asm("int3");
																		}
																		goto L214;
																	}
																	_push("Allocating a data table entry for the application verifier DLL failed\n");
																	_push(_t818);
																	_push("LdrpInitializeProcess");
																	_push(0xcc2);
																	L211:
																	_push("d:\\w7rtm\\minkernel\\ntdll\\ldrinit.c");
																	E0076F3E2(_t763);
																	goto L212;
																} else {
																	L159:
																	if( *0x7aec45 != 0) {
																		_t821 = _t763 + 8;
																		_v132 =  *_t821;
																		_t639 =  *0x7a81a8; // 0x291b68
																		_t507 = E006F55A8(_t763, _t818, _t821,  *((intOrPtr*)(_t639 + 0x28)));
																		__eflags = _t507 - _t818;
																		if(_t507 < _t818) {
																			goto L66;
																		}
																		_t640 = _v132;
																		__eflags = _t640 -  *_t821;
																		if(__eflags != 0) {
																			L259:
																			_push(_t640);
																			_push(0xffffffff);
																			E00716580();
																			_push( &_v116);
																			_push(_t818);
																			_push(_t818);
																			_push( *_t821);
																			_push(1);
																			_t507 = E0072F409(_t818, _t821, __eflags);
																			__eflags = _t507 - _t818;
																			if(_t507 < _t818) {
																				goto L66;
																			}
																			_t793 =  *0x7a81a8; // 0x291b68
																			 *((intOrPtr*)(_t793 + 0x18)) =  *_t821;
																			_t808 = _v116;
																			_t794 =  *0x7a81a8; // 0x291b68
																			__eflags =  *((intOrPtr*)(_t808 + 0x28)) - _t818;
																			if( *((intOrPtr*)(_t808 + 0x28)) != _t818) {
																				_t645 =  *((intOrPtr*)(_t794 + 0x18)) +  *((intOrPtr*)(_t808 + 0x28));
																				__eflags = _t645;
																			} else {
																				_t645 = 0;
																			}
																			 *(_t794 + 0x1c) = _t645;
																			_t646 =  *0x7a81a8; // 0x291b68
																			 *(_t646 + 0x6c) = _t818;
																		}
																		_t792 = _v204;
																		__eflags =  *(_v204 + 0xfca) & 0x00000400;
																		if(__eflags != 0) {
																			L006F5B1C(_v180);
																		}
																	}
																	_t821 =  *(_t763 + 8);
																	if( *(_v116 + 0x34) != _t821) {
																		_push(0xc000007b);
																		_push(0xc0000018);
																		_push(_t818);
																		_push("LDR");
																		_push(_t821);
																		_t507 = L006F0DD0(_t763, _t818, _t821, __eflags);
																		__eflags = _t507 - _t818;
																		if(_t507 < _t818) {
																			goto L66;
																		}
																		__eflags = _v180 - _t818;
																		if(_v180 != _t818) {
																			__eflags =  *0x7aec45;
																			if( *0x7aec45 == 0) {
																				E0076E29B(_v180, _t821 -  *(_v116 + 0x34));
																			}
																		}
																	}
																	_t821 = L00738903(_t792);
																	if(_t821 < _t818) {
																		_t650 =  *0x7273a4; // 0x2
																		_t651 = _t650 | 0x00000001;
																		__eflags =  *0x7af9c0 & _t651;
																		if(( *0x7af9c0 & _t651) == 0) {
																			goto L180;
																		}
																		_push(_t821);
																		_push("Initializing TLS slots failed with status 0x%08lx\n");
																		_push(_t818);
																		_push("LdrpInitializeProcess");
																		_push(0xe0d);
																		goto L179;
																	}
																	_t653 =  *(_v116 + 0x5c) & 0x0000ffff;
																	if(_t653 == 2 || _t653 == 3) {
																		_t821 = 0x737c98;
																		_t655 = E00732133(_t792, _t818, _t818, 0x737c98,  &_v188);
																		_v108 = _t655;
																		if(_t655 < _t818) {
																			__eflags = _v108 - 0xc0000135;
																			if(_v108 == 0xc0000135) {
																				_t655 = E00732133(_t792, _t818, _t818, 0x750b7c,  &_v188);
																				_v108 = _t655;
																			}
																			__eflags = _v108 - _t818;
																			if(_v108 >= _t818) {
																				goto L168;
																			} else {
																				_t690 =  *0x7273a4; // 0x2
																				_t691 = _t690 | 0x00000001;
																				__eflags =  *0x7af9c0 & _t691;
																				if(( *0x7af9c0 & _t691) != 0) {
																					_push(_v108);
																					E0076F3E2(_t763, "d:\\w7rtm\\minkernel\\ntdll\\ldrinit.c", 0xe73, "LdrpInitializeProcess", _t818, "Loading Windows subsystem DLL \"%wZ\" failed with status 0x%08lx\n", _t821);
																				}
																				L15:
																				_t692 =  *0x7af9c0;
																				__eflags =  *0x7273a8 & _t692;
																				if(( *0x7273a8 & _t692) != 0) {
																					asm("int3");
																				}
																				L16:
																				_t507 = _v108;
																				goto L66;
																			}
																		}
																		_t694 = E00732108(_v188, 0x73e954, _t818, "�Ww");
																		_v108 = _t694;
																		if(_t694 < _t818) {
																			_t695 =  *0x7273a4; // 0x2
																			_t696 = _t695 | 0x00000001;
																			__eflags =  *0x7af9c0 & _t696;
																			if(( *0x7af9c0 & _t696) != 0) {
																				_push(_v108);
																				_push(0x737c98);
																				E0076F3E2(_t763, "d:\\w7rtm\\minkernel\\ntdll\\ldrinit.c", 0xe3b, "LdrpInitializeProcess", _t818, "Locating procedure \"%Z\" in Windows subsystem DLL \"%wZ\" failed with status 0x%08lx\n", 0x73e954);
																			}
																			goto L15;
																		}
																		_t699 = E00732108(_v188,  &_v224, _t818, 0x7a81b0);
																		_t904 = _t699 - _t818;
																		_v108 = _t699;
																		if(_t699 < _t818) {
																			_t700 =  *0x7273b0; // 0x2
																			_t701 = _t700 | 0x00000001;
																			__eflags =  *0x7af9c0 & _t701;
																			if(( *0x7af9c0 & _t701) != 0) {
																				_push(0x737c98);
																				E0076F3E2(_t763, "d:\\w7rtm\\minkernel\\ntdll\\ldrinit.c", 0xe4b, "LdrpInitializeProcess", 1, "Locating procedure \"%Z\" in Windows subsystem DLL \"%wZ\" failed with status 0x%08lx\n",  &_v224);
																				_t833 = _t833 + 0x1c;
																			}
																			_t702 =  *0x7af9c0;
																			__eflags =  *0x7273b4 & _t702;
																			if(( *0x7273b4 & _t702) != 0) {
																				asm("int3");
																			}
																			__eflags = _v108 - 0xc000007a;
																			 *0x7a81b0 = _t818;
																			if(__eflags == 0) {
																				goto L167;
																			} else {
																				__eflags = _v108 - 0xc0000139;
																				if(__eflags == 0) {
																					goto L167;
																				}
																				goto L16;
																			}
																		}
																		L167:
																		if(E0073E358(_t792, _t808, _t821, _t904) < _t818) {
																			goto L66;
																		}
																		goto L168;
																	} else {
																		L168:
																		_push(_t818);
																		_push(0x7a82e0);
																		_push( *0x7a81a8);
																		"jThH\tr"();
																		_t821 = _t655;
																		if(_t821 < _t818) {
																			_t657 =  *0x7273a4; // 0x2
																			_t658 = _t657 | 0x00000001;
																			__eflags =  *0x7af9c0 & _t658;
																			if(( *0x7af9c0 & _t658) == 0) {
																				goto L180;
																			}
																			_push(_t821);
																			_push("Walking the import tables of the executable and its static imports failed with status 0x%08lx\n");
																			_push(_t818);
																			_push("LdrpInitializeProcess");
																			_push(0xe86);
																			goto L179;
																		}
																		_t659 =  *0x7a888c; // 0x291b68
																		while(_t659 != 0x7a888c) {
																			_t808 = 0xffff;
																			 *((short*)(_t659 + 0x38)) = 0xffff;
																			_t659 =  *_t659;
																		}
																		 *0x7a8070 = 1;
																		__eflags =  *((char*)(_t763 + 2));
																		if(__eflags != 0) {
																			E007705AD(_t763, _t821, __eflags);
																		}
																		_t661 =  *0x7aecd0;
																		_t827 = _t821 | 0xffffffff;
																		__eflags = _t661 - _t827;
																		if(_t661 != _t827) {
																			L52:
																			_v112 = _t818;
																			_t796 =  *0x7ffe02d5;
																			__eflags = _t796 - 1;
																			if(_t796 == 1) {
																				L54:
																				_v112 = 0xd;
																				 *0x7a8028 = 1;
																				L55:
																				__eflags = _t661 - 1;
																				if(_t661 == 1) {
																					_t76 =  &_v112;
																					 *_t76 = _v112 | 0x00000040;
																					__eflags =  *_t76;
																				}
																				_push(4);
																				_push( &_v112);
																				_push(0x22);
																				_push(_t827);
																				E00716240();
																				L58:
																				L00727C3B(_t818);
																				_t665 = _v208;
																				__eflags = _t665 - _t818;
																				if(_t665 != _t818) {
																					__eflags =  *_t665 - _t818;
																					if(__eflags != 0) {
																						_t796 =  &_v152;
																						 *(_t763 + 0x1ec) = _t818;
																						E006EE865(_t763,  &_v152, _t818, __eflags, _t665,  &_v152, _t665);
																					}
																				}
																				__eflags =  *0x7a8028;
																				if(__eflags == 0) {
																					_t666 = _v116;
																					_v112 = _t818;
																					__eflags =  *0x7ffe02d5 - 2;
																					if( *0x7ffe02d5 != 2) {
																						L8:
																						_t667 = E0077023E(_t666);
																						__eflags = _t667;
																						if(_t667 != 0) {
																							L38:
																							_v112 = 2;
																							goto L39;
																						} else {
																							_t681 = E00770109(_t796, _v116);
																							__eflags = _t681;
																							if(_t681 != 0) {
																								goto L38;
																							}
																							_t682 = E00770168(_t796, _v116);
																							__eflags = _t682;
																							if(_t682 != 0) {
																								goto L38;
																							} else {
																								L39:
																								__eflags =  *0x7aecd0 - 1;
																								if( *0x7aecd0 == 1) {
																									_t62 =  &_v112;
																									 *_t62 = _v112 | 0x00000040;
																									__eflags =  *_t62;
																								}
																								__eflags = _v112 - _t818;
																								if(__eflags != 0) {
																									_push(4);
																									_push( &_v112);
																									_push(0x22);
																									_push(_t827);
																									E00716240();
																								}
																								goto L60;
																							}
																							L289:
																							_t669 =  *0x7273a4; // 0x2
																							_t670 = _t669 | 0x00000001;
																							__eflags =  *0x7af9c0 & _t670;
																							if(( *0x7af9c0 & _t670) == 0) {
																								goto L180;
																							}
																							_push(_t821);
																							_push("Running the init routines of the executable\'s static imports failed with status 0x%08lx\n");
																							_push(_t818);
																							_push("LdrpInitializeProcess");
																							_push(0xf85);
																							goto L179;
																						}
																					}
																					__eflags =  *((short*)(_t666 + 0x5c)) - 1;
																					if( *((short*)(_t666 + 0x5c)) == 1) {
																						goto L8;
																					}
																					_t796 = _v156;
																					__eflags =  *(_t796 + 8) & 0x00020000;
																					if(( *(_t796 + 8) & 0x00020000) != 0) {
																						goto L8;
																					}
																					goto L38;
																				}
																				L60:
																				_push(_v180);
																				_t821 = E007322AE(_t763, _t796, _t808, _t818, _t827, __eflags);
																				__eflags = _t821 - _t818;
																				if(_t821 < _t818) {
																					goto L289;
																				} else {
																					__eflags =  *0x7a800c - _t818; // 0x0
																					if(__eflags != 0) {
																						_t671 = L0073CC58( *0x7a8044);
																						__eflags =  *_t671( &_v152, _v208);
																						if(__eflags == 0) {
																							E006EE8DD(__eflags);
																						}
																					}
																					_t673 =  *((intOrPtr*)(_t763 + 0x14c));
																					__eflags = _t673 - _t818;
																					if(_t673 != _t818) {
																						 *_t673();
																					}
																					_v156 = _t818;
																					_t676 = L00735E9A(_v160, L"DisableUserModeCallbackFilter", 4,  &_v156, 4, _t818);
																					__eflags = _t676;
																					if(_t676 >= 0) {
																						_t763 =  *((intOrPtr*)(_t763 + 0x10));
																						__eflags = _v156 - _t818;
																						if(_v156 == _t818) {
																							 *(_t763 + 8) =  *(_t763 + 8) | 0x00080000;
																						} else {
																							 *(_t763 + 8) =  *(_t763 + 8) & 0xfff7ffff;
																						}
																					}
																					__eflags = _v160 - _t818;
																					if(_v160 != _t818) {
																						_push(_v160);
																						E00715090();
																					}
																					_t507 = 0;
																					__eflags = 0;
																					goto L66;
																				}
																			}
																			__eflags =  *0x7a8028;
																			if( *0x7a8028 == 0) {
																				__eflags = _t796;
																				if(_t796 != 0) {
																					goto L58;
																				} else {
																					_v112 = 0xa;
																					goto L55;
																				}
																			}
																			goto L54;
																		} else {
																			_push(_t818);
																			_push(4);
																			_push( &_v112);
																			_push(0x22);
																			_push(_t827);
																			_t685 = E00715C10();
																			__eflags = _t685;
																			if(_t685 < 0) {
																				L50:
																				_t687 =  *0x7ffe02f0 >> 6;
																				__eflags = _t687;
																				_t688 =  !_t687;
																				L51:
																				_t661 = _t688 & 0x00000001;
																				__eflags = _t661;
																				 *0x7aecd0 = _t661;
																				goto L52;
																			}
																			_t689 = _v112;
																			__eflags = _t689 & 0x00000008;
																			if((_t689 & 0x00000008) != 0) {
																				_t688 = _t689 >> 6;
																				goto L51;
																			}
																			goto L50;
																		}
																	}
																}
															}
															goto L4;
														}
													}
												}
												if( *(_t825 + 0x30) == _t818) {
													E006D93D7(0, 0xc000000d);
												} else {
													 *0x7a82e0 =  *(_t825 + 0x30);
													 *0x7a82e4 =  *((intOrPtr*)(_t825 + 0x34));
												}
												_t715 =  *(_t825 + 0x24);
												_v140 = _t715;
												_t821 =  *(_t825 + 0x28);
												_v136 = _t821;
												if(_t821 == _t818 || _t715 == _t818 ||  *_t821 == _t818) {
													_t716 = L007229EE(_v120, _t818, 8);
													_v136 = _t716;
													__eflags = _t716 - _t818;
													if(__eflags != 0) {
														_v164 = _v164 & 0x00000000;
														_t821 = 0x7ffe0030;
														asm("movsd");
														asm("movsw");
														 *((short*)(_v136 + 6)) = 0;
														_t718 = 6;
														_v140 = _t718;
														_t719 = 8;
														_v138 = _t719;
														_t818 = 0;
														goto L137;
													}
													_t720 =  *0x7273a4; // 0x2
													_t721 = _t720 | 0x00000001;
													__eflags =  *0x7af9c0 & _t721;
													if(( *0x7af9c0 & _t721) == 0) {
														goto L212;
													}
													_push("Allocating a buffer to hold the current working directory failed\n");
													_push(_t818);
													_push("LdrpInitializeProcess");
													_push(0xbd2);
													goto L211;
												} else {
													goto L137;
												}
											}
											_t830 = 0x40;
											_push( &_v248);
											_push(3);
											_push(0x7aedbc);
											_v248 = 0x18;
											_v244 = _t818;
											_v236 = _t830;
											_v240 = 0x737c88;
											_v232 = _t818;
											_v228 = _t818;
											if(E00715860() < 0) {
												 *0x7aedbc = _t818;
												L00726D7A(0x7a8288, _v172);
												 *0x7a8288 =  *0x7a8288 + 0xfffe;
												goto L131;
											}
											_v244 =  *0x7aedbc;
											_push( &_v248);
											_push(1);
											_push( &_v192);
											_v248 = 0x18;
											_v236 = _t830;
											_v240 = 0x737c90;
											_v232 = _t818;
											_v228 = _t818;
											_t821 = L007159C0();
											if(_t821 < _t818) {
												_t732 =  *0x7273a4; // 0x2
												_t733 = _t732 | 0x00000001;
												__eflags =  *0x7af9c0 & _t733;
												if(( *0x7af9c0 & _t733) == 0) {
													goto L180;
												}
												_push(_t821);
												_push("Opening the known DLL directory link object failed with status 0x%08lx\n");
												_push(_t818);
												_push("LdrpInitializeProcess");
												_push(0xb77);
												goto L179;
											}
											_t734 = 0x30;
											while(1) {
												_v108 = _t734;
												_t821 = L007229EE(_v120, _t818, _t734);
												if(_t821 == _t818) {
													goto L214;
												}
												 *0x7a8288 = 0;
												 *0x7a828a = _v108;
												_push( &_v184);
												_push(0x7a8288);
												_push(_v192);
												 *0x7a828c = _t821;
												_t739 = L00715D90();
												_v108 = _t739;
												if(_t739 < _t818) {
													__eflags = _t739 - 0xc0000023;
													if(_t739 != 0xc0000023) {
														_t740 =  *0x7273a4; // 0x2
														_t741 = _t740 | 0x00000001;
														__eflags =  *0x7af9c0 & _t741;
														if(( *0x7af9c0 & _t741) != 0) {
															E0076F3E2(_t763, "d:\\w7rtm\\minkernel\\ntdll\\ldrinit.c", 0xb6d, "LdrpInitializeProcess", _t818, "Querying the known DLL directory link object failed with status 0x%08lx\n", _v108);
														}
														goto L15;
													}
													E00722882(0, _v120, _t818, _t821);
													_t734 = _v184;
													continue;
												}
												_push(_v192);
												E00715090();
												goto L131;
											}
											goto L214;
										}
									}
								}
							}
						} else {
							if(_t851 >= 0) {
								__eflags =  *0x7a8318 - 0x9e3b9800;
								if(__eflags < 0) {
									goto L107;
								}
								goto L108;
							}
							L107:
							 *0x7a8068 = 1;
							goto L108;
						}
					} else {
						_t818 = _v168;
						__eflags = _t818;
						if(__eflags == 0) {
							goto L104;
						}
						__eflags = _t818 - 0x40;
						if(_t818 != 0x40) {
							__eflags = _t818 -  *_t821;
							if(__eflags == 0) {
								goto L88;
							} else {
								goto L104;
							}
						}
						L88:
						__eflags = _t818 - 0x10;
						if(_t818 >= 0x10) {
							_t148 = _t763 + 0x68;
							 *_t148 =  *(_t763 + 0x68) &  !( *(_t821 + 0xc));
							__eflags =  *_t148;
							_t818 = _v168;
						}
						__eflags = _t818 - 0x14;
						if(_t818 >= 0x14) {
							_t152 = _t763 + 0x68;
							 *_t152 =  *(_t763 + 0x68) |  *(_t821 + 0x10);
							__eflags =  *_t152;
							_t818 = _v168;
						}
						__eflags = _t818 - 0x18;
						if(_t818 >= 0x18) {
							_t755 =  *(_t821 + 0x14);
							__eflags = _t755;
							if(_t755 != 0) {
								asm("cdq");
								 *0x7a8318 = E00704080(_t755, _t808, 0xffffd8f0, 0xffffffff);
								 *0x7a831c = _t808;
							}
						}
						__eflags = _t818 - 0x30;
						if(__eflags >= 0) {
							_t477 =  *(_t821 + 0x2c);
							__eflags = _t477;
							if(__eflags != 0) {
								_t804 = _t477 & 0xffff0fff;
								if(_t804 != 0) {
									_v120 = _t804;
								}
								 *0x7a8000 = _t477 & 0x0000f000;
							}
						}
						if(_t818 >= 0x1c) {
							_t753 =  *((intOrPtr*)(_t821 + 0x18));
							if(_t753 != 0) {
								_v308 = _t753;
							}
						}
						if(_t818 >= 0x20) {
							_t752 =  *((intOrPtr*)(_t821 + 0x1c));
							if(_t752 != 0) {
								_v304 = _t752;
							}
						}
						if(_t818 >= 0x28) {
							_t751 =  *(_t821 + 0x24);
							if(_t751 != 0) {
								_v300 = _t751;
							}
						}
						if(_t818 >= 0x2c) {
							_t821 =  *(_t821 + 0x28);
							if(_t821 != 0) {
								_v296 = _t821;
							}
						}
						goto L104;
					}
				}
				__eflags = _t496 - 3;
				if(_t496 != 3) {
					goto L78;
				}
				goto L76;
			}

0x007372ce
0x007372d5
0x007372de
0x007372e9
0x007372ec
0x007372ef
0x007372f6
0x007372f7
0x007372fa
0x00737301
0x0073730b
0x00737310
0x00737316
0x0073731d
0x00737323
0x0075027c
0x0075027d
0x00750285
0x00750286
0x00750288
0x0075028b
0x0075028d
0x00750292
0x00750295
0x0075029b
0x0075029d
0x007502a3
0x007502a3
0x0075029d
0x0073732e
0x00737333
0x0073733d
0x00737342
0x0073734c
0x00737351
0x00737356
0x00737360
0x00737367
0x0073736e
0x0073737b
0x00737388
0x00737391
0x00737397
0x0073739d
0x007373a2
0x007373a5
0x007373a9
0x007373ac
0x007502aa
0x007502aa
0x007373b2
0x007373b8
0x007373bc
0x007373cc
0x007373d3
0x007373d7
0x007373d9
0x007373dd
0x006f6b4c
0x006f6b51
0x006f6b57
0x006f6b5c
0x006f6b62
0x006f6b67
0x006f6b6d
0x006f6b75
0x006f6b7d
0x006f6b84
0x006f6b8b
0x006f6b8f
0x006f6b95
0x006f6b99
0x006f6b99
0x006f6b67
0x006f6b5c
0x006f6b51
0x007373dd
0x007373e6
0x007373e7
0x007373e8
0x007373e9
0x007373f0
0x007373f6
0x007373fc
0x007373fe
0x00737404
0x00737409
0x00737410
0x00737413
0x006d7912
0x00737419
0x0073741c
0x0073741c
0x0073741c
0x0073741e
0x00737420
0x006ff342
0x006ff347
0x006ff349
0x007502b1
0x007502b1
0x00737426
0x00737426
0x00737426
0x00737430
0x00737436
0x00737437
0x0073743a
0x00737442
0x00737448
0x00737449
0x00737451
0x00737452
0x00737454
0x00737456
0x0073745b
0x0073745d
0x0073745f
0x00737466
0x007502bc
0x007502bc
0x00737466
0x0073746c
0x0073748a
0x0073748c
0x0073748e
0x007502c6
0x007502cb
0x007502ce
0x007502d4
0x007502f5
0x007502f5
0x007502fa
0x00750300
0x00750302
0x00750302
0x00750303
0x007360cd
0x007360d2
0x007360db
0x007360db
0x007502d6
0x007502d7
0x007502dc
0x007502de
0x007502e3
0x007502e8
0x007502e8
0x007502ed
0x00000000
0x007502f2
0x00737494
0x00737498
0x0075030a
0x0075030a
0x0073749e
0x007374a3
0x007374a9
0x007374ac
0x007374ae
0x00750334
0x00750339
0x00750339
0x007374b4
0x007374b9
0x007374bf
0x00750341
0x00750341
0x007374d3
0x007374d8
0x007374da
0x006f5aff
0x006f5aff
0x007374e3
0x007374ee
0x007374f7
0x007374ff
0x00737507
0x0073750c
0x0073750e
0x00750349
0x0075034c
0x00750350
0x00737514
0x00737517
0x0073751d
0x0073751d
0x00737520
0x0073753c
0x00737547
0x0073754c
0x0073754f
0x00737552
0x0073755c
0x0073755e
0x007375ff
0x00737603
0x007503ac
0x007503ac
0x00737609
0x00737610
0x0073761f
0x00737626
0x00000000
0x00000000
0x00737648
0x0073764e
0x00737651
0x00737657
0x00737663
0x00737668
0x0073766e
0x00737671
0x0073767a
0x00737682
0x00737694
0x0073769c
0x007376a1
0x007376a6
0x007376ac
0x007376af
0x007376b5
0x007376b8
0x007376ba
0x007376bf
0x007376c4
0x007376cb
0x007376d9
0x007503cf
0x007503d0
0x007503e8
0x007503eb
0x007503f0
0x007503f2
0x007503fb
0x007503fb
0x00750415
0x00750415
0x0075041a
0x0075041d
0x00750423
0x00750427
0x00750441
0x00750446
0x00750446
0x00750449
0x0075044e
0x00750454
0x00750456
0x00750456
0x00750461
0x00750467
0x0075046d
0x00750473
0x00000000
0x00750473
0x007503f4
0x007503f7
0x007503f9
0x00750402
0x00750407
0x00750410
0x00750410
0x00750413
0x00750409
0x00750409
0x00750409
0x00000000
0x00750407
0x00000000
0x007376ec
0x007376ec
0x007376ee
0x007376ee
0x007376f4
0x007376f9
0x007376fb
0x00000000
0x00000000
0x00737706
0x0073770b
0x00737710
0x00737713
0x00737718
0x0073771b
0x00737720
0x0075047d
0x00750482
0x00750488
0x00750488
0x00750482
0x00737726
0x0073772c
0x0073772d
0x0073772e
0x00737731
0x00737734
0x00737735
0x0073773d
0x0073773f
0x00737744
0x00750494
0x00750499
0x0075049c
0x007504a2
0x00000000
0x00000000
0x007504a4
0x007504a9
0x007504aa
0x007504af
0x00000000
0x0073774a
0x00737756
0x00737760
0x00000000
0x00000000
0x00737766
0x0073776c
0x00737771
0x00737773
0x00000000
0x00000000
0x00737779
0x0073777e
0x00737783
0x00737784
0x0073778a
0x00737796
0x00000000
0x00000000
0x007377a6
0x007377a7
0x007377b3
0x00000000
0x007377c6
0x007377c6
0x007377c9
0x007377d1
0x007504d9
0x007504db
0x007504df
0x007377d7
0x007377da
0x007377dd
0x007377dd
0x007377e0
0x007377e3
0x007377ef
0x007504ff
0x00750504
0x00750506
0x0075050c
0x00750512
0x00750518
0x0075051e
0x00750524
0x00750529
0x0075052f
0x0075052f
0x0075051e
0x00750512
0x00750506
0x00737801
0x00737814
0x0073781d
0x00737824
0x007504cf
0x007504cf
0x00000000
0x0073782a
0x0073782a
0x00737840
0x00737847
0x0073784e
0x0073785f
0x00737868
0x00737967
0x00737967
0x0073796f
0x00750561
0x00750573
0x0075057f
0x00750585
0x0075058a
0x0075058c
0x00000000
0x00000000
0x00750592
0x007505a5
0x007505ac
0x007505b3
0x007505b8
0x007505c3
0x007505d5
0x007379bb
0x007379bb
0x007379c0
0x007379c2
0x007506e8
0x007506eb
0x007506f5
0x007506f5
0x007506eb
0x007379cb
0x007379d0
0x007379d7
0x007506ff
0x00750704
0x00750707
0x0075070d
0x00000000
0x00000000
0x0075070f
0x00750714
0x00750715
0x0075071a
0x00000000
0x007379dd
0x007379e2
0x007379e6
0x007379ec
0x00750757
0x007379f2
0x007379f5
0x007379f5
0x007379f8
0x007379fe
0x00737a04
0x00737a07
0x00737a0a
0x00737a14
0x006f5b0b
0x006f5b0b
0x00737a1e
0x006ff3e5
0x00737a24
0x00737a24
0x00737a24
0x00737a2b
0x00737a2e
0x00737a30
0x006d7919
0x006d791c
0x006d791f
0x00000000
0x00737a36
0x00737a36
0x00737a3f
0x00737a44
0x00000000
0x00000000
0x00737a46
0x00737a49
0x00737a51
0x00000000
0x00000000
0x00737a5c
0x00737a5e
0x00737a6a
0x00737a6f
0x00737a71
0x00737a71
0x00737a71
0x00737a74
0x00737a78
0x00737a7e
0x00737a7e
0x00737a86
0x00737a89
0x00737a96
0x00737a98
0x00737a9a
0x0075075e
0x00750763
0x00750766
0x0075076c
0x0075072c
0x0075072c
0x00750731
0x00750737
0x00750739
0x00750739
0x0075073a
0x00750740
0x0075074d
0x0075074d
0x00000000
0x00750740
0x0075076e
0x00750773
0x00750774
0x00750779
0x0075071f
0x0075071f
0x00750724
0x00000000
0x00750729
0x00737aa6
0x00737aa7
0x00737aa8
0x00737aa9
0x00737aac
0x00737aae
0x00737ab3
0x00737abc
0x006d792a
0x00737ac2
0x00737ac2
0x00737ac2
0x00737ac4
0x00737ad0
0x00737ad3
0x00737adf
0x00737ae7
0x00737aeb
0x00737af4
0x00737af4
0x00737af7
0x00737af9
0x00737b05
0x00737b08
0x00737b0d
0x00737b12
0x00737b15
0x00737b1b
0x00737b1e
0x00737b23
0x00737b2b
0x00737b37
0x00750780
0x0075078b
0x0075078c
0x00750791
0x00750791
0x00750794
0x007507af
0x007507b4
0x007507b4
0x00737b48
0x007507bc
0x007507bc
0x00737b4e
0x00737b53
0x00737b56
0x00737b58
0x00737b5f
0x00737b69
0x00737b6f
0x00737b76
0x007507c2
0x007507c8
0x007507cb
0x007507d1
0x007507d3
0x007507f0
0x007507f5
0x007507f5
0x007507fd
0x00750803
0x00750809
0x00750809
0x00750803
0x00737b82
0x00750816
0x00750816
0x00737b8f
0x0075082e
0x00750830
0x00750832
0x00750866
0x00750872
0x0075087e
0x00750886
0x0075088c
0x00750890
0x00750893
0x0075089c
0x007508a2
0x007508a5
0x007508ab
0x007508ae
0x007508b5
0x007508b8
0x007508bd
0x007508c2
0x007508c5
0x007508cb
0x007508ce
0x007508d0
0x007508d6
0x007508dd
0x00000000
0x00000000
0x007508ec
0x006d7932
0x006d7934
0x00000000
0x006d793a
0x00000000
0x006d793a
0x00000000
0x006d7934
0x00750834
0x00750839
0x0075083c
0x00750842
0x007504c1
0x007504c1
0x007504c6
0x007504cc
0x007504ce
0x007504ce
0x00000000
0x007504cc
0x00750848
0x0075084d
0x0075084e
0x00750853
0x007504b4
0x007504b4
0x007504b9
0x00000000
0x00737b95
0x00737b95
0x00737b9c
0x006f5aae
0x006f5ab3
0x006f5ab6
0x006f5abf
0x006f5ac4
0x006f5ac6
0x00000000
0x00000000
0x006f5acc
0x006f5acf
0x006f5ad1
0x007508f6
0x007508f6
0x007508f7
0x007508f9
0x00750901
0x00750902
0x00750903
0x00750904
0x00750906
0x00750908
0x0075090d
0x0075090f
0x00000000
0x00000000
0x00750915
0x0075091d
0x00750920
0x00750923
0x00750929
0x0075092c
0x00750935
0x00750935
0x0075092e
0x0075092e
0x0075092e
0x00750938
0x0075093b
0x00750940
0x00750940
0x006f5ad7
0x006f5ae2
0x006f5ae9
0x006f5af5
0x006f5af5
0x006f5ae9
0x00737ba2
0x00737bab
0x00750948
0x0075094d
0x00750952
0x00750953
0x00750958
0x00750959
0x0075095e
0x00750960
0x00000000
0x00000000
0x00750966
0x0075096c
0x00750972
0x00750979
0x0075098c
0x0075098c
0x00750979
0x0075096c
0x00737bb6
0x00737bba
0x00750996
0x0075099b
0x0075099e
0x007509a4
0x00000000
0x00000000
0x007509aa
0x007509ab
0x007509b0
0x007509b1
0x007509b6
0x00000000
0x007509b6
0x00737bc3
0x00737bcb
0x00737bda
0x00737be2
0x00737be9
0x00737bec
0x006d937b
0x006d9382
0x00750aa0
0x00750aa5
0x00750aa5
0x006d9388
0x006d938b
0x00000000
0x006d9391
0x006d9391
0x006d9396
0x006d9399
0x006d939f
0x00750aad
0x00750ac6
0x00750acb
0x006d93a6
0x006d93a6
0x006d93ab
0x006d93b1
0x00750633
0x00750633
0x006d93b7
0x006d93b7
0x00000000
0x006d93b7
0x006d938b
0x00737c03
0x00737c0a
0x00737c0d
0x007509c0
0x007509c5
0x007509c8
0x007509ce
0x007509d4
0x007509d7
0x007509f2
0x007509f7
0x00000000
0x007509ce
0x00737c26
0x00737c2b
0x00737c2d
0x00737c30
0x007509ff
0x00750a04
0x00750a07
0x00750a0d
0x00750a0f
0x00750a2d
0x00750a32
0x00750a32
0x00750a35
0x00750a3a
0x00750a40
0x00750a42
0x00750a42
0x00750a43
0x00750a4a
0x00750a50
0x00000000
0x00750a56
0x00750a56
0x00750a5d
0x00000000
0x00000000
0x00000000
0x00750a63
0x00750a50
0x00737c36
0x00737c3d
0x00000000
0x00000000
0x00000000
0x00737c43
0x00737c43
0x00737c43
0x00737c44
0x00737c49
0x00737c4f
0x00737c54
0x00737c58
0x00750a68
0x00750a6d
0x00750a70
0x00750a76
0x00000000
0x00000000
0x00750a7c
0x00750a7d
0x00750a82
0x00750a83
0x00750a88
0x00000000
0x00750a88
0x00737c5e
0x00737c68
0x00737c70
0x00737c75
0x00737c79
0x00737c79
0x00735fb8
0x00735fbf
0x00735fc3
0x00750ad3
0x00750ad3
0x00735fc9
0x00735fce
0x00735fd1
0x00735fd3
0x00736005
0x00736005
0x00736008
0x0073600e
0x00736011
0x00736020
0x00736020
0x00736027
0x0073602e
0x0073602e
0x00736031
0x00736033
0x00736033
0x00736033
0x00736033
0x00736037
0x0073603c
0x0073603d
0x0073603f
0x00736040
0x00736045
0x00736046
0x0073604b
0x00736051
0x00736053
0x006ee0df
0x006ee0e2
0x006ee0e9
0x006ee0f1
0x006ee0f7
0x006ee0f7
0x006ee0e2
0x00736059
0x00736060
0x006ff37e
0x006ff381
0x006ff384
0x006ff38b
0x006d793f
0x006d7940
0x00750af1
0x00750af3
0x006ff3af
0x006ff3af
0x00000000
0x00750af9
0x00750afc
0x00750b01
0x00750b03
0x00000000
0x00000000
0x00750b0c
0x006d794a
0x006d794c
0x00000000
0x006d7952
0x006ff3b6
0x006ff3b6
0x006ff3bd
0x006ff3bf
0x006ff3bf
0x006ff3bf
0x006ff3bf
0x006ff3c3
0x006ff3c6
0x006ff3cc
0x006ff3d1
0x006ff3d2
0x006ff3d4
0x006ff3d5
0x006ff3d5
0x00000000
0x006ff3c6
0x00750b16
0x00750b16
0x00750b1b
0x00750b1e
0x00750b24
0x00000000
0x00000000
0x00750b2a
0x00750b2b
0x00750b30
0x00750b31
0x00750b36
0x00000000
0x00750b36
0x00750af3
0x006ff391
0x006ff396
0x00000000
0x00000000
0x006ff39c
0x006ff3a2
0x006ff3a9
0x00000000
0x00000000
0x00000000
0x006ff3a9
0x00736066
0x00736066
0x00736071
0x00736073
0x00736075
0x00000000
0x0073607b
0x0073607b
0x00736081
0x006ee7c3
0x006ee7d7
0x006ee7d9
0x006ee7df
0x006ee7df
0x006ee7d9
0x00736087
0x0073608d
0x0073608f
0x00750b40
0x00750b40
0x007360ac
0x007360b2
0x007360b7
0x007360b9
0x00750b47
0x00750b4a
0x00750b50
0x00750b5e
0x00750b52
0x00750b52
0x00750b52
0x00750b50
0x007360bf
0x007360c5
0x00750b6a
0x00750b70
0x00750b70
0x007360cb
0x007360cb
0x00000000
0x007360cb
0x00736075
0x00736013
0x0073601a
0x006ff371
0x006ff373
0x00000000
0x006ff379
0x00750ae5
0x00000000
0x00750ae5
0x006ff373
0x00000000
0x00735fd5
0x00735fd5
0x00735fd6
0x00735fdb
0x00735fdc
0x00735fde
0x00735fdf
0x00735fe4
0x00735fe6
0x00735ff3
0x00735ff8
0x00735ff8
0x00735ffb
0x00735ffd
0x00735ffd
0x00735ffd
0x00736000
0x00000000
0x00736000
0x00735fe8
0x00735feb
0x00735fed
0x00750add
0x00000000
0x00750add
0x00000000
0x00735fed
0x00735fd3
0x00737bcb
0x00737b8f
0x00000000
0x00737a36
0x00737a30
0x007379d7
0x00737979
0x00750668
0x0073797f
0x00737982
0x0073798a
0x0073798a
0x0073798f
0x00737992
0x00737998
0x0073799b
0x007379a3
0x00750678
0x0075067d
0x00750683
0x00750685
0x007506b0
0x007506b9
0x007506be
0x007506bf
0x007506c9
0x007506cf
0x007506d2
0x007506d9
0x007506da
0x007506e1
0x00000000
0x007506e1
0x00750687
0x0075068c
0x0075068f
0x00750695
0x00000000
0x00000000
0x0075069b
0x007506a0
0x007506a1
0x007506a6
0x00000000
0x00000000
0x00000000
0x00000000
0x007379a3
0x00737870
0x00737877
0x00737878
0x0073787a
0x0073787f
0x00737889
0x0073788f
0x00737895
0x0073789f
0x007378a5
0x007378b2
0x00750540
0x0075054b
0x00750555
0x00000000
0x00750555
0x007378bd
0x007378c9
0x007378ca
0x007378d2
0x007378d3
0x007378dd
0x007378e3
0x007378ed
0x007378f3
0x007378fe
0x00737902
0x00750639
0x0075063e
0x00750641
0x00750647
0x00000000
0x00000000
0x0075064d
0x0075064e
0x00750653
0x00750654
0x00750659
0x00000000
0x00750659
0x0073790a
0x0073790b
0x00737910
0x00737918
0x0073791c
0x00000000
0x00000000
0x00737924
0x0073792e
0x0073793a
0x0073793b
0x00737940
0x00737946
0x0073794c
0x00737953
0x00737956
0x007505de
0x007505e3
0x007505fa
0x007505ff
0x00750602
0x00750608
0x00750626
0x0075062b
0x00000000
0x00750608
0x007505ea
0x007505ef
0x00000000
0x007505ef
0x0073795c
0x00737962
0x00000000
0x00737962
0x00000000
0x0073790b
0x00737824
0x007377b3
0x00737744
0x00737612
0x00737612
0x007503b8
0x007503c2
0x00000000
0x00000000
0x00000000
0x007503c8
0x00737618
0x00737618
0x00000000
0x00737618
0x00737564
0x00737564
0x0073756a
0x0073756c
0x00000000
0x00000000
0x00737572
0x00737575
0x006ff3ed
0x006ff3ef
0x00000000
0x006ff3f5
0x00000000
0x006ff3f5
0x006ff3ef
0x0073757b
0x0073757b
0x0073757e
0x00737585
0x00737585
0x00737585
0x00737588
0x00737588
0x0073758e
0x00737591
0x00737596
0x00737596
0x00737596
0x00737599
0x00737599
0x0073759f
0x007375a2
0x007375a4
0x007375a7
0x007375a9
0x0075035b
0x00750368
0x0075036d
0x0075036d
0x007375a9
0x007375af
0x007375b2
0x007375b4
0x007375b7
0x007375b9
0x006d78f7
0x006d78fd
0x00750378
0x00750378
0x006d7908
0x006d7908
0x007375b9
0x007375c2
0x007375c4
0x007375c9
0x00750380
0x00750380
0x007375c9
0x007375d2
0x007375d4
0x007375d9
0x0075038b
0x0075038b
0x007375d9
0x007375e2
0x007375e4
0x007375e9
0x00750396
0x00750396
0x007375e9
0x007375f2
0x007375f4
0x007375f9
0x007503a1
0x007503a1
0x007375f9
0x00000000
0x007375f2
0x0073755e
0x0073743c
0x00737440
0x00000000
0x00000000
0x00000000

Strings

MZER, xrefs: 006F5B0B
BaseQueryModuleData, xrefs: 00737301
Querying the known DLL directory link object failed with status 0x%08lx, xrefs: 00750611
Creating the process heap failed, xrefs: 007504A4
Beginning execution of %wZ (%wZ)Current directory: %wZSearch path: %wZ, xrefs: 00750799
Running the init routines of the executable's static imports failed with status 0x%08lx, xrefs: 00750B2B
d:\w7rtm\minkernel\ntdll\ldrinit.c, xrefs: 007502E8, 0075032F, 0075043C, 007504B4, 00750621, 0075071F, 007507AA, 007507EB, 007509ED, 00750A28, 00750AC1
Initializing TLS slots failed with status 0x%08lx, xrefs: 007509AB
Walking the import tables of the executable and its static imports failed with status 0x%08lx, xrefs: 00750A7D
Loading Windows subsystem DLL "%wZ" failed with status 0x%08lx, xrefs: 00750AB1
Allocating a data table entry for the system DLL failed, xrefs: 0075076E
Initializing the execution options for the process %lx failed with status 0x%08lx, xrefs: 007502D7
Allocating a data table entry for the application verifier DLL failed, xrefs: 00750848
Initializing process 0x%lx, xrefs: 0075031F
NTDLL!, xrefs: 0073777E
Stack trace database size is %ld Mb, xrefs: 0075042B
Locating procedure "%Z" in Windows subsystem DLL "%wZ" failed with status 0x%08lx, xrefs: 007509DD, 00750A17
Ww, xrefs: 00737BF2
StackTraceDatabaseSizeInMb, xrefs: 007503DC
Initializing the current directory to "%wZ" failed with status 0x%08lx, xrefs: 007507DB
DebugProcessHeapOnly, xrefs: 007504F4
Opening the known DLL directory link object failed with status 0x%08lx, xrefs: 0075064E
Allocating a buffer to hold the current working directory failed, xrefs: 0075069B
!Process, xrefs: 00737779
Allocating a data table entry for the executable failed, xrefs: 0075070F
LdrpInitializeProcess, xrefs: 007502DE, 00750325, 00750432, 007504AA, 00750617, 00750654, 007506A1, 00750715, 00750774, 007507A0, 007507E1, 0075084E, 007509B1, 007509E3, 00750A1E, 00750A83, 00750AB7, 00750B31
LDR, xrefs: 00750953
DisableUserModeCallbackFilter, xrefs: 007360A1

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID: InformationProcessQuery
String ID: Ww$!Process$Allocating a buffer to hold the current working directory failed$Allocating a data table entry for the application verifier DLL failed$Allocating a data table entry for the executable failed$Allocating a data table entry for the system DLL failed$BaseQueryModuleData$Beginning execution of %wZ (%wZ)Current directory: %wZSearch path: %wZ$Creating the process heap failed$DebugProcessHeapOnly$DisableUserModeCallbackFilter$Initializing TLS slots failed with status 0x%08lx$Initializing process 0x%lx$Initializing the current directory to "%wZ" failed with status 0x%08lx$Initializing the execution options for the process %lx failed with status 0x%08lx$LDR$LdrpInitializeProcess$Loading Windows subsystem DLL "%wZ" failed with status 0x%08lx$Locating procedure "%Z" in Windows subsystem DLL "%wZ" failed with status 0x%08lx$MZER$NTDLL!$Opening the known DLL directory link object failed with status 0x%08lx$Querying the known DLL directory link object failed with status 0x%08lx$Running the init routines of the executable's static imports failed with status 0x%08lx$Stack trace database size is %ld Mb$StackTraceDatabaseSizeInMb$Walking the import tables of the executable and its static imports failed with status 0x%08lx$d:\w7rtm\minkernel\ntdll\ldrinit.c
API String ID: 1778838933-3147267112
Opcode ID: 2ec9d23d7620d946bb39aa82b6b7a06d5d10e65bb6685fd46d4699773f20e96e
Instruction ID: fc6286a1ae6fd4cbe939bfae02aa26aa4259a7192fec3788ed670f236c2e286c
Opcode Fuzzy Hash: 2ec9d23d7620d946bb39aa82b6b7a06d5d10e65bb6685fd46d4699773f20e96e
Instruction Fuzzy Hash: 9BC2E1B0904214DFEB74DF28CC86FAA77B5FB45700F10816AE909EB292DB789885CF55

Uniqueness

Uniqueness Score: 100.00%

Function 00743951, Relevance: 15.4, Strings: 12, Instructions: 424
UNIQUECrypto

C-Code - Quality: 55%

			E00743951(intOrPtr _a4, intOrPtr _a8, signed short _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				char _v544;
				char _v1064;
				char _v1068;
				char _v1069;
				signed short* _v1076;
				signed short _v1080;
				signed short* _v1084;
				signed short _v1086;
				char _v1088;
				signed short _v1092;
				signed short _v1096;
				signed short _v1100;
				char* _v1104;
				short _v1106;
				char _v1108;
				signed short _v1111;
				signed short _v1112;
				signed int _v1116;
				signed short _v1120;
				signed short* _v1124;
				short _v1126;
				char _v1128;
				intOrPtr _v1132;
				signed short* _v1136;
				intOrPtr _v1140;
				signed short _v1144;
				signed short _v1148;
				short _v1150;
				char _v1152;
				char* _v1156;
				short _v1158;
				char _v1160;
				intOrPtr _v1164;
				signed short* _v1172;
				intOrPtr _v1176;
				char _v1180;
				signed short* _v1184;
				signed short* _v1188;
				intOrPtr _v1192;
				char* _v1196;
				intOrPtr _v1200;
				char _v1204;
				char _v1212;
				char __ebx;
				signed int __edi;
				signed short __esi;
				signed int _t173;
				intOrPtr _t175;
				void* _t187;
				intOrPtr _t194;
				char _t209;
				void* _t220;
				signed short _t236;
				unsigned int _t240;
				signed int _t242;

				_t173 =  *0x7a81e8; // 0x77d55b89
				_v8 = _t173 ^ _t242;
				_t175 = _a4;
				_t225 = _a8;
				_v1132 = _a16;
				_v1140 = _a20;
				_v1160 = 0;
				_v1158 = 0x208;
				_v1156 =  &_v1064;
				_t235 = 0;
				_t236 = _a12;
				_v1164 = _t175;
				_v1069 = 0;
				_v1068 = 0;
				_v1136 = 0;
				_v1088 = 0;
				_v1086 = 0;
				_v1084 = 0;
				_v1128 = 0;
				_v1126 = 0;
				_v1124 = 0;
				_v1144 = 0;
				if(_t175 == 0) {
					_t235 = 0;
					goto L66;
				} else {
					if(__ecx == 0 || __edi < 1 || __edi >  *(__eax + 4)) {
						__edx =  *(__eax + 4);
						L66:
						_push(_t235);
						_push(_t236);
						_push(_t225);
						_push(_t175);
						L006F1ACE(0x33, 0, "SXS: %s() bad parameters\nSXS:   Map                : %p\nSXS:   Data               : %p\nSXS:   AssemblyRosterIndex: 0x%lx\nSXS:   Map->AssemblyCount : 0x%lx\n", "RtlpResolveAssemblyStorageMapEntry");
						_t239 = 0xc000000d;
						goto L29;
					} else {
						__eax =  *(__eax + 8);
						if( *((intOrPtr*)(__eax + __edi * 4)) != 0) {
							L34:
							return L00722F0C(_t239, 0, _v8 ^ _t242, _t235, _t236, _t239);
						}
						__edx =  *(__ecx + 0x18);
						__edi = __edi * 0x18;
						__edx =  *(__ecx + 0x18) + __ecx;
						__esi =  *(__edx + 0xc);
						__edx =  *(__edx + 0x10);
						__esi = __esi + __edi * 0x18;
						__eax =  *(__esi + __ecx + 0x10);
						__eax =  *(__esi + __ecx + 0x10) + __ecx;
						__esi =  *(__eax + 0x50);
						__edx = __edx + __ecx;
						if(__esi > 0xfffe) {
							_push(__ecx);
							__eax = L006F1ACE(0x33, 0, "SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p\n", __esi);
							L39:
							_t239 = 0xc0000106;
							L31:
							if(_v1084 != 0) {
								 *0x725538(_v1084);
							}
							if(_v1068 != 0) {
								_push(_v1068);
								E00715090();
							}
							if(_v1136 != 0) {
								E00722882(_t225,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v1136);
							}
							goto L34;
						}
						if(( *(__eax + 4) & 0x00000010) != 0) {
							goto L1;
						}
						_v1076 = 0;
						__si =  *(__eax + 0x50);
						_v1152 = __si;
						_v1150 = __si;
						__eax =  *(__eax + 0x54);
						_v1148 = __eax;
						__eax = 0;
						_v1108 = __ax;
						__eax = 0x216;
						_v1106 = __ax;
						__eax =  &_v544;
						_v1104 =  &_v544;
						__eax =  &_v1120;
						_v1120 = __ecx;
						_v1116 = __edi;
						_v1112 = 0;
						_v1100 = __bl;
						_v1092 = __bl;
						_v1096 = 0;
						__eax = _v1132(1,  &_v1120, _v1140);
						if(_v1092 != __bl) {
							__esi = 0xc0000120;
							goto L31;
						}
						if(_v1100 != __bl) {
							 &_v1068 =  &_v1076;
							 &_v1088 =  &_v1160;
							 &_v1152 =  &_v1108;
							__esi = E00744344(0,  &_v1108,  &_v1152,  &_v1160,  &_v1088,  &_v1076,  &_v1068);
							if(__esi >= 0) {
								 &_v1068 =  &_v1108;
								__eax = E0074409E(_v1164, __edi,  &_v1108,  &_v1068);
								__esi = __eax;
								if(__esi >= 0) {
									__esi = 0;
									goto L31;
								}
								_push(__esi);
								_push(__edi);
								_push("SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx\n");
								L50:
								_push(__ebx);
								_push(0x33);
								__eax = L006F1ACE();
								__esp = __esp + 0x14;
								goto L31;
							}
							_push(__esi);
							__eax =  &_v1108;
							_push( &_v1108);
							_push("SXS: Attempt to probe known root of assembly storage (\"%wZ\") failed; Status = 0x%08lx\n");
							goto L50;
						}
						__eax = _v1112;
						_v1144 = _v1112;
						__eax = _v1096;
						__edi = 0;
						_v1080 = __eax;
						_v1069 = 1;
						if(__eax <= 0) {
							L25:
							if(__edi == _v1080) {
								L59:
								_push(__edi);
								__eax =  &_v1152;
								__eax = L006F1ACE(0x33, __ebx, "SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries\n",  &_v1152);
								__esi = 0xc0150004;
								L30:
								_v1120 = _v1144;
								_v1132(4,  &_v1120, _v1140);
								goto L31;
							}
							L26:
							if(_v1068 == 0) {
								if(L0072CBB1(_v1076[2],  &_v1128, 0,  &_v1180) == 0) {
									L006F1ACE(0x33, 0, "SXS: Attempt to translate DOS path name \"%S\" to NT format failed\n", _v1076[2]);
									_t239 = 0xc000003a;
									L29:
									if(_v1069 == 0) {
										goto L31;
									}
									goto L30;
								}
								_v1136 = _v1124;
								_t209 = _v1180;
								if(_t209 != 0) {
									_v1128 = _t209;
									_v1124 = _v1176;
								} else {
									_v1172 = 0;
								}
								_v1200 = _v1172;
								_push(0x21);
								_v1196 =  &_v1128;
								_push(3);
								_push( &_v1212);
								_push( &_v1204);
								_push(0x100020);
								_push( &_v1068);
								_v1204 = 0x18;
								_v1192 = 0x40;
								_v1188 = 0;
								_v1184 = 0;
								_t239 = E007158A0();
								L00727DEA( &_v1180, _t225,  &_v1180);
								if(_t239 >= 0) {
									goto L27;
								} else {
									_push(_t239);
									L006F1ACE(0x33, 0, "SXS: Unable to open assembly directory under storage root \"%S\"; Status = 0x%08lx\n", _v1076[2]);
									goto L29;
								}
							}
							L27:
							_t220 = E0074409E(_v1164, _a12, _v1076,  &_v1068);
							_t239 = _t220;
							if(_t220 < 0) {
								L006F1ACE(0x33, 0, "SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx\n", _t239);
							} else {
								_t239 = 0;
							}
							goto L29;
						} else {
							goto L21;
						}
						while(1) {
							L21:
							__eax = _v1144;
							_v1120 = _v1144;
							__eax = 0;
							_v1108 = __ax;
							__eax = 0x216;
							_v1106 = __ax;
							__eax =  &_v544;
							_v1104 =  &_v544;
							__eax =  &_v1120;
							_v1116 = __edi;
							_v1112 = __bl;
							_v1111 = __bl;
							__eax = _v1132(2,  &_v1120, _v1140);
							if(_v1112 != __bl) {
								break;
							}
							if(_v1111 != __bl) {
								if(_v1108 == __bx) {
									goto L59;
								}
								_t159 = __edi + 1; // 0x1
								__eax = _t159;
								_v1080 = _t159;
							}
							if(_v1108 != __bx) {
								if(_v1068 != __ebx) {
									_push(_v1068);
									__eax = E00715090();
									_v1068 = __ebx;
								}
								 &_v1068 =  &_v1076;
								 &_v1088 =  &_v1160;
								 &_v1152 =  &_v1108;
								__esi = E00744344(__ebx,  &_v1108,  &_v1152,  &_v1160,  &_v1088,  &_v1076,  &_v1068);
								if(__esi >= __ebx) {
									goto L25;
								} else {
									if(__esi == 0xc0150004) {
										goto L24;
									}
									_push(__esi);
									__eax =  &_v1152;
									_push( &_v1152);
									__eax =  &_v1108;
									__eax = L006F1ACE(0x33, __ebx, "SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx\n",  &_v1108);
									goto L30;
								}
							}
							L24:
							__edi = __edi + 1;
							if(__edi < _v1080) {
								continue;
							}
							goto L25;
						}
						__esi = 0xc0000120;
						goto L30;
					}
				}
				L1:
				_v1076 =  &_v1160;
				_t236 =  *(_t175 + 0x18);
				_v1080 = _t236;
				if(_t236 == 0) {
					_t239 = 0xc00000e5;
					goto L34;
				}
				_t187 = E007287C9(_t236, 0x5c);
				_pop(_t225);
				if(_t187 == 0) {
					_t239 = 0xc00000e5;
					goto L31;
				}
				_t236 = (_t187 - _t236 >> 0x00000001) + (_t187 - _t236 >> 0x00000001) + 0x00000004 & 0x0000ffff;
				if(_t236 > 0x208) {
					if(_t236 > 0xfffe) {
						goto L39;
					}
					_v1086 = _t236;
					_t194 =  *0x725510(_t236 & 0x0000ffff);
					_v1084 = _t194;
					if(_t194 != 0) {
						_v1076 =  &_v1088;
						goto L4;
					}
					_t239 = 0xc0000017;
					goto L31;
				}
				L4:
				_t240 = _t236 & 0x0000ffff;
				E00704830(_v1076[2], _v1080, _t240 - 2);
				_t225 = 0;
				 *((short*)(_v1076[2] + (_t240 >> 1) * 2 - 2)) = 0;
				 *_v1076 = _t236;
				goto L26;
			}

0x0074395c
0x00743963
0x00743969
0x0074396c
0x0074396f
0x00743978
0x00743980
0x0074398f
0x0074399d
0x007439a3
0x007439a8
0x007439ab
0x007439b1
0x007439b7
0x007439bd
0x007439c3
0x007439ca
0x007439d1
0x007439d7
0x007439de
0x007439e5
0x007439eb
0x007439f3
0x00754c37
0x00000000
0x007439f9
0x007439fb
0x006d6003
0x00754c39
0x00754c39
0x00754c3a
0x00754c3b
0x00754c3c
0x00754c4a
0x00754c52
0x00000000
0x00743a13
0x00743a13
0x00743a19
0x00743c22
0x00743c32
0x00743c32
0x00743a1f
0x00743a24
0x00743a27
0x00743a29
0x00743a2c
0x00743a2f
0x00743a31
0x00743a35
0x00743a37
0x00743a3a
0x00743a42
0x00754a40
0x00754a4a
0x00754a52
0x00754a52
0x00743bfe
0x00743c04
0x00754c62
0x00754c62
0x00743c10
0x00754c6d
0x00754c73
0x00754c73
0x00743c1c
0x006d5ff9
0x006d5ff9
0x00000000
0x00743c1c
0x00743a4c
0x00000000
0x00000000
0x00743a58
0x00743a5e
0x00743a62
0x00743a69
0x00743a70
0x00743a75
0x00743a7b
0x00743a7d
0x00743a84
0x00743a89
0x00743a90
0x00743a96
0x00743a9c
0x00743aa5
0x00743aab
0x00743ab1
0x00743ab7
0x00743abd
0x00743ac3
0x00743ac9
0x00743ad5
0x00754ad3
0x00000000
0x00754ad3
0x00743ae1
0x00754ae4
0x00754af2
0x00754b00
0x00754b0d
0x00754b11
0x00754b37
0x00754b45
0x00754b4a
0x00754b4e
0x00754b59
0x00000000
0x00754b59
0x00754b50
0x00754b51
0x00754b52
0x00754b20
0x00754b20
0x00754b21
0x00754b23
0x00754b28
0x00000000
0x00754b28
0x00754b13
0x00754b14
0x00754b1a
0x00754b1b
0x00000000
0x00754b1b
0x00743ae7
0x00743aed
0x00743af3
0x00743af9
0x00743afb
0x00743b01
0x00743b0a
0x00743b96
0x00743b9c
0x00754b9b
0x00754b9b
0x00754b9c
0x00754bab
0x00754bb3
0x00743bdd
0x00743be9
0x00743bf8
0x00000000
0x00743bf8
0x00743ba2
0x00743ba8
0x006d5f49
0x00754ac1
0x00754ac9
0x00743bd5
0x00743bdb
0x00000000
0x00000000
0x00000000
0x00743bdb
0x006d5f55
0x006d5f5b
0x006d5f64
0x00754beb
0x00754bf7
0x006d5f6a
0x006d5f6a
0x006d5f6a
0x006d5f76
0x006d5f7c
0x006d5f84
0x006d5f8a
0x006d5f92
0x006d5f99
0x006d5f9a
0x006d5fa5
0x006d5fa6
0x006d5fb0
0x006d5fba
0x006d5fc0
0x006d5fcb
0x006d5fd4
0x006d5fdb
0x00000000
0x006d5fe1
0x00754c08
0x00754c14
0x00000000
0x00754c19
0x006d5fdb
0x00743bae
0x00743bc4
0x00743bc9
0x00743bcd
0x00754c2a
0x00743bd3
0x00743bd3
0x00743bd3
0x00000000
0x00000000
0x00000000
0x00000000
0x00743b10
0x00743b10
0x00743b10
0x00743b1c
0x00743b22
0x00743b24
0x00743b2b
0x00743b30
0x00743b37
0x00743b3d
0x00743b43
0x00743b4c
0x00743b52
0x00743b58
0x00743b5e
0x00743b6a
0x00000000
0x00000000
0x00743b76
0x00754b67
0x00000000
0x00000000
0x00754b69
0x00754b69
0x00754b6c
0x00754b6c
0x00743b83
0x007442fa
0x00754b77
0x00754b7d
0x00754b82
0x00754b82
0x00744307
0x00744315
0x00744323
0x00744330
0x00744334
0x00000000
0x0074433a
0x00754b93
0x00000000
0x00000000
0x00754bc7
0x00754bc8
0x00754bce
0x00754bcf
0x00754bde
0x00000000
0x00754be3
0x00744334
0x00743b89
0x00743b89
0x00743b90
0x00000000
0x00000000
0x00000000
0x00743b90
0x00754bbd
0x00000000
0x00754bbd
0x007439fb
0x006d5ea1
0x006d5ea7
0x006d5eb0
0x006d5eb2
0x006d5eb8
0x00754a5c
0x00000000
0x00754a5c
0x006d5ec1
0x006d5ec7
0x006d5eca
0x00754a66
0x00000000
0x00754a66
0x006d5ed8
0x006d5ee3
0x00754a78
0x00000000
0x00000000
0x00754a7e
0x00754a85
0x00754a8b
0x00754a93
0x00754aa5
0x00000000
0x00754aa5
0x00754a95
0x00000000
0x00754a95
0x006d5ee9
0x006d5ee9
0x006d5eff
0x006d5f0f
0x006d5f11
0x006d5f22
0x00000000

Strings

<<t, xrefs: 00743953
SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 00754AB9
SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 00754BD6
SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 00754BA3
SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 00754C42
SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 00754C22
AUr, xrefs: 00754C62
SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 00754A42
SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 00754B1B
RtlpResolveAssemblyStorageMapEntry, xrefs: 00754C3D
SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 00754B52
SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 00754C0C

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: <<t$AUr$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
API String ID: 0-2720898200
Opcode ID: 4373187aba89aae1e14d9c6725f70e3149559ea56123cf13e9330dfa9b67f0dc
Instruction ID: 9e369b5436a63a00f42facd0ac3cab2c5d4f52a4671793f046e9e26de58e835b
Opcode Fuzzy Hash: 4373187aba89aae1e14d9c6725f70e3149559ea56123cf13e9330dfa9b67f0dc
Instruction Fuzzy Hash: CF0239F19012289FDB21DF548C84BEAB7B9AF48304F4441EAA60DA7251E7749FC4CF69

Uniqueness

Uniqueness Score: 100.00%

Function 007950A5, Relevance: 12.0, Strings: 9, Instructions: 799
UNIQUECrypto

C-Code - Quality: 58%

			E007950A5(signed int _a4, signed int _a8, intOrPtr* _a16, signed int* _a20, signed int* _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t339;
				intOrPtr _t361;
				signed int _t365;
				signed short _t377;
				signed char _t380;
				signed int* _t382;
				signed char _t383;
				signed int _t384;
				intOrPtr _t386;
				unsigned int _t401;
				signed int _t402;
				intOrPtr _t409;
				intOrPtr _t423;
				signed int _t450;
				intOrPtr _t452;
				intOrPtr* _t463;
				signed int _t465;
				signed int* _t466;
				signed int _t467;
				intOrPtr _t468;
				signed short _t469;
				signed int _t471;
				signed int _t472;
				signed int _t475;
				signed short* _t486;
				signed short _t487;
				signed int* _t489;
				signed int _t490;
				signed int _t498;
				signed int _t501;
				signed int _t502;
				signed int _t511;
				signed short _t513;
				signed short _t514;
				signed int _t515;
				signed int* _t519;
				signed int _t523;
				signed int _t532;
				signed int _t534;
				signed int* _t535;
				signed int _t537;
				void* _t539;
				signed int _t549;
				signed int _t551;
				intOrPtr _t557;
				intOrPtr _t561;
				signed int _t570;
				intOrPtr* _t582;
				signed int _t583;
				signed int* _t584;
				void* _t585;
				signed int _t586;
				signed int _t588;
				signed int _t589;
				signed int _t590;
				signed int _t592;
				signed int* _t594;
				signed short _t595;
				signed short _t597;
				signed int _t604;
				signed int _t605;
				signed int _t607;
				signed short _t609;
				signed short _t611;
				signed int _t613;
				signed int _t615;
				signed int _t616;
				signed int _t621;
				signed int _t622;
				signed int _t623;
				intOrPtr _t626;
				signed int* _t627;
				intOrPtr _t628;
				signed int _t630;
				signed int* _t632;
				signed int _t633;
				signed int _t634;
				signed int _t636;
				signed int _t638;
				signed int* _t642;
				signed short _t643;
				signed short _t645;
				signed int _t646;
				void* _t650;
				signed int _t652;
				signed int _t654;
				signed int* _t656;
				signed short _t664;
				signed short _t667;
				intOrPtr _t668;
				intOrPtr _t669;
				signed int _t670;
				signed int _t671;
				void* _t690;

				_t671 = _a8;
				_t339 = 0;
				_v32 = 0;
				_v36 = 0;
				_v24 = 0;
				if(_t671 >=  *((intOrPtr*)(_t671 + 0x28))) {
					L176:
					_t668 = _v32;
					__eflags =  *((intOrPtr*)(_t671 + 0x2c)) - _t668;
					if( *((intOrPtr*)(_t671 + 0x2c)) == _t668) {
						_t669 = _v36;
						__eflags =  *((intOrPtr*)(_t671 + 0x30)) - _t669;
						if( *((intOrPtr*)(_t671 + 0x30)) == _t669) {
							goto L203;
						}
						_t557 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *((intOrPtr*)(_t557 + 0xc)) - _t339;
						if( *((intOrPtr*)(_t557 + 0xc)) == _t339) {
							_push("HEAP: ");
							E006EF63B();
						} else {
							E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_t669);
						_push( *((intOrPtr*)(_t671 + 0x30)));
						_push(_t671);
						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
						L211:
						E006EF63B();
						goto L186;
					}
					_t561 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
					__eflags =  *((intOrPtr*)(_t561 + 0xc)) - _t339;
					if( *((intOrPtr*)(_t561 + 0xc)) == _t339) {
						_push("HEAP: ");
						E006EF63B();
					} else {
						E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t668);
					_push( *((intOrPtr*)(_t671 + 0x2c)));
					_push(_t671);
					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
					goto L211;
				} else {
					_t670 = _a4;
					do {
						_t532 = 0;
						 *_a24 = _t671;
						if( *(_t670 + 0x4c) != 0) {
							 *_t671 =  *_t671 ^  *(_t670 + 0x50);
							_t679 =  *(_t671 + 3) - ( *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671);
							if( *(_t671 + 3) != ( *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671)) {
								_push(0);
								_push(_t671);
								_push(_t670);
								L00794BBA(0, _t670, _t671, _t679);
							}
						}
						if(_v24 != ( *(_t671 + 4) ^  *(_t670 + 0x54))) {
							_t361 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *((intOrPtr*)(_t361 + 0xc)) - _t532;
							if( *((intOrPtr*)(_t361 + 0xc)) == _t532) {
								_push("HEAP: ");
								E006EF63B();
							} else {
								E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v24 & 0x0000ffff);
							_t365 =  *(_t671 + 4) & 0x0000ffff ^  *(_t670 + 0x54) & 0x0000ffff;
							__eflags = _t365;
							_push(_t365);
							E006EF63B("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t671);
							L183:
							_t690 =  *(_t670 + 0x4c) - _t532;
							L184:
							if(_t690 != 0) {
								 *(_t671 + 3) =  *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671;
								 *_t671 =  *_t671 ^  *(_t670 + 0x50);
							}
							L186:
							return 0;
						}
						_t377 =  *_t671 & 0x0000ffff;
						_v24 = _t377 & 0x0000ffff;
						_t568 = _t377 & 0x0000ffff;
						_a4 = _t568 << 3;
						_t380 =  *(_t671 + 2);
						if((_t380 & 0x00000001) == 0) {
							__eflags =  *(_t670 + 0x40) & 0x00000040;
							if(( *(_t670 + 0x40) & 0x00000040) == 0) {
								L154:
								 *_a16 =  *_a16 + 1;
								_t382 = _a20;
								 *_t382 =  *_t382 + ( *_t671 & 0x0000ffff);
								__eflags =  *_t382;
								L155:
								_t383 =  *(_t671 + 6);
								__eflags = _t383;
								if(_t383 == 0) {
									_t384 = _t670;
								} else {
									_t384 = (_t671 & 0xffff0000) - ((_t383 & 0x000000ff) << 0x10) + 0x10000;
								}
								_t570 = _a8;
								__eflags = _t384 - _t570;
								if(_t384 != _t570) {
									_t386 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									__eflags =  *((intOrPtr*)(_t386 + 0xc)) - _t532;
									if( *((intOrPtr*)(_t386 + 0xc)) == _t532) {
										_push("HEAP: ");
										E006EF63B();
									} else {
										E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
									}
									_push( *(_t671 + 6) & 0x000000ff);
									_push(_t671);
									_push("Heap block at %p has incorrect segment offset (%x)\n");
									goto L195;
								} else {
									__eflags =  *((char*)(_t671 + 7)) - 3;
									if( *((char*)(_t671 + 7)) != 3) {
										__eflags =  *(_t670 + 0x4c) - _t532;
										if( *(_t670 + 0x4c) != _t532) {
											 *(_t671 + 3) =  *(_t671 + 1) ^  *_t671 ^  *(_t671 + 2);
											 *_t671 =  *_t671 ^  *(_t670 + 0x50);
											__eflags =  *_t671;
										}
										_t671 = _t671 + _a4;
										__eflags = _t671;
										goto L174;
									}
									_t401 =  *(_t671 + 0x1c);
									__eflags = _t401 - _t532;
									if(_t401 == _t532) {
										_t402 =  *_t671 & 0x0000ffff;
										__eflags = _t671 + _t402 * 8 -  *((intOrPtr*)(_t570 + 0x28));
										if(_t671 + _t402 * 8 ==  *((intOrPtr*)(_t570 + 0x28))) {
											__eflags =  *(_t670 + 0x4c) - _t532;
											if( *(_t670 + 0x4c) != _t532) {
												 *(_t671 + 3) =  *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671;
												 *_t671 =  *_t671 ^  *(_t670 + 0x50);
												__eflags =  *_t671;
											}
											L203:
											return 1;
										}
										_t409 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
										__eflags =  *((intOrPtr*)(_t409 + 0xc)) - _t532;
										if( *((intOrPtr*)(_t409 + 0xc)) == _t532) {
											_push("HEAP: ");
											E006EF63B();
										} else {
											E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
										}
										_push( *((intOrPtr*)(_a8 + 0x28)));
										_push(_t671);
										_push("Heap block at %p is not last block in segment (%p)\n");
										L195:
										E006EF63B();
										goto L183;
									}
									_v36 = _v36 + 1;
									_v32 = _v32 + (_t401 >> 0xc);
									__eflags =  *(_t670 + 0x4c) - _t532;
									if( *(_t670 + 0x4c) != _t532) {
										 *(_t671 + 3) =  *(_t671 + 1) ^  *_t671 ^  *(_t671 + 2);
										 *_t671 =  *_t671 ^  *(_t670 + 0x50);
										__eflags =  *_t671;
									}
									_t671 = _t671 +  *(_t671 + 0x1c) + 0x20;
									__eflags = _t671 -  *((intOrPtr*)(_t570 + 0x28));
									if(_t671 ==  *((intOrPtr*)(_t570 + 0x28))) {
										L170:
										_v24 = _t532;
										goto L174;
									} else {
										__eflags =  *(_t670 + 0x4c) - _t532;
										if( *(_t670 + 0x4c) != _t532) {
											 *_t671 =  *_t671 ^  *(_t670 + 0x50);
											__eflags =  *(_t671 + 3) - ( *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671);
											if(__eflags != 0) {
												_push(_t532);
												_push(_t671);
												_push(_t670);
												L00794BBA(_t532, _t670, _t671, __eflags);
											}
										}
										__eflags =  *(_t671 + 4) ^  *(_t670 + 0x54);
										if(( *(_t671 + 4) ^  *(_t670 + 0x54)) != 0) {
											_t423 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
											__eflags =  *((intOrPtr*)(_t423 + 0xc)) - _t532;
											if( *((intOrPtr*)(_t423 + 0xc)) == _t532) {
												_push("HEAP: ");
												E006EF63B();
											} else {
												E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
											}
											_push( *(_t671 + 4) & 0x0000ffff ^  *(_t670 + 0x54) & 0x0000ffff);
											_push(_t671);
											_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
											goto L195;
										} else {
											__eflags =  *(_t670 + 0x4c) - _t532;
											if( *(_t670 + 0x4c) != _t532) {
												 *(_t671 + 3) =  *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671;
												 *_t671 =  *_t671 ^  *(_t670 + 0x50);
												__eflags =  *_t671;
											}
											goto L170;
										}
									}
								}
							}
							__eflags = _t380 & 0x00000004;
							if((_t380 & 0x00000004) == 0) {
								goto L154;
							}
							_t534 = _a4 + 0xfffffff0;
							__eflags = _t380 & 0x00000002;
							if((_t380 & 0x00000002) != 0) {
								__eflags = _t534 - 4;
								if(_t534 > 4) {
									_t534 = _t534 - 4;
									__eflags = _t534;
								}
							}
							__eflags = _t380 & 0x00000008;
							if((_t380 & 0x00000008) == 0) {
								_t450 = E00705770(_t671 + 0x10, _t534, 0xfeeefeee);
								_v40 = _t450;
								__eflags = _t450 - _t534;
								if(_t450 != _t534) {
									_t452 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									__eflags =  *(_t452 + 0xc);
									if( *(_t452 + 0xc) == 0) {
										_push("HEAP: ");
										E006EF63B();
									} else {
										E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
									}
									_push(_t671 + 8 + _v40);
									E006EF63B("Free Heap block %p modified at %p after it was freed\n", _t671);
									__eflags =  *(_t670 + 0x4c);
									goto L184;
								}
								_t532 = 0;
								__eflags = 0;
								goto L154;
							} else {
								_t535 =  *(_t671 + 0xc);
								_t463 = _t671 + 8;
								_t627 =  *_t463;
								_v12 = _t627;
								_t628 =  *((intOrPtr*)(_t627 + 4));
								_v40 = _t535;
								_t536 =  *_t535;
								__eflags = _t536 - _t628;
								if(__eflags != 0) {
									L61:
									_push(0);
									_push(_t536);
									_push(_t628);
									_push(_t463);
									_push(_t670);
									_push(0xc);
									L00794B0C(_t536, _t568, _t628, _t670, _t671, __eflags);
									goto L174;
								}
								__eflags = _t536 - _t463;
								if(__eflags != 0) {
									goto L61;
								}
								_t465 =  *(_t670 + 0xb8);
								 *((intOrPtr*)(_t670 + 0x78)) =  *((intOrPtr*)(_t670 + 0x78)) - _t568;
								__eflags = _t465;
								if(_t465 == 0) {
									L58:
									_t466 = _v12;
									_t582 = _v40;
									 *_t582 = _t466;
									 *((intOrPtr*)(_t466 + 4)) = _t582;
									__eflags =  *(_t671 + 2) & 0x00000008;
									if(( *(_t671 + 2) & 0x00000008) == 0) {
										L62:
										_t537 =  *_t671 & 0x0000ffff;
										 *(_t671 + 2) = 0;
										 *((char*)(_t671 + 7)) = 0;
										_t467 =  *(_t670 + 0xb8);
										_v20 = _t537;
										__eflags = _t467;
										if(_t467 != 0) {
											while(1) {
												__eflags = _t537 -  *((intOrPtr*)(_t467 + 4));
												if(_t537 <  *((intOrPtr*)(_t467 + 4))) {
													break;
												}
												_t583 =  *_t467;
												__eflags = _t583;
												if(_t583 == 0) {
													_t630 =  *((intOrPtr*)(_t467 + 4)) - 1;
													__eflags = _t630;
													_v28 = _t630;
													L75:
													_t118 = _t467 + 0x14; // 0x14
													_t584 = _t118;
													while(1) {
														_a4 = _t467;
														_v16 = _t630 -  *_t584;
														_t632 =  *((intOrPtr*)(_t467 + 0x18));
														_t468 =  *((intOrPtr*)(_t632 + 4));
														_v12 = _t632;
														__eflags = _t632 - _t468;
														if(_t632 != _t468) {
															goto L78;
														}
														L77:
														_v8 = _t632;
														L121:
														_t472 = _v8;
														__eflags = _t472;
														if(_t472 != 0) {
															L64:
															_t107 = _t670 + 0xc4; // 0xc5
															_t539 = _t107;
															__eflags = _t539 - _t472;
															if(_t539 == _t472) {
																L126:
																_t634 =  *(_t472 + 4);
																_t585 =  *_t634;
																__eflags = _t585 - _t472;
																if(_t585 != _t472) {
																	__eflags = 0;
																	_push(0);
																	_push(_t585);
																	_push(0);
																	_push(_t472);
																	_push(0);
																	_push(0xc);
																	L00794B0C(_t539, _t585, 0, _t670, _t671, 0);
																} else {
																	_t594 = _t671 + 8;
																	 *_t594 = _t472;
																	_t594[1] = _t634;
																	 *_t634 = _t594;
																	 *(_t472 + 4) = _t594;
																}
																 *((intOrPtr*)(_t670 + 0x78)) =  *((intOrPtr*)(_t670 + 0x78)) + ( *_t671 & 0x0000ffff);
																_t475 =  *(_t670 + 0xb8);
																__eflags = _t475;
																if(_t475 == 0) {
																	L150:
																	__eflags =  *(_t670 + 0x4c);
																	if( *(_t670 + 0x4c) != 0) {
																		 *(_t671 + 3) =  *(_t671 + 1) ^  *_t671 ^  *(_t671 + 2);
																		 *_t671 =  *_t671 ^  *(_t670 + 0x50);
																	}
																	goto L174;
																} else {
																	_t586 =  *_t671 & 0x0000ffff;
																	while(1) {
																		__eflags = _t586 -  *((intOrPtr*)(_t475 + 4));
																		if(_t586 <  *((intOrPtr*)(_t475 + 4))) {
																			break;
																		}
																		_t636 =  *_t475;
																		__eflags = _t636;
																		if(_t636 == 0) {
																			_t638 =  *((intOrPtr*)(_t475 + 4)) - 1;
																			__eflags = _t638;
																			L136:
																			_t588 = _t638 -  *((intOrPtr*)(_t475 + 0x14));
																			__eflags =  *(_t475 + 8);
																			_v28 = _t588;
																			if( *(_t475 + 8) != 0) {
																				_t588 = _t588 + _t588;
																				__eflags = _t588;
																			}
																			 *((intOrPtr*)(_t475 + 0xc)) =  *((intOrPtr*)(_t475 + 0xc)) + 1;
																			_t589 = _t588 << 2;
																			_a4 = _t589;
																			_t590 =  *(_t589 +  *((intOrPtr*)(_t475 + 0x20)));
																			_v40 = _t590;
																			__eflags = _t638 -  *((intOrPtr*)(_t475 + 4)) - 1;
																			if(_t638 ==  *((intOrPtr*)(_t475 + 4)) - 1) {
																				_t207 = _t475 + 0x10;
																				 *_t207 =  *(_t475 + 0x10) + 1;
																				__eflags =  *_t207;
																			}
																			__eflags = _t590;
																			if(_t590 == 0) {
																				L147:
																				 *((intOrPtr*)(_a4 +  *((intOrPtr*)(_t475 + 0x20)))) = _t671 + 8;
																				_t590 = _v40;
																				goto L148;
																			} else {
																				__eflags =  *(_t670 + 0x4c);
																				if( *(_t670 + 0x4c) == 0) {
																					_t643 =  *(_t590 - 8) & 0x0000ffff;
																				} else {
																					_t645 =  *(_t590 - 8);
																					__eflags =  *(_t670 + 0x4c) & _t645;
																					if(( *(_t670 + 0x4c) & _t645) != 0) {
																						_t645 = _t645 ^  *(_t670 + 0x50);
																						__eflags = _t645;
																					}
																					_t643 = _t645 & 0x0000ffff;
																				}
																				__eflags = ( *_t671 & 0x0000ffff) - (_t643 & 0x0000ffff);
																				if(( *_t671 & 0x0000ffff) - (_t643 & 0x0000ffff) > 0) {
																					L148:
																					__eflags = _t590;
																					if(_t590 == 0) {
																						_t592 = _v28;
																						_t642 =  *((intOrPtr*)(_t475 + 0x1c)) + (_t592 >> 5) * 4;
																						 *_t642 =  *_t642 | 1 << (_t592 & 0x0000001f);
																						__eflags =  *_t642;
																					}
																					goto L150;
																				} else {
																					goto L147;
																				}
																			}
																		}
																		_t475 = _t636;
																	}
																	_t638 = _t586;
																	goto L136;
																}
															}
															_t646 =  *(_t670 + 0x4c);
															while(1) {
																__eflags = _t646;
																if(_t646 == 0) {
																	_t595 =  *(_t472 - 8) & 0x0000ffff;
																} else {
																	_t597 =  *(_t472 - 8);
																	_t646 =  *(_t670 + 0x4c);
																	__eflags = _t646 & _t597;
																	if((_t646 & _t597) != 0) {
																		_t597 = _t597 ^  *(_t670 + 0x50);
																		__eflags = _t597;
																	}
																	_t595 = _t597 & 0x0000ffff;
																}
																__eflags = _v20 - (_t595 & 0x0000ffff);
																if(_v20 <= (_t595 & 0x0000ffff)) {
																	goto L126;
																}
																_t472 =  *_t472;
																__eflags = _t539 - _t472;
																if(_t539 != _t472) {
																	continue;
																}
																goto L126;
															}
															goto L126;
														}
														_t467 =  *_a4;
														_t537 = _v20;
														_t584 = _t467 + 0x14;
														_t630 =  *_t584;
														_v28 = _t630;
														_a4 = _t467;
														_v16 = _t630 -  *_t584;
														_t632 =  *((intOrPtr*)(_t467 + 0x18));
														_t468 =  *((intOrPtr*)(_t632 + 4));
														_v12 = _t632;
														__eflags = _t632 - _t468;
														if(_t632 != _t468) {
															goto L78;
														}
														goto L77;
														L78:
														_t633 =  *(_t670 + 0x4c);
														__eflags = _t633;
														if(_t633 == 0) {
															_t469 =  *(_t468 - 8) & 0x0000ffff;
														} else {
															_t514 =  *(_t468 - 8);
															_t633 =  *(_t670 + 0x4c);
															__eflags = _t514 & _t633;
															if((_t514 & _t633) != 0) {
																_t514 = _t514 ^  *(_t670 + 0x50);
																__eflags = _t514;
															}
															_t469 = _t514 & 0x0000ffff;
														}
														_t471 = _v12;
														__eflags = _t537 - (_t469 & 0x0000ffff);
														if(_t537 - (_t469 & 0x0000ffff) > 0) {
															L119:
															_v8 = _t471;
															goto L121;
														} else {
															_t486 =  *_t471 - 8;
															__eflags = _t633;
															if(_t633 == 0) {
																_t487 =  *_t486 & 0x0000ffff;
															} else {
																_t513 =  *_t486;
																_t633 =  *(_t670 + 0x4c);
																__eflags = _t513 & _t633;
																if((_t513 & _t633) != 0) {
																	_t513 = _t513 ^  *(_t670 + 0x50);
																	__eflags = _t513;
																}
																_t487 = _t513 & 0x0000ffff;
															}
															__eflags = _v20 - (_t487 & 0x0000ffff);
															if(_v20 - (_t487 & 0x0000ffff) > 0) {
																_t489 = _a4;
																__eflags =  *_t489;
																if( *_t489 != 0) {
																	L105:
																	_t490 = _a4;
																	_t549 = _v16 >> 5;
																	_v12 =  *((intOrPtr*)(_t490 + 0x1c)) + _t549 * 4;
																	_t650 = ( *((intOrPtr*)(_t490 + 4)) -  *_t584 >> 5) - 1;
																	_t498 =  !((1 << (_v16 & 0x0000001f)) - 1) &  *_v12;
																	__eflags = 1;
																	if(1 != 0) {
																		L109:
																		__eflags = _t498 & 0x0000ffff;
																		if((_t498 & 0x0000ffff) == 0) {
																			_t604 = _t498 >> 0x00000010 & 0x000000ff;
																			__eflags = _t604;
																			if(_t604 == 0) {
																				_t171 = (_t498 >> 0x18) + 0x725818; // 0x10008
																				_t501 = ( *_t171 & 0x000000ff) + 0x18;
																				__eflags = _t501;
																			} else {
																				_t170 = _t604 + 0x725818; // 0x10008
																				_t501 = ( *_t170 & 0x000000ff) + 0x10;
																			}
																		} else {
																			_t652 = _t498 & 0x000000ff;
																			__eflags = _t652;
																			if(_t652 == 0) {
																				_t169 = (_t498 >> 0x00000008 & 0x000000ff) + 0x725818; // 0x10008
																				_t501 = ( *_t169 & 0x000000ff) + 8;
																			} else {
																				_t168 = _t652 + 0x725818; // 0x10008
																				_t501 =  *_t168 & 0x000000ff;
																			}
																		}
																		_t551 = (_t549 << 5) + _t501;
																		_t502 = _a4;
																		__eflags =  *(_t502 + 8);
																		_t605 = _t551 + _t551;
																		if( *(_t502 + 8) == 0) {
																			_t605 = _t551;
																		}
																		_t471 =  *( *((intOrPtr*)(_t502 + 0x20)) + _t605 * 4);
																		goto L119;
																	} else {
																		goto L106;
																	}
																	while(1) {
																		L106:
																		__eflags = _t549 - _t650;
																		if(_t549 > _t650) {
																			break;
																		}
																		_v12 =  &(_v12[1]);
																		_t498 =  *_v12;
																		_t549 = _t549 + 1;
																		__eflags = _t498;
																		if(_t498 == 0) {
																			continue;
																		}
																		break;
																	}
																	__eflags = _t498;
																	if(_t498 == 0) {
																		_t179 =  &_v8;
																		 *_t179 = _v8 & 0x00000000;
																		__eflags =  *_t179;
																		goto L121;
																	}
																	goto L109;
																}
																__eflags = _v28 - _t489[1] - 1;
																if(_v28 != _t489[1] - 1) {
																	goto L105;
																}
																_t607 = _a4;
																__eflags =  *(_t607 + 8);
																_t511 = _v16;
																if( *(_t607 + 8) != 0) {
																	_t511 = _t511 + _t511;
																	__eflags = _t511;
																}
																_t471 =  *( *((intOrPtr*)(_t607 + 0x20)) + _t511 * 4);
																while(1) {
																	__eflags = _v12 - _t471;
																	if(_v12 == _t471) {
																		goto L121;
																	}
																	__eflags = _t633;
																	if(_t633 == 0) {
																		_t609 =  *(_t471 - 8) & 0x0000ffff;
																	} else {
																		_t611 =  *(_t471 - 8);
																		_t633 =  *(_t670 + 0x4c);
																		__eflags = _t611 & _t633;
																		if((_t611 & _t633) != 0) {
																			_t611 = _t611 ^  *(_t670 + 0x50);
																			__eflags = _t611;
																		}
																		_t609 = _t611 & 0x0000ffff;
																	}
																	__eflags = _v20 - (_t609 & 0x0000ffff);
																	if(_v20 - (_t609 & 0x0000ffff) <= 0) {
																		goto L119;
																	} else {
																		_t471 =  *_t471;
																		continue;
																	}
																	goto L105;
																}
																goto L121;
															} else {
																_t471 =  *_v12;
																goto L119;
															}
														}
													}
												}
												_t467 = _t583;
											}
											_t630 = _t537;
											_v28 = _t537;
											goto L75;
										}
										_t472 =  *(_t670 + 0xc4);
										goto L64;
									}
									_t515 = E006FC30D(_t670, _t671);
									__eflags = _t515;
									if(_t515 != 0) {
										goto L62;
									}
									E006FE4D7(_t536, _t670, _t670, _t671,  *_t671 & 0x0000ffff, 1);
									goto L174;
								}
								_t613 =  *_t671 & 0x0000ffff;
								while(1) {
									__eflags = _t613 -  *(_t465 + 4);
									if(_t613 <  *(_t465 + 4)) {
										break;
									}
									_t654 =  *_t465;
									__eflags = _t654;
									if(_t654 == 0) {
										_t536 =  *(_t465 + 4) - 1;
										__eflags = _t536;
										_a4 = _t536;
										L37:
										_t615 = _t536 -  *((intOrPtr*)(_t465 + 0x14));
										__eflags =  *(_t465 + 8);
										_v20 = _t615;
										if( *(_t465 + 8) != 0) {
											_t615 = _t615 + _t615;
											__eflags = _t615;
										}
										_t616 = _t615 << 2;
										_t656 =  *((intOrPtr*)(_t465 + 0x20)) + _t616;
										_v28 = _t616;
										 *((intOrPtr*)(_t465 + 0xc)) =  *((intOrPtr*)(_t465 + 0xc)) - 1;
										_v16 =  *_t656;
										__eflags = _t536 -  *(_t465 + 4) - 1;
										if(_t536 ==  *(_t465 + 4) - 1) {
											_t69 = _t465 + 0x10;
											 *_t69 =  *(_t465 + 0x10) - 1;
											__eflags =  *_t69;
										}
										__eflags = _v16 - _t671 + 8;
										if(_v16 != _t671 + 8) {
											goto L58;
										} else {
											__eflags =  *_t465;
											_t621 =  *(_t465 + 4);
											if( *_t465 == 0) {
												_t621 = _t621 - 1;
												__eflags = _t621;
											}
											__eflags = _a4 - _t621;
											_t622 =  *(_t671 + 8);
											if(_a4 >= _t621) {
												__eflags = _t622 -  *((intOrPtr*)(_t465 + 0x18));
												if(_t622 ==  *((intOrPtr*)(_t465 + 0x18))) {
													 *_t656 =  *_t656 & 0x00000000;
													__eflags =  *_t656;
													goto L57;
												}
												 *_t656 = _t622;
												goto L58;
											} else {
												__eflags = _t622 -  *((intOrPtr*)(_t465 + 0x18));
												if(_t622 ==  *((intOrPtr*)(_t465 + 0x18))) {
													L53:
													 *(_v28 +  *((intOrPtr*)(_t465 + 0x20))) =  *(_v28 +  *((intOrPtr*)(_t465 + 0x20))) & 0x00000000;
													L57:
													_t623 = _v20;
													_t519 =  *((intOrPtr*)(_t465 + 0x1c)) + (_t623 >> 5) * 4;
													 *_t519 =  *_t519 &  !(1 << (_t623 & 0x0000001f));
													__eflags =  *_t519;
													goto L58;
												}
												__eflags =  *(_t670 + 0x4c);
												if( *(_t670 + 0x4c) == 0) {
													_t664 =  *(_t622 - 8) & 0x0000ffff;
												} else {
													_t667 =  *(_t622 - 8);
													__eflags =  *(_t670 + 0x4c) & _t667;
													if(( *(_t670 + 0x4c) & _t667) != 0) {
														_t667 = _t667 ^  *(_t670 + 0x50);
														__eflags = _t667;
													}
													_t664 = _t667 & 0x0000ffff;
												}
												_t536 = ( *_t671 & 0x0000ffff) != (_t664 & 0x0000ffff);
												__eflags = ( *_t671 & 0x0000ffff) != (_t664 & 0x0000ffff);
												if(( *_t671 & 0x0000ffff) != (_t664 & 0x0000ffff)) {
													goto L53;
												} else {
													 *(_v28 +  *((intOrPtr*)(_t465 + 0x20))) = _t622;
													goto L58;
												}
											}
										}
									}
									_t465 = _t654;
								}
								_t536 = _t613;
								_a4 = _t613;
								goto L37;
							}
						}
						if(_a28 == _t532) {
							L19:
							if(( *(_t671 + 2) & 0x00000004) == 0 || L0077DB95(_t568, _t670, _t671) != 0) {
								goto L155;
							} else {
								goto L183;
							}
						} else {
							if((_t380 & 0x00000002) == 0) {
								_t523 =  *(_t671 + 3) & 0xff;
							} else {
								_t523 =  *(L006FEA3F(_t671) + 2) & 0x0000ffff;
							}
							if(_t523 == _t532) {
								goto L19;
							}
							if((_t523 & 0x00008000) == 0) {
								__eflags = _t523 & 0x00000800;
								if((_t523 & 0x00000800) != 0) {
									goto L19;
								}
								__eflags = _t523 -  *((intOrPtr*)(_t670 + 0x88));
								if(_t523 >=  *((intOrPtr*)(_t670 + 0x88))) {
									goto L19;
								}
								_t626 = _a28;
								L18:
								_t568 =  *_t671 & 0x0000ffff;
								 *((intOrPtr*)(_t626 + (_t523 & 0x0000ffff) * 4)) =  *((intOrPtr*)(_t626 + (_t523 & 0x0000ffff) * 4)) + ( *_t671 & 0x0000ffff);
								goto L19;
							}
							_t523 = _t523 & 0x00007fff;
							_t568 = 0x81;
							if(_t523 >= 0x81) {
								goto L19;
							} else {
								_t626 = _a32;
								goto L18;
							}
						}
						L174:
						__eflags = _t671 -  *((intOrPtr*)(_a8 + 0x28));
					} while (__eflags < 0);
					_t671 = _a8;
					_t339 = 0;
					__eflags = 0;
					goto L176;
				}
			}

0x007950af
0x007950b2
0x007950b5
0x007950b8
0x007950bb
0x007950c1
0x0079572d
0x0079572d
0x00795730
0x00795733
0x0079596a
0x0079596d
0x00795970
0x00000000
0x00000000
0x0079597d
0x00795980
0x00795983
0x007959a5
0x007959aa
0x00795985
0x0079599d
0x007959a2
0x007959b0
0x007959b1
0x007959b4
0x007959b5
0x0079595d
0x0079595d
0x00000000
0x00795962
0x00795740
0x00795743
0x00795746
0x00795948
0x0079594d
0x0079574c
0x00795764
0x00795769
0x00795953
0x00795954
0x00795957
0x00795958
0x00000000
0x007950c7
0x007950c7
0x007950ca
0x007950cd
0x007950cf
0x007950d4
0x007950d9
0x007950e3
0x007950e6
0x007950e8
0x007950e9
0x007950ea
0x007950eb
0x007950eb
0x007950e6
0x007950fc
0x00795775
0x00795778
0x0079577b
0x0079579d
0x007957a2
0x0079577d
0x00795795
0x0079579a
0x007957b0
0x007957b5
0x007957b5
0x007957b7
0x007957be
0x007957c6
0x007957c6
0x007957c9
0x007957c9
0x007957d3
0x007957d9
0x007957d9
0x007957db
0x00000000
0x007957db
0x00795102
0x00795108
0x0079510b
0x00795113
0x00795116
0x0079511b
0x00795196
0x0079519a
0x0079564b
0x0079564e
0x00795653
0x00795656
0x00795656
0x00795658
0x00795658
0x0079565b
0x0079565d
0x00795675
0x0079565f
0x0079566e
0x0079566e
0x00795677
0x0079567a
0x0079567c
0x0079583e
0x00795841
0x00795844
0x00795866
0x0079586b
0x00795846
0x0079585e
0x00795863
0x00795875
0x00795876
0x00795877
0x00000000
0x00795682
0x00795682
0x00795686
0x00795704
0x00795707
0x00795711
0x00795717
0x00795717
0x00795717
0x00795719
0x00795719
0x00000000
0x00795719
0x00795688
0x0079568b
0x0079568d
0x00795889
0x0079588f
0x00795892
0x007958db
0x007958de
0x007958e8
0x007958ee
0x007958ee
0x007958ee
0x007958f0
0x00000000
0x007958f0
0x0079589a
0x0079589d
0x007958a0
0x007958c2
0x007958c7
0x007958a2
0x007958ba
0x007958bf
0x007958d0
0x007958d3
0x007958d4
0x0079587c
0x0079587c
0x00000000
0x00795881
0x00795693
0x00795699
0x0079569c
0x0079569f
0x007956a9
0x007956af
0x007956af
0x007956af
0x007956b4
0x007956b8
0x007956bb
0x007956ff
0x007956ff
0x00000000
0x007956bd
0x007956bd
0x007956c0
0x007956c5
0x007956cf
0x007956d2
0x007956d4
0x007956d5
0x007956d6
0x007956d7
0x007956d7
0x007956d2
0x007956e0
0x007956e4
0x007958ff
0x00795902
0x00795905
0x00795927
0x0079592c
0x00795907
0x0079591f
0x00795924
0x0079593c
0x0079593d
0x0079593e
0x00000000
0x007956ea
0x007956ea
0x007956ed
0x007956f7
0x007956fd
0x007956fd
0x007956fd
0x00000000
0x007956ed
0x007956e4
0x007956bb
0x0079567c
0x007951a0
0x007951a2
0x00000000
0x00000000
0x007951ab
0x007951ae
0x007951b0
0x007951b2
0x007951b5
0x007951b7
0x007951b7
0x007951b7
0x007951b5
0x007951ba
0x007951bc
0x00795639
0x0079563e
0x00795641
0x00795643
0x007957e8
0x007957eb
0x007957ef
0x00795811
0x00795816
0x007957f1
0x00795809
0x0079580e
0x00795823
0x0079582a
0x00795832
0x00000000
0x00795832
0x00795649
0x00795649
0x00000000
0x007951c2
0x007951c2
0x007951c5
0x007951c8
0x007951ca
0x007951cd
0x007951d0
0x007951d3
0x007951d5
0x007951d7
0x007952f3
0x007952f3
0x007952f5
0x007952f6
0x007952f7
0x007952f8
0x007952f9
0x007952fb
0x00000000
0x007952fb
0x007951dd
0x007951df
0x00000000
0x00000000
0x007951e5
0x007951eb
0x007951ee
0x007951f0
0x007952c3
0x007952c3
0x007952c6
0x007952c9
0x007952cb
0x007952ce
0x007952d2
0x00795305
0x00795305
0x00795308
0x0079530c
0x00795310
0x00795316
0x00795319
0x0079531b
0x00795359
0x00795359
0x0079535c
0x00000000
0x00000000
0x00795351
0x00795353
0x00795355
0x00795368
0x00795368
0x00795369
0x0079536c
0x0079536c
0x0079536c
0x0079536f
0x00795371
0x00795374
0x00795377
0x0079537a
0x0079537d
0x00795380
0x00795382
0x00000000
0x00000000
0x00795384
0x00795384
0x00795504
0x00795504
0x00795507
0x00795509
0x00795323
0x00795323
0x00795323
0x00795329
0x0079532b
0x0079553a
0x0079553a
0x0079553d
0x0079553f
0x00795541
0x00795552
0x00795554
0x00795555
0x00795556
0x00795557
0x00795558
0x00795559
0x0079555b
0x00795543
0x00795543
0x00795546
0x00795548
0x0079554b
0x0079554d
0x0079554d
0x00795563
0x00795566
0x0079556c
0x0079556e
0x00795610
0x00795610
0x00795614
0x00795622
0x00795628
0x00795628
0x00000000
0x00795574
0x00795574
0x00795581
0x00795581
0x00795584
0x00000000
0x00000000
0x00795579
0x0079557b
0x0079557d
0x0079558d
0x0079558d
0x0079558e
0x00795590
0x00795593
0x00795597
0x0079559a
0x0079559c
0x0079559c
0x0079559c
0x0079559e
0x007955a4
0x007955a7
0x007955aa
0x007955b1
0x007955b4
0x007955b6
0x007955b8
0x007955b8
0x007955b8
0x007955b8
0x007955bb
0x007955bd
0x007955e5
0x007955ee
0x007955f1
0x00000000
0x007955bf
0x007955bf
0x007955c3
0x007955d5
0x007955c5
0x007955c5
0x007955c8
0x007955cb
0x007955cd
0x007955cd
0x007955cd
0x007955d0
0x007955d0
0x007955e1
0x007955e3
0x007955f4
0x007955f4
0x007955f6
0x007955f8
0x00795603
0x0079560e
0x0079560e
0x0079560e
0x00000000
0x00000000
0x00000000
0x00000000
0x007955e3
0x007955bd
0x0079557f
0x0079557f
0x00795586
0x00000000
0x00795586
0x0079556e
0x00795331
0x00795334
0x00795334
0x00795336
0x00795524
0x0079533c
0x0079533c
0x0079533f
0x00795342
0x00795344
0x00795346
0x00795346
0x00795346
0x00795349
0x00795349
0x0079552b
0x0079552e
0x00000000
0x00000000
0x00795530
0x00795532
0x00795534
0x00000000
0x00000000
0x00000000
0x00795534
0x00000000
0x00795334
0x00795512
0x00795514
0x00795517
0x0079551a
0x0079551c
0x00795371
0x00795374
0x00795377
0x0079537a
0x0079537d
0x00795380
0x00795382
0x00000000
0x00000000
0x00000000
0x0079538c
0x0079538c
0x0079538f
0x00795391
0x007953a5
0x00795393
0x00795393
0x00795396
0x00795399
0x0079539b
0x0079539d
0x0079539d
0x0079539d
0x007953a0
0x007953a0
0x007953ae
0x007953b1
0x007953b3
0x007954fb
0x007954fb
0x00000000
0x007953b9
0x007953bb
0x007953be
0x007953c0
0x007953d3
0x007953c2
0x007953c2
0x007953c4
0x007953c7
0x007953c9
0x007953cb
0x007953cb
0x007953cb
0x007953ce
0x007953ce
0x007953de
0x007953e0
0x007953ec
0x007953ef
0x007953f2
0x0079544a
0x0079544a
0x0079545b
0x00795461
0x00795472
0x00795476
0x00795476
0x00795478
0x00795490
0x00795493
0x00795495
0x007954c1
0x007954c1
0x007954c7
0x007954d8
0x007954df
0x007954df
0x007954c9
0x007954c9
0x007954d0
0x007954d0
0x00795497
0x0079549e
0x0079549e
0x007954a0
0x007954b0
0x007954b7
0x007954a2
0x007954a2
0x007954a2
0x007954a2
0x007954a0
0x007954e5
0x007954e7
0x007954ea
0x007954ee
0x007954f1
0x007954f3
0x007954f3
0x007954f8
0x00000000
0x00000000
0x00000000
0x00000000
0x0079547a
0x0079547a
0x0079547a
0x0079547c
0x00000000
0x00000000
0x0079547e
0x00795485
0x00795487
0x00795488
0x0079548a
0x00000000
0x00000000
0x00000000
0x0079548a
0x0079548c
0x0079548e
0x00795500
0x00795500
0x00795500
0x00000000
0x00795500
0x00000000
0x0079548e
0x007953f8
0x007953fb
0x00000000
0x00000000
0x007953fd
0x00795400
0x00795404
0x00795407
0x00795409
0x00795409
0x00795409
0x0079540e
0x0079543f
0x0079543f
0x00795442
0x00000000
0x00000000
0x00795413
0x00795415
0x00795429
0x00795417
0x00795417
0x0079541a
0x0079541d
0x0079541f
0x00795421
0x00795421
0x00795421
0x00795424
0x00795424
0x00795435
0x00795437
0x00000000
0x0079543d
0x0079543d
0x00000000
0x0079543d
0x00000000
0x00795437
0x00000000
0x007953e2
0x007953e5
0x00000000
0x007953e5
0x007953e0
0x007953b3
0x0079536f
0x00795357
0x00795357
0x0079535e
0x00795360
0x00000000
0x00795360
0x0079531d
0x00000000
0x0079531d
0x007952d8
0x007952dd
0x007952df
0x00000000
0x00000000
0x007952e9
0x00000000
0x007952e9
0x007951f6
0x00795203
0x00795203
0x00795206
0x00000000
0x00000000
0x007951fb
0x007951fd
0x007951ff
0x00795212
0x00795212
0x00795213
0x00795216
0x00795218
0x0079521b
0x0079521f
0x00795222
0x00795224
0x00795224
0x00795224
0x00795229
0x0079522c
0x0079522e
0x00795233
0x00795236
0x0079523d
0x0079523f
0x00795241
0x00795241
0x00795241
0x00795241
0x00795247
0x0079524a
0x00000000
0x0079524c
0x0079524c
0x0079524f
0x00795252
0x00795254
0x00795254
0x00795254
0x00795255
0x00795258
0x0079525b
0x0079529d
0x007952a0
0x007952a6
0x007952a6
0x00000000
0x007952a6
0x007952a2
0x00000000
0x0079525d
0x0079525d
0x00795260
0x00795291
0x00795297
0x007952a9
0x007952a9
0x007952b4
0x007952c1
0x007952c1
0x00000000
0x007952c1
0x00795262
0x00795266
0x00795278
0x00795268
0x00795268
0x0079526b
0x0079526e
0x00795270
0x00795270
0x00795270
0x00795273
0x00795273
0x00795282
0x00795282
0x00795284
0x00000000
0x00795286
0x0079528c
0x00000000
0x0079528c
0x00795284
0x0079525b
0x0079524a
0x00795201
0x00795201
0x00795208
0x0079520a
0x00000000
0x0079520a
0x007951bc
0x00795120
0x00795178
0x0079517c
0x00000000
0x00795191
0x00000000
0x00795191
0x00795122
0x00795124
0x00795137
0x00795126
0x0079512c
0x0079512c
0x0079513d
0x00000000
0x00000000
0x00795144
0x0079515a
0x0079515f
0x00000000
0x00000000
0x00795161
0x00795168
0x00000000
0x00000000
0x0079516a
0x0079516d
0x00795173
0x00795176
0x00000000
0x00795176
0x00795146
0x0079514b
0x00795153
0x00000000
0x00795155
0x00795155
0x00000000
0x00795155
0x00795153
0x0079571c
0x0079571f
0x0079571f
0x00795728
0x0079572b
0x0079572b
0x00000000
0x0079572b

Strings

Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x), xrefs: 00795958
Heap block at %p has corrupted PreviousSize (%lx), xrefs: 0079593E
HEAP[%wZ]: , xrefs: 0079575F, 00795790, 00795804, 00795859, 007958B5, 0079591A, 00795998
Heap block at %p has incorrect segment offset (%x), xrefs: 00795877
Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x), xrefs: 007959B5
Heap block at %p is not last block in segment (%p), xrefs: 007958D4
Heap entry %p has incorrect PreviousSize field (%04x instead of %04x), xrefs: 007957B9
Free Heap block %p modified at %p after it was freed, xrefs: 00795825
HEAP: , xrefs: 0079579D, 00795811, 00795866, 007958C2, 00795927, 00795948, 007959A5

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
API String ID: 0-3591852110
Opcode ID: d9705426d3eae52f45efbdd87e602adba11f26bbfe7a8b206b5590d85a33e8df
Instruction ID: 2268812a8c8e21ebf42855c16a1a9822e90bbaa8d5eafc7cd9141c10860ebc93
Opcode Fuzzy Hash: d9705426d3eae52f45efbdd87e602adba11f26bbfe7a8b206b5590d85a33e8df
Instruction Fuzzy Hash: 0862AF70600A65DFCF2ACF69D485ABAB7F1FF48314B15846DE8868B652D338EC81DB50

Uniqueness

Uniqueness Score: 100.00%

Function 00796500, Relevance: 10.3, Strings: 8, Instructions: 324
UNIQUECrypto

C-Code - Quality: 64%

			E00796500(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t123;
				signed int _t124;
				void* _t130;
				intOrPtr _t132;
				signed int _t145;
				signed int _t146;
				signed int _t147;
				intOrPtr _t151;
				intOrPtr _t163;
				signed int _t173;
				signed int _t174;
				signed int _t178;
				short _t184;
				signed int _t193;
				signed int _t194;
				intOrPtr _t197;
				intOrPtr _t219;
				short* _t233;
				intOrPtr _t247;
				signed int _t250;
				signed int _t252;
				signed int _t253;
				void* _t254;
				void* _t255;

				_push(0x18);
				_push(0x721a20);
				_t123 = E00722824(__ebx, __edi, __esi);
				_t247 =  *((intOrPtr*)(_t254 + 8));
				 *((intOrPtr*)(_t254 + 8)) = _t247;
				 *((char*)(_t254 - 0x19)) = 0;
				 *(_t254 - 0x24) = 0;
				if(( *(_t247 + 0x44) & 0x01000000) == 0) {
					 *(_t254 - 4) = 0;
					 *(_t254 - 4) = 1;
					_t232 = "RtlReAllocateHeap";
					_t124 = E0072D6D2(_t247, "RtlReAllocateHeap");
					__eflags = _t124;
					if(_t124 != 0) {
						 *(_t254 + 0xc) =  *(_t254 + 0xc) |  *(_t247 + 0x44) | 0x10000100;
						_t250 =  *(_t254 + 0x14);
						__eflags = _t250;
						if(_t250 == 0) {
							_t235 = 1;
							__eflags = 1;
						} else {
							_t235 = _t250;
						}
						_t130 = ( *((intOrPtr*)(_t247 + 0x98)) + _t235 &  *(_t247 + 0x9c)) + 8;
						__eflags = _t130 - _t250;
						if(_t130 < _t250) {
							L66:
							_t132 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *(_t132 + 0xc);
							if( *(_t132 + 0xc) == 0) {
								_push("HEAP: ");
								E006EF63B();
							} else {
								E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							_push( *((intOrPtr*)(_t247 + 0x7c)));
							E006EF63B("Invalid allocation size - %x (exceeded %x)\n", _t250);
							L007959C1(0);
							_t117 = _t254 - 0x24;
							 *_t117 =  *(_t254 - 0x24) & 0x00000000;
							__eflags =  *_t117;
							goto L71;
						} else {
							__eflags = _t130 -  *((intOrPtr*)(_t247 + 0x7c));
							if(_t130 >  *((intOrPtr*)(_t247 + 0x7c))) {
								goto L66;
							}
							__eflags =  *(_t254 + 0xc) & 0x00000001;
							if(__eflags == 0) {
								E00717310(__eflags,  *((intOrPtr*)(_t247 + 0xcc)));
								 *((char*)(_t254 - 0x19)) = 1;
								_t26 = _t254 + 0xc;
								 *_t26 =  *(_t254 + 0xc) | 0x00000001;
								__eflags =  *_t26;
							}
							L00795C56(_t235, _t247, 0);
							_t252 =  *((intOrPtr*)(_t254 + 0x10)) + 0xfffffff8;
							__eflags =  *((char*)(_t252 + 7)) - 5;
							if( *((char*)(_t252 + 7)) == 5) {
								_t252 = _t252 - (( *(_t252 + 6) & 0x000000ff) << 3);
								__eflags = _t252;
							}
							_t145 = E006F5865(_t235, _t247, _t252, _t232);
							__eflags = _t145;
							if(_t145 == 0) {
								L52:
								_t146 =  *(_t254 - 0x24);
								__eflags = _t146;
								if(_t146 == 0) {
									L71:
									_t119 = _t254 - 4;
									 *_t119 =  *(_t254 - 4) & 0x00000000;
									__eflags =  *_t119;
									 *(_t254 - 4) = 0xfffffffe;
									L0079698B();
									_t123 =  *(_t254 - 0x24);
									goto L72;
								}
								__eflags = _t146 -  *0x7af8a8;
								if(_t146 !=  *0x7af8a8) {
									_t147 = E007271D3();
									__eflags = _t147 & 0x00000800;
									if((_t147 & 0x00000800) == 0) {
										goto L71;
									}
									__eflags =  *(_t254 - 0x20) -  *0x7af8ac;
									if( *(_t254 - 0x20) !=  *0x7af8ac) {
										goto L71;
									}
									__eflags =  *((intOrPtr*)(_t247 + 0x80)) -  *0x7af8ae;
									if( *((intOrPtr*)(_t247 + 0x80)) !=  *0x7af8ae) {
										goto L71;
									}
									_t151 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									__eflags =  *(_t151 + 0xc);
									if( *(_t151 + 0xc) == 0) {
										_push("HEAP: ");
										E006EF63B();
									} else {
										E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
									}
									_push(L00784E84(_t247,  *(_t254 - 0x20)));
									_push( *(_t254 + 0x14));
									E006EF63B("Just reallocated block at %p to 0x%x bytes with tag %ws\n",  *(_t254 - 0x24));
									L58:
									L007959C1(0);
									goto L71;
								}
								_t163 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t163 + 0xc);
								if( *(_t163 + 0xc) == 0) {
									_push("HEAP: ");
									E006EF63B();
								} else {
									E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t254 + 0x14));
								E006EF63B("Just reallocated block at %p to %x bytes\n",  *0x7af8a8);
								goto L58;
							} else {
								__eflags =  *((intOrPtr*)(_t254 + 0x10)) -  *0x7af8a8;
								if( *((intOrPtr*)(_t254 + 0x10)) !=  *0x7af8a8) {
									_t173 = E007271D3();
									__eflags = _t173 & 0x00000800;
									if((_t173 & 0x00000800) == 0) {
										L37:
										_t174 = L0073FBA6(_t247,  *(_t254 + 0xc),  *((intOrPtr*)(_t254 + 0x10)),  *(_t254 + 0x14));
										 *(_t254 - 0x24) = _t174;
										__eflags = _t174;
										if(_t174 != 0) {
											_t70 = _t174 - 8; // -8
											_t253 = _t70;
											__eflags =  *((char*)(_t253 + 7)) - 5;
											if( *((char*)(_t253 + 7)) == 5) {
												_t253 = _t253 - (( *(_t253 + 6) & 0x000000ff) << 3);
												__eflags = _t253;
											}
											__eflags =  *(_t247 + 0x4c);
											if( *(_t247 + 0x4c) != 0) {
												 *_t253 =  *_t253 ^  *(_t247 + 0x50);
												__eflags =  *(_t253 + 3) - ( *(_t253 + 2) ^  *(_t253 + 1) ^  *_t253);
												if(__eflags != 0) {
													_push(0);
													_push(_t253);
													_push(_t247);
													L00794BBA(_t232, _t247, _t253, __eflags);
												}
											}
											__eflags =  *(_t253 + 2) & 0x00000002;
											if(( *(_t253 + 2) & 0x00000002) == 0) {
												_t178 =  *(_t253 + 3) & 0xff;
											} else {
												_t233 = L006FEA3F(_t253);
												__eflags =  *(_t247 + 0x40) & 0x08000000;
												if(( *(_t247 + 0x40) & 0x08000000) == 0) {
													_t184 = 0;
													__eflags = 0;
												} else {
													_t184 = L0078DDF8();
												}
												 *_t233 = _t184;
												_t178 =  *(_t233 + 2) & 0x0000ffff;
											}
											 *(_t254 - 0x20) = _t178;
											__eflags =  *(_t247 + 0x4c);
											if( *(_t247 + 0x4c) != 0) {
												_t235 =  *(_t253 + 2) & 0x000000ff;
												 *(_t253 + 3) =  *(_t253 + 1) & 0x000000ff ^  *_t253 & 0x000000ff ^  *(_t253 + 2) & 0x000000ff;
												 *_t253 =  *_t253 ^  *(_t247 + 0x50);
												__eflags =  *_t253;
											}
										}
										L00794E46(_t235, _t247, 1);
										L00795C56(_t235, _t247, 0);
										goto L52;
									}
									_t232 = 0;
									__eflags =  *0x7af8ac;
									if( *0x7af8ac == 0) {
										goto L37;
									}
									__eflags =  *(_t247 + 0x4c);
									if( *(_t247 + 0x4c) != 0) {
										 *_t252 =  *_t252 ^  *(_t247 + 0x50);
										__eflags =  *(_t252 + 3) - ( *(_t252 + 2) ^  *(_t252 + 1) ^  *_t252);
										if(__eflags != 0) {
											_push(0);
											_push(_t252);
											_push(_t247);
											L00794BBA(0, _t247, _t252, __eflags);
										}
									}
									__eflags =  *(_t252 + 2) & 0x00000002;
									if(( *(_t252 + 2) & 0x00000002) == 0) {
										_t193 =  *(_t252 + 3) & 0xff;
									} else {
										_t193 =  *(L006FEA3F(_t252) + 2) & 0x0000ffff;
									}
									 *(_t254 - 0x20) = _t193;
									__eflags =  *(_t247 + 0x4c) - _t232;
									if( *(_t247 + 0x4c) != _t232) {
										_t235 =  *(_t252 + 2) & 0x000000ff;
										 *(_t252 + 3) =  *(_t252 + 1) & 0x000000ff ^  *_t252 & 0x000000ff ^  *(_t252 + 2) & 0x000000ff;
										 *_t252 =  *_t252 ^  *(_t247 + 0x50);
										__eflags =  *_t252;
									}
									_t194 =  *(_t254 - 0x20);
									__eflags = _t194 - _t232;
									if(_t194 != _t232) {
										__eflags = _t194 -  *0x7af8ac;
										if(_t194 !=  *0x7af8ac) {
											goto L37;
										}
										__eflags =  *((intOrPtr*)(_t247 + 0x80)) -  *0x7af8ae;
										if( *((intOrPtr*)(_t247 + 0x80)) !=  *0x7af8ae) {
											goto L37;
										}
										_t197 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
										__eflags =  *((intOrPtr*)(_t197 + 0xc)) - _t232;
										if( *((intOrPtr*)(_t197 + 0xc)) == _t232) {
											_push("HEAP: ");
											E006EF63B();
										} else {
											E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
										}
										_pop(_t235);
										_push(L00784E84(_t247,  *(_t254 - 0x20)));
										_push( *(_t254 + 0x14));
										E006EF63B("About to rellocate block at %p to 0x%x bytes with tag %ws\n",  *((intOrPtr*)(_t254 + 0x10)));
										_t255 = _t255 + 0x10;
										_push(_t232);
										L36:
										L007959C1();
									}
									goto L37;
								}
								_t219 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t219 + 0xc);
								if( *(_t219 + 0xc) == 0) {
									_push("HEAP: ");
									E006EF63B();
								} else {
									E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
								}
								_pop(_t235);
								_push( *(_t254 + 0x14));
								E006EF63B("About to reallocate block at %p to %x bytes\n",  *0x7af8a8);
								_t255 = _t255 + 0xc;
								_push(0);
								goto L36;
							}
						}
					}
					 *(_t254 - 0x24) = 0;
					goto L71;
				} else {
					_push( *(_t254 + 0x14));
					_push( *((intOrPtr*)(_t254 + 0x10)));
					_push( *(_t254 + 0xc));
					_push(_t247);
					L00793A05();
					L72:
					return E00722869(_t123);
				}
			}

0x00796500
0x00796502
0x00796507
0x0079650c
0x0079650f
0x00796512
0x00796518
0x00796522
0x00796538
0x0079653b
0x00796542
0x00796549
0x0079654e
0x00796550
0x00796562
0x00796565
0x00796568
0x0079656a
0x00796572
0x00796572
0x0079656c
0x0079656c
0x0079656c
0x00796581
0x00796584
0x00796586
0x007968de
0x007968e4
0x007968e7
0x007968eb
0x0079690d
0x00796912
0x007968ed
0x00796905
0x0079690a
0x00796918
0x00796921
0x0079692b
0x00796967
0x00796967
0x00796967
0x00000000
0x0079658c
0x0079658c
0x0079658f
0x00000000
0x00000000
0x00796595
0x00796599
0x007965a1
0x007965a6
0x007965aa
0x007965aa
0x007965aa
0x007965aa
0x007965b1
0x007965b9
0x007965bc
0x007965c0
0x007965c9
0x007965c9
0x007965c9
0x007965ce
0x007965d3
0x007965d5
0x007967de
0x007967de
0x007967e1
0x007967e3
0x0079696b
0x0079696b
0x0079696b
0x0079696b
0x0079696f
0x00796976
0x0079697b
0x00000000
0x0079697b
0x007967e9
0x007967ef
0x0079684d
0x00796852
0x00796857
0x00000000
0x00000000
0x00796861
0x00796868
0x00000000
0x00000000
0x00796875
0x0079687c
0x00000000
0x00000000
0x00796888
0x0079688b
0x0079688f
0x007968b1
0x007968b6
0x00796891
0x007968a9
0x007968ae
0x007968c5
0x007968c6
0x007968d1
0x00796841
0x00796843
0x00000000
0x00796843
0x007967f7
0x007967fa
0x007967fe
0x00796820
0x00796825
0x00796800
0x00796818
0x0079681d
0x0079682b
0x00796839
0x00000000
0x007965db
0x007965de
0x007965e4
0x0079663d
0x00796642
0x00796647
0x00796730
0x0079673a
0x0079673f
0x00796742
0x00796744
0x0079674a
0x0079674a
0x0079674d
0x00796751
0x0079675a
0x0079675a
0x0079675a
0x0079675c
0x00796760
0x00796765
0x0079676f
0x00796772
0x00796774
0x00796776
0x00796777
0x00796778
0x00796778
0x00796772
0x0079677d
0x00796781
0x007967ab
0x00796783
0x00796789
0x0079678b
0x00796792
0x0079679b
0x0079679b
0x00796794
0x00796794
0x00796794
0x0079679d
0x007967a0
0x007967a0
0x007967ae
0x007967b1
0x007967b5
0x007967c0
0x007967c6
0x007967cc
0x007967cc
0x007967cc
0x007967b5
0x007967d1
0x007967d9
0x00000000
0x007967d9
0x0079664d
0x0079664f
0x00796655
0x00000000
0x00000000
0x0079665b
0x0079665e
0x00796663
0x0079666d
0x00796670
0x00796672
0x00796673
0x00796674
0x00796675
0x00796675
0x00796670
0x0079667a
0x0079667e
0x00796691
0x00796680
0x00796686
0x00796686
0x00796694
0x00796697
0x0079669a
0x007966a5
0x007966ab
0x007966b1
0x007966b1
0x007966b1
0x007966b3
0x007966b6
0x007966b9
0x007966bb
0x007966c2
0x00000000
0x00000000
0x007966cb
0x007966d2
0x00000000
0x00000000
0x007966da
0x007966dd
0x007966e0
0x00796702
0x00796707
0x007966e2
0x007966fa
0x007966ff
0x0079670c
0x00796716
0x00796717
0x00796722
0x00796727
0x0079672a
0x0079672b
0x0079672b
0x0079672b
0x00000000
0x007966b9
0x007965ec
0x007965ef
0x007965f3
0x00796615
0x0079661a
0x007965f5
0x0079660d
0x00796612
0x0079661f
0x00796620
0x0079662e
0x00796633
0x00796636
0x00000000
0x00796636
0x007965d5
0x00796586
0x00796552
0x00000000
0x00796524
0x00796524
0x00796527
0x0079652a
0x0079652d
0x0079652e
0x0079697e
0x00796983
0x00796983

Strings

RtlReAllocateHeap, xrefs: 00796542, 00796547, 007965CB
Invalid allocation size - %x (exceeded %x), xrefs: 0079691C
HEAP[%wZ]: , xrefs: 00796608, 007966F5, 00796813, 007968A4, 00796900
About to rellocate block at %p to 0x%x bytes with tag %ws, xrefs: 0079671D
Just reallocated block at %p to 0x%x bytes with tag %ws, xrefs: 007968CC
Just reallocated block at %p to %x bytes, xrefs: 00796834
About to reallocate block at %p to %x bytes, xrefs: 00796629
HEAP: , xrefs: 00796615, 00796702, 00796820, 007968B1, 0079690D

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: About to reallocate block at %p to %x bytes$About to rellocate block at %p to 0x%x bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %x (exceeded %x)$Just reallocated block at %p to %x bytes$Just reallocated block at %p to 0x%x bytes with tag %ws$RtlReAllocateHeap
API String ID: 0-3744532478
Opcode ID: cd0036c08c1416c6bace10325cd7891712a62106adfb22b576659668ffe1c855
Instruction ID: 4d233bd5195768ff330a142136c122173152cab225184516afd41bf8de75a387
Opcode Fuzzy Hash: cd0036c08c1416c6bace10325cd7891712a62106adfb22b576659668ffe1c855
Instruction Fuzzy Hash: 2CC1D070501651EFDF25AFA8E84ABAABBE1EF04710F048158F89597292C33CEC51DB64

Uniqueness

Uniqueness Score: 100.00%

Function 007277C8, Relevance: 9.2, Strings: 7, Instructions: 466
UNIQUECrypto

C-Code - Quality: 88%

			E007277C8(signed short* __ecx, signed short __edx, signed short* __esi, char _a4, signed int _a8) {
				signed int _v8;
				short _v12;
				short _v24;
				intOrPtr _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				short _v42;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed short _v56;
				signed int _v60;
				signed short _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed char* _v84;
				signed int _v88;
				char _v92;
				signed int _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v144;
				intOrPtr _v148;
				char _v152;
				char _v156;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t186;
				short _t194;
				signed int _t196;
				intOrPtr _t205;
				signed char* _t206;
				signed char _t207;
				signed int _t209;
				signed short* _t210;
				void* _t214;
				signed int _t215;
				signed int _t219;
				void* _t221;
				signed int _t223;
				signed short _t227;
				signed char _t232;
				void* _t237;
				signed int _t238;
				signed short _t242;
				signed int _t253;
				void* _t254;
				signed int _t255;
				signed short _t259;
				void* _t265;
				signed int _t266;
				signed int _t270;
				signed short* _t281;
				signed int _t282;
				signed int _t283;
				signed int _t287;
				signed int _t288;
				signed int _t291;
				intOrPtr* _t296;
				intOrPtr _t297;
				signed int _t299;
				signed int* _t300;
				signed short _t304;
				signed int _t337;
				signed int* _t342;
				signed int _t345;
				signed short* _t347;
				signed int _t348;
				void* _t349;
				void* _t350;

				_t347 = __esi;
				_t186 =  *0x7a81e8; // 0x77d55b89
				_v8 = _t186 ^ _t348;
				_v88 = _a8;
				_t345 = __edx;
				_t281 = __ecx;
				_v56 = __edx;
				_v156 = 0x40;
				L00704EC0( &_v152, 0, 0x3c);
				_t350 = _t349 + 0xc;
				_v68 =  *_t281;
				_v64 = _t281[2];
				_t337 =  &_v12;
				_v32 = _t337;
				_v40 = _t337;
				_v36 =  &_v12;
				_t194 = 2;
				_v12 = 0;
				_v44 = 0;
				_v42 = _t194;
				_t341 =  &_v68;
				_v72 = 0;
				_v60 = 0;
				_v28 = _t194;
				_v24 = _t194;
				_t282 = E0072740B(3, 0, _t194,  &_v68,  &_v156);
				if(_t282 >= 0) {
					__eflags = _a4;
					if(_a4 != 0) {
						L48:
						_t283 = 0;
						goto L7;
					}
					__eflags = _v144 - 0x14;
					_v72 = _v124;
					if(_v144 < 0x14) {
						L2:
						_t283 = 0xc0150003;
						goto L7;
					}
					__eflags = _v152 - 1;
					if(_v152 != 1) {
						goto L2;
					}
					_t205 = _v148;
					_t296 = _t205 + 0x10;
					_v52 = _t296;
					_t297 =  *_t296;
					__eflags = _t297 - _v128;
					if(_t297 > _v128) {
						goto L2;
					}
					_t342 = _t205 + 0xc;
					_v76 = _t342;
					_t341 =  *_t342;
					__eflags = _t341 - 0x1fffffff;
					if(_t341 > 0x1fffffff) {
						goto L2;
					}
					_t341 = _t341 << 3;
					_t285 = (_t282 | 0xffffffff) - _t341;
					__eflags = _t297 - (_t282 | 0xffffffff) - _t341;
					if(_t297 > (_t282 | 0xffffffff) - _t341) {
						goto L2;
					}
					_t341 = _t341 + _t297;
					__eflags = _t341 - _v128;
					if(_t341 > _v128) {
						goto L2;
					}
					_t206 = _t205 + 4;
					_v84 = _t206;
					_t207 =  *_t206;
					__eflags = _t207 & 0x00000002;
					if((_t207 & 0x00000002) == 0) {
						L26:
						_t287 =  *_v52 + _v132;
						_t209 = 0;
						 *_t345 = 0;
						_t299 =  *_v76;
						_v52 = _t299;
						__eflags = _t299;
						while(1) {
							_v48 = _t209;
							if(__eflags == 0) {
								break;
							}
							_t300 = _t287 + 4 + _t209 * 8;
							_t341 =  *_t300;
							_v76 = _t341;
							__eflags = _t341 - _v128;
							if(_t341 > _v128) {
								goto L2;
							}
							_t210 = _t287 + _t209 * 8;
							_t341 = (_t341 | 0xffffffff) -  *_t210;
							__eflags =  *_t300 - _t341;
							if( *_t300 > _t341) {
								goto L2;
							}
							__eflags =  *_t210 + _v76 - _v128;
							if( *_t210 + _v76 > _v128) {
								goto L2;
							}
							 *_t345 =  *_t345 + ( *_t210 & 0x0000ffff);
							_t209 = _v48 + 1;
							__eflags = _t209 - _v52;
						}
						_t303 = _v60;
						__eflags = _t303;
						if(_t303 != 0) {
							 *_t345 =  *_t345 + ( *_t303 & 0x0000ffff);
							__eflags =  *_t345;
						}
						_t214 = ( *_t345 & 0x0000ffff) + 2;
						__eflags = _t214 - 0xfffe;
						if(_t214 > 0xfffe) {
							L77:
							_t283 = 0xc0000106;
							goto L7;
						} else {
							_t345 =  &(_t347[4]);
							__eflags = _t345;
							if(_t345 == 0) {
								L61:
								_t215 = E006F514B(0, _t345, _t214);
								__eflags = _t215;
								if(_t215 >= 0) {
									_t303 = _v60;
									L33:
									_t347[2] =  *_t345;
									_t347[1] = _t347[8];
									__eflags = _t303;
									if(_t303 == 0) {
										L38:
										_v48 = _v48 & 0x00000000;
										__eflags = _v52;
										if(_v52 != 0) {
											while(1) {
												_t219 = _v48 << 3;
												_t304 =  *((intOrPtr*)(_t219 + _t287));
												_t345 =  *((intOrPtr*)(_t219 + _t287 + 4)) + _v132;
												_v80 = _t304;
												_t221 = ( *_t347 & 0x0000ffff) + (_t304 & 0x0000ffff) + 2;
												__eflags = _t221 - 0xfffe;
												if(_t221 > 0xfffe) {
													goto L77;
												}
												__eflags =  &(_t347[4]);
												if( &(_t347[4]) == 0) {
													L69:
													_t223 = E006F514B(0,  &(_t347[4]), _t221);
													__eflags = _t223;
													if(_t223 < 0) {
														goto L62;
													}
													L70:
													_t347[2] = _t347[4];
													L00704B80(_t347[4] + (( *_t347 & 0x0000ffff) >> 1) * 2, _t345, _v80 & 0x0000ffff);
													_t227 = _v80;
													 *_t347 =  *_t347 + _t227;
													_t347[1] =  *_t347 + _t227 + 2;
													_t303 = _t347[2];
													_t341 = 0;
													_t350 = _t350 + 0xc;
													_v48 = _v48 + 1;
													 *((short*)(_t347[2] + (( *_t347 & 0x0000ffff) >> 1) * 2)) = 0;
													__eflags = _v48 - _v52;
													if(_v48 == _v52) {
														goto L39;
													}
													continue;
												}
												__eflags = _t221 - _t347[8];
												if(_t221 <= _t347[8]) {
													goto L70;
												}
												goto L69;
											}
											goto L77;
										}
										L39:
										_t232 =  *_v84;
										_t345 = _v56;
										__eflags = _t232 & 0x00000001;
										if((_t232 & 0x00000001) != 0) {
											L46:
											__eflags =  *_v84 & 0x00000004;
											if(__eflags != 0) {
												_push(0);
												_t341 = _t347;
												_t283 = E007780CA(_t287,  &_v44, _t347, _t345, _t347, __eflags);
												__eflags = _t283;
												if(_t283 < 0) {
													goto L7;
												}
												 *_t347 = 0;
												_t237 = (_v44 & 0x0000ffff) + 2;
												__eflags = _t237 - 0xfffe;
												if(_t237 > 0xfffe) {
													goto L77;
												}
												_t288 =  &(_t347[4]);
												__eflags = _t288;
												if(_t288 == 0) {
													L84:
													_t238 = E006F514B(0, _t288, _t237);
													__eflags = _t238;
													if(_t238 < 0) {
														goto L62;
													}
													L85:
													_t347[2] =  *_t288;
													L00704B80( *_t288 + (( *_t347 & 0x0000ffff) >> 1) * 2, _v40, _v44 & 0x0000ffff);
													_t242 = _v44;
													 *_t347 =  *_t347 + _t242;
													_t347[1] =  *_t347 + _t242 + 2;
													_t341 = 0;
													 *((short*)(_t347[2] + (( *_t347 & 0x0000ffff) >> 1) * 2)) = 0;
													goto L47;
												}
												__eflags = _t237 - _t347[8];
												if(_t237 <= _t347[8]) {
													goto L85;
												}
												goto L84;
											}
											L47:
											_t195 = _v88;
											__eflags = _t195;
											if(_t195 != 0) {
												 *_t195 =  *_t195 | 0x00000002;
											}
											goto L48;
										}
										__eflags = _t232 & 0x00000008;
										if((_t232 & 0x00000008) != 0) {
											_t283 = E00727015(1,  &_v68, 0x6fa5fc,  &_v56);
											__eflags = _t283;
											if(_t283 >= 0) {
												_v68 = _v68 + 0xfffe - _v56;
												_v64 = _v64 + 2 + ((_v56 & 0x0000ffff) >> 1) * 2;
												goto L41;
											}
											__eflags = _t283 - 0xc0000225;
											if(_t283 != 0xc0000225) {
												goto L7;
											}
											_push("Status != STATUS_NOT_FOUND");
											_push(0x472);
											L75:
											_push("d:\\w7rtm\\minkernel\\ntdll\\sxsisol.cpp");
											_push("Internal error check failed");
											E0077F613(_t303, _t341);
											_t283 = 0xc00000e5;
											goto L7;
										}
										L41:
										_t253 = _v68 & 0x0000ffff;
										 *_t345 =  *_t345 + _t253;
										__eflags =  *_t345 - 0xffff;
										if( *_t345 >= 0xffff) {
											goto L77;
										}
										_t254 = ( *_t347 & 0x0000ffff) + _t253 + 2;
										__eflags = _t254 - 0xfffe;
										if(_t254 > 0xfffe) {
											goto L77;
										}
										_t287 =  &(_t347[4]);
										__eflags = _t287;
										if(_t287 == 0) {
											L78:
											_t255 = E006F514B(0, _t287, _t254);
											__eflags = _t255;
											if(_t255 >= 0) {
												L45:
												_t347[2] =  *_t287;
												L00704B80( *_t287 + (( *_t347 & 0x0000ffff) >> 1) * 2, _v64, _v68 & 0x0000ffff);
												_t259 = _v68;
												 *_t347 =  *_t347 + _t259;
												_t347[1] =  *_t347 + _t259 + 2;
												_t350 = _t350 + 0xc;
												_t341 = 0;
												__eflags = 0;
												 *((short*)(_t347[2] + (( *_t347 & 0x0000ffff) >> 1) * 2)) = 0;
												goto L46;
											}
											goto L62;
										}
										__eflags = _t254 - _t347[8];
										if(_t254 > _t347[8]) {
											goto L78;
										}
										goto L45;
									}
									 *_t347 = 0;
									_t265 = ( *_t303 & 0x0000ffff) + 2;
									__eflags = _t265 - 0xfffe;
									if(_t265 > 0xfffe) {
										goto L77;
									}
									__eflags = _t345;
									if(_t345 == 0) {
										L64:
										_t266 = E006F514B(0, _t345, _t265);
										__eflags = _t266;
										if(_t266 < 0) {
											goto L62;
										}
										_t303 = _v60;
										L37:
										_t347[2] =  *_t345;
										L00704B80( *_t345 + (( *_t347 & 0x0000ffff) >> 1) * 2,  *((intOrPtr*)(_t303 + 4)),  *_t303 & 0x0000ffff);
										_t270 = _v60;
										_t350 = _t350 + 0xc;
										_t347[1] =  *_t347 +  *_t270 + 2;
										 *_t347 =  *_t347 +  *_t270;
										_t303 = _t347[2];
										_t341 = 0;
										__eflags = 0;
										 *((short*)(_t347[2] + (( *_t347 & 0x0000ffff) >> 1) * 2)) = 0;
										goto L38;
									}
									__eflags = _t265 - _t347[8];
									if(_t265 > _t347[8]) {
										goto L64;
									}
									goto L37;
								}
								L62:
								_t283 = 0xc0000017;
								goto L7;
							}
							__eflags = _t214 - _t347[8];
							if(_t214 > _t347[8]) {
								goto L61;
							}
							goto L33;
						}
					}
					_t303 = 0;
					_v48 = 0;
					__eflags = _t207 & 0x00000004;
					if((_t207 & 0x00000004) != 0) {
						_push("sxsisol_SearchActCtxForDllName");
						_push( *((intOrPtr*)( *[fs:0x18] + 0x24)));
						L006F1ACE(0x33, 0, "[%x.%x] SXS: %s - Relative redirection plus env var expansion.\n",  *((intOrPtr*)( *[fs:0x18] + 0x20)));
						goto L2;
					}
					__eflags = _v116 & 0x00000001;
					if((_v116 & 0x00000001) != 0) {
						__eflags = _v116 & 0x00000002;
						if((_v116 & 0x00000002) != 0) {
							_push("!(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)");
							_push(0x416);
							goto L75;
						}
						_t303 = 1;
					}
					__eflags = _v116 & 0x00000002;
					if((_v116 & 0x00000002) != 0) {
						_t303 = _t303 | 0x00000002;
					}
					_t283 = E00743868(_t285, _t303, _v124, _v120,  &_v60, 0x744208,  &_v48);
					__eflags = _t283;
					if(_t283 < 0) {
						__eflags = _t283 - 0xc0000120;
						if(_t283 == 0xc0000120) {
							__eflags = _v48;
							if(_v48 < 0) {
								_t283 = _v48;
							}
						}
						goto L7;
					} else {
						goto L26;
					}
				} else {
					__eflags = __ebx - 0xc0150001;
					if(__ebx == 0xc0150001) {
						__ebx = __ebx + 7;
					}
					L7:
					_t291 = _v36;
					_t196 = _v32;
					if(_t291 != 0) {
						if(_t291 != _t196) {
							_v88 = _t291;
							L00722F1E( &_v92);
							_t196 = _v32;
						}
						_v36 = _t196;
						_v28 = _v24;
					}
					_v40 = _t196;
					if(_t196 != 0) {
						 *_t196 = 0;
					}
					_v44 = 0;
					_t198 = _v24;
					_v42 = _v24;
					if(_v72 != 0) {
						E00742622(_t198, _v72);
					}
					return L00722F0C(_t283, _t283, _v8 ^ _t348, _t341, _t345, _t347);
				}
			}

0x007277c8
0x007277d3
0x007277da
0x007277e4
0x007277ed
0x007277f2
0x007277f4
0x007277f7
0x00727801
0x00727808
0x0072780b
0x00727813
0x00727816
0x00727819
0x0072781c
0x00727824
0x00727827
0x00727828
0x0072782c
0x00727832
0x0072783d
0x00727847
0x0072784a
0x0072784d
0x00727850
0x00727858
0x0072785c
0x0074361c
0x00743620
0x0074385c
0x0074385c
0x00000000
0x0074385c
0x00743626
0x00743630
0x00743633
0x006d81a5
0x006d81a5
0x00000000
0x006d81a5
0x00743639
0x00743640
0x00000000
0x00000000
0x00743646
0x0074364c
0x0074364f
0x00743652
0x00743654
0x00743657
0x00000000
0x00000000
0x0074365d
0x00743660
0x00743663
0x00743665
0x0074366b
0x00000000
0x00000000
0x00743671
0x00743677
0x00743679
0x0074367b
0x00000000
0x00000000
0x00743681
0x00743683
0x00743686
0x00000000
0x00000000
0x0074368c
0x0074368f
0x00743692
0x00743694
0x00743696
0x007436dc
0x007436e4
0x007436e7
0x007436e9
0x007436eb
0x007436ed
0x007436f0
0x007436f2
0x007436f2
0x007436f5
0x00000000
0x00000000
0x00753544
0x00753548
0x0075354a
0x0075354d
0x00753550
0x00000000
0x00000000
0x00753559
0x0075355c
0x0075355e
0x00753560
0x00000000
0x00000000
0x0075356b
0x0075356e
0x00000000
0x00000000
0x00753577
0x0075357c
0x0075357d
0x0075357d
0x007436fb
0x007436fe
0x00743700
0x00743705
0x00743705
0x00743705
0x0074370a
0x0074370d
0x00743712
0x007536bd
0x007536bd
0x00000000
0x00743718
0x00743718
0x0074371b
0x0074371d
0x00753585
0x00753589
0x0075358e
0x00753590
0x0075359c
0x0074372c
0x0074372e
0x00743735
0x00743739
0x0074373b
0x007437a6
0x007437a6
0x007437aa
0x007437ae
0x007535b9
0x007535bc
0x007535bf
0x007535c7
0x007535cd
0x007535d4
0x007535d8
0x007535dd
0x00000000
0x00000000
0x007535e6
0x007535e8
0x007535ef
0x007535f6
0x007535fb
0x007535fd
0x00000000
0x00000000
0x007535ff
0x0075360c
0x00753614
0x0075361c
0x00753620
0x0075362f
0x00753633
0x00753636
0x00753638
0x0075363b
0x0075363e
0x00753645
0x00753648
0x00000000
0x00000000
0x00000000
0x0075364e
0x007535ea
0x007535ed
0x00000000
0x00000000
0x00000000
0x007535ed
0x00000000
0x007535b9
0x007437b4
0x007437b7
0x007437b9
0x007437bc
0x007437be
0x00743845
0x00743848
0x0074384b
0x007536dd
0x007536e2
0x007536e9
0x007536eb
0x007536ed
0x00000000
0x00000000
0x007536f5
0x007536fc
0x007536ff
0x00753704
0x00000000
0x00000000
0x00753706
0x00753709
0x0075370b
0x00753712
0x00753716
0x0075371b
0x0075371d
0x00000000
0x00000000
0x00753723
0x00753732
0x00753739
0x00753741
0x00753745
0x00753752
0x0075375e
0x00753760
0x00000000
0x00753760
0x0075370d
0x00753710
0x00000000
0x00000000
0x00000000
0x00753710
0x00743851
0x00743851
0x00743854
0x00743856
0x006d819d
0x006d819d
0x00000000
0x00743856
0x007437c4
0x007437c6
0x00753667
0x00753669
0x0075366b
0x007536a7
0x007536b5
0x00000000
0x007536b5
0x0075366d
0x00753673
0x00000000
0x00000000
0x00753679
0x0075367e
0x00753683
0x00753683
0x00753688
0x0075368d
0x00753692
0x00000000
0x00753692
0x007437cc
0x007437cc
0x007437d0
0x007437d2
0x007437d8
0x00000000
0x00000000
0x007437e1
0x007437e5
0x007437ea
0x00000000
0x00000000
0x007437f0
0x007437f3
0x007437f5
0x007536c7
0x007536cb
0x007536d0
0x007536d2
0x00743804
0x00743813
0x0074381a
0x00743822
0x00743826
0x00743833
0x0074383c
0x0074383f
0x0074383f
0x00743841
0x00000000
0x00743841
0x00000000
0x007536d8
0x007437fb
0x007437fe
0x00000000
0x00000000
0x00000000
0x007437fe
0x0074373f
0x00743745
0x00743748
0x0074374d
0x00000000
0x00000000
0x00743753
0x00743755
0x007535a4
0x007535a8
0x007535ad
0x007535af
0x00000000
0x00000000
0x007535b1
0x00743764
0x00743766
0x00743779
0x00743781
0x00743787
0x0074378e
0x00743795
0x0074379b
0x007437a0
0x007437a0
0x007437a2
0x00000000
0x007437a2
0x0074375b
0x0074375e
0x00000000
0x00000000
0x00000000
0x0074375e
0x00753592
0x00753592
0x00000000
0x00753592
0x00743723
0x00743726
0x00000000
0x00000000
0x00000000
0x00743726
0x00743712
0x00743698
0x0074369a
0x0074369d
0x0074369f
0x007534dd
0x007534e2
0x007534f6
0x00000000
0x007534fb
0x007436a5
0x007436a9
0x00744f81
0x00744f85
0x00753517
0x0075351c
0x00000000
0x0075351c
0x00744f8d
0x00744f8d
0x007436af
0x007436b3
0x006f51c5
0x006f51c5
0x007436d2
0x007436d4
0x007436d6
0x00753526
0x0075352c
0x00753532
0x00753536
0x0075353c
0x0075353c
0x00753536
0x00000000
0x00000000
0x00000000
0x00000000
0x00727862
0x00727862
0x00727868
0x006f69fc
0x006f69fc
0x0072786e
0x0072786e
0x00727871
0x00727876
0x0072787a
0x00753507
0x0075350a
0x0075350f
0x0075350f
0x00727883
0x00727886
0x00727886
0x00727889
0x0072788e
0x00727892
0x00727892
0x0072789b
0x0072789f
0x007278a3
0x007278a7
0x006fb555
0x006fb555
0x007278bc
0x007278bc

Strings

Status != STATUS_NOT_FOUND, xrefs: 00753679
d:\w7rtm\minkernel\ntdll\sxsisol.cpp, xrefs: 00753683
[%x.%x] SXS: %s - Relative redirection plus env var expansion., xrefs: 007534EE
Internal error check failed, xrefs: 00753688
@, xrefs: 007277F7
sxsisol_SearchActCtxForDllName, xrefs: 007534DD
!(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT), xrefs: 00753517

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)$@$Internal error check failed$Status != STATUS_NOT_FOUND$[%x.%x] SXS: %s - Relative redirection plus env var expansion.$d:\w7rtm\minkernel\ntdll\sxsisol.cpp$sxsisol_SearchActCtxForDllName
API String ID: 0-4103935307
Opcode ID: 50b2a4ad8c2fa9c55ca36233fb1f49c998b001406f7a5165a97679e3e8357d9a
Instruction ID: 7ab6665c7590c6f246f5f5692753a77e38ce5b437a97e850574c71f0c10f0b88
Opcode Fuzzy Hash: 50b2a4ad8c2fa9c55ca36233fb1f49c998b001406f7a5165a97679e3e8357d9a
Instruction Fuzzy Hash: E1027070900219DFDB24DFA8C895AFEB7F5FF18704F20842EE956AB251E7789949CB10

Uniqueness

Uniqueness Score: 100.00%

Function 006FE4D7, Relevance: 8.1, Strings: 6, Instructions: 602
COMMONCrypto

C-Code - Quality: 60%

			E006FE4D7(void* __ebx, void* __edi, signed int _a4, unsigned int _a8, signed int _a12, signed int _a16) {
				signed int _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				unsigned int _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				intOrPtr __esi;
				void* __ebp;
				unsigned int _t257;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t265;
				signed char _t266;
				intOrPtr _t268;
				signed int _t280;
				intOrPtr _t287;
				intOrPtr _t288;
				unsigned int _t294;
				signed char _t295;
				signed int _t304;
				unsigned int _t313;
				signed int _t314;
				intOrPtr _t322;
				intOrPtr _t334;
				signed int _t344;
				signed int _t345;
				signed int _t346;
				signed int _t347;
				signed int _t349;
				unsigned int _t350;
				unsigned int _t368;
				signed int _t369;
				intOrPtr _t377;
				intOrPtr _t391;
				signed int _t404;
				signed int _t409;
				signed int _t419;
				intOrPtr _t421;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				intOrPtr _t435;
				void* _t442;
				signed int _t453;
				intOrPtr _t455;
				signed short* _t456;
				signed short* _t457;
				void* _t459;
				signed int _t460;

				_t460 = _a4;
				_v12 = 0;
				if(( *(_t460 + 0xd0) ^  *(_t460 + 0x58)) != 0) {
					return L0072EB88(_t460, _a8, _a12);
				} else {
					__eflags = _a16;
					_push(__ebx);
					_push(__edi);
					if(_a16 != 0) {
						__ebx = _a8;
						__eflags =  *(__ebx + 2) & 0x00000008;
						if(( *(__ebx + 2) & 0x00000008) != 0) {
							 *((intOrPtr*)(__esi + 0x120)) =  *((intOrPtr*)(__esi + 0x120)) - 1;
							 &_v24 =  &_v36;
							__edx = __ebx;
							__ecx = __esi;
							__eax = E006FC2C2(__edx,  &_v36,  &_v24);
							__eflags = __al;
							if(__al != 0) {
								__eax = _v24;
								_t181 = __esi + 0x124;
								 *_t181 =  *(__esi + 0x124) - _v24;
								__eflags =  *_t181;
							}
						}
						_a4 = __ebx;
						L37:
						__al =  *((intOrPtr*)(__ebx + 6));
						__eflags = __al;
						if(__al == 0) {
							_t404 = _t460;
							_v20 = _t460;
						} else {
							__al & 0x000000ff = (__al & 0x000000ff) << 0x10;
							__ebx = __ebx & 0xffff0000;
							__ebx = __ebx - ((__al & 0x000000ff) << 0x10);
							__ebx = __ebx + 0x10000;
							__eflags = __ebx;
							_v20 = __ebx;
						}
						_t257 = _a4 + _a12 * 8;
						_v24 = _t257;
						if( *((char*)(_t257 + 7)) == 3) {
							_t459 = _t257 + 8;
							E0072F2E9(_t460, _t459);
							_v28 =  *((intOrPtr*)(_t459 + 0x10));
							 *((intOrPtr*)(_t404 + 0x30)) =  *((intOrPtr*)(_t404 + 0x30)) - 1;
							_v16 =  *(_t459 + 0x14);
							 *((intOrPtr*)(_t404 + 0x2c)) =  *((intOrPtr*)(_t404 + 0x2c)) - ( *(_t459 + 0x14) >> 0xc);
							 *((intOrPtr*)(_t460 + 0xe0)) =  *((intOrPtr*)(_t460 + 0xe0)) +  *(_t459 + 0x14);
							 *((intOrPtr*)(_t460 + 0xf0)) =  *((intOrPtr*)(_t460 + 0xf0)) - 1;
							if( *(_t459 + 0x14) >= 0x7f000) {
								 *(_t460 + 0xe4) =  *(_t460 + 0xe4) -  *(_t459 + 0x14);
							}
							_t117 = ( *(_t459 + 0x14) >> 3) + 0x20; // 0x21
							_a12 = _a12 + _t117;
							_v12 = 1;
						} else {
							_v16 = _v16 & 0x00000000;
						}
						if(( *(_a4 + 4) ^  *(_t460 + 0x54)) == 0) {
							_t441 = _a4;
							_v8 = _a4;
							_t261 = E006DF198(_t404, _a4);
							__eflags = _a16;
							_t453 = _t261;
							if(_a16 != 0) {
								__eflags = _t453;
								if(_t453 != 0) {
									goto L5;
								}
								goto L44;
							}
							L5:
							__eflags =  *0x7af9f4 - 1;
							if( *0x7af9f4 >= 1) {
								__eflags = _t453;
								if(_t453 == 0) {
									_t334 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									__eflags =  *((intOrPtr*)(_t334 + 0xc)) - _t453;
									if( *((intOrPtr*)(_t334 + 0xc)) == _t453) {
										_push("HEAP: ");
										E006EF63B();
									} else {
										E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
									}
									_push("(UCRBlock != NULL)");
									E006EF63B();
									L00794AF2(_t404, _t441, _t453, _t460, 1);
								}
							}
							__eflags = _v12;
							_t262 = _a12;
							_t409 = _a4;
							if(_v12 != 0) {
								_t263 = _t409 + _t262 * 8;
							} else {
								_t15 = _t262 * 8; // -16
								_t263 = _t409 + _t15 - 0x10;
							}
							_t265 = (_t263 & 0xfffff000) - _v8;
							__eflags = _t265;
							_a8 = _t265;
							if(_t265 == 0) {
								L87:
								__eflags =  *0x7af9f4 - 1;
								if( *0x7af9f4 >= 1) {
									__eflags = _v12;
									if(_v12 != 0) {
										_t268 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
										__eflags =  *(_t268 + 0xc);
										if( *(_t268 + 0xc) == 0) {
											_push("HEAP: ");
											E006EF63B();
										} else {
											E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
										}
										_push("(!TrailingUCR)");
										E006EF63B();
										L00794AF2(_t404, _t441, _t453, _t460, 1);
									}
								}
								L29:
								_push(_a12);
								_push(_a4);
								L58:
								_push(_t460);
								_t266 = L0072EB88();
								L66:
								return _t266;
							}
							_t280 = E00732686(0xffffffff,  &_v8,  &_a8, 0x4000);
							__eflags = _t280;
							if(_t280 < 0) {
								L91:
								_t442 = 3;
								L0072ED2C(_t460, _t442);
								__eflags = _v12;
								if(_v12 != 0) {
									L0072EE41(_t460, _t404, _v28 + 0xffffffe8, _v16, _a4,  &_a12);
								}
								goto L29;
							}
							__eflags =  *0x7ffe0380;
							if( *0x7ffe0380 != 0) {
								_t287 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t287 + 0x240) & 0x00000001;
								if(( *(_t287 + 0x240) & 0x00000001) != 0) {
									E007942AC(_t460, _v8, _a8, 5);
								}
							}
							 *((intOrPtr*)(_t460 + 0xf8)) =  *((intOrPtr*)(_t460 + 0xf8)) + 1;
							_t288 =  *((intOrPtr*)(_t453 + 0x14));
							__eflags = _t288 - 0x7f000;
							if(_t288 >= 0x7f000) {
								_t24 = _t460 + 0xe4;
								 *_t24 =  *(_t460 + 0xe4) - _t288;
								__eflags =  *_t24;
							}
							E0072F2E9(_t460, _t453);
							 *((intOrPtr*)(_t453 + 0x14)) =  *((intOrPtr*)(_t453 + 0x14)) + _a8;
							L0072EF02(_t460, _t453);
							 *((intOrPtr*)(_t404 + 0x2c)) =  *((intOrPtr*)(_t404 + 0x2c)) + (_a8 >> 0xc);
							_t294 = _a8;
							 *((intOrPtr*)(_t460 + 0xe0)) =  *((intOrPtr*)(_t460 + 0xe0)) - _t294;
							_t455 =  *((intOrPtr*)(_t453 + 0x14));
							__eflags = _t455 - 0x7f000;
							if(_t455 >= 0x7f000) {
								_t36 = _t460 + 0xe4;
								 *_t36 =  *(_t460 + 0xe4) + _t455;
								__eflags =  *_t36;
							}
							__eflags = _v12;
							if(_v12 != 0) {
								L22:
								_t295 =  *0x7ffe0380;
								__eflags = _t295;
								if(_t295 != 0) {
									__eflags =  *( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x240) & 0x00000001;
									if(__eflags != 0) {
										E00794758(__eflags, _t460, _v8, _a8,  *(_t460 + 0x78) << 3, _v12, _v16, _t295 & 0x000000ff);
									}
								}
								_t266 =  *0x7ffe038a;
								__eflags = _t266;
								if(__eflags != 0) {
									_push(_t266 & 0x000000ff);
									_push(_v16);
									_push(_v12);
									L118:
									_push( *(_t460 + 0x78) << 3);
									_push(_a8);
									_push(_v8);
									_push(_t460);
									_t266 = E00794758(_t477);
								}
								goto L66;
							}
							_t456 = _t294 + _v8;
							_t419 = _a4;
							_t456[2] =  *(_t460 + 0x54);
							_t304 = _a12;
							_t446 = _a8 + _v8;
							__eflags = _t419 + _t304 * 8 - _a8 + _v8;
							if(_t419 + _t304 * 8 == _a8 + _v8) {
								__eflags =  *(_t460 + 0x4c);
								if( *(_t460 + 0x4c) != 0) {
									_t456[1] = _t456[1] ^ _t456[0] ^  *_t456;
									 *_t456 =  *_t456 ^  *(_t460 + 0x50);
								}
								goto L22;
							}
							_t456[3] = 0;
							_t456[1] = 0;
							_t313 = (_a12 << 3) - _a8 >> 3;
							 *_t456 = _t313;
							__eflags =  *0x7af9f4 - 1;
							if( *0x7af9f4 >= 1) {
								__eflags = _t313 - 1;
								if(_t313 <= 1) {
									_t322 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									__eflags =  *(_t322 + 0xc);
									if( *(_t322 + 0xc) == 0) {
										_push("HEAP: ");
										E006EF63B();
									} else {
										E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
									}
									_push("((LONG)FreeEntry->Size > 1)");
									E006EF63B();
									L00794AF2(_t404, _t446, _t456, _t460, 1);
								}
							}
							_t456[1] = 0;
							_t421 =  *((intOrPtr*)(_t404 + 0x18));
							__eflags = _t421 - _t404;
							if(_t421 == _t404) {
								_t314 = 0;
							} else {
								_t314 = (_t456 - _t404 >> 0x10) + 1;
								_a16 = _t314;
								__eflags = _t314;
								if(__eflags <= 0) {
									L101:
									_push(0);
									_push(0);
									_push(_t404);
									_push(_t456);
									_push(_t421);
									_push(3);
									L00794B0C(_t404, _t421, _t446, _t456, _t460, __eflags);
									_t314 = _a16;
									L21:
									_t456[3] = _t314;
									L0072EB88(_t460, _t456,  *_t456 & 0x0000ffff);
									goto L22;
								}
								__eflags = _t314 - 0xfe;
								if(__eflags >= 0) {
									goto L101;
								}
							}
							goto L21;
						}
						L44:
						_t344 = _a4;
						_t124 = _t344 + 0x101f; // 0x1020
						_t453 = 0xfffff000;
						_t429 = _t124 & 0xfffff000;
						_t125 = _t344 + 0x28; // 0x29
						_v8 = _t429;
						if(_t429 == _t125) {
							_t429 = _t429 + 0x1000;
							_v8 = _t429;
						}
						_t441 = _a12;
						if(_v12 == 0) {
							_t345 = _t344 + _t441 * 8 - 0x10;
						} else {
							_t345 = _t344 + _t441 * 8;
						}
						_t346 = _t345 & _t453;
						_a8 = _t346;
						if(_t346 < _t429) {
							goto L87;
						} else {
							_t347 = _t346 - _t429;
							_a8 = _t347;
							if(_a16 != 0 ||  *((char*)(_v24 + 7)) == 3) {
								L50:
								if(_t347 == 0) {
									L54:
									if(_v12 == 0) {
										_t457 = _t347 + _t429;
										_t430 = _a4;
										_t457[2] =  *(_t460 + 0x54);
										_t349 = _a12;
										_t448 = _t430 + _t349 * 8;
										_t350 = _a8;
										_t431 = _v8;
										_t406 = _t350 + _t431;
										__eflags = _t430 + _t349 * 8 - _t350 + _t431;
										if(_t430 + _t349 * 8 == _t350 + _t431) {
											__eflags =  *(_t460 + 0x4c);
											_t404 = _v20;
											if( *(_t460 + 0x4c) != 0) {
												_t457[1] = _t457[1] ^ _t457[0] ^  *_t457;
												 *_t457 =  *_t457 ^  *(_t460 + 0x50);
												L36:
												_t350 = _a8;
												_t431 = _v8;
												goto L55;
											}
											goto L55;
										}
										_t457[3] = 0;
										_t457[1] = 0;
										_t368 = (_a12 << 3) - _a8 - _v8 + _a4 >> 3;
										 *_t457 = _t368;
										__eflags =  *0x7af9f4 - 1;
										if( *0x7af9f4 >= 1) {
											__eflags = _t368 - 1;
											if(_t368 <= 1) {
												_t377 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
												__eflags =  *(_t377 + 0xc);
												if( *(_t377 + 0xc) == 0) {
													_push("HEAP: ");
													E006EF63B();
												} else {
													E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
												}
												_push("(LONG)FreeEntry->Size > 1");
												E006EF63B();
												L00794AF2(_t406, _t448, _t457, _t460, 1);
											}
										}
										_t404 = _v20;
										_t457[1] = 0;
										_t435 =  *((intOrPtr*)(_t404 + 0x18));
										__eflags = _t435 - _t404;
										if(_t435 == _t404) {
											_t369 = 0;
											L35:
											_t457[3] = _t369;
											L0072EB88(_t460, _t457,  *_t457 & 0x0000ffff);
											goto L36;
										} else {
											_t369 = (_t457 - _t404 >> 0x10) + 1;
											_a16 = _t369;
											__eflags = _t369;
											if(__eflags <= 0) {
												L113:
												_push(0);
												_push(0);
												_push(_t404);
												_push(_t457);
												_push(_t435);
												_push(3);
												L00794B0C(_t404, _t435, _t448, _t457, _t460, __eflags);
												_t369 = _a16;
												goto L35;
											}
											__eflags = _t369 - 0xfe;
											if(__eflags >= 0) {
												goto L113;
											}
											goto L35;
										}
									}
									L55:
									L0072EE41(_t460, _t404, _t431 + 0xffffffe8, _t350, _a4,  &_v32);
									L0072EB88(_t460, _a4, _v32);
									_t357 =  *0x7ffe0380;
									if( *0x7ffe0380 != 0) {
										__eflags =  *( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x240) & 0x00000001;
										if(__eflags != 0) {
											E00794758(__eflags, _t460, _v8, _a8,  *(_t460 + 0x78) << 3, 0, 0, _t357 & 0x000000ff);
										}
									}
									_t266 =  *0x7ffe038a;
									_t477 = _t266;
									if(_t266 == 0) {
										goto L66;
									} else {
										_push(_t266 & 0x000000ff);
										_push(0);
										_push(0);
										goto L118;
									}
								}
								 *((intOrPtr*)(_t460 + 0xf8)) =  *((intOrPtr*)(_t460 + 0xf8)) + 1;
								if(E00732686(0xffffffff,  &_v8,  &_a8, 0x4000) < 0) {
									goto L91;
								}
								if( *0x7ffe0380 != 0) {
									_t391 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									__eflags =  *(_t391 + 0x240) & 0x00000001;
									if(( *(_t391 + 0x240) & 0x00000001) != 0) {
										E007942AC(_t460, _v8, _a8, 6);
									}
								}
								_t347 = _a8;
								_t429 = _v8;
								goto L54;
							} else {
								__eflags = _t347;
								if(_t347 == 0) {
									goto L29;
								}
								__eflags = _t347 -  *((intOrPtr*)(_t460 + 0x70));
								if(_t347 >=  *((intOrPtr*)(_t460 + 0x70))) {
									goto L50;
								}
								goto L29;
							}
						}
					}
					__edx = _a12;
					__eflags = __edx -  *((intOrPtr*)(__esi + 0x70));
					if(__edx <  *((intOrPtr*)(__esi + 0x70))) {
						L59:
						_push(__edx);
						_push(_a8);
						goto L58;
					}
					__eax =  *(__esi + 0x78);
					__eax =  *(__esi + 0x78) + __edx;
					__eflags = __eax -  *((intOrPtr*)(__esi + 0x74));
					if(__eax <  *((intOrPtr*)(__esi + 0x74))) {
						goto L59;
					}
					__ecx =  *((intOrPtr*)(__esi + 0x130));
					__edi =  *(__esi + 0xe0);
					__ecx =  *((intOrPtr*)(__esi + 0x130)) + 3;
					__edi =  *(__esi + 0xe0) >> __cl;
					__eflags = __eax - __edi;
					if(__eax < __edi) {
						goto L59;
					}
					__ebx = _a8;
					__eax =  &_a12;
					_a4 = L00725DD8(__esi, __ebx,  &_a12, 0);
					_t159 = _a12 - 0x201; // -512
					__ecx = _t159;
					__eflags = __ecx - 0xfbff;
					if(__ecx > 0xfbff) {
						goto L37;
					}
					__eax =  *(__esi + 0x78);
					__edi =  *(__esi + 0xe0);
					__eax =  *(__esi + 0x78) << 3;
					__edi =  *(__esi + 0xe0) - ( *(__esi + 0x78) << 3);
					__eax =  *(__esi + 0x128);
					__eax = __eax >> 3;
					__eax = __eax - (__eax >> 3);
					__eflags = __edi - __eax;
					if(__edi < __eax) {
						__ebx = __esi + 0x12c;
						__eax =  *__ebx;
						__eax = __eax >> 3;
						__eax = __eax - (__eax >> 3);
						__eflags = __edi - __eax;
						if(__edi > __eax) {
							__ecx = __esi;
							__eax = E006FC3DE(__esi);
							 *__ebx = __edi;
							 *(__esi + 0x128) = __edi;
						}
					}
					goto L66;
				}
			}

0x006fe4e0
0x006fe4ec
0x006fe4f0
0x00000000
0x006fe4f6
0x006fe4f6
0x006fe4fa
0x006fe4fb
0x006fe4fc
0x0075927e
0x00759281
0x00759285
0x00759287
0x00759291
0x00759295
0x00759297
0x00759299
0x0075929e
0x007592a0
0x007592a2
0x007592a5
0x007592a5
0x007592a5
0x007592a5
0x007592a0
0x007592ab
0x006f01fc
0x006f01fc
0x006f01ff
0x006f0201
0x006dee8e
0x006dee90
0x006f0207
0x006f020a
0x006f020d
0x006f0213
0x006f0215
0x006f0215
0x006f021b
0x006f021b
0x006f0224
0x006f022b
0x006f022e
0x006f0236
0x006f023d
0x006f0245
0x006f024b
0x006f024e
0x006f0257
0x006f025d
0x006f0263
0x006f0270
0x006f0275
0x006f0275
0x006f0284
0x006f0288
0x006f028b
0x006e1d65
0x006e1d65
0x006e1d65
0x006f029a
0x006df023
0x006df028
0x006df02b
0x006df030
0x006df034
0x006df036
0x00747212
0x00747214
0x00000000
0x00000000
0x00000000
0x0074721a
0x006df03c
0x006df03c
0x006df043
0x007592b3
0x007592b5
0x007592c1
0x007592c4
0x007592c7
0x007592e9
0x007592ee
0x007592c9
0x007592e1
0x007592e6
0x007592f4
0x007592f9
0x00759301
0x00759301
0x007592b5
0x006df049
0x006df04d
0x006df050
0x006df053
0x006df01e
0x006df055
0x006df055
0x006df055
0x006df055
0x006df05e
0x006df05e
0x006df061
0x006df064
0x0075930b
0x0075930b
0x00759312
0x00759318
0x0075931c
0x00759328
0x0075932b
0x0075932f
0x0075958d
0x00759592
0x00759335
0x0075934d
0x00759352
0x00759598
0x0075959d
0x007595a5
0x007595a5
0x0075931c
0x006e1d84
0x006e1d84
0x006e1d87
0x006f1c48
0x006f1c48
0x006f1c49
0x006fe586
0x00000000
0x006fe587
0x006df079
0x006df07e
0x006df080
0x00759358
0x0075935a
0x0075935d
0x00759362
0x00759366
0x0075937f
0x0075937f
0x00000000
0x00759366
0x006df086
0x006df08d
0x0075938f
0x00759392
0x00759399
0x007593a8
0x007593a8
0x00759399
0x006df093
0x006df099
0x006df09c
0x006df0a1
0x006df0a3
0x006df0a3
0x006df0a3
0x006df0a3
0x006df0ad
0x006df0b5
0x006df0bc
0x006df0c7
0x006df0ca
0x006df0cd
0x006df0d3
0x006df0d6
0x006df0dc
0x006df0de
0x006df0de
0x006df0de
0x006df0de
0x006df0e4
0x006df0e8
0x006df174
0x006df174
0x006df179
0x006df17b
0x00759449
0x00759450
0x0075946e
0x0075946e
0x00759450
0x006df181
0x006df186
0x006df188
0x0075947b
0x0075947c
0x0075947f
0x00759575
0x0075957b
0x0075957c
0x0075957f
0x00759582
0x00759583
0x00759583
0x00000000
0x006df188
0x006df0f1
0x006df0f8
0x006df0fb
0x006df0ff
0x006df10b
0x006df10d
0x006df10f
0x0074721f
0x00747223
0x00759432
0x00759438
0x00759438
0x00000000
0x00747223
0x006df115
0x006df119
0x006df126
0x006df129
0x006df12c
0x006df133
0x007593b2
0x007593b6
0x007593c2
0x007593c5
0x007593c9
0x007593eb
0x007593f0
0x007593cb
0x007593e3
0x007593e8
0x007593f6
0x007593fb
0x00759403
0x00759403
0x007593b6
0x006df139
0x006df13d
0x006df140
0x006df142
0x0075940d
0x006df148
0x006df14f
0x006df150
0x006df153
0x006df155
0x00759414
0x00759414
0x00759416
0x00759418
0x00759419
0x0075941a
0x0075941b
0x0075941d
0x00759422
0x006df166
0x006df166
0x006df16f
0x00000000
0x006df16f
0x006df15b
0x006df160
0x00000000
0x00000000
0x006df160
0x00000000
0x006df142
0x006f02a0
0x006f02a0
0x006f02a3
0x006f02a9
0x006f02ae
0x006f02b0
0x006f02b3
0x006f02b8
0x00747204
0x0074720a
0x0074720a
0x006f02c2
0x006f02c5
0x006e1d6e
0x006f02cb
0x006f02cb
0x006f02cb
0x006f02ce
0x006f02d0
0x006f02d5
0x00000000
0x006f02db
0x006f02db
0x006f02e1
0x006f02e4
0x006f02f3
0x006f02f5
0x006f032c
0x006f0330
0x006e1d8f
0x006e1d96
0x006e1d99
0x006e1d9d
0x006e1da0
0x006e1da3
0x006e1da6
0x006e1da9
0x006e1dac
0x006e1dae
0x0074722e
0x00747232
0x00747235
0x00759529
0x0075952f
0x006e1e1c
0x006e1e1c
0x006e1e1f
0x00000000
0x006e1e1f
0x00000000
0x0074723b
0x006e1db4
0x006e1db8
0x006e1dcb
0x006e1dce
0x006e1dd1
0x006e1dd8
0x007594b0
0x007594b4
0x007594c0
0x007594c3
0x007594c7
0x007594e9
0x007594ee
0x007594c9
0x007594e1
0x007594e6
0x007594f4
0x007594f9
0x00759501
0x00759501
0x007594b4
0x006e1dde
0x006e1de1
0x006e1de5
0x006e1de8
0x006e1dea
0x006dee98
0x006e1e0e
0x006e1e0e
0x006e1e17
0x00000000
0x006e1df0
0x006e1df7
0x006e1df8
0x006e1dfb
0x006e1dfd
0x0075950b
0x0075950b
0x0075950d
0x0075950f
0x00759510
0x00759511
0x00759512
0x00759514
0x00759519
0x00000000
0x00759519
0x006e1e03
0x006e1e08
0x00000000
0x00000000
0x00000000
0x006e1e08
0x006e1dea
0x006f0336
0x006f0344
0x006f0350
0x006f0355
0x006f035c
0x00759540
0x00759547
0x00759563
0x00759563
0x00759547
0x006f0362
0x006f0367
0x006f0369
0x00000000
0x006f036f
0x00759570
0x00759571
0x00759573
0x00000000
0x00759573
0x006f0369
0x006f02f7
0x006f0313
0x00000000
0x00000000
0x006f0320
0x0075948d
0x00759490
0x00759497
0x007594a6
0x007594a6
0x00759497
0x006f0326
0x006f0329
0x00000000
0x006e1d77
0x006e1d77
0x006e1d79
0x00000000
0x00000000
0x006e1d7b
0x006e1d7e
0x00000000
0x00000000
0x00000000
0x006e1d7e
0x006f02e4
0x006f02d5
0x006fe502
0x006fe505
0x006fe508
0x006f1c53
0x006f1c53
0x006f1c54
0x00000000
0x006f1c54
0x006fe50e
0x006fe511
0x006fe513
0x006fe516
0x00000000
0x00000000
0x006fe51c
0x006fe522
0x006fe528
0x006fe52b
0x006fe52d
0x006fe52f
0x00000000
0x00000000
0x006fe535
0x006fe53a
0x006fe545
0x006fe54b
0x006fe54b
0x006fe551
0x006fe557
0x00000000
0x00000000
0x006fe567
0x006fe56a
0x006fe570
0x006fe573
0x006fe575
0x006fe57d
0x006fe580
0x006fe582
0x006fe584
0x006fe58d
0x006fe593
0x006fe597
0x006fe59a
0x006fe59c
0x006fe59e
0x006fe5a0
0x006fe5a2
0x006fe5a7
0x006fe5a9
0x006fe5a9
0x006fe59e
0x00000000
0x006fe584

Strings

(UCRBlock != NULL), xrefs: 007592F4
(!TrailingUCR), xrefs: 00759598
HEAP[%wZ]: , xrefs: 007592DC, 00759348, 007593DE, 007594DC
((LONG)FreeEntry->Size > 1), xrefs: 007593F6
HEAP: , xrefs: 007592E9, 007593EB, 007594E9, 0075958D
(LONG)FreeEntry->Size > 1, xrefs: 007594F4

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
API String ID: 0-523794902
Opcode ID: 8ad1c784d5d4337c513e67530e825e9f6f43f88b5c93c1516db20592fb8534a0
Instruction ID: 2439f0efaa84098e0416e89bca16be5801520accdc66a1597a30452442a2c794
Opcode Fuzzy Hash: 8ad1c784d5d4337c513e67530e825e9f6f43f88b5c93c1516db20592fb8534a0
Instruction Fuzzy Hash: 0E32D071600689EFDB21CF68C884BEAB7F6FF44310F148059F9158B292D778EA96DB50

Uniqueness

Uniqueness Score: 0.05%

Function 0072645A, Relevance: 5.1, Strings: 3, Instructions: 1399
UNIQUECrypto

C-Code - Quality: 87%

			E0072645A(void* __ecx, void* __edx, signed int _a4, signed int _a8, signed int* _a12, signed int _a16, signed short _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				signed short _v24;
				signed short* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t594;
				signed short _t596;
				signed short* _t597;
				signed char _t603;
				signed int _t612;
				signed int _t613;
				signed int _t616;
				signed int _t621;
				signed int* _t623;
				signed int* _t628;
				signed int _t635;
				signed int _t637;
				signed int* _t638;
				signed int _t645;
				signed int _t646;
				signed int _t651;
				signed short _t654;
				signed short _t656;
				signed int* _t659;
				signed int* _t662;
				unsigned int _t669;
				signed int _t671;
				signed int* _t672;
				signed int* _t679;
				signed short _t681;
				signed int _t684;
				signed short _t685;
				signed int _t686;
				signed char _t687;
				signed short _t690;
				signed int _t695;
				signed int _t696;
				signed int _t699;
				signed int _t700;
				signed int _t704;
				signed int* _t713;
				signed int _t720;
				signed int _t723;
				signed int* _t724;
				signed int _t730;
				signed int _t732;
				signed int _t733;
				signed short _t739;
				signed short _t741;
				signed int* _t744;
				signed int* _t745;
				signed int _t752;
				signed int _t756;
				signed int* _t757;
				signed int* _t764;
				signed short _t766;
				signed int _t769;
				intOrPtr _t771;
				signed int* _t789;
				void* _t790;
				signed int _t792;
				signed char _t796;
				signed short _t797;
				intOrPtr _t798;
				signed int _t801;
				signed int _t802;
				signed int _t803;
				signed short _t804;
				signed int _t805;
				signed int _t812;
				signed int _t813;
				signed short _t819;
				signed short _t821;
				signed int _t826;
				signed int _t827;
				signed int _t829;
				signed int _t831;
				signed int _t832;
				signed short _t835;
				signed short _t837;
				signed int _t840;
				signed int _t846;
				signed int _t847;
				signed int _t849;
				signed short _t850;
				signed int _t855;
				signed int _t857;
				signed int _t858;
				signed int _t859;
				signed short _t860;
				signed short _t861;
				signed int _t863;
				signed int _t865;
				signed int _t866;
				signed int _t867;
				signed short _t871;
				signed short _t873;
				signed int _t878;
				signed int _t879;
				intOrPtr* _t881;
				signed int _t882;
				signed int _t884;
				signed short _t886;
				signed int _t888;
				signed int _t891;
				signed short _t893;
				signed int _t897;
				signed int _t900;
				signed int _t901;
				signed int _t904;
				signed int _t907;
				signed int _t909;
				signed int _t910;
				signed int _t915;
				signed int _t916;
				signed int _t920;
				void* _t922;
				signed short _t923;
				void* _t924;
				intOrPtr _t925;
				void* _t926;
				signed int _t928;
				signed int* _t938;
				signed int _t939;
				signed int _t940;
				signed int _t941;
				signed short _t942;
				signed short* _t945;
				signed short _t946;
				signed int* _t948;
				void* _t952;
				signed int _t954;
				signed int* _t957;
				signed short _t959;
				signed short _t961;
				signed short _t962;
				signed short _t963;
				void* _t964;
				signed int _t965;
				signed int _t966;
				signed int _t967;
				intOrPtr _t968;
				signed short* _t972;
				unsigned int _t976;
				void* _t978;
				signed int _t980;
				signed short _t983;
				signed short _t984;
				signed short _t985;
				intOrPtr _t987;
				signed short* _t988;
				signed int _t992;
				signed short _t993;
				signed short* _t996;
				signed short _t997;
				signed int* _t999;
				void* _t1003;
				signed int _t1005;
				signed int* _t1008;
				signed short _t1010;
				signed short _t1012;
				signed short _t1013;
				signed short _t1014;
				intOrPtr _t1015;
				signed int _t1016;
				void* _t1017;
				signed int _t1019;
				signed int _t1023;
				signed short* _t1027;
				unsigned int _t1031;
				void* _t1033;
				signed int _t1035;
				signed short _t1038;
				signed short _t1039;
				signed short _t1040;
				signed int _t1041;
				signed int* _t1043;
				signed short _t1051;
				signed short _t1054;
				signed int _t1061;
				signed int _t1062;
				signed int _t1063;
				void* _t1064;
				signed int* _t1072;
				signed int _t1073;
				signed int _t1075;
				signed short* _t1080;
				signed int _t1081;
				void* _t1082;
				signed int* _t1084;
				signed int _t1086;
				signed int _t1091;
				signed int _t1093;
				void* _t1096;
				signed int* _t1098;
				signed int _t1099;
				signed int _t1101;
				signed int _t1103;
				signed int _t1104;
				void* _t1105;
				signed short* _t1106;
				signed int _t1107;
				signed int _t1109;
				signed short _t1111;
				signed short _t1113;
				signed int _t1118;
				signed int _t1120;
				signed int _t1123;
				void* _t1124;
				signed int* _t1126;
				signed int _t1129;
				signed int _t1131;

				_t922 = __edx;
				_t1062 = _a4;
				_t790 = __ecx;
				 *(_t1062 + 2) = _a8;
				 *((char*)(_t1062 + 7)) = 0;
				_t590 =  *(__ecx + 0x54) ^ _a16;
				 *(_t1062 + 4) =  *(__ecx + 0x54) ^ _a16;
				_t792 =  *(__edx + 0x18);
				_v12 = 0;
				if(_t792 != __edx) {
					_t594 = (_t1062 - __edx >> 0x10) + 1;
					__eflags = _t594;
					_a8 = _t594;
					if(__eflags <= 0) {
						L351:
						_push(0);
						_push(0);
						_push(_t922);
						_push(_t1062);
						_push(_t792);
						_push(3);
						L00794B0C(_t790, _t792, _t922, _t1062, 0, __eflags);
						_t594 = _a8;
						goto L80;
					}
					__eflags = _t594 - 0xfe;
					if(__eflags < 0) {
						goto L80;
					}
					goto L351;
				} else {
					__eflags = 0;
					L80:
					 *(_t1062 + 6) = _t594;
					_t596 = _a20;
					 *((char*)(_t1062 + 3)) = 0;
					 *_t1062 = _t596;
					_t1080 = _t1062 + _t596 * 8;
					_t796 =  *(_t790 + 0x4c) >> 0x00000014 &  *(_t790 + 0x52) ^ _t1080[1];
					_v28 = _t1080;
					__eflags = _t796 & 0x00000001;
					if((_t796 & 0x00000001) == 0) {
						do {
							__eflags =  *(_t790 + 0x4c);
							if( *(_t790 + 0x4c) != 0) {
								 *_t1080 =  *_t1080 ^  *(_t790 + 0x50);
								__eflags = _t1080[1] - (_t1080[0] ^ _t1080[1] ^  *_t1080);
								if(__eflags != 0) {
									_push(0);
									_push(_t1080);
									_push(_t790);
									L00794BBA(_t790, _t1062, _t1080, __eflags);
								}
							}
							_t923 = _t1080[6];
							_t246 =  &(_t1080[4]); // 0x8
							_t597 = _t246;
							_t797 =  *_t597;
							_v20 = _t797;
							_t798 =  *((intOrPtr*)(_t797 + 4));
							_v24 = _t923;
							_t924 =  *_t923;
							__eflags = _t924 - _t798;
							if(__eflags != 0) {
								L354:
								_push(0);
								_push(_t924);
								_push(_t798);
								_push(_t597);
								_push(_t790);
								_push(0xc);
								L00794B0C(_t790, _t798, _t924, _t1062, _t1080, __eflags);
								goto L355;
							} else {
								__eflags = _t924 - _t597;
								if(__eflags != 0) {
									goto L354;
								}
								 *((intOrPtr*)(_t790 + 0x78)) =  *((intOrPtr*)(_t790 + 0x78)) - ( *_t1080 & 0x0000ffff);
								_t684 =  *(_t790 + 0xb8);
								__eflags = _t684;
								if(_t684 == 0) {
									L185:
									_t685 = _v20;
									_t850 = _v24;
									 *_t850 = _t685;
									 *(_t685 + 4) = _t850;
									__eflags = _t1080[1] & 0x00000008;
									if((_t1080[1] & 0x00000008) != 0) {
										_t686 = E006FC30D(_t790, _t1080);
										__eflags = _t686;
										if(_t686 != 0) {
											goto L186;
										}
										E006FE4D7(_t790, _t1062, _t790, _t1080,  *_t1080 & 0x0000ffff, 1);
										L355:
										__eflags = _v12;
										if(_v12 != 0) {
											return 0;
										}
										goto L356;
									}
									L186:
									__eflags = _a12;
									if(_a12 != 0) {
										_t687 = _t1080[1];
										__eflags = _t687 & 0x00000004;
										if((_t687 & 0x00000004) != 0) {
											_t904 = ( *_t1080 & 0x0000ffff) * 8 - 0x10;
											_a8 = _t904;
											__eflags = _t687 & 0x00000002;
											if((_t687 & 0x00000002) != 0) {
												__eflags = _t904 - 4;
												if(_t904 > 4) {
													_t541 =  &_a8;
													 *_t541 = _a8 - 4;
													__eflags =  *_t541;
												}
											}
											_t544 =  &(_t1080[8]); // 0x10
											_t769 = E00705770(_t544, _a8, 0xfeeefeee);
											_a16 = _t769;
											__eflags = _t769 - _a8;
											if(_t769 != _a8) {
												_t771 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
												__eflags =  *(_t771 + 0xc);
												if( *(_t771 + 0xc) == 0) {
													_push("HEAP: ");
													E006EF63B();
												} else {
													E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
												}
												_push( &(_t1080[8]) + _a16);
												E006EF63B("HEAP: Free Heap block %lx modified at %lx after it was freed\n", _t1080);
												L007959C1(_t1080);
											}
										}
									}
									 *(_t1062 + 2) = _t1080[1];
									_t690 = _a20 + ( *_t1080 & 0x0000ffff);
									_a20 = _t690;
									__eflags = _t690 - 0xfe00;
									if(_t690 > 0xfe00) {
										L0072EB88(_t790, _t1062, _a20);
										goto L129;
									} else {
										 *_t1062 = _t690;
										__eflags = _a12;
										 *(_t1062 + 4 + _t690 * 8) =  *(_t790 + 0x54) ^ _t690;
										 *((char*)(_t1062 + 7)) = 0;
										if(_a12 != 0) {
											 *(_t1062 + 2) =  *(_t1062 + 2) & 0x000000f0;
											__eflags =  *(_t790 + 0x40) & 0x00000040;
											_t1104 = _t690 & 0x0000ffff;
											_a16 = _t1104;
											if(( *(_t790 + 0x40) & 0x00000040) != 0) {
												E00705810(_t1062 + 0x10, _t1104 * 8 - 0x10, 0xfeeefeee);
												 *(_t1062 + 2) =  *(_t1062 + 2) | 0x00000004;
											}
											_t695 =  *(_t790 + 0xb8);
											__eflags = _t695;
											if(_t695 != 0) {
												while(1) {
													__eflags = _t1104 -  *((intOrPtr*)(_t695 + 4));
													if(_t1104 <  *((intOrPtr*)(_t695 + 4))) {
														break;
													}
													_t855 =  *_t695;
													__eflags = _t855;
													if(_t855 == 0) {
														_t857 =  *((intOrPtr*)(_t695 + 4)) - 1;
														__eflags = _t857;
														_v8 = _t857;
														L293:
														_a12 = _t695;
														_t696 = _t695 + 0x14;
														__eflags = _t696;
														_a20 = _t696;
														while(1) {
															_t858 = _t857 -  *_a20;
															_t699 = _a12[6];
															_t987 =  *((intOrPtr*)(_t699 + 4));
															__eflags = _t699 - _t987;
															if(_t699 == _t987) {
																goto L262;
															}
															_t1063 =  *(_t790 + 0x4c);
															__eflags = _t1063;
															if(_t1063 == 0) {
																_t993 =  *(_t987 - 8) & 0x0000ffff;
															} else {
																_t1014 =  *(_t987 - 8);
																_t1063 =  *(_t790 + 0x4c);
																__eflags = _t1063 & _t1014;
																if((_t1063 & _t1014) != 0) {
																	_t1014 = _t1014 ^  *(_t790 + 0x50);
																	__eflags = _t1014;
																}
																_t993 = _t1014 & 0x0000ffff;
															}
															__eflags = _t1104 - (_t993 & 0x0000ffff);
															if(_t1104 - (_t993 & 0x0000ffff) <= 0) {
																_t996 =  *_t699 - 8;
																__eflags = _t1063;
																if(_t1063 == 0) {
																	_t997 =  *_t996 & 0x0000ffff;
																} else {
																	_t1013 =  *_t996;
																	_t1063 =  *(_t790 + 0x4c);
																	__eflags = _t1063 & _t1013;
																	if((_t1063 & _t1013) != 0) {
																		_t1013 = _t1013 ^  *(_t790 + 0x50);
																		__eflags = _t1013;
																	}
																	_t997 = _t1013 & 0x0000ffff;
																}
																__eflags = _a16 - (_t997 & 0x0000ffff);
																if(_a16 - (_t997 & 0x0000ffff) <= 0) {
																	_t699 =  *_t699;
																	goto L262;
																} else {
																	_t999 = _a12;
																	__eflags =  *_t999;
																	if( *_t999 != 0) {
																		L387:
																		_t713 = _a12;
																		_t1118 = _t858 >> 5;
																		_t1072 =  *((intOrPtr*)(_t713 + 0x1c)) + _t1118 * 4;
																		_t1003 = ( *((intOrPtr*)(_t713 + 4)) -  *_a20 >> 5) - 1;
																		_t720 =  !((1 << (_t858 & 0x0000001f)) - 1) &  *_t1072;
																		__eflags = 1;
																		if(1 != 0) {
																			L391:
																			__eflags = _t720 & 0x0000ffff;
																			if((_t720 & 0x0000ffff) == 0) {
																				_t878 = _t720 >> 0x00000010 & 0x000000ff;
																				__eflags = _t878;
																				if(_t878 == 0) {
																					_t572 = (_t720 >> 0x18) + 0x725818; // 0x10008
																					_t723 = ( *_t572 & 0x000000ff) + 0x18;
																					__eflags = _t723;
																				} else {
																					_t571 = _t878 + 0x725818; // 0x10008
																					_t723 = ( *_t571 & 0x000000ff) + 0x10;
																				}
																			} else {
																				_t1005 = _t720 & 0x000000ff;
																				__eflags = _t1005;
																				if(_t1005 == 0) {
																					_t570 = (_t720 >> 0x00000008 & 0x000000ff) + 0x725818; // 0x10008
																					_t723 = ( *_t570 & 0x000000ff) + 8;
																				} else {
																					_t569 = _t1005 + 0x725818; // 0x10008
																					_t723 =  *_t569 & 0x000000ff;
																				}
																			}
																			_t1120 = (_t1118 << 5) + _t723;
																			_t724 = _a12;
																			__eflags =  *(_t724 + 8);
																			_t879 = _t1120 + _t1120;
																			if( *(_t724 + 8) == 0) {
																				_t879 = _t1120;
																			}
																			_t699 =  *( *((intOrPtr*)(_t724 + 0x20)) + _t879 * 4);
																			goto L262;
																		} else {
																			goto L388;
																		}
																		while(1) {
																			L388:
																			__eflags = _t1118 - _t1003;
																			if(_t1118 > _t1003) {
																				break;
																			}
																			_t1072 =  &(_t1072[1]);
																			_t720 =  *_t1072;
																			_t1118 = _t1118 + 1;
																			__eflags = _t720;
																			if(_t720 == 0) {
																				continue;
																			}
																			break;
																		}
																		__eflags = _t720;
																		if(_t720 == 0) {
																			_a8 = _a8 & 0x00000000;
																			L317:
																			_t700 = _a8;
																			__eflags = _t700;
																			if(_t700 == 0) {
																				_t859 =  *_a12;
																				_t1104 = _a16;
																				_a12 = _t859;
																				_t860 = _t859 + 0x14;
																				_a20 = _t860;
																				_t857 =  *_t860;
																				_v8 = _t857;
																				continue;
																			}
																			goto L318;
																		}
																		goto L391;
																	}
																	__eflags = _v8 - _t999[1] - 1;
																	if(_v8 != _t999[1] - 1) {
																		goto L387;
																	}
																	_t1008 = _a12;
																	__eflags =  *(_t1008 + 8);
																	if( *(_t1008 + 8) != 0) {
																		_t858 = _t858 + _t858;
																		__eflags = _t858;
																	}
																	_t881 =  *((intOrPtr*)( *((intOrPtr*)(_t1008 + 0x20)) + _t858 * 4));
																	while(1) {
																		__eflags = _t699 - _t881;
																		if(_t699 == _t881) {
																			goto L317;
																		}
																		__eflags = _t1063;
																		if(_t1063 == 0) {
																			_t1010 =  *(_t881 - 8) & 0x0000ffff;
																		} else {
																			_t1012 =  *(_t881 - 8);
																			_t1063 =  *(_t790 + 0x4c);
																			__eflags = _t1063 & _t1012;
																			if((_t1063 & _t1012) != 0) {
																				_t1012 = _t1012 ^  *(_t790 + 0x50);
																				__eflags = _t1012;
																			}
																			_t1010 = _t1012 & 0x0000ffff;
																		}
																		__eflags = _a16 - (_t1010 & 0x0000ffff);
																		if(_a16 - (_t1010 & 0x0000ffff) <= 0) {
																			_a8 = _t881;
																			goto L317;
																		} else {
																			_t881 =  *_t881;
																			continue;
																		}
																	}
																	goto L317;
																}
															}
															L262:
															_a8 = _t699;
															goto L317;
														}
													}
													_t695 = _t855;
												}
												_t857 = _t1104;
												_v8 = _t1104;
												goto L293;
											} else {
												_t700 =  *(_t790 + 0xc4);
												L318:
												_t1105 = _t790 + 0xc4;
												__eflags = _t1105 - _t700;
												if(_t1105 == _t700) {
													L325:
													_t861 =  *(_t700 + 4);
													_t988 = _a4;
													_t1064 =  *_t861;
													_t1106 =  &(_t988[4]);
													_a12 = _t1106;
													__eflags = _t1064 - _t700;
													if(__eflags != 0) {
														_push(0);
														_push(_t1064);
														_push(0);
														_push(_t700);
														_push(0);
														_push(0xc);
														L00794B0C(_t790, 0, _t988, _t1064, _t1106, __eflags);
														_t988 = _a4;
													} else {
														 *_t1106 = _t700;
														_t1106[2] = _t861;
														 *_t861 = _t1106;
														 *(_t700 + 4) = _t1106;
													}
													 *((intOrPtr*)(_t790 + 0x78)) =  *((intOrPtr*)(_t790 + 0x78)) + ( *_t988 & 0x0000ffff);
													_t704 =  *(_t790 + 0xb8);
													__eflags = _t704;
													if(_t704 == 0) {
														L346:
														__eflags =  *(_t790 + 0x4c);
														if( *(_t790 + 0x4c) != 0) {
															_t988[1] = _t988[0] ^  *_t988 ^ _t988[1];
															 *_t988 =  *_t988 ^  *(_t790 + 0x50);
														}
														L129:
														return 1;
													} else {
														_t863 =  *_t988 & 0x0000ffff;
														while(1) {
															__eflags = _t863 -  *((intOrPtr*)(_t704 + 4));
															if(_t863 <  *((intOrPtr*)(_t704 + 4))) {
																break;
															}
															_t1107 =  *_t704;
															__eflags = _t1107;
															if(_t1107 == 0) {
																_t1109 =  *((intOrPtr*)(_t704 + 4)) - 1;
																__eflags = _t1109;
																L334:
																_t865 = _t1109 -  *((intOrPtr*)(_t704 + 0x14));
																__eflags =  *(_t704 + 8);
																_a20 = _t865;
																if( *(_t704 + 8) != 0) {
																	_t865 = _t865 + _t865;
																	__eflags = _t865;
																}
																 *((intOrPtr*)(_t704 + 0xc)) =  *((intOrPtr*)(_t704 + 0xc)) + 1;
																_t866 = _t865 << 2;
																_a8 = _t866;
																_t867 =  *(_t866 +  *((intOrPtr*)(_t704 + 0x20)));
																_a16 = _t867;
																__eflags = _t1109 -  *((intOrPtr*)(_t704 + 4)) - 1;
																if(_t1109 ==  *((intOrPtr*)(_t704 + 4)) - 1) {
																	_t500 = _t704 + 0x10;
																	 *_t500 =  *(_t704 + 0x10) + 1;
																	__eflags =  *_t500;
																}
																__eflags = _t867;
																if(_t867 == 0) {
																	L344:
																	 *((intOrPtr*)(_a8 +  *((intOrPtr*)(_t704 + 0x20)))) = _a12;
																	_t867 = _a16;
																	goto L345;
																} else {
																	__eflags =  *(_t790 + 0x4c);
																	if( *(_t790 + 0x4c) == 0) {
																		_t1111 =  *(_t867 - 8) & 0x0000ffff;
																	} else {
																		_t1113 =  *(_t867 - 8);
																		__eflags =  *(_t790 + 0x4c) & _t1113;
																		if(( *(_t790 + 0x4c) & _t1113) != 0) {
																			_t1113 = _t1113 ^  *(_t790 + 0x50);
																			__eflags = _t1113;
																		}
																		_t1111 = _t1113 & 0x0000ffff;
																	}
																	__eflags = ( *_t988 & 0x0000ffff) - (_t1111 & 0x0000ffff);
																	if(( *_t988 & 0x0000ffff) - (_t1111 & 0x0000ffff) > 0) {
																		L345:
																		__eflags = _t867;
																		if(_t867 == 0) {
																			 *( *((intOrPtr*)(_t704 + 0x1c)) + (_a20 >> 5) * 4) =  *( *((intOrPtr*)(_t704 + 0x1c)) + (_a20 >> 5) * 4) | 1;
																			_t988 = _a4;
																		}
																		goto L346;
																	} else {
																		goto L344;
																	}
																}
															}
															_t704 = _t1107;
														}
														_t1109 = _t863;
														goto L334;
													}
												}
												_t992 =  *(_t790 + 0x4c);
												while(1) {
													__eflags = _t992;
													if(_t992 == 0) {
														_t871 =  *(_t700 - 8) & 0x0000ffff;
													} else {
														_t873 =  *(_t700 - 8);
														_t992 =  *(_t790 + 0x4c);
														__eflags = _t992 & _t873;
														if((_t992 & _t873) != 0) {
															_t873 = _t873 ^  *(_t790 + 0x50);
															__eflags = _t873;
														}
														_t871 = _t873 & 0x0000ffff;
													}
													__eflags = _a16 - (_t871 & 0x0000ffff);
													if(_a16 <= (_t871 & 0x0000ffff)) {
														goto L325;
													}
													_t700 =  *_t700;
													__eflags = _t1105 - _t700;
													if(_t1105 == _t700) {
														goto L325;
													}
												}
												goto L325;
											}
										}
										_t882 = _t690 & 0x0000ffff;
										 *(_t1062 + 2) = 0;
										_t730 =  *(_t790 + 0xb8);
										_v8 = _t882;
										__eflags = _t730;
										if(_t730 != 0) {
											while(1) {
												__eflags = _t882 -  *((intOrPtr*)(_t730 + 4));
												if(_t882 <  *((intOrPtr*)(_t730 + 4))) {
													break;
												}
												_t1041 =  *_t730;
												__eflags = _t1041;
												if(_t1041 == 0) {
													_t882 =  *((intOrPtr*)(_t730 + 4)) - 1;
													break;
												}
												_t730 = _t1041;
											}
											_a12 = _t730;
											_a20 = _t882;
											_t1062 = _t730 + 0x14;
											while(1) {
												_t732 = _a12[6];
												_t1015 =  *((intOrPtr*)(_t732 + 4));
												_t884 = _a20 -  *_t1062;
												_a16 = _t732;
												__eflags = _t732 - _t1015;
												if(_t732 == _t1015) {
													goto L201;
												}
												_t1123 =  *(_t790 + 0x4c);
												__eflags = _t1123;
												if(_t1123 == 0) {
													_t739 =  *(_t1015 - 8) & 0x0000ffff;
												} else {
													_t1040 =  *(_t1015 - 8);
													_t1123 =  *(_t790 + 0x4c);
													__eflags = _t1123 & _t1040;
													if((_t1123 & _t1040) != 0) {
														_t1040 = _t1040 ^  *(_t790 + 0x50);
														__eflags = _t1040;
													}
													_t739 = _t1040 & 0x0000ffff;
												}
												_t732 = _a16;
												__eflags = _v8 - (_t739 & 0x0000ffff);
												if(_v8 - (_t739 & 0x0000ffff) <= 0) {
													L234:
													_t1027 =  *_t732 - 8;
													__eflags = _t1123;
													if(_t1123 == 0) {
														_t741 =  *_t1027 & 0x0000ffff;
													} else {
														_t1039 =  *_t1027;
														_t1123 =  *(_t790 + 0x4c);
														__eflags = _t1123 & _t1039;
														if((_t1123 & _t1039) != 0) {
															_t1039 = _t1039 ^  *(_t790 + 0x50);
															__eflags = _t1039;
														}
														_t741 = _t1039 & 0x0000ffff;
													}
													__eflags = _v8 - (_t741 & 0x0000ffff);
													if(_v8 - (_t741 & 0x0000ffff) <= 0) {
														_t732 =  *_a16;
														goto L201;
													} else {
														_t744 = _a12;
														__eflags =  *_t744;
														if( *_t744 != 0) {
															L251:
															_t745 = _a12;
															_t1031 =  *((intOrPtr*)(_t745 + 4)) -  *_t1062;
															_t1129 = _t884 >> 5;
															_t1062 =  *((intOrPtr*)(_t745 + 0x1c)) + _t1129 * 4;
															_t1033 = (_t1031 >> 5) - 1;
															_t752 =  !((1 << (_t884 & 0x0000001f)) - 1) &  *_t1062;
															__eflags = 1;
															if(1 != 0) {
																L255:
																__eflags = _t752 & 0x0000ffff;
																if((_t752 & 0x0000ffff) != 0) {
																	_t1035 = _t752 & 0x000000ff;
																	__eflags = _t1035;
																	if(_t1035 == 0) {
																		_t40 = (_t752 >> 0x00000008 & 0x000000ff) + 0x725818; // 0x10008
																		_t756 = ( *_t40 & 0x000000ff) + 8;
																	} else {
																		_t106 = _t1035 + 0x725818; // 0x10008
																		_t756 =  *_t106 & 0x000000ff;
																	}
																} else {
																	_t900 = _t752 >> 0x00000010 & 0x000000ff;
																	__eflags = _t900;
																	if(_t900 != 0) {
																		_t39 = _t900 + 0x725818; // 0x10008
																		_t756 = ( *_t39 & 0x000000ff) + 0x10;
																	} else {
																		_t392 = (_t752 >> 0x18) + 0x725818; // 0x10008
																		_t756 = ( *_t392 & 0x000000ff) + 0x18;
																		__eflags = _t756;
																	}
																}
																_t1131 = (_t1129 << 5) + _t756;
																_t757 = _a12;
																__eflags =  *(_t757 + 8);
																_t897 = _t1131 + _t1131;
																if( *(_t757 + 8) == 0) {
																	_t897 = _t1131;
																}
																_t732 =  *( *((intOrPtr*)(_t757 + 0x20)) + _t897 * 4);
																goto L201;
															} else {
																goto L252;
															}
															while(1) {
																L252:
																__eflags = _t1129 - _t1033;
																if(_t1129 > _t1033) {
																	break;
																}
																_t1062 = _t1062 + 4;
																_t752 =  *_t1062;
																_t1129 = _t1129 + 1;
																__eflags = _t752;
																if(_t752 == 0) {
																	continue;
																}
																break;
															}
															__eflags = _t752;
															if(_t752 == 0) {
																_a8 = _a8 & 0x00000000;
																L202:
																_t733 = _a8;
																__eflags = _t733;
																if(_t733 == 0) {
																	_t402 =  *_a12 + 0x14; // 0x14
																	_t1062 = _t402;
																	_a12 =  *_a12;
																	_a20 =  *_t1062;
																	continue;
																}
																L203:
																_t1124 = _t790 + 0xc4;
																__eflags = _t1124 - _t733;
																if(_t1124 != _t733) {
																	_t1016 =  *(_t790 + 0x4c);
																	while(1) {
																		__eflags = _t1016;
																		if(_t1016 == 0) {
																			_t886 =  *(_t733 - 8) & 0x0000ffff;
																		} else {
																			_t893 =  *(_t733 - 8);
																			_t1016 =  *(_t790 + 0x4c);
																			__eflags = _t1016 & _t893;
																			if((_t1016 & _t893) != 0) {
																				_t893 = _t893 ^  *(_t790 + 0x50);
																				__eflags = _t893;
																			}
																			_t886 = _t893 & 0x0000ffff;
																		}
																		__eflags = _v8 - (_t886 & 0x0000ffff);
																		if(_v8 <= (_t886 & 0x0000ffff)) {
																			goto L204;
																		}
																		_t733 =  *_t733;
																		__eflags = _t1124 - _t733;
																		if(_t1124 == _t733) {
																			goto L204;
																		} else {
																			continue;
																		}
																		goto L234;
																	}
																}
																L204:
																_t888 =  *(_t733 + 4);
																_t1017 =  *_t888;
																_t1126 = _a4 + 8;
																_a12 = _t1126;
																__eflags = _t1017 - _t733;
																if(__eflags != 0) {
																	_push(0);
																	_push(_t1017);
																	_push(0);
																	_push(_t733);
																	_push(0);
																	_push(0xc);
																	L00794B0C(_t790, 0, _t1017, _t1062, _t1126, __eflags);
																} else {
																	 *_t1126 = _t733;
																	_t1126[1] = _t888;
																	 *_t888 = _t1126;
																	 *(_t733 + 4) = _t1126;
																}
																 *((intOrPtr*)(_t790 + 0x78)) =  *((intOrPtr*)(_t790 + 0x78)) + ( *_a4 & 0x0000ffff);
																_t621 =  *(_t790 + 0xb8);
																__eflags = _t621;
																if(_t621 == 0) {
																	L127:
																	__eflags =  *(_t790 + 0x4c);
																	if( *(_t790 + 0x4c) != 0) {
																		_t623 = _a4;
																		_t623[0] = _t623[0] ^  *_t623 ^ _t623[0];
																		 *_t623 =  *_t623 ^  *(_t790 + 0x50);
																		__eflags =  *_t623;
																	}
																	goto L129;
																} else {
																	_t891 =  *_a4 & 0x0000ffff;
																	while(1) {
																		__eflags = _t891 -  *((intOrPtr*)(_t621 + 4));
																		if(_t891 <  *((intOrPtr*)(_t621 + 4))) {
																			break;
																		}
																		_t1023 =  *_t621;
																		__eflags = _t1023;
																		if(_t1023 == 0) {
																			_t891 =  *((intOrPtr*)(_t621 + 4)) - 1;
																			break;
																		}
																		_t621 = _t1023;
																	}
																	_t1019 = _t891 -  *((intOrPtr*)(_t621 + 0x14));
																	__eflags =  *(_t621 + 8);
																	_a8 = _t1019;
																	if( *(_t621 + 8) != 0) {
																		_t1019 = _t1019 + _t1019;
																		__eflags = _t1019;
																	}
																	 *((intOrPtr*)(_t621 + 0xc)) =  *((intOrPtr*)(_t621 + 0xc)) + 1;
																	_t1086 = _t1019 << 2;
																	_t1073 =  *(_t1086 +  *((intOrPtr*)(_t621 + 0x20)));
																	__eflags = _t891 -  *((intOrPtr*)(_t621 + 4)) - 1;
																	if(_t891 ==  *((intOrPtr*)(_t621 + 4)) - 1) {
																		_t335 = _t621 + 0x10;
																		 *_t335 =  *(_t621 + 0x10) + 1;
																		__eflags =  *_t335;
																	}
																	__eflags = _t1073;
																	if(_t1073 == 0) {
																		L124:
																		 *(_t1086 +  *((intOrPtr*)(_t621 + 0x20))) = _a12;
																		goto L125;
																	} else {
																		__eflags =  *(_t790 + 0x4c);
																		if( *(_t790 + 0x4c) == 0) {
																			L272:
																			_t813 =  *(_t1073 - 8) & 0x0000ffff;
																			L140:
																			__eflags = ( *_a4 & 0x0000ffff) - (_t813 & 0x0000ffff);
																			if(( *_a4 & 0x0000ffff) - (_t813 & 0x0000ffff) <= 0) {
																				goto L124;
																			}
																			L125:
																			__eflags = _t1073;
																			if(_t1073 == 0) {
																				_t938 =  *((intOrPtr*)(_t621 + 0x1c)) + (_a8 >> 5) * 4;
																				 *_t938 =  *_t938 | 1;
																				__eflags =  *_t938;
																			}
																			goto L127;
																		}
																		_t939 =  *(_t1073 - 8);
																		__eflags =  *(_t790 + 0x4c) & _t939;
																		L137:
																		if(__eflags != 0) {
																			_t939 = _t939 ^  *(_t790 + 0x50);
																			__eflags = _t939;
																		}
																		_t813 = _t939 & 0x0000ffff;
																		goto L140;
																	}
																}
															}
															goto L255;
														}
														__eflags = _a20 - _t744[1] - 1;
														if(_a20 != _t744[1] - 1) {
															goto L251;
														}
														_t764 = _a12;
														__eflags =  *(_t764 + 8);
														if( *(_t764 + 8) != 0) {
															_t884 = _t884 + _t884;
															__eflags = _t884;
														}
														_t901 =  *((intOrPtr*)( *((intOrPtr*)(_t764 + 0x20)) + _t884 * 4));
														while(1) {
															__eflags = _a16 - _t901;
															if(_a16 == _t901) {
																goto L202;
															}
															__eflags = _t1123;
															if(_t1123 == 0) {
																_t766 =  *(_t901 - 8) & 0x0000ffff;
															} else {
																_t1038 =  *(_t901 - 8);
																_t1123 =  *(_t790 + 0x4c);
																__eflags = _t1123 & _t1038;
																if((_t1123 & _t1038) != 0) {
																	_t1038 = _t1038 ^  *(_t790 + 0x50);
																	__eflags = _t1038;
																}
																_t766 = _t1038 & 0x0000ffff;
															}
															__eflags = _v8 - (_t766 & 0x0000ffff);
															if(_v8 - (_t766 & 0x0000ffff) > 0) {
																_t901 =  *_t901;
																continue;
															} else {
																_a8 = _t901;
																goto L202;
															}
														}
														goto L202;
													}
												}
												L201:
												_a8 = _t732;
												goto L202;
											}
										}
										_t733 =  *(_t790 + 0xc4);
										goto L203;
									}
								}
								_t907 =  *_t1080 & 0x0000ffff;
								while(1) {
									__eflags = _t907 -  *(_t684 + 4);
									if(_t907 <  *(_t684 + 4)) {
										break;
									}
									_t1061 =  *_t684;
									__eflags = _t1061;
									if(_t1061 == 0) {
										_t1075 =  *(_t684 + 4) - 1;
										_a8 = _t1075;
										L175:
										_t909 = _t1075 -  *((intOrPtr*)(_t684 + 0x14));
										__eflags =  *(_t684 + 8);
										_v8 = _t909;
										if( *(_t684 + 8) != 0) {
											_t909 = _t909 + _t909;
											__eflags = _t909;
										}
										_t910 = _t909 << 2;
										_t1043 =  *((intOrPtr*)(_t684 + 0x20)) + _t910;
										_a16 = _t910;
										 *((intOrPtr*)(_t684 + 0xc)) =  *((intOrPtr*)(_t684 + 0xc)) - 1;
										_v16 =  *_t1043;
										__eflags = _t1075 -  *(_t684 + 4) - 1;
										if(_t1075 ==  *(_t684 + 4) - 1) {
											_t263 = _t684 + 0x10;
											 *_t263 =  *(_t684 + 0x10) - 1;
											__eflags =  *_t263;
										}
										_t265 =  &(_t1080[4]); // 0x8
										__eflags = _v16 - _t265;
										if(_v16 != _t265) {
											L218:
											_t1062 = _a4;
											goto L185;
										} else {
											__eflags =  *_t684;
											_t915 =  *(_t684 + 4);
											if( *_t684 == 0) {
												_t915 = _t915 - 1;
												__eflags = _t915;
											}
											__eflags = _a8 - _t915;
											_t916 = _t1080[4];
											if(_a8 < _t915) {
												__eflags = _t916 -  *((intOrPtr*)(_t684 + 0x18));
												if(_t916 ==  *((intOrPtr*)(_t684 + 0x18))) {
													L226:
													 *(_a16 +  *((intOrPtr*)(_t684 + 0x20))) =  *(_a16 +  *((intOrPtr*)(_t684 + 0x20))) & 0x00000000;
													 *( *((intOrPtr*)(_t684 + 0x1c)) + (_v8 >> 5) * 4) =  *( *((intOrPtr*)(_t684 + 0x1c)) + (_v8 >> 5) * 4) &  !(1 << (_v8 & 0x0000001f));
													goto L218;
												}
												__eflags =  *(_t790 + 0x4c);
												if( *(_t790 + 0x4c) == 0) {
													_t1051 =  *(_t916 - 8) & 0x0000ffff;
												} else {
													_t1054 =  *(_t916 - 8);
													__eflags =  *(_t790 + 0x4c) & _t1054;
													if(( *(_t790 + 0x4c) & _t1054) != 0) {
														_t1054 = _t1054 ^  *(_t790 + 0x50);
														__eflags = _t1054;
													}
													_t1051 = _t1054 & 0x0000ffff;
												}
												__eflags = ( *_t1080 & 0x0000ffff) == (_t1051 & 0x0000ffff);
												if(( *_t1080 & 0x0000ffff) == (_t1051 & 0x0000ffff)) {
													 *(_a16 +  *((intOrPtr*)(_t684 + 0x20))) = _t916;
													goto L218;
												} else {
													goto L226;
												}
											} else {
												_t1062 = _a4;
												__eflags = _t916 -  *((intOrPtr*)(_t684 + 0x18));
												if(_t916 !=  *((intOrPtr*)(_t684 + 0x18))) {
													 *_t1043 = _t916;
												} else {
													 *_t1043 =  *_t1043 & 0x00000000;
													_t920 = _v8;
													_t789 =  *((intOrPtr*)(_t684 + 0x1c)) + (_t920 >> 5) * 4;
													 *_t789 =  *_t789 &  !(1 << (_t920 & 0x0000001f));
													__eflags =  *_t789;
												}
												goto L185;
											}
										}
									}
									_t684 = _t1061;
								}
								_t1075 = _t907;
								_a8 = _t907;
								goto L175;
							}
							L356:
							_t1080 = _v28;
							_v12 = 1;
							_t603 =  *(_t790 + 0x4c) >> 0x00000014 &  *(_t790 + 0x52) ^ _t1080[1];
							__eflags = _t603 & 0x00000001;
						} while ((_t603 & 0x00000001) == 0);
						_t596 = _a20;
					}
					__eflags = _a12;
					_t1080[2] =  *(_t790 + 0x54) ^ _t596;
					 *((char*)(_t1062 + 7)) = 0;
					if(_a12 != 0) {
						 *(_t1062 + 2) =  *(_t1062 + 2) & 0x000000f0;
						__eflags =  *(_t790 + 0x40) & 0x00000040;
						_t1081 = _t596 & 0x0000ffff;
						_a16 = _t1081;
						if(( *(_t790 + 0x40) & 0x00000040) != 0) {
							E00705810(_t1062 + 0x10, _t1081 * 8 - 0x10, 0xfeeefeee);
							 *(_t1062 + 2) =  *(_t1062 + 2) | 0x00000004;
						}
						_t612 =  *(_t790 + 0xb8);
						__eflags = _t612;
						if(__eflags != 0) {
							while(1) {
								__eflags = _t1081 -  *((intOrPtr*)(_t612 + 4));
								if(_t1081 <  *((intOrPtr*)(_t612 + 4))) {
									break;
								}
								_t801 =  *_t612;
								__eflags = _t801;
								if(_t801 != 0) {
									_t612 = _t801;
									continue;
								}
								_t802 =  *((intOrPtr*)(_t612 + 4)) - 1;
								_v8 = _t802;
								L34:
								_a12 = _t612;
								_t613 = _t612 + 0x14;
								__eflags = _t613;
								_a20 = _t613;
								while(1) {
									_t792 = _t802 -  *_a20;
									_t590 = _a12[6];
									_t925 =  *((intOrPtr*)(_t590 + 4));
									__eflags = _t590 - _t925;
									if(__eflags == 0) {
										goto L57;
									}
									_t1062 =  *(_t790 + 0x4c);
									__eflags = _t1062;
									if(_t1062 == 0) {
										_t942 =  *(_t925 - 8) & 0x0000ffff;
									} else {
										_t963 =  *(_t925 - 8);
										_t1062 =  *(_t790 + 0x4c);
										__eflags = _t1062 & _t963;
										if((_t1062 & _t963) != 0) {
											_t963 = _t963 ^  *(_t790 + 0x50);
											__eflags = _t963;
										}
										_t942 = _t963 & 0x0000ffff;
									}
									__eflags = _t1081 - (_t942 & 0x0000ffff);
									if(__eflags <= 0) {
										_t945 =  *_t590 - 8;
										__eflags = _t1062;
										if(_t1062 == 0) {
											_t946 =  *_t945 & 0x0000ffff;
										} else {
											_t962 =  *_t945;
											_t1062 =  *(_t790 + 0x4c);
											__eflags = _t1062 & _t962;
											if((_t1062 & _t962) != 0) {
												_t962 = _t962 ^  *(_t790 + 0x50);
												__eflags = _t962;
											}
											_t946 = _t962 & 0x0000ffff;
										}
										__eflags = _a16 - (_t946 & 0x0000ffff);
										if(__eflags <= 0) {
											_t590 =  *_t590;
											goto L57;
										} else {
											_t948 = _a12;
											__eflags =  *_t948;
											if( *_t948 != 0) {
												L48:
												_t628 = _a12;
												_t1091 = _t792 >> 5;
												_t1062 =  *((intOrPtr*)(_t628 + 0x1c)) + _t1091 * 4;
												_t952 = ( *((intOrPtr*)(_t628 + 4)) -  *_a20 >> 5) - 1;
												_t635 =  !((1 << (_t792 & 0x0000001f)) - 1) &  *_t1062;
												__eflags = 1;
												if(1 != 0) {
													L52:
													__eflags = _t635 & 0x0000ffff;
													if((_t635 & 0x0000ffff) == 0) {
														_t826 = _t635 >> 0x00000010 & 0x000000ff;
														__eflags = _t826;
														if(_t826 != 0) {
															_t23 = _t826 + 0x725818; // 0x10008
															_t637 = ( *_t23 & 0x000000ff) + 0x10;
														} else {
															_t31 = (_t635 >> 0x18) + 0x725818; // 0x10008
															_t637 = ( *_t31 & 0x000000ff) + 0x18;
														}
													} else {
														_t954 = _t635 & 0x000000ff;
														__eflags = _t954;
														if(_t954 == 0) {
															_t22 = (_t635 >> 0x00000008 & 0x000000ff) + 0x725818; // 0x10008
															_t637 = ( *_t22 & 0x000000ff) + 8;
														} else {
															_t76 = _t954 + 0x725818; // 0x10008
															_t637 =  *_t76 & 0x000000ff;
														}
													}
													_t1093 = (_t1091 << 5) + _t637;
													_t638 = _a12;
													__eflags =  *(_t638 + 8);
													_t827 = _t1093 + _t1093;
													if(__eflags == 0) {
														_t827 = _t1093;
													}
													_t590 =  *( *((intOrPtr*)(_t638 + 0x20)) + _t827 * 4);
													goto L57;
												} else {
													goto L49;
												}
												while(1) {
													L49:
													__eflags = _t1091 - _t952;
													if(_t1091 > _t952) {
														break;
													}
													_t1062 = _t1062 + 4;
													_t635 =  *_t1062;
													_t1091 = _t1091 + 1;
													__eflags = _t635;
													if(_t635 == 0) {
														continue;
													}
													break;
												}
												__eflags = _t635;
												if(__eflags == 0) {
													_a8 = _a8 & 0x00000000;
													L58:
													_t616 = _a8;
													if(_t616 == 0) {
														_t803 =  *_a12;
														_t1081 = _a16;
														_a12 = _t803;
														_t804 = _t803 + 0x14;
														_a20 = _t804;
														_t802 =  *_t804;
														_v8 = _t802;
														continue;
													}
													goto L59;
												}
												goto L52;
											}
											__eflags = _v8 - _t948[1] - 1;
											if(__eflags == 0) {
												_t957 = _a12;
												if( *((intOrPtr*)(_t957 + 8)) != 0) {
													_t792 = _t792 + _t792;
												}
												_t829 =  *((intOrPtr*)( *((intOrPtr*)(_t957 + 0x20)) + _t792 * 4));
												while(_t590 != _t829) {
													__eflags = _t1062;
													if(_t1062 == 0) {
														_t959 =  *(_t829 - 8) & 0x0000ffff;
													} else {
														_t961 =  *(_t829 - 8);
														_t1062 =  *(_t790 + 0x4c);
														__eflags = _t1062 & _t961;
														if((_t1062 & _t961) != 0) {
															_t961 = _t961 ^  *(_t790 + 0x50);
															__eflags = _t961;
														}
														_t959 = _t961 & 0x0000ffff;
													}
													__eflags = _a16 - (_t959 & 0x0000ffff);
													if(__eflags > 0) {
														_t829 =  *_t829;
														continue;
													} else {
														_a8 = _t829;
														goto L58;
													}
												}
												goto L58;
											}
											goto L48;
										}
									}
									L57:
									_a8 = _t590;
									goto L58;
								}
							}
							_t802 = _t1081;
							_v8 = _t1081;
							goto L34;
						} else {
							_t616 =  *(_t790 + 0xc4);
							L59:
							_t1082 = _t790 + 0xc4;
							if(_t1082 == _t616) {
								L66:
								_t805 =  *(_t616 + 4);
								_t926 =  *_t805;
								_t1084 = _a4 + 8;
								_a12 = _t1084;
								if(_t926 != _t616) {
									_push(0);
									_push(_t926);
									_push(0);
									_push(_t616);
									_push(0);
									_push(0xc);
									L00794B0C(_t790, 0, _t926, _t1062, _t1084, __eflags);
								} else {
									 *_t1084 = _t616;
									_t1084[1] = _t805;
									 *_t805 = _t1084;
									 *(_t616 + 4) = _t1084;
								}
								 *((intOrPtr*)(_t790 + 0x78)) =  *((intOrPtr*)(_t790 + 0x78)) + ( *_a4 & 0x0000ffff);
								_t621 =  *(_t790 + 0xb8);
								if(_t621 == 0) {
									goto L127;
								} else {
									_t812 =  *_a4 & 0x0000ffff;
									while(_t812 >=  *((intOrPtr*)(_t621 + 4))) {
										_t940 =  *_t621;
										if(_t940 == 0) {
											L148:
											_t812 =  *((intOrPtr*)(_t621 + 4)) - 1;
											break;
										}
										_t621 = _t940;
									}
									L120:
									_t928 = _t812 -  *((intOrPtr*)(_t621 + 0x14));
									__eflags =  *(_t621 + 8);
									_a8 = _t928;
									if( *(_t621 + 8) != 0) {
										_t928 = _t928 + _t928;
										__eflags = _t928;
									}
									_t1086 = _t928 << 2;
									 *((intOrPtr*)(_t621 + 0xc)) =  *((intOrPtr*)(_t621 + 0xc)) + 1;
									_t1073 =  *(_t1086 +  *((intOrPtr*)(_t621 + 0x20)));
									__eflags = _t812 -  *((intOrPtr*)(_t621 + 4)) - 1;
									if(_t812 ==  *((intOrPtr*)(_t621 + 4)) - 1) {
										 *(_t621 + 0x10) =  *(_t621 + 0x10) + 1;
									}
									__eflags = _t1073;
									if(_t1073 != 0) {
										__eflags =  *(_t790 + 0x4c);
										if( *(_t790 + 0x4c) == 0) {
											goto L272;
										}
										_t939 =  *(_t1073 - 8);
										__eflags =  *(_t790 + 0x4c) & _t939;
										goto L137;
									} else {
										goto L124;
									}
								}
							}
							_t941 =  *(_t790 + 0x4c);
							L61:
							L61:
							if(_t941 == 0) {
								_t819 =  *(_t616 - 8) & 0x0000ffff;
							} else {
								_t821 =  *(_t616 - 8);
								_t941 =  *(_t790 + 0x4c);
								if((_t941 & _t821) != 0) {
									_t821 = _t821 ^  *(_t790 + 0x50);
								}
								_t819 = _t821 & 0x0000ffff;
							}
							if(_a16 > (_t819 & 0x0000ffff)) {
								goto L366;
							}
							goto L66;
							L366:
							_t616 =  *_t616;
							__eflags = _t1082 - _t616;
							if(__eflags == 0) {
								goto L66;
							}
							goto L61;
						}
					}
					_t831 = _t596 & 0x0000ffff;
					 *(_t1062 + 2) = 0;
					_t645 =  *(_t790 + 0xb8);
					_v8 = _t831;
					__eflags = _t645;
					if(_t645 == 0) {
						_t646 =  *(_t790 + 0xc4);
						L108:
						_t1096 = _t790 + 0xc4;
						__eflags = _t1096 - _t646;
						if(_t1096 == _t646) {
							L115:
							_t832 =  *(_t646 + 4);
							_t964 =  *_t832;
							_t1098 = _a4 + 8;
							_a12 = _t1098;
							__eflags = _t964 - _t646;
							if(__eflags != 0) {
								_push(0);
								_push(_t964);
								_push(0);
								_push(_t646);
								_push(0);
								_push(0xc);
								L00794B0C(_t790, 0, _t964, _t1062, _t1098, __eflags);
							} else {
								 *_t1098 = _t646;
								_t1098[1] = _t832;
								 *_t832 = _t1098;
								 *(_t646 + 4) = _t1098;
							}
							 *((intOrPtr*)(_t790 + 0x78)) =  *((intOrPtr*)(_t790 + 0x78)) + ( *_a4 & 0x0000ffff);
							_t621 =  *(_t790 + 0xb8);
							__eflags = _t621;
							if(_t621 == 0) {
								goto L127;
							} else {
								_t812 =  *_a4 & 0x0000ffff;
								while(1) {
									__eflags = _t812 -  *((intOrPtr*)(_t621 + 4));
									if(_t812 <  *((intOrPtr*)(_t621 + 4))) {
										goto L120;
									}
									_t965 =  *_t621;
									__eflags = _t965;
									if(_t965 == 0) {
										goto L148;
									}
									_t621 = _t965;
								}
								goto L120;
							}
						}
						_t966 =  *(_t790 + 0x4c);
						while(1) {
							__eflags = _t966;
							if(_t966 == 0) {
								_t835 =  *(_t646 - 8) & 0x0000ffff;
							} else {
								_t837 =  *(_t646 - 8);
								_t966 =  *(_t790 + 0x4c);
								__eflags = _t966 & _t837;
								if((_t966 & _t837) != 0) {
									_t837 = _t837 ^  *(_t790 + 0x50);
									__eflags = _t837;
								}
								_t835 = _t837 & 0x0000ffff;
							}
							__eflags = _v8 - (_t835 & 0x0000ffff);
							if(_v8 <= (_t835 & 0x0000ffff)) {
								goto L115;
							}
							_t646 =  *_t646;
							__eflags = _t1096 - _t646;
							if(_t1096 == _t646) {
								goto L115;
							}
						}
						goto L115;
					} else {
						goto L83;
					}
					while(1) {
						L83:
						__eflags = _t831 -  *((intOrPtr*)(_t645 + 4));
						if(_t831 <  *((intOrPtr*)(_t645 + 4))) {
							break;
						}
						_t967 =  *_t645;
						__eflags = _t967;
						if(_t967 == 0) {
							_t831 =  *((intOrPtr*)(_t645 + 4)) - 1;
							break;
						}
						_t645 = _t967;
					}
					_a12 = _t645;
					_a20 = _t831;
					_t1062 = _t645 + 0x14;
					while(1) {
						_t651 = _a12[6];
						_t968 =  *((intOrPtr*)(_t651 + 4));
						_t840 = _a20 -  *_t1062;
						_a16 = _t651;
						__eflags = _t651 - _t968;
						if(_t651 == _t968) {
							goto L106;
						}
						_t1099 =  *(_t790 + 0x4c);
						__eflags = _t1099;
						if(_t1099 == 0) {
							_t654 =  *(_t968 - 8) & 0x0000ffff;
						} else {
							_t985 =  *(_t968 - 8);
							_t1099 =  *(_t790 + 0x4c);
							__eflags = _t1099 & _t985;
							if((_t1099 & _t985) != 0) {
								_t985 = _t985 ^  *(_t790 + 0x50);
								__eflags = _t985;
							}
							_t654 = _t985 & 0x0000ffff;
						}
						_t651 = _a16;
						__eflags = _v8 - (_t654 & 0x0000ffff);
						if(_v8 - (_t654 & 0x0000ffff) <= 0) {
							_t972 =  *_t651 - 8;
							__eflags = _t1099;
							if(_t1099 == 0) {
								_t656 =  *_t972 & 0x0000ffff;
							} else {
								_t984 =  *_t972;
								_t1099 =  *(_t790 + 0x4c);
								__eflags = _t1099 & _t984;
								if((_t1099 & _t984) != 0) {
									_t984 = _t984 ^  *(_t790 + 0x50);
									__eflags = _t984;
								}
								_t656 = _t984 & 0x0000ffff;
							}
							__eflags = _v8 - (_t656 & 0x0000ffff);
							if(_v8 - (_t656 & 0x0000ffff) <= 0) {
								_t651 =  *_a16;
								goto L106;
							} else {
								_t659 = _a12;
								__eflags =  *_t659;
								if( *_t659 == 0) {
									__eflags = _a20 - _t659[1] - 1;
									if(_a20 != _t659[1] - 1) {
										goto L97;
									}
									_t679 = _a12;
									__eflags =  *(_t679 + 8);
									if( *(_t679 + 8) != 0) {
										_t840 = _t840 + _t840;
										__eflags = _t840;
									}
									_t849 =  *((intOrPtr*)( *((intOrPtr*)(_t679 + 0x20)) + _t840 * 4));
									while(1) {
										__eflags = _a16 - _t849;
										if(_a16 == _t849) {
											break;
										}
										__eflags = _t1099;
										if(_t1099 == 0) {
											_t681 =  *(_t849 - 8) & 0x0000ffff;
										} else {
											_t983 =  *(_t849 - 8);
											_t1099 =  *(_t790 + 0x4c);
											__eflags = _t1099 & _t983;
											if((_t1099 & _t983) != 0) {
												_t983 = _t983 ^  *(_t790 + 0x50);
												__eflags = _t983;
											}
											_t681 = _t983 & 0x0000ffff;
										}
										__eflags = _v8 - (_t681 & 0x0000ffff);
										if(_v8 - (_t681 & 0x0000ffff) > 0) {
											_t849 =  *_t849;
											continue;
										} else {
											_a8 = _t849;
											break;
										}
									}
									L107:
									_t646 = _a8;
									__eflags = _t646;
									if(_t646 == 0) {
										_t236 =  *_a12 + 0x14; // 0x14
										_t1062 = _t236;
										_a12 =  *_a12;
										_a20 =  *_t1062;
										continue;
									}
									goto L108;
								}
								L97:
								_t662 = _a12;
								_t976 =  *((intOrPtr*)(_t662 + 4)) -  *_t1062;
								_t1101 = _t840 >> 5;
								_t1062 =  *((intOrPtr*)(_t662 + 0x1c)) + _t1101 * 4;
								_t978 = (_t976 >> 5) - 1;
								_t669 =  !((1 << (_t840 & 0x0000001f)) - 1) &  *_t1062;
								__eflags = 1;
								if(1 != 0) {
									L101:
									__eflags = _t669 & 0x0000ffff;
									if((_t669 & 0x0000ffff) == 0) {
										_t846 = _t669 >> 0x00000010 & 0x000000ff;
										__eflags = _t846;
										if(_t846 != 0) {
											_t211 = _t846 + 0x725818; // 0x10008
											_t671 = ( *_t211 & 0x000000ff) + 0x10;
										} else {
											_t210 = (_t669 >> 0x18) + 0x725818; // 0x10008
											_t671 = ( *_t210 & 0x000000ff) + 0x18;
										}
									} else {
										_t980 = _t669 & 0x000000ff;
										__eflags = _t980;
										if(_t980 == 0) {
											_t212 = (_t669 >> 0x00000008 & 0x000000ff) + 0x725818; // 0x10008
											_t671 = ( *_t212 & 0x000000ff) + 8;
										} else {
											_t154 = _t980 + 0x725818; // 0x10008
											_t671 =  *_t154 & 0x000000ff;
										}
									}
									_t1103 = (_t1101 << 5) + _t671;
									_t672 = _a12;
									__eflags = _t672[2];
									_t847 = _t1103 + _t1103;
									if(_t672[2] == 0) {
										_t847 = _t1103;
									}
									_t651 =  *(_t672[8] + _t847 * 4);
									goto L106;
								} else {
									goto L98;
								}
								while(1) {
									L98:
									__eflags = _t1101 - _t978;
									if(_t1101 > _t978) {
										break;
									}
									_t1062 = _t1062 + 4;
									_t669 =  *_t1062;
									_t1101 = _t1101 + 1;
									__eflags = _t669;
									if(_t669 == 0) {
										continue;
									}
									break;
								}
								__eflags = _t669;
								if(_t669 == 0) {
									_a8 = _a8 & 0x00000000;
									goto L107;
								}
								goto L101;
							}
						}
						L106:
						_a8 = _t651;
						goto L107;
					}
				}
			}

0x0072645a
0x00726468
0x0072646b
0x0072646d
0x00726470
0x00726478
0x0072647e
0x00726482
0x00726485
0x0072648a
0x007404ea
0x007404eb
0x007404ed
0x007404f0
0x00759b3e
0x00759b3e
0x00759b3f
0x00759b40
0x00759b41
0x00759b42
0x00759b43
0x00759b45
0x00759b4a
0x00000000
0x00759b4a
0x007404f6
0x007404fb
0x00000000
0x00000000
0x00000000
0x00726490
0x00726490
0x00726492
0x00726492
0x00726495
0x00726498
0x0072649c
0x007264a8
0x007264ab
0x007264ae
0x007264b1
0x007264b4
0x00742321
0x00742321
0x00742325
0x0074232a
0x00742334
0x00742337
0x00759b52
0x00759b54
0x00759b55
0x00759b56
0x00759b56
0x00742337
0x0074233d
0x00742340
0x00742340
0x00742343
0x00742345
0x00742348
0x0074234b
0x0074234e
0x00742350
0x00742352
0x00759b6f
0x00759b6f
0x00759b71
0x00759b72
0x00759b73
0x00759b74
0x00759b75
0x00759b77
0x00000000
0x00742358
0x00742358
0x0074235a
0x00000000
0x00000000
0x00742363
0x00742366
0x0074236c
0x0074236e
0x00742406
0x00742406
0x00742409
0x0074240c
0x0074240e
0x00742411
0x00742415
0x0074a823
0x0074a828
0x0074a82a
0x00000000
0x00000000
0x00759b68
0x00759b7c
0x00759b7c
0x00759b80
0x00000000
0x00759c33
0x00000000
0x00759b80
0x0074241b
0x0074241b
0x0074241f
0x00749a97
0x00749a9a
0x00749a9c
0x00759c3d
0x00759c44
0x00759c47
0x00759c49
0x00759c4b
0x00759c4e
0x00759c50
0x00759c50
0x00759c50
0x00759c50
0x00759c4e
0x00759c5c
0x00759c60
0x00759c65
0x00759c68
0x00759c6b
0x00759c77
0x00759c7a
0x00759c7e
0x00759ca0
0x00759ca5
0x00759c80
0x00759c98
0x00759c9d
0x00759cb2
0x00759cb9
0x00759cc2
0x00759cc2
0x00759c6b
0x00749a9c
0x00742428
0x00742431
0x00742433
0x00742436
0x0074243b
0x00759e3b
0x00000000
0x00742441
0x00742441
0x0074244b
0x0074244f
0x00742454
0x00742458
0x00749aa7
0x00749aab
0x00749aaf
0x00749ab2
0x00749ab5
0x00759d11
0x00759d16
0x00759d16
0x00749abb
0x00749ac1
0x00749ac3
0x00749ad2
0x00749ad2
0x00749ad5
0x00000000
0x00000000
0x00749aca
0x00749acc
0x00749ace
0x00749adf
0x00749adf
0x00749ae0
0x00749ae3
0x00749ae3
0x00749ae6
0x00749ae6
0x00749ae9
0x00749aec
0x00749aef
0x00749af4
0x00749af7
0x00749afa
0x00749afc
0x00000000
0x00000000
0x00749b02
0x00749b05
0x00749b07
0x00747e4b
0x00749b0d
0x00749b0d
0x00749b10
0x00749b13
0x00749b15
0x00749b17
0x00749b17
0x00749b17
0x00749b1a
0x00749b1a
0x00749b22
0x00749b24
0x00749b2c
0x00749b2f
0x00749b31
0x00747e54
0x00749b37
0x00749b37
0x00749b39
0x00749b3c
0x00749b3e
0x00749b40
0x00749b40
0x00749b40
0x00749b43
0x00749b43
0x00749b4e
0x00749b50
0x00759d34
0x00000000
0x00749b56
0x00749b56
0x00749b59
0x00749b5c
0x00759d3b
0x00759d3b
0x00759d4b
0x00759d4e
0x00759d5c
0x00759d60
0x00759d60
0x00759d62
0x00759d76
0x00759d79
0x00759d7b
0x00759da7
0x00759da7
0x00759dad
0x00759dbe
0x00759dc5
0x00759dc5
0x00759daf
0x00759daf
0x00759db6
0x00759db6
0x00759d7d
0x00759d84
0x00759d84
0x00759d86
0x00759d96
0x00759d9d
0x00759d88
0x00759d88
0x00759d88
0x00759d88
0x00759d86
0x00759dcb
0x00759dcd
0x00759dd0
0x00759dd4
0x00759dd7
0x00759dd9
0x00759dd9
0x00759dde
0x00000000
0x00000000
0x00000000
0x00000000
0x00759d64
0x00759d64
0x00759d64
0x00759d66
0x00000000
0x00000000
0x00759d68
0x00759d6b
0x00759d6d
0x00759d6e
0x00759d70
0x00000000
0x00000000
0x00000000
0x00759d70
0x00759d72
0x00759d74
0x00759de6
0x00749bb0
0x00749bb0
0x00749bb3
0x00749bb5
0x00759df2
0x00759df4
0x00759df7
0x00759dfa
0x00759dfd
0x00759e00
0x00759e02
0x00000000
0x00759e02
0x00000000
0x00749bb5
0x00000000
0x00759d74
0x00749b66
0x00749b69
0x00000000
0x00000000
0x00749b6f
0x00749b72
0x00749b76
0x00749b78
0x00749b78
0x00749b78
0x00749b7d
0x00749bac
0x00749bac
0x00749bae
0x00000000
0x00000000
0x00749b82
0x00749b84
0x00747e5c
0x00749b8a
0x00749b8a
0x00749b8d
0x00749b90
0x00749b92
0x00749b94
0x00749b94
0x00749b94
0x00749b97
0x00749b97
0x00749ba2
0x00749ba4
0x00749cc6
0x00000000
0x00749baa
0x00749baa
0x00000000
0x00749baa
0x00749ba4
0x00000000
0x00749bac
0x00749b50
0x00747dc8
0x00747dc8
0x00000000
0x00747dc8
0x00749aec
0x00749ad0
0x00749ad0
0x00759d2a
0x00759d2c
0x00000000
0x00749ac5
0x00759d1f
0x00749bbb
0x00749bbb
0x00749bc1
0x00749bc3
0x00749bec
0x00749bec
0x00749bef
0x00749bf2
0x00749bf4
0x00749bf7
0x00749bfa
0x00749bfc
0x00759e1b
0x00759e1c
0x00759e1d
0x00759e1e
0x00759e1f
0x00759e20
0x00759e22
0x00759e27
0x00749c02
0x00749c02
0x00749c04
0x00749c07
0x00749c09
0x00749c09
0x00749c0f
0x00749c12
0x00749c18
0x00749c1a
0x00749ca7
0x00749ca7
0x00749cab
0x00749cb9
0x00749cbf
0x00749cbf
0x007266e5
0x00000000
0x00749c20
0x00749c20
0x00749c2d
0x00749c2d
0x00749c30
0x00000000
0x00000000
0x00749c25
0x00749c27
0x00749c29
0x00749c3a
0x00749c3a
0x00749c3b
0x00749c3d
0x00749c40
0x00749c44
0x00749c47
0x00749c49
0x00749c49
0x00749c49
0x00749c4b
0x00749c51
0x00749c54
0x00749c57
0x00749c5e
0x00749c61
0x00749c63
0x00749c65
0x00749c65
0x00749c65
0x00749c65
0x00749c68
0x00749c6a
0x00749c90
0x00749c99
0x00749c9c
0x00000000
0x00749c6c
0x00749c6c
0x00749c70
0x00747e6e
0x00749c76
0x00749c76
0x00749c79
0x00749c7c
0x00749c7e
0x00749c7e
0x00749c7e
0x00749c81
0x00749c81
0x00749c8c
0x00749c8e
0x00749c9f
0x00749c9f
0x00749ca1
0x00747e8d
0x00747e8f
0x00747e8f
0x00000000
0x00000000
0x00000000
0x00000000
0x00749c8e
0x00749c6a
0x00749c2b
0x00749c2b
0x00759e2f
0x00000000
0x00759e2f
0x00749c1a
0x00749bc5
0x00749bc8
0x00749bc8
0x00749bca
0x00747e65
0x00749bd0
0x00749bd0
0x00749bd3
0x00749bd6
0x00749bd8
0x00749bda
0x00749bda
0x00749bda
0x00749bdd
0x00749bdd
0x00749be3
0x00749be6
0x00000000
0x00000000
0x00759e0a
0x00759e0c
0x00759e0e
0x00000000
0x00000000
0x00759e14
0x00000000
0x00749bc8
0x00749ac3
0x0074245e
0x00742461
0x00742465
0x0074246b
0x0074246e
0x00742470
0x00742477
0x00742477
0x0074247a
0x00000000
0x00000000
0x0074247c
0x0074247e
0x00742480
0x006f2359
0x00000000
0x006f2359
0x00742486
0x00742486
0x0074248a
0x0074248d
0x00742490
0x00742493
0x00742496
0x0074249c
0x0074249f
0x007424a1
0x007424a4
0x007424a6
0x00000000
0x00000000
0x007424a8
0x007424ab
0x007424ad
0x00747e28
0x007424b3
0x007424b3
0x007424b6
0x007424b9
0x007424bb
0x007424bd
0x007424bd
0x007424bd
0x007424c0
0x007424c0
0x007424cb
0x007424ce
0x007424d0
0x00742813
0x00742815
0x00742818
0x0074281a
0x00747e31
0x00742820
0x00742820
0x00742822
0x00742825
0x00742827
0x00742829
0x00742829
0x00742829
0x0074282c
0x0074282c
0x00742837
0x00742839
0x006ff3fd
0x00000000
0x0074283f
0x0074283f
0x00742842
0x00742845
0x0074289a
0x0074289a
0x007428a3
0x007428a7
0x007428aa
0x007428b8
0x007428bc
0x007428bc
0x007428be
0x007428d6
0x007428d9
0x007428db
0x006ff2aa
0x006ff2aa
0x006ff2ac
0x006fe47c
0x006fe483
0x006ff2b2
0x006ff2b2
0x006ff2b2
0x006ff2b2
0x007428e1
0x007428e6
0x007428e6
0x007428ec
0x006fba28
0x006fba2f
0x007428f2
0x007428f5
0x007428fc
0x007428fc
0x007428fc
0x007428ec
0x00742902
0x00742904
0x00742907
0x0074290b
0x0074290e
0x00759cd7
0x00759cd7
0x00742917
0x00000000
0x00000000
0x00000000
0x00000000
0x007428c0
0x007428c0
0x007428c0
0x007428c2
0x00000000
0x00000000
0x007428c4
0x007428c7
0x007428c9
0x007428ca
0x007428cc
0x00000000
0x00000000
0x00000000
0x007428cc
0x007428ce
0x007428d0
0x00744de6
0x007424d9
0x007424d9
0x007424dc
0x007424de
0x00744df4
0x00744df4
0x00744df9
0x00744dfc
0x00000000
0x00744dfc
0x007424e4
0x007424e4
0x007424ea
0x007424ec
0x007427e7
0x007427ea
0x007427ea
0x007427ec
0x00747e42
0x007427f2
0x007427f2
0x007427f5
0x007427f8
0x007427fa
0x007427fc
0x007427fc
0x007427fc
0x007427ff
0x007427ff
0x00742805
0x00742808
0x00000000
0x00000000
0x00759cde
0x00759ce0
0x00759ce2
0x00000000
0x00759ce8
0x00000000
0x00759ce8
0x00000000
0x00759ce2
0x007427ea
0x007424f2
0x007424f2
0x007424f8
0x007424fa
0x007424fd
0x00742500
0x00742502
0x00759cef
0x00759cf0
0x00759cf1
0x00759cf2
0x00759cf3
0x00759cf4
0x00759cf6
0x00742508
0x00742508
0x0074250a
0x0074250d
0x0074250f
0x0074250f
0x00742518
0x0074251b
0x00742521
0x00742523
0x007266cc
0x007266cc
0x007266d0
0x007266d2
0x007266dd
0x007266e3
0x007266e3
0x007266e3
0x00000000
0x00742529
0x0074252c
0x0074252f
0x0074252f
0x00742532
0x00000000
0x00000000
0x00742534
0x00742536
0x00742538
0x006f2362
0x00000000
0x006f2362
0x0074253e
0x0074253e
0x00742544
0x00742547
0x0074254b
0x0074254e
0x00742550
0x00742550
0x00742550
0x00742552
0x0074255a
0x0074255d
0x00742564
0x00742566
0x00742568
0x00742568
0x00742568
0x00742568
0x0074256b
0x0074256d
0x007266a7
0x007266ad
0x00000000
0x00742573
0x00742573
0x00742577
0x00747e1f
0x00747e1f
0x00726904
0x0072690f
0x00726911
0x00000000
0x00000000
0x007266b0
0x007266b0
0x007266b2
0x007266bf
0x007266ca
0x007266ca
0x007266ca
0x00000000
0x007266b2
0x0074257d
0x00742580
0x007268fc
0x007268fc
0x007268fe
0x007268fe
0x007268fe
0x00726901
0x00000000
0x00726901
0x0074256d
0x00742523
0x00000000
0x007428d0
0x0074284b
0x0074284e
0x00000000
0x00000000
0x00742850
0x00742853
0x00742857
0x00742859
0x00742859
0x00742859
0x0074285e
0x00742861
0x00742861
0x00742864
0x00000000
0x00000000
0x0074286a
0x0074286c
0x00747e39
0x00742872
0x00742872
0x00742875
0x00742878
0x0074287a
0x0074287c
0x0074287c
0x0074287c
0x0074287f
0x0074287f
0x0074288a
0x0074288c
0x006ede47
0x00000000
0x00742892
0x00742892
0x00000000
0x00742892
0x0074288c
0x00000000
0x00742861
0x00742839
0x007424d6
0x007424d6
0x00000000
0x007424d6
0x00742493
0x00759ccc
0x00000000
0x00759ccc
0x0074243b
0x00742374
0x00742377
0x00742377
0x0074237a
0x00000000
0x00000000
0x00742380
0x00742382
0x00742384
0x006f236b
0x006f236c
0x0074238e
0x00742390
0x00742393
0x00742397
0x0074239a
0x0074239c
0x0074239c
0x0074239c
0x007423a1
0x007423a4
0x007423a6
0x007423ab
0x007423ae
0x007423b5
0x007423b7
0x007423b9
0x007423b9
0x007423b9
0x007423b9
0x007423bc
0x007423bf
0x007423c2
0x00742588
0x00742588
0x00000000
0x007423c8
0x007423c8
0x007423cb
0x007423ce
0x007423d0
0x007423d0
0x007423d0
0x007423d1
0x007423d4
0x007423d7
0x0074259a
0x0074259d
0x007425c5
0x007425cb
0x007425e7
0x00000000
0x007425e7
0x0074259f
0x007425a3
0x00747dd0
0x007425a9
0x007425a9
0x007425ac
0x007425af
0x007425b1
0x007425b1
0x007425b1
0x007425b4
0x007425b4
0x007425bd
0x007425bf
0x006f237a
0x00000000
0x00000000
0x00000000
0x00000000
0x007423dd
0x007423dd
0x007423e0
0x007423e3
0x006f52b3
0x007423e9
0x007423e9
0x007423ec
0x007423f7
0x00742404
0x00742404
0x00742404
0x00000000
0x007423e3
0x007423d7
0x007423c2
0x0074238a
0x0074238a
0x00742590
0x00742592
0x00000000
0x00742592
0x00759b86
0x00759b89
0x00759b92
0x00759b99
0x00759b9c
0x00759b9c
0x00759ba4
0x00759ba4
0x007264c1
0x007264c5
0x007264c9
0x007264cd
0x006fe836
0x006fe83a
0x006fe83e
0x006fe841
0x006fe844
0x00759bf1
0x00759bf6
0x00759bf6
0x006fe84a
0x006fe850
0x006fe852
0x006fe859
0x006fe859
0x006fe85c
0x00000000
0x00000000
0x006fe9fd
0x006fe9ff
0x006fea01
0x006feff0
0x00000000
0x006feff0
0x006fea0a
0x006fea0b
0x006fe867
0x006fe867
0x006fe86a
0x006fe86a
0x006fe86d
0x006fe870
0x006fe873
0x006fe878
0x006fe87b
0x006fe87e
0x006fe880
0x00000000
0x00000000
0x006fe886
0x006fe889
0x006fe88b
0x00747dfc
0x006fe891
0x006fe891
0x006fe894
0x006fe897
0x006fe899
0x006fe89b
0x006fe89b
0x006fe89b
0x006fe89e
0x006fe89e
0x006fe8a6
0x006fe8a8
0x006fe8b0
0x006fe8b3
0x006fe8b5
0x00747e05
0x006fe8bb
0x006fe8bb
0x006fe8bd
0x006fe8c0
0x006fe8c2
0x006fe8c4
0x006fe8c4
0x006fe8c4
0x006fe8c7
0x006fe8c7
0x006fe8d2
0x006fe8d4
0x006fb5cf
0x00000000
0x006fe8da
0x006fe8da
0x006fe8dd
0x006fe8e0
0x006fe8ef
0x006fe8ef
0x006fe8ff
0x006fe902
0x006fe910
0x006fe914
0x006fe914
0x006fe916
0x006fe92e
0x006fe931
0x006fe933
0x006eff02
0x006eff02
0x006eff08
0x006ef78b
0x006ef792
0x006eff0e
0x006eff11
0x006eff18
0x006eff18
0x006fe939
0x006fe940
0x006fe940
0x006fe942
0x006eb8b1
0x006eb8b8
0x006fe948
0x006fe948
0x006fe948
0x006fe948
0x006fe942
0x006fe952
0x006fe954
0x006fe957
0x006fe95b
0x006fe95e
0x00759c0a
0x00759c0a
0x006fe967
0x00000000
0x00000000
0x00000000
0x00000000
0x006fe918
0x006fe918
0x006fe918
0x006fe91a
0x00000000
0x00000000
0x006fe91c
0x006fe91f
0x006fe921
0x006fe922
0x006fe924
0x00000000
0x00000000
0x00000000
0x006fe924
0x006fe926
0x006fe928
0x006ef79a
0x006fe96d
0x006fe96d
0x006fe972
0x006ef7a6
0x006ef7a8
0x006ef7ab
0x006ef7ae
0x006ef7b1
0x006ef7b4
0x006ef7b6
0x00000000
0x006ef7b6
0x00000000
0x006fe972
0x00000000
0x006fe928
0x006fe8e6
0x006fe8e9
0x006e7f41
0x006e7f48
0x006e7f4a
0x006e7f4a
0x006e7f4f
0x006e7f52
0x006e7f5b
0x006e7f5d
0x00747e0d
0x006e7f63
0x006e7f63
0x006e7f66
0x006e7f69
0x006e7f6b
0x006e7f6d
0x006e7f6d
0x006e7f6d
0x006e7f70
0x006e7f70
0x006e7f7b
0x006e7f7d
0x006e7f87
0x00000000
0x006e7f7f
0x006e7f7f
0x00000000
0x006e7f7f
0x006e7f7d
0x00000000
0x006e7f52
0x00000000
0x006fe8e9
0x006fe8d4
0x006fe96a
0x006fe96a
0x00000000
0x006fe96a
0x006fe870
0x006fe862
0x006fe864
0x00000000
0x006fe854
0x00759bff
0x006fe978
0x006fe978
0x006fe980
0x006fe9a9
0x006fe9a9
0x006fe9af
0x006fe9b1
0x006fe9b4
0x006fe9b9
0x00759c22
0x00759c23
0x00759c24
0x00759c25
0x00759c26
0x00759c27
0x00759c29
0x006fe9bf
0x006fe9bf
0x006fe9c1
0x006fe9c4
0x006fe9c6
0x006fe9c6
0x006fe9cf
0x006fe9d2
0x006fe9da
0x00000000
0x006fe9e0
0x006fe9e3
0x006fe9e6
0x006fe9ef
0x006fe9f3
0x007271c5
0x007271c8
0x00000000
0x007271c8
0x006fe9f9
0x006fe9f9
0x00726675
0x00726677
0x0072667a
0x0072667e
0x00726681
0x00726683
0x00726683
0x00726683
0x0072668a
0x0072668d
0x00726690
0x00726697
0x00726699
0x007271bd
0x007271bd
0x0072669f
0x007266a1
0x007268ec
0x007268f0
0x00000000
0x00000000
0x007268f6
0x007268f9
0x00000000
0x00000000
0x00000000
0x00000000
0x007266a1
0x006fe9da
0x006fe982
0x00000000
0x006fe985
0x006fe987
0x00747e16
0x006fe98d
0x006fe98d
0x006fe990
0x006fe995
0x006fe997
0x006fe997
0x006fe99a
0x006fe99a
0x006fe9a3
0x00000000
0x00000000
0x00000000
0x00759c11
0x00759c11
0x00759c13
0x00759c15
0x00000000
0x00000000
0x00000000
0x00759c1b
0x006fe852
0x007264d3
0x007264d6
0x007264da
0x007264e0
0x007264e3
0x007264e5
0x00759bac
0x00726602
0x00726602
0x00726608
0x0072660a
0x00726633
0x00726633
0x00726639
0x0072663b
0x0072663e
0x00726641
0x00726643
0x00759bcf
0x00759bd0
0x00759bd1
0x00759bd2
0x00759bd3
0x00759bd4
0x00759bd6
0x00726649
0x00726649
0x0072664b
0x0072664e
0x00726650
0x00726650
0x00726659
0x0072665c
0x00726662
0x00726664
0x00000000
0x00726666
0x00726669
0x0072666c
0x0072666c
0x0072666f
0x00000000
0x00000000
0x00726721
0x00726723
0x00726725
0x00000000
0x00000000
0x0072672b
0x0072672b
0x00000000
0x0072666c
0x00726664
0x0072660c
0x0072660f
0x0072660f
0x00726611
0x00747df3
0x00726617
0x00726617
0x0072661a
0x0072661d
0x0072661f
0x00726621
0x00726621
0x00726621
0x00726624
0x00726624
0x0072662a
0x0072662d
0x00000000
0x00000000
0x00759bbe
0x00759bc0
0x00759bc2
0x00000000
0x00000000
0x00759bc8
0x00000000
0x00000000
0x00000000
0x00000000
0x007264eb
0x007264eb
0x007264eb
0x007264ee
0x00000000
0x00000000
0x00726710
0x00726712
0x00726714
0x00728ce8
0x00000000
0x00728ce8
0x0072671a
0x0072671a
0x007264f4
0x007264f7
0x007264fa
0x007264fd
0x00726500
0x00726506
0x00726509
0x0072650b
0x0072650e
0x00726510
0x00000000
0x00000000
0x00726516
0x00726519
0x0072651b
0x00747dd9
0x00726521
0x00726521
0x00726524
0x00726527
0x00726529
0x0072652b
0x0072652b
0x0072652b
0x0072652e
0x0072652e
0x00726539
0x0072653c
0x0072653e
0x00726546
0x00726549
0x0072654b
0x00747de2
0x00726551
0x00726551
0x00726553
0x00726556
0x00726558
0x0072655a
0x0072655a
0x0072655a
0x0072655d
0x0072655d
0x00726568
0x0072656a
0x00726ee8
0x00000000
0x00726570
0x00726570
0x00726573
0x00726576
0x0072984d
0x00729850
0x00000000
0x00000000
0x00729856
0x00729859
0x0072985d
0x0072985f
0x0072985f
0x0072985f
0x00729864
0x00729867
0x00729867
0x0072986a
0x00000000
0x00000000
0x00729870
0x00729872
0x00747dea
0x00729878
0x00729878
0x0072987b
0x0072987e
0x00729880
0x00729882
0x00729882
0x00729882
0x00729885
0x00729885
0x00729890
0x00729892
0x006fb5fc
0x00000000
0x00729898
0x00729898
0x00000000
0x00729898
0x00729892
0x007265f7
0x007265f7
0x007265fa
0x007265fc
0x00729b27
0x00729b27
0x00729b2c
0x00729b2f
0x00000000
0x00729b2f
0x00000000
0x007265fc
0x0072657c
0x0072657c
0x00726585
0x00726589
0x0072658c
0x0072659a
0x0072659e
0x0072659e
0x007265a0
0x007265b8
0x007265bb
0x007265bd
0x00726921
0x00726921
0x00726927
0x00726c01
0x00726c08
0x0072692d
0x00726930
0x00726937
0x00726937
0x007265c3
0x007265ca
0x007265ca
0x007265cc
0x00726c15
0x00726c1c
0x007265d2
0x007265d2
0x007265d2
0x007265d2
0x007265cc
0x007265dc
0x007265de
0x007265e1
0x007265e5
0x007265e8
0x00759bb7
0x00759bb7
0x007265f1
0x00000000
0x00000000
0x00000000
0x00000000
0x007265a2
0x007265a2
0x007265a2
0x007265a4
0x00000000
0x00000000
0x007265a6
0x007265a9
0x007265ab
0x007265ac
0x007265ae
0x00000000
0x00000000
0x00000000
0x007265ae
0x007265b0
0x007265b2
0x00729b19
0x00000000
0x00729b19
0x00000000
0x007265b2
0x0072656a
0x007265f4
0x007265f4
0x00000000
0x007265f4
0x007264fd

Strings

HEAP: Free Heap block %lx modified at %lx after it was freed, xrefs: 00759CB4
HEAP[%wZ]: , xrefs: 00759C93
HEAP: , xrefs: 00759CA0

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %lx modified at %lx after it was freed$HEAP[%wZ]:
API String ID: 0-2419525547
Opcode ID: 6b0d320e750cb065d2b6ec89f2c7a1d901d9f34edb3be17d6f3af2dcf89bf116
Instruction ID: 6254f8f5678e571e4dc430895a77d209b482b32eb8f30fedbb73a894f0edf06b
Opcode Fuzzy Hash: 6b0d320e750cb065d2b6ec89f2c7a1d901d9f34edb3be17d6f3af2dcf89bf116
Instruction Fuzzy Hash: 4CC2BD71A04266CFCB18CF19C490A7A7BB2FF94301B29C1A9ED568B356D738EC51DB90

Uniqueness

Uniqueness Score: 100.00%

Function 006F91F7, Relevance: 4.2, Strings: 3, Instructions: 478UNIQUE

Strings

HEAP: Free Heap block %lx modified at %lx after it was freed, xrefs: 0075DABD
HEAP[%wZ]: , xrefs: 0075DA9C
HEAP: , xrefs: 0075DAA9

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %lx modified at %lx after it was freed$HEAP[%wZ]:
API String ID: 0-2419525547
Opcode ID: 045e6e67b61c49c4085b9444fec4c145a1173f9da86ab5b293a4c3b05343f27b
Instruction ID: 46eae400bb46c3657ac82904d7af4d9711fafb155b2cbee97e9f63e1ad677662
Opcode Fuzzy Hash: 045e6e67b61c49c4085b9444fec4c145a1173f9da86ab5b293a4c3b05343f27b
Instruction Fuzzy Hash: 6502CD70514249DFCB28CF28C495BBABBF2EF58301F14845DE9968B282D778ED46DB60

Uniqueness

Uniqueness Score: 100.00%

Function 006FC447, Relevance: 4.1, Strings: 3, Instructions: 340UNIQUE

Strings

RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %x), xrefs: 00758E7D
HEAP[%wZ]: , xrefs: 00758E5D
HEAP: , xrefs: 00758E6A

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %x)
API String ID: 0-385592399
Opcode ID: 2825ed882a62b5a980f8bef6a6a598c64c64a8a99737abdb58a084122ec358f9
Instruction ID: 82a7466f1cff7b76e785409dbbe9f12fbd7b1b704b228ce0a087d3236db21f10
Opcode Fuzzy Hash: 2825ed882a62b5a980f8bef6a6a598c64c64a8a99737abdb58a084122ec358f9
Instruction Fuzzy Hash: 89D1DD71A0065DDFDB24CB69C580BBAB7F2BF48310F148199EA51AB381D738ED51DB90

Uniqueness

Uniqueness Score: 100.00%

Function 007324E1, Relevance: 4.0, Strings: 3, Instructions: 272COMMON

Strings

HEAP[%wZ]: , xrefs: 00761E19
RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex)), xrefs: 00761E31
HEAP: , xrefs: 00761E26

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))
API String ID: 0-1596344177
Opcode ID: 2c6771237d6d9adf70c5cf95988f0bd24787e0206fe1428a85d4baa3952e4946
Instruction ID: aa99967ee1485b1d1cf2a82387f938ae235d6fa9f58b8847440e0dd998283617
Opcode Fuzzy Hash: 2c6771237d6d9adf70c5cf95988f0bd24787e0206fe1428a85d4baa3952e4946
Instruction Fuzzy Hash: 4EB17C71600605DFDB28CF29C494A79B7F1FF49310F6486A9E856CB392E738E981DB50

Uniqueness

Uniqueness Score: 0.05%

Function 006E96B9, Relevance: 2.4, Strings: 1, Instructions: 1141COMMON

Strings

, xrefs: 006DF5EB

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: b7f19c9ab056f75bb0dc1b42e3624b425e3586949f7a48d9cec9c025e6629307
Instruction ID: f348331ec875c3b241603af18289c3b5c13528e2c45f23331342f64d2993794c
Opcode Fuzzy Hash: b7f19c9ab056f75bb0dc1b42e3624b425e3586949f7a48d9cec9c025e6629307
Instruction Fuzzy Hash: CCA24771D012A9DFEF618F15CC81BE9B7B6AF04300F1480EAEA49A7241D7749E85DF61

Uniqueness

Uniqueness Score: 0.02%

Function 006D83EB, Relevance: 2.0, Strings: 1, Instructions: 745COMMON

Strings

#, xrefs: 0075CAF3

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 0ba15791721ee0db3030a2d9881e31903f10625f71580f55e8901b5d978529d5
Instruction ID: 1802bcfd98f0cb66246c140e2ed85f97a4c951eeb246343eb71bb663cd28cb06
Opcode Fuzzy Hash: 0ba15791721ee0db3030a2d9881e31903f10625f71580f55e8901b5d978529d5
Instruction Fuzzy Hash: B0527D71D00219DFDF26DF94C845BEEBBBAEF08301F14442AE911BB251DBB89945CB91

Uniqueness

Uniqueness Score: 0.05%

Function 0072B594, Relevance: 1.7, Strings: 1, Instructions: 436COMMON

Strings

[;s08, xrefs: 0072B596

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: [;s08
API String ID: 0-255340035
Opcode ID: 6a915ed44c300d4b82901553f75c131170236865fb61e9903a7289a5644762fd
Instruction ID: 0e265b005002d7986d36722a61330308da9687a866f0d88469c919cae7025a79
Opcode Fuzzy Hash: 6a915ed44c300d4b82901553f75c131170236865fb61e9903a7289a5644762fd
Instruction Fuzzy Hash: A9F17B70A00269EFDF15CFA4D884BEEBBB9EF04704F14845AF845AB291D778D985CB90

Uniqueness

Uniqueness Score: 0.28%

Function 004078EC, Relevance: 1.7, Strings: 1, Instructions: 433
COMMONCrypto

C-Code - Quality: 72%

			E004078EC(void* __eax, void* __edi, signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v304;
				signed char* _t278;
				signed int* _t279;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				signed int _t293;
				signed int _t296;
				signed int _t300;
				signed int _t304;
				signed int _t306;
				signed int _t312;
				signed int _t320;
				signed int _t322;
				signed int _t325;
				signed int _t327;
				signed int _t336;
				signed int _t342;
				signed int _t343;
				signed int _t348;
				signed int _t356;
				signed int _t360;
				signed int _t361;
				signed int _t365;
				signed int _t368;
				signed int _t372;
				signed int _t373;
				signed int _t402;
				signed int _t407;
				signed int _t413;
				signed int _t416;
				signed int _t423;
				signed int _t426;
				signed int _t435;
				signed int _t437;
				signed int _t440;
				signed int _t448;
				signed int _t463;
				signed int _t466;
				signed int _t467;
				signed int _t468;
				signed int _t474;
				signed int _t482;
				signed int _t483;
				signed int* _t484;
				signed int* _t487;
				signed int _t494;
				signed int _t497;
				signed int _t502;
				signed int _t505;
				signed int _t508;
				signed int _t511;
				signed int _t512;
				signed int _t516;
				signed int _t528;
				signed int _t531;
				signed int _t538;
				void* _t544;
				void* _t546;

				asm("jecxz 0x7a");
				_t544 = _t546;
				_t487 = _a4;
				_t356 = 0;
				_t2 =  &(_t487[7]); // 0x1b
				_t278 = _t2;
				do {
					 *(_t544 + _t356 * 4 - 0x14c) = ((( *(_t278 - 1) & 0x000000ff) << 0x00000008 |  *_t278 & 0x000000ff) << 0x00000008 | _t278[1] & 0x000000ff) << 0x00000008 | _t278[2] & 0x000000ff;
					 *(_t544 + _t356 * 4 - 0x148) = (((_t278[3] & 0x000000ff) << 0x00000008 | _t278[4] & 0x000000ff) << 0x00000008 | _t278[5] & 0x000000ff) << 0x00000008 | _t278[6] & 0x000000ff;
					 *(_t544 + _t356 * 4 - 0x144) = (((_t278[7] & 0x000000ff) << 0x00000008 | _t278[8] & 0x000000ff) << 0x00000008 | _t278[9] & 0x000000ff) << 0x00000008 | _t278[0xa] & 0x000000ff;
					 *(_t544 + _t356 * 4 - 0x140) = (((_t278[0xb] & 0x000000ff) << 0x00000008 | _t278[0xc] & 0x000000ff) << 0x00000008 | _t278[0xd] & 0x000000ff) << 0x00000008 | _t278[0xe] & 0x000000ff;
					_t356 = _t356 + 4;
					_t278 =  &(_t278[0x10]);
				} while (_t356 < 0x10);
				_t279 =  &_v304;
				_v8 = 0x10;
				do {
					_t402 =  *(_t279 - 0x18);
					_t463 =  *(_t279 - 0x14);
					_t360 =  *(_t279 - 0x20) ^ _t279[5] ^  *_t279 ^ _t402;
					asm("rol ecx, 1");
					asm("rol ebx, 1");
					_t279[9] =  *(_t279 - 0x1c) ^ _t279[6] ^ _t279[1] ^ _t463;
					_t279[8] = _t360;
					_t320 = _t279[7] ^  *(_t279 - 0x10) ^ _t279[2];
					_t279 =  &(_t279[4]);
					asm("rol ebx, 1");
					asm("rol edx, 1");
					_t46 =  &_v8;
					 *_t46 = _v8 - 1;
					_t279[6] = _t320 ^ _t402;
					_t279[7] =  *(_t279 - 0x1c) ^  *(_t279 - 4) ^ _t360 ^ _t463;
				} while ( *_t46 != 0);
				_t322 =  *_t487;
				_t280 = _t487[1];
				_t361 = _t487[2];
				_t407 = _t487[3];
				_v12 = _t322;
				_v16 = _t487[4];
				_v8 = 0;
				do {
					asm("rol ebx, 0x5");
					_t466 = _v8;
					_t494 = _t322 + ( !_t280 & _t407 | _t361 & _t280) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x14c)) + _v16 + 0x5a827999;
					_t325 = _v12;
					asm("ror eax, 0x2");
					_v16 = _t407;
					_v12 = _t494;
					asm("rol esi, 0x5");
					_v8 = _t361;
					_t413 = _t494 + ( !_t325 & _t361 | _t280 & _t325) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x148)) + _v16 + 0x5a827999;
					_t497 = _t280;
					asm("ror ebx, 0x2");
					_v16 = _v8;
					_t365 = _v12;
					_v8 = _t325;
					_t327 = _v8;
					_v12 = _t413;
					asm("rol edx, 0x5");
					_t286 = _t413 + ( !_t365 & _t497 | _t325 & _t365) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x144)) + _v16 + 0x5a827999;
					_t416 = _v12;
					_v16 = _t497;
					asm("ror ecx, 0x2");
					_v8 = _t365;
					_v12 = _t286;
					asm("rol eax, 0x5");
					_v16 = _t327;
					_t502 = _t286 + ( !_t416 & _t327 | _t365 & _t416) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x140)) + _v16 + 0x5a827999;
					_t361 = _v12;
					_t289 = _v8;
					asm("ror edx, 0x2");
					_v8 = _t416;
					_v12 = _t502;
					asm("rol esi, 0x5");
					_v16 = _t289;
					_t280 = _v12;
					_t505 = _t502 + ( !_t361 & _t289 | _t416 & _t361) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x13c)) + _v16 + 0x5a827999;
					_t407 = _v8;
					asm("ror ecx, 0x2");
					_t467 = _t466 + 5;
					_t322 = _t505;
					_v12 = _t322;
					_v8 = _t467;
				} while (_t467 < 0x14);
				_t468 = 0x14;
				do {
					asm("rol esi, 0x5");
					asm("ror eax, 0x2");
					_v16 = _t407;
					_t508 = _t505 + (_t407 ^ _t361 ^ _t280) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
					_t336 = _v12;
					_v12 = _t508;
					asm("rol esi, 0x5");
					_t423 = _t508 + (_t361 ^ _t280 ^ _t336) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
					asm("ror ebx, 0x2");
					_t511 = _t280;
					_v16 = _t361;
					_t368 = _v12;
					_v12 = _t423;
					asm("rol edx, 0x5");
					asm("ror ecx, 0x2");
					_t293 = _t423 + (_t280 ^ _t336 ^ _t368) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
					_t426 = _v12;
					_v8 = _t336;
					_v8 = _t368;
					_v12 = _t293;
					asm("rol eax, 0x5");
					_t468 = _t468 + 5;
					_t361 = _v12;
					asm("ror edx, 0x2");
					_t146 = _t511 + 0x6ed9eba1; // 0x6ed9eb9f
					_t512 = _t293 + (_t336 ^ _v8 ^ _t426) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x154)) + _t146;
					_t296 = _v8;
					_v8 = _t426;
					_v12 = _t512;
					asm("rol esi, 0x5");
					_t407 = _v8;
					_t505 = _t512 + (_t296 ^ _v8 ^ _t361) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x150)) + _t336 + 0x6ed9eba1;
					_v16 = _t296;
					_t280 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t505;
				} while (_t468 < 0x28);
				_v8 = 0x28;
				do {
					asm("rol esi, 0x5");
					_v16 = _t407;
					asm("ror eax, 0x2");
					_t516 = ((_t361 | _t280) & _t407 | _t361 & _t280) +  *((intOrPtr*)(_t544 + _v8 * 4 - 0x14c)) + _t505 + _v16 - 0x70e44324;
					_t474 = _v12;
					_v12 = _t516;
					asm("rol esi, 0x5");
					_t342 = _v8;
					asm("ror edi, 0x2");
					_t435 = ((_t280 | _t474) & _t361 | _t280 & _t474) +  *((intOrPtr*)(_t544 + _t342 * 4 - 0x148)) + _t516 + _v16 - 0x70e44324;
					_v16 = _t361;
					_t372 = _v12;
					_v12 = _t435;
					asm("rol edx, 0x5");
					_v8 = _t280;
					_t437 = ((_t474 | _t372) & _t280 | _t474 & _t372) +  *((intOrPtr*)(_t544 + _t342 * 4 - 0x144)) + _t435 + _v16 - 0x70e44324;
					asm("ror ecx, 0x2");
					_v16 = _v8;
					_t300 = _v12;
					_v8 = _t474;
					_v12 = _t437;
					asm("rol edx, 0x5");
					asm("ror eax, 0x2");
					_t528 = ((_t372 | _t300) & _t474 | _t372 & _t300) +  *((intOrPtr*)(_t544 + _t342 * 4 - 0x140)) + _t437 + _v16 - 0x70e44324;
					_v16 = _v8;
					_t440 = _t372;
					_t361 = _v12;
					_v8 = _t440;
					_v12 = _t528;
					asm("rol esi, 0x5");
					_v16 = _v8;
					_t505 = ((_t300 | _t361) & _t440 | _t300 & _t361) +  *((intOrPtr*)(_t544 + _t342 * 4 - 0x13c)) + _t528 + _v16 - 0x70e44324;
					_t407 = _t300;
					_t280 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t505;
					_t343 = _t342 + 5;
					_v8 = _t343;
				} while (_t343 < 0x3c);
				_t482 = 0x3c;
				_v8 = 0x3c;
				do {
					asm("rol esi, 0x5");
					_t483 = _v8;
					asm("ror eax, 0x2");
					_t531 = (_t407 ^ _t361 ^ _t280) +  *((intOrPtr*)(_t544 + _t482 * 4 - 0x14c)) + _t505 + _v16 - 0x359d3e2a;
					_t348 = _v12;
					_v16 = _t407;
					_v12 = _t531;
					asm("rol esi, 0x5");
					asm("ror ebx, 0x2");
					_t448 = (_t361 ^ _t280 ^ _t348) +  *((intOrPtr*)(_t544 + _t483 * 4 - 0x148)) + _t531 + _v16 - 0x359d3e2a;
					_v16 = _t361;
					_t373 = _v12;
					_v12 = _t448;
					asm("rol edx, 0x5");
					_v16 = _t280;
					asm("ror ecx, 0x2");
					_t304 = (_t280 ^ _t348 ^ _t373) +  *((intOrPtr*)(_t544 + _t483 * 4 - 0x144)) + _t448 + _v16 - 0x359d3e2a;
					_t407 = _v12;
					_v12 = _t304;
					asm("rol eax, 0x5");
					_v16 = _t348;
					_t538 = (_t348 ^ _t373 ^ _t407) +  *((intOrPtr*)(_t544 + _t483 * 4 - 0x140)) + _t304 + _v16 - 0x359d3e2a;
					_t306 = _t373;
					_v8 = _t348;
					asm("ror edx, 0x2");
					_v8 = _t373;
					_t361 = _v12;
					_v12 = _t538;
					asm("rol esi, 0x5");
					_t482 = _t483 + 5;
					_t505 = (_t306 ^ _t407 ^ _t361) +  *((intOrPtr*)(_t544 + _t483 * 4 - 0x13c)) + _t538 + _v16 - 0x359d3e2a;
					_v16 = _t306;
					_t280 = _v12;
					asm("ror ecx, 0x2");
					_v8 = _t407;
					_v12 = _t505;
					_v8 = _t482;
				} while (_t482 < 0x50);
				_t484 = _a4;
				_t484[2] = _t484[2] + _t361;
				_t484[3] = _t484[3] + _t407;
				_t312 = _t484[4] + _v16;
				 *_t484 =  *_t484 + _t505;
				_t484[1] = _t484[1] + _t280;
				_t484[4] = _t312;
				_t484[0x17] = 0;
				return _t312;
			}

0x004078ee
0x004078f1
0x004078fb
0x004078ff
0x00407901
0x00407901
0x00407904
0x00407926
0x0040794c
0x00407972
0x00407994
0x0040799b
0x0040799e
0x004079a1
0x004079aa
0x004079b0
0x004079b7
0x004079c8
0x004079cb
0x004079ce
0x004079d2
0x004079d4
0x004079d6
0x004079df
0x004079e2
0x004079e5
0x004079f0
0x004079f6
0x004079f8
0x004079f8
0x004079fb
0x004079fe
0x004079fe
0x00407a03
0x00407a05
0x00407a08
0x00407a0b
0x00407a11
0x00407a14
0x00407a17
0x00407a20
0x00407a26
0x00407a2f
0x00407a3e
0x00407a45
0x00407a48
0x00407a4b
0x00407a54
0x00407a57
0x00407a5a
0x00407a72
0x00407a79
0x00407a7b
0x00407a7e
0x00407a81
0x00407a8a
0x00407a91
0x00407a94
0x00407a97
0x00407aa6
0x00407aad
0x00407ab0
0x00407ab3
0x00407abc
0x00407ac6
0x00407ac9
0x00407ad5
0x00407ad8
0x00407adf
0x00407ae2
0x00407ae5
0x00407aea
0x00407aed
0x00407af6
0x00407b07
0x00407b0a
0x00407b0d
0x00407b14
0x00407b17
0x00407b1a
0x00407b1d
0x00407b1f
0x00407b22
0x00407b25
0x00407b2e
0x00407b33
0x00407b33
0x00407b48
0x00407b4b
0x00407b4e
0x00407b55
0x00407b58
0x00407b5b
0x00407b70
0x00407b77
0x00407b7a
0x00407b7e
0x00407b81
0x00407b86
0x00407b89
0x00407b98
0x00407b9b
0x00407ba2
0x00407ba5
0x00407ba8
0x00407bab
0x00407bae
0x00407bb6
0x00407bc4
0x00407bc7
0x00407bca
0x00407bca
0x00407bd1
0x00407bd4
0x00407bd7
0x00407bdf
0x00407bed
0x00407bf0
0x00407bf7
0x00407bfa
0x00407bfd
0x00407c00
0x00407c03
0x00407c0c
0x00407c13
0x00407c13
0x00407c19
0x00407c32
0x00407c35
0x00407c3c
0x00407c3f
0x00407c42
0x00407c54
0x00407c5e
0x00407c61
0x00407c6a
0x00407c6d
0x00407c74
0x00407c77
0x00407c7d
0x00407c90
0x00407c97
0x00407c9a
0x00407c9d
0x00407ca0
0x00407ca9
0x00407cac
0x00407cbf
0x00407cc2
0x00407ccc
0x00407ccf
0x00407cd1
0x00407cda
0x00407cdd
0x00407cf0
0x00407cf6
0x00407cf9
0x00407d00
0x00407d02
0x00407d05
0x00407d08
0x00407d0b
0x00407d0e
0x00407d11
0x00407d1a
0x00407d1f
0x00407d22
0x00407d22
0x00407d35
0x00407d38
0x00407d3b
0x00407d42
0x00407d45
0x00407d48
0x00407d4b
0x00407d5e
0x00407d61
0x00407d6c
0x00407d6f
0x00407d7b
0x00407d7e
0x00407d84
0x00407d87
0x00407d8a
0x00407d91
0x00407da1
0x00407da4
0x00407daa
0x00407dad
0x00407db4
0x00407db6
0x00407db9
0x00407dbc
0x00407dbf
0x00407dc2
0x00407dc9
0x00407dd8
0x00407ddb
0x00407de2
0x00407de5
0x00407de8
0x00407deb
0x00407dee
0x00407df1
0x00407df4
0x00407dfd
0x00407e0e
0x00407e16
0x00407e1c
0x00407e1f
0x00407e21
0x00407e24
0x00407e27
0x00407e34

Strings

(, xrefs: 00407C0C

Memory Dump Source

Source File: 00000008.00000002.1737773117.00400000.00000040.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_bnmoc.jbxd

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: 57ebbfb72c0b610feab843339ecaa460d5f42b69ff88eb9311e9ebef8d2cafbf
Instruction ID: 747de6cee09687595775b0430efaed5686bf40a22ff7412ba3a2809f9c4c8214
Opcode Fuzzy Hash: 57ebbfb72c0b610feab843339ecaa460d5f42b69ff88eb9311e9ebef8d2cafbf
Instruction Fuzzy Hash: 6C121BB6E006189BDB54CF9AC8805DDFBF2FF88314F1AC1AAD849A7355D6746A418F80

Uniqueness

Uniqueness Score: 0.02%

Function 004078F0, Relevance: 1.7, Strings: 1, Instructions: 423
COMMONCrypto

C-Code - Quality: 73%

			E004078F0(signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v304;
				signed char* _t277;
				signed int* _t278;
				signed int _t279;
				signed int _t285;
				signed int _t288;
				signed int _t292;
				signed int _t295;
				signed int _t299;
				signed int _t303;
				signed int _t305;
				signed int _t311;
				signed int _t318;
				signed int _t320;
				signed int _t323;
				signed int _t325;
				signed int _t334;
				signed int _t340;
				signed int _t341;
				signed int _t346;
				signed int _t353;
				signed int _t357;
				signed int _t358;
				signed int _t362;
				signed int _t365;
				signed int _t369;
				signed int _t370;
				signed int _t399;
				signed int _t404;
				signed int _t410;
				signed int _t413;
				signed int _t420;
				signed int _t423;
				signed int _t432;
				signed int _t434;
				signed int _t437;
				signed int _t445;
				signed int _t459;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				signed int _t470;
				signed int _t478;
				signed int _t479;
				signed int* _t480;
				signed int* _t481;
				signed int _t488;
				signed int _t491;
				signed int _t496;
				signed int _t499;
				signed int _t502;
				signed int _t505;
				signed int _t506;
				signed int _t510;
				signed int _t522;
				signed int _t525;
				signed int _t532;
				void* _t536;

				_t481 = _a4;
				_t353 = 0;
				_t2 =  &(_t481[7]); // 0x1b
				_t277 = _t2;
				do {
					 *(_t536 + _t353 * 4 - 0x14c) = ((( *(_t277 - 1) & 0x000000ff) << 0x00000008 |  *_t277 & 0x000000ff) << 0x00000008 | _t277[1] & 0x000000ff) << 0x00000008 | _t277[2] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x148) = (((_t277[3] & 0x000000ff) << 0x00000008 | _t277[4] & 0x000000ff) << 0x00000008 | _t277[5] & 0x000000ff) << 0x00000008 | _t277[6] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x144) = (((_t277[7] & 0x000000ff) << 0x00000008 | _t277[8] & 0x000000ff) << 0x00000008 | _t277[9] & 0x000000ff) << 0x00000008 | _t277[0xa] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x140) = (((_t277[0xb] & 0x000000ff) << 0x00000008 | _t277[0xc] & 0x000000ff) << 0x00000008 | _t277[0xd] & 0x000000ff) << 0x00000008 | _t277[0xe] & 0x000000ff;
					_t353 = _t353 + 4;
					_t277 =  &(_t277[0x10]);
				} while (_t353 < 0x10);
				_t278 =  &_v304;
				_v8 = 0x10;
				do {
					_t399 =  *(_t278 - 0x18);
					_t459 =  *(_t278 - 0x14);
					_t357 =  *(_t278 - 0x20) ^ _t278[5] ^  *_t278 ^ _t399;
					asm("rol ecx, 1");
					asm("rol ebx, 1");
					_t278[9] =  *(_t278 - 0x1c) ^ _t278[6] ^ _t278[1] ^ _t459;
					_t278[8] = _t357;
					_t318 = _t278[7] ^  *(_t278 - 0x10) ^ _t278[2];
					_t278 =  &(_t278[4]);
					asm("rol ebx, 1");
					asm("rol edx, 1");
					_t46 =  &_v8;
					 *_t46 = _v8 - 1;
					_t278[6] = _t318 ^ _t399;
					_t278[7] =  *(_t278 - 0x1c) ^  *(_t278 - 4) ^ _t357 ^ _t459;
				} while ( *_t46 != 0);
				_t320 =  *_t481;
				_t279 = _t481[1];
				_t358 = _t481[2];
				_t404 = _t481[3];
				_v12 = _t320;
				_v16 = _t481[4];
				_v8 = 0;
				do {
					asm("rol ebx, 0x5");
					_t462 = _v8;
					_t488 = _t320 + ( !_t279 & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x14c)) + _v16 + 0x5a827999;
					_t323 = _v12;
					asm("ror eax, 0x2");
					_v16 = _t404;
					_v12 = _t488;
					asm("rol esi, 0x5");
					_v8 = _t358;
					_t410 = _t488 + ( !_t323 & _t358 | _t279 & _t323) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x148)) + _v16 + 0x5a827999;
					_t491 = _t279;
					asm("ror ebx, 0x2");
					_v16 = _v8;
					_t362 = _v12;
					_v8 = _t323;
					_t325 = _v8;
					_v12 = _t410;
					asm("rol edx, 0x5");
					_t285 = _t410 + ( !_t362 & _t491 | _t323 & _t362) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x144)) + _v16 + 0x5a827999;
					_t413 = _v12;
					_v16 = _t491;
					asm("ror ecx, 0x2");
					_v8 = _t362;
					_v12 = _t285;
					asm("rol eax, 0x5");
					_v16 = _t325;
					_t496 = _t285 + ( !_t413 & _t325 | _t362 & _t413) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x140)) + _v16 + 0x5a827999;
					_t358 = _v12;
					_t288 = _v8;
					asm("ror edx, 0x2");
					_v8 = _t413;
					_v12 = _t496;
					asm("rol esi, 0x5");
					_v16 = _t288;
					_t279 = _v12;
					_t499 = _t496 + ( !_t358 & _t288 | _t413 & _t358) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x13c)) + _v16 + 0x5a827999;
					_t404 = _v8;
					asm("ror ecx, 0x2");
					_t463 = _t462 + 5;
					_t320 = _t499;
					_v12 = _t320;
					_v8 = _t463;
				} while (_t463 < 0x14);
				_t464 = 0x14;
				do {
					asm("rol esi, 0x5");
					asm("ror eax, 0x2");
					_v16 = _t404;
					_t502 = _t499 + (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
					_t334 = _v12;
					_v12 = _t502;
					asm("rol esi, 0x5");
					_t420 = _t502 + (_t358 ^ _t279 ^ _t334) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
					asm("ror ebx, 0x2");
					_t505 = _t279;
					_v16 = _t358;
					_t365 = _v12;
					_v12 = _t420;
					asm("rol edx, 0x5");
					asm("ror ecx, 0x2");
					_t292 = _t420 + (_t279 ^ _t334 ^ _t365) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
					_t423 = _v12;
					_v8 = _t334;
					_v8 = _t365;
					_v12 = _t292;
					asm("rol eax, 0x5");
					_t464 = _t464 + 5;
					_t358 = _v12;
					asm("ror edx, 0x2");
					_t146 = _t505 + 0x6ed9eba1; // 0x6ed9eb9f
					_t506 = _t292 + (_t334 ^ _v8 ^ _t423) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x154)) + _t146;
					_t295 = _v8;
					_v8 = _t423;
					_v12 = _t506;
					asm("rol esi, 0x5");
					_t404 = _v8;
					_t499 = _t506 + (_t295 ^ _v8 ^ _t358) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x150)) + _t334 + 0x6ed9eba1;
					_v16 = _t295;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
				} while (_t464 < 0x28);
				_v8 = 0x28;
				do {
					asm("rol esi, 0x5");
					_v16 = _t404;
					asm("ror eax, 0x2");
					_t510 = ((_t358 | _t279) & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _v8 * 4 - 0x14c)) + _t499 + _v16 - 0x70e44324;
					_t470 = _v12;
					_v12 = _t510;
					asm("rol esi, 0x5");
					_t340 = _v8;
					asm("ror edi, 0x2");
					_t432 = ((_t279 | _t470) & _t358 | _t279 & _t470) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x148)) + _t510 + _v16 - 0x70e44324;
					_v16 = _t358;
					_t369 = _v12;
					_v12 = _t432;
					asm("rol edx, 0x5");
					_v8 = _t279;
					_t434 = ((_t470 | _t369) & _t279 | _t470 & _t369) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x144)) + _t432 + _v16 - 0x70e44324;
					asm("ror ecx, 0x2");
					_v16 = _v8;
					_t299 = _v12;
					_v8 = _t470;
					_v12 = _t434;
					asm("rol edx, 0x5");
					asm("ror eax, 0x2");
					_t522 = ((_t369 | _t299) & _t470 | _t369 & _t299) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x140)) + _t434 + _v16 - 0x70e44324;
					_v16 = _v8;
					_t437 = _t369;
					_t358 = _v12;
					_v8 = _t437;
					_v12 = _t522;
					asm("rol esi, 0x5");
					_v16 = _v8;
					_t499 = ((_t299 | _t358) & _t437 | _t299 & _t358) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x13c)) + _t522 + _v16 - 0x70e44324;
					_t404 = _t299;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
					_t341 = _t340 + 5;
					_v8 = _t341;
				} while (_t341 < 0x3c);
				_t478 = 0x3c;
				_v8 = 0x3c;
				do {
					asm("rol esi, 0x5");
					_t479 = _v8;
					asm("ror eax, 0x2");
					_t525 = (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t478 * 4 - 0x14c)) + _t499 + _v16 - 0x359d3e2a;
					_t346 = _v12;
					_v16 = _t404;
					_v12 = _t525;
					asm("rol esi, 0x5");
					asm("ror ebx, 0x2");
					_t445 = (_t358 ^ _t279 ^ _t346) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x148)) + _t525 + _v16 - 0x359d3e2a;
					_v16 = _t358;
					_t370 = _v12;
					_v12 = _t445;
					asm("rol edx, 0x5");
					_v16 = _t279;
					asm("ror ecx, 0x2");
					_t303 = (_t279 ^ _t346 ^ _t370) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x144)) + _t445 + _v16 - 0x359d3e2a;
					_t404 = _v12;
					_v12 = _t303;
					asm("rol eax, 0x5");
					_v16 = _t346;
					_t532 = (_t346 ^ _t370 ^ _t404) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x140)) + _t303 + _v16 - 0x359d3e2a;
					_t305 = _t370;
					_v8 = _t346;
					asm("ror edx, 0x2");
					_v8 = _t370;
					_t358 = _v12;
					_v12 = _t532;
					asm("rol esi, 0x5");
					_t478 = _t479 + 5;
					_t499 = (_t305 ^ _t404 ^ _t358) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x13c)) + _t532 + _v16 - 0x359d3e2a;
					_v16 = _t305;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v8 = _t404;
					_v12 = _t499;
					_v8 = _t478;
				} while (_t478 < 0x50);
				_t480 = _a4;
				_t480[2] = _t480[2] + _t358;
				_t480[3] = _t480[3] + _t404;
				_t311 = _t480[4] + _v16;
				 *_t480 =  *_t480 + _t499;
				_t480[1] = _t480[1] + _t279;
				_t480[4] = _t311;
				_t480[0x17] = 0;
				return _t311;
			}

0x004078fb
0x004078ff
0x00407901
0x00407901
0x00407904
0x00407926
0x0040794c
0x00407972
0x00407994
0x0040799b
0x0040799e
0x004079a1
0x004079aa
0x004079b0
0x004079b7
0x004079c8
0x004079cb
0x004079ce
0x004079d2
0x004079d4
0x004079d6
0x004079df
0x004079e2
0x004079e5
0x004079f0
0x004079f6
0x004079f8
0x004079f8
0x004079fb
0x004079fe
0x004079fe
0x00407a03
0x00407a05
0x00407a08
0x00407a0b
0x00407a11
0x00407a14
0x00407a17
0x00407a20
0x00407a26
0x00407a2f
0x00407a3e
0x00407a45
0x00407a48
0x00407a4b
0x00407a54
0x00407a57
0x00407a5a
0x00407a72
0x00407a79
0x00407a7b
0x00407a7e
0x00407a81
0x00407a8a
0x00407a91
0x00407a94
0x00407a97
0x00407aa6
0x00407aad
0x00407ab0
0x00407ab3
0x00407abc
0x00407ac6
0x00407ac9
0x00407ad5
0x00407ad8
0x00407adf
0x00407ae2
0x00407ae5
0x00407aea
0x00407aed
0x00407af6
0x00407b07
0x00407b0a
0x00407b0d
0x00407b14
0x00407b17
0x00407b1a
0x00407b1d
0x00407b1f
0x00407b22
0x00407b25
0x00407b2e
0x00407b33
0x00407b33
0x00407b48
0x00407b4b
0x00407b4e
0x00407b55
0x00407b58
0x00407b5b
0x00407b70
0x00407b77
0x00407b7a
0x00407b7e
0x00407b81
0x00407b86
0x00407b89
0x00407b98
0x00407b9b
0x00407ba2
0x00407ba5
0x00407ba8
0x00407bab
0x00407bae
0x00407bb6
0x00407bc4
0x00407bc7
0x00407bca
0x00407bca
0x00407bd1
0x00407bd4
0x00407bd7
0x00407bdf
0x00407bed
0x00407bf0
0x00407bf7
0x00407bfa
0x00407bfd
0x00407c00
0x00407c03
0x00407c0c
0x00407c13
0x00407c13
0x00407c19
0x00407c32
0x00407c35
0x00407c3c
0x00407c3f
0x00407c42
0x00407c54
0x00407c5e
0x00407c61
0x00407c6a
0x00407c6d
0x00407c74
0x00407c77
0x00407c7d
0x00407c90
0x00407c97
0x00407c9a
0x00407c9d
0x00407ca0
0x00407ca9
0x00407cac
0x00407cbf
0x00407cc2
0x00407ccc
0x00407ccf
0x00407cd1
0x00407cda
0x00407cdd
0x00407cf0
0x00407cf6
0x00407cf9
0x00407d00
0x00407d02
0x00407d05
0x00407d08
0x00407d0b
0x00407d0e
0x00407d11
0x00407d1a
0x00407d1f
0x00407d22
0x00407d22
0x00407d35
0x00407d38
0x00407d3b
0x00407d42
0x00407d45
0x00407d48
0x00407d4b
0x00407d5e
0x00407d61
0x00407d6c
0x00407d6f
0x00407d7b
0x00407d7e
0x00407d84
0x00407d87
0x00407d8a
0x00407d91
0x00407da1
0x00407da4
0x00407daa
0x00407dad
0x00407db4
0x00407db6
0x00407db9
0x00407dbc
0x00407dbf
0x00407dc2
0x00407dc9
0x00407dd8
0x00407ddb
0x00407de2
0x00407de5
0x00407de8
0x00407deb
0x00407dee
0x00407df1
0x00407df4
0x00407dfd
0x00407e0e
0x00407e16
0x00407e1c
0x00407e1f
0x00407e21
0x00407e24
0x00407e27
0x00407e34

Strings

(, xrefs: 00407C0C

Memory Dump Source

Source File: 00000008.00000002.1737773117.00400000.00000040.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_bnmoc.jbxd

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
Instruction ID: 8a950856779dd9ce76ce0ed0ab2ad4590d55dfe75d154e2f88b055494be6502b
Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
Instruction Fuzzy Hash: 98021CB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7355D6746A418F80

Uniqueness

Uniqueness Score: 0.02%

Function 0041A64A, Relevance: 1.6, Strings: 1, Instructions: 369
UNIQUECrypto

C-Code - Quality: 55%

			E0041A64A(void* __eax, void* __ebx, void* __ecx, void* __edi, void* __esi) {
				signed char _t60;
				signed char _t62;
				signed int _t68;
				signed int _t69;
				signed int _t71;
				signed char _t78;
				signed int _t80;
				signed int _t82;
				signed int _t89;
				signed int _t91;
				signed char _t98;
				signed char _t101;
				signed int _t103;
				signed int _t109;
				signed int _t120;
				signed int _t125;

				_pop( *0x1b66219d);
				asm("rcl dword [0x400a868], 0xbf");
				asm("sbb [0x85bd162d], ecx");
				asm("adc edx, [0x1360258b]");
				_t78 = __ecx +  *0xc9079706 +  *0xa63330e7;
				 *0xc1ac18a2 =  *0xc1ac18a2 ^ _t78;
				asm("sbb ebp, [0x982eb025]");
				 *0x41604fc1 =  *0x41604fc1 &  *0xd627249d;
				asm("sbb bh, 0xe6");
				_t79 = _t78 | 0x00000063;
				_t125 =  *0x765e290b +  *0xa66119f8;
				asm("adc ebx, [0x706d811]");
				_t109 = __edi -  *0x826406e9 ^ 0xbacde716;
				 *0x99f17223 =  *0x99f17223 -  *0x30d8936b * 0x4a25;
				 *0xa2f61ccf =  *0xa2f61ccf >> 0xac;
				_t120 =  *0x92dccc7;
				 *0xd99c080e =  *0xd99c080e << 0x1e;
				if( *0xd99c080e < 0) {
					L1:
					 *0xeb97bb09 =  *0xeb97bb09 - _t109;
					 *0x7678ba02 =  *0x7678ba02 >> 0x67;
					 *0x7cc94dd =  *0x7cc94dd >> 0xba;
					_pop(_t68);
					_pop(_t89);
					asm("rcr dword [0xb861cdf1], 0x65");
					asm("sbb edx, [0xb1089613]");
					_pop( *0x5c9a8ef);
					asm("adc ah, [0xb4a745e6]");
					 *0x3a048a1b = _t89;
					_t125 = _t125 &  *0x1513c6cd;
					_t109 = 0x7fca84ff;
					_push(_t120);
					 *0xb5a961d7 =  *0xb5a961d7 >> 0x4c;
					_push(0x7fca84fe);
					_t91 =  *0x3a048a1b &  *0xad8adfee;
					 *0x10a5fdd4 =  *0x10a5fdd4 | _t68;
					_t120 = _t120 - 1;
				} else {
					__esi = __esi - 0x7a87370;
					__esi = __esi + 1;
					 *0x70cb6523 =  *0x70cb6523 - __edx;
					__ebx =  *0xd0108dee;
					if( *0x70cb6523 >= 0) {
						goto L1;
					} else {
						 *0x6a5cc171 =  *0x6a5cc171 | __esi;
						__dl = __dl -  *0x2f2872d2;
						asm("adc eax, [0xbd788b8d]");
						 *0x11a9ff6c = __ecx;
						asm("ror dword [0x31469194], 0xf4");
						__cl = __cl + 0x80;
						asm("adc ecx, 0x1ccf99f3");
						asm("rol byte [0x136fa2f6], 0x93");
						asm("adc esp, [0x87351d87]");
						asm("sbb edx, [0xa273743d]");
						__edi = __edi ^  *0xa2c90d8b;
						asm("adc dl, 0xca");
						__edx = __edx + 0x670da5f7;
						__ah = __ah |  *0x76974912;
						__bl = __bl -  *0x156636b4;
						__eax = __eax + 1;
						__ebx = __ebx + 1;
						__ebp = __edx;
						 *0xb79415b1 =  *0xb79415b1 >> 0x81;
						asm("movsb");
						__ebp = __ebp + 1;
						if( *0xd2a86f0d == __edx) {
							goto L1;
						} else {
							__esp = 0x3f191574;
							asm("rcr byte [0xe1725932], 0xf4");
							__al = __al +  *0xb6a75cca;
							__edx = 0x7e31f887;
							_t33 = __al;
							__al =  *0x1474dbb6;
							 *0x1474dbb6 = _t33;
							__bl = __bl | 0x000000a0;
							__ecx = __ecx + 1;
							 *0x3bbd551f =  *0x3bbd551f | __edi;
							asm("adc ebx, [0x9942b368]");
							__esp = 0x2d001010;
							 *0x27249d3a =  *0x27249d3a | __ah;
							asm("rol dword [0x140c87d6], 0xb6");
							asm("sbb [0xdb672627], ecx");
							 *0xbe970c16 =  *0xbe970c16 & __ecx;
							 *0x1196fb0a =  *0x1196fb0a | __bl;
							asm("ror dword [0x19933885], 0x73");
							asm("adc dl, 0x1a");
							__edi = __edi - 1;
							 *0x5fbecc98 =  *0x5fbecc98 << 0xaf;
							 *0x725b6985 =  *0x725b6985 + 0x7e31f887;
							asm("sbb edi, [0x3043c6c8]");
							asm("adc [0x96a0c483], ebx");
							__esi =  *0xa2c9086a * 0xf7ca;
							asm("movsw");
							__ebp = 0x1700530e;
							__edi = __edi |  *0x60777c91;
							__esi = 0x49a79cc7;
							 *0x168df6b1 =  *0x168df6b1 & __ah;
							__ah = __ah ^ 0x000000f6;
							__esi =  *0xbd4402ed;
							 *0x3014eb7 =  *0x3014eb7 & __ah;
							 *0x94956664 = 0x2d001010;
							asm("adc edi, [0xced1a41f]");
							__bl = __bl +  *0x755ce812;
							__esi =  *0xdec102e;
							 *0xdec102e =  *0xbd4402ed;
							__esp =  *0x36e9711b;
							asm("rcl byte [0xaad6734], 0x21");
							asm("rcr dword [0x5e16a906], 1");
							asm("rol dword [0xa1ba4405], 0x80");
							__al =  *0x667dfeca;
							 *0x667dfeca =  *0x1474dbb6;
							 *0x6861e498 =  *0x6861e498 +  *0x36e9711b;
							 *0xac998c0b =  *0xac998c0b ^ __ebx;
							asm("ror byte [0x755ce812], 0xc7");
							asm("rol dword [0x1f660d2e], 0x6b");
							__esp =  *0xd84b581d;
							_t40 = __eax;
							__eax =  *0x4015cd15;
							 *0x4015cd15 = _t40;
							__ebx = __ebx + 1;
							_pop(__ebp);
							asm("ror byte [0x5e3a19b1], 0x9a");
							asm("rcr dword [0x803d2197], 0x2");
							__edx = 0x7e31f888;
							__ah = __ah - 0xca;
							asm("sbb ebx, 0xdeef89b");
							__eax =  *0x4015cd15 |  *0x3a138cea;
							if(__eax <= 0) {
								goto L1;
							} else {
								__esi =  *0x50b0687e * 0xb1be;
								__dl = __dl - 0xd0;
								__edi =  *0x24474e6b * 0xf7de;
								__cl = __cl | 0x0000002a;
								asm("sbb bh, 0x32");
								__ah = 0xa8;
								__bl = 0xa2;
								_pop(__esi);
								asm("stosd");
								asm("adc ebp, [0x34e4edfb]");
								__eax = __eax & 0xba8df039;
								L1();
								__ebp = 0x2e755ce8;
								 *0x7f93f0e =  *0x7f93f0e - __eax;
								_push(__esi);
								_push(__ecx);
								_t43 = __ecx;
								__ecx =  *0xc8907c9c;
								 *0xc8907c9c = _t43;
								asm("cmpsw");
								__ecx =  *0xc8907c9c - 1;
								__ah = 0x000000a8 ^  *0xf8df6b1;
								 *0x682c2112 = __dh;
								asm("sbb edi, [0xf7d0eab9]");
								__edx = 0x6dbcd5f6;
								__edx =  *0x17d9926a * 0x1873;
								if(__edx != 0) {
									goto L1;
									do {
										do {
											do {
												do {
													do {
														do {
															do {
																goto L1;
															} while (_t120 != 0);
															asm("rcl dword [0x55ced77a], 0x7b");
															 *0xe51a60f9 =  *0xe51a60f9 << 0x67;
															_pop(_t69);
															_pop(_t80);
															_pop(_t109);
															asm("adc [0x313dc8a2], al");
															 *0x56fc9e7 =  *0x56fc9e7 << 0x6a;
															asm("rol dword [0xda671216], 0x45");
															_push(0x7fca84fe);
															asm("sbb ebx, 0x9cec7392");
															L1();
															asm("adc esp, 0x7a08c7e8");
															_t125 = _t125 +  *0xc60f092f;
															 *0xd5db7f32 =  *0xd5db7f32 << 0xcf;
															asm("adc esi, [0xca5d07de]");
															_push( *0xa8575937);
															asm("rol byte [0x7612d9b1], 0x4e");
															 *0xfdfb5fea =  *0xfdfb5fea >> 0x77;
															asm("rcr dword [0x72b53f2e], 0xf6");
															asm("scasd");
															_push( *0xcf566921);
															_t120 = _t120 ^  *0xc08a258c;
															 *0x5878f6e4 = _t80;
															 *0xf7f5cc0b = (_t91 ^  *0x4dc9a409) - 0x000000b0 &  *0x2a500a34;
															_t71 = _t69 &  *0xcf5df02b ^ 0x6d01e59d;
															 *0x1699e21d =  *0x1699e21d & _t80;
															_t79 =  *0x7641451c;
															 *0x7641451c = _t80;
															_t98 =  *0x86ca5b60 * 0xc8c;
														} while (_t98 > 0);
														asm("stosb");
														_t82 =  *0x36198a60 * 0x67d3;
														 *0x9074f76e =  *0x9074f76e & _t82;
														_t79 = _t82 -  *0xb26b26bd;
														asm("adc ecx, 0x5c41642b");
														 *0x8f9c982f =  *0x8f9c982f >> 0x68;
														 *0x925e9507 =  *0x925e9507 - _t71;
														 *0x103ede65 = _t125;
														 *0xa96d41d1 =  *0xa96d41d1 >> 0xe9;
														asm("rcl dword [0x9c3b2bbf], 0xa9");
														 *0x414c31b2 =  *0x414c31b2 >> 0x92;
														asm("sbb eax, [0x1b53ef8f]");
														asm("adc eax, 0xa5c15536");
														_t120 = 0x9e5a4797 -  *0x8816c368 - 1;
														_t109 = 0x8157621b;
														asm("rcl byte [0x526a5086], 0x6c");
														_t101 = (_t98 & 0x00000082) + 1 +  *0x49afa605;
														asm("adc bh, 0xb7");
														asm("lodsd");
														 *0xc972098d =  *0xc972098d << 0x39;
														_t125 =  *0x216df13f +  *0x1d162f1;
														asm("cmpsw");
														asm("rcr byte [0x890b6f86], 0xf1");
													} while (_t125 >= 0);
													_t60 =  *0x5080697d * 0x1c36;
													asm("stosd");
													_push( *0x240ba26d);
													asm("adc [0xab911bfc], eax");
													_t109 = 0x5dd34a0d;
													_t120 = _t120 + 0x708cdbba;
													 *0x17903fc5 =  *0x17903fc5 >> 0x8d;
													_t79 = (_t79 |  *0xe20ea26d) - 0x35790e8d;
												} while (_t79 >= 0);
												_t125 = _t125 | 0x26f80079;
												_push(_t125);
												asm("adc edx, [0xaf30f7c8]");
												 *0x128def66 =  *0x128def66 + _t125;
											} while ( *0x128def66 > 0);
											 *0x22cfbef3 =  *0x22cfbef3 | _t101;
											 *0xe13f613f =  *0xe13f613f & _t79;
											asm("lodsb");
											 *0x12c08a32 =  *0x12c08a32 & _t60;
											asm("sbb esi, [0x5a453a2b]");
											asm("rcr dword [0x4a5fd195], 0x69");
											 *0x53a107cb =  *0x53a107cb << 0x1c;
											asm("rol byte [0x297eccb2], 0x21");
											_push( *0xba0dc08b);
											asm("adc dh, [0x3129291c]");
											_t103 = _t101 ^  *0x892ff1d0 ^  *0x520fe8f8;
											_pop( *0xa90e7dda);
											 *0xbf50612 =  *0xbf50612 - (_t79 ^  *0xeabfe6db);
											asm("sbb al, [0xc5facc2a]");
											 *0x9b2d97cc =  *0x9b2d97cc << 0xe7;
											_pop(_t120);
											asm("stosd");
											_t62 = _t60 - 0x00000001 & 0x000000e6;
											 *0x4123e3c8 = 0x5dd34a0d;
											 *0xf64510e3 =  *0xf64510e3 ^ _t103;
											_t79 = 0xc687566e;
											asm("adc ebp, 0xe976fed3");
											asm("sbb al, 0xb4");
											_t125 =  *0xf76f136b * 0xcb26;
											 *0x8280b19a =  *0x8280b19a ^ _t103;
											 *0x91a0a835 =  *0x91a0a835 + _t125;
										} while ( *0x91a0a835 >= 0);
										 *0x48f0cbde =  *0x48f0cbde << 0x77;
										_t120 = _t120 -  *0x863d938d;
										_t79 =  *0xad7f723e;
										 *0xad7f723e = 0xc687566e;
										_push(0x9e2ce893);
									} while (( *0x1a50587d * 0x0000c666 ^ 0x62762968) > 0);
									return _t62;
								} else {
									_pop(__eax);
									_pop(__eax);
									asm("sbb ebx, 0x3a9d38c5");
									 *0x1592dd3c =  *0x1592dd3c ^ __ch;
									__edi = __edi +  *0x5aff956c;
									_t44 = __esi;
									__esi =  *0x125f0181;
									 *0x125f0181 = _t44;
									__ecx =  *0xce511560 * 0xed1;
									asm("ror dword [0xe99ab62f], 0xc6");
									asm("sbb [0xe909aeb1], bh");
									asm("ror dword [0xc0826406], 0x15");
									__edi = __edi -  *0x315021b;
									__edx = __edx + 1;
									asm("lodsd");
									__esi =  *0x125f0181 ^  *0xf8984a17;
									__esp = __esp -  *0x1820fc2e;
									 *0x8e329ec1 =  *0x8e329ec1 >> 0xac;
									__al = __al + 0x32;
									asm("rcr byte [0x1a9d62c9], 0x72");
									__esi = ( *0x125f0181 ^  *0xf8984a17) &  *0xf8df0617;
									_push( *0x5b0a068d);
									 *0xe71e9805 =  *0xe71e9805 |  *0xce511560 * 0x00000ed1;
									return __eax;
								}
							}
						}
					}
				}
			}

0x0041a658
0x0041a65e
0x0041a665
0x0041a677
0x0041a69a
0x0041a6a0
0x0041a6b6
0x0041a6bc
0x0041a6e0
0x0041a6e3
0x0041a6ea
0x0041a6f9
0x0041a6ff
0x0041a706
0x0041a70c
0x0041a71e
0x0041a724
0x0041a72b
0x00419ab6
0x00419ab6
0x00419abc
0x00419acd
0x00419ad5
0x00419ad6
0x00419add
0x00419aee
0x00419afa
0x00419b00
0x00419b0e
0x00419b14
0x00419b1a
0x00419b21
0x00419b22
0x00419b29
0x00419b2f
0x00419b35
0x00419b41
0x0041a731
0x0041a731
0x0041a737
0x0041a738
0x0041a73e
0x0041a744
0x00000000
0x0041a74a
0x0041a74a
0x0041a750
0x0041a756
0x0041a75c
0x0041a769
0x0041a770
0x0041a773
0x0041a779
0x0041a780
0x0041a78c
0x0041a792
0x0041a798
0x0041a79b
0x0041a7a1
0x0041a7a7
0x0041a7ad
0x0041a7ae
0x0041a7af
0x0041a7b0
0x0041a7b7
0x0041a7c4
0x0041a7d1
0x00000000
0x0041a7d7
0x0041a7d7
0x0041a7dc
0x0041a7e9
0x0041a7ef
0x0041a7f5
0x0041a7f5
0x0041a7f5
0x0041a7fb
0x0041a7fe
0x0041a7ff
0x0041a805
0x0041a80b
0x0041a811
0x0041a817
0x0041a81e
0x0041a824
0x0041a82a
0x0041a830
0x0041a837
0x0041a83a
0x0041a841
0x0041a84e
0x0041a854
0x0041a85a
0x0041a860
0x0041a86a
0x0041a86c
0x0041a871
0x0041a877
0x0041a87c
0x0041a882
0x0041a885
0x0041a88b
0x0041a891
0x0041a897
0x0041a89d
0x0041a8a3
0x0041a8a3
0x0041a8a9
0x0041a8af
0x0041a8bc
0x0041a8c2
0x0041a8c9
0x0041a8c9
0x0041a8cf
0x0041a8d5
0x0041a8db
0x0041a8e2
0x0041a8e9
0x0041a8ef
0x0041a8ef
0x0041a8ef
0x0041a8f5
0x0041a8f6
0x0041a8f7
0x0041a8fe
0x0041a905
0x0041a906
0x0041a909
0x0041a90f
0x0041a915
0x00000000
0x0041a91b
0x0041a91b
0x0041a92b
0x0041a92e
0x0041a938
0x0041a93b
0x0041a93e
0x0041a940
0x0041a94e
0x0041a94f
0x0041a950
0x0041a956
0x0041a95e
0x0041a963
0x0041a968
0x0041a96e
0x0041a96f
0x0041a970
0x0041a970
0x0041a970
0x0041a976
0x0041a978
0x0041a979
0x0041a97f
0x0041a985
0x0041a98b
0x0041a991
0x0041a99b
0x00000000
0x00419ab6
0x00419ab6
0x00419ab6
0x00419ab6
0x00419ab6
0x00419ab6
0x00419ab6
0x00000000
0x00000000
0x00419b48
0x00419b50
0x00419b63
0x00419b67
0x00419b68
0x00419b6f
0x00419b75
0x00419b7c
0x00419b89
0x00419b8a
0x00419b96
0x00419b9b
0x00419ba7
0x00419bad
0x00419bb4
0x00419bba
0x00419bc0
0x00419bc7
0x00419bce
0x00419bd5
0x00419bd6
0x00419bdc
0x00419be8
0x00419bee
0x00419c00
0x00419c0c
0x00419c14
0x00419c14
0x00419c32
0x00419c32
0x00419c63
0x00419c6a
0x00419c7a
0x00419c84
0x00419c8a
0x00419c90
0x00419c97
0x00419ca3
0x00419ca9
0x00419cb0
0x00419cb8
0x00419cbf
0x00419cc5
0x00419cca
0x00419ccc
0x00419cd2
0x00419cd9
0x00419ce5
0x00419cf7
0x00419cf8
0x00419cff
0x00419d05
0x00419d07
0x00419d07
0x00419d14
0x00419d1f
0x00419d20
0x00419d2c
0x00419d38
0x00419d3e
0x00419d44
0x00419d4b
0x00419d4b
0x00419d57
0x00419d5d
0x00419d5e
0x00419d64
0x00419d64
0x00419d7a
0x00419d80
0x00419d86
0x00419d87
0x00419d8d
0x00419d93
0x00419d9a
0x00419da1
0x00419da8
0x00419dc1
0x00419dc7
0x00419dd3
0x00419dd9
0x00419dea
0x00419dfa
0x00419e01
0x00419e03
0x00419e04
0x00419e07
0x00419e14
0x00419e1a
0x00419e20
0x00419e2c
0x00419e2e
0x00419e38
0x00419e40
0x00419e40
0x00419e56
0x00419e5d
0x00419e69
0x00419e69
0x00419e6f
0x00419e6f
0x00419e84
0x0041a9a1
0x0041a9a7
0x0041a9a8
0x0041a9a9
0x0041a9af
0x0041a9b5
0x0041a9bb
0x0041a9bb
0x0041a9bb
0x0041a9c1
0x0041a9cb
0x0041a9d2
0x0041a9d8
0x0041a9df
0x0041a9e5
0x0041a9e6
0x0041a9e7
0x0041a9ed
0x0041a9f3
0x0041a9fa
0x0041a9fc
0x0041aa03
0x0041aa09
0x0041aa0f
0x0041aa15
0x0041aa15
0x0041a99b
0x0041a915
0x0041a7d1
0x0041a744

Strings

\u., xrefs: 0041A963

Memory Dump Source

Source File: 00000008.00000002.1737773117.00400000.00000040.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_bnmoc.jbxd

Similarity

API ID:
String ID: \u.
API String ID: 0-3227997918
Opcode ID: b0dd8ac85f01c0cd4fabf07bac58b36375e08e1b080a4e0655fd39ca675be553
Instruction ID: b2da334c490f62059b52aa8fdbe7d71d2ea78c95915f470e53cc0dadf348ac30
Opcode Fuzzy Hash: b0dd8ac85f01c0cd4fabf07bac58b36375e08e1b080a4e0655fd39ca675be553
Instruction Fuzzy Hash: 24027632818394CFE716CF39D89AA813FB1F746324B08435EC5A2975E6D374256ACF89

Uniqueness

Uniqueness Score: 100.00%

Function 006F3109, Relevance: 1.5, Strings: 1, Instructions: 294COMMON

Strings

@, xrefs: 006F3162

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: cbe3738e97e276fd499132ba08a21ac3ab325f327dc7adb5bc6b4a4c586650b7
Instruction ID: 9737bc7fa27785f3c011277ae04d619dbca0e61767b428fbac1fbdc28e0ba4e4
Opcode Fuzzy Hash: cbe3738e97e276fd499132ba08a21ac3ab325f327dc7adb5bc6b4a4c586650b7
Instruction Fuzzy Hash: 50A1F871A1435C6AEF64CF61CC51BFE7767AF19704F0400A9FA46962C2CAB8CE95DB20

Uniqueness

Uniqueness Score: 0.02%

Function 0040BB2F, Relevance: 1.3, Strings: 1, Instructions: 45
UNIQUE

C-Code - Quality: 31%

			E0040BB2F(signed int __ebx, signed int __ecx, void* __edx, void* __edi) {
				signed int _t16;
				void* _t20;
				void* _t39;
				signed int _t42;

				asm("scasb");
				 *(_t39 - 0x5bdef414) =  *(_t39 - 0x5bdef414) << 1;
				asm("adc byte [eax-0x49], 0x5c");
				if((_t42 & __ebx & __ecx) >= 0) {
					E004182F0();
					 *0x652F60B6 = 7;
					_t16 =  *0x652F60B6;
					_t11 = _t16 * 2; // 0x652f61de
					E004182F0(0x652e4e2a + _t11 + 0x113b4, 0x652f60d6, 4);
					 *0x652F60B6 =  *0x652F60B6 + 2;
					E0040B550(0x652e4e2a, 2);
					return 1;
				} else {
					_pop(_t20);
					return _t20 -  *0xCAAE86E9;
				}
			}

0x0040bb2f
0x0040bb30
0x0040bb3b
0x0040bb43
0x0040bb95
0x0040bb9a
0x0040bba4
0x0040bbb6
0x0040bbc3
0x0040bbc8
0x0040bbd2
0x0040bbdf
0x0040bb45
0x0040bb45
0x0040bb60
0x0040bb60

Strings

*N.e, xrefs: 0040BB36

Memory Dump Source

Source File: 00000008.00000002.1737773117.00400000.00000040.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_bnmoc.jbxd

Similarity

API ID:
String ID: *N.e
API String ID: 0-2719001719
Opcode ID: e1be1c9b4d1a49e313c48e05c66634805acdc783c3b306e7bde9c20978ccedd9
Instruction ID: 3758d9795cdb13941238bc1b0be419d4adebc8bf123dc5062901c759096f2277
Opcode Fuzzy Hash: e1be1c9b4d1a49e313c48e05c66634805acdc783c3b306e7bde9c20978ccedd9
Instruction Fuzzy Hash: A8012676B0564017D7219B38A801AD6B7A08B81319F08849DEA8EA7182E775643987DC

Uniqueness

Uniqueness Score: 100.00%

Function 006D7078, Relevance: 1.0, Instructions: 951COMMON

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d4034238d4a5d4736e0e67715ee6b81967ba5f784a84e6dbdca9634a177b6cf
Instruction ID: e1ca04c3f5eabda2fddf5c4c1410175e3547d37b23c92cd70f706164c0592218
Opcode Fuzzy Hash: 0d4034238d4a5d4736e0e67715ee6b81967ba5f784a84e6dbdca9634a177b6cf
Instruction Fuzzy Hash: 2A72D271D04219DFDF19CF94D845BFEBBF6AF44301F18801AE805A7281E7B9994ACBA1

Uniqueness

Uniqueness Score: 0.00%

Function 007A0404, Relevance: .5, Instructions: 529COMMON

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a27e991ac8aafdfae43e449b1843716068b44f01e1a78e28f1d8052b21ff38bd
Instruction ID: 7569e2ef87b51e30063cd5d397b6b444edd13a05c42cfe04c31e8d05cca3939a
Opcode Fuzzy Hash: a27e991ac8aafdfae43e449b1843716068b44f01e1a78e28f1d8052b21ff38bd
Instruction Fuzzy Hash: 05227C71D00218CFDF14CF98C844AEDBBF0FF8A314F158659E849AB291D379A885CB94

Uniqueness

Uniqueness Score: 0.00%

Function 007036AC, Relevance: .5, Instructions: 528COMMON

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ee628e34a7b59b5028df923c5d0c6e26751e943ab76eff2284bb3d032a90106
Instruction ID: 4c6cd0280b854cb2fb94d38123a61b96f60a6515b5c4ec3763e66c28529d0537
Opcode Fuzzy Hash: 0ee628e34a7b59b5028df923c5d0c6e26751e943ab76eff2284bb3d032a90106
Instruction Fuzzy Hash: B30270B3D497B38BCB714EB944E45267AE05E0169031F87E9DDC02F2D7C11ADE1A96E0

Uniqueness

Uniqueness Score: 0.00%

Function 006D44FC, Relevance: .5, Instructions: 506COMMON

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9e9102c0021a640867843953783db4a5d79ca4baf721e2a6dcafb56d4d054ab
Instruction ID: 85721421b1d984eafc2d535ffe3d8e55f004e005bd5ccbcefbb4d3c2eebfbe06
Opcode Fuzzy Hash: a9e9102c0021a640867843953783db4a5d79ca4baf721e2a6dcafb56d4d054ab
Instruction Fuzzy Hash: B312E370514291CFDB38CF28C0947B5B7E1BF05306F14849AEC968B692E7B8EC59DB61

Uniqueness

Uniqueness Score: 0.00%

Function 00419E86, Relevance: .5, Instructions: 452
COMMONCrypto

C-Code - Quality: 39%

			E00419E86(void* __eax, void* __ecx, void* __edx, void* __esi) {
				signed char _t78;
				signed char _t80;
				signed int _t85;
				signed int _t86;
				signed int _t88;
				signed int _t96;
				signed int _t98;
				signed int _t105;
				signed int _t107;
				signed char _t114;
				signed char _t117;
				signed int _t119;
				intOrPtr _t125;
				void* _t135;
				intOrPtr _t138;
				signed int _t140;
				void* _t144;
				signed int _t146;

				asm("adc eax, 0x9b02af6c");
				asm("sbb dl, 0xa0");
				 *0xe4718c94 =  *0xe4718c94 - __eax;
				_t138 = _t135 + 1 - 0x212fd82f + 1;
				asm("cmpsw");
				asm("adc ch, 0x80");
				 *0xfbc2322a =  *0xfbc2322a + __edx;
				 *0xdb3ed7a1 =  *0xdb3ed7a1 - __edx;
				 *0x1d5f843f = _t138;
				_push( *0xd75e6da3);
				asm("adc [0x82f113a9], eax");
				 *0x8d09ec15 =  *0x8d09ec15 << 0x28;
				 *0x72b032c =  *0x72b032c >> 0x29;
				_t146 = _t144 - 0x00000001 & 0x1b25f696;
				asm("sbb ebp, [0xb623e8de]");
				 *0x82813323 =  *0x82813323 ^ 0xb2fb7539;
				_push( *0x5a6ddb8);
				asm("rol dword [0xe1620198], 0x57");
				_t140 = _t138 + 1 - 1;
				asm("adc edi, [0x940534d9]");
				 *0xdbe08405 =  *0xdbe08405 << 0x4b;
				asm("adc bl, [0x940534e2]");
				asm("sbb cl, 0xd7");
				asm("sbb esp, [0x34d03bc2]");
				_t95 = __ecx +  *0xb2e3be8f +  *0x5c4db104;
				asm("adc al, 0x1c");
				asm("rcr byte [0x5b3cad04], 0xfe");
				 *0x2e1f041c =  *0x2e1f041c ^ __ecx +  *0xb2e3be8f +  *0x5c4db104;
				asm("adc esi, [0x51c632f]");
				 *0xf3570534 =  *0xf3570534 << 0x21;
				 *0xce0534d6 =  *0xce0534d6 ^ _t146;
				_t125 = 0xffffffffb2fb753b;
				if(0xb2fb7539 < 0) {
					L1:
					 *0xeb97bb09 =  *0xeb97bb09 - _t125;
					 *0x7678ba02 =  *0x7678ba02 >> 0x67;
					 *0x7cc94dd =  *0x7cc94dd >> 0xba;
					_pop(_t85);
					_pop(_t105);
					asm("rcr dword [0xb861cdf1], 0x65");
					asm("sbb edx, [0xb1089613]");
					_pop( *0x5c9a8ef);
					asm("adc ah, [0xb4a745e6]");
					 *0x3a048a1b = _t105;
					_t146 = _t146 &  *0x1513c6cd;
					_t125 = 0x7fca84ff;
					_push(_t140);
					 *0xb5a961d7 =  *0xb5a961d7 >> 0x4c;
					_push(0x7fca84fe);
					_t107 =  *0x3a048a1b &  *0xad8adfee;
					 *0x10a5fdd4 =  *0x10a5fdd4 | _t85;
					_t140 = _t140 - 1;
				} else {
					asm("adc edi, [0x2eb1ce78]");
					_push(__edi);
					__edi =  *0x762c7307;
					_t29 = __ebx;
					__ebx =  *0xede53807;
					 *0xede53807 = _t29;
					asm("ror dword [0x5732beff], 0xc8");
					__ecx = __ecx |  *0x573a43fc;
					asm("sbb [0x8a536333], ecx");
					__eax = __eax ^ 0xc9c0a268;
					__dh = __dh &  *0x604b4108;
					__esi = __esi -  *0xc2c7cdbf;
					asm("ror byte [0x4fbb08c9], 0xad");
					asm("adc eax, [0x885fa66e]");
					asm("adc bh, [0xd908c9b7]");
					_push( *0xf9fdb8db);
					asm("rcr byte [0x9c9cee3], 0x14");
					if(__esi <= 0) {
						goto L1;
					} else {
						__esp = __esp + 1;
						__edx = __edx - 1;
						asm("sbb edx, [0x96f9b64]");
						__ebx = __ebp;
						__ebx = __ebx ^  *0x6222b366;
						__edi = __edi + 1;
						asm("adc [0x35096f83], eax");
						_pop(__ecx);
						if(__edi < 0) {
							goto L1;
						} else {
							_push( *0x7e5dea78);
							__ecx = __ecx + 1;
							 *0xd682b31 =  *0xd682b31 << 0x42;
							asm("rcr dword [0x1c21c696], 0xb6");
							 *0x665c0b09 =  *0x665c0b09 & __ebx;
							 *0xecacaf65 =  *0xecacaf65 << 0xa1;
							asm("rcl dword [0xb0790ad4], 0x5f");
							 *0xb5c708a2 =  *0xb5c708a2 ^ __dl;
							__ecx = 0x865f7dfb;
							asm("lodsd");
							 *0xecbe4d12 =  *0xecbe4d12 | __dl;
							__esp = __esp & 0x36f17b94;
							asm("scasb");
							_pop(__ecx);
							asm("movsw");
							asm("rcl byte [0x6faa5eb6], 0xdd");
							__al = __al | 0x00000014;
							__esp = __esp +  *0xc8a581f5;
							 *0x74cfb1b5 =  *0x74cfb1b5 ^ __cl;
							_pop(__eax);
							asm("adc ebx, 0x44bec4d5");
							if(__esp >  *0x2fbdc65) {
								goto L1;
							} else {
								__ebp =  *0x1287ce7f * 0x46e2;
								asm("rcl dword [0x6f5ddb87], 0x7a");
								__edx = __edx + 1;
								__dl = __dl ^ 0x000000b2;
								asm("stosb");
								__esp = 0xcf4a330b;
								 *0x9cab86e2 =  *0x9cab86e2 & __dh;
								__esp = 0xcf4a330b |  *0xddcf0bc0;
								 *0xbd5d6d3f =  *0xbd5d6d3f << 0x3d;
								_t38 = __bh;
								__bh =  *0x3d6006a2;
								 *0x3d6006a2 = _t38;
								if( *0xbd5d6d3f > 0) {
									goto L1;
								} else {
									__eax = __eax + 0xe7e27e77;
									__dl = __dl | 0x0000000c;
									asm("stosb");
									__eax = __eax - 1;
									_pop( *0xa4fca364);
									 *0xd60796d4 =  *0xd60796d4 + 0xcf4a330b;
									__ebx = __ebx + 1;
									asm("rol dword [0x758a0c85], 0xa4");
									 *0x91e28f16 =  *0x91e28f16 & 0x865f7dfb;
									 *0xe6f3ecb =  *0xe6f3ecb - __eax;
									L1();
									asm("rol dword [0x8fc25be8], 0x99");
									asm("stosb");
									__ebx = __edi;
									__ebp = __ebp +  *0x882bdaff;
									asm("sbb edi, [0xcbdd112e]");
									__cl = __cl + 0xb4;
									__ecx = 0x865f7dfb +  *0xdbbb59f0;
									_pop(__esi);
									asm("scasd");
									__esi = __esi - 0x6f6793c7;
									__ah = __ah | 0x0000001c;
									__eax = __eax &  *0xd793cc61;
									 *0xcdf6d = __ebx;
									__eax = __eax |  *0x973772d1;
									__esi = __esi +  *0x90cec465;
									__ecx =  *0x6f487d05;
									__esi = __esi ^ 0x19b9d237;
									 *0x4bfdcfd1 =  *0x4bfdcfd1 >> 0xd4;
									__edi = 0x6aff22a9;
									 *0x636d1fff =  *0x636d1fff >> 0x32;
									_push(__edx);
									_t51 = __ah;
									__ah =  *0xbe3ae432;
									 *0xbe3ae432 = _t51;
									__bl = __bl + 0x18;
									__esp = __esp &  *0x330f5d29;
									__ecx =  *0x6f487d05 - 0x2c1f4265;
									asm("rol dword [0x485a590b], 0xd5");
									 *0xd134a5df =  *0xd134a5df << 0x14;
									 *0xe08da324 =  *0xe08da324 ^ __cl;
									asm("adc ebx, [0xf1abc82b]");
									if(__esi < 0) {
										goto L1;
									} else {
										__edi = 0x6aff22a9 +  *0x5ce53d78;
										if(0x6aff22a9 <= 0) {
											goto L1;
										} else {
											 *0x2309897e * 0x1e53 =  *0x2309897e * 0x00001e53 |  *0x5e02b97;
											0x9fe1353e = 0x9fe1353e +  *0x671282d3;
											asm("rcr byte [0x115da0b7], 0x5a");
											__ebx = __ebx &  *0xa715fb15;
											_pop(__ebx);
											asm("scasd");
											__ebp = __ebp - 0x992f7eb;
											 *0xecf3a16 =  *0xecf3a16 >> 0x99;
											__ecx = __ecx + 1;
											 *0x42bf5f21 =  *0x42bf5f21 - __ebx;
											asm("rcl dword [0xc7c95f13], 0xbe");
											asm("stosb");
											__esi =  *0x8dd547f8;
											 *0x8dd547f8 = 0x9fe1353e +  *0x671282d3;
											 *0x20059811 =  *0x20059811 |  *0x8dd547f8;
											_push( *0xb17c766d);
											__ebp = __ebp - 1;
											asm("stosd");
											asm("stosd");
											asm("sbb [0xd99bc9c], ebx");
											__edx = __edx +  *0x196f643e;
											__edi = 0x8b577e2b;
											if(__edx < 0) {
												goto L1;
											} else {
												__eax =  *0x3a239f7c * 0x211b;
												__ebx = __ebx |  *0xf072ee1e;
												 *0x9f7e8e30 = __dl;
												_pop(__esi);
												__cl = __cl |  *0xd6d0c786;
												__eax = 1 +  *0x3a239f7c * 0x211b;
												asm("rol dword [0xf8ec329], 0xea");
												__edx = __edx - 0xea463a83;
												__esi = __esi -  *0x3baedc99;
												if(__esi < 0) {
													goto L1;
												} else {
													 *0x3ddf9e70 =  *0x3ddf9e70 + __edi;
													asm("sbb eax, 0x7c01903d");
													__ebx = __ebx - 1;
													__edi = __ecx;
													__esi = __esi - 1;
													asm("ror dword [0xaa5b7a0f], 0x1e");
													asm("lodsb");
													asm("adc al, 0x18");
													__ebx = __ebx + 1;
													asm("adc bh, [0x86b7322]");
													asm("sbb cl, [0xa26307b6]");
													__ebx =  *0xc9b5956b * 0x5e0b;
													__cl =  *0x40481bb7;
													asm("stosd");
													 *0x7ee10ca2 =  *0x7ee10ca2 ^ __dl;
													asm("sbb [0xddefebb5], ah");
													__esi = __esi -  *0xabe9703;
													asm("adc ebp, [0xb7302ec2]");
													asm("sbb ah, 0xf9");
													__ebp = 0x9149662;
													__ah = __ah ^ 0x0000000c;
													_push( *0x8b0fd23f);
													 *0x746b3462 =  *0x746b3462 - 0xcf4a330b;
													__ebp =  *0x7b409a0e;
													 *0x7b409a0e = 0x9149662;
													asm("sbb esp, [0xb82ef907]");
													if( *0x96f913d7 >= __bl) {
														goto L1;
													} else {
														__edi =  *0x49a7727d * 0xf6b1;
														asm("sbb ecx, 0x61b8118d");
														if( *0x49a7727d * 0xf6b1 >= 0) {
															goto L1;
															do {
																do {
																	do {
																		do {
																			do {
																				do {
																					do {
																						goto L1;
																					} while (_t140 != 0);
																					asm("rcl dword [0x55ced77a], 0x7b");
																					 *0xe51a60f9 =  *0xe51a60f9 << 0x67;
																					_pop(_t86);
																					_pop(_t96);
																					_pop(_t125);
																					asm("adc [0x313dc8a2], al");
																					 *0x56fc9e7 =  *0x56fc9e7 << 0x6a;
																					asm("rol dword [0xda671216], 0x45");
																					_push(0x7fca84fe);
																					asm("sbb ebx, 0x9cec7392");
																					L1();
																					asm("adc esp, 0x7a08c7e8");
																					_t146 = _t146 +  *0xc60f092f;
																					 *0xd5db7f32 =  *0xd5db7f32 << 0xcf;
																					asm("adc esi, [0xca5d07de]");
																					_push( *0xa8575937);
																					asm("rol byte [0x7612d9b1], 0x4e");
																					 *0xfdfb5fea =  *0xfdfb5fea >> 0x77;
																					asm("rcr dword [0x72b53f2e], 0xf6");
																					asm("scasd");
																					_push( *0xcf566921);
																					_t140 = _t140 ^  *0xc08a258c;
																					 *0x5878f6e4 = _t96;
																					 *0xf7f5cc0b = (_t107 ^  *0x4dc9a409) - 0x000000b0 &  *0x2a500a34;
																					_t88 = _t86 &  *0xcf5df02b ^ 0x6d01e59d;
																					 *0x1699e21d =  *0x1699e21d & _t96;
																					_t95 =  *0x7641451c;
																					 *0x7641451c = _t96;
																					_t114 =  *0x86ca5b60 * 0xc8c;
																				} while (_t114 > 0);
																				asm("stosb");
																				_t98 =  *0x36198a60 * 0x67d3;
																				 *0x9074f76e =  *0x9074f76e & _t98;
																				_t95 = _t98 -  *0xb26b26bd;
																				asm("adc ecx, 0x5c41642b");
																				 *0x8f9c982f =  *0x8f9c982f >> 0x68;
																				 *0x925e9507 =  *0x925e9507 - _t88;
																				 *0x103ede65 = _t146;
																				 *0xa96d41d1 =  *0xa96d41d1 >> 0xe9;
																				asm("rcl dword [0x9c3b2bbf], 0xa9");
																				 *0x414c31b2 =  *0x414c31b2 >> 0x92;
																				asm("sbb eax, [0x1b53ef8f]");
																				asm("adc eax, 0xa5c15536");
																				_t140 = 0x9e5a4797 -  *0x8816c368 - 1;
																				_t125 = 0x8157621b;
																				asm("rcl byte [0x526a5086], 0x6c");
																				_t117 = (_t114 & 0x00000082) + 1 +  *0x49afa605;
																				asm("adc bh, 0xb7");
																				asm("lodsd");
																				 *0xc972098d =  *0xc972098d << 0x39;
																				_t146 =  *0x216df13f +  *0x1d162f1;
																				asm("cmpsw");
																				asm("rcr byte [0x890b6f86], 0xf1");
																			} while (_t146 >= 0);
																			_t78 =  *0x5080697d * 0x1c36;
																			asm("stosd");
																			_push( *0x240ba26d);
																			asm("adc [0xab911bfc], eax");
																			_t125 = 0x5dd34a0d;
																			_t140 = _t140 + 0x708cdbba;
																			 *0x17903fc5 =  *0x17903fc5 >> 0x8d;
																			_t95 = (_t95 |  *0xe20ea26d) - 0x35790e8d;
																		} while (_t95 >= 0);
																		_t146 = _t146 | 0x26f80079;
																		_push(_t146);
																		asm("adc edx, [0xaf30f7c8]");
																		 *0x128def66 =  *0x128def66 + _t146;
																	} while ( *0x128def66 > 0);
																	 *0x22cfbef3 =  *0x22cfbef3 | _t117;
																	 *0xe13f613f =  *0xe13f613f & _t95;
																	asm("lodsb");
																	 *0x12c08a32 =  *0x12c08a32 & _t78;
																	asm("sbb esi, [0x5a453a2b]");
																	asm("rcr dword [0x4a5fd195], 0x69");
																	 *0x53a107cb =  *0x53a107cb << 0x1c;
																	asm("rol byte [0x297eccb2], 0x21");
																	_push( *0xba0dc08b);
																	asm("adc dh, [0x3129291c]");
																	_t119 = _t117 ^  *0x892ff1d0 ^  *0x520fe8f8;
																	_pop( *0xa90e7dda);
																	 *0xbf50612 =  *0xbf50612 - (_t95 ^  *0xeabfe6db);
																	asm("sbb al, [0xc5facc2a]");
																	 *0x9b2d97cc =  *0x9b2d97cc << 0xe7;
																	_pop(_t140);
																	asm("stosd");
																	_t80 = _t78 - 0x00000001 & 0x000000e6;
																	 *0x4123e3c8 = 0x5dd34a0d;
																	 *0xf64510e3 =  *0xf64510e3 ^ _t119;
																	_t95 = 0xc687566e;
																	asm("adc ebp, 0xe976fed3");
																	asm("sbb al, 0xb4");
																	_t146 =  *0xf76f136b * 0xcb26;
																	 *0x8280b19a =  *0x8280b19a ^ _t119;
																	 *0x91a0a835 =  *0x91a0a835 + _t146;
																} while ( *0x91a0a835 >= 0);
																 *0x48f0cbde =  *0x48f0cbde << 0x77;
																_t140 = _t140 -  *0x863d938d;
																_t95 =  *0xad7f723e;
																 *0xad7f723e = 0xc687566e;
																_push(0x9e2ce893);
															} while (( *0x1a50587d * 0x0000c666 ^ 0x62762968) > 0);
															return _t80;
														} else {
															__esp = __esp - 1;
															_t64 = __ebp;
															__ebp =  *0xf61ccfc1;
															 *0xf61ccfc1 = _t64;
															 *0x12126fa2 =  *0x12126fa2 + __bh;
															__ch = __ch &  *0x1da523b4;
															_pop(__esi);
															__al = __al & 0x00000014;
															__ecx = __ecx |  *0xbdde71fa;
															asm("stosd");
															asm("adc bh, [0x6406e900]");
															 *0xde14c082 =  *0xde14c082 << 0xde;
															asm("rol dword [0x994b0603], 0xb6");
															asm("sbb eax, [0xbed728f8]");
															__ebp =  *0xf61ccfc1 - 0x64126aee;
															asm("sbb edx, 0x249d3a6d");
															asm("rol dword [0x1087d627], 0xe");
															__eax = __eax + 1;
															 *0x31f3a361 =  *0x31f3a361 >> 0xf1;
															__dh = __dh | 0x0000002c;
															return __eax;
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
			}

0x00419e86
0x00419e8b
0x00419e9c
0x00419ea2
0x00419ea9
0x00419eb1
0x00419eb4
0x00419eba
0x00419ec0
0x00419ec6
0x00419ecd
0x00419ed9
0x00419ef2
0x00419eff
0x00419f05
0x00419f11
0x00419f17
0x00419f1d
0x00419f2a
0x00419f2b
0x00419f37
0x00419f3e
0x00419f47
0x00419f50
0x00419f5c
0x00419f62
0x00419f64
0x00419f6b
0x00419f77
0x00419f83
0x00419f8b
0x00419f9b
0x00419f9c
0x00419ab6
0x00419ab6
0x00419abc
0x00419acd
0x00419ad5
0x00419ad6
0x00419add
0x00419aee
0x00419afa
0x00419b00
0x00419b0e
0x00419b14
0x00419b1a
0x00419b21
0x00419b22
0x00419b29
0x00419b2f
0x00419b35
0x00419b41
0x00419fa2
0x00419fa2
0x00419fa8
0x00419fa9
0x00419fb5
0x00419fb5
0x00419fb5
0x00419fbb
0x00419fc8
0x00419fd1
0x00419fd7
0x00419fdc
0x00419fe2
0x00419fe8
0x00419fef
0x00419ff5
0x00419ffb
0x0041a001
0x0041a008
0x00000000
0x0041a00e
0x0041a014
0x0041a015
0x0041a016
0x0041a01d
0x0041a01e
0x0041a024
0x0041a025
0x0041a02b
0x0041a02c
0x00000000
0x0041a032
0x0041a032
0x0041a03e
0x0041a03f
0x0041a046
0x0041a04d
0x0041a053
0x0041a05a
0x0041a061
0x0041a067
0x0041a072
0x0041a073
0x0041a079
0x0041a07f
0x0041a080
0x0041a081
0x0041a083
0x0041a08a
0x0041a08c
0x0041a092
0x0041a098
0x0041a099
0x0041a0a5
0x00000000
0x0041a0ab
0x0041a0ab
0x0041a0b5
0x0041a0bc
0x0041a0bd
0x0041a0c0
0x0041a0c1
0x0041a0c6
0x0041a0cc
0x0041a0d8
0x0041a0df
0x0041a0df
0x0041a0df
0x0041a0e5
0x00000000
0x0041a0eb
0x0041a0eb
0x0041a0f0
0x0041a0f9
0x0041a0fa
0x0041a0fb
0x0041a101
0x0041a107
0x0041a108
0x0041a110
0x0041a116
0x0041a11c
0x0041a121
0x0041a128
0x0041a129
0x0041a12a
0x0041a136
0x0041a13c
0x0041a13f
0x0041a145
0x0041a146
0x0041a14d
0x0041a153
0x0041a156
0x0041a15c
0x0041a168
0x0041a16e
0x0041a174
0x0041a17a
0x0041a186
0x0041a199
0x0041a19f
0x0041a1a6
0x0041a1a7
0x0041a1a7
0x0041a1a7
0x0041a1b3
0x0041a1b6
0x0041a1bc
0x0041a1c8
0x0041a1cf
0x0041a1d6
0x0041a1dc
0x0041a1e8
0x00000000
0x0041a1ee
0x0041a1ee
0x0041a1f4
0x00000000
0x0041a1fa
0x0041a204
0x0041a20f
0x0041a215
0x0041a21c
0x0041a222
0x0041a223
0x0041a224
0x0041a22a
0x0041a231
0x0041a232
0x0041a238
0x0041a23f
0x0041a240
0x0041a240
0x0041a246
0x0041a24c
0x0041a252
0x0041a253
0x0041a254
0x0041a255
0x0041a25b
0x0041a266
0x0041a267
0x00000000
0x0041a26d
0x0041a26d
0x0041a277
0x0041a27d
0x0041a283
0x0041a284
0x0041a28a
0x0041a28b
0x0041a298
0x0041a2a4
0x0041a2aa
0x00000000
0x0041a2b0
0x0041a2b0
0x0041a2b6
0x0041a2bc
0x0041a2bd
0x0041a2be
0x0041a2bf
0x0041a2c6
0x0041a2c7
0x0041a2c9
0x0041a2ca
0x0041a2d0
0x0041a2d6
0x0041a2e6
0x0041a2ec
0x0041a2ed
0x0041a2f3
0x0041a2f9
0x0041a305
0x0041a30b
0x0041a30e
0x0041a314
0x0041a317
0x0041a31d
0x0041a329
0x0041a329
0x0041a32f
0x0041a335
0x00000000
0x0041a33b
0x0041a33b
0x0041a345
0x0041a34b
0x00000000
0x00419ab6
0x00419ab6
0x00419ab6
0x00419ab6
0x00419ab6
0x00419ab6
0x00419ab6
0x00000000
0x00000000
0x00419b48
0x00419b50
0x00419b63
0x00419b67
0x00419b68
0x00419b6f
0x00419b75
0x00419b7c
0x00419b89
0x00419b8a
0x00419b96
0x00419b9b
0x00419ba7
0x00419bad
0x00419bb4
0x00419bba
0x00419bc0
0x00419bc7
0x00419bce
0x00419bd5
0x00419bd6
0x00419bdc
0x00419be8
0x00419bee
0x00419c00
0x00419c0c
0x00419c14
0x00419c14
0x00419c32
0x00419c32
0x00419c63
0x00419c6a
0x00419c7a
0x00419c84
0x00419c8a
0x00419c90
0x00419c97
0x00419ca3
0x00419ca9
0x00419cb0
0x00419cb8
0x00419cbf
0x00419cc5
0x00419cca
0x00419ccc
0x00419cd2
0x00419cd9
0x00419ce5
0x00419cf7
0x00419cf8
0x00419cff
0x00419d05
0x00419d07
0x00419d07
0x00419d14
0x00419d1f
0x00419d20
0x00419d2c
0x00419d38
0x00419d3e
0x00419d44
0x00419d4b
0x00419d4b
0x00419d57
0x00419d5d
0x00419d5e
0x00419d64
0x00419d64
0x00419d7a
0x00419d80
0x00419d86
0x00419d87
0x00419d8d
0x00419d93
0x00419d9a
0x00419da1
0x00419da8
0x00419dc1
0x00419dc7
0x00419dd3
0x00419dd9
0x00419dea
0x00419dfa
0x00419e01
0x00419e03
0x00419e04
0x00419e07
0x00419e14
0x00419e1a
0x00419e20
0x00419e2c
0x00419e2e
0x00419e38
0x00419e40
0x00419e40
0x00419e56
0x00419e5d
0x00419e69
0x00419e69
0x00419e6f
0x00419e6f
0x00419e84
0x0041a351
0x0041a35d
0x0041a35e
0x0041a35e
0x0041a35e
0x0041a364
0x0041a36a
0x0041a370
0x0041a371
0x0041a373
0x0041a379
0x0041a37a
0x0041a380
0x0041a387
0x0041a38e
0x0041a394
0x0041a39a
0x0041a3a0
0x0041a3a7
0x0041a3a8
0x0041a3af
0x0041a3b2
0x0041a3b2
0x0041a34b
0x0041a335
0x0041a2aa
0x0041a267
0x0041a1f4
0x0041a1e8
0x0041a0e5
0x0041a0a5
0x0041a02c
0x0041a008

Memory Dump Source

Source File: 00000008.00000002.1737773117.00400000.00000040.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42674087e02e154d04c3dac8bbb20613460efbfd3913a35b909916d606cd8433
Instruction ID: 990386fa5308ab03466c8d99cde237740177122afa7519bebf4fd3c0157f014f
Opcode Fuzzy Hash: 42674087e02e154d04c3dac8bbb20613460efbfd3913a35b909916d606cd8433
Instruction Fuzzy Hash: AB226532808781CFE716CF39D99AB813FB1F756324B08428EC9A2974D2D735255ACF89

Uniqueness

Uniqueness Score: 0.00%

Function 007978EA, Relevance: .4, Instructions: 398COMMON

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95e7d226626576409058dfb13677d60b0803c61cb04eb40f1f1137e0ffd26b4d
Instruction ID: 9bed06de1ab787e65af495a305fb17a3d9152ff567bad7aacd82185b5e8a08e8
Opcode Fuzzy Hash: 95e7d226626576409058dfb13677d60b0803c61cb04eb40f1f1137e0ffd26b4d
Instruction Fuzzy Hash: 44E1F3702286518FCB2CCF29E0946B6B7E1EF45311B24C44EE8D68F692D33DE955EB60

Uniqueness

Uniqueness Score: 0.00%

Function 0041A3B4, Relevance: .3, Instructions: 269
COMMONCrypto

C-Code - Quality: 54%

			E0041A3B4(void* __eax, void* __ecx, void* __edx, intOrPtr __edi, void* __esi) {
				signed char _t48;
				signed char _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;
				signed int _t62;
				signed int _t64;
				signed int _t70;
				signed int _t72;
				signed char _t79;
				signed char _t82;
				signed int _t84;
				intOrPtr _t88;
				signed int _t94;
				signed int _t98;

				_t88 = __edi;
				asm("cld");
				 *0x67eecd0 =  *0x67eecd0 << 0x12;
				 *0xeacf0ea9 =  *0xeacf0ea9 - __ecx;
				_t61 = __ecx - 1;
				asm("adc ecx, [0xb4b43bdb]");
				 *0xa9128df9 =  *0xa9128df9 | __ecx - 0x00000001;
				if(__eax - 0xfffffffff4f48a7f <= 0) {
					__eflags = __edx -  *0x6f79777;
					asm("adc bh, [0x8a46e8b4]");
					asm("movsb");
					_push( *0x6e999c5);
					 *0x11c08264 =  *0x11c08264 + __edi;
					asm("sbb [0x74261807], edi");
					__ebx = __ebx &  *0x2c6e3dd9;
					__eax = __eax &  *0x94dd570e;
					__esp = __esp -  *0xa2f61ccf;
					 *0x83f1106f =  *0x83f1106f & __edi;
					__ebp = __ebp |  *0x25ff0e9c;
					__ecx = __ecx + 1;
					_pop(__esp);
					asm("lodsd");
					__bl = __bl - 0xa;
					 *0x7eecd0f8 =  *0x7eecd0f8 >> 0x7b;
					__edi = __edi - 0xfe0fa906;
					__eflags = __eax -  *0xcc621d27;
					asm("adc esp, [0x7c9bf606]");
					 *0x6aef8a9c =  *0x6aef8a9c >> 0x4b;
					__eflags = __ebx;
					if(__eflags == 0) {
						asm("adc esp, 0x363dab7a");
						if(__eflags >= 0) {
							 *0xaf5ce72 =  *0xaf5ce72 | __edx;
							asm("ror dword [0x88499dea], 0xa");
							__eflags = __ecx & 0x0d6405c2;
							 *0x74d2a86f =  *0x74d2a86f >> 0x7e;
							__eflags =  *0x74d2a86f;
							__ebx = 0xdcdf500e;
							asm("adc eax, [0xab8b023]");
							if( *0x74d2a86f <= 0) {
								 *0x34d4a377 & __ecx =  *0x118df8a8 & __dh;
								__bh = __bh ^  *0x2e3dc3a;
								_push(0x4c49a16d);
								asm("rol dword [0xc732ce8f], 0x9c");
								__esi = __esi |  *0xa2f61ccf;
								 *0x45a156f = __esp;
								__ebx = 0xffffffffdcdf500d;
								__ebx = 0xffffffffdcdf500d |  *0x80e77d9d;
								asm("rol byte [0xcb43332], 0xd9");
								__ebp -  *0x8e0efd9d = __dh -  *0xa86f0db4;
								if(__dh !=  *0xa86f0db4) {
									__esp = __esp &  *0xe7d70c74;
									asm("rcr dword [0x1ae95def], 0x0");
									__esi = 0xfe0c96fb;
									__eax = __eax &  *0x1923f31f;
									__eax = __eax - 0x958747ee;
									 *0x1096f2ed =  *0x1096f2ed | __ecx;
									asm("sbb edi, 0xbb6b331d");
									asm("adc dl, [0x7cbd16a2]");
									_push(__ebp);
									__edx = __edx -  *0xd2d22967;
									__ebp =  *0x10a9046a * 0x5b37;
									_push( *0x5421de9a);
									_t33 = __eax;
									__eax =  *0x6cbd788f;
									 *0x6cbd788f = _t33;
									__eflags =  *0x4911a9ff & __edx;
									_push(__ecx);
									if(( *0x4911a9ff & __edx) <= 0) {
										__eax =  *0x787a087f * 0xb508;
										asm("sbb dl, 0x88");
										__ebx = __ebx |  *0xcfc52cc7;
										asm("adc bh, [0x6fa2f61c]");
										__dh =  *0x7230a512;
										__bh = __bh | 0x000000c9;
										asm("sbb esp, [0xffc3b1c1]");
										_push(0xfe0c96fb);
										__eflags =  *0xfd8b9dbb - 0xfe0c96fb;
									}
								}
							}
						}
					}
				}
				while(1) {
					L1:
					 *0xeb97bb09 =  *0xeb97bb09 - _t88;
					 *0x7678ba02 =  *0x7678ba02 >> 0x67;
					 *0x7cc94dd =  *0x7cc94dd >> 0xba;
					_pop(_t52);
					_pop(_t70);
					asm("rcr dword [0xb861cdf1], 0x65");
					asm("sbb edx, [0xb1089613]");
					_pop( *0x5c9a8ef);
					asm("adc ah, [0xb4a745e6]");
					 *0x3a048a1b = _t70;
					_t98 = _t98 &  *0x1513c6cd;
					_t88 = 0x7fca84ff;
					_push(_t94);
					 *0xb5a961d7 =  *0xb5a961d7 >> 0x4c;
					_push(0x7fca84fe);
					_t72 =  *0x3a048a1b &  *0xad8adfee;
					 *0x10a5fdd4 =  *0x10a5fdd4 | _t52;
					_t94 = _t94 - 1;
					if(_t94 != 0) {
						continue;
					}
					L2:
					asm("rcl dword [0x55ced77a], 0x7b");
					 *0xe51a60f9 =  *0xe51a60f9 << 0x67;
					_pop(_t53);
					_pop(_t62);
					_pop(_t88);
					asm("adc [0x313dc8a2], al");
					 *0x56fc9e7 =  *0x56fc9e7 << 0x6a;
					asm("rol dword [0xda671216], 0x45");
					_push(0x7fca84fe);
					asm("sbb ebx, 0x9cec7392");
					L1();
					asm("adc esp, 0x7a08c7e8");
					_t98 = _t98 +  *0xc60f092f;
					 *0xd5db7f32 =  *0xd5db7f32 << 0xcf;
					asm("adc esi, [0xca5d07de]");
					_push( *0xa8575937);
					asm("rol byte [0x7612d9b1], 0x4e");
					 *0xfdfb5fea =  *0xfdfb5fea >> 0x77;
					asm("rcr dword [0x72b53f2e], 0xf6");
					asm("scasd");
					_push( *0xcf566921);
					_t94 = _t94 ^  *0xc08a258c;
					 *0x5878f6e4 = _t62;
					 *0xf7f5cc0b = (_t72 ^  *0x4dc9a409) - 0x000000b0 &  *0x2a500a34;
					_t55 = _t53 &  *0xcf5df02b ^ 0x6d01e59d;
					 *0x1699e21d =  *0x1699e21d & _t62;
					_t61 =  *0x7641451c;
					 *0x7641451c = _t62;
					_t79 =  *0x86ca5b60 * 0xc8c;
					if(_t79 > 0) {
						while(1) {
							L1:
							 *0xeb97bb09 =  *0xeb97bb09 - _t88;
							 *0x7678ba02 =  *0x7678ba02 >> 0x67;
							 *0x7cc94dd =  *0x7cc94dd >> 0xba;
							_pop(_t52);
							_pop(_t70);
							asm("rcr dword [0xb861cdf1], 0x65");
							asm("sbb edx, [0xb1089613]");
							_pop( *0x5c9a8ef);
							asm("adc ah, [0xb4a745e6]");
							 *0x3a048a1b = _t70;
							_t98 = _t98 &  *0x1513c6cd;
							_t88 = 0x7fca84ff;
							_push(_t94);
							 *0xb5a961d7 =  *0xb5a961d7 >> 0x4c;
							_push(0x7fca84fe);
							_t72 =  *0x3a048a1b &  *0xad8adfee;
							 *0x10a5fdd4 =  *0x10a5fdd4 | _t52;
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								continue;
							}
							goto L2;
							do {
								do {
									do {
										do {
											do {
												goto L1;
											} while (_t94 != 0);
											goto L2;
										} while (_t79 > 0);
										goto L3;
									} while (_t98 >= 0);
									_t48 =  *0x5080697d * 0x1c36;
									asm("stosd");
									_push( *0x240ba26d);
									asm("adc [0xab911bfc], eax");
									_t88 = 0x5dd34a0d;
									_t94 = _t94 + 0x708cdbba;
									 *0x17903fc5 =  *0x17903fc5 >> 0x8d;
									_t61 = (_t61 |  *0xe20ea26d) - 0x35790e8d;
								} while (_t61 >= 0);
								_t98 = _t98 | 0x26f80079;
								_push(_t98);
								asm("adc edx, [0xaf30f7c8]");
								 *0x128def66 =  *0x128def66 + _t98;
							} while ( *0x128def66 > 0);
							 *0x22cfbef3 =  *0x22cfbef3 | _t82;
							 *0xe13f613f =  *0xe13f613f & _t61;
							asm("lodsb");
							 *0x12c08a32 =  *0x12c08a32 & _t48;
							asm("sbb esi, [0x5a453a2b]");
							asm("rcr dword [0x4a5fd195], 0x69");
							 *0x53a107cb =  *0x53a107cb << 0x1c;
							asm("rol byte [0x297eccb2], 0x21");
							_push( *0xba0dc08b);
							asm("adc dh, [0x3129291c]");
							_t84 = _t82 ^  *0x892ff1d0 ^  *0x520fe8f8;
							_pop( *0xa90e7dda);
							 *0xbf50612 =  *0xbf50612 - (_t61 ^  *0xeabfe6db);
							asm("sbb al, [0xc5facc2a]");
							 *0x9b2d97cc =  *0x9b2d97cc << 0xe7;
							_pop(_t94);
							asm("stosd");
							_t50 = _t48 - 0x00000001 & 0x000000e6;
							 *0x4123e3c8 = 0x5dd34a0d;
							 *0xf64510e3 =  *0xf64510e3 ^ _t84;
							_t61 = 0xc687566e;
							asm("adc ebp, 0xe976fed3");
							asm("sbb al, 0xb4");
							_t98 =  *0xf76f136b * 0xcb26;
							 *0x8280b19a =  *0x8280b19a ^ _t84;
							 *0x91a0a835 =  *0x91a0a835 + _t98;
							if( *0x91a0a835 >= 0) {
								continue;
							} else {
								 *0x48f0cbde =  *0x48f0cbde << 0x77;
								_t94 = _t94 -  *0x863d938d;
								_t61 =  *0xad7f723e;
								 *0xad7f723e = 0xc687566e;
								_push(0x9e2ce893);
								if(( *0x1a50587d * 0x0000c666 ^ 0x62762968) > 0) {
									continue;
								} else {
									return _t50;
								}
							}
						}
					}
					L3:
					asm("stosb");
					_t64 =  *0x36198a60 * 0x67d3;
					 *0x9074f76e =  *0x9074f76e & _t64;
					_t61 = _t64 -  *0xb26b26bd;
					asm("adc ecx, 0x5c41642b");
					 *0x8f9c982f =  *0x8f9c982f >> 0x68;
					 *0x925e9507 =  *0x925e9507 - _t55;
					 *0x103ede65 = _t98;
					 *0xa96d41d1 =  *0xa96d41d1 >> 0xe9;
					asm("rcl dword [0x9c3b2bbf], 0xa9");
					 *0x414c31b2 =  *0x414c31b2 >> 0x92;
					asm("sbb eax, [0x1b53ef8f]");
					asm("adc eax, 0xa5c15536");
					_t94 = 0x9e5a4797 -  *0x8816c368 - 1;
					_t88 = 0x8157621b;
					asm("rcl byte [0x526a5086], 0x6c");
					_t82 = (_t79 & 0x00000082) + 1 +  *0x49afa605;
					asm("adc bh, 0xb7");
					asm("lodsd");
					 *0xc972098d =  *0xc972098d << 0x39;
					_t98 =  *0x216df13f +  *0x1d162f1;
					asm("cmpsw");
					asm("rcr byte [0x890b6f86], 0xf1");
					L1:
					 *0xeb97bb09 =  *0xeb97bb09 - _t88;
					 *0x7678ba02 =  *0x7678ba02 >> 0x67;
					 *0x7cc94dd =  *0x7cc94dd >> 0xba;
					_pop(_t52);
					_pop(_t70);
					asm("rcr dword [0xb861cdf1], 0x65");
					asm("sbb edx, [0xb1089613]");
					_pop( *0x5c9a8ef);
					asm("adc ah, [0xb4a745e6]");
					 *0x3a048a1b = _t70;
					_t98 = _t98 &  *0x1513c6cd;
					_t88 = 0x7fca84ff;
					_push(_t94);
					 *0xb5a961d7 =  *0xb5a961d7 >> 0x4c;
					_push(0x7fca84fe);
					_t72 =  *0x3a048a1b &  *0xad8adfee;
					 *0x10a5fdd4 =  *0x10a5fdd4 | _t52;
					_t94 = _t94 - 1;
				}
			}

0x0041a3b4
0x0041a3b9
0x0041a3ba
0x0041a3c1
0x0041a3d3
0x0041a3e0
0x0041a3ec
0x0041a3f3
0x0041a3f9
0x0041a3ff
0x0041a405
0x0041a406
0x0041a40c
0x0041a412
0x0041a418
0x0041a41e
0x0041a424
0x0041a42a
0x0041a430
0x0041a436
0x0041a437
0x0041a438
0x0041a439
0x0041a43c
0x0041a443
0x0041a449
0x0041a44f
0x0041a455
0x0041a45c
0x0041a462
0x0041a468
0x0041a46e
0x0041a474
0x0041a47a
0x0041a481
0x0041a487
0x0041a487
0x0041a48e
0x0041a493
0x0041a499
0x0041a4a5
0x0041a4ab
0x0041a4b1
0x0041a4b6
0x0041a4bd
0x0041a4c3
0x0041a4c9
0x0041a4ca
0x0041a4d0
0x0041a4dd
0x0041a4e5
0x0041a4eb
0x0041a4f1
0x0041a4fe
0x0041a503
0x0041a509
0x0041a50e
0x0041a514
0x0041a51a
0x0041a520
0x0041a521
0x0041a527
0x0041a531
0x0041a53d
0x0041a53d
0x0041a53d
0x0041a543
0x0041a549
0x0041a54a
0x0041a550
0x0041a55a
0x0041a55d
0x0041a563
0x0041a569
0x0041a56f
0x0041a572
0x0041a578
0x0041a579
0x0041a579
0x0041a54a
0x0041a4e5
0x0041a499
0x0041a46e
0x0041a462
0x00419ab6
0x00419ab6
0x00419ab6
0x00419abc
0x00419acd
0x00419ad5
0x00419ad6
0x00419add
0x00419aee
0x00419afa
0x00419b00
0x00419b0e
0x00419b14
0x00419b1a
0x00419b21
0x00419b22
0x00419b29
0x00419b2f
0x00419b35
0x00419b41
0x00419b42
0x00000000
0x00000000
0x00419b48
0x00419b48
0x00419b50
0x00419b63
0x00419b67
0x00419b68
0x00419b6f
0x00419b75
0x00419b7c
0x00419b89
0x00419b8a
0x00419b96
0x00419b9b
0x00419ba7
0x00419bad
0x00419bb4
0x00419bba
0x00419bc0
0x00419bc7
0x00419bce
0x00419bd5
0x00419bd6
0x00419bdc
0x00419be8
0x00419bee
0x00419c00
0x00419c0c
0x00419c14
0x00419c14
0x00419c32
0x00419c3c
0x00419ab6
0x00419ab6
0x00419ab6
0x00419abc
0x00419acd
0x00419ad5
0x00419ad6
0x00419add
0x00419aee
0x00419afa
0x00419b00
0x00419b0e
0x00419b14
0x00419b1a
0x00419b21
0x00419b22
0x00419b29
0x00419b2f
0x00419b35
0x00419b41
0x00419b42
0x00000000
0x00000000
0x00000000
0x00419ab6
0x00419ab6
0x00419ab6
0x00419ab6
0x00419ab6
0x00000000
0x00000000
0x00000000
0x00419ab6
0x00000000
0x00419ab6
0x00419d14
0x00419d1f
0x00419d20
0x00419d2c
0x00419d38
0x00419d3e
0x00419d44
0x00419d4b
0x00419d4b
0x00419d57
0x00419d5d
0x00419d5e
0x00419d64
0x00419d64
0x00419d7a
0x00419d80
0x00419d86
0x00419d87
0x00419d8d
0x00419d93
0x00419d9a
0x00419da1
0x00419da8
0x00419dc1
0x00419dc7
0x00419dd3
0x00419dd9
0x00419dea
0x00419dfa
0x00419e01
0x00419e03
0x00419e04
0x00419e07
0x00419e14
0x00419e1a
0x00419e20
0x00419e2c
0x00419e2e
0x00419e38
0x00419e40
0x00419e46
0x00000000
0x00419e4c
0x00419e56
0x00419e5d
0x00419e69
0x00419e69
0x00419e6f
0x00419e74
0x00000000
0x00419e7a
0x00419e84
0x00419e84
0x00419e74
0x00419e46
0x00419ab6
0x00419c42
0x00419c63
0x00419c6a
0x00419c7a
0x00419c84
0x00419c8a
0x00419c90
0x00419c97
0x00419ca3
0x00419ca9
0x00419cb0
0x00419cb8
0x00419cbf
0x00419cc5
0x00419cca
0x00419ccc
0x00419cd2
0x00419cd9
0x00419ce5
0x00419cf7
0x00419cf8
0x00419cff
0x00419d05
0x00419d07
0x00419ab6
0x00419ab6
0x00419abc
0x00419acd
0x00419ad5
0x00419ad6
0x00419add
0x00419aee
0x00419afa
0x00419b00
0x00419b0e
0x00419b14
0x00419b1a
0x00419b21
0x00419b22
0x00419b29
0x00419b2f
0x00419b35
0x00419b41
0x00419b41

Memory Dump Source

Source File: 00000008.00000002.1737773117.00400000.00000040.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e56de8118e1478975893ee91b204ad6b1ae6f83ce26ce51844768e0384bee17a
Instruction ID: 300effe11d0fdf3cc68783332cf36ec24f39123ce2178d7772c5e4ad16cf211a
Opcode Fuzzy Hash: e56de8118e1478975893ee91b204ad6b1ae6f83ce26ce51844768e0384bee17a
Instruction Fuzzy Hash: ACD18832908785CFE70ACF39D896B813FF2FB46324B08424EC5A287596D3752569CF49

Uniqueness

Uniqueness Score: 0.00%

Function 00727015, Relevance: .3, Instructions: 254COMMON

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2569fdea21b9db2e0140f8e19d2242f3a1bafb22ed258e03cd6571f5e69d6c4
Instruction ID: 6bb969240560bc922b947a3c415471a7ef4048f3805e6000728a9e4064cf6b99
Opcode Fuzzy Hash: b2569fdea21b9db2e0140f8e19d2242f3a1bafb22ed258e03cd6571f5e69d6c4
Instruction Fuzzy Hash: 1491CF34D0426ADBCF24DF94C5412FDB7B1FF50711F95412AD882A7184E7BCA89ACBA2

Uniqueness

Uniqueness Score: 0.00%

Function 0079B0E7, Relevance: .2, Instructions: 233COMMON

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9ea8a5cce64cf5c216998eda348521a406c0f5b5e816de941c4428d2ab67aee
Instruction ID: 56425180d38c4b731b4e4d118d21a17c0f41e70ee0801490540be6ae3b1ce99b
Opcode Fuzzy Hash: d9ea8a5cce64cf5c216998eda348521a406c0f5b5e816de941c4428d2ab67aee
Instruction Fuzzy Hash: CE916171510B0ACFDB25CF29E686A66BBE0FF01364F648A5CD4E6D75A0C338E951DB00

Uniqueness

Uniqueness Score: 0.00%

Function 00419AB3, Relevance: .2, Instructions: 184
COMMONCrypto

C-Code - Quality: 49%

			E00419AB3(signed int __ecx, intOrPtr __edi, char _a1888279478) {
				char _v5;
				signed char _t31;
				signed char _t33;
				signed int _t34;
				signed int _t35;
				signed int _t37;
				signed int _t43;
				signed int _t45;
				signed int _t49;
				signed int _t51;
				signed char _t58;
				signed char _t61;
				signed int _t63;
				intOrPtr _t67;
				signed int _t77;

				_t67 = __edi;
				_t42 = __ecx;
				_t73 = _t77;
				goto L1;
				do {
					do {
						do {
							do {
								do {
									do {
										do {
											L1:
											 *0xeb97bb09 =  *0xeb97bb09 - _t67;
											 *0x7678ba02 =  *0x7678ba02 >> 0x67;
											 *0x7cc94dd =  *0x7cc94dd >> 0xba;
											_pop(_t34);
											_pop(_t49);
											asm("rcr dword [0xb861cdf1], 0x65");
											asm("sbb edx, [0xb1089613]");
											_pop( *0x5c9a8ef);
											asm("adc ah, [0xb4a745e6]");
											 *0x3a048a1b = _t49;
											_t77 = _t77 &  *0x1513c6cd;
											_t67 = 0x7fca84ff;
											_push(_t73);
											 *0xb5a961d7 =  *0xb5a961d7 >> 0x4c;
											_push(0x7fca84fe);
											_t51 =  *0x3a048a1b &  *0xad8adfee;
											 *0x10a5fdd4 =  *0x10a5fdd4 | _t34;
											_t73 =  &_v5;
										} while (_t73 != 0);
										asm("rcl dword [0x55ced77a], 0x7b");
										 *0xe51a60f9 =  *0xe51a60f9 << 0x67;
										_pop(_t35);
										_pop(_t43);
										_pop(_t67);
										asm("adc [0x313dc8a2], al");
										 *0x56fc9e7 =  *0x56fc9e7 << 0x6a;
										asm("rol dword [0xda671216], 0x45");
										_push(0x7fca84fe);
										asm("sbb ebx, 0x9cec7392");
										L1();
										asm("adc esp, 0x7a08c7e8");
										_t77 = _t77 +  *0xc60f092f;
										 *0xd5db7f32 =  *0xd5db7f32 << 0xcf;
										asm("adc esi, [0xca5d07de]");
										_push( *0xa8575937);
										asm("rol byte [0x7612d9b1], 0x4e");
										 *0xfdfb5fea =  *0xfdfb5fea >> 0x77;
										asm("rcr dword [0x72b53f2e], 0xf6");
										asm("scasd");
										_push( *0xcf566921);
										_t73 = _t73 ^  *0xc08a258c;
										 *0x5878f6e4 = _t43;
										 *0xf7f5cc0b = (_t51 ^  *0x4dc9a409) - 0x000000b0 &  *0x2a500a34;
										_t37 = _t35 &  *0xcf5df02b ^ 0x6d01e59d;
										 *0x1699e21d =  *0x1699e21d & _t43;
										_t42 =  *0x7641451c;
										 *0x7641451c = _t43;
										_t58 =  *0x86ca5b60 * 0xc8c;
									} while (_t58 > 0);
									asm("stosb");
									_t45 =  *0x36198a60 * 0x67d3;
									 *0x9074f76e =  *0x9074f76e & _t45;
									_t42 = _t45 -  *0xb26b26bd;
									asm("adc ecx, 0x5c41642b");
									 *0x8f9c982f =  *0x8f9c982f >> 0x68;
									 *0x925e9507 =  *0x925e9507 - _t37;
									 *0x103ede65 = _t77;
									 *0xa96d41d1 =  *0xa96d41d1 >> 0xe9;
									asm("rcl dword [0x9c3b2bbf], 0xa9");
									 *0x414c31b2 =  *0x414c31b2 >> 0x92;
									asm("sbb eax, [0x1b53ef8f]");
									asm("adc eax, 0xa5c15536");
									_t73 =  &_v5;
									_t67 = 0x8157621b;
									asm("rcl byte [0x526a5086], 0x6c");
									_t61 = (_t58 & 0x00000082) + 1 +  *0x49afa605;
									asm("adc bh, 0xb7");
									asm("lodsd");
									 *0xc972098d =  *0xc972098d << 0x39;
									_t77 =  *0x216df13f +  *0x1d162f1;
									asm("cmpsw");
									asm("rcr byte [0x890b6f86], 0xf1");
								} while (_t77 >= 0);
								_t31 =  *0x5080697d * 0x1c36;
								asm("stosd");
								_push( *0x240ba26d);
								asm("adc [0xab911bfc], eax");
								_t67 = 0x5dd34a0d;
								_t73 =  &_a1888279478;
								 *0x17903fc5 =  *0x17903fc5 >> 0x8d;
								_t42 = (_t42 |  *0xe20ea26d) - 0x35790e8d;
							} while (_t42 >= 0);
							_t77 = _t77 | 0x26f80079;
							_push(_t77);
							asm("adc edx, [0xaf30f7c8]");
							 *0x128def66 =  *0x128def66 + _t77;
						} while ( *0x128def66 > 0);
						 *0x22cfbef3 =  *0x22cfbef3 | _t61;
						 *0xe13f613f =  *0xe13f613f & _t42;
						asm("lodsb");
						 *0x12c08a32 =  *0x12c08a32 & _t31;
						asm("sbb esi, [0x5a453a2b]");
						asm("rcr dword [0x4a5fd195], 0x69");
						 *0x53a107cb =  *0x53a107cb << 0x1c;
						asm("rol byte [0x297eccb2], 0x21");
						_push( *0xba0dc08b);
						asm("adc dh, [0x3129291c]");
						_t63 = _t61 ^  *0x892ff1d0 ^  *0x520fe8f8;
						_pop( *0xa90e7dda);
						 *0xbf50612 =  *0xbf50612 - (_t42 ^  *0xeabfe6db);
						asm("sbb al, [0xc5facc2a]");
						 *0x9b2d97cc =  *0x9b2d97cc << 0xe7;
						_pop(_t73);
						asm("stosd");
						_t33 = _t31 - 0x00000001 & 0x000000e6;
						 *0x4123e3c8 = 0x5dd34a0d;
						 *0xf64510e3 =  *0xf64510e3 ^ _t63;
						_t42 = 0xc687566e;
						asm("adc ebp, 0xe976fed3");
						asm("sbb al, 0xb4");
						_t77 =  *0xf76f136b * 0xcb26;
						 *0x8280b19a =  *0x8280b19a ^ _t63;
						 *0x91a0a835 =  *0x91a0a835 + _t77;
					} while ( *0x91a0a835 >= 0);
					 *0x48f0cbde =  *0x48f0cbde << 0x77;
					_t73 =  &_a1888279478 -  *0x863d938d;
					_t42 =  *0xad7f723e;
					 *0xad7f723e = 0xc687566e;
					_push(0x9e2ce893);
				} while (( *0x1a50587d * 0x0000c666 ^ 0x62762968) > 0);
				return _t33;
			}

0x00419ab3
0x00419ab3
0x00419ab4
0x00419ab4
0x00419ab6
0x00419ab6
0x00419ab6
0x00419ab6
0x00419ab6
0x00419ab6
0x00419ab6
0x00419ab6
0x00419ab6
0x00419abc
0x00419acd
0x00419ad5
0x00419ad6
0x00419add
0x00419aee
0x00419afa
0x00419b00
0x00419b0e
0x00419b14
0x00419b1a
0x00419b21
0x00419b22
0x00419b29
0x00419b2f
0x00419b35
0x00419b41
0x00419b41
0x00419b48
0x00419b50
0x00419b63
0x00419b67
0x00419b68
0x00419b6f
0x00419b75
0x00419b7c
0x00419b89
0x00419b8a
0x00419b96
0x00419b9b
0x00419ba7
0x00419bad
0x00419bb4
0x00419bba
0x00419bc0
0x00419bc7
0x00419bce
0x00419bd5
0x00419bd6
0x00419bdc
0x00419be8
0x00419bee
0x00419c00
0x00419c0c
0x00419c14
0x00419c14
0x00419c32
0x00419c32
0x00419c63
0x00419c6a
0x00419c7a
0x00419c84
0x00419c8a
0x00419c90
0x00419c97
0x00419ca3
0x00419ca9
0x00419cb0
0x00419cb8
0x00419cbf
0x00419cc5
0x00419cca
0x00419ccc
0x00419cd2
0x00419cd9
0x00419ce5
0x00419cf7
0x00419cf8
0x00419cff
0x00419d05
0x00419d07
0x00419d07
0x00419d14
0x00419d1f
0x00419d20
0x00419d2c
0x00419d38
0x00419d3e
0x00419d44
0x00419d4b
0x00419d4b
0x00419d57
0x00419d5d
0x00419d5e
0x00419d64
0x00419d64
0x00419d7a
0x00419d80
0x00419d86
0x00419d87
0x00419d8d
0x00419d93
0x00419d9a
0x00419da1
0x00419da8
0x00419dc1
0x00419dc7
0x00419dd3
0x00419dd9
0x00419dea
0x00419dfa
0x00419e01
0x00419e03
0x00419e04
0x00419e07
0x00419e14
0x00419e1a
0x00419e20
0x00419e2c
0x00419e2e
0x00419e38
0x00419e40
0x00419e40
0x00419e56
0x00419e5d
0x00419e69
0x00419e69
0x00419e6f
0x00419e6f
0x00419e84

Memory Dump Source

Source File: 00000008.00000002.1737773117.00400000.00000040.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b78b0d564421e06532bf01f81a4b0e4c1d198cfda5a98a2c7db9899b769dbcb2
Instruction ID: d9170e6a9dee868c4f55d0ca8cd570f34959e91b6eef1016af6742e25e7f7fb9
Opcode Fuzzy Hash: b78b0d564421e06532bf01f81a4b0e4c1d198cfda5a98a2c7db9899b769dbcb2
Instruction Fuzzy Hash: 53917732808385CFE306CF39D98AB913FB2F796324B04424EC5A19B5D5D375266ACF88

Uniqueness

Uniqueness Score: 0.00%

Function 0041ACA0, Relevance: .2, Instructions: 157
COMMONCrypto

C-Code - Quality: 67%

			E0041ACA0(signed int __eax, signed int __ebx, void* __ecx, signed int __edx, void* __edi, signed int __esi) {
				signed char _t23;
				signed char _t28;
				signed char _t33;
				signed int _t43;
				signed char _t48;
				signed char _t51;
				signed char _t52;
				signed int _t61;
				signed int _t62;
				signed int _t64;
				signed int _t66;
				signed int _t71;

				_t23 = __eax | 0x000000e0;
				 *0xc16efa8 =  *0xc16efa8 + _t23;
				 *0xccecc9b4 =  *0xccecc9b4 >> 0x48;
				_t33 = __ebx ^ 0x000000a0 ^  *0x49395fc2;
				 *0xc48616d2 =  *0xc48616d2 ^ __edx;
				_t61 = __esi ^ 0xddbd3ccd;
				_t48 = __edx +  *0x704b93b7;
				asm("lodsb");
				asm("sbb [0x395faf88], ah");
				_t43 = __ecx +  *0x16efa8 - 1;
				 *0x241016d2 =  *0x241016d2 & _t43;
				asm("sbb [0xfb45494], eax");
				_t66 = (_t64 &  *0xe0cc32c1) + 1;
				if(_t61 >  *0xe04c16ef) {
					goto L1;
					do {
						do {
							do {
								do {
									L1:
									 *0x939ff7b7 =  *0x939ff7b7 - _t43;
									 *0x8f83e7b0 = _t33;
								} while ( *0x939ff7b7 == 0);
								asm("sbb ebx, [0xdc624d74]");
								 *0xc419e217 =  *0xc419e217 >> 0xc7;
								_t1 = _t23;
								_t23 =  *0x84e5c4bb;
								 *0x84e5c4bb = _t1;
							} while ( *0xc419e217 != 0);
							_pop( *0xdd634e75);
							asm("rol byte [0x73aeb002], 0x83");
							 *0xace77cd1 =  *0xace77cd1 >> 0xea;
							 *0xef4544a1 =  *0xef4544a1 & _t71;
							asm("rol dword [0x2f9d1616], 0xd7");
							 *0xc1ddbd1c =  *0xc1ddbd1c - _t23;
							 *0xa8e0cc32 =  *0xa8e0cc32 | _t48;
							asm("sbb ebx, 0xc02c16ef");
							_t2 = _t48;
							_t48 =  *0xefca2585;
							 *0xefca2585 = _t2;
							asm("adc [0xe0cc32b2], al");
							_t43 = _t43 + 0xa8;
							_t66 = _t66 + 0x00000001 ^  *0xc1daa919;
							_t3 = _t33 | 0x00000018;
							_t33 =  *0xa8e0cc32;
							 *0xa8e0cc32 = _t3;
							_t23 = _t23 +  *0xc6a616ef - 0xc83916ef;
						} while (_t23 != 0);
						asm("ror byte [0xd8a8c4a8], 0xc0");
						 *0xc68ff209 =  *0xc68ff209 ^ 0x00997775;
						 *0xe0cc32c1 =  *0xe0cc32c1 & 0x00997775;
						 *0x173a7bc8 =  *0x173a7bc8 & _t43;
						_push(_t48);
						_push(0x8b7a16ef);
						 *0x81d04116 =  *0x81d04116 >> 0xe3;
						_push(0x8b7a16ef);
						 *0xef45d88d =  *0xef45d88d & 0x00997775;
						_push(0xffffffff8b7a16f0 -  *0x4052173a);
						_pop(_t28);
						_t62 = _t61 ^  *0x87dbae16;
						 *0xe7553110 = (_t33 &  *0x3816efa8 |  *0x4052173a) + 0x81c42916;
						asm("sbb edi, [0x453d99a1]");
						 *0x1db40ffd =  *0x1db40ffd | _t62;
						 *0xe0cc3283 =  *0xe0cc3283 + 0xef45d88d;
						 *0x2b16efa8 =  *0x2b16efa8 >> 0xe8;
						asm("adc [0xcc32c1ef], esp");
						_t51 = (0xef45d88d &  *0xaddd0fb4) - 0xe0;
						 *0x8a16efa8 = _t51;
						 *0xbe17ff2f =  *0xbe17ff2f + 0x32ee16ef;
						asm("ror byte [0xff16efa8], 0xb9");
						_t52 = _t51 & 0x000000e0;
						 *0xf216efa8 =  *0xf216efa8 - _t52;
						 *0xb004fa34 =  *0xb004fa34 >> 0x33;
						 *0xcc32b9d9 =  *0xcc32b9d9 - 0x32ee16ef;
						asm("adc esp, [0x16d24939]");
						asm("stosb");
						asm("adc [0x5f828ee2], dh");
						 *0x16d24939 = _t43;
						_t61 = _t62 +  *0x9076a2f7 + 0xefa8e0cc;
						asm("sbb [0x8ce2a816], esi");
						_t23 = (_t28 ^ 0x000000e0 | 0x32ccebb8) -  *0xa8e0cc32;
						_t66 = 0x997776 +  *0x9cba1d16 ^  *0x9e8e16ef;
						_t13 = (_t71 -  *0xef45d88d ^  *0xbe0b1c6d) +  *0xcc32bfdd;
						_t71 =  *0xe0cc32c1;
						 *0xe0cc32c1 = _t13;
						 *0xba16efa8 =  *0xba16efa8 - _t23;
						asm("rol dword [0xf9af869a], 0x1f");
						asm("sbb [0x420816d2], ch");
						asm("adc ebx, 0xe0cc32ba");
						 *0x416efa8 = _t23;
						asm("sbb ecx, [0xbda7983e]");
						_t33 = 0x16d24939;
						asm("movsb");
						_t48 = (_t52 ^ 0x000000f2 ^  *0x395fc3cc |  *0x5fbed3f5 |  *0x71c621c) +  *0xcc32c1db;
						 *0x16efa8e0 =  *0x16efa8e0 << 0xa;
						_push( *0x7c73a2fe);
						 *0xc4a8009a =  *0xc4a8009a ^ 0x00997775;
						 *0x9ba0f4be =  *0x9ba0f4be << 1;
						_t43 =  *0x16d24939 - 0x00000001 & 0x000000a8 ^  *0x5fa899d1;
					} while (0xef45d88d !=  *0x16d24939);
					return _t23;
				} else {
					asm("rcr dword [0x45d8a8c4], 0xa8");
					__esp = __esp | 0x9e3f16ef;
					asm("rcl dword [0xf9e2bc0], 0xc0");
					 *0x8f16ef88 =  *0x8f16ef88 >> 0xcc;
					__dh = __dh - 0xa8;
					__edx = __edx +  *0x45d8a8c4;
					_t20 = __eax;
					__eax =  *0x121f16ef;
					 *0x121f16ef = _t20;
					__edx = __edx &  *0xf9e2bbc;
					 *0x40ecb2a1 =  *0x40ecb2a1 & __eax;
					 *0x4b16ef88 =  *0x4b16ef88 & __dl;
					_t21 = __ecx;
					__ecx =  *0x5fc2ccf0;
					 *0x5fc2ccf0 = _t21;
					 *0x16d24939 =  *0x16d24939 & __ebp;
					__ebp = __ebp & 0x2e339416;
					return __eax;
				}
			}

0x0041aca5
0x0041aca7
0x0041acb1
0x0041acb8
0x0041acbe
0x0041acc4
0x0041acd6
0x0041acdc
0x0041acdd
0x0041ace3
0x0041ace4
0x0041acea
0x0041acf6
0x0041acfe
0x00000000
0x0041aa4a
0x0041aa4a
0x0041aa4a
0x0041aa4a
0x0041aa4a
0x0041aa4a
0x0041aa50
0x0041aa50
0x0041aa58
0x0041aa5e
0x0041aa65
0x0041aa65
0x0041aa65
0x0041aa65
0x0041aa6e
0x0041aa77
0x0041aa7e
0x0041aa85
0x0041aa8b
0x0041aa92
0x0041aa98
0x0041aa9e
0x0041aaa4
0x0041aaa4
0x0041aaa4
0x0041aaaa
0x0041aab0
0x0041aaba
0x0041aac0
0x0041aac0
0x0041aac0
0x0041aac6
0x0041aac6
0x0041aad6
0x0041aae4
0x0041aaea
0x0041aaf6
0x0041aafc
0x0041aafe
0x0041ab05
0x0041ab12
0x0041ab13
0x0041ab25
0x0041ab31
0x0041ab3e
0x0041ab44
0x0041ab4a
0x0041ab56
0x0041ab5c
0x0041ab62
0x0041ab6f
0x0041ab75
0x0041ab78
0x0041ab7e
0x0041ab8c
0x0041ab9e
0x0041aba1
0x0041aba7
0x0041abae
0x0041abc7
0x0041abd3
0x0041abd4
0x0041abda
0x0041abeb
0x0041abf1
0x0041abfd
0x0041ac03
0x0041ac0f
0x0041ac0f
0x0041ac0f
0x0041ac15
0x0041ac1e
0x0041ac2c
0x0041ac38
0x0041ac3e
0x0041ac43
0x0041ac4f
0x0041ac5a
0x0041ac5b
0x0041ac61
0x0041ac68
0x0041ac6e
0x0041ac7d
0x0041ac86
0x0041ac8c
0x0041ac9e
0x0041ad04
0x0041ad0a
0x0041ad11
0x0041ad17
0x0041ad24
0x0041ad34
0x0041ad37
0x0041ad3d
0x0041ad3d
0x0041ad3d
0x0041ad43
0x0041ad49
0x0041ad4f
0x0041ad5b
0x0041ad5b
0x0041ad5b
0x0041ad61
0x0041ad67
0x0041ad6d
0x0041ad6d

Memory Dump Source

Source File: 00000008.00000002.1737773117.00400000.00000040.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2e91419d74fd14ac6ec8a7ad9b2cb3748c4f0e1e549df140edc5703dfef4b29
Instruction ID: 275a1ef8338b12b88e847bd8e46de00c098f2131e12b6d18b76e1a6753050fb5
Opcode Fuzzy Hash: f2e91419d74fd14ac6ec8a7ad9b2cb3748c4f0e1e549df140edc5703dfef4b29
Instruction Fuzzy Hash: 2971E1769493D1DFEB01DF78E8AA6823FB1E746330708079EC9A18B1D2D3741166DB85

Uniqueness

Uniqueness Score: 0.00%

Function 0041AA47, Relevance: .1, Instructions: 118
COMMONCrypto

C-Code - Quality: 63%

			E0041AA47(char __eax, signed char __ebx, signed int __ecx, signed char __edx, void* __edi, signed int __esi) {
				void* _v3;
				char _t15;
				signed char _t20;
				signed char _t23;
				signed int _t31;
				signed char _t35;
				signed char _t38;
				signed char _t39;
				signed int _t46;
				signed int _t47;
				signed int _t57;

				_t46 = __esi;
				_t35 = __edx;
				_t31 = __ecx;
				_t23 = __ebx;
				_t15 = __eax;
				goto L1;
				do {
					do {
						do {
							do {
								L1:
								 *0x939ff7b7 =  *0x939ff7b7 - _t31;
								 *0x8f83e7b0 = _t23;
							} while ( *0x939ff7b7 == 0);
							asm("sbb ebx, [0xdc624d74]");
							 *0xc419e217 =  *0xc419e217 >> 0xc7;
							_t1 = _t15;
							_t15 =  *0x84e5c4bb;
							 *0x84e5c4bb = _t1;
						} while ( *0xc419e217 != 0);
						_pop( *0xdd634e75);
						asm("rol byte [0x73aeb002], 0x83");
						 *0xace77cd1 =  *0xace77cd1 >> 0xea;
						 *0xef4544a1 =  *0xef4544a1 & _t57;
						asm("rol dword [0x2f9d1616], 0xd7");
						 *0xc1ddbd1c =  *0xc1ddbd1c - _t15;
						 *0xa8e0cc32 =  *0xa8e0cc32 | _t35;
						asm("sbb ebx, 0xc02c16ef");
						_t2 = _t35;
						_t35 =  *0xefca2585;
						 *0xefca2585 = _t2;
						asm("adc [0xe0cc32b2], al");
						_t31 = _t31 + 0xa8;
						_t3 = _t23 | 0x00000018;
						_t23 =  *0xa8e0cc32;
						 *0xa8e0cc32 = _t3;
						_t15 = _t15 +  *0xc6a616ef - 0xc83916ef;
					} while (_t15 != 0);
					asm("ror byte [0xd8a8c4a8], 0xc0");
					 *0xc68ff209 =  *0xc68ff209 ^ 0x00997775;
					 *0xe0cc32c1 =  *0xe0cc32c1 & 0x00997775;
					 *0x173a7bc8 =  *0x173a7bc8 & _t31;
					_push(_t35);
					_push(0x8b7a16ef);
					 *0x81d04116 =  *0x81d04116 >> 0xe3;
					_push(0x8b7a16ef);
					 *0xef45d88d =  *0xef45d88d & 0x00997775;
					_push(0xffffffff8b7a16f0 -  *0x4052173a);
					_pop(_t20);
					_t47 = _t46 ^  *0x87dbae16;
					 *0xe7553110 = (_t23 &  *0x3816efa8 |  *0x4052173a) + 0x81c42916;
					asm("sbb edi, [0x453d99a1]");
					 *0x1db40ffd =  *0x1db40ffd | _t47;
					 *0xe0cc3283 =  *0xe0cc3283 + 0xef45d88d;
					 *0x2b16efa8 =  *0x2b16efa8 >> 0xe8;
					asm("adc [0xcc32c1ef], esp");
					_t38 = (0xef45d88d &  *0xaddd0fb4) - 0xe0;
					 *0x8a16efa8 = _t38;
					 *0xbe17ff2f =  *0xbe17ff2f + 0x32ee16ef;
					asm("ror byte [0xff16efa8], 0xb9");
					_t39 = _t38 & 0x000000e0;
					 *0xf216efa8 =  *0xf216efa8 - _t39;
					 *0xb004fa34 =  *0xb004fa34 >> 0x33;
					 *0xcc32b9d9 =  *0xcc32b9d9 - 0x32ee16ef;
					asm("adc esp, [0x16d24939]");
					asm("stosb");
					asm("adc [0x5f828ee2], dh");
					 *0x16d24939 = _t31;
					_t46 = _t47 +  *0x9076a2f7 + 0xefa8e0cc;
					asm("sbb [0x8ce2a816], esi");
					_t15 = (_t20 ^ 0x000000e0 | 0x32ccebb8) -  *0xa8e0cc32;
					_t13 = (_t57 -  *0xef45d88d ^  *0xbe0b1c6d) +  *0xcc32bfdd;
					_t57 =  *0xe0cc32c1;
					 *0xe0cc32c1 = _t13;
					 *0xba16efa8 =  *0xba16efa8 - _t15;
					asm("rol dword [0xf9af869a], 0x1f");
					asm("sbb [0x420816d2], ch");
					asm("adc ebx, 0xe0cc32ba");
					 *0x416efa8 = _t15;
					asm("sbb ecx, [0xbda7983e]");
					_t23 = 0x16d24939;
					asm("movsb");
					_t35 = (_t39 ^ 0x000000f2 ^  *0x395fc3cc |  *0x5fbed3f5 |  *0x71c621c) +  *0xcc32c1db;
					 *0x16efa8e0 =  *0x16efa8e0 << 0xa;
					_push( *0x7c73a2fe);
					 *0xc4a8009a =  *0xc4a8009a ^ 0x00997775;
					 *0x9ba0f4be =  *0x9ba0f4be << 1;
					_t31 =  *0x16d24939 - 0x00000001 & 0x000000a8 ^  *0x5fa899d1;
				} while (0xef45d88d !=  *0x16d24939);
				return _t15;
			}

0x0041aa47
0x0041aa47
0x0041aa47
0x0041aa47
0x0041aa47
0x0041aa48
0x0041aa4a
0x0041aa4a
0x0041aa4a
0x0041aa4a
0x0041aa4a
0x0041aa4a
0x0041aa50
0x0041aa50
0x0041aa58
0x0041aa5e
0x0041aa65
0x0041aa65
0x0041aa65
0x0041aa65
0x0041aa6e
0x0041aa77
0x0041aa7e
0x0041aa85
0x0041aa8b
0x0041aa92
0x0041aa98
0x0041aa9e
0x0041aaa4
0x0041aaa4
0x0041aaa4
0x0041aaaa
0x0041aab0
0x0041aac0
0x0041aac0
0x0041aac0
0x0041aac6
0x0041aac6
0x0041aad6
0x0041aae4
0x0041aaea
0x0041aaf6
0x0041aafc
0x0041aafe
0x0041ab05
0x0041ab12
0x0041ab13
0x0041ab25
0x0041ab31
0x0041ab3e
0x0041ab44
0x0041ab4a
0x0041ab56
0x0041ab5c
0x0041ab62
0x0041ab6f
0x0041ab75
0x0041ab78
0x0041ab7e
0x0041ab8c
0x0041ab9e
0x0041aba1
0x0041aba7
0x0041abae
0x0041abc7
0x0041abd3
0x0041abd4
0x0041abda
0x0041abeb
0x0041abf1
0x0041abfd
0x0041ac0f
0x0041ac0f
0x0041ac0f
0x0041ac15
0x0041ac1e
0x0041ac2c
0x0041ac38
0x0041ac3e
0x0041ac43
0x0041ac4f
0x0041ac5a
0x0041ac5b
0x0041ac61
0x0041ac68
0x0041ac6e
0x0041ac7d
0x0041ac86
0x0041ac8c
0x0041ac9e

Memory Dump Source

Source File: 00000008.00000002.1737773117.00400000.00000040.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96cfba39255f4102b42f869e01e10e618e7e1e0a810187cbee220dbb7c62861d
Instruction ID: e44e9b74988033804c156b51e5ea92e63a736e8b9512f898049c0fbdffc861c0
Opcode Fuzzy Hash: 96cfba39255f4102b42f869e01e10e618e7e1e0a810187cbee220dbb7c62861d
Instruction Fuzzy Hash: 3D51E1769493D1DFEB02DF78D8DA6423F71E74A320708438EC9A28B2D2D3752166DB45

Uniqueness

Uniqueness Score: 0.00%

Function 00414690, Relevance: .0, Instructions: 19COMMON

Memory Dump Source

Source File: 00000008.00000002.1737773117.00400000.00000040.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 105d3098948462726a1195b9cabc160d29cb4cbe3b162062c6dca113544cf9be
Instruction ID: 56924498f1441bed3719843c6d220c3333c8c0afcdd3d3fb4264d4ab20637c0f
Opcode Fuzzy Hash: 105d3098948462726a1195b9cabc160d29cb4cbe3b162062c6dca113544cf9be
Instruction Fuzzy Hash: 2EC08C53E444284380001C1678890F0F328D657029A6072E3CE08A3B005102C56E9298

Uniqueness

Uniqueness Score: 0.00%

Function 00715860, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9d306ca74510dcdcb80e1a7a9651373b723997c5d1769005f05e7cfce7a7b41
Instruction ID: 6b792b626de8bfebe8233546e792a8ada54115d90ad4a4302f58c6a71a0b8381
Opcode Fuzzy Hash: a9d306ca74510dcdcb80e1a7a9651373b723997c5d1769005f05e7cfce7a7b41
Instruction Fuzzy Hash: 8CA02230300202A3CB00ABA0C008B0AA322CBE2302F0080BC22008A00ACA2088C08B22

Uniqueness

Uniqueness Score: 0.00%

Function 00715090, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2369bfe196e3da1a0ba8520dd06d6ec416a5b202b0a4c322db9e3ff372a6e95c
Instruction ID: 53dd5dd3f2b9b5bae4ff7cacf725c06a9be62a4382185c90073cca40a2cdd718
Opcode Fuzzy Hash: 2369bfe196e3da1a0ba8520dd06d6ec416a5b202b0a4c322db9e3ff372a6e95c
Instruction Fuzzy Hash: FCA022B020000003CB028A2CC008202B200EBE0302F8280B230008A00AC03088A3CB20

Uniqueness

Uniqueness Score: 0.00%

Function 00715960, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0e06db8e838f2bacf00cc95295aee670be78e80fd3cec3f7770e911907db5cf
Instruction ID: 059957ce0b19eb4135c470bf2c10945def75a45e0b1b4e95fbd8a6be14f3b765
Opcode Fuzzy Hash: c0e06db8e838f2bacf00cc95295aee670be78e80fd3cec3f7770e911907db5cf
Instruction Fuzzy Hash: 8DA002316002529BE755AB65C40CB1AB796DBA1306F1580B966018B64AC72988D58766

Uniqueness

Uniqueness Score: 0.00%

Function 00715950, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dc3d19d3c27bc191f93a9929b2d513b73bad37dbd284f4653c0d29eadb172b0
Instruction ID: c9f9706e36a188784c7b44cfa644c58d820eb2eabca04db3b95e2b490f9037e9
Opcode Fuzzy Hash: 1dc3d19d3c27bc191f93a9929b2d513b73bad37dbd284f4653c0d29eadb172b0
Instruction Fuzzy Hash: 83A0223020028883C3208AA2C0083023220CB80302F2880A0A0028A28EC3E088C08322

Uniqueness

Uniqueness Score: 0.00%

Function 007151D0, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a49d8d6e23769f217953e6c4cdc8fb79ece117ccf791496899ccd28f9616207
Instruction ID: 4ad9ec868c03ca789cfca39b5f177d5058dd2f8796fa3ac6a4219320fddd9a2a
Opcode Fuzzy Hash: 8a49d8d6e23769f217953e6c4cdc8fb79ece117ccf791496899ccd28f9616207
Instruction Fuzzy Hash: 66A022B020000083C3008B20C00CB032200CFA230AF0080A0B0028A00AFA2ACCA28322

Uniqueness

Uniqueness Score: 0.00%

Function 00715270, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b63c5eff5216e739ae8f896e80ccae3f640937c8b4c3f6e99c73a31ffa30a70
Instruction ID: 533f1f8c6e4ffacd28d279dc324a6fa191a80a663695fc8bde386a8ad543a313
Opcode Fuzzy Hash: 2b63c5eff5216e739ae8f896e80ccae3f640937c8b4c3f6e99c73a31ffa30a70
Instruction Fuzzy Hash: 90A0223020000003C3088AA0C02830B23E0CBC2303F0080A0A0088A00CC03088A08F20

Uniqueness

Uniqueness Score: 0.00%

Function 00715210, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b8c40adb374c6946c35752a3779bdbb326f2fc4b22ebc0ca3176cf9a8856d12
Instruction ID: ef4db40ac60fb7f00417c385fadf04cb29be6c7a4e4ce7d4e89c611c82bddd10
Opcode Fuzzy Hash: 5b8c40adb374c6946c35752a3779bdbb326f2fc4b22ebc0ca3176cf9a8856d12
Instruction Fuzzy Hash: FEA022B030000003C3008B2AC0083023200CBC2302F02C0F0B0028B08AC2288CA3A322

Uniqueness

Uniqueness Score: 0.00%

Function 00716200, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dab665d041eb7e16642ab624e668e17141a237bd1c64826566d51e3c80399cb
Instruction ID: da15c6414d64bec8bc2523cd8831451d368d552039d0054982d166a0ecc668cc
Opcode Fuzzy Hash: 1dab665d041eb7e16642ab624e668e17141a237bd1c64826566d51e3c80399cb
Instruction Fuzzy Hash: 34A02230200000ABC3808AB3C80820B2200CBC0302F0080B22002CA02AC230C8A8C330

Uniqueness

Uniqueness Score: 0.00%

Function 007163D0, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb048b5272ffb6096242779b8ddea994da74fb7987c01d990dccca0f40acaa90
Instruction ID: a4ee5d0f6e65aa9d261d748a4bc48ace03580c82c5a6a087410e7ab0dfa008cc
Opcode Fuzzy Hash: eb048b5272ffb6096242779b8ddea994da74fb7987c01d990dccca0f40acaa90
Instruction Fuzzy Hash: C2A0223020000023CBA0AAA0CC0808B2230CBC2302F0080A0A0028A00AC2208A888B20

Uniqueness

Uniqueness Score: 0.00%

Function 007154E0, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6afa4a60508d22cc5a9524d43274023ed04f35ad9bdb95a177cb9d2c934d4c23
Instruction ID: aa5cc14f7aa26c58a152e96bec4fd4ddaf1aa627fb52d59c48ac090e8215b35b
Opcode Fuzzy Hash: 6afa4a60508d22cc5a9524d43274023ed04f35ad9bdb95a177cb9d2c934d4c23
Instruction Fuzzy Hash: 1FA02230A08000A3C380AAA0C008B023220EB8238AF0080A0A00A8A80EC23888C8CF20

Uniqueness

Uniqueness Score: 0.00%

Function 007154B0, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 821e1b54a1938b4250766273ae35a0e7f2c93152af0a72817fdb824080ca1bae
Instruction ID: 19b758082f712b5aaa0e939de6a023de5288155d934bf6425c8755552273e337
Opcode Fuzzy Hash: 821e1b54a1938b4250766273ae35a0e7f2c93152af0a72817fdb824080ca1bae
Instruction Fuzzy Hash: E1A02238A0000083CF80EE22C0083032280CB83302F0080B020028A00AC3388AA8CF20

Uniqueness

Uniqueness Score: 0.00%

Function 007165E0, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5485d2fd2b7cc4c33631bae95d953d4da7340e778e3042619ff179ae5e7a2f22
Instruction ID: 39241a1b63366cf44bda9e273397d09b858785fc6edfaa5cb23f03d076ac0955
Opcode Fuzzy Hash: 5485d2fd2b7cc4c33631bae95d953d4da7340e778e3042619ff179ae5e7a2f22
Instruction Fuzzy Hash: 82A02230E00000E3C320AB20C008F8AAB20CBF030AB20C0A820008E8C8C820C880C320

Uniqueness

Uniqueness Score: 0.00%

Function 007155E0, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 431147555803e25cd3e49e560b35b5b2261dd692bcbad0eb8a69dbf639c7e16a
Instruction ID: 30652aa1ac3d122acbf1258b378d86ddbbdaca82a180ed7d02394aca2aecf4e2
Opcode Fuzzy Hash: 431147555803e25cd3e49e560b35b5b2261dd692bcbad0eb8a69dbf639c7e16a
Instruction Fuzzy Hash: 4FA022302000008BCB80AAA0C008B02A230FBB230AF20C0A0A0C08E80CCA30C888C320

Uniqueness

Uniqueness Score: 0.00%

Function 00716580, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2331c847ec7603032769c6c407f18c3db032b13fcada33e3b75b46571899def
Instruction ID: 66ab73c436e498bacfb48f051146428c3393d6e60b4d5d83699f3bf289949c30
Opcode Fuzzy Hash: a2331c847ec7603032769c6c407f18c3db032b13fcada33e3b75b46571899def
Instruction Fuzzy Hash: 90A022B2F0000033C380AA30C008002A220EBB0302B00C0A0A8808A0C8C820888ACB20

Uniqueness

Uniqueness Score: 0.00%

Function 00716660, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 945f3c6614761468c898b8bf0bc1a9b52feca9e48c13a54853ee0dcc4af83792
Instruction ID: 08df19130bf51a28901429b6dc4b8dc543476c77518886003107f5bae7b186e0
Opcode Fuzzy Hash: 945f3c6614761468c898b8bf0bc1a9b52feca9e48c13a54853ee0dcc4af83792
Instruction Fuzzy Hash: F0A02230B0000023CB20AA20C008A0A2A22CB80302B00C0B82202CA08ACA3088828330

Uniqueness

Uniqueness Score: 0.00%

Function 00716630, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83280c64ada70456b6b2665ff3d356cb28c6a9e78ea48eb88f4b90f3fbae95da
Instruction ID: 35b5cbc3c135767fd9585062453ef8ee64b46520483044c5c5403272dff5d825
Opcode Fuzzy Hash: 83280c64ada70456b6b2665ff3d356cb28c6a9e78ea48eb88f4b90f3fbae95da
Instruction Fuzzy Hash: C1A02230B0000023C3028AA0C80800232A0CBC2302B02C0A0E0008B088C83088A083B2

Uniqueness

Uniqueness Score: 0.00%

Function 006DE32D, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 196
COMMON

C-Code - Quality: 38%

			E006DE32D(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 != 0) {
					L9:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L15:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L26:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + L006F7ACB(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L18:
							L18:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + L006F7ACB() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = L006F7ACB(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = L006F7ACB();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L26;
							}
							_t116 = 0;
							goto L18;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
								goto L14;
							}
							_v12 = _t108;
							L14:
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t31 =  &_v24;
							 *_t31 = _v24 - 1;
						} while ( *_t31 != 0);
						goto L15;
					}
				}
				if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
					goto L9;
				} else {
					_t96 =  *(_t129 + 8) & 0x0000ffff;
					if(_t96 != 0) {
						L42:
						if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
							goto L9;
						} else {
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_t86 = L006F7ACB(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
							goto L40;
						}
					} else {
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L37:
							_t115 = 0x717756;
							L39:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = L006F7ACB(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							L40:
							return _t128 + _t86 * 2;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L42;
						}
						if(_t114 != 0) {
							_t115 = 0x71e5d0;
							goto L39;
						}
						goto L37;
					}
				}
			}

0x006de337
0x006de33b
0x006de33e
0x006de340
0x006de343
0x006de34a
0x006de350
0x006de356
0x006de35b
0x006de35e
0x006de361
0x006de368
0x006dc2f5
0x006dc2fb
0x006dc2fb
0x006dc2f5
0x006de36e
0x006de373
0x006de397
0x006de3a0
0x006de3a2
0x006de3a5
0x006de3a5
0x006de3a8
0x006de3ad
0x006de40e
0x006de412
0x006dc30b
0x006dc310
0x006dc315
0x006dc32e
0x006dc32e
0x00000000
0x006de3af
0x00000000
0x006de3af
0x006de3b2
0x006de3bf
0x006de3c8
0x006de3cf
0x006de3d0
0x006de3d6
0x006de3d9
0x006de3dc
0x006de3dc
0x006de3f6
0x006de3fb
0x006de535
0x006de537
0x006de53e
0x006de53f
0x006de540
0x006de548
0x006de54b
0x006de54b
0x006de3fe
0x006de402
0x006de405
0x006de408
0x00000000
0x00000000
0x006de40a
0x00000000
0x006de40a
0x006de375
0x006de377
0x006de378
0x006de37b
0x006de37e
0x006de384
0x006de523
0x006de528
0x006de52b
0x006de52b
0x006de52e
0x00000000
0x006de52e
0x006de38a
0x006de38d
0x006de38d
0x006de391
0x006de392
0x006de392
0x006de392
0x00000000
0x006de37e
0x006de373
0x006d9d8a
0x00000000
0x006d9dae
0x0075ecab
0x0075ecb2
0x0075ed0c
0x0075ed14
0x00000000
0x0075ed24
0x0075ed28
0x0075ed2d
0x0075ed32
0x0075ed43
0x00000000
0x0075ed48
0x0075ecb4
0x0075ecb4
0x0075ecbb
0x0075ecce
0x0075ecce
0x0075ecda
0x0075ecde
0x0075ece3
0x0075ece8
0x0075eced
0x0075ecfa
0x0075ed02
0x00000000
0x0075ed02
0x0075ecc5
0x0075ed0a
0x00000000
0x0075ed0a
0x0075eccc
0x0075ecd5
0x00000000
0x0075ecd5
0x00000000
0x0075eccc
0x0075ecb2

APIs

___swprintf_l.LIBCMT ref: 006DC326
___swprintf_l.LIBCMT ref: 006DE3D1
___swprintf_l.LIBCMT ref: 006DE3F6
___swprintf_l.LIBCMT ref: 006DE540
___swprintf_l.LIBCMT ref: 0075ECFA
___swprintf_l.LIBCMT ref: 0075ED43

Strings

ffff:, xrefs: 0075ECD5
::ffff:0:%u.%u.%u.%u, xrefs: 0075ED3A
:%u.%u.%u.%u, xrefs: 006DC31D
::%hs%u.%u.%u.%u, xrefs: 0075ECF1

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: 29f8d5d14dbef8c631284b97d1fac10d3dfb4d4c70fbe2dd5ffd25a0bb1beed2
Instruction ID: db40c623bf9466e216c4b92ef7ef8a1e0d41c0e03ef7c4b407429cf498154378
Opcode Fuzzy Hash: 29f8d5d14dbef8c631284b97d1fac10d3dfb4d4c70fbe2dd5ffd25a0bb1beed2
Instruction Fuzzy Hash: 6561FAB1D00655A6CB34EF59C4804FE7BB7EF94301758C02EE5964B340D775AB40DB60

Uniqueness

Uniqueness Score: 0.11%

Function 006E3747, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 270
COMMON

C-Code - Quality: 100%

			E006E3747(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr* _v28;
				signed int _v32;
				void* _t115;
				char _t119;
				short _t120;
				intOrPtr* _t124;
				char _t126;
				short _t127;
				void* _t133;
				void* _t136;
				intOrPtr _t142;
				signed int _t154;
				signed int _t175;
				intOrPtr _t178;
				intOrPtr* _t180;
				intOrPtr _t181;
				void* _t184;

				_t180 = _a4;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if( *_t180 == 0) {
					L34:
					 *_a8 = _t180;
					_t181 = _v24;
					if(_t181 != 0) {
						if(_t181 != 3) {
							goto L62;
						}
						_v8 = _v8 + 1;
					}
					_t175 = _v32;
					if(_t175 == 0) {
						if(_v8 == 7) {
							goto L36;
						}
						goto L62;
					}
					L36:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L62;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L40:
						if(_t175 != 0) {
							L00704B80(_a12 + 0x10 + (_t175 - _v8) * 2, _a12 + _t175 * 2, _v8 - _t175 + _v8 - _t175);
							_t115 = 8;
							L00704EC0(_a12 + _t175 * 2, 0, _t115 - _v8 + _t115 - _v8);
						}
						return 0;
					}
					if(_t181 != 0) {
						if(_v12 > 3) {
							goto L62;
						}
						_t119 = E006E38EA(_v28, 0, 0xa);
						_t184 = _t184 + 0xc;
						if(_t119 > 0xff) {
							goto L62;
						}
						 *((char*)(_t181 + _v20 * 2 + _a12)) = _t119;
						goto L40;
					}
					if(_v12 > 4) {
						goto L62;
					}
					_t120 = E006E38EA(_v28, _t181, 0x10);
					_t184 = _t184 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t120;
					goto L40;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L22;
						}
						_t136 = _t123 - 1;
						if(_t136 != 0) {
							_t123 = _t136 == 1;
							if(_t136 == 1) {
								L23:
								if(_v8 > 7) {
									goto L34;
								}
								_t143 = _t142;
								if(E006E3490(_t123, _t142) == 0 || _t129 == 0) {
									if(E006E3490(_t129, _t143) == 0 || E006E3663(_t130, _t143) == 0 || _v24 > 0) {
										goto L34;
									} else {
										_t133 = 1;
										_a7 = 1;
										_v28 = _t180;
										_v16 = 1;
										_v12 = 1;
										L31:
										if(_v16 == _t133) {
											goto L20;
										}
										L8:
										if(_v28 == 0) {
											goto L20;
										}
										_t178 = _v24;
										if(_t178 != 0) {
											if(_v12 > 3) {
												L62:
												return 0xc000000d;
											}
											_t126 = E006E38EA(_v28, 0, 0xa);
											_t184 = _t184 + 0xc;
											if(_t126 > 0xff) {
												goto L62;
											}
											 *((char*)(_t178 + _v20 * 2 + _a12 - 1)) = _t126;
											goto L20;
										}
										if(_v12 > 4) {
											goto L62;
										}
										_t127 = E006E38EA(_v28, 0, 0x10);
										_t184 = _t184 + 0xc;
										_v20 = _v20 + 1;
										 *((short*)(_a12 + _v20 * 2)) = _t127;
										goto L20;
									}
								} else {
									_a7 = 0;
									_v28 = _t180;
									_v16 = 1;
									_v12 = 1;
									L20:
									_t180 = _t180 + 1;
									_t142 =  *_t180;
									if(_t142 == 0) {
										goto L34;
									}
									continue;
								}
							}
							_t133 = 1;
							goto L31;
						}
						_t179 = _t142;
						if(E006E3490(_t136, _t142) == 0 || _t138 == 0) {
							if(E006E3490(_t138, _t179) == 0 || E006E3663(_t139, _t179) == 0) {
								if(_t142 != 0x3a) {
									if(_t142 != 0x2e || _a7 != 0 || _v24 > 2 || _v8 > 6) {
										goto L34;
									} else {
										_v24 = _v24 + 1;
										L7:
										_v16 = _v16 & 0x00000000;
										goto L8;
									}
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L34;
								} else {
									_t124 = _t180 + 1;
									if( *_t124 == _t142) {
										if(_v32 == 0) {
											_v32 = _v8 + 1;
											_t154 = 2;
											_v8 = _v8 + _t154;
											L47:
											_t180 = _t124;
											_v16 = _t154;
											goto L8;
										}
										goto L34;
									}
									_v8 = _v8 + 1;
									goto L7;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L34;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							goto L1;
						}
						L22:
						if(_t142 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L34;
							} else {
								_t124 = _t180 + 1;
								if( *_t124 != _t142) {
									goto L34;
								}
								_v20 = _v20 + 1;
								_t154 = 2;
								_v32 = 1;
								_v8 = _t154;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L47;
							}
						}
						goto L23;
					}
				}
				L1:
				_v12 = _v12 + 1;
				goto L20;
			}

0x006e3753
0x006e3759
0x006e375c
0x006e375f
0x006e3762
0x006e3765
0x006e3768
0x006e376b
0x006e3770
0x006e3855
0x006e3858
0x006e385a
0x006e385f
0x00748353
0x00000000
0x00000000
0x00748359
0x00748359
0x006e3865
0x006e386a
0x00748457
0x00000000
0x00000000
0x00000000
0x00748457
0x006e3870
0x006e3874
0x0075edab
0x00000000
0x00000000
0x0075edb9
0x006e38a8
0x006e38aa
0x006e38c3
0x006e38ca
0x006e38d4
0x006e38d9
0x00000000
0x006e38dc
0x006e387c
0x00748365
0x00000000
0x00000000
0x00748372
0x00748377
0x0074837f
0x00000000
0x00000000
0x0074838e
0x00000000
0x0074838e
0x006e3886
0x00000000
0x00000000
0x006e3892
0x006e389c
0x006e38a4
0x00000000
0x00000000
0x006e3776
0x006e3779
0x006e377b
0x00000000
0x00000000
0x006e377d
0x006e377e
0x006e3926
0x006e3927
0x006e37e4
0x006e37e8
0x00000000
0x00000000
0x006e37ea
0x006e37f6
0x006e381e
0x00000000
0x006e3831
0x006e3833
0x006e3834
0x006e3838
0x006e383b
0x006e383e
0x006e3841
0x006e3844
0x00000000
0x00000000
0x006e36fe
0x006e3703
0x00000000
0x00000000
0x006e3709
0x006e370e
0x0074842a
0x0074845d
0x00000000
0x0074845d
0x00748432
0x00748437
0x0074843f
0x00000000
0x00000000
0x0074844a
0x00000000
0x0074844a
0x006e3718
0x00000000
0x00000000
0x006e3724
0x006e372e
0x006e3731
0x006e3739
0x00000000
0x006e3739
0x006e3803
0x006e3806
0x006e380a
0x006e380d
0x006e3810
0x006e37d0
0x006e37d0
0x006e37d1
0x006e37d5
0x00000000
0x00000000
0x00000000
0x006e37d7
0x006e37f6
0x0075ed63
0x00000000
0x0075ed63
0x006e3784
0x006e3790
0x006e37aa
0x006e36d2
0x00748324
0x00000000
0x00748348
0x00748348
0x006e36fa
0x006e36fa
0x00000000
0x006e36fa
0x00748324
0x006e36dc
0x00000000
0x006e36ec
0x006e36ec
0x006e36f1
0x006e384f
0x006e3938
0x006e393b
0x006e393c
0x006e393f
0x006e393f
0x006e3941
0x00000000
0x006e3941
0x00000000
0x006e384f
0x006e36f7
0x00000000
0x006e36f7
0x006e37bf
0x006e37bf
0x006e37c6
0x00000000
0x00000000
0x006e37cc
0x00000000
0x006e37cc
0x00000000
0x00000000
0x00000000
0x006e37db
0x006e37de
0x0075ed6c
0x00000000
0x0075ed7b
0x0075ed7b
0x0075ed80
0x00000000
0x00000000
0x0075ed90
0x0075ed93
0x0075ed94
0x0075ed9b
0x0075ed9e
0x00000000
0x0075ed9e
0x0075ed6c
0x00000000
0x006e37de
0x006e3776
0x006e362a
0x006e362a
0x00000000

APIs

__fassign.LIBCMT ref: 006E3724
__fassign.LIBCMT ref: 006E3892
__fassign.LIBCMT ref: 00748372

Part of subcall function 006E38EA: __cftof.LIBCMT ref: 006E38FA

__fassign.LIBCMT ref: 00748432

Strings

:, xrefs: 006E36CF
:, xrefs: 006E37DB
., xrefs: 00748321

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID: __fassign$__cftof
String ID: .$:$:
API String ID: 719083814-2308638275
Opcode ID: ed0c4c3c8d53cf5604481f181fd10ba09e4b0497798efa1efc41dea83925a216
Instruction ID: 8dc989d88b6aee3eb09b410ceb40b87000cca04b87a8f3d32998caf5867bbf20
Opcode Fuzzy Hash: ed0c4c3c8d53cf5604481f181fd10ba09e4b0497798efa1efc41dea83925a216
Instruction Fuzzy Hash: 4EA18F71D023AAEBDF24CF6AC8096AF77B6AF05300F24846EE412A7381D7349B45CB55

Uniqueness

Uniqueness Score: 6.12%

Function 006FA160, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 196
UNIQUE

C-Code - Quality: 63%

			E006FA160(signed int _a4, char _a8) {
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t38;
				signed int* _t41;
				signed int _t43;
				void* _t44;
				void* _t50;
				void* _t55;
				void* _t56;
				void* _t57;
				void* _t58;
				void* _t59;
				intOrPtr _t60;
				void* _t62;
				signed int _t67;
				signed int _t74;
				signed int _t78;
				signed int _t81;
				intOrPtr _t90;
				signed int _t93;
				void* _t94;
				signed int _t98;
				void* _t102;
				void* _t103;
				signed int _t110;
				signed int _t124;
				void* _t137;
				void* _t138;
				void* _t139;
				signed int _t143;

				_t81 = _a4;
				_t98 =  *(_t81 + 0x28);
				_t38 = _t81 + 0x28;
				if(_t98 < 0) {
					_t90 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t81 + 0x2c)) -  *((intOrPtr*)(_t90 + 0x24));
					if( *((intOrPtr*)(_t81 + 0x2c)) !=  *((intOrPtr*)(_t90 + 0x24))) {
						goto L31;
					} else {
						__eflags = _t98 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L31:
					while(1) {
						L32:
						__eflags = _t98;
						if(_t98 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t81 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t81 + 0x34)) + 0x14)) + 1;
							_t41 = _t81 + 0x1c;
							asm("lock xadd [edx], ecx");
							_t98 =  *(_t81 + 0x28);
							__eflags = _t98;
							if(_t98 >= 0) {
								_t92 =  *_t41;
								__eflags = _t92;
								if(__eflags > 0) {
									while(1) {
										_t78 = _t92;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t78 - _t92;
										if(_t78 == _t92) {
											break;
										}
										_t92 = _t78;
										__eflags = _t78;
										if(_t78 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t92;
								}
								if(__eflags == 0) {
									goto L11;
								} else {
									continue;
								}
							} else {
								L11:
								_t110 = 0;
								__eflags = 0;
								while(1) {
									_t101 =  *(_t81 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t124 =  !( ~( *(_t81 + 0x30) & 1)) & 0x007a8318;
									_push(_t124);
									_push(0);
									_push( *((intOrPtr*)(_t81 + 0x18)));
									_t43 = E007165E0();
									__eflags = _t43 - 0x102;
									if(_t43 != 0x102) {
										break;
									}
									_t92 =  *(_t124 + 4);
									_t102 =  *_t124;
									_t44 = L00703EC0(_t102,  *(_t124 + 4), 0xff676980, 0xffffffff);
									_push(_t102);
									_push(_t44);
									L006F1ACE(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t110);
									L006F1ACE(0x65, 0, "RTL: Resource at %p\n", _t81);
									_t110 = _t110 + 1;
									_t138 = _t137 + 0x28;
									__eflags = _t110 - 2;
									if(_t110 > 2) {
										E007715D8(_t92, _t81);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									L006F1ACE();
									_t137 = _t138 + 0xc;
								}
								__eflags = _t43;
								if(__eflags < 0) {
									L00716CC5(_t92, _t101, _t110, _t124, __eflags, _t43);
									asm("int3");
									while(1) {
										L45:
										_t93 =  *(_t124 + 4);
										_t103 =  *_t124;
										_t50 = L00703EC0(_t103, _t93, 0xff676980, 0xffffffff);
										_push(_t103);
										_push(_t50);
										L006F1ACE(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t110);
										L006F1ACE(0x65, 0, "RTL: Resource at %p\n", _t81);
										_t110 = _t110 + 1;
										_t139 = _t137 + 0x28;
										__eflags = _t110 - 2;
										if(__eflags > 0) {
											E007715D8(_t93, _t81);
										}
										_push("RTL: Re-Waiting\n");
										_push(0);
										_push(0x65);
										L006F1ACE();
										_t137 = _t139 + 0xc;
										while(1) {
											L18:
											_t105 =  *(_t81 + 0x30) & 0x00000001;
											asm("sbb esi, esi");
											_t124 =  !( ~( *(_t81 + 0x30) & 1)) & 0x007a8318;
											_push(_t124);
											_push(0);
											_push( *((intOrPtr*)(_t81 + 0x20)));
											_t55 = E007165E0();
											if(_t55 == 0x102) {
												goto L45;
											}
											if(_t55 < 0) {
												_t56 = L00716CC5(_t93, _t105, _t110, _t124, __eflags, _t55);
												asm("int3");
												_t57 = L00716CC5(_t93, _t105, _t110, _t124, __eflags, _t56);
												_t58 = L00716CC5(_t93, _t105, _t110, _t124, __eflags, _t57);
												_t59 = L00716CC5(_t93, _t105, _t110, _t124, __eflags, _t58);
												asm("int3");
												while(1) {
													_t94 = _t59;
													__eflags = _t59 - 1;
													if(_t59 != 1) {
														break;
													}
													_t110 = _t110 | 0xffffffff;
													_t59 = _t94;
													asm("lock cmpxchg [ebx], edi");
													__eflags = _t59 - _t94;
													if(_t59 != _t94) {
														continue;
													} else {
														_t60 =  *[fs:0x18];
														 *((intOrPtr*)(_t124 + 0x2c)) =  *((intOrPtr*)(_t60 + 0x24));
														return _t60;
													}
													goto L56;
												}
												E006F9485(_t94, _t110, _t124);
												_t62 = E006F9505(_t124, 1);
												return _t62;
											} else {
												_t38 =  *(_t81 + 0x28);
												L28:
												while(_t38 != 0) {
													__eflags = _a8;
													if(_a8 == 0) {
														__eflags = 0;
														return 0;
													} else {
														 *((intOrPtr*)( *((intOrPtr*)(_t81 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t81 + 0x34)) + 0x14)) + 1;
														_t98 = _t81 + 0x24;
														_t93 = 1;
														asm("lock xadd [eax], ecx");
														_t38 =  *(_t81 + 0x28);
														_a4 = _t38;
														__eflags = _t38;
														if(__eflags == 0) {
															_t93 =  *_t98;
															if(_t93 > 0) {
																while(1) {
																	_t67 = _t93;
																	asm("lock cmpxchg [edi], esi");
																	if(_t67 == _t93) {
																		break;
																	}
																	_t93 = _t67;
																	__eflags = _t67;
																	if(__eflags <= 0) {
																		break;
																	} else {
																		continue;
																	}
																	goto L56;
																}
																_t38 = _a4;
																_t143 = _t93;
															}
															if(_t143 != 0) {
																continue;
															} else {
																goto L17;
															}
														} else {
															L17:
															_t110 = 0;
															goto L18;
														}
													}
													goto L56;
												}
												_t93 = _t93 | 0xffffffff;
												_t38 = 0;
												asm("lock cmpxchg [edx], ecx");
												if(0 != 0) {
													goto L28;
												} else {
													 *((intOrPtr*)(_t81 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
													return 1;
												}
											}
											goto L56;
										}
									}
								} else {
									_t98 =  *(_t81 + 0x28);
									continue;
								}
							}
						}
						goto L56;
					}
					_t74 = _t98;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t74 - _t98;
					if(_t74 != _t98) {
						_t98 = _t74;
						goto L32;
					} else {
						return 1;
					}
				}
				L56:
			}

0x006fa166
0x006fa169
0x006fa16c
0x006fa172
0x006e24aa
0x006e24b4
0x006e24b7
0x00000000
0x006e24bd
0x006e24bd
0x006e24c0
0x006e24c9
0x006e24c9
0x006fa178
0x006fa178
0x006fa179
0x006fa179
0x006fa179
0x006fa17b
0x00000000
0x00000000
0x006d6ee9
0x006d6eed
0x00751a3b
0x00751a3f
0x006d6ef3
0x006d6ef6
0x006d6ef9
0x006d6f03
0x006d6f07
0x006d6f0a
0x006d6f0c
0x007519b4
0x007519b6
0x007519b8
0x007519c0
0x007519ca
0x007519cc
0x007519d0
0x007519d2
0x00000000
0x00000000
0x007519d4
0x007519d6
0x007519d8
0x00000000
0x00000000
0x00000000
0x007519d8
0x007519da
0x007519da
0x006d9951
0x00000000
0x006d9957
0x00000000
0x006d9957
0x006d6f12
0x006d6f12
0x006d6f12
0x006d6f12
0x006d6f14
0x006d6f1a
0x006d6f22
0x006d6f26
0x006d6f2c
0x006d6f2d
0x006d6f2f
0x006d6f30
0x006d6f35
0x006d6f3a
0x00000000
0x00000000
0x007519e1
0x007519e4
0x007519ef
0x007519f4
0x007519f5
0x00751a00
0x00751a0f
0x00751a14
0x00751a15
0x00751a18
0x00751a1b
0x00751a1e
0x00751a1e
0x00751a23
0x00751a28
0x00751a2a
0x00751a2c
0x00751a31
0x00751a31
0x006d6f40
0x006d6f42
0x00751a43
0x00751a48
0x00751a49
0x00751a49
0x00751a49
0x00751a4c
0x00751a57
0x00751a5c
0x00751a5d
0x00751a68
0x00751a77
0x00751a7c
0x00751a7d
0x00751a80
0x00751a83
0x00751a86
0x00751a86
0x00751a8b
0x00751a90
0x00751a92
0x00751a94
0x00751a99
0x006d98ed
0x006d98ed
0x006d98f3
0x006d98fb
0x006d98ff
0x006d9905
0x006d9906
0x006d9908
0x006d9909
0x006d9913
0x00000000
0x00000000
0x006d991b
0x00751aab
0x00751ab0
0x00751ab2
0x00751ab8
0x00751abe
0x00751ac3
0x00751ac4
0x00751ac4
0x00751ac6
0x00751ac9
0x00000000
0x00000000
0x006dc35f
0x006dc364
0x006dc366
0x006dc36a
0x006dc36c
0x00000000
0x006dc372
0x006dc372
0x006dc37d
0x006dc382
0x006dc382
0x00000000
0x006dc36c
0x00751ad0
0x00751ad8
0x00751ae1
0x006d9921
0x006d9921
0x00000000
0x006f951e
0x006d98bf
0x006d98c3
0x00751aa3
0x00751aa7
0x006d98c9
0x006d98cc
0x006d98cf
0x006d98d4
0x006d98d9
0x006d98dd
0x006d98e0
0x006d98e3
0x006d98e5
0x006d2f64
0x006d2f68
0x006d2f6d
0x006d2f74
0x006d2f76
0x006d2f7c
0x00000000
0x00000000
0x006d2f8e
0x006d2f90
0x006d2f92
0x00000000
0x006d2f94
0x00000000
0x006d2f94
0x00000000
0x006d2f92
0x006d2f7e
0x006d2f81
0x006d2f81
0x006d2f83
0x00000000
0x006d2f89
0x00000000
0x006d2f89
0x006d98eb
0x006d98eb
0x006d98eb
0x00000000
0x006d98eb
0x006d98e5
0x00000000
0x006d98c3
0x006f952b
0x006f952e
0x006f9530
0x006f9536
0x00000000
0x006f9538
0x006f9543
0x006f954a
0x006f954a
0x006f9536
0x00000000
0x006d991b
0x006d98ed
0x006d6f48
0x006d6f48
0x00000000
0x006d6f48
0x006d6f42
0x006d6f0c
0x00000000
0x006d6eed
0x006fa18b
0x006fa18d
0x006fa191
0x006fa193
0x006d994a
0x00000000
0x006fa199
0x006fa19f
0x006fa19f
0x006fa193
0x00000000

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007519EF
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00751A57

Strings

RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 007519F7
RTL: Re-Waiting, xrefs: 00751A23, 00751A8B
RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 00751A5F
RTL: Resource at %p, xrefs: 00751A06, 00751A6E

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 885266447-4236105082
Opcode ID: 8bdffebd507b8a877a37a4754e2b2334857e5a3bed95cb848d85b850ba4ce647
Instruction ID: 8cde2d0d8b6d9038d63491ed6ee1f8ffd2e24a8858606fb84bce2ab87813a8d6
Opcode Fuzzy Hash: 8bdffebd507b8a877a37a4754e2b2334857e5a3bed95cb848d85b850ba4ce647
Instruction Fuzzy Hash: EC515971B002019BEB15CA18CC81FE2339A9F84721F24422AFD59DF3C5D965EC86C7A4

Uniqueness

Uniqueness Score: 100.00%

Function 006DE426, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 88
COMMON

C-Code - Quality: 64%

			E006DE426(void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t39;
				signed int _t43;
				signed int _t44;
				intOrPtr _t45;
				void* _t50;
				intOrPtr* _t51;
				void* _t53;
				signed int _t56;
				void* _t57;

				_t50 = __edx;
				_t24 =  *0x7a81e8; // 0x77d55b89
				_v8 = _t24 ^ _t56;
				_t45 = _a16;
				_t52 = _a4;
				_t51 = _a20;
				if(_a4 == 0 || _t51 == 0) {
					L12:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t51 == _t45) {
							goto L3;
						} else {
							goto L12;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t44 = L006F7ACB();
							_t57 = _t57 + 0xc;
							_t28 = _t56 + _t44 * 2 - 0x88;
						}
						_t53 = E006DE32D(_t52, _t28);
						if(_a8 != 0) {
							_t43 = L006F7ACB(_t53,  &_v10 - _t53 >> 1, L"%%%u", _a8);
							_t57 = _t57 + 0x10;
							_t53 = _t53 + _t43 * 2;
						}
						if(_a12 != 0) {
							_t39 = L006F7ACB(_t53,  &_v10 - _t53 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t57 = _t57 + 0x10;
							_t53 = _t53 + _t39 * 2;
						}
						_t52 = (_t53 -  &_v140 >> 1) + 1;
						 *_t51 = _t52;
						if( *_t51 < _t52) {
							goto L12;
						} else {
							E00704830(_t45,  &_v140, _t52 + _t52);
							_t26 = 0;
						}
					}
				}
				return L00722F0C(_t26, _t45, _v8 ^ _t56, _t50, _t51, _t52);
			}

0x006de426
0x006de431
0x006de438
0x006de43c
0x006de440
0x006de444
0x006de449
0x007469c0
0x007469c0
0x006de457
0x006de459
0x007469cc
0x00000000
0x007469d2
0x00000000
0x007469d2
0x006de45f
0x006de45f
0x006de464
0x006de46a
0x006de46c
0x006de471
0x006de473
0x006de474
0x006de479
0x006de47c
0x006de47c
0x006de48e
0x006de490
0x006de4a3
0x006de4a8
0x006de4ab
0x006de4ab
0x006de4b3
0x006de4cf
0x006de4d4
0x006de4d7
0x006de4d7
0x006de4e4
0x006de4e7
0x006de4e9
0x00000000
0x006de4ef
0x006de4fb
0x006de503
0x006de503
0x006de4e9
0x006de459
0x006de513

APIs

___swprintf_l.LIBCMT ref: 006DE474

Part of subcall function 006DE32D: ___swprintf_l.LIBCMT ref: 006DC326
Part of subcall function 006DE32D: ___swprintf_l.LIBCMT ref: 006DE3D1
Part of subcall function 006DE32D: ___swprintf_l.LIBCMT ref: 006DE3F6
Part of subcall function 006DE32D: ___swprintf_l.LIBCMT ref: 006DE540
Part of subcall function 006DE32D: ___swprintf_l.LIBCMT ref: 0075ECFA
Part of subcall function 006DE32D: ___swprintf_l.LIBCMT ref: 0075ED43

___swprintf_l.LIBCMT ref: 006DE4A3
___swprintf_l.LIBCMT ref: 006DE4CF

Strings

]:%u, xrefs: 006DE4C6
%%%u, xrefs: 006DE49A

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$]:%u
API String ID: 48624451-3050659472
Opcode ID: 5c5cc9d52ac559effde5d13a063e61d8cc7e9d48694108a7f914cc71191743bd
Instruction ID: 0959d62ee7dc4b5899779782d042d39914be233e4280ec84de46060ecf34f981
Opcode Fuzzy Hash: 5c5cc9d52ac559effde5d13a063e61d8cc7e9d48694108a7f914cc71191743bd
Instruction Fuzzy Hash: 2F21B972900229ABCB10EF58DC45AEE73ADEB40700F858056FD44D7241DB75EE59CBE1

Uniqueness

Uniqueness Score: 0.11%

Function 006F9505, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 150
UNIQUE

C-Code - Quality: 60%

			E006F9505(signed int _a4, char _a8) {
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t24;
				void* _t29;
				void* _t30;
				void* _t35;
				void* _t36;
				void* _t37;
				void* _t38;
				intOrPtr _t39;
				void* _t41;
				signed int _t43;
				signed int _t50;
				signed int _t58;
				void* _t60;
				signed int* _t62;
				intOrPtr _t63;
				void* _t67;
				signed int _t71;
				signed int _t82;
				void* _t87;
				void* _t88;
				signed int _t92;

				_t50 = _a4;
				_t24 =  *(_t50 + 0x28);
				if(_t24 < 0) {
					_t63 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t50 + 0x2c)) -  *((intOrPtr*)(_t63 + 0x24));
					if( *((intOrPtr*)(_t50 + 0x2c)) !=  *((intOrPtr*)(_t63 + 0x24))) {
						goto L19;
					} else {
						__eflags = _t24 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L19:
					L20:
					while(_t24 != 0) {
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t50 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t50 + 0x34)) + 0x14)) + 1;
							_t62 = _t50 + 0x24;
							_t58 = 1;
							asm("lock xadd [eax], ecx");
							_t24 =  *(_t50 + 0x28);
							_a4 = _t24;
							__eflags = _t24;
							if(__eflags == 0) {
								_t58 =  *_t62;
								if(_t58 > 0) {
									while(1) {
										_t43 = _t58;
										asm("lock cmpxchg [edi], esi");
										if(_t43 == _t58) {
											break;
										}
										_t58 = _t43;
										__eflags = _t43;
										if(__eflags <= 0) {
											break;
										} else {
											continue;
										}
										goto L34;
									}
									_t24 = _a4;
									_t92 = _t58;
								}
								if(_t92 != 0) {
									continue;
								} else {
									goto L11;
								}
							} else {
								L11:
								_t71 = 0;
								while(1) {
									_t66 =  *(_t50 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t82 =  !( ~( *(_t50 + 0x30) & 1)) & 0x007a8318;
									_push(_t82);
									_push(0);
									_push( *((intOrPtr*)(_t50 + 0x20)));
									_t29 = E007165E0();
									if(_t29 != 0x102) {
										break;
									}
									_t58 =  *(_t82 + 4);
									_t67 =  *_t82;
									_t30 = L00703EC0(_t67, _t58, 0xff676980, 0xffffffff);
									_push(_t67);
									_push(_t30);
									L006F1ACE(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t71);
									L006F1ACE(0x65, 0, "RTL: Resource at %p\n", _t50);
									_t71 = _t71 + 1;
									_t88 = _t87 + 0x28;
									__eflags = _t71 - 2;
									if(__eflags > 0) {
										E007715D8(_t58, _t50);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									L006F1ACE();
									_t87 = _t88 + 0xc;
								}
								if(_t29 < 0) {
									_t35 = L00716CC5(_t58, _t66, _t71, _t82, __eflags, _t29);
									asm("int3");
									_t36 = L00716CC5(_t58, _t66, _t71, _t82, __eflags, _t35);
									_t37 = L00716CC5(_t58, _t66, _t71, _t82, __eflags, _t36);
									_t38 = L00716CC5(_t58, _t66, _t71, _t82, __eflags, _t37);
									asm("int3");
									while(1) {
										_t60 = _t38;
										__eflags = _t38 - 1;
										if(_t38 != 1) {
											break;
										}
										_t71 = _t71 | 0xffffffff;
										_t38 = _t60;
										asm("lock cmpxchg [ebx], edi");
										__eflags = _t38 - _t60;
										if(_t38 != _t60) {
											continue;
										} else {
											_t39 =  *[fs:0x18];
											 *((intOrPtr*)(_t82 + 0x2c)) =  *((intOrPtr*)(_t39 + 0x24));
											return _t39;
										}
										goto L34;
									}
									E006F9485(_t60, _t71, _t82);
									_push(1);
									_t41 = E006F9505(_t82);
									return _t41;
								} else {
									_t24 =  *(_t50 + 0x28);
									continue;
								}
							}
						}
						goto L34;
					}
					_t58 = _t58 | 0xffffffff;
					_t24 = 0;
					asm("lock cmpxchg [edx], ecx");
					if(0 != 0) {
						goto L20;
					} else {
						 *((intOrPtr*)(_t50 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L34:
			}

0x006f950b
0x006f950e
0x006f9517
0x006e2488
0x006e2492
0x006e2495
0x00000000
0x006e249b
0x006e249b
0x006e249e
0x006e24a7
0x006e24a7
0x006f951d
0x006f951d
0x00000000
0x006f951e
0x006d98bf
0x006d98c3
0x00751aa3
0x00751aa7
0x006d98c9
0x006d98cc
0x006d98cf
0x006d98d4
0x006d98d9
0x006d98dd
0x006d98e0
0x006d98e3
0x006d98e5
0x006d2f64
0x006d2f68
0x006d2f6d
0x006d2f74
0x006d2f76
0x006d2f7c
0x00000000
0x00000000
0x006d2f8e
0x006d2f90
0x006d2f92
0x00000000
0x006d2f94
0x00000000
0x006d2f94
0x00000000
0x006d2f92
0x006d2f7e
0x006d2f81
0x006d2f81
0x006d2f83
0x00000000
0x006d2f89
0x00000000
0x006d2f89
0x006d98eb
0x006d98eb
0x006d98eb
0x006d98ed
0x006d98f3
0x006d98fb
0x006d98ff
0x006d9905
0x006d9906
0x006d9908
0x006d9909
0x006d9913
0x00000000
0x00000000
0x00751a49
0x00751a4c
0x00751a57
0x00751a5c
0x00751a5d
0x00751a68
0x00751a77
0x00751a7c
0x00751a7d
0x00751a80
0x00751a83
0x00751a86
0x00751a86
0x00751a8b
0x00751a90
0x00751a92
0x00751a94
0x00751a99
0x00751a99
0x006d991b
0x00751aab
0x00751ab0
0x00751ab2
0x00751ab8
0x00751abe
0x00751ac3
0x00751ac4
0x00751ac4
0x00751ac6
0x00751ac9
0x00000000
0x00000000
0x006dc35f
0x006dc364
0x006dc366
0x006dc36a
0x006dc36c
0x00000000
0x006dc372
0x006dc372
0x006dc37d
0x006dc382
0x006dc382
0x00000000
0x006dc36c
0x00751ad0
0x00751ad5
0x00751ad8
0x00751ae1
0x006d9921
0x006d9921
0x00000000
0x006d9921
0x006d991b
0x006d98e5
0x00000000
0x006d98c3
0x006f952b
0x006f952e
0x006f9530
0x006f9536
0x00000000
0x006f9538
0x006f9543
0x006f954a
0x006f954a
0x006f9536
0x00000000

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00751A57

Strings

RTL: Re-Waiting, xrefs: 00751A8B
RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 00751A5F
RTL: Resource at %p, xrefs: 00751A6E

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 885266447-871070163
Opcode ID: 067c085421aef2d0914932549b9c4229cdc5b0f796bf6f7590fae18c51d0ee87
Instruction ID: 1b6d126614df43850b642a6e6063bf9d1fd4debefbd46d0cbc0f4bfb5be6989a
Opcode Fuzzy Hash: 067c085421aef2d0914932549b9c4229cdc5b0f796bf6f7590fae18c51d0ee87
Instruction Fuzzy Hash: C1416971B002059BDB159F28CC85FE673AADF95720F20422AF919DB3C1DA25EC86C7E0

Uniqueness

Uniqueness Score: 100.00%

Function 006D60BE, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 246
COMMON

C-Code - Quality: 94%

			E006D60BE(intOrPtr* _a4, signed int _a8, signed char _a12, signed int _a16) {
				signed int _v5;
				intOrPtr* _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				signed char _v36;
				signed char _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t117;
				signed int _t119;
				signed int _t120;
				void* _t121;
				signed int _t122;
				signed int _t123;
				intOrPtr _t124;
				intOrPtr _t126;
				void* _t128;
				signed int _t131;
				signed int _t133;
				signed int _t137;
				void* _t142;
				intOrPtr _t145;
				signed int _t148;
				signed int _t150;
				intOrPtr* _t151;
				signed char _t153;
				signed int _t160;
				void* _t162;
				signed char _t164;
				void* _t167;
				intOrPtr* _t168;
				intOrPtr* _t171;
				signed int _t173;
				signed int _t174;
				void* _t175;

				_t151 = _a8;
				_t117 = _a4;
				_t148 = 0;
				if(_t151 != 0) {
					 *_t151 = _t117;
				}
				if(_t117 == _t148 || _a12 != _t148 && (_a12 < 2 || _a12 > 0x24)) {
					_push(_t148);
					_push(_t148);
					_push(_t148);
					_push(_t148);
					_push(_t148);
					L00778D29(_t148, _t151, _t162, _t167, _t173);
					_t119 = 0;
					goto L33;
				} else {
					_push(_t173);
					_push(_t167);
					_v20 = _t148;
					_v16 = _t148;
					_v5 =  *_t117;
					_t9 = _t117 + 1; // 0x1
					_t168 = _t9;
					while(1) {
						_t120 = _v5 & 0x000000ff;
						_t173 = _t173 | 0xffffffff;
						if(_t120 != _t173) {
							_t173 = _t120;
						}
						_t121 = E006E3285();
						_t164 = 8;
						if(( *(_t121 + _t173 * 2) & _t164) != 0) {
							goto L36;
						} else {
							break;
						}
						do {
							L36:
							_t122 =  *_t168;
							_t168 = _t168 + 1;
							__eflags = _t122 - _v5;
						} while (_t122 == _v5);
						_v5 = _t122;
					}
					_v12 = _t168;
					if(_v5 == 0x2d) {
						_t66 =  &_a16;
						 *_t66 = _a16 | 0x00000002;
						__eflags =  *_t66;
						L39:
						_t123 =  *_t168;
						_t168 = _t168 + 1;
						_v12 = _t168;
						_v5 = _t123;
						L11:
						_t153 = 0x10;
						if(_a12 == _t148) {
							__eflags = _v5 - 0x30;
							if(_v5 == 0x30) {
								_t124 =  *_t168;
								__eflags = _t124 - 0x78;
								if(_t124 == 0x78) {
									L45:
									_a12 = _t153;
									goto L12;
								}
								__eflags = _t124 - 0x58;
								if(_t124 == 0x58) {
									goto L45;
								}
								_a12 = _t164;
								L13:
								asm("cdq");
								_t169 = _a12;
								_v40 = _t164;
								_t126 = E00704250(0xffffffff, 0xffffffff, _a12, _t164);
								_v36 = _t153;
								_v32 = _t148;
								_v28 = _t126;
								_v24 = _t164;
								while(1) {
									_t174 = _v5 & 0x000000ff;
									_t148 = _t148 | 0xffffffff;
									if(_t174 != _t148) {
										_t148 = _t174;
									}
									if(( *(E006E3285() + _t148 * 2) & 0x00000004) == 0) {
										goto L22;
									}
									_t175 = _v5 - 0x30;
									L18:
									if(_t175 >= _a12) {
										L24:
										_t150 = _a16;
										_v12 = _v12 - 1;
										__eflags = _t150 & 0x00000008;
										if((_t150 & 0x00000008) == 0) {
											__eflags = _a8;
											if(_a8 != 0) {
												_v12 = _a4;
											}
											_v20 = 0;
											_v16 = 0;
											L30:
											_t133 = _a8;
											__eflags = _t133;
											if(_t133 != 0) {
												 *_t133 = _v12;
											}
											__eflags = _t150 & 0x00000002;
											if((_t150 & 0x00000002) != 0) {
												asm("adc ecx, 0x0");
												_v20 =  ~_v20;
												_v16 =  ~_v16;
											}
											_t119 = _v20;
											L33:
											return _t119;
										}
										__eflags = _t150 & 0x00000004;
										if((_t150 & 0x00000004) != 0) {
											L72:
											 *0x7af864 = 0x22;
											__eflags = _t150 & 0x00000001;
											if((_t150 & 0x00000001) == 0) {
												__eflags = _t150 & 0x00000002;
												if((_t150 & 0x00000002) == 0) {
													_v20 = _v20 | 0xffffffff;
													_v16 = 0x7fffffff;
												} else {
													_v20 = _v20 & 0x00000000;
													_v16 = 0x80000000;
												}
											} else {
												_v20 = _v20 | 0xffffffff;
												_v16 = _v16 | 0xffffffff;
											}
											goto L30;
										}
										__eflags = _t150 & 0x00000001;
										if((_t150 & 0x00000001) != 0) {
											goto L30;
										}
										_t137 = _t150 & 0x00000002;
										__eflags = _t137;
										if(_t137 != 0) {
											__eflags = _v16 - 0x80000000;
											if(__eflags > 0) {
												goto L72;
											}
											if(__eflags < 0) {
												goto L28;
											}
											__eflags = _v20;
											if(_v20 <= 0) {
												goto L28;
											}
											goto L72;
										}
										L28:
										__eflags = _t137;
										if(_t137 != 0) {
											goto L30;
										}
										__eflags = _v16 - 0x7fffffff;
										if(__eflags >= 0) {
											if(__eflags > 0) {
												goto L72;
											}
											__eflags = _v20 - 0xffffffff;
											if(_v20 <= 0xffffffff) {
												goto L30;
											}
											goto L72;
										}
										goto L30;
									}
									_t160 = _v16;
									_a16 = _a16 | 0x00000008;
									if(_t160 >= _v24) {
										if(__eflags > 0) {
											L56:
											__eflags = _v20 - _v28;
											if(_v20 != _v28) {
												L61:
												_a16 = _a16 | 0x00000004;
												__eflags = _a8;
												if(__eflags == 0) {
													goto L24;
												}
												L21:
												_v12 = _v12 + 1;
												_v5 =  *_v12;
												continue;
											}
											__eflags = _t160 - _v24;
											if(_t160 != _v24) {
												goto L61;
											}
											__eflags = 0 - _v32;
											if(__eflags < 0) {
												goto L20;
											}
											if(__eflags > 0) {
												goto L61;
											}
											__eflags = _t175 - _v36;
											if(_t175 <= _v36) {
												goto L20;
											}
											goto L61;
										}
										__eflags = _v20 - _v28;
										if(_v20 < _v28) {
											goto L20;
										}
										goto L56;
									}
									L20:
									_t142 = E00704080(_t169, _v40, _v20, _t160);
									asm("adc edx, ecx");
									_v20 = _t142 + _t175;
									_v16 = _t164;
									goto L21;
									L22:
									__eflags = _t174 - 0xffffffff;
									if(_t174 == 0xffffffff) {
										_t174 = _t174;
									}
									_t128 = E006E3285();
									__eflags =  *(_t128 + _t174 * 2) & 0x00000103;
									if(( *(_t128 + _t174 * 2) & 0x00000103) != 0) {
										__eflags = _v5 - 0x61 - 0x19;
										_t131 = _v5;
										if(__eflags <= 0) {
											_t131 = _t131 - 0x20;
											__eflags = _t131;
										}
										_t79 = _t131 - 0x37; // -39
										_t175 = _t79;
										goto L18;
									} else {
										goto L24;
									}
								}
							}
							_a12 = 0xa;
							goto L13;
						}
						L12:
						if(_a12 == _t153) {
							__eflags = _v5 - 0x30;
							if(_v5 != 0x30) {
								goto L13;
							}
							_t145 =  *_t168;
							__eflags = _t145 - 0x78;
							if(_t145 == 0x78) {
								L49:
								_t171 = _t168 + 1;
								_v5 =  *_t171;
								_v12 = _t171 + 1;
								goto L13;
							}
							__eflags = _t145 - 0x58;
							if(_t145 != 0x58) {
								goto L13;
							}
							goto L49;
						}
						goto L13;
					}
					if(_v5 == 0x2b) {
						goto L39;
					}
					goto L11;
				}
			}

0x006d60c3
0x006d60c6
0x006d60cd
0x006d60d1
0x0076233b
0x0076233b
0x006d60d9
0x00762342
0x00762343
0x00762344
0x00762345
0x00762346
0x00762347
0x0076234f
0x00000000
0x006d60f8
0x006d60fa
0x006d60fb
0x006d60fc
0x006d60ff
0x006d6102
0x006d6105
0x006d6105
0x006d6108
0x006d6108
0x006d610c
0x006d6111
0x006d6113
0x006d6113
0x006d6115
0x006d611c
0x006d6120
0x00000000
0x00000000
0x00000000
0x00000000
0x00762358
0x00762358
0x00762358
0x0076235a
0x0076235b
0x0076235b
0x00762360
0x00762360
0x006d612a
0x006d612d
0x00762368
0x00762368
0x00762368
0x0076236c
0x0076236c
0x0076236e
0x0076236f
0x00762372
0x006d613d
0x006d613f
0x006d6143
0x0076237a
0x0076237e
0x0076238c
0x0076238e
0x00762390
0x0076239e
0x0076239e
0x00000000
0x0076239e
0x00762392
0x00762394
0x00000000
0x00000000
0x00762396
0x006d6152
0x006d6155
0x006d6157
0x006d615e
0x006d6161
0x006d6166
0x006d6169
0x006d616c
0x006d616f
0x006d6172
0x006d6172
0x006d6176
0x006d617b
0x006d617d
0x006d617d
0x006d6188
0x00000000
0x00000000
0x006d618e
0x006d6191
0x006d6194
0x006d61e9
0x006d61e9
0x006d61ec
0x006d61f1
0x006d61f4
0x00762432
0x00762435
0x0076243a
0x0076243a
0x0076243d
0x00762440
0x006d622a
0x006d622a
0x006d622d
0x006d622f
0x007624a7
0x007624a7
0x006d6235
0x006d6238
0x007624b6
0x007624bb
0x007624be
0x007624be
0x006d623e
0x006d6244
0x006d6246
0x006d6246
0x006d6204
0x006d6207
0x0076246b
0x0076246b
0x00762475
0x00762478
0x00762487
0x0076248a
0x00762498
0x0076249c
0x0076248c
0x0076248c
0x00762490
0x00762490
0x0076247a
0x0076247a
0x0076247e
0x0076247e
0x00000000
0x00762478
0x006d620d
0x006d6210
0x00000000
0x00000000
0x006d6214
0x006d6214
0x006d6217
0x00762448
0x0076244b
0x00000000
0x00000000
0x0076244d
0x00000000
0x00000000
0x00762453
0x00762457
0x00000000
0x00000000
0x00000000
0x0076245d
0x006d621d
0x006d621d
0x006d621f
0x00000000
0x00000000
0x006d6221
0x006d6224
0x0076245f
0x00000000
0x00000000
0x00762461
0x00762465
0x00000000
0x00000000
0x00000000
0x00762465
0x00000000
0x006d6224
0x006d6196
0x006d6199
0x006d61a0
0x007623ec
0x007623fa
0x007623fd
0x00762400
0x0076241d
0x0076241d
0x00762421
0x00762425
0x00000000
0x00000000
0x006d61bf
0x006d61c4
0x006d61c7
0x00000000
0x006d61c7
0x00762402
0x00762405
0x00000000
0x00000000
0x00762409
0x0076240c
0x00000000
0x00000000
0x00762412
0x00000000
0x00000000
0x00762414
0x00762417
0x00000000
0x00000000
0x00000000
0x00762417
0x007623f1
0x007623f4
0x00000000
0x00000000
0x00000000
0x007623f4
0x006d61a6
0x006d61ae
0x006d61b7
0x006d61b9
0x006d61bc
0x00000000
0x006d61cc
0x006d61cc
0x006d61cf
0x007623cd
0x007623cd
0x006d61d5
0x006d61df
0x006d61e3
0x007623d9
0x007623db
0x007623df
0x007623e1
0x007623e1
0x007623e1
0x007623e4
0x007623e4
0x00000000
0x00000000
0x00000000
0x00000000
0x006d61e3
0x006d6172
0x00762380
0x00000000
0x00762380
0x006d6149
0x006d614c
0x007623a6
0x007623aa
0x00000000
0x00000000
0x007623b0
0x007623b2
0x007623b4
0x007623be
0x007623be
0x007623c2
0x007623c5
0x00000000
0x007623c5
0x007623b6
0x007623b8
0x00000000
0x00000000
0x00000000
0x007623b8
0x00000000
0x006d614c
0x006d6137
0x00000000
0x00000000
0x00000000
0x006d6137

APIs

__aulldvrm.LIBCMT ref: 006D6161

Strings

0, xrefs: 007623A6
$, xrefs: 006D60EE

Memory Dump Source

Source File: 00000008.00000002.1738467650.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6d0000_bnmoc.jbxd

Similarity

API ID: __aulldvrm
String ID: $$0
API String ID: 1302938615-389342756
Opcode ID: 059352aecf212b29504db3ba928d359f5f0f2faf10ecd94d828fb375a31ec89a
Instruction ID: 332a9ce16bb4e2872732a1253d50b2786a1ee28d5d5a6d118e5e575f7e745cc6
Opcode Fuzzy Hash: 059352aecf212b29504db3ba928d359f5f0f2faf10ecd94d828fb375a31ec89a
Instruction Fuzzy Hash: B891A170D0468ADECF65CF99C8443FDBFB2AF05310F1446AAE8A266392D7784A47CB50

Uniqueness

Uniqueness Score: 0.03%

Analysis Process: bnmoc.exe PID: 4016 Parent PID: 1868 bnmoc.exeUNIQUE

Execution Graph

Execution Coverage:	0.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	35.4%
Total number of Nodes:	48
Total number of Limit Nodes:	3

Executed Functions

Function 00716070, Relevance: 1.5, APIs: 1, Instructions: 4
nativethreadCOMMON

Control-flow Graph

Executed
Not Executed

APIs

NtResumeThread.NTDLL ref: 0071607A

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 080925e694d01524c80d5f4b377ba9f9c7a2dc39432941c9a598def017c83e2a
Instruction ID: 756002dfa67ab6072fb7eb23fcd431384ba8e9d222e798093112385a1dd8c2de
Opcode Fuzzy Hash: 080925e694d01524c80d5f4b377ba9f9c7a2dc39432941c9a598def017c83e2a
Instruction Fuzzy Hash: 2EA02230A0000003CB82AA28C00828BF280EBE0302F0280A020008B008C020C8AAC320

Uniqueness

Uniqueness Score: 0.03%

Function 00716130, Relevance: 1.5, APIs: 1, Instructions: 4
nativethreadCOMMON

Control-flow Graph

Executed
Not Executed

APIs

NtSetContextThread.NTDLL ref: 0071613A

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: c178acdfe4dd67e048efb9f737dcb3fda63236469f66e23bfd8c1f6edbb74fa1
Instruction ID: 17512038b85279266ef17e1f14b8afea38d99825f2e6a32e5bbd068d49b6f799
Opcode Fuzzy Hash: c178acdfe4dd67e048efb9f737dcb3fda63236469f66e23bfd8c1f6edbb74fa1
Instruction Fuzzy Hash: 2CA0223020000003C380AE22C00820AB300EBA2302FA080A0A0008A208C020C88AC320

Uniqueness

Uniqueness Score: 0.04%

Function 00715190, Relevance: 1.5, APIs: 1, Instructions: 4
filenativeCOMMON

Control-flow Graph

Executed
Not Executed

APIs

NtCreateFile.NTDLL ref: 0071519A

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 11fda27dc496acbe6be9b5f481032f1bdb4f735730f26205e12126879a017f35
Instruction ID: b976461eebfec031f740e295ca302338c670d34dd5ee139811e2fffa04d00f7b
Opcode Fuzzy Hash: 11fda27dc496acbe6be9b5f481032f1bdb4f735730f26205e12126879a017f35
Instruction Fuzzy Hash: E4A022B0300000C3C3008A38C008B023280EBC0302F8280A030028A00AC0288CA28328

Uniqueness

Uniqueness Score: 0.01%

Function 007152B0, Relevance: 1.5, APIs: 1, Instructions: 4
nativeCOMMON

Control-flow Graph

Executed
Not Executed

APIs

NtCreateSection.NTDLL ref: 007152BA

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID: CreateSection
String ID:
API String ID: 2449625523-0
Opcode ID: 8645af1229857263bfe64f5efa26a9e0459778808bbda0dd2138edb0579ffb99
Instruction ID: fe69778134c3dabfb7b406b27c34eaf9ee3ee8b13530447927d9323eedccd540
Opcode Fuzzy Hash: 8645af1229857263bfe64f5efa26a9e0459778808bbda0dd2138edb0579ffb99
Instruction Fuzzy Hash: 8AA02230A00802EBCB00CB20C008B032280CBB230BF0080A020028A00AC230C8C8EF20

Uniqueness

Uniqueness Score: 0.02%

Function 00715390, Relevance: 1.5, APIs: 1, Instructions: 4
nativeCOMMON

Control-flow Graph

Executed
Not Executed

APIs

NtDelayExecution.NTDLL ref: 0071539A

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID: DelayExecution
String ID:
API String ID: 1249177460-0
Opcode ID: a0c3ceedbcd9e8c26f1f3f51ac5fd3b8bd1a41d9401ac76eb5425c1bef935207
Instruction ID: bd89520f284003a0712cec6bda573f74099660292f8d5b8362a25f12540fd8ce
Opcode Fuzzy Hash: a0c3ceedbcd9e8c26f1f3f51ac5fd3b8bd1a41d9401ac76eb5425c1bef935207
Instruction Fuzzy Hash: 6FA00231641511A7D795AAB5C008706A652FBA2706F15C0A164C18A54ACA66C8BDCB31

Uniqueness

Uniqueness Score: 0.03%

Function 00716460, Relevance: 1.5, APIs: 1, Instructions: 4
nativethreadCOMMON

Control-flow Graph

Executed
Not Executed

APIs

NtSuspendThread.NTDLL ref: 0071646A

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID: SuspendThread
String ID:
API String ID: 3178671153-0
Opcode ID: 7a0d3ba4f5a73e032e835ede19822e58a9453f16fafce5ca25b85d6f1eb9e08c
Instruction ID: f7e5f8e814acdb18e12e02c68131d8b0874c972ad9ed0ff06cabae511b1712e2
Opcode Fuzzy Hash: 7a0d3ba4f5a73e032e835ede19822e58a9453f16fafce5ca25b85d6f1eb9e08c
Instruction Fuzzy Hash: 6AA0223030000003C380BB20CC08083A202EBE0302F0280B820828A00CC02088BA8320

Uniqueness

Uniqueness Score: 0.03%

Function 007157F0, Relevance: 1.5, APIs: 1, Instructions: 4
nativeCOMMON

Control-flow Graph

Executed
Not Executed

APIs

NtMapViewOfSection.NTDLL ref: 007157FA

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID: SectionView
String ID:
API String ID: 1323581903-0
Opcode ID: 8308c0d440751f6a16a20317f7fafc36c751767fab9ce5abda6ad55bed33ba13
Instruction ID: 1c779bd16e4669d379c2d1615af1eea88fd0647ed8e4bfc99c86d145d1162fc2
Opcode Fuzzy Hash: 8308c0d440751f6a16a20317f7fafc36c751767fab9ce5abda6ad55bed33ba13
Instruction Fuzzy Hash: 6CA02230B202000BCBC0AA28C00820A3200CBC3303F02C0A020008A088C82888AC8322

Uniqueness

Uniqueness Score: 0.01%

Function 00715C10, Relevance: 1.5, APIs: 1, Instructions: 4
nativeCOMMON

Control-flow Graph

Executed
Not Executed

APIs

NtQueryInformationProcess.NTDLL ref: 00715C1A

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID: InformationProcessQuery
String ID:
API String ID: 1778838933-0
Opcode ID: 4a1a31a73e7743a25c2a6779294edcf9e786a07379c69b3dfb7c82d93f735253
Instruction ID: a0630893221ddefb330370be130c29eba4703b5c90f1fba743b17af290a0e026
Opcode Fuzzy Hash: 4a1a31a73e7743a25c2a6779294edcf9e786a07379c69b3dfb7c82d93f735253
Instruction Fuzzy Hash: 15A022303000020BC3008A20C03830B3280CB82302F00C0A0A0028A00AC2308882F332

Uniqueness

Uniqueness Score: 0.02%

Function 00715DC0, Relevance: 1.5, APIs: 1, Instructions: 4
nativeCOMMON

Control-flow Graph

Executed
Not Executed

APIs

NtQuerySystemInformation.NTDLL ref: 00715DCA

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 3b20a5e3ab79c195542b79dadf1c5648d3f1181dbfe6322acba53db481d832db
Instruction ID: 63abb9d5a071080e288febaf0921b8fd02a4b1db857b15bb717c2feacf7944b9
Opcode Fuzzy Hash: 3b20a5e3ab79c195542b79dadf1c5648d3f1181dbfe6322acba53db481d832db
Instruction Fuzzy Hash: 05A0223020000003CF80CE20C0082832202CBE0302F0280A0A0828B08ACBA088C0EB28

Uniqueness

Uniqueness Score: 0.01%

Function 00715E40, Relevance: 1.5, APIs: 1, Instructions: 4
nativethreadCOMMON

Control-flow Graph

Executed
Not Executed

APIs

NtQueueApcThread.NTDLL ref: 00715E4A

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID: QueueThread
String ID:
API String ID: 1850944927-0
Opcode ID: e52769e7ac13d6f7fe592d683b0e35bf8eb870b2caa89ea3170c5c3d8f29706e
Instruction ID: a721d2abd2414c8bf3b8e2849c9256d9cfa75bc8b7ce31a0472d69b73401fe10
Opcode Fuzzy Hash: e52769e7ac13d6f7fe592d683b0e35bf8eb870b2caa89ea3170c5c3d8f29706e
Instruction Fuzzy Hash: 44A0223020000003E380CAE0C00C2022200CBC0302B0080A0A2028B00AC23088C0CB32

Uniqueness

Uniqueness Score: 0.03%

Function 00714E30, Relevance: 1.5, APIs: 1, Instructions: 4
nativeCOMMON

Control-flow Graph

Executed
Not Executed

APIs

NtAdjustPrivilegesToken.NTDLL ref: 00714E3A

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: ff42f5ea1c298ac1ddaebef82b1a2eb6c03a184a1c340ab9b8e8d3eccf1067cf
Instruction ID: 4b5d6a3faca19ada130a3763f1f5700346c1b5e3b18233667843357e2f251ca1
Opcode Fuzzy Hash: ff42f5ea1c298ac1ddaebef82b1a2eb6c03a184a1c340ab9b8e8d3eccf1067cf
Instruction Fuzzy Hash: 3EA022302800028BEB80AF20C008B02B382CBC0302F0082A0A0828A00BC32088ABAB20

Uniqueness

Uniqueness Score: 0.03%

Function 00715EC0, Relevance: 1.5, APIs: 1, Instructions: 4
nativeCOMMON

Control-flow Graph

Executed
Not Executed

APIs

NtReadVirtualMemory.NTDLL ref: 00715ECA

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID: MemoryReadVirtual
String ID:
API String ID: 2834387570-0
Opcode ID: f4bf5e48ffbb5bf1b9123f7816e51f07faa90584d28acf28c39b9ce006b621bc
Instruction ID: 5ecd04388c7df4ad7d242232ee2edeaf87d7febc7782cbd47fe93a7772b78373
Opcode Fuzzy Hash: f4bf5e48ffbb5bf1b9123f7816e51f07faa90584d28acf28c39b9ce006b621bc
Instruction Fuzzy Hash: ADA0223020000C83C380CE20C0080823282CBC0302B0080A022028B00ACB3088C0C332

Uniqueness

Uniqueness Score: 0.02%

Function 00714EA0, Relevance: 1.5, APIs: 1, Instructions: 4
memorynativeCOMMON

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL ref: 00714EAA

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: 896d2f43468edd1eb28e96cf35a0b26550132a80333aad8e1ccc6f28ddb761da
Instruction ID: 47eb5490523c98d508760fa28b9be87cda462c5fe30013590ec24983034b38dd
Opcode Fuzzy Hash: 896d2f43468edd1eb28e96cf35a0b26550132a80333aad8e1ccc6f28ddb761da
Instruction Fuzzy Hash: 32A02230A0000823CBB0AE32C00830A2280CB80302F20C0E020028B88ACB208A88FBA0

Uniqueness

Uniqueness Score: 0.01%

Function 00715E80, Relevance: 1.5, APIs: 1, Instructions: 4
filenativeCOMMON

Control-flow Graph

Executed
Not Executed

APIs

NtReadFile.NTDLL ref: 00715E8A

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: b534dfe268c61426672a6e7e2e54c8006ae77b905f6ea98577604744eb9d25d9
Instruction ID: 17295f8293a550602bbfd9c690afb6a7ca3812a95ee49ddc80259eaf46f36b29
Opcode Fuzzy Hash: b534dfe268c61426672a6e7e2e54c8006ae77b905f6ea98577604744eb9d25d9
Instruction Fuzzy Hash: 71A0223030000A33CFA88AB0C80808BA280CBC0302B0080A02B008B08BC83088A0C320

Uniqueness

Uniqueness Score: 0.01%

Function 007155A0, Relevance: .0, Instructions: 4
COMMON

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb871876bb5a727520c50d0def39eae50c58e74c3e56d45e982d0db28daf8868
Instruction ID: 43e1b100674307e2f9d598f08a26df97b4c3a99b519d699182813007e70074e3
Opcode Fuzzy Hash: cb871876bb5a727520c50d0def39eae50c58e74c3e56d45e982d0db28daf8868
Instruction Fuzzy Hash: 26A02230A000020BC3028A20C00830A2202EBC2302F00C0A020C28B08ACBB08880B3E0

Uniqueness

Uniqueness Score: 0.00%

Non-executed Functions

Function 007372C3, Relevance: 36.4, Strings: 28, Instructions: 1411
UNIQUECrypto

C-Code - Quality: 74%

			E007372C3(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v104;
				signed int _v108;
				signed int _v112;
				void* _v116;
				signed int _v120;
				signed int _v124;
				signed int _v126;
				signed int _v128;
				intOrPtr _v132;
				signed int _v136;
				short _v138;
				signed short _v140;
				char _v144;
				short* _v148;
				short _v150;
				char _v152;
				signed int _v156;
				char _v160;
				signed int _v164;
				signed int _v168;
				signed short _v172;
				signed int _v174;
				signed int _v176;
				intOrPtr _v180;
				char _v184;
				char _v188;
				char _v192;
				signed int _v196;
				char _v200;
				signed int _v204;
				intOrPtr* _v208;
				signed int _v212;
				signed int _v216;
				char* _v220;
				short _v222;
				char _v224;
				signed int _v228;
				signed int _v232;
				intOrPtr _v236;
				intOrPtr _v240;
				signed int _v244;
				char _v248;
				signed char _v252;
				unsigned int _v256;
				signed int _v260;
				signed int _v264;
				char _v268;
				char _v272;
				signed int _v296;
				signed short _v300;
				intOrPtr _v304;
				intOrPtr _v308;
				char _v320;
				void* _v336;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t470;
				short _t474;
				short _t475;
				signed int _t477;
				intOrPtr _t480;
				intOrPtr _t490;
				signed int _t493;
				signed int _t494;
				signed int _t496;
				signed int _t499;
				signed int _t504;
				signed int _t505;
				signed int _t506;
				signed int _t510;
				signed int _t511;
				signed int _t514;
				signed int _t516;
				signed int _t521;
				intOrPtr* _t530;
				intOrPtr _t537;
				intOrPtr* _t538;
				intOrPtr _t539;
				signed int _t542;
				signed int _t543;
				signed int _t544;
				signed int _t545;
				char _t550;
				signed int _t552;
				signed int _t553;
				signed int _t554;
				signed int _t562;
				signed int _t563;
				signed int _t565;
				signed short _t569;
				intOrPtr _t577;
				intOrPtr _t583;
				intOrPtr _t584;
				signed int _t585;
				signed int _t586;
				signed int _t587;
				signed int _t593;
				signed int _t594;
				intOrPtr _t597;
				intOrPtr _t599;
				signed short* _t604;
				signed int _t606;
				intOrPtr _t607;
				signed int _t609;
				intOrPtr _t612;
				void* _t616;
				void* _t618;
				intOrPtr _t632;
				intOrPtr _t634;
				signed int* _t637;
				intOrPtr _t639;
				intOrPtr _t640;
				signed int _t645;
				intOrPtr _t646;
				signed int _t650;
				signed int _t651;
				signed int _t653;
				signed int _t655;
				signed int _t657;
				signed int _t658;
				intOrPtr* _t659;
				signed int _t661;
				intOrPtr* _t665;
				intOrPtr _t666;
				signed int _t667;
				signed int _t669;
				signed int _t670;
				intOrPtr* _t671;
				intOrPtr* _t673;
				signed int _t676;
				signed int _t681;
				signed int _t682;
				signed int _t685;
				signed int _t687;
				unsigned int _t688;
				unsigned int _t689;
				signed int _t690;
				signed int _t691;
				signed int _t692;
				signed int _t694;
				signed int _t695;
				signed int _t696;
				signed int _t699;
				signed int _t700;
				signed int _t701;
				signed int _t702;
				signed int _t708;
				signed int _t709;
				signed short _t715;
				signed int _t716;
				signed short _t718;
				short _t719;
				signed int _t720;
				signed int _t721;
				signed int _t732;
				signed int _t733;
				signed int _t734;
				signed int _t739;
				signed int _t740;
				signed int _t741;
				signed int* _t745;
				signed int _t749;
				signed int _t750;
				signed short _t751;
				intOrPtr _t752;
				intOrPtr _t753;
				signed int _t755;
				intOrPtr _t763;
				intOrPtr* _t765;
				short* _t766;
				char _t767;
				signed int _t770;
				intOrPtr* _t772;
				intOrPtr _t779;
				signed int _t784;
				char _t786;
				signed int _t789;
				signed int _t790;
				intOrPtr _t793;
				intOrPtr _t794;
				signed short _t799;
				signed int _t804;
				char _t809;
				signed int _t818;
				signed int _t823;
				unsigned int _t824;
				signed int _t825;
				signed int _t826;
				signed int _t827;
				intOrPtr _t830;
				signed int _t832;
				void* _t833;
				void* _t851;
				signed short _t888;

				_t470 =  *0x7a81e8; // 0x77d57e23
				_v8 = _t470 ^ _t832;
				_v180 = _a4;
				_v132 = _a8;
				_t474 = 0x13;
				_v224 = _t474;
				_t475 = 0x14;
				_t821 = 0;
				_v222 = _t475;
				_v220 = "BaseQueryModuleData";
				E00737CCA(0);
				_t477 =  *[fs:0x18];
				_t763 =  *((intOrPtr*)(_t477 + 0x30));
				_v204 = _t477;
				if(( *(_t763 + 3) & 0x00000001) != 0) {
					_push(0);
					_push(0x10);
					_push( &_v336);
					_push(3);
					_push( *(_t763 + 8));
					_push(0xffffffff);
					E00715E20();
					_t480 =  *(_t763 + 8);
					_t765 = _v336;
					__eflags = _t765 - _t480;
					if(_t765 != _t480) {
						 *_t765 = _t480;
					}
				}
				 *0x7a8890 = 0x7a888c;
				 *0x7a888c = 0x7a888c;
				 *0x7a8898 = 0x7a8894;
				 *0x7a8894 = 0x7a8894;
				 *0x7a88a0 = 0x7a889c;
				 *0x7a889c = 0x7a889c;
				 *0x7a8880 = 0x30;
				 *0x7a8884 = 1;
				 *0x7a88a8 = 0;
				 *0x7a88ac = _t821;
				 *((intOrPtr*)(_t763 + 0xc)) = 0x7a8880;
				E007380F3( *((intOrPtr*)(_t763 + 0x58)),  *((intOrPtr*)(_t763 + 0x5c)),  *((intOrPtr*)(_t763 + 0x60)),  &_v104);
				E00738002(_t765,  &_v104);
				E00737FE7(_t763);
				E00737FCC(_t763);
				_t490 =  *((intOrPtr*)(_t763 + 0x10));
				__eflags =  *(_t490 + 8) & 0x00000001;
				_t766 =  *((intOrPtr*)(_t490 + 0x3c));
				if(( *(_t490 + 8) & 0x00000001) == 0) {
					_t766 = _t766 + _t490;
				}
				_v148 = _t766;
				_t808 =  *((intOrPtr*)(_t490 + 0x38));
				_v152 = _t808;
				_v150 = _v152 + 2;
				__eflags = _t808 - 8;
				if(__eflags >= 0) {
					__eflags =  *_t766 - 0x5c;
					if(__eflags == 0) {
						__eflags =  *((short*)(_t766 + 2)) - 0x3f;
						if(__eflags == 0) {
							__eflags =  *((short*)(_t766 + 4)) - 0x3f;
							if(__eflags == 0) {
								__eflags =  *((short*)(_t766 + 6)) - 0x5c;
								if(__eflags == 0) {
									_t808 = 0xfff8;
									_v148 = _t766 + 8;
									_v152 = _v152 + 0xfff8;
									_v150 = _v150 + 0xfff8;
									 *((intOrPtr*)(_t490 + 0x3a)) =  *((intOrPtr*)(_t490 + 0x3a)) + 0xfff8;
									 *((intOrPtr*)(_t490 + 0x3c)) =  *((intOrPtr*)(_t490 + 0x3c)) + 8;
									 *((intOrPtr*)(_t490 + 0x38)) =  *((intOrPtr*)(_t490 + 0x38)) + 0xfff8;
									_t821 = 0;
								}
							}
						}
					}
				}
				_push( &_v116);
				_push(_t821);
				_push(_t821);
				 *0x7aec45 = 0;
				_v196 = _t821;
				_push( *(_t763 + 8));
				_push(3);
				_v164 = 1;
				E0072F409(1, _t821, __eflags);
				__eflags =  *0x7ffe02d5;
				_t767 = _v116;
				if( *0x7ffe02d5 == 0) {
					_t493 = 0;
				} else {
					_t493 =  *(_t767 + 0x5f) & 0x00000001;
					__eflags = _t493;
				}
				__eflags = _t493;
				if(_t493 == 0) {
					_t494 = E006FF359(_t767);
					__eflags = _t494;
					if(_t494 == 0) {
						 *0x7aecd0 = 1;
					}
				} else {
					 *0x7a8028 = 1;
				}
				_t496 =  *(_v116 + 0x5c) & 0x0000ffff;
				_t818 = 2;
				__eflags = _t496 - _t818;
				if(_t496 == _t818) {
					L76:
					_push( &_v268);
					_push(4);
					_push( &_v252);
					_push(0x2e);
					_push(0xffffffff);
					_t499 = E00715C10();
					__eflags = _t499;
					if(_t499 >= 0) {
						__eflags = _v252 & 0x00000001;
						if(__eflags != 0) {
							E0076E31A(_t767, _t808, _t818, __eflags);
						}
					}
					L78:
					_t821 = E00737DA3(_t808,  &_v152, _t763, _v132,  &_v160,  &_v144);
					__eflags = _t821;
					if(_t821 < 0) {
						_t504 =  *0x7273a4; // 0x2
						_t505 = _t504 | 0x00000001;
						__eflags =  *0x7af9c0 & _t505;
						if(( *0x7af9c0 & _t505) == 0) {
							L180:
							_t506 =  *0x7af9c0;
							__eflags =  *0x7273a8 & _t506;
							if(( *0x7273a8 & _t506) != 0) {
								asm("int3");
							}
							_t507 = _t821;
							L66:
							__eflags = _v8 ^ _t832;
							return E00722F0C(_t507, _t763, _v8 ^ _t832, _t808, _t818, _t821);
						}
						_push(_t821);
						_push("Initializing the execution options for the process %lx failed with status 0x%08lx\n");
						_push(0);
						_push("LdrpInitializeProcess");
						_push(0x890);
						L179:
						_push("d:\\w7rtm\\minkernel\\ntdll\\ldrinit.c");
						E0076F3E2(_t763);
						goto L180;
					}
					__eflags =  *(_t763 + 0x68) & 0x00000002;
					if(( *(_t763 + 0x68) & 0x00000002) != 0) {
						 *0x7af9c0 =  *0x7af9c0 | 0x00000001;
					}
					_t510 =  *0x7273bc; // 0x4
					_t770 =  *0x7af9c0;
					_t511 = _t510 | 0x00000001;
					__eflags = _t770 & _t511;
					if((_t770 & _t511) != 0) {
						E0076F3E2(_t763, "d:\\w7rtm\\minkernel\\ntdll\\ldrinit.c", 0x89e, "LdrpInitializeProcess", _t818, "Initializing process 0x%lx\n",  *((intOrPtr*)(_v204 + 0x20)));
						_t833 = _t833 + 0x18;
					}
					_t514 =  *0x7af9c0;
					__eflags =  *0x7273c0 & _t514;
					if(( *0x7273c0 & _t514) != 0) {
						asm("int3");
					}
					_t516 = E0072F4BA( *(_t763 + 8), 1, 0xe,  &_v272);
					__eflags = _t516;
					if(_t516 != 0) {
						 *0x7aec45 = 1;
					}
					 *0x7aecb0 = _v132;
					_v208 =  *((intOrPtr*)(_t763 + 0x1e8));
					 *0x7a8318 =  *((intOrPtr*)(_t763 + 0x70));
					 *0x7a831c =  *((intOrPtr*)(_t763 + 0x74));
					_t521 = E00738229( *((intOrPtr*)(_t763 + 0x10)));
					__eflags = _t521;
					if(_t521 == 0) {
						_v124 = _v124 & 0;
						_v128 = 0;
						_v126 = 0;
					} else {
						_v128 =  *(_t521 + 0x38);
						_v124 =  *((intOrPtr*)(_t521 + 0x3c));
					}
					_v168 = _v168 & 0x00000000;
					_t821 = E0072F4BA( *(_t763 + 8), 1, 0xa,  &_v168);
					E00704EC0( &_v320, 0, 0x30);
					_t833 = _t833 + 0xc;
					_v120 = _t818;
					_v320 = 0x30;
					__eflags = _t821;
					if(__eflags == 0) {
						L104:
						if(( *(_t763 + 0x68) & 0x00000002) != 0) {
							 *0x7af9c0 =  *0x7af9c0 | 0x00000001;
						}
						_t851 =  *0x7a831c - 0xfffffff7;
						if(_t851 > 0) {
							L108:
							if(E0073836E(_t851) < 0) {
								goto L66;
							}
							 *((intOrPtr*)(_t763 + 0x218)) = 0x7a8270;
							 *((intOrPtr*)(_t763 + 0x40)) = 0x7a8260;
							 *((intOrPtr*)(_t763 + 0x150)) = 0x7a8268;
							E0073573A(0x7a8270, _t763 + 0x21c, 0x80);
							E00737CA5(0x7a8270, 0);
							_t530 = _t763 + 0x210;
							 *((intOrPtr*)(_t530 + 4)) = _t530;
							 *_t530 = _t530;
							E0073573A(0x7a8260, _t763 + 0x44, 0x40);
							E00737CA5(0x7a8260, 0);
							E0073573A(0x7a8268, _t763 + 0x154, 0x400);
							E00737CA5(0x7a8268, 0);
							_t537 =  *0x7a8340; // 0x77df8540
							_t772 =  *0x7a8564; // 0x2c2690
							_t538 = _t537 + 8;
							 *_t538 = 0x7a8560;
							 *((intOrPtr*)(_t538 + 4)) = _t772;
							 *_t772 = _t538;
							 *0x7a8564 = _t538;
							_t539 =  *0x7a8340; // 0x77df8540
							 *((intOrPtr*)(_t539 + 4)) = 0x7a8340;
							 *0x7a8061 = 1;
							if(( *(_t763 + 0x68) & 0x00001000) != 0 ||  *0x7afa09 != 0) {
								_t823 = 0x10;
								_t818 = 0;
								_v108 = _t823;
								_t542 = E0073CD48(_t808,  &_v152, L"StackTraceDatabaseSizeInMb", 4,  &_v108, 4, 0, 0);
								__eflags = _t542;
								if(_t542 < 0) {
									L198:
									_t824 = 0x1000000;
									L202:
									_t543 =  *0x7273bc; // 0x4
									_t544 = _t543 | 0x00000001;
									__eflags =  *0x7af9c0 & _t544;
									if(( *0x7af9c0 & _t544) != 0) {
										__eflags = _t824 >> 0x14;
										E0076F3E2(_t763, "d:\\w7rtm\\minkernel\\ntdll\\ldrinit.c", 0xa01, "LdrpInitializeProcess", 2, "Stack trace database size is %ld Mb\n", _t824 >> 0x14);
										_t833 = _t833 + 0x18;
									}
									_t545 =  *0x7af9c0;
									__eflags =  *0x7273c0 & _t545;
									if(( *0x7273c0 & _t545) != 0) {
										asm("int3");
									}
									_v264 = _t818;
									_v260 = _t818;
									_v256 = _t824;
									E0078DD5C(_t818, 0xc,  &_v264);
									goto L112;
								}
								_t749 = _v108;
								__eflags = _t749 - _t823;
								if(_t749 >= _t823) {
									__eflags = _t749 - 0x80;
									if(_t749 <= 0x80) {
										_t750 = _t749 << 0x14;
										__eflags = _t750;
										_t824 = _t750;
									} else {
										_t824 = 0x8000000;
									}
									goto L202;
								}
								goto L198;
							} else {
								_t818 = 0;
								L112:
								_t821 = 0x7a8380;
								_t507 = E00729FB6(0x7a8380);
								_t856 = _t507 - _t818;
								if(_t507 < _t818) {
									goto L66;
								}
								 *0x7a8284 = 0x7a8280;
								 *0x7a8280 = 0x7a8280;
								 *(_t763 + 0x1c) = 0x7a8380;
								E0073878B(_t772, _t808, _t856);
								_t550 = _v116;
								_t857 =  *((short*)(_t550 + 0x48)) - 3;
								if( *((short*)(_t550 + 0x48)) <= 3) {
									__eflags =  *((short*)(_t550 + 0x4a)) - 0x33;
									if(__eflags < 0) {
										_v120 = _v120 | 0x00010000;
									}
								}
								_t773 =  &_v320;
								_push( &_v320);
								_push(_t818);
								_push( *((intOrPtr*)(_t550 + 0x6c)));
								_push( *((intOrPtr*)(_t550 + 0x68)));
								_push(_t818);
								_push(_v120);
								_t821 = E00732730(_t763,  &_v320, _t818, _t821, _t857);
								_v120 = _t821;
								if(_t821 == _t818) {
									_t552 =  *0x7273a4; // 0x2
									_t553 = _t552 | 0x00000001;
									__eflags =  *0x7af9c0 & _t553;
									if(( *0x7af9c0 & _t553) == 0) {
										goto L212;
									}
									_push("Creating the process heap failed\n");
									_push(_t818);
									_push("LdrpInitializeProcess");
									_push(0xa43);
									goto L211;
								} else {
									 *(_t763 + 0x18) = _t821;
									if(E007333A6( *[fs:0x18] + 0x1a8) < _t818) {
										goto L66;
									}
									 *0x7a80e4 = _t821;
									_t507 = E00738646();
									_t860 = _t507 - _t818;
									if(_t507 < _t818) {
										goto L66;
									}
									_push(L"!Process");
									_push(L"NTDLL!");
									_push(_t818);
									_push(_t821);
									 *0x7aec78 = E00737CE5(_t763,  &_v320, _t818, _t821, _t860);
									if(E00738669(_t860) < _t818) {
										goto L66;
									}
									_push( *0x7aec78 + 0x1c0000);
									E00738364();
									if(E007384FA( &_v320) < _t818 || E007383CC(_t773) < _t818) {
										goto L66;
									} else {
										_t562 =  *((intOrPtr*)(_t763 + 0x10));
										_v156 = _t562;
										if(_t562 == _t818) {
											_t563 = 0;
											_v128 = 0;
											_v126 = 0;
										} else {
											_v128 =  *(_t562 + 0x38);
											_t563 =  *((intOrPtr*)(_t562 + 0x3c));
										}
										_v124 = _t563;
										_v148 = _t563;
										if(_v160 != _t818) {
											_t565 = E00735E9A(_v160, L"DebugProcessHeapOnly", 4,  &_v196, 4, _t818);
											__eflags = _t565;
											if(_t565 >= 0) {
												__eflags =  *0x7a807c - _t818; // 0x0
												if(__eflags != 0) {
													__eflags = _v196 - _t818;
													if(_v196 != _t818) {
														_t745 =  *0x7a8078; // 0x77dfee9c
														 *0x7a807c = _t818;
														 *_t745 =  *_t745 & 0xfffffbff;
													}
												}
											}
										}
										E00726D7A( &_v216, 0x7ffe0030);
										_t821 = (_v216 & 0x0000ffff) + ( *0x7350fc & 0x0000ffff) + 0x14;
										_t569 = E007229EE(_v120, _t818, _t821);
										if(_t569 == _t818) {
											L214:
											_t507 = 0xc0000017;
											goto L66;
										} else {
											_v172 = _t569;
											_v176 = 0;
											_v174 = _t821;
											E0072712E( &_v176,  &_v216);
											E0072712E( &_v176, 0x7350fc);
											if(( *(_t763 + 3) & 0x00000002) != 0) {
												L131:
												_t825 = _v156;
												if(_t825 == _t818) {
													_t821 = _v176 & 0x0000ffff;
													_v140 = _v216;
													_v136 = _v212;
													_t577 = E007229EE(_v120, _t818, _t821);
													__eflags = _t577 - _t818;
													if(_t577 == _t818) {
														goto L214;
													}
													 *0x7a82e4 = _t577;
													 *0x7a82e0 = 0;
													 *0x7a82e2 = _t821;
													E0072712E(0x7a82e0,  &_v176);
													_t808 =  *0x7a82e4; // 0x2c15a8
													 *0x7a82e0 =  *0x7a82e0 + 0xfffe;
													 *((short*)(_t808 + (( *0x7a82e0 & 0x0000ffff) >> 1) * 2)) = 0;
													L137:
													_t583 =  *0x7aec54;
													_t877 = _t583 - _t818;
													if(_t583 != _t818) {
														__eflags = _t583 - 0xffffffff;
														if(__eflags != 0) {
															E00770835(_t763, __eflags,  &_v128);
														}
													}
													_t584 = E00738274(_t818, _t877,  *(_t763 + 8));
													 *0x7a81a8 = _t584;
													if(_t584 == _t818) {
														_t585 =  *0x7273a4; // 0x2
														_t586 = _t585 | 0x00000001;
														__eflags =  *0x7af9c0 & _t586;
														if(( *0x7af9c0 & _t586) == 0) {
															goto L240;
														}
														_push("Allocating a data table entry for the executable failed\n");
														_push(_t818);
														_push("LdrpInitializeProcess");
														_push(0xbfa);
														goto L239;
													} else {
														 *((short*)(_t584 + 0x38)) = 0xffff;
														_t809 = _v116;
														if( *((intOrPtr*)(_t809 + 0x28)) == _t818) {
															_t779 = 0;
														} else {
															_t779 =  *((intOrPtr*)(_t584 + 0x18)) +  *((intOrPtr*)(_t809 + 0x28));
														}
														 *((intOrPtr*)(_t584 + 0x1c)) = _t779;
														 *(_t584 + 0x24) = _v128;
														 *((intOrPtr*)(_t584 + 0x28)) = _v124;
														 *(_t584 + 0x48) = _t818;
														 *(_t584 + 0x34) = _t818;
														if( *0x7aec45 != 0) {
															 *(_t584 + 0x34) = 0x400000;
														}
														if(( *(_t763 + 3) & 0x00000008) == 0) {
															 *(_t584 + 0x6c) =  *(_v116 + 0x34);
														} else {
															 *(_t584 + 0x6c) = _t818;
														}
														_t784 = _v124;
														_t808 = (_v128 & 0x0000ffff) + _t784;
														if(_t808 == 0) {
															L4:
															 *(_t584 + 0x2c) =  *(_t584 + 0x24);
															_t786 =  *((intOrPtr*)(_t584 + 0x28));
															goto L151;
														} else {
															while(_t808 > _t784) {
																_t808 = _t808;
																if( *_t808 != 0x5c) {
																	continue;
																}
																_t808 = _t808 + 2;
																_v184 = _t808;
																if(_t808 == _t818) {
																	goto L4;
																}
																_t799 = _t784 - _t808 + _v128;
																 *(_t584 + 0x2c) = _t799;
																_t808 = (_v126 & 0x0000ffff) - (_v128 & 0x0000ffff);
																if((_v126 & 0x0000ffff) - (_v128 & 0x0000ffff) >= 2) {
																	_t799 = _t799 + 2;
																	_t888 = _t799;
																}
																 *(_t584 + 0x2e) = _t799;
																_t786 = _v184;
																L151:
																 *(_t584 + 0x34) =  *(_t584 + 0x34) | 0x00004000;
																 *((intOrPtr*)(_t584 + 0x30)) = _t786;
																E007382E7(_t763, _t808, _t584);
																_t821 = E00738274(_t818, _t888, _v132);
																_t889 = _t821 - _t818;
																if(_t821 == _t818) {
																	_t593 =  *0x7273a4; // 0x2
																	_t594 = _t593 | 0x00000001;
																	__eflags =  *0x7af9c0 & _t594;
																	if(( *0x7af9c0 & _t594) == 0) {
																		L240:
																		_t587 =  *0x7af9c0;
																		__eflags =  *0x7273a8 & _t587;
																		if(( *0x7273a8 & _t587) != 0) {
																			asm("int3");
																		}
																		__eflags = _v164 - _t818;
																		if(_v164 == _t818) {
																			E00722F1E( &_v140);
																		}
																		goto L214;
																	}
																	_push("Allocating a data table entry for the system DLL failed\n");
																	_push(_t818);
																	_push("LdrpInitializeProcess");
																	_push(0xc45);
																	L239:
																	_push("d:\\w7rtm\\minkernel\\ntdll\\ldrinit.c");
																	E0076F3E2(_t763);
																	goto L240;
																}
																_push( &_v200);
																_push(_t818);
																_push(_t818);
																_push( *((intOrPtr*)(_t821 + 0x18)));
																_push(3);
																E0072F409(_t818, _t821, _t889);
																_t597 = _v200;
																if( *((intOrPtr*)(_t597 + 0x28)) != _t818) {
																	_t599 =  *((intOrPtr*)(_t597 + 0x28)) +  *((intOrPtr*)(_t821 + 0x18));
																} else {
																	_t599 = 0;
																}
																 *((intOrPtr*)(_t821 + 0x1c)) = _t599;
																 *((intOrPtr*)(_t821 + 0x6c)) =  *((intOrPtr*)(_v200 + 0x34));
																 *((intOrPtr*)(_t821 + 0x34)) = 4;
																 *((intOrPtr*)(_t821 + 0x6c)) =  *((intOrPtr*)(_t821 + 0x6c)) -  *0x7af8d0;
																 *((short*)(_t821 + 0x38)) = 0xffff;
																 *(_t821 + 0x48) = _t818;
																_t282 = _t821 + 0x24; // 0x24
																_t604 = _t282;
																 *_t604 = _v176;
																_t788 = _v172;
																_t604[2] = _v172;
																E0072712E(_t604, 0x737c80);
																_t606 =  *0x737c80; // 0x140012
																 *(_t821 + 0x2c) = _t606;
																_t607 =  *0x737c84; // 0x738210
																 *((intOrPtr*)(_t821 + 0x30)) = _t607;
																E007382E7(_t763, _t808, _t821);
																_t609 =  *0x7273bc; // 0x4
																 *0x7a81ac = _t821;
																if(( *0x7af9c0 & (_t609 | 0x00000001)) != 0) {
																	_push(0x7a82e0);
																	_push( &_v140);
																	_t612 =  *0x7a81a8; // 0x2c1b00
																	_t391 = _t612 + 0x24; // 0x2c1b24
																	_t788 = _t391;
																	_push(_t391);
																	E0076F3E2(_t763, "d:\\w7rtm\\minkernel\\ntdll\\ldrinit.c", 0xc97, "LdrpInitializeProcess", 2, "Beginning execution of %wZ (%wZ)\n\tCurrent directory: %wZ\n\tSearch path: %wZ\n", _t612 + 0x2c);
																	_t833 = _t833 + 0x24;
																}
																if(( *0x7273c0 &  *0x7af9c0) != 0) {
																	asm("int3");
																}
																_t616 =  *0x7a889c; // 0x2c1b90
																_t826 = _t821 + 0x10;
																 *_t826 = _t616;
																 *(_t826 + 4) = 0x7a889c;
																 *(_t616 + 4) = _t826;
																 *0x7a889c = _t826;
																_t618 = E00737D40(_t763, _t788,  &_v140);
																if(_t618 < _t818) {
																	_t789 =  *0x7273a4; // 0x2
																	_t790 = _t789 | 0x00000001;
																	__eflags =  *0x7af9c0 & _t790;
																	if(( *0x7af9c0 & _t790) != 0) {
																		_push(_t618);
																		E0076F3E2(_t763, "d:\\w7rtm\\minkernel\\ntdll\\ldrinit.c", 0xcac, "LdrpInitializeProcess", _t818, "Initializing the current directory to \"%wZ\" failed with status 0x%08lx\n",  &_v140);
																		_t833 = _t833 + 0x1c;
																	}
																	__eflags =  *0x7273a8 &  *0x7af9c0;
																	if(__eflags != 0) {
																		asm("int3");
																	}
																}
																if(_v164 == _t818) {
																	E00722F1E( &_v140);
																}
																if(( *(_t763 + 0x68) & 0x02000100) != 0) {
																	_t821 = E00738274(_t818, __eflags,  *((intOrPtr*)(_v144 + 0x18)));
																	__eflags = _t821 - _t818;
																	if(_t821 != _t818) {
																		 *((intOrPtr*)(_t821 + 0x34)) =  *((intOrPtr*)(_v144 + 0x34));
																		 *((intOrPtr*)(_t821 + 0x1c)) =  *((intOrPtr*)(_v144 + 0x1c));
																		 *((intOrPtr*)(_t821 + 0x6c)) =  *((intOrPtr*)(_v144 + 0x6c));
																		 *((short*)(_t821 + 0x38)) = 0xffff;
																		 *((short*)(_t821 + 0x3a)) = 0;
																		 *(_t821 + 0x48) = _t818;
																		_t632 = _v144;
																		 *(_t821 + 0x24) =  *(_t632 + 0x24);
																		 *(_t821 + 0x28) =  *(_t632 + 0x28);
																		_t634 = _v144;
																		_t792 =  *(_t634 + 0x2c);
																		 *(_t821 + 0x2c) =  *(_t634 + 0x2c);
																		 *((intOrPtr*)(_t821 + 0x30)) =  *((intOrPtr*)(_t634 + 0x30));
																		E007382E7(_t763, _t808, _t821);
																		_t637 =  *0x7a88a0; // 0x2c1e88
																		_t821 = _t821 + 0x10;
																		 *_t821 = 0x7a889c;
																		 *(_t821 + 4) = _t637;
																		 *_t637 = _t821;
																		 *0x7a88a0 = _t821;
																		__eflags =  *(_t763 + 0x68) & 0x00000100;
																		if(__eflags == 0) {
																			goto L159;
																		}
																		_t507 = E007759B4(_t808, _t818, _t818, _t818, 1, _v132, _t818);
																		__eflags = _t507 - _t818;
																		if(__eflags >= 0) {
																			goto L159;
																		} else {
																			goto L66;
																		}
																		goto L259;
																	}
																	_t708 =  *0x7273a4; // 0x2
																	_t709 = _t708 | 0x00000001;
																	__eflags =  *0x7af9c0 & _t709;
																	if(( *0x7af9c0 & _t709) == 0) {
																		L212:
																		_t554 =  *0x7af9c0;
																		__eflags =  *0x7273a8 & _t554;
																		if(( *0x7273a8 & _t554) != 0) {
																			asm("int3");
																		}
																		goto L214;
																	}
																	_push("Allocating a data table entry for the application verifier DLL failed\n");
																	_push(_t818);
																	_push("LdrpInitializeProcess");
																	_push(0xcc2);
																	L211:
																	_push("d:\\w7rtm\\minkernel\\ntdll\\ldrinit.c");
																	E0076F3E2(_t763);
																	goto L212;
																} else {
																	L159:
																	if( *0x7aec45 != 0) {
																		_t821 = _t763 + 8;
																		_v132 =  *_t821;
																		_t639 =  *0x7a81a8; // 0x2c1b00
																		_t507 = E006F55A8(_t763, _t818, _t821,  *((intOrPtr*)(_t639 + 0x28)));
																		__eflags = _t507 - _t818;
																		if(_t507 < _t818) {
																			goto L66;
																		}
																		_t640 = _v132;
																		__eflags = _t640 -  *_t821;
																		if(__eflags != 0) {
																			L259:
																			_push(_t640);
																			_push(0xffffffff);
																			E00716580();
																			_push( &_v116);
																			_push(_t818);
																			_push(_t818);
																			_push( *_t821);
																			_push(1);
																			_t507 = E0072F409(_t818, _t821, __eflags);
																			__eflags = _t507 - _t818;
																			if(_t507 < _t818) {
																				goto L66;
																			}
																			_t793 =  *0x7a81a8; // 0x2c1b00
																			 *((intOrPtr*)(_t793 + 0x18)) =  *_t821;
																			_t808 = _v116;
																			_t794 =  *0x7a81a8; // 0x2c1b00
																			__eflags =  *((intOrPtr*)(_t808 + 0x28)) - _t818;
																			if( *((intOrPtr*)(_t808 + 0x28)) != _t818) {
																				_t645 =  *((intOrPtr*)(_t794 + 0x18)) +  *((intOrPtr*)(_t808 + 0x28));
																				__eflags = _t645;
																			} else {
																				_t645 = 0;
																			}
																			 *(_t794 + 0x1c) = _t645;
																			_t646 =  *0x7a81a8; // 0x2c1b00
																			 *(_t646 + 0x6c) = _t818;
																		}
																		_t792 = _v204;
																		__eflags =  *(_v204 + 0xfca) & 0x00000400;
																		if(__eflags != 0) {
																			E006F5B1C(_v180);
																		}
																	}
																	_t821 =  *(_t763 + 8);
																	if( *(_v116 + 0x34) != _t821) {
																		_push(0xc000007b);
																		_push(0xc0000018);
																		_push(_t818);
																		_push("LDR");
																		_push(_t821);
																		_t507 = E006F0DD0(_t763, _t818, _t821, __eflags);
																		__eflags = _t507 - _t818;
																		if(_t507 < _t818) {
																			goto L66;
																		}
																		__eflags = _v180 - _t818;
																		if(_v180 != _t818) {
																			__eflags =  *0x7aec45;
																			if( *0x7aec45 == 0) {
																				E0076E29B(_v180, _t821 -  *(_v116 + 0x34));
																			}
																		}
																	}
																	_t821 = E00738903(_t792);
																	if(_t821 < _t818) {
																		_t650 =  *0x7273a4; // 0x2
																		_t651 = _t650 | 0x00000001;
																		__eflags =  *0x7af9c0 & _t651;
																		if(( *0x7af9c0 & _t651) == 0) {
																			goto L180;
																		}
																		_push(_t821);
																		_push("Initializing TLS slots failed with status 0x%08lx\n");
																		_push(_t818);
																		_push("LdrpInitializeProcess");
																		_push(0xe0d);
																		goto L179;
																	}
																	_t653 =  *(_v116 + 0x5c) & 0x0000ffff;
																	if(_t653 == 2 || _t653 == 3) {
																		_t821 = 0x737c98;
																		_t655 = E00732133(_t792, _t818, _t818, 0x737c98,  &_v188);
																		_v108 = _t655;
																		if(_t655 < _t818) {
																			__eflags = _v108 - 0xc0000135;
																			if(_v108 == 0xc0000135) {
																				_t655 = E00732133(_t792, _t818, _t818, 0x750b7c,  &_v188);
																				_v108 = _t655;
																			}
																			__eflags = _v108 - _t818;
																			if(_v108 >= _t818) {
																				goto L168;
																			} else {
																				_t690 =  *0x7273a4; // 0x2
																				_t691 = _t690 | 0x00000001;
																				__eflags =  *0x7af9c0 & _t691;
																				if(( *0x7af9c0 & _t691) != 0) {
																					_push(_v108);
																					E0076F3E2(_t763, "d:\\w7rtm\\minkernel\\ntdll\\ldrinit.c", 0xe73, "LdrpInitializeProcess", _t818, "Loading Windows subsystem DLL \"%wZ\" failed with status 0x%08lx\n", _t821);
																				}
																				L15:
																				_t692 =  *0x7af9c0;
																				__eflags =  *0x7273a8 & _t692;
																				if(( *0x7273a8 & _t692) != 0) {
																					asm("int3");
																				}
																				L16:
																				_t507 = _v108;
																				goto L66;
																			}
																		}
																		_t694 = E00732108(_v188, 0x73e954, _t818, "�Ww");
																		_v108 = _t694;
																		if(_t694 < _t818) {
																			_t695 =  *0x7273a4; // 0x2
																			_t696 = _t695 | 0x00000001;
																			__eflags =  *0x7af9c0 & _t696;
																			if(( *0x7af9c0 & _t696) != 0) {
																				_push(_v108);
																				_push(0x737c98);
																				E0076F3E2(_t763, "d:\\w7rtm\\minkernel\\ntdll\\ldrinit.c", 0xe3b, "LdrpInitializeProcess", _t818, "Locating procedure \"%Z\" in Windows subsystem DLL \"%wZ\" failed with status 0x%08lx\n", 0x73e954);
																			}
																			goto L15;
																		}
																		_t699 = E00732108(_v188,  &_v224, _t818, 0x7a81b0);
																		_t904 = _t699 - _t818;
																		_v108 = _t699;
																		if(_t699 < _t818) {
																			_t700 =  *0x7273b0; // 0x2
																			_t701 = _t700 | 0x00000001;
																			__eflags =  *0x7af9c0 & _t701;
																			if(( *0x7af9c0 & _t701) != 0) {
																				_push(0x737c98);
																				E0076F3E2(_t763, "d:\\w7rtm\\minkernel\\ntdll\\ldrinit.c", 0xe4b, "LdrpInitializeProcess", 1, "Locating procedure \"%Z\" in Windows subsystem DLL \"%wZ\" failed with status 0x%08lx\n",  &_v224);
																				_t833 = _t833 + 0x1c;
																			}
																			_t702 =  *0x7af9c0;
																			__eflags =  *0x7273b4 & _t702;
																			if(( *0x7273b4 & _t702) != 0) {
																				asm("int3");
																			}
																			__eflags = _v108 - 0xc000007a;
																			 *0x7a81b0 = _t818;
																			if(__eflags == 0) {
																				goto L167;
																			} else {
																				__eflags = _v108 - 0xc0000139;
																				if(__eflags == 0) {
																					goto L167;
																				}
																				goto L16;
																			}
																		}
																		L167:
																		if(E0073E358(_t792, _t808, _t821, _t904) < _t818) {
																			goto L66;
																		}
																		goto L168;
																	} else {
																		L168:
																		_push(_t818);
																		_push(0x7a82e0);
																		_push( *0x7a81a8);
																		"jThH\tr"();
																		_t821 = _t655;
																		if(_t821 < _t818) {
																			_t657 =  *0x7273a4; // 0x2
																			_t658 = _t657 | 0x00000001;
																			__eflags =  *0x7af9c0 & _t658;
																			if(( *0x7af9c0 & _t658) == 0) {
																				goto L180;
																			}
																			_push(_t821);
																			_push("Walking the import tables of the executable and its static imports failed with status 0x%08lx\n");
																			_push(_t818);
																			_push("LdrpInitializeProcess");
																			_push(0xe86);
																			goto L179;
																		}
																		_t659 =  *0x7a888c; // 0x2c1b00
																		while(_t659 != 0x7a888c) {
																			_t808 = 0xffff;
																			 *((short*)(_t659 + 0x38)) = 0xffff;
																			_t659 =  *_t659;
																		}
																		 *0x7a8070 = 1;
																		__eflags =  *((char*)(_t763 + 2));
																		if(__eflags != 0) {
																			E007705AD(_t763, _t821, __eflags);
																		}
																		_t661 =  *0x7aecd0;
																		_t827 = _t821 | 0xffffffff;
																		__eflags = _t661 - _t827;
																		if(_t661 != _t827) {
																			L52:
																			_v112 = _t818;
																			_t796 =  *0x7ffe02d5;
																			__eflags = _t796 - 1;
																			if(_t796 == 1) {
																				L54:
																				_v112 = 0xd;
																				 *0x7a8028 = 1;
																				L55:
																				__eflags = _t661 - 1;
																				if(_t661 == 1) {
																					_t76 =  &_v112;
																					 *_t76 = _v112 | 0x00000040;
																					__eflags =  *_t76;
																				}
																				_push(4);
																				_push( &_v112);
																				_push(0x22);
																				_push(_t827);
																				E00716240();
																				L58:
																				E00727C3B(_t818);
																				_t665 = _v208;
																				__eflags = _t665 - _t818;
																				if(_t665 != _t818) {
																					__eflags =  *_t665 - _t818;
																					if(__eflags != 0) {
																						_t796 =  &_v152;
																						 *(_t763 + 0x1ec) = _t818;
																						E006EE865(_t763,  &_v152, _t818, __eflags, _t665,  &_v152, _t665);
																					}
																				}
																				__eflags =  *0x7a8028;
																				if(__eflags == 0) {
																					_t666 = _v116;
																					_v112 = _t818;
																					__eflags =  *0x7ffe02d5 - 2;
																					if( *0x7ffe02d5 != 2) {
																						L8:
																						_t667 = E0077023E(_t666);
																						__eflags = _t667;
																						if(_t667 != 0) {
																							L38:
																							_v112 = 2;
																							goto L39;
																						} else {
																							_t681 = E00770109(_t796, _v116);
																							__eflags = _t681;
																							if(_t681 != 0) {
																								goto L38;
																							}
																							_t682 = E00770168(_t796, _v116);
																							__eflags = _t682;
																							if(_t682 != 0) {
																								goto L38;
																							} else {
																								L39:
																								__eflags =  *0x7aecd0 - 1;
																								if( *0x7aecd0 == 1) {
																									_t62 =  &_v112;
																									 *_t62 = _v112 | 0x00000040;
																									__eflags =  *_t62;
																								}
																								__eflags = _v112 - _t818;
																								if(__eflags != 0) {
																									_push(4);
																									_push( &_v112);
																									_push(0x22);
																									_push(_t827);
																									E00716240();
																								}
																								goto L60;
																							}
																							L289:
																							_t669 =  *0x7273a4; // 0x2
																							_t670 = _t669 | 0x00000001;
																							__eflags =  *0x7af9c0 & _t670;
																							if(( *0x7af9c0 & _t670) == 0) {
																								goto L180;
																							}
																							_push(_t821);
																							_push("Running the init routines of the executable\'s static imports failed with status 0x%08lx\n");
																							_push(_t818);
																							_push("LdrpInitializeProcess");
																							_push(0xf85);
																							goto L179;
																						}
																					}
																					__eflags =  *((short*)(_t666 + 0x5c)) - 1;
																					if( *((short*)(_t666 + 0x5c)) == 1) {
																						goto L8;
																					}
																					_t796 = _v156;
																					__eflags =  *(_t796 + 8) & 0x00020000;
																					if(( *(_t796 + 8) & 0x00020000) != 0) {
																						goto L8;
																					}
																					goto L38;
																				}
																				L60:
																				_push(_v180);
																				_t821 = E007322AE(_t763, _t796, _t808, _t818, _t827, __eflags);
																				__eflags = _t821 - _t818;
																				if(_t821 < _t818) {
																					goto L289;
																				} else {
																					__eflags =  *0x7a800c - _t818; // 0x0
																					if(__eflags != 0) {
																						_t671 = E0073CC58( *0x7a8044);
																						__eflags =  *_t671( &_v152, _v208);
																						if(__eflags == 0) {
																							E006EE8DD(__eflags);
																						}
																					}
																					_t673 =  *((intOrPtr*)(_t763 + 0x14c));
																					__eflags = _t673 - _t818;
																					if(_t673 != _t818) {
																						 *_t673();
																					}
																					_v156 = _t818;
																					_t676 = E00735E9A(_v160, L"DisableUserModeCallbackFilter", 4,  &_v156, 4, _t818);
																					__eflags = _t676;
																					if(_t676 >= 0) {
																						_t763 =  *((intOrPtr*)(_t763 + 0x10));
																						__eflags = _v156 - _t818;
																						if(_v156 == _t818) {
																							 *(_t763 + 8) =  *(_t763 + 8) | 0x00080000;
																						} else {
																							 *(_t763 + 8) =  *(_t763 + 8) & 0xfff7ffff;
																						}
																					}
																					__eflags = _v160 - _t818;
																					if(_v160 != _t818) {
																						_push(_v160);
																						E00715090();
																					}
																					_t507 = 0;
																					__eflags = 0;
																					goto L66;
																				}
																			}
																			__eflags =  *0x7a8028;
																			if( *0x7a8028 == 0) {
																				__eflags = _t796;
																				if(_t796 != 0) {
																					goto L58;
																				} else {
																					_v112 = 0xa;
																					goto L55;
																				}
																			}
																			goto L54;
																		} else {
																			_push(_t818);
																			_push(4);
																			_push( &_v112);
																			_push(0x22);
																			_push(_t827);
																			_t685 = E00715C10();
																			__eflags = _t685;
																			if(_t685 < 0) {
																				L50:
																				_t687 =  *0x7ffe02f0 >> 6;
																				__eflags = _t687;
																				_t688 =  !_t687;
																				L51:
																				_t661 = _t688 & 0x00000001;
																				__eflags = _t661;
																				 *0x7aecd0 = _t661;
																				goto L52;
																			}
																			_t689 = _v112;
																			__eflags = _t689 & 0x00000008;
																			if((_t689 & 0x00000008) != 0) {
																				_t688 = _t689 >> 6;
																				goto L51;
																			}
																			goto L50;
																		}
																	}
																}
															}
															goto L4;
														}
													}
												}
												if( *(_t825 + 0x30) == _t818) {
													E006D93D7(0, 0xc000000d);
												} else {
													 *0x7a82e0 =  *(_t825 + 0x30);
													 *0x7a82e4 =  *((intOrPtr*)(_t825 + 0x34));
												}
												_t715 =  *(_t825 + 0x24);
												_v140 = _t715;
												_t821 =  *(_t825 + 0x28);
												_v136 = _t821;
												if(_t821 == _t818 || _t715 == _t818 ||  *_t821 == _t818) {
													_t716 = E007229EE(_v120, _t818, 8);
													_v136 = _t716;
													__eflags = _t716 - _t818;
													if(__eflags != 0) {
														_v164 = _v164 & 0x00000000;
														_t821 = 0x7ffe0030;
														asm("movsd");
														asm("movsw");
														 *((short*)(_v136 + 6)) = 0;
														_t718 = 6;
														_v140 = _t718;
														_t719 = 8;
														_v138 = _t719;
														_t818 = 0;
														goto L137;
													}
													_t720 =  *0x7273a4; // 0x2
													_t721 = _t720 | 0x00000001;
													__eflags =  *0x7af9c0 & _t721;
													if(( *0x7af9c0 & _t721) == 0) {
														goto L212;
													}
													_push("Allocating a buffer to hold the current working directory failed\n");
													_push(_t818);
													_push("LdrpInitializeProcess");
													_push(0xbd2);
													goto L211;
												} else {
													goto L137;
												}
											}
											_t830 = 0x40;
											_push( &_v248);
											_push(3);
											_push(0x7aedbc);
											_v248 = 0x18;
											_v244 = _t818;
											_v236 = _t830;
											_v240 = 0x737c88;
											_v232 = _t818;
											_v228 = _t818;
											if(E00715860() < 0) {
												 *0x7aedbc = _t818;
												E00726D7A(0x7a8288, _v172);
												 *0x7a8288 =  *0x7a8288 + 0xfffe;
												goto L131;
											}
											_v244 =  *0x7aedbc;
											_push( &_v248);
											_push(1);
											_push( &_v192);
											_v248 = 0x18;
											_v236 = _t830;
											_v240 = 0x737c90;
											_v232 = _t818;
											_v228 = _t818;
											_t821 = E007159C0();
											if(_t821 < _t818) {
												_t732 =  *0x7273a4; // 0x2
												_t733 = _t732 | 0x00000001;
												__eflags =  *0x7af9c0 & _t733;
												if(( *0x7af9c0 & _t733) == 0) {
													goto L180;
												}
												_push(_t821);
												_push("Opening the known DLL directory link object failed with status 0x%08lx\n");
												_push(_t818);
												_push("LdrpInitializeProcess");
												_push(0xb77);
												goto L179;
											}
											_t734 = 0x30;
											while(1) {
												_v108 = _t734;
												_t821 = E007229EE(_v120, _t818, _t734);
												if(_t821 == _t818) {
													goto L214;
												}
												 *0x7a8288 = 0;
												 *0x7a828a = _v108;
												_push( &_v184);
												_push(0x7a8288);
												_push(_v192);
												 *0x7a828c = _t821;
												_t739 = E00715D90();
												_v108 = _t739;
												if(_t739 < _t818) {
													__eflags = _t739 - 0xc0000023;
													if(_t739 != 0xc0000023) {
														_t740 =  *0x7273a4; // 0x2
														_t741 = _t740 | 0x00000001;
														__eflags =  *0x7af9c0 & _t741;
														if(( *0x7af9c0 & _t741) != 0) {
															E0076F3E2(_t763, "d:\\w7rtm\\minkernel\\ntdll\\ldrinit.c", 0xb6d, "LdrpInitializeProcess", _t818, "Querying the known DLL directory link object failed with status 0x%08lx\n", _v108);
														}
														goto L15;
													}
													E00722882(0, _v120, _t818, _t821);
													_t734 = _v184;
													continue;
												}
												_push(_v192);
												E00715090();
												goto L131;
											}
											goto L214;
										}
									}
								}
							}
						} else {
							if(_t851 >= 0) {
								__eflags =  *0x7a8318 - 0x9e3b9800;
								if(__eflags < 0) {
									goto L107;
								}
								goto L108;
							}
							L107:
							 *0x7a8068 = 1;
							goto L108;
						}
					} else {
						_t818 = _v168;
						__eflags = _t818;
						if(__eflags == 0) {
							goto L104;
						}
						__eflags = _t818 - 0x40;
						if(_t818 != 0x40) {
							__eflags = _t818 -  *_t821;
							if(__eflags == 0) {
								goto L88;
							} else {
								goto L104;
							}
						}
						L88:
						__eflags = _t818 - 0x10;
						if(_t818 >= 0x10) {
							_t148 = _t763 + 0x68;
							 *_t148 =  *(_t763 + 0x68) &  !( *(_t821 + 0xc));
							__eflags =  *_t148;
							_t818 = _v168;
						}
						__eflags = _t818 - 0x14;
						if(_t818 >= 0x14) {
							_t152 = _t763 + 0x68;
							 *_t152 =  *(_t763 + 0x68) |  *(_t821 + 0x10);
							__eflags =  *_t152;
							_t818 = _v168;
						}
						__eflags = _t818 - 0x18;
						if(_t818 >= 0x18) {
							_t755 =  *(_t821 + 0x14);
							__eflags = _t755;
							if(_t755 != 0) {
								asm("cdq");
								 *0x7a8318 = E00704080(_t755, _t808, 0xffffd8f0, 0xffffffff);
								 *0x7a831c = _t808;
							}
						}
						__eflags = _t818 - 0x30;
						if(__eflags >= 0) {
							_t477 =  *(_t821 + 0x2c);
							__eflags = _t477;
							if(__eflags != 0) {
								_t804 = _t477 & 0xffff0fff;
								if(_t804 != 0) {
									_v120 = _t804;
								}
								 *0x7a8000 = _t477 & 0x0000f000;
							}
						}
						if(_t818 >= 0x1c) {
							_t753 =  *((intOrPtr*)(_t821 + 0x18));
							if(_t753 != 0) {
								_v308 = _t753;
							}
						}
						if(_t818 >= 0x20) {
							_t752 =  *((intOrPtr*)(_t821 + 0x1c));
							if(_t752 != 0) {
								_v304 = _t752;
							}
						}
						if(_t818 >= 0x28) {
							_t751 =  *(_t821 + 0x24);
							if(_t751 != 0) {
								_v300 = _t751;
							}
						}
						if(_t818 >= 0x2c) {
							_t821 =  *(_t821 + 0x28);
							if(_t821 != 0) {
								_v296 = _t821;
							}
						}
						goto L104;
					}
				}
				__eflags = _t496 - 3;
				if(_t496 != 3) {
					goto L78;
				}
				goto L76;
			}

Strings

StackTraceDatabaseSizeInMb, xrefs: 007503DC
BaseQueryModuleData, xrefs: 00737301
LDR, xrefs: 00750953
Ww, xrefs: 00737BF2
Loading Windows subsystem DLL "%wZ" failed with status 0x%08lx, xrefs: 00750AB1
DebugProcessHeapOnly, xrefs: 007504F4
MZER, xrefs: 006F5B0B
Allocating a data table entry for the executable failed, xrefs: 0075070F
Beginning execution of %wZ (%wZ)Current directory: %wZSearch path: %wZ, xrefs: 00750799
Creating the process heap failed, xrefs: 007504A4
DisableUserModeCallbackFilter, xrefs: 007360A1
Running the init routines of the executable's static imports failed with status 0x%08lx, xrefs: 00750B2B
NTDLL!, xrefs: 0073777E
Initializing the current directory to "%wZ" failed with status 0x%08lx, xrefs: 007507DB
LdrpInitializeProcess, xrefs: 007502DE, 00750325, 00750432, 007504AA, 00750617, 00750654, 007506A1, 00750715, 00750774, 007507A0, 007507E1, 0075084E, 007509B1, 007509E3, 00750A1E, 00750A83, 00750AB7, 00750B31
Allocating a data table entry for the system DLL failed, xrefs: 0075076E
Stack trace database size is %ld Mb, xrefs: 0075042B
Opening the known DLL directory link object failed with status 0x%08lx, xrefs: 0075064E
!Process, xrefs: 00737779
Locating procedure "%Z" in Windows subsystem DLL "%wZ" failed with status 0x%08lx, xrefs: 007509DD, 00750A17
Allocating a buffer to hold the current working directory failed, xrefs: 0075069B
Initializing process 0x%lx, xrefs: 0075031F
Initializing the execution options for the process %lx failed with status 0x%08lx, xrefs: 007502D7
Walking the import tables of the executable and its static imports failed with status 0x%08lx, xrefs: 00750A7D
Initializing TLS slots failed with status 0x%08lx, xrefs: 007509AB
Allocating a data table entry for the application verifier DLL failed, xrefs: 00750848
Querying the known DLL directory link object failed with status 0x%08lx, xrefs: 00750611
d:\w7rtm\minkernel\ntdll\ldrinit.c, xrefs: 007502E8, 0075032F, 0075043C, 007504B4, 00750621, 0075071F, 007507AA, 007507EB, 007509ED, 00750A28, 00750AC1

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID: InformationProcessQuery
String ID: Ww$!Process$Allocating a buffer to hold the current working directory failed$Allocating a data table entry for the application verifier DLL failed$Allocating a data table entry for the executable failed$Allocating a data table entry for the system DLL failed$BaseQueryModuleData$Beginning execution of %wZ (%wZ)Current directory: %wZSearch path: %wZ$Creating the process heap failed$DebugProcessHeapOnly$DisableUserModeCallbackFilter$Initializing TLS slots failed with status 0x%08lx$Initializing process 0x%lx$Initializing the current directory to "%wZ" failed with status 0x%08lx$Initializing the execution options for the process %lx failed with status 0x%08lx$LDR$LdrpInitializeProcess$Loading Windows subsystem DLL "%wZ" failed with status 0x%08lx$Locating procedure "%Z" in Windows subsystem DLL "%wZ" failed with status 0x%08lx$MZER$NTDLL!$Opening the known DLL directory link object failed with status 0x%08lx$Querying the known DLL directory link object failed with status 0x%08lx$Running the init routines of the executable's static imports failed with status 0x%08lx$Stack trace database size is %ld Mb$StackTraceDatabaseSizeInMb$Walking the import tables of the executable and its static imports failed with status 0x%08lx$d:\w7rtm\minkernel\ntdll\ldrinit.c
API String ID: 1778838933-3147267112
Opcode ID: 2ec9d23d7620d946bb39aa82b6b7a06d5d10e65bb6685fd46d4699773f20e96e
Instruction ID: fc6286a1ae6fd4cbe939bfae02aa26aa4259a7192fec3788ed670f236c2e286c
Opcode Fuzzy Hash: 2ec9d23d7620d946bb39aa82b6b7a06d5d10e65bb6685fd46d4699773f20e96e
Instruction Fuzzy Hash: 9BC2E1B0904214DFEB74DF28CC86FAA77B5FB45700F10816AE909EB292DB789885CF55

Uniqueness

Uniqueness Score: 100.00%

Function 00743951, Relevance: 15.4, Strings: 12, Instructions: 424
UNIQUECrypto

C-Code - Quality: 55%

			E00743951(intOrPtr _a4, intOrPtr _a8, signed short _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				char _v544;
				char _v1064;
				char _v1068;
				char _v1069;
				signed short* _v1076;
				signed short _v1080;
				signed short* _v1084;
				signed short _v1086;
				char _v1088;
				signed short _v1092;
				signed short _v1096;
				signed short _v1100;
				char* _v1104;
				short _v1106;
				char _v1108;
				signed short _v1111;
				signed short _v1112;
				signed int _v1116;
				signed short _v1120;
				signed short* _v1124;
				short _v1126;
				char _v1128;
				intOrPtr _v1132;
				signed short* _v1136;
				intOrPtr _v1140;
				signed short _v1144;
				signed short _v1148;
				short _v1150;
				char _v1152;
				char* _v1156;
				short _v1158;
				char _v1160;
				intOrPtr _v1164;
				signed short* _v1172;
				intOrPtr _v1176;
				char _v1180;
				signed short* _v1184;
				signed short* _v1188;
				intOrPtr _v1192;
				char* _v1196;
				intOrPtr _v1200;
				char _v1204;
				char _v1212;
				char __ebx;
				signed int __edi;
				signed short __esi;
				signed int _t173;
				intOrPtr _t175;
				void* _t187;
				intOrPtr _t194;
				char _t209;
				void* _t220;
				signed short _t236;
				unsigned int _t240;
				signed int _t242;

				_t173 =  *0x7a81e8; // 0x77d57e23
				_v8 = _t173 ^ _t242;
				_t175 = _a4;
				_t225 = _a8;
				_v1132 = _a16;
				_v1140 = _a20;
				_v1160 = 0;
				_v1158 = 0x208;
				_v1156 =  &_v1064;
				_t235 = 0;
				_t236 = _a12;
				_v1164 = _t175;
				_v1069 = 0;
				_v1068 = 0;
				_v1136 = 0;
				_v1088 = 0;
				_v1086 = 0;
				_v1084 = 0;
				_v1128 = 0;
				_v1126 = 0;
				_v1124 = 0;
				_v1144 = 0;
				if(_t175 == 0) {
					_t235 = 0;
					goto L66;
				} else {
					if(__ecx == 0 || __edi < 1 || __edi >  *(__eax + 4)) {
						__edx =  *(__eax + 4);
						L66:
						_push(_t235);
						_push(_t236);
						_push(_t225);
						_push(_t175);
						L006F1ACE(0x33, 0, "SXS: %s() bad parameters\nSXS:   Map                : %p\nSXS:   Data               : %p\nSXS:   AssemblyRosterIndex: 0x%lx\nSXS:   Map->AssemblyCount : 0x%lx\n", "RtlpResolveAssemblyStorageMapEntry");
						_t239 = 0xc000000d;
						goto L29;
					} else {
						__eax =  *(__eax + 8);
						if( *((intOrPtr*)(__eax + __edi * 4)) != 0) {
							L34:
							return E00722F0C(_t239, 0, _v8 ^ _t242, _t235, _t236, _t239);
						}
						__edx =  *(__ecx + 0x18);
						__edi = __edi * 0x18;
						__edx =  *(__ecx + 0x18) + __ecx;
						__esi =  *(__edx + 0xc);
						__edx =  *(__edx + 0x10);
						__esi = __esi + __edi * 0x18;
						__eax =  *(__esi + __ecx + 0x10);
						__eax =  *(__esi + __ecx + 0x10) + __ecx;
						__esi =  *(__eax + 0x50);
						__edx = __edx + __ecx;
						if(__esi > 0xfffe) {
							_push(__ecx);
							__eax = L006F1ACE(0x33, 0, "SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p\n", __esi);
							L39:
							_t239 = 0xc0000106;
							L31:
							if(_v1084 != 0) {
								 *0x725538(_v1084);
							}
							if(_v1068 != 0) {
								_push(_v1068);
								E00715090();
							}
							if(_v1136 != 0) {
								E00722882(_t225,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v1136);
							}
							goto L34;
						}
						if(( *(__eax + 4) & 0x00000010) != 0) {
							goto L1;
						}
						_v1076 = 0;
						__si =  *(__eax + 0x50);
						_v1152 = __si;
						_v1150 = __si;
						__eax =  *(__eax + 0x54);
						_v1148 = __eax;
						__eax = 0;
						_v1108 = __ax;
						__eax = 0x216;
						_v1106 = __ax;
						__eax =  &_v544;
						_v1104 =  &_v544;
						__eax =  &_v1120;
						_v1120 = __ecx;
						_v1116 = __edi;
						_v1112 = 0;
						_v1100 = __bl;
						_v1092 = __bl;
						_v1096 = 0;
						__eax = _v1132(1,  &_v1120, _v1140);
						if(_v1092 != __bl) {
							__esi = 0xc0000120;
							goto L31;
						}
						if(_v1100 != __bl) {
							 &_v1068 =  &_v1076;
							 &_v1088 =  &_v1160;
							 &_v1152 =  &_v1108;
							__esi = E00744344(0,  &_v1108,  &_v1152,  &_v1160,  &_v1088,  &_v1076,  &_v1068);
							if(__esi >= 0) {
								 &_v1068 =  &_v1108;
								__eax = E0074409E(_v1164, __edi,  &_v1108,  &_v1068);
								__esi = __eax;
								if(__esi >= 0) {
									__esi = 0;
									goto L31;
								}
								_push(__esi);
								_push(__edi);
								_push("SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx\n");
								L50:
								_push(__ebx);
								_push(0x33);
								__eax = L006F1ACE();
								__esp = __esp + 0x14;
								goto L31;
							}
							_push(__esi);
							__eax =  &_v1108;
							_push( &_v1108);
							_push("SXS: Attempt to probe known root of assembly storage (\"%wZ\") failed; Status = 0x%08lx\n");
							goto L50;
						}
						__eax = _v1112;
						_v1144 = _v1112;
						__eax = _v1096;
						__edi = 0;
						_v1080 = __eax;
						_v1069 = 1;
						if(__eax <= 0) {
							L25:
							if(__edi == _v1080) {
								L59:
								_push(__edi);
								__eax =  &_v1152;
								__eax = L006F1ACE(0x33, __ebx, "SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries\n",  &_v1152);
								__esi = 0xc0150004;
								L30:
								_v1120 = _v1144;
								_v1132(4,  &_v1120, _v1140);
								goto L31;
							}
							L26:
							if(_v1068 == 0) {
								if(E0072CBB1(_v1076[2],  &_v1128, 0,  &_v1180) == 0) {
									L006F1ACE(0x33, 0, "SXS: Attempt to translate DOS path name \"%S\" to NT format failed\n", _v1076[2]);
									_t239 = 0xc000003a;
									L29:
									if(_v1069 == 0) {
										goto L31;
									}
									goto L30;
								}
								_v1136 = _v1124;
								_t209 = _v1180;
								if(_t209 != 0) {
									_v1128 = _t209;
									_v1124 = _v1176;
								} else {
									_v1172 = 0;
								}
								_v1200 = _v1172;
								_push(0x21);
								_v1196 =  &_v1128;
								_push(3);
								_push( &_v1212);
								_push( &_v1204);
								_push(0x100020);
								_push( &_v1068);
								_v1204 = 0x18;
								_v1192 = 0x40;
								_v1188 = 0;
								_v1184 = 0;
								_t239 = E007158A0();
								E00727DEA( &_v1180, _t225,  &_v1180);
								if(_t239 >= 0) {
									goto L27;
								} else {
									_push(_t239);
									L006F1ACE(0x33, 0, "SXS: Unable to open assembly directory under storage root \"%S\"; Status = 0x%08lx\n", _v1076[2]);
									goto L29;
								}
							}
							L27:
							_t220 = E0074409E(_v1164, _a12, _v1076,  &_v1068);
							_t239 = _t220;
							if(_t220 < 0) {
								L006F1ACE(0x33, 0, "SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx\n", _t239);
							} else {
								_t239 = 0;
							}
							goto L29;
						} else {
							goto L21;
						}
						while(1) {
							L21:
							__eax = _v1144;
							_v1120 = _v1144;
							__eax = 0;
							_v1108 = __ax;
							__eax = 0x216;
							_v1106 = __ax;
							__eax =  &_v544;
							_v1104 =  &_v544;
							__eax =  &_v1120;
							_v1116 = __edi;
							_v1112 = __bl;
							_v1111 = __bl;
							__eax = _v1132(2,  &_v1120, _v1140);
							if(_v1112 != __bl) {
								break;
							}
							if(_v1111 != __bl) {
								if(_v1108 == __bx) {
									goto L59;
								}
								_t159 = __edi + 1; // 0x1
								__eax = _t159;
								_v1080 = _t159;
							}
							if(_v1108 != __bx) {
								if(_v1068 != __ebx) {
									_push(_v1068);
									__eax = E00715090();
									_v1068 = __ebx;
								}
								 &_v1068 =  &_v1076;
								 &_v1088 =  &_v1160;
								 &_v1152 =  &_v1108;
								__esi = E00744344(__ebx,  &_v1108,  &_v1152,  &_v1160,  &_v1088,  &_v1076,  &_v1068);
								if(__esi >= __ebx) {
									goto L25;
								} else {
									if(__esi == 0xc0150004) {
										goto L24;
									}
									_push(__esi);
									__eax =  &_v1152;
									_push( &_v1152);
									__eax =  &_v1108;
									__eax = L006F1ACE(0x33, __ebx, "SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx\n",  &_v1108);
									goto L30;
								}
							}
							L24:
							__edi = __edi + 1;
							if(__edi < _v1080) {
								continue;
							}
							goto L25;
						}
						__esi = 0xc0000120;
						goto L30;
					}
				}
				L1:
				_v1076 =  &_v1160;
				_t236 =  *(_t175 + 0x18);
				_v1080 = _t236;
				if(_t236 == 0) {
					_t239 = 0xc00000e5;
					goto L34;
				}
				_t187 = E007287C9(_t236, 0x5c);
				_pop(_t225);
				if(_t187 == 0) {
					_t239 = 0xc00000e5;
					goto L31;
				}
				_t236 = (_t187 - _t236 >> 0x00000001) + (_t187 - _t236 >> 0x00000001) + 0x00000004 & 0x0000ffff;
				if(_t236 > 0x208) {
					if(_t236 > 0xfffe) {
						goto L39;
					}
					_v1086 = _t236;
					_t194 =  *0x725510(_t236 & 0x0000ffff);
					_v1084 = _t194;
					if(_t194 != 0) {
						_v1076 =  &_v1088;
						goto L4;
					}
					_t239 = 0xc0000017;
					goto L31;
				}
				L4:
				_t240 = _t236 & 0x0000ffff;
				E00704830(_v1076[2], _v1080, _t240 - 2);
				_t225 = 0;
				 *((short*)(_v1076[2] + (_t240 >> 1) * 2 - 2)) = 0;
				 *_v1076 = _t236;
				goto L26;
			}

Strings

SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 00754AB9
AUr, xrefs: 00754C62
RtlpResolveAssemblyStorageMapEntry, xrefs: 00754C3D
SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 00754C42
<<t, xrefs: 00743953
SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 00754BA3
SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 00754B1B
SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 00754C0C
SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 00754BD6
SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 00754C22
SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 00754B52
SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 00754A42

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: <<t$AUr$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
API String ID: 0-2720898200
Opcode ID: 4373187aba89aae1e14d9c6725f70e3149559ea56123cf13e9330dfa9b67f0dc
Instruction ID: 9e369b5436a63a00f42facd0ac3cab2c5d4f52a4671793f046e9e26de58e835b
Opcode Fuzzy Hash: 4373187aba89aae1e14d9c6725f70e3149559ea56123cf13e9330dfa9b67f0dc
Instruction Fuzzy Hash: CF0239F19012289FDB21DF548C84BEAB7B9AF48304F4441EAA60DA7251E7749FC4CF69

Uniqueness

Uniqueness Score: 100.00%

Function 007950A5, Relevance: 12.0, Strings: 9, Instructions: 799
UNIQUECrypto

C-Code - Quality: 58%

			E007950A5(signed int _a4, signed int _a8, intOrPtr* _a16, signed int* _a20, signed int* _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t339;
				intOrPtr _t361;
				signed int _t365;
				signed short _t377;
				signed char _t380;
				signed int* _t382;
				signed char _t383;
				signed int _t384;
				intOrPtr _t386;
				unsigned int _t401;
				signed int _t402;
				intOrPtr _t409;
				intOrPtr _t423;
				signed int _t450;
				intOrPtr _t452;
				intOrPtr* _t463;
				signed int _t465;
				signed int* _t466;
				signed int _t467;
				intOrPtr _t468;
				signed short _t469;
				signed int _t471;
				signed int _t472;
				signed int _t475;
				signed short* _t486;
				signed short _t487;
				signed int* _t489;
				signed int _t490;
				signed int _t498;
				signed int _t501;
				signed int _t502;
				signed int _t511;
				signed short _t513;
				signed short _t514;
				signed int _t515;
				signed int* _t519;
				signed int _t523;
				signed int _t532;
				signed int _t534;
				signed int* _t535;
				signed int _t537;
				void* _t539;
				signed int _t549;
				signed int _t551;
				intOrPtr _t557;
				intOrPtr _t561;
				signed int _t570;
				intOrPtr* _t582;
				signed int _t583;
				signed int* _t584;
				void* _t585;
				signed int _t586;
				signed int _t588;
				signed int _t589;
				signed int _t590;
				signed int _t592;
				signed int* _t594;
				signed short _t595;
				signed short _t597;
				signed int _t604;
				signed int _t605;
				signed int _t607;
				signed short _t609;
				signed short _t611;
				signed int _t613;
				signed int _t615;
				signed int _t616;
				signed int _t621;
				signed int _t622;
				signed int _t623;
				intOrPtr _t626;
				signed int* _t627;
				intOrPtr _t628;
				signed int _t630;
				signed int* _t632;
				signed int _t633;
				signed int _t634;
				signed int _t636;
				signed int _t638;
				signed int* _t642;
				signed short _t643;
				signed short _t645;
				signed int _t646;
				void* _t650;
				signed int _t652;
				signed int _t654;
				signed int* _t656;
				signed short _t664;
				signed short _t667;
				intOrPtr _t668;
				intOrPtr _t669;
				signed int _t670;
				signed int _t671;
				void* _t690;

				_t671 = _a8;
				_t339 = 0;
				_v32 = 0;
				_v36 = 0;
				_v24 = 0;
				if(_t671 >=  *((intOrPtr*)(_t671 + 0x28))) {
					L176:
					_t668 = _v32;
					__eflags =  *((intOrPtr*)(_t671 + 0x2c)) - _t668;
					if( *((intOrPtr*)(_t671 + 0x2c)) == _t668) {
						_t669 = _v36;
						__eflags =  *((intOrPtr*)(_t671 + 0x30)) - _t669;
						if( *((intOrPtr*)(_t671 + 0x30)) == _t669) {
							goto L203;
						}
						_t557 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *((intOrPtr*)(_t557 + 0xc)) - _t339;
						if( *((intOrPtr*)(_t557 + 0xc)) == _t339) {
							_push("HEAP: ");
							E006EF63B();
						} else {
							E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_t669);
						_push( *((intOrPtr*)(_t671 + 0x30)));
						_push(_t671);
						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
						L211:
						E006EF63B();
						goto L186;
					}
					_t561 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
					__eflags =  *((intOrPtr*)(_t561 + 0xc)) - _t339;
					if( *((intOrPtr*)(_t561 + 0xc)) == _t339) {
						_push("HEAP: ");
						E006EF63B();
					} else {
						E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t668);
					_push( *((intOrPtr*)(_t671 + 0x2c)));
					_push(_t671);
					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
					goto L211;
				} else {
					_t670 = _a4;
					do {
						_t532 = 0;
						 *_a24 = _t671;
						if( *(_t670 + 0x4c) != 0) {
							 *_t671 =  *_t671 ^  *(_t670 + 0x50);
							_t679 =  *(_t671 + 3) - ( *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671);
							if( *(_t671 + 3) != ( *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671)) {
								_push(0);
								_push(_t671);
								_push(_t670);
								E00794BBA(0, _t670, _t671, _t679);
							}
						}
						if(_v24 != ( *(_t671 + 4) ^  *(_t670 + 0x54))) {
							_t361 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *((intOrPtr*)(_t361 + 0xc)) - _t532;
							if( *((intOrPtr*)(_t361 + 0xc)) == _t532) {
								_push("HEAP: ");
								E006EF63B();
							} else {
								E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v24 & 0x0000ffff);
							_t365 =  *(_t671 + 4) & 0x0000ffff ^  *(_t670 + 0x54) & 0x0000ffff;
							__eflags = _t365;
							_push(_t365);
							E006EF63B("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t671);
							L183:
							_t690 =  *(_t670 + 0x4c) - _t532;
							L184:
							if(_t690 != 0) {
								 *(_t671 + 3) =  *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671;
								 *_t671 =  *_t671 ^  *(_t670 + 0x50);
							}
							L186:
							return 0;
						}
						_t377 =  *_t671 & 0x0000ffff;
						_v24 = _t377 & 0x0000ffff;
						_t568 = _t377 & 0x0000ffff;
						_a4 = _t568 << 3;
						_t380 =  *(_t671 + 2);
						if((_t380 & 0x00000001) == 0) {
							__eflags =  *(_t670 + 0x40) & 0x00000040;
							if(( *(_t670 + 0x40) & 0x00000040) == 0) {
								L154:
								 *_a16 =  *_a16 + 1;
								_t382 = _a20;
								 *_t382 =  *_t382 + ( *_t671 & 0x0000ffff);
								__eflags =  *_t382;
								L155:
								_t383 =  *(_t671 + 6);
								__eflags = _t383;
								if(_t383 == 0) {
									_t384 = _t670;
								} else {
									_t384 = (_t671 & 0xffff0000) - ((_t383 & 0x000000ff) << 0x10) + 0x10000;
								}
								_t570 = _a8;
								__eflags = _t384 - _t570;
								if(_t384 != _t570) {
									_t386 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									__eflags =  *((intOrPtr*)(_t386 + 0xc)) - _t532;
									if( *((intOrPtr*)(_t386 + 0xc)) == _t532) {
										_push("HEAP: ");
										E006EF63B();
									} else {
										E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
									}
									_push( *(_t671 + 6) & 0x000000ff);
									_push(_t671);
									_push("Heap block at %p has incorrect segment offset (%x)\n");
									goto L195;
								} else {
									__eflags =  *((char*)(_t671 + 7)) - 3;
									if( *((char*)(_t671 + 7)) != 3) {
										__eflags =  *(_t670 + 0x4c) - _t532;
										if( *(_t670 + 0x4c) != _t532) {
											 *(_t671 + 3) =  *(_t671 + 1) ^  *_t671 ^  *(_t671 + 2);
											 *_t671 =  *_t671 ^  *(_t670 + 0x50);
											__eflags =  *_t671;
										}
										_t671 = _t671 + _a4;
										__eflags = _t671;
										goto L174;
									}
									_t401 =  *(_t671 + 0x1c);
									__eflags = _t401 - _t532;
									if(_t401 == _t532) {
										_t402 =  *_t671 & 0x0000ffff;
										__eflags = _t671 + _t402 * 8 -  *((intOrPtr*)(_t570 + 0x28));
										if(_t671 + _t402 * 8 ==  *((intOrPtr*)(_t570 + 0x28))) {
											__eflags =  *(_t670 + 0x4c) - _t532;
											if( *(_t670 + 0x4c) != _t532) {
												 *(_t671 + 3) =  *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671;
												 *_t671 =  *_t671 ^  *(_t670 + 0x50);
												__eflags =  *_t671;
											}
											L203:
											return 1;
										}
										_t409 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
										__eflags =  *((intOrPtr*)(_t409 + 0xc)) - _t532;
										if( *((intOrPtr*)(_t409 + 0xc)) == _t532) {
											_push("HEAP: ");
											E006EF63B();
										} else {
											E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
										}
										_push( *((intOrPtr*)(_a8 + 0x28)));
										_push(_t671);
										_push("Heap block at %p is not last block in segment (%p)\n");
										L195:
										E006EF63B();
										goto L183;
									}
									_v36 = _v36 + 1;
									_v32 = _v32 + (_t401 >> 0xc);
									__eflags =  *(_t670 + 0x4c) - _t532;
									if( *(_t670 + 0x4c) != _t532) {
										 *(_t671 + 3) =  *(_t671 + 1) ^  *_t671 ^  *(_t671 + 2);
										 *_t671 =  *_t671 ^  *(_t670 + 0x50);
										__eflags =  *_t671;
									}
									_t671 = _t671 +  *(_t671 + 0x1c) + 0x20;
									__eflags = _t671 -  *((intOrPtr*)(_t570 + 0x28));
									if(_t671 ==  *((intOrPtr*)(_t570 + 0x28))) {
										L170:
										_v24 = _t532;
										goto L174;
									} else {
										__eflags =  *(_t670 + 0x4c) - _t532;
										if( *(_t670 + 0x4c) != _t532) {
											 *_t671 =  *_t671 ^  *(_t670 + 0x50);
											__eflags =  *(_t671 + 3) - ( *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671);
											if(__eflags != 0) {
												_push(_t532);
												_push(_t671);
												_push(_t670);
												E00794BBA(_t532, _t670, _t671, __eflags);
											}
										}
										__eflags =  *(_t671 + 4) ^  *(_t670 + 0x54);
										if(( *(_t671 + 4) ^  *(_t670 + 0x54)) != 0) {
											_t423 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
											__eflags =  *((intOrPtr*)(_t423 + 0xc)) - _t532;
											if( *((intOrPtr*)(_t423 + 0xc)) == _t532) {
												_push("HEAP: ");
												E006EF63B();
											} else {
												E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
											}
											_push( *(_t671 + 4) & 0x0000ffff ^  *(_t670 + 0x54) & 0x0000ffff);
											_push(_t671);
											_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
											goto L195;
										} else {
											__eflags =  *(_t670 + 0x4c) - _t532;
											if( *(_t670 + 0x4c) != _t532) {
												 *(_t671 + 3) =  *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671;
												 *_t671 =  *_t671 ^  *(_t670 + 0x50);
												__eflags =  *_t671;
											}
											goto L170;
										}
									}
								}
							}
							__eflags = _t380 & 0x00000004;
							if((_t380 & 0x00000004) == 0) {
								goto L154;
							}
							_t534 = _a4 + 0xfffffff0;
							__eflags = _t380 & 0x00000002;
							if((_t380 & 0x00000002) != 0) {
								__eflags = _t534 - 4;
								if(_t534 > 4) {
									_t534 = _t534 - 4;
									__eflags = _t534;
								}
							}
							__eflags = _t380 & 0x00000008;
							if((_t380 & 0x00000008) == 0) {
								_t450 = E00705770(_t671 + 0x10, _t534, 0xfeeefeee);
								_v40 = _t450;
								__eflags = _t450 - _t534;
								if(_t450 != _t534) {
									_t452 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									__eflags =  *(_t452 + 0xc);
									if( *(_t452 + 0xc) == 0) {
										_push("HEAP: ");
										E006EF63B();
									} else {
										E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
									}
									_push(_t671 + 8 + _v40);
									E006EF63B("Free Heap block %p modified at %p after it was freed\n", _t671);
									__eflags =  *(_t670 + 0x4c);
									goto L184;
								}
								_t532 = 0;
								__eflags = 0;
								goto L154;
							} else {
								_t535 =  *(_t671 + 0xc);
								_t463 = _t671 + 8;
								_t627 =  *_t463;
								_v12 = _t627;
								_t628 =  *((intOrPtr*)(_t627 + 4));
								_v40 = _t535;
								_t536 =  *_t535;
								__eflags = _t536 - _t628;
								if(__eflags != 0) {
									L61:
									_push(0);
									_push(_t536);
									_push(_t628);
									_push(_t463);
									_push(_t670);
									_push(0xc);
									E00794B0C(_t536, _t568, _t628, _t670, _t671, __eflags);
									goto L174;
								}
								__eflags = _t536 - _t463;
								if(__eflags != 0) {
									goto L61;
								}
								_t465 =  *(_t670 + 0xb8);
								 *((intOrPtr*)(_t670 + 0x78)) =  *((intOrPtr*)(_t670 + 0x78)) - _t568;
								__eflags = _t465;
								if(_t465 == 0) {
									L58:
									_t466 = _v12;
									_t582 = _v40;
									 *_t582 = _t466;
									 *((intOrPtr*)(_t466 + 4)) = _t582;
									__eflags =  *(_t671 + 2) & 0x00000008;
									if(( *(_t671 + 2) & 0x00000008) == 0) {
										L62:
										_t537 =  *_t671 & 0x0000ffff;
										 *(_t671 + 2) = 0;
										 *((char*)(_t671 + 7)) = 0;
										_t467 =  *(_t670 + 0xb8);
										_v20 = _t537;
										__eflags = _t467;
										if(_t467 != 0) {
											while(1) {
												__eflags = _t537 -  *((intOrPtr*)(_t467 + 4));
												if(_t537 <  *((intOrPtr*)(_t467 + 4))) {
													break;
												}
												_t583 =  *_t467;
												__eflags = _t583;
												if(_t583 == 0) {
													_t630 =  *((intOrPtr*)(_t467 + 4)) - 1;
													__eflags = _t630;
													_v28 = _t630;
													L75:
													_t118 = _t467 + 0x14; // 0x14
													_t584 = _t118;
													while(1) {
														_a4 = _t467;
														_v16 = _t630 -  *_t584;
														_t632 =  *((intOrPtr*)(_t467 + 0x18));
														_t468 =  *((intOrPtr*)(_t632 + 4));
														_v12 = _t632;
														__eflags = _t632 - _t468;
														if(_t632 != _t468) {
															goto L78;
														}
														L77:
														_v8 = _t632;
														L121:
														_t472 = _v8;
														__eflags = _t472;
														if(_t472 != 0) {
															L64:
															_t107 = _t670 + 0xc4; // 0xc5
															_t539 = _t107;
															__eflags = _t539 - _t472;
															if(_t539 == _t472) {
																L126:
																_t634 =  *(_t472 + 4);
																_t585 =  *_t634;
																__eflags = _t585 - _t472;
																if(_t585 != _t472) {
																	__eflags = 0;
																	_push(0);
																	_push(_t585);
																	_push(0);
																	_push(_t472);
																	_push(0);
																	_push(0xc);
																	E00794B0C(_t539, _t585, 0, _t670, _t671, 0);
																} else {
																	_t594 = _t671 + 8;
																	 *_t594 = _t472;
																	_t594[1] = _t634;
																	 *_t634 = _t594;
																	 *(_t472 + 4) = _t594;
																}
																 *((intOrPtr*)(_t670 + 0x78)) =  *((intOrPtr*)(_t670 + 0x78)) + ( *_t671 & 0x0000ffff);
																_t475 =  *(_t670 + 0xb8);
																__eflags = _t475;
																if(_t475 == 0) {
																	L150:
																	__eflags =  *(_t670 + 0x4c);
																	if( *(_t670 + 0x4c) != 0) {
																		 *(_t671 + 3) =  *(_t671 + 1) ^  *_t671 ^  *(_t671 + 2);
																		 *_t671 =  *_t671 ^  *(_t670 + 0x50);
																	}
																	goto L174;
																} else {
																	_t586 =  *_t671 & 0x0000ffff;
																	while(1) {
																		__eflags = _t586 -  *((intOrPtr*)(_t475 + 4));
																		if(_t586 <  *((intOrPtr*)(_t475 + 4))) {
																			break;
																		}
																		_t636 =  *_t475;
																		__eflags = _t636;
																		if(_t636 == 0) {
																			_t638 =  *((intOrPtr*)(_t475 + 4)) - 1;
																			__eflags = _t638;
																			L136:
																			_t588 = _t638 -  *((intOrPtr*)(_t475 + 0x14));
																			__eflags =  *(_t475 + 8);
																			_v28 = _t588;
																			if( *(_t475 + 8) != 0) {
																				_t588 = _t588 + _t588;
																				__eflags = _t588;
																			}
																			 *((intOrPtr*)(_t475 + 0xc)) =  *((intOrPtr*)(_t475 + 0xc)) + 1;
																			_t589 = _t588 << 2;
																			_a4 = _t589;
																			_t590 =  *(_t589 +  *((intOrPtr*)(_t475 + 0x20)));
																			_v40 = _t590;
																			__eflags = _t638 -  *((intOrPtr*)(_t475 + 4)) - 1;
																			if(_t638 ==  *((intOrPtr*)(_t475 + 4)) - 1) {
																				_t207 = _t475 + 0x10;
																				 *_t207 =  *(_t475 + 0x10) + 1;
																				__eflags =  *_t207;
																			}
																			__eflags = _t590;
																			if(_t590 == 0) {
																				L147:
																				 *((intOrPtr*)(_a4 +  *((intOrPtr*)(_t475 + 0x20)))) = _t671 + 8;
																				_t590 = _v40;
																				goto L148;
																			} else {
																				__eflags =  *(_t670 + 0x4c);
																				if( *(_t670 + 0x4c) == 0) {
																					_t643 =  *(_t590 - 8) & 0x0000ffff;
																				} else {
																					_t645 =  *(_t590 - 8);
																					__eflags =  *(_t670 + 0x4c) & _t645;
																					if(( *(_t670 + 0x4c) & _t645) != 0) {
																						_t645 = _t645 ^  *(_t670 + 0x50);
																						__eflags = _t645;
																					}
																					_t643 = _t645 & 0x0000ffff;
																				}
																				__eflags = ( *_t671 & 0x0000ffff) - (_t643 & 0x0000ffff);
																				if(( *_t671 & 0x0000ffff) - (_t643 & 0x0000ffff) > 0) {
																					L148:
																					__eflags = _t590;
																					if(_t590 == 0) {
																						_t592 = _v28;
																						_t642 =  *((intOrPtr*)(_t475 + 0x1c)) + (_t592 >> 5) * 4;
																						 *_t642 =  *_t642 | 1 << (_t592 & 0x0000001f);
																						__eflags =  *_t642;
																					}
																					goto L150;
																				} else {
																					goto L147;
																				}
																			}
																		}
																		_t475 = _t636;
																	}
																	_t638 = _t586;
																	goto L136;
																}
															}
															_t646 =  *(_t670 + 0x4c);
															while(1) {
																__eflags = _t646;
																if(_t646 == 0) {
																	_t595 =  *(_t472 - 8) & 0x0000ffff;
																} else {
																	_t597 =  *(_t472 - 8);
																	_t646 =  *(_t670 + 0x4c);
																	__eflags = _t646 & _t597;
																	if((_t646 & _t597) != 0) {
																		_t597 = _t597 ^  *(_t670 + 0x50);
																		__eflags = _t597;
																	}
																	_t595 = _t597 & 0x0000ffff;
																}
																__eflags = _v20 - (_t595 & 0x0000ffff);
																if(_v20 <= (_t595 & 0x0000ffff)) {
																	goto L126;
																}
																_t472 =  *_t472;
																__eflags = _t539 - _t472;
																if(_t539 != _t472) {
																	continue;
																}
																goto L126;
															}
															goto L126;
														}
														_t467 =  *_a4;
														_t537 = _v20;
														_t584 = _t467 + 0x14;
														_t630 =  *_t584;
														_v28 = _t630;
														_a4 = _t467;
														_v16 = _t630 -  *_t584;
														_t632 =  *((intOrPtr*)(_t467 + 0x18));
														_t468 =  *((intOrPtr*)(_t632 + 4));
														_v12 = _t632;
														__eflags = _t632 - _t468;
														if(_t632 != _t468) {
															goto L78;
														}
														goto L77;
														L78:
														_t633 =  *(_t670 + 0x4c);
														__eflags = _t633;
														if(_t633 == 0) {
															_t469 =  *(_t468 - 8) & 0x0000ffff;
														} else {
															_t514 =  *(_t468 - 8);
															_t633 =  *(_t670 + 0x4c);
															__eflags = _t514 & _t633;
															if((_t514 & _t633) != 0) {
																_t514 = _t514 ^  *(_t670 + 0x50);
																__eflags = _t514;
															}
															_t469 = _t514 & 0x0000ffff;
														}
														_t471 = _v12;
														__eflags = _t537 - (_t469 & 0x0000ffff);
														if(_t537 - (_t469 & 0x0000ffff) > 0) {
															L119:
															_v8 = _t471;
															goto L121;
														} else {
															_t486 =  *_t471 - 8;
															__eflags = _t633;
															if(_t633 == 0) {
																_t487 =  *_t486 & 0x0000ffff;
															} else {
																_t513 =  *_t486;
																_t633 =  *(_t670 + 0x4c);
																__eflags = _t513 & _t633;
																if((_t513 & _t633) != 0) {
																	_t513 = _t513 ^  *(_t670 + 0x50);
																	__eflags = _t513;
																}
																_t487 = _t513 & 0x0000ffff;
															}
															__eflags = _v20 - (_t487 & 0x0000ffff);
															if(_v20 - (_t487 & 0x0000ffff) > 0) {
																_t489 = _a4;
																__eflags =  *_t489;
																if( *_t489 != 0) {
																	L105:
																	_t490 = _a4;
																	_t549 = _v16 >> 5;
																	_v12 =  *((intOrPtr*)(_t490 + 0x1c)) + _t549 * 4;
																	_t650 = ( *((intOrPtr*)(_t490 + 4)) -  *_t584 >> 5) - 1;
																	_t498 =  !((1 << (_v16 & 0x0000001f)) - 1) &  *_v12;
																	__eflags = 1;
																	if(1 != 0) {
																		L109:
																		__eflags = _t498 & 0x0000ffff;
																		if((_t498 & 0x0000ffff) == 0) {
																			_t604 = _t498 >> 0x00000010 & 0x000000ff;
																			__eflags = _t604;
																			if(_t604 == 0) {
																				_t171 = (_t498 >> 0x18) + 0x725818; // 0x10008
																				_t501 = ( *_t171 & 0x000000ff) + 0x18;
																				__eflags = _t501;
																			} else {
																				_t170 = _t604 + 0x725818; // 0x10008
																				_t501 = ( *_t170 & 0x000000ff) + 0x10;
																			}
																		} else {
																			_t652 = _t498 & 0x000000ff;
																			__eflags = _t652;
																			if(_t652 == 0) {
																				_t169 = (_t498 >> 0x00000008 & 0x000000ff) + 0x725818; // 0x10008
																				_t501 = ( *_t169 & 0x000000ff) + 8;
																			} else {
																				_t168 = _t652 + 0x725818; // 0x10008
																				_t501 =  *_t168 & 0x000000ff;
																			}
																		}
																		_t551 = (_t549 << 5) + _t501;
																		_t502 = _a4;
																		__eflags =  *(_t502 + 8);
																		_t605 = _t551 + _t551;
																		if( *(_t502 + 8) == 0) {
																			_t605 = _t551;
																		}
																		_t471 =  *( *((intOrPtr*)(_t502 + 0x20)) + _t605 * 4);
																		goto L119;
																	} else {
																		goto L106;
																	}
																	while(1) {
																		L106:
																		__eflags = _t549 - _t650;
																		if(_t549 > _t650) {
																			break;
																		}
																		_v12 =  &(_v12[1]);
																		_t498 =  *_v12;
																		_t549 = _t549 + 1;
																		__eflags = _t498;
																		if(_t498 == 0) {
																			continue;
																		}
																		break;
																	}
																	__eflags = _t498;
																	if(_t498 == 0) {
																		_t179 =  &_v8;
																		 *_t179 = _v8 & 0x00000000;
																		__eflags =  *_t179;
																		goto L121;
																	}
																	goto L109;
																}
																__eflags = _v28 - _t489[1] - 1;
																if(_v28 != _t489[1] - 1) {
																	goto L105;
																}
																_t607 = _a4;
																__eflags =  *(_t607 + 8);
																_t511 = _v16;
																if( *(_t607 + 8) != 0) {
																	_t511 = _t511 + _t511;
																	__eflags = _t511;
																}
																_t471 =  *( *((intOrPtr*)(_t607 + 0x20)) + _t511 * 4);
																while(1) {
																	__eflags = _v12 - _t471;
																	if(_v12 == _t471) {
																		goto L121;
																	}
																	__eflags = _t633;
																	if(_t633 == 0) {
																		_t609 =  *(_t471 - 8) & 0x0000ffff;
																	} else {
																		_t611 =  *(_t471 - 8);
																		_t633 =  *(_t670 + 0x4c);
																		__eflags = _t611 & _t633;
																		if((_t611 & _t633) != 0) {
																			_t611 = _t611 ^  *(_t670 + 0x50);
																			__eflags = _t611;
																		}
																		_t609 = _t611 & 0x0000ffff;
																	}
																	__eflags = _v20 - (_t609 & 0x0000ffff);
																	if(_v20 - (_t609 & 0x0000ffff) <= 0) {
																		goto L119;
																	} else {
																		_t471 =  *_t471;
																		continue;
																	}
																	goto L105;
																}
																goto L121;
															} else {
																_t471 =  *_v12;
																goto L119;
															}
														}
													}
												}
												_t467 = _t583;
											}
											_t630 = _t537;
											_v28 = _t537;
											goto L75;
										}
										_t472 =  *(_t670 + 0xc4);
										goto L64;
									}
									_t515 = E006FC30D(_t670, _t671);
									__eflags = _t515;
									if(_t515 != 0) {
										goto L62;
									}
									E006FE4D7(_t536, _t670, _t670, _t671,  *_t671 & 0x0000ffff, 1);
									goto L174;
								}
								_t613 =  *_t671 & 0x0000ffff;
								while(1) {
									__eflags = _t613 -  *(_t465 + 4);
									if(_t613 <  *(_t465 + 4)) {
										break;
									}
									_t654 =  *_t465;
									__eflags = _t654;
									if(_t654 == 0) {
										_t536 =  *(_t465 + 4) - 1;
										__eflags = _t536;
										_a4 = _t536;
										L37:
										_t615 = _t536 -  *((intOrPtr*)(_t465 + 0x14));
										__eflags =  *(_t465 + 8);
										_v20 = _t615;
										if( *(_t465 + 8) != 0) {
											_t615 = _t615 + _t615;
											__eflags = _t615;
										}
										_t616 = _t615 << 2;
										_t656 =  *((intOrPtr*)(_t465 + 0x20)) + _t616;
										_v28 = _t616;
										 *((intOrPtr*)(_t465 + 0xc)) =  *((intOrPtr*)(_t465 + 0xc)) - 1;
										_v16 =  *_t656;
										__eflags = _t536 -  *(_t465 + 4) - 1;
										if(_t536 ==  *(_t465 + 4) - 1) {
											_t69 = _t465 + 0x10;
											 *_t69 =  *(_t465 + 0x10) - 1;
											__eflags =  *_t69;
										}
										__eflags = _v16 - _t671 + 8;
										if(_v16 != _t671 + 8) {
											goto L58;
										} else {
											__eflags =  *_t465;
											_t621 =  *(_t465 + 4);
											if( *_t465 == 0) {
												_t621 = _t621 - 1;
												__eflags = _t621;
											}
											__eflags = _a4 - _t621;
											_t622 =  *(_t671 + 8);
											if(_a4 >= _t621) {
												__eflags = _t622 -  *((intOrPtr*)(_t465 + 0x18));
												if(_t622 ==  *((intOrPtr*)(_t465 + 0x18))) {
													 *_t656 =  *_t656 & 0x00000000;
													__eflags =  *_t656;
													goto L57;
												}
												 *_t656 = _t622;
												goto L58;
											} else {
												__eflags = _t622 -  *((intOrPtr*)(_t465 + 0x18));
												if(_t622 ==  *((intOrPtr*)(_t465 + 0x18))) {
													L53:
													 *(_v28 +  *((intOrPtr*)(_t465 + 0x20))) =  *(_v28 +  *((intOrPtr*)(_t465 + 0x20))) & 0x00000000;
													L57:
													_t623 = _v20;
													_t519 =  *((intOrPtr*)(_t465 + 0x1c)) + (_t623 >> 5) * 4;
													 *_t519 =  *_t519 &  !(1 << (_t623 & 0x0000001f));
													__eflags =  *_t519;
													goto L58;
												}
												__eflags =  *(_t670 + 0x4c);
												if( *(_t670 + 0x4c) == 0) {
													_t664 =  *(_t622 - 8) & 0x0000ffff;
												} else {
													_t667 =  *(_t622 - 8);
													__eflags =  *(_t670 + 0x4c) & _t667;
													if(( *(_t670 + 0x4c) & _t667) != 0) {
														_t667 = _t667 ^  *(_t670 + 0x50);
														__eflags = _t667;
													}
													_t664 = _t667 & 0x0000ffff;
												}
												_t536 = ( *_t671 & 0x0000ffff) != (_t664 & 0x0000ffff);
												__eflags = ( *_t671 & 0x0000ffff) != (_t664 & 0x0000ffff);
												if(( *_t671 & 0x0000ffff) != (_t664 & 0x0000ffff)) {
													goto L53;
												} else {
													 *(_v28 +  *((intOrPtr*)(_t465 + 0x20))) = _t622;
													goto L58;
												}
											}
										}
									}
									_t465 = _t654;
								}
								_t536 = _t613;
								_a4 = _t613;
								goto L37;
							}
						}
						if(_a28 == _t532) {
							L19:
							if(( *(_t671 + 2) & 0x00000004) == 0 || E0077DB95(_t568, _t670, _t671) != 0) {
								goto L155;
							} else {
								goto L183;
							}
						} else {
							if((_t380 & 0x00000002) == 0) {
								_t523 =  *(_t671 + 3) & 0xff;
							} else {
								_t523 =  *(E006FEA3F(_t671) + 2) & 0x0000ffff;
							}
							if(_t523 == _t532) {
								goto L19;
							}
							if((_t523 & 0x00008000) == 0) {
								__eflags = _t523 & 0x00000800;
								if((_t523 & 0x00000800) != 0) {
									goto L19;
								}
								__eflags = _t523 -  *((intOrPtr*)(_t670 + 0x88));
								if(_t523 >=  *((intOrPtr*)(_t670 + 0x88))) {
									goto L19;
								}
								_t626 = _a28;
								L18:
								_t568 =  *_t671 & 0x0000ffff;
								 *((intOrPtr*)(_t626 + (_t523 & 0x0000ffff) * 4)) =  *((intOrPtr*)(_t626 + (_t523 & 0x0000ffff) * 4)) + ( *_t671 & 0x0000ffff);
								goto L19;
							}
							_t523 = _t523 & 0x00007fff;
							_t568 = 0x81;
							if(_t523 >= 0x81) {
								goto L19;
							} else {
								_t626 = _a32;
								goto L18;
							}
						}
						L174:
						__eflags = _t671 -  *((intOrPtr*)(_a8 + 0x28));
					} while (__eflags < 0);
					_t671 = _a8;
					_t339 = 0;
					__eflags = 0;
					goto L176;
				}
			}

Strings

Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x), xrefs: 007959B5
Free Heap block %p modified at %p after it was freed, xrefs: 00795825
Heap block at %p is not last block in segment (%p), xrefs: 007958D4
Heap block at %p has incorrect segment offset (%x), xrefs: 00795877
Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x), xrefs: 00795958
Heap entry %p has incorrect PreviousSize field (%04x instead of %04x), xrefs: 007957B9
HEAP[%wZ]: , xrefs: 0079575F, 00795790, 00795804, 00795859, 007958B5, 0079591A, 00795998
HEAP: , xrefs: 0079579D, 00795811, 00795866, 007958C2, 00795927, 00795948, 007959A5
Heap block at %p has corrupted PreviousSize (%lx), xrefs: 0079593E

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
API String ID: 0-3591852110
Opcode ID: d9705426d3eae52f45efbdd87e602adba11f26bbfe7a8b206b5590d85a33e8df
Instruction ID: 2268812a8c8e21ebf42855c16a1a9822e90bbaa8d5eafc7cd9141c10860ebc93
Opcode Fuzzy Hash: d9705426d3eae52f45efbdd87e602adba11f26bbfe7a8b206b5590d85a33e8df
Instruction Fuzzy Hash: 0862AF70600A65DFCF2ACF69D485ABAB7F1FF48314B15846DE8868B652D338EC81DB50

Uniqueness

Uniqueness Score: 100.00%

Function 00795C56, Relevance: 11.7, Strings: 9, Instructions: 401
UNIQUECrypto

C-Code - Quality: 56%

			E00795C56(void* __ecx, signed int _a4, char _a8) {
				signed int _v8;
				signed int _v12;
				signed int* _v16;
				signed int _v20;
				signed int _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int* _t165;
				intOrPtr _t168;
				signed short _t181;
				intOrPtr _t183;
				signed int* _t204;
				signed int _t209;
				signed int _t214;
				signed int* _t216;
				signed int _t226;
				signed int _t228;
				signed int _t233;
				intOrPtr _t235;
				intOrPtr _t246;
				intOrPtr _t257;
				signed int _t280;
				signed int* _t281;
				signed int* _t282;
				signed short _t284;
				signed short _t286;
				signed char _t288;
				intOrPtr* _t298;
				signed int _t308;
				signed int _t310;
				signed int _t312;
				signed int* _t315;
				unsigned int _t316;
				signed int* _t317;
				signed int _t318;
				signed int _t319;
				intOrPtr _t320;
				signed int _t321;
				signed int _t322;
				signed int _t323;

				_t315 = _a4;
				_v12 = 0;
				_v8 = 0;
				_v16 = _t315;
				if(E00794E46(__ecx, _t315, 0) == 0) {
					L84:
					E007959C1(_v16);
					if(_v8 != 0) {
						_a4 = _a4 & 0x00000000;
						E00732686(0xffffffff,  &_v8,  &_a4, 0x8000);
					}
					L48:
					return 0;
				}
				if(_a8 != 0 || (_t315[0x10] & 0x20000000) != 0) {
					_t308 = 0;
					_t9 =  &(_t315[0x31]); // 0x7b04ec
					_t165 = _t9;
					_t280 =  *_t165;
					_a8 = 0;
					_v24 = 0;
					while(_t165 != _t280) {
						_t280 =  *_t280;
						_a4 =  *_t317 & 0x0000ffff;
						_t288 = _t317[0];
						_v16 = _t317;
						__eflags = _t288 & 0x00000001;
						if((_t288 & 0x00000001) != 0) {
							_t168 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *(_t168 + 0xc);
							if( *(_t168 + 0xc) == 0) {
								_push("HEAP: ");
								E006EF63B();
							} else {
								E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t317);
							E006EF63B("dedicated (%04x) free list element %p is marked busy\n", _a4);
							L22:
							__eflags = _t315[0x13];
							if(_t315[0x13] != 0) {
								_t317[0] = _t317[0] ^ _t317[0] ^  *_t317;
								 *_t317 =  *_t317 ^ _t315[0x14];
							}
							goto L84;
						}
						_t181 =  *_t317 & 0x0000ffff;
						__eflags = _t181 - _v24;
						if(_t181 < _v24) {
							_t183 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *(_t183 + 0xc);
							if( *(_t183 + 0xc) == 0) {
								_push("HEAP: ");
								E006EF63B();
							} else {
								E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							E006EF63B("Non-Dedicated free list element %p is out of order\n", _t317);
							goto L22;
						}
						_t308 = 0;
						_v24 = _t181 & 0x0000ffff;
						__eflags = _t315[0x13];
						if(_t315[0x13] != 0) {
							_t317[0] = _t317[0] ^ _t288 ^  *_t317;
							 *_t317 =  *_t317 ^ _t315[0x14];
							__eflags =  *_t317;
						}
						_t29 =  &_a8;
						 *_t29 = _a8 + 1;
						__eflags =  *_t29;
						_t31 =  &(_t315[0x31]); // 0x7b04ec
						_t165 = _t31;
					}
					_a4 = 0x208 + (_t315[0x22] & 0x0000ffff) * 4;
					if( *0x7b10a4 != 0 && _t315[0x30] != _t308) {
						_push(4);
						_push(0x1000);
						_push( &_a4);
						_push(0);
						_push( &_v8);
						_push(0xffffffff);
						if(E00714EA0() >= 0) {
							_v12 = _v8 + 0x204;
						}
					}
					_t41 =  &(_t315[0x28]); // 0x7b04c8
					_t204 = _t41;
					_t318 =  *_t204;
					while(_t204 != _t318) {
						__eflags = _t315[0x13];
						_t59 = _t318 + 0x18; // 0x18
						_t281 = _t59;
						if(_t315[0x13] != 0) {
							 *_t281 =  *_t281 ^ _t315[0x14];
							__eflags = _t281[0] - (_t281[0] ^ _t281[0] ^  *_t281);
							if(__eflags != 0) {
								_push(0);
								_push(_t281);
								_push(_t315);
								E00794BBA(_t281, _t315, _t318, __eflags);
							}
						}
						_t295 = _v12;
						__eflags = _t295;
						if(_t295 == 0) {
							L39:
							__eflags =  *(_t318 + 0x1a) & 0x00000004;
							if(( *(_t318 + 0x1a) & 0x00000004) == 0) {
								L41:
								__eflags = _t315[0x13];
								if(_t315[0x13] != 0) {
									_t281[0] = _t281[0] ^ _t281[0] ^  *_t281;
									 *_t281 =  *_t281 ^ _t315[0x14];
									__eflags =  *_t281;
								}
								_t318 =  *_t318;
								_t83 =  &(_t315[0x28]); // 0x7b04c8
								_t204 = _t83;
								continue;
							}
							_t209 = E0077DB95(_t295, _t315, _t281);
							__eflags = _t209;
							if(_t209 == 0) {
								__eflags = _t315[0x13];
								if(_t315[0x13] != 0) {
									 *(_t318 + 0x1b) =  *(_t318 + 0x1a) ^  *(_t318 + 0x19) ^  *(_t318 + 0x18);
									_t95 = _t318 + 0x18;
									 *_t95 =  *(_t318 + 0x18) ^ _t315[0x14];
									__eflags =  *_t95;
								}
								goto L48;
							}
							goto L41;
						} else {
							_t214 =  *(_t318 + 0xa) & 0x0000ffff;
							__eflags = _t214;
							if(_t214 == 0) {
								goto L39;
							}
							__eflags = _t214 & 0x00008000;
							if((_t214 & 0x00008000) == 0) {
								__eflags = _t214 & 0x00000800;
								if((_t214 & 0x00000800) != 0) {
									goto L39;
								}
								__eflags = _t214 - _t315[0x22];
								if(_t214 >= _t315[0x22]) {
									goto L39;
								}
								L38:
								_t216 = _t295 + (_t214 & 0x0000ffff) * 4;
								_t295 =  *(_t318 + 0x10) >> 3;
								 *_t216 =  *_t216 + ( *(_t318 + 0x10) >> 3);
								__eflags =  *_t216;
								goto L39;
							}
							_t214 = _t214 & 0x00007fff;
							_t295 = 0x81;
							__eflags = _t214 - 0x81;
							if(_t214 >= 0x81) {
								goto L39;
							}
							_t295 = _v8;
							goto L38;
						}
					}
					_v20 = _v20 & 0x00000000;
					_v24 = _v24 & 0x00000000;
					_t88 =  &(_t315[0x2a]); // 0x7b04d0
					_t282 = _t88;
					_t319 =  *_t282;
					while(_t319 != _t282) {
						_t226 = E007950A5(_t315, _t319 - 0x10, 0,  &_v20,  &_v24,  &_v16, _v12, _v8);
						__eflags = _t226;
						if(_t226 == 0) {
							goto L84;
						}
						_t319 =  *_t319;
					}
					_t320 = _a8;
					_v16 = _t315;
					if(_t320 == _v20) {
						__eflags = _t315[0x1e] - _v24;
						if(_t315[0x1e] == _v24) {
							_t228 = _v8;
							__eflags = _t228;
							if(_t228 == 0) {
								goto L74;
							}
							_t321 = _t315[0x30];
							__eflags = _t321;
							if(_t321 == 0) {
								L68:
								_t322 = _t315[0x23];
								__eflags = _t322;
								if(_t322 == 0) {
									L73:
									_a4 = 0;
									E00732686(0xffffffff,  &_v8,  &_a4, 0x8000);
									goto L74;
								}
								_t233 = _t315[0x22] & 0x0000ffff;
								_t284 = 1;
								__eflags = 1 - _t233;
								if(1 >= _t233) {
									goto L73;
								}
								_t316 = _v12;
								while(1) {
									_t310 = _t284 & 0x0000ffff;
									_t322 = _t322 + 0x40;
									__eflags =  *((intOrPtr*)(_t316 + _t310 * 4)) -  *((intOrPtr*)(_t322 + 8));
									if( *((intOrPtr*)(_t316 + _t310 * 4)) !=  *((intOrPtr*)(_t322 + 8))) {
										break;
									}
									_t284 = _t284 + 1;
									__eflags = _t284 - _t233;
									if(_t284 < _t233) {
										continue;
									}
									goto L73;
								}
								_t235 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t235 + 0xc);
								if( *(_t235 + 0xc) == 0) {
									_push("HEAP: ");
									E006EF63B();
								} else {
									E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
								}
								_t298 = _t316 + (_t284 & 0x0000ffff) * 4;
								_push(_t298);
								_push( *_t298);
								_t323 = _t322 + 0x10;
								__eflags = _t323;
								_push( *((intOrPtr*)(_t323 - 8)));
								_push(_t323);
								E006EF63B("Tag %04x (%ws) size incorrect (%x != %x) %p\n", _t284 & 0x0000ffff);
								goto L84;
							}
							_t286 = 1;
							__eflags = 1;
							while(1) {
								_t312 = _t286 & 0x0000ffff;
								_t321 = _t321 + 0xc;
								__eflags =  *((intOrPtr*)(_t228 + _t312 * 4)) -  *((intOrPtr*)(_t321 + 8));
								if( *((intOrPtr*)(_t228 + _t312 * 4)) !=  *((intOrPtr*)(_t321 + 8))) {
									break;
								}
								_t286 = _t286 + 1;
								__eflags = _t286 - 0x81;
								if(_t286 < 0x81) {
									continue;
								}
								goto L68;
							}
							_t246 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *(_t246 + 0xc);
							if( *(_t246 + 0xc) == 0) {
								_push("HEAP: ");
								E006EF63B();
							} else {
								E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							_push( *((intOrPtr*)(_v8 + (_t286 & 0x0000ffff) * 4)));
							_push( *((intOrPtr*)(_t321 + 8)));
							E006EF63B("Pseudo Tag %04x size incorrect (%x != %x) %p\n", _t286 & 0x0000ffff);
							goto L84;
						}
						_t257 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t257 + 0xc);
						if( *(_t257 + 0xc) == 0) {
							_push("HEAP: ");
							E006EF63B();
						} else {
							E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_t315[0x1e]);
						_push(_v24);
						_push("Total size of free blocks in arena (%ld) does not match number total in heap header (%ld)\n");
						L57:
						E006EF63B();
						goto L84;
					}
					if( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) == 0) {
						_push("HEAP: ");
						E006EF63B();
					} else {
						E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t320);
					_push(_v20);
					_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
					goto L57;
				} else {
					L74:
					return 1;
				}
			}

0x00795c61
0x00795c68
0x00795c6b
0x00795c6e
0x00795c78
0x007960f4
0x007960f7
0x00796100
0x00796106
0x00796119
0x00796119
0x00795eea
0x00000000
0x00795eea
0x00795c82
0x00795c91
0x00795c93
0x00795c93
0x00795c99
0x00795c9b
0x00795c9e
0x00795d0f
0x00795cc9
0x00795ccb
0x00795cce
0x00795cd1
0x00795cd4
0x00795cd7
0x00795d6f
0x00795d72
0x00795d76
0x00795d98
0x00795d9d
0x00795d78
0x00795d90
0x00795d95
0x00795da3
0x00795dac
0x00795db4
0x00795db4
0x00795db8
0x00795dc6
0x00795dcc
0x00795dcc
0x00000000
0x00795db8
0x00795cdd
0x00795ce0
0x00795ce4
0x00795dd9
0x00795ddc
0x00795de0
0x00795e02
0x00795e07
0x00795de2
0x00795dfa
0x00795dff
0x00795e13
0x00000000
0x00795e19
0x00795ced
0x00795cef
0x00795cf2
0x00795cf5
0x00795cfe
0x00795d04
0x00795d04
0x00795d04
0x00795d06
0x00795d06
0x00795d06
0x00795d09
0x00795d09
0x00795d09
0x00795d28
0x00795d2b
0x00795d35
0x00795d37
0x00795d3f
0x00795d40
0x00795d45
0x00795d46
0x00795d4f
0x00795d59
0x00795d59
0x00795d4f
0x00795d5c
0x00795d5c
0x00795d62
0x00795eb8
0x00795e1c
0x00795e20
0x00795e20
0x00795e23
0x00795e28
0x00795e32
0x00795e35
0x00795e37
0x00795e39
0x00795e3a
0x00795e3b
0x00795e3b
0x00795e35
0x00795e40
0x00795e43
0x00795e45
0x00795e89
0x00795e89
0x00795e8d
0x00795e9a
0x00795e9a
0x00795e9e
0x00795ea8
0x00795eae
0x00795eae
0x00795eae
0x00795eb0
0x00795eb2
0x00795eb2
0x00000000
0x00795eb2
0x00795e91
0x00795e96
0x00795e98
0x00795ed2
0x00795ed6
0x00795ee1
0x00795ee7
0x00795ee7
0x00795ee7
0x00795ee7
0x00000000
0x00795ed6
0x00000000
0x00795e47
0x00795e47
0x00795e4b
0x00795e4e
0x00000000
0x00000000
0x00795e50
0x00795e55
0x00795e6b
0x00795e70
0x00000000
0x00000000
0x00795e72
0x00795e79
0x00000000
0x00000000
0x00795e7b
0x00795e7e
0x00795e84
0x00795e87
0x00795e87
0x00000000
0x00795e87
0x00795e57
0x00795e5c
0x00795e61
0x00795e64
0x00000000
0x00000000
0x00795e66
0x00000000
0x00795e66
0x00795e45
0x00795ec0
0x00795ec4
0x00795ec8
0x00795ec8
0x00795ece
0x00795f19
0x00795f0a
0x00795f0f
0x00795f11
0x00000000
0x00000000
0x00795f17
0x00795f17
0x00795f1d
0x00795f20
0x00795f26
0x00795f7b
0x00795f7e
0x00795fc7
0x00795fcc
0x00795fce
0x00000000
0x00000000
0x00795fd0
0x00795fd6
0x00795fd8
0x00795ff6
0x00795ff6
0x00795ffc
0x00795ffe
0x00796028
0x00796037
0x0079603a
0x00000000
0x0079603a
0x00796000
0x00796009
0x0079600c
0x0079600f
0x00000000
0x00000000
0x00796011
0x00796014
0x00796014
0x0079601a
0x0079601d
0x00796020
0x00000000
0x00000000
0x00796022
0x00796023
0x00796026
0x00000000
0x00000000
0x00000000
0x00796026
0x007960a3
0x007960a6
0x007960a9
0x007960cb
0x007960d0
0x007960ab
0x007960c3
0x007960c8
0x007960d9
0x007960dc
0x007960dd
0x007960df
0x007960df
0x007960e2
0x007960e5
0x007960ec
0x00000000
0x007960f1
0x00795fdc
0x00795fdc
0x00795fdd
0x00795fdd
0x00795fe3
0x00795fe6
0x00795fe9
0x00000000
0x00000000
0x00795feb
0x00795ff1
0x00795ff4
0x00000000
0x00000000
0x00000000
0x00795ff4
0x0079604e
0x00796051
0x00796054
0x00796076
0x0079607b
0x00796056
0x0079606e
0x00796073
0x00796087
0x0079608a
0x00796093
0x00000000
0x00796098
0x00795f86
0x00795f89
0x00795f8d
0x00795faf
0x00795fb4
0x00795f8f
0x00795fa7
0x00795fac
0x00795fba
0x00795fbd
0x00795fc0
0x00795f6b
0x00795f6b
0x00000000
0x00795f70
0x00795f35
0x00795f57
0x00795f5c
0x00795f37
0x00795f4f
0x00795f54
0x00795f62
0x00795f63
0x00795f66
0x00000000
0x0079603f
0x0079603f
0x00000000
0x0079603f

Strings

Pseudo Tag %04x size incorrect (%x != %x) %p, xrefs: 0079608E
RtlFreeHeap, xrefs: 00795C5E
Non-Dedicated free list element %p is out of order, xrefs: 00795E0E
Total size of free blocks in arena (%ld) does not match number total in heap header (%ld), xrefs: 00795FC0
dedicated (%04x) free list element %p is marked busy, xrefs: 00795DA7
Number of free blocks in arena (%ld) does not match number in the free lists (%ld), xrefs: 00795F66
HEAP[%wZ]: , xrefs: 00795D8B, 00795DF5, 00795F4A, 00795FA2, 00796069, 007960BE
Tag %04x (%ws) size incorrect (%x != %x) %p, xrefs: 007960E7
HEAP: , xrefs: 00795D98, 00795E02, 00795F57, 00795FAF, 00796076, 007960CB, 007960DC, 007960DD

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%x != %x) %p$RtlFreeHeap$Tag %04x (%ws) size incorrect (%x != %x) %p$Total size of free blocks in arena (%ld) does not match number total in heap header (%ld)$dedicated (%04x) free list element %p is marked busy
API String ID: 2167126740-3316276410
Opcode ID: fa38b181ea206805b481599c340668c1d831be0e287d004409d4b7290dae5986
Instruction ID: 76acba65cfff306ac9f482881792111fc4e7d2b920c451300043135f5880b7cd
Opcode Fuzzy Hash: fa38b181ea206805b481599c340668c1d831be0e287d004409d4b7290dae5986
Instruction Fuzzy Hash: 39F10171600A55EFCF22CF69D485FAAB7F5FF09310F548059E8858B292D738AD85CBA0

Uniqueness

Uniqueness Score: 100.00%

Function 00796500, Relevance: 10.3, Strings: 8, Instructions: 324
UNIQUECrypto

C-Code - Quality: 64%

			E00796500(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t123;
				signed int _t124;
				void* _t130;
				intOrPtr _t132;
				signed int _t145;
				signed int _t146;
				signed int _t147;
				intOrPtr _t151;
				intOrPtr _t163;
				signed int _t173;
				signed int _t174;
				signed int _t178;
				short _t184;
				signed int _t193;
				signed int _t194;
				intOrPtr _t197;
				intOrPtr _t219;
				short* _t233;
				intOrPtr _t247;
				signed int _t250;
				signed int _t252;
				signed int _t253;
				void* _t254;
				void* _t255;

				_push(0x18);
				_push(0x721a20);
				_t123 = E00722824(__ebx, __edi, __esi);
				_t247 =  *((intOrPtr*)(_t254 + 8));
				 *((intOrPtr*)(_t254 + 8)) = _t247;
				 *((char*)(_t254 - 0x19)) = 0;
				 *(_t254 - 0x24) = 0;
				if(( *(_t247 + 0x44) & 0x01000000) == 0) {
					 *(_t254 - 4) = 0;
					 *(_t254 - 4) = 1;
					_t232 = "RtlReAllocateHeap";
					_t124 = E0072D6D2(_t247, "RtlReAllocateHeap");
					__eflags = _t124;
					if(_t124 != 0) {
						 *(_t254 + 0xc) =  *(_t254 + 0xc) |  *(_t247 + 0x44) | 0x10000100;
						_t250 =  *(_t254 + 0x14);
						__eflags = _t250;
						if(_t250 == 0) {
							_t235 = 1;
							__eflags = 1;
						} else {
							_t235 = _t250;
						}
						_t130 = ( *((intOrPtr*)(_t247 + 0x98)) + _t235 &  *(_t247 + 0x9c)) + 8;
						__eflags = _t130 - _t250;
						if(_t130 < _t250) {
							L66:
							_t132 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *(_t132 + 0xc);
							if( *(_t132 + 0xc) == 0) {
								_push("HEAP: ");
								E006EF63B();
							} else {
								E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							_push( *((intOrPtr*)(_t247 + 0x7c)));
							E006EF63B("Invalid allocation size - %x (exceeded %x)\n", _t250);
							E007959C1(0);
							_t117 = _t254 - 0x24;
							 *_t117 =  *(_t254 - 0x24) & 0x00000000;
							__eflags =  *_t117;
							goto L71;
						} else {
							__eflags = _t130 -  *((intOrPtr*)(_t247 + 0x7c));
							if(_t130 >  *((intOrPtr*)(_t247 + 0x7c))) {
								goto L66;
							}
							__eflags =  *(_t254 + 0xc) & 0x00000001;
							if(__eflags == 0) {
								E00717310(__eflags,  *((intOrPtr*)(_t247 + 0xcc)));
								 *((char*)(_t254 - 0x19)) = 1;
								_t26 = _t254 + 0xc;
								 *_t26 =  *(_t254 + 0xc) | 0x00000001;
								__eflags =  *_t26;
							}
							E00795C56(_t235, _t247, 0);
							_t252 =  *((intOrPtr*)(_t254 + 0x10)) + 0xfffffff8;
							__eflags =  *((char*)(_t252 + 7)) - 5;
							if( *((char*)(_t252 + 7)) == 5) {
								_t252 = _t252 - (( *(_t252 + 6) & 0x000000ff) << 3);
								__eflags = _t252;
							}
							_t145 = E006F5865(_t235, _t247, _t252, _t232);
							__eflags = _t145;
							if(_t145 == 0) {
								L52:
								_t146 =  *(_t254 - 0x24);
								__eflags = _t146;
								if(_t146 == 0) {
									L71:
									_t119 = _t254 - 4;
									 *_t119 =  *(_t254 - 4) & 0x00000000;
									__eflags =  *_t119;
									 *(_t254 - 4) = 0xfffffffe;
									E0079698B();
									_t123 =  *(_t254 - 0x24);
									goto L72;
								}
								__eflags = _t146 -  *0x7af8a8;
								if(_t146 !=  *0x7af8a8) {
									_t147 = E007271D3();
									__eflags = _t147 & 0x00000800;
									if((_t147 & 0x00000800) == 0) {
										goto L71;
									}
									__eflags =  *(_t254 - 0x20) -  *0x7af8ac;
									if( *(_t254 - 0x20) !=  *0x7af8ac) {
										goto L71;
									}
									__eflags =  *((intOrPtr*)(_t247 + 0x80)) -  *0x7af8ae;
									if( *((intOrPtr*)(_t247 + 0x80)) !=  *0x7af8ae) {
										goto L71;
									}
									_t151 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									__eflags =  *(_t151 + 0xc);
									if( *(_t151 + 0xc) == 0) {
										_push("HEAP: ");
										E006EF63B();
									} else {
										E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
									}
									_push(E00784E84(_t247,  *(_t254 - 0x20)));
									_push( *(_t254 + 0x14));
									E006EF63B("Just reallocated block at %p to 0x%x bytes with tag %ws\n",  *(_t254 - 0x24));
									L58:
									E007959C1(0);
									goto L71;
								}
								_t163 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t163 + 0xc);
								if( *(_t163 + 0xc) == 0) {
									_push("HEAP: ");
									E006EF63B();
								} else {
									E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t254 + 0x14));
								E006EF63B("Just reallocated block at %p to %x bytes\n",  *0x7af8a8);
								goto L58;
							} else {
								__eflags =  *((intOrPtr*)(_t254 + 0x10)) -  *0x7af8a8;
								if( *((intOrPtr*)(_t254 + 0x10)) !=  *0x7af8a8) {
									_t173 = E007271D3();
									__eflags = _t173 & 0x00000800;
									if((_t173 & 0x00000800) == 0) {
										L37:
										_t174 = E0073FBA6(_t247,  *(_t254 + 0xc),  *((intOrPtr*)(_t254 + 0x10)),  *(_t254 + 0x14));
										 *(_t254 - 0x24) = _t174;
										__eflags = _t174;
										if(_t174 != 0) {
											_t70 = _t174 - 8; // -8
											_t253 = _t70;
											__eflags =  *((char*)(_t253 + 7)) - 5;
											if( *((char*)(_t253 + 7)) == 5) {
												_t253 = _t253 - (( *(_t253 + 6) & 0x000000ff) << 3);
												__eflags = _t253;
											}
											__eflags =  *(_t247 + 0x4c);
											if( *(_t247 + 0x4c) != 0) {
												 *_t253 =  *_t253 ^  *(_t247 + 0x50);
												__eflags =  *(_t253 + 3) - ( *(_t253 + 2) ^  *(_t253 + 1) ^  *_t253);
												if(__eflags != 0) {
													_push(0);
													_push(_t253);
													_push(_t247);
													E00794BBA(_t232, _t247, _t253, __eflags);
												}
											}
											__eflags =  *(_t253 + 2) & 0x00000002;
											if(( *(_t253 + 2) & 0x00000002) == 0) {
												_t178 =  *(_t253 + 3) & 0xff;
											} else {
												_t233 = E006FEA3F(_t253);
												__eflags =  *(_t247 + 0x40) & 0x08000000;
												if(( *(_t247 + 0x40) & 0x08000000) == 0) {
													_t184 = 0;
													__eflags = 0;
												} else {
													_t184 = E0078DDF8();
												}
												 *_t233 = _t184;
												_t178 =  *(_t233 + 2) & 0x0000ffff;
											}
											 *(_t254 - 0x20) = _t178;
											__eflags =  *(_t247 + 0x4c);
											if( *(_t247 + 0x4c) != 0) {
												_t235 =  *(_t253 + 2) & 0x000000ff;
												 *(_t253 + 3) =  *(_t253 + 1) & 0x000000ff ^  *_t253 & 0x000000ff ^  *(_t253 + 2) & 0x000000ff;
												 *_t253 =  *_t253 ^  *(_t247 + 0x50);
												__eflags =  *_t253;
											}
										}
										E00794E46(_t235, _t247, 1);
										E00795C56(_t235, _t247, 0);
										goto L52;
									}
									_t232 = 0;
									__eflags =  *0x7af8ac;
									if( *0x7af8ac == 0) {
										goto L37;
									}
									__eflags =  *(_t247 + 0x4c);
									if( *(_t247 + 0x4c) != 0) {
										 *_t252 =  *_t252 ^  *(_t247 + 0x50);
										__eflags =  *(_t252 + 3) - ( *(_t252 + 2) ^  *(_t252 + 1) ^  *_t252);
										if(__eflags != 0) {
											_push(0);
											_push(_t252);
											_push(_t247);
											E00794BBA(0, _t247, _t252, __eflags);
										}
									}
									__eflags =  *(_t252 + 2) & 0x00000002;
									if(( *(_t252 + 2) & 0x00000002) == 0) {
										_t193 =  *(_t252 + 3) & 0xff;
									} else {
										_t193 =  *(E006FEA3F(_t252) + 2) & 0x0000ffff;
									}
									 *(_t254 - 0x20) = _t193;
									__eflags =  *(_t247 + 0x4c) - _t232;
									if( *(_t247 + 0x4c) != _t232) {
										_t235 =  *(_t252 + 2) & 0x000000ff;
										 *(_t252 + 3) =  *(_t252 + 1) & 0x000000ff ^  *_t252 & 0x000000ff ^  *(_t252 + 2) & 0x000000ff;
										 *_t252 =  *_t252 ^  *(_t247 + 0x50);
										__eflags =  *_t252;
									}
									_t194 =  *(_t254 - 0x20);
									__eflags = _t194 - _t232;
									if(_t194 != _t232) {
										__eflags = _t194 -  *0x7af8ac;
										if(_t194 !=  *0x7af8ac) {
											goto L37;
										}
										__eflags =  *((intOrPtr*)(_t247 + 0x80)) -  *0x7af8ae;
										if( *((intOrPtr*)(_t247 + 0x80)) !=  *0x7af8ae) {
											goto L37;
										}
										_t197 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
										__eflags =  *((intOrPtr*)(_t197 + 0xc)) - _t232;
										if( *((intOrPtr*)(_t197 + 0xc)) == _t232) {
											_push("HEAP: ");
											E006EF63B();
										} else {
											E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
										}
										_pop(_t235);
										_push(E00784E84(_t247,  *(_t254 - 0x20)));
										_push( *(_t254 + 0x14));
										E006EF63B("About to rellocate block at %p to 0x%x bytes with tag %ws\n",  *((intOrPtr*)(_t254 + 0x10)));
										_t255 = _t255 + 0x10;
										_push(_t232);
										L36:
										E007959C1();
									}
									goto L37;
								}
								_t219 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t219 + 0xc);
								if( *(_t219 + 0xc) == 0) {
									_push("HEAP: ");
									E006EF63B();
								} else {
									E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
								}
								_pop(_t235);
								_push( *(_t254 + 0x14));
								E006EF63B("About to reallocate block at %p to %x bytes\n",  *0x7af8a8);
								_t255 = _t255 + 0xc;
								_push(0);
								goto L36;
							}
						}
					}
					 *(_t254 - 0x24) = 0;
					goto L71;
				} else {
					_push( *(_t254 + 0x14));
					_push( *((intOrPtr*)(_t254 + 0x10)));
					_push( *(_t254 + 0xc));
					_push(_t247);
					E00793A05();
					L72:
					return E00722869(_t123);
				}
			}

Strings

About to rellocate block at %p to 0x%x bytes with tag %ws, xrefs: 0079671D
RtlReAllocateHeap, xrefs: 00796542, 00796547, 007965CB
Just reallocated block at %p to %x bytes, xrefs: 00796834
Just reallocated block at %p to 0x%x bytes with tag %ws, xrefs: 007968CC
HEAP[%wZ]: , xrefs: 00796608, 007966F5, 00796813, 007968A4, 00796900
Invalid allocation size - %x (exceeded %x), xrefs: 0079691C
About to reallocate block at %p to %x bytes, xrefs: 00796629
HEAP: , xrefs: 00796615, 00796702, 00796820, 007968B1, 0079690D

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: About to reallocate block at %p to %x bytes$About to rellocate block at %p to 0x%x bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %x (exceeded %x)$Just reallocated block at %p to %x bytes$Just reallocated block at %p to 0x%x bytes with tag %ws$RtlReAllocateHeap
API String ID: 0-3744532478
Opcode ID: cd0036c08c1416c6bace10325cd7891712a62106adfb22b576659668ffe1c855
Instruction ID: 4d233bd5195768ff330a142136c122173152cab225184516afd41bf8de75a387
Opcode Fuzzy Hash: cd0036c08c1416c6bace10325cd7891712a62106adfb22b576659668ffe1c855
Instruction Fuzzy Hash: 2CC1D070501651EFDF25AFA8E84ABAABBE1EF04710F048158F89597292C33CEC51DB64

Uniqueness

Uniqueness Score: 100.00%

Function 00792250, Relevance: 10.3, Strings: 8, Instructions: 266
UNIQUECrypto

C-Code - Quality: 57%

			E00792250(signed int _a4, intOrPtr _a8) {
				unsigned int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed short* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _t82;
				unsigned int _t88;
				intOrPtr _t92;
				unsigned int _t94;
				unsigned int _t96;
				char* _t97;
				void* _t99;
				intOrPtr _t100;
				void* _t104;
				intOrPtr _t105;
				void* _t109;
				intOrPtr _t110;
				void* _t118;
				unsigned int _t120;
				signed char _t130;
				void* _t132;
				signed int _t134;
				char* _t136;
				char* _t138;
				unsigned int _t149;
				intOrPtr _t157;
				unsigned int* _t158;
				signed short* _t159;
				char* _t162;
				void* _t164;
				signed int _t167;
				signed int _t169;
				signed int _t171;
				signed int _t174;
				intOrPtr _t179;
				intOrPtr _t186;
				intOrPtr _t189;
				intOrPtr* _t192;
				unsigned int _t196;
				void* _t208;

				_t130 = _a4;
				_t82 =  *((intOrPtr*)(_t130 + 0x18));
				_t186 =  *((intOrPtr*)(_t130 + 8));
				_t179 =  *((intOrPtr*)(_t130 + 0x24)) -  *((intOrPtr*)(_t82 + 0x28));
				_t132 = _t186 -  *((intOrPtr*)(_t82 + 0x20));
				_t120 = _t179 - _t132;
				_v36 = _t186;
				_v32 = _t179;
				_v8 = _t120;
				_v16 =  *((intOrPtr*)(_t82 + 0xc));
				_v12 =  *((intOrPtr*)(_t82 + 8));
				if(_t179 != 0 || _t132 != 0) {
					_v20 = E0072F8A5(_t132, _t186);
					if(_v12 == 0) {
						goto L39;
					} else {
						goto L3;
					}
					while(1) {
						L3:
						_t157 = _v16;
						_v12 = _v12 - 1;
						if(_t157 == 0 || _t157 >=  *((intOrPtr*)(_v20 + 0x50))) {
							break;
						}
						_t158 = _t157 + _t186;
						_t88 =  *_t158;
						_t134 = _t88 << 0xc;
						_a4 = _t88 >> 0x14;
						_v28 = _t186 + _t134;
						_t189 = _v16 + 4 + _a4 * 2;
						_t92 =  *((intOrPtr*)(_v20 + 0x50));
						_v16 = _t189;
						if(_t134 >= _t92 || _t189 >= _t92 || (_a4 & 0x00000001) != 0) {
							_push("Invalid fixup information\n");
							_push(0);
							_push(0x55);
							L006F1ACE();
							break;
						} else {
							_t159 =  &(_t158[1]);
							while(1) {
								_v24 = _t159;
								if(_a4 == 0) {
									break;
								}
								_t94 =  *_t159 & 0x0000ffff;
								_a4 = _a4 - 1;
								_t192 = (_t94 & 0x00000fff) + _v28;
								_t96 = _t94 >> 0xc;
								if(_t96 == 0) {
									_t97 = 0x717756;
									if(_a4 == 0) {
										_t97 = " (padding)";
									}
									L006F1ACE(0x55, 2, "\t          None%s\n", _t97);
									_t208 = _t208 + 0x10;
									L17:
									_t159 =  &(_v24[1]);
									continue;
								}
								_t99 = _t96 - 1;
								if(_t99 == 0) {
									_t136 = 0x717756;
									if(_t179 == 0) {
										_t136 = "(no change)";
									}
									_t100 =  *_t192;
									_push(_t136);
									_push(_t100 + _t179);
									_push(_t100);
									asm("cdq");
									_push(_t159);
									L006F1ACE(0x55, 2, "\t%08I64X: VA32 %08X -> %08X %s\n", _t192);
									_t208 = _t208 + 0x20;
									if(_t179 != 0) {
										 *((intOrPtr*)(_t192 + _a8)) =  *((intOrPtr*)(_t192 + _a8)) + _t179;
									}
									goto L17;
								}
								_t104 = _t99 - 1;
								if(_t104 == 0) {
									_t138 = 0x717756;
									if(_t120 == 0) {
										_t138 = "(no change)";
									}
									_t105 =  *_t192;
									_push(_t138);
									_t76 = _t120 + 4; // 0x253a7834
									_push(_t105 + _t192 + _t76);
									_push(_t105 + _t120);
									_push(_t105);
									asm("cdq");
									_push(_t159);
									L006F1ACE(0x55, 2, "\t%08I64X: PC32 %08X -> %08X (target %p) %s\n", _t192);
									_t208 = _t208 + 0x24;
									if(_t120 != 0) {
										 *((intOrPtr*)(_t192 + _a8)) =  *((intOrPtr*)(_t192 + _a8)) + _t120;
									}
									goto L17;
								}
								_t109 = _t104 - 1;
								if(_t109 == 0) {
									_t162 = 0x717756;
									if(_t179 == 0) {
										_t162 = "(no change)";
									}
									_t110 =  *_t192;
									_push(_t162);
									_t164 = _t110 + _t179;
									asm("adc ecx, ebx");
									_push( *((intOrPtr*)(_t192 + 4)));
									_push(_t164);
									_push( *((intOrPtr*)(_t192 + 4)));
									_push(_t110);
									asm("cdq");
									_push(_t164);
									L006F1ACE(0x55, 2, "\t%08I64X: VA64 %016I64X -> %016I64X %s\n", _t192);
									_t208 = _t208 + 0x28;
									if(_t179 != 0) {
										 *((intOrPtr*)(_t192 + _a8)) =  *((intOrPtr*)(_t192 + _a8)) + _t179;
										asm("adc [esi+0x4], ebx");
									}
									L16:
									_t120 = _v8;
									goto L17;
								}
								if(_t109 != 1) {
									asm("cdq");
									_push(_t159);
									L006F1ACE(0x55, 0, "\t%08I64X: Unknown\n", _t192);
									goto L38;
								}
								if(_t120 == 0) {
									goto L17;
								} else {
									_t118 = _a8 + _t192;
									_t196 =  *(_t118 + 0xc);
									_t167 = _t196 >> 0x0000001b & 0x00000001;
									_t169 = _t167 << 0x00000017 |  *(_t118 + 8) & 0x007fffff;
									_t171 = _t169 << 0x00000010 |  *(_t118 + 4) >> 0x00000010;
									_t149 = (((0 << 0x00000020 | _t167) << 0x17 << 0x00000020 | _t169) << 0x10 << 0x00000020 | _t171) << 0x14;
									_t174 = (_t171 << 0x00000014 | _t196 >> 0x00000004 & 0x000fffff) + (_v8 >> 4);
									asm("adc ecx, ebx");
									 *(_t118 + 8) = (_t149 >> 0x00000004 ^  *(_t118 + 8)) & 0x007fffff ^  *(_t118 + 8);
									_t179 = _v32;
									 *(_t118 + 4) = (_t149 << 0x00000020 | _t174) >> 0x14 << 0x00000010 |  *(_t118 + 4) & 0x0000ffff;
									 *(_t118 + 0xc) = ((_t149 >> 0x0000001b & 0x00000001) << 0x00000017 | _t174 & 0x000fffff) << 0x00000004 |  *(_t118 + 0xc) & 0xf700000f;
									goto L16;
								}
							}
							if(_v12 == 0) {
								goto L39;
							}
							_t186 = _v36;
							continue;
						}
					}
					L38:
					return 0xc000007b;
				} else {
					L39:
					return 0;
				}
			}

0x00792258
0x0079225b
0x00792263
0x0079226a
0x0079226f
0x00792277
0x00792279
0x0079227c
0x0079227f
0x00792282
0x00792285
0x0079228a
0x0079229e
0x007922a1
0x00000000
0x00000000
0x00000000
0x00000000
0x007922a7
0x007922a7
0x007922a7
0x007922aa
0x007922af
0x00000000
0x00000000
0x007922c1
0x007922c3
0x007922ca
0x007922cf
0x007922d5
0x007922db
0x007922e2
0x007922e5
0x007922ea
0x00792527
0x0079252c
0x0079252e
0x00792530
0x00000000
0x00792302
0x00792302
0x007923fb
0x007923fd
0x00792403
0x00000000
0x00000000
0x0079230a
0x0079230d
0x00792318
0x0079231e
0x00792320
0x007924ea
0x007924f2
0x007924f4
0x007924f4
0x00792503
0x00792508
0x007923f6
0x007923fa
0x00000000
0x007923fa
0x00792326
0x00792327
0x007924ac
0x007924b1
0x007924b3
0x007924b3
0x007924b8
0x007924ba
0x007924be
0x007924bf
0x007924c2
0x007924c3
0x007924ce
0x007924d3
0x007924d8
0x007924e3
0x007924e3
0x00000000
0x007924d8
0x0079232d
0x0079232e
0x00792464
0x00792469
0x0079246b
0x0079246b
0x00792470
0x00792472
0x00792476
0x0079247a
0x0079247e
0x0079247f
0x00792482
0x00792483
0x0079248e
0x00792493
0x00792498
0x007924a3
0x007924a3
0x00000000
0x00792498
0x00792334
0x00792335
0x0079241a
0x00792421
0x00792423
0x00792423
0x00792428
0x0079242d
0x00792432
0x00792434
0x00792436
0x00792437
0x00792438
0x0079243b
0x0079243e
0x0079243f
0x0079244a
0x0079244f
0x00792454
0x0079245b
0x0079245d
0x0079245d
0x007923f3
0x007923f3
0x00000000
0x007923f3
0x0079233c
0x00792512
0x00792513
0x0079251d
0x00000000
0x00792522
0x00792344
0x00000000
0x0079234a
0x0079234d
0x0079234f
0x0079235a
0x0079236e
0x00792381
0x0079238c
0x007923a0
0x007923a2
0x007923b8
0x007923cb
0x007923ed
0x007923f0
0x00000000
0x007923f0
0x00792344
0x0079240c
0x00000000
0x00000000
0x00792412
0x00000000
0x00792412
0x007922ea
0x00792538
0x00000000
0x0079253f
0x0079253f
0x00000000
0x0079253f

Strings

%08I64X: Unknown, xrefs: 00792515
None%s, xrefs: 007924FA
Invalid fixup information, xrefs: 00792527
(padding), xrefs: 007924F4, 007924F9
%08I64X: VA64 %016I64X -> %016I64X %s, xrefs: 00792441
%08I64X: VA32 %08X -> %08X %s, xrefs: 007924C5
(no change), xrefs: 00792423, 0079242D, 0079246B, 00792472, 007924B3, 007924BA, 007924BE
%08I64X: PC32 %08X -> %08X (target %p) %s, xrefs: 00792485

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: None%s$%08I64X: PC32 %08X -> %08X (target %p) %s$%08I64X: Unknown$%08I64X: VA32 %08X -> %08X %s$%08I64X: VA64 %016I64X -> %016I64X %s$ (padding)$(no change)$Invalid fixup information
API String ID: 0-2431225500
Opcode ID: 9888195aff473119b16792085e9855215d9e0eb39168880549191559453c2e12
Instruction ID: 56c80e1187c432a32689ade9d569b9793e25a45887009706b91118f48d2a8317
Opcode Fuzzy Hash: 9888195aff473119b16792085e9855215d9e0eb39168880549191559453c2e12
Instruction Fuzzy Hash: 169118B1E00515ABDF18DF48D891ABE73A6EF84700F16C17DE915AB382D678DD42CB90

Uniqueness

Uniqueness Score: 100.00%

Function 007277C8, Relevance: 9.2, Strings: 7, Instructions: 466
UNIQUECrypto

C-Code - Quality: 88%

			E007277C8(signed short* __ecx, signed short __edx, signed short* __esi, char _a4, signed int _a8) {
				signed int _v8;
				short _v12;
				short _v24;
				intOrPtr _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				short _v42;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed short _v56;
				signed int _v60;
				signed short _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed char* _v84;
				signed int _v88;
				char _v92;
				signed int _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v144;
				intOrPtr _v148;
				char _v152;
				char _v156;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t186;
				short _t194;
				signed int _t196;
				intOrPtr _t205;
				signed char* _t206;
				signed char _t207;
				signed int _t209;
				signed short* _t210;
				void* _t214;
				signed int _t215;
				signed int _t219;
				void* _t221;
				signed int _t223;
				signed short _t227;
				signed char _t232;
				void* _t237;
				signed int _t238;
				signed short _t242;
				signed int _t253;
				void* _t254;
				signed int _t255;
				signed short _t259;
				void* _t265;
				signed int _t266;
				signed int _t270;
				signed short* _t281;
				signed int _t282;
				signed int _t283;
				signed int _t287;
				signed int _t288;
				signed int _t291;
				intOrPtr* _t296;
				intOrPtr _t297;
				signed int _t299;
				signed int* _t300;
				signed short _t304;
				signed int _t337;
				signed int* _t342;
				signed int _t345;
				signed short* _t347;
				signed int _t348;
				void* _t349;
				void* _t350;

				_t347 = __esi;
				_t186 =  *0x7a81e8; // 0x77d57e23
				_v8 = _t186 ^ _t348;
				_v88 = _a8;
				_t345 = __edx;
				_t281 = __ecx;
				_v56 = __edx;
				_v156 = 0x40;
				E00704EC0( &_v152, 0, 0x3c);
				_t350 = _t349 + 0xc;
				_v68 =  *_t281;
				_v64 = _t281[2];
				_t337 =  &_v12;
				_v32 = _t337;
				_v40 = _t337;
				_v36 =  &_v12;
				_t194 = 2;
				_v12 = 0;
				_v44 = 0;
				_v42 = _t194;
				_t341 =  &_v68;
				_v72 = 0;
				_v60 = 0;
				_v28 = _t194;
				_v24 = _t194;
				_t282 = E0072740B(3, 0, _t194,  &_v68,  &_v156);
				if(_t282 >= 0) {
					__eflags = _a4;
					if(_a4 != 0) {
						L48:
						_t283 = 0;
						goto L7;
					}
					__eflags = _v144 - 0x14;
					_v72 = _v124;
					if(_v144 < 0x14) {
						L2:
						_t283 = 0xc0150003;
						goto L7;
					}
					__eflags = _v152 - 1;
					if(_v152 != 1) {
						goto L2;
					}
					_t205 = _v148;
					_t296 = _t205 + 0x10;
					_v52 = _t296;
					_t297 =  *_t296;
					__eflags = _t297 - _v128;
					if(_t297 > _v128) {
						goto L2;
					}
					_t342 = _t205 + 0xc;
					_v76 = _t342;
					_t341 =  *_t342;
					__eflags = _t341 - 0x1fffffff;
					if(_t341 > 0x1fffffff) {
						goto L2;
					}
					_t341 = _t341 << 3;
					_t285 = (_t282 | 0xffffffff) - _t341;
					__eflags = _t297 - (_t282 | 0xffffffff) - _t341;
					if(_t297 > (_t282 | 0xffffffff) - _t341) {
						goto L2;
					}
					_t341 = _t341 + _t297;
					__eflags = _t341 - _v128;
					if(_t341 > _v128) {
						goto L2;
					}
					_t206 = _t205 + 4;
					_v84 = _t206;
					_t207 =  *_t206;
					__eflags = _t207 & 0x00000002;
					if((_t207 & 0x00000002) == 0) {
						L26:
						_t287 =  *_v52 + _v132;
						_t209 = 0;
						 *_t345 = 0;
						_t299 =  *_v76;
						_v52 = _t299;
						__eflags = _t299;
						while(1) {
							_v48 = _t209;
							if(__eflags == 0) {
								break;
							}
							_t300 = _t287 + 4 + _t209 * 8;
							_t341 =  *_t300;
							_v76 = _t341;
							__eflags = _t341 - _v128;
							if(_t341 > _v128) {
								goto L2;
							}
							_t210 = _t287 + _t209 * 8;
							_t341 = (_t341 | 0xffffffff) -  *_t210;
							__eflags =  *_t300 - _t341;
							if( *_t300 > _t341) {
								goto L2;
							}
							__eflags =  *_t210 + _v76 - _v128;
							if( *_t210 + _v76 > _v128) {
								goto L2;
							}
							 *_t345 =  *_t345 + ( *_t210 & 0x0000ffff);
							_t209 = _v48 + 1;
							__eflags = _t209 - _v52;
						}
						_t303 = _v60;
						__eflags = _t303;
						if(_t303 != 0) {
							 *_t345 =  *_t345 + ( *_t303 & 0x0000ffff);
							__eflags =  *_t345;
						}
						_t214 = ( *_t345 & 0x0000ffff) + 2;
						__eflags = _t214 - 0xfffe;
						if(_t214 > 0xfffe) {
							L77:
							_t283 = 0xc0000106;
							goto L7;
						} else {
							_t345 =  &(_t347[4]);
							__eflags = _t345;
							if(_t345 == 0) {
								L61:
								_t215 = E006F514B(0, _t345, _t214);
								__eflags = _t215;
								if(_t215 >= 0) {
									_t303 = _v60;
									L33:
									_t347[2] =  *_t345;
									_t347[1] = _t347[8];
									__eflags = _t303;
									if(_t303 == 0) {
										L38:
										_v48 = _v48 & 0x00000000;
										__eflags = _v52;
										if(_v52 != 0) {
											while(1) {
												_t219 = _v48 << 3;
												_t304 =  *((intOrPtr*)(_t219 + _t287));
												_t345 =  *((intOrPtr*)(_t219 + _t287 + 4)) + _v132;
												_v80 = _t304;
												_t221 = ( *_t347 & 0x0000ffff) + (_t304 & 0x0000ffff) + 2;
												__eflags = _t221 - 0xfffe;
												if(_t221 > 0xfffe) {
													goto L77;
												}
												__eflags =  &(_t347[4]);
												if( &(_t347[4]) == 0) {
													L69:
													_t223 = E006F514B(0,  &(_t347[4]), _t221);
													__eflags = _t223;
													if(_t223 < 0) {
														goto L62;
													}
													L70:
													_t347[2] = _t347[4];
													E00704B80(_t347[4] + (( *_t347 & 0x0000ffff) >> 1) * 2, _t345, _v80 & 0x0000ffff);
													_t227 = _v80;
													 *_t347 =  *_t347 + _t227;
													_t347[1] =  *_t347 + _t227 + 2;
													_t303 = _t347[2];
													_t341 = 0;
													_t350 = _t350 + 0xc;
													_v48 = _v48 + 1;
													 *((short*)(_t347[2] + (( *_t347 & 0x0000ffff) >> 1) * 2)) = 0;
													__eflags = _v48 - _v52;
													if(_v48 == _v52) {
														goto L39;
													}
													continue;
												}
												__eflags = _t221 - _t347[8];
												if(_t221 <= _t347[8]) {
													goto L70;
												}
												goto L69;
											}
											goto L77;
										}
										L39:
										_t232 =  *_v84;
										_t345 = _v56;
										__eflags = _t232 & 0x00000001;
										if((_t232 & 0x00000001) != 0) {
											L46:
											__eflags =  *_v84 & 0x00000004;
											if(__eflags != 0) {
												_push(0);
												_t341 = _t347;
												_t283 = E007780CA(_t287,  &_v44, _t347, _t345, _t347, __eflags);
												__eflags = _t283;
												if(_t283 < 0) {
													goto L7;
												}
												 *_t347 = 0;
												_t237 = (_v44 & 0x0000ffff) + 2;
												__eflags = _t237 - 0xfffe;
												if(_t237 > 0xfffe) {
													goto L77;
												}
												_t288 =  &(_t347[4]);
												__eflags = _t288;
												if(_t288 == 0) {
													L84:
													_t238 = E006F514B(0, _t288, _t237);
													__eflags = _t238;
													if(_t238 < 0) {
														goto L62;
													}
													L85:
													_t347[2] =  *_t288;
													E00704B80( *_t288 + (( *_t347 & 0x0000ffff) >> 1) * 2, _v40, _v44 & 0x0000ffff);
													_t242 = _v44;
													 *_t347 =  *_t347 + _t242;
													_t347[1] =  *_t347 + _t242 + 2;
													_t341 = 0;
													 *((short*)(_t347[2] + (( *_t347 & 0x0000ffff) >> 1) * 2)) = 0;
													goto L47;
												}
												__eflags = _t237 - _t347[8];
												if(_t237 <= _t347[8]) {
													goto L85;
												}
												goto L84;
											}
											L47:
											_t195 = _v88;
											__eflags = _t195;
											if(_t195 != 0) {
												 *_t195 =  *_t195 | 0x00000002;
											}
											goto L48;
										}
										__eflags = _t232 & 0x00000008;
										if((_t232 & 0x00000008) != 0) {
											_t283 = E00727015(1,  &_v68, 0x6fa5fc,  &_v56);
											__eflags = _t283;
											if(_t283 >= 0) {
												_v68 = _v68 + 0xfffe - _v56;
												_v64 = _v64 + 2 + ((_v56 & 0x0000ffff) >> 1) * 2;
												goto L41;
											}
											__eflags = _t283 - 0xc0000225;
											if(_t283 != 0xc0000225) {
												goto L7;
											}
											_push("Status != STATUS_NOT_FOUND");
											_push(0x472);
											L75:
											_push("d:\\w7rtm\\minkernel\\ntdll\\sxsisol.cpp");
											_push("Internal error check failed");
											E0077F613(_t303, _t341);
											_t283 = 0xc00000e5;
											goto L7;
										}
										L41:
										_t253 = _v68 & 0x0000ffff;
										 *_t345 =  *_t345 + _t253;
										__eflags =  *_t345 - 0xffff;
										if( *_t345 >= 0xffff) {
											goto L77;
										}
										_t254 = ( *_t347 & 0x0000ffff) + _t253 + 2;
										__eflags = _t254 - 0xfffe;
										if(_t254 > 0xfffe) {
											goto L77;
										}
										_t287 =  &(_t347[4]);
										__eflags = _t287;
										if(_t287 == 0) {
											L78:
											_t255 = E006F514B(0, _t287, _t254);
											__eflags = _t255;
											if(_t255 >= 0) {
												L45:
												_t347[2] =  *_t287;
												E00704B80( *_t287 + (( *_t347 & 0x0000ffff) >> 1) * 2, _v64, _v68 & 0x0000ffff);
												_t259 = _v68;
												 *_t347 =  *_t347 + _t259;
												_t347[1] =  *_t347 + _t259 + 2;
												_t350 = _t350 + 0xc;
												_t341 = 0;
												__eflags = 0;
												 *((short*)(_t347[2] + (( *_t347 & 0x0000ffff) >> 1) * 2)) = 0;
												goto L46;
											}
											goto L62;
										}
										__eflags = _t254 - _t347[8];
										if(_t254 > _t347[8]) {
											goto L78;
										}
										goto L45;
									}
									 *_t347 = 0;
									_t265 = ( *_t303 & 0x0000ffff) + 2;
									__eflags = _t265 - 0xfffe;
									if(_t265 > 0xfffe) {
										goto L77;
									}
									__eflags = _t345;
									if(_t345 == 0) {
										L64:
										_t266 = E006F514B(0, _t345, _t265);
										__eflags = _t266;
										if(_t266 < 0) {
											goto L62;
										}
										_t303 = _v60;
										L37:
										_t347[2] =  *_t345;
										E00704B80( *_t345 + (( *_t347 & 0x0000ffff) >> 1) * 2,  *((intOrPtr*)(_t303 + 4)),  *_t303 & 0x0000ffff);
										_t270 = _v60;
										_t350 = _t350 + 0xc;
										_t347[1] =  *_t347 +  *_t270 + 2;
										 *_t347 =  *_t347 +  *_t270;
										_t303 = _t347[2];
										_t341 = 0;
										__eflags = 0;
										 *((short*)(_t347[2] + (( *_t347 & 0x0000ffff) >> 1) * 2)) = 0;
										goto L38;
									}
									__eflags = _t265 - _t347[8];
									if(_t265 > _t347[8]) {
										goto L64;
									}
									goto L37;
								}
								L62:
								_t283 = 0xc0000017;
								goto L7;
							}
							__eflags = _t214 - _t347[8];
							if(_t214 > _t347[8]) {
								goto L61;
							}
							goto L33;
						}
					}
					_t303 = 0;
					_v48 = 0;
					__eflags = _t207 & 0x00000004;
					if((_t207 & 0x00000004) != 0) {
						_push("sxsisol_SearchActCtxForDllName");
						_push( *((intOrPtr*)( *[fs:0x18] + 0x24)));
						L006F1ACE(0x33, 0, "[%x.%x] SXS: %s - Relative redirection plus env var expansion.\n",  *((intOrPtr*)( *[fs:0x18] + 0x20)));
						goto L2;
					}
					__eflags = _v116 & 0x00000001;
					if((_v116 & 0x00000001) != 0) {
						__eflags = _v116 & 0x00000002;
						if((_v116 & 0x00000002) != 0) {
							_push("!(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)");
							_push(0x416);
							goto L75;
						}
						_t303 = 1;
					}
					__eflags = _v116 & 0x00000002;
					if((_v116 & 0x00000002) != 0) {
						_t303 = _t303 | 0x00000002;
					}
					_t283 = E00743868(_t285, _t303, _v124, _v120,  &_v60, E00744208,  &_v48);
					__eflags = _t283;
					if(_t283 < 0) {
						__eflags = _t283 - 0xc0000120;
						if(_t283 == 0xc0000120) {
							__eflags = _v48;
							if(_v48 < 0) {
								_t283 = _v48;
							}
						}
						goto L7;
					} else {
						goto L26;
					}
				} else {
					__eflags = __ebx - 0xc0150001;
					if(__ebx == 0xc0150001) {
						__ebx = __ebx + 7;
					}
					L7:
					_t291 = _v36;
					_t196 = _v32;
					if(_t291 != 0) {
						if(_t291 != _t196) {
							_v88 = _t291;
							E00722F1E( &_v92);
							_t196 = _v32;
						}
						_v36 = _t196;
						_v28 = _v24;
					}
					_v40 = _t196;
					if(_t196 != 0) {
						 *_t196 = 0;
					}
					_v44 = 0;
					_t198 = _v24;
					_v42 = _v24;
					if(_v72 != 0) {
						E00742622(_t198, _v72);
					}
					return E00722F0C(_t283, _t283, _v8 ^ _t348, _t341, _t345, _t347);
				}
			}

Strings

d:\w7rtm\minkernel\ntdll\sxsisol.cpp, xrefs: 00753683
Status != STATUS_NOT_FOUND, xrefs: 00753679
Internal error check failed, xrefs: 00753688
sxsisol_SearchActCtxForDllName, xrefs: 007534DD
!(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT), xrefs: 00753517
[%x.%x] SXS: %s - Relative redirection plus env var expansion., xrefs: 007534EE
@, xrefs: 007277F7

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)$@$Internal error check failed$Status != STATUS_NOT_FOUND$[%x.%x] SXS: %s - Relative redirection plus env var expansion.$d:\w7rtm\minkernel\ntdll\sxsisol.cpp$sxsisol_SearchActCtxForDllName
API String ID: 0-4103935307
Opcode ID: 50b2a4ad8c2fa9c55ca36233fb1f49c998b001406f7a5165a97679e3e8357d9a
Instruction ID: 7ab6665c7590c6f246f5f5692753a77e38ce5b437a97e850574c71f0c10f0b88
Opcode Fuzzy Hash: 50b2a4ad8c2fa9c55ca36233fb1f49c998b001406f7a5165a97679e3e8357d9a
Instruction Fuzzy Hash: E1027070900219DFDB24DFA8C895AFEB7F5FF18704F20842EE956AB251E7789949CB10

Uniqueness

Uniqueness Score: 100.00%

Function 006FE4D7, Relevance: 8.1, Strings: 6, Instructions: 602
COMMONCrypto

C-Code - Quality: 60%

			E006FE4D7(void* __ebx, void* __edi, signed int _a4, unsigned int _a8, signed int _a12, signed int _a16) {
				signed int _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				unsigned int _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				intOrPtr __esi;
				void* __ebp;
				unsigned int _t257;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t265;
				signed char _t266;
				intOrPtr _t268;
				signed int _t280;
				intOrPtr _t287;
				intOrPtr _t288;
				unsigned int _t294;
				signed char _t295;
				signed int _t304;
				unsigned int _t313;
				signed int _t314;
				intOrPtr _t322;
				intOrPtr _t334;
				signed int _t344;
				signed int _t345;
				signed int _t346;
				signed int _t347;
				signed int _t349;
				unsigned int _t350;
				unsigned int _t368;
				signed int _t369;
				intOrPtr _t377;
				intOrPtr _t391;
				signed int _t404;
				signed int _t409;
				signed int _t419;
				intOrPtr _t421;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				intOrPtr _t435;
				void* _t442;
				signed int _t453;
				intOrPtr _t455;
				signed short* _t456;
				signed short* _t457;
				void* _t459;
				signed int _t460;

				_t460 = _a4;
				_v12 = 0;
				if(( *(_t460 + 0xd0) ^  *(_t460 + 0x58)) != 0) {
					return E0072EB88(_t460, _a8, _a12);
				} else {
					__eflags = _a16;
					_push(__ebx);
					_push(__edi);
					if(_a16 != 0) {
						__ebx = _a8;
						__eflags =  *(__ebx + 2) & 0x00000008;
						if(( *(__ebx + 2) & 0x00000008) != 0) {
							 *((intOrPtr*)(__esi + 0x120)) =  *((intOrPtr*)(__esi + 0x120)) - 1;
							 &_v24 =  &_v36;
							__edx = __ebx;
							__ecx = __esi;
							__eax = E006FC2C2(__edx,  &_v36,  &_v24);
							__eflags = __al;
							if(__al != 0) {
								__eax = _v24;
								_t181 = __esi + 0x124;
								 *_t181 =  *(__esi + 0x124) - _v24;
								__eflags =  *_t181;
							}
						}
						_a4 = __ebx;
						L37:
						__al =  *((intOrPtr*)(__ebx + 6));
						__eflags = __al;
						if(__al == 0) {
							_t404 = _t460;
							_v20 = _t460;
						} else {
							__al & 0x000000ff = (__al & 0x000000ff) << 0x10;
							__ebx = __ebx & 0xffff0000;
							__ebx = __ebx - ((__al & 0x000000ff) << 0x10);
							__ebx = __ebx + 0x10000;
							__eflags = __ebx;
							_v20 = __ebx;
						}
						_t257 = _a4 + _a12 * 8;
						_v24 = _t257;
						if( *((char*)(_t257 + 7)) == 3) {
							_t459 = _t257 + 8;
							E0072F2E9(_t460, _t459);
							_v28 =  *((intOrPtr*)(_t459 + 0x10));
							 *((intOrPtr*)(_t404 + 0x30)) =  *((intOrPtr*)(_t404 + 0x30)) - 1;
							_v16 =  *(_t459 + 0x14);
							 *((intOrPtr*)(_t404 + 0x2c)) =  *((intOrPtr*)(_t404 + 0x2c)) - ( *(_t459 + 0x14) >> 0xc);
							 *((intOrPtr*)(_t460 + 0xe0)) =  *((intOrPtr*)(_t460 + 0xe0)) +  *(_t459 + 0x14);
							 *((intOrPtr*)(_t460 + 0xf0)) =  *((intOrPtr*)(_t460 + 0xf0)) - 1;
							if( *(_t459 + 0x14) >= 0x7f000) {
								 *(_t460 + 0xe4) =  *(_t460 + 0xe4) -  *(_t459 + 0x14);
							}
							_t117 = ( *(_t459 + 0x14) >> 3) + 0x20; // 0x21
							_a12 = _a12 + _t117;
							_v12 = 1;
						} else {
							_v16 = _v16 & 0x00000000;
						}
						if(( *(_a4 + 4) ^  *(_t460 + 0x54)) == 0) {
							_t441 = _a4;
							_v8 = _a4;
							_t261 = E006DF198(_t404, _a4);
							__eflags = _a16;
							_t453 = _t261;
							if(_a16 != 0) {
								__eflags = _t453;
								if(_t453 != 0) {
									goto L5;
								}
								goto L44;
							}
							L5:
							__eflags =  *0x7af9f4 - 1;
							if( *0x7af9f4 >= 1) {
								__eflags = _t453;
								if(_t453 == 0) {
									_t334 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									__eflags =  *((intOrPtr*)(_t334 + 0xc)) - _t453;
									if( *((intOrPtr*)(_t334 + 0xc)) == _t453) {
										_push("HEAP: ");
										E006EF63B();
									} else {
										E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
									}
									_push("(UCRBlock != NULL)");
									E006EF63B();
									E00794AF2(_t404, _t441, _t453, _t460, 1);
								}
							}
							__eflags = _v12;
							_t262 = _a12;
							_t409 = _a4;
							if(_v12 != 0) {
								_t263 = _t409 + _t262 * 8;
							} else {
								_t15 = _t262 * 8; // -16
								_t263 = _t409 + _t15 - 0x10;
							}
							_t265 = (_t263 & 0xfffff000) - _v8;
							__eflags = _t265;
							_a8 = _t265;
							if(_t265 == 0) {
								L87:
								__eflags =  *0x7af9f4 - 1;
								if( *0x7af9f4 >= 1) {
									__eflags = _v12;
									if(_v12 != 0) {
										_t268 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
										__eflags =  *(_t268 + 0xc);
										if( *(_t268 + 0xc) == 0) {
											_push("HEAP: ");
											E006EF63B();
										} else {
											E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
										}
										_push("(!TrailingUCR)");
										E006EF63B();
										E00794AF2(_t404, _t441, _t453, _t460, 1);
									}
								}
								L29:
								_push(_a12);
								_push(_a4);
								L58:
								_push(_t460);
								_t266 = E0072EB88();
								L66:
								return _t266;
							}
							_t280 = E00732686(0xffffffff,  &_v8,  &_a8, 0x4000);
							__eflags = _t280;
							if(_t280 < 0) {
								L91:
								_t442 = 3;
								E0072ED2C(_t460, _t442);
								__eflags = _v12;
								if(_v12 != 0) {
									E0072EE41(_t460, _t404, _v28 + 0xffffffe8, _v16, _a4,  &_a12);
								}
								goto L29;
							}
							__eflags =  *0x7ffe0380;
							if( *0x7ffe0380 != 0) {
								_t287 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t287 + 0x240) & 0x00000001;
								if(( *(_t287 + 0x240) & 0x00000001) != 0) {
									E007942AC(_t460, _v8, _a8, 5);
								}
							}
							 *((intOrPtr*)(_t460 + 0xf8)) =  *((intOrPtr*)(_t460 + 0xf8)) + 1;
							_t288 =  *((intOrPtr*)(_t453 + 0x14));
							__eflags = _t288 - 0x7f000;
							if(_t288 >= 0x7f000) {
								_t24 = _t460 + 0xe4;
								 *_t24 =  *(_t460 + 0xe4) - _t288;
								__eflags =  *_t24;
							}
							E0072F2E9(_t460, _t453);
							 *((intOrPtr*)(_t453 + 0x14)) =  *((intOrPtr*)(_t453 + 0x14)) + _a8;
							E0072EF02(_t460, _t453);
							 *((intOrPtr*)(_t404 + 0x2c)) =  *((intOrPtr*)(_t404 + 0x2c)) + (_a8 >> 0xc);
							_t294 = _a8;
							 *((intOrPtr*)(_t460 + 0xe0)) =  *((intOrPtr*)(_t460 + 0xe0)) - _t294;
							_t455 =  *((intOrPtr*)(_t453 + 0x14));
							__eflags = _t455 - 0x7f000;
							if(_t455 >= 0x7f000) {
								_t36 = _t460 + 0xe4;
								 *_t36 =  *(_t460 + 0xe4) + _t455;
								__eflags =  *_t36;
							}
							__eflags = _v12;
							if(_v12 != 0) {
								L22:
								_t295 =  *0x7ffe0380;
								__eflags = _t295;
								if(_t295 != 0) {
									__eflags =  *( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x240) & 0x00000001;
									if(__eflags != 0) {
										E00794758(__eflags, _t460, _v8, _a8,  *(_t460 + 0x78) << 3, _v12, _v16, _t295 & 0x000000ff);
									}
								}
								_t266 =  *0x7ffe038a;
								__eflags = _t266;
								if(__eflags != 0) {
									_push(_t266 & 0x000000ff);
									_push(_v16);
									_push(_v12);
									L118:
									_push( *(_t460 + 0x78) << 3);
									_push(_a8);
									_push(_v8);
									_push(_t460);
									_t266 = E00794758(_t477);
								}
								goto L66;
							}
							_t456 = _t294 + _v8;
							_t419 = _a4;
							_t456[2] =  *(_t460 + 0x54);
							_t304 = _a12;
							_t446 = _a8 + _v8;
							__eflags = _t419 + _t304 * 8 - _a8 + _v8;
							if(_t419 + _t304 * 8 == _a8 + _v8) {
								__eflags =  *(_t460 + 0x4c);
								if( *(_t460 + 0x4c) != 0) {
									_t456[1] = _t456[1] ^ _t456[0] ^  *_t456;
									 *_t456 =  *_t456 ^  *(_t460 + 0x50);
								}
								goto L22;
							}
							_t456[3] = 0;
							_t456[1] = 0;
							_t313 = (_a12 << 3) - _a8 >> 3;
							 *_t456 = _t313;
							__eflags =  *0x7af9f4 - 1;
							if( *0x7af9f4 >= 1) {
								__eflags = _t313 - 1;
								if(_t313 <= 1) {
									_t322 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									__eflags =  *(_t322 + 0xc);
									if( *(_t322 + 0xc) == 0) {
										_push("HEAP: ");
										E006EF63B();
									} else {
										E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
									}
									_push("((LONG)FreeEntry->Size > 1)");
									E006EF63B();
									E00794AF2(_t404, _t446, _t456, _t460, 1);
								}
							}
							_t456[1] = 0;
							_t421 =  *((intOrPtr*)(_t404 + 0x18));
							__eflags = _t421 - _t404;
							if(_t421 == _t404) {
								_t314 = 0;
							} else {
								_t314 = (_t456 - _t404 >> 0x10) + 1;
								_a16 = _t314;
								__eflags = _t314;
								if(__eflags <= 0) {
									L101:
									_push(0);
									_push(0);
									_push(_t404);
									_push(_t456);
									_push(_t421);
									_push(3);
									E00794B0C(_t404, _t421, _t446, _t456, _t460, __eflags);
									_t314 = _a16;
									L21:
									_t456[3] = _t314;
									E0072EB88(_t460, _t456,  *_t456 & 0x0000ffff);
									goto L22;
								}
								__eflags = _t314 - 0xfe;
								if(__eflags >= 0) {
									goto L101;
								}
							}
							goto L21;
						}
						L44:
						_t344 = _a4;
						_t124 = _t344 + 0x101f; // 0x1020
						_t453 = 0xfffff000;
						_t429 = _t124 & 0xfffff000;
						_t125 = _t344 + 0x28; // 0x29
						_v8 = _t429;
						if(_t429 == _t125) {
							_t429 = _t429 + 0x1000;
							_v8 = _t429;
						}
						_t441 = _a12;
						if(_v12 == 0) {
							_t345 = _t344 + _t441 * 8 - 0x10;
						} else {
							_t345 = _t344 + _t441 * 8;
						}
						_t346 = _t345 & _t453;
						_a8 = _t346;
						if(_t346 < _t429) {
							goto L87;
						} else {
							_t347 = _t346 - _t429;
							_a8 = _t347;
							if(_a16 != 0 ||  *((char*)(_v24 + 7)) == 3) {
								L50:
								if(_t347 == 0) {
									L54:
									if(_v12 == 0) {
										_t457 = _t347 + _t429;
										_t430 = _a4;
										_t457[2] =  *(_t460 + 0x54);
										_t349 = _a12;
										_t448 = _t430 + _t349 * 8;
										_t350 = _a8;
										_t431 = _v8;
										_t406 = _t350 + _t431;
										__eflags = _t430 + _t349 * 8 - _t350 + _t431;
										if(_t430 + _t349 * 8 == _t350 + _t431) {
											__eflags =  *(_t460 + 0x4c);
											_t404 = _v20;
											if( *(_t460 + 0x4c) != 0) {
												_t457[1] = _t457[1] ^ _t457[0] ^  *_t457;
												 *_t457 =  *_t457 ^  *(_t460 + 0x50);
												L36:
												_t350 = _a8;
												_t431 = _v8;
												goto L55;
											}
											goto L55;
										}
										_t457[3] = 0;
										_t457[1] = 0;
										_t368 = (_a12 << 3) - _a8 - _v8 + _a4 >> 3;
										 *_t457 = _t368;
										__eflags =  *0x7af9f4 - 1;
										if( *0x7af9f4 >= 1) {
											__eflags = _t368 - 1;
											if(_t368 <= 1) {
												_t377 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
												__eflags =  *(_t377 + 0xc);
												if( *(_t377 + 0xc) == 0) {
													_push("HEAP: ");
													E006EF63B();
												} else {
													E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
												}
												_push("(LONG)FreeEntry->Size > 1");
												E006EF63B();
												E00794AF2(_t406, _t448, _t457, _t460, 1);
											}
										}
										_t404 = _v20;
										_t457[1] = 0;
										_t435 =  *((intOrPtr*)(_t404 + 0x18));
										__eflags = _t435 - _t404;
										if(_t435 == _t404) {
											_t369 = 0;
											L35:
											_t457[3] = _t369;
											E0072EB88(_t460, _t457,  *_t457 & 0x0000ffff);
											goto L36;
										} else {
											_t369 = (_t457 - _t404 >> 0x10) + 1;
											_a16 = _t369;
											__eflags = _t369;
											if(__eflags <= 0) {
												L113:
												_push(0);
												_push(0);
												_push(_t404);
												_push(_t457);
												_push(_t435);
												_push(3);
												E00794B0C(_t404, _t435, _t448, _t457, _t460, __eflags);
												_t369 = _a16;
												goto L35;
											}
											__eflags = _t369 - 0xfe;
											if(__eflags >= 0) {
												goto L113;
											}
											goto L35;
										}
									}
									L55:
									E0072EE41(_t460, _t404, _t431 + 0xffffffe8, _t350, _a4,  &_v32);
									E0072EB88(_t460, _a4, _v32);
									_t357 =  *0x7ffe0380;
									if( *0x7ffe0380 != 0) {
										__eflags =  *( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x240) & 0x00000001;
										if(__eflags != 0) {
											E00794758(__eflags, _t460, _v8, _a8,  *(_t460 + 0x78) << 3, 0, 0, _t357 & 0x000000ff);
										}
									}
									_t266 =  *0x7ffe038a;
									_t477 = _t266;
									if(_t266 == 0) {
										goto L66;
									} else {
										_push(_t266 & 0x000000ff);
										_push(0);
										_push(0);
										goto L118;
									}
								}
								 *((intOrPtr*)(_t460 + 0xf8)) =  *((intOrPtr*)(_t460 + 0xf8)) + 1;
								if(E00732686(0xffffffff,  &_v8,  &_a8, 0x4000) < 0) {
									goto L91;
								}
								if( *0x7ffe0380 != 0) {
									_t391 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									__eflags =  *(_t391 + 0x240) & 0x00000001;
									if(( *(_t391 + 0x240) & 0x00000001) != 0) {
										E007942AC(_t460, _v8, _a8, 6);
									}
								}
								_t347 = _a8;
								_t429 = _v8;
								goto L54;
							} else {
								__eflags = _t347;
								if(_t347 == 0) {
									goto L29;
								}
								__eflags = _t347 -  *((intOrPtr*)(_t460 + 0x70));
								if(_t347 >=  *((intOrPtr*)(_t460 + 0x70))) {
									goto L50;
								}
								goto L29;
							}
						}
					}
					__edx = _a12;
					__eflags = __edx -  *((intOrPtr*)(__esi + 0x70));
					if(__edx <  *((intOrPtr*)(__esi + 0x70))) {
						L59:
						_push(__edx);
						_push(_a8);
						goto L58;
					}
					__eax =  *(__esi + 0x78);
					__eax =  *(__esi + 0x78) + __edx;
					__eflags = __eax -  *((intOrPtr*)(__esi + 0x74));
					if(__eax <  *((intOrPtr*)(__esi + 0x74))) {
						goto L59;
					}
					__ecx =  *((intOrPtr*)(__esi + 0x130));
					__edi =  *(__esi + 0xe0);
					__ecx =  *((intOrPtr*)(__esi + 0x130)) + 3;
					__edi =  *(__esi + 0xe0) >> __cl;
					__eflags = __eax - __edi;
					if(__eax < __edi) {
						goto L59;
					}
					__ebx = _a8;
					__eax =  &_a12;
					_a4 = E00725DD8(__esi, __ebx,  &_a12, 0);
					_t159 = _a12 - 0x201; // -512
					__ecx = _t159;
					__eflags = __ecx - 0xfbff;
					if(__ecx > 0xfbff) {
						goto L37;
					}
					__eax =  *(__esi + 0x78);
					__edi =  *(__esi + 0xe0);
					__eax =  *(__esi + 0x78) << 3;
					__edi =  *(__esi + 0xe0) - ( *(__esi + 0x78) << 3);
					__eax =  *(__esi + 0x128);
					__eax = __eax >> 3;
					__eax = __eax - (__eax >> 3);
					__eflags = __edi - __eax;
					if(__edi < __eax) {
						__ebx = __esi + 0x12c;
						__eax =  *__ebx;
						__eax = __eax >> 3;
						__eax = __eax - (__eax >> 3);
						__eflags = __edi - __eax;
						if(__edi > __eax) {
							__ecx = __esi;
							__eax = E006FC3DE(__esi);
							 *__ebx = __edi;
							 *(__esi + 0x128) = __edi;
						}
					}
					goto L66;
				}
			}

Strings

(!TrailingUCR), xrefs: 00759598
(LONG)FreeEntry->Size > 1, xrefs: 007594F4
(UCRBlock != NULL), xrefs: 007592F4
HEAP[%wZ]: , xrefs: 007592DC, 00759348, 007593DE, 007594DC
((LONG)FreeEntry->Size > 1), xrefs: 007593F6
HEAP: , xrefs: 007592E9, 007593EB, 007594E9, 0075958D

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
API String ID: 0-523794902
Opcode ID: 8ad1c784d5d4337c513e67530e825e9f6f43f88b5c93c1516db20592fb8534a0
Instruction ID: 2439f0efaa84098e0416e89bca16be5801520accdc66a1597a30452442a2c794
Opcode Fuzzy Hash: 8ad1c784d5d4337c513e67530e825e9f6f43f88b5c93c1516db20592fb8534a0
Instruction Fuzzy Hash: 0E32D071600689EFDB21CF68C884BEAB7F6FF44310F148059F9158B292D778EA96DB50

Uniqueness

Uniqueness Score: 0.05%

Function 0072645A, Relevance: 5.1, Strings: 3, Instructions: 1399
UNIQUECrypto

C-Code - Quality: 87%

			E0072645A(void* __ecx, void* __edx, signed int _a4, signed int _a8, signed int* _a12, signed int _a16, signed short _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				signed short _v24;
				signed short* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t594;
				signed short _t596;
				signed short* _t597;
				signed char _t603;
				signed int _t612;
				signed int _t613;
				signed int _t616;
				signed int _t621;
				signed int* _t623;
				signed int* _t628;
				signed int _t635;
				signed int _t637;
				signed int* _t638;
				signed int _t645;
				signed int _t646;
				signed int _t651;
				signed short _t654;
				signed short _t656;
				signed int* _t659;
				signed int* _t662;
				unsigned int _t669;
				signed int _t671;
				signed int* _t672;
				signed int* _t679;
				signed short _t681;
				signed int _t684;
				signed short _t685;
				signed int _t686;
				signed char _t687;
				signed short _t690;
				signed int _t695;
				signed int _t696;
				signed int _t699;
				signed int _t700;
				signed int _t704;
				signed int* _t713;
				signed int _t720;
				signed int _t723;
				signed int* _t724;
				signed int _t730;
				signed int _t732;
				signed int _t733;
				signed short _t739;
				signed short _t741;
				signed int* _t744;
				signed int* _t745;
				signed int _t752;
				signed int _t756;
				signed int* _t757;
				signed int* _t764;
				signed short _t766;
				signed int _t769;
				intOrPtr _t771;
				signed int* _t789;
				void* _t790;
				signed int _t792;
				signed char _t796;
				signed short _t797;
				intOrPtr _t798;
				signed int _t801;
				signed int _t802;
				signed int _t803;
				signed short _t804;
				signed int _t805;
				signed int _t812;
				signed int _t813;
				signed short _t819;
				signed short _t821;
				signed int _t826;
				signed int _t827;
				signed int _t829;
				signed int _t831;
				signed int _t832;
				signed short _t835;
				signed short _t837;
				signed int _t840;
				signed int _t846;
				signed int _t847;
				signed int _t849;
				signed short _t850;
				signed int _t855;
				signed int _t857;
				signed int _t858;
				signed int _t859;
				signed short _t860;
				signed short _t861;
				signed int _t863;
				signed int _t865;
				signed int _t866;
				signed int _t867;
				signed short _t871;
				signed short _t873;
				signed int _t878;
				signed int _t879;
				intOrPtr* _t881;
				signed int _t882;
				signed int _t884;
				signed short _t886;
				signed int _t888;
				signed int _t891;
				signed short _t893;
				signed int _t897;
				signed int _t900;
				signed int _t901;
				signed int _t904;
				signed int _t907;
				signed int _t909;
				signed int _t910;
				signed int _t915;
				signed int _t916;
				signed int _t920;
				void* _t922;
				signed short _t923;
				void* _t924;
				intOrPtr _t925;
				void* _t926;
				signed int _t928;
				signed int* _t938;
				signed int _t939;
				signed int _t940;
				signed int _t941;
				signed short _t942;
				signed short* _t945;
				signed short _t946;
				signed int* _t948;
				void* _t952;
				signed int _t954;
				signed int* _t957;
				signed short _t959;
				signed short _t961;
				signed short _t962;
				signed short _t963;
				void* _t964;
				signed int _t965;
				signed int _t966;
				signed int _t967;
				intOrPtr _t968;
				signed short* _t972;
				unsigned int _t976;
				void* _t978;
				signed int _t980;
				signed short _t983;
				signed short _t984;
				signed short _t985;
				intOrPtr _t987;
				signed short* _t988;
				signed int _t992;
				signed short _t993;
				signed short* _t996;
				signed short _t997;
				signed int* _t999;
				void* _t1003;
				signed int _t1005;
				signed int* _t1008;
				signed short _t1010;
				signed short _t1012;
				signed short _t1013;
				signed short _t1014;
				intOrPtr _t1015;
				signed int _t1016;
				void* _t1017;
				signed int _t1019;
				signed int _t1023;
				signed short* _t1027;
				unsigned int _t1031;
				void* _t1033;
				signed int _t1035;
				signed short _t1038;
				signed short _t1039;
				signed short _t1040;
				signed int _t1041;
				signed int* _t1043;
				signed short _t1051;
				signed short _t1054;
				signed int _t1061;
				signed int _t1062;
				signed int _t1063;
				void* _t1064;
				signed int* _t1072;
				signed int _t1073;
				signed int _t1075;
				signed short* _t1080;
				signed int _t1081;
				void* _t1082;
				signed int* _t1084;
				signed int _t1086;
				signed int _t1091;
				signed int _t1093;
				void* _t1096;
				signed int* _t1098;
				signed int _t1099;
				signed int _t1101;
				signed int _t1103;
				signed int _t1104;
				void* _t1105;
				signed short* _t1106;
				signed int _t1107;
				signed int _t1109;
				signed short _t1111;
				signed short _t1113;
				signed int _t1118;
				signed int _t1120;
				signed int _t1123;
				void* _t1124;
				signed int* _t1126;
				signed int _t1129;
				signed int _t1131;

				_t922 = __edx;
				_t1062 = _a4;
				_t790 = __ecx;
				 *(_t1062 + 2) = _a8;
				 *((char*)(_t1062 + 7)) = 0;
				_t590 =  *(__ecx + 0x54) ^ _a16;
				 *(_t1062 + 4) =  *(__ecx + 0x54) ^ _a16;
				_t792 =  *(__edx + 0x18);
				_v12 = 0;
				if(_t792 != __edx) {
					_t594 = (_t1062 - __edx >> 0x10) + 1;
					__eflags = _t594;
					_a8 = _t594;
					if(__eflags <= 0) {
						L351:
						_push(0);
						_push(0);
						_push(_t922);
						_push(_t1062);
						_push(_t792);
						_push(3);
						E00794B0C(_t790, _t792, _t922, _t1062, 0, __eflags);
						_t594 = _a8;
						goto L80;
					}
					__eflags = _t594 - 0xfe;
					if(__eflags < 0) {
						goto L80;
					}
					goto L351;
				} else {
					__eflags = 0;
					L80:
					 *(_t1062 + 6) = _t594;
					_t596 = _a20;
					 *((char*)(_t1062 + 3)) = 0;
					 *_t1062 = _t596;
					_t1080 = _t1062 + _t596 * 8;
					_t796 =  *(_t790 + 0x4c) >> 0x00000014 &  *(_t790 + 0x52) ^ _t1080[1];
					_v28 = _t1080;
					__eflags = _t796 & 0x00000001;
					if((_t796 & 0x00000001) == 0) {
						do {
							__eflags =  *(_t790 + 0x4c);
							if( *(_t790 + 0x4c) != 0) {
								 *_t1080 =  *_t1080 ^  *(_t790 + 0x50);
								__eflags = _t1080[1] - (_t1080[0] ^ _t1080[1] ^  *_t1080);
								if(__eflags != 0) {
									_push(0);
									_push(_t1080);
									_push(_t790);
									E00794BBA(_t790, _t1062, _t1080, __eflags);
								}
							}
							_t923 = _t1080[6];
							_t246 =  &(_t1080[4]); // 0x8
							_t597 = _t246;
							_t797 =  *_t597;
							_v20 = _t797;
							_t798 =  *((intOrPtr*)(_t797 + 4));
							_v24 = _t923;
							_t924 =  *_t923;
							__eflags = _t924 - _t798;
							if(__eflags != 0) {
								L354:
								_push(0);
								_push(_t924);
								_push(_t798);
								_push(_t597);
								_push(_t790);
								_push(0xc);
								E00794B0C(_t790, _t798, _t924, _t1062, _t1080, __eflags);
								goto L355;
							} else {
								__eflags = _t924 - _t597;
								if(__eflags != 0) {
									goto L354;
								}
								 *((intOrPtr*)(_t790 + 0x78)) =  *((intOrPtr*)(_t790 + 0x78)) - ( *_t1080 & 0x0000ffff);
								_t684 =  *(_t790 + 0xb8);
								__eflags = _t684;
								if(_t684 == 0) {
									L185:
									_t685 = _v20;
									_t850 = _v24;
									 *_t850 = _t685;
									 *(_t685 + 4) = _t850;
									__eflags = _t1080[1] & 0x00000008;
									if((_t1080[1] & 0x00000008) != 0) {
										_t686 = E006FC30D(_t790, _t1080);
										__eflags = _t686;
										if(_t686 != 0) {
											goto L186;
										}
										E006FE4D7(_t790, _t1062, _t790, _t1080,  *_t1080 & 0x0000ffff, 1);
										L355:
										__eflags = _v12;
										if(_v12 != 0) {
											return 0;
										}
										goto L356;
									}
									L186:
									__eflags = _a12;
									if(_a12 != 0) {
										_t687 = _t1080[1];
										__eflags = _t687 & 0x00000004;
										if((_t687 & 0x00000004) != 0) {
											_t904 = ( *_t1080 & 0x0000ffff) * 8 - 0x10;
											_a8 = _t904;
											__eflags = _t687 & 0x00000002;
											if((_t687 & 0x00000002) != 0) {
												__eflags = _t904 - 4;
												if(_t904 > 4) {
													_t541 =  &_a8;
													 *_t541 = _a8 - 4;
													__eflags =  *_t541;
												}
											}
											_t544 =  &(_t1080[8]); // 0x10
											_t769 = E00705770(_t544, _a8, 0xfeeefeee);
											_a16 = _t769;
											__eflags = _t769 - _a8;
											if(_t769 != _a8) {
												_t771 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
												__eflags =  *(_t771 + 0xc);
												if( *(_t771 + 0xc) == 0) {
													_push("HEAP: ");
													E006EF63B();
												} else {
													E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
												}
												_push( &(_t1080[8]) + _a16);
												E006EF63B("HEAP: Free Heap block %lx modified at %lx after it was freed\n", _t1080);
												E007959C1(_t1080);
											}
										}
									}
									 *(_t1062 + 2) = _t1080[1];
									_t690 = _a20 + ( *_t1080 & 0x0000ffff);
									_a20 = _t690;
									__eflags = _t690 - 0xfe00;
									if(_t690 > 0xfe00) {
										E0072EB88(_t790, _t1062, _a20);
										goto L129;
									} else {
										 *_t1062 = _t690;
										__eflags = _a12;
										 *(_t1062 + 4 + _t690 * 8) =  *(_t790 + 0x54) ^ _t690;
										 *((char*)(_t1062 + 7)) = 0;
										if(_a12 != 0) {
											 *(_t1062 + 2) =  *(_t1062 + 2) & 0x000000f0;
											__eflags =  *(_t790 + 0x40) & 0x00000040;
											_t1104 = _t690 & 0x0000ffff;
											_a16 = _t1104;
											if(( *(_t790 + 0x40) & 0x00000040) != 0) {
												E00705810(_t1062 + 0x10, _t1104 * 8 - 0x10, 0xfeeefeee);
												 *(_t1062 + 2) =  *(_t1062 + 2) | 0x00000004;
											}
											_t695 =  *(_t790 + 0xb8);
											__eflags = _t695;
											if(_t695 != 0) {
												while(1) {
													__eflags = _t1104 -  *((intOrPtr*)(_t695 + 4));
													if(_t1104 <  *((intOrPtr*)(_t695 + 4))) {
														break;
													}
													_t855 =  *_t695;
													__eflags = _t855;
													if(_t855 == 0) {
														_t857 =  *((intOrPtr*)(_t695 + 4)) - 1;
														__eflags = _t857;
														_v8 = _t857;
														L293:
														_a12 = _t695;
														_t696 = _t695 + 0x14;
														__eflags = _t696;
														_a20 = _t696;
														while(1) {
															_t858 = _t857 -  *_a20;
															_t699 = _a12[6];
															_t987 =  *((intOrPtr*)(_t699 + 4));
															__eflags = _t699 - _t987;
															if(_t699 == _t987) {
																goto L262;
															}
															_t1063 =  *(_t790 + 0x4c);
															__eflags = _t1063;
															if(_t1063 == 0) {
																_t993 =  *(_t987 - 8) & 0x0000ffff;
															} else {
																_t1014 =  *(_t987 - 8);
																_t1063 =  *(_t790 + 0x4c);
																__eflags = _t1063 & _t1014;
																if((_t1063 & _t1014) != 0) {
																	_t1014 = _t1014 ^  *(_t790 + 0x50);
																	__eflags = _t1014;
																}
																_t993 = _t1014 & 0x0000ffff;
															}
															__eflags = _t1104 - (_t993 & 0x0000ffff);
															if(_t1104 - (_t993 & 0x0000ffff) <= 0) {
																_t996 =  *_t699 - 8;
																__eflags = _t1063;
																if(_t1063 == 0) {
																	_t997 =  *_t996 & 0x0000ffff;
																} else {
																	_t1013 =  *_t996;
																	_t1063 =  *(_t790 + 0x4c);
																	__eflags = _t1063 & _t1013;
																	if((_t1063 & _t1013) != 0) {
																		_t1013 = _t1013 ^  *(_t790 + 0x50);
																		__eflags = _t1013;
																	}
																	_t997 = _t1013 & 0x0000ffff;
																}
																__eflags = _a16 - (_t997 & 0x0000ffff);
																if(_a16 - (_t997 & 0x0000ffff) <= 0) {
																	_t699 =  *_t699;
																	goto L262;
																} else {
																	_t999 = _a12;
																	__eflags =  *_t999;
																	if( *_t999 != 0) {
																		L387:
																		_t713 = _a12;
																		_t1118 = _t858 >> 5;
																		_t1072 =  *((intOrPtr*)(_t713 + 0x1c)) + _t1118 * 4;
																		_t1003 = ( *((intOrPtr*)(_t713 + 4)) -  *_a20 >> 5) - 1;
																		_t720 =  !((1 << (_t858 & 0x0000001f)) - 1) &  *_t1072;
																		__eflags = 1;
																		if(1 != 0) {
																			L391:
																			__eflags = _t720 & 0x0000ffff;
																			if((_t720 & 0x0000ffff) == 0) {
																				_t878 = _t720 >> 0x00000010 & 0x000000ff;
																				__eflags = _t878;
																				if(_t878 == 0) {
																					_t572 = (_t720 >> 0x18) + 0x725818; // 0x10008
																					_t723 = ( *_t572 & 0x000000ff) + 0x18;
																					__eflags = _t723;
																				} else {
																					_t571 = _t878 + 0x725818; // 0x10008
																					_t723 = ( *_t571 & 0x000000ff) + 0x10;
																				}
																			} else {
																				_t1005 = _t720 & 0x000000ff;
																				__eflags = _t1005;
																				if(_t1005 == 0) {
																					_t570 = (_t720 >> 0x00000008 & 0x000000ff) + 0x725818; // 0x10008
																					_t723 = ( *_t570 & 0x000000ff) + 8;
																				} else {
																					_t569 = _t1005 + 0x725818; // 0x10008
																					_t723 =  *_t569 & 0x000000ff;
																				}
																			}
																			_t1120 = (_t1118 << 5) + _t723;
																			_t724 = _a12;
																			__eflags =  *(_t724 + 8);
																			_t879 = _t1120 + _t1120;
																			if( *(_t724 + 8) == 0) {
																				_t879 = _t1120;
																			}
																			_t699 =  *( *((intOrPtr*)(_t724 + 0x20)) + _t879 * 4);
																			goto L262;
																		} else {
																			goto L388;
																		}
																		while(1) {
																			L388:
																			__eflags = _t1118 - _t1003;
																			if(_t1118 > _t1003) {
																				break;
																			}
																			_t1072 =  &(_t1072[1]);
																			_t720 =  *_t1072;
																			_t1118 = _t1118 + 1;
																			__eflags = _t720;
																			if(_t720 == 0) {
																				continue;
																			}
																			break;
																		}
																		__eflags = _t720;
																		if(_t720 == 0) {
																			_a8 = _a8 & 0x00000000;
																			L317:
																			_t700 = _a8;
																			__eflags = _t700;
																			if(_t700 == 0) {
																				_t859 =  *_a12;
																				_t1104 = _a16;
																				_a12 = _t859;
																				_t860 = _t859 + 0x14;
																				_a20 = _t860;
																				_t857 =  *_t860;
																				_v8 = _t857;
																				continue;
																			}
																			goto L318;
																		}
																		goto L391;
																	}
																	__eflags = _v8 - _t999[1] - 1;
																	if(_v8 != _t999[1] - 1) {
																		goto L387;
																	}
																	_t1008 = _a12;
																	__eflags =  *(_t1008 + 8);
																	if( *(_t1008 + 8) != 0) {
																		_t858 = _t858 + _t858;
																		__eflags = _t858;
																	}
																	_t881 =  *((intOrPtr*)( *((intOrPtr*)(_t1008 + 0x20)) + _t858 * 4));
																	while(1) {
																		__eflags = _t699 - _t881;
																		if(_t699 == _t881) {
																			goto L317;
																		}
																		__eflags = _t1063;
																		if(_t1063 == 0) {
																			_t1010 =  *(_t881 - 8) & 0x0000ffff;
																		} else {
																			_t1012 =  *(_t881 - 8);
																			_t1063 =  *(_t790 + 0x4c);
																			__eflags = _t1063 & _t1012;
																			if((_t1063 & _t1012) != 0) {
																				_t1012 = _t1012 ^  *(_t790 + 0x50);
																				__eflags = _t1012;
																			}
																			_t1010 = _t1012 & 0x0000ffff;
																		}
																		__eflags = _a16 - (_t1010 & 0x0000ffff);
																		if(_a16 - (_t1010 & 0x0000ffff) <= 0) {
																			_a8 = _t881;
																			goto L317;
																		} else {
																			_t881 =  *_t881;
																			continue;
																		}
																	}
																	goto L317;
																}
															}
															L262:
															_a8 = _t699;
															goto L317;
														}
													}
													_t695 = _t855;
												}
												_t857 = _t1104;
												_v8 = _t1104;
												goto L293;
											} else {
												_t700 =  *(_t790 + 0xc4);
												L318:
												_t1105 = _t790 + 0xc4;
												__eflags = _t1105 - _t700;
												if(_t1105 == _t700) {
													L325:
													_t861 =  *(_t700 + 4);
													_t988 = _a4;
													_t1064 =  *_t861;
													_t1106 =  &(_t988[4]);
													_a12 = _t1106;
													__eflags = _t1064 - _t700;
													if(__eflags != 0) {
														_push(0);
														_push(_t1064);
														_push(0);
														_push(_t700);
														_push(0);
														_push(0xc);
														E00794B0C(_t790, 0, _t988, _t1064, _t1106, __eflags);
														_t988 = _a4;
													} else {
														 *_t1106 = _t700;
														_t1106[2] = _t861;
														 *_t861 = _t1106;
														 *(_t700 + 4) = _t1106;
													}
													 *((intOrPtr*)(_t790 + 0x78)) =  *((intOrPtr*)(_t790 + 0x78)) + ( *_t988 & 0x0000ffff);
													_t704 =  *(_t790 + 0xb8);
													__eflags = _t704;
													if(_t704 == 0) {
														L346:
														__eflags =  *(_t790 + 0x4c);
														if( *(_t790 + 0x4c) != 0) {
															_t988[1] = _t988[0] ^  *_t988 ^ _t988[1];
															 *_t988 =  *_t988 ^  *(_t790 + 0x50);
														}
														L129:
														return 1;
													} else {
														_t863 =  *_t988 & 0x0000ffff;
														while(1) {
															__eflags = _t863 -  *((intOrPtr*)(_t704 + 4));
															if(_t863 <  *((intOrPtr*)(_t704 + 4))) {
																break;
															}
															_t1107 =  *_t704;
															__eflags = _t1107;
															if(_t1107 == 0) {
																_t1109 =  *((intOrPtr*)(_t704 + 4)) - 1;
																__eflags = _t1109;
																L334:
																_t865 = _t1109 -  *((intOrPtr*)(_t704 + 0x14));
																__eflags =  *(_t704 + 8);
																_a20 = _t865;
																if( *(_t704 + 8) != 0) {
																	_t865 = _t865 + _t865;
																	__eflags = _t865;
																}
																 *((intOrPtr*)(_t704 + 0xc)) =  *((intOrPtr*)(_t704 + 0xc)) + 1;
																_t866 = _t865 << 2;
																_a8 = _t866;
																_t867 =  *(_t866 +  *((intOrPtr*)(_t704 + 0x20)));
																_a16 = _t867;
																__eflags = _t1109 -  *((intOrPtr*)(_t704 + 4)) - 1;
																if(_t1109 ==  *((intOrPtr*)(_t704 + 4)) - 1) {
																	_t500 = _t704 + 0x10;
																	 *_t500 =  *(_t704 + 0x10) + 1;
																	__eflags =  *_t500;
																}
																__eflags = _t867;
																if(_t867 == 0) {
																	L344:
																	 *((intOrPtr*)(_a8 +  *((intOrPtr*)(_t704 + 0x20)))) = _a12;
																	_t867 = _a16;
																	goto L345;
																} else {
																	__eflags =  *(_t790 + 0x4c);
																	if( *(_t790 + 0x4c) == 0) {
																		_t1111 =  *(_t867 - 8) & 0x0000ffff;
																	} else {
																		_t1113 =  *(_t867 - 8);
																		__eflags =  *(_t790 + 0x4c) & _t1113;
																		if(( *(_t790 + 0x4c) & _t1113) != 0) {
																			_t1113 = _t1113 ^  *(_t790 + 0x50);
																			__eflags = _t1113;
																		}
																		_t1111 = _t1113 & 0x0000ffff;
																	}
																	__eflags = ( *_t988 & 0x0000ffff) - (_t1111 & 0x0000ffff);
																	if(( *_t988 & 0x0000ffff) - (_t1111 & 0x0000ffff) > 0) {
																		L345:
																		__eflags = _t867;
																		if(_t867 == 0) {
																			 *( *((intOrPtr*)(_t704 + 0x1c)) + (_a20 >> 5) * 4) =  *( *((intOrPtr*)(_t704 + 0x1c)) + (_a20 >> 5) * 4) | 1;
																			_t988 = _a4;
																		}
																		goto L346;
																	} else {
																		goto L344;
																	}
																}
															}
															_t704 = _t1107;
														}
														_t1109 = _t863;
														goto L334;
													}
												}
												_t992 =  *(_t790 + 0x4c);
												while(1) {
													__eflags = _t992;
													if(_t992 == 0) {
														_t871 =  *(_t700 - 8) & 0x0000ffff;
													} else {
														_t873 =  *(_t700 - 8);
														_t992 =  *(_t790 + 0x4c);
														__eflags = _t992 & _t873;
														if((_t992 & _t873) != 0) {
															_t873 = _t873 ^  *(_t790 + 0x50);
															__eflags = _t873;
														}
														_t871 = _t873 & 0x0000ffff;
													}
													__eflags = _a16 - (_t871 & 0x0000ffff);
													if(_a16 <= (_t871 & 0x0000ffff)) {
														goto L325;
													}
													_t700 =  *_t700;
													__eflags = _t1105 - _t700;
													if(_t1105 == _t700) {
														goto L325;
													}
												}
												goto L325;
											}
										}
										_t882 = _t690 & 0x0000ffff;
										 *(_t1062 + 2) = 0;
										_t730 =  *(_t790 + 0xb8);
										_v8 = _t882;
										__eflags = _t730;
										if(_t730 != 0) {
											while(1) {
												__eflags = _t882 -  *((intOrPtr*)(_t730 + 4));
												if(_t882 <  *((intOrPtr*)(_t730 + 4))) {
													break;
												}
												_t1041 =  *_t730;
												__eflags = _t1041;
												if(_t1041 == 0) {
													_t882 =  *((intOrPtr*)(_t730 + 4)) - 1;
													break;
												}
												_t730 = _t1041;
											}
											_a12 = _t730;
											_a20 = _t882;
											_t1062 = _t730 + 0x14;
											while(1) {
												_t732 = _a12[6];
												_t1015 =  *((intOrPtr*)(_t732 + 4));
												_t884 = _a20 -  *_t1062;
												_a16 = _t732;
												__eflags = _t732 - _t1015;
												if(_t732 == _t1015) {
													goto L201;
												}
												_t1123 =  *(_t790 + 0x4c);
												__eflags = _t1123;
												if(_t1123 == 0) {
													_t739 =  *(_t1015 - 8) & 0x0000ffff;
												} else {
													_t1040 =  *(_t1015 - 8);
													_t1123 =  *(_t790 + 0x4c);
													__eflags = _t1123 & _t1040;
													if((_t1123 & _t1040) != 0) {
														_t1040 = _t1040 ^  *(_t790 + 0x50);
														__eflags = _t1040;
													}
													_t739 = _t1040 & 0x0000ffff;
												}
												_t732 = _a16;
												__eflags = _v8 - (_t739 & 0x0000ffff);
												if(_v8 - (_t739 & 0x0000ffff) <= 0) {
													L234:
													_t1027 =  *_t732 - 8;
													__eflags = _t1123;
													if(_t1123 == 0) {
														_t741 =  *_t1027 & 0x0000ffff;
													} else {
														_t1039 =  *_t1027;
														_t1123 =  *(_t790 + 0x4c);
														__eflags = _t1123 & _t1039;
														if((_t1123 & _t1039) != 0) {
															_t1039 = _t1039 ^  *(_t790 + 0x50);
															__eflags = _t1039;
														}
														_t741 = _t1039 & 0x0000ffff;
													}
													__eflags = _v8 - (_t741 & 0x0000ffff);
													if(_v8 - (_t741 & 0x0000ffff) <= 0) {
														_t732 =  *_a16;
														goto L201;
													} else {
														_t744 = _a12;
														__eflags =  *_t744;
														if( *_t744 != 0) {
															L251:
															_t745 = _a12;
															_t1031 =  *((intOrPtr*)(_t745 + 4)) -  *_t1062;
															_t1129 = _t884 >> 5;
															_t1062 =  *((intOrPtr*)(_t745 + 0x1c)) + _t1129 * 4;
															_t1033 = (_t1031 >> 5) - 1;
															_t752 =  !((1 << (_t884 & 0x0000001f)) - 1) &  *_t1062;
															__eflags = 1;
															if(1 != 0) {
																L255:
																__eflags = _t752 & 0x0000ffff;
																if((_t752 & 0x0000ffff) != 0) {
																	_t1035 = _t752 & 0x000000ff;
																	__eflags = _t1035;
																	if(_t1035 == 0) {
																		_t40 = (_t752 >> 0x00000008 & 0x000000ff) + 0x725818; // 0x10008
																		_t756 = ( *_t40 & 0x000000ff) + 8;
																	} else {
																		_t106 = _t1035 + 0x725818; // 0x10008
																		_t756 =  *_t106 & 0x000000ff;
																	}
																} else {
																	_t900 = _t752 >> 0x00000010 & 0x000000ff;
																	__eflags = _t900;
																	if(_t900 != 0) {
																		_t39 = _t900 + 0x725818; // 0x10008
																		_t756 = ( *_t39 & 0x000000ff) + 0x10;
																	} else {
																		_t392 = (_t752 >> 0x18) + 0x725818; // 0x10008
																		_t756 = ( *_t392 & 0x000000ff) + 0x18;
																		__eflags = _t756;
																	}
																}
																_t1131 = (_t1129 << 5) + _t756;
																_t757 = _a12;
																__eflags =  *(_t757 + 8);
																_t897 = _t1131 + _t1131;
																if( *(_t757 + 8) == 0) {
																	_t897 = _t1131;
																}
																_t732 =  *( *((intOrPtr*)(_t757 + 0x20)) + _t897 * 4);
																goto L201;
															} else {
																goto L252;
															}
															while(1) {
																L252:
																__eflags = _t1129 - _t1033;
																if(_t1129 > _t1033) {
																	break;
																}
																_t1062 = _t1062 + 4;
																_t752 =  *_t1062;
																_t1129 = _t1129 + 1;
																__eflags = _t752;
																if(_t752 == 0) {
																	continue;
																}
																break;
															}
															__eflags = _t752;
															if(_t752 == 0) {
																_a8 = _a8 & 0x00000000;
																L202:
																_t733 = _a8;
																__eflags = _t733;
																if(_t733 == 0) {
																	_t402 =  *_a12 + 0x14; // 0x14
																	_t1062 = _t402;
																	_a12 =  *_a12;
																	_a20 =  *_t1062;
																	continue;
																}
																L203:
																_t1124 = _t790 + 0xc4;
																__eflags = _t1124 - _t733;
																if(_t1124 != _t733) {
																	_t1016 =  *(_t790 + 0x4c);
																	while(1) {
																		__eflags = _t1016;
																		if(_t1016 == 0) {
																			_t886 =  *(_t733 - 8) & 0x0000ffff;
																		} else {
																			_t893 =  *(_t733 - 8);
																			_t1016 =  *(_t790 + 0x4c);
																			__eflags = _t1016 & _t893;
																			if((_t1016 & _t893) != 0) {
																				_t893 = _t893 ^  *(_t790 + 0x50);
																				__eflags = _t893;
																			}
																			_t886 = _t893 & 0x0000ffff;
																		}
																		__eflags = _v8 - (_t886 & 0x0000ffff);
																		if(_v8 <= (_t886 & 0x0000ffff)) {
																			goto L204;
																		}
																		_t733 =  *_t733;
																		__eflags = _t1124 - _t733;
																		if(_t1124 == _t733) {
																			goto L204;
																		} else {
																			continue;
																		}
																		goto L234;
																	}
																}
																L204:
																_t888 =  *(_t733 + 4);
																_t1017 =  *_t888;
																_t1126 = _a4 + 8;
																_a12 = _t1126;
																__eflags = _t1017 - _t733;
																if(__eflags != 0) {
																	_push(0);
																	_push(_t1017);
																	_push(0);
																	_push(_t733);
																	_push(0);
																	_push(0xc);
																	E00794B0C(_t790, 0, _t1017, _t1062, _t1126, __eflags);
																} else {
																	 *_t1126 = _t733;
																	_t1126[1] = _t888;
																	 *_t888 = _t1126;
																	 *(_t733 + 4) = _t1126;
																}
																 *((intOrPtr*)(_t790 + 0x78)) =  *((intOrPtr*)(_t790 + 0x78)) + ( *_a4 & 0x0000ffff);
																_t621 =  *(_t790 + 0xb8);
																__eflags = _t621;
																if(_t621 == 0) {
																	L127:
																	__eflags =  *(_t790 + 0x4c);
																	if( *(_t790 + 0x4c) != 0) {
																		_t623 = _a4;
																		_t623[0] = _t623[0] ^  *_t623 ^ _t623[0];
																		 *_t623 =  *_t623 ^  *(_t790 + 0x50);
																		__eflags =  *_t623;
																	}
																	goto L129;
																} else {
																	_t891 =  *_a4 & 0x0000ffff;
																	while(1) {
																		__eflags = _t891 -  *((intOrPtr*)(_t621 + 4));
																		if(_t891 <  *((intOrPtr*)(_t621 + 4))) {
																			break;
																		}
																		_t1023 =  *_t621;
																		__eflags = _t1023;
																		if(_t1023 == 0) {
																			_t891 =  *((intOrPtr*)(_t621 + 4)) - 1;
																			break;
																		}
																		_t621 = _t1023;
																	}
																	_t1019 = _t891 -  *((intOrPtr*)(_t621 + 0x14));
																	__eflags =  *(_t621 + 8);
																	_a8 = _t1019;
																	if( *(_t621 + 8) != 0) {
																		_t1019 = _t1019 + _t1019;
																		__eflags = _t1019;
																	}
																	 *((intOrPtr*)(_t621 + 0xc)) =  *((intOrPtr*)(_t621 + 0xc)) + 1;
																	_t1086 = _t1019 << 2;
																	_t1073 =  *(_t1086 +  *((intOrPtr*)(_t621 + 0x20)));
																	__eflags = _t891 -  *((intOrPtr*)(_t621 + 4)) - 1;
																	if(_t891 ==  *((intOrPtr*)(_t621 + 4)) - 1) {
																		_t335 = _t621 + 0x10;
																		 *_t335 =  *(_t621 + 0x10) + 1;
																		__eflags =  *_t335;
																	}
																	__eflags = _t1073;
																	if(_t1073 == 0) {
																		L124:
																		 *(_t1086 +  *((intOrPtr*)(_t621 + 0x20))) = _a12;
																		goto L125;
																	} else {
																		__eflags =  *(_t790 + 0x4c);
																		if( *(_t790 + 0x4c) == 0) {
																			L272:
																			_t813 =  *(_t1073 - 8) & 0x0000ffff;
																			L140:
																			__eflags = ( *_a4 & 0x0000ffff) - (_t813 & 0x0000ffff);
																			if(( *_a4 & 0x0000ffff) - (_t813 & 0x0000ffff) <= 0) {
																				goto L124;
																			}
																			L125:
																			__eflags = _t1073;
																			if(_t1073 == 0) {
																				_t938 =  *((intOrPtr*)(_t621 + 0x1c)) + (_a8 >> 5) * 4;
																				 *_t938 =  *_t938 | 1;
																				__eflags =  *_t938;
																			}
																			goto L127;
																		}
																		_t939 =  *(_t1073 - 8);
																		__eflags =  *(_t790 + 0x4c) & _t939;
																		L137:
																		if(__eflags != 0) {
																			_t939 = _t939 ^  *(_t790 + 0x50);
																			__eflags = _t939;
																		}
																		_t813 = _t939 & 0x0000ffff;
																		goto L140;
																	}
																}
															}
															goto L255;
														}
														__eflags = _a20 - _t744[1] - 1;
														if(_a20 != _t744[1] - 1) {
															goto L251;
														}
														_t764 = _a12;
														__eflags =  *(_t764 + 8);
														if( *(_t764 + 8) != 0) {
															_t884 = _t884 + _t884;
															__eflags = _t884;
														}
														_t901 =  *((intOrPtr*)( *((intOrPtr*)(_t764 + 0x20)) + _t884 * 4));
														while(1) {
															__eflags = _a16 - _t901;
															if(_a16 == _t901) {
																goto L202;
															}
															__eflags = _t1123;
															if(_t1123 == 0) {
																_t766 =  *(_t901 - 8) & 0x0000ffff;
															} else {
																_t1038 =  *(_t901 - 8);
																_t1123 =  *(_t790 + 0x4c);
																__eflags = _t1123 & _t1038;
																if((_t1123 & _t1038) != 0) {
																	_t1038 = _t1038 ^  *(_t790 + 0x50);
																	__eflags = _t1038;
																}
																_t766 = _t1038 & 0x0000ffff;
															}
															__eflags = _v8 - (_t766 & 0x0000ffff);
															if(_v8 - (_t766 & 0x0000ffff) > 0) {
																_t901 =  *_t901;
																continue;
															} else {
																_a8 = _t901;
																goto L202;
															}
														}
														goto L202;
													}
												}
												L201:
												_a8 = _t732;
												goto L202;
											}
										}
										_t733 =  *(_t790 + 0xc4);
										goto L203;
									}
								}
								_t907 =  *_t1080 & 0x0000ffff;
								while(1) {
									__eflags = _t907 -  *(_t684 + 4);
									if(_t907 <  *(_t684 + 4)) {
										break;
									}
									_t1061 =  *_t684;
									__eflags = _t1061;
									if(_t1061 == 0) {
										_t1075 =  *(_t684 + 4) - 1;
										_a8 = _t1075;
										L175:
										_t909 = _t1075 -  *((intOrPtr*)(_t684 + 0x14));
										__eflags =  *(_t684 + 8);
										_v8 = _t909;
										if( *(_t684 + 8) != 0) {
											_t909 = _t909 + _t909;
											__eflags = _t909;
										}
										_t910 = _t909 << 2;
										_t1043 =  *((intOrPtr*)(_t684 + 0x20)) + _t910;
										_a16 = _t910;
										 *((intOrPtr*)(_t684 + 0xc)) =  *((intOrPtr*)(_t684 + 0xc)) - 1;
										_v16 =  *_t1043;
										__eflags = _t1075 -  *(_t684 + 4) - 1;
										if(_t1075 ==  *(_t684 + 4) - 1) {
											_t263 = _t684 + 0x10;
											 *_t263 =  *(_t684 + 0x10) - 1;
											__eflags =  *_t263;
										}
										_t265 =  &(_t1080[4]); // 0x8
										__eflags = _v16 - _t265;
										if(_v16 != _t265) {
											L218:
											_t1062 = _a4;
											goto L185;
										} else {
											__eflags =  *_t684;
											_t915 =  *(_t684 + 4);
											if( *_t684 == 0) {
												_t915 = _t915 - 1;
												__eflags = _t915;
											}
											__eflags = _a8 - _t915;
											_t916 = _t1080[4];
											if(_a8 < _t915) {
												__eflags = _t916 -  *((intOrPtr*)(_t684 + 0x18));
												if(_t916 ==  *((intOrPtr*)(_t684 + 0x18))) {
													L226:
													 *(_a16 +  *((intOrPtr*)(_t684 + 0x20))) =  *(_a16 +  *((intOrPtr*)(_t684 + 0x20))) & 0x00000000;
													 *( *((intOrPtr*)(_t684 + 0x1c)) + (_v8 >> 5) * 4) =  *( *((intOrPtr*)(_t684 + 0x1c)) + (_v8 >> 5) * 4) &  !(1 << (_v8 & 0x0000001f));
													goto L218;
												}
												__eflags =  *(_t790 + 0x4c);
												if( *(_t790 + 0x4c) == 0) {
													_t1051 =  *(_t916 - 8) & 0x0000ffff;
												} else {
													_t1054 =  *(_t916 - 8);
													__eflags =  *(_t790 + 0x4c) & _t1054;
													if(( *(_t790 + 0x4c) & _t1054) != 0) {
														_t1054 = _t1054 ^  *(_t790 + 0x50);
														__eflags = _t1054;
													}
													_t1051 = _t1054 & 0x0000ffff;
												}
												__eflags = ( *_t1080 & 0x0000ffff) == (_t1051 & 0x0000ffff);
												if(( *_t1080 & 0x0000ffff) == (_t1051 & 0x0000ffff)) {
													 *(_a16 +  *((intOrPtr*)(_t684 + 0x20))) = _t916;
													goto L218;
												} else {
													goto L226;
												}
											} else {
												_t1062 = _a4;
												__eflags = _t916 -  *((intOrPtr*)(_t684 + 0x18));
												if(_t916 !=  *((intOrPtr*)(_t684 + 0x18))) {
													 *_t1043 = _t916;
												} else {
													 *_t1043 =  *_t1043 & 0x00000000;
													_t920 = _v8;
													_t789 =  *((intOrPtr*)(_t684 + 0x1c)) + (_t920 >> 5) * 4;
													 *_t789 =  *_t789 &  !(1 << (_t920 & 0x0000001f));
													__eflags =  *_t789;
												}
												goto L185;
											}
										}
									}
									_t684 = _t1061;
								}
								_t1075 = _t907;
								_a8 = _t907;
								goto L175;
							}
							L356:
							_t1080 = _v28;
							_v12 = 1;
							_t603 =  *(_t790 + 0x4c) >> 0x00000014 &  *(_t790 + 0x52) ^ _t1080[1];
							__eflags = _t603 & 0x00000001;
						} while ((_t603 & 0x00000001) == 0);
						_t596 = _a20;
					}
					__eflags = _a12;
					_t1080[2] =  *(_t790 + 0x54) ^ _t596;
					 *((char*)(_t1062 + 7)) = 0;
					if(_a12 != 0) {
						 *(_t1062 + 2) =  *(_t1062 + 2) & 0x000000f0;
						__eflags =  *(_t790 + 0x40) & 0x00000040;
						_t1081 = _t596 & 0x0000ffff;
						_a16 = _t1081;
						if(( *(_t790 + 0x40) & 0x00000040) != 0) {
							E00705810(_t1062 + 0x10, _t1081 * 8 - 0x10, 0xfeeefeee);
							 *(_t1062 + 2) =  *(_t1062 + 2) | 0x00000004;
						}
						_t612 =  *(_t790 + 0xb8);
						__eflags = _t612;
						if(__eflags != 0) {
							while(1) {
								__eflags = _t1081 -  *((intOrPtr*)(_t612 + 4));
								if(_t1081 <  *((intOrPtr*)(_t612 + 4))) {
									break;
								}
								_t801 =  *_t612;
								__eflags = _t801;
								if(_t801 != 0) {
									_t612 = _t801;
									continue;
								}
								_t802 =  *((intOrPtr*)(_t612 + 4)) - 1;
								_v8 = _t802;
								L34:
								_a12 = _t612;
								_t613 = _t612 + 0x14;
								__eflags = _t613;
								_a20 = _t613;
								while(1) {
									_t792 = _t802 -  *_a20;
									_t590 = _a12[6];
									_t925 =  *((intOrPtr*)(_t590 + 4));
									__eflags = _t590 - _t925;
									if(__eflags == 0) {
										goto L57;
									}
									_t1062 =  *(_t790 + 0x4c);
									__eflags = _t1062;
									if(_t1062 == 0) {
										_t942 =  *(_t925 - 8) & 0x0000ffff;
									} else {
										_t963 =  *(_t925 - 8);
										_t1062 =  *(_t790 + 0x4c);
										__eflags = _t1062 & _t963;
										if((_t1062 & _t963) != 0) {
											_t963 = _t963 ^  *(_t790 + 0x50);
											__eflags = _t963;
										}
										_t942 = _t963 & 0x0000ffff;
									}
									__eflags = _t1081 - (_t942 & 0x0000ffff);
									if(__eflags <= 0) {
										_t945 =  *_t590 - 8;
										__eflags = _t1062;
										if(_t1062 == 0) {
											_t946 =  *_t945 & 0x0000ffff;
										} else {
											_t962 =  *_t945;
											_t1062 =  *(_t790 + 0x4c);
											__eflags = _t1062 & _t962;
											if((_t1062 & _t962) != 0) {
												_t962 = _t962 ^  *(_t790 + 0x50);
												__eflags = _t962;
											}
											_t946 = _t962 & 0x0000ffff;
										}
										__eflags = _a16 - (_t946 & 0x0000ffff);
										if(__eflags <= 0) {
											_t590 =  *_t590;
											goto L57;
										} else {
											_t948 = _a12;
											__eflags =  *_t948;
											if( *_t948 != 0) {
												L48:
												_t628 = _a12;
												_t1091 = _t792 >> 5;
												_t1062 =  *((intOrPtr*)(_t628 + 0x1c)) + _t1091 * 4;
												_t952 = ( *((intOrPtr*)(_t628 + 4)) -  *_a20 >> 5) - 1;
												_t635 =  !((1 << (_t792 & 0x0000001f)) - 1) &  *_t1062;
												__eflags = 1;
												if(1 != 0) {
													L52:
													__eflags = _t635 & 0x0000ffff;
													if((_t635 & 0x0000ffff) == 0) {
														_t826 = _t635 >> 0x00000010 & 0x000000ff;
														__eflags = _t826;
														if(_t826 != 0) {
															_t23 = _t826 + 0x725818; // 0x10008
															_t637 = ( *_t23 & 0x000000ff) + 0x10;
														} else {
															_t31 = (_t635 >> 0x18) + 0x725818; // 0x10008
															_t637 = ( *_t31 & 0x000000ff) + 0x18;
														}
													} else {
														_t954 = _t635 & 0x000000ff;
														__eflags = _t954;
														if(_t954 == 0) {
															_t22 = (_t635 >> 0x00000008 & 0x000000ff) + 0x725818; // 0x10008
															_t637 = ( *_t22 & 0x000000ff) + 8;
														} else {
															_t76 = _t954 + 0x725818; // 0x10008
															_t637 =  *_t76 & 0x000000ff;
														}
													}
													_t1093 = (_t1091 << 5) + _t637;
													_t638 = _a12;
													__eflags =  *(_t638 + 8);
													_t827 = _t1093 + _t1093;
													if(__eflags == 0) {
														_t827 = _t1093;
													}
													_t590 =  *( *((intOrPtr*)(_t638 + 0x20)) + _t827 * 4);
													goto L57;
												} else {
													goto L49;
												}
												while(1) {
													L49:
													__eflags = _t1091 - _t952;
													if(_t1091 > _t952) {
														break;
													}
													_t1062 = _t1062 + 4;
													_t635 =  *_t1062;
													_t1091 = _t1091 + 1;
													__eflags = _t635;
													if(_t635 == 0) {
														continue;
													}
													break;
												}
												__eflags = _t635;
												if(__eflags == 0) {
													_a8 = _a8 & 0x00000000;
													L58:
													_t616 = _a8;
													if(_t616 == 0) {
														_t803 =  *_a12;
														_t1081 = _a16;
														_a12 = _t803;
														_t804 = _t803 + 0x14;
														_a20 = _t804;
														_t802 =  *_t804;
														_v8 = _t802;
														continue;
													}
													goto L59;
												}
												goto L52;
											}
											__eflags = _v8 - _t948[1] - 1;
											if(__eflags == 0) {
												_t957 = _a12;
												if( *((intOrPtr*)(_t957 + 8)) != 0) {
													_t792 = _t792 + _t792;
												}
												_t829 =  *((intOrPtr*)( *((intOrPtr*)(_t957 + 0x20)) + _t792 * 4));
												while(_t590 != _t829) {
													__eflags = _t1062;
													if(_t1062 == 0) {
														_t959 =  *(_t829 - 8) & 0x0000ffff;
													} else {
														_t961 =  *(_t829 - 8);
														_t1062 =  *(_t790 + 0x4c);
														__eflags = _t1062 & _t961;
														if((_t1062 & _t961) != 0) {
															_t961 = _t961 ^  *(_t790 + 0x50);
															__eflags = _t961;
														}
														_t959 = _t961 & 0x0000ffff;
													}
													__eflags = _a16 - (_t959 & 0x0000ffff);
													if(__eflags > 0) {
														_t829 =  *_t829;
														continue;
													} else {
														_a8 = _t829;
														goto L58;
													}
												}
												goto L58;
											}
											goto L48;
										}
									}
									L57:
									_a8 = _t590;
									goto L58;
								}
							}
							_t802 = _t1081;
							_v8 = _t1081;
							goto L34;
						} else {
							_t616 =  *(_t790 + 0xc4);
							L59:
							_t1082 = _t790 + 0xc4;
							if(_t1082 == _t616) {
								L66:
								_t805 =  *(_t616 + 4);
								_t926 =  *_t805;
								_t1084 = _a4 + 8;
								_a12 = _t1084;
								if(_t926 != _t616) {
									_push(0);
									_push(_t926);
									_push(0);
									_push(_t616);
									_push(0);
									_push(0xc);
									E00794B0C(_t790, 0, _t926, _t1062, _t1084, __eflags);
								} else {
									 *_t1084 = _t616;
									_t1084[1] = _t805;
									 *_t805 = _t1084;
									 *(_t616 + 4) = _t1084;
								}
								 *((intOrPtr*)(_t790 + 0x78)) =  *((intOrPtr*)(_t790 + 0x78)) + ( *_a4 & 0x0000ffff);
								_t621 =  *(_t790 + 0xb8);
								if(_t621 == 0) {
									goto L127;
								} else {
									_t812 =  *_a4 & 0x0000ffff;
									while(_t812 >=  *((intOrPtr*)(_t621 + 4))) {
										_t940 =  *_t621;
										if(_t940 == 0) {
											L148:
											_t812 =  *((intOrPtr*)(_t621 + 4)) - 1;
											break;
										}
										_t621 = _t940;
									}
									L120:
									_t928 = _t812 -  *((intOrPtr*)(_t621 + 0x14));
									__eflags =  *(_t621 + 8);
									_a8 = _t928;
									if( *(_t621 + 8) != 0) {
										_t928 = _t928 + _t928;
										__eflags = _t928;
									}
									_t1086 = _t928 << 2;
									 *((intOrPtr*)(_t621 + 0xc)) =  *((intOrPtr*)(_t621 + 0xc)) + 1;
									_t1073 =  *(_t1086 +  *((intOrPtr*)(_t621 + 0x20)));
									__eflags = _t812 -  *((intOrPtr*)(_t621 + 4)) - 1;
									if(_t812 ==  *((intOrPtr*)(_t621 + 4)) - 1) {
										 *(_t621 + 0x10) =  *(_t621 + 0x10) + 1;
									}
									__eflags = _t1073;
									if(_t1073 != 0) {
										__eflags =  *(_t790 + 0x4c);
										if( *(_t790 + 0x4c) == 0) {
											goto L272;
										}
										_t939 =  *(_t1073 - 8);
										__eflags =  *(_t790 + 0x4c) & _t939;
										goto L137;
									} else {
										goto L124;
									}
								}
							}
							_t941 =  *(_t790 + 0x4c);
							L61:
							L61:
							if(_t941 == 0) {
								_t819 =  *(_t616 - 8) & 0x0000ffff;
							} else {
								_t821 =  *(_t616 - 8);
								_t941 =  *(_t790 + 0x4c);
								if((_t941 & _t821) != 0) {
									_t821 = _t821 ^  *(_t790 + 0x50);
								}
								_t819 = _t821 & 0x0000ffff;
							}
							if(_a16 > (_t819 & 0x0000ffff)) {
								goto L366;
							}
							goto L66;
							L366:
							_t616 =  *_t616;
							__eflags = _t1082 - _t616;
							if(__eflags == 0) {
								goto L66;
							}
							goto L61;
						}
					}
					_t831 = _t596 & 0x0000ffff;
					 *(_t1062 + 2) = 0;
					_t645 =  *(_t790 + 0xb8);
					_v8 = _t831;
					__eflags = _t645;
					if(_t645 == 0) {
						_t646 =  *(_t790 + 0xc4);
						L108:
						_t1096 = _t790 + 0xc4;
						__eflags = _t1096 - _t646;
						if(_t1096 == _t646) {
							L115:
							_t832 =  *(_t646 + 4);
							_t964 =  *_t832;
							_t1098 = _a4 + 8;
							_a12 = _t1098;
							__eflags = _t964 - _t646;
							if(__eflags != 0) {
								_push(0);
								_push(_t964);
								_push(0);
								_push(_t646);
								_push(0);
								_push(0xc);
								E00794B0C(_t790, 0, _t964, _t1062, _t1098, __eflags);
							} else {
								 *_t1098 = _t646;
								_t1098[1] = _t832;
								 *_t832 = _t1098;
								 *(_t646 + 4) = _t1098;
							}
							 *((intOrPtr*)(_t790 + 0x78)) =  *((intOrPtr*)(_t790 + 0x78)) + ( *_a4 & 0x0000ffff);
							_t621 =  *(_t790 + 0xb8);
							__eflags = _t621;
							if(_t621 == 0) {
								goto L127;
							} else {
								_t812 =  *_a4 & 0x0000ffff;
								while(1) {
									__eflags = _t812 -  *((intOrPtr*)(_t621 + 4));
									if(_t812 <  *((intOrPtr*)(_t621 + 4))) {
										goto L120;
									}
									_t965 =  *_t621;
									__eflags = _t965;
									if(_t965 == 0) {
										goto L148;
									}
									_t621 = _t965;
								}
								goto L120;
							}
						}
						_t966 =  *(_t790 + 0x4c);
						while(1) {
							__eflags = _t966;
							if(_t966 == 0) {
								_t835 =  *(_t646 - 8) & 0x0000ffff;
							} else {
								_t837 =  *(_t646 - 8);
								_t966 =  *(_t790 + 0x4c);
								__eflags = _t966 & _t837;
								if((_t966 & _t837) != 0) {
									_t837 = _t837 ^  *(_t790 + 0x50);
									__eflags = _t837;
								}
								_t835 = _t837 & 0x0000ffff;
							}
							__eflags = _v8 - (_t835 & 0x0000ffff);
							if(_v8 <= (_t835 & 0x0000ffff)) {
								goto L115;
							}
							_t646 =  *_t646;
							__eflags = _t1096 - _t646;
							if(_t1096 == _t646) {
								goto L115;
							}
						}
						goto L115;
					} else {
						goto L83;
					}
					while(1) {
						L83:
						__eflags = _t831 -  *((intOrPtr*)(_t645 + 4));
						if(_t831 <  *((intOrPtr*)(_t645 + 4))) {
							break;
						}
						_t967 =  *_t645;
						__eflags = _t967;
						if(_t967 == 0) {
							_t831 =  *((intOrPtr*)(_t645 + 4)) - 1;
							break;
						}
						_t645 = _t967;
					}
					_a12 = _t645;
					_a20 = _t831;
					_t1062 = _t645 + 0x14;
					while(1) {
						_t651 = _a12[6];
						_t968 =  *((intOrPtr*)(_t651 + 4));
						_t840 = _a20 -  *_t1062;
						_a16 = _t651;
						__eflags = _t651 - _t968;
						if(_t651 == _t968) {
							goto L106;
						}
						_t1099 =  *(_t790 + 0x4c);
						__eflags = _t1099;
						if(_t1099 == 0) {
							_t654 =  *(_t968 - 8) & 0x0000ffff;
						} else {
							_t985 =  *(_t968 - 8);
							_t1099 =  *(_t790 + 0x4c);
							__eflags = _t1099 & _t985;
							if((_t1099 & _t985) != 0) {
								_t985 = _t985 ^  *(_t790 + 0x50);
								__eflags = _t985;
							}
							_t654 = _t985 & 0x0000ffff;
						}
						_t651 = _a16;
						__eflags = _v8 - (_t654 & 0x0000ffff);
						if(_v8 - (_t654 & 0x0000ffff) <= 0) {
							_t972 =  *_t651 - 8;
							__eflags = _t1099;
							if(_t1099 == 0) {
								_t656 =  *_t972 & 0x0000ffff;
							} else {
								_t984 =  *_t972;
								_t1099 =  *(_t790 + 0x4c);
								__eflags = _t1099 & _t984;
								if((_t1099 & _t984) != 0) {
									_t984 = _t984 ^  *(_t790 + 0x50);
									__eflags = _t984;
								}
								_t656 = _t984 & 0x0000ffff;
							}
							__eflags = _v8 - (_t656 & 0x0000ffff);
							if(_v8 - (_t656 & 0x0000ffff) <= 0) {
								_t651 =  *_a16;
								goto L106;
							} else {
								_t659 = _a12;
								__eflags =  *_t659;
								if( *_t659 == 0) {
									__eflags = _a20 - _t659[1] - 1;
									if(_a20 != _t659[1] - 1) {
										goto L97;
									}
									_t679 = _a12;
									__eflags =  *(_t679 + 8);
									if( *(_t679 + 8) != 0) {
										_t840 = _t840 + _t840;
										__eflags = _t840;
									}
									_t849 =  *((intOrPtr*)( *((intOrPtr*)(_t679 + 0x20)) + _t840 * 4));
									while(1) {
										__eflags = _a16 - _t849;
										if(_a16 == _t849) {
											break;
										}
										__eflags = _t1099;
										if(_t1099 == 0) {
											_t681 =  *(_t849 - 8) & 0x0000ffff;
										} else {
											_t983 =  *(_t849 - 8);
											_t1099 =  *(_t790 + 0x4c);
											__eflags = _t1099 & _t983;
											if((_t1099 & _t983) != 0) {
												_t983 = _t983 ^  *(_t790 + 0x50);
												__eflags = _t983;
											}
											_t681 = _t983 & 0x0000ffff;
										}
										__eflags = _v8 - (_t681 & 0x0000ffff);
										if(_v8 - (_t681 & 0x0000ffff) > 0) {
											_t849 =  *_t849;
											continue;
										} else {
											_a8 = _t849;
											break;
										}
									}
									L107:
									_t646 = _a8;
									__eflags = _t646;
									if(_t646 == 0) {
										_t236 =  *_a12 + 0x14; // 0x14
										_t1062 = _t236;
										_a12 =  *_a12;
										_a20 =  *_t1062;
										continue;
									}
									goto L108;
								}
								L97:
								_t662 = _a12;
								_t976 =  *((intOrPtr*)(_t662 + 4)) -  *_t1062;
								_t1101 = _t840 >> 5;
								_t1062 =  *((intOrPtr*)(_t662 + 0x1c)) + _t1101 * 4;
								_t978 = (_t976 >> 5) - 1;
								_t669 =  !((1 << (_t840 & 0x0000001f)) - 1) &  *_t1062;
								__eflags = 1;
								if(1 != 0) {
									L101:
									__eflags = _t669 & 0x0000ffff;
									if((_t669 & 0x0000ffff) == 0) {
										_t846 = _t669 >> 0x00000010 & 0x000000ff;
										__eflags = _t846;
										if(_t846 != 0) {
											_t211 = _t846 + 0x725818; // 0x10008
											_t671 = ( *_t211 & 0x000000ff) + 0x10;
										} else {
											_t210 = (_t669 >> 0x18) + 0x725818; // 0x10008
											_t671 = ( *_t210 & 0x000000ff) + 0x18;
										}
									} else {
										_t980 = _t669 & 0x000000ff;
										__eflags = _t980;
										if(_t980 == 0) {
											_t212 = (_t669 >> 0x00000008 & 0x000000ff) + 0x725818; // 0x10008
											_t671 = ( *_t212 & 0x000000ff) + 8;
										} else {
											_t154 = _t980 + 0x725818; // 0x10008
											_t671 =  *_t154 & 0x000000ff;
										}
									}
									_t1103 = (_t1101 << 5) + _t671;
									_t672 = _a12;
									__eflags = _t672[2];
									_t847 = _t1103 + _t1103;
									if(_t672[2] == 0) {
										_t847 = _t1103;
									}
									_t651 =  *(_t672[8] + _t847 * 4);
									goto L106;
								} else {
									goto L98;
								}
								while(1) {
									L98:
									__eflags = _t1101 - _t978;
									if(_t1101 > _t978) {
										break;
									}
									_t1062 = _t1062 + 4;
									_t669 =  *_t1062;
									_t1101 = _t1101 + 1;
									__eflags = _t669;
									if(_t669 == 0) {
										continue;
									}
									break;
								}
								__eflags = _t669;
								if(_t669 == 0) {
									_a8 = _a8 & 0x00000000;
									goto L107;
								}
								goto L101;
							}
						}
						L106:
						_a8 = _t651;
						goto L107;
					}
				}
			}

Strings

HEAP[%wZ]: , xrefs: 00759C93
HEAP: Free Heap block %lx modified at %lx after it was freed, xrefs: 00759CB4
HEAP: , xrefs: 00759CA0

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %lx modified at %lx after it was freed$HEAP[%wZ]:
API String ID: 0-2419525547
Opcode ID: 6b0d320e750cb065d2b6ec89f2c7a1d901d9f34edb3be17d6f3af2dcf89bf116
Instruction ID: 6254f8f5678e571e4dc430895a77d209b482b32eb8f30fedbb73a894f0edf06b
Opcode Fuzzy Hash: 6b0d320e750cb065d2b6ec89f2c7a1d901d9f34edb3be17d6f3af2dcf89bf116
Instruction Fuzzy Hash: 4CC2BD71A04266CFCB18CF19C490A7A7BB2FF94301B29C1A9ED568B356D738EC51DB90

Uniqueness

Uniqueness Score: 100.00%

Function 0072595C, Relevance: 4.8, Strings: 3, Instructions: 1053
UNIQUECrypto

C-Code - Quality: 88%

			E0072595C(void* __ebx, signed int __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t572;
				signed int _t574;
				unsigned int _t578;
				void* _t582;
				signed int _t586;
				intOrPtr _t590;
				signed int _t604;
				signed int* _t612;
				void* _t613;
				intOrPtr _t624;
				unsigned int _t625;
				signed int _t626;
				intOrPtr* _t627;
				signed int _t629;
				intOrPtr _t630;
				signed char* _t631;
				signed int _t632;
				signed char _t633;
				signed char _t636;
				unsigned int _t637;
				signed char* _t642;
				signed int _t646;
				signed int _t652;
				signed char _t665;
				signed int _t666;
				intOrPtr _t672;
				intOrPtr _t674;
				intOrPtr _t676;
				signed int* _t690;
				signed int _t692;
				signed short _t695;
				signed int _t697;
				signed short* _t699;
				signed short _t700;
				unsigned int _t708;
				signed int _t709;
				signed int _t710;
				signed int _t719;
				signed short _t720;
				signed short _t722;
				signed short _t723;
				signed short _t724;
				signed char _t725;
				signed char _t726;
				void* _t727;
				signed int _t728;
				void* _t729;
				intOrPtr* _t730;
				intOrPtr _t733;
				signed char* _t734;
				void* _t735;
				signed int _t747;
				signed int _t754;
				signed int _t755;
				signed int _t756;
				signed int _t758;
				signed int _t762;
				signed char _t766;
				signed int* _t774;
				unsigned int _t780;
				signed int _t781;
				intOrPtr* _t784;
				intOrPtr* _t785;
				intOrPtr* _t786;
				signed int _t789;
				signed short _t806;
				signed int _t807;
				signed int _t819;
				signed int _t821;
				signed int _t829;
				signed int _t830;
				intOrPtr _t832;
				signed short _t833;
				signed int _t835;
				signed int _t839;
				signed int _t841;
				signed int _t857;
				intOrPtr _t859;
				intOrPtr* _t860;
				intOrPtr _t861;
				intOrPtr* _t862;
				intOrPtr _t864;
				signed int _t867;
				signed int _t875;
				signed int _t876;
				signed short _t879;
				signed short _t882;
				signed char _t884;
				signed int _t885;
				intOrPtr _t889;
				intOrPtr _t890;
				signed char* _t892;
				signed short _t893;
				signed int _t894;
				signed int _t904;
				signed int* _t905;
				signed int _t910;
				signed int _t911;
				intOrPtr* _t913;
				signed int _t914;
				signed int _t921;
				intOrPtr _t923;
				intOrPtr _t924;
				signed int _t926;
				signed int _t928;
				signed int _t933;
				signed int _t939;
				signed int _t940;
				signed int _t947;
				signed int _t948;
				intOrPtr _t951;
				signed int _t952;
				signed int _t957;
				signed int _t959;
				signed int _t960;
				signed int _t961;
				signed int _t963;
				signed int _t965;
				signed int _t966;
				signed short _t967;
				intOrPtr _t972;
				signed short _t973;
				void* _t978;
				void* _t979;

				_t956 = __esi;
				_t884 = __edx;
				_push(0xb0);
				_push(0x721228);
				_t572 = E00722824(__ebx, __edi, __esi);
				 *(_t978 - 0x3c) = __edx;
				_t753 = __ecx;
				 *(_t978 - 0x20) = __ecx;
				_t762 = 1;
				 *(_t978 - 0x44) = 1;
				 *((char*)(_t978 - 0x21)) = 0;
				_t939 = 0;
				 *(_t978 - 0x30) = 0;
				 *(_t978 - 0x28) = 0;
				 *(_t978 - 0x58) = 0;
				 *((intOrPtr*)(_t978 - 0x70)) = 0;
				if((__edx & 0x7d010f60) != 0) {
					L16:
					 *(_t978 - 0x44) = _t939;
					 *( *(_t978 + 0x14)) = 4;
					__eflags =  *(_t978 + 8) - 0x7fffffff;
					if( *(_t978 + 8) > 0x7fffffff) {
						_t574 = 0;
						goto L94;
					}
					__eflags = _t884 & 0x61000000;
					if((_t884 & 0x61000000) != 0) {
						__eflags = _t884 & 0x10000000;
						if(__eflags != 0) {
							goto L18;
						}
						_t574 = E007961D6(_t753, _t939, _t956, __eflags, _t753, _t884,  *(_t978 + 8));
						goto L94;
					}
					L18:
					__eflags =  *(_t978 + 8) - _t939;
					if( *(_t978 + 8) != _t939) {
						_t762 =  *(_t978 + 8);
					}
					_t578 =  *((intOrPtr*)(_t753 + 0x98)) + _t762 &  *(_t753 + 0x9c);
					 *(_t978 + 0xc) = _t578;
					_t766 = _t884 >> 0x00000004 & 0x000000e1 | 0x00000001;
					 *(_t978 - 0x19) = _t766;
					__eflags = _t884 & 0x3c000100;
					if((_t884 & 0x3c000100) != 0) {
						L22:
						 *(_t978 - 0x19) = _t766 | 0x00000002;
						_t578 = _t578 + 8;
						__eflags = _t578;
						 *(_t978 + 0xc) = _t578;
						L23:
						 *(_t978 - 0x2c) = _t578 >> 3;
						_t957 =  *(_t978 + 0x10);
						goto L46;
					}
					__eflags =  *((intOrPtr*)(_t753 + 0xc0)) - _t939;
					if( *((intOrPtr*)(_t753 + 0xc0)) == _t939) {
						goto L23;
					}
					goto L22;
				} else {
					__eflags =  *(__ebp + 8) - 0x80000000;
					if( *(__ebp + 8) >= 0x80000000) {
						goto L16;
					}
					__esi =  *(__ebp + 0x10);
					__eflags = __esi;
					if(__esi == 0) {
						__eflags =  *(__ebp + 8);
						if( *(__ebp + 8) == 0) {
							__eax = 0;
							__eax = 1;
						} else {
							__eax =  *(__ebp + 8);
						}
						__eax = __eax + 0xf;
						__eax = __eax & 0xfffffff8;
						 *(__ebp + 0xc) = __eax;
					} else {
						__eax =  *(__ebp + 0xc);
					}
					 *((char*)(__ebp - 0x19)) = 1;
					__ecx = __eax;
					__ecx = __eax >> 3;
					 *(__ebp - 0x2c) = __ecx;
					__eflags = __ecx - 2;
					if(__ecx < 2) {
						 *(__ebp + 0xc) = __eax;
						 *(__ebp - 0x2c) = 2;
					}
					__eax =  *(__ebp + 0x14);
					 *__eax = 3;
					L46:
					__eflags = _t884 & 0x00800000;
					if((_t884 & 0x00800000) != 0) {
						_t115 = _t978 - 0x19;
						 *_t115 =  *(_t978 - 0x19) | 0x00000008;
						__eflags =  *_t115;
					}
					 *(_t978 - 4) = _t939;
					__eflags = _t884 & 0x00000001;
					if(__eflags != 0) {
						L53:
						_t580 =  *(_t978 - 0x2c);
						__eflags =  *(_t978 - 0x2c) -  *((intOrPtr*)(_t753 + 0x60));
						if( *(_t978 - 0x2c) >  *((intOrPtr*)(_t753 + 0x60))) {
							__eflags =  *(_t753 + 0x40) & 0x00000002;
							if(( *(_t753 + 0x40) & 0x00000002) != 0) {
								 *(_t978 + 0xc) =  *(_t978 + 0xc) + 0x18;
								_t754 =  *(_t978 - 0x20);
								_t582 = E00783952(_t754, 1);
								_push(_t582);
								_push(0x1000);
								_push(_t978 + 0xc);
								_push(0);
								_push(_t978 - 0x28);
								_push(0xffffffff);
								_t580 = E00714EA0();
								__eflags = _t580;
								if(_t580 < 0) {
									 *((intOrPtr*)(_t754 + 0x10c)) =  *((intOrPtr*)(_t754 + 0x10c)) + 1;
									goto L243;
								} else {
									__eflags =  *0x7ffe0380;
									if( *0x7ffe0380 != 0) {
										_t590 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
										__eflags =  *(_t590 + 0x240) & 0x00000001;
										if(( *(_t590 + 0x240) & 0x00000001) != 0) {
											E0079424E(_t754,  *(_t978 - 0x28),  *(_t978 + 0xc), 9);
										}
										__eflags =  *0x7ffe0380;
										if( *0x7ffe0380 != 0) {
											__eflags =  *( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x240) & 0x00000001;
											if(__eflags != 0) {
												E007946E1(__eflags, _t754,  *(_t978 - 0x28),  *(_t978 + 0xc),  *(_t754 + 0x78) << 3,  *0x7ffe0380 & 0x000000ff);
											}
										}
									}
									__eflags =  *0x7ffe038a;
									if(__eflags != 0) {
										E007946E1(__eflags, _t754,  *(_t978 - 0x28),  *(_t978 + 0xc),  *(_t754 + 0x78) << 3,  *0x7ffe038a & 0x000000ff);
									}
									 *((short*)( *(_t978 - 0x28) + 0x18)) =  *(_t978 + 0xc) -  *(_t978 + 8);
									 *( *(_t978 - 0x28) + 0x1a) =  *(_t978 - 0x19) & 0x000000ff | 0x00000002;
									 *( *(_t978 - 0x28) + 0x10) =  *(_t978 + 0xc);
									 *( *(_t978 - 0x28) + 0x14) =  *(_t978 + 0xc);
									 *((char*)( *(_t978 - 0x28) + 0x1f)) = 4;
									 *((intOrPtr*)(_t754 + 0xe8)) =  *((intOrPtr*)(_t754 + 0xe8)) +  *(_t978 + 0xc);
									__eflags =  *(_t754 + 0x40) & 0x08000000;
									if(( *(_t754 + 0x40) & 0x08000000) != 0) {
										 *((short*)( *(_t978 - 0x28) + 8)) = E0078DDF8();
									}
									_t604 = E007271D3();
									__eflags = _t604 & 0x00000800;
									if((_t604 & 0x00000800) != 0) {
										 *((short*)( *(_t978 - 0x28) + 0xa)) = E00783B12(_t754,  *(_t978 - 0x3c) >> 0x00000012 & 0x000000ff, 0,  *( *(_t978 - 0x28) + 0x10) >> 3, 1);
									}
									_t885 =  *(_t978 - 0x28);
									_t612 = _t885 + 0x18;
									__eflags =  *(_t754 + 0x4c);
									if( *(_t754 + 0x4c) != 0) {
										_t612[0] = _t612[0] & 0x000000ff ^ _t612[0] & 0x000000ff ^  *_t612 & 0x000000ff;
										 *_t612 =  *_t612 ^  *(_t754 + 0x50);
										__eflags =  *_t612;
										_t885 =  *(_t978 - 0x28);
									}
									_t613 = _t754 + 0xa0;
									_t774 =  *(_t613 + 4);
									_t959 =  *_t774;
									__eflags = _t959 - _t613;
									if(__eflags != 0) {
										_push(0);
										_push(_t959);
										_push(0);
										_push(_t613);
										_push(0);
										_push(0xc);
										E00794B0C(_t754, 0, _t885, _t939, _t959, __eflags);
									} else {
										 *_t885 = _t613;
										 *(_t885 + 4) = _t774;
										 *_t774 = _t885;
										 *(_t613 + 4) = _t885;
									}
									_t580 =  *(_t978 - 0x28) + 0x20;
									 *(_t978 - 0x30) =  *(_t978 - 0x28) + 0x20;
									goto L92;
								}
							} else {
								L243:
								 *(_t978 - 0x30) =  *(_t978 - 0x30) & 0x00000000;
								L311:
								_t754 =  *(_t978 - 0x20);
								goto L92;
							}
						}
						__eflags = _t957 - _t939;
						if(_t957 == _t939) {
							L60:
							 *(_t978 - 0x38) = _t753 + 0xc4;
							_t940 =  *(_t753 + 0xb8);
							while(1) {
								 *(_t978 - 0xc0) = _t940;
								_t624 =  *((intOrPtr*)(_t940 + 4));
								_t780 =  *(_t978 - 0x2c);
								__eflags = _t780 - _t624;
								if(_t780 < _t624) {
									break;
								}
								_t781 =  *_t940;
								__eflags = _t781;
								if(_t781 == 0) {
									_t625 = _t624 - 1;
									L132:
									 *(_t978 - 0x84) = _t625;
									L97:
									 *(_t978 - 0x9c) = _t940;
									_t783 =  *(_t978 - 0x84) -  *(_t940 + 0x14);
									_t888 =  *(_t940 + 0x18);
									 *(_t978 + 0x10) = _t888;
									_t626 =  *(_t888 + 4);
									 *(_t978 - 0x94) = _t626;
									__eflags = _t888 - _t626;
									if(_t888 == _t626) {
										 *(_t978 - 0x34) = _t888;
										L111:
										_t960 =  *(_t978 - 0x34);
										__eflags = _t960;
										if(_t960 == 0) {
											_t940 =  *_t940;
											_t625 =  *(_t940 + 0x14);
											_t753 =  *(_t978 - 0x20);
											goto L132;
										}
										__eflags =  *(_t978 - 0x38) - _t960;
										if( *(_t978 - 0x38) == _t960) {
											L198:
											_t941 =  *(_t978 - 0x20);
											_t966 = E0072F0D9(_t783, _t888, _t941,  *(_t978 + 0xc));
											 *(_t978 + 0x14) = _t966;
											__eflags = _t966;
											if(_t966 == 0) {
												goto L243;
											}
											_t406 = _t966 + 8; // 0x8
											_t627 = _t406;
											_t889 =  *_t627;
											 *((intOrPtr*)(_t978 - 0x48)) = _t889;
											_t784 =  *((intOrPtr*)(_t966 + 0xc));
											 *((intOrPtr*)(_t978 - 0x68)) = _t784;
											_t785 =  *_t784;
											_t890 =  *((intOrPtr*)(_t889 + 4));
											__eflags = _t785 - _t890;
											if(__eflags != 0) {
												L267:
												_push(0);
												_push(_t785);
												_push(_t890);
												_push(_t627);
												_push(_t941);
												L262:
												_push(0xc);
												_t580 = E00794B0C(_t753, _t785, _t890, _t941, _t966, __eflags);
												goto L311;
											}
											__eflags = _t785 - _t627;
											if(__eflags != 0) {
												goto L267;
											}
											 *((intOrPtr*)(_t941 + 0x78)) =  *((intOrPtr*)(_t941 + 0x78)) - ( *_t966 & 0x0000ffff);
											_t629 =  *(_t941 + 0xb8);
											__eflags = _t629;
											if(_t629 == 0) {
												L77:
												_t630 =  *((intOrPtr*)(_t978 - 0x48));
												_t786 =  *((intOrPtr*)(_t978 - 0x68));
												 *_t786 = _t630;
												 *((intOrPtr*)(_t630 + 4)) = _t786;
												_t179 = _t966 + 2; // 0x2
												_t631 = _t179;
												 *(_t978 + 0x10) = _t631;
												__eflags =  *_t631 & 0x00000008;
												if(( *_t631 & 0x00000008) != 0) {
													_t632 = E006FC30D( *(_t978 - 0x20), _t966);
													__eflags = _t632;
													if(_t632 != 0) {
														goto L78;
													} else {
														_t580 = E006FE4D7(_t753, _t941,  *(_t978 - 0x20), _t966,  *_t966 & 0x0000ffff, 1);
														goto L311;
													}
												}
												L78:
												_t755 =  *(_t978 + 0x10);
												_t633 =  *_t755;
												 *(_t978 - 0xa0) = _t633;
												__eflags =  *(_t978 - 0x44);
												if( *(_t978 - 0x44) == 0) {
													__eflags = _t633 & 0x00000004;
													if((_t633 & 0x00000004) != 0) {
														_t947 = ( *_t966 & 0x0000ffff) * 8 - 0x10;
														 *(_t978 - 0xb0) = _t947;
														__eflags = _t633 & 0x00000002;
														if((_t633 & 0x00000002) != 0) {
															__eflags = _t947 - 4;
															if(_t947 > 4) {
																_t947 = _t947 - 4;
																__eflags = _t947;
																 *(_t978 - 0xb0) = _t947;
															}
														}
														_t480 = _t966 + 0x10; // 0x10
														_t674 = E00705770(_t480, _t947, 0xfeeefeee);
														 *((intOrPtr*)(_t978 - 0x48)) = _t674;
														__eflags = _t674 - _t947;
														if(_t674 != _t947) {
															_t676 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
															__eflags =  *(_t676 + 0xc);
															if( *(_t676 + 0xc) == 0) {
																_push("HEAP: ");
																E006EF63B();
															} else {
																E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
															}
															_t966 =  *(_t978 + 0x14);
															_push( *((intOrPtr*)(_t978 - 0x48)) + _t966 + 0x10);
															E006EF63B("HEAP: Free Heap block %lx modified at %lx after it was freed\n", _t966);
															_t979 = _t979 + 0xc;
															E007959C1(_t966);
														}
													}
												}
												 *_t755 =  *(_t978 - 0x19);
												_t942 =  *(_t978 - 0x2c);
												_t789 = ( *_t966 & 0x0000ffff) - _t942;
												 *(_t978 - 0xa4) = _t789;
												 *_t966 = _t942;
												_t636 =  *(_t978 + 0xc) -  *(_t978 + 8);
												 *(_t978 - 0x38) = _t636;
												_t192 = _t966 + 7; // 0x7
												_t892 = _t192;
												__eflags = _t636 - 0x3f;
												if(_t636 >= 0x3f) {
													 *(_t978 - 0x60) = _t892;
													_t754 =  *(_t978 - 0x20);
													__eflags =  *_t892 & 0x00000080;
													if(( *_t892 & 0x00000080) == 0) {
														__eflags =  *(_t754 + 0x4c);
														if( *(_t754 + 0x4c) == 0) {
															_t893 = _t942 & 0x0000ffff;
														} else {
															_t973 =  *_t966;
															 *(_t978 - 0x90) = _t973;
															__eflags =  *(_t754 + 0x4c) & _t973;
															if(( *(_t754 + 0x4c) & _t973) != 0) {
																_t973 = _t973 ^  *(_t754 + 0x50);
																__eflags = _t973;
																 *(_t978 - 0x90) = _t973;
															}
															_t893 = _t973 & 0x0000ffff;
															_t966 =  *(_t978 + 0x14);
															_t789 =  *(_t978 - 0xa4);
														}
														_t894 = _t893 & 0x0000ffff;
													} else {
														_t894 =  *(( *_t966 ^ _t966 >> 0x00000003 ^  *0x7a81dc ^ _t754) + 0x10) & 0x0000ffff;
														_t966 =  *(_t978 + 0x14);
														_t789 =  *(_t978 - 0xa4);
													}
													_t508 = _t894 * 8; // -4
													 *( *(_t978 - 0x60)) = 0x3f;
													 *(_t966 + _t508 - 4) = _t636;
													_t942 =  *(_t978 - 0x2c);
													_t892 =  *(_t978 - 0x60);
												} else {
													 *_t892 = _t636;
													_t754 =  *(_t978 - 0x20);
												}
												_t194 = _t966 + 3; // 0x3
												_t637 = _t194;
												 *(_t978 - 0x2c) = _t637;
												 *_t637 = 0;
												__eflags = _t789;
												if(_t789 == 0) {
													L86:
													_t203 = _t966 + 8; // 0x8
													_t580 = _t203;
													 *(_t978 - 0x30) = _t203;
													__eflags =  *(_t978 - 0x44);
													if( *(_t978 - 0x44) == 0) {
														__eflags =  *(_t978 - 0x3c) & 0x00000008;
														if(( *(_t978 - 0x3c) & 0x00000008) != 0) {
															 *(_t978 - 0x58) =  *(_t978 + 8);
														} else {
															__eflags =  *(_t754 + 0x40) & 0x00000040;
															if(( *(_t754 + 0x40) & 0x00000040) != 0) {
																E00705810(_t580,  *(_t978 + 8) & 0xfffffffc, 0xbaadf00d);
															}
														}
														__eflags =  *(_t754 + 0x40) & 0x00000020;
														if(( *(_t754 + 0x40) & 0x00000020) != 0) {
															asm("stosd");
															asm("stosd");
															 *( *(_t978 + 0x10)) =  *( *(_t978 + 0x10)) & 0x000000ff | 0x00000004;
														}
														 *( *(_t978 - 0x2c)) = 0;
														_t642 =  *(_t978 + 0x10);
														__eflags =  *_t642 & 0x00000002;
														if(( *_t642 & 0x00000002) != 0) {
															 *((intOrPtr*)(_t978 - 0x74)) = E006FEA3F(_t966);
															asm("stosd");
															asm("stosd");
															__eflags =  *(_t754 + 0x40) & 0x08000000;
															if(( *(_t754 + 0x40) & 0x08000000) != 0) {
																 *((short*)( *((intOrPtr*)(_t978 - 0x74)))) = E0078DDF8();
															}
															_t646 = E007271D3();
															__eflags = _t646 & 0x00000800;
															if((_t646 & 0x00000800) != 0) {
																 *((short*)( *((intOrPtr*)(_t978 - 0x74)) + 2)) = E00783B12(_t754,  *(_t978 - 0x3c) >> 0x00000012 & 0x00000fff, 0,  *_t966 & 0x0000ffff, 0);
															}
														} else {
															_t652 = E007271D3();
															__eflags = _t652 & 0x00000800;
															if((_t652 & 0x00000800) != 0) {
																 *( *(_t978 - 0x2c)) = E00783B12(_t754,  *(_t978 - 0x3c) >> 0x00000012 & 0x000000ff, 0,  *_t966 & 0x0000ffff, 0);
															}
														}
														_t580 = 0;
														__eflags =  *(_t754 + 0x4c);
														if( *(_t754 + 0x4c) != 0) {
															 *( *(_t978 - 0x2c)) =  *(_t966 + 1) & 0x000000ff ^  *_t966 & 0x000000ff ^  *( *(_t978 + 0x10)) & 0x000000ff;
															 *_t966 =  *_t966 ^  *(_t754 + 0x50);
															__eflags =  *_t966;
														}
														__eflags =  *(_t978 - 0x58) - _t580;
														if( *(_t978 - 0x58) != _t580) {
															_push( *(_t978 - 0x58));
															_push(_t580);
															L133:
															_push( *(_t978 - 0x30));
															_t580 = E00704EC0();
														}
														goto L92;
													}
													__eflags =  *(_t754 + 0x4c);
													if( *(_t754 + 0x4c) != 0) {
														 *( *(_t978 - 0x2c)) =  *(_t966 + 1) & 0x000000ff ^  *_t966 & 0x000000ff ^  *( *(_t978 + 0x10)) & 0x000000ff;
														_t580 =  *(_t754 + 0x50);
														 *_t966 =  *_t966 ^  *(_t754 + 0x50);
														__eflags =  *_t966;
													}
													__eflags =  *((char*)(_t978 - 0x21));
													if( *((char*)(_t978 - 0x21)) != 0) {
														_t580 = E007172D0( *((intOrPtr*)(_t754 + 0xcc)));
														 *((char*)(_t978 - 0x21)) = 0;
													}
													__eflags =  *(_t978 - 0x3c) & 0x00000008;
													if(( *(_t978 - 0x3c) & 0x00000008) != 0) {
														_push( *(_t978 + 8));
														_push(0);
														goto L133;
													} else {
														goto L92;
													}
												} else {
													__eflags = _t789 - 1;
													if(_t789 == 1) {
														_t416 = ( *_t966 & 0x0000ffff) + 1; // 0x4
														_t806 = _t416;
														 *_t966 = _t806;
														_t665 =  *(_t978 + 0xc) -  *(_t978 + 8) + 8;
														 *(_t978 - 0xa0) = _t665;
														__eflags = _t665 - 0x3f;
														if(_t665 >= 0x3f) {
															__eflags =  *_t892 & 0x00000080;
															if(( *_t892 & 0x00000080) == 0) {
																__eflags =  *(_t754 + 0x4c);
																if( *(_t754 + 0x4c) == 0) {
																	_t807 = _t806 & 0x0000ffff;
																	L293:
																	_t525 = (_t807 & 0x0000ffff) * 8; // -4
																	 *_t892 = 0x3f;
																	 *(_t966 + _t525 - 4) = _t665;
																	goto L86;
																}
																_t967 =  *_t966;
																 *(_t978 - 0x88) = _t967;
																__eflags =  *(_t754 + 0x4c) & _t967;
																if(( *(_t754 + 0x4c) & _t967) != 0) {
																	_t967 = _t967 ^  *(_t754 + 0x50);
																	__eflags = _t967;
																	 *(_t978 - 0x88) = _t967;
																}
																_t807 = _t967 & 0x0000ffff;
																L291:
																_t966 =  *(_t978 + 0x14);
																goto L293;
															}
															_t807 =  *(( *_t966 ^ _t966 >> 0x00000003 ^  *0x7a81dc ^ _t754) + 0x10);
															goto L291;
														}
														 *_t892 = _t665;
														goto L86;
													}
													_t666 =  *((intOrPtr*)(_t966 + 6));
													__eflags = _t666;
													if(_t666 != 0) {
														_t904 = (_t966 & 0xffff0000) - _t666 + 0x10000;
													} else {
														_t904 = _t754;
													}
													__eflags =  *(_t978 - 0x44);
													__eflags = E0072645A(_t754, _t904, _t966 + _t942 * 8,  *(_t978 - 0xa0), (_t666 & 0xffffff00 |  *(_t978 - 0x44) == 0x00000000) & 0x000000ff, _t942, _t789);
													if(__eflags == 0) {
														_t672 = 0xc000003c;
														goto L249;
													} else {
														goto L86;
													}
												}
											}
											_t948 =  *_t966 & 0x0000ffff;
											while(1) {
												 *(_t978 - 0xbc) = _t629;
												_t819 =  *(_t629 + 4);
												__eflags = _t948 - _t819;
												if(_t948 < _t819) {
													break;
												}
												_t911 =  *_t629;
												__eflags = _t911;
												if(_t911 == 0) {
													 *(_t978 - 0x7c) = _t819 - 1;
													L188:
													_t821 =  *(_t978 - 0x7c) -  *((intOrPtr*)(_t629 + 0x14));
													 *(_t978 + 0x10) = _t821;
													__eflags =  *(_t629 + 8);
													if( *(_t629 + 8) != 0) {
														_t821 = _t821 + _t821;
														__eflags = _t821;
													}
													_t941 = _t821 << 2;
													_t905 = _t941 +  *((intOrPtr*)(_t629 + 0x20));
													 *(_t978 - 0x38) =  *_t905;
													 *((intOrPtr*)(_t629 + 0xc)) =  *((intOrPtr*)(_t629 + 0xc)) - 1;
													__eflags =  *(_t978 - 0x7c) -  *(_t629 + 4) - 1;
													if( *(_t978 - 0x7c) ==  *(_t629 + 4) - 1) {
														_t391 = _t629 + 0x10;
														 *_t391 =  *(_t629 + 0x10) - 1;
														__eflags =  *_t391;
													}
													__eflags =  *(_t978 - 0x38) - _t966 + 8;
													if( *(_t978 - 0x38) != _t966 + 8) {
														goto L77;
													} else {
														 *(_t978 - 0x50) =  *(_t629 + 4);
														__eflags =  *_t629;
														if( *_t629 == 0) {
															_t397 = _t978 - 0x50;
															 *_t397 =  *(_t978 - 0x50) - 1;
															__eflags =  *_t397;
														}
														__eflags =  *(_t978 - 0x7c) -  *(_t978 - 0x50);
														if( *(_t978 - 0x7c) >=  *(_t978 - 0x50)) {
															L174:
															_t829 =  *(_t966 + 8);
															__eflags = _t829 -  *((intOrPtr*)(_t629 + 0x18));
															if(_t829 !=  *((intOrPtr*)(_t629 + 0x18))) {
																 *_t905 = _t829;
																goto L77;
															}
															 *_t905 =  *_t905 & 0x00000000;
															goto L76;
														} else {
															_t910 =  *(_t966 + 8);
															__eflags = _t910 -  *((intOrPtr*)(_t629 + 0x18));
															if(_t910 ==  *((intOrPtr*)(_t629 + 0x18))) {
																L75:
																_t832 =  *((intOrPtr*)(_t629 + 0x20));
																_t170 = _t941 + _t832;
																 *_t170 =  *(_t941 + _t832) & 0x00000000;
																__eflags =  *_t170;
																L76:
																_t830 =  *(_t978 + 0x10);
																_t941 = _t830 >> 5;
																_t690 =  *((intOrPtr*)(_t629 + 0x1c)) + (_t830 >> 5) * 4;
																 *_t690 =  *_t690 &  !(1 << (_t830 & 0x0000001f));
																__eflags =  *_t690;
																goto L77;
															}
															_t756 =  *(_t978 - 0x20);
															__eflags =  *(_t756 + 0x4c);
															if( *(_t756 + 0x4c) == 0) {
																L239:
																_t833 =  *(_t910 - 8) & 0x0000ffff;
																goto L74;
															} else {
																_t835 =  *(_t910 - 8);
																 *(_t978 - 0x80) = _t835;
																__eflags =  *(_t756 + 0x4c) & _t835;
																if(( *(_t756 + 0x4c) & _t835) != 0) {
																	_t835 = _t835 ^  *(_t756 + 0x50);
																	 *(_t978 - 0x80) = _t835;
																}
																L73:
																_t833 = _t835 & 0x0000ffff;
																_t966 =  *(_t978 + 0x14);
																L74:
																_t753 = ( *_t966 & 0x0000ffff) == (_t833 & 0x0000ffff);
																__eflags = ( *_t966 & 0x0000ffff) == (_t833 & 0x0000ffff);
																if(( *_t966 & 0x0000ffff) == (_t833 & 0x0000ffff)) {
																	 *(_t941 +  *((intOrPtr*)(_t629 + 0x20))) = _t910;
																	goto L77;
																}
																goto L75;
															}
															goto L198;
														}
													}
												}
												_t629 = _t911;
											}
											 *(_t978 - 0x7c) = _t948;
											goto L188;
										}
										_t966 = _t960 + 0xfffffff8;
										 *(_t978 + 0x14) = _t966;
										_t692 =  *(_t978 - 0x20);
										__eflags =  *(_t692 + 0x4c);
										if( *(_t692 + 0x4c) != 0) {
											 *_t966 =  *_t966 ^  *(_t692 + 0x50);
											_t783 =  *(_t966 + 2) ^  *(_t966 + 1) ^  *_t966;
											__eflags =  *(_t966 + 3) - ( *(_t966 + 2) ^  *(_t966 + 1) ^  *_t966);
											if(__eflags != 0) {
												_push(0);
												_push(_t966);
												_push(_t692);
												E00794BBA(_t753, _t940, _t966, __eflags);
												_t692 =  *(_t978 - 0x20);
											}
										}
										_t753 =  *_t966 & 0x0000ffff;
										__eflags = _t753 -  *(_t978 - 0x2c);
										if(_t753 <  *(_t978 - 0x2c)) {
											__eflags =  *(_t692 + 0x4c);
											if( *(_t692 + 0x4c) != 0) {
												_t888 =  *_t966 & 0x000000ff;
												_t783 =  *(_t966 + 2) & 0x000000ff ^  *(_t966 + 1) & 0x000000ff ^  *_t966 & 0x000000ff;
												 *(_t966 + 3) =  *(_t966 + 2) & 0x000000ff ^  *(_t966 + 1) & 0x000000ff ^  *_t966 & 0x000000ff;
												 *_t966 =  *_t966 ^  *(_t692 + 0x50);
											}
											goto L198;
										} else {
											_t785 = _t966 + 8;
											_t951 =  *_t785;
											 *((intOrPtr*)(_t978 - 0x48)) = _t951;
											_t913 =  *((intOrPtr*)(_t966 + 0xc));
											 *((intOrPtr*)(_t978 - 0x68)) = _t913;
											_t890 =  *_t913;
											_t941 =  *(_t951 + 4);
											__eflags = _t890 - _t941;
											if(__eflags != 0) {
												L240:
												_push(0);
												_push(_t890);
												_push(_t941);
												_push(_t785);
												_push( *(_t978 - 0x20));
												goto L262;
											}
											__eflags = _t890 - _t785;
											if(__eflags != 0) {
												goto L240;
											}
											 *((intOrPtr*)(_t692 + 0x78)) =  *((intOrPtr*)(_t692 + 0x78)) - _t753;
											_t629 =  *(_t692 + 0xb8);
											__eflags = _t629;
											if(_t629 == 0) {
												goto L77;
											}
											_t952 =  *_t966 & 0x0000ffff;
											while(1) {
												 *(_t978 - 0xb4) = _t629;
												_t839 =  *(_t629 + 4);
												__eflags = _t952 - _t839;
												if(_t952 < _t839) {
													break;
												}
												_t914 =  *_t629;
												__eflags = _t914;
												if(_t914 == 0) {
													 *(_t978 - 0x8c) = _t839 - 1;
													L62:
													_t841 =  *(_t978 - 0x8c) -  *((intOrPtr*)(_t629 + 0x14));
													 *(_t978 + 0x10) = _t841;
													__eflags =  *(_t629 + 8);
													if( *(_t629 + 8) != 0) {
														_t841 = _t841 + _t841;
														__eflags = _t841;
													}
													_t941 = _t841 << 2;
													_t905 = _t941 +  *((intOrPtr*)(_t629 + 0x20));
													 *(_t978 - 0x38) =  *_t905;
													 *((intOrPtr*)(_t629 + 0xc)) =  *((intOrPtr*)(_t629 + 0xc)) - 1;
													__eflags =  *(_t978 - 0x8c) -  *(_t629 + 4) - 1;
													if( *(_t978 - 0x8c) ==  *(_t629 + 4) - 1) {
														 *(_t629 + 0x10) =  *(_t629 + 0x10) - 1;
													}
													__eflags =  *(_t978 - 0x38) - _t966 + 8;
													if( *(_t978 - 0x38) != _t966 + 8) {
														goto L77;
													} else {
														 *(_t978 - 0x54) =  *(_t629 + 4);
														__eflags =  *_t629;
														if( *_t629 == 0) {
															_t153 = _t978 - 0x54;
															 *_t153 =  *(_t978 - 0x54) - 1;
															__eflags =  *_t153;
														}
														__eflags =  *(_t978 - 0x8c) -  *(_t978 - 0x54);
														if( *(_t978 - 0x8c) >=  *(_t978 - 0x54)) {
															goto L174;
														} else {
															_t910 =  *(_t966 + 8);
															__eflags = _t910 -  *((intOrPtr*)(_t629 + 0x18));
															if(_t910 ==  *((intOrPtr*)(_t629 + 0x18))) {
																goto L75;
															}
															_t758 =  *(_t978 - 0x20);
															__eflags =  *(_t758 + 0x4c);
															if( *(_t758 + 0x4c) == 0) {
																goto L239;
															}
															_t835 =  *(_t910 - 8);
															 *(_t978 - 0x64) = _t835;
															__eflags =  *(_t758 + 0x4c) & _t835;
															if(( *(_t758 + 0x4c) & _t835) != 0) {
																_t835 = _t835 ^  *(_t758 + 0x50);
																__eflags = _t835;
																 *(_t978 - 0x64) = _t835;
															}
															goto L73;
														}
													}
												}
												_t629 = _t914;
											}
											 *(_t978 - 0x8c) = _t952;
											goto L62;
										}
									}
									_t961 =  *(_t753 + 0x4c);
									__eflags = _t961;
									if(_t961 == 0) {
										_t695 =  *(_t626 - 8) & 0x0000ffff;
									} else {
										_t724 =  *(_t626 - 8);
										 *(_t978 - 0x4c) = _t724;
										_t961 =  *(_t753 + 0x4c);
										__eflags = _t724 & _t961;
										if((_t724 & _t961) != 0) {
											_t724 = _t724 ^  *(_t753 + 0x50);
											__eflags = _t724;
											 *(_t978 - 0x4c) = _t724;
										}
										_t695 = _t724 & 0x0000ffff;
									}
									_t888 =  *(_t978 - 0x2c) - (_t695 & 0x0000ffff);
									__eflags =  *(_t978 - 0x2c) - (_t695 & 0x0000ffff);
									if( *(_t978 - 0x2c) - (_t695 & 0x0000ffff) > 0) {
										_t697 =  *(_t978 + 0x10);
										goto L123;
									} else {
										_t888 =  *(_t978 + 0x10);
										_t699 =  *_t888 - 8;
										__eflags = _t961;
										if(_t961 == 0) {
											_t700 =  *_t699 & 0x0000ffff;
										} else {
											_t723 =  *_t699;
											 *(_t978 - 0x6c) = _t723;
											_t961 =  *(_t753 + 0x4c);
											__eflags = _t723 & _t961;
											if((_t723 & _t961) != 0) {
												_t723 = _t723 ^  *(_t753 + 0x50);
												__eflags = _t723;
												 *(_t978 - 0x6c) = _t723;
											}
											_t700 = _t723 & 0x0000ffff;
										}
										_t753 =  *(_t978 - 0x2c) - (_t700 & 0x0000ffff);
										__eflags =  *(_t978 - 0x2c) - (_t700 & 0x0000ffff);
										if( *(_t978 - 0x2c) - (_t700 & 0x0000ffff) <= 0) {
											_t697 =  *_t888;
											goto L123;
										} else {
											__eflags =  *_t940;
											if( *_t940 != 0) {
												L110:
												_t963 = _t783 >> 5;
												_t888 = ( *((intOrPtr*)(_t940 + 4)) -  *(_t940 + 0x14) >> 5) - 1;
												_t753 =  *((intOrPtr*)(_t940 + 0x1c)) + _t963 * 4;
												_t708 =  !((1 << _t783) - 1) &  *_t753;
												while(1) {
													 *(_t978 - 0xac) = _t753;
													 *(_t978 - 0x98) = _t963;
													__eflags = _t708;
													if(_t708 != 0) {
														break;
													}
													__eflags = _t963 - _t888;
													if(_t963 > _t888) {
														__eflags = _t708;
														if(_t708 != 0) {
															break;
														}
														 *(_t978 - 0x34) =  *(_t978 - 0x34) & 0x00000000;
														goto L111;
													}
													_t753 = _t753 + 4;
													_t708 =  *_t753;
													_t963 = _t963 + 1;
												}
												__eflags = _t708 & 0x0000ffff;
												if((_t708 & 0x0000ffff) != 0) {
													_t888 = _t708 & 0x000000ff;
													__eflags = _t888;
													if(_t888 != 0) {
														_t353 = _t888 + 0x725818; // 0x10008
														_t709 =  *_t353 & 0x000000ff;
													} else {
														_t290 = (_t708 >> 0x00000008 & 0x000000ff) + 0x725818; // 0x10008
														_t709 = ( *_t290 & 0x000000ff) + 8;
													}
												} else {
													_t857 = _t708 >> 0x00000010 & 0x000000ff;
													__eflags = _t857;
													if(_t857 != 0) {
														_t291 = _t857 + 0x725818; // 0x10008
														_t709 = ( *_t291 & 0x000000ff) + 0x10;
													} else {
														_t277 = (_t708 >> 0x18) + 0x725818; // 0x10008
														_t709 = ( *_t277 & 0x000000ff) + 0x18;
														__eflags = _t709;
													}
												}
												_t965 = (_t963 << 5) + _t709;
												 *(_t978 - 0x98) = _t965;
												__eflags =  *(_t940 + 8);
												_t710 = _t965 + _t965;
												if( *(_t940 + 8) == 0) {
													_t710 = _t965;
												}
												_t783 =  *(_t940 + 0x20);
												_t697 =  *( *(_t940 + 0x20) + _t710 * 4);
												L123:
												 *(_t978 - 0x34) = _t697;
												goto L111;
											}
											__eflags =  *(_t978 - 0x84) -  *((intOrPtr*)(_t940 + 4)) - 1;
											if( *(_t978 - 0x84) ==  *((intOrPtr*)(_t940 + 4)) - 1) {
												__eflags =  *(_t940 + 8);
												_t719 = _t783 + _t783;
												if( *(_t940 + 8) == 0) {
													_t719 = _t783;
												}
												_t783 =  *( *(_t940 + 0x20) + _t719 * 4);
												while(1) {
													 *(_t978 - 0x94) = _t783;
													__eflags = _t888 - _t783;
													if(_t888 == _t783) {
														goto L111;
													}
													__eflags = _t961;
													if(_t961 == 0) {
														_t720 =  *(_t783 - 8) & 0x0000ffff;
													} else {
														_t722 =  *(_t783 - 8);
														 *(_t978 - 0xa8) = _t722;
														_t921 =  *(_t978 - 0x20);
														_t961 =  *(_t921 + 0x4c);
														__eflags = _t722 & _t961;
														if((_t722 & _t961) != 0) {
															_t722 = _t722 ^  *(_t921 + 0x50);
															__eflags = _t722;
															 *(_t978 - 0xa8) = _t722;
														}
														_t720 = _t722 & 0x0000ffff;
													}
													_t888 =  *(_t978 - 0x2c) - (_t720 & 0x0000ffff);
													__eflags =  *(_t978 - 0x2c) - (_t720 & 0x0000ffff);
													if( *(_t978 - 0x2c) - (_t720 & 0x0000ffff) > 0) {
														_t783 =  *_t783;
														_t888 =  *(_t978 + 0x10);
														continue;
													} else {
														 *(_t978 - 0x34) = _t783;
														goto L111;
													}
												}
												goto L111;
											}
											goto L110;
										}
									}
								}
								_t940 = _t781;
							}
							 *(_t978 - 0x84) = _t780;
							goto L97;
						}
						_t725 =  *(_t957 + 4);
						__eflags = _t725 & 0x00000001;
						if((_t725 & 0x00000001) != 0) {
							goto L60;
						}
						_t726 = _t725 + 0x10002;
						 *(_t957 + 4) = _t726;
						__eflags =  *((intOrPtr*)(_t978 - 0x70)) - _t939;
						if( *((intOrPtr*)(_t978 - 0x70)) != _t939) {
							L209:
							_t922 =  *(_t978 + 8);
							__eflags =  *(_t978 + 8) - _t939;
							if( *(_t978 + 8) == _t939) {
								_t922 = 1;
								__eflags = 1;
							}
							__eflags =  *((char*)(_t753 + 0xda)) - 2;
							if( *((char*)(_t753 + 0xda)) != 2) {
								_t859 = 0;
							} else {
								_t859 =  *((intOrPtr*)(_t753 + 0xd4));
							}
							_t727 = E00734736(_t859, _t922);
							__eflags = _t727 - _t939;
							if(_t727 == _t939) {
								__eflags =  *((intOrPtr*)(_t978 - 0x70)) - _t939;
								if( *((intOrPtr*)(_t978 - 0x70)) != _t939) {
									L218:
									__eflags =  *((char*)(_t753 + 0xda)) - 2;
									if( *((char*)(_t753 + 0xda)) == 2) {
										_t728 =  *((intOrPtr*)(_t753 + 0xd4));
									} else {
										_t728 = 0;
										__eflags = 0;
									}
									__eflags = _t728 - _t939;
									if(_t728 == _t939) {
										 *(_t753 + 0x48) =  *(_t753 + 0x48) | 0x20000000;
									}
									goto L59;
								}
								__eflags =  *(_t957 + 4) - 0x20;
								if( *(_t957 + 4) <= 0x20) {
									goto L59;
								}
								goto L218;
							} else {
								 *(_t957 + 4) = _t727 + 1;
								L59:
								_t729 =  *_t957;
								__eflags = _t729 - _t939;
								if(_t729 != _t939) {
									_t292 = _t729 - 8; // -8
									_t966 = _t292;
									 *(_t978 + 0x14) = _t966;
									_t942 = 0;
									__eflags =  *(_t753 + 0x4c);
									if( *(_t753 + 0x4c) != 0) {
										 *_t966 =  *_t966 ^  *(_t753 + 0x50);
										__eflags =  *(_t966 + 3) - ( *(_t966 + 2) ^  *(_t966 + 1) ^  *_t966);
										if(__eflags != 0) {
											_push(0);
											_push(_t966);
											_push(_t753);
											E00794BBA(_t753, 0, _t966, __eflags);
										}
									}
									_t299 = _t966 + 8; // 0x0
									_t730 = _t299;
									_t923 =  *_t730;
									 *((intOrPtr*)(_t978 - 0x68)) = _t923;
									_t860 =  *((intOrPtr*)(_t966 + 0xc));
									 *((intOrPtr*)(_t978 - 0x48)) = _t860;
									_t861 =  *_t860;
									_t924 =  *((intOrPtr*)(_t923 + 4));
									__eflags = _t861 - _t924;
									if(__eflags != 0) {
										L256:
										_push(_t942);
										_push(_t861);
										_push(_t924);
										_push(_t730);
										_push(_t753);
										_push(0xc);
										E00794B0C(_t753, _t861, _t924, _t942, _t966, __eflags);
										goto L257;
									} else {
										__eflags = _t861 - _t730;
										if(__eflags != 0) {
											goto L256;
										}
										 *((intOrPtr*)(_t753 + 0x78)) =  *((intOrPtr*)(_t753 + 0x78)) - ( *_t966 & 0x0000ffff);
										_t572 =  *(_t753 + 0xb8);
										__eflags = _t572 - _t942;
										if(_t572 == _t942) {
											L165:
											_t733 =  *((intOrPtr*)(_t978 - 0x68));
											_t862 =  *((intOrPtr*)(_t978 - 0x48));
											 *_t862 = _t733;
											 *((intOrPtr*)(_t733 + 4)) = _t862;
											_t349 = _t966 + 2; // -6
											_t734 = _t349;
											 *(_t978 + 0x10) = _t734;
											if(( *_t734 & 0x00000008) == 0) {
												goto L78;
											}
											_t735 = E006FC30D(_t753, _t966);
											_t994 = _t735;
											if(_t735 != 0) {
												goto L78;
											}
											E006FE4D7(_t753, _t942, _t753, _t966,  *_t966 & 0x0000ffff, 1);
											L257:
											_t672 = 0xc0000017;
											goto L249;
										}
										_t942 =  *_t966 & 0x0000ffff;
										while(1) {
											 *(_t978 - 0xb8) = _t572;
											_t864 =  *((intOrPtr*)(_t572 + 4));
											__eflags = _t942 - _t864;
											if(_t942 < _t864) {
												break;
											}
											_t926 =  *_t572;
											__eflags = _t926;
											if(_t926 == 0) {
												 *(_t978 - 0x40) = _t864 - 1;
												L151:
												_t867 =  *(_t978 - 0x40) -  *((intOrPtr*)(_t572 + 0x14));
												 *(_t978 - 0x60) = _t867;
												__eflags =  *(_t572 + 8);
												if( *(_t572 + 8) != 0) {
													_t867 = _t867 + _t867;
													__eflags = _t867;
												}
												_t928 = _t867 << 2;
												 *(_t978 + 0x10) = _t928;
												_t884 = _t928 +  *((intOrPtr*)(_t572 + 0x20));
												 *((intOrPtr*)(_t978 - 0x74)) =  *_t884;
												 *((intOrPtr*)(_t572 + 0xc)) =  *((intOrPtr*)(_t572 + 0xc)) - 1;
												__eflags =  *(_t978 - 0x40) -  *((intOrPtr*)(_t572 + 4)) - 1;
												if( *(_t978 - 0x40) ==  *((intOrPtr*)(_t572 + 4)) - 1) {
													 *((intOrPtr*)(_t572 + 0x10)) =  *((intOrPtr*)(_t572 + 0x10)) - 1;
												}
												_t321 = _t966 + 8; // 0x0
												if( *((intOrPtr*)(_t978 - 0x74)) != _t321) {
													goto L165;
												} else {
													 *((intOrPtr*)(_t978 - 0x5c)) =  *((intOrPtr*)(_t572 + 4));
													if( *_t572 == 0) {
														 *((intOrPtr*)(_t978 - 0x5c)) =  *((intOrPtr*)(_t978 - 0x5c)) - 1;
													}
													if( *(_t978 - 0x40) >=  *((intOrPtr*)(_t978 - 0x5c))) {
														_t875 =  *(_t966 + 8);
														__eflags = _t875 -  *((intOrPtr*)(_t572 + 0x18));
														if(_t875 ==  *((intOrPtr*)(_t572 + 0x18))) {
															 *_t884 =  *_t884 & 0x00000000;
															goto L164;
														}
														 *_t884 = _t875;
														goto L165;
													} else {
														_t933 =  *(_t966 + 8);
														if(_t933 ==  *((intOrPtr*)(_t572 + 0x18))) {
															L163:
															 *( *(_t978 + 0x10) +  *((intOrPtr*)(_t572 + 0x20))) =  *( *(_t978 + 0x10) +  *((intOrPtr*)(_t572 + 0x20))) & 0x00000000;
															L164:
															_t876 =  *(_t978 - 0x60);
															_t942 = _t876 >> 5;
															 *( *((intOrPtr*)(_t572 + 0x1c)) + (_t876 >> 5) * 4) =  *( *((intOrPtr*)(_t572 + 0x1c)) + (_t876 >> 5) * 4) &  !(1 << (_t876 & 0x0000001f));
															goto L165;
														}
														if( *(_t753 + 0x4c) == 0) {
															_t879 =  *(_t933 - 8) & 0x0000ffff;
														} else {
															_t882 =  *(_t933 - 8);
															 *(_t978 - 0x78) = _t882;
															if(( *(_t753 + 0x4c) & _t882) != 0) {
																_t882 = _t882 ^  *(_t753 + 0x50);
																 *(_t978 - 0x78) = _t882;
															}
															_t879 = _t882 & 0x0000ffff;
															_t966 =  *(_t978 + 0x14);
														}
														_t942 = ( *_t966 & 0x0000ffff) == (_t879 & 0x0000ffff);
														if(( *_t966 & 0x0000ffff) == (_t879 & 0x0000ffff)) {
															 *( *(_t978 + 0x10) +  *((intOrPtr*)(_t572 + 0x20))) = _t933;
															goto L165;
														} else {
															goto L163;
														}
													}
												}
											}
											_t572 = _t926;
										}
										 *(_t978 - 0x40) = _t942;
										goto L151;
									}
								}
								goto L60;
							}
						}
						__eflags = _t726 - 0x20;
						if(_t726 > 0x20) {
							goto L209;
						}
						__eflags = _t726 - 0x10000000;
						if(_t726 > 0x10000000) {
							goto L209;
						}
						goto L59;
					} else {
						_t942 = _t753 + 0xcc;
						_t747 = E00722ED4(__eflags,  *(_t753 + 0xcc));
						__eflags = _t747;
						if(_t747 == 0) {
							__eflags = E00735DD8();
							if(__eflags != 0) {
								_t672 = 0xc0000194;
								L249:
								 *((intOrPtr*)( *[fs:0x18] + 0xbf4)) = _t672;
								_t972 =  *[fs:0x18];
								_push(_t672);
								 *((intOrPtr*)(_t972 + 0x34)) = E007238B5(_t754, _t942, _t972, _t994);
								L92:
								 *(_t978 - 4) = 0xfffffffe;
								E00725C4B(_t580, _t754);
								if( *0x7ffe0386 != 0) {
									_t586 =  *(_t978 - 0x30);
									__eflags = _t586;
									if(_t586 != 0) {
										__eflags =  *(_t978 - 0x28);
										if( *(_t978 - 0x28) != 0) {
											E00794522(_t754, _t586 + 0xffffffe0,  *(_t978 + 0xc));
										}
									}
								}
								_t574 =  *(_t978 - 0x30);
								L94:
								return E00722869(_t574);
							}
							 *((intOrPtr*)(_t978 - 0x70)) = 1;
							E00717310(__eflags,  *_t942);
							E0072ED2C(_t753, 1);
							L51:
							__eflags =  *(_t753 + 0x48) & 0x60000000;
							if(( *(_t753 + 0x48) & 0x60000000) != 0) {
								E00736A94(_t753, _t942, _t753);
							}
							 *((char*)(_t978 - 0x21)) = 1;
							_t939 = 0;
							__eflags = 0;
							goto L53;
						}
						_t121 = _t753 + 0xfc;
						 *_t121 =  *(_t753 + 0xfc) + 1;
						__eflags =  *_t121;
						goto L51;
					}
				}
			}

0x0072595c
0x0072595c
0x0072595c
0x00725961
0x00725966
0x0072596b
0x0072596e
0x00725970
0x00725975
0x00725976
0x00725979
0x0072597d
0x0072597f
0x00725982
0x00725985
0x00725988
0x00725991
0x006fe73b
0x006fe73b
0x006fe741
0x006fe747
0x006fe74e
0x0075a10a
0x00000000
0x0075a10a
0x006fe754
0x006fe75a
0x0075a111
0x0075a117
0x00000000
0x00000000
0x0075a122
0x00000000
0x0075a122
0x006fe760
0x006fe760
0x006fe763
0x006fe765
0x006fe765
0x006fe770
0x006fe776
0x006fe781
0x006fe784
0x006fe787
0x006fe78d
0x006fe797
0x006fe79a
0x006fe79d
0x006fe79d
0x006fe7a0
0x006fe7a3
0x006fe7a6
0x006fe7a9
0x00000000
0x006fe7a9
0x006fe78f
0x006fe795
0x00000000
0x00000000
0x00000000
0x00725997
0x00725997
0x0072599e
0x00000000
0x00000000
0x007259a4
0x007259a7
0x007259a9
0x007268af
0x007268b2
0x0074a333
0x0074a335
0x007268b8
0x007268b8
0x007268b8
0x007268bb
0x007268be
0x007268c1
0x007259af
0x007259af
0x007259af
0x007259b2
0x007259b6
0x007259b8
0x007259bb
0x007259be
0x007259c1
0x0075a0fb
0x0075a0fe
0x0075a0fe
0x007259c7
0x007259ca
0x007259d0
0x007259d0
0x007259d6
0x007259d8
0x007259d8
0x007259d8
0x007259d8
0x007259dc
0x007259df
0x007259e2
0x00725a12
0x00725a12
0x00725a15
0x00725a18
0x006f4a58
0x006f4a5c
0x0075a42a
0x0075a436
0x0075a43a
0x006f4a67
0x006f4a68
0x006f4a70
0x006f4a73
0x006f4a77
0x006f4a78
0x006f4a7a
0x006f4a7f
0x006f4a81
0x0075a516
0x00000000
0x006f4a87
0x006f4a87
0x006f4a8e
0x0075a44a
0x0075a44d
0x0075a454
0x0075a45f
0x0075a45f
0x0075a464
0x0075a46b
0x0075a47a
0x0075a481
0x0075a49d
0x0075a49d
0x0075a481
0x0075a46b
0x006f4a94
0x006f4a9b
0x0075a4bd
0x0075a4bd
0x006f4aaa
0x006f4ab7
0x006f4ac0
0x006f4ac9
0x006f4acf
0x006f4ad6
0x006f4adc
0x006f4ae3
0x0075a4cf
0x0075a4cf
0x006f4ae9
0x006f4aee
0x006f4af3
0x0075a4fa
0x0075a4fa
0x006f4af9
0x006f4afc
0x006f4aff
0x006f4b02
0x006f4b13
0x006f4b19
0x006f4b19
0x006f4b1b
0x006f4b1b
0x006f4b1e
0x006f4b24
0x006f4b27
0x006f4b29
0x006f4b2b
0x0075a505
0x0075a506
0x0075a507
0x0075a508
0x0075a509
0x0075a50a
0x0075a50c
0x006f4b31
0x006f4b31
0x006f4b33
0x006f4b36
0x006f4b38
0x006f4b38
0x006f4b3e
0x006f4b41
0x00000000
0x006f4b41
0x006f4a62
0x0074a383
0x0074a383
0x0075a521
0x0075a521
0x00000000
0x0075a521
0x006f4a5c
0x00725a1e
0x00725a20
0x00725a59
0x00725a5f
0x00725a62
0x00725c56
0x00725c56
0x00725c5c
0x00725c5f
0x00725c62
0x00725c64
0x00000000
0x00000000
0x0072689e
0x007268a0
0x007268a2
0x0072a1d1
0x00726804
0x00726804
0x00725c70
0x00725c70
0x00725c7c
0x00725c7f
0x00725c82
0x00725c85
0x00725c88
0x00725c8e
0x00725c90
0x0073cd90
0x00725d38
0x00725d38
0x00725d3b
0x00725d3d
0x00726f00
0x00726f02
0x00726f05
0x00000000
0x00726f05
0x00725d43
0x00725d46
0x0072f062
0x0072f065
0x0072f06e
0x0072f070
0x0072f073
0x0072f075
0x00000000
0x00000000
0x0072f07b
0x0072f07b
0x0072f07e
0x0072f080
0x0072f083
0x0072f086
0x0072f089
0x0072f08b
0x0072f08e
0x0072f090
0x0075a224
0x0075a224
0x0075a226
0x0075a227
0x0075a228
0x0075a229
0x0075a1d5
0x0075a1d5
0x0075a1d7
0x00000000
0x0075a1d7
0x0072f096
0x0072f098
0x00000000
0x00000000
0x0072f0a1
0x0072f0a4
0x0072f0aa
0x0072f0ac
0x00725b2a
0x00725b2a
0x00725b2d
0x00725b30
0x00725b32
0x00725b35
0x00725b35
0x00725b38
0x00725b3b
0x00725b3e
0x006fc3a8
0x006fc3ad
0x006fc3af
0x00000000
0x006fc3b5
0x0075a1cb
0x00000000
0x0075a1cb
0x006fc3af
0x00725b44
0x00725b44
0x00725b47
0x00725b49
0x00725b4f
0x00725b53
0x006fe7b1
0x006fe7b3
0x0075a22f
0x0075a236
0x0075a23c
0x0075a23e
0x0075a240
0x0075a243
0x0075a245
0x0075a245
0x0075a248
0x0075a248
0x0075a243
0x0075a254
0x0075a258
0x0075a25d
0x0075a260
0x0075a262
0x0075a26e
0x0075a271
0x0075a275
0x0075a297
0x0075a29c
0x0075a277
0x0075a28f
0x0075a294
0x0075a2a2
0x0075a2ac
0x0075a2b3
0x0075a2b8
0x0075a2bc
0x0075a2bc
0x0075a262
0x006fe7b3
0x00725b5c
0x00725b61
0x00725b64
0x00725b66
0x00725b6c
0x00725b72
0x00725b75
0x00725b78
0x00725b78
0x00725b7b
0x00725b7e
0x0075a2c6
0x0075a2c9
0x0075a2cc
0x0075a2cf
0x0075a2f4
0x0075a2f8
0x0075a31e
0x0075a2fa
0x0075a2fa
0x0075a2fc
0x0075a302
0x0075a305
0x0075a307
0x0075a307
0x0075a30a
0x0075a30a
0x0075a310
0x0075a313
0x0075a316
0x0075a316
0x0075a321
0x0075a2d1
0x0075a2e6
0x0075a2e9
0x0075a2ec
0x0075a2ec
0x0075a324
0x0075a32b
0x0075a32e
0x0075a330
0x0075a333
0x00725b84
0x00725b84
0x00725b86
0x00725b86
0x00725b89
0x00725b89
0x00725b8c
0x00725b8f
0x00725b92
0x00725b94
0x00725bd2
0x00725bd2
0x00725bd2
0x00725bd5
0x00725bd8
0x00725bdc
0x006fe7be
0x006fe7c2
0x006fe831
0x006fe7c4
0x006fe7c4
0x006fe7c8
0x0075a3a6
0x0075a3a6
0x006fe7c8
0x006fe7ce
0x006fe7d2
0x0075a3be
0x0075a3bf
0x0075a3c9
0x0075a3c9
0x006fe7db
0x006fe7de
0x006fe7e1
0x006fe7e4
0x006fea64
0x006fea69
0x006fea6a
0x006fea6b
0x006fea72
0x0075a3d8
0x0075a3d8
0x006fea78
0x006fea7d
0x006fea82
0x0075a3fd
0x0075a3fd
0x006fe7ea
0x006fe7ea
0x006fe7ef
0x006fe7f4
0x0075a423
0x0075a423
0x006fe7f4
0x006fe7fa
0x006fe7fc
0x006fe7ff
0x006fe815
0x006fe81a
0x006fe81a
0x006fe81a
0x006fe81c
0x006fe81f
0x006fe825
0x006fe828
0x0072680f
0x0072680f
0x00726812
0x00726817
0x00000000
0x006fe81f
0x00725be2
0x00725be6
0x00725bfc
0x00725bfe
0x00725c01
0x00725c01
0x00725c01
0x00725c03
0x00725c07
0x00725c0f
0x00725c14
0x00725c14
0x00725c18
0x00725c1c
0x0072681f
0x00726822
0x00000000
0x00000000
0x00000000
0x00000000
0x00725b96
0x00725b96
0x00725b99
0x00732f50
0x00732f50
0x00732f53
0x00732f5c
0x00732f5f
0x00732f65
0x00732f68
0x0075a33b
0x0075a33e
0x0075a357
0x0075a35b
0x0075a37b
0x0075a37e
0x0075a381
0x0075a385
0x0075a388
0x00000000
0x0075a388
0x0075a35d
0x0075a35f
0x0075a365
0x0075a368
0x0075a36a
0x0075a36a
0x0075a36d
0x0075a36d
0x0075a373
0x0075a376
0x0075a376
0x00000000
0x0075a376
0x0075a351
0x00000000
0x0075a351
0x00732f6e
0x00000000
0x00732f6e
0x00725b9f
0x00725ba2
0x00725ba4
0x00740516
0x00725baa
0x00725baa
0x00725baa
0x00725bae
0x00725bca
0x00725bcc
0x0075a38f
0x00000000
0x00000000
0x00000000
0x00000000
0x00725bcc
0x00725b94
0x0072f0b2
0x0072f0b5
0x0072f0b5
0x0072f0bb
0x0072f0be
0x0072f0c0
0x00000000
0x00000000
0x0072f0c6
0x0072f0c8
0x0072f0ca
0x00732f76
0x0072effb
0x0072effe
0x0072f001
0x0072f004
0x0072f008
0x0072f00a
0x0072f00a
0x0072f00a
0x0072f00e
0x0072f014
0x0072f019
0x0072f01c
0x0072f023
0x0072f026
0x0072f028
0x0072f028
0x0072f028
0x0072f028
0x0072f02e
0x0072f031
0x00000000
0x0072f037
0x0072f03a
0x0072f03d
0x0072f040
0x0072f042
0x0072f042
0x0072f042
0x0072f042
0x0072f048
0x0072f04b
0x007271a9
0x007271a9
0x007271ac
0x007271af
0x0073cc9d
0x00000000
0x0073cc9d
0x007271b5
0x00000000
0x0072f051
0x0072f051
0x0072f054
0x0072f057
0x00725b09
0x00725b09
0x00725b0c
0x00725b0c
0x00725b0c
0x00725b10
0x00725b10
0x00725b15
0x00725b23
0x00725b28
0x00725b28
0x00000000
0x00725b28
0x0075a1fd
0x0075a200
0x0075a204
0x0074a35e
0x0074a35e
0x00000000
0x0075a20a
0x0075a20a
0x0075a20d
0x0075a210
0x0075a213
0x0075a219
0x0075a21c
0x0075a21c
0x00725af5
0x00725af5
0x00725af8
0x00725afb
0x00725b01
0x00725b01
0x00725b03
0x0073e995
0x00000000
0x0073e995
0x00000000
0x00725b03
0x00000000
0x0075a204
0x0072f04b
0x0072f031
0x0072f0d0
0x0072f0d0
0x007348b4
0x00000000
0x007348b4
0x00725d4c
0x00725d4f
0x00725d52
0x00725d55
0x00725d59
0x00725d5e
0x00725d66
0x00725d68
0x00725d6b
0x0075a1b0
0x0075a1b2
0x0075a1b3
0x0075a1b4
0x0075a1b9
0x0075a1b9
0x00725d6b
0x00725d71
0x00725d74
0x00725d77
0x0074a374
0x0074a378
0x0075a1eb
0x0075a1ee
0x0075a1f0
0x0075a1f6
0x0075a1f6
0x00000000
0x00725d7d
0x00725d7d
0x00725d80
0x00725d82
0x00725d85
0x00725d88
0x00725d8b
0x00725d8d
0x00725d90
0x00725d92
0x0074a367
0x0074a367
0x0074a369
0x0074a36a
0x0074a36b
0x0074a36c
0x00000000
0x0074a36c
0x00725d98
0x00725d9a
0x00000000
0x00000000
0x00725da0
0x00725da3
0x00725da9
0x00725dab
0x00000000
0x00000000
0x00725db1
0x00725db4
0x00725db4
0x00725dba
0x00725dbd
0x00725dbf
0x00000000
0x00000000
0x00725dc5
0x00725dc7
0x00725dc9
0x0072719e
0x00725a73
0x00725a79
0x00725a7c
0x00725a7f
0x00725a83
0x00725a85
0x00725a85
0x00725a85
0x00725a89
0x00725a8f
0x00725a94
0x00725a97
0x00725a9e
0x00725aa4
0x00727195
0x00727195
0x00725aad
0x00725ab0
0x00000000
0x00725ab2
0x00725ab5
0x00725ab8
0x00725abb
0x00725abd
0x00725abd
0x00725abd
0x00725abd
0x00725ac3
0x00725ac9
0x00000000
0x00725acf
0x00725acf
0x00725ad2
0x00725ad5
0x00000000
0x00000000
0x00725ad7
0x00725ada
0x00725ade
0x00000000
0x00000000
0x00725ae4
0x00725ae7
0x00725aea
0x00725aed
0x00725aef
0x00725aef
0x00725af2
0x00725af2
0x00000000
0x00725aed
0x00725ac9
0x00725ab0
0x00725dcf
0x00725dcf
0x00725a6d
0x00000000
0x00725a6d
0x00725d77
0x00725c96
0x00725c99
0x00725c9b
0x0074a344
0x00725ca1
0x00725ca1
0x00725ca4
0x00725ca7
0x00725caa
0x00725cac
0x00725cae
0x00725cae
0x00725cb1
0x00725cb1
0x00725cb4
0x00725cb4
0x00725cbd
0x00725cbf
0x00725cc1
0x0072eff3
0x00000000
0x00725cc7
0x00725cc7
0x00725ccc
0x00725ccf
0x00725cd1
0x0074a34d
0x00725cd7
0x00725cd7
0x00725cd9
0x00725cdc
0x00725cdf
0x00725ce1
0x00725ce3
0x00725ce3
0x00725ce6
0x00725ce6
0x00725ce9
0x00725ce9
0x00725cf2
0x00725cf4
0x00725cf6
0x0072893a
0x00000000
0x00725cfc
0x00725cfc
0x00725cff
0x00725d11
0x00725d13
0x00725d1f
0x00725d23
0x00725d31
0x0072679b
0x0072679b
0x007267a1
0x007267a7
0x007267a9
0x00000000
0x00000000
0x007267ab
0x007267ad
0x00726eef
0x00726ef1
0x00000000
0x00000000
0x00726ef7
0x00000000
0x00726ef7
0x007267b3
0x007267b6
0x007267b8
0x007267b8
0x007267be
0x007267c0
0x007268d0
0x007268d0
0x007268d2
0x00726bf5
0x00726bf5
0x007268d8
0x007268dd
0x007268e4
0x007268e4
0x007267c6
0x007267cb
0x007267cb
0x007267d1
0x0072693f
0x00726946
0x007267d7
0x007267da
0x007267e1
0x007267e1
0x007267e1
0x007267d1
0x007267e7
0x007267e9
0x007267ef
0x007267f3
0x007267f6
0x0075a1a9
0x0075a1a9
0x007267fc
0x007267ff
0x00726793
0x00726793
0x00000000
0x00726793
0x00725d05
0x00725d0b
0x0072a484
0x0072a488
0x0072a48b
0x0075a1a2
0x0075a1a2
0x0072a494
0x0072a497
0x0072a497
0x0072a49d
0x0072a49f
0x00000000
0x00000000
0x0072a4a5
0x0072a4a7
0x0074a355
0x0072a4ad
0x0072a4ad
0x0072a4b0
0x0072a4b6
0x0072a4b9
0x0072a4bc
0x0072a4be
0x0072a4c0
0x0072a4c0
0x0072a4c3
0x0072a4c3
0x0072a4c9
0x0072a4c9
0x0072a4d2
0x0072a4d4
0x0072a4d6
0x00744817
0x00744819
0x00000000
0x0072a4dc
0x0072a4dc
0x00000000
0x0072a4dc
0x0072a4d6
0x00000000
0x0072a497
0x00000000
0x00725d0b
0x00725cf6
0x00725cc1
0x007268a8
0x007268a8
0x00725c6a
0x00000000
0x00725c6a
0x00725a22
0x00725a25
0x00725a27
0x00000000
0x00000000
0x00725a29
0x00725a2e
0x00725a31
0x00725a34
0x00734773
0x00734773
0x00734776
0x00734778
0x0073477c
0x0073477c
0x0073477c
0x0073477d
0x00734784
0x0073674d
0x0073478a
0x0073478a
0x0073478a
0x00734790
0x00734795
0x00734797
0x00736716
0x00736719
0x00736726
0x00736726
0x0073672d
0x00749982
0x00736733
0x00736733
0x00736733
0x00736733
0x00736735
0x00736737
0x0073673d
0x0073673d
0x00000000
0x00736737
0x0073671b
0x00736720
0x00000000
0x00000000
0x00000000
0x0073479d
0x0073479e
0x00725a4f
0x00725a4f
0x00725a51
0x00725a53
0x00726aa3
0x00726aa3
0x00726aa6
0x00726aa9
0x00726aab
0x00726aae
0x00726ab3
0x00726abd
0x00726ac0
0x0075a153
0x0075a154
0x0075a155
0x0075a156
0x0075a156
0x00726ac0
0x00726ac6
0x00726ac6
0x00726ac9
0x00726acb
0x00726ace
0x00726ad1
0x00726ad4
0x00726ad6
0x00726ad9
0x00726adb
0x0075a18f
0x0075a18f
0x0075a190
0x0075a191
0x0075a192
0x0075a193
0x0075a194
0x0075a196
0x00000000
0x00726ae1
0x00726ae1
0x00726ae3
0x00000000
0x00000000
0x00726aec
0x00726aef
0x00726af5
0x00726af7
0x00726bc5
0x00726bc5
0x00726bc8
0x00726bcb
0x00726bcd
0x00726bd0
0x00726bd0
0x00726bd3
0x00726bd9
0x00000000
0x00000000
0x00726be3
0x00726be8
0x00726bea
0x00000000
0x00000000
0x0075a171
0x0075a19b
0x0075a19b
0x00000000
0x0075a19b
0x00726afd
0x00726b00
0x00726b00
0x00726b06
0x00726b09
0x00726b0b
0x00000000
0x00000000
0x00740026
0x00740028
0x0074002a
0x0075a161
0x00726b14
0x00726b17
0x00726b1a
0x00726b1d
0x00726b21
0x00726b23
0x00726b23
0x00726b23
0x00726b27
0x00726b2a
0x00726b30
0x00726b34
0x00726b37
0x00726b3e
0x00726b41
0x006ef6f8
0x006ef6f8
0x00726b47
0x00726b4d
0x00000000
0x00726b4f
0x00726b52
0x00726b58
0x0073c27b
0x0073c27b
0x00726b64
0x0075a178
0x0075a17b
0x0075a17e
0x0075a187
0x00000000
0x0075a187
0x0075a180
0x00000000
0x00726b6a
0x00726b6a
0x00726b70
0x00726ba1
0x00726ba7
0x00726bab
0x00726bab
0x00726bb0
0x00726bc3
0x00000000
0x00726bc3
0x00726b76
0x0074a33b
0x00726b7c
0x00726b7c
0x00726b7f
0x00726b85
0x00726b87
0x00726b8a
0x00726b8a
0x00726b8d
0x00726b90
0x00726b90
0x00726b99
0x00726b9b
0x0074514b
0x00000000
0x00000000
0x00000000
0x00000000
0x00726b9b
0x00726b64
0x00726b4d
0x00740030
0x00740030
0x00726b11
0x00000000
0x00726b11
0x00726adb
0x00000000
0x00725a53
0x00734797
0x00725a3a
0x00725a3e
0x00000000
0x00000000
0x00725a44
0x00725a49
0x00000000
0x00000000
0x00000000
0x007259e4
0x007259e4
0x007259ec
0x007259f1
0x007259f3
0x006ffb5e
0x006ffb60
0x0075a12c
0x0075a131
0x0075a138
0x0075a13e
0x0075a145
0x0075a14b
0x00725c22
0x00725c22
0x00725c29
0x00725c35
0x0075a529
0x0075a52c
0x0075a52e
0x0075a534
0x0075a538
0x0075a546
0x0075a546
0x0075a538
0x0075a52e
0x00725c3b
0x00725c3e
0x00725c43
0x00725c43
0x006ffb66
0x006ffb6f
0x006ffb79
0x007259ff
0x007259ff
0x00725a06
0x00736a85
0x00736a85
0x00725a0c
0x00725a10
0x00725a10
0x00000000
0x00725a10
0x007259f9
0x007259f9
0x007259f9
0x00000000
0x007259f9
0x007259e2

Strings

HEAP[%wZ]: , xrefs: 0075A28A
HEAP: Free Heap block %lx modified at %lx after it was freed, xrefs: 0075A2AE
HEAP: , xrefs: 0075A297

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %lx modified at %lx after it was freed$HEAP[%wZ]:
API String ID: 0-2419525547
Opcode ID: a450ba7ed88da1e7c1df93675af8407bc913665a35bac48425e4cf4d515f0a02
Instruction ID: 7180468a0da921d8f1ab571b87e05acc1b28e5be7d87044da29729336ee0432e
Opcode Fuzzy Hash: a450ba7ed88da1e7c1df93675af8407bc913665a35bac48425e4cf4d515f0a02
Instruction Fuzzy Hash: D392A170904669DFDB28CF64D480BB9BBF2FF45300F24856AE8869B256D778AC81CF51

Uniqueness

Uniqueness Score: 100.00%

Function 00725DD8, Relevance: 4.6, Strings: 3, Instructions: 850
UNIQUECrypto

C-Code - Quality: 81%

			E00725DD8(signed int _a4, signed int _a8, signed int _a12, signed int _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v30;
				signed char _v32;
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* __ebp;
				intOrPtr _t388;
				signed short* _t389;
				signed short* _t391;
				signed int _t394;
				signed int _t395;
				signed char _t397;
				signed int _t399;
				signed int* _t400;
				signed int _t403;
				signed int _t421;
				signed int _t422;
				signed char _t423;
				signed int _t425;
				signed int _t427;
				signed int _t439;
				signed int _t452;
				signed char _t453;
				signed short* _t456;
				intOrPtr* _t460;
				signed short _t461;
				intOrPtr _t462;
				signed short _t463;
				intOrPtr* _t465;
				signed int _t468;
				signed int _t475;
				signed int _t477;
				intOrPtr _t484;
				signed int _t485;
				signed short _t489;
				signed short _t492;
				intOrPtr* _t493;
				signed int _t495;
				signed int _t499;
				signed int _t501;
				signed int _t507;
				signed int _t508;
				void* _t516;
				signed short _t517;
				void* _t518;
				signed short _t519;
				signed int _t521;
				signed int _t523;
				signed int* _t524;
				signed int _t536;
				signed int _t538;
				signed int* _t539;
				signed short _t553;
				signed short _t556;
				signed int _t557;
				signed int _t561;
				signed int _t563;
				void* _t566;

				_t456 = _a8;
				_t557 = _a4;
				_t559 = _t456 - ((_t456[2] & 0x0000ffff ^  *(_t557 + 0x54) & 0x0000ffff) << 3);
				if(_t456 - ((_t456[2] & 0x0000ffff ^  *(_t557 + 0x54) & 0x0000ffff) << 3) == _t456) {
					L11:
					__eflags =  *(_t557 + 0x4c);
					_t559 = _t456 +  *_a12 * 8;
					_a8 = _t559;
					if(__eflags == 0) {
						L13:
						while((( *(_t557 + 0x4c) >> 0x00000014 &  *(_t557 + 0x52) ^ _t559[1]) & 0x00000001) == 0) {
							if( *(_t557 + 0x4c) != 0) {
								 *_t559 =  *_t559 ^  *(_t557 + 0x50);
								if(_t559[1] != (_t559[0] ^  *_t559 ^ _t559[1])) {
									_push(0);
									_push(_t559);
									_push(_t557);
									E00794BBA(_t456, _t557, _t559, __eflags);
								}
							}
							if(_a16 != 0) {
								_t517 = _t456[6];
								_t389 =  &(_t456[4]);
								_t461 =  *_t389;
								_v20 = _t461;
								_t462 =  *((intOrPtr*)(_t461 + 4));
								_v16 = _t517;
								_t518 =  *_t517;
								__eflags = _t518 - _t462;
								if(__eflags != 0) {
									L179:
									_push(0);
									_push(_t518);
									_push(_t462);
									_push(_t389);
									_push(_t557);
									_push(0xc);
									E00794B0C(_t456, _t462, _t518, _t557, _t559, __eflags);
									L189:
									_a16 = 0;
									goto L17;
								}
								__eflags = _t518 - _t389;
								if(__eflags != 0) {
									goto L179;
								}
								 *(_t557 + 0x78) =  *(_t557 + 0x78) - ( *_t456 & 0x0000ffff);
								_t421 =  *(_t557 + 0xb8);
								__eflags = _t421;
								if(_t421 == 0) {
									L172:
									_t422 = _v20;
									_t493 = _v16;
									 *_t493 = _t422;
									 *((intOrPtr*)(_t422 + 4)) = _t493;
									__eflags = _t456[1] & 0x00000008;
									if((_t456[1] & 0x00000008) == 0) {
										L180:
										_t423 = _t456[1];
										__eflags = _t423 & 0x00000004;
										if(__eflags != 0) {
											_t495 = ( *_t456 & 0x0000ffff) * 8 - 0x10;
											_a16 = _t495;
											__eflags = _t423 & 0x00000002;
											if((_t423 & 0x00000002) != 0) {
												__eflags = _t495 - 4;
												if(_t495 > 4) {
													_t343 =  &_a16;
													 *_t343 = _a16 - 4;
													__eflags =  *_t343;
												}
											}
											_t425 = E00705770( &(_t456[8]), _a16, 0xfeeefeee);
											_a4 = _t425;
											__eflags = _t425 - _a16;
											if(__eflags != 0) {
												_t427 =  *( *[fs:0x18] + 0x30);
												__eflags =  *(_t427 + 0xc);
												if( *(_t427 + 0xc) == 0) {
													_push("HEAP: ");
													E006EF63B();
												} else {
													E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc)) + 0x2c);
												}
												_push( &(_t456[8]) + _a4);
												E006EF63B("HEAP: Free Heap block %lx modified at %lx after it was freed\n", _t456);
												_t566 = _t566 + 0xc;
												E007959C1(_t456);
											}
										}
										goto L189;
									}
									_t439 = E006FC30D(_t557, _t456);
									__eflags = _t439;
									if(_t439 != 0) {
										goto L180;
									}
									E006FE4D7(_t456, _t557, _t557, _t456,  *_t456 & 0x0000ffff, 1);
									goto L189;
								}
								_t499 =  *_t456 & 0x0000ffff;
								while(1) {
									__eflags = _t499 -  *(_t421 + 4);
									if(_t499 <  *(_t421 + 4)) {
										break;
									}
									_t536 =  *_t421;
									__eflags = _t536;
									if(_t536 == 0) {
										_t563 =  *(_t421 + 4) - 1;
										__eflags = _t563;
										_a16 = _t563;
										L155:
										_t501 = _t563 -  *((intOrPtr*)(_t421 + 0x14));
										__eflags =  *(_t421 + 8);
										_v12 = _t501;
										if( *(_t421 + 8) != 0) {
											_t501 = _t501 + _t501;
											__eflags = _t501;
										}
										_t538 = _t501 << 2;
										_a4 = _t538;
										_t539 = _t538 +  *((intOrPtr*)(_t421 + 0x20));
										 *((intOrPtr*)(_t421 + 0xc)) =  *((intOrPtr*)(_t421 + 0xc)) - 1;
										_v24 =  *_t539;
										__eflags = _t563 -  *(_t421 + 4) - 1;
										if(_t563 ==  *(_t421 + 4) - 1) {
											_t296 = _t421 + 0x10;
											 *_t296 =  *(_t421 + 0x10) - 1;
											__eflags =  *_t296;
										}
										__eflags = _v24 -  &(_t456[4]);
										if(_v24 !=  &(_t456[4])) {
											L171:
											_t559 = _a8;
											goto L172;
										} else {
											__eflags =  *_t421;
											_t507 =  *(_t421 + 4);
											if( *_t421 == 0) {
												_t507 = _t507 - 1;
												__eflags = _t507;
											}
											__eflags = _a16 - _t507;
											_t508 = _t456[4];
											if(_a16 >= _t507) {
												_t559 = _a8;
												__eflags = _t508 -  *((intOrPtr*)(_t421 + 0x18));
												if(_t508 ==  *((intOrPtr*)(_t421 + 0x18))) {
													 *_t539 =  *_t539 & 0x00000000;
													 *( *((intOrPtr*)(_t421 + 0x1c)) + (_v12 >> 5) * 4) =  *( *((intOrPtr*)(_t421 + 0x1c)) + (_v12 >> 5) * 4) &  !(1 << (_v12 & 0x0000001f));
												} else {
													 *_t539 = _t508;
												}
												goto L172;
											} else {
												__eflags = _t508 -  *((intOrPtr*)(_t421 + 0x18));
												if(_t508 ==  *((intOrPtr*)(_t421 + 0x18))) {
													L175:
													 *(_a4 +  *((intOrPtr*)(_t421 + 0x20))) =  *(_a4 +  *((intOrPtr*)(_t421 + 0x20))) & 0x00000000;
													 *( *((intOrPtr*)(_t421 + 0x1c)) + (_v12 >> 5) * 4) =  *( *((intOrPtr*)(_t421 + 0x1c)) + (_v12 >> 5) * 4) &  !(1 << (_v12 & 0x0000001f));
													goto L171;
												}
												__eflags =  *(_t557 + 0x4c);
												if( *(_t557 + 0x4c) == 0) {
													_t553 =  *(_t508 - 8) & 0x0000ffff;
												} else {
													_t556 =  *(_t508 - 8);
													__eflags =  *(_t557 + 0x4c) & _t556;
													if(( *(_t557 + 0x4c) & _t556) != 0) {
														_t556 = _t556 ^  *(_t557 + 0x50);
														__eflags = _t556;
													}
													_t553 = _t556 & 0x0000ffff;
												}
												__eflags = ( *_t456 & 0x0000ffff) != (_t553 & 0x0000ffff);
												if(( *_t456 & 0x0000ffff) != (_t553 & 0x0000ffff)) {
													goto L175;
												} else {
													 *(_a4 +  *((intOrPtr*)(_t421 + 0x20))) = _t508;
													goto L171;
												}
											}
										}
									}
									_t421 = _t536;
								}
								_t563 = _t499;
								_a16 = _t499;
								goto L155;
							}
							L17:
							_t519 = _t559[6];
							_t391 =  &(_t559[4]);
							_t463 =  *_t391;
							_v20 = _t463;
							_t464 =  *(_t463 + 4);
							_v16 = _t519;
							_t516 =  *_t519;
							if(_t516 != _t464 || _t516 != _t391) {
								_push(0);
								_push(_t516);
								_push(_t464);
								_push(_t391);
								_push(_t557);
								_push(0xc);
								L191:
								E00794B0C(_t456, _t464, _t516, _t557, _t559, __eflags);
								continue;
							} else {
								 *(_t557 + 0x78) =  *(_t557 + 0x78) - ( *_t559 & 0x0000ffff);
								_t394 =  *(_t557 + 0xb8);
								if(_t394 == 0) {
									L38:
									_t395 = _v20;
									_t465 = _v16;
									 *_t465 = _t395;
									 *((intOrPtr*)(_t395 + 4)) = _t465;
									if((_t559[1] & 0x00000008) != 0) {
										goto L1;
									}
									L39:
									_t397 = _t559[1];
									if((_t397 & 0x00000004) != 0) {
										_t468 = ( *_t559 & 0x0000ffff) * 8 - 0x10;
										_a16 = _t468;
										__eflags = _t397 & 0x00000002;
										if((_t397 & 0x00000002) != 0) {
											__eflags = _t468 - 4;
											if(_t468 > 4) {
												_t363 =  &_a16;
												 *_t363 = _a16 - 4;
												__eflags =  *_t363;
											}
										}
										_t399 = E00705770( &(_t559[8]), _a16, 0xfeeefeee);
										_a8 = _t399;
										__eflags = _t399 - _a16;
										if(_t399 != _a16) {
											_t403 =  *( *[fs:0x18] + 0x30);
											__eflags =  *(_t403 + 0xc);
											if( *(_t403 + 0xc) == 0) {
												_push("HEAP: ");
												E006EF63B();
											} else {
												E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc)) + 0x2c);
											}
											_push( &(_t559[8]) + _a8);
											E006EF63B("HEAP: Free Heap block %lx modified at %lx after it was freed\n", _t559);
											E007959C1(_t559);
										}
									}
									_t400 = _a12;
									_t456[1] = 0;
									_t456[3] = 0;
									 *_t400 =  *_t400 + ( *_t559 & 0x0000ffff);
									 *_t456 =  *_t400;
									 *(_t456 + 4 +  *_t400 * 8) =  *_t400 ^  *(_t557 + 0x54);
									break;
								} else {
									_t475 =  *_t559 & 0x0000ffff;
									L21:
									L21:
									if(_t475 >=  *((intOrPtr*)(_t394 + 4))) {
										goto L45;
									} else {
										_t561 = _t475;
										_a4 = _t475;
									}
									L23:
									_t477 = _t561 -  *((intOrPtr*)(_t394 + 0x14));
									_v8 = _t477;
									if( *((intOrPtr*)(_t394 + 8)) != 0) {
										_t477 = _t477 + _t477;
									}
									_t523 = _t477 << 2;
									_v12 = _t523;
									_t524 = _t523 +  *((intOrPtr*)(_t394 + 0x20));
									 *((intOrPtr*)(_t394 + 0xc)) =  *((intOrPtr*)(_t394 + 0xc)) - 1;
									_v24 =  *_t524;
									if(_t561 ==  *((intOrPtr*)(_t394 + 4)) - 1) {
										 *((intOrPtr*)(_t394 + 0x10)) =  *((intOrPtr*)(_t394 + 0x10)) - 1;
									}
									if(_v24 != _a8 + 8) {
										_t559 = _a8;
										goto L38;
									} else {
										_t484 =  *((intOrPtr*)(_t394 + 4));
										if( *_t394 == 0) {
											_t484 = _t484 - 1;
										}
										_t559 = _a8;
										_t485 = _t559[4];
										if(_a4 >= _t484) {
											__eflags = _t485 -  *((intOrPtr*)(_t394 + 0x18));
											if(_t485 !=  *((intOrPtr*)(_t394 + 0x18))) {
												 *_t524 = _t485;
												goto L38;
											}
											 *_t524 =  *_t524 & 0x00000000;
											L37:
											 *( *((intOrPtr*)(_t394 + 0x1c)) + (_v8 >> 5) * 4) =  *( *((intOrPtr*)(_t394 + 0x1c)) + (_v8 >> 5) * 4) &  !(1 << (_v8 & 0x0000001f));
											goto L38;
										}
										_a4 = _t485;
										if(_t485 ==  *((intOrPtr*)(_t394 + 0x18))) {
											L36:
											 *(_v12 +  *((intOrPtr*)(_t394 + 0x20))) =  *(_v12 +  *((intOrPtr*)(_t394 + 0x20))) & 0x00000000;
											goto L37;
										}
										if( *(_t557 + 0x4c) != 0) {
											_t492 =  *(_t485 - 8);
											if(( *(_t557 + 0x4c) & _t492) != 0) {
												_t492 = _t492 ^  *(_t557 + 0x50);
											}
											_t489 = _t492 & 0x0000ffff;
										} else {
											_t489 =  *(_t485 - 8) & 0x0000ffff;
										}
										if(( *_t559 & 0x0000ffff) == (_t489 & 0x0000ffff)) {
											 *(_v12 +  *((intOrPtr*)(_t394 + 0x20))) = _a4;
											goto L38;
										}
										goto L36;
									}
									L45:
									_t521 =  *_t394;
									__eflags = _t521;
									if(_t521 == 0) {
										_t561 =  *((intOrPtr*)(_t394 + 4)) - 1;
										_a4 = _t561;
										goto L23;
									}
									_t394 = _t521;
									goto L21;
								}
							}
						}
						if(( *(_t557 + 0x44) & 0x01000000) == 0) {
							_t388 =  *((intOrPtr*)(_t557 + 0xe0)) - ( *(_t557 + 0x78) << 3);
							_t460 = _t557 + 0x128;
							if(_t388 >  *_t460) {
								 *_t460 = _t388;
							}
							 *((intOrPtr*)(_t557 + 0x12c)) = _t388;
						}
						return _t456;
					}
					_t452 =  *_t559;
					_v32 = _t452;
					_t453 = _t452 ^  *(_t557 + 0x50);
					_v32 = _t453;
					_t464 = _t453 ^ _t453 ^ _v30;
					__eflags = _t453 >> 0x18 - (_t453 ^ _t453 ^ _v30);
					if(__eflags != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(_t559);
						_push(_t557);
						_push(3);
						goto L191;
					}
					goto L13;
				} else {
					__eax =  *(__edi + 0x4c);
					__ecx = __eax;
					__ecx = __eax >> 0x14;
					__cl = __cl &  *(__edi + 0x52);
					__cl = __cl ^  *(__esi + 2);
					__eflags = __cl & 0x00000001;
					if((__cl & 0x00000001) == 0) {
						__eflags = __eax;
						if(__eax != 0) {
							__eax =  *(__edi + 0x50);
							 *__esi =  *__esi ^  *(__edi + 0x50);
							 *(__esi + 1) =  *(__esi + 1) ^  *__esi;
							__al =  *(__esi + 1) ^  *__esi ^  *(__esi + 2);
							__eflags =  *((intOrPtr*)(__esi + 3)) - __al;
							if(__eflags != 0) {
								_push(0);
								_push(__esi);
								_push(__edi);
								__eax = E00794BBA(__ebx, __edi, __esi, __eflags);
							}
						}
						__eflags = _a16;
						if(_a16 != 0) {
							__edx =  *(__ebx + 0xc);
							__eax = __ebx + 8;
							__ecx =  *__eax;
							_v16 = __ecx;
							__ecx =  *(__ecx + 4);
							_v20 = __edx;
							__edx =  *__edx;
							__eflags = __edx - __ecx;
							if(__eflags != 0) {
								L123:
								_push(0);
								_push(__edx);
								_push(__ecx);
								_push(__eax);
								_push(__edi);
								_push(0xc);
								__eax = E00794B0C(__ebx, __ecx, __edx, __edi, __esi, __eflags);
								L133:
								_a16 = 0;
								goto L50;
							}
							__eflags = __edx - __eax;
							if(__eflags != 0) {
								goto L123;
							}
							__eax =  *__ebx & 0x0000ffff;
							 *((intOrPtr*)(__edi + 0x78)) =  *((intOrPtr*)(__edi + 0x78)) - ( *__ebx & 0x0000ffff);
							__eax =  *(__edi + 0xb8);
							__eflags = __eax;
							if(__eax == 0) {
								L120:
								__eax = _v16;
								__ecx = _v20;
								 *__ecx = __eax;
								 *(__eax + 4) = __ecx;
								__eflags =  *(__ebx + 2) & 0x00000008;
								if(( *(__ebx + 2) & 0x00000008) == 0) {
									L124:
									__al =  *(__ebx + 2);
									__eflags = __al & 0x00000004;
									if((__al & 0x00000004) != 0) {
										__ecx =  *__ebx & 0x0000ffff;
										__ecx = ( *__ebx & 0x0000ffff) * 8 - 0x10;
										_a16 = __ecx;
										__eflags = __al & 0x00000002;
										if((__al & 0x00000002) != 0) {
											__eflags = __ecx - 4;
											if(__ecx > 4) {
												_t246 =  &_a16;
												 *_t246 = _a16 - 4;
												__eflags =  *_t246;
											}
										}
										__eax = __ebx + 0x10;
										__eax = E00705770(__ebx + 0x10, _a16, 0xfeeefeee);
										_a4 = __eax;
										__eflags = __eax - _a16;
										if(__eax != _a16) {
											__eax =  *[fs:0x18];
											__eax =  *( *[fs:0x18] + 0x30);
											__eflags =  *(__eax + 0xc);
											if( *(__eax + 0xc) == 0) {
												_push("HEAP: ");
												__eax = E006EF63B();
											} else {
												 *[fs:0x18] =  *( *[fs:0x18] + 0x30);
												 *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) =  *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc));
												 *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc)) + 0x2c = E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc)) + 0x2c);
												_pop(__ecx);
											}
											__eax = _a4;
											_pop(__ecx);
											__eax = _a4 + __ebx + 0x10;
											_push(_a4 + __ebx + 0x10);
											E006EF63B("HEAP: Free Heap block %lx modified at %lx after it was freed\n", __ebx) = E007959C1(__ebx);
										}
									}
									goto L133;
								}
								__edx = __ebx;
								__ecx = __edi;
								__eax = E006FC30D(__edi, __ebx);
								__eflags = __al;
								if(__al != 0) {
									goto L124;
								}
								 *__ebx & 0x0000ffff = E006FE4D7(__ebx, __edi, __edi, __ebx,  *__ebx & 0x0000ffff, 1);
								goto L133;
							}
							__ecx =  *__ebx & 0x0000ffff;
							while(1) {
								__eflags = __ecx -  *(__eax + 4);
								if(__ecx <  *(__eax + 4)) {
									break;
								}
								__edx =  *__eax;
								__eflags = __edx;
								if(__edx == 0) {
									__ebx =  *(__eax + 4);
									__ebx =  *(__eax + 4) - 1;
									__eflags = __ebx;
									_a16 = __ebx;
									L98:
									__ecx = __ebx;
									__ecx = __ebx -  *((intOrPtr*)(__eax + 0x14));
									__eflags =  *(__eax + 8);
									_v8 = __ecx;
									if( *(__eax + 8) != 0) {
										__ecx = __ecx + __ecx;
										__eflags = __ecx;
									}
									__edx =  *(__eax + 0x20);
									__ecx = __ecx << 2;
									__edx =  *(__eax + 0x20) + __ecx;
									_a4 = __ecx;
									__ecx =  *__edx;
									 *(__eax + 0xc) =  *(__eax + 0xc) - 1;
									_v12 =  *__edx;
									 *(__eax + 4) =  *(__eax + 4) - 1;
									__eflags = __ebx -  *(__eax + 4) - 1;
									if(__ebx ==  *(__eax + 4) - 1) {
										_t201 = __eax + 0x10;
										 *_t201 =  *(__eax + 0x10) - 1;
										__eflags =  *_t201;
									}
									_a8 = _a8 + 8;
									__eflags = _v12 - _a8 + 8;
									if(_v12 != _a8 + 8) {
										__ebx = _a8;
										goto L120;
									} else {
										__eflags =  *__eax;
										__ecx =  *(__eax + 4);
										if( *__eax == 0) {
											__ecx = __ecx - 1;
											__eflags = __ecx;
										}
										__ebx = _a8;
										__eflags = _a16 - __ecx;
										__ecx =  *(__ebx + 8);
										if(__eflags >= 0) {
											__eflags = __ecx -  *((intOrPtr*)(__eax + 0x18));
											if(__ecx ==  *((intOrPtr*)(__eax + 0x18))) {
												 *__edx =  *__edx & 0x00000000;
												goto L115;
											}
											 *__edx = __ecx;
											goto L120;
										} else {
											_a16 = __ecx;
											__eflags = __ecx -  *((intOrPtr*)(__eax + 0x18));
											if(__ecx ==  *((intOrPtr*)(__eax + 0x18))) {
												L114:
												__ecx =  *(__eax + 0x20);
												__edx = _a4;
												_t224 = __edx + __ecx;
												 *_t224 =  *(__edx + __ecx) & 0x00000000;
												__eflags =  *_t224;
												L115:
												__ecx = _v8;
												__eax =  *(__eax + 0x1c);
												__ecx = __ecx >> 5;
												__eax = __eax + (__ecx >> 5) * 4;
												0 = 1;
												__ecx = __ecx & 0x0000001f;
												1 << __cl =  !(1 << __cl);
												 *__eax =  *__eax &  !(1 << __cl);
												goto L120;
											}
											__eflags =  *(__edi + 0x4c);
											if( *(__edi + 0x4c) == 0) {
												__ecx =  *(__ecx - 8) & 0x0000ffff;
											} else {
												__ecx =  *(__ecx - 8);
												__eflags =  *(__edi + 0x4c) & __ecx;
												if(( *(__edi + 0x4c) & __ecx) != 0) {
													__eflags = __ecx;
												}
												__ecx = __cx & 0x0000ffff;
											}
											__edx =  *__ebx & 0x0000ffff;
											__ecx = __cx & 0x0000ffff;
											__edx = ( *__ebx & 0x0000ffff) != (__cx & 0x0000ffff);
											__eflags = ( *__ebx & 0x0000ffff) != (__cx & 0x0000ffff);
											if(( *__ebx & 0x0000ffff) != (__cx & 0x0000ffff)) {
												goto L114;
											} else {
												__eax =  *(__eax + 0x20);
												__ecx = _a4;
												__edx = _a16;
												 *((intOrPtr*)(_a4 + __eax)) = _a16;
												goto L120;
											}
										}
									}
								}
								__eax = __edx;
							}
							__ebx = __ecx;
							_a16 = __ecx;
							goto L98;
						} else {
							L50:
							__edx =  *(__esi + 0xc);
							__eax = __esi + 8;
							__ecx =  *__eax;
							_v16 = __ecx;
							__ecx =  *(__ecx + 4);
							_v24 = __edx;
							__edx =  *__edx;
							__eflags = __edx - __ecx;
							if(__eflags != 0) {
								L135:
								_push(0);
								_push(__edx);
								_push(__ecx);
								_push(__eax);
								_push(__edi);
								_push(0xc);
								__eax = E00794B0C(__ebx, __ecx, __edx, __edi, __esi, __eflags);
								goto L11;
							}
							__eflags = __edx - __eax;
							if(__eflags != 0) {
								goto L135;
							}
							__eax =  *__esi & 0x0000ffff;
							 *((intOrPtr*)(__edi + 0x78)) =  *((intOrPtr*)(__edi + 0x78)) - ( *__esi & 0x0000ffff);
							__eax =  *(__edi + 0xb8);
							__eflags = __eax;
							if(__eax == 0) {
								L71:
								__eax = _v16;
								__ecx = _v24;
								 *__ecx = __eax;
								 *(__eax + 4) = __ecx;
								__eflags =  *(__esi + 2) & 0x00000008;
								if(( *(__esi + 2) & 0x00000008) != 0) {
									__edx = __esi;
									__ecx = __edi;
									__eax = E006FC30D(__edi, __edx);
									__eflags = __al;
									if(__al != 0) {
										goto L72;
									} else {
										 *__esi & 0x0000ffff = E006FE4D7(__ebx, __edi, __edi, __esi,  *__esi & 0x0000ffff, 1);
										goto L11;
									}
								}
								L72:
								__al =  *(__esi + 2);
								__eflags = __al & 0x00000004;
								if((__al & 0x00000004) != 0) {
									__ebx =  *__esi & 0x0000ffff;
									__ebx = ( *__esi & 0x0000ffff) * 8 - 0x10;
									__eflags = __al & 0x00000002;
									if((__al & 0x00000002) != 0) {
										__eflags = __ebx - 4;
										if(__ebx > 4) {
											__ebx = __ebx - 4;
											__eflags = __ebx;
										}
									}
									__eax = __esi + 0x10;
									__eax = E00705770(__esi + 0x10, __ebx, 0xfeeefeee);
									_a8 = __eax;
									__eflags = __eax - __ebx;
									if(__eax != __ebx) {
										__eax =  *[fs:0x18];
										__eax =  *( *[fs:0x18] + 0x30);
										__eflags =  *(__eax + 0xc);
										if( *(__eax + 0xc) == 0) {
											_push("HEAP: ");
											__eax = E006EF63B();
										} else {
											 *[fs:0x18] =  *( *[fs:0x18] + 0x30);
											 *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) =  *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc));
											 *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc)) + 0x2c = E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc)) + 0x2c);
											_pop(__ecx);
										}
										__eax = _a8;
										_pop(__ecx);
										__eax = _a8 + __esi + 0x10;
										_push(_a8 + __esi + 0x10);
										E006EF63B("HEAP: Free Heap block %lx modified at %lx after it was freed\n", __esi) = E007959C1(__esi);
									}
								}
								__ecx =  *__esi & 0x0000ffff;
								__eax = _a12;
								 *(__esi + 2) = 0;
								 *((char*)(__esi + 7)) = 0;
								 *__eax =  *__eax + __ecx;
								__cx =  *__eax;
								 *__esi =  *__eax;
								__cx =  *__eax;
								__cx =  *__eax ^  *(__edi + 0x54);
								__eax =  *__eax;
								__ebx = __esi;
								 *(__esi + 4 + __eax * 8) = __cx;
								goto L11;
							}
							__ecx =  *__esi & 0x0000ffff;
							while(1) {
								__eflags = __ecx -  *(__eax + 4);
								if(__ecx <  *(__eax + 4)) {
									break;
								}
								__edx =  *__eax;
								__eflags = __edx;
								if(__edx == 0) {
									__ebx =  *(__eax + 4);
									__ebx =  *(__eax + 4) - 1;
									_a4 = __ebx;
									L56:
									__ecx = __ebx;
									__ecx = __ebx -  *((intOrPtr*)(__eax + 0x14));
									__eflags =  *(__eax + 8);
									_v12 = __ecx;
									if( *(__eax + 8) != 0) {
										__ecx = __ecx + __ecx;
										__eflags = __ecx;
									}
									__edx =  *(__eax + 0x20);
									__ecx = __ecx << 2;
									__edx =  *(__eax + 0x20) + __ecx;
									_v8 = __ecx;
									__ecx =  *__edx;
									 *(__eax + 0xc) =  *(__eax + 0xc) - 1;
									_v20 =  *__edx;
									 *(__eax + 4) =  *(__eax + 4) - 1;
									__eflags = __ebx -  *(__eax + 4) - 1;
									if(__ebx ==  *(__eax + 4) - 1) {
										 *(__eax + 0x10) =  *(__eax + 0x10) - 1;
									}
									__ecx = __esi + 8;
									__eflags = _v20 - __esi + 8;
									if(_v20 != __esi + 8) {
										L70:
										__ebx = _a8;
										goto L71;
									} else {
										__eflags =  *__eax;
										__ecx =  *(__eax + 4);
										if( *__eax == 0) {
											__ecx = __ecx - 1;
											__eflags = __ecx;
										}
										__eflags = _a4 - __ecx;
										__ecx =  *(__esi + 8);
										if(__eflags >= 0) {
											__ebx = _a8;
											__eflags = __ecx -  *((intOrPtr*)(__eax + 0x18));
											if(__ecx !=  *((intOrPtr*)(__eax + 0x18))) {
												 *__edx = __ecx;
											} else {
												 *__edx =  *__edx & 0x00000000;
												__ecx = _v12;
												__eax =  *(__eax + 0x1c);
												__ecx = __ecx >> 5;
												__eax = __eax + (__ecx >> 5) * 4;
												0 = 1;
												__ecx = __ecx & 0x0000001f;
												__edx = 1 << __cl;
												__edx =  !(1 << __cl);
												 *__eax =  *__eax & 1;
											}
											goto L71;
										} else {
											__eflags = __ecx -  *((intOrPtr*)(__eax + 0x18));
											if(__ecx ==  *((intOrPtr*)(__eax + 0x18))) {
												L69:
												__ecx =  *(__eax + 0x20);
												__edx = _v8;
												 *(_v8 +  *(__eax + 0x20)) =  *(_v8 +  *(__eax + 0x20)) & 0x00000000;
												__ecx = _v12;
												__eax =  *(__eax + 0x1c);
												__ecx = __ecx >> 5;
												__eax = __eax + (__ecx >> 5) * 4;
												0 = 1;
												__ecx = __ecx & 0x0000001f;
												__edx = 1 << __cl;
												__edx =  !(1 << __cl);
												 *__eax =  *__eax & 1;
												__eflags =  *__eax;
												goto L70;
											}
											__eflags =  *(__edi + 0x4c);
											if( *(__edi + 0x4c) != 0) {
												__edx =  *(__ecx - 8);
												__eflags =  *(__edi + 0x4c) & __edx;
												if(( *(__edi + 0x4c) & __edx) != 0) {
													__eflags = __edx;
												}
												__edx = __dx & 0x0000ffff;
											} else {
												__edx =  *(__ecx - 8) & 0x0000ffff;
											}
											__ebx =  *__esi & 0x0000ffff;
											__edx = __dx & 0x0000ffff;
											__ebx = ( *__esi & 0x0000ffff) == (__dx & 0x0000ffff);
											__eflags = ( *__esi & 0x0000ffff) == (__dx & 0x0000ffff);
											if(( *__esi & 0x0000ffff) == (__dx & 0x0000ffff)) {
												__eax =  *(__eax + 0x20);
												__edx = _v8;
												 *(__edx + __eax) = __ecx;
												goto L70;
											}
											goto L69;
										}
									}
								}
								__eax = __edx;
							}
							__ebx = __ecx;
							_a4 = __ecx;
							goto L56;
						}
					}
					goto L11;
				}
				L1:
				if(E006FC30D(_t557, _t559) != 0) {
					goto L39;
				} else {
					E006FE4D7(_t456, _t557, _t557, _t559,  *_t559 & 0x0000ffff, 1);
					goto L13;
				}
			}

0x00725de1
0x00725dea
0x00725df8
0x00725dfc
0x00725e15
0x00725e15
0x00725e1e
0x00725e21
0x00725e24
0x00000000
0x00725e43
0x00725e5b
0x00725e60
0x00725e6d
0x00759872
0x00759874
0x00759875
0x00759876
0x00759876
0x00725e6d
0x00725e77
0x00759880
0x00759883
0x00759886
0x00759888
0x0075988b
0x0075988e
0x00759891
0x00759893
0x00759895
0x007599e1
0x007599e1
0x007599e3
0x007599e4
0x007599e5
0x007599e6
0x007599e7
0x007599e9
0x00759a87
0x00759a87
0x00000000
0x00759a87
0x0075989b
0x0075989d
0x00000000
0x00000000
0x007598a6
0x007598a9
0x007598af
0x007598b1
0x00759959
0x00759959
0x0075995c
0x0075995f
0x00759961
0x00759964
0x00759968
0x007599f3
0x007599f3
0x007599f6
0x007599f8
0x00759a01
0x00759a08
0x00759a0b
0x00759a0d
0x00759a0f
0x00759a12
0x00759a14
0x00759a14
0x00759a14
0x00759a14
0x00759a12
0x00759a24
0x00759a29
0x00759a2c
0x00759a2f
0x00759a37
0x00759a3a
0x00759a3e
0x00759a60
0x00759a65
0x00759a40
0x00759a58
0x00759a5d
0x00759a72
0x00759a79
0x00759a7e
0x00759a82
0x00759a82
0x00759a2f
0x00000000
0x007599f8
0x00759972
0x00759977
0x00759979
0x00000000
0x00000000
0x00759983
0x00000000
0x00759983
0x007598b7
0x007598c4
0x007598c4
0x007598c7
0x00000000
0x00000000
0x007598bc
0x007598be
0x007598c0
0x007598d3
0x007598d3
0x007598d4
0x007598d7
0x007598d9
0x007598dc
0x007598e0
0x007598e3
0x007598e5
0x007598e5
0x007598e5
0x007598ec
0x007598ef
0x007598f2
0x007598f6
0x007598f9
0x00759900
0x00759902
0x00759904
0x00759904
0x00759904
0x00759904
0x0075990a
0x0075990d
0x00759956
0x00759956
0x00000000
0x0075990f
0x0075990f
0x00759912
0x00759915
0x00759917
0x00759917
0x00759917
0x00759918
0x0075991b
0x0075991e
0x007599b3
0x007599b6
0x007599b9
0x007599bf
0x007599da
0x007599bb
0x007599bb
0x007599bb
0x00000000
0x00759924
0x00759924
0x00759927
0x0075998d
0x00759993
0x007599af
0x00000000
0x007599af
0x00759929
0x0075992d
0x0075993f
0x0075992f
0x0075992f
0x00759932
0x00759935
0x00759937
0x00759937
0x00759937
0x0075993a
0x0075993a
0x00759949
0x0075994b
0x00000000
0x0075994d
0x00759953
0x00000000
0x00759953
0x0075994b
0x0075991e
0x0075990d
0x007598c2
0x007598c2
0x007598c9
0x007598cb
0x00000000
0x007598cb
0x00725e7d
0x00725e7d
0x00725e80
0x00725e83
0x00725e85
0x00725e88
0x00725e8b
0x00725e8e
0x00725e92
0x006fb5ef
0x006fb5f1
0x006fb5f2
0x006fb5f3
0x006fb5f4
0x006fb5f5
0x00759aa2
0x00759aa2
0x00000000
0x00725ea0
0x00725ea3
0x00725ea6
0x00725eae
0x00725f6f
0x00725f6f
0x00725f72
0x00725f75
0x00725f77
0x00725f7e
0x00000000
0x00000000
0x00725f84
0x00725f84
0x00725f89
0x00759aaf
0x00759ab6
0x00759ab9
0x00759abb
0x00759abd
0x00759ac0
0x00759ac2
0x00759ac2
0x00759ac2
0x00759ac2
0x00759ac0
0x00759ad2
0x00759ad7
0x00759ada
0x00759add
0x00759ae9
0x00759aec
0x00759af0
0x00759b12
0x00759b17
0x00759af2
0x00759b0a
0x00759b0f
0x00759b24
0x00759b2b
0x00759b34
0x00759b34
0x00759add
0x00725f8f
0x00725f92
0x00725f96
0x00725f9d
0x00725fa2
0x00725fae
0x00000000
0x00725eb4
0x00725eb4
0x00000000
0x00725eb7
0x00725eba
0x00000000
0x00725ec0
0x00725ec0
0x00725ec2
0x00725ec2
0x00725ec5
0x00725ec7
0x00725ece
0x00725ed1
0x00725ed3
0x00725ed3
0x00725eda
0x00725edd
0x00725ee0
0x00725ee4
0x00725ee7
0x00725ef0
0x00728cdd
0x00728cdd
0x00725eff
0x00745153
0x00000000
0x00725f05
0x00725f08
0x00725f0b
0x00725f0d
0x00725f0d
0x00725f0e
0x00725f14
0x00725f17
0x00728d9f
0x00728da2
0x00742147
0x00000000
0x00742147
0x00728da8
0x00725f55
0x00725f6d
0x00000000
0x00725f6d
0x00725f1d
0x00725f23
0x00725f4b
0x00725f51
0x00000000
0x00725f51
0x00725f29
0x00725f2f
0x00725f35
0x00725f37
0x00725f37
0x00725f3a
0x006fb5e6
0x006fb5e6
0x006fb5e6
0x00725f45
0x0072e9fa
0x00000000
0x0072e9fa
0x00000000
0x00725f45
0x007266ee
0x007266ee
0x007266f0
0x007266f2
0x00728d96
0x00728d97
0x00000000
0x00728d97
0x007266f8
0x00000000
0x007266f8
0x00725eae
0x00725e92
0x00725fba
0x00725fc8
0x00725fca
0x00725fd2
0x0072ed20
0x0072ed20
0x00725fd8
0x00725fd8
0x00725fe4
0x00725fe4
0x00725e26
0x00725e28
0x00725e2b
0x00725e32
0x00725e35
0x00725e3b
0x00725e3d
0x00759866
0x00759867
0x00759868
0x00759869
0x0075986a
0x0075986b
0x00000000
0x0075986b
0x00000000
0x00725dfe
0x00725dfe
0x00725e01
0x00725e03
0x00725e06
0x00725e09
0x00725e0c
0x00725e0f
0x0072694e
0x00726950
0x00726952
0x00726955
0x0072695a
0x0072695c
0x0072695f
0x00726962
0x007595af
0x007595b1
0x007595b2
0x007595b3
0x007595b3
0x00726962
0x00726968
0x0072696c
0x007595bd
0x007595c0
0x007595c3
0x007595c5
0x007595c8
0x007595cb
0x007595ce
0x007595d0
0x007595d2
0x00759706
0x00759706
0x00759708
0x00759709
0x0075970a
0x0075970b
0x0075970c
0x0075970e
0x007597ac
0x007597ac
0x00000000
0x007597ac
0x007595d8
0x007595da
0x00000000
0x00000000
0x007595e0
0x007595e3
0x007595e6
0x007595ec
0x007595ee
0x007596d6
0x007596d6
0x007596d9
0x007596dc
0x007596de
0x007596e1
0x007596e5
0x00759718
0x00759718
0x0075971b
0x0075971d
0x00759723
0x00759726
0x0075972d
0x00759730
0x00759732
0x00759734
0x00759737
0x00759739
0x00759739
0x00759739
0x00759739
0x00759737
0x00759745
0x00759749
0x0075974e
0x00759751
0x00759754
0x00759756
0x0075975c
0x0075975f
0x00759763
0x00759785
0x0075978a
0x00759765
0x0075976b
0x00759771
0x0075977d
0x00759782
0x00759782
0x0075978f
0x00759792
0x00759793
0x00759797
0x007597a7
0x007597a7
0x00759754
0x00000000
0x0075971d
0x007596e7
0x007596e9
0x007596eb
0x007596f0
0x007596f2
0x00000000
0x00000000
0x007596fc
0x00000000
0x007596fc
0x007595f4
0x00759601
0x00759601
0x00759604
0x00000000
0x00000000
0x007595f9
0x007595fb
0x007595fd
0x0075960d
0x00759610
0x00759610
0x00759611
0x00759614
0x00759614
0x00759616
0x00759619
0x0075961d
0x00759620
0x00759622
0x00759622
0x00759622
0x00759624
0x00759627
0x0075962a
0x0075962c
0x0075962f
0x00759631
0x00759634
0x0075963a
0x0075963b
0x0075963d
0x0075963f
0x0075963f
0x0075963f
0x0075963f
0x00759645
0x00759648
0x0075964b
0x007596d3
0x00000000
0x00759651
0x00759651
0x00759654
0x00759657
0x00759659
0x00759659
0x00759659
0x0075965a
0x0075965d
0x00759660
0x00759663
0x007596c5
0x007596c8
0x007596ce
0x00000000
0x007596ce
0x007596ca
0x00000000
0x00759665
0x00759665
0x00759668
0x0075966b
0x0075969f
0x0075969f
0x007596a2
0x007596a5
0x007596a5
0x007596a5
0x007596a9
0x007596a9
0x007596ac
0x007596b1
0x007596b4
0x007596b9
0x007596ba
0x007596bf
0x007596c1
0x00000000
0x007596c1
0x0075966d
0x00759671
0x00759683
0x00759673
0x00759673
0x00759676
0x00759679
0x0075967b
0x0075967b
0x0075967e
0x0075967e
0x00759687
0x0075968a
0x0075968d
0x0075968d
0x0075968f
0x00000000
0x00759691
0x00759691
0x00759694
0x00759697
0x0075969a
0x00000000
0x0075969a
0x0075968f
0x00759663
0x0075964b
0x007595ff
0x007595ff
0x00759606
0x00759608
0x00000000
0x00726972
0x00726972
0x00726972
0x00726975
0x00726978
0x0072697a
0x0072697d
0x00726980
0x00726983
0x00726985
0x00726987
0x007597c7
0x007597c7
0x007597c9
0x007597ca
0x007597cb
0x007597cc
0x007597cd
0x007597cf
0x00000000
0x007597cf
0x0072698d
0x0072698f
0x00000000
0x00000000
0x00726995
0x00726998
0x0072699b
0x007269a1
0x007269a3
0x00726a58
0x00726a58
0x00726a5b
0x00726a5e
0x00726a60
0x00726a63
0x00726a67
0x006f3882
0x006f3884
0x006f3886
0x006f388b
0x006f388d
0x00000000
0x006f3893
0x007597bd
0x00000000
0x007597bd
0x006f388d
0x00726a6d
0x00726a6d
0x00726a70
0x00726a72
0x007597d9
0x007597dc
0x007597e3
0x007597e5
0x007597e7
0x007597ea
0x007597ec
0x007597ec
0x007597ec
0x007597ea
0x007597f5
0x007597f9
0x007597fe
0x00759801
0x00759803
0x00759809
0x0075980f
0x00759812
0x00759816
0x00759838
0x0075983d
0x00759818
0x0075981e
0x00759824
0x00759830
0x00759835
0x00759835
0x00759842
0x00759845
0x00759846
0x0075984a
0x0075985a
0x0075985a
0x00759803
0x00726a78
0x00726a7b
0x00726a7e
0x00726a82
0x00726a86
0x00726a88
0x00726a8b
0x00726a8e
0x00726a91
0x00726a95
0x00726a97
0x00726a99
0x00000000
0x00726a99
0x007269a9
0x007269ac
0x007269ac
0x007269af
0x00000000
0x00000000
0x0072ec47
0x0072ec49
0x0072ec4b
0x007362c1
0x007362c4
0x007362c5
0x007269ba
0x007269ba
0x007269bc
0x007269bf
0x007269c3
0x007269c6
0x007269c8
0x007269c8
0x007269c8
0x007269ca
0x007269cd
0x007269d0
0x007269d2
0x007269d5
0x007269d7
0x007269da
0x007269e0
0x007269e1
0x007269e3
0x007362b9
0x007362b9
0x007269e9
0x007269ec
0x007269ef
0x00726a55
0x00726a55
0x00000000
0x007269f1
0x007269f1
0x007269f4
0x007269f7
0x007269f9
0x007269f9
0x007269f9
0x007269fa
0x007269fd
0x00726a00
0x007362cd
0x007362d0
0x007362d3
0x006fb5d6
0x007362d9
0x007362d9
0x007362dc
0x007362df
0x007362e4
0x007362e7
0x007362ec
0x007362ed
0x007362f0
0x007362f2
0x007362f4
0x007362f4
0x00000000
0x00726a06
0x00726a06
0x00726a09
0x00726a31
0x00726a31
0x00726a34
0x00726a37
0x00726a3b
0x00726a3e
0x00726a43
0x00726a46
0x00726a4b
0x00726a4c
0x00726a4f
0x00726a51
0x00726a53
0x00726a53
0x00000000
0x00726a53
0x00726a0b
0x00726a0f
0x00726a15
0x00726a18
0x00726a1b
0x00726a1d
0x00726a1d
0x00726a20
0x006fb5dd
0x006fb5dd
0x006fb5dd
0x00726a23
0x00726a26
0x00726a29
0x00726a29
0x00726a2b
0x00703bf0
0x00703bf3
0x00703bf6
0x00000000
0x00703bf6
0x00000000
0x00726a2b
0x00726a00
0x007269ef
0x0072ec51
0x0072ec51
0x007269b5
0x007269b7
0x00000000
0x007269b7
0x0072696c
0x00000000
0x00725e0f
0x006f37f1
0x006f37fc
0x00000000
0x006f3802
0x00759a98
0x00000000
0x00759a98

Strings

HEAP[%wZ]: , xrefs: 00759778, 0075982B, 00759A53, 00759B05
HEAP: Free Heap block %lx modified at %lx after it was freed, xrefs: 00759799, 0075984C, 00759A74, 00759B26
HEAP: , xrefs: 00759785, 00759838, 00759A60, 00759B12

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %lx modified at %lx after it was freed$HEAP[%wZ]:
API String ID: 0-2419525547
Opcode ID: 07b6f00edc172d3e55dd3c2e86ee590155b471d19435d384f46faddfd7b9f684
Instruction ID: e114f85320832c9390689e6aa0707f2c82d26572b74d0e38a3d4e078a99a2063
Opcode Fuzzy Hash: 07b6f00edc172d3e55dd3c2e86ee590155b471d19435d384f46faddfd7b9f684
Instruction Fuzzy Hash: B472BE70A00215DFDB28CF14C494ABAB7B2FF89315F15C09EE9468B291D778EC45DBA0

Uniqueness

Uniqueness Score: 100.00%

Function 00727FAB, Relevance: 4.5, Strings: 3, Instructions: 731
COMMONCrypto

C-Code - Quality: 99%

			E00727FAB(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t325;
				signed int _t326;
				signed int _t329;
				unsigned int _t331;
				signed int _t333;
				signed int _t342;
				char* _t345;
				signed int _t348;
				signed short* _t349;
				signed int _t351;
				signed int _t357;
				signed int _t359;
				signed int _t361;
				void* _t364;
				signed int _t366;
				signed int _t369;
				signed int _t371;
				signed int _t372;
				signed int _t373;
				signed int _t376;
				signed short* _t377;
				signed short _t379;
				signed short _t383;
				signed int _t385;
				short _t386;
				signed int _t395;
				signed int _t396;
				short _t397;
				signed int _t404;
				signed int _t407;
				char* _t411;
				signed int _t412;
				signed short _t414;
				signed int _t415;
				signed int _t416;
				signed short _t417;
				signed short _t418;
				signed short _t425;
				signed int _t436;
				signed short _t437;
				signed int _t439;
				signed int _t447;
				signed int _t452;
				signed int _t453;
				signed int _t454;
				signed int _t460;
				signed int _t461;
				signed int _t463;
				signed int _t466;
				signed int _t471;
				signed int _t472;
				short _t474;
				signed short _t475;
				signed short _t476;
				signed int _t477;
				char _t478;
				unsigned int _t479;
				signed int _t480;
				signed int _t483;
				void* _t486;
				signed int _t489;
				signed int _t492;
				signed int _t494;
				char* _t497;
				signed int _t499;
				signed int _t501;
				signed short _t505;
				signed int _t507;
				signed int _t508;
				char* _t510;
				signed int _t511;
				signed int _t512;
				void* _t517;
				signed int _t521;
				char _t523;
				char _t525;
				char _t526;
				void* _t528;

				_push(0x78);
				_push(0x720438);
				E00726F10(__ebx, __edi, __esi);
				_t429 =  *(_t528 + 8);
				 *(_t528 - 0x64) =  *(_t528 + 0x10);
				_t325 =  *(_t528 + 0x14);
				 *(_t528 - 0x80) = _t325;
				_t436 =  *(_t528 + 0x18);
				 *(_t528 - 0x44) = _t436;
				_t501 =  *(_t528 + 0x1c);
				_t510 = 0;
				if(_t325 != 0) {
					 *_t325 = 0;
				}
				__eflags = _t436 - _t510;
				if(_t436 != _t510) {
					 *_t436 = 0;
				}
				__eflags =  *((intOrPtr*)(_t528 + 0xc)) - 0xffff;
				if( *((intOrPtr*)(_t528 + 0xc)) > 0xffff) {
					 *((intOrPtr*)(_t528 + 0xc)) = 0xfffe;
				}
				 *_t501 = _t510;
				 *(_t501 + 4) = _t510;
				_t437 =  *_t429;
				 *(_t528 - 0x74) = _t437;
				_t326 =  *(_t429 + 4);
				 *(_t528 - 0x70) = _t326;
				 *(_t528 - 0x50) = _t326;
				_t479 = _t437 & 0x0000ffff;
				_t439 = _t479 >> 1;
				 *(_t528 - 0x78) = _t439;
				 *(_t528 - 0x60) = _t479;
				__eflags = _t479;
				if(_t479 == 0) {
					L19:
					goto L71;
				} else {
					__eflags =  *_t326 - _t510;
					if( *_t326 == _t510) {
						goto L19;
					}
					 *(_t528 - 0x2c) = _t479;
					_t480 = _t479 >> 1;
					__eflags = _t480;
					_t481 =  *(_t326 + _t480 * 2 - 2) & 0x0000ffff;
					 *(_t528 - 0x68) =  *(_t326 + _t480 * 2 - 2) & 0x0000ffff;
					do {
						__eflags =  *(_t528 - 0x68) - 0x20;
						if( *(_t528 - 0x68) != 0x20) {
							break;
						}
						_t250 = _t528 - 0x2c;
						 *_t250 =  *(_t528 - 0x2c) - 2;
						__eflags =  *_t250;
						if( *_t250 != 0) {
							_t499 =  *(_t528 - 0x2c) >> 1;
							__eflags = _t499;
							_t481 =  *(_t326 + _t499 * 2 - 2) & 0x0000ffff;
							 *(_t528 - 0x68) =  *(_t326 + _t499 * 2 - 2) & 0x0000ffff;
						}
						__eflags =  *(_t528 - 0x2c) - _t510;
					} while ( *(_t528 - 0x2c) != _t510);
					__eflags =  *(_t528 - 0x2c) - _t510;
					if( *(_t528 - 0x2c) == _t510) {
						goto L19;
					}
					_t329 =  *(_t326 + _t439 * 2 - 2) & 0x0000ffff;
					__eflags = _t329 - 0x5c;
					if(_t329 == 0x5c) {
						L113:
						 *(_t528 - 0x49) = 0;
						L39:
						_t331 = E00727E0A(_t501, _t528 - 0x74);
						 *(_t528 - 0x2c) = _t331;
						__eflags = _t331;
						if(_t331 != 0) {
							_t429 = _t331 >> 0x10;
							_t510 = 0xffff;
							 *(_t528 - 0x2c) =  *(_t528 - 0x2c) & 0x0000ffff;
							_t501 =  *(_t528 - 0x44);
							__eflags = _t501;
							if(_t501 == 0) {
								L145:
								_t333 =  *(_t528 - 0x2c) + 8;
								 *(_t528 - 0x60) = _t333;
								__eflags = _t333 -  *((intOrPtr*)(_t528 + 0xc));
								if(_t333 >=  *((intOrPtr*)(_t528 + 0xc))) {
									__eflags = _t333 + 2 - _t510;
									if(_t333 + 2 > _t510) {
										goto L19;
									}
									L71:
									return E00726F58(_t429, _t501, _t510);
								}
								_t510 = L"\\\\.\\";
								asm("movsd");
								asm("movsd");
								E00704B80( *(_t528 - 0x64) + 8, _t429,  *(_t528 - 0x2c));
								_t235 =  *(_t528 - 0x2c) + 8; // 0x8
								_t501 =  *(_t528 - 0x64) + _t235;
								asm("stosw");
								goto L71;
							}
							__eflags = _t429;
							if(_t429 != 0) {
								_t342 = E0076EAD1(_t439, _t528 - 0x74, _t429, _t501);
								__eflags = _t342;
								if(_t342 >= 0) {
									__eflags =  *_t501;
									if( *_t501 == 0) {
										goto L145;
									}
									goto L19;
								}
								goto L19;
							}
							goto L145;
						}
						 *((short*)(_t528 - 0x46)) =  *((intOrPtr*)(_t528 + 0xc));
						 *(_t528 - 0x48) = 0;
						 *(_t528 - 0x44) =  *(_t528 - 0x64);
						E00704EC0( *(_t528 - 0x64), 0,  *((intOrPtr*)(_t528 + 0xc)));
						_t345 = E00727315(_t429);
						 *(_t528 - 0x68) = _t345;
						 *_t501 = _t345;
						_t429 =  *(_t528 - 0x50);
						 *(_t528 - 0x40) = _t429;
						 *(_t528 - 0x64) = 0;
						 *(_t528 - 0x38) = 0;
						 *((short*)(_t528 - 0x36)) = 0;
						 *(_t528 - 0x34) = 0;
						 *(_t528 - 0x58) = 0;
						 *(_t528 - 0x5c) = 0;
						 *((char*)(_t528 - 0x2d)) = 0;
						 *((intOrPtr*)(_t528 - 4)) = 0;
						_t348 =  *(_t528 - 0x68) - 1;
						__eflags = _t348;
						if(_t348 == 0) {
							_t483 =  *(_t528 - 0x50);
							_t349 = _t483 + 4;
							_t46 = _t528 - 0x6c;
							 *_t46 =  *(_t528 - 0x6c) & 0x00000000;
							__eflags =  *_t46;
							 *(_t528 - 0x28) = 4;
							while(1) {
								 *(_t528 - 0x7c) = _t349;
								__eflags =  *(_t528 - 0x28) - ( *(_t528 - 0x74) & 0x0000ffff);
								if( *(_t528 - 0x28) >= ( *(_t528 - 0x74) & 0x0000ffff)) {
									break;
								}
								_t471 =  *_t349 & 0x0000ffff;
								__eflags = _t471 - 0x5c;
								if(_t471 == 0x5c) {
									L25:
									 *(_t528 - 0x6c) =  *(_t528 - 0x6c) + 1;
									__eflags =  *(_t528 - 0x6c) - 2;
									if( *(_t528 - 0x6c) != 2) {
										L24:
										 *(_t528 - 0x28) =  *(_t528 - 0x28) + 2;
										_t349 =  &(_t349[1]);
										continue;
									}
									break;
								}
								__eflags = _t471 - 0x2f;
								if(_t471 == 0x2f) {
									goto L25;
								}
								goto L24;
							}
							_t351 = _t349 - _t483 >> 1;
							 *(_t528 - 0x2c) = _t351;
							 *(_t528 - 0x64) = _t351 + _t351;
							_t429 = _t429 + _t351 * 2;
							L129:
							 *(_t528 - 0x40) = _t429;
							L43:
							_t501 =  *(_t528 - 0x38);
							_t481 = _t501 & 0x0000ffff;
							_t352 =  *(_t528 - 0x60);
							_t447 = _t481 +  *(_t528 - 0x60);
							_t107 = _t447 + 2; // 0x2
							_t510 = _t107;
							__eflags = _t510 -  *((intOrPtr*)(_t528 + 0xc));
							if(_t510 >  *((intOrPtr*)(_t528 + 0xc))) {
								__eflags =  *(_t528 - 0x78) - 1;
								if( *(_t528 - 0x78) <= 1) {
									_t352 =  *(_t528 - 0x50);
									__eflags =  *( *(_t528 - 0x50)) - 0x2e;
									if( *( *(_t528 - 0x50)) != 0x2e) {
										goto L137;
									}
									__eflags =  *(_t528 - 0x78) - 1;
									if( *(_t528 - 0x78) != 1) {
										__eflags = _t447 - 0xffff;
										if(_t447 > 0xffff) {
											_t447 = 0;
											__eflags = 0;
										}
										 *(_t528 - 0x58) = _t447;
										L70:
										 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
										E00728209(_t352, _t481);
										goto L71;
									}
									__eflags = _t501 - 6;
									if(_t501 != 6) {
										__eflags =  *((intOrPtr*)(_t528 + 0xc)) - _t481;
										if( *((intOrPtr*)(_t528 + 0xc)) >= _t481) {
											 *(_t528 - 0x28) =  *(_t528 - 0x28) & 0x00000000;
											_t302 = _t528 - 0x3c;
											 *_t302 =  *(_t528 - 0x3c) & 0x00000000;
											__eflags =  *_t302;
											_t325 =  *(_t528 - 0x44);
											while(1) {
												__eflags =  *(_t528 - 0x28) - ( *(_t528 - 0x38) & 0x0000ffff);
												if( *(_t528 - 0x28) >= ( *(_t528 - 0x38) & 0x0000ffff)) {
													break;
												}
												_t481 =  *(_t528 - 0x3c) +  *(_t528 - 0x3c);
												_t460 =  *(_t481 +  *(_t528 - 0x34)) & 0x0000ffff;
												__eflags = _t460 - 0x5c;
												if(_t460 == 0x5c) {
													L192:
													_t460 = 0x5c;
													L193:
													 *(_t481 + _t325) = _t460;
													 *(_t528 - 0x28) =  *(_t528 - 0x28) + 2;
													 *(_t528 - 0x3c) =  *(_t528 - 0x3c) + 1;
													continue;
												}
												__eflags = _t460 - 0x2f;
												if(_t460 != 0x2f) {
													goto L193;
												}
												goto L192;
											}
											 *(_t528 - 0x48) =  *(_t528 - 0x38) + 0xfffffffe;
											L51:
											_t123 = _t528 - 0x48; // 0x732678
											_t452 = ( *_t123 & 0x0000ffff) + _t325;
											 *(_t528 - 0x54) = _t452;
											 *_t452 = 0;
											_t357 = _t429 -  *(_t528 - 0x50);
											 *(_t528 - 0x28) = _t357;
											while(1) {
												_t511 =  *(_t528 - 0x74) & 0x0000ffff;
												if(_t357 >= _t511) {
													break;
												}
												_t364 = 2;
												 *(_t528 - 0x28) =  *(_t528 - 0x28) + _t364;
												_t505 =  *_t429 & 0x0000ffff;
												_t486 = (_t505 & 0x0000ffff) - 0x2e;
												if(_t486 == 0) {
													_t364 = 2;
													_t481 = _t511 -  *(_t528 - 0x28) + _t364;
													 *(_t528 - 0x3c) = _t481;
													__eflags = _t481 - _t364;
													if(_t481 < _t364) {
														L56:
														 *(_t528 - 0x28) =  *(_t528 - 0x28) - _t364;
														 *(_t528 - 0x3c) = _t511 -  *(_t528 - 0x28);
														while( *(_t528 - 0x3c) != 0) {
															_t489 =  *_t429 & 0x0000ffff;
															if(_t489 == 0x5c || _t489 == 0x2f) {
																break;
															} else {
																 *(_t528 - 0x3c) =  *(_t528 - 0x3c) - _t364;
																 *(_t528 - 0x28) =  *(_t528 - 0x28) + _t364;
																 *_t452 = _t489;
																_t452 = _t452 + _t364;
																 *(_t528 - 0x54) = _t452;
																_t429 = _t429 + _t364;
																 *(_t528 - 0x40) = _t429;
																continue;
															}
														}
														_t481 =  *_t429 & 0x0000ffff;
														__eflags = _t481 - 0x5c;
														if(_t481 != 0x5c) {
															__eflags = _t481 - 0x2f;
															if(_t481 == 0x2f) {
																goto L73;
															}
															L75:
															_t357 =  *(_t528 - 0x28);
															continue;
														}
														L73:
														_t481 = _t452 - 2;
														__eflags =  *_t481 - 0x2e;
														if( *_t481 == 0x2e) {
															__eflags = _t452 - 4 -  *(_t528 - 0x44);
															if(_t452 - 4 >=  *(_t528 - 0x44)) {
																__eflags =  *((short*)(_t452 - 4)) - 0x2e;
																if( *((short*)(_t452 - 4)) != 0x2e) {
																	_t452 = _t481;
																	 *(_t528 - 0x54) = _t452;
																}
															}
														}
														goto L75;
													}
													__eflags = _t505 - 0x2e;
													if(_t505 != 0x2e) {
														L98:
														__eflags = _t481 - _t364;
														if(_t481 < _t364) {
															goto L56;
														}
														__eflags = _t505 - 0x2e;
														if(_t505 != 0x2e) {
															goto L56;
														}
														_t169 = _t481 - 2; // 0x0
														__eflags = _t169 - _t364;
														if(_t169 < _t364) {
															goto L56;
														}
														__eflags =  *(_t429 + 2) - 0x2e;
														if( *(_t429 + 2) != 0x2e) {
															goto L56;
														}
														__eflags = _t481 + 0xfffffffc;
														if(_t481 + 0xfffffffc == 0) {
															while(1) {
																L110:
																__eflags =  *_t452 - 0x5c;
																if( *_t452 == 0x5c) {
																	break;
																}
																 *_t452 = 0;
																_t452 = _t452 - _t364;
																 *(_t528 - 0x54) = _t452;
															}
															_t481 =  *(_t528 - 0x44);
															_t366 =  *(_t528 - 0x2c);
															while(1) {
																L105:
																__eflags = _t452 - _t481 + _t366 * 2 - 2;
																if(_t452 == _t481 + _t366 * 2 - 2) {
																	break;
																}
																 *_t452 = 0;
																_t452 = _t452;
																 *(_t528 - 0x54) = _t452;
																__eflags =  *_t452 - 0x5c;
																if( *_t452 != 0x5c) {
																	continue;
																}
																break;
															}
															__eflags = _t452 - _t481 + _t366 * 2 - 2;
															if(_t452 == _t481 + _t366 * 2 - 2) {
																_t452 = _t452 + 2;
																 *(_t528 - 0x54) = _t452;
															}
															_t429 = _t429 + 4;
															__eflags = _t429;
															L109:
															 *(_t528 - 0x40) = _t429;
															 *(_t528 - 0x28) =  *(_t528 - 0x28) + 2;
															goto L75;
														}
														_t492 =  *(_t429 + 4) & 0x0000ffff;
														__eflags = _t492 - 0x5c;
														if(_t492 == 0x5c) {
															goto L110;
														}
														__eflags = _t492 - 0x2f;
														if(_t492 != 0x2f) {
															goto L56;
														} else {
															goto L110;
														}
														goto L105;
													}
													_t167 = _t481 - 2; // 0x0
													__eflags = _t167;
													if(_t167 == 0) {
														L139:
														_t429 = _t429 + 2;
														 *(_t528 - 0x40) = _t429;
														__eflags =  *(_t528 - 0x28) - _t511;
														if( *(_t528 - 0x28) >= _t511) {
															goto L75;
														}
														_t481 =  *_t429 & 0x0000ffff;
														__eflags = _t481 - 0x5c;
														if(_t481 != 0x5c) {
															__eflags = _t481 - 0x2f;
															if(_t481 == 0x2f) {
																goto L141;
															}
															goto L75;
														}
														L141:
														_t429 = _t429 + 2;
														goto L109;
													}
													_t369 =  *(_t429 + 2) & 0x0000ffff;
													__eflags = _t369 - 0x5c;
													if(_t369 == 0x5c) {
														goto L139;
													}
													__eflags = _t369 - 0x2f;
													if(_t369 == 0x2f) {
														goto L139;
													}
													_t364 = 2;
													goto L98;
												}
												_t481 = _t486 - 1;
												if(_t481 == 0) {
													L85:
													__eflags =  *(_t452 - 2) - 0x5c;
													if( *(_t452 - 2) != 0x5c) {
														_t481 = 0x5c;
														 *_t452 = _t481;
														_t452 = _t452 + _t364;
														__eflags = _t452;
														 *(_t528 - 0x54) = _t452;
													}
													_t429 = _t429 + _t364;
													 *(_t528 - 0x40) = _t429;
													goto L75;
												}
												_t481 = _t481 - 0x2d;
												if(_t481 == 0) {
													goto L85;
												}
												goto L56;
											}
											 *_t452 = 0;
											__eflags =  *(_t528 - 0x49);
											if( *(_t528 - 0x49) != 0) {
												_t361 =  *(_t528 - 0x44);
												_t481 =  *(_t528 - 0x2c);
												__eflags = _t452 - _t361 + _t481 * 2;
												if(_t452 > _t361 + _t481 * 2) {
													_t481 = _t452 - 2;
													__eflags =  *_t481 - 0x5c;
													if( *_t481 == 0x5c) {
														_t452 = _t481;
														 *(_t528 - 0x54) = _t452;
														 *_t452 = 0;
													}
												}
											}
											_t429 =  *(_t528 - 0x44);
											_t501 = _t452 - _t429;
											__eflags = _t501;
											while(1) {
												 *(_t528 - 0x48) = _t501;
												__eflags = _t452 - _t429;
												if(_t452 <= _t429) {
													break;
												}
												_t156 = _t452 - 2; // 0x2c
												_t481 = _t156;
												_t512 =  *_t481 & 0x0000ffff;
												__eflags = _t512 - 0x20;
												if(_t512 == 0x20) {
													L163:
													_t452 = _t481;
													 *(_t528 - 0x54) = _t452;
													 *_t452 = 0;
													_t259 = _t528 - 0x48; // 0x732678
													_t501 =  *_t259 + 0xfffffffe;
													continue;
												}
												__eflags = _t512 - 0x2e;
												if(_t512 == 0x2e) {
													goto L163;
												}
												break;
											}
											_t359 =  *(_t528 - 0x80);
											_t510 = 0;
											__eflags = _t359;
											if(_t359 == 0) {
												L68:
												_t352 = _t501 & 0x0000ffff;
												L69:
												 *(_t528 - 0x58) = _t352;
												goto L70;
											}
											_t453 = _t452 + 0xfffffffe;
											 *(_t528 - 0x40) = _t453;
											 *(_t528 - 0x54) = 0;
											while(1) {
												__eflags = _t453 - _t429;
												if(_t453 <= _t429) {
													break;
												}
												__eflags =  *_t453 - 0x5c;
												if( *_t453 == 0x5c) {
													_t481 = _t453 + 2;
													 *(_t528 - 0x54) = _t481;
													break;
												}
												_t453 = _t453;
												__eflags = _t453;
												 *(_t528 - 0x40) = _t453;
											}
											__eflags = _t481 - _t510;
											if(_t481 == _t510) {
												L28:
												 *_t359 = _t510;
												goto L68;
											}
											__eflags =  *_t481 - _t510;
											if( *_t481 == _t510) {
												goto L28;
											}
											__eflags =  *(_t528 - 0x68) - 1;
											if( *(_t528 - 0x68) == 1) {
												_t454 =  *(_t528 - 0x2c);
												__eflags = _t481 - _t429 + _t454 * 2;
												if(_t481 >= _t429 + _t454 * 2) {
													goto L67;
												}
												goto L28;
											}
											L67:
											 *_t359 = _t481;
											goto L68;
										}
										 *(_t528 - 0x58) = _t481;
										goto L70;
									}
									__eflags =  *((intOrPtr*)(_t528 + 0xc)) - 6;
									if( *((intOrPtr*)(_t528 + 0xc)) > 6) {
										goto L44;
									}
									 *(_t528 - 0x58) = 8;
									goto L70;
								}
								L137:
								__eflags = _t510 - 0xffff;
								if(_t510 > 0xffff) {
									_t510 = 0;
								}
								 *(_t528 - 0x58) = _t510;
								goto L70;
							}
							L44:
							_t461 =  *(_t528 - 0x64);
							_t325 =  *(_t528 - 0x44);
							__eflags = _t461;
							if(_t461 != 0) {
								L46:
								_t494 = 0;
								__eflags = 0;
								 *(_t528 - 0x28) = 0;
								 *(_t528 - 0x3c) = 0;
								_t507 = 0x5c;
								while(1) {
									__eflags =  *(_t528 - 0x28) - _t461;
									if( *(_t528 - 0x28) >= _t461) {
										break;
									}
									_t517 =  *(_t528 - 0x3c) +  *(_t528 - 0x3c);
									_t463 =  *(_t517 +  *(_t528 - 0x50)) & 0x0000ffff;
									__eflags = _t463 - _t507;
									if(_t463 == _t507) {
										L133:
										_t463 = _t507;
										L132:
										 *(_t517 + _t325) = _t463;
										 *(_t528 - 0x28) =  *(_t528 - 0x28) + 2;
										 *(_t528 - 0x3c) =  *(_t528 - 0x3c) + 1;
										_t461 =  *(_t528 - 0x64);
										continue;
									}
									__eflags = _t463 - 0x2f;
									if(_t463 == 0x2f) {
										goto L133;
									}
									goto L132;
								}
								 *(_t528 - 0x48) = _t461;
								 *(_t528 - 0x28) = _t494;
								while(1) {
									 *(_t528 - 0x3c) = _t494;
									__eflags =  *(_t528 - 0x28) - ( *(_t528 - 0x38) & 0x0000ffff);
									if( *(_t528 - 0x28) >= ( *(_t528 - 0x38) & 0x0000ffff)) {
										break;
									}
									_t466 =  *( *(_t528 - 0x34) + _t494 * 2) & 0x0000ffff;
									__eflags = _t466 - _t507;
									if(_t466 == _t507) {
										L128:
										_t202 = _t528 - 0x48; // 0x732678
										 *((short*)(_t325 + ((( *_t202 & 0x0000ffff) >> 1) + _t494) * 2)) = _t507;
										L127:
										 *(_t528 - 0x28) =  *(_t528 - 0x28) + 2;
										_t494 = _t494 + 1;
										continue;
									}
									__eflags = _t466 - 0x2f;
									if(_t466 == 0x2f) {
										goto L128;
									}
									_t197 = _t528 - 0x48; // 0x732678
									_t521 = (( *_t197 & 0x0000ffff) >> 1) + _t494;
									__eflags = _t521;
									 *(_t325 + _t521 * 2) = _t466;
									goto L127;
								}
								_t120 = _t528 - 0x48; // 0x732678
								_t481 =  *(_t528 - 0x38) +  *_t120;
								__eflags = _t481;
								 *(_t528 - 0x48) = _t481;
								goto L51;
							}
							__eflags =  *(_t528 - 0x34) - _t325;
							if( *(_t528 - 0x34) == _t325) {
								 *(_t528 - 0x48) = _t501;
								goto L51;
							}
							goto L46;
						}
						_t371 = _t348 - 1;
						__eflags = _t371;
						if(_t371 != 0) {
							_t372 = _t371 - 1;
							__eflags = _t372;
							if(__eflags == 0) {
								_t373 = E0073F3C7(_t481, __eflags, 0);
								 *(_t528 - 0x5c) = _t373;
								 *((char*)(_t528 - 0x2d)) = 1;
								__eflags = _t373;
								if(_t373 == 0) {
									_t510 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x10)) + 0x24;
								}
								_t376 =  *(_t528 - 0x5c);
								__eflags = _t376;
								if(_t376 == 0) {
									_t377 = _t510[4];
								} else {
									_t377 =  *(_t376 + 4);
								}
								_t379 = E00727377( *_t377 & 0x0000ffff);
								_t429 = _t379 & 0x0000ffff;
								_t501 = E00727377( *( *(_t528 - 0x50)) & 0x0000ffff) & 0x0000ffff;
								__eflags = (_t379 & 0x0000ffff) - _t501;
								if(__eflags == 0) {
									_t472 =  *(_t528 - 0x5c);
									__eflags = _t472;
									if(_t472 == 0) {
										_t383 =  *_t510;
										_t523 = _t510[4];
									} else {
										_t383 =  *_t472;
										_t523 =  *(_t472 + 4);
									}
									 *(_t528 - 0x38) = _t383;
									 *(_t528 - 0x34) = _t523;
									L15:
									 *(_t528 - 0x2c) = 3;
									_t429 =  *(_t528 - 0x50) + 4;
									 *(_t528 - 0x40) = _t429;
									 *(_t528 - 0x60) =  *(_t528 - 0x60) - 4;
									goto L43;
								} else {
									E006D5BCC(0, _t481, __eflags, _t501);
									_t385 = 0x3d;
									 *(_t528 - 0x24) = _t385;
									 *(_t528 - 0x22) = _t501;
									_t386 = 0x3a;
									 *((short*)(_t528 - 0x20)) = _t386;
									 *((short*)(_t528 - 0x1e)) = 0;
									E00703D00(0, _t528 - 0x88, _t528 - 0x24);
									_t28 = _t528 - 0x48; // 0x732678
									 *(_t528 - 0x38) =  *_t28;
									 *(_t528 - 0x34) =  *(_t528 - 0x44);
									_t395 = E00734E2B(__eflags, 0, _t528 - 0x88, _t528 - 0x38);
									__eflags = _t395;
									if(_t395 < 0) {
										__eflags = _t395 - 0xc0000023;
										if(_t395 != 0xc0000023) {
											 *(_t528 - 0x24) = _t501;
											_t396 = 0x3a;
											 *(_t528 - 0x22) = _t396;
											_t397 = 0x5c;
											 *((short*)(_t528 - 0x20)) = _t397;
											 *((short*)(_t528 - 0x1e)) = 0;
											E00703D00(0, _t528 - 0x38, _t528 - 0x24);
											goto L15;
										}
										_t352 =  *(_t528 - 0x60) + ( *(_t528 - 0x38) & 0x0000ffff) + 2;
										__eflags = _t352 - 0xffff;
										if(_t352 > 0xffff) {
											_t352 = 0;
										}
										goto L69;
									} else {
										_t404 = ( *(_t528 - 0x38) & 0x0000ffff) >> 1;
										__eflags = _t404 - 3;
										if(_t404 > 3) {
											_t474 = 0x5c;
											 *((short*)( *(_t528 - 0x34) + _t404 * 2)) = _t474;
											 *(_t528 - 0x38) =  *(_t528 - 0x38) + 2;
										}
										goto L15;
									}
								}
							}
							_t407 = _t372 - 1;
							__eflags = _t407;
							if(__eflags == 0) {
								_t508 = E0073F3C7(_t481, __eflags, 1);
								 *(_t528 - 0x5c) = _t508;
								 *((char*)(_t528 - 0x2d)) = 1;
								__eflags = _t508;
								if(_t508 == 0) {
									_t510 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x10)) + 0x24;
									_t429 =  *(_t528 - 0x40);
									_t508 =  *(_t528 - 0x5c);
									__eflags = _t508;
									if(_t508 != 0) {
										goto L3;
									}
									_t411 = _t510;
									L4:
									_t412 = E0073F487(_t411);
									 *(_t528 - 0x2c) = _t412;
									__eflags = _t412 - 3;
									if(_t412 != 3) {
										__eflags = _t508;
										if(_t508 == 0) {
											_t475 =  *_t510;
											_t525 = _t510[4];
										} else {
											_t475 =  *_t508;
											_t525 =  *(_t508 + 4);
										}
										 *(_t528 - 0x38) = _t475;
										 *(_t528 - 0x34) = _t525;
										_t414 =  *(_t528 - 0x2c) +  *(_t528 - 0x2c);
									} else {
										__eflags = _t508;
										if(_t508 == 0) {
											_t476 =  *_t510;
											_t526 = _t510[4];
										} else {
											_t476 =  *_t508;
											_t526 =  *(_t508 + 4);
										}
										 *(_t528 - 0x38) = _t476;
										 *(_t528 - 0x34) = _t526;
										_t414 = 4;
									}
									 *(_t528 - 0x38) = _t414;
									goto L43;
								}
								L3:
								_t411 = _t508;
								goto L4;
							}
							_t415 = _t407 - 1;
							__eflags = _t415;
							if(__eflags != 0) {
								_t416 = _t415 - 1;
								__eflags = _t416;
								if(_t416 != 0) {
									_t352 = _t416 != 1;
									__eflags = _t416 != 1;
									if(_t416 != 1) {
										 *(_t528 - 0x58) =  *(_t528 - 0x58) & 0;
										goto L70;
									}
									_t417 =  *0x74523c; // 0xa0008
									 *(_t528 - 0x38) = _t417;
									_t477 =  *0x745240; // 0x74501c
									 *(_t528 - 0x34) = _t477;
									_t418 = _t417 + 0xfffffffc;
									 *(_t528 - 0x38) = _t418;
									 *(_t528 - 0x64) = (_t418 & 0x0000ffff) + 2;
									 *(_t528 - 0x2c) = 3;
									_t429 =  *(_t528 - 0x50) + 6;
									 *(_t528 - 0x40) = _t429;
									 *(_t528 - 0x60) =  *(_t528 - 0x60) - 6;
									goto L43;
								}
								 *(_t528 - 0x64) = 8;
								 *(_t528 - 0x2c) = 4;
								_t429 =  *(_t528 - 0x50) + 8;
								goto L129;
							}
							_t497 = E0073F3C7(_t481, __eflags, 1);
							 *(_t528 - 0x5c) = _t497;
							 *((char*)(_t528 - 0x2d)) = 1;
							__eflags = _t497;
							if(_t497 == 0) {
								_t510 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x10)) + 0x24;
								_t429 =  *(_t528 - 0x40);
								_t497 =  *(_t528 - 0x5c);
							} else {
								 *(_t501 + 4) = _t497[0xc];
							}
							__eflags = _t497;
							if(_t497 == 0) {
								_t425 =  *_t510;
								_t478 = _t510[4];
							} else {
								_t425 =  *_t497;
								_t478 = _t497[4];
							}
							 *(_t528 - 0x38) = _t425;
							 *(_t528 - 0x34) = _t478;
							__eflags = _t497;
							if(_t497 != 0) {
								_t510 = _t497;
							}
							 *(_t528 - 0x2c) = E0073F487(_t510);
							goto L43;
						}
						 *(_t528 - 0x2c) = 3;
						goto L43;
					}
					__eflags = _t329 - 0x2f;
					 *(_t528 - 0x49) = 1;
					if(_t329 == 0x2f) {
						goto L113;
					}
					goto L39;
				}
			}

0x00727fab
0x00727fad
0x00727fb2
0x00727fb7
0x00727fbd
0x00727fc0
0x00727fc3
0x00727fc6
0x00727fc9
0x00727fcc
0x00727fcf
0x00727fd3
0x007288d6
0x007288d6
0x00727fd9
0x00727fdb
0x00727fdd
0x00727fdd
0x00727fe0
0x00727fe7
0x0074db67
0x0074db67
0x00727fed
0x00727fef
0x00727ff2
0x00727ff4
0x00727ff7
0x00727ffa
0x00727ffd
0x00728000
0x00728005
0x00728007
0x0072800a
0x0072800d
0x0072800f
0x006fac75
0x00000000
0x00728015
0x00728015
0x00728018
0x00000000
0x00000000
0x0072801e
0x00728021
0x00728021
0x00728023
0x00728028
0x0072802b
0x0072802b
0x00728030
0x00000000
0x00000000
0x007469db
0x007469db
0x007469db
0x007469df
0x007469e4
0x007469e4
0x007469e6
0x007469eb
0x007469eb
0x007469ee
0x007469ee
0x00728036
0x00728039
0x00000000
0x00000000
0x0072803f
0x00728044
0x00728048
0x0073cc94
0x0073cc94
0x0072805c
0x00728060
0x00728065
0x00728068
0x0072806a
0x00744fb6
0x00744fb9
0x00744fbe
0x00744fc1
0x00744fc4
0x00744fc6
0x00744fd0
0x00744fd3
0x00744fd6
0x00744fd9
0x00744fdc
0x007451f9
0x007451fb
0x00000000
0x00000000
0x007281fc
0x00728201
0x00728201
0x00744fe2
0x00744fec
0x00744fed
0x00744ffb
0x0074500b
0x0074500b
0x0074500f
0x00000000
0x00745011
0x00744fc8
0x00744fca
0x0074db79
0x0074db7e
0x0074db80
0x007451e9
0x007451ec
0x00000000
0x00000000
0x00000000
0x007451f2
0x00000000
0x0074db86
0x00000000
0x00744fca
0x00728073
0x00728079
0x00728080
0x00728087
0x00728090
0x00728095
0x00728098
0x0072809a
0x0072809d
0x007280a2
0x007280a7
0x007280ab
0x007280af
0x007280b2
0x007280b5
0x007280b8
0x007280bb
0x007280c1
0x007280c1
0x007280c2
0x006fe5cb
0x006fe5ce
0x006fe5d1
0x006fe5d1
0x006fe5d1
0x006fe5d5
0x006fe5dc
0x006fe5dc
0x006fe5e3
0x006fe5e6
0x00000000
0x00000000
0x006fe5e8
0x006fe5eb
0x006fe5ef
0x006fe5ff
0x006fe5ff
0x006fe602
0x006fe606
0x006fe5f7
0x006fe5f7
0x006fe5fc
0x00000000
0x006fe5fc
0x00000000
0x006fe606
0x006fe5f1
0x006fe5f5
0x00000000
0x00000000
0x00000000
0x006fe5f5
0x006fe60a
0x006fe60c
0x006fe612
0x006fe615
0x007408e3
0x007408e3
0x007280d6
0x007280d6
0x007280da
0x007280dd
0x007280e0
0x007280e3
0x007280e3
0x007280e6
0x007280e9
0x00741a7f
0x00741a83
0x0074dc6c
0x0074dc6f
0x0074dc73
0x00000000
0x00000000
0x0074dc79
0x0074dc7d
0x0074dcf3
0x0074dcf9
0x0074dcfb
0x0074dcfb
0x0074dcfb
0x0074dcfd
0x007281ed
0x007281ed
0x007281f4
0x00000000
0x007281f9
0x0074dc7f
0x0074dc83
0x0074dc9b
0x0074dc9e
0x0074dca8
0x0074dcac
0x0074dcac
0x0074dcac
0x0074dcb0
0x0074dcb3
0x0074dcb7
0x0074dcba
0x00000000
0x00000000
0x0074dcbf
0x0074dcc4
0x0074dcc8
0x0074dccc
0x0074dcd4
0x0074dcd6
0x0074dcd7
0x0074dcd7
0x0074dcdb
0x0074dcdf
0x00000000
0x0074dcdf
0x0074dcce
0x0074dcd2
0x00000000
0x00000000
0x00000000
0x0074dcd2
0x0074dcea
0x00728139
0x00728139
0x0072813d
0x0072813f
0x00728144
0x00728149
0x0072814c
0x0072814f
0x0072814f
0x00728155
0x00000000
0x00000000
0x0072815d
0x0072815e
0x00728161
0x00728167
0x0072816a
0x0072db10
0x0072db11
0x0072db13
0x0072db16
0x0072db18
0x00728180
0x00728180
0x00728186
0x00728189
0x00728193
0x0072819a
0x00000000
0x007281a2
0x007281a2
0x007281a5
0x007281a8
0x007281ab
0x007281ad
0x007281b0
0x007281b2
0x00000000
0x007281b2
0x0072819a
0x00728214
0x00728217
0x0072821b
0x00728538
0x0072853c
0x00000000
0x00000000
0x0072822f
0x0072822f
0x00000000
0x0072822f
0x00728221
0x00728221
0x00728224
0x00728228
0x0074dd28
0x0074dd2b
0x0074dd31
0x0074dd36
0x0074dd3c
0x0074dd3e
0x0074dd3e
0x0074dd36
0x0074dd2b
0x00000000
0x00728228
0x0072db1e
0x0072db22
0x0072db4a
0x0072db4a
0x0072db4c
0x00000000
0x00000000
0x0072db52
0x0072db56
0x00000000
0x00000000
0x0072db5c
0x0072db5f
0x0072db61
0x00000000
0x00000000
0x0072db67
0x0072db6c
0x00000000
0x00000000
0x0072db72
0x0072db75
0x0072e32d
0x0072e32d
0x0072e32d
0x0072e331
0x00000000
0x00000000
0x0072e335
0x0072e338
0x0072e33a
0x0072e33a
0x0072e33f
0x0072e342
0x0072db8e
0x0072db8e
0x0072db92
0x0072db94
0x00000000
0x00000000
0x0072db98
0x0072db9c
0x0072db9d
0x0072dba0
0x0072dba4
0x00000000
0x00000000
0x00000000
0x0072dba4
0x0072dbaa
0x0072dbac
0x0074dd1c
0x0074dd1d
0x0074dd1d
0x0072dbb2
0x0072dbb2
0x0072dbb5
0x0072dbb5
0x0072dbb8
0x00000000
0x0072dbb8
0x0072db7b
0x0072db7f
0x0072db83
0x00000000
0x00000000
0x0074522c
0x00745230
0x00000000
0x00745236
0x00000000
0x00745236
0x00000000
0x00745230
0x0072db24
0x0072db27
0x0072db29
0x007449e5
0x007449e6
0x007449e7
0x007449ea
0x007449ed
0x00000000
0x00000000
0x007449f3
0x007449f6
0x007449fa
0x0074dd0c
0x0074dd10
0x00000000
0x00000000
0x00000000
0x0074dd16
0x00744a00
0x00744a01
0x00000000
0x00744a01
0x0072db2f
0x0072db33
0x0072db37
0x00000000
0x00000000
0x0072db3d
0x0072db41
0x00000000
0x00000000
0x0072db49
0x00000000
0x0072db49
0x00728170
0x00728171
0x007282a1
0x007282a1
0x007282a6
0x007282aa
0x007282ab
0x007282ae
0x007282ae
0x007282b0
0x007282b0
0x007282b3
0x007282b5
0x00000000
0x007282b5
0x00728177
0x0072817a
0x00000000
0x00000000
0x00000000
0x0072817a
0x00728239
0x0072823c
0x0072823f
0x00728241
0x00728244
0x0072824a
0x0072824c
0x0072824e
0x00728251
0x00728255
0x00744e04
0x00744e06
0x00744e0b
0x00744e0b
0x00728255
0x0072824c
0x0072825d
0x00728260
0x00728260
0x00728262
0x00728262
0x00728266
0x00728268
0x00000000
0x00000000
0x0072826a
0x0072826a
0x0072826d
0x00728270
0x00728274
0x00748e31
0x00748e31
0x00748e33
0x00748e38
0x00748e3b
0x00748e3e
0x00000000
0x00748e3e
0x0072827a
0x0072827e
0x00000000
0x00000000
0x00000000
0x0072827e
0x00728284
0x00728287
0x00728289
0x0072828b
0x007281e7
0x007281e7
0x007281ea
0x007281ea
0x00000000
0x007281ea
0x00728291
0x00728294
0x00728299
0x007281c6
0x007281c6
0x007281c8
0x00000000
0x00000000
0x007281b7
0x007281bb
0x007288dd
0x007288e0
0x00000000
0x007288e0
0x007281c2
0x007281c2
0x007281c3
0x007281c3
0x007281ca
0x007281cc
0x006fe648
0x006fe648
0x00000000
0x006fe648
0x007281d2
0x007281d5
0x00000000
0x00000000
0x007281db
0x007281df
0x006fe63a
0x006fe640
0x006fe642
0x00000000
0x00000000
0x00000000
0x006fe642
0x007281e5
0x007281e5
0x00000000
0x007281e5
0x0074dca0
0x00000000
0x0074dca0
0x0074dc85
0x0074dc89
0x00000000
0x00000000
0x0074dc8f
0x00000000
0x0074dc8f
0x00741a89
0x00741a89
0x00741a8f
0x0074dd05
0x0074dd05
0x00741a95
0x00000000
0x00741a95
0x007280ef
0x007280ef
0x007280f2
0x007280f5
0x007280f7
0x00728102
0x00728102
0x00728102
0x00728104
0x00728107
0x0072810c
0x0072810d
0x0072810d
0x00728110
0x00000000
0x00000000
0x007408ee
0x007408f3
0x007408f7
0x007408fa
0x00740915
0x00740915
0x00740902
0x00740902
0x00740906
0x0074090a
0x0074090d
0x00000000
0x0074090d
0x007408fc
0x00740900
0x00000000
0x00000000
0x00000000
0x00740900
0x00728116
0x0072811a
0x0072811d
0x0072811d
0x00728124
0x00728127
0x00000000
0x00000000
0x0073f42d
0x0073f431
0x0073f434
0x0073f452
0x0073f452
0x0073f45c
0x0073f448
0x0073f448
0x0073f44c
0x00000000
0x0073f44c
0x0073f436
0x0073f43a
0x00000000
0x00000000
0x0073f43c
0x0073f442
0x0073f442
0x0073f444
0x00000000
0x0073f444
0x0072812d
0x00728133
0x00728133
0x00728135
0x00000000
0x00728135
0x007280f9
0x007280fc
0x006d5bbe
0x00000000
0x006d5bbe
0x00000000
0x007280fc
0x007280c8
0x007280c8
0x007280c9
0x0073f349
0x0073f349
0x0073f34a
0x006e0386
0x006e038b
0x006e038e
0x006e0392
0x006e0394
0x0074dbfd
0x0074dbfd
0x006e039a
0x006e039d
0x006e039f
0x0074521a
0x006e03a5
0x006e03a5
0x006e03a5
0x006e03ac
0x006e03b1
0x006e03c0
0x006e03c3
0x006e03c6
0x006e0444
0x006e0447
0x006e0449
0x00745222
0x00745224
0x006e044f
0x006e044f
0x006e0451
0x006e0451
0x006e0454
0x006e0457
0x006e042b
0x006e042b
0x006e0435
0x006e0438
0x006e043b
0x00000000
0x006e03c8
0x006e03c9
0x006e03d0
0x006e03d1
0x006e03d5
0x006e03db
0x006e03dc
0x006e03e2
0x006e03f1
0x006e03f6
0x006e03f9
0x006e03ff
0x006e040f
0x006e0414
0x006e0416
0x0074dc05
0x0074dc0a
0x0074dc29
0x0074dc2f
0x0074dc30
0x0074dc36
0x0074dc37
0x0074dc3d
0x0074dc49
0x00000000
0x0074dc49
0x0074dc13
0x0074dc17
0x0074dc1c
0x0074dc22
0x0074dc22
0x00000000
0x006e041c
0x006e0420
0x006e0422
0x006e0425
0x0074dc55
0x0074dc59
0x0074dc63
0x0074dc63
0x00000000
0x006e0425
0x006e0416
0x006e03c6
0x0073f350
0x0073f350
0x0073f351
0x006d9224
0x006d9226
0x006d9229
0x006d922d
0x006d922f
0x0074dbb9
0x0074dbbc
0x0074dbbf
0x0074dbc2
0x0074dbc4
0x00000000
0x00000000
0x0074dbca
0x006d9237
0x006d9238
0x006d923d
0x006d9240
0x006d9243
0x0074dbd1
0x0074dbd3
0x0074dbdc
0x0074dbde
0x0074dbd5
0x0074dbd5
0x0074dbd7
0x0074dbd7
0x0074dbe1
0x0074dbe4
0x0074dbea
0x006d9249
0x006d9249
0x006d924b
0x00745210
0x00745212
0x006d9251
0x006d9251
0x006d9253
0x006d9253
0x006d9256
0x006d9259
0x006d925e
0x006d925e
0x006d925f
0x00000000
0x006d925f
0x006d9235
0x006d9235
0x00000000
0x006d9235
0x0073f357
0x0073f357
0x0073f358
0x0074094e
0x0074094e
0x0074094f
0x007451a9
0x007451a9
0x007451aa
0x0074db8b
0x00000000
0x0074db8b
0x007451b0
0x007451b5
0x007451b8
0x007451be
0x007451c1
0x007451c4
0x007451cd
0x007451d0
0x007451da
0x007451dd
0x007451e0
0x00000000
0x007451e0
0x00740955
0x0074095c
0x00740966
0x00000000
0x00740966
0x0073f365
0x0073f367
0x0073f36a
0x0073f36e
0x0073f370
0x0074db9f
0x0074dba2
0x0074dba5
0x0073f376
0x0073f379
0x0073f379
0x0073f37c
0x0073f37e
0x00745206
0x00745208
0x0073f384
0x0073f384
0x0073f386
0x0073f386
0x0073f389
0x0073f38c
0x0073f38f
0x0073f391
0x0073f393
0x0073f393
0x0073f39b
0x00000000
0x0073f39b
0x007280cf
0x00000000
0x007280cf
0x0072804e
0x00728052
0x00728056
0x00000000
0x00000000
0x00000000
0x00728056

Strings

\\.\, xrefs: 00744FE2
x&s, xrefs: 0073F452, 0072812D, 00728139, 00748E3B, 0073F43C, 006E03F6
, xrefs: 0072802B

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: $\\.\$x&s
API String ID: 0-705903084
Opcode ID: 0eb530a90eab357f4a4c6ead52612b8347a685e9fabea3aa8a67d4cacdc8f2d1
Instruction ID: cb9ab8bebb903be2a1e2a2aab19c14b135838ae9cb2e08d646439754d367c9d1
Opcode Fuzzy Hash: 0eb530a90eab357f4a4c6ead52612b8347a685e9fabea3aa8a67d4cacdc8f2d1
Instruction Fuzzy Hash: D4527A70D01269CFCF64CFA8D4846ADBBF2FF48314F64812AE416AB291E7799C81CB55

Uniqueness

Uniqueness Score: 0.30%

Function 006F91F7, Relevance: 4.2, Strings: 3, Instructions: 478
UNIQUECrypto

C-Code - Quality: 89%

			E006F91F7(signed int _a4, unsigned int _a8, unsigned int _a12, signed int _a15, intOrPtr _a16, signed short _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int __ebx;
				signed int __edi;
				unsigned int __esi;
				void* __ebp;
				signed char _t228;
				signed int _t230;
				signed short _t234;
				signed int _t238;
				signed int _t247;
				void* _t250;
				signed int _t251;
				signed short _t252;
				signed short _t258;
				signed char _t260;
				signed short _t270;
				signed int _t280;
				signed char _t286;
				signed int _t298;
				signed int _t300;
				signed char _t301;
				void* _t303;
				intOrPtr* _t310;
				signed short _t311;
				signed int _t314;
				signed int _t315;

				_t280 = _a4;
				if(_a20 >  *((intOrPtr*)(_t280 + 0x60))) {
					_t228 = 0;
					goto L58;
				} else {
					__eflags =  *(__ebx + 0x4c);
					_push(__esi);
					__esi = _a12;
					__al =  *((intOrPtr*)(__esi + 2));
					_a15 = __al;
					__eax =  *__esi & 0x0000ffff;
					_push(__edi);
					__edi = __esi + ( *__esi & 0x0000ffff) * 8;
					if( *(__ebx + 0x4c) != 0) {
						__eax =  *(__ebx + 0x50);
						 *__edi =  *__edi ^  *(__ebx + 0x50);
						 *(__edi + 2) =  *(__edi + 2) ^  *(__edi + 1);
						__al =  *(__edi + 2) ^  *(__edi + 1) ^  *__edi;
						__eflags =  *(__edi + 3) - __al;
						if(__eflags != 0) {
							_push(0);
							_push(__edi);
							_push(__ebx);
							__eax = E00794BBA(__ebx, __edi, __esi, __eflags);
						}
					}
					__dl =  *(__edi + 2);
					__eflags = __dl & 0x00000001;
					if((__dl & 0x00000001) != 0) {
						L60:
						__eflags =  *(__ebx + 0x4c);
						if( *(__ebx + 0x4c) != 0) {
							 *(__edi + 1) =  *(__edi + 1) ^ __dl;
							__al =  *(__edi + 1) ^ __dl ^  *__edi;
							 *(__edi + 3) =  *(__edi + 1) ^ __dl ^  *__edi;
							__eax =  *(__ebx + 0x50);
							 *__edi =  *__edi ^  *(__ebx + 0x50);
							__eflags =  *__edi;
						}
						goto L62;
					} else {
						__ecx =  *__edi & 0x0000ffff;
						__eax =  *__esi & 0x0000ffff;
						__eax = ( *__esi & 0x0000ffff) + ( *__edi & 0x0000ffff);
						_v8 = __eax;
						__eflags = __eax - _a20;
						if(__eax < _a20) {
							goto L60;
						}
						__edx =  *(__edi + 0xc);
						__eax = __edi + 8;
						__ecx =  *__eax;
						_v28 = __ecx;
						__ecx =  *(__ecx + 4);
						_v32 = __edx;
						__edx =  *__edx;
						__eflags = __edx - __ecx;
						if(__eflags != 0) {
							L75:
							_push(0);
							_push(__edx);
							_push(__ecx);
							_push(__eax);
							_push(__ebx);
							_push(0xc);
							__eax = E00794B0C(__ebx, __ecx, __edx, __edi, __esi, __eflags);
							L62:
							__al = 0;
							L57:
							L58:
							return _t228;
						}
						__eflags = __edx - __eax;
						if(__eflags != 0) {
							goto L75;
						}
						__eax =  *__edi & 0x0000ffff;
						 *((intOrPtr*)(__ebx + 0x78)) =  *((intOrPtr*)(__ebx + 0x78)) - ( *__edi & 0x0000ffff);
						__eax =  *(__ebx + 0xb8);
						__eflags = __eax;
						if(__eax == 0) {
							L37:
							__eax = _v28;
							__ecx = _v32;
							 *__ecx = __eax;
							 *(__eax + 4) = __ecx;
							__eflags =  *(__edi + 2) & 0x00000008;
							if(( *(__edi + 2) & 0x00000008) != 0) {
								__edx = __edi;
								__ecx = __ebx;
								__eax = E006FC30D(__ebx, __edx);
								__eflags = __al;
								if(__al != 0) {
									goto L38;
								}
								 *__edi & 0x0000ffff = E006FE4D7(__ebx, __edi, __ebx, __edi,  *__edi & 0x0000ffff, 1);
								goto L62;
							}
							L38:
							__al =  *(__edi + 2);
							__eflags = __al & 0x00000004;
							if((__al & 0x00000004) != 0) {
								__ecx =  *__edi & 0x0000ffff;
								__ecx = ( *__edi & 0x0000ffff) * 8 - 0x10;
								_a4 = __ecx;
								__eflags = __al & 0x00000002;
								if((__al & 0x00000002) != 0) {
									__eflags = __ecx - 4;
									if(__ecx > 4) {
										_t158 =  &_a4;
										 *_t158 = _a4 - 4;
										__eflags =  *_t158;
									}
								}
								__eax = __edi + 0x10;
								__eax = E00705770(__edi + 0x10, _a4, 0xfeeefeee);
								_v32 = __eax;
								__eflags = __eax - _a4;
								if(__eax != _a4) {
									__eax =  *[fs:0x18];
									__eax =  *( *[fs:0x18] + 0x30);
									__eflags =  *(__eax + 0xc);
									if( *(__eax + 0xc) == 0) {
										_push("HEAP: ");
										__eax = E006EF63B();
									} else {
										 *[fs:0x18] =  *( *[fs:0x18] + 0x30);
										 *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) =  *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc));
										 *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc)) + 0x2c = E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc)) + 0x2c);
										_pop(__ecx);
									}
									__eax = _v32;
									_pop(__ecx);
									__eax = _v32 + __edi + 0x10;
									_push(_v32 + __edi + 0x10);
									E006EF63B("HEAP: Free Heap block %lx modified at %lx after it was freed\n", __edi) = E007959C1(__edi);
								}
							}
							__al =  *(__edi + 2);
							__edi =  *__esi & 0x0000ffff;
							__cl =  *((intOrPtr*)(__esi + 7));
							_a4 = __al;
							__eax = __di & 0x0000ffff;
							__eax = (__di & 0x0000ffff) << 3;
							__eflags = __cl - 5;
							if(__cl == 5) {
								__ecx =  *(__ebx + 0x54) & 0x0000ffff;
								__edx =  *(__esi + 4) & 0x0000ffff;
								__ecx =  *(__ebx + 0x54) & 0x0000ffff ^ __edx;
							} else {
								__eflags = __cl & 0x00000040;
								if((__cl & 0x00000040) != 0) {
									__cl & 0x000000ff = __cl & 0x3f;
									__ecx =  *(__esi + 4 + (__cl & 0x3f) * 8) & 0x0000ffff;
								} else {
									__cl = __cl & 0x0000003f;
									__eflags = (__cl & 0x0000003f) - 0x3f;
									if((__cl & 0x0000003f) == 0x3f) {
										__eflags = __cl;
										if(__cl >= 0) {
											__eflags =  *(__ebx + 0x4c);
											if( *(__ebx + 0x4c) == 0) {
												__ecx = __di & 0x0000ffff;
											} else {
												__ecx =  *__esi;
												__eflags =  *(__ebx + 0x4c) & __ecx;
												if(( *(__ebx + 0x4c) & __ecx) != 0) {
													__eflags = __ecx;
												}
												__ecx = __cx & 0x0000ffff;
											}
										} else {
											__edx =  *__esi;
											__esi = __esi >> 3;
											__esi >> 0x00000003 ^ 0 = __esi >> 0x00000003 ^ 0 ^  *0x7a81dc;
											__ecx = __esi >> 0x00000003 ^ 0 ^  *0x7a81dc ^ __ebx;
											__cx =  *((intOrPtr*)((__esi >> 0x00000003 ^ 0 ^  *0x7a81dc ^ __ebx) + 0x10));
										}
										__ecx = __cx & 0x0000ffff;
										__ecx =  *(__esi + (__cx & 0x0000ffff) * 8 - 4);
									} else {
										__ecx = __cl & 0x000000ff;
										__ecx = __cl & 0x3f;
										__eflags = __ecx;
									}
								}
							}
							_v20 = __eax;
							__eax = _a20;
							_v8 = _v8 - _a20;
							__eflags = _v8 - 2;
							if(_v8 <= 2) {
								__eax = _v8;
								_a20 = _a20 + _v8;
								_v8 = _v8 & 0x00000000;
							}
							__eflags = _a15 & 0x00000002;
							if((_a15 & 0x00000002) != 0) {
								_t310 = _t315 + _a20 * 8 - 8;
								_t230 =  *_t315 & 0x0000ffff;
								 *_t310 =  *((intOrPtr*)(_t315 + _t230 * 8 - 8));
								 *((intOrPtr*)(_t310 + 4)) =  *((intOrPtr*)(_t315 + _t230 * 8 - 4));
								if((E007271D3() & 0x00000800) != 0) {
									 *(_t310 + 2) = E00783B12(_t280,  *(_t310 + 2) & 0x0000ffff,  *_t315 & 0x0000ffff, _a20, 4);
								}
								L46:
								_t311 = _a20;
								goto L47;
							} else {
								__eax = E007271D3();
								__eflags = __eax & 0x00000800;
								if((__eax & 0x00000800) != 0) {
									__al =  *(__esi + 3);
									__ecx =  *__esi & 0x0000ffff;
									__edi = _a20;
									__al & 0xff = E00783B12(__ebx, __al & 0xff,  *__esi & 0x0000ffff, _a20, 4);
									 *(__esi + 3) = __al;
									L47:
									 *_t315 = _t311;
									if(_v8 == 0) {
										 *(_t315 + 2) =  *(_t315 + 2) | _a4;
										_t286 = (_t311 << 3) - _a16;
										__eflags = _t286 - 0x3f;
										if(_t286 >= 0x3f) {
											__eflags =  *(_t315 + 7) & 0x00000080;
											if(( *(_t315 + 7) & 0x00000080) == 0) {
												__eflags =  *(_t280 + 0x4c);
												if( *(_t280 + 0x4c) == 0) {
													_t234 = _t311 & 0x0000ffff;
												} else {
													_t252 =  *_t315;
													__eflags =  *(_t280 + 0x4c) & _t252;
													if(( *(_t280 + 0x4c) & _t252) != 0) {
														_t252 = _t252 ^  *(_t280 + 0x50);
														__eflags = _t252;
													}
													_t234 = _t252 & 0x0000ffff;
												}
											} else {
												_t234 =  *((intOrPtr*)((_t315 >> 0x00000003 ^  *_t315 ^  *0x7a81dc ^ _t280) + 0x10));
											}
											 *(_t315 + 7) = 0x3f;
											 *(_t315 + (_t234 & 0x0000ffff) * 8 - 4) = _t286;
										} else {
											 *(_t315 + 7) = _t286;
										}
										 *(_t315 + 4 + ( *_t315 & 0xffff) * 8) =  *(_t280 + 0x54) ^  *_t315 & 0x0000ffff;
									} else {
										_t300 = _t311 << 3;
										_a20 = _t300;
										_t301 = _t300 - _a16;
										if(_t301 >= 0x3f) {
											__eflags =  *(_t315 + 7) & 0x00000080;
											if(( *(_t315 + 7) & 0x00000080) == 0) {
												__eflags =  *(_t280 + 0x4c);
												if( *(_t280 + 0x4c) == 0) {
													_t258 = _t311 & 0x0000ffff;
												} else {
													_t270 =  *_t315;
													__eflags =  *(_t280 + 0x4c) & _t270;
													if(( *(_t280 + 0x4c) & _t270) != 0) {
														_t270 = _t270 ^  *(_t280 + 0x50);
														__eflags = _t270;
													}
													_t258 = _t270 & 0x0000ffff;
												}
											} else {
												_t258 =  *((intOrPtr*)((_t315 >> 0x00000003 ^  *_t315 ^  *0x7a81dc ^ _t280) + 0x10));
											}
											 *(_t315 + 7) = 0x3f;
											 *(_t315 + (_t258 & 0x0000ffff) * 8 - 4) = _t301;
										} else {
											 *(_t315 + 7) = _t301;
										}
										_t260 =  *((intOrPtr*)(_t315 + 6));
										if(_t260 == 0) {
											_t305 = _t280;
										} else {
											_t305 = (_t315 & 0xffff0000) - ((_t260 & 0x000000ff) << 0x10) + 0x10000;
										}
										E0072645A(_t280, _t305, _a20 + _t315, _a4,  *(_t280 + 0x40) >> 0x00000006 & 1, _t311, _v8);
									}
									if((_a8 & 0x00000008) != 0) {
										_t238 = _v20;
										__eflags = _a16 - _t238;
										if(_a16 > _t238) {
											E00704EC0(_t238 + _t315 + 8, 0, _a16 - _t238);
										}
									} else {
										if(( *(_t280 + 0x40) & 0x00000040) != 0) {
											_t314 = _v20;
											_t298 = _t314 & 0x00000003;
											__eflags = _t298;
											if(_t298 != 0) {
												_t250 = 4;
												_t251 = _t250 - _t298;
												__eflags = _t251;
												_t298 = _t251;
											}
											_t303 = _t314 + _t298;
											__eflags = _a16 - _t303;
											if(_a16 > _t303) {
												_t247 = _a16 - _t298 - _t314 & 0xfffffffc;
												__eflags = _t247;
												if(_t247 != 0) {
													E00705810(_t303 + _t315 + 8, _t247, 0xbaadf00d);
												}
											}
										}
									}
									if(( *(_t280 + 0x40) & 0x00000020) != 0) {
										asm("stosd");
										asm("stosd");
									}
									 *(_t315 + 2) = (_a8 >> 0x00000004 ^  *(_t315 + 2)) & 0x0000001f ^ _a8 >> 0x00000004;
									_t228 = 1;
									goto L57;
								}
								goto L46;
							}
						} else {
							__ecx =  *__edi & 0x0000ffff;
							while(1) {
								__eflags = __ecx -  *(__eax + 4);
								if(__ecx <  *(__eax + 4)) {
									break;
								}
								__edx =  *__eax;
								__eflags = __edx;
								if(__edx == 0) {
									__ebx =  *(__eax + 4);
									__ebx =  *(__eax + 4) - 1;
									_v12 = __ebx;
									L22:
									__ecx = __ebx;
									__ecx = __ebx -  *((intOrPtr*)(__eax + 0x14));
									__eflags =  *(__eax + 8);
									_v20 = __ecx;
									if( *(__eax + 8) != 0) {
										__ecx = __ecx + __ecx;
										__eflags = __ecx;
									}
									__edx =  *(__eax + 0x20);
									__ecx = __ecx << 2;
									__edx =  *(__eax + 0x20) + __ecx;
									_v16 = __ecx;
									__ecx =  *__edx;
									 *(__eax + 0xc) =  *(__eax + 0xc) - 1;
									_v24 =  *__edx;
									 *(__eax + 4) =  *(__eax + 4) - 1;
									__eflags = __ebx -  *(__eax + 4) - 1;
									if(__ebx ==  *(__eax + 4) - 1) {
										 *((intOrPtr*)(__eax + 0x10)) =  *((intOrPtr*)(__eax + 0x10)) - 1;
									}
									__ecx = __edi + 8;
									__eflags = _v24 - __edi + 8;
									if(_v24 != __edi + 8) {
										__ebx = _a4;
										goto L37;
									} else {
										__eflags =  *__eax;
										__ecx =  *(__eax + 4);
										if( *__eax == 0) {
											__ecx = __ecx - 1;
											__eflags = __ecx;
										}
										__eflags = _v12 - __ecx;
										__ecx =  *(__edi + 8);
										__ebx = _a4;
										if(__eflags >= 0) {
											__eflags = __ecx -  *((intOrPtr*)(__eax + 0x18));
											if(__ecx !=  *((intOrPtr*)(__eax + 0x18))) {
												 *__edx = __ecx;
												goto L37;
											} else {
												 *__edx =  *__edx & 0x00000000;
												goto L36;
											}
										} else {
											_v24 = __ecx;
											__eflags = __ecx -  *((intOrPtr*)(__eax + 0x18));
											if(__ecx ==  *((intOrPtr*)(__eax + 0x18))) {
												L35:
												__ecx =  *(__eax + 0x20);
												__edx = _v16;
												_t77 = __edx + __ecx;
												 *_t77 =  *(__edx + __ecx) & 0x00000000;
												__eflags =  *_t77;
												L36:
												__ecx = _v20;
												__eax =  *(__eax + 0x1c);
												__ecx = __ecx >> 5;
												__eax = __eax + (__ecx >> 5) * 4;
												0 = 1;
												__ecx = __ecx & 0x0000001f;
												__edx = 1 << __cl;
												__edx =  !(1 << __cl);
												 *__eax =  *__eax & __edx;
												__eflags =  *__eax;
												goto L37;
											}
											__eflags =  *(__ebx + 0x4c);
											if( *(__ebx + 0x4c) == 0) {
												__ecx =  *(__ecx - 8) & 0x0000ffff;
											} else {
												__ecx =  *(__ecx - 8);
												__eflags =  *(__ebx + 0x4c) & __ecx;
												if(( *(__ebx + 0x4c) & __ecx) != 0) {
													__eflags = __ecx;
												}
												__ecx = __cx & 0x0000ffff;
											}
											__edx =  *__edi & 0x0000ffff;
											__ecx = __cx & 0x0000ffff;
											__edx = ( *__edi & 0x0000ffff) == (__cx & 0x0000ffff);
											__eflags = ( *__edi & 0x0000ffff) == (__cx & 0x0000ffff);
											if(( *__edi & 0x0000ffff) == (__cx & 0x0000ffff)) {
												__eax =  *(__eax + 0x20);
												__ecx = _v16;
												__edx = _v24;
												 *(_v16 + __eax) = __edx;
												goto L37;
											} else {
												goto L35;
											}
										}
									}
								}
								__eax = __edx;
							}
							__ebx = __ecx;
							_v12 = __ecx;
							goto L22;
						}
					}
				}
			}

0x006f9203
0x006f9209
0x006fba48
0x00000000
0x006f920f
0x006f920f
0x006f9213
0x006f9214
0x006f9217
0x006f921a
0x006f921d
0x006f9220
0x006f9221
0x006f9224
0x006f9226
0x006f9229
0x006f922e
0x006f9231
0x006f9233
0x006f9236
0x0075da11
0x0075da13
0x0075da14
0x0075da15
0x0075da15
0x006f9236
0x006f923c
0x006f923f
0x006f9242
0x006fae0f
0x006fae0f
0x006fae13
0x006fae18
0x006fae1a
0x006fae1c
0x006fae1f
0x006fae22
0x006fae22
0x006fae22
0x00000000
0x006f9248
0x006f9248
0x006f924b
0x006f924e
0x006f9250
0x006f9253
0x006f9256
0x00000000
0x00000000
0x006f925c
0x006f925f
0x006f9262
0x006f9264
0x006f9267
0x006f926a
0x006f926d
0x006f926f
0x006f9271
0x0075da31
0x0075da31
0x0075da33
0x0075da34
0x0075da35
0x0075da36
0x0075da37
0x0075da39
0x006fae24
0x006fae24
0x006f9475
0x006f9477
0x006f9479
0x006f9479
0x006f9277
0x006f9279
0x00000000
0x00000000
0x006f927f
0x006f9282
0x006f9285
0x006f928b
0x006f928d
0x006f9353
0x006f9353
0x006f9356
0x006f9359
0x006f935b
0x006f935e
0x006f9362
0x0074a9dc
0x0074a9de
0x0074a9e0
0x0074a9e5
0x0074a9e7
0x00000000
0x00000000
0x0075da27
0x00000000
0x0075da27
0x006f9368
0x006f9368
0x006f936b
0x006f936d
0x0075da43
0x0075da46
0x0075da4d
0x0075da50
0x0075da52
0x0075da54
0x0075da57
0x0075da59
0x0075da59
0x0075da59
0x0075da59
0x0075da57
0x0075da65
0x0075da69
0x0075da6e
0x0075da71
0x0075da74
0x0075da7a
0x0075da80
0x0075da83
0x0075da87
0x0075daa9
0x0075daae
0x0075da89
0x0075da8f
0x0075da95
0x0075daa1
0x0075daa6
0x0075daa6
0x0075dab3
0x0075dab6
0x0075dab7
0x0075dabb
0x0075dacb
0x0075dacb
0x0075da74
0x006f9373
0x006f9376
0x006f9379
0x006f937c
0x006f937f
0x006f9382
0x006f9385
0x006f9388
0x0075dad5
0x0075dad9
0x0075dadd
0x006f938e
0x006f938e
0x006f9391
0x0075dae7
0x0075daea
0x006f9397
0x006f9399
0x006f939c
0x006f939f
0x0075daf4
0x0075daf6
0x0075db0f
0x0075db13
0x0075db24
0x0075db15
0x0075db15
0x0075db17
0x0075db1a
0x0075db1c
0x0075db1c
0x0075db1f
0x0075db1f
0x0075daf8
0x0075daf8
0x0075dafc
0x0075db01
0x0075db07
0x0075db09
0x0075db09
0x0075db27
0x0075db2a
0x006f93a5
0x006f93a5
0x006f93a8
0x006f93a8
0x006f93a8
0x006f939f
0x006f9391
0x006f93ad
0x006f93b0
0x006f93b3
0x006f93b6
0x006f93ba
0x006fae2b
0x006fae2e
0x006fae31
0x006fae31
0x006f93c0
0x006f93c4
0x006eb2ef
0x006eb2f3
0x006eb2fa
0x006eb300
0x006eb30d
0x0075db47
0x0075db47
0x006f93da
0x006f93da
0x00000000
0x006f93ca
0x006f93ca
0x006f93cf
0x006f93d4
0x0075db50
0x0075db53
0x0075db56
0x0075db66
0x0075db6b
0x006f93dd
0x006f93df
0x006f93e5
0x006fae3d
0x006fae45
0x006fae48
0x006fae4b
0x0075db73
0x0075db77
0x0075db90
0x0075db93
0x0075dba4
0x0075db95
0x0075db95
0x0075db97
0x0075db9a
0x0075db9c
0x0075db9c
0x0075db9c
0x0075db9f
0x0075db9f
0x0075db79
0x0075db8a
0x0075db8a
0x0075dbaa
0x0075dbae
0x006fae51
0x006fae51
0x006fae51
0x006fae61
0x006f93eb
0x006f93ed
0x006f93f0
0x006f93f3
0x006f93f9
0x0075dbb7
0x0075dbbb
0x0075dbd4
0x0075dbd7
0x0075dbe8
0x0075dbd9
0x0075dbd9
0x0075dbdb
0x0075dbde
0x0075dbe0
0x0075dbe0
0x0075dbe0
0x0075dbe3
0x0075dbe3
0x0075dbbd
0x0075dbce
0x0075dbce
0x0075dbee
0x0075dbf2
0x006f93ff
0x006f93ff
0x006f93ff
0x006f9402
0x006f9407
0x006f947c
0x006f9409
0x006f9419
0x006f9419
0x006f943a
0x006f943a
0x006f9443
0x006fb850
0x006fb853
0x006fb856
0x006fb869
0x006fb86e
0x006f9449
0x006f944d
0x0075dbfb
0x0075dc00
0x0075dc00
0x0075dc03
0x0075dc07
0x0075dc08
0x0075dc08
0x0075dc0a
0x0075dc0a
0x0075dc0c
0x0075dc0f
0x0075dc12
0x0075dc1f
0x0075dc1f
0x0075dc22
0x0075dc33
0x0075dc33
0x0075dc22
0x0075dc12
0x006f944d
0x006f9457
0x0075dc49
0x0075dc4a
0x0075dc4a
0x006f9470
0x006f9473
0x00000000
0x006f9473
0x00000000
0x006f93d4
0x006f9293
0x006f9293
0x006f9296
0x006f9296
0x006f9299
0x00000000
0x00000000
0x006f929b
0x006f929d
0x006f929f
0x006f5ca8
0x006f5cab
0x006f5cac
0x006f92ae
0x006f92ae
0x006f92b0
0x006f92b3
0x006f92b7
0x006f92ba
0x006f92bc
0x006f92bc
0x006f92bc
0x006f92be
0x006f92c1
0x006f92c4
0x006f92c6
0x006f92c9
0x006f92cb
0x006f92ce
0x006f92d4
0x006f92d5
0x006f92d7
0x006f5ca0
0x006f5ca0
0x006f92dd
0x006f92e0
0x006f92e3
0x006f6733
0x00000000
0x006f92e9
0x006f92e9
0x006f92ec
0x006f92ef
0x006f92f1
0x006f92f1
0x006f92f1
0x006f92f2
0x006f92f5
0x006f92f8
0x006f92fb
0x006f4734
0x006f4737
0x006f511f
0x00000000
0x006f473d
0x006f473d
0x00000000
0x006f473d
0x006f9301
0x006f9301
0x006f9304
0x006f9307
0x006f932f
0x006f932f
0x006f9332
0x006f9335
0x006f9335
0x006f9335
0x006f9339
0x006f9339
0x006f933c
0x006f9341
0x006f9344
0x006f9349
0x006f934a
0x006f934d
0x006f934f
0x006f9351
0x006f9351
0x00000000
0x006f9351
0x006f9309
0x006f930d
0x006fba4f
0x006f9313
0x006f9313
0x006f9316
0x006f9319
0x006f931b
0x006f931b
0x006f931e
0x006f931e
0x006f9321
0x006f9324
0x006f9327
0x006f9327
0x006f9329
0x006f09e8
0x006f09eb
0x006f09ee
0x006f09f1
0x00000000
0x00000000
0x00000000
0x00000000
0x006f9329
0x006f92fb
0x006f92e3
0x006f92a5
0x006f92a5
0x006f92a9
0x006f92ab
0x00000000
0x006f92ab
0x006f928d
0x006f9242

Strings

HEAP[%wZ]: , xrefs: 0075DA9C
HEAP: Free Heap block %lx modified at %lx after it was freed, xrefs: 0075DABD
HEAP: , xrefs: 0075DAA9

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %lx modified at %lx after it was freed$HEAP[%wZ]:
API String ID: 0-2419525547
Opcode ID: 045e6e67b61c49c4085b9444fec4c145a1173f9da86ab5b293a4c3b05343f27b
Instruction ID: 46eae400bb46c3657ac82904d7af4d9711fafb155b2cbee97e9f63e1ad677662
Opcode Fuzzy Hash: 045e6e67b61c49c4085b9444fec4c145a1173f9da86ab5b293a4c3b05343f27b
Instruction Fuzzy Hash: 6502CD70514249DFCB28CF28C495BBABBF2EF58301F14845DE9968B282D778ED46DB60

Uniqueness

Uniqueness Score: 100.00%

Function 006FC447, Relevance: 4.1, Strings: 3, Instructions: 340
UNIQUECrypto

C-Code - Quality: 88%

			E006FC447(signed short __ecx, signed short* __edx) {
				signed short _v8;
				signed short* _v12;
				signed short* _v16;
				signed short _v20;
				signed short _v24;
				char _v28;
				signed int _v32;
				signed short _v36;
				signed short _t135;
				signed short _t139;
				signed int _t142;
				void* _t150;
				intOrPtr _t152;
				intOrPtr _t161;
				signed int _t177;
				intOrPtr _t180;
				signed short _t181;
				signed short _t183;
				signed short* _t185;
				signed short _t186;
				unsigned int _t195;
				signed int _t198;
				signed short* _t199;
				signed int _t208;
				signed short _t209;
				signed short _t210;
				signed int _t211;
				signed short* _t214;
				unsigned int* _t215;
				signed short* _t221;
				signed short _t227;
				signed int _t228;
				signed short _t231;
				signed short _t233;
				signed short _t234;
				signed short _t237;
				void* _t239;
				signed short _t241;
				signed int _t242;
				void* _t246;
				signed short _t248;
				signed short _t251;
				signed int* _t253;
				signed int _t259;
				signed int _t261;

				_t216 = __ecx;
				_t253 = __edx;
				_t236 =  *__edx & 0x0000ffff;
				__edx[1] = __edx[1] & 0x000000f8;
				_t251 = __ecx;
				__edx[3] = 0;
				_v12 = __edx;
				_v8 =  *__edx & 0x0000ffff;
				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
					_t101 =  &(_t253[4]); // 0x10
					E00705810(_t101, _t236 * 8 - 0x10, 0xfeeefeee);
					__edx[1] = __edx[1] | 0x00000004;
					_t237 = _v8;
				}
				_t139 =  *(_t251 + 0xb8);
				_push(_t211);
				__eflags = _t139;
				if(_t139 == 0) {
					_t216 =  *(_t251 + 0xc4);
					goto L47;
				} else {
					while(1) {
						__eflags = _t237 -  *((intOrPtr*)(_t139 + 4));
						if(_t237 <  *((intOrPtr*)(_t139 + 4))) {
							_t214 = _t139;
							_v16 = _t214;
							break;
						}
						_t234 =  *_t139;
						__eflags = _t234;
						if(_t234 == 0) {
							_t237 =  *((intOrPtr*)(_t139 + 4)) - 1;
							__eflags = _t237;
							_v16 = _t139;
							_t214 = _t139;
							break;
						} else {
							_t139 = _t234;
							continue;
						}
					}
					_t221 = _t139 + 0x14;
					while(1) {
						_v36 = _t237;
						_v32 = _t237 -  *_t221;
						_t241 = _t214[0xc];
						_t180 =  *((intOrPtr*)(_t241 + 4));
						_v24 = _t241;
						__eflags = _t241 - _t180;
						if(_t241 == _t180) {
							goto L70;
						}
						_t242 =  *(_t251 + 0x4c);
						__eflags = _t242;
						if(_t242 == 0) {
							_t181 =  *(_t180 - 8) & 0x0000ffff;
						} else {
							_t210 =  *(_t180 - 8);
							_t242 =  *(_t251 + 0x4c);
							__eflags = _t210 & _t242;
							if((_t210 & _t242) != 0) {
								_t210 = _t210 ^  *(_t251 + 0x50);
								__eflags = _t210;
							}
							_t181 = _t210 & 0x0000ffff;
						}
						_t183 = _v24;
						__eflags = _v8 - (_t181 & 0x0000ffff);
						if(_v8 - (_t181 & 0x0000ffff) > 0) {
							L36:
							_v20 = _t183;
							goto L44;
						} else {
							_t185 =  *_t183 - 8;
							__eflags = _t242;
							if(_t242 == 0) {
								_t186 =  *_t185 & 0x0000ffff;
							} else {
								_t209 =  *_t185;
								_t242 =  *(_t251 + 0x4c);
								__eflags = _t209 & _t242;
								if((_t209 & _t242) != 0) {
									_t209 = _t209 ^  *(_t251 + 0x50);
									__eflags = _t209;
								}
								_t186 = _t209 & 0x0000ffff;
							}
							__eflags = _v8 - (_t186 & 0x0000ffff);
							if(_v8 - (_t186 & 0x0000ffff) <= 0) {
								_t183 =  *_v24;
								goto L36;
							} else {
								__eflags =  *_t214;
								if( *_t214 != 0) {
									L3:
									_t259 = _v32 >> 5;
									_t215 = _t214[0xe] + _t259 * 4;
									_t246 = (_t214[2] -  *_t221 >> 5) - 1;
									_t195 =  !((1 << (_v32 & 0x0000001f)) - 1) &  *_t215;
									__eflags = 1;
									if(1 == 0) {
										while(1) {
											__eflags = _t259 - _t246;
											if(_t259 > _t246) {
												break;
											}
											_t215 =  &(_t215[1]);
											_t195 =  *_t215;
											_t259 = _t259 + 1;
											__eflags = _t195;
											if(_t195 == 0) {
												continue;
											}
											break;
										}
										__eflags = _t195;
										if(_t195 != 0) {
											goto L4;
										}
										_v20 = _v20 & 0x00000000;
										L9:
										_t214 = _v16;
										L44:
										_t253 = _v12;
										L45:
										_t216 = _v20;
										__eflags = _t216;
										if(_t216 == 0) {
											_t214 =  *_t214;
											_t221 =  &(_t214[0xa]);
											_t237 =  *_t221;
											_v16 = _t214;
											continue;
										}
										_t237 = _v8;
										L47:
										__eflags = _t251 + 0xc4 - _t216;
										if(_t251 + 0xc4 == _t216) {
											L53:
											_t142 =  *(_t251 + 0xd0) ^  *(_t251 + 0x58);
											if(_t142 == 0) {
												_t142 = E006FC2C2(_t253,  &_v28,  &_v8);
												if(_t142 != 0) {
													_t150 = E00732686(0xffffffff,  &_v28,  &_v8, 0x4000);
													_t213 = _t150;
													if(_t150 < 0) {
														_t152 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
														__eflags =  *(_t152 + 0xc);
														if( *(_t152 + 0xc) == 0) {
															_push("HEAP: ");
															E006EF63B();
														} else {
															E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
														}
														_push(_v8);
														_push(_v28);
														_push(_t251);
														_t142 = E006EF63B("RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %x)\n", _t213);
													} else {
														if( *0x7ffe0380 != 0) {
															_t161 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
															__eflags =  *(_t161 + 0x240) & 0x00000001;
															if(( *(_t161 + 0x240) & 0x00000001) != 0) {
																E007942AC(_t251, _v28, _v8, 7);
															}
														}
														_t239 = 3;
														E0072ED2C(_t251, _t239);
														 *((intOrPtr*)(_t251 + 0x120)) =  *((intOrPtr*)(_t251 + 0x120)) + 1;
														 *((intOrPtr*)(_t251 + 0x124)) =  *((intOrPtr*)(_t251 + 0x124)) + _v8;
														if( *0x7ffe0380 != 0) {
															__eflags =  *( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x240) & 0x00000001;
															if(__eflags != 0) {
																E00794758(__eflags, _t251, _v28, _v8,  *(_t251 + 0x78) << 3, 0, 0,  *0x7ffe0380 & 0x000000ff);
															}
														}
														if( *0x7ffe038a != 0) {
															E00794758(__eflags, _t251, _v28, _v8,  *(_t251 + 0x78) << 3, 0, 0,  *0x7ffe038a & 0x000000ff);
														}
														_t142 = _t253[0] & 0x00000013 | 0x00000008;
														_t253[0] = _t142;
													}
												}
											}
											if( *(_t251 + 0x4c) != 0) {
												_t253[0] = _t253[0] ^ _t253[0] ^  *_t253;
												_t142 =  *(_t251 + 0x50);
												 *_t253 =  *_t253 ^ _t142;
											}
											return _t142;
										}
										_t211 =  *(_t251 + 0x4c);
										while(1) {
											__eflags = _t211;
											if(_t211 == 0) {
												goto L67;
											}
											_t135 =  *(_t216 - 8);
											_t211 =  *(_t251 + 0x4c);
											__eflags = _t135 & _t211;
											if((_t135 & _t211) != 0) {
												_t135 = _t135 ^  *(_t251 + 0x50);
											}
											_t237 = _v8;
											_t177 = _t135 & 0x0000ffff;
											L52:
											if(_t237 > (_t177 & 0x0000ffff)) {
												_t216 =  *_t216;
												__eflags = _t251 + 0xc4 - _t216;
												if(_t251 + 0xc4 == _t216) {
													goto L53;
												}
												continue;
											}
											goto L53;
											L67:
											_t177 =  *(_t216 - 8) & 0x0000ffff;
											goto L52;
										}
									}
									L4:
									__eflags = _t195 & 0x0000ffff;
									if((_t195 & 0x0000ffff) == 0) {
										_t227 = _t195 >> 0x00000010 & 0x000000ff;
										__eflags = _t227;
										if(_t227 == 0) {
											_t28 = (_t195 >> 0x18) + 0x725818; // 0x10008
											_t198 = ( *_t28 & 0x000000ff) + 0x18;
										} else {
											_t27 = _t227 + 0x725818; // 0x10008
											_t198 = ( *_t27 & 0x000000ff) + 0x10;
										}
									} else {
										_t248 = _t195 & 0x000000ff;
										__eflags = _t248;
										if(_t248 == 0) {
											_t26 = (_t195 >> 0x00000008 & 0x000000ff) + 0x725818; // 0x10008
											_t198 = ( *_t26 & 0x000000ff) + 8;
										} else {
											_t17 = _t248 + 0x725818; // 0x10008
											_t198 =  *_t17 & 0x000000ff;
										}
									}
									_t261 = (_t259 << 5) + _t198;
									_t199 = _v16;
									__eflags = _t199[4];
									_t228 = _t261 + _t261;
									if(_t199[4] == 0) {
										_t228 = _t261;
									}
									_v20 =  *(_t199[0x10] + _t228 * 4);
									goto L9;
								}
								__eflags = _v36 - _t214[2] - 1;
								if(_v36 != _t214[2] - 1) {
									goto L3;
								}
								__eflags = _t214[4];
								_t208 = _v32;
								if(_t214[4] != 0) {
									_t208 = _t208 + _t208;
									__eflags = _t208;
								}
								_t183 =  *(_t214[0x10] + _t208 * 4);
								while(1) {
									__eflags = _v24 - _t183;
									if(_v24 == _t183) {
										goto L44;
									}
									__eflags = _t242;
									if(_t242 == 0) {
										_t231 =  *(_t183 - 8) & 0x0000ffff;
									} else {
										_t233 =  *(_t183 - 8);
										_t242 =  *(_t251 + 0x4c);
										__eflags = _t233 & _t242;
										if((_t233 & _t242) != 0) {
											_t233 = _t233 ^  *(_t251 + 0x50);
											__eflags = _t233;
										}
										_t231 = _t233 & 0x0000ffff;
									}
									__eflags = _v8 - (_t231 & 0x0000ffff);
									if(_v8 - (_t231 & 0x0000ffff) <= 0) {
										goto L36;
									} else {
										_t183 =  *_t183;
										continue;
									}
								}
								goto L44;
							}
						}
						L70:
						_v20 = _t241;
						goto L45;
					}
				}
			}

0x006fc447
0x006fc450
0x006fc452
0x006fc455
0x006fc45a
0x006fc45c
0x006fc464
0x006fc467
0x006fc46a
0x00758d40
0x00758d44
0x00758d49
0x00758d4d
0x00758d4d
0x006fc470
0x006fc476
0x006fc477
0x006fc479
0x00758d55
0x00000000
0x006fc47f
0x006fc47f
0x006fc47f
0x006fc482
0x006f3807
0x006f3809
0x006f380c
0x006f380c
0x006fc488
0x006fc48a
0x006fc48c
0x006fc495
0x006fc495
0x006fc496
0x006fc499
0x00000000
0x006fc48e
0x006fc48e
0x00000000
0x006fc48e
0x006fc48c
0x006fc49b
0x006fc49e
0x006fc49e
0x006fc4a3
0x006fc4a6
0x006fc4a9
0x006fc4ac
0x006fc4af
0x006fc4b1
0x00000000
0x00000000
0x006fc4b7
0x006fc4ba
0x006fc4bc
0x0074a72f
0x006fc4c2
0x006fc4c2
0x006fc4c5
0x006fc4c8
0x006fc4ca
0x006fc4cc
0x006fc4cc
0x006fc4cc
0x006fc4cf
0x006fc4cf
0x006fc4da
0x006fc4dd
0x006fc4df
0x006fc536
0x006fc536
0x00000000
0x006fc4e1
0x006fc4e3
0x006fc4e6
0x006fc4e8
0x0074a738
0x006fc4ee
0x006fc4ee
0x006fc4f0
0x006fc4f3
0x006fc4f5
0x006fc4f7
0x006fc4f7
0x006fc4f7
0x006fc4fa
0x006fc4fa
0x006fc505
0x006fc507
0x0074a728
0x00000000
0x006fc50d
0x006fc50d
0x006fc510
0x006f3811
0x006f381f
0x006f3822
0x006f3830
0x006f3834
0x006f3834
0x006f3836
0x00758d68
0x00758d68
0x00758d6a
0x00000000
0x00000000
0x00758d6c
0x00758d6f
0x00758d71
0x00758d72
0x00758d74
0x00000000
0x00000000
0x00000000
0x00758d74
0x00758d76
0x00758d78
0x00000000
0x00000000
0x00758d87
0x006f3873
0x006f3873
0x006fc566
0x006fc566
0x006fc569
0x006fc569
0x006fc56c
0x006fc56e
0x00758d90
0x00758d92
0x00758d95
0x00758d97
0x00000000
0x00758d97
0x006fc574
0x006fc577
0x006fc57d
0x006fc57f
0x006fc5ab
0x006fc5b1
0x006fc5b4
0x006fc5c2
0x006fc5c9
0x006fc5da
0x006fc5df
0x006fc5e3
0x00758e41
0x00758e44
0x00758e48
0x00758e6a
0x00758e6f
0x00758e4a
0x00758e62
0x00758e67
0x00758e75
0x00758e78
0x00758e7b
0x00758e82
0x006fc5e9
0x006fc5f0
0x00758dba
0x00758dbd
0x00758dc4
0x00758dd3
0x00758dd3
0x00758dc4
0x006fc5f8
0x006fc5fb
0x006fc603
0x006fc609
0x006fc616
0x00758de6
0x00758ded
0x00758e0d
0x00758e0d
0x00758ded
0x006fc623
0x00758e31
0x00758e31
0x006fc62e
0x006fc630
0x006fc630
0x006fc5e3
0x006fc5c9
0x006fc638
0x006fc642
0x006fc645
0x006fc648
0x006fc648
0x006fc64d
0x006fc64d
0x006fc581
0x006fc584
0x006fc584
0x006fc586
0x00000000
0x00000000
0x006fc58c
0x006fc58f
0x006fc592
0x006fc594
0x006f1b0f
0x006f1b0f
0x006fc59a
0x006fc59d
0x006fc5a0
0x006fc5a5
0x00758d9f
0x00758da7
0x00758da9
0x00000000
0x00000000
0x00000000
0x00758daf
0x00000000
0x0074a749
0x0074a749
0x00000000
0x0074a749
0x006fc584
0x006f383c
0x006f383f
0x006f3841
0x006f38ae
0x006f38ae
0x006f38b4
0x006f38c5
0x006f38cc
0x006f38b6
0x006f38b6
0x006f38bd
0x006f38bd
0x006f3843
0x006f384a
0x006f384a
0x006f384c
0x006f389d
0x006f38a4
0x006f384e
0x006f384e
0x006f384e
0x006f384e
0x006f384c
0x006f3858
0x006f385a
0x006f385d
0x006f3861
0x006f3864
0x00758d80
0x00758d80
0x006f3870
0x00000000
0x006f3870
0x006fc51a
0x006fc51d
0x00000000
0x00000000
0x006fc523
0x006fc527
0x006fc52a
0x006fc52c
0x006fc52c
0x006fc52c
0x006fc531
0x006fc561
0x006fc561
0x006fc564
0x00000000
0x00000000
0x006fc53b
0x006fc53d
0x0074a740
0x006fc543
0x006fc543
0x006fc546
0x006fc549
0x006fc54b
0x006fc54d
0x006fc54d
0x006fc54d
0x006fc550
0x006fc550
0x006fc55b
0x006fc55d
0x00000000
0x006fc55f
0x006fc55f
0x00000000
0x006fc55f
0x006fc55d
0x00000000
0x006fc561
0x006fc507
0x00758d60
0x00758d60
0x00000000
0x00758d60
0x006fc49e

Strings

HEAP[%wZ]: , xrefs: 00758E5D
RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %x), xrefs: 00758E7D
HEAP: , xrefs: 00758E6A

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %x)
API String ID: 0-385592399
Opcode ID: 2825ed882a62b5a980f8bef6a6a598c64c64a8a99737abdb58a084122ec358f9
Instruction ID: 82a7466f1cff7b76e785409dbbe9f12fbd7b1b704b228ce0a087d3236db21f10
Opcode Fuzzy Hash: 2825ed882a62b5a980f8bef6a6a598c64c64a8a99737abdb58a084122ec358f9
Instruction Fuzzy Hash: 89D1DD71A0065DDFDB24CB69C580BBAB7F2BF48310F148199EA51AB381D738ED51DB90

Uniqueness

Uniqueness Score: 100.00%

Function 007324E1, Relevance: 4.0, Strings: 3, Instructions: 272
COMMONCrypto

C-Code - Quality: 60%

			E007324E1(intOrPtr _a4, signed int _a8) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				unsigned int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t126;
				signed int _t133;
				signed int _t134;
				signed int _t135;
				signed int* _t137;
				signed int _t139;
				signed int _t140;
				signed int _t145;
				signed short _t149;
				unsigned int _t156;
				signed int _t159;
				signed int _t166;
				signed int* _t167;
				intOrPtr _t169;
				signed short _t182;
				intOrPtr _t183;
				signed int _t184;
				unsigned int _t185;
				signed int _t190;
				signed int _t198;
				signed int _t199;
				signed int _t201;
				signed int _t207;
				signed int _t209;
				signed short _t219;
				signed short _t225;
				signed int _t227;
				signed int _t228;
				intOrPtr _t232;
				signed int _t233;
				signed int _t234;
				signed short* _t236;
				signed int _t238;
				signed int _t246;
				signed int* _t251;

				_t183 = _a4;
				_t251 = _a8;
				_t190 = 0;
				 *(_t183 + 0xb8) = _t251;
				_push(_t233);
				if( *_t251 != 0) {
					_t126 = _t251[1] - _t251[5] - 1;
					__eflags = _t251[2];
					if(_t251[2] != 0) {
						_t126 = _t126 + _t126;
						__eflags = _t126;
					}
					 *(_t251[8] + _t126 * 4) = _t190;
					 *(_t251[7] + (_t251[1] - _t251[5] - 1 >> 5) * 4) =  *(_t251[7] + (_t251[1] - _t251[5] - 1 >> 5) * 4) &  !(1 << (_t251[1] - _t251[5] - 0x00000001 & 0x0000001f));
				}
				_t133 = _t183 + 0xc4;
				_t234 =  *((intOrPtr*)(_t133 + 4));
				_a8 = _t234;
				__eflags = _t133 - _t234;
				if(_t133 == _t234) {
					L38:
					return _t133;
				} else {
					while(1) {
						_t236 = _t234 + 0xfffffff8;
						__eflags =  *(_t183 + 0x4c);
						if( *(_t183 + 0x4c) != 0) {
							 *_t236 =  *_t236 ^  *(_t183 + 0x50);
							__eflags = _t236[1] - (_t236[1] ^ _t236[0] ^  *_t236);
							if(__eflags != 0) {
								_push(0);
								_push(_t236);
								_push(_t183);
								E00794BBA(_t183, _t236, _t251, __eflags);
							}
						}
						_t134 =  *_t236 & 0x0000ffff;
						_t228 = _t251;
						__eflags = _t134 - _t251[1];
						if(_t134 < _t251[1]) {
							goto L52;
						} else {
							goto L23;
						}
						while(1) {
							L23:
							_t207 =  *_t228;
							__eflags = _t207;
							if(_t207 == 0) {
								break;
							}
							_t228 = _t207;
							__eflags = _t134 -  *((intOrPtr*)(_t228 + 4));
							if(_t134 >=  *((intOrPtr*)(_t228 + 4))) {
								continue;
							}
							goto L52;
						}
						_t209 =  *((intOrPtr*)(_t228 + 4)) - 1;
						__eflags = _t209;
						_v8 = _t209;
						L25:
						__eflags =  *_t251;
						if( *_t251 != 0) {
							_t184 = _t251[1];
							__eflags = _t134 - _t184;
							if(_t134 >= _t184) {
								_t134 = _t184 - 1;
							}
							_t135 = _t134 - _t251[5];
							__eflags = _t251[2];
							_v12 = _t135;
							if(_t251[2] != 0) {
								_t135 = _t135 + _t135;
								__eflags = _t135;
							}
							_t238 = _t135 << 2;
							_t137 = _t251[8] + _t238;
							_t251[3] = _t251[3] - 1;
							_v16 =  *_t137;
							_t198 =  *(_a8 + 0xfffffff8) & 0x0000ffff;
							__eflags = _t198 - _t184;
							if(_t198 >= _t184) {
								_t198 = _t184 - 1;
							}
							_t185 = _t184 - 1;
							_v20 = _t185;
							__eflags = _t198 - _t185;
							if(_t198 == _t185) {
								_t99 =  &(_t251[4]);
								 *_t99 = _t251[4] - 1;
								__eflags =  *_t99;
							}
							_t199 = _a8;
							__eflags = _v16 - _t199;
							if(_v16 == _t199) {
								_t201 = _t251[1];
								__eflags = ( *(_t199 + 0xfffffff8) & 0x0000ffff) - _t201;
								if(( *(_t199 + 0xfffffff8) & 0x0000ffff) >= _t201) {
									__eflags = _v20 - _t201;
									if(_v20 < _t201) {
										goto L11;
									}
									_t227 =  *_a8;
									_t183 = _a4;
									__eflags = _t227 - _t251[6];
									if(_t227 == _t251[6]) {
										 *_t137 =  *_t137 & 0x00000000;
										L18:
										 *(_t251[7] + (_v12 >> 5) * 4) =  *(_t251[7] + (_v12 >> 5) * 4) &  !(1 << (_v12 & 0x0000001f));
									} else {
										 *_t137 = _t227;
									}
									goto L26;
									L58:
									 *(_t238 + _t251[8]) = _t139;
									goto L26;
								}
								L11:
								_t139 =  *_a8;
								_t183 = _a4;
								__eflags = _t139 - _t251[6];
								if(_t139 == _t251[6]) {
									L17:
									_t140 = _t251[8];
									_t27 = _t140 + _t238;
									 *_t27 =  *(_t140 + _t238) & 0x00000000;
									__eflags =  *_t27;
									goto L18;
								}
								__eflags =  *(_t183 + 0x4c);
								if( *(_t183 + 0x4c) == 0) {
									_t219 =  *(_t139 - 8) & 0x0000ffff;
								} else {
									_t225 =  *(_t139 - 8);
									__eflags =  *(_t183 + 0x4c) & _t225;
									if(( *(_t183 + 0x4c) & _t225) != 0) {
										_t225 = _t225 ^  *(_t183 + 0x50);
										__eflags = _t225;
									}
									_t219 = _t225 & 0x0000ffff;
								}
								__eflags = ( *(_a8 + 0xfffffff8) & 0x0000ffff) == (_t219 & 0x0000ffff);
								_t183 = _a4;
								if(( *(_a8 + 0xfffffff8) & 0x0000ffff) == (_t219 & 0x0000ffff)) {
									goto L58;
								} else {
									goto L17;
								}
							} else {
								_t183 = _a4;
								goto L26;
							}
						}
						L26:
						_t145 = _v8 -  *((intOrPtr*)(_t228 + 0x14));
						__eflags =  *(_t228 + 8);
						_v20 = _t145;
						if( *(_t228 + 8) != 0) {
							_t145 = _t145 + _t145;
							__eflags = _t145;
						}
						 *((intOrPtr*)(_t228 + 0xc)) =  *((intOrPtr*)(_t228 + 0xc)) + 1;
						_t233 = _t145 << 2;
						_t190 =  *( *((intOrPtr*)(_t228 + 0x20)) + _t233);
						__eflags = _v8 -  *((intOrPtr*)(_t228 + 4)) - 1;
						if(_v8 ==  *((intOrPtr*)(_t228 + 4)) - 1) {
							_t54 = _t228 + 0x10;
							 *_t54 =  *(_t228 + 0x10) + 1;
							__eflags =  *_t54;
						}
						__eflags = _t190;
						if(_t190 != 0) {
							goto L1;
						} else {
							L31:
							_t188 = _a8;
							 *((intOrPtr*)(_t233 +  *((intOrPtr*)(_t228 + 0x20)))) = _a8;
							L32:
							if(_t190 == 0) {
								 *( *((intOrPtr*)(_t228 + 0x1c)) + (_v20 >> 5) * 4) =  *( *((intOrPtr*)(_t228 + 0x1c)) + (_v20 >> 5) * 4) | 1 << (_v20 & 0x0000001f);
							}
							if( *0x7af9f4 >= 1) {
								_t156 = _v8 -  *((intOrPtr*)(_t228 + 0x14));
								_t232 =  *((intOrPtr*)(_t228 + 0x1c));
								_t159 = 1 << (_t156 & 0x0000001f);
								_t246 = _t156 >> 5;
								__eflags =  *(_t232 + _t246 * 4) & _t159;
								if(( *(_t232 + _t246 * 4) & _t159) != 0) {
									goto L35;
								}
								_t169 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t169 + 0xc);
								if( *(_t169 + 0xc) == 0) {
									_push("HEAP: ");
									E006EF63B();
								} else {
									E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
								}
								_push("RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))");
								E006EF63B();
								E00794AF2(_t188, _t232, _t246, _t251, 1);
								goto L35;
							} else {
								L35:
								_t183 = _a4;
								if( *(_t183 + 0x4c) != 0) {
									_t166 = _a8;
									_t167 = _t166 + 0xfffffff8;
									_t167[0] =  *(_t166 - 6) ^  *(_t166 - 7) ^  *_t167;
									 *_t167 =  *_t167 ^  *(_t183 + 0x50);
								}
								_t133 =  *((intOrPtr*)(_a8 + 4));
								_a8 = _t133;
								if(_t183 + 0xc4 != _t133) {
									_t234 = _a8;
									continue;
								} else {
									goto L38;
								}
							}
						}
						L52:
						_v8 = _t134;
						goto L25;
					}
				}
				L1:
				if( *(_t183 + 0x4c) == 0) {
					_t149 =  *(_t190 - 8) & 0x0000ffff;
				} else {
					_t182 =  *(_t190 - 8);
					if(( *(_t183 + 0x4c) & _t182) != 0) {
						_t182 = _t182 ^  *(_t183 + 0x50);
					}
					_t149 = _t182 & 0x0000ffff;
				}
				_t188 = _t149 & 0x0000ffff;
				if(( *(_a8 + 0xfffffff8) & 0x0000ffff) - (_t149 & 0x0000ffff) <= 0) {
					goto L31;
				} else {
					goto L32;
				}
			}

0x007324ea
0x007324ee
0x007324f1
0x007324f3
0x007324f9
0x007324fc
0x00736886
0x00736887
0x0073688a
0x0073688c
0x0073688c
0x0073688c
0x00736891
0x007368b3
0x007368b3
0x00732502
0x00732508
0x0073250b
0x0073250e
0x00732510
0x007325f8
0x007325fc
0x00000000
0x00732516
0x00732516
0x00732519
0x0073251d
0x00732522
0x0073252c
0x0073252f
0x00761d94
0x00761d96
0x00761d97
0x00761d98
0x00761d98
0x0073252f
0x00732535
0x00732538
0x0073253a
0x0073253d
0x00000000
0x00000000
0x00000000
0x00000000
0x00732543
0x00732543
0x00732543
0x00732545
0x00732547
0x00000000
0x00000000
0x00736ad1
0x00736ad3
0x00736ad6
0x00000000
0x00000000
0x00000000
0x00736adc
0x00732550
0x00732550
0x00732551
0x00732554
0x00732554
0x00732557
0x007368ba
0x007368bd
0x007368bf
0x007368c1
0x007368c1
0x007368c4
0x007368c7
0x007368cb
0x007368ce
0x007368d0
0x007368d0
0x007368d0
0x007368d7
0x007368da
0x007368de
0x007368e1
0x007368ea
0x007368ed
0x007368ef
0x007368f1
0x007368f1
0x007368f4
0x007368f5
0x007368f8
0x007368fa
0x007368fc
0x007368fc
0x007368fc
0x007368fc
0x007368ff
0x00736902
0x00736905
0x00703c0c
0x00703c0f
0x00703c11
0x00761da5
0x00761da7
0x00000000
0x00000000
0x00761dbd
0x00761dbf
0x00761dc2
0x00761dc5
0x00761dce
0x00703c5a
0x00703c72
0x00761dc7
0x00761dc7
0x00761dc7
0x00000000
0x00761daf
0x00761db2
0x00000000
0x00761db2
0x00703c17
0x00703c1a
0x00703c1c
0x00703c1f
0x00703c22
0x00703c53
0x00703c53
0x00703c56
0x00703c56
0x00703c56
0x00000000
0x00703c56
0x00703c24
0x00703c28
0x006e39b7
0x00703c2e
0x00703c2e
0x00703c31
0x00703c34
0x00703c36
0x00703c36
0x00703c36
0x00703c39
0x00703c39
0x00703c48
0x00703c4a
0x00703c4d
0x00000000
0x00000000
0x00000000
0x00000000
0x0073690b
0x0073690b
0x00000000
0x0073690b
0x00736905
0x0073255d
0x00732560
0x00732563
0x00732567
0x0073256a
0x0073256c
0x0073256c
0x0073256c
0x0073256e
0x00732576
0x00732579
0x00732580
0x00732583
0x00732585
0x00732585
0x00732585
0x00732585
0x00732588
0x0073258a
0x00000000
0x00732590
0x00732590
0x00732593
0x00732596
0x00732599
0x0073259b
0x007325b3
0x007325b3
0x007325bc
0x00761dd9
0x00761ddc
0x00761de9
0x00761deb
0x00761dee
0x00761df1
0x00000000
0x00000000
0x00761dfd
0x00761e00
0x00761e04
0x00761e26
0x00761e2b
0x00761e06
0x00761e1e
0x00761e23
0x00761e31
0x00761e36
0x00761e3e
0x00000000
0x007325c2
0x007325c2
0x007325c2
0x007325c9
0x007325cb
0x007325d4
0x007325d9
0x007325df
0x007325df
0x007325e4
0x007325ed
0x007325f2
0x00703bfe
0x00000000
0x00000000
0x00000000
0x00000000
0x007325f2
0x007325bc
0x00736a7c
0x00736a7c
0x00000000
0x00736a7c
0x00732516
0x006e3988
0x006e398c
0x006e39c0
0x006e398e
0x006e398e
0x006e3994
0x006e3996
0x006e3996
0x006e3999
0x006e3999
0x006e399c
0x006e39ac
0x00000000
0x006e39b2
0x00000000
0x006e39b2

Strings

HEAP[%wZ]: , xrefs: 00761E19
RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex)), xrefs: 00761E31
HEAP: , xrefs: 00761E26

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))
API String ID: 0-1596344177
Opcode ID: 2c6771237d6d9adf70c5cf95988f0bd24787e0206fe1428a85d4baa3952e4946
Instruction ID: aa99967ee1485b1d1cf2a82387f938ae235d6fa9f58b8847440e0dd998283617
Opcode Fuzzy Hash: 2c6771237d6d9adf70c5cf95988f0bd24787e0206fe1428a85d4baa3952e4946
Instruction Fuzzy Hash: 4EB17C71600605DFDB28CF29C494A79B7F1FF49310F6486A9E856CB392E738E981DB50

Uniqueness

Uniqueness Score: 0.05%

Function 0077DB95, Relevance: 3.9, Strings: 3, Instructions: 142
UNIQUECrypto

C-Code - Quality: 73%

			E0077DB95(void* __ecx, signed int _a4, unsigned int _a8) {
				intOrPtr _t42;
				signed short _t43;
				signed char _t44;
				signed short _t45;
				signed int _t47;
				signed char _t48;
				signed int _t49;
				signed int _t51;
				void* _t52;
				signed short _t67;
				signed short _t69;
				signed short _t79;
				signed char _t87;
				void* _t88;
				signed int _t91;
				signed int _t100;
				void* _t102;
				void* _t103;
				unsigned int _t105;

				_t105 = _a8;
				_t42 =  *((intOrPtr*)(_t105 + 7));
				if(_t42 == 1) {
					return _t42;
				}
				_t87 = 0x3f;
				if(_t42 != 4) {
					if(_t42 >= 0) {
						_t91 = _a4;
						if( *(_t91 + 0x4c) == 0) {
							_t43 =  *_t105 & 0x0000ffff;
						} else {
							_t79 =  *_t105;
							if(( *(_t91 + 0x4c) & _t79) != 0) {
								_t79 = _t79 ^  *(_t91 + 0x50);
							}
							_t43 = _t79 & 0x0000ffff;
						}
					} else {
						_t91 = _a4;
						_t43 =  *((intOrPtr*)((_t105 >> 0x00000003 ^  *_t105 ^  *0x7a81dc ^ _t91) + 0x10));
					}
					_t100 = _t43 & 0x0000ffff;
					_t44 =  *((intOrPtr*)(_t105 + 7));
					if(_t44 != 5) {
						if((_t44 & 0x00000040) == 0) {
							if((_t44 & _t87) == _t87) {
								if(_t44 >= 0) {
									if( *(_t91 + 0x4c) == 0) {
										_t45 =  *_t105 & 0x0000ffff;
									} else {
										_t69 =  *_t105;
										if(( *(_t91 + 0x4c) & _t69) != 0) {
											_t69 = _t69 ^  *(_t91 + 0x50);
										}
										_t45 = _t69 & 0x0000ffff;
									}
								} else {
									_t45 =  *((intOrPtr*)((_t105 >> 0x00000003 ^  *_t105 ^  *0x7a81dc ^ _t91) + 0x10));
								}
								_t47 =  *(_t105 + (_t45 & 0x0000ffff) * 8 - 4);
							} else {
								_t47 = _t44 & 0x000000ff & _t87;
							}
						} else {
							_t47 =  *(_t105 + 4 + (_t44 & 0x000000ff & _t87) * 8) & 0x0000ffff;
						}
					} else {
						_t47 =  *(_t91 + 0x54) & 0x0000ffff ^  *(_t105 + 4) & 0x0000ffff;
					}
					_t102 = (_t100 << 3) - _t47;
					goto L25;
				} else {
					_t102 = E006DEFDB(_a4, _t105);
					L25:
					_t48 =  *((intOrPtr*)(_t105 + 7));
					if(_t48 != 5) {
						if((_t48 & 0x00000040) == 0) {
							_t49 = 0;
							L31:
							_t103 = _t102 + (_t49 & 0x0000ffff);
							_t34 = _t105 + 8; // 0x9
							_t88 = _t103 + _t34;
							_t51 = E00705720(_t88, 0x77dd14, 8);
							_a4 = _t51;
							if(_t51 == 8) {
								_t52 = 1;
							} else {
								if( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) == 0) {
									_push("HEAP: ");
									E006EF63B();
								} else {
									E006EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_t103);
								_push(_a4 + _t88);
								E006EF63B("Heap block at %p modified at %p past requested size of %lx\n", _t105);
								E007959C1(_t105);
								_t52 = 0;
							}
							return _t52;
						}
						_t67 = _t48 & _t87 & 0x000000ff;
						L27:
						_t49 = _t67 << 0x00000003 & 0x0000ffff;
						goto L31;
					}
					_t67 =  *(_t105 + 6) & 0x000000ff;
					goto L27;
				}
			}

0x0077db9b
0x0077db9e
0x0077dba3
0x0077dd0f
0x0077dd0f
0x0077dbad
0x0077dbb0
0x0077dbc4
0x0077dbe0
0x0077dbe7
0x0077dbf8
0x0077dbe9
0x0077dbe9
0x0077dbee
0x0077dbf0
0x0077dbf0
0x0077dbf3
0x0077dbf3
0x0077dbc6
0x0077dbd5
0x0077dbda
0x0077dbda
0x0077dbfb
0x0077dbfe
0x0077dc03
0x0077dc13
0x0077dc27
0x0077dc32
0x0077dc4f
0x0077dc60
0x0077dc51
0x0077dc51
0x0077dc56
0x0077dc58
0x0077dc58
0x0077dc5b
0x0077dc5b
0x0077dc34
0x0077dc45
0x0077dc45
0x0077dc66
0x0077dc29
0x0077dc2c
0x0077dc2c
0x0077dc15
0x0077dc1a
0x0077dc1a
0x0077dc05
0x0077dc0d
0x0077dc0d
0x0077dc6d
0x00000000
0x0077dbb2
0x0077dbbb
0x0077dc6f
0x0077dc6f
0x0077dc74
0x0077dc86
0x0077dc90
0x0077dc92
0x0077dc97
0x0077dc9e
0x0077dc9e
0x0077dca3
0x0077dca8
0x0077dcae
0x0077dd09
0x0077dcb0
0x0077dcbd
0x0077dcdf
0x0077dce4
0x0077dcbf
0x0077dcd7
0x0077dcdc
0x0077dced
0x0077dcf0
0x0077dcf7
0x0077dd00
0x0077dd05
0x0077dd05
0x00000000
0x0077dd0c
0x0077dc8a
0x0077dc7b
0x0077dc7f
0x00000000
0x0077dc7f
0x0077dc76
0x00000000
0x0077dc76

Strings

Heap block at %p modified at %p past requested size of %lx, xrefs: 0077DCF2
HEAP[%wZ]: , xrefs: 0077DCD2
HEAP: , xrefs: 0077DCDF

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %lx
API String ID: 0-3722492067
Opcode ID: 86c8109a89df385d18d2b8d72c3fa34086ff28a6c30d3e0e3905d4fb1484d973
Instruction ID: 4058fcc96b00928112cc558c1bd1fc69f2adc7c1b86cbcc93fca31b87587cee1
Opcode Fuzzy Hash: 86c8109a89df385d18d2b8d72c3fa34086ff28a6c30d3e0e3905d4fb1484d973
Instruction Fuzzy Hash: 36410D752102109FCB758F19C884AB277B2EF457D4B55C859F8CACB282D26DEC86EB70

Uniqueness

Uniqueness Score: 100.00%

Function 006E96B9, Relevance: 2.4, Strings: 1, Instructions: 1141
COMMONCrypto

C-Code - Quality: 89%

			E006E96B9(intOrPtr _a4, unsigned char _a8, intOrPtr* _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24, signed int _a28, char _a32, intOrPtr _a36) {
				signed int _v8;
				char _v136;
				signed int _v137;
				char _v138;
				char _v139;
				signed int _v144;
				signed char _v148;
				signed char _v152;
				char _v153;
				char _v154;
				char _v155;
				char _v156;
				signed char _v160;
				signed char _v164;
				unsigned char _v168;
				intOrPtr _v172;
				signed int _v176;
				char _v177;
				char _v178;
				char _v179;
				char _v180;
				char _v181;
				char _v182;
				intOrPtr _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				intOrPtr _v208;
				char _v209;
				char _v216;
				signed int _v220;
				signed char _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				intOrPtr _v240;
				signed char _v244;
				signed int _v248;
				signed char _v252;
				signed char _v256;
				signed char _v260;
				signed char _v264;
				signed char* _v268;
				void* _v272;
				char _v276;
				signed char* _v280;
				char _v284;
				signed char* _v288;
				signed int _v292;
				void* _v296;
				signed char* _v300;
				unsigned char _v304;
				signed int _v308;
				signed int _v312;
				intOrPtr _v316;
				intOrPtr _v320;
				char _v324;
				intOrPtr* _v332;
				char _v335;
				char _v336;
				intOrPtr _v340;
				char _v344;
				char* _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				char _v368;
				void* _v384;
				char _v388;
				char _v408;
				intOrPtr _v436;
				intOrPtr _v440;
				char _v464;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t545;
				unsigned char _t557;
				signed char _t561;
				intOrPtr _t562;
				signed char _t580;
				signed int _t584;
				signed int _t586;
				intOrPtr _t592;
				signed int _t604;
				void* _t605;
				intOrPtr _t606;
				signed int _t607;
				signed int _t610;
				char _t615;
				signed char _t618;
				signed int _t620;
				signed int _t622;
				signed int _t623;
				intOrPtr _t627;
				intOrPtr _t636;
				signed char _t662;
				char _t667;
				intOrPtr _t677;
				intOrPtr _t681;
				signed int _t690;
				intOrPtr _t691;
				signed int _t693;
				intOrPtr _t696;
				signed char _t700;
				signed int _t708;
				signed int _t712;
				signed char _t713;
				signed char _t717;
				signed int _t718;
				signed int _t721;
				intOrPtr _t722;
				signed char _t725;
				unsigned char _t766;
				signed int _t773;
				signed int _t789;
				intOrPtr _t790;
				intOrPtr _t792;
				signed short _t800;
				unsigned char _t805;
				intOrPtr _t806;
				intOrPtr _t807;
				intOrPtr _t808;
				intOrPtr _t809;
				signed char _t810;
				intOrPtr _t811;
				intOrPtr _t812;
				intOrPtr _t813;
				void* _t814;
				void* _t815;
				intOrPtr _t820;
				unsigned char _t821;
				signed int _t822;
				signed int _t823;
				intOrPtr _t825;
				unsigned char _t826;
				signed int _t828;
				char _t829;
				char _t830;
				signed char _t831;
				signed int _t835;
				void* _t836;
				void* _t837;

				_t545 =  *0x7a81e8; // 0x77d57e23
				_v8 = _t545 ^ _t835;
				_v188 = _a4;
				_v332 = _a12;
				_v200 = _a16;
				_v208 = _a36;
				_v232 =  &_v136;
				_v244 = 0;
				_t818 = _a32;
				_t805 = _a8;
				_v172 = _t818;
				_v148 = 0;
				_v139 = 0;
				_v177 = 0;
				_v152 = 0;
				_v252 = 0;
				_v138 = 0;
				_v153 = 0;
				_v156 = 0;
				_v209 = 0;
				_v155 = 0;
				_v182 = 0;
				_v179 = 0;
				_v160 = 0;
				_v260 = 0;
				_v204 = 0;
				_v224 = 0;
				_v256 = 0;
				_v236 = 0;
				_v192 = 0;
				_v144 = 0x8000;
				_v220 = 0;
				_v216 = 0;
				_v248 = 0;
				_v176 = 0;
				_v137 = 0;
				_v181 = 1;
				_v178 = 1;
				_v280 = 0;
				_v288 = 0;
				_v272 = 0;
				_v296 = 0;
				_v300 = 0;
				_v268 = 0;
				_v240 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18));
				if(_t818 == 0) {
					L97:
					if(_t805 == 0) {
						_v180 = 0;
						E0073119E( &_v408, 1);
						_t805 =  &_v408;
					} else {
						_v180 = 1;
					}
					_t557 =  *(_t805 + 2) & 0x0000ffff;
					_t798 = _t557 >> 7;
					_v168 = _t805;
					_v304 = _t798;
					_v264 = _t557 >> 0x00000006 & 0x00000001;
					if(_t818 == 0) {
						if(_t798 == 0) {
							goto L102;
						}
						goto L100;
					} else {
						L100:
						if(E006EA3CE(_t818,  &_v280,  &_v288,  &_v272,  &_v300,  &_v296,  &_v268) < 0) {
							goto L192;
						}
						_v160 =  *_v280;
						_t798 = _v304;
						_v260 =  *_v288;
						_v236 =  *_v272;
						_v204 =  *_v296;
						_v224 =  *_v300;
						_v256 =  *_v268;
						L102:
						_v196 =  *(_t805 + 2) & 0x0000ffff;
						_t561 =  *(_t805 + 4);
						_t214 =  &_v196;
						 *_t214 = _v196 & 0x00008000;
						if( *_t214 != 0) {
							L57:
							if(_t561 == 0) {
								L81:
								if((_a28 & 0x00000020) != 0) {
									_t562 = _v188;
									if(_t562 == 0) {
										L209:
										_t805 = 0xc000005a;
										L184:
										if(_v244 != 0) {
											E00722882(_t745,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v244);
										}
										if(_v179 != 0) {
											if(_v252 != 0) {
												E00722882(_t745,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v252);
											}
										}
										_t818 = _v240;
										E00722882(_t745, _v240, 0, _v280);
										E00722882(_t745, _v240, 0, _v296);
										E00722882(_t745, _v240, 0, _v288);
										E00722882(_t745, _v240, 0, _v272);
										E00722882(_t745, _t818, 0, _v300);
										E00722882(_t745, _t818, 0, _v268);
										if(_v139 != 0 || _v177 != 0) {
											if(_v148 != 0) {
												E00722882(_t745, _t818, 0, _v148);
											}
										}
										if(_v138 != 0 && _v152 != 0) {
											E00722882(_t745, _t818, 0, _v152);
										}
										 *_v332 = _v192;
										_t573 = _t805;
										goto L192;
									}
									_t745 =  *(_t562 + 4);
									if(( *(_t562 + 2) & 0x00008000) == 0) {
										L23:
										_v164 = _t745;
										L24:
										_v153 = 1;
										if(_v164 != 0) {
											L106:
											_t745 =  *(_t805 + 8);
											if(_v196 != 0) {
												if(_t745 == 0) {
													L76:
													if((_a28 & 0x00000040) != 0) {
														if(_t562 == 0) {
															L208:
															_t805 = 0xc000005b;
															goto L184;
														}
														if(( *(_t562 + 2) & 0x00008000) == 0) {
															_t580 =  *(_t562 + 8);
															L79:
															_v160 = _t580;
															if(_t580 != 0) {
																L108:
																_t800 =  *(_t805 + 2) & 0x0000ffff;
																if((_t800 & 0x00000010) != 0) {
																	if(_v196 != 0) {
																		_t806 =  *((intOrPtr*)(_t805 + 0xc));
																		if(_t806 == 0) {
																			goto L109;
																		}
																		_t820 = _v168 + _t806;
																		L110:
																		_t807 = _v188;
																		if(_t807 == 0) {
																			L112:
																			_t808 = 0;
																			L113:
																			_t798 =  &_v148;
																			_v260 = _a28 >> 0x00000002 & 0x00000001;
																			_t745 = ((_t800 & 0x0000ffff) >> 0x00000001 & 0x00000018 | _t800 & 0x2800) >> 1;
																			_t805 = E006E9F99(_t808, _t820, ((_t800 & 0x0000ffff) >> 0x00000001 & 0x00000018 | _t800 & 0x2800) >> 1, _a24, _a28 >> 0x00000001 & 1, _a28 >> 0x00000002 & 0x00000001, _v164, _v160, _v224, _v256, _v208, 2, _v200, _a20,  &_v148,  &_v156,  &_v228);
																			if(_t805 >= 0) {
																				_t584 = _v228;
																				_t821 = _v168;
																				_t763 = _t584 & 0x00000008 | 0x00002004;
																				_t765 = (_t584 & 0x00000008 | 0x00002004) + _t763 | _t584 & 0x00001400;
																				_t745 = ((_t584 & 0x00000008 | 0x00002004) + _t763 | _t584 & 0x00001400) + _t765;
																				_v139 = 1;
																				_v144 = ((_t584 & 0x00000008 | 0x00002004) + _t763 | _t584 & 0x00001400) + _t765;
																				L118:
																				if((_a28 & 0x00000100) != 0) {
																					_v176 = 1;
																				}
																				if((_a28 & 0x00000200) != 0) {
																					_v176 = _v176 | 0x00000002;
																				}
																				if((_a28 & 0x00000400) != 0) {
																					_v176 = _v176 | 0x00000004;
																				}
																				if(_v176 != 0) {
																					_t822 = 0;
																					goto L125;
																				} else {
																					_t712 =  *(_t821 + 2) & 0x0000ffff;
																					if((_t712 & 0x00000010) != 0) {
																						_t713 =  *(_t821 + 0xc);
																						if((_t712 & 0x00008000) == 0) {
																							L124:
																							_t822 = E006E969A(_t713, 0x11, 0);
																							if(_t822 != 0) {
																								_t421 = _t822 + 8; // 0x8
																								_v220 = _t421;
																								_v176 =  *((intOrPtr*)(_t822 + 4));
																								_t717 =  *((intOrPtr*)(_t822 + 1));
																								_v137 = _t717;
																								if(_t717 == 8) {
																									L226:
																									_t822 = 0;
																									_v220 = 0;
																									_v176 = 0;
																									_v137 = 0;
																									goto L125;
																								}
																								if((_t717 & 0x00000010) == 0) {
																									goto L125;
																								}
																								goto L226;
																							}
																							L125:
																							_t586 = _v204;
																							if((_v137 & 0x00000008) != 0) {
																								if( *((intOrPtr*)(_t586 + 8)) >= 0x2000) {
																									goto L126;
																								}
																								_t805 = 0xc0000446;
																								goto L184;
																							}
																							L126:
																							if(_v176 != 0) {
																								L197:
																								if(_t822 != 0) {
																									L129:
																									if(_v220 != 0) {
																										L199:
																										_t805 = E0073248F( &_v136, 0x80, 2);
																										if(_t805 < 0) {
																											goto L184;
																										}
																										_t805 = E006EDE53(_t805,  &_v136, 2, _v137 & 0x000000ff, _v220, 0x11, _v176);
																										if(_t805 >= 0) {
																											L131:
																											_t809 = _v188;
																											if((_a28 & 0x00000700) != 0) {
																												_t745 = 4;
																											} else {
																												if(_t822 != 0 || _v232 == 0) {
																													_t745 = (( *(_v168 + 2) & 0x0000ffff) >> 0x00000001 & 0x00000018 |  *(_v168 + 2) & 0x2800) >> 1;
																												} else {
																													_t745 = 0;
																												}
																											}
																											if(_t809 == 0) {
																												L137:
																												_t592 = 0;
																												goto L138;
																											} else {
																												_t708 =  *(_t809 + 2) & 0x0000ffff;
																												if((_t708 & 0x00000010) != 0) {
																													_t592 =  *((intOrPtr*)(_t809 + 0xc));
																													if((_t708 & 0x00008000) == 0) {
																														L138:
																														_t798 =  &_v216;
																														_t805 = E006E9F99(_t592, _v232, _t745, _a24, 1, 0, _v164, _v160, _v224, _v256, _v208, 3, _v200, _a20,  &_v216,  &_v209,  &_v228);
																														if(_t805 != 0x8000000b) {
																															if(_t805 < 0) {
																																goto L184;
																															}
																															_t823 = _v228;
																															L140:
																															_t805 = E006E9661(_t745, _v216, _v148,  &_v248);
																															if(_v216 != 0) {
																																if(_v216 != _v232) {
																																	E00722882(_t745, _v240, 0, _v216);
																																}
																															}
																															if(_t805 < 0) {
																																goto L184;
																															} else {
																																_t810 = _v248;
																																if(_t810 != 0) {
																																	if(_v139 != 0 && _v148 != 0) {
																																		E00722882(_t745, _v240, 0, _v148);
																																	}
																																	_v144 = _v144 | ((_t823 & 0x00000008 | 0x00000004) + (_t823 & 0x00000008 | 0x00000004) | _t823 & 0x00001400) + ((_t823 & 0x00000008 | 0x00000004) + (_t823 & 0x00000008 | 0x00000004) | _t823 & 0x00001400);
																																	_v148 = _t810;
																																	_v177 = 1;
																																}
																																_t604 = _a28 & 0x00000008;
																																_v248 = _t604;
																																if(_t604 == 0) {
																																	_t605 = E006E969A(_v148, 0x11, 0);
																																	if(_t605 != 0) {
																																		_t606 = _t605 + 8;
																																	} else {
																																		_t606 = _v220;
																																	}
																																	if(_t606 == 0) {
																																		goto L144;
																																	} else {
																																		if(_v172 == 0) {
																																			goto L211;
																																		} else {
																																			_t745 =  &_v178;
																																			_t805 = E007454AD(_v204, _t606,  &_v178);
																																			if(_t805 < 0) {
																																				goto L184;
																																			}
																																			if(_v178 == 0) {
																																				_v182 = 1;
																																			}
																																			goto L144;
																																		}
																																		goto L76;
																																	}
																																} else {
																																	L144:
																																	_t766 = _v168;
																																	_t607 =  *(_t766 + 2) & 0x0000ffff;
																																	if((_t607 & 0x00000004) == 0) {
																																		L86:
																																		_t825 = 0;
																																		L148:
																																		_t811 = _v188;
																																		if(_t811 == 0) {
																																			L71:
																																			_t812 = 0;
																																			L153:
																																			_t745 = _a28 & 1;
																																			_t805 = E006E9F99(_t812, _t825, _t607 & 0x0000140c, _a24, _a28 & 1, _v260, _v164, _v160, _v224, _v256, _v208, 1, _v200, _a20,  &_v152,  &_v155,  &_v228);
																																			if(_t805 < 0) {
																																				if(_t805 != 0x8000000b) {
																																					goto L184;
																																				}
																																				if((_a28 & 0x00000001) != 0) {
																																					_v144 = _v144 | 0x00000400;
																																				}
																																				_t826 = _v168;
																																				_t610 =  *(_t826 + 2) & 0x0000ffff;
																																				_t745 = _t610 & 0x0000000c;
																																				if((_t610 & 0x0000000c) == 0xc) {
																																					if((_t610 & 0x00000004) != 0) {
																																						_t745 =  *(_t826 + 0x10);
																																						if((_t610 & 0x00008000) == 0) {
																																							L244:
																																							_v152 = _t745;
																																							L245:
																																							_v144 = _v144 | _t610 & 0x00001000 | 0x00000004;
																																							_v155 = 1;
																																							goto L155;
																																						}
																																						if(_t745 == 0) {
																																							goto L240;
																																						}
																																						_t745 = _t745 + _t826;
																																						goto L244;
																																					}
																																					L240:
																																					_v152 = 0;
																																					goto L245;
																																				} else {
																																					_t700 = _v236;
																																					if(_t700 != 0) {
																																						_v144 = _v144 | 0x00000004;
																																						_v152 = _t700;
																																					}
																																					L155:
																																					if((_a28 & 0x00001000) == 0) {
																																						if(_v180 == 0 || _v172 == 0 || _v188 == 0) {
																																							goto L156;
																																						} else {
																																							_v388 = 0;
																																							asm("stosd");
																																							asm("stosd");
																																							asm("stosd");
																																							asm("stosd");
																																							_t818 = 1;
																																							_v196 = 0;
																																							_v276 = 0;
																																							_v168 = 0;
																																							_v284 = 0x14;
																																							_t805 = E006E96B9(_v188, 0,  &_v244, _v200, _a20, _a24, _a28 | 1, _v172, _v208);
																																							if(_t805 < 0) {
																																								goto L184;
																																							}
																																							_t745 = _v244;
																																							_t690 =  *(_t745 + 2) & 0x0000ffff;
																																							if((_t690 & 0x00000004) == 0) {
																																								L10:
																																								_t691 = 0;
																																								L69:
																																								if(E006D51BA(0, _t805, 0x10, _t691) == 0) {
																																									L157:
																																									if((_a28 & 0x00000001) != 0 && _v152 == 0) {
																																										_v144 = _v144 | 0x00001000;
																																									}
																																									if(_v156 != 0) {
																																										goto L1;
																																									} else {
																																										L160:
																																										if(_v182 != 0) {
																																											if(_v248 != 0) {
																																												goto L161;
																																											}
																																											if(_v172 == 0) {
																																												L211:
																																												_t805 = 0xc000007c;
																																												goto L184;
																																											}
																																											_t677 = 0x20;
																																											_v316 = _t677;
																																											_push( &_v154);
																																											_push( &_v324);
																																											_push(_v172);
																																											_v324 = _t818;
																																											_v320 = _t818;
																																											_v312 = 0;
																																											_v308 = 0;
																																											_t805 = E00715A90();
																																											if(_t805 < 0) {
																																												goto L184;
																																											}
																																											if(_v154 != 0) {
																																												goto L161;
																																											}
																																											L256:
																																											_t805 = 0xc0000061;
																																											goto L184;
																																										}
																																										L161:
																																										if(_v153 == 0 || (_a28 & 0x00000010) != 0) {
																																											L163:
																																											if(_v155 == 0 || _v304 == 0) {
																																												L165:
																																												_t615 = 8 + ( *(_v164 + 1) & 0x000000ff) * 4;
																																												_v284 = _t615;
																																												_t773 = 0xfffffffc;
																																												_v204 = _t615 + 0x00000003 & _t773;
																																												_t618 = _v160;
																																												if(_t618 != 0) {
																																													_t667 = 8 + ( *(_t618 + 1) & 0x000000ff) * 4;
																																													_v276 = _t667;
																																													_v236 = _t667 + 0x00000003 & _t773;
																																												}
																																												_t620 = _v144 & 0x00000010;
																																												_v264 = _t620;
																																												if(_t620 != 0) {
																																													if(_v148 == 0) {
																																														goto L168;
																																													}
																																													_t828 = ( *(_v148 + 2) & 0x0000ffff) + 0x00000003 & _t773;
																																													goto L169;
																																												} else {
																																													L168:
																																													_t828 = 0;
																																													L169:
																																													_t622 = _v144 & 0x00000004;
																																													_v292 = _t622;
																																													if(_t622 == 0) {
																																														L12:
																																														_t623 = 0;
																																														L172:
																																														_t798 = _v204;
																																														_v200 = _t623;
																																														_t745 =  *0x7aec78 + 0x140000;
																																														_t627 = E007229EE(_v240,  *0x7aec78 + 0x140000, _t623 + _t828 + _v236 + _v204 + 0x14);
																																														_v192 = _t627;
																																														if(_t627 == 0) {
																																															_t805 = 0xc0000017;
																																														} else {
																																															_t813 = _v192;
																																															E0073119E(_t813, 1);
																																															 *(_t813 + 2) =  *(_t813 + 2) | _v144;
																																															_t814 = _t813 + 0x14;
																																															if(_v264 != 0) {
																																																if(_v148 == 0) {
																																																	 *((intOrPtr*)(_v192 + 0xc)) = 0;
																																																} else {
																																																	E00704830(_t814, _v148,  *(_v148 + 2) & 0x0000ffff);
																																																	_t836 = _t836 + 0xc;
																																																	if(_v139 == 0) {
																																																		L006DF643(_t814, _v208);
																																																	}
																																																	 *((intOrPtr*)(_v192 + 0xc)) = _t814 - _v192;
																																																	if(_t828 > ( *(_v148 + 2) & 0x0000ffff)) {
																																																		E00704EC0(( *(_v148 + 2) & 0x0000ffff) + _t814, 0, _t828 - ( *(_v148 + 2) & 0x0000ffff));
																																																		_t836 = _t836 + 0xc;
																																																	}
																																																	_t814 = _t814 + _t828;
																																																}
																																															}
																																															if(_v292 != 0) {
																																																if(_v152 == 0) {
																																																	 *((intOrPtr*)(_v192 + 0x10)) = 0;
																																																} else {
																																																	_t831 = _v152;
																																																	E00704830(_t814, _t831,  *(_t831 + 2) & 0x0000ffff);
																																																	_t836 = _t836 + 0xc;
																																																	if(_v138 == 0) {
																																																		L006DF643(_t814, _v208);
																																																	}
																																																	 *((intOrPtr*)(_v192 + 0x10)) = _t814 - _v192;
																																																	if(_v200 > ( *(_t831 + 2) & 0x0000ffff)) {
																																																		E00704EC0(( *(_t831 + 2) & 0x0000ffff) + _t814, 0, _v200 - ( *(_t831 + 2) & 0x0000ffff));
																																																		_t836 = _t836 + 0xc;
																																																	}
																																																	_t814 = _t814 + _v200;
																																																}
																																															}
																																															_t829 = _v284;
																																															E00704830(_t814, _v164, _t829);
																																															_t837 = _t836 + 0xc;
																																															if(_v204 > _t829) {
																																																E00704EC0(_t829 + _t814, 0, _v204 - _t829);
																																																_t837 = _t837 + 0xc;
																																															}
																																															_t636 = _v192;
																																															_t815 = _t814 + _v204;
																																															_t745 = _t814 - _t636;
																																															 *(_t636 + 4) = _t814 - _t636;
																																															if(_v160 != 0) {
																																																_t830 = _v276;
																																																E00704830(_t815, _v160, _t830);
																																																_t638 = _v236;
																																																if(_v236 > _t830) {
																																																	E00704EC0(_t830 + _t815, 0, _t638 - _t830);
																																																}
																																																 *((intOrPtr*)(_v192 + 8)) = _t815 - _v192;
																																															}
																																															_t805 = 0;
																																														}
																																														goto L184;
																																													}
																																													_t662 = _v152;
																																													if(_t662 == 0) {
																																														goto L12;
																																													}
																																													_t623 = ( *(_t662 + 2) & 0x0000ffff) + 0x00000003 & _t773;
																																													goto L172;
																																												}
																																											} else {
																																												_t805 = E0077BDFD(_t745, _v152, _v264, _v224,  &_v252,  &_v179);
																																												if(_t805 < 0) {
																																													goto L184;
																																												}
																																												if(_v138 != 0 && _v152 != 0) {
																																													E00722882(_t745, _v240, 0, _v152);
																																												}
																																												_v152 = _v252;
																																												_v252 = 0;
																																												goto L165;
																																											}
																																										} else {
																																											if(_v172 == 0) {
																																												goto L211;
																																											}
																																											_push( &_v292);
																																											_push(_v304);
																																											_push(_v164);
																																											_push(_v172);
																																											if(E006D509B() != 0) {
																																												goto L163;
																																											}
																																											_t805 = _v292;
																																											goto L184;
																																										}
																																									}
																																								}
																																								if(_v181 != 1) {
																																									L248:
																																									_t693 = _v196;
																																									if(_t693 == 0) {
																																										_t693 = _v172;
																																									}
																																									_push( &_v168);
																																									_push( &_v276);
																																									_push( &_v284);
																																									_t745 =  &_v388;
																																									_push( &_v388);
																																									_push(_v208);
																																									_push(0x40000);
																																									_push(_t693);
																																									_push(_v244);
																																									_t805 = E00714D80();
																																									if(_v196 != 0) {
																																										_push(_v196);
																																										E00715090();
																																									}
																																									if(_t805 >= 0) {
																																										_t805 = _v168;
																																										if(_t805 >= 0) {
																																											goto L157;
																																										}
																																									}
																																									goto L184;
																																								} else {
																																									_t696 = 2;
																																									_v348 =  &_v344;
																																									_t745 =  &_v196;
																																									_push( &_v196);
																																									_push(_t696);
																																									_push(0);
																																									_v340 = _t696;
																																									_push( &_v368);
																																									_push(8);
																																									_push(_v172);
																																									_v344 = 0xc;
																																									_v336 = 1;
																																									_v335 = 0;
																																									_v368 = 0x18;
																																									_v364 = 0;
																																									_v356 = 0;
																																									_v360 = 0;
																																									_v352 = 0;
																																									_t805 = E00715470();
																																									if(_t805 < 0) {
																																										goto L184;
																																									}
																																									goto L248;
																																								}
																																								goto L71;
																																							}
																																							if((_t690 & 0x00008000) == 0) {
																																								_t691 =  *((intOrPtr*)(_t745 + 0x10));
																																								goto L69;
																																							}
																																							if( *((intOrPtr*)(_t745 + 0x10)) == 0) {
																																								goto L10;
																																							}
																																							_t691 =  *((intOrPtr*)(_t745 + 0x10)) + _t745;
																																							goto L69;
																																						}
																																					}
																																					L156:
																																					_t818 = 1;
																																					goto L157;
																																				}
																																			}
																																			_v144 = _v144 | _v228 & 0x00001408 | 0x00000004;
																																			_v138 = 1;
																																			goto L155;
																																		}
																																		_t789 =  *(_t811 + 2) & 0x0000ffff;
																																		if((_t789 & 0x00000004) == 0) {
																																			goto L71;
																																		}
																																		if((_t789 & 0x00008000) == 0) {
																																			_t812 =  *((intOrPtr*)(_t811 + 0x10));
																																			goto L153;
																																		}
																																		_t790 =  *((intOrPtr*)(_t811 + 0x10));
																																		if(_t790 == 0) {
																																			goto L71;
																																		}
																																		_t812 = _t811 + _t790;
																																		goto L153;
																																	}
																																	if((_t607 & 0x00008000) == 0) {
																																		_t825 =  *((intOrPtr*)(_v168 + 0x10));
																																		goto L148;
																																	}
																																	_t792 =  *((intOrPtr*)(_t766 + 0x10));
																																	if(_t792 == 0) {
																																		goto L86;
																																	}
																																	_t798 = _v168;
																																	_t825 = _t792 + _v168;
																																	goto L148;
																																}
																															}
																														}
																														_t823 = 0;
																														_v216 = _v232;
																														_v228 = 0;
																														goto L140;
																													}
																													if(_t592 == 0) {
																														goto L137;
																													}
																													_t592 = _t592 + _t809;
																													goto L138;
																												}
																												goto L137;
																											}
																										}
																										goto L184;
																									}
																									_v232 = 0;
																									goto L131;
																								}
																								if(_v172 == 0) {
																									goto L211;
																								} else {
																									_v220 = _t586;
																									_v137 = 0;
																									goto L129;
																								}
																								goto L199;
																							}
																							if(_t586 == 0 ||  *((intOrPtr*)(_t586 + 8)) >= 0x2000) {
																								goto L129;
																							} else {
																								_v176 = 1;
																								goto L197;
																							}
																						}
																						if(_t713 == 0) {
																							goto L123;
																						} else {
																							_t713 = _t713 + _t821;
																							goto L124;
																						}
																						goto L57;
																					}
																					L123:
																					_t713 = 0;
																					goto L124;
																				}
																			}
																			if(_t805 != 0x8000000b) {
																				goto L184;
																			}
																			if((_a28 & 0x00000002) != 0) {
																				_v144 = 0x8800;
																			}
																			_t821 = _v168;
																			_t718 =  *(_t821 + 2) & 0x0000ffff;
																			_t745 = _t718 & 0x00000030;
																			if((_t718 & 0x00000030) == 0x30) {
																				if((_t718 & 0x00000010) != 0) {
																					_t745 =  *(_t821 + 0xc);
																					if((_t718 & 0x00008000) == 0) {
																						L219:
																						_v148 = _t745;
																						L220:
																						_v144 = _v144 | _t718 & 0x00002000 | 0x00000010;
																						_v156 = 1;
																						goto L118;
																					}
																					if(_t745 == 0) {
																						goto L215;
																					}
																					_t745 = _t745 + _t821;
																					goto L219;
																				}
																				L215:
																				_v148 = 0;
																				goto L220;
																			} else {
																				goto L118;
																			}
																		}
																		_t721 =  *(_t807 + 2) & 0x0000ffff;
																		if((_t721 & 0x00000010) != 0) {
																			if((_t721 & 0x00008000) == 0) {
																				_t808 =  *((intOrPtr*)(_t807 + 0xc));
																				goto L113;
																			}
																			_t722 =  *((intOrPtr*)(_t807 + 0xc));
																			if(_t722 == 0) {
																				goto L112;
																			}
																			_t808 = _t807 + _t722;
																			goto L113;
																		}
																		goto L112;
																	}
																	_t820 =  *((intOrPtr*)(_v168 + 0xc));
																	goto L110;
																}
																L109:
																_t820 = 0;
																goto L110;
															}
															goto L208;
														}
														_t745 =  *(_t562 + 8);
														if(_t745 == 0) {
															goto L208;
														}
														_t580 = _t562 + _t745;
														goto L79;
													}
													_t580 = _v256;
													if(_t798 == 0) {
														_t580 = _v260;
													}
													goto L79;
												}
												_t745 = _t745 + _t805;
											}
											_v160 = _t745;
											if(_t745 == 0) {
												goto L76;
											}
											goto L108;
										}
										goto L209;
									}
									if(_t745 == 0) {
										_v164 = 0;
										goto L24;
									}
									_t745 = _t745 + _t562;
									goto L23;
								}
								_t725 = _v224;
								if(_t798 == 0) {
									_t725 = _v160;
								}
								_v164 = _t725;
								if(_t725 != 0) {
									L105:
									_t562 = _v188;
									goto L106;
								} else {
									goto L211;
								}
							}
							_t561 = _t561 + _t805;
						}
						_v164 = _t561;
						if(_t561 == 0) {
							goto L81;
						}
						_v153 = 1;
						goto L105;
					}
				} else {
					__eax =  &_v264;
					_push( &_v264);
					_push(0x38);
					__eax =  &_v464;
					_push( &_v464);
					_push(0xa);
					_push(__esi);
					__eax = E00715C40();
					if(__eax < 0) {
						L192:
						return E00722F0C(_t573, 0, _v8 ^ _t835, _t798, _t805, _t818);
					}
					__eax = _v440;
					_v181 = __al;
					if(_v440 == 2) {
						if(_v436 >= 1) {
							goto L97;
						}
						__eax = 0xc00000a5;
						goto L192;
					}
					goto L97;
				}
				L1:
				if(_v248 != 0) {
					goto L160;
				}
				if(_v172 == 0) {
					goto L211;
				}
				_t681 = 8;
				_v316 = _t681;
				_push( &_v154);
				_push( &_v324);
				_push(_v172);
				_v324 = _t818;
				_v320 = _t818;
				_v312 = 0;
				_v308 = 0;
				_t805 = E00715A90();
				if(_t805 < 0) {
					goto L184;
				}
				if(_v154 != 0) {
					goto L160;
				} else {
					goto L256;
				}
			}

0x006e96c4
0x006e96cb
0x006e96d1
0x006e96da
0x006e96e3
0x006e96ec
0x006e96fb
0x006e9707
0x006e9714
0x006e9718
0x006e971b
0x006e9721
0x006e9727
0x006e972d
0x006e9733
0x006e9739
0x006e973f
0x006e9745
0x006e974b
0x006e9751
0x006e9757
0x006e975d
0x006e9763
0x006e9769
0x006e976f
0x006e9775
0x006e977b
0x006e9781
0x006e9787
0x006e978d
0x006e9793
0x006e979d
0x006e97a3
0x006e97a9
0x006e97af
0x006e97b5
0x006e97bb
0x006e97c2
0x006e97c9
0x006e97cf
0x006e97d5
0x006e97db
0x006e97e1
0x006e97e7
0x006e97ed
0x006e97f5
0x006e982c
0x006e982e
0x006df628
0x006df62e
0x006df633
0x006e9834
0x006e9834
0x006e9834
0x006e983b
0x006e9844
0x006e9849
0x006e984f
0x006e9855
0x006e985d
0x006d2bd2
0x00000000
0x00000000
0x00000000
0x006e9863
0x006e9863
0x006e9895
0x00000000
0x00000000
0x006e98a3
0x006e98b1
0x006e98b7
0x006e98c5
0x006e98d3
0x006e98e1
0x006e98ef
0x006e98f5
0x006e98f9
0x006e98ff
0x006e9907
0x006e9907
0x006e990d
0x006d8047
0x006d8049
0x006df5eb
0x006df5ef
0x006d2827
0x006d282f
0x007582c0
0x007582c0
0x006e9ed2
0x006e9ed8
0x006d52c7
0x006d52c7
0x006e9ee4
0x007586bf
0x007586d8
0x007586d8
0x007586bf
0x006e9ef0
0x006e9ef8
0x006e9f05
0x006e9f12
0x006e9f1f
0x006e9f2c
0x006e9f39
0x006e9f44
0x006d7cdc
0x006d7cea
0x006d7cea
0x006d7cdc
0x006e9f5c
0x006e9f6e
0x006e9f6e
0x006e9f7f
0x006e9f81
0x00000000
0x006e9f81
0x006d283b
0x006d283e
0x006d284a
0x006d284a
0x006d2850
0x006d2850
0x006d285d
0x006e992e
0x006e992e
0x006e9938
0x006d8058
0x006df5be
0x006df5c2
0x006d2805
0x007582b6
0x007582b6
0x00000000
0x007582b6
0x006d280f
0x006d25a5
0x006df5d8
0x006df5d8
0x006df5e0
0x006e994c
0x006e994c
0x006e9953
0x006d7d5a
0x007582df
0x007582e4
0x00000000
0x00000000
0x007582f0
0x006e995b
0x006e995b
0x006e9963
0x006e9971
0x006e9971
0x006e9973
0x006e9987
0x006e99a5
0x006e99e1
0x006e99eb
0x006e99ef
0x006d5151
0x006d5157
0x006d5162
0x006d516f
0x006d5171
0x006d5173
0x006d517a
0x006e9a29
0x006e9a30
0x00758334
0x00758334
0x006e9a3d
0x00758343
0x00758343
0x006e9a4a
0x0075834f
0x0075834f
0x006e9a56
0x006d25b5
0x00000000
0x006e9a5c
0x006e9a5c
0x006e9a62
0x006d7d73
0x006d7d76
0x006e9a6a
0x006e9a73
0x006e9a77
0x00749597
0x0074959a
0x007495a3
0x007495a9
0x007495ac
0x007495b4
0x0075836a
0x0075836a
0x0075836c
0x00758372
0x00758378
0x00000000
0x00758378
0x007495bc
0x00000000
0x00000000
0x00000000
0x007495c2
0x006e9a7d
0x006e9a84
0x006e9a8a
0x0075838a
0x00000000
0x00000000
0x00758390
0x00000000
0x00758390
0x006e9a90
0x006e9a96
0x007495c7
0x007495c9
0x006e9aad
0x006e9ab3
0x007495d4
0x007495e7
0x007495eb
0x00000000
0x00000000
0x00749615
0x00749619
0x006e9abf
0x006e9ac6
0x006e9acc
0x007583c8
0x006e9ad2
0x006e9ad4
0x006e9afa
0x007583ce
0x007583ce
0x007583ce
0x006e9ad4
0x006e9afe
0x006e9b0c
0x006e9b0c
0x00000000
0x006e9b00
0x006e9b00
0x006e9b06
0x006d529c
0x006d529f
0x006e9b0e
0x006e9b1c
0x006e9b5f
0x006e9b67
0x00749626
0x00000000
0x00000000
0x0074962c
0x006e9b81
0x006e9b99
0x006e9ba1
0x00749643
0x00749656
0x00749656
0x00749643
0x006e9ba9
0x00000000
0x006e9baf
0x006e9baf
0x006e9bb7
0x006d7c1b
0x006d7c32
0x006d7c32
0x006d7c4b
0x006d7c51
0x006d7c57
0x006d7c57
0x006e9bc0
0x006e9bc3
0x006e9bc9
0x006df574
0x006df57b
0x007583d5
0x006df581
0x006df581
0x006df581
0x006df589
0x00000000
0x006df58f
0x007583e3
0x00000000
0x007583e9
0x007583e9
0x007583fc
0x00758400
0x00000000
0x00000000
0x0075840c
0x00758412
0x00758412
0x00000000
0x0075840c
0x00000000
0x007583e3
0x006e9bcf
0x006e9bcf
0x006e9bcf
0x006e9bd5
0x006e9bdb
0x006df618
0x006df618
0x006e9c00
0x006e9c00
0x006e9c08
0x006df564
0x006df564
0x006e9c34
0x006e9c60
0x006e9c92
0x006e9c96
0x006df6a9
0x00000000
0x00000000
0x006df6b3
0x006df6b5
0x006df6b5
0x006df6bf
0x006df6c5
0x006df6cb
0x006df6d1
0x00758420
0x0075842a
0x00758432
0x0075843a
0x0075843a
0x00758440
0x00758448
0x0075844e
0x00000000
0x0075844e
0x00758436
0x00000000
0x00000000
0x00758438
0x00000000
0x00758438
0x00758422
0x00758422
0x00000000
0x006df6d7
0x006df6d7
0x006df6df
0x006df6e5
0x006df6ec
0x006df6ec
0x006e9cb7
0x006e9cbe
0x006df49a
0x00000000
0x006df4b8
0x006df4c6
0x006df4d2
0x006df4d3
0x006df4d4
0x006df4d5
0x006df4db
0x006df4eb
0x006df4f7
0x006df505
0x006df50b
0x006df51a
0x006df51e
0x00000000
0x00000000
0x006df524
0x006df52a
0x006df530
0x006d25c4
0x006d25c4
0x006df54f
0x006df559
0x006e9cc7
0x006e9ccb
0x0075854b
0x0075854b
0x006e9cdf
0x00000000
0x006e9ce5
0x006e9ce5
0x006e9ceb
0x0075856a
0x00000000
0x00000000
0x00758576
0x007582d5
0x007582d5
0x00000000
0x007582d5
0x0075857e
0x0075857f
0x0075858b
0x00758592
0x00758593
0x00758599
0x0075859f
0x007585a5
0x007585ab
0x007585b6
0x007585ba
0x00000000
0x00000000
0x007585c6
0x00000000
0x00000000
0x0075855a
0x0075855a
0x00000000
0x0075855a
0x006e9cf1
0x006e9cf7
0x006e9d03
0x006e9d09
0x006e9d17
0x006e9d21
0x006e9d28
0x006e9d33
0x006e9d36
0x006e9d3c
0x006e9d44
0x006e9d4a
0x006e9d51
0x006e9d5c
0x006e9d5c
0x006e9d68
0x006e9d6b
0x006e9d71
0x006d7c69
0x00000000
0x00000000
0x006d7c7c
0x00000000
0x006e9d77
0x006e9d77
0x006e9d77
0x006e9d79
0x006e9d7f
0x006e9d82
0x006e9d88
0x006d25d3
0x006d25d3
0x006e9da5
0x006e9da5
0x006e9db1
0x006e9dbf
0x006e9dd1
0x006e9dd6
0x006e9dde
0x00758641
0x006e9de4
0x006e9de4
0x006e9ded
0x006e9df9
0x006e9dfd
0x006e9e06
0x006d7c89
0x006d25e0
0x006d7c8f
0x006d7c9c
0x006d7ca1
0x006d7caa
0x00749667
0x00749667
0x006d7cba
0x006d7cc9
0x0075865e
0x00758663
0x00758663
0x006d7ccf
0x006d7ccf
0x006d7c89
0x006e9e12
0x006e9e1a
0x006d25ee
0x006e9e20
0x006e9e20
0x006e9e2d
0x006e9e32
0x006e9e3b
0x006df6fe
0x006df6fe
0x006e9e4b
0x006e9e58
0x0075867c
0x00758681
0x00758681
0x006e9e5e
0x006e9e5e
0x006e9e1a
0x006e9e64
0x006e9e72
0x006e9e77
0x006e9e80
0x00758697
0x0075869c
0x0075869c
0x006e9e86
0x006e9e8e
0x006e9e94
0x006e9e96
0x006e9e9f
0x006e9ea1
0x006e9eaf
0x006e9eb4
0x006e9ebf
0x007586ac
0x007586b1
0x006e9ecd
0x006e9ecd
0x006e9ed0
0x006e9ed0
0x00000000
0x006e9dde
0x006e9d8e
0x006e9d96
0x00000000
0x00000000
0x006e9da3
0x00000000
0x006e9da3
0x007585d9
0x007585fe
0x00758602
0x00000000
0x00000000
0x0075860e
0x00758625
0x00758625
0x00758630
0x00758636
0x00000000
0x00758636
0x006d505f
0x006d5065
0x00000000
0x00000000
0x006d5071
0x006d5072
0x006d5078
0x006d507e
0x006d508b
0x00000000
0x00000000
0x007585ce
0x00000000
0x007585ce
0x006e9cf7
0x006e9cdf
0x00758461
0x007584d8
0x007584d8
0x007584e0
0x007584e2
0x007584e2
0x007584ee
0x007584f5
0x007584fc
0x007584fd
0x00758503
0x00758504
0x0075850a
0x0075850f
0x00758510
0x0075851b
0x00758523
0x00758525
0x0075852b
0x0075852b
0x00758532
0x00758538
0x00758540
0x00000000
0x00000000
0x00758546
0x00000000
0x00758463
0x00758465
0x0075846c
0x00758472
0x00758478
0x00758479
0x0075847a
0x0075847b
0x00758487
0x00758488
0x0075848a
0x00758490
0x0075849a
0x007584a1
0x007584a7
0x007584b1
0x007584b7
0x007584bd
0x007584c3
0x007584ce
0x007584d2
0x00000000
0x00000000
0x00000000
0x007584d2
0x00000000
0x00758461
0x006df53b
0x006d25cb
0x00000000
0x006d25cb
0x006df544
0x00000000
0x00000000
0x006df54d
0x00000000
0x006df54d
0x006df49a
0x006e9cc4
0x006e9cc6
0x00000000
0x006e9cc6
0x006df6d1
0x006e9caa
0x006e9cb0
0x00000000
0x006e9cb0
0x006e9c0e
0x006e9c15
0x00000000
0x00000000
0x006e9c21
0x006d25bc
0x00000000
0x006d25bc
0x006e9c27
0x006e9c2c
0x00000000
0x00000000
0x006e9c32
0x00000000
0x006e9c32
0x006e9be6
0x006ea66f
0x00000000
0x006ea66f
0x006e9bec
0x006e9bf1
0x00000000
0x00000000
0x006e9bf7
0x006e9bfd
0x00000000
0x006e9bfd
0x006e9bc9
0x006e9ba9
0x006e9b73
0x006e9b75
0x006e9b7b
0x00000000
0x006e9b7b
0x006d52a7
0x00000000
0x00000000
0x006d52ad
0x00000000
0x006d52ad
0x00000000
0x006e9b06
0x006e9afe
0x00000000
0x0074961f
0x006e9ab9
0x00000000
0x006e9ab9
0x007583af
0x00000000
0x007583b5
0x007583b5
0x007583bb
0x00000000
0x007583bb
0x00000000
0x007583af
0x006e9a9e
0x00000000
0x0075839a
0x0075839a
0x00000000
0x0075839a
0x006e9a9e
0x0075835d
0x00000000
0x00758363
0x00758363
0x00000000
0x00758363
0x00000000
0x0075835d
0x006e9a68
0x006e9a68
0x00000000
0x006e9a68
0x006e9a56
0x006e99fb
0x00000000
0x00000000
0x006e9a05
0x006e9a07
0x006e9a07
0x006e9a11
0x006e9a17
0x006e9a1d
0x006e9a23
0x007582fa
0x00758304
0x0075830c
0x00758314
0x00758314
0x0075831a
0x00758322
0x00758328
0x00000000
0x00758328
0x00758310
0x00000000
0x00000000
0x00758312
0x00000000
0x00758312
0x007582fc
0x007582fc
0x00000000
0x00000000
0x00000000
0x00000000
0x006e9a23
0x006e9965
0x006e996b
0x006d527f
0x006d25ad
0x00000000
0x006d25ad
0x006d5285
0x006d528a
0x00000000
0x00000000
0x006d5290
0x00000000
0x006d5290
0x00000000
0x006e996b
0x006d7d66
0x00000000
0x006d7d66
0x006e9959
0x006e9959
0x00000000
0x006e9959
0x00000000
0x006df5e6
0x006d2815
0x006d281a
0x00000000
0x00000000
0x006d2820
0x00000000
0x006d2820
0x006df5c8
0x006df5d0
0x006df5d2
0x006df5d2
0x00000000
0x006df5d0
0x006d805e
0x006d805e
0x006e993e
0x006e9946
0x00000000
0x00000000
0x00000000
0x006e9946
0x00000000
0x006d2863
0x006d2842
0x007582ca
0x00000000
0x007582ca
0x006d2848
0x00000000
0x006d2848
0x006df5f5
0x006df5fd
0x006df5ff
0x006df5ff
0x006df605
0x006df60d
0x006e9928
0x006e9928
0x00000000
0x006df613
0x00000000
0x006df613
0x006df60d
0x006d804f
0x006d804f
0x006e9913
0x006e991b
0x00000000
0x00000000
0x006e9921
0x00000000
0x006e9921
0x006e97f7
0x006e97f7
0x006e97fd
0x006e97fe
0x006e9800
0x006e9806
0x006e9807
0x006e9809
0x006e980a
0x006e9811
0x006e9f83
0x006e9f91
0x006e9f91
0x006e9817
0x006e981d
0x006e9826
0x006d5708
0x00000000
0x00000000
0x007582ac
0x00000000
0x007582ac
0x00000000
0x006e9826
0x006d2538
0x006d253e
0x00000000
0x00000000
0x006d254a
0x00000000
0x00000000
0x006d2552
0x006d2553
0x006d255f
0x006d2566
0x006d2567
0x006d256d
0x006d2573
0x006d2579
0x006d257f
0x006d258a
0x006d258e
0x00000000
0x00000000
0x006d259a
0x00000000
0x006d25a0
0x00000000
0x006d25a0

Strings

, xrefs: 006DF5EB

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: b7f19c9ab056f75bb0dc1b42e3624b425e3586949f7a48d9cec9c025e6629307
Instruction ID: f348331ec875c3b241603af18289c3b5c13528e2c45f23331342f64d2993794c
Opcode Fuzzy Hash: b7f19c9ab056f75bb0dc1b42e3624b425e3586949f7a48d9cec9c025e6629307
Instruction Fuzzy Hash: CCA24771D012A9DFEF618F15CC81BE9B7B6AF04300F1480EAEA49A7241D7749E85DF61

Uniqueness

Uniqueness Score: 0.02%

Function 006D83EB, Relevance: 2.0, Strings: 1, Instructions: 745
COMMONCrypto

C-Code - Quality: 87%

			E006D83EB(signed char _a4, signed char _a8, signed int _a12, signed char _a16, intOrPtr _a20, intOrPtr _a24, signed int _a28) {
				signed int _v8;
				char _v18;
				char _v20;
				signed int _v24;
				char _v25;
				signed int _v32;
				intOrPtr _v36;
				signed char _v37;
				char _v38;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				short _v58;
				signed int _v60;
				signed int _v64;
				signed char _v68;
				signed int _v72;
				char _v76;
				signed int _v80;
				signed int _v84;
				signed char _v88;
				intOrPtr _v92;
				signed int _v96;
				signed int _v100;
				intOrPtr _v104;
				char _v108;
				char _v112;
				signed short _v116;
				signed int _v120;
				unsigned int _v124;
				char _v136;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t318;
				intOrPtr _t340;
				void* _t345;
				intOrPtr _t346;
				unsigned int _t347;
				signed int _t350;
				signed int _t351;
				unsigned int _t352;
				unsigned int _t355;
				signed int _t359;
				signed int* _t362;
				signed int _t366;
				signed int _t382;
				signed int _t383;
				signed int _t388;
				signed int _t389;
				signed int _t391;
				signed int _t396;
				signed int _t397;
				signed int _t402;
				signed int _t407;
				signed int _t410;
				signed int _t415;
				signed int _t420;
				signed int _t421;
				signed int _t426;
				signed int _t441;
				signed int _t446;
				signed int _t450;
				signed int _t452;
				signed int _t454;
				signed char _t457;
				void* _t459;
				signed int _t460;
				signed int _t464;
				signed int _t473;
				intOrPtr _t475;
				signed int _t477;
				signed int _t478;
				signed int _t484;
				signed int _t490;
				signed int _t492;
				signed int _t494;
				signed int _t496;
				signed int _t516;
				signed int _t519;
				unsigned int _t523;
				signed int _t525;
				signed int _t529;

				_t318 =  *0x7a81e8; // 0x77d57e23
				_v8 = _t318 ^ _t529;
				_t480 = _a8;
				_v80 = _a12;
				_v68 = _a16;
				_t478 = _a28;
				_v92 = _a20;
				_t518 = 0;
				_v104 = _a24;
				_v20 = 0;
				_t516 =  &_v18;
				asm("stosd");
				_v44 = _t480;
				_v120 = _t478;
				_v24 = 0;
				_v32 = 0;
				_v96 = 0;
				_v88 = 0;
				_v25 = 0;
				asm("stosd");
				_v48 = 0;
				_v72 = 0;
				_v100 = 0;
				_v64 = 0;
				_v76 = 0;
				_v108 = 0;
				if(_t480 == 0 || _t478 == 0) {
					_v36 = 0xc000000d;
					goto L49;
				} else {
					_t340 = E00728877( &_v108);
					_v36 = _t340;
					if(_t340 < 0) {
						L55:
						return E00722F0C(_v36, _t478, _v8 ^ _t529, _t503, _t516, _t518);
					}
					_t516 = E007229EE( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, 0x20a);
					_v64 = _t516;
					if(_t516 == 0) {
						_v36 = 0xc0000017;
						L53:
						if(_v64 != 0) {
							E00722882(_t480,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v64);
						}
						goto L55;
					}
					_t518 = 0x208;
					_t345 = E00737143(_v44, 0x208, _t516,  &_v76);
					if(_t345 == 0 || _t345 >= 0x208) {
						L98:
						_v36 = 0xc000000d;
						goto L53;
					} else {
						_t346 = _v76;
						if(_t346 == 0 || _t346 <= _t516 || _t346 >= _t516) {
							goto L98;
						} else {
							 *((short*)(_t346 - 2)) = 0;
							_t480 =  *_t478;
							_t347 =  *(_t478 + 4);
							_t503 = _t480 | _t347;
							if((_t480 | _t347) != 0) {
								_t478 = _t480 & 0x0000000f;
								_t484 = (_t347 << 0x00000020 | _t480) >> 4;
								_v96 = _t478;
								_v44 = _t478;
								_v124 = _t347 >> 4;
								_t519 = 0;
								__eflags = 0;
								_t516 = 0xfff;
								do {
									_t350 = _t484 & _t516;
									_v44 = _v44 ^ _t350;
									_t503 = _t519;
									__eflags = _t503;
									if(_t503 == 0) {
										_t351 = _t350 & _t516;
										__eflags = _t351;
										_v88 = _t351;
									} else {
										_t503 = _t503;
										__eflags = _t503;
										if(_t503 == 0) {
											_v32 = _t350 & _t516;
										} else {
											_t503 = _t503 - 1;
											__eflags = _t503;
											if(_t503 == 0) {
												_v24 = _t350 & _t516;
											}
										}
									}
									_t352 = _v124;
									_t484 = (_t352 << 0x00000020 | _t484) >> 0xc;
									_t519 = _t519 + 1;
									_v124 = _t352 >> 0xc;
									__eflags = _t519 - 4;
								} while (_t519 < 4);
								_t480 = _t484 ^ _v44;
								__eflags = _t516 & _t480;
								if((_t516 & _t480) == 0) {
									__eflags = _v24 - _v32;
									if(_v24 <= _v32) {
										_t355 = _v88;
										__eflags = _t355 & 0x00000020;
										if((_t355 & 0x00000020) == 0) {
											_t523 = (_t355 & 0x00000040 | 0x00000020) >> 5;
											__eflags = _t523;
										} else {
											_t523 = 2;
										}
										_t478 = _t478 & 0x00000001;
										_v37 =  !(_t355 >> 2) & 0x00000001;
										_v44 = _t478;
										L31:
										if(_t523 != 1) {
											__eflags = _t523 - 2;
											if(_t523 != 2) {
												__eflags = _v72;
												if(_v72 == 0) {
													_t415 = E0078031C(_v64,  &_v124,  &_v72);
													__eflags = _t415;
													if(_t415 == 0) {
														_v24 = _v32;
													}
												}
												__eflags = _v24;
												_v38 = 0;
												if(_v24 != 0) {
													L149:
													_t478 = _v24;
													_t518 = _v72;
													_t516 = 0;
													__eflags = _t478;
													if(_t478 <= 0) {
														L155:
														__eflags = _t478 - _v32;
														if(_t478 >= _v32) {
															L56:
															_v36 = 0x80000006;
															L48:
															_t359 = _v88;
															_v24 = _v24 + 1;
															_t518 = 0;
															_t490 = (_t359 ^ _v96 ^ _v32 ^ _v24 ^ 0xfffffcb7) & 0x00000fff;
															_t492 = _t490 << 0x0000000c | _v24;
															_t494 = _t492 << 0x0000000c | _v32;
															_t496 = _t494 << 0x00000018 | _t359 | 0x00cb7000;
															_t480 = _t496 << 0x00000004 | _v96;
															_t503 = ((((0 << 0x00000020 | _t490) << 0xc << 0x00000020 | _t492) << 0xc << 0x00000020 | _t494) << 0x18 << 0x00000020 | _t496) << 4;
															_t362 = _v120;
															 *_t362 = _t496 << 0x00000004 | _v96;
															_t362[1] = ((((0 << 0x00000020 | _t490) << 0xc << 0x00000020 | _t492) << 0xc << 0x00000020 | _t494) << 0x18 << 0x00000020 | _t496) << 4;
															L49:
															if(_v100 != 0) {
																E00722882(_t480,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v100);
															}
															goto L50;
														} else {
															goto L156;
														}
														while(1) {
															L156:
															__eflags = _v38;
															if(_v38 == 0) {
																goto L161;
															}
															_t388 = E00726DD1(_t518, _v56);
															_pop(_t480);
															__eflags = _t388;
															if(_t388 == 0) {
																goto L161;
															}
															_t283 =  &_v24;
															 *_t283 = _v24 + 1;
															__eflags =  *_t283;
															_t389 = _t518;
															_t285 = _t389 + 2; // 0x2
															_t503 = _t285;
															while(1) {
																_t480 =  *_t389;
																_t383 = _t389 + 2;
																__eflags =  *_t389;
																if( *_t389 == 0) {
																	break;
																}
															}
															L164:
															_t518 = _t518 + 2 + (_t383 - _t503 >> 1) * 2;
															__eflags = _v24 - _v32;
															if(_v24 >= _v32) {
																L37:
																if(_v24 >= _v32) {
																	goto L56;
																}
																if(_v80 == 0) {
																	__eflags = _v68;
																	if(_v68 != 0) {
																		goto L39;
																	} else {
																		L44:
																		if(_v92 == 0) {
																			L75:
																			_v36 = 0;
																			goto L49;
																		}
																		if(_v80 == 0) {
																			__eflags = _v68;
																			if(_v68 != 0) {
																				goto L75;
																			} else {
																				goto L46;
																			}
																		}
																		L46:
																		if(_v25 != 0) {
																			_v36 = 0xc0000023;
																			goto L49;
																		} else {
																			_v36 = 0;
																			goto L48;
																		}
																	}
																}
																L39:
																if(_v37 == 0) {
																	__eflags = E0072ADDB( &_v60,  &_v116);
																	if(__eflags == 0) {
																		_t478 = 0;
																		__eflags = 0;
																	} else {
																		_push( &_v20);
																		_push(0xfffffffc);
																		_push(0x10);
																		_push(_v116 & 0x0000ffff);
																		_t382 = E0072A557(_t478, _t516, _t518, __eflags);
																		__eflags = _t382;
																		_t478 = _t478 & 0xffffff00 | _t382 >= 0x00000000;
																	}
																	E00703D00(_t480,  &_v60,  &_v20);
																	__eflags = _t478;
																	if(_t478 != 0) {
																		goto L40;
																	} else {
																		goto L44;
																	}
																}
																L40:
																if(_v80 == 0) {
																	__eflags = _v68;
																	if(_v68 != 0) {
																		 *_v68 = 0x55;
																	}
																} else {
																	if(_v68 != 0) {
																		_t377 = _v60 & 0x0000ffff;
																		_t480 = _v68;
																		_t518 = (_v60 & 0x0000ffff) >> 1;
																		if( *_v68 <= _t518) {
																			_v25 = 1;
																		} else {
																			_t516 = _v80;
																			E00704830(_t516, _v56, _t377);
																			 *((short*)(_t516 + _t518 * 2)) = 0;
																		}
																	}
																}
																goto L44;
															}
															continue;
															L161:
															E00703D00(_t480,  &_v60, _t518);
															_push( &_v25);
															_push(_v92);
															_push(_v44);
															_push(_v104);
															_push(_v76);
															_push(_v64);
															_push(_v56);
															_push(_v60);
															_t366 = E006D8792(_t478, _t516, _t518, __eflags);
															__eflags = _t366;
															if(_t366 != 0) {
																goto L37;
															}
															_t295 =  &_v24;
															 *_t295 = _v24 + 1;
															__eflags =  *_t295;
															_t383 = _t518;
															_t297 = _t383 + 2; // 0x2
															_t503 = _t297;
															do {
																_t480 =  *_t383;
																_t383 = _t383 + 2;
																__eflags = _t480;
															} while (_t480 != 0);
															goto L164;
														}
													} else {
														goto L150;
													}
													while(1) {
														L150:
														__eflags = _t518;
														if(_t518 == 0) {
															goto L155;
														}
														__eflags =  *_t518;
														if( *_t518 == 0) {
															goto L155;
														}
														_t391 = _t518;
														_t516 = _t516 + 1;
														__eflags = _t516;
														_t276 = _t391 + 2; // 0x2
														_t503 = _t276;
														do {
															_t480 =  *_t391;
															_t391 = _t391 + 2;
															__eflags = _t480;
														} while (_t480 != 0);
														_t518 = _t518 + 2 + (_t391 - _t503 >> 1) * 2;
														__eflags = _t516 - _t478;
														if(_t516 < _t478) {
															continue;
														}
														goto L155;
													}
													goto L155;
												} else {
													_t396 =  *_v68;
													__eflags = _t396;
													if(_t396 == 0) {
														goto L149;
													}
													_t525 = _v80;
													__eflags = _t525;
													if(_t525 == 0) {
														goto L149;
													}
													_t397 = E007806DD(_t525, _t396, 0);
													__eflags = _t397;
													if(_t397 == 0) {
														goto L149;
													}
													__eflags = _v37;
													_push(_t525);
													if(_v37 != 0) {
														_push( &_v60);
														E00703D00(_t480);
														_t402 = E0072ADDB( &_v60,  &_v112);
														L147:
														__eflags = _t402;
														if(_t402 != 0) {
															_v38 = 1;
														}
														goto L149;
													}
													_push( &_v136);
													E00703D00(_t480);
													_push( &_v112);
													_push(0x10);
													_push( &_v136);
													_t407 = E0074003C(_t478, _t516, _t525, __eflags);
													__eflags = _t407;
													if(_t407 < 0) {
														goto L149;
													}
													_t518 = 0xaa;
													_t410 = E007229EE( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, 0xaa);
													_v100 = _t410;
													__eflags = _t410;
													if(_t410 == 0) {
														L50:
														if(_v48 != 0) {
															E00722882(_t480,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v48);
														}
														L52:
														if(_v72 != 0) {
															E00722882(_t480,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v72);
														}
														goto L53;
													}
													_v56 = _t410;
													_v60 = 0;
													_v58 = 0xaa;
													_t402 = E0072925B(_t480, _t503, _v112,  &_v60);
													goto L147;
												}
											}
											__eflags = _v48;
											if(_v48 == 0) {
												E007828FE(_v108,  &_v48,  &_v140);
											}
											_t478 = _v24;
											_t518 = _v48;
											_t516 = 0;
											__eflags = _t478;
											if(_t478 <= 0) {
												L127:
												__eflags = _t478 - _v32;
												if(_t478 >= _v32) {
													goto L56;
												} else {
													goto L128;
												}
												while(1) {
													L128:
													__eflags = _t518;
													if(_t518 == 0) {
														goto L37;
													}
													__eflags =  *_t518;
													if( *_t518 == 0) {
														goto L37;
													}
													E00703D00(_t480,  &_v60, _t518);
													_push( &_v25);
													_push(_v92);
													_push(_v44);
													_push(_v104);
													_push(_v76);
													_push(_v64);
													_push(_v56);
													_push(_v60);
													_t420 = E006D8792(_t478, _t516, _t518, __eflags);
													__eflags = _t420;
													if(_t420 != 0) {
														goto L37;
													}
													_t240 =  &_v24;
													 *_t240 = _v24 + 1;
													__eflags =  *_t240;
													_t421 = _t518;
													_t242 = _t421 + 2; // 0x2
													_t503 = _t242;
													do {
														_t480 =  *_t421;
														_t421 = _t421 + 2;
														__eflags = _t480;
													} while (_t480 != 0);
													_t518 = _t518 + 2 + (_t421 - _t503 >> 1) * 2;
													__eflags = _v24 - _v32;
													if(_v24 >= _v32) {
														goto L37;
													}
												}
												goto L37;
											} else {
												while(1) {
													__eflags = _t518;
													if(_t518 == 0) {
														goto L127;
													}
													__eflags =  *_t518;
													if( *_t518 == 0) {
														goto L127;
													}
													_t426 = _t518;
													_t516 = _t516 + 1;
													__eflags = _t516;
													_t226 = _t426 + 2; // 0x2
													_t503 = _t226;
													do {
														_t480 =  *_t426;
														_t426 = _t426 + 2;
														__eflags = _t480;
													} while (_t480 != 0);
													_t518 = _t518 + 2 + (_t426 - _t503 >> 1) * 2;
													__eflags = _t516 - _t478;
													if(_t516 < _t478) {
														continue;
													}
													goto L127;
												}
												goto L127;
											}
										}
										if(_v48 == 0) {
											_t518 = 0;
											_v52 = 0;
											E007292B9(0x30,  &_v84, 0,  &_v52);
											__eflags = _v52;
											if(_v52 <= 0) {
												L111:
												_v24 = _v32;
												goto L33;
											}
											_t450 = E006DA860(_t480, _v52, 2);
											__eflags = _t450;
											if(_t450 != 0) {
												_t480 =  *[fs:0x18];
												_t452 = E007229EE( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t450);
												_v48 = _t452;
												__eflags = _t452;
												if(_t452 == 0) {
													goto L111;
												}
												_t480 =  &_v52;
												_t454 = E007292B9(0x30,  &_v84, _t452,  &_v52);
												__eflags = _t454;
												if(_t454 >= 0) {
													goto L33;
												}
												goto L111;
											}
											_v36 = 0xc0000095;
											goto L52;
										}
										L33:
										_t478 = _v24;
										_t518 = _v48;
										_t516 = 0;
										if(_t478 > 0) {
											while(1) {
												__eflags = _t518;
												if(_t518 == 0) {
													goto L34;
												}
												__eflags =  *_t518;
												if( *_t518 == 0) {
													goto L34;
												}
												_t446 = _t518;
												_t516 = _t516 + 1;
												__eflags = _t516;
												_t216 = _t446 + 2; // 0x2
												_t503 = _t216;
												do {
													_t480 =  *_t446;
													_t446 = _t446 + 2;
													__eflags = _t480;
												} while (_t480 != 0);
												_t518 = _t518 + 2 + (_t446 - _t503 >> 1) * 2;
												__eflags = _t516 - _t478;
												if(_t516 >= _t478) {
													goto L34;
												}
											}
										}
										L34:
										if(_t478 >= _v32) {
											goto L56;
										} else {
											goto L35;
										}
										while(1) {
											L35:
											_t565 =  *_t518;
											if( *_t518 == 0) {
												goto L37;
											}
											E00703D00(_t480,  &_v60, _t518);
											_push( &_v25);
											_push(_v92);
											_push(_v44);
											_push(_v104);
											_push(_v76);
											_push(_v64);
											_push(_v56);
											_push(_v60);
											if(E006D8792(_t478, _t516, _t518, _t565) == 0) {
												_t132 =  &_v24;
												 *_t132 = _v24 + 1;
												__eflags =  *_t132;
												_t441 = _t518;
												_t134 = _t441 + 2; // 0x2
												_t503 = _t134;
												do {
													_t480 =  *_t441;
													_t441 = _t441 + 2;
													__eflags = _t480;
												} while (_t480 != 0);
												_t518 = _t518 + 2 + (_t441 - _t503 >> 1) * 2;
												__eflags = _v24 - _v32;
												if(_v24 >= _v32) {
													goto L37;
												} else {
													continue;
												}
											}
											goto L37;
										}
										goto L37;
									}
									_v36 = 0x80000006;
									goto L53;
								}
								_v36 = 0xc0000030;
								goto L53;
							}
							_t457 = _a4;
							if((_t457 & 0x00000004) != 0) {
								__eflags = _t457 & 0x00000008;
								if((_t457 & 0x00000008) == 0) {
									goto L11;
								}
								goto L98;
							}
							L11:
							_t503 = _t457 & 0x00000010;
							if(_t503 == 0 || (_t457 & 0x00000020) == 0) {
								if(_t503 == 0 || (_t457 & 0x00000040) == 0) {
									_t480 = _t457 & 0x00000020;
									if(_t480 != 0) {
										__eflags = _t457 & 0x00000040;
										if((_t457 & 0x00000040) == 0) {
											goto L16;
										}
										goto L98;
									}
									L16:
									_t516 = _t457 & 0x00000200;
									_t478 = 0x100;
									if(_t516 == 0 || (0x00000100 & _t457) == 0) {
										if(_t503 == 0 || _t480 == 0) {
											L20:
											_v88 = _t457;
											if(_t480 != 0) {
												_t523 = 2;
											} else {
												_t523 = (_t457 & 0x00000040 | 0x00000020) >> 5;
											}
											_t480 =  !(_t457 >> 2) & 0x00000001;
											_v37 =  !(_t457 >> 2) & 0x00000001;
											if(_t516 == 0) {
												__eflags = _t478 & _t457;
												if(__eflags != 0) {
													L63:
													_v44 = 1;
													_v96 = 1;
													goto L24;
												}
												_t477 = E006D8948(_t480, __eflags, _v44);
												__eflags = _t477;
												if(_t477 == 0) {
													goto L23;
												}
												goto L63;
											} else {
												L23:
												_v44 = 0;
												L24:
												_t459 = _t523 - 1;
												if(_t459 != 0) {
													_t460 = _t459 - 1;
													__eflags = _t460;
													if(_t460 == 0) {
														_v32 = _v32 & 0x00000000;
														E007828FE(_v108,  &_v48,  &_v32);
													} else {
														_t464 = _t460 - 1;
														__eflags = _t464;
														if(_t464 == 0) {
															_v32 = _v32 & _t464;
															E0078031C(_v64,  &_v32,  &_v72);
														}
													}
													L30:
													_v24 = _v24 & 0x00000000;
													goto L31;
												}
												_t516 = 0;
												_v52 = 0;
												E007292B9(0x30,  &_v84, 0,  &_v52);
												if(_v52 == 0) {
													goto L53;
												}
												if(E006DA860(_t480, _v52, 2) == 0) {
													_v36 = 0xc0000095;
													goto L53;
												}
												_t480 =  *[fs:0x18];
												_t473 = E007229EE( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t471);
												_v48 = _t473;
												if(_t473 == 0) {
													_v36 = 0xc0000017;
													goto L50;
												}
												_t480 =  &_v52;
												_t475 = E007292B9(0x30,  &_v84, _t473,  &_v52);
												if(_t475 < 0) {
													_v36 = _t475;
													goto L50;
												} else {
													_v32 = _v84;
													goto L30;
												}
											}
										} else {
											__eflags = _t457 & 0x00000040;
											if((_t457 & 0x00000040) == 0) {
												goto L20;
											}
											goto L98;
										}
									} else {
										goto L98;
									}
								} else {
									goto L98;
								}
							} else {
								goto L98;
							}
						}
					}
				}
			}

0x006d83f6
0x006d83fd
0x006d8403
0x006d8406
0x006d840c
0x006d8413
0x006d8416
0x006d841d
0x006d8420
0x006d8425
0x006d8429
0x006d842c
0x006d842d
0x006d8430
0x006d8433
0x006d8436
0x006d8439
0x006d843c
0x006d843f
0x006d8443
0x006d8444
0x006d8447
0x006d844a
0x006d844d
0x006d8450
0x006d8453
0x006d8458
0x00748e09
0x00000000
0x006d8466
0x006d846a
0x006d8471
0x006d8474
0x006d8779
0x006d878a
0x006d878a
0x006d8492
0x006d8494
0x006d8499
0x0075c672
0x006d875d
0x006d8761
0x006d8774
0x006d8774
0x00000000
0x006d8761
0x006d84a4
0x006d84ad
0x006d84b4
0x0075c744
0x0075c744
0x00000000
0x006d84c2
0x006d84c2
0x006d84c7
0x00000000
0x006d84df
0x006d84e1
0x006d84e5
0x006d84e7
0x006d84ec
0x006d84ee
0x0075c680
0x0075c683
0x0075c68a
0x0075c68d
0x0075c690
0x0075c693
0x0075c693
0x0075c695
0x0075c69a
0x0075c69c
0x0075c69e
0x0075c6a3
0x0075c6a3
0x0075c6a6
0x0075c6bd
0x0075c6bd
0x0075c6bf
0x0075c6a8
0x0075c6a9
0x0075c6a9
0x0075c6aa
0x0075c6b8
0x0075c6ac
0x0075c6ac
0x0075c6ac
0x0075c6ad
0x0075c6b1
0x0075c6b1
0x0075c6ad
0x0075c6aa
0x0075c6c2
0x0075c6c5
0x0075c6cc
0x0075c6cd
0x0075c6d0
0x0075c6d0
0x0075c6d5
0x0075c6d8
0x0075c6da
0x0075c6eb
0x0075c6ee
0x0075c6fc
0x0075c6ff
0x0075c701
0x0075c710
0x0075c710
0x0075c703
0x0075c705
0x0075c705
0x0075c71a
0x0075c71d
0x0075c720
0x006d85f2
0x006d85f5
0x0075c852
0x0075c855
0x0075c919
0x0075c91d
0x0075c92a
0x0075c92f
0x0075c931
0x0075c936
0x0075c936
0x0075c931
0x0075c939
0x0075c93d
0x0075c941
0x0075c9f6
0x0075c9f6
0x0075c9f9
0x0075c9fc
0x0075c9fe
0x0075ca00
0x0075ca28
0x0075ca28
0x0075ca2b
0x006d88e8
0x006d88e8
0x006d86ce
0x006d86ce
0x006d86d1
0x006d86de
0x006d86ee
0x006d86fb
0x006d8707
0x006d8713
0x006d871e
0x006d8723
0x006d8725
0x006d8728
0x006d872a
0x006d872d
0x006d8731
0x0075cb10
0x0075cb10
0x00000000
0x00000000
0x00000000
0x00000000
0x0075ca31
0x0075ca31
0x0075ca31
0x0075ca35
0x00000000
0x00000000
0x0075ca3b
0x0075ca41
0x0075ca42
0x0075ca44
0x00000000
0x00000000
0x0075ca46
0x0075ca46
0x0075ca46
0x0075ca49
0x0075ca4b
0x0075ca4b
0x0075ca4e
0x0075ca4e
0x0075ca52
0x0075ca53
0x0075ca56
0x00000000
0x00000000
0x0075ca58
0x0075ca9c
0x0075caa0
0x0075caa7
0x0075caaa
0x006d8654
0x006d865a
0x00000000
0x00000000
0x006d8664
0x00748dbb
0x00748dbf
0x00000000
0x00748dc5
0x006d86ad
0x006d86b2
0x00748e15
0x00748e15
0x00000000
0x00748e15
0x006d86bb
0x00748de1
0x00748de4
0x00000000
0x00748de6
0x00000000
0x00748de6
0x00748de4
0x006d86c1
0x006d86c5
0x0075caf3
0x00000000
0x006d86cb
0x006d86cb
0x00000000
0x006d86cb
0x006d86c5
0x00748dbf
0x006d866a
0x006d866e
0x0075cac2
0x0075cac4
0x0075cadf
0x0075cadf
0x0075cac6
0x0075cac9
0x0075cace
0x0075cad0
0x0075cad2
0x0075cad3
0x0075cad8
0x0075cada
0x0075cada
0x0075cae9
0x00748deb
0x00748ded
0x00000000
0x00748df3
0x00000000
0x00748df3
0x00748ded
0x006d8674
0x006d8679
0x00748dca
0x00748dcd
0x00748dd6
0x00748dd6
0x006d867f
0x006d8682
0x006d8684
0x006d8688
0x006d868d
0x006d8691
0x00748df8
0x006d8697
0x006d8697
0x006d869f
0x006d86a9
0x006d86a9
0x006d8691
0x006d8682
0x00000000
0x006d8679
0x00000000
0x0075ca5a
0x0075ca5f
0x0075ca67
0x0075ca68
0x0075ca6b
0x0075ca6e
0x0075ca71
0x0075ca74
0x0075ca77
0x0075ca7a
0x0075ca7d
0x0075ca82
0x0075ca84
0x00000000
0x00000000
0x0075ca8a
0x0075ca8a
0x0075ca8a
0x0075ca8d
0x0075ca8f
0x0075ca8f
0x0075ca92
0x0075ca92
0x0075ca96
0x0075ca97
0x0075ca97
0x00000000
0x0075ca92
0x00000000
0x00000000
0x00000000
0x0075ca02
0x0075ca02
0x0075ca02
0x0075ca04
0x00000000
0x00000000
0x0075ca06
0x0075ca0a
0x00000000
0x00000000
0x0075ca0c
0x0075ca0e
0x0075ca0e
0x0075ca0f
0x0075ca0f
0x0075ca12
0x0075ca12
0x0075ca16
0x0075ca17
0x0075ca17
0x0075ca20
0x0075ca24
0x0075ca26
0x00000000
0x00000000
0x00000000
0x0075ca26
0x00000000
0x0075c947
0x0075c94a
0x0075c94c
0x0075c94e
0x00000000
0x00000000
0x0075c954
0x0075c957
0x0075c959
0x00000000
0x00000000
0x0075c963
0x0075c968
0x0075c96a
0x00000000
0x00000000
0x0075c970
0x0075c974
0x0075c975
0x0075c9db
0x0075c9dc
0x0075c9e9
0x0075c9ee
0x0075c9ee
0x0075c9f0
0x0075c9f2
0x0075c9f2
0x00000000
0x0075c9f0
0x0075c97d
0x0075c97e
0x0075c986
0x0075c987
0x0075c98f
0x0075c990
0x0075c995
0x0075c997
0x00000000
0x00000000
0x0075c9a2
0x0075c9ad
0x0075c9b2
0x0075c9b5
0x0075c9b7
0x006d8737
0x006d873b
0x006d874e
0x006d874e
0x006d8753
0x006d8757
0x0075cb2b
0x0075cb2b
0x00000000
0x006d8757
0x0075c9bd
0x0075c9c2
0x0075c9cd
0x0075c9d1
0x00000000
0x0075c9d1
0x0075c941
0x0075c85b
0x0075c85f
0x0075c86f
0x0075c86f
0x0075c874
0x0075c877
0x0075c87a
0x0075c87c
0x0075c87e
0x0075c8a6
0x0075c8a6
0x0075c8a9
0x00000000
0x00000000
0x00000000
0x00000000
0x0075c8af
0x0075c8af
0x0075c8af
0x0075c8b1
0x00000000
0x00000000
0x0075c8b7
0x0075c8bb
0x00000000
0x00000000
0x0075c8c6
0x0075c8ce
0x0075c8cf
0x0075c8d2
0x0075c8d5
0x0075c8d8
0x0075c8db
0x0075c8de
0x0075c8e1
0x0075c8e4
0x0075c8e9
0x0075c8eb
0x00000000
0x00000000
0x0075c8f1
0x0075c8f1
0x0075c8f1
0x0075c8f4
0x0075c8f6
0x0075c8f6
0x0075c8f9
0x0075c8f9
0x0075c8fd
0x0075c8fe
0x0075c8fe
0x0075c907
0x0075c90e
0x0075c911
0x00000000
0x00000000
0x0075c917
0x00000000
0x0075c880
0x0075c880
0x0075c880
0x0075c882
0x00000000
0x00000000
0x0075c884
0x0075c888
0x00000000
0x00000000
0x0075c88a
0x0075c88c
0x0075c88c
0x0075c88d
0x0075c88d
0x0075c890
0x0075c890
0x0075c894
0x0075c895
0x0075c895
0x0075c89e
0x0075c8a2
0x0075c8a4
0x00000000
0x00000000
0x00000000
0x0075c8a4
0x00000000
0x0075c880
0x0075c87e
0x006d85ff
0x0075c7af
0x0075c7b8
0x0075c7bb
0x0075c7c0
0x0075c7c3
0x0075c813
0x0075c816
0x00000000
0x0075c816
0x0075c7ca
0x0075c7cf
0x0075c7d1
0x0075c7df
0x0075c7ef
0x0075c7f4
0x0075c7f7
0x0075c7f9
0x00000000
0x00000000
0x0075c7fb
0x0075c806
0x0075c80b
0x0075c80d
0x00000000
0x00000000
0x00000000
0x0075c80d
0x0075c7d3
0x00000000
0x0075c7d3
0x006d8605
0x006d8605
0x006d8608
0x006d860b
0x006d860f
0x0075c81e
0x0075c81e
0x0075c820
0x00000000
0x00000000
0x0075c826
0x0075c82a
0x00000000
0x00000000
0x0075c830
0x0075c832
0x0075c832
0x0075c833
0x0075c833
0x0075c836
0x0075c836
0x0075c83a
0x0075c83b
0x0075c83b
0x0075c844
0x0075c848
0x0075c84a
0x00000000
0x00000000
0x0075c850
0x0075c81e
0x006d8615
0x006d8618
0x00000000
0x00000000
0x00000000
0x00000000
0x006d861e
0x006d861e
0x006d861e
0x006d8622
0x00000000
0x00000000
0x006d8629
0x006d8631
0x006d8632
0x006d8635
0x006d8638
0x006d863b
0x006d863e
0x006d8641
0x006d8644
0x006d864e
0x006d88f4
0x006d88f4
0x006d88f4
0x006d88f7
0x006d88f9
0x006d88f9
0x006d88fc
0x006d88fc
0x006d8900
0x006d8901
0x006d8901
0x006d890a
0x006d8911
0x006d8914
0x00000000
0x006d891a
0x00000000
0x006d891a
0x006d8914
0x00000000
0x006d864e
0x00000000
0x006d861e
0x0075c6f0
0x00000000
0x0075c6f0
0x0075c6dc
0x00000000
0x0075c6dc
0x006d84f4
0x006d84f9
0x0075c728
0x0075c72a
0x00000000
0x00000000
0x00000000
0x0075c730
0x006d84ff
0x006d8501
0x006d8504
0x006d8510
0x006d851c
0x006d851f
0x0075c732
0x0075c734
0x00000000
0x00000000
0x00000000
0x0075c73a
0x006d8525
0x006d8527
0x006d852d
0x006d8532
0x006d853e
0x006d8548
0x006d8548
0x006d854d
0x0075c752
0x006d8553
0x006d855b
0x006d855b
0x006d8565
0x006d8568
0x006d856d
0x006d891f
0x006d8921
0x006d8933
0x006d8933
0x006d8937
0x00000000
0x006d8937
0x006d8926
0x006d892b
0x006d892d
0x00000000
0x00000000
0x00000000
0x006d8573
0x006d8573
0x006d8573
0x006d8577
0x006d8579
0x006d857a
0x0075c758
0x0075c758
0x0075c759
0x0075c77a
0x0075c789
0x0075c75b
0x0075c75b
0x0075c75b
0x0075c75c
0x0075c762
0x0075c770
0x0075c770
0x0075c75c
0x006d85ee
0x006d85ee
0x00000000
0x006d85ee
0x006d8584
0x006d858d
0x006d8590
0x006d8598
0x00000000
0x00000000
0x006d85aa
0x0075c793
0x00000000
0x0075c793
0x006d85b0
0x006d85c0
0x006d85c5
0x006d85ca
0x0075c79f
0x00000000
0x0075c79f
0x006d85d0
0x006d85db
0x006d85e2
0x00748e01
0x00000000
0x006d85e8
0x006d85eb
0x00000000
0x006d85eb
0x006d85e2
0x0075c73c
0x0075c73c
0x0075c73e
0x00000000
0x00000000
0x00000000
0x0075c73e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x006d8504
0x006d84c7
0x006d84b4

Strings

#, xrefs: 0075CAF3

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 0ba15791721ee0db3030a2d9881e31903f10625f71580f55e8901b5d978529d5
Instruction ID: 1802bcfd98f0cb66246c140e2ed85f97a4c951eeb246343eb71bb663cd28cb06
Opcode Fuzzy Hash: 0ba15791721ee0db3030a2d9881e31903f10625f71580f55e8901b5d978529d5
Instruction Fuzzy Hash: B0527D71D00219DFDF26DF94C845BEEBBBAEF08301F14442AE911BB251DBB89945CB91

Uniqueness

Uniqueness Score: 0.05%

Function 0072B594, Relevance: 1.7, Strings: 1, Instructions: 436
COMMONCrypto

C-Code - Quality: 95%

			E0072B594(char* __edx, signed int _a4, char* _a8, signed int _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, char _a36) {
				char _v5;
				char _v6;
				intOrPtr _v12;
				char* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				unsigned int _v44;
				signed int _v48;
				char* _v52;
				signed int _v56;
				intOrPtr _v60;
				short _v62;
				char _v64;
				intOrPtr _v68;
				short _v70;
				char _v72;
				char* __ebx;
				signed int __esi;
				signed int _t202;
				intOrPtr _t213;
				intOrPtr _t215;
				intOrPtr _t227;
				intOrPtr _t232;
				intOrPtr _t234;
				intOrPtr _t238;
				intOrPtr _t239;
				intOrPtr _t244;
				short* _t247;
				intOrPtr _t251;
				intOrPtr _t262;
				intOrPtr _t269;
				intOrPtr _t270;
				intOrPtr _t276;
				signed char _t284;
				char* _t286;
				signed int _t287;
				void* _t288;
				intOrPtr _t290;

				_t285 = __edx;
				_t271 = _a12;
				_v36 = _v36 | 0xffffffff;
				_v56 = _v56 | 0xffffffff;
				_v28 = _v28 | 0xffffffff;
				_v72 = 0;
				_t286 =  &_v70;
				asm("stosd");
				_v12 = 0;
				asm("stosw");
				_v52 = 0;
				_v40 = 0;
				_v32 = 0;
				_v6 = 0;
				_v5 = 0;
				_v16 = 0;
				_v24 = 0;
				if(_a12 == 0) {
					L8:
					return 0xc000000d;
				} else {
					__eax =  *__ecx;
					if(__eax == 0) {
						goto L8;
					}
					__ebx = _a8;
					if(__ebx == 0 ||  *((intOrPtr*)(__eax + 4)) > __si) {
						goto L8;
					} else {
						if((_a4 & 0x00010000) != 0) {
							_v5 = 1;
						}
						__eax =  *[fs:0x18];
						if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) == __esi) {
							__eax = 0;
						} else {
							 *[fs:0x18] =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
							__eax =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0xfbc))));
						}
						if(__eax == __esi) {
							__eax = 0;
						} else {
							__eax =  *((intOrPtr*)(__eax + 0x20));
						}
						_v44 = __eax;
						_a8 = __ecx;
						if(_v5 != 0 || (__al & 0x00000006) == 0) {
							L31:
							 *[fs:0x18] =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							_v20 = __esi;
							__eax = E007229EE( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, 0x154);
							_v16 = __eax;
							if(__eax == __esi) {
								__eax = 0xc0000017;
								return 0xc0000017;
							}
							if(_v5 != 0) {
								L34:
								_t290 = _a20;
								_t287 = 0;
								if(_t290 != 0) {
									if(_v5 != 0) {
										goto L35;
									}
									_a16 = 0;
									if(0 >=  *(_t290 + 4)) {
										goto L35;
									} else {
										goto L80;
									}
									while(1) {
										L80:
										_t271 =  *((intOrPtr*)(_t290 + 0x10)) + _t287;
										if(0 ==  *( *((intOrPtr*)(_t290 + 0x10)) + _t287)) {
											goto L85;
										}
										_v60 = _v16;
										_v64 = 0;
										_v62 = 0xaa;
										_t259 =  *((intOrPtr*)(_t290 + 0xc));
										if( *((intOrPtr*)(_t290 + 0xc)) == 0) {
											_t259 = _t270;
										}
										_t285 =  &_v64;
										if(E0072B8FF(_t259, _t271,  &_v64) >= 0) {
											_push(0);
											_t262 = E0072B97F( &_v36, _a8, _t270, 0,  &_v36, _v60);
											_v12 = _t262;
											if(_t262 < 0) {
												goto L69;
											}
										}
										L85:
										_a16 = _a16 + 1;
										_t287 = _t287 + 6;
										if(_a16 >= ( *(_t290 + 4) & 0x0000ffff)) {
											goto L35;
										}
									}
								}
								L35:
								_t202 = _a4 & 0x00000020;
								_a16 = _t202;
								if(_t202 == 0) {
									L52:
									if((_a4 & 0x00000040) != 0) {
										L60:
										if(_v6 != 0 && _a8 != 0) {
											_t213 = E0072E436(_t271, _t285,  *_a8, _t270, _v44 >> 0x00000002 & 1, _v52, _a12);
											_v12 = _t213;
											if(_t213 >= 0 && _a16 != 0 && (_a4 & 0x00000010) != 0) {
												_push(0);
												_t215 = E0072B97F( &_v56, _a12, _t270, 0,  &_v56, _v68);
												_v12 = _t215;
												if(_t215 < 0) {
													goto L69;
												}
												if(_v28 < 0) {
													_v12 = E00728E06(_t270, _v48, 1,  &_v28);
												}
												if(_v12 >= 0) {
													_t271 =  *((intOrPtr*)( *((intOrPtr*)(_t270 + 0x14)) + 0xc)) + _v28 * 0x1c;
													if(( *( *((intOrPtr*)( *((intOrPtr*)(_t270 + 0x14)) + 0xc)) + _v28 * 0x1c) & 0x00000006) != 0) {
														if(_v20 == 0) {
															L97:
															_t220 =  *((intOrPtr*)(_t270 + 0x1c));
															L98:
															_push(_a4);
															_v12 = E00781082(_t270, _t271, _t285, _t290, _a12, _t271, _t270, _t220);
															goto L69;
														}
														_t220 = _v24;
														if(_v24 != 0) {
															goto L98;
														}
														goto L97;
													}
												}
											}
										}
										goto L69;
									}
									if(_a36 != 0) {
										if(_v40 > 0) {
											goto L60;
										}
									}
									_v68 = _v16 + 0xaa;
									_v72 = 0;
									_v70 = 0xaa;
									_t227 = E0072B52F(_t271,  &_v48, _t270);
									_v12 = _t227;
									if(_t227 < 0) {
										goto L69;
									}
									if(E0072925B(_t271, _t285, _v48 & 0x0000ffff,  &_v72) == 0) {
										_v12 = 0xc0000001;
										goto L69;
									}
									_t232 = E00728E06(_t270, _v48, 1,  &_v28);
									_v12 = _t232;
									if(_t232 < 0) {
										goto L69;
									}
									_push(0);
									_t234 = E0072B97F( &_v56, _a8, _t270, 0,  &_v56, _v68);
									_v12 = _t234;
									if(_t234 >= 0 && _a16 != 0) {
										_t271 =  *((intOrPtr*)( *((intOrPtr*)(_t270 + 0x14)) + 0xc)) + _v28 * 0x1c;
										if(( *( *((intOrPtr*)( *((intOrPtr*)(_t270 + 0x14)) + 0xc)) + _v28 * 0x1c) & 0x00000006) != 0) {
											if(_v20 == 0) {
												L91:
												_t237 =  *((intOrPtr*)(_t270 + 0x1c));
												L92:
												_push(_a4);
												_t238 = E00781082(_t270, _t271, _t285, _t290, _a8, _t271, _t270, _t237);
												_v12 = _t238;
												if(_t238 >= 0) {
													goto L60;
												}
												goto L69;
											}
											_t237 = _v24;
											if(_v24 != 0) {
												goto L92;
											}
											goto L91;
										}
									}
									goto L60;
								}
								_t239 = _a24;
								_t290 = 0;
								if(_t239 == 0 ||  *(_t239 + 4) <= 0) {
									_t239 = _a28;
									if(_t239 == _t290 ||  *(_t239 + 4) <= _t290) {
										goto L52;
									} else {
										goto L40;
									}
								} else {
									L40:
									_v20 = _t239;
									if( *((char*)(_t239 + 8)) == 0) {
										_t276 = _a32;
										if(_t276 == _t290) {
											_t276 =  *((intOrPtr*)(_t270 + 0x20));
										}
									} else {
										_t276 =  *((intOrPtr*)(_t270 + 0x1c));
									}
									_v24 = _t276;
									_t271 = 0;
									_t288 = 0;
									if(0 <  *(_t239 + 4)) {
										do {
											_t241 =  *((intOrPtr*)(_t239 + 0x10)) + _t290;
											if(0 ==  *((intOrPtr*)( *((intOrPtr*)(_t239 + 0x10)) + _t290))) {
												goto L51;
											}
											_v60 = _v16;
											_v64 = 0;
											_v62 = 0xaa;
											if(E0072B8FF(_t270, _t241,  &_v64) < 0) {
												goto L51;
											}
											_push(0);
											_t244 = E0072B97F( &_v36, _a8, _t270, 1,  &_v36, _v60);
											_v12 = _t244;
											if(_t244 >= 0 && (_a4 & 0x00000010) != 0) {
												_t247 =  *((intOrPtr*)(_v20 + 0x10)) + _t290;
												if( *_t247 != 2) {
													goto L51;
												}
												_t250 =  *(_t247 + 4) * 0x1c +  *((intOrPtr*)( *((intOrPtr*)(_t270 + 0x14)) + 0xc));
												_t284 =  *( *(_t247 + 4) * 0x1c +  *((intOrPtr*)( *((intOrPtr*)(_t270 + 0x14)) + 0xc))) & 0x0000ffff;
												if((_t284 & 0x00000007) == 0) {
													goto L51;
												}
												if((_t284 & 0x00000006) != 0) {
													_push(_a4);
													_t251 = E00781082(_t270, _t284, _t285, _t290, _a8, _t250, _t270, _v24);
													_v12 = _t251;
													if(_t251 >= 0) {
														goto L50;
													}
													goto L51;
												}
												L50:
												_v40 = _v40 + 1;
											}
											L51:
											_t239 = _v20;
											_t271 =  *(_t239 + 4) & 0x0000ffff;
											_t288 = _t288 + 1;
											_t290 = _t290 + 6;
										} while (_t288 < ( *(_t239 + 4) & 0x0000ffff));
									}
									goto L52;
								}
							}
							__esi = _a16;
							if(__esi != 0) {
								goto L1;
							}
							goto L34;
						} else {
							_v52 = __eax;
							__eax =  &_v32;
							_v6 = 1;
							_a8 =  &_v32;
							__eax = E0072B115( &_v32, __ebx, 0x19, __esi);
							_v12 = __eax;
							if(__eax < __esi) {
								L69:
								if(_v32 != 0) {
									E0072ACF7(_t271, _v32);
								}
								if(_v16 != 0) {
									E00722882(_t271,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v16);
								}
								return _v12;
							}
							__esi = 0;
							goto L31;
						}
					}
				}
				L1:
				_a16 = 0;
				if(0 <  *0x00000004) {
					while(1) {
						_t271 =  *0x00000010 + _t286;
						if(0 ==  *( *0x00000010 + _t286)) {
							goto L13;
						}
						_v60 = _v16;
						_v64 = 0;
						_v62 = 0xaa;
						_t266 =  *0x0000000C;
						if( *0x0000000C == 0) {
							_t266 = _t270;
						}
						_t285 =  &_v64;
						if(E0072B8FF(_t266, _t271,  &_v64) >= 0) {
							_push(0);
							_t269 = E0072B97F( &_v36, _a8, _t270, 0,  &_v36, _v60);
							_v12 = _t269;
							if(_t269 < 0) {
								goto L69;
							}
						}
						L13:
						_a16 = _a16 + 1;
						_t286 = _t286 + 6;
						if(_a16 >= ( *0x00000004 & 0x0000ffff)) {
							goto L34;
						}
					}
				}
				goto L34;
			}

0x0072b594
0x0072b59c
0x0072b59f
0x0072b5a3
0x0072b5a7
0x0072b5b2
0x0072b5b6
0x0072b5b9
0x0072b5ba
0x0072b5bd
0x0072b5bf
0x0072b5c2
0x0072b5c5
0x0072b5c8
0x0072b5cc
0x0072b5d0
0x0072b5d3
0x0072b5d8
0x006db8f1
0x00000000
0x0072b5de
0x0072b5de
0x0072b5e2
0x00000000
0x00000000
0x0072b5e8
0x0072b5ed
0x00000000
0x0072b5fd
0x0072b604
0x00740b57
0x00740b57
0x0072b60a
0x0072b616
0x006fb9c2
0x0072b61c
0x0072b622
0x0072b628
0x0072b628
0x0072b62c
0x006fb9c9
0x0072b632
0x0072b632
0x0072b632
0x0072b639
0x0072b63c
0x0072b63f
0x0072b66c
0x0072b672
0x0072b67f
0x0072b682
0x0072b687
0x0072b68c
0x0075be90
0x00000000
0x0075be90
0x0072b696
0x0072b6a5
0x0072b6a5
0x0072b6a8
0x0072b6ac
0x0075bea5
0x00000000
0x00000000
0x0075bead
0x0075beb4
0x00000000
0x00000000
0x00000000
0x00000000
0x0075beba
0x0075beba
0x0075bebd
0x0075bec5
0x00000000
0x00000000
0x0075beca
0x0075becf
0x0075bed8
0x0075bedc
0x0075bee1
0x0075bee3
0x0075bee3
0x0075bee5
0x0075bef2
0x0075bef4
0x0075bf03
0x0075bf08
0x0075bf0d
0x00000000
0x00000000
0x0075bf0d
0x0075bf13
0x0075bf17
0x0075bf1a
0x0075bf20
0x00000000
0x00000000
0x0075bf26
0x0075beba
0x0072b6b2
0x0072b6b5
0x0072b6b8
0x0072b6bb
0x0072b79b
0x0072b79f
0x0072b847
0x0072b84b
0x0072b86b
0x0072b870
0x0072b875
0x0072b883
0x0072b892
0x0072b897
0x0072b89c
0x00000000
0x00000000
0x0072b8a3
0x0075bf82
0x0075bf82
0x0072b8ad
0x0072b8bc
0x0072b8c1
0x0075bf8e
0x0075bf97
0x0075bf97
0x0075bf9a
0x0075bf9a
0x0075bfa8
0x00000000
0x0075bfa8
0x0075bf90
0x0075bf95
0x00000000
0x00000000
0x00000000
0x0075bf95
0x0072b8c1
0x0072b8ad
0x0072b875
0x00000000
0x0072b84b
0x0072b7a9
0x006ed04c
0x00000000
0x00000000
0x006ed052
0x0072b7b7
0x0072b7bc
0x0072b7c5
0x0072b7ce
0x0072b7d3
0x0072b7d8
0x00000000
0x00000000
0x0072b7ee
0x006db8e5
0x00000000
0x006db8e5
0x0072b7fe
0x0072b803
0x0072b808
0x00000000
0x00000000
0x0072b80e
0x0072b81d
0x0072b822
0x0072b827
0x0072b83c
0x0072b841
0x0075bf49
0x0075bf52
0x0075bf52
0x0075bf55
0x0075bf55
0x0075bf5e
0x0075bf63
0x0075bf68
0x00000000
0x00000000
0x00000000
0x0075bf6e
0x0075bf4b
0x0075bf50
0x00000000
0x00000000
0x00000000
0x0075bf50
0x0072b841
0x00000000
0x0072b827
0x0072b6c1
0x0072b6c4
0x0072b6c8
0x0072b6d0
0x0072b6d5
0x00000000
0x00000000
0x00000000
0x00000000
0x0072b6e5
0x0072b6e5
0x0072b6e9
0x0072b6ec
0x006db8c5
0x006db8ca
0x0075bf28
0x0075bf28
0x0072b6f2
0x0072b6f2
0x0072b6f2
0x0072b6f5
0x0072b6f8
0x0072b6fa
0x0072b700
0x0072b706
0x0072b709
0x0072b710
0x00000000
0x00000000
0x0072b715
0x0072b71a
0x0072b723
0x0072b734
0x00000000
0x00000000
0x0072b736
0x0072b745
0x0072b74a
0x0072b74f
0x0072b75d
0x0072b763
0x00000000
0x00000000
0x0072b772
0x0072b774
0x0072b77a
0x00000000
0x00000000
0x0072b77f
0x0075bf30
0x0075bf3b
0x006db8d5
0x006db8da
0x00000000
0x00000000
0x00000000
0x006db8e0
0x0072b785
0x0072b785
0x0072b785
0x0072b788
0x0072b788
0x0072b78b
0x0072b78f
0x0072b790
0x0072b793
0x0072b706
0x00000000
0x0072b700
0x0072b6c8
0x0072b698
0x0072b69f
0x00000000
0x00000000
0x00000000
0x0072b645
0x0072b64b
0x0072b64e
0x0072b653
0x0072b657
0x0072b65a
0x0072b661
0x0072b664
0x0072b8c7
0x0072b8cc
0x0072b8d1
0x0072b8d1
0x0072b8d9
0x0072b8eb
0x0072b8eb
0x00000000
0x0072b8f0
0x0072b66a
0x00000000
0x0072b66a
0x0072b63f
0x0072b5ed
0x006db8b5
0x006db8b7
0x006db8be
0x006db8fb
0x006db8fe
0x006db906
0x00000000
0x00000000
0x006db90b
0x006db910
0x006db919
0x006db91d
0x006db922
0x0075be9a
0x0075be9a
0x006db928
0x006db935
0x006db937
0x006db946
0x006db94b
0x006db950
0x00000000
0x00000000
0x006db950
0x006db956
0x006db95a
0x006db95d
0x006db963
0x00000000
0x00000000
0x006db969
0x006db8fb
0x00000000

Strings

[;s08, xrefs: 0072B596

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: [;s08
API String ID: 0-255340035
Opcode ID: 6a915ed44c300d4b82901553f75c131170236865fb61e9903a7289a5644762fd
Instruction ID: 0e265b005002d7986d36722a61330308da9687a866f0d88469c919cae7025a79
Opcode Fuzzy Hash: 6a915ed44c300d4b82901553f75c131170236865fb61e9903a7289a5644762fd
Instruction Fuzzy Hash: A9F17B70A00269EFDF15CFA4D884BEEBBB9EF04704F14845AF845AB291D778D985CB90

Uniqueness

Uniqueness Score: 0.28%

Function 0074AEF5, Relevance: 1.7, APIs: 1, Instructions: 157
COMMONCrypto

C-Code - Quality: 94%

			E0074AEF5(void* __ecx, void* __edx, intOrPtr _a4, signed int* _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				unsigned int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed int _t81;
				intOrPtr _t104;
				void* _t106;
				void* _t107;
				signed int _t119;
				signed int _t121;
				signed int _t137;
				signed int _t141;
				signed int _t144;
				intOrPtr _t145;
				signed int* _t148;
				void* _t151;
				signed int _t156;
				signed int _t158;

				_t145 = _a4;
				_v16 = _t145 + 0x280;
				E00722F66(__ecx, _t145 + 0x280);
				_v40 =  *(_t145 + 0x10) >> 2;
				_v12 =  *((intOrPtr*)(_t145 + 0xc)) + _t145;
				_t81 = 0;
				_t137 = 0;
				asm("lock cmpxchg8b [esi]");
				_v32 = 0;
				_v28 = 0;
				do {
					_v24 = _t81;
					_v48 = _t81;
					_v20 = _t137;
					_t119 = _v20 & 0;
					_v44 = _t137;
					if((_v24 & 0x00ffffff) == 0xffffff) {
						if(_t119 != 0) {
							goto L7;
						}
						L5:
						_t151 = 0;
						L22:
						E00722F3C(_t119, _v16);
						return _t151;
					}
					L7:
					_t119 = _v24 & 0x00ffffff;
					_t156 = _v20 & 0;
					if(_t156 > 0 || _t156 >= 0 && _t119 >= _v40) {
						goto L5;
					} else {
						_t121 = _v20;
						_v8 = _t121 >> 0x18;
						_t119 = (_t121 << 0x00000020 | _v24) >> 0x18 & 0x00ffffff;
						_t158 = _v8 & 0;
						if(_t158 > 0 || _t158 >= 0 && _t119 >= _v40) {
							goto L5;
						} else {
							goto L13;
						}
					}
					L13:
					_v8 =  *((intOrPtr*)(_v12 + (_v24 & 0x00ffffff) * 4));
					if((((_v20 << 0x00000020 | _v24) >> 0x18 ^ _v24) & 0x00ffffff | (_v20 >> 0x00000018 ^ _v20) & 0) != 0) {
						_t141 = _v20 & 0;
						asm("adc edx, ebx");
						_v24 = E007042F0((_v24 & 0x00ffffff) + 1, _t141, _v40, 0) & 0x00ffffff | _v24 & 0xff000000;
						_v20 = _t141 & 0 | _v20;
					} else {
						_v24 = _v24 | 0x00ffffff;
						_v24 = _v24 | 0xff000000;
						_v20 = _v20 | 0x0000ffff;
					}
					_t119 = _v20;
					_t81 = _v32;
					_t137 = _v28;
					asm("lock cmpxchg8b [edi]");
					_v32 = _t81;
					_v28 = _t137;
				} while (_t81 != _v48 || _t137 != _v44);
				_t104 = _a4;
				_t148 = _a8;
				_t151 =  *((intOrPtr*)(_t104 + 0x1c)) + _v8 + _t104;
				if(_t148 != 0) {
					if( *((intOrPtr*)(_t104 + 0x24)) <= 0) {
						 *_t148 =  *_t148 & 0x00000000;
					} else {
						_t144 = ( *(_t151 + 2) & 0x0000ffff) + _t151;
						_t119 = _t144 & 0x00000003;
						if(_t119 != 0) {
							_t106 = 4;
							_t107 = _t106 - _t119;
						} else {
							_t107 = 0;
						}
						 *_t148 = _t107 + _t144;
					}
				}
				goto L22;
			}

0x0074af00
0x0074af0a
0x0074af0d
0x0074af18
0x0074af26
0x0074af29
0x0074af2b
0x0074af33
0x0074af37
0x0074af3a
0x0074af42
0x0074af42
0x0074af45
0x0074af48
0x0074af55
0x0074af57
0x0074af5c
0x0074aad7
0x00000000
0x00000000
0x0074aadd
0x0074aadd
0x0074b056
0x0074b059
0x0074b064
0x0074b064
0x0074af62
0x0074af6c
0x0074af6e
0x0074af70
0x00000000
0x0074af81
0x0074af84
0x0074af8e
0x0074af98
0x0074af9a
0x0074af9c
0x00000000
0x00000000
0x00000000
0x00000000
0x0074af9c
0x0074afad
0x0074afbb
0x0074afdd
0x00754d00
0x00754d05
0x00754d28
0x00754d2b
0x0074afe3
0x0074afe3
0x0074afe9
0x0074aff0
0x0074aff0
0x0074affa
0x0074affd
0x0074b000
0x0074b006
0x0074b00a
0x0074b00d
0x0074b010
0x0074b022
0x0074b02b
0x0074b02e
0x0074b032
0x0074b038
0x00749a8f
0x0074b03e
0x0074b042
0x0074b047
0x0074b04a
0x00749cd0
0x00749cd1
0x0074b050
0x0074b050
0x0074b050
0x0074b054
0x0074b054
0x0074b038
0x00000000

APIs

__aullrem.LIBCMT ref: 00754D0F

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID: __aullrem
String ID:
API String ID: 3758378126-0
Opcode ID: b88a5eb916385c202a6565195d0bd827295985aa8e0c7b123f5d2bd0ef559365
Instruction ID: bed9221688e8be09bffb960d999525420c2b2f5fdb32635ce4f9fce3315ada71
Opcode Fuzzy Hash: b88a5eb916385c202a6565195d0bd827295985aa8e0c7b123f5d2bd0ef559365
Instruction Fuzzy Hash: 39511C72E1051A9FCF18CFA8C9916BEF7B2BB48310F248529D515E7241D738AE44CBA5

Uniqueness

Uniqueness Score: 0.06%

Function 006FDCFB, Relevance: 1.6, Strings: 1, Instructions: 373
COMMONCrypto

C-Code - Quality: 98%

			E006FDCFB(signed short* _a4, signed int _a8, signed int* _a12) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				unsigned int _v96;
				signed int __esi;
				signed int _t205;
				signed int _t206;
				void* _t220;
				signed int _t222;
				signed char _t225;
				signed int _t228;
				unsigned int _t230;
				signed int _t232;
				signed int _t237;
				signed int _t238;
				signed int _t241;
				signed int _t243;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				signed int _t251;
				signed int _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;
				signed int* _t258;
				signed int _t260;
				signed int _t261;
				unsigned int _t262;
				signed int _t263;
				signed char _t264;
				intOrPtr _t265;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t278;
				signed int _t280;
				signed short* _t281;
				signed int _t293;
				signed int _t295;
				signed int* _t296;
				signed int _t298;
				intOrPtr _t299;
				unsigned int _t301;
				signed int _t303;
				signed int _t304;

				_t260 = 0;
				_t301 = _a8 >> 1;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v44 = 0;
				_v40 = 0;
				_v88 = 0;
				_v84 = 0;
				_v72 = 0;
				_v68 = 0;
				_v64 = 0;
				_v60 = 0;
				_v36 = 0;
				_v80 = 0;
				_v76 = 0;
				_v92 = 0;
				_v20 = 0;
				_v28 = 0;
				_v24 = 0;
				_v32 = 0;
				_v16 = 0;
				_v8 = 0;
				_v96 = _t301;
				if(_t301 > 0x100) {
					_v12 = 0x100;
					L31:
					__eflags = _a8 - 2;
					_t281 = _a4;
					if(__eflags == 0) {
						__eflags =  *_t281 - _t260;
						if( *_t281 == _t260) {
							L37:
							__eflags = _v12 - _t260;
							if(_v12 <= _t260) {
								_t295 = _a8;
								_t263 = _a8;
								L56:
								if(_t263 == 0xd) {
									__eflags = _v20 - 0xa;
									if(_v20 == 0xa) {
										L22:
										_v16 = _v16 + 1;
										L58:
										if(_t295 == _t260) {
											_v36 = _v36 - 1;
										}
										if(_t295 == 0x1a) {
											_v16 = _v16 + 1;
										}
										_t264 = _a8;
										_v12 = 0x200;
										if(_t264 <= 0x200) {
											_v12 = _t264;
										}
										_t265 =  *0x7aec41;
										if(_t265 != 0) {
											_t205 = 0;
											__eflags = _v12 - _t260;
											if(_v12 <= _t260) {
												goto L64;
											} else {
												goto L120;
											}
											while(1) {
												L120:
												_t303 =  *(_t281 + _t205) & 0x000000ff;
												_t299 =  *0x73c238; // 0x7af460
												__eflags =  *((intOrPtr*)(_t299 + _t303 * 2)) - _t260;
												if( *((intOrPtr*)(_t299 + _t303 * 2)) != _t260) {
													_v32 = _v32 + 1;
													_t205 = _t205 + 1;
													__eflags = _t205;
												}
												_t205 = _t205 + 1;
												__eflags = _t205 - _v12;
												if(_t205 >= _v12) {
													goto L64;
												}
											}
											goto L64;
										} else {
											L64:
											if(_v24 < 0x7f) {
												__eflags = _v28 - _t260;
												if(_v28 != _t260) {
													L16:
													__eflags = _v24 - _t260;
													if(_v24 == _t260) {
														_v8 = _v8 | 0x00000010;
													}
													L66:
													_t296 = _a12;
													if(_t265 != 0) {
														__eflags = _v32 - _t260;
														if(_v32 == _t260) {
															goto L67;
														}
														__eflags = _t296 - _t260;
														if(_t296 == _t260) {
															goto L67;
														}
														__eflags =  *_t296 & 0x00000400;
														if(( *_t296 & 0x00000400) == 0) {
															goto L67;
														}
														_t230 = _v96;
														_t261 = 0x100;
														__eflags = _t230 - 0x100;
														if(_t230 > 0x100) {
															_t230 = 0x100;
														}
														_t274 = (_t230 >> 1) - 1;
														_t298 = 3;
														_t232 = _t274;
														_push(_t298);
														__eflags = _v32 - _t232 / _t298;
														if(_v32 >= _t232 / _t298) {
															_pop(_t275);
															__eflags = _v32 - (_t274 + _t274) / _t275;
															_t278 = (0 | _v32 - (_t274 + _t274) / _t275 > 0x00000000) + 1;
															__eflags = _t278;
															_t206 = _t278;
														} else {
															_pop(_t206);
														}
														_v8 = _v8 | 0x00000400;
														_t296 = _a12;
														L68:
														if(_t206 * _v28 < _v24) {
															_v8 = _v8 | 0x00000002;
														}
														if(_t206 * _v24 < _v28) {
															_v8 = _v8 | 0x00000020;
														}
														if(_v40 + _v44 + _v48 + _v52 + _v56 != 0) {
															_v8 = _v8 | 0x00000004;
														}
														if(_v60 + _v64 + _v68 + _v72 != 0) {
															_v8 = _v8 | 0x00000040;
														}
														_t220 = _v76 + _v80 + _v84 + _v88;
														if(_t220 != 0) {
															L90:
															_v8 = _v8 | _t261;
															goto L76;
														} else {
															if(_v16 != _t220) {
																_t228 = _v12;
																_t273 = 0x28;
																__eflags = _v16 - _t228 / _t273;
																if(_v16 < _t228 / _t273) {
																	goto L76;
																} else {
																	goto L90;
																}
															}
															L76:
															if((_a8 & 0x00000001) != 0) {
																_v8 = _v8 | 0x00000200;
															}
															if(_v36 != 0) {
																_v8 = _v8 | 0x00001000;
															}
															_t222 =  *_a4 & 0x0000ffff;
															if(_t222 == 0xfeff) {
																_v8 = _v8 | 0x00000008;
															} else {
																if(_t222 == 0xfffe) {
																	_v8 = _v8 | 0x00000080;
																}
															}
															if(_t296 != 0) {
																 *_t296 =  *_t296 & _v8;
																_v8 =  *_t296;
															}
															_t225 = _v8;
															if((_t225 & 0x00000008) != 0) {
																__eflags = _t225 & 0x00000b00;
																if((_t225 & 0x00000b00) == 0) {
																	goto L86;
																}
																goto L83;
															} else {
																L83:
																if((_t225 & 0x000000f0) != 0 || (_t225 & 0x00000f00) != 0) {
																	goto L89;
																} else {
																	if((_t225 & 0x0000f000) == 0) {
																		__eflags = _t225 & 0x0000000f;
																		if((_t225 & 0x0000000f) == 0) {
																			goto L89;
																		}
																	}
																	L86:
																	return 1;
																}
															}
														}
													}
													L67:
													_t206 = 3;
													_t261 = 0x100;
													goto L68;
												}
												_v8 = 1;
											}
											if(_v28 != _t260) {
												goto L16;
											}
											goto L66;
										}
									} else {
										goto L57;
									}
								}
								L57:
								if(_t263 == 0xa) {
									__eflags = _v20 - 0xd;
									if(_v20 != 0xd) {
										goto L58;
									}
									goto L22;
								}
								goto L58;
							} else {
								goto L38;
							}
							do {
								L38:
								_t301 =  &(_a4[_t260]);
								_t262 =  *_t301 & 0x0000ffff;
								_t237 = _t262 & 0x0000ffff;
								__eflags = _t237 - 0xd00;
								if(__eflags > 0) {
									_t238 = _t237 - 0x2000;
									__eflags = _t238;
									if(_t238 == 0) {
										_v60 = _v60 + 1;
									} else {
										_t245 = _t238 - 0x28;
										__eflags = _t245;
										if(_t245 != 0) {
											_t246 = _t245 - 1;
											__eflags = _t246;
											if(_t246 != 0) {
												_t247 = _t246 - 0xfd7;
												__eflags = _t247;
												if(_t247 == 0) {
													_v40 = _v40 + 1;
												} else {
													_t248 = _t247 - 0xceff;
													__eflags = _t248;
													if(_t248 != 0) {
														_t249 = _t248 - 0xff;
														__eflags = _t249;
														if(_t249 == 0) {
															_v84 = _v84 + 1;
														} else {
															__eflags = _t249 == 1;
															if(_t249 == 1) {
																_v88 = _v88 + 1;
															}
														}
													}
												}
											}
										}
									}
									L44:
									_t295 = _t262 >> 0x00000008 & 0x000000ff;
									_t263 =  *_t301 & 0x000000ff;
									if(_t263 == 0xd) {
										__eflags = _v20 - 0xa;
										if(_v20 != 0xa) {
											goto L45;
										} else {
											L5:
											_v16 = _v16 + 1;
											goto L46;
										}
									}
									L45:
									if(_t263 == 0xa) {
										__eflags = _v20 - 0xd;
										if(_v20 != 0xd) {
											goto L46;
										}
										goto L5;
									}
									goto L46;
								}
								if(__eflags == 0) {
									_v72 = _v72 + 1;
									goto L44;
								}
								__eflags = _t237 - 0x20;
								if(__eflags <= 0) {
									if(__eflags != 0) {
										_t251 = _t237;
										__eflags = _t251;
										if(_t251 == 0) {
											_v80 = _v80 + 1;
											goto L44;
										}
										_t252 = _t251 - 9;
										__eflags = _t252;
										if(_t252 != 0) {
											_t253 = _t252 - 1;
											__eflags = _t253;
											if(_t253 != 0) {
												__eflags = _t253 == 3;
												if(_t253 == 3) {
													_v56 = _v56 + 1;
												}
											} else {
												_v52 = _v52 + 1;
											}
										} else {
											_v48 = _v48 + 1;
										}
										goto L44;
									}
									_v44 = _v44 + 1;
									goto L44;
								}
								_t255 = _t237 - 0x900;
								__eflags = _t255;
								if(_t255 == 0) {
									_v64 = _v64 + 1;
								} else {
									_t256 = _t255 - 0x100;
									__eflags = _t256;
									if(_t256 == 0) {
										_v68 = _v68 + 1;
									} else {
										__eflags = _t256 == 0xd;
										if(_t256 == 0xd) {
											_v76 = _v76 + 1;
										}
									}
								}
								goto L44;
								L46:
								_t304 = _v20;
								_v36 = (0 | _t295 == 0x00000000) + _v36 + (0 | _t263 == 0x00000000);
								_t241 = _t295;
								if(_t295 <= _t304) {
									_t241 = _t304;
								}
								if(_t304 >= _t295) {
									_t304 = _t295;
								}
								_t293 = _v92;
								_v28 = _v28 + _t241 - _t304;
								_t243 = _t263;
								if(_t263 <= _t293) {
									_t243 = _t293;
								}
								if(_t293 >= _t263) {
									_t293 = _t263;
								}
								_v24 = _v24 + _t243 - _t293;
								_t260 = _t260 + 1;
								_v92 = _t263;
								_v20 = _t295;
							} while (_t260 < _v12);
							_t281 = _a4;
							_t260 = 0;
							goto L56;
						}
						__eflags = _t281[0] - _t260;
						if(_t281[0] == _t260) {
							goto L107;
						} else {
							__eflags = _a8 - 2;
							goto L32;
						}
					}
					L32:
					if(__eflags > 0) {
						__eflags = _t301 - 0x100;
						if(_t301 <= 0x100) {
							__eflags = _a8 & 0x00000001;
							if((_a8 & 0x00000001) == 0) {
								_t280 = _v12;
								__eflags =  *(_t281 + _t280 * 2 - 2) & 0x0000ff00;
								if(( *(_t281 + _t280 * 2 - 2) & 0x0000ff00) == 0) {
									_t66 =  &_v12;
									 *_t66 = _v12 - 1;
									__eflags =  *_t66;
								}
							}
						}
					}
					goto L37;
				} else {
					_v12 = __esi;
					__eflags = __esi;
					if(__esi == 0) {
						L107:
						_t258 = _a12;
						__eflags = _t258 - _t260;
						if(_t258 != _t260) {
							 *_t258 = 5;
						}
						L89:
						return 0;
					}
					goto L31;
				}
			}

0x006fdd04
0x006fdd0a
0x006fdd11
0x006fdd14
0x006fdd17
0x006fdd1a
0x006fdd1d
0x006fdd20
0x006fdd23
0x006fdd26
0x006fdd29
0x006fdd2c
0x006fdd2f
0x006fdd32
0x006fdd35
0x006fdd38
0x006fdd3b
0x006fdd3e
0x006fdd41
0x006fdd44
0x006fdd47
0x006fdd4a
0x006fdd4d
0x006fdd50
0x006fdd55
0x006f674c
0x006fdd66
0x006fdd66
0x006fdd6a
0x006fdd6d
0x0074b965
0x0074b968
0x006fdd91
0x006fdd92
0x006fdd95
0x00747db4
0x00747db7
0x006fde54
0x006fde57
0x006f5d40
0x006f5d44
0x006f5d55
0x006f5d55
0x006fde66
0x006fde68
0x006fde6a
0x006fde6a
0x006fde70
0x0075a77d
0x0075a77d
0x006fde76
0x006fde7e
0x006fde83
0x006fde85
0x006fde85
0x006fde88
0x006fde90
0x0075a785
0x0075a787
0x0075a78a
0x00000000
0x00000000
0x00000000
0x00000000
0x0075a790
0x0075a790
0x0075a790
0x0075a794
0x0075a79a
0x0075a79e
0x0075a7a0
0x0075a7a3
0x0075a7a3
0x0075a7a3
0x0075a7a4
0x0075a7a5
0x0075a7a8
0x00000000
0x00000000
0x0075a7ae
0x00000000
0x006fde96
0x006fde96
0x006fde9a
0x0074b948
0x0074b94b
0x006f5d26
0x006f5d26
0x006f5d29
0x006f5d2f
0x006f5d2f
0x006fdea9
0x006fdea9
0x006fdeae
0x0075a7b0
0x0075a7b3
0x00000000
0x00000000
0x0075a7b9
0x0075a7bb
0x00000000
0x00000000
0x0075a7c6
0x0075a7c8
0x00000000
0x00000000
0x0075a7ce
0x0075a7d1
0x0075a7d6
0x0075a7d8
0x0075a7da
0x0075a7da
0x0075a7de
0x0075a7e5
0x0075a7e6
0x0075a7ea
0x0075a7eb
0x0075a7ee
0x0075a7f8
0x0075a7fd
0x0075a803
0x0075a803
0x0075a804
0x0075a7f0
0x0075a7f0
0x0075a7f0
0x0075a806
0x0075a809
0x006fdebc
0x006fdec5
0x006fdec7
0x006fdec7
0x006fded2
0x00747d8b
0x00747d8b
0x006fdee9
0x006fdeeb
0x006fdeeb
0x006fdefd
0x00747dbf
0x00747dbf
0x006fdf0e
0x006fdf11
0x006fdf97
0x006fdf97
0x00000000
0x006fdf17
0x006fdf1a
0x006dee76
0x006dee7d
0x006dee80
0x006dee83
0x00000000
0x006dee89
0x00000000
0x006dee89
0x006dee83
0x006fdf20
0x006fdf24
0x006f6727
0x006f6727
0x006fdf2e
0x006fdf30
0x006fdf30
0x006fdf3a
0x006fdf45
0x006f6754
0x006fdf4b
0x006fdf53
0x0075a811
0x0075a811
0x006fdf53
0x006fdf5b
0x006fdf8a
0x006fdf8e
0x006fdf8e
0x006fdf5d
0x006fdf63
0x006f675d
0x006f6762
0x00000000
0x00000000
0x00000000
0x006fdf69
0x006fdf69
0x006fdf6b
0x00000000
0x006fdf74
0x006fdf79
0x00749e7d
0x00749e7f
0x00000000
0x00000000
0x00749e85
0x006fdf7f
0x00000000
0x006fdf7f
0x006fdf6b
0x006fdf63
0x006fdf11
0x006fdeb4
0x006fdeb6
0x006fdeb7
0x00000000
0x006fdeb7
0x0074b951
0x0074b951
0x006fdea3
0x00000000
0x00000000
0x00000000
0x006fdea3
0x006f5d46
0x00000000
0x006f5d46
0x006f5d44
0x006fde5d
0x006fde60
0x006f5d4b
0x006f5d4f
0x00000000
0x00000000
0x00000000
0x006f5d4f
0x00000000
0x00000000
0x00000000
0x00000000
0x006fdd9b
0x006fdd9b
0x006fdd9e
0x006fdda1
0x006fdda4
0x006fddac
0x006fddae
0x006f5cde
0x006f5cde
0x006f5ce3
0x00747d83
0x006f5ce9
0x006f5ce9
0x006f5ce9
0x006f5cec
0x006f5cf2
0x006f5cf2
0x006f5cf3
0x006f5cf9
0x006f5cf9
0x006f5cfe
0x00747dac
0x006f5d04
0x006f5d04
0x006f5d04
0x006f5d09
0x006f5d0f
0x006f5d0f
0x006f5d14
0x0074a699
0x006f5d1a
0x006f5d1a
0x006f5d1b
0x0075a775
0x0075a775
0x006f5d1b
0x006f5d14
0x006f5d09
0x006f5cfe
0x006f5cf3
0x006f5cec
0x006fdde2
0x006fdde5
0x006fdde8
0x006fddee
0x006f5cd2
0x006f5cd6
0x00000000
0x006f5cdc
0x006f5cca
0x006f5cca
0x00000000
0x006f5cca
0x006f5cd6
0x006fddf4
0x006fddf7
0x006f5cc0
0x006f5cc4
0x00000000
0x00000000
0x00000000
0x006f5cc4
0x00000000
0x006fddf7
0x006fddb4
0x00747da4
0x00000000
0x00747da4
0x006fddba
0x006fddbd
0x006fe307
0x006fe311
0x006fe311
0x006fe314
0x0074b95d
0x00000000
0x0074b95d
0x006fe31a
0x006fe31a
0x006fe31d
0x006fe323
0x006fe323
0x006fe324
0x006f673b
0x006f673e
0x006f6744
0x006f6744
0x006fe32a
0x006fe32a
0x006fe32a
0x006d2d31
0x006d2d31
0x006d2d31
0x00000000
0x006fe31d
0x006fe309
0x00000000
0x006fe309
0x006fddc3
0x006fddc3
0x006fddc8
0x00747d9c
0x006fddce
0x006fddce
0x006fddce
0x006fddd3
0x00747d94
0x006fddd9
0x006fddd9
0x006fdddc
0x006f5d38
0x006f5d38
0x006fdddc
0x006fddd3
0x00000000
0x006fddfd
0x006fddfd
0x006fde13
0x006fde16
0x006fde1a
0x006fde1c
0x006fde1c
0x006fde20
0x006fde22
0x006fde22
0x006fde24
0x006fde29
0x006fde2c
0x006fde30
0x006fde32
0x006fde32
0x006fde36
0x006fde38
0x006fde38
0x006fde3c
0x006fde3f
0x006fde40
0x006fde43
0x006fde46
0x006fde4f
0x006fde52
0x00000000
0x006fde52
0x0075a763
0x0075a766
0x00000000
0x0075a76c
0x0075a76c
0x00000000
0x0075a76c
0x0075a766
0x006fdd73
0x006fdd73
0x006fdd75
0x006fdd77
0x006fdd79
0x006fdd7d
0x006fdd7f
0x006fdd87
0x006fdd8c
0x006fdd8e
0x006fdd8e
0x006fdd8e
0x006fdd8e
0x006fdd8c
0x006fdd7d
0x006fdd77
0x00000000
0x006fdd5b
0x006fdd5b
0x006fdd5e
0x006fdd60
0x00749fca
0x00749fca
0x00749fcd
0x00749fcf
0x00749fd5
0x00749fd5
0x006fdf93
0x00000000
0x006fdf93
0x00000000
0x006fdd60

Strings

@, xrefs: 00747DBF

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: a4d18c7f76ecebb76001e66959a8e71669b1db44f008a2f2f8053acf580038e5
Instruction ID: 8be28d16c9a95cac0ae02e9357abc0abb71d48df450989b9ce9dd222cab2aa20
Opcode Fuzzy Hash: a4d18c7f76ecebb76001e66959a8e71669b1db44f008a2f2f8053acf580038e5
Instruction Fuzzy Hash: D3D12231D0520EDBCF28CF99C5846FDBBB3BF55305F24816ADA12AA255C334AE86DB41

Uniqueness

Uniqueness Score: 0.02%

Function 007A4990, Relevance: 1.6, Strings: 1, Instructions: 307
COMMONCrypto

C-Code - Quality: 72%

			E007A4990(void* __ecx, char __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr _a16, signed int _a24) {
				signed int _v8;
				char _v530;
				char _v554;
				signed char _v556;
				intOrPtr _v560;
				unsigned int _v564;
				signed int _v568;
				intOrPtr _v580;
				intOrPtr _v584;
				intOrPtr _v596;
				intOrPtr _v600;
				intOrPtr _v604;
				intOrPtr _v608;
				intOrPtr _v612;
				intOrPtr _v616;
				char _v624;
				char _v625;
				unsigned int _v632;
				short _v634;
				signed int _v636;
				signed short* _v640;
				short _v642;
				signed int _v644;
				char _v645;
				char _v652;
				unsigned int _v656;
				intOrPtr* _v660;
				intOrPtr _v664;
				signed short _v668;
				char _v676;
				intOrPtr _v680;
				intOrPtr _v684;
				signed int _v688;
				signed short* _v692;
				intOrPtr _v696;
				char _v700;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t136;
				signed int _t144;
				intOrPtr* _t154;
				unsigned int _t160;
				short _t167;
				signed int _t169;
				void* _t174;
				signed short* _t175;
				intOrPtr* _t179;
				signed short _t206;
				void* _t219;
				intOrPtr _t224;
				signed int _t228;
				signed short _t229;
				unsigned int _t231;
				unsigned int _t232;
				char _t233;
				void* _t234;
				void* _t235;
				signed int _t236;
				intOrPtr* _t242;
				short _t243;
				signed int _t244;

				_t233 = __edx;
				_t136 =  *0x7a81e8; // 0x77d57e23
				_v8 = _t136 ^ _t244;
				_t241 = _a4;
				0xfffe = 2;
				_v660 = _a12;
				if(_a8 >= 0xfffe || _a16 >= 0xfffe) {
					L51:
					_push(((0 | _a16 != 0x0000fffe) - 0x00000001 & 0xffffffdb) + 0x57);
					goto L52;
				} else {
					_t236 = _a24;
					if((_t236 & 0xfffffffe) != 0) {
						goto L51;
					}
					E00703D00(__ecx,  &_v668, _t241);
					_v645 =  *((short*)(_v664 + ((_v668 & 0x0000ffff) >> 1) * 2 - 2)) == 0x2e;
					if(E00732660(_t241,  &_v636,  &_v640, 0) != 0) {
						_t242 = _v640;
						_t154 = _t242;
						_t234 = _t154 + 2;
						do {
							_t224 =  *_t154;
							_t154 = _t154 + 0xfffe;
						} while (_t224 != 0);
						_t225 = _v632;
						_v644 = (_t154 - _t234 >> 1) + (_t154 - _t234 >> 1);
						_v642 = _v644 + 2;
						_t160 = _t225;
						_t235 = _t160 + 2;
						do {
							_t219 =  *_t160;
							_t160 = _t160 + 2;
						} while (_t219 != 0);
						_v636 = (_t160 - _t235 >> 1) + (_t160 - _t235 >> 1);
						_t233 = 0;
						_v634 = _v636 + 2;
						_v656 = _t225;
						if(_t242 == 0) {
							_t167 = 0;
						} else {
							_t167 = _t225 - _t242 + _v636;
						}
						_v644 = _t167;
						_v642 = _t167;
						if(_t242 != _t233) {
							_t243 = _t242 - _t225;
							_v636 = _t243;
							_v634 = _t243;
						}
						_t169 = (_v636 & 0x0000ffff) >> 1;
						if( *((short*)(_t225 + _t169 * 2 - 4)) == 0x3a ||  *((short*)(_t225 + _t169 * 2 - 2)) == 0x5c) {
							_v625 = _t233;
						} else {
							_v636 = _v636 + 0xfffe;
							_v625 = 1;
						}
						_v688 =  !(_t236 << 6) & 0x00000040;
						_v692 =  &_v636;
						_push(0x4021);
						_push(3);
						_push( &_v676);
						_push( &_v700);
						_t241 = 0x100001;
						_push(0x100001);
						_push( &_v652);
						_v700 = 0x18;
						_v696 = _t233;
						_v684 = _t233;
						_v680 = _t233;
						_t174 = E007158A0();
						if(_t174 == 0xc000000d || _t174 == 0xc0000103) {
							if(_v625 != 0) {
								_v636 = _v636 + 2;
								_push(0x4021);
								_push(3);
								_push( &_v676);
								_push( &_v700);
								_push(_t241);
								_push( &_v652);
								_t174 = E007158A0();
								_v636 = _v636 + 0xfffe;
							}
						}
						_t236 = 0;
						if(_t174 >= 0) {
							if(_v644 != 0) {
								if(_v644 != 6 || E00705720(_v640, ?str?, 6) != 6) {
									_t225 = _v644 & 0x0000ffff;
									_t175 = _v640;
									_t233 = 0;
									if((_v644 & 0xfffe) <= 0) {
										L43:
										if(_v645 != 0 &&  *(_t175 - 2) == 0x2a) {
											_t225 = 0x3c;
											 *(_t175 - 2) = _t225;
										}
										goto L46;
									} else {
										goto L31;
									}
									do {
										L31:
										if(_t233 != _t236 &&  *_t175 == 0x2e &&  *(_t175 - 2) == 0x2a) {
											_t231 = 0x3c;
											 *(_t175 - 2) = _t231;
										}
										_t228 =  *_t175 & 0x0000ffff;
										if(_t228 == 0x3f) {
											_t229 = 0x3e;
											 *_t175 = _t229;
											goto L39;
										} else {
											if(_t228 == 0x2a) {
												L39:
												if(_t233 != _t236 &&  *(_t175 - 2) == 0x2e) {
													_t232 = 0x22;
													 *(_t175 - 2) = _t232;
												}
												goto L42;
											}
										}
										L42:
										_t233 = _t233 + 1;
										_t225 = (_v644 & 0x0000ffff) >> 1;
										_t175 =  &(_t175[1]);
									} while (_t233 < (_v644 & 0x0000ffff) >> 1);
									goto L43;
								} else {
									_t206 = 2;
									_v644 = _t206;
									L46:
									_push(_t236);
									_push( &_v644);
									_push(1);
									_push(3);
									_push(0x268);
									_push( &_v624);
									_push( &_v676);
									_push(_t236);
									_push(_t236);
									_push(_t236);
									_push(_v652);
									_t179 = E00715B60();
									_t241 = _t179;
									E00722882(_t225,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t236, _v656);
									if(_t179 < _t236) {
										L26:
										_push(_v652);
										_t144 = E00715090();
										goto L53;
									}
									_t241 = _v660;
									 *_t241 = _v568;
									 *((intOrPtr*)(_t241 + 4)) = _v616;
									 *((intOrPtr*)(_t241 + 8)) = _v612;
									 *((intOrPtr*)(_t241 + 0xc)) = _v608;
									 *((intOrPtr*)(_t241 + 0x10)) = _v604;
									 *((intOrPtr*)(_t241 + 0x14)) = _v600;
									 *((intOrPtr*)(_t241 + 0x18)) = _v596;
									 *((intOrPtr*)(_t241 + 0x1c)) = _v580;
									 *((intOrPtr*)(_t241 + 0x20)) = _v584;
									E00704B80(_t241 + 0x2c,  &_v530, _v564);
									 *((short*)(_t241 + 0x2c + (_v564 >> 1) * 2)) = 0;
									E00704B80(_t241 + 0x234,  &_v554, _v556);
									 *((short*)(_t241 + 0x234 + (_v556 >> 1) * 2)) = 0;
									if((_v568 & 0x00000400) != 0) {
										 *((intOrPtr*)(_t241 + 0x24)) = _v560;
									}
									if(E007A4921(_v652) == _t236) {
										goto L26;
									} else {
										goto L54;
									}
								}
							}
							E00722882(_t225,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v656);
							goto L26;
						} else {
							_t144 = E00722882(_t225,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v656);
							goto L53;
						}
					} else {
						_push(3);
						L52:
						_t144 = E00722D13();
						L53:
						_t145 = _t144 | 0xffffffff;
						L54:
						return E00722F0C(_t145, 0xfffe, _v8 ^ _t244, _t233, _t236, _t241);
					}
				}
			}

0x007a4990
0x007a499b
0x007a49a2
0x007a49aa
0x007a49b0
0x007a49b4
0x007a49ba
0x007a4dbf
0x007a4dce
0x00000000
0x007a49c9
0x007a49c9
0x007a49d2
0x00000000
0x00000000
0x007a49e0
0x007a4a0b
0x007a4a19
0x007a4a22
0x007a4a28
0x007a4a2a
0x007a4a2d
0x007a4a2d
0x007a4a30
0x007a4a32
0x007a4a37
0x007a4a43
0x007a4a53
0x007a4a5a
0x007a4a5c
0x007a4a5f
0x007a4a5f
0x007a4a63
0x007a4a64
0x007a4a6f
0x007a4a7f
0x007a4a81
0x007a4a88
0x007a4a90
0x007a4a9e
0x007a4a92
0x007a4a96
0x007a4a96
0x007a4aa0
0x007a4aa7
0x007a4ab0
0x007a4ab2
0x007a4ab4
0x007a4abb
0x007a4abb
0x007a4ac9
0x007a4ad6
0x007a4af2
0x007a4ae0
0x007a4ae2
0x007a4ae9
0x007a4ae9
0x007a4b00
0x007a4b0c
0x007a4b17
0x007a4b18
0x007a4b20
0x007a4b27
0x007a4b28
0x007a4b2d
0x007a4b34
0x007a4b35
0x007a4b3f
0x007a4b45
0x007a4b4b
0x007a4b51
0x007a4b5b
0x007a4b6b
0x007a4b6d
0x007a4b75
0x007a4b76
0x007a4b7e
0x007a4b85
0x007a4b86
0x007a4b8d
0x007a4b8e
0x007a4b93
0x007a4b93
0x007a4b6b
0x007a4b9a
0x007a4b9e
0x007a4bc4
0x007a4bf6
0x007a4c1b
0x007a4c22
0x007a4c28
0x007a4c30
0x007a4c83
0x007a4c8a
0x007a4c95
0x007a4c96
0x007a4c96
0x00000000
0x00000000
0x00000000
0x00000000
0x007a4c32
0x007a4c32
0x007a4c34
0x007a4c45
0x007a4c46
0x007a4c46
0x007a4c4a
0x007a4c51
0x007a4c5d
0x007a4c5e
0x00000000
0x007a4c53
0x007a4c57
0x007a4c61
0x007a4c63
0x007a4c6e
0x007a4c6f
0x007a4c6f
0x00000000
0x007a4c63
0x007a4c59
0x007a4c73
0x007a4c7a
0x007a4c7c
0x007a4c7e
0x007a4c7f
0x00000000
0x007a4c0f
0x007a4c11
0x007a4c12
0x007a4c9a
0x007a4c9a
0x007a4ca1
0x007a4ca2
0x007a4ca4
0x007a4ca6
0x007a4cb1
0x007a4cb8
0x007a4cb9
0x007a4cba
0x007a4cbb
0x007a4cbc
0x007a4cc2
0x007a4ccd
0x007a4cdc
0x007a4ce3
0x007a4bde
0x007a4bde
0x007a4be4
0x00000000
0x007a4be4
0x007a4ce9
0x007a4cf5
0x007a4d03
0x007a4d0c
0x007a4d15
0x007a4d1e
0x007a4d27
0x007a4d30
0x007a4d39
0x007a4d42
0x007a4d50
0x007a4d5f
0x007a4d7a
0x007a4d8d
0x007a4d9f
0x007a4da7
0x007a4da7
0x007a4db7
0x00000000
0x007a4dbd
0x00000000
0x007a4dbd
0x007a4db7
0x007a4bf6
0x007a4bd9
0x00000000
0x007a4ba0
0x007a4bb3
0x00000000
0x007a4bb3
0x007a4a1b
0x007a4a1b
0x007a4dcf
0x007a4dcf
0x007a4dd4
0x007a4dd4
0x007a4dd7
0x007a4de5
0x007a4de5
0x007a4a19

Strings

*.*, xrefs: 007A4BFA

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: *.*
API String ID: 0-438819550
Opcode ID: a78c7211bf6286c89f39b1ae0aa9163880b7a2d88a7f2dcf1fad0bf0c4bbde1f
Instruction ID: 905b992f40b0968584bed71775d8a862d7c91c9400aa379317e318ad809a8a33
Opcode Fuzzy Hash: a78c7211bf6286c89f39b1ae0aa9163880b7a2d88a7f2dcf1fad0bf0c4bbde1f
Instruction Fuzzy Hash: A8C150759016289ACF70DF28CC4DB9AB3B4EF89310F1482D9E509E7251EBB99EC5CB50

Uniqueness

Uniqueness Score: 0.05%

Function 006F3109, Relevance: 1.5, Strings: 1, Instructions: 294
COMMONCrypto

C-Code - Quality: 92%

			E006F3109(void* __ecx, void* __edx, signed int _a4, signed int _a8, signed int _a12, signed int _a16) {
				signed int _v8;
				signed char _v10;
				signed int _v12;
				signed int _v14;
				signed int _v16;
				intOrPtr _v276;
				intOrPtr _v280;
				intOrPtr _v284;
				intOrPtr _v288;
				signed int _v292;
				char _v293;
				unsigned int _v300;
				unsigned int __ebx;
				signed int __edi;
				signed int __esi;
				signed int _t112;
				signed int _t114;
				signed int _t119;
				void* _t129;
				signed int _t131;
				signed int _t132;

				_t129 = __edx;
				_t112 =  *0x7a81e8; // 0x77d57e23
				_v8 = _t112 ^ _t132;
				_v293 = 0;
				if(_a8 == 0) {
					_t114 = 0xc000000d;
					goto L55;
				} else {
					_push(__esi);
					__esi = 0x11c;
					 &_v292 = E00704EC0( &_v292, 0, 0x11c);
					__eax =  &_v292;
					_v292 = 0x11c;
					__eax = E007364DF(__ecx,  &_v292);
					if(__eax != 0) {
						L54:
						_pop(_t131);
						L55:
						return E00722F0C(_t114, _t119, _v8 ^ _t132, _t129, 0, _t131);
					}
					_push(__ebx);
					__esi = 0x80000000;
					if((_a8 & 0x00000040) != 0) {
						__eax = _a4;
						__eax =  *(_a4 + 0x118) & 0x0000ffff;
						if(__ax == __di) {
							goto L44;
						}
						_v300 = 0;
						__ebx = __ax & 0x0000ffff;
						do {
							__ecx = _v300;
							0 = 1;
							__edi = 1 << __cl;
							if((__ebx & 1) != 0) {
								__ecx = _a16;
								__ecx = _a16 & __esi;
								__eax = 0;
								__eax = __ecx;
								if(__eax != 0) {
									__eax = E006F320A(_a12, _a16, 0x40);
								}
								__eax = __eax - 6;
								if(__eax != 0) {
									if(0 != 0) {
										__eax = 0xc000000d;
										goto L53;
									}
									__eax = _v12 & 0x0000ffff;
									if((__edi & _v12 & 0x0000ffff) != 0) {
										_v293 = 1;
									}
								} else {
									__eax = _v12 & 0x0000ffff;
									if((__edi & __eax) == 0) {
										L24:
										_t114 = 0xc0000059;
										L53:
										_pop(_t119);
										goto L54;
									}
								}
							}
							_v300 = _v300 + 1;
						} while (_v300 < 0x10);
						__eax = E006F320A(_a12, _a16, 0x40);
						if(__eax != 7 || _v293 != 0) {
							goto L44;
						} else {
							goto L24;
						}
					}
					L44:
					__ebx = _a16;
					__edi = 0;
					__edi = 1;
					_v293 = 1;
					if((_a8 & 0x00000002) == 0) {
						L32:
						if((_a8 & 0x00000001) != 0) {
							if(__edi == 1) {
								__ebx = __ebx & __esi;
								0 = __ebx & __esi;
								if((__ebx & __esi) == 0) {
									__eax = _a12;
									__ecx = __ebx;
									__eax = (__ecx << 0x00000020 | _a12) >> 2;
									__ecx = __ecx >> 2;
									__eax = __eax & 0x000000ff;
								} else {
									__eax = E006F320A(_a12, __ebx, 1);
								}
								__edi = __eax;
							}
							 &_v293 = _a4;
							__eax = E006F38D6(__ebx, __esi, __edi,  *((intOrPtr*)(_a4 + 8)), _v284,  &_v293, 1);
							if(__al != 0) {
								goto L33;
							} else {
								if(_v293 == __al) {
									goto L24;
								}
								L34:
								if((_a8 & 0x00000020) != 0) {
									if(__edi == 1) {
										__ebx = __ebx & __esi;
										__eax = 0;
										__eax = __ebx & __esi;
										if(__eax != 0) {
											__eax = E006F320A(_a12, __ebx, 0x20);
										}
										__edi = __eax;
									}
									 &_v293 = _v16 & 0x0000ffff;
									_a4 =  *(_a4 + 0x114) & 0x0000ffff;
									__eax = E006F38D6(__ebx, __esi, __edi,  *(_a4 + 0x114) & 0x0000ffff, _v16 & 0x0000ffff,  &_v293, 0);
									if(__al == 0) {
										if(_v293 == __al) {
											goto L24;
										}
										L36:
										if((_a8 & 0x00000010) == 0) {
											L49:
											if((_a8 & 0x00000004) != 0) {
												__ebx = __ebx & __esi;
												0 = __ebx & __esi;
												if((__ebx & __esi) == 0) {
													__eax = _a12;
													__ecx = __ebx;
													__eax = (__ecx << 0x00000020 | _a12) >> 0x10;
													__ecx = __ecx >> 0x10;
													__eax = __eax & 0x000000ff;
												} else {
													__eax = E006F320A(_a12, __ebx, 4);
												}
												 &_v293 = _a4;
												__eax = E006F38D6(__ebx, __esi, __eax,  *((intOrPtr*)(_a4 + 0xc)), _v280,  &_v293, 0);
												if(__al != 0) {
													goto L50;
												} else {
													goto L24;
												}
											}
											L50:
											if((_a8 & 0x00000008) != 0) {
												__ebx = __ebx & __esi;
												0 = __ebx & __esi;
												if((__ebx & __esi) != 0) {
													__eax = E006F320A(_a12, __ebx, 8);
												}
												 &_v293 = _a4;
												__eax = E006F38D6(__ebx, __esi, __eax,  *((intOrPtr*)(_a4 + 0x10)), _v276,  &_v293, 0);
												if(__al != 0) {
													goto L51;
												}
												goto L24;
											}
											L51:
											if((_a8 & 0x00000080) != 0) {
												goto L1;
											}
											L52:
											_t114 = 0;
											goto L53;
										}
										if(__edi == 1) {
											__ebx = __ebx & __esi;
											__eax = 0;
											__eax = __ebx & __esi;
											if(__eax != 0) {
												__eax = E006F320A(_a12, __ebx, 0x10);
											}
											__edi = __eax;
										}
										 &_v293 = _v14 & 0x0000ffff;
										_a4 =  *(_a4 + 0x116) & 0x0000ffff;
										__eax = E006F38D6(__ebx, __esi, __edi,  *(_a4 + 0x116) & 0x0000ffff, _v14 & 0x0000ffff,  &_v293, 1);
										if(__al != 0) {
											goto L49;
										}
										goto L24;
									} else {
										goto L35;
									}
								}
								L35:
								if(_v293 == 0) {
									goto L49;
								}
								goto L36;
							}
						}
						L33:
						if(_v293 == 0) {
							goto L49;
						}
						goto L34;
					}
					__ebx = __ebx & __esi;
					0 = __ebx & __esi;
					if((__ebx & __esi) == 0) {
						__eax = _a12;
						__ecx = __ebx;
						__eax = (__ecx << 0x00000020 | _a12) >> 4;
						__ecx = __ecx >> 4;
						__eax = __eax & 0x000000ff;
					} else {
						__eax = E006F320A(_a12, __ebx, 2);
					}
					__edi = __eax;
					 &_v293 = _a4;
					__eax = E006F38D6(__ebx, __esi, __edi,  *((intOrPtr*)(_a4 + 4)), _v288,  &_v293, 0);
					if(__al == 0) {
						if(_v293 == __al) {
							goto L24;
						}
						goto L32;
					} else {
						if(_v293 != 0) {
							goto L32;
						}
						goto L49;
					}
				}
				L1:
				_t117 = _t119 & _t131;
				if((_t119 & _t131) != 0) {
					_t117 = E006F320A(_a12, _t119, 0x80);
				}
				if(E006F38D6(_t119, _t131, _t117,  *(_a4 + 0x11a) & 0x000000ff, _v10 & 0x000000ff,  &_v293, 0) != 0) {
					goto L52;
				} else {
					goto L24;
				}
			}

0x006f3109
0x006f3114
0x006f311b
0x006f3121
0x006f312b
0x0075fe7e
0x00000000
0x006f3131
0x006f3131
0x006f3132
0x006f3140
0x006f3148
0x006f314f
0x006f3155
0x006f315c
0x006f31f5
0x006f31f5
0x006f31f6
0x006f3202
0x006f3202
0x006f3166
0x006f3167
0x006f316c
0x006e0c3d
0x006e0c40
0x006e0c4a
0x00000000
0x00000000
0x006e0c50
0x006e0c56
0x006e0bf2
0x006e0bf2
0x006e0bfa
0x006e0bfb
0x006e0bff
0x006e0c5b
0x006e0c5e
0x006e0c60
0x006e0c62
0x006e0c64
0x006e0c6e
0x006e0c6e
0x006e0c73
0x006e0c76
0x006df7ff
0x0075fe9e
0x00000000
0x0075fe9e
0x006df805
0x006df80b
0x006df811
0x006df811
0x006e0c7c
0x006e0c7c
0x006e0c82
0x006e0c33
0x006e0c33
0x006f31f4
0x006f31f4
0x00000000
0x006f31f4
0x006e0c84
0x006e0c76
0x006e0c01
0x006e0c07
0x006e0c18
0x006e0c20
0x00000000
0x00000000
0x00000000
0x00000000
0x006e0c20
0x006f3172
0x006f3172
0x006f3175
0x006f3177
0x006f317c
0x006f3183
0x006e4da9
0x006e4dad
0x006e4e51
0x00749673
0x00749677
0x00749679
0x0075fea8
0x0075feab
0x0075fead
0x0075feb1
0x0075feb4
0x0074967f
0x00749685
0x00749685
0x0074968a
0x0074968a
0x006e4e66
0x006e4e6d
0x006e4e74
0x00000000
0x006e4e7a
0x006e4e80
0x00000000
0x00000000
0x006e4dc0
0x006e4dc4
0x0075fec1
0x0075fec5
0x0075fec7
0x0075fec9
0x0075fecb
0x0075fed3
0x0075fed3
0x0075fed8
0x0075fed8
0x0075fee3
0x0075feeb
0x0075fef4
0x0075fefb
0x006e0ab7
0x00000000
0x00000000
0x006e4dd7
0x006e4ddb
0x006f31d4
0x006f31d8
0x006dbb6d
0x006dbb71
0x006dbb73
0x0075ff46
0x0075ff49
0x0075ff4b
0x0075ff4f
0x0075ff52
0x006dbb79
0x006dbb7f
0x006dbb7f
0x006dbb93
0x006dbb9a
0x006dbba1
0x00000000
0x006dbba7
0x00000000
0x006dbba7
0x006dbba1
0x006f31de
0x006f31e2
0x0075ff5e
0x0075ff62
0x0075ff64
0x0075ff6c
0x0075ff6c
0x0075ff80
0x0075ff87
0x006e0ad1
0x00000000
0x00000000
0x00000000
0x006e0ad7
0x006f31e8
0x006f31ec
0x00000000
0x00000000
0x006f31f2
0x006f31f2
0x00000000
0x006f31f2
0x0075ff09
0x0075ff0d
0x0075ff0f
0x0075ff11
0x0075ff13
0x0075ff1b
0x0075ff1b
0x0075ff20
0x0075ff20
0x0075ff2b
0x0075ff33
0x0075ff3c
0x006e0ac4
0x00000000
0x00000000
0x00000000
0x0075ff01
0x00000000
0x0075ff01
0x0075fefb
0x006e4dca
0x006e4dd1
0x00000000
0x00000000
0x00000000
0x006e4dd1
0x006e4e74
0x006e4db3
0x006e4dba
0x00000000
0x00000000
0x00000000
0x006e4dba
0x006f318b
0x006f318f
0x006f3191
0x0075fe88
0x0075fe8b
0x0075fe8d
0x0075fe91
0x0075fe94
0x006f3197
0x006f319d
0x006f319d
0x006f31a2
0x006f31b3
0x006f31ba
0x006f31c1
0x006e0aa6
0x00000000
0x00000000
0x00000000
0x006f31c7
0x006f31ce
0x00000000
0x00000000
0x00000000
0x006f31ce
0x006f31c1
0x006d5aff
0x006d5b05
0x006d5b07
0x006d5b12
0x006d5b12
0x006d5b38
0x00000000
0x006d5b3e
0x00000000
0x006d5b3e

Strings

@, xrefs: 006F3162

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: cbe3738e97e276fd499132ba08a21ac3ab325f327dc7adb5bc6b4a4c586650b7
Instruction ID: 9737bc7fa27785f3c011277ae04d619dbca0e61767b428fbac1fbdc28e0ba4e4
Opcode Fuzzy Hash: cbe3738e97e276fd499132ba08a21ac3ab325f327dc7adb5bc6b4a4c586650b7
Instruction Fuzzy Hash: 50A1F871A1435C6AEF64CF61CC51BFE7767AF19704F0400A9FA46962C2CAB8CE95DB20

Uniqueness

Uniqueness Score: 0.02%

Function 00735CCD, Relevance: 1.5, Strings: 1, Instructions: 256
COMMONCrypto

C-Code - Quality: 94%

			E00735CCD(unsigned int _a4, unsigned int _a8, signed int _a12) {
				signed int _v8;
				intOrPtr _v12;
				signed char _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* __ebx;
				void* __edi;
				intOrPtr _t64;
				unsigned int _t65;
				signed int _t76;
				signed char _t87;
				unsigned int _t88;
				intOrPtr* _t89;
				signed int _t91;
				void* _t98;
				signed int _t99;
				signed int _t105;
				void* _t107;
				signed int _t108;
				unsigned int _t110;
				signed int _t113;
				signed int _t114;
				signed int _t115;
				unsigned int _t118;
				intOrPtr _t121;
				signed int _t124;
				signed int _t125;
				signed int _t132;
				void* _t135;
				void* _t136;
				signed int _t137;
				void* _t148;

				_t89 = _a4;
				_t90 =  *(_t89 + 4);
				asm("sbb esi, esi");
				_t125 = _t124 & _a12;
				_v20 =  *_t89;
				_v24 = _t125;
				_v28 =  *(_t89 + 4);
				if(_a8 == 0) {
					return _t125 & 0xfffffff8;
				} else {
					while(1) {
						_t90 = 0;
						_t110 = _t65;
						_t121 = _v28 - (0 << 2);
						_v12 = _t121;
						if(_t110 + 1 < _a8) {
							goto L1;
						}
						_t87 = _t110 - _a8 + 1;
						_v8 = _t121 + (_t87 >> 5) * 4;
						_t76 = _t121 + 0x2eb6eb4;
						_v16 = _t87;
						_t132 = 0xbadbac |  *_t76;
						if(_a8 > 0x3f) {
							_t90 = _v8;
							_a4 = _t90;
							__eflags = _t87 & 0x0000001f;
							if((_t87 & 0x0000001f) != 0) {
								_t90 = _t90 + 4;
								__eflags = _t90;
								_a4 = _t90;
							}
							__eflags = _t132;
							if(_t132 == 0) {
								L31:
								_t90 = (_t76 - _t121 >> 2 << 5) - _t132;
								__eflags = _t90 - _t87;
								if(_t90 > _t87) {
									goto L1;
								}
								_t110 = _a8 - _t132;
								_t135 = _t76 + (_t110 >> 5) * 4;
								while(1) {
									_t76 = _t76 + 4;
									__eflags = _t76 - _t135;
									if(_t76 == _t135) {
										break;
									}
									__eflags =  *_t76;
									if( *_t76 != 0) {
										goto L24;
									}
								}
								_t110 = _t110 & 0x0000001f;
								__eflags = _t110;
								if(__eflags == 0) {
									L15:
									if(_t90 == 0xffffffff) {
										L2:
										if(_v24 == 0) {
											goto L16;
										}
										_t64 = _a12 + _a8;
										if(_t64 > _v20) {
											_t64 = _v20;
										}
										_t65 = _t64 - 1;
										_v24 = 0;
										continue;
									}
									L16:
									return _t91;
								}
								asm("bsf esi, [eax]");
								if(__eflags == 0) {
									_t135 = 0x20;
								}
								__eflags = _t135 - _t110;
								if(_t135 >= _t110) {
									goto L15;
								} else {
									goto L24;
								}
							} else {
								_t76 = _t76 + 4;
								__eflags =  *_t76;
								if(__eflags != 0) {
									while(1) {
										L24:
										__eflags = _t76 - _a4;
										if(_t76 > _a4) {
											goto L1;
										}
										_t76 = _t76 + 4;
										__eflags =  *_t76;
										if(__eflags != 0) {
											continue;
										}
										asm("bsr edx, [eax-0x4]");
										L27:
										if(__eflags != 0) {
											_t98 = 0x1f;
											_t99 = _t98 - _t110;
											__eflags = _t99;
										} else {
											_t99 = 0x20;
										}
										_t132 = _t99;
										goto L31;
									}
									goto L1;
								}
								asm("bsr edx, esi");
								goto L27;
							}
						}
						if(_a8 >= 0x20) {
							while(1) {
								_t90 = 0x80000000;
								while(1) {
									L46:
									__eflags = _t90 & _t132;
									if(__eflags == 0) {
										break;
									}
									_t76 = _t76 + 4;
									__eflags = _t76 - _v8;
									if(_t76 > _v8) {
										goto L1;
									}
									_t132 =  *_t76;
								}
								asm("bsr ecx, esi");
								if(__eflags != 0) {
									_t136 = 0x1f;
									_t137 = _t136 - _t90;
									__eflags = _t137;
								} else {
									_t137 = 0x20;
								}
								_t90 = ((_t76 - _t121 >> 2) + 1 << 5) - _t137;
								__eflags = _t90 - _t87;
								if(_t90 > _t87) {
									goto L1;
								} else {
									_t113 = _a8 - _t137;
									__eflags = _t113;
									if(_t113 == 0) {
										goto L15;
									}
									_t76 = _t76 + 4;
									_t132 =  *_t76;
									__eflags = _t113 - 0x20;
									if(__eflags < 0) {
										L56:
										asm("bsf ebx, esi");
										if(__eflags == 0) {
											_t87 = 0x20;
										}
										__eflags = _t87 - _t113;
										if(_t87 >= _t113) {
											goto L15;
										} else {
											_t87 = _v16;
											do {
												_t90 = 0x80000000;
												goto L46;
											} while (_t132 != 0);
											_t113 = _t113 - 0x20;
											__eflags = _t113;
											if(_t113 == 0) {
												goto L15;
											}
											_t76 = _t76 + 4;
											__eflags = _t76;
											_t132 =  *_t76;
											goto L56;
										}
									}
									__eflags = _t132;
								}
							}
						}
						if(_a8 > 1) {
							_t90 = 0;
							_t114 = _t110 >> 5;
							__eflags = _t114;
							_t115 = _t121 + _t114 * 4;
							_v32 = _t115;
							while(1) {
								__eflags = _t132 - 0xffffffff;
								if(__eflags != 0) {
									goto L65;
								}
								while(1) {
									L62:
									_t76 = _t76 + 4;
									__eflags = _t76 - _v8;
									if(_t76 > _v8) {
										goto L1;
									}
									_t132 =  *_t76;
									__eflags = _t132 - 0xffffffff;
									if(_t132 == 0xffffffff) {
										continue;
									}
									_t90 = 0;
									__eflags = 0;
									goto L65;
								}
								goto L1;
								L65:
								asm("bsf edx, esi");
								if(__eflags == 0) {
									_t115 = 0x20;
								}
								_t88 = _a8;
								__eflags = _t115 + _t90 - _t88;
								if(_t115 + _t90 >= _t88) {
									_t105 =  ~_t90;
									L72:
									_t90 = _t105 + (_t76 - _t121 >> 2 << 5);
									__eflags = _t90 - _v16;
									L14:
									if(_t148 > 0) {
										goto L1;
									}
									goto L15;
								}
								_t118 =  !_t132;
								_a4 = _t88;
								while(1) {
									_t90 = _a4 >> 1;
									_t115 = _t118 & _t118 >> _t90;
									__eflags = _t115;
									if(_t115 == 0) {
										break;
									}
									_a4 = _a4 - _t90;
									__eflags = _a4 - 1;
									if(_a4 > 1) {
										continue;
									}
									_t121 = _v12;
									asm("bsf ecx, edx");
									goto L72;
								}
								__eflags = _t76 - _v32;
								if(__eflags == 0) {
									goto L1;
								}
								asm("bsr edx, esi");
								if(__eflags != 0) {
									_t107 = 0x1f;
									_t90 = _t107 - _t115;
									__eflags = _t90;
								} else {
									_t90 = 0x20;
								}
								_t121 = _v12;
								_t76 = _t76 + 4;
								_t132 =  *_t76;
								__eflags = _t132 - 0xffffffff;
								if(__eflags != 0) {
									goto L65;
								}
								goto L62;
							}
						}
						_t90 = 1;
						if(_t132 == 0xffffffff) {
							while(1) {
								_t76 = _t76 + 4;
								__eflags = _t76 - _v8;
								if(_t76 > _v8) {
									goto L1;
								}
								_t90 =  *_t76;
								__eflags = _t90 - 0xffffffff;
								if(_t90 != 0xffffffff) {
									goto L13;
								}
							}
							goto L1;
						}
						L13:
						_t108 =  !_t90;
						asm("bsf ecx, ecx");
						_a4 = _t108;
						_t90 = (_t76 - _t121 >> 2 << 5) + _t108;
						_t148 = _t90 - _t87;
						goto L14;
					}
				}
				L1:
				_t91 = _t90 | 0xffffffff;
				goto L2;
			}

0x00735cd5
0x00735cdd
0x00735ce1
0x00735ce3
0x00735ce6
0x00735cee
0x00735cf1
0x00735cf4
0x00000000
0x00735cfa
0x00735cfc
0x00735d01
0x00735d04
0x00735d0b
0x00735d12
0x00735d18
0x00000000
0x00000000
0x00735d25
0x00735d2e
0x00735d3c
0x00735d3f
0x00735d43
0x00735d49
0x0075abd4
0x0075abd7
0x0075abda
0x0075abdd
0x0075abdf
0x0075abdf
0x0075abe2
0x0075abe2
0x0075abe5
0x0075abe7
0x0075ac19
0x0075ac23
0x0075ac25
0x0075ac27
0x00000000
0x00000000
0x0075ac30
0x0075ac37
0x0075ac41
0x0075ac41
0x0075ac44
0x0075ac46
0x00000000
0x00000000
0x0075ac3c
0x0075ac3f
0x00000000
0x00000000
0x0075ac3f
0x0075ac48
0x0075ac48
0x0075ac4b
0x00735d8a
0x00735d8d
0x006efff4
0x006efff9
0x00000000
0x00000000
0x0075ac69
0x0075ac6e
0x0075ac70
0x0075ac70
0x0075ac73
0x0075ac74
0x00000000
0x0075ac74
0x00735d93
0x00000000
0x00735d96
0x0075ac51
0x0075ac54
0x0075ac58
0x0075ac58
0x0075ac59
0x0075ac5b
0x00000000
0x0075ac61
0x00000000
0x0075ac61
0x0075abe9
0x0075abe9
0x0075abec
0x0075abef
0x0075abf6
0x0075abf6
0x0075abf6
0x0075abf9
0x00000000
0x00000000
0x0075abff
0x0075ac02
0x0075ac05
0x00000000
0x00000000
0x0075ac07
0x0075ac0b
0x0075ac0b
0x0075ac14
0x0075ac15
0x0075ac15
0x0075ac0d
0x0075ac0f
0x0075ac0f
0x0075ac17
0x00000000
0x0075ac17
0x00000000
0x0075abf6
0x0075abf1
0x00000000
0x0075abf1
0x0075abe7
0x00735d53
0x0075ac7c
0x0075ac7c
0x0075ac91
0x0075ac91
0x0075ac91
0x0075ac93
0x00000000
0x00000000
0x0075ac83
0x0075ac86
0x0075ac89
0x00000000
0x00000000
0x0075ac8f
0x0075ac8f
0x0075ac95
0x0075ac98
0x0075aca1
0x0075aca2
0x0075aca2
0x0075ac9a
0x0075ac9c
0x0075ac9c
0x0075acaf
0x0075acb1
0x0075acb3
0x00000000
0x0075acb9
0x0075acbc
0x0075acbc
0x0075acbe
0x00000000
0x00000000
0x0075acc4
0x0075acc7
0x0075acc9
0x0075accc
0x0075ace0
0x0075ace0
0x0075ace3
0x0075ace7
0x0075ace7
0x0075ace8
0x0075acea
0x00000000
0x0075acf0
0x0075acf0
0x0075ac7c
0x0075ac7c
0x00000000
0x0075ac81
0x0075acd2
0x0075acd2
0x0075acd5
0x00000000
0x00000000
0x0075acdb
0x0075acdb
0x0075acde
0x00000000
0x0075acde
0x0075acea
0x0075acce
0x0075acce
0x0075acb3
0x0075ac7c
0x00735d5d
0x0075acf5
0x0075acf7
0x0075acf7
0x0075acfa
0x0075acfd
0x0075ad00
0x0075ad00
0x0075ad03
0x00000000
0x00000000
0x0075ad05
0x0075ad05
0x0075ad05
0x0075ad08
0x0075ad0b
0x00000000
0x00000000
0x0075ad11
0x0075ad13
0x0075ad16
0x00000000
0x00000000
0x0075ad18
0x0075ad18
0x00000000
0x0075ad18
0x00000000
0x0075ad1a
0x0075ad1a
0x0075ad1d
0x0075ad21
0x0075ad21
0x0075ad22
0x0075ad27
0x0075ad29
0x0075ad85
0x0075ad4e
0x0075ad56
0x0075ad58
0x00735d84
0x00735d84
0x00000000
0x00000000
0x00000000
0x00735d84
0x0075ad2d
0x0075ad2f
0x0075ad32
0x0075ad35
0x0075ad3b
0x0075ad3b
0x0075ad3d
0x00000000
0x00000000
0x0075ad3f
0x0075ad42
0x0075ad46
0x00000000
0x00000000
0x0075ad48
0x0075ad4b
0x00000000
0x0075ad4b
0x0075ad60
0x0075ad63
0x00000000
0x00000000
0x0075ad69
0x0075ad6c
0x0075ad75
0x0075ad76
0x0075ad76
0x0075ad6e
0x0075ad70
0x0075ad70
0x0075ad78
0x0075ad7b
0x0075ad7e
0x0075ad00
0x0075ad03
0x00000000
0x00000000
0x00000000
0x0075ad03
0x0075ad00
0x00735d63
0x00735d68
0x006f19a8
0x006f19a8
0x006f19ab
0x006f19ae
0x00000000
0x00000000
0x006f19b4
0x006f19b6
0x006f19b9
0x00000000
0x00000000
0x006f19bf
0x00000000
0x006f19a8
0x00735d6e
0x00735d6e
0x00735d70
0x00735d7d
0x00735d80
0x00735d82
0x00000000
0x00735d82
0x00735cfc
0x006efff1
0x006efff1
0x00000000

Strings

, xrefs: 00735D4F

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 7381d2127e1a1279984f2d3bb03ae1d5f59d393877b60b900bbd4b1378e985d9
Instruction ID: 75f0ce54af2eb3174e5b4361e1cdc124307ae77124c87aad9ca8f8324902c95e
Opcode Fuzzy Hash: 7381d2127e1a1279984f2d3bb03ae1d5f59d393877b60b900bbd4b1378e985d9
Instruction Fuzzy Hash: AA81D433B00615AFDF28CE58C8946FD7762AB45322F258339DD12AB285D674AD45CBC1

Uniqueness

Uniqueness Score: 0.02%

Function 00729A68, Relevance: 1.4, Strings: 1, Instructions: 140
COMMONCrypto

C-Code - Quality: 78%

			E00729A68(void* __edi, signed int _a4, signed int _a8, char _a12) {
				void* __ebx;
				void* __esi;
				void* __ebp;
				unsigned int _t48;
				signed int _t51;
				signed char _t55;
				void* _t57;
				void* _t59;
				signed int _t65;
				signed short _t66;
				signed char _t67;
				signed int _t69;
				signed short _t72;
				signed short _t74;
				signed int _t79;
				signed short _t81;
				signed int _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				intOrPtr _t98;

				_t94 = __edi;
				_t97 = _a4;
				_t48 = _a8 |  *(_t97 + 0x44);
				if((_t48 & 0x61000000) != 0) {
					__eflags = _t48 & 0x10000000;
					if(__eflags != 0) {
						goto L3;
					}
					_t32 =  &_a12; // 0x73635b
					_push( *_t32);
					_push(_t48);
					_push(_t97);
					return E00796FD2(_t59, _t62, __edi, _t97, __eflags);
				} else {
					L3:
					_push(_t59);
					__eflags =  *(_t97 + 0x48) & 0x00000001;
					if(__eflags != 0) {
						_t34 =  &_a12; // 0x73635b
						_t48 = E006FF136(_t97,  *_t34, _t97, __eflags);
						L7:
						__eflags = _t48;
						if(__eflags == 0) {
							_t98 =  *[fs:0x18];
							_push(0xc000000d);
							 *((intOrPtr*)( *[fs:0x18] + 0xbf4)) = 0xc000000d;
							 *((intOrPtr*)(_t98 + 0x34)) = E007238B5(0, _t94, _t98, __eflags);
							_t51 = 0;
							L16:
							return _t51;
						}
						_t65 =  *(_t48 + 7);
						__eflags = _t65 - 4;
						if(_t65 != 4) {
							_push(_t94);
							__eflags = _t65;
							if(_t65 >= 0) {
								__eflags =  *(_t97 + 0x4c);
								if( *(_t97 + 0x4c) == 0) {
									_t66 =  *_t48 & 0x0000ffff;
								} else {
									_t81 =  *_t48;
									__eflags =  *(_t97 + 0x4c) & _t81;
									if(( *(_t97 + 0x4c) & _t81) != 0) {
										_t81 = _t81 ^  *(_t97 + 0x50);
										__eflags = _t81;
									}
									_t66 = _t81 & 0x0000ffff;
								}
							} else {
								_t86 = _t48 >> 0x00000003 ^  *_t48 ^  *0x7a81dc ^ _t97;
								__eflags = _t86;
								_t66 =  *((intOrPtr*)(_t86 + 0x10));
							}
							_t95 = _t66 & 0x0000ffff;
							_t67 =  *(_t48 + 7);
							__eflags = _t67 - 5;
							if(_t67 == 5) {
								_t69 =  *(_t97 + 0x54) & 0x0000ffff ^  *(_t48 + 4) & 0x0000ffff;
							} else {
								__eflags = _t67 & 0x00000040;
								if((_t67 & 0x00000040) != 0) {
									_t69 =  *(_t48 + 4 + (_t67 & 0x3f) * 8) & 0x0000ffff;
								} else {
									__eflags = (_t67 & 0x0000003f) - 0x3f;
									if((_t67 & 0x0000003f) == 0x3f) {
										__eflags = _t67;
										if(_t67 >= 0) {
											__eflags =  *(_t97 + 0x4c);
											if( *(_t97 + 0x4c) == 0) {
												_t72 =  *_t48 & 0x0000ffff;
											} else {
												_t74 =  *_t48;
												__eflags =  *(_t97 + 0x4c) & _t74;
												if(( *(_t97 + 0x4c) & _t74) != 0) {
													_t74 = _t74 ^  *(_t97 + 0x50);
													__eflags = _t74;
												}
												_t72 = _t74 & 0x0000ffff;
											}
										} else {
											_t79 = _t48 >> 0x00000003 ^  *_t48 ^  *0x7a81dc ^ _t97;
											__eflags = _t79;
											_t72 =  *((intOrPtr*)(_t79 + 0x10));
										}
										_t69 =  *(_t48 + (_t72 & 0x0000ffff) * 8 - 4);
									} else {
										_t69 = _t67 & 0x3f;
										__eflags = _t69;
									}
								}
							}
							_t51 = (_t95 << 3) - _t69;
							__eflags = _t51;
						} else {
							_t51 = E006DEFDB(_t97, _t48);
						}
						goto L16;
					}
					_t9 =  &_a12; // 0x73635b
					_t55 =  *_t9;
					__eflags = _t55 & 0x00000007;
					if(__eflags != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(_t55);
						_push(_t97);
						_push(9);
						L30:
						E00794B0C(0, _t62, _t88, _t94, _t97, __eflags);
						_t48 = 0;
						goto L7;
					}
					_t57 = _t55 + 0xfffffff8;
					__eflags =  *((char*)(_t57 + 7)) - 5;
					if( *((char*)(_t57 + 7)) == 5) {
						_t62 = ( *(_t57 + 6) & 0x000000ff) << 3;
						_t48 = _t57 - (( *(_t57 + 6) & 0x000000ff) << 3);
					}
					__eflags =  *(_t48 + 7) & 0x0000003f;
					if(__eflags == 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(_t48);
						_push(_t97);
						_push(8);
						goto L30;
					} else {
						goto L7;
					}
				}
			}

0x00729a68
0x00729a71
0x00729a74
0x00729a7c
0x00759103
0x00759108
0x00000000
0x00000000
0x0075910e
0x0075910e
0x00759111
0x00759112
0x00000000
0x00729a82
0x00729a82
0x00729a82
0x00729a85
0x00729a89
0x00759147
0x0075914c
0x00729ab1
0x00729ab1
0x00729ab3
0x0075915d
0x00759169
0x0075916a
0x00759175
0x00759178
0x00729b13
0x00000000
0x00729b13
0x00729ab9
0x00729abc
0x00729abf
0x00729ac5
0x00729ac6
0x00729ac8
0x00729b3f
0x00729b42
0x006df016
0x00729b48
0x00729b48
0x00729b4a
0x00729b4d
0x00729b4f
0x00729b4f
0x00729b4f
0x00729b52
0x00729b52
0x00729aca
0x00729ad9
0x00729ad9
0x00729adb
0x00729adb
0x00729adf
0x00729ae2
0x00729ae5
0x00729ae8
0x00759187
0x00729aee
0x00729aee
0x00729af1
0x00759194
0x00729af7
0x00729afc
0x00729aff
0x0074b8f2
0x0074b8f4
0x0075919e
0x007591a1
0x007591b5
0x007591a3
0x007591a3
0x007591a5
0x007591a8
0x007591aa
0x007591aa
0x007591aa
0x007591ad
0x007591ad
0x0074b8fa
0x0074b909
0x0074b909
0x0074b90b
0x0074b90b
0x0074b912
0x00729b05
0x00729b08
0x00729b08
0x00729b08
0x00729aff
0x00729af1
0x00729b10
0x00729b10
0x006df00a
0x006df00c
0x006df00c
0x00000000
0x00729abf
0x00729a8f
0x00729a8f
0x00729a92
0x00729a94
0x00759134
0x00759135
0x00759136
0x00759137
0x00759138
0x00759139
0x0075913b
0x0075913b
0x00759140
0x00000000
0x00759140
0x00729a9a
0x00729a9d
0x00729aa1
0x00759121
0x00759124
0x00759124
0x00729aa7
0x00729aab
0x0075912b
0x0075912c
0x0075912d
0x0075912e
0x0075912f
0x00759130
0x00000000
0x00000000
0x00000000
0x00000000
0x00729aab

Strings

[cs, xrefs: 00759147, 00729A8F, 0075910E, 006DF00A, 0075912E, 00759137

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID: [cs
API String ID: 0-410255521
Opcode ID: 4fd324782eaccf9525ef2e85cb0ab4b702c7587940451b00cf59e1dbe1e56817
Instruction ID: 86a0014d3774fdac1e5a76ed26f988b84034543547e0f4ca5fbc5de07636e822
Opcode Fuzzy Hash: 4fd324782eaccf9525ef2e85cb0ab4b702c7587940451b00cf59e1dbe1e56817
Instruction Fuzzy Hash: C1411570604679DFEB28CF11D8A5BB373EAEB00351F18841EEA834B681D76C9C05E760

Uniqueness

Uniqueness Score: 0.31%

Function 006D7078, Relevance: 1.0, Instructions: 951
COMMONCrypto

C-Code - Quality: 85%

			E006D7078(signed int _a8, signed int _a12, signed int* _a16, signed int _a20, intOrPtr _a28, signed int _a32) {
				signed int _v8;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				signed int _v20;
				char _v21;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int* _v44;
				intOrPtr _v48;
				char _v49;
				char _v50;
				signed char _v51;
				char _v52;
				char _v53;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				char _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _v108;
				signed int _v112;
				char _v116;
				signed int _v120;
				char _v124;
				signed int _v128;
				intOrPtr _v156;
				intOrPtr _v160;
				char _v184;
				intOrPtr _v224;
				char _v232;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t449;
				signed int _t452;
				signed int _t455;
				signed int _t458;
				signed int _t464;
				signed int _t466;
				signed int _t468;
				signed int _t470;
				signed int _t471;
				intOrPtr _t474;
				signed int _t481;
				signed int _t511;
				signed int _t512;
				signed int _t513;
				signed int _t538;
				signed int _t540;
				signed int _t553;
				signed int _t560;
				signed int _t561;
				signed int _t563;
				signed int _t564;
				signed int _t565;
				signed int _t566;
				signed int _t569;
				signed int _t572;
				signed int _t578;
				signed int _t584;
				signed int _t585;
				signed int _t587;
				signed int _t588;
				signed int _t590;
				signed int _t602;
				signed int _t605;
				signed int _t606;
				signed int _t613;
				intOrPtr _t619;
				signed int _t620;
				void* _t622;
				signed int _t624;
				signed short _t626;
				signed int _t631;
				signed int _t638;
				signed int _t639;
				signed int _t642;
				signed int _t644;
				signed int _t652;
				signed int _t654;
				signed int _t659;
				signed int _t661;
				signed int _t674;
				signed int _t682;
				signed int _t686;
				signed int _t694;
				signed int _t695;
				signed int _t696;
				signed short _t701;
				signed short _t703;
				signed int _t705;
				signed int* _t706;
				signed int _t709;
				signed int _t710;
				signed int _t711;
				signed int _t712;
				intOrPtr _t713;
				signed int _t714;
				signed int* _t715;
				signed int _t718;
				signed int _t719;
				signed int _t725;
				signed int _t726;
				signed int _t729;
				signed int _t730;
				signed int _t739;
				void* _t740;
				void* _t741;
				void* _t751;
				signed int _t754;

				_t449 =  *0x7a81e8; // 0x77d57e23
				_v8 = _t449 ^ _t739;
				_t621 = _a12;
				_v20 = _a32;
				_t452 =  *(_t621 + 2) & 0x0000ffff;
				_t706 = _a16;
				_t725 = 0x8000;
				_v100 = _t621;
				_v44 = _t706;
				_v49 = 0;
				_v50 = 0;
				_v52 = 0;
				_v53 = 0;
				_v21 = 0;
				_v40 = 0;
				_v84 = 0;
				_v116 = 0;
				_v51 = 0;
				_v80 = 0;
				_v36 = 0x8000;
				if((_t452 & 0x00000010) != 0) {
					_t631 =  *(_t621 + 0xc);
					__eflags = 0x00008000 & _t452;
					if(__eflags == 0) {
						L66:
						_v28 = _t631;
						L2:
						_t632 =  *_t706;
						_t686 =  *(_t632 + 2) & 0x0000ffff;
						_v88 = _t686;
						if((_t686 & 0x00000010) == 0) {
							L57:
							_v72 = _v72 & 0x00000000;
							L7:
							_v48 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18));
							_t690 = _t725;
							if((_v88 & _t725) != _t725) {
								_t709 = 0xc00000e7;
								L56:
								return E00722F0C(_t709, _t621, _v8 ^ _t739, _t690, _t709, _t725);
							}
							_v88 = (_t452 & 0x00000080) == 0x80;
							_t694 = _t452 & 0x00000040;
							_t751 = _t694 - 0x40;
							_t690 = _t694 & 0xffffff00 | _t751 == 0x00000000;
							_v92 = _t694 & 0xffffff00 | _t751 == 0x00000000;
							if((_a8 & 0x00000001) != 0) {
								_t632 =  !(_a8 >> 2) & 0x00000001;
								__eflags = _t452 & 0x00008000;
								_t455 =  *(_t621 + 4);
								_v51 =  !(_a8 >> 2) & 0x00000001;
								if((_t452 & 0x00008000) == 0) {
									L72:
									_v64 = _t455;
									L73:
									__eflags = _a20 & 0x00000008;
									_v50 = 1;
									if(__eflags != 0) {
										L12:
										_push(_v64);
										if(E0072EC79(_t754) == 0) {
											L80:
											_t709 = 0xc000005a;
											goto L56;
										}
										if((_a8 & 0x00000002) != 0) {
											__eflags =  *(_t621 + 2) & _t725;
											_t458 =  *(_t621 + 8);
											if(__eflags != 0) {
												__eflags = _t458;
												if(__eflags != 0) {
													_t458 = _t458 + _t621;
													__eflags = _t458;
												}
											}
											_v49 = 1;
											L17:
											_t710 = 0;
											_v68 = _t458;
											_t760 = _t458;
											if(_t458 == 0) {
												L62:
												_t709 = 0xc000005b;
												L53:
												if(_v53 != 0) {
													E00722882(_t632, _v48, 0, _v108);
												}
												L54:
												if(_v21 != 0) {
													L212:
													E00722882(_t632, _v48, 0, _v40);
												}
												if(_v52 != 0) {
													E00722882(_t632, _v48, 0, _v112);
												}
												goto L56;
											}
											_push(_t458);
											if(E0072EC79(_t760) == 0) {
												_t709 = 0xc000005b;
												goto L56;
											}
											_t464 = _a8 & 0x00000018;
											_v96 = _t464;
											if(_t464 != 0) {
												_t466 = _a8 & 0x00000010;
												__eflags = _t466;
												_v104 = _t466;
												if(_t466 == 0) {
													L100:
													__eflags = _v96 - 0x18;
													if(_v96 != 0x18) {
														_t710 = 0;
														__eflags = _v104;
														if(_v104 == 0) {
															__eflags = _a8 & 0x00000008;
															if((_a8 & 0x00000008) == 0) {
																goto L20;
															}
															_t565 = E006E969A(_v72, 0x11, 0);
															_t725 = _v28;
															_v84 = _t565;
															_t566 = E006E969A(_t725, 0x11, 0);
															__eflags = _a20 & 0x00000002;
															if((_a20 & 0x00000002) == 0) {
																__eflags = _v84;
																if(_v84 != 0) {
																	L155:
																	_push( &_v40);
																	_push(_v28);
																	_push(_v72);
																	L156:
																	_t709 = E006E9661(_t632);
																	__eflags = _t709;
																	if(_t709 < 0) {
																		goto L56;
																	}
																	_t569 = _v40;
																	_v21 = 1;
																	L158:
																	_v20 = _t569;
																	L159:
																	_t661 =  *(_t621 + 2) & 0x0000ffff;
																	_t725 = _t661 & 0x00002000 | 0x00008010;
																	_v36 = _t725;
																	__eflags = (_t661 & 0x00000a00) - 0xa00;
																	if((_t661 & 0x00000a00) == 0xa00) {
																		_t725 = _t725 | 0x00000800;
																		_v36 = _t725;
																	}
																	L24:
																	_t690 = 0x140c;
																	if((_a8 & 0x00000004) == 0) {
																		_t470 =  *_v44;
																		_t639 =  *(_t470 + 2) & 0x0000ffff;
																		__eflags = _t639 & 0x00000004;
																		if((_t639 & 0x00000004) != 0) {
																			__eflags = _t639 & 0x00008000;
																			if((_t639 & 0x00008000) == 0) {
																				_t471 =  *(_t470 + 0x10);
																				L193:
																				_v28 = _t471;
																				L31:
																				_t474 = 8 + ( *(_v64 + 1) & 0x000000ff) * 4;
																				_t642 = 8 + ( *(_v68 + 1) & 0x000000ff) * 4;
																				_v92 = _t474;
																				_v104 = _t642;
																				_t726 = 0xfffffffc;
																				_t476 = _t474 + 0x00000003 & _t726;
																				_t632 = _t642 + 0x00000003 & _t726;
																				_v32 = _t474 + 0x00000003 & _t726;
																				_v96 = _t632;
																				if(_v20 == 0) {
																					_t711 = 0;
																				} else {
																					_t711 = ( *(_v20 + 2) & 0x0000ffff) + 0x00000003 & _t726;
																				}
																				_t695 = _v28;
																				if(_t695 == 0) {
																					_v60 = _v60 & 0x00000000;
																					_t696 = _v60;
																				} else {
																					_t696 = ( *(_t695 + 2) & 0x0000ffff) + 0x00000003 & _t726;
																					_v60 = _t696;
																				}
																				_t690 = _t696 + _t711 + _t632;
																				_t725 = E007229EE(_v48,  *0x7aec78 + 0x140000, _t476 + _t696 + _t711 + _t632 + 0x14);
																				if(_t725 == 0) {
																					L181:
																					_t709 = 0xc0000017;
																					goto L53;
																				} else {
																					E0073119E(_t725, 1);
																					 *(_t725 + 2) =  *(_t725 + 2) | _v36;
																					_t644 = _v100;
																					_t481 =  *(_t725 + 2) & 0x0000ffff;
																					_t690 = 0x4000;
																					_t106 = _t725 + 0x14; // 0x14
																					_t621 = _t106;
																					if(( *(_t644 + 2) & 0x00004000) != 0) {
																						 *((char*)(_t725 + 1)) =  *((intOrPtr*)(_t644 + 1));
																						 *(_t725 + 2) = _t481 | 0x00004000;
																					}
																					if(_v20 == 0) {
																						 *(_t725 + 0xc) =  *(_t725 + 0xc) & 0x00000000;
																					} else {
																						_t632 =  *(_v20 + 2) & 0x0000ffff;
																						E00704830(_t621, _v20,  *(_v20 + 2) & 0x0000ffff);
																						_t740 = _t740 + 0xc;
																						L006DF643(_t621, _a28);
																						 *(_t725 + 0xc) = _t621 - _t725;
																						if(_t711 > ( *(_v20 + 2) & 0x0000ffff)) {
																							_t632 = _t711 - ( *(_v20 + 2) & 0x0000ffff);
																							E00704EC0(( *(_v20 + 2) & 0x0000ffff) + _t621, 0, _t711 - ( *(_v20 + 2) & 0x0000ffff));
																							_t740 = _t740 + 0xc;
																						}
																						_t621 = _t621 + _t711;
																					}
																					if((_v36 & 0x00000010) == 0) {
																						_t632 = 0x2830;
																						 *(_t725 + 2) =  *(_t725 + 2) |  *( *_v44 + 2) & 0x00002830;
																					}
																					_t712 = _v28;
																					if(_t712 == 0) {
																						 *(_t725 + 0x10) =  *(_t725 + 0x10) & _t712;
																					} else {
																						E00704830(_t621, _t712,  *(_t712 + 2) & 0x0000ffff);
																						_t740 = _t740 + 0xc;
																						L006DF643(_t621, _a28);
																						 *(_t725 + 0x10) = _t621 - _t725;
																						if(_v60 > ( *(_t712 + 2) & 0x0000ffff)) {
																							_t632 = _v60 - ( *(_t712 + 2) & 0x0000ffff);
																							E00704EC0(( *(_t712 + 2) & 0x0000ffff) + _t621, 0, _v60 - ( *(_t712 + 2) & 0x0000ffff));
																							_t740 = _t740 + 0xc;
																						}
																						_t621 = _t621 + _v60;
																					}
																					if((_v36 & 0x00000004) == 0) {
																						_t632 = 0x140c;
																						 *(_t725 + 2) =  *(_t725 + 2) |  *( *_v44 + 2) & 0x0000140c;
																						__eflags = _v51;
																						if(_v51 == 0) {
																							goto L46;
																						}
																						_v16 = 0;
																						_v15 = 0;
																						_v14 = 0;
																						_v13 = 0;
																						_v12 = 0;
																						_v11 = 3;
																						_t709 = E0073666D( &_v232,  &_v16, 1);
																						__eflags = _t709;
																						if(_t709 < 0) {
																							goto L53;
																						}
																						_t425 =  &_v76;
																						 *_t425 = _v76 & 0x00000000;
																						__eflags =  *_t425;
																						_v224 = 4;
																						while(1) {
																							_t511 =  *(_t725 + 2) & 0x0000ffff;
																							__eflags = _t511 & 0x00000004;
																							if((_t511 & 0x00000004) != 0) {
																								goto L204;
																							}
																							L203:
																							_t512 = 0;
																							L207:
																							_t632 =  &_v232;
																							_t513 = E0077D3B5(_t512,  &_v232,  &_v76);
																							__eflags = _t513;
																							if(_t513 == 0) {
																								goto L46;
																							}
																							 *(_t513 + 1) =  *(_t513 + 1) & 0x000000fc | 0x00000008;
																							_v76 = _v76 + 1;
																							continue;
																							L204:
																							__eflags = _t511 & 0x00008000;
																							_t512 =  *(_t725 + 0x10);
																							if((_t511 & 0x00008000) == 0) {
																								goto L207;
																							}
																							__eflags = _t512;
																							if(_t512 == 0) {
																								goto L203;
																							}
																							__eflags = _t512;
																							goto L207;
																						}
																					} else {
																						L46:
																						_t713 = _v92;
																						E00704830(_t621, _v64, _t713);
																						_t741 = _t740 + 0xc;
																						if(_t713 < _v32) {
																							E00704EC0(_t621 + _t713, 0, _v32 - _t713);
																							_t741 = _t741 + 0xc;
																						}
																						_t622 = _t621 + _v32;
																						 *((intOrPtr*)(_t725 + 4)) = _t621 - _t725;
																						if(_v50 == 0) {
																							 *(_t725 + 2) =  *(_t725 + 2) |  *( *_v44 + 2) & 0x00000001;
																						}
																						_t714 = _v104;
																						E00704830(_t622, _v68, _t714);
																						_t495 = _v96;
																						if(_t714 < _v96) {
																							E00704EC0(_t622 + _t714, 0, _t495 - _t714);
																						}
																						_t621 = _t622 - _t725;
																						 *(_t725 + 8) = _t622 - _t725;
																						if(_v49 == 0) {
																							 *(_t725 + 2) =  *(_t725 + 2) |  *( *_v44 + 2) & 0x00000002;
																						}
																						_t715 = _v44;
																						E00722882(_t632, _v48, 0,  *_t715);
																						 *_t715 = _t725;
																						_t709 = 0;
																						goto L53;
																					}
																				}
																			}
																			_t652 =  *(_t470 + 0x10);
																			__eflags = _t652;
																			if(_t652 == 0) {
																				goto L188;
																			}
																			_v28 = _t652 + _t470;
																			goto L31;
																		}
																		L188:
																		_v28 = _v28 & 0x00000000;
																		goto L31;
																	}
																	if((_a20 & 0x00000001) != 0) {
																		_t654 =  *(_t621 + 2) & 0x0000ffff;
																		__eflags = _t654 & 0x00000004;
																		if((_t654 & 0x00000004) != 0) {
																			_t538 =  *(_t621 + 0x10);
																			__eflags = _t654 & 0x00008000;
																			if((_t654 & 0x00008000) == 0) {
																				_v32 = _t538;
																				L167:
																				_t718 =  *_v44;
																				_t540 =  *(_t718 + 2) & 0x0000ffff;
																				__eflags = _t540 & 0x00000004;
																				if((_t540 & 0x00000004) != 0) {
																					__eflags = _t540 & 0x00008000;
																					if((_t540 & 0x00008000) == 0) {
																						_t719 =  *(_t718 + 0x10);
																						L173:
																						_t621 =  &_v108;
																						_t632 = _t654 & _t690;
																						_t709 = E0077C7DC(_t719, _t540 & _t690, _v32, _t654 & _t690, _v64, _v68, _a28, 1,  &_v108,  &_v60);
																						__eflags = _t709;
																						if(_t709 < 0) {
																							goto L54;
																						}
																						_v28 = _v108;
																						_v53 = 1;
																						_t729 = _t725 | _v60 & 0x00001408 | 0x00000004;
																						L179:
																						_v36 = _t729;
																						L30:
																						if(_v88 != 0) {
																							_t632 = 0x44;
																							_v120 = _t632;
																							_t725 = E007229EE(_v48,  *0x7aec78 + 0x140000, _t632);
																							__eflags = _t725;
																							if(_t725 != 0) {
																								_push( &_v80);
																								_push(8);
																								_push(0xffffffff);
																								_t709 = E00715960();
																								_t621 = 0;
																								__eflags = _t709;
																								if(_t709 >= 0) {
																									_push( &_v120);
																									_push(_v120);
																									_push(_t725);
																									_push(4);
																									_push(_v80);
																									_t553 = E00715C40();
																									_push(_v80);
																									_t709 = _t553;
																									E00715090();
																									__eflags = _t709;
																									if(_t709 < 0) {
																										goto L183;
																									}
																									_t709 = E0077BDFD(_t632, _v28, _v92,  *_t725,  &_v112,  &_v52);
																									E00722882(_t632, _v48, 0, _t725);
																									__eflags = _t709;
																									if(_t709 < 0) {
																										goto L53;
																									}
																									_t471 = _v112;
																									goto L193;
																								}
																								L183:
																								E00722882(_t632, _v48, _t621, _t725);
																								goto L53;
																							}
																							goto L181;
																						}
																						goto L31;
																					}
																					_t624 =  *(_t718 + 0x10);
																					__eflags = _t624;
																					if(_t624 == 0) {
																						goto L168;
																					}
																					_t719 = _t718 + _t624;
																					goto L173;
																				}
																				L168:
																				_t719 = 0;
																				goto L173;
																			}
																			__eflags = _t538;
																			if(_t538 == 0) {
																				goto L151;
																			}
																			_v32 = _t621 + _t538;
																			goto L167;
																		}
																		L151:
																		_v32 = _v32 & 0x00000000;
																		goto L167;
																	}
																	_t560 =  *(_t621 + 2) & 0x0000ffff;
																	if((_t560 & 0x00000004) == 0) {
																		L175:
																		_v28 = _v28 & 0x00000000;
																		L29:
																		_t561 =  *(_t621 + 2) & 0x0000ffff;
																		_t730 = _t725 | _t561 & 0x00001000 | 0x00000004;
																		_v36 = _t730;
																		if((_t561 & 0x00000500) == 0x500) {
																			_t729 = _t730 | 0x00000400;
																			__eflags = _t729;
																			goto L179;
																		}
																		goto L30;
																	}
																	_t563 =  *(_t621 + 0x10);
																	if((_t560 & 0x00008000) != 0) {
																		__eflags = _t563;
																		if(_t563 == 0) {
																			goto L175;
																		}
																		_t563 = _t563 + _t621;
																	}
																	_v28 = _t563;
																	goto L29;
																}
																__eflags = _t566;
																if(_t566 != 0) {
																	goto L155;
																}
																_v20 = _t725;
																goto L159;
															}
															_t701 =  *(_t621 + 2) & 0x0000ffff;
															__eflags = _t701 & 0x00000010;
															if((_t701 & 0x00000010) != 0) {
																__eflags = _t701 & 0x00008000;
																if((_t701 & 0x00008000) == 0) {
																	_t710 =  *(_t621 + 0xc);
																} else {
																	_t584 =  *(_t621 + 0xc);
																	__eflags = _t584;
																	if(_t584 != 0) {
																		_t710 = _t621 + _t584;
																	}
																}
															}
															_t572 =  *_v44;
															_t626 =  *(_t572 + 2) & 0x0000ffff;
															__eflags = _t626 & 0x00000010;
															if((_t626 & 0x00000010) != 0) {
																__eflags = _t626 & 0x00008000;
																if((_t626 & 0x00008000) == 0) {
																	_t725 =  *(_t572 + 0xc);
																	goto L143;
																}
																_t674 =  *(_t572 + 0xc);
																__eflags = _t674;
																if(_t674 == 0) {
																	goto L138;
																}
																_t725 = _t674 + _t572;
																goto L143;
															} else {
																L138:
																_t725 = 0;
																L143:
																_t690 = _t626 & 0x2800;
																_t621 = ((_t701 & 0x0000ffff) >> 0x00000001 & 0x00000018 | _t701 & 0x2800) >> 1;
																_t709 = E0077C7DC(_t725, ((_t626 & 0x0000ffff) >> 0x00000001 & 0x00000018 | _t626 & 0x2800) >> 1, _t710, ((_t701 & 0x0000ffff) >> 0x00000001 & 0x00000018 | _t701 & 0x2800) >> 1, _v64, _v68, _a28, 2,  &_v40,  &_v60);
																__eflags = _t709;
																if(_t709 < 0) {
																	goto L56;
																}
																_v20 = _v40;
																_t578 = _v60;
																_t632 = (_t578 & 0x00000008 | 0x00000004) + (_t578 & 0x00000008 | 0x00000004) | _t578 & 0x00001400;
																_t621 = ((_t578 & 0x00000008 | 0x00000004) + (_t578 & 0x00000008 | 0x00000004) | _t578 & 0x00001400) + ((_t578 & 0x00000008 | 0x00000004) + (_t578 & 0x00000008 | 0x00000004) | _t578 & 0x00001400);
																_t725 = _t621 | 0x00008000;
																__eflags = _v84;
																_v21 = 1;
																_v36 = _t725;
																if(_v84 == 0) {
																	L149:
																	_t621 = _v100;
																	goto L24;
																}
																_t709 = E006E9661(_t632, _v72, _v40,  &_v40);
																__eflags = _t709;
																if(_t709 < 0) {
																	goto L212;
																}
																__eflags = _v20;
																if(_v20 != 0) {
																	E00722882(_t632, _v48, 0, _v20);
																}
																_t725 = _t725 | _t621;
																__eflags = _t725;
																_v21 = 1;
																_v20 = _v40;
																_v36 = _t725;
																goto L149;
															}
														}
														_t585 = E006E969A(_v28, 0x11, 0);
														__eflags = _t585;
														if(_t585 != 0) {
															L129:
															_push( &_v40);
															_push(_v72);
															_push(_v28);
															goto L156;
														}
														__eflags = _v72;
														if(_v72 == 0) {
															L59:
															_v20 = _t710;
															goto L24;
														}
														goto L129;
													}
													__eflags = _a20 & 0x00000002;
													_t587 =  *(_t621 + 2) & 0x0000ffff;
													if((_a20 & 0x00000002) == 0) {
														__eflags = _t587 & 0x00000010;
														if((_t587 & 0x00000010) != 0) {
															__eflags = _t587 & 0x00008000;
															_t569 =  *(_t621 + 0xc);
															if((_t587 & 0x00008000) == 0) {
																goto L158;
															}
															__eflags = _t569;
															if(_t569 == 0) {
																goto L122;
															}
															_t569 = _t569 + _t621;
															goto L158;
														}
														L122:
														_v20 = _v20 & 0x00000000;
														goto L159;
													}
													__eflags = _t587 & 0x00000010;
													if((_t587 & 0x00000010) != 0) {
														__eflags = _t587 & 0x00008000;
														_t588 =  *(_t621 + 0xc);
														if((_t587 & 0x00008000) == 0) {
															L109:
															_v32 = _t588;
															L110:
															_t590 =  *_v44;
															_t703 =  *(_t590 + 2) & 0x0000ffff;
															__eflags = _t703 & 0x00000010;
															if((_t703 & 0x00000010) != 0) {
																__eflags = _t725 & _t703;
																if((_t725 & _t703) == 0) {
																	_t725 =  *(_t590 + 0xc);
																	L116:
																	_t690 = _t703 & 0x2800;
																	_t709 = E0077C7DC(_t725, ((_t703 & 0x0000ffff) >> 0x00000001 & 0x00000018 | _t703 & 0x2800) >> 1, _v32, (( *(_t621 + 2) & 0xffff) >> 0x00000001 & 0x00000018 |  *(_t621 + 2) & 0x2800) >> 1, _v64, _v68, _a28, 2,  &_v40,  &_v60);
																	__eflags = _t709;
																	if(_t709 < 0) {
																		goto L56;
																	}
																	_t596 = _v60;
																	_t632 = _v40;
																	_t725 = ((_v60 & 0x00000008 | 0x00002004) + (_v60 & 0x00000008 | 0x00002004) | _t596 & 0x00001400) + ((_v60 & 0x00000008 | 0x00002004) + (_v60 & 0x00000008 | 0x00002004) | _t596 & 0x00001400);
																	_v20 = _v40;
																	_v36 = _t725;
																	_t709 = E006E9661(_v40, _v28, _v40,  &_v40);
																	__eflags = _t709;
																	if(_t709 < 0) {
																		goto L212;
																	}
																	__eflags = _v20;
																	if(_v20 != 0) {
																		E00722882(_t632, _v48, 0, _v20);
																	}
																	_t564 = _v40;
																	_v21 = 1;
																	L162:
																	_v20 = _t564;
																	goto L24;
																}
																_t682 =  *(_t590 + 0xc);
																__eflags = _t682;
																if(_t682 == 0) {
																	goto L111;
																}
																_t725 = _t682 + _t590;
																goto L116;
															}
															L111:
															_t725 = 0;
															goto L116;
														}
														__eflags = _t588;
														if(_t588 == 0) {
															goto L103;
														}
														_t588 = _t588 + _t621;
														__eflags = _t588;
														goto L109;
													}
													L103:
													_v32 = _v32 & 0x00000000;
													goto L110;
												}
												_v76 = 0;
												do {
													_t602 = E006E969A(_v28, 0x11,  &_v76);
													_v128 = _t602;
													__eflags = _t602;
													if(_t602 == 0) {
														L90:
														__eflags = _v20;
														if(_v20 == 0) {
															_push( &_v80);
															_push(8);
															_push(0xffffffff);
															_t709 = E00715960();
															_v32 = _t709;
															__eflags = _t709;
															if(_t709 < 0) {
																goto L56;
															}
															L96:
															_t605 = _v20;
															__eflags = _t605;
															if(_t605 == 0) {
																_t605 = _v80;
															}
															_t632 =  &_v32;
															_t606 = E0077C4AD(_t605, _v84, _v116,  &_v32);
															_push(_v80);
															__eflags = _t606;
															if(_t606 == 0) {
																E00715090();
																L105:
																_t709 = 0xc0000446;
																goto L56;
															} else {
																goto L99;
															}
														}
														_push( &_v124);
														_push(0x38);
														_push( &_v184);
														_push(0xa);
														_push(_v20);
														_t709 = E00715C40();
														_v32 = _t709;
														__eflags = _t709;
														if(_t709 < 0) {
															goto L56;
														}
														__eflags = _v160 - 2;
														if(_v160 != 2) {
															goto L96;
														}
														__eflags = _v156 - 1;
														if(_v156 >= 1) {
															goto L96;
														}
														L78:
														_t709 = 0xc00000a5;
														goto L56;
													}
													__eflags =  *(_t602 + 4) & 0xfffffff8;
													_t207 = _t602 + 8; // 0x8
													_v84 = _t207;
													_v116 =  *((intOrPtr*)(_t602 + 1));
													if(( *(_t602 + 4) & 0xfffffff8) != 0) {
														goto L105;
													}
													goto L90;
													L99:
													E00715090();
													_v76 = _v76 + 1;
													__eflags = _v128;
												} while (_v128 != 0);
												goto L100;
											}
											L20:
											_t468 =  *_v44;
											_t638 =  *(_t468 + 2) & 0x0000ffff;
											if((_t638 & 0x00000010) == 0) {
												goto L59;
											}
											if((_t725 & _t638) == 0) {
												_t564 =  *(_t468 + 0xc);
												goto L162;
											}
											_t659 =  *(_t468 + 0xc);
											if(_t659 == _t710) {
												goto L59;
											} else {
												_v20 = _t659 + _t468;
												goto L24;
											}
										}
										_t613 =  *_v44;
										_t632 = _t725;
										if(( *(_t613 + 2) & _t725) == 0) {
											_t458 =  *(_t613 + 8);
											goto L17;
										}
										_t632 =  *(_t613 + 8);
										if(_t632 == 0) {
											goto L62;
										} else {
											_t458 = _t613 + _t632;
											goto L17;
										}
									}
									__eflags = _v20;
									if(_v20 == 0) {
										goto L80;
									}
									_push( &_v124);
									_push(0x38);
									_push( &_v184);
									_push(0xa);
									_push(_v20);
									_t709 = E00715C40();
									_v32 = _t709;
									__eflags = _t709;
									if(_t709 < 0) {
										goto L56;
									}
									__eflags = _v160 - 2;
									if(_v160 != 2) {
										L79:
										_push( &_v32);
										_push(_v88);
										_push(_v64);
										_push(_v20);
										__eflags = E006D509B();
										L11:
										if(_t754 == 0) {
											goto L80;
										}
										goto L12;
									}
									__eflags = _v156 - 1;
									if(_v156 >= 1) {
										goto L79;
									}
									goto L78;
								}
								__eflags = _t455;
								if(_t455 != 0) {
									_t455 = _t455 + _t621;
									__eflags = _t455;
									goto L72;
								}
								_v64 = _v64 & _t455;
								goto L73;
							}
							_t619 =  *((intOrPtr*)(_t632 + 4));
							if(_t619 == 0) {
								goto L80;
							} else {
								_t620 = _t619 + _t632;
								_t754 = _t620;
								_v64 = _t620;
								goto L11;
							}
						}
						_t705 =  *(_t632 + 0xc);
						if((_t725 & _t686) == 0) {
							L6:
							_v72 = _t705;
							goto L7;
						}
						if(_t705 == 0) {
							goto L57;
						} else {
							_t705 = _t705 + _t632;
							goto L6;
						}
					}
					__eflags = _t631;
					if(__eflags == 0) {
						goto L1;
					}
					_t631 = _t631 + _t621;
					__eflags = _t631;
					goto L66;
				}
				L1:
				_v28 = 0;
				goto L2;
			}

0x006d7083
0x006d708a
0x006d7093
0x006d7097
0x006d709a
0x006d709f
0x006d70a2
0x006d70a7
0x006d70aa
0x006d70ad
0x006d70b0
0x006d70b3
0x006d70b6
0x006d70b9
0x006d70bc
0x006d70bf
0x006d70c2
0x006d70c5
0x006d70c8
0x006d70cb
0x006d70d0
0x007579fd
0x00757a00
0x00757a02
0x00757a0e
0x00757a0e
0x006d70d9
0x006d70d9
0x006d70db
0x006d70df
0x006d70e5
0x006d744d
0x006d744d
0x006d70ff
0x006d710f
0x006d7114
0x006d7119
0x00757a16
0x006d743a
0x006d744a
0x006d744a
0x006d7127
0x006d712d
0x006d7130
0x006d7133
0x006d713a
0x006d713d
0x00757a28
0x00757a2b
0x00757a30
0x00757a33
0x00757a36
0x00757a43
0x00757a43
0x00757a46
0x00757a46
0x00757a4a
0x00757a4e
0x006d7159
0x006d7159
0x006d7163
0x00757ab3
0x00757ab3
0x00000000
0x00757ab3
0x006d716d
0x00757abf
0x00757ac3
0x00757ac6
0x00757ac8
0x00757aca
0x00757acc
0x00757acc
0x00757acc
0x00757aca
0x00757ace
0x006d7191
0x006d7191
0x006d7193
0x006d7196
0x006d7198
0x006d7479
0x006d7479
0x006d741c
0x006d7420
0x00758188
0x00758188
0x006d7426
0x006d742a
0x00758192
0x0075819a
0x0075819a
0x006d7434
0x007581ac
0x007581ac
0x00000000
0x006d7434
0x006d719e
0x006d71a6
0x00757ad7
0x00000000
0x00757ad7
0x006d71af
0x006d71b2
0x006d71b5
0x00757ae4
0x00757ae4
0x00757ae7
0x00757aea
0x00757baf
0x00757baf
0x00757bb3
0x00757ce7
0x00757ce9
0x00757cec
0x00757d15
0x00757d19
0x00000000
0x00000000
0x00757d25
0x00757d2a
0x00757d31
0x00757d34
0x00757d39
0x00757d3d
0x00757e5e
0x00757e61
0x00757e6c
0x00757e6f
0x00757e70
0x00757e73
0x00757e76
0x00757e7b
0x00757e7d
0x00757e7f
0x00000000
0x00000000
0x00757e85
0x00757e88
0x00757e8c
0x00757e8c
0x00757e8f
0x00757e8f
0x00757ea0
0x00757ea8
0x00757eab
0x00757eae
0x00757eb4
0x00757eba
0x00757eba
0x006d71e5
0x006d71e9
0x006d71ee
0x00758016
0x00758018
0x0075801c
0x0075801f
0x0075802a
0x00758030
0x00758043
0x00758046
0x00758046
0x006d7249
0x006d7257
0x006d725e
0x006d7265
0x006d726a
0x006d7270
0x006d7274
0x006d7276
0x006d727c
0x006d727f
0x006d7282
0x006d7466
0x006d7288
0x006d7292
0x006d7292
0x006d7294
0x006d7299
0x006d746d
0x006d7471
0x006d729f
0x006d72a6
0x006d72a8
0x006d72a8
0x006d72b3
0x006d72c9
0x006d72cd
0x00757f97
0x00757f97
0x00000000
0x006d72d3
0x006d72d6
0x006d72df
0x006d72e3
0x006d72e6
0x006d72ea
0x006d72ef
0x006d72ef
0x006d72f6
0x00758053
0x00758056
0x00758056
0x006d7300
0x0075805f
0x006d7306
0x006d7309
0x006d7310
0x006d7315
0x006d731c
0x006d7325
0x006d7331
0x00758071
0x00758079
0x0075807e
0x0075807e
0x006d7337
0x006d7337
0x006d733d
0x006d7348
0x006d7350
0x006d7350
0x006d7354
0x006d7359
0x00758086
0x006d735f
0x006d7366
0x006d736b
0x006d7372
0x006d737b
0x006d7385
0x00758095
0x0075809d
0x007580a2
0x007580a2
0x006d738b
0x006d738b
0x006d7392
0x007580b3
0x007580bb
0x007580bf
0x007580c3
0x00000000
0x00000000
0x007580d6
0x007580da
0x007580de
0x007580e2
0x007580e6
0x007580ea
0x007580f3
0x007580f5
0x007580f7
0x00000000
0x00000000
0x007580fd
0x007580fd
0x007580fd
0x00758101
0x0075810b
0x0075810b
0x0075810f
0x00758111
0x00000000
0x00000000
0x00758113
0x00758113
0x00758127
0x0075812b
0x00758133
0x00758138
0x0075813a
0x00000000
0x00000000
0x00758149
0x0075814c
0x00000000
0x00758117
0x00758117
0x0075811c
0x0075811f
0x00000000
0x00000000
0x00758121
0x00758123
0x00000000
0x00000000
0x00758125
0x00000000
0x00758125
0x006d7398
0x006d7398
0x006d7398
0x006d73a0
0x006d73a5
0x006d73ab
0x0075815d
0x00758162
0x00758162
0x006d73b3
0x006d73bc
0x006d73bf
0x006d73ce
0x006d73ce
0x006d73d2
0x006d73da
0x006d73df
0x006d73e7
0x00758173
0x00758178
0x006d73ed
0x006d73f3
0x006d73f6
0x006d7405
0x006d7405
0x006d7409
0x006d7413
0x006d7418
0x006d741a
0x00000000
0x006d741a
0x006d7392
0x006d72cd
0x00758032
0x00758035
0x00758037
0x00000000
0x00000000
0x0075803b
0x00000000
0x0075803b
0x00758021
0x00758021
0x00000000
0x00758021
0x006d71f8
0x00757e4c
0x00757e50
0x00757e53
0x00757ecd
0x00757ed0
0x00757ed6
0x00757ee7
0x00757eea
0x00757eed
0x00757eef
0x00757ef3
0x00757ef5
0x00757efb
0x00757f00
0x00757f0d
0x00757f10
0x00757f14
0x00757f1d
0x00757f32
0x00757f34
0x00757f36
0x00000000
0x00000000
0x00757f3f
0x00757f4d
0x00757f51
0x00757f6f
0x00757f6f
0x006d723f
0x006d7243
0x00757f7e
0x00757f89
0x00757f91
0x00757f93
0x00757f95
0x00757fa4
0x00757fa5
0x00757fa7
0x00757fae
0x00757fb0
0x00757fb2
0x00757fb4
0x00757fc8
0x00757fc9
0x00757fcc
0x00757fcd
0x00757fcf
0x00757fd2
0x00757fd7
0x00757fda
0x00757fdc
0x00757fe1
0x00757fe3
0x00000000
0x00000000
0x00757fff
0x00758001
0x00758006
0x00758008
0x00000000
0x00000000
0x0075800e
0x00000000
0x0075800e
0x00757fb6
0x00757fbb
0x00000000
0x00757fbb
0x00000000
0x00757f95
0x00000000
0x006d7243
0x00757f02
0x00757f05
0x00757f07
0x00000000
0x00000000
0x00757f09
0x00000000
0x00757f09
0x00757ef7
0x00757ef7
0x00000000
0x00757ef7
0x00757ed8
0x00757eda
0x00000000
0x00000000
0x00757ee2
0x00000000
0x00757ee2
0x00757e55
0x00757e55
0x00000000
0x00757e55
0x006d71fe
0x006d7204
0x00757f55
0x00757f55
0x006d721b
0x006d721b
0x006d722a
0x006d7233
0x006d7239
0x00757f69
0x00757f69
0x00000000
0x00757f69
0x00000000
0x006d7239
0x006d720f
0x006d7212
0x00757f5e
0x00757f60
0x00000000
0x00000000
0x00757f62
0x00757f62
0x006d7218
0x00000000
0x006d7218
0x00757e63
0x00757e65
0x00000000
0x00000000
0x00757e67
0x00000000
0x00757e67
0x00757d43
0x00757d47
0x00757d4a
0x00757d4c
0x00757d52
0x00757d60
0x00757d54
0x00757d54
0x00757d57
0x00757d59
0x00757d5b
0x00757d5b
0x00757d59
0x00757d52
0x00757d66
0x00757d68
0x00757d6c
0x00757d6f
0x00757d75
0x00757d7b
0x00757d89
0x00000000
0x00757d89
0x00757d7d
0x00757d80
0x00757d82
0x00000000
0x00000000
0x00757d84
0x00000000
0x00757d71
0x00757d71
0x00757d71
0x00757d8c
0x00757dbc
0x00757dbe
0x00757dcd
0x00757dcf
0x00757dd1
0x00000000
0x00000000
0x00757dda
0x00757ddd
0x00757def
0x00757df1
0x00757df6
0x00757dfc
0x00757e00
0x00757e04
0x00757e07
0x00757e44
0x00757e44
0x00000000
0x00757e44
0x00757e18
0x00757e1a
0x00757e1c
0x00000000
0x00000000
0x00757e22
0x00757e26
0x00757e30
0x00757e30
0x00757e38
0x00757e38
0x00757e3a
0x00757e3e
0x00757e41
0x00000000
0x00757e41
0x00757d6f
0x00757cf4
0x00757cf9
0x00757cfb
0x00757d06
0x00757d09
0x00757d0a
0x00757d0d
0x00000000
0x00757d0d
0x00757cfd
0x00757d00
0x006d745e
0x006d745e
0x00000000
0x006d745e
0x00000000
0x00757d00
0x00757bb9
0x00757bbd
0x00757bc1
0x00757cc1
0x00757cc3
0x00757cce
0x00757cd3
0x00757cd6
0x00000000
0x00000000
0x00757cdc
0x00757cde
0x00000000
0x00000000
0x00757ce0
0x00000000
0x00757ce0
0x00757cc5
0x00757cc5
0x00000000
0x00757cc5
0x00757bc7
0x00757bc9
0x00757be0
0x00757be5
0x00757be8
0x00757bf0
0x00757bf0
0x00757bf3
0x00757bf6
0x00757bf8
0x00757bfc
0x00757bff
0x00757c05
0x00757c07
0x00757c15
0x00757c18
0x00757c52
0x00757c5f
0x00757c61
0x00757c63
0x00000000
0x00000000
0x00757c69
0x00757c6c
0x00757c8b
0x00757c8d
0x00757c90
0x00757c98
0x00757c9a
0x00757c9c
0x00000000
0x00000000
0x00757ca2
0x00757ca6
0x00757cb0
0x00757cb0
0x00757cb5
0x00757cb8
0x00757ec5
0x00757ec5
0x00000000
0x00757ec5
0x00757c09
0x00757c0c
0x00757c0e
0x00000000
0x00000000
0x00757c10
0x00000000
0x00757c10
0x00757c01
0x00757c01
0x00000000
0x00757c01
0x00757bea
0x00757bec
0x00000000
0x00000000
0x00757bee
0x00757bee
0x00000000
0x00757bee
0x00757bcb
0x00757bcb
0x00000000
0x00757bcb
0x00757af0
0x00757af3
0x00757afc
0x00757b01
0x00757b04
0x00757b06
0x00757b21
0x00757b21
0x00757b25
0x00757b65
0x00757b66
0x00757b68
0x00757b6f
0x00757b71
0x00757b74
0x00757b76
0x00000000
0x00000000
0x00757b7c
0x00757b7c
0x00757b7f
0x00757b81
0x00757b83
0x00757b83
0x00757b86
0x00757b91
0x00757b96
0x00757b99
0x00757b9b
0x00757bd1
0x00757bd6
0x00757bd6
0x00000000
0x00000000
0x00000000
0x00000000
0x00757b9b
0x00757b2a
0x00757b2b
0x00757b33
0x00757b34
0x00757b36
0x00757b3e
0x00757b40
0x00757b43
0x00757b45
0x00000000
0x00000000
0x00757b4b
0x00757b52
0x00000000
0x00000000
0x00757b54
0x00757b5b
0x00000000
0x00000000
0x00757a90
0x00757a90
0x00000000
0x00757a90
0x00757b08
0x00757b0f
0x00757b12
0x00757b18
0x00757b1b
0x00000000
0x00000000
0x00000000
0x00757b9d
0x00757b9d
0x00757ba2
0x00757ba5
0x00757ba5
0x00000000
0x00757af3
0x006d71bb
0x006d71be
0x006d71c0
0x006d71c7
0x00000000
0x00000000
0x006d71cf
0x00757ec2
0x00000000
0x00757ec2
0x006d71d5
0x006d71da
0x00000000
0x006d71e0
0x006d71e2
0x00000000
0x006d71e2
0x006d71da
0x006d7176
0x006d7178
0x006d717e
0x006d7456
0x00000000
0x006d7456
0x006d7184
0x006d7189
0x00000000
0x006d718f
0x006d718f
0x00000000
0x006d718f
0x006d7189
0x00757a54
0x00757a58
0x00000000
0x00000000
0x00757a5d
0x00757a5e
0x00757a66
0x00757a67
0x00757a69
0x00757a71
0x00757a73
0x00757a76
0x00757a78
0x00000000
0x00000000
0x00757a7e
0x00757a85
0x00757a9a
0x00757a9d
0x00757a9e
0x00757aa1
0x00757aa4
0x00757aac
0x006d7153
0x006d7153
0x00000000
0x00000000
0x00000000
0x006d7153
0x00757a87
0x00757a8e
0x00000000
0x00000000
0x00000000
0x00757a8e
0x00757a38
0x00757a3a
0x00757a41
0x00757a41
0x00000000
0x00757a41
0x00757a3c
0x00000000
0x00757a3c
0x006d7143
0x006d7148
0x00000000
0x006d714e
0x006d714e
0x006d714e
0x006d7150
0x00000000
0x006d7150
0x006d7148
0x006d70ed
0x006d70f0
0x006d70fc
0x006d70fc
0x00000000
0x006d70fc
0x006d70f4
0x00000000
0x006d70fa
0x006d70fa
0x00000000
0x006d70fa
0x006d70f4
0x00757a04
0x00757a06
0x00000000
0x00000000
0x00757a0c
0x00757a0c
0x00000000
0x00757a0c
0x006d70d6
0x006d70d6
0x00000000

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d4034238d4a5d4736e0e67715ee6b81967ba5f784a84e6dbdca9634a177b6cf
Instruction ID: e1ca04c3f5eabda2fddf5c4c1410175e3547d37b23c92cd70f706164c0592218
Opcode Fuzzy Hash: 0d4034238d4a5d4736e0e67715ee6b81967ba5f784a84e6dbdca9634a177b6cf
Instruction Fuzzy Hash: 2A72D271D04219DFDF19CF94D845BFEBBF6AF44301F18801AE805A7281E7B9994ACBA1

Uniqueness

Uniqueness Score: 0.00%

Function 00722ADC, Relevance: .9, Instructions: 945
COMMONCrypto

C-Code - Quality: 89%

			E00722ADC(void* __ebx, signed short* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t340;
				signed int _t343;
				signed int _t344;
				signed int _t345;
				signed int _t348;
				signed int _t349;
				signed int _t350;
				signed int* _t351;
				signed int _t354;
				signed int _t357;
				signed int _t358;
				signed int _t361;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t371;
				signed int* _t378;
				signed int _t379;
				signed int _t380;
				signed int _t394;
				signed int _t401;
				signed int _t405;
				unsigned int _t409;
				signed int _t411;
				signed int _t415;
				signed int _t418;
				signed int _t425;
				signed int _t427;
				signed int _t435;
				signed int _t436;
				signed int _t437;
				signed int _t444;
				signed int* _t451;
				signed int _t452;
				signed int _t453;
				signed int _t465;
				signed char _t471;
				signed int _t472;
				signed int _t477;
				signed int _t482;
				signed int* _t486;
				signed int _t495;
				signed int _t500;
				signed int* _t504;
				intOrPtr _t505;
				signed int _t508;
				signed int _t515;
				signed int _t516;
				signed int _t517;
				signed char _t535;
				signed int _t536;
				signed int _t554;
				intOrPtr _t561;
				signed int _t565;
				signed char _t567;
				signed int _t570;
				signed int _t573;
				signed char _t575;
				signed int* _t576;
				signed int _t577;
				unsigned int _t578;
				intOrPtr _t581;
				signed int _t584;
				signed char _t585;
				signed char _t586;
				signed int _t591;
				signed char* _t592;
				signed char _t594;
				signed short* _t601;
				unsigned int _t603;
				void* _t605;
				signed char* _t615;
				signed char _t616;
				signed char _t617;
				signed char _t620;
				signed int _t625;
				signed char* _t626;
				signed char _t628;
				signed int _t631;
				unsigned int* _t634;
				signed int _t635;
				intOrPtr _t638;
				signed int _t643;
				intOrPtr _t650;
				signed int _t652;
				signed int _t653;
				signed int _t654;
				signed int _t656;
				signed char* _t659;
				signed int _t660;
				signed int _t662;
				signed int _t664;
				signed int _t671;
				signed int _t672;
				void* _t673;
				signed int _t675;
				signed char _t676;
				signed int _t678;
				signed int _t679;
				signed int _t680;
				signed char _t683;
				signed int _t687;
				signed char _t688;
				signed int _t689;
				void* _t690;
				signed int _t692;
				signed char _t693;
				signed int _t700;
				signed short* _t707;
				signed int _t708;
				signed int _t711;
				void* _t716;
				void* _t721;
				signed int _t725;
				signed int _t726;
				signed int _t727;
				void* _t728;
				void* _t731;
				signed int _t738;
				unsigned int _t741;
				signed int _t748;
				void* _t749;
				signed int _t751;
				signed int _t752;
				intOrPtr _t753;
				signed int _t754;
				signed int _t757;
				intOrPtr _t758;
				signed int _t760;
				signed int _t761;
				signed int _t762;
				void* _t766;

				_push(0x64);
				_push(0x721c10);
				E00722824(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t766 - 0x3c)) = __edx;
				_t707 = __ecx;
				 *(_t766 - 0x28) = __ecx;
				_t748 = __ecx - 0x110 + ( *(__ecx + 2) & 0x000000ff) * 4;
				 *(_t766 - 0x2c) = _t748;
				if(( *(__ecx + 3) & 0x00000001) != 0) {
					L72:
					_t515 =  *((intOrPtr*)( *[fs:0x18] + 0xfa8)) - 1;
					__eflags = _t515;
					 *(_t766 - 0x44) = _t515;
					if(_t515 < 0) {
						 *0x7a8580 = 0xffffffff;
						 *0x7a8584 = 0xffffffff;
						L66:
						_t340 = E006FDFD4();
						_t650 =  *[fs:0x18];
						_t85 = _t340 + 1; // 0x1
						_t561 = _t85;
						__eflags = _t561 -  *((intOrPtr*)(_t650 + 0xfa8));
						if(_t561 !=  *((intOrPtr*)(_t650 + 0xfa8))) {
							asm("lock xadd [edx], ebx");
						}
						 *((intOrPtr*)( *[fs:0x18] + 0xfa8)) = _t561;
						_t515 = _t340;
						L76:
						 *(_t766 - 0x34) = _t515;
						goto L78;
					}
					_t505 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(0x7a8598 + _t515 * 4)) -  *((intOrPtr*)(_t505 + 0x24));
					if( *((intOrPtr*)(0x7a8598 + _t515 * 4)) !=  *((intOrPtr*)(_t505 + 0x24))) {
						goto L66;
					}
					_t508 = E00704180(1, _t515, 0);
					_t643 =  *0x7a8580; // 0x0
					_t762 =  *0x7a8584; // 0x0
					__eflags = _t643 & _t508 | _t762 & 0;
					if((_t643 & _t508 | _t762 & 0) != 0) {
						asm("lock cmpxchg8b [esi]");
						_t515 =  *(_t766 - 0x44);
					}
					_t748 =  *(_t766 - 0x2c);
					goto L76;
				} else {
					_t99 = __ebp - 0x34;
					 *_t99 =  *(__ebp - 0x34) & 0x00000000;
					__eflags =  *_t99;
					L78:
					_t343 =  *(_t766 - 0x34) * 0x3418 + _t748 + 0x310;
					 *(_t766 - 0x44) = _t343;
					_t652 = _t343 + 0x18 + ( *(_t707 + 2) & 0x000000ff) * 0x68;
					 *(_t766 - 0x20) = _t652;
					_t344 =  *_t652;
					 *(_t766 - 0x30) = _t344;
					__eflags = _t344;
					if(_t344 == 0) {
						while(1) {
							L91:
							_t516 =  *(_t766 - 0x20);
							_t345 =  *(_t516 + 4);
							 *(_t766 - 0x30) = _t345;
							if(_t345 == 0) {
								goto L104;
							}
							L92:
							 *(_t766 - 4) = 1;
							while(1) {
								_t142 = _t345 + 8; // 0x18
								_t576 = _t142;
								_t660 =  *_t576;
								 *(_t766 - 0x5c) = _t660;
								_t711 = _t576[1];
								 *(_t766 - 0x58) = _t711;
								if(_t660 == 0) {
									break;
								}
								_t753 =  *((intOrPtr*)(_t345 + 4));
								if(_t753 == 0 ||  *_t345 != _t516) {
									break;
								} else {
									_t754 = (_t660 >> 0x0000000d & 0x0007fff8) + _t753 + 8;
									asm("adc edi, 0xffffffff");
									_t477 =  *_t754 & 0x0000ffff;
									asm("cdq");
									 *(_t766 - 0x74) = _t660 + 0xffffffff & 0x0000ffff | _t477 << 0x00000010;
									 *(_t766 - 0x70) = _t711 | (_t660 << 0x00000020 | _t477) << 0x10;
									_t671 =  *(_t766 - 0x58);
									asm("lock cmpxchg8b [edi]");
									if( *(_t766 - 0x5c) !=  *(_t766 - 0x5c) || _t671 !=  *(_t766 - 0x58)) {
										_t516 =  *(_t766 - 0x20);
										_t482 = ( *(_t516 + 0x60) & 0x0000ffff) << 2;
										_t581 =  *((intOrPtr*)( *((intOrPtr*)(_t516 + 0x58)) + 0xc));
										__eflags =  *(_t581 + _t482 + 0x113) & 0x00000001;
										if(( *(_t581 + _t482 + 0x113) & 0x00000001) == 0) {
											_t26 = (( *(_t516 + 0x60) & 0x0000ffff) << 2) + 0x113; // 0x7d811074
											_t486 =  *((intOrPtr*)( *((intOrPtr*)(_t516 + 0x58)) + 0xc)) + _t26;
											 *_t486 =  *_t486 | 0x00000001;
											__eflags =  *_t486;
										}
										_t345 =  *(_t766 - 0x30);
										continue;
									} else {
										_t577 = _t754;
										L99:
										 *(_t766 - 0x24) = _t577;
										 *(_t766 - 4) = 0xfffffffe;
										if(_t577 == 0) {
											goto L104;
										}
										_t471 = (( *( *(_t766 - 0x28)) & 0x0000ffff) << 3) -  *((intOrPtr*)(_t766 - 0x3c));
										_t578 = _t577 + 0xfffffff8;
										_t752 =  *( *(_t766 - 0x2c) + 0x24);
										if(_t471 < 0x3f) {
											L88:
											_t472 = _t471 | 0x00000080;
											__eflags = _t472;
											 *(_t578 + 7) = _t472;
											L89:
											_t411 =  *(_t766 - 0x24);
											L90:
											return E00722869(_t411);
										}
										if(( *(_t578 + 7) & 0x00000080) == 0) {
											__eflags =  *(_t752 + 0x4c);
											if( *(_t752 + 0x4c) == 0) {
												L185:
												_t662 =  *_t578 & 0x0000ffff;
												L103:
												 *(_t578 + 7) = 0xbf;
												 *(_t578 + (_t662 & 0x0000ffff) * 8 - 4) = _t471;
												goto L89;
											}
											_t664 =  *_t578;
											__eflags =  *(_t752 + 0x4c) & _t664;
											L182:
											if(__eflags != 0) {
												_t664 = _t664 ^  *(_t752 + 0x50);
												__eflags = _t664;
											}
											_t662 = _t664 & 0x0000ffff;
											goto L103;
										}
										L102:
										_t662 =  *((intOrPtr*)((_t578 >> 0x00000003 ^  *_t578 ^ _t752 ^  *0x7a81dc) + 0x10));
										goto L103;
									}
								}
							}
							_t577 = 0;
							goto L99;
							L104:
							_t348 = (( *(_t766 - 0x28))[1] & 0x000000ff) * 0x68;
							__eflags = _t348;
							_t749 =  *(_t766 - 0x44) + _t348 + 0x18;
							while(1) {
								_t708 = 0;
								_t653 = 0;
								__eflags = 0;
								_t565 = _t749 + 8;
								 *(_t766 - 0x40) = 0x10;
								do {
									L106:
									_t349 =  *_t565;
									__eflags = _t349;
									if(_t349 != 0) {
										_t517 =  *(_t349 + 8) & 0x0000ffff;
										 *(_t766 - 0x30) = _t517;
										__eflags = _t517 - _t653;
										if(_t517 > _t653) {
											 *(_t766 - 0x38) = _t349;
											_t653 = _t517;
											_t708 = _t565;
										}
									}
									_t565 = _t565 + 4;
									_t181 = _t766 - 0x40;
									 *_t181 =  *(_t766 - 0x40) - 1;
									__eflags =  *_t181;
								} while ( *_t181 != 0);
								 *(_t766 - 0x30) = _t708;
								__eflags = _t708;
								if(_t708 != 0) {
									_t350 = E007055E8(_t749 + 0x48);
									while(1) {
										_t654 = _t350;
										__eflags = _t654;
										if(_t654 == 0) {
											break;
										}
										_t654 = _t654 - 0x18;
										_t49 = _t654 + 0x1c; // 0x4
										_t351 = _t49;
										_t567 =  *_t351;
										__eflags = _t567 & 0x00000001;
										if((_t567 & 0x00000001) != 0) {
											break;
										}
										_t631 = 0xfffffffd;
										_t465 =  *_t351;
										do {
											__eflags = _t465 & _t631;
											asm("lock cmpxchg [edi], ebx");
										} while ((_t465 & _t631) != 0);
										__eflags = _t465 - 2;
										if(_t465 == 2) {
											 *_t654 =  *_t654 & 0x00000000;
											 *((intOrPtr*)(_t654 + 0xc)) =  *((intOrPtr*)(_t654 + 0xc)) + 1;
											__eflags = _t654 + 0x18;
											E00705640( *((intOrPtr*)( *_t654 + 0x58)), _t654 + 0x18);
										}
										_t350 = E007055E8(_t749 + 0x48);
										_t708 =  *(_t766 - 0x30);
									}
									asm("lock cmpxchg [ebx], ecx");
									__eflags =  *(_t766 - 0x38) -  *(_t766 - 0x38);
									if( *(_t766 - 0x38) !=  *(_t766 - 0x38)) {
										__eflags = _t654;
										if(_t654 != 0) {
											E00705640(_t749 + 0x48, _t654 + 0x18);
										}
										_t708 = 0;
										_t653 = 0;
										__eflags = 0;
										_t565 = _t749 + 8;
										 *(_t766 - 0x40) = 0x10;
										goto L106;
									}
									__eflags = _t654;
									if(_t654 == 0) {
										_t738 = _t708 - _t749 - 8;
										__eflags = _t738;
										 *((short*)(_t749 + 0x62)) = _t738 >> 2;
									}
									_t656 =  *(_t766 - 0x38);
									L110:
									__eflags = _t656;
									if(_t656 != 0) {
										_t570 = 0xfffffffd;
										_t79 = _t656 + 0x1c; // 0x1c
										_t354 =  *_t79;
										do {
											__eflags = _t354 & _t570;
											asm("lock cmpxchg [edi], ebx");
										} while ((_t354 & _t570) != 0);
										__eflags = _t354 - 2;
										if(_t354 == 2) {
											 *_t656 =  *_t656 & 0x00000000;
											 *((intOrPtr*)(_t656 + 0xc)) =  *((intOrPtr*)(_t656 + 0xc)) + 1;
											E00705640( *((intOrPtr*)( *_t656 + 0x58)), _t656 + 0x18);
											goto L111;
										}
										L32:
										_t751 = _t656;
										L114:
										__eflags = _t751;
										if(_t751 != 0) {
											_t57 = _t751 + 0x1c; // 0x1c
											_t659 = _t57;
											while(1) {
												_t575 =  *_t659;
												__eflags = _t575;
												if(_t575 == 0) {
													break;
												}
												__eflags = _t575 & 0x00000006;
												if((_t575 & 0x00000006) != 0) {
													break;
												}
												asm("lock cmpxchg [ebx], edi");
												__eflags = _t575 - _t575;
												if(_t575 != _t575) {
													continue;
												}
												_t361 = 1;
												L38:
												__eflags = _t361;
												if(_t361 == 0) {
													goto L91;
													do {
														while(1) {
															L91:
															_t516 =  *(_t766 - 0x20);
															_t345 =  *(_t516 + 4);
															 *(_t766 - 0x30) = _t345;
															if(_t345 == 0) {
																goto L104;
															}
															goto L92;
														}
														L5:
														__eflags = _t371 - 2;
													} while (_t371 != 2);
													_t588 =  *( *_t672 + 0x58);
													 *_t672 =  *_t672 & 0x00000000;
													 *((intOrPtr*)(_t672 + 0xc)) =  *((intOrPtr*)(_t672 + 0xc)) + 1;
													_t673 = _t672 + 0x18;
													L161:
													E00705640(_t588, _t673);
													goto L91;
													do {
														while(1) {
															L91:
															_t516 =  *(_t766 - 0x20);
															_t345 =  *(_t516 + 4);
															 *(_t766 - 0x30) = _t345;
															if(_t345 == 0) {
																goto L104;
															}
															goto L92;
														}
														L241:
														__eflags = _t427;
													} while (_t427 == 0);
													_t728 =  *_t751;
													_t322 = _t766 - 0x30;
													 *_t322 =  *(_t766 - 0x30) & 0x00000000;
													__eflags =  *_t322;
													while(1) {
														_t672 =  *(_t728 + 8 + (( *(_t728 + 0x62) & 0x0000ffff) +  *(_t766 - 0x30) & 0x0000000f) * 4);
														__eflags = _t672;
														if(_t672 != 0) {
															goto L246;
														}
														L244:
														asm("lock cmpxchg [edx], ecx");
														__eflags = 0;
														if(0 != 0) {
															L248:
															 *(_t766 - 0x30) =  *(_t766 - 0x30) + 1;
															__eflags =  *(_t766 - 0x30) - 0x10;
															if( *(_t766 - 0x30) >= 0x10) {
																L159:
																_t588 =  *_t751 + 0x48;
																L160:
																_t250 = _t751 + 0x18; // 0x18
																_t673 = _t250;
																goto L161;
															}
															_t672 =  *(_t728 + 8 + (( *(_t728 + 0x62) & 0x0000ffff) +  *(_t766 - 0x30) & 0x0000000f) * 4);
															__eflags = _t672;
															if(_t672 != 0) {
																goto L246;
															}
															goto L244;
														}
														goto L91;
														do {
															while(1) {
																L91:
																_t516 =  *(_t766 - 0x20);
																_t345 =  *(_t516 + 4);
																 *(_t766 - 0x30) = _t345;
																if(_t345 == 0) {
																	goto L104;
																}
																goto L92;
															}
															L154:
															__eflags = _t453;
														} while (_t453 == 0);
														_t707 =  *_t751;
														_t237 = _t766 - 0x30;
														 *_t237 =  *(_t766 - 0x30) & 0x00000000;
														__eflags =  *_t237;
														do {
															_t242 = (( *(_t707 + 0x62) & 0x0000ffff) +  *(_t766 - 0x30) & 0x0000000f) * 4; // 0x101
															_t672 =  *(_t707 + _t242 + 8);
															__eflags = _t672;
															if(_t672 == 0) {
																asm("lock cmpxchg [edx], ecx");
																__eflags = 0;
																if(0 == 0) {
																	while(1) {
																		L91:
																		_t516 =  *(_t766 - 0x20);
																		_t345 =  *(_t516 + 4);
																		 *(_t766 - 0x30) = _t345;
																		if(_t345 == 0) {
																			goto L104;
																		}
																		goto L92;
																	}
																}
																goto L158;
															}
															_t628 =  *(_t672 + 0x1c);
															__eflags = _t628 & 0x00000001;
															if((_t628 & 0x00000001) == 0) {
																goto L1;
															}
															L158:
															 *(_t766 - 0x30) =  *(_t766 - 0x30) + 1;
														} while ( *(_t766 - 0x30) < 0x10);
														goto L159;
														L246:
														_t617 =  *(_t672 + 0x1c);
														__eflags = _t617 & 0x00000001;
														if((_t617 & 0x00000001) != 0) {
															goto L248;
														}
														asm("lock cmpxchg [ebx], ecx");
														__eflags = _t672 - _t672;
														if(_t672 == _t672) {
															L3:
															_t591 = 0xfffffffd;
															_t10 = _t672 + 0x1c; // 0x115
															_t371 =  *_t10;
															do {
																__eflags = _t371 & _t591;
																asm("lock cmpxchg [esi], edi");
															} while ((_t371 & _t591) != 0);
															goto L5;
														}
														goto L248;
													}
												}
												L39:
												_t362 =  *(_t766 - 0x20);
												__eflags =  *_t751 - _t362;
												if( *_t751 != _t362) {
													_t584 = 0xfffffff9;
													_t363 =  *_t659;
													do {
														__eflags = _t363 & _t584;
														asm("lock cmpxchg [edi], ebx");
													} while ((_t363 & _t584) != 0);
													__eflags = _t363 - 6;
													if(_t363 != 6) {
														L193:
														__eflags =  *((short*)(_t751 + 8));
														if( *((short*)(_t751 + 8)) == 0) {
															goto L91;
															do {
																do {
																	do {
																		do {
																			do {
																				do {
																					do {
																						do {
																							L91:
																							_t516 =  *(_t766 - 0x20);
																							_t345 =  *(_t516 + 4);
																							 *(_t766 - 0x30) = _t345;
																							if(_t345 == 0) {
																								goto L104;
																							}
																							goto L92;
																						} while (_t361 == 0);
																						goto L39;
																					} while (_t751 == 0);
																					_t62 = _t751 + 0x1c; // 0x1c
																					_t592 = _t62;
																					_t675 = 0xfffffff9;
																					_t379 =  *_t592;
																					do {
																						__eflags = _t379 & _t675;
																						asm("lock cmpxchg [edi], ebx");
																					} while ((_t379 & _t675) != 0);
																					__eflags = _t379 - 6;
																					if(_t379 == 6) {
																						goto L192;
																					}
																					goto L44;
																				} while ( *((short*)(_t751 + 8)) == 0);
																				while(1) {
																					L194:
																					_t585 =  *_t659;
																					__eflags = _t585;
																					if(_t585 == 0) {
																						break;
																					}
																					__eflags = _t585 & 0x00000002;
																					if((_t585 & 0x00000002) != 0) {
																						break;
																					}
																					asm("lock cmpxchg [ebx], edi");
																					__eflags = _t585 - _t585;
																					if(_t585 != _t585) {
																						continue;
																					}
																					_t364 = 1;
																					goto L199;
																				}
																				_t364 = 0;
																				__eflags = 0;
																				goto L199;
																				L44:
																				__eflags =  *((short*)(_t751 + 8));
																			} while ( *((short*)(_t751 + 8)) == 0);
																			while(1) {
																				_t676 =  *_t592;
																				__eflags = _t676;
																				if(_t676 == 0) {
																					break;
																				}
																				__eflags = _t676 & 0x00000002;
																				if((_t676 & 0x00000002) != 0) {
																					break;
																				}
																				asm("lock cmpxchg [ebx], edi");
																				__eflags = _t676 - _t676;
																				if(_t676 != _t676) {
																					continue;
																				}
																				_t380 = 1;
																				goto L49;
																			}
																			_t380 = 0;
																			goto L49;
																			L199:
																			__eflags = _t364;
																		} while (_t364 == 0);
																		_t716 =  *_t751;
																		_t282 = _t766 - 0x30;
																		 *_t282 =  *(_t766 - 0x30) & 0x00000000;
																		__eflags =  *_t282;
																		while(1) {
																			_t287 = (( *(_t716 + 0x62) & 0x0000ffff) +  *(_t766 - 0x30) & 0x0000000f) * 4; // 0x24
																			_t672 =  *(_t716 + _t287 + 8);
																			__eflags = _t672;
																			if(_t672 != 0) {
																				goto L204;
																			}
																			L202:
																			asm("lock cmpxchg [edx], ecx");
																			__eflags = 0;
																			if(0 != 0) {
																				L206:
																				 *(_t766 - 0x30) =  *(_t766 - 0x30) + 1;
																				__eflags =  *(_t766 - 0x30) - 0x10;
																				if( *(_t766 - 0x30) >= 0x10) {
																					goto L159;
																				}
																				_t287 = (( *(_t716 + 0x62) & 0x0000ffff) +  *(_t766 - 0x30) & 0x0000000f) * 4; // 0x24
																				_t672 =  *(_t716 + _t287 + 8);
																				__eflags = _t672;
																				if(_t672 != 0) {
																					goto L204;
																				}
																				goto L202;
																			}
																			goto L91;
																			L204:
																			_t586 =  *(_t672 + 0x1c);
																			__eflags = _t586 & 0x00000001;
																			if((_t586 & 0x00000001) != 0) {
																				goto L206;
																			}
																			asm("lock cmpxchg [ebx], ecx");
																			__eflags = _t672 - _t672;
																			if(_t672 == _t672) {
																				goto L3;
																			}
																			goto L206;
																		}
																		L49:
																		__eflags = _t380;
																	} while (_t380 == 0);
																	_t721 =  *_t751;
																	_t66 = _t766 - 0x30;
																	 *_t66 =  *(_t766 - 0x30) & 0x00000000;
																	__eflags =  *_t66;
																	do {
																		_t71 = (( *(_t721 + 0x62) & 0x0000ffff) +  *(_t766 - 0x30) & 0x0000000f) * 4; // 0x101
																		_t672 =  *(_t721 + _t71 + 8);
																		__eflags = _t672;
																		if(_t672 == 0) {
																			asm("lock cmpxchg [edx], ecx");
																			__eflags = 0;
																			if(0 == 0) {
																				goto L91;
																			}
																			goto L53;
																		}
																		_t594 =  *(_t672 + 0x1c);
																		__eflags = _t594 & 0x00000001;
																		if((_t594 & 0x00000001) == 0) {
																			asm("lock cmpxchg [ebx], ecx");
																			__eflags = _t672 - _t672;
																			if(_t672 != _t672) {
																				goto L53;
																			}
																			goto L3;
																		}
																		L53:
																		 *(_t766 - 0x30) =  *(_t766 - 0x30) + 1;
																		__eflags =  *(_t766 - 0x30) - 0x10;
																	} while ( *(_t766 - 0x30) < 0x10);
																	goto L159;
																	L145:
																	_t451 = _t435 + 4;
																	_t232 = _t751;
																	_t751 =  *_t451;
																	 *_t451 = _t232;
																	__eflags = _t751;
																} while (_t751 == 0);
																_t233 = _t751 + 0x1c; // 0x4
																_t626 = _t233;
																_t692 = 0xfffffff9;
																_t452 =  *_t626;
																do {
																	__eflags = _t452 & _t692;
																	asm("lock cmpxchg [edi], ebx");
																} while ((_t452 & _t692) != 0);
																__eflags = _t452 - 6;
																if(_t452 == 6) {
																	goto L192;
																}
																__eflags =  *((short*)(_t751 + 8));
															} while ( *((short*)(_t751 + 8)) == 0);
															while(1) {
																_t693 =  *_t626;
																__eflags = _t693;
																if(_t693 == 0) {
																	break;
																}
																__eflags = _t693 & 0x00000002;
																if((_t693 & 0x00000002) != 0) {
																	break;
																}
																asm("lock cmpxchg [ebx], edi");
																__eflags = _t693 - _t693;
																if(_t693 != _t693) {
																	continue;
																}
																_t453 = 1;
																goto L154;
															}
															_t453 = 0;
															goto L154;
														}
														goto L194;
													}
													L192:
													_t588 =  *( *_t751 + 0x58);
													 *_t751 =  *_t751 & 0x00000000;
													 *((intOrPtr*)(_t751 + 0xc)) =  *((intOrPtr*)(_t751 + 0xc)) + 1;
													goto L160;
												}
												_t378 = _t362 + 4;
												_t61 = _t751;
												_t751 =  *_t378;
												 *_t378 = _t61;
												__eflags = _t751;
											}
											_t361 = 0;
											goto L38;
										}
										_t394 = ( *(_t766 - 0x28))[1] & 0x000000ff;
										 *(_t766 - 0x40) = _t394;
										_t757 =  *(_t766 - 0x2c) + 0x48;
										__eflags = _t757;
										while(1) {
											 *((char*)(_t766 - 0x19)) = 0;
											 *(_t766 - 0x54) =  *_t757;
											 *(_t766 - 0x50) =  *(_t757 + 4);
											__eflags =  *(_t766 - 0x54) - _t394;
											if( *(_t766 - 0x54) == _t394) {
												 *(_t766 - 0x60) =  *(_t766 - 0x50) + 1;
												__eflags =  *(_t766 - 0x50) - 7;
												if( *(_t766 - 0x50) > 7) {
													 *((char*)(_t766 - 0x19)) = 1;
													 *(_t766 - 0x60) = 0;
												}
											} else {
												 *(_t766 - 0x64) = _t394;
												 *(_t766 - 0x60) = 1;
											}
											_t678 =  *(_t766 - 0x50);
											asm("lock cmpxchg8b [edi]");
											_t725 =  *(_t766 - 0x50);
											__eflags =  *(_t766 - 0x54) -  *(_t766 - 0x54);
											if( *(_t766 - 0x54) !=  *(_t766 - 0x54)) {
												goto L14;
											}
											L119:
											__eflags = _t678 - _t725;
											if(_t678 != _t725) {
												goto L14;
											}
											_t679 =  *( *(_t766 - 0x20) + 0x50);
											__eflags =  *((char*)(_t766 - 0x19));
											if( *((char*)(_t766 - 0x19)) == 0) {
												_t679 = _t679 >> 4;
												__eflags = _t679;
											}
											_t601 =  *(_t766 - 0x28);
											_t535 = _t601[1];
											_t401 = _t535 & 0x00000001;
											_t758 =  *((intOrPtr*)(0x7342c0 + (_t601[1] & 0x000000ff) * 4));
											_t726 = 7;
											__eflags = _t758 - 0x100;
											if(_t758 < 0x100) {
												_t401 = _t401 - 1;
												__eflags = _t401;
											}
											_t603 =  *0x7a80e8; // 0x8
											__eflags =  *0x7a8594 - _t603 >> 1; // 0xffffffff
											if(__eflags > 0) {
												_t401 = _t401 + 1;
											}
											_t605 = 4;
											_t405 = 1 << _t605 - _t401;
											__eflags = _t679 - 1;
											if(_t679 < 1) {
												_t679 = _t405;
											}
											__eflags = _t679 - 0x400;
											if(_t679 > 0x400) {
												_t679 = 0x400;
											}
											_t409 = (_t758 + 8) * _t679 + 0x18;
											__eflags = _t409 - 0x78000;
											if(_t409 > 0x78000) {
												_t409 = 0x78000;
											}
											__eflags = _t409 & 0xffffff80;
											if((_t409 & 0xffffff80) == 0) {
												L131:
												__eflags = _t726 - 0x12;
												if(_t726 > 0x12) {
													_t726 = 0x12;
												}
												_t680 = _t726;
												__eflags = _t535 & 0x00000006;
												if(__eflags != 0) {
													_t680 = 0x12;
												}
												_push(_t758 + 8);
												_t536 =  *(_t766 - 0x2c);
												_t727 = E007344C5(_t536, _t536, _t680, _t726, _t758 + 8, __eflags);
												__eflags = _t727;
												if(_t727 == 0) {
													L179:
													_t411 = 0;
													goto L90;
												} else {
													_t415 = 1 <<  *(_t727 + 8);
													__eflags = 1 - 0x78000;
													if(1 > 0x78000) {
														_t415 = 0x78000;
													}
													 *(_t766 - 0x40) = _t415 + 0xfffffff8;
													asm("lock xadd [eax], ecx");
													_t613 =  *(_t766 - 0x44);
													_t418 = E007055E8( *(_t766 - 0x44));
													__eflags = _t418;
													if(_t418 == 0) {
														_t613 = _t536;
														_t751 = E0073485C(_t536,  *(_t766 - 0x34));
														__eflags = _t751;
														if(_t751 == 0) {
															goto L250;
														}
														 *(_t751 + 4) =  *(_t751 + 4) & 0x00000000;
														goto L137;
													} else {
														_t219 = _t418 - 0x18; // -24
														_t751 = _t219;
														L137:
														__eflags = _t751;
														if(_t751 == 0) {
															L250:
															E00722882(_t613,  *((intOrPtr*)(_t536 + 0x24)), 0, _t727);
															goto L179;
														}
														 *((char*)(_t751 + 0x17)) =  *(_t766 - 0x34);
														E0073454D(_t536, _t751, _t727,  *((intOrPtr*)(0x7342c0 + (( *(_t766 - 0x28))[1] & 0x000000ff) * 4)),  *(_t766 - 0x40),  *(_t766 - 0x28));
														 *((intOrPtr*)(_t727 + 0xc)) = 0xf0e0d0c0;
														_t228 = _t751 + 0x1c; // 0x4
														_t615 = _t228;
														while(1) {
															_t683 =  *_t615;
															__eflags = _t683;
															if(_t683 == 0) {
																break;
															}
															__eflags = _t683 & 0x00000006;
															if((_t683 & 0x00000006) != 0) {
																break;
															}
															asm("lock cmpxchg [ebx], edi");
															__eflags = _t683 - _t683;
															if(_t683 != _t683) {
																continue;
															}
															_t425 = 1;
															L143:
															__eflags = _t425;
															if(_t425 == 0) {
																while(1) {
																	L226:
																	_t308 = _t751 + 0x1c; // 0x4
																	_t616 =  *_t308;
																	__eflags = _t616;
																	if(_t616 == 0) {
																		break;
																	}
																	__eflags = _t616 & 0x00000002;
																	if((_t616 & 0x00000002) != 0) {
																		break;
																	}
																	asm("lock cmpxchg [edi], edx");
																	__eflags = _t616 - _t616;
																	if(_t616 != _t616) {
																		continue;
																	}
																	_t427 = 1;
																	goto L241;
																}
																_t427 = 0;
																__eflags = 0;
																goto L241;
															}
															_t435 =  *(_t766 - 0x20);
															__eflags =  *_t751 - _t435;
															if( *_t751 != _t435) {
																_t687 = 0xfffffff9;
																_t436 =  *_t615;
																do {
																	__eflags = _t436 & _t687;
																	asm("lock cmpxchg [edi], ebx");
																} while ((_t436 & _t687) != 0);
																__eflags = _t436 - 6;
																if(_t436 != 6) {
																	__eflags =  *((short*)(_t751 + 8));
																	if( *((short*)(_t751 + 8)) == 0) {
																		goto L226;
																	} else {
																		goto L217;
																	}
																	while(1) {
																		L217:
																		_t688 =  *_t615;
																		__eflags = _t688;
																		if(_t688 == 0) {
																			break;
																		}
																		__eflags = _t688 & 0x00000002;
																		if((_t688 & 0x00000002) != 0) {
																			break;
																		}
																		asm("lock cmpxchg [ebx], edi");
																		__eflags = _t688 - _t688;
																		if(_t688 != _t688) {
																			continue;
																		}
																		_t437 = 1;
																		L222:
																		__eflags = _t437;
																		if(_t437 == 0) {
																			goto L226;
																		}
																		_t731 =  *_t751;
																		_t301 = _t766 - 0x30;
																		 *_t301 =  *(_t766 - 0x30) & 0x00000000;
																		__eflags =  *_t301;
																		do {
																			_t306 = (( *(_t731 + 0x62) & 0x0000ffff) +  *(_t766 - 0x30) & 0x0000000f) * 4; // 0x101
																			_t689 =  *(_t731 + _t306 + 8);
																			__eflags = _t689;
																			if(_t689 != 0) {
																				_t620 =  *(_t689 + 0x1c);
																				__eflags = _t620 & 0x00000001;
																				if((_t620 & 0x00000001) != 0) {
																					goto L232;
																				}
																				asm("lock cmpxchg [ebx], ecx");
																				__eflags = _t689 - _t689;
																				if(_t689 == _t689) {
																					_t625 = 0xfffffffd;
																					_t318 = _t689 + 0x1c; // 0x115
																					_t444 =  *_t318;
																					do {
																						__eflags = _t444 & _t625;
																						asm("lock cmpxchg [edi], ebx");
																					} while ((_t444 & _t625) != 0);
																					__eflags = _t444 - 2;
																					if(_t444 != 2) {
																						goto L226;
																					}
																					_t623 =  *( *_t689 + 0x58);
																					 *_t689 =  *_t689 & 0x00000000;
																					 *((intOrPtr*)(_t689 + 0xc)) =  *((intOrPtr*)(_t689 + 0xc)) + 1;
																					_t690 = _t689 + 0x18;
																					L235:
																					E00705640(_t623, _t690);
																					goto L226;
																				}
																				goto L232;
																			}
																			asm("lock cmpxchg [edx], ecx");
																			__eflags = 0;
																			if(0 != 0) {
																				goto L232;
																			}
																			goto L226;
																			L232:
																			 *(_t766 - 0x30) =  *(_t766 - 0x30) + 1;
																			__eflags =  *(_t766 - 0x30) - 0x10;
																		} while ( *(_t766 - 0x30) < 0x10);
																		_t623 =  *_t751 + 0x48;
																		__eflags =  *_t751 + 0x48;
																		L234:
																		_t317 = _t751 + 0x18; // 0x0
																		_t690 = _t317;
																		goto L235;
																	}
																	_t437 = 0;
																	__eflags = 0;
																	goto L222;
																}
																_t623 =  *( *_t751 + 0x58);
																 *_t751 =  *_t751 & 0x00000000;
																 *((intOrPtr*)(_t751 + 0xc)) =  *((intOrPtr*)(_t751 + 0xc)) + 1;
																goto L234;
															}
															goto L145;
														}
														_t425 = 0;
														goto L143;
													}
												}
											} else {
												do {
													_t726 = _t726 + 1;
													__eflags = _t409 >> _t726;
												} while (_t409 >> _t726 != 0);
												goto L131;
											}
											L14:
											_t394 =  *(_t766 - 0x40);
											 *((char*)(_t766 - 0x19)) = 0;
											 *(_t766 - 0x54) =  *_t757;
											 *(_t766 - 0x50) =  *(_t757 + 4);
											__eflags =  *(_t766 - 0x54) - _t394;
											if( *(_t766 - 0x54) == _t394) {
												 *(_t766 - 0x60) =  *(_t766 - 0x50) + 1;
												__eflags =  *(_t766 - 0x50) - 7;
												if( *(_t766 - 0x50) > 7) {
													 *((char*)(_t766 - 0x19)) = 1;
													 *(_t766 - 0x60) = 0;
												}
											} else {
												 *(_t766 - 0x64) = _t394;
												 *(_t766 - 0x60) = 1;
											}
											_t678 =  *(_t766 - 0x50);
											asm("lock cmpxchg8b [edi]");
											_t725 =  *(_t766 - 0x50);
											__eflags =  *(_t766 - 0x54) -  *(_t766 - 0x54);
											if( *(_t766 - 0x54) !=  *(_t766 - 0x54)) {
												goto L14;
											}
										}
									}
									L111:
									_t750 = _t749 + 0x48;
									__eflags = _t749 + 0x48;
									while(1) {
										_t357 = E007055E8(_t750);
										__eflags = _t357;
										if(_t357 == 0) {
											break;
										}
										_t46 = _t357 - 0x18; // -24
										_t656 = _t46;
										_t573 = 0xfffffffd;
										_t47 = _t656 + 0x1c; // 0x4
										_t358 =  *_t47;
										do {
											__eflags = _t358 & _t573;
											asm("lock cmpxchg [edi], ebx");
										} while ((_t358 & _t573) != 0);
										__eflags = _t358 - 2;
										if(_t358 == 2) {
											 *_t656 =  *_t656 & 0x00000000;
											 *((intOrPtr*)(_t656 + 0xc)) =  *((intOrPtr*)(_t656 + 0xc)) + 1;
											E00705640( *((intOrPtr*)( *_t656 + 0x58)), _t656 + 0x18);
											continue;
										}
										__eflags =  *((short*)(_t656 + 8));
										if( *((short*)(_t656 + 8)) == 0) {
											continue;
										}
										goto L32;
									}
									_t751 = 0;
									__eflags = 0;
									goto L114;
								}
								_t656 = 0;
								__eflags = 0;
								goto L110;
							}
						}
					}
					_t110 = _t766 - 4;
					 *_t110 =  *(_t766 - 4) & 0x00000000;
					__eflags =  *_t110;
					while(1) {
						_t634 = _t344 + 8;
						_t741 =  *_t634;
						 *(_t766 - 0x54) = _t741;
						_t554 = _t634[1];
						 *(_t766 - 0x50) = _t554;
						__eflags = _t741;
						if(_t741 == 0) {
							break;
						}
						_t760 =  *(_t344 + 4);
						__eflags = _t760;
						if(_t760 == 0) {
							break;
						}
						__eflags =  *_t344 - _t652;
						if( *_t344 != _t652) {
							break;
						}
						_t117 = (_t741 >> 0x0000000d & 0x0007fff8) + _t760 + 8; // 0x8
						_t761 = _t117;
						asm("adc ebx, 0xffffffff");
						_t495 =  *_t761 & 0x0000ffff;
						asm("cdq");
						 *(_t766 - 0x6c) = _t741 + 0xffffffff & 0x0000ffff | _t495 << 0x00000010;
						 *(_t766 - 0x68) = _t554 | (_t652 << 0x00000020 | _t495) << 0x10;
						_t700 =  *(_t766 - 0x50);
						asm("lock cmpxchg8b [edi]");
						__eflags =  *(_t766 - 0x54) -  *(_t766 - 0x54);
						if( *(_t766 - 0x54) !=  *(_t766 - 0x54)) {
							L18:
							_t652 =  *(_t766 - 0x20);
							_t500 = ( *(_t652 + 0x60) & 0x0000ffff) << 2;
							_t638 =  *((intOrPtr*)( *((intOrPtr*)(_t652 + 0x58)) + 0xc));
							__eflags =  *(_t638 + _t500 + 0x113) & 0x00000001;
							if(( *(_t638 + _t500 + 0x113) & 0x00000001) == 0) {
								_t44 = (( *(_t652 + 0x60) & 0x0000ffff) << 2) + 0x113; // 0x7d811074
								_t504 =  *((intOrPtr*)( *((intOrPtr*)(_t652 + 0x58)) + 0xc)) + _t44;
								 *_t504 =  *_t504 | 0x00000001;
								__eflags =  *_t504;
							}
							_t344 =  *(_t766 - 0x30);
							continue;
						}
						__eflags = _t700 -  *(_t766 - 0x50);
						if(_t700 !=  *(_t766 - 0x50)) {
							goto L18;
						}
						_t635 = _t761;
						L86:
						 *(_t766 - 0x24) = _t635;
						 *(_t766 - 4) = 0xfffffffe;
						__eflags = _t635;
						if(_t635 == 0) {
							 *( *(_t766 - 0x20)) =  *( *(_t766 - 0x20)) & 0x00000000;
							goto L91;
						}
						_t471 = (( *( *(_t766 - 0x28)) & 0x0000ffff) << 3) -  *((intOrPtr*)(_t766 - 0x3c));
						_t578 = _t635 + 0xfffffff8;
						_t752 =  *( *(_t766 - 0x2c) + 0x24);
						__eflags = _t471 - 0x3f;
						if(_t471 >= 0x3f) {
							__eflags =  *(_t578 + 7) & 0x00000080;
							if(( *(_t578 + 7) & 0x00000080) != 0) {
								goto L102;
							}
							__eflags =  *(_t752 + 0x4c);
							if( *(_t752 + 0x4c) == 0) {
								goto L185;
							} else {
								_t664 =  *_t578;
								__eflags =  *(_t752 + 0x4c) & _t664;
								goto L182;
							}
							goto L72;
						}
						goto L88;
					}
					_t635 = 0;
					goto L86;
				}
				L1:
				asm("lock cmpxchg [ebx], ecx");
				if(_t672 == _t672) {
					goto L3;
				} else {
					goto L158;
				}
			}

0x00722adc
0x00722ade
0x00722ae3
0x00722ae8
0x00722aeb
0x00722aed
0x00722afd
0x00722aff
0x00722b06
0x00701b99
0x00701ba5
0x00701ba5
0x00701ba6
0x00701ba9
0x006f015f
0x006f0169
0x006fe098
0x006fe098
0x006fe09d
0x006fe0a4
0x006fe0a4
0x006fe0a7
0x006fe0ad
0x006fe0b7
0x006fe0b7
0x006fe0c2
0x006fe0c8
0x00701bec
0x00701bec
0x00000000
0x00701bec
0x00701baf
0x00701bbc
0x00701bbf
0x00000000
0x00000000
0x00701bcc
0x00701bd1
0x00701bd7
0x00701be1
0x00701be3
0x006ff42c
0x006ff43b
0x006ff43b
0x00701be9
0x00000000
0x00722b0c
0x00722b0c
0x00722b0c
0x00722b0c
0x00722b10
0x00722b19
0x00722b20
0x00722b2a
0x00722b2e
0x00722b31
0x00722b33
0x00722b36
0x00722b38
0x00733efe
0x00733efe
0x00733efe
0x00733f01
0x00733f04
0x00733f09
0x00000000
0x00000000
0x00733f0f
0x00733f0f
0x00733f16
0x00733f16
0x00733f16
0x00733f19
0x00733f1b
0x00733f1e
0x00733f21
0x00733f27
0x00000000
0x00000000
0x00733f2d
0x00733f32
0x00000000
0x00733f40
0x00733f4c
0x00733f54
0x00733f5d
0x00733f60
0x00733f6c
0x00733f6f
0x00733f75
0x00733f80
0x00733f87
0x006d8e67
0x006d8e71
0x006d8e77
0x006d8e7a
0x006d8e82
0x006d8e94
0x006d8e94
0x006d8e9b
0x006d8e9b
0x006d8e9b
0x006d8e9e
0x00000000
0x00733f96
0x00733f96
0x00733f98
0x00733f98
0x00733f9b
0x00733fa4
0x00000000
0x00000000
0x00733faf
0x00733fb2
0x00733fb8
0x00733fbe
0x00722bf2
0x00722bf2
0x00722bf2
0x00722bf4
0x00722bf7
0x00722bf7
0x00722bfa
0x00722bff
0x00722bff
0x00733fc8
0x00761ab3
0x00761ab7
0x00761a92
0x00761a92
0x00733fe3
0x00733fe6
0x00733fea
0x00000000
0x00733fea
0x00761ab9
0x00761abb
0x00761a85
0x00761a85
0x00761a87
0x00761a87
0x00761a87
0x00761a8a
0x00000000
0x00761a8a
0x00733fce
0x00733fdf
0x00000000
0x00733fdf
0x00733f87
0x00733f32
0x007348bc
0x00000000
0x00733ff3
0x00733ffa
0x00733ffa
0x00734000
0x00734004
0x00734004
0x00734006
0x00734006
0x00734008
0x0073400b
0x00734012
0x00734012
0x00734012
0x00734014
0x00734016
0x0073ef25
0x0073ef29
0x0073ef2c
0x0073ef2e
0x0073ef34
0x0073ef37
0x0073ef39
0x0073ef39
0x0073ef2e
0x0073401c
0x0073401f
0x0073401f
0x0073401f
0x0073401f
0x00734024
0x00734027
0x00734029
0x006f9ab3
0x006f9ab8
0x006f9ab8
0x006f9aba
0x006f9abc
0x00000000
0x00000000
0x006f466f
0x006f4672
0x006f4672
0x006f4675
0x006f4677
0x006f467a
0x00000000
0x00000000
0x006f4682
0x006f4685
0x006f4687
0x006f4689
0x006f468b
0x006f468b
0x006f4691
0x006f4694
0x006f469b
0x006f469e
0x006f46a1
0x006f46a4
0x006f46a4
0x006f46ac
0x006f46b1
0x006f46b1
0x006f9ac9
0x006f9acd
0x006f9ad0
0x0074a8c3
0x0074a8c5
0x0074a8d1
0x0074a8d1
0x00734004
0x00734006
0x00734006
0x00734008
0x0073400b
0x00000000
0x0073400b
0x006f9ad6
0x006f9ad8
0x006f9adc
0x006f9adc
0x006f9ae2
0x006f9ae2
0x006f9ae6
0x00734031
0x00734031
0x00734033
0x006f9a92
0x006f9a93
0x006f9a96
0x006f9a98
0x006f9a9a
0x006f9a9c
0x006f9a9c
0x006f9aa2
0x006f9aa5
0x00761ac5
0x00761ac8
0x00761ace
0x00000000
0x00761ace
0x006f99ae
0x006f99ae
0x0073404d
0x0073404d
0x0073404f
0x006f99b5
0x006f99b5
0x006f99b8
0x006f99b8
0x006f99ba
0x006f99bc
0x00000000
0x00000000
0x006f99c2
0x006f99c5
0x00000000
0x00000000
0x006f99d6
0x006f99da
0x006f99dc
0x00000000
0x00000000
0x006f99de
0x006f99e0
0x006f99e0
0x006f99e2
0x00000000
0x00733efe
0x00733efe
0x00733efe
0x00733efe
0x00733f01
0x00733f04
0x00733f09
0x00000000
0x00000000
0x00000000
0x00733f09
0x006d8b72
0x006d8b72
0x006d8b72
0x006d8b7d
0x006d8b80
0x006d8b83
0x006d8b86
0x007342b1
0x007342b1
0x007342b6
0x00733efe
0x00733efe
0x00733efe
0x00733efe
0x00733f01
0x00733f04
0x00733f09
0x00000000
0x00000000
0x00000000
0x00733f09
0x00761ca8
0x00761ca8
0x00761ca8
0x00761cb0
0x00761cb2
0x00761cb2
0x00761cb2
0x00761cb6
0x00761cc4
0x00761cc6
0x00761cc8
0x00000000
0x00000000
0x00761cca
0x00761cd0
0x00761cd4
0x00761cd6
0x00761cf7
0x00761cf7
0x00761cfa
0x00761cfe
0x007342a9
0x007342ab
0x007342ae
0x007342ae
0x007342ae
0x00000000
0x007342ae
0x00761cc4
0x00761cc6
0x00761cc8
0x00000000
0x00000000
0x00000000
0x00761cc8
0x00761cd8
0x00733efe
0x00733efe
0x00733efe
0x00733efe
0x00733f01
0x00733f04
0x00733f09
0x00000000
0x00000000
0x00000000
0x00733f09
0x0073426e
0x0073426e
0x0073426e
0x00734276
0x00734278
0x00734278
0x00734278
0x0073427c
0x00734286
0x0073428a
0x0073428c
0x0073428e
0x006f017e
0x006f0182
0x006f0184
0x00733efe
0x00733efe
0x00733efe
0x00733f01
0x00733f04
0x00733f09
0x00000000
0x00000000
0x00000000
0x00733f09
0x00733efe
0x00000000
0x006f018a
0x00734294
0x00734297
0x0073429a
0x00000000
0x00000000
0x007342a0
0x007342a0
0x007342a3
0x00000000
0x00761cdd
0x00761cdd
0x00761ce0
0x00761ce3
0x00000000
0x00000000
0x00761ceb
0x00761cef
0x00761cf1
0x006d8b60
0x006d8b62
0x006d8b63
0x006d8b66
0x006d8b68
0x006d8b6a
0x006d8b6c
0x006d8b6c
0x00000000
0x006d8b68
0x00000000
0x00761cf1
0x00761cb6
0x006f99e8
0x006f99e8
0x006f99eb
0x006f99ed
0x00761ada
0x00761add
0x00761adf
0x00761ae1
0x00761ae3
0x00761ae3
0x00761ae9
0x00761aec
0x00761afe
0x00761afe
0x00761b03
0x00000000
0x00733efe
0x00733efe
0x00733efe
0x00733efe
0x00733efe
0x00733efe
0x00733efe
0x00733efe
0x00733efe
0x00733efe
0x00733f01
0x00733f04
0x00733f09
0x00000000
0x00000000
0x00000000
0x00733f09
0x00000000
0x00733efe
0x006f9a00
0x006f9a00
0x006f9a05
0x006f9a08
0x006f9a0a
0x006f9a0c
0x006f9a0e
0x006f9a0e
0x006f9a14
0x006f9a17
0x00000000
0x00000000
0x00000000
0x006f9a17
0x00761b09
0x00761b09
0x00761b09
0x00761b0b
0x00761b0d
0x00000000
0x00000000
0x00761b0f
0x00761b12
0x00000000
0x00000000
0x00761b1f
0x00761b23
0x00761b25
0x00000000
0x00000000
0x00761b27
0x00000000
0x00761b27
0x00761b2b
0x00761b2b
0x00000000
0x006f9a1d
0x006f9a1d
0x006f9a1d
0x006f9a28
0x006f9a28
0x006f9a2a
0x006f9a2c
0x00000000
0x00000000
0x006f9a32
0x006f9a35
0x00000000
0x00000000
0x006f9a46
0x006f9a4a
0x006f9a4c
0x00000000
0x00000000
0x006f9a4e
0x00000000
0x006f9a4e
0x0074a8e2
0x00000000
0x00761b2d
0x00761b2d
0x00761b2d
0x00761b35
0x00761b37
0x00761b37
0x00761b37
0x00761b3b
0x00761b45
0x00761b49
0x00761b4b
0x00761b4d
0x00000000
0x00000000
0x00761b4f
0x00761b55
0x00761b59
0x00761b5b
0x00761b7c
0x00761b7c
0x00761b7f
0x00761b83
0x00000000
0x00000000
0x00761b45
0x00761b49
0x00761b4b
0x00761b4d
0x00000000
0x00000000
0x00000000
0x00761b4d
0x00000000
0x00761b62
0x00761b62
0x00761b65
0x00761b68
0x00000000
0x00000000
0x00761b70
0x00761b74
0x00761b76
0x00000000
0x00000000
0x00000000
0x00761b76
0x006f9a50
0x006f9a50
0x006f9a50
0x006f9a58
0x006f9a5a
0x006f9a5a
0x006f9a5a
0x006f9a5e
0x006f9a68
0x006f9a6c
0x006f9a6e
0x006f9a70
0x006e7d73
0x006e7d77
0x006e7d79
0x00000000
0x00000000
0x00000000
0x006e7d7f
0x006f9a76
0x006f9a79
0x006f9a7c
0x00761b91
0x00761b95
0x00761b97
0x00000000
0x00000000
0x00000000
0x00761b9d
0x006f9a82
0x006f9a82
0x006f9a85
0x006f9a85
0x00000000
0x00734211
0x00734211
0x00734214
0x00734214
0x00734214
0x00734216
0x00734216
0x0073421e
0x0073421e
0x00734223
0x00734226
0x00734228
0x0073422a
0x0073422c
0x0073422c
0x00734232
0x00734235
0x00000000
0x00000000
0x0073423b
0x0073423b
0x00734246
0x00734246
0x00734248
0x0073424a
0x00000000
0x00000000
0x00734250
0x00734253
0x00000000
0x00000000
0x00734264
0x00734268
0x0073426a
0x00000000
0x00000000
0x0073426c
0x00000000
0x0073426c
0x0074a8f0
0x00000000
0x0074a8f0
0x00000000
0x00761b03
0x00761aee
0x00761af0
0x00761af3
0x00761af6
0x00000000
0x00761af6
0x006f99f3
0x006f99f6
0x006f99f6
0x006f99f6
0x006f99f8
0x006f99f8
0x0074a8db
0x00000000
0x0074a8db
0x00734058
0x0073405c
0x00734062
0x00734062
0x00734065
0x00734065
0x0073406b
0x00734071
0x00734077
0x00734079
0x0073ddad
0x0073ddb3
0x0073ddb6
0x0073ddbc
0x0073ddc0
0x0073ddc0
0x0073407f
0x0073407f
0x00734082
0x00734082
0x0073408c
0x00734097
0x0073409e
0x007340a1
0x007340a3
0x00000000
0x00000000
0x007340a9
0x007340a9
0x007340ab
0x00000000
0x00000000
0x007340b4
0x007340b7
0x007340bb
0x007340bd
0x007340bd
0x007340bd
0x007340c0
0x007340c3
0x007340c8
0x007340ce
0x007340d7
0x007340d8
0x007340de
0x007340e0
0x007340e0
0x007340e0
0x007340e2
0x007340ea
0x007340f0
0x006fb8d3
0x006fb8d3
0x007340fb
0x00734101
0x00734103
0x00734105
0x00734107
0x00734107
0x0073410e
0x00734110
0x006df1bd
0x006df1bd
0x0073411c
0x00734124
0x00734126
0x00746a9a
0x00746a9a
0x0073412c
0x00734131
0x0073413e
0x0073413e
0x00734141
0x00749ebe
0x00749ebe
0x00734147
0x00734149
0x0073414c
0x00761ba4
0x00761ba4
0x00734155
0x00734156
0x00734160
0x00734162
0x00734164
0x0074a8f7
0x0074a8f7
0x00000000
0x0073416a
0x00734170
0x00734177
0x00734179
0x00761baa
0x00761baa
0x00734182
0x0073418b
0x0073418f
0x00734192
0x00734197
0x00734199
0x0073483d
0x00734844
0x00734846
0x00734848
0x00000000
0x00000000
0x0073484e
0x00000000
0x0073419f
0x0073419f
0x0073419f
0x007341a2
0x007341a2
0x007341a4
0x00761d06
0x00761d0c
0x00000000
0x00761d0c
0x007341ad
0x007341c7
0x007341cc
0x007341d3
0x007341d3
0x007341d6
0x007341d6
0x007341d8
0x007341da
0x00000000
0x00000000
0x007341e0
0x007341e3
0x00000000
0x00000000
0x007341f4
0x007341f8
0x007341fa
0x00000000
0x00000000
0x007341fc
0x007341fe
0x007341fe
0x00734200
0x00761c2e
0x00761c2e
0x00761c2e
0x00761c31
0x00761c33
0x00761c35
0x00000000
0x00000000
0x00761c37
0x00761c3a
0x00000000
0x00000000
0x00761c45
0x00761c49
0x00761c4b
0x00000000
0x00000000
0x00761c4d
0x00000000
0x00761c4d
0x00761ca6
0x00761ca6
0x00000000
0x00761ca6
0x00734206
0x00734209
0x0073420b
0x00761bb3
0x00761bb6
0x00761bb8
0x00761bba
0x00761bbc
0x00761bbc
0x00761bc2
0x00761bc5
0x00761bd7
0x00761bdc
0x00000000
0x00000000
0x00000000
0x00000000
0x00761bde
0x00761bde
0x00761bde
0x00761be0
0x00761be2
0x00000000
0x00000000
0x00761be4
0x00761be7
0x00000000
0x00000000
0x00761bf4
0x00761bf8
0x00761bfa
0x00000000
0x00000000
0x00761bfc
0x00761c02
0x00761c02
0x00761c04
0x00000000
0x00000000
0x00761c06
0x00761c08
0x00761c08
0x00761c08
0x00761c0c
0x00761c16
0x00761c1a
0x00761c1c
0x00761c1e
0x00761c51
0x00761c54
0x00761c57
0x00000000
0x00000000
0x00761c5f
0x00761c63
0x00761c65
0x00761c81
0x00761c82
0x00761c85
0x00761c87
0x00761c89
0x00761c8b
0x00761c8b
0x00761c91
0x00761c94
0x00000000
0x00000000
0x00761c98
0x00761c9b
0x00761c9e
0x00761ca1
0x00761c78
0x00761c78
0x00000000
0x00761c78
0x00000000
0x00761c65
0x00761c26
0x00761c2a
0x00761c2c
0x00000000
0x00000000
0x00000000
0x00761c67
0x00761c67
0x00761c6a
0x00761c6a
0x00761c72
0x00761c72
0x00761c75
0x00761c75
0x00761c75
0x00000000
0x00761c75
0x00761c00
0x00761c00
0x00000000
0x00761c00
0x00761bc9
0x00761bcc
0x00761bcf
0x00000000
0x00761bcf
0x00000000
0x0073420b
0x0074a8e9
0x00000000
0x0074a8e9
0x00734199
0x00734133
0x00734133
0x00734133
0x0073413a
0x0073413a
0x00000000
0x00734133
0x006ec851
0x006ec851
0x00734065
0x0073406b
0x00734071
0x00734077
0x00734079
0x0073ddad
0x0073ddb3
0x0073ddb6
0x0073ddbc
0x0073ddc0
0x0073ddc0
0x0073407f
0x0073407f
0x00734082
0x00734082
0x0073408c
0x00734097
0x0073409e
0x007340a1
0x007340a3
0x00000000
0x00000000
0x007340a3
0x00734065
0x00734039
0x00734039
0x00734039
0x0073403c
0x0073403e
0x00734043
0x00734045
0x00000000
0x00000000
0x006f01ce
0x006f01ce
0x006f01d3
0x006f01d4
0x006f01d7
0x006f01d9
0x006f01db
0x006f01dd
0x006f01dd
0x006f01e3
0x006f01e6
0x006e1677
0x006e167a
0x006e1680
0x00000000
0x006e1680
0x006f01ec
0x006f01f1
0x00000000
0x00000000
0x00000000
0x006f01f7
0x0073404b
0x0073404b
0x00000000
0x0073404b
0x0073402f
0x0073402f
0x00000000
0x0073402f
0x00734004
0x00733efe
0x00722b3e
0x00722b3e
0x00722b3e
0x00722b42
0x00722b42
0x00722b45
0x00722b47
0x00722b4a
0x00722b4d
0x00722b50
0x00722b53
0x00000000
0x00000000
0x00722b59
0x00722b5c
0x00722b5e
0x00000000
0x00000000
0x00722b64
0x00722b66
0x00000000
0x00000000
0x00722b78
0x00722b78
0x00722b7e
0x00722b87
0x00722b8a
0x00722b96
0x00722b99
0x00722b9f
0x00722baa
0x00722bae
0x00722bb1
0x006f018f
0x006f018f
0x006f0199
0x006f019f
0x006f01a2
0x006f01aa
0x006f01bc
0x006f01bc
0x006f01c3
0x006f01c3
0x006f01c3
0x006f01c6
0x00000000
0x006f01c6
0x00722bb7
0x00722bba
0x00000000
0x00000000
0x00722bc0
0x00722bc2
0x00722bc2
0x00722bc5
0x00722bcc
0x00722bce
0x0073b321
0x00000000
0x0073b321
0x00722bdd
0x00722be0
0x00722be6
0x00722be9
0x00722bec
0x006ffa8f
0x006ffa93
0x00000000
0x00000000
0x00761a7a
0x00761a7e
0x00000000
0x00761a80
0x00761a80
0x00761a82
0x00000000
0x00761a82
0x00000000
0x00761a7e
0x00000000
0x00722bec
0x0073b317
0x00000000
0x0073b317
0x006d8b4d
0x006d8b53
0x006d8b59
0x00000000
0x006d8b5b
0x00000000
0x006d8b5b

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e6b030e2c1d169cbf0555f93de7ccddc695b5e897c7d552b7a5833527b74726
Instruction ID: 346e32948e61659ccc56becde9025ac04ea9216ec6df96b161c377243982b232
Opcode Fuzzy Hash: 0e6b030e2c1d169cbf0555f93de7ccddc695b5e897c7d552b7a5833527b74726
Instruction Fuzzy Hash: 5772B831A00215CFDB29CF59C8806B9B3F2BF95314F68816DD9569B396E778EC42CB90

Uniqueness

Uniqueness Score: 0.00%

Function 0074B974, Relevance: .8, Instructions: 785
COMMONCrypto

C-Code - Quality: 100%

			E0074B974(void* _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr _a16, intOrPtr* _a20) {
				intOrPtr _v8;
				void* _v12;
				intOrPtr* _v16;
				signed char _t539;
				signed char _t543;
				signed char _t565;
				signed int _t566;
				int _t567;
				signed char _t574;
				signed int _t575;
				int _t576;
				signed char _t583;
				signed int _t584;
				int _t585;
				signed char _t592;
				signed int _t593;
				int _t594;
				signed char _t601;
				signed int _t602;
				int _t603;
				signed char _t610;
				signed int _t611;
				int _t612;
				signed char _t619;
				signed int _t620;
				int _t621;
				signed char _t628;
				signed int _t629;
				int _t630;
				signed char _t635;
				signed int _t636;
				int _t637;
				signed char _t642;
				signed int _t643;
				int _t644;
				signed char _t649;
				signed int _t650;
				int _t651;
				signed char _t656;
				signed int _t657;
				int _t658;
				signed char _t663;
				signed int _t664;
				int _t665;
				signed char _t670;
				signed int _t671;
				int _t672;
				signed char _t677;
				signed int _t678;
				int _t679;
				signed char _t684;
				signed int _t685;
				int _t686;
				void* _t796;
				intOrPtr* _t823;
				void* _t827;
				void* _t831;
				void* _t835;
				void* _t839;
				void* _t843;
				void* _t847;
				void* _t851;
				void* _t855;
				void* _t859;
				void* _t864;
				void* _t869;
				void* _t874;
				void* _t879;
				void* _t884;
				void* _t889;
				void* _t894;
				void* _t897;

				_t796 = _a4;
				_t823 = _a12;
				_a16 = _a16 - 0x11;
				_v8 = _a8 - 8;
				_v12 = _t796;
				_t543 = 0xd;
				while(_t823 < _a16 && _t796 < _v8) {
					_t539 =  *_t823;
					if((_t539 & 0x00000001) != 0) {
						while(_t796 > _v12) {
							_t543 = _t543 - 1;
							_v12 = _a4 +  *((intOrPtr*)(0x74ba26 + _t543 * 4));
						}
						_t43 = _t823 + 1; // 0x12
						_v16 = _t43;
						_t635 = _t543;
						_t48 = 0 &  *(0x74ba6a + _t543 * 4);
						_t543 = _t635;
						_t636 = _t48;
						_t859 = _t796 +  ~(0 >> _t635) - 1;
						if(_t859 < _a4) {
							L179:
							return 0xc0000242;
						}
						_t637 = _t636 + 3;
						if(_t796 + _t637 >= _v8) {
							_a16 = _a16 + 0x11;
							_t823 = _v16 - 1;
							L91:
							_t303 = _t823 + 1; // 0x12
							if(_t303 == _a16 || _t796 == _a8) {
								L180:
								 *_a20 = _t796 - _a4;
								return 0;
							} else {
								if((_t539 & 0x00000001) != 0) {
									_t309 = _t823 + 3; // 0x14
									if(_t309 > _a16) {
										goto L179;
									}
									while(_t796 > _v12) {
										_t543 = _t543 - 1;
										_v12 = _a4 +  *((intOrPtr*)(0x74ba26 + _t543 * 4));
									}
									_t313 = _t823 + 1; // 0x12
									_v16 = _t313;
									_t565 = _t543;
									_t318 = 0 &  *(0x74ba6a + _t543 * 4);
									_t543 = _t565;
									_t566 = _t318;
									_t827 = _t796 +  ~(0 >> _t565) - 1;
									if(_t827 < _a4) {
										goto L179;
									}
									_t567 = _t566 + 3;
									if(_t796 + _t567 > _a8) {
										goto L179;
									}
									_t539 = memcpy(_t796, _t827, _t567);
									_t897 = _t897 + 0xc;
									_t796 = _t827 + _t567 + _t567;
									_t823 = _v16;
									L102:
									if(_t823 + 2 == _a16 || _t796 == _a8) {
										goto L180;
									} else {
										if((_t539 & 0x00000002) != 0) {
											if(_t823 + 4 > _a16) {
												goto L179;
											}
											while(_t796 > _v12) {
												_t543 = _t543 - 1;
												_v12 = _a4 +  *((intOrPtr*)(0x74ba26 + _t543 * 4));
											}
											_v16 = _t823 + 1;
											_t574 = _t543;
											_t347 = 0 &  *(0x74ba6a + _t543 * 4);
											_t543 = _t574;
											_t575 = _t347;
											_t831 = _t796 +  ~(0 >> _t574) - 1;
											if(_t831 < _a4) {
												goto L179;
											}
											_t576 = _t575 + 3;
											if(_t796 + _t576 > _a8) {
												goto L179;
											}
											_t539 = memcpy(_t796, _t831, _t576);
											_t897 = _t897 + 0xc;
											_t796 = _t831 + _t576 + _t576;
											_t823 = _v16;
											L113:
											if(_t823 + 3 == _a16 || _t796 == _a8) {
												goto L180;
											} else {
												if((_t539 & 0x00000004) != 0) {
													if(_t823 + 5 > _a16) {
														goto L179;
													}
													while(_t796 > _v12) {
														_t543 = _t543 - 1;
														_v12 = _a4 +  *((intOrPtr*)(0x74ba26 + _t543 * 4));
													}
													_v16 = _t823 + 1;
													_t583 = _t543;
													_t376 = 0 &  *(0x74ba6a + _t543 * 4);
													_t543 = _t583;
													_t584 = _t376;
													_t835 = _t796 +  ~(0 >> _t583) - 1;
													if(_t835 < _a4) {
														goto L179;
													}
													_t585 = _t584 + 3;
													if(_t796 + _t585 > _a8) {
														goto L179;
													}
													_t539 = memcpy(_t796, _t835, _t585);
													_t897 = _t897 + 0xc;
													_t796 = _t835 + _t585 + _t585;
													_t823 = _v16;
													L124:
													if(_t823 + 4 == _a16 || _t796 == _a8) {
														goto L180;
													} else {
														if((_t539 & 0x00000008) != 0) {
															if(_t823 + 6 > _a16) {
																goto L179;
															}
															while(_t796 > _v12) {
																_t543 = _t543 - 1;
																_v12 = _a4 +  *((intOrPtr*)(0x74ba26 + _t543 * 4));
															}
															_v16 = _t823 + 1;
															_t592 = _t543;
															_t405 = 0 &  *(0x74ba6a + _t543 * 4);
															_t543 = _t592;
															_t593 = _t405;
															_t839 = _t796 +  ~(0 >> _t592) - 1;
															if(_t839 < _a4) {
																goto L179;
															}
															_t594 = _t593 + 3;
															if(_t796 + _t594 > _a8) {
																goto L179;
															}
															_t539 = memcpy(_t796, _t839, _t594);
															_t897 = _t897 + 0xc;
															_t796 = _t839 + _t594 + _t594;
															_t823 = _v16;
															L135:
															if(_t823 + 5 == _a16 || _t796 == _a8) {
																goto L180;
															} else {
																if((_t539 & 0x00000010) != 0) {
																	if(_t823 + 7 > _a16) {
																		goto L179;
																	}
																	while(_t796 > _v12) {
																		_t543 = _t543 - 1;
																		_v12 = _a4 +  *((intOrPtr*)(0x74ba26 + _t543 * 4));
																	}
																	_v16 = _t823 + 1;
																	_t601 = _t543;
																	_t434 = 0 &  *(0x74ba6a + _t543 * 4);
																	_t543 = _t601;
																	_t602 = _t434;
																	_t843 = _t796 +  ~(0 >> _t601) - 1;
																	if(_t843 < _a4) {
																		goto L179;
																	}
																	_t603 = _t602 + 3;
																	if(_t796 + _t603 > _a8) {
																		goto L179;
																	}
																	_t539 = memcpy(_t796, _t843, _t603);
																	_t897 = _t897 + 0xc;
																	_t796 = _t843 + _t603 + _t603;
																	_t823 = _v16;
																	L146:
																	if(_t823 + 6 == _a16 || _t796 == _a8) {
																		goto L180;
																	} else {
																		if((_t539 & 0x00000020) != 0) {
																			if(_t823 + 8 > _a16) {
																				goto L179;
																			}
																			while(_t796 > _v12) {
																				_t543 = _t543 - 1;
																				_v12 = _a4 +  *((intOrPtr*)(0x74ba26 + _t543 * 4));
																			}
																			_v16 = _t823 + 1;
																			_t610 = _t543;
																			_t463 = 0 &  *(0x74ba6a + _t543 * 4);
																			_t543 = _t610;
																			_t611 = _t463;
																			_t847 = _t796 +  ~(0 >> _t610) - 1;
																			if(_t847 < _a4) {
																				goto L179;
																			}
																			_t612 = _t611 + 3;
																			if(_t796 + _t612 > _a8) {
																				goto L179;
																			}
																			_t539 = memcpy(_t796, _t847, _t612);
																			_t897 = _t897 + 0xc;
																			_t796 = _t847 + _t612 + _t612;
																			_t823 = _v16;
																			L157:
																			if(_t823 + 7 == _a16 || _t796 == _a8) {
																				goto L180;
																			} else {
																				if((_t539 & 0x00000040) != 0) {
																					if(_t823 + 9 > _a16) {
																						goto L179;
																					}
																					while(_t796 > _v12) {
																						_t543 = _t543 - 1;
																						_v12 = _a4 +  *((intOrPtr*)(0x74ba26 + _t543 * 4));
																					}
																					_v16 = _t823 + 1;
																					_t619 = _t543;
																					_t492 = 0 &  *(0x74ba6a + _t543 * 4);
																					_t543 = _t619;
																					_t620 = _t492;
																					_t851 = _t796 +  ~(0 >> _t619) - 1;
																					if(_t851 < _a4) {
																						goto L179;
																					}
																					_t621 = _t620 + 3;
																					if(_t796 + _t621 > _a8) {
																						goto L179;
																					}
																					_t539 = memcpy(_t796, _t851, _t621);
																					_t897 = _t897 + 0xc;
																					_t796 = _t851 + _t621 + _t621;
																					_t823 = _v16;
																					L168:
																					if(_t823 + 8 == _a16 || _t796 == _a8) {
																						goto L180;
																					} else {
																						if((_t539 & 0x00000080) != 0) {
																							if(_t823 + 0xa > _a16) {
																								goto L179;
																							}
																							while(_t796 > _v12) {
																								_t543 = _t543 - 1;
																								_v12 = _a4 +  *((intOrPtr*)(0x74ba26 + _t543 * 4));
																							}
																							_v16 = _t823 + 1;
																							_t628 = _t543;
																							_t521 = 0 &  *(0x74ba6a + _t543 * 4);
																							_t543 = _t628;
																							_t629 = _t521;
																							_t855 = _t796 +  ~(0 >> _t628) - 1;
																							if(_t855 < _a4) {
																								goto L179;
																							}
																							_t630 = _t629 + 3;
																							if(_t796 + _t630 > _a8) {
																								goto L179;
																							}
																							memcpy(_t796, _t855, _t630);
																							_t897 = _t897 + 0xc;
																							_t796 = _t855 + _t630 + _t630;
																							_t823 = _v16;
																							L178:
																							_t823 = _t823 + 9;
																							L88:
																							if(_t823 == _a16) {
																								goto L180;
																							}
																							_t539 =  *_t823;
																							goto L91;
																						}
																						 *_t796 =  *((intOrPtr*)(_t823 + 8));
																						_t796 = _t796 + 1;
																						goto L178;
																					}
																				}
																				 *_t796 =  *((intOrPtr*)(_t823 + 7));
																				_t796 = _t796 + 1;
																				goto L168;
																			}
																		}
																		 *_t796 =  *((intOrPtr*)(_t823 + 6));
																		_t796 = _t796 + 1;
																		goto L157;
																	}
																}
																 *_t796 =  *((intOrPtr*)(_t823 + 5));
																_t796 = _t796 + 1;
																goto L146;
															}
														}
														 *_t796 =  *((intOrPtr*)(_t823 + 4));
														_t796 = _t796 + 1;
														goto L135;
													}
												}
												 *_t796 =  *((intOrPtr*)(_t823 + 3));
												_t796 = _t796 + 1;
												goto L124;
											}
										}
										 *_t796 =  *((intOrPtr*)(_t823 + 2));
										_t796 = _t796 + 1;
										goto L113;
									}
								}
								 *_t796 =  *((intOrPtr*)(_t823 + 1));
								_t796 = _t796 + 1;
								goto L102;
							}
						}
						_t539 = memcpy(_t796, _t859, _t637);
						_t897 = _t897 + 0xc;
						_t823 = _v16;
						_t796 = _t859 + _t637 + _t637 - 1;
						if((_t539 & 0x00000002) != 0) {
							L24:
							_t796 = _t796 + 1;
							while(_t796 > _v12) {
								_t543 = _t543 - 1;
								_v12 = _a4 +  *((intOrPtr*)(0x74ba26 + _t543 * 4));
							}
							_v16 = _t823 + 1;
							_t642 = _t543;
							_t94 = 0 &  *(0x74ba6a + _t543 * 4);
							_t543 = _t642;
							_t643 = _t94;
							_t864 = _t796 +  ~(0 >> _t642) - 1;
							if(_t864 < _a4) {
								goto L179;
							}
							_t644 = _t643 + 3;
							if(_t796 + _t644 >= _v8) {
								_a16 = _a16 + 0x11;
								_t823 = _v16 - 1;
								goto L102;
							}
							_t539 = memcpy(_t796, _t864, _t644);
							_t897 = _t897 + 0xc;
							_t823 = _v16;
							_t796 = _t864 + _t644 + _t644 - 2;
							if((_t539 & 0x00000004) != 0) {
								L36:
								_t796 = _t796 + 2;
								while(_t796 > _v12) {
									_t543 = _t543 - 1;
									_v12 = _a4 +  *((intOrPtr*)(0x74ba26 + _t543 * 4));
								}
								_v16 = _t823 + 1;
								_t649 = _t543;
								_t136 = 0 &  *(0x74ba6a + _t543 * 4);
								_t543 = _t649;
								_t650 = _t136;
								_t869 = _t796 +  ~(0 >> _t649) - 1;
								if(_t869 < _a4) {
									goto L179;
								}
								_t651 = _t650 + 3;
								if(_t796 + _t651 >= _v8) {
									_a16 = _a16 + 0x11;
									_t823 = _v16 - 1;
									goto L113;
								}
								_t539 = memcpy(_t796, _t869, _t651);
								_t897 = _t897 + 0xc;
								_t823 = _v16;
								_t796 = _t869 + _t651 + _t651 - 3;
								if((_t539 & 0x00000008) != 0) {
									L47:
									_t796 = _t796 + 3;
									while(_t796 > _v12) {
										_t543 = _t543 - 1;
										_v12 = _a4 +  *((intOrPtr*)(0x74ba26 + _t543 * 4));
									}
									_v16 = _t823 + 1;
									_t656 = _t543;
									_t174 = 0 &  *(0x74ba6a + _t543 * 4);
									_t543 = _t656;
									_t657 = _t174;
									_t874 = _t796 +  ~(0 >> _t656) - 1;
									if(_t874 < _a4) {
										goto L179;
									}
									_t658 = _t657 + 3;
									if(_t796 + _t658 >= _v8) {
										_a16 = _a16 + 0x11;
										_t823 = _v16 - 1;
										goto L124;
									}
									_t539 = memcpy(_t796, _t874, _t658);
									_t897 = _t897 + 0xc;
									_t823 = _v16;
									_t796 = _t874 + _t658 + _t658 - 4;
									if((_t539 & 0x00000010) != 0) {
										L57:
										_t796 = _t796 + 4;
										while(_t796 > _v12) {
											_t543 = _t543 - 1;
											_v12 = _a4 +  *((intOrPtr*)(0x74ba26 + _t543 * 4));
										}
										_v16 = _t823 + 1;
										_t663 = _t543;
										_t208 = 0 &  *(0x74ba6a + _t543 * 4);
										_t543 = _t663;
										_t664 = _t208;
										_t879 = _t796 +  ~(0 >> _t663) - 1;
										if(_t879 < _a4) {
											goto L179;
										}
										_t665 = _t664 + 3;
										if(_t796 + _t665 >= _v8) {
											_a16 = _a16 + 0x11;
											_t823 = _v16 - 1;
											goto L135;
										}
										_t539 = memcpy(_t796, _t879, _t665);
										_t897 = _t897 + 0xc;
										_t823 = _v16;
										_t796 = _t879 + _t665 + _t665 - 5;
										if((_t539 & 0x00000020) != 0) {
											L66:
											_t796 = _t796 + 5;
											while(_t796 > _v12) {
												_t543 = _t543 - 1;
												_v12 = _a4 +  *((intOrPtr*)(0x74ba26 + _t543 * 4));
											}
											_v16 = _t823 + 1;
											_t670 = _t543;
											_t238 = 0 &  *(0x74ba6a + _t543 * 4);
											_t543 = _t670;
											_t671 = _t238;
											_t884 = _t796 +  ~(0 >> _t670) - 1;
											if(_t884 < _a4) {
												goto L179;
											}
											_t672 = _t671 + 3;
											if(_t796 + _t672 >= _v8) {
												_a16 = _a16 + 0x11;
												_t823 = _v16 - 1;
												goto L146;
											}
											_t539 = memcpy(_t796, _t884, _t672);
											_t897 = _t897 + 0xc;
											_t823 = _v16;
											_t796 = _t884 + _t672 + _t672 - 6;
											if((_t539 & 0x00000040) != 0) {
												L74:
												_t796 = _t796 + 6;
												while(_t796 > _v12) {
													_t543 = _t543 - 1;
													_v12 = _a4 +  *((intOrPtr*)(0x74ba26 + _t543 * 4));
												}
												_v16 = _t823 + 1;
												_t677 = _t543;
												_t264 = 0 &  *(0x74ba6a + _t543 * 4);
												_t543 = _t677;
												_t678 = _t264;
												_t889 = _t796 +  ~(0 >> _t677) - 1;
												if(_t889 < _a4) {
													goto L179;
												}
												_t679 = _t678 + 3;
												if(_t796 + _t679 >= _v8) {
													_a16 = _a16 + 0x11;
													_t823 = _v16 - 1;
													goto L157;
												}
												_t539 = memcpy(_t796, _t889, _t679);
												_t897 = _t897 + 0xc;
												_t823 = _v16;
												_t796 = _t889 + _t679 + _t679 - 7;
												if((_t539 & 0x00000080) != 0) {
													L81:
													_t796 = _t796 + 7;
													while(_t796 > _v12) {
														_t543 = _t543 - 1;
														_v12 = _a4 +  *((intOrPtr*)(0x74ba26 + _t543 * 4));
													}
													_v16 = _t823 + 1;
													_t684 = _t543;
													_t286 = 0 &  *(0x74ba6a + _t543 * 4);
													_t543 = _t684;
													_t685 = _t286;
													_t894 = _t796 +  ~(0 >> _t684) - 1;
													if(_t894 < _a4) {
														goto L179;
													}
													_t686 = _t685 + 3;
													if(_t796 + _t686 >= _v8) {
														_a16 = _a16 + 0x11;
														_t823 = _v16 - 1;
														goto L168;
													}
													memcpy(_t796, _t894, _t686);
													_t897 = _t897 + 0xc;
													_t823 = _v16 + 9;
													_t796 = _t894 + _t686 + _t686 - 8 + 8;
													continue;
												}
												 *(_t796 + 7) =  *((intOrPtr*)(_t823 + 8));
												_t823 = _t823 + 9;
												_t796 = _t796 + 8;
												continue;
											}
											 *(_t796 + 6) =  *((intOrPtr*)(_t823 + 7));
											if((_t539 & 0x00000080) != 0) {
												goto L81;
											}
											 *(_t796 + 7) =  *((intOrPtr*)(_t823 + 8));
											_t823 = _t823 + 9;
											_t796 = _t796 + 8;
											continue;
										}
										 *(_t796 + 5) =  *((intOrPtr*)(_t823 + 6));
										if((_t539 & 0x00000040) != 0) {
											goto L74;
										}
										 *(_t796 + 6) =  *((intOrPtr*)(_t823 + 7));
										if((_t539 & 0x00000080) != 0) {
											goto L81;
										}
										 *(_t796 + 7) =  *((intOrPtr*)(_t823 + 8));
										_t823 = _t823 + 9;
										_t796 = _t796 + 8;
										continue;
									}
									 *(_t796 + 4) =  *((intOrPtr*)(_t823 + 5));
									if((_t539 & 0x00000020) != 0) {
										goto L66;
									}
									 *(_t796 + 5) =  *((intOrPtr*)(_t823 + 6));
									if((_t539 & 0x00000040) != 0) {
										goto L74;
									}
									 *(_t796 + 6) =  *((intOrPtr*)(_t823 + 7));
									if((_t539 & 0x00000080) != 0) {
										goto L81;
									}
									 *(_t796 + 7) =  *((intOrPtr*)(_t823 + 8));
									_t823 = _t823 + 9;
									_t796 = _t796 + 8;
									continue;
								}
								 *(_t796 + 3) =  *((intOrPtr*)(_t823 + 4));
								if((_t539 & 0x00000010) != 0) {
									goto L57;
								}
								 *(_t796 + 4) =  *((intOrPtr*)(_t823 + 5));
								if((_t539 & 0x00000020) != 0) {
									goto L66;
								}
								 *(_t796 + 5) =  *((intOrPtr*)(_t823 + 6));
								if((_t539 & 0x00000040) != 0) {
									goto L74;
								}
								 *(_t796 + 6) =  *((intOrPtr*)(_t823 + 7));
								if((_t539 & 0x00000080) != 0) {
									goto L81;
								}
								 *(_t796 + 7) =  *((intOrPtr*)(_t823 + 8));
								_t823 = _t823 + 9;
								_t796 = _t796 + 8;
								continue;
							}
							 *(_t796 + 2) =  *((intOrPtr*)(_t823 + 3));
							if((_t539 & 0x00000008) != 0) {
								goto L47;
							}
							 *(_t796 + 3) =  *((intOrPtr*)(_t823 + 4));
							if((_t539 & 0x00000010) != 0) {
								goto L57;
							}
							 *(_t796 + 4) =  *((intOrPtr*)(_t823 + 5));
							if((_t539 & 0x00000020) != 0) {
								goto L66;
							}
							 *(_t796 + 5) =  *((intOrPtr*)(_t823 + 6));
							if((_t539 & 0x00000040) != 0) {
								goto L74;
							}
							 *(_t796 + 6) =  *((intOrPtr*)(_t823 + 7));
							if((_t539 & 0x00000080) != 0) {
								goto L81;
							}
							 *(_t796 + 7) =  *((intOrPtr*)(_t823 + 8));
							_t823 = _t823 + 9;
							_t796 = _t796 + 8;
							continue;
						}
						 *(_t796 + 1) =  *((intOrPtr*)(_t823 + 2));
						if((_t539 & 0x00000004) != 0) {
							goto L36;
						}
						 *(_t796 + 2) =  *((intOrPtr*)(_t823 + 3));
						if((_t539 & 0x00000008) != 0) {
							goto L47;
						}
						 *(_t796 + 3) =  *((intOrPtr*)(_t823 + 4));
						if((_t539 & 0x00000010) != 0) {
							goto L57;
						}
						 *(_t796 + 4) =  *((intOrPtr*)(_t823 + 5));
						if((_t539 & 0x00000020) != 0) {
							goto L66;
						}
						 *(_t796 + 5) =  *((intOrPtr*)(_t823 + 6));
						if((_t539 & 0x00000040) != 0) {
							goto L74;
						}
						 *(_t796 + 6) =  *((intOrPtr*)(_t823 + 7));
						if((_t539 & 0x00000080) != 0) {
							goto L81;
						}
						 *(_t796 + 7) =  *((intOrPtr*)(_t823 + 8));
						_t823 = _t823 + 9;
						_t796 = _t796 + 8;
						continue;
					}
					 *_t796 =  *((intOrPtr*)(_t823 + 1));
					if((_t539 & 0x00000002) != 0) {
						goto L24;
					}
					 *(_t796 + 1) =  *((intOrPtr*)(_t823 + 2));
					if((_t539 & 0x00000004) != 0) {
						goto L36;
					}
					 *(_t796 + 2) =  *((intOrPtr*)(_t823 + 3));
					if((_t539 & 0x00000008) != 0) {
						goto L47;
					}
					 *(_t796 + 3) =  *((intOrPtr*)(_t823 + 4));
					if((_t539 & 0x00000010) != 0) {
						goto L57;
					}
					 *(_t796 + 4) =  *((intOrPtr*)(_t823 + 5));
					if((_t539 & 0x00000020) != 0) {
						goto L66;
					}
					 *(_t796 + 5) =  *((intOrPtr*)(_t823 + 6));
					if((_t539 & 0x00000040) != 0) {
						goto L74;
					}
					 *(_t796 + 6) =  *((intOrPtr*)(_t823 + 7));
					if((_t539 & 0x00000080) != 0) {
						goto L81;
					}
					 *(_t796 + 7) =  *((intOrPtr*)(_t823 + 8));
					_t823 = _t823 + 9;
					_t796 = _t796 + 8;
				}
				_a16 = _a16 + 0x11;
				goto L88;
			}

0x0074b97d
0x0074b980
0x0074b983
0x0074b98d
0x0074b990
0x0074b993
0x0074b998
0x0074b9aa
0x0074b9ae
0x0074baae
0x0074bb61
0x0074bb6c
0x0074bb6c
0x0074babd
0x0074bac0
0x0074bacc
0x0074bad0
0x0074bad0
0x0074bad0
0x0074bad4
0x0074badb
0x0074c3ab
0x00000000
0x0074c3ab
0x0074bae1
0x0074baea
0x0074bf67
0x0074bf6e
0x0074bf6f
0x0074bf6f
0x0074bf75
0x0074c3b2
0x0074c3ba
0x00000000
0x0074bf84
0x0074bf86
0x0074bf90
0x0074bf96
0x00000000
0x00000000
0x0074bf9c
0x0074bfe1
0x0074bfec
0x0074bfec
0x0074bfa7
0x0074bfaa
0x0074bfb6
0x0074bfba
0x0074bfba
0x0074bfba
0x0074bfbe
0x0074bfc5
0x00000000
0x00000000
0x0074bfcb
0x0074bfd4
0x00000000
0x00000000
0x0074bfda
0x0074bfda
0x0074bfda
0x0074bfdc
0x0074bff9
0x0074bfff
0x00000000
0x0074c00e
0x0074c010
0x0074c020
0x00000000
0x00000000
0x0074c026
0x0074c06b
0x0074c076
0x0074c076
0x0074c034
0x0074c040
0x0074c044
0x0074c044
0x0074c044
0x0074c048
0x0074c04f
0x00000000
0x00000000
0x0074c055
0x0074c05e
0x00000000
0x00000000
0x0074c064
0x0074c064
0x0074c064
0x0074c066
0x0074c083
0x0074c089
0x00000000
0x0074c098
0x0074c09a
0x0074c0aa
0x00000000
0x00000000
0x0074c0b0
0x0074c0f5
0x0074c100
0x0074c100
0x0074c0be
0x0074c0ca
0x0074c0ce
0x0074c0ce
0x0074c0ce
0x0074c0d2
0x0074c0d9
0x00000000
0x00000000
0x0074c0df
0x0074c0e8
0x00000000
0x00000000
0x0074c0ee
0x0074c0ee
0x0074c0ee
0x0074c0f0
0x0074c10d
0x0074c113
0x00000000
0x0074c122
0x0074c124
0x0074c134
0x00000000
0x00000000
0x0074c13a
0x0074c17f
0x0074c18a
0x0074c18a
0x0074c148
0x0074c154
0x0074c158
0x0074c158
0x0074c158
0x0074c15c
0x0074c163
0x00000000
0x00000000
0x0074c169
0x0074c172
0x00000000
0x00000000
0x0074c178
0x0074c178
0x0074c178
0x0074c17a
0x0074c197
0x0074c19d
0x00000000
0x0074c1ac
0x0074c1ae
0x0074c1be
0x00000000
0x00000000
0x0074c1c4
0x0074c209
0x0074c214
0x0074c214
0x0074c1d2
0x0074c1de
0x0074c1e2
0x0074c1e2
0x0074c1e2
0x0074c1e6
0x0074c1ed
0x00000000
0x00000000
0x0074c1f3
0x0074c1fc
0x00000000
0x00000000
0x0074c202
0x0074c202
0x0074c202
0x0074c204
0x0074c221
0x0074c227
0x00000000
0x0074c236
0x0074c238
0x0074c248
0x00000000
0x00000000
0x0074c24e
0x0074c293
0x0074c29e
0x0074c29e
0x0074c25c
0x0074c268
0x0074c26c
0x0074c26c
0x0074c26c
0x0074c270
0x0074c277
0x00000000
0x00000000
0x0074c27d
0x0074c286
0x00000000
0x00000000
0x0074c28c
0x0074c28c
0x0074c28c
0x0074c28e
0x0074c2ab
0x0074c2b1
0x00000000
0x0074c2c0
0x0074c2c2
0x0074c2d2
0x00000000
0x00000000
0x0074c2d8
0x0074c31d
0x0074c328
0x0074c328
0x0074c2e6
0x0074c2f2
0x0074c2f6
0x0074c2f6
0x0074c2f6
0x0074c2fa
0x0074c301
0x00000000
0x00000000
0x0074c307
0x0074c310
0x00000000
0x00000000
0x0074c316
0x0074c316
0x0074c316
0x0074c318
0x0074c335
0x0074c33b
0x00000000
0x0074c342
0x0074c344
0x0074c354
0x00000000
0x00000000
0x0074c356
0x0074c393
0x0074c39e
0x0074c39e
0x0074c364
0x0074c370
0x0074c374
0x0074c374
0x0074c374
0x0074c378
0x0074c37f
0x00000000
0x00000000
0x0074c381
0x0074c38a
0x00000000
0x00000000
0x0074c38c
0x0074c38c
0x0074c38c
0x0074c38e
0x0074c3a3
0x0074c3a3
0x0074bf5a
0x0074bf5d
0x00000000
0x00000000
0x0074bf63
0x00000000
0x0074bf63
0x0074c349
0x0074c34b
0x00000000
0x0074c34b
0x0074c33b
0x0074c2c7
0x0074c2c9
0x00000000
0x0074c2c9
0x0074c2b1
0x0074c23d
0x0074c23f
0x00000000
0x0074c23f
0x0074c227
0x0074c1b3
0x0074c1b5
0x00000000
0x0074c1b5
0x0074c19d
0x0074c129
0x0074c12b
0x00000000
0x0074c12b
0x0074c113
0x0074c09f
0x0074c0a1
0x00000000
0x0074c0a1
0x0074c089
0x0074c015
0x0074c017
0x00000000
0x0074c017
0x0074bfff
0x0074bf8b
0x0074bf8d
0x00000000
0x0074bf8d
0x0074bf75
0x0074baf0
0x0074baf0
0x0074baf2
0x0074baf5
0x0074bafa
0x0074bb74
0x0074bb74
0x0074bb77
0x0074bc1c
0x0074bc27
0x0074bc27
0x0074bb89
0x0074bb95
0x0074bb99
0x0074bb99
0x0074bb99
0x0074bb9d
0x0074bba4
0x00000000
0x00000000
0x0074bbaa
0x0074bbb3
0x0074bff1
0x0074bff8
0x00000000
0x0074bff8
0x0074bbb9
0x0074bbb9
0x0074bbbb
0x0074bbbe
0x0074bbc3
0x0074bc2f
0x0074bc2f
0x0074bc32
0x0074bcc9
0x0074bcd4
0x0074bcd4
0x0074bc44
0x0074bc50
0x0074bc54
0x0074bc54
0x0074bc54
0x0074bc58
0x0074bc5f
0x00000000
0x00000000
0x0074bc65
0x0074bc6e
0x0074c07b
0x0074c082
0x00000000
0x0074c082
0x0074bc74
0x0074bc74
0x0074bc76
0x0074bc79
0x0074bc7e
0x0074bcdc
0x0074bcdc
0x0074bcdf
0x0074bd68
0x0074bd73
0x0074bd73
0x0074bcf1
0x0074bcfd
0x0074bd01
0x0074bd01
0x0074bd01
0x0074bd05
0x0074bd0c
0x00000000
0x00000000
0x0074bd12
0x0074bd1b
0x0074c105
0x0074c10c
0x00000000
0x0074c10c
0x0074bd21
0x0074bd21
0x0074bd23
0x0074bd26
0x0074bd2b
0x0074bd7b
0x0074bd7b
0x0074bd7e
0x0074bdf5
0x0074be00
0x0074be00
0x0074bd8c
0x0074bd98
0x0074bd9c
0x0074bd9c
0x0074bd9c
0x0074bda0
0x0074bda7
0x00000000
0x00000000
0x0074bdad
0x0074bdb6
0x0074c18f
0x0074c196
0x00000000
0x0074c196
0x0074bdbc
0x0074bdbc
0x0074bdbe
0x0074bdc1
0x0074bdc6
0x0074be08
0x0074be08
0x0074be0b
0x0074be74
0x0074be7f
0x0074be7f
0x0074be19
0x0074be25
0x0074be29
0x0074be29
0x0074be29
0x0074be2d
0x0074be34
0x00000000
0x00000000
0x0074be3a
0x0074be43
0x0074c219
0x0074c220
0x00000000
0x0074c220
0x0074be49
0x0074be49
0x0074be4b
0x0074be4e
0x0074be53
0x0074be84
0x0074be84
0x0074be87
0x0074bee2
0x0074beed
0x0074beed
0x0074be95
0x0074bea1
0x0074bea5
0x0074bea5
0x0074bea5
0x0074bea9
0x0074beb0
0x00000000
0x00000000
0x0074beb6
0x0074bebf
0x0074c2a3
0x0074c2aa
0x00000000
0x0074c2aa
0x0074bec5
0x0074bec5
0x0074bec7
0x0074beca
0x0074becf
0x0074bef2
0x0074bef2
0x0074bef5
0x0074bf46
0x0074bf51
0x0074bf51
0x0074bf03
0x0074bf0f
0x0074bf13
0x0074bf13
0x0074bf13
0x0074bf17
0x0074bf1e
0x00000000
0x00000000
0x0074bf24
0x0074bf2d
0x0074c32d
0x0074c334
0x00000000
0x0074c334
0x0074bf33
0x0074bf33
0x0074bf3b
0x0074bf3e
0x00000000
0x0074bf3e
0x0074bed4
0x0074bed7
0x0074beda
0x00000000
0x0074beda
0x0074be58
0x0074be5d
0x00000000
0x00000000
0x0074be66
0x0074be69
0x0074be6c
0x00000000
0x0074be6c
0x0074bdcb
0x0074bdd0
0x00000000
0x00000000
0x0074bdd9
0x0074bdde
0x00000000
0x00000000
0x0074bde7
0x0074bdea
0x0074bded
0x00000000
0x0074bded
0x0074bd30
0x0074bd35
0x00000000
0x00000000
0x0074bd3e
0x0074bd43
0x00000000
0x00000000
0x0074bd4c
0x0074bd51
0x00000000
0x00000000
0x0074bd5a
0x0074bd5d
0x0074bd60
0x00000000
0x0074bd60
0x0074bc83
0x0074bc88
0x00000000
0x00000000
0x0074bc91
0x0074bc96
0x00000000
0x00000000
0x0074bc9f
0x0074bca4
0x00000000
0x00000000
0x0074bcad
0x0074bcb2
0x00000000
0x00000000
0x0074bcbb
0x0074bcbe
0x0074bcc1
0x00000000
0x0074bcc1
0x0074bbc8
0x0074bbcd
0x00000000
0x00000000
0x0074bbd6
0x0074bbdb
0x00000000
0x00000000
0x0074bbe4
0x0074bbe9
0x00000000
0x00000000
0x0074bbf2
0x0074bbf7
0x00000000
0x00000000
0x0074bc00
0x0074bc05
0x00000000
0x00000000
0x0074bc0e
0x0074bc11
0x0074bc14
0x00000000
0x0074bc14
0x0074baff
0x0074bb04
0x00000000
0x00000000
0x0074bb0d
0x0074bb12
0x00000000
0x00000000
0x0074bb1b
0x0074bb20
0x00000000
0x00000000
0x0074bb29
0x0074bb2e
0x00000000
0x00000000
0x0074bb37
0x0074bb3c
0x00000000
0x00000000
0x0074bb45
0x0074bb4a
0x00000000
0x00000000
0x0074bb53
0x0074bb56
0x0074bb59
0x00000000
0x0074bb59
0x0074b9b7
0x0074b9bb
0x00000000
0x00000000
0x0074b9c4
0x0074b9c9
0x00000000
0x00000000
0x0074b9d2
0x0074b9d7
0x00000000
0x00000000
0x0074b9e0
0x0074b9e5
0x00000000
0x00000000
0x0074b9ee
0x0074b9f3
0x00000000
0x00000000
0x0074b9fc
0x0074ba01
0x00000000
0x00000000
0x0074ba0a
0x0074ba0f
0x00000000
0x00000000
0x0074ba18
0x0074ba1b
0x0074ba1e
0x0074ba1e
0x0074bf56
0x00000000

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2eb772a5d23bca6f37b7a7ce2abbc343a6158ccb4096408e38e845865942d245
Instruction ID: 0e76ae3e2715e69b61077482193abee34025bc264ef6cf8e9e65c1d1d6b76068
Opcode Fuzzy Hash: 2eb772a5d23bca6f37b7a7ce2abbc343a6158ccb4096408e38e845865942d245
Instruction Fuzzy Hash: 0462DE7690965AEFCF15CF08D4C04EEBB62BF55308B49C298C89A27605D33ABE54CBD1

Uniqueness

Uniqueness Score: 0.00%

Function 006D9F90, Relevance: .7, Instructions: 652
COMMONCrypto

C-Code - Quality: 43%

			E006D9F90(intOrPtr* _a4, intOrPtr* _a8) {
				intOrPtr* _t75;
				signed int _t242;
				signed int _t251;
				signed int _t260;
				intOrPtr* _t352;
				signed int _t359;
				signed int _t362;
				signed int _t365;
				signed int _t368;
				signed int _t371;
				signed int _t374;
				signed int _t377;
				signed int _t380;
				signed int _t383;
				signed int _t387;
				signed int _t391;
				signed int _t394;
				signed int _t397;
				signed int _t400;
				signed int _t403;
				signed int _t406;
				intOrPtr* _t408;
				signed int _t413;
				signed int _t416;
				signed int _t419;
				signed int _t422;
				signed int _t425;
				signed int _t428;
				signed int _t431;
				signed int _t434;
				signed int _t437;
				signed int _t441;
				signed int _t445;
				signed int _t449;
				signed int _t453;
				signed int _t457;
				signed int _t460;
				signed int _t463;
				signed int _t468;
				signed int _t471;
				signed int _t474;
				signed int _t477;
				signed int _t480;
				signed int _t483;
				signed int _t486;
				signed int _t489;
				signed int _t492;
				signed int _t495;
				signed int _t498;
				signed int _t501;
				signed int _t504;
				signed int _t507;
				signed int _t510;
				signed int _t513;
				signed int _t516;
				signed int _t518;
				signed int _t521;
				signed int _t524;
				signed int _t527;
				signed int _t530;
				signed int _t533;
				signed int _t536;
				signed int _t539;
				signed int _t542;
				signed int _t546;
				signed int _t550;
				signed int _t554;
				signed int _t558;
				signed int _t561;
				signed int _t564;
				signed int _t567;
				signed int _t570;

				_t75 = _a4;
				_t408 = _a8;
				_t413 =  *(_t75 + 4);
				_t518 =  *(_t75 + 8);
				_t468 =  *(_t75 + 0xc);
				asm("rol ebx, 0x7");
				_t359 =  *_t75 + ((_t468 ^ _t518) & _t413 ^ _t468) +  *_t408 - 0x28955b88 + _t413;
				asm("rol edi, 0xc");
				_t471 = _t468 +  *((intOrPtr*)(_t408 + 4)) + ((_t518 ^ _t413) & _t359 ^ _t518) + 0xe8c7b756 + _t359;
				asm("rol esi, 0x11");
				_t521 = _t518 +  *((intOrPtr*)(_t408 + 8)) + ((_t413 ^ _t359) & _t471 ^ _t413) + 0x242070db + _t471;
				asm("rol edx, 0x16");
				_t416 = _t413 +  *((intOrPtr*)(_t408 + 0xc)) + ((_t471 ^ _t359) & _t521 ^ _t359) + 0xc1bdceee + _t521;
				asm("rol ebx, 0x7");
				_t362 = _t359 +  *((intOrPtr*)(_t408 + 0x10)) + ((_t471 ^ _t521) & _t416 ^ _t471) + 0xf57c0faf + _t416;
				asm("rol edi, 0xc");
				_t474 = _t471 +  *((intOrPtr*)(_t408 + 0x14)) + ((_t521 ^ _t416) & _t362 ^ _t521) + 0x4787c62a + _t362;
				asm("rol esi, 0x11");
				_t524 = _t521 +  *((intOrPtr*)(_t408 + 0x18)) + ((_t416 ^ _t362) & _t474 ^ _t416) + 0xa8304613 + _t474;
				asm("rol edx, 0x16");
				_t419 = _t416 +  *((intOrPtr*)(_t408 + 0x1c)) + ((_t474 ^ _t362) & _t524 ^ _t362) + 0xfd469501 + _t524;
				asm("rol ebx, 0x7");
				_t365 = _t362 +  *((intOrPtr*)(_t408 + 0x20)) + ((_t474 ^ _t524) & _t419 ^ _t474) + 0x698098d8 + _t419;
				asm("rol edi, 0xc");
				_t477 = _t474 +  *((intOrPtr*)(_t408 + 0x24)) + ((_t524 ^ _t419) & _t365 ^ _t524) + 0x8b44f7af + _t365;
				asm("rol esi, 0x11");
				_t527 = _t524 +  *((intOrPtr*)(_t408 + 0x28)) + ((_t419 ^ _t365) & _t477 ^ _t419) + 0xffff5bb1 + _t477;
				asm("rol edx, 0x16");
				_t422 = _t419 +  *((intOrPtr*)(_t408 + 0x2c)) + ((_t477 ^ _t365) & _t527 ^ _t365) + 0x895cd7be + _t527;
				asm("rol ebx, 0x7");
				_t368 = _t365 +  *((intOrPtr*)(_t408 + 0x30)) + ((_t477 ^ _t527) & _t422 ^ _t477) + 0x6b901122 + _t422;
				asm("rol edi, 0xc");
				_t480 = _t477 +  *((intOrPtr*)(_t408 + 0x34)) + ((_t527 ^ _t422) & _t368 ^ _t527) + 0xfd987193 + _t368;
				asm("rol esi, 0x11");
				_t530 = _t527 +  *((intOrPtr*)(_t408 + 0x38)) + ((_t422 ^ _t368) & _t480 ^ _t422) + 0xa679438e + _t480;
				asm("rol edx, 0x16");
				_t425 = _t422 +  *((intOrPtr*)(_t408 + 0x3c)) + ((_t480 ^ _t368) & _t530 ^ _t368) + 0x49b40821 + _t530;
				asm("rol ebx, 0x5");
				_t371 = _t368 +  *((intOrPtr*)(_t408 + 4)) + ((_t530 ^ _t425) & _t480 ^ _t530) + 0xf61e2562 + _t425;
				asm("rol edi, 0x9");
				_t483 = _t480 +  *((intOrPtr*)(_t408 + 0x18)) + ((_t425 ^ _t371) & _t530 ^ _t425) + 0xc040b340 + _t371;
				asm("rol esi, 0xe");
				_t533 = _t530 +  *((intOrPtr*)(_t408 + 0x2c)) + ((_t483 ^ _t371) & _t425 ^ _t371) + 0x265e5a51 + _t483;
				asm("rol edx, 0x14");
				_t428 = _t425 +  *_t408 + ((_t483 ^ _t533) & _t371 ^ _t483) + 0xe9b6c7aa + _t533;
				asm("rol ebx, 0x5");
				_t374 = _t371 +  *((intOrPtr*)(_t408 + 0x14)) + ((_t533 ^ _t428) & _t483 ^ _t533) + 0xd62f105d + _t428;
				asm("rol edi, 0x9");
				_t486 = _t483 +  *((intOrPtr*)(_t408 + 0x28)) + ((_t428 ^ _t374) & _t533 ^ _t428) + 0x2441453 + _t374;
				asm("rol esi, 0xe");
				_t536 = _t533 +  *((intOrPtr*)(_t408 + 0x3c)) + ((_t486 ^ _t374) & _t428 ^ _t374) + 0xd8a1e681 + _t486;
				asm("rol edx, 0x14");
				_t431 = _t428 +  *((intOrPtr*)(_t408 + 0x10)) + ((_t486 ^ _t536) & _t374 ^ _t486) + 0xe7d3fbc8 + _t536;
				asm("rol ebx, 0x5");
				_t377 = _t374 +  *((intOrPtr*)(_t408 + 0x24)) + ((_t536 ^ _t431) & _t486 ^ _t536) + 0x21e1cde6 + _t431;
				asm("rol edi, 0x9");
				_t489 = _t486 +  *((intOrPtr*)(_t408 + 0x38)) + ((_t431 ^ _t377) & _t536 ^ _t431) + 0xc33707d6 + _t377;
				asm("rol esi, 0xe");
				_t539 = _t536 +  *((intOrPtr*)(_t408 + 0xc)) + ((_t489 ^ _t377) & _t431 ^ _t377) + 0xf4d50d87 + _t489;
				asm("rol edx, 0x14");
				_t434 = _t431 +  *((intOrPtr*)(_t408 + 0x20)) + ((_t489 ^ _t539) & _t377 ^ _t489) + 0x455a14ed + _t539;
				asm("rol ebx, 0x5");
				_t380 = _t377 +  *((intOrPtr*)(_t408 + 0x34)) + ((_t539 ^ _t434) & _t489 ^ _t539) + 0xa9e3e905 + _t434;
				asm("rol edi, 0x9");
				_t492 = _t489 +  *((intOrPtr*)(_t408 + 8)) + ((_t434 ^ _t380) & _t539 ^ _t434) + 0xfcefa3f8 + _t380;
				asm("rol esi, 0xe");
				_t542 = _t539 +  *((intOrPtr*)(_t408 + 0x1c)) + ((_t492 ^ _t380) & _t434 ^ _t380) + 0x676f02d9 + _t492;
				asm("rol edx, 0x14");
				_t437 = _t434 + ((_t492 ^ _t542) & _t380 ^ _t492) +  *((intOrPtr*)(_t408 + 0x30)) + 0x8d2a4c8a + _t542;
				asm("rol ebx, 0x4");
				_t383 = _t380 +  *((intOrPtr*)(_t408 + 0x14)) + (_t492 ^ _t542 ^ _t437) + 0xfffa3942 + _t437;
				asm("rol edi, 0xb");
				_t495 = _t492 +  *((intOrPtr*)(_t408 + 0x20)) + (_t542 ^ _t437 ^ _t383) + 0x8771f681 + _t383;
				asm("rol esi, 0x10");
				_t546 = _t542 +  *((intOrPtr*)(_t408 + 0x2c)) + 0x6d9d6122 + (_t495 ^ _t437 ^ _t383) + _t495;
				_t242 = _t495 ^ _t546;
				asm("rol edx, 0x17");
				_t441 = _t437 +  *((intOrPtr*)(_t408 + 0x38)) + 0xfde5380c + (_t383 ^ _t242) + _t546;
				asm("rol ebx, 0x4");
				_t387 = _t383 +  *((intOrPtr*)(_t408 + 4)) + 0xa4beea44 + (_t441 ^ _t242) + _t441;
				asm("rol edi, 0xb");
				_t498 = _t495 +  *((intOrPtr*)(_t408 + 0x10)) + (_t546 ^ _t441 ^ _t387) + 0x4bdecfa9 + _t387;
				asm("rol esi, 0x10");
				_t550 = _t546 +  *((intOrPtr*)(_t408 + 0x1c)) + 0xf6bb4b60 + (_t498 ^ _t441 ^ _t387) + _t498;
				_t251 = _t498 ^ _t550;
				asm("rol edx, 0x17");
				_t445 = _t441 +  *((intOrPtr*)(_t408 + 0x28)) + 0xbebfbc70 + (_t387 ^ _t251) + _t550;
				asm("rol ebx, 0x4");
				_t391 = _t387 +  *((intOrPtr*)(_t408 + 0x34)) + 0x289b7ec6 + (_t445 ^ _t251) + _t445;
				asm("rol edi, 0xb");
				_t501 = _t498 +  *_t408 + (_t550 ^ _t445 ^ _t391) + 0xeaa127fa + _t391;
				asm("rol esi, 0x10");
				_t554 = _t550 +  *((intOrPtr*)(_t408 + 0xc)) + 0xd4ef3085 + (_t501 ^ _t445 ^ _t391) + _t501;
				_t260 = _t501 ^ _t554;
				asm("rol edx, 0x17");
				_t449 = _t445 +  *((intOrPtr*)(_t408 + 0x18)) + 0x4881d05 + (_t391 ^ _t260) + _t554;
				asm("rol ebx, 0x4");
				_t394 = _t391 + (_t449 ^ _t260) +  *((intOrPtr*)(_t408 + 0x24)) + 0xd9d4d039 + _t449;
				asm("rol edi, 0xb");
				_t504 = _t501 +  *((intOrPtr*)(_t408 + 0x30)) + (_t554 ^ _t449 ^ _t394) + 0xe6db99e5 + _t394;
				asm("rol esi, 0x10");
				_t558 = _t554 +  *((intOrPtr*)(_t408 + 0x3c)) + 0x1fa27cf8 + (_t504 ^ _t449 ^ _t394) + _t504;
				asm("rol edx, 0x17");
				_t453 = _t449 +  *((intOrPtr*)(_t408 + 8)) + 0xc4ac5665 + (_t504 ^ _t558 ^ _t394) + _t558;
				asm("rol ebx, 0x6");
				_t397 = _t394 +  *_t408 + ((_t504 ^ 0xffffffff | _t453) ^ _t558) + 0xf4292244 + _t453;
				asm("rol edi, 0xa");
				_t507 = _t504 +  *((intOrPtr*)(_t408 + 0x1c)) + ((_t558 ^ 0xffffffff | _t397) ^ _t453) + 0x432aff97 + _t397;
				asm("rol esi, 0xf");
				_t561 = _t558 +  *((intOrPtr*)(_t408 + 0x38)) + ((_t453 ^ 0xffffffff | _t507) ^ _t397) + 0xab9423a7 + _t507;
				asm("rol edx, 0x15");
				_t457 = _t453 +  *((intOrPtr*)(_t408 + 0x14)) + 0xfc93a039 + ((_t397 ^ 0xffffffff | _t561) ^ _t507) + _t561;
				asm("rol ebx, 0x6");
				_t400 = _t397 +  *((intOrPtr*)(_t408 + 0x30)) + ((_t507 ^ 0xffffffff | _t457) ^ _t561) + 0x655b59c3 + _t457;
				asm("rol edi, 0xa");
				_t510 = _t507 +  *((intOrPtr*)(_t408 + 0xc)) + ((_t561 ^ 0xffffffff | _t400) ^ _t457) + 0x8f0ccc92 + _t400;
				asm("rol esi, 0xf");
				_t564 = _t561 +  *((intOrPtr*)(_t408 + 0x28)) + ((_t457 ^ 0xffffffff | _t510) ^ _t400) + 0xffeff47d + _t510;
				asm("rol edx, 0x15");
				_t460 = _t457 +  *((intOrPtr*)(_t408 + 4)) + ((_t400 ^ 0xffffffff | _t564) ^ _t510) + 0x85845dd1 + _t564;
				asm("rol ebx, 0x6");
				_t403 = _t400 +  *((intOrPtr*)(_t408 + 0x20)) + ((_t510 ^ 0xffffffff | _t460) ^ _t564) + 0x6fa87e4f + _t460;
				asm("rol edi, 0xa");
				_t513 = _t510 +  *((intOrPtr*)(_t408 + 0x3c)) + ((_t564 ^ 0xffffffff | _t403) ^ _t460) + 0xfe2ce6e0 + _t403;
				asm("rol esi, 0xf");
				_t567 = _t564 +  *((intOrPtr*)(_t408 + 0x18)) + ((_t460 ^ 0xffffffff | _t513) ^ _t403) + 0xa3014314 + _t513;
				asm("rol edx, 0x15");
				_t463 = _t460 +  *((intOrPtr*)(_t408 + 0x34)) + ((_t403 ^ 0xffffffff | _t567) ^ _t513) + 0x4e0811a1 + _t567;
				asm("rol ebx, 0x6");
				_t406 = _t403 +  *((intOrPtr*)(_t408 + 0x10)) + ((_t513 ^ 0xffffffff | _t463) ^ _t567) + 0xf7537e82 + _t463;
				asm("rol edi, 0xa");
				_t516 = _t513 +  *((intOrPtr*)(_t408 + 0x2c)) + ((_t567 ^ 0xffffffff | _t406) ^ _t463) + 0xbd3af235 + _t406;
				asm("rol esi, 0xf");
				_t570 = _t567 +  *((intOrPtr*)(_t408 + 8)) + ((_t463 ^ 0xffffffff | _t516) ^ _t406) + 0x2ad7d2bb + _t516;
				asm("rol edx, 0x15");
				_t352 = _a4;
				 *_t352 = _t406 +  *_t352;
				 *((intOrPtr*)(_t352 + 4)) = _t463 +  *((intOrPtr*)(_t408 + 0x24)) + ((_t406 ^ 0xffffffff | _t570) ^ _t516) + 0xeb86d391 + _t570 +  *((intOrPtr*)(_t352 + 4));
				 *((intOrPtr*)(_t352 + 8)) = _t570 +  *((intOrPtr*)(_t352 + 8));
				 *((intOrPtr*)(_t352 + 0xc)) = _t516 +  *((intOrPtr*)(_t352 + 0xc));
				return _t352;
			}

0x006d9f90
0x006d9f95
0x006d9f9b
0x006d9f9f
0x006d9fa2
0x006d9fba
0x006d9fbf
0x006d9fd3
0x006d9fd8
0x006d9fec
0x006d9ff1
0x006da005
0x006da00a
0x006da01e
0x006da023
0x006da037
0x006da03c
0x006da050
0x006da055
0x006da069
0x006da06e
0x006da082
0x006da087
0x006da09b
0x006da0a0
0x006da0b4
0x006da0b9
0x006da0cd
0x006da0d2
0x006da0e6
0x006da0eb
0x006da0ff
0x006da104
0x006da118
0x006da11d
0x006da131
0x006da136
0x006da14c
0x006da152
0x006da166
0x006da169
0x006da17e
0x006da183
0x006da196
0x006da19c
0x006da1af
0x006da1b5
0x006da1c6
0x006da1c9
0x006da1e1
0x006da1e7
0x006da1fa
0x006da200
0x006da213
0x006da219
0x006da22d
0x006da230
0x006da245
0x006da24b
0x006da25c
0x006da25f
0x006da277
0x006da27d
0x006da291
0x006da294
0x006da2a9
0x006da2ac
0x006da2c2
0x006da2c7
0x006da2d9
0x006da2de
0x006da2f0
0x006da2f8
0x006da308
0x006da30d
0x006da30f
0x006da322
0x006da32a
0x006da338
0x006da33d
0x006da34f
0x006da357
0x006da367
0x006da36c
0x006da375
0x006da381
0x006da389
0x006da397
0x006da39c
0x006da3ad
0x006da3b5
0x006da3c5
0x006da3ca
0x006da3d3
0x006da3df
0x006da3e2
0x006da3f4
0x006da3f9
0x006da40b
0x006da411
0x006da423
0x006da428
0x006da43b
0x006da443
0x006da454
0x006da45c
0x006da46e
0x006da476
0x006da488
0x006da490
0x006da4a3
0x006da4ab
0x006da4bd
0x006da4c5
0x006da4d7
0x006da4df
0x006da4f1
0x006da4f9
0x006da50b
0x006da513
0x006da525
0x006da52d
0x006da53f
0x006da547
0x006da559
0x006da561
0x006da573
0x006da57b
0x006da58d
0x006da595
0x006da5a7
0x006da5af
0x006da5c1
0x006da5c9
0x006da5db
0x006da5de
0x006da5ed
0x006da5f2
0x006da5fb
0x006da600
0x006da606

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf3aace0eee00dd7d8b9421bd2df7728fa7323d9af3e0e213de9131a621edcaa
Instruction ID: 8105c557ab85b7292f4c61937c43d24a40909692a6b6dd5c4a593eb44872254c
Opcode Fuzzy Hash: bf3aace0eee00dd7d8b9421bd2df7728fa7323d9af3e0e213de9131a621edcaa
Instruction Fuzzy Hash: 6C128273B716180BC344CD7DCC852C27293ABD452875FCA3CAD68CB706F66AED1A6684

Uniqueness

Uniqueness Score: 0.00%

Function 006DCBA7, Relevance: .6, Instructions: 646
COMMONCrypto

C-Code - Quality: 98%

			E006DCBA7(signed short __ecx, unsigned short* _a4, signed int _a8, signed int _a12, signed short* _a16, unsigned int _a20) {
				signed int _v8;
				signed int _v12;
				unsigned int _t381;
				intOrPtr* _t382;
				signed char _t387;
				signed int _t388;
				signed short _t389;
				intOrPtr _t390;
				unsigned short _t392;
				intOrPtr _t449;
				unsigned short _t451;
				intOrPtr _t452;
				signed short _t458;
				intOrPtr _t459;
				signed short _t465;
				intOrPtr _t466;
				signed short _t472;
				intOrPtr _t473;
				signed short _t479;
				intOrPtr _t480;
				signed short _t486;
				intOrPtr _t487;
				signed short _t493;
				intOrPtr _t494;
				signed short _t500;
				intOrPtr _t501;
				signed short _t507;
				intOrPtr _t508;
				signed short _t514;
				intOrPtr _t515;
				signed short _t521;
				intOrPtr _t522;
				signed short _t528;
				intOrPtr _t529;
				signed short _t535;
				intOrPtr _t536;
				signed short _t542;
				intOrPtr _t543;
				signed short _t549;
				intOrPtr _t550;
				signed short _t556;
				intOrPtr _t557;
				signed int _t561;
				signed int _t562;
				signed short* _t581;
				signed short _t585;
				intOrPtr _t586;
				unsigned short* _t593;
				signed short _t700;
				signed short _t701;
				intOrPtr _t705;
				intOrPtr _t709;
				intOrPtr _t713;
				intOrPtr _t717;
				intOrPtr _t721;
				intOrPtr _t725;
				intOrPtr _t729;
				intOrPtr _t733;
				intOrPtr _t737;
				intOrPtr _t741;
				intOrPtr _t745;
				intOrPtr _t749;
				intOrPtr _t753;
				intOrPtr _t757;
				intOrPtr _t761;
				intOrPtr _t765;

				_t448 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t381 = _a20 >> 1;
				_v12 = _t381;
				if( *0x7aec42 != 0) {
					_t593 = _a4;
					_v8 = _t593;
					if(_t381 == 0) {
						L46:
						_t382 = _a12;
						if(_t382 != 0) {
							 *_t382 = _t593 - _v8;
						}
						goto L71;
					}
					while(_a8 != 0) {
						_t449 =  *0x7a81f0; // 0x7ffc0646
						_t387 =  *(_t449 + ( *_a16 & 0x0000ffff) * 2) & 0x0000ffff;
						_a16 =  &(_a16[1]);
						_t585 =  *(0x7af660 + (_t387 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff;
						_t388 = _t387 & 0x000000ff;
						if(_t585 == 0) {
							_t586 =  *0x7a8200; // 0x7ffc0240
							_t389 =  *(_t586 + _t388 * 2) & 0x0000ffff;
						} else {
							_t389 =  *( *0x7aec80 + ((_t585 & 0x0000ffff) + _t388) * 2) & 0x0000ffff;
						}
						_t700 = _t389;
						_a20 = _t389;
						if(_t700 >= 0x61) {
							if(_t700 > 0x7a) {
								_t390 =  *0x7a81fc; // 0x7ffd064c
								_t701 = _t700 +  *((intOrPtr*)(_t390 + (( *(_t390 + (( *(_t390 + ((_t700 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + ((_t700 & 0x0000ffff) >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t587 & 0x0000000f)) * 2));
								_t593 = _a4;
								goto L42;
							}
							_a20 = _a20 + 0xffe0;
							goto L40;
						} else {
							_a20 = _t700 & 0x0000ffff;
							L40:
							_t701 = _a20;
							L42:
							_t392 =  *(_t449 + (_t701 & 0x0000ffff) * 2) & 0x0000ffff;
							_t451 = _t392 >> 8;
							if(_t451 == 0) {
								L45:
								 *_t593 = _t392;
								_t593 =  &(_t593[0]);
								_a8 = _a8 - 1;
								_t193 =  &_v12;
								 *_t193 = _v12 - 1;
								_a4 = _t593;
								if( *_t193 != 0) {
									continue;
								}
								goto L46;
							}
							_a8 = _a8 - 1;
							if(_a8 < 2) {
								goto L46;
							}
							 *_t593 = _t451;
							_t593 =  &(_t593[0]);
							goto L45;
						}
					}
					goto L46;
				} else {
					__ecx = _a8;
					if(__eax >= __ecx) {
						_v8 = __ecx;
					} else {
						__ecx = __eax;
						_v8 = __eax;
					}
					__eax = _a12;
					if(__eax != 0) {
						 *__eax = __ecx;
					}
					__eax =  *0x7a81e4; // 0x7ffc0646
					__ecx = __ecx & 0x0000000f;
					_a4 = _a4 + __ecx;
					_a12 = __ecx;
					do {
						if(_t562 > 0xf) {
							_t765 =  *0x7a8200; // 0x7ffc0240
							_t448 =  *(_t765 + ( *(( *_t581 & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
							_a4 =  &(_a4[8]);
							_t581 =  &(_t581[0x10]);
							_a20 = _t448;
							if(_t448 >= 0x61) {
								if(_t448 > 0x7a) {
									_t702 = _t448 & 0x0000ffff;
									_t452 =  *0x7a81fc; // 0x7ffd064c
									_a20 = _a20 +  *((intOrPtr*)(_t452 + (( *(_t452 + (( *(_t452 + ((_t448 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t702 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t702 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							} else {
								_a20 = _t448 & 0x0000ffff;
							}
							 *((char*)(_a4 - 0x10)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
							L12:
							_t22 = _t581 - 0x1e; // 0x830f61f9
							_t705 =  *0x7a8200; // 0x7ffc0240
							_t458 =  *(_t705 + ( *(( *_t22 & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t458;
							if(_t458 >= 0x61) {
								if(_t458 > 0x7a) {
									_t706 = _t458 & 0x0000ffff;
									_t459 =  *0x7a81fc; // 0x7ffd064c
									_a20 = _a20 +  *((intOrPtr*)(_t459 + (( *(_t459 + (( *(_t459 + ((_t458 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t706 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t706 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							} else {
								_a20 = _t458 & 0x0000ffff;
							}
							 *((char*)(_a4 - 0xf)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
							L97:
							_t346 = _t581 - 0x1c; // 0x2b9830f
							_t709 =  *0x7a8200; // 0x7ffc0240
							_t465 =  *(_t709 + ( *(( *_t346 & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t465;
							if(_t465 >= 0x61) {
								if(_t465 > 0x7a) {
									_t710 = _t465 & 0x0000ffff;
									_t466 =  *0x7a81fc; // 0x7ffd064c
									_a20 = _a20 +  *((intOrPtr*)(_t466 + (( *(_t466 + (( *(_t466 + ((_t465 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t710 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t710 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							} else {
								_a20 = _t465 & 0x0000ffff;
							}
							 *((char*)(_a4 - 0xe)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
							L91:
							_t326 = _t581 - 0x1a; // 0x2b9
							_t713 =  *0x7a8200; // 0x7ffc0240
							_t472 =  *(_t713 + ( *(( *_t326 & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t472;
							if(_t472 >= 0x61) {
								if(_t472 > 0x7a) {
									_t714 = _t472 & 0x0000ffff;
									_t473 =  *0x7a81fc; // 0x7ffd064c
									_a20 = _a20 +  *((intOrPtr*)(_t473 + (( *(_t473 + (( *(_t473 + ((_t472 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t714 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t714 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							} else {
								_a20 = _t472 & 0x0000ffff;
							}
							 *((char*)(_a4 - 0xd)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
							L94:
							_t336 = _t581 - 0x18; // 0xb70f0000
							_t717 =  *0x7a8200; // 0x7ffc0240
							_t479 =  *(_t717 + ( *(( *_t336 & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t479;
							if(_t479 >= 0x61) {
								if(_t479 > 0x7a) {
									_t718 = _t479 & 0x0000ffff;
									_t480 =  *0x7a81fc; // 0x7ffd064c
									_a20 = _a20 +  *((intOrPtr*)(_t480 + (( *(_t480 + (( *(_t480 + ((_t479 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t718 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t718 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							} else {
								_a20 = _t479 & 0x0000ffff;
							}
							 *((char*)(_a4 - 0xc)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
							L88:
							_t721 =  *0x7a8200; // 0x7ffc0240
							_t486 =  *(_t721 + ( *(( *(_t581 - 0x16) & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t486;
							if(_t486 >= 0x61) {
								if(_t486 > 0x7a) {
									_t722 = _t486 & 0x0000ffff;
									_t487 =  *0x7a81fc; // 0x7ffd064c
									_a20 = _a20 +  *((intOrPtr*)(_t487 + (( *(_t487 + (( *(_t487 + ((_t486 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t722 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t722 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							} else {
								_a20 = _t486 & 0x0000ffff;
							}
							 *((char*)(_a4 - 0xb)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
							L85:
							_t725 =  *0x7a8200; // 0x7ffc0240
							_t493 =  *(_t725 + ( *(( *(_t581 - 0x14) & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t493;
							if(_t493 >= 0x61) {
								if(_t493 > 0x7a) {
									_t726 = _t493 & 0x0000ffff;
									_t494 =  *0x7a81fc; // 0x7ffd064c
									_a20 = _a20 +  *((intOrPtr*)(_t494 + (( *(_t494 + (( *(_t494 + ((_t493 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t726 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t726 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							} else {
								_a20 = _t493 & 0x0000ffff;
							}
							 *((char*)(_a4 - 0xa)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
							L81:
							_t295 = _t581 - 0x12; // 0x16a5310
							_t729 =  *0x7a8200; // 0x7ffc0240
							_t500 =  *(_t729 + ( *(( *_t295 & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t500;
							if(_t500 >= 0x61) {
								if(_t500 <= 0x7a) {
									_a20 = _a20 + 0xffe0;
								} else {
									_t730 = _t500 & 0x0000ffff;
									_t501 =  *0x7a81fc; // 0x7ffd064c
									_a20 = _a20 +  *((intOrPtr*)(_t501 + (( *(_t501 + (( *(_t501 + ((_t500 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t730 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t730 & 0x0000000f)) * 2));
								}
								L83:
								 *((char*)(_a4 - 9)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
								L78:
								_t733 =  *0x7a8200; // 0x7ffc0240
								_t507 =  *(_t733 + ( *(( *(_t581 - 0x10) & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
								_a20 = _t507;
								if(_t507 >= 0x61) {
									if(_t507 > 0x7a) {
										_t734 = _t507 & 0x0000ffff;
										_t508 =  *0x7a81fc; // 0x7ffd064c
										_a20 = _a20 +  *((intOrPtr*)(_t508 + (( *(_t508 + (( *(_t508 + ((_t507 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t734 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t734 & 0x0000000f)) * 2));
									} else {
										_a20 = _a20 + 0xffe0;
									}
								} else {
									_a20 = _t507 & 0x0000ffff;
								}
								 *((char*)(_a4 - 8)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
								L75:
								_t737 =  *0x7a8200; // 0x7ffc0240
								_t514 =  *(_t737 + ( *(( *(_t581 - 0xe) & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
								_a20 = _t514;
								if(_t514 >= 0x61) {
									if(_t514 > 0x7a) {
										_t738 = _t514 & 0x0000ffff;
										_t515 =  *0x7a81fc; // 0x7ffd064c
										_a20 = _a20 +  *((intOrPtr*)(_t515 + (( *(_t515 + (( *(_t515 + ((_t514 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t738 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t738 & 0x0000000f)) * 2));
									} else {
										_a20 = _a20 + 0xffe0;
									}
								} else {
									_a20 = _t514 & 0x0000ffff;
								}
								 *((char*)(_a4 - 7)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
								L72:
								_t741 =  *0x7a8200; // 0x7ffc0240
								_t521 =  *(_t741 + ( *(( *(_t581 - 0xc) & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
								_a20 = _t521;
								if(_t521 >= 0x61) {
									if(_t521 > 0x7a) {
										_t742 = _t521 & 0x0000ffff;
										_t522 =  *0x7a81fc; // 0x7ffd064c
										_a20 = _a20 +  *((intOrPtr*)(_t522 + (( *(_t522 + (( *(_t522 + ((_t521 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t742 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t742 & 0x0000000f)) * 2));
									} else {
										_a20 = _a20 + 0xffe0;
									}
								} else {
									_a20 = _t521 & 0x0000ffff;
								}
								 *((char*)(_a4 - 6)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
								L55:
								_t745 =  *0x7a8200; // 0x7ffc0240
								_t528 =  *(_t745 + ( *(( *(_t581 - 0xa) & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
								_a20 = _t528;
								if(_t528 >= 0x61) {
									if(_t528 <= 0x7a) {
										_a20 = _a20 + 0xffe0;
									} else {
										_t746 = _t528 & 0x0000ffff;
										_t529 =  *0x7a81fc; // 0x7ffd064c
										_a20 = _a20 +  *((intOrPtr*)(_t529 + (( *(_t529 + (( *(_t529 + ((_t528 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t746 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t746 & 0x0000000f)) * 2));
									}
									L57:
									 *((char*)(_a4 - 5)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
									L58:
									_t749 =  *0x7a8200; // 0x7ffc0240
									_t535 =  *(_t749 + ( *(( *(_t581 - 8) & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
									_a20 = _t535;
									if(_t535 >= 0x61) {
										if(_t535 > 0x7a) {
											_t750 = _t535 & 0x0000ffff;
											_t536 =  *0x7a81fc; // 0x7ffd064c
											_a20 = _a20 +  *((intOrPtr*)(_t536 + (( *(_t536 + (( *(_t536 + ((_t535 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t750 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t750 & 0x0000000f)) * 2));
										} else {
											_a20 = _a20 + 0xffe0;
										}
									} else {
										_a20 = _t535 & 0x0000ffff;
									}
									 *((char*)(_a4 - 4)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
									L61:
									_t753 =  *0x7a8200; // 0x7ffc0240
									_t542 =  *(_t753 + ( *(( *(_t581 - 6) & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
									_a20 = _t542;
									if(_t542 >= 0x61) {
										if(_t542 > 0x7a) {
											_t754 = _t542 & 0x0000ffff;
											_t543 =  *0x7a81fc; // 0x7ffd064c
											_a20 = _a20 +  *((intOrPtr*)(_t543 + (( *(_t543 + (( *(_t543 + ((_t542 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t754 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t754 & 0x0000000f)) * 2));
										} else {
											_a20 = _a20 + 0xffe0;
										}
									} else {
										_a20 = _t542 & 0x0000ffff;
									}
									 *((char*)(_a4 - 3)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
									L64:
									_t757 =  *0x7a8200; // 0x7ffc0240
									_t549 =  *(_t757 + ( *(( *(_t581 - 4) & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
									_a20 = _t549;
									if(_t549 < 0x61) {
										_a20 = _t549 & 0x0000ffff;
									} else {
										if(_t549 > 0x7a) {
											_t758 = _t549 & 0x0000ffff;
											_t550 =  *0x7a81fc; // 0x7ffd064c
											_a20 = _a20 +  *((intOrPtr*)(_t550 + (( *(_t550 + (( *(_t550 + ((_t549 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t758 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t758 & 0x0000000f)) * 2));
										} else {
											_a20 = _a20 + 0xffe0;
										}
									}
									 *((char*)(_a4 - 2)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
									L67:
									_t761 =  *0x7a8200; // 0x7ffc0240
									_t556 =  *(_t761 + ( *(( *(_t581 - 2) & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
									_a20 = _t556;
									if(_t556 < 0x61) {
										_a20 = _t556 & 0x0000ffff;
									} else {
										if(_t556 > 0x7a) {
											_t762 = _t556 & 0x0000ffff;
											_t557 =  *0x7a81fc; // 0x7ffd064c
											_a20 = _a20 +  *((intOrPtr*)(_t557 + (( *(_t557 + (( *(_t557 + ((_t556 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t762 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t762 & 0x0000000f)) * 2));
										} else {
											_a20 = _a20 + 0xffe0;
										}
									}
									 *((char*)(_a4 - 1)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
									_t561 = _a12;
									goto L70;
								}
								_a20 = _t528 & 0x0000ffff;
								goto L57;
							}
							_a20 = _t500 & 0x0000ffff;
							goto L83;
						}
						switch( *((intOrPtr*)(_t562 * 4 +  &M006DCB62))) {
							case 0:
								goto L70;
							case 1:
								goto L67;
							case 2:
								goto L64;
							case 3:
								goto L61;
							case 4:
								goto L58;
							case 5:
								goto L55;
							case 6:
								goto L72;
							case 7:
								goto L75;
							case 8:
								goto L78;
							case 9:
								goto L81;
							case 0xa:
								goto L85;
							case 0xb:
								goto L88;
							case 0xc:
								goto L94;
							case 0xd:
								goto L91;
							case 0xe:
								goto L97;
							case 0xf:
								goto L12;
						}
						L70:
						_t260 =  &_v8;
						 *_t260 = _v8 - _t561;
						_t562 = 0x10;
						_a12 = _t562;
					} while ( *_t260 != 0);
					L71:
					asm("sbb eax, eax");
					return _v12 & 0x80000005;
				}
			}

0x006dcba7
0x006dcbac
0x006dcbad
0x006dcbb2
0x006dcbbd
0x006dcbc0
0x006dca6a
0x006dca6d
0x006dca72
0x006dcb4c
0x006dcb4c
0x006dcb51
0x006dcb5a
0x006dcb5a
0x00000000
0x006dcb51
0x006dca78
0x006dca88
0x006dca8e
0x006dca92
0x006dca9e
0x006dcaa6
0x006dcaac
0x006dcabe
0x006dcac4
0x006dcaae
0x006dcab8
0x006dcab8
0x006dcac8
0x006dcacb
0x006dcad2
0x006dcae0
0x006dcaef
0x006dcb13
0x006dcb17
0x00000000
0x006dcb17
0x006dcae2
0x00000000
0x006dcad4
0x006dcad7
0x006dcae9
0x006dcae9
0x006dcb1a
0x006dcb1d
0x006dcb24
0x006dcb2a
0x006dcb3a
0x006dcb3a
0x006dcb3c
0x006dcb3d
0x006dcb40
0x006dcb40
0x006dcb43
0x006dcb46
0x00000000
0x00000000
0x00000000
0x006dcb46
0x006dcb2f
0x006dcb35
0x00000000
0x00000000
0x006dcb37
0x006dcb39
0x00000000
0x006dcb39
0x006dcad2
0x00000000
0x006dcbc6
0x006dcbc6
0x006dcbcb
0x006dcdf6
0x006dcbd1
0x006dcbd1
0x006dcbd3
0x006dcbd3
0x006dcbd6
0x006dcbdb
0x006dcbdd
0x006dcbdd
0x006dcbe2
0x006dcbe7
0x006dcbea
0x006dcbed
0x006dcbf3
0x006dcbf6
0x006dc0d6
0x006dc0dc
0x006dc0e0
0x006dc0e4
0x006dc0e7
0x006dc0ee
0x006da628
0x006dc74a
0x006dc74d
0x006dc773
0x006da62e
0x006da62e
0x006da62e
0x006dc0f4
0x006dc0f7
0x006dc0f7
0x006dc104
0x006dc107
0x006dc107
0x006dc10f
0x006dc115
0x006dc119
0x006dc120
0x006da63e
0x006dc77c
0x006dc77f
0x006dc7a5
0x006da644
0x006da644
0x006da644
0x006dc126
0x006dc129
0x006dc129
0x006dc136
0x006dd01e
0x006dd01e
0x006dd026
0x006dd02c
0x006dd030
0x006dd037
0x006dd2fa
0x006dc7ae
0x006dc7b1
0x006dc7d7
0x006dd300
0x006dd300
0x006dd300
0x006dd03d
0x006dd040
0x006dd040
0x006dd04d
0x006dcfb5
0x006dcfb5
0x006dcfbd
0x006dcfc3
0x006dcfc7
0x006dcfce
0x006dd1ad
0x006dc7e0
0x006dc7e3
0x006dc809
0x006dd1b3
0x006dd1b3
0x006dd1b3
0x006dcfd4
0x006dcfd7
0x006dcfd7
0x006dcfe4
0x006dcfe7
0x006dcfe7
0x006dcfef
0x006dcff5
0x006dcff9
0x006dd000
0x006dd1c3
0x006dc812
0x006dc815
0x006dc83b
0x006dd1c9
0x006dd1c9
0x006dd1c9
0x006dd006
0x006dd009
0x006dd009
0x006dd016
0x006dcf81
0x006dcf89
0x006dcf8f
0x006dcf93
0x006dcf9a
0x006dd16b
0x006dc844
0x006dc847
0x006dc86d
0x006dd171
0x006dd171
0x006dd171
0x006dcfa0
0x006dcfa3
0x006dcfa3
0x006dcfb0
0x006dcf4a
0x006dcf52
0x006dcf58
0x006dcf5c
0x006dcf63
0x006dd155
0x006dc876
0x006dc879
0x006dc89f
0x006dd15b
0x006dd15b
0x006dd15b
0x006dcf69
0x006dcf6c
0x006dcf6c
0x006dcf79
0x006dcdc2
0x006dcdc2
0x006dcdca
0x006dcdd0
0x006dcdd4
0x006dcddb
0x006dd113
0x006dd119
0x006dc8a8
0x006dc8a8
0x006dc8ab
0x006dc8d1
0x006dc8d1
0x006dcde7
0x006dcdf1
0x006dcd8e
0x006dcd96
0x006dcd9c
0x006dcda0
0x006dcda7
0x006dd129
0x006dc8da
0x006dc8dd
0x006dc903
0x006dd12f
0x006dd12f
0x006dd12f
0x006dcdad
0x006dcdb0
0x006dcdb0
0x006dcdbd
0x006dcd5a
0x006dcd62
0x006dcd68
0x006dcd6c
0x006dcd73
0x006dd13f
0x006dc90c
0x006dc90f
0x006dc935
0x006dd145
0x006dd145
0x006dd145
0x006dcd79
0x006dcd7c
0x006dcd7c
0x006dcd89
0x006dcd23
0x006dcd2b
0x006dcd31
0x006dcd35
0x006dcd3c
0x006dd1d9
0x006dc93e
0x006dc941
0x006dc967
0x006dd1df
0x006dd1df
0x006dd1df
0x006dcd42
0x006dcd45
0x006dcd45
0x006dcd52
0x006dcc03
0x006dcc0b
0x006dcc11
0x006dcc15
0x006dcc1c
0x006dd0fd
0x006dd103
0x006dc970
0x006dc970
0x006dc973
0x006dc999
0x006dc999
0x006dcc28
0x006dcc32
0x006dcc35
0x006dcc3d
0x006dcc43
0x006dcc47
0x006dcc4e
0x006dd181
0x006dc9a2
0x006dc9a5
0x006dc9cb
0x006dd187
0x006dd187
0x006dd187
0x006dcc54
0x006dcc57
0x006dcc57
0x006dcc64
0x006dcc67
0x006dcc6f
0x006dcc75
0x006dcc79
0x006dcc80
0x006dd197
0x006dc9d4
0x006dc9d7
0x006dc9fd
0x006dd19d
0x006dd19d
0x006dd19d
0x006dcc86
0x006dcc89
0x006dcc89
0x006dcc96
0x006dcc99
0x006dcca1
0x006dcca7
0x006dccab
0x006dccb2
0x006dccbb
0x006db12f
0x006db133
0x006dca06
0x006dca09
0x006dca2f
0x006db139
0x006db139
0x006db139
0x006db133
0x006dccc8
0x006dcccb
0x006dccd3
0x006dccd9
0x006dccdd
0x006dcce4
0x006dcced
0x006db145
0x006db149
0x006dca38
0x006dca3b
0x006dca61
0x006db14f
0x006db14f
0x006db14f
0x006db149
0x006dccfa
0x006dccfd
0x00000000
0x006dccfd
0x006dcc25
0x00000000
0x006dcc25
0x006dcde4
0x00000000
0x006dcde4
0x006dcbfc
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x006dcd00
0x006dcd00
0x006dcd00
0x006dcd05
0x006dcd06
0x006dcd06
0x006dcd0f
0x006dcd16
0x006dcd20
0x006dcd20

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba85eda884759d480e11b0fd4b7ad3ccbdb9e73a1c7a06a8b6f4c63860712b81
Instruction ID: 9fa523cbc081be4bc9c46572d4ea6f5d7976a8720bac2d638f27e3bd11d474a1
Opcode Fuzzy Hash: ba85eda884759d480e11b0fd4b7ad3ccbdb9e73a1c7a06a8b6f4c63860712b81
Instruction Fuzzy Hash: BE4284B6C1823B87C7244F05C4A00B57BA2FF69765B2A406FEDC21B791D7788992E7D0

Uniqueness

Uniqueness Score: 0.00%

Function 0077C889, Relevance: .6, Instructions: 565
COMMONCrypto

C-Code - Quality: 97%

			E0077C889(intOrPtr _a4, signed char _a8, void* _a12, intOrPtr _a16, signed int _a20, intOrPtr _a24, intOrPtr _a28, signed int _a32, signed int* _a36) {
				signed int _v8;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed char _v28;
				unsigned int _v32;
				char _v33;
				char _v34;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				char _v53;
				void* _v60;
				signed char _v64;
				signed int _v68;
				signed int _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				signed int _v88;
				signed int _v92;
				char _v96;
				signed int* _v100;
				char _v140;
				char _v148;
				signed int _v188;
				char _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t299;
				signed int _t310;
				signed int _t315;
				signed int _t316;
				signed int _t332;
				signed int _t335;
				signed char* _t336;
				signed int _t346;
				signed int _t347;
				signed int _t348;
				signed int _t351;
				signed char _t355;
				void* _t361;
				signed int _t363;
				signed int _t373;
				signed int _t374;
				signed int _t377;
				void* _t380;
				signed int _t384;
				signed int _t388;
				signed int _t394;
				signed char _t397;
				intOrPtr _t413;
				signed int _t417;
				signed char _t422;
				signed int* _t428;
				signed int _t431;
				signed int _t432;
				signed char _t444;
				signed int _t445;
				signed char _t450;
				signed int _t452;
				char _t461;
				signed int _t473;
				intOrPtr* _t474;
				signed int* _t476;
				void* _t477;
				intOrPtr _t478;
				signed int _t480;
				intOrPtr _t481;
				signed int _t483;
				signed int _t488;
				intOrPtr* _t489;
				signed int _t491;
				intOrPtr* _t492;
				signed int _t494;
				signed int _t496;
				signed int _t497;
				void* _t498;

				_t299 =  *0x7a81e8; // 0x77d57e23
				_v8 = _t299 ^ _t497;
				_t468 = _a32;
				_v80 = _a4;
				_v28 = _a8;
				_v52 = _a20;
				_v84 = _a24;
				_t428 = _a36;
				_v48 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18));
				_t473 = 0;
				_v64 = _t468;
				_v100 = _t428;
				_v68 = 0;
				_v60 = 0;
				_v44 = 0;
				_v16 = 0;
				_v15 = 0;
				_v14 = 0;
				_v13 = 0;
				_v12 = 0;
				_v11 = 3;
				_t310 = E0073666D( &_v196,  &_v16, 1);
				_t487 = _t310;
				if(_t310 < 0) {
					L101:
					return E00722F0C(_t487, _t428, _v8 ^ _t497, _t468, _t473, _t487);
				}
				_v188 = 0;
				_t315 = E0073666D( &_v148,  &_v16, 1);
				_t487 = _t315;
				if(_t315 < 0) {
					goto L101;
				}
				 *_t428 = 0x400;
				_v140 = 1;
				 *_t468 = 0;
				_t502 = _v80;
				if(_v80 == 0) {
					L5:
					_push(_v28);
					_t316 = E00730B6A(_t428, _t473, _t487, __eflags);
					__eflags = _t316;
					if(_t316 == 0) {
						L4:
						_t487 = 0xc0000077;
						goto L101;
					}
					__eflags = _a12 - _t473;
					asm("sbb eax, eax");
					_t437 =  &_a12;
					_t487 = E006E9F99(_v80, _t473, _t473, _a16, 1, _t473,  &_v196,  &_v148,  &_v196,  &_v148, _a28, 2,  ~_a12 &  &_a12, 0 | _a12 != _t473,  &_v68,  &_v53,  &_v96);
					__eflags = _t487 - 0x8000000b;
					if(_t487 != 0x8000000b) {
						__eflags = _t487 - _t473;
						if(_t487 < _t473) {
							L97:
							_t473 = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								E00722882(_t437, _v48, 0, _v68);
							}
							__eflags = _v60 - _t473;
							if(_v60 != _t473) {
								E00722882(_t437, _v48, _t473, _v60);
							}
							goto L101;
						}
						_t437 = ( *(_v28 + 4) & 0x0000ffff) * 0x18;
						_t332 = E007229EE(_v48,  *0x7aec78 + 0x140000, ( *(_v28 + 4) & 0x0000ffff) * 0x18);
						_v44 = _t332;
						__eflags = _t332 - _t473;
						if(_t332 == _t473) {
							L93:
							_t487 = 0xc0000017;
							L95:
							__eflags = _v44;
							if(_v44 != 0) {
								E00722882(_t437, _v48, 0, _v44);
							}
							goto L97;
						}
						_t437 = _v28;
						_v20 = _v20 & _t473;
						_t474 = _t437 + 8;
						__eflags = 0 -  *(_t437 + 4);
						if(0 >=  *(_t437 + 4)) {
							L31:
							_t335 = _v68;
							_v88 = _v88 & 0x00000000;
							_v32 = _t335 + 8;
							_t468 = 0;
							__eflags = 0 -  *((intOrPtr*)(_t335 + 4));
							if(0 >=  *((intOrPtr*)(_t335 + 4))) {
								L59:
								_t488 =  *(_t437 + 4) & 0x0000ffff;
								_v24 = _v24 & 0x00000000;
								_v20 = _v20 & 0x00000000;
								_v34 = 0;
								_v33 = 0;
								_t336 = _t437 + 8;
								__eflags = _t488;
								if(_t488 <= 0) {
									L71:
									__eflags = _a12;
									asm("sbb eax, eax");
									_t437 =  &_a12;
									_t487 = E006E9F99(_v80, 0, 0, _a16, 1, 0, _v52, _v84, _v52, _v84, _a28, 2,  ~_a12 &  &_a12, 0 | _a12 != 0x00000000,  &_v60,  &_v53,  &_v96);
									__eflags = _t487;
									if(_t487 < 0) {
										goto L95;
									}
									_t489 = _v60;
									_t216 = _t489 + 2; // 0x8c0ffb3b
									_t346 = E007229EE(_v48,  *0x7aec78 + 0x140000, ( *_t216 & 0x0000ffff) + _v24);
									_t437 = _v64;
									 *_v64 = _t346;
									__eflags = _t346;
									if(_t346 == 0) {
										goto L93;
									}
									_t444 =  *_t489;
									_t468 =  *_v28;
									__eflags = _t444 - _t468;
									_t445 = _t444 & 0x000000ff;
									if(_t444 <= _t468) {
										_t445 = _t468 & 0x000000ff;
									}
									_t222 = _v60 + 2; // 0x8c0ffb3b
									_t437 = ( *_t222 & 0x0000ffff) + _v24;
									_t347 = E0073248F(_t346, ( *_t222 & 0x0000ffff) + _v24, _t445);
									__eflags = _t347;
									if(_t347 < 0) {
										goto L7;
									} else {
										_t355 = _v28;
										_v20 = _v20 & 0x00000000;
										_t491 =  *_v64 + 8;
										_t477 = _t355 + 8;
										__eflags = 0 -  *((intOrPtr*)(_t355 + 4));
										if(0 >=  *((intOrPtr*)(_t355 + 4))) {
											L88:
											_t478 = _v60;
											_t275 = _t478 + 2; // 0x8c0ffb3b
											_t276 = _t478 + 8; // 0x77d1c2
											E00704830(_t491, _t276, ( *_t275 & 0x0000ffff) - 8);
											_t361 =  *_v64;
											_t278 = _t478 + 4; // 0x17c8c0f
											_t437 =  *_t278;
											_t498 = _t498 + 0xc;
											_t279 = _t361 + 4;
											 *_t279 =  *(_t361 + 4) +  *_t278;
											__eflags =  *_t279;
											L89:
											_t487 = 0;
											__eflags =  *_t428 & 0x00001000;
											if(( *_t428 & 0x00001000) == 0) {
												goto L95;
											}
											_t476 = _v64;
											_t348 =  *_t476;
											__eflags = _t348;
											if(_t348 != 0) {
												E00722882(_t437, _v48, 0, _t348);
												 *_t476 =  *_t476 & 0;
												__eflags =  *_t476;
											}
											_t428 = _v28;
											_t437 = _t428[0] & 0x0000ffff;
											_t351 = E007229EE(_v48,  *0x7aec78 + 0x140000, _t428[0] & 0x0000ffff);
											 *_t476 = _t351;
											__eflags = _t351;
											if(_t351 != 0) {
												_t437 = _t428[0] & 0x0000ffff;
												E00704830(_t351, _t428, _t428[0] & 0x0000ffff);
												goto L95;
											} else {
												goto L93;
											}
										}
										_t363 = _v44 + 0x10;
										__eflags = _t363;
										_v52 = _t363;
										do {
											_t431 =  *(_t363 - 4) |  *(_t363 + 4) |  *_t363;
											__eflags = _t431;
											if(_t431 == 0) {
												goto L86;
											}
											E00704830(_t491, _t477,  *(_t477 + 2) & 0x0000ffff);
											 *(_t491 + 1) =  *(_t491 + 1) & 0x000000ef;
											_t452 = _t491;
											_t491 = _t491 + ( *(_t477 + 2) & 0x0000ffff);
											_t498 = _t498 + 0xc;
											 *((short*)( *_v64 + 4)) =  *((short*)( *_v64 + 4)) + 1;
											 *(_t452 + 4) =  *(_t477 + 4) & _t431;
											_t432 = _t431 &  !( *(_t477 + 4));
											__eflags = _t432;
											_v16 = _t452;
											_v32 = 0x80000000;
											if(_t432 == 0) {
												L85:
												_t373 = _v16;
												_t263 = _t373 + 4;
												 *_t263 =  *(_t373 + 4) | _t432;
												__eflags =  *_t263;
												_t363 = _v52;
												goto L86;
											} else {
												goto L80;
											}
											while(1) {
												L80:
												_t374 = _v32;
												__eflags = _t374 - 0x10000000;
												if(_t374 < 0x10000000) {
													goto L85;
												}
												__eflags =  *(_t477 + 4) & _t374;
												if(( *(_t477 + 4) & _t374) != 0) {
													_v72 = _t374;
													E006E9611( &_v72, _a28);
													_t377 = _v72;
													__eflags = _t432 & _t377;
													if((_t432 & _t377) != 0) {
														_t468 = _v32;
														 *(_v16 + 4) =  *(_v16 + 4) | _v32;
														_t432 = _t432 &  !_t377;
														__eflags = _t432;
													}
												}
												_v32 = _v32 >> 1;
												__eflags = _t432;
												if(_t432 != 0) {
													continue;
												} else {
													goto L85;
												}
											}
											goto L85;
											L86:
											_v20 = _v20 + 1;
											_t477 = _t477 + ( *(_t477 + 2) & 0x0000ffff);
											_t450 = _v28;
											_t363 = _t363 + 0x18;
											__eflags = _v20 - ( *(_t450 + 4) & 0x0000ffff);
											_v52 = _t363;
										} while (_v20 < ( *(_t450 + 4) & 0x0000ffff));
										_t428 = _v100;
										goto L88;
									}
								}
								_t480 = _v44 + 0x10;
								__eflags = _t480;
								do {
									__eflags =  *(_t480 - 4) |  *(_t480 + 4) |  *_t480;
									if(( *(_t480 - 4) |  *(_t480 + 4) |  *_t480) != 0) {
										_v24 = _v24 + (_t336[2] & 0x0000ffff);
										_t437 =  *((intOrPtr*)(( *_t336 & 0x000000ff) + 0x6eaf70));
										__eflags = _t437;
										if(_t437 != 0) {
											L68:
											__eflags = _t437 - 1;
											if(_t437 != 1) {
												goto L70;
											}
											__eflags = _v34;
											if(_v34 != 0) {
												goto L7;
											}
											goto L70;
										}
										__eflags = _v33 - _t437;
										if(_v33 != _t437) {
											goto L7;
										}
										goto L68;
									}
									_t461 =  *((intOrPtr*)(( *_t336 & 0x000000ff) + 0x6eaf70));
									__eflags = _t461;
									if(_t461 == 0) {
										_v34 = 1;
									}
									__eflags = _t461 - 1;
									if(_t461 == 1) {
										_v33 = _t461;
									}
									L70:
									_v20 = _v20 + 1;
									_t480 = _t480 + 0x18;
									_t336 =  &(_t336[_t336[2] & 0x0000ffff]);
									__eflags = _v20 - _t488;
								} while (_v20 < _t488);
								goto L71;
							} else {
								goto L32;
							}
							while(1) {
								L32:
								_t380 =  *_v32;
								__eflags = _t380 - 8;
								if(_t380 > 8) {
									goto L7;
								}
								__eflags = _t380 - 4;
								if(_t380 == 4) {
									goto L7;
								}
								_t492 = _v32;
								_t481 = _a28;
								_v40 =  *((intOrPtr*)(_t492 + 4));
								E006E9611( &_v40, _t481);
								_t384 =  *_t492;
								__eflags = _t384;
								if(_t384 == 0) {
									L39:
									_t483 = _v40 &  *(_a28 + 0xc);
									__eflags = _t483;
									L40:
									_t468 = 0;
									__eflags = _t483;
									if(_t483 == 0) {
										L57:
										_v32 = _v32 + ( *(_v32 + 2) & 0x0000ffff);
										_t388 = _v68;
										_v88 = _v88 + 1;
										__eflags = _v88 - ( *(_t388 + 4) & 0x0000ffff);
										if(_v88 < ( *(_t388 + 4) & 0x0000ffff)) {
											continue;
										}
										_t437 = _v28;
										goto L59;
									}
									_t437 =  !( *(_t492 + 1) & 0x000000ff) & 0x00000008 |  *(_t492 + 1) & 3;
									__eflags = _t437;
									if(_t437 == 0) {
										goto L57;
									}
									__eflags = _t437 & 0x00000002;
									if((_t437 & 0x00000002) == 0) {
										_v24 = 0;
										_v16 = 0;
									} else {
										_v24 = _t483;
										_v16 = _t483;
									}
									__eflags = _t437 & 0x00000001;
									if((_t437 & 0x00000001) == 0) {
										_v40 = _t468;
										_v72 = _t468;
									} else {
										_v40 = _t483;
										_v72 = _t483;
									}
									__eflags = _t437 & 0x00000008;
									if((_t437 & 0x00000008) == 0) {
										_t483 = 0;
										__eflags = 0;
										_v92 = _t468;
									} else {
										_v92 = _t483;
									}
									_t437 = _v28;
									_v76 = _t437 + 8;
									_v20 = _t468;
									__eflags = 0 -  *(_t437 + 4);
									if(0 >=  *(_t437 + 4)) {
										L56:
										__eflags = _t483 | _v40 | _v24;
										if((_t483 | _v40 | _v24) != 0) {
											goto L7;
										}
										goto L57;
									} else {
										_t494 = _v44 + 0x14;
										__eflags = _t494;
										do {
											_t394 = E006EAE89(_t437, _t483, _v32, _v76, _v52, _v84);
											__eflags = _t394;
											if(_t394 != 0) {
												_t483 = _t483 &  !( *(_t494 - 0xc));
												_v24 = _v24 &  !( *(_t494 - 0x14));
												_v40 = _v40 &  !( *(_t494 - 0x10));
												 *_t494 =  *_t494 &  !_v92;
												 *(_t494 - 8) =  *(_t494 - 8) &  !_v16;
												_t154 = _t494 - 4;
												 *_t154 =  *(_t494 - 4) &  !_v72;
												__eflags =  *_t154;
											}
											_v76 = _v76 + ( *(_v76 + 2) & 0x0000ffff);
											_t397 = _v28;
											_v20 = _v20 + 1;
											_t494 = _t494 + 0x18;
											__eflags = _v20 - ( *(_t397 + 4) & 0x0000ffff);
										} while (_v20 < ( *(_t397 + 4) & 0x0000ffff));
										goto L56;
									}
								}
								__eflags = _t384 - 1;
								if(_t384 == 1) {
									goto L39;
								}
								__eflags = _t384 - 5;
								if(_t384 == 5) {
									goto L39;
								}
								__eflags = _t384 - 6;
								if(_t384 == 6) {
									goto L39;
								}
								_t483 = _v40 & ( *(_t481 + 0xc) | 0x01000000);
								goto L40;
							}
						} else {
							_t496 = _v44 + 4;
							__eflags = _t496;
							while(1) {
								_t413 =  *_t474;
								__eflags = _t413 - 8;
								if(_t413 > 8) {
									goto L7;
								}
								__eflags = _t413 - 4;
								if(_t413 == 4) {
									goto L7;
								}
								_v24 =  *((intOrPtr*)(_t474 + 4));
								E006E9611( &_v24, _a28);
								_t417 =  *_t474;
								__eflags = _t417;
								if(_t417 == 0) {
									L19:
									_t468 = _v24 &  *(_a28 + 0xc);
									__eflags = _t468;
									L20:
									_t437 =  !( *(_t474 + 1) & 0x000000ff) & 0x00000008 |  *(_t474 + 1) & 3;
									__eflags = _t437 & 0x00000002;
									if((_t437 & 0x00000002) == 0) {
										 *(_t496 - 4) =  *(_t496 - 4) & 0x00000000;
										_t76 = _t496 + 8;
										 *_t76 =  *(_t496 + 8) & 0x00000000;
										__eflags =  *_t76;
									} else {
										 *(_t496 - 4) = _t468;
										 *(_t496 + 8) = _t468;
									}
									__eflags = _t437 & 0x00000001;
									if((_t437 & 0x00000001) == 0) {
										 *_t496 =  *_t496 & 0x00000000;
										_t81 = _t496 + 0xc;
										 *_t81 =  *(_t496 + 0xc) & 0x00000000;
										__eflags =  *_t81;
									} else {
										 *_t496 = _t468;
										 *(_t496 + 0xc) = _t468;
									}
									__eflags = _t437 & 0x00000008;
									if((_t437 & 0x00000008) == 0) {
										 *(_t496 + 4) =  *(_t496 + 4) & 0x00000000;
										_t89 = _t496 + 0x10;
										 *_t89 =  *(_t496 + 0x10) & 0x00000000;
										__eflags =  *_t89;
									} else {
										 *(_t496 + 4) = _t468;
										 *(_t496 + 0x10) = _t468;
									}
									_v20 = _v20 + 1;
									_t474 = _t474 + ( *(_t474 + 2) & 0x0000ffff);
									_t422 = _v28;
									_t496 = _t496 + 0x18;
									__eflags = _v20 - ( *(_t422 + 4) & 0x0000ffff);
									if(_v20 < ( *(_t422 + 4) & 0x0000ffff)) {
										continue;
									} else {
										_t437 = _v28;
										goto L31;
									}
								}
								__eflags = _t417 - 1;
								if(_t417 == 1) {
									goto L19;
								}
								__eflags = _t417 - 5;
								if(_t417 == 5) {
									goto L19;
								}
								__eflags = _t417 - 6;
								if(_t417 == 6) {
									goto L19;
								} else {
									_t468 = _v24 & ( *(_a28 + 0xc) | 0x01000000);
									goto L20;
								}
							}
						}
					}
					L7:
					 *_t428 =  *_t428 | 0x00001000;
					goto L89;
				}
				_push(_v80);
				if(E00730B6A(_t428, 0, _t487, _t502) != 0) {
					goto L5;
				}
				goto L4;
			}

0x0077c894
0x0077c89b
0x0077c8a1
0x0077c8a4
0x0077c8aa
0x0077c8b0
0x0077c8b6
0x0077c8c6
0x0077c8cb
0x0077c8d4
0x0077c8dd
0x0077c8e0
0x0077c8e3
0x0077c8e6
0x0077c8e9
0x0077c8ec
0x0077c8f0
0x0077c8f4
0x0077c8f8
0x0077c8fc
0x0077c900
0x0077c904
0x0077c909
0x0077c90d
0x0077ceef
0x0077ceff
0x0077ceff
0x0077c920
0x0077c926
0x0077c92b
0x0077c92f
0x00000000
0x00000000
0x0077c935
0x0077c93b
0x0077c945
0x0077c947
0x0077c94a
0x0077c962
0x0077c962
0x0077c965
0x0077c96a
0x0077c96c
0x0077c958
0x0077c958
0x00000000
0x0077c958
0x0077c97f
0x0077c986
0x0077c989
0x0077c9c0
0x0077c9c2
0x0077c9c8
0x0077c9d5
0x0077c9d7
0x0077cecb
0x0077cecb
0x0077cecd
0x0077ced0
0x0077ced9
0x0077ced9
0x0077cede
0x0077cee1
0x0077ceea
0x0077ceea
0x00000000
0x0077cee1
0x0077c9e9
0x0077c9f6
0x0077c9fb
0x0077c9fe
0x0077ca00
0x0077cea2
0x0077cea2
0x0077ceb8
0x0077ceb8
0x0077cebc
0x0077cec6
0x0077cec6
0x00000000
0x0077cebc
0x0077ca06
0x0077ca09
0x0077ca0e
0x0077ca11
0x0077ca15
0x0077cad6
0x0077cad6
0x0077cad9
0x0077cae0
0x0077cae3
0x0077cae5
0x0077cae9
0x0077cc3e
0x0077cc3e
0x0077cc42
0x0077cc46
0x0077cc4a
0x0077cc4e
0x0077cc52
0x0077cc55
0x0077cc57
0x0077ccc1
0x0077ccd4
0x0077ccdb
0x0077ccde
0x0077cd05
0x0077cd07
0x0077cd09
0x00000000
0x00000000
0x0077cd0f
0x0077cd12
0x0077cd28
0x0077cd2d
0x0077cd30
0x0077cd32
0x0077cd34
0x00000000
0x00000000
0x0077cd3d
0x0077cd3f
0x0077cd41
0x0077cd43
0x0077cd46
0x0077cd48
0x0077cd48
0x0077cd4f
0x0077cd53
0x0077cd58
0x0077cd5d
0x0077cd5f
0x00000000
0x0077cd65
0x0077cd6a
0x0077cd6d
0x0077cd73
0x0077cd76
0x0077cd79
0x0077cd7d
0x0077ce3d
0x0077ce3d
0x0077ce40
0x0077ce48
0x0077ce4d
0x0077ce55
0x0077ce57
0x0077ce57
0x0077ce5b
0x0077ce5e
0x0077ce5e
0x0077ce5e
0x0077ce62
0x0077ce62
0x0077ce64
0x0077ce6a
0x00000000
0x00000000
0x0077ce6c
0x0077ce6f
0x0077ce71
0x0077ce73
0x0077ce7a
0x0077ce7f
0x0077ce7f
0x0077ce7f
0x0077ce81
0x0077ce84
0x0077ce97
0x0077ce9c
0x0077ce9e
0x0077cea0
0x0077cea9
0x0077ceb0
0x00000000
0x00000000
0x00000000
0x00000000
0x0077cea0
0x0077cd86
0x0077cd86
0x0077cd89
0x0077cd8c
0x0077cd92
0x0077cd92
0x0077cd94
0x00000000
0x00000000
0x0077cda1
0x0077cda6
0x0077cdae
0x0077cdb0
0x0077cdb7
0x0077cdba
0x0077cdc3
0x0077cdcb
0x0077cdcb
0x0077cdcd
0x0077cdd0
0x0077cdd7
0x0077ce12
0x0077ce12
0x0077ce15
0x0077ce15
0x0077ce15
0x0077ce18
0x00000000
0x00000000
0x00000000
0x00000000
0x0077cdd9
0x0077cdd9
0x0077cdd9
0x0077cddc
0x0077cde1
0x00000000
0x00000000
0x0077cde3
0x0077cde6
0x0077cdeb
0x0077cdf2
0x0077cdf7
0x0077cdfa
0x0077cdfc
0x0077cdfe
0x0077ce04
0x0077ce09
0x0077ce09
0x0077ce09
0x0077cdfc
0x0077ce0b
0x0077ce0e
0x0077ce10
0x00000000
0x00000000
0x00000000
0x00000000
0x0077ce10
0x00000000
0x0077ce1b
0x0077ce1f
0x0077ce22
0x0077ce24
0x0077ce2b
0x0077ce2e
0x0077ce31
0x0077ce31
0x0077ce3a
0x00000000
0x0077ce3a
0x0077cd5f
0x0077cc5c
0x0077cc5c
0x0077cc5f
0x0077cc65
0x0077cc67
0x0077cc88
0x0077cc8e
0x0077cc94
0x0077cc96
0x0077cca1
0x0077cca1
0x0077cca4
0x00000000
0x00000000
0x0077cca6
0x0077ccaa
0x00000000
0x00000000
0x00000000
0x0077ccaa
0x0077cc98
0x0077cc9b
0x00000000
0x00000000
0x00000000
0x0077cc9b
0x0077cc6c
0x0077cc72
0x0077cc74
0x0077cc76
0x0077cc76
0x0077cc7a
0x0077cc7d
0x0077cc7f
0x0077cc7f
0x0077ccb0
0x0077ccb4
0x0077ccb7
0x0077ccba
0x0077ccbc
0x0077ccbc
0x00000000
0x00000000
0x00000000
0x00000000
0x0077caef
0x0077caef
0x0077caf2
0x0077caf4
0x0077caf6
0x00000000
0x00000000
0x0077cafc
0x0077cafe
0x00000000
0x00000000
0x0077cb04
0x0077cb0a
0x0077cb0d
0x0077cb15
0x0077cb1a
0x0077cb1c
0x0077cb1e
0x0077cb3b
0x0077cb41
0x0077cb41
0x0077cb44
0x0077cb44
0x0077cb46
0x0077cb48
0x0077cc1e
0x0077cc25
0x0077cc28
0x0077cc2f
0x0077cc32
0x0077cc35
0x00000000
0x00000000
0x0077cc3b
0x00000000
0x0077cc3b
0x0077cb5c
0x0077cb5c
0x0077cb5e
0x00000000
0x00000000
0x0077cb64
0x0077cb67
0x0077cb71
0x0077cb74
0x0077cb69
0x0077cb69
0x0077cb6c
0x0077cb6c
0x0077cb77
0x0077cb7a
0x0077cb84
0x0077cb87
0x0077cb7c
0x0077cb7c
0x0077cb7f
0x0077cb7f
0x0077cb8a
0x0077cb8d
0x0077cb94
0x0077cb94
0x0077cb96
0x0077cb8f
0x0077cb8f
0x0077cb8f
0x0077cb99
0x0077cb9f
0x0077cba4
0x0077cba7
0x0077cbab
0x0077cc12
0x0077cc15
0x0077cc18
0x00000000
0x00000000
0x00000000
0x0077cbad
0x0077cbb0
0x0077cbb0
0x0077cbb3
0x0077cbbf
0x0077cbc4
0x0077cbc6
0x0077cbcd
0x0077cbd4
0x0077cbdc
0x0077cbe4
0x0077cbeb
0x0077cbf3
0x0077cbf3
0x0077cbf3
0x0077cbf3
0x0077cbfd
0x0077cc00
0x0077cc07
0x0077cc0a
0x0077cc0d
0x0077cc0d
0x00000000
0x0077cbb3
0x0077cbab
0x0077cb20
0x0077cb22
0x00000000
0x00000000
0x0077cb24
0x0077cb26
0x00000000
0x00000000
0x0077cb28
0x0077cb2a
0x00000000
0x00000000
0x0077cb37
0x00000000
0x0077cb37
0x0077ca1b
0x0077ca1e
0x0077ca1e
0x0077ca21
0x0077ca21
0x0077ca23
0x0077ca25
0x00000000
0x00000000
0x0077ca27
0x0077ca29
0x00000000
0x00000000
0x0077ca31
0x0077ca38
0x0077ca3d
0x0077ca3f
0x0077ca41
0x0077ca61
0x0077ca67
0x0077ca67
0x0077ca6a
0x0077ca78
0x0077ca7a
0x0077ca7d
0x0077ca87
0x0077ca8b
0x0077ca8b
0x0077ca8b
0x0077ca7f
0x0077ca7f
0x0077ca82
0x0077ca82
0x0077ca8f
0x0077ca92
0x0077ca9b
0x0077ca9e
0x0077ca9e
0x0077ca9e
0x0077ca94
0x0077ca94
0x0077ca96
0x0077ca96
0x0077caa2
0x0077caa5
0x0077caaf
0x0077cab3
0x0077cab3
0x0077cab3
0x0077caa7
0x0077caa7
0x0077caaa
0x0077caaa
0x0077cabb
0x0077cabe
0x0077cac0
0x0077cac7
0x0077caca
0x0077cacd
0x00000000
0x0077cad3
0x0077cad3
0x00000000
0x0077cad3
0x0077cacd
0x0077ca43
0x0077ca45
0x00000000
0x00000000
0x0077ca47
0x0077ca49
0x00000000
0x00000000
0x0077ca4b
0x0077ca4d
0x00000000
0x0077ca4f
0x0077ca5d
0x00000000
0x0077ca5d
0x0077ca4d
0x0077ca21
0x0077ca15
0x0077c9ca
0x0077c9ca
0x00000000
0x0077c9ca
0x0077c94c
0x0077c956
0x00000000
0x00000000
0x00000000

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5455fd565ce4b5f701f590d3bdbaf8c80ec33b5823ed6f056137128bc8668864
Instruction ID: 5406efd024dfd49f72712ac5047f5ed2c1d22fccc35d76e2b69a68cc1a8d6b6c
Opcode Fuzzy Hash: 5455fd565ce4b5f701f590d3bdbaf8c80ec33b5823ed6f056137128bc8668864
Instruction Fuzzy Hash: 4F3279B1D00219DFDF16CF98C845AEEBBF5FF48341F18845AE849A7251D778A941CBA0

Uniqueness

Uniqueness Score: 0.00%

Function 007A0404, Relevance: .5, Instructions: 529
COMMONCrypto

C-Code - Quality: 86%

			E007A0404(signed int __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t292;
				signed char _t296;
				signed char _t306;
				signed char _t308;
				signed int _t319;
				signed int _t329;
				signed short _t332;
				signed int _t334;
				intOrPtr _t339;
				signed char _t340;
				signed int _t342;
				signed int _t358;
				signed int _t361;
				signed int _t372;
				signed int _t375;
				signed int _t377;
				short _t379;
				signed int _t386;
				signed int _t387;
				signed int _t393;
				signed short _t396;
				signed int _t406;
				signed int _t416;
				signed int _t417;
				signed int _t419;
				intOrPtr _t426;
				signed short _t427;
				signed short _t429;
				void* _t430;
				short _t431;
				short _t432;
				signed int _t437;
				void* _t438;
				short _t441;
				signed char _t443;
				signed int _t445;
				signed short _t448;
				signed int _t451;
				short _t452;
				signed short* _t463;
				unsigned int _t464;
				signed int _t472;
				signed short* _t473;
				signed int _t474;
				signed int _t475;
				signed int _t476;
				void* _t479;
				signed int _t480;

				_t414 = __ebx;
				_push(0x268);
				_push(0x721dc0);
				E00726F10(__ebx, __edi, __esi);
				_t455 = 0;
				 *(_t479 - 0x40) = 0;
				 *(_t479 - 0x48) = 0;
				 *(_t479 - 0x58) = 0;
				 *(_t479 - 0x60) = 0;
				 *(_t479 - 0x54) = 0;
				 *( *((intOrPtr*)(_t479 + 0x28)) + 0x40) = 0;
				if( *(_t479 + 0x20) <= 0x80) {
					__eflags =  *( *((intOrPtr*)(_t479 + 8)) + 0xc8) >> 0x00000002 & 0x00000001;
					if(__eflags != 0) {
						_push(0x374);
						_t406 = E007A0313(__ebx, 0, __esi, __eflags);
						__eflags = _t406;
						if(_t406 != 0) {
							 *((intOrPtr*)(_t479 - 4)) = 0;
							E00716F5C(0x310);
							 *(_t479 - 0x18) = _t480;
							 *(_t479 - 0x48) = _t480;
							 *((intOrPtr*)(_t479 - 4)) = 0xfffffffe;
							E007A036E(0, __eflags, _t479 - 0x48, _t479 - 0x58);
						}
					}
					 *(_t479 - 0x38) = _t455;
					_t463 =  *((intOrPtr*)(_t479 + 8)) + 0x68;
					 *(_t479 - 0x68) = _t463;
					while(1) {
						_t292 =  *((intOrPtr*)(_t479 + 0xc));
						 *(_t479 - 0x64) = _t455;
						 *(_t479 - 0x30) = _t455;
						_t416 = 0x50;
						 *(_t479 - 0x20) = _t416;
						 *(_t479 - 0x24) = _t416;
						 *((char*)(_t479 - 0x2b)) = 0;
						 *((char*)(_t479 - 0x2a)) = 0;
						 *((char*)(_t479 - 0x29)) = 0;
						 *(_t479 - 0x34) = _t455;
						 *(_t479 - 0x3c) = _t455;
						 *(_t479 - 0x44) = _t455;
						 *(_t479 - 0x50) = _t455;
						 *(_t479 - 0x4c) = _t455;
						_t417 =  *(_t292 + 8);
						_t451 =  *(_t292 + 0xc);
						__eflags = _t463[2];
						if(_t463[2] == 0) {
							goto L86;
						}
						_t414 = _t463[2];
						__eflags =  *((intOrPtr*)(_t292 + 4)) - _t414;
						if( *((intOrPtr*)(_t292 + 4)) <= _t414) {
							L10:
							_t296 =  *_t463 >> 6;
							__eflags = _t296 & 0x00000001;
							if((_t296 & 0x00000001) == 0) {
								L12:
								_t414 =  *(_t463 - 4) & _t451;
								__eflags =  *(_t463 - 8) & _t417 |  *(_t463 - 4) & _t451;
								if(( *(_t463 - 8) & _t417 |  *(_t463 - 4) & _t451) == 0) {
									goto L86;
								}
								_t414 =  *(_t463 - 0x10);
								_t419 =  *(_t463 - 0xc) & _t451;
								__eflags = (_t414 & _t417) - _t414;
								if((_t414 & _t417) != _t414) {
									goto L86;
								}
								__eflags = _t419 -  *(_t463 - 0xc);
								if(_t419 !=  *(_t463 - 0xc)) {
									goto L86;
								}
								L15:
								 *(_t479 - 0x6c) =  *(_t479 - 0x38) << 2;
								_t421 = 1;
								asm("lock xadd [eax], ecx");
								__eflags =  *(_t479 + 0x1c);
								if( *(_t479 + 0x1c) != 0) {
									 *(_t479 - 0x20) = 0x68;
								}
								__eflags =  *_t463 & 0x00000001;
								if(( *_t463 & 0x00000001) != 0) {
									_push(_t479 - 0x5c);
									_push(1);
									_t414 = 0x20008;
									_push(0x20008);
									_push(0xfffffffe);
									_t396 = E007159E0();
									 *(_t479 - 0x28) = _t396;
									__eflags = _t396 - 0xc000007c;
									if(_t396 == 0xc000007c) {
										_push(_t479 - 0x5c);
										_push(0x20008);
										_push(0xffffffff);
										 *(_t479 - 0x28) = E00715960();
									}
									__eflags =  *(_t479 - 0x28);
									if( *(_t479 - 0x28) >= 0) {
										_push(_t479 - 0x3c);
										_push(0x80);
										_push(_t479 - 0x278);
										_push(1);
										_push( *((intOrPtr*)(_t479 - 0x5c)));
										 *(_t479 - 0x28) = E00715C40();
										_push( *((intOrPtr*)(_t479 - 0x5c)));
										E00715090();
										 *(_t479 - 0x3c) =  *(_t479 - 0x3c) - 8;
										_t455 =  *(_t479 - 0x3c) + 0x0000000f & 0x0000fff8;
										 *(_t479 - 0x34) = _t455;
										__eflags =  *(_t479 - 0x28);
										if( *(_t479 - 0x28) >= 0) {
											 *((char*)(_t479 - 0x2a)) = 1;
											_t70 = _t479 - 0x20;
											 *_t70 =  *(_t479 - 0x20) + (_t455 & 0x0000ffff);
											__eflags =  *_t70;
										}
									}
								}
								_t464 =  *_t463;
								_t306 = _t464 >> 2;
								__eflags = _t306 & 0x00000001;
								if((_t306 & 0x00000001) != 0) {
									__eflags =  *(_t479 - 0x48);
									if( *(_t479 - 0x48) != 0) {
										 *((char*)(_t479 - 0x29)) = 1;
										_t77 = _t479 - 0x20;
										 *_t77 =  *(_t479 - 0x20) + ( *(_t479 - 0x58) & 0x0000ffff);
										__eflags =  *_t77;
									}
								}
								_t308 = _t464 >> 1;
								__eflags = _t308 & 0x00000001;
								if((_t308 & 0x00000001) != 0) {
									 *((char*)(_t479 - 0x2b)) = 1;
									_t82 = _t479 - 0x20;
									 *_t82 =  *(_t479 - 0x20) + 0x10;
									__eflags =  *_t82;
								}
								_t463 = ( *( *((intOrPtr*)(_t479 + 0x28)) + 0x40) << 4) +  *((intOrPtr*)(_t479 + 0x28));
								 *(_t479 - 0x28) =  *(_t479 - 0x28) & 0x00000000;
								__eflags =  *(_t479 + 0x20);
								if( *(_t479 + 0x20) <= 0) {
									L43:
									__eflags =  *(_t479 - 0x50);
									if( *(_t479 - 0x50) != 0) {
										_t111 = _t479 - 0x20;
										 *_t111 =  *(_t479 - 0x20) + (( *(_t479 - 0x44) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
										__eflags =  *_t111;
									}
									__eflags =  *(_t479 - 0x40);
									if( *(_t479 - 0x40) != 0) {
										L92:
										asm("lock xadd [eax], ecx");
										L93:
										goto L94;
									} else {
										_t463[6] =  *(_t479 - 0x20);
										_t455 =  *( *(_t479 - 0x6c) + 0x7af9e4);
										 *(_t479 - 0x28) = _t455;
										__eflags = _t455;
										if(_t455 == 0) {
											L91:
											 *(_t479 - 0x40) = 6;
											goto L92;
										}
										__eflags = _t455 - 0x7af9e4;
										if(_t455 == 0x7af9e4) {
											goto L91;
										}
										_t421 = _t479 - 0x78;
										_t414 = E007A018E( *(_t479 - 0x20), _t455,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t479 - 0x78, _t479 - 0x64);
										__eflags = _t414;
										if(_t414 == 0) {
											_t319 =  *(_t479 - 0x20) + 0x00000007 & 0xfffffff8;
											__eflags = _t319 - 0xffff;
											if(_t319 <= 0xffff) {
												_t421 =  *((intOrPtr*)(_t455 + 0x80)) - 0x48;
												__eflags =  *((intOrPtr*)(_t455 + 0x80)) - 0x48 - _t319;
												asm("sbb eax, eax");
												 *(_t479 - 0x40) = (_t319 & 0x000000e2) + 8;
											} else {
												 *(_t479 - 0x40) = 0x216;
											}
											goto L92;
										}
										 *_t463 = _t455;
										_t463[2] = _t414;
										_t463[4] =  *(_t479 - 0x64);
										 *( *((intOrPtr*)(_t479 + 0x28)) + 0x40) =  *( *((intOrPtr*)(_t479 + 0x28)) + 0x40) + 1;
										 *_t414 =  *(_t479 - 0x20);
										 *((short*)(_t414 + 2)) = 0xc012;
										 *(_t414 + 4) =  *((intOrPtr*)(_t479 + 0x14));
										 *((short*)(_t414 + 6)) =  *((intOrPtr*)(_t479 + 0x10));
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										_t140 = _t414 + 0x40; // 0x40
										_t455 = _t140;
										__eflags =  *(_t479 + 0x18);
										if( *(_t479 + 0x18) == 0) {
											__eflags =  *[fs:0x18] + 0xf50;
										}
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										__eflags =  *(_t479 + 0x1c);
										if( *(_t479 + 0x1c) != 0) {
											_t142 = _t414 + 0x50; // 0x50
											_t387 = _t142;
											_t438 = 0x18;
											 *_t387 = _t438;
											 *((short*)(_t387 + 2)) = 1;
											_t441 = 0x10;
											 *((short*)(_t387 + 6)) = _t441;
											 *((short*)(_t387 + 4)) = 0;
											_t146 = _t387 + 8; // 0x58
											_t455 = _t146;
											asm("movsd");
											asm("movsd");
											asm("movsd");
											asm("movsd");
											_t147 = _t414 + 4;
											 *_t147 =  *(_t414 + 4) | 0x00000001;
											__eflags =  *_t147;
											 *(_t479 - 0x24) = 0x68;
											 *(_t479 - 0x30) = _t387;
										}
										__eflags =  *((char*)(_t479 - 0x2a)) - 1;
										if( *((char*)(_t479 - 0x2a)) == 1) {
											_t476 =  *(_t479 - 0x24) + _t414;
											_t455 =  *(_t479 - 0x34);
											 *_t476 = _t455;
											_t379 = 2;
											 *((short*)(_t476 + 2)) = _t379;
											 *((short*)(_t476 + 6)) =  *(_t479 - 0x3c);
											 *((short*)(_t476 + 4)) = 0;
											_t161 = _t476 + 8; // 0x8
											E00704830(_t161, _t479 - 0x270,  *(_t479 - 0x3c));
											_t480 = _t480 + 0xc;
											 *(_t414 + 4) =  *(_t414 + 4) | 0x00000001;
											 *(_t479 - 0x24) =  *(_t479 - 0x24) + (_t455 & 0x0000ffff);
											_t386 =  *(_t479 - 0x30);
											__eflags = _t386;
											if(_t386 != 0) {
												_t167 = _t386 + 4;
												 *_t167 =  *(_t386 + 4) | 0x00000001;
												__eflags =  *_t167;
											}
											 *(_t479 - 0x30) = _t476;
										}
										__eflags =  *((char*)(_t479 - 0x2b)) - 1;
										if( *((char*)(_t479 - 0x2b)) == 1) {
											_t377 =  *(_t479 - 0x24) + _t414;
											_t430 = 0x10;
											 *_t377 = _t430;
											_t431 = 3;
											 *((short*)(_t377 + 2)) = _t431;
											_t432 = 4;
											 *((short*)(_t377 + 6)) = _t432;
											 *((short*)(_t377 + 4)) = 0;
											 *((intOrPtr*)(_t377 + 8)) =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x1d4));
											 *(_t414 + 4) =  *(_t414 + 4) | 0x00000001;
											 *(_t479 - 0x24) =  *(_t479 - 0x24) + 0x10;
											_t437 =  *(_t479 - 0x30);
											__eflags = _t437;
											if(_t437 != 0) {
												_t183 = _t437 + 4;
												 *_t183 =  *(_t437 + 4) | 0x00000001;
												__eflags =  *_t183;
											}
											 *(_t479 - 0x30) = _t377;
										}
										__eflags =  *((char*)(_t479 - 0x29)) - 1;
										if( *((char*)(_t479 - 0x29)) == 1) {
											_t455 = _t414 +  *(_t479 - 0x24);
											_t475 =  *(_t479 - 0x58) & 0x0000ffff;
											E00704830(_t455,  *(_t479 - 0x48), _t475);
											_t480 = _t480 + 0xc;
											 *(_t414 + 4) =  *(_t414 + 4) | 0x00000001;
											 *(_t479 - 0x24) =  *(_t479 - 0x24) + _t475;
											_t375 =  *(_t479 - 0x30);
											__eflags = _t375;
											if(_t375 != 0) {
												_t196 = _t375 + 4;
												 *_t196 =  *(_t375 + 4) | 0x00000001;
												__eflags =  *_t196;
											}
											 *(_t479 - 0x30) = _t455;
										}
										__eflags =  *(_t479 - 0x54);
										if( *(_t479 - 0x54) != 0) {
											_t474 =  *(_t479 - 0x24) + _t414;
											_t429 =  *(_t479 - 0x60);
											_t361 = _t429 + 0x0000000f & 0x0000fff8;
											 *_t474 = _t361;
											_t452 = 0xc;
											 *((short*)(_t474 + 2)) = _t452;
											 *(_t474 + 6) = _t429;
											_t451 = 0;
											 *((short*)(_t474 + 4)) = 0;
											 *(_t479 - 0x6c) = _t361 - _t429 - 0x00000008 & 0x0000ffff;
											_t208 = _t474 + 8; // 0x8
											_t455 = _t208;
											 *(_t479 - 0x34) = _t429 & 0x0000ffff;
											E00704830(_t208,  *(_t479 - 0x54), _t429 & 0x0000ffff);
											E00704EC0( *(_t479 - 0x34) + _t208, 0,  *(_t479 - 0x6c) & 0x0000ffff);
											_t480 = _t480 + 0x18;
											 *(_t414 + 4) =  *(_t414 + 4) | 0x00000001;
											 *(_t479 - 0x24) =  *(_t479 - 0x24) + ( *_t474 & 0x0000ffff);
											_t372 =  *(_t479 - 0x30);
											__eflags = _t372;
											if(_t372 != 0) {
												_t218 = _t372 + 4;
												 *_t218 =  *(_t372 + 4) | 0x00000001;
												__eflags =  *_t218;
											}
											 *(_t479 - 0x30) = _t474;
										}
										__eflags =  *(_t479 - 0x50);
										if( *(_t479 - 0x50) != 0) {
											_t473 =  *(_t479 - 0x24) + _t414;
											_t451 =  *(_t479 - 0x44);
											 *_t473 = _t451 + 0x0000000f & 0x0000fff8;
											_t427 = 0xb;
											_t473[1] = _t427;
											_t473[3] = _t451;
											_t473[2] = 0;
											_t229 =  &(_t473[4]); // 0x8
											_t455 = _t229;
											 *(_t479 - 0x4c) = _t229;
											E00704EC0((_t451 & 0x0000ffff) + _t229, 0, (_t451 + 0x0000000f & 0x0000fff8) - _t451 - 0x00000008 & 0x0000ffff);
											_t480 = _t480 + 0xc;
											 *(_t414 + 4) =  *(_t414 + 4) | 0x00000001;
											 *(_t479 - 0x24) =  *(_t479 - 0x24) + ( *_t473 & 0x0000ffff);
											_t358 =  *(_t479 - 0x30);
											__eflags = _t358;
											if(_t358 != 0) {
												_t236 = _t358 + 4;
												 *_t236 =  *(_t358 + 4) | 0x00000001;
												__eflags =  *_t236;
											}
										}
										_t329 =  *(_t479 + 0x20);
										__eflags = _t329;
										if(_t329 <= 0) {
											L82:
											 *((intOrPtr*)(_t414 + 0x10)) =  *(_t479 - 0x78);
											 *(_t414 + 0x14) =  *(_t479 - 0x74);
											_t332 =  *(_t479 - 0x28);
											__eflags =  *((intOrPtr*)(_t332 + 0x10)) - 3;
											if( *((intOrPtr*)(_t332 + 0x10)) != 3) {
												asm("rdtsc");
												 *(_t414 + 0x38) = _t332;
												 *(_t414 + 0x3c) = _t451;
											} else {
												 *(_t414 + 0x38) =  *(_t479 - 0x78);
												 *(_t414 + 0x3c) =  *(_t479 - 0x74);
											}
											_t334 =  *[fs:0x18] + 0x20;
											__eflags = _t334;
											 *((intOrPtr*)(_t414 + 8)) =  *((intOrPtr*)(_t334 + 4));
											 *((intOrPtr*)(_t414 + 0xc)) =  *_t334;
											_t463 =  *(_t479 - 0x68);
											goto L86;
										} else {
											_t472 =  *((intOrPtr*)(_t479 + 0x24)) + 0xc;
											__eflags = _t472;
											 *(_t479 - 0x34) = _t329;
											do {
												_t455 =  *(_t472 - 4);
												_t426 =  *((intOrPtr*)(_t472 - 0xc));
												 *(_t479 - 0x6c) =  *(_t472 - 8);
												_t339 =  *((intOrPtr*)(_t479 + 8));
												__eflags =  *(_t339 + 0x3c) & 0x80000000;
												if(( *(_t339 + 0x3c) & 0x80000000) != 0) {
													_t340 =  *_t472;
												} else {
													_t340 = 0;
												}
												_t342 = (_t340 & 0x000000ff) - 1;
												__eflags = _t342;
												if(_t342 == 0) {
													E00704830( *(_t479 - 0x4c), _t426, _t455);
													_t480 = _t480 + 0xc;
													_t253 = _t479 - 0x4c;
													 *_t253 =  *(_t479 - 0x4c) + _t455;
													__eflags =  *_t253;
												} else {
													__eflags = _t342 != 1;
													if(_t342 != 1) {
														 *(_t479 - 0x24) =  *(_t479 - 0x24) + _t455;
														E00704830( *(_t479 - 0x24) + _t414, _t426, _t455);
														_t480 = _t480 + 0xc;
													}
												}
												_t472 = _t472 + 0x10;
												_t255 = _t479 - 0x34;
												 *_t255 =  *(_t479 - 0x34) - 1;
												__eflags =  *_t255;
											} while ( *_t255 != 0);
											goto L82;
										}
									}
								} else {
									_t451 =  *( *((intOrPtr*)(_t479 + 8)) + 0x3c) >> 0x1f;
									_t393 =  *((intOrPtr*)(_t479 + 0x24)) + 8;
									__eflags = _t393;
									while(1) {
										_t455 =  *(_t479 - 0x20);
										__eflags = _t451;
										if(_t451 != 0) {
											_t443 =  *((intOrPtr*)(_t393 + 4));
										} else {
											_t443 = 0;
										}
										_t445 = (_t443 & 0x000000ff) - 1;
										__eflags = _t445;
										if(_t445 == 0) {
											_t421 =  *_t393;
											 *(_t479 - 0x44) =  *(_t479 - 0x44) +  *_t393;
											_t101 = _t479 - 0x50;
											 *_t101 =  *(_t479 - 0x50) + 1;
											__eflags =  *_t101;
										} else {
											__eflags = _t445 == 1;
											if(_t445 == 1) {
												 *(_t479 - 0x54) =  *(_t393 - 8);
												_t448 =  *_t393 & 0x0000ffff;
												 *(_t479 - 0x60) = _t448;
												_t421 = (_t448 & 0x0000ffff) + 0x0000000f & 0xfffffff8;
												__eflags = _t421;
											} else {
												_t421 =  *_t393;
											}
											 *(_t479 - 0x20) =  *(_t479 - 0x20) + _t421;
										}
										__eflags =  *(_t479 - 0x20) - _t455;
										if( *(_t479 - 0x20) < _t455) {
											break;
										}
										 *(_t479 - 0x28) =  *(_t479 - 0x28) + 1;
										_t393 = _t393 + 0x10;
										_t421 =  *(_t479 - 0x28);
										__eflags = _t421 -  *(_t479 + 0x20);
										if(_t421 >=  *(_t479 + 0x20)) {
											goto L43;
										}
									}
									 *(_t479 - 0x40) = 0x216;
									goto L43;
								}
							}
							__eflags = _t417 | _t451;
							if((_t417 | _t451) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t414;
						if(_t414 != 0) {
							goto L86;
						}
						goto L10;
						L86:
						 *(_t479 - 0x38) =  *(_t479 - 0x38) + 1;
						_t463 =  &(_t463[0xc]);
						 *(_t479 - 0x68) = _t463;
						__eflags =  *(_t479 - 0x38) - 4;
						if( *(_t479 - 0x38) >= 4) {
							goto L93;
						}
						_t455 = 0;
						__eflags = 0;
					}
				} else {
					_push(0x57);
					L94:
					return E00726F58(_t414, _t455, _t463);
				}
			}

0x007a0404
0x007a0404
0x007a0409
0x007a040e
0x007a0413
0x007a0415
0x007a0418
0x007a041b
0x007a041e
0x007a0421
0x007a0427
0x007a0431
0x007a0447
0x007a0449
0x007a044b
0x007a0450
0x007a0455
0x007a0457
0x007a0459
0x007a0461
0x007a0466
0x007a046b
0x007a046e
0x007a047d
0x007a047d
0x007a0457
0x007a04ad
0x007a04b3
0x007a04b6
0x007a04bd
0x007a04bd
0x007a04c0
0x007a04c3
0x007a04c8
0x007a04c9
0x007a04cc
0x007a04cf
0x007a04d3
0x007a04d7
0x007a04db
0x007a04de
0x007a04e1
0x007a04e4
0x007a04e7
0x007a04ea
0x007a04ed
0x007a04f0
0x007a04f4
0x00000000
0x00000000
0x007a04fa
0x007a04fd
0x007a0500
0x007a050a
0x007a050c
0x007a050f
0x007a0511
0x007a0519
0x007a0521
0x007a0523
0x007a0525
0x00000000
0x00000000
0x007a052b
0x007a0535
0x007a0537
0x007a0539
0x00000000
0x00000000
0x007a053f
0x007a0542
0x00000000
0x00000000
0x007a0548
0x007a054e
0x007a0559
0x007a055a
0x007a055e
0x007a0562
0x007a0564
0x007a0564
0x007a056b
0x007a056e
0x007a0573
0x007a0574
0x007a0576
0x007a057b
0x007a057c
0x007a057e
0x007a0583
0x007a0586
0x007a058b
0x007a0590
0x007a0591
0x007a0592
0x007a0599
0x007a0599
0x007a059c
0x007a05a0
0x007a05a5
0x007a05a6
0x007a05b1
0x007a05b2
0x007a05b4
0x007a05bc
0x007a05bf
0x007a05c2
0x007a05c7
0x007a05d1
0x007a05d7
0x007a05da
0x007a05de
0x007a05e0
0x007a05e7
0x007a05e7
0x007a05e7
0x007a05e7
0x007a05de
0x007a05a0
0x007a05ea
0x007a05ee
0x007a05f1
0x007a05f3
0x007a05f5
0x007a05f9
0x007a05fb
0x007a0603
0x007a0603
0x007a0603
0x007a0603
0x007a05f9
0x007a0608
0x007a060a
0x007a060c
0x007a060e
0x007a0612
0x007a0612
0x007a0612
0x007a0612
0x007a061f
0x007a0621
0x007a0625
0x007a0629
0x007a0695
0x007a0695
0x007a0699
0x007a06a5
0x007a06a5
0x007a06a5
0x007a06a5
0x007a06a8
0x007a06ac
0x007a0a48
0x007a0a55
0x007a0a59
0x00000000
0x007a06b2
0x007a06b5
0x007a06bb
0x007a06c1
0x007a06c4
0x007a06c6
0x007a0a41
0x007a0a41
0x00000000
0x007a0a41
0x007a06cc
0x007a06d2
0x00000000
0x00000000
0x007a06e2
0x007a06f7
0x007a06f9
0x007a06fb
0x007a0a14
0x007a0a17
0x007a0a1c
0x007a0a2d
0x007a0a30
0x007a0a32
0x007a0a3c
0x007a0a1e
0x007a0a1e
0x007a0a1e
0x00000000
0x007a0a1c
0x007a0703
0x007a0705
0x007a070b
0x007a0711
0x007a0718
0x007a0720
0x007a0728
0x007a0730
0x007a073a
0x007a073b
0x007a073c
0x007a073d
0x007a0744
0x007a0745
0x007a0746
0x007a0747
0x007a074b
0x007a074b
0x007a074e
0x007a0750
0x007a0759
0x007a0759
0x007a075f
0x007a0760
0x007a0761
0x007a0762
0x007a0766
0x007a0768
0x007a076a
0x007a076a
0x007a076f
0x007a0770
0x007a0776
0x007a077c
0x007a077d
0x007a0783
0x007a0787
0x007a0787
0x007a078a
0x007a078b
0x007a078c
0x007a078d
0x007a078e
0x007a078e
0x007a078e
0x007a0793
0x007a079a
0x007a079a
0x007a079d
0x007a07a1
0x007a07a6
0x007a07a9
0x007a07ac
0x007a07b1
0x007a07b2
0x007a07ba
0x007a07c0
0x007a07ce
0x007a07d2
0x007a07d7
0x007a07da
0x007a07e2
0x007a07e5
0x007a07e8
0x007a07ea
0x007a07ec
0x007a07ec
0x007a07ec
0x007a07ec
0x007a07f1
0x007a07f1
0x007a07f4
0x007a07f8
0x007a07fd
0x007a0801
0x007a0802
0x007a0807
0x007a0808
0x007a080e
0x007a080f
0x007a0815
0x007a0829
0x007a082c
0x007a0831
0x007a0835
0x007a0838
0x007a083a
0x007a083c
0x007a083c
0x007a083c
0x007a083c
0x007a0841
0x007a0841
0x007a0844
0x007a0848
0x007a084d
0x007a0850
0x007a0859
0x007a085e
0x007a0861
0x007a0866
0x007a0869
0x007a086c
0x007a086e
0x007a0870
0x007a0870
0x007a0870
0x007a0870
0x007a0875
0x007a0875
0x007a0878
0x007a087c
0x007a0881
0x007a0884
0x007a088a
0x007a088f
0x007a0894
0x007a0895
0x007a0899
0x007a089d
0x007a089f
0x007a08ab
0x007a08ae
0x007a08ae
0x007a08b4
0x007a08bc
0x007a08ce
0x007a08d3
0x007a08d6
0x007a08de
0x007a08e1
0x007a08e4
0x007a08e6
0x007a08e8
0x007a08e8
0x007a08e8
0x007a08e8
0x007a08ed
0x007a08ed
0x007a08f0
0x007a08f4
0x007a08f9
0x007a08fc
0x007a0907
0x007a090c
0x007a090d
0x007a0914
0x007a091a
0x007a091e
0x007a091e
0x007a0921
0x007a0935
0x007a093a
0x007a093d
0x007a0945
0x007a0948
0x007a094b
0x007a094d
0x007a094f
0x007a094f
0x007a094f
0x007a094f
0x007a094d
0x007a0954
0x007a0957
0x007a0959
0x007a09b8
0x007a09bb
0x007a09c1
0x007a09c4
0x007a09c7
0x007a09cb
0x007a09db
0x007a09dd
0x007a09e0
0x007a09cd
0x007a09d0
0x007a09d6
0x007a09d6
0x007a09e9
0x007a09e9
0x007a09ef
0x007a09f4
0x007a09f7
0x00000000
0x007a095b
0x007a095e
0x007a095e
0x007a0961
0x007a0964
0x007a0964
0x007a0967
0x007a096d
0x007a0970
0x007a0973
0x007a097a
0x007a0980
0x007a097c
0x007a097c
0x007a097c
0x007a0985
0x007a0985
0x007a0986
0x007a09a5
0x007a09aa
0x007a09ad
0x007a09ad
0x007a09ad
0x007a0988
0x007a0988
0x007a0989
0x007a0990
0x007a0996
0x007a099b
0x007a099b
0x007a0989
0x007a09b0
0x007a09b3
0x007a09b3
0x007a09b3
0x007a09b3
0x00000000
0x007a0964
0x007a0959
0x007a062b
0x007a0631
0x007a0637
0x007a0637
0x007a063a
0x007a063a
0x007a063d
0x007a063f
0x007a0645
0x007a0641
0x007a0641
0x007a0641
0x007a064b
0x007a064b
0x007a064c
0x007a066f
0x007a0672
0x007a0676
0x007a0676
0x007a0676
0x007a064e
0x007a064e
0x007a064f
0x007a0658
0x007a065b
0x007a065e
0x007a0667
0x007a0667
0x007a0651
0x007a0651
0x007a0651
0x007a066a
0x007a066a
0x007a0679
0x007a067c
0x00000000
0x00000000
0x007a067e
0x007a0681
0x007a0684
0x007a0687
0x007a068a
0x00000000
0x00000000
0x007a068c
0x007a068e
0x00000000
0x007a068e
0x007a0629
0x007a0515
0x007a0517
0x00000000
0x00000000
0x00000000
0x007a0517
0x007a0502
0x007a0504
0x00000000
0x00000000
0x00000000
0x007a09fa
0x007a09fa
0x007a09fd
0x007a0a00
0x007a0a03
0x007a0a07
0x00000000
0x00000000
0x007a04bb
0x007a04bb
0x007a04bb
0x007a0433
0x007a0433
0x007a0a5c
0x007a0a67
0x007a0a67

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a27e991ac8aafdfae43e449b1843716068b44f01e1a78e28f1d8052b21ff38bd
Instruction ID: 7569e2ef87b51e30063cd5d397b6b444edd13a05c42cfe04c31e8d05cca3939a
Opcode Fuzzy Hash: a27e991ac8aafdfae43e449b1843716068b44f01e1a78e28f1d8052b21ff38bd
Instruction Fuzzy Hash: 05227C71D00218CFDF14CF98C844AEDBBF0FF8A314F158659E849AB291D379A885CB94

Uniqueness

Uniqueness Score: 0.00%

Function 007036AC, Relevance: .5, Instructions: 528
COMMONCrypto

C-Code - Quality: 99%

			E007036AC(signed int _a4, signed int _a8, intOrPtr _a12) {
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				intOrPtr _t984;
				void* _t986;
				void* _t989;
				signed char _t994;
				void* _t1075;
				void* _t1077;
				void* _t1078;
				void* _t1080;

				_t984 = _a12;
				if(_t984 == 0) {
					return 0;
				} else {
					__eax = __eax - 1;
					if(__eax == 0) {
						__eax = _a4;
						__ecx = _a8;
						__eax =  *_a4 & 0x000000ff;
						__ecx =  *_a8 & 0x000000ff;
						L393:
						__eax = __eax - __ecx;
						if(__eax == 0) {
							L434:
							return __eax;
						}
						0 = 0 | __eax > 0x00000000;
						__ecx = (__eax > 0) + (__eax > 0) - 1;
						__eax = __ecx;
						return __ecx;
					}
					__eax = __eax - 1;
					if(__eax == 0) {
						__ecx = _a4;
						__esi = _a8;
						__eax =  *__ecx & 0x000000ff;
						__edx =  *__esi & 0x000000ff;
						__eax = ( *__ecx & 0x000000ff) - ( *__esi & 0x000000ff);
						if(__eax == 0) {
							L402:
							__eax =  *(__ecx + 1) & 0x000000ff;
							__ecx =  *(__esi + 1) & 0x000000ff;
							goto L393;
						}
						0 = 0 | __eax > 0x00000000;
						__edx = (__eax > 0) + (__eax > 0) - 1;
						__eax = (__eax > 0) + (__eax > 0) - 1;
						if(__eax != 0) {
							goto L434;
						}
						goto L402;
					}
					__eax = __eax - 1;
					if(__eax == 0) {
						__ecx = _a4;
						__esi = _a8;
						__eax =  *__ecx & 0x000000ff;
						__edx =  *__esi & 0x000000ff;
						__eax = ( *__ecx & 0x000000ff) - ( *__esi & 0x000000ff);
						if(__eax == 0) {
							L397:
							__eax =  *(__ecx + 1) & 0x000000ff;
							__edx =  *(__esi + 1) & 0x000000ff;
							__eax = ( *(__ecx + 1) & 0x000000ff) - ( *(__esi + 1) & 0x000000ff);
							if(__eax == 0) {
								L399:
								__eax =  *(__ecx + 2) & 0x000000ff;
								__ecx =  *(__esi + 2) & 0x000000ff;
								goto L393;
							}
							0 = 0 | __eax > 0x00000000;
							__edx = (__eax > 0) + (__eax > 0) - 1;
							__eax = (__eax > 0) + (__eax > 0) - 1;
							if(__eax != 0) {
								goto L434;
							}
							goto L399;
						}
						0 = 0 | __eax > 0x00000000;
						__edx = (__eax > 0) + (__eax > 0) - 1;
						__eax = (__eax > 0) + (__eax > 0) - 1;
						if(__eax != 0) {
							goto L434;
						}
						goto L397;
					}
					if(__eax == 0) {
						__ecx = _a4;
						__esi = _a8;
						__eax =  *__ecx & 0x000000ff;
						__edx =  *__esi & 0x000000ff;
						__eax = ( *__ecx & 0x000000ff) - ( *__esi & 0x000000ff);
						if(__eax == 0) {
							L388:
							__eax =  *(__ecx + 1) & 0x000000ff;
							__edx =  *(__esi + 1) & 0x000000ff;
							__eax = ( *(__ecx + 1) & 0x000000ff) - ( *(__esi + 1) & 0x000000ff);
							if(__eax == 0) {
								L390:
								__eax =  *(__ecx + 2) & 0x000000ff;
								__edx =  *(__esi + 2) & 0x000000ff;
								__eax = ( *(__ecx + 2) & 0x000000ff) - ( *(__esi + 2) & 0x000000ff);
								if(__eax == 0) {
									L392:
									__eax =  *(__ecx + 3) & 0x000000ff;
									__ecx =  *(__esi + 3) & 0x000000ff;
									goto L393;
								}
								0 = 0 | __eax > 0x00000000;
								__edx = (__eax > 0) + (__eax > 0) - 1;
								__eax = (__eax > 0) + (__eax > 0) - 1;
								if(__eax != 0) {
									goto L434;
								}
								goto L392;
							}
							0 = 0 | __eax > 0x00000000;
							__edx = (__eax > 0) + (__eax > 0) - 1;
							__eax = (__eax > 0) + (__eax > 0) - 1;
							if(__eax != 0) {
								goto L434;
							}
							goto L390;
						}
						0 = 0 | __eax > 0x00000000;
						__edx = (__eax > 0) + (__eax > 0) - 1;
						__eax = (__eax > 0) + (__eax > 0) - 1;
						if(__eax != 0) {
							goto L434;
						}
						goto L388;
					}
					__ecx = _a8;
					__eax = _a4;
					_push(__ebx);
					__edx = 0x20;
					while(__edi >= __edx) {
						__esi =  *__eax;
						if( *__eax ==  *__ecx) {
							__esi = 0;
							L17:
							if(__esi != 0) {
								L432:
								_t986 = _t1078;
								L433:
								return _t986;
							}
							__esi =  *(__eax + 4);
							if( *(__eax + 4) ==  *(__ecx + 4)) {
								__esi = 0;
								L28:
								if(__esi != 0) {
									goto L432;
								}
								__esi =  *(__eax + 8);
								if( *(__eax + 8) ==  *(__ecx + 8)) {
									__esi = 0;
									L39:
									if(__esi != 0) {
										goto L432;
									}
									__esi =  *(__eax + 0xc);
									if( *(__eax + 0xc) ==  *(__ecx + 0xc)) {
										__esi = 0;
										L50:
										if(__esi != 0) {
											goto L432;
										}
										__esi =  *(__eax + 0x10);
										if( *(__eax + 0x10) ==  *(__ecx + 0x10)) {
											__esi = 0;
											L61:
											if(__esi != 0) {
												goto L432;
											}
											__esi =  *(__eax + 0x14);
											if( *(__eax + 0x14) ==  *(__ecx + 0x14)) {
												__esi = 0;
												L72:
												if(__esi != 0) {
													goto L432;
												}
												__esi =  *(__eax + 0x18);
												if( *(__eax + 0x18) ==  *(__ecx + 0x18)) {
													__esi = 0;
													L83:
													if(__esi != 0) {
														goto L432;
													}
													__esi =  *(__eax + 0x1c);
													if( *(__eax + 0x1c) ==  *(__ecx + 0x1c)) {
														__esi = 0;
														L94:
														if(__esi != 0) {
															goto L432;
														} else {
															__eax = __eax + __edx;
															__ecx = __ecx + __edx;
															__edi = __edi - __edx;
															continue;
														}
													}
													__esi =  *(__eax + 0x1c) & 0x000000ff;
													__ebx =  *(__ecx + 0x1c) & 0x000000ff;
													__esi = ( *(__eax + 0x1c) & 0x000000ff) - ( *(__ecx + 0x1c) & 0x000000ff);
													if(__esi == 0) {
														L87:
														__esi =  *(__eax + 0x1d) & 0x000000ff;
														__ebx =  *(__ecx + 0x1d) & 0x000000ff;
														__esi = ( *(__eax + 0x1d) & 0x000000ff) - ( *(__ecx + 0x1d) & 0x000000ff);
														if(__esi == 0) {
															L89:
															__esi =  *(__eax + 0x1e) & 0x000000ff;
															__ebx =  *(__ecx + 0x1e) & 0x000000ff;
															__esi = ( *(__eax + 0x1e) & 0x000000ff) - ( *(__ecx + 0x1e) & 0x000000ff);
															if(__esi == 0) {
																L91:
																__esi =  *(__eax + 0x1f) & 0x000000ff;
																__ebx =  *(__ecx + 0x1f) & 0x000000ff;
																__esi = ( *(__eax + 0x1f) & 0x000000ff) - ( *(__ecx + 0x1f) & 0x000000ff);
																if(__esi != 0) {
																	0 = 0 | __esi > 0x00000000;
																	__ebx = (__esi > 0) + (__esi > 0) - 1;
																	__esi = (__esi > 0) + (__esi > 0) - 1;
																}
																goto L94;
															}
															0 = 0 | __esi > 0x00000000;
															__ebx = (__esi > 0) + (__esi > 0) - 1;
															__esi = __ebx;
															if(__ebx != 0) {
																goto L432;
															}
															goto L91;
														}
														0 = 0 | __esi > 0x00000000;
														__ebx = (__esi > 0) + (__esi > 0) - 1;
														__esi = __ebx;
														if(__ebx != 0) {
															goto L432;
														}
														goto L89;
													}
													0 = 0 | __esi > 0x00000000;
													__ebx = (__esi > 0) + (__esi > 0) - 1;
													__esi = __ebx;
													if(__ebx != 0) {
														goto L432;
													}
													goto L87;
												}
												__esi =  *(__eax + 0x18) & 0x000000ff;
												__ebx =  *(__ecx + 0x18) & 0x000000ff;
												__esi = ( *(__eax + 0x18) & 0x000000ff) - ( *(__ecx + 0x18) & 0x000000ff);
												if(__esi == 0) {
													L76:
													__esi =  *(__eax + 0x19) & 0x000000ff;
													__ebx =  *(__ecx + 0x19) & 0x000000ff;
													__esi = ( *(__eax + 0x19) & 0x000000ff) - ( *(__ecx + 0x19) & 0x000000ff);
													if(__esi == 0) {
														L78:
														__esi =  *(__eax + 0x1a) & 0x000000ff;
														__ebx =  *(__ecx + 0x1a) & 0x000000ff;
														__esi = ( *(__eax + 0x1a) & 0x000000ff) - ( *(__ecx + 0x1a) & 0x000000ff);
														if(__esi == 0) {
															L80:
															__esi =  *(__eax + 0x1b) & 0x000000ff;
															__ebx =  *(__ecx + 0x1b) & 0x000000ff;
															__esi = ( *(__eax + 0x1b) & 0x000000ff) - ( *(__ecx + 0x1b) & 0x000000ff);
															if(__esi != 0) {
																0 = 0 | __esi > 0x00000000;
																__ebx = (__esi > 0) + (__esi > 0) - 1;
																__esi = (__esi > 0) + (__esi > 0) - 1;
															}
															goto L83;
														}
														0 = 0 | __esi > 0x00000000;
														__ebx = (__esi > 0) + (__esi > 0) - 1;
														__esi = __ebx;
														if(__ebx != 0) {
															goto L432;
														}
														goto L80;
													}
													0 = 0 | __esi > 0x00000000;
													__ebx = (__esi > 0) + (__esi > 0) - 1;
													__esi = __ebx;
													if(__ebx != 0) {
														goto L432;
													}
													goto L78;
												}
												0 = 0 | __esi > 0x00000000;
												__ebx = (__esi > 0) + (__esi > 0) - 1;
												__esi = __ebx;
												if(__ebx != 0) {
													goto L432;
												}
												goto L76;
											}
											__esi =  *(__eax + 0x14) & 0x000000ff;
											__ebx =  *(__ecx + 0x14) & 0x000000ff;
											__esi = ( *(__eax + 0x14) & 0x000000ff) - ( *(__ecx + 0x14) & 0x000000ff);
											if(__esi == 0) {
												L65:
												__esi =  *(__eax + 0x15) & 0x000000ff;
												__ebx =  *(__ecx + 0x15) & 0x000000ff;
												__esi = ( *(__eax + 0x15) & 0x000000ff) - ( *(__ecx + 0x15) & 0x000000ff);
												if(__esi == 0) {
													L67:
													__esi =  *(__eax + 0x16) & 0x000000ff;
													__ebx =  *(__ecx + 0x16) & 0x000000ff;
													__esi = ( *(__eax + 0x16) & 0x000000ff) - ( *(__ecx + 0x16) & 0x000000ff);
													if(__esi == 0) {
														L69:
														__esi =  *(__eax + 0x17) & 0x000000ff;
														__ebx =  *(__ecx + 0x17) & 0x000000ff;
														__esi = ( *(__eax + 0x17) & 0x000000ff) - ( *(__ecx + 0x17) & 0x000000ff);
														if(__esi != 0) {
															0 = 0 | __esi > 0x00000000;
															__ebx = (__esi > 0) + (__esi > 0) - 1;
															__esi = (__esi > 0) + (__esi > 0) - 1;
														}
														goto L72;
													}
													0 = 0 | __esi > 0x00000000;
													__ebx = (__esi > 0) + (__esi > 0) - 1;
													__esi = __ebx;
													if(__ebx != 0) {
														goto L432;
													}
													goto L69;
												}
												0 = 0 | __esi > 0x00000000;
												__ebx = (__esi > 0) + (__esi > 0) - 1;
												__esi = __ebx;
												if(__ebx != 0) {
													goto L432;
												}
												goto L67;
											}
											0 = 0 | __esi > 0x00000000;
											__ebx = (__esi > 0) + (__esi > 0) - 1;
											__esi = __ebx;
											if(__ebx != 0) {
												goto L432;
											}
											goto L65;
										}
										__ebx =  *(__ecx + 0x10) & 0x000000ff;
										__esi =  *(__eax + 0x10) & 0x000000ff;
										__esi = ( *(__eax + 0x10) & 0x000000ff) - ( *(__ecx + 0x10) & 0x000000ff);
										if(__esi == 0) {
											L54:
											__esi =  *(__eax + 0x11) & 0x000000ff;
											__ebx =  *(__ecx + 0x11) & 0x000000ff;
											__esi = ( *(__eax + 0x11) & 0x000000ff) - ( *(__ecx + 0x11) & 0x000000ff);
											if(__esi == 0) {
												L56:
												__esi =  *(__eax + 0x12) & 0x000000ff;
												__ebx =  *(__ecx + 0x12) & 0x000000ff;
												__esi = ( *(__eax + 0x12) & 0x000000ff) - ( *(__ecx + 0x12) & 0x000000ff);
												if(__esi == 0) {
													L58:
													__esi =  *(__eax + 0x13) & 0x000000ff;
													__ebx =  *(__ecx + 0x13) & 0x000000ff;
													__esi = ( *(__eax + 0x13) & 0x000000ff) - ( *(__ecx + 0x13) & 0x000000ff);
													if(__esi != 0) {
														0 = 0 | __esi > 0x00000000;
														__ebx = (__esi > 0) + (__esi > 0) - 1;
														__esi = (__esi > 0) + (__esi > 0) - 1;
													}
													goto L61;
												}
												0 = 0 | __esi > 0x00000000;
												__ebx = (__esi > 0) + (__esi > 0) - 1;
												__esi = __ebx;
												if(__ebx != 0) {
													goto L432;
												}
												goto L58;
											}
											0 = 0 | __esi > 0x00000000;
											__ebx = (__esi > 0) + (__esi > 0) - 1;
											__esi = __ebx;
											if(__ebx != 0) {
												goto L432;
											}
											goto L56;
										}
										0 = 0 | __esi > 0x00000000;
										__ebx = (__esi > 0) + (__esi > 0) - 1;
										__esi = __ebx;
										if(__ebx != 0) {
											goto L432;
										}
										goto L54;
									}
									__esi =  *(__eax + 0xc) & 0x000000ff;
									__ebx =  *(__ecx + 0xc) & 0x000000ff;
									__esi = ( *(__eax + 0xc) & 0x000000ff) - ( *(__ecx + 0xc) & 0x000000ff);
									if(__esi == 0) {
										L43:
										__esi =  *(__eax + 0xd) & 0x000000ff;
										__ebx =  *(__ecx + 0xd) & 0x000000ff;
										__esi = ( *(__eax + 0xd) & 0x000000ff) - ( *(__ecx + 0xd) & 0x000000ff);
										if(__esi == 0) {
											L45:
											__esi =  *(__eax + 0xe) & 0x000000ff;
											__ebx =  *(__ecx + 0xe) & 0x000000ff;
											__esi = ( *(__eax + 0xe) & 0x000000ff) - ( *(__ecx + 0xe) & 0x000000ff);
											if(__esi == 0) {
												L47:
												__esi =  *(__eax + 0xf) & 0x000000ff;
												__ebx =  *(__ecx + 0xf) & 0x000000ff;
												__esi = ( *(__eax + 0xf) & 0x000000ff) - ( *(__ecx + 0xf) & 0x000000ff);
												if(__esi != 0) {
													0 = 0 | __esi > 0x00000000;
													__ebx = (__esi > 0) + (__esi > 0) - 1;
													__esi = (__esi > 0) + (__esi > 0) - 1;
												}
												goto L50;
											}
											0 = 0 | __esi > 0x00000000;
											__ebx = (__esi > 0) + (__esi > 0) - 1;
											__esi = __ebx;
											if(__ebx != 0) {
												goto L432;
											}
											goto L47;
										}
										0 = 0 | __esi > 0x00000000;
										__ebx = (__esi > 0) + (__esi > 0) - 1;
										__esi = __ebx;
										if(__ebx != 0) {
											goto L432;
										}
										goto L45;
									}
									0 = 0 | __esi > 0x00000000;
									__ebx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __ebx;
									if(__ebx != 0) {
										goto L432;
									}
									goto L43;
								}
								__esi =  *(__eax + 8) & 0x000000ff;
								__ebx =  *(__ecx + 8) & 0x000000ff;
								__esi = ( *(__eax + 8) & 0x000000ff) - ( *(__ecx + 8) & 0x000000ff);
								if(__esi == 0) {
									L32:
									__esi =  *(__eax + 9) & 0x000000ff;
									__ebx =  *(__ecx + 9) & 0x000000ff;
									__esi = ( *(__eax + 9) & 0x000000ff) - ( *(__ecx + 9) & 0x000000ff);
									if(__esi == 0) {
										L34:
										__esi =  *(__eax + 0xa) & 0x000000ff;
										__ebx =  *(__ecx + 0xa) & 0x000000ff;
										__esi = ( *(__eax + 0xa) & 0x000000ff) - ( *(__ecx + 0xa) & 0x000000ff);
										if(__esi == 0) {
											L36:
											__esi =  *(__eax + 0xb) & 0x000000ff;
											__ebx =  *(__ecx + 0xb) & 0x000000ff;
											__esi = ( *(__eax + 0xb) & 0x000000ff) - ( *(__ecx + 0xb) & 0x000000ff);
											if(__esi != 0) {
												0 = 0 | __esi > 0x00000000;
												__ebx = (__esi > 0) + (__esi > 0) - 1;
												__esi = (__esi > 0) + (__esi > 0) - 1;
											}
											goto L39;
										}
										0 = 0 | __esi > 0x00000000;
										__ebx = (__esi > 0) + (__esi > 0) - 1;
										__esi = __ebx;
										if(__ebx != 0) {
											goto L432;
										}
										goto L36;
									}
									0 = 0 | __esi > 0x00000000;
									__ebx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __ebx;
									if(__ebx != 0) {
										goto L432;
									}
									goto L34;
								}
								0 = 0 | __esi > 0x00000000;
								__ebx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __ebx;
								if(__ebx != 0) {
									goto L432;
								}
								goto L32;
							}
							__esi =  *(__eax + 4) & 0x000000ff;
							__ebx =  *(__ecx + 4) & 0x000000ff;
							__esi = ( *(__eax + 4) & 0x000000ff) - ( *(__ecx + 4) & 0x000000ff);
							if(__esi == 0) {
								L21:
								__esi =  *(__eax + 5) & 0x000000ff;
								__ebx =  *(__ecx + 5) & 0x000000ff;
								__esi = ( *(__eax + 5) & 0x000000ff) - ( *(__ecx + 5) & 0x000000ff);
								if(__esi == 0) {
									L23:
									__esi =  *(__eax + 6) & 0x000000ff;
									__ebx =  *(__ecx + 6) & 0x000000ff;
									__esi = ( *(__eax + 6) & 0x000000ff) - ( *(__ecx + 6) & 0x000000ff);
									if(__esi == 0) {
										L25:
										__esi =  *(__eax + 7) & 0x000000ff;
										__ebx =  *(__ecx + 7) & 0x000000ff;
										__esi = ( *(__eax + 7) & 0x000000ff) - ( *(__ecx + 7) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__ebx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L28;
									}
									0 = 0 | __esi > 0x00000000;
									__ebx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __ebx;
									if(__ebx != 0) {
										goto L432;
									}
									goto L25;
								}
								0 = 0 | __esi > 0x00000000;
								__ebx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __ebx;
								if(__ebx != 0) {
									goto L432;
								}
								goto L23;
							}
							0 = 0 | __esi > 0x00000000;
							__ebx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __ebx;
							if(__ebx != 0) {
								goto L432;
							}
							goto L21;
						}
						__esi =  *__eax & 0x000000ff;
						__ebx =  *__ecx & 0x000000ff;
						__esi = ( *__eax & 0x000000ff) - ( *__ecx & 0x000000ff);
						if(__esi == 0) {
							L10:
							__esi =  *(__eax + 1) & 0x000000ff;
							__ebx =  *(__ecx + 1) & 0x000000ff;
							__esi = ( *(__eax + 1) & 0x000000ff) - ( *(__ecx + 1) & 0x000000ff);
							if(__esi == 0) {
								L12:
								__esi =  *(__eax + 2) & 0x000000ff;
								__ebx =  *(__ecx + 2) & 0x000000ff;
								__esi = ( *(__eax + 2) & 0x000000ff) - ( *(__ecx + 2) & 0x000000ff);
								if(__esi == 0) {
									L14:
									__esi =  *(__eax + 3) & 0x000000ff;
									__ebx =  *(__ecx + 3) & 0x000000ff;
									__esi = ( *(__eax + 3) & 0x000000ff) - ( *(__ecx + 3) & 0x000000ff);
									if(__esi != 0) {
										0 = 0 | __esi > 0x00000000;
										__ebx = (__esi > 0) + (__esi > 0) - 1;
										__esi = (__esi > 0) + (__esi > 0) - 1;
									}
									goto L17;
								}
								0 = 0 | __esi > 0x00000000;
								__ebx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __ebx;
								if(__ebx != 0) {
									goto L432;
								}
								goto L14;
							}
							0 = 0 | __esi > 0x00000000;
							__ebx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __ebx;
							if(__ebx != 0) {
								goto L432;
							}
							goto L12;
						}
						0 = 0 | __esi > 0x00000000;
						__ebx = (__esi > 0) + (__esi > 0) - 1;
						__esi = __ebx;
						if(__ebx != 0) {
							goto L432;
						}
						goto L10;
					}
					__eax = __eax + __edi;
					__ecx = __ecx + __edi;
					if(__edi > 0x1f) {
						L409:
						_t986 = 0;
						goto L433;
					}
					switch( *((intOrPtr*)(__edi * 4 +  &M00703600))) {
						case 0:
							goto L409;
						case 1:
							L223:
							__ecx =  *(__ecx - 1) & 0x000000ff;
							__eax =  *(__eax - 1) & 0x000000ff;
							__eax = __eax - __ecx;
							if(__eax != 0) {
								0 = 0 | __eax > 0x00000000;
								__ecx = (__eax > 0) + (__eax > 0) - 1;
								__eax = (__eax > 0) + (__eax > 0) - 1;
							}
							goto L433;
						case 2:
							L302:
							if( *(__eax - 2) ==  *(__ecx - 2)) {
								goto L409;
							}
							goto L303;
						case 3:
							L383:
							__esi =  *(__eax - 3) & 0x000000ff;
							__edx =  *(__ecx - 3) & 0x000000ff;
							__esi = ( *(__eax - 3) & 0x000000ff) - ( *(__ecx - 3) & 0x000000ff);
							if(__esi == 0) {
								L303:
								__edx =  *(__ecx - 2) & 0x000000ff;
								__esi =  *(__eax - 2) & 0x000000ff;
								__esi = ( *(__eax - 2) & 0x000000ff) - ( *(__ecx - 2) & 0x000000ff);
								if(__esi == 0) {
									goto L223;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								if(__edx == 0) {
									goto L223;
								}
								L385:
								__eax = __edx;
								goto L433;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							if(__edx == 0) {
								goto L303;
							}
							goto L385;
						case 4:
							L406:
							_t1019 =  *(_t984 - 4);
							if(_t1019 !=  *(_t989 - 4)) {
								_t1097 = (_t1019 & 0x000000ff) - ( *(_t989 - 4) & 0x000000ff);
								if(_t1097 == 0) {
									L139:
									_t1099 = ( *(_t984 - 3) & 0x000000ff) - ( *(_t989 - 3) & 0x000000ff);
									if(_t1099 == 0) {
										L141:
										_t1101 = ( *(_t984 - 2) & 0x000000ff) - ( *(_t989 - 2) & 0x000000ff);
										if(_t1101 == 0) {
											L144:
											_t986 = ( *(_t984 - 1) & 0x000000ff) - ( *(_t989 - 1) & 0x000000ff);
											if(_t986 != 0) {
												_t986 = (0 | _t986 > 0x00000000) + (0 | _t986 > 0x00000000) - 1;
											}
											L408:
											if(_t986 != 0) {
												goto L433;
											}
											goto L409;
										}
										_t1025 = (0 | _t1101 > 0x00000000) + (0 | _t1101 > 0x00000000) - 1;
										if(_t1025 == 0) {
											goto L144;
										}
										L143:
										_t986 = _t1025;
										goto L408;
									}
									_t1025 = (0 | _t1099 > 0x00000000) + (0 | _t1099 > 0x00000000) - 1;
									if(_t1025 != 0) {
										goto L143;
									}
									goto L141;
								}
								_t1025 = (0 | _t1097 > 0x00000000) + (0 | _t1097 > 0x00000000) - 1;
								if(_t1025 != 0) {
									goto L143;
								}
								goto L139;
							}
							_t986 = 0;
							goto L408;
						case 5:
							L212:
							__edx =  *(__eax - 5);
							if( *(__eax - 5) ==  *(__ecx - 5)) {
								__esi = 0;
								L222:
								if(__esi != 0) {
									goto L432;
								}
								goto L223;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 5) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 5) & 0x000000ff);
							if(__esi == 0) {
								L215:
								__esi =  *(__eax - 4) & 0x000000ff;
								__edx =  *(__ecx - 4) & 0x000000ff;
								__esi = ( *(__eax - 4) & 0x000000ff) - ( *(__ecx - 4) & 0x000000ff);
								if(__esi == 0) {
									L217:
									__esi =  *(__eax - 3) & 0x000000ff;
									__edx =  *(__ecx - 3) & 0x000000ff;
									__esi = ( *(__eax - 3) & 0x000000ff) - ( *(__ecx - 3) & 0x000000ff);
									if(__esi == 0) {
										L219:
										__esi =  *(__eax - 2) & 0x000000ff;
										__edx =  *(__ecx - 2) & 0x000000ff;
										__esi = ( *(__eax - 2) & 0x000000ff) - ( *(__ecx - 2) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L222;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L219;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L217;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L215;
						case 6:
							L291:
							__edx =  *(__eax - 6);
							if( *(__eax - 6) ==  *(__ecx - 6)) {
								__esi = 0;
								L301:
								if(__esi != 0) {
									goto L432;
								}
								goto L302;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 6) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 6) & 0x000000ff);
							if(__esi == 0) {
								L294:
								__esi =  *(__eax - 5) & 0x000000ff;
								__edx =  *(__ecx - 5) & 0x000000ff;
								__esi = ( *(__eax - 5) & 0x000000ff) - ( *(__ecx - 5) & 0x000000ff);
								if(__esi == 0) {
									L296:
									__esi =  *(__eax - 4) & 0x000000ff;
									__edx =  *(__ecx - 4) & 0x000000ff;
									__esi = ( *(__eax - 4) & 0x000000ff) - ( *(__ecx - 4) & 0x000000ff);
									if(__esi == 0) {
										L298:
										__esi =  *(__eax - 3) & 0x000000ff;
										__edx =  *(__ecx - 3) & 0x000000ff;
										__esi = ( *(__eax - 3) & 0x000000ff) - ( *(__ecx - 3) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L301;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L298;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L296;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L294;
						case 7:
							L372:
							__edx =  *(__eax - 7);
							if( *(__eax - 7) ==  *(__ecx - 7)) {
								__esi = 0;
								L382:
								if(__esi != 0) {
									goto L432;
								}
								goto L383;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 7) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 7) & 0x000000ff);
							if(__esi == 0) {
								L375:
								__esi =  *(__eax - 6) & 0x000000ff;
								__edx =  *(__ecx - 6) & 0x000000ff;
								__esi = ( *(__eax - 6) & 0x000000ff) - ( *(__ecx - 6) & 0x000000ff);
								if(__esi == 0) {
									L377:
									__esi =  *(__eax - 5) & 0x000000ff;
									__edx =  *(__ecx - 5) & 0x000000ff;
									__esi = ( *(__eax - 5) & 0x000000ff) - ( *(__ecx - 5) & 0x000000ff);
									if(__esi == 0) {
										L379:
										__esi =  *(__eax - 4) & 0x000000ff;
										__edx =  *(__ecx - 4) & 0x000000ff;
										__esi = ( *(__eax - 4) & 0x000000ff) - ( *(__ecx - 4) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L382;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L379;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L377;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L375;
						case 8:
							L427:
							_t1018 =  *(_t984 - 8);
							if(_t1018 ==  *(_t989 - 8)) {
								_t1078 = 0;
								L405:
								if(_t1078 != 0) {
									goto L432;
								}
								goto L406;
							}
							_t1103 = (_t1018 & 0x000000ff) - ( *(_t989 - 8) & 0x000000ff);
							if(_t1103 != 0) {
								_t1078 = (0 | _t1103 > 0x00000000) + (0 | _t1103 > 0x00000000) - 1;
								if(_t1078 != 0) {
									goto L432;
								}
							}
							_t1105 = ( *(_t984 - 7) & 0x000000ff) - ( *(_t989 - 7) & 0x000000ff);
							if(_t1105 != 0) {
								_t1078 = (0 | _t1105 > 0x00000000) + (0 | _t1105 > 0x00000000) - 1;
								if(_t1078 == 0) {
									goto L430;
								}
								goto L432;
							}
							L430:
							_t1107 = ( *(_t984 - 6) & 0x000000ff) - ( *(_t989 - 6) & 0x000000ff);
							if(_t1107 == 0) {
								L135:
								_t1078 = ( *(_t984 - 5) & 0x000000ff) - ( *(_t989 - 5) & 0x000000ff);
								if(_t1078 != 0) {
									_t1078 = (0 | _t1078 > 0x00000000) + (0 | _t1078 > 0x00000000) - 1;
								}
								goto L405;
							}
							_t1078 = (0 | _t1107 > 0x00000000) + (0 | _t1107 > 0x00000000) - 1;
							if(_t1078 == 0) {
								goto L135;
							}
							goto L432;
						case 9:
							L201:
							__edx =  *(__eax - 9);
							if( *(__eax - 9) ==  *(__ecx - 9)) {
								__esi = 0;
								L211:
								if(__esi != 0) {
									goto L432;
								}
								goto L212;
							}
							__edx =  *(__ecx - 9) & 0x000000ff;
							__esi =  *(__eax - 9) & 0x000000ff;
							__esi = ( *(__eax - 9) & 0x000000ff) - ( *(__ecx - 9) & 0x000000ff);
							if(__esi == 0) {
								L204:
								__esi =  *(__eax - 8) & 0x000000ff;
								__edx =  *(__ecx - 8) & 0x000000ff;
								__esi = ( *(__eax - 8) & 0x000000ff) - ( *(__ecx - 8) & 0x000000ff);
								if(__esi == 0) {
									L206:
									__esi =  *(__eax - 7) & 0x000000ff;
									__edx =  *(__ecx - 7) & 0x000000ff;
									__esi = ( *(__eax - 7) & 0x000000ff) - ( *(__ecx - 7) & 0x000000ff);
									if(__esi == 0) {
										L208:
										__esi =  *(__eax - 6) & 0x000000ff;
										__edx =  *(__ecx - 6) & 0x000000ff;
										__esi = ( *(__eax - 6) & 0x000000ff) - ( *(__ecx - 6) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L211;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L208;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L206;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L204;
						case 0xa:
							L280:
							__edx =  *(__eax - 0xa);
							if( *(__eax - 0xa) ==  *(__ecx - 0xa)) {
								__esi = 0;
								L290:
								if(__esi != 0) {
									goto L432;
								}
								goto L291;
							}
							__edx =  *(__ecx - 0xa) & 0x000000ff;
							__esi =  *(__eax - 0xa) & 0x000000ff;
							__esi = ( *(__eax - 0xa) & 0x000000ff) - ( *(__ecx - 0xa) & 0x000000ff);
							if(__esi == 0) {
								L283:
								__edx =  *(__ecx - 9) & 0x000000ff;
								__esi =  *(__eax - 9) & 0x000000ff;
								__esi = ( *(__eax - 9) & 0x000000ff) - ( *(__ecx - 9) & 0x000000ff);
								if(__esi == 0) {
									L285:
									__edx =  *(__ecx - 8) & 0x000000ff;
									__esi =  *(__eax - 8) & 0x000000ff;
									__esi = ( *(__eax - 8) & 0x000000ff) - ( *(__ecx - 8) & 0x000000ff);
									if(__esi == 0) {
										L287:
										__edx =  *(__ecx - 7) & 0x000000ff;
										__esi =  *(__eax - 7) & 0x000000ff;
										__esi = ( *(__eax - 7) & 0x000000ff) - ( *(__ecx - 7) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L290;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L287;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L285;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L283;
						case 0xb:
							L361:
							__edx =  *(__eax - 0xb);
							if( *(__eax - 0xb) ==  *(__ecx - 0xb)) {
								__esi = 0;
								L371:
								if(__esi != 0) {
									goto L432;
								}
								goto L372;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0xb) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0xb) & 0x000000ff);
							if(__esi == 0) {
								L364:
								__esi =  *(__eax - 0xa) & 0x000000ff;
								__edx =  *(__ecx - 0xa) & 0x000000ff;
								__esi = ( *(__eax - 0xa) & 0x000000ff) - ( *(__ecx - 0xa) & 0x000000ff);
								if(__esi == 0) {
									L366:
									__esi =  *(__eax - 9) & 0x000000ff;
									__edx =  *(__ecx - 9) & 0x000000ff;
									__esi = ( *(__eax - 9) & 0x000000ff) - ( *(__ecx - 9) & 0x000000ff);
									if(__esi == 0) {
										L368:
										__esi =  *(__eax - 8) & 0x000000ff;
										__edx =  *(__ecx - 8) & 0x000000ff;
										__esi = ( *(__eax - 8) & 0x000000ff) - ( *(__ecx - 8) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L371;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L368;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L366;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L364;
						case 0xc:
							L424:
							if( *(_t984 - 0xc) !=  *(_t989 - 0xc)) {
								_t1090 = ( *(_t984 - 0xc) & 0x000000ff) - ( *(_t989 - 0xc) & 0x000000ff);
								if(_t1090 == 0) {
									L127:
									_t1092 = ( *(_t984 - 0xb) & 0x000000ff) - ( *(_t989 - 0xb) & 0x000000ff);
									if(_t1092 == 0) {
										L129:
										_t1094 = ( *(_t984 - 0xa) & 0x000000ff) - ( *(_t989 - 0xa) & 0x000000ff);
										if(_t1094 == 0) {
											L131:
											_t1078 = ( *(_t984 - 9) & 0x000000ff) - ( *(_t989 - 9) & 0x000000ff);
											if(_t1078 != 0) {
												_t1078 = (0 | _t1078 > 0x00000000) + (0 | _t1078 > 0x00000000) - 1;
											}
											L426:
											if(_t1078 != 0) {
												goto L432;
											}
											goto L427;
										}
										_t1078 = (0 | _t1094 > 0x00000000) + (0 | _t1094 > 0x00000000) - 1;
										if(_t1078 != 0) {
											goto L432;
										}
										goto L131;
									}
									_t1078 = (0 | _t1092 > 0x00000000) + (0 | _t1092 > 0x00000000) - 1;
									if(_t1078 != 0) {
										goto L432;
									}
									goto L129;
								}
								_t1078 = (0 | _t1090 > 0x00000000) + (0 | _t1090 > 0x00000000) - 1;
								if(_t1078 != 0) {
									goto L432;
								}
								goto L127;
							}
							_t1078 = 0;
							goto L426;
						case 0xd:
							L190:
							__edx =  *(__eax - 0xd);
							if( *(__eax - 0xd) ==  *(__ecx - 0xd)) {
								__esi = 0;
								L200:
								if(__esi != 0) {
									goto L432;
								}
								goto L201;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0xd) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0xd) & 0x000000ff);
							if(__esi == 0) {
								L193:
								__esi =  *(__eax - 0xc) & 0x000000ff;
								__edx =  *(__ecx - 0xc) & 0x000000ff;
								__esi = ( *(__eax - 0xc) & 0x000000ff) - ( *(__ecx - 0xc) & 0x000000ff);
								if(__esi == 0) {
									L195:
									__esi =  *(__eax - 0xb) & 0x000000ff;
									__edx =  *(__ecx - 0xb) & 0x000000ff;
									__esi = ( *(__eax - 0xb) & 0x000000ff) - ( *(__ecx - 0xb) & 0x000000ff);
									if(__esi == 0) {
										L197:
										__esi =  *(__eax - 0xa) & 0x000000ff;
										__edx =  *(__ecx - 0xa) & 0x000000ff;
										__esi = ( *(__eax - 0xa) & 0x000000ff) - ( *(__ecx - 0xa) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L200;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L197;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L195;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L193;
						case 0xe:
							L269:
							__edx =  *(__eax - 0xe);
							if( *(__eax - 0xe) ==  *(__ecx - 0xe)) {
								__esi = 0;
								L279:
								if(__esi != 0) {
									goto L432;
								}
								goto L280;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0xe) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0xe) & 0x000000ff);
							if(__esi == 0) {
								L272:
								__esi =  *(__eax - 0xd) & 0x000000ff;
								__edx =  *(__ecx - 0xd) & 0x000000ff;
								__esi = ( *(__eax - 0xd) & 0x000000ff) - ( *(__ecx - 0xd) & 0x000000ff);
								if(__esi == 0) {
									L274:
									__esi =  *(__eax - 0xc) & 0x000000ff;
									__edx =  *(__ecx - 0xc) & 0x000000ff;
									__esi = ( *(__eax - 0xc) & 0x000000ff) - ( *(__ecx - 0xc) & 0x000000ff);
									if(__esi == 0) {
										L276:
										__esi =  *(__eax - 0xb) & 0x000000ff;
										__edx =  *(__ecx - 0xb) & 0x000000ff;
										__esi = ( *(__eax - 0xb) & 0x000000ff) - ( *(__ecx - 0xb) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L279;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L276;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L274;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L272;
						case 0xf:
							L350:
							__edx =  *(__eax - 0xf);
							if( *(__eax - 0xf) ==  *(__ecx - 0xf)) {
								__esi = 0;
								L360:
								if(__esi != 0) {
									goto L432;
								}
								goto L361;
							}
							__edx =  *(__ecx - 0xf) & 0x000000ff;
							__esi =  *(__eax - 0xf) & 0x000000ff;
							__esi = ( *(__eax - 0xf) & 0x000000ff) - ( *(__ecx - 0xf) & 0x000000ff);
							if(__esi == 0) {
								L353:
								__esi =  *(__eax - 0xe) & 0x000000ff;
								__edx =  *(__ecx - 0xe) & 0x000000ff;
								__esi = ( *(__eax - 0xe) & 0x000000ff) - ( *(__ecx - 0xe) & 0x000000ff);
								if(__esi == 0) {
									L355:
									__esi =  *(__eax - 0xd) & 0x000000ff;
									__edx =  *(__ecx - 0xd) & 0x000000ff;
									__esi = ( *(__eax - 0xd) & 0x000000ff) - ( *(__ecx - 0xd) & 0x000000ff);
									if(__esi == 0) {
										L357:
										__esi =  *(__eax - 0xc) & 0x000000ff;
										__edx =  *(__ecx - 0xc) & 0x000000ff;
										__esi = ( *(__eax - 0xc) & 0x000000ff) - ( *(__ecx - 0xc) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L360;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L357;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L355;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L353;
						case 0x10:
							L421:
							_t1002 =  *(_t984 - 0x10);
							if(_t1002 !=  *(_t989 - 0x10)) {
								_t1083 = (_t1002 & 0x000000ff) - ( *(_t989 - 0x10) & 0x000000ff);
								if(_t1083 != 0) {
									_t1078 = (0 | _t1083 > 0x00000000) + (0 | _t1083 > 0x00000000) - 1;
									if(_t1078 != 0) {
										goto L432;
									}
								}
								_t1085 = ( *(_t984 - 0xf) & 0x000000ff) - ( *(_t989 - 0xf) & 0x000000ff);
								if(_t1085 != 0) {
									_t1078 = (0 | _t1085 > 0x00000000) + (0 | _t1085 > 0x00000000) - 1;
									if(_t1078 == 0) {
										goto L439;
									} else {
										goto L432;
									}
								}
								L439:
								_t1087 = ( *(_t984 - 0xe) & 0x000000ff) - ( *(_t989 - 0xe) & 0x000000ff);
								if(_t1087 == 0) {
									L123:
									_t1078 = ( *(_t984 - 0xd) & 0x000000ff) - ( *(_t989 - 0xd) & 0x000000ff);
									if(_t1078 != 0) {
										_t1078 = (0 | _t1078 > 0x00000000) + (0 | _t1078 > 0x00000000) - 1;
									}
									L423:
									if(_t1078 != 0) {
										goto L432;
									}
									goto L424;
								}
								_t1078 = (0 | _t1087 > 0x00000000) + (0 | _t1087 > 0x00000000) - 1;
								if(_t1078 != 0) {
									goto L432;
								}
								goto L123;
							}
							_t1078 = 0;
							goto L423;
						case 0x11:
							L179:
							__edx =  *(__eax - 0x11);
							if( *(__eax - 0x11) ==  *(__ecx - 0x11)) {
								__esi = 0;
								L189:
								if(__esi != 0) {
									goto L432;
								}
								goto L190;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x11) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x11) & 0x000000ff);
							if(__esi == 0) {
								L182:
								__esi =  *(__eax - 0x10) & 0x000000ff;
								__edx =  *(__ecx - 0x10) & 0x000000ff;
								__esi = ( *(__eax - 0x10) & 0x000000ff) - ( *(__ecx - 0x10) & 0x000000ff);
								if(__esi == 0) {
									L184:
									__esi =  *(__eax - 0xf) & 0x000000ff;
									__edx =  *(__ecx - 0xf) & 0x000000ff;
									__esi = ( *(__eax - 0xf) & 0x000000ff) - ( *(__ecx - 0xf) & 0x000000ff);
									if(__esi == 0) {
										L186:
										__esi =  *(__eax - 0xe) & 0x000000ff;
										__edx =  *(__ecx - 0xe) & 0x000000ff;
										__esi = ( *(__eax - 0xe) & 0x000000ff) - ( *(__ecx - 0xe) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L189;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L186;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L184;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L182;
						case 0x12:
							L258:
							__edx =  *(__eax - 0x12);
							if( *(__eax - 0x12) ==  *(__ecx - 0x12)) {
								__esi = 0;
								L268:
								if(__esi != 0) {
									goto L432;
								}
								goto L269;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x12) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x12) & 0x000000ff);
							if(__esi == 0) {
								L261:
								__esi =  *(__eax - 0x11) & 0x000000ff;
								__edx =  *(__ecx - 0x11) & 0x000000ff;
								__esi = ( *(__eax - 0x11) & 0x000000ff) - ( *(__ecx - 0x11) & 0x000000ff);
								if(__esi == 0) {
									L263:
									__esi =  *(__eax - 0x10) & 0x000000ff;
									__edx =  *(__ecx - 0x10) & 0x000000ff;
									__esi = ( *(__eax - 0x10) & 0x000000ff) - ( *(__ecx - 0x10) & 0x000000ff);
									if(__esi == 0) {
										L265:
										__esi =  *(__eax - 0xf) & 0x000000ff;
										__edx =  *(__ecx - 0xf) & 0x000000ff;
										__esi = ( *(__eax - 0xf) & 0x000000ff) - ( *(__ecx - 0xf) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L268;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L265;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L263;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L261;
						case 0x13:
							L339:
							__edx =  *(__eax - 0x13);
							if( *(__eax - 0x13) ==  *(__ecx - 0x13)) {
								__esi = 0;
								L349:
								if(__esi != 0) {
									goto L432;
								}
								goto L350;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x13) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x13) & 0x000000ff);
							if(__esi == 0) {
								L342:
								__esi =  *(__eax - 0x12) & 0x000000ff;
								__edx =  *(__ecx - 0x12) & 0x000000ff;
								__esi = ( *(__eax - 0x12) & 0x000000ff) - ( *(__ecx - 0x12) & 0x000000ff);
								if(__esi == 0) {
									L344:
									__esi =  *(__eax - 0x11) & 0x000000ff;
									__edx =  *(__ecx - 0x11) & 0x000000ff;
									__esi = ( *(__eax - 0x11) & 0x000000ff) - ( *(__ecx - 0x11) & 0x000000ff);
									if(__esi == 0) {
										L346:
										__esi =  *(__eax - 0x10) & 0x000000ff;
										__edx =  *(__ecx - 0x10) & 0x000000ff;
										__esi = ( *(__eax - 0x10) & 0x000000ff) - ( *(__ecx - 0x10) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L349;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L346;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L344;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L342;
						case 0x14:
							L418:
							__edx =  *(__eax - 0x14);
							if( *(__eax - 0x14) !=  *(__ecx - 0x14)) {
								goto L1;
							}
							__esi = 0;
							L420:
							if(_t1078 != 0) {
								goto L432;
							}
							goto L421;
						case 0x15:
							L168:
							__edx =  *(__eax - 0x15);
							if( *(__eax - 0x15) ==  *(__ecx - 0x15)) {
								__esi = 0;
								L178:
								if(__esi != 0) {
									goto L432;
								}
								goto L179;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x15) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x15) & 0x000000ff);
							if(__esi == 0) {
								L171:
								__esi =  *(__eax - 0x14) & 0x000000ff;
								__edx =  *(__ecx - 0x14) & 0x000000ff;
								__esi = ( *(__eax - 0x14) & 0x000000ff) - ( *(__ecx - 0x14) & 0x000000ff);
								if(__esi == 0) {
									L173:
									__esi =  *(__eax - 0x13) & 0x000000ff;
									__edx =  *(__ecx - 0x13) & 0x000000ff;
									__esi = ( *(__eax - 0x13) & 0x000000ff) - ( *(__ecx - 0x13) & 0x000000ff);
									if(__esi == 0) {
										L175:
										__esi =  *(__eax - 0x12) & 0x000000ff;
										__edx =  *(__ecx - 0x12) & 0x000000ff;
										__esi = ( *(__eax - 0x12) & 0x000000ff) - ( *(__ecx - 0x12) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L178;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L175;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L173;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L171;
						case 0x16:
							L247:
							__edx =  *(__eax - 0x16);
							if( *(__eax - 0x16) ==  *(__ecx - 0x16)) {
								__esi = 0;
								L257:
								if(__esi != 0) {
									goto L432;
								}
								goto L258;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x16) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x16) & 0x000000ff);
							if(__esi == 0) {
								L250:
								__esi =  *(__eax - 0x15) & 0x000000ff;
								__edx =  *(__ecx - 0x15) & 0x000000ff;
								__esi = ( *(__eax - 0x15) & 0x000000ff) - ( *(__ecx - 0x15) & 0x000000ff);
								if(__esi == 0) {
									L252:
									__esi =  *(__eax - 0x14) & 0x000000ff;
									__edx =  *(__ecx - 0x14) & 0x000000ff;
									__esi = ( *(__eax - 0x14) & 0x000000ff) - ( *(__ecx - 0x14) & 0x000000ff);
									if(__esi == 0) {
										L254:
										__esi =  *(__eax - 0x13) & 0x000000ff;
										__edx =  *(__ecx - 0x13) & 0x000000ff;
										__esi = ( *(__eax - 0x13) & 0x000000ff) - ( *(__ecx - 0x13) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L257;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L254;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L252;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L250;
						case 0x17:
							L328:
							__edx =  *(__eax - 0x17);
							if( *(__eax - 0x17) ==  *(__ecx - 0x17)) {
								__esi = 0;
								L338:
								if(__esi != 0) {
									goto L432;
								}
								goto L339;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x17) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x17) & 0x000000ff);
							if(__esi == 0) {
								L331:
								__esi =  *(__eax - 0x16) & 0x000000ff;
								__edx =  *(__ecx - 0x16) & 0x000000ff;
								__esi = ( *(__eax - 0x16) & 0x000000ff) - ( *(__ecx - 0x16) & 0x000000ff);
								if(__esi == 0) {
									L333:
									__esi =  *(__eax - 0x15) & 0x000000ff;
									__edx =  *(__ecx - 0x15) & 0x000000ff;
									__esi = ( *(__eax - 0x15) & 0x000000ff) - ( *(__ecx - 0x15) & 0x000000ff);
									if(__esi == 0) {
										L335:
										__esi =  *(__eax - 0x14) & 0x000000ff;
										__edx =  *(__ecx - 0x14) & 0x000000ff;
										__esi = ( *(__eax - 0x14) & 0x000000ff) - ( *(__ecx - 0x14) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L338;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L335;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L333;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L331;
						case 0x18:
							L107:
							__edx =  *(__eax - 0x18);
							if( *(__eax - 0x18) ==  *(__ecx - 0x18)) {
								__esi = 0;
								L444:
								if(__esi == 0) {
									goto L418;
								}
								goto L432;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x18) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x18) & 0x000000ff);
							if(__esi == 0) {
								L110:
								__esi =  *(__eax - 0x17) & 0x000000ff;
								__edx =  *(__ecx - 0x17) & 0x000000ff;
								__esi = ( *(__eax - 0x17) & 0x000000ff) - ( *(__ecx - 0x17) & 0x000000ff);
								if(__esi == 0) {
									L112:
									__esi =  *(__eax - 0x16) & 0x000000ff;
									__edx =  *(__ecx - 0x16) & 0x000000ff;
									__esi = ( *(__eax - 0x16) & 0x000000ff) - ( *(__ecx - 0x16) & 0x000000ff);
									if(__esi == 0) {
										L114:
										__esi =  *(__eax - 0x15) & 0x000000ff;
										__edx =  *(__ecx - 0x15) & 0x000000ff;
										__esi = ( *(__eax - 0x15) & 0x000000ff) - ( *(__ecx - 0x15) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L444;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L114;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L112;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L110;
						case 0x19:
							L157:
							__edx =  *(__eax - 0x19);
							if( *(__eax - 0x19) ==  *(__ecx - 0x19)) {
								__esi = 0;
								L167:
								if(__esi != 0) {
									goto L432;
								}
								goto L168;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x19) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
							if(__esi == 0) {
								L160:
								__esi =  *(__eax - 0x18) & 0x000000ff;
								__edx =  *(__ecx - 0x18) & 0x000000ff;
								__esi = ( *(__eax - 0x18) & 0x000000ff) - ( *(__ecx - 0x18) & 0x000000ff);
								if(__esi == 0) {
									L162:
									__esi =  *(__eax - 0x17) & 0x000000ff;
									__edx =  *(__ecx - 0x17) & 0x000000ff;
									__esi = ( *(__eax - 0x17) & 0x000000ff) - ( *(__ecx - 0x17) & 0x000000ff);
									if(__esi == 0) {
										L164:
										__esi =  *(__eax - 0x16) & 0x000000ff;
										__edx =  *(__ecx - 0x16) & 0x000000ff;
										__esi = ( *(__eax - 0x16) & 0x000000ff) - ( *(__ecx - 0x16) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L167;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L164;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L162;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L160;
						case 0x1a:
							L236:
							__edx =  *(__eax - 0x1a);
							if( *(__eax - 0x1a) ==  *(__ecx - 0x1a)) {
								__esi = 0;
								L246:
								if(__esi != 0) {
									goto L432;
								}
								goto L247;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x1a) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
							if(__esi == 0) {
								L239:
								__esi =  *(__eax - 0x19) & 0x000000ff;
								__edx =  *(__ecx - 0x19) & 0x000000ff;
								__esi = ( *(__eax - 0x19) & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
								if(__esi == 0) {
									L241:
									__esi =  *(__eax - 0x18) & 0x000000ff;
									__edx =  *(__ecx - 0x18) & 0x000000ff;
									__esi = ( *(__eax - 0x18) & 0x000000ff) - ( *(__ecx - 0x18) & 0x000000ff);
									if(__esi == 0) {
										L243:
										__esi =  *(__eax - 0x17) & 0x000000ff;
										__edx =  *(__ecx - 0x17) & 0x000000ff;
										__esi = ( *(__eax - 0x17) & 0x000000ff) - ( *(__ecx - 0x17) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L246;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L243;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L241;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L239;
						case 0x1b:
							L317:
							__edx =  *(__eax - 0x1b);
							if( *(__eax - 0x1b) ==  *(__ecx - 0x1b)) {
								__esi = 0;
								L327:
								if(__esi != 0) {
									goto L432;
								}
								goto L328;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x1b) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
							if(__esi == 0) {
								L320:
								__esi =  *(__eax - 0x1a) & 0x000000ff;
								__edx =  *(__ecx - 0x1a) & 0x000000ff;
								__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
								if(__esi == 0) {
									L322:
									__esi =  *(__eax - 0x19) & 0x000000ff;
									__edx =  *(__ecx - 0x19) & 0x000000ff;
									__esi = ( *(__eax - 0x19) & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
									if(__esi == 0) {
										L324:
										__esi =  *(__eax - 0x18) & 0x000000ff;
										__edx =  *(__ecx - 0x18) & 0x000000ff;
										__esi = ( *(__eax - 0x18) & 0x000000ff) - ( *(__ecx - 0x18) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L327;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L324;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L322;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L320;
						case 0x1c:
							__edx =  *(__eax - 0x1c);
							if( *(__eax - 0x1c) ==  *(__ecx - 0x1c)) {
								__esi = 0;
								L106:
								if(__esi != 0) {
									goto L432;
								}
								goto L107;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x1c) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
							if(__esi == 0) {
								L99:
								__esi =  *(__eax - 0x1b) & 0x000000ff;
								__edx =  *(__ecx - 0x1b) & 0x000000ff;
								__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
								if(__esi == 0) {
									L101:
									__esi =  *(__eax - 0x1a) & 0x000000ff;
									__edx =  *(__ecx - 0x1a) & 0x000000ff;
									__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
									if(__esi == 0) {
										L103:
										__esi =  *(__eax - 0x19) & 0x000000ff;
										__edx =  *(__ecx - 0x19) & 0x000000ff;
										__esi = ( *(__eax - 0x19) & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L106;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L103;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L101;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L99;
						case 0x1d:
							__edx =  *(__eax - 0x1d);
							if( *(__eax - 0x1d) ==  *(__ecx - 0x1d)) {
								__esi = 0;
								L156:
								if(__esi != 0) {
									goto L432;
								}
								goto L157;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x1d) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
							if(__esi == 0) {
								L149:
								__esi =  *(__eax - 0x1c) & 0x000000ff;
								__edx =  *(__ecx - 0x1c) & 0x000000ff;
								__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
								if(__esi == 0) {
									L151:
									__esi =  *(__eax - 0x1b) & 0x000000ff;
									__edx =  *(__ecx - 0x1b) & 0x000000ff;
									__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
									if(__esi == 0) {
										L153:
										__esi =  *(__eax - 0x1a) & 0x000000ff;
										__edx =  *(__ecx - 0x1a) & 0x000000ff;
										__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L156;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L153;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L151;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L149;
						case 0x1e:
							__edx =  *(__eax - 0x1e);
							if( *(__eax - 0x1e) ==  *(__ecx - 0x1e)) {
								__esi = 0;
								L235:
								if(__esi != 0) {
									goto L432;
								}
								goto L236;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x1e) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1e) & 0x000000ff);
							if(__esi == 0) {
								L228:
								__esi =  *(__eax - 0x1d) & 0x000000ff;
								__edx =  *(__ecx - 0x1d) & 0x000000ff;
								__esi = ( *(__eax - 0x1d) & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
								if(__esi == 0) {
									L230:
									__esi =  *(__eax - 0x1c) & 0x000000ff;
									__edx =  *(__ecx - 0x1c) & 0x000000ff;
									__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
									if(__esi == 0) {
										L232:
										__esi =  *(__eax - 0x1b) & 0x000000ff;
										__edx =  *(__ecx - 0x1b) & 0x000000ff;
										__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L235;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L232;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L230;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L228;
						case 0x1f:
							__edx =  *(__eax - 0x1f);
							if( *(__eax - 0x1f) ==  *(__ecx - 0x1f)) {
								__esi = 0;
								L316:
								if(__esi != 0) {
									goto L432;
								}
								goto L317;
							}
							__edx =  *(__ecx - 0x1f) & 0x000000ff;
							__esi =  *(__eax - 0x1f) & 0x000000ff;
							__esi = ( *(__eax - 0x1f) & 0x000000ff) - ( *(__ecx - 0x1f) & 0x000000ff);
							if(__esi == 0) {
								L309:
								__esi =  *(__eax - 0x1e) & 0x000000ff;
								__edx =  *(__ecx - 0x1e) & 0x000000ff;
								__esi = ( *(__eax - 0x1e) & 0x000000ff) - ( *(__ecx - 0x1e) & 0x000000ff);
								if(__esi == 0) {
									L311:
									__esi =  *(__eax - 0x1d) & 0x000000ff;
									__edx =  *(__ecx - 0x1d) & 0x000000ff;
									__esi = ( *(__eax - 0x1d) & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
									if(__esi == 0) {
										L313:
										__esi =  *(__eax - 0x1c) & 0x000000ff;
										__edx =  *(__ecx - 0x1c) & 0x000000ff;
										__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L316;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L313;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L311;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L309;
					}
				}
				L1:
				_t1075 = (_t994 & 0x000000ff) - ( *(_t989 - 0x14) & 0x000000ff);
				if(_t1075 == 0) {
					L3:
					_t1077 = ( *(_t984 - 0x13) & 0x000000ff) - ( *(_t989 - 0x13) & 0x000000ff);
					if(_t1077 != 0) {
						_t1078 = (0 | _t1077 > 0x00000000) + (0 | _t1077 > 0x00000000) - 1;
						if(_t1078 == 0) {
							goto L4;
						} else {
							goto L432;
						}
					}
					L4:
					_t1080 = ( *(_t984 - 0x12) & 0x000000ff) - ( *(_t989 - 0x12) & 0x000000ff);
					if(_t1080 == 0) {
						L119:
						_t1078 = ( *(_t984 - 0x11) & 0x000000ff) - ( *(_t989 - 0x11) & 0x000000ff);
						if(_t1078 != 0) {
							_t1078 = (0 | _t1078 > 0x00000000) + (0 | _t1078 > 0x00000000) - 1;
						}
						goto L420;
					}
					_t1078 = (0 | _t1080 > 0x00000000) + (0 | _t1080 > 0x00000000) - 1;
					if(_t1078 != 0) {
						goto L432;
					} else {
						goto L119;
					}
				}
				_t1078 = (0 | _t1075 > 0x00000000) + (0 | _t1075 > 0x00000000) - 1;
				if(_t1078 != 0) {
					goto L432;
				}
				goto L3;
			}

0x007036b8
0x007036bb
0x00000000
0x007036c1
0x007036c1
0x007036c2
0x007035ef
0x007035f2
0x007035f5
0x007035f8
0x00703553
0x00703553
0x00703555
0x00703787
0x00703787
0x00703787
0x0070355f
0x00703562
0x00703566
0x00000000
0x00703566
0x007036c8
0x007036c9
0x007035bd
0x007035c0
0x007035c3
0x007035c6
0x007035c9
0x007035cb
0x007035e2
0x007035e2
0x007035e6
0x00000000
0x007035e6
0x007035d1
0x007035d4
0x007035d8
0x007035dc
0x00000000
0x00000000
0x00000000
0x007035dc
0x007036cf
0x007036d0
0x0070356d
0x00703570
0x00703573
0x00703576
0x00703579
0x0070357b
0x00703592
0x00703592
0x00703596
0x0070359a
0x0070359c
0x007035b3
0x007035b3
0x007035b7
0x00000000
0x007035b7
0x007035a2
0x007035a5
0x007035a9
0x007035ad
0x00000000
0x00000000
0x00000000
0x007035ad
0x00703581
0x00703584
0x00703588
0x0070358c
0x00000000
0x00000000
0x00000000
0x0070358c
0x007036d7
0x007034e4
0x007034e7
0x007034ea
0x007034ed
0x007034f0
0x007034f2
0x00703509
0x00703509
0x0070350d
0x00703511
0x00703513
0x0070352a
0x0070352a
0x0070352e
0x00703532
0x00703534
0x0070354b
0x0070354b
0x0070354f
0x00000000
0x0070354f
0x0070353a
0x0070353d
0x00703541
0x00703545
0x00000000
0x00000000
0x00000000
0x00703545
0x00703519
0x0070351c
0x00703520
0x00703524
0x00000000
0x00000000
0x00000000
0x00703524
0x007034f8
0x007034fb
0x007034ff
0x00703503
0x00000000
0x00000000
0x00000000
0x00703503
0x007036dd
0x007036e0
0x007036e3
0x007036e6
0x007036e7
0x00702144
0x00702148
0x007021c6
0x007021c8
0x007021ca
0x00703781
0x00703781
0x00703783
0x00000000
0x00703783
0x007021d0
0x007021d6
0x00702256
0x00702258
0x0070225a
0x00000000
0x00000000
0x00702260
0x00702266
0x007022e6
0x007022e8
0x007022ea
0x00000000
0x00000000
0x007022f0
0x007022f6
0x00702376
0x00702378
0x0070237a
0x00000000
0x00000000
0x00702380
0x00702386
0x00702406
0x00702408
0x0070240a
0x00000000
0x00000000
0x00702410
0x00702416
0x00702496
0x00702498
0x0070249a
0x00000000
0x00000000
0x007024a0
0x007024a6
0x00702526
0x00702528
0x0070252a
0x00000000
0x00000000
0x00702530
0x00702536
0x007025b6
0x007025b8
0x007025ba
0x00000000
0x007025c0
0x007025c0
0x007025c2
0x007025c4
0x00000000
0x007025c4
0x007025ba
0x00702538
0x0070253c
0x00702540
0x00702542
0x00702559
0x00702559
0x0070255d
0x00702561
0x00702563
0x0070257a
0x0070257a
0x0070257e
0x00702582
0x00702584
0x0070259b
0x0070259b
0x0070259f
0x007025a3
0x007025a5
0x007025ab
0x007025ae
0x007025b2
0x007025b2
0x00000000
0x007025a5
0x0070258a
0x0070258d
0x00702591
0x00702595
0x00000000
0x00000000
0x00000000
0x00702595
0x00702569
0x0070256c
0x00702570
0x00702574
0x00000000
0x00000000
0x00000000
0x00702574
0x00702548
0x0070254b
0x0070254f
0x00702553
0x00000000
0x00000000
0x00000000
0x00702553
0x007024a8
0x007024ac
0x007024b0
0x007024b2
0x007024c9
0x007024c9
0x007024cd
0x007024d1
0x007024d3
0x007024ea
0x007024ea
0x007024ee
0x007024f2
0x007024f4
0x0070250b
0x0070250b
0x0070250f
0x00702513
0x00702515
0x0070251b
0x0070251e
0x00702522
0x00702522
0x00000000
0x00702515
0x007024fa
0x007024fd
0x00702501
0x00702505
0x00000000
0x00000000
0x00000000
0x00702505
0x007024d9
0x007024dc
0x007024e0
0x007024e4
0x00000000
0x00000000
0x00000000
0x007024e4
0x007024b8
0x007024bb
0x007024bf
0x007024c3
0x00000000
0x00000000
0x00000000
0x007024c3
0x00702418
0x0070241c
0x00702420
0x00702422
0x00702439
0x00702439
0x0070243d
0x00702441
0x00702443
0x0070245a
0x0070245a
0x0070245e
0x00702462
0x00702464
0x0070247b
0x0070247b
0x0070247f
0x00702483
0x00702485
0x0070248b
0x0070248e
0x00702492
0x00702492
0x00000000
0x00702485
0x0070246a
0x0070246d
0x00702471
0x00702475
0x00000000
0x00000000
0x00000000
0x00702475
0x00702449
0x0070244c
0x00702450
0x00702454
0x00000000
0x00000000
0x00000000
0x00702454
0x00702428
0x0070242b
0x0070242f
0x00702433
0x00000000
0x00000000
0x00000000
0x00702433
0x00702388
0x0070238c
0x00702390
0x00702392
0x007023a9
0x007023a9
0x007023ad
0x007023b1
0x007023b3
0x007023ca
0x007023ca
0x007023ce
0x007023d2
0x007023d4
0x007023eb
0x007023eb
0x007023ef
0x007023f3
0x007023f5
0x007023fb
0x007023fe
0x00702402
0x00702402
0x00000000
0x007023f5
0x007023da
0x007023dd
0x007023e1
0x007023e5
0x00000000
0x00000000
0x00000000
0x007023e5
0x007023b9
0x007023bc
0x007023c0
0x007023c4
0x00000000
0x00000000
0x00000000
0x007023c4
0x00702398
0x0070239b
0x0070239f
0x007023a3
0x00000000
0x00000000
0x00000000
0x007023a3
0x007022f8
0x007022fc
0x00702300
0x00702302
0x00702319
0x00702319
0x0070231d
0x00702321
0x00702323
0x0070233a
0x0070233a
0x0070233e
0x00702342
0x00702344
0x0070235b
0x0070235b
0x0070235f
0x00702363
0x00702365
0x0070236b
0x0070236e
0x00702372
0x00702372
0x00000000
0x00702365
0x0070234a
0x0070234d
0x00702351
0x00702355
0x00000000
0x00000000
0x00000000
0x00702355
0x00702329
0x0070232c
0x00702330
0x00702334
0x00000000
0x00000000
0x00000000
0x00702334
0x00702308
0x0070230b
0x0070230f
0x00702313
0x00000000
0x00000000
0x00000000
0x00702313
0x00702268
0x0070226c
0x00702270
0x00702272
0x00702289
0x00702289
0x0070228d
0x00702291
0x00702293
0x007022aa
0x007022aa
0x007022ae
0x007022b2
0x007022b4
0x007022cb
0x007022cb
0x007022cf
0x007022d3
0x007022d5
0x007022db
0x007022de
0x007022e2
0x007022e2
0x00000000
0x007022d5
0x007022ba
0x007022bd
0x007022c1
0x007022c5
0x00000000
0x00000000
0x00000000
0x007022c5
0x00702299
0x0070229c
0x007022a0
0x007022a4
0x00000000
0x00000000
0x00000000
0x007022a4
0x00702278
0x0070227b
0x0070227f
0x00702283
0x00000000
0x00000000
0x00000000
0x00702283
0x007021d8
0x007021dc
0x007021e0
0x007021e2
0x007021f9
0x007021f9
0x007021fd
0x00702201
0x00702203
0x0070221a
0x0070221a
0x0070221e
0x00702222
0x00702224
0x0070223b
0x0070223b
0x0070223f
0x00702243
0x00702245
0x0070224b
0x0070224e
0x00702252
0x00702252
0x00000000
0x00702245
0x0070222a
0x0070222d
0x00702231
0x00702235
0x00000000
0x00000000
0x00000000
0x00702235
0x00702209
0x0070220c
0x00702210
0x00702214
0x00000000
0x00000000
0x00000000
0x00702214
0x007021e8
0x007021eb
0x007021ef
0x007021f3
0x00000000
0x00000000
0x00000000
0x007021f3
0x0070214a
0x0070214d
0x00702150
0x00702152
0x00702169
0x00702169
0x0070216d
0x00702171
0x00702173
0x0070218a
0x0070218a
0x0070218e
0x00702192
0x00702194
0x007021ab
0x007021ab
0x007021af
0x007021b3
0x007021b5
0x007021bb
0x007021be
0x007021c2
0x007021c2
0x00000000
0x007021b5
0x0070219a
0x0070219d
0x007021a1
0x007021a5
0x00000000
0x00000000
0x00000000
0x007021a5
0x00702179
0x0070217c
0x00702180
0x00702184
0x00000000
0x00000000
0x00000000
0x00702184
0x00702158
0x0070215b
0x0070215f
0x00702163
0x00000000
0x00000000
0x00000000
0x00702163
0x007036ef
0x007036f1
0x007036f6
0x007036a0
0x007036a0
0x00000000
0x007036a0
0x007036f8
0x00000000
0x00000000
0x00000000
0x00702c8d
0x00702c8d
0x00702c91
0x00702c95
0x00702c97
0x00702ca1
0x00702ca4
0x00702ca8
0x00702ca8
0x00000000
0x00000000
0x00703099
0x007030a1
0x00000000
0x00000000
0x00000000
0x00000000
0x007034ba
0x007034ba
0x007034be
0x007034c2
0x007034c4
0x007030a7
0x007030a7
0x007030ab
0x007030af
0x007030b1
0x00000000
0x00000000
0x007030bb
0x007030be
0x007030c4
0x00000000
0x00000000
0x007034dd
0x007034dd
0x00000000
0x007034dd
0x007034ce
0x007034d1
0x007034d7
0x00000000
0x00000000
0x00000000
0x00000000
0x0070368a
0x0070368a
0x00703690
0x00702831
0x00702833
0x00702844
0x0070284c
0x0070284e
0x0070285f
0x00702867
0x00702869
0x00702881
0x00702889
0x0070288b
0x0070289c
0x0070289c
0x00703698
0x0070369a
0x00000000
0x00000000
0x00000000
0x0070369a
0x00702872
0x00702878
0x00000000
0x00000000
0x0070287a
0x0070287a
0x00000000
0x0070287a
0x00702857
0x0070285d
0x00000000
0x00000000
0x00000000
0x0070285d
0x0070283c
0x00702842
0x00000000
0x00000000
0x00000000
0x00702842
0x00703696
0x00000000
0x00000000
0x00702bfe
0x00702bfe
0x00702c04
0x00702c83
0x00702c85
0x00702c87
0x00000000
0x00000000
0x00000000
0x00702c87
0x00702c06
0x00702c09
0x00702c0d
0x00702c0f
0x00702c26
0x00702c26
0x00702c2a
0x00702c2e
0x00702c30
0x00702c47
0x00702c47
0x00702c4b
0x00702c4f
0x00702c51
0x00702c68
0x00702c68
0x00702c6c
0x00702c70
0x00702c72
0x00702c78
0x00702c7b
0x00702c7f
0x00702c7f
0x00000000
0x00702c72
0x00702c57
0x00702c5a
0x00702c5e
0x00702c62
0x00000000
0x00000000
0x00000000
0x00702c62
0x00702c36
0x00702c39
0x00702c3d
0x00702c41
0x00000000
0x00000000
0x00000000
0x00702c41
0x00702c15
0x00702c18
0x00702c1c
0x00702c20
0x00000000
0x00000000
0x00000000
0x00000000
0x0070300a
0x0070300a
0x00703010
0x0070308f
0x00703091
0x00703093
0x00000000
0x00000000
0x00000000
0x00703093
0x00703012
0x00703015
0x00703019
0x0070301b
0x00703032
0x00703032
0x00703036
0x0070303a
0x0070303c
0x00703053
0x00703053
0x00703057
0x0070305b
0x0070305d
0x00703074
0x00703074
0x00703078
0x0070307c
0x0070307e
0x00703084
0x00703087
0x0070308b
0x0070308b
0x00000000
0x0070307e
0x00703063
0x00703066
0x0070306a
0x0070306e
0x00000000
0x00000000
0x00000000
0x0070306e
0x00703042
0x00703045
0x00703049
0x0070304d
0x00000000
0x00000000
0x00000000
0x0070304d
0x00703021
0x00703024
0x00703028
0x0070302c
0x00000000
0x00000000
0x00000000
0x00000000
0x0070342b
0x0070342b
0x00703431
0x007034b0
0x007034b2
0x007034b4
0x00000000
0x00000000
0x00000000
0x007034b4
0x00703433
0x00703436
0x0070343a
0x0070343c
0x00703453
0x00703453
0x00703457
0x0070345b
0x0070345d
0x00703474
0x00703474
0x00703478
0x0070347c
0x0070347e
0x00703495
0x00703495
0x00703499
0x0070349d
0x0070349f
0x007034a5
0x007034a8
0x007034ac
0x007034ac
0x00000000
0x0070349f
0x00703484
0x00703487
0x0070348b
0x0070348f
0x00000000
0x00000000
0x00000000
0x0070348f
0x00703463
0x00703466
0x0070346a
0x0070346e
0x00000000
0x00000000
0x00000000
0x0070346e
0x00703442
0x00703445
0x00703449
0x0070344d
0x00000000
0x00000000
0x00000000
0x00000000
0x00703735
0x00703735
0x0070373b
0x00703680
0x00703682
0x00703684
0x00000000
0x00000000
0x00000000
0x00703684
0x00703748
0x0070374a
0x00703793
0x00703797
0x00000000
0x00000000
0x00703799
0x00703754
0x00703756
0x007027f9
0x007027fd
0x00000000
0x00000000
0x00000000
0x00702803
0x0070375c
0x00703764
0x00703766
0x00702808
0x00702810
0x00702812
0x00702823
0x00702823
0x00000000
0x00702812
0x00703777
0x0070377b
0x00000000
0x00000000
0x00000000
0x00000000
0x00702b6e
0x00702b6e
0x00702b74
0x00702bf4
0x00702bf6
0x00702bf8
0x00000000
0x00000000
0x00000000
0x00702bf8
0x00702b76
0x00702b7a
0x00702b7e
0x00702b80
0x00702b97
0x00702b97
0x00702b9b
0x00702b9f
0x00702ba1
0x00702bb8
0x00702bb8
0x00702bbc
0x00702bc0
0x00702bc2
0x00702bd9
0x00702bd9
0x00702bdd
0x00702be1
0x00702be3
0x00702be9
0x00702bec
0x00702bf0
0x00702bf0
0x00000000
0x00702be3
0x00702bc8
0x00702bcb
0x00702bcf
0x00702bd3
0x00000000
0x00000000
0x00000000
0x00702bd3
0x00702ba7
0x00702baa
0x00702bae
0x00702bb2
0x00000000
0x00000000
0x00000000
0x00702bb2
0x00702b86
0x00702b89
0x00702b8d
0x00702b91
0x00000000
0x00000000
0x00000000
0x00000000
0x00702f7a
0x00702f7a
0x00702f80
0x00703000
0x00703002
0x00703004
0x00000000
0x00000000
0x00000000
0x00703004
0x00702f82
0x00702f86
0x00702f8a
0x00702f8c
0x00702fa3
0x00702fa3
0x00702fa7
0x00702fab
0x00702fad
0x00702fc4
0x00702fc4
0x00702fc8
0x00702fcc
0x00702fce
0x00702fe5
0x00702fe5
0x00702fe9
0x00702fed
0x00702fef
0x00702ff5
0x00702ff8
0x00702ffc
0x00702ffc
0x00000000
0x00702fef
0x00702fd4
0x00702fd7
0x00702fdb
0x00702fdf
0x00000000
0x00000000
0x00000000
0x00702fdf
0x00702fb3
0x00702fb6
0x00702fba
0x00702fbe
0x00000000
0x00000000
0x00000000
0x00702fbe
0x00702f92
0x00702f95
0x00702f99
0x00702f9d
0x00000000
0x00000000
0x00000000
0x00000000
0x0070339c
0x0070339c
0x007033a2
0x00703421
0x00703423
0x00703425
0x00000000
0x00000000
0x00000000
0x00703425
0x007033a4
0x007033a7
0x007033ab
0x007033ad
0x007033c4
0x007033c4
0x007033c8
0x007033cc
0x007033ce
0x007033e5
0x007033e5
0x007033e9
0x007033ed
0x007033ef
0x00703406
0x00703406
0x0070340a
0x0070340e
0x00703410
0x00703416
0x00703419
0x0070341d
0x0070341d
0x00000000
0x00703410
0x007033f5
0x007033f8
0x007033fc
0x00703400
0x00000000
0x00000000
0x00000000
0x00703400
0x007033d4
0x007033d7
0x007033db
0x007033df
0x00000000
0x00000000
0x00000000
0x007033df
0x007033b3
0x007033b6
0x007033ba
0x007033be
0x00000000
0x00000000
0x00000000
0x00000000
0x00703723
0x00703729
0x00702771
0x00702773
0x0070278a
0x00702792
0x00702794
0x007027ab
0x007027b3
0x007027b5
0x007027cc
0x007027d4
0x007027d6
0x007027e7
0x007027e7
0x00703731
0x00703733
0x00000000
0x00000000
0x00000000
0x00703733
0x007027c2
0x007027c6
0x00000000
0x00000000
0x00000000
0x007027c6
0x007027a1
0x007027a5
0x00000000
0x00000000
0x00000000
0x007027a5
0x00702780
0x00702784
0x00000000
0x00000000
0x00000000
0x00702784
0x0070372f
0x00000000
0x00000000
0x00702adf
0x00702adf
0x00702ae5
0x00702b64
0x00702b66
0x00702b68
0x00000000
0x00000000
0x00000000
0x00702b68
0x00702ae7
0x00702aea
0x00702aee
0x00702af0
0x00702b07
0x00702b07
0x00702b0b
0x00702b0f
0x00702b11
0x00702b28
0x00702b28
0x00702b2c
0x00702b30
0x00702b32
0x00702b49
0x00702b49
0x00702b4d
0x00702b51
0x00702b53
0x00702b59
0x00702b5c
0x00702b60
0x00702b60
0x00000000
0x00702b53
0x00702b38
0x00702b3b
0x00702b3f
0x00702b43
0x00000000
0x00000000
0x00000000
0x00702b43
0x00702b17
0x00702b1a
0x00702b1e
0x00702b22
0x00000000
0x00000000
0x00000000
0x00702b22
0x00702af6
0x00702af9
0x00702afd
0x00702b01
0x00000000
0x00000000
0x00000000
0x00000000
0x00702eeb
0x00702eeb
0x00702ef1
0x00702f70
0x00702f72
0x00702f74
0x00000000
0x00000000
0x00000000
0x00702f74
0x00702ef3
0x00702ef6
0x00702efa
0x00702efc
0x00702f13
0x00702f13
0x00702f17
0x00702f1b
0x00702f1d
0x00702f34
0x00702f34
0x00702f38
0x00702f3c
0x00702f3e
0x00702f55
0x00702f55
0x00702f59
0x00702f5d
0x00702f5f
0x00702f65
0x00702f68
0x00702f6c
0x00702f6c
0x00000000
0x00702f5f
0x00702f44
0x00702f47
0x00702f4b
0x00702f4f
0x00000000
0x00000000
0x00000000
0x00702f4f
0x00702f23
0x00702f26
0x00702f2a
0x00702f2e
0x00000000
0x00000000
0x00000000
0x00702f2e
0x00702f02
0x00702f05
0x00702f09
0x00702f0d
0x00000000
0x00000000
0x00000000
0x00000000
0x0070330c
0x0070330c
0x00703312
0x00703392
0x00703394
0x00703396
0x00000000
0x00000000
0x00000000
0x00703396
0x00703314
0x00703318
0x0070331c
0x0070331e
0x00703335
0x00703335
0x00703339
0x0070333d
0x0070333f
0x00703356
0x00703356
0x0070335a
0x0070335e
0x00703360
0x00703377
0x00703377
0x0070337b
0x0070337f
0x00703381
0x00703387
0x0070338a
0x0070338e
0x0070338e
0x00000000
0x00703381
0x00703366
0x00703369
0x0070336d
0x00703371
0x00000000
0x00000000
0x00000000
0x00703371
0x00703345
0x00703348
0x0070334c
0x00703350
0x00000000
0x00000000
0x00000000
0x00703350
0x00703324
0x00703327
0x0070332b
0x0070332f
0x00000000
0x00000000
0x00000000
0x00000000
0x00703711
0x00703711
0x00703717
0x00703820
0x00703822
0x007038f3
0x007038f7
0x00000000
0x00000000
0x007038fd
0x00703830
0x00703832
0x00702738
0x0070273c
0x00000000
0x00702742
0x00000000
0x00702742
0x0070273c
0x00703838
0x00703840
0x00703842
0x00702747
0x0070274f
0x00702751
0x00702762
0x00702762
0x0070371f
0x00703721
0x00000000
0x00000000
0x00000000
0x00703721
0x00703853
0x00703857
0x00000000
0x00000000
0x00000000
0x0070385d
0x0070371d
0x00000000
0x00000000
0x00702a50
0x00702a50
0x00702a56
0x00702ad5
0x00702ad7
0x00702ad9
0x00000000
0x00000000
0x00000000
0x00702ad9
0x00702a58
0x00702a5b
0x00702a5f
0x00702a61
0x00702a78
0x00702a78
0x00702a7c
0x00702a80
0x00702a82
0x00702a99
0x00702a99
0x00702a9d
0x00702aa1
0x00702aa3
0x00702aba
0x00702aba
0x00702abe
0x00702ac2
0x00702ac4
0x00702aca
0x00702acd
0x00702ad1
0x00702ad1
0x00000000
0x00702ac4
0x00702aa9
0x00702aac
0x00702ab0
0x00702ab4
0x00000000
0x00000000
0x00000000
0x00702ab4
0x00702a88
0x00702a8b
0x00702a8f
0x00702a93
0x00000000
0x00000000
0x00000000
0x00702a93
0x00702a67
0x00702a6a
0x00702a6e
0x00702a72
0x00000000
0x00000000
0x00000000
0x00000000
0x00702e5c
0x00702e5c
0x00702e62
0x00702ee1
0x00702ee3
0x00702ee5
0x00000000
0x00000000
0x00000000
0x00702ee5
0x00702e64
0x00702e67
0x00702e6b
0x00702e6d
0x00702e84
0x00702e84
0x00702e88
0x00702e8c
0x00702e8e
0x00702ea5
0x00702ea5
0x00702ea9
0x00702ead
0x00702eaf
0x00702ec6
0x00702ec6
0x00702eca
0x00702ece
0x00702ed0
0x00702ed6
0x00702ed9
0x00702edd
0x00702edd
0x00000000
0x00702ed0
0x00702eb5
0x00702eb8
0x00702ebc
0x00702ec0
0x00000000
0x00000000
0x00000000
0x00702ec0
0x00702e94
0x00702e97
0x00702e9b
0x00702e9f
0x00000000
0x00000000
0x00000000
0x00702e9f
0x00702e73
0x00702e76
0x00702e7a
0x00702e7e
0x00000000
0x00000000
0x00000000
0x00000000
0x0070327d
0x0070327d
0x00703283
0x00703302
0x00703304
0x00703306
0x00000000
0x00000000
0x00000000
0x00703306
0x00703285
0x00703288
0x0070328c
0x0070328e
0x007032a5
0x007032a5
0x007032a9
0x007032ad
0x007032af
0x007032c6
0x007032c6
0x007032ca
0x007032ce
0x007032d0
0x007032e7
0x007032e7
0x007032eb
0x007032ef
0x007032f1
0x007032f7
0x007032fa
0x007032fe
0x007032fe
0x00000000
0x007032f1
0x007032d6
0x007032d9
0x007032dd
0x007032e1
0x00000000
0x00000000
0x00000000
0x007032e1
0x007032b5
0x007032b8
0x007032bc
0x007032c0
0x00000000
0x00000000
0x00000000
0x007032c0
0x00703294
0x00703297
0x0070329b
0x0070329f
0x00000000
0x00000000
0x00000000
0x00000000
0x007036ff
0x007036ff
0x00703705
0x00000000
0x00000000
0x0070370b
0x0070370d
0x0070370f
0x00000000
0x00000000
0x00000000
0x00000000
0x007029c1
0x007029c1
0x007029c7
0x00702a46
0x00702a48
0x00702a4a
0x00000000
0x00000000
0x00000000
0x00702a4a
0x007029c9
0x007029cc
0x007029d0
0x007029d2
0x007029e9
0x007029e9
0x007029ed
0x007029f1
0x007029f3
0x00702a0a
0x00702a0a
0x00702a0e
0x00702a12
0x00702a14
0x00702a2b
0x00702a2b
0x00702a2f
0x00702a33
0x00702a35
0x00702a3b
0x00702a3e
0x00702a42
0x00702a42
0x00000000
0x00702a35
0x00702a1a
0x00702a1d
0x00702a21
0x00702a25
0x00000000
0x00000000
0x00000000
0x00702a25
0x007029f9
0x007029fc
0x00702a00
0x00702a04
0x00000000
0x00000000
0x00000000
0x00702a04
0x007029d8
0x007029db
0x007029df
0x007029e3
0x00000000
0x00000000
0x00000000
0x00000000
0x00702dcd
0x00702dcd
0x00702dd3
0x00702e52
0x00702e54
0x00702e56
0x00000000
0x00000000
0x00000000
0x00702e56
0x00702dd5
0x00702dd8
0x00702ddc
0x00702dde
0x00702df5
0x00702df5
0x00702df9
0x00702dfd
0x00702dff
0x00702e16
0x00702e16
0x00702e1a
0x00702e1e
0x00702e20
0x00702e37
0x00702e37
0x00702e3b
0x00702e3f
0x00702e41
0x00702e47
0x00702e4a
0x00702e4e
0x00702e4e
0x00000000
0x00702e41
0x00702e26
0x00702e29
0x00702e2d
0x00702e31
0x00000000
0x00000000
0x00000000
0x00702e31
0x00702e05
0x00702e08
0x00702e0c
0x00702e10
0x00000000
0x00000000
0x00000000
0x00702e10
0x00702de4
0x00702de7
0x00702deb
0x00702def
0x00000000
0x00000000
0x00000000
0x00000000
0x007031ee
0x007031ee
0x007031f4
0x00703273
0x00703275
0x00703277
0x00000000
0x00000000
0x00000000
0x00703277
0x007031f6
0x007031f9
0x007031fd
0x007031ff
0x00703216
0x00703216
0x0070321a
0x0070321e
0x00703220
0x00703237
0x00703237
0x0070323b
0x0070323f
0x00703241
0x00703258
0x00703258
0x0070325c
0x00703260
0x00703262
0x00703268
0x0070326b
0x0070326f
0x0070326f
0x00000000
0x00703262
0x00703247
0x0070324a
0x0070324e
0x00703252
0x00000000
0x00000000
0x00000000
0x00703252
0x00703226
0x00703229
0x0070322d
0x00703231
0x00000000
0x00000000
0x00000000
0x00703231
0x00703205
0x00703208
0x0070320c
0x00703210
0x00000000
0x00000000
0x00000000
0x00000000
0x0070265a
0x0070265a
0x00702660
0x007026ea
0x00703902
0x00703904
0x00000000
0x00000000
0x00000000
0x0070390a
0x00702666
0x00702669
0x0070266d
0x0070266f
0x00702686
0x00702686
0x0070268a
0x0070268e
0x00702690
0x007026a7
0x007026a7
0x007026ab
0x007026af
0x007026b1
0x007026c8
0x007026c8
0x007026cc
0x007026d0
0x007026d2
0x007026dc
0x007026df
0x007026e3
0x007026e3
0x00000000
0x007026d2
0x007026b7
0x007026ba
0x007026be
0x007026c2
0x00000000
0x00000000
0x00000000
0x007026c2
0x00702696
0x00702699
0x0070269d
0x007026a1
0x00000000
0x00000000
0x00000000
0x007026a1
0x00702675
0x00702678
0x0070267c
0x00702680
0x00000000
0x00000000
0x00000000
0x00000000
0x00702932
0x00702932
0x00702938
0x007029b7
0x007029b9
0x007029bb
0x00000000
0x00000000
0x00000000
0x007029bb
0x0070293a
0x0070293d
0x00702941
0x00702943
0x0070295a
0x0070295a
0x0070295e
0x00702962
0x00702964
0x0070297b
0x0070297b
0x0070297f
0x00702983
0x00702985
0x0070299c
0x0070299c
0x007029a0
0x007029a4
0x007029a6
0x007029ac
0x007029af
0x007029b3
0x007029b3
0x00000000
0x007029a6
0x0070298b
0x0070298e
0x00702992
0x00702996
0x00000000
0x00000000
0x00000000
0x00702996
0x0070296a
0x0070296d
0x00702971
0x00702975
0x00000000
0x00000000
0x00000000
0x00702975
0x00702949
0x0070294c
0x00702950
0x00702954
0x00000000
0x00000000
0x00000000
0x00000000
0x00702d3e
0x00702d3e
0x00702d44
0x00702dc3
0x00702dc5
0x00702dc7
0x00000000
0x00000000
0x00000000
0x00702dc7
0x00702d46
0x00702d49
0x00702d4d
0x00702d4f
0x00702d66
0x00702d66
0x00702d6a
0x00702d6e
0x00702d70
0x00702d87
0x00702d87
0x00702d8b
0x00702d8f
0x00702d91
0x00702da8
0x00702da8
0x00702dac
0x00702db0
0x00702db2
0x00702db8
0x00702dbb
0x00702dbf
0x00702dbf
0x00000000
0x00702db2
0x00702d97
0x00702d9a
0x00702d9e
0x00702da2
0x00000000
0x00000000
0x00000000
0x00702da2
0x00702d76
0x00702d79
0x00702d7d
0x00702d81
0x00000000
0x00000000
0x00000000
0x00702d81
0x00702d55
0x00702d58
0x00702d5c
0x00702d60
0x00000000
0x00000000
0x00000000
0x00000000
0x0070315f
0x0070315f
0x00703165
0x007031e4
0x007031e6
0x007031e8
0x00000000
0x00000000
0x00000000
0x007031e8
0x00703167
0x0070316a
0x0070316e
0x00703170
0x00703187
0x00703187
0x0070318b
0x0070318f
0x00703191
0x007031a8
0x007031a8
0x007031ac
0x007031b0
0x007031b2
0x007031c9
0x007031c9
0x007031cd
0x007031d1
0x007031d3
0x007031d9
0x007031dc
0x007031e0
0x007031e0
0x00000000
0x007031d3
0x007031b8
0x007031bb
0x007031bf
0x007031c3
0x00000000
0x00000000
0x00000000
0x007031c3
0x00703197
0x0070319a
0x0070319e
0x007031a2
0x00000000
0x00000000
0x00000000
0x007031a2
0x00703176
0x00703179
0x0070317d
0x00703181
0x00000000
0x00000000
0x00000000
0x00000000
0x007025cb
0x007025d1
0x00702650
0x00702652
0x00702654
0x00000000
0x00000000
0x00000000
0x00702654
0x007025d3
0x007025d6
0x007025da
0x007025dc
0x007025f3
0x007025f3
0x007025f7
0x007025fb
0x007025fd
0x00702614
0x00702614
0x00702618
0x0070261c
0x0070261e
0x00702635
0x00702635
0x00702639
0x0070263d
0x0070263f
0x00702645
0x00702648
0x0070264c
0x0070264c
0x00000000
0x0070263f
0x00702624
0x00702627
0x0070262b
0x0070262f
0x00000000
0x00000000
0x00000000
0x0070262f
0x00702603
0x00702606
0x0070260a
0x0070260e
0x00000000
0x00000000
0x00000000
0x0070260e
0x007025e2
0x007025e5
0x007025e9
0x007025ed
0x00000000
0x00000000
0x00000000
0x00000000
0x007028a3
0x007028a9
0x00702928
0x0070292a
0x0070292c
0x00000000
0x00000000
0x00000000
0x0070292c
0x007028ab
0x007028ae
0x007028b2
0x007028b4
0x007028cb
0x007028cb
0x007028cf
0x007028d3
0x007028d5
0x007028ec
0x007028ec
0x007028f0
0x007028f4
0x007028f6
0x0070290d
0x0070290d
0x00702911
0x00702915
0x00702917
0x0070291d
0x00702920
0x00702924
0x00702924
0x00000000
0x00702917
0x007028fc
0x007028ff
0x00702903
0x00702907
0x00000000
0x00000000
0x00000000
0x00702907
0x007028db
0x007028de
0x007028e2
0x007028e6
0x00000000
0x00000000
0x00000000
0x007028e6
0x007028ba
0x007028bd
0x007028c1
0x007028c5
0x00000000
0x00000000
0x00000000
0x00000000
0x00702caf
0x00702cb5
0x00702d34
0x00702d36
0x00702d38
0x00000000
0x00000000
0x00000000
0x00702d38
0x00702cb7
0x00702cba
0x00702cbe
0x00702cc0
0x00702cd7
0x00702cd7
0x00702cdb
0x00702cdf
0x00702ce1
0x00702cf8
0x00702cf8
0x00702cfc
0x00702d00
0x00702d02
0x00702d19
0x00702d19
0x00702d1d
0x00702d21
0x00702d23
0x00702d29
0x00702d2c
0x00702d30
0x00702d30
0x00000000
0x00702d23
0x00702d08
0x00702d0b
0x00702d0f
0x00702d13
0x00000000
0x00000000
0x00000000
0x00702d13
0x00702ce7
0x00702cea
0x00702cee
0x00702cf2
0x00000000
0x00000000
0x00000000
0x00702cf2
0x00702cc6
0x00702cc9
0x00702ccd
0x00702cd1
0x00000000
0x00000000
0x00000000
0x00000000
0x007030cf
0x007030d5
0x00703155
0x00703157
0x00703159
0x00000000
0x00000000
0x00000000
0x00703159
0x007030d7
0x007030db
0x007030df
0x007030e1
0x007030f8
0x007030f8
0x007030fc
0x00703100
0x00703102
0x00703119
0x00703119
0x0070311d
0x00703121
0x00703123
0x0070313a
0x0070313a
0x0070313e
0x00703142
0x00703144
0x0070314a
0x0070314d
0x00703151
0x00703151
0x00000000
0x00703144
0x00703129
0x0070312c
0x00703130
0x00703134
0x00000000
0x00000000
0x00000000
0x00703134
0x00703108
0x0070310b
0x0070310f
0x00703113
0x00000000
0x00000000
0x00000000
0x00703113
0x007030e7
0x007030ea
0x007030ee
0x007030f2
0x00000000
0x00000000
0x00000000
0x00000000
0x007036f8
0x007020ea
0x007020f1
0x007020f3
0x0070210a
0x00702112
0x00702114
0x007026fc
0x00702700
0x00000000
0x00702706
0x00000000
0x00702706
0x00702700
0x0070211a
0x00702122
0x00702124
0x0070270b
0x00702713
0x00702715
0x00702726
0x00702726
0x00000000
0x00702715
0x00702135
0x00702139
0x00000000
0x0070213f
0x00000000
0x0070213f
0x00702139
0x00702100
0x00702104
0x00000000
0x00000000
0x00000000

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ee628e34a7b59b5028df923c5d0c6e26751e943ab76eff2284bb3d032a90106
Instruction ID: 4c6cd0280b854cb2fb94d38123a61b96f60a6515b5c4ec3763e66c28529d0537
Opcode Fuzzy Hash: 0ee628e34a7b59b5028df923c5d0c6e26751e943ab76eff2284bb3d032a90106
Instruction Fuzzy Hash: B30270B3D497B38BCB714EB944E45267AE05E0169031F87E9DDC02F2D7C11ADE1A96E0

Uniqueness

Uniqueness Score: 0.00%

Function 006D44FC, Relevance: .5, Instructions: 506
COMMONCrypto

C-Code - Quality: 97%

			E006D44FC(signed int _a4, signed int _a8, signed short _a12) {
				signed int _v8;
				short _v34;
				char _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t237;
				signed int _t238;
				signed int _t239;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				intOrPtr _t244;
				signed int _t245;
				signed char _t250;
				signed int _t251;
				signed int _t254;
				signed char _t258;
				signed short _t260;
				signed short _t265;
				signed char _t266;
				signed int _t267;
				intOrPtr _t268;
				signed int _t270;
				signed int _t272;
				signed char _t273;
				signed int _t274;
				signed short _t275;
				signed char _t276;
				unsigned int _t279;
				signed short _t280;
				signed int _t282;
				unsigned int _t284;
				signed short _t285;
				signed int _t288;
				signed char _t289;
				signed short _t290;
				signed int _t292;
				signed char _t293;
				signed short _t294;
				signed int _t296;
				signed short _t299;
				signed short _t309;
				signed short _t319;
				signed int _t322;
				signed int _t325;
				signed int _t327;
				signed int _t332;
				intOrPtr* _t333;
				intOrPtr _t335;
				signed int _t337;
				intOrPtr _t339;
				signed int _t341;
				signed int _t342;
				void* _t343;
				signed char _t344;
				signed char _t345;
				signed int _t346;
				signed int _t347;
				signed int _t349;
				signed short _t359;
				signed char _t360;
				intOrPtr _t366;
				intOrPtr _t367;
				signed short _t368;
				signed int _t371;
				intOrPtr _t377;
				signed int _t378;
				signed short _t379;
				signed short _t380;
				signed short _t381;
				signed short _t389;
				signed int _t392;
				signed int* _t397;
				void* _t399;
				unsigned int _t401;

				_t342 = _a4;
				if(( *(_t342 + 0x44) & 0x01000000) != 0) {
					_push(_a8);
					_push(_t342);
					E00793A5A();
					return _t237;
				}
				_t238 =  *(_t342 + 0x40);
				_t397 = _a8;
				if((_t238 & 0x61000000) != 0) {
					__eflags = _t238 & 0x10000000;
					if(__eflags != 0) {
						goto L2;
					}
					_t341 = E007974A9(_t342, _t343, _t397, _t399, __eflags, _t342, _t397);
					__eflags = _t341;
					if(_t341 != 0) {
						goto L2;
					}
					_t245 = 0xc000000d;
					L15:
					return _t245;
				}
				L2:
				_t239 =  *_t397;
				_a8 = _a8 & 0x00000000;
				_push(_t399);
				if(_t239 != 0) {
					_t344 = _t397[2] & 0x0000ffff;
					__eflags = _t344 & 0x00000102;
					if((_t344 & 0x00000102) == 0) {
						goto L33;
					}
					__eflags = _a12;
					if(_a12 == 0) {
						L27:
						_t401 = _t397[1] + _t239;
						__eflags = _t344 & 0x00000100;
						if((_t344 & 0x00000100) != 0) {
							__eflags = _t239 + 0xffffffe8;
							_t239 = E007838DD(_t342, _t239 + 0xffffffe8);
						}
						__eflags = _a12;
						if(_a12 == 0) {
							L31:
							_t339 =  *((intOrPtr*)(_t239 + 0x10));
							__eflags = _t339 - _t342 + 0xa8;
							if(_t339 == _t342 + 0xa8) {
								goto L71;
							}
							_t332 = _t339 + 0xfffffff0;
							goto L4;
						} else {
							__eflags = _t401 -  *((intOrPtr*)(_t239 + 0x28));
							if(_t401 <  *((intOrPtr*)(_t239 + 0x28))) {
								goto L12;
							}
							goto L31;
						}
					}
					__eflags = _t344 & 0x00000002;
					if((_t344 & 0x00000002) == 0) {
						goto L27;
					}
					_t401 =  *(_t239 + 0x24);
					goto L12;
				} else {
					_t332 = _t342;
					L4:
					_t401 = 0;
					if(_t332 == 0) {
						_t333 = _t342 + 0xa0;
						_t367 =  *_t333;
						__eflags = _t367 - _t333;
						if(_t367 == _t333) {
							goto L101;
						}
						_t401 = _t367 + 0x18;
						goto L12;
					} else {
						 *_t397 = _t332;
						if( *(_t342 + 0x4c) == 0) {
							_t368 =  *_t332 & 0x0000ffff;
						} else {
							_t379 =  *_t332;
							if(( *(_t342 + 0x4c) & _t379) != 0) {
								_t379 = _t379 ^  *(_t342 + 0x50);
							}
							_t368 = _t379 & 0x0000ffff;
						}
						_t397[1] = (_t368 & 0x0000ffff) << 3;
						_t397[2] = 0;
						_t397[2] = 0;
						_t371 = 2;
						_t397[2] = _t371;
						_t397[3] =  *((intOrPtr*)(_t332 + 0x20)) -  *(_t332 + 0x2c) << 0xc;
						_t397[4] =  *(_t332 + 0x2c) << 0xc;
						_t377 =  *((intOrPtr*)(_t332 + 0x24));
						if(( *(_t377 + 2) & 0x00000001) == 0) {
							_t378 = _t377 + 0x10;
						} else {
							_t378 = _t377 + 8;
						}
						_t397[5] = _t378;
						_t397[6] =  *(_t332 + 0x28);
						L12:
						if(_t401 != 0) {
							_t250 =  *((intOrPtr*)(_t401 + 7));
							__eflags = _t250 & 0x00000040;
							if((_t250 & 0x00000040) == 0) {
								__eflags = _t250 - 4;
								if(_t250 != 4) {
									_t251 = _t401 + 8;
									L83:
									 *_t397 = _t251;
									_t397[2] = 1;
									__eflags =  *((char*)(_t342 + 0xda)) - 2;
									if( *((char*)(_t342 + 0xda)) != 2) {
										_t254 = 0;
										__eflags = 0;
									} else {
										_t254 =  *(_t342 + 0xd4);
									}
									__eflags = _t254;
									if(_t254 == 0) {
										L90:
										_t258 =  *(_t342 + 0x4c) >> 0x00000014 &  *(_t342 + 0x52) ^  *(_t401 + 2);
										__eflags = _t258 & 0x00000001;
										if((_t258 & 0x00000001) == 0) {
											 *_t397 = _t401 + 0x10;
											__eflags =  *(_t342 + 0x4c);
											if( *(_t342 + 0x4c) == 0) {
												_t260 =  *_t401 & 0x0000ffff;
											} else {
												_t265 =  *_t401;
												__eflags =  *(_t342 + 0x4c) & _t265;
												if(( *(_t342 + 0x4c) & _t265) != 0) {
													_t265 = _t265 ^  *(_t342 + 0x50);
													__eflags = _t265;
												}
												_t260 = _t265 & 0x0000ffff;
											}
											_t397[1] = (_t260 & 0x0000ffff) * 8 - 0x10;
											_t397[2] = 0x10;
											_t397[2] =  *(_t401 + 6);
											_t397[2] = 0;
											goto L13;
										}
										_t266 =  *((intOrPtr*)(_t401 + 7));
										__eflags = _t266 & 0x00000040;
										if((_t266 & 0x00000040) == 0) {
											__eflags = _t266 - 4;
											if(_t266 != 4) {
												_t267 = _t401 + 8;
												L97:
												 *_t397 = _t267;
												_t268 =  *((intOrPtr*)(_t401 + 7));
												__eflags = _t268 - 4;
												if(_t268 == 4) {
													_t397[1] = E006DEFDB(_t342, _t401);
													__eflags =  *(_t342 + 0x4c);
													if( *(_t342 + 0x4c) == 0) {
														_t270 =  *_t401 & 0x0000ffff;
													} else {
														_t285 =  *_t401;
														__eflags =  *(_t342 + 0x4c) & _t285;
														if(( *(_t342 + 0x4c) & _t285) != 0) {
															_t285 = _t285 ^  *(_t342 + 0x50);
															__eflags = _t285;
														}
														_t270 = _t285 & 0x0000ffff;
													}
													_t397[2] = _t270 + 0x20;
													_t397[2] = 0x40;
													_t272 = 0x401;
													L144:
													_t397[2] = _t272;
													__eflags =  *(_t342 + 0x4c);
													if( *(_t342 + 0x4c) == 0) {
														_t273 =  *(_t401 + 2);
													} else {
														_t284 =  *_t401;
														__eflags =  *(_t342 + 0x4c) & _t284;
														if(( *(_t342 + 0x4c) & _t284) != 0) {
															_t284 = _t284 ^  *(_t342 + 0x50);
															__eflags = _t284;
														}
														_t273 = _t284 >> 0x10;
													}
													__eflags = _t273 & 0x00000002;
													if((_t273 & 0x00000002) == 0) {
														_t274 = E007271D3();
														__eflags = _t274 & 0x00000800;
														if((_t274 & 0x00000800) != 0) {
															_t275 =  *(_t401 + 3) & 0x000000ff;
														} else {
															_t275 = 0;
														}
													} else {
														_t280 = E00783914(_t342, _t401);
														_a12 = _t280;
														_t397[3] =  *(_t280 + 4);
														_t397[4] =  *_t280;
														_t282 = E007271D3();
														__eflags = _t282 & 0x00000800;
														if((_t282 & 0x00000800) != 0) {
															_t275 =  *((intOrPtr*)(_a12 + 2));
														} else {
															_t275 = 0;
														}
														_t397[2] = _t397[2] | 0x00000010;
													}
													_t397[4] = _t275;
													__eflags =  *(_t342 + 0x4c);
													if( *(_t342 + 0x4c) == 0) {
														_t276 =  *(_t401 + 2);
													} else {
														_t279 =  *_t401;
														__eflags =  *(_t342 + 0x4c) & _t279;
														if(( *(_t342 + 0x4c) & _t279) != 0) {
															_t279 = _t279 ^  *(_t342 + 0x50);
															__eflags = _t279;
														}
														_t276 = _t279 >> 0x10;
													}
													_t397[2] = _t397[2] | _t276 & 0xe0;
													goto L13;
												}
												__eflags = _t268 - 3;
												if(_t268 == 3) {
													 *_t397 =  *(_t401 + 0x18);
													_t397[1] =  *(_t401 + 0x1c);
													_t397[2] = 0;
													_t397[2] = 0;
													_t272 = 0x100;
													goto L144;
												}
												__eflags = _t268 - 1;
												if(_t268 != 1) {
													_t349 =  *(_t342 + 0x4c);
													__eflags = _t349;
													if(_t349 == 0) {
														_t288 =  *_t401 & 0x0000ffff;
													} else {
														_t319 =  *_t401;
														_t349 =  *(_t342 + 0x4c);
														__eflags = _t349 & _t319;
														if((_t349 & _t319) != 0) {
															_t319 = _t319 ^  *(_t342 + 0x50);
															__eflags = _t319;
														}
														_t288 = _t319 & 0x0000ffff;
													}
													_a12 = _t288;
													_t289 =  *((intOrPtr*)(_t401 + 7));
													__eflags = _t289 - 5;
													if(_t289 != 5) {
														__eflags = _t289 & 0x00000040;
														if((_t289 & 0x00000040) == 0) {
															__eflags = (_t289 & 0x0000003f) - 0x3f;
															if((_t289 & 0x0000003f) == 0x3f) {
																__eflags = _t289;
																if(_t289 >= 0) {
																	__eflags = _t349;
																	if(_t349 == 0) {
																		_t290 =  *_t401 & 0x0000ffff;
																	} else {
																		_t309 =  *_t401;
																		__eflags =  *(_t342 + 0x4c) & _t309;
																		if(( *(_t342 + 0x4c) & _t309) != 0) {
																			_t309 = _t309 ^  *(_t342 + 0x50);
																			__eflags = _t309;
																		}
																		_t290 = _t309 & 0x0000ffff;
																	}
																} else {
																	_t290 =  *((intOrPtr*)((_t401 >> 0x00000003 ^  *_t401 ^  *0x7a81dc ^ _t342) + 0x10));
																}
																_t292 =  *(_t401 + (_t290 & 0x0000ffff) * 8 - 4);
															} else {
																_t292 = _t289 & 0x3f;
															}
														} else {
															_t292 =  *(_t401 + 4 + (_t289 & 0x3f) * 8) & 0x0000ffff;
														}
													} else {
														_t292 =  *(_t342 + 0x54) & 0x0000ffff ^  *(_t401 + 4) & 0x0000ffff;
													}
													_t397[1] = ((_a12 & 0x0000ffff) << 3) - _t292;
													_t293 =  *((intOrPtr*)(_t401 + 7));
													__eflags = _t293 - 5;
													if(_t293 != 5) {
														__eflags = _t293 & 0x00000040;
														if((_t293 & 0x00000040) == 0) {
															__eflags = (_t293 & 0x0000003f) - 0x3f;
															if((_t293 & 0x0000003f) == 0x3f) {
																__eflags = _t293;
																if(_t293 >= 0) {
																	__eflags =  *(_t342 + 0x4c);
																	if( *(_t342 + 0x4c) == 0) {
																		_t294 =  *_t401 & 0x0000ffff;
																	} else {
																		_t299 =  *_t401;
																		__eflags =  *(_t342 + 0x4c) & _t299;
																		if(( *(_t342 + 0x4c) & _t299) != 0) {
																			_t299 = _t299 ^  *(_t342 + 0x50);
																			__eflags = _t299;
																		}
																		_t294 = _t299 & 0x0000ffff;
																	}
																} else {
																	_t294 =  *((intOrPtr*)((_t401 >> 0x00000003 ^  *_t401 ^  *0x7a81dc ^ _t342) + 0x10));
																}
																_t296 =  *(_t401 + (_t294 & 0x0000ffff) * 8 - 4);
															} else {
																_t296 = _t293 & 0x3f;
															}
														} else {
															_t296 =  *(_t401 + 4 + (_t293 & 0x3f) * 8) & 0x0000ffff;
														}
													} else {
														_t296 =  *(_t342 + 0x54) & 0x0000ffff ^  *(_t401 + 4) & 0x0000ffff;
													}
													_t397[2] = _t296;
													_t397[2] =  *(_t401 + 6);
													_t272 = 1;
													__eflags = 1;
													goto L144;
												}
												_t397[2] = 1;
												goto L33;
											}
											_t322 =  *(_t401 + 6) & 0x000000ff;
											L93:
											_t267 = _t401 + 8 + _t322 * 8;
											goto L97;
										}
										_t322 = _t266 & 0x3f;
										__eflags = _t322;
										goto L93;
									} else {
										_push( &_a8);
										_t325 = E007978EA(_t342, _t397);
										__eflags = _t325;
										if(_t325 == 0) {
											goto L90;
										}
										__eflags = _t397[2] & 0x00000200;
										if((_t397[2] & 0x00000200) == 0) {
											L14:
											_t245 = _a8;
											goto L15;
										}
										L33:
										__eflags =  *((char*)(_t342 + 0xda)) - 2;
										if( *((char*)(_t342 + 0xda)) != 2) {
											_t240 = 0;
											__eflags = 0;
										} else {
											_t240 =  *(_t342 + 0xd4);
										}
										__eflags = _t240;
										if(_t240 == 0) {
											L39:
											__eflags = _t397[2] & 0x00000001;
											_t241 =  *_t397;
											if((_t397[2] & 0x00000001) == 0) {
												_t242 = _t241 - 0x10;
												__eflags =  *(_t342 + 0x4c);
												if( *(_t342 + 0x4c) == 0) {
													_t389 =  *_t242 & 0x0000ffff;
												} else {
													_t359 =  *_t242;
													__eflags =  *(_t342 + 0x4c) & _t359;
													if(( *(_t342 + 0x4c) & _t359) != 0) {
														_t359 = _t359 ^  *(_t342 + 0x50);
														__eflags = _t359;
													}
													_t389 = _t359 & 0x0000ffff;
												}
												_t345 =  *(_t242 + 6);
												__eflags = _t345;
												if(_t345 == 0) {
													_t346 = _t342;
												} else {
													_t346 = (_t242 & 0xffff0000) - ((_t345 & 0x000000ff) << 0x10) + 0x10000;
												}
												__eflags = _t346;
												if(_t346 == 0) {
													L102:
													_a8 = 0xc0000141;
													goto L13;
												} else {
													__eflags =  *((char*)(_t242 + 7)) - 3;
													if( *((char*)(_t242 + 7)) != 3) {
														_t347 = _t389 & 0x0000ffff;
														L76:
														_t401 = _t242 + _t347 * 8;
														goto L12;
													}
													L68:
													_t392 =  *(_t242 + 0x1c);
													__eflags = _t392 + _t242 + 0x20 -  *((intOrPtr*)(_t346 + 0x28));
													if(_t392 + _t242 + 0x20 <  *((intOrPtr*)(_t346 + 0x28))) {
														 *_t397 =  *(_t242 + 0x18);
														_t397[1] =  *(_t242 + 0x1c);
														_t397[2] = 0;
														_t397[2] = 0;
														_t397[2] = 0x100;
														_t401 = 0;
														goto L12;
													}
													_t366 =  *((intOrPtr*)(_t346 + 0x10));
													__eflags = _t366 - _t342 + 0xa8;
													if(_t366 == _t342 + 0xa8) {
														L71:
														_t332 = 0;
														goto L4;
													}
													_t332 = _t366 - 0x10;
													goto L4;
												}
											}
											_t242 = _t241 - 8;
											__eflags =  *((char*)(_t242 + 7)) - 5;
											if( *((char*)(_t242 + 7)) == 5) {
												_t242 = _t242 - (( *(_t242 + 6) & 0x000000ff) << 3);
												__eflags = _t242;
											}
											__eflags =  *((char*)(_t242 + 7)) - 4;
											if( *((char*)(_t242 + 7)) != 4) {
												__eflags =  *(_t342 + 0x4c);
												if( *(_t342 + 0x4c) != 0) {
												}
												_t360 =  *(_t242 + 6);
												__eflags = _t360;
												if(_t360 == 0) {
													_t346 = _t342;
												} else {
													_t346 = (_t242 & 0xffff0000) - ((_t360 & 0x000000ff) << 0x10) + 0x10000;
												}
												__eflags = _t346;
												if(_t346 == 0) {
													goto L102;
												} else {
													__eflags =  *((char*)(_t242 + 7)) - 3;
													if( *((char*)(_t242 + 7)) == 3) {
														goto L68;
													}
													__eflags =  *(_t342 + 0x4c);
													if( *(_t342 + 0x4c) == 0) {
														_t380 =  *_t242 & 0x0000ffff;
													} else {
														_t381 =  *_t242;
														__eflags =  *(_t342 + 0x4c) & _t381;
														if(( *(_t342 + 0x4c) & _t381) != 0) {
															_t381 = _t381 ^  *(_t342 + 0x50);
															__eflags = _t381;
														}
														_t380 = _t381 & 0x0000ffff;
													}
													_t347 = _t380 & 0x0000ffff;
													goto L76;
												}
											} else {
												_t335 =  *((intOrPtr*)(_t242 - 0x18));
												__eflags = _t335 - _t342 + 0xa0;
												if(_t335 == _t342 + 0xa0) {
													L101:
													_a8 = 0x8000001a;
													goto L13;
												}
												_t401 = _t335 + 0x18;
												goto L12;
											}
										} else {
											_push( &_a8);
											_t337 = E007978EA(_t342, _t397);
											__eflags = _t337;
											if(_t337 == 0) {
												goto L39;
											}
											__eflags = _t397[2] & 0x00000200;
											if((_t397[2] & 0x00000200) == 0) {
												goto L14;
											}
											goto L39;
										}
									}
								}
								_t327 =  *(_t401 + 6) & 0x000000ff;
								L79:
								_t251 = _t401 + 8 + _t327 * 8;
								goto L83;
							}
							_t327 = _t250 & 0x3f;
							__eflags = _t327;
							goto L79;
						}
						L13:
						if( *0x7ffe0380 != 0) {
							_t244 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *(_t244 + 0x240) & 0x00000001;
							if(( *(_t244 + 0x240) & 0x00000001) != 0) {
								_v34 = 0x102e;
								_push( &_v40);
								_v8 = _t342;
								_push(4);
								_push(0x402);
								_push( *0x7ffe0380 & 0x000000ff);
								E007164F0();
							}
						}
						goto L14;
					}
				}
			}

0x006d4505
0x006d450f
0x0075d0ff
0x0075d102
0x0075d103
0x00000000
0x0075d103
0x006d4515
0x006d4519
0x006d4521
0x0075d10d
0x0075d112
0x00000000
0x00000000
0x0075d11a
0x0075d11f
0x0075d121
0x00000000
0x00000000
0x0075d127
0x006d45b1
0x00000000
0x006d45b1
0x006d4527
0x006d4527
0x006d4529
0x006d452d
0x006d4530
0x0075d131
0x0075d135
0x0075d13b
0x00000000
0x00000000
0x0075d13d
0x0075d141
0x0075d150
0x0075d153
0x0075d155
0x0075d15b
0x0075d15d
0x0075d162
0x0075d162
0x0075d167
0x0075d16b
0x0075d176
0x0075d176
0x0075d17f
0x0075d181
0x00000000
0x00000000
0x0075d187
0x00000000
0x0075d16d
0x0075d16d
0x0075d170
0x00000000
0x00000000
0x00000000
0x0075d170
0x0075d16b
0x0075d143
0x0075d146
0x00000000
0x00000000
0x0075d148
0x00000000
0x006d4536
0x006d4536
0x006d4538
0x006d4538
0x006d453c
0x0075d2ca
0x0075d2d0
0x0075d2d2
0x0075d2d4
0x00000000
0x00000000
0x0075d2da
0x00000000
0x006d4542
0x006d4542
0x006d4547
0x006d45bc
0x006d4549
0x006d4549
0x006d454e
0x006d4550
0x006d4550
0x006d4553
0x006d4553
0x006d455c
0x006d455f
0x006d4565
0x006d4569
0x006d456a
0x006d4577
0x006d4580
0x006d4583
0x006d458a
0x006d45b7
0x006d458c
0x006d458c
0x006d458c
0x006d458f
0x006d4595
0x006d4598
0x006d459a
0x0075d310
0x0075d313
0x0075d315
0x0075d323
0x0075d325
0x0075d32d
0x0075d330
0x0075d330
0x0075d335
0x0075d339
0x0075d340
0x0075d34a
0x0075d34a
0x0075d342
0x0075d342
0x0075d342
0x0075d34c
0x0075d34e
0x0075d373
0x0075d37c
0x0075d37f
0x0075d381
0x0075d5da
0x0075d5dc
0x0075d5e0
0x0075d5f1
0x0075d5e2
0x0075d5e2
0x0075d5e4
0x0075d5e7
0x0075d5e9
0x0075d5e9
0x0075d5e9
0x0075d5ec
0x0075d5ec
0x0075d5fe
0x0075d601
0x0075d608
0x0075d60d
0x00000000
0x0075d60d
0x0075d387
0x0075d38a
0x0075d38c
0x0075d39a
0x0075d39c
0x0075d3a4
0x0075d3a7
0x0075d3a7
0x0075d3a9
0x0075d3ac
0x0075d3ae
0x0075d3e3
0x0075d3e6
0x0075d3ea
0x0075d3fb
0x0075d3ec
0x0075d3ec
0x0075d3ee
0x0075d3f1
0x0075d3f3
0x0075d3f3
0x0075d3f3
0x0075d3f6
0x0075d3f6
0x0075d400
0x0075d403
0x0075d407
0x0075d542
0x0075d542
0x0075d546
0x0075d54a
0x0075d55b
0x0075d54c
0x0075d54c
0x0075d54e
0x0075d551
0x0075d553
0x0075d553
0x0075d553
0x0075d556
0x0075d556
0x0075d55e
0x0075d560
0x0075d597
0x0075d59c
0x0075d5a1
0x0075d5a7
0x0075d5a3
0x0075d5a3
0x0075d5a3
0x0075d562
0x0075d564
0x0075d56c
0x0075d56f
0x0075d575
0x0075d579
0x0075d57e
0x0075d583
0x0075d58c
0x0075d585
0x0075d585
0x0075d585
0x0075d590
0x0075d590
0x0075d5ac
0x0075d5b0
0x0075d5b4
0x0075d5c5
0x0075d5b6
0x0075d5b6
0x0075d5b8
0x0075d5bb
0x0075d5bd
0x0075d5bd
0x0075d5bd
0x0075d5c0
0x0075d5c0
0x0075d5ce
0x00000000
0x0075d5ce
0x0075d3b0
0x0075d3b2
0x0075d414
0x0075d419
0x0075d41c
0x0075d420
0x0075d424
0x00000000
0x0075d424
0x0075d3b4
0x0075d3b6
0x0075d42e
0x0075d431
0x0075d433
0x0075d446
0x0075d435
0x0075d435
0x0075d437
0x0075d43a
0x0075d43c
0x0075d43e
0x0075d43e
0x0075d43e
0x0075d441
0x0075d441
0x0075d449
0x0075d44c
0x0075d44f
0x0075d451
0x0075d45f
0x0075d461
0x0075d475
0x0075d478
0x0075d482
0x0075d484
0x0075d49d
0x0075d49f
0x0075d4b0
0x0075d4a1
0x0075d4a1
0x0075d4a3
0x0075d4a6
0x0075d4a8
0x0075d4a8
0x0075d4a8
0x0075d4ab
0x0075d4ab
0x0075d486
0x0075d497
0x0075d497
0x0075d4b6
0x0075d47a
0x0075d47d
0x0075d47d
0x0075d463
0x0075d469
0x0075d469
0x0075d453
0x0075d45b
0x0075d45b
0x0075d4c3
0x0075d4c6
0x0075d4c9
0x0075d4cb
0x0075d4d9
0x0075d4db
0x0075d4ef
0x0075d4f2
0x0075d4fc
0x0075d4fe
0x0075d517
0x0075d51b
0x0075d52c
0x0075d51d
0x0075d51d
0x0075d51f
0x0075d522
0x0075d524
0x0075d524
0x0075d524
0x0075d527
0x0075d527
0x0075d500
0x0075d511
0x0075d511
0x0075d532
0x0075d4f4
0x0075d4f7
0x0075d4f7
0x0075d4dd
0x0075d4e3
0x0075d4e3
0x0075d4cd
0x0075d4d5
0x0075d4d5
0x0075d536
0x0075d53c
0x0075d541
0x0075d541
0x00000000
0x0075d541
0x0075d3bb
0x00000000
0x0075d3bb
0x0075d39e
0x0075d394
0x0075d394
0x00000000
0x0075d394
0x0075d391
0x0075d391
0x00000000
0x0075d350
0x0075d353
0x0075d356
0x0075d35b
0x0075d35d
0x00000000
0x00000000
0x0075d364
0x0075d368
0x006d45ad
0x006d45ad
0x00000000
0x006d45b0
0x0075d18f
0x0075d18f
0x0075d196
0x0075d1a0
0x0075d1a0
0x0075d198
0x0075d198
0x0075d198
0x0075d1a2
0x0075d1a4
0x0075d1c4
0x0075d1c4
0x0075d1c8
0x0075d1ca
0x0075d258
0x0075d25b
0x0075d25f
0x0075d270
0x0075d261
0x0075d261
0x0075d263
0x0075d266
0x0075d268
0x0075d268
0x0075d268
0x0075d26b
0x0075d26b
0x0075d273
0x0075d276
0x0075d278
0x0075d292
0x0075d27a
0x0075d28a
0x0075d28a
0x0075d294
0x0075d296
0x0075d3d0
0x0075d3d0
0x00000000
0x0075d29c
0x0075d29c
0x0075d2a0
0x0075d305
0x0075d308
0x0075d308
0x00000000
0x0075d308
0x0075d2a2
0x0075d2a2
0x0075d2a9
0x0075d2ac
0x0075d2e5
0x0075d2ea
0x0075d2f2
0x0075d2f6
0x0075d2fa
0x0075d2fe
0x00000000
0x0075d2fe
0x0075d2ae
0x0075d2b7
0x0075d2b9
0x0075d2c3
0x0075d2c3
0x00000000
0x0075d2c3
0x0075d2bb
0x00000000
0x0075d2bb
0x0075d296
0x0075d1d0
0x0075d1d3
0x0075d1d7
0x0075d1e0
0x0075d1e0
0x0075d1e0
0x0075d1e2
0x0075d1e6
0x0075d201
0x0075d205
0x0075d205
0x0075d209
0x0075d20c
0x0075d20e
0x0075d228
0x0075d210
0x0075d220
0x0075d220
0x0075d22a
0x0075d22c
0x00000000
0x0075d232
0x0075d232
0x0075d236
0x00000000
0x00000000
0x0075d238
0x0075d23c
0x0075d24d
0x0075d23e
0x0075d23e
0x0075d240
0x0075d243
0x0075d245
0x0075d245
0x0075d245
0x0075d248
0x0075d248
0x0075d250
0x00000000
0x0075d250
0x0075d1e8
0x0075d1e8
0x0075d1f1
0x0075d1f3
0x0075d3c4
0x0075d3c4
0x00000000
0x0075d3c4
0x0075d1f9
0x00000000
0x0075d1f9
0x0075d1a6
0x0075d1a9
0x0075d1ac
0x0075d1b1
0x0075d1b3
0x00000000
0x00000000
0x0075d1ba
0x0075d1be
0x00000000
0x00000000
0x00000000
0x0075d1be
0x0075d1a4
0x0075d34e
0x0075d327
0x0075d31d
0x0075d31d
0x00000000
0x0075d31d
0x0075d31a
0x0075d31a
0x00000000
0x0075d31a
0x006d45a0
0x006d45a7
0x0075d61c
0x0075d61f
0x0075d626
0x0075d631
0x0075d638
0x0075d639
0x0075d643
0x0075d645
0x0075d64a
0x0075d64b
0x0075d64b
0x0075d626
0x00000000
0x006d45a7
0x006d453c

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9e9102c0021a640867843953783db4a5d79ca4baf721e2a6dcafb56d4d054ab
Instruction ID: 85721421b1d984eafc2d535ffe3d8e55f004e005bd5ccbcefbb4d3c2eebfbe06
Opcode Fuzzy Hash: a9e9102c0021a640867843953783db4a5d79ca4baf721e2a6dcafb56d4d054ab
Instruction Fuzzy Hash: B312E370514291CFDB38CF28C0947B5B7E1BF05306F14849AEC968B692E7B8EC59DB61

Uniqueness

Uniqueness Score: 0.00%

Function 00771F48, Relevance: .4, Instructions: 400
COMMONCrypto

C-Code - Quality: 98%

			E00771F48(void* __ebx, void* __eflags, signed int _a4, signed int* _a8, intOrPtr _a12, intOrPtr _a16, signed int _a20) {
				signed int _v0;
				char _v5;
				char _v6;
				char _v9;
				char _v10;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t163;
				signed int _t166;
				signed int _t167;
				signed int _t169;
				signed int _t174;
				signed int _t175;
				signed int _t178;
				signed int _t187;
				signed int _t199;
				signed int _t202;
				signed int _t203;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				signed int _t210;
				signed int _t212;
				signed int _t214;
				signed int _t215;
				signed int _t223;
				signed int _t224;
				signed int _t227;
				signed int _t237;
				signed int _t238;
				signed int _t239;
				signed int _t240;
				signed int _t253;
				signed int _t255;
				signed int _t259;
				signed int _t260;
				signed int _t263;
				signed int _t267;
				void* _t270;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t279;
				signed int _t280;
				signed int _t285;
				signed int* _t289;
				void* _t290;
				void* _t291;
				signed int _t293;
				signed char _t294;
				void* _t297;
				void* _t298;

				_pop(_t295);
				_t298 = _t297 - 0x28;
				_v20 = 0;
				_v6 = 0;
				_v12 = 0;
				_v5 = 0;
				_v16 = 0;
				_t289 = _a8;
				_push(_t270);
				_push(_t289);
				_v44 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18));
				if(E006F3746(__ebx, _t270, _t289, __eflags) != 0) {
					_t163 =  *(_t289 + 2) & 0x0000ffff;
					_t238 =  *(_t289 + 4);
					_push(__ebx);
					_t272 = _t163 & 0x00008000;
					__eflags = _t272;
					_a4 = _t272;
					if(_t272 == 0) {
						L6:
						_v44 = _t238;
						__eflags = _t238;
						if(_t238 != 0) {
							_t259 =  *(_t289 + 8);
							__eflags = _t272;
							if(_t272 == 0) {
								_v32 = _t259;
							} else {
								__eflags = _t259;
								if(_t259 != 0) {
									_v32 = _t259 + _t289;
								} else {
									_v32 = _v32 & _t259;
								}
							}
							__eflags = _t163 & 0x00000010;
							if((_t163 & 0x00000010) == 0) {
								L18:
								_t239 = _v0;
								_v28 = _t163 & 0x00002010 | 0x00000800;
								__eflags = _t239;
								if(_t239 == 0) {
									_t166 = 0;
									__eflags = 0;
									L24:
									__eflags = _t166;
									if(_t166 != 0) {
										_v28 = _v28 | 0x00002000;
									}
									goto L49;
								}
								_t210 =  *(_t239 + 2) & 0x0000ffff;
								__eflags = _t210 & 0x00000010;
								if((_t210 & 0x00000010) == 0) {
									goto L49;
								}
								__eflags = 0x00008000 & _t210;
								_t166 =  *(_t239 + 0xc);
								if((0x00008000 & _t210) == 0) {
									goto L24;
								}
								__eflags = _t166;
								if(_t166 == 0) {
									goto L49;
								}
								_t166 = _t166 + _t239;
								goto L24;
							} else {
								_t253 =  *(_t289 + 0xc);
								__eflags = _t272;
								if(_t272 == 0) {
									L17:
									_v36 = _t253;
									__eflags = _t253;
									if(_t253 != 0) {
										__eflags = (_t163 & 0x00000800) - 0x800;
										if((_t163 & 0x00000800) == 0x800) {
											L48:
											_t212 = _t163 & 0x00002010 | 0x00000800;
											__eflags = _t212;
											_v28 = _t212;
											_v24 = _v36;
											L49:
											_t167 =  *(_t289 + 2) & 0x0000ffff;
											__eflags = _t167 & 0x00000004;
											if((_t167 & 0x00000004) == 0) {
												L54:
												_t169 = _t167 & 0x00000004 | 0x00001400;
												L81:
												_v0 = _t169;
												_t260 = 0xfffffffc;
												_a20 = 0x0000000b + ( *(_v44 + 1) & 0x000000ff) * 0x00000004 & _t260;
												_t174 = _v32;
												__eflags = _t174;
												if(_t174 == 0) {
													_t240 = 0;
													__eflags = 0;
												} else {
													_t240 = 0x0000000b + ( *(_t174 + 1) & 0x000000ff) * 0x00000004 & _t260;
												}
												_t175 = _v24;
												__eflags = _t175;
												if(_t175 == 0) {
													_t273 = 0;
													__eflags = 0;
												} else {
													_t273 = ( *(_t175 + 2) & 0x0000ffff) + 0x00000003 & _t260;
												}
												__eflags = _v16;
												if(_v16 == 0) {
													_t227 = 0;
													__eflags = 0;
												} else {
													_t227 = ( *(_v16 + 2) & 0x0000ffff) + 0x00000003 & _t260;
												}
												_t113 = _a20 + 0x14; // 0x110
												_t242 = _t227 + _t273 + _t240 + _t113;
												_t178 = E007229EE(_v48,  *0x7aec78 + 0x140000, _t227 + _t273 + _t240 + _t113);
												_v20 = _t178;
												__eflags = _t178;
												if(_t178 != 0) {
													_t263 = _v20;
													E0073119E(_t263, 1);
													 *(_t263 + 2) =  *(_t263 + 2) | _v28 | 0x00008000;
													__eflags = _v24;
													_t290 = _t263 + 0x14;
													if(_v24 == 0) {
														_t126 = _t263 + 0xc;
														 *_t126 =  *(_t263 + 0xc) & 0x00000000;
														__eflags =  *_t126;
													} else {
														E00704830(_t290, _v24,  *(_v24 + 2) & 0x0000ffff);
														_t199 = _v20;
														_t298 = _t298 + 0xc;
														 *((intOrPtr*)(_t199 + 0xc)) = _t290 - _t199;
														_t290 = _t290 + _t273;
														_t263 = _t199;
													}
													 *(_t263 + 2) =  *(_t263 + 2) | _v0;
													__eflags = _v16;
													if(_v16 == 0) {
														_t136 = _t263 + 0x10;
														 *_t136 =  *(_t263 + 0x10) & 0x00000000;
														__eflags =  *_t136;
														_t274 = _v20;
													} else {
														E00704830(_t290, _v16,  *(_v16 + 2) & 0x0000ffff);
														_t274 = _v20;
														_t298 = _t298 + 0xc;
														 *((intOrPtr*)(_t274 + 0x10)) = _t290 - _t274;
														_t290 = _t290 + _t227;
													}
													_t242 = 8 + ( *(_v44 + 1) & 0x000000ff) * 4;
													E00704830(_t290, _v44, 8 + ( *(_v44 + 1) & 0x000000ff) * 4);
													_t291 = _t290 + _a20;
													 *((intOrPtr*)(_t274 + 4)) = _t290 - _t274;
													_t187 = _v32;
													__eflags = _t187;
													if(_t187 != 0) {
														_t242 = 8 + ( *(_t187 + 1) & 0x000000ff) * 4;
														E00704830(_t291, _t187, 8 + ( *(_t187 + 1) & 0x000000ff) * 4);
														_t293 = _t291 - _t274;
														__eflags = _t293;
														 *(_t274 + 8) = _t293;
													}
													_t275 = 0;
													__eflags = 0;
												} else {
													_t275 = 0xc0000017;
												}
												__eflags = _v9;
												if(_v9 != 0) {
													E00722882(_t242, _v48, 0, _v16);
												}
												L103:
												__eflags = _v10;
												if(_v10 != 0) {
													E00722882(_t242, _v48, 0, _v24);
												}
												L105:
												goto L106;
											}
											_t279 =  *(_t289 + 0x10);
											_a4 = _t167;
											_t66 =  &_a4;
											 *_t66 = _a4 & 0x00008000;
											__eflags =  *_t66;
											_v36 = _t279;
											if( *_t66 == 0) {
												L53:
												__eflags = _t279;
												if(_t279 != 0) {
													__eflags = (_t167 & 0x00000400) - 0x400;
													if((_t167 & 0x00000400) == 0x400) {
														L80:
														_t169 = _t167 & 0x00001004 | 0x00000400;
														__eflags = _t169;
														_v16 = _t279;
														goto L81;
													}
													__eflags = (_t167 & 0x00001000) - 0x1000;
													if((_t167 & 0x00001000) == 0x1000) {
														goto L80;
													}
													_t267 = _v0;
													__eflags = _t267;
													if(_t267 == 0) {
														goto L80;
													}
													__eflags = _a4;
													if(_a4 == 0) {
														_t280 =  *(_t289 + 8);
													} else {
														_t209 =  *(_t289 + 8);
														__eflags = _t209;
														if(_t209 != 0) {
															_t280 = _t209 + _t289;
														} else {
															_t280 = 0;
														}
													}
													__eflags = _a4;
													if(_a4 == 0) {
														_t242 =  *(_t289 + 4);
													} else {
														_t208 =  *(_t289 + 4);
														__eflags = _t208;
														if(_t208 != 0) {
															_t242 = _t208 + _t289;
														} else {
															_t242 = 0;
														}
													}
													__eflags = _a4;
													if(_a4 == 0) {
														_t294 = _v36;
													} else {
														_t207 = _v36;
														__eflags = _t207;
														if(_t207 != 0) {
															_t294 = _t289 + _t207;
														} else {
															_t294 = 0;
														}
													}
													_t202 =  *(_t267 + 2) & 0x0000ffff;
													__eflags = _t202 & 0x00000004;
													if((_t202 & 0x00000004) != 0) {
														__eflags = _t202 & 0x00008000;
														_t203 =  *(_t267 + 0x10);
														if((_t202 & 0x00008000) == 0) {
															goto L78;
														}
														__eflags = _t203;
														if(_t203 == 0) {
															goto L74;
														}
														__eflags = _t203;
														goto L78;
													} else {
														L74:
														_t203 = 0;
														L78:
														_t275 = E0077C889(_t203, _t294, _a12, _a16, _t242, _t280, _a20,  &_v16,  &_v40);
														__eflags = _t275;
														if(_t275 < 0) {
															goto L103;
														}
														_v9 = 1;
														_t169 = _v40 & 0x00001408 | 0x00000004;
														goto L81;
													}
												}
												goto L54;
											}
											__eflags = _t279;
											if(_t279 == 0) {
												goto L54;
											}
											_t279 = _t279 + _t289;
											__eflags = _t279;
											goto L53;
										}
										__eflags = (_t163 & 0x00002000) - 0x2000;
										if((_t163 & 0x00002000) == 0x2000) {
											goto L48;
										}
										_t285 = _v0;
										_t237 = 0;
										__eflags = _t285;
										if(_t285 == 0) {
											goto L48;
										}
										__eflags = _a4;
										if(_a4 == 0) {
											L36:
											_t237 =  *(_t289 + 4);
											L37:
											_t255 = 0;
											__eflags = _a4;
											if(_a4 == 0) {
												_t255 =  *(_t289 + 0xc);
											} else {
												_t223 =  *(_t289 + 0xc);
												__eflags = _t223;
												if(_t223 != 0) {
													_t255 = _t223 + _t289;
												}
											}
											_t214 =  *(_t285 + 2) & 0x0000ffff;
											__eflags = _t214 & 0x00000010;
											if((_t214 & 0x00000010) != 0) {
												__eflags = _t214 & 0x00008000;
												_t215 =  *(_t285 + 0xc);
												if((_t214 & 0x00008000) == 0) {
													goto L46;
												}
												__eflags = _t215;
												if(_t215 == 0) {
													goto L42;
												}
												__eflags = _t215;
												goto L46;
											} else {
												L42:
												_t215 = 0;
												L46:
												_t275 = E0077C889(_t215, _t255, _a12, _a16, _t237, _t259, _a20,  &_v24,  &_v40);
												__eflags = _t275;
												if(_t275 < 0) {
													goto L105;
												}
												_t256 = _v40;
												_v10 = 1;
												_v28 = ((_v40 & 0x00000008 | 0x00000004) + (_v40 & 0x00000008 | 0x00000004) | _t256 & 0x00001400) + ((_v40 & 0x00000008 | 0x00000004) + (_v40 & 0x00000008 | 0x00000004) | _t256 & 0x00001400);
												goto L49;
											}
										}
										__eflags = _t259;
										if(_t259 != 0) {
											__eflags = _t259;
										} else {
											_t259 = 0;
										}
										__eflags = _a4 - _t237;
										if(_a4 == _t237) {
											goto L36;
										} else {
											_t224 =  *(_t289 + 4);
											__eflags = _t224 - _t237;
											if(_t224 != _t237) {
												_t237 = _t224 + _t289;
											}
											goto L37;
										}
									}
									goto L18;
								}
								__eflags = _t253;
								if(_t253 == 0) {
									goto L18;
								} else {
									_t253 = _t253 + _t289;
									__eflags = _t253;
									goto L17;
								}
							}
						}
						L7:
						_t275 = 0xc0000079;
						goto L105;
					}
					__eflags = _t238;
					if(_t238 == 0) {
						goto L7;
					} else {
						_t238 = _t238 + _t289;
						__eflags = _t238;
						goto L6;
					}
				} else {
					_t275 = 0xc0000079;
					L106:
					 *_a8 = _v20;
					return _t275;
				}
			}

0x00771f4d
0x0077cf0c
0x0077cf11
0x0077cf14
0x0077cf17
0x0077cf1a
0x0077cf1d
0x0077cf2d
0x0077cf30
0x0077cf31
0x0077cf32
0x0077cf3c
0x0077cf48
0x0077cf4c
0x0077cf4f
0x0077cf57
0x0077cf57
0x0077cf59
0x0077cf5c
0x0077cf64
0x0077cf64
0x0077cf67
0x0077cf69
0x0077cf75
0x0077cf78
0x0077cf7b
0x0077cf8e
0x0077cf7d
0x0077cf7d
0x0077cf7f
0x0077cf89
0x0077cf81
0x0077cf81
0x0077cf81
0x0077cf7f
0x0077cf91
0x0077cf93
0x0077cfaa
0x0077cfaa
0x0077cfb7
0x0077cfba
0x0077cfbc
0x0077cfdd
0x0077cfdd
0x0077cfdf
0x0077cfdf
0x0077cfe1
0x0077cfe7
0x0077cfe7
0x00000000
0x0077cfe1
0x0077cfbe
0x0077cfc2
0x0077cfc4
0x00000000
0x00000000
0x0077cfca
0x0077cfcc
0x0077cfcf
0x00000000
0x00000000
0x0077cfd1
0x0077cfd3
0x00000000
0x00000000
0x0077cfd9
0x00000000
0x0077cf95
0x0077cf95
0x0077cf98
0x0077cf9b
0x0077cfa3
0x0077cfa3
0x0077cfa6
0x0077cfa8
0x0077cffe
0x0077d001
0x0077d0c6
0x0077d0cb
0x0077d0cb
0x0077d0cd
0x0077d0d3
0x0077d0d6
0x0077d0d6
0x0077d0da
0x0077d0dc
0x0077d0fa
0x0077d0fd
0x0077d1df
0x0077d1df
0x0077d1f2
0x0077d1f5
0x0077d1f8
0x0077d1fb
0x0077d1fd
0x0077d20e
0x0077d20e
0x0077d1ff
0x0077d20a
0x0077d20a
0x0077d210
0x0077d213
0x0077d215
0x0077d222
0x0077d222
0x0077d217
0x0077d21e
0x0077d21e
0x0077d224
0x0077d228
0x0077d238
0x0077d238
0x0077d22a
0x0077d234
0x0077d234
0x0077d247
0x0077d247
0x0077d255
0x0077d25a
0x0077d25d
0x0077d25f
0x0077d26b
0x0077d271
0x0077d27e
0x0077d282
0x0077d286
0x0077d289
0x0077d2ad
0x0077d2ad
0x0077d2ad
0x0077d28b
0x0077d295
0x0077d29a
0x0077d2a1
0x0077d2a4
0x0077d2a7
0x0077d2a9
0x0077d2a9
0x0077d2b5
0x0077d2b9
0x0077d2bd
0x0077d2df
0x0077d2df
0x0077d2df
0x0077d2e3
0x0077d2bf
0x0077d2c9
0x0077d2ce
0x0077d2d5
0x0077d2d8
0x0077d2db
0x0077d2db
0x0077d2ed
0x0077d2f7
0x0077d2fe
0x0077d303
0x0077d306
0x0077d30c
0x0077d30e
0x0077d314
0x0077d31e
0x0077d326
0x0077d326
0x0077d328
0x0077d328
0x0077d32b
0x0077d32b
0x0077d261
0x0077d261
0x0077d261
0x0077d32d
0x0077d331
0x0077d33b
0x0077d33b
0x0077d340
0x0077d340
0x0077d344
0x0077d34e
0x0077d34e
0x0077d353
0x00000000
0x0077d353
0x0077d0de
0x0077d0e1
0x0077d0e4
0x0077d0e4
0x0077d0e4
0x0077d0eb
0x0077d0ee
0x0077d0f6
0x0077d0f6
0x0077d0f8
0x0077d112
0x0077d115
0x0077d1d5
0x0077d1da
0x0077d1da
0x0077d1dc
0x00000000
0x0077d1dc
0x0077d124
0x0077d127
0x00000000
0x00000000
0x0077d12d
0x0077d132
0x0077d134
0x00000000
0x00000000
0x0077d13a
0x0077d13e
0x0077d150
0x0077d140
0x0077d140
0x0077d143
0x0077d145
0x0077d14b
0x0077d147
0x0077d147
0x0077d147
0x0077d145
0x0077d153
0x0077d157
0x0077d169
0x0077d159
0x0077d159
0x0077d15c
0x0077d15e
0x0077d164
0x0077d160
0x0077d160
0x0077d160
0x0077d15e
0x0077d16c
0x0077d170
0x0077d181
0x0077d172
0x0077d172
0x0077d175
0x0077d177
0x0077d17d
0x0077d179
0x0077d179
0x0077d179
0x0077d177
0x0077d184
0x0077d188
0x0077d18a
0x0077d190
0x0077d195
0x0077d198
0x00000000
0x00000000
0x0077d19a
0x0077d19c
0x00000000
0x00000000
0x0077d19e
0x00000000
0x0077d18c
0x0077d18c
0x0077d18c
0x0077d1a0
0x0077d1ba
0x0077d1bc
0x0077d1be
0x00000000
0x00000000
0x0077d1cc
0x0077d1d0
0x00000000
0x0077d1d0
0x0077d18a
0x00000000
0x0077d0f8
0x0077d0f0
0x0077d0f2
0x00000000
0x00000000
0x0077d0f4
0x0077d0f4
0x00000000
0x0077d0f4
0x0077d014
0x0077d017
0x00000000
0x00000000
0x0077d01d
0x0077d020
0x0077d022
0x0077d024
0x00000000
0x00000000
0x0077d02a
0x0077d02e
0x0077d04c
0x0077d04c
0x0077d04f
0x0077d04f
0x0077d051
0x0077d055
0x0077d063
0x0077d057
0x0077d057
0x0077d05a
0x0077d05c
0x0077d05e
0x0077d05e
0x0077d05c
0x0077d066
0x0077d06a
0x0077d06c
0x0077d072
0x0077d077
0x0077d07a
0x00000000
0x00000000
0x0077d07c
0x0077d07e
0x00000000
0x00000000
0x0077d080
0x00000000
0x0077d06e
0x0077d06e
0x0077d06e
0x0077d082
0x0077d09c
0x0077d09e
0x0077d0a0
0x00000000
0x00000000
0x0077d0a6
0x0077d0bd
0x0077d0c1
0x00000000
0x0077d0c1
0x0077d06c
0x0077d030
0x0077d032
0x0077d038
0x0077d034
0x0077d034
0x0077d034
0x0077d03a
0x0077d03e
0x00000000
0x0077d040
0x0077d040
0x0077d043
0x0077d045
0x0077d047
0x0077d047
0x00000000
0x0077d045
0x0077d03e
0x00000000
0x0077cfa8
0x0077cf9d
0x0077cf9f
0x00000000
0x0077cfa1
0x0077cfa1
0x0077cfa1
0x00000000
0x0077cfa1
0x0077cf9f
0x0077cf93
0x0077cf6b
0x0077cf6b
0x00000000
0x0077cf6b
0x0077cf5e
0x0077cf60
0x00000000
0x0077cf62
0x0077cf62
0x0077cf62
0x00000000
0x0077cf62
0x0077cf3e
0x0077cf3e
0x0077d354
0x0077d35a
0x0077d361
0x0077d361

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf5a5fd14d2f649606cfa24986eef400ad20a94557f7a4e471836c8e2a8beef3
Instruction ID: 2969c3ff5c1c05585dc87cfd67b42c84be3242db0efc9f76ffe9b52aa98e65fa
Opcode Fuzzy Hash: bf5a5fd14d2f649606cfa24986eef400ad20a94557f7a4e471836c8e2a8beef3
Instruction Fuzzy Hash: F5E1A272A0020A9BDF24CF94C855BBAB7F2BF48394F59C429E91997241E77CDD42CB90

Uniqueness

Uniqueness Score: 0.00%

Function 007978EA, Relevance: .4, Instructions: 398
COMMONCrypto

C-Code - Quality: 100%

			E007978EA(signed int _a4, signed int _a8) {
				intOrPtr _t192;
				intOrPtr _t194;
				signed short _t195;
				unsigned int _t200;
				void* _t201;
				intOrPtr _t202;
				signed int _t205;
				unsigned int _t206;
				signed char _t209;
				intOrPtr _t211;
				unsigned int _t212;
				unsigned int _t213;
				unsigned int _t214;
				signed int _t216;
				signed int _t222;
				signed short _t223;
				void* _t225;
				signed int _t229;
				unsigned int _t234;
				signed char _t235;
				signed short _t236;
				signed int _t238;
				signed char _t239;
				signed short _t240;
				signed int _t242;
				signed short _t243;
				signed short _t253;
				signed int _t263;
				signed int _t266;
				unsigned int _t268;
				unsigned int _t271;
				signed int _t275;
				signed short _t281;
				unsigned char _t282;
				signed char _t284;
				unsigned int _t285;
				signed int _t286;
				signed short _t290;
				signed int _t292;
				signed char _t293;
				signed short _t294;
				signed int _t296;
				signed short _t297;
				signed short _t307;
				signed int _t315;
				signed int _t317;
				signed char _t322;
				signed int _t325;
				void* _t332;
				signed char _t341;
				signed int _t342;
				signed int _t360;
				unsigned int* _t363;
				unsigned int _t366;
				signed int _t368;
				unsigned int _t369;

				_t275 = _a4;
				if( *((char*)(_t275 + 0xda)) != 2) {
					_t268 = 0;
				} else {
					_t268 =  *((intOrPtr*)(_t275 + 0xd4));
				}
				if(_t268 == 0) {
					return 0;
				}
				_t363 = _a8;
				_t366 =  *_t363;
				if(_t363[2] != 0) {
					_t366 = _t366 - 8;
					if( *(_t366 + 7) != 5) {
						goto L10;
					} else {
						_t266 = ( *(_t366 + 6) & 0x000000ff) << 3;
						goto L9;
					}
				} else {
					_t266 = _t363[2] & 0x000000ff;
					L9:
					_t366 = _t366 - _t266;
					L10:
					if(( *(_t366 + 7) & 0x00000080) == 0) {
						_t192 =  *((intOrPtr*)(_t268 + 0x24));
						_t279 =  *(_t192 + 0x4c) >> 0x00000014 &  *(_t192 + 0x52) ^  *(_t366 + 2);
						if((( *(_t192 + 0x4c) >> 0x00000014 &  *(_t192 + 0x52) ^  *(_t366 + 2)) & 0x00000001) == 0) {
							L108:
							if(E007978A6(_t279, _t332, _t268, _t366) != 0 || _t268 ==  *_t363) {
								L113:
								_t363[2] = 8;
								_t194 =  *((intOrPtr*)(_t268 + 0x24));
								if( *(_t194 + 0x4c) == 0) {
									_t195 =  *_t366 & 0x0000ffff;
								} else {
									_t281 =  *_t366;
									if(( *(_t194 + 0x4c) & _t281) != 0) {
										_t281 = _t281 ^  *(_t194 + 0x50);
									}
									_t195 = _t281 & 0x0000ffff;
								}
								_t363[1] = ((_t195 & 0x0000ffff) << 3) - (_t363[2] & 0x000000ff);
								_t363[2] =  *(_t366 + 6);
								_t200 = 0x201;
								L119:
								_t363[2] = _t200;
								_t201 = 1;
								goto L120;
							} else {
								_t202 =  *((intOrPtr*)(_t268 + 0x24));
								_t282 =  *(_t366 + 2);
								if((( *(_t202 + 0x4c) >> 0x00000014 &  *(_t202 + 0x52) ^ _t282) & 0x00000001) == 0 || (( *(_t202 + 0x4c) >> 0x00000014 &  *(_t202 + 0x52) >> 0x00000003 ^ _t282 >> 0x00000003) & 0x00000001) == 0) {
									L112:
									_t201 = 0;
									L120:
									return _t201;
								} else {
									goto L113;
								}
							}
						}
						if( *(_t192 + 0x4c) == 0) {
							_t205 =  *_t366 & 0x0000ffff;
						} else {
							_t279 =  *_t366;
							if(( *(_t192 + 0x4c) & _t279) != 0) {
								_t279 = _t279 ^  *(_t192 + 0x50);
							}
							_t205 = _t279 & 0x0000ffff;
						}
						if(_t205 <= 3) {
							goto L108;
						} else {
							_t206 =  *_t363;
							if( *((intOrPtr*)(_t206 + 0xc)) != 0xf0e0d0c0) {
								goto L108;
							}
							_a8 =  *_t206;
							if(E007978A6(_t279, _t332, _t268,  *_t206) == 0) {
								goto L108;
							}
							_t209 =  *(_t366 + 7);
							if((_t209 & 0x00000040) == 0) {
								if(_t209 != 4) {
									_t279 = _t366 + 8;
									L69:
									_t211 =  *((intOrPtr*)(_a8 + 4));
									if(_t211 != _t279) {
										goto L108;
									}
									_t284 =  *((intOrPtr*)(_t211 + 0x17));
									_t212 = _t211 + 0x10;
									if((_t284 & 0x00000040) == 0) {
										if(_t284 != 4) {
											_t285 = _t212 + 8;
											L76:
											 *_t363 = _t285;
											_t341 =  *((intOrPtr*)(_t212 + 7));
											_t286 = _t341 & 0x000000ff;
											if((_t286 & 0xffffff3f) == 0) {
												_t363[2] = 8;
												_t363[1] = ( *(_a8 + 0x10) & 0x0000ffff) * 8 - 8;
												_t213 =  *(_t212 + 6);
												L53:
												_t363[2] = _t213;
												_t200 = 0;
												goto L119;
											}
											if(_t341 != 5) {
												if((_t341 & 0x00000040) == 0) {
													if((_t341 & 0x0000003f) == 0x3f) {
														if(_t341 >= 0) {
															_t342 = _a4;
															if( *(_t342 + 0x4c) == 0) {
																_t290 =  *_t212 & 0x0000ffff;
															} else {
																_t307 =  *_t212;
																if(( *(_t342 + 0x4c) & _t307) != 0) {
																	_t307 = _t307 ^  *(_t342 + 0x50);
																}
																_t290 = _t307 & 0x0000ffff;
															}
														} else {
															_t290 =  *((intOrPtr*)((_t212 >> 0x00000003 ^  *_t212 ^  *0x7a81dc ^ _a4) + 0x10));
														}
														_t292 =  *(_t212 + (_t290 & 0x0000ffff) * 8 - 4);
													} else {
														_t292 = _t286 & 0x0000003f;
													}
												} else {
													_t292 =  *(_t212 + 4 + (_t286 & 0x0000003f) * 8) & 0x0000ffff;
												}
												_t368 = _a4;
											} else {
												_t368 = _a4;
												_t292 =  *(_t368 + 0x54) & 0x0000ffff ^  *(_t212 + 4) & 0x0000ffff;
											}
											_t363[2] = _t292;
											_t293 =  *((intOrPtr*)(_t212 + 7));
											if(_t293 != 5) {
												if((_t293 & 0x00000040) == 0) {
													if((_t293 & 0x0000003f) == 0x3f) {
														if(_t293 >= 0) {
															if( *(_t368 + 0x4c) == 0) {
																_t294 =  *_t212 & 0x0000ffff;
															} else {
																_t297 =  *_t212;
																if(( *(_t368 + 0x4c) & _t297) != 0) {
																	_t297 = _t297 ^  *(_t368 + 0x50);
																}
																_t294 = _t297 & 0x0000ffff;
															}
														} else {
															_t294 =  *((intOrPtr*)((_t212 >> 0x00000003 ^  *_t212 ^  *0x7a81dc ^ _t368) + 0x10));
														}
														_t296 =  *(_t212 + (_t294 & 0x0000ffff) * 8 - 4);
													} else {
														_t296 = _t293 & 0x3f;
													}
												} else {
													_t296 =  *(_t212 + 4 + (_t293 & 0x3f) * 8) & 0x0000ffff;
												}
											} else {
												_t296 =  *(_t368 + 0x54) & 0x0000ffff ^  *(_t212 + 4) & 0x0000ffff;
											}
											_t363[1] = (( *(_a8 + 0x10) & 0x0000ffff) << 3) - _t296;
											_t214 =  *(_t212 + 6);
											L51:
											_t363[2] = _t214;
											_t200 = 1;
											goto L119;
										}
										_t315 =  *(_t212 + 6) & 0x000000ff;
										L72:
										_t285 = _t212 + 8 + _t315 * 8;
										goto L76;
									}
									_t315 = _t284 & 0x3f;
									goto L72;
								}
								_t216 =  *(_t366 + 6) & 0x000000ff;
								L65:
								_t279 = _t366 + 8 + _t216 * 8;
								goto L69;
							}
							_t216 = _t209 & 0x3f;
							goto L65;
						}
					}
					_t222 = _t366 >> 0x00000003 ^  *_t366 ^  *0x7a81dc ^ _t275;
					_a8 = _t222;
					if(_t222 == 0) {
						goto L112;
					}
					_t317 = _t222;
					_t223 = E007975D6(_t317);
					_t271 =  *(_t317 + 4);
					_t369 = _t366 + (_t223 & 0x0000ffff) * 8;
					_t225 = E00797588(_t317, _t271);
					if((_t369 - _t225 >> 3) / (E007975D6(_a8) & 0x0000ffff) < ( *(_a8 + 0x14) & 0x0000ffff)) {
						_t322 =  *((intOrPtr*)(_t369 + 7));
						_t229 = _t322 & 0x000000ff;
						if((_t229 & 0xffffff3f) == 0) {
							 *_t363 = _t369 + 8;
							_t363[2] = 8;
							_t363[1] = ( *(_a8 + 0x10) & 0x0000ffff) * 8 - 8;
							_t213 =  *(_t369 + 6);
							goto L53;
						}
						_t360 = 0x3f;
						if((_t322 & 0x00000040) == 0) {
							if(_t322 != 4) {
								_t234 = _t369 + 8;
								goto L21;
							} else {
								_t263 =  *(_t369 + 6) & 0x000000ff;
								goto L17;
							}
						} else {
							_t263 = _t229 & _t360;
							L17:
							_t234 = _t369 + 8 + _t263 * 8;
							L21:
							 *_t363 = _t234;
							_t235 =  *((intOrPtr*)(_t369 + 7));
							if(_t235 != 5) {
								if((_t235 & 0x00000040) == 0) {
									if((_t235 & _t360) == _t360) {
										if(_t235 >= 0) {
											_t325 = _a4;
											if( *(_t325 + 0x4c) == 0) {
												_t236 =  *_t369 & 0x0000ffff;
											} else {
												_t253 =  *_t369;
												if(( *(_t325 + 0x4c) & _t253) != 0) {
													_t253 = _t253 ^  *(_t325 + 0x50);
												}
												_t236 = _t253 & 0x0000ffff;
											}
										} else {
											_t325 = _a4;
											_t236 =  *((intOrPtr*)((_t369 >> 0x00000003 ^  *_t369 ^  *0x7a81dc ^ _t325) + 0x10));
										}
										_t238 =  *(_t369 + (_t236 & 0x0000ffff) * 8 - 4);
										L36:
										_t363[2] = _t238;
										_t239 =  *((intOrPtr*)(_t369 + 7));
										if(_t239 != 5) {
											if((_t239 & 0x00000040) == 0) {
												if((_t239 & _t360) == _t360) {
													if(_t239 >= 0) {
														if( *(_t325 + 0x4c) == 0) {
															_t240 =  *_t369 & 0x0000ffff;
														} else {
															_t243 =  *_t369;
															if(( *(_t325 + 0x4c) & _t243) != 0) {
																_t243 = _t243 ^  *(_t325 + 0x50);
															}
															_t240 = _t243 & 0x0000ffff;
														}
													} else {
														_t240 =  *((intOrPtr*)((_t369 >> 0x00000003 ^  *_t369 ^  *0x7a81dc ^ _t325) + 0x10));
													}
													_t242 =  *(_t369 + (_t240 & 0x0000ffff) * 8 - 4);
												} else {
													_t242 = _t239 & 0x000000ff & _t360;
												}
											} else {
												_t242 =  *(_t369 + 4 + (_t239 & 0x000000ff & _t360) * 8) & 0x0000ffff;
											}
										} else {
											_t242 =  *(_t325 + 0x54) & 0x0000ffff ^  *(_t369 + 4) & 0x0000ffff;
										}
										_t363[1] = (( *(_a8 + 0x10) & 0x0000ffff) << 3) - _t242;
										_t214 =  *(_t369 + 6);
										goto L51;
									}
									_t238 = _t235 & 0x000000ff & _t360;
									L25:
									_t325 = _a4;
									goto L36;
								}
								_t238 =  *(_t369 + 4 + (_t235 & 0x000000ff & _t360) * 8) & 0x0000ffff;
								goto L25;
							}
							_t325 = _a4;
							_t238 =  *(_t325 + 0x54) & 0x0000ffff ^  *(_t369 + 4) & 0x0000ffff;
							goto L36;
						}
					} else {
						 *_t363 = _t271;
						_t363[2] = 0x201;
						goto L112;
					}
				}
			}

0x007978ef
0x007978fa
0x00797904
0x007978fc
0x007978fc
0x007978fc
0x00797908
0x00000000
0x0079790a
0x00797913
0x0079791b
0x0079791d
0x00797925
0x0079792c
0x00000000
0x0079792e
0x00797932
0x00000000
0x00797932
0x0079791f
0x0079791f
0x00797935
0x00797935
0x00797937
0x0079793b
0x00797b01
0x00797b0d
0x00797b13
0x00797ce1
0x00797cea
0x00797d22
0x00797d22
0x00797d26
0x00797d2d
0x00797d3e
0x00797d2f
0x00797d2f
0x00797d34
0x00797d36
0x00797d36
0x00797d39
0x00797d39
0x00797d4d
0x00797d53
0x00797d56
0x00797d5b
0x00797d5b
0x00797d5f
0x00000000
0x00797cf0
0x00797cf0
0x00797cf6
0x00797d04
0x00797d1e
0x00797d1e
0x00797d61
0x00000000
0x00000000
0x00000000
0x00000000
0x00797d04
0x00797cea
0x00797b1d
0x00797b2e
0x00797b1f
0x00797b1f
0x00797b24
0x00797b26
0x00797b26
0x00797b29
0x00797b29
0x00797b35
0x00000000
0x00797b3b
0x00797b3b
0x00797b44
0x00000000
0x00000000
0x00797b4e
0x00797b58
0x00000000
0x00000000
0x00797b5e
0x00797b63
0x00797b73
0x00797b7b
0x00797b7e
0x00797b81
0x00797b86
0x00000000
0x00000000
0x00797b8c
0x00797b8f
0x00797b95
0x00797ba6
0x00797bae
0x00797bb1
0x00797bb1
0x00797bb3
0x00797bb6
0x00797bbf
0x00797cc7
0x00797cd6
0x00797cd9
0x00797af7
0x00797af7
0x00797afa
0x00000000
0x00797afa
0x00797bc8
0x00797bdc
0x00797bf0
0x00797bf9
0x00797c13
0x00797c1a
0x00797c2b
0x00797c1c
0x00797c1c
0x00797c21
0x00797c23
0x00797c23
0x00797c26
0x00797c26
0x00797bfb
0x00797c0d
0x00797c0d
0x00797c31
0x00797bf2
0x00797bf2
0x00797bf2
0x00797bde
0x00797be1
0x00797be1
0x00797c35
0x00797bca
0x00797bca
0x00797bd5
0x00797bd5
0x00797c38
0x00797c3b
0x00797c41
0x00797c52
0x00797c69
0x00797c75
0x00797c92
0x00797ca3
0x00797c94
0x00797c94
0x00797c99
0x00797c9b
0x00797c9b
0x00797c9e
0x00797c9e
0x00797c77
0x00797c88
0x00797c88
0x00797ca9
0x00797c6b
0x00797c6e
0x00797c6e
0x00797c54
0x00797c5a
0x00797c5a
0x00797c43
0x00797c4b
0x00797c4b
0x00797cb9
0x00797cbc
0x00797acf
0x00797acf
0x00797ad4
0x00000000
0x00797ad4
0x00797ba8
0x00797b9d
0x00797b9d
0x00000000
0x00797b9d
0x00797b9a
0x00000000
0x00797b9a
0x00797b75
0x00797b6b
0x00797b6b
0x00000000
0x00797b6b
0x00797b68
0x00000000
0x00797b68
0x00797b35
0x00797950
0x00797952
0x00797955
0x00000000
0x00000000
0x0079795b
0x0079795d
0x00797962
0x0079796a
0x0079796d
0x00797993
0x007979a5
0x007979a8
0x007979b0
0x00797add
0x00797ae2
0x00797af1
0x00797af4
0x00000000
0x00797af4
0x007979b8
0x007979bc
0x007979c9
0x007979d1
0x00000000
0x007979cb
0x007979cb
0x00000000
0x007979cb
0x007979be
0x007979be
0x007979c0
0x007979c0
0x007979d4
0x007979d4
0x007979d6
0x007979db
0x007979ee
0x00797a05
0x00797a10
0x00797a2c
0x00797a33
0x00797a44
0x00797a35
0x00797a35
0x00797a3a
0x00797a3c
0x00797a3c
0x00797a3f
0x00797a3f
0x00797a12
0x00797a21
0x00797a26
0x00797a26
0x00797a4a
0x00797a4e
0x00797a4e
0x00797a51
0x00797a56
0x00797a66
0x00797a7a
0x00797a85
0x00797aa2
0x00797ab3
0x00797aa4
0x00797aa4
0x00797aa9
0x00797aab
0x00797aab
0x00797aae
0x00797aae
0x00797a87
0x00797a98
0x00797a98
0x00797ab9
0x00797a7c
0x00797a7f
0x00797a7f
0x00797a68
0x00797a6d
0x00797a6d
0x00797a58
0x00797a60
0x00797a60
0x00797ac9
0x00797acc
0x00000000
0x00797acc
0x00797a0a
0x007979fa
0x007979fa
0x00000000
0x007979fa
0x007979f5
0x00000000
0x007979f5
0x007979dd
0x007979e8
0x00000000
0x007979e8
0x00797995
0x0079799a
0x0079799c
0x00000000
0x0079799c
0x00797993

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95e7d226626576409058dfb13677d60b0803c61cb04eb40f1f1137e0ffd26b4d
Instruction ID: 9bed06de1ab787e65af495a305fb17a3d9152ff567bad7aacd82185b5e8a08e8
Opcode Fuzzy Hash: 95e7d226626576409058dfb13677d60b0803c61cb04eb40f1f1137e0ffd26b4d
Instruction Fuzzy Hash: 44E1F3702286518FCB2CCF29E0946B6B7E1EF45311B24C44EE8D68F692D33DE955EB60

Uniqueness

Uniqueness Score: 0.00%

Function 00741FDB, Relevance: .4, Instructions: 354
COMMONCrypto

C-Code - Quality: 99%

			E00741FDB(signed short __ecx, unsigned short* _a4, signed int _a8, signed int _a12, signed short* _a16, signed int _a20) {
				unsigned int _v8;
				unsigned short* _v12;
				signed int __ebx;
				void* _t378;
				intOrPtr* _t379;
				signed char _t383;
				signed int _t384;
				signed short _t385;
				intOrPtr _t386;
				unsigned short _t388;
				unsigned int _t393;
				intOrPtr _t447;
				unsigned short _t449;
				signed short _t455;
				signed short _t461;
				signed short _t467;
				signed short _t473;
				signed short _t479;
				signed short _t485;
				signed short _t491;
				signed short _t497;
				signed short _t503;
				signed short _t510;
				signed short _t516;
				signed short _t522;
				signed short _t528;
				intOrPtr _t529;
				signed int _t533;
				signed int _t534;
				signed short _t537;
				signed short _t543;
				intOrPtr _t549;
				intOrPtr _t551;
				intOrPtr _t553;
				intOrPtr _t573;
				intOrPtr _t575;
				intOrPtr _t577;
				signed short* _t579;
				signed short _t583;
				intOrPtr _t584;
				unsigned short* _t591;
				signed short _t698;
				signed short _t699;
				intOrPtr _t701;
				intOrPtr _t703;
				intOrPtr _t705;
				intOrPtr _t727;
				intOrPtr _t731;
				intOrPtr _t733;
				intOrPtr _t735;

				_t446 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t393 = _a20 >> 1;
				_v8 = _t393;
				if( *0x7aec41 != 0) {
					_t591 = _a4;
					_v12 = _t591;
					if(_t393 == 0) {
						L104:
						_t379 = _a12;
						if(_t379 != 0) {
							 *_t379 = _t591 - _v12;
						}
						goto L117;
					}
					while(_a8 != 0) {
						_t447 =  *0x7a820c; // 0x7ffb0222
						_t383 =  *(_t447 + ( *_a16 & 0x0000ffff) * 2) & 0x0000ffff;
						_a16 =  &(_a16[1]);
						_t583 =  *(0x7af460 + (_t383 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff;
						_t384 = _t383 & 0x000000ff;
						if(_t583 == 0) {
							_t584 =  *0x7a81b8; // 0x7ffb001c
							_t385 =  *(_t584 + _t384 * 2) & 0x0000ffff;
						} else {
							_t385 =  *( *0x7aec7c + ((_t583 & 0x0000ffff) + _t384) * 2) & 0x0000ffff;
						}
						_t698 = _t385;
						_a20 = _t385;
						if(_t698 >= 0x61) {
							if(_t698 > 0x7a) {
								_t386 =  *0x7a81fc; // 0x7ffd064c
								_t585 = _t698 & 0x0000ffff;
								_t393 = _v8;
								_t699 = _t698 +  *((intOrPtr*)(_t386 + (( *(_t386 + (( *(_t386 + ((_t698 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t585 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t585 & 0x0000000f)) * 2));
								_t591 = _a4;
								goto L100;
							}
							_a20 = _a20 + 0xffe0;
							goto L98;
						} else {
							_a20 = _t698 & 0x0000ffff;
							L98:
							_t699 = _a20;
							L100:
							_t388 =  *(_t447 + (_t699 & 0x0000ffff) * 2) & 0x0000ffff;
							_t449 = _t388 >> 8;
							if(_t449 == 0) {
								L103:
								 *_t591 = _t388;
								_t591 =  &(_t591[0]);
								_a8 = _a8 - 1;
								_t393 = _t393 - 1;
								_a4 = _t591;
								_v8 = _t393;
								if(_t393 != 0) {
									continue;
								}
								goto L104;
							}
							_a8 = _a8 - 1;
							if(_a8 < 2) {
								goto L104;
							}
							 *_t591 = _t449;
							_t591 =  &(_t591[0]);
							goto L103;
						}
					}
					goto L104;
				} else {
					__ecx = _a8;
					if(__ebx >= __ecx) {
						_a8 = __ecx;
					} else {
						__ecx = __ebx;
						_a8 = __ebx;
					}
					__eax = _a12;
					if(__eax != 0) {
						 *__eax = __ecx;
					}
					__eax =  *0x7a8208; // 0x7ffb0222
					__ecx = __ecx & 0x0000000f;
					_a4 = _a4 + __ecx;
					_a12 = __ecx;
					do {
						if(_t534 > 0xf) {
							_t731 =  *0x7a81b8; // 0x7ffb001c
							_t537 =  *(_t731 + ( *(( *_t579 & 0x0000ffff) + _t378) & 0x000000ff) * 2) & 0x0000ffff;
							_a4 =  &(_a4[8]);
							_t579 =  &(_t579[0x10]);
							_a20 = _t537;
							if(_t537 < 0x61) {
								_a20 = _t537 & 0x0000ffff;
							} else {
								if(_t537 > 0x7a) {
									_t740 = _t537 & 0x0000ffff;
									_t553 =  *0x7a81fc; // 0x7ffd064c
									_a20 = _a20 +  *((intOrPtr*)(_t553 + (( *(_t553 + (( *(_t553 + ((_t537 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t740 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t740 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							}
							 *((char*)(_a4 - 0x10)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t378));
							L16:
							_t733 =  *0x7a81b8; // 0x7ffb001c
							_t543 =  *(_t733 + ( *(( *(_t579 - 0x1e) & 0x0000ffff) + _t378) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t543;
							if(_t543 < 0x61) {
								_a20 = _t543 & 0x0000ffff;
							} else {
								if(_t543 > 0x7a) {
									_t738 = _t543 & 0x0000ffff;
									_t551 =  *0x7a81fc; // 0x7ffd064c
									_a20 = _a20 +  *((intOrPtr*)(_t551 + (( *(_t551 + (( *(_t551 + ((_t543 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t738 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t738 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							}
							 *((char*)(_a4 - 0xf)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t378));
							L11:
							_t735 =  *0x7a81b8; // 0x7ffb001c
							_t446 =  *(_t735 + ( *(( *(_t579 - 0x1c) & 0x0000ffff) + _t378) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t446;
							if(_t446 < 0x61) {
								_a20 = _t446 & 0x0000ffff;
							} else {
								if(_t446 > 0x7a) {
									_t736 = _t446 & 0x0000ffff;
									_t549 =  *0x7a81fc; // 0x7ffd064c
									_a20 = _a20 +  *((intOrPtr*)(_t549 + (( *(_t549 + (( *(_t549 + ((_t446 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t736 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t736 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							}
							 *((char*)(_a4 - 0xe)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t378));
							L7:
							_t701 =  *0x7a81b8; // 0x7ffb001c
							_t455 =  *(_t701 + ( *(( *(_t579 - 0x1a) & 0x0000ffff) + _t378) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t455;
							if(_t455 < 0x61) {
								_a20 = _t455 & 0x0000ffff;
							} else {
								if(_t455 > 0x7a) {
									_t762 = _t455 & 0x0000ffff;
									_t577 =  *0x7a81fc; // 0x7ffd064c
									_a20 = _a20 +  *((intOrPtr*)(_t577 + (( *(_t577 + (( *(_t577 + ((_t455 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t762 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t762 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							}
							 *((char*)(_a4 - 0xd)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t378));
							L37:
							_t703 =  *0x7a81b8; // 0x7ffb001c
							_t461 =  *(_t703 + ( *(( *(_t579 - 0x18) & 0x0000ffff) + _t378) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t461;
							if(_t461 < 0x61) {
								_a20 = _t461 & 0x0000ffff;
							} else {
								if(_t461 > 0x7a) {
									_t760 = _t461 & 0x0000ffff;
									_t575 =  *0x7a81fc; // 0x7ffd064c
									_a20 = _a20 +  *((intOrPtr*)(_t575 + (( *(_t575 + (( *(_t575 + ((_t461 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t760 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t760 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							}
							 *((char*)(_a4 - 0xc)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t378));
							L33:
							_t705 =  *0x7a81b8; // 0x7ffb001c
							_t467 =  *(_t705 + ( *(( *(_t579 - 0x16) & 0x0000ffff) + _t378) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t467;
							if(_t467 >= 0x61) {
								if(_t467 > 0x7a) {
									_t758 = _t467 & 0x0000ffff;
									_t573 =  *0x7a81fc; // 0x7ffd064c
									_a20 = _a20 +  *((intOrPtr*)(_t573 + (( *(_t573 + (( *(_t573 + ((_t467 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t758 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t758 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							} else {
								_a20 = _t467 & 0x0000ffff;
							}
							 *((char*)(_a4 - 0xb)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t378));
							L29:
							_t473 =  *( *0x7a81b8 + ( *(( *(_t579 - 0x14) & 0x0000ffff) + _t378) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t473;
							if(_t473 >= 0x61) {
								if(_t473 > 0x7a) {
									_t756 = _t473 & 0x0000ffff;
									_a20 = _a20 +  *((intOrPtr*)( *0x7a81fc + (( *( *0x7a81fc + (( *(_t571 + ((_t473 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t756 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t756 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							} else {
								_a20 = _t473 & 0x0000ffff;
							}
							 *((char*)(_a4 - 0xa)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t378));
							L25:
							_t479 =  *( *0x7a81b8 + ( *(( *(_t579 - 0x12) & 0x0000ffff) + _t378) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t479;
							if(_t479 >= 0x61) {
								if(_t479 > 0x7a) {
									_t754 = _t479 & 0x0000ffff;
									_a20 = _a20 +  *((intOrPtr*)( *0x7a81fc + (( *( *0x7a81fc + (( *(_t569 + ((_t479 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t754 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t754 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							} else {
								_a20 = _t479 & 0x0000ffff;
							}
							 *((char*)(_a4 - 9)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t378));
							L65:
							_t485 =  *( *0x7a81b8 + ( *(( *(_t579 - 0x10) & 0x0000ffff) + _t378) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t485;
							if(_t485 < 0x61) {
								_a20 = _t485 & 0x0000ffff;
							} else {
								if(_t485 > 0x7a) {
									_t752 = _t485 & 0x0000ffff;
									_a20 = _a20 +  *((intOrPtr*)( *0x7a81fc + (( *( *0x7a81fc + (( *(_t567 + ((_t485 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t752 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t752 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							}
							 *((char*)(_a4 - 8)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t378));
							L42:
							_t491 =  *( *0x7a81b8 + ( *(( *(_t579 - 0xe) & 0x0000ffff) + _t378) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t491;
							if(_t491 < 0x61) {
								_a20 = _t491 & 0x0000ffff;
							} else {
								if(_t491 > 0x7a) {
									_t750 = _t491 & 0x0000ffff;
									_a20 = _a20 +  *((intOrPtr*)( *0x7a81fc + (( *( *0x7a81fc + (( *(_t565 + ((_t491 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t750 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t750 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							}
							 *((char*)(_a4 - 7)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t378));
							L46:
							_t497 =  *( *0x7a81b8 + ( *(( *(_t579 - 0xc) & 0x0000ffff) + _t378) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t497;
							if(_t497 < 0x61) {
								_a20 = _t497 & 0x0000ffff;
							} else {
								if(_t497 > 0x7a) {
									_t748 = _t497 & 0x0000ffff;
									_a20 = _a20 +  *((intOrPtr*)( *0x7a81fc + (( *( *0x7a81fc + (( *(_t563 + ((_t497 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t748 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t748 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							}
							 *((char*)(_a4 - 6)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t378));
							L50:
							_t503 =  *( *0x7a81b8 + ( *(( *(_t579 - 0xa) & 0x0000ffff) + _t378) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t503;
							if(_t503 >= 0x61) {
								if(_t503 > 0x7a) {
									_t718 = _t503 & 0x0000ffff;
									_a20 = _a20 +  *((intOrPtr*)( *0x7a81fc + (( *( *0x7a81fc + (( *(_t504 + ((_t503 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t718 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t718 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							} else {
								_a20 = _t503 & 0x0000ffff;
							}
							 *((char*)(_a4 - 5)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t378));
							L53:
							_t510 =  *( *0x7a81b8 + ( *(( *(_t579 - 8) & 0x0000ffff) + _t378) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t510;
							if(_t510 < 0x61) {
								_a20 = _t510 & 0x0000ffff;
							} else {
								if(_t510 > 0x7a) {
									_t746 = _t510 & 0x0000ffff;
									_a20 = _a20 +  *((intOrPtr*)( *0x7a81fc + (( *( *0x7a81fc + (( *(_t560 + ((_t510 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t746 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t746 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							}
							 *((char*)(_a4 - 4)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t378));
							L57:
							_t516 =  *( *0x7a81b8 + ( *(( *(_t579 - 6) & 0x0000ffff) + _t378) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t516;
							if(_t516 < 0x61) {
								_a20 = _t516 & 0x0000ffff;
							} else {
								if(_t516 > 0x7a) {
									_t744 = _t516 & 0x0000ffff;
									_a20 = _a20 +  *((intOrPtr*)( *0x7a81fc + (( *( *0x7a81fc + (( *(_t558 + ((_t516 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t744 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t744 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							}
							 *((char*)(_a4 - 3)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t378));
							L61:
							_t522 =  *( *0x7a81b8 + ( *(( *(_t579 - 4) & 0x0000ffff) + _t378) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t522;
							if(_t522 < 0x61) {
								_a20 = _t522 & 0x0000ffff;
							} else {
								if(_t522 > 0x7a) {
									_t742 = _t522 & 0x0000ffff;
									_a20 = _a20 +  *((intOrPtr*)( *0x7a81fc + (( *( *0x7a81fc + (( *(_t556 + ((_t522 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t742 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t742 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							}
							 *((char*)(_a4 - 2)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t378));
							L113:
							_t727 =  *0x7a81b8; // 0x7ffb001c
							_t528 =  *(_t727 + ( *(( *(_t579 - 2) & 0x0000ffff) + _t378) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t528;
							if(_t528 < 0x61) {
								_a20 = _t528 & 0x0000ffff;
							} else {
								if(_t528 > 0x7a) {
									_t728 = _t528 & 0x0000ffff;
									_t529 =  *0x7a81fc; // 0x7ffd064c
									_a20 = _a20 +  *((intOrPtr*)(_t529 + (( *(_t529 + (( *(_t529 + ((_t528 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t728 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t728 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							}
							 *((char*)(_a4 - 1)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t378));
							_t533 = _a12;
							goto L116;
						}
						switch( *((intOrPtr*)(_t534 * 4 +  &M00741F96))) {
							case 0:
								goto L116;
							case 1:
								goto L113;
							case 2:
								goto L61;
							case 3:
								goto L57;
							case 4:
								goto L53;
							case 5:
								goto L50;
							case 6:
								goto L46;
							case 7:
								goto L42;
							case 8:
								goto L65;
							case 9:
								goto L25;
							case 0xa:
								goto L29;
							case 0xb:
								goto L33;
							case 0xc:
								goto L37;
							case 0xd:
								goto L7;
							case 0xe:
								goto L11;
							case 0xf:
								goto L16;
						}
						L116:
						_t369 =  &_a8;
						 *_t369 = _a8 - _t533;
						_t534 = 0x10;
						_a12 = _t534;
					} while ( *_t369 != 0);
					L117:
					return 0;
				}
			}

0x00741fdb
0x00741fe0
0x00741fe1
0x00741fe6
0x00741ff1
0x00741ff4
0x00741e9b
0x00741e9e
0x00741ea3
0x00741f81
0x00741f81
0x00741f86
0x00741f8f
0x00741f8f
0x00000000
0x00741f86
0x00741ea9
0x00741eb9
0x00741ebf
0x00741ec3
0x00741ecf
0x00741ed7
0x00741edd
0x00741eef
0x00741ef5
0x00741edf
0x00741ee9
0x00741ee9
0x00741ef9
0x00741efc
0x00741f03
0x00741f11
0x00741f20
0x00741f25
0x00741f3f
0x00741f47
0x00741f4b
0x00000000
0x00741f4b
0x00741f13
0x00000000
0x00741f05
0x00741f08
0x00741f1a
0x00741f1a
0x00741f4e
0x00741f51
0x00741f58
0x00741f5e
0x00741f6e
0x00741f6e
0x00741f70
0x00741f71
0x00741f74
0x00741f75
0x00741f78
0x00741f7b
0x00000000
0x00000000
0x00000000
0x00741f7b
0x00741f63
0x00741f69
0x00000000
0x00000000
0x00741f6b
0x00741f6d
0x00000000
0x00741f6d
0x00741f03
0x00000000
0x00741ffa
0x00741ffa
0x00741fff
0x0074b2d9
0x00742005
0x00742005
0x00742007
0x00742007
0x0074200a
0x0074200f
0x00742011
0x00742011
0x00742016
0x0074201b
0x0074201e
0x00742021
0x00742027
0x0074202a
0x006eee7d
0x006eee83
0x006eee87
0x006eee8b
0x006eee8e
0x006eee95
0x006eeebd
0x006eee97
0x006eee9b
0x00741b7b
0x00741b7e
0x00741ba4
0x006eeea1
0x006eeea1
0x006eeea1
0x006eee9b
0x006eeeb2
0x006eee34
0x006eee3c
0x006eee42
0x006eee46
0x006eee4d
0x0074b2d1
0x006eee53
0x006eee57
0x00741bad
0x00741bb0
0x00741bd6
0x006eee5d
0x006eee5d
0x006eee5d
0x006eee57
0x006eee6e
0x006eede7
0x006eedef
0x006eedf5
0x006eedf9
0x006eee00
0x006e2366
0x006eee06
0x006eee0a
0x00741bdf
0x00741be2
0x00741c08
0x006eee10
0x006eee10
0x006eee10
0x006eee0a
0x006eee21
0x006eeda5
0x006eedad
0x006eedb3
0x006eedb7
0x006eedbe
0x006eed2b
0x006eedc4
0x006eedc8
0x00741c11
0x00741c14
0x00741c3a
0x006eedce
0x006eedce
0x006eedce
0x006eedc8
0x006eeddf
0x006ef18d
0x006ef195
0x006ef19b
0x006ef19f
0x006ef1a6
0x006ef1cb
0x006ef1a8
0x006ef1ac
0x00741c43
0x00741c46
0x00741c6c
0x006ef1b2
0x006ef1b2
0x006ef1b2
0x006ef1ac
0x006ef1c3
0x006ef14b
0x006ef153
0x006ef159
0x006ef15d
0x006ef164
0x006ef16e
0x00741c75
0x00741c78
0x00741c9e
0x006ef174
0x006ef174
0x006ef174
0x006eee29
0x006eee2c
0x006eee2c
0x006ef185
0x006ef038
0x006ef046
0x006ef04a
0x006ef051
0x006ef05b
0x00741ca7
0x00741cd0
0x006ef061
0x006ef061
0x006ef061
0x006eed33
0x006eed36
0x006eed36
0x006ef072
0x006eeff6
0x006ef004
0x006ef008
0x006ef00f
0x006ef019
0x00741cd9
0x00741d02
0x006ef01f
0x006ef01f
0x006ef01f
0x006e236e
0x006e2371
0x006e2371
0x006ef030
0x006f16a2
0x006f16b0
0x006f16b4
0x006f16bb
0x006f1ac1
0x006f16c1
0x006f16c5
0x00741d0b
0x00741d34
0x006f16cb
0x006f16cb
0x006f16cb
0x006f16c5
0x006f16dc
0x006f153a
0x006f1548
0x006f154c
0x006f1553
0x0074b39d
0x006f1559
0x006f155d
0x00741d3d
0x00741d66
0x006f1563
0x006f1563
0x006f1563
0x006f155d
0x006f1574
0x006f1577
0x006f1585
0x006f1589
0x006f1590
0x006f1afc
0x006f1596
0x006f159a
0x00741d6f
0x00741d98
0x006f15a0
0x006f15a0
0x006f15a0
0x006f159a
0x006f15b1
0x006f15b4
0x006f15c2
0x006f15c6
0x006f15cd
0x0074a897
0x00741da1
0x00741dca
0x0074a89d
0x0074a89d
0x0074a89d
0x006f15d3
0x006f15d6
0x006f15d6
0x006f15e3
0x006f15e6
0x006f15f4
0x006f15f8
0x006f15ff
0x006f1b07
0x006f1605
0x006f1609
0x00741dd3
0x00741dfc
0x006f160f
0x006f160f
0x006f160f
0x006f1609
0x006f1620
0x006f1623
0x006f1631
0x006f1635
0x006f163c
0x006f1af1
0x006f1642
0x006f1646
0x00741e05
0x00741e2e
0x006f164c
0x006f164c
0x006f164c
0x006f1646
0x006f165d
0x006f1660
0x006f166e
0x006f1672
0x006f1679
0x0074b3a8
0x006f167f
0x006f1683
0x00741e37
0x00741e60
0x006f1689
0x006f1689
0x006f1689
0x006f1683
0x006f169a
0x00742037
0x0074203f
0x00742045
0x00742049
0x00742050
0x00742059
0x006ec776
0x006ec77a
0x00741e69
0x00741e6c
0x00741e92
0x006ec780
0x006ec780
0x006ec780
0x006ec77a
0x00742066
0x00742069
0x00000000
0x00742069
0x00742030
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0074206c
0x0074206c
0x0074206c
0x00742071
0x00742072
0x00742072
0x00742077
0x0074207d
0x0074207d

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b2f5751c83810eb7d5d3e6fcb439e469104f58bc3c22393e4c95d80f43a9ce4
Instruction ID: 614b657f0187529660b44def36301c36bf7d241d89d4da537f37ec7ee579f00a
Opcode Fuzzy Hash: 8b2f5751c83810eb7d5d3e6fcb439e469104f58bc3c22393e4c95d80f43a9ce4
Instruction Fuzzy Hash: EBE10BB280537ACBC7148F06C4900B53BA2FF65755B66406EFD821F791E77889A2E7D0

Uniqueness

Uniqueness Score: 0.00%

Function 0073FBA6, Relevance: .3, Instructions: 334
COMMONCrypto

C-Code - Quality: 71%

			E0073FBA6(signed int _a4, signed int _a8, signed int _a12, signed int _a16) {
				signed int _v8;
				signed int _v12;
				unsigned int _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				unsigned int __ebx;
				signed int __edi;
				unsigned int __esi;
				void* __ebp;
				unsigned int _t137;

				_t136 = _a12;
				_v12 = 0;
				_v8 = 0;
				if(_a12 == 0) {
					_t137 =  *[fs:0x18];
					_push(0);
					 *( *[fs:0x18] + 0xbf4) = 0;
					 *((intOrPtr*)(_t137 + 0x34)) = E007238B5(_t136, _t137, 0, __eflags);
				} else {
					__edi = _a4;
					__eflags =  *(__edi + 0x44) & 0x01000000;
					if(__eflags != 0) {
						return E00796500(__ebx, __edi, __esi, __eflags, __edi, _a8, __ebx, _a16);
					}
					__eflags =  *(__edi + 0x48) & 0x00000001;
					if(__eflags != 0) {
						__edx = __ebx;
						__ecx = __edi;
						__eax = E006FF136(__edi, __ebx, __esi, __eflags);
						L10:
						__esi = __eax;
						goto L11;
					} else {
						__eflags = __bl & 0x00000007;
						if(__eflags != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(__ebx);
							_push(__edi);
							_push(9);
							L22:
							__eax = E00794B0C(__ebx, __ecx, __edx, __edi, __esi, __eflags);
							L11:
							__eflags = __esi;
							if(__eflags == 0) {
								L23:
								__ecx =  *[fs:0x18];
								__esi =  *[fs:0x18];
								__eax = 0xc000000d;
								_push(0xc000000d);
								 *( *[fs:0x18] + 0xbf4) = 0xc000000d;
								 *((intOrPtr*)(__esi + 0x34)) = E007238B5(__ebx, __edi, __esi, __eflags);
								goto L1;
							}
							__eflags =  *(__ebx - 1) - 5;
							if(__eflags == 0) {
								__eflags = _a8 & 0x3c000102;
								__eax = __ebx - 8;
								__ecx =  *__eax;
								_v12 =  *__eax;
								if(__eflags != 0) {
									goto L13;
								}
								__cl =  *(__eax + 7);
								__eflags = __cl - 5;
								if(__cl != 5) {
									__eflags = __cl & 0x00000040;
									if((__cl & 0x00000040) == 0) {
										_t47 =  &_v8;
										 *_t47 = _v8 & 0x00000000;
										__eflags =  *_t47;
										L31:
										__ebx = _v8 & 0x0000ffff;
										__edx = _a16;
										__ecx = __ebx + __edx;
										__eflags = __ecx - __edx;
										if(__eflags < 0) {
											goto L23;
										}
										__eflags =  *(__eax + 7) - 5;
										_a16 = __ecx;
										if( *(__eax + 7) != 5) {
											__eax = 0;
											__eflags = 0;
										} else {
											 *(__eax + 6) & 0x000000ff = ( *(__eax + 6) & 0x000000ff) << 3;
											__eax = __eax - (( *(__eax + 6) & 0x000000ff) << 3);
											__eax = __eax + 8;
										}
										__edx = _v12;
										__eflags = __edx;
										if(__edx == 0) {
											L38:
											__ecx = 0;
											__eflags = 0;
											goto L39;
										} else {
											_t56 = __edx - 1; // -1
											__ecx = _t56;
											__ecx = __cx & 0x0000ffff;
											__eflags = __ecx -  *0x7afa38;
											if(__ecx >=  *0x7afa38) {
												goto L38;
											}
											__ecx =  *(__ecx * 4 + ";Ay");
											L39:
											__eflags =  *__ecx(__edi, 5, __edx, __eax);
											if(__eflags < 0) {
												goto L23;
											}
											__al =  *(__esi + 7);
											__eflags = __al - 4;
											if(__al != 4) {
												__eflags = __al - 5;
												if(__al != 5) {
													__eflags = __al & 0x00000040;
													if((__al & 0x00000040) == 0) {
														__al = __al & 0x0000003f;
														__eflags = (__al & 0x0000003f) - 0x3f;
														if((__al & 0x0000003f) == 0x3f) {
															__eflags = __al;
															if(__al >= 0) {
																__eflags =  *(__edi + 0x4c);
																if( *(__edi + 0x4c) == 0) {
																	__eax =  *__esi & 0x0000ffff;
																} else {
																	__eax =  *__esi;
																	__eflags =  *(__edi + 0x4c) & __eax;
																	if(( *(__edi + 0x4c) & __eax) != 0) {
																		__eflags = __eax;
																	}
																	__eax = __ax & 0x0000ffff;
																}
															} else {
																__ecx =  *__esi;
																__esi = __esi >> 3;
																__esi >> 0x00000003 ^  *__esi = __esi >> 0x00000003 ^  *__esi ^  *0x7a81dc;
																__eax = __esi >> 0x00000003 ^  *__esi ^  *0x7a81dc ^ __edi;
																__ax =  *((intOrPtr*)((__esi >> 0x00000003 ^  *__esi ^  *0x7a81dc ^ __edi) + 0x10));
															}
															__eax = __ax & 0x0000ffff;
															__eax =  *(__esi + (__ax & 0x0000ffff) * 8 - 4);
														} else {
															__eax = __al & 0x000000ff;
															__eax = __al & 0x3f;
														}
													} else {
														__al & 0x000000ff = __al & 0x3f;
														__eax =  *(__esi + 4 + (__al & 0x3f) * 8) & 0x0000ffff;
													}
												} else {
													__eax =  *(__edi + 0x54) & 0x0000ffff;
													__ecx =  *(__esi + 4) & 0x0000ffff;
													__eax =  *(__edi + 0x54) & 0x0000ffff ^  *(__esi + 4) & 0x0000ffff;
												}
												__dl =  *(__esi + 7);
												__eax = __eax - __ebx;
												__dl =  *(__esi + 7) & 0x00000080;
												__eflags = __eax - 0x3f;
												if(__eflags >= 0) {
													__eflags = __dl;
													if(__dl == 0) {
														__eflags =  *(__edi + 0x4c);
														if( *(__edi + 0x4c) == 0) {
															__ecx =  *__esi & 0x0000ffff;
														} else {
															__ecx =  *__esi;
															__eflags =  *(__edi + 0x4c) & __ecx;
															if(( *(__edi + 0x4c) & __ecx) != 0) {
																__eflags = __ecx;
															}
															__ecx = __cx & 0x0000ffff;
														}
													} else {
														__ebx =  *__esi;
														__esi = __esi >> 3;
														__esi >> 0x00000003 ^  *__esi = __esi >> 0x00000003 ^  *__esi ^  *0x7a81dc;
														__ecx = __esi >> 0x00000003 ^  *__esi ^  *0x7a81dc ^ __edi;
														__cx =  *((intOrPtr*)((__esi >> 0x00000003 ^  *__esi ^  *0x7a81dc ^ __edi) + 0x10));
													}
													__ecx = __cx & 0x0000ffff;
													__dl = __dl | 0x0000003f;
													__eflags = __dl;
													 *(__esi + 7) = __dl;
													 *(__esi + (__cx & 0x0000ffff) * 8 - 4) = __eax;
												} else {
													 *(__esi + 7) = __al;
												}
											} else {
												__eax = _a8;
												__eax = _a8 & 0x00000001;
												__eflags = __eax;
												_a12 = __eax;
												if(__eax == 0) {
													__eflags =  *(__edi + 0x44) & 0x00000001;
													if(__eflags == 0) {
														__eax = E00717310(__eflags,  *((intOrPtr*)(__edi + 0xcc)));
													}
												}
												__ebx = 0;
												__eflags =  *(__edi + 0x4c);
												if( *(__edi + 0x4c) != 0) {
													__eax =  *(__edi + 0x50);
													 *__esi =  *__esi ^  *(__edi + 0x50);
													 *(__esi + 2) =  *(__esi + 2) ^  *(__esi + 1);
													__al =  *(__esi + 2) ^  *(__esi + 1) ^  *__esi;
													__eflags =  *(__esi + 3) - ( *(__esi + 2) ^  *(__esi + 1) ^  *__esi);
													if(__eflags != 0) {
														_push(0);
														_push(__esi);
														_push(__edi);
														__eax = E00794BBA(0, __edi, __esi, __eflags);
													}
												}
												__ax = _v8;
												 *__esi =  *__esi - __ax;
												__eflags =  *(__edi + 0x4c) - __ebx;
												if( *(__edi + 0x4c) != __ebx) {
													 *(__esi + 2) =  *(__esi + 2) ^  *(__esi + 1);
													__al =  *(__esi + 2) ^  *(__esi + 1) ^  *__esi;
													 *(__esi + 3) =  *(__esi + 2) ^  *(__esi + 1) ^  *__esi;
													__eax =  *(__edi + 0x50);
													 *__esi =  *__esi ^  *(__edi + 0x50);
													__eflags =  *__esi;
												}
												__eflags = _a12 - __ebx;
												if(__eflags == 0) {
													__eflags =  *(__edi + 0x44) & 0x00000001;
													if(__eflags == 0) {
														__eax = E007172D0( *((intOrPtr*)(__edi + 0xcc)));
													}
												}
											}
											__ebx = __esi + 8;
											goto L13;
										}
									}
									__cx = __cl & 0x000000ff;
									L27:
									__cx = __cx << 3;
									__ecx = __cx & 0x0000ffff;
									_v8 = __cx & 0x0000ffff;
									goto L31;
								}
								__cx =  *(__eax + 6) & 0x000000ff;
								goto L27;
							}
							L13:
							__esi = _a16;
							__edx = _a8;
							_push(__esi);
							_push(__ebx);
							__edx = _a8 | 0x00000002;
							__ecx = __edi;
							__eax = L0073FC46(__ebx, __edi, __edx, __edi, __esi, __eflags);
							_a16 = __eax;
							__eflags = __eax;
							if(__eax != 0) {
								__ebx = _v12;
								__eflags = __ebx;
								if(__ebx == 0) {
									return __eax;
								}
								_t111 = __ebx - 1; // -1
								__ecx = _t111;
								__ecx = __cx & 0x0000ffff;
								__eflags = __ecx -  *0x7afa38;
								if(__ecx >=  *0x7afa38) {
									__ecx = 0;
									__eflags = 0;
								} else {
									__ecx =  *(__ecx * 4 + ";Ay");
								}
								 *__ecx(__edi, 6, __ebx >> 0x10, __eax) = _v8 & 0x0000ffff;
								__edx = _a8;
								__esi = __esi - (_v8 & 0x0000ffff);
								__ecx = __edi;
								return E0077DD51(__edi, _a8, _a16, __esi, _v8, __ebx);
							}
							__eax = _v8 & 0x0000ffff;
							__ecx = _v12;
							__esi = __esi - (_v8 & 0x0000ffff);
							__eflags = __ecx;
							if(__eflags != 0) {
								_t118 = __ecx - 1; // -1
								__eax = _t118;
								__eax = __ax & 0x0000ffff;
								__eflags = __eax -  *0x7afa38;
								if(__eax >=  *0x7afa38) {
									__eax = 0;
									__eflags = 0;
								} else {
									__eax =  *(__eax * 4 + ";Ay");
								}
								_push(__ebx);
								_push(__ecx);
								_push(6);
								_push(__edi);
								__eax = E00729A68(__edi, __edi, 0, __ebx);
								__edx = _a8;
								__ecx = __edi;
								__eax = E0077DD51(__edi, __edx, __ebx, __eax, _v8, _v12);
							}
							__eax =  *[fs:0x18];
							__ebx =  *[fs:0x18];
							__edi = 0xc0000017;
							_push(0xc0000017);
							 *( *[fs:0x18] + 0xbf4) = 0xc0000017;
							__eax = E007238B5(__ebx, 0xc0000017, __esi, __eflags);
							__eflags = _a8 & 0x00000004;
							 *(__ebx + 0x34) = __eax;
							if((_a8 & 0x00000004) != 0) {
								_v84 = _v84 & 0x00000000;
								_v88 = _v88 & 0x00000000;
								__eax =  &_v92;
								_push( &_v92);
								_v92 = 0xc0000017;
								_v76 = 1;
								_v72 = __esi;
								_v80 = E00716C88;
								__eax = E00716C88(__ecx, __edx, 0xc0000017, __esi);
							}
							goto L1;
						}
						__eax = __ebx - 8;
						__eflags =  *(__eax + 7) - 5;
						if( *(__eax + 7) == 5) {
							__ecx =  *(__eax + 6) & 0x000000ff;
							__ecx = ( *(__eax + 6) & 0x000000ff) << 3;
							__eax = __eax - __ecx;
						}
						__eflags =  *(__eax + 7) & 0x0000003f;
						if(__eflags == 0) {
							_push(__esi);
							_push(__esi);
							_push(__esi);
							_push(__eax);
							_push(__edi);
							_push(8);
							goto L22;
						} else {
							goto L10;
						}
					}
				}
				L1:
				return 0;
			}

0x0073fbaf
0x0073fbb6
0x0073fbb9
0x0073fbbe
0x0074712c
0x00747133
0x00747134
0x0074713f
0x0073fbc4
0x0073fbc4
0x0073fbc7
0x0073fbce
0x00000000
0x0075e22f
0x0073fbd4
0x0073fbd8
0x00747147
0x00747149
0x0074714b
0x0073fbfe
0x0073fbfe
0x00000000
0x0073fbde
0x0073fbde
0x0073fbe1
0x0075e250
0x0075e251
0x0075e252
0x0075e253
0x0075e254
0x0075e255
0x0075e257
0x0075e257
0x0073fc00
0x0073fc00
0x0073fc02
0x0075e261
0x0075e261
0x0075e268
0x0075e26f
0x0075e274
0x0075e275
0x0075e280
0x00000000
0x0075e280
0x0073fc08
0x0073fc0c
0x0075e288
0x0075e28f
0x0075e292
0x0075e294
0x0075e297
0x00000000
0x00000000
0x0075e29d
0x0075e2a0
0x0075e2a3
0x0075e2b6
0x0075e2b9
0x0075e2c4
0x0075e2c4
0x0075e2c4
0x0075e2c8
0x0075e2c8
0x0075e2cc
0x0075e2cf
0x0075e2d2
0x0075e2d4
0x00000000
0x00000000
0x0075e2d6
0x0075e2da
0x0075e2dd
0x0075e2ed
0x0075e2ed
0x0075e2df
0x0075e2e3
0x0075e2e6
0x0075e2e8
0x0075e2e8
0x0075e2ef
0x0075e2f2
0x0075e2f4
0x0075e30d
0x0075e30d
0x0075e30d
0x00000000
0x0075e2f6
0x0075e2f6
0x0075e2f6
0x0075e2f9
0x0075e2fc
0x0075e302
0x00000000
0x00000000
0x0075e304
0x0075e30f
0x0075e319
0x0075e31b
0x00000000
0x00000000
0x0075e321
0x0075e324
0x0075e326
0x0075e3a4
0x0075e3a6
0x0075e3b4
0x0075e3b6
0x0075e3c7
0x0075e3ca
0x0075e3cd
0x0075e3d7
0x0075e3d9
0x0075e3f2
0x0075e3f6
0x0075e407
0x0075e3f8
0x0075e3f8
0x0075e3fa
0x0075e3fd
0x0075e3ff
0x0075e3ff
0x0075e402
0x0075e402
0x0075e3db
0x0075e3db
0x0075e3df
0x0075e3e4
0x0075e3ea
0x0075e3ec
0x0075e3ec
0x0075e40a
0x0075e40d
0x0075e3cf
0x0075e3cf
0x0075e3d2
0x0075e3d2
0x0075e3b8
0x0075e3bb
0x0075e3be
0x0075e3be
0x0075e3a8
0x0075e3a8
0x0075e3ac
0x0075e3b0
0x0075e3b0
0x0075e411
0x0075e414
0x0075e416
0x0075e419
0x0075e41c
0x0075e425
0x0075e427
0x0075e440
0x0075e444
0x0075e455
0x0075e446
0x0075e446
0x0075e448
0x0075e44b
0x0075e44d
0x0075e44d
0x0075e450
0x0075e450
0x0075e429
0x0075e429
0x0075e42d
0x0075e432
0x0075e438
0x0075e43a
0x0075e43a
0x0075e458
0x0075e45b
0x0075e45b
0x0075e45e
0x0075e461
0x0075e41e
0x0075e420
0x0075e420
0x0075e328
0x0075e328
0x0075e32b
0x0075e32b
0x0075e32e
0x0075e331
0x0075e333
0x0075e337
0x0075e33f
0x0075e33f
0x0075e337
0x0075e344
0x0075e346
0x0075e349
0x0075e34b
0x0075e34e
0x0075e353
0x0075e356
0x0075e358
0x0075e35b
0x0075e35d
0x0075e35e
0x0075e35f
0x0075e360
0x0075e360
0x0075e35b
0x0075e365
0x0075e369
0x0075e36c
0x0075e36f
0x0075e374
0x0075e377
0x0075e379
0x0075e37c
0x0075e37f
0x0075e37f
0x0075e37f
0x0075e381
0x0075e384
0x0075e38a
0x0075e38e
0x0075e39a
0x0075e39a
0x0075e38e
0x0075e384
0x0075e465
0x00000000
0x0075e465
0x0075e2f4
0x0075e2be
0x0075e2aa
0x0075e2aa
0x0075e2ae
0x0075e2b1
0x00000000
0x0075e2b1
0x0075e2a5
0x00000000
0x0075e2a5
0x0073fc12
0x0073fc12
0x0073fc15
0x0073fc18
0x0073fc19
0x0073fc1a
0x0073fc1d
0x0073fc1f
0x0073fc24
0x0073fc27
0x0073fc29
0x0073fc2f
0x0073fc32
0x0073fc34
0x0073fc3e
0x0073fc3e
0x0075e46d
0x0075e46d
0x0075e470
0x0075e473
0x0075e479
0x0075e484
0x0075e484
0x0075e47b
0x0075e47b
0x0075e47b
0x0075e492
0x0075e496
0x0075e49d
0x0075e4a3
0x00000000
0x0075e4a5
0x006fc06f
0x006fc073
0x006fc076
0x006fc078
0x006fc07a
0x0075e4af
0x0075e4af
0x0075e4b2
0x0075e4b5
0x0075e4bb
0x0075e4c6
0x0075e4c6
0x0075e4bd
0x0075e4bd
0x0075e4bd
0x0075e4c8
0x0075e4cc
0x0075e4cd
0x0075e4cf
0x0075e4dc
0x0075e4e1
0x0075e4e6
0x0075e4e8
0x0075e4e8
0x006fc080
0x006fc086
0x006fc08d
0x006fc092
0x006fc093
0x006fc099
0x006fc09e
0x006fc0a2
0x006fc0a5
0x0075e4f2
0x0075e4f6
0x0075e4fa
0x0075e4fd
0x0075e4fe
0x0075e501
0x0075e508
0x0075e50b
0x0075e512
0x0075e512
0x00000000
0x006fc0a5
0x0073fbe7
0x0073fbea
0x0073fbee
0x0075e239
0x0075e23d
0x0075e240
0x0075e240
0x0073fbf4
0x0073fbf8
0x0075e247
0x0075e248
0x0075e249
0x0075e24a
0x0075e24b
0x0075e24c
0x00000000
0x00000000
0x00000000
0x00000000
0x0073fbf8
0x0073fbd8
0x006fc05f
0x00000000

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ede3550e693ff9a04f9d3d5edf69f22a0b5cf0e4d6168eb8829a912fb2b194b4
Instruction ID: efaf2218bf54e81d005466f9a9b67defe15d98df92f02799e3fb89d260fdf267
Opcode Fuzzy Hash: ede3550e693ff9a04f9d3d5edf69f22a0b5cf0e4d6168eb8829a912fb2b194b4
Instruction Fuzzy Hash: BCC12570504695DBDB28CF24C494BFABBF5EF05301F108459FC868B682D77CAA49EB60

Uniqueness

Uniqueness Score: 0.00%

Function 00791907, Relevance: .3, Instructions: 281
COMMONCrypto

C-Code - Quality: 92%

			E00791907(signed int __ecx, void* __esi) {
				signed int _v8;
				char _v178;
				char _v180;
				void* _v188;
				void* _v196;
				short _v200;
				signed int _v202;
				short _v204;
				short _v206;
				char _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				char* _v236;
				short _v238;
				char _v240;
				intOrPtr _v244;
				char _v248;
				void* __ebx;
				void* __edi;
				signed int _t117;
				signed int _t122;
				signed short _t123;
				signed int _t128;
				intOrPtr _t129;
				signed int _t131;
				intOrPtr _t133;
				intOrPtr _t134;
				intOrPtr _t135;
				signed int _t142;
				signed char _t151;
				signed int _t164;
				signed int _t165;
				void* _t191;
				void* _t192;
				void* _t197;
				short _t203;
				void* _t210;
				signed int _t211;
				signed int _t212;
				signed int _t219;
				void* _t220;
				signed int _t221;

				_t220 = __esi;
				_t193 = __ecx;
				_t117 =  *0x7a81e8; // 0x77d57e23
				_v8 = _t117 ^ _t221;
				_v220 = _v220 | 0xffffffff;
				_v232 = _v232 | 0xffffffff;
				_t211 = 0;
				_v180 = 0;
				_v224 = 0;
				_v216 = 0;
				_v228 = 0;
				E00704EC0( &_v178, 0, 0xa8);
				_t122 = E00715700();
				_t11 = _t220 + 4; // 0x0
				_t123 =  *_t11 & 0x0000ffff;
				asm("sbb bl, bl");
				_t191 =  ~_t122 + 1;
				if(_t123 <= 0) {
					_push( &_v224);
					if(E00715C80() < 0) {
						goto L51;
					}
					goto L3;
				} else {
					_v224 = _t123 & 0x0000ffff;
					L3:
					_t128 = E00728E06(_t220, _v224, _t211,  &_v232);
					if(_t128 == 0xc0000034 || _t128 == 0xc00000bb) {
						_v212 = _v212 | 0xffffffff;
						_t129 = E00729181(2, 0x55);
						_v228 = _t129;
						if(_t129 != _t211) {
							_t193 = _v224 & 0x0000ffff;
							_t128 = E00729229( &_v248, _t129, _v224 & 0x0000ffff);
							if(_t128 == 0) {
								goto L20;
							}
							_t164 = E0072AE88(_t220, _v244, 1,  &_v212);
							if(_t164 >= 0) {
								_t165 = _v212;
							} else {
								_t165 = _t164 | 0xffffffff;
							}
							_t203 = 0x31;
							_v208 = _t203;
							_v202 = _t165;
							_v206 = 0;
							_v204 = _v224;
							_v200 = 0;
							asm("stosd");
							asm("stosd");
							_t193 = 0 << 0x10;
							asm("stosd");
							asm("stosd");
							E0073BEFA(0 << 0x10, _t210, _t220,  &_v208, _v244);
							_t128 = E0079028F(_t220,  &_v208, 0);
							if(_t128 < 0) {
								goto L20;
							} else {
								_t36 = _t220 + 0x14; // 0x0
								_t128 = ( *( *_t36 + 6) & 0x0000ffff) - 1;
								goto L15;
							}
						} else {
							_t125 = 0xc0000017;
							goto L51;
						}
					} else {
						if(_t128 < _t211) {
							L20:
							if(_t191 == 0) {
								_t131 = _t128 | 0xffffffff;
							} else {
								_t131 = _v220;
							}
							E00790535(_t193, _t220, _t131);
							_t53 = _t220 + 0x14; // 0x0
							_t133 =  *_t53;
							_t212 = 0;
							_v212 = 0;
							if(0 >=  *(_t133 + 6)) {
								L33:
								_t83 = _t220 + 0x14; // 0x0
								_t134 =  *_t83;
								_t197 = 0;
								_t210 = 0;
								if(0 >=  *(_t134 + 6)) {
									L43:
									_t104 = _t220 + 0x14; // 0x0
									_t135 =  *_t104;
									_t198 = 0;
									_t211 = 0;
									if(0 >=  *(_t135 + 6)) {
										L48:
										if(_v228 != 0) {
											E00722882(_t198,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v228);
										}
										_t125 = 0;
										L51:
										return E00722F0C(_t125, _t191, _v8 ^ _t221, _t210, _t211, _t220);
									}
									_t192 = 0;
									do {
										if(( *(_t192 +  *((intOrPtr*)(_t135 + 0xc))) & 0x00000004) != 0) {
											E0078F2F2(_t220, _t211);
										}
										_t110 = _t220 + 0x14; // 0x0
										_t135 =  *_t110;
										_t198 =  *(_t135 + 6) & 0x0000ffff;
										_t211 = _t211 + 1;
										_t192 = _t192 + 0x1c;
									} while (_t211 < ( *(_t135 + 6) & 0x0000ffff));
									goto L48;
								} else {
									goto L34;
								}
								do {
									L34:
									_t142 =  *(_t197 +  *((intOrPtr*)(_t134 + 0xc))) & 0x0000ffff;
									if((_t142 & 0x00000001) != 0 && (_t142 & 0x00000020) != 0) {
										if((_t142 & 0x00001000) == 0) {
											_v216 = _v216 + 1;
										}
										if(_t191 != 0 && _t210 != _v220) {
											_t97 = _t220 + 0x48; // 0x0
											if(_v216 >  *_t97) {
												_t98 = _t220 + 0x14; // 0x0
												 *( *((intOrPtr*)( *_t98 + 0xc)) + _t197) =  *( *((intOrPtr*)( *_t98 + 0xc)) + _t197) & 0x0000ffdf;
												_t100 = _t220 + 0x14; // 0x0
												 *( *((intOrPtr*)( *_t100 + 0xc)) + _t197) =  *( *((intOrPtr*)( *_t100 + 0xc)) + _t197) | 0x00008000;
											}
										}
									}
									_t102 = _t220 + 0x14; // 0x0
									_t134 =  *_t102;
									_t210 = _t210 + 1;
									_t197 = _t197 + 0x1c;
								} while (_t210 < ( *(_t134 + 6) & 0x0000ffff));
								goto L43;
							} else {
								do {
									_t151 =  *(_t212 +  *((intOrPtr*)(_t133 + 0xc))) & 0x0000ffff;
									if((_t151 & 0x00000002) != 0 && (_t151 & 0x00000020) != 0) {
										E0078F4E0(_t220, _v212);
										_t63 = _t220 + 0x14; // 0x0
										if(( *(_t212 +  *((intOrPtr*)( *_t63 + 0xc))) & 0x00001000) == 0) {
											_v216 = _v216 + 1;
										}
										if(_t191 != 0 && _v212 != _v220) {
											_t73 = _t220 + 0x48; // 0x0
											if(_v216 >  *_t73) {
												_t74 = _t220 + 0x14; // 0x0
												 *( *((intOrPtr*)( *_t74 + 0xc)) + _t212) =  *( *((intOrPtr*)( *_t74 + 0xc)) + _t212) & 0x0000ffdf;
												_t76 = _t220 + 0x14; // 0x0
												 *( *((intOrPtr*)( *_t76 + 0xc)) + _t212) =  *( *((intOrPtr*)( *_t76 + 0xc)) + _t212) | 0x00008000;
											}
										}
									}
									_t78 = _t220 + 0x14; // 0x0
									_t133 =  *_t78;
									_v212 = _v212 + 1;
									_t212 = _t212 + 0x1c;
								} while (_v212 < ( *(_t133 + 6) & 0x0000ffff));
								goto L33;
							}
						} else {
							_t128 = _v232;
							L15:
							_v220 = _t128;
							if(_t128 != 0xffffffff) {
								_t219 = _v220 * 0x1c;
								_v236 =  &_v180;
								_v238 = 0xaa;
								_t44 = _t220 + 0x14; // 0x0
								_t128 = E006DA98B(_t193, _t220,  *((intOrPtr*)( *_t44 + 0xc)) + _t219,  &_v240);
								if(_t128 >= 0) {
									_t128 = E0072C2CE(_t220, _v236);
									if(_t128 >= 0) {
										_v216 = 1;
									} else {
										_t47 = _t220 + 0x14; // 0x0
										 *( *((intOrPtr*)( *_t47 + 0xc)) + _t219) =  *( *((intOrPtr*)( *_t47 + 0xc)) + _t219) & 0x0000ffdf;
										_t49 = _t220 + 0x14; // 0x0
										_t128 =  *((intOrPtr*)( *_t49 + 0xc)) + _t219;
										_t193 = 0x8000;
										 *_t128 =  *_t128 | 0x00008000;
									}
								}
							}
							goto L20;
						}
					}
				}
			}

0x00791907
0x00791907
0x00791912
0x00791919
0x0079191c
0x00791923
0x0079192c
0x00791935
0x00791944
0x0079194a
0x00791950
0x00791956
0x0079195e
0x00791965
0x00791965
0x0079196b
0x0079196d
0x00791972
0x00791985
0x0079198d
0x00000000
0x00000000
0x00000000
0x00791974
0x00791977
0x00791993
0x007919a2
0x007919ac
0x007919c9
0x007919d4
0x007919d9
0x007919e1
0x007919ed
0x007919fd
0x00791a04
0x00000000
0x00000000
0x00791a1a
0x00791a21
0x00791a28
0x00791a23
0x00791a23
0x00791a23
0x00791a30
0x00791a31
0x00791a38
0x00791a41
0x00791a51
0x00791a5b
0x00791a75
0x00791a76
0x00791a7e
0x00791a89
0x00791a8a
0x00791a93
0x00791aa2
0x00791aa9
0x00000000
0x00791aaf
0x00791aaf
0x00791ab6
0x00000000
0x00791ab6
0x007919e3
0x007919e3
0x00000000
0x007919e3
0x007919b5
0x007919b7
0x00791b39
0x00791b3b
0x00791b45
0x00791b3d
0x00791b3d
0x00791b3d
0x00791b4a
0x00791b4f
0x00791b4f
0x00791b52
0x00791b56
0x00791b60
0x00791bf1
0x00791bf1
0x00791bf1
0x00791bf4
0x00791bf6
0x00791bfc
0x00791c60
0x00791c60
0x00791c60
0x00791c63
0x00791c65
0x00791c6b
0x00791c8e
0x00791c95
0x00791cab
0x00791cab
0x00791cb0
0x00791cb2
0x00791cbf
0x00791cbf
0x00791c6d
0x00791c6f
0x00791c76
0x00791c7a
0x00791c7a
0x00791c7f
0x00791c7f
0x00791c82
0x00791c86
0x00791c87
0x00791c8a
0x00000000
0x00000000
0x00000000
0x00000000
0x00791bfe
0x00791bfe
0x00791c01
0x00791c07
0x00791c12
0x00791c14
0x00791c14
0x00791c1c
0x00791c2c
0x00791c2f
0x00791c31
0x00791c3e
0x00791c41
0x00791c4e
0x00791c4e
0x00791c2f
0x00791c1c
0x00791c51
0x00791c51
0x00791c58
0x00791c59
0x00791c5c
0x00000000
0x00791b66
0x00791b66
0x00791b69
0x00791b6f
0x00791b7c
0x00791b81
0x00791b90
0x00791b92
0x00791b92
0x00791b9a
0x00791bb0
0x00791bb3
0x00791bb5
0x00791bc2
0x00791bc5
0x00791bd2
0x00791bd2
0x00791bb3
0x00791b9a
0x00791bd5
0x00791bd5
0x00791bdc
0x00791be2
0x00791be5
0x00000000
0x00791b66
0x007919bd
0x007919bd
0x00791ab7
0x00791ab7
0x00791ac0
0x00791ace
0x00791ad1
0x00791adc
0x00791aea
0x00791af4
0x00791afb
0x00791b04
0x00791b0b
0x00791b2f
0x00791b0d
0x00791b0d
0x00791b1a
0x00791b1d
0x00791b23
0x00791b25
0x00791b2a
0x00791b2a
0x00791b0b
0x00791afb
0x00000000
0x00791ac0
0x007919b7
0x007919ac

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f1cd41eb78df3083abbedf22e6e842f7fc365dc63e242c860cc97ba74a1b4a6
Instruction ID: 44696c054d50dc6b36283c05b34ec3633a12c51521d4929f444111950e333692
Opcode Fuzzy Hash: 7f1cd41eb78df3083abbedf22e6e842f7fc365dc63e242c860cc97ba74a1b4a6
Instruction Fuzzy Hash: F5B1BC70A00265CEDB34CF68EC84BA9B3F5EF05710F45859AE84AE7291E7389D95CB21

Uniqueness

Uniqueness Score: 0.00%

Function 00727015, Relevance: .3, Instructions: 254
COMMONCrypto

C-Code - Quality: 90%

			E00727015(signed char _a4, signed short* _a8, unsigned int* _a12, signed short _a16) {
				signed int _v8;
				char _v72;
				signed int _v76;
				signed short _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				unsigned short _v100;
				signed short _v104;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t113;
				signed short _t115;
				unsigned short _t118;
				signed short _t120;
				signed short _t135;
				signed int _t136;
				signed char _t143;
				void* _t144;
				signed int _t145;
				signed int _t146;
				void* _t148;
				signed short _t164;
				signed int _t165;
				signed int _t168;
				void* _t171;
				signed short* _t172;
				signed short _t173;
				short* _t174;
				signed int _t176;
				void* _t179;
				unsigned int* _t180;
				signed short* _t181;
				signed int _t183;

				_t113 =  *0x7a81e8; // 0x77d57e23
				_v8 = _t113 ^ _t183;
				_t115 = _a16;
				_v104 = _t115;
				if(_t115 != 0) {
					__ecx = 0;
					 *__eax = __cx;
				}
				_t143 = _a4;
				if((_t143 & 0xfffffff8) != 0 || _t115 == 0) {
					_t116 = 0xc000000d;
				} else {
					_t172 = _a8;
					if(E00726F6C(0, _t172) >= 0) {
						_t180 = _a12;
						if(E00726F6C(0, _t180) >= 0) {
							_t118 =  *_t172 & 0x0000ffff;
							_t169 =  *_t180 >> 0x00000001 & 0x0000ffff;
							_v100 = _t118;
							_v84 = _t180[1];
							_t120 = _t118 >> 0x00000001 & 0x0000ffff;
							_v96 = _t143;
							_t16 =  &_v96;
							 *_t16 = _v96 & 1;
							_v80 = _t120;
							_v76 = _t169;
							if( *_t16 == 0) {
								_t181 = _t172[2];
								_v92 = 1;
							} else {
								_v92 = _v92 | 0xffffffff;
								_t181 = _t172[2] + (_t120 & 0x0000ffff) * 2 - 2;
							}
							if((_t143 & 0x00000004) != 0) {
								if(_t169 > 0x20) {
									if(_t120 == 0) {
										goto L21;
									} else {
										_v88 = _t143;
										_v88 = _v88 & 0x00000002;
										while(1) {
											_t145 = E0077E6D3( *_t181 & 0x0000ffff) & 0x0000ffff;
											_t173 = 0;
											if(_v88 == 0) {
												goto L58;
											}
											if(0 < _v76) {
												while(_t145 != E0077E6D3( *(_v84 + (_t173 & 0x0000ffff) * 2) & 0x0000ffff)) {
													_t173 = _t173 + 1;
													if(_t173 < _v76) {
														continue;
													}
													goto L56;
												}
											}
											L56:
											if(_t173 != _v76) {
												L62:
												_v80 = _v80 + 0xffff;
												_t181 =  &(_t181[_v92]);
												if(_v80 != 0) {
													continue;
												}
											} else {
											}
											goto L43;
											L58:
											if(0 < _v76) {
												while(_t145 != E0077E6D3( *(_v84 + (_t173 & 0x0000ffff) * 2) & 0x0000ffff)) {
													_t173 = _t173 + 1;
													if(_t173 < _v76) {
														continue;
													}
													goto L61;
												}
											}
											L61:
											if(_t173 == _v76) {
												goto L62;
											}
											goto L43;
										}
									}
								} else {
									if(0 < _t169) {
										_t174 =  &_v72;
										_t148 = _v84 - _t174;
										_v84 = _t169 & 0x0000ffff;
										do {
											 *_t174 = E0077E6D3( *(_t148 + _t174) & 0x0000ffff);
											_t174 = _t174 + 2;
											_t58 =  &_v84;
											 *_t58 = _v84 - 1;
										} while ( *_t58 != 0);
										_t143 = _a4;
										_t120 = _v80;
									}
									if(_t120 == 0) {
										goto L21;
									} else {
										_t146 = _t143 & 0x00000002;
										while(1) {
											_t135 = E0077E6D3( *_t181 & 0x0000ffff);
											_t164 = 0;
											_t169 = 0;
											_t136 = _t135 & 0x0000ffff;
											if(_t146 == 0) {
												goto L44;
											}
											if(0 < _v76) {
												while(1) {
													_t169 = _t164 & 0x0000ffff;
													if(_t136 ==  *((intOrPtr*)(_t183 + (_t164 & 0x0000ffff) * 2 - 0x44))) {
														goto L42;
													}
													_t164 = _t164 + 1;
													if(_t164 < _v76) {
														continue;
													}
													goto L42;
												}
											}
											L42:
											if(_t164 != _v76) {
												L48:
												_v80 = _v80 + 0xffff;
												_t181 =  &(_t181[_v92]);
												if(_v80 != 0) {
													continue;
												}
											}
											L43:
											_t120 = _v80;
											goto L17;
											L44:
											if(0 < _v76) {
												while(1) {
													_t169 = _t164 & 0x0000ffff;
													if(_t136 ==  *((intOrPtr*)(_t183 + (_t164 & 0x0000ffff) * 2 - 0x44))) {
														goto L47;
													}
													_t164 = _t164 + 1;
													if(_t164 < _v76) {
														continue;
													}
													goto L47;
												}
											}
											L47:
											if(_t164 == _v76) {
												goto L48;
											}
											goto L43;
										}
									}
								}
							} else {
								if(_t169 != 1) {
									if(_t120 == 0) {
										goto L21;
									} else {
										_t176 = _v84;
										_v88 = _t143;
										_v88 = _v88 & 0x00000002;
										do {
											_v76 = _v76 & 0x00000000;
											_t165 =  *_t181 & 0x0000ffff;
											if(_v88 != 0) {
												if(0 < _t169) {
													while(_t165 !=  *((intOrPtr*)(_t176 + (_v76 & 0x0000ffff) * 2))) {
														_v76 = _v76 + 1;
														if(_v76 < _t169) {
															continue;
														}
														goto L71;
													}
												}
												L71:
												if(_v76 != _t169) {
													goto L27;
												} else {
													goto L17;
												}
											} else {
												if(0 < _t169) {
													while(_t165 !=  *((intOrPtr*)(_t176 + (_v76 & 0x0000ffff) * 2))) {
														_v76 = _v76 + 1;
														if(_v76 < _t169) {
															continue;
														}
														goto L26;
													}
												} else {
												}
												L26:
												if(_v76 != _t169) {
													goto L17;
												} else {
													goto L27;
												}
											}
											goto L73;
											L27:
											_t120 = _t120 + 0xffff;
											_t181 =  &(_t181[_v92]);
										} while (_t120 != 0);
										goto L17;
									}
								} else {
									_t168 =  *_v84 & 0x0000ffff;
									if((_t143 & 0x00000002) != 0) {
										if(_t120 == 0) {
											goto L21;
										} else {
											while( *_t181 == _t168) {
												_t169 = _v92;
												_t120 = _t120 + 0xffff;
												_t181 =  &(_t181[_v92]);
												if(_t120 == 0) {
													goto L17;
												} else {
													continue;
												}
												L73:
											}
											goto L17;
										}
									} else {
										if(_t120 == 0) {
											L21:
											_t116 = 0xc0000225;
										} else {
											while( *_t181 != _t168) {
												_t169 = _v92;
												_t120 = _t120 + 0xffff;
												_t181 =  &(_t181[_v92]);
												if(_t120 != 0) {
													continue;
												}
												break;
											}
											L17:
											if(_t120 == 0) {
												goto L21;
											} else {
												_t115 = _t120 + 0xffff + _t120 + 0xffff;
												if(_v96 == 0) {
													_t115 = _v100 - _t115;
												}
												 *_v104 = _t115 & 0x0000ffff;
												_t116 = 0;
											}
										}
									}
								}
							}
						}
					}
				}
				_pop(_t171);
				_pop(_t179);
				_pop(_t144);
				return E00722F0C(_t116, _t144, _v8 ^ _t183, _t169, _t171, _t179);
				goto L73;
			}

0x0072701d
0x00727024
0x00727027
0x0072702a
0x0072702f
0x00727031
0x00727033
0x00727033
0x00727037
0x00727042
0x006d27b4
0x00727050
0x00727050
0x0072705d
0x00727063
0x00727070
0x00727079
0x0072707f
0x00727085
0x0072708b
0x00727090
0x00727093
0x00727097
0x00727097
0x0072709a
0x0072709d
0x007270a0
0x006dc46e
0x006dc471
0x007270a6
0x007270a9
0x007270b0
0x007270b0
0x007270b7
0x0075a8bf
0x0075a971
0x00000000
0x0075a977
0x0075a977
0x0075a97a
0x0075a97e
0x0075a987
0x0075a98a
0x0075a991
0x00000000
0x00000000
0x0075a997
0x0075a999
0x0075a9ae
0x0075a9b3
0x00000000
0x00000000
0x00000000
0x0075a9b3
0x0075a999
0x0075a9b5
0x0075a9b9
0x0075a9ec
0x0075a9ec
0x0075a9fb
0x0075a9fe
0x00000000
0x0075aa04
0x00000000
0x0075a9bb
0x00000000
0x0075a9c0
0x0075a9c4
0x0075a9c6
0x0075a9db
0x0075a9e0
0x00000000
0x00000000
0x00000000
0x0075a9e0
0x0075a9c6
0x0075a9e2
0x0075a9e6
0x00000000
0x00000000
0x00000000
0x0075a9e6
0x0075a97e
0x0075a8c5
0x0075a8ca
0x0075a8cf
0x0075a8d4
0x0075a8d9
0x0075a8dc
0x0075a8e6
0x0075a8ea
0x0075a8eb
0x0075a8eb
0x0075a8eb
0x0075a8f0
0x0075a8f3
0x0075a8f3
0x0075a8f9
0x00000000
0x0075a8ff
0x0075a8ff
0x0075a902
0x0075a906
0x0075a90b
0x0075a90d
0x0075a90f
0x0075a914
0x00000000
0x00000000
0x0075a91a
0x0075a91c
0x0075a91c
0x0075a924
0x00000000
0x00000000
0x0075a926
0x0075a92b
0x00000000
0x00000000
0x00000000
0x0075a92b
0x0075a91c
0x0075a92d
0x0075a931
0x0075a958
0x0075a958
0x0075a967
0x0075a96a
0x00000000
0x0075a96c
0x0075a96a
0x0075a933
0x0075a933
0x00000000
0x0075a93b
0x0075a93f
0x0075a941
0x0075a941
0x0075a949
0x00000000
0x00000000
0x0075a94b
0x0075a950
0x00000000
0x00000000
0x00000000
0x0075a950
0x0075a941
0x0075a952
0x0075a956
0x00000000
0x00000000
0x00000000
0x0075a956
0x0075a902
0x0075a8f9
0x007270bd
0x007270c0
0x00740309
0x00000000
0x0074030f
0x0074030f
0x00740312
0x00740315
0x0074034c
0x0074034c
0x00740350
0x00740358
0x0075aa34
0x0075aa36
0x0075aa40
0x0075aa47
0x00000000
0x00000000
0x00000000
0x0075aa47
0x0075aa36
0x0075aa49
0x0075aa4d
0x00000000
0x0075aa53
0x00000000
0x0075aa53
0x0074035e
0x00740361
0x0074031b
0x00740325
0x0074032c
0x00000000
0x00000000
0x00000000
0x0074032c
0x00000000
0x00740363
0x0074032e
0x00740332
0x00000000
0x00000000
0x00000000
0x00000000
0x00740332
0x00000000
0x00740338
0x0074033b
0x00740340
0x00740343
0x00000000
0x0074034c
0x007270c6
0x007270c9
0x007270cf
0x0075aa0c
0x00000000
0x0075aa12
0x0075aa12
0x0075aa1b
0x0075aa1e
0x0075aa23
0x0075aa29
0x00000000
0x0075aa2f
0x00000000
0x0075aa2f
0x00000000
0x0075aa29
0x00000000
0x0075aa12
0x007270d5
0x007270d8
0x0072a1f7
0x0072a1f7
0x007270de
0x007270de
0x007270e3
0x007270e6
0x007270eb
0x007270f1
0x00000000
0x00000000
0x00000000
0x007270f1
0x007270f3
0x007270f6
0x00000000
0x007270fc
0x00727101
0x00727107
0x006d27ad
0x006d27ad
0x00727113
0x00727116
0x00727116
0x007270f6
0x007270d8
0x007270cf
0x007270c0
0x007270b7
0x00727070
0x0072705d
0x0072711b
0x0072711c
0x0072711f
0x00727126
0x00000000

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2569fdea21b9db2e0140f8e19d2242f3a1bafb22ed258e03cd6571f5e69d6c4
Instruction ID: 6bb969240560bc922b947a3c415471a7ef4048f3805e6000728a9e4064cf6b99
Opcode Fuzzy Hash: b2569fdea21b9db2e0140f8e19d2242f3a1bafb22ed258e03cd6571f5e69d6c4
Instruction Fuzzy Hash: 1491CF34D0426ADBCF24DF94C5412FDB7B1FF50711F95412AD882A7184E7BCA89ACBA2

Uniqueness

Uniqueness Score: 0.00%

Function 006F3984, Relevance: .3, Instructions: 252
COMMONCrypto

C-Code - Quality: 98%

			E006F3984(signed int* __ecx, void* __edi, void* __esi, intOrPtr _a4, unsigned int _a8, intOrPtr* _a12, signed short* _a16, unsigned int _a20) {
				signed int _v8;
				void* __ebx;
				intOrPtr _t44;
				signed int _t45;
				signed int _t47;
				void* _t50;
				unsigned int _t51;
				signed char _t57;
				signed char _t61;
				signed int _t64;
				signed int _t65;
				signed short _t67;
				signed short* _t73;
				signed char _t76;
				signed int* _t84;
				signed short* _t85;
				signed int _t90;
				signed int _t92;
				signed int _t96;
				unsigned int _t97;
				signed int _t100;
				signed int _t106;
				void* _t120;

				_t120 = __esi;
				_t84 = __ecx;
				_push(__ecx);
				_t73 = _a16;
				_v8 = 0;
				if(_t73 == 0) {
					_t44 = 0xc00000f2;
					goto L31;
				} else {
					__ecx = _a4;
					if(__ecx == 0) {
						if(_a12 == 0) {
							__eax = 0xc000000d;
						} else {
							__eax = E006F3ADB(__ecx, __ebx, _a20, _a12);
						}
						L31:
						return _t44;
					}
					__eax = _a20;
					if((__al & 0x00000001) != 0) {
						__eax = 0xc00000f3;
						goto L31;
					}
					__eax = __eax >> 1;
					_a20 = __eax;
					__eax = _a8;
					_push(__esi);
					__eax = _a8 + __ecx;
					_a16 = _a8 + __ecx;
					while(1) {
						L15:
						L16:
						while(1) {
							L16:
							while(1) {
								L16:
								if(_t76 >= _a20) {
									if(_t92 <= 0) {
										L29:
										_t44 = _v8;
										L30:
										 *_a12 = _t84 - _a4;
										goto L31;
									}
									L20:
									_t25 = _t92 - 0xd800; // -55296
									if(_t25 <= 0x7ff) {
										_v8 = 0x107;
										_t92 = 0xfffd;
									}
									_t50 = 1;
									if(_t92 > 0x7f) {
										if(_t92 > 0x7ff) {
											if(_t92 > 0xffff) {
												_t50 = 2;
											}
											_t50 = _t50 + 1;
										}
										_t50 = _t50 + 1;
									}
									if(_t84 > _a16 - _t50) {
										_t44 = 0xc0000023;
										goto L30;
									} else {
										if(_t92 > 0x7f) {
											_t51 = _t92;
											if(_t92 > 0x7ff) {
												if(_t92 > 0xffff) {
													 *_t84 = _t51 >> 0x00000012 | 0x000000f0;
													_t84 =  &(_t84[0]);
													_t57 = _t92 >> 0x0000000c & 0x0000003f | 0x00000080;
												} else {
													_t57 = _t51 >> 0x0000000c | 0x000000e0;
												}
												 *_t84 = _t57;
												_t84 =  &(_t84[0]);
												_t61 = _t92 >> 0x00000006 & 0x0000003f | 0x00000080;
											} else {
												_t61 = _t51 >> 0x00000006 | 0x000000c0;
											}
											 *_t84 = _t61;
											_t84 =  &(_t84[0]);
											_t92 = _t92 & 0x0000003f | 0x00000080;
										}
										 *_t84 = _t92;
										_t84 =  &(_t84[0]);
										_t64 = _a20 - _t76 >> 1;
										_t96 = _a16 - _t84;
										if(_t64 > 0xd) {
											if(_t96 < _t64) {
												_t64 = _t96;
											}
											_t120 = _t76 + _t64 * 2 - 0xa;
											L7:
											while(_t76 < _t120) {
												_t45 =  *_t76 & 0x0000ffff;
												_t76 = _t76 + 2;
												if(_t45 > 0x7f) {
													L40:
													if(_t45 <= 0x7ff) {
														_t90 = _t45 | 0x00003000;
														L44:
														_t120 = _t120;
														 *_t84 = _t90 >> 6;
														_t85 =  &(_t84[0]);
														_t47 = _t45 & 0x0000003f | 0x00000080;
														L45:
														 *_t85 = _t47;
														_t84 =  &(_t85[0]);
														continue;
													}
													if(_t45 - 0xd800 <= 0x7ff) {
														if(_t45 > 0xdbff) {
															_t76 = _t76;
															break;
														}
														_t100 =  *_t76 & 0x0000ffff;
														_t41 = _t100 - 0xdc00; // -54273
														_t76 = _t76 + 2;
														if(_t41 > 0x3ff) {
															_t76 = _t76 - 4;
															break;
														}
														_t45 = (_t45 << 0xa) + _t100 - 0x35fdc00;
														 *_t84 = _t45 >> 0x00000012 | 0x000000f0;
														_t84 =  &(_t84[0]);
														_t106 = _t45 & 0x0003f000 | 0x00080000;
														L43:
														 *_t84 = _t106 >> 0xc;
														_t120 = _t120;
														_t84 =  &(_t84[0]);
														_t90 = _t45 & 0x00000fc0 | 0x00002000;
														goto L44;
													}
													_t106 = _t45 | 0x000e0000;
													goto L43;
												}
												 *_t84 = _t45;
												_t84 =  &(_t84[0]);
												if((_t76 & 0x00000002) != 0) {
													goto L1;
												}
												L10:
												if(_t76 < _t120) {
													while(1) {
														_t97 =  *(_t76 + 4);
														_t67 =  *_t76;
														if(((_t97 | _t67) & 0xff80ff80) != 0) {
															break;
														}
														 *_t85 = _t67;
														_t85[1] = _t97;
														_t85[0] = _t67 >> 0x10;
														_t76 = _t76 + 8;
														_t85[1] = _t97 >> 0x10;
														_t85 =  &(_t85[2]);
														if(_t76 < _t120) {
															continue;
														}
														goto L7;
													}
													_t47 = _t67 & 0x0000ffff;
													_t76 = _t76 + 2;
													if(_t47 <= 0x7f) {
														goto L45;
													}
													goto L40;
												}
												break;
											}
											_t92 = 0;
											goto L15;
										} else {
											if(_t96 < _t64) {
												_t92 = 0;
												continue;
											}
											while(_t76 < _a20) {
												_t92 =  *_t76 & 0x0000ffff;
												_t76 = _t76 + 2;
												if(_t92 > 0x7f) {
													L19:
													_t24 = _t92 - 0xd800; // -55296
													if(_t24 <= 0x3ff) {
														goto L16;
													}
													goto L20;
												}
												 *_t84 = _t92;
												_t84 =  &(_t84[0]);
											}
											goto L29;
										}
									}
								}
								if(_t92 > 0) {
									_t65 =  *_t76 & 0x0000ffff;
									if(_t65 - 0xdc00 <= 0x3ff) {
										_t92 = (_t92 << 0xa) + _t65 - 0x35fdc00;
										_t76 = _t76 + 2;
									}
									goto L20;
								}
								_t92 =  *_t76 & 0x0000ffff;
								_t76 = _t76 + 2;
								goto L19;
							}
						}
					}
				}
				L1:
				_t45 =  *_t73 & 0x0000ffff;
				_t76 =  &(_t73[1]);
				if(_t45 > 0x7f) {
					goto L40;
				} else {
					 *_t84 = _t45;
					_t85 =  &(_t84[0]);
					goto L10;
				}
			}

0x006f3984
0x006f3984
0x006f3989
0x006f398b
0x006f3990
0x006f3995
0x007606a5
0x00000000
0x006f399b
0x006f399b
0x006f39a0
0x006f3ac2
0x007606af
0x006f3ac8
0x006f3acf
0x006f3acf
0x006f3a5c
0x006f3a5e
0x006f3a5e
0x006f39a6
0x006f39ab
0x007606b9
0x00000000
0x007606b9
0x006f39b1
0x006f39b6
0x006f39b9
0x006f39bc
0x006f39bd
0x006f39c0
0x006f39c3
0x006f39c3
0x00000000
0x006f39c8
0x00000000
0x006f39c8
0x006f39c8
0x006f39cb
0x00748e6e
0x006f3a4f
0x006f3a4f
0x006f3a52
0x006f3a59
0x00000000
0x006f3a5b
0x006f39eb
0x006f39eb
0x006f39f3
0x007606e9
0x007606f0
0x007606f0
0x006f39fb
0x006f39ff
0x007606fc
0x00760704
0x00760708
0x00760708
0x00760709
0x00760709
0x0076070a
0x0076070a
0x006f3a0c
0x00748e80
0x00000000
0x006f3a12
0x006f3a15
0x00760710
0x00760714
0x00760723
0x00760731
0x0076073a
0x0076073b
0x00760725
0x00760728
0x00760728
0x0076073d
0x00760746
0x00760747
0x00760716
0x00760719
0x00760719
0x00760749
0x0076074e
0x0076074f
0x0076074f
0x006f3a1e
0x006f3a25
0x006f3a26
0x006f3a28
0x006f3a2d
0x006e482b
0x00760757
0x00760757
0x006e4831
0x00000000
0x006e4867
0x006e486b
0x006e486f
0x006e4873
0x00748e94
0x00748e9b
0x00748e64
0x00748ec9
0x00748ecd
0x00748ece
0x00748ed2
0x00748ed3
0x00748ed5
0x00748ed5
0x00748ed7
0x00000000
0x00748ed7
0x00748ea5
0x00760763
0x007607a1
0x00000000
0x007607a1
0x00760765
0x00760769
0x0076076f
0x00760776
0x007607a7
0x00000000
0x007607a7
0x0076077b
0x0076078a
0x00760794
0x00760795
0x00748eb3
0x00748eb6
0x00748ebb
0x00748ec2
0x00748ec3
0x00000000
0x00748ec3
0x00748ead
0x00000000
0x00748ead
0x006e4879
0x006e487b
0x006e487f
0x00000000
0x00000000
0x006e4885
0x006e4887
0x006e4837
0x006e4837
0x006e483a
0x006e4846
0x00000000
0x00000000
0x006e484c
0x006e484e
0x006e4857
0x006e485a
0x006e485d
0x006e4860
0x006e4865
0x00000000
0x00000000
0x00000000
0x006e4865
0x00748e8a
0x00748e8e
0x00748e92
0x00000000
0x00000000
0x00000000
0x00748e92
0x00000000
0x006e4887
0x006e4889
0x00000000
0x006f3a33
0x006f3a35
0x00748e79
0x00000000
0x00748e79
0x006f3a3b
0x006f3a40
0x006f3a44
0x006f3a48
0x006f39de
0x006f39de
0x006f39e9
0x00000000
0x00000000
0x00000000
0x006f39e9
0x006f3a4a
0x006f3a4c
0x006f3a4c
0x00000000
0x006f3a3b
0x006f3a2d
0x006f3a0c
0x006f39d3
0x007606c3
0x007606d2
0x007606dc
0x007606e3
0x007606e3
0x00000000
0x007606d2
0x006f39d9
0x006f39dd
0x00000000
0x006f39dd
0x006f39c8
0x006f39c8
0x006f39c3
0x006dc13e
0x006dc13e
0x006dc142
0x006dc146
0x00000000
0x006dc14c
0x006dc14c
0x006dc14e
0x00000000
0x006dc14e

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a4e099b249d255366ca591c774df4b4b5eaa90df1f876f61a60070d67a413c9
Instruction ID: 7f9bd3c20d46c4dac5c2f40e0df6709154caabd215409fedcea32e9e51ae30e8
Opcode Fuzzy Hash: 3a4e099b249d255366ca591c774df4b4b5eaa90df1f876f61a60070d67a413c9
Instruction Fuzzy Hash: 2F717C316062AACFDB198A39C4C027E3753EB92304B3486B6D8C38B74ADA74D943D791

Uniqueness

Uniqueness Score: 0.00%

Function 0079B0E7, Relevance: .2, Instructions: 233
COMMONCrypto

C-Code - Quality: 98%

			E0079B0E7(void* __ecx, unsigned int* _a4, signed int* _a8, signed char _a12, signed int _a16, signed int* _a20, signed int* _a24, intOrPtr _a28) {
				signed int _v8;
				signed char _t105;
				signed char _t131;
				signed int _t133;
				signed int _t135;
				signed int _t138;
				signed int _t143;
				signed int _t155;
				signed int _t159;
				signed int _t162;
				void* _t163;
				void* _t166;
				signed int _t169;
				void* _t170;
				signed int _t184;
				signed int* _t189;
				unsigned int* _t194;
				signed int* _t197;
				signed int* _t200;

				_t191 = __ecx;
				_push(__ecx);
				_t105 = _a12;
				_t200 = _a4;
				_t200[1] = 0;
				_t200[2] = 0;
				_v8 = 0;
				_t200[3] = 0;
				if((_t105 & 0x00000010) != 0) {
					_t200[1] = _t200[1] | 0x00000001;
					_v8 = 0xc000008f;
				}
				if((_t105 & 0x00000002) != 0) {
					_t200[1] = _t200[1] | 0x00000002;
					_v8 = 0xc0000093;
				}
				if((_t105 & 0x00000001) != 0) {
					_t200[1] = _t200[1] | 0x00000004;
					_v8 = 0xc0000091;
				}
				if((_t105 & 0x00000004) != 0) {
					_t200[1] = _t200[1] | 0x00000008;
					_v8 = 0xc000008e;
				}
				if((_t105 & 0x00000008) != 0) {
					_t200[1] = _t200[1] | 0x00000010;
					_v8 = 0xc0000090;
				}
				_t197 = _a8;
				_t200[2] = _t200[2] ^ ( !( *_t197 << 4) ^ _t200[2]) & 0x00000010;
				_t200[2] = _t200[2] ^ ( !( *_t197 +  *_t197) ^ _t200[2]) & 0x00000008;
				_t200[2] = _t200[2] ^ ( !( *_t197 >> 1) ^ _t200[2]) & 0x00000004;
				_t200[2] = _t200[2] ^ ( !( *_t197 >> 3) ^ _t200[2]) & 0x00000002;
				_t200[2] = _t200[2] ^ ( !( *_t197 >> 5) ^ _t200[2]) & 0x00000001;
				_t131 = E0079B908(_t191);
				if((_t131 & 0x00000001) != 0) {
					_t200[3] = _t200[3] | 0x00000010;
				}
				if((_t131 & 0x00000004) != 0) {
					_t200[3] = _t200[3] | 0x00000008;
				}
				if((_t131 & 0x00000008) != 0) {
					_t200[3] = _t200[3] | 0x00000004;
				}
				if((_t131 & 0x00000010) != 0) {
					_t200[3] = _t200[3] | 0x00000002;
				}
				if((_t131 & 0x00000020) != 0) {
					_t200[3] = _t200[3] | 0x00000001;
				}
				_t133 =  *_t197 & 0x00000c00;
				if(_t133 == 0) {
					 *_t200 =  *_t200 & 0xfffffffc;
				} else {
					if(_t133 == 0x400) {
						_t184 =  *_t200 & 0xfffffffd | 0x00000001;
						L26:
						 *_t200 = _t184;
						L29:
						_t135 =  *_t197 & 0x00000300;
						if(_t135 == 0) {
							_t138 =  *_t200 & 0xffffffeb | 0x00000008;
							L35:
							 *_t200 = _t138;
							L36:
							 *_t200 =  *_t200 ^ (_a16 << 0x00000005 ^  *_t200) & 0x0001ffe0;
							_t143 = _t200[8];
							_t189 = _a24;
							if(_a28 == 0) {
								_t200[8] = _t143 & 0xffffffe3 | 0x00000003;
								_t200[4] =  *_a20;
								_t200[0x18] = _t200[0x18] & 0xffffffe3 | 0x00000003;
								_t200[0x14] =  *_t189;
							} else {
								_t200[8] = _t143 & 0xffffffe1 | 0x00000001;
								_t200[4] =  *_a20;
								_t200[0x18] = _t200[0x18] & 0xffffffe1 | 0x00000001;
								_t200[0x14] =  *_t189;
							}
							E0079B91D(0x300);
							E0079B08B(_v8, 0, 1,  &_a4);
							_t194 = _a4;
							if((_t194[2] & 0x00000010) != 0) {
								 *_t197 =  *_t197 & 0xfffffffe;
							}
							if((_t194[2] & 0x00000008) != 0) {
								 *_t197 =  *_t197 & 0xfffffffb;
							}
							if((_t194[2] & 0x00000004) != 0) {
								 *_t197 =  *_t197 & 0xfffffff7;
							}
							if((_t194[2] & 0x00000002) != 0) {
								 *_t197 =  *_t197 & 0xffffffef;
							}
							if((_t194[2] & 0x00000001) != 0) {
								 *_t197 =  *_t197 & 0xffffffdf;
							}
							_t155 =  *_t194 & 0x00000003;
							if(_t155 == 0) {
								 *_t197 =  *_t197 & 0xfffff3ff;
							} else {
								_t166 = _t155 - 1;
								if(_t166 == 0) {
									_t169 =  *_t197 & 0xfffff7ff | 0x00000400;
									L55:
									 *_t197 = _t169;
									L58:
									_t159 =  *_t194 >> 0x00000002 & 0x00000007;
									if(_t159 == 0) {
										_t162 =  *_t197 & 0xfffff3ff | 0x00000300;
										L64:
										 *_t197 = _t162;
										L65:
										if(_a28 == 0) {
											 *_t189 = _t194[0x14];
										} else {
											 *_t189 = _t194[0x14];
										}
										return _t162;
									}
									_t163 = _t159 - 1;
									if(_t163 == 0) {
										_t162 =  *_t197 & 0xfffff3ff | 0x00000200;
										goto L64;
									}
									_t162 = _t163 - 1;
									if(_t162 == 0) {
										 *_t197 =  *_t197 & 0xfffff3ff;
									}
									goto L65;
								}
								_t170 = _t166 - 1;
								if(_t170 == 0) {
									_t169 =  *_t197 & 0xfffffbff | 0x00000800;
									goto L55;
								}
								if(_t170 == 1) {
									 *_t197 =  *_t197 | 0x00000c00;
								}
							}
							goto L58;
						}
						if(_t135 == 0x200) {
							_t138 =  *_t200 & 0xffffffe7 | 0x00000004;
							goto L35;
						}
						if(_t135 == 0x300) {
							 *_t200 =  *_t200 & 0xffffffe3;
						}
						goto L36;
					}
					if(_t133 == 0x800) {
						_t184 =  *_t200 & 0xfffffffe | 0x00000002;
						goto L26;
					}
					if(_t133 == 0xc00) {
						 *_t200 =  *_t200 | 0x00000003;
					}
				}
			}

0x0079b0e7
0x0079b0ec
0x0079b0ed
0x0079b0f4
0x0079b0f7
0x0079b0fa
0x0079b0fd
0x0079b100
0x0079b105
0x0079b107
0x0079b10b
0x0079b10b
0x0079b114
0x0079b116
0x0079b11a
0x0079b11a
0x0079b123
0x0079b125
0x0079b129
0x0079b129
0x0079b132
0x0079b134
0x0079b138
0x0079b138
0x0079b141
0x0079b143
0x0079b147
0x0079b147
0x0079b14f
0x0079b15f
0x0079b16e
0x0079b17d
0x0079b18d
0x0079b19d
0x0079b1a0
0x0079b1a7
0x0079b1a9
0x0079b1a9
0x0079b1af
0x0079b1b1
0x0079b1b1
0x0079b1b7
0x0079b1b9
0x0079b1b9
0x0079b1bf
0x0079b1c1
0x0079b1c1
0x0079b1c7
0x0079b1c9
0x0079b1c9
0x0079b1d4
0x0079b1d6
0x0079b205
0x0079b1d8
0x0079b1dd
0x0079b200
0x0079b1f7
0x0079b1f7
0x0079b208
0x0079b20f
0x0079b211
0x0079b232
0x0079b235
0x0079b235
0x0079b237
0x0079b244
0x0079b249
0x0079b24c
0x0079b24f
0x0079b27b
0x0079b283
0x0079b28f
0x0079b294
0x0079b251
0x0079b257
0x0079b25f
0x0079b26b
0x0079b270
0x0079b270
0x0079b297
0x0079b2a8
0x0079b2ad
0x0079b2b4
0x0079b2b6
0x0079b2b6
0x0079b2bd
0x0079b2bf
0x0079b2bf
0x0079b2c6
0x0079b2c8
0x0079b2c8
0x0079b2cf
0x0079b2d1
0x0079b2d1
0x0079b2d8
0x0079b2da
0x0079b2da
0x0079b2e2
0x0079b2e9
0x0079b31a
0x0079b2eb
0x0079b2eb
0x0079b2ec
0x0079b313
0x0079b308
0x0079b308
0x0079b31c
0x0079b324
0x0079b326
0x0079b341
0x0079b346
0x0079b346
0x0079b348
0x0079b34c
0x0079b358
0x0079b34e
0x0079b351
0x0079b351
0x0079b35d
0x0079b35d
0x0079b328
0x0079b329
0x0079b336
0x00000000
0x0079b336
0x0079b32b
0x0079b32c
0x0079b32e
0x0079b32e
0x00000000
0x0079b32c
0x0079b2ee
0x0079b2ef
0x0079b303
0x00000000
0x0079b303
0x0079b2f2
0x0079b2f4
0x0079b2f4
0x0079b2f2
0x00000000
0x0079b2e9
0x0079b218
0x0079b228
0x00000000
0x0079b228
0x0079b21c
0x0079b21e
0x0079b21e
0x00000000
0x0079b21c
0x0079b1e4
0x0079b1f4
0x00000000
0x0079b1f4
0x0079b1e8
0x0079b1ea
0x0079b1ea
0x0079b1e8

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9ea8a5cce64cf5c216998eda348521a406c0f5b5e816de941c4428d2ab67aee
Instruction ID: 56425180d38c4b731b4e4d118d21a17c0f41e70ee0801490540be6ae3b1ce99b
Opcode Fuzzy Hash: d9ea8a5cce64cf5c216998eda348521a406c0f5b5e816de941c4428d2ab67aee
Instruction Fuzzy Hash: CE916171510B0ACFDB25CF29E686A66BBE0FF01364F648A5CD4E6D75A0C338E951DB00

Uniqueness

Uniqueness Score: 0.00%

Function 007229EE, Relevance: .2, Instructions: 232
COMMONCrypto

C-Code - Quality: 70%

			E007229EE(unsigned int _a4, signed int _a8, signed int _a12) {
				char _v8;
				unsigned int _v12;
				unsigned int _v16;
				char _v20;
				signed int _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				signed int _v92;
				signed int _v96;
				char _v100;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t108;
				intOrPtr _t110;
				signed int _t113;
				signed int _t116;
				signed int _t119;
				signed int _t123;
				intOrPtr* _t124;
				signed int _t125;
				signed int _t130;
				unsigned int _t132;
				signed int* _t133;
				signed char _t135;
				void* _t136;
				signed int _t139;
				intOrPtr* _t140;
				intOrPtr _t145;
				intOrPtr _t146;
				unsigned int _t147;
				signed int _t149;
				signed char _t153;
				unsigned int _t156;
				unsigned int _t160;
				signed int _t162;
				signed int _t170;
				void* _t172;
				signed int _t174;
				unsigned int _t175;
				unsigned int _t177;

				_t175 = 0;
				_v12 = 0;
				if(_a12 > 0x7fffffff) {
					L33:
					_t174 = 0;
					__eflags = 0;
					L34:
					_t146 =  *[fs:0x18];
					_push(0xc0000017);
					 *((intOrPtr*)( *[fs:0x18] + 0xbf4)) = 0xc0000017;
					_t108 = E007238B5(_t146, _t174, 0xc0000017, __eflags);
					__eflags = _a8 & 0x00000004;
					 *((intOrPtr*)(_t146 + 0x34)) = _t108;
					if((_a8 & 0x00000004) != 0) {
						_t116 = _v12;
						_v92 = _v92 & 0x00000000;
						_v96 = _v96 & 0x00000000;
						_v100 = 0xc0000017;
						_v84 = 1;
						__eflags = _t116;
						if(_t116 == 0) {
							_t116 = _a12;
						}
						_v80 = _t116;
						_push( &_v100);
						_v88 = E00716C88;
						E00716C88(_t148, _t163, _t174, 0xc0000017);
					}
					_t147 = _a4;
					L16:
					if( *0x7ffe0380 != 0) {
						_t110 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t110 + 0x240) & 0x00000001;
						if(( *(_t110 + 0x240) & 0x00000001) == 0) {
							goto L17;
						}
						__eflags =  *(_t147 + 0x44) & 0x01000000;
						if(( *(_t147 + 0x44) & 0x01000000) != 0) {
							goto L17;
						}
						__eflags = _a8 & 0x61000000;
						if((_a8 & 0x61000000) == 0) {
							L43:
							__eflags = _t174;
							if(_t174 == 0) {
								L50:
								E00794653(_t147, _t174, _a12, _v20);
								goto L17;
							}
							_t79 = _t174 - 8; // -8
							_t113 = _t79;
							__eflags =  *((char*)(_t113 + 7)) - 5;
							_t149 = _t113;
							if( *((char*)(_t113 + 7)) == 5) {
								_t149 = _t149 - (( *(_t113 + 6) & 0x000000ff) << 3);
								__eflags = _t149;
							}
							__eflags =  *(_t149 + 7) & 0x00000080;
							if(( *(_t149 + 7) & 0x00000080) != 0) {
								goto L50;
							} else {
								__eflags =  *((char*)(_t113 + 7)) - 5;
								if( *((char*)(_t113 + 7)) == 5) {
									_t113 = _t113 - (( *(_t113 + 6) & 0x000000ff) << 3);
									__eflags = _t113;
								}
								_t153 =  *(_t147 + 0x4c) >> 0x00000014 &  *(_t147 + 0x52) >> 0x00000003 ^  *(_t113 + 2) >> 0x00000003;
								__eflags = _t153 & 0x00000001;
								if((_t153 & 0x00000001) != 0) {
									goto L17;
								} else {
									goto L50;
								}
							}
						}
						__eflags = _a8 & 0x10000000;
						if((_a8 & 0x10000000) == 0) {
							goto L17;
						}
						goto L43;
					}
					L17:
					return _t174;
				}
				_t147 = _a4;
				_t119 =  *(_t147 + 0x44);
				_t156 =  *(_t147 + 0x5c);
				_a8 = _a8 | _t119;
				_v16 = _t156;
				if(_t156 != 0) {
					__eflags = _a8 & 0x3c000102;
					if(__eflags != 0) {
						L52:
						_v16 = _t175;
						goto L2;
					}
					__eflags = _t119 & 0x01000000;
					if(__eflags != 0) {
						goto L52;
					}
					_t139 = _t156 - 0x00000001 & 0x0000ffff;
					_v8 = 0;
					__eflags = _t139 -  *0x7afa38;
					if(_t139 >=  *0x7afa38) {
						_t140 = 0;
						__eflags = 0;
					} else {
						_t140 =  *((intOrPtr*)(_t139 * 4 + ";Ay"));
					}
					_t163 =  &_v8;
					_t148 = _t156 >> 0x10;
					__eflags =  *_t140(_t147, 1, _t156 >> 0x10,  &_v8);
					if(__eflags >= 0) {
						_t145 = (_v8 + 0x00000007 & 0xfffffff8) + 8;
						_a12 = _a12 + _t145;
						_v8 = _t145;
						goto L2;
					} else {
						goto L33;
					}
				}
				L2:
				if((_a8 & 0x7d810f61) != 0) {
					L18:
					_t163 = _a8 | 0x00000002;
					_t148 = _t147;
					_t174 = E0072595C(_t147, _t147, _a8 | 0x00000002, _t173, _t175, __eflags, _a12, _v12, _t175,  &_v20);
					L14:
					if(_t174 == 0) {
						goto L34;
					}
					_t177 = _v16;
					if(_t177 != 0) {
						_t99 = _t177 - 1; // 0x7
						_t123 = _t99 & 0x0000ffff;
						__eflags = _t123 -  *0x7afa38;
						if(_t123 >=  *0x7afa38) {
							_t124 = 0;
							__eflags = 0;
						} else {
							_t124 =  *((intOrPtr*)(_t123 * 4 + ";Ay"));
						}
						_t148 = _t177 >> 0x10;
						_t125 =  *_t124(_t147, 2, _t177 >> 0x10, _t174);
						__eflags = _t125;
						if(_t125 >= 0) {
							_a12 = _a12 - _v8;
							_t174 = E0077DD51(_t147, _a8, _t174, _a12, _v8, _t177);
							goto L16;
						} else {
							_t174 = 0;
							E00722882(_t148, _t147, 0, 0);
							goto L34;
						}
					}
					goto L16;
				}
				if(_a12 == _t175) {
					_t130 = 1;
				} else {
					_t130 = _a12;
				}
				_t132 = _t130 + 0x0000000f & 0xfffffff8;
				_v12 = _t132;
				_t133 =  *(_t147 + 0xb8);
				_t160 = _t132 >> 3;
				while(_t160 >= _t133[1]) {
					_t170 =  *_t133;
					__eflags = _t170;
					if(__eflags == 0) {
						_t160 = _t133[1] - 1;
						break;
					}
					_t133 = _t170;
				}
				_t172 = _t133[1] - 1;
				if(_t160 >= _t172) {
					_t175 = 0;
					__eflags =  *_t133;
					if(__eflags == 0) {
						goto L18;
					}
					__eflags = _t160 - _t172;
					if(__eflags == 0) {
						goto L8;
					}
					goto L18;
				}
				L8:
				_t162 = _t160 - _t133[5];
				if(_t133[2] != 0) {
					_t162 = _t162 + _t162;
				}
				_t175 = _t133[8] + _t162 * 4;
				if(_t175 == 0) {
					goto L18;
				} else {
					_t135 =  *(_t175 + 4);
					_t190 = _t135 & 0x00000001;
					if((_t135 & 0x00000001) == 0) {
						goto L18;
					}
					_t163 = _a12;
					_t148 = _t135 - 1;
					_v20 = 2;
					_t136 = E00722ADC(_t147, _t135 - 1, _a12, _t173, _t175, _t190);
					_t173 = _t136;
					if(_t136 == 0) {
						goto L18;
					}
					if((_a8 & 0x00000008) != 0) {
						E00704EC0(_t173, 0, _a12);
					}
					goto L14;
				}
			}

0x007229f8
0x00722a02
0x00722a05
0x0074d711
0x0074d711
0x0074d711
0x0074d713
0x0074d719
0x0074d725
0x0074d726
0x0074d72c
0x0074d731
0x0074d735
0x0074d738
0x0074d73a
0x0074d73d
0x0074d741
0x0074d745
0x0074d748
0x0074d74f
0x0074d751
0x0074d753
0x0074d753
0x0074d756
0x0074d75c
0x0074d75d
0x0074d764
0x0074d764
0x0074d769
0x00722ac1
0x00722ac8
0x0074d777
0x0074d77a
0x0074d781
0x00000000
0x00000000
0x0074d787
0x0074d78e
0x00000000
0x00000000
0x0074d794
0x0074d79b
0x0074d7aa
0x0074d7aa
0x0074d7ac
0x0074d7f6
0x0074d7fe
0x00000000
0x0074d7fe
0x0074d7ae
0x0074d7ae
0x0074d7b1
0x0074d7b5
0x0074d7b7
0x0074d7c0
0x0074d7c0
0x0074d7c0
0x0074d7c2
0x0074d7c6
0x00000000
0x0074d7c8
0x0074d7c8
0x0074d7cc
0x0074d7d5
0x0074d7d5
0x0074d7d5
0x0074d7eb
0x0074d7ed
0x0074d7f0
0x00000000
0x00000000
0x00000000
0x00000000
0x0074d7f0
0x0074d7c6
0x0074d79d
0x0074d7a4
0x00000000
0x00000000
0x00000000
0x0074d7a4
0x00722ace
0x00722ad4
0x00722ad4
0x00722a0b
0x00722a0e
0x00722a11
0x00722a14
0x00722a17
0x00722a1c
0x0074d6c8
0x0074d6cf
0x0074d81f
0x0074d81f
0x00000000
0x0074d81f
0x0074d6d5
0x0074d6da
0x00000000
0x00000000
0x0074d6e3
0x0074d6e6
0x0074d6e9
0x0074d6ef
0x0074d6fa
0x0074d6fa
0x0074d6f1
0x0074d6f1
0x0074d6f1
0x0074d6fc
0x0074d700
0x0074d709
0x0074d70b
0x0074d811
0x0074d814
0x0074d817
0x00000000
0x00000000
0x00000000
0x00000000
0x0074d70b
0x00722a22
0x00722a29
0x00725938
0x00725943
0x00725949
0x00725950
0x00722aae
0x00722ab0
0x00000000
0x00000000
0x00722ab6
0x00722abb
0x0074d827
0x0074d82a
0x0074d82d
0x0074d833
0x0074d83e
0x0074d83e
0x0074d835
0x0074d835
0x0074d835
0x0074d843
0x0074d84a
0x0074d84c
0x0074d84e
0x0074d862
0x0074d875
0x00000000
0x0074d850
0x0074d851
0x0074d855
0x00000000
0x0074d855
0x0074d84e
0x00000000
0x00722abb
0x00722a32
0x00734e20
0x00722a38
0x00722a38
0x00722a38
0x00722a3e
0x00722a43
0x00722a46
0x00722a4c
0x00722a4f
0x007266ff
0x00726701
0x00726703
0x0072a1f1
0x00000000
0x0072a1f1
0x00726709
0x00726709
0x00722a5b
0x00722a5e
0x0072a1d7
0x0072a1d9
0x0072a1db
0x00000000
0x00000000
0x0072a1e1
0x0072a1e3
0x00000000
0x00000000
0x00000000
0x0072a1e9
0x00722a64
0x00722a64
0x00722a6b
0x00722a6d
0x00722a6d
0x00722a72
0x00722a77
0x00000000
0x00722a7d
0x00722a7d
0x00722a80
0x00722a82
0x00000000
0x00000000
0x00722a88
0x00722a8b
0x00722a8e
0x00722a95
0x00722a9a
0x00722a9e
0x00000000
0x00000000
0x00722aa8
0x0072e9e4
0x0072e9e9
0x00000000
0x00722aa8

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae34bb0bce99c0e31a90f9854845981c961d0e66c0918d4ac0a51d17d79ea1da
Instruction ID: 2c5eaf1c1e51886696b603a8f221a34e991e523eb074822fcd2fa49e892a0e0f
Opcode Fuzzy Hash: ae34bb0bce99c0e31a90f9854845981c961d0e66c0918d4ac0a51d17d79ea1da
Instruction Fuzzy Hash: 4181ED71A00269EFDB36CF28C884BBE77B5AF40710F198158EC969B296D738DD42CB50

Uniqueness

Uniqueness Score: 0.00%

Function 006E0E52, Relevance: .2, Instructions: 228
COMMONCrypto

C-Code - Quality: 66%

			E006E0E52(signed int _a4) {
				signed int _v8;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t95;
				signed int _t97;
				signed short* _t98;
				signed int* _t106;
				signed short _t109;
				signed short _t110;
				signed int* _t118;
				signed int _t120;
				signed short _t122;
				signed short _t123;
				void* _t124;
				signed int _t125;
				intOrPtr* _t130;
				signed short* _t136;
				signed int _t138;
				signed int _t140;
				signed short _t146;
				signed int _t147;
				intOrPtr _t150;
				signed short _t151;
				signed short _t154;
				signed short _t155;
				intOrPtr _t156;
				signed short _t161;
				signed int* _t162;
				signed int* _t171;
				signed int _t172;
				signed short* _t175;

				_v8 = _v8 & 0x00000000;
				_t120 = _a4;
				_t95 = _t120 + 0xc4;
				_t171 =  *(_t95 + 4);
				if(_t95 == _t171) {
					L15:
					return _v8;
				} else {
					do {
						_t175 = _t171 - 8;
						if( *(_t120 + 0x4c) != 0) {
							 *_t175 =  *_t175 ^  *(_t120 + 0x50);
							if(_t175[1] != (_t175[1] ^ _t175[0] ^  *_t175)) {
								_push(0);
								_push(_t175);
								_push(_t120);
								E00794BBA(_t120, _t171, _t175, __eflags);
							}
						}
						_t97 =  *_t175 & 0x0000ffff;
						_t172 =  *_t171;
						_v20 = _t97;
						_v32 = _t97;
						if((_t175[1] & 0x00000008) != 0) {
							_t123 = _t175[6];
							_t37 =  &(_t175[4]); // 0x8
							_t98 = _t37;
							_t155 =  *_t98;
							_v28 = _t155;
							_t156 =  *((intOrPtr*)(_t155 + 4));
							_v32 = _t123;
							_t124 =  *_t123;
							__eflags = _t124 - _t156;
							if(__eflags != 0) {
								L53:
								_push(0);
								_push(_t124);
								_push(_t156);
								_push(_t98);
								_push(_t120);
								_push(0xc);
								E00794B0C(_t120, _t124, _t156, _t172, _t175, __eflags);
								L60:
								_t171 =  *(_t120 + 0xc8);
								goto L10;
							}
							__eflags = _t124 - _t98;
							if(__eflags != 0) {
								goto L53;
							}
							 *((intOrPtr*)(_t120 + 0x78)) =  *((intOrPtr*)(_t120 + 0x78)) - ( *_t175 & 0x0000ffff);
							_t109 =  *(_t120 + 0xb8);
							__eflags = _t109;
							if(_t109 == 0) {
								L50:
								_t110 = _v28;
								_t136 = _v32;
								 *_t136 = _t110;
								 *(_t110 + 4) = _t136;
								__eflags = _t175[1] & 0x00000008;
								if((_t175[1] & 0x00000008) != 0) {
									E006FC30D(_t120, _t175);
								}
								_push(1);
								_push( *_t175 & 0x0000ffff);
								_push(_t175);
								L59:
								_push(_t120);
								E006FE4D7(_t120, _t172);
								goto L60;
							}
							_t138 =  *_t175 & 0x0000ffff;
							while(1) {
								__eflags = _t138 -  *(_t109 + 4);
								if(_t138 <  *(_t109 + 4)) {
									break;
								}
								_t161 =  *_t109;
								__eflags = _t161;
								if(_t161 == 0) {
									_t122 =  *(_t109 + 4) - 1;
									__eflags = _t122;
									_v12 = _t122;
									L28:
									_t140 = _t122 -  *((intOrPtr*)(_t109 + 0x14));
									__eflags =  *(_t109 + 8);
									_v16 = _t140;
									if( *(_t109 + 8) != 0) {
										_t140 = _t140 + _t140;
										__eflags = _t140;
									}
									_t172 = _t140 << 2;
									_t162 = _t172 +  *((intOrPtr*)(_t109 + 0x20));
									 *((intOrPtr*)(_t109 + 0xc)) =  *((intOrPtr*)(_t109 + 0xc)) - 1;
									_v24 =  *_t162;
									__eflags = _t122 -  *(_t109 + 4) - 1;
									if(_t122 ==  *(_t109 + 4) - 1) {
										_t57 = _t109 + 0x10;
										 *_t57 =  *(_t109 + 0x10) - 1;
										__eflags =  *_t57;
									}
									_t59 =  &(_t175[4]); // 0x8
									__eflags = _v24 - _t59;
									if(_v24 != _t59) {
										_t120 = _a4;
										goto L50;
									} else {
										__eflags =  *_t109;
										_t146 =  *(_t109 + 4);
										if( *_t109 == 0) {
											_t146 = _t146 - 1;
											__eflags = _t146;
										}
										__eflags = _v12 - _t146;
										_t147 = _t175[4];
										_t120 = _a4;
										if(_v12 >= _t146) {
											__eflags = _t147 -  *((intOrPtr*)(_t109 + 0x18));
											if(_t147 ==  *((intOrPtr*)(_t109 + 0x18))) {
												 *_t162 =  *_t162 & 0x00000000;
												goto L45;
											}
											 *_t162 = _t147;
											goto L50;
										} else {
											_v24 = _t147;
											__eflags = _t147 -  *((intOrPtr*)(_t109 + 0x18));
											if(_t147 ==  *((intOrPtr*)(_t109 + 0x18))) {
												L44:
												_t150 =  *((intOrPtr*)(_t109 + 0x20));
												_t78 = _t172 + _t150;
												 *_t78 =  *(_t172 + _t150) & 0x00000000;
												__eflags =  *_t78;
												L45:
												 *( *((intOrPtr*)(_t109 + 0x1c)) + (_v16 >> 5) * 4) =  *( *((intOrPtr*)(_t109 + 0x1c)) + (_v16 >> 5) * 4) &  !(1 << (_v16 & 0x0000001f));
												goto L50;
											}
											__eflags =  *(_t120 + 0x4c);
											if( *(_t120 + 0x4c) == 0) {
												_t151 =  *(_t147 - 8) & 0x0000ffff;
											} else {
												_t154 =  *(_t147 - 8);
												__eflags =  *(_t120 + 0x4c) & _t154;
												if(( *(_t120 + 0x4c) & _t154) != 0) {
													_t154 = _t154 ^  *(_t120 + 0x50);
													__eflags = _t154;
												}
												_t151 = _t154 & 0x0000ffff;
											}
											__eflags = ( *_t175 & 0x0000ffff) != (_t151 & 0x0000ffff);
											if(( *_t175 & 0x0000ffff) != (_t151 & 0x0000ffff)) {
												goto L44;
											} else {
												 *(_t172 +  *((intOrPtr*)(_t109 + 0x20))) = _v24;
												goto L50;
											}
										}
									}
								}
								_t109 = _t161;
							}
							_t122 = _t138;
							_v12 = _t138;
							goto L28;
						}
						_t118 = E00725DD8(_t120, _t175,  &_v20, 1);
						_t125 = _v20;
						if(_t125 != _v32) {
							__eflags = _t118 - _t175;
							if(_t118 == _t175) {
								L58:
								_push(1);
								_push(_t125);
								_push(_t118);
								goto L59;
							}
							__eflags =  *_t118 - 0x200;
							if( *_t118 < 0x200) {
								L57:
								E0072EB88(_t120, _t118, _t125);
								goto L60;
							}
							__eflags =  *(_t120 + 0x54) ^ _t118[1];
							if(( *(_t120 + 0x54) ^ _t118[1]) == 0) {
								goto L58;
							}
							goto L57;
						}
						_t130 = _v8;
						if(_t130 != 0) {
							__eflags =  *_t130 -  *_t118;
							if(__eflags < 0) {
								goto L7;
							}
							L8:
							if( *(_t120 + 0x4c) != 0) {
								_t118[0] = _t118[0] ^ _t118[0] ^  *_t118;
								 *_t118 =  *_t118 ^  *(_t120 + 0x50);
							}
							goto L10;
						}
						L7:
						_v8 = _t118;
						goto L8;
						L10:
					} while (_t120 + 0xc4 != _t171);
					if(_v8 != 0 &&  *(_t120 + 0x4c) != 0) {
						_t106 = _v8;
						 *_t106 =  *_t106 ^  *(_t120 + 0x50);
						if(_t106[0] != (_t106[0] ^ _t106[0] ^  *_t106)) {
							_push(0);
							_push(_t106);
							_push(_t120);
							E00794BBA(_t120, _t171, 0, __eflags);
						}
					}
					goto L15;
				}
			}

0x006e0e5a
0x006e0e5f
0x006e0e62
0x006e0e69
0x006e0e6e
0x006e0f12
0x006e0f18
0x006e0e74
0x006e0e75
0x006e0e79
0x006e0e7c
0x006e0e81
0x006e0e8e
0x0074d538
0x0074d53a
0x0074d53b
0x0074d53c
0x0074d53c
0x006e0e8e
0x006e0e94
0x006e0e97
0x006e0e99
0x006e0ea0
0x006e0ea3
0x0074d546
0x0074d549
0x0074d549
0x0074d54c
0x0074d54e
0x0074d551
0x0074d554
0x0074d557
0x0074d559
0x0074d55b
0x0074d675
0x0074d675
0x0074d677
0x0074d678
0x0074d679
0x0074d67a
0x0074d67b
0x0074d67d
0x0074d6b0
0x0074d6b0
0x00000000
0x0074d6b0
0x0074d561
0x0074d563
0x00000000
0x00000000
0x0074d56c
0x0074d56f
0x0074d575
0x0074d577
0x0074d652
0x0074d652
0x0074d655
0x0074d658
0x0074d65a
0x0074d65d
0x0074d661
0x0074d667
0x0074d667
0x0074d66f
0x0074d671
0x0074d672
0x0074d6aa
0x0074d6aa
0x0074d6ab
0x00000000
0x0074d6ab
0x0074d57d
0x0074d58a
0x0074d58a
0x0074d58d
0x00000000
0x00000000
0x0074d582
0x0074d584
0x0074d586
0x0074d599
0x0074d599
0x0074d59a
0x0074d59d
0x0074d59f
0x0074d5a2
0x0074d5a6
0x0074d5a9
0x0074d5ab
0x0074d5ab
0x0074d5ab
0x0074d5b2
0x0074d5b5
0x0074d5ba
0x0074d5bd
0x0074d5c4
0x0074d5c6
0x0074d5c8
0x0074d5c8
0x0074d5c8
0x0074d5c8
0x0074d5cb
0x0074d5ce
0x0074d5d1
0x0074d64f
0x00000000
0x0074d5d3
0x0074d5d3
0x0074d5d6
0x0074d5d9
0x0074d5db
0x0074d5db
0x0074d5db
0x0074d5dc
0x0074d5df
0x0074d5e2
0x0074d5e5
0x0074d641
0x0074d644
0x0074d64a
0x00000000
0x0074d64a
0x0074d646
0x00000000
0x0074d5e7
0x0074d5e7
0x0074d5ea
0x0074d5ed
0x0074d61e
0x0074d61e
0x0074d621
0x0074d621
0x0074d621
0x0074d625
0x0074d63d
0x00000000
0x0074d63d
0x0074d5ef
0x0074d5f3
0x0074d605
0x0074d5f5
0x0074d5f5
0x0074d5f8
0x0074d5fb
0x0074d5fd
0x0074d5fd
0x0074d5fd
0x0074d600
0x0074d600
0x0074d60f
0x0074d611
0x00000000
0x0074d613
0x0074d619
0x00000000
0x0074d619
0x0074d611
0x0074d5e5
0x0074d5d1
0x0074d588
0x0074d588
0x0074d58f
0x0074d591
0x00000000
0x0074d591
0x006e0eb1
0x006e0eb6
0x006e0ebc
0x0074d684
0x0074d686
0x0074d6a6
0x0074d6a6
0x0074d6a8
0x0074d6a9
0x00000000
0x0074d6a9
0x0074d68d
0x0074d690
0x0074d69c
0x0074d69f
0x00000000
0x0074d69f
0x0074d696
0x0074d69a
0x00000000
0x00000000
0x00000000
0x0074d69a
0x006e0ec2
0x006e0ec7
0x006e0f1e
0x006e0f21
0x00000000
0x00000000
0x006e0ecc
0x006e0ed0
0x006e0eda
0x006e0ee0
0x006e0ee0
0x00000000
0x006e0ed0
0x006e0ec9
0x006e0ec9
0x00000000
0x006e0ee2
0x006e0ee8
0x006e0ef1
0x006e0ef8
0x006e0efe
0x006e0f0b
0x0074d6bb
0x0074d6bc
0x0074d6bd
0x0074d6be
0x0074d6be
0x006e0f0b
0x00000000
0x006e0f11

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 131bf528440b8717b20f3c4be1235173fec191b79e22577fede00b4d6b71974a
Instruction ID: 2e05399f2a684dc6fcc70d6285010c7d4be035b2991bf412cf1c19fee324f472
Opcode Fuzzy Hash: 131bf528440b8717b20f3c4be1235173fec191b79e22577fede00b4d6b71974a
Instruction Fuzzy Hash: 04919E70600255DFDB28CF15C494EBABBF6FF49304F2684ADE88A4B256D778AC80CB51

Uniqueness

Uniqueness Score: 0.00%

Function 00794BBA, Relevance: .2, Instructions: 188
COMMONCrypto

C-Code - Quality: 64%

			E00794BBA(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t81;
				intOrPtr _t83;
				signed int _t87;
				signed char _t92;
				intOrPtr _t93;
				signed short _t96;
				intOrPtr* _t97;
				signed short* _t100;
				signed int _t101;
				signed short _t102;
				intOrPtr* _t103;
				intOrPtr* _t104;
				intOrPtr _t120;
				void* _t132;

				_push(0x18);
				_push(0x7219b8);
				E00722824(__ebx, __edi, __esi);
				 *(_t132 - 0x1c) =  *(_t132 - 0x1c) & 0x00000000;
				if(E00735DD8() == 0) {
					 *(_t132 - 4) =  *(_t132 - 4) & 0x00000000;
					_t120 =  *((intOrPtr*)(_t132 + 8));
					_t81 =  *(_t132 + 0xc);
					if(( *_t81 &  *(_t120 + 0x4c)) != 0) {
						L33:
						_t83 =  *((intOrPtr*)(_t132 - 0x20));
					} else {
						 *(_t132 - 0x1c) = 0xa;
						if(( *(_t120 + 0x40) & 0x04000000) != 0 ||  *(_t81 + 3) == ( *(_t81 + 2) ^  *(_t81 + 1) ^  *_t81)) {
							 *(_t132 - 0x1c) = 1;
							_t92 =  *((intOrPtr*)(_t81 + 6));
							if(_t92 == 0) {
								_t83 = _t120;
							} else {
								_t83 = (_t81 & 0xffff0000) - ((_t92 & 0x000000ff) - 1 << 0x10);
							}
							 *((intOrPtr*)(_t132 - 0x20)) = _t83;
							if( *((intOrPtr*)(_t83 + 8)) == 0xffeeffee) {
								_t93 =  *((intOrPtr*)(_t81 + 7));
								if(_t93 == 4) {
									L12:
									 *(_t132 - 0x1c) = 3;
									if(_t93 != 3) {
										_t111 =  *_t81 & 0x0000ffff;
										 *(_t132 - 0x1c) = 6;
										__eflags = ( *(_t120 + 0x54) ^  *(_t81 + ( *_t81 & 0xffff) * 8 + 4)) - _t111;
										if(__eflags == 0) {
											goto L22;
										}
									} else {
										_t103 = _t81 + 8;
										_t111 =  *(_t103 + 0x10);
										if((_t111 & 0x00000fff) == 0 && _t111 >=  *((intOrPtr*)(_t83 + 0x1c)) &&  *((intOrPtr*)(_t103 + 0x14)) + _t111 <=  *((intOrPtr*)(_t83 + 0x28))) {
											 *(_t132 - 0x1c) = 4;
											_t111 =  *( *(_t103 + 4));
											if(_t111 ==  *((intOrPtr*)( *_t103 + 4)) && _t111 == _t103) {
												 *(_t132 - 0x1c) = 5;
												_t104 = _t103 + 8;
												_t111 =  *( *(_t104 + 4));
												if(_t111 ==  *((intOrPtr*)( *_t104 + 4)) && _t111 == _t104) {
													L22:
													 *(_t132 - 0x1c) = 7;
													_t96 =  *(_t120 + 0x54) & 0x0000ffff;
													_t111 =  *(_t81 + 4) & 0x0000ffff;
													if((_t111 ^ _t96) == 0) {
														L29:
														 *(_t132 - 0x1c) = 8;
														if(( *(_t81 + 2) & 0x00000001) != 0) {
															L32:
															 *(_t132 - 0x1c) = 9;
														} else {
															_t97 = _t81 + 8;
															_t111 =  *( *(_t97 + 4));
															if(_t111 ==  *((intOrPtr*)( *_t97 + 4)) && _t111 == _t97) {
																goto L32;
															}
														}
													} else {
														_t100 = _t81 - ((_t111 & 0x0000ffff ^ _t96 & 0x0000ffff) << 3);
														if( *(_t120 + 0x4c) == 0) {
															_t101 =  *_t100 & 0x0000ffff;
														} else {
															_t102 =  *_t100;
															 *(_t132 - 0x28) = _t102;
															if(( *(_t120 + 0x4c) & _t102) != 0) {
																_t102 = _t102 ^  *(_t120 + 0x50);
																 *(_t132 - 0x28) = _t102;
															}
															_t101 = _t102 & 0x0000ffff;
															_t83 =  *((intOrPtr*)(_t132 - 0x20));
														}
														_t111 =  *(_t120 + 0x54) ^  *(_t81 + 4);
														if(_t101 == ( *(_t120 + 0x54) ^  *(_t81 + 4))) {
															goto L29;
														}
													}
												}
											}
										}
									}
								} else {
									 *(_t132 - 0x1c) = 2;
									if(_t81 >=  *((intOrPtr*)(_t83 + 0x1c)) && _t81 <  *((intOrPtr*)(_t83 + 0x28)) &&  *((intOrPtr*)(_t83 + 0x18)) == _t120) {
										goto L12;
									}
								}
							}
						} else {
							goto L33;
						}
					}
					 *(_t132 - 4) = 0xfffffffe;
					if( *(_t120 + 0x4c) != 0) {
						 *(_t81 + 3) =  *(_t81 + 2) ^  *(_t81 + 1) ^  *_t81;
						 *_t81 =  *_t81 ^  *(_t120 + 0x50);
					}
					_t87 =  *(_t132 - 0x1c);
					_t162 = _t87 - 0xa;
					if(_t87 > 0xa) {
						L44:
						_push(0);
						_push(0);
						_push(_t87);
						_push(_t81);
						_push(_t120);
						_push(2);
					} else {
						_t74 = _t87 + 0x794e36; // 0x2010000
						_t111 =  *_t74 & 0x000000ff;
						switch( *((intOrPtr*)(( *_t74 & 0x000000ff) * 4 +  &M00794E1E))) {
							case 0:
								_push(0);
								_push(0);
								_push(_t87);
								_push(_t81);
								_push(_t120);
								_push(3);
								goto L45;
							case 1:
								_push(__esi);
								_push(__esi);
								_push( *((intOrPtr*)(__ebx + 0x18)));
								_push(__eax);
								_push(__edi);
								_push(0xb);
								goto L45;
							case 2:
								_push(__esi);
								_push(__esi);
								_push(3);
								_push(__eax);
								_push(__edi);
								_push(__esi);
								goto L45;
							case 3:
								_push(__esi);
								_push(__esi);
								_push(__ecx);
								_push(__eax);
								_push(__edi);
								_push(0xd);
								goto L45;
							case 4:
								_push(__esi);
								_push(__esi);
								_push(8);
								_push(__eax);
								_push(__edi);
								_push(0xc);
								goto L45;
							case 5:
								goto L44;
						}
					}
					L45:
					_t79 = E00794B0C(_t83, _t87, _t111, _t120, 0, _t162);
				}
				return E00722869(_t79);
			}

0x00794bba
0x00794bbc
0x00794bc1
0x00794bc6
0x00794bd1
0x00794bd7
0x00794bdb
0x00794be1
0x00794be6
0x00794d81
0x00794d81
0x00794bec
0x00794bec
0x00794bfa
0x00794c0d
0x00794c14
0x00794c19
0x00794c2e
0x00794c1b
0x00794c2a
0x00794c2a
0x00794c30
0x00794c3a
0x00794c40
0x00794c46
0x00794c6a
0x00794c6a
0x00794c74
0x00794ce2
0x00794ceb
0x00794cfa
0x00794cfd
0x00000000
0x00000000
0x00794c76
0x00794c76
0x00794c79
0x00794c82
0x00794c9f
0x00794cab
0x00794cb0
0x00794cbe
0x00794cc5
0x00794ccd
0x00794cd2
0x00794d03
0x00794d03
0x00794d0a
0x00794d0e
0x00794d19
0x00794d58
0x00794d58
0x00794d63
0x00794d78
0x00794d78
0x00794d65
0x00794d65
0x00794d6d
0x00794d72
0x00000000
0x00000000
0x00794d72
0x00794d1b
0x00794d28
0x00794d2e
0x00794d48
0x00794d30
0x00794d30
0x00794d32
0x00794d38
0x00794d3a
0x00794d3d
0x00794d3d
0x00794d40
0x00794d43
0x00794d43
0x00794d4f
0x00794d56
0x00000000
0x00000000
0x00794d56
0x00794d19
0x00794cd2
0x00794cb0
0x00794c82
0x00794c48
0x00794c48
0x00794c52
0x00000000
0x00000000
0x00794c52
0x00794c46
0x00000000
0x00000000
0x00000000
0x00794bfa
0x00794d84
0x00794db2
0x00794dbc
0x00794dc2
0x00794dc2
0x00794dc4
0x00794dc7
0x00794dca
0x00794e0a
0x00794e0a
0x00794e0b
0x00794e0c
0x00794e0d
0x00794e0e
0x00794e0f
0x00794dcc
0x00794dcc
0x00794dcc
0x00794dd3
0x00000000
0x00794dda
0x00794ddb
0x00794ddc
0x00794ddd
0x00794dde
0x00794ddf
0x00000000
0x00000000
0x00794de3
0x00794de4
0x00794de5
0x00794de8
0x00794de9
0x00794dea
0x00000000
0x00000000
0x00794dee
0x00794def
0x00794df0
0x00794df2
0x00794df3
0x00794df4
0x00000000
0x00000000
0x00794df7
0x00794df8
0x00794df9
0x00794dfa
0x00794dfb
0x00794dfc
0x00000000
0x00000000
0x00794e00
0x00794e01
0x00794e02
0x00794e04
0x00794e05
0x00794e06
0x00000000
0x00000000
0x00000000
0x00000000
0x00794dd3
0x00794e11
0x00794e11
0x00794e11
0x00794e1b

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cd483a853011726dbb3400a05b98f6ec029a9c402b1aec46474c548037b8067
Instruction ID: bb750cf78496d3e4da8cf6231a7e633a4705b70af20622ee165a93885f0b5e07
Opcode Fuzzy Hash: 7cd483a853011726dbb3400a05b98f6ec029a9c402b1aec46474c548037b8067
Instruction Fuzzy Hash: B8619174A002619FDF24CF51D898FBBBBB5FF56718F158088E6451B296D33CA842CBA0

Uniqueness

Uniqueness Score: 0.00%

Function 006F0BFB, Relevance: .2, Instructions: 175
COMMONCrypto

C-Code - Quality: 96%

			E006F0BFB(signed short* __ecx, intOrPtr _a4, intOrPtr _a8, signed int _a12, signed int _a16, signed int _a20) {
				signed int _v12;
				signed int _t79;
				unsigned int _t84;
				signed int _t85;
				signed short* _t88;
				intOrPtr* _t91;

				_t88 = __ecx;
				_push(__ecx);
				_push(__ecx);
				if(_a8 == 0) {
					L13:
					_t79 = _a12;
				} else {
					while(1) {
						L9:
						_t84 =  *_a12 & 0x0000ffff;
						_a8 = _a8 - 1;
						_t91 = (_t84 & 0x00000fff) + _a4;
						_t85 = _t84 >> 0xc;
						if(_t85 > 0xa) {
							break;
						}
						switch( *((intOrPtr*)(_t85 * 4 +  &M006F0BCA))) {
							case 0:
								L12:
								_a12 = _a12 + 2;
								if(_a8 != 0) {
									goto L9;
								} else {
									goto L13;
								}
								goto L14;
							case 1:
								_t82 = (( *_t88 & 0x0000ffff) << 0x10) + _t92;
								goto L2;
							case 2:
								 *__ecx =  *__ecx + __dx;
								goto L12;
							case 3:
								 *_t91 =  *_t91 + _t92;
								goto L12;
							case 4:
								__eax =  *__ecx & 0x0000ffff;
								__esi = __esi + 1;
								__esi = __esi + 1;
								_a8 = _a8 - 1;
								_a12 = __esi;
								__esi =  *__esi;
								__eax = ( *__ecx & 0x0000ffff) << 0x10;
								(( *__ecx & 0x0000ffff) << 0x10) + __edx = __esi + (( *__ecx & 0x0000ffff) << 0x10) + __edx + 0x8000;
								L2:
								 *_t88 = _t82 >> 0x10;
								goto L12;
							case 5:
								__eax =  *__ecx;
								__esi = 0x3ffffff;
								__edi = __eax;
								__edi = __eax & 0x03ffffff;
								__edi = __edx + (__eax & 0x03ffffff) * 4;
								__edi = __edx + (__eax & 0x03ffffff) * 4 >> 2;
								__edi = __edx + (__eax & 0x03ffffff) * 0x00000004 >> 0x00000002 ^ __eax;
								__edi = (__edx + (__eax & 0x03ffffff) * 0x00000004 >> 0x00000002 ^ __eax) & 0x03ffffff;
								__edi = (__edx + (__eax & 0x03ffffff) * 0x00000004 >> 0x00000002 ^ __eax) & 0x03ffffff ^ __eax;
								 *__ecx = (__edx + (__eax & 0x03ffffff) * 0x00000004 >> 0x00000002 ^ __eax) & 0x03ffffff ^ __eax;
								goto L12;
							case 6:
								goto L15;
							case 7:
								__edi = 0;
								__ecx = __ecx & 0xfffffff0;
								__eax =  *(__ecx + 0xc);
								__edx =  *(__ecx + 8);
								__esi = __eax;
								__esi = __eax >> 0x1b;
								__edi = (0 << 0x00000020 | __esi) << 0x17;
								_v12 = __edx;
								__esi = __esi << 0x17;
								__esi = __esi | __edx;
								 *(__ecx + 4) =  *(__ecx + 4) >> 0x18;
								__ebx = 0;
								__edi = (__edi << 0x00000020 | __esi) << 8;
								__esi = __esi << 8;
								__esi = __esi |  *(__ecx + 4) >> 0x00000018;
								__edx =  *(__ecx + 4);
								__edi = (__edi << 0x00000020 | __esi) << 0xa;
								 *(__ecx + 4) >> 0xe =  *(__ecx + 4) >> 0x0000000e & 0x000003ff;
								__esi = __esi << 0xa;
								__esi = __esi |  *(__ecx + 4) >> 0x0000000e & 0x000003ff;
								__edi = (__edi << 0x00000020 | __esi) << 1;
								__eax = __eax >> 0xc;
								__edx = __eax >> 0x0000000c & 0x00000001;
								__esi = __esi + __esi;
								__esi = __esi | __eax >> 0x0000000c & 0x00000001;
								__edi = (__edi << 0x00000020 | __esi) << 5;
								__eax = __eax >> 0xd;
								__edx = __eax >> 0x0000000d & 0x0000001f;
								__esi = __esi << 5;
								__esi = __esi | __eax >> 0x0000000d & 0x0000001f;
								__edi = (__edi << 0x00000020 | __esi) << 9;
								__edx = __eax;
								__edx = __eax >> 0x12;
								__eax = __eax >> 4;
								__edx = __edx & 0x000001ff;
								__eax = __eax & 0x0000007f;
								__esi = __esi << 9;
								__esi = __esi | __edx;
								__edx = __edi;
								__edx = (__edi << 0x00000020 | __esi) << 7;
								__edi = 0;
								__esi = __esi << 7;
								__esi = __esi | __eax;
								__esi = __esi + _a16;
								asm("adc edx, [ebp+0x18]");
								__eax = __esi;
								__edi = __edx;
								__eax = (__edi << 0x00000020 | __esi) >> 0x16;
								__eax = (__edi << 0x00000020 | __esi) >> 0x16 & 0x000003ff;
								__edx = __edx << 0xa;
								__eax = __eax | __edx << 0x0000000a;
								__edi =  *(__ecx + 4);
								__eax = __eax << 0xe;
								__edi =  *(__ecx + 4) & 0x00003fff;
								 *(__ecx + 4) = __eax;
								__edx = __edx >> 8;
								__eax = __edx >> 0x00000008 ^ _v12;
								__edi = __esi;
								(__edx >> 0x00000008 ^ _v12) & 0x007fffff = (__edx >> 0x00000008 ^ _v12) & 0x007fffff ^ _v12;
								 *(__ecx + 8) = (__edx >> 0x00000008 ^ _v12) & 0x007fffff ^ _v12;
								__edx = __edx >> 0x1f;
								__edx >> 0x0000001f & 0x00000001 = (__edx >> 0x0000001f & 0x00000001) << 9;
								__ebx = __edx;
								__edi = (__ebx << 0x00000020 | __esi) >> 7;
								__edi = (__ebx << 0x00000020 | __esi) >> 0x7 & 0x000001ff;
								__eax = (__edx >> 0x0000001f & 0x00000001) << 0x00000009 | (__ebx << 0x00000020 | __esi) >> 0x7 & 0x000001ff;
								__ebx = __ebx >> 7;
								__ebx = __edx;
								__edi = __esi;
								__edi = (__ebx << 0x00000020 | __esi) >> 0x10;
								__eax = __eax << 5;
								__edi = (__ebx << 0x00000020 | __esi) >> 0x10 & 0x0000001f;
								__eax = __eax | (__ebx << 0x00000020 | __esi) >> 0x10 & 0x0000001f;
								__edi = __esi;
								__edi = (__edx << 0x00000020 | __esi) >> 0x15;
								__eax = __eax + __eax;
								__edi = (__edx << 0x00000020 | __esi) >> 0x15 & 0x00000001;
								__eax = __eax | (__edx << 0x00000020 | __esi) >> 0x15 & 0x00000001;
								__edx =  *(__ecx + 0xc);
								__eax = __eax << 8;
								__esi = __esi & 0x0000007f;
								__eax = __eax | __esi;
								__edx =  *(__ecx + 0xc) & 0xf000080f;
								__eax = __eax << 4;
								__ebx = __ebx >> 0x10;
								__eax = __eax |  *(__ecx + 0xc) & 0xf000080f;
								__edx = _a16;
								 *(__ecx + 0xc) = __eax;
								goto L12;
							case 8:
								 *__ecx =  *__ecx + __edx;
								__eax = _a20;
								asm("adc [ecx+0x4], eax");
								goto L12;
						}
					}
					L15:
					_t79 = 0;
				}
				L14:
				return _t79;
			}

0x006f0bfb
0x006f0c00
0x006f0c01
0x006f0c09
0x006f0c3d
0x006f0c3d
0x006f0c0b
0x006f0c0e
0x006f0c0e
0x006f0c11
0x006f0c14
0x006f0c1f
0x006f0c22
0x006f0c28
0x00000000
0x00000000
0x006f0c2a
0x00000000
0x006f0c33
0x006f0c33
0x006f0c3b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x006f0a2f
0x00000000
0x00000000
0x006f0a58
0x00000000
0x00000000
0x006f0c31
0x00000000
0x00000000
0x006f0a3c
0x006f0a3f
0x006f0a40
0x006f0a41
0x006f0a44
0x006f0a47
0x006f0a4a
0x006f0a4f
0x006f0a31
0x006f0a34
0x00000000
0x00000000
0x006f0bae
0x006f0bb0
0x006f0bb5
0x006f0bb7
0x006f0bb9
0x006f0bbc
0x006f0bbf
0x006f0bc1
0x006f0bc3
0x006f0bc5
0x00000000
0x00000000
0x00000000
0x00000000
0x006f0a60
0x006f0a62
0x006f0a65
0x006f0a68
0x006f0a6b
0x006f0a6d
0x006f0a70
0x006f0a74
0x006f0a77
0x006f0a80
0x006f0a85
0x006f0a88
0x006f0a8c
0x006f0a90
0x006f0a93
0x006f0a95
0x006f0a9a
0x006f0aa1
0x006f0aa7
0x006f0aaa
0x006f0aae
0x006f0ab4
0x006f0ab7
0x006f0abc
0x006f0abe
0x006f0ac0
0x006f0ac6
0x006f0acb
0x006f0ace
0x006f0ad1
0x006f0ad3
0x006f0ad7
0x006f0adb
0x006f0ade
0x006f0ae1
0x006f0ae7
0x006f0aea
0x006f0aed
0x006f0aef
0x006f0af1
0x006f0af5
0x006f0af9
0x006f0afc
0x006f0afe
0x006f0b01
0x006f0b04
0x006f0b06
0x006f0b08
0x006f0b0c
0x006f0b16
0x006f0b19
0x006f0b1b
0x006f0b1e
0x006f0b21
0x006f0b29
0x006f0b2e
0x006f0b31
0x006f0b34
0x006f0b3b
0x006f0b3e
0x006f0b43
0x006f0b49
0x006f0b4c
0x006f0b4e
0x006f0b52
0x006f0b58
0x006f0b5a
0x006f0b5d
0x006f0b5f
0x006f0b61
0x006f0b65
0x006f0b68
0x006f0b6b
0x006f0b6d
0x006f0b6f
0x006f0b73
0x006f0b75
0x006f0b78
0x006f0b7d
0x006f0b80
0x006f0b83
0x006f0b86
0x006f0b88
0x006f0b8e
0x006f0b91
0x006f0b94
0x006f0b96
0x006f0b99
0x00000000
0x00000000
0x006f0ba1
0x006f0ba3
0x006f0ba6
0x00000000
0x00000000
0x006f0c2a
0x006f0c47
0x006f0c47
0x006f0c47
0x006f0c40
0x006f0c44

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d37f3e52bdd884bc1d9184e036a69a1a468caa03cc00a3c5cd1e167caf5c56f
Instruction ID: 805d0302de6af747fb878e178dbe37b525e5d1be7b61d20eaf0c0e71ed58c56c
Opcode Fuzzy Hash: 7d37f3e52bdd884bc1d9184e036a69a1a468caa03cc00a3c5cd1e167caf5c56f
Instruction Fuzzy Hash: 4151A173E119299BE3508E19CC402A5B6A3EBC4354F2FC679DD289B385DAB9DD13C6C0

Uniqueness

Uniqueness Score: 0.00%

Function 006FDFD4, Relevance: .2, Instructions: 172
COMMONCrypto

C-Code - Quality: 92%

			E006FDFD4() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _t32;
				intOrPtr _t38;
				signed int _t40;
				unsigned int _t41;
				unsigned int _t42;
				signed int _t50;
				signed int _t85;
				signed int _t89;
				unsigned int _t90;
				signed int _t92;
				signed int _t94;
				signed int _t96;
				signed int _t97;
				signed int _t99;
				signed int _t101;
				signed int _t102;
				signed int _t106;
				signed int _t108;
				signed int _t109;
				signed int _t117;
				signed int _t118;
				signed int _t124;
				signed int _t125;
				signed int _t132;
				void* _t136;

				_t72 = 1;
				asm("lock xadd [eax], ecx");
				goto L6;
				do {
					do {
						L6:
						_t72 = 0xff;
						while(1) {
							_t109 =  *0x7a8580; // 0x0
							_t118 =  *0x7a8584; // 0x0
							__eflags = _t109 | _t118;
							_v16 = _t109;
							_v12 = _t118;
							if((_t109 | _t118) == 0) {
								goto L17;
							}
							L8:
							_t40 =  *0x7a8588; // 0x0
							_t89 =  *0x7a858c; // 0x0
							_t41 = _t40 & _t109;
							_t90 = _t89 & _t118;
							__eflags = _t41 | _t90;
							if((_t41 | _t90) == 0) {
								goto L17;
							}
							break;
							L17:
							_t38 =  *0x7a8590; // 0x8
							__eflags =  *0x7a8594 - _t38 - 1; // 0xffffffff
							if(__eflags < 0) {
								asm("lock xadd [edx], esi");
								_v8 = 1;
								_t136 = 2 -  *0x7a8590; // 0x8
								if(_t136 >= 0) {
									asm("lock xadd [eax], edx");
									goto L18;
								} else {
									_v16 = E00704180(1, 2, 0);
									_v12 = 0;
									goto L3;
									L16:
									return _t50;
									L3:
									_t132 =  *0x7a8588; // 0x0
									_t106 =  *0x7a858c; // 0x0
									_v20 = _t106;
									asm("lock cmpxchg8b [edi]");
									if(_t132 != _t132 || _t106 != _v20) {
										goto L3;
									} else {
										 *0x7a8580 =  !_v16;
										 *0x7a8584 =  !_v12;
										_t50 = _v8;
										 *((intOrPtr*)(0x7a8598 + _t50 * 4)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
										goto L16;
									}
								}
							}
							L18:
							_t32 =  *0x7a8588; // 0x0
							_t85 =  *0x7a858c; // 0x0
							_t117 =  *0x7a8580; // 0x0
							_t108 =  *0x7a8584; // 0x0
							__eflags = _t32 & _t117 | _t85 & _t108;
							if((_t32 & _t117 | _t85 & _t108) == 0) {
								 *0x7a8580 = 0xffffffff;
								 *0x7a8584 = 0xffffffff;
								asm("lock xadd [eax], edx");
							}
							asm("lock xadd [eax], edx");
							_t109 =  *0x7a8580; // 0x0
							_t118 =  *0x7a8584; // 0x0
							__eflags = _t109 | _t118;
							_v16 = _t109;
							_v12 = _t118;
							if((_t109 | _t118) == 0) {
								goto L17;
							}
							goto L8;
						}
						__eflags = _t41;
						if(_t41 == 0) {
							_t42 = _t90;
							__eflags = _t42 & 0x0000ffff;
							_t92 = _t42;
							if((_t42 & 0x0000ffff) == 0) {
								_t94 = _t92 >> 0x00000010 & _t72;
								__eflags = _t94;
								if(_t94 == 0) {
									_t29 = (_t42 >> 0x18) + 0x725818; // 0x10008
									_t124 = ( *_t29 & 0x000000ff) + 0x18;
									__eflags = _t124;
								} else {
									_t28 = _t94 + 0x725818; // 0x10008
									_t124 = ( *_t28 & 0x000000ff) + 0x10;
								}
							} else {
								_t97 = _t92 & _t72;
								__eflags = _t97;
								if(_t97 == 0) {
									_t27 = (_t42 >> 0x00000008 & _t72) + 0x725818; // 0x10008
									_t124 = ( *_t27 & 0x000000ff) + 8;
								} else {
									_t26 = _t97 + 0x725818; // 0x10008
									_t124 =  *_t26 & 0x000000ff;
								}
							}
							_t125 = _t124 + 0x20;
						} else {
							__eflags = _t41 & 0x0000ffff;
							_t99 = _t41;
							if((_t41 & 0x0000ffff) == 0) {
								_t101 = _t99 >> 0x00000010 & _t72;
								__eflags = _t101;
								if(_t101 == 0) {
									_t25 = (_t41 >> 0x18) + 0x725818; // 0x10008
									_t125 = ( *_t25 & 0x000000ff) + 0x18;
								} else {
									_t24 = _t101 + 0x725818; // 0x10008
									_t125 = ( *_t24 & 0x000000ff) + 0x10;
								}
							} else {
								_t102 = _t99 & _t72;
								__eflags = _t102;
								if(_t102 == 0) {
									_t23 = (_t41 >> 0x00000008 & _t72) + 0x725818; // 0x10008
									_t125 = ( *_t23 & 0x000000ff) + 8;
								} else {
									_t16 = _t102 + 0x725818; // 0x10008
									_t125 =  *_t16 & 0x000000ff;
								}
							}
						}
						E00704180(1, _t125, 0);
						_t96 = _v12;
						asm("lock cmpxchg8b [edi]");
						__eflags = _t109 - _v16;
					} while (_t109 != _v16);
					__eflags = _t96 - _v12;
				} while (_t96 != _v12);
				 *((intOrPtr*)(0x7a8598 + _t125 * 4)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
				_t50 = _t125;
				goto L16;
			}

0x006fdfe3
0x006fdfe4
0x006fdfea
0x006fdfeb
0x006fdfeb
0x006fdfeb
0x006fdfeb
0x006fdff0
0x006fdff0
0x006fdff6
0x006fdffe
0x006fe000
0x006fe003
0x006fe006
0x00000000
0x00000000
0x006fe00c
0x006fe00c
0x006fe011
0x006fe017
0x006fe019
0x006fe01d
0x006fe01f
0x00000000
0x00000000
0x00000000
0x006fe0cf
0x006fe0cf
0x006fe0d5
0x006fe0db
0x006e4fe3
0x006e4fe8
0x006e4feb
0x006e4ff1
0x00761890
0x00000000
0x006e4ff7
0x006e5003
0x006e5006
0x006e5006
0x006fe093
0x006fe097
0x006e5009
0x006e5009
0x006e500f
0x006e501b
0x006e5029
0x006e502f
0x00000000
0x006e5036
0x006e503e
0x006e5045
0x006e5054
0x006e5057
0x00000000
0x006e5057
0x006e502f
0x006e4ff1
0x006fe0e1
0x006fe0e1
0x006fe0e6
0x006fe0ec
0x006fe0f2
0x006fe0fc
0x006fe0fe
0x006fe102
0x006fe10c
0x006fe11c
0x006fe11c
0x006fe128
0x006fdff0
0x006fdff6
0x006fdffe
0x006fe000
0x006fe003
0x006fe006
0x00000000
0x00000000
0x00000000
0x006fe006
0x006fe025
0x006fe027
0x00761839
0x00761841
0x00761843
0x00761845
0x00761868
0x00761868
0x0076186a
0x0076187b
0x00761882
0x00761882
0x0076186c
0x0076186c
0x00761873
0x00761873
0x00761847
0x00761847
0x00761847
0x00761849
0x00761859
0x00761860
0x0076184b
0x0076184b
0x0076184b
0x0076184b
0x00761849
0x00761885
0x006fe02d
0x006fe030
0x006fe032
0x006fe034
0x00761812
0x00761812
0x00761814
0x00761828
0x0076182f
0x00761816
0x00761816
0x0076181d
0x0076181d
0x006fe03a
0x006fe03a
0x006fe03a
0x006fe03c
0x00761800
0x00761807
0x006fe042
0x006fe042
0x006fe042
0x006fe042
0x006fe03c
0x006fe034
0x006fe050
0x006fe059
0x006fe06b
0x006fe06f
0x006fe06f
0x006fe078
0x006fe078
0x006fe08a
0x006fe091
0x00000000

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e53138faa6f71694b81c3724e84cec3c3bac11ba8af55b90838f287d00ad3f5d
Instruction ID: f89f5001993df54a2b39ea1f69cb498ad88e4b2fd11deb68f3308136ef0e9e6e
Opcode Fuzzy Hash: e53138faa6f71694b81c3724e84cec3c3bac11ba8af55b90838f287d00ad3f5d
Instruction Fuzzy Hash: 9E510572E106258BC788CB1D8C00428B7E3EBCA32231DC2B6DD4AD7361DA7C9C119BC5

Uniqueness

Uniqueness Score: 0.00%

Function 006EEEC7, Relevance: .2, Instructions: 159
COMMONCrypto

C-Code - Quality: 96%

			E006EEEC7(void* __ecx, void* __edx, intOrPtr _a4, signed short* _a8, signed short _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				signed short _t46;
				intOrPtr* _t48;
				intOrPtr _t49;
				signed short _t51;
				signed short _t56;
				signed int _t58;
				signed short _t71;
				void* _t79;
				signed short _t81;
				signed int _t83;
				signed short* _t84;
				signed short _t86;
				signed short* _t111;
				signed short* _t112;

				_t46 = _a12;
				_v8 = 0;
				_v12 = 0;
				if(_t46 != 0) {
					 *_t46 = 0;
				}
				_push(_t84);
				_push(_t112);
				_t112 = _a8;
				if(_t112 == 0 || _a4 != 0) {
					L17:
					_v8 = 0xc000000d;
				} else {
					_t48 = _a16;
					if(_t48 != 0) {
						_t49 =  *_t48;
						if(_t49 == 0) {
							goto L6;
						}
						_t83 = _t49 - _t112[2] >> 1;
						_v12 = _t83;
						if(_t83 < ( *_t112 & 0x0000ffff) >> 1) {
							goto L6;
						}
						goto L17;
					}
					L6:
					_t84 = 0x6fe4b8;
					if(E00740797(0x6fe4b8, _t112, 1) != 0) {
						goto L1;
					}
					_t84 = 0x728530;
					if(E00740797(0x728530, _t112, 1) == 0) {
						_t86 = _a12;
						if(_t86 == 0) {
							L14:
							return _v8;
						}
						_t79 = E00727315(_t112);
						if(_t79 > 7) {
							goto L14;
						}
						_t43 = _t79 + 0x74e420; // 0x10100
						switch( *((intOrPtr*)(( *_t43 & 0x000000ff) * 4 +  &M0074E418))) {
							case 0:
								goto L30;
							case 1:
								goto L31;
						}
					}
					_t81 = _a12;
					_t111 = 0x736d08;
					if(_t81 != 0) {
						 *_t81 = 3;
					}
					L9:
					_t56 = ( *_t112 >> 0x00000001) - ( *_t84 >> 0x00000001) + ( *_t111 >> 0x00000001) & 0x0000ffff;
					_a12 = _t56;
					_t58 = (_t56 & 0x0000ffff) + (_t56 & 0x0000ffff) + 2;
					if(_t58 > 0xfffe) {
						_v8 = 0xc0000106;
						goto L14;
					}
					_t93 =  &(_t112[4]);
					if( &(_t112[4]) == 0 || _t58 > _t112[8]) {
						if(E006F514B(0, _t93, _t58) >= 0) {
							goto L12;
						}
						_v8 = 0xc0000017;
					} else {
						L12:
						_t112[1] = _t112[8];
						_t112[2] = _t112[4];
						E00704B80(_t112[4] + (( *_t111 & 0x0000ffff) >> 1) * 2, _t112[4] + (( *_t84 & 0x0000ffff) >> 1) * 2, ( *_t112 & 0x0000ffff) - ( *_t84 & 0x0000ffff));
						_t22 =  &(_t111[2]); // 0x717750
						E00704830(_t112[2],  *_t22,  *_t111 & 0x0000ffff);
						_t71 = _a12 + _a12;
						 *_t112 = _t71;
						 *((short*)(_t112[2] + ((_t71 & 0x0000ffff) >> 1) * 2)) = 0;
						if(_v12 != 0) {
							 *_a16 = _t112[2] + ((( *_t111 & 0x0000ffff) >> 1) - (( *_t84 & 0x0000ffff) >> 1) + _v12) * 2;
						}
						_v8 = _v8 & 0x00000000;
					}
				}
				L1:
				_t51 = _a12;
				_t111 = 0x6d6b24;
				if(_t51 != 0) {
					 *_t51 = 2;
				}
				goto L9;
			}

0x006eeece
0x006eeed3
0x006eeed6
0x006eeedb
0x0074e35f
0x0074e35f
0x006eeee1
0x006eeee2
0x006eeee3
0x006eeee9
0x00746b7e
0x00746b7e
0x006eeef8
0x006eeef8
0x006eeefd
0x0074e366
0x0074e36a
0x00000000
0x00000000
0x0074e376
0x0074e37a
0x0074e37f
0x00000000
0x00000000
0x00000000
0x0074e385
0x006eef03
0x006eef08
0x006eef15
0x00000000
0x00000000
0x006eef1d
0x006eef2a
0x00746b6e
0x00746b73
0x006eefe4
0x006eefeb
0x006eefeb
0x0074e3e9
0x0074e3f1
0x00000000
0x00000000
0x0074e3f7
0x0074e3fe
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0074e3fe
0x006eef30
0x006eef33
0x006eef3a
0x0074e395
0x0074e395
0x006eef40
0x006eef58
0x006eef5b
0x006eef61
0x006eef6a
0x0074e3a0
0x00000000
0x0074e3a0
0x006eef70
0x006eef75
0x0074e3b7
0x00000000
0x00000000
0x0074e3bd
0x006eef84
0x006eef84
0x006eef8e
0x006eef92
0x006eefaa
0x006eefb3
0x006eefb9
0x006eefc4
0x006eefc6
0x006eefd3
0x006eefda
0x0074e3e1
0x0074e3e1
0x006eefe0
0x006eefe0
0x006eef75
0x006d6b0c
0x006d6b0c
0x006d6b0f
0x006d6b16
0x0074e38a
0x0074e38a
0x00000000

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 010331fee37a48db75efac495fd20c67ef61c885649f44fb6e28ed7263670f55
Instruction ID: 236ad78da1a576db1c6ac3ebaa182548d4bd5b1eb0be08dd6321e52f4bce6dd8
Opcode Fuzzy Hash: 010331fee37a48db75efac495fd20c67ef61c885649f44fb6e28ed7263670f55
Instruction Fuzzy Hash: BF51BAB4501656DBCB20CF29C880ABE77F5FF45710B20486EF982C7290E739E952DB62

Uniqueness

Uniqueness Score: 0.00%

Function 0077DD51, Relevance: .1, Instructions: 125
COMMONCrypto

C-Code - Quality: 94%

			E0077DD51(signed int __ecx, signed int __edx, intOrPtr _a4, unsigned short _a6, unsigned int _a12, intOrPtr _a16) {
				intOrPtr* _v8;
				signed int _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t62;
				signed char _t63;
				signed short _t64;
				signed char _t67;
				signed short _t71;
				signed char _t81;
				unsigned short _t85;
				void* _t93;
				signed int _t94;
				intOrPtr* _t101;
				signed char _t108;
				unsigned int _t120;

				_push(__ecx);
				_push(__ecx);
				_t62 = _a4;
				_push(_t93);
				_t117 = __ecx;
				_t120 = _t62 - 8;
				_t101 = _t62 + (_a12 & 0x0000ffff) - 8;
				_t63 =  *(_t120 + 7);
				_v12 = __edx;
				_v8 = _t101;
				if(_t63 != 4) {
					__eflags = _t63 - 5;
					if(_t63 != 5) {
						__eflags = _t63 & 0x00000040;
						if((_t63 & 0x00000040) == 0) {
							__eflags = (_t63 & 0x0000003f) - 0x3f;
							if((_t63 & 0x0000003f) == 0x3f) {
								__eflags = _t63;
								if(_t63 >= 0) {
									__eflags =  *(__ecx + 0x4c);
									if( *(__ecx + 0x4c) == 0) {
										_t64 =  *_t120 & 0x0000ffff;
									} else {
										_t71 =  *_t120;
										__eflags =  *(__ecx + 0x4c) & _t71;
										if(( *(__ecx + 0x4c) & _t71) != 0) {
											_t71 = _t71 ^  *(__ecx + 0x50);
											__eflags = _t71;
										}
										_t64 = _t71 & 0x0000ffff;
									}
								} else {
									_t64 =  *((intOrPtr*)((_t120 >> 0x00000003 ^  *_t120 ^  *0x7a81dc ^ __ecx) + 0x10));
								}
								_t94 =  *(_t120 + (_t64 & 0x0000ffff) * 8 - 4);
							} else {
								_t94 = _t63 & 0x3f;
							}
						} else {
							_t94 =  *(_t120 + 4 + (_t63 & 0x3f) * 8) & 0x0000ffff;
						}
					} else {
						_t94 =  *(__ecx + 0x54) & 0x0000ffff ^  *(_t120 + 4) & 0x0000ffff;
					}
					_t67 = _a12 >> 3;
					 *(_t101 + 6) = _t67;
					_t108 =  *(_t120 + 7) & 0x000000c0 | _t67 | 0x00000040;
					__eflags = _t108;
					 *(_t120 + 7) = _t108;
					goto L26;
				} else {
					_t81 =  *(__ecx + 0x44) | __edx;
					_t123 = _t81 & 0x00000001;
					if((_t81 & 0x00000001) == 0) {
						E00717310(_t123,  *((intOrPtr*)(__ecx + 0xcc)));
						_t101 = _v8;
					}
					if( *((intOrPtr*)(_t117 + 0x4c)) != 0) {
						 *_t120 =  *_t120 ^  *(_t117 + 0x50);
						_t125 =  *(_t120 + 3) - ( *(_t120 + 2) ^  *(_t120 + 1) ^  *_t120);
						if( *(_t120 + 3) != ( *(_t120 + 2) ^  *(_t120 + 1) ^  *_t120)) {
							E00794BBA(_t93, _t117, _t120, _t125, _t117, _t120, 0);
							_t101 = _v8;
						}
					}
					 *_t120 =  *_t120 + _a12;
					_t94 =  *_t120 & 0xffff;
					_t85 = _a12 >> 3;
					 *(_t120 + 6) = _t85;
					_a6 = _t85;
					if( *((intOrPtr*)(_t117 + 0x4c)) != 0) {
						 *(_t120 + 3) =  *(_t120 + 2) ^  *(_t120 + 1) ^  *_t120;
						 *_t120 =  *_t120 ^  *(_t117 + 0x50);
					}
					if((( *(_t117 + 0x44) | _v12) & 0x00000001) == 0) {
						E007172D0( *((intOrPtr*)(_t117 + 0xcc)));
						_t101 = _v8;
						_t85 = _a6;
					}
					 *(_t101 + 6) = _t85;
					L26:
					 *((short*)(_t101 + 4)) = _t94 + _a12;
					 *_t101 = _a16;
					 *((char*)(_t101 + 7)) = 5;
					_t61 = _t101 + 8; // 0x8
					return _t61;
				}
			}

0x0077dd56
0x0077dd57
0x0077dd58
0x0077dd5b
0x0077dd5e
0x0077dd64
0x0077dd67
0x0077dd6b
0x0077dd6e
0x0077dd71
0x0077dd76
0x0077de0e
0x0077de10
0x0077de1e
0x0077de20
0x0077de34
0x0077de37
0x0077de41
0x0077de43
0x0077de5c
0x0077de60
0x0077de71
0x0077de62
0x0077de62
0x0077de64
0x0077de67
0x0077de69
0x0077de69
0x0077de69
0x0077de6c
0x0077de6c
0x0077de45
0x0077de56
0x0077de56
0x0077de77
0x0077de39
0x0077de3c
0x0077de3c
0x0077de22
0x0077de28
0x0077de28
0x0077de12
0x0077de1a
0x0077de1a
0x0077de7f
0x0077de83
0x0077de8e
0x0077de8e
0x0077de91
0x00000000
0x0077dd7c
0x0077dd7f
0x0077dd81
0x0077dd83
0x0077dd8b
0x0077dd90
0x0077dd90
0x0077dd97
0x0077dd9c
0x0077dda6
0x0077dda9
0x0077ddaf
0x0077ddb4
0x0077ddb4
0x0077dda9
0x0077ddbb
0x0077ddc1
0x0077ddc8
0x0077ddcc
0x0077ddd3
0x0077ddd7
0x0077dde1
0x0077dde7
0x0077dde7
0x0077ddf2
0x0077ddfa
0x0077ddff
0x0077de02
0x0077de02
0x0077de06
0x0077de94
0x0077de9e
0x0077dea2
0x0077dea4
0x0077dea8
0x0077dead
0x0077dead

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ca46316fa0c63cb76bdc2c13e9c5010a437c8eeecbfb6cc6964067b7cdd8cb6
Instruction ID: a4dc40a935af6ec3775773307e7a4cb48f9f3ee36374dc61723cc91b4274bf21
Opcode Fuzzy Hash: 8ca46316fa0c63cb76bdc2c13e9c5010a437c8eeecbfb6cc6964067b7cdd8cb6
Instruction Fuzzy Hash: 2B41EF34204796DACB35CF28C4806F6BBF1AF29354F14C849E8D98B252D37AEC56DB60

Uniqueness

Uniqueness Score: 0.00%

Function 00715090, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2369bfe196e3da1a0ba8520dd06d6ec416a5b202b0a4c322db9e3ff372a6e95c
Instruction ID: 53dd5dd3f2b9b5bae4ff7cacf725c06a9be62a4382185c90073cca40a2cdd718
Opcode Fuzzy Hash: 2369bfe196e3da1a0ba8520dd06d6ec416a5b202b0a4c322db9e3ff372a6e95c
Instruction Fuzzy Hash: FCA022B020000003CB028A2CC008202B200EBE0302F8280B230008A00AC03088A3CB20

Uniqueness

Uniqueness Score: 0.00%

Function 007151D0, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a49d8d6e23769f217953e6c4cdc8fb79ece117ccf791496899ccd28f9616207
Instruction ID: 4ad9ec868c03ca789cfca39b5f177d5058dd2f8796fa3ac6a4219320fddd9a2a
Opcode Fuzzy Hash: 8a49d8d6e23769f217953e6c4cdc8fb79ece117ccf791496899ccd28f9616207
Instruction Fuzzy Hash: 66A022B020000083C3008B20C00CB032200CFA230AF0080A0B0028A00AFA2ACCA28322

Uniqueness

Uniqueness Score: 0.00%

Function 00715270, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b63c5eff5216e739ae8f896e80ccae3f640937c8b4c3f6e99c73a31ffa30a70
Instruction ID: 533f1f8c6e4ffacd28d279dc324a6fa191a80a663695fc8bde386a8ad543a313
Opcode Fuzzy Hash: 2b63c5eff5216e739ae8f896e80ccae3f640937c8b4c3f6e99c73a31ffa30a70
Instruction Fuzzy Hash: 90A0223020000003C3088AA0C02830B23E0CBC2303F0080A0A0088A00CC03088A08F20

Uniqueness

Uniqueness Score: 0.00%

Function 00715210, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b8c40adb374c6946c35752a3779bdbb326f2fc4b22ebc0ca3176cf9a8856d12
Instruction ID: ef4db40ac60fb7f00417c385fadf04cb29be6c7a4e4ce7d4e89c611c82bddd10
Opcode Fuzzy Hash: 5b8c40adb374c6946c35752a3779bdbb326f2fc4b22ebc0ca3176cf9a8856d12
Instruction Fuzzy Hash: FEA022B030000003C3008B2AC0083023200CBC2302F02C0F0B0028B08AC2288CA3A322

Uniqueness

Uniqueness Score: 0.00%

Function 00716200, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dab665d041eb7e16642ab624e668e17141a237bd1c64826566d51e3c80399cb
Instruction ID: da15c6414d64bec8bc2523cd8831451d368d552039d0054982d166a0ecc668cc
Opcode Fuzzy Hash: 1dab665d041eb7e16642ab624e668e17141a237bd1c64826566d51e3c80399cb
Instruction Fuzzy Hash: 34A02230200000ABC3808AB3C80820B2200CBC0302F0080B22002CA02AC230C8A8C330

Uniqueness

Uniqueness Score: 0.00%

Function 007163D0, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb048b5272ffb6096242779b8ddea994da74fb7987c01d990dccca0f40acaa90
Instruction ID: a4ee5d0f6e65aa9d261d748a4bc48ace03580c82c5a6a087410e7ab0dfa008cc
Opcode Fuzzy Hash: eb048b5272ffb6096242779b8ddea994da74fb7987c01d990dccca0f40acaa90
Instruction Fuzzy Hash: C2A0223020000023CBA0AAA0CC0808B2230CBC2302F0080A0A0028A00AC2208A888B20

Uniqueness

Uniqueness Score: 0.00%

Function 007154E0, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6afa4a60508d22cc5a9524d43274023ed04f35ad9bdb95a177cb9d2c934d4c23
Instruction ID: aa5cc14f7aa26c58a152e96bec4fd4ddaf1aa627fb52d59c48ac090e8215b35b
Opcode Fuzzy Hash: 6afa4a60508d22cc5a9524d43274023ed04f35ad9bdb95a177cb9d2c934d4c23
Instruction Fuzzy Hash: 1FA02230A08000A3C380AAA0C008B023220EB8238AF0080A0A00A8A80EC23888C8CF20

Uniqueness

Uniqueness Score: 0.00%

Function 007154B0, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 821e1b54a1938b4250766273ae35a0e7f2c93152af0a72817fdb824080ca1bae
Instruction ID: 19b758082f712b5aaa0e939de6a023de5288155d934bf6425c8755552273e337
Opcode Fuzzy Hash: 821e1b54a1938b4250766273ae35a0e7f2c93152af0a72817fdb824080ca1bae
Instruction Fuzzy Hash: E1A02238A0000083CF80EE22C0083032280CB83302F0080B020028A00AC3388AA8CF20

Uniqueness

Uniqueness Score: 0.00%

Function 007155E0, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 431147555803e25cd3e49e560b35b5b2261dd692bcbad0eb8a69dbf639c7e16a
Instruction ID: 30652aa1ac3d122acbf1258b378d86ddbbdaca82a180ed7d02394aca2aecf4e2
Opcode Fuzzy Hash: 431147555803e25cd3e49e560b35b5b2261dd692bcbad0eb8a69dbf639c7e16a
Instruction Fuzzy Hash: 4FA022302000008BCB80AAA0C008B02A230FBB230AF20C0A0A0C08E80CCA30C888C320

Uniqueness

Uniqueness Score: 0.00%

Function 007165E0, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5485d2fd2b7cc4c33631bae95d953d4da7340e778e3042619ff179ae5e7a2f22
Instruction ID: 39241a1b63366cf44bda9e273397d09b858785fc6edfaa5cb23f03d076ac0955
Opcode Fuzzy Hash: 5485d2fd2b7cc4c33631bae95d953d4da7340e778e3042619ff179ae5e7a2f22
Instruction Fuzzy Hash: 82A02230E00000E3C320AB20C008F8AAB20CBF030AB20C0A820008E8C8C820C880C320

Uniqueness

Uniqueness Score: 0.00%

Function 00716580, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2331c847ec7603032769c6c407f18c3db032b13fcada33e3b75b46571899def
Instruction ID: 66ab73c436e498bacfb48f051146428c3393d6e60b4d5d83699f3bf289949c30
Opcode Fuzzy Hash: a2331c847ec7603032769c6c407f18c3db032b13fcada33e3b75b46571899def
Instruction Fuzzy Hash: 90A022B2F0000033C380AA30C008002A220EBB0302B00C0A0A8808A0C8C820888ACB20

Uniqueness

Uniqueness Score: 0.00%

Function 00716660, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 945f3c6614761468c898b8bf0bc1a9b52feca9e48c13a54853ee0dcc4af83792
Instruction ID: 08df19130bf51a28901429b6dc4b8dc543476c77518886003107f5bae7b186e0
Opcode Fuzzy Hash: 945f3c6614761468c898b8bf0bc1a9b52feca9e48c13a54853ee0dcc4af83792
Instruction Fuzzy Hash: F0A02230B0000023CB20AA20C008A0A2A22CB80302B00C0B82202CA08ACA3088828330

Uniqueness

Uniqueness Score: 0.00%

Function 00716630, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83280c64ada70456b6b2665ff3d356cb28c6a9e78ea48eb88f4b90f3fbae95da
Instruction ID: 35b5cbc3c135767fd9585062453ef8ee64b46520483044c5c5403272dff5d825
Opcode Fuzzy Hash: 83280c64ada70456b6b2665ff3d356cb28c6a9e78ea48eb88f4b90f3fbae95da
Instruction Fuzzy Hash: C1A02230B0000023C3028AA0C80800232A0CBC2302B02C0A0E0008B088C83088A083B2

Uniqueness

Uniqueness Score: 0.00%

Function 00715860, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9d306ca74510dcdcb80e1a7a9651373b723997c5d1769005f05e7cfce7a7b41
Instruction ID: 6b792b626de8bfebe8233546e792a8ada54115d90ad4a4302f58c6a71a0b8381
Opcode Fuzzy Hash: a9d306ca74510dcdcb80e1a7a9651373b723997c5d1769005f05e7cfce7a7b41
Instruction Fuzzy Hash: 8CA02230300202A3CB00ABA0C008B0AA322CBE2302F0080BC22008A00ACA2088C08B22

Uniqueness

Uniqueness Score: 0.00%

Function 00715960, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0e06db8e838f2bacf00cc95295aee670be78e80fd3cec3f7770e911907db5cf
Instruction ID: 059957ce0b19eb4135c470bf2c10945def75a45e0b1b4e95fbd8a6be14f3b765
Opcode Fuzzy Hash: c0e06db8e838f2bacf00cc95295aee670be78e80fd3cec3f7770e911907db5cf
Instruction Fuzzy Hash: 8DA002316002529BE755AB65C40CB1AB796DBA1306F1580B966018B64AC72988D58766

Uniqueness

Uniqueness Score: 0.00%

Function 00715950, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dc3d19d3c27bc191f93a9929b2d513b73bad37dbd284f4653c0d29eadb172b0
Instruction ID: c9f9706e36a188784c7b44cfa644c58d820eb2eabca04db3b95e2b490f9037e9
Opcode Fuzzy Hash: 1dc3d19d3c27bc191f93a9929b2d513b73bad37dbd284f4653c0d29eadb172b0
Instruction Fuzzy Hash: 83A0223020028883C3208AA2C0083023220CB80302F2880A0A0028A28EC3E088C08322

Uniqueness

Uniqueness Score: 0.00%

Function 007159D0, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a846b3e174f625d2fb6bb233e20309396c9b72e392846a181c6663ed27ecdff
Instruction ID: 6cc54868ab0f59a3a0936d57e4e7c3674a505ee5493481f3a57ab11f621e7cb3
Opcode Fuzzy Hash: 0a846b3e174f625d2fb6bb233e20309396c9b72e392846a181c6663ed27ecdff
Instruction Fuzzy Hash: A4A022302020000BE3208BA0C008B032220CB80302F0088A0E0028B08AC22288A08B20

Uniqueness

Uniqueness Score: 0.00%

Function 00715AE0, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ace36bed2e59902e1c3dd021708a98f1b6c0849741006b787a1712e487da24c6
Instruction ID: 1f59b5f4a30a86442d9daa4c149e93ae650eb07182ed0a233715c00f26b55649
Opcode Fuzzy Hash: ace36bed2e59902e1c3dd021708a98f1b6c0849741006b787a1712e487da24c6
Instruction Fuzzy Hash: C5A0223020000883C3008AA0C00AB03E200FB8030AF0080E223028B80AC23088C0C330

Uniqueness

Uniqueness Score: 0.00%

Function 00715BE0, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 955924be6b03cf1c8cee6cf39dfaf44a87d715584046f98cd9ee2bcf9db3ae29
Instruction ID: 1ca4d5cd2c00a894b2a60204a4ad1ff8d2e68a39d0e0bd01cfc0fe75778d3104
Opcode Fuzzy Hash: 955924be6b03cf1c8cee6cf39dfaf44a87d715584046f98cd9ee2bcf9db3ae29
Instruction Fuzzy Hash: 51A0223020008083C3008A23C008B0BA200CB8030AF20C0A023038AA0AC23088C0C332

Uniqueness

Uniqueness Score: 0.00%

Function 00715C40, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9323805a4dd53beac8f0b9b5e68baf7fa6567960c1da65c767c76f71778b6d3
Instruction ID: 70404a5627487bac05cfc7c7ec5bb6808889978cd1590eb399ba6211cd8bbc43
Opcode Fuzzy Hash: f9323805a4dd53beac8f0b9b5e68baf7fa6567960c1da65c767c76f71778b6d3
Instruction Fuzzy Hash: A6A0223020008003C300EA20C00830B2300CB80302F00C0E220028B00EC2308C80C330

Uniqueness

Uniqueness Score: 0.00%

Function 00715D50, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63dc689959b48ff72b778b734afc48118ee09cfa50aa2bd017d24cd421268f7f
Instruction ID: 89f02cff57ef12342989bff45c07f3f0a9a1c222a0384bba98167574d75bd542
Opcode Fuzzy Hash: 63dc689959b48ff72b778b734afc48118ee09cfa50aa2bd017d24cd421268f7f
Instruction Fuzzy Hash: 96A02230A8808203E3B08AB8C00820A2220CB80303F0080B0A0028A83EC23088C0B330

Uniqueness

Uniqueness Score: 0.00%

Function 00715E20, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7654edec0708b72453533dfc6ff5aec54327c5aecd073dae2583e92fda10b7ff
Instruction ID: fa1582684fc75ebc42be26beabab3708a84a8373611e706792ec0f98bd798ad0
Opcode Fuzzy Hash: 7654edec0708b72453533dfc6ff5aec54327c5aecd073dae2583e92fda10b7ff
Instruction Fuzzy Hash: 21A022302800002BC3E0AE20C0882022200CB80302B0080A0E0838A00EC32088EA8FA0

Uniqueness

Uniqueness Score: 0.00%

Function 00715E10, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1da5b47ea92407b0950aebed21af51333aa38985ef7da30e3148f6a33553f6e
Instruction ID: d59df47f9a9d75d18a8dbd1da9edebce07a09a294bab915cacf6d3010223fdc9
Opcode Fuzzy Hash: a1da5b47ea92407b0950aebed21af51333aa38985ef7da30e3148f6a33553f6e
Instruction Fuzzy Hash: 77A022302802020BCBE0AA30C008002A220CF80302B00C0A0E0828A00AC32088EAAB22

Uniqueness

Uniqueness Score: 0.00%

Function 006DE32D, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 196
COMMON

C-Code - Quality: 38%

			E006DE32D(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 != 0) {
					L9:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L15:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L26:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E006F7ACB(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L18:
							L18:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E006F7ACB() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E006F7ACB(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E006F7ACB();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L26;
							}
							_t116 = 0;
							goto L18;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
								goto L14;
							}
							_v12 = _t108;
							L14:
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t31 =  &_v24;
							 *_t31 = _v24 - 1;
						} while ( *_t31 != 0);
						goto L15;
					}
				}
				if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
					goto L9;
				} else {
					_t96 =  *(_t129 + 8) & 0x0000ffff;
					if(_t96 != 0) {
						L42:
						if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
							goto L9;
						} else {
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_t86 = E006F7ACB(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
							goto L40;
						}
					} else {
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L37:
							_t115 = 0x717756;
							L39:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E006F7ACB(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							L40:
							return _t128 + _t86 * 2;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L42;
						}
						if(_t114 != 0) {
							_t115 = 0x71e5d0;
							goto L39;
						}
						goto L37;
					}
				}
			}

APIs

___swprintf_l.LIBCMT ref: 006DC326
___swprintf_l.LIBCMT ref: 006DE3D1
___swprintf_l.LIBCMT ref: 006DE3F6
___swprintf_l.LIBCMT ref: 006DE540
___swprintf_l.LIBCMT ref: 0075ECFA
___swprintf_l.LIBCMT ref: 0075ED43

Strings

:%u.%u.%u.%u, xrefs: 006DC31D
ffff:, xrefs: 0075ECD5
::ffff:0:%u.%u.%u.%u, xrefs: 0075ED3A
::%hs%u.%u.%u.%u, xrefs: 0075ECF1

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: 29f8d5d14dbef8c631284b97d1fac10d3dfb4d4c70fbe2dd5ffd25a0bb1beed2
Instruction ID: db40c623bf9466e216c4b92ef7ef8a1e0d41c0e03ef7c4b407429cf498154378
Opcode Fuzzy Hash: 29f8d5d14dbef8c631284b97d1fac10d3dfb4d4c70fbe2dd5ffd25a0bb1beed2
Instruction Fuzzy Hash: 6561FAB1D00655A6CB34EF59C4804FE7BB7EF94301758C02EE5964B340D775AB40DB60

Uniqueness

Uniqueness Score: 0.11%

Function 006FBD8A, Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 127
UNIQUE

C-Code - Quality: 63%

			E006FBD8A(void* __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t70 = __edx;
				_t33 =  *0x7a81e8; // 0x77d57e23
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E006FBDDC(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					L006F1ACE(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E00704EC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0x7a81b0( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					L006F1ACE(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E00738985( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						L006F1ACE(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E00727200(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							L006F1ACE(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E0076E7A0(_t69, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					L006F1ACE();
					_t38 = 1;
					L2:
					return E00722F0C(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}

0x006fbd8a
0x006fbd95
0x006fbd9c
0x006fbd9f
0x006fbda8
0x006fbdbe
0x0074b3b0
0x0074b3b7
0x00000000
0x00000000
0x0074b3bd
0x0074b3d0
0x0074b3d5
0x0074b3e4
0x0074b3ea
0x0074b3ef
0x0074b415
0x0074b41b
0x0074b41d
0x00000000
0x00000000
0x0074b423
0x0074b429
0x0074b42b
0x00000000
0x00000000
0x0074b431
0x0074b433
0x00000000
0x00000000
0x0074b43d
0x0074b43e
0x0074b456
0x0074b467
0x0074b46c
0x0074b46f
0x0074b470
0x0074b472
0x0074e16e
0x0074e179
0x0074e17f
0x0074e188
0x0074e18b
0x0074e191
0x0074e193
0x00000000
0x00000000
0x00000000
0x00000000
0x0074e199
0x0074e199
0x0074e1a1
0x0074e1a4
0x0074e1a5
0x0074e1a7
0x0074e1a9
0x0074e1ab
0x0074e1ab
0x0074e1b8
0x0074e1bd
0x0074e1c2
0x0074e1c7
0x0074e1c9
0x00000000
0x00000000
0x0074e1cf
0x0074e1cf
0x0074e1d2
0x0074e1d8
0x00000000
0x00000000
0x0074e1de
0x0074e199
0x0074b478
0x0074b47d
0x0074b47f
0x0074b481
0x0074b489
0x006fbdc6
0x006fbdd4
0x006fbdd4
0x006fbdc4
0x006fbdc4
0x00000000

APIs

BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 0074B415

Part of subcall function 0076E7A0: _wcstoul.LIBCMT ref: 0076E7C6

Strings

Execute=1, xrefs: 0074B461
ExecuteOptions, xrefs: 0074B407
CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0074E165
CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 0074B44D
CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 0074B3C7
CLIENT(ntdll): Processing section info %ws..., xrefs: 0074E1AF
CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 0074B478

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID: BaseDataModuleQuery_wcstoul
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 3175100189-484625025
Opcode ID: 8dcf08f9e99f58cc29ea2a3a892a9c31585c0774f0eb2ca80def928e252c3ecc
Instruction ID: 4b4e2db4bcb38eca70f61d00e08db8a0ab8df3c12227569c7dc22be908953925
Opcode Fuzzy Hash: 8dcf08f9e99f58cc29ea2a3a892a9c31585c0774f0eb2ca80def928e252c3ecc
Instruction Fuzzy Hash: BD41F7B264020CAADB20DA98DC8AFFA73BDAF15704F000499F605A61C1EB74DB85CF65

Uniqueness

Uniqueness Score: 100.00%

Function 006E3747, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 270
COMMON

C-Code - Quality: 100%

			E006E3747(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr* _v28;
				signed int _v32;
				void* _t115;
				char _t119;
				short _t120;
				intOrPtr* _t124;
				char _t126;
				short _t127;
				void* _t133;
				void* _t136;
				intOrPtr _t142;
				signed int _t154;
				signed int _t175;
				intOrPtr _t178;
				intOrPtr* _t180;
				intOrPtr _t181;
				void* _t184;

				_t180 = _a4;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if( *_t180 == 0) {
					L34:
					 *_a8 = _t180;
					_t181 = _v24;
					if(_t181 != 0) {
						if(_t181 != 3) {
							goto L62;
						}
						_v8 = _v8 + 1;
					}
					_t175 = _v32;
					if(_t175 == 0) {
						if(_v8 == 7) {
							goto L36;
						}
						goto L62;
					}
					L36:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L62;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L40:
						if(_t175 != 0) {
							E00704B80(_a12 + 0x10 + (_t175 - _v8) * 2, _a12 + _t175 * 2, _v8 - _t175 + _v8 - _t175);
							_t115 = 8;
							E00704EC0(_a12 + _t175 * 2, 0, _t115 - _v8 + _t115 - _v8);
						}
						return 0;
					}
					if(_t181 != 0) {
						if(_v12 > 3) {
							goto L62;
						}
						_t119 = E006E38EA(_v28, 0, 0xa);
						_t184 = _t184 + 0xc;
						if(_t119 > 0xff) {
							goto L62;
						}
						 *((char*)(_t181 + _v20 * 2 + _a12)) = _t119;
						goto L40;
					}
					if(_v12 > 4) {
						goto L62;
					}
					_t120 = E006E38EA(_v28, _t181, 0x10);
					_t184 = _t184 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t120;
					goto L40;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L22;
						}
						_t136 = _t123 - 1;
						if(_t136 != 0) {
							_t123 = _t136 == 1;
							if(_t136 == 1) {
								L23:
								if(_v8 > 7) {
									goto L34;
								}
								_t143 = _t142;
								if(E006E3490(_t123, _t142) == 0 || _t129 == 0) {
									if(E006E3490(_t129, _t143) == 0 || E006E3663(_t130, _t143) == 0 || _v24 > 0) {
										goto L34;
									} else {
										_t133 = 1;
										_a7 = 1;
										_v28 = _t180;
										_v16 = 1;
										_v12 = 1;
										L31:
										if(_v16 == _t133) {
											goto L20;
										}
										L8:
										if(_v28 == 0) {
											goto L20;
										}
										_t178 = _v24;
										if(_t178 != 0) {
											if(_v12 > 3) {
												L62:
												return 0xc000000d;
											}
											_t126 = E006E38EA(_v28, 0, 0xa);
											_t184 = _t184 + 0xc;
											if(_t126 > 0xff) {
												goto L62;
											}
											 *((char*)(_t178 + _v20 * 2 + _a12 - 1)) = _t126;
											goto L20;
										}
										if(_v12 > 4) {
											goto L62;
										}
										_t127 = E006E38EA(_v28, 0, 0x10);
										_t184 = _t184 + 0xc;
										_v20 = _v20 + 1;
										 *((short*)(_a12 + _v20 * 2)) = _t127;
										goto L20;
									}
								} else {
									_a7 = 0;
									_v28 = _t180;
									_v16 = 1;
									_v12 = 1;
									L20:
									_t180 = _t180 + 1;
									_t142 =  *_t180;
									if(_t142 == 0) {
										goto L34;
									}
									continue;
								}
							}
							_t133 = 1;
							goto L31;
						}
						_t179 = _t142;
						if(E006E3490(_t136, _t142) == 0 || _t138 == 0) {
							if(E006E3490(_t138, _t179) == 0 || E006E3663(_t139, _t179) == 0) {
								if(_t142 != 0x3a) {
									if(_t142 != 0x2e || _a7 != 0 || _v24 > 2 || _v8 > 6) {
										goto L34;
									} else {
										_v24 = _v24 + 1;
										L7:
										_v16 = _v16 & 0x00000000;
										goto L8;
									}
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L34;
								} else {
									_t124 = _t180 + 1;
									if( *_t124 == _t142) {
										if(_v32 == 0) {
											_v32 = _v8 + 1;
											_t154 = 2;
											_v8 = _v8 + _t154;
											L47:
											_t180 = _t124;
											_v16 = _t154;
											goto L8;
										}
										goto L34;
									}
									_v8 = _v8 + 1;
									goto L7;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L34;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							goto L1;
						}
						L22:
						if(_t142 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L34;
							} else {
								_t124 = _t180 + 1;
								if( *_t124 != _t142) {
									goto L34;
								}
								_v20 = _v20 + 1;
								_t154 = 2;
								_v32 = 1;
								_v8 = _t154;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L47;
							}
						}
						goto L23;
					}
				}
				L1:
				_v12 = _v12 + 1;
				goto L20;
			}

APIs

__fassign.LIBCMT ref: 006E3724
__fassign.LIBCMT ref: 006E3892
__fassign.LIBCMT ref: 00748372

Part of subcall function 006E38EA: __cftof.LIBCMT ref: 006E38FA

__fassign.LIBCMT ref: 00748432

Strings

:, xrefs: 006E36CF
:, xrefs: 006E37DB
., xrefs: 00748321

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID: __fassign$__cftof
String ID: .$:$:
API String ID: 719083814-2308638275
Opcode ID: ed0c4c3c8d53cf5604481f181fd10ba09e4b0497798efa1efc41dea83925a216
Instruction ID: 8dc989d88b6aee3eb09b410ceb40b87000cca04b87a8f3d32998caf5867bbf20
Opcode Fuzzy Hash: ed0c4c3c8d53cf5604481f181fd10ba09e4b0497798efa1efc41dea83925a216
Instruction Fuzzy Hash: 4EA18F71D023AAEBDF24CF6AC8096AF77B6AF05300F24846EE412A7381D7349B45CB55

Uniqueness

Uniqueness Score: 6.12%

Function 006FA160, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 196
UNIQUE

C-Code - Quality: 62%

			E006FA160(signed int _a4, char _a8) {
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t38;
				signed int* _t41;
				signed int _t43;
				void* _t44;
				void* _t50;
				void* _t55;
				void* _t56;
				void* _t57;
				void* _t58;
				void* _t59;
				intOrPtr _t60;
				void* _t62;
				signed int _t67;
				signed int _t74;
				signed int _t78;
				signed int _t81;
				intOrPtr _t90;
				signed int _t93;
				void* _t94;
				signed int _t98;
				void* _t102;
				void* _t103;
				signed int _t110;
				signed int _t124;
				void* _t137;
				void* _t138;
				void* _t139;
				signed int _t143;

				_t81 = _a4;
				_t98 =  *(_t81 + 0x28);
				_t38 = _t81 + 0x28;
				if(_t98 < 0) {
					_t90 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t81 + 0x2c)) -  *((intOrPtr*)(_t90 + 0x24));
					if( *((intOrPtr*)(_t81 + 0x2c)) !=  *((intOrPtr*)(_t90 + 0x24))) {
						goto L31;
					} else {
						__eflags = _t98 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L31:
					while(1) {
						L32:
						__eflags = _t98;
						if(_t98 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t81 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t81 + 0x34)) + 0x14)) + 1;
							_t41 = _t81 + 0x1c;
							asm("lock xadd [edx], ecx");
							_t98 =  *(_t81 + 0x28);
							__eflags = _t98;
							if(_t98 >= 0) {
								_t92 =  *_t41;
								__eflags = _t92;
								if(__eflags > 0) {
									while(1) {
										_t78 = _t92;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t78 - _t92;
										if(_t78 == _t92) {
											break;
										}
										_t92 = _t78;
										__eflags = _t78;
										if(_t78 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t92;
								}
								if(__eflags == 0) {
									goto L11;
								} else {
									continue;
								}
							} else {
								L11:
								_t110 = 0;
								__eflags = 0;
								while(1) {
									_t101 =  *(_t81 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t124 =  !( ~( *(_t81 + 0x30) & 1)) & 0x007a8318;
									_push(_t124);
									_push(0);
									_push( *((intOrPtr*)(_t81 + 0x18)));
									_t43 = E007165E0();
									__eflags = _t43 - 0x102;
									if(_t43 != 0x102) {
										break;
									}
									_t92 =  *(_t124 + 4);
									_t102 =  *_t124;
									_t44 = E00703EC0(_t102,  *(_t124 + 4), 0xff676980, 0xffffffff);
									_push(_t102);
									_push(_t44);
									L006F1ACE(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t110);
									L006F1ACE(0x65, 0, "RTL: Resource at %p\n", _t81);
									_t110 = _t110 + 1;
									_t138 = _t137 + 0x28;
									__eflags = _t110 - 2;
									if(_t110 > 2) {
										E007715D8(_t92, _t81);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									L006F1ACE();
									_t137 = _t138 + 0xc;
								}
								__eflags = _t43;
								if(_t43 < 0) {
									E00716CC5(_t92, _t101, _t110, _t124, _t43);
									asm("int3");
									while(1) {
										L45:
										_t93 =  *(_t124 + 4);
										_t103 =  *_t124;
										_t50 = E00703EC0(_t103, _t93, 0xff676980, 0xffffffff);
										_push(_t103);
										_push(_t50);
										L006F1ACE(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t110);
										L006F1ACE(0x65, 0, "RTL: Resource at %p\n", _t81);
										_t110 = _t110 + 1;
										_t139 = _t137 + 0x28;
										__eflags = _t110 - 2;
										if(_t110 > 2) {
											E007715D8(_t93, _t81);
										}
										_push("RTL: Re-Waiting\n");
										_push(0);
										_push(0x65);
										L006F1ACE();
										_t137 = _t139 + 0xc;
										while(1) {
											L18:
											_t105 =  *(_t81 + 0x30) & 0x00000001;
											asm("sbb esi, esi");
											_t124 =  !( ~( *(_t81 + 0x30) & 1)) & 0x007a8318;
											_push(_t124);
											_push(0);
											_push( *((intOrPtr*)(_t81 + 0x20)));
											_t55 = E007165E0();
											if(_t55 == 0x102) {
												goto L45;
											}
											if(_t55 < 0) {
												_t56 = E00716CC5(_t93, _t105, _t110, _t124, _t55);
												asm("int3");
												_t57 = E00716CC5(_t93, _t105, _t110, _t124, _t56);
												_t58 = E00716CC5(_t93, _t105, _t110, _t124, _t57);
												_t59 = E00716CC5(_t93, _t105, _t110, _t124, _t58);
												asm("int3");
												while(1) {
													_t94 = _t59;
													__eflags = _t59 - 1;
													if(_t59 != 1) {
														break;
													}
													_t110 = _t110 | 0xffffffff;
													_t59 = _t94;
													asm("lock cmpxchg [ebx], edi");
													__eflags = _t59 - _t94;
													if(_t59 != _t94) {
														continue;
													} else {
														_t60 =  *[fs:0x18];
														 *((intOrPtr*)(_t124 + 0x2c)) =  *((intOrPtr*)(_t60 + 0x24));
														return _t60;
													}
													goto L56;
												}
												E006F9485(_t94, _t110, _t124);
												_t62 = E006F9505(_t124, 1);
												return _t62;
											} else {
												_t38 =  *(_t81 + 0x28);
												L28:
												while(_t38 != 0) {
													__eflags = _a8;
													if(_a8 == 0) {
														__eflags = 0;
														return 0;
													} else {
														 *((intOrPtr*)( *((intOrPtr*)(_t81 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t81 + 0x34)) + 0x14)) + 1;
														_t98 = _t81 + 0x24;
														_t93 = 1;
														asm("lock xadd [eax], ecx");
														_t38 =  *(_t81 + 0x28);
														_a4 = _t38;
														__eflags = _t38;
														if(_t38 == 0) {
															_t93 =  *_t98;
															if(_t93 > 0) {
																while(1) {
																	_t67 = _t93;
																	asm("lock cmpxchg [edi], esi");
																	if(_t67 == _t93) {
																		break;
																	}
																	_t93 = _t67;
																	__eflags = _t67;
																	if(_t67 <= 0) {
																		break;
																	} else {
																		continue;
																	}
																	goto L56;
																}
																_t38 = _a4;
																_t143 = _t93;
															}
															if(_t143 != 0) {
																continue;
															} else {
																goto L17;
															}
														} else {
															L17:
															_t110 = 0;
															goto L18;
														}
													}
													goto L56;
												}
												_t93 = _t93 | 0xffffffff;
												_t38 = 0;
												asm("lock cmpxchg [edx], ecx");
												if(0 != 0) {
													goto L28;
												} else {
													 *((intOrPtr*)(_t81 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
													return 1;
												}
											}
											goto L56;
										}
									}
								} else {
									_t98 =  *(_t81 + 0x28);
									continue;
								}
							}
						}
						goto L56;
					}
					_t74 = _t98;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t74 - _t98;
					if(_t74 != _t98) {
						_t98 = _t74;
						goto L32;
					} else {
						return 1;
					}
				}
				L56:
			}

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007519EF
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00751A57

Strings

RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 007519F7
RTL: Resource at %p, xrefs: 00751A06, 00751A6E
RTL: Re-Waiting, xrefs: 00751A23, 00751A8B
RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 00751A5F

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 885266447-4236105082
Opcode ID: 8bdffebd507b8a877a37a4754e2b2334857e5a3bed95cb848d85b850ba4ce647
Instruction ID: 8cde2d0d8b6d9038d63491ed6ee1f8ffd2e24a8858606fb84bce2ab87813a8d6
Opcode Fuzzy Hash: 8bdffebd507b8a877a37a4754e2b2334857e5a3bed95cb848d85b850ba4ce647
Instruction Fuzzy Hash: EC515971B002019BEB15CA18CC81FE2339A9F84721F24422AFD59DF3C5D965EC86C7A4

Uniqueness

Uniqueness Score: 100.00%

Function 006DE426, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 88
COMMON

C-Code - Quality: 64%

			E006DE426(void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t39;
				signed int _t43;
				signed int _t44;
				intOrPtr _t45;
				void* _t50;
				intOrPtr* _t51;
				void* _t53;
				signed int _t56;
				void* _t57;

				_t50 = __edx;
				_t24 =  *0x7a81e8; // 0x77d57e23
				_v8 = _t24 ^ _t56;
				_t45 = _a16;
				_t52 = _a4;
				_t51 = _a20;
				if(_a4 == 0 || _t51 == 0) {
					L12:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t51 == _t45) {
							goto L3;
						} else {
							goto L12;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t44 = E006F7ACB();
							_t57 = _t57 + 0xc;
							_t28 = _t56 + _t44 * 2 - 0x88;
						}
						_t53 = E006DE32D(_t52, _t28);
						if(_a8 != 0) {
							_t43 = E006F7ACB(_t53,  &_v10 - _t53 >> 1, L"%%%u", _a8);
							_t57 = _t57 + 0x10;
							_t53 = _t53 + _t43 * 2;
						}
						if(_a12 != 0) {
							_t39 = E006F7ACB(_t53,  &_v10 - _t53 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t57 = _t57 + 0x10;
							_t53 = _t53 + _t39 * 2;
						}
						_t52 = (_t53 -  &_v140 >> 1) + 1;
						 *_t51 = _t52;
						if( *_t51 < _t52) {
							goto L12;
						} else {
							E00704830(_t45,  &_v140, _t52 + _t52);
							_t26 = 0;
						}
					}
				}
				return E00722F0C(_t26, _t45, _v8 ^ _t56, _t50, _t51, _t52);
			}

APIs

___swprintf_l.LIBCMT ref: 006DE474

Part of subcall function 006DE32D: ___swprintf_l.LIBCMT ref: 006DC326
Part of subcall function 006DE32D: ___swprintf_l.LIBCMT ref: 006DE3D1
Part of subcall function 006DE32D: ___swprintf_l.LIBCMT ref: 006DE3F6
Part of subcall function 006DE32D: ___swprintf_l.LIBCMT ref: 006DE540
Part of subcall function 006DE32D: ___swprintf_l.LIBCMT ref: 0075ECFA
Part of subcall function 006DE32D: ___swprintf_l.LIBCMT ref: 0075ED43

___swprintf_l.LIBCMT ref: 006DE4A3
___swprintf_l.LIBCMT ref: 006DE4CF

Strings

%%%u, xrefs: 006DE49A
]:%u, xrefs: 006DE4C6

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$]:%u
API String ID: 48624451-3050659472
Opcode ID: 5c5cc9d52ac559effde5d13a063e61d8cc7e9d48694108a7f914cc71191743bd
Instruction ID: 0959d62ee7dc4b5899779782d042d39914be233e4280ec84de46060ecf34f981
Opcode Fuzzy Hash: 5c5cc9d52ac559effde5d13a063e61d8cc7e9d48694108a7f914cc71191743bd
Instruction Fuzzy Hash: 2F21B972900229ABCB10EF58DC45AEE73ADEB40700F858056FD44D7241DB75EE59CBE1

Uniqueness

Uniqueness Score: 0.11%

Function 006F9505, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 150
UNIQUE

C-Code - Quality: 57%

			E006F9505(intOrPtr _a4, char _a8) {
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t24;
				void* _t29;
				void* _t30;
				void* _t35;
				void* _t36;
				void* _t37;
				void* _t38;
				intOrPtr _t39;
				void* _t41;
				signed int _t43;
				intOrPtr _t50;
				signed int _t58;
				void* _t60;
				signed int* _t62;
				void* _t67;
				signed int _t71;
				signed int _t82;
				void* _t87;
				void* _t88;
				signed int _t92;

				_t50 = _a4;
				_t24 =  *((intOrPtr*)(_t50 + 0x28));
				if(_t24 < 0) {
					if( *((intOrPtr*)(_t50 + 0x2c)) !=  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
						goto L19;
					} else {
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L19:
					L20:
					while(_t24 != 0) {
						if(_a8 == 0) {
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t50 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t50 + 0x34)) + 0x14)) + 1;
							_t62 = _t50 + 0x24;
							_t58 = 1;
							asm("lock xadd [eax], ecx");
							_t24 =  *((intOrPtr*)(_t50 + 0x28));
							_a4 = _t24;
							if(_t24 == 0) {
								_t58 =  *_t62;
								if(_t58 > 0) {
									while(1) {
										_t43 = _t58;
										asm("lock cmpxchg [edi], esi");
										if(_t43 == _t58) {
											break;
										}
										_t58 = _t43;
										if(_t43 <= 0) {
											break;
										} else {
											continue;
										}
										goto L34;
									}
									_t24 = _a4;
									_t92 = _t58;
								}
								if(_t92 != 0) {
									continue;
								} else {
									goto L11;
								}
							} else {
								L11:
								_t71 = 0;
								while(1) {
									_t66 =  *(_t50 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t82 =  !( ~( *(_t50 + 0x30) & 1)) & 0x007a8318;
									_push(_t82);
									_push(0);
									_push( *((intOrPtr*)(_t50 + 0x20)));
									_t29 = E007165E0();
									if(_t29 != 0x102) {
										break;
									}
									_t58 =  *(_t82 + 4);
									_t67 =  *_t82;
									_t30 = E00703EC0(_t67, _t58, 0xff676980, 0xffffffff);
									_push(_t67);
									_push(_t30);
									L006F1ACE(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t71);
									L006F1ACE(0x65, 0, "RTL: Resource at %p\n", _t50);
									_t71 = _t71 + 1;
									_t88 = _t87 + 0x28;
									if(_t71 > 2) {
										E007715D8(_t58, _t50);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									L006F1ACE();
									_t87 = _t88 + 0xc;
								}
								if(_t29 < 0) {
									_t35 = E00716CC5(_t58, _t66, _t71, _t82, _t29);
									asm("int3");
									_t36 = E00716CC5(_t58, _t66, _t71, _t82, _t35);
									_t37 = E00716CC5(_t58, _t66, _t71, _t82, _t36);
									_t38 = E00716CC5(_t58, _t66, _t71, _t82, _t37);
									asm("int3");
									while(1) {
										_t60 = _t38;
										if(_t38 != 1) {
											break;
										}
										_t71 = _t71 | 0xffffffff;
										_t38 = _t60;
										asm("lock cmpxchg [ebx], edi");
										if(_t38 != _t60) {
											continue;
										} else {
											_t39 =  *[fs:0x18];
											 *((intOrPtr*)(_t82 + 0x2c)) =  *((intOrPtr*)(_t39 + 0x24));
											return _t39;
										}
										goto L34;
									}
									E006F9485(_t60, _t71, _t82);
									_push(1);
									_t41 = E006F9505(_t82);
									return _t41;
								} else {
									_t24 =  *((intOrPtr*)(_t50 + 0x28));
									continue;
								}
							}
						}
						goto L34;
					}
					_t58 = _t58 | 0xffffffff;
					_t24 = 0;
					asm("lock cmpxchg [edx], ecx");
					if(0 != 0) {
						goto L20;
					} else {
						 *((intOrPtr*)(_t50 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L34:
			}

0x006f950b
0x006f950e
0x006f9517
0x006e2495
0x00000000
0x006e249b
0x006e249e
0x006e24a7
0x006e24a7
0x006f951d
0x006f951d
0x00000000
0x006f951e
0x006d98c3
0x00751aa7
0x006d98c9
0x006d98cc
0x006d98cf
0x006d98d4
0x006d98d9
0x006d98dd
0x006d98e0
0x006d98e5
0x006d2f64
0x006d2f68
0x006d2f6d
0x006d2f74
0x006d2f76
0x006d2f7c
0x00000000
0x00000000
0x006d2f8e
0x006d2f92
0x00000000
0x006d2f94
0x00000000
0x006d2f94
0x00000000
0x006d2f92
0x006d2f7e
0x006d2f81
0x006d2f81
0x006d2f83
0x00000000
0x006d2f89
0x00000000
0x006d2f89
0x006d98eb
0x006d98eb
0x006d98eb
0x006d98ed
0x006d98f3
0x006d98fb
0x006d98ff
0x006d9905
0x006d9906
0x006d9908
0x006d9909
0x006d9913
0x00000000
0x00000000
0x00751a49
0x00751a4c
0x00751a57
0x00751a5c
0x00751a5d
0x00751a68
0x00751a77
0x00751a7c
0x00751a7d
0x00751a83
0x00751a86
0x00751a86
0x00751a8b
0x00751a90
0x00751a92
0x00751a94
0x00751a99
0x00751a99
0x006d991b
0x00751aab
0x00751ab0
0x00751ab2
0x00751ab8
0x00751abe
0x00751ac3
0x00751ac4
0x00751ac4
0x00751ac9
0x00000000
0x00000000
0x006dc35f
0x006dc364
0x006dc366
0x006dc36c
0x00000000
0x006dc372
0x006dc372
0x006dc37d
0x006dc382
0x006dc382
0x00000000
0x006dc36c
0x00751ad0
0x00751ad5
0x00751ad8
0x00751ae1
0x006d9921
0x006d9921
0x00000000
0x006d9921
0x006d991b
0x006d98e5
0x00000000
0x006d98c3
0x006f952b
0x006f952e
0x006f9530
0x006f9536
0x00000000
0x006f9538
0x006f9543
0x006f954a
0x006f954a
0x006f9536
0x00000000

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00751A57

Strings

RTL: Resource at %p, xrefs: 00751A6E
RTL: Re-Waiting, xrefs: 00751A8B
RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 00751A5F

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 885266447-871070163
Opcode ID: 067c085421aef2d0914932549b9c4229cdc5b0f796bf6f7590fae18c51d0ee87
Instruction ID: 1b6d126614df43850b642a6e6063bf9d1fd4debefbd46d0cbc0f4bfb5be6989a
Opcode Fuzzy Hash: 067c085421aef2d0914932549b9c4229cdc5b0f796bf6f7590fae18c51d0ee87
Instruction Fuzzy Hash: C1416971B002059BDB159F28CC85FE673AADF95720F20422AF919DB3C1DA25EC86C7E0

Uniqueness

Uniqueness Score: 100.00%

Function 00701E6D, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145
UNIQUE

C-Code - Quality: 49%

			E00701E6D(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __esi;
				void* __ebp;
				intOrPtr _t38;
				void* _t40;
				intOrPtr _t43;
				void* _t44;
				void* _t46;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				signed char _t67;
				void* _t72;
				void* _t75;
				intOrPtr _t77;
				intOrPtr* _t80;
				intOrPtr _t84;
				intOrPtr* _t85;
				void* _t90;
				void* _t91;
				void* _t92;

				_t80 = __edi;
				_t75 = __edx;
				_t70 = __ecx;
				_t84 = _a4;
				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
					E006FD342(__ecx, _t84);
					_t38 =  *((intOrPtr*)(_t84 + 0x10));
				}
				_push(0);
				if(_t38 == 0xffffffff) {
					_push(0);
					_push(_t84);
					_push( *0x7af86c);
					_t40 = E00715F20();
				} else {
					_push(_t38);
					_t40 = E007161A0();
				}
				_pop(_t85);
				if(_t40 < 0) {
					E00716CC5(_t70, _t75, _t80, _t85, _t40);
					asm("int3");
					while(1) {
						L21:
						_t76 =  *[fs:0x18];
						if(( *( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x240) & 0x00000002) != 0) {
							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
							_v66 = 0x1722;
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_t76 =  &_v72;
							_push( &_v72);
							_v28 = _t85;
							_v40 =  *((intOrPtr*)(_t85 + 4));
							_v32 =  *((intOrPtr*)(_t85 + 0xc));
							_push(0x10);
							_push(0x20402);
							_push( *0x7ffe0382 & 0x000000ff);
							E007164F0();
						}
						while(1) {
							_t43 = _v8;
							_push(_t80);
							_push(0);
							if(_t43 == 0xffffffff) {
								_t71 =  *0x7af86c;
								_push(_t85);
								_push( *0x7af86c);
								_t44 = E007165B0();
							} else {
								_push(_t43);
								_t44 = E007165E0();
							}
							if(_t44 != 0x102) {
								break;
							}
							_t77 =  *((intOrPtr*)(_t80 + 4));
							_push(_t67);
							_t46 = E00703EC0( *_t80, _t77, 0xff676980, 0xffffffff);
							_push(_t77);
							L006F1ACE(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
							_t48 =  *_t85;
							_t91 = _t90 + 0x18;
							if(_t48 == 0xffffffff) {
								_t49 = 0;
							} else {
								_t49 =  *((intOrPtr*)(_t48 + 0x14));
							}
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_push(_t49);
							_t50 = _v12;
							_t76 =  *((intOrPtr*)(_t50 + 0x24));
							_push(_t85);
							_push( *((intOrPtr*)(_t85 + 0xc)));
							_push( *((intOrPtr*)(_t50 + 0x24)));
							L006F1ACE(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
							_t53 =  *_t85;
							_t92 = _t91 + 0x20;
							_t67 = _t67 + 1;
							if(_t53 != 0xffffffff) {
								_t71 =  *((intOrPtr*)(_t53 + 0x14));
								_a4 =  *((intOrPtr*)(_t53 + 0x14));
							}
							if(_t67 > 2 && _t85 != 0x7a8340) {
								_t76 = _a4;
								if(_a4 == _a8) {
									E007715D8(_t71, _t85);
								}
							}
							_push("RTL: Re-Waiting\n");
							_push(0);
							_push(0x65);
							_a8 = _a4;
							L006F1ACE();
							_t90 = _t92 + 0xc;
							if( *0x7ffe0382 != 0) {
								goto L21;
							} else {
								continue;
							}
							goto L36;
						}
						if(_t44 < 0) {
							E00716CC5(_t71, _t76, _t80, _t85, _t44);
							asm("int3");
							E00771715(_t85);
							if((_t67 & 0x00000002) != 0) {
								_t9 = _t67 + 2; // 0x4
								_t72 = _t9;
								asm("lock cmpxchg [edi], ecx");
								if(_t67 == _t67) {
									E00701E6D(_t72, _t76, _t80, _t85);
								}
							}
							return 0;
						} else {
							if(_v24 != 0) {
								 *((intOrPtr*)(_v12 + 0xf84)) = 0;
							}
							return 2;
						}
						goto L36;
					}
				} else {
					return _t40;
				}
				L36:
			}

0x00701e6d
0x00701e6d
0x00701e6d
0x00701e73
0x00701e7b
0x00751b19
0x00751b1e
0x00751b1e
0x00701e81
0x00701e86
0x00751b2b
0x00751b2d
0x00751b2e
0x00751b2f
0x00701e8c
0x00701e8c
0x00701e8d
0x00701e8d
0x00701e92
0x00701e95
0x00751b3a
0x00751b3f
0x00751b40
0x00751b40
0x00751b40
0x00751b51
0x00751b68
0x00751b6b
0x00751b6f
0x00751b72
0x00751b75
0x00751b76
0x00751b79
0x00751b7c
0x00751b86
0x00751b88
0x00751b8d
0x00751b8e
0x00751b8e
0x00701de0
0x00701de0
0x00701de3
0x00701de4
0x00701de9
0x00751b98
0x00751b9e
0x00751b9f
0x00751ba0
0x00701def
0x00701def
0x00701df0
0x00701df0
0x00701dfa
0x00000000
0x00000000
0x00751baa
0x00751baf
0x00751bb9
0x00751bbe
0x00751bc9
0x00751bce
0x00751bd0
0x00751bd6
0x00751bdd
0x00751bd8
0x00751bd8
0x00751bd8
0x00751bdf
0x00751be2
0x00751be3
0x00751be6
0x00751bec
0x00751bed
0x00751bee
0x00751bf9
0x00751bfe
0x00751c00
0x00751c03
0x00751c07
0x00751c09
0x00751c0c
0x00751c0c
0x00751c12
0x00751c1c
0x00751c22
0x00751c25
0x00751c25
0x00751c22
0x00751c2d
0x00751c32
0x00751c34
0x00751c36
0x00751c39
0x00751c3e
0x00701dda
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00701dda
0x00701e02
0x00751c47
0x00751c4c
0x00751c4e
0x00701eac
0x00701eb2
0x00701eb5
0x00701eb9
0x00701ebf
0x00701ec6
0x00701ec6
0x00701ebf
0x00717306
0x00701e08
0x00701e0c
0x006f7b33
0x006f7b33
0x00701e1d
0x00701e1d
0x00000000
0x00701e02
0x00701e9c
0x00701e9c
0x00701e9c
0x00000000

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00751BB9

Strings

RTL: Re-Waiting, xrefs: 00751C2D
RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 00751BF0
RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 00751BC0

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
API String ID: 885266447-3177188983
Opcode ID: ef1cbfbdd637cc7ba94ab85bc1ed9857c924ade72c1466878458f53c90aeda0e
Instruction ID: 6357943382329f35b8cb13be7a8822b64c5bd634e3ad0e6fb6315d5d33459ff4
Opcode Fuzzy Hash: ef1cbfbdd637cc7ba94ab85bc1ed9857c924ade72c1466878458f53c90aeda0e
Instruction Fuzzy Hash: 044127B0A00204EBC724DF68CC89FAA77E9EF45722F608619F9589B2C1D67DE951C760

Uniqueness

Uniqueness Score: 100.00%

Function 006E3A42, Relevance: 6.3, APIs: 4, Instructions: 259
COMMON

C-Code - Quality: 90%

			E006E3A42(void* _a4, char _a7, signed short** _a8, signed short* _a12) {
				void* _v8;
				signed short* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int __ebx;
				signed short* __edi;
				signed int __esi;
				void* _t101;
				char _t103;
				signed int _t104;
				void* _t109;

				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				while(1) {
					__esi =  *__edi & 0x0000ffff;
					if(__si == __dx) {
						break;
					}
					__eax = _v20;
					__eax = _v20 - __edx;
					if(__eax == 0) {
						if(__si == 0x3a) {
							if(_v12 > __edx || _v8 > __edx) {
								break;
							} else {
								__eax =  &(__edi[1]);
								if( *__eax != __si) {
									break;
								}
								__edi = _a12;
								__esi = 0;
								__ecx = 2;
								_a12[__ebx] = __si;
								_v28 = 1;
								_v8 = __ecx;
								__ebx = __ebx + 1;
								L22:
								__edi = __eax;
								_v20 = __ecx;
								L50:
								if(_v24 == __edx) {
									L33:
									__edi =  &(__edi[0]);
									__edi =  &(__edi[0]);
									__edx = 0;
									continue;
								}
								if(_v12 != __edx) {
									if(_v16 > 3 || E006E19A9(_v24, __edx, 0xa) > 0xff) {
										L42:
										return 0xc000000d;
									} else {
										__ecx = _v12;
										__edx = _a12;
										__ecx = _v12 + __ebx * 2;
										 *((char*)(_v12 + __ebx * 2 + _a12 - 1)) = __al;
										goto L33;
									}
								}
								if(_v16 > 4) {
									goto L42;
								}
								E006E19A9(_v24, __edx, 0x10) = _a12;
								_a12[__ebx] = __cx;
								__ebx = __ebx + 1;
								goto L33;
							}
						}
						L35:
						if(_v8 > 7) {
							break;
						}
						__eax = 0x80;
						if(__si >= __ax) {
							break;
						}
						__eax = E00703B25(__esi, 4);
						_pop(__ecx);
						_pop(__ecx);
						if(__eax != 0) {
							0 = 1;
							_a7 = 0;
							_v24 = __edi;
							_v20 = 1;
							_v16 = 1;
							goto L33;
						}
						__eax = E00703B25(__esi, 0x80);
						_pop(__ecx);
						_pop(__ecx);
						if(__eax != 0) {
							if(_v12 > 0) {
								break;
							}
							__eax = 0;
							__eax = 1;
							_a7 = 1;
							_v24 = __edi;
							_v20 = 1;
							_v16 = 1;
							L56:
							if(_v20 == __eax) {
								goto L33;
							}
							__edx = 0;
							goto L50;
						}
						break;
					}
					__eax = __eax - 1;
					if(__eax != 0) {
						if(0 == 0) {
							goto L35;
						}
						__eax = 0;
						__eax = 1;
						goto L56;
					}
					__eax = 0x80;
					if(__si >= __ax) {
						L44:
						if(__si != 0x3a) {
							if(__si != 0x2e || _a7 != 0 || _v12 > 2 || _v8 > 6) {
								break;
							} else {
								_v12 = _v12 + 1;
								__edx = 0;
								L49:
								_v20 = __edx;
								goto L50;
							}
						}
						__edx = 0;
						if(_v12 > 0 || _v8 > 6) {
							break;
						} else {
							__eax =  &(__edi[1]);
							if( *__eax == __si) {
								if(_v28 != 0) {
									break;
								}
								_v8 = _v8 + 1;
								_v28 = _v8 + 1;
								__ecx = 2;
								_v8 = _v8 + __ecx;
								goto L22;
							}
							_v8 = _v8 + 1;
							goto L49;
						}
					}
					__eax = E00703B25(__esi, 4);
					_pop(__ecx);
					_pop(__ecx);
					if(__eax != 0) {
						_v16 = _v16 + 1;
						goto L33;
					}
					__eax = E00703B25(__esi, 0x80);
					_pop(__ecx);
					_pop(__ecx);
					if(__eax == 0) {
						goto L44;
					}
					_v16 = _v16 + 1;
					if(_v12 > 0) {
						break;
					}
					_a7 = 1;
					goto L33;
				}
				__eax = _a8;
				 *_a8 = __edi;
				__eax = 0;
				if(_v12 != 0) {
					if(_v12 != 3) {
						goto L42;
					}
					_v8 = _v8 + 1;
				}
				if(_v28 != __eax || _v8 == 7) {
					if(_v20 != 1) {
						if(_v20 != 2) {
							goto L42;
						}
						__ecx = _a12;
						__eax = 0;
						_a12[__ebx] = __ax;
						L17:
						_t104 = _v28;
						if(_t104 != 0) {
							_t50 = (_t104 - _v8) * 2; // 0x11
							E00704B80(_a12 + _t50 + 0x10,  &(_a12[_t104]), _v8 - _t104 + _v8 - _t104);
							_t109 = 8;
							E00704EC0( &(_a12[_t104]), 0, _t109 - _v8 + _t109 - _v8);
						}
						return 0;
					}
					if(_v12 != __eax) {
						if(_v16 > 3) {
							goto L42;
						}
						_t103 = E006E19A9(_v24, _t101, 0xa);
						if(_t103 > 0xff) {
							goto L42;
						}
						 *((char*)(_v12 + _a12)) = _t103;
						goto L17;
					}
					if(_v16 > 4) {
						goto L42;
					}
					0 = _a12;
					_a12[__ebx] = __cx;
					goto L17;
				} else {
					goto L42;
				}
			}

0x006e3a52
0x006e3a55
0x006e3a58
0x006e3a5b
0x006e3a5e
0x006e3a61
0x006e3a66
0x006e3a66
0x006e3a6c
0x00000000
0x00000000
0x006e3a72
0x006e3a75
0x006e3a77
0x006e3acc
0x007480fc
0x00000000
0x0074810b
0x0074810b
0x00748111
0x00000000
0x00000000
0x00748117
0x0074811c
0x0074811e
0x0074811f
0x00748123
0x0074812a
0x0074812d
0x006de6d3
0x006de6d3
0x006de6d5
0x006e3bf5
0x006e3bf8
0x006e3ac2
0x006e3ac2
0x006e3ac3
0x006e3ac4
0x00000000
0x006e3ac4
0x006e3c01
0x006dc2a9
0x006e3b2c
0x00000000
0x006dc2c8
0x006dc2c8
0x006dc2cb
0x006dc2ce
0x006dc2d1
0x00000000
0x006dc2d1
0x006dc2a9
0x006e3c0b
0x00000000
0x00000000
0x006e3c23
0x006e3c26
0x006e3c2a
0x00000000
0x006e3c2a
0x007480fc
0x006e3ad2
0x006e3ad6
0x00000000
0x00000000
0x006e3ad8
0x006e3ae0
0x00000000
0x00000000
0x006e3ae5
0x006e3aea
0x006e3aeb
0x006e3aee
0x006de553
0x006de554
0x006de558
0x006de55b
0x006de55e
0x00000000
0x006de55e
0x006e3afa
0x006e3aff
0x006e3b00
0x006e3b03
0x006e3c34
0x00000000
0x00000000
0x006e3c3a
0x006e3c3c
0x006e3c3d
0x006e3c41
0x006e3c44
0x006e3c47
0x006e3c4a
0x006e3c4d
0x00000000
0x00000000
0x0075f066
0x00000000
0x0075f066
0x00000000
0x006e3b03
0x006e3a79
0x006e3a7a
0x006de6c8
0x00000000
0x00000000
0x0075f05e
0x0075f060
0x00000000
0x0075f060
0x006e3a80
0x006e3a88
0x006e3bc4
0x006e3bc8
0x006e3c5c
0x00000000
0x006e3c80
0x006e3c80
0x006e3c83
0x006e3bf2
0x006e3bf2
0x00000000
0x006e3bf2
0x006e3c5c
0x006e3bce
0x006e3bd3
0x00000000
0x006e3be3
0x006e3be3
0x006e3be9
0x006de6e0
0x00000000
0x00000000
0x006de6e9
0x006de6ec
0x006de6ef
0x006de6f0
0x00000000
0x006de6f0
0x006e3bef
0x00000000
0x006e3bef
0x006e3bd3
0x006e3a91
0x006e3a96
0x006e3a97
0x006e3a9a
0x006de566
0x00000000
0x006de566
0x006e3aa6
0x006e3aab
0x006e3aac
0x006e3aaf
0x00000000
0x00000000
0x006e3ab5
0x006e3abc
0x00000000
0x00000000
0x006e3abe
0x00000000
0x006e3abe
0x006e3b09
0x006e3b0c
0x006e3b0e
0x006e3b13
0x006dc2de
0x00000000
0x00000000
0x006dc2e4
0x006dc2e4
0x006e3b1c
0x006de572
0x006d2a45
0x00000000
0x00000000
0x006d2a4b
0x006d2a4e
0x006d2a50
0x006de5a4
0x006de5a4
0x006de5a9
0x006de5bc
0x006de5c2
0x006de5c9
0x006de5d3
0x006de5d8
0x00000000
0x006de5db
0x006de57b
0x006d2a11
0x00000000
0x00000000
0x006d2a1d
0x006d2a2a
0x00000000
0x00000000
0x006d2a39
0x00000000
0x006d2a39
0x006de585
0x00000000
0x00000000
0x006de59d
0x006de5a0
0x00000000
0x00000000
0x00000000
0x00000000

APIs

__fassign.LIBCMT ref: 006D2A1D

Part of subcall function 006E19A9: __cftof.LIBCMT ref: 006E19B9

__fassign.LIBCMT ref: 006DC2B5
__fassign.LIBCMT ref: 006DE591
__fassign.LIBCMT ref: 006E3C17

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID: __fassign$__cftof
String ID:
API String ID: 719083814-0
Opcode ID: 97089ec2d9eed9ff38387c584676944c76e598311b3aedfc03cb0252052939cb
Instruction ID: 2ba47142afd2ef80e1888e72ed0cc29ebd649903e545ce10bc81b1929579e2db
Opcode Fuzzy Hash: 97089ec2d9eed9ff38387c584676944c76e598311b3aedfc03cb0252052939cb
Instruction Fuzzy Hash: 3B91A270D0139AEBDF24DF9AC9496EEB7B6FF50314F24806AD402AB391E6318B45CB41

Uniqueness

Uniqueness Score: 6.84%

Function 007A1EFF, Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 435
UNIQUE

C-Code - Quality: 77%

			E007A1EFF(void* __edx, signed int _a4, intOrPtr _a8, char _a12) {
				signed int _v5;
				int _v12;
				signed int _v16;
				char _v20;
				int _v24;
				signed int _v28;
				int _v32;
				signed int _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				char _v60;
				signed int _v64;
				char _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void _v96;
				char _v100;
				void _v140;
				char _v144;
				intOrPtr _v160;
				intOrPtr _v164;
				char _v172;
				char _v216;
				char _v220;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t231;
				signed char _t233;
				signed int _t237;
				signed int _t238;
				signed int _t244;
				short _t251;
				signed int _t253;
				signed int* _t254;
				signed int _t255;
				signed int _t257;
				signed int _t259;
				signed int _t260;
				signed int _t267;
				signed int _t271;
				intOrPtr _t281;
				signed int _t314;
				signed char _t316;
				signed int _t319;
				signed int _t322;
				signed int _t323;
				signed int _t326;
				signed int _t328;
				signed int _t330;
				signed int _t332;
				signed int _t334;
				int _t340;
				intOrPtr* _t341;
				signed int _t342;
				signed int _t343;
				signed int _t345;
				signed int _t347;
				signed int _t352;
				void* _t360;
				intOrPtr* _t370;
				intOrPtr _t371;
				intOrPtr* _t372;

				_t360 = __edx;
				_t340 = 0;
				_t345 = 0xa;
				_v144 = 0;
				memset( &_v140, 0, _t345 << 2);
				_v20 = 0;
				_v220 = 0;
				E00704EC0( &_v216, 0, 0x2c);
				_t371 = _a8;
				_t347 = 7;
				_v100 = 0;
				_t231 = memset( &_v96, 0, _t347 << 2);
				_t348 = 0;
				_v12 = 0;
				_v32 = 0;
				_v24 = 0;
				_v5 = _t231;
				if(_t371 != 0) {
					_v5 = 1;
				}
				_t370 = _a4;
				_t233 =  *(_t370 + 0xcc) >> 3;
				_t380 = _t233 & 0x00000001;
				if((_t233 & 0x00000001) != 0) {
					E007A1E1B(_t360, _t380, _t370 + 0x70, _t370 + 0x78, _t370 + 0x68);
				}
				_v52 =  *((intOrPtr*)(_t370 + 0x6c));
				_v16 =  *(_t370 + 0x80);
				if(_v5 != _t340) {
					_t42 = _t371 + 0x20; // 0x6d42cd
					_v32 = _t42;
					_t44 = _t371 + 4; // 0xe85ecd33
					_t237 =  *_t44 & 0x0000ffff;
					_v24 = _t237;
					_t238 = _t237 + 0x48;
					__eflags = _t238;
					L12:
					_v28 = _t238;
					_t372 = E007229EE( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _v16);
					if(_t372 != _t340) {
						_t54 = _t372 + 0x48; // 0x48
						_t341 = _t54;
						_t244 = E007A1A1B(_v52, 0xc0000000, 1,  &_a12, 0x20000080,  &_v12);
						__eflags = _t244;
						_a4 = _t244;
						if(_t244 < 0) {
							L49:
							__eflags = _v12;
							if(_v12 != 0) {
								_push(_v12);
								E00715090();
							}
							L51:
							_t340 = 0;
							__eflags = 0;
							L52:
							if(_t372 != _t340) {
								E00722882(_t348,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t340, _t372);
							}
							L54:
							return _a4;
						}
						__eflags = _a12 - 1;
						if(_a12 != 1) {
							 *_t372 = _v16;
							_t251 = 4;
							 *((short*)(_t372 + 0x36)) = _t251;
							 *((short*)(_t372 + 0x34)) = 1;
							_t253 = _v28;
							 *((char*)(_t372 + 0x29)) = 8;
							 *(_t372 + 0x30) = _t253;
							__eflags = _v5;
							if(_v5 != 0) {
								_t254 = _v32;
								_t254[8] =  *(_t370 + 0xcc) & 0x00101000 | 0x00010001;
								_t254[9] = 1;
								 *_t254 =  *(_t370 + 0x80);
								 *((char*)(_t372 + 0x6e)) = 1;
								 *((char*)(_t372 + 0x6f)) = 5;
								__eflags = _t254[0xb] - 8;
								if(_t254[0xb] != 8) {
									_t255 = _t254[0x42];
								} else {
									_t255 = _t254[0x44];
								}
								 *(_t370 + 0x10) = _t255;
								E00704830(_t341, _a8, _v24);
								L39:
								_t257 =  *(_t372 + 0x30);
								_t342 = _v16;
								__eflags = _t257 - _t342;
								if(_t257 < _t342) {
									__eflags = _t257 - 0x48;
									if(_t257 > 0x48) {
										__eflags = _t257 + _t372;
										E00704EC0(_t257 + _t372, 0xff, _t342 - _t257);
									}
								}
								_push(0);
								_push(0);
								_push(_t342);
								_push(_t372);
								_t348 =  &_v60;
								_push( &_v60);
								_push(0);
								_push(0);
								_push(0);
								_push(_v12);
								_t259 = E00716630();
								_a4 = _t259;
								__eflags = _t259;
								if(_t259 < 0) {
									goto L49;
								} else {
									_t260 =  *(_t370 + 0xc8);
									__eflags = _t260;
									if(_t260 == 0) {
										L48:
										_t348 = _v12;
										 *(_t370 + 0x100) = 1;
										 *(_t370 + 0xd8) = 1;
										__eflags = 0;
										 *(_t370 + 0xf0) = _t342;
										 *(_t370 + 0xf4) = 0;
										 *(_t370 + 0xe8) = _t342;
										 *(_t370 + 0xec) = 0;
										 *(_t370 + 0x5c) = _v12;
										_v12 = 0;
										goto L49;
									}
									_t352 =  *(_t370 + 0xcc);
									__eflags = _t352 & 0x00000020;
									if((_t352 & 0x00000020) == 0) {
										goto L48;
									}
									__eflags = _t352 & 0x00002000;
									_t348 = 0x400;
									if((_t352 & 0x00002000) == 0) {
										_t348 = 0x100000;
									}
									_push(0x14);
									_v40 = _t260 * _t348;
									_push(8);
									_push( &_v40);
									_push( &_v60);
									_push(_v12);
									_v36 = _t260 * _t348 >> 0x20;
									_t267 = E00716200();
									_a4 = _t267;
									__eflags = _t267;
									if(_t267 < 0) {
										goto L49;
									} else {
										goto L48;
									}
								}
							}
							 *((intOrPtr*)(_t341 + 4)) = _t253 + 0xffffffb8;
							 *_t341 = 0xc0010000;
							_t271 =  *(_t370 + 0x10);
							__eflags = _t271 - 2;
							if(_t271 != 2) {
								__eflags = _t271 - 3;
								if(_t271 != 3) {
									_v48 = 0;
									_v44 = 0;
									E00722D57(_t341, 1, _t370, _t372,  &_v48);
									 *(_t341 + 0x10) = _v48;
									_t113 =  &_v44; // 0x76385b
									 *((intOrPtr*)(_t341 + 0x14)) =  *_t113;
									L34:
									 *((intOrPtr*)(_t341 + 0xc)) = _v164;
									 *((intOrPtr*)(_t341 + 8)) = _v160;
									 *((intOrPtr*)(_t341 + 0x18)) = E00703EC0(_v84, _v80, _v140, 0);
									 *((intOrPtr*)(_t341 + 0x1c)) = E00703EC0(_v76, _v72, _v140, 0);
									_t281 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									 *((char*)(_t372 + 0x6c)) =  *((intOrPtr*)(_t281 + 0xa4));
									 *((char*)(_t372 + 0x6d)) =  *((intOrPtr*)(_t281 + 0xa8));
									 *((char*)(_t372 + 0x6e)) = 1;
									 *((char*)(_t372 + 0x6f)) = 5;
									 *(_t372 + 0x70) =  *(_t281 + 0xac) & 0x0000ffff;
									 *(_t372 + 0x170) =  *(_t370 + 0x10);
									 *(_t372 + 0x74) =  *(_t370 + 0x7c);
									 *((intOrPtr*)(_t372 + 0x90)) = 1;
									 *(_t372 + 0x8c) = 1;
									 *((intOrPtr*)(_t372 + 0x94)) = 4;
									 *((intOrPtr*)(_t372 + 0x68)) = _v16;
									 *(_t372 + 0x84) =  *(_t370 + 0xc8);
									 *(_t372 + 0x88) =  *(_t370 + 0xcc);
									 *((intOrPtr*)(_t372 + 0x80)) = _v140;
									 *((intOrPtr*)(_t372 + 0x158)) = _v220;
									 *(_t372 + 0xa0) =  *(_t372 + 0xa0) & 0x00000000;
									 *(_t372 + 0xa4) =  *(_t372 + 0xa4) & 0x00000000;
									 *((intOrPtr*)(_t372 + 0x15c)) = _v216;
									 *((intOrPtr*)(_t372 + 0x9c)) = _v20;
									_t163 = _t372 + 0x178; // 0x178
									E00704830(_t163,  *((intOrPtr*)(_t370 + 0x64)), ( *(_t370 + 0x60) & 0x0000ffff) + 2);
									E00704830(( *(_t370 + 0x60) & 0x0000ffff) + _t372 + 0x17a,  *((intOrPtr*)(_t370 + 0x6c)), ( *(_t370 + 0x68) & 0x0000ffff) + 2);
									_t169 = _t372 + 0xa8; // 0xa8
									E007A1B4B(0, _t370, _t372, _t169);
									_t170 = _t372 + 0x160; // 0x160
									E006F3F6A(_t341, _v16, _t370, _t170);
									 *((intOrPtr*)(_t372 + 0x168)) =  *_t370;
									 *((intOrPtr*)(_t372 + 0x16c)) =  *((intOrPtr*)(_t370 + 4));
									 *(_t341 + 0x10) =  *(_t370 + 8);
									 *((intOrPtr*)(_t341 + 0x14)) =  *((intOrPtr*)(_t370 + 0xc));
									goto L39;
								}
								asm("rdtsc");
								L32:
								 *(_t341 + 0x10) = _t271;
								 *((intOrPtr*)(_t341 + 0x14)) = 0;
								goto L34;
							}
							_t271 = E0079F7F3();
							goto L32;
						}
						_push(0);
						_push( &_v68);
						_push(_v16);
						_push(_t372);
						_push( &_v60);
						_push(0);
						_push(0);
						_push(0);
						_push(_v12);
						_v68 = 0;
						_v64 = 0;
						_t314 = E00715E80();
						_a4 = _t314;
						__eflags = _t314;
						if(_t314 < 0) {
							goto L49;
						}
						_t316 =  *(_t372 + 0x88) >> 1;
						__eflags = _t316 & 0x00000001;
						if((_t316 & 0x00000001) == 0) {
							__eflags =  *((intOrPtr*)(_t372 + 0x6c)) -  *0x7ffe026c;
							if( *((intOrPtr*)(_t372 + 0x6c)) !=  *0x7ffe026c) {
								goto L18;
							}
							__eflags =  *((intOrPtr*)(_t372 + 0x6d)) -  *0x7ffe0270;
							if( *((intOrPtr*)(_t372 + 0x6d)) !=  *0x7ffe0270) {
								goto L18;
							}
							__eflags =  *((intOrPtr*)(_t372 + 0x94)) - 4;
							if( *((intOrPtr*)(_t372 + 0x94)) != 4) {
								goto L18;
							}
							_t319 =  *((intOrPtr*)(_t372 + 0x68));
							_t343 =  *(_t372 + 0x8c);
							_v16 = _t319;
							__eflags = _t319 + 0xfffffc00 - 0xffc00;
							if(_t319 + 0xfffffc00 > 0xffc00) {
								goto L18;
							}
							__eflags = _t343;
							if(_t343 == 0) {
								goto L18;
							}
							_t348 =  *(_t372 + 0x78) |  *(_t372 + 0x7c);
							__eflags =  *(_t372 + 0x78) |  *(_t372 + 0x7c);
							if(( *(_t372 + 0x78) |  *(_t372 + 0x7c)) == 0) {
								goto L18;
							}
							_t348 =  *(_t372 + 0x74);
							__eflags =  *(_t372 + 0x74) -  *(_t370 + 0x7c);
							if( *(_t372 + 0x74) !=  *(_t370 + 0x7c)) {
								goto L18;
							}
							_push(0);
							_push( &_v68);
							 *(_t372 + 0x78) = 0;
							 *(_t372 + 0x7c) = 0;
							_push( *(_t370 + 0x80));
							_t348 =  &_v60;
							_push(_t372);
							_push( &_v60);
							_push(0);
							_push(0);
							_push(0);
							_push(_v12);
							_t322 = E00716630();
							 *(_t370 + 0xec) =  *(_t370 + 0xec) & 0x00000000;
							_a4 = _t322;
							_t323 = _v16;
							 *(_t370 + 0x100) = _t343;
							 *(_t370 + 0xd8) = _t343;
							 *(_t370 + 0xf4) =  *(_t370 + 0xf4) & 0x00000000;
							 *(_t370 + 0x80) = _t323;
							 *(_t370 + 0xe8) = _t323;
							 *(_t370 + 0xf0) = _t343 * _t323;
							 *(_t370 + 0x5c) = _v12;
							goto L51;
						}
						L18:
						_a4 = 0xc000000d;
						goto L49;
					}
					_a4 = 0xc0000017;
					goto L52;
				}
				_push(_t340);
				_push(0x2c);
				_push( &_v144);
				_push(_t340);
				_t326 = E00715DC0();
				_a4 = _t326;
				if(_t326 < _t340) {
					goto L54;
				}
				_push(_t340);
				_push(0x1c);
				_push( &_v172);
				_push(_t340);
				_push(0xfffffffe);
				_t328 = E00715C30();
				_a4 = _t328;
				if(_t328 < _t340) {
					goto L54;
				}
				_push(_t340);
				_push(0x20);
				_push( &_v100);
				_push(1);
				_push(0xfffffffe);
				_t330 = E00715C30();
				_a4 = _t330;
				if(_t330 < _t340) {
					goto L54;
				}
				_push(_t340);
				_push(0x30);
				_push( &_v220);
				_push(3);
				_t332 = E00715DC0();
				_a4 = _t332;
				if(_t332 < _t340) {
					goto L54;
				}
				_t334 = E006E8E2D(_t348, _t370, _t340,  &_v20);
				_a4 = _t334;
				if(_t334 < _t340) {
					goto L54;
				}
				_t348 =  *(_t370 + 0x60) & 0x0000ffff;
				_t238 = ( *(_t370 + 0x68) & 0x0000ffff) + ( *(_t370 + 0x60) & 0x0000ffff) + 0x17c;
				goto L12;
			}

0x007a1eff
0x007a1f0f
0x007a1f11
0x007a1f1c
0x007a1f22
0x007a1f2c
0x007a1f2f
0x007a1f35
0x007a1f3a
0x007a1f44
0x007a1f48
0x007a1f4b
0x007a1f4b
0x007a1f4d
0x007a1f50
0x007a1f53
0x007a1f56
0x007a1f5b
0x007a1f5d
0x007a1f5d
0x007a1f61
0x007a1f6a
0x007a1f6d
0x007a1f6f
0x007a1f7d
0x007a1f7d
0x007a1f85
0x007a1f8e
0x007a1f94
0x007a202f
0x007a2032
0x007a2035
0x007a2035
0x007a2039
0x007a203c
0x007a203c
0x007a203f
0x007a2042
0x007a2058
0x007a205c
0x007a2081
0x007a2081
0x007a2084
0x007a208b
0x007a208d
0x007a2090
0x007a2460
0x007a2460
0x007a2464
0x007a2466
0x007a2469
0x007a2469
0x007a246e
0x007a246e
0x007a246e
0x007a2470
0x007a2472
0x007a2482
0x007a2482
0x007a2487
0x007a248e
0x007a248e
0x007a2096
0x007a209a
0x007a2192
0x007a2198
0x007a219a
0x007a21a0
0x007a21a4
0x007a21a7
0x007a21ab
0x007a21ae
0x007a21b1
0x007a2359
0x007a2368
0x007a236b
0x007a2374
0x007a2376
0x007a237a
0x007a237e
0x007a2382
0x007a238c
0x007a2384
0x007a2384
0x007a2384
0x007a2395
0x007a239c
0x007a23a4
0x007a23a4
0x007a23a7
0x007a23aa
0x007a23ac
0x007a23ae
0x007a23b1
0x007a23b8
0x007a23c0
0x007a23c5
0x007a23b1
0x007a23ca
0x007a23cb
0x007a23cc
0x007a23cd
0x007a23ce
0x007a23d1
0x007a23d2
0x007a23d3
0x007a23d4
0x007a23d5
0x007a23d8
0x007a23dd
0x007a23e0
0x007a23e2
0x00000000
0x007a23e4
0x007a23e4
0x007a23ea
0x007a23ec
0x007a242e
0x007a242e
0x007a2434
0x007a243a
0x007a2440
0x007a2442
0x007a2448
0x007a244e
0x007a2454
0x007a245a
0x007a245d
0x00000000
0x007a245d
0x007a23ee
0x007a23f4
0x007a23f7
0x00000000
0x00000000
0x007a23f9
0x007a23ff
0x007a2404
0x007a2406
0x007a2406
0x007a240d
0x007a240f
0x007a2412
0x007a2417
0x007a241b
0x007a241c
0x007a241f
0x007a2422
0x007a2427
0x007a242a
0x007a242c
0x00000000
0x00000000
0x00000000
0x00000000
0x007a242c
0x007a23e2
0x007a21ba
0x007a21bd
0x007a21c3
0x007a21c6
0x007a21c9
0x007a21d2
0x007a21d5
0x007a21e5
0x007a21e8
0x007a21eb
0x007a21f3
0x007a21f6
0x007a21f9
0x007a21fc
0x007a2202
0x007a220d
0x007a2223
0x007a2237
0x007a2240
0x007a2249
0x007a2252
0x007a2258
0x007a225c
0x007a2267
0x007a226d
0x007a2276
0x007a227c
0x007a2282
0x007a2288
0x007a2292
0x007a229b
0x007a22a7
0x007a22b3
0x007a22bf
0x007a22cb
0x007a22d2
0x007a22d9
0x007a22e2
0x007a22f2
0x007a22f9
0x007a2314
0x007a231c
0x007a2323
0x007a2328
0x007a232f
0x007a2336
0x007a233f
0x007a2348
0x007a234e
0x00000000
0x007a234e
0x007a21d7
0x007a21d9
0x007a21d9
0x007a21dc
0x00000000
0x007a21dc
0x007a21cb
0x00000000
0x007a21cb
0x007a20a0
0x007a20a4
0x007a20a5
0x007a20ab
0x007a20ac
0x007a20ad
0x007a20ae
0x007a20af
0x007a20b0
0x007a20b3
0x007a20b6
0x007a20b9
0x007a20be
0x007a20c1
0x007a20c3
0x00000000
0x00000000
0x007a20cf
0x007a20d1
0x007a20d3
0x007a20e4
0x007a20ea
0x00000000
0x00000000
0x007a20ef
0x007a20f5
0x00000000
0x00000000
0x007a20f7
0x007a20fe
0x00000000
0x00000000
0x007a2100
0x007a2103
0x007a2109
0x007a2111
0x007a2116
0x00000000
0x00000000
0x007a211a
0x007a211c
0x00000000
0x00000000
0x007a2121
0x007a2121
0x007a2124
0x00000000
0x00000000
0x007a2126
0x007a2129
0x007a212c
0x00000000
0x00000000
0x007a212e
0x007a2132
0x007a2133
0x007a2136
0x007a2139
0x007a213f
0x007a2142
0x007a2143
0x007a2144
0x007a2145
0x007a2146
0x007a2147
0x007a214a
0x007a214f
0x007a2156
0x007a2159
0x007a215c
0x007a2162
0x007a216b
0x007a2172
0x007a2178
0x007a2181
0x007a2187
0x00000000
0x007a2187
0x007a20d5
0x007a20d5
0x00000000
0x007a20d5
0x007a205e
0x00000000
0x007a205e
0x007a1f9a
0x007a1f9b
0x007a1fa3
0x007a1fa4
0x007a1fa5
0x007a1fac
0x007a1faf
0x00000000
0x00000000
0x007a1fb5
0x007a1fb6
0x007a1fbe
0x007a1fbf
0x007a1fc0
0x007a1fc2
0x007a1fc9
0x007a1fcc
0x00000000
0x00000000
0x007a1fd2
0x007a1fd3
0x007a1fd8
0x007a1fd9
0x007a1fdb
0x007a1fdd
0x007a1fe4
0x007a1fe7
0x00000000
0x00000000
0x007a1fed
0x007a1fee
0x007a1ff6
0x007a1ff7
0x007a1ff9
0x007a2000
0x007a2003
0x00000000
0x00000000
0x007a200e
0x007a2015
0x007a2018
0x00000000
0x00000000
0x007a2022
0x007a2026
0x00000000

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007A221C

Part of subcall function 00715DC0: NtQuerySystemInformation.NTDLL ref: 00715DCA

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007A2232

Part of subcall function 00715E80: NtReadFile.NTDLL ref: 00715E8A

Strings

[8v, xrefs: 007A21F6

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$FileInformationQueryReadSystem
String ID: [8v
API String ID: 3981740073-827420849
Opcode ID: e6560f19a7fad76029e3550ab753adcac77a139d079158b89d9bcb82167cb24e
Instruction ID: cb2bdc803c3dc57cf5a258002e3e5f9c3c54836cec95fdaa7fa2e5f7d929f3d5
Opcode Fuzzy Hash: e6560f19a7fad76029e3550ab753adcac77a139d079158b89d9bcb82167cb24e
Instruction Fuzzy Hash: 5C024DB1900749EFDB54CF68C884BEABBF4FF49300F00856AE999D7251D734A995CBA0

Uniqueness

Uniqueness Score: 100.00%

Function 006D60BE, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 246
COMMON

C-Code - Quality: 94%

			E006D60BE(intOrPtr* _a4, signed int _a8, signed char _a12, signed int _a16) {
				signed int _v5;
				intOrPtr* _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				signed char _v36;
				signed char _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t117;
				signed int _t119;
				signed int _t120;
				void* _t121;
				signed int _t122;
				signed int _t123;
				intOrPtr _t124;
				intOrPtr _t126;
				void* _t128;
				signed int _t131;
				signed int _t133;
				signed int _t137;
				void* _t142;
				intOrPtr _t145;
				signed int _t148;
				signed int _t150;
				intOrPtr* _t151;
				signed char _t153;
				signed int _t160;
				void* _t162;
				signed char _t164;
				void* _t167;
				intOrPtr* _t168;
				intOrPtr* _t171;
				signed int _t173;
				signed int _t174;
				void* _t175;

				_t151 = _a8;
				_t117 = _a4;
				_t148 = 0;
				if(_t151 != 0) {
					 *_t151 = _t117;
				}
				if(_t117 == _t148 || _a12 != _t148 && (_a12 < 2 || _a12 > 0x24)) {
					_push(_t148);
					_push(_t148);
					_push(_t148);
					_push(_t148);
					_push(_t148);
					E00778D29(_t148, _t151, _t162, _t167, _t173);
					_t119 = 0;
					goto L33;
				} else {
					_push(_t173);
					_push(_t167);
					_v20 = _t148;
					_v16 = _t148;
					_v5 =  *_t117;
					_t9 = _t117 + 1; // 0x1
					_t168 = _t9;
					while(1) {
						_t120 = _v5 & 0x000000ff;
						_t173 = _t173 | 0xffffffff;
						if(_t120 != _t173) {
							_t173 = _t120;
						}
						_t121 = E006E3285();
						_t164 = 8;
						if(( *(_t121 + _t173 * 2) & _t164) != 0) {
							goto L36;
						} else {
							break;
						}
						do {
							L36:
							_t122 =  *_t168;
							_t168 = _t168 + 1;
							__eflags = _t122 - _v5;
						} while (_t122 == _v5);
						_v5 = _t122;
					}
					_v12 = _t168;
					if(_v5 == 0x2d) {
						_t66 =  &_a16;
						 *_t66 = _a16 | 0x00000002;
						__eflags =  *_t66;
						L39:
						_t123 =  *_t168;
						_t168 = _t168 + 1;
						_v12 = _t168;
						_v5 = _t123;
						L11:
						_t153 = 0x10;
						if(_a12 == _t148) {
							__eflags = _v5 - 0x30;
							if(_v5 == 0x30) {
								_t124 =  *_t168;
								__eflags = _t124 - 0x78;
								if(_t124 == 0x78) {
									L45:
									_a12 = _t153;
									goto L12;
								}
								__eflags = _t124 - 0x58;
								if(_t124 == 0x58) {
									goto L45;
								}
								_a12 = _t164;
								L13:
								asm("cdq");
								_t169 = _a12;
								_v40 = _t164;
								_t126 = E00704250(0xffffffff, 0xffffffff, _a12, _t164);
								_v36 = _t153;
								_v32 = _t148;
								_v28 = _t126;
								_v24 = _t164;
								while(1) {
									_t174 = _v5 & 0x000000ff;
									_t148 = _t148 | 0xffffffff;
									if(_t174 != _t148) {
										_t148 = _t174;
									}
									if(( *(E006E3285() + _t148 * 2) & 0x00000004) == 0) {
										goto L22;
									}
									_t175 = _v5 - 0x30;
									L18:
									if(_t175 >= _a12) {
										L24:
										_t150 = _a16;
										_v12 = _v12 - 1;
										__eflags = _t150 & 0x00000008;
										if((_t150 & 0x00000008) == 0) {
											__eflags = _a8;
											if(_a8 != 0) {
												_v12 = _a4;
											}
											_v20 = 0;
											_v16 = 0;
											L30:
											_t133 = _a8;
											__eflags = _t133;
											if(_t133 != 0) {
												 *_t133 = _v12;
											}
											__eflags = _t150 & 0x00000002;
											if((_t150 & 0x00000002) != 0) {
												asm("adc ecx, 0x0");
												_v20 =  ~_v20;
												_v16 =  ~_v16;
											}
											_t119 = _v20;
											L33:
											return _t119;
										}
										__eflags = _t150 & 0x00000004;
										if((_t150 & 0x00000004) != 0) {
											L72:
											 *0x7af864 = 0x22;
											__eflags = _t150 & 0x00000001;
											if((_t150 & 0x00000001) == 0) {
												__eflags = _t150 & 0x00000002;
												if((_t150 & 0x00000002) == 0) {
													_v20 = _v20 | 0xffffffff;
													_v16 = 0x7fffffff;
												} else {
													_v20 = _v20 & 0x00000000;
													_v16 = 0x80000000;
												}
											} else {
												_v20 = _v20 | 0xffffffff;
												_v16 = _v16 | 0xffffffff;
											}
											goto L30;
										}
										__eflags = _t150 & 0x00000001;
										if((_t150 & 0x00000001) != 0) {
											goto L30;
										}
										_t137 = _t150 & 0x00000002;
										__eflags = _t137;
										if(_t137 != 0) {
											__eflags = _v16 - 0x80000000;
											if(__eflags > 0) {
												goto L72;
											}
											if(__eflags < 0) {
												goto L28;
											}
											__eflags = _v20;
											if(_v20 <= 0) {
												goto L28;
											}
											goto L72;
										}
										L28:
										__eflags = _t137;
										if(_t137 != 0) {
											goto L30;
										}
										__eflags = _v16 - 0x7fffffff;
										if(__eflags >= 0) {
											if(__eflags > 0) {
												goto L72;
											}
											__eflags = _v20 - 0xffffffff;
											if(_v20 <= 0xffffffff) {
												goto L30;
											}
											goto L72;
										}
										goto L30;
									}
									_t160 = _v16;
									_a16 = _a16 | 0x00000008;
									if(_t160 >= _v24) {
										if(__eflags > 0) {
											L56:
											__eflags = _v20 - _v28;
											if(_v20 != _v28) {
												L61:
												_a16 = _a16 | 0x00000004;
												__eflags = _a8;
												if(__eflags == 0) {
													goto L24;
												}
												L21:
												_v12 = _v12 + 1;
												_v5 =  *_v12;
												continue;
											}
											__eflags = _t160 - _v24;
											if(_t160 != _v24) {
												goto L61;
											}
											__eflags = 0 - _v32;
											if(__eflags < 0) {
												goto L20;
											}
											if(__eflags > 0) {
												goto L61;
											}
											__eflags = _t175 - _v36;
											if(_t175 <= _v36) {
												goto L20;
											}
											goto L61;
										}
										__eflags = _v20 - _v28;
										if(_v20 < _v28) {
											goto L20;
										}
										goto L56;
									}
									L20:
									_t142 = E00704080(_t169, _v40, _v20, _t160);
									asm("adc edx, ecx");
									_v20 = _t142 + _t175;
									_v16 = _t164;
									goto L21;
									L22:
									__eflags = _t174 - 0xffffffff;
									if(_t174 == 0xffffffff) {
										_t174 = _t174;
									}
									_t128 = E006E3285();
									__eflags =  *(_t128 + _t174 * 2) & 0x00000103;
									if(( *(_t128 + _t174 * 2) & 0x00000103) != 0) {
										__eflags = _v5 - 0x61 - 0x19;
										_t131 = _v5;
										if(__eflags <= 0) {
											_t131 = _t131 - 0x20;
											__eflags = _t131;
										}
										_t79 = _t131 - 0x37; // -39
										_t175 = _t79;
										goto L18;
									} else {
										goto L24;
									}
								}
							}
							_a12 = 0xa;
							goto L13;
						}
						L12:
						if(_a12 == _t153) {
							__eflags = _v5 - 0x30;
							if(_v5 != 0x30) {
								goto L13;
							}
							_t145 =  *_t168;
							__eflags = _t145 - 0x78;
							if(_t145 == 0x78) {
								L49:
								_t171 = _t168 + 1;
								_v5 =  *_t171;
								_v12 = _t171 + 1;
								goto L13;
							}
							__eflags = _t145 - 0x58;
							if(_t145 != 0x58) {
								goto L13;
							}
							goto L49;
						}
						goto L13;
					}
					if(_v5 == 0x2b) {
						goto L39;
					}
					goto L11;
				}
			}

APIs

__aulldvrm.LIBCMT ref: 006D6161

Strings

0, xrefs: 007623A6
$, xrefs: 006D60EE

Memory Dump Source

Source File: 0000000E.00000002.1724441554.006D0000.00000040.sdmp, Offset: 006D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d0000_bnmoc.jbxd

Similarity

API ID: __aulldvrm
String ID: $$0
API String ID: 1302938615-389342756
Opcode ID: 059352aecf212b29504db3ba928d359f5f0f2faf10ecd94d828fb375a31ec89a
Instruction ID: 332a9ce16bb4e2872732a1253d50b2786a1ee28d5d5a6d118e5e575f7e745cc6
Opcode Fuzzy Hash: 059352aecf212b29504db3ba928d359f5f0f2faf10ecd94d828fb375a31ec89a
Instruction Fuzzy Hash: B891A170D0468ADECF65CF99C8443FDBFB2AF05310F1446AAE8A266392D7784A47CB50

Uniqueness

Uniqueness Score: 0.03%

Analysis Process: msg.exe PID: 4064 Parent PID: 3768 msg.exeUNIQUE

Execution Graph

Execution Coverage:	4%
Dynamic/Decrypted Code Coverage:	1.6%
Signature Coverage:	2.7%
Total number of Nodes:	1179
Total number of Limit Nodes:	156

Executed Functions

Function 0006FB80, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101comUNIQUE

APIs

CoInitialize.OLE32(00000000,00000000,?,00000000), ref: 0006FB97
CoCreateInstance.OLE32(?,00000000,00000001,?,?), ref: 0006FBE3
OleUninitialize.OLE32 ref: 0006FC7E

Strings

@J7<, xrefs: 0006FBAB

Memory Dump Source

Source File: 0000000F.00000002.1952646223.00060000.00000040.sdmp, Offset: 00060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_60000_msg.jbxd

Similarity

API ID: CreateInitializeInstanceUninitialize
String ID: @J7<
API String ID: 948891078-2016760708
Opcode ID: 01b86d3e0bf168467efe269b09a2330515c97f0d6da742377a25e5bb2b8ca0f2
Instruction ID: 4beb3ac9ab58ee3c857b5bf97a9743b3d2f47c5c053f797e82917425a4cb8c8d
Opcode Fuzzy Hash: 01b86d3e0bf168467efe269b09a2330515c97f0d6da742377a25e5bb2b8ca0f2
Instruction Fuzzy Hash: 3C3130B5A0060A9FDB00DFD8D8809EFB7B9BF88314B108559E905EB214D775EE05CBA0

Uniqueness

Uniqueness Score: 23.02%

Function 00076B50, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON

APIs

NtCreateFile.NTDLL(00000060,00000000,.e`,00071FE7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00071FE7,0065002E,00000000,00000060,00000000,00000000), ref: 00076B9D

Strings

.e`, xrefs: 00076B8D, 00076B98

Memory Dump Source

Source File: 0000000F.00000002.1952646223.00060000.00000040.sdmp, Offset: 00060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_60000_msg.jbxd

Similarity

API ID: CreateFile
String ID: .e`
API String ID: 823142352-2561297474
Opcode ID: 78b0fb4f6c382a94794eb8eed5819279df081d90574e12ad6a51395c51bb5bb7
Instruction ID: b4e39216925e06740d371150943c9c1c0b8db192adfb6605895409b99f8525d7
Opcode Fuzzy Hash: 78b0fb4f6c382a94794eb8eed5819279df081d90574e12ad6a51395c51bb5bb7
Instruction Fuzzy Hash: 11F0C4B2214208AFCB48DF88DC85EEB77EDAF8C754F018248BA0D97241D630F851CBA4

Uniqueness

Uniqueness Score: 0.02%

Function 00076B4A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 38filenativeCOMMON

APIs

NtCreateFile.NTDLL(00000060,00000000,.e`,00071FE7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00071FE7,0065002E,00000000,00000060,00000000,00000000), ref: 00076B9D

Strings

.e`, xrefs: 00076B8D, 00076B98

Memory Dump Source

Source File: 0000000F.00000002.1952646223.00060000.00000040.sdmp, Offset: 00060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_60000_msg.jbxd

Similarity

API ID: CreateFile
String ID: .e`
API String ID: 823142352-2561297474
Opcode ID: e2f728a53894c313c59fc4646c7ad2dc72902eea4074bb260b4e5e244c50dc82
Instruction ID: 7a05e0b1d87149932f8a05892970fa87dd7523679d6b4c52e90173f340cb3566
Opcode Fuzzy Hash: e2f728a53894c313c59fc4646c7ad2dc72902eea4074bb260b4e5e244c50dc82
Instruction Fuzzy Hash: 55F037B2214149ABCB08DF98D884CEB77ADEF8C354B05864DFA4C93202D634EC51CBA0

Uniqueness

Uniqueness Score: 0.02%

Function 00076C00, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON

APIs

NtReadFile.NTDLL(000721A2,5EAE521D,FFFFFFFF,00071E61,?,?,000721A2,?,00071E61,FFFFFFFF,5EAE521D,000721A2,?,00000000), ref: 00076C45

Memory Dump Source

Source File: 0000000F.00000002.1952646223.00060000.00000040.sdmp, Offset: 00060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_60000_msg.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 1b06edaf5f08d320a72a04c613942bab4d68573a1487f04935bb6646ba2c81f8
Instruction ID: 23e015e7ce5b1dd254d448a78a1bedf211e4893724d5ca096517bf1e9af09f90
Opcode Fuzzy Hash: 1b06edaf5f08d320a72a04c613942bab4d68573a1487f04935bb6646ba2c81f8
Instruction Fuzzy Hash: EEF0A4B2210208ABCB14DF99DC85EEB77ADAF8C754F158248BA1D97251D630E8118BA4

Uniqueness

Uniqueness Score: 0.01%

Function 00076D2B, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON

APIs

NtAllocateVirtualMemory.NTDLL(001F4400,00000000,?,00061900,?,00061900,?,00000000,001F4400,00003000,00000004), ref: 00076D69

Memory Dump Source

Source File: 0000000F.00000002.1952646223.00060000.00000040.sdmp, Offset: 00060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_60000_msg.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: b65b251fe496482de8d22dd9b8530155c342eac999f72f17710aa248b01ffb52
Instruction ID: 84212027d47345c0232605d6e63ee5010794dbbb9302da240e3628c118912b96
Opcode Fuzzy Hash: b65b251fe496482de8d22dd9b8530155c342eac999f72f17710aa248b01ffb52
Instruction Fuzzy Hash: B9F0F2B6254208ABCB18DF88CC81EEB77ADAF88354F018148BE1897341D630F950CBA4

Uniqueness

Uniqueness Score: 0.01%

Function 00076D30, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON

APIs

NtAllocateVirtualMemory.NTDLL(001F4400,00000000,?,00061900,?,00061900,?,00000000,001F4400,00003000,00000004), ref: 00076D69

Memory Dump Source

Source File: 0000000F.00000002.1952646223.00060000.00000040.sdmp, Offset: 00060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_60000_msg.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: 835046cc17f9e1a5049adb6e7c858c8991b70a2e9844b2d7a0f2a7b58efac9b5
Instruction ID: afdf9d2406d54429eb069726c7878e0af203af6bdc04aa0f018f3c73ce5849ab
Opcode Fuzzy Hash: 835046cc17f9e1a5049adb6e7c858c8991b70a2e9844b2d7a0f2a7b58efac9b5
Instruction Fuzzy Hash: 90F015B6210208ABCB14DF89CC81EEB77ADAF88754F018148BE0C97241C630F810CBA4

Uniqueness

Uniqueness Score: 0.01%

Function 01616130, Relevance: 1.5, APIs: 1, Instructions: 4nativethreadCOMMON

APIs

NtSetContextThread.NTDLL ref: 0161613A

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: a762eafabd44bcff54b3452d41c65a701542eebf8cb9f777b2bda1777c362204
Instruction ID: 2493d26ac150eb3e957937471adb75265c30d52ead2af485b2e8023c90210c6d
Opcode Fuzzy Hash: a762eafabd44bcff54b3452d41c65a701542eebf8cb9f777b2bda1777c362204
Instruction Fuzzy Hash: A6A0023160000157D7816EA5D458646B711FBA2301FA58091A541DA649D5649A9AC766

Uniqueness

Uniqueness Score: 0.04%

Function 016151D0, Relevance: 1.5, APIs: 1, Instructions: 4nativeCOMMON

APIs

NtCreateKey.NTDLL ref: 016151DA

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 9a94b89bad535d553f7ad0df74bc860e0d2d5ebeee258de9677d197437e84082
Instruction ID: 48b38e8fe434c742c2608a073881bcac70572e84a97f10595de53a3f62df0202
Opcode Fuzzy Hash: 9a94b89bad535d553f7ad0df74bc860e0d2d5ebeee258de9677d197437e84082
Instruction Fuzzy Hash: 92A022B020000083C3000A20C00CB032200EFA2308F0080C0B202CA80AFA2BCEA08222

Uniqueness

Uniqueness Score: 0.04%

Function 01615190, Relevance: 1.5, APIs: 1, Instructions: 4filenativeCOMMON

APIs

NtCreateFile.NTDLL ref: 0161519A

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: fb838b93b07e0f05a4fff9f42e7c72354dc0288653d906a0602f6cffb8c610e5
Instruction ID: a307631c4ce9a1631e28f9c15039db31a62404d46fc5d56104a2ad38efc81bfa
Opcode Fuzzy Hash: fb838b93b07e0f05a4fff9f42e7c72354dc0288653d906a0602f6cffb8c610e5
Instruction Fuzzy Hash: 8AA022B0300000C3C3000E38C008B023200FBC0300F8280803202CA80AC0288CA88228

Uniqueness

Uniqueness Score: 0.01%

Function 01616070, Relevance: 1.5, APIs: 1, Instructions: 4nativethreadCOMMON

APIs

NtResumeThread.NTDLL ref: 0161607A

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: fd47c19913e241411633dba58e0baab0bf578bf9c83e48c6cfdec5338c195a4a
Instruction ID: 12f0cb1d0866c0f4173bbb83b1428ecd0176fdc70d882ef9e310c6b20fe8ec20
Opcode Fuzzy Hash: fd47c19913e241411633dba58e0baab0bf578bf9c83e48c6cfdec5338c195a4a
Instruction Fuzzy Hash: B5A00231A1004557DB826AA8C418687F651FBE5302F5680916551CB549E5248AAAD762

Uniqueness

Uniqueness Score: 0.03%

Function 016163D0, Relevance: 1.5, APIs: 1, Instructions: 4nativeCOMMON

APIs

NtSetValueKey.NTDLL ref: 016163DA

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 4f513ece0cdb28e19615cf392ac3e4a80d29285ef552ed0397af4da32fab0d3a
Instruction ID: ded8fd4958fc00919a922fad724d2fa902009ff6adab076807eae15c3db7de3a
Opcode Fuzzy Hash: 4f513ece0cdb28e19615cf392ac3e4a80d29285ef552ed0397af4da32fab0d3a
Instruction Fuzzy Hash: AFA02230200000A3C3802AA0CC0800B2232EBC0300F008080A002CA00AE2308F888B20

Uniqueness

Uniqueness Score: 0.09%

Function 01615390, Relevance: 1.5, APIs: 1, Instructions: 4nativeCOMMON

APIs

NtDelayExecution.NTDLL ref: 0161539A

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: DelayExecution
String ID:
API String ID: 1249177460-0
Opcode ID: dd1c92559a621491b3bc264bdb9b79c1878b94be039526a545ea7d26c6198d15
Instruction ID: 6574499c10136e00cd53c2bdaa3bcb3c9ab9101ca882859d067246e8354d7cd2
Opcode Fuzzy Hash: dd1c92559a621491b3bc264bdb9b79c1878b94be039526a545ea7d26c6198d15
Instruction Fuzzy Hash: 18A00271640411E7E7856AB4C008706A652FBA1701F25C09165C1CA54ADA66C9ADCB31

Uniqueness

Uniqueness Score: 0.03%

Function 01616200, Relevance: 1.5, APIs: 1, Instructions: 4filenativeCOMMON

APIs

NtSetInformationFile.NTDLL ref: 0161620A

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: FileInformation
String ID:
API String ID: 4253254148-0
Opcode ID: b0228b3bb514286382fc16832390b589c249d02efe55f126812c84f5a40bbe96
Instruction ID: 29ebf2d7fa51682c0f55b637c70cae7399b1c52a1d2e25a31981e970ef77f294
Opcode Fuzzy Hash: b0228b3bb514286382fc16832390b589c249d02efe55f126812c84f5a40bbe96
Instruction Fuzzy Hash: 5FA00235604015ABD7415AF7D8086476611EBD1301F1580926606CA56AD63589A9D632

Uniqueness

Uniqueness Score: 0.02%

Function 01615210, Relevance: 1.5, APIs: 1, Instructions: 4nativeCOMMON

APIs

NtCreateMutant.NTDLL ref: 0161521A

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: CreateMutant
String ID:
API String ID: 2492398971-0
Opcode ID: 4507b4686e3326bc5f9269c5686b78a8dd16a10d76d4bb1cfba7885a77c4aa4c
Instruction ID: 5fbce0b2d2604d5fd92dff2c61fb83ded0aab0aa0c1fe791ad3dbe8cf1d7fd88
Opcode Fuzzy Hash: 4507b4686e3326bc5f9269c5686b78a8dd16a10d76d4bb1cfba7885a77c4aa4c
Instruction Fuzzy Hash: 95A022B030000003C3000B28C0083023200EBC2300F02C0C0B202CB88AC2288CA28222

Uniqueness

Uniqueness Score: 0.04%

Function 016152B0, Relevance: 1.5, APIs: 1, Instructions: 4nativeCOMMON

APIs

NtCreateSection.NTDLL ref: 016152BA

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: CreateSection
String ID:
API String ID: 2449625523-0
Opcode ID: 14d947e32f974f0a954bb4ca0b19d98318b24316b15cdfe948ef9b4685fcc5d2
Instruction ID: 808d1251440ff746f41fa13dd3eebfb30c54cca9450d2be9403d0d010bec9c55
Opcode Fuzzy Hash: 14d947e32f974f0a954bb4ca0b19d98318b24316b15cdfe948ef9b4685fcc5d2
Instruction Fuzzy Hash: 9FA02230A00802EBEF008B20C008B032280EBB0303F0080802202CA00AC230C8C8EE30

Uniqueness

Uniqueness Score: 0.02%

Function 01616460, Relevance: 1.5, APIs: 1, Instructions: 4nativethreadCOMMON

APIs

NtSuspendThread.NTDLL ref: 0161646A

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: SuspendThread
String ID:
API String ID: 3178671153-0
Opcode ID: cc7afb9299a15a30bbe8c9caa8c70ac9538d9659d405439397257c3ce35df1eb
Instruction ID: bc55e6c7b3ac682d8bd46ce8bf515179cacb39bdca439560f32dcffa01ad7447
Opcode Fuzzy Hash: cc7afb9299a15a30bbe8c9caa8c70ac9538d9659d405439397257c3ce35df1eb
Instruction Fuzzy Hash: C8A0023170004157D7957A64D808547A656FBE1701F1680E96642DA54DD5368DBA8721

Uniqueness

Uniqueness Score: 0.03%

Function 016154E0, Relevance: 1.5, APIs: 1, Instructions: 4nativeCOMMON

APIs

NtEnumerateValueKey.NTDLL ref: 016154EA

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: EnumerateValue
String ID:
API String ID: 1749906896-0
Opcode ID: 72629596ff4f0c3e5405e9a7c7b809bab65a5113a88233c11f4ecd3251e88a74
Instruction ID: 5b3e4987e2c51dc686a98d2c0010fb63383f454ad95ac91e3be3e071c24a09f9
Opcode Fuzzy Hash: 72629596ff4f0c3e5405e9a7c7b809bab65a5113a88233c11f4ecd3251e88a74
Instruction Fuzzy Hash: 28A02230A08000E3E3802AA0C008B023220FB80380F008080A00ACA80EC2388AC8CF30

Uniqueness

Uniqueness Score: 0.10%

Function 016157F0, Relevance: 1.5, APIs: 1, Instructions: 4nativeCOMMON

APIs

NtMapViewOfSection.NTDLL ref: 016157FA

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: SectionView
String ID:
API String ID: 1323581903-0
Opcode ID: 344461259b46831ccd64b6c8f611b8a08f2636379764f3f7319e09615241ddb8
Instruction ID: 065928e38cd62bb806804566bc304694da523867647c8ac1560aa5ca866fcc32
Opcode Fuzzy Hash: 344461259b46831ccd64b6c8f611b8a08f2636379764f3f7319e09615241ddb8
Instruction Fuzzy Hash: D0A00235B251415BDFC16A68C00860A7611EBD3303F56C1956541DA589D92989ADC762

Uniqueness

Uniqueness Score: 0.01%

Function 01616630, Relevance: 1.5, APIs: 1, Instructions: 4filenativeCOMMON

APIs

NtWriteFile.NTDLL ref: 0161663A

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: d9fcc5af2364a830599a1fe55825108fa9e818e282c3e0700cde0cd08d6605e6
Instruction ID: c834fab4bfbef26e0ccce8e0e62ab084ad340ad7036ae328552306495545558e
Opcode Fuzzy Hash: d9fcc5af2364a830599a1fe55825108fa9e818e282c3e0700cde0cd08d6605e6
Instruction Fuzzy Hash: A4A00231B1000167D7465AA4D8085567655EBD2301B16C091E601CB549D9348AA587B5

Uniqueness

Uniqueness Score: 0.06%

Function 01615DC0, Relevance: 1.5, APIs: 1, Instructions: 4nativeCOMMON

APIs

NtQuerySystemInformation.NTDLL ref: 01615DCA

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 0b9f80ae7ca96d082a4bfc859ae7cdc0a1b05bcbe1d5f2627c4d39c24846cc83
Instruction ID: 94067cb6829caa5c564a148ffdba702c8148db7c97848035bff55b425ed23ca4
Opcode Fuzzy Hash: 0b9f80ae7ca96d082a4bfc859ae7cdc0a1b05bcbe1d5f2627c4d39c24846cc83
Instruction Fuzzy Hash: E2A0223020000003CF828E20C0082832203EBE0302F028080A082CB08ACBA088C0EA28

Uniqueness

Uniqueness Score: 0.01%

Function 01615C40, Relevance: 1.5, APIs: 1, Instructions: 4nativeCOMMON

APIs

NtQueryInformationToken.NTDLL ref: 01615C4A

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: InformationQueryToken
String ID:
API String ID: 4239771691-0
Opcode ID: 70cb3644a78b3e25beb2d55a9fcec7921bdfdd8fde3e10c12e2df5bce00a47a6
Instruction ID: f53a00fcc129856bdd1e02bb95c4701a4c289caf3e83dabc846046a23a651659
Opcode Fuzzy Hash: 70cb3644a78b3e25beb2d55a9fcec7921bdfdd8fde3e10c12e2df5bce00a47a6
Instruction Fuzzy Hash: 15A0023160048557D741AA64C00970A6B21EB91311F15C5D26612DB56ED6358D95D631

Uniqueness

Uniqueness Score: 0.04%

Function 01615C10, Relevance: 1.5, APIs: 1, Instructions: 4nativeCOMMON

APIs

NtQueryInformationProcess.NTDLL ref: 01615C1A

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: InformationProcessQuery
String ID:
API String ID: 1778838933-0
Opcode ID: 0f8764aa284732f2c917bfdbe4ea81c85596dfc0e068f600dd0a87ab7454c11e
Instruction ID: 6fece47d3532c82ddcd94f53308ed227bec35891a0514558f1d2411a47e6e6fe
Opcode Fuzzy Hash: 0f8764aa284732f2c917bfdbe4ea81c85596dfc0e068f600dd0a87ab7454c11e
Instruction Fuzzy Hash: 26A022303000020BC3000A20C02830A3220EB82300F00C080A202CA02AC230888AF232

Uniqueness

Uniqueness Score: 0.02%

Function 01615E40, Relevance: 1.5, APIs: 1, Instructions: 4nativethreadCOMMON

APIs

NtQueueApcThread.NTDLL ref: 01615E4A

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: QueueThread
String ID:
API String ID: 1850944927-0
Opcode ID: 76fa51dba874c192c3d6005bae0f6ca1670dada37cc8b8938c1dcef14f6fcd5f
Instruction ID: 78e717a3c7628ba07e2de6a3739ccd795668f63f577bb9e5f10a0bc6195cac1d
Opcode Fuzzy Hash: 76fa51dba874c192c3d6005bae0f6ca1670dada37cc8b8938c1dcef14f6fcd5f
Instruction Fuzzy Hash: 6FA0023160000557E7829AE4E40C6466615EBD1351B158091A752CB55AD67489D5DA35

Uniqueness

Uniqueness Score: 0.03%

Function 01614E30, Relevance: 1.5, APIs: 1, Instructions: 4nativeCOMMON

APIs

NtAdjustPrivilegesToken.NTDLL ref: 01614E3A

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: ac213fdf29d32b171ccc0113f8ae2da5156d85a68f958e9bd7aae459453f6238
Instruction ID: 4c9821c1b8eb34e3c98681b4f15890a849687203d0d058a17695769b85f3a296
Opcode Fuzzy Hash: ac213fdf29d32b171ccc0113f8ae2da5156d85a68f958e9bd7aae459453f6238
Instruction Fuzzy Hash: 60A002316810069BEB856B64C048B16BB11EBD1301F258291A682CA54BD7258A9FAB65

Uniqueness

Uniqueness Score: 0.03%

Function 01615E10, Relevance: 1.5, APIs: 1, Instructions: 4nativeCOMMON

APIs

NtQueryValueKey.NTDLL ref: 01615E1A

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: e82803b52267a79973e5059b0df0a88ca7ba1ecd3c3d223abfc2c56953da2e66
Instruction ID: a976d56c1bbc5999654b354da8a832036d9222185cfd0706ee640f02e5b086a6
Opcode Fuzzy Hash: e82803b52267a79973e5059b0df0a88ca7ba1ecd3c3d223abfc2c56953da2e66
Instruction Fuzzy Hash: 3FA022302000020BCBC22A30C008002A220EF80300B20C080E082CA00AC3208ACEAB22

Uniqueness

Uniqueness Score: 0.09%

Function 01615EC0, Relevance: 1.5, APIs: 1, Instructions: 4nativeCOMMON

APIs

NtReadVirtualMemory.NTDLL ref: 01615ECA

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: MemoryReadVirtual
String ID:
API String ID: 2834387570-0
Opcode ID: b90dde9fcccd31579747670689903764d273ce6c391151239b5be7968c20f2f1
Instruction ID: 478a473d3416dc7fdc7b0e434f4fb6f39e978edd7b9383ec1e402f29f6784086
Opcode Fuzzy Hash: b90dde9fcccd31579747670689903764d273ce6c391151239b5be7968c20f2f1
Instruction Fuzzy Hash: 59A0023160041D97D786DE64C4095867652EBD1311B158091A742CB55ADB3489D9D636

Uniqueness

Uniqueness Score: 0.02%

Function 01614EA0, Relevance: 1.5, APIs: 1, Instructions: 4memorynativeCOMMON

APIs

NtAllocateVirtualMemory.NTDLL ref: 01614EAA

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: d9d745c16f29c5035b14e76203fecaef66bf82dc838cedfbfd4f6069bd5d9bd4
Instruction ID: 4fff2dc9d40ef5c7c1a81d0d64a29d156607fe96b053b4ed2c4ee80a90a19e71
Opcode Fuzzy Hash: d9d745c16f29c5035b14e76203fecaef66bf82dc838cedfbfd4f6069bd5d9bd4
Instruction Fuzzy Hash: 4FA02230A0000823C3A02A30C00830A2A02EB80300F20C0C02002CB88ACB208B88FBA0

Uniqueness

Uniqueness Score: 0.01%

Function 01615E80, Relevance: 1.5, APIs: 1, Instructions: 4filenativeCOMMON

APIs

NtReadFile.NTDLL ref: 01615E8A

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: abb965f1a7aa65ca48fb26aae4d2b445f2a6d4ff564b89aefd9b00bc2cf6aa79
Instruction ID: b19f471375eb20e055473e9dec5600f1a0ebbb24fe67f89c70f98054b151f062
Opcode Fuzzy Hash: abb965f1a7aa65ca48fb26aae4d2b445f2a6d4ff564b89aefd9b00bc2cf6aa79
Instruction Fuzzy Hash: D8A0023571001A77D79A5AB4C80958BA652EBD1301B1580916B01CB58BE97489A5C625

Uniqueness

Uniqueness Score: 0.01%

Function 016165E0, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 065f3109162da67d10b862b46bf0416ad0916f31cf7f9d65811ed078aa6a35b9
Instruction ID: 30ed1876d9338ad1f3b0d967e12bf29cd3d1ffb536258916e76d834492117efb
Opcode Fuzzy Hash: 065f3109162da67d10b862b46bf0416ad0916f31cf7f9d65811ed078aa6a35b9
Instruction Fuzzy Hash: ABA02230E00000E3C3002B20C008F8AAB00EBF0300B20C0883200CE888C820CA80C320

Uniqueness

Uniqueness Score: 0.00%

Function 016155A0, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6288bdcf0a455832953d0da24d36f1ee729950d8472cec1b01f5bb77d6595fa3
Instruction ID: 4a5e5e407822cc901bee9fd1b5c5a9a2dbe729c43529c2aa2a12a409a355b9cb
Opcode Fuzzy Hash: 6288bdcf0a455832953d0da24d36f1ee729950d8472cec1b01f5bb77d6595fa3
Instruction Fuzzy Hash: 80A02230A0000A0BC3020AA0C0083022202FBC2300F00C08020C2CB08AEAB08A80B3A0

Uniqueness

Uniqueness Score: 0.00%

Function 00076E92, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48memoryCOMMON

APIs

RtlFreeHeap.NTDLL(00000060,00000000,.e`,0065002E,00000000,00000060,00000000,00000000,?,?,?,?,?), ref: 00076E8D

Strings

.e`, xrefs: 00076E7C, 00076E88

Memory Dump Source

Source File: 0000000F.00000002.1952646223.00060000.00000040.sdmp, Offset: 00060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_60000_msg.jbxd

Similarity

API ID: FreeHeap
String ID: .e`
API String ID: 3298025750-2561297474
Opcode ID: 888f75fc0bbd1dd2693390a615b5836b19a0a54043b9b4e2a7f42079489f5095
Instruction ID: 7e1cc39473e9fc7716b393801373cd3c17beb626c8137e3502d97a91bf29998e
Opcode Fuzzy Hash: 888f75fc0bbd1dd2693390a615b5836b19a0a54043b9b4e2a7f42079489f5095
Instruction Fuzzy Hash: 2B0124716042006FCB20CFB8DC85ED77B68EF84360F108689F98D9B253C231A500C7A0

Uniqueness

Uniqueness Score: 0.05%

Function 00076E52, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON

APIs

RtlFreeHeap.NTDLL(00000060,00000000,.e`,0065002E,00000000,00000060,00000000,00000000,?,?,?,?,?), ref: 00076E8D

Strings

.e`, xrefs: 00076E7C, 00076E88

Memory Dump Source

Source File: 0000000F.00000002.1952646223.00060000.00000040.sdmp, Offset: 00060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_60000_msg.jbxd

Similarity

API ID: FreeHeap
String ID: .e`
API String ID: 3298025750-2561297474
Opcode ID: 1e6b18d45a697c054e0412e105c219f28ba84f33b218486d8c3bd03401ba9757
Instruction ID: 40b2fce4bd7be6ee3385e27965410ab6f44890a67c545cf003bf972ecd5336dd
Opcode Fuzzy Hash: 1e6b18d45a697c054e0412e105c219f28ba84f33b218486d8c3bd03401ba9757
Instruction Fuzzy Hash: 12F0E5B1200204AFD724CF68CC84ED77BA9EF88354F10815CF94C97351C631E810CBA0

Uniqueness

Uniqueness Score: 0.05%

Function 00076E60, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON

APIs

RtlFreeHeap.NTDLL(00000060,00000000,.e`,0065002E,00000000,00000060,00000000,00000000,?,?,?,?,?), ref: 00076E8D

Strings

.e`, xrefs: 00076E7C, 00076E88

Memory Dump Source

Source File: 0000000F.00000002.1952646223.00060000.00000040.sdmp, Offset: 00060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_60000_msg.jbxd

Similarity

API ID: FreeHeap
String ID: .e`
API String ID: 3298025750-2561297474
Opcode ID: 984aafa9cbfe75d465256e013bd99c29dc10df0bdfa8ff129b6483589d1e3e3f
Instruction ID: dac96c10429e7abf6c11132545d72168ad66ef5b0d8aa8ce0c7f6c17bc094c1a
Opcode Fuzzy Hash: 984aafa9cbfe75d465256e013bd99c29dc10df0bdfa8ff129b6483589d1e3e3f
Instruction Fuzzy Hash: 91E01AB12002046BD714DF59CC85EA777ACAF88750F018554B90857252D630E910CAB0

Uniqueness

Uniqueness Score: 0.05%

Function 00065C40, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON

APIs

Part of subcall function 00068420: LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00068492

PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 00065C9A

Memory Dump Source

Source File: 0000000F.00000002.1952646223.00060000.00000040.sdmp, Offset: 00060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_60000_msg.jbxd

Similarity

API ID: LoadMessagePostThread
String ID:
API String ID: 635653827-0
Opcode ID: 34923f299fa957866e412cefaf44be2572f183640668e290d8d6d8e63ec0d414
Instruction ID: 4454de4f9a53419c80d5540978618609b61354e4eba368684ec034ceab33bb53
Opcode Fuzzy Hash: 34923f299fa957866e412cefaf44be2572f183640668e290d8d6d8e63ec0d414
Instruction Fuzzy Hash: AF01A731E813297AE720A7948C43FFE776C9B40F55F048114FF08BA1C2EA946A0647F5

Uniqueness

Uniqueness Score: 0.03%

Function 00076F65, Relevance: 1.6, APIs: 1, Instructions: 55processCOMMON

APIs

CreateProcessInternalW.KERNEL32(?,00000044,00000000,?,00000000,8B55FF8B,?,?,?,8B55FF8B,00000000,?,00000000,00000044,?,00000000), ref: 00076F24

Memory Dump Source

Source File: 0000000F.00000002.1952646223.00060000.00000040.sdmp, Offset: 00060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_60000_msg.jbxd

Similarity

API ID: CreateInternalProcess
String ID:
API String ID: 2186235152-0
Opcode ID: f974ac4501ec4fdcc1a81af86567db3359a703bc5a8b0c43c871ba552b39f400
Instruction ID: ef41f272a993b14f0f1f68ec0b0f2b0d299246837ff72791b5ea60d5e87e05f3
Opcode Fuzzy Hash: f974ac4501ec4fdcc1a81af86567db3359a703bc5a8b0c43c871ba552b39f400
Instruction Fuzzy Hash: 6001E2B6210108AFCB14DF89DC80EEB77ADAF8C750F118619FA4CD7251D634E811CBA4

Uniqueness

Uniqueness Score: 0.03%

Function 00068420, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON

APIs

LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00068492

Memory Dump Source

Source File: 0000000F.00000002.1952646223.00060000.00000040.sdmp, Offset: 00060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_60000_msg.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: b3b34b47e0dc5e907f57f4ed0efc9817218af35f32adb8d89895888b6ea7948c
Instruction ID: 1b1c4b086910c08df5fdd9f50d4726ff024434b2cfdc7f977b64f326ad31be54
Opcode Fuzzy Hash: b3b34b47e0dc5e907f57f4ed0efc9817218af35f32adb8d89895888b6ea7948c
Instruction Fuzzy Hash: A30100B5D0010EABDB10DAA4DC42FDEB7B89B54308F008195E90C97142FA75EA54C751

Uniqueness

Uniqueness Score: 0.03%

Function 00076ECD, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON

APIs

CreateProcessInternalW.KERNEL32(?,00000044,00000000,?,00000000,8B55FF8B,?,?,?,8B55FF8B,00000000,?,00000000,00000044,?,00000000), ref: 00076F24

Memory Dump Source

Source File: 0000000F.00000002.1952646223.00060000.00000040.sdmp, Offset: 00060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_60000_msg.jbxd

Similarity

API ID: CreateInternalProcess
String ID:
API String ID: 2186235152-0
Opcode ID: d68c6ff910501cb0e557e77978929a646a199e779d45195aa60dcd9b05e62a88
Instruction ID: 8326582496718307bede1cf163df7b64ed7df44af87b9ccb71592fdc9f2d6a18
Opcode Fuzzy Hash: d68c6ff910501cb0e557e77978929a646a199e779d45195aa60dcd9b05e62a88
Instruction Fuzzy Hash: 5C01F2B2218508ABCB44DF98DC80DEB7BADAF8C314F158258FA5D97245C630E841CBA0

Uniqueness

Uniqueness Score: 0.03%

Function 00076ED0, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON

APIs

CreateProcessInternalW.KERNEL32(?,00000044,00000000,?,00000000,8B55FF8B,?,?,?,8B55FF8B,00000000,?,00000000,00000044,?,00000000), ref: 00076F24

Memory Dump Source

Source File: 0000000F.00000002.1952646223.00060000.00000040.sdmp, Offset: 00060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_60000_msg.jbxd

Similarity

API ID: CreateInternalProcess
String ID:
API String ID: 2186235152-0
Opcode ID: 98e771c82d1b18d55423c21847cc8b4ddb973226013cc979f561a8b0abcee0a4
Instruction ID: 52c039817919b0b7c04f28034c337ed21ceec6d8d1abeec7e7f7a567f76df852
Opcode Fuzzy Hash: 98e771c82d1b18d55423c21847cc8b4ddb973226013cc979f561a8b0abcee0a4
Instruction Fuzzy Hash: 5E01B2B2214108BFCB54DF9DDC84EEB77ADAF8C754F118258BA0D97251D630E851CBA4

Uniqueness

Uniqueness Score: 0.03%

Function 00076E20, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON

APIs

RtlAllocateHeap.NTDLL(00071966,?,000720DF,000720DF,?,00071966,?,?,?,?,?,00000000,00000000,?), ref: 00076E4D

Memory Dump Source

Source File: 0000000F.00000002.1952646223.00060000.00000040.sdmp, Offset: 00060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_60000_msg.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: f6544b82eed6ab50ade5eb4ad2e85bda6f68135c3a9f5ed55c31cb321cb9a8c4
Instruction ID: 7a58a44de9901a4af964e41eef086798926d08bbbf264493b993f4978da551a5
Opcode Fuzzy Hash: f6544b82eed6ab50ade5eb4ad2e85bda6f68135c3a9f5ed55c31cb321cb9a8c4
Instruction Fuzzy Hash: D4E01AB12002046BD714DF59CC45EE777ACAF88654F018554BA085B242C630F914CAB0

Uniqueness

Uniqueness Score: 0.01%

Function 00076FC0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON

APIs

LookupPrivilegeValueW.ADVAPI32(00000000,?,0006C8A2,0006C8A2,?,00000000,?,?), ref: 00076FF0

Memory Dump Source

Source File: 0000000F.00000002.1952646223.00060000.00000040.sdmp, Offset: 00060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_60000_msg.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: cf4c76dac4ddd1e62bb040ff8bb5d36f955ce6d5e43865165b3e94018497cf27
Instruction ID: 5871400fca82488532241df0390ddbe8629228b0479f1562417444b24de41afa
Opcode Fuzzy Hash: cf4c76dac4ddd1e62bb040ff8bb5d36f955ce6d5e43865165b3e94018497cf27
Instruction Fuzzy Hash: 01E01AB16002086BDB14DF59CC45EE737ADAF88650F018154BA0C57242DA34E8108BF5

Uniqueness

Uniqueness Score: 0.02%

Function 0006CDA0, Relevance: 1.5, APIs: 1, Instructions: 19COMMON

APIs

SetErrorMode.KERNELBASE(00008003,?,00066644,?), ref: 0006CDCB

Memory Dump Source

Source File: 0000000F.00000002.1952646223.00060000.00000040.sdmp, Offset: 00060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_60000_msg.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 316a2fec1d3dec8332b25f985a0ae9f6d94d297eaff2af796c67e918549285d4
Instruction ID: a36b3cbe3c7e925db1f4bc7384243beb2fab91bf5081fdc838ccd25f86016862
Opcode Fuzzy Hash: 316a2fec1d3dec8332b25f985a0ae9f6d94d297eaff2af796c67e918549285d4
Instruction Fuzzy Hash: C5D0A972AA03083BF650EAA88C03FA632CC9B44B04F094070FA4CEB3C3ED68E5018164

Uniqueness

Uniqueness Score: 0.02%

Non-executed Functions

Function 01643951, Relevance: 14.2, Strings: 11, Instructions: 424
UNIQUECrypto

C-Code - Quality: 55%

			E01643951(intOrPtr _a4, intOrPtr _a8, signed short _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				char _v544;
				char _v1064;
				char _v1068;
				char _v1069;
				signed short* _v1076;
				signed short _v1080;
				signed short* _v1084;
				signed short _v1086;
				char _v1088;
				signed short _v1092;
				signed short _v1096;
				signed short _v1100;
				char* _v1104;
				short _v1106;
				char _v1108;
				signed short _v1111;
				signed short _v1112;
				signed int _v1116;
				signed short _v1120;
				signed short* _v1124;
				short _v1126;
				char _v1128;
				intOrPtr _v1132;
				signed short* _v1136;
				intOrPtr _v1140;
				signed short _v1144;
				signed short _v1148;
				short _v1150;
				char _v1152;
				char* _v1156;
				short _v1158;
				char _v1160;
				intOrPtr _v1164;
				signed short* _v1172;
				intOrPtr _v1176;
				char _v1180;
				signed short* _v1184;
				signed short* _v1188;
				intOrPtr _v1192;
				char* _v1196;
				intOrPtr _v1200;
				char _v1204;
				char _v1212;
				char __ebx;
				signed int __edi;
				signed short __esi;
				signed int _t173;
				intOrPtr _t175;
				void* _t187;
				intOrPtr _t194;
				char _t209;
				void* _t220;
				signed short _t236;
				unsigned int _t240;
				signed int _t242;

				_t173 =  *0x16a81e8; // 0x77d4aa35
				_v8 = _t173 ^ _t242;
				_t175 = _a4;
				_t225 = _a8;
				_v1132 = _a16;
				_v1140 = _a20;
				_v1160 = 0;
				_v1158 = 0x208;
				_v1156 =  &_v1064;
				_t235 = 0;
				_t236 = _a12;
				_v1164 = _t175;
				_v1069 = 0;
				_v1068 = 0;
				_v1136 = 0;
				_v1088 = 0;
				_v1086 = 0;
				_v1084 = 0;
				_v1128 = 0;
				_v1126 = 0;
				_v1124 = 0;
				_v1144 = 0;
				if(_t175 == 0) {
					_t235 = 0;
					goto L66;
				} else {
					if(__ecx == 0 || __edi < 1 || __edi >  *(__eax + 4)) {
						__edx =  *(__eax + 4);
						L66:
						_push(_t235);
						_push(_t236);
						_push(_t225);
						_push(_t175);
						L015F1ACE(0x33, 0, "SXS: %s() bad parameters\nSXS:   Map                : %p\nSXS:   Data               : %p\nSXS:   AssemblyRosterIndex: 0x%lx\nSXS:   Map->AssemblyCount : 0x%lx\n", "RtlpResolveAssemblyStorageMapEntry");
						_t239 = 0xc000000d;
						goto L29;
					} else {
						__eax =  *(__eax + 8);
						if( *((intOrPtr*)(__eax + __edi * 4)) != 0) {
							L34:
							return E01622F0C(_t239, 0, _v8 ^ _t242, _t235, _t236, _t239);
						}
						__edx =  *(__ecx + 0x18);
						__edi = __edi * 0x18;
						__edx =  *(__ecx + 0x18) + __ecx;
						__esi =  *(__edx + 0xc);
						__edx =  *(__edx + 0x10);
						__esi = __esi + __edi * 0x18;
						__eax =  *(__esi + __ecx + 0x10);
						__eax =  *(__esi + __ecx + 0x10) + __ecx;
						__esi =  *(__eax + 0x50);
						__edx = __edx + __ecx;
						if(__esi > 0xfffe) {
							_push(__ecx);
							__eax = L015F1ACE(0x33, 0, "SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p\n", __esi);
							L39:
							_t239 = 0xc0000106;
							L31:
							if(_v1084 != 0) {
								 *0x1625538(_v1084);
							}
							if(_v1068 != 0) {
								_push(_v1068);
								E01615090();
							}
							if(_v1136 != 0) {
								E01622882(_t225,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v1136);
							}
							goto L34;
						}
						if(( *(__eax + 4) & 0x00000010) != 0) {
							goto L1;
						}
						_v1076 = 0;
						__si =  *(__eax + 0x50);
						_v1152 = __si;
						_v1150 = __si;
						__eax =  *(__eax + 0x54);
						_v1148 = __eax;
						__eax = 0;
						_v1108 = __ax;
						__eax = 0x216;
						_v1106 = __ax;
						__eax =  &_v544;
						_v1104 =  &_v544;
						__eax =  &_v1120;
						_v1120 = __ecx;
						_v1116 = __edi;
						_v1112 = 0;
						_v1100 = __bl;
						_v1092 = __bl;
						_v1096 = 0;
						__eax = _v1132(1,  &_v1120, _v1140);
						if(_v1092 != __bl) {
							__esi = 0xc0000120;
							goto L31;
						}
						if(_v1100 != __bl) {
							 &_v1068 =  &_v1076;
							 &_v1088 =  &_v1160;
							 &_v1152 =  &_v1108;
							__esi = E01644344(0,  &_v1108,  &_v1152,  &_v1160,  &_v1088,  &_v1076,  &_v1068);
							if(__esi >= 0) {
								 &_v1068 =  &_v1108;
								__eax = E0164409E(_v1164, __edi,  &_v1108,  &_v1068);
								__esi = __eax;
								if(__esi >= 0) {
									__esi = 0;
									goto L31;
								}
								_push(__esi);
								_push(__edi);
								_push("SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx\n");
								L50:
								_push(__ebx);
								_push(0x33);
								__eax = L015F1ACE();
								__esp = __esp + 0x14;
								goto L31;
							}
							_push(__esi);
							__eax =  &_v1108;
							_push( &_v1108);
							_push("SXS: Attempt to probe known root of assembly storage (\"%wZ\") failed; Status = 0x%08lx\n");
							goto L50;
						}
						__eax = _v1112;
						_v1144 = _v1112;
						__eax = _v1096;
						__edi = 0;
						_v1080 = __eax;
						_v1069 = 1;
						if(__eax <= 0) {
							L25:
							if(__edi == _v1080) {
								L59:
								_push(__edi);
								__eax =  &_v1152;
								__eax = L015F1ACE(0x33, __ebx, "SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries\n",  &_v1152);
								__esi = 0xc0150004;
								L30:
								_v1120 = _v1144;
								_v1132(4,  &_v1120, _v1140);
								goto L31;
							}
							L26:
							if(_v1068 == 0) {
								if(E0162CBB1(_v1076[2],  &_v1128, 0,  &_v1180) == 0) {
									L015F1ACE(0x33, 0, "SXS: Attempt to translate DOS path name \"%S\" to NT format failed\n", _v1076[2]);
									_t239 = 0xc000003a;
									L29:
									if(_v1069 == 0) {
										goto L31;
									}
									goto L30;
								}
								_v1136 = _v1124;
								_t209 = _v1180;
								if(_t209 != 0) {
									_v1128 = _t209;
									_v1124 = _v1176;
								} else {
									_v1172 = 0;
								}
								_v1200 = _v1172;
								_push(0x21);
								_v1196 =  &_v1128;
								_push(3);
								_push( &_v1212);
								_push( &_v1204);
								_push(0x100020);
								_push( &_v1068);
								_v1204 = 0x18;
								_v1192 = 0x40;
								_v1188 = 0;
								_v1184 = 0;
								_t239 = E016158A0();
								E01627DEA( &_v1180, _t225,  &_v1180);
								if(_t239 >= 0) {
									goto L27;
								} else {
									_push(_t239);
									L015F1ACE(0x33, 0, "SXS: Unable to open assembly directory under storage root \"%S\"; Status = 0x%08lx\n", _v1076[2]);
									goto L29;
								}
							}
							L27:
							_t220 = E0164409E(_v1164, _a12, _v1076,  &_v1068);
							_t239 = _t220;
							if(_t220 < 0) {
								L015F1ACE(0x33, 0, "SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx\n", _t239);
							} else {
								_t239 = 0;
							}
							goto L29;
						} else {
							goto L21;
						}
						while(1) {
							L21:
							__eax = _v1144;
							_v1120 = _v1144;
							__eax = 0;
							_v1108 = __ax;
							__eax = 0x216;
							_v1106 = __ax;
							__eax =  &_v544;
							_v1104 =  &_v544;
							__eax =  &_v1120;
							_v1116 = __edi;
							_v1112 = __bl;
							_v1111 = __bl;
							__eax = _v1132(2,  &_v1120, _v1140);
							if(_v1112 != __bl) {
								break;
							}
							if(_v1111 != __bl) {
								if(_v1108 == __bx) {
									goto L59;
								}
								_t159 = __edi + 1; // 0x1
								__eax = _t159;
								_v1080 = _t159;
							}
							if(_v1108 != __bx) {
								if(_v1068 != __ebx) {
									_push(_v1068);
									__eax = E01615090();
									_v1068 = __ebx;
								}
								 &_v1068 =  &_v1076;
								 &_v1088 =  &_v1160;
								 &_v1152 =  &_v1108;
								__esi = E01644344(__ebx,  &_v1108,  &_v1152,  &_v1160,  &_v1088,  &_v1076,  &_v1068);
								if(__esi >= __ebx) {
									goto L25;
								} else {
									if(__esi == 0xc0150004) {
										goto L24;
									}
									_push(__esi);
									__eax =  &_v1152;
									_push( &_v1152);
									__eax =  &_v1108;
									__eax = L015F1ACE(0x33, __ebx, "SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx\n",  &_v1108);
									goto L30;
								}
							}
							L24:
							__edi = __edi + 1;
							if(__edi < _v1080) {
								continue;
							}
							goto L25;
						}
						__esi = 0xc0000120;
						goto L30;
					}
				}
				L1:
				_v1076 =  &_v1160;
				_t236 =  *(_t175 + 0x18);
				_v1080 = _t236;
				if(_t236 == 0) {
					_t239 = 0xc00000e5;
					goto L34;
				}
				_t187 = E016287C9(_t236, 0x5c);
				_pop(_t225);
				if(_t187 == 0) {
					_t239 = 0xc00000e5;
					goto L31;
				}
				_t236 = (_t187 - _t236 >> 0x00000001) + (_t187 - _t236 >> 0x00000001) + 0x00000004 & 0x0000ffff;
				if(_t236 > 0x208) {
					if(_t236 > 0xfffe) {
						goto L39;
					}
					_v1086 = _t236;
					_t194 =  *0x1625510(_t236 & 0x0000ffff);
					_v1084 = _t194;
					if(_t194 != 0) {
						_v1076 =  &_v1088;
						goto L4;
					}
					_t239 = 0xc0000017;
					goto L31;
				}
				L4:
				_t240 = _t236 & 0x0000ffff;
				E01604830(_v1076[2], _v1080, _t240 - 2);
				_t225 = 0;
				 *((short*)(_v1076[2] + (_t240 >> 1) * 2 - 2)) = 0;
				 *_v1076 = _t236;
				goto L26;
			}

0x0164395c
0x01643963
0x01643969
0x0164396c
0x0164396f
0x01643978
0x01643980
0x0164398f
0x0164399d
0x016439a3
0x016439a8
0x016439ab
0x016439b1
0x016439b7
0x016439bd
0x016439c3
0x016439ca
0x016439d1
0x016439d7
0x016439de
0x016439e5
0x016439eb
0x016439f3
0x01654c37
0x00000000
0x016439f9
0x016439fb
0x015d6003
0x01654c39
0x01654c39
0x01654c3a
0x01654c3b
0x01654c3c
0x01654c4a
0x01654c52
0x00000000
0x01643a13
0x01643a13
0x01643a19
0x01643c22
0x01643c32
0x01643c32
0x01643a1f
0x01643a24
0x01643a27
0x01643a29
0x01643a2c
0x01643a2f
0x01643a31
0x01643a35
0x01643a37
0x01643a3a
0x01643a42
0x01654a40
0x01654a4a
0x01654a52
0x01654a52
0x01643bfe
0x01643c04
0x01654c62
0x01654c62
0x01643c10
0x01654c6d
0x01654c73
0x01654c73
0x01643c1c
0x015d5ff9
0x015d5ff9
0x00000000
0x01643c1c
0x01643a4c
0x00000000
0x00000000
0x01643a58
0x01643a5e
0x01643a62
0x01643a69
0x01643a70
0x01643a75
0x01643a7b
0x01643a7d
0x01643a84
0x01643a89
0x01643a90
0x01643a96
0x01643a9c
0x01643aa5
0x01643aab
0x01643ab1
0x01643ab7
0x01643abd
0x01643ac3
0x01643ac9
0x01643ad5
0x01654ad3
0x00000000
0x01654ad3
0x01643ae1
0x01654ae4
0x01654af2
0x01654b00
0x01654b0d
0x01654b11
0x01654b37
0x01654b45
0x01654b4a
0x01654b4e
0x01654b59
0x00000000
0x01654b59
0x01654b50
0x01654b51
0x01654b52
0x01654b20
0x01654b20
0x01654b21
0x01654b23
0x01654b28
0x00000000
0x01654b28
0x01654b13
0x01654b14
0x01654b1a
0x01654b1b
0x00000000
0x01654b1b
0x01643ae7
0x01643aed
0x01643af3
0x01643af9
0x01643afb
0x01643b01
0x01643b0a
0x01643b96
0x01643b9c
0x01654b9b
0x01654b9b
0x01654b9c
0x01654bab
0x01654bb3
0x01643bdd
0x01643be9
0x01643bf8
0x00000000
0x01643bf8
0x01643ba2
0x01643ba8
0x015d5f49
0x01654ac1
0x01654ac9
0x01643bd5
0x01643bdb
0x00000000
0x00000000
0x00000000
0x01643bdb
0x015d5f55
0x015d5f5b
0x015d5f64
0x01654beb
0x01654bf7
0x015d5f6a
0x015d5f6a
0x015d5f6a
0x015d5f76
0x015d5f7c
0x015d5f84
0x015d5f8a
0x015d5f92
0x015d5f99
0x015d5f9a
0x015d5fa5
0x015d5fa6
0x015d5fb0
0x015d5fba
0x015d5fc0
0x015d5fcb
0x015d5fd4
0x015d5fdb
0x00000000
0x015d5fe1
0x01654c08
0x01654c14
0x00000000
0x01654c19
0x015d5fdb
0x01643bae
0x01643bc4
0x01643bc9
0x01643bcd
0x01654c2a
0x01643bd3
0x01643bd3
0x01643bd3
0x00000000
0x00000000
0x00000000
0x00000000
0x01643b10
0x01643b10
0x01643b10
0x01643b1c
0x01643b22
0x01643b24
0x01643b2b
0x01643b30
0x01643b37
0x01643b3d
0x01643b43
0x01643b4c
0x01643b52
0x01643b58
0x01643b5e
0x01643b6a
0x00000000
0x00000000
0x01643b76
0x01654b67
0x00000000
0x00000000
0x01654b69
0x01654b69
0x01654b6c
0x01654b6c
0x01643b83
0x016442fa
0x01654b77
0x01654b7d
0x01654b82
0x01654b82
0x01644307
0x01644315
0x01644323
0x01644330
0x01644334
0x00000000
0x0164433a
0x01654b93
0x00000000
0x00000000
0x01654bc7
0x01654bc8
0x01654bce
0x01654bcf
0x01654bde
0x00000000
0x01654be3
0x01644334
0x01643b89
0x01643b89
0x01643b90
0x00000000
0x00000000
0x00000000
0x01643b90
0x01654bbd
0x00000000
0x01654bbd
0x016439fb
0x015d5ea1
0x015d5ea7
0x015d5eb0
0x015d5eb2
0x015d5eb8
0x01654a5c
0x00000000
0x01654a5c
0x015d5ec1
0x015d5ec7
0x015d5eca
0x01654a66
0x00000000
0x01654a66
0x015d5ed8
0x015d5ee3
0x01654a78
0x00000000
0x00000000
0x01654a7e
0x01654a85
0x01654a8b
0x01654a93
0x01654aa5
0x00000000
0x01654aa5
0x01654a95
0x00000000
0x01654a95
0x015d5ee9
0x015d5ee9
0x015d5eff
0x015d5f0f
0x015d5f11
0x015d5f22
0x00000000

Strings

SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01654BD6
SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01654C42
SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 01654BA3
@, xrefs: 015D5FB0
SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01654B1B
SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 01654C0C
SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 01654A42
SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01654C22
SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01654AB9
RtlpResolveAssemblyStorageMapEntry, xrefs: 01654C3D
SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01654B52

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
API String ID: 0-4009184096
Opcode ID: 706a9eda3dba2c8c8195333d0441716694415b9f9ae1e0a860c6d40d0e3e0027
Instruction ID: dd95b59660720d9c4afeef0cf057006f1d6053fd1436fe4169c375de3b8baca2
Opcode Fuzzy Hash: 706a9eda3dba2c8c8195333d0441716694415b9f9ae1e0a860c6d40d0e3e0027
Instruction Fuzzy Hash: 5A023CF19002299FDB61DF54CC80BEEB7B9BF54204F4441EAEA49A7211EB309E85CF59

Uniqueness

Uniqueness Score: 100.00%

Function 016950A5, Relevance: 12.0, Strings: 9, Instructions: 799
UNIQUECrypto

C-Code - Quality: 58%

			E016950A5(signed int _a4, signed int _a8, intOrPtr* _a16, signed int* _a20, signed int* _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t339;
				intOrPtr _t361;
				signed int _t365;
				signed short _t377;
				signed char _t380;
				signed int* _t382;
				signed char _t383;
				signed int _t384;
				intOrPtr _t386;
				unsigned int _t401;
				signed int _t402;
				intOrPtr _t409;
				intOrPtr _t423;
				signed int _t450;
				intOrPtr _t452;
				intOrPtr* _t463;
				signed int _t465;
				signed int* _t466;
				signed int _t467;
				intOrPtr _t468;
				signed short _t469;
				signed int _t471;
				signed int _t472;
				signed int _t475;
				signed short* _t486;
				signed short _t487;
				signed int* _t489;
				signed int _t490;
				signed int _t498;
				signed int _t501;
				signed int _t502;
				signed int _t511;
				signed short _t513;
				signed short _t514;
				signed int _t515;
				signed int* _t519;
				signed int _t523;
				signed int _t532;
				signed int _t534;
				signed int* _t535;
				signed int _t537;
				void* _t539;
				signed int _t549;
				signed int _t551;
				intOrPtr _t557;
				intOrPtr _t561;
				signed int _t570;
				intOrPtr* _t582;
				signed int _t583;
				signed int* _t584;
				void* _t585;
				signed int _t586;
				signed int _t588;
				signed int _t589;
				signed int _t590;
				signed int _t592;
				signed int* _t594;
				signed short _t595;
				signed short _t597;
				signed int _t604;
				signed int _t605;
				signed int _t607;
				signed short _t609;
				signed short _t611;
				signed int _t613;
				signed int _t615;
				signed int _t616;
				signed int _t621;
				signed int _t622;
				signed int _t623;
				intOrPtr _t626;
				signed int* _t627;
				intOrPtr _t628;
				signed int _t630;
				signed int* _t632;
				signed int _t633;
				signed int _t634;
				signed int _t636;
				signed int _t638;
				signed int* _t642;
				signed short _t643;
				signed short _t645;
				signed int _t646;
				void* _t650;
				signed int _t652;
				signed int _t654;
				signed int* _t656;
				signed short _t664;
				signed short _t667;
				intOrPtr _t668;
				intOrPtr _t669;
				signed int _t670;
				signed int _t671;
				void* _t690;

				_t671 = _a8;
				_t339 = 0;
				_v32 = 0;
				_v36 = 0;
				_v24 = 0;
				if(_t671 >=  *((intOrPtr*)(_t671 + 0x28))) {
					L176:
					_t668 = _v32;
					__eflags =  *((intOrPtr*)(_t671 + 0x2c)) - _t668;
					if( *((intOrPtr*)(_t671 + 0x2c)) == _t668) {
						_t669 = _v36;
						__eflags =  *((intOrPtr*)(_t671 + 0x30)) - _t669;
						if( *((intOrPtr*)(_t671 + 0x30)) == _t669) {
							goto L203;
						}
						_t557 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *((intOrPtr*)(_t557 + 0xc)) - _t339;
						if( *((intOrPtr*)(_t557 + 0xc)) == _t339) {
							_push("HEAP: ");
							E015EF63B();
						} else {
							E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_t669);
						_push( *((intOrPtr*)(_t671 + 0x30)));
						_push(_t671);
						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
						L211:
						E015EF63B();
						goto L186;
					}
					_t561 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
					__eflags =  *((intOrPtr*)(_t561 + 0xc)) - _t339;
					if( *((intOrPtr*)(_t561 + 0xc)) == _t339) {
						_push("HEAP: ");
						E015EF63B();
					} else {
						E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t668);
					_push( *((intOrPtr*)(_t671 + 0x2c)));
					_push(_t671);
					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
					goto L211;
				} else {
					_t670 = _a4;
					do {
						_t532 = 0;
						 *_a24 = _t671;
						if( *(_t670 + 0x4c) != 0) {
							 *_t671 =  *_t671 ^  *(_t670 + 0x50);
							_t679 =  *(_t671 + 3) - ( *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671);
							if( *(_t671 + 3) != ( *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671)) {
								_push(0);
								_push(_t671);
								_push(_t670);
								E01694BBA(0, _t670, _t671, _t679);
							}
						}
						if(_v24 != ( *(_t671 + 4) ^  *(_t670 + 0x54))) {
							_t361 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *((intOrPtr*)(_t361 + 0xc)) - _t532;
							if( *((intOrPtr*)(_t361 + 0xc)) == _t532) {
								_push("HEAP: ");
								E015EF63B();
							} else {
								E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v24 & 0x0000ffff);
							_t365 =  *(_t671 + 4) & 0x0000ffff ^  *(_t670 + 0x54) & 0x0000ffff;
							__eflags = _t365;
							_push(_t365);
							E015EF63B("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t671);
							L183:
							_t690 =  *(_t670 + 0x4c) - _t532;
							L184:
							if(_t690 != 0) {
								 *(_t671 + 3) =  *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671;
								 *_t671 =  *_t671 ^  *(_t670 + 0x50);
							}
							L186:
							return 0;
						}
						_t377 =  *_t671 & 0x0000ffff;
						_v24 = _t377 & 0x0000ffff;
						_t568 = _t377 & 0x0000ffff;
						_a4 = _t568 << 3;
						_t380 =  *(_t671 + 2);
						if((_t380 & 0x00000001) == 0) {
							__eflags =  *(_t670 + 0x40) & 0x00000040;
							if(( *(_t670 + 0x40) & 0x00000040) == 0) {
								L154:
								 *_a16 =  *_a16 + 1;
								_t382 = _a20;
								 *_t382 =  *_t382 + ( *_t671 & 0x0000ffff);
								__eflags =  *_t382;
								L155:
								_t383 =  *(_t671 + 6);
								__eflags = _t383;
								if(_t383 == 0) {
									_t384 = _t670;
								} else {
									_t384 = (_t671 & 0xffff0000) - ((_t383 & 0x000000ff) << 0x10) + 0x10000;
								}
								_t570 = _a8;
								__eflags = _t384 - _t570;
								if(_t384 != _t570) {
									_t386 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									__eflags =  *((intOrPtr*)(_t386 + 0xc)) - _t532;
									if( *((intOrPtr*)(_t386 + 0xc)) == _t532) {
										_push("HEAP: ");
										E015EF63B();
									} else {
										E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
									}
									_push( *(_t671 + 6) & 0x000000ff);
									_push(_t671);
									_push("Heap block at %p has incorrect segment offset (%x)\n");
									goto L195;
								} else {
									__eflags =  *((char*)(_t671 + 7)) - 3;
									if( *((char*)(_t671 + 7)) != 3) {
										__eflags =  *(_t670 + 0x4c) - _t532;
										if( *(_t670 + 0x4c) != _t532) {
											 *(_t671 + 3) =  *(_t671 + 1) ^  *_t671 ^  *(_t671 + 2);
											 *_t671 =  *_t671 ^  *(_t670 + 0x50);
											__eflags =  *_t671;
										}
										_t671 = _t671 + _a4;
										__eflags = _t671;
										goto L174;
									}
									_t401 =  *(_t671 + 0x1c);
									__eflags = _t401 - _t532;
									if(_t401 == _t532) {
										_t402 =  *_t671 & 0x0000ffff;
										__eflags = _t671 + _t402 * 8 -  *((intOrPtr*)(_t570 + 0x28));
										if(_t671 + _t402 * 8 ==  *((intOrPtr*)(_t570 + 0x28))) {
											__eflags =  *(_t670 + 0x4c) - _t532;
											if( *(_t670 + 0x4c) != _t532) {
												 *(_t671 + 3) =  *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671;
												 *_t671 =  *_t671 ^  *(_t670 + 0x50);
												__eflags =  *_t671;
											}
											L203:
											return 1;
										}
										_t409 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
										__eflags =  *((intOrPtr*)(_t409 + 0xc)) - _t532;
										if( *((intOrPtr*)(_t409 + 0xc)) == _t532) {
											_push("HEAP: ");
											E015EF63B();
										} else {
											E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
										}
										_push( *((intOrPtr*)(_a8 + 0x28)));
										_push(_t671);
										_push("Heap block at %p is not last block in segment (%p)\n");
										L195:
										E015EF63B();
										goto L183;
									}
									_v36 = _v36 + 1;
									_v32 = _v32 + (_t401 >> 0xc);
									__eflags =  *(_t670 + 0x4c) - _t532;
									if( *(_t670 + 0x4c) != _t532) {
										 *(_t671 + 3) =  *(_t671 + 1) ^  *_t671 ^  *(_t671 + 2);
										 *_t671 =  *_t671 ^  *(_t670 + 0x50);
										__eflags =  *_t671;
									}
									_t671 = _t671 +  *(_t671 + 0x1c) + 0x20;
									__eflags = _t671 -  *((intOrPtr*)(_t570 + 0x28));
									if(_t671 ==  *((intOrPtr*)(_t570 + 0x28))) {
										L170:
										_v24 = _t532;
										goto L174;
									} else {
										__eflags =  *(_t670 + 0x4c) - _t532;
										if( *(_t670 + 0x4c) != _t532) {
											 *_t671 =  *_t671 ^  *(_t670 + 0x50);
											__eflags =  *(_t671 + 3) - ( *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671);
											if(__eflags != 0) {
												_push(_t532);
												_push(_t671);
												_push(_t670);
												E01694BBA(_t532, _t670, _t671, __eflags);
											}
										}
										__eflags =  *(_t671 + 4) ^  *(_t670 + 0x54);
										if(( *(_t671 + 4) ^  *(_t670 + 0x54)) != 0) {
											_t423 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
											__eflags =  *((intOrPtr*)(_t423 + 0xc)) - _t532;
											if( *((intOrPtr*)(_t423 + 0xc)) == _t532) {
												_push("HEAP: ");
												E015EF63B();
											} else {
												E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
											}
											_push( *(_t671 + 4) & 0x0000ffff ^  *(_t670 + 0x54) & 0x0000ffff);
											_push(_t671);
											_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
											goto L195;
										} else {
											__eflags =  *(_t670 + 0x4c) - _t532;
											if( *(_t670 + 0x4c) != _t532) {
												 *(_t671 + 3) =  *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671;
												 *_t671 =  *_t671 ^  *(_t670 + 0x50);
												__eflags =  *_t671;
											}
											goto L170;
										}
									}
								}
							}
							__eflags = _t380 & 0x00000004;
							if((_t380 & 0x00000004) == 0) {
								goto L154;
							}
							_t534 = _a4 + 0xfffffff0;
							__eflags = _t380 & 0x00000002;
							if((_t380 & 0x00000002) != 0) {
								__eflags = _t534 - 4;
								if(_t534 > 4) {
									_t534 = _t534 - 4;
									__eflags = _t534;
								}
							}
							__eflags = _t380 & 0x00000008;
							if((_t380 & 0x00000008) == 0) {
								_t450 = E01605770(_t671 + 0x10, _t534, 0xfeeefeee);
								_v40 = _t450;
								__eflags = _t450 - _t534;
								if(_t450 != _t534) {
									_t452 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									__eflags =  *(_t452 + 0xc);
									if( *(_t452 + 0xc) == 0) {
										_push("HEAP: ");
										E015EF63B();
									} else {
										E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
									}
									_push(_t671 + 8 + _v40);
									E015EF63B("Free Heap block %p modified at %p after it was freed\n", _t671);
									__eflags =  *(_t670 + 0x4c);
									goto L184;
								}
								_t532 = 0;
								__eflags = 0;
								goto L154;
							} else {
								_t535 =  *(_t671 + 0xc);
								_t463 = _t671 + 8;
								_t627 =  *_t463;
								_v12 = _t627;
								_t628 =  *((intOrPtr*)(_t627 + 4));
								_v40 = _t535;
								_t536 =  *_t535;
								__eflags = _t536 - _t628;
								if(__eflags != 0) {
									L61:
									_push(0);
									_push(_t536);
									_push(_t628);
									_push(_t463);
									_push(_t670);
									_push(0xc);
									E01694B0C(_t536, _t568, _t628, _t670, _t671, __eflags);
									goto L174;
								}
								__eflags = _t536 - _t463;
								if(__eflags != 0) {
									goto L61;
								}
								_t465 =  *(_t670 + 0xb8);
								 *((intOrPtr*)(_t670 + 0x78)) =  *((intOrPtr*)(_t670 + 0x78)) - _t568;
								__eflags = _t465;
								if(_t465 == 0) {
									L58:
									_t466 = _v12;
									_t582 = _v40;
									 *_t582 = _t466;
									 *((intOrPtr*)(_t466 + 4)) = _t582;
									__eflags =  *(_t671 + 2) & 0x00000008;
									if(( *(_t671 + 2) & 0x00000008) == 0) {
										L62:
										_t537 =  *_t671 & 0x0000ffff;
										 *(_t671 + 2) = 0;
										 *((char*)(_t671 + 7)) = 0;
										_t467 =  *(_t670 + 0xb8);
										_v20 = _t537;
										__eflags = _t467;
										if(_t467 != 0) {
											while(1) {
												__eflags = _t537 -  *((intOrPtr*)(_t467 + 4));
												if(_t537 <  *((intOrPtr*)(_t467 + 4))) {
													break;
												}
												_t583 =  *_t467;
												__eflags = _t583;
												if(_t583 == 0) {
													_t630 =  *((intOrPtr*)(_t467 + 4)) - 1;
													__eflags = _t630;
													_v28 = _t630;
													L75:
													_t118 = _t467 + 0x14; // 0x14
													_t584 = _t118;
													while(1) {
														_a4 = _t467;
														_v16 = _t630 -  *_t584;
														_t632 =  *((intOrPtr*)(_t467 + 0x18));
														_t468 =  *((intOrPtr*)(_t632 + 4));
														_v12 = _t632;
														__eflags = _t632 - _t468;
														if(_t632 != _t468) {
															goto L78;
														}
														L77:
														_v8 = _t632;
														L121:
														_t472 = _v8;
														__eflags = _t472;
														if(_t472 != 0) {
															L64:
															_t107 = _t670 + 0xc4; // 0xc5
															_t539 = _t107;
															__eflags = _t539 - _t472;
															if(_t539 == _t472) {
																L126:
																_t634 =  *(_t472 + 4);
																_t585 =  *_t634;
																__eflags = _t585 - _t472;
																if(_t585 != _t472) {
																	__eflags = 0;
																	_push(0);
																	_push(_t585);
																	_push(0);
																	_push(_t472);
																	_push(0);
																	_push(0xc);
																	E01694B0C(_t539, _t585, 0, _t670, _t671, 0);
																} else {
																	_t594 = _t671 + 8;
																	 *_t594 = _t472;
																	_t594[1] = _t634;
																	 *_t634 = _t594;
																	 *(_t472 + 4) = _t594;
																}
																 *((intOrPtr*)(_t670 + 0x78)) =  *((intOrPtr*)(_t670 + 0x78)) + ( *_t671 & 0x0000ffff);
																_t475 =  *(_t670 + 0xb8);
																__eflags = _t475;
																if(_t475 == 0) {
																	L150:
																	__eflags =  *(_t670 + 0x4c);
																	if( *(_t670 + 0x4c) != 0) {
																		 *(_t671 + 3) =  *(_t671 + 1) ^  *_t671 ^  *(_t671 + 2);
																		 *_t671 =  *_t671 ^  *(_t670 + 0x50);
																	}
																	goto L174;
																} else {
																	_t586 =  *_t671 & 0x0000ffff;
																	while(1) {
																		__eflags = _t586 -  *((intOrPtr*)(_t475 + 4));
																		if(_t586 <  *((intOrPtr*)(_t475 + 4))) {
																			break;
																		}
																		_t636 =  *_t475;
																		__eflags = _t636;
																		if(_t636 == 0) {
																			_t638 =  *((intOrPtr*)(_t475 + 4)) - 1;
																			__eflags = _t638;
																			L136:
																			_t588 = _t638 -  *((intOrPtr*)(_t475 + 0x14));
																			__eflags =  *(_t475 + 8);
																			_v28 = _t588;
																			if( *(_t475 + 8) != 0) {
																				_t588 = _t588 + _t588;
																				__eflags = _t588;
																			}
																			 *((intOrPtr*)(_t475 + 0xc)) =  *((intOrPtr*)(_t475 + 0xc)) + 1;
																			_t589 = _t588 << 2;
																			_a4 = _t589;
																			_t590 =  *(_t589 +  *((intOrPtr*)(_t475 + 0x20)));
																			_v40 = _t590;
																			__eflags = _t638 -  *((intOrPtr*)(_t475 + 4)) - 1;
																			if(_t638 ==  *((intOrPtr*)(_t475 + 4)) - 1) {
																				_t207 = _t475 + 0x10;
																				 *_t207 =  *(_t475 + 0x10) + 1;
																				__eflags =  *_t207;
																			}
																			__eflags = _t590;
																			if(_t590 == 0) {
																				L147:
																				 *((intOrPtr*)(_a4 +  *((intOrPtr*)(_t475 + 0x20)))) = _t671 + 8;
																				_t590 = _v40;
																				goto L148;
																			} else {
																				__eflags =  *(_t670 + 0x4c);
																				if( *(_t670 + 0x4c) == 0) {
																					_t643 =  *(_t590 - 8) & 0x0000ffff;
																				} else {
																					_t645 =  *(_t590 - 8);
																					__eflags =  *(_t670 + 0x4c) & _t645;
																					if(( *(_t670 + 0x4c) & _t645) != 0) {
																						_t645 = _t645 ^  *(_t670 + 0x50);
																						__eflags = _t645;
																					}
																					_t643 = _t645 & 0x0000ffff;
																				}
																				__eflags = ( *_t671 & 0x0000ffff) - (_t643 & 0x0000ffff);
																				if(( *_t671 & 0x0000ffff) - (_t643 & 0x0000ffff) > 0) {
																					L148:
																					__eflags = _t590;
																					if(_t590 == 0) {
																						_t592 = _v28;
																						_t642 =  *((intOrPtr*)(_t475 + 0x1c)) + (_t592 >> 5) * 4;
																						 *_t642 =  *_t642 | 1 << (_t592 & 0x0000001f);
																						__eflags =  *_t642;
																					}
																					goto L150;
																				} else {
																					goto L147;
																				}
																			}
																		}
																		_t475 = _t636;
																	}
																	_t638 = _t586;
																	goto L136;
																}
															}
															_t646 =  *(_t670 + 0x4c);
															while(1) {
																__eflags = _t646;
																if(_t646 == 0) {
																	_t595 =  *(_t472 - 8) & 0x0000ffff;
																} else {
																	_t597 =  *(_t472 - 8);
																	_t646 =  *(_t670 + 0x4c);
																	__eflags = _t646 & _t597;
																	if((_t646 & _t597) != 0) {
																		_t597 = _t597 ^  *(_t670 + 0x50);
																		__eflags = _t597;
																	}
																	_t595 = _t597 & 0x0000ffff;
																}
																__eflags = _v20 - (_t595 & 0x0000ffff);
																if(_v20 <= (_t595 & 0x0000ffff)) {
																	goto L126;
																}
																_t472 =  *_t472;
																__eflags = _t539 - _t472;
																if(_t539 != _t472) {
																	continue;
																}
																goto L126;
															}
															goto L126;
														}
														_t467 =  *_a4;
														_t537 = _v20;
														_t584 = _t467 + 0x14;
														_t630 =  *_t584;
														_v28 = _t630;
														_a4 = _t467;
														_v16 = _t630 -  *_t584;
														_t632 =  *((intOrPtr*)(_t467 + 0x18));
														_t468 =  *((intOrPtr*)(_t632 + 4));
														_v12 = _t632;
														__eflags = _t632 - _t468;
														if(_t632 != _t468) {
															goto L78;
														}
														goto L77;
														L78:
														_t633 =  *(_t670 + 0x4c);
														__eflags = _t633;
														if(_t633 == 0) {
															_t469 =  *(_t468 - 8) & 0x0000ffff;
														} else {
															_t514 =  *(_t468 - 8);
															_t633 =  *(_t670 + 0x4c);
															__eflags = _t514 & _t633;
															if((_t514 & _t633) != 0) {
																_t514 = _t514 ^  *(_t670 + 0x50);
																__eflags = _t514;
															}
															_t469 = _t514 & 0x0000ffff;
														}
														_t471 = _v12;
														__eflags = _t537 - (_t469 & 0x0000ffff);
														if(_t537 - (_t469 & 0x0000ffff) > 0) {
															L119:
															_v8 = _t471;
															goto L121;
														} else {
															_t486 =  *_t471 - 8;
															__eflags = _t633;
															if(_t633 == 0) {
																_t487 =  *_t486 & 0x0000ffff;
															} else {
																_t513 =  *_t486;
																_t633 =  *(_t670 + 0x4c);
																__eflags = _t513 & _t633;
																if((_t513 & _t633) != 0) {
																	_t513 = _t513 ^  *(_t670 + 0x50);
																	__eflags = _t513;
																}
																_t487 = _t513 & 0x0000ffff;
															}
															__eflags = _v20 - (_t487 & 0x0000ffff);
															if(_v20 - (_t487 & 0x0000ffff) > 0) {
																_t489 = _a4;
																__eflags =  *_t489;
																if( *_t489 != 0) {
																	L105:
																	_t490 = _a4;
																	_t549 = _v16 >> 5;
																	_v12 =  *((intOrPtr*)(_t490 + 0x1c)) + _t549 * 4;
																	_t650 = ( *((intOrPtr*)(_t490 + 4)) -  *_t584 >> 5) - 1;
																	_t498 =  !((1 << (_v16 & 0x0000001f)) - 1) &  *_v12;
																	__eflags = 1;
																	if(1 != 0) {
																		L109:
																		__eflags = _t498 & 0x0000ffff;
																		if((_t498 & 0x0000ffff) == 0) {
																			_t604 = _t498 >> 0x00000010 & 0x000000ff;
																			__eflags = _t604;
																			if(_t604 == 0) {
																				_t171 = (_t498 >> 0x18) + 0x1625818; // 0x10008
																				_t501 = ( *_t171 & 0x000000ff) + 0x18;
																				__eflags = _t501;
																			} else {
																				_t170 = _t604 + 0x1625818; // 0x10008
																				_t501 = ( *_t170 & 0x000000ff) + 0x10;
																			}
																		} else {
																			_t652 = _t498 & 0x000000ff;
																			__eflags = _t652;
																			if(_t652 == 0) {
																				_t169 = (_t498 >> 0x00000008 & 0x000000ff) + 0x1625818; // 0x10008
																				_t501 = ( *_t169 & 0x000000ff) + 8;
																			} else {
																				_t168 = _t652 + 0x1625818; // 0x10008
																				_t501 =  *_t168 & 0x000000ff;
																			}
																		}
																		_t551 = (_t549 << 5) + _t501;
																		_t502 = _a4;
																		__eflags =  *(_t502 + 8);
																		_t605 = _t551 + _t551;
																		if( *(_t502 + 8) == 0) {
																			_t605 = _t551;
																		}
																		_t471 =  *( *((intOrPtr*)(_t502 + 0x20)) + _t605 * 4);
																		goto L119;
																	} else {
																		goto L106;
																	}
																	while(1) {
																		L106:
																		__eflags = _t549 - _t650;
																		if(_t549 > _t650) {
																			break;
																		}
																		_v12 =  &(_v12[1]);
																		_t498 =  *_v12;
																		_t549 = _t549 + 1;
																		__eflags = _t498;
																		if(_t498 == 0) {
																			continue;
																		}
																		break;
																	}
																	__eflags = _t498;
																	if(_t498 == 0) {
																		_t179 =  &_v8;
																		 *_t179 = _v8 & 0x00000000;
																		__eflags =  *_t179;
																		goto L121;
																	}
																	goto L109;
																}
																__eflags = _v28 - _t489[1] - 1;
																if(_v28 != _t489[1] - 1) {
																	goto L105;
																}
																_t607 = _a4;
																__eflags =  *(_t607 + 8);
																_t511 = _v16;
																if( *(_t607 + 8) != 0) {
																	_t511 = _t511 + _t511;
																	__eflags = _t511;
																}
																_t471 =  *( *((intOrPtr*)(_t607 + 0x20)) + _t511 * 4);
																while(1) {
																	__eflags = _v12 - _t471;
																	if(_v12 == _t471) {
																		goto L121;
																	}
																	__eflags = _t633;
																	if(_t633 == 0) {
																		_t609 =  *(_t471 - 8) & 0x0000ffff;
																	} else {
																		_t611 =  *(_t471 - 8);
																		_t633 =  *(_t670 + 0x4c);
																		__eflags = _t611 & _t633;
																		if((_t611 & _t633) != 0) {
																			_t611 = _t611 ^  *(_t670 + 0x50);
																			__eflags = _t611;
																		}
																		_t609 = _t611 & 0x0000ffff;
																	}
																	__eflags = _v20 - (_t609 & 0x0000ffff);
																	if(_v20 - (_t609 & 0x0000ffff) <= 0) {
																		goto L119;
																	} else {
																		_t471 =  *_t471;
																		continue;
																	}
																	goto L105;
																}
																goto L121;
															} else {
																_t471 =  *_v12;
																goto L119;
															}
														}
													}
												}
												_t467 = _t583;
											}
											_t630 = _t537;
											_v28 = _t537;
											goto L75;
										}
										_t472 =  *(_t670 + 0xc4);
										goto L64;
									}
									_t515 = E015FC30D(_t670, _t671);
									__eflags = _t515;
									if(_t515 != 0) {
										goto L62;
									}
									E015FE4D7(_t536, _t670, _t670, _t671,  *_t671 & 0x0000ffff, 1);
									goto L174;
								}
								_t613 =  *_t671 & 0x0000ffff;
								while(1) {
									__eflags = _t613 -  *(_t465 + 4);
									if(_t613 <  *(_t465 + 4)) {
										break;
									}
									_t654 =  *_t465;
									__eflags = _t654;
									if(_t654 == 0) {
										_t536 =  *(_t465 + 4) - 1;
										__eflags = _t536;
										_a4 = _t536;
										L37:
										_t615 = _t536 -  *((intOrPtr*)(_t465 + 0x14));
										__eflags =  *(_t465 + 8);
										_v20 = _t615;
										if( *(_t465 + 8) != 0) {
											_t615 = _t615 + _t615;
											__eflags = _t615;
										}
										_t616 = _t615 << 2;
										_t656 =  *((intOrPtr*)(_t465 + 0x20)) + _t616;
										_v28 = _t616;
										 *((intOrPtr*)(_t465 + 0xc)) =  *((intOrPtr*)(_t465 + 0xc)) - 1;
										_v16 =  *_t656;
										__eflags = _t536 -  *(_t465 + 4) - 1;
										if(_t536 ==  *(_t465 + 4) - 1) {
											_t69 = _t465 + 0x10;
											 *_t69 =  *(_t465 + 0x10) - 1;
											__eflags =  *_t69;
										}
										__eflags = _v16 - _t671 + 8;
										if(_v16 != _t671 + 8) {
											goto L58;
										} else {
											__eflags =  *_t465;
											_t621 =  *(_t465 + 4);
											if( *_t465 == 0) {
												_t621 = _t621 - 1;
												__eflags = _t621;
											}
											__eflags = _a4 - _t621;
											_t622 =  *(_t671 + 8);
											if(_a4 >= _t621) {
												__eflags = _t622 -  *((intOrPtr*)(_t465 + 0x18));
												if(_t622 ==  *((intOrPtr*)(_t465 + 0x18))) {
													 *_t656 =  *_t656 & 0x00000000;
													__eflags =  *_t656;
													goto L57;
												}
												 *_t656 = _t622;
												goto L58;
											} else {
												__eflags = _t622 -  *((intOrPtr*)(_t465 + 0x18));
												if(_t622 ==  *((intOrPtr*)(_t465 + 0x18))) {
													L53:
													 *(_v28 +  *((intOrPtr*)(_t465 + 0x20))) =  *(_v28 +  *((intOrPtr*)(_t465 + 0x20))) & 0x00000000;
													L57:
													_t623 = _v20;
													_t519 =  *((intOrPtr*)(_t465 + 0x1c)) + (_t623 >> 5) * 4;
													 *_t519 =  *_t519 &  !(1 << (_t623 & 0x0000001f));
													__eflags =  *_t519;
													goto L58;
												}
												__eflags =  *(_t670 + 0x4c);
												if( *(_t670 + 0x4c) == 0) {
													_t664 =  *(_t622 - 8) & 0x0000ffff;
												} else {
													_t667 =  *(_t622 - 8);
													__eflags =  *(_t670 + 0x4c) & _t667;
													if(( *(_t670 + 0x4c) & _t667) != 0) {
														_t667 = _t667 ^  *(_t670 + 0x50);
														__eflags = _t667;
													}
													_t664 = _t667 & 0x0000ffff;
												}
												_t536 = ( *_t671 & 0x0000ffff) != (_t664 & 0x0000ffff);
												__eflags = ( *_t671 & 0x0000ffff) != (_t664 & 0x0000ffff);
												if(( *_t671 & 0x0000ffff) != (_t664 & 0x0000ffff)) {
													goto L53;
												} else {
													 *(_v28 +  *((intOrPtr*)(_t465 + 0x20))) = _t622;
													goto L58;
												}
											}
										}
									}
									_t465 = _t654;
								}
								_t536 = _t613;
								_a4 = _t613;
								goto L37;
							}
						}
						if(_a28 == _t532) {
							L19:
							if(( *(_t671 + 2) & 0x00000004) == 0 || E0167DB95(_t568, _t670, _t671) != 0) {
								goto L155;
							} else {
								goto L183;
							}
						} else {
							if((_t380 & 0x00000002) == 0) {
								_t523 =  *(_t671 + 3) & 0xff;
							} else {
								_t523 =  *(E015FEA3F(_t671) + 2) & 0x0000ffff;
							}
							if(_t523 == _t532) {
								goto L19;
							}
							if((_t523 & 0x00008000) == 0) {
								__eflags = _t523 & 0x00000800;
								if((_t523 & 0x00000800) != 0) {
									goto L19;
								}
								__eflags = _t523 -  *((intOrPtr*)(_t670 + 0x88));
								if(_t523 >=  *((intOrPtr*)(_t670 + 0x88))) {
									goto L19;
								}
								_t626 = _a28;
								L18:
								_t568 =  *_t671 & 0x0000ffff;
								 *((intOrPtr*)(_t626 + (_t523 & 0x0000ffff) * 4)) =  *((intOrPtr*)(_t626 + (_t523 & 0x0000ffff) * 4)) + ( *_t671 & 0x0000ffff);
								goto L19;
							}
							_t523 = _t523 & 0x00007fff;
							_t568 = 0x81;
							if(_t523 >= 0x81) {
								goto L19;
							} else {
								_t626 = _a32;
								goto L18;
							}
						}
						L174:
						__eflags = _t671 -  *((intOrPtr*)(_a8 + 0x28));
					} while (__eflags < 0);
					_t671 = _a8;
					_t339 = 0;
					__eflags = 0;
					goto L176;
				}
			}

0x016950af
0x016950b2
0x016950b5
0x016950b8
0x016950bb
0x016950c1
0x0169572d
0x0169572d
0x01695730
0x01695733
0x0169596a
0x0169596d
0x01695970
0x00000000
0x00000000
0x0169597d
0x01695980
0x01695983
0x016959a5
0x016959aa
0x01695985
0x0169599d
0x016959a2
0x016959b0
0x016959b1
0x016959b4
0x016959b5
0x0169595d
0x0169595d
0x00000000
0x01695962
0x01695740
0x01695743
0x01695746
0x01695948
0x0169594d
0x0169574c
0x01695764
0x01695769
0x01695953
0x01695954
0x01695957
0x01695958
0x00000000
0x016950c7
0x016950c7
0x016950ca
0x016950cd
0x016950cf
0x016950d4
0x016950d9
0x016950e3
0x016950e6
0x016950e8
0x016950e9
0x016950ea
0x016950eb
0x016950eb
0x016950e6
0x016950fc
0x01695775
0x01695778
0x0169577b
0x0169579d
0x016957a2
0x0169577d
0x01695795
0x0169579a
0x016957b0
0x016957b5
0x016957b5
0x016957b7
0x016957be
0x016957c6
0x016957c6
0x016957c9
0x016957c9
0x016957d3
0x016957d9
0x016957d9
0x016957db
0x00000000
0x016957db
0x01695102
0x01695108
0x0169510b
0x01695113
0x01695116
0x0169511b
0x01695196
0x0169519a
0x0169564b
0x0169564e
0x01695653
0x01695656
0x01695656
0x01695658
0x01695658
0x0169565b
0x0169565d
0x01695675
0x0169565f
0x0169566e
0x0169566e
0x01695677
0x0169567a
0x0169567c
0x0169583e
0x01695841
0x01695844
0x01695866
0x0169586b
0x01695846
0x0169585e
0x01695863
0x01695875
0x01695876
0x01695877
0x00000000
0x01695682
0x01695682
0x01695686
0x01695704
0x01695707
0x01695711
0x01695717
0x01695717
0x01695717
0x01695719
0x01695719
0x00000000
0x01695719
0x01695688
0x0169568b
0x0169568d
0x01695889
0x0169588f
0x01695892
0x016958db
0x016958de
0x016958e8
0x016958ee
0x016958ee
0x016958ee
0x016958f0
0x00000000
0x016958f0
0x0169589a
0x0169589d
0x016958a0
0x016958c2
0x016958c7
0x016958a2
0x016958ba
0x016958bf
0x016958d0
0x016958d3
0x016958d4
0x0169587c
0x0169587c
0x00000000
0x01695881
0x01695693
0x01695699
0x0169569c
0x0169569f
0x016956a9
0x016956af
0x016956af
0x016956af
0x016956b4
0x016956b8
0x016956bb
0x016956ff
0x016956ff
0x00000000
0x016956bd
0x016956bd
0x016956c0
0x016956c5
0x016956cf
0x016956d2
0x016956d4
0x016956d5
0x016956d6
0x016956d7
0x016956d7
0x016956d2
0x016956e0
0x016956e4
0x016958ff
0x01695902
0x01695905
0x01695927
0x0169592c
0x01695907
0x0169591f
0x01695924
0x0169593c
0x0169593d
0x0169593e
0x00000000
0x016956ea
0x016956ea
0x016956ed
0x016956f7
0x016956fd
0x016956fd
0x016956fd
0x00000000
0x016956ed
0x016956e4
0x016956bb
0x0169567c
0x016951a0
0x016951a2
0x00000000
0x00000000
0x016951ab
0x016951ae
0x016951b0
0x016951b2
0x016951b5
0x016951b7
0x016951b7
0x016951b7
0x016951b5
0x016951ba
0x016951bc
0x01695639
0x0169563e
0x01695641
0x01695643
0x016957e8
0x016957eb
0x016957ef
0x01695811
0x01695816
0x016957f1
0x01695809
0x0169580e
0x01695823
0x0169582a
0x01695832
0x00000000
0x01695832
0x01695649
0x01695649
0x00000000
0x016951c2
0x016951c2
0x016951c5
0x016951c8
0x016951ca
0x016951cd
0x016951d0
0x016951d3
0x016951d5
0x016951d7
0x016952f3
0x016952f3
0x016952f5
0x016952f6
0x016952f7
0x016952f8
0x016952f9
0x016952fb
0x00000000
0x016952fb
0x016951dd
0x016951df
0x00000000
0x00000000
0x016951e5
0x016951eb
0x016951ee
0x016951f0
0x016952c3
0x016952c3
0x016952c6
0x016952c9
0x016952cb
0x016952ce
0x016952d2
0x01695305
0x01695305
0x01695308
0x0169530c
0x01695310
0x01695316
0x01695319
0x0169531b
0x01695359
0x01695359
0x0169535c
0x00000000
0x00000000
0x01695351
0x01695353
0x01695355
0x01695368
0x01695368
0x01695369
0x0169536c
0x0169536c
0x0169536c
0x0169536f
0x01695371
0x01695374
0x01695377
0x0169537a
0x0169537d
0x01695380
0x01695382
0x00000000
0x00000000
0x01695384
0x01695384
0x01695504
0x01695504
0x01695507
0x01695509
0x01695323
0x01695323
0x01695323
0x01695329
0x0169532b
0x0169553a
0x0169553a
0x0169553d
0x0169553f
0x01695541
0x01695552
0x01695554
0x01695555
0x01695556
0x01695557
0x01695558
0x01695559
0x0169555b
0x01695543
0x01695543
0x01695546
0x01695548
0x0169554b
0x0169554d
0x0169554d
0x01695563
0x01695566
0x0169556c
0x0169556e
0x01695610
0x01695610
0x01695614
0x01695622
0x01695628
0x01695628
0x00000000
0x01695574
0x01695574
0x01695581
0x01695581
0x01695584
0x00000000
0x00000000
0x01695579
0x0169557b
0x0169557d
0x0169558d
0x0169558d
0x0169558e
0x01695590
0x01695593
0x01695597
0x0169559a
0x0169559c
0x0169559c
0x0169559c
0x0169559e
0x016955a4
0x016955a7
0x016955aa
0x016955b1
0x016955b4
0x016955b6
0x016955b8
0x016955b8
0x016955b8
0x016955b8
0x016955bb
0x016955bd
0x016955e5
0x016955ee
0x016955f1
0x00000000
0x016955bf
0x016955bf
0x016955c3
0x016955d5
0x016955c5
0x016955c5
0x016955c8
0x016955cb
0x016955cd
0x016955cd
0x016955cd
0x016955d0
0x016955d0
0x016955e1
0x016955e3
0x016955f4
0x016955f4
0x016955f6
0x016955f8
0x01695603
0x0169560e
0x0169560e
0x0169560e
0x00000000
0x00000000
0x00000000
0x00000000
0x016955e3
0x016955bd
0x0169557f
0x0169557f
0x01695586
0x00000000
0x01695586
0x0169556e
0x01695331
0x01695334
0x01695334
0x01695336
0x01695524
0x0169533c
0x0169533c
0x0169533f
0x01695342
0x01695344
0x01695346
0x01695346
0x01695346
0x01695349
0x01695349
0x0169552b
0x0169552e
0x00000000
0x00000000
0x01695530
0x01695532
0x01695534
0x00000000
0x00000000
0x00000000
0x01695534
0x00000000
0x01695334
0x01695512
0x01695514
0x01695517
0x0169551a
0x0169551c
0x01695371
0x01695374
0x01695377
0x0169537a
0x0169537d
0x01695380
0x01695382
0x00000000
0x00000000
0x00000000
0x0169538c
0x0169538c
0x0169538f
0x01695391
0x016953a5
0x01695393
0x01695393
0x01695396
0x01695399
0x0169539b
0x0169539d
0x0169539d
0x0169539d
0x016953a0
0x016953a0
0x016953ae
0x016953b1
0x016953b3
0x016954fb
0x016954fb
0x00000000
0x016953b9
0x016953bb
0x016953be
0x016953c0
0x016953d3
0x016953c2
0x016953c2
0x016953c4
0x016953c7
0x016953c9
0x016953cb
0x016953cb
0x016953cb
0x016953ce
0x016953ce
0x016953de
0x016953e0
0x016953ec
0x016953ef
0x016953f2
0x0169544a
0x0169544a
0x0169545b
0x01695461
0x01695472
0x01695476
0x01695476
0x01695478
0x01695490
0x01695493
0x01695495
0x016954c1
0x016954c1
0x016954c7
0x016954d8
0x016954df
0x016954df
0x016954c9
0x016954c9
0x016954d0
0x016954d0
0x01695497
0x0169549e
0x0169549e
0x016954a0
0x016954b0
0x016954b7
0x016954a2
0x016954a2
0x016954a2
0x016954a2
0x016954a0
0x016954e5
0x016954e7
0x016954ea
0x016954ee
0x016954f1
0x016954f3
0x016954f3
0x016954f8
0x00000000
0x00000000
0x00000000
0x00000000
0x0169547a
0x0169547a
0x0169547a
0x0169547c
0x00000000
0x00000000
0x0169547e
0x01695485
0x01695487
0x01695488
0x0169548a
0x00000000
0x00000000
0x00000000
0x0169548a
0x0169548c
0x0169548e
0x01695500
0x01695500
0x01695500
0x00000000
0x01695500
0x00000000
0x0169548e
0x016953f8
0x016953fb
0x00000000
0x00000000
0x016953fd
0x01695400
0x01695404
0x01695407
0x01695409
0x01695409
0x01695409
0x0169540e
0x0169543f
0x0169543f
0x01695442
0x00000000
0x00000000
0x01695413
0x01695415
0x01695429
0x01695417
0x01695417
0x0169541a
0x0169541d
0x0169541f
0x01695421
0x01695421
0x01695421
0x01695424
0x01695424
0x01695435
0x01695437
0x00000000
0x0169543d
0x0169543d
0x00000000
0x0169543d
0x00000000
0x01695437
0x00000000
0x016953e2
0x016953e5
0x00000000
0x016953e5
0x016953e0
0x016953b3
0x0169536f
0x01695357
0x01695357
0x0169535e
0x01695360
0x00000000
0x01695360
0x0169531d
0x00000000
0x0169531d
0x016952d8
0x016952dd
0x016952df
0x00000000
0x00000000
0x016952e9
0x00000000
0x016952e9
0x016951f6
0x01695203
0x01695203
0x01695206
0x00000000
0x00000000
0x016951fb
0x016951fd
0x016951ff
0x01695212
0x01695212
0x01695213
0x01695216
0x01695218
0x0169521b
0x0169521f
0x01695222
0x01695224
0x01695224
0x01695224
0x01695229
0x0169522c
0x0169522e
0x01695233
0x01695236
0x0169523d
0x0169523f
0x01695241
0x01695241
0x01695241
0x01695241
0x01695247
0x0169524a
0x00000000
0x0169524c
0x0169524c
0x0169524f
0x01695252
0x01695254
0x01695254
0x01695254
0x01695255
0x01695258
0x0169525b
0x0169529d
0x016952a0
0x016952a6
0x016952a6
0x00000000
0x016952a6
0x016952a2
0x00000000
0x0169525d
0x0169525d
0x01695260
0x01695291
0x01695297
0x016952a9
0x016952a9
0x016952b4
0x016952c1
0x016952c1
0x00000000
0x016952c1
0x01695262
0x01695266
0x01695278
0x01695268
0x01695268
0x0169526b
0x0169526e
0x01695270
0x01695270
0x01695270
0x01695273
0x01695273
0x01695282
0x01695282
0x01695284
0x00000000
0x01695286
0x0169528c
0x00000000
0x0169528c
0x01695284
0x0169525b
0x0169524a
0x01695201
0x01695201
0x01695208
0x0169520a
0x00000000
0x0169520a
0x016951bc
0x01695120
0x01695178
0x0169517c
0x00000000
0x01695191
0x00000000
0x01695191
0x01695122
0x01695124
0x01695137
0x01695126
0x0169512c
0x0169512c
0x0169513d
0x00000000
0x00000000
0x01695144
0x0169515a
0x0169515f
0x00000000
0x00000000
0x01695161
0x01695168
0x00000000
0x00000000
0x0169516a
0x0169516d
0x01695173
0x01695176
0x00000000
0x01695176
0x01695146
0x0169514b
0x01695153
0x00000000
0x01695155
0x01695155
0x00000000
0x01695155
0x01695153
0x0169571c
0x0169571f
0x0169571f
0x01695728
0x0169572b
0x0169572b
0x00000000
0x0169572b

Strings

Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x), xrefs: 01695958
Heap block at %p has incorrect segment offset (%x), xrefs: 01695877
HEAP: , xrefs: 0169579D, 01695811, 01695866, 016958C2, 01695927, 01695948, 016959A5
Heap block at %p is not last block in segment (%p), xrefs: 016958D4
Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x), xrefs: 016959B5
HEAP[%wZ]: , xrefs: 0169575F, 01695790, 01695804, 01695859, 016958B5, 0169591A, 01695998
Heap block at %p has corrupted PreviousSize (%lx), xrefs: 0169593E
Heap entry %p has incorrect PreviousSize field (%04x instead of %04x), xrefs: 016957B9
Free Heap block %p modified at %p after it was freed, xrefs: 01695825

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
API String ID: 0-3591852110
Opcode ID: 13fd10b8f0db5b7195fda46e99b03000d3a91a87959f03411e9aa750e68c7086
Instruction ID: 86b2dd959041397ff74f75c3b8fc5923adaec440a8ab98c25c065f9d58573a21
Opcode Fuzzy Hash: 13fd10b8f0db5b7195fda46e99b03000d3a91a87959f03411e9aa750e68c7086
Instruction Fuzzy Hash: 23628F70600656DFDF2ACF69C884A7ABBF9FF48710B15849AE9878B751D730E842CB50

Uniqueness

Uniqueness Score: 100.00%

Function 01695C56, Relevance: 11.7, Strings: 9, Instructions: 401
UNIQUECrypto

C-Code - Quality: 56%

			E01695C56(void* __ecx, signed int _a4, char _a8) {
				signed int _v8;
				signed int _v12;
				signed int* _v16;
				signed int _v20;
				signed int _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int* _t165;
				intOrPtr _t168;
				signed short _t181;
				intOrPtr _t183;
				signed int* _t204;
				signed int _t209;
				signed int _t214;
				signed int* _t216;
				signed int _t226;
				signed int _t228;
				signed int _t233;
				intOrPtr _t235;
				intOrPtr _t246;
				intOrPtr _t257;
				signed int _t280;
				signed int* _t281;
				signed int* _t282;
				signed short _t284;
				signed short _t286;
				signed char _t288;
				intOrPtr* _t298;
				signed int _t308;
				signed int _t310;
				signed int _t312;
				signed int* _t315;
				unsigned int _t316;
				signed int* _t317;
				signed int _t318;
				signed int _t319;
				intOrPtr _t320;
				signed int _t321;
				signed int _t322;
				signed int _t323;

				_t315 = _a4;
				_v12 = 0;
				_v8 = 0;
				_v16 = _t315;
				if(E01694E46(__ecx, _t315, 0) == 0) {
					L84:
					E016959C1(_v16);
					if(_v8 != 0) {
						_a4 = _a4 & 0x00000000;
						E01632686(0xffffffff,  &_v8,  &_a4, 0x8000);
					}
					L48:
					return 0;
				}
				if(_a8 != 0 || (_t315[0x10] & 0x20000000) != 0) {
					_t308 = 0;
					_t9 =  &(_t315[0x31]); // 0x16b04ec
					_t165 = _t9;
					_t280 =  *_t165;
					_a8 = 0;
					_v24 = 0;
					while(_t165 != _t280) {
						_t280 =  *_t280;
						_a4 =  *_t317 & 0x0000ffff;
						_t288 = _t317[0];
						_v16 = _t317;
						__eflags = _t288 & 0x00000001;
						if((_t288 & 0x00000001) != 0) {
							_t168 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *(_t168 + 0xc);
							if( *(_t168 + 0xc) == 0) {
								_push("HEAP: ");
								E015EF63B();
							} else {
								E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t317);
							E015EF63B("dedicated (%04x) free list element %p is marked busy\n", _a4);
							L22:
							__eflags = _t315[0x13];
							if(_t315[0x13] != 0) {
								_t317[0] = _t317[0] ^ _t317[0] ^  *_t317;
								 *_t317 =  *_t317 ^ _t315[0x14];
							}
							goto L84;
						}
						_t181 =  *_t317 & 0x0000ffff;
						__eflags = _t181 - _v24;
						if(_t181 < _v24) {
							_t183 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *(_t183 + 0xc);
							if( *(_t183 + 0xc) == 0) {
								_push("HEAP: ");
								E015EF63B();
							} else {
								E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							E015EF63B("Non-Dedicated free list element %p is out of order\n", _t317);
							goto L22;
						}
						_t308 = 0;
						_v24 = _t181 & 0x0000ffff;
						__eflags = _t315[0x13];
						if(_t315[0x13] != 0) {
							_t317[0] = _t317[0] ^ _t288 ^  *_t317;
							 *_t317 =  *_t317 ^ _t315[0x14];
							__eflags =  *_t317;
						}
						_t29 =  &_a8;
						 *_t29 = _a8 + 1;
						__eflags =  *_t29;
						_t31 =  &(_t315[0x31]); // 0x16b04ec
						_t165 = _t31;
					}
					_a4 = 0x208 + (_t315[0x22] & 0x0000ffff) * 4;
					if( *0x16b10a4 != 0 && _t315[0x30] != _t308) {
						_push(4);
						_push(0x1000);
						_push( &_a4);
						_push(0);
						_push( &_v8);
						_push(0xffffffff);
						if(E01614EA0() >= 0) {
							_v12 = _v8 + 0x204;
						}
					}
					_t41 =  &(_t315[0x28]); // 0x16b04c8
					_t204 = _t41;
					_t318 =  *_t204;
					while(_t204 != _t318) {
						__eflags = _t315[0x13];
						_t59 = _t318 + 0x18; // 0x18
						_t281 = _t59;
						if(_t315[0x13] != 0) {
							 *_t281 =  *_t281 ^ _t315[0x14];
							__eflags = _t281[0] - (_t281[0] ^ _t281[0] ^  *_t281);
							if(__eflags != 0) {
								_push(0);
								_push(_t281);
								_push(_t315);
								E01694BBA(_t281, _t315, _t318, __eflags);
							}
						}
						_t295 = _v12;
						__eflags = _t295;
						if(_t295 == 0) {
							L39:
							__eflags =  *(_t318 + 0x1a) & 0x00000004;
							if(( *(_t318 + 0x1a) & 0x00000004) == 0) {
								L41:
								__eflags = _t315[0x13];
								if(_t315[0x13] != 0) {
									_t281[0] = _t281[0] ^ _t281[0] ^  *_t281;
									 *_t281 =  *_t281 ^ _t315[0x14];
									__eflags =  *_t281;
								}
								_t318 =  *_t318;
								_t83 =  &(_t315[0x28]); // 0x16b04c8
								_t204 = _t83;
								continue;
							}
							_t209 = E0167DB95(_t295, _t315, _t281);
							__eflags = _t209;
							if(_t209 == 0) {
								__eflags = _t315[0x13];
								if(_t315[0x13] != 0) {
									 *(_t318 + 0x1b) =  *(_t318 + 0x1a) ^  *(_t318 + 0x19) ^  *(_t318 + 0x18);
									_t95 = _t318 + 0x18;
									 *_t95 =  *(_t318 + 0x18) ^ _t315[0x14];
									__eflags =  *_t95;
								}
								goto L48;
							}
							goto L41;
						} else {
							_t214 =  *(_t318 + 0xa) & 0x0000ffff;
							__eflags = _t214;
							if(_t214 == 0) {
								goto L39;
							}
							__eflags = _t214 & 0x00008000;
							if((_t214 & 0x00008000) == 0) {
								__eflags = _t214 & 0x00000800;
								if((_t214 & 0x00000800) != 0) {
									goto L39;
								}
								__eflags = _t214 - _t315[0x22];
								if(_t214 >= _t315[0x22]) {
									goto L39;
								}
								L38:
								_t216 = _t295 + (_t214 & 0x0000ffff) * 4;
								_t295 =  *(_t318 + 0x10) >> 3;
								 *_t216 =  *_t216 + ( *(_t318 + 0x10) >> 3);
								__eflags =  *_t216;
								goto L39;
							}
							_t214 = _t214 & 0x00007fff;
							_t295 = 0x81;
							__eflags = _t214 - 0x81;
							if(_t214 >= 0x81) {
								goto L39;
							}
							_t295 = _v8;
							goto L38;
						}
					}
					_v20 = _v20 & 0x00000000;
					_v24 = _v24 & 0x00000000;
					_t88 =  &(_t315[0x2a]); // 0x16b04d0
					_t282 = _t88;
					_t319 =  *_t282;
					while(_t319 != _t282) {
						_t226 = E016950A5(_t315, _t319 - 0x10, 0,  &_v20,  &_v24,  &_v16, _v12, _v8);
						__eflags = _t226;
						if(_t226 == 0) {
							goto L84;
						}
						_t319 =  *_t319;
					}
					_t320 = _a8;
					_v16 = _t315;
					if(_t320 == _v20) {
						__eflags = _t315[0x1e] - _v24;
						if(_t315[0x1e] == _v24) {
							_t228 = _v8;
							__eflags = _t228;
							if(_t228 == 0) {
								goto L74;
							}
							_t321 = _t315[0x30];
							__eflags = _t321;
							if(_t321 == 0) {
								L68:
								_t322 = _t315[0x23];
								__eflags = _t322;
								if(_t322 == 0) {
									L73:
									_a4 = 0;
									E01632686(0xffffffff,  &_v8,  &_a4, 0x8000);
									goto L74;
								}
								_t233 = _t315[0x22] & 0x0000ffff;
								_t284 = 1;
								__eflags = 1 - _t233;
								if(1 >= _t233) {
									goto L73;
								}
								_t316 = _v12;
								while(1) {
									_t310 = _t284 & 0x0000ffff;
									_t322 = _t322 + 0x40;
									__eflags =  *((intOrPtr*)(_t316 + _t310 * 4)) -  *((intOrPtr*)(_t322 + 8));
									if( *((intOrPtr*)(_t316 + _t310 * 4)) !=  *((intOrPtr*)(_t322 + 8))) {
										break;
									}
									_t284 = _t284 + 1;
									__eflags = _t284 - _t233;
									if(_t284 < _t233) {
										continue;
									}
									goto L73;
								}
								_t235 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t235 + 0xc);
								if( *(_t235 + 0xc) == 0) {
									_push("HEAP: ");
									E015EF63B();
								} else {
									E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
								}
								_t298 = _t316 + (_t284 & 0x0000ffff) * 4;
								_push(_t298);
								_push( *_t298);
								_t323 = _t322 + 0x10;
								__eflags = _t323;
								_push( *((intOrPtr*)(_t323 - 8)));
								_push(_t323);
								E015EF63B("Tag %04x (%ws) size incorrect (%x != %x) %p\n", _t284 & 0x0000ffff);
								goto L84;
							}
							_t286 = 1;
							__eflags = 1;
							while(1) {
								_t312 = _t286 & 0x0000ffff;
								_t321 = _t321 + 0xc;
								__eflags =  *((intOrPtr*)(_t228 + _t312 * 4)) -  *((intOrPtr*)(_t321 + 8));
								if( *((intOrPtr*)(_t228 + _t312 * 4)) !=  *((intOrPtr*)(_t321 + 8))) {
									break;
								}
								_t286 = _t286 + 1;
								__eflags = _t286 - 0x81;
								if(_t286 < 0x81) {
									continue;
								}
								goto L68;
							}
							_t246 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *(_t246 + 0xc);
							if( *(_t246 + 0xc) == 0) {
								_push("HEAP: ");
								E015EF63B();
							} else {
								E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							_push( *((intOrPtr*)(_v8 + (_t286 & 0x0000ffff) * 4)));
							_push( *((intOrPtr*)(_t321 + 8)));
							E015EF63B("Pseudo Tag %04x size incorrect (%x != %x) %p\n", _t286 & 0x0000ffff);
							goto L84;
						}
						_t257 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t257 + 0xc);
						if( *(_t257 + 0xc) == 0) {
							_push("HEAP: ");
							E015EF63B();
						} else {
							E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_t315[0x1e]);
						_push(_v24);
						_push("Total size of free blocks in arena (%ld) does not match number total in heap header (%ld)\n");
						L57:
						E015EF63B();
						goto L84;
					}
					if( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) == 0) {
						_push("HEAP: ");
						E015EF63B();
					} else {
						E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t320);
					_push(_v20);
					_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
					goto L57;
				} else {
					L74:
					return 1;
				}
			}

0x01695c61
0x01695c68
0x01695c6b
0x01695c6e
0x01695c78
0x016960f4
0x016960f7
0x01696100
0x01696106
0x01696119
0x01696119
0x01695eea
0x00000000
0x01695eea
0x01695c82
0x01695c91
0x01695c93
0x01695c93
0x01695c99
0x01695c9b
0x01695c9e
0x01695d0f
0x01695cc9
0x01695ccb
0x01695cce
0x01695cd1
0x01695cd4
0x01695cd7
0x01695d6f
0x01695d72
0x01695d76
0x01695d98
0x01695d9d
0x01695d78
0x01695d90
0x01695d95
0x01695da3
0x01695dac
0x01695db4
0x01695db4
0x01695db8
0x01695dc6
0x01695dcc
0x01695dcc
0x00000000
0x01695db8
0x01695cdd
0x01695ce0
0x01695ce4
0x01695dd9
0x01695ddc
0x01695de0
0x01695e02
0x01695e07
0x01695de2
0x01695dfa
0x01695dff
0x01695e13
0x00000000
0x01695e19
0x01695ced
0x01695cef
0x01695cf2
0x01695cf5
0x01695cfe
0x01695d04
0x01695d04
0x01695d04
0x01695d06
0x01695d06
0x01695d06
0x01695d09
0x01695d09
0x01695d09
0x01695d28
0x01695d2b
0x01695d35
0x01695d37
0x01695d3f
0x01695d40
0x01695d45
0x01695d46
0x01695d4f
0x01695d59
0x01695d59
0x01695d4f
0x01695d5c
0x01695d5c
0x01695d62
0x01695eb8
0x01695e1c
0x01695e20
0x01695e20
0x01695e23
0x01695e28
0x01695e32
0x01695e35
0x01695e37
0x01695e39
0x01695e3a
0x01695e3b
0x01695e3b
0x01695e35
0x01695e40
0x01695e43
0x01695e45
0x01695e89
0x01695e89
0x01695e8d
0x01695e9a
0x01695e9a
0x01695e9e
0x01695ea8
0x01695eae
0x01695eae
0x01695eae
0x01695eb0
0x01695eb2
0x01695eb2
0x00000000
0x01695eb2
0x01695e91
0x01695e96
0x01695e98
0x01695ed2
0x01695ed6
0x01695ee1
0x01695ee7
0x01695ee7
0x01695ee7
0x01695ee7
0x00000000
0x01695ed6
0x00000000
0x01695e47
0x01695e47
0x01695e4b
0x01695e4e
0x00000000
0x00000000
0x01695e50
0x01695e55
0x01695e6b
0x01695e70
0x00000000
0x00000000
0x01695e72
0x01695e79
0x00000000
0x00000000
0x01695e7b
0x01695e7e
0x01695e84
0x01695e87
0x01695e87
0x00000000
0x01695e87
0x01695e57
0x01695e5c
0x01695e61
0x01695e64
0x00000000
0x00000000
0x01695e66
0x00000000
0x01695e66
0x01695e45
0x01695ec0
0x01695ec4
0x01695ec8
0x01695ec8
0x01695ece
0x01695f19
0x01695f0a
0x01695f0f
0x01695f11
0x00000000
0x00000000
0x01695f17
0x01695f17
0x01695f1d
0x01695f20
0x01695f26
0x01695f7b
0x01695f7e
0x01695fc7
0x01695fcc
0x01695fce
0x00000000
0x00000000
0x01695fd0
0x01695fd6
0x01695fd8
0x01695ff6
0x01695ff6
0x01695ffc
0x01695ffe
0x01696028
0x01696037
0x0169603a
0x00000000
0x0169603a
0x01696000
0x01696009
0x0169600c
0x0169600f
0x00000000
0x00000000
0x01696011
0x01696014
0x01696014
0x0169601a
0x0169601d
0x01696020
0x00000000
0x00000000
0x01696022
0x01696023
0x01696026
0x00000000
0x00000000
0x00000000
0x01696026
0x016960a3
0x016960a6
0x016960a9
0x016960cb
0x016960d0
0x016960ab
0x016960c3
0x016960c8
0x016960d9
0x016960dc
0x016960dd
0x016960df
0x016960df
0x016960e2
0x016960e5
0x016960ec
0x00000000
0x016960f1
0x01695fdc
0x01695fdc
0x01695fdd
0x01695fdd
0x01695fe3
0x01695fe6
0x01695fe9
0x00000000
0x00000000
0x01695feb
0x01695ff1
0x01695ff4
0x00000000
0x00000000
0x00000000
0x01695ff4
0x0169604e
0x01696051
0x01696054
0x01696076
0x0169607b
0x01696056
0x0169606e
0x01696073
0x01696087
0x0169608a
0x01696093
0x00000000
0x01696098
0x01695f86
0x01695f89
0x01695f8d
0x01695faf
0x01695fb4
0x01695f8f
0x01695fa7
0x01695fac
0x01695fba
0x01695fbd
0x01695fc0
0x01695f6b
0x01695f6b
0x00000000
0x01695f70
0x01695f35
0x01695f57
0x01695f5c
0x01695f37
0x01695f4f
0x01695f54
0x01695f62
0x01695f63
0x01695f66
0x00000000
0x0169603f
0x0169603f
0x00000000
0x0169603f

Strings

Pseudo Tag %04x size incorrect (%x != %x) %p, xrefs: 0169608E
dedicated (%04x) free list element %p is marked busy, xrefs: 01695DA7
HEAP: , xrefs: 01695D98, 01695E02, 01695F57, 01695FAF, 01696076, 016960CB, 016960DC, 016960DD
HEAP[%wZ]: , xrefs: 01695D8B, 01695DF5, 01695F4A, 01695FA2, 01696069, 016960BE
Number of free blocks in arena (%ld) does not match number in the free lists (%ld), xrefs: 01695F66
Non-Dedicated free list element %p is out of order, xrefs: 01695E0E
Total size of free blocks in arena (%ld) does not match number total in heap header (%ld), xrefs: 01695FC0
Tag %04x (%ws) size incorrect (%x != %x) %p, xrefs: 016960E7
RtlFreeHeap, xrefs: 01695C5E

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%x != %x) %p$RtlFreeHeap$Tag %04x (%ws) size incorrect (%x != %x) %p$Total size of free blocks in arena (%ld) does not match number total in heap header (%ld)$dedicated (%04x) free list element %p is marked busy
API String ID: 2167126740-3316276410
Opcode ID: 2c88807cc239b3c62016b386a5d5c3b1fdf5941717fe7ae2d33bd1f9f47156e4
Instruction ID: a61410406e67a98e0c3e248221a1f416277813c96d28f437c6e16d872fda4498
Opcode Fuzzy Hash: 2c88807cc239b3c62016b386a5d5c3b1fdf5941717fe7ae2d33bd1f9f47156e4
Instruction Fuzzy Hash: 5AF1E371900246EFDF26DF69C884BBABBF9FF05710F48805AE9869B251C730A946CF50

Uniqueness

Uniqueness Score: 100.00%

Function 01696500, Relevance: 10.3, Strings: 8, Instructions: 324
UNIQUECrypto

C-Code - Quality: 64%

			E01696500(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t123;
				signed int _t124;
				void* _t130;
				intOrPtr _t132;
				signed int _t145;
				signed int _t146;
				signed int _t147;
				intOrPtr _t151;
				intOrPtr _t163;
				signed int _t173;
				signed int _t174;
				signed int _t178;
				short _t184;
				signed int _t193;
				signed int _t194;
				intOrPtr _t197;
				intOrPtr _t219;
				short* _t233;
				intOrPtr _t247;
				signed int _t250;
				signed int _t252;
				signed int _t253;
				void* _t254;
				void* _t255;

				_push(0x18);
				_push(0x1621a20);
				_t123 = E01622824(__ebx, __edi, __esi);
				_t247 =  *((intOrPtr*)(_t254 + 8));
				 *((intOrPtr*)(_t254 + 8)) = _t247;
				 *((char*)(_t254 - 0x19)) = 0;
				 *(_t254 - 0x24) = 0;
				if(( *(_t247 + 0x44) & 0x01000000) == 0) {
					 *(_t254 - 4) = 0;
					 *(_t254 - 4) = 1;
					_t232 = "RtlReAllocateHeap";
					_t124 = E0162D6D2(_t247, "RtlReAllocateHeap");
					__eflags = _t124;
					if(_t124 != 0) {
						 *(_t254 + 0xc) =  *(_t254 + 0xc) |  *(_t247 + 0x44) | 0x10000100;
						_t250 =  *(_t254 + 0x14);
						__eflags = _t250;
						if(_t250 == 0) {
							_t235 = 1;
							__eflags = 1;
						} else {
							_t235 = _t250;
						}
						_t130 = ( *((intOrPtr*)(_t247 + 0x98)) + _t235 &  *(_t247 + 0x9c)) + 8;
						__eflags = _t130 - _t250;
						if(_t130 < _t250) {
							L66:
							_t132 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *(_t132 + 0xc);
							if( *(_t132 + 0xc) == 0) {
								_push("HEAP: ");
								E015EF63B();
							} else {
								E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							_push( *((intOrPtr*)(_t247 + 0x7c)));
							E015EF63B("Invalid allocation size - %x (exceeded %x)\n", _t250);
							E016959C1(0);
							_t117 = _t254 - 0x24;
							 *_t117 =  *(_t254 - 0x24) & 0x00000000;
							__eflags =  *_t117;
							goto L71;
						} else {
							__eflags = _t130 -  *((intOrPtr*)(_t247 + 0x7c));
							if(_t130 >  *((intOrPtr*)(_t247 + 0x7c))) {
								goto L66;
							}
							__eflags =  *(_t254 + 0xc) & 0x00000001;
							if(__eflags == 0) {
								E01617310(__eflags,  *((intOrPtr*)(_t247 + 0xcc)));
								 *((char*)(_t254 - 0x19)) = 1;
								_t26 = _t254 + 0xc;
								 *_t26 =  *(_t254 + 0xc) | 0x00000001;
								__eflags =  *_t26;
							}
							E01695C56(_t235, _t247, 0);
							_t252 =  *((intOrPtr*)(_t254 + 0x10)) + 0xfffffff8;
							__eflags =  *((char*)(_t252 + 7)) - 5;
							if( *((char*)(_t252 + 7)) == 5) {
								_t252 = _t252 - (( *(_t252 + 6) & 0x000000ff) << 3);
								__eflags = _t252;
							}
							_t145 = E015F5865(_t235, _t247, _t252, _t232);
							__eflags = _t145;
							if(_t145 == 0) {
								L52:
								_t146 =  *(_t254 - 0x24);
								__eflags = _t146;
								if(_t146 == 0) {
									L71:
									_t119 = _t254 - 4;
									 *_t119 =  *(_t254 - 4) & 0x00000000;
									__eflags =  *_t119;
									 *(_t254 - 4) = 0xfffffffe;
									E0169698B();
									_t123 =  *(_t254 - 0x24);
									goto L72;
								}
								__eflags = _t146 -  *0x16af8a8; // 0x0
								if(__eflags != 0) {
									_t147 = E016271D3();
									__eflags = _t147 & 0x00000800;
									if((_t147 & 0x00000800) == 0) {
										goto L71;
									}
									__eflags =  *(_t254 - 0x20) -  *0x16af8ac; // 0x0
									if(__eflags != 0) {
										goto L71;
									}
									__eflags =  *((intOrPtr*)(_t247 + 0x80)) -  *0x16af8ae; // 0x0
									if(__eflags != 0) {
										goto L71;
									}
									_t151 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									__eflags =  *(_t151 + 0xc);
									if( *(_t151 + 0xc) == 0) {
										_push("HEAP: ");
										E015EF63B();
									} else {
										E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
									}
									_push(E01684E84(_t247,  *(_t254 - 0x20)));
									_push( *(_t254 + 0x14));
									E015EF63B("Just reallocated block at %p to 0x%x bytes with tag %ws\n",  *(_t254 - 0x24));
									L58:
									E016959C1(0);
									goto L71;
								}
								_t163 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t163 + 0xc);
								if( *(_t163 + 0xc) == 0) {
									_push("HEAP: ");
									E015EF63B();
								} else {
									E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t254 + 0x14));
								E015EF63B("Just reallocated block at %p to %x bytes\n",  *0x16af8a8);
								goto L58;
							} else {
								__eflags =  *((intOrPtr*)(_t254 + 0x10)) -  *0x16af8a8; // 0x0
								if(__eflags != 0) {
									_t173 = E016271D3();
									__eflags = _t173 & 0x00000800;
									if((_t173 & 0x00000800) == 0) {
										L37:
										_t174 = E0163FBA6(_t247,  *(_t254 + 0xc),  *((intOrPtr*)(_t254 + 0x10)),  *(_t254 + 0x14));
										 *(_t254 - 0x24) = _t174;
										__eflags = _t174;
										if(_t174 != 0) {
											_t70 = _t174 - 8; // -8
											_t253 = _t70;
											__eflags =  *((char*)(_t253 + 7)) - 5;
											if( *((char*)(_t253 + 7)) == 5) {
												_t253 = _t253 - (( *(_t253 + 6) & 0x000000ff) << 3);
												__eflags = _t253;
											}
											__eflags =  *(_t247 + 0x4c);
											if( *(_t247 + 0x4c) != 0) {
												 *_t253 =  *_t253 ^  *(_t247 + 0x50);
												__eflags =  *(_t253 + 3) - ( *(_t253 + 2) ^  *(_t253 + 1) ^  *_t253);
												if(__eflags != 0) {
													_push(0);
													_push(_t253);
													_push(_t247);
													E01694BBA(_t232, _t247, _t253, __eflags);
												}
											}
											__eflags =  *(_t253 + 2) & 0x00000002;
											if(( *(_t253 + 2) & 0x00000002) == 0) {
												_t178 =  *(_t253 + 3) & 0xff;
											} else {
												_t233 = E015FEA3F(_t253);
												__eflags =  *(_t247 + 0x40) & 0x08000000;
												if(( *(_t247 + 0x40) & 0x08000000) == 0) {
													_t184 = 0;
													__eflags = 0;
												} else {
													_t184 = E0168DDF8();
												}
												 *_t233 = _t184;
												_t178 =  *(_t233 + 2) & 0x0000ffff;
											}
											 *(_t254 - 0x20) = _t178;
											__eflags =  *(_t247 + 0x4c);
											if( *(_t247 + 0x4c) != 0) {
												_t235 =  *(_t253 + 2) & 0x000000ff;
												 *(_t253 + 3) =  *(_t253 + 1) & 0x000000ff ^  *_t253 & 0x000000ff ^  *(_t253 + 2) & 0x000000ff;
												 *_t253 =  *_t253 ^  *(_t247 + 0x50);
												__eflags =  *_t253;
											}
										}
										E01694E46(_t235, _t247, 1);
										E01695C56(_t235, _t247, 0);
										goto L52;
									}
									_t232 = 0;
									__eflags =  *0x16af8ac - _t232; // 0x0
									if(__eflags == 0) {
										goto L37;
									}
									__eflags =  *(_t247 + 0x4c);
									if( *(_t247 + 0x4c) != 0) {
										 *_t252 =  *_t252 ^  *(_t247 + 0x50);
										__eflags =  *(_t252 + 3) - ( *(_t252 + 2) ^  *(_t252 + 1) ^  *_t252);
										if(__eflags != 0) {
											_push(0);
											_push(_t252);
											_push(_t247);
											E01694BBA(0, _t247, _t252, __eflags);
										}
									}
									__eflags =  *(_t252 + 2) & 0x00000002;
									if(( *(_t252 + 2) & 0x00000002) == 0) {
										_t193 =  *(_t252 + 3) & 0xff;
									} else {
										_t193 =  *(E015FEA3F(_t252) + 2) & 0x0000ffff;
									}
									 *(_t254 - 0x20) = _t193;
									__eflags =  *(_t247 + 0x4c) - _t232;
									if( *(_t247 + 0x4c) != _t232) {
										_t235 =  *(_t252 + 2) & 0x000000ff;
										 *(_t252 + 3) =  *(_t252 + 1) & 0x000000ff ^  *_t252 & 0x000000ff ^  *(_t252 + 2) & 0x000000ff;
										 *_t252 =  *_t252 ^  *(_t247 + 0x50);
										__eflags =  *_t252;
									}
									_t194 =  *(_t254 - 0x20);
									__eflags = _t194 - _t232;
									if(_t194 != _t232) {
										__eflags = _t194 -  *0x16af8ac; // 0x0
										if(__eflags != 0) {
											goto L37;
										}
										__eflags =  *((intOrPtr*)(_t247 + 0x80)) -  *0x16af8ae; // 0x0
										if(__eflags != 0) {
											goto L37;
										}
										_t197 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
										__eflags =  *((intOrPtr*)(_t197 + 0xc)) - _t232;
										if( *((intOrPtr*)(_t197 + 0xc)) == _t232) {
											_push("HEAP: ");
											E015EF63B();
										} else {
											E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
										}
										_pop(_t235);
										_push(E01684E84(_t247,  *(_t254 - 0x20)));
										_push( *(_t254 + 0x14));
										E015EF63B("About to rellocate block at %p to 0x%x bytes with tag %ws\n",  *((intOrPtr*)(_t254 + 0x10)));
										_t255 = _t255 + 0x10;
										_push(_t232);
										L36:
										E016959C1();
									}
									goto L37;
								}
								_t219 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t219 + 0xc);
								if( *(_t219 + 0xc) == 0) {
									_push("HEAP: ");
									E015EF63B();
								} else {
									E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
								}
								_pop(_t235);
								_push( *(_t254 + 0x14));
								E015EF63B("About to reallocate block at %p to %x bytes\n",  *0x16af8a8);
								_t255 = _t255 + 0xc;
								_push(0);
								goto L36;
							}
						}
					}
					 *(_t254 - 0x24) = 0;
					goto L71;
				} else {
					_push( *(_t254 + 0x14));
					_push( *((intOrPtr*)(_t254 + 0x10)));
					_push( *(_t254 + 0xc));
					_push(_t247);
					E01693A05();
					L72:
					return E01622869(_t123);
				}
			}

0x01696500
0x01696502
0x01696507
0x0169650c
0x0169650f
0x01696512
0x01696518
0x01696522
0x01696538
0x0169653b
0x01696542
0x01696549
0x0169654e
0x01696550
0x01696562
0x01696565
0x01696568
0x0169656a
0x01696572
0x01696572
0x0169656c
0x0169656c
0x0169656c
0x01696581
0x01696584
0x01696586
0x016968de
0x016968e4
0x016968e7
0x016968eb
0x0169690d
0x01696912
0x016968ed
0x01696905
0x0169690a
0x01696918
0x01696921
0x0169692b
0x01696967
0x01696967
0x01696967
0x00000000
0x0169658c
0x0169658c
0x0169658f
0x00000000
0x00000000
0x01696595
0x01696599
0x016965a1
0x016965a6
0x016965aa
0x016965aa
0x016965aa
0x016965aa
0x016965b1
0x016965b9
0x016965bc
0x016965c0
0x016965c9
0x016965c9
0x016965c9
0x016965ce
0x016965d3
0x016965d5
0x016967de
0x016967de
0x016967e1
0x016967e3
0x0169696b
0x0169696b
0x0169696b
0x0169696b
0x0169696f
0x01696976
0x0169697b
0x00000000
0x0169697b
0x016967e9
0x016967ef
0x0169684d
0x01696852
0x01696857
0x00000000
0x00000000
0x01696861
0x01696868
0x00000000
0x00000000
0x01696875
0x0169687c
0x00000000
0x00000000
0x01696888
0x0169688b
0x0169688f
0x016968b1
0x016968b6
0x01696891
0x016968a9
0x016968ae
0x016968c5
0x016968c6
0x016968d1
0x01696841
0x01696843
0x00000000
0x01696843
0x016967f7
0x016967fa
0x016967fe
0x01696820
0x01696825
0x01696800
0x01696818
0x0169681d
0x0169682b
0x01696839
0x00000000
0x016965db
0x016965de
0x016965e4
0x0169663d
0x01696642
0x01696647
0x01696730
0x0169673a
0x0169673f
0x01696742
0x01696744
0x0169674a
0x0169674a
0x0169674d
0x01696751
0x0169675a
0x0169675a
0x0169675a
0x0169675c
0x01696760
0x01696765
0x0169676f
0x01696772
0x01696774
0x01696776
0x01696777
0x01696778
0x01696778
0x01696772
0x0169677d
0x01696781
0x016967ab
0x01696783
0x01696789
0x0169678b
0x01696792
0x0169679b
0x0169679b
0x01696794
0x01696794
0x01696794
0x0169679d
0x016967a0
0x016967a0
0x016967ae
0x016967b1
0x016967b5
0x016967c0
0x016967c6
0x016967cc
0x016967cc
0x016967cc
0x016967b5
0x016967d1
0x016967d9
0x00000000
0x016967d9
0x0169664d
0x0169664f
0x01696655
0x00000000
0x00000000
0x0169665b
0x0169665e
0x01696663
0x0169666d
0x01696670
0x01696672
0x01696673
0x01696674
0x01696675
0x01696675
0x01696670
0x0169667a
0x0169667e
0x01696691
0x01696680
0x01696686
0x01696686
0x01696694
0x01696697
0x0169669a
0x016966a5
0x016966ab
0x016966b1
0x016966b1
0x016966b1
0x016966b3
0x016966b6
0x016966b9
0x016966bb
0x016966c2
0x00000000
0x00000000
0x016966cb
0x016966d2
0x00000000
0x00000000
0x016966da
0x016966dd
0x016966e0
0x01696702
0x01696707
0x016966e2
0x016966fa
0x016966ff
0x0169670c
0x01696716
0x01696717
0x01696722
0x01696727
0x0169672a
0x0169672b
0x0169672b
0x0169672b
0x00000000
0x016966b9
0x016965ec
0x016965ef
0x016965f3
0x01696615
0x0169661a
0x016965f5
0x0169660d
0x01696612
0x0169661f
0x01696620
0x0169662e
0x01696633
0x01696636
0x00000000
0x01696636
0x016965d5
0x01696586
0x01696552
0x00000000
0x01696524
0x01696524
0x01696527
0x0169652a
0x0169652d
0x0169652e
0x0169697e
0x01696983
0x01696983

Strings

Invalid allocation size - %x (exceeded %x), xrefs: 0169691C
Just reallocated block at %p to %x bytes, xrefs: 01696834
HEAP: , xrefs: 01696615, 01696702, 01696820, 016968B1, 0169690D
About to rellocate block at %p to 0x%x bytes with tag %ws, xrefs: 0169671D
HEAP[%wZ]: , xrefs: 01696608, 016966F5, 01696813, 016968A4, 01696900
Just reallocated block at %p to 0x%x bytes with tag %ws, xrefs: 016968CC
About to reallocate block at %p to %x bytes, xrefs: 01696629
RtlReAllocateHeap, xrefs: 01696542, 01696547, 016965CB

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID: About to reallocate block at %p to %x bytes$About to rellocate block at %p to 0x%x bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %x (exceeded %x)$Just reallocated block at %p to %x bytes$Just reallocated block at %p to 0x%x bytes with tag %ws$RtlReAllocateHeap
API String ID: 0-3744532478
Opcode ID: c1f3fd1f1e44b96b783e900cfe6d957815c57f5f11ec2a2fec9c1b9f070f6138
Instruction ID: 62d7e1936b96f86882ee77a050b7f27921cdef4c52f45b32bf8cac5dde0ae7dc
Opcode Fuzzy Hash: c1f3fd1f1e44b96b783e900cfe6d957815c57f5f11ec2a2fec9c1b9f070f6138
Instruction Fuzzy Hash: 45C1FE70500752AFDF26AF68CC48BAABBF9FF08710F058049F8869B291D724E851DF65

Uniqueness

Uniqueness Score: 100.00%

Function 016277C8, Relevance: 9.2, Strings: 7, Instructions: 466
UNIQUECrypto

C-Code - Quality: 88%

			E016277C8(signed short* __ecx, signed short __edx, signed short* __esi, char _a4, signed int _a8) {
				signed int _v8;
				short _v12;
				short _v24;
				intOrPtr _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				short _v42;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed short _v56;
				signed int _v60;
				signed short _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed char* _v84;
				signed int _v88;
				char _v92;
				signed int _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v144;
				intOrPtr _v148;
				char _v152;
				char _v156;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t186;
				short _t194;
				signed int _t196;
				intOrPtr _t205;
				signed char* _t206;
				signed char _t207;
				signed int _t209;
				signed short* _t210;
				void* _t214;
				signed int _t215;
				signed int _t219;
				void* _t221;
				signed int _t223;
				signed short _t227;
				signed char _t232;
				void* _t237;
				signed int _t238;
				signed short _t242;
				signed int _t253;
				void* _t254;
				signed int _t255;
				signed short _t259;
				void* _t265;
				signed int _t266;
				signed int _t270;
				signed short* _t281;
				signed int _t282;
				signed int _t283;
				signed int _t287;
				signed int _t288;
				signed int _t291;
				intOrPtr* _t296;
				intOrPtr _t297;
				signed int _t299;
				signed int* _t300;
				signed short _t304;
				signed int _t337;
				signed int* _t342;
				signed int _t345;
				signed short* _t347;
				signed int _t348;
				void* _t349;
				void* _t350;

				_t347 = __esi;
				_t186 =  *0x16a81e8; // 0x77d4aa35
				_v8 = _t186 ^ _t348;
				_v88 = _a8;
				_t345 = __edx;
				_t281 = __ecx;
				_v56 = __edx;
				_v156 = 0x40;
				E01604EC0( &_v152, 0, 0x3c);
				_t350 = _t349 + 0xc;
				_v68 =  *_t281;
				_v64 = _t281[2];
				_t337 =  &_v12;
				_v32 = _t337;
				_v40 = _t337;
				_v36 =  &_v12;
				_t194 = 2;
				_v12 = 0;
				_v44 = 0;
				_v42 = _t194;
				_t341 =  &_v68;
				_v72 = 0;
				_v60 = 0;
				_v28 = _t194;
				_v24 = _t194;
				_t282 = E0162740B(3, 0, _t194,  &_v68,  &_v156);
				if(_t282 >= 0) {
					__eflags = _a4;
					if(_a4 != 0) {
						L48:
						_t283 = 0;
						goto L7;
					}
					__eflags = _v144 - 0x14;
					_v72 = _v124;
					if(_v144 < 0x14) {
						L2:
						_t283 = 0xc0150003;
						goto L7;
					}
					__eflags = _v152 - 1;
					if(_v152 != 1) {
						goto L2;
					}
					_t205 = _v148;
					_t296 = _t205 + 0x10;
					_v52 = _t296;
					_t297 =  *_t296;
					__eflags = _t297 - _v128;
					if(_t297 > _v128) {
						goto L2;
					}
					_t342 = _t205 + 0xc;
					_v76 = _t342;
					_t341 =  *_t342;
					__eflags = _t341 - 0x1fffffff;
					if(_t341 > 0x1fffffff) {
						goto L2;
					}
					_t341 = _t341 << 3;
					_t285 = (_t282 | 0xffffffff) - _t341;
					__eflags = _t297 - (_t282 | 0xffffffff) - _t341;
					if(_t297 > (_t282 | 0xffffffff) - _t341) {
						goto L2;
					}
					_t341 = _t341 + _t297;
					__eflags = _t341 - _v128;
					if(_t341 > _v128) {
						goto L2;
					}
					_t206 = _t205 + 4;
					_v84 = _t206;
					_t207 =  *_t206;
					__eflags = _t207 & 0x00000002;
					if((_t207 & 0x00000002) == 0) {
						L26:
						_t287 =  *_v52 + _v132;
						_t209 = 0;
						 *_t345 = 0;
						_t299 =  *_v76;
						_v52 = _t299;
						__eflags = _t299;
						while(1) {
							_v48 = _t209;
							if(__eflags == 0) {
								break;
							}
							_t300 = _t287 + 4 + _t209 * 8;
							_t341 =  *_t300;
							_v76 = _t341;
							__eflags = _t341 - _v128;
							if(_t341 > _v128) {
								goto L2;
							}
							_t210 = _t287 + _t209 * 8;
							_t341 = (_t341 | 0xffffffff) -  *_t210;
							__eflags =  *_t300 - _t341;
							if( *_t300 > _t341) {
								goto L2;
							}
							__eflags =  *_t210 + _v76 - _v128;
							if( *_t210 + _v76 > _v128) {
								goto L2;
							}
							 *_t345 =  *_t345 + ( *_t210 & 0x0000ffff);
							_t209 = _v48 + 1;
							__eflags = _t209 - _v52;
						}
						_t303 = _v60;
						__eflags = _t303;
						if(_t303 != 0) {
							 *_t345 =  *_t345 + ( *_t303 & 0x0000ffff);
							__eflags =  *_t345;
						}
						_t214 = ( *_t345 & 0x0000ffff) + 2;
						__eflags = _t214 - 0xfffe;
						if(_t214 > 0xfffe) {
							L77:
							_t283 = 0xc0000106;
							goto L7;
						} else {
							_t345 =  &(_t347[4]);
							__eflags = _t345;
							if(_t345 == 0) {
								L61:
								_t215 = E015F514B(0, _t345, _t214);
								__eflags = _t215;
								if(_t215 >= 0) {
									_t303 = _v60;
									L33:
									_t347[2] =  *_t345;
									_t347[1] = _t347[8];
									__eflags = _t303;
									if(_t303 == 0) {
										L38:
										_v48 = _v48 & 0x00000000;
										__eflags = _v52;
										if(_v52 != 0) {
											while(1) {
												_t219 = _v48 << 3;
												_t304 =  *((intOrPtr*)(_t219 + _t287));
												_t345 =  *((intOrPtr*)(_t219 + _t287 + 4)) + _v132;
												_v80 = _t304;
												_t221 = ( *_t347 & 0x0000ffff) + (_t304 & 0x0000ffff) + 2;
												__eflags = _t221 - 0xfffe;
												if(_t221 > 0xfffe) {
													goto L77;
												}
												__eflags =  &(_t347[4]);
												if( &(_t347[4]) == 0) {
													L69:
													_t223 = E015F514B(0,  &(_t347[4]), _t221);
													__eflags = _t223;
													if(_t223 < 0) {
														goto L62;
													}
													L70:
													_t347[2] = _t347[4];
													E01604B80(_t347[4] + (( *_t347 & 0x0000ffff) >> 1) * 2, _t345, _v80 & 0x0000ffff);
													_t227 = _v80;
													 *_t347 =  *_t347 + _t227;
													_t347[1] =  *_t347 + _t227 + 2;
													_t303 = _t347[2];
													_t341 = 0;
													_t350 = _t350 + 0xc;
													_v48 = _v48 + 1;
													 *((short*)(_t347[2] + (( *_t347 & 0x0000ffff) >> 1) * 2)) = 0;
													__eflags = _v48 - _v52;
													if(_v48 == _v52) {
														goto L39;
													}
													continue;
												}
												__eflags = _t221 - _t347[8];
												if(_t221 <= _t347[8]) {
													goto L70;
												}
												goto L69;
											}
											goto L77;
										}
										L39:
										_t232 =  *_v84;
										_t345 = _v56;
										__eflags = _t232 & 0x00000001;
										if((_t232 & 0x00000001) != 0) {
											L46:
											__eflags =  *_v84 & 0x00000004;
											if(__eflags != 0) {
												_push(0);
												_t341 = _t347;
												_t283 = E016780CA(_t287,  &_v44, _t347, _t345, _t347, __eflags);
												__eflags = _t283;
												if(_t283 < 0) {
													goto L7;
												}
												 *_t347 = 0;
												_t237 = (_v44 & 0x0000ffff) + 2;
												__eflags = _t237 - 0xfffe;
												if(_t237 > 0xfffe) {
													goto L77;
												}
												_t288 =  &(_t347[4]);
												__eflags = _t288;
												if(_t288 == 0) {
													L84:
													_t238 = E015F514B(0, _t288, _t237);
													__eflags = _t238;
													if(_t238 < 0) {
														goto L62;
													}
													L85:
													_t347[2] =  *_t288;
													E01604B80( *_t288 + (( *_t347 & 0x0000ffff) >> 1) * 2, _v40, _v44 & 0x0000ffff);
													_t242 = _v44;
													 *_t347 =  *_t347 + _t242;
													_t347[1] =  *_t347 + _t242 + 2;
													_t341 = 0;
													 *((short*)(_t347[2] + (( *_t347 & 0x0000ffff) >> 1) * 2)) = 0;
													goto L47;
												}
												__eflags = _t237 - _t347[8];
												if(_t237 <= _t347[8]) {
													goto L85;
												}
												goto L84;
											}
											L47:
											_t195 = _v88;
											__eflags = _t195;
											if(_t195 != 0) {
												 *_t195 =  *_t195 | 0x00000002;
											}
											goto L48;
										}
										__eflags = _t232 & 0x00000008;
										if((_t232 & 0x00000008) != 0) {
											_t283 = E01627015(1,  &_v68, 0x15fa5fc,  &_v56);
											__eflags = _t283;
											if(_t283 >= 0) {
												_v68 = _v68 + 0xfffe - _v56;
												_v64 = _v64 + 2 + ((_v56 & 0x0000ffff) >> 1) * 2;
												goto L41;
											}
											__eflags = _t283 - 0xc0000225;
											if(_t283 != 0xc0000225) {
												goto L7;
											}
											_push("Status != STATUS_NOT_FOUND");
											_push(0x472);
											L75:
											_push("d:\\w7rtm\\minkernel\\ntdll\\sxsisol.cpp");
											_push("Internal error check failed");
											E0167F613(_t303, _t341);
											_t283 = 0xc00000e5;
											goto L7;
										}
										L41:
										_t253 = _v68 & 0x0000ffff;
										 *_t345 =  *_t345 + _t253;
										__eflags =  *_t345 - 0xffff;
										if( *_t345 >= 0xffff) {
											goto L77;
										}
										_t254 = ( *_t347 & 0x0000ffff) + _t253 + 2;
										__eflags = _t254 - 0xfffe;
										if(_t254 > 0xfffe) {
											goto L77;
										}
										_t287 =  &(_t347[4]);
										__eflags = _t287;
										if(_t287 == 0) {
											L78:
											_t255 = E015F514B(0, _t287, _t254);
											__eflags = _t255;
											if(_t255 >= 0) {
												L45:
												_t347[2] =  *_t287;
												E01604B80( *_t287 + (( *_t347 & 0x0000ffff) >> 1) * 2, _v64, _v68 & 0x0000ffff);
												_t259 = _v68;
												 *_t347 =  *_t347 + _t259;
												_t347[1] =  *_t347 + _t259 + 2;
												_t350 = _t350 + 0xc;
												_t341 = 0;
												__eflags = 0;
												 *((short*)(_t347[2] + (( *_t347 & 0x0000ffff) >> 1) * 2)) = 0;
												goto L46;
											}
											goto L62;
										}
										__eflags = _t254 - _t347[8];
										if(_t254 > _t347[8]) {
											goto L78;
										}
										goto L45;
									}
									 *_t347 = 0;
									_t265 = ( *_t303 & 0x0000ffff) + 2;
									__eflags = _t265 - 0xfffe;
									if(_t265 > 0xfffe) {
										goto L77;
									}
									__eflags = _t345;
									if(_t345 == 0) {
										L64:
										_t266 = E015F514B(0, _t345, _t265);
										__eflags = _t266;
										if(_t266 < 0) {
											goto L62;
										}
										_t303 = _v60;
										L37:
										_t347[2] =  *_t345;
										E01604B80( *_t345 + (( *_t347 & 0x0000ffff) >> 1) * 2,  *((intOrPtr*)(_t303 + 4)),  *_t303 & 0x0000ffff);
										_t270 = _v60;
										_t350 = _t350 + 0xc;
										_t347[1] =  *_t347 +  *_t270 + 2;
										 *_t347 =  *_t347 +  *_t270;
										_t303 = _t347[2];
										_t341 = 0;
										__eflags = 0;
										 *((short*)(_t347[2] + (( *_t347 & 0x0000ffff) >> 1) * 2)) = 0;
										goto L38;
									}
									__eflags = _t265 - _t347[8];
									if(_t265 > _t347[8]) {
										goto L64;
									}
									goto L37;
								}
								L62:
								_t283 = 0xc0000017;
								goto L7;
							}
							__eflags = _t214 - _t347[8];
							if(_t214 > _t347[8]) {
								goto L61;
							}
							goto L33;
						}
					}
					_t303 = 0;
					_v48 = 0;
					__eflags = _t207 & 0x00000004;
					if((_t207 & 0x00000004) != 0) {
						_push("sxsisol_SearchActCtxForDllName");
						_push( *((intOrPtr*)( *[fs:0x18] + 0x24)));
						L015F1ACE(0x33, 0, "[%x.%x] SXS: %s - Relative redirection plus env var expansion.\n",  *((intOrPtr*)( *[fs:0x18] + 0x20)));
						goto L2;
					}
					__eflags = _v116 & 0x00000001;
					if((_v116 & 0x00000001) != 0) {
						__eflags = _v116 & 0x00000002;
						if((_v116 & 0x00000002) != 0) {
							_push("!(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)");
							_push(0x416);
							goto L75;
						}
						_t303 = 1;
					}
					__eflags = _v116 & 0x00000002;
					if((_v116 & 0x00000002) != 0) {
						_t303 = _t303 | 0x00000002;
					}
					_t283 = E01643868(_t285, _t303, _v124, _v120,  &_v60, 0x1644208,  &_v48);
					__eflags = _t283;
					if(_t283 < 0) {
						__eflags = _t283 - 0xc0000120;
						if(_t283 == 0xc0000120) {
							__eflags = _v48;
							if(_v48 < 0) {
								_t283 = _v48;
							}
						}
						goto L7;
					} else {
						goto L26;
					}
				} else {
					__eflags = __ebx - 0xc0150001;
					if(__ebx == 0xc0150001) {
						__ebx = __ebx + 7;
					}
					L7:
					_t291 = _v36;
					_t196 = _v32;
					if(_t291 != 0) {
						if(_t291 != _t196) {
							_v88 = _t291;
							E01622F1E( &_v92);
							_t196 = _v32;
						}
						_v36 = _t196;
						_v28 = _v24;
					}
					_v40 = _t196;
					if(_t196 != 0) {
						 *_t196 = 0;
					}
					_v44 = 0;
					_t198 = _v24;
					_v42 = _v24;
					if(_v72 != 0) {
						E01642622(_t198, _v72);
					}
					return E01622F0C(_t283, _t283, _v8 ^ _t348, _t341, _t345, _t347);
				}
			}

0x016277c8
0x016277d3
0x016277da
0x016277e4
0x016277ed
0x016277f2
0x016277f4
0x016277f7
0x01627801
0x01627808
0x0162780b
0x01627813
0x01627816
0x01627819
0x0162781c
0x01627824
0x01627827
0x01627828
0x0162782c
0x01627832
0x0162783d
0x01627847
0x0162784a
0x0162784d
0x01627850
0x01627858
0x0162785c
0x0164361c
0x01643620
0x0164385c
0x0164385c
0x00000000
0x0164385c
0x01643626
0x01643630
0x01643633
0x015d81a5
0x015d81a5
0x00000000
0x015d81a5
0x01643639
0x01643640
0x00000000
0x00000000
0x01643646
0x0164364c
0x0164364f
0x01643652
0x01643654
0x01643657
0x00000000
0x00000000
0x0164365d
0x01643660
0x01643663
0x01643665
0x0164366b
0x00000000
0x00000000
0x01643671
0x01643677
0x01643679
0x0164367b
0x00000000
0x00000000
0x01643681
0x01643683
0x01643686
0x00000000
0x00000000
0x0164368c
0x0164368f
0x01643692
0x01643694
0x01643696
0x016436dc
0x016436e4
0x016436e7
0x016436e9
0x016436eb
0x016436ed
0x016436f0
0x016436f2
0x016436f2
0x016436f5
0x00000000
0x00000000
0x01653544
0x01653548
0x0165354a
0x0165354d
0x01653550
0x00000000
0x00000000
0x01653559
0x0165355c
0x0165355e
0x01653560
0x00000000
0x00000000
0x0165356b
0x0165356e
0x00000000
0x00000000
0x01653577
0x0165357c
0x0165357d
0x0165357d
0x016436fb
0x016436fe
0x01643700
0x01643705
0x01643705
0x01643705
0x0164370a
0x0164370d
0x01643712
0x016536bd
0x016536bd
0x00000000
0x01643718
0x01643718
0x0164371b
0x0164371d
0x01653585
0x01653589
0x0165358e
0x01653590
0x0165359c
0x0164372c
0x0164372e
0x01643735
0x01643739
0x0164373b
0x016437a6
0x016437a6
0x016437aa
0x016437ae
0x016535b9
0x016535bc
0x016535bf
0x016535c7
0x016535cd
0x016535d4
0x016535d8
0x016535dd
0x00000000
0x00000000
0x016535e6
0x016535e8
0x016535ef
0x016535f6
0x016535fb
0x016535fd
0x00000000
0x00000000
0x016535ff
0x0165360c
0x01653614
0x0165361c
0x01653620
0x0165362f
0x01653633
0x01653636
0x01653638
0x0165363b
0x0165363e
0x01653645
0x01653648
0x00000000
0x00000000
0x00000000
0x0165364e
0x016535ea
0x016535ed
0x00000000
0x00000000
0x00000000
0x016535ed
0x00000000
0x016535b9
0x016437b4
0x016437b7
0x016437b9
0x016437bc
0x016437be
0x01643845
0x01643848
0x0164384b
0x016536dd
0x016536e2
0x016536e9
0x016536eb
0x016536ed
0x00000000
0x00000000
0x016536f5
0x016536fc
0x016536ff
0x01653704
0x00000000
0x00000000
0x01653706
0x01653709
0x0165370b
0x01653712
0x01653716
0x0165371b
0x0165371d
0x00000000
0x00000000
0x01653723
0x01653732
0x01653739
0x01653741
0x01653745
0x01653752
0x0165375e
0x01653760
0x00000000
0x01653760
0x0165370d
0x01653710
0x00000000
0x00000000
0x00000000
0x01653710
0x01643851
0x01643851
0x01643854
0x01643856
0x015d819d
0x015d819d
0x00000000
0x01643856
0x016437c4
0x016437c6
0x01653667
0x01653669
0x0165366b
0x016536a7
0x016536b5
0x00000000
0x016536b5
0x0165366d
0x01653673
0x00000000
0x00000000
0x01653679
0x0165367e
0x01653683
0x01653683
0x01653688
0x0165368d
0x01653692
0x00000000
0x01653692
0x016437cc
0x016437cc
0x016437d0
0x016437d2
0x016437d8
0x00000000
0x00000000
0x016437e1
0x016437e5
0x016437ea
0x00000000
0x00000000
0x016437f0
0x016437f3
0x016437f5
0x016536c7
0x016536cb
0x016536d0
0x016536d2
0x01643804
0x01643813
0x0164381a
0x01643822
0x01643826
0x01643833
0x0164383c
0x0164383f
0x0164383f
0x01643841
0x00000000
0x01643841
0x00000000
0x016536d8
0x016437fb
0x016437fe
0x00000000
0x00000000
0x00000000
0x016437fe
0x0164373f
0x01643745
0x01643748
0x0164374d
0x00000000
0x00000000
0x01643753
0x01643755
0x016535a4
0x016535a8
0x016535ad
0x016535af
0x00000000
0x00000000
0x016535b1
0x01643764
0x01643766
0x01643779
0x01643781
0x01643787
0x0164378e
0x01643795
0x0164379b
0x016437a0
0x016437a0
0x016437a2
0x00000000
0x016437a2
0x0164375b
0x0164375e
0x00000000
0x00000000
0x00000000
0x0164375e
0x01653592
0x01653592
0x00000000
0x01653592
0x01643723
0x01643726
0x00000000
0x00000000
0x00000000
0x01643726
0x01643712
0x01643698
0x0164369a
0x0164369d
0x0164369f
0x016534dd
0x016534e2
0x016534f6
0x00000000
0x016534fb
0x016436a5
0x016436a9
0x01644f81
0x01644f85
0x01653517
0x0165351c
0x00000000
0x0165351c
0x01644f8d
0x01644f8d
0x016436af
0x016436b3
0x015f51c5
0x015f51c5
0x016436d2
0x016436d4
0x016436d6
0x01653526
0x0165352c
0x01653532
0x01653536
0x0165353c
0x0165353c
0x01653536
0x00000000
0x00000000
0x00000000
0x00000000
0x01627862
0x01627862
0x01627868
0x015f69fc
0x015f69fc
0x0162786e
0x0162786e
0x01627871
0x01627876
0x0162787a
0x01653507
0x0165350a
0x0165350f
0x0165350f
0x01627883
0x01627886
0x01627886
0x01627889
0x0162788e
0x01627892
0x01627892
0x0162789b
0x0162789f
0x016278a3
0x016278a7
0x015fb555
0x015fb555
0x016278bc
0x016278bc

Strings

d:\w7rtm\minkernel\ntdll\sxsisol.cpp, xrefs: 01653683
sxsisol_SearchActCtxForDllName, xrefs: 016534DD
!(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT), xrefs: 01653517
Status != STATUS_NOT_FOUND, xrefs: 01653679
[%x.%x] SXS: %s - Relative redirection plus env var expansion., xrefs: 016534EE
@, xrefs: 016277F7
Internal error check failed, xrefs: 01653688

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID: !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)$@$Internal error check failed$Status != STATUS_NOT_FOUND$[%x.%x] SXS: %s - Relative redirection plus env var expansion.$d:\w7rtm\minkernel\ntdll\sxsisol.cpp$sxsisol_SearchActCtxForDllName
API String ID: 0-4103935307
Opcode ID: acb6f226cb2221c5368553f44fa59a649210c67953756a708dda3d42bd016bb0
Instruction ID: 1f28c051f6647bf48735e6a6dd3fb81f1da636c25793fa6bb8a43ee77bce4fd8
Opcode Fuzzy Hash: acb6f226cb2221c5368553f44fa59a649210c67953756a708dda3d42bd016bb0
Instruction Fuzzy Hash: 53029E70A0021ADFDB24CFA9C891ABEB7F5FF18704F20842DE956AB351E7749945CB24

Uniqueness

Uniqueness Score: 100.00%

Function 015FE4D7, Relevance: 8.1, Strings: 6, Instructions: 602
COMMONCrypto

C-Code - Quality: 60%

			E015FE4D7(void* __ebx, void* __edi, signed int _a4, unsigned int _a8, signed int _a12, signed int _a16) {
				signed int _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				unsigned int _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				intOrPtr __esi;
				void* __ebp;
				unsigned int _t257;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t265;
				signed char _t266;
				intOrPtr _t268;
				signed int _t280;
				intOrPtr _t287;
				intOrPtr _t288;
				unsigned int _t294;
				signed char _t295;
				signed int _t304;
				unsigned int _t313;
				signed int _t314;
				intOrPtr _t322;
				intOrPtr _t334;
				signed int _t344;
				signed int _t345;
				signed int _t346;
				signed int _t347;
				signed int _t349;
				unsigned int _t350;
				unsigned int _t368;
				signed int _t369;
				intOrPtr _t377;
				intOrPtr _t391;
				signed int _t404;
				signed int _t409;
				signed int _t419;
				intOrPtr _t421;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				intOrPtr _t435;
				void* _t442;
				signed int _t453;
				intOrPtr _t455;
				signed short* _t456;
				signed short* _t457;
				void* _t459;
				signed int _t460;

				_t460 = _a4;
				_v12 = 0;
				if(( *(_t460 + 0xd0) ^  *(_t460 + 0x58)) != 0) {
					return E0162EB88(_t460, _a8, _a12);
				} else {
					__eflags = _a16;
					_push(__ebx);
					_push(__edi);
					if(_a16 != 0) {
						__ebx = _a8;
						__eflags =  *(__ebx + 2) & 0x00000008;
						if(( *(__ebx + 2) & 0x00000008) != 0) {
							 *((intOrPtr*)(__esi + 0x120)) =  *((intOrPtr*)(__esi + 0x120)) - 1;
							 &_v24 =  &_v36;
							__edx = __ebx;
							__ecx = __esi;
							__eax = E015FC2C2(__edx,  &_v36,  &_v24);
							__eflags = __al;
							if(__al != 0) {
								__eax = _v24;
								_t181 = __esi + 0x124;
								 *_t181 =  *(__esi + 0x124) - _v24;
								__eflags =  *_t181;
							}
						}
						_a4 = __ebx;
						L37:
						__al =  *((intOrPtr*)(__ebx + 6));
						__eflags = __al;
						if(__al == 0) {
							_t404 = _t460;
							_v20 = _t460;
						} else {
							__al & 0x000000ff = (__al & 0x000000ff) << 0x10;
							__ebx = __ebx & 0xffff0000;
							__ebx = __ebx - ((__al & 0x000000ff) << 0x10);
							__ebx = __ebx + 0x10000;
							__eflags = __ebx;
							_v20 = __ebx;
						}
						_t257 = _a4 + _a12 * 8;
						_v24 = _t257;
						if( *((char*)(_t257 + 7)) == 3) {
							_t459 = _t257 + 8;
							E0162F2E9(_t460, _t459);
							_v28 =  *((intOrPtr*)(_t459 + 0x10));
							 *((intOrPtr*)(_t404 + 0x30)) =  *((intOrPtr*)(_t404 + 0x30)) - 1;
							_v16 =  *(_t459 + 0x14);
							 *((intOrPtr*)(_t404 + 0x2c)) =  *((intOrPtr*)(_t404 + 0x2c)) - ( *(_t459 + 0x14) >> 0xc);
							 *((intOrPtr*)(_t460 + 0xe0)) =  *((intOrPtr*)(_t460 + 0xe0)) +  *(_t459 + 0x14);
							 *((intOrPtr*)(_t460 + 0xf0)) =  *((intOrPtr*)(_t460 + 0xf0)) - 1;
							if( *(_t459 + 0x14) >= 0x7f000) {
								 *(_t460 + 0xe4) =  *(_t460 + 0xe4) -  *(_t459 + 0x14);
							}
							_t117 = ( *(_t459 + 0x14) >> 3) + 0x20; // 0x21
							_a12 = _a12 + _t117;
							_v12 = 1;
						} else {
							_v16 = _v16 & 0x00000000;
						}
						if(( *(_a4 + 4) ^  *(_t460 + 0x54)) == 0) {
							_t441 = _a4;
							_v8 = _a4;
							_t261 = E015DF198(_t404, _a4);
							__eflags = _a16;
							_t453 = _t261;
							if(_a16 != 0) {
								__eflags = _t453;
								if(_t453 != 0) {
									goto L5;
								}
								goto L44;
							}
							L5:
							__eflags =  *0x16af9f4 - 1;
							if( *0x16af9f4 >= 1) {
								__eflags = _t453;
								if(_t453 == 0) {
									_t334 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									__eflags =  *((intOrPtr*)(_t334 + 0xc)) - _t453;
									if( *((intOrPtr*)(_t334 + 0xc)) == _t453) {
										_push("HEAP: ");
										E015EF63B();
									} else {
										E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
									}
									_push("(UCRBlock != NULL)");
									E015EF63B();
									E01694AF2(_t404, _t441, _t453, _t460, 1);
								}
							}
							__eflags = _v12;
							_t262 = _a12;
							_t409 = _a4;
							if(_v12 != 0) {
								_t263 = _t409 + _t262 * 8;
							} else {
								_t15 = _t262 * 8; // -16
								_t263 = _t409 + _t15 - 0x10;
							}
							_t265 = (_t263 & 0xfffff000) - _v8;
							__eflags = _t265;
							_a8 = _t265;
							if(_t265 == 0) {
								L87:
								__eflags =  *0x16af9f4 - 1;
								if( *0x16af9f4 >= 1) {
									__eflags = _v12;
									if(_v12 != 0) {
										_t268 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
										__eflags =  *(_t268 + 0xc);
										if( *(_t268 + 0xc) == 0) {
											_push("HEAP: ");
											E015EF63B();
										} else {
											E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
										}
										_push("(!TrailingUCR)");
										E015EF63B();
										E01694AF2(_t404, _t441, _t453, _t460, 1);
									}
								}
								L29:
								_push(_a12);
								_push(_a4);
								L58:
								_push(_t460);
								_t266 = E0162EB88();
								L66:
								return _t266;
							}
							_t280 = E01632686(0xffffffff,  &_v8,  &_a8, 0x4000);
							__eflags = _t280;
							if(_t280 < 0) {
								L91:
								_t442 = 3;
								E0162ED2C(_t460, _t442);
								__eflags = _v12;
								if(_v12 != 0) {
									E0162EE41(_t460, _t404, _v28 + 0xffffffe8, _v16, _a4,  &_a12);
								}
								goto L29;
							}
							__eflags =  *0x7ffe0380;
							if( *0x7ffe0380 != 0) {
								_t287 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t287 + 0x240) & 0x00000001;
								if(( *(_t287 + 0x240) & 0x00000001) != 0) {
									E016942AC(_t460, _v8, _a8, 5);
								}
							}
							 *((intOrPtr*)(_t460 + 0xf8)) =  *((intOrPtr*)(_t460 + 0xf8)) + 1;
							_t288 =  *((intOrPtr*)(_t453 + 0x14));
							__eflags = _t288 - 0x7f000;
							if(_t288 >= 0x7f000) {
								_t24 = _t460 + 0xe4;
								 *_t24 =  *(_t460 + 0xe4) - _t288;
								__eflags =  *_t24;
							}
							E0162F2E9(_t460, _t453);
							 *((intOrPtr*)(_t453 + 0x14)) =  *((intOrPtr*)(_t453 + 0x14)) + _a8;
							E0162EF02(_t460, _t453);
							 *((intOrPtr*)(_t404 + 0x2c)) =  *((intOrPtr*)(_t404 + 0x2c)) + (_a8 >> 0xc);
							_t294 = _a8;
							 *((intOrPtr*)(_t460 + 0xe0)) =  *((intOrPtr*)(_t460 + 0xe0)) - _t294;
							_t455 =  *((intOrPtr*)(_t453 + 0x14));
							__eflags = _t455 - 0x7f000;
							if(_t455 >= 0x7f000) {
								_t36 = _t460 + 0xe4;
								 *_t36 =  *(_t460 + 0xe4) + _t455;
								__eflags =  *_t36;
							}
							__eflags = _v12;
							if(_v12 != 0) {
								L22:
								_t295 =  *0x7ffe0380;
								__eflags = _t295;
								if(_t295 != 0) {
									__eflags =  *( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x240) & 0x00000001;
									if(__eflags != 0) {
										E01694758(__eflags, _t460, _v8, _a8,  *(_t460 + 0x78) << 3, _v12, _v16, _t295 & 0x000000ff);
									}
								}
								_t266 =  *0x7ffe038a;
								__eflags = _t266;
								if(__eflags != 0) {
									_push(_t266 & 0x000000ff);
									_push(_v16);
									_push(_v12);
									L118:
									_push( *(_t460 + 0x78) << 3);
									_push(_a8);
									_push(_v8);
									_push(_t460);
									_t266 = E01694758(_t477);
								}
								goto L66;
							}
							_t456 = _t294 + _v8;
							_t419 = _a4;
							_t456[2] =  *(_t460 + 0x54);
							_t304 = _a12;
							_t446 = _a8 + _v8;
							__eflags = _t419 + _t304 * 8 - _a8 + _v8;
							if(_t419 + _t304 * 8 == _a8 + _v8) {
								__eflags =  *(_t460 + 0x4c);
								if( *(_t460 + 0x4c) != 0) {
									_t456[1] = _t456[1] ^ _t456[0] ^  *_t456;
									 *_t456 =  *_t456 ^  *(_t460 + 0x50);
								}
								goto L22;
							}
							_t456[3] = 0;
							_t456[1] = 0;
							_t313 = (_a12 << 3) - _a8 >> 3;
							 *_t456 = _t313;
							__eflags =  *0x16af9f4 - 1;
							if( *0x16af9f4 >= 1) {
								__eflags = _t313 - 1;
								if(_t313 <= 1) {
									_t322 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									__eflags =  *(_t322 + 0xc);
									if( *(_t322 + 0xc) == 0) {
										_push("HEAP: ");
										E015EF63B();
									} else {
										E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
									}
									_push("((LONG)FreeEntry->Size > 1)");
									E015EF63B();
									E01694AF2(_t404, _t446, _t456, _t460, 1);
								}
							}
							_t456[1] = 0;
							_t421 =  *((intOrPtr*)(_t404 + 0x18));
							__eflags = _t421 - _t404;
							if(_t421 == _t404) {
								_t314 = 0;
							} else {
								_t314 = (_t456 - _t404 >> 0x10) + 1;
								_a16 = _t314;
								__eflags = _t314;
								if(__eflags <= 0) {
									L101:
									_push(0);
									_push(0);
									_push(_t404);
									_push(_t456);
									_push(_t421);
									_push(3);
									E01694B0C(_t404, _t421, _t446, _t456, _t460, __eflags);
									_t314 = _a16;
									L21:
									_t456[3] = _t314;
									E0162EB88(_t460, _t456,  *_t456 & 0x0000ffff);
									goto L22;
								}
								__eflags = _t314 - 0xfe;
								if(__eflags >= 0) {
									goto L101;
								}
							}
							goto L21;
						}
						L44:
						_t344 = _a4;
						_t124 = _t344 + 0x101f; // 0x1020
						_t453 = 0xfffff000;
						_t429 = _t124 & 0xfffff000;
						_t125 = _t344 + 0x28; // 0x29
						_v8 = _t429;
						if(_t429 == _t125) {
							_t429 = _t429 + 0x1000;
							_v8 = _t429;
						}
						_t441 = _a12;
						if(_v12 == 0) {
							_t345 = _t344 + _t441 * 8 - 0x10;
						} else {
							_t345 = _t344 + _t441 * 8;
						}
						_t346 = _t345 & _t453;
						_a8 = _t346;
						if(_t346 < _t429) {
							goto L87;
						} else {
							_t347 = _t346 - _t429;
							_a8 = _t347;
							if(_a16 != 0 ||  *((char*)(_v24 + 7)) == 3) {
								L50:
								if(_t347 == 0) {
									L54:
									if(_v12 == 0) {
										_t457 = _t347 + _t429;
										_t430 = _a4;
										_t457[2] =  *(_t460 + 0x54);
										_t349 = _a12;
										_t448 = _t430 + _t349 * 8;
										_t350 = _a8;
										_t431 = _v8;
										_t406 = _t350 + _t431;
										__eflags = _t430 + _t349 * 8 - _t350 + _t431;
										if(_t430 + _t349 * 8 == _t350 + _t431) {
											__eflags =  *(_t460 + 0x4c);
											_t404 = _v20;
											if( *(_t460 + 0x4c) != 0) {
												_t457[1] = _t457[1] ^ _t457[0] ^  *_t457;
												 *_t457 =  *_t457 ^  *(_t460 + 0x50);
												L36:
												_t350 = _a8;
												_t431 = _v8;
												goto L55;
											}
											goto L55;
										}
										_t457[3] = 0;
										_t457[1] = 0;
										_t368 = (_a12 << 3) - _a8 - _v8 + _a4 >> 3;
										 *_t457 = _t368;
										__eflags =  *0x16af9f4 - 1;
										if( *0x16af9f4 >= 1) {
											__eflags = _t368 - 1;
											if(_t368 <= 1) {
												_t377 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
												__eflags =  *(_t377 + 0xc);
												if( *(_t377 + 0xc) == 0) {
													_push("HEAP: ");
													E015EF63B();
												} else {
													E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
												}
												_push("(LONG)FreeEntry->Size > 1");
												E015EF63B();
												E01694AF2(_t406, _t448, _t457, _t460, 1);
											}
										}
										_t404 = _v20;
										_t457[1] = 0;
										_t435 =  *((intOrPtr*)(_t404 + 0x18));
										__eflags = _t435 - _t404;
										if(_t435 == _t404) {
											_t369 = 0;
											L35:
											_t457[3] = _t369;
											E0162EB88(_t460, _t457,  *_t457 & 0x0000ffff);
											goto L36;
										} else {
											_t369 = (_t457 - _t404 >> 0x10) + 1;
											_a16 = _t369;
											__eflags = _t369;
											if(__eflags <= 0) {
												L113:
												_push(0);
												_push(0);
												_push(_t404);
												_push(_t457);
												_push(_t435);
												_push(3);
												E01694B0C(_t404, _t435, _t448, _t457, _t460, __eflags);
												_t369 = _a16;
												goto L35;
											}
											__eflags = _t369 - 0xfe;
											if(__eflags >= 0) {
												goto L113;
											}
											goto L35;
										}
									}
									L55:
									E0162EE41(_t460, _t404, _t431 + 0xffffffe8, _t350, _a4,  &_v32);
									E0162EB88(_t460, _a4, _v32);
									_t357 =  *0x7ffe0380;
									if( *0x7ffe0380 != 0) {
										__eflags =  *( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x240) & 0x00000001;
										if(__eflags != 0) {
											E01694758(__eflags, _t460, _v8, _a8,  *(_t460 + 0x78) << 3, 0, 0, _t357 & 0x000000ff);
										}
									}
									_t266 =  *0x7ffe038a;
									_t477 = _t266;
									if(_t266 == 0) {
										goto L66;
									} else {
										_push(_t266 & 0x000000ff);
										_push(0);
										_push(0);
										goto L118;
									}
								}
								 *((intOrPtr*)(_t460 + 0xf8)) =  *((intOrPtr*)(_t460 + 0xf8)) + 1;
								if(E01632686(0xffffffff,  &_v8,  &_a8, 0x4000) < 0) {
									goto L91;
								}
								if( *0x7ffe0380 != 0) {
									_t391 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									__eflags =  *(_t391 + 0x240) & 0x00000001;
									if(( *(_t391 + 0x240) & 0x00000001) != 0) {
										E016942AC(_t460, _v8, _a8, 6);
									}
								}
								_t347 = _a8;
								_t429 = _v8;
								goto L54;
							} else {
								__eflags = _t347;
								if(_t347 == 0) {
									goto L29;
								}
								__eflags = _t347 -  *((intOrPtr*)(_t460 + 0x70));
								if(_t347 >=  *((intOrPtr*)(_t460 + 0x70))) {
									goto L50;
								}
								goto L29;
							}
						}
					}
					__edx = _a12;
					__eflags = __edx -  *((intOrPtr*)(__esi + 0x70));
					if(__edx <  *((intOrPtr*)(__esi + 0x70))) {
						L59:
						_push(__edx);
						_push(_a8);
						goto L58;
					}
					__eax =  *(__esi + 0x78);
					__eax =  *(__esi + 0x78) + __edx;
					__eflags = __eax -  *((intOrPtr*)(__esi + 0x74));
					if(__eax <  *((intOrPtr*)(__esi + 0x74))) {
						goto L59;
					}
					__ecx =  *((intOrPtr*)(__esi + 0x130));
					__edi =  *(__esi + 0xe0);
					__ecx =  *((intOrPtr*)(__esi + 0x130)) + 3;
					__edi =  *(__esi + 0xe0) >> __cl;
					__eflags = __eax - __edi;
					if(__eax < __edi) {
						goto L59;
					}
					__ebx = _a8;
					__eax =  &_a12;
					_a4 = E01625DD8(__esi, __ebx,  &_a12, 0);
					_t159 = _a12 - 0x201; // -512
					__ecx = _t159;
					__eflags = __ecx - 0xfbff;
					if(__ecx > 0xfbff) {
						goto L37;
					}
					__eax =  *(__esi + 0x78);
					__edi =  *(__esi + 0xe0);
					__eax =  *(__esi + 0x78) << 3;
					__edi =  *(__esi + 0xe0) - ( *(__esi + 0x78) << 3);
					__eax =  *(__esi + 0x128);
					__eax = __eax >> 3;
					__eax = __eax - (__eax >> 3);
					__eflags = __edi - __eax;
					if(__edi < __eax) {
						__ebx = __esi + 0x12c;
						__eax =  *__ebx;
						__eax = __eax >> 3;
						__eax = __eax - (__eax >> 3);
						__eflags = __edi - __eax;
						if(__edi > __eax) {
							__ecx = __esi;
							__eax = E015FC3DE(__esi);
							 *__ebx = __edi;
							 *(__esi + 0x128) = __edi;
						}
					}
					goto L66;
				}
			}

0x015fe4e0
0x015fe4ec
0x015fe4f0
0x00000000
0x015fe4f6
0x015fe4f6
0x015fe4fa
0x015fe4fb
0x015fe4fc
0x0165927e
0x01659281
0x01659285
0x01659287
0x01659291
0x01659295
0x01659297
0x01659299
0x0165929e
0x016592a0
0x016592a2
0x016592a5
0x016592a5
0x016592a5
0x016592a5
0x016592a0
0x016592ab
0x015f01fc
0x015f01fc
0x015f01ff
0x015f0201
0x015dee8e
0x015dee90
0x015f0207
0x015f020a
0x015f020d
0x015f0213
0x015f0215
0x015f0215
0x015f021b
0x015f021b
0x015f0224
0x015f022b
0x015f022e
0x015f0236
0x015f023d
0x015f0245
0x015f024b
0x015f024e
0x015f0257
0x015f025d
0x015f0263
0x015f0270
0x015f0275
0x015f0275
0x015f0284
0x015f0288
0x015f028b
0x015e1d65
0x015e1d65
0x015e1d65
0x015f029a
0x015df023
0x015df028
0x015df02b
0x015df030
0x015df034
0x015df036
0x01647212
0x01647214
0x00000000
0x00000000
0x00000000
0x0164721a
0x015df03c
0x015df03c
0x015df043
0x016592b3
0x016592b5
0x016592c1
0x016592c4
0x016592c7
0x016592e9
0x016592ee
0x016592c9
0x016592e1
0x016592e6
0x016592f4
0x016592f9
0x01659301
0x01659301
0x016592b5
0x015df049
0x015df04d
0x015df050
0x015df053
0x015df01e
0x015df055
0x015df055
0x015df055
0x015df055
0x015df05e
0x015df05e
0x015df061
0x015df064
0x0165930b
0x0165930b
0x01659312
0x01659318
0x0165931c
0x01659328
0x0165932b
0x0165932f
0x0165958d
0x01659592
0x01659335
0x0165934d
0x01659352
0x01659598
0x0165959d
0x016595a5
0x016595a5
0x0165931c
0x015e1d84
0x015e1d84
0x015e1d87
0x015f1c48
0x015f1c48
0x015f1c49
0x015fe586
0x00000000
0x015fe587
0x015df079
0x015df07e
0x015df080
0x01659358
0x0165935a
0x0165935d
0x01659362
0x01659366
0x0165937f
0x0165937f
0x00000000
0x01659366
0x015df086
0x015df08d
0x0165938f
0x01659392
0x01659399
0x016593a8
0x016593a8
0x01659399
0x015df093
0x015df099
0x015df09c
0x015df0a1
0x015df0a3
0x015df0a3
0x015df0a3
0x015df0a3
0x015df0ad
0x015df0b5
0x015df0bc
0x015df0c7
0x015df0ca
0x015df0cd
0x015df0d3
0x015df0d6
0x015df0dc
0x015df0de
0x015df0de
0x015df0de
0x015df0de
0x015df0e4
0x015df0e8
0x015df174
0x015df174
0x015df179
0x015df17b
0x01659449
0x01659450
0x0165946e
0x0165946e
0x01659450
0x015df181
0x015df186
0x015df188
0x0165947b
0x0165947c
0x0165947f
0x01659575
0x0165957b
0x0165957c
0x0165957f
0x01659582
0x01659583
0x01659583
0x00000000
0x015df188
0x015df0f1
0x015df0f8
0x015df0fb
0x015df0ff
0x015df10b
0x015df10d
0x015df10f
0x0164721f
0x01647223
0x01659432
0x01659438
0x01659438
0x00000000
0x01647223
0x015df115
0x015df119
0x015df126
0x015df129
0x015df12c
0x015df133
0x016593b2
0x016593b6
0x016593c2
0x016593c5
0x016593c9
0x016593eb
0x016593f0
0x016593cb
0x016593e3
0x016593e8
0x016593f6
0x016593fb
0x01659403
0x01659403
0x016593b6
0x015df139
0x015df13d
0x015df140
0x015df142
0x0165940d
0x015df148
0x015df14f
0x015df150
0x015df153
0x015df155
0x01659414
0x01659414
0x01659416
0x01659418
0x01659419
0x0165941a
0x0165941b
0x0165941d
0x01659422
0x015df166
0x015df166
0x015df16f
0x00000000
0x015df16f
0x015df15b
0x015df160
0x00000000
0x00000000
0x015df160
0x00000000
0x015df142
0x015f02a0
0x015f02a0
0x015f02a3
0x015f02a9
0x015f02ae
0x015f02b0
0x015f02b3
0x015f02b8
0x01647204
0x0164720a
0x0164720a
0x015f02c2
0x015f02c5
0x015e1d6e
0x015f02cb
0x015f02cb
0x015f02cb
0x015f02ce
0x015f02d0
0x015f02d5
0x00000000
0x015f02db
0x015f02db
0x015f02e1
0x015f02e4
0x015f02f3
0x015f02f5
0x015f032c
0x015f0330
0x015e1d8f
0x015e1d96
0x015e1d99
0x015e1d9d
0x015e1da0
0x015e1da3
0x015e1da6
0x015e1da9
0x015e1dac
0x015e1dae
0x0164722e
0x01647232
0x01647235
0x01659529
0x0165952f
0x015e1e1c
0x015e1e1c
0x015e1e1f
0x00000000
0x015e1e1f
0x00000000
0x0164723b
0x015e1db4
0x015e1db8
0x015e1dcb
0x015e1dce
0x015e1dd1
0x015e1dd8
0x016594b0
0x016594b4
0x016594c0
0x016594c3
0x016594c7
0x016594e9
0x016594ee
0x016594c9
0x016594e1
0x016594e6
0x016594f4
0x016594f9
0x01659501
0x01659501
0x016594b4
0x015e1dde
0x015e1de1
0x015e1de5
0x015e1de8
0x015e1dea
0x015dee98
0x015e1e0e
0x015e1e0e
0x015e1e17
0x00000000
0x015e1df0
0x015e1df7
0x015e1df8
0x015e1dfb
0x015e1dfd
0x0165950b
0x0165950b
0x0165950d
0x0165950f
0x01659510
0x01659511
0x01659512
0x01659514
0x01659519
0x00000000
0x01659519
0x015e1e03
0x015e1e08
0x00000000
0x00000000
0x00000000
0x015e1e08
0x015e1dea
0x015f0336
0x015f0344
0x015f0350
0x015f0355
0x015f035c
0x01659540
0x01659547
0x01659563
0x01659563
0x01659547
0x015f0362
0x015f0367
0x015f0369
0x00000000
0x015f036f
0x01659570
0x01659571
0x01659573
0x00000000
0x01659573
0x015f0369
0x015f02f7
0x015f0313
0x00000000
0x00000000
0x015f0320
0x0165948d
0x01659490
0x01659497
0x016594a6
0x016594a6
0x01659497
0x015f0326
0x015f0329
0x00000000
0x015e1d77
0x015e1d77
0x015e1d79
0x00000000
0x00000000
0x015e1d7b
0x015e1d7e
0x00000000
0x00000000
0x00000000
0x015e1d7e
0x015f02e4
0x015f02d5
0x015fe502
0x015fe505
0x015fe508
0x015f1c53
0x015f1c53
0x015f1c54
0x00000000
0x015f1c54
0x015fe50e
0x015fe511
0x015fe513
0x015fe516
0x00000000
0x00000000
0x015fe51c
0x015fe522
0x015fe528
0x015fe52b
0x015fe52d
0x015fe52f
0x00000000
0x00000000
0x015fe535
0x015fe53a
0x015fe545
0x015fe54b
0x015fe54b
0x015fe551
0x015fe557
0x00000000
0x00000000
0x015fe567
0x015fe56a
0x015fe570
0x015fe573
0x015fe575
0x015fe57d
0x015fe580
0x015fe582
0x015fe584
0x015fe58d
0x015fe593
0x015fe597
0x015fe59a
0x015fe59c
0x015fe59e
0x015fe5a0
0x015fe5a2
0x015fe5a7
0x015fe5a9
0x015fe5a9
0x015fe59e
0x00000000
0x015fe584

Strings

HEAP: , xrefs: 016592E9, 016593EB, 016594E9, 0165958D
(!TrailingUCR), xrefs: 01659598
(UCRBlock != NULL), xrefs: 016592F4
HEAP[%wZ]: , xrefs: 016592DC, 01659348, 016593DE, 016594DC
((LONG)FreeEntry->Size > 1), xrefs: 016593F6
(LONG)FreeEntry->Size > 1, xrefs: 016594F4

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
API String ID: 0-523794902
Opcode ID: 5b816a93a60e2e03c9dd6bb9c822a477ba99211c19f4c03a3fadace4e1ae1aa3
Instruction ID: 636d7722c7afd26fe5ab4418deef0ccbc6596f92fb24ad2307d818b153b5400b
Opcode Fuzzy Hash: 5b816a93a60e2e03c9dd6bb9c822a477ba99211c19f4c03a3fadace4e1ae1aa3
Instruction Fuzzy Hash: 2B32F33160064AEFDB25CF68C984BAE7BF5FF44314F148459E9168F292D770EA92CB60

Uniqueness

Uniqueness Score: 0.05%

Function 0162645A, Relevance: 5.1, Strings: 3, Instructions: 1399
UNIQUECrypto

C-Code - Quality: 87%

			E0162645A(void* __ecx, void* __edx, signed int _a4, signed int _a8, signed int* _a12, signed int _a16, signed short _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				signed short _v24;
				signed short* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t594;
				signed short _t596;
				signed short* _t597;
				signed char _t603;
				signed int _t612;
				signed int _t613;
				signed int _t616;
				signed int _t621;
				signed int* _t623;
				signed int* _t628;
				signed int _t635;
				signed int _t637;
				signed int* _t638;
				signed int _t645;
				signed int _t646;
				signed int _t651;
				signed short _t654;
				signed short _t656;
				signed int* _t659;
				signed int* _t662;
				unsigned int _t669;
				signed int _t671;
				signed int* _t672;
				signed int* _t679;
				signed short _t681;
				signed int _t684;
				signed short _t685;
				signed int _t686;
				signed char _t687;
				signed short _t690;
				signed int _t695;
				signed int _t696;
				signed int _t699;
				signed int _t700;
				signed int _t704;
				signed int* _t713;
				signed int _t720;
				signed int _t723;
				signed int* _t724;
				signed int _t730;
				signed int _t732;
				signed int _t733;
				signed short _t739;
				signed short _t741;
				signed int* _t744;
				signed int* _t745;
				signed int _t752;
				signed int _t756;
				signed int* _t757;
				signed int* _t764;
				signed short _t766;
				signed int _t769;
				intOrPtr _t771;
				signed int* _t789;
				void* _t790;
				signed int _t792;
				signed char _t796;
				signed short _t797;
				intOrPtr _t798;
				signed int _t801;
				signed int _t802;
				signed int _t803;
				signed short _t804;
				signed int _t805;
				signed int _t812;
				signed int _t813;
				signed short _t819;
				signed short _t821;
				signed int _t826;
				signed int _t827;
				signed int _t829;
				signed int _t831;
				signed int _t832;
				signed short _t835;
				signed short _t837;
				signed int _t840;
				signed int _t846;
				signed int _t847;
				signed int _t849;
				signed short _t850;
				signed int _t855;
				signed int _t857;
				signed int _t858;
				signed int _t859;
				signed short _t860;
				signed short _t861;
				signed int _t863;
				signed int _t865;
				signed int _t866;
				signed int _t867;
				signed short _t871;
				signed short _t873;
				signed int _t878;
				signed int _t879;
				intOrPtr* _t881;
				signed int _t882;
				signed int _t884;
				signed short _t886;
				signed int _t888;
				signed int _t891;
				signed short _t893;
				signed int _t897;
				signed int _t900;
				signed int _t901;
				signed int _t904;
				signed int _t907;
				signed int _t909;
				signed int _t910;
				signed int _t915;
				signed int _t916;
				signed int _t920;
				void* _t922;
				signed short _t923;
				void* _t924;
				intOrPtr _t925;
				void* _t926;
				signed int _t928;
				signed int* _t938;
				signed int _t939;
				signed int _t940;
				signed int _t941;
				signed short _t942;
				signed short* _t945;
				signed short _t946;
				signed int* _t948;
				void* _t952;
				signed int _t954;
				signed int* _t957;
				signed short _t959;
				signed short _t961;
				signed short _t962;
				signed short _t963;
				void* _t964;
				signed int _t965;
				signed int _t966;
				signed int _t967;
				intOrPtr _t968;
				signed short* _t972;
				unsigned int _t976;
				void* _t978;
				signed int _t980;
				signed short _t983;
				signed short _t984;
				signed short _t985;
				intOrPtr _t987;
				signed short* _t988;
				signed int _t992;
				signed short _t993;
				signed short* _t996;
				signed short _t997;
				signed int* _t999;
				void* _t1003;
				signed int _t1005;
				signed int* _t1008;
				signed short _t1010;
				signed short _t1012;
				signed short _t1013;
				signed short _t1014;
				intOrPtr _t1015;
				signed int _t1016;
				void* _t1017;
				signed int _t1019;
				signed int _t1023;
				signed short* _t1027;
				unsigned int _t1031;
				void* _t1033;
				signed int _t1035;
				signed short _t1038;
				signed short _t1039;
				signed short _t1040;
				signed int _t1041;
				signed int* _t1043;
				signed short _t1051;
				signed short _t1054;
				signed int _t1061;
				signed int _t1062;
				signed int _t1063;
				void* _t1064;
				signed int* _t1072;
				signed int _t1073;
				signed int _t1075;
				signed short* _t1080;
				signed int _t1081;
				void* _t1082;
				signed int* _t1084;
				signed int _t1086;
				signed int _t1091;
				signed int _t1093;
				void* _t1096;
				signed int* _t1098;
				signed int _t1099;
				signed int _t1101;
				signed int _t1103;
				signed int _t1104;
				void* _t1105;
				signed short* _t1106;
				signed int _t1107;
				signed int _t1109;
				signed short _t1111;
				signed short _t1113;
				signed int _t1118;
				signed int _t1120;
				signed int _t1123;
				void* _t1124;
				signed int* _t1126;
				signed int _t1129;
				signed int _t1131;

				_t922 = __edx;
				_t1062 = _a4;
				_t790 = __ecx;
				 *(_t1062 + 2) = _a8;
				 *((char*)(_t1062 + 7)) = 0;
				_t590 =  *(__ecx + 0x54) ^ _a16;
				 *(_t1062 + 4) =  *(__ecx + 0x54) ^ _a16;
				_t792 =  *(__edx + 0x18);
				_v12 = 0;
				if(_t792 != __edx) {
					_t594 = (_t1062 - __edx >> 0x10) + 1;
					__eflags = _t594;
					_a8 = _t594;
					if(__eflags <= 0) {
						L351:
						_push(0);
						_push(0);
						_push(_t922);
						_push(_t1062);
						_push(_t792);
						_push(3);
						E01694B0C(_t790, _t792, _t922, _t1062, 0, __eflags);
						_t594 = _a8;
						goto L80;
					}
					__eflags = _t594 - 0xfe;
					if(__eflags < 0) {
						goto L80;
					}
					goto L351;
				} else {
					__eflags = 0;
					L80:
					 *(_t1062 + 6) = _t594;
					_t596 = _a20;
					 *((char*)(_t1062 + 3)) = 0;
					 *_t1062 = _t596;
					_t1080 = _t1062 + _t596 * 8;
					_t796 =  *(_t790 + 0x4c) >> 0x00000014 &  *(_t790 + 0x52) ^ _t1080[1];
					_v28 = _t1080;
					__eflags = _t796 & 0x00000001;
					if((_t796 & 0x00000001) == 0) {
						do {
							__eflags =  *(_t790 + 0x4c);
							if( *(_t790 + 0x4c) != 0) {
								 *_t1080 =  *_t1080 ^  *(_t790 + 0x50);
								__eflags = _t1080[1] - (_t1080[0] ^ _t1080[1] ^  *_t1080);
								if(__eflags != 0) {
									_push(0);
									_push(_t1080);
									_push(_t790);
									E01694BBA(_t790, _t1062, _t1080, __eflags);
								}
							}
							_t923 = _t1080[6];
							_t246 =  &(_t1080[4]); // 0x8
							_t597 = _t246;
							_t797 =  *_t597;
							_v20 = _t797;
							_t798 =  *((intOrPtr*)(_t797 + 4));
							_v24 = _t923;
							_t924 =  *_t923;
							__eflags = _t924 - _t798;
							if(__eflags != 0) {
								L354:
								_push(0);
								_push(_t924);
								_push(_t798);
								_push(_t597);
								_push(_t790);
								_push(0xc);
								E01694B0C(_t790, _t798, _t924, _t1062, _t1080, __eflags);
								goto L355;
							} else {
								__eflags = _t924 - _t597;
								if(__eflags != 0) {
									goto L354;
								}
								 *((intOrPtr*)(_t790 + 0x78)) =  *((intOrPtr*)(_t790 + 0x78)) - ( *_t1080 & 0x0000ffff);
								_t684 =  *(_t790 + 0xb8);
								__eflags = _t684;
								if(_t684 == 0) {
									L185:
									_t685 = _v20;
									_t850 = _v24;
									 *_t850 = _t685;
									 *(_t685 + 4) = _t850;
									__eflags = _t1080[1] & 0x00000008;
									if((_t1080[1] & 0x00000008) != 0) {
										_t686 = E015FC30D(_t790, _t1080);
										__eflags = _t686;
										if(_t686 != 0) {
											goto L186;
										}
										E015FE4D7(_t790, _t1062, _t790, _t1080,  *_t1080 & 0x0000ffff, 1);
										L355:
										__eflags = _v12;
										if(_v12 != 0) {
											return 0;
										}
										goto L356;
									}
									L186:
									__eflags = _a12;
									if(_a12 != 0) {
										_t687 = _t1080[1];
										__eflags = _t687 & 0x00000004;
										if((_t687 & 0x00000004) != 0) {
											_t904 = ( *_t1080 & 0x0000ffff) * 8 - 0x10;
											_a8 = _t904;
											__eflags = _t687 & 0x00000002;
											if((_t687 & 0x00000002) != 0) {
												__eflags = _t904 - 4;
												if(_t904 > 4) {
													_t541 =  &_a8;
													 *_t541 = _a8 - 4;
													__eflags =  *_t541;
												}
											}
											_t544 =  &(_t1080[8]); // 0x10
											_t769 = E01605770(_t544, _a8, 0xfeeefeee);
											_a16 = _t769;
											__eflags = _t769 - _a8;
											if(_t769 != _a8) {
												_t771 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
												__eflags =  *(_t771 + 0xc);
												if( *(_t771 + 0xc) == 0) {
													_push("HEAP: ");
													E015EF63B();
												} else {
													E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
												}
												_push( &(_t1080[8]) + _a16);
												E015EF63B("HEAP: Free Heap block %lx modified at %lx after it was freed\n", _t1080);
												E016959C1(_t1080);
											}
										}
									}
									 *(_t1062 + 2) = _t1080[1];
									_t690 = _a20 + ( *_t1080 & 0x0000ffff);
									_a20 = _t690;
									__eflags = _t690 - 0xfe00;
									if(_t690 > 0xfe00) {
										E0162EB88(_t790, _t1062, _a20);
										goto L129;
									} else {
										 *_t1062 = _t690;
										__eflags = _a12;
										 *(_t1062 + 4 + _t690 * 8) =  *(_t790 + 0x54) ^ _t690;
										 *((char*)(_t1062 + 7)) = 0;
										if(_a12 != 0) {
											 *(_t1062 + 2) =  *(_t1062 + 2) & 0x000000f0;
											__eflags =  *(_t790 + 0x40) & 0x00000040;
											_t1104 = _t690 & 0x0000ffff;
											_a16 = _t1104;
											if(( *(_t790 + 0x40) & 0x00000040) != 0) {
												E01605810(_t1062 + 0x10, _t1104 * 8 - 0x10, 0xfeeefeee);
												 *(_t1062 + 2) =  *(_t1062 + 2) | 0x00000004;
											}
											_t695 =  *(_t790 + 0xb8);
											__eflags = _t695;
											if(_t695 != 0) {
												while(1) {
													__eflags = _t1104 -  *((intOrPtr*)(_t695 + 4));
													if(_t1104 <  *((intOrPtr*)(_t695 + 4))) {
														break;
													}
													_t855 =  *_t695;
													__eflags = _t855;
													if(_t855 == 0) {
														_t857 =  *((intOrPtr*)(_t695 + 4)) - 1;
														__eflags = _t857;
														_v8 = _t857;
														L293:
														_a12 = _t695;
														_t696 = _t695 + 0x14;
														__eflags = _t696;
														_a20 = _t696;
														while(1) {
															_t858 = _t857 -  *_a20;
															_t699 = _a12[6];
															_t987 =  *((intOrPtr*)(_t699 + 4));
															__eflags = _t699 - _t987;
															if(_t699 == _t987) {
																goto L262;
															}
															_t1063 =  *(_t790 + 0x4c);
															__eflags = _t1063;
															if(_t1063 == 0) {
																_t993 =  *(_t987 - 8) & 0x0000ffff;
															} else {
																_t1014 =  *(_t987 - 8);
																_t1063 =  *(_t790 + 0x4c);
																__eflags = _t1063 & _t1014;
																if((_t1063 & _t1014) != 0) {
																	_t1014 = _t1014 ^  *(_t790 + 0x50);
																	__eflags = _t1014;
																}
																_t993 = _t1014 & 0x0000ffff;
															}
															__eflags = _t1104 - (_t993 & 0x0000ffff);
															if(_t1104 - (_t993 & 0x0000ffff) <= 0) {
																_t996 =  *_t699 - 8;
																__eflags = _t1063;
																if(_t1063 == 0) {
																	_t997 =  *_t996 & 0x0000ffff;
																} else {
																	_t1013 =  *_t996;
																	_t1063 =  *(_t790 + 0x4c);
																	__eflags = _t1063 & _t1013;
																	if((_t1063 & _t1013) != 0) {
																		_t1013 = _t1013 ^  *(_t790 + 0x50);
																		__eflags = _t1013;
																	}
																	_t997 = _t1013 & 0x0000ffff;
																}
																__eflags = _a16 - (_t997 & 0x0000ffff);
																if(_a16 - (_t997 & 0x0000ffff) <= 0) {
																	_t699 =  *_t699;
																	goto L262;
																} else {
																	_t999 = _a12;
																	__eflags =  *_t999;
																	if( *_t999 != 0) {
																		L387:
																		_t713 = _a12;
																		_t1118 = _t858 >> 5;
																		_t1072 =  *((intOrPtr*)(_t713 + 0x1c)) + _t1118 * 4;
																		_t1003 = ( *((intOrPtr*)(_t713 + 4)) -  *_a20 >> 5) - 1;
																		_t720 =  !((1 << (_t858 & 0x0000001f)) - 1) &  *_t1072;
																		__eflags = 1;
																		if(1 != 0) {
																			L391:
																			__eflags = _t720 & 0x0000ffff;
																			if((_t720 & 0x0000ffff) == 0) {
																				_t878 = _t720 >> 0x00000010 & 0x000000ff;
																				__eflags = _t878;
																				if(_t878 == 0) {
																					_t572 = (_t720 >> 0x18) + 0x1625818; // 0x10008
																					_t723 = ( *_t572 & 0x000000ff) + 0x18;
																					__eflags = _t723;
																				} else {
																					_t571 = _t878 + 0x1625818; // 0x10008
																					_t723 = ( *_t571 & 0x000000ff) + 0x10;
																				}
																			} else {
																				_t1005 = _t720 & 0x000000ff;
																				__eflags = _t1005;
																				if(_t1005 == 0) {
																					_t570 = (_t720 >> 0x00000008 & 0x000000ff) + 0x1625818; // 0x10008
																					_t723 = ( *_t570 & 0x000000ff) + 8;
																				} else {
																					_t569 = _t1005 + 0x1625818; // 0x10008
																					_t723 =  *_t569 & 0x000000ff;
																				}
																			}
																			_t1120 = (_t1118 << 5) + _t723;
																			_t724 = _a12;
																			__eflags =  *(_t724 + 8);
																			_t879 = _t1120 + _t1120;
																			if( *(_t724 + 8) == 0) {
																				_t879 = _t1120;
																			}
																			_t699 =  *( *((intOrPtr*)(_t724 + 0x20)) + _t879 * 4);
																			goto L262;
																		} else {
																			goto L388;
																		}
																		while(1) {
																			L388:
																			__eflags = _t1118 - _t1003;
																			if(_t1118 > _t1003) {
																				break;
																			}
																			_t1072 =  &(_t1072[1]);
																			_t720 =  *_t1072;
																			_t1118 = _t1118 + 1;
																			__eflags = _t720;
																			if(_t720 == 0) {
																				continue;
																			}
																			break;
																		}
																		__eflags = _t720;
																		if(_t720 == 0) {
																			_a8 = _a8 & 0x00000000;
																			L317:
																			_t700 = _a8;
																			__eflags = _t700;
																			if(_t700 == 0) {
																				_t859 =  *_a12;
																				_t1104 = _a16;
																				_a12 = _t859;
																				_t860 = _t859 + 0x14;
																				_a20 = _t860;
																				_t857 =  *_t860;
																				_v8 = _t857;
																				continue;
																			}
																			goto L318;
																		}
																		goto L391;
																	}
																	__eflags = _v8 - _t999[1] - 1;
																	if(_v8 != _t999[1] - 1) {
																		goto L387;
																	}
																	_t1008 = _a12;
																	__eflags =  *(_t1008 + 8);
																	if( *(_t1008 + 8) != 0) {
																		_t858 = _t858 + _t858;
																		__eflags = _t858;
																	}
																	_t881 =  *((intOrPtr*)( *((intOrPtr*)(_t1008 + 0x20)) + _t858 * 4));
																	while(1) {
																		__eflags = _t699 - _t881;
																		if(_t699 == _t881) {
																			goto L317;
																		}
																		__eflags = _t1063;
																		if(_t1063 == 0) {
																			_t1010 =  *(_t881 - 8) & 0x0000ffff;
																		} else {
																			_t1012 =  *(_t881 - 8);
																			_t1063 =  *(_t790 + 0x4c);
																			__eflags = _t1063 & _t1012;
																			if((_t1063 & _t1012) != 0) {
																				_t1012 = _t1012 ^  *(_t790 + 0x50);
																				__eflags = _t1012;
																			}
																			_t1010 = _t1012 & 0x0000ffff;
																		}
																		__eflags = _a16 - (_t1010 & 0x0000ffff);
																		if(_a16 - (_t1010 & 0x0000ffff) <= 0) {
																			_a8 = _t881;
																			goto L317;
																		} else {
																			_t881 =  *_t881;
																			continue;
																		}
																	}
																	goto L317;
																}
															}
															L262:
															_a8 = _t699;
															goto L317;
														}
													}
													_t695 = _t855;
												}
												_t857 = _t1104;
												_v8 = _t1104;
												goto L293;
											} else {
												_t700 =  *(_t790 + 0xc4);
												L318:
												_t1105 = _t790 + 0xc4;
												__eflags = _t1105 - _t700;
												if(_t1105 == _t700) {
													L325:
													_t861 =  *(_t700 + 4);
													_t988 = _a4;
													_t1064 =  *_t861;
													_t1106 =  &(_t988[4]);
													_a12 = _t1106;
													__eflags = _t1064 - _t700;
													if(__eflags != 0) {
														_push(0);
														_push(_t1064);
														_push(0);
														_push(_t700);
														_push(0);
														_push(0xc);
														E01694B0C(_t790, 0, _t988, _t1064, _t1106, __eflags);
														_t988 = _a4;
													} else {
														 *_t1106 = _t700;
														_t1106[2] = _t861;
														 *_t861 = _t1106;
														 *(_t700 + 4) = _t1106;
													}
													 *((intOrPtr*)(_t790 + 0x78)) =  *((intOrPtr*)(_t790 + 0x78)) + ( *_t988 & 0x0000ffff);
													_t704 =  *(_t790 + 0xb8);
													__eflags = _t704;
													if(_t704 == 0) {
														L346:
														__eflags =  *(_t790 + 0x4c);
														if( *(_t790 + 0x4c) != 0) {
															_t988[1] = _t988[0] ^  *_t988 ^ _t988[1];
															 *_t988 =  *_t988 ^  *(_t790 + 0x50);
														}
														L129:
														return 1;
													} else {
														_t863 =  *_t988 & 0x0000ffff;
														while(1) {
															__eflags = _t863 -  *((intOrPtr*)(_t704 + 4));
															if(_t863 <  *((intOrPtr*)(_t704 + 4))) {
																break;
															}
															_t1107 =  *_t704;
															__eflags = _t1107;
															if(_t1107 == 0) {
																_t1109 =  *((intOrPtr*)(_t704 + 4)) - 1;
																__eflags = _t1109;
																L334:
																_t865 = _t1109 -  *((intOrPtr*)(_t704 + 0x14));
																__eflags =  *(_t704 + 8);
																_a20 = _t865;
																if( *(_t704 + 8) != 0) {
																	_t865 = _t865 + _t865;
																	__eflags = _t865;
																}
																 *((intOrPtr*)(_t704 + 0xc)) =  *((intOrPtr*)(_t704 + 0xc)) + 1;
																_t866 = _t865 << 2;
																_a8 = _t866;
																_t867 =  *(_t866 +  *((intOrPtr*)(_t704 + 0x20)));
																_a16 = _t867;
																__eflags = _t1109 -  *((intOrPtr*)(_t704 + 4)) - 1;
																if(_t1109 ==  *((intOrPtr*)(_t704 + 4)) - 1) {
																	_t500 = _t704 + 0x10;
																	 *_t500 =  *(_t704 + 0x10) + 1;
																	__eflags =  *_t500;
																}
																__eflags = _t867;
																if(_t867 == 0) {
																	L344:
																	 *((intOrPtr*)(_a8 +  *((intOrPtr*)(_t704 + 0x20)))) = _a12;
																	_t867 = _a16;
																	goto L345;
																} else {
																	__eflags =  *(_t790 + 0x4c);
																	if( *(_t790 + 0x4c) == 0) {
																		_t1111 =  *(_t867 - 8) & 0x0000ffff;
																	} else {
																		_t1113 =  *(_t867 - 8);
																		__eflags =  *(_t790 + 0x4c) & _t1113;
																		if(( *(_t790 + 0x4c) & _t1113) != 0) {
																			_t1113 = _t1113 ^  *(_t790 + 0x50);
																			__eflags = _t1113;
																		}
																		_t1111 = _t1113 & 0x0000ffff;
																	}
																	__eflags = ( *_t988 & 0x0000ffff) - (_t1111 & 0x0000ffff);
																	if(( *_t988 & 0x0000ffff) - (_t1111 & 0x0000ffff) > 0) {
																		L345:
																		__eflags = _t867;
																		if(_t867 == 0) {
																			 *( *((intOrPtr*)(_t704 + 0x1c)) + (_a20 >> 5) * 4) =  *( *((intOrPtr*)(_t704 + 0x1c)) + (_a20 >> 5) * 4) | 1;
																			_t988 = _a4;
																		}
																		goto L346;
																	} else {
																		goto L344;
																	}
																}
															}
															_t704 = _t1107;
														}
														_t1109 = _t863;
														goto L334;
													}
												}
												_t992 =  *(_t790 + 0x4c);
												while(1) {
													__eflags = _t992;
													if(_t992 == 0) {
														_t871 =  *(_t700 - 8) & 0x0000ffff;
													} else {
														_t873 =  *(_t700 - 8);
														_t992 =  *(_t790 + 0x4c);
														__eflags = _t992 & _t873;
														if((_t992 & _t873) != 0) {
															_t873 = _t873 ^  *(_t790 + 0x50);
															__eflags = _t873;
														}
														_t871 = _t873 & 0x0000ffff;
													}
													__eflags = _a16 - (_t871 & 0x0000ffff);
													if(_a16 <= (_t871 & 0x0000ffff)) {
														goto L325;
													}
													_t700 =  *_t700;
													__eflags = _t1105 - _t700;
													if(_t1105 == _t700) {
														goto L325;
													}
												}
												goto L325;
											}
										}
										_t882 = _t690 & 0x0000ffff;
										 *(_t1062 + 2) = 0;
										_t730 =  *(_t790 + 0xb8);
										_v8 = _t882;
										__eflags = _t730;
										if(_t730 != 0) {
											while(1) {
												__eflags = _t882 -  *((intOrPtr*)(_t730 + 4));
												if(_t882 <  *((intOrPtr*)(_t730 + 4))) {
													break;
												}
												_t1041 =  *_t730;
												__eflags = _t1041;
												if(_t1041 == 0) {
													_t882 =  *((intOrPtr*)(_t730 + 4)) - 1;
													break;
												}
												_t730 = _t1041;
											}
											_a12 = _t730;
											_a20 = _t882;
											_t1062 = _t730 + 0x14;
											while(1) {
												_t732 = _a12[6];
												_t1015 =  *((intOrPtr*)(_t732 + 4));
												_t884 = _a20 -  *_t1062;
												_a16 = _t732;
												__eflags = _t732 - _t1015;
												if(_t732 == _t1015) {
													goto L201;
												}
												_t1123 =  *(_t790 + 0x4c);
												__eflags = _t1123;
												if(_t1123 == 0) {
													_t739 =  *(_t1015 - 8) & 0x0000ffff;
												} else {
													_t1040 =  *(_t1015 - 8);
													_t1123 =  *(_t790 + 0x4c);
													__eflags = _t1123 & _t1040;
													if((_t1123 & _t1040) != 0) {
														_t1040 = _t1040 ^  *(_t790 + 0x50);
														__eflags = _t1040;
													}
													_t739 = _t1040 & 0x0000ffff;
												}
												_t732 = _a16;
												__eflags = _v8 - (_t739 & 0x0000ffff);
												if(_v8 - (_t739 & 0x0000ffff) <= 0) {
													L234:
													_t1027 =  *_t732 - 8;
													__eflags = _t1123;
													if(_t1123 == 0) {
														_t741 =  *_t1027 & 0x0000ffff;
													} else {
														_t1039 =  *_t1027;
														_t1123 =  *(_t790 + 0x4c);
														__eflags = _t1123 & _t1039;
														if((_t1123 & _t1039) != 0) {
															_t1039 = _t1039 ^  *(_t790 + 0x50);
															__eflags = _t1039;
														}
														_t741 = _t1039 & 0x0000ffff;
													}
													__eflags = _v8 - (_t741 & 0x0000ffff);
													if(_v8 - (_t741 & 0x0000ffff) <= 0) {
														_t732 =  *_a16;
														goto L201;
													} else {
														_t744 = _a12;
														__eflags =  *_t744;
														if( *_t744 != 0) {
															L251:
															_t745 = _a12;
															_t1031 =  *((intOrPtr*)(_t745 + 4)) -  *_t1062;
															_t1129 = _t884 >> 5;
															_t1062 =  *((intOrPtr*)(_t745 + 0x1c)) + _t1129 * 4;
															_t1033 = (_t1031 >> 5) - 1;
															_t752 =  !((1 << (_t884 & 0x0000001f)) - 1) &  *_t1062;
															__eflags = 1;
															if(1 != 0) {
																L255:
																__eflags = _t752 & 0x0000ffff;
																if((_t752 & 0x0000ffff) != 0) {
																	_t1035 = _t752 & 0x000000ff;
																	__eflags = _t1035;
																	if(_t1035 == 0) {
																		_t40 = (_t752 >> 0x00000008 & 0x000000ff) + 0x1625818; // 0x10008
																		_t756 = ( *_t40 & 0x000000ff) + 8;
																	} else {
																		_t106 = _t1035 + 0x1625818; // 0x10008
																		_t756 =  *_t106 & 0x000000ff;
																	}
																} else {
																	_t900 = _t752 >> 0x00000010 & 0x000000ff;
																	__eflags = _t900;
																	if(_t900 != 0) {
																		_t39 = _t900 + 0x1625818; // 0x10008
																		_t756 = ( *_t39 & 0x000000ff) + 0x10;
																	} else {
																		_t392 = (_t752 >> 0x18) + 0x1625818; // 0x10008
																		_t756 = ( *_t392 & 0x000000ff) + 0x18;
																		__eflags = _t756;
																	}
																}
																_t1131 = (_t1129 << 5) + _t756;
																_t757 = _a12;
																__eflags =  *(_t757 + 8);
																_t897 = _t1131 + _t1131;
																if( *(_t757 + 8) == 0) {
																	_t897 = _t1131;
																}
																_t732 =  *( *((intOrPtr*)(_t757 + 0x20)) + _t897 * 4);
																goto L201;
															} else {
																goto L252;
															}
															while(1) {
																L252:
																__eflags = _t1129 - _t1033;
																if(_t1129 > _t1033) {
																	break;
																}
																_t1062 = _t1062 + 4;
																_t752 =  *_t1062;
																_t1129 = _t1129 + 1;
																__eflags = _t752;
																if(_t752 == 0) {
																	continue;
																}
																break;
															}
															__eflags = _t752;
															if(_t752 == 0) {
																_a8 = _a8 & 0x00000000;
																L202:
																_t733 = _a8;
																__eflags = _t733;
																if(_t733 == 0) {
																	_t402 =  *_a12 + 0x14; // 0x14
																	_t1062 = _t402;
																	_a12 =  *_a12;
																	_a20 =  *_t1062;
																	continue;
																}
																L203:
																_t1124 = _t790 + 0xc4;
																__eflags = _t1124 - _t733;
																if(_t1124 != _t733) {
																	_t1016 =  *(_t790 + 0x4c);
																	while(1) {
																		__eflags = _t1016;
																		if(_t1016 == 0) {
																			_t886 =  *(_t733 - 8) & 0x0000ffff;
																		} else {
																			_t893 =  *(_t733 - 8);
																			_t1016 =  *(_t790 + 0x4c);
																			__eflags = _t1016 & _t893;
																			if((_t1016 & _t893) != 0) {
																				_t893 = _t893 ^  *(_t790 + 0x50);
																				__eflags = _t893;
																			}
																			_t886 = _t893 & 0x0000ffff;
																		}
																		__eflags = _v8 - (_t886 & 0x0000ffff);
																		if(_v8 <= (_t886 & 0x0000ffff)) {
																			goto L204;
																		}
																		_t733 =  *_t733;
																		__eflags = _t1124 - _t733;
																		if(_t1124 == _t733) {
																			goto L204;
																		} else {
																			continue;
																		}
																		goto L234;
																	}
																}
																L204:
																_t888 =  *(_t733 + 4);
																_t1017 =  *_t888;
																_t1126 = _a4 + 8;
																_a12 = _t1126;
																__eflags = _t1017 - _t733;
																if(__eflags != 0) {
																	_push(0);
																	_push(_t1017);
																	_push(0);
																	_push(_t733);
																	_push(0);
																	_push(0xc);
																	E01694B0C(_t790, 0, _t1017, _t1062, _t1126, __eflags);
																} else {
																	 *_t1126 = _t733;
																	_t1126[1] = _t888;
																	 *_t888 = _t1126;
																	 *(_t733 + 4) = _t1126;
																}
																 *((intOrPtr*)(_t790 + 0x78)) =  *((intOrPtr*)(_t790 + 0x78)) + ( *_a4 & 0x0000ffff);
																_t621 =  *(_t790 + 0xb8);
																__eflags = _t621;
																if(_t621 == 0) {
																	L127:
																	__eflags =  *(_t790 + 0x4c);
																	if( *(_t790 + 0x4c) != 0) {
																		_t623 = _a4;
																		_t623[0] = _t623[0] ^  *_t623 ^ _t623[0];
																		 *_t623 =  *_t623 ^  *(_t790 + 0x50);
																		__eflags =  *_t623;
																	}
																	goto L129;
																} else {
																	_t891 =  *_a4 & 0x0000ffff;
																	while(1) {
																		__eflags = _t891 -  *((intOrPtr*)(_t621 + 4));
																		if(_t891 <  *((intOrPtr*)(_t621 + 4))) {
																			break;
																		}
																		_t1023 =  *_t621;
																		__eflags = _t1023;
																		if(_t1023 == 0) {
																			_t891 =  *((intOrPtr*)(_t621 + 4)) - 1;
																			break;
																		}
																		_t621 = _t1023;
																	}
																	_t1019 = _t891 -  *((intOrPtr*)(_t621 + 0x14));
																	__eflags =  *(_t621 + 8);
																	_a8 = _t1019;
																	if( *(_t621 + 8) != 0) {
																		_t1019 = _t1019 + _t1019;
																		__eflags = _t1019;
																	}
																	 *((intOrPtr*)(_t621 + 0xc)) =  *((intOrPtr*)(_t621 + 0xc)) + 1;
																	_t1086 = _t1019 << 2;
																	_t1073 =  *(_t1086 +  *((intOrPtr*)(_t621 + 0x20)));
																	__eflags = _t891 -  *((intOrPtr*)(_t621 + 4)) - 1;
																	if(_t891 ==  *((intOrPtr*)(_t621 + 4)) - 1) {
																		_t335 = _t621 + 0x10;
																		 *_t335 =  *(_t621 + 0x10) + 1;
																		__eflags =  *_t335;
																	}
																	__eflags = _t1073;
																	if(_t1073 == 0) {
																		L124:
																		 *(_t1086 +  *((intOrPtr*)(_t621 + 0x20))) = _a12;
																		goto L125;
																	} else {
																		__eflags =  *(_t790 + 0x4c);
																		if( *(_t790 + 0x4c) == 0) {
																			L272:
																			_t813 =  *(_t1073 - 8) & 0x0000ffff;
																			L140:
																			__eflags = ( *_a4 & 0x0000ffff) - (_t813 & 0x0000ffff);
																			if(( *_a4 & 0x0000ffff) - (_t813 & 0x0000ffff) <= 0) {
																				goto L124;
																			}
																			L125:
																			__eflags = _t1073;
																			if(_t1073 == 0) {
																				_t938 =  *((intOrPtr*)(_t621 + 0x1c)) + (_a8 >> 5) * 4;
																				 *_t938 =  *_t938 | 1;
																				__eflags =  *_t938;
																			}
																			goto L127;
																		}
																		_t939 =  *(_t1073 - 8);
																		__eflags =  *(_t790 + 0x4c) & _t939;
																		L137:
																		if(__eflags != 0) {
																			_t939 = _t939 ^  *(_t790 + 0x50);
																			__eflags = _t939;
																		}
																		_t813 = _t939 & 0x0000ffff;
																		goto L140;
																	}
																}
															}
															goto L255;
														}
														__eflags = _a20 - _t744[1] - 1;
														if(_a20 != _t744[1] - 1) {
															goto L251;
														}
														_t764 = _a12;
														__eflags =  *(_t764 + 8);
														if( *(_t764 + 8) != 0) {
															_t884 = _t884 + _t884;
															__eflags = _t884;
														}
														_t901 =  *((intOrPtr*)( *((intOrPtr*)(_t764 + 0x20)) + _t884 * 4));
														while(1) {
															__eflags = _a16 - _t901;
															if(_a16 == _t901) {
																goto L202;
															}
															__eflags = _t1123;
															if(_t1123 == 0) {
																_t766 =  *(_t901 - 8) & 0x0000ffff;
															} else {
																_t1038 =  *(_t901 - 8);
																_t1123 =  *(_t790 + 0x4c);
																__eflags = _t1123 & _t1038;
																if((_t1123 & _t1038) != 0) {
																	_t1038 = _t1038 ^  *(_t790 + 0x50);
																	__eflags = _t1038;
																}
																_t766 = _t1038 & 0x0000ffff;
															}
															__eflags = _v8 - (_t766 & 0x0000ffff);
															if(_v8 - (_t766 & 0x0000ffff) > 0) {
																_t901 =  *_t901;
																continue;
															} else {
																_a8 = _t901;
																goto L202;
															}
														}
														goto L202;
													}
												}
												L201:
												_a8 = _t732;
												goto L202;
											}
										}
										_t733 =  *(_t790 + 0xc4);
										goto L203;
									}
								}
								_t907 =  *_t1080 & 0x0000ffff;
								while(1) {
									__eflags = _t907 -  *(_t684 + 4);
									if(_t907 <  *(_t684 + 4)) {
										break;
									}
									_t1061 =  *_t684;
									__eflags = _t1061;
									if(_t1061 == 0) {
										_t1075 =  *(_t684 + 4) - 1;
										_a8 = _t1075;
										L175:
										_t909 = _t1075 -  *((intOrPtr*)(_t684 + 0x14));
										__eflags =  *(_t684 + 8);
										_v8 = _t909;
										if( *(_t684 + 8) != 0) {
											_t909 = _t909 + _t909;
											__eflags = _t909;
										}
										_t910 = _t909 << 2;
										_t1043 =  *((intOrPtr*)(_t684 + 0x20)) + _t910;
										_a16 = _t910;
										 *((intOrPtr*)(_t684 + 0xc)) =  *((intOrPtr*)(_t684 + 0xc)) - 1;
										_v16 =  *_t1043;
										__eflags = _t1075 -  *(_t684 + 4) - 1;
										if(_t1075 ==  *(_t684 + 4) - 1) {
											_t263 = _t684 + 0x10;
											 *_t263 =  *(_t684 + 0x10) - 1;
											__eflags =  *_t263;
										}
										_t265 =  &(_t1080[4]); // 0x8
										__eflags = _v16 - _t265;
										if(_v16 != _t265) {
											L218:
											_t1062 = _a4;
											goto L185;
										} else {
											__eflags =  *_t684;
											_t915 =  *(_t684 + 4);
											if( *_t684 == 0) {
												_t915 = _t915 - 1;
												__eflags = _t915;
											}
											__eflags = _a8 - _t915;
											_t916 = _t1080[4];
											if(_a8 < _t915) {
												__eflags = _t916 -  *((intOrPtr*)(_t684 + 0x18));
												if(_t916 ==  *((intOrPtr*)(_t684 + 0x18))) {
													L226:
													 *(_a16 +  *((intOrPtr*)(_t684 + 0x20))) =  *(_a16 +  *((intOrPtr*)(_t684 + 0x20))) & 0x00000000;
													 *( *((intOrPtr*)(_t684 + 0x1c)) + (_v8 >> 5) * 4) =  *( *((intOrPtr*)(_t684 + 0x1c)) + (_v8 >> 5) * 4) &  !(1 << (_v8 & 0x0000001f));
													goto L218;
												}
												__eflags =  *(_t790 + 0x4c);
												if( *(_t790 + 0x4c) == 0) {
													_t1051 =  *(_t916 - 8) & 0x0000ffff;
												} else {
													_t1054 =  *(_t916 - 8);
													__eflags =  *(_t790 + 0x4c) & _t1054;
													if(( *(_t790 + 0x4c) & _t1054) != 0) {
														_t1054 = _t1054 ^  *(_t790 + 0x50);
														__eflags = _t1054;
													}
													_t1051 = _t1054 & 0x0000ffff;
												}
												__eflags = ( *_t1080 & 0x0000ffff) == (_t1051 & 0x0000ffff);
												if(( *_t1080 & 0x0000ffff) == (_t1051 & 0x0000ffff)) {
													 *(_a16 +  *((intOrPtr*)(_t684 + 0x20))) = _t916;
													goto L218;
												} else {
													goto L226;
												}
											} else {
												_t1062 = _a4;
												__eflags = _t916 -  *((intOrPtr*)(_t684 + 0x18));
												if(_t916 !=  *((intOrPtr*)(_t684 + 0x18))) {
													 *_t1043 = _t916;
												} else {
													 *_t1043 =  *_t1043 & 0x00000000;
													_t920 = _v8;
													_t789 =  *((intOrPtr*)(_t684 + 0x1c)) + (_t920 >> 5) * 4;
													 *_t789 =  *_t789 &  !(1 << (_t920 & 0x0000001f));
													__eflags =  *_t789;
												}
												goto L185;
											}
										}
									}
									_t684 = _t1061;
								}
								_t1075 = _t907;
								_a8 = _t907;
								goto L175;
							}
							L356:
							_t1080 = _v28;
							_v12 = 1;
							_t603 =  *(_t790 + 0x4c) >> 0x00000014 &  *(_t790 + 0x52) ^ _t1080[1];
							__eflags = _t603 & 0x00000001;
						} while ((_t603 & 0x00000001) == 0);
						_t596 = _a20;
					}
					__eflags = _a12;
					_t1080[2] =  *(_t790 + 0x54) ^ _t596;
					 *((char*)(_t1062 + 7)) = 0;
					if(_a12 != 0) {
						 *(_t1062 + 2) =  *(_t1062 + 2) & 0x000000f0;
						__eflags =  *(_t790 + 0x40) & 0x00000040;
						_t1081 = _t596 & 0x0000ffff;
						_a16 = _t1081;
						if(( *(_t790 + 0x40) & 0x00000040) != 0) {
							E01605810(_t1062 + 0x10, _t1081 * 8 - 0x10, 0xfeeefeee);
							 *(_t1062 + 2) =  *(_t1062 + 2) | 0x00000004;
						}
						_t612 =  *(_t790 + 0xb8);
						__eflags = _t612;
						if(__eflags != 0) {
							while(1) {
								__eflags = _t1081 -  *((intOrPtr*)(_t612 + 4));
								if(_t1081 <  *((intOrPtr*)(_t612 + 4))) {
									break;
								}
								_t801 =  *_t612;
								__eflags = _t801;
								if(_t801 != 0) {
									_t612 = _t801;
									continue;
								}
								_t802 =  *((intOrPtr*)(_t612 + 4)) - 1;
								_v8 = _t802;
								L34:
								_a12 = _t612;
								_t613 = _t612 + 0x14;
								__eflags = _t613;
								_a20 = _t613;
								while(1) {
									_t792 = _t802 -  *_a20;
									_t590 = _a12[6];
									_t925 =  *((intOrPtr*)(_t590 + 4));
									__eflags = _t590 - _t925;
									if(__eflags == 0) {
										goto L57;
									}
									_t1062 =  *(_t790 + 0x4c);
									__eflags = _t1062;
									if(_t1062 == 0) {
										_t942 =  *(_t925 - 8) & 0x0000ffff;
									} else {
										_t963 =  *(_t925 - 8);
										_t1062 =  *(_t790 + 0x4c);
										__eflags = _t1062 & _t963;
										if((_t1062 & _t963) != 0) {
											_t963 = _t963 ^  *(_t790 + 0x50);
											__eflags = _t963;
										}
										_t942 = _t963 & 0x0000ffff;
									}
									__eflags = _t1081 - (_t942 & 0x0000ffff);
									if(__eflags <= 0) {
										_t945 =  *_t590 - 8;
										__eflags = _t1062;
										if(_t1062 == 0) {
											_t946 =  *_t945 & 0x0000ffff;
										} else {
											_t962 =  *_t945;
											_t1062 =  *(_t790 + 0x4c);
											__eflags = _t1062 & _t962;
											if((_t1062 & _t962) != 0) {
												_t962 = _t962 ^  *(_t790 + 0x50);
												__eflags = _t962;
											}
											_t946 = _t962 & 0x0000ffff;
										}
										__eflags = _a16 - (_t946 & 0x0000ffff);
										if(__eflags <= 0) {
											_t590 =  *_t590;
											goto L57;
										} else {
											_t948 = _a12;
											__eflags =  *_t948;
											if( *_t948 != 0) {
												L48:
												_t628 = _a12;
												_t1091 = _t792 >> 5;
												_t1062 =  *((intOrPtr*)(_t628 + 0x1c)) + _t1091 * 4;
												_t952 = ( *((intOrPtr*)(_t628 + 4)) -  *_a20 >> 5) - 1;
												_t635 =  !((1 << (_t792 & 0x0000001f)) - 1) &  *_t1062;
												__eflags = 1;
												if(1 != 0) {
													L52:
													__eflags = _t635 & 0x0000ffff;
													if((_t635 & 0x0000ffff) == 0) {
														_t826 = _t635 >> 0x00000010 & 0x000000ff;
														__eflags = _t826;
														if(_t826 != 0) {
															_t23 = _t826 + 0x1625818; // 0x10008
															_t637 = ( *_t23 & 0x000000ff) + 0x10;
														} else {
															_t31 = (_t635 >> 0x18) + 0x1625818; // 0x10008
															_t637 = ( *_t31 & 0x000000ff) + 0x18;
														}
													} else {
														_t954 = _t635 & 0x000000ff;
														__eflags = _t954;
														if(_t954 == 0) {
															_t22 = (_t635 >> 0x00000008 & 0x000000ff) + 0x1625818; // 0x10008
															_t637 = ( *_t22 & 0x000000ff) + 8;
														} else {
															_t76 = _t954 + 0x1625818; // 0x10008
															_t637 =  *_t76 & 0x000000ff;
														}
													}
													_t1093 = (_t1091 << 5) + _t637;
													_t638 = _a12;
													__eflags =  *(_t638 + 8);
													_t827 = _t1093 + _t1093;
													if(__eflags == 0) {
														_t827 = _t1093;
													}
													_t590 =  *( *((intOrPtr*)(_t638 + 0x20)) + _t827 * 4);
													goto L57;
												} else {
													goto L49;
												}
												while(1) {
													L49:
													__eflags = _t1091 - _t952;
													if(_t1091 > _t952) {
														break;
													}
													_t1062 = _t1062 + 4;
													_t635 =  *_t1062;
													_t1091 = _t1091 + 1;
													__eflags = _t635;
													if(_t635 == 0) {
														continue;
													}
													break;
												}
												__eflags = _t635;
												if(__eflags == 0) {
													_a8 = _a8 & 0x00000000;
													L58:
													_t616 = _a8;
													if(_t616 == 0) {
														_t803 =  *_a12;
														_t1081 = _a16;
														_a12 = _t803;
														_t804 = _t803 + 0x14;
														_a20 = _t804;
														_t802 =  *_t804;
														_v8 = _t802;
														continue;
													}
													goto L59;
												}
												goto L52;
											}
											__eflags = _v8 - _t948[1] - 1;
											if(__eflags == 0) {
												_t957 = _a12;
												if( *((intOrPtr*)(_t957 + 8)) != 0) {
													_t792 = _t792 + _t792;
												}
												_t829 =  *((intOrPtr*)( *((intOrPtr*)(_t957 + 0x20)) + _t792 * 4));
												while(_t590 != _t829) {
													__eflags = _t1062;
													if(_t1062 == 0) {
														_t959 =  *(_t829 - 8) & 0x0000ffff;
													} else {
														_t961 =  *(_t829 - 8);
														_t1062 =  *(_t790 + 0x4c);
														__eflags = _t1062 & _t961;
														if((_t1062 & _t961) != 0) {
															_t961 = _t961 ^  *(_t790 + 0x50);
															__eflags = _t961;
														}
														_t959 = _t961 & 0x0000ffff;
													}
													__eflags = _a16 - (_t959 & 0x0000ffff);
													if(__eflags > 0) {
														_t829 =  *_t829;
														continue;
													} else {
														_a8 = _t829;
														goto L58;
													}
												}
												goto L58;
											}
											goto L48;
										}
									}
									L57:
									_a8 = _t590;
									goto L58;
								}
							}
							_t802 = _t1081;
							_v8 = _t1081;
							goto L34;
						} else {
							_t616 =  *(_t790 + 0xc4);
							L59:
							_t1082 = _t790 + 0xc4;
							if(_t1082 == _t616) {
								L66:
								_t805 =  *(_t616 + 4);
								_t926 =  *_t805;
								_t1084 = _a4 + 8;
								_a12 = _t1084;
								if(_t926 != _t616) {
									_push(0);
									_push(_t926);
									_push(0);
									_push(_t616);
									_push(0);
									_push(0xc);
									E01694B0C(_t790, 0, _t926, _t1062, _t1084, __eflags);
								} else {
									 *_t1084 = _t616;
									_t1084[1] = _t805;
									 *_t805 = _t1084;
									 *(_t616 + 4) = _t1084;
								}
								 *((intOrPtr*)(_t790 + 0x78)) =  *((intOrPtr*)(_t790 + 0x78)) + ( *_a4 & 0x0000ffff);
								_t621 =  *(_t790 + 0xb8);
								if(_t621 == 0) {
									goto L127;
								} else {
									_t812 =  *_a4 & 0x0000ffff;
									while(_t812 >=  *((intOrPtr*)(_t621 + 4))) {
										_t940 =  *_t621;
										if(_t940 == 0) {
											L148:
											_t812 =  *((intOrPtr*)(_t621 + 4)) - 1;
											break;
										}
										_t621 = _t940;
									}
									L120:
									_t928 = _t812 -  *((intOrPtr*)(_t621 + 0x14));
									__eflags =  *(_t621 + 8);
									_a8 = _t928;
									if( *(_t621 + 8) != 0) {
										_t928 = _t928 + _t928;
										__eflags = _t928;
									}
									_t1086 = _t928 << 2;
									 *((intOrPtr*)(_t621 + 0xc)) =  *((intOrPtr*)(_t621 + 0xc)) + 1;
									_t1073 =  *(_t1086 +  *((intOrPtr*)(_t621 + 0x20)));
									__eflags = _t812 -  *((intOrPtr*)(_t621 + 4)) - 1;
									if(_t812 ==  *((intOrPtr*)(_t621 + 4)) - 1) {
										 *(_t621 + 0x10) =  *(_t621 + 0x10) + 1;
									}
									__eflags = _t1073;
									if(_t1073 != 0) {
										__eflags =  *(_t790 + 0x4c);
										if( *(_t790 + 0x4c) == 0) {
											goto L272;
										}
										_t939 =  *(_t1073 - 8);
										__eflags =  *(_t790 + 0x4c) & _t939;
										goto L137;
									} else {
										goto L124;
									}
								}
							}
							_t941 =  *(_t790 + 0x4c);
							L61:
							L61:
							if(_t941 == 0) {
								_t819 =  *(_t616 - 8) & 0x0000ffff;
							} else {
								_t821 =  *(_t616 - 8);
								_t941 =  *(_t790 + 0x4c);
								if((_t941 & _t821) != 0) {
									_t821 = _t821 ^  *(_t790 + 0x50);
								}
								_t819 = _t821 & 0x0000ffff;
							}
							if(_a16 > (_t819 & 0x0000ffff)) {
								goto L366;
							}
							goto L66;
							L366:
							_t616 =  *_t616;
							__eflags = _t1082 - _t616;
							if(__eflags == 0) {
								goto L66;
							}
							goto L61;
						}
					}
					_t831 = _t596 & 0x0000ffff;
					 *(_t1062 + 2) = 0;
					_t645 =  *(_t790 + 0xb8);
					_v8 = _t831;
					__eflags = _t645;
					if(_t645 == 0) {
						_t646 =  *(_t790 + 0xc4);
						L108:
						_t1096 = _t790 + 0xc4;
						__eflags = _t1096 - _t646;
						if(_t1096 == _t646) {
							L115:
							_t832 =  *(_t646 + 4);
							_t964 =  *_t832;
							_t1098 = _a4 + 8;
							_a12 = _t1098;
							__eflags = _t964 - _t646;
							if(__eflags != 0) {
								_push(0);
								_push(_t964);
								_push(0);
								_push(_t646);
								_push(0);
								_push(0xc);
								E01694B0C(_t790, 0, _t964, _t1062, _t1098, __eflags);
							} else {
								 *_t1098 = _t646;
								_t1098[1] = _t832;
								 *_t832 = _t1098;
								 *(_t646 + 4) = _t1098;
							}
							 *((intOrPtr*)(_t790 + 0x78)) =  *((intOrPtr*)(_t790 + 0x78)) + ( *_a4 & 0x0000ffff);
							_t621 =  *(_t790 + 0xb8);
							__eflags = _t621;
							if(_t621 == 0) {
								goto L127;
							} else {
								_t812 =  *_a4 & 0x0000ffff;
								while(1) {
									__eflags = _t812 -  *((intOrPtr*)(_t621 + 4));
									if(_t812 <  *((intOrPtr*)(_t621 + 4))) {
										goto L120;
									}
									_t965 =  *_t621;
									__eflags = _t965;
									if(_t965 == 0) {
										goto L148;
									}
									_t621 = _t965;
								}
								goto L120;
							}
						}
						_t966 =  *(_t790 + 0x4c);
						while(1) {
							__eflags = _t966;
							if(_t966 == 0) {
								_t835 =  *(_t646 - 8) & 0x0000ffff;
							} else {
								_t837 =  *(_t646 - 8);
								_t966 =  *(_t790 + 0x4c);
								__eflags = _t966 & _t837;
								if((_t966 & _t837) != 0) {
									_t837 = _t837 ^  *(_t790 + 0x50);
									__eflags = _t837;
								}
								_t835 = _t837 & 0x0000ffff;
							}
							__eflags = _v8 - (_t835 & 0x0000ffff);
							if(_v8 <= (_t835 & 0x0000ffff)) {
								goto L115;
							}
							_t646 =  *_t646;
							__eflags = _t1096 - _t646;
							if(_t1096 == _t646) {
								goto L115;
							}
						}
						goto L115;
					} else {
						goto L83;
					}
					while(1) {
						L83:
						__eflags = _t831 -  *((intOrPtr*)(_t645 + 4));
						if(_t831 <  *((intOrPtr*)(_t645 + 4))) {
							break;
						}
						_t967 =  *_t645;
						__eflags = _t967;
						if(_t967 == 0) {
							_t831 =  *((intOrPtr*)(_t645 + 4)) - 1;
							break;
						}
						_t645 = _t967;
					}
					_a12 = _t645;
					_a20 = _t831;
					_t1062 = _t645 + 0x14;
					while(1) {
						_t651 = _a12[6];
						_t968 =  *((intOrPtr*)(_t651 + 4));
						_t840 = _a20 -  *_t1062;
						_a16 = _t651;
						__eflags = _t651 - _t968;
						if(_t651 == _t968) {
							goto L106;
						}
						_t1099 =  *(_t790 + 0x4c);
						__eflags = _t1099;
						if(_t1099 == 0) {
							_t654 =  *(_t968 - 8) & 0x0000ffff;
						} else {
							_t985 =  *(_t968 - 8);
							_t1099 =  *(_t790 + 0x4c);
							__eflags = _t1099 & _t985;
							if((_t1099 & _t985) != 0) {
								_t985 = _t985 ^  *(_t790 + 0x50);
								__eflags = _t985;
							}
							_t654 = _t985 & 0x0000ffff;
						}
						_t651 = _a16;
						__eflags = _v8 - (_t654 & 0x0000ffff);
						if(_v8 - (_t654 & 0x0000ffff) <= 0) {
							_t972 =  *_t651 - 8;
							__eflags = _t1099;
							if(_t1099 == 0) {
								_t656 =  *_t972 & 0x0000ffff;
							} else {
								_t984 =  *_t972;
								_t1099 =  *(_t790 + 0x4c);
								__eflags = _t1099 & _t984;
								if((_t1099 & _t984) != 0) {
									_t984 = _t984 ^  *(_t790 + 0x50);
									__eflags = _t984;
								}
								_t656 = _t984 & 0x0000ffff;
							}
							__eflags = _v8 - (_t656 & 0x0000ffff);
							if(_v8 - (_t656 & 0x0000ffff) <= 0) {
								_t651 =  *_a16;
								goto L106;
							} else {
								_t659 = _a12;
								__eflags =  *_t659;
								if( *_t659 == 0) {
									__eflags = _a20 - _t659[1] - 1;
									if(_a20 != _t659[1] - 1) {
										goto L97;
									}
									_t679 = _a12;
									__eflags =  *(_t679 + 8);
									if( *(_t679 + 8) != 0) {
										_t840 = _t840 + _t840;
										__eflags = _t840;
									}
									_t849 =  *((intOrPtr*)( *((intOrPtr*)(_t679 + 0x20)) + _t840 * 4));
									while(1) {
										__eflags = _a16 - _t849;
										if(_a16 == _t849) {
											break;
										}
										__eflags = _t1099;
										if(_t1099 == 0) {
											_t681 =  *(_t849 - 8) & 0x0000ffff;
										} else {
											_t983 =  *(_t849 - 8);
											_t1099 =  *(_t790 + 0x4c);
											__eflags = _t1099 & _t983;
											if((_t1099 & _t983) != 0) {
												_t983 = _t983 ^  *(_t790 + 0x50);
												__eflags = _t983;
											}
											_t681 = _t983 & 0x0000ffff;
										}
										__eflags = _v8 - (_t681 & 0x0000ffff);
										if(_v8 - (_t681 & 0x0000ffff) > 0) {
											_t849 =  *_t849;
											continue;
										} else {
											_a8 = _t849;
											break;
										}
									}
									L107:
									_t646 = _a8;
									__eflags = _t646;
									if(_t646 == 0) {
										_t236 =  *_a12 + 0x14; // 0x14
										_t1062 = _t236;
										_a12 =  *_a12;
										_a20 =  *_t1062;
										continue;
									}
									goto L108;
								}
								L97:
								_t662 = _a12;
								_t976 =  *((intOrPtr*)(_t662 + 4)) -  *_t1062;
								_t1101 = _t840 >> 5;
								_t1062 =  *((intOrPtr*)(_t662 + 0x1c)) + _t1101 * 4;
								_t978 = (_t976 >> 5) - 1;
								_t669 =  !((1 << (_t840 & 0x0000001f)) - 1) &  *_t1062;
								__eflags = 1;
								if(1 != 0) {
									L101:
									__eflags = _t669 & 0x0000ffff;
									if((_t669 & 0x0000ffff) == 0) {
										_t846 = _t669 >> 0x00000010 & 0x000000ff;
										__eflags = _t846;
										if(_t846 != 0) {
											_t211 = _t846 + 0x1625818; // 0x10008
											_t671 = ( *_t211 & 0x000000ff) + 0x10;
										} else {
											_t210 = (_t669 >> 0x18) + 0x1625818; // 0x10008
											_t671 = ( *_t210 & 0x000000ff) + 0x18;
										}
									} else {
										_t980 = _t669 & 0x000000ff;
										__eflags = _t980;
										if(_t980 == 0) {
											_t212 = (_t669 >> 0x00000008 & 0x000000ff) + 0x1625818; // 0x10008
											_t671 = ( *_t212 & 0x000000ff) + 8;
										} else {
											_t154 = _t980 + 0x1625818; // 0x10008
											_t671 =  *_t154 & 0x000000ff;
										}
									}
									_t1103 = (_t1101 << 5) + _t671;
									_t672 = _a12;
									__eflags = _t672[2];
									_t847 = _t1103 + _t1103;
									if(_t672[2] == 0) {
										_t847 = _t1103;
									}
									_t651 =  *(_t672[8] + _t847 * 4);
									goto L106;
								} else {
									goto L98;
								}
								while(1) {
									L98:
									__eflags = _t1101 - _t978;
									if(_t1101 > _t978) {
										break;
									}
									_t1062 = _t1062 + 4;
									_t669 =  *_t1062;
									_t1101 = _t1101 + 1;
									__eflags = _t669;
									if(_t669 == 0) {
										continue;
									}
									break;
								}
								__eflags = _t669;
								if(_t669 == 0) {
									_a8 = _a8 & 0x00000000;
									goto L107;
								}
								goto L101;
							}
						}
						L106:
						_a8 = _t651;
						goto L107;
					}
				}
			}

0x0162645a
0x01626468
0x0162646b
0x0162646d
0x01626470
0x01626478
0x0162647e
0x01626482
0x01626485
0x0162648a
0x016404ea
0x016404eb
0x016404ed
0x016404f0
0x01659b3e
0x01659b3e
0x01659b3f
0x01659b40
0x01659b41
0x01659b42
0x01659b43
0x01659b45
0x01659b4a
0x00000000
0x01659b4a
0x016404f6
0x016404fb
0x00000000
0x00000000
0x00000000
0x01626490
0x01626490
0x01626492
0x01626492
0x01626495
0x01626498
0x0162649c
0x016264a8
0x016264ab
0x016264ae
0x016264b1
0x016264b4
0x01642321
0x01642321
0x01642325
0x0164232a
0x01642334
0x01642337
0x01659b52
0x01659b54
0x01659b55
0x01659b56
0x01659b56
0x01642337
0x0164233d
0x01642340
0x01642340
0x01642343
0x01642345
0x01642348
0x0164234b
0x0164234e
0x01642350
0x01642352
0x01659b6f
0x01659b6f
0x01659b71
0x01659b72
0x01659b73
0x01659b74
0x01659b75
0x01659b77
0x00000000
0x01642358
0x01642358
0x0164235a
0x00000000
0x00000000
0x01642363
0x01642366
0x0164236c
0x0164236e
0x01642406
0x01642406
0x01642409
0x0164240c
0x0164240e
0x01642411
0x01642415
0x0164a823
0x0164a828
0x0164a82a
0x00000000
0x00000000
0x01659b68
0x01659b7c
0x01659b7c
0x01659b80
0x00000000
0x01659c33
0x00000000
0x01659b80
0x0164241b
0x0164241b
0x0164241f
0x01649a97
0x01649a9a
0x01649a9c
0x01659c3d
0x01659c44
0x01659c47
0x01659c49
0x01659c4b
0x01659c4e
0x01659c50
0x01659c50
0x01659c50
0x01659c50
0x01659c4e
0x01659c5c
0x01659c60
0x01659c65
0x01659c68
0x01659c6b
0x01659c77
0x01659c7a
0x01659c7e
0x01659ca0
0x01659ca5
0x01659c80
0x01659c98
0x01659c9d
0x01659cb2
0x01659cb9
0x01659cc2
0x01659cc2
0x01659c6b
0x01649a9c
0x01642428
0x01642431
0x01642433
0x01642436
0x0164243b
0x01659e3b
0x00000000
0x01642441
0x01642441
0x0164244b
0x0164244f
0x01642454
0x01642458
0x01649aa7
0x01649aab
0x01649aaf
0x01649ab2
0x01649ab5
0x01659d11
0x01659d16
0x01659d16
0x01649abb
0x01649ac1
0x01649ac3
0x01649ad2
0x01649ad2
0x01649ad5
0x00000000
0x00000000
0x01649aca
0x01649acc
0x01649ace
0x01649adf
0x01649adf
0x01649ae0
0x01649ae3
0x01649ae3
0x01649ae6
0x01649ae6
0x01649ae9
0x01649aec
0x01649aef
0x01649af4
0x01649af7
0x01649afa
0x01649afc
0x00000000
0x00000000
0x01649b02
0x01649b05
0x01649b07
0x01647e4b
0x01649b0d
0x01649b0d
0x01649b10
0x01649b13
0x01649b15
0x01649b17
0x01649b17
0x01649b17
0x01649b1a
0x01649b1a
0x01649b22
0x01649b24
0x01649b2c
0x01649b2f
0x01649b31
0x01647e54
0x01649b37
0x01649b37
0x01649b39
0x01649b3c
0x01649b3e
0x01649b40
0x01649b40
0x01649b40
0x01649b43
0x01649b43
0x01649b4e
0x01649b50
0x01659d34
0x00000000
0x01649b56
0x01649b56
0x01649b59
0x01649b5c
0x01659d3b
0x01659d3b
0x01659d4b
0x01659d4e
0x01659d5c
0x01659d60
0x01659d60
0x01659d62
0x01659d76
0x01659d79
0x01659d7b
0x01659da7
0x01659da7
0x01659dad
0x01659dbe
0x01659dc5
0x01659dc5
0x01659daf
0x01659daf
0x01659db6
0x01659db6
0x01659d7d
0x01659d84
0x01659d84
0x01659d86
0x01659d96
0x01659d9d
0x01659d88
0x01659d88
0x01659d88
0x01659d88
0x01659d86
0x01659dcb
0x01659dcd
0x01659dd0
0x01659dd4
0x01659dd7
0x01659dd9
0x01659dd9
0x01659dde
0x00000000
0x00000000
0x00000000
0x00000000
0x01659d64
0x01659d64
0x01659d64
0x01659d66
0x00000000
0x00000000
0x01659d68
0x01659d6b
0x01659d6d
0x01659d6e
0x01659d70
0x00000000
0x00000000
0x00000000
0x01659d70
0x01659d72
0x01659d74
0x01659de6
0x01649bb0
0x01649bb0
0x01649bb3
0x01649bb5
0x01659df2
0x01659df4
0x01659df7
0x01659dfa
0x01659dfd
0x01659e00
0x01659e02
0x00000000
0x01659e02
0x00000000
0x01649bb5
0x00000000
0x01659d74
0x01649b66
0x01649b69
0x00000000
0x00000000
0x01649b6f
0x01649b72
0x01649b76
0x01649b78
0x01649b78
0x01649b78
0x01649b7d
0x01649bac
0x01649bac
0x01649bae
0x00000000
0x00000000
0x01649b82
0x01649b84
0x01647e5c
0x01649b8a
0x01649b8a
0x01649b8d
0x01649b90
0x01649b92
0x01649b94
0x01649b94
0x01649b94
0x01649b97
0x01649b97
0x01649ba2
0x01649ba4
0x01649cc6
0x00000000
0x01649baa
0x01649baa
0x00000000
0x01649baa
0x01649ba4
0x00000000
0x01649bac
0x01649b50
0x01647dc8
0x01647dc8
0x00000000
0x01647dc8
0x01649aec
0x01649ad0
0x01649ad0
0x01659d2a
0x01659d2c
0x00000000
0x01649ac5
0x01659d1f
0x01649bbb
0x01649bbb
0x01649bc1
0x01649bc3
0x01649bec
0x01649bec
0x01649bef
0x01649bf2
0x01649bf4
0x01649bf7
0x01649bfa
0x01649bfc
0x01659e1b
0x01659e1c
0x01659e1d
0x01659e1e
0x01659e1f
0x01659e20
0x01659e22
0x01659e27
0x01649c02
0x01649c02
0x01649c04
0x01649c07
0x01649c09
0x01649c09
0x01649c0f
0x01649c12
0x01649c18
0x01649c1a
0x01649ca7
0x01649ca7
0x01649cab
0x01649cb9
0x01649cbf
0x01649cbf
0x016266e5
0x00000000
0x01649c20
0x01649c20
0x01649c2d
0x01649c2d
0x01649c30
0x00000000
0x00000000
0x01649c25
0x01649c27
0x01649c29
0x01649c3a
0x01649c3a
0x01649c3b
0x01649c3d
0x01649c40
0x01649c44
0x01649c47
0x01649c49
0x01649c49
0x01649c49
0x01649c4b
0x01649c51
0x01649c54
0x01649c57
0x01649c5e
0x01649c61
0x01649c63
0x01649c65
0x01649c65
0x01649c65
0x01649c65
0x01649c68
0x01649c6a
0x01649c90
0x01649c99
0x01649c9c
0x00000000
0x01649c6c
0x01649c6c
0x01649c70
0x01647e6e
0x01649c76
0x01649c76
0x01649c79
0x01649c7c
0x01649c7e
0x01649c7e
0x01649c7e
0x01649c81
0x01649c81
0x01649c8c
0x01649c8e
0x01649c9f
0x01649c9f
0x01649ca1
0x01647e8d
0x01647e8f
0x01647e8f
0x00000000
0x00000000
0x00000000
0x00000000
0x01649c8e
0x01649c6a
0x01649c2b
0x01649c2b
0x01659e2f
0x00000000
0x01659e2f
0x01649c1a
0x01649bc5
0x01649bc8
0x01649bc8
0x01649bca
0x01647e65
0x01649bd0
0x01649bd0
0x01649bd3
0x01649bd6
0x01649bd8
0x01649bda
0x01649bda
0x01649bda
0x01649bdd
0x01649bdd
0x01649be3
0x01649be6
0x00000000
0x00000000
0x01659e0a
0x01659e0c
0x01659e0e
0x00000000
0x00000000
0x01659e14
0x00000000
0x01649bc8
0x01649ac3
0x0164245e
0x01642461
0x01642465
0x0164246b
0x0164246e
0x01642470
0x01642477
0x01642477
0x0164247a
0x00000000
0x00000000
0x0164247c
0x0164247e
0x01642480
0x015f2359
0x00000000
0x015f2359
0x01642486
0x01642486
0x0164248a
0x0164248d
0x01642490
0x01642493
0x01642496
0x0164249c
0x0164249f
0x016424a1
0x016424a4
0x016424a6
0x00000000
0x00000000
0x016424a8
0x016424ab
0x016424ad
0x01647e28
0x016424b3
0x016424b3
0x016424b6
0x016424b9
0x016424bb
0x016424bd
0x016424bd
0x016424bd
0x016424c0
0x016424c0
0x016424cb
0x016424ce
0x016424d0
0x01642813
0x01642815
0x01642818
0x0164281a
0x01647e31
0x01642820
0x01642820
0x01642822
0x01642825
0x01642827
0x01642829
0x01642829
0x01642829
0x0164282c
0x0164282c
0x01642837
0x01642839
0x015ff3fd
0x00000000
0x0164283f
0x0164283f
0x01642842
0x01642845
0x0164289a
0x0164289a
0x016428a3
0x016428a7
0x016428aa
0x016428b8
0x016428bc
0x016428bc
0x016428be
0x016428d6
0x016428d9
0x016428db
0x015ff2aa
0x015ff2aa
0x015ff2ac
0x015fe47c
0x015fe483
0x015ff2b2
0x015ff2b2
0x015ff2b2
0x015ff2b2
0x016428e1
0x016428e6
0x016428e6
0x016428ec
0x015fba28
0x015fba2f
0x016428f2
0x016428f5
0x016428fc
0x016428fc
0x016428fc
0x016428ec
0x01642902
0x01642904
0x01642907
0x0164290b
0x0164290e
0x01659cd7
0x01659cd7
0x01642917
0x00000000
0x00000000
0x00000000
0x00000000
0x016428c0
0x016428c0
0x016428c0
0x016428c2
0x00000000
0x00000000
0x016428c4
0x016428c7
0x016428c9
0x016428ca
0x016428cc
0x00000000
0x00000000
0x00000000
0x016428cc
0x016428ce
0x016428d0
0x01644de6
0x016424d9
0x016424d9
0x016424dc
0x016424de
0x01644df4
0x01644df4
0x01644df9
0x01644dfc
0x00000000
0x01644dfc
0x016424e4
0x016424e4
0x016424ea
0x016424ec
0x016427e7
0x016427ea
0x016427ea
0x016427ec
0x01647e42
0x016427f2
0x016427f2
0x016427f5
0x016427f8
0x016427fa
0x016427fc
0x016427fc
0x016427fc
0x016427ff
0x016427ff
0x01642805
0x01642808
0x00000000
0x00000000
0x01659cde
0x01659ce0
0x01659ce2
0x00000000
0x01659ce8
0x00000000
0x01659ce8
0x00000000
0x01659ce2
0x016427ea
0x016424f2
0x016424f2
0x016424f8
0x016424fa
0x016424fd
0x01642500
0x01642502
0x01659cef
0x01659cf0
0x01659cf1
0x01659cf2
0x01659cf3
0x01659cf4
0x01659cf6
0x01642508
0x01642508
0x0164250a
0x0164250d
0x0164250f
0x0164250f
0x01642518
0x0164251b
0x01642521
0x01642523
0x016266cc
0x016266cc
0x016266d0
0x016266d2
0x016266dd
0x016266e3
0x016266e3
0x016266e3
0x00000000
0x01642529
0x0164252c
0x0164252f
0x0164252f
0x01642532
0x00000000
0x00000000
0x01642534
0x01642536
0x01642538
0x015f2362
0x00000000
0x015f2362
0x0164253e
0x0164253e
0x01642544
0x01642547
0x0164254b
0x0164254e
0x01642550
0x01642550
0x01642550
0x01642552
0x0164255a
0x0164255d
0x01642564
0x01642566
0x01642568
0x01642568
0x01642568
0x01642568
0x0164256b
0x0164256d
0x016266a7
0x016266ad
0x00000000
0x01642573
0x01642573
0x01642577
0x01647e1f
0x01647e1f
0x01626904
0x0162690f
0x01626911
0x00000000
0x00000000
0x016266b0
0x016266b0
0x016266b2
0x016266bf
0x016266ca
0x016266ca
0x016266ca
0x00000000
0x016266b2
0x0164257d
0x01642580
0x016268fc
0x016268fc
0x016268fe
0x016268fe
0x016268fe
0x01626901
0x00000000
0x01626901
0x0164256d
0x01642523
0x00000000
0x016428d0
0x0164284b
0x0164284e
0x00000000
0x00000000
0x01642850
0x01642853
0x01642857
0x01642859
0x01642859
0x01642859
0x0164285e
0x01642861
0x01642861
0x01642864
0x00000000
0x00000000
0x0164286a
0x0164286c
0x01647e39
0x01642872
0x01642872
0x01642875
0x01642878
0x0164287a
0x0164287c
0x0164287c
0x0164287c
0x0164287f
0x0164287f
0x0164288a
0x0164288c
0x015ede47
0x00000000
0x01642892
0x01642892
0x00000000
0x01642892
0x0164288c
0x00000000
0x01642861
0x01642839
0x016424d6
0x016424d6
0x00000000
0x016424d6
0x01642493
0x01659ccc
0x00000000
0x01659ccc
0x0164243b
0x01642374
0x01642377
0x01642377
0x0164237a
0x00000000
0x00000000
0x01642380
0x01642382
0x01642384
0x015f236b
0x015f236c
0x0164238e
0x01642390
0x01642393
0x01642397
0x0164239a
0x0164239c
0x0164239c
0x0164239c
0x016423a1
0x016423a4
0x016423a6
0x016423ab
0x016423ae
0x016423b5
0x016423b7
0x016423b9
0x016423b9
0x016423b9
0x016423b9
0x016423bc
0x016423bf
0x016423c2
0x01642588
0x01642588
0x00000000
0x016423c8
0x016423c8
0x016423cb
0x016423ce
0x016423d0
0x016423d0
0x016423d0
0x016423d1
0x016423d4
0x016423d7
0x0164259a
0x0164259d
0x016425c5
0x016425cb
0x016425e7
0x00000000
0x016425e7
0x0164259f
0x016425a3
0x01647dd0
0x016425a9
0x016425a9
0x016425ac
0x016425af
0x016425b1
0x016425b1
0x016425b1
0x016425b4
0x016425b4
0x016425bd
0x016425bf
0x015f237a
0x00000000
0x00000000
0x00000000
0x00000000
0x016423dd
0x016423dd
0x016423e0
0x016423e3
0x015f52b3
0x016423e9
0x016423e9
0x016423ec
0x016423f7
0x01642404
0x01642404
0x01642404
0x00000000
0x016423e3
0x016423d7
0x016423c2
0x0164238a
0x0164238a
0x01642590
0x01642592
0x00000000
0x01642592
0x01659b86
0x01659b89
0x01659b92
0x01659b99
0x01659b9c
0x01659b9c
0x01659ba4
0x01659ba4
0x016264c1
0x016264c5
0x016264c9
0x016264cd
0x015fe836
0x015fe83a
0x015fe83e
0x015fe841
0x015fe844
0x01659bf1
0x01659bf6
0x01659bf6
0x015fe84a
0x015fe850
0x015fe852
0x015fe859
0x015fe859
0x015fe85c
0x00000000
0x00000000
0x015fe9fd
0x015fe9ff
0x015fea01
0x015feff0
0x00000000
0x015feff0
0x015fea0a
0x015fea0b
0x015fe867
0x015fe867
0x015fe86a
0x015fe86a
0x015fe86d
0x015fe870
0x015fe873
0x015fe878
0x015fe87b
0x015fe87e
0x015fe880
0x00000000
0x00000000
0x015fe886
0x015fe889
0x015fe88b
0x01647dfc
0x015fe891
0x015fe891
0x015fe894
0x015fe897
0x015fe899
0x015fe89b
0x015fe89b
0x015fe89b
0x015fe89e
0x015fe89e
0x015fe8a6
0x015fe8a8
0x015fe8b0
0x015fe8b3
0x015fe8b5
0x01647e05
0x015fe8bb
0x015fe8bb
0x015fe8bd
0x015fe8c0
0x015fe8c2
0x015fe8c4
0x015fe8c4
0x015fe8c4
0x015fe8c7
0x015fe8c7
0x015fe8d2
0x015fe8d4
0x015fb5cf
0x00000000
0x015fe8da
0x015fe8da
0x015fe8dd
0x015fe8e0
0x015fe8ef
0x015fe8ef
0x015fe8ff
0x015fe902
0x015fe910
0x015fe914
0x015fe914
0x015fe916
0x015fe92e
0x015fe931
0x015fe933
0x015eff02
0x015eff02
0x015eff08
0x015ef78b
0x015ef792
0x015eff0e
0x015eff11
0x015eff18
0x015eff18
0x015fe939
0x015fe940
0x015fe940
0x015fe942
0x015eb8b1
0x015eb8b8
0x015fe948
0x015fe948
0x015fe948
0x015fe948
0x015fe942
0x015fe952
0x015fe954
0x015fe957
0x015fe95b
0x015fe95e
0x01659c0a
0x01659c0a
0x015fe967
0x00000000
0x00000000
0x00000000
0x00000000
0x015fe918
0x015fe918
0x015fe918
0x015fe91a
0x00000000
0x00000000
0x015fe91c
0x015fe91f
0x015fe921
0x015fe922
0x015fe924
0x00000000
0x00000000
0x00000000
0x015fe924
0x015fe926
0x015fe928
0x015ef79a
0x015fe96d
0x015fe96d
0x015fe972
0x015ef7a6
0x015ef7a8
0x015ef7ab
0x015ef7ae
0x015ef7b1
0x015ef7b4
0x015ef7b6
0x00000000
0x015ef7b6
0x00000000
0x015fe972
0x00000000
0x015fe928
0x015fe8e6
0x015fe8e9
0x015e7f41
0x015e7f48
0x015e7f4a
0x015e7f4a
0x015e7f4f
0x015e7f52
0x015e7f5b
0x015e7f5d
0x01647e0d
0x015e7f63
0x015e7f63
0x015e7f66
0x015e7f69
0x015e7f6b
0x015e7f6d
0x015e7f6d
0x015e7f6d
0x015e7f70
0x015e7f70
0x015e7f7b
0x015e7f7d
0x015e7f87
0x00000000
0x015e7f7f
0x015e7f7f
0x00000000
0x015e7f7f
0x015e7f7d
0x00000000
0x015e7f52
0x00000000
0x015fe8e9
0x015fe8d4
0x015fe96a
0x015fe96a
0x00000000
0x015fe96a
0x015fe870
0x015fe862
0x015fe864
0x00000000
0x015fe854
0x01659bff
0x015fe978
0x015fe978
0x015fe980
0x015fe9a9
0x015fe9a9
0x015fe9af
0x015fe9b1
0x015fe9b4
0x015fe9b9
0x01659c22
0x01659c23
0x01659c24
0x01659c25
0x01659c26
0x01659c27
0x01659c29
0x015fe9bf
0x015fe9bf
0x015fe9c1
0x015fe9c4
0x015fe9c6
0x015fe9c6
0x015fe9cf
0x015fe9d2
0x015fe9da
0x00000000
0x015fe9e0
0x015fe9e3
0x015fe9e6
0x015fe9ef
0x015fe9f3
0x016271c5
0x016271c8
0x00000000
0x016271c8
0x015fe9f9
0x015fe9f9
0x01626675
0x01626677
0x0162667a
0x0162667e
0x01626681
0x01626683
0x01626683
0x01626683
0x0162668a
0x0162668d
0x01626690
0x01626697
0x01626699
0x016271bd
0x016271bd
0x0162669f
0x016266a1
0x016268ec
0x016268f0
0x00000000
0x00000000
0x016268f6
0x016268f9
0x00000000
0x00000000
0x00000000
0x00000000
0x016266a1
0x015fe9da
0x015fe982
0x00000000
0x015fe985
0x015fe987
0x01647e16
0x015fe98d
0x015fe98d
0x015fe990
0x015fe995
0x015fe997
0x015fe997
0x015fe99a
0x015fe99a
0x015fe9a3
0x00000000
0x00000000
0x00000000
0x01659c11
0x01659c11
0x01659c13
0x01659c15
0x00000000
0x00000000
0x00000000
0x01659c1b
0x015fe852
0x016264d3
0x016264d6
0x016264da
0x016264e0
0x016264e3
0x016264e5
0x01659bac
0x01626602
0x01626602
0x01626608
0x0162660a
0x01626633
0x01626633
0x01626639
0x0162663b
0x0162663e
0x01626641
0x01626643
0x01659bcf
0x01659bd0
0x01659bd1
0x01659bd2
0x01659bd3
0x01659bd4
0x01659bd6
0x01626649
0x01626649
0x0162664b
0x0162664e
0x01626650
0x01626650
0x01626659
0x0162665c
0x01626662
0x01626664
0x00000000
0x01626666
0x01626669
0x0162666c
0x0162666c
0x0162666f
0x00000000
0x00000000
0x01626721
0x01626723
0x01626725
0x00000000
0x00000000
0x0162672b
0x0162672b
0x00000000
0x0162666c
0x01626664
0x0162660c
0x0162660f
0x0162660f
0x01626611
0x01647df3
0x01626617
0x01626617
0x0162661a
0x0162661d
0x0162661f
0x01626621
0x01626621
0x01626621
0x01626624
0x01626624
0x0162662a
0x0162662d
0x00000000
0x00000000
0x01659bbe
0x01659bc0
0x01659bc2
0x00000000
0x00000000
0x01659bc8
0x00000000
0x00000000
0x00000000
0x00000000
0x016264eb
0x016264eb
0x016264eb
0x016264ee
0x00000000
0x00000000
0x01626710
0x01626712
0x01626714
0x01628ce8
0x00000000
0x01628ce8
0x0162671a
0x0162671a
0x016264f4
0x016264f7
0x016264fa
0x016264fd
0x01626500
0x01626506
0x01626509
0x0162650b
0x0162650e
0x01626510
0x00000000
0x00000000
0x01626516
0x01626519
0x0162651b
0x01647dd9
0x01626521
0x01626521
0x01626524
0x01626527
0x01626529
0x0162652b
0x0162652b
0x0162652b
0x0162652e
0x0162652e
0x01626539
0x0162653c
0x0162653e
0x01626546
0x01626549
0x0162654b
0x01647de2
0x01626551
0x01626551
0x01626553
0x01626556
0x01626558
0x0162655a
0x0162655a
0x0162655a
0x0162655d
0x0162655d
0x01626568
0x0162656a
0x01626ee8
0x00000000
0x01626570
0x01626570
0x01626573
0x01626576
0x0162984d
0x01629850
0x00000000
0x00000000
0x01629856
0x01629859
0x0162985d
0x0162985f
0x0162985f
0x0162985f
0x01629864
0x01629867
0x01629867
0x0162986a
0x00000000
0x00000000
0x01629870
0x01629872
0x01647dea
0x01629878
0x01629878
0x0162987b
0x0162987e
0x01629880
0x01629882
0x01629882
0x01629882
0x01629885
0x01629885
0x01629890
0x01629892
0x015fb5fc
0x00000000
0x01629898
0x01629898
0x00000000
0x01629898
0x01629892
0x016265f7
0x016265f7
0x016265fa
0x016265fc
0x01629b27
0x01629b27
0x01629b2c
0x01629b2f
0x00000000
0x01629b2f
0x00000000
0x016265fc
0x0162657c
0x0162657c
0x01626585
0x01626589
0x0162658c
0x0162659a
0x0162659e
0x0162659e
0x016265a0
0x016265b8
0x016265bb
0x016265bd
0x01626921
0x01626921
0x01626927
0x01626c01
0x01626c08
0x0162692d
0x01626930
0x01626937
0x01626937
0x016265c3
0x016265ca
0x016265ca
0x016265cc
0x01626c15
0x01626c1c
0x016265d2
0x016265d2
0x016265d2
0x016265d2
0x016265cc
0x016265dc
0x016265de
0x016265e1
0x016265e5
0x016265e8
0x01659bb7
0x01659bb7
0x016265f1
0x00000000
0x00000000
0x00000000
0x00000000
0x016265a2
0x016265a2
0x016265a2
0x016265a4
0x00000000
0x00000000
0x016265a6
0x016265a9
0x016265ab
0x016265ac
0x016265ae
0x00000000
0x00000000
0x00000000
0x016265ae
0x016265b0
0x016265b2
0x01629b19
0x00000000
0x01629b19
0x00000000
0x016265b2
0x0162656a
0x016265f4
0x016265f4
0x00000000
0x016265f4
0x016264fd

Strings

HEAP: , xrefs: 01659CA0
HEAP[%wZ]: , xrefs: 01659C93
HEAP: Free Heap block %lx modified at %lx after it was freed, xrefs: 01659CB4

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %lx modified at %lx after it was freed$HEAP[%wZ]:
API String ID: 0-2419525547
Opcode ID: 937aa8aadf01b17441c6c7b77fe77d4044241f167d073fe246fbc5fb094a7e82
Instruction ID: b76ad49531e84fc2cd56068250fcc8a02e693e17bb022d4dd15815d62603ea0d
Opcode Fuzzy Hash: 937aa8aadf01b17441c6c7b77fe77d4044241f167d073fe246fbc5fb094a7e82
Instruction Fuzzy Hash: E6C27A71600626CFDB28CF19C894A7A7BB2FF94314B1A81ADED569B356D730E841CB90

Uniqueness

Uniqueness Score: 100.00%

Function 0162595C, Relevance: 4.8, Strings: 3, Instructions: 1053
UNIQUECrypto

C-Code - Quality: 88%

			E0162595C(void* __ebx, signed int __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t572;
				signed int _t574;
				unsigned int _t578;
				void* _t582;
				signed int _t586;
				intOrPtr _t590;
				signed int _t604;
				signed int* _t612;
				void* _t613;
				intOrPtr _t624;
				unsigned int _t625;
				signed int _t626;
				intOrPtr* _t627;
				signed int _t629;
				intOrPtr _t630;
				signed char* _t631;
				signed int _t632;
				signed char _t633;
				signed char _t636;
				unsigned int _t637;
				signed char* _t642;
				signed int _t646;
				signed int _t652;
				signed char _t665;
				signed int _t666;
				intOrPtr _t672;
				intOrPtr _t674;
				intOrPtr _t676;
				signed int* _t690;
				signed int _t692;
				signed short _t695;
				signed int _t697;
				signed short* _t699;
				signed short _t700;
				unsigned int _t708;
				signed int _t709;
				signed int _t710;
				signed int _t719;
				signed short _t720;
				signed short _t722;
				signed short _t723;
				signed short _t724;
				signed char _t725;
				signed char _t726;
				void* _t727;
				signed int _t728;
				void* _t729;
				intOrPtr* _t730;
				intOrPtr _t733;
				signed char* _t734;
				void* _t735;
				signed int _t747;
				signed int _t754;
				signed int _t755;
				signed int _t756;
				signed int _t758;
				signed int _t762;
				signed char _t766;
				signed int* _t774;
				unsigned int _t780;
				signed int _t781;
				intOrPtr* _t784;
				intOrPtr* _t785;
				intOrPtr* _t786;
				signed int _t789;
				signed short _t806;
				signed int _t807;
				signed int _t819;
				signed int _t821;
				signed int _t829;
				signed int _t830;
				intOrPtr _t832;
				signed short _t833;
				signed int _t835;
				signed int _t839;
				signed int _t841;
				signed int _t857;
				intOrPtr _t859;
				intOrPtr* _t860;
				intOrPtr _t861;
				intOrPtr* _t862;
				intOrPtr _t864;
				signed int _t867;
				signed int _t875;
				signed int _t876;
				signed short _t879;
				signed short _t882;
				signed char _t884;
				signed int _t885;
				intOrPtr _t889;
				intOrPtr _t890;
				signed char* _t892;
				signed short _t893;
				signed int _t894;
				signed int _t904;
				signed int* _t905;
				signed int _t910;
				signed int _t911;
				intOrPtr* _t913;
				signed int _t914;
				signed int _t921;
				intOrPtr _t923;
				intOrPtr _t924;
				signed int _t926;
				signed int _t928;
				signed int _t933;
				signed int _t939;
				signed int _t940;
				signed int _t947;
				signed int _t948;
				intOrPtr _t951;
				signed int _t952;
				signed int _t957;
				signed int _t959;
				signed int _t960;
				signed int _t961;
				signed int _t963;
				signed int _t965;
				signed int _t966;
				signed short _t967;
				intOrPtr _t972;
				signed short _t973;
				void* _t978;
				void* _t979;

				_t956 = __esi;
				_t884 = __edx;
				_push(0xb0);
				_push(0x1621228);
				_t572 = E01622824(__ebx, __edi, __esi);
				 *(_t978 - 0x3c) = __edx;
				_t753 = __ecx;
				 *(_t978 - 0x20) = __ecx;
				_t762 = 1;
				 *(_t978 - 0x44) = 1;
				 *((char*)(_t978 - 0x21)) = 0;
				_t939 = 0;
				 *(_t978 - 0x30) = 0;
				 *(_t978 - 0x28) = 0;
				 *(_t978 - 0x58) = 0;
				 *((intOrPtr*)(_t978 - 0x70)) = 0;
				if((__edx & 0x7d010f60) != 0) {
					L16:
					 *(_t978 - 0x44) = _t939;
					 *( *(_t978 + 0x14)) = 4;
					__eflags =  *(_t978 + 8) - 0x7fffffff;
					if( *(_t978 + 8) > 0x7fffffff) {
						_t574 = 0;
						goto L94;
					}
					__eflags = _t884 & 0x61000000;
					if((_t884 & 0x61000000) != 0) {
						__eflags = _t884 & 0x10000000;
						if(__eflags != 0) {
							goto L18;
						}
						_t574 = E016961D6(_t753, _t939, _t956, __eflags, _t753, _t884,  *(_t978 + 8));
						goto L94;
					}
					L18:
					__eflags =  *(_t978 + 8) - _t939;
					if( *(_t978 + 8) != _t939) {
						_t762 =  *(_t978 + 8);
					}
					_t578 =  *((intOrPtr*)(_t753 + 0x98)) + _t762 &  *(_t753 + 0x9c);
					 *(_t978 + 0xc) = _t578;
					_t766 = _t884 >> 0x00000004 & 0x000000e1 | 0x00000001;
					 *(_t978 - 0x19) = _t766;
					__eflags = _t884 & 0x3c000100;
					if((_t884 & 0x3c000100) != 0) {
						L22:
						 *(_t978 - 0x19) = _t766 | 0x00000002;
						_t578 = _t578 + 8;
						__eflags = _t578;
						 *(_t978 + 0xc) = _t578;
						L23:
						 *(_t978 - 0x2c) = _t578 >> 3;
						_t957 =  *(_t978 + 0x10);
						goto L46;
					}
					__eflags =  *((intOrPtr*)(_t753 + 0xc0)) - _t939;
					if( *((intOrPtr*)(_t753 + 0xc0)) == _t939) {
						goto L23;
					}
					goto L22;
				} else {
					__eflags =  *(__ebp + 8) - 0x80000000;
					if( *(__ebp + 8) >= 0x80000000) {
						goto L16;
					}
					__esi =  *(__ebp + 0x10);
					__eflags = __esi;
					if(__esi == 0) {
						__eflags =  *(__ebp + 8);
						if( *(__ebp + 8) == 0) {
							__eax = 0;
							__eax = 1;
						} else {
							__eax =  *(__ebp + 8);
						}
						__eax = __eax + 0xf;
						__eax = __eax & 0xfffffff8;
						 *(__ebp + 0xc) = __eax;
					} else {
						__eax =  *(__ebp + 0xc);
					}
					 *((char*)(__ebp - 0x19)) = 1;
					__ecx = __eax;
					__ecx = __eax >> 3;
					 *(__ebp - 0x2c) = __ecx;
					__eflags = __ecx - 2;
					if(__ecx < 2) {
						 *(__ebp + 0xc) = __eax;
						 *(__ebp - 0x2c) = 2;
					}
					__eax =  *(__ebp + 0x14);
					 *__eax = 3;
					L46:
					__eflags = _t884 & 0x00800000;
					if((_t884 & 0x00800000) != 0) {
						_t115 = _t978 - 0x19;
						 *_t115 =  *(_t978 - 0x19) | 0x00000008;
						__eflags =  *_t115;
					}
					 *(_t978 - 4) = _t939;
					__eflags = _t884 & 0x00000001;
					if(__eflags != 0) {
						L53:
						_t580 =  *(_t978 - 0x2c);
						__eflags =  *(_t978 - 0x2c) -  *((intOrPtr*)(_t753 + 0x60));
						if( *(_t978 - 0x2c) >  *((intOrPtr*)(_t753 + 0x60))) {
							__eflags =  *(_t753 + 0x40) & 0x00000002;
							if(( *(_t753 + 0x40) & 0x00000002) != 0) {
								 *(_t978 + 0xc) =  *(_t978 + 0xc) + 0x18;
								_t754 =  *(_t978 - 0x20);
								_t582 = E01683952(_t754, 1);
								_push(_t582);
								_push(0x1000);
								_push(_t978 + 0xc);
								_push(0);
								_push(_t978 - 0x28);
								_push(0xffffffff);
								_t580 = E01614EA0();
								__eflags = _t580;
								if(_t580 < 0) {
									 *((intOrPtr*)(_t754 + 0x10c)) =  *((intOrPtr*)(_t754 + 0x10c)) + 1;
									goto L243;
								} else {
									__eflags =  *0x7ffe0380;
									if( *0x7ffe0380 != 0) {
										_t590 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
										__eflags =  *(_t590 + 0x240) & 0x00000001;
										if(( *(_t590 + 0x240) & 0x00000001) != 0) {
											E0169424E(_t754,  *(_t978 - 0x28),  *(_t978 + 0xc), 9);
										}
										__eflags =  *0x7ffe0380;
										if( *0x7ffe0380 != 0) {
											__eflags =  *( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x240) & 0x00000001;
											if(__eflags != 0) {
												E016946E1(__eflags, _t754,  *(_t978 - 0x28),  *(_t978 + 0xc),  *(_t754 + 0x78) << 3,  *0x7ffe0380 & 0x000000ff);
											}
										}
									}
									__eflags =  *0x7ffe038a;
									if(__eflags != 0) {
										E016946E1(__eflags, _t754,  *(_t978 - 0x28),  *(_t978 + 0xc),  *(_t754 + 0x78) << 3,  *0x7ffe038a & 0x000000ff);
									}
									 *((short*)( *(_t978 - 0x28) + 0x18)) =  *(_t978 + 0xc) -  *(_t978 + 8);
									 *( *(_t978 - 0x28) + 0x1a) =  *(_t978 - 0x19) & 0x000000ff | 0x00000002;
									 *( *(_t978 - 0x28) + 0x10) =  *(_t978 + 0xc);
									 *( *(_t978 - 0x28) + 0x14) =  *(_t978 + 0xc);
									 *((char*)( *(_t978 - 0x28) + 0x1f)) = 4;
									 *((intOrPtr*)(_t754 + 0xe8)) =  *((intOrPtr*)(_t754 + 0xe8)) +  *(_t978 + 0xc);
									__eflags =  *(_t754 + 0x40) & 0x08000000;
									if(( *(_t754 + 0x40) & 0x08000000) != 0) {
										 *((short*)( *(_t978 - 0x28) + 8)) = E0168DDF8();
									}
									_t604 = E016271D3();
									__eflags = _t604 & 0x00000800;
									if((_t604 & 0x00000800) != 0) {
										 *((short*)( *(_t978 - 0x28) + 0xa)) = E01683B12(_t754,  *(_t978 - 0x3c) >> 0x00000012 & 0x000000ff, 0,  *( *(_t978 - 0x28) + 0x10) >> 3, 1);
									}
									_t885 =  *(_t978 - 0x28);
									_t612 = _t885 + 0x18;
									__eflags =  *(_t754 + 0x4c);
									if( *(_t754 + 0x4c) != 0) {
										_t612[0] = _t612[0] & 0x000000ff ^ _t612[0] & 0x000000ff ^  *_t612 & 0x000000ff;
										 *_t612 =  *_t612 ^  *(_t754 + 0x50);
										__eflags =  *_t612;
										_t885 =  *(_t978 - 0x28);
									}
									_t613 = _t754 + 0xa0;
									_t774 =  *(_t613 + 4);
									_t959 =  *_t774;
									__eflags = _t959 - _t613;
									if(__eflags != 0) {
										_push(0);
										_push(_t959);
										_push(0);
										_push(_t613);
										_push(0);
										_push(0xc);
										E01694B0C(_t754, 0, _t885, _t939, _t959, __eflags);
									} else {
										 *_t885 = _t613;
										 *(_t885 + 4) = _t774;
										 *_t774 = _t885;
										 *(_t613 + 4) = _t885;
									}
									_t580 =  *(_t978 - 0x28) + 0x20;
									 *(_t978 - 0x30) =  *(_t978 - 0x28) + 0x20;
									goto L92;
								}
							} else {
								L243:
								 *(_t978 - 0x30) =  *(_t978 - 0x30) & 0x00000000;
								L311:
								_t754 =  *(_t978 - 0x20);
								goto L92;
							}
						}
						__eflags = _t957 - _t939;
						if(_t957 == _t939) {
							L60:
							 *(_t978 - 0x38) = _t753 + 0xc4;
							_t940 =  *(_t753 + 0xb8);
							while(1) {
								 *(_t978 - 0xc0) = _t940;
								_t624 =  *((intOrPtr*)(_t940 + 4));
								_t780 =  *(_t978 - 0x2c);
								__eflags = _t780 - _t624;
								if(_t780 < _t624) {
									break;
								}
								_t781 =  *_t940;
								__eflags = _t781;
								if(_t781 == 0) {
									_t625 = _t624 - 1;
									L132:
									 *(_t978 - 0x84) = _t625;
									L97:
									 *(_t978 - 0x9c) = _t940;
									_t783 =  *(_t978 - 0x84) -  *(_t940 + 0x14);
									_t888 =  *(_t940 + 0x18);
									 *(_t978 + 0x10) = _t888;
									_t626 =  *(_t888 + 4);
									 *(_t978 - 0x94) = _t626;
									__eflags = _t888 - _t626;
									if(_t888 == _t626) {
										 *(_t978 - 0x34) = _t888;
										L111:
										_t960 =  *(_t978 - 0x34);
										__eflags = _t960;
										if(_t960 == 0) {
											_t940 =  *_t940;
											_t625 =  *(_t940 + 0x14);
											_t753 =  *(_t978 - 0x20);
											goto L132;
										}
										__eflags =  *(_t978 - 0x38) - _t960;
										if( *(_t978 - 0x38) == _t960) {
											L198:
											_t941 =  *(_t978 - 0x20);
											_t966 = E0162F0D9(_t783, _t888, _t941,  *(_t978 + 0xc));
											 *(_t978 + 0x14) = _t966;
											__eflags = _t966;
											if(_t966 == 0) {
												goto L243;
											}
											_t406 = _t966 + 8; // 0x8
											_t627 = _t406;
											_t889 =  *_t627;
											 *((intOrPtr*)(_t978 - 0x48)) = _t889;
											_t784 =  *((intOrPtr*)(_t966 + 0xc));
											 *((intOrPtr*)(_t978 - 0x68)) = _t784;
											_t785 =  *_t784;
											_t890 =  *((intOrPtr*)(_t889 + 4));
											__eflags = _t785 - _t890;
											if(__eflags != 0) {
												L267:
												_push(0);
												_push(_t785);
												_push(_t890);
												_push(_t627);
												_push(_t941);
												L262:
												_push(0xc);
												_t580 = E01694B0C(_t753, _t785, _t890, _t941, _t966, __eflags);
												goto L311;
											}
											__eflags = _t785 - _t627;
											if(__eflags != 0) {
												goto L267;
											}
											 *((intOrPtr*)(_t941 + 0x78)) =  *((intOrPtr*)(_t941 + 0x78)) - ( *_t966 & 0x0000ffff);
											_t629 =  *(_t941 + 0xb8);
											__eflags = _t629;
											if(_t629 == 0) {
												L77:
												_t630 =  *((intOrPtr*)(_t978 - 0x48));
												_t786 =  *((intOrPtr*)(_t978 - 0x68));
												 *_t786 = _t630;
												 *((intOrPtr*)(_t630 + 4)) = _t786;
												_t179 = _t966 + 2; // 0x2
												_t631 = _t179;
												 *(_t978 + 0x10) = _t631;
												__eflags =  *_t631 & 0x00000008;
												if(( *_t631 & 0x00000008) != 0) {
													_t632 = E015FC30D( *(_t978 - 0x20), _t966);
													__eflags = _t632;
													if(_t632 != 0) {
														goto L78;
													} else {
														_t580 = E015FE4D7(_t753, _t941,  *(_t978 - 0x20), _t966,  *_t966 & 0x0000ffff, 1);
														goto L311;
													}
												}
												L78:
												_t755 =  *(_t978 + 0x10);
												_t633 =  *_t755;
												 *(_t978 - 0xa0) = _t633;
												__eflags =  *(_t978 - 0x44);
												if( *(_t978 - 0x44) == 0) {
													__eflags = _t633 & 0x00000004;
													if((_t633 & 0x00000004) != 0) {
														_t947 = ( *_t966 & 0x0000ffff) * 8 - 0x10;
														 *(_t978 - 0xb0) = _t947;
														__eflags = _t633 & 0x00000002;
														if((_t633 & 0x00000002) != 0) {
															__eflags = _t947 - 4;
															if(_t947 > 4) {
																_t947 = _t947 - 4;
																__eflags = _t947;
																 *(_t978 - 0xb0) = _t947;
															}
														}
														_t480 = _t966 + 0x10; // 0x10
														_t674 = E01605770(_t480, _t947, 0xfeeefeee);
														 *((intOrPtr*)(_t978 - 0x48)) = _t674;
														__eflags = _t674 - _t947;
														if(_t674 != _t947) {
															_t676 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
															__eflags =  *(_t676 + 0xc);
															if( *(_t676 + 0xc) == 0) {
																_push("HEAP: ");
																E015EF63B();
															} else {
																E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
															}
															_t966 =  *(_t978 + 0x14);
															_push( *((intOrPtr*)(_t978 - 0x48)) + _t966 + 0x10);
															E015EF63B("HEAP: Free Heap block %lx modified at %lx after it was freed\n", _t966);
															_t979 = _t979 + 0xc;
															E016959C1(_t966);
														}
													}
												}
												 *_t755 =  *(_t978 - 0x19);
												_t942 =  *(_t978 - 0x2c);
												_t789 = ( *_t966 & 0x0000ffff) - _t942;
												 *(_t978 - 0xa4) = _t789;
												 *_t966 = _t942;
												_t636 =  *(_t978 + 0xc) -  *(_t978 + 8);
												 *(_t978 - 0x38) = _t636;
												_t192 = _t966 + 7; // 0x7
												_t892 = _t192;
												__eflags = _t636 - 0x3f;
												if(_t636 >= 0x3f) {
													 *(_t978 - 0x60) = _t892;
													_t754 =  *(_t978 - 0x20);
													__eflags =  *_t892 & 0x00000080;
													if(( *_t892 & 0x00000080) == 0) {
														__eflags =  *(_t754 + 0x4c);
														if( *(_t754 + 0x4c) == 0) {
															_t893 = _t942 & 0x0000ffff;
														} else {
															_t973 =  *_t966;
															 *(_t978 - 0x90) = _t973;
															__eflags =  *(_t754 + 0x4c) & _t973;
															if(( *(_t754 + 0x4c) & _t973) != 0) {
																_t973 = _t973 ^  *(_t754 + 0x50);
																__eflags = _t973;
																 *(_t978 - 0x90) = _t973;
															}
															_t893 = _t973 & 0x0000ffff;
															_t966 =  *(_t978 + 0x14);
															_t789 =  *(_t978 - 0xa4);
														}
														_t894 = _t893 & 0x0000ffff;
													} else {
														_t894 =  *(( *_t966 ^ _t966 >> 0x00000003 ^  *0x16a81dc ^ _t754) + 0x10) & 0x0000ffff;
														_t966 =  *(_t978 + 0x14);
														_t789 =  *(_t978 - 0xa4);
													}
													_t508 = _t894 * 8; // -4
													 *( *(_t978 - 0x60)) = 0x3f;
													 *(_t966 + _t508 - 4) = _t636;
													_t942 =  *(_t978 - 0x2c);
													_t892 =  *(_t978 - 0x60);
												} else {
													 *_t892 = _t636;
													_t754 =  *(_t978 - 0x20);
												}
												_t194 = _t966 + 3; // 0x3
												_t637 = _t194;
												 *(_t978 - 0x2c) = _t637;
												 *_t637 = 0;
												__eflags = _t789;
												if(_t789 == 0) {
													L86:
													_t203 = _t966 + 8; // 0x8
													_t580 = _t203;
													 *(_t978 - 0x30) = _t203;
													__eflags =  *(_t978 - 0x44);
													if( *(_t978 - 0x44) == 0) {
														__eflags =  *(_t978 - 0x3c) & 0x00000008;
														if(( *(_t978 - 0x3c) & 0x00000008) != 0) {
															 *(_t978 - 0x58) =  *(_t978 + 8);
														} else {
															__eflags =  *(_t754 + 0x40) & 0x00000040;
															if(( *(_t754 + 0x40) & 0x00000040) != 0) {
																E01605810(_t580,  *(_t978 + 8) & 0xfffffffc, 0xbaadf00d);
															}
														}
														__eflags =  *(_t754 + 0x40) & 0x00000020;
														if(( *(_t754 + 0x40) & 0x00000020) != 0) {
															asm("stosd");
															asm("stosd");
															 *( *(_t978 + 0x10)) =  *( *(_t978 + 0x10)) & 0x000000ff | 0x00000004;
														}
														 *( *(_t978 - 0x2c)) = 0;
														_t642 =  *(_t978 + 0x10);
														__eflags =  *_t642 & 0x00000002;
														if(( *_t642 & 0x00000002) != 0) {
															 *((intOrPtr*)(_t978 - 0x74)) = E015FEA3F(_t966);
															asm("stosd");
															asm("stosd");
															__eflags =  *(_t754 + 0x40) & 0x08000000;
															if(( *(_t754 + 0x40) & 0x08000000) != 0) {
																 *((short*)( *((intOrPtr*)(_t978 - 0x74)))) = E0168DDF8();
															}
															_t646 = E016271D3();
															__eflags = _t646 & 0x00000800;
															if((_t646 & 0x00000800) != 0) {
																 *((short*)( *((intOrPtr*)(_t978 - 0x74)) + 2)) = E01683B12(_t754,  *(_t978 - 0x3c) >> 0x00000012 & 0x00000fff, 0,  *_t966 & 0x0000ffff, 0);
															}
														} else {
															_t652 = E016271D3();
															__eflags = _t652 & 0x00000800;
															if((_t652 & 0x00000800) != 0) {
																 *( *(_t978 - 0x2c)) = E01683B12(_t754,  *(_t978 - 0x3c) >> 0x00000012 & 0x000000ff, 0,  *_t966 & 0x0000ffff, 0);
															}
														}
														_t580 = 0;
														__eflags =  *(_t754 + 0x4c);
														if( *(_t754 + 0x4c) != 0) {
															 *( *(_t978 - 0x2c)) =  *(_t966 + 1) & 0x000000ff ^  *_t966 & 0x000000ff ^  *( *(_t978 + 0x10)) & 0x000000ff;
															 *_t966 =  *_t966 ^  *(_t754 + 0x50);
															__eflags =  *_t966;
														}
														__eflags =  *(_t978 - 0x58) - _t580;
														if( *(_t978 - 0x58) != _t580) {
															_push( *(_t978 - 0x58));
															_push(_t580);
															L133:
															_push( *(_t978 - 0x30));
															_t580 = E01604EC0();
														}
														goto L92;
													}
													__eflags =  *(_t754 + 0x4c);
													if( *(_t754 + 0x4c) != 0) {
														 *( *(_t978 - 0x2c)) =  *(_t966 + 1) & 0x000000ff ^  *_t966 & 0x000000ff ^  *( *(_t978 + 0x10)) & 0x000000ff;
														_t580 =  *(_t754 + 0x50);
														 *_t966 =  *_t966 ^  *(_t754 + 0x50);
														__eflags =  *_t966;
													}
													__eflags =  *((char*)(_t978 - 0x21));
													if( *((char*)(_t978 - 0x21)) != 0) {
														_t580 = E016172D0( *((intOrPtr*)(_t754 + 0xcc)));
														 *((char*)(_t978 - 0x21)) = 0;
													}
													__eflags =  *(_t978 - 0x3c) & 0x00000008;
													if(( *(_t978 - 0x3c) & 0x00000008) != 0) {
														_push( *(_t978 + 8));
														_push(0);
														goto L133;
													} else {
														goto L92;
													}
												} else {
													__eflags = _t789 - 1;
													if(_t789 == 1) {
														_t416 = ( *_t966 & 0x0000ffff) + 1; // 0x4
														_t806 = _t416;
														 *_t966 = _t806;
														_t665 =  *(_t978 + 0xc) -  *(_t978 + 8) + 8;
														 *(_t978 - 0xa0) = _t665;
														__eflags = _t665 - 0x3f;
														if(_t665 >= 0x3f) {
															__eflags =  *_t892 & 0x00000080;
															if(( *_t892 & 0x00000080) == 0) {
																__eflags =  *(_t754 + 0x4c);
																if( *(_t754 + 0x4c) == 0) {
																	_t807 = _t806 & 0x0000ffff;
																	L293:
																	_t525 = (_t807 & 0x0000ffff) * 8; // -4
																	 *_t892 = 0x3f;
																	 *(_t966 + _t525 - 4) = _t665;
																	goto L86;
																}
																_t967 =  *_t966;
																 *(_t978 - 0x88) = _t967;
																__eflags =  *(_t754 + 0x4c) & _t967;
																if(( *(_t754 + 0x4c) & _t967) != 0) {
																	_t967 = _t967 ^  *(_t754 + 0x50);
																	__eflags = _t967;
																	 *(_t978 - 0x88) = _t967;
																}
																_t807 = _t967 & 0x0000ffff;
																L291:
																_t966 =  *(_t978 + 0x14);
																goto L293;
															}
															_t807 =  *(( *_t966 ^ _t966 >> 0x00000003 ^  *0x16a81dc ^ _t754) + 0x10);
															goto L291;
														}
														 *_t892 = _t665;
														goto L86;
													}
													_t666 =  *((intOrPtr*)(_t966 + 6));
													__eflags = _t666;
													if(_t666 != 0) {
														_t904 = (_t966 & 0xffff0000) - _t666 + 0x10000;
													} else {
														_t904 = _t754;
													}
													__eflags =  *(_t978 - 0x44);
													__eflags = E0162645A(_t754, _t904, _t966 + _t942 * 8,  *(_t978 - 0xa0), (_t666 & 0xffffff00 |  *(_t978 - 0x44) == 0x00000000) & 0x000000ff, _t942, _t789);
													if(__eflags == 0) {
														_t672 = 0xc000003c;
														goto L249;
													} else {
														goto L86;
													}
												}
											}
											_t948 =  *_t966 & 0x0000ffff;
											while(1) {
												 *(_t978 - 0xbc) = _t629;
												_t819 =  *(_t629 + 4);
												__eflags = _t948 - _t819;
												if(_t948 < _t819) {
													break;
												}
												_t911 =  *_t629;
												__eflags = _t911;
												if(_t911 == 0) {
													 *(_t978 - 0x7c) = _t819 - 1;
													L188:
													_t821 =  *(_t978 - 0x7c) -  *((intOrPtr*)(_t629 + 0x14));
													 *(_t978 + 0x10) = _t821;
													__eflags =  *(_t629 + 8);
													if( *(_t629 + 8) != 0) {
														_t821 = _t821 + _t821;
														__eflags = _t821;
													}
													_t941 = _t821 << 2;
													_t905 = _t941 +  *((intOrPtr*)(_t629 + 0x20));
													 *(_t978 - 0x38) =  *_t905;
													 *((intOrPtr*)(_t629 + 0xc)) =  *((intOrPtr*)(_t629 + 0xc)) - 1;
													__eflags =  *(_t978 - 0x7c) -  *(_t629 + 4) - 1;
													if( *(_t978 - 0x7c) ==  *(_t629 + 4) - 1) {
														_t391 = _t629 + 0x10;
														 *_t391 =  *(_t629 + 0x10) - 1;
														__eflags =  *_t391;
													}
													__eflags =  *(_t978 - 0x38) - _t966 + 8;
													if( *(_t978 - 0x38) != _t966 + 8) {
														goto L77;
													} else {
														 *(_t978 - 0x50) =  *(_t629 + 4);
														__eflags =  *_t629;
														if( *_t629 == 0) {
															_t397 = _t978 - 0x50;
															 *_t397 =  *(_t978 - 0x50) - 1;
															__eflags =  *_t397;
														}
														__eflags =  *(_t978 - 0x7c) -  *(_t978 - 0x50);
														if( *(_t978 - 0x7c) >=  *(_t978 - 0x50)) {
															L174:
															_t829 =  *(_t966 + 8);
															__eflags = _t829 -  *((intOrPtr*)(_t629 + 0x18));
															if(_t829 !=  *((intOrPtr*)(_t629 + 0x18))) {
																 *_t905 = _t829;
																goto L77;
															}
															 *_t905 =  *_t905 & 0x00000000;
															goto L76;
														} else {
															_t910 =  *(_t966 + 8);
															__eflags = _t910 -  *((intOrPtr*)(_t629 + 0x18));
															if(_t910 ==  *((intOrPtr*)(_t629 + 0x18))) {
																L75:
																_t832 =  *((intOrPtr*)(_t629 + 0x20));
																_t170 = _t941 + _t832;
																 *_t170 =  *(_t941 + _t832) & 0x00000000;
																__eflags =  *_t170;
																L76:
																_t830 =  *(_t978 + 0x10);
																_t941 = _t830 >> 5;
																_t690 =  *((intOrPtr*)(_t629 + 0x1c)) + (_t830 >> 5) * 4;
																 *_t690 =  *_t690 &  !(1 << (_t830 & 0x0000001f));
																__eflags =  *_t690;
																goto L77;
															}
															_t756 =  *(_t978 - 0x20);
															__eflags =  *(_t756 + 0x4c);
															if( *(_t756 + 0x4c) == 0) {
																L239:
																_t833 =  *(_t910 - 8) & 0x0000ffff;
																goto L74;
															} else {
																_t835 =  *(_t910 - 8);
																 *(_t978 - 0x80) = _t835;
																__eflags =  *(_t756 + 0x4c) & _t835;
																if(( *(_t756 + 0x4c) & _t835) != 0) {
																	_t835 = _t835 ^  *(_t756 + 0x50);
																	 *(_t978 - 0x80) = _t835;
																}
																L73:
																_t833 = _t835 & 0x0000ffff;
																_t966 =  *(_t978 + 0x14);
																L74:
																_t753 = ( *_t966 & 0x0000ffff) == (_t833 & 0x0000ffff);
																__eflags = ( *_t966 & 0x0000ffff) == (_t833 & 0x0000ffff);
																if(( *_t966 & 0x0000ffff) == (_t833 & 0x0000ffff)) {
																	 *(_t941 +  *((intOrPtr*)(_t629 + 0x20))) = _t910;
																	goto L77;
																}
																goto L75;
															}
															goto L198;
														}
													}
												}
												_t629 = _t911;
											}
											 *(_t978 - 0x7c) = _t948;
											goto L188;
										}
										_t966 = _t960 + 0xfffffff8;
										 *(_t978 + 0x14) = _t966;
										_t692 =  *(_t978 - 0x20);
										__eflags =  *(_t692 + 0x4c);
										if( *(_t692 + 0x4c) != 0) {
											 *_t966 =  *_t966 ^  *(_t692 + 0x50);
											_t783 =  *(_t966 + 2) ^  *(_t966 + 1) ^  *_t966;
											__eflags =  *(_t966 + 3) - ( *(_t966 + 2) ^  *(_t966 + 1) ^  *_t966);
											if(__eflags != 0) {
												_push(0);
												_push(_t966);
												_push(_t692);
												E01694BBA(_t753, _t940, _t966, __eflags);
												_t692 =  *(_t978 - 0x20);
											}
										}
										_t753 =  *_t966 & 0x0000ffff;
										__eflags = _t753 -  *(_t978 - 0x2c);
										if(_t753 <  *(_t978 - 0x2c)) {
											__eflags =  *(_t692 + 0x4c);
											if( *(_t692 + 0x4c) != 0) {
												_t888 =  *_t966 & 0x000000ff;
												_t783 =  *(_t966 + 2) & 0x000000ff ^  *(_t966 + 1) & 0x000000ff ^  *_t966 & 0x000000ff;
												 *(_t966 + 3) =  *(_t966 + 2) & 0x000000ff ^  *(_t966 + 1) & 0x000000ff ^  *_t966 & 0x000000ff;
												 *_t966 =  *_t966 ^  *(_t692 + 0x50);
											}
											goto L198;
										} else {
											_t785 = _t966 + 8;
											_t951 =  *_t785;
											 *((intOrPtr*)(_t978 - 0x48)) = _t951;
											_t913 =  *((intOrPtr*)(_t966 + 0xc));
											 *((intOrPtr*)(_t978 - 0x68)) = _t913;
											_t890 =  *_t913;
											_t941 =  *(_t951 + 4);
											__eflags = _t890 - _t941;
											if(__eflags != 0) {
												L240:
												_push(0);
												_push(_t890);
												_push(_t941);
												_push(_t785);
												_push( *(_t978 - 0x20));
												goto L262;
											}
											__eflags = _t890 - _t785;
											if(__eflags != 0) {
												goto L240;
											}
											 *((intOrPtr*)(_t692 + 0x78)) =  *((intOrPtr*)(_t692 + 0x78)) - _t753;
											_t629 =  *(_t692 + 0xb8);
											__eflags = _t629;
											if(_t629 == 0) {
												goto L77;
											}
											_t952 =  *_t966 & 0x0000ffff;
											while(1) {
												 *(_t978 - 0xb4) = _t629;
												_t839 =  *(_t629 + 4);
												__eflags = _t952 - _t839;
												if(_t952 < _t839) {
													break;
												}
												_t914 =  *_t629;
												__eflags = _t914;
												if(_t914 == 0) {
													 *(_t978 - 0x8c) = _t839 - 1;
													L62:
													_t841 =  *(_t978 - 0x8c) -  *((intOrPtr*)(_t629 + 0x14));
													 *(_t978 + 0x10) = _t841;
													__eflags =  *(_t629 + 8);
													if( *(_t629 + 8) != 0) {
														_t841 = _t841 + _t841;
														__eflags = _t841;
													}
													_t941 = _t841 << 2;
													_t905 = _t941 +  *((intOrPtr*)(_t629 + 0x20));
													 *(_t978 - 0x38) =  *_t905;
													 *((intOrPtr*)(_t629 + 0xc)) =  *((intOrPtr*)(_t629 + 0xc)) - 1;
													__eflags =  *(_t978 - 0x8c) -  *(_t629 + 4) - 1;
													if( *(_t978 - 0x8c) ==  *(_t629 + 4) - 1) {
														 *(_t629 + 0x10) =  *(_t629 + 0x10) - 1;
													}
													__eflags =  *(_t978 - 0x38) - _t966 + 8;
													if( *(_t978 - 0x38) != _t966 + 8) {
														goto L77;
													} else {
														 *(_t978 - 0x54) =  *(_t629 + 4);
														__eflags =  *_t629;
														if( *_t629 == 0) {
															_t153 = _t978 - 0x54;
															 *_t153 =  *(_t978 - 0x54) - 1;
															__eflags =  *_t153;
														}
														__eflags =  *(_t978 - 0x8c) -  *(_t978 - 0x54);
														if( *(_t978 - 0x8c) >=  *(_t978 - 0x54)) {
															goto L174;
														} else {
															_t910 =  *(_t966 + 8);
															__eflags = _t910 -  *((intOrPtr*)(_t629 + 0x18));
															if(_t910 ==  *((intOrPtr*)(_t629 + 0x18))) {
																goto L75;
															}
															_t758 =  *(_t978 - 0x20);
															__eflags =  *(_t758 + 0x4c);
															if( *(_t758 + 0x4c) == 0) {
																goto L239;
															}
															_t835 =  *(_t910 - 8);
															 *(_t978 - 0x64) = _t835;
															__eflags =  *(_t758 + 0x4c) & _t835;
															if(( *(_t758 + 0x4c) & _t835) != 0) {
																_t835 = _t835 ^  *(_t758 + 0x50);
																__eflags = _t835;
																 *(_t978 - 0x64) = _t835;
															}
															goto L73;
														}
													}
												}
												_t629 = _t914;
											}
											 *(_t978 - 0x8c) = _t952;
											goto L62;
										}
									}
									_t961 =  *(_t753 + 0x4c);
									__eflags = _t961;
									if(_t961 == 0) {
										_t695 =  *(_t626 - 8) & 0x0000ffff;
									} else {
										_t724 =  *(_t626 - 8);
										 *(_t978 - 0x4c) = _t724;
										_t961 =  *(_t753 + 0x4c);
										__eflags = _t724 & _t961;
										if((_t724 & _t961) != 0) {
											_t724 = _t724 ^  *(_t753 + 0x50);
											__eflags = _t724;
											 *(_t978 - 0x4c) = _t724;
										}
										_t695 = _t724 & 0x0000ffff;
									}
									_t888 =  *(_t978 - 0x2c) - (_t695 & 0x0000ffff);
									__eflags =  *(_t978 - 0x2c) - (_t695 & 0x0000ffff);
									if( *(_t978 - 0x2c) - (_t695 & 0x0000ffff) > 0) {
										_t697 =  *(_t978 + 0x10);
										goto L123;
									} else {
										_t888 =  *(_t978 + 0x10);
										_t699 =  *_t888 - 8;
										__eflags = _t961;
										if(_t961 == 0) {
											_t700 =  *_t699 & 0x0000ffff;
										} else {
											_t723 =  *_t699;
											 *(_t978 - 0x6c) = _t723;
											_t961 =  *(_t753 + 0x4c);
											__eflags = _t723 & _t961;
											if((_t723 & _t961) != 0) {
												_t723 = _t723 ^  *(_t753 + 0x50);
												__eflags = _t723;
												 *(_t978 - 0x6c) = _t723;
											}
											_t700 = _t723 & 0x0000ffff;
										}
										_t753 =  *(_t978 - 0x2c) - (_t700 & 0x0000ffff);
										__eflags =  *(_t978 - 0x2c) - (_t700 & 0x0000ffff);
										if( *(_t978 - 0x2c) - (_t700 & 0x0000ffff) <= 0) {
											_t697 =  *_t888;
											goto L123;
										} else {
											__eflags =  *_t940;
											if( *_t940 != 0) {
												L110:
												_t963 = _t783 >> 5;
												_t888 = ( *((intOrPtr*)(_t940 + 4)) -  *(_t940 + 0x14) >> 5) - 1;
												_t753 =  *((intOrPtr*)(_t940 + 0x1c)) + _t963 * 4;
												_t708 =  !((1 << _t783) - 1) &  *_t753;
												while(1) {
													 *(_t978 - 0xac) = _t753;
													 *(_t978 - 0x98) = _t963;
													__eflags = _t708;
													if(_t708 != 0) {
														break;
													}
													__eflags = _t963 - _t888;
													if(_t963 > _t888) {
														__eflags = _t708;
														if(_t708 != 0) {
															break;
														}
														 *(_t978 - 0x34) =  *(_t978 - 0x34) & 0x00000000;
														goto L111;
													}
													_t753 = _t753 + 4;
													_t708 =  *_t753;
													_t963 = _t963 + 1;
												}
												__eflags = _t708 & 0x0000ffff;
												if((_t708 & 0x0000ffff) != 0) {
													_t888 = _t708 & 0x000000ff;
													__eflags = _t888;
													if(_t888 != 0) {
														_t353 = _t888 + 0x1625818; // 0x10008
														_t709 =  *_t353 & 0x000000ff;
													} else {
														_t290 = (_t708 >> 0x00000008 & 0x000000ff) + 0x1625818; // 0x10008
														_t709 = ( *_t290 & 0x000000ff) + 8;
													}
												} else {
													_t857 = _t708 >> 0x00000010 & 0x000000ff;
													__eflags = _t857;
													if(_t857 != 0) {
														_t291 = _t857 + 0x1625818; // 0x10008
														_t709 = ( *_t291 & 0x000000ff) + 0x10;
													} else {
														_t277 = (_t708 >> 0x18) + 0x1625818; // 0x10008
														_t709 = ( *_t277 & 0x000000ff) + 0x18;
														__eflags = _t709;
													}
												}
												_t965 = (_t963 << 5) + _t709;
												 *(_t978 - 0x98) = _t965;
												__eflags =  *(_t940 + 8);
												_t710 = _t965 + _t965;
												if( *(_t940 + 8) == 0) {
													_t710 = _t965;
												}
												_t783 =  *(_t940 + 0x20);
												_t697 =  *( *(_t940 + 0x20) + _t710 * 4);
												L123:
												 *(_t978 - 0x34) = _t697;
												goto L111;
											}
											__eflags =  *(_t978 - 0x84) -  *((intOrPtr*)(_t940 + 4)) - 1;
											if( *(_t978 - 0x84) ==  *((intOrPtr*)(_t940 + 4)) - 1) {
												__eflags =  *(_t940 + 8);
												_t719 = _t783 + _t783;
												if( *(_t940 + 8) == 0) {
													_t719 = _t783;
												}
												_t783 =  *( *(_t940 + 0x20) + _t719 * 4);
												while(1) {
													 *(_t978 - 0x94) = _t783;
													__eflags = _t888 - _t783;
													if(_t888 == _t783) {
														goto L111;
													}
													__eflags = _t961;
													if(_t961 == 0) {
														_t720 =  *(_t783 - 8) & 0x0000ffff;
													} else {
														_t722 =  *(_t783 - 8);
														 *(_t978 - 0xa8) = _t722;
														_t921 =  *(_t978 - 0x20);
														_t961 =  *(_t921 + 0x4c);
														__eflags = _t722 & _t961;
														if((_t722 & _t961) != 0) {
															_t722 = _t722 ^  *(_t921 + 0x50);
															__eflags = _t722;
															 *(_t978 - 0xa8) = _t722;
														}
														_t720 = _t722 & 0x0000ffff;
													}
													_t888 =  *(_t978 - 0x2c) - (_t720 & 0x0000ffff);
													__eflags =  *(_t978 - 0x2c) - (_t720 & 0x0000ffff);
													if( *(_t978 - 0x2c) - (_t720 & 0x0000ffff) > 0) {
														_t783 =  *_t783;
														_t888 =  *(_t978 + 0x10);
														continue;
													} else {
														 *(_t978 - 0x34) = _t783;
														goto L111;
													}
												}
												goto L111;
											}
											goto L110;
										}
									}
								}
								_t940 = _t781;
							}
							 *(_t978 - 0x84) = _t780;
							goto L97;
						}
						_t725 =  *(_t957 + 4);
						__eflags = _t725 & 0x00000001;
						if((_t725 & 0x00000001) != 0) {
							goto L60;
						}
						_t726 = _t725 + 0x10002;
						 *(_t957 + 4) = _t726;
						__eflags =  *((intOrPtr*)(_t978 - 0x70)) - _t939;
						if( *((intOrPtr*)(_t978 - 0x70)) != _t939) {
							L209:
							_t922 =  *(_t978 + 8);
							__eflags =  *(_t978 + 8) - _t939;
							if( *(_t978 + 8) == _t939) {
								_t922 = 1;
								__eflags = 1;
							}
							__eflags =  *((char*)(_t753 + 0xda)) - 2;
							if( *((char*)(_t753 + 0xda)) != 2) {
								_t859 = 0;
							} else {
								_t859 =  *((intOrPtr*)(_t753 + 0xd4));
							}
							_t727 = E01634736(_t859, _t922);
							__eflags = _t727 - _t939;
							if(_t727 == _t939) {
								__eflags =  *((intOrPtr*)(_t978 - 0x70)) - _t939;
								if( *((intOrPtr*)(_t978 - 0x70)) != _t939) {
									L218:
									__eflags =  *((char*)(_t753 + 0xda)) - 2;
									if( *((char*)(_t753 + 0xda)) == 2) {
										_t728 =  *((intOrPtr*)(_t753 + 0xd4));
									} else {
										_t728 = 0;
										__eflags = 0;
									}
									__eflags = _t728 - _t939;
									if(_t728 == _t939) {
										 *(_t753 + 0x48) =  *(_t753 + 0x48) | 0x20000000;
									}
									goto L59;
								}
								__eflags =  *(_t957 + 4) - 0x20;
								if( *(_t957 + 4) <= 0x20) {
									goto L59;
								}
								goto L218;
							} else {
								 *(_t957 + 4) = _t727 + 1;
								L59:
								_t729 =  *_t957;
								__eflags = _t729 - _t939;
								if(_t729 != _t939) {
									_t292 = _t729 - 8; // -8
									_t966 = _t292;
									 *(_t978 + 0x14) = _t966;
									_t942 = 0;
									__eflags =  *(_t753 + 0x4c);
									if( *(_t753 + 0x4c) != 0) {
										 *_t966 =  *_t966 ^  *(_t753 + 0x50);
										__eflags =  *(_t966 + 3) - ( *(_t966 + 2) ^  *(_t966 + 1) ^  *_t966);
										if(__eflags != 0) {
											_push(0);
											_push(_t966);
											_push(_t753);
											E01694BBA(_t753, 0, _t966, __eflags);
										}
									}
									_t299 = _t966 + 8; // 0x0
									_t730 = _t299;
									_t923 =  *_t730;
									 *((intOrPtr*)(_t978 - 0x68)) = _t923;
									_t860 =  *((intOrPtr*)(_t966 + 0xc));
									 *((intOrPtr*)(_t978 - 0x48)) = _t860;
									_t861 =  *_t860;
									_t924 =  *((intOrPtr*)(_t923 + 4));
									__eflags = _t861 - _t924;
									if(__eflags != 0) {
										L256:
										_push(_t942);
										_push(_t861);
										_push(_t924);
										_push(_t730);
										_push(_t753);
										_push(0xc);
										E01694B0C(_t753, _t861, _t924, _t942, _t966, __eflags);
										goto L257;
									} else {
										__eflags = _t861 - _t730;
										if(__eflags != 0) {
											goto L256;
										}
										 *((intOrPtr*)(_t753 + 0x78)) =  *((intOrPtr*)(_t753 + 0x78)) - ( *_t966 & 0x0000ffff);
										_t572 =  *(_t753 + 0xb8);
										__eflags = _t572 - _t942;
										if(_t572 == _t942) {
											L165:
											_t733 =  *((intOrPtr*)(_t978 - 0x68));
											_t862 =  *((intOrPtr*)(_t978 - 0x48));
											 *_t862 = _t733;
											 *((intOrPtr*)(_t733 + 4)) = _t862;
											_t349 = _t966 + 2; // -6
											_t734 = _t349;
											 *(_t978 + 0x10) = _t734;
											if(( *_t734 & 0x00000008) == 0) {
												goto L78;
											}
											_t735 = E015FC30D(_t753, _t966);
											_t994 = _t735;
											if(_t735 != 0) {
												goto L78;
											}
											E015FE4D7(_t753, _t942, _t753, _t966,  *_t966 & 0x0000ffff, 1);
											L257:
											_t672 = 0xc0000017;
											goto L249;
										}
										_t942 =  *_t966 & 0x0000ffff;
										while(1) {
											 *(_t978 - 0xb8) = _t572;
											_t864 =  *((intOrPtr*)(_t572 + 4));
											__eflags = _t942 - _t864;
											if(_t942 < _t864) {
												break;
											}
											_t926 =  *_t572;
											__eflags = _t926;
											if(_t926 == 0) {
												 *(_t978 - 0x40) = _t864 - 1;
												L151:
												_t867 =  *(_t978 - 0x40) -  *((intOrPtr*)(_t572 + 0x14));
												 *(_t978 - 0x60) = _t867;
												__eflags =  *(_t572 + 8);
												if( *(_t572 + 8) != 0) {
													_t867 = _t867 + _t867;
													__eflags = _t867;
												}
												_t928 = _t867 << 2;
												 *(_t978 + 0x10) = _t928;
												_t884 = _t928 +  *((intOrPtr*)(_t572 + 0x20));
												 *((intOrPtr*)(_t978 - 0x74)) =  *_t884;
												 *((intOrPtr*)(_t572 + 0xc)) =  *((intOrPtr*)(_t572 + 0xc)) - 1;
												__eflags =  *(_t978 - 0x40) -  *((intOrPtr*)(_t572 + 4)) - 1;
												if( *(_t978 - 0x40) ==  *((intOrPtr*)(_t572 + 4)) - 1) {
													 *((intOrPtr*)(_t572 + 0x10)) =  *((intOrPtr*)(_t572 + 0x10)) - 1;
												}
												_t321 = _t966 + 8; // 0x0
												if( *((intOrPtr*)(_t978 - 0x74)) != _t321) {
													goto L165;
												} else {
													 *((intOrPtr*)(_t978 - 0x5c)) =  *((intOrPtr*)(_t572 + 4));
													if( *_t572 == 0) {
														 *((intOrPtr*)(_t978 - 0x5c)) =  *((intOrPtr*)(_t978 - 0x5c)) - 1;
													}
													if( *(_t978 - 0x40) >=  *((intOrPtr*)(_t978 - 0x5c))) {
														_t875 =  *(_t966 + 8);
														__eflags = _t875 -  *((intOrPtr*)(_t572 + 0x18));
														if(_t875 ==  *((intOrPtr*)(_t572 + 0x18))) {
															 *_t884 =  *_t884 & 0x00000000;
															goto L164;
														}
														 *_t884 = _t875;
														goto L165;
													} else {
														_t933 =  *(_t966 + 8);
														if(_t933 ==  *((intOrPtr*)(_t572 + 0x18))) {
															L163:
															 *( *(_t978 + 0x10) +  *((intOrPtr*)(_t572 + 0x20))) =  *( *(_t978 + 0x10) +  *((intOrPtr*)(_t572 + 0x20))) & 0x00000000;
															L164:
															_t876 =  *(_t978 - 0x60);
															_t942 = _t876 >> 5;
															 *( *((intOrPtr*)(_t572 + 0x1c)) + (_t876 >> 5) * 4) =  *( *((intOrPtr*)(_t572 + 0x1c)) + (_t876 >> 5) * 4) &  !(1 << (_t876 & 0x0000001f));
															goto L165;
														}
														if( *(_t753 + 0x4c) == 0) {
															_t879 =  *(_t933 - 8) & 0x0000ffff;
														} else {
															_t882 =  *(_t933 - 8);
															 *(_t978 - 0x78) = _t882;
															if(( *(_t753 + 0x4c) & _t882) != 0) {
																_t882 = _t882 ^  *(_t753 + 0x50);
																 *(_t978 - 0x78) = _t882;
															}
															_t879 = _t882 & 0x0000ffff;
															_t966 =  *(_t978 + 0x14);
														}
														_t942 = ( *_t966 & 0x0000ffff) == (_t879 & 0x0000ffff);
														if(( *_t966 & 0x0000ffff) == (_t879 & 0x0000ffff)) {
															 *( *(_t978 + 0x10) +  *((intOrPtr*)(_t572 + 0x20))) = _t933;
															goto L165;
														} else {
															goto L163;
														}
													}
												}
											}
											_t572 = _t926;
										}
										 *(_t978 - 0x40) = _t942;
										goto L151;
									}
								}
								goto L60;
							}
						}
						__eflags = _t726 - 0x20;
						if(_t726 > 0x20) {
							goto L209;
						}
						__eflags = _t726 - 0x10000000;
						if(_t726 > 0x10000000) {
							goto L209;
						}
						goto L59;
					} else {
						_t942 = _t753 + 0xcc;
						_t747 = E01622ED4(__eflags,  *(_t753 + 0xcc));
						__eflags = _t747;
						if(_t747 == 0) {
							__eflags = E01635DD8();
							if(__eflags != 0) {
								_t672 = 0xc0000194;
								L249:
								 *((intOrPtr*)( *[fs:0x18] + 0xbf4)) = _t672;
								_t972 =  *[fs:0x18];
								_push(_t672);
								 *((intOrPtr*)(_t972 + 0x34)) = E016238B5(_t754, _t942, _t972, _t994);
								L92:
								 *(_t978 - 4) = 0xfffffffe;
								E01625C4B(_t580, _t754);
								if( *0x7ffe0386 != 0) {
									_t586 =  *(_t978 - 0x30);
									__eflags = _t586;
									if(_t586 != 0) {
										__eflags =  *(_t978 - 0x28);
										if( *(_t978 - 0x28) != 0) {
											E01694522(_t754, _t586 + 0xffffffe0,  *(_t978 + 0xc));
										}
									}
								}
								_t574 =  *(_t978 - 0x30);
								L94:
								return E01622869(_t574);
							}
							 *((intOrPtr*)(_t978 - 0x70)) = 1;
							E01617310(__eflags,  *_t942);
							E0162ED2C(_t753, 1);
							L51:
							__eflags =  *(_t753 + 0x48) & 0x60000000;
							if(( *(_t753 + 0x48) & 0x60000000) != 0) {
								E01636A94(_t753, _t942, _t753);
							}
							 *((char*)(_t978 - 0x21)) = 1;
							_t939 = 0;
							__eflags = 0;
							goto L53;
						}
						_t121 = _t753 + 0xfc;
						 *_t121 =  *(_t753 + 0xfc) + 1;
						__eflags =  *_t121;
						goto L51;
					}
				}
			}

0x0162595c
0x0162595c
0x0162595c
0x01625961
0x01625966
0x0162596b
0x0162596e
0x01625970
0x01625975
0x01625976
0x01625979
0x0162597d
0x0162597f
0x01625982
0x01625985
0x01625988
0x01625991
0x015fe73b
0x015fe73b
0x015fe741
0x015fe747
0x015fe74e
0x0165a10a
0x00000000
0x0165a10a
0x015fe754
0x015fe75a
0x0165a111
0x0165a117
0x00000000
0x00000000
0x0165a122
0x00000000
0x0165a122
0x015fe760
0x015fe760
0x015fe763
0x015fe765
0x015fe765
0x015fe770
0x015fe776
0x015fe781
0x015fe784
0x015fe787
0x015fe78d
0x015fe797
0x015fe79a
0x015fe79d
0x015fe79d
0x015fe7a0
0x015fe7a3
0x015fe7a6
0x015fe7a9
0x00000000
0x015fe7a9
0x015fe78f
0x015fe795
0x00000000
0x00000000
0x00000000
0x01625997
0x01625997
0x0162599e
0x00000000
0x00000000
0x016259a4
0x016259a7
0x016259a9
0x016268af
0x016268b2
0x0164a333
0x0164a335
0x016268b8
0x016268b8
0x016268b8
0x016268bb
0x016268be
0x016268c1
0x016259af
0x016259af
0x016259af
0x016259b2
0x016259b6
0x016259b8
0x016259bb
0x016259be
0x016259c1
0x0165a0fb
0x0165a0fe
0x0165a0fe
0x016259c7
0x016259ca
0x016259d0
0x016259d0
0x016259d6
0x016259d8
0x016259d8
0x016259d8
0x016259d8
0x016259dc
0x016259df
0x016259e2
0x01625a12
0x01625a12
0x01625a15
0x01625a18
0x015f4a58
0x015f4a5c
0x0165a42a
0x0165a436
0x0165a43a
0x015f4a67
0x015f4a68
0x015f4a70
0x015f4a73
0x015f4a77
0x015f4a78
0x015f4a7a
0x015f4a7f
0x015f4a81
0x0165a516
0x00000000
0x015f4a87
0x015f4a87
0x015f4a8e
0x0165a44a
0x0165a44d
0x0165a454
0x0165a45f
0x0165a45f
0x0165a464
0x0165a46b
0x0165a47a
0x0165a481
0x0165a49d
0x0165a49d
0x0165a481
0x0165a46b
0x015f4a94
0x015f4a9b
0x0165a4bd
0x0165a4bd
0x015f4aaa
0x015f4ab7
0x015f4ac0
0x015f4ac9
0x015f4acf
0x015f4ad6
0x015f4adc
0x015f4ae3
0x0165a4cf
0x0165a4cf
0x015f4ae9
0x015f4aee
0x015f4af3
0x0165a4fa
0x0165a4fa
0x015f4af9
0x015f4afc
0x015f4aff
0x015f4b02
0x015f4b13
0x015f4b19
0x015f4b19
0x015f4b1b
0x015f4b1b
0x015f4b1e
0x015f4b24
0x015f4b27
0x015f4b29
0x015f4b2b
0x0165a505
0x0165a506
0x0165a507
0x0165a508
0x0165a509
0x0165a50a
0x0165a50c
0x015f4b31
0x015f4b31
0x015f4b33
0x015f4b36
0x015f4b38
0x015f4b38
0x015f4b3e
0x015f4b41
0x00000000
0x015f4b41
0x015f4a62
0x0164a383
0x0164a383
0x0165a521
0x0165a521
0x00000000
0x0165a521
0x015f4a5c
0x01625a1e
0x01625a20
0x01625a59
0x01625a5f
0x01625a62
0x01625c56
0x01625c56
0x01625c5c
0x01625c5f
0x01625c62
0x01625c64
0x00000000
0x00000000
0x0162689e
0x016268a0
0x016268a2
0x0162a1d1
0x01626804
0x01626804
0x01625c70
0x01625c70
0x01625c7c
0x01625c7f
0x01625c82
0x01625c85
0x01625c88
0x01625c8e
0x01625c90
0x0163cd90
0x01625d38
0x01625d38
0x01625d3b
0x01625d3d
0x01626f00
0x01626f02
0x01626f05
0x00000000
0x01626f05
0x01625d43
0x01625d46
0x0162f062
0x0162f065
0x0162f06e
0x0162f070
0x0162f073
0x0162f075
0x00000000
0x00000000
0x0162f07b
0x0162f07b
0x0162f07e
0x0162f080
0x0162f083
0x0162f086
0x0162f089
0x0162f08b
0x0162f08e
0x0162f090
0x0165a224
0x0165a224
0x0165a226
0x0165a227
0x0165a228
0x0165a229
0x0165a1d5
0x0165a1d5
0x0165a1d7
0x00000000
0x0165a1d7
0x0162f096
0x0162f098
0x00000000
0x00000000
0x0162f0a1
0x0162f0a4
0x0162f0aa
0x0162f0ac
0x01625b2a
0x01625b2a
0x01625b2d
0x01625b30
0x01625b32
0x01625b35
0x01625b35
0x01625b38
0x01625b3b
0x01625b3e
0x015fc3a8
0x015fc3ad
0x015fc3af
0x00000000
0x015fc3b5
0x0165a1cb
0x00000000
0x0165a1cb
0x015fc3af
0x01625b44
0x01625b44
0x01625b47
0x01625b49
0x01625b4f
0x01625b53
0x015fe7b1
0x015fe7b3
0x0165a22f
0x0165a236
0x0165a23c
0x0165a23e
0x0165a240
0x0165a243
0x0165a245
0x0165a245
0x0165a248
0x0165a248
0x0165a243
0x0165a254
0x0165a258
0x0165a25d
0x0165a260
0x0165a262
0x0165a26e
0x0165a271
0x0165a275
0x0165a297
0x0165a29c
0x0165a277
0x0165a28f
0x0165a294
0x0165a2a2
0x0165a2ac
0x0165a2b3
0x0165a2b8
0x0165a2bc
0x0165a2bc
0x0165a262
0x015fe7b3
0x01625b5c
0x01625b61
0x01625b64
0x01625b66
0x01625b6c
0x01625b72
0x01625b75
0x01625b78
0x01625b78
0x01625b7b
0x01625b7e
0x0165a2c6
0x0165a2c9
0x0165a2cc
0x0165a2cf
0x0165a2f4
0x0165a2f8
0x0165a31e
0x0165a2fa
0x0165a2fa
0x0165a2fc
0x0165a302
0x0165a305
0x0165a307
0x0165a307
0x0165a30a
0x0165a30a
0x0165a310
0x0165a313
0x0165a316
0x0165a316
0x0165a321
0x0165a2d1
0x0165a2e6
0x0165a2e9
0x0165a2ec
0x0165a2ec
0x0165a324
0x0165a32b
0x0165a32e
0x0165a330
0x0165a333
0x01625b84
0x01625b84
0x01625b86
0x01625b86
0x01625b89
0x01625b89
0x01625b8c
0x01625b8f
0x01625b92
0x01625b94
0x01625bd2
0x01625bd2
0x01625bd2
0x01625bd5
0x01625bd8
0x01625bdc
0x015fe7be
0x015fe7c2
0x015fe831
0x015fe7c4
0x015fe7c4
0x015fe7c8
0x0165a3a6
0x0165a3a6
0x015fe7c8
0x015fe7ce
0x015fe7d2
0x0165a3be
0x0165a3bf
0x0165a3c9
0x0165a3c9
0x015fe7db
0x015fe7de
0x015fe7e1
0x015fe7e4
0x015fea64
0x015fea69
0x015fea6a
0x015fea6b
0x015fea72
0x0165a3d8
0x0165a3d8
0x015fea78
0x015fea7d
0x015fea82
0x0165a3fd
0x0165a3fd
0x015fe7ea
0x015fe7ea
0x015fe7ef
0x015fe7f4
0x0165a423
0x0165a423
0x015fe7f4
0x015fe7fa
0x015fe7fc
0x015fe7ff
0x015fe815
0x015fe81a
0x015fe81a
0x015fe81a
0x015fe81c
0x015fe81f
0x015fe825
0x015fe828
0x0162680f
0x0162680f
0x01626812
0x01626817
0x00000000
0x015fe81f
0x01625be2
0x01625be6
0x01625bfc
0x01625bfe
0x01625c01
0x01625c01
0x01625c01
0x01625c03
0x01625c07
0x01625c0f
0x01625c14
0x01625c14
0x01625c18
0x01625c1c
0x0162681f
0x01626822
0x00000000
0x00000000
0x00000000
0x00000000
0x01625b96
0x01625b96
0x01625b99
0x01632f50
0x01632f50
0x01632f53
0x01632f5c
0x01632f5f
0x01632f65
0x01632f68
0x0165a33b
0x0165a33e
0x0165a357
0x0165a35b
0x0165a37b
0x0165a37e
0x0165a381
0x0165a385
0x0165a388
0x00000000
0x0165a388
0x0165a35d
0x0165a35f
0x0165a365
0x0165a368
0x0165a36a
0x0165a36a
0x0165a36d
0x0165a36d
0x0165a373
0x0165a376
0x0165a376
0x00000000
0x0165a376
0x0165a351
0x00000000
0x0165a351
0x01632f6e
0x00000000
0x01632f6e
0x01625b9f
0x01625ba2
0x01625ba4
0x01640516
0x01625baa
0x01625baa
0x01625baa
0x01625bae
0x01625bca
0x01625bcc
0x0165a38f
0x00000000
0x00000000
0x00000000
0x00000000
0x01625bcc
0x01625b94
0x0162f0b2
0x0162f0b5
0x0162f0b5
0x0162f0bb
0x0162f0be
0x0162f0c0
0x00000000
0x00000000
0x0162f0c6
0x0162f0c8
0x0162f0ca
0x01632f76
0x0162effb
0x0162effe
0x0162f001
0x0162f004
0x0162f008
0x0162f00a
0x0162f00a
0x0162f00a
0x0162f00e
0x0162f014
0x0162f019
0x0162f01c
0x0162f023
0x0162f026
0x0162f028
0x0162f028
0x0162f028
0x0162f028
0x0162f02e
0x0162f031
0x00000000
0x0162f037
0x0162f03a
0x0162f03d
0x0162f040
0x0162f042
0x0162f042
0x0162f042
0x0162f042
0x0162f048
0x0162f04b
0x016271a9
0x016271a9
0x016271ac
0x016271af
0x0163cc9d
0x00000000
0x0163cc9d
0x016271b5
0x00000000
0x0162f051
0x0162f051
0x0162f054
0x0162f057
0x01625b09
0x01625b09
0x01625b0c
0x01625b0c
0x01625b0c
0x01625b10
0x01625b10
0x01625b15
0x01625b23
0x01625b28
0x01625b28
0x00000000
0x01625b28
0x0165a1fd
0x0165a200
0x0165a204
0x0164a35e
0x0164a35e
0x00000000
0x0165a20a
0x0165a20a
0x0165a20d
0x0165a210
0x0165a213
0x0165a219
0x0165a21c
0x0165a21c
0x01625af5
0x01625af5
0x01625af8
0x01625afb
0x01625b01
0x01625b01
0x01625b03
0x0163e995
0x00000000
0x0163e995
0x00000000
0x01625b03
0x00000000
0x0165a204
0x0162f04b
0x0162f031
0x0162f0d0
0x0162f0d0
0x016348b4
0x00000000
0x016348b4
0x01625d4c
0x01625d4f
0x01625d52
0x01625d55
0x01625d59
0x01625d5e
0x01625d66
0x01625d68
0x01625d6b
0x0165a1b0
0x0165a1b2
0x0165a1b3
0x0165a1b4
0x0165a1b9
0x0165a1b9
0x01625d6b
0x01625d71
0x01625d74
0x01625d77
0x0164a374
0x0164a378
0x0165a1eb
0x0165a1ee
0x0165a1f0
0x0165a1f6
0x0165a1f6
0x00000000
0x01625d7d
0x01625d7d
0x01625d80
0x01625d82
0x01625d85
0x01625d88
0x01625d8b
0x01625d8d
0x01625d90
0x01625d92
0x0164a367
0x0164a367
0x0164a369
0x0164a36a
0x0164a36b
0x0164a36c
0x00000000
0x0164a36c
0x01625d98
0x01625d9a
0x00000000
0x00000000
0x01625da0
0x01625da3
0x01625da9
0x01625dab
0x00000000
0x00000000
0x01625db1
0x01625db4
0x01625db4
0x01625dba
0x01625dbd
0x01625dbf
0x00000000
0x00000000
0x01625dc5
0x01625dc7
0x01625dc9
0x0162719e
0x01625a73
0x01625a79
0x01625a7c
0x01625a7f
0x01625a83
0x01625a85
0x01625a85
0x01625a85
0x01625a89
0x01625a8f
0x01625a94
0x01625a97
0x01625a9e
0x01625aa4
0x01627195
0x01627195
0x01625aad
0x01625ab0
0x00000000
0x01625ab2
0x01625ab5
0x01625ab8
0x01625abb
0x01625abd
0x01625abd
0x01625abd
0x01625abd
0x01625ac3
0x01625ac9
0x00000000
0x01625acf
0x01625acf
0x01625ad2
0x01625ad5
0x00000000
0x00000000
0x01625ad7
0x01625ada
0x01625ade
0x00000000
0x00000000
0x01625ae4
0x01625ae7
0x01625aea
0x01625aed
0x01625aef
0x01625aef
0x01625af2
0x01625af2
0x00000000
0x01625aed
0x01625ac9
0x01625ab0
0x01625dcf
0x01625dcf
0x01625a6d
0x00000000
0x01625a6d
0x01625d77
0x01625c96
0x01625c99
0x01625c9b
0x0164a344
0x01625ca1
0x01625ca1
0x01625ca4
0x01625ca7
0x01625caa
0x01625cac
0x01625cae
0x01625cae
0x01625cb1
0x01625cb1
0x01625cb4
0x01625cb4
0x01625cbd
0x01625cbf
0x01625cc1
0x0162eff3
0x00000000
0x01625cc7
0x01625cc7
0x01625ccc
0x01625ccf
0x01625cd1
0x0164a34d
0x01625cd7
0x01625cd7
0x01625cd9
0x01625cdc
0x01625cdf
0x01625ce1
0x01625ce3
0x01625ce3
0x01625ce6
0x01625ce6
0x01625ce9
0x01625ce9
0x01625cf2
0x01625cf4
0x01625cf6
0x0162893a
0x00000000
0x01625cfc
0x01625cfc
0x01625cff
0x01625d11
0x01625d13
0x01625d1f
0x01625d23
0x01625d31
0x0162679b
0x0162679b
0x016267a1
0x016267a7
0x016267a9
0x00000000
0x00000000
0x016267ab
0x016267ad
0x01626eef
0x01626ef1
0x00000000
0x00000000
0x01626ef7
0x00000000
0x01626ef7
0x016267b3
0x016267b6
0x016267b8
0x016267b8
0x016267be
0x016267c0
0x016268d0
0x016268d0
0x016268d2
0x01626bf5
0x01626bf5
0x016268d8
0x016268dd
0x016268e4
0x016268e4
0x016267c6
0x016267cb
0x016267cb
0x016267d1
0x0162693f
0x01626946
0x016267d7
0x016267da
0x016267e1
0x016267e1
0x016267e1
0x016267d1
0x016267e7
0x016267e9
0x016267ef
0x016267f3
0x016267f6
0x0165a1a9
0x0165a1a9
0x016267fc
0x016267ff
0x01626793
0x01626793
0x00000000
0x01626793
0x01625d05
0x01625d0b
0x0162a484
0x0162a488
0x0162a48b
0x0165a1a2
0x0165a1a2
0x0162a494
0x0162a497
0x0162a497
0x0162a49d
0x0162a49f
0x00000000
0x00000000
0x0162a4a5
0x0162a4a7
0x0164a355
0x0162a4ad
0x0162a4ad
0x0162a4b0
0x0162a4b6
0x0162a4b9
0x0162a4bc
0x0162a4be
0x0162a4c0
0x0162a4c0
0x0162a4c3
0x0162a4c3
0x0162a4c9
0x0162a4c9
0x0162a4d2
0x0162a4d4
0x0162a4d6
0x01644817
0x01644819
0x00000000
0x0162a4dc
0x0162a4dc
0x00000000
0x0162a4dc
0x0162a4d6
0x00000000
0x0162a497
0x00000000
0x01625d0b
0x01625cf6
0x01625cc1
0x016268a8
0x016268a8
0x01625c6a
0x00000000
0x01625c6a
0x01625a22
0x01625a25
0x01625a27
0x00000000
0x00000000
0x01625a29
0x01625a2e
0x01625a31
0x01625a34
0x01634773
0x01634773
0x01634776
0x01634778
0x0163477c
0x0163477c
0x0163477c
0x0163477d
0x01634784
0x0163674d
0x0163478a
0x0163478a
0x0163478a
0x01634790
0x01634795
0x01634797
0x01636716
0x01636719
0x01636726
0x01636726
0x0163672d
0x01649982
0x01636733
0x01636733
0x01636733
0x01636733
0x01636735
0x01636737
0x0163673d
0x0163673d
0x00000000
0x01636737
0x0163671b
0x01636720
0x00000000
0x00000000
0x00000000
0x0163479d
0x0163479e
0x01625a4f
0x01625a4f
0x01625a51
0x01625a53
0x01626aa3
0x01626aa3
0x01626aa6
0x01626aa9
0x01626aab
0x01626aae
0x01626ab3
0x01626abd
0x01626ac0
0x0165a153
0x0165a154
0x0165a155
0x0165a156
0x0165a156
0x01626ac0
0x01626ac6
0x01626ac6
0x01626ac9
0x01626acb
0x01626ace
0x01626ad1
0x01626ad4
0x01626ad6
0x01626ad9
0x01626adb
0x0165a18f
0x0165a18f
0x0165a190
0x0165a191
0x0165a192
0x0165a193
0x0165a194
0x0165a196
0x00000000
0x01626ae1
0x01626ae1
0x01626ae3
0x00000000
0x00000000
0x01626aec
0x01626aef
0x01626af5
0x01626af7
0x01626bc5
0x01626bc5
0x01626bc8
0x01626bcb
0x01626bcd
0x01626bd0
0x01626bd0
0x01626bd3
0x01626bd9
0x00000000
0x00000000
0x01626be3
0x01626be8
0x01626bea
0x00000000
0x00000000
0x0165a171
0x0165a19b
0x0165a19b
0x00000000
0x0165a19b
0x01626afd
0x01626b00
0x01626b00
0x01626b06
0x01626b09
0x01626b0b
0x00000000
0x00000000
0x01640026
0x01640028
0x0164002a
0x0165a161
0x01626b14
0x01626b17
0x01626b1a
0x01626b1d
0x01626b21
0x01626b23
0x01626b23
0x01626b23
0x01626b27
0x01626b2a
0x01626b30
0x01626b34
0x01626b37
0x01626b3e
0x01626b41
0x015ef6f8
0x015ef6f8
0x01626b47
0x01626b4d
0x00000000
0x01626b4f
0x01626b52
0x01626b58
0x0163c27b
0x0163c27b
0x01626b64
0x0165a178
0x0165a17b
0x0165a17e
0x0165a187
0x00000000
0x0165a187
0x0165a180
0x00000000
0x01626b6a
0x01626b6a
0x01626b70
0x01626ba1
0x01626ba7
0x01626bab
0x01626bab
0x01626bb0
0x01626bc3
0x00000000
0x01626bc3
0x01626b76
0x0164a33b
0x01626b7c
0x01626b7c
0x01626b7f
0x01626b85
0x01626b87
0x01626b8a
0x01626b8a
0x01626b8d
0x01626b90
0x01626b90
0x01626b99
0x01626b9b
0x0164514b
0x00000000
0x00000000
0x00000000
0x00000000
0x01626b9b
0x01626b64
0x01626b4d
0x01640030
0x01640030
0x01626b11
0x00000000
0x01626b11
0x01626adb
0x00000000
0x01625a53
0x01634797
0x01625a3a
0x01625a3e
0x00000000
0x00000000
0x01625a44
0x01625a49
0x00000000
0x00000000
0x00000000
0x016259e4
0x016259e4
0x016259ec
0x016259f1
0x016259f3
0x015ffb5e
0x015ffb60
0x0165a12c
0x0165a131
0x0165a138
0x0165a13e
0x0165a145
0x0165a14b
0x01625c22
0x01625c22
0x01625c29
0x01625c35
0x0165a529
0x0165a52c
0x0165a52e
0x0165a534
0x0165a538
0x0165a546
0x0165a546
0x0165a538
0x0165a52e
0x01625c3b
0x01625c3e
0x01625c43
0x01625c43
0x015ffb66
0x015ffb6f
0x015ffb79
0x016259ff
0x016259ff
0x01625a06
0x01636a85
0x01636a85
0x01625a0c
0x01625a10
0x01625a10
0x00000000
0x01625a10
0x016259f9
0x016259f9
0x016259f9
0x00000000
0x016259f9
0x016259e2

Strings

HEAP: , xrefs: 0165A297
HEAP[%wZ]: , xrefs: 0165A28A
HEAP: Free Heap block %lx modified at %lx after it was freed, xrefs: 0165A2AE

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %lx modified at %lx after it was freed$HEAP[%wZ]:
API String ID: 0-2419525547
Opcode ID: 7cff33fb21c089e2c3912d025bf58f362aaf4b89f53142a2cd3caab5c30c9b8f
Instruction ID: f94ec8d5d7745dab18005b9b713bb21d4c1ea60078257fc2626ac2902528f682
Opcode Fuzzy Hash: 7cff33fb21c089e2c3912d025bf58f362aaf4b89f53142a2cd3caab5c30c9b8f
Instruction Fuzzy Hash: 0D928E70904665CFDB29CF68C880BA9BBF2FF49301F14859DE986AB396D774A841CF50

Uniqueness

Uniqueness Score: 100.00%

Function 01625DD8, Relevance: 4.6, Strings: 3, Instructions: 850
UNIQUECrypto

C-Code - Quality: 81%

			E01625DD8(signed int _a4, signed int _a8, signed int _a12, signed int _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v30;
				signed char _v32;
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* __ebp;
				intOrPtr _t388;
				signed short* _t389;
				signed short* _t391;
				signed int _t394;
				signed int _t395;
				signed char _t397;
				signed int _t399;
				signed int* _t400;
				signed int _t403;
				signed int _t421;
				signed int _t422;
				signed char _t423;
				signed int _t425;
				signed int _t427;
				signed int _t439;
				signed int _t452;
				signed char _t453;
				signed short* _t456;
				intOrPtr* _t460;
				signed short _t461;
				intOrPtr _t462;
				signed short _t463;
				intOrPtr* _t465;
				signed int _t468;
				signed int _t475;
				signed int _t477;
				intOrPtr _t484;
				signed int _t485;
				signed short _t489;
				signed short _t492;
				intOrPtr* _t493;
				signed int _t495;
				signed int _t499;
				signed int _t501;
				signed int _t507;
				signed int _t508;
				void* _t516;
				signed short _t517;
				void* _t518;
				signed short _t519;
				signed int _t521;
				signed int _t523;
				signed int* _t524;
				signed int _t536;
				signed int _t538;
				signed int* _t539;
				signed short _t553;
				signed short _t556;
				signed int _t557;
				signed int _t561;
				signed int _t563;
				void* _t566;

				_t456 = _a8;
				_t557 = _a4;
				_t559 = _t456 - ((_t456[2] & 0x0000ffff ^  *(_t557 + 0x54) & 0x0000ffff) << 3);
				if(_t456 - ((_t456[2] & 0x0000ffff ^  *(_t557 + 0x54) & 0x0000ffff) << 3) == _t456) {
					L11:
					__eflags =  *(_t557 + 0x4c);
					_t559 = _t456 +  *_a12 * 8;
					_a8 = _t559;
					if(__eflags == 0) {
						L13:
						while((( *(_t557 + 0x4c) >> 0x00000014 &  *(_t557 + 0x52) ^ _t559[1]) & 0x00000001) == 0) {
							if( *(_t557 + 0x4c) != 0) {
								 *_t559 =  *_t559 ^  *(_t557 + 0x50);
								if(_t559[1] != (_t559[0] ^  *_t559 ^ _t559[1])) {
									_push(0);
									_push(_t559);
									_push(_t557);
									E01694BBA(_t456, _t557, _t559, __eflags);
								}
							}
							if(_a16 != 0) {
								_t517 = _t456[6];
								_t389 =  &(_t456[4]);
								_t461 =  *_t389;
								_v20 = _t461;
								_t462 =  *((intOrPtr*)(_t461 + 4));
								_v16 = _t517;
								_t518 =  *_t517;
								__eflags = _t518 - _t462;
								if(__eflags != 0) {
									L179:
									_push(0);
									_push(_t518);
									_push(_t462);
									_push(_t389);
									_push(_t557);
									_push(0xc);
									E01694B0C(_t456, _t462, _t518, _t557, _t559, __eflags);
									L189:
									_a16 = 0;
									goto L17;
								}
								__eflags = _t518 - _t389;
								if(__eflags != 0) {
									goto L179;
								}
								 *(_t557 + 0x78) =  *(_t557 + 0x78) - ( *_t456 & 0x0000ffff);
								_t421 =  *(_t557 + 0xb8);
								__eflags = _t421;
								if(_t421 == 0) {
									L172:
									_t422 = _v20;
									_t493 = _v16;
									 *_t493 = _t422;
									 *((intOrPtr*)(_t422 + 4)) = _t493;
									__eflags = _t456[1] & 0x00000008;
									if((_t456[1] & 0x00000008) == 0) {
										L180:
										_t423 = _t456[1];
										__eflags = _t423 & 0x00000004;
										if(__eflags != 0) {
											_t495 = ( *_t456 & 0x0000ffff) * 8 - 0x10;
											_a16 = _t495;
											__eflags = _t423 & 0x00000002;
											if((_t423 & 0x00000002) != 0) {
												__eflags = _t495 - 4;
												if(_t495 > 4) {
													_t343 =  &_a16;
													 *_t343 = _a16 - 4;
													__eflags =  *_t343;
												}
											}
											_t425 = E01605770( &(_t456[8]), _a16, 0xfeeefeee);
											_a4 = _t425;
											__eflags = _t425 - _a16;
											if(__eflags != 0) {
												_t427 =  *( *[fs:0x18] + 0x30);
												__eflags =  *(_t427 + 0xc);
												if( *(_t427 + 0xc) == 0) {
													_push("HEAP: ");
													E015EF63B();
												} else {
													E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc)) + 0x2c);
												}
												_push( &(_t456[8]) + _a4);
												E015EF63B("HEAP: Free Heap block %lx modified at %lx after it was freed\n", _t456);
												_t566 = _t566 + 0xc;
												E016959C1(_t456);
											}
										}
										goto L189;
									}
									_t439 = E015FC30D(_t557, _t456);
									__eflags = _t439;
									if(_t439 != 0) {
										goto L180;
									}
									E015FE4D7(_t456, _t557, _t557, _t456,  *_t456 & 0x0000ffff, 1);
									goto L189;
								}
								_t499 =  *_t456 & 0x0000ffff;
								while(1) {
									__eflags = _t499 -  *(_t421 + 4);
									if(_t499 <  *(_t421 + 4)) {
										break;
									}
									_t536 =  *_t421;
									__eflags = _t536;
									if(_t536 == 0) {
										_t563 =  *(_t421 + 4) - 1;
										__eflags = _t563;
										_a16 = _t563;
										L155:
										_t501 = _t563 -  *((intOrPtr*)(_t421 + 0x14));
										__eflags =  *(_t421 + 8);
										_v12 = _t501;
										if( *(_t421 + 8) != 0) {
											_t501 = _t501 + _t501;
											__eflags = _t501;
										}
										_t538 = _t501 << 2;
										_a4 = _t538;
										_t539 = _t538 +  *((intOrPtr*)(_t421 + 0x20));
										 *((intOrPtr*)(_t421 + 0xc)) =  *((intOrPtr*)(_t421 + 0xc)) - 1;
										_v24 =  *_t539;
										__eflags = _t563 -  *(_t421 + 4) - 1;
										if(_t563 ==  *(_t421 + 4) - 1) {
											_t296 = _t421 + 0x10;
											 *_t296 =  *(_t421 + 0x10) - 1;
											__eflags =  *_t296;
										}
										__eflags = _v24 -  &(_t456[4]);
										if(_v24 !=  &(_t456[4])) {
											L171:
											_t559 = _a8;
											goto L172;
										} else {
											__eflags =  *_t421;
											_t507 =  *(_t421 + 4);
											if( *_t421 == 0) {
												_t507 = _t507 - 1;
												__eflags = _t507;
											}
											__eflags = _a16 - _t507;
											_t508 = _t456[4];
											if(_a16 >= _t507) {
												_t559 = _a8;
												__eflags = _t508 -  *((intOrPtr*)(_t421 + 0x18));
												if(_t508 ==  *((intOrPtr*)(_t421 + 0x18))) {
													 *_t539 =  *_t539 & 0x00000000;
													 *( *((intOrPtr*)(_t421 + 0x1c)) + (_v12 >> 5) * 4) =  *( *((intOrPtr*)(_t421 + 0x1c)) + (_v12 >> 5) * 4) &  !(1 << (_v12 & 0x0000001f));
												} else {
													 *_t539 = _t508;
												}
												goto L172;
											} else {
												__eflags = _t508 -  *((intOrPtr*)(_t421 + 0x18));
												if(_t508 ==  *((intOrPtr*)(_t421 + 0x18))) {
													L175:
													 *(_a4 +  *((intOrPtr*)(_t421 + 0x20))) =  *(_a4 +  *((intOrPtr*)(_t421 + 0x20))) & 0x00000000;
													 *( *((intOrPtr*)(_t421 + 0x1c)) + (_v12 >> 5) * 4) =  *( *((intOrPtr*)(_t421 + 0x1c)) + (_v12 >> 5) * 4) &  !(1 << (_v12 & 0x0000001f));
													goto L171;
												}
												__eflags =  *(_t557 + 0x4c);
												if( *(_t557 + 0x4c) == 0) {
													_t553 =  *(_t508 - 8) & 0x0000ffff;
												} else {
													_t556 =  *(_t508 - 8);
													__eflags =  *(_t557 + 0x4c) & _t556;
													if(( *(_t557 + 0x4c) & _t556) != 0) {
														_t556 = _t556 ^  *(_t557 + 0x50);
														__eflags = _t556;
													}
													_t553 = _t556 & 0x0000ffff;
												}
												__eflags = ( *_t456 & 0x0000ffff) != (_t553 & 0x0000ffff);
												if(( *_t456 & 0x0000ffff) != (_t553 & 0x0000ffff)) {
													goto L175;
												} else {
													 *(_a4 +  *((intOrPtr*)(_t421 + 0x20))) = _t508;
													goto L171;
												}
											}
										}
									}
									_t421 = _t536;
								}
								_t563 = _t499;
								_a16 = _t499;
								goto L155;
							}
							L17:
							_t519 = _t559[6];
							_t391 =  &(_t559[4]);
							_t463 =  *_t391;
							_v20 = _t463;
							_t464 =  *(_t463 + 4);
							_v16 = _t519;
							_t516 =  *_t519;
							if(_t516 != _t464 || _t516 != _t391) {
								_push(0);
								_push(_t516);
								_push(_t464);
								_push(_t391);
								_push(_t557);
								_push(0xc);
								L191:
								E01694B0C(_t456, _t464, _t516, _t557, _t559, __eflags);
								continue;
							} else {
								 *(_t557 + 0x78) =  *(_t557 + 0x78) - ( *_t559 & 0x0000ffff);
								_t394 =  *(_t557 + 0xb8);
								if(_t394 == 0) {
									L38:
									_t395 = _v20;
									_t465 = _v16;
									 *_t465 = _t395;
									 *((intOrPtr*)(_t395 + 4)) = _t465;
									if((_t559[1] & 0x00000008) != 0) {
										goto L1;
									}
									L39:
									_t397 = _t559[1];
									if((_t397 & 0x00000004) != 0) {
										_t468 = ( *_t559 & 0x0000ffff) * 8 - 0x10;
										_a16 = _t468;
										__eflags = _t397 & 0x00000002;
										if((_t397 & 0x00000002) != 0) {
											__eflags = _t468 - 4;
											if(_t468 > 4) {
												_t363 =  &_a16;
												 *_t363 = _a16 - 4;
												__eflags =  *_t363;
											}
										}
										_t399 = E01605770( &(_t559[8]), _a16, 0xfeeefeee);
										_a8 = _t399;
										__eflags = _t399 - _a16;
										if(_t399 != _a16) {
											_t403 =  *( *[fs:0x18] + 0x30);
											__eflags =  *(_t403 + 0xc);
											if( *(_t403 + 0xc) == 0) {
												_push("HEAP: ");
												E015EF63B();
											} else {
												E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc)) + 0x2c);
											}
											_push( &(_t559[8]) + _a8);
											E015EF63B("HEAP: Free Heap block %lx modified at %lx after it was freed\n", _t559);
											E016959C1(_t559);
										}
									}
									_t400 = _a12;
									_t456[1] = 0;
									_t456[3] = 0;
									 *_t400 =  *_t400 + ( *_t559 & 0x0000ffff);
									 *_t456 =  *_t400;
									 *(_t456 + 4 +  *_t400 * 8) =  *_t400 ^  *(_t557 + 0x54);
									break;
								} else {
									_t475 =  *_t559 & 0x0000ffff;
									L21:
									L21:
									if(_t475 >=  *((intOrPtr*)(_t394 + 4))) {
										goto L45;
									} else {
										_t561 = _t475;
										_a4 = _t475;
									}
									L23:
									_t477 = _t561 -  *((intOrPtr*)(_t394 + 0x14));
									_v8 = _t477;
									if( *((intOrPtr*)(_t394 + 8)) != 0) {
										_t477 = _t477 + _t477;
									}
									_t523 = _t477 << 2;
									_v12 = _t523;
									_t524 = _t523 +  *((intOrPtr*)(_t394 + 0x20));
									 *((intOrPtr*)(_t394 + 0xc)) =  *((intOrPtr*)(_t394 + 0xc)) - 1;
									_v24 =  *_t524;
									if(_t561 ==  *((intOrPtr*)(_t394 + 4)) - 1) {
										 *((intOrPtr*)(_t394 + 0x10)) =  *((intOrPtr*)(_t394 + 0x10)) - 1;
									}
									if(_v24 != _a8 + 8) {
										_t559 = _a8;
										goto L38;
									} else {
										_t484 =  *((intOrPtr*)(_t394 + 4));
										if( *_t394 == 0) {
											_t484 = _t484 - 1;
										}
										_t559 = _a8;
										_t485 = _t559[4];
										if(_a4 >= _t484) {
											__eflags = _t485 -  *((intOrPtr*)(_t394 + 0x18));
											if(_t485 !=  *((intOrPtr*)(_t394 + 0x18))) {
												 *_t524 = _t485;
												goto L38;
											}
											 *_t524 =  *_t524 & 0x00000000;
											L37:
											 *( *((intOrPtr*)(_t394 + 0x1c)) + (_v8 >> 5) * 4) =  *( *((intOrPtr*)(_t394 + 0x1c)) + (_v8 >> 5) * 4) &  !(1 << (_v8 & 0x0000001f));
											goto L38;
										}
										_a4 = _t485;
										if(_t485 ==  *((intOrPtr*)(_t394 + 0x18))) {
											L36:
											 *(_v12 +  *((intOrPtr*)(_t394 + 0x20))) =  *(_v12 +  *((intOrPtr*)(_t394 + 0x20))) & 0x00000000;
											goto L37;
										}
										if( *(_t557 + 0x4c) != 0) {
											_t492 =  *(_t485 - 8);
											if(( *(_t557 + 0x4c) & _t492) != 0) {
												_t492 = _t492 ^  *(_t557 + 0x50);
											}
											_t489 = _t492 & 0x0000ffff;
										} else {
											_t489 =  *(_t485 - 8) & 0x0000ffff;
										}
										if(( *_t559 & 0x0000ffff) == (_t489 & 0x0000ffff)) {
											 *(_v12 +  *((intOrPtr*)(_t394 + 0x20))) = _a4;
											goto L38;
										}
										goto L36;
									}
									L45:
									_t521 =  *_t394;
									__eflags = _t521;
									if(_t521 == 0) {
										_t561 =  *((intOrPtr*)(_t394 + 4)) - 1;
										_a4 = _t561;
										goto L23;
									}
									_t394 = _t521;
									goto L21;
								}
							}
						}
						if(( *(_t557 + 0x44) & 0x01000000) == 0) {
							_t388 =  *((intOrPtr*)(_t557 + 0xe0)) - ( *(_t557 + 0x78) << 3);
							_t460 = _t557 + 0x128;
							if(_t388 >  *_t460) {
								 *_t460 = _t388;
							}
							 *((intOrPtr*)(_t557 + 0x12c)) = _t388;
						}
						return _t456;
					}
					_t452 =  *_t559;
					_v32 = _t452;
					_t453 = _t452 ^  *(_t557 + 0x50);
					_v32 = _t453;
					_t464 = _t453 ^ _t453 ^ _v30;
					__eflags = _t453 >> 0x18 - (_t453 ^ _t453 ^ _v30);
					if(__eflags != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(_t559);
						_push(_t557);
						_push(3);
						goto L191;
					}
					goto L13;
				} else {
					__eax =  *(__edi + 0x4c);
					__ecx = __eax;
					__ecx = __eax >> 0x14;
					__cl = __cl &  *(__edi + 0x52);
					__cl = __cl ^  *(__esi + 2);
					__eflags = __cl & 0x00000001;
					if((__cl & 0x00000001) == 0) {
						__eflags = __eax;
						if(__eax != 0) {
							__eax =  *(__edi + 0x50);
							 *__esi =  *__esi ^  *(__edi + 0x50);
							 *(__esi + 1) =  *(__esi + 1) ^  *__esi;
							__al =  *(__esi + 1) ^  *__esi ^  *(__esi + 2);
							__eflags =  *((intOrPtr*)(__esi + 3)) - __al;
							if(__eflags != 0) {
								_push(0);
								_push(__esi);
								_push(__edi);
								__eax = E01694BBA(__ebx, __edi, __esi, __eflags);
							}
						}
						__eflags = _a16;
						if(_a16 != 0) {
							__edx =  *(__ebx + 0xc);
							__eax = __ebx + 8;
							__ecx =  *__eax;
							_v16 = __ecx;
							__ecx =  *(__ecx + 4);
							_v20 = __edx;
							__edx =  *__edx;
							__eflags = __edx - __ecx;
							if(__eflags != 0) {
								L123:
								_push(0);
								_push(__edx);
								_push(__ecx);
								_push(__eax);
								_push(__edi);
								_push(0xc);
								__eax = E01694B0C(__ebx, __ecx, __edx, __edi, __esi, __eflags);
								L133:
								_a16 = 0;
								goto L50;
							}
							__eflags = __edx - __eax;
							if(__eflags != 0) {
								goto L123;
							}
							__eax =  *__ebx & 0x0000ffff;
							 *((intOrPtr*)(__edi + 0x78)) =  *((intOrPtr*)(__edi + 0x78)) - ( *__ebx & 0x0000ffff);
							__eax =  *(__edi + 0xb8);
							__eflags = __eax;
							if(__eax == 0) {
								L120:
								__eax = _v16;
								__ecx = _v20;
								 *__ecx = __eax;
								 *(__eax + 4) = __ecx;
								__eflags =  *(__ebx + 2) & 0x00000008;
								if(( *(__ebx + 2) & 0x00000008) == 0) {
									L124:
									__al =  *(__ebx + 2);
									__eflags = __al & 0x00000004;
									if((__al & 0x00000004) != 0) {
										__ecx =  *__ebx & 0x0000ffff;
										__ecx = ( *__ebx & 0x0000ffff) * 8 - 0x10;
										_a16 = __ecx;
										__eflags = __al & 0x00000002;
										if((__al & 0x00000002) != 0) {
											__eflags = __ecx - 4;
											if(__ecx > 4) {
												_t246 =  &_a16;
												 *_t246 = _a16 - 4;
												__eflags =  *_t246;
											}
										}
										__eax = __ebx + 0x10;
										__eax = E01605770(__ebx + 0x10, _a16, 0xfeeefeee);
										_a4 = __eax;
										__eflags = __eax - _a16;
										if(__eax != _a16) {
											__eax =  *[fs:0x18];
											__eax =  *( *[fs:0x18] + 0x30);
											__eflags =  *(__eax + 0xc);
											if( *(__eax + 0xc) == 0) {
												_push("HEAP: ");
												__eax = E015EF63B();
											} else {
												 *[fs:0x18] =  *( *[fs:0x18] + 0x30);
												 *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) =  *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc));
												 *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc)) + 0x2c = E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc)) + 0x2c);
												_pop(__ecx);
											}
											__eax = _a4;
											_pop(__ecx);
											__eax = _a4 + __ebx + 0x10;
											_push(_a4 + __ebx + 0x10);
											E015EF63B("HEAP: Free Heap block %lx modified at %lx after it was freed\n", __ebx) = E016959C1(__ebx);
										}
									}
									goto L133;
								}
								__edx = __ebx;
								__ecx = __edi;
								__eax = E015FC30D(__edi, __ebx);
								__eflags = __al;
								if(__al != 0) {
									goto L124;
								}
								 *__ebx & 0x0000ffff = E015FE4D7(__ebx, __edi, __edi, __ebx,  *__ebx & 0x0000ffff, 1);
								goto L133;
							}
							__ecx =  *__ebx & 0x0000ffff;
							while(1) {
								__eflags = __ecx -  *(__eax + 4);
								if(__ecx <  *(__eax + 4)) {
									break;
								}
								__edx =  *__eax;
								__eflags = __edx;
								if(__edx == 0) {
									__ebx =  *(__eax + 4);
									__ebx =  *(__eax + 4) - 1;
									__eflags = __ebx;
									_a16 = __ebx;
									L98:
									__ecx = __ebx;
									__ecx = __ebx -  *((intOrPtr*)(__eax + 0x14));
									__eflags =  *(__eax + 8);
									_v8 = __ecx;
									if( *(__eax + 8) != 0) {
										__ecx = __ecx + __ecx;
										__eflags = __ecx;
									}
									__edx =  *(__eax + 0x20);
									__ecx = __ecx << 2;
									__edx =  *(__eax + 0x20) + __ecx;
									_a4 = __ecx;
									__ecx =  *__edx;
									 *(__eax + 0xc) =  *(__eax + 0xc) - 1;
									_v12 =  *__edx;
									 *(__eax + 4) =  *(__eax + 4) - 1;
									__eflags = __ebx -  *(__eax + 4) - 1;
									if(__ebx ==  *(__eax + 4) - 1) {
										_t201 = __eax + 0x10;
										 *_t201 =  *(__eax + 0x10) - 1;
										__eflags =  *_t201;
									}
									_a8 = _a8 + 8;
									__eflags = _v12 - _a8 + 8;
									if(_v12 != _a8 + 8) {
										__ebx = _a8;
										goto L120;
									} else {
										__eflags =  *__eax;
										__ecx =  *(__eax + 4);
										if( *__eax == 0) {
											__ecx = __ecx - 1;
											__eflags = __ecx;
										}
										__ebx = _a8;
										__eflags = _a16 - __ecx;
										__ecx =  *(__ebx + 8);
										if(__eflags >= 0) {
											__eflags = __ecx -  *((intOrPtr*)(__eax + 0x18));
											if(__ecx ==  *((intOrPtr*)(__eax + 0x18))) {
												 *__edx =  *__edx & 0x00000000;
												goto L115;
											}
											 *__edx = __ecx;
											goto L120;
										} else {
											_a16 = __ecx;
											__eflags = __ecx -  *((intOrPtr*)(__eax + 0x18));
											if(__ecx ==  *((intOrPtr*)(__eax + 0x18))) {
												L114:
												__ecx =  *(__eax + 0x20);
												__edx = _a4;
												_t224 = __edx + __ecx;
												 *_t224 =  *(__edx + __ecx) & 0x00000000;
												__eflags =  *_t224;
												L115:
												__ecx = _v8;
												__eax =  *(__eax + 0x1c);
												__ecx = __ecx >> 5;
												__eax = __eax + (__ecx >> 5) * 4;
												0 = 1;
												__ecx = __ecx & 0x0000001f;
												1 << __cl =  !(1 << __cl);
												 *__eax =  *__eax &  !(1 << __cl);
												goto L120;
											}
											__eflags =  *(__edi + 0x4c);
											if( *(__edi + 0x4c) == 0) {
												__ecx =  *(__ecx - 8) & 0x0000ffff;
											} else {
												__ecx =  *(__ecx - 8);
												__eflags =  *(__edi + 0x4c) & __ecx;
												if(( *(__edi + 0x4c) & __ecx) != 0) {
													__eflags = __ecx;
												}
												__ecx = __cx & 0x0000ffff;
											}
											__edx =  *__ebx & 0x0000ffff;
											__ecx = __cx & 0x0000ffff;
											__edx = ( *__ebx & 0x0000ffff) != (__cx & 0x0000ffff);
											__eflags = ( *__ebx & 0x0000ffff) != (__cx & 0x0000ffff);
											if(( *__ebx & 0x0000ffff) != (__cx & 0x0000ffff)) {
												goto L114;
											} else {
												__eax =  *(__eax + 0x20);
												__ecx = _a4;
												__edx = _a16;
												 *((intOrPtr*)(_a4 + __eax)) = _a16;
												goto L120;
											}
										}
									}
								}
								__eax = __edx;
							}
							__ebx = __ecx;
							_a16 = __ecx;
							goto L98;
						} else {
							L50:
							__edx =  *(__esi + 0xc);
							__eax = __esi + 8;
							__ecx =  *__eax;
							_v16 = __ecx;
							__ecx =  *(__ecx + 4);
							_v24 = __edx;
							__edx =  *__edx;
							__eflags = __edx - __ecx;
							if(__eflags != 0) {
								L135:
								_push(0);
								_push(__edx);
								_push(__ecx);
								_push(__eax);
								_push(__edi);
								_push(0xc);
								__eax = E01694B0C(__ebx, __ecx, __edx, __edi, __esi, __eflags);
								goto L11;
							}
							__eflags = __edx - __eax;
							if(__eflags != 0) {
								goto L135;
							}
							__eax =  *__esi & 0x0000ffff;
							 *((intOrPtr*)(__edi + 0x78)) =  *((intOrPtr*)(__edi + 0x78)) - ( *__esi & 0x0000ffff);
							__eax =  *(__edi + 0xb8);
							__eflags = __eax;
							if(__eax == 0) {
								L71:
								__eax = _v16;
								__ecx = _v24;
								 *__ecx = __eax;
								 *(__eax + 4) = __ecx;
								__eflags =  *(__esi + 2) & 0x00000008;
								if(( *(__esi + 2) & 0x00000008) != 0) {
									__edx = __esi;
									__ecx = __edi;
									__eax = E015FC30D(__edi, __edx);
									__eflags = __al;
									if(__al != 0) {
										goto L72;
									} else {
										 *__esi & 0x0000ffff = E015FE4D7(__ebx, __edi, __edi, __esi,  *__esi & 0x0000ffff, 1);
										goto L11;
									}
								}
								L72:
								__al =  *(__esi + 2);
								__eflags = __al & 0x00000004;
								if((__al & 0x00000004) != 0) {
									__ebx =  *__esi & 0x0000ffff;
									__ebx = ( *__esi & 0x0000ffff) * 8 - 0x10;
									__eflags = __al & 0x00000002;
									if((__al & 0x00000002) != 0) {
										__eflags = __ebx - 4;
										if(__ebx > 4) {
											__ebx = __ebx - 4;
											__eflags = __ebx;
										}
									}
									__eax = __esi + 0x10;
									__eax = E01605770(__esi + 0x10, __ebx, 0xfeeefeee);
									_a8 = __eax;
									__eflags = __eax - __ebx;
									if(__eax != __ebx) {
										__eax =  *[fs:0x18];
										__eax =  *( *[fs:0x18] + 0x30);
										__eflags =  *(__eax + 0xc);
										if( *(__eax + 0xc) == 0) {
											_push("HEAP: ");
											__eax = E015EF63B();
										} else {
											 *[fs:0x18] =  *( *[fs:0x18] + 0x30);
											 *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) =  *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc));
											 *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc)) + 0x2c = E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc)) + 0x2c);
											_pop(__ecx);
										}
										__eax = _a8;
										_pop(__ecx);
										__eax = _a8 + __esi + 0x10;
										_push(_a8 + __esi + 0x10);
										E015EF63B("HEAP: Free Heap block %lx modified at %lx after it was freed\n", __esi) = E016959C1(__esi);
									}
								}
								__ecx =  *__esi & 0x0000ffff;
								__eax = _a12;
								 *(__esi + 2) = 0;
								 *((char*)(__esi + 7)) = 0;
								 *__eax =  *__eax + __ecx;
								__cx =  *__eax;
								 *__esi =  *__eax;
								__cx =  *__eax;
								__cx =  *__eax ^  *(__edi + 0x54);
								__eax =  *__eax;
								__ebx = __esi;
								 *(__esi + 4 + __eax * 8) = __cx;
								goto L11;
							}
							__ecx =  *__esi & 0x0000ffff;
							while(1) {
								__eflags = __ecx -  *(__eax + 4);
								if(__ecx <  *(__eax + 4)) {
									break;
								}
								__edx =  *__eax;
								__eflags = __edx;
								if(__edx == 0) {
									__ebx =  *(__eax + 4);
									__ebx =  *(__eax + 4) - 1;
									_a4 = __ebx;
									L56:
									__ecx = __ebx;
									__ecx = __ebx -  *((intOrPtr*)(__eax + 0x14));
									__eflags =  *(__eax + 8);
									_v12 = __ecx;
									if( *(__eax + 8) != 0) {
										__ecx = __ecx + __ecx;
										__eflags = __ecx;
									}
									__edx =  *(__eax + 0x20);
									__ecx = __ecx << 2;
									__edx =  *(__eax + 0x20) + __ecx;
									_v8 = __ecx;
									__ecx =  *__edx;
									 *(__eax + 0xc) =  *(__eax + 0xc) - 1;
									_v20 =  *__edx;
									 *(__eax + 4) =  *(__eax + 4) - 1;
									__eflags = __ebx -  *(__eax + 4) - 1;
									if(__ebx ==  *(__eax + 4) - 1) {
										 *(__eax + 0x10) =  *(__eax + 0x10) - 1;
									}
									__ecx = __esi + 8;
									__eflags = _v20 - __esi + 8;
									if(_v20 != __esi + 8) {
										L70:
										__ebx = _a8;
										goto L71;
									} else {
										__eflags =  *__eax;
										__ecx =  *(__eax + 4);
										if( *__eax == 0) {
											__ecx = __ecx - 1;
											__eflags = __ecx;
										}
										__eflags = _a4 - __ecx;
										__ecx =  *(__esi + 8);
										if(__eflags >= 0) {
											__ebx = _a8;
											__eflags = __ecx -  *((intOrPtr*)(__eax + 0x18));
											if(__ecx !=  *((intOrPtr*)(__eax + 0x18))) {
												 *__edx = __ecx;
											} else {
												 *__edx =  *__edx & 0x00000000;
												__ecx = _v12;
												__eax =  *(__eax + 0x1c);
												__ecx = __ecx >> 5;
												__eax = __eax + (__ecx >> 5) * 4;
												0 = 1;
												__ecx = __ecx & 0x0000001f;
												__edx = 1 << __cl;
												__edx =  !(1 << __cl);
												 *__eax =  *__eax & 1;
											}
											goto L71;
										} else {
											__eflags = __ecx -  *((intOrPtr*)(__eax + 0x18));
											if(__ecx ==  *((intOrPtr*)(__eax + 0x18))) {
												L69:
												__ecx =  *(__eax + 0x20);
												__edx = _v8;
												 *(_v8 +  *(__eax + 0x20)) =  *(_v8 +  *(__eax + 0x20)) & 0x00000000;
												__ecx = _v12;
												__eax =  *(__eax + 0x1c);
												__ecx = __ecx >> 5;
												__eax = __eax + (__ecx >> 5) * 4;
												0 = 1;
												__ecx = __ecx & 0x0000001f;
												__edx = 1 << __cl;
												__edx =  !(1 << __cl);
												 *__eax =  *__eax & 1;
												__eflags =  *__eax;
												goto L70;
											}
											__eflags =  *(__edi + 0x4c);
											if( *(__edi + 0x4c) != 0) {
												__edx =  *(__ecx - 8);
												__eflags =  *(__edi + 0x4c) & __edx;
												if(( *(__edi + 0x4c) & __edx) != 0) {
													__eflags = __edx;
												}
												__edx = __dx & 0x0000ffff;
											} else {
												__edx =  *(__ecx - 8) & 0x0000ffff;
											}
											__ebx =  *__esi & 0x0000ffff;
											__edx = __dx & 0x0000ffff;
											__ebx = ( *__esi & 0x0000ffff) == (__dx & 0x0000ffff);
											__eflags = ( *__esi & 0x0000ffff) == (__dx & 0x0000ffff);
											if(( *__esi & 0x0000ffff) == (__dx & 0x0000ffff)) {
												__eax =  *(__eax + 0x20);
												__edx = _v8;
												 *(__edx + __eax) = __ecx;
												goto L70;
											}
											goto L69;
										}
									}
								}
								__eax = __edx;
							}
							__ebx = __ecx;
							_a4 = __ecx;
							goto L56;
						}
					}
					goto L11;
				}
				L1:
				if(E015FC30D(_t557, _t559) != 0) {
					goto L39;
				} else {
					E015FE4D7(_t456, _t557, _t557, _t559,  *_t559 & 0x0000ffff, 1);
					goto L13;
				}
			}

0x01625de1
0x01625dea
0x01625df8
0x01625dfc
0x01625e15
0x01625e15
0x01625e1e
0x01625e21
0x01625e24
0x00000000
0x01625e43
0x01625e5b
0x01625e60
0x01625e6d
0x01659872
0x01659874
0x01659875
0x01659876
0x01659876
0x01625e6d
0x01625e77
0x01659880
0x01659883
0x01659886
0x01659888
0x0165988b
0x0165988e
0x01659891
0x01659893
0x01659895
0x016599e1
0x016599e1
0x016599e3
0x016599e4
0x016599e5
0x016599e6
0x016599e7
0x016599e9
0x01659a87
0x01659a87
0x00000000
0x01659a87
0x0165989b
0x0165989d
0x00000000
0x00000000
0x016598a6
0x016598a9
0x016598af
0x016598b1
0x01659959
0x01659959
0x0165995c
0x0165995f
0x01659961
0x01659964
0x01659968
0x016599f3
0x016599f3
0x016599f6
0x016599f8
0x01659a01
0x01659a08
0x01659a0b
0x01659a0d
0x01659a0f
0x01659a12
0x01659a14
0x01659a14
0x01659a14
0x01659a14
0x01659a12
0x01659a24
0x01659a29
0x01659a2c
0x01659a2f
0x01659a37
0x01659a3a
0x01659a3e
0x01659a60
0x01659a65
0x01659a40
0x01659a58
0x01659a5d
0x01659a72
0x01659a79
0x01659a7e
0x01659a82
0x01659a82
0x01659a2f
0x00000000
0x016599f8
0x01659972
0x01659977
0x01659979
0x00000000
0x00000000
0x01659983
0x00000000
0x01659983
0x016598b7
0x016598c4
0x016598c4
0x016598c7
0x00000000
0x00000000
0x016598bc
0x016598be
0x016598c0
0x016598d3
0x016598d3
0x016598d4
0x016598d7
0x016598d9
0x016598dc
0x016598e0
0x016598e3
0x016598e5
0x016598e5
0x016598e5
0x016598ec
0x016598ef
0x016598f2
0x016598f6
0x016598f9
0x01659900
0x01659902
0x01659904
0x01659904
0x01659904
0x01659904
0x0165990a
0x0165990d
0x01659956
0x01659956
0x00000000
0x0165990f
0x0165990f
0x01659912
0x01659915
0x01659917
0x01659917
0x01659917
0x01659918
0x0165991b
0x0165991e
0x016599b3
0x016599b6
0x016599b9
0x016599bf
0x016599da
0x016599bb
0x016599bb
0x016599bb
0x00000000
0x01659924
0x01659924
0x01659927
0x0165998d
0x01659993
0x016599af
0x00000000
0x016599af
0x01659929
0x0165992d
0x0165993f
0x0165992f
0x0165992f
0x01659932
0x01659935
0x01659937
0x01659937
0x01659937
0x0165993a
0x0165993a
0x01659949
0x0165994b
0x00000000
0x0165994d
0x01659953
0x00000000
0x01659953
0x0165994b
0x0165991e
0x0165990d
0x016598c2
0x016598c2
0x016598c9
0x016598cb
0x00000000
0x016598cb
0x01625e7d
0x01625e7d
0x01625e80
0x01625e83
0x01625e85
0x01625e88
0x01625e8b
0x01625e8e
0x01625e92
0x015fb5ef
0x015fb5f1
0x015fb5f2
0x015fb5f3
0x015fb5f4
0x015fb5f5
0x01659aa2
0x01659aa2
0x00000000
0x01625ea0
0x01625ea3
0x01625ea6
0x01625eae
0x01625f6f
0x01625f6f
0x01625f72
0x01625f75
0x01625f77
0x01625f7e
0x00000000
0x00000000
0x01625f84
0x01625f84
0x01625f89
0x01659aaf
0x01659ab6
0x01659ab9
0x01659abb
0x01659abd
0x01659ac0
0x01659ac2
0x01659ac2
0x01659ac2
0x01659ac2
0x01659ac0
0x01659ad2
0x01659ad7
0x01659ada
0x01659add
0x01659ae9
0x01659aec
0x01659af0
0x01659b12
0x01659b17
0x01659af2
0x01659b0a
0x01659b0f
0x01659b24
0x01659b2b
0x01659b34
0x01659b34
0x01659add
0x01625f8f
0x01625f92
0x01625f96
0x01625f9d
0x01625fa2
0x01625fae
0x00000000
0x01625eb4
0x01625eb4
0x00000000
0x01625eb7
0x01625eba
0x00000000
0x01625ec0
0x01625ec0
0x01625ec2
0x01625ec2
0x01625ec5
0x01625ec7
0x01625ece
0x01625ed1
0x01625ed3
0x01625ed3
0x01625eda
0x01625edd
0x01625ee0
0x01625ee4
0x01625ee7
0x01625ef0
0x01628cdd
0x01628cdd
0x01625eff
0x01645153
0x00000000
0x01625f05
0x01625f08
0x01625f0b
0x01625f0d
0x01625f0d
0x01625f0e
0x01625f14
0x01625f17
0x01628d9f
0x01628da2
0x01642147
0x00000000
0x01642147
0x01628da8
0x01625f55
0x01625f6d
0x00000000
0x01625f6d
0x01625f1d
0x01625f23
0x01625f4b
0x01625f51
0x00000000
0x01625f51
0x01625f29
0x01625f2f
0x01625f35
0x01625f37
0x01625f37
0x01625f3a
0x015fb5e6
0x015fb5e6
0x015fb5e6
0x01625f45
0x0162e9fa
0x00000000
0x0162e9fa
0x00000000
0x01625f45
0x016266ee
0x016266ee
0x016266f0
0x016266f2
0x01628d96
0x01628d97
0x00000000
0x01628d97
0x016266f8
0x00000000
0x016266f8
0x01625eae
0x01625e92
0x01625fba
0x01625fc8
0x01625fca
0x01625fd2
0x0162ed20
0x0162ed20
0x01625fd8
0x01625fd8
0x01625fe4
0x01625fe4
0x01625e26
0x01625e28
0x01625e2b
0x01625e32
0x01625e35
0x01625e3b
0x01625e3d
0x01659866
0x01659867
0x01659868
0x01659869
0x0165986a
0x0165986b
0x00000000
0x0165986b
0x00000000
0x01625dfe
0x01625dfe
0x01625e01
0x01625e03
0x01625e06
0x01625e09
0x01625e0c
0x01625e0f
0x0162694e
0x01626950
0x01626952
0x01626955
0x0162695a
0x0162695c
0x0162695f
0x01626962
0x016595af
0x016595b1
0x016595b2
0x016595b3
0x016595b3
0x01626962
0x01626968
0x0162696c
0x016595bd
0x016595c0
0x016595c3
0x016595c5
0x016595c8
0x016595cb
0x016595ce
0x016595d0
0x016595d2
0x01659706
0x01659706
0x01659708
0x01659709
0x0165970a
0x0165970b
0x0165970c
0x0165970e
0x016597ac
0x016597ac
0x00000000
0x016597ac
0x016595d8
0x016595da
0x00000000
0x00000000
0x016595e0
0x016595e3
0x016595e6
0x016595ec
0x016595ee
0x016596d6
0x016596d6
0x016596d9
0x016596dc
0x016596de
0x016596e1
0x016596e5
0x01659718
0x01659718
0x0165971b
0x0165971d
0x01659723
0x01659726
0x0165972d
0x01659730
0x01659732
0x01659734
0x01659737
0x01659739
0x01659739
0x01659739
0x01659739
0x01659737
0x01659745
0x01659749
0x0165974e
0x01659751
0x01659754
0x01659756
0x0165975c
0x0165975f
0x01659763
0x01659785
0x0165978a
0x01659765
0x0165976b
0x01659771
0x0165977d
0x01659782
0x01659782
0x0165978f
0x01659792
0x01659793
0x01659797
0x016597a7
0x016597a7
0x01659754
0x00000000
0x0165971d
0x016596e7
0x016596e9
0x016596eb
0x016596f0
0x016596f2
0x00000000
0x00000000
0x016596fc
0x00000000
0x016596fc
0x016595f4
0x01659601
0x01659601
0x01659604
0x00000000
0x00000000
0x016595f9
0x016595fb
0x016595fd
0x0165960d
0x01659610
0x01659610
0x01659611
0x01659614
0x01659614
0x01659616
0x01659619
0x0165961d
0x01659620
0x01659622
0x01659622
0x01659622
0x01659624
0x01659627
0x0165962a
0x0165962c
0x0165962f
0x01659631
0x01659634
0x0165963a
0x0165963b
0x0165963d
0x0165963f
0x0165963f
0x0165963f
0x0165963f
0x01659645
0x01659648
0x0165964b
0x016596d3
0x00000000
0x01659651
0x01659651
0x01659654
0x01659657
0x01659659
0x01659659
0x01659659
0x0165965a
0x0165965d
0x01659660
0x01659663
0x016596c5
0x016596c8
0x016596ce
0x00000000
0x016596ce
0x016596ca
0x00000000
0x01659665
0x01659665
0x01659668
0x0165966b
0x0165969f
0x0165969f
0x016596a2
0x016596a5
0x016596a5
0x016596a5
0x016596a9
0x016596a9
0x016596ac
0x016596b1
0x016596b4
0x016596b9
0x016596ba
0x016596bf
0x016596c1
0x00000000
0x016596c1
0x0165966d
0x01659671
0x01659683
0x01659673
0x01659673
0x01659676
0x01659679
0x0165967b
0x0165967b
0x0165967e
0x0165967e
0x01659687
0x0165968a
0x0165968d
0x0165968d
0x0165968f
0x00000000
0x01659691
0x01659691
0x01659694
0x01659697
0x0165969a
0x00000000
0x0165969a
0x0165968f
0x01659663
0x0165964b
0x016595ff
0x016595ff
0x01659606
0x01659608
0x00000000
0x01626972
0x01626972
0x01626972
0x01626975
0x01626978
0x0162697a
0x0162697d
0x01626980
0x01626983
0x01626985
0x01626987
0x016597c7
0x016597c7
0x016597c9
0x016597ca
0x016597cb
0x016597cc
0x016597cd
0x016597cf
0x00000000
0x016597cf
0x0162698d
0x0162698f
0x00000000
0x00000000
0x01626995
0x01626998
0x0162699b
0x016269a1
0x016269a3
0x01626a58
0x01626a58
0x01626a5b
0x01626a5e
0x01626a60
0x01626a63
0x01626a67
0x015f3882
0x015f3884
0x015f3886
0x015f388b
0x015f388d
0x00000000
0x015f3893
0x016597bd
0x00000000
0x016597bd
0x015f388d
0x01626a6d
0x01626a6d
0x01626a70
0x01626a72
0x016597d9
0x016597dc
0x016597e3
0x016597e5
0x016597e7
0x016597ea
0x016597ec
0x016597ec
0x016597ec
0x016597ea
0x016597f5
0x016597f9
0x016597fe
0x01659801
0x01659803
0x01659809
0x0165980f
0x01659812
0x01659816
0x01659838
0x0165983d
0x01659818
0x0165981e
0x01659824
0x01659830
0x01659835
0x01659835
0x01659842
0x01659845
0x01659846
0x0165984a
0x0165985a
0x0165985a
0x01659803
0x01626a78
0x01626a7b
0x01626a7e
0x01626a82
0x01626a86
0x01626a88
0x01626a8b
0x01626a8e
0x01626a91
0x01626a95
0x01626a97
0x01626a99
0x00000000
0x01626a99
0x016269a9
0x016269ac
0x016269ac
0x016269af
0x00000000
0x00000000
0x0162ec47
0x0162ec49
0x0162ec4b
0x016362c1
0x016362c4
0x016362c5
0x016269ba
0x016269ba
0x016269bc
0x016269bf
0x016269c3
0x016269c6
0x016269c8
0x016269c8
0x016269c8
0x016269ca
0x016269cd
0x016269d0
0x016269d2
0x016269d5
0x016269d7
0x016269da
0x016269e0
0x016269e1
0x016269e3
0x016362b9
0x016362b9
0x016269e9
0x016269ec
0x016269ef
0x01626a55
0x01626a55
0x00000000
0x016269f1
0x016269f1
0x016269f4
0x016269f7
0x016269f9
0x016269f9
0x016269f9
0x016269fa
0x016269fd
0x01626a00
0x016362cd
0x016362d0
0x016362d3
0x015fb5d6
0x016362d9
0x016362d9
0x016362dc
0x016362df
0x016362e4
0x016362e7
0x016362ec
0x016362ed
0x016362f0
0x016362f2
0x016362f4
0x016362f4
0x00000000
0x01626a06
0x01626a06
0x01626a09
0x01626a31
0x01626a31
0x01626a34
0x01626a37
0x01626a3b
0x01626a3e
0x01626a43
0x01626a46
0x01626a4b
0x01626a4c
0x01626a4f
0x01626a51
0x01626a53
0x01626a53
0x00000000
0x01626a53
0x01626a0b
0x01626a0f
0x01626a15
0x01626a18
0x01626a1b
0x01626a1d
0x01626a1d
0x01626a20
0x015fb5dd
0x015fb5dd
0x015fb5dd
0x01626a23
0x01626a26
0x01626a29
0x01626a29
0x01626a2b
0x01603bf0
0x01603bf3
0x01603bf6
0x00000000
0x01603bf6
0x00000000
0x01626a2b
0x01626a00
0x016269ef
0x0162ec51
0x0162ec51
0x016269b5
0x016269b7
0x00000000
0x016269b7
0x0162696c
0x00000000
0x01625e0f
0x015f37f1
0x015f37fc
0x00000000
0x015f3802
0x01659a98
0x00000000
0x01659a98

Strings

HEAP: , xrefs: 01659785, 01659838, 01659A60, 01659B12
HEAP[%wZ]: , xrefs: 01659778, 0165982B, 01659A53, 01659B05
HEAP: Free Heap block %lx modified at %lx after it was freed, xrefs: 01659799, 0165984C, 01659A74, 01659B26

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %lx modified at %lx after it was freed$HEAP[%wZ]:
API String ID: 0-2419525547
Opcode ID: 74bca1bf2e430860cd92475f8fdb1e2ae4e9700ebcc60d534750d906e733032c
Instruction ID: e6dcebbcf522fdf897f3dd7d913df8e0876c3ffbe58706b013fa8c8c7d03c74c
Opcode Fuzzy Hash: 74bca1bf2e430860cd92475f8fdb1e2ae4e9700ebcc60d534750d906e733032c
Instruction Fuzzy Hash: EC727E70604616DFDB69CF19C894ABABBB1FF85318F19809EE8468B755D730E841CF60

Uniqueness

Uniqueness Score: 100.00%

Function 015F91F7, Relevance: 4.2, Strings: 3, Instructions: 478
UNIQUECrypto

C-Code - Quality: 89%

			E015F91F7(signed int _a4, unsigned int _a8, unsigned int _a12, signed int _a15, intOrPtr _a16, signed short _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int __ebx;
				signed int __edi;
				unsigned int __esi;
				void* __ebp;
				signed char _t228;
				signed int _t230;
				signed short _t234;
				signed int _t238;
				signed int _t247;
				void* _t250;
				signed int _t251;
				signed short _t252;
				signed short _t258;
				signed char _t260;
				signed short _t270;
				signed int _t280;
				signed char _t286;
				signed int _t298;
				signed int _t300;
				signed char _t301;
				void* _t303;
				intOrPtr* _t310;
				signed short _t311;
				signed int _t314;
				signed int _t315;

				_t280 = _a4;
				if(_a20 >  *((intOrPtr*)(_t280 + 0x60))) {
					_t228 = 0;
					goto L58;
				} else {
					__eflags =  *(__ebx + 0x4c);
					_push(__esi);
					__esi = _a12;
					__al =  *((intOrPtr*)(__esi + 2));
					_a15 = __al;
					__eax =  *__esi & 0x0000ffff;
					_push(__edi);
					__edi = __esi + ( *__esi & 0x0000ffff) * 8;
					if( *(__ebx + 0x4c) != 0) {
						__eax =  *(__ebx + 0x50);
						 *__edi =  *__edi ^  *(__ebx + 0x50);
						 *(__edi + 2) =  *(__edi + 2) ^  *(__edi + 1);
						__al =  *(__edi + 2) ^  *(__edi + 1) ^  *__edi;
						__eflags =  *(__edi + 3) - __al;
						if(__eflags != 0) {
							_push(0);
							_push(__edi);
							_push(__ebx);
							__eax = E01694BBA(__ebx, __edi, __esi, __eflags);
						}
					}
					__dl =  *(__edi + 2);
					__eflags = __dl & 0x00000001;
					if((__dl & 0x00000001) != 0) {
						L60:
						__eflags =  *(__ebx + 0x4c);
						if( *(__ebx + 0x4c) != 0) {
							 *(__edi + 1) =  *(__edi + 1) ^ __dl;
							__al =  *(__edi + 1) ^ __dl ^  *__edi;
							 *(__edi + 3) =  *(__edi + 1) ^ __dl ^  *__edi;
							__eax =  *(__ebx + 0x50);
							 *__edi =  *__edi ^  *(__ebx + 0x50);
							__eflags =  *__edi;
						}
						goto L62;
					} else {
						__ecx =  *__edi & 0x0000ffff;
						__eax =  *__esi & 0x0000ffff;
						__eax = ( *__esi & 0x0000ffff) + ( *__edi & 0x0000ffff);
						_v8 = __eax;
						__eflags = __eax - _a20;
						if(__eax < _a20) {
							goto L60;
						}
						__edx =  *(__edi + 0xc);
						__eax = __edi + 8;
						__ecx =  *__eax;
						_v28 = __ecx;
						__ecx =  *(__ecx + 4);
						_v32 = __edx;
						__edx =  *__edx;
						__eflags = __edx - __ecx;
						if(__eflags != 0) {
							L75:
							_push(0);
							_push(__edx);
							_push(__ecx);
							_push(__eax);
							_push(__ebx);
							_push(0xc);
							__eax = E01694B0C(__ebx, __ecx, __edx, __edi, __esi, __eflags);
							L62:
							__al = 0;
							L57:
							L58:
							return _t228;
						}
						__eflags = __edx - __eax;
						if(__eflags != 0) {
							goto L75;
						}
						__eax =  *__edi & 0x0000ffff;
						 *((intOrPtr*)(__ebx + 0x78)) =  *((intOrPtr*)(__ebx + 0x78)) - ( *__edi & 0x0000ffff);
						__eax =  *(__ebx + 0xb8);
						__eflags = __eax;
						if(__eax == 0) {
							L37:
							__eax = _v28;
							__ecx = _v32;
							 *__ecx = __eax;
							 *(__eax + 4) = __ecx;
							__eflags =  *(__edi + 2) & 0x00000008;
							if(( *(__edi + 2) & 0x00000008) != 0) {
								__edx = __edi;
								__ecx = __ebx;
								__eax = E015FC30D(__ebx, __edx);
								__eflags = __al;
								if(__al != 0) {
									goto L38;
								}
								 *__edi & 0x0000ffff = E015FE4D7(__ebx, __edi, __ebx, __edi,  *__edi & 0x0000ffff, 1);
								goto L62;
							}
							L38:
							__al =  *(__edi + 2);
							__eflags = __al & 0x00000004;
							if((__al & 0x00000004) != 0) {
								__ecx =  *__edi & 0x0000ffff;
								__ecx = ( *__edi & 0x0000ffff) * 8 - 0x10;
								_a4 = __ecx;
								__eflags = __al & 0x00000002;
								if((__al & 0x00000002) != 0) {
									__eflags = __ecx - 4;
									if(__ecx > 4) {
										_t158 =  &_a4;
										 *_t158 = _a4 - 4;
										__eflags =  *_t158;
									}
								}
								__eax = __edi + 0x10;
								__eax = E01605770(__edi + 0x10, _a4, 0xfeeefeee);
								_v32 = __eax;
								__eflags = __eax - _a4;
								if(__eax != _a4) {
									__eax =  *[fs:0x18];
									__eax =  *( *[fs:0x18] + 0x30);
									__eflags =  *(__eax + 0xc);
									if( *(__eax + 0xc) == 0) {
										_push("HEAP: ");
										__eax = E015EF63B();
									} else {
										 *[fs:0x18] =  *( *[fs:0x18] + 0x30);
										 *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) =  *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc));
										 *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc)) + 0x2c = E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc)) + 0x2c);
										_pop(__ecx);
									}
									__eax = _v32;
									_pop(__ecx);
									__eax = _v32 + __edi + 0x10;
									_push(_v32 + __edi + 0x10);
									E015EF63B("HEAP: Free Heap block %lx modified at %lx after it was freed\n", __edi) = E016959C1(__edi);
								}
							}
							__al =  *(__edi + 2);
							__edi =  *__esi & 0x0000ffff;
							__cl =  *((intOrPtr*)(__esi + 7));
							_a4 = __al;
							__eax = __di & 0x0000ffff;
							__eax = (__di & 0x0000ffff) << 3;
							__eflags = __cl - 5;
							if(__cl == 5) {
								__ecx =  *(__ebx + 0x54) & 0x0000ffff;
								__edx =  *(__esi + 4) & 0x0000ffff;
								__ecx =  *(__ebx + 0x54) & 0x0000ffff ^ __edx;
							} else {
								__eflags = __cl & 0x00000040;
								if((__cl & 0x00000040) != 0) {
									__cl & 0x000000ff = __cl & 0x3f;
									__ecx =  *(__esi + 4 + (__cl & 0x3f) * 8) & 0x0000ffff;
								} else {
									__cl = __cl & 0x0000003f;
									__eflags = (__cl & 0x0000003f) - 0x3f;
									if((__cl & 0x0000003f) == 0x3f) {
										__eflags = __cl;
										if(__cl >= 0) {
											__eflags =  *(__ebx + 0x4c);
											if( *(__ebx + 0x4c) == 0) {
												__ecx = __di & 0x0000ffff;
											} else {
												__ecx =  *__esi;
												__eflags =  *(__ebx + 0x4c) & __ecx;
												if(( *(__ebx + 0x4c) & __ecx) != 0) {
													__eflags = __ecx;
												}
												__ecx = __cx & 0x0000ffff;
											}
										} else {
											__edx =  *__esi;
											__esi = __esi >> 3;
											__esi >> 0x00000003 ^ 0 = __esi >> 0x00000003 ^ 0 ^  *0x16a81dc;
											__ecx = __esi >> 0x00000003 ^ 0 ^  *0x16a81dc ^ __ebx;
											__cx =  *((intOrPtr*)((__esi >> 0x00000003 ^ 0 ^  *0x16a81dc ^ __ebx) + 0x10));
										}
										__ecx = __cx & 0x0000ffff;
										__ecx =  *(__esi + (__cx & 0x0000ffff) * 8 - 4);
									} else {
										__ecx = __cl & 0x000000ff;
										__ecx = __cl & 0x3f;
										__eflags = __ecx;
									}
								}
							}
							_v20 = __eax;
							__eax = _a20;
							_v8 = _v8 - _a20;
							__eflags = _v8 - 2;
							if(_v8 <= 2) {
								__eax = _v8;
								_a20 = _a20 + _v8;
								_v8 = _v8 & 0x00000000;
							}
							__eflags = _a15 & 0x00000002;
							if((_a15 & 0x00000002) != 0) {
								_t310 = _t315 + _a20 * 8 - 8;
								_t230 =  *_t315 & 0x0000ffff;
								 *_t310 =  *((intOrPtr*)(_t315 + _t230 * 8 - 8));
								 *((intOrPtr*)(_t310 + 4)) =  *((intOrPtr*)(_t315 + _t230 * 8 - 4));
								if((E016271D3() & 0x00000800) != 0) {
									 *(_t310 + 2) = E01683B12(_t280,  *(_t310 + 2) & 0x0000ffff,  *_t315 & 0x0000ffff, _a20, 4);
								}
								L46:
								_t311 = _a20;
								goto L47;
							} else {
								__eax = E016271D3();
								__eflags = __eax & 0x00000800;
								if((__eax & 0x00000800) != 0) {
									__al =  *(__esi + 3);
									__ecx =  *__esi & 0x0000ffff;
									__edi = _a20;
									__al & 0xff = E01683B12(__ebx, __al & 0xff,  *__esi & 0x0000ffff, _a20, 4);
									 *(__esi + 3) = __al;
									L47:
									 *_t315 = _t311;
									if(_v8 == 0) {
										 *(_t315 + 2) =  *(_t315 + 2) | _a4;
										_t286 = (_t311 << 3) - _a16;
										__eflags = _t286 - 0x3f;
										if(_t286 >= 0x3f) {
											__eflags =  *(_t315 + 7) & 0x00000080;
											if(( *(_t315 + 7) & 0x00000080) == 0) {
												__eflags =  *(_t280 + 0x4c);
												if( *(_t280 + 0x4c) == 0) {
													_t234 = _t311 & 0x0000ffff;
												} else {
													_t252 =  *_t315;
													__eflags =  *(_t280 + 0x4c) & _t252;
													if(( *(_t280 + 0x4c) & _t252) != 0) {
														_t252 = _t252 ^  *(_t280 + 0x50);
														__eflags = _t252;
													}
													_t234 = _t252 & 0x0000ffff;
												}
											} else {
												_t234 =  *((intOrPtr*)((_t315 >> 0x00000003 ^  *_t315 ^  *0x16a81dc ^ _t280) + 0x10));
											}
											 *(_t315 + 7) = 0x3f;
											 *(_t315 + (_t234 & 0x0000ffff) * 8 - 4) = _t286;
										} else {
											 *(_t315 + 7) = _t286;
										}
										 *(_t315 + 4 + ( *_t315 & 0xffff) * 8) =  *(_t280 + 0x54) ^  *_t315 & 0x0000ffff;
									} else {
										_t300 = _t311 << 3;
										_a20 = _t300;
										_t301 = _t300 - _a16;
										if(_t301 >= 0x3f) {
											__eflags =  *(_t315 + 7) & 0x00000080;
											if(( *(_t315 + 7) & 0x00000080) == 0) {
												__eflags =  *(_t280 + 0x4c);
												if( *(_t280 + 0x4c) == 0) {
													_t258 = _t311 & 0x0000ffff;
												} else {
													_t270 =  *_t315;
													__eflags =  *(_t280 + 0x4c) & _t270;
													if(( *(_t280 + 0x4c) & _t270) != 0) {
														_t270 = _t270 ^  *(_t280 + 0x50);
														__eflags = _t270;
													}
													_t258 = _t270 & 0x0000ffff;
												}
											} else {
												_t258 =  *((intOrPtr*)((_t315 >> 0x00000003 ^  *_t315 ^  *0x16a81dc ^ _t280) + 0x10));
											}
											 *(_t315 + 7) = 0x3f;
											 *(_t315 + (_t258 & 0x0000ffff) * 8 - 4) = _t301;
										} else {
											 *(_t315 + 7) = _t301;
										}
										_t260 =  *((intOrPtr*)(_t315 + 6));
										if(_t260 == 0) {
											_t305 = _t280;
										} else {
											_t305 = (_t315 & 0xffff0000) - ((_t260 & 0x000000ff) << 0x10) + 0x10000;
										}
										E0162645A(_t280, _t305, _a20 + _t315, _a4,  *(_t280 + 0x40) >> 0x00000006 & 1, _t311, _v8);
									}
									if((_a8 & 0x00000008) != 0) {
										_t238 = _v20;
										__eflags = _a16 - _t238;
										if(_a16 > _t238) {
											E01604EC0(_t238 + _t315 + 8, 0, _a16 - _t238);
										}
									} else {
										if(( *(_t280 + 0x40) & 0x00000040) != 0) {
											_t314 = _v20;
											_t298 = _t314 & 0x00000003;
											__eflags = _t298;
											if(_t298 != 0) {
												_t250 = 4;
												_t251 = _t250 - _t298;
												__eflags = _t251;
												_t298 = _t251;
											}
											_t303 = _t314 + _t298;
											__eflags = _a16 - _t303;
											if(_a16 > _t303) {
												_t247 = _a16 - _t298 - _t314 & 0xfffffffc;
												__eflags = _t247;
												if(_t247 != 0) {
													E01605810(_t303 + _t315 + 8, _t247, 0xbaadf00d);
												}
											}
										}
									}
									if(( *(_t280 + 0x40) & 0x00000020) != 0) {
										asm("stosd");
										asm("stosd");
									}
									 *(_t315 + 2) = (_a8 >> 0x00000004 ^  *(_t315 + 2)) & 0x0000001f ^ _a8 >> 0x00000004;
									_t228 = 1;
									goto L57;
								}
								goto L46;
							}
						} else {
							__ecx =  *__edi & 0x0000ffff;
							while(1) {
								__eflags = __ecx -  *(__eax + 4);
								if(__ecx <  *(__eax + 4)) {
									break;
								}
								__edx =  *__eax;
								__eflags = __edx;
								if(__edx == 0) {
									__ebx =  *(__eax + 4);
									__ebx =  *(__eax + 4) - 1;
									_v12 = __ebx;
									L22:
									__ecx = __ebx;
									__ecx = __ebx -  *((intOrPtr*)(__eax + 0x14));
									__eflags =  *(__eax + 8);
									_v20 = __ecx;
									if( *(__eax + 8) != 0) {
										__ecx = __ecx + __ecx;
										__eflags = __ecx;
									}
									__edx =  *(__eax + 0x20);
									__ecx = __ecx << 2;
									__edx =  *(__eax + 0x20) + __ecx;
									_v16 = __ecx;
									__ecx =  *__edx;
									 *(__eax + 0xc) =  *(__eax + 0xc) - 1;
									_v24 =  *__edx;
									 *(__eax + 4) =  *(__eax + 4) - 1;
									__eflags = __ebx -  *(__eax + 4) - 1;
									if(__ebx ==  *(__eax + 4) - 1) {
										 *((intOrPtr*)(__eax + 0x10)) =  *((intOrPtr*)(__eax + 0x10)) - 1;
									}
									__ecx = __edi + 8;
									__eflags = _v24 - __edi + 8;
									if(_v24 != __edi + 8) {
										__ebx = _a4;
										goto L37;
									} else {
										__eflags =  *__eax;
										__ecx =  *(__eax + 4);
										if( *__eax == 0) {
											__ecx = __ecx - 1;
											__eflags = __ecx;
										}
										__eflags = _v12 - __ecx;
										__ecx =  *(__edi + 8);
										__ebx = _a4;
										if(__eflags >= 0) {
											__eflags = __ecx -  *((intOrPtr*)(__eax + 0x18));
											if(__ecx !=  *((intOrPtr*)(__eax + 0x18))) {
												 *__edx = __ecx;
												goto L37;
											} else {
												 *__edx =  *__edx & 0x00000000;
												goto L36;
											}
										} else {
											_v24 = __ecx;
											__eflags = __ecx -  *((intOrPtr*)(__eax + 0x18));
											if(__ecx ==  *((intOrPtr*)(__eax + 0x18))) {
												L35:
												__ecx =  *(__eax + 0x20);
												__edx = _v16;
												_t77 = __edx + __ecx;
												 *_t77 =  *(__edx + __ecx) & 0x00000000;
												__eflags =  *_t77;
												L36:
												__ecx = _v20;
												__eax =  *(__eax + 0x1c);
												__ecx = __ecx >> 5;
												__eax = __eax + (__ecx >> 5) * 4;
												0 = 1;
												__ecx = __ecx & 0x0000001f;
												__edx = 1 << __cl;
												__edx =  !(1 << __cl);
												 *__eax =  *__eax & __edx;
												__eflags =  *__eax;
												goto L37;
											}
											__eflags =  *(__ebx + 0x4c);
											if( *(__ebx + 0x4c) == 0) {
												__ecx =  *(__ecx - 8) & 0x0000ffff;
											} else {
												__ecx =  *(__ecx - 8);
												__eflags =  *(__ebx + 0x4c) & __ecx;
												if(( *(__ebx + 0x4c) & __ecx) != 0) {
													__eflags = __ecx;
												}
												__ecx = __cx & 0x0000ffff;
											}
											__edx =  *__edi & 0x0000ffff;
											__ecx = __cx & 0x0000ffff;
											__edx = ( *__edi & 0x0000ffff) == (__cx & 0x0000ffff);
											__eflags = ( *__edi & 0x0000ffff) == (__cx & 0x0000ffff);
											if(( *__edi & 0x0000ffff) == (__cx & 0x0000ffff)) {
												__eax =  *(__eax + 0x20);
												__ecx = _v16;
												__edx = _v24;
												 *(_v16 + __eax) = __edx;
												goto L37;
											} else {
												goto L35;
											}
										}
									}
								}
								__eax = __edx;
							}
							__ebx = __ecx;
							_v12 = __ecx;
							goto L22;
						}
					}
				}
			}

0x015f9203
0x015f9209
0x015fba48
0x00000000
0x015f920f
0x015f920f
0x015f9213
0x015f9214
0x015f9217
0x015f921a
0x015f921d
0x015f9220
0x015f9221
0x015f9224
0x015f9226
0x015f9229
0x015f922e
0x015f9231
0x015f9233
0x015f9236
0x0165da11
0x0165da13
0x0165da14
0x0165da15
0x0165da15
0x015f9236
0x015f923c
0x015f923f
0x015f9242
0x015fae0f
0x015fae0f
0x015fae13
0x015fae18
0x015fae1a
0x015fae1c
0x015fae1f
0x015fae22
0x015fae22
0x015fae22
0x00000000
0x015f9248
0x015f9248
0x015f924b
0x015f924e
0x015f9250
0x015f9253
0x015f9256
0x00000000
0x00000000
0x015f925c
0x015f925f
0x015f9262
0x015f9264
0x015f9267
0x015f926a
0x015f926d
0x015f926f
0x015f9271
0x0165da31
0x0165da31
0x0165da33
0x0165da34
0x0165da35
0x0165da36
0x0165da37
0x0165da39
0x015fae24
0x015fae24
0x015f9475
0x015f9477
0x015f9479
0x015f9479
0x015f9277
0x015f9279
0x00000000
0x00000000
0x015f927f
0x015f9282
0x015f9285
0x015f928b
0x015f928d
0x015f9353
0x015f9353
0x015f9356
0x015f9359
0x015f935b
0x015f935e
0x015f9362
0x0164a9dc
0x0164a9de
0x0164a9e0
0x0164a9e5
0x0164a9e7
0x00000000
0x00000000
0x0165da27
0x00000000
0x0165da27
0x015f9368
0x015f9368
0x015f936b
0x015f936d
0x0165da43
0x0165da46
0x0165da4d
0x0165da50
0x0165da52
0x0165da54
0x0165da57
0x0165da59
0x0165da59
0x0165da59
0x0165da59
0x0165da57
0x0165da65
0x0165da69
0x0165da6e
0x0165da71
0x0165da74
0x0165da7a
0x0165da80
0x0165da83
0x0165da87
0x0165daa9
0x0165daae
0x0165da89
0x0165da8f
0x0165da95
0x0165daa1
0x0165daa6
0x0165daa6
0x0165dab3
0x0165dab6
0x0165dab7
0x0165dabb
0x0165dacb
0x0165dacb
0x0165da74
0x015f9373
0x015f9376
0x015f9379
0x015f937c
0x015f937f
0x015f9382
0x015f9385
0x015f9388
0x0165dad5
0x0165dad9
0x0165dadd
0x015f938e
0x015f938e
0x015f9391
0x0165dae7
0x0165daea
0x015f9397
0x015f9399
0x015f939c
0x015f939f
0x0165daf4
0x0165daf6
0x0165db0f
0x0165db13
0x0165db24
0x0165db15
0x0165db15
0x0165db17
0x0165db1a
0x0165db1c
0x0165db1c
0x0165db1f
0x0165db1f
0x0165daf8
0x0165daf8
0x0165dafc
0x0165db01
0x0165db07
0x0165db09
0x0165db09
0x0165db27
0x0165db2a
0x015f93a5
0x015f93a5
0x015f93a8
0x015f93a8
0x015f93a8
0x015f939f
0x015f9391
0x015f93ad
0x015f93b0
0x015f93b3
0x015f93b6
0x015f93ba
0x015fae2b
0x015fae2e
0x015fae31
0x015fae31
0x015f93c0
0x015f93c4
0x015eb2ef
0x015eb2f3
0x015eb2fa
0x015eb300
0x015eb30d
0x0165db47
0x0165db47
0x015f93da
0x015f93da
0x00000000
0x015f93ca
0x015f93ca
0x015f93cf
0x015f93d4
0x0165db50
0x0165db53
0x0165db56
0x0165db66
0x0165db6b
0x015f93dd
0x015f93df
0x015f93e5
0x015fae3d
0x015fae45
0x015fae48
0x015fae4b
0x0165db73
0x0165db77
0x0165db90
0x0165db93
0x0165dba4
0x0165db95
0x0165db95
0x0165db97
0x0165db9a
0x0165db9c
0x0165db9c
0x0165db9c
0x0165db9f
0x0165db9f
0x0165db79
0x0165db8a
0x0165db8a
0x0165dbaa
0x0165dbae
0x015fae51
0x015fae51
0x015fae51
0x015fae61
0x015f93eb
0x015f93ed
0x015f93f0
0x015f93f3
0x015f93f9
0x0165dbb7
0x0165dbbb
0x0165dbd4
0x0165dbd7
0x0165dbe8
0x0165dbd9
0x0165dbd9
0x0165dbdb
0x0165dbde
0x0165dbe0
0x0165dbe0
0x0165dbe0
0x0165dbe3
0x0165dbe3
0x0165dbbd
0x0165dbce
0x0165dbce
0x0165dbee
0x0165dbf2
0x015f93ff
0x015f93ff
0x015f93ff
0x015f9402
0x015f9407
0x015f947c
0x015f9409
0x015f9419
0x015f9419
0x015f943a
0x015f943a
0x015f9443
0x015fb850
0x015fb853
0x015fb856
0x015fb869
0x015fb86e
0x015f9449
0x015f944d
0x0165dbfb
0x0165dc00
0x0165dc00
0x0165dc03
0x0165dc07
0x0165dc08
0x0165dc08
0x0165dc0a
0x0165dc0a
0x0165dc0c
0x0165dc0f
0x0165dc12
0x0165dc1f
0x0165dc1f
0x0165dc22
0x0165dc33
0x0165dc33
0x0165dc22
0x0165dc12
0x015f944d
0x015f9457
0x0165dc49
0x0165dc4a
0x0165dc4a
0x015f9470
0x015f9473
0x00000000
0x015f9473
0x00000000
0x015f93d4
0x015f9293
0x015f9293
0x015f9296
0x015f9296
0x015f9299
0x00000000
0x00000000
0x015f929b
0x015f929d
0x015f929f
0x015f5ca8
0x015f5cab
0x015f5cac
0x015f92ae
0x015f92ae
0x015f92b0
0x015f92b3
0x015f92b7
0x015f92ba
0x015f92bc
0x015f92bc
0x015f92bc
0x015f92be
0x015f92c1
0x015f92c4
0x015f92c6
0x015f92c9
0x015f92cb
0x015f92ce
0x015f92d4
0x015f92d5
0x015f92d7
0x015f5ca0
0x015f5ca0
0x015f92dd
0x015f92e0
0x015f92e3
0x015f6733
0x00000000
0x015f92e9
0x015f92e9
0x015f92ec
0x015f92ef
0x015f92f1
0x015f92f1
0x015f92f1
0x015f92f2
0x015f92f5
0x015f92f8
0x015f92fb
0x015f4734
0x015f4737
0x015f511f
0x00000000
0x015f473d
0x015f473d
0x00000000
0x015f473d
0x015f9301
0x015f9301
0x015f9304
0x015f9307
0x015f932f
0x015f932f
0x015f9332
0x015f9335
0x015f9335
0x015f9335
0x015f9339
0x015f9339
0x015f933c
0x015f9341
0x015f9344
0x015f9349
0x015f934a
0x015f934d
0x015f934f
0x015f9351
0x015f9351
0x00000000
0x015f9351
0x015f9309
0x015f930d
0x015fba4f
0x015f9313
0x015f9313
0x015f9316
0x015f9319
0x015f931b
0x015f931b
0x015f931e
0x015f931e
0x015f9321
0x015f9324
0x015f9327
0x015f9327
0x015f9329
0x015f09e8
0x015f09eb
0x015f09ee
0x015f09f1
0x00000000
0x00000000
0x00000000
0x00000000
0x015f9329
0x015f92fb
0x015f92e3
0x015f92a5
0x015f92a5
0x015f92a9
0x015f92ab
0x00000000
0x015f92ab
0x015f928d
0x015f9242

Strings

HEAP: , xrefs: 0165DAA9
HEAP[%wZ]: , xrefs: 0165DA9C
HEAP: Free Heap block %lx modified at %lx after it was freed, xrefs: 0165DABD

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %lx modified at %lx after it was freed$HEAP[%wZ]:
API String ID: 0-2419525547
Opcode ID: 6f90342e46382b6a5fa8be7b03bf3b8fde57c5f4ef980c591006421474a9ca2a
Instruction ID: 9a701726ef6d66c5cc9c5274c3552311c40caeeb7760638cf5b78a0f35b0ae95
Opcode Fuzzy Hash: 6f90342e46382b6a5fa8be7b03bf3b8fde57c5f4ef980c591006421474a9ca2a
Instruction Fuzzy Hash: 9002BC70504646DFDB68CF68C894ABABBF2FF54304F14845DEE868B286D730E945CB61

Uniqueness

Uniqueness Score: 100.00%

Function 015FC447, Relevance: 4.1, Strings: 3, Instructions: 340
UNIQUECrypto

C-Code - Quality: 88%

			E015FC447(signed short __ecx, signed short* __edx) {
				signed short _v8;
				signed short* _v12;
				signed short* _v16;
				signed short _v20;
				signed short _v24;
				char _v28;
				signed int _v32;
				signed short _v36;
				signed short _t135;
				signed short _t139;
				signed int _t142;
				void* _t150;
				intOrPtr _t152;
				intOrPtr _t161;
				signed int _t177;
				intOrPtr _t180;
				signed short _t181;
				signed short _t183;
				signed short* _t185;
				signed short _t186;
				unsigned int _t195;
				signed int _t198;
				signed short* _t199;
				signed int _t208;
				signed short _t209;
				signed short _t210;
				signed int _t211;
				signed short* _t214;
				unsigned int* _t215;
				signed short* _t221;
				signed short _t227;
				signed int _t228;
				signed short _t231;
				signed short _t233;
				signed short _t234;
				signed short _t237;
				void* _t239;
				signed short _t241;
				signed int _t242;
				void* _t246;
				signed short _t248;
				signed short _t251;
				signed int* _t253;
				signed int _t259;
				signed int _t261;

				_t216 = __ecx;
				_t253 = __edx;
				_t236 =  *__edx & 0x0000ffff;
				__edx[1] = __edx[1] & 0x000000f8;
				_t251 = __ecx;
				__edx[3] = 0;
				_v12 = __edx;
				_v8 =  *__edx & 0x0000ffff;
				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
					_t101 =  &(_t253[4]); // 0x10
					E01605810(_t101, _t236 * 8 - 0x10, 0xfeeefeee);
					__edx[1] = __edx[1] | 0x00000004;
					_t237 = _v8;
				}
				_t139 =  *(_t251 + 0xb8);
				_push(_t211);
				__eflags = _t139;
				if(_t139 == 0) {
					_t216 =  *(_t251 + 0xc4);
					goto L47;
				} else {
					while(1) {
						__eflags = _t237 -  *((intOrPtr*)(_t139 + 4));
						if(_t237 <  *((intOrPtr*)(_t139 + 4))) {
							_t214 = _t139;
							_v16 = _t214;
							break;
						}
						_t234 =  *_t139;
						__eflags = _t234;
						if(_t234 == 0) {
							_t237 =  *((intOrPtr*)(_t139 + 4)) - 1;
							__eflags = _t237;
							_v16 = _t139;
							_t214 = _t139;
							break;
						} else {
							_t139 = _t234;
							continue;
						}
					}
					_t221 = _t139 + 0x14;
					while(1) {
						_v36 = _t237;
						_v32 = _t237 -  *_t221;
						_t241 = _t214[0xc];
						_t180 =  *((intOrPtr*)(_t241 + 4));
						_v24 = _t241;
						__eflags = _t241 - _t180;
						if(_t241 == _t180) {
							goto L70;
						}
						_t242 =  *(_t251 + 0x4c);
						__eflags = _t242;
						if(_t242 == 0) {
							_t181 =  *(_t180 - 8) & 0x0000ffff;
						} else {
							_t210 =  *(_t180 - 8);
							_t242 =  *(_t251 + 0x4c);
							__eflags = _t210 & _t242;
							if((_t210 & _t242) != 0) {
								_t210 = _t210 ^  *(_t251 + 0x50);
								__eflags = _t210;
							}
							_t181 = _t210 & 0x0000ffff;
						}
						_t183 = _v24;
						__eflags = _v8 - (_t181 & 0x0000ffff);
						if(_v8 - (_t181 & 0x0000ffff) > 0) {
							L36:
							_v20 = _t183;
							goto L44;
						} else {
							_t185 =  *_t183 - 8;
							__eflags = _t242;
							if(_t242 == 0) {
								_t186 =  *_t185 & 0x0000ffff;
							} else {
								_t209 =  *_t185;
								_t242 =  *(_t251 + 0x4c);
								__eflags = _t209 & _t242;
								if((_t209 & _t242) != 0) {
									_t209 = _t209 ^  *(_t251 + 0x50);
									__eflags = _t209;
								}
								_t186 = _t209 & 0x0000ffff;
							}
							__eflags = _v8 - (_t186 & 0x0000ffff);
							if(_v8 - (_t186 & 0x0000ffff) <= 0) {
								_t183 =  *_v24;
								goto L36;
							} else {
								__eflags =  *_t214;
								if( *_t214 != 0) {
									L3:
									_t259 = _v32 >> 5;
									_t215 = _t214[0xe] + _t259 * 4;
									_t246 = (_t214[2] -  *_t221 >> 5) - 1;
									_t195 =  !((1 << (_v32 & 0x0000001f)) - 1) &  *_t215;
									__eflags = 1;
									if(1 == 0) {
										while(1) {
											__eflags = _t259 - _t246;
											if(_t259 > _t246) {
												break;
											}
											_t215 =  &(_t215[1]);
											_t195 =  *_t215;
											_t259 = _t259 + 1;
											__eflags = _t195;
											if(_t195 == 0) {
												continue;
											}
											break;
										}
										__eflags = _t195;
										if(_t195 != 0) {
											goto L4;
										}
										_v20 = _v20 & 0x00000000;
										L9:
										_t214 = _v16;
										L44:
										_t253 = _v12;
										L45:
										_t216 = _v20;
										__eflags = _t216;
										if(_t216 == 0) {
											_t214 =  *_t214;
											_t221 =  &(_t214[0xa]);
											_t237 =  *_t221;
											_v16 = _t214;
											continue;
										}
										_t237 = _v8;
										L47:
										__eflags = _t251 + 0xc4 - _t216;
										if(_t251 + 0xc4 == _t216) {
											L53:
											_t142 =  *(_t251 + 0xd0) ^  *(_t251 + 0x58);
											if(_t142 == 0) {
												_t142 = E015FC2C2(_t253,  &_v28,  &_v8);
												if(_t142 != 0) {
													_t150 = E01632686(0xffffffff,  &_v28,  &_v8, 0x4000);
													_t213 = _t150;
													if(_t150 < 0) {
														_t152 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
														__eflags =  *(_t152 + 0xc);
														if( *(_t152 + 0xc) == 0) {
															_push("HEAP: ");
															E015EF63B();
														} else {
															E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
														}
														_push(_v8);
														_push(_v28);
														_push(_t251);
														_t142 = E015EF63B("RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %x)\n", _t213);
													} else {
														if( *0x7ffe0380 != 0) {
															_t161 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
															__eflags =  *(_t161 + 0x240) & 0x00000001;
															if(( *(_t161 + 0x240) & 0x00000001) != 0) {
																E016942AC(_t251, _v28, _v8, 7);
															}
														}
														_t239 = 3;
														E0162ED2C(_t251, _t239);
														 *((intOrPtr*)(_t251 + 0x120)) =  *((intOrPtr*)(_t251 + 0x120)) + 1;
														 *((intOrPtr*)(_t251 + 0x124)) =  *((intOrPtr*)(_t251 + 0x124)) + _v8;
														if( *0x7ffe0380 != 0) {
															__eflags =  *( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x240) & 0x00000001;
															if(__eflags != 0) {
																E01694758(__eflags, _t251, _v28, _v8,  *(_t251 + 0x78) << 3, 0, 0,  *0x7ffe0380 & 0x000000ff);
															}
														}
														if( *0x7ffe038a != 0) {
															E01694758(__eflags, _t251, _v28, _v8,  *(_t251 + 0x78) << 3, 0, 0,  *0x7ffe038a & 0x000000ff);
														}
														_t142 = _t253[0] & 0x00000013 | 0x00000008;
														_t253[0] = _t142;
													}
												}
											}
											if( *(_t251 + 0x4c) != 0) {
												_t253[0] = _t253[0] ^ _t253[0] ^  *_t253;
												_t142 =  *(_t251 + 0x50);
												 *_t253 =  *_t253 ^ _t142;
											}
											return _t142;
										}
										_t211 =  *(_t251 + 0x4c);
										while(1) {
											__eflags = _t211;
											if(_t211 == 0) {
												goto L67;
											}
											_t135 =  *(_t216 - 8);
											_t211 =  *(_t251 + 0x4c);
											__eflags = _t135 & _t211;
											if((_t135 & _t211) != 0) {
												_t135 = _t135 ^  *(_t251 + 0x50);
											}
											_t237 = _v8;
											_t177 = _t135 & 0x0000ffff;
											L52:
											if(_t237 > (_t177 & 0x0000ffff)) {
												_t216 =  *_t216;
												__eflags = _t251 + 0xc4 - _t216;
												if(_t251 + 0xc4 == _t216) {
													goto L53;
												}
												continue;
											}
											goto L53;
											L67:
											_t177 =  *(_t216 - 8) & 0x0000ffff;
											goto L52;
										}
									}
									L4:
									__eflags = _t195 & 0x0000ffff;
									if((_t195 & 0x0000ffff) == 0) {
										_t227 = _t195 >> 0x00000010 & 0x000000ff;
										__eflags = _t227;
										if(_t227 == 0) {
											_t28 = (_t195 >> 0x18) + 0x1625818; // 0x10008
											_t198 = ( *_t28 & 0x000000ff) + 0x18;
										} else {
											_t27 = _t227 + 0x1625818; // 0x10008
											_t198 = ( *_t27 & 0x000000ff) + 0x10;
										}
									} else {
										_t248 = _t195 & 0x000000ff;
										__eflags = _t248;
										if(_t248 == 0) {
											_t26 = (_t195 >> 0x00000008 & 0x000000ff) + 0x1625818; // 0x10008
											_t198 = ( *_t26 & 0x000000ff) + 8;
										} else {
											_t17 = _t248 + 0x1625818; // 0x10008
											_t198 =  *_t17 & 0x000000ff;
										}
									}
									_t261 = (_t259 << 5) + _t198;
									_t199 = _v16;
									__eflags = _t199[4];
									_t228 = _t261 + _t261;
									if(_t199[4] == 0) {
										_t228 = _t261;
									}
									_v20 =  *(_t199[0x10] + _t228 * 4);
									goto L9;
								}
								__eflags = _v36 - _t214[2] - 1;
								if(_v36 != _t214[2] - 1) {
									goto L3;
								}
								__eflags = _t214[4];
								_t208 = _v32;
								if(_t214[4] != 0) {
									_t208 = _t208 + _t208;
									__eflags = _t208;
								}
								_t183 =  *(_t214[0x10] + _t208 * 4);
								while(1) {
									__eflags = _v24 - _t183;
									if(_v24 == _t183) {
										goto L44;
									}
									__eflags = _t242;
									if(_t242 == 0) {
										_t231 =  *(_t183 - 8) & 0x0000ffff;
									} else {
										_t233 =  *(_t183 - 8);
										_t242 =  *(_t251 + 0x4c);
										__eflags = _t233 & _t242;
										if((_t233 & _t242) != 0) {
											_t233 = _t233 ^  *(_t251 + 0x50);
											__eflags = _t233;
										}
										_t231 = _t233 & 0x0000ffff;
									}
									__eflags = _v8 - (_t231 & 0x0000ffff);
									if(_v8 - (_t231 & 0x0000ffff) <= 0) {
										goto L36;
									} else {
										_t183 =  *_t183;
										continue;
									}
								}
								goto L44;
							}
						}
						L70:
						_v20 = _t241;
						goto L45;
					}
				}
			}

0x015fc447
0x015fc450
0x015fc452
0x015fc455
0x015fc45a
0x015fc45c
0x015fc464
0x015fc467
0x015fc46a
0x01658d40
0x01658d44
0x01658d49
0x01658d4d
0x01658d4d
0x015fc470
0x015fc476
0x015fc477
0x015fc479
0x01658d55
0x00000000
0x015fc47f
0x015fc47f
0x015fc47f
0x015fc482
0x015f3807
0x015f3809
0x015f380c
0x015f380c
0x015fc488
0x015fc48a
0x015fc48c
0x015fc495
0x015fc495
0x015fc496
0x015fc499
0x00000000
0x015fc48e
0x015fc48e
0x00000000
0x015fc48e
0x015fc48c
0x015fc49b
0x015fc49e
0x015fc49e
0x015fc4a3
0x015fc4a6
0x015fc4a9
0x015fc4ac
0x015fc4af
0x015fc4b1
0x00000000
0x00000000
0x015fc4b7
0x015fc4ba
0x015fc4bc
0x0164a72f
0x015fc4c2
0x015fc4c2
0x015fc4c5
0x015fc4c8
0x015fc4ca
0x015fc4cc
0x015fc4cc
0x015fc4cc
0x015fc4cf
0x015fc4cf
0x015fc4da
0x015fc4dd
0x015fc4df
0x015fc536
0x015fc536
0x00000000
0x015fc4e1
0x015fc4e3
0x015fc4e6
0x015fc4e8
0x0164a738
0x015fc4ee
0x015fc4ee
0x015fc4f0
0x015fc4f3
0x015fc4f5
0x015fc4f7
0x015fc4f7
0x015fc4f7
0x015fc4fa
0x015fc4fa
0x015fc505
0x015fc507
0x0164a728
0x00000000
0x015fc50d
0x015fc50d
0x015fc510
0x015f3811
0x015f381f
0x015f3822
0x015f3830
0x015f3834
0x015f3834
0x015f3836
0x01658d68
0x01658d68
0x01658d6a
0x00000000
0x00000000
0x01658d6c
0x01658d6f
0x01658d71
0x01658d72
0x01658d74
0x00000000
0x00000000
0x00000000
0x01658d74
0x01658d76
0x01658d78
0x00000000
0x00000000
0x01658d87
0x015f3873
0x015f3873
0x015fc566
0x015fc566
0x015fc569
0x015fc569
0x015fc56c
0x015fc56e
0x01658d90
0x01658d92
0x01658d95
0x01658d97
0x00000000
0x01658d97
0x015fc574
0x015fc577
0x015fc57d
0x015fc57f
0x015fc5ab
0x015fc5b1
0x015fc5b4
0x015fc5c2
0x015fc5c9
0x015fc5da
0x015fc5df
0x015fc5e3
0x01658e41
0x01658e44
0x01658e48
0x01658e6a
0x01658e6f
0x01658e4a
0x01658e62
0x01658e67
0x01658e75
0x01658e78
0x01658e7b
0x01658e82
0x015fc5e9
0x015fc5f0
0x01658dba
0x01658dbd
0x01658dc4
0x01658dd3
0x01658dd3
0x01658dc4
0x015fc5f8
0x015fc5fb
0x015fc603
0x015fc609
0x015fc616
0x01658de6
0x01658ded
0x01658e0d
0x01658e0d
0x01658ded
0x015fc623
0x01658e31
0x01658e31
0x015fc62e
0x015fc630
0x015fc630
0x015fc5e3
0x015fc5c9
0x015fc638
0x015fc642
0x015fc645
0x015fc648
0x015fc648
0x015fc64d
0x015fc64d
0x015fc581
0x015fc584
0x015fc584
0x015fc586
0x00000000
0x00000000
0x015fc58c
0x015fc58f
0x015fc592
0x015fc594
0x015f1b0f
0x015f1b0f
0x015fc59a
0x015fc59d
0x015fc5a0
0x015fc5a5
0x01658d9f
0x01658da7
0x01658da9
0x00000000
0x00000000
0x00000000
0x01658daf
0x00000000
0x0164a749
0x0164a749
0x00000000
0x0164a749
0x015fc584
0x015f383c
0x015f383f
0x015f3841
0x015f38ae
0x015f38ae
0x015f38b4
0x015f38c5
0x015f38cc
0x015f38b6
0x015f38b6
0x015f38bd
0x015f38bd
0x015f3843
0x015f384a
0x015f384a
0x015f384c
0x015f389d
0x015f38a4
0x015f384e
0x015f384e
0x015f384e
0x015f384e
0x015f384c
0x015f3858
0x015f385a
0x015f385d
0x015f3861
0x015f3864
0x01658d80
0x01658d80
0x015f3870
0x00000000
0x015f3870
0x015fc51a
0x015fc51d
0x00000000
0x00000000
0x015fc523
0x015fc527
0x015fc52a
0x015fc52c
0x015fc52c
0x015fc52c
0x015fc531
0x015fc561
0x015fc561
0x015fc564
0x00000000
0x00000000
0x015fc53b
0x015fc53d
0x0164a740
0x015fc543
0x015fc543
0x015fc546
0x015fc549
0x015fc54b
0x015fc54d
0x015fc54d
0x015fc54d
0x015fc550
0x015fc550
0x015fc55b
0x015fc55d
0x00000000
0x015fc55f
0x015fc55f
0x00000000
0x015fc55f
0x015fc55d
0x00000000
0x015fc561
0x015fc507
0x01658d60
0x01658d60
0x00000000
0x01658d60
0x015fc49e

Strings

HEAP: , xrefs: 01658E6A
HEAP[%wZ]: , xrefs: 01658E5D
RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %x), xrefs: 01658E7D

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %x)
API String ID: 0-385592399
Opcode ID: 51741b5a4b6e4afe1f24a2c4a3e5266200dec44344a5db0148bea04ecd75afa4
Instruction ID: f4c41a9c29c8cd5c5ac479fd487c3c49e0194ca7da52ebe4bd993fa0e7bd84b9
Opcode Fuzzy Hash: 51741b5a4b6e4afe1f24a2c4a3e5266200dec44344a5db0148bea04ecd75afa4
Instruction Fuzzy Hash: 84D1BD72A0065ADFEB24CF69C884BBABBF5BF44300F1485ADDA469F641D734E901DB90

Uniqueness

Uniqueness Score: 100.00%

Function 016324E1, Relevance: 4.0, Strings: 3, Instructions: 272
COMMONCrypto

C-Code - Quality: 60%

			E016324E1(intOrPtr _a4, signed int _a8) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				unsigned int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t126;
				signed int _t133;
				signed int _t134;
				signed int _t135;
				signed int* _t137;
				signed int _t139;
				signed int _t140;
				signed int _t145;
				signed short _t149;
				unsigned int _t156;
				signed int _t159;
				signed int _t166;
				signed int* _t167;
				intOrPtr _t169;
				signed short _t182;
				intOrPtr _t183;
				signed int _t184;
				unsigned int _t185;
				signed int _t190;
				signed int _t198;
				signed int _t199;
				signed int _t201;
				signed int _t207;
				signed int _t209;
				signed short _t219;
				signed short _t225;
				signed int _t227;
				signed int _t228;
				intOrPtr _t232;
				signed int _t233;
				signed int _t234;
				signed short* _t236;
				signed int _t238;
				signed int _t246;
				signed int* _t251;

				_t183 = _a4;
				_t251 = _a8;
				_t190 = 0;
				 *(_t183 + 0xb8) = _t251;
				_push(_t233);
				if( *_t251 != 0) {
					_t126 = _t251[1] - _t251[5] - 1;
					__eflags = _t251[2];
					if(_t251[2] != 0) {
						_t126 = _t126 + _t126;
						__eflags = _t126;
					}
					 *(_t251[8] + _t126 * 4) = _t190;
					 *(_t251[7] + (_t251[1] - _t251[5] - 1 >> 5) * 4) =  *(_t251[7] + (_t251[1] - _t251[5] - 1 >> 5) * 4) &  !(1 << (_t251[1] - _t251[5] - 0x00000001 & 0x0000001f));
				}
				_t133 = _t183 + 0xc4;
				_t234 =  *((intOrPtr*)(_t133 + 4));
				_a8 = _t234;
				__eflags = _t133 - _t234;
				if(_t133 == _t234) {
					L38:
					return _t133;
				} else {
					while(1) {
						_t236 = _t234 + 0xfffffff8;
						__eflags =  *(_t183 + 0x4c);
						if( *(_t183 + 0x4c) != 0) {
							 *_t236 =  *_t236 ^  *(_t183 + 0x50);
							__eflags = _t236[1] - (_t236[1] ^ _t236[0] ^  *_t236);
							if(__eflags != 0) {
								_push(0);
								_push(_t236);
								_push(_t183);
								E01694BBA(_t183, _t236, _t251, __eflags);
							}
						}
						_t134 =  *_t236 & 0x0000ffff;
						_t228 = _t251;
						__eflags = _t134 - _t251[1];
						if(_t134 < _t251[1]) {
							goto L52;
						} else {
							goto L23;
						}
						while(1) {
							L23:
							_t207 =  *_t228;
							__eflags = _t207;
							if(_t207 == 0) {
								break;
							}
							_t228 = _t207;
							__eflags = _t134 -  *((intOrPtr*)(_t228 + 4));
							if(_t134 >=  *((intOrPtr*)(_t228 + 4))) {
								continue;
							}
							goto L52;
						}
						_t209 =  *((intOrPtr*)(_t228 + 4)) - 1;
						__eflags = _t209;
						_v8 = _t209;
						L25:
						__eflags =  *_t251;
						if( *_t251 != 0) {
							_t184 = _t251[1];
							__eflags = _t134 - _t184;
							if(_t134 >= _t184) {
								_t134 = _t184 - 1;
							}
							_t135 = _t134 - _t251[5];
							__eflags = _t251[2];
							_v12 = _t135;
							if(_t251[2] != 0) {
								_t135 = _t135 + _t135;
								__eflags = _t135;
							}
							_t238 = _t135 << 2;
							_t137 = _t251[8] + _t238;
							_t251[3] = _t251[3] - 1;
							_v16 =  *_t137;
							_t198 =  *(_a8 + 0xfffffff8) & 0x0000ffff;
							__eflags = _t198 - _t184;
							if(_t198 >= _t184) {
								_t198 = _t184 - 1;
							}
							_t185 = _t184 - 1;
							_v20 = _t185;
							__eflags = _t198 - _t185;
							if(_t198 == _t185) {
								_t99 =  &(_t251[4]);
								 *_t99 = _t251[4] - 1;
								__eflags =  *_t99;
							}
							_t199 = _a8;
							__eflags = _v16 - _t199;
							if(_v16 == _t199) {
								_t201 = _t251[1];
								__eflags = ( *(_t199 + 0xfffffff8) & 0x0000ffff) - _t201;
								if(( *(_t199 + 0xfffffff8) & 0x0000ffff) >= _t201) {
									__eflags = _v20 - _t201;
									if(_v20 < _t201) {
										goto L11;
									}
									_t227 =  *_a8;
									_t183 = _a4;
									__eflags = _t227 - _t251[6];
									if(_t227 == _t251[6]) {
										 *_t137 =  *_t137 & 0x00000000;
										L18:
										 *(_t251[7] + (_v12 >> 5) * 4) =  *(_t251[7] + (_v12 >> 5) * 4) &  !(1 << (_v12 & 0x0000001f));
									} else {
										 *_t137 = _t227;
									}
									goto L26;
									L58:
									 *(_t238 + _t251[8]) = _t139;
									goto L26;
								}
								L11:
								_t139 =  *_a8;
								_t183 = _a4;
								__eflags = _t139 - _t251[6];
								if(_t139 == _t251[6]) {
									L17:
									_t140 = _t251[8];
									_t27 = _t140 + _t238;
									 *_t27 =  *(_t140 + _t238) & 0x00000000;
									__eflags =  *_t27;
									goto L18;
								}
								__eflags =  *(_t183 + 0x4c);
								if( *(_t183 + 0x4c) == 0) {
									_t219 =  *(_t139 - 8) & 0x0000ffff;
								} else {
									_t225 =  *(_t139 - 8);
									__eflags =  *(_t183 + 0x4c) & _t225;
									if(( *(_t183 + 0x4c) & _t225) != 0) {
										_t225 = _t225 ^  *(_t183 + 0x50);
										__eflags = _t225;
									}
									_t219 = _t225 & 0x0000ffff;
								}
								__eflags = ( *(_a8 + 0xfffffff8) & 0x0000ffff) == (_t219 & 0x0000ffff);
								_t183 = _a4;
								if(( *(_a8 + 0xfffffff8) & 0x0000ffff) == (_t219 & 0x0000ffff)) {
									goto L58;
								} else {
									goto L17;
								}
							} else {
								_t183 = _a4;
								goto L26;
							}
						}
						L26:
						_t145 = _v8 -  *((intOrPtr*)(_t228 + 0x14));
						__eflags =  *(_t228 + 8);
						_v20 = _t145;
						if( *(_t228 + 8) != 0) {
							_t145 = _t145 + _t145;
							__eflags = _t145;
						}
						 *((intOrPtr*)(_t228 + 0xc)) =  *((intOrPtr*)(_t228 + 0xc)) + 1;
						_t233 = _t145 << 2;
						_t190 =  *( *((intOrPtr*)(_t228 + 0x20)) + _t233);
						__eflags = _v8 -  *((intOrPtr*)(_t228 + 4)) - 1;
						if(_v8 ==  *((intOrPtr*)(_t228 + 4)) - 1) {
							_t54 = _t228 + 0x10;
							 *_t54 =  *(_t228 + 0x10) + 1;
							__eflags =  *_t54;
						}
						__eflags = _t190;
						if(_t190 != 0) {
							goto L1;
						} else {
							L31:
							_t188 = _a8;
							 *((intOrPtr*)(_t233 +  *((intOrPtr*)(_t228 + 0x20)))) = _a8;
							L32:
							if(_t190 == 0) {
								 *( *((intOrPtr*)(_t228 + 0x1c)) + (_v20 >> 5) * 4) =  *( *((intOrPtr*)(_t228 + 0x1c)) + (_v20 >> 5) * 4) | 1 << (_v20 & 0x0000001f);
							}
							if( *0x16af9f4 >= 1) {
								_t156 = _v8 -  *((intOrPtr*)(_t228 + 0x14));
								_t232 =  *((intOrPtr*)(_t228 + 0x1c));
								_t159 = 1 << (_t156 & 0x0000001f);
								_t246 = _t156 >> 5;
								__eflags =  *(_t232 + _t246 * 4) & _t159;
								if(( *(_t232 + _t246 * 4) & _t159) != 0) {
									goto L35;
								}
								_t169 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t169 + 0xc);
								if( *(_t169 + 0xc) == 0) {
									_push("HEAP: ");
									E015EF63B();
								} else {
									E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
								}
								_push("RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))");
								E015EF63B();
								E01694AF2(_t188, _t232, _t246, _t251, 1);
								goto L35;
							} else {
								L35:
								_t183 = _a4;
								if( *(_t183 + 0x4c) != 0) {
									_t166 = _a8;
									_t167 = _t166 + 0xfffffff8;
									_t167[0] =  *(_t166 - 6) ^  *(_t166 - 7) ^  *_t167;
									 *_t167 =  *_t167 ^  *(_t183 + 0x50);
								}
								_t133 =  *((intOrPtr*)(_a8 + 4));
								_a8 = _t133;
								if(_t183 + 0xc4 != _t133) {
									_t234 = _a8;
									continue;
								} else {
									goto L38;
								}
							}
						}
						L52:
						_v8 = _t134;
						goto L25;
					}
				}
				L1:
				if( *(_t183 + 0x4c) == 0) {
					_t149 =  *(_t190 - 8) & 0x0000ffff;
				} else {
					_t182 =  *(_t190 - 8);
					if(( *(_t183 + 0x4c) & _t182) != 0) {
						_t182 = _t182 ^  *(_t183 + 0x50);
					}
					_t149 = _t182 & 0x0000ffff;
				}
				_t188 = _t149 & 0x0000ffff;
				if(( *(_a8 + 0xfffffff8) & 0x0000ffff) - (_t149 & 0x0000ffff) <= 0) {
					goto L31;
				} else {
					goto L32;
				}
			}

0x016324ea
0x016324ee
0x016324f1
0x016324f3
0x016324f9
0x016324fc
0x01636886
0x01636887
0x0163688a
0x0163688c
0x0163688c
0x0163688c
0x01636891
0x016368b3
0x016368b3
0x01632502
0x01632508
0x0163250b
0x0163250e
0x01632510
0x016325f8
0x016325fc
0x00000000
0x01632516
0x01632516
0x01632519
0x0163251d
0x01632522
0x0163252c
0x0163252f
0x01661d94
0x01661d96
0x01661d97
0x01661d98
0x01661d98
0x0163252f
0x01632535
0x01632538
0x0163253a
0x0163253d
0x00000000
0x00000000
0x00000000
0x00000000
0x01632543
0x01632543
0x01632543
0x01632545
0x01632547
0x00000000
0x00000000
0x01636ad1
0x01636ad3
0x01636ad6
0x00000000
0x00000000
0x00000000
0x01636adc
0x01632550
0x01632550
0x01632551
0x01632554
0x01632554
0x01632557
0x016368ba
0x016368bd
0x016368bf
0x016368c1
0x016368c1
0x016368c4
0x016368c7
0x016368cb
0x016368ce
0x016368d0
0x016368d0
0x016368d0
0x016368d7
0x016368da
0x016368de
0x016368e1
0x016368ea
0x016368ed
0x016368ef
0x016368f1
0x016368f1
0x016368f4
0x016368f5
0x016368f8
0x016368fa
0x016368fc
0x016368fc
0x016368fc
0x016368fc
0x016368ff
0x01636902
0x01636905
0x01603c0c
0x01603c0f
0x01603c11
0x01661da5
0x01661da7
0x00000000
0x00000000
0x01661dbd
0x01661dbf
0x01661dc2
0x01661dc5
0x01661dce
0x01603c5a
0x01603c72
0x01661dc7
0x01661dc7
0x01661dc7
0x00000000
0x01661daf
0x01661db2
0x00000000
0x01661db2
0x01603c17
0x01603c1a
0x01603c1c
0x01603c1f
0x01603c22
0x01603c53
0x01603c53
0x01603c56
0x01603c56
0x01603c56
0x00000000
0x01603c56
0x01603c24
0x01603c28
0x015e39b7
0x01603c2e
0x01603c2e
0x01603c31
0x01603c34
0x01603c36
0x01603c36
0x01603c36
0x01603c39
0x01603c39
0x01603c48
0x01603c4a
0x01603c4d
0x00000000
0x00000000
0x00000000
0x00000000
0x0163690b
0x0163690b
0x00000000
0x0163690b
0x01636905
0x0163255d
0x01632560
0x01632563
0x01632567
0x0163256a
0x0163256c
0x0163256c
0x0163256c
0x0163256e
0x01632576
0x01632579
0x01632580
0x01632583
0x01632585
0x01632585
0x01632585
0x01632585
0x01632588
0x0163258a
0x00000000
0x01632590
0x01632590
0x01632593
0x01632596
0x01632599
0x0163259b
0x016325b3
0x016325b3
0x016325bc
0x01661dd9
0x01661ddc
0x01661de9
0x01661deb
0x01661dee
0x01661df1
0x00000000
0x00000000
0x01661dfd
0x01661e00
0x01661e04
0x01661e26
0x01661e2b
0x01661e06
0x01661e1e
0x01661e23
0x01661e31
0x01661e36
0x01661e3e
0x00000000
0x016325c2
0x016325c2
0x016325c2
0x016325c9
0x016325cb
0x016325d4
0x016325d9
0x016325df
0x016325df
0x016325e4
0x016325ed
0x016325f2
0x01603bfe
0x00000000
0x00000000
0x00000000
0x00000000
0x016325f2
0x016325bc
0x01636a7c
0x01636a7c
0x00000000
0x01636a7c
0x01632516
0x015e3988
0x015e398c
0x015e39c0
0x015e398e
0x015e398e
0x015e3994
0x015e3996
0x015e3996
0x015e3999
0x015e3999
0x015e399c
0x015e39ac
0x00000000
0x015e39b2
0x00000000
0x015e39b2

Strings

HEAP: , xrefs: 01661E26
HEAP[%wZ]: , xrefs: 01661E19
RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex)), xrefs: 01661E31

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))
API String ID: 0-1596344177
Opcode ID: 86f221d1265c10174b6c64f0d7913abbfb1ecb9a406a988d035bd76ebc210516
Instruction ID: 6bd799f7117a2cfe424cdc496c7413634d80d17c26fb74f22e4d5e25ed0408c0
Opcode Fuzzy Hash: 86f221d1265c10174b6c64f0d7913abbfb1ecb9a406a988d035bd76ebc210516
Instruction Fuzzy Hash: 4AB18C71600606DFCB28CF29C8A4A79B7F1FF89320B55869DE956CB392D730E981CB50

Uniqueness

Uniqueness Score: 0.05%

Function 0167DB95, Relevance: 3.9, Strings: 3, Instructions: 142
UNIQUECrypto

C-Code - Quality: 73%

			E0167DB95(void* __ecx, signed int _a4, unsigned int _a8) {
				intOrPtr _t42;
				signed short _t43;
				signed char _t44;
				signed short _t45;
				signed int _t47;
				signed char _t48;
				signed int _t49;
				signed int _t51;
				void* _t52;
				signed short _t67;
				signed short _t69;
				signed short _t79;
				signed char _t87;
				void* _t88;
				signed int _t91;
				signed int _t100;
				void* _t102;
				void* _t103;
				unsigned int _t105;

				_t105 = _a8;
				_t42 =  *((intOrPtr*)(_t105 + 7));
				if(_t42 == 1) {
					return _t42;
				}
				_t87 = 0x3f;
				if(_t42 != 4) {
					if(_t42 >= 0) {
						_t91 = _a4;
						if( *(_t91 + 0x4c) == 0) {
							_t43 =  *_t105 & 0x0000ffff;
						} else {
							_t79 =  *_t105;
							if(( *(_t91 + 0x4c) & _t79) != 0) {
								_t79 = _t79 ^  *(_t91 + 0x50);
							}
							_t43 = _t79 & 0x0000ffff;
						}
					} else {
						_t91 = _a4;
						_t43 =  *((intOrPtr*)((_t105 >> 0x00000003 ^  *_t105 ^  *0x16a81dc ^ _t91) + 0x10));
					}
					_t100 = _t43 & 0x0000ffff;
					_t44 =  *((intOrPtr*)(_t105 + 7));
					if(_t44 != 5) {
						if((_t44 & 0x00000040) == 0) {
							if((_t44 & _t87) == _t87) {
								if(_t44 >= 0) {
									if( *(_t91 + 0x4c) == 0) {
										_t45 =  *_t105 & 0x0000ffff;
									} else {
										_t69 =  *_t105;
										if(( *(_t91 + 0x4c) & _t69) != 0) {
											_t69 = _t69 ^  *(_t91 + 0x50);
										}
										_t45 = _t69 & 0x0000ffff;
									}
								} else {
									_t45 =  *((intOrPtr*)((_t105 >> 0x00000003 ^  *_t105 ^  *0x16a81dc ^ _t91) + 0x10));
								}
								_t47 =  *(_t105 + (_t45 & 0x0000ffff) * 8 - 4);
							} else {
								_t47 = _t44 & 0x000000ff & _t87;
							}
						} else {
							_t47 =  *(_t105 + 4 + (_t44 & 0x000000ff & _t87) * 8) & 0x0000ffff;
						}
					} else {
						_t47 =  *(_t91 + 0x54) & 0x0000ffff ^  *(_t105 + 4) & 0x0000ffff;
					}
					_t102 = (_t100 << 3) - _t47;
					goto L25;
				} else {
					_t102 = E015DEFDB(_a4, _t105);
					L25:
					_t48 =  *((intOrPtr*)(_t105 + 7));
					if(_t48 != 5) {
						if((_t48 & 0x00000040) == 0) {
							_t49 = 0;
							L31:
							_t103 = _t102 + (_t49 & 0x0000ffff);
							_t34 = _t105 + 8; // 0x9
							_t88 = _t103 + _t34;
							_t51 = E01605720(_t88, 0x167dd14, 8);
							_a4 = _t51;
							if(_t51 == 8) {
								_t52 = 1;
							} else {
								if( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) == 0) {
									_push("HEAP: ");
									E015EF63B();
								} else {
									E015EF63B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_t103);
								_push(_a4 + _t88);
								E015EF63B("Heap block at %p modified at %p past requested size of %lx\n", _t105);
								E016959C1(_t105);
								_t52 = 0;
							}
							return _t52;
						}
						_t67 = _t48 & _t87 & 0x000000ff;
						L27:
						_t49 = _t67 << 0x00000003 & 0x0000ffff;
						goto L31;
					}
					_t67 =  *(_t105 + 6) & 0x000000ff;
					goto L27;
				}
			}

0x0167db9b
0x0167db9e
0x0167dba3
0x0167dd0f
0x0167dd0f
0x0167dbad
0x0167dbb0
0x0167dbc4
0x0167dbe0
0x0167dbe7
0x0167dbf8
0x0167dbe9
0x0167dbe9
0x0167dbee
0x0167dbf0
0x0167dbf0
0x0167dbf3
0x0167dbf3
0x0167dbc6
0x0167dbd5
0x0167dbda
0x0167dbda
0x0167dbfb
0x0167dbfe
0x0167dc03
0x0167dc13
0x0167dc27
0x0167dc32
0x0167dc4f
0x0167dc60
0x0167dc51
0x0167dc51
0x0167dc56
0x0167dc58
0x0167dc58
0x0167dc5b
0x0167dc5b
0x0167dc34
0x0167dc45
0x0167dc45
0x0167dc66
0x0167dc29
0x0167dc2c
0x0167dc2c
0x0167dc15
0x0167dc1a
0x0167dc1a
0x0167dc05
0x0167dc0d
0x0167dc0d
0x0167dc6d
0x00000000
0x0167dbb2
0x0167dbbb
0x0167dc6f
0x0167dc6f
0x0167dc74
0x0167dc86
0x0167dc90
0x0167dc92
0x0167dc97
0x0167dc9e
0x0167dc9e
0x0167dca3
0x0167dca8
0x0167dcae
0x0167dd09
0x0167dcb0
0x0167dcbd
0x0167dcdf
0x0167dce4
0x0167dcbf
0x0167dcd7
0x0167dcdc
0x0167dced
0x0167dcf0
0x0167dcf7
0x0167dd00
0x0167dd05
0x0167dd05
0x00000000
0x0167dd0c
0x0167dc8a
0x0167dc7b
0x0167dc7f
0x00000000
0x0167dc7f
0x0167dc76
0x00000000
0x0167dc76

Strings

Heap block at %p modified at %p past requested size of %lx, xrefs: 0167DCF2
HEAP: , xrefs: 0167DCDF
HEAP[%wZ]: , xrefs: 0167DCD2

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %lx
API String ID: 0-3722492067
Opcode ID: 04c44607c5bdf206195c7893c341447949c60fe37acf6d23304589510b9970ca
Instruction ID: ddf3b6259808643bc7570447eac0276a4f8a1946201828551446a24a960d41da
Opcode Fuzzy Hash: 04c44607c5bdf206195c7893c341447949c60fe37acf6d23304589510b9970ca
Instruction Fuzzy Hash: 62411F792101109BE3648E9DCC84AB27BE9EF45695B448C89E8C6CF282D375E847EB60

Uniqueness

Uniqueness Score: 100.00%

Function 015E96B9, Relevance: 3.6, Strings: 2, Instructions: 1141
COMMONCrypto

C-Code - Quality: 89%

			E015E96B9(intOrPtr _a4, unsigned char _a8, intOrPtr* _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24, signed int _a28, char _a32, intOrPtr _a36) {
				signed int _v8;
				char _v136;
				signed int _v137;
				char _v138;
				char _v139;
				signed int _v144;
				signed char _v148;
				signed char _v152;
				char _v153;
				char _v154;
				char _v155;
				char _v156;
				signed char _v160;
				signed char _v164;
				unsigned char _v168;
				intOrPtr _v172;
				signed int _v176;
				char _v177;
				char _v178;
				char _v179;
				char _v180;
				char _v181;
				char _v182;
				intOrPtr _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				intOrPtr _v208;
				char _v209;
				char _v216;
				signed int _v220;
				signed char _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				intOrPtr _v240;
				signed char _v244;
				signed int _v248;
				signed char _v252;
				signed char _v256;
				signed char _v260;
				signed char _v264;
				signed char* _v268;
				void* _v272;
				char _v276;
				signed char* _v280;
				char _v284;
				signed char* _v288;
				signed int _v292;
				void* _v296;
				signed char* _v300;
				unsigned char _v304;
				signed int _v308;
				signed int _v312;
				intOrPtr _v316;
				intOrPtr _v320;
				char _v324;
				intOrPtr* _v332;
				char _v335;
				char _v336;
				intOrPtr _v340;
				char _v344;
				char* _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				char _v368;
				void* _v384;
				char _v388;
				char _v408;
				intOrPtr _v436;
				intOrPtr _v440;
				char _v464;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t545;
				unsigned char _t557;
				signed char _t561;
				intOrPtr _t562;
				signed char _t580;
				signed int _t584;
				signed int _t586;
				intOrPtr _t592;
				signed int _t604;
				void* _t605;
				intOrPtr _t606;
				signed int _t607;
				signed int _t610;
				char _t615;
				signed char _t618;
				signed int _t620;
				signed int _t622;
				signed int _t623;
				intOrPtr _t627;
				intOrPtr _t636;
				signed char _t662;
				char _t667;
				intOrPtr _t677;
				intOrPtr _t681;
				signed int _t690;
				intOrPtr _t691;
				signed int _t693;
				intOrPtr _t696;
				signed char _t700;
				signed int _t708;
				signed int _t712;
				signed char _t713;
				signed char _t717;
				signed int _t718;
				signed int _t721;
				intOrPtr _t722;
				signed char _t725;
				unsigned char _t766;
				signed int _t773;
				intOrPtr _t774;
				signed int _t789;
				intOrPtr _t790;
				intOrPtr _t792;
				signed short _t800;
				unsigned char _t805;
				intOrPtr _t806;
				intOrPtr _t807;
				intOrPtr _t808;
				intOrPtr _t809;
				signed char _t810;
				intOrPtr _t811;
				intOrPtr _t812;
				intOrPtr _t813;
				void* _t814;
				void* _t815;
				intOrPtr _t820;
				unsigned char _t821;
				signed int _t822;
				signed int _t823;
				intOrPtr _t825;
				unsigned char _t826;
				signed int _t828;
				char _t829;
				char _t830;
				signed char _t831;
				signed int _t835;
				void* _t836;
				void* _t837;

				_t545 =  *0x16a81e8; // 0x77d4aa35
				_v8 = _t545 ^ _t835;
				_v188 = _a4;
				_v332 = _a12;
				_v200 = _a16;
				_v208 = _a36;
				_v232 =  &_v136;
				_v244 = 0;
				_t818 = _a32;
				_t805 = _a8;
				_v172 = _t818;
				_v148 = 0;
				_v139 = 0;
				_v177 = 0;
				_v152 = 0;
				_v252 = 0;
				_v138 = 0;
				_v153 = 0;
				_v156 = 0;
				_v209 = 0;
				_v155 = 0;
				_v182 = 0;
				_v179 = 0;
				_v160 = 0;
				_v260 = 0;
				_v204 = 0;
				_v224 = 0;
				_v256 = 0;
				_v236 = 0;
				_v192 = 0;
				_v144 = 0x8000;
				_v220 = 0;
				_v216 = 0;
				_v248 = 0;
				_v176 = 0;
				_v137 = 0;
				_v181 = 1;
				_v178 = 1;
				_v280 = 0;
				_v288 = 0;
				_v272 = 0;
				_v296 = 0;
				_v300 = 0;
				_v268 = 0;
				_v240 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18));
				if(_t818 == 0) {
					L97:
					if(_t805 == 0) {
						_v180 = 0;
						E0163119E( &_v408, 1);
						_t805 =  &_v408;
					} else {
						_v180 = 1;
					}
					_t557 =  *(_t805 + 2) & 0x0000ffff;
					_t798 = _t557 >> 7;
					_v168 = _t805;
					_v304 = _t798;
					_v264 = _t557 >> 0x00000006 & 0x00000001;
					if(_t818 == 0) {
						if(_t798 == 0) {
							goto L102;
						}
						goto L100;
					} else {
						L100:
						if(E015EA3CE(_t818,  &_v280,  &_v288,  &_v272,  &_v300,  &_v296,  &_v268) < 0) {
							goto L192;
						}
						_v160 =  *_v280;
						_t798 = _v304;
						_v260 =  *_v288;
						_v236 =  *_v272;
						_v204 =  *_v296;
						_v224 =  *_v300;
						_v256 =  *_v268;
						L102:
						_v196 =  *(_t805 + 2) & 0x0000ffff;
						_t561 =  *(_t805 + 4);
						_t214 =  &_v196;
						 *_t214 = _v196 & 0x00008000;
						if( *_t214 != 0) {
							L57:
							if(_t561 == 0) {
								L81:
								if((_a28 & 0x00000020) != 0) {
									_t562 = _v188;
									if(_t562 == 0) {
										L209:
										_t805 = 0xc000005a;
										L184:
										if(_v244 != 0) {
											E01622882(_t745,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v244);
										}
										if(_v179 != 0) {
											if(_v252 != 0) {
												E01622882(_t745,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v252);
											}
										}
										_t818 = _v240;
										E01622882(_t745, _v240, 0, _v280);
										E01622882(_t745, _v240, 0, _v296);
										E01622882(_t745, _v240, 0, _v288);
										E01622882(_t745, _v240, 0, _v272);
										E01622882(_t745, _t818, 0, _v300);
										E01622882(_t745, _t818, 0, _v268);
										if(_v139 != 0 || _v177 != 0) {
											if(_v148 != 0) {
												E01622882(_t745, _t818, 0, _v148);
											}
										}
										if(_v138 != 0 && _v152 != 0) {
											E01622882(_t745, _t818, 0, _v152);
										}
										 *_v332 = _v192;
										_t573 = _t805;
										goto L192;
									}
									_t745 =  *(_t562 + 4);
									if(( *(_t562 + 2) & 0x00008000) == 0) {
										L23:
										_v164 = _t745;
										L24:
										_v153 = 1;
										if(_v164 != 0) {
											L106:
											_t745 =  *(_t805 + 8);
											if(_v196 != 0) {
												if(_t745 == 0) {
													L76:
													if((_a28 & 0x00000040) != 0) {
														if(_t562 == 0) {
															L208:
															_t805 = 0xc000005b;
															goto L184;
														}
														if(( *(_t562 + 2) & 0x00008000) == 0) {
															_t580 =  *(_t562 + 8);
															L79:
															_v160 = _t580;
															if(_t580 != 0) {
																L108:
																_t800 =  *(_t805 + 2) & 0x0000ffff;
																if((_t800 & 0x00000010) != 0) {
																	if(_v196 != 0) {
																		_t806 =  *((intOrPtr*)(_t805 + 0xc));
																		if(_t806 == 0) {
																			goto L109;
																		}
																		_t820 = _v168 + _t806;
																		L110:
																		_t807 = _v188;
																		if(_t807 == 0) {
																			L112:
																			_t808 = 0;
																			L113:
																			_t798 =  &_v148;
																			_v260 = _a28 >> 0x00000002 & 0x00000001;
																			_t745 = ((_t800 & 0x0000ffff) >> 0x00000001 & 0x00000018 | _t800 & 0x2800) >> 1;
																			_t805 = E015E9F99(_t808, _t820, ((_t800 & 0x0000ffff) >> 0x00000001 & 0x00000018 | _t800 & 0x2800) >> 1, _a24, _a28 >> 0x00000001 & 1, _a28 >> 0x00000002 & 0x00000001, _v164, _v160, _v224, _v256, _v208, 2, _v200, _a20,  &_v148,  &_v156,  &_v228);
																			if(_t805 >= 0) {
																				_t584 = _v228;
																				_t821 = _v168;
																				_t763 = _t584 & 0x00000008 | 0x00002004;
																				_t765 = (_t584 & 0x00000008 | 0x00002004) + _t763 | _t584 & 0x00001400;
																				_t745 = ((_t584 & 0x00000008 | 0x00002004) + _t763 | _t584 & 0x00001400) + _t765;
																				_v139 = 1;
																				_v144 = ((_t584 & 0x00000008 | 0x00002004) + _t763 | _t584 & 0x00001400) + _t765;
																				L118:
																				if((_a28 & 0x00000100) != 0) {
																					_v176 = 1;
																				}
																				if((_a28 & 0x00000200) != 0) {
																					_v176 = _v176 | 0x00000002;
																				}
																				if((_a28 & 0x00000400) != 0) {
																					_v176 = _v176 | 0x00000004;
																				}
																				if(_v176 != 0) {
																					_t822 = 0;
																					goto L125;
																				} else {
																					_t712 =  *(_t821 + 2) & 0x0000ffff;
																					if((_t712 & 0x00000010) != 0) {
																						_t713 =  *(_t821 + 0xc);
																						if((_t712 & 0x00008000) == 0) {
																							L124:
																							_t822 = E015E969A(_t713, 0x11, 0);
																							if(_t822 != 0) {
																								_t421 = _t822 + 8; // 0x8
																								_v220 = _t421;
																								_v176 =  *((intOrPtr*)(_t822 + 4));
																								_t717 =  *((intOrPtr*)(_t822 + 1));
																								_v137 = _t717;
																								if(_t717 == 8) {
																									L226:
																									_t822 = 0;
																									_v220 = 0;
																									_v176 = 0;
																									_v137 = 0;
																									goto L125;
																								}
																								if((_t717 & 0x00000010) == 0) {
																									goto L125;
																								}
																								goto L226;
																							}
																							L125:
																							_t586 = _v204;
																							if((_v137 & 0x00000008) != 0) {
																								if( *((intOrPtr*)(_t586 + 8)) >= 0x2000) {
																									goto L126;
																								}
																								_t805 = 0xc0000446;
																								goto L184;
																							}
																							L126:
																							if(_v176 != 0) {
																								L197:
																								if(_t822 != 0) {
																									L129:
																									if(_v220 != 0) {
																										L199:
																										_t805 = E0163248F( &_v136, 0x80, 2);
																										if(_t805 < 0) {
																											goto L184;
																										}
																										_t805 = E015EDE53(_t805,  &_v136, 2, _v137 & 0x000000ff, _v220, 0x11, _v176);
																										if(_t805 >= 0) {
																											L131:
																											_t809 = _v188;
																											if((_a28 & 0x00000700) != 0) {
																												_t745 = 4;
																											} else {
																												if(_t822 != 0 || _v232 == 0) {
																													_t745 = (( *(_v168 + 2) & 0x0000ffff) >> 0x00000001 & 0x00000018 |  *(_v168 + 2) & 0x2800) >> 1;
																												} else {
																													_t745 = 0;
																												}
																											}
																											if(_t809 == 0) {
																												L137:
																												_t592 = 0;
																												goto L138;
																											} else {
																												_t708 =  *(_t809 + 2) & 0x0000ffff;
																												if((_t708 & 0x00000010) != 0) {
																													_t592 =  *((intOrPtr*)(_t809 + 0xc));
																													if((_t708 & 0x00008000) == 0) {
																														L138:
																														_t798 =  &_v216;
																														_t805 = E015E9F99(_t592, _v232, _t745, _a24, 1, 0, _v164, _v160, _v224, _v256, _v208, 3, _v200, _a20,  &_v216,  &_v209,  &_v228);
																														if(_t805 != 0x8000000b) {
																															if(_t805 < 0) {
																																goto L184;
																															}
																															_t823 = _v228;
																															L140:
																															_t805 = E015E9661(_t745, _v216, _v148,  &_v248);
																															if(_v216 != 0) {
																																if(_v216 != _v232) {
																																	E01622882(_t745, _v240, 0, _v216);
																																}
																															}
																															if(_t805 < 0) {
																																goto L184;
																															} else {
																																_t810 = _v248;
																																if(_t810 != 0) {
																																	if(_v139 != 0 && _v148 != 0) {
																																		E01622882(_t745, _v240, 0, _v148);
																																	}
																																	_v144 = _v144 | ((_t823 & 0x00000008 | 0x00000004) + (_t823 & 0x00000008 | 0x00000004) | _t823 & 0x00001400) + ((_t823 & 0x00000008 | 0x00000004) + (_t823 & 0x00000008 | 0x00000004) | _t823 & 0x00001400);
																																	_v148 = _t810;
																																	_v177 = 1;
																																}
																																_t604 = _a28 & 0x00000008;
																																_v248 = _t604;
																																if(_t604 == 0) {
																																	_t605 = E015E969A(_v148, 0x11, 0);
																																	if(_t605 != 0) {
																																		_t606 = _t605 + 8;
																																	} else {
																																		_t606 = _v220;
																																	}
																																	if(_t606 == 0) {
																																		goto L144;
																																	} else {
																																		if(_v172 == 0) {
																																			goto L211;
																																		} else {
																																			_t745 =  &_v178;
																																			_t805 = E016454AD(_v204, _t606,  &_v178);
																																			if(_t805 < 0) {
																																				goto L184;
																																			}
																																			if(_v178 == 0) {
																																				_v182 = 1;
																																			}
																																			goto L144;
																																		}
																																		goto L76;
																																	}
																																} else {
																																	L144:
																																	_t766 = _v168;
																																	_t607 =  *(_t766 + 2) & 0x0000ffff;
																																	if((_t607 & 0x00000004) == 0) {
																																		L86:
																																		_t825 = 0;
																																		L148:
																																		_t811 = _v188;
																																		if(_t811 == 0) {
																																			L71:
																																			_t812 = 0;
																																			L153:
																																			_t745 = _a28 & 1;
																																			_t805 = E015E9F99(_t812, _t825, _t607 & 0x0000140c, _a24, _a28 & 1, _v260, _v164, _v160, _v224, _v256, _v208, 1, _v200, _a20,  &_v152,  &_v155,  &_v228);
																																			if(_t805 < 0) {
																																				if(_t805 != 0x8000000b) {
																																					goto L184;
																																				}
																																				if((_a28 & 0x00000001) != 0) {
																																					_v144 = _v144 | 0x00000400;
																																				}
																																				_t826 = _v168;
																																				_t610 =  *(_t826 + 2) & 0x0000ffff;
																																				_t745 = _t610 & 0x0000000c;
																																				if((_t610 & 0x0000000c) == 0xc) {
																																					if((_t610 & 0x00000004) != 0) {
																																						_t745 =  *(_t826 + 0x10);
																																						if((_t610 & 0x00008000) == 0) {
																																							L244:
																																							_v152 = _t745;
																																							L245:
																																							_v144 = _v144 | _t610 & 0x00001000 | 0x00000004;
																																							_v155 = 1;
																																							goto L155;
																																						}
																																						if(_t745 == 0) {
																																							goto L240;
																																						}
																																						_t745 = _t745 + _t826;
																																						goto L244;
																																					}
																																					L240:
																																					_v152 = 0;
																																					goto L245;
																																				} else {
																																					_t700 = _v236;
																																					if(_t700 != 0) {
																																						_v144 = _v144 | 0x00000004;
																																						_v152 = _t700;
																																					}
																																					L155:
																																					if((_a28 & 0x00001000) == 0) {
																																						if(_v180 == 0 || _v172 == 0 || _v188 == 0) {
																																							goto L156;
																																						} else {
																																							_v388 = 0;
																																							asm("stosd");
																																							asm("stosd");
																																							asm("stosd");
																																							asm("stosd");
																																							_t818 = 1;
																																							_v196 = 0;
																																							_v276 = 0;
																																							_v168 = 0;
																																							_v284 = 0x14;
																																							_t805 = E015E96B9(_v188, 0,  &_v244, _v200, _a20, _a24, _a28 | 1, _v172, _v208);
																																							if(_t805 < 0) {
																																								goto L184;
																																							}
																																							_t745 = _v244;
																																							_t690 =  *(_t745 + 2) & 0x0000ffff;
																																							if((_t690 & 0x00000004) == 0) {
																																								L10:
																																								_t691 = 0;
																																								L69:
																																								if(E015D51BA(0, _t805, 0x10, _t691) == 0) {
																																									L157:
																																									if((_a28 & 0x00000001) != 0 && _v152 == 0) {
																																										_v144 = _v144 | 0x00001000;
																																									}
																																									if(_v156 != 0) {
																																										goto L1;
																																									} else {
																																										L160:
																																										if(_v182 != 0) {
																																											if(_v248 != 0) {
																																												goto L161;
																																											}
																																											if(_v172 == 0) {
																																												L211:
																																												_t805 = 0xc000007c;
																																												goto L184;
																																											}
																																											_t677 = 0x20;
																																											_v316 = _t677;
																																											_push( &_v154);
																																											_push( &_v324);
																																											_push(_v172);
																																											_v324 = _t818;
																																											_v320 = _t818;
																																											_v312 = 0;
																																											_v308 = 0;
																																											_t805 = E01615A90();
																																											if(_t805 < 0) {
																																												goto L184;
																																											}
																																											if(_v154 != 0) {
																																												goto L161;
																																											}
																																											L256:
																																											_t805 = 0xc0000061;
																																											goto L184;
																																										}
																																										L161:
																																										if(_v153 == 0 || (_a28 & 0x00000010) != 0) {
																																											L163:
																																											if(_v155 == 0 || _v304 == 0) {
																																												L165:
																																												_t615 = 8 + ( *(_v164 + 1) & 0x000000ff) * 4;
																																												_v284 = _t615;
																																												_t773 = 0xfffffffc;
																																												_v204 = _t615 + 0x00000003 & _t773;
																																												_t618 = _v160;
																																												if(_t618 != 0) {
																																													_t667 = 8 + ( *(_t618 + 1) & 0x000000ff) * 4;
																																													_v276 = _t667;
																																													_v236 = _t667 + 0x00000003 & _t773;
																																												}
																																												_t620 = _v144 & 0x00000010;
																																												_v264 = _t620;
																																												if(_t620 != 0) {
																																													if(_v148 == 0) {
																																														goto L168;
																																													}
																																													_t828 = ( *(_v148 + 2) & 0x0000ffff) + 0x00000003 & _t773;
																																													goto L169;
																																												} else {
																																													L168:
																																													_t828 = 0;
																																													L169:
																																													_t622 = _v144 & 0x00000004;
																																													_v292 = _t622;
																																													if(_t622 == 0) {
																																														L12:
																																														_t623 = 0;
																																														L172:
																																														_t798 = _v204;
																																														_t774 =  *0x16aec78; // 0x0
																																														_v200 = _t623;
																																														_t745 = _t774 + 0x140000;
																																														_t627 = E016229EE(_v240, _t774 + 0x140000, _t623 + _t828 + _v236 + _v204 + 0x14);
																																														_v192 = _t627;
																																														if(_t627 == 0) {
																																															_t805 = 0xc0000017;
																																														} else {
																																															_t813 = _v192;
																																															E0163119E(_t813, 1);
																																															 *(_t813 + 2) =  *(_t813 + 2) | _v144;
																																															_t814 = _t813 + 0x14;
																																															if(_v264 != 0) {
																																																if(_v148 == 0) {
																																																	 *((intOrPtr*)(_v192 + 0xc)) = 0;
																																																} else {
																																																	E01604830(_t814, _v148,  *(_v148 + 2) & 0x0000ffff);
																																																	_t836 = _t836 + 0xc;
																																																	if(_v139 == 0) {
																																																		L015DF643(_t814, _v208);
																																																	}
																																																	 *((intOrPtr*)(_v192 + 0xc)) = _t814 - _v192;
																																																	if(_t828 > ( *(_v148 + 2) & 0x0000ffff)) {
																																																		E01604EC0(( *(_v148 + 2) & 0x0000ffff) + _t814, 0, _t828 - ( *(_v148 + 2) & 0x0000ffff));
																																																		_t836 = _t836 + 0xc;
																																																	}
																																																	_t814 = _t814 + _t828;
																																																}
																																															}
																																															if(_v292 != 0) {
																																																if(_v152 == 0) {
																																																	 *((intOrPtr*)(_v192 + 0x10)) = 0;
																																																} else {
																																																	_t831 = _v152;
																																																	E01604830(_t814, _t831,  *(_t831 + 2) & 0x0000ffff);
																																																	_t836 = _t836 + 0xc;
																																																	if(_v138 == 0) {
																																																		L015DF643(_t814, _v208);
																																																	}
																																																	 *((intOrPtr*)(_v192 + 0x10)) = _t814 - _v192;
																																																	if(_v200 > ( *(_t831 + 2) & 0x0000ffff)) {
																																																		E01604EC0(( *(_t831 + 2) & 0x0000ffff) + _t814, 0, _v200 - ( *(_t831 + 2) & 0x0000ffff));
																																																		_t836 = _t836 + 0xc;
																																																	}
																																																	_t814 = _t814 + _v200;
																																																}
																																															}
																																															_t829 = _v284;
																																															E01604830(_t814, _v164, _t829);
																																															_t837 = _t836 + 0xc;
																																															if(_v204 > _t829) {
																																																E01604EC0(_t829 + _t814, 0, _v204 - _t829);
																																																_t837 = _t837 + 0xc;
																																															}
																																															_t636 = _v192;
																																															_t815 = _t814 + _v204;
																																															_t745 = _t814 - _t636;
																																															 *(_t636 + 4) = _t814 - _t636;
																																															if(_v160 != 0) {
																																																_t830 = _v276;
																																																E01604830(_t815, _v160, _t830);
																																																_t638 = _v236;
																																																if(_v236 > _t830) {
																																																	E01604EC0(_t830 + _t815, 0, _t638 - _t830);
																																																}
																																																 *((intOrPtr*)(_v192 + 8)) = _t815 - _v192;
																																															}
																																															_t805 = 0;
																																														}
																																														goto L184;
																																													}
																																													_t662 = _v152;
																																													if(_t662 == 0) {
																																														goto L12;
																																													}
																																													_t623 = ( *(_t662 + 2) & 0x0000ffff) + 0x00000003 & _t773;
																																													goto L172;
																																												}
																																											} else {
																																												_t805 = E0167BDFD(_t745, _v152, _v264, _v224,  &_v252,  &_v179);
																																												if(_t805 < 0) {
																																													goto L184;
																																												}
																																												if(_v138 != 0 && _v152 != 0) {
																																													E01622882(_t745, _v240, 0, _v152);
																																												}
																																												_v152 = _v252;
																																												_v252 = 0;
																																												goto L165;
																																											}
																																										} else {
																																											if(_v172 == 0) {
																																												goto L211;
																																											}
																																											_push( &_v292);
																																											_push(_v304);
																																											_push(_v164);
																																											_push(_v172);
																																											if(E015D509B() != 0) {
																																												goto L163;
																																											}
																																											_t805 = _v292;
																																											goto L184;
																																										}
																																									}
																																								}
																																								if(_v181 != 1) {
																																									L248:
																																									_t693 = _v196;
																																									if(_t693 == 0) {
																																										_t693 = _v172;
																																									}
																																									_push( &_v168);
																																									_push( &_v276);
																																									_push( &_v284);
																																									_t745 =  &_v388;
																																									_push( &_v388);
																																									_push(_v208);
																																									_push("Actx ");
																																									_push(_t693);
																																									_push(_v244);
																																									_t805 = E01614D80();
																																									if(_v196 != 0) {
																																										_push(_v196);
																																										E01615090();
																																									}
																																									if(_t805 >= 0) {
																																										_t805 = _v168;
																																										if(_t805 >= 0) {
																																											goto L157;
																																										}
																																									}
																																									goto L184;
																																								} else {
																																									_t696 = 2;
																																									_v348 =  &_v344;
																																									_t745 =  &_v196;
																																									_push( &_v196);
																																									_push(_t696);
																																									_push(0);
																																									_v340 = _t696;
																																									_push( &_v368);
																																									_push(8);
																																									_push(_v172);
																																									_v344 = 0xc;
																																									_v336 = 1;
																																									_v335 = 0;
																																									_v368 = 0x18;
																																									_v364 = 0;
																																									_v356 = 0;
																																									_v360 = 0;
																																									_v352 = 0;
																																									_t805 = E01615470();
																																									if(_t805 < 0) {
																																										goto L184;
																																									}
																																									goto L248;
																																								}
																																								goto L71;
																																							}
																																							if((_t690 & 0x00008000) == 0) {
																																								_t691 =  *((intOrPtr*)(_t745 + 0x10));
																																								goto L69;
																																							}
																																							if( *((intOrPtr*)(_t745 + 0x10)) == 0) {
																																								goto L10;
																																							}
																																							_t691 =  *((intOrPtr*)(_t745 + 0x10)) + _t745;
																																							goto L69;
																																						}
																																					}
																																					L156:
																																					_t818 = 1;
																																					goto L157;
																																				}
																																			}
																																			_v144 = _v144 | _v228 & 0x00001408 | 0x00000004;
																																			_v138 = 1;
																																			goto L155;
																																		}
																																		_t789 =  *(_t811 + 2) & 0x0000ffff;
																																		if((_t789 & 0x00000004) == 0) {
																																			goto L71;
																																		}
																																		if((_t789 & 0x00008000) == 0) {
																																			_t812 =  *((intOrPtr*)(_t811 + 0x10));
																																			goto L153;
																																		}
																																		_t790 =  *((intOrPtr*)(_t811 + 0x10));
																																		if(_t790 == 0) {
																																			goto L71;
																																		}
																																		_t812 = _t811 + _t790;
																																		goto L153;
																																	}
																																	if((_t607 & 0x00008000) == 0) {
																																		_t825 =  *((intOrPtr*)(_v168 + 0x10));
																																		goto L148;
																																	}
																																	_t792 =  *((intOrPtr*)(_t766 + 0x10));
																																	if(_t792 == 0) {
																																		goto L86;
																																	}
																																	_t798 = _v168;
																																	_t825 = _t792 + _v168;
																																	goto L148;
																																}
																															}
																														}
																														_t823 = 0;
																														_v216 = _v232;
																														_v228 = 0;
																														goto L140;
																													}
																													if(_t592 == 0) {
																														goto L137;
																													}
																													_t592 = _t592 + _t809;
																													goto L138;
																												}
																												goto L137;
																											}
																										}
																										goto L184;
																									}
																									_v232 = 0;
																									goto L131;
																								}
																								if(_v172 == 0) {
																									goto L211;
																								} else {
																									_v220 = _t586;
																									_v137 = 0;
																									goto L129;
																								}
																								goto L199;
																							}
																							if(_t586 == 0 ||  *((intOrPtr*)(_t586 + 8)) >= 0x2000) {
																								goto L129;
																							} else {
																								_v176 = 1;
																								goto L197;
																							}
																						}
																						if(_t713 == 0) {
																							goto L123;
																						} else {
																							_t713 = _t713 + _t821;
																							goto L124;
																						}
																						goto L57;
																					}
																					L123:
																					_t713 = 0;
																					goto L124;
																				}
																			}
																			if(_t805 != 0x8000000b) {
																				goto L184;
																			}
																			if((_a28 & 0x00000002) != 0) {
																				_v144 = 0x8800;
																			}
																			_t821 = _v168;
																			_t718 =  *(_t821 + 2) & 0x0000ffff;
																			_t745 = _t718 & 0x00000030;
																			if((_t718 & 0x00000030) == 0x30) {
																				if((_t718 & 0x00000010) != 0) {
																					_t745 =  *(_t821 + 0xc);
																					if((_t718 & 0x00008000) == 0) {
																						L219:
																						_v148 = _t745;
																						L220:
																						_v144 = _v144 | _t718 & 0x00002000 | 0x00000010;
																						_v156 = 1;
																						goto L118;
																					}
																					if(_t745 == 0) {
																						goto L215;
																					}
																					_t745 = _t745 + _t821;
																					goto L219;
																				}
																				L215:
																				_v148 = 0;
																				goto L220;
																			} else {
																				goto L118;
																			}
																		}
																		_t721 =  *(_t807 + 2) & 0x0000ffff;
																		if((_t721 & 0x00000010) != 0) {
																			if((_t721 & 0x00008000) == 0) {
																				_t808 =  *((intOrPtr*)(_t807 + 0xc));
																				goto L113;
																			}
																			_t722 =  *((intOrPtr*)(_t807 + 0xc));
																			if(_t722 == 0) {
																				goto L112;
																			}
																			_t808 = _t807 + _t722;
																			goto L113;
																		}
																		goto L112;
																	}
																	_t820 =  *((intOrPtr*)(_v168 + 0xc));
																	goto L110;
																}
																L109:
																_t820 = 0;
																goto L110;
															}
															goto L208;
														}
														_t745 =  *(_t562 + 8);
														if(_t745 == 0) {
															goto L208;
														}
														_t580 = _t562 + _t745;
														goto L79;
													}
													_t580 = _v256;
													if(_t798 == 0) {
														_t580 = _v260;
													}
													goto L79;
												}
												_t745 = _t745 + _t805;
											}
											_v160 = _t745;
											if(_t745 == 0) {
												goto L76;
											}
											goto L108;
										}
										goto L209;
									}
									if(_t745 == 0) {
										_v164 = 0;
										goto L24;
									}
									_t745 = _t745 + _t562;
									goto L23;
								}
								_t725 = _v224;
								if(_t798 == 0) {
									_t725 = _v160;
								}
								_v164 = _t725;
								if(_t725 != 0) {
									L105:
									_t562 = _v188;
									goto L106;
								} else {
									goto L211;
								}
							}
							_t561 = _t561 + _t805;
						}
						_v164 = _t561;
						if(_t561 == 0) {
							goto L81;
						}
						_v153 = 1;
						goto L105;
					}
				} else {
					__eax =  &_v264;
					_push( &_v264);
					_push(0x38);
					__eax =  &_v464;
					_push( &_v464);
					_push(0xa);
					_push(__esi);
					__eax = E01615C40();
					if(__eax < 0) {
						L192:
						return E01622F0C(_t573, 0, _v8 ^ _t835, _t798, _t805, _t818);
					}
					__eax = _v440;
					_v181 = __al;
					if(_v440 == 2) {
						if(_v436 >= 1) {
							goto L97;
						}
						__eax = 0xc00000a5;
						goto L192;
					}
					goto L97;
				}
				L1:
				if(_v248 != 0) {
					goto L160;
				}
				if(_v172 == 0) {
					goto L211;
				}
				_t681 = 8;
				_v316 = _t681;
				_push( &_v154);
				_push( &_v324);
				_push(_v172);
				_v324 = _t818;
				_v320 = _t818;
				_v312 = 0;
				_v308 = 0;
				_t805 = E01615A90();
				if(_t805 < 0) {
					goto L184;
				}
				if(_v154 != 0) {
					goto L160;
				} else {
					goto L256;
				}
			}

0x015e96c4
0x015e96cb
0x015e96d1
0x015e96da
0x015e96e3
0x015e96ec
0x015e96fb
0x015e9707
0x015e9714
0x015e9718
0x015e971b
0x015e9721
0x015e9727
0x015e972d
0x015e9733
0x015e9739
0x015e973f
0x015e9745
0x015e974b
0x015e9751
0x015e9757
0x015e975d
0x015e9763
0x015e9769
0x015e976f
0x015e9775
0x015e977b
0x015e9781
0x015e9787
0x015e978d
0x015e9793
0x015e979d
0x015e97a3
0x015e97a9
0x015e97af
0x015e97b5
0x015e97bb
0x015e97c2
0x015e97c9
0x015e97cf
0x015e97d5
0x015e97db
0x015e97e1
0x015e97e7
0x015e97ed
0x015e97f5
0x015e982c
0x015e982e
0x015df628
0x015df62e
0x015df633
0x015e9834
0x015e9834
0x015e9834
0x015e983b
0x015e9844
0x015e9849
0x015e984f
0x015e9855
0x015e985d
0x015d2bd2
0x00000000
0x00000000
0x00000000
0x015e9863
0x015e9863
0x015e9895
0x00000000
0x00000000
0x015e98a3
0x015e98b1
0x015e98b7
0x015e98c5
0x015e98d3
0x015e98e1
0x015e98ef
0x015e98f5
0x015e98f9
0x015e98ff
0x015e9907
0x015e9907
0x015e990d
0x015d8047
0x015d8049
0x015df5eb
0x015df5ef
0x015d2827
0x015d282f
0x016582c0
0x016582c0
0x015e9ed2
0x015e9ed8
0x015d52c7
0x015d52c7
0x015e9ee4
0x016586bf
0x016586d8
0x016586d8
0x016586bf
0x015e9ef0
0x015e9ef8
0x015e9f05
0x015e9f12
0x015e9f1f
0x015e9f2c
0x015e9f39
0x015e9f44
0x015d7cdc
0x015d7cea
0x015d7cea
0x015d7cdc
0x015e9f5c
0x015e9f6e
0x015e9f6e
0x015e9f7f
0x015e9f81
0x00000000
0x015e9f81
0x015d283b
0x015d283e
0x015d284a
0x015d284a
0x015d2850
0x015d2850
0x015d285d
0x015e992e
0x015e992e
0x015e9938
0x015d8058
0x015df5be
0x015df5c2
0x015d2805
0x016582b6
0x016582b6
0x00000000
0x016582b6
0x015d280f
0x015d25a5
0x015df5d8
0x015df5d8
0x015df5e0
0x015e994c
0x015e994c
0x015e9953
0x015d7d5a
0x016582df
0x016582e4
0x00000000
0x00000000
0x016582f0
0x015e995b
0x015e995b
0x015e9963
0x015e9971
0x015e9971
0x015e9973
0x015e9987
0x015e99a5
0x015e99e1
0x015e99eb
0x015e99ef
0x015d5151
0x015d5157
0x015d5162
0x015d516f
0x015d5171
0x015d5173
0x015d517a
0x015e9a29
0x015e9a30
0x01658334
0x01658334
0x015e9a3d
0x01658343
0x01658343
0x015e9a4a
0x0165834f
0x0165834f
0x015e9a56
0x015d25b5
0x00000000
0x015e9a5c
0x015e9a5c
0x015e9a62
0x015d7d73
0x015d7d76
0x015e9a6a
0x015e9a73
0x015e9a77
0x01649597
0x0164959a
0x016495a3
0x016495a9
0x016495ac
0x016495b4
0x0165836a
0x0165836a
0x0165836c
0x01658372
0x01658378
0x00000000
0x01658378
0x016495bc
0x00000000
0x00000000
0x00000000
0x016495c2
0x015e9a7d
0x015e9a84
0x015e9a8a
0x0165838a
0x00000000
0x00000000
0x01658390
0x00000000
0x01658390
0x015e9a90
0x015e9a96
0x016495c7
0x016495c9
0x015e9aad
0x015e9ab3
0x016495d4
0x016495e7
0x016495eb
0x00000000
0x00000000
0x01649615
0x01649619
0x015e9abf
0x015e9ac6
0x015e9acc
0x016583c8
0x015e9ad2
0x015e9ad4
0x015e9afa
0x016583ce
0x016583ce
0x016583ce
0x015e9ad4
0x015e9afe
0x015e9b0c
0x015e9b0c
0x00000000
0x015e9b00
0x015e9b00
0x015e9b06
0x015d529c
0x015d529f
0x015e9b0e
0x015e9b1c
0x015e9b5f
0x015e9b67
0x01649626
0x00000000
0x00000000
0x0164962c
0x015e9b81
0x015e9b99
0x015e9ba1
0x01649643
0x01649656
0x01649656
0x01649643
0x015e9ba9
0x00000000
0x015e9baf
0x015e9baf
0x015e9bb7
0x015d7c1b
0x015d7c32
0x015d7c32
0x015d7c4b
0x015d7c51
0x015d7c57
0x015d7c57
0x015e9bc0
0x015e9bc3
0x015e9bc9
0x015df574
0x015df57b
0x016583d5
0x015df581
0x015df581
0x015df581
0x015df589
0x00000000
0x015df58f
0x016583e3
0x00000000
0x016583e9
0x016583e9
0x016583fc
0x01658400
0x00000000
0x00000000
0x0165840c
0x01658412
0x01658412
0x00000000
0x0165840c
0x00000000
0x016583e3
0x015e9bcf
0x015e9bcf
0x015e9bcf
0x015e9bd5
0x015e9bdb
0x015df618
0x015df618
0x015e9c00
0x015e9c00
0x015e9c08
0x015df564
0x015df564
0x015e9c34
0x015e9c60
0x015e9c92
0x015e9c96
0x015df6a9
0x00000000
0x00000000
0x015df6b3
0x015df6b5
0x015df6b5
0x015df6bf
0x015df6c5
0x015df6cb
0x015df6d1
0x01658420
0x0165842a
0x01658432
0x0165843a
0x0165843a
0x01658440
0x01658448
0x0165844e
0x00000000
0x0165844e
0x01658436
0x00000000
0x00000000
0x01658438
0x00000000
0x01658438
0x01658422
0x01658422
0x00000000
0x015df6d7
0x015df6d7
0x015df6df
0x015df6e5
0x015df6ec
0x015df6ec
0x015e9cb7
0x015e9cbe
0x015df49a
0x00000000
0x015df4b8
0x015df4c6
0x015df4d2
0x015df4d3
0x015df4d4
0x015df4d5
0x015df4db
0x015df4eb
0x015df4f7
0x015df505
0x015df50b
0x015df51a
0x015df51e
0x00000000
0x00000000
0x015df524
0x015df52a
0x015df530
0x015d25c4
0x015d25c4
0x015df54f
0x015df559
0x015e9cc7
0x015e9ccb
0x0165854b
0x0165854b
0x015e9cdf
0x00000000
0x015e9ce5
0x015e9ce5
0x015e9ceb
0x0165856a
0x00000000
0x00000000
0x01658576
0x016582d5
0x016582d5
0x00000000
0x016582d5
0x0165857e
0x0165857f
0x0165858b
0x01658592
0x01658593
0x01658599
0x0165859f
0x016585a5
0x016585ab
0x016585b6
0x016585ba
0x00000000
0x00000000
0x016585c6
0x00000000
0x00000000
0x0165855a
0x0165855a
0x00000000
0x0165855a
0x015e9cf1
0x015e9cf7
0x015e9d03
0x015e9d09
0x015e9d17
0x015e9d21
0x015e9d28
0x015e9d33
0x015e9d36
0x015e9d3c
0x015e9d44
0x015e9d4a
0x015e9d51
0x015e9d5c
0x015e9d5c
0x015e9d68
0x015e9d6b
0x015e9d71
0x015d7c69
0x00000000
0x00000000
0x015d7c7c
0x00000000
0x015e9d77
0x015e9d77
0x015e9d77
0x015e9d79
0x015e9d7f
0x015e9d82
0x015e9d88
0x015d25d3
0x015d25d3
0x015e9da5
0x015e9da5
0x015e9dab
0x015e9db1
0x015e9dbf
0x015e9dd1
0x015e9dd6
0x015e9dde
0x01658641
0x015e9de4
0x015e9de4
0x015e9ded
0x015e9df9
0x015e9dfd
0x015e9e06
0x015d7c89
0x015d25e0
0x015d7c8f
0x015d7c9c
0x015d7ca1
0x015d7caa
0x01649667
0x01649667
0x015d7cba
0x015d7cc9
0x0165865e
0x01658663
0x01658663
0x015d7ccf
0x015d7ccf
0x015d7c89
0x015e9e12
0x015e9e1a
0x015d25ee
0x015e9e20
0x015e9e20
0x015e9e2d
0x015e9e32
0x015e9e3b
0x015df6fe
0x015df6fe
0x015e9e4b
0x015e9e58
0x0165867c
0x01658681
0x01658681
0x015e9e5e
0x015e9e5e
0x015e9e1a
0x015e9e64
0x015e9e72
0x015e9e77
0x015e9e80
0x01658697
0x0165869c
0x0165869c
0x015e9e86
0x015e9e8e
0x015e9e94
0x015e9e96
0x015e9e9f
0x015e9ea1
0x015e9eaf
0x015e9eb4
0x015e9ebf
0x016586ac
0x016586b1
0x015e9ecd
0x015e9ecd
0x015e9ed0
0x015e9ed0
0x00000000
0x015e9dde
0x015e9d8e
0x015e9d96
0x00000000
0x00000000
0x015e9da3
0x00000000
0x015e9da3
0x016585d9
0x016585fe
0x01658602
0x00000000
0x00000000
0x0165860e
0x01658625
0x01658625
0x01658630
0x01658636
0x00000000
0x01658636
0x015d505f
0x015d5065
0x00000000
0x00000000
0x015d5071
0x015d5072
0x015d5078
0x015d507e
0x015d508b
0x00000000
0x00000000
0x016585ce
0x00000000
0x016585ce
0x015e9cf7
0x015e9cdf
0x01658461
0x016584d8
0x016584d8
0x016584e0
0x016584e2
0x016584e2
0x016584ee
0x016584f5
0x016584fc
0x016584fd
0x01658503
0x01658504
0x0165850a
0x0165850f
0x01658510
0x0165851b
0x01658523
0x01658525
0x0165852b
0x0165852b
0x01658532
0x01658538
0x01658540
0x00000000
0x00000000
0x01658546
0x00000000
0x01658463
0x01658465
0x0165846c
0x01658472
0x01658478
0x01658479
0x0165847a
0x0165847b
0x01658487
0x01658488
0x0165848a
0x01658490
0x0165849a
0x016584a1
0x016584a7
0x016584b1
0x016584b7
0x016584bd
0x016584c3
0x016584ce
0x016584d2
0x00000000
0x00000000
0x00000000
0x016584d2
0x00000000
0x01658461
0x015df53b
0x015d25cb
0x00000000
0x015d25cb
0x015df544
0x00000000
0x00000000
0x015df54d
0x00000000
0x015df54d
0x015df49a
0x015e9cc4
0x015e9cc6
0x00000000
0x015e9cc6
0x015df6d1
0x015e9caa
0x015e9cb0
0x00000000
0x015e9cb0
0x015e9c0e
0x015e9c15
0x00000000
0x00000000
0x015e9c21
0x015d25bc
0x00000000
0x015d25bc
0x015e9c27
0x015e9c2c
0x00000000
0x00000000
0x015e9c32
0x00000000
0x015e9c32
0x015e9be6
0x015ea66f
0x00000000
0x015ea66f
0x015e9bec
0x015e9bf1
0x00000000
0x00000000
0x015e9bf7
0x015e9bfd
0x00000000
0x015e9bfd
0x015e9bc9
0x015e9ba9
0x015e9b73
0x015e9b75
0x015e9b7b
0x00000000
0x015e9b7b
0x015d52a7
0x00000000
0x00000000
0x015d52ad
0x00000000
0x015d52ad
0x00000000
0x015e9b06
0x015e9afe
0x00000000
0x0164961f
0x015e9ab9
0x00000000
0x015e9ab9
0x016583af
0x00000000
0x016583b5
0x016583b5
0x016583bb
0x00000000
0x016583bb
0x00000000
0x016583af
0x015e9a9e
0x00000000
0x0165839a
0x0165839a
0x00000000
0x0165839a
0x015e9a9e
0x0165835d
0x00000000
0x01658363
0x01658363
0x00000000
0x01658363
0x00000000
0x0165835d
0x015e9a68
0x015e9a68
0x00000000
0x015e9a68
0x015e9a56
0x015e99fb
0x00000000
0x00000000
0x015e9a05
0x015e9a07
0x015e9a07
0x015e9a11
0x015e9a17
0x015e9a1d
0x015e9a23
0x016582fa
0x01658304
0x0165830c
0x01658314
0x01658314
0x0165831a
0x01658322
0x01658328
0x00000000
0x01658328
0x01658310
0x00000000
0x00000000
0x01658312
0x00000000
0x01658312
0x016582fc
0x016582fc
0x00000000
0x00000000
0x00000000
0x00000000
0x015e9a23
0x015e9965
0x015e996b
0x015d527f
0x015d25ad
0x00000000
0x015d25ad
0x015d5285
0x015d528a
0x00000000
0x00000000
0x015d5290
0x00000000
0x015d5290
0x00000000
0x015e996b
0x015d7d66
0x00000000
0x015d7d66
0x015e9959
0x015e9959
0x00000000
0x015e9959
0x00000000
0x015df5e6
0x015d2815
0x015d281a
0x00000000
0x00000000
0x015d2820
0x00000000
0x015d2820
0x015df5c8
0x015df5d0
0x015df5d2
0x015df5d2
0x00000000
0x015df5d0
0x015d805e
0x015d805e
0x015e993e
0x015e9946
0x00000000
0x00000000
0x00000000
0x015e9946
0x00000000
0x015d2863
0x015d2842
0x016582ca
0x00000000
0x016582ca
0x015d2848
0x00000000
0x015d2848
0x015df5f5
0x015df5fd
0x015df5ff
0x015df5ff
0x015df605
0x015df60d
0x015e9928
0x015e9928
0x00000000
0x015df613
0x00000000
0x015df613
0x015df60d
0x015d804f
0x015d804f
0x015e9913
0x015e991b
0x00000000
0x00000000
0x015e9921
0x00000000
0x015e9921
0x015e97f7
0x015e97f7
0x015e97fd
0x015e97fe
0x015e9800
0x015e9806
0x015e9807
0x015e9809
0x015e980a
0x015e9811
0x015e9f83
0x015e9f91
0x015e9f91
0x015e9817
0x015e981d
0x015e9826
0x015d5708
0x00000000
0x00000000
0x016582ac
0x00000000
0x016582ac
0x00000000
0x015e9826
0x015d2538
0x015d253e
0x00000000
0x00000000
0x015d254a
0x00000000
0x00000000
0x015d2552
0x015d2553
0x015d255f
0x015d2566
0x015d2567
0x015d256d
0x015d2573
0x015d2579
0x015d257f
0x015d258a
0x015d258e
0x00000000
0x00000000
0x015d259a
0x00000000
0x015d25a0
0x00000000
0x015d25a0

Strings

, xrefs: 015DF5EB
Actx , xrefs: 0165850A

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID: $Actx
API String ID: 0-228367212
Opcode ID: 7018cb21eb437d16874933c399e51c72e3ca3adb2b20d0c74116bf75fc4e1411
Instruction ID: 0390d37d5f8ae17fd4c5251a197511aceeed137353f03484e187fd9af28037bb
Opcode Fuzzy Hash: 7018cb21eb437d16874933c399e51c72e3ca3adb2b20d0c74116bf75fc4e1411
Instruction Fuzzy Hash: 13A23572D042699EEF358F18CC85BEDBBB5BB44304F0484EAEA49AB251D7709E84CF51

Uniqueness

Uniqueness Score: 0.12%

Function 01627FAB, Relevance: 3.2, Strings: 2, Instructions: 731
COMMONCrypto

C-Code - Quality: 99%

			E01627FAB(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t325;
				signed int _t326;
				signed int _t329;
				unsigned int _t331;
				signed int _t333;
				signed int _t342;
				char* _t345;
				signed int _t348;
				signed short* _t349;
				signed int _t351;
				signed int _t357;
				signed int _t359;
				signed int _t361;
				void* _t364;
				signed int _t366;
				signed int _t369;
				signed int _t371;
				signed int _t372;
				signed int _t373;
				signed int _t376;
				signed short* _t377;
				signed short _t379;
				signed short _t383;
				signed int _t385;
				short _t386;
				signed int _t395;
				signed int _t396;
				short _t397;
				signed int _t404;
				signed int _t407;
				char* _t411;
				signed int _t412;
				signed short _t414;
				signed int _t415;
				signed int _t416;
				signed short _t417;
				signed short _t418;
				signed short _t425;
				signed int _t436;
				signed short _t437;
				signed int _t439;
				signed int _t447;
				signed int _t452;
				signed int _t453;
				signed int _t454;
				signed int _t460;
				signed int _t461;
				signed int _t463;
				signed int _t466;
				signed int _t471;
				signed int _t472;
				short _t474;
				signed short _t475;
				signed short _t476;
				signed int _t477;
				char _t478;
				unsigned int _t479;
				signed int _t480;
				signed int _t483;
				void* _t486;
				signed int _t489;
				signed int _t492;
				signed int _t494;
				char* _t497;
				signed int _t499;
				signed int _t501;
				signed short _t505;
				signed int _t507;
				signed int _t508;
				char* _t510;
				signed int _t511;
				signed int _t512;
				void* _t517;
				signed int _t521;
				char _t523;
				char _t525;
				char _t526;
				void* _t528;

				_push(0x78);
				_push(0x1620438);
				E01626F10(__ebx, __edi, __esi);
				_t429 =  *(_t528 + 8);
				 *(_t528 - 0x64) =  *(_t528 + 0x10);
				_t325 =  *(_t528 + 0x14);
				 *(_t528 - 0x80) = _t325;
				_t436 =  *(_t528 + 0x18);
				 *(_t528 - 0x44) = _t436;
				_t501 =  *(_t528 + 0x1c);
				_t510 = 0;
				if(_t325 != 0) {
					 *_t325 = 0;
				}
				__eflags = _t436 - _t510;
				if(_t436 != _t510) {
					 *_t436 = 0;
				}
				__eflags =  *((intOrPtr*)(_t528 + 0xc)) - 0xffff;
				if( *((intOrPtr*)(_t528 + 0xc)) > 0xffff) {
					 *((intOrPtr*)(_t528 + 0xc)) = 0xfffe;
				}
				 *_t501 = _t510;
				 *(_t501 + 4) = _t510;
				_t437 =  *_t429;
				 *(_t528 - 0x74) = _t437;
				_t326 =  *(_t429 + 4);
				 *(_t528 - 0x70) = _t326;
				 *(_t528 - 0x50) = _t326;
				_t479 = _t437 & 0x0000ffff;
				_t439 = _t479 >> 1;
				 *(_t528 - 0x78) = _t439;
				 *(_t528 - 0x60) = _t479;
				__eflags = _t479;
				if(_t479 == 0) {
					L19:
					goto L71;
				} else {
					__eflags =  *_t326 - _t510;
					if( *_t326 == _t510) {
						goto L19;
					}
					 *(_t528 - 0x2c) = _t479;
					_t480 = _t479 >> 1;
					__eflags = _t480;
					_t481 =  *(_t326 + _t480 * 2 - 2) & 0x0000ffff;
					 *(_t528 - 0x68) =  *(_t326 + _t480 * 2 - 2) & 0x0000ffff;
					do {
						__eflags =  *(_t528 - 0x68) - 0x20;
						if( *(_t528 - 0x68) != 0x20) {
							break;
						}
						_t250 = _t528 - 0x2c;
						 *_t250 =  *(_t528 - 0x2c) - 2;
						__eflags =  *_t250;
						if( *_t250 != 0) {
							_t499 =  *(_t528 - 0x2c) >> 1;
							__eflags = _t499;
							_t481 =  *(_t326 + _t499 * 2 - 2) & 0x0000ffff;
							 *(_t528 - 0x68) =  *(_t326 + _t499 * 2 - 2) & 0x0000ffff;
						}
						__eflags =  *(_t528 - 0x2c) - _t510;
					} while ( *(_t528 - 0x2c) != _t510);
					__eflags =  *(_t528 - 0x2c) - _t510;
					if( *(_t528 - 0x2c) == _t510) {
						goto L19;
					}
					_t329 =  *(_t326 + _t439 * 2 - 2) & 0x0000ffff;
					__eflags = _t329 - 0x5c;
					if(_t329 == 0x5c) {
						L113:
						 *(_t528 - 0x49) = 0;
						L39:
						_t331 = E01627E0A(_t501, _t528 - 0x74);
						 *(_t528 - 0x2c) = _t331;
						__eflags = _t331;
						if(_t331 != 0) {
							_t429 = _t331 >> 0x10;
							_t510 = 0xffff;
							 *(_t528 - 0x2c) =  *(_t528 - 0x2c) & 0x0000ffff;
							_t501 =  *(_t528 - 0x44);
							__eflags = _t501;
							if(_t501 == 0) {
								L145:
								_t333 =  *(_t528 - 0x2c) + 8;
								 *(_t528 - 0x60) = _t333;
								__eflags = _t333 -  *((intOrPtr*)(_t528 + 0xc));
								if(_t333 >=  *((intOrPtr*)(_t528 + 0xc))) {
									__eflags = _t333 + 2 - _t510;
									if(_t333 + 2 > _t510) {
										goto L19;
									}
									L71:
									return E01626F58(_t429, _t501, _t510);
								}
								_t510 = L"\\\\.\\";
								asm("movsd");
								asm("movsd");
								E01604B80( *(_t528 - 0x64) + 8, _t429,  *(_t528 - 0x2c));
								_t235 =  *(_t528 - 0x2c) + 8; // 0x8
								_t501 =  *(_t528 - 0x64) + _t235;
								asm("stosw");
								goto L71;
							}
							__eflags = _t429;
							if(_t429 != 0) {
								_t342 = E0166EAD1(_t439, _t528 - 0x74, _t429, _t501);
								__eflags = _t342;
								if(_t342 >= 0) {
									__eflags =  *_t501;
									if( *_t501 == 0) {
										goto L145;
									}
									goto L19;
								}
								goto L19;
							}
							goto L145;
						}
						 *((short*)(_t528 - 0x46)) =  *((intOrPtr*)(_t528 + 0xc));
						 *(_t528 - 0x48) = 0;
						 *(_t528 - 0x44) =  *(_t528 - 0x64);
						E01604EC0( *(_t528 - 0x64), 0,  *((intOrPtr*)(_t528 + 0xc)));
						_t345 = E01627315(_t429);
						 *(_t528 - 0x68) = _t345;
						 *_t501 = _t345;
						_t429 =  *(_t528 - 0x50);
						 *(_t528 - 0x40) = _t429;
						 *(_t528 - 0x64) = 0;
						 *(_t528 - 0x38) = 0;
						 *((short*)(_t528 - 0x36)) = 0;
						 *(_t528 - 0x34) = 0;
						 *(_t528 - 0x58) = 0;
						 *(_t528 - 0x5c) = 0;
						 *((char*)(_t528 - 0x2d)) = 0;
						 *((intOrPtr*)(_t528 - 4)) = 0;
						_t348 =  *(_t528 - 0x68) - 1;
						__eflags = _t348;
						if(_t348 == 0) {
							_t483 =  *(_t528 - 0x50);
							_t349 = _t483 + 4;
							_t46 = _t528 - 0x6c;
							 *_t46 =  *(_t528 - 0x6c) & 0x00000000;
							__eflags =  *_t46;
							 *(_t528 - 0x28) = 4;
							while(1) {
								 *(_t528 - 0x7c) = _t349;
								__eflags =  *(_t528 - 0x28) - ( *(_t528 - 0x74) & 0x0000ffff);
								if( *(_t528 - 0x28) >= ( *(_t528 - 0x74) & 0x0000ffff)) {
									break;
								}
								_t471 =  *_t349 & 0x0000ffff;
								__eflags = _t471 - 0x5c;
								if(_t471 == 0x5c) {
									L25:
									 *(_t528 - 0x6c) =  *(_t528 - 0x6c) + 1;
									__eflags =  *(_t528 - 0x6c) - 2;
									if( *(_t528 - 0x6c) != 2) {
										L24:
										 *(_t528 - 0x28) =  *(_t528 - 0x28) + 2;
										_t349 =  &(_t349[1]);
										continue;
									}
									break;
								}
								__eflags = _t471 - 0x2f;
								if(_t471 == 0x2f) {
									goto L25;
								}
								goto L24;
							}
							_t351 = _t349 - _t483 >> 1;
							 *(_t528 - 0x2c) = _t351;
							 *(_t528 - 0x64) = _t351 + _t351;
							_t429 = _t429 + _t351 * 2;
							L129:
							 *(_t528 - 0x40) = _t429;
							L43:
							_t501 =  *(_t528 - 0x38);
							_t481 = _t501 & 0x0000ffff;
							_t352 =  *(_t528 - 0x60);
							_t447 = _t481 +  *(_t528 - 0x60);
							_t107 = _t447 + 2; // 0x2
							_t510 = _t107;
							__eflags = _t510 -  *((intOrPtr*)(_t528 + 0xc));
							if(_t510 >  *((intOrPtr*)(_t528 + 0xc))) {
								__eflags =  *(_t528 - 0x78) - 1;
								if( *(_t528 - 0x78) <= 1) {
									_t352 =  *(_t528 - 0x50);
									__eflags =  *( *(_t528 - 0x50)) - 0x2e;
									if( *( *(_t528 - 0x50)) != 0x2e) {
										goto L137;
									}
									__eflags =  *(_t528 - 0x78) - 1;
									if( *(_t528 - 0x78) != 1) {
										__eflags = _t447 - 0xffff;
										if(_t447 > 0xffff) {
											_t447 = 0;
											__eflags = 0;
										}
										 *(_t528 - 0x58) = _t447;
										L70:
										 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
										E01628209(_t352, _t481);
										goto L71;
									}
									__eflags = _t501 - 6;
									if(_t501 != 6) {
										__eflags =  *((intOrPtr*)(_t528 + 0xc)) - _t481;
										if( *((intOrPtr*)(_t528 + 0xc)) >= _t481) {
											 *(_t528 - 0x28) =  *(_t528 - 0x28) & 0x00000000;
											_t302 = _t528 - 0x3c;
											 *_t302 =  *(_t528 - 0x3c) & 0x00000000;
											__eflags =  *_t302;
											_t325 =  *(_t528 - 0x44);
											while(1) {
												__eflags =  *(_t528 - 0x28) - ( *(_t528 - 0x38) & 0x0000ffff);
												if( *(_t528 - 0x28) >= ( *(_t528 - 0x38) & 0x0000ffff)) {
													break;
												}
												_t481 =  *(_t528 - 0x3c) +  *(_t528 - 0x3c);
												_t460 =  *(_t481 +  *(_t528 - 0x34)) & 0x0000ffff;
												__eflags = _t460 - 0x5c;
												if(_t460 == 0x5c) {
													L192:
													_t460 = 0x5c;
													L193:
													 *(_t481 + _t325) = _t460;
													 *(_t528 - 0x28) =  *(_t528 - 0x28) + 2;
													 *(_t528 - 0x3c) =  *(_t528 - 0x3c) + 1;
													continue;
												}
												__eflags = _t460 - 0x2f;
												if(_t460 != 0x2f) {
													goto L193;
												}
												goto L192;
											}
											 *(_t528 - 0x48) =  *(_t528 - 0x38) + 0xfffffffe;
											L51:
											_t452 = ( *(_t528 - 0x48) & 0x0000ffff) + _t325;
											 *(_t528 - 0x54) = _t452;
											 *_t452 = 0;
											_t357 = _t429 -  *(_t528 - 0x50);
											 *(_t528 - 0x28) = _t357;
											while(1) {
												_t511 =  *(_t528 - 0x74) & 0x0000ffff;
												if(_t357 >= _t511) {
													break;
												}
												_t364 = 2;
												 *(_t528 - 0x28) =  *(_t528 - 0x28) + _t364;
												_t505 =  *_t429 & 0x0000ffff;
												_t486 = (_t505 & 0x0000ffff) - 0x2e;
												if(_t486 == 0) {
													_t364 = 2;
													_t481 = _t511 -  *(_t528 - 0x28) + _t364;
													 *(_t528 - 0x3c) = _t481;
													__eflags = _t481 - _t364;
													if(_t481 < _t364) {
														L56:
														 *(_t528 - 0x28) =  *(_t528 - 0x28) - _t364;
														 *(_t528 - 0x3c) = _t511 -  *(_t528 - 0x28);
														while( *(_t528 - 0x3c) != 0) {
															_t489 =  *_t429 & 0x0000ffff;
															if(_t489 == 0x5c || _t489 == 0x2f) {
																break;
															} else {
																 *(_t528 - 0x3c) =  *(_t528 - 0x3c) - _t364;
																 *(_t528 - 0x28) =  *(_t528 - 0x28) + _t364;
																 *_t452 = _t489;
																_t452 = _t452 + _t364;
																 *(_t528 - 0x54) = _t452;
																_t429 = _t429 + _t364;
																 *(_t528 - 0x40) = _t429;
																continue;
															}
														}
														_t481 =  *_t429 & 0x0000ffff;
														__eflags = _t481 - 0x5c;
														if(_t481 != 0x5c) {
															__eflags = _t481 - 0x2f;
															if(_t481 == 0x2f) {
																goto L73;
															}
															L75:
															_t357 =  *(_t528 - 0x28);
															continue;
														}
														L73:
														_t146 = _t452 - 2; // 0x1632676
														_t481 = _t146;
														__eflags =  *_t481 - 0x2e;
														if( *_t481 == 0x2e) {
															_t319 = _t452 - 4; // 0x1632674
															__eflags = _t319 -  *(_t528 - 0x44);
															if(_t319 >=  *(_t528 - 0x44)) {
																__eflags =  *((short*)(_t452 - 4)) - 0x2e;
																if( *((short*)(_t452 - 4)) != 0x2e) {
																	_t452 = _t481;
																	 *(_t528 - 0x54) = _t452;
																}
															}
														}
														goto L75;
													}
													__eflags = _t505 - 0x2e;
													if(_t505 != 0x2e) {
														L98:
														__eflags = _t481 - _t364;
														if(_t481 < _t364) {
															goto L56;
														}
														__eflags = _t505 - 0x2e;
														if(_t505 != 0x2e) {
															goto L56;
														}
														_t169 = _t481 - 2; // 0x0
														__eflags = _t169 - _t364;
														if(_t169 < _t364) {
															goto L56;
														}
														__eflags =  *(_t429 + 2) - 0x2e;
														if( *(_t429 + 2) != 0x2e) {
															goto L56;
														}
														__eflags = _t481 + 0xfffffffc;
														if(_t481 + 0xfffffffc == 0) {
															while(1) {
																L110:
																__eflags =  *_t452 - 0x5c;
																if( *_t452 == 0x5c) {
																	break;
																}
																 *_t452 = 0;
																_t452 = _t452 - _t364;
																 *(_t528 - 0x54) = _t452;
															}
															_t481 =  *(_t528 - 0x44);
															_t366 =  *(_t528 - 0x2c);
															while(1) {
																L105:
																__eflags = _t452 - _t481 + _t366 * 2 - 2;
																if(_t452 == _t481 + _t366 * 2 - 2) {
																	break;
																}
																 *_t452 = 0;
																_t452 = _t452;
																 *(_t528 - 0x54) = _t452;
																__eflags =  *_t452 - 0x5c;
																if( *_t452 != 0x5c) {
																	continue;
																}
																break;
															}
															__eflags = _t452 - _t481 + _t366 * 2 - 2;
															if(_t452 == _t481 + _t366 * 2 - 2) {
																_t452 = _t452 + 2;
																 *(_t528 - 0x54) = _t452;
															}
															_t429 = _t429 + 4;
															__eflags = _t429;
															L109:
															 *(_t528 - 0x40) = _t429;
															 *(_t528 - 0x28) =  *(_t528 - 0x28) + 2;
															goto L75;
														}
														_t492 =  *(_t429 + 4) & 0x0000ffff;
														__eflags = _t492 - 0x5c;
														if(_t492 == 0x5c) {
															goto L110;
														}
														__eflags = _t492 - 0x2f;
														if(_t492 != 0x2f) {
															goto L56;
														} else {
															goto L110;
														}
														goto L105;
													}
													_t167 = _t481 - 2; // 0x0
													__eflags = _t167;
													if(_t167 == 0) {
														L139:
														_t429 = _t429 + 2;
														 *(_t528 - 0x40) = _t429;
														__eflags =  *(_t528 - 0x28) - _t511;
														if( *(_t528 - 0x28) >= _t511) {
															goto L75;
														}
														_t481 =  *_t429 & 0x0000ffff;
														__eflags = _t481 - 0x5c;
														if(_t481 != 0x5c) {
															__eflags = _t481 - 0x2f;
															if(_t481 == 0x2f) {
																goto L141;
															}
															goto L75;
														}
														L141:
														_t429 = _t429 + 2;
														goto L109;
													}
													_t369 =  *(_t429 + 2) & 0x0000ffff;
													__eflags = _t369 - 0x5c;
													if(_t369 == 0x5c) {
														goto L139;
													}
													__eflags = _t369 - 0x2f;
													if(_t369 == 0x2f) {
														goto L139;
													}
													_t364 = 2;
													goto L98;
												}
												_t481 = _t486 - 1;
												if(_t481 == 0) {
													L85:
													__eflags =  *(_t452 - 2) - 0x5c;
													if( *(_t452 - 2) != 0x5c) {
														_t481 = 0x5c;
														 *_t452 = _t481;
														_t452 = _t452 + _t364;
														__eflags = _t452;
														 *(_t528 - 0x54) = _t452;
													}
													_t429 = _t429 + _t364;
													 *(_t528 - 0x40) = _t429;
													goto L75;
												}
												_t481 = _t481 - 0x2d;
												if(_t481 == 0) {
													goto L85;
												}
												goto L56;
											}
											 *_t452 = 0;
											__eflags =  *(_t528 - 0x49);
											if( *(_t528 - 0x49) != 0) {
												_t361 =  *(_t528 - 0x44);
												_t481 =  *(_t528 - 0x2c);
												__eflags = _t452 - _t361 + _t481 * 2;
												if(_t452 > _t361 + _t481 * 2) {
													_t153 = _t452 - 2; // 0x1632676
													_t481 = _t153;
													__eflags =  *_t481 - 0x5c;
													if( *_t481 == 0x5c) {
														_t452 = _t481;
														 *(_t528 - 0x54) = _t452;
														 *_t452 = 0;
													}
												}
											}
											_t429 =  *(_t528 - 0x44);
											_t501 = _t452 - _t429;
											__eflags = _t501;
											while(1) {
												 *(_t528 - 0x48) = _t501;
												__eflags = _t452 - _t429;
												if(_t452 <= _t429) {
													break;
												}
												_t156 = _t452 - 2; // 0x1632674
												_t481 = _t156;
												_t512 =  *_t481 & 0x0000ffff;
												__eflags = _t512 - 0x20;
												if(_t512 == 0x20) {
													L163:
													_t452 = _t481;
													 *(_t528 - 0x54) = _t452;
													 *_t452 = 0;
													_t501 =  *(_t528 - 0x48) + 0xfffffffe;
													continue;
												}
												__eflags = _t512 - 0x2e;
												if(_t512 == 0x2e) {
													goto L163;
												}
												break;
											}
											_t359 =  *(_t528 - 0x80);
											_t510 = 0;
											__eflags = _t359;
											if(_t359 == 0) {
												L68:
												_t352 = _t501 & 0x0000ffff;
												L69:
												 *(_t528 - 0x58) = _t352;
												goto L70;
											}
											_t453 = _t452 + 0xfffffffe;
											 *(_t528 - 0x40) = _t453;
											 *(_t528 - 0x54) = 0;
											while(1) {
												__eflags = _t453 - _t429;
												if(_t453 <= _t429) {
													break;
												}
												__eflags =  *_t453 - 0x5c;
												if( *_t453 == 0x5c) {
													_t163 = _t453 + 2; // 0x163257c
													_t481 = _t163;
													 *(_t528 - 0x54) = _t481;
													break;
												}
												_t453 = _t453;
												__eflags = _t453;
												 *(_t528 - 0x40) = _t453;
											}
											__eflags = _t481 - _t510;
											if(_t481 == _t510) {
												L28:
												 *_t359 = _t510;
												goto L68;
											}
											__eflags =  *_t481 - _t510;
											if( *_t481 == _t510) {
												goto L28;
											}
											__eflags =  *(_t528 - 0x68) - 1;
											if( *(_t528 - 0x68) == 1) {
												_t454 =  *(_t528 - 0x2c);
												__eflags = _t481 - _t429 + _t454 * 2;
												if(_t481 >= _t429 + _t454 * 2) {
													goto L67;
												}
												goto L28;
											}
											L67:
											 *_t359 = _t481;
											goto L68;
										}
										 *(_t528 - 0x58) = _t481;
										goto L70;
									}
									__eflags =  *((intOrPtr*)(_t528 + 0xc)) - 6;
									if( *((intOrPtr*)(_t528 + 0xc)) > 6) {
										goto L44;
									}
									 *(_t528 - 0x58) = 8;
									goto L70;
								}
								L137:
								__eflags = _t510 - 0xffff;
								if(_t510 > 0xffff) {
									_t510 = 0;
								}
								 *(_t528 - 0x58) = _t510;
								goto L70;
							}
							L44:
							_t461 =  *(_t528 - 0x64);
							_t325 =  *(_t528 - 0x44);
							__eflags = _t461;
							if(_t461 != 0) {
								L46:
								_t494 = 0;
								__eflags = 0;
								 *(_t528 - 0x28) = 0;
								 *(_t528 - 0x3c) = 0;
								_t507 = 0x5c;
								while(1) {
									__eflags =  *(_t528 - 0x28) - _t461;
									if( *(_t528 - 0x28) >= _t461) {
										break;
									}
									_t517 =  *(_t528 - 0x3c) +  *(_t528 - 0x3c);
									_t463 =  *(_t517 +  *(_t528 - 0x50)) & 0x0000ffff;
									__eflags = _t463 - _t507;
									if(_t463 == _t507) {
										L133:
										_t463 = _t507;
										L132:
										 *(_t517 + _t325) = _t463;
										 *(_t528 - 0x28) =  *(_t528 - 0x28) + 2;
										 *(_t528 - 0x3c) =  *(_t528 - 0x3c) + 1;
										_t461 =  *(_t528 - 0x64);
										continue;
									}
									__eflags = _t463 - 0x2f;
									if(_t463 == 0x2f) {
										goto L133;
									}
									goto L132;
								}
								 *(_t528 - 0x48) = _t461;
								 *(_t528 - 0x28) = _t494;
								while(1) {
									 *(_t528 - 0x3c) = _t494;
									__eflags =  *(_t528 - 0x28) - ( *(_t528 - 0x38) & 0x0000ffff);
									if( *(_t528 - 0x28) >= ( *(_t528 - 0x38) & 0x0000ffff)) {
										break;
									}
									_t466 =  *( *(_t528 - 0x34) + _t494 * 2) & 0x0000ffff;
									__eflags = _t466 - _t507;
									if(_t466 == _t507) {
										L128:
										 *((short*)(_t325 + ((( *(_t528 - 0x48) & 0x0000ffff) >> 1) + _t494) * 2)) = _t507;
										L127:
										 *(_t528 - 0x28) =  *(_t528 - 0x28) + 2;
										_t494 = _t494 + 1;
										continue;
									}
									__eflags = _t466 - 0x2f;
									if(_t466 == 0x2f) {
										goto L128;
									}
									_t521 = (( *(_t528 - 0x48) & 0x0000ffff) >> 1) + _t494;
									__eflags = _t521;
									 *(_t325 + _t521 * 2) = _t466;
									goto L127;
								}
								_t481 =  *(_t528 - 0x38) +  *(_t528 - 0x48);
								__eflags = _t481;
								 *(_t528 - 0x48) = _t481;
								goto L51;
							}
							__eflags =  *(_t528 - 0x34) - _t325;
							if( *(_t528 - 0x34) == _t325) {
								 *(_t528 - 0x48) = _t501;
								goto L51;
							}
							goto L46;
						}
						_t371 = _t348 - 1;
						__eflags = _t371;
						if(_t371 != 0) {
							_t372 = _t371 - 1;
							__eflags = _t372;
							if(__eflags == 0) {
								_t373 = E0163F3C7(_t481, __eflags, 0);
								 *(_t528 - 0x5c) = _t373;
								 *((char*)(_t528 - 0x2d)) = 1;
								__eflags = _t373;
								if(_t373 == 0) {
									_t510 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x10)) + 0x24;
								}
								_t376 =  *(_t528 - 0x5c);
								__eflags = _t376;
								if(_t376 == 0) {
									_t377 = _t510[4];
								} else {
									_t377 =  *(_t376 + 4);
								}
								_t379 = E01627377( *_t377 & 0x0000ffff);
								_t429 = _t379 & 0x0000ffff;
								_t501 = E01627377( *( *(_t528 - 0x50)) & 0x0000ffff) & 0x0000ffff;
								__eflags = (_t379 & 0x0000ffff) - _t501;
								if(__eflags == 0) {
									_t472 =  *(_t528 - 0x5c);
									__eflags = _t472;
									if(_t472 == 0) {
										_t383 =  *_t510;
										_t523 = _t510[4];
									} else {
										_t383 =  *_t472;
										_t523 =  *(_t472 + 4);
									}
									 *(_t528 - 0x38) = _t383;
									 *(_t528 - 0x34) = _t523;
									L15:
									 *(_t528 - 0x2c) = 3;
									_t429 =  *(_t528 - 0x50) + 4;
									 *(_t528 - 0x40) = _t429;
									 *(_t528 - 0x60) =  *(_t528 - 0x60) - 4;
									goto L43;
								} else {
									E015D5BCC(0, _t481, __eflags, _t501);
									_t385 = 0x3d;
									 *(_t528 - 0x24) = _t385;
									 *(_t528 - 0x22) = _t501;
									_t386 = 0x3a;
									 *((short*)(_t528 - 0x20)) = _t386;
									 *((short*)(_t528 - 0x1e)) = 0;
									E01603D00(0, _t528 - 0x88, _t528 - 0x24);
									 *(_t528 - 0x38) =  *(_t528 - 0x48);
									 *(_t528 - 0x34) =  *(_t528 - 0x44);
									_t395 = E01634E2B(__eflags, 0, _t528 - 0x88, _t528 - 0x38);
									__eflags = _t395;
									if(_t395 < 0) {
										__eflags = _t395 - 0xc0000023;
										if(_t395 != 0xc0000023) {
											 *(_t528 - 0x24) = _t501;
											_t396 = 0x3a;
											 *(_t528 - 0x22) = _t396;
											_t397 = 0x5c;
											 *((short*)(_t528 - 0x20)) = _t397;
											 *((short*)(_t528 - 0x1e)) = 0;
											E01603D00(0, _t528 - 0x38, _t528 - 0x24);
											goto L15;
										}
										_t352 =  *(_t528 - 0x60) + ( *(_t528 - 0x38) & 0x0000ffff) + 2;
										__eflags = _t352 - 0xffff;
										if(_t352 > 0xffff) {
											_t352 = 0;
										}
										goto L69;
									} else {
										_t404 = ( *(_t528 - 0x38) & 0x0000ffff) >> 1;
										__eflags = _t404 - 3;
										if(_t404 > 3) {
											_t474 = 0x5c;
											 *((short*)( *(_t528 - 0x34) + _t404 * 2)) = _t474;
											 *(_t528 - 0x38) =  *(_t528 - 0x38) + 2;
										}
										goto L15;
									}
								}
							}
							_t407 = _t372 - 1;
							__eflags = _t407;
							if(__eflags == 0) {
								_t508 = E0163F3C7(_t481, __eflags, 1);
								 *(_t528 - 0x5c) = _t508;
								 *((char*)(_t528 - 0x2d)) = 1;
								__eflags = _t508;
								if(_t508 == 0) {
									_t510 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x10)) + 0x24;
									_t429 =  *(_t528 - 0x40);
									_t508 =  *(_t528 - 0x5c);
									__eflags = _t508;
									if(_t508 != 0) {
										goto L3;
									}
									_t411 = _t510;
									L4:
									_t412 = E0163F487(_t411);
									 *(_t528 - 0x2c) = _t412;
									__eflags = _t412 - 3;
									if(_t412 != 3) {
										__eflags = _t508;
										if(_t508 == 0) {
											_t475 =  *_t510;
											_t525 = _t510[4];
										} else {
											_t475 =  *_t508;
											_t525 =  *(_t508 + 4);
										}
										 *(_t528 - 0x38) = _t475;
										 *(_t528 - 0x34) = _t525;
										_t414 =  *(_t528 - 0x2c) +  *(_t528 - 0x2c);
									} else {
										__eflags = _t508;
										if(_t508 == 0) {
											_t476 =  *_t510;
											_t526 = _t510[4];
										} else {
											_t476 =  *_t508;
											_t526 =  *(_t508 + 4);
										}
										 *(_t528 - 0x38) = _t476;
										 *(_t528 - 0x34) = _t526;
										_t414 = 4;
									}
									 *(_t528 - 0x38) = _t414;
									goto L43;
								}
								L3:
								_t411 = _t508;
								goto L4;
							}
							_t415 = _t407 - 1;
							__eflags = _t415;
							if(__eflags != 0) {
								_t416 = _t415 - 1;
								__eflags = _t416;
								if(_t416 != 0) {
									_t352 = _t416 != 1;
									__eflags = _t416 != 1;
									if(_t416 != 1) {
										 *(_t528 - 0x58) =  *(_t528 - 0x58) & 0;
										goto L70;
									}
									_t417 =  *0x164523c; // 0xa0008
									 *(_t528 - 0x38) = _t417;
									_t477 =  *0x1645240; // 0x164501c
									 *(_t528 - 0x34) = _t477;
									_t418 = _t417 + 0xfffffffc;
									 *(_t528 - 0x38) = _t418;
									 *(_t528 - 0x64) = (_t418 & 0x0000ffff) + 2;
									 *(_t528 - 0x2c) = 3;
									_t429 =  *(_t528 - 0x50) + 6;
									 *(_t528 - 0x40) = _t429;
									 *(_t528 - 0x60) =  *(_t528 - 0x60) - 6;
									goto L43;
								}
								 *(_t528 - 0x64) = 8;
								 *(_t528 - 0x2c) = 4;
								_t429 =  *(_t528 - 0x50) + 8;
								goto L129;
							}
							_t497 = E0163F3C7(_t481, __eflags, 1);
							 *(_t528 - 0x5c) = _t497;
							 *((char*)(_t528 - 0x2d)) = 1;
							__eflags = _t497;
							if(_t497 == 0) {
								_t510 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x10)) + 0x24;
								_t429 =  *(_t528 - 0x40);
								_t497 =  *(_t528 - 0x5c);
							} else {
								 *(_t501 + 4) = _t497[0xc];
							}
							__eflags = _t497;
							if(_t497 == 0) {
								_t425 =  *_t510;
								_t478 = _t510[4];
							} else {
								_t425 =  *_t497;
								_t478 = _t497[4];
							}
							 *(_t528 - 0x38) = _t425;
							 *(_t528 - 0x34) = _t478;
							__eflags = _t497;
							if(_t497 != 0) {
								_t510 = _t497;
							}
							 *(_t528 - 0x2c) = E0163F487(_t510);
							goto L43;
						}
						 *(_t528 - 0x2c) = 3;
						goto L43;
					}
					__eflags = _t329 - 0x2f;
					 *(_t528 - 0x49) = 1;
					if(_t329 == 0x2f) {
						goto L113;
					}
					goto L39;
				}
			}

0x01627fab
0x01627fad
0x01627fb2
0x01627fb7
0x01627fbd
0x01627fc0
0x01627fc3
0x01627fc6
0x01627fc9
0x01627fcc
0x01627fcf
0x01627fd3
0x016288d6
0x016288d6
0x01627fd9
0x01627fdb
0x01627fdd
0x01627fdd
0x01627fe0
0x01627fe7
0x0164db67
0x0164db67
0x01627fed
0x01627fef
0x01627ff2
0x01627ff4
0x01627ff7
0x01627ffa
0x01627ffd
0x01628000
0x01628005
0x01628007
0x0162800a
0x0162800d
0x0162800f
0x015fac75
0x00000000
0x01628015
0x01628015
0x01628018
0x00000000
0x00000000
0x0162801e
0x01628021
0x01628021
0x01628023
0x01628028
0x0162802b
0x0162802b
0x01628030
0x00000000
0x00000000
0x016469db
0x016469db
0x016469db
0x016469df
0x016469e4
0x016469e4
0x016469e6
0x016469eb
0x016469eb
0x016469ee
0x016469ee
0x01628036
0x01628039
0x00000000
0x00000000
0x0162803f
0x01628044
0x01628048
0x0163cc94
0x0163cc94
0x0162805c
0x01628060
0x01628065
0x01628068
0x0162806a
0x01644fb6
0x01644fb9
0x01644fbe
0x01644fc1
0x01644fc4
0x01644fc6
0x01644fd0
0x01644fd3
0x01644fd6
0x01644fd9
0x01644fdc
0x016451f9
0x016451fb
0x00000000
0x00000000
0x016281fc
0x01628201
0x01628201
0x01644fe2
0x01644fec
0x01644fed
0x01644ffb
0x0164500b
0x0164500b
0x0164500f
0x00000000
0x01645011
0x01644fc8
0x01644fca
0x0164db79
0x0164db7e
0x0164db80
0x016451e9
0x016451ec
0x00000000
0x00000000
0x00000000
0x016451f2
0x00000000
0x0164db86
0x00000000
0x01644fca
0x01628073
0x01628079
0x01628080
0x01628087
0x01628090
0x01628095
0x01628098
0x0162809a
0x0162809d
0x016280a2
0x016280a7
0x016280ab
0x016280af
0x016280b2
0x016280b5
0x016280b8
0x016280bb
0x016280c1
0x016280c1
0x016280c2
0x015fe5cb
0x015fe5ce
0x015fe5d1
0x015fe5d1
0x015fe5d1
0x015fe5d5
0x015fe5dc
0x015fe5dc
0x015fe5e3
0x015fe5e6
0x00000000
0x00000000
0x015fe5e8
0x015fe5eb
0x015fe5ef
0x015fe5ff
0x015fe5ff
0x015fe602
0x015fe606
0x015fe5f7
0x015fe5f7
0x015fe5fc
0x00000000
0x015fe5fc
0x00000000
0x015fe606
0x015fe5f1
0x015fe5f5
0x00000000
0x00000000
0x00000000
0x015fe5f5
0x015fe60a
0x015fe60c
0x015fe612
0x015fe615
0x016408e3
0x016408e3
0x016280d6
0x016280d6
0x016280da
0x016280dd
0x016280e0
0x016280e3
0x016280e3
0x016280e6
0x016280e9
0x01641a7f
0x01641a83
0x0164dc6c
0x0164dc6f
0x0164dc73
0x00000000
0x00000000
0x0164dc79
0x0164dc7d
0x0164dcf3
0x0164dcf9
0x0164dcfb
0x0164dcfb
0x0164dcfb
0x0164dcfd
0x016281ed
0x016281ed
0x016281f4
0x00000000
0x016281f9
0x0164dc7f
0x0164dc83
0x0164dc9b
0x0164dc9e
0x0164dca8
0x0164dcac
0x0164dcac
0x0164dcac
0x0164dcb0
0x0164dcb3
0x0164dcb7
0x0164dcba
0x00000000
0x00000000
0x0164dcbf
0x0164dcc4
0x0164dcc8
0x0164dccc
0x0164dcd4
0x0164dcd6
0x0164dcd7
0x0164dcd7
0x0164dcdb
0x0164dcdf
0x00000000
0x0164dcdf
0x0164dcce
0x0164dcd2
0x00000000
0x00000000
0x00000000
0x0164dcd2
0x0164dcea
0x01628139
0x0162813d
0x0162813f
0x01628144
0x01628149
0x0162814c
0x0162814f
0x0162814f
0x01628155
0x00000000
0x00000000
0x0162815d
0x0162815e
0x01628161
0x01628167
0x0162816a
0x0162db10
0x0162db11
0x0162db13
0x0162db16
0x0162db18
0x01628180
0x01628180
0x01628186
0x01628189
0x01628193
0x0162819a
0x00000000
0x016281a2
0x016281a2
0x016281a5
0x016281a8
0x016281ab
0x016281ad
0x016281b0
0x016281b2
0x00000000
0x016281b2
0x0162819a
0x01628214
0x01628217
0x0162821b
0x01628538
0x0162853c
0x00000000
0x00000000
0x0162822f
0x0162822f
0x00000000
0x0162822f
0x01628221
0x01628221
0x01628221
0x01628224
0x01628228
0x0164dd25
0x0164dd28
0x0164dd2b
0x0164dd31
0x0164dd36
0x0164dd3c
0x0164dd3e
0x0164dd3e
0x0164dd36
0x0164dd2b
0x00000000
0x01628228
0x0162db1e
0x0162db22
0x0162db4a
0x0162db4a
0x0162db4c
0x00000000
0x00000000
0x0162db52
0x0162db56
0x00000000
0x00000000
0x0162db5c
0x0162db5f
0x0162db61
0x00000000
0x00000000
0x0162db67
0x0162db6c
0x00000000
0x00000000
0x0162db72
0x0162db75
0x0162e32d
0x0162e32d
0x0162e32d
0x0162e331
0x00000000
0x00000000
0x0162e335
0x0162e338
0x0162e33a
0x0162e33a
0x0162e33f
0x0162e342
0x0162db8e
0x0162db8e
0x0162db92
0x0162db94
0x00000000
0x00000000
0x0162db98
0x0162db9c
0x0162db9d
0x0162dba0
0x0162dba4
0x00000000
0x00000000
0x00000000
0x0162dba4
0x0162dbaa
0x0162dbac
0x0164dd1c
0x0164dd1d
0x0164dd1d
0x0162dbb2
0x0162dbb2
0x0162dbb5
0x0162dbb5
0x0162dbb8
0x00000000
0x0162dbb8
0x0162db7b
0x0162db7f
0x0162db83
0x00000000
0x00000000
0x0164522c
0x01645230
0x00000000
0x01645236
0x00000000
0x01645236
0x00000000
0x01645230
0x0162db24
0x0162db27
0x0162db29
0x016449e5
0x016449e6
0x016449e7
0x016449ea
0x016449ed
0x00000000
0x00000000
0x016449f3
0x016449f6
0x016449fa
0x0164dd0c
0x0164dd10
0x00000000
0x00000000
0x00000000
0x0164dd16
0x01644a00
0x01644a01
0x00000000
0x01644a01
0x0162db2f
0x0162db33
0x0162db37
0x00000000
0x00000000
0x0162db3d
0x0162db41
0x00000000
0x00000000
0x0162db49
0x00000000
0x0162db49
0x01628170
0x01628171
0x016282a1
0x016282a1
0x016282a6
0x016282aa
0x016282ab
0x016282ae
0x016282ae
0x016282b0
0x016282b0
0x016282b3
0x016282b5
0x00000000
0x016282b5
0x01628177
0x0162817a
0x00000000
0x00000000
0x00000000
0x0162817a
0x01628239
0x0162823c
0x0162823f
0x01628241
0x01628244
0x0162824a
0x0162824c
0x0162824e
0x0162824e
0x01628251
0x01628255
0x01644e04
0x01644e06
0x01644e0b
0x01644e0b
0x01628255
0x0162824c
0x0162825d
0x01628260
0x01628260
0x01628262
0x01628262
0x01628266
0x01628268
0x00000000
0x00000000
0x0162826a
0x0162826a
0x0162826d
0x01628270
0x01628274
0x01648e31
0x01648e31
0x01648e33
0x01648e38
0x01648e3e
0x00000000
0x01648e3e
0x0162827a
0x0162827e
0x00000000
0x00000000
0x00000000
0x0162827e
0x01628284
0x01628287
0x01628289
0x0162828b
0x016281e7
0x016281e7
0x016281ea
0x016281ea
0x00000000
0x016281ea
0x01628291
0x01628294
0x01628299
0x016281c6
0x016281c6
0x016281c8
0x00000000
0x00000000
0x016281b7
0x016281bb
0x016288dd
0x016288dd
0x016288e0
0x00000000
0x016288e0
0x016281c2
0x016281c2
0x016281c3
0x016281c3
0x016281ca
0x016281cc
0x015fe648
0x015fe648
0x00000000
0x015fe648
0x016281d2
0x016281d5
0x00000000
0x00000000
0x016281db
0x016281df
0x015fe63a
0x015fe640
0x015fe642
0x00000000
0x00000000
0x00000000
0x015fe642
0x016281e5
0x016281e5
0x00000000
0x016281e5
0x0164dca0
0x00000000
0x0164dca0
0x0164dc85
0x0164dc89
0x00000000
0x00000000
0x0164dc8f
0x00000000
0x0164dc8f
0x01641a89
0x01641a89
0x01641a8f
0x0164dd05
0x0164dd05
0x01641a95
0x00000000
0x01641a95
0x016280ef
0x016280ef
0x016280f2
0x016280f5
0x016280f7
0x01628102
0x01628102
0x01628102
0x01628104
0x01628107
0x0162810c
0x0162810d
0x0162810d
0x01628110
0x00000000
0x00000000
0x016408ee
0x016408f3
0x016408f7
0x016408fa
0x01640915
0x01640915
0x01640902
0x01640902
0x01640906
0x0164090a
0x0164090d
0x00000000
0x0164090d
0x016408fc
0x01640900
0x00000000
0x00000000
0x00000000
0x01640900
0x01628116
0x0162811a
0x0162811d
0x0162811d
0x01628124
0x01628127
0x00000000
0x00000000
0x0163f42d
0x0163f431
0x0163f434
0x0163f452
0x0163f45c
0x0163f448
0x0163f448
0x0163f44c
0x00000000
0x0163f44c
0x0163f436
0x0163f43a
0x00000000
0x00000000
0x0163f442
0x0163f442
0x0163f444
0x00000000
0x0163f444
0x01628133
0x01628133
0x01628135
0x00000000
0x01628135
0x016280f9
0x016280fc
0x015d5bbe
0x00000000
0x015d5bbe
0x00000000
0x016280fc
0x016280c8
0x016280c8
0x016280c9
0x0163f349
0x0163f349
0x0163f34a
0x015e0386
0x015e038b
0x015e038e
0x015e0392
0x015e0394
0x0164dbfd
0x0164dbfd
0x015e039a
0x015e039d
0x015e039f
0x0164521a
0x015e03a5
0x015e03a5
0x015e03a5
0x015e03ac
0x015e03b1
0x015e03c0
0x015e03c3
0x015e03c6
0x015e0444
0x015e0447
0x015e0449
0x01645222
0x01645224
0x015e044f
0x015e044f
0x015e0451
0x015e0451
0x015e0454
0x015e0457
0x015e042b
0x015e042b
0x015e0435
0x015e0438
0x015e043b
0x00000000
0x015e03c8
0x015e03c9
0x015e03d0
0x015e03d1
0x015e03d5
0x015e03db
0x015e03dc
0x015e03e2
0x015e03f1
0x015e03f9
0x015e03ff
0x015e040f
0x015e0414
0x015e0416
0x0164dc05
0x0164dc0a
0x0164dc29
0x0164dc2f
0x0164dc30
0x0164dc36
0x0164dc37
0x0164dc3d
0x0164dc49
0x00000000
0x0164dc49
0x0164dc13
0x0164dc17
0x0164dc1c
0x0164dc22
0x0164dc22
0x00000000
0x015e041c
0x015e0420
0x015e0422
0x015e0425
0x0164dc55
0x0164dc59
0x0164dc63
0x0164dc63
0x00000000
0x015e0425
0x015e0416
0x015e03c6
0x0163f350
0x0163f350
0x0163f351
0x015d9224
0x015d9226
0x015d9229
0x015d922d
0x015d922f
0x0164dbb9
0x0164dbbc
0x0164dbbf
0x0164dbc2
0x0164dbc4
0x00000000
0x00000000
0x0164dbca
0x015d9237
0x015d9238
0x015d923d
0x015d9240
0x015d9243
0x0164dbd1
0x0164dbd3
0x0164dbdc
0x0164dbde
0x0164dbd5
0x0164dbd5
0x0164dbd7
0x0164dbd7
0x0164dbe1
0x0164dbe4
0x0164dbea
0x015d9249
0x015d9249
0x015d924b
0x01645210
0x01645212
0x015d9251
0x015d9251
0x015d9253
0x015d9253
0x015d9256
0x015d9259
0x015d925e
0x015d925e
0x015d925f
0x00000000
0x015d925f
0x015d9235
0x015d9235
0x00000000
0x015d9235
0x0163f357
0x0163f357
0x0163f358
0x0164094e
0x0164094e
0x0164094f
0x016451a9
0x016451a9
0x016451aa
0x0164db8b
0x00000000
0x0164db8b
0x016451b0
0x016451b5
0x016451b8
0x016451be
0x016451c1
0x016451c4
0x016451cd
0x016451d0
0x016451da
0x016451dd
0x016451e0
0x00000000
0x016451e0
0x01640955
0x0164095c
0x01640966
0x00000000
0x01640966
0x0163f365
0x0163f367
0x0163f36a
0x0163f36e
0x0163f370
0x0164db9f
0x0164dba2
0x0164dba5
0x0163f376
0x0163f379
0x0163f379
0x0163f37c
0x0163f37e
0x01645206
0x01645208
0x0163f384
0x0163f384
0x0163f386
0x0163f386
0x0163f389
0x0163f38c
0x0163f38f
0x0163f391
0x0163f393
0x0163f393
0x0163f39b
0x00000000
0x0163f39b
0x016280cf
0x00000000
0x016280cf
0x0162804e
0x01628052
0x01628056
0x00000000
0x00000000
0x00000000
0x01628056

Strings

, xrefs: 0162802B
\\.\, xrefs: 01644FE2

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID: $\\.\
API String ID: 0-260595308
Opcode ID: 78d4b5eb997ff27506602cc6f950ad69f691fd5fe62b3d3750769e0ad09bc00d
Instruction ID: 844b849cc9daed7c69939d1f8707300385bf03299c2377865130fd75f98d648c
Opcode Fuzzy Hash: 78d4b5eb997ff27506602cc6f950ad69f691fd5fe62b3d3750769e0ad09bc00d
Instruction Fuzzy Hash: D0526970D00629CBDB24CFA8CC846ADBBF6FF59314F64802AE506AB395E7749881CF55

Uniqueness

Uniqueness Score: 0.12%

Function 015D83EB, Relevance: 2.0, Strings: 1, Instructions: 745
COMMONCrypto

C-Code - Quality: 87%

			E015D83EB(signed char _a4, signed char _a8, signed int _a12, signed char _a16, intOrPtr _a20, intOrPtr _a24, signed int _a28) {
				signed int _v8;
				char _v18;
				char _v20;
				signed int _v24;
				char _v25;
				signed int _v32;
				intOrPtr _v36;
				signed char _v37;
				char _v38;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				short _v58;
				signed int _v60;
				signed int _v64;
				signed char _v68;
				signed int _v72;
				char _v76;
				signed int _v80;
				signed int _v84;
				signed char _v88;
				intOrPtr _v92;
				signed int _v96;
				signed int _v100;
				intOrPtr _v104;
				char _v108;
				char _v112;
				signed short _v116;
				signed int _v120;
				unsigned int _v124;
				char _v136;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t318;
				intOrPtr _t340;
				void* _t345;
				intOrPtr _t346;
				unsigned int _t347;
				signed int _t350;
				signed int _t351;
				unsigned int _t352;
				unsigned int _t355;
				signed int _t359;
				signed int* _t362;
				signed int _t366;
				signed int _t382;
				signed int _t383;
				signed int _t388;
				signed int _t389;
				signed int _t391;
				signed int _t396;
				signed int _t397;
				signed int _t402;
				signed int _t407;
				signed int _t410;
				signed int _t415;
				signed int _t420;
				signed int _t421;
				signed int _t426;
				signed int _t441;
				signed int _t446;
				signed int _t450;
				signed int _t452;
				signed int _t454;
				signed char _t457;
				void* _t459;
				signed int _t460;
				signed int _t464;
				signed int _t473;
				intOrPtr _t475;
				signed int _t477;
				signed int _t478;
				signed int _t484;
				signed int _t490;
				signed int _t492;
				signed int _t494;
				signed int _t496;
				signed int _t516;
				signed int _t519;
				unsigned int _t523;
				signed int _t525;
				signed int _t529;

				_t318 =  *0x16a81e8; // 0x77d4aa35
				_v8 = _t318 ^ _t529;
				_t480 = _a8;
				_v80 = _a12;
				_v68 = _a16;
				_t478 = _a28;
				_v92 = _a20;
				_t518 = 0;
				_v104 = _a24;
				_v20 = 0;
				_t516 =  &_v18;
				asm("stosd");
				_v44 = _t480;
				_v120 = _t478;
				_v24 = 0;
				_v32 = 0;
				_v96 = 0;
				_v88 = 0;
				_v25 = 0;
				asm("stosd");
				_v48 = 0;
				_v72 = 0;
				_v100 = 0;
				_v64 = 0;
				_v76 = 0;
				_v108 = 0;
				if(_t480 == 0 || _t478 == 0) {
					_v36 = 0xc000000d;
					goto L49;
				} else {
					_t340 = E01628877( &_v108);
					_v36 = _t340;
					if(_t340 < 0) {
						L55:
						return E01622F0C(_v36, _t478, _v8 ^ _t529, _t503, _t516, _t518);
					}
					_t516 = E016229EE( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, 0x20a);
					_v64 = _t516;
					if(_t516 == 0) {
						_v36 = 0xc0000017;
						L53:
						if(_v64 != 0) {
							E01622882(_t480,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v64);
						}
						goto L55;
					}
					_t518 = 0x208;
					_t345 = E01637143(_v44, 0x208, _t516,  &_v76);
					if(_t345 == 0 || _t345 >= 0x208) {
						L98:
						_v36 = 0xc000000d;
						goto L53;
					} else {
						_t346 = _v76;
						if(_t346 == 0 || _t346 <= _t516 || _t346 >= _t516) {
							goto L98;
						} else {
							 *((short*)(_t346 - 2)) = 0;
							_t480 =  *_t478;
							_t347 =  *(_t478 + 4);
							_t503 = _t480 | _t347;
							if((_t480 | _t347) != 0) {
								_t478 = _t480 & 0x0000000f;
								_t484 = (_t347 << 0x00000020 | _t480) >> 4;
								_v96 = _t478;
								_v44 = _t478;
								_v124 = _t347 >> 4;
								_t519 = 0;
								__eflags = 0;
								_t516 = 0xfff;
								do {
									_t350 = _t484 & _t516;
									_v44 = _v44 ^ _t350;
									_t503 = _t519;
									__eflags = _t503;
									if(_t503 == 0) {
										_t351 = _t350 & _t516;
										__eflags = _t351;
										_v88 = _t351;
									} else {
										_t503 = _t503;
										__eflags = _t503;
										if(_t503 == 0) {
											_v32 = _t350 & _t516;
										} else {
											_t503 = _t503 - 1;
											__eflags = _t503;
											if(_t503 == 0) {
												_v24 = _t350 & _t516;
											}
										}
									}
									_t352 = _v124;
									_t484 = (_t352 << 0x00000020 | _t484) >> 0xc;
									_t519 = _t519 + 1;
									_v124 = _t352 >> 0xc;
									__eflags = _t519 - 4;
								} while (_t519 < 4);
								_t480 = _t484 ^ _v44;
								__eflags = _t516 & _t480;
								if((_t516 & _t480) == 0) {
									__eflags = _v24 - _v32;
									if(_v24 <= _v32) {
										_t355 = _v88;
										__eflags = _t355 & 0x00000020;
										if((_t355 & 0x00000020) == 0) {
											_t523 = (_t355 & 0x00000040 | 0x00000020) >> 5;
											__eflags = _t523;
										} else {
											_t523 = 2;
										}
										_t478 = _t478 & 0x00000001;
										_v37 =  !(_t355 >> 2) & 0x00000001;
										_v44 = _t478;
										L31:
										if(_t523 != 1) {
											__eflags = _t523 - 2;
											if(_t523 != 2) {
												__eflags = _v72;
												if(_v72 == 0) {
													_t415 = E0168031C(_v64,  &_v124,  &_v72);
													__eflags = _t415;
													if(_t415 == 0) {
														_v24 = _v32;
													}
												}
												__eflags = _v24;
												_v38 = 0;
												if(_v24 != 0) {
													L149:
													_t478 = _v24;
													_t518 = _v72;
													_t516 = 0;
													__eflags = _t478;
													if(_t478 <= 0) {
														L155:
														__eflags = _t478 - _v32;
														if(_t478 >= _v32) {
															L56:
															_v36 = 0x80000006;
															L48:
															_t359 = _v88;
															_v24 = _v24 + 1;
															_t518 = 0;
															_t490 = (_t359 ^ _v96 ^ _v32 ^ _v24 ^ 0xfffffcb7) & 0x00000fff;
															_t492 = _t490 << 0x0000000c | _v24;
															_t494 = _t492 << 0x0000000c | _v32;
															_t496 = _t494 << 0x00000018 | _t359 | 0x00cb7000;
															_t480 = _t496 << 0x00000004 | _v96;
															_t503 = ((((0 << 0x00000020 | _t490) << 0xc << 0x00000020 | _t492) << 0xc << 0x00000020 | _t494) << 0x18 << 0x00000020 | _t496) << 4;
															_t362 = _v120;
															 *_t362 = _t496 << 0x00000004 | _v96;
															_t362[1] = ((((0 << 0x00000020 | _t490) << 0xc << 0x00000020 | _t492) << 0xc << 0x00000020 | _t494) << 0x18 << 0x00000020 | _t496) << 4;
															L49:
															if(_v100 != 0) {
																E01622882(_t480,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v100);
															}
															goto L50;
														} else {
															goto L156;
														}
														while(1) {
															L156:
															__eflags = _v38;
															if(_v38 == 0) {
																goto L161;
															}
															_t388 = E01626DD1(_t518, _v56);
															_pop(_t480);
															__eflags = _t388;
															if(_t388 == 0) {
																goto L161;
															}
															_t283 =  &_v24;
															 *_t283 = _v24 + 1;
															__eflags =  *_t283;
															_t389 = _t518;
															_t285 = _t389 + 2; // 0x2
															_t503 = _t285;
															while(1) {
																_t480 =  *_t389;
																_t383 = _t389 + 2;
																__eflags =  *_t389;
																if( *_t389 == 0) {
																	break;
																}
															}
															L164:
															_t518 = _t518 + 2 + (_t383 - _t503 >> 1) * 2;
															__eflags = _v24 - _v32;
															if(_v24 >= _v32) {
																L37:
																if(_v24 >= _v32) {
																	goto L56;
																}
																if(_v80 == 0) {
																	__eflags = _v68;
																	if(_v68 != 0) {
																		goto L39;
																	} else {
																		L44:
																		if(_v92 == 0) {
																			L75:
																			_v36 = 0;
																			goto L49;
																		}
																		if(_v80 == 0) {
																			__eflags = _v68;
																			if(_v68 != 0) {
																				goto L75;
																			} else {
																				goto L46;
																			}
																		}
																		L46:
																		if(_v25 != 0) {
																			_v36 = 0xc0000023;
																			goto L49;
																		} else {
																			_v36 = 0;
																			goto L48;
																		}
																	}
																}
																L39:
																if(_v37 == 0) {
																	__eflags = E0162ADDB( &_v60,  &_v116);
																	if(__eflags == 0) {
																		_t478 = 0;
																		__eflags = 0;
																	} else {
																		_push( &_v20);
																		_push(0xfffffffc);
																		_push(0x10);
																		_push(_v116 & 0x0000ffff);
																		_t382 = E0162A557(_t478, _t516, _t518, __eflags);
																		__eflags = _t382;
																		_t478 = _t478 & 0xffffff00 | _t382 >= 0x00000000;
																	}
																	E01603D00(_t480,  &_v60,  &_v20);
																	__eflags = _t478;
																	if(_t478 != 0) {
																		goto L40;
																	} else {
																		goto L44;
																	}
																}
																L40:
																if(_v80 == 0) {
																	__eflags = _v68;
																	if(_v68 != 0) {
																		 *_v68 = 0x55;
																	}
																} else {
																	if(_v68 != 0) {
																		_t377 = _v60 & 0x0000ffff;
																		_t480 = _v68;
																		_t518 = (_v60 & 0x0000ffff) >> 1;
																		if( *_v68 <= _t518) {
																			_v25 = 1;
																		} else {
																			_t516 = _v80;
																			E01604830(_t516, _v56, _t377);
																			 *((short*)(_t516 + _t518 * 2)) = 0;
																		}
																	}
																}
																goto L44;
															}
															continue;
															L161:
															E01603D00(_t480,  &_v60, _t518);
															_push( &_v25);
															_push(_v92);
															_push(_v44);
															_push(_v104);
															_push(_v76);
															_push(_v64);
															_push(_v56);
															_push(_v60);
															_t366 = E015D8792(_t478, _t516, _t518, __eflags);
															__eflags = _t366;
															if(_t366 != 0) {
																goto L37;
															}
															_t295 =  &_v24;
															 *_t295 = _v24 + 1;
															__eflags =  *_t295;
															_t383 = _t518;
															_t297 = _t383 + 2; // 0x2
															_t503 = _t297;
															do {
																_t480 =  *_t383;
																_t383 = _t383 + 2;
																__eflags = _t480;
															} while (_t480 != 0);
															goto L164;
														}
													} else {
														goto L150;
													}
													while(1) {
														L150:
														__eflags = _t518;
														if(_t518 == 0) {
															goto L155;
														}
														__eflags =  *_t518;
														if( *_t518 == 0) {
															goto L155;
														}
														_t391 = _t518;
														_t516 = _t516 + 1;
														__eflags = _t516;
														_t276 = _t391 + 2; // 0x2
														_t503 = _t276;
														do {
															_t480 =  *_t391;
															_t391 = _t391 + 2;
															__eflags = _t480;
														} while (_t480 != 0);
														_t518 = _t518 + 2 + (_t391 - _t503 >> 1) * 2;
														__eflags = _t516 - _t478;
														if(_t516 < _t478) {
															continue;
														}
														goto L155;
													}
													goto L155;
												} else {
													_t396 =  *_v68;
													__eflags = _t396;
													if(_t396 == 0) {
														goto L149;
													}
													_t525 = _v80;
													__eflags = _t525;
													if(_t525 == 0) {
														goto L149;
													}
													_t397 = E016806DD(_t525, _t396, 0);
													__eflags = _t397;
													if(_t397 == 0) {
														goto L149;
													}
													__eflags = _v37;
													_push(_t525);
													if(_v37 != 0) {
														_push( &_v60);
														E01603D00(_t480);
														_t402 = E0162ADDB( &_v60,  &_v112);
														L147:
														__eflags = _t402;
														if(_t402 != 0) {
															_v38 = 1;
														}
														goto L149;
													}
													_push( &_v136);
													E01603D00(_t480);
													_push( &_v112);
													_push(0x10);
													_push( &_v136);
													_t407 = E0164003C(_t478, _t516, _t525, __eflags);
													__eflags = _t407;
													if(_t407 < 0) {
														goto L149;
													}
													_t518 = 0xaa;
													_t410 = E016229EE( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, 0xaa);
													_v100 = _t410;
													__eflags = _t410;
													if(_t410 == 0) {
														L50:
														if(_v48 != 0) {
															E01622882(_t480,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v48);
														}
														L52:
														if(_v72 != 0) {
															E01622882(_t480,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v72);
														}
														goto L53;
													}
													_v56 = _t410;
													_v60 = 0;
													_v58 = 0xaa;
													_t402 = E0162925B(_t480, _t503, _v112,  &_v60);
													goto L147;
												}
											}
											__eflags = _v48;
											if(_v48 == 0) {
												E016828FE(_v108,  &_v48,  &_v140);
											}
											_t478 = _v24;
											_t518 = _v48;
											_t516 = 0;
											__eflags = _t478;
											if(_t478 <= 0) {
												L127:
												__eflags = _t478 - _v32;
												if(_t478 >= _v32) {
													goto L56;
												} else {
													goto L128;
												}
												while(1) {
													L128:
													__eflags = _t518;
													if(_t518 == 0) {
														goto L37;
													}
													__eflags =  *_t518;
													if( *_t518 == 0) {
														goto L37;
													}
													E01603D00(_t480,  &_v60, _t518);
													_push( &_v25);
													_push(_v92);
													_push(_v44);
													_push(_v104);
													_push(_v76);
													_push(_v64);
													_push(_v56);
													_push(_v60);
													_t420 = E015D8792(_t478, _t516, _t518, __eflags);
													__eflags = _t420;
													if(_t420 != 0) {
														goto L37;
													}
													_t240 =  &_v24;
													 *_t240 = _v24 + 1;
													__eflags =  *_t240;
													_t421 = _t518;
													_t242 = _t421 + 2; // 0x2
													_t503 = _t242;
													do {
														_t480 =  *_t421;
														_t421 = _t421 + 2;
														__eflags = _t480;
													} while (_t480 != 0);
													_t518 = _t518 + 2 + (_t421 - _t503 >> 1) * 2;
													__eflags = _v24 - _v32;
													if(_v24 >= _v32) {
														goto L37;
													}
												}
												goto L37;
											} else {
												while(1) {
													__eflags = _t518;
													if(_t518 == 0) {
														goto L127;
													}
													__eflags =  *_t518;
													if( *_t518 == 0) {
														goto L127;
													}
													_t426 = _t518;
													_t516 = _t516 + 1;
													__eflags = _t516;
													_t226 = _t426 + 2; // 0x2
													_t503 = _t226;
													do {
														_t480 =  *_t426;
														_t426 = _t426 + 2;
														__eflags = _t480;
													} while (_t480 != 0);
													_t518 = _t518 + 2 + (_t426 - _t503 >> 1) * 2;
													__eflags = _t516 - _t478;
													if(_t516 < _t478) {
														continue;
													}
													goto L127;
												}
												goto L127;
											}
										}
										if(_v48 == 0) {
											_t518 = 0;
											_v52 = 0;
											E016292B9(0x30,  &_v84, 0,  &_v52);
											__eflags = _v52;
											if(_v52 <= 0) {
												L111:
												_v24 = _v32;
												goto L33;
											}
											_t450 = E015DA860(_t480, _v52, 2);
											__eflags = _t450;
											if(_t450 != 0) {
												_t480 =  *[fs:0x18];
												_t452 = E016229EE( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t450);
												_v48 = _t452;
												__eflags = _t452;
												if(_t452 == 0) {
													goto L111;
												}
												_t480 =  &_v52;
												_t454 = E016292B9(0x30,  &_v84, _t452,  &_v52);
												__eflags = _t454;
												if(_t454 >= 0) {
													goto L33;
												}
												goto L111;
											}
											_v36 = 0xc0000095;
											goto L52;
										}
										L33:
										_t478 = _v24;
										_t518 = _v48;
										_t516 = 0;
										if(_t478 > 0) {
											while(1) {
												__eflags = _t518;
												if(_t518 == 0) {
													goto L34;
												}
												__eflags =  *_t518;
												if( *_t518 == 0) {
													goto L34;
												}
												_t446 = _t518;
												_t516 = _t516 + 1;
												__eflags = _t516;
												_t216 = _t446 + 2; // 0x2
												_t503 = _t216;
												do {
													_t480 =  *_t446;
													_t446 = _t446 + 2;
													__eflags = _t480;
												} while (_t480 != 0);
												_t518 = _t518 + 2 + (_t446 - _t503 >> 1) * 2;
												__eflags = _t516 - _t478;
												if(_t516 >= _t478) {
													goto L34;
												}
											}
										}
										L34:
										if(_t478 >= _v32) {
											goto L56;
										} else {
											goto L35;
										}
										while(1) {
											L35:
											_t565 =  *_t518;
											if( *_t518 == 0) {
												goto L37;
											}
											E01603D00(_t480,  &_v60, _t518);
											_push( &_v25);
											_push(_v92);
											_push(_v44);
											_push(_v104);
											_push(_v76);
											_push(_v64);
											_push(_v56);
											_push(_v60);
											if(E015D8792(_t478, _t516, _t518, _t565) == 0) {
												_t132 =  &_v24;
												 *_t132 = _v24 + 1;
												__eflags =  *_t132;
												_t441 = _t518;
												_t134 = _t441 + 2; // 0x2
												_t503 = _t134;
												do {
													_t480 =  *_t441;
													_t441 = _t441 + 2;
													__eflags = _t480;
												} while (_t480 != 0);
												_t518 = _t518 + 2 + (_t441 - _t503 >> 1) * 2;
												__eflags = _v24 - _v32;
												if(_v24 >= _v32) {
													goto L37;
												} else {
													continue;
												}
											}
											goto L37;
										}
										goto L37;
									}
									_v36 = 0x80000006;
									goto L53;
								}
								_v36 = 0xc0000030;
								goto L53;
							}
							_t457 = _a4;
							if((_t457 & 0x00000004) != 0) {
								__eflags = _t457 & 0x00000008;
								if((_t457 & 0x00000008) == 0) {
									goto L11;
								}
								goto L98;
							}
							L11:
							_t503 = _t457 & 0x00000010;
							if(_t503 == 0 || (_t457 & 0x00000020) == 0) {
								if(_t503 == 0 || (_t457 & 0x00000040) == 0) {
									_t480 = _t457 & 0x00000020;
									if(_t480 != 0) {
										__eflags = _t457 & 0x00000040;
										if((_t457 & 0x00000040) == 0) {
											goto L16;
										}
										goto L98;
									}
									L16:
									_t516 = _t457 & 0x00000200;
									_t478 = 0x100;
									if(_t516 == 0 || (0x00000100 & _t457) == 0) {
										if(_t503 == 0 || _t480 == 0) {
											L20:
											_v88 = _t457;
											if(_t480 != 0) {
												_t523 = 2;
											} else {
												_t523 = (_t457 & 0x00000040 | 0x00000020) >> 5;
											}
											_t480 =  !(_t457 >> 2) & 0x00000001;
											_v37 =  !(_t457 >> 2) & 0x00000001;
											if(_t516 == 0) {
												__eflags = _t478 & _t457;
												if(__eflags != 0) {
													L63:
													_v44 = 1;
													_v96 = 1;
													goto L24;
												}
												_t477 = E015D8948(_t480, __eflags, _v44);
												__eflags = _t477;
												if(_t477 == 0) {
													goto L23;
												}
												goto L63;
											} else {
												L23:
												_v44 = 0;
												L24:
												_t459 = _t523 - 1;
												if(_t459 != 0) {
													_t460 = _t459 - 1;
													__eflags = _t460;
													if(_t460 == 0) {
														_v32 = _v32 & 0x00000000;
														E016828FE(_v108,  &_v48,  &_v32);
													} else {
														_t464 = _t460 - 1;
														__eflags = _t464;
														if(_t464 == 0) {
															_v32 = _v32 & _t464;
															E0168031C(_v64,  &_v32,  &_v72);
														}
													}
													L30:
													_v24 = _v24 & 0x00000000;
													goto L31;
												}
												_t516 = 0;
												_v52 = 0;
												E016292B9(0x30,  &_v84, 0,  &_v52);
												if(_v52 == 0) {
													goto L53;
												}
												if(E015DA860(_t480, _v52, 2) == 0) {
													_v36 = 0xc0000095;
													goto L53;
												}
												_t480 =  *[fs:0x18];
												_t473 = E016229EE( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t471);
												_v48 = _t473;
												if(_t473 == 0) {
													_v36 = 0xc0000017;
													goto L50;
												}
												_t480 =  &_v52;
												_t475 = E016292B9(0x30,  &_v84, _t473,  &_v52);
												if(_t475 < 0) {
													_v36 = _t475;
													goto L50;
												} else {
													_v32 = _v84;
													goto L30;
												}
											}
										} else {
											__eflags = _t457 & 0x00000040;
											if((_t457 & 0x00000040) == 0) {
												goto L20;
											}
											goto L98;
										}
									} else {
										goto L98;
									}
								} else {
									goto L98;
								}
							} else {
								goto L98;
							}
						}
					}
				}
			}

0x015d83f6
0x015d83fd
0x015d8403
0x015d8406
0x015d840c
0x015d8413
0x015d8416
0x015d841d
0x015d8420
0x015d8425
0x015d8429
0x015d842c
0x015d842d
0x015d8430
0x015d8433
0x015d8436
0x015d8439
0x015d843c
0x015d843f
0x015d8443
0x015d8444
0x015d8447
0x015d844a
0x015d844d
0x015d8450
0x015d8453
0x015d8458
0x01648e09
0x00000000
0x015d8466
0x015d846a
0x015d8471
0x015d8474
0x015d8779
0x015d878a
0x015d878a
0x015d8492
0x015d8494
0x015d8499
0x0165c672
0x015d875d
0x015d8761
0x015d8774
0x015d8774
0x00000000
0x015d8761
0x015d84a4
0x015d84ad
0x015d84b4
0x0165c744
0x0165c744
0x00000000
0x015d84c2
0x015d84c2
0x015d84c7
0x00000000
0x015d84df
0x015d84e1
0x015d84e5
0x015d84e7
0x015d84ec
0x015d84ee
0x0165c680
0x0165c683
0x0165c68a
0x0165c68d
0x0165c690
0x0165c693
0x0165c693
0x0165c695
0x0165c69a
0x0165c69c
0x0165c69e
0x0165c6a3
0x0165c6a3
0x0165c6a6
0x0165c6bd
0x0165c6bd
0x0165c6bf
0x0165c6a8
0x0165c6a9
0x0165c6a9
0x0165c6aa
0x0165c6b8
0x0165c6ac
0x0165c6ac
0x0165c6ac
0x0165c6ad
0x0165c6b1
0x0165c6b1
0x0165c6ad
0x0165c6aa
0x0165c6c2
0x0165c6c5
0x0165c6cc
0x0165c6cd
0x0165c6d0
0x0165c6d0
0x0165c6d5
0x0165c6d8
0x0165c6da
0x0165c6eb
0x0165c6ee
0x0165c6fc
0x0165c6ff
0x0165c701
0x0165c710
0x0165c710
0x0165c703
0x0165c705
0x0165c705
0x0165c71a
0x0165c71d
0x0165c720
0x015d85f2
0x015d85f5
0x0165c852
0x0165c855
0x0165c919
0x0165c91d
0x0165c92a
0x0165c92f
0x0165c931
0x0165c936
0x0165c936
0x0165c931
0x0165c939
0x0165c93d
0x0165c941
0x0165c9f6
0x0165c9f6
0x0165c9f9
0x0165c9fc
0x0165c9fe
0x0165ca00
0x0165ca28
0x0165ca28
0x0165ca2b
0x015d88e8
0x015d88e8
0x015d86ce
0x015d86ce
0x015d86d1
0x015d86de
0x015d86ee
0x015d86fb
0x015d8707
0x015d8713
0x015d871e
0x015d8723
0x015d8725
0x015d8728
0x015d872a
0x015d872d
0x015d8731
0x0165cb10
0x0165cb10
0x00000000
0x00000000
0x00000000
0x00000000
0x0165ca31
0x0165ca31
0x0165ca31
0x0165ca35
0x00000000
0x00000000
0x0165ca3b
0x0165ca41
0x0165ca42
0x0165ca44
0x00000000
0x00000000
0x0165ca46
0x0165ca46
0x0165ca46
0x0165ca49
0x0165ca4b
0x0165ca4b
0x0165ca4e
0x0165ca4e
0x0165ca52
0x0165ca53
0x0165ca56
0x00000000
0x00000000
0x0165ca58
0x0165ca9c
0x0165caa0
0x0165caa7
0x0165caaa
0x015d8654
0x015d865a
0x00000000
0x00000000
0x015d8664
0x01648dbb
0x01648dbf
0x00000000
0x01648dc5
0x015d86ad
0x015d86b2
0x01648e15
0x01648e15
0x00000000
0x01648e15
0x015d86bb
0x01648de1
0x01648de4
0x00000000
0x01648de6
0x00000000
0x01648de6
0x01648de4
0x015d86c1
0x015d86c5
0x0165caf3
0x00000000
0x015d86cb
0x015d86cb
0x00000000
0x015d86cb
0x015d86c5
0x01648dbf
0x015d866a
0x015d866e
0x0165cac2
0x0165cac4
0x0165cadf
0x0165cadf
0x0165cac6
0x0165cac9
0x0165cace
0x0165cad0
0x0165cad2
0x0165cad3
0x0165cad8
0x0165cada
0x0165cada
0x0165cae9
0x01648deb
0x01648ded
0x00000000
0x01648df3
0x00000000
0x01648df3
0x01648ded
0x015d8674
0x015d8679
0x01648dca
0x01648dcd
0x01648dd6
0x01648dd6
0x015d867f
0x015d8682
0x015d8684
0x015d8688
0x015d868d
0x015d8691
0x01648df8
0x015d8697
0x015d8697
0x015d869f
0x015d86a9
0x015d86a9
0x015d8691
0x015d8682
0x00000000
0x015d8679
0x00000000
0x0165ca5a
0x0165ca5f
0x0165ca67
0x0165ca68
0x0165ca6b
0x0165ca6e
0x0165ca71
0x0165ca74
0x0165ca77
0x0165ca7a
0x0165ca7d
0x0165ca82
0x0165ca84
0x00000000
0x00000000
0x0165ca8a
0x0165ca8a
0x0165ca8a
0x0165ca8d
0x0165ca8f
0x0165ca8f
0x0165ca92
0x0165ca92
0x0165ca96
0x0165ca97
0x0165ca97
0x00000000
0x0165ca92
0x00000000
0x00000000
0x00000000
0x0165ca02
0x0165ca02
0x0165ca02
0x0165ca04
0x00000000
0x00000000
0x0165ca06
0x0165ca0a
0x00000000
0x00000000
0x0165ca0c
0x0165ca0e
0x0165ca0e
0x0165ca0f
0x0165ca0f
0x0165ca12
0x0165ca12
0x0165ca16
0x0165ca17
0x0165ca17
0x0165ca20
0x0165ca24
0x0165ca26
0x00000000
0x00000000
0x00000000
0x0165ca26
0x00000000
0x0165c947
0x0165c94a
0x0165c94c
0x0165c94e
0x00000000
0x00000000
0x0165c954
0x0165c957
0x0165c959
0x00000000
0x00000000
0x0165c963
0x0165c968
0x0165c96a
0x00000000
0x00000000
0x0165c970
0x0165c974
0x0165c975
0x0165c9db
0x0165c9dc
0x0165c9e9
0x0165c9ee
0x0165c9ee
0x0165c9f0
0x0165c9f2
0x0165c9f2
0x00000000
0x0165c9f0
0x0165c97d
0x0165c97e
0x0165c986
0x0165c987
0x0165c98f
0x0165c990
0x0165c995
0x0165c997
0x00000000
0x00000000
0x0165c9a2
0x0165c9ad
0x0165c9b2
0x0165c9b5
0x0165c9b7
0x015d8737
0x015d873b
0x015d874e
0x015d874e
0x015d8753
0x015d8757
0x0165cb2b
0x0165cb2b
0x00000000
0x015d8757
0x0165c9bd
0x0165c9c2
0x0165c9cd
0x0165c9d1
0x00000000
0x0165c9d1
0x0165c941
0x0165c85b
0x0165c85f
0x0165c86f
0x0165c86f
0x0165c874
0x0165c877
0x0165c87a
0x0165c87c
0x0165c87e
0x0165c8a6
0x0165c8a6
0x0165c8a9
0x00000000
0x00000000
0x00000000
0x00000000
0x0165c8af
0x0165c8af
0x0165c8af
0x0165c8b1
0x00000000
0x00000000
0x0165c8b7
0x0165c8bb
0x00000000
0x00000000
0x0165c8c6
0x0165c8ce
0x0165c8cf
0x0165c8d2
0x0165c8d5
0x0165c8d8
0x0165c8db
0x0165c8de
0x0165c8e1
0x0165c8e4
0x0165c8e9
0x0165c8eb
0x00000000
0x00000000
0x0165c8f1
0x0165c8f1
0x0165c8f1
0x0165c8f4
0x0165c8f6
0x0165c8f6
0x0165c8f9
0x0165c8f9
0x0165c8fd
0x0165c8fe
0x0165c8fe
0x0165c907
0x0165c90e
0x0165c911
0x00000000
0x00000000
0x0165c917
0x00000000
0x0165c880
0x0165c880
0x0165c880
0x0165c882
0x00000000
0x00000000
0x0165c884
0x0165c888
0x00000000
0x00000000
0x0165c88a
0x0165c88c
0x0165c88c
0x0165c88d
0x0165c88d
0x0165c890
0x0165c890
0x0165c894
0x0165c895
0x0165c895
0x0165c89e
0x0165c8a2
0x0165c8a4
0x00000000
0x00000000
0x00000000
0x0165c8a4
0x00000000
0x0165c880
0x0165c87e
0x015d85ff
0x0165c7af
0x0165c7b8
0x0165c7bb
0x0165c7c0
0x0165c7c3
0x0165c813
0x0165c816
0x00000000
0x0165c816
0x0165c7ca
0x0165c7cf
0x0165c7d1
0x0165c7df
0x0165c7ef
0x0165c7f4
0x0165c7f7
0x0165c7f9
0x00000000
0x00000000
0x0165c7fb
0x0165c806
0x0165c80b
0x0165c80d
0x00000000
0x00000000
0x00000000
0x0165c80d
0x0165c7d3
0x00000000
0x0165c7d3
0x015d8605
0x015d8605
0x015d8608
0x015d860b
0x015d860f
0x0165c81e
0x0165c81e
0x0165c820
0x00000000
0x00000000
0x0165c826
0x0165c82a
0x00000000
0x00000000
0x0165c830
0x0165c832
0x0165c832
0x0165c833
0x0165c833
0x0165c836
0x0165c836
0x0165c83a
0x0165c83b
0x0165c83b
0x0165c844
0x0165c848
0x0165c84a
0x00000000
0x00000000
0x0165c850
0x0165c81e
0x015d8615
0x015d8618
0x00000000
0x00000000
0x00000000
0x00000000
0x015d861e
0x015d861e
0x015d861e
0x015d8622
0x00000000
0x00000000
0x015d8629
0x015d8631
0x015d8632
0x015d8635
0x015d8638
0x015d863b
0x015d863e
0x015d8641
0x015d8644
0x015d864e
0x015d88f4
0x015d88f4
0x015d88f4
0x015d88f7
0x015d88f9
0x015d88f9
0x015d88fc
0x015d88fc
0x015d8900
0x015d8901
0x015d8901
0x015d890a
0x015d8911
0x015d8914
0x00000000
0x015d891a
0x00000000
0x015d891a
0x015d8914
0x00000000
0x015d864e
0x00000000
0x015d861e
0x0165c6f0
0x00000000
0x0165c6f0
0x0165c6dc
0x00000000
0x0165c6dc
0x015d84f4
0x015d84f9
0x0165c728
0x0165c72a
0x00000000
0x00000000
0x00000000
0x0165c730
0x015d84ff
0x015d8501
0x015d8504
0x015d8510
0x015d851c
0x015d851f
0x0165c732
0x0165c734
0x00000000
0x00000000
0x00000000
0x0165c73a
0x015d8525
0x015d8527
0x015d852d
0x015d8532
0x015d853e
0x015d8548
0x015d8548
0x015d854d
0x0165c752
0x015d8553
0x015d855b
0x015d855b
0x015d8565
0x015d8568
0x015d856d
0x015d891f
0x015d8921
0x015d8933
0x015d8933
0x015d8937
0x00000000
0x015d8937
0x015d8926
0x015d892b
0x015d892d
0x00000000
0x00000000
0x00000000
0x015d8573
0x015d8573
0x015d8573
0x015d8577
0x015d8579
0x015d857a
0x0165c758
0x0165c758
0x0165c759
0x0165c77a
0x0165c789
0x0165c75b
0x0165c75b
0x0165c75b
0x0165c75c
0x0165c762
0x0165c770
0x0165c770
0x0165c75c
0x015d85ee
0x015d85ee
0x00000000
0x015d85ee
0x015d8584
0x015d858d
0x015d8590
0x015d8598
0x00000000
0x00000000
0x015d85aa
0x0165c793
0x00000000
0x0165c793
0x015d85b0
0x015d85c0
0x015d85c5
0x015d85ca
0x0165c79f
0x00000000
0x0165c79f
0x015d85d0
0x015d85db
0x015d85e2
0x01648e01
0x00000000
0x015d85e8
0x015d85eb
0x00000000
0x015d85eb
0x015d85e2
0x0165c73c
0x0165c73c
0x0165c73e
0x00000000
0x00000000
0x00000000
0x0165c73e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x015d8504
0x015d84c7
0x015d84b4

Strings

#, xrefs: 0165CAF3

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: eaf8b9b8bc1b9bca7953b479cebcd6360bc33e28f28dc49759afb70ddde3c515
Instruction ID: e68f28dd3a4fcc9f894f5058f924ccbb8de75bdaaa0d59af6adeb28213fd37bf
Opcode Fuzzy Hash: eaf8b9b8bc1b9bca7953b479cebcd6360bc33e28f28dc49759afb70ddde3c515
Instruction Fuzzy Hash: 83527B72D0021A9BEF26DF98CC40BEEBBB9FF18340F05442AE951BB251D7749945CBA4

Uniqueness

Uniqueness Score: 0.05%

Function 0162B594, Relevance: 1.7, Strings: 1, Instructions: 436
COMMONCrypto

C-Code - Quality: 95%

			E0162B594(char* __edx, signed int _a4, char* _a8, signed int _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, char _a36) {
				char _v5;
				char _v6;
				intOrPtr _v12;
				char* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				unsigned int _v44;
				signed int _v48;
				char* _v52;
				signed int _v56;
				intOrPtr _v60;
				short _v62;
				char _v64;
				intOrPtr _v68;
				short _v70;
				char _v72;
				char* __ebx;
				signed int __esi;
				signed int _t202;
				intOrPtr _t213;
				intOrPtr _t215;
				intOrPtr _t227;
				intOrPtr _t232;
				intOrPtr _t234;
				intOrPtr _t238;
				intOrPtr _t239;
				intOrPtr _t244;
				short* _t247;
				intOrPtr _t251;
				intOrPtr _t262;
				intOrPtr _t269;
				intOrPtr _t270;
				intOrPtr _t276;
				signed char _t284;
				char* _t286;
				signed int _t287;
				void* _t288;
				intOrPtr _t290;

				_t285 = __edx;
				_t271 = _a12;
				_v36 = _v36 | 0xffffffff;
				_v56 = _v56 | 0xffffffff;
				_v28 = _v28 | 0xffffffff;
				_v72 = 0;
				_t286 =  &_v70;
				asm("stosd");
				_v12 = 0;
				asm("stosw");
				_v52 = 0;
				_v40 = 0;
				_v32 = 0;
				_v6 = 0;
				_v5 = 0;
				_v16 = 0;
				_v24 = 0;
				if(_a12 == 0) {
					L8:
					return 0xc000000d;
				} else {
					__eax =  *__ecx;
					if(__eax == 0) {
						goto L8;
					}
					__ebx = _a8;
					if(__ebx == 0 ||  *((intOrPtr*)(__eax + 4)) > __si) {
						goto L8;
					} else {
						if((_a4 & 0x00010000) != 0) {
							_v5 = 1;
						}
						__eax =  *[fs:0x18];
						if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) == __esi) {
							__eax = 0;
						} else {
							 *[fs:0x18] =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
							__eax =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0xfbc))));
						}
						if(__eax == __esi) {
							__eax = 0;
						} else {
							__eax =  *((intOrPtr*)(__eax + 0x20));
						}
						_v44 = __eax;
						_a8 = __ecx;
						if(_v5 != 0 || (__al & 0x00000006) == 0) {
							L31:
							 *[fs:0x18] =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							_v20 = __esi;
							__eax = E016229EE( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, 0x154);
							_v16 = __eax;
							if(__eax == __esi) {
								__eax = 0xc0000017;
								return 0xc0000017;
							}
							if(_v5 != 0) {
								L34:
								_t290 = _a20;
								_t287 = 0;
								if(_t290 != 0) {
									if(_v5 != 0) {
										goto L35;
									}
									_a16 = 0;
									if(0 >=  *(_t290 + 4)) {
										goto L35;
									} else {
										goto L80;
									}
									while(1) {
										L80:
										_t271 =  *((intOrPtr*)(_t290 + 0x10)) + _t287;
										if(0 ==  *( *((intOrPtr*)(_t290 + 0x10)) + _t287)) {
											goto L85;
										}
										_v60 = _v16;
										_v64 = 0;
										_v62 = 0xaa;
										_t259 =  *((intOrPtr*)(_t290 + 0xc));
										if( *((intOrPtr*)(_t290 + 0xc)) == 0) {
											_t259 = _t270;
										}
										_t285 =  &_v64;
										if(E0162B8FF(_t259, _t271,  &_v64) >= 0) {
											_push(0);
											_t262 = E0162B97F( &_v36, _a8, _t270, 0,  &_v36, _v60);
											_v12 = _t262;
											if(_t262 < 0) {
												goto L69;
											}
										}
										L85:
										_a16 = _a16 + 1;
										_t287 = _t287 + 6;
										if(_a16 >= ( *(_t290 + 4) & 0x0000ffff)) {
											goto L35;
										}
									}
								}
								L35:
								_t202 = _a4 & 0x00000020;
								_a16 = _t202;
								if(_t202 == 0) {
									L52:
									if((_a4 & 0x00000040) != 0) {
										L60:
										if(_v6 != 0 && _a8 != 0) {
											_t213 = E0162E436(_t271, _t285,  *_a8, _t270, _v44 >> 0x00000002 & 1, _v52, _a12);
											_v12 = _t213;
											if(_t213 >= 0 && _a16 != 0 && (_a4 & 0x00000010) != 0) {
												_push(0);
												_t215 = E0162B97F( &_v56, _a12, _t270, 0,  &_v56, _v68);
												_v12 = _t215;
												if(_t215 < 0) {
													goto L69;
												}
												if(_v28 < 0) {
													_v12 = E01628E06(_t270, _v48, 1,  &_v28);
												}
												if(_v12 >= 0) {
													_t271 =  *((intOrPtr*)( *((intOrPtr*)(_t270 + 0x14)) + 0xc)) + _v28 * 0x1c;
													if(( *( *((intOrPtr*)( *((intOrPtr*)(_t270 + 0x14)) + 0xc)) + _v28 * 0x1c) & 0x00000006) != 0) {
														if(_v20 == 0) {
															L97:
															_t220 =  *((intOrPtr*)(_t270 + 0x1c));
															L98:
															_push(_a4);
															_v12 = E01681082(_t270, _t271, _t285, _t290, _a12, _t271, _t270, _t220);
															goto L69;
														}
														_t220 = _v24;
														if(_v24 != 0) {
															goto L98;
														}
														goto L97;
													}
												}
											}
										}
										goto L69;
									}
									if(_a36 != 0) {
										if(_v40 > 0) {
											goto L60;
										}
									}
									_v68 = _v16 + 0xaa;
									_v72 = 0;
									_v70 = 0xaa;
									_t227 = E0162B52F(_t271,  &_v48, _t270);
									_v12 = _t227;
									if(_t227 < 0) {
										goto L69;
									}
									if(E0162925B(_t271, _t285, _v48 & 0x0000ffff,  &_v72) == 0) {
										_v12 = 0xc0000001;
										goto L69;
									}
									_t232 = E01628E06(_t270, _v48, 1,  &_v28);
									_v12 = _t232;
									if(_t232 < 0) {
										goto L69;
									}
									_push(0);
									_t234 = E0162B97F( &_v56, _a8, _t270, 0,  &_v56, _v68);
									_v12 = _t234;
									if(_t234 >= 0 && _a16 != 0) {
										_t271 =  *((intOrPtr*)( *((intOrPtr*)(_t270 + 0x14)) + 0xc)) + _v28 * 0x1c;
										if(( *( *((intOrPtr*)( *((intOrPtr*)(_t270 + 0x14)) + 0xc)) + _v28 * 0x1c) & 0x00000006) != 0) {
											if(_v20 == 0) {
												L91:
												_t237 =  *((intOrPtr*)(_t270 + 0x1c));
												L92:
												_push(_a4);
												_t238 = E01681082(_t270, _t271, _t285, _t290, _a8, _t271, _t270, _t237);
												_v12 = _t238;
												if(_t238 >= 0) {
													goto L60;
												}
												goto L69;
											}
											_t237 = _v24;
											if(_v24 != 0) {
												goto L92;
											}
											goto L91;
										}
									}
									goto L60;
								}
								_t239 = _a24;
								_t290 = 0;
								if(_t239 == 0 ||  *(_t239 + 4) <= 0) {
									_t239 = _a28;
									if(_t239 == _t290 ||  *(_t239 + 4) <= _t290) {
										goto L52;
									} else {
										goto L40;
									}
								} else {
									L40:
									_v20 = _t239;
									if( *((char*)(_t239 + 8)) == 0) {
										_t276 = _a32;
										if(_t276 == _t290) {
											_t276 =  *((intOrPtr*)(_t270 + 0x20));
										}
									} else {
										_t276 =  *((intOrPtr*)(_t270 + 0x1c));
									}
									_v24 = _t276;
									_t271 = 0;
									_t288 = 0;
									if(0 <  *(_t239 + 4)) {
										do {
											_t241 =  *((intOrPtr*)(_t239 + 0x10)) + _t290;
											if(0 ==  *((intOrPtr*)( *((intOrPtr*)(_t239 + 0x10)) + _t290))) {
												goto L51;
											}
											_v60 = _v16;
											_v64 = 0;
											_v62 = 0xaa;
											if(E0162B8FF(_t270, _t241,  &_v64) < 0) {
												goto L51;
											}
											_push(0);
											_t244 = E0162B97F( &_v36, _a8, _t270, 1,  &_v36, _v60);
											_v12 = _t244;
											if(_t244 >= 0 && (_a4 & 0x00000010) != 0) {
												_t247 =  *((intOrPtr*)(_v20 + 0x10)) + _t290;
												if( *_t247 != 2) {
													goto L51;
												}
												_t250 =  *(_t247 + 4) * 0x1c +  *((intOrPtr*)( *((intOrPtr*)(_t270 + 0x14)) + 0xc));
												_t284 =  *( *(_t247 + 4) * 0x1c +  *((intOrPtr*)( *((intOrPtr*)(_t270 + 0x14)) + 0xc))) & 0x0000ffff;
												if((_t284 & 0x00000007) == 0) {
													goto L51;
												}
												if((_t284 & 0x00000006) != 0) {
													_push(_a4);
													_t251 = E01681082(_t270, _t284, _t285, _t290, _a8, _t250, _t270, _v24);
													_v12 = _t251;
													if(_t251 >= 0) {
														goto L50;
													}
													goto L51;
												}
												L50:
												_v40 = _v40 + 1;
											}
											L51:
											_t239 = _v20;
											_t271 =  *(_t239 + 4) & 0x0000ffff;
											_t288 = _t288 + 1;
											_t290 = _t290 + 6;
										} while (_t288 < ( *(_t239 + 4) & 0x0000ffff));
									}
									goto L52;
								}
							}
							__esi = _a16;
							if(__esi != 0) {
								goto L1;
							}
							goto L34;
						} else {
							_v52 = __eax;
							__eax =  &_v32;
							_v6 = 1;
							_a8 =  &_v32;
							__eax = E0162B115( &_v32, __ebx, 0x19, __esi);
							_v12 = __eax;
							if(__eax < __esi) {
								L69:
								if(_v32 != 0) {
									E0162ACF7(_t271, _v32);
								}
								if(_v16 != 0) {
									E01622882(_t271,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v16);
								}
								return _v12;
							}
							__esi = 0;
							goto L31;
						}
					}
				}
				L1:
				_a16 = 0;
				if(0 <  *0x00000004) {
					while(1) {
						_t271 =  *0x00000010 + _t286;
						if(0 ==  *( *0x00000010 + _t286)) {
							goto L13;
						}
						_v60 = _v16;
						_v64 = 0;
						_v62 = 0xaa;
						_t266 =  *0x0000000C;
						if( *0x0000000C == 0) {
							_t266 = _t270;
						}
						_t285 =  &_v64;
						if(E0162B8FF(_t266, _t271,  &_v64) >= 0) {
							_push(0);
							_t269 = E0162B97F( &_v36, _a8, _t270, 0,  &_v36, _v60);
							_v12 = _t269;
							if(_t269 < 0) {
								goto L69;
							}
						}
						L13:
						_a16 = _a16 + 1;
						_t286 = _t286 + 6;
						if(_a16 >= ( *0x00000004 & 0x0000ffff)) {
							goto L34;
						}
					}
				}
				goto L34;
			}

0x0162b594
0x0162b59c
0x0162b59f
0x0162b5a3
0x0162b5a7
0x0162b5b2
0x0162b5b6
0x0162b5b9
0x0162b5ba
0x0162b5bd
0x0162b5bf
0x0162b5c2
0x0162b5c5
0x0162b5c8
0x0162b5cc
0x0162b5d0
0x0162b5d3
0x0162b5d8
0x015db8f1
0x00000000
0x0162b5de
0x0162b5de
0x0162b5e2
0x00000000
0x00000000
0x0162b5e8
0x0162b5ed
0x00000000
0x0162b5fd
0x0162b604
0x01640b57
0x01640b57
0x0162b60a
0x0162b616
0x015fb9c2
0x0162b61c
0x0162b622
0x0162b628
0x0162b628
0x0162b62c
0x015fb9c9
0x0162b632
0x0162b632
0x0162b632
0x0162b639
0x0162b63c
0x0162b63f
0x0162b66c
0x0162b672
0x0162b67f
0x0162b682
0x0162b687
0x0162b68c
0x0165be90
0x00000000
0x0165be90
0x0162b696
0x0162b6a5
0x0162b6a5
0x0162b6a8
0x0162b6ac
0x0165bea5
0x00000000
0x00000000
0x0165bead
0x0165beb4
0x00000000
0x00000000
0x00000000
0x00000000
0x0165beba
0x0165beba
0x0165bebd
0x0165bec5
0x00000000
0x00000000
0x0165beca
0x0165becf
0x0165bed8
0x0165bedc
0x0165bee1
0x0165bee3
0x0165bee3
0x0165bee5
0x0165bef2
0x0165bef4
0x0165bf03
0x0165bf08
0x0165bf0d
0x00000000
0x00000000
0x0165bf0d
0x0165bf13
0x0165bf17
0x0165bf1a
0x0165bf20
0x00000000
0x00000000
0x0165bf26
0x0165beba
0x0162b6b2
0x0162b6b5
0x0162b6b8
0x0162b6bb
0x0162b79b
0x0162b79f
0x0162b847
0x0162b84b
0x0162b86b
0x0162b870
0x0162b875
0x0162b883
0x0162b892
0x0162b897
0x0162b89c
0x00000000
0x00000000
0x0162b8a3
0x0165bf82
0x0165bf82
0x0162b8ad
0x0162b8bc
0x0162b8c1
0x0165bf8e
0x0165bf97
0x0165bf97
0x0165bf9a
0x0165bf9a
0x0165bfa8
0x00000000
0x0165bfa8
0x0165bf90
0x0165bf95
0x00000000
0x00000000
0x00000000
0x0165bf95
0x0162b8c1
0x0162b8ad
0x0162b875
0x00000000
0x0162b84b
0x0162b7a9
0x015ed04c
0x00000000
0x00000000
0x015ed052
0x0162b7b7
0x0162b7bc
0x0162b7c5
0x0162b7ce
0x0162b7d3
0x0162b7d8
0x00000000
0x00000000
0x0162b7ee
0x015db8e5
0x00000000
0x015db8e5
0x0162b7fe
0x0162b803
0x0162b808
0x00000000
0x00000000
0x0162b80e
0x0162b81d
0x0162b822
0x0162b827
0x0162b83c
0x0162b841
0x0165bf49
0x0165bf52
0x0165bf52
0x0165bf55
0x0165bf55
0x0165bf5e
0x0165bf63
0x0165bf68
0x00000000
0x00000000
0x00000000
0x0165bf6e
0x0165bf4b
0x0165bf50
0x00000000
0x00000000
0x00000000
0x0165bf50
0x0162b841
0x00000000
0x0162b827
0x0162b6c1
0x0162b6c4
0x0162b6c8
0x0162b6d0
0x0162b6d5
0x00000000
0x00000000
0x00000000
0x00000000
0x0162b6e5
0x0162b6e5
0x0162b6e9
0x0162b6ec
0x015db8c5
0x015db8ca
0x0165bf28
0x0165bf28
0x0162b6f2
0x0162b6f2
0x0162b6f2
0x0162b6f5
0x0162b6f8
0x0162b6fa
0x0162b700
0x0162b706
0x0162b709
0x0162b710
0x00000000
0x00000000
0x0162b715
0x0162b71a
0x0162b723
0x0162b734
0x00000000
0x00000000
0x0162b736
0x0162b745
0x0162b74a
0x0162b74f
0x0162b75d
0x0162b763
0x00000000
0x00000000
0x0162b772
0x0162b774
0x0162b77a
0x00000000
0x00000000
0x0162b77f
0x0165bf30
0x0165bf3b
0x015db8d5
0x015db8da
0x00000000
0x00000000
0x00000000
0x015db8e0
0x0162b785
0x0162b785
0x0162b785
0x0162b788
0x0162b788
0x0162b78b
0x0162b78f
0x0162b790
0x0162b793
0x0162b706
0x00000000
0x0162b700
0x0162b6c8
0x0162b698
0x0162b69f
0x00000000
0x00000000
0x00000000
0x0162b645
0x0162b64b
0x0162b64e
0x0162b653
0x0162b657
0x0162b65a
0x0162b661
0x0162b664
0x0162b8c7
0x0162b8cc
0x0162b8d1
0x0162b8d1
0x0162b8d9
0x0162b8eb
0x0162b8eb
0x00000000
0x0162b8f0
0x0162b66a
0x00000000
0x0162b66a
0x0162b63f
0x0162b5ed
0x015db8b5
0x015db8b7
0x015db8be
0x015db8fb
0x015db8fe
0x015db906
0x00000000
0x00000000
0x015db90b
0x015db910
0x015db919
0x015db91d
0x015db922
0x0165be9a
0x0165be9a
0x015db928
0x015db935
0x015db937
0x015db946
0x015db94b
0x015db950
0x00000000
0x00000000
0x015db950
0x015db956
0x015db95a
0x015db95d
0x015db963
0x00000000
0x00000000
0x015db969
0x015db8fb
0x00000000

Strings

8@8, xrefs: 0162B596

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID: 8@8
API String ID: 0-222468769
Opcode ID: 6a915ed44c300d4b82901553f75c131170236865fb61e9903a7289a5644762fd
Instruction ID: eb556a46bbcdf518ed492104c4becf5a70780f58f87e53d21ed525fc94fcd5f5
Opcode Fuzzy Hash: 6a915ed44c300d4b82901553f75c131170236865fb61e9903a7289a5644762fd
Instruction Fuzzy Hash: F8F17D70A0066AAFDF25CFA8CC80BAEBBB6FF04304F058459E944AB291D775D941CF54

Uniqueness

Uniqueness Score: 0.10%

Function 015FDCFB, Relevance: 1.6, Strings: 1, Instructions: 373
COMMONCrypto

C-Code - Quality: 98%

			E015FDCFB(signed short* _a4, signed int _a8, signed int* _a12) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				unsigned int _v96;
				signed int __esi;
				signed int _t205;
				signed int _t206;
				void* _t220;
				signed int _t222;
				signed char _t225;
				signed int _t228;
				unsigned int _t230;
				signed int _t232;
				signed int _t237;
				signed int _t238;
				signed int _t241;
				signed int _t243;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				signed int _t251;
				signed int _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;
				signed int* _t258;
				signed int _t260;
				signed int _t261;
				unsigned int _t262;
				signed int _t263;
				signed char _t264;
				intOrPtr _t265;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t278;
				signed int _t280;
				signed short* _t281;
				signed int _t293;
				signed int _t295;
				signed int* _t296;
				signed int _t298;
				intOrPtr _t299;
				unsigned int _t301;
				signed int _t303;
				signed int _t304;

				_t260 = 0;
				_t301 = _a8 >> 1;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v44 = 0;
				_v40 = 0;
				_v88 = 0;
				_v84 = 0;
				_v72 = 0;
				_v68 = 0;
				_v64 = 0;
				_v60 = 0;
				_v36 = 0;
				_v80 = 0;
				_v76 = 0;
				_v92 = 0;
				_v20 = 0;
				_v28 = 0;
				_v24 = 0;
				_v32 = 0;
				_v16 = 0;
				_v8 = 0;
				_v96 = _t301;
				if(_t301 > 0x100) {
					_v12 = 0x100;
					L31:
					__eflags = _a8 - 2;
					_t281 = _a4;
					if(__eflags == 0) {
						__eflags =  *_t281 - _t260;
						if( *_t281 == _t260) {
							L37:
							__eflags = _v12 - _t260;
							if(_v12 <= _t260) {
								_t295 = _a8;
								_t263 = _a8;
								L56:
								if(_t263 == 0xd) {
									__eflags = _v20 - 0xa;
									if(_v20 == 0xa) {
										L22:
										_v16 = _v16 + 1;
										L58:
										if(_t295 == _t260) {
											_v36 = _v36 - 1;
										}
										if(_t295 == 0x1a) {
											_v16 = _v16 + 1;
										}
										_t264 = _a8;
										_v12 = 0x200;
										if(_t264 <= 0x200) {
											_v12 = _t264;
										}
										_t265 =  *0x16aec41; // 0x0
										if(_t265 != 0) {
											_t205 = 0;
											__eflags = _v12 - _t260;
											if(_v12 <= _t260) {
												goto L64;
											} else {
												goto L120;
											}
											while(1) {
												L120:
												_t303 =  *(_t281 + _t205) & 0x000000ff;
												_t299 =  *0x163c238; // 0x16af460
												__eflags =  *((intOrPtr*)(_t299 + _t303 * 2)) - _t260;
												if( *((intOrPtr*)(_t299 + _t303 * 2)) != _t260) {
													_v32 = _v32 + 1;
													_t205 = _t205 + 1;
													__eflags = _t205;
												}
												_t205 = _t205 + 1;
												__eflags = _t205 - _v12;
												if(_t205 >= _v12) {
													goto L64;
												}
											}
											goto L64;
										} else {
											L64:
											if(_v24 < 0x7f) {
												__eflags = _v28 - _t260;
												if(_v28 != _t260) {
													L16:
													__eflags = _v24 - _t260;
													if(_v24 == _t260) {
														_v8 = _v8 | 0x00000010;
													}
													L66:
													_t296 = _a12;
													if(_t265 != 0) {
														__eflags = _v32 - _t260;
														if(_v32 == _t260) {
															goto L67;
														}
														__eflags = _t296 - _t260;
														if(_t296 == _t260) {
															goto L67;
														}
														__eflags =  *_t296 & 0x00000400;
														if(( *_t296 & 0x00000400) == 0) {
															goto L67;
														}
														_t230 = _v96;
														_t261 = 0x100;
														__eflags = _t230 - 0x100;
														if(_t230 > 0x100) {
															_t230 = 0x100;
														}
														_t274 = (_t230 >> 1) - 1;
														_t298 = 3;
														_t232 = _t274;
														_push(_t298);
														__eflags = _v32 - _t232 / _t298;
														if(_v32 >= _t232 / _t298) {
															_pop(_t275);
															__eflags = _v32 - (_t274 + _t274) / _t275;
															_t278 = (0 | _v32 - (_t274 + _t274) / _t275 > 0x00000000) + 1;
															__eflags = _t278;
															_t206 = _t278;
														} else {
															_pop(_t206);
														}
														_v8 = _v8 | 0x00000400;
														_t296 = _a12;
														L68:
														if(_t206 * _v28 < _v24) {
															_v8 = _v8 | 0x00000002;
														}
														if(_t206 * _v24 < _v28) {
															_v8 = _v8 | 0x00000020;
														}
														if(_v40 + _v44 + _v48 + _v52 + _v56 != 0) {
															_v8 = _v8 | 0x00000004;
														}
														if(_v60 + _v64 + _v68 + _v72 != 0) {
															_v8 = _v8 | 0x00000040;
														}
														_t220 = _v76 + _v80 + _v84 + _v88;
														if(_t220 != 0) {
															L90:
															_v8 = _v8 | _t261;
															goto L76;
														} else {
															if(_v16 != _t220) {
																_t228 = _v12;
																_t273 = 0x28;
																__eflags = _v16 - _t228 / _t273;
																if(_v16 < _t228 / _t273) {
																	goto L76;
																} else {
																	goto L90;
																}
															}
															L76:
															if((_a8 & 0x00000001) != 0) {
																_v8 = _v8 | 0x00000200;
															}
															if(_v36 != 0) {
																_v8 = _v8 | 0x00001000;
															}
															_t222 =  *_a4 & 0x0000ffff;
															if(_t222 == 0xfeff) {
																_v8 = _v8 | 0x00000008;
															} else {
																if(_t222 == 0xfffe) {
																	_v8 = _v8 | 0x00000080;
																}
															}
															if(_t296 != 0) {
																 *_t296 =  *_t296 & _v8;
																_v8 =  *_t296;
															}
															_t225 = _v8;
															if((_t225 & 0x00000008) != 0) {
																__eflags = _t225 & 0x00000b00;
																if((_t225 & 0x00000b00) == 0) {
																	goto L86;
																}
																goto L83;
															} else {
																L83:
																if((_t225 & 0x000000f0) != 0 || (_t225 & 0x00000f00) != 0) {
																	goto L89;
																} else {
																	if((_t225 & 0x0000f000) == 0) {
																		__eflags = _t225 & 0x0000000f;
																		if((_t225 & 0x0000000f) == 0) {
																			goto L89;
																		}
																	}
																	L86:
																	return 1;
																}
															}
														}
													}
													L67:
													_t206 = 3;
													_t261 = 0x100;
													goto L68;
												}
												_v8 = 1;
											}
											if(_v28 != _t260) {
												goto L16;
											}
											goto L66;
										}
									} else {
										goto L57;
									}
								}
								L57:
								if(_t263 == 0xa) {
									__eflags = _v20 - 0xd;
									if(_v20 != 0xd) {
										goto L58;
									}
									goto L22;
								}
								goto L58;
							} else {
								goto L38;
							}
							do {
								L38:
								_t301 =  &(_a4[_t260]);
								_t262 =  *_t301 & 0x0000ffff;
								_t237 = _t262 & 0x0000ffff;
								__eflags = _t237 - 0xd00;
								if(__eflags > 0) {
									_t238 = _t237 - 0x2000;
									__eflags = _t238;
									if(_t238 == 0) {
										_v60 = _v60 + 1;
									} else {
										_t245 = _t238 - 0x28;
										__eflags = _t245;
										if(_t245 != 0) {
											_t246 = _t245 - 1;
											__eflags = _t246;
											if(_t246 != 0) {
												_t247 = _t246 - 0xfd7;
												__eflags = _t247;
												if(_t247 == 0) {
													_v40 = _v40 + 1;
												} else {
													_t248 = _t247 - 0xceff;
													__eflags = _t248;
													if(_t248 != 0) {
														_t249 = _t248 - 0xff;
														__eflags = _t249;
														if(_t249 == 0) {
															_v84 = _v84 + 1;
														} else {
															__eflags = _t249 == 1;
															if(_t249 == 1) {
																_v88 = _v88 + 1;
															}
														}
													}
												}
											}
										}
									}
									L44:
									_t295 = _t262 >> 0x00000008 & 0x000000ff;
									_t263 =  *_t301 & 0x000000ff;
									if(_t263 == 0xd) {
										__eflags = _v20 - 0xa;
										if(_v20 != 0xa) {
											goto L45;
										} else {
											L5:
											_v16 = _v16 + 1;
											goto L46;
										}
									}
									L45:
									if(_t263 == 0xa) {
										__eflags = _v20 - 0xd;
										if(_v20 != 0xd) {
											goto L46;
										}
										goto L5;
									}
									goto L46;
								}
								if(__eflags == 0) {
									_v72 = _v72 + 1;
									goto L44;
								}
								__eflags = _t237 - 0x20;
								if(__eflags <= 0) {
									if(__eflags != 0) {
										_t251 = _t237;
										__eflags = _t251;
										if(_t251 == 0) {
											_v80 = _v80 + 1;
											goto L44;
										}
										_t252 = _t251 - 9;
										__eflags = _t252;
										if(_t252 != 0) {
											_t253 = _t252 - 1;
											__eflags = _t253;
											if(_t253 != 0) {
												__eflags = _t253 == 3;
												if(_t253 == 3) {
													_v56 = _v56 + 1;
												}
											} else {
												_v52 = _v52 + 1;
											}
										} else {
											_v48 = _v48 + 1;
										}
										goto L44;
									}
									_v44 = _v44 + 1;
									goto L44;
								}
								_t255 = _t237 - 0x900;
								__eflags = _t255;
								if(_t255 == 0) {
									_v64 = _v64 + 1;
								} else {
									_t256 = _t255 - 0x100;
									__eflags = _t256;
									if(_t256 == 0) {
										_v68 = _v68 + 1;
									} else {
										__eflags = _t256 == 0xd;
										if(_t256 == 0xd) {
											_v76 = _v76 + 1;
										}
									}
								}
								goto L44;
								L46:
								_t304 = _v20;
								_v36 = (0 | _t295 == 0x00000000) + _v36 + (0 | _t263 == 0x00000000);
								_t241 = _t295;
								if(_t295 <= _t304) {
									_t241 = _t304;
								}
								if(_t304 >= _t295) {
									_t304 = _t295;
								}
								_t293 = _v92;
								_v28 = _v28 + _t241 - _t304;
								_t243 = _t263;
								if(_t263 <= _t293) {
									_t243 = _t293;
								}
								if(_t293 >= _t263) {
									_t293 = _t263;
								}
								_v24 = _v24 + _t243 - _t293;
								_t260 = _t260 + 1;
								_v92 = _t263;
								_v20 = _t295;
							} while (_t260 < _v12);
							_t281 = _a4;
							_t260 = 0;
							goto L56;
						}
						__eflags = _t281[0] - _t260;
						if(_t281[0] == _t260) {
							goto L107;
						} else {
							__eflags = _a8 - 2;
							goto L32;
						}
					}
					L32:
					if(__eflags > 0) {
						__eflags = _t301 - 0x100;
						if(_t301 <= 0x100) {
							__eflags = _a8 & 0x00000001;
							if((_a8 & 0x00000001) == 0) {
								_t280 = _v12;
								__eflags =  *(_t281 + _t280 * 2 - 2) & 0x0000ff00;
								if(( *(_t281 + _t280 * 2 - 2) & 0x0000ff00) == 0) {
									_t66 =  &_v12;
									 *_t66 = _v12 - 1;
									__eflags =  *_t66;
								}
							}
						}
					}
					goto L37;
				} else {
					_v12 = __esi;
					__eflags = __esi;
					if(__esi == 0) {
						L107:
						_t258 = _a12;
						__eflags = _t258 - _t260;
						if(_t258 != _t260) {
							 *_t258 = 5;
						}
						L89:
						return 0;
					}
					goto L31;
				}
			}

0x015fdd04
0x015fdd0a
0x015fdd11
0x015fdd14
0x015fdd17
0x015fdd1a
0x015fdd1d
0x015fdd20
0x015fdd23
0x015fdd26
0x015fdd29
0x015fdd2c
0x015fdd2f
0x015fdd32
0x015fdd35
0x015fdd38
0x015fdd3b
0x015fdd3e
0x015fdd41
0x015fdd44
0x015fdd47
0x015fdd4a
0x015fdd4d
0x015fdd50
0x015fdd55
0x015f674c
0x015fdd66
0x015fdd66
0x015fdd6a
0x015fdd6d
0x0164b965
0x0164b968
0x015fdd91
0x015fdd92
0x015fdd95
0x01647db4
0x01647db7
0x015fde54
0x015fde57
0x015f5d40
0x015f5d44
0x015f5d55
0x015f5d55
0x015fde66
0x015fde68
0x015fde6a
0x015fde6a
0x015fde70
0x0165a77d
0x0165a77d
0x015fde76
0x015fde7e
0x015fde83
0x015fde85
0x015fde85
0x015fde88
0x015fde90
0x0165a785
0x0165a787
0x0165a78a
0x00000000
0x00000000
0x00000000
0x00000000
0x0165a790
0x0165a790
0x0165a790
0x0165a794
0x0165a79a
0x0165a79e
0x0165a7a0
0x0165a7a3
0x0165a7a3
0x0165a7a3
0x0165a7a4
0x0165a7a5
0x0165a7a8
0x00000000
0x00000000
0x0165a7ae
0x00000000
0x015fde96
0x015fde96
0x015fde9a
0x0164b948
0x0164b94b
0x015f5d26
0x015f5d26
0x015f5d29
0x015f5d2f
0x015f5d2f
0x015fdea9
0x015fdea9
0x015fdeae
0x0165a7b0
0x0165a7b3
0x00000000
0x00000000
0x0165a7b9
0x0165a7bb
0x00000000
0x00000000
0x0165a7c6
0x0165a7c8
0x00000000
0x00000000
0x0165a7ce
0x0165a7d1
0x0165a7d6
0x0165a7d8
0x0165a7da
0x0165a7da
0x0165a7de
0x0165a7e5
0x0165a7e6
0x0165a7ea
0x0165a7eb
0x0165a7ee
0x0165a7f8
0x0165a7fd
0x0165a803
0x0165a803
0x0165a804
0x0165a7f0
0x0165a7f0
0x0165a7f0
0x0165a806
0x0165a809
0x015fdebc
0x015fdec5
0x015fdec7
0x015fdec7
0x015fded2
0x01647d8b
0x01647d8b
0x015fdee9
0x015fdeeb
0x015fdeeb
0x015fdefd
0x01647dbf
0x01647dbf
0x015fdf0e
0x015fdf11
0x015fdf97
0x015fdf97
0x00000000
0x015fdf17
0x015fdf1a
0x015dee76
0x015dee7d
0x015dee80
0x015dee83
0x00000000
0x015dee89
0x00000000
0x015dee89
0x015dee83
0x015fdf20
0x015fdf24
0x015f6727
0x015f6727
0x015fdf2e
0x015fdf30
0x015fdf30
0x015fdf3a
0x015fdf45
0x015f6754
0x015fdf4b
0x015fdf53
0x0165a811
0x0165a811
0x015fdf53
0x015fdf5b
0x015fdf8a
0x015fdf8e
0x015fdf8e
0x015fdf5d
0x015fdf63
0x015f675d
0x015f6762
0x00000000
0x00000000
0x00000000
0x015fdf69
0x015fdf69
0x015fdf6b
0x00000000
0x015fdf74
0x015fdf79
0x01649e7d
0x01649e7f
0x00000000
0x00000000
0x01649e85
0x015fdf7f
0x00000000
0x015fdf7f
0x015fdf6b
0x015fdf63
0x015fdf11
0x015fdeb4
0x015fdeb6
0x015fdeb7
0x00000000
0x015fdeb7
0x0164b951
0x0164b951
0x015fdea3
0x00000000
0x00000000
0x00000000
0x015fdea3
0x015f5d46
0x00000000
0x015f5d46
0x015f5d44
0x015fde5d
0x015fde60
0x015f5d4b
0x015f5d4f
0x00000000
0x00000000
0x00000000
0x015f5d4f
0x00000000
0x00000000
0x00000000
0x00000000
0x015fdd9b
0x015fdd9b
0x015fdd9e
0x015fdda1
0x015fdda4
0x015fddac
0x015fddae
0x015f5cde
0x015f5cde
0x015f5ce3
0x01647d83
0x015f5ce9
0x015f5ce9
0x015f5ce9
0x015f5cec
0x015f5cf2
0x015f5cf2
0x015f5cf3
0x015f5cf9
0x015f5cf9
0x015f5cfe
0x01647dac
0x015f5d04
0x015f5d04
0x015f5d04
0x015f5d09
0x015f5d0f
0x015f5d0f
0x015f5d14
0x0164a699
0x015f5d1a
0x015f5d1a
0x015f5d1b
0x0165a775
0x0165a775
0x015f5d1b
0x015f5d14
0x015f5d09
0x015f5cfe
0x015f5cf3
0x015f5cec
0x015fdde2
0x015fdde5
0x015fdde8
0x015fddee
0x015f5cd2
0x015f5cd6
0x00000000
0x015f5cdc
0x015f5cca
0x015f5cca
0x00000000
0x015f5cca
0x015f5cd6
0x015fddf4
0x015fddf7
0x015f5cc0
0x015f5cc4
0x00000000
0x00000000
0x00000000
0x015f5cc4
0x00000000
0x015fddf7
0x015fddb4
0x01647da4
0x00000000
0x01647da4
0x015fddba
0x015fddbd
0x015fe307
0x015fe311
0x015fe311
0x015fe314
0x0164b95d
0x00000000
0x0164b95d
0x015fe31a
0x015fe31a
0x015fe31d
0x015fe323
0x015fe323
0x015fe324
0x015f673b
0x015f673e
0x015f6744
0x015f6744
0x015fe32a
0x015fe32a
0x015fe32a
0x015d2d31
0x015d2d31
0x015d2d31
0x00000000
0x015fe31d
0x015fe309
0x00000000
0x015fe309
0x015fddc3
0x015fddc3
0x015fddc8
0x01647d9c
0x015fddce
0x015fddce
0x015fddce
0x015fddd3
0x01647d94
0x015fddd9
0x015fddd9
0x015fdddc
0x015f5d38
0x015f5d38
0x015fdddc
0x015fddd3
0x00000000
0x015fddfd
0x015fddfd
0x015fde13
0x015fde16
0x015fde1a
0x015fde1c
0x015fde1c
0x015fde20
0x015fde22
0x015fde22
0x015fde24
0x015fde29
0x015fde2c
0x015fde30
0x015fde32
0x015fde32
0x015fde36
0x015fde38
0x015fde38
0x015fde3c
0x015fde3f
0x015fde40
0x015fde43
0x015fde46
0x015fde4f
0x015fde52
0x00000000
0x015fde52
0x0165a763
0x0165a766
0x00000000
0x0165a76c
0x0165a76c
0x00000000
0x0165a76c
0x0165a766
0x015fdd73
0x015fdd73
0x015fdd75
0x015fdd77
0x015fdd79
0x015fdd7d
0x015fdd7f
0x015fdd87
0x015fdd8c
0x015fdd8e
0x015fdd8e
0x015fdd8e
0x015fdd8e
0x015fdd8c
0x015fdd7d
0x015fdd77
0x00000000
0x015fdd5b
0x015fdd5b
0x015fdd5e
0x015fdd60
0x01649fca
0x01649fca
0x01649fcd
0x01649fcf
0x01649fd5
0x01649fd5
0x015fdf93
0x00000000
0x015fdf93
0x00000000
0x015fdd60

Strings

@, xrefs: 01647DBF

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 21ae33d242d9de4b0c2e5a656bb1726f48b60f06c3506ba8dfc16eb8dfdc36a3
Instruction ID: 290ecc95e8ff4c84908069e6cd31d90fb7cc172542781f8055301961de9434b5
Opcode Fuzzy Hash: 21ae33d242d9de4b0c2e5a656bb1726f48b60f06c3506ba8dfc16eb8dfdc36a3
Instruction Fuzzy Hash: 7AD11632D0020ADFDF29CFD9C9846BDBBB1FB45304F24856ED656AB291D3349A82CB41

Uniqueness

Uniqueness Score: 0.02%

Function 016A4990, Relevance: 1.6, Strings: 1, Instructions: 307
COMMONCrypto

C-Code - Quality: 72%

			E016A4990(void* __ecx, char __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr _a16, signed int _a24) {
				signed int _v8;
				char _v530;
				char _v554;
				signed char _v556;
				intOrPtr _v560;
				unsigned int _v564;
				signed int _v568;
				intOrPtr _v580;
				intOrPtr _v584;
				intOrPtr _v596;
				intOrPtr _v600;
				intOrPtr _v604;
				intOrPtr _v608;
				intOrPtr _v612;
				intOrPtr _v616;
				char _v624;
				char _v625;
				unsigned int _v632;
				short _v634;
				signed int _v636;
				signed short* _v640;
				short _v642;
				signed int _v644;
				char _v645;
				char _v652;
				unsigned int _v656;
				intOrPtr* _v660;
				intOrPtr _v664;
				signed short _v668;
				char _v676;
				intOrPtr _v680;
				intOrPtr _v684;
				signed int _v688;
				signed short* _v692;
				intOrPtr _v696;
				char _v700;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t136;
				signed int _t144;
				intOrPtr* _t154;
				unsigned int _t160;
				short _t167;
				signed int _t169;
				void* _t174;
				signed short* _t175;
				intOrPtr* _t179;
				signed short _t206;
				void* _t219;
				intOrPtr _t224;
				signed int _t228;
				signed short _t229;
				unsigned int _t231;
				unsigned int _t232;
				char _t233;
				void* _t234;
				void* _t235;
				signed int _t236;
				intOrPtr* _t242;
				short _t243;
				signed int _t244;

				_t233 = __edx;
				_t136 =  *0x16a81e8; // 0x77d4aa35
				_v8 = _t136 ^ _t244;
				_t241 = _a4;
				0xfffe = 2;
				_v660 = _a12;
				if(_a8 >= 0xfffe || _a16 >= 0xfffe) {
					L51:
					_push(((0 | _a16 != 0x0000fffe) - 0x00000001 & 0xffffffdb) + 0x57);
					goto L52;
				} else {
					_t236 = _a24;
					if((_t236 & 0xfffffffe) != 0) {
						goto L51;
					}
					E01603D00(__ecx,  &_v668, _t241);
					_v645 =  *((short*)(_v664 + ((_v668 & 0x0000ffff) >> 1) * 2 - 2)) == 0x2e;
					if(E01632660(_t241,  &_v636,  &_v640, 0) != 0) {
						_t242 = _v640;
						_t154 = _t242;
						_t234 = _t154 + 2;
						do {
							_t224 =  *_t154;
							_t154 = _t154 + 0xfffe;
						} while (_t224 != 0);
						_t225 = _v632;
						_v644 = (_t154 - _t234 >> 1) + (_t154 - _t234 >> 1);
						_v642 = _v644 + 2;
						_t160 = _t225;
						_t235 = _t160 + 2;
						do {
							_t219 =  *_t160;
							_t160 = _t160 + 2;
						} while (_t219 != 0);
						_v636 = (_t160 - _t235 >> 1) + (_t160 - _t235 >> 1);
						_t233 = 0;
						_v634 = _v636 + 2;
						_v656 = _t225;
						if(_t242 == 0) {
							_t167 = 0;
						} else {
							_t167 = _t225 - _t242 + _v636;
						}
						_v644 = _t167;
						_v642 = _t167;
						if(_t242 != _t233) {
							_t243 = _t242 - _t225;
							_v636 = _t243;
							_v634 = _t243;
						}
						_t169 = (_v636 & 0x0000ffff) >> 1;
						if( *((short*)(_t225 + _t169 * 2 - 4)) == 0x3a ||  *((short*)(_t225 + _t169 * 2 - 2)) == 0x5c) {
							_v625 = _t233;
						} else {
							_v636 = _v636 + 0xfffe;
							_v625 = 1;
						}
						_v688 =  !(_t236 << 6) & 0x00000040;
						_v692 =  &_v636;
						_push(0x4021);
						_push(3);
						_push( &_v676);
						_push( &_v700);
						_t241 = 0x100001;
						_push(0x100001);
						_push( &_v652);
						_v700 = 0x18;
						_v696 = _t233;
						_v684 = _t233;
						_v680 = _t233;
						_t174 = E016158A0();
						if(_t174 == 0xc000000d || _t174 == 0xc0000103) {
							if(_v625 != 0) {
								_v636 = _v636 + 2;
								_push(0x4021);
								_push(3);
								_push( &_v676);
								_push( &_v700);
								_push(_t241);
								_push( &_v652);
								_t174 = E016158A0();
								_v636 = _v636 + 0xfffe;
							}
						}
						_t236 = 0;
						if(_t174 >= 0) {
							if(_v644 != 0) {
								if(_v644 != 6 || E01605720(_v640, ?str?, 6) != 6) {
									_t225 = _v644 & 0x0000ffff;
									_t175 = _v640;
									_t233 = 0;
									if((_v644 & 0xfffe) <= 0) {
										L43:
										if(_v645 != 0 &&  *(_t175 - 2) == 0x2a) {
											_t225 = 0x3c;
											 *(_t175 - 2) = _t225;
										}
										goto L46;
									} else {
										goto L31;
									}
									do {
										L31:
										if(_t233 != _t236 &&  *_t175 == 0x2e &&  *(_t175 - 2) == 0x2a) {
											_t231 = 0x3c;
											 *(_t175 - 2) = _t231;
										}
										_t228 =  *_t175 & 0x0000ffff;
										if(_t228 == 0x3f) {
											_t229 = 0x3e;
											 *_t175 = _t229;
											goto L39;
										} else {
											if(_t228 == 0x2a) {
												L39:
												if(_t233 != _t236 &&  *(_t175 - 2) == 0x2e) {
													_t232 = 0x22;
													 *(_t175 - 2) = _t232;
												}
												goto L42;
											}
										}
										L42:
										_t233 = _t233 + 1;
										_t225 = (_v644 & 0x0000ffff) >> 1;
										_t175 =  &(_t175[1]);
									} while (_t233 < (_v644 & 0x0000ffff) >> 1);
									goto L43;
								} else {
									_t206 = 2;
									_v644 = _t206;
									L46:
									_push(_t236);
									_push( &_v644);
									_push(1);
									_push(3);
									_push(0x268);
									_push( &_v624);
									_push( &_v676);
									_push(_t236);
									_push(_t236);
									_push(_t236);
									_push(_v652);
									_t179 = E01615B60();
									_t241 = _t179;
									E01622882(_t225,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t236, _v656);
									if(_t179 < _t236) {
										L26:
										_push(_v652);
										_t144 = E01615090();
										goto L53;
									}
									_t241 = _v660;
									 *_t241 = _v568;
									 *((intOrPtr*)(_t241 + 4)) = _v616;
									 *((intOrPtr*)(_t241 + 8)) = _v612;
									 *((intOrPtr*)(_t241 + 0xc)) = _v608;
									 *((intOrPtr*)(_t241 + 0x10)) = _v604;
									 *((intOrPtr*)(_t241 + 0x14)) = _v600;
									 *((intOrPtr*)(_t241 + 0x18)) = _v596;
									 *((intOrPtr*)(_t241 + 0x1c)) = _v580;
									 *((intOrPtr*)(_t241 + 0x20)) = _v584;
									E01604B80(_t241 + 0x2c,  &_v530, _v564);
									 *((short*)(_t241 + 0x2c + (_v564 >> 1) * 2)) = 0;
									E01604B80(_t241 + 0x234,  &_v554, _v556);
									 *((short*)(_t241 + 0x234 + (_v556 >> 1) * 2)) = 0;
									if((_v568 & 0x00000400) != 0) {
										 *((intOrPtr*)(_t241 + 0x24)) = _v560;
									}
									if(E016A4921(_v652) == _t236) {
										goto L26;
									} else {
										goto L54;
									}
								}
							}
							E01622882(_t225,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v656);
							goto L26;
						} else {
							_t144 = E01622882(_t225,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v656);
							goto L53;
						}
					} else {
						_push(3);
						L52:
						_t144 = E01622D13();
						L53:
						_t145 = _t144 | 0xffffffff;
						L54:
						return E01622F0C(_t145, 0xfffe, _v8 ^ _t244, _t233, _t236, _t241);
					}
				}
			}

0x016a4990
0x016a499b
0x016a49a2
0x016a49aa
0x016a49b0
0x016a49b4
0x016a49ba
0x016a4dbf
0x016a4dce
0x00000000
0x016a49c9
0x016a49c9
0x016a49d2
0x00000000
0x00000000
0x016a49e0
0x016a4a0b
0x016a4a19
0x016a4a22
0x016a4a28
0x016a4a2a
0x016a4a2d
0x016a4a2d
0x016a4a30
0x016a4a32
0x016a4a37
0x016a4a43
0x016a4a53
0x016a4a5a
0x016a4a5c
0x016a4a5f
0x016a4a5f
0x016a4a63
0x016a4a64
0x016a4a6f
0x016a4a7f
0x016a4a81
0x016a4a88
0x016a4a90
0x016a4a9e
0x016a4a92
0x016a4a96
0x016a4a96
0x016a4aa0
0x016a4aa7
0x016a4ab0
0x016a4ab2
0x016a4ab4
0x016a4abb
0x016a4abb
0x016a4ac9
0x016a4ad6
0x016a4af2
0x016a4ae0
0x016a4ae2
0x016a4ae9
0x016a4ae9
0x016a4b00
0x016a4b0c
0x016a4b17
0x016a4b18
0x016a4b20
0x016a4b27
0x016a4b28
0x016a4b2d
0x016a4b34
0x016a4b35
0x016a4b3f
0x016a4b45
0x016a4b4b
0x016a4b51
0x016a4b5b
0x016a4b6b
0x016a4b6d
0x016a4b75
0x016a4b76
0x016a4b7e
0x016a4b85
0x016a4b86
0x016a4b8d
0x016a4b8e
0x016a4b93
0x016a4b93
0x016a4b6b
0x016a4b9a
0x016a4b9e
0x016a4bc4
0x016a4bf6
0x016a4c1b
0x016a4c22
0x016a4c28
0x016a4c30
0x016a4c83
0x016a4c8a
0x016a4c95
0x016a4c96
0x016a4c96
0x00000000
0x00000000
0x00000000
0x00000000
0x016a4c32
0x016a4c32
0x016a4c34
0x016a4c45
0x016a4c46
0x016a4c46
0x016a4c4a
0x016a4c51
0x016a4c5d
0x016a4c5e
0x00000000
0x016a4c53
0x016a4c57
0x016a4c61
0x016a4c63
0x016a4c6e
0x016a4c6f
0x016a4c6f
0x00000000
0x016a4c63
0x016a4c59
0x016a4c73
0x016a4c7a
0x016a4c7c
0x016a4c7e
0x016a4c7f
0x00000000
0x016a4c0f
0x016a4c11
0x016a4c12
0x016a4c9a
0x016a4c9a
0x016a4ca1
0x016a4ca2
0x016a4ca4
0x016a4ca6
0x016a4cb1
0x016a4cb8
0x016a4cb9
0x016a4cba
0x016a4cbb
0x016a4cbc
0x016a4cc2
0x016a4ccd
0x016a4cdc
0x016a4ce3
0x016a4bde
0x016a4bde
0x016a4be4
0x00000000
0x016a4be4
0x016a4ce9
0x016a4cf5
0x016a4d03
0x016a4d0c
0x016a4d15
0x016a4d1e
0x016a4d27
0x016a4d30
0x016a4d39
0x016a4d42
0x016a4d50
0x016a4d5f
0x016a4d7a
0x016a4d8d
0x016a4d9f
0x016a4da7
0x016a4da7
0x016a4db7
0x00000000
0x016a4dbd
0x00000000
0x016a4dbd
0x016a4db7
0x016a4bf6
0x016a4bd9
0x00000000
0x016a4ba0
0x016a4bb3
0x00000000
0x016a4bb3
0x016a4a1b
0x016a4a1b
0x016a4dcf
0x016a4dcf
0x016a4dd4
0x016a4dd4
0x016a4dd7
0x016a4de5
0x016a4de5
0x016a4a19

Strings

*.*, xrefs: 016A4BFA

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID: *.*
API String ID: 0-438819550
Opcode ID: 978458f12f8b27027bfb73b9c0df634473c5dbb2b4948dd5802e0aca34c444cb
Instruction ID: 8c96e398d5adfff274284d99e57416db2ee9265cdf268521422440da511ff520
Opcode Fuzzy Hash: 978458f12f8b27027bfb73b9c0df634473c5dbb2b4948dd5802e0aca34c444cb
Instruction Fuzzy Hash: A7C16F359016299ADB71DF28CC88B9AB7F8EF48300F4881D9E509E7251EBB49EC5CF54

Uniqueness

Uniqueness Score: 0.05%

Function 015F3109, Relevance: 1.5, Strings: 1, Instructions: 294
COMMONCrypto

C-Code - Quality: 92%

			E015F3109(void* __ecx, void* __edx, signed int _a4, signed int _a8, signed int _a12, signed int _a16) {
				signed int _v8;
				signed char _v10;
				signed int _v12;
				signed int _v14;
				signed int _v16;
				intOrPtr _v276;
				intOrPtr _v280;
				intOrPtr _v284;
				intOrPtr _v288;
				signed int _v292;
				char _v293;
				unsigned int _v300;
				unsigned int __ebx;
				signed int __edi;
				signed int __esi;
				signed int _t112;
				signed int _t114;
				signed int _t119;
				void* _t129;
				signed int _t131;
				signed int _t132;

				_t129 = __edx;
				_t112 =  *0x16a81e8; // 0x77d4aa35
				_v8 = _t112 ^ _t132;
				_v293 = 0;
				if(_a8 == 0) {
					_t114 = 0xc000000d;
					goto L55;
				} else {
					_push(__esi);
					__esi = 0x11c;
					 &_v292 = E01604EC0( &_v292, 0, 0x11c);
					__eax =  &_v292;
					_v292 = 0x11c;
					__eax = E016364DF(__ecx,  &_v292);
					if(__eax != 0) {
						L54:
						_pop(_t131);
						L55:
						return E01622F0C(_t114, _t119, _v8 ^ _t132, _t129, 0, _t131);
					}
					_push(__ebx);
					__esi = 0x80000000;
					if((_a8 & 0x00000040) != 0) {
						__eax = _a4;
						__eax =  *(_a4 + 0x118) & 0x0000ffff;
						if(__ax == __di) {
							goto L44;
						}
						_v300 = 0;
						__ebx = __ax & 0x0000ffff;
						do {
							__ecx = _v300;
							0 = 1;
							__edi = 1 << __cl;
							if((__ebx & 1) != 0) {
								__ecx = _a16;
								__ecx = _a16 & __esi;
								__eax = 0;
								__eax = __ecx;
								if(__eax != 0) {
									__eax = E015F320A(_a12, _a16, 0x40);
								}
								__eax = __eax - 6;
								if(__eax != 0) {
									if(0 != 0) {
										__eax = 0xc000000d;
										goto L53;
									}
									__eax = _v12 & 0x0000ffff;
									if((__edi & _v12 & 0x0000ffff) != 0) {
										_v293 = 1;
									}
								} else {
									__eax = _v12 & 0x0000ffff;
									if((__edi & __eax) == 0) {
										L24:
										_t114 = 0xc0000059;
										L53:
										_pop(_t119);
										goto L54;
									}
								}
							}
							_v300 = _v300 + 1;
						} while (_v300 < 0x10);
						__eax = E015F320A(_a12, _a16, 0x40);
						if(__eax != 7 || _v293 != 0) {
							goto L44;
						} else {
							goto L24;
						}
					}
					L44:
					__ebx = _a16;
					__edi = 0;
					__edi = 1;
					_v293 = 1;
					if((_a8 & 0x00000002) == 0) {
						L32:
						if((_a8 & 0x00000001) != 0) {
							if(__edi == 1) {
								__ebx = __ebx & __esi;
								0 = __ebx & __esi;
								if((__ebx & __esi) == 0) {
									__eax = _a12;
									__ecx = __ebx;
									__eax = (__ecx << 0x00000020 | _a12) >> 2;
									__ecx = __ecx >> 2;
									__eax = __eax & 0x000000ff;
								} else {
									__eax = E015F320A(_a12, __ebx, 1);
								}
								__edi = __eax;
							}
							 &_v293 = _a4;
							__eax = E015F38D6(__ebx, __esi, __edi,  *((intOrPtr*)(_a4 + 8)), _v284,  &_v293, 1);
							if(__al != 0) {
								goto L33;
							} else {
								if(_v293 == __al) {
									goto L24;
								}
								L34:
								if((_a8 & 0x00000020) != 0) {
									if(__edi == 1) {
										__ebx = __ebx & __esi;
										__eax = 0;
										__eax = __ebx & __esi;
										if(__eax != 0) {
											__eax = E015F320A(_a12, __ebx, 0x20);
										}
										__edi = __eax;
									}
									 &_v293 = _v16 & 0x0000ffff;
									_a4 =  *(_a4 + 0x114) & 0x0000ffff;
									__eax = E015F38D6(__ebx, __esi, __edi,  *(_a4 + 0x114) & 0x0000ffff, _v16 & 0x0000ffff,  &_v293, 0);
									if(__al == 0) {
										if(_v293 == __al) {
											goto L24;
										}
										L36:
										if((_a8 & 0x00000010) == 0) {
											L49:
											if((_a8 & 0x00000004) != 0) {
												__ebx = __ebx & __esi;
												0 = __ebx & __esi;
												if((__ebx & __esi) == 0) {
													__eax = _a12;
													__ecx = __ebx;
													__eax = (__ecx << 0x00000020 | _a12) >> 0x10;
													__ecx = __ecx >> 0x10;
													__eax = __eax & 0x000000ff;
												} else {
													__eax = E015F320A(_a12, __ebx, 4);
												}
												 &_v293 = _a4;
												__eax = E015F38D6(__ebx, __esi, __eax,  *((intOrPtr*)(_a4 + 0xc)), _v280,  &_v293, 0);
												if(__al != 0) {
													goto L50;
												} else {
													goto L24;
												}
											}
											L50:
											if((_a8 & 0x00000008) != 0) {
												__ebx = __ebx & __esi;
												0 = __ebx & __esi;
												if((__ebx & __esi) != 0) {
													__eax = E015F320A(_a12, __ebx, 8);
												}
												 &_v293 = _a4;
												__eax = E015F38D6(__ebx, __esi, __eax,  *((intOrPtr*)(_a4 + 0x10)), _v276,  &_v293, 0);
												if(__al != 0) {
													goto L51;
												}
												goto L24;
											}
											L51:
											if((_a8 & 0x00000080) != 0) {
												goto L1;
											}
											L52:
											_t114 = 0;
											goto L53;
										}
										if(__edi == 1) {
											__ebx = __ebx & __esi;
											__eax = 0;
											__eax = __ebx & __esi;
											if(__eax != 0) {
												__eax = E015F320A(_a12, __ebx, 0x10);
											}
											__edi = __eax;
										}
										 &_v293 = _v14 & 0x0000ffff;
										_a4 =  *(_a4 + 0x116) & 0x0000ffff;
										__eax = E015F38D6(__ebx, __esi, __edi,  *(_a4 + 0x116) & 0x0000ffff, _v14 & 0x0000ffff,  &_v293, 1);
										if(__al != 0) {
											goto L49;
										}
										goto L24;
									} else {
										goto L35;
									}
								}
								L35:
								if(_v293 == 0) {
									goto L49;
								}
								goto L36;
							}
						}
						L33:
						if(_v293 == 0) {
							goto L49;
						}
						goto L34;
					}
					__ebx = __ebx & __esi;
					0 = __ebx & __esi;
					if((__ebx & __esi) == 0) {
						__eax = _a12;
						__ecx = __ebx;
						__eax = (__ecx << 0x00000020 | _a12) >> 4;
						__ecx = __ecx >> 4;
						__eax = __eax & 0x000000ff;
					} else {
						__eax = E015F320A(_a12, __ebx, 2);
					}
					__edi = __eax;
					 &_v293 = _a4;
					__eax = E015F38D6(__ebx, __esi, __edi,  *((intOrPtr*)(_a4 + 4)), _v288,  &_v293, 0);
					if(__al == 0) {
						if(_v293 == __al) {
							goto L24;
						}
						goto L32;
					} else {
						if(_v293 != 0) {
							goto L32;
						}
						goto L49;
					}
				}
				L1:
				_t117 = _t119 & _t131;
				if((_t119 & _t131) != 0) {
					_t117 = E015F320A(_a12, _t119, 0x80);
				}
				if(E015F38D6(_t119, _t131, _t117,  *(_a4 + 0x11a) & 0x000000ff, _v10 & 0x000000ff,  &_v293, 0) != 0) {
					goto L52;
				} else {
					goto L24;
				}
			}

0x015f3109
0x015f3114
0x015f311b
0x015f3121
0x015f312b
0x0165fe7e
0x00000000
0x015f3131
0x015f3131
0x015f3132
0x015f3140
0x015f3148
0x015f314f
0x015f3155
0x015f315c
0x015f31f5
0x015f31f5
0x015f31f6
0x015f3202
0x015f3202
0x015f3166
0x015f3167
0x015f316c
0x015e0c3d
0x015e0c40
0x015e0c4a
0x00000000
0x00000000
0x015e0c50
0x015e0c56
0x015e0bf2
0x015e0bf2
0x015e0bfa
0x015e0bfb
0x015e0bff
0x015e0c5b
0x015e0c5e
0x015e0c60
0x015e0c62
0x015e0c64
0x015e0c6e
0x015e0c6e
0x015e0c73
0x015e0c76
0x015df7ff
0x0165fe9e
0x00000000
0x0165fe9e
0x015df805
0x015df80b
0x015df811
0x015df811
0x015e0c7c
0x015e0c7c
0x015e0c82
0x015e0c33
0x015e0c33
0x015f31f4
0x015f31f4
0x00000000
0x015f31f4
0x015e0c84
0x015e0c76
0x015e0c01
0x015e0c07
0x015e0c18
0x015e0c20
0x00000000
0x00000000
0x00000000
0x00000000
0x015e0c20
0x015f3172
0x015f3172
0x015f3175
0x015f3177
0x015f317c
0x015f3183
0x015e4da9
0x015e4dad
0x015e4e51
0x01649673
0x01649677
0x01649679
0x0165fea8
0x0165feab
0x0165fead
0x0165feb1
0x0165feb4
0x0164967f
0x01649685
0x01649685
0x0164968a
0x0164968a
0x015e4e66
0x015e4e6d
0x015e4e74
0x00000000
0x015e4e7a
0x015e4e80
0x00000000
0x00000000
0x015e4dc0
0x015e4dc4
0x0165fec1
0x0165fec5
0x0165fec7
0x0165fec9
0x0165fecb
0x0165fed3
0x0165fed3
0x0165fed8
0x0165fed8
0x0165fee3
0x0165feeb
0x0165fef4
0x0165fefb
0x015e0ab7
0x00000000
0x00000000
0x015e4dd7
0x015e4ddb
0x015f31d4
0x015f31d8
0x015dbb6d
0x015dbb71
0x015dbb73
0x0165ff46
0x0165ff49
0x0165ff4b
0x0165ff4f
0x0165ff52
0x015dbb79
0x015dbb7f
0x015dbb7f
0x015dbb93
0x015dbb9a
0x015dbba1
0x00000000
0x015dbba7
0x00000000
0x015dbba7
0x015dbba1
0x015f31de
0x015f31e2
0x0165ff5e
0x0165ff62
0x0165ff64
0x0165ff6c
0x0165ff6c
0x0165ff80
0x0165ff87
0x015e0ad1
0x00000000
0x00000000
0x00000000
0x015e0ad7
0x015f31e8
0x015f31ec
0x00000000
0x00000000
0x015f31f2
0x015f31f2
0x00000000
0x015f31f2
0x0165ff09
0x0165ff0d
0x0165ff0f
0x0165ff11
0x0165ff13
0x0165ff1b
0x0165ff1b
0x0165ff20
0x0165ff20
0x0165ff2b
0x0165ff33
0x0165ff3c
0x015e0ac4
0x00000000
0x00000000
0x00000000
0x0165ff01
0x00000000
0x0165ff01
0x0165fefb
0x015e4dca
0x015e4dd1
0x00000000
0x00000000
0x00000000
0x015e4dd1
0x015e4e74
0x015e4db3
0x015e4dba
0x00000000
0x00000000
0x00000000
0x015e4dba
0x015f318b
0x015f318f
0x015f3191
0x0165fe88
0x0165fe8b
0x0165fe8d
0x0165fe91
0x0165fe94
0x015f3197
0x015f319d
0x015f319d
0x015f31a2
0x015f31b3
0x015f31ba
0x015f31c1
0x015e0aa6
0x00000000
0x00000000
0x00000000
0x015f31c7
0x015f31ce
0x00000000
0x00000000
0x00000000
0x015f31ce
0x015f31c1
0x015d5aff
0x015d5b05
0x015d5b07
0x015d5b12
0x015d5b12
0x015d5b38
0x00000000
0x015d5b3e
0x00000000
0x015d5b3e

Strings

@, xrefs: 015F3162

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: e00f808713c39ffc77684f759b31e75d067c52adb078cc22f3983cac268a64ce
Instruction ID: bc66566f9c0d9cc9147d525dba90a9afc3713ccab538f01735c5773dbbab96b6
Opcode Fuzzy Hash: e00f808713c39ffc77684f759b31e75d067c52adb078cc22f3983cac268a64ce
Instruction Fuzzy Hash: 96A1F371B0425D6AEF69CF68CC44BFE7AA5BB59304F04049DFA469E1C2C6B88960DB20

Uniqueness

Uniqueness Score: 0.02%

Function 01635CCD, Relevance: 1.5, Strings: 1, Instructions: 256
COMMONCrypto

C-Code - Quality: 94%

			E01635CCD(unsigned int _a4, unsigned int _a8, signed int _a12) {
				signed int _v8;
				intOrPtr _v12;
				signed char _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* __ebx;
				void* __edi;
				intOrPtr _t64;
				unsigned int _t65;
				signed int _t76;
				signed char _t87;
				unsigned int _t88;
				intOrPtr* _t89;
				signed int _t91;
				void* _t98;
				signed int _t99;
				signed int _t105;
				void* _t107;
				signed int _t108;
				unsigned int _t110;
				signed int _t113;
				signed int _t114;
				signed int _t115;
				unsigned int _t118;
				intOrPtr _t121;
				signed int _t124;
				signed int _t125;
				signed int _t132;
				void* _t135;
				void* _t136;
				signed int _t137;
				void* _t148;

				_t89 = _a4;
				_t90 =  *(_t89 + 4);
				asm("sbb esi, esi");
				_t125 = _t124 & _a12;
				_v20 =  *_t89;
				_v24 = _t125;
				_v28 =  *(_t89 + 4);
				if(_a8 == 0) {
					return _t125 & 0xfffffff8;
				} else {
					while(1) {
						_t90 = 0;
						_t110 = _t65;
						_t121 = _v28 - (0 << 2);
						_v12 = _t121;
						if(_t110 + 1 < _a8) {
							goto L1;
						}
						_t87 = _t110 - _a8 + 1;
						_v8 = _t121 + (_t87 >> 5) * 4;
						_t76 = _t121 + 0x2eb6eb4;
						_v16 = _t87;
						_t132 = 0xbadbac |  *_t76;
						if(_a8 > 0x3f) {
							_t90 = _v8;
							_a4 = _t90;
							__eflags = _t87 & 0x0000001f;
							if((_t87 & 0x0000001f) != 0) {
								_t90 = _t90 + 4;
								__eflags = _t90;
								_a4 = _t90;
							}
							__eflags = _t132;
							if(_t132 == 0) {
								L31:
								_t90 = (_t76 - _t121 >> 2 << 5) - _t132;
								__eflags = _t90 - _t87;
								if(_t90 > _t87) {
									goto L1;
								}
								_t110 = _a8 - _t132;
								_t135 = _t76 + (_t110 >> 5) * 4;
								while(1) {
									_t76 = _t76 + 4;
									__eflags = _t76 - _t135;
									if(_t76 == _t135) {
										break;
									}
									__eflags =  *_t76;
									if( *_t76 != 0) {
										goto L24;
									}
								}
								_t110 = _t110 & 0x0000001f;
								__eflags = _t110;
								if(__eflags == 0) {
									L15:
									if(_t90 == 0xffffffff) {
										L2:
										if(_v24 == 0) {
											goto L16;
										}
										_t64 = _a12 + _a8;
										if(_t64 > _v20) {
											_t64 = _v20;
										}
										_t65 = _t64 - 1;
										_v24 = 0;
										continue;
									}
									L16:
									return _t91;
								}
								asm("bsf esi, [eax]");
								if(__eflags == 0) {
									_t135 = 0x20;
								}
								__eflags = _t135 - _t110;
								if(_t135 >= _t110) {
									goto L15;
								} else {
									goto L24;
								}
							} else {
								_t76 = _t76 + 4;
								__eflags =  *_t76;
								if(__eflags != 0) {
									while(1) {
										L24:
										__eflags = _t76 - _a4;
										if(_t76 > _a4) {
											goto L1;
										}
										_t76 = _t76 + 4;
										__eflags =  *_t76;
										if(__eflags != 0) {
											continue;
										}
										asm("bsr edx, [eax-0x4]");
										L27:
										if(__eflags != 0) {
											_t98 = 0x1f;
											_t99 = _t98 - _t110;
											__eflags = _t99;
										} else {
											_t99 = 0x20;
										}
										_t132 = _t99;
										goto L31;
									}
									goto L1;
								}
								asm("bsr edx, esi");
								goto L27;
							}
						}
						if(_a8 >= 0x20) {
							while(1) {
								_t90 = 0x80000000;
								while(1) {
									L46:
									__eflags = _t90 & _t132;
									if(__eflags == 0) {
										break;
									}
									_t76 = _t76 + 4;
									__eflags = _t76 - _v8;
									if(_t76 > _v8) {
										goto L1;
									}
									_t132 =  *_t76;
								}
								asm("bsr ecx, esi");
								if(__eflags != 0) {
									_t136 = 0x1f;
									_t137 = _t136 - _t90;
									__eflags = _t137;
								} else {
									_t137 = 0x20;
								}
								_t90 = ((_t76 - _t121 >> 2) + 1 << 5) - _t137;
								__eflags = _t90 - _t87;
								if(_t90 > _t87) {
									goto L1;
								} else {
									_t113 = _a8 - _t137;
									__eflags = _t113;
									if(_t113 == 0) {
										goto L15;
									}
									_t76 = _t76 + 4;
									_t132 =  *_t76;
									__eflags = _t113 - 0x20;
									if(__eflags < 0) {
										L56:
										asm("bsf ebx, esi");
										if(__eflags == 0) {
											_t87 = 0x20;
										}
										__eflags = _t87 - _t113;
										if(_t87 >= _t113) {
											goto L15;
										} else {
											_t87 = _v16;
											do {
												_t90 = 0x80000000;
												goto L46;
											} while (_t132 != 0);
											_t113 = _t113 - 0x20;
											__eflags = _t113;
											if(_t113 == 0) {
												goto L15;
											}
											_t76 = _t76 + 4;
											__eflags = _t76;
											_t132 =  *_t76;
											goto L56;
										}
									}
									__eflags = _t132;
								}
							}
						}
						if(_a8 > 1) {
							_t90 = 0;
							_t114 = _t110 >> 5;
							__eflags = _t114;
							_t115 = _t121 + _t114 * 4;
							_v32 = _t115;
							while(1) {
								__eflags = _t132 - 0xffffffff;
								if(__eflags != 0) {
									goto L65;
								}
								while(1) {
									L62:
									_t76 = _t76 + 4;
									__eflags = _t76 - _v8;
									if(_t76 > _v8) {
										goto L1;
									}
									_t132 =  *_t76;
									__eflags = _t132 - 0xffffffff;
									if(_t132 == 0xffffffff) {
										continue;
									}
									_t90 = 0;
									__eflags = 0;
									goto L65;
								}
								goto L1;
								L65:
								asm("bsf edx, esi");
								if(__eflags == 0) {
									_t115 = 0x20;
								}
								_t88 = _a8;
								__eflags = _t115 + _t90 - _t88;
								if(_t115 + _t90 >= _t88) {
									_t105 =  ~_t90;
									L72:
									_t90 = _t105 + (_t76 - _t121 >> 2 << 5);
									__eflags = _t90 - _v16;
									L14:
									if(_t148 > 0) {
										goto L1;
									}
									goto L15;
								}
								_t118 =  !_t132;
								_a4 = _t88;
								while(1) {
									_t90 = _a4 >> 1;
									_t115 = _t118 & _t118 >> _t90;
									__eflags = _t115;
									if(_t115 == 0) {
										break;
									}
									_a4 = _a4 - _t90;
									__eflags = _a4 - 1;
									if(_a4 > 1) {
										continue;
									}
									_t121 = _v12;
									asm("bsf ecx, edx");
									goto L72;
								}
								__eflags = _t76 - _v32;
								if(__eflags == 0) {
									goto L1;
								}
								asm("bsr edx, esi");
								if(__eflags != 0) {
									_t107 = 0x1f;
									_t90 = _t107 - _t115;
									__eflags = _t90;
								} else {
									_t90 = 0x20;
								}
								_t121 = _v12;
								_t76 = _t76 + 4;
								_t132 =  *_t76;
								__eflags = _t132 - 0xffffffff;
								if(__eflags != 0) {
									goto L65;
								}
								goto L62;
							}
						}
						_t90 = 1;
						if(_t132 == 0xffffffff) {
							while(1) {
								_t76 = _t76 + 4;
								__eflags = _t76 - _v8;
								if(_t76 > _v8) {
									goto L1;
								}
								_t90 =  *_t76;
								__eflags = _t90 - 0xffffffff;
								if(_t90 != 0xffffffff) {
									goto L13;
								}
							}
							goto L1;
						}
						L13:
						_t108 =  !_t90;
						asm("bsf ecx, ecx");
						_a4 = _t108;
						_t90 = (_t76 - _t121 >> 2 << 5) + _t108;
						_t148 = _t90 - _t87;
						goto L14;
					}
				}
				L1:
				_t91 = _t90 | 0xffffffff;
				goto L2;
			}

0x01635cd5
0x01635cdd
0x01635ce1
0x01635ce3
0x01635ce6
0x01635cee
0x01635cf1
0x01635cf4
0x00000000
0x01635cfa
0x01635cfc
0x01635d01
0x01635d04
0x01635d0b
0x01635d12
0x01635d18
0x00000000
0x00000000
0x01635d25
0x01635d2e
0x01635d3c
0x01635d3f
0x01635d43
0x01635d49
0x0165abd4
0x0165abd7
0x0165abda
0x0165abdd
0x0165abdf
0x0165abdf
0x0165abe2
0x0165abe2
0x0165abe5
0x0165abe7
0x0165ac19
0x0165ac23
0x0165ac25
0x0165ac27
0x00000000
0x00000000
0x0165ac30
0x0165ac37
0x0165ac41
0x0165ac41
0x0165ac44
0x0165ac46
0x00000000
0x00000000
0x0165ac3c
0x0165ac3f
0x00000000
0x00000000
0x0165ac3f
0x0165ac48
0x0165ac48
0x0165ac4b
0x01635d8a
0x01635d8d
0x015efff4
0x015efff9
0x00000000
0x00000000
0x0165ac69
0x0165ac6e
0x0165ac70
0x0165ac70
0x0165ac73
0x0165ac74
0x00000000
0x0165ac74
0x01635d93
0x00000000
0x01635d96
0x0165ac51
0x0165ac54
0x0165ac58
0x0165ac58
0x0165ac59
0x0165ac5b
0x00000000
0x0165ac61
0x00000000
0x0165ac61
0x0165abe9
0x0165abe9
0x0165abec
0x0165abef
0x0165abf6
0x0165abf6
0x0165abf6
0x0165abf9
0x00000000
0x00000000
0x0165abff
0x0165ac02
0x0165ac05
0x00000000
0x00000000
0x0165ac07
0x0165ac0b
0x0165ac0b
0x0165ac14
0x0165ac15
0x0165ac15
0x0165ac0d
0x0165ac0f
0x0165ac0f
0x0165ac17
0x00000000
0x0165ac17
0x00000000
0x0165abf6
0x0165abf1
0x00000000
0x0165abf1
0x0165abe7
0x01635d53
0x0165ac7c
0x0165ac7c
0x0165ac91
0x0165ac91
0x0165ac91
0x0165ac93
0x00000000
0x00000000
0x0165ac83
0x0165ac86
0x0165ac89
0x00000000
0x00000000
0x0165ac8f
0x0165ac8f
0x0165ac95
0x0165ac98
0x0165aca1
0x0165aca2
0x0165aca2
0x0165ac9a
0x0165ac9c
0x0165ac9c
0x0165acaf
0x0165acb1
0x0165acb3
0x00000000
0x0165acb9
0x0165acbc
0x0165acbc
0x0165acbe
0x00000000
0x00000000
0x0165acc4
0x0165acc7
0x0165acc9
0x0165accc
0x0165ace0
0x0165ace0
0x0165ace3
0x0165ace7
0x0165ace7
0x0165ace8
0x0165acea
0x00000000
0x0165acf0
0x0165acf0
0x0165ac7c
0x0165ac7c
0x00000000
0x0165ac81
0x0165acd2
0x0165acd2
0x0165acd5
0x00000000
0x00000000
0x0165acdb
0x0165acdb
0x0165acde
0x00000000
0x0165acde
0x0165acea
0x0165acce
0x0165acce
0x0165acb3
0x0165ac7c
0x01635d5d
0x0165acf5
0x0165acf7
0x0165acf7
0x0165acfa
0x0165acfd
0x0165ad00
0x0165ad00
0x0165ad03
0x00000000
0x00000000
0x0165ad05
0x0165ad05
0x0165ad05
0x0165ad08
0x0165ad0b
0x00000000
0x00000000
0x0165ad11
0x0165ad13
0x0165ad16
0x00000000
0x00000000
0x0165ad18
0x0165ad18
0x00000000
0x0165ad18
0x00000000
0x0165ad1a
0x0165ad1a
0x0165ad1d
0x0165ad21
0x0165ad21
0x0165ad22
0x0165ad27
0x0165ad29
0x0165ad85
0x0165ad4e
0x0165ad56
0x0165ad58
0x01635d84
0x01635d84
0x00000000
0x00000000
0x00000000
0x01635d84
0x0165ad2d
0x0165ad2f
0x0165ad32
0x0165ad35
0x0165ad3b
0x0165ad3b
0x0165ad3d
0x00000000
0x00000000
0x0165ad3f
0x0165ad42
0x0165ad46
0x00000000
0x00000000
0x0165ad48
0x0165ad4b
0x00000000
0x0165ad4b
0x0165ad60
0x0165ad63
0x00000000
0x00000000
0x0165ad69
0x0165ad6c
0x0165ad75
0x0165ad76
0x0165ad76
0x0165ad6e
0x0165ad70
0x0165ad70
0x0165ad78
0x0165ad7b
0x0165ad7e
0x0165ad00
0x0165ad03
0x00000000
0x00000000
0x00000000
0x0165ad03
0x0165ad00
0x01635d63
0x01635d68
0x015f19a8
0x015f19a8
0x015f19ab
0x015f19ae
0x00000000
0x00000000
0x015f19b4
0x015f19b6
0x015f19b9
0x00000000
0x00000000
0x015f19bf
0x00000000
0x015f19a8
0x01635d6e
0x01635d6e
0x01635d70
0x01635d7d
0x01635d80
0x01635d82
0x00000000
0x01635d82
0x01635cfc
0x015efff1
0x015efff1
0x00000000

Strings

, xrefs: 01635D4F

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 7381d2127e1a1279984f2d3bb03ae1d5f59d393877b60b900bbd4b1378e985d9
Instruction ID: 298a0540924ff900767d18c895d1b45a39d2a3a207c1fd57441d0298d25e83f7
Opcode Fuzzy Hash: 7381d2127e1a1279984f2d3bb03ae1d5f59d393877b60b900bbd4b1378e985d9
Instruction Fuzzy Hash: 1181A533E001259FDF69CE9CCC9567D7BA1EB45325F198329DE26AB384D730A9418BC4

Uniqueness

Uniqueness Score: 0.02%

Function 015D7078, Relevance: 1.0, Instructions: 951
COMMONCrypto

C-Code - Quality: 85%

			E015D7078(signed int _a8, signed int _a12, signed int* _a16, signed int _a20, intOrPtr _a28, signed int _a32) {
				signed int _v8;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				signed int _v20;
				char _v21;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int* _v44;
				intOrPtr _v48;
				char _v49;
				char _v50;
				signed char _v51;
				char _v52;
				char _v53;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				char _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _v108;
				signed int _v112;
				char _v116;
				signed int _v120;
				char _v124;
				signed int _v128;
				intOrPtr _v156;
				intOrPtr _v160;
				char _v184;
				intOrPtr _v224;
				char _v232;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t449;
				signed int _t452;
				signed int _t455;
				signed int _t458;
				signed int _t464;
				signed int _t466;
				signed int _t468;
				signed int _t470;
				signed int _t471;
				intOrPtr _t474;
				signed int _t481;
				signed int _t511;
				signed int _t512;
				signed int _t513;
				signed int _t538;
				signed int _t540;
				intOrPtr _t547;
				signed int _t553;
				signed int _t560;
				signed int _t561;
				signed int _t563;
				signed int _t564;
				signed int _t565;
				signed int _t566;
				signed int _t569;
				signed int _t572;
				signed int _t578;
				signed int _t584;
				signed int _t585;
				signed int _t587;
				signed int _t588;
				signed int _t590;
				signed int _t602;
				signed int _t605;
				signed int _t606;
				signed int _t613;
				intOrPtr _t619;
				signed int _t620;
				void* _t622;
				signed int _t624;
				signed short _t626;
				signed int _t631;
				signed int _t638;
				signed int _t639;
				signed int _t642;
				signed int _t644;
				signed int _t652;
				signed int _t654;
				signed int _t659;
				signed int _t661;
				signed int _t674;
				signed int _t682;
				signed int _t686;
				signed int _t694;
				signed int _t695;
				signed int _t696;
				signed short _t701;
				signed short _t703;
				signed int _t705;
				signed int* _t706;
				signed int _t709;
				signed int _t710;
				signed int _t711;
				signed int _t712;
				intOrPtr _t713;
				signed int _t714;
				signed int* _t715;
				signed int _t718;
				signed int _t719;
				signed int _t725;
				signed int _t726;
				intOrPtr _t727;
				signed int _t729;
				signed int _t730;
				signed int _t739;
				void* _t740;
				void* _t741;
				void* _t751;
				signed int _t754;

				_t449 =  *0x16a81e8; // 0x77d4aa35
				_v8 = _t449 ^ _t739;
				_t621 = _a12;
				_v20 = _a32;
				_t452 =  *(_t621 + 2) & 0x0000ffff;
				_t706 = _a16;
				_t725 = 0x8000;
				_v100 = _t621;
				_v44 = _t706;
				_v49 = 0;
				_v50 = 0;
				_v52 = 0;
				_v53 = 0;
				_v21 = 0;
				_v40 = 0;
				_v84 = 0;
				_v116 = 0;
				_v51 = 0;
				_v80 = 0;
				_v36 = 0x8000;
				if((_t452 & 0x00000010) != 0) {
					_t631 =  *(_t621 + 0xc);
					__eflags = 0x00008000 & _t452;
					if(__eflags == 0) {
						L66:
						_v28 = _t631;
						L2:
						_t632 =  *_t706;
						_t686 =  *(_t632 + 2) & 0x0000ffff;
						_v88 = _t686;
						if((_t686 & 0x00000010) == 0) {
							L57:
							_v72 = _v72 & 0x00000000;
							L7:
							_v48 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18));
							_t690 = _t725;
							if((_v88 & _t725) != _t725) {
								_t709 = 0xc00000e7;
								L56:
								return E01622F0C(_t709, _t621, _v8 ^ _t739, _t690, _t709, _t725);
							}
							_v88 = (_t452 & 0x00000080) == 0x80;
							_t694 = _t452 & 0x00000040;
							_t751 = _t694 - 0x40;
							_t690 = _t694 & 0xffffff00 | _t751 == 0x00000000;
							_v92 = _t694 & 0xffffff00 | _t751 == 0x00000000;
							if((_a8 & 0x00000001) != 0) {
								_t632 =  !(_a8 >> 2) & 0x00000001;
								__eflags = _t452 & 0x00008000;
								_t455 =  *(_t621 + 4);
								_v51 =  !(_a8 >> 2) & 0x00000001;
								if((_t452 & 0x00008000) == 0) {
									L72:
									_v64 = _t455;
									L73:
									__eflags = _a20 & 0x00000008;
									_v50 = 1;
									if(__eflags != 0) {
										L12:
										_push(_v64);
										if(E0162EC79(_t754) == 0) {
											L80:
											_t709 = 0xc000005a;
											goto L56;
										}
										if((_a8 & 0x00000002) != 0) {
											__eflags =  *(_t621 + 2) & _t725;
											_t458 =  *(_t621 + 8);
											if(__eflags != 0) {
												__eflags = _t458;
												if(__eflags != 0) {
													_t458 = _t458 + _t621;
													__eflags = _t458;
												}
											}
											_v49 = 1;
											L17:
											_t710 = 0;
											_v68 = _t458;
											_t760 = _t458;
											if(_t458 == 0) {
												L62:
												_t709 = 0xc000005b;
												L53:
												if(_v53 != 0) {
													E01622882(_t632, _v48, 0, _v108);
												}
												L54:
												if(_v21 != 0) {
													L212:
													E01622882(_t632, _v48, 0, _v40);
												}
												if(_v52 != 0) {
													E01622882(_t632, _v48, 0, _v112);
												}
												goto L56;
											}
											_push(_t458);
											if(E0162EC79(_t760) == 0) {
												_t709 = 0xc000005b;
												goto L56;
											}
											_t464 = _a8 & 0x00000018;
											_v96 = _t464;
											if(_t464 != 0) {
												_t466 = _a8 & 0x00000010;
												__eflags = _t466;
												_v104 = _t466;
												if(_t466 == 0) {
													L100:
													__eflags = _v96 - 0x18;
													if(_v96 != 0x18) {
														_t710 = 0;
														__eflags = _v104;
														if(_v104 == 0) {
															__eflags = _a8 & 0x00000008;
															if((_a8 & 0x00000008) == 0) {
																goto L20;
															}
															_t565 = E015E969A(_v72, 0x11, 0);
															_t725 = _v28;
															_v84 = _t565;
															_t566 = E015E969A(_t725, 0x11, 0);
															__eflags = _a20 & 0x00000002;
															if((_a20 & 0x00000002) == 0) {
																__eflags = _v84;
																if(_v84 != 0) {
																	L155:
																	_push( &_v40);
																	_push(_v28);
																	_push(_v72);
																	L156:
																	_t709 = E015E9661(_t632);
																	__eflags = _t709;
																	if(_t709 < 0) {
																		goto L56;
																	}
																	_t569 = _v40;
																	_v21 = 1;
																	L158:
																	_v20 = _t569;
																	L159:
																	_t661 =  *(_t621 + 2) & 0x0000ffff;
																	_t725 = _t661 & 0x00002000 | 0x00008010;
																	_v36 = _t725;
																	__eflags = (_t661 & 0x00000a00) - 0xa00;
																	if((_t661 & 0x00000a00) == 0xa00) {
																		_t725 = _t725 | 0x00000800;
																		_v36 = _t725;
																	}
																	L24:
																	_t690 = 0x140c;
																	if((_a8 & 0x00000004) == 0) {
																		_t470 =  *_v44;
																		_t639 =  *(_t470 + 2) & 0x0000ffff;
																		__eflags = _t639 & 0x00000004;
																		if((_t639 & 0x00000004) != 0) {
																			__eflags = _t639 & 0x00008000;
																			if((_t639 & 0x00008000) == 0) {
																				_t471 =  *(_t470 + 0x10);
																				L193:
																				_v28 = _t471;
																				L31:
																				_t474 = 8 + ( *(_v64 + 1) & 0x000000ff) * 4;
																				_t642 = 8 + ( *(_v68 + 1) & 0x000000ff) * 4;
																				_v92 = _t474;
																				_v104 = _t642;
																				_t726 = 0xfffffffc;
																				_t476 = _t474 + 0x00000003 & _t726;
																				_t632 = _t642 + 0x00000003 & _t726;
																				_v32 = _t474 + 0x00000003 & _t726;
																				_v96 = _t632;
																				if(_v20 == 0) {
																					_t711 = 0;
																				} else {
																					_t711 = ( *(_v20 + 2) & 0x0000ffff) + 0x00000003 & _t726;
																				}
																				_t695 = _v28;
																				if(_t695 == 0) {
																					_v60 = _v60 & 0x00000000;
																					_t696 = _v60;
																				} else {
																					_t696 = ( *(_t695 + 2) & 0x0000ffff) + 0x00000003 & _t726;
																					_v60 = _t696;
																				}
																				_t727 =  *0x16aec78; // 0x0
																				_t690 = _t696 + _t711 + _t632;
																				_t725 = E016229EE(_v48, _t727 + 0x140000, _t476 + _t696 + _t711 + _t632 + 0x14);
																				if(_t725 == 0) {
																					L181:
																					_t709 = 0xc0000017;
																					goto L53;
																				} else {
																					E0163119E(_t725, 1);
																					 *(_t725 + 2) =  *(_t725 + 2) | _v36;
																					_t644 = _v100;
																					_t481 =  *(_t725 + 2) & 0x0000ffff;
																					_t690 = 0x4000;
																					_t106 = _t725 + 0x14; // 0x14
																					_t621 = _t106;
																					if(( *(_t644 + 2) & 0x00004000) != 0) {
																						 *((char*)(_t725 + 1)) =  *((intOrPtr*)(_t644 + 1));
																						 *(_t725 + 2) = _t481 | 0x00004000;
																					}
																					if(_v20 == 0) {
																						 *(_t725 + 0xc) =  *(_t725 + 0xc) & 0x00000000;
																					} else {
																						_t632 =  *(_v20 + 2) & 0x0000ffff;
																						E01604830(_t621, _v20,  *(_v20 + 2) & 0x0000ffff);
																						_t740 = _t740 + 0xc;
																						L015DF643(_t621, _a28);
																						 *(_t725 + 0xc) = _t621 - _t725;
																						if(_t711 > ( *(_v20 + 2) & 0x0000ffff)) {
																							_t632 = _t711 - ( *(_v20 + 2) & 0x0000ffff);
																							E01604EC0(( *(_v20 + 2) & 0x0000ffff) + _t621, 0, _t711 - ( *(_v20 + 2) & 0x0000ffff));
																							_t740 = _t740 + 0xc;
																						}
																						_t621 = _t621 + _t711;
																					}
																					if((_v36 & 0x00000010) == 0) {
																						_t632 = 0x2830;
																						 *(_t725 + 2) =  *(_t725 + 2) |  *( *_v44 + 2) & 0x00002830;
																					}
																					_t712 = _v28;
																					if(_t712 == 0) {
																						 *(_t725 + 0x10) =  *(_t725 + 0x10) & _t712;
																					} else {
																						E01604830(_t621, _t712,  *(_t712 + 2) & 0x0000ffff);
																						_t740 = _t740 + 0xc;
																						L015DF643(_t621, _a28);
																						 *(_t725 + 0x10) = _t621 - _t725;
																						if(_v60 > ( *(_t712 + 2) & 0x0000ffff)) {
																							_t632 = _v60 - ( *(_t712 + 2) & 0x0000ffff);
																							E01604EC0(( *(_t712 + 2) & 0x0000ffff) + _t621, 0, _v60 - ( *(_t712 + 2) & 0x0000ffff));
																							_t740 = _t740 + 0xc;
																						}
																						_t621 = _t621 + _v60;
																					}
																					if((_v36 & 0x00000004) == 0) {
																						_t632 = 0x140c;
																						 *(_t725 + 2) =  *(_t725 + 2) |  *( *_v44 + 2) & 0x0000140c;
																						__eflags = _v51;
																						if(_v51 == 0) {
																							goto L46;
																						}
																						_v16 = 0;
																						_v15 = 0;
																						_v14 = 0;
																						_v13 = 0;
																						_v12 = 0;
																						_v11 = 3;
																						_t709 = E0163666D( &_v232,  &_v16, 1);
																						__eflags = _t709;
																						if(_t709 < 0) {
																							goto L53;
																						}
																						_t425 =  &_v76;
																						 *_t425 = _v76 & 0x00000000;
																						__eflags =  *_t425;
																						_v224 = 4;
																						while(1) {
																							_t511 =  *(_t725 + 2) & 0x0000ffff;
																							__eflags = _t511 & 0x00000004;
																							if((_t511 & 0x00000004) != 0) {
																								goto L204;
																							}
																							L203:
																							_t512 = 0;
																							L207:
																							_t632 =  &_v232;
																							_t513 = E0167D3B5(_t512,  &_v232,  &_v76);
																							__eflags = _t513;
																							if(_t513 == 0) {
																								goto L46;
																							}
																							 *(_t513 + 1) =  *(_t513 + 1) & 0x000000fc | 0x00000008;
																							_v76 = _v76 + 1;
																							continue;
																							L204:
																							__eflags = _t511 & 0x00008000;
																							_t512 =  *(_t725 + 0x10);
																							if((_t511 & 0x00008000) == 0) {
																								goto L207;
																							}
																							__eflags = _t512;
																							if(_t512 == 0) {
																								goto L203;
																							}
																							__eflags = _t512;
																							goto L207;
																						}
																					} else {
																						L46:
																						_t713 = _v92;
																						E01604830(_t621, _v64, _t713);
																						_t741 = _t740 + 0xc;
																						if(_t713 < _v32) {
																							E01604EC0(_t621 + _t713, 0, _v32 - _t713);
																							_t741 = _t741 + 0xc;
																						}
																						_t622 = _t621 + _v32;
																						 *((intOrPtr*)(_t725 + 4)) = _t621 - _t725;
																						if(_v50 == 0) {
																							 *(_t725 + 2) =  *(_t725 + 2) |  *( *_v44 + 2) & 0x00000001;
																						}
																						_t714 = _v104;
																						E01604830(_t622, _v68, _t714);
																						_t495 = _v96;
																						if(_t714 < _v96) {
																							E01604EC0(_t622 + _t714, 0, _t495 - _t714);
																						}
																						_t621 = _t622 - _t725;
																						 *(_t725 + 8) = _t622 - _t725;
																						if(_v49 == 0) {
																							 *(_t725 + 2) =  *(_t725 + 2) |  *( *_v44 + 2) & 0x00000002;
																						}
																						_t715 = _v44;
																						E01622882(_t632, _v48, 0,  *_t715);
																						 *_t715 = _t725;
																						_t709 = 0;
																						goto L53;
																					}
																				}
																			}
																			_t652 =  *(_t470 + 0x10);
																			__eflags = _t652;
																			if(_t652 == 0) {
																				goto L188;
																			}
																			_v28 = _t652 + _t470;
																			goto L31;
																		}
																		L188:
																		_v28 = _v28 & 0x00000000;
																		goto L31;
																	}
																	if((_a20 & 0x00000001) != 0) {
																		_t654 =  *(_t621 + 2) & 0x0000ffff;
																		__eflags = _t654 & 0x00000004;
																		if((_t654 & 0x00000004) != 0) {
																			_t538 =  *(_t621 + 0x10);
																			__eflags = _t654 & 0x00008000;
																			if((_t654 & 0x00008000) == 0) {
																				_v32 = _t538;
																				L167:
																				_t718 =  *_v44;
																				_t540 =  *(_t718 + 2) & 0x0000ffff;
																				__eflags = _t540 & 0x00000004;
																				if((_t540 & 0x00000004) != 0) {
																					__eflags = _t540 & 0x00008000;
																					if((_t540 & 0x00008000) == 0) {
																						_t719 =  *(_t718 + 0x10);
																						L173:
																						_t621 =  &_v108;
																						_t632 = _t654 & _t690;
																						_t709 = E0167C7DC(_t719, _t540 & _t690, _v32, _t654 & _t690, _v64, _v68, _a28, 1,  &_v108,  &_v60);
																						__eflags = _t709;
																						if(_t709 < 0) {
																							goto L54;
																						}
																						_v28 = _v108;
																						_v53 = 1;
																						_t729 = _t725 | _v60 & 0x00001408 | 0x00000004;
																						L179:
																						_v36 = _t729;
																						L30:
																						if(_v88 != 0) {
																							_t547 =  *0x16aec78; // 0x0
																							_t632 = 0x44;
																							_v120 = _t632;
																							_t725 = E016229EE(_v48, _t547 + 0x140000, _t632);
																							__eflags = _t725;
																							if(_t725 != 0) {
																								_push( &_v80);
																								_push(8);
																								_push(0xffffffff);
																								_t709 = E01615960();
																								_t621 = 0;
																								__eflags = _t709;
																								if(_t709 >= 0) {
																									_push( &_v120);
																									_push(_v120);
																									_push(_t725);
																									_push(4);
																									_push(_v80);
																									_t553 = E01615C40();
																									_push(_v80);
																									_t709 = _t553;
																									E01615090();
																									__eflags = _t709;
																									if(_t709 < 0) {
																										goto L183;
																									}
																									_t709 = E0167BDFD(_t632, _v28, _v92,  *_t725,  &_v112,  &_v52);
																									E01622882(_t632, _v48, 0, _t725);
																									__eflags = _t709;
																									if(_t709 < 0) {
																										goto L53;
																									}
																									_t471 = _v112;
																									goto L193;
																								}
																								L183:
																								E01622882(_t632, _v48, _t621, _t725);
																								goto L53;
																							}
																							goto L181;
																						}
																						goto L31;
																					}
																					_t624 =  *(_t718 + 0x10);
																					__eflags = _t624;
																					if(_t624 == 0) {
																						goto L168;
																					}
																					_t719 = _t718 + _t624;
																					goto L173;
																				}
																				L168:
																				_t719 = 0;
																				goto L173;
																			}
																			__eflags = _t538;
																			if(_t538 == 0) {
																				goto L151;
																			}
																			_v32 = _t621 + _t538;
																			goto L167;
																		}
																		L151:
																		_v32 = _v32 & 0x00000000;
																		goto L167;
																	}
																	_t560 =  *(_t621 + 2) & 0x0000ffff;
																	if((_t560 & 0x00000004) == 0) {
																		L175:
																		_v28 = _v28 & 0x00000000;
																		L29:
																		_t561 =  *(_t621 + 2) & 0x0000ffff;
																		_t730 = _t725 | _t561 & 0x00001000 | 0x00000004;
																		_v36 = _t730;
																		if((_t561 & 0x00000500) == 0x500) {
																			_t729 = _t730 | 0x00000400;
																			__eflags = _t729;
																			goto L179;
																		}
																		goto L30;
																	}
																	_t563 =  *(_t621 + 0x10);
																	if((_t560 & 0x00008000) != 0) {
																		__eflags = _t563;
																		if(_t563 == 0) {
																			goto L175;
																		}
																		_t563 = _t563 + _t621;
																	}
																	_v28 = _t563;
																	goto L29;
																}
																__eflags = _t566;
																if(_t566 != 0) {
																	goto L155;
																}
																_v20 = _t725;
																goto L159;
															}
															_t701 =  *(_t621 + 2) & 0x0000ffff;
															__eflags = _t701 & 0x00000010;
															if((_t701 & 0x00000010) != 0) {
																__eflags = _t701 & 0x00008000;
																if((_t701 & 0x00008000) == 0) {
																	_t710 =  *(_t621 + 0xc);
																} else {
																	_t584 =  *(_t621 + 0xc);
																	__eflags = _t584;
																	if(_t584 != 0) {
																		_t710 = _t621 + _t584;
																	}
																}
															}
															_t572 =  *_v44;
															_t626 =  *(_t572 + 2) & 0x0000ffff;
															__eflags = _t626 & 0x00000010;
															if((_t626 & 0x00000010) != 0) {
																__eflags = _t626 & 0x00008000;
																if((_t626 & 0x00008000) == 0) {
																	_t725 =  *(_t572 + 0xc);
																	goto L143;
																}
																_t674 =  *(_t572 + 0xc);
																__eflags = _t674;
																if(_t674 == 0) {
																	goto L138;
																}
																_t725 = _t674 + _t572;
																goto L143;
															} else {
																L138:
																_t725 = 0;
																L143:
																_t690 = _t626 & 0x2800;
																_t621 = ((_t701 & 0x0000ffff) >> 0x00000001 & 0x00000018 | _t701 & 0x2800) >> 1;
																_t709 = E0167C7DC(_t725, ((_t626 & 0x0000ffff) >> 0x00000001 & 0x00000018 | _t626 & 0x2800) >> 1, _t710, ((_t701 & 0x0000ffff) >> 0x00000001 & 0x00000018 | _t701 & 0x2800) >> 1, _v64, _v68, _a28, 2,  &_v40,  &_v60);
																__eflags = _t709;
																if(_t709 < 0) {
																	goto L56;
																}
																_v20 = _v40;
																_t578 = _v60;
																_t632 = (_t578 & 0x00000008 | 0x00000004) + (_t578 & 0x00000008 | 0x00000004) | _t578 & 0x00001400;
																_t621 = ((_t578 & 0x00000008 | 0x00000004) + (_t578 & 0x00000008 | 0x00000004) | _t578 & 0x00001400) + ((_t578 & 0x00000008 | 0x00000004) + (_t578 & 0x00000008 | 0x00000004) | _t578 & 0x00001400);
																_t725 = _t621 | 0x00008000;
																__eflags = _v84;
																_v21 = 1;
																_v36 = _t725;
																if(_v84 == 0) {
																	L149:
																	_t621 = _v100;
																	goto L24;
																}
																_t709 = E015E9661(_t632, _v72, _v40,  &_v40);
																__eflags = _t709;
																if(_t709 < 0) {
																	goto L212;
																}
																__eflags = _v20;
																if(_v20 != 0) {
																	E01622882(_t632, _v48, 0, _v20);
																}
																_t725 = _t725 | _t621;
																__eflags = _t725;
																_v21 = 1;
																_v20 = _v40;
																_v36 = _t725;
																goto L149;
															}
														}
														_t585 = E015E969A(_v28, 0x11, 0);
														__eflags = _t585;
														if(_t585 != 0) {
															L129:
															_push( &_v40);
															_push(_v72);
															_push(_v28);
															goto L156;
														}
														__eflags = _v72;
														if(_v72 == 0) {
															L59:
															_v20 = _t710;
															goto L24;
														}
														goto L129;
													}
													__eflags = _a20 & 0x00000002;
													_t587 =  *(_t621 + 2) & 0x0000ffff;
													if((_a20 & 0x00000002) == 0) {
														__eflags = _t587 & 0x00000010;
														if((_t587 & 0x00000010) != 0) {
															__eflags = _t587 & 0x00008000;
															_t569 =  *(_t621 + 0xc);
															if((_t587 & 0x00008000) == 0) {
																goto L158;
															}
															__eflags = _t569;
															if(_t569 == 0) {
																goto L122;
															}
															_t569 = _t569 + _t621;
															goto L158;
														}
														L122:
														_v20 = _v20 & 0x00000000;
														goto L159;
													}
													__eflags = _t587 & 0x00000010;
													if((_t587 & 0x00000010) != 0) {
														__eflags = _t587 & 0x00008000;
														_t588 =  *(_t621 + 0xc);
														if((_t587 & 0x00008000) == 0) {
															L109:
															_v32 = _t588;
															L110:
															_t590 =  *_v44;
															_t703 =  *(_t590 + 2) & 0x0000ffff;
															__eflags = _t703 & 0x00000010;
															if((_t703 & 0x00000010) != 0) {
																__eflags = _t725 & _t703;
																if((_t725 & _t703) == 0) {
																	_t725 =  *(_t590 + 0xc);
																	L116:
																	_t690 = _t703 & 0x2800;
																	_t709 = E0167C7DC(_t725, ((_t703 & 0x0000ffff) >> 0x00000001 & 0x00000018 | _t703 & 0x2800) >> 1, _v32, (( *(_t621 + 2) & 0xffff) >> 0x00000001 & 0x00000018 |  *(_t621 + 2) & 0x2800) >> 1, _v64, _v68, _a28, 2,  &_v40,  &_v60);
																	__eflags = _t709;
																	if(_t709 < 0) {
																		goto L56;
																	}
																	_t596 = _v60;
																	_t632 = _v40;
																	_t725 = ((_v60 & 0x00000008 | 0x00002004) + (_v60 & 0x00000008 | 0x00002004) | _t596 & 0x00001400) + ((_v60 & 0x00000008 | 0x00002004) + (_v60 & 0x00000008 | 0x00002004) | _t596 & 0x00001400);
																	_v20 = _v40;
																	_v36 = _t725;
																	_t709 = E015E9661(_v40, _v28, _v40,  &_v40);
																	__eflags = _t709;
																	if(_t709 < 0) {
																		goto L212;
																	}
																	__eflags = _v20;
																	if(_v20 != 0) {
																		E01622882(_t632, _v48, 0, _v20);
																	}
																	_t564 = _v40;
																	_v21 = 1;
																	L162:
																	_v20 = _t564;
																	goto L24;
																}
																_t682 =  *(_t590 + 0xc);
																__eflags = _t682;
																if(_t682 == 0) {
																	goto L111;
																}
																_t725 = _t682 + _t590;
																goto L116;
															}
															L111:
															_t725 = 0;
															goto L116;
														}
														__eflags = _t588;
														if(_t588 == 0) {
															goto L103;
														}
														_t588 = _t588 + _t621;
														__eflags = _t588;
														goto L109;
													}
													L103:
													_v32 = _v32 & 0x00000000;
													goto L110;
												}
												_v76 = 0;
												do {
													_t602 = E015E969A(_v28, 0x11,  &_v76);
													_v128 = _t602;
													__eflags = _t602;
													if(_t602 == 0) {
														L90:
														__eflags = _v20;
														if(_v20 == 0) {
															_push( &_v80);
															_push(8);
															_push(0xffffffff);
															_t709 = E01615960();
															_v32 = _t709;
															__eflags = _t709;
															if(_t709 < 0) {
																goto L56;
															}
															L96:
															_t605 = _v20;
															__eflags = _t605;
															if(_t605 == 0) {
																_t605 = _v80;
															}
															_t632 =  &_v32;
															_t606 = E0167C4AD(_t605, _v84, _v116,  &_v32);
															_push(_v80);
															__eflags = _t606;
															if(_t606 == 0) {
																E01615090();
																L105:
																_t709 = 0xc0000446;
																goto L56;
															} else {
																goto L99;
															}
														}
														_push( &_v124);
														_push(0x38);
														_push( &_v184);
														_push(0xa);
														_push(_v20);
														_t709 = E01615C40();
														_v32 = _t709;
														__eflags = _t709;
														if(_t709 < 0) {
															goto L56;
														}
														__eflags = _v160 - 2;
														if(_v160 != 2) {
															goto L96;
														}
														__eflags = _v156 - 1;
														if(_v156 >= 1) {
															goto L96;
														}
														L78:
														_t709 = 0xc00000a5;
														goto L56;
													}
													__eflags =  *(_t602 + 4) & 0xfffffff8;
													_t207 = _t602 + 8; // 0x8
													_v84 = _t207;
													_v116 =  *((intOrPtr*)(_t602 + 1));
													if(( *(_t602 + 4) & 0xfffffff8) != 0) {
														goto L105;
													}
													goto L90;
													L99:
													E01615090();
													_v76 = _v76 + 1;
													__eflags = _v128;
												} while (_v128 != 0);
												goto L100;
											}
											L20:
											_t468 =  *_v44;
											_t638 =  *(_t468 + 2) & 0x0000ffff;
											if((_t638 & 0x00000010) == 0) {
												goto L59;
											}
											if((_t725 & _t638) == 0) {
												_t564 =  *(_t468 + 0xc);
												goto L162;
											}
											_t659 =  *(_t468 + 0xc);
											if(_t659 == _t710) {
												goto L59;
											} else {
												_v20 = _t659 + _t468;
												goto L24;
											}
										}
										_t613 =  *_v44;
										_t632 = _t725;
										if(( *(_t613 + 2) & _t725) == 0) {
											_t458 =  *(_t613 + 8);
											goto L17;
										}
										_t632 =  *(_t613 + 8);
										if(_t632 == 0) {
											goto L62;
										} else {
											_t458 = _t613 + _t632;
											goto L17;
										}
									}
									__eflags = _v20;
									if(_v20 == 0) {
										goto L80;
									}
									_push( &_v124);
									_push(0x38);
									_push( &_v184);
									_push(0xa);
									_push(_v20);
									_t709 = E01615C40();
									_v32 = _t709;
									__eflags = _t709;
									if(_t709 < 0) {
										goto L56;
									}
									__eflags = _v160 - 2;
									if(_v160 != 2) {
										L79:
										_push( &_v32);
										_push(_v88);
										_push(_v64);
										_push(_v20);
										__eflags = E015D509B();
										L11:
										if(_t754 == 0) {
											goto L80;
										}
										goto L12;
									}
									__eflags = _v156 - 1;
									if(_v156 >= 1) {
										goto L79;
									}
									goto L78;
								}
								__eflags = _t455;
								if(_t455 != 0) {
									_t455 = _t455 + _t621;
									__eflags = _t455;
									goto L72;
								}
								_v64 = _v64 & _t455;
								goto L73;
							}
							_t619 =  *((intOrPtr*)(_t632 + 4));
							if(_t619 == 0) {
								goto L80;
							} else {
								_t620 = _t619 + _t632;
								_t754 = _t620;
								_v64 = _t620;
								goto L11;
							}
						}
						_t705 =  *(_t632 + 0xc);
						if((_t725 & _t686) == 0) {
							L6:
							_v72 = _t705;
							goto L7;
						}
						if(_t705 == 0) {
							goto L57;
						} else {
							_t705 = _t705 + _t632;
							goto L6;
						}
					}
					__eflags = _t631;
					if(__eflags == 0) {
						goto L1;
					}
					_t631 = _t631 + _t621;
					__eflags = _t631;
					goto L66;
				}
				L1:
				_v28 = 0;
				goto L2;
			}

0x015d7083
0x015d708a
0x015d7093
0x015d7097
0x015d709a
0x015d709f
0x015d70a2
0x015d70a7
0x015d70aa
0x015d70ad
0x015d70b0
0x015d70b3
0x015d70b6
0x015d70b9
0x015d70bc
0x015d70bf
0x015d70c2
0x015d70c5
0x015d70c8
0x015d70cb
0x015d70d0
0x016579fd
0x01657a00
0x01657a02
0x01657a0e
0x01657a0e
0x015d70d9
0x015d70d9
0x015d70db
0x015d70df
0x015d70e5
0x015d744d
0x015d744d
0x015d70ff
0x015d710f
0x015d7114
0x015d7119
0x01657a16
0x015d743a
0x015d744a
0x015d744a
0x015d7127
0x015d712d
0x015d7130
0x015d7133
0x015d713a
0x015d713d
0x01657a28
0x01657a2b
0x01657a30
0x01657a33
0x01657a36
0x01657a43
0x01657a43
0x01657a46
0x01657a46
0x01657a4a
0x01657a4e
0x015d7159
0x015d7159
0x015d7163
0x01657ab3
0x01657ab3
0x00000000
0x01657ab3
0x015d716d
0x01657abf
0x01657ac3
0x01657ac6
0x01657ac8
0x01657aca
0x01657acc
0x01657acc
0x01657acc
0x01657aca
0x01657ace
0x015d7191
0x015d7191
0x015d7193
0x015d7196
0x015d7198
0x015d7479
0x015d7479
0x015d741c
0x015d7420
0x01658188
0x01658188
0x015d7426
0x015d742a
0x01658192
0x0165819a
0x0165819a
0x015d7434
0x016581ac
0x016581ac
0x00000000
0x015d7434
0x015d719e
0x015d71a6
0x01657ad7
0x00000000
0x01657ad7
0x015d71af
0x015d71b2
0x015d71b5
0x01657ae4
0x01657ae4
0x01657ae7
0x01657aea
0x01657baf
0x01657baf
0x01657bb3
0x01657ce7
0x01657ce9
0x01657cec
0x01657d15
0x01657d19
0x00000000
0x00000000
0x01657d25
0x01657d2a
0x01657d31
0x01657d34
0x01657d39
0x01657d3d
0x01657e5e
0x01657e61
0x01657e6c
0x01657e6f
0x01657e70
0x01657e73
0x01657e76
0x01657e7b
0x01657e7d
0x01657e7f
0x00000000
0x00000000
0x01657e85
0x01657e88
0x01657e8c
0x01657e8c
0x01657e8f
0x01657e8f
0x01657ea0
0x01657ea8
0x01657eab
0x01657eae
0x01657eb4
0x01657eba
0x01657eba
0x015d71e5
0x015d71e9
0x015d71ee
0x01658016
0x01658018
0x0165801c
0x0165801f
0x0165802a
0x01658030
0x01658043
0x01658046
0x01658046
0x015d7249
0x015d7257
0x015d725e
0x015d7265
0x015d726a
0x015d7270
0x015d7274
0x015d7276
0x015d727c
0x015d727f
0x015d7282
0x015d7466
0x015d7288
0x015d7292
0x015d7292
0x015d7294
0x015d7299
0x015d746d
0x015d7471
0x015d729f
0x015d72a6
0x015d72a8
0x015d72a8
0x015d72ab
0x015d72b3
0x015d72c9
0x015d72cd
0x01657f97
0x01657f97
0x00000000
0x015d72d3
0x015d72d6
0x015d72df
0x015d72e3
0x015d72e6
0x015d72ea
0x015d72ef
0x015d72ef
0x015d72f6
0x01658053
0x01658056
0x01658056
0x015d7300
0x0165805f
0x015d7306
0x015d7309
0x015d7310
0x015d7315
0x015d731c
0x015d7325
0x015d7331
0x01658071
0x01658079
0x0165807e
0x0165807e
0x015d7337
0x015d7337
0x015d733d
0x015d7348
0x015d7350
0x015d7350
0x015d7354
0x015d7359
0x01658086
0x015d735f
0x015d7366
0x015d736b
0x015d7372
0x015d737b
0x015d7385
0x01658095
0x0165809d
0x016580a2
0x016580a2
0x015d738b
0x015d738b
0x015d7392
0x016580b3
0x016580bb
0x016580bf
0x016580c3
0x00000000
0x00000000
0x016580d6
0x016580da
0x016580de
0x016580e2
0x016580e6
0x016580ea
0x016580f3
0x016580f5
0x016580f7
0x00000000
0x00000000
0x016580fd
0x016580fd
0x016580fd
0x01658101
0x0165810b
0x0165810b
0x0165810f
0x01658111
0x00000000
0x00000000
0x01658113
0x01658113
0x01658127
0x0165812b
0x01658133
0x01658138
0x0165813a
0x00000000
0x00000000
0x01658149
0x0165814c
0x00000000
0x01658117
0x01658117
0x0165811c
0x0165811f
0x00000000
0x00000000
0x01658121
0x01658123
0x00000000
0x00000000
0x01658125
0x00000000
0x01658125
0x015d7398
0x015d7398
0x015d7398
0x015d73a0
0x015d73a5
0x015d73ab
0x0165815d
0x01658162
0x01658162
0x015d73b3
0x015d73bc
0x015d73bf
0x015d73ce
0x015d73ce
0x015d73d2
0x015d73da
0x015d73df
0x015d73e7
0x01658173
0x01658178
0x015d73ed
0x015d73f3
0x015d73f6
0x015d7405
0x015d7405
0x015d7409
0x015d7413
0x015d7418
0x015d741a
0x00000000
0x015d741a
0x015d7392
0x015d72cd
0x01658032
0x01658035
0x01658037
0x00000000
0x00000000
0x0165803b
0x00000000
0x0165803b
0x01658021
0x01658021
0x00000000
0x01658021
0x015d71f8
0x01657e4c
0x01657e50
0x01657e53
0x01657ecd
0x01657ed0
0x01657ed6
0x01657ee7
0x01657eea
0x01657eed
0x01657eef
0x01657ef3
0x01657ef5
0x01657efb
0x01657f00
0x01657f0d
0x01657f10
0x01657f14
0x01657f1d
0x01657f32
0x01657f34
0x01657f36
0x00000000
0x00000000
0x01657f3f
0x01657f4d
0x01657f51
0x01657f6f
0x01657f6f
0x015d723f
0x015d7243
0x01657f77
0x01657f7e
0x01657f89
0x01657f91
0x01657f93
0x01657f95
0x01657fa4
0x01657fa5
0x01657fa7
0x01657fae
0x01657fb0
0x01657fb2
0x01657fb4
0x01657fc8
0x01657fc9
0x01657fcc
0x01657fcd
0x01657fcf
0x01657fd2
0x01657fd7
0x01657fda
0x01657fdc
0x01657fe1
0x01657fe3
0x00000000
0x00000000
0x01657fff
0x01658001
0x01658006
0x01658008
0x00000000
0x00000000
0x0165800e
0x00000000
0x0165800e
0x01657fb6
0x01657fbb
0x00000000
0x01657fbb
0x00000000
0x01657f95
0x00000000
0x015d7243
0x01657f02
0x01657f05
0x01657f07
0x00000000
0x00000000
0x01657f09
0x00000000
0x01657f09
0x01657ef7
0x01657ef7
0x00000000
0x01657ef7
0x01657ed8
0x01657eda
0x00000000
0x00000000
0x01657ee2
0x00000000
0x01657ee2
0x01657e55
0x01657e55
0x00000000
0x01657e55
0x015d71fe
0x015d7204
0x01657f55
0x01657f55
0x015d721b
0x015d721b
0x015d722a
0x015d7233
0x015d7239
0x01657f69
0x01657f69
0x00000000
0x01657f69
0x00000000
0x015d7239
0x015d720f
0x015d7212
0x01657f5e
0x01657f60
0x00000000
0x00000000
0x01657f62
0x01657f62
0x015d7218
0x00000000
0x015d7218
0x01657e63
0x01657e65
0x00000000
0x00000000
0x01657e67
0x00000000
0x01657e67
0x01657d43
0x01657d47
0x01657d4a
0x01657d4c
0x01657d52
0x01657d60
0x01657d54
0x01657d54
0x01657d57
0x01657d59
0x01657d5b
0x01657d5b
0x01657d59
0x01657d52
0x01657d66
0x01657d68
0x01657d6c
0x01657d6f
0x01657d75
0x01657d7b
0x01657d89
0x00000000
0x01657d89
0x01657d7d
0x01657d80
0x01657d82
0x00000000
0x00000000
0x01657d84
0x00000000
0x01657d71
0x01657d71
0x01657d71
0x01657d8c
0x01657dbc
0x01657dbe
0x01657dcd
0x01657dcf
0x01657dd1
0x00000000
0x00000000
0x01657dda
0x01657ddd
0x01657def
0x01657df1
0x01657df6
0x01657dfc
0x01657e00
0x01657e04
0x01657e07
0x01657e44
0x01657e44
0x00000000
0x01657e44
0x01657e18
0x01657e1a
0x01657e1c
0x00000000
0x00000000
0x01657e22
0x01657e26
0x01657e30
0x01657e30
0x01657e38
0x01657e38
0x01657e3a
0x01657e3e
0x01657e41
0x00000000
0x01657e41
0x01657d6f
0x01657cf4
0x01657cf9
0x01657cfb
0x01657d06
0x01657d09
0x01657d0a
0x01657d0d
0x00000000
0x01657d0d
0x01657cfd
0x01657d00
0x015d745e
0x015d745e
0x00000000
0x015d745e
0x00000000
0x01657d00
0x01657bb9
0x01657bbd
0x01657bc1
0x01657cc1
0x01657cc3
0x01657cce
0x01657cd3
0x01657cd6
0x00000000
0x00000000
0x01657cdc
0x01657cde
0x00000000
0x00000000
0x01657ce0
0x00000000
0x01657ce0
0x01657cc5
0x01657cc5
0x00000000
0x01657cc5
0x01657bc7
0x01657bc9
0x01657be0
0x01657be5
0x01657be8
0x01657bf0
0x01657bf0
0x01657bf3
0x01657bf6
0x01657bf8
0x01657bfc
0x01657bff
0x01657c05
0x01657c07
0x01657c15
0x01657c18
0x01657c52
0x01657c5f
0x01657c61
0x01657c63
0x00000000
0x00000000
0x01657c69
0x01657c6c
0x01657c8b
0x01657c8d
0x01657c90
0x01657c98
0x01657c9a
0x01657c9c
0x00000000
0x00000000
0x01657ca2
0x01657ca6
0x01657cb0
0x01657cb0
0x01657cb5
0x01657cb8
0x01657ec5
0x01657ec5
0x00000000
0x01657ec5
0x01657c09
0x01657c0c
0x01657c0e
0x00000000
0x00000000
0x01657c10
0x00000000
0x01657c10
0x01657c01
0x01657c01
0x00000000
0x01657c01
0x01657bea
0x01657bec
0x00000000
0x00000000
0x01657bee
0x01657bee
0x00000000
0x01657bee
0x01657bcb
0x01657bcb
0x00000000
0x01657bcb
0x01657af0
0x01657af3
0x01657afc
0x01657b01
0x01657b04
0x01657b06
0x01657b21
0x01657b21
0x01657b25
0x01657b65
0x01657b66
0x01657b68
0x01657b6f
0x01657b71
0x01657b74
0x01657b76
0x00000000
0x00000000
0x01657b7c
0x01657b7c
0x01657b7f
0x01657b81
0x01657b83
0x01657b83
0x01657b86
0x01657b91
0x01657b96
0x01657b99
0x01657b9b
0x01657bd1
0x01657bd6
0x01657bd6
0x00000000
0x00000000
0x00000000
0x00000000
0x01657b9b
0x01657b2a
0x01657b2b
0x01657b33
0x01657b34
0x01657b36
0x01657b3e
0x01657b40
0x01657b43
0x01657b45
0x00000000
0x00000000
0x01657b4b
0x01657b52
0x00000000
0x00000000
0x01657b54
0x01657b5b
0x00000000
0x00000000
0x01657a90
0x01657a90
0x00000000
0x01657a90
0x01657b08
0x01657b0f
0x01657b12
0x01657b18
0x01657b1b
0x00000000
0x00000000
0x00000000
0x01657b9d
0x01657b9d
0x01657ba2
0x01657ba5
0x01657ba5
0x00000000
0x01657af3
0x015d71bb
0x015d71be
0x015d71c0
0x015d71c7
0x00000000
0x00000000
0x015d71cf
0x01657ec2
0x00000000
0x01657ec2
0x015d71d5
0x015d71da
0x00000000
0x015d71e0
0x015d71e2
0x00000000
0x015d71e2
0x015d71da
0x015d7176
0x015d7178
0x015d717e
0x015d7456
0x00000000
0x015d7456
0x015d7184
0x015d7189
0x00000000
0x015d718f
0x015d718f
0x00000000
0x015d718f
0x015d7189
0x01657a54
0x01657a58
0x00000000
0x00000000
0x01657a5d
0x01657a5e
0x01657a66
0x01657a67
0x01657a69
0x01657a71
0x01657a73
0x01657a76
0x01657a78
0x00000000
0x00000000
0x01657a7e
0x01657a85
0x01657a9a
0x01657a9d
0x01657a9e
0x01657aa1
0x01657aa4
0x01657aac
0x015d7153
0x015d7153
0x00000000
0x00000000
0x00000000
0x015d7153
0x01657a87
0x01657a8e
0x00000000
0x00000000
0x00000000
0x01657a8e
0x01657a38
0x01657a3a
0x01657a41
0x01657a41
0x00000000
0x01657a41
0x01657a3c
0x00000000
0x01657a3c
0x015d7143
0x015d7148
0x00000000
0x015d714e
0x015d714e
0x015d714e
0x015d7150
0x00000000
0x015d7150
0x015d7148
0x015d70ed
0x015d70f0
0x015d70fc
0x015d70fc
0x00000000
0x015d70fc
0x015d70f4
0x00000000
0x015d70fa
0x015d70fa
0x00000000
0x015d70fa
0x015d70f4
0x01657a04
0x01657a06
0x00000000
0x00000000
0x01657a0c
0x01657a0c
0x00000000
0x01657a0c
0x015d70d6
0x015d70d6
0x00000000

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: InformationQueryToken
String ID:
API String ID: 4239771691-0
Opcode ID: d0e4cb5ea9b9ce3b0034e53760da5422887a8ed3e246a4d82f818cab33eddc93
Instruction ID: cc0441887f081ae399e1f404c28b5d33348ecbfc4d8a7545686a01afc9319788
Opcode Fuzzy Hash: d0e4cb5ea9b9ce3b0034e53760da5422887a8ed3e246a4d82f818cab33eddc93
Instruction Fuzzy Hash: 5172CE72D0021A9FEF25CFA8CC41BEEBBB6BF48304F198429ED15AB281D7759945CB50

Uniqueness

Uniqueness Score: 0.00%

Function 01622ADC, Relevance: .9, Instructions: 945
COMMONCrypto

C-Code - Quality: 89%

			E01622ADC(void* __ebx, signed short* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t340;
				signed int _t343;
				signed int _t344;
				signed int _t345;
				signed int _t348;
				signed int _t349;
				signed int _t350;
				signed int* _t351;
				signed int _t354;
				signed int _t357;
				signed int _t358;
				signed int _t361;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t371;
				signed int* _t378;
				signed int _t379;
				signed int _t380;
				signed int _t394;
				signed int _t401;
				signed int _t405;
				unsigned int _t409;
				signed int _t411;
				signed int _t415;
				signed int _t418;
				signed int _t425;
				signed int _t427;
				signed int _t435;
				signed int _t436;
				signed int _t437;
				signed int _t444;
				signed int* _t451;
				signed int _t452;
				signed int _t453;
				signed int _t465;
				signed char _t471;
				signed int _t472;
				signed int _t477;
				signed int _t482;
				signed int* _t486;
				signed int _t495;
				signed int _t500;
				signed int* _t504;
				intOrPtr _t505;
				signed int _t508;
				signed int _t515;
				signed int _t516;
				signed int _t517;
				signed char _t535;
				signed int _t536;
				signed int _t554;
				intOrPtr _t561;
				signed int _t565;
				signed char _t567;
				signed int _t570;
				signed int _t573;
				signed char _t575;
				signed int* _t576;
				signed int _t577;
				unsigned int _t578;
				intOrPtr _t581;
				signed int _t584;
				signed char _t585;
				signed char _t586;
				signed int _t591;
				signed char* _t592;
				signed char _t594;
				signed short* _t601;
				unsigned int _t603;
				void* _t605;
				signed char* _t615;
				signed char _t616;
				signed char _t617;
				signed char _t620;
				signed int _t625;
				signed char* _t626;
				signed char _t628;
				signed int _t631;
				unsigned int* _t634;
				signed int _t635;
				intOrPtr _t638;
				signed int _t643;
				intOrPtr _t650;
				signed int _t652;
				signed int _t653;
				signed int _t654;
				signed int _t656;
				signed char* _t659;
				signed int _t660;
				signed int _t662;
				signed int _t664;
				signed int _t671;
				signed int _t672;
				void* _t673;
				signed int _t675;
				signed char _t676;
				signed int _t678;
				signed int _t679;
				signed int _t680;
				signed char _t683;
				signed int _t687;
				signed char _t688;
				signed int _t689;
				void* _t690;
				signed int _t692;
				signed char _t693;
				signed int _t700;
				signed short* _t707;
				signed int _t708;
				signed int _t711;
				void* _t716;
				void* _t721;
				signed int _t725;
				signed int _t726;
				signed int _t727;
				void* _t728;
				void* _t731;
				signed int _t738;
				unsigned int _t741;
				signed int _t748;
				void* _t749;
				signed int _t751;
				signed int _t752;
				intOrPtr _t753;
				signed int _t754;
				signed int _t757;
				intOrPtr _t758;
				signed int _t760;
				signed int _t761;
				signed int _t762;
				void* _t766;

				_push(0x64);
				_push(0x1621c10);
				E01622824(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t766 - 0x3c)) = __edx;
				_t707 = __ecx;
				 *(_t766 - 0x28) = __ecx;
				_t748 = __ecx - 0x110 + ( *(__ecx + 2) & 0x000000ff) * 4;
				 *(_t766 - 0x2c) = _t748;
				if(( *(__ecx + 3) & 0x00000001) != 0) {
					L72:
					_t515 =  *((intOrPtr*)( *[fs:0x18] + 0xfa8)) - 1;
					__eflags = _t515;
					 *(_t766 - 0x44) = _t515;
					if(_t515 < 0) {
						 *0x16a8580 = 0xffffffff;
						 *0x16a8584 = 0xffffffff;
						L66:
						_t340 = E015FDFD4();
						_t650 =  *[fs:0x18];
						_t85 = _t340 + 1; // 0x1
						_t561 = _t85;
						__eflags = _t561 -  *((intOrPtr*)(_t650 + 0xfa8));
						if(_t561 !=  *((intOrPtr*)(_t650 + 0xfa8))) {
							asm("lock xadd [edx], ebx");
						}
						 *((intOrPtr*)( *[fs:0x18] + 0xfa8)) = _t561;
						_t515 = _t340;
						L76:
						 *(_t766 - 0x34) = _t515;
						goto L78;
					}
					_t505 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(0x16a8598 + _t515 * 4)) -  *((intOrPtr*)(_t505 + 0x24));
					if( *((intOrPtr*)(0x16a8598 + _t515 * 4)) !=  *((intOrPtr*)(_t505 + 0x24))) {
						goto L66;
					}
					_t508 = E01604180(1, _t515, 0);
					_t643 =  *0x16a8580; // 0x0
					_t762 =  *0x16a8584; // 0x0
					__eflags = _t643 & _t508 | _t762 & 0;
					if((_t643 & _t508 | _t762 & 0) != 0) {
						asm("lock cmpxchg8b [esi]");
						_t515 =  *(_t766 - 0x44);
					}
					_t748 =  *(_t766 - 0x2c);
					goto L76;
				} else {
					_t99 = __ebp - 0x34;
					 *_t99 =  *(__ebp - 0x34) & 0x00000000;
					__eflags =  *_t99;
					L78:
					_t343 =  *(_t766 - 0x34) * 0x3418 + _t748 + 0x310;
					 *(_t766 - 0x44) = _t343;
					_t652 = _t343 + 0x18 + ( *(_t707 + 2) & 0x000000ff) * 0x68;
					 *(_t766 - 0x20) = _t652;
					_t344 =  *_t652;
					 *(_t766 - 0x30) = _t344;
					__eflags = _t344;
					if(_t344 == 0) {
						while(1) {
							L91:
							_t516 =  *(_t766 - 0x20);
							_t345 =  *(_t516 + 4);
							 *(_t766 - 0x30) = _t345;
							if(_t345 == 0) {
								goto L104;
							}
							L92:
							 *(_t766 - 4) = 1;
							while(1) {
								_t142 = _t345 + 8; // 0x18
								_t576 = _t142;
								_t660 =  *_t576;
								 *(_t766 - 0x5c) = _t660;
								_t711 = _t576[1];
								 *(_t766 - 0x58) = _t711;
								if(_t660 == 0) {
									break;
								}
								_t753 =  *((intOrPtr*)(_t345 + 4));
								if(_t753 == 0 ||  *_t345 != _t516) {
									break;
								} else {
									_t754 = (_t660 >> 0x0000000d & 0x0007fff8) + _t753 + 8;
									asm("adc edi, 0xffffffff");
									_t477 =  *_t754 & 0x0000ffff;
									asm("cdq");
									 *(_t766 - 0x74) = _t660 + 0xffffffff & 0x0000ffff | _t477 << 0x00000010;
									 *(_t766 - 0x70) = _t711 | (_t660 << 0x00000020 | _t477) << 0x10;
									_t671 =  *(_t766 - 0x58);
									asm("lock cmpxchg8b [edi]");
									if( *(_t766 - 0x5c) !=  *(_t766 - 0x5c) || _t671 !=  *(_t766 - 0x58)) {
										_t516 =  *(_t766 - 0x20);
										_t482 = ( *(_t516 + 0x60) & 0x0000ffff) << 2;
										_t581 =  *((intOrPtr*)( *((intOrPtr*)(_t516 + 0x58)) + 0xc));
										__eflags =  *(_t581 + _t482 + 0x113) & 0x00000001;
										if(( *(_t581 + _t482 + 0x113) & 0x00000001) == 0) {
											_t26 = (( *(_t516 + 0x60) & 0x0000ffff) << 2) + 0x113; // 0x7d811074
											_t486 =  *((intOrPtr*)( *((intOrPtr*)(_t516 + 0x58)) + 0xc)) + _t26;
											 *_t486 =  *_t486 | 0x00000001;
											__eflags =  *_t486;
										}
										_t345 =  *(_t766 - 0x30);
										continue;
									} else {
										_t577 = _t754;
										L99:
										 *(_t766 - 0x24) = _t577;
										 *(_t766 - 4) = 0xfffffffe;
										if(_t577 == 0) {
											goto L104;
										}
										_t471 = (( *( *(_t766 - 0x28)) & 0x0000ffff) << 3) -  *((intOrPtr*)(_t766 - 0x3c));
										_t578 = _t577 + 0xfffffff8;
										_t752 =  *( *(_t766 - 0x2c) + 0x24);
										if(_t471 < 0x3f) {
											L88:
											_t472 = _t471 | 0x00000080;
											__eflags = _t472;
											 *(_t578 + 7) = _t472;
											L89:
											_t411 =  *(_t766 - 0x24);
											L90:
											return E01622869(_t411);
										}
										if(( *(_t578 + 7) & 0x00000080) == 0) {
											__eflags =  *(_t752 + 0x4c);
											if( *(_t752 + 0x4c) == 0) {
												L185:
												_t662 =  *_t578 & 0x0000ffff;
												L103:
												 *(_t578 + 7) = 0xbf;
												 *(_t578 + (_t662 & 0x0000ffff) * 8 - 4) = _t471;
												goto L89;
											}
											_t664 =  *_t578;
											__eflags =  *(_t752 + 0x4c) & _t664;
											L182:
											if(__eflags != 0) {
												_t664 = _t664 ^  *(_t752 + 0x50);
												__eflags = _t664;
											}
											_t662 = _t664 & 0x0000ffff;
											goto L103;
										}
										L102:
										_t662 =  *((intOrPtr*)((_t578 >> 0x00000003 ^  *_t578 ^ _t752 ^  *0x16a81dc) + 0x10));
										goto L103;
									}
								}
							}
							_t577 = 0;
							goto L99;
							L104:
							_t348 = (( *(_t766 - 0x28))[1] & 0x000000ff) * 0x68;
							__eflags = _t348;
							_t749 =  *(_t766 - 0x44) + _t348 + 0x18;
							while(1) {
								_t708 = 0;
								_t653 = 0;
								__eflags = 0;
								_t565 = _t749 + 8;
								 *(_t766 - 0x40) = 0x10;
								do {
									L106:
									_t349 =  *_t565;
									__eflags = _t349;
									if(_t349 != 0) {
										_t517 =  *(_t349 + 8) & 0x0000ffff;
										 *(_t766 - 0x30) = _t517;
										__eflags = _t517 - _t653;
										if(_t517 > _t653) {
											 *(_t766 - 0x38) = _t349;
											_t653 = _t517;
											_t708 = _t565;
										}
									}
									_t565 = _t565 + 4;
									_t181 = _t766 - 0x40;
									 *_t181 =  *(_t766 - 0x40) - 1;
									__eflags =  *_t181;
								} while ( *_t181 != 0);
								 *(_t766 - 0x30) = _t708;
								__eflags = _t708;
								if(_t708 != 0) {
									_t350 = E016055E8(_t749 + 0x48);
									while(1) {
										_t654 = _t350;
										__eflags = _t654;
										if(_t654 == 0) {
											break;
										}
										_t654 = _t654 - 0x18;
										_t49 = _t654 + 0x1c; // 0x4
										_t351 = _t49;
										_t567 =  *_t351;
										__eflags = _t567 & 0x00000001;
										if((_t567 & 0x00000001) != 0) {
											break;
										}
										_t631 = 0xfffffffd;
										_t465 =  *_t351;
										do {
											__eflags = _t465 & _t631;
											asm("lock cmpxchg [edi], ebx");
										} while ((_t465 & _t631) != 0);
										__eflags = _t465 - 2;
										if(_t465 == 2) {
											 *_t654 =  *_t654 & 0x00000000;
											 *((intOrPtr*)(_t654 + 0xc)) =  *((intOrPtr*)(_t654 + 0xc)) + 1;
											__eflags = _t654 + 0x18;
											E01605640( *((intOrPtr*)( *_t654 + 0x58)), _t654 + 0x18);
										}
										_t350 = E016055E8(_t749 + 0x48);
										_t708 =  *(_t766 - 0x30);
									}
									asm("lock cmpxchg [ebx], ecx");
									__eflags =  *(_t766 - 0x38) -  *(_t766 - 0x38);
									if( *(_t766 - 0x38) !=  *(_t766 - 0x38)) {
										__eflags = _t654;
										if(_t654 != 0) {
											E01605640(_t749 + 0x48, _t654 + 0x18);
										}
										_t708 = 0;
										_t653 = 0;
										__eflags = 0;
										_t565 = _t749 + 8;
										 *(_t766 - 0x40) = 0x10;
										goto L106;
									}
									__eflags = _t654;
									if(_t654 == 0) {
										_t738 = _t708 - _t749 - 8;
										__eflags = _t738;
										 *((short*)(_t749 + 0x62)) = _t738 >> 2;
									}
									_t656 =  *(_t766 - 0x38);
									L110:
									__eflags = _t656;
									if(_t656 != 0) {
										_t570 = 0xfffffffd;
										_t79 = _t656 + 0x1c; // 0x1c
										_t354 =  *_t79;
										do {
											__eflags = _t354 & _t570;
											asm("lock cmpxchg [edi], ebx");
										} while ((_t354 & _t570) != 0);
										__eflags = _t354 - 2;
										if(_t354 == 2) {
											 *_t656 =  *_t656 & 0x00000000;
											 *((intOrPtr*)(_t656 + 0xc)) =  *((intOrPtr*)(_t656 + 0xc)) + 1;
											E01605640( *((intOrPtr*)( *_t656 + 0x58)), _t656 + 0x18);
											goto L111;
										}
										L32:
										_t751 = _t656;
										L114:
										__eflags = _t751;
										if(_t751 != 0) {
											_t57 = _t751 + 0x1c; // 0x1c
											_t659 = _t57;
											while(1) {
												_t575 =  *_t659;
												__eflags = _t575;
												if(_t575 == 0) {
													break;
												}
												__eflags = _t575 & 0x00000006;
												if((_t575 & 0x00000006) != 0) {
													break;
												}
												asm("lock cmpxchg [ebx], edi");
												__eflags = _t575 - _t575;
												if(_t575 != _t575) {
													continue;
												}
												_t361 = 1;
												L38:
												__eflags = _t361;
												if(_t361 == 0) {
													goto L91;
													do {
														while(1) {
															L91:
															_t516 =  *(_t766 - 0x20);
															_t345 =  *(_t516 + 4);
															 *(_t766 - 0x30) = _t345;
															if(_t345 == 0) {
																goto L104;
															}
															goto L92;
														}
														L5:
														__eflags = _t371 - 2;
													} while (_t371 != 2);
													_t588 =  *( *_t672 + 0x58);
													 *_t672 =  *_t672 & 0x00000000;
													 *((intOrPtr*)(_t672 + 0xc)) =  *((intOrPtr*)(_t672 + 0xc)) + 1;
													_t673 = _t672 + 0x18;
													L161:
													E01605640(_t588, _t673);
													goto L91;
													do {
														while(1) {
															L91:
															_t516 =  *(_t766 - 0x20);
															_t345 =  *(_t516 + 4);
															 *(_t766 - 0x30) = _t345;
															if(_t345 == 0) {
																goto L104;
															}
															goto L92;
														}
														L241:
														__eflags = _t427;
													} while (_t427 == 0);
													_t728 =  *_t751;
													_t322 = _t766 - 0x30;
													 *_t322 =  *(_t766 - 0x30) & 0x00000000;
													__eflags =  *_t322;
													while(1) {
														_t672 =  *(_t728 + 8 + (( *(_t728 + 0x62) & 0x0000ffff) +  *(_t766 - 0x30) & 0x0000000f) * 4);
														__eflags = _t672;
														if(_t672 != 0) {
															goto L246;
														}
														L244:
														asm("lock cmpxchg [edx], ecx");
														__eflags = 0;
														if(0 != 0) {
															L248:
															 *(_t766 - 0x30) =  *(_t766 - 0x30) + 1;
															__eflags =  *(_t766 - 0x30) - 0x10;
															if( *(_t766 - 0x30) >= 0x10) {
																L159:
																_t588 =  *_t751 + 0x48;
																L160:
																_t250 = _t751 + 0x18; // 0x18
																_t673 = _t250;
																goto L161;
															}
															_t672 =  *(_t728 + 8 + (( *(_t728 + 0x62) & 0x0000ffff) +  *(_t766 - 0x30) & 0x0000000f) * 4);
															__eflags = _t672;
															if(_t672 != 0) {
																goto L246;
															}
															goto L244;
														}
														goto L91;
														do {
															while(1) {
																L91:
																_t516 =  *(_t766 - 0x20);
																_t345 =  *(_t516 + 4);
																 *(_t766 - 0x30) = _t345;
																if(_t345 == 0) {
																	goto L104;
																}
																goto L92;
															}
															L154:
															__eflags = _t453;
														} while (_t453 == 0);
														_t707 =  *_t751;
														_t237 = _t766 - 0x30;
														 *_t237 =  *(_t766 - 0x30) & 0x00000000;
														__eflags =  *_t237;
														do {
															_t242 = (( *(_t707 + 0x62) & 0x0000ffff) +  *(_t766 - 0x30) & 0x0000000f) * 4; // 0x101
															_t672 =  *(_t707 + _t242 + 8);
															__eflags = _t672;
															if(_t672 == 0) {
																asm("lock cmpxchg [edx], ecx");
																__eflags = 0;
																if(0 == 0) {
																	while(1) {
																		L91:
																		_t516 =  *(_t766 - 0x20);
																		_t345 =  *(_t516 + 4);
																		 *(_t766 - 0x30) = _t345;
																		if(_t345 == 0) {
																			goto L104;
																		}
																		goto L92;
																	}
																}
																goto L158;
															}
															_t628 =  *(_t672 + 0x1c);
															__eflags = _t628 & 0x00000001;
															if((_t628 & 0x00000001) == 0) {
																goto L1;
															}
															L158:
															 *(_t766 - 0x30) =  *(_t766 - 0x30) + 1;
														} while ( *(_t766 - 0x30) < 0x10);
														goto L159;
														L246:
														_t617 =  *(_t672 + 0x1c);
														__eflags = _t617 & 0x00000001;
														if((_t617 & 0x00000001) != 0) {
															goto L248;
														}
														asm("lock cmpxchg [ebx], ecx");
														__eflags = _t672 - _t672;
														if(_t672 == _t672) {
															L3:
															_t591 = 0xfffffffd;
															_t10 = _t672 + 0x1c; // 0x115
															_t371 =  *_t10;
															do {
																__eflags = _t371 & _t591;
																asm("lock cmpxchg [esi], edi");
															} while ((_t371 & _t591) != 0);
															goto L5;
														}
														goto L248;
													}
												}
												L39:
												_t362 =  *(_t766 - 0x20);
												__eflags =  *_t751 - _t362;
												if( *_t751 != _t362) {
													_t584 = 0xfffffff9;
													_t363 =  *_t659;
													do {
														__eflags = _t363 & _t584;
														asm("lock cmpxchg [edi], ebx");
													} while ((_t363 & _t584) != 0);
													__eflags = _t363 - 6;
													if(_t363 != 6) {
														L193:
														__eflags =  *((short*)(_t751 + 8));
														if( *((short*)(_t751 + 8)) == 0) {
															goto L91;
															do {
																do {
																	do {
																		do {
																			do {
																				do {
																					do {
																						do {
																							L91:
																							_t516 =  *(_t766 - 0x20);
																							_t345 =  *(_t516 + 4);
																							 *(_t766 - 0x30) = _t345;
																							if(_t345 == 0) {
																								goto L104;
																							}
																							goto L92;
																						} while (_t361 == 0);
																						goto L39;
																					} while (_t751 == 0);
																					_t62 = _t751 + 0x1c; // 0x1c
																					_t592 = _t62;
																					_t675 = 0xfffffff9;
																					_t379 =  *_t592;
																					do {
																						__eflags = _t379 & _t675;
																						asm("lock cmpxchg [edi], ebx");
																					} while ((_t379 & _t675) != 0);
																					__eflags = _t379 - 6;
																					if(_t379 == 6) {
																						goto L192;
																					}
																					goto L44;
																				} while ( *((short*)(_t751 + 8)) == 0);
																				while(1) {
																					L194:
																					_t585 =  *_t659;
																					__eflags = _t585;
																					if(_t585 == 0) {
																						break;
																					}
																					__eflags = _t585 & 0x00000002;
																					if((_t585 & 0x00000002) != 0) {
																						break;
																					}
																					asm("lock cmpxchg [ebx], edi");
																					__eflags = _t585 - _t585;
																					if(_t585 != _t585) {
																						continue;
																					}
																					_t364 = 1;
																					goto L199;
																				}
																				_t364 = 0;
																				__eflags = 0;
																				goto L199;
																				L44:
																				__eflags =  *((short*)(_t751 + 8));
																			} while ( *((short*)(_t751 + 8)) == 0);
																			while(1) {
																				_t676 =  *_t592;
																				__eflags = _t676;
																				if(_t676 == 0) {
																					break;
																				}
																				__eflags = _t676 & 0x00000002;
																				if((_t676 & 0x00000002) != 0) {
																					break;
																				}
																				asm("lock cmpxchg [ebx], edi");
																				__eflags = _t676 - _t676;
																				if(_t676 != _t676) {
																					continue;
																				}
																				_t380 = 1;
																				goto L49;
																			}
																			_t380 = 0;
																			goto L49;
																			L199:
																			__eflags = _t364;
																		} while (_t364 == 0);
																		_t716 =  *_t751;
																		_t282 = _t766 - 0x30;
																		 *_t282 =  *(_t766 - 0x30) & 0x00000000;
																		__eflags =  *_t282;
																		while(1) {
																			_t287 = (( *(_t716 + 0x62) & 0x0000ffff) +  *(_t766 - 0x30) & 0x0000000f) * 4; // 0x24
																			_t672 =  *(_t716 + _t287 + 8);
																			__eflags = _t672;
																			if(_t672 != 0) {
																				goto L204;
																			}
																			L202:
																			asm("lock cmpxchg [edx], ecx");
																			__eflags = 0;
																			if(0 != 0) {
																				L206:
																				 *(_t766 - 0x30) =  *(_t766 - 0x30) + 1;
																				__eflags =  *(_t766 - 0x30) - 0x10;
																				if( *(_t766 - 0x30) >= 0x10) {
																					goto L159;
																				}
																				_t287 = (( *(_t716 + 0x62) & 0x0000ffff) +  *(_t766 - 0x30) & 0x0000000f) * 4; // 0x24
																				_t672 =  *(_t716 + _t287 + 8);
																				__eflags = _t672;
																				if(_t672 != 0) {
																					goto L204;
																				}
																				goto L202;
																			}
																			goto L91;
																			L204:
																			_t586 =  *(_t672 + 0x1c);
																			__eflags = _t586 & 0x00000001;
																			if((_t586 & 0x00000001) != 0) {
																				goto L206;
																			}
																			asm("lock cmpxchg [ebx], ecx");
																			__eflags = _t672 - _t672;
																			if(_t672 == _t672) {
																				goto L3;
																			}
																			goto L206;
																		}
																		L49:
																		__eflags = _t380;
																	} while (_t380 == 0);
																	_t721 =  *_t751;
																	_t66 = _t766 - 0x30;
																	 *_t66 =  *(_t766 - 0x30) & 0x00000000;
																	__eflags =  *_t66;
																	do {
																		_t71 = (( *(_t721 + 0x62) & 0x0000ffff) +  *(_t766 - 0x30) & 0x0000000f) * 4; // 0x101
																		_t672 =  *(_t721 + _t71 + 8);
																		__eflags = _t672;
																		if(_t672 == 0) {
																			asm("lock cmpxchg [edx], ecx");
																			__eflags = 0;
																			if(0 == 0) {
																				goto L91;
																			}
																			goto L53;
																		}
																		_t594 =  *(_t672 + 0x1c);
																		__eflags = _t594 & 0x00000001;
																		if((_t594 & 0x00000001) == 0) {
																			asm("lock cmpxchg [ebx], ecx");
																			__eflags = _t672 - _t672;
																			if(_t672 != _t672) {
																				goto L53;
																			}
																			goto L3;
																		}
																		L53:
																		 *(_t766 - 0x30) =  *(_t766 - 0x30) + 1;
																		__eflags =  *(_t766 - 0x30) - 0x10;
																	} while ( *(_t766 - 0x30) < 0x10);
																	goto L159;
																	L145:
																	_t451 = _t435 + 4;
																	_t232 = _t751;
																	_t751 =  *_t451;
																	 *_t451 = _t232;
																	__eflags = _t751;
																} while (_t751 == 0);
																_t233 = _t751 + 0x1c; // 0x4
																_t626 = _t233;
																_t692 = 0xfffffff9;
																_t452 =  *_t626;
																do {
																	__eflags = _t452 & _t692;
																	asm("lock cmpxchg [edi], ebx");
																} while ((_t452 & _t692) != 0);
																__eflags = _t452 - 6;
																if(_t452 == 6) {
																	goto L192;
																}
																__eflags =  *((short*)(_t751 + 8));
															} while ( *((short*)(_t751 + 8)) == 0);
															while(1) {
																_t693 =  *_t626;
																__eflags = _t693;
																if(_t693 == 0) {
																	break;
																}
																__eflags = _t693 & 0x00000002;
																if((_t693 & 0x00000002) != 0) {
																	break;
																}
																asm("lock cmpxchg [ebx], edi");
																__eflags = _t693 - _t693;
																if(_t693 != _t693) {
																	continue;
																}
																_t453 = 1;
																goto L154;
															}
															_t453 = 0;
															goto L154;
														}
														goto L194;
													}
													L192:
													_t588 =  *( *_t751 + 0x58);
													 *_t751 =  *_t751 & 0x00000000;
													 *((intOrPtr*)(_t751 + 0xc)) =  *((intOrPtr*)(_t751 + 0xc)) + 1;
													goto L160;
												}
												_t378 = _t362 + 4;
												_t61 = _t751;
												_t751 =  *_t378;
												 *_t378 = _t61;
												__eflags = _t751;
											}
											_t361 = 0;
											goto L38;
										}
										_t394 = ( *(_t766 - 0x28))[1] & 0x000000ff;
										 *(_t766 - 0x40) = _t394;
										_t757 =  *(_t766 - 0x2c) + 0x48;
										__eflags = _t757;
										while(1) {
											 *((char*)(_t766 - 0x19)) = 0;
											 *(_t766 - 0x54) =  *_t757;
											 *(_t766 - 0x50) =  *(_t757 + 4);
											__eflags =  *(_t766 - 0x54) - _t394;
											if( *(_t766 - 0x54) == _t394) {
												 *(_t766 - 0x60) =  *(_t766 - 0x50) + 1;
												__eflags =  *(_t766 - 0x50) - 7;
												if( *(_t766 - 0x50) > 7) {
													 *((char*)(_t766 - 0x19)) = 1;
													 *(_t766 - 0x60) = 0;
												}
											} else {
												 *(_t766 - 0x64) = _t394;
												 *(_t766 - 0x60) = 1;
											}
											_t678 =  *(_t766 - 0x50);
											asm("lock cmpxchg8b [edi]");
											_t725 =  *(_t766 - 0x50);
											__eflags =  *(_t766 - 0x54) -  *(_t766 - 0x54);
											if( *(_t766 - 0x54) !=  *(_t766 - 0x54)) {
												goto L14;
											}
											L119:
											__eflags = _t678 - _t725;
											if(_t678 != _t725) {
												goto L14;
											}
											_t679 =  *( *(_t766 - 0x20) + 0x50);
											__eflags =  *((char*)(_t766 - 0x19));
											if( *((char*)(_t766 - 0x19)) == 0) {
												_t679 = _t679 >> 4;
												__eflags = _t679;
											}
											_t601 =  *(_t766 - 0x28);
											_t535 = _t601[1];
											_t401 = _t535 & 0x00000001;
											_t758 =  *((intOrPtr*)(0x16342c0 + (_t601[1] & 0x000000ff) * 4));
											_t726 = 7;
											__eflags = _t758 - 0x100;
											if(_t758 < 0x100) {
												_t401 = _t401 - 1;
												__eflags = _t401;
											}
											_t603 =  *0x16a80e8; // 0x8
											__eflags =  *0x16a8594 - _t603 >> 1; // 0xffffffff
											if(__eflags > 0) {
												_t401 = _t401 + 1;
											}
											_t605 = 4;
											_t405 = 1 << _t605 - _t401;
											__eflags = _t679 - 1;
											if(_t679 < 1) {
												_t679 = _t405;
											}
											__eflags = _t679 - 0x400;
											if(_t679 > 0x400) {
												_t679 = 0x400;
											}
											_t409 = (_t758 + 8) * _t679 + 0x18;
											__eflags = _t409 - 0x78000;
											if(_t409 > 0x78000) {
												_t409 = 0x78000;
											}
											__eflags = _t409 & 0xffffff80;
											if((_t409 & 0xffffff80) == 0) {
												L131:
												__eflags = _t726 - 0x12;
												if(_t726 > 0x12) {
													_t726 = 0x12;
												}
												_t680 = _t726;
												__eflags = _t535 & 0x00000006;
												if(__eflags != 0) {
													_t680 = 0x12;
												}
												_push(_t758 + 8);
												_t536 =  *(_t766 - 0x2c);
												_t727 = E016344C5(_t536, _t536, _t680, _t726, _t758 + 8, __eflags);
												__eflags = _t727;
												if(_t727 == 0) {
													L179:
													_t411 = 0;
													goto L90;
												} else {
													_t415 = 1 <<  *(_t727 + 8);
													__eflags = 1 - 0x78000;
													if(1 > 0x78000) {
														_t415 = 0x78000;
													}
													 *(_t766 - 0x40) = _t415 + 0xfffffff8;
													asm("lock xadd [eax], ecx");
													_t613 =  *(_t766 - 0x44);
													_t418 = E016055E8( *(_t766 - 0x44));
													__eflags = _t418;
													if(_t418 == 0) {
														_t613 = _t536;
														_t751 = E0163485C(_t536,  *(_t766 - 0x34));
														__eflags = _t751;
														if(_t751 == 0) {
															goto L250;
														}
														 *(_t751 + 4) =  *(_t751 + 4) & 0x00000000;
														goto L137;
													} else {
														_t219 = _t418 - 0x18; // -24
														_t751 = _t219;
														L137:
														__eflags = _t751;
														if(_t751 == 0) {
															L250:
															E01622882(_t613,  *((intOrPtr*)(_t536 + 0x24)), 0, _t727);
															goto L179;
														}
														 *((char*)(_t751 + 0x17)) =  *(_t766 - 0x34);
														E0163454D(_t536, _t751, _t727,  *((intOrPtr*)(0x16342c0 + (( *(_t766 - 0x28))[1] & 0x000000ff) * 4)),  *(_t766 - 0x40),  *(_t766 - 0x28));
														 *((intOrPtr*)(_t727 + 0xc)) = 0xf0e0d0c0;
														_t228 = _t751 + 0x1c; // 0x4
														_t615 = _t228;
														while(1) {
															_t683 =  *_t615;
															__eflags = _t683;
															if(_t683 == 0) {
																break;
															}
															__eflags = _t683 & 0x00000006;
															if((_t683 & 0x00000006) != 0) {
																break;
															}
															asm("lock cmpxchg [ebx], edi");
															__eflags = _t683 - _t683;
															if(_t683 != _t683) {
																continue;
															}
															_t425 = 1;
															L143:
															__eflags = _t425;
															if(_t425 == 0) {
																while(1) {
																	L226:
																	_t308 = _t751 + 0x1c; // 0x4
																	_t616 =  *_t308;
																	__eflags = _t616;
																	if(_t616 == 0) {
																		break;
																	}
																	__eflags = _t616 & 0x00000002;
																	if((_t616 & 0x00000002) != 0) {
																		break;
																	}
																	asm("lock cmpxchg [edi], edx");
																	__eflags = _t616 - _t616;
																	if(_t616 != _t616) {
																		continue;
																	}
																	_t427 = 1;
																	goto L241;
																}
																_t427 = 0;
																__eflags = 0;
																goto L241;
															}
															_t435 =  *(_t766 - 0x20);
															__eflags =  *_t751 - _t435;
															if( *_t751 != _t435) {
																_t687 = 0xfffffff9;
																_t436 =  *_t615;
																do {
																	__eflags = _t436 & _t687;
																	asm("lock cmpxchg [edi], ebx");
																} while ((_t436 & _t687) != 0);
																__eflags = _t436 - 6;
																if(_t436 != 6) {
																	__eflags =  *((short*)(_t751 + 8));
																	if( *((short*)(_t751 + 8)) == 0) {
																		goto L226;
																	} else {
																		goto L217;
																	}
																	while(1) {
																		L217:
																		_t688 =  *_t615;
																		__eflags = _t688;
																		if(_t688 == 0) {
																			break;
																		}
																		__eflags = _t688 & 0x00000002;
																		if((_t688 & 0x00000002) != 0) {
																			break;
																		}
																		asm("lock cmpxchg [ebx], edi");
																		__eflags = _t688 - _t688;
																		if(_t688 != _t688) {
																			continue;
																		}
																		_t437 = 1;
																		L222:
																		__eflags = _t437;
																		if(_t437 == 0) {
																			goto L226;
																		}
																		_t731 =  *_t751;
																		_t301 = _t766 - 0x30;
																		 *_t301 =  *(_t766 - 0x30) & 0x00000000;
																		__eflags =  *_t301;
																		do {
																			_t306 = (( *(_t731 + 0x62) & 0x0000ffff) +  *(_t766 - 0x30) & 0x0000000f) * 4; // 0x101
																			_t689 =  *(_t731 + _t306 + 8);
																			__eflags = _t689;
																			if(_t689 != 0) {
																				_t620 =  *(_t689 + 0x1c);
																				__eflags = _t620 & 0x00000001;
																				if((_t620 & 0x00000001) != 0) {
																					goto L232;
																				}
																				asm("lock cmpxchg [ebx], ecx");
																				__eflags = _t689 - _t689;
																				if(_t689 == _t689) {
																					_t625 = 0xfffffffd;
																					_t318 = _t689 + 0x1c; // 0x115
																					_t444 =  *_t318;
																					do {
																						__eflags = _t444 & _t625;
																						asm("lock cmpxchg [edi], ebx");
																					} while ((_t444 & _t625) != 0);
																					__eflags = _t444 - 2;
																					if(_t444 != 2) {
																						goto L226;
																					}
																					_t623 =  *( *_t689 + 0x58);
																					 *_t689 =  *_t689 & 0x00000000;
																					 *((intOrPtr*)(_t689 + 0xc)) =  *((intOrPtr*)(_t689 + 0xc)) + 1;
																					_t690 = _t689 + 0x18;
																					L235:
																					E01605640(_t623, _t690);
																					goto L226;
																				}
																				goto L232;
																			}
																			asm("lock cmpxchg [edx], ecx");
																			__eflags = 0;
																			if(0 != 0) {
																				goto L232;
																			}
																			goto L226;
																			L232:
																			 *(_t766 - 0x30) =  *(_t766 - 0x30) + 1;
																			__eflags =  *(_t766 - 0x30) - 0x10;
																		} while ( *(_t766 - 0x30) < 0x10);
																		_t623 =  *_t751 + 0x48;
																		__eflags =  *_t751 + 0x48;
																		L234:
																		_t317 = _t751 + 0x18; // 0x0
																		_t690 = _t317;
																		goto L235;
																	}
																	_t437 = 0;
																	__eflags = 0;
																	goto L222;
																}
																_t623 =  *( *_t751 + 0x58);
																 *_t751 =  *_t751 & 0x00000000;
																 *((intOrPtr*)(_t751 + 0xc)) =  *((intOrPtr*)(_t751 + 0xc)) + 1;
																goto L234;
															}
															goto L145;
														}
														_t425 = 0;
														goto L143;
													}
												}
											} else {
												do {
													_t726 = _t726 + 1;
													__eflags = _t409 >> _t726;
												} while (_t409 >> _t726 != 0);
												goto L131;
											}
											L14:
											_t394 =  *(_t766 - 0x40);
											 *((char*)(_t766 - 0x19)) = 0;
											 *(_t766 - 0x54) =  *_t757;
											 *(_t766 - 0x50) =  *(_t757 + 4);
											__eflags =  *(_t766 - 0x54) - _t394;
											if( *(_t766 - 0x54) == _t394) {
												 *(_t766 - 0x60) =  *(_t766 - 0x50) + 1;
												__eflags =  *(_t766 - 0x50) - 7;
												if( *(_t766 - 0x50) > 7) {
													 *((char*)(_t766 - 0x19)) = 1;
													 *(_t766 - 0x60) = 0;
												}
											} else {
												 *(_t766 - 0x64) = _t394;
												 *(_t766 - 0x60) = 1;
											}
											_t678 =  *(_t766 - 0x50);
											asm("lock cmpxchg8b [edi]");
											_t725 =  *(_t766 - 0x50);
											__eflags =  *(_t766 - 0x54) -  *(_t766 - 0x54);
											if( *(_t766 - 0x54) !=  *(_t766 - 0x54)) {
												goto L14;
											}
										}
									}
									L111:
									_t750 = _t749 + 0x48;
									__eflags = _t749 + 0x48;
									while(1) {
										_t357 = E016055E8(_t750);
										__eflags = _t357;
										if(_t357 == 0) {
											break;
										}
										_t46 = _t357 - 0x18; // -24
										_t656 = _t46;
										_t573 = 0xfffffffd;
										_t47 = _t656 + 0x1c; // 0x4
										_t358 =  *_t47;
										do {
											__eflags = _t358 & _t573;
											asm("lock cmpxchg [edi], ebx");
										} while ((_t358 & _t573) != 0);
										__eflags = _t358 - 2;
										if(_t358 == 2) {
											 *_t656 =  *_t656 & 0x00000000;
											 *((intOrPtr*)(_t656 + 0xc)) =  *((intOrPtr*)(_t656 + 0xc)) + 1;
											E01605640( *((intOrPtr*)( *_t656 + 0x58)), _t656 + 0x18);
											continue;
										}
										__eflags =  *((short*)(_t656 + 8));
										if( *((short*)(_t656 + 8)) == 0) {
											continue;
										}
										goto L32;
									}
									_t751 = 0;
									__eflags = 0;
									goto L114;
								}
								_t656 = 0;
								__eflags = 0;
								goto L110;
							}
						}
					}
					_t110 = _t766 - 4;
					 *_t110 =  *(_t766 - 4) & 0x00000000;
					__eflags =  *_t110;
					while(1) {
						_t634 = _t344 + 8;
						_t741 =  *_t634;
						 *(_t766 - 0x54) = _t741;
						_t554 = _t634[1];
						 *(_t766 - 0x50) = _t554;
						__eflags = _t741;
						if(_t741 == 0) {
							break;
						}
						_t760 =  *(_t344 + 4);
						__eflags = _t760;
						if(_t760 == 0) {
							break;
						}
						__eflags =  *_t344 - _t652;
						if( *_t344 != _t652) {
							break;
						}
						_t117 = (_t741 >> 0x0000000d & 0x0007fff8) + _t760 + 8; // 0x8
						_t761 = _t117;
						asm("adc ebx, 0xffffffff");
						_t495 =  *_t761 & 0x0000ffff;
						asm("cdq");
						 *(_t766 - 0x6c) = _t741 + 0xffffffff & 0x0000ffff | _t495 << 0x00000010;
						 *(_t766 - 0x68) = _t554 | (_t652 << 0x00000020 | _t495) << 0x10;
						_t700 =  *(_t766 - 0x50);
						asm("lock cmpxchg8b [edi]");
						__eflags =  *(_t766 - 0x54) -  *(_t766 - 0x54);
						if( *(_t766 - 0x54) !=  *(_t766 - 0x54)) {
							L18:
							_t652 =  *(_t766 - 0x20);
							_t500 = ( *(_t652 + 0x60) & 0x0000ffff) << 2;
							_t638 =  *((intOrPtr*)( *((intOrPtr*)(_t652 + 0x58)) + 0xc));
							__eflags =  *(_t638 + _t500 + 0x113) & 0x00000001;
							if(( *(_t638 + _t500 + 0x113) & 0x00000001) == 0) {
								_t44 = (( *(_t652 + 0x60) & 0x0000ffff) << 2) + 0x113; // 0x7d811074
								_t504 =  *((intOrPtr*)( *((intOrPtr*)(_t652 + 0x58)) + 0xc)) + _t44;
								 *_t504 =  *_t504 | 0x00000001;
								__eflags =  *_t504;
							}
							_t344 =  *(_t766 - 0x30);
							continue;
						}
						__eflags = _t700 -  *(_t766 - 0x50);
						if(_t700 !=  *(_t766 - 0x50)) {
							goto L18;
						}
						_t635 = _t761;
						L86:
						 *(_t766 - 0x24) = _t635;
						 *(_t766 - 4) = 0xfffffffe;
						__eflags = _t635;
						if(_t635 == 0) {
							 *( *(_t766 - 0x20)) =  *( *(_t766 - 0x20)) & 0x00000000;
							goto L91;
						}
						_t471 = (( *( *(_t766 - 0x28)) & 0x0000ffff) << 3) -  *((intOrPtr*)(_t766 - 0x3c));
						_t578 = _t635 + 0xfffffff8;
						_t752 =  *( *(_t766 - 0x2c) + 0x24);
						__eflags = _t471 - 0x3f;
						if(_t471 >= 0x3f) {
							__eflags =  *(_t578 + 7) & 0x00000080;
							if(( *(_t578 + 7) & 0x00000080) != 0) {
								goto L102;
							}
							__eflags =  *(_t752 + 0x4c);
							if( *(_t752 + 0x4c) == 0) {
								goto L185;
							} else {
								_t664 =  *_t578;
								__eflags =  *(_t752 + 0x4c) & _t664;
								goto L182;
							}
							goto L72;
						}
						goto L88;
					}
					_t635 = 0;
					goto L86;
				}
				L1:
				asm("lock cmpxchg [ebx], ecx");
				if(_t672 == _t672) {
					goto L3;
				} else {
					goto L158;
				}
			}

0x01622adc
0x01622ade
0x01622ae3
0x01622ae8
0x01622aeb
0x01622aed
0x01622afd
0x01622aff
0x01622b06
0x01601b99
0x01601ba5
0x01601ba5
0x01601ba6
0x01601ba9
0x015f015f
0x015f0169
0x015fe098
0x015fe098
0x015fe09d
0x015fe0a4
0x015fe0a4
0x015fe0a7
0x015fe0ad
0x015fe0b7
0x015fe0b7
0x015fe0c2
0x015fe0c8
0x01601bec
0x01601bec
0x00000000
0x01601bec
0x01601baf
0x01601bbc
0x01601bbf
0x00000000
0x00000000
0x01601bcc
0x01601bd1
0x01601bd7
0x01601be1
0x01601be3
0x015ff42c
0x015ff43b
0x015ff43b
0x01601be9
0x00000000
0x01622b0c
0x01622b0c
0x01622b0c
0x01622b0c
0x01622b10
0x01622b19
0x01622b20
0x01622b2a
0x01622b2e
0x01622b31
0x01622b33
0x01622b36
0x01622b38
0x01633efe
0x01633efe
0x01633efe
0x01633f01
0x01633f04
0x01633f09
0x00000000
0x00000000
0x01633f0f
0x01633f0f
0x01633f16
0x01633f16
0x01633f16
0x01633f19
0x01633f1b
0x01633f1e
0x01633f21
0x01633f27
0x00000000
0x00000000
0x01633f2d
0x01633f32
0x00000000
0x01633f40
0x01633f4c
0x01633f54
0x01633f5d
0x01633f60
0x01633f6c
0x01633f6f
0x01633f75
0x01633f80
0x01633f87
0x015d8e67
0x015d8e71
0x015d8e77
0x015d8e7a
0x015d8e82
0x015d8e94
0x015d8e94
0x015d8e9b
0x015d8e9b
0x015d8e9b
0x015d8e9e
0x00000000
0x01633f96
0x01633f96
0x01633f98
0x01633f98
0x01633f9b
0x01633fa4
0x00000000
0x00000000
0x01633faf
0x01633fb2
0x01633fb8
0x01633fbe
0x01622bf2
0x01622bf2
0x01622bf2
0x01622bf4
0x01622bf7
0x01622bf7
0x01622bfa
0x01622bff
0x01622bff
0x01633fc8
0x01661ab3
0x01661ab7
0x01661a92
0x01661a92
0x01633fe3
0x01633fe6
0x01633fea
0x00000000
0x01633fea
0x01661ab9
0x01661abb
0x01661a85
0x01661a85
0x01661a87
0x01661a87
0x01661a87
0x01661a8a
0x00000000
0x01661a8a
0x01633fce
0x01633fdf
0x00000000
0x01633fdf
0x01633f87
0x01633f32
0x016348bc
0x00000000
0x01633ff3
0x01633ffa
0x01633ffa
0x01634000
0x01634004
0x01634004
0x01634006
0x01634006
0x01634008
0x0163400b
0x01634012
0x01634012
0x01634012
0x01634014
0x01634016
0x0163ef25
0x0163ef29
0x0163ef2c
0x0163ef2e
0x0163ef34
0x0163ef37
0x0163ef39
0x0163ef39
0x0163ef2e
0x0163401c
0x0163401f
0x0163401f
0x0163401f
0x0163401f
0x01634024
0x01634027
0x01634029
0x015f9ab3
0x015f9ab8
0x015f9ab8
0x015f9aba
0x015f9abc
0x00000000
0x00000000
0x015f466f
0x015f4672
0x015f4672
0x015f4675
0x015f4677
0x015f467a
0x00000000
0x00000000
0x015f4682
0x015f4685
0x015f4687
0x015f4689
0x015f468b
0x015f468b
0x015f4691
0x015f4694
0x015f469b
0x015f469e
0x015f46a1
0x015f46a4
0x015f46a4
0x015f46ac
0x015f46b1
0x015f46b1
0x015f9ac9
0x015f9acd
0x015f9ad0
0x0164a8c3
0x0164a8c5
0x0164a8d1
0x0164a8d1
0x01634004
0x01634006
0x01634006
0x01634008
0x0163400b
0x00000000
0x0163400b
0x015f9ad6
0x015f9ad8
0x015f9adc
0x015f9adc
0x015f9ae2
0x015f9ae2
0x015f9ae6
0x01634031
0x01634031
0x01634033
0x015f9a92
0x015f9a93
0x015f9a96
0x015f9a98
0x015f9a9a
0x015f9a9c
0x015f9a9c
0x015f9aa2
0x015f9aa5
0x01661ac5
0x01661ac8
0x01661ace
0x00000000
0x01661ace
0x015f99ae
0x015f99ae
0x0163404d
0x0163404d
0x0163404f
0x015f99b5
0x015f99b5
0x015f99b8
0x015f99b8
0x015f99ba
0x015f99bc
0x00000000
0x00000000
0x015f99c2
0x015f99c5
0x00000000
0x00000000
0x015f99d6
0x015f99da
0x015f99dc
0x00000000
0x00000000
0x015f99de
0x015f99e0
0x015f99e0
0x015f99e2
0x00000000
0x01633efe
0x01633efe
0x01633efe
0x01633efe
0x01633f01
0x01633f04
0x01633f09
0x00000000
0x00000000
0x00000000
0x01633f09
0x015d8b72
0x015d8b72
0x015d8b72
0x015d8b7d
0x015d8b80
0x015d8b83
0x015d8b86
0x016342b1
0x016342b1
0x016342b6
0x01633efe
0x01633efe
0x01633efe
0x01633efe
0x01633f01
0x01633f04
0x01633f09
0x00000000
0x00000000
0x00000000
0x01633f09
0x01661ca8
0x01661ca8
0x01661ca8
0x01661cb0
0x01661cb2
0x01661cb2
0x01661cb2
0x01661cb6
0x01661cc4
0x01661cc6
0x01661cc8
0x00000000
0x00000000
0x01661cca
0x01661cd0
0x01661cd4
0x01661cd6
0x01661cf7
0x01661cf7
0x01661cfa
0x01661cfe
0x016342a9
0x016342ab
0x016342ae
0x016342ae
0x016342ae
0x00000000
0x016342ae
0x01661cc4
0x01661cc6
0x01661cc8
0x00000000
0x00000000
0x00000000
0x01661cc8
0x01661cd8
0x01633efe
0x01633efe
0x01633efe
0x01633efe
0x01633f01
0x01633f04
0x01633f09
0x00000000
0x00000000
0x00000000
0x01633f09
0x0163426e
0x0163426e
0x0163426e
0x01634276
0x01634278
0x01634278
0x01634278
0x0163427c
0x01634286
0x0163428a
0x0163428c
0x0163428e
0x015f017e
0x015f0182
0x015f0184
0x01633efe
0x01633efe
0x01633efe
0x01633f01
0x01633f04
0x01633f09
0x00000000
0x00000000
0x00000000
0x01633f09
0x01633efe
0x00000000
0x015f018a
0x01634294
0x01634297
0x0163429a
0x00000000
0x00000000
0x016342a0
0x016342a0
0x016342a3
0x00000000
0x01661cdd
0x01661cdd
0x01661ce0
0x01661ce3
0x00000000
0x00000000
0x01661ceb
0x01661cef
0x01661cf1
0x015d8b60
0x015d8b62
0x015d8b63
0x015d8b66
0x015d8b68
0x015d8b6a
0x015d8b6c
0x015d8b6c
0x00000000
0x015d8b68
0x00000000
0x01661cf1
0x01661cb6
0x015f99e8
0x015f99e8
0x015f99eb
0x015f99ed
0x01661ada
0x01661add
0x01661adf
0x01661ae1
0x01661ae3
0x01661ae3
0x01661ae9
0x01661aec
0x01661afe
0x01661afe
0x01661b03
0x00000000
0x01633efe
0x01633efe
0x01633efe
0x01633efe
0x01633efe
0x01633efe
0x01633efe
0x01633efe
0x01633efe
0x01633efe
0x01633f01
0x01633f04
0x01633f09
0x00000000
0x00000000
0x00000000
0x01633f09
0x00000000
0x01633efe
0x015f9a00
0x015f9a00
0x015f9a05
0x015f9a08
0x015f9a0a
0x015f9a0c
0x015f9a0e
0x015f9a0e
0x015f9a14
0x015f9a17
0x00000000
0x00000000
0x00000000
0x015f9a17
0x01661b09
0x01661b09
0x01661b09
0x01661b0b
0x01661b0d
0x00000000
0x00000000
0x01661b0f
0x01661b12
0x00000000
0x00000000
0x01661b1f
0x01661b23
0x01661b25
0x00000000
0x00000000
0x01661b27
0x00000000
0x01661b27
0x01661b2b
0x01661b2b
0x00000000
0x015f9a1d
0x015f9a1d
0x015f9a1d
0x015f9a28
0x015f9a28
0x015f9a2a
0x015f9a2c
0x00000000
0x00000000
0x015f9a32
0x015f9a35
0x00000000
0x00000000
0x015f9a46
0x015f9a4a
0x015f9a4c
0x00000000
0x00000000
0x015f9a4e
0x00000000
0x015f9a4e
0x0164a8e2
0x00000000
0x01661b2d
0x01661b2d
0x01661b2d
0x01661b35
0x01661b37
0x01661b37
0x01661b37
0x01661b3b
0x01661b45
0x01661b49
0x01661b4b
0x01661b4d
0x00000000
0x00000000
0x01661b4f
0x01661b55
0x01661b59
0x01661b5b
0x01661b7c
0x01661b7c
0x01661b7f
0x01661b83
0x00000000
0x00000000
0x01661b45
0x01661b49
0x01661b4b
0x01661b4d
0x00000000
0x00000000
0x00000000
0x01661b4d
0x00000000
0x01661b62
0x01661b62
0x01661b65
0x01661b68
0x00000000
0x00000000
0x01661b70
0x01661b74
0x01661b76
0x00000000
0x00000000
0x00000000
0x01661b76
0x015f9a50
0x015f9a50
0x015f9a50
0x015f9a58
0x015f9a5a
0x015f9a5a
0x015f9a5a
0x015f9a5e
0x015f9a68
0x015f9a6c
0x015f9a6e
0x015f9a70
0x015e7d73
0x015e7d77
0x015e7d79
0x00000000
0x00000000
0x00000000
0x015e7d7f
0x015f9a76
0x015f9a79
0x015f9a7c
0x01661b91
0x01661b95
0x01661b97
0x00000000
0x00000000
0x00000000
0x01661b9d
0x015f9a82
0x015f9a82
0x015f9a85
0x015f9a85
0x00000000
0x01634211
0x01634211
0x01634214
0x01634214
0x01634214
0x01634216
0x01634216
0x0163421e
0x0163421e
0x01634223
0x01634226
0x01634228
0x0163422a
0x0163422c
0x0163422c
0x01634232
0x01634235
0x00000000
0x00000000
0x0163423b
0x0163423b
0x01634246
0x01634246
0x01634248
0x0163424a
0x00000000
0x00000000
0x01634250
0x01634253
0x00000000
0x00000000
0x01634264
0x01634268
0x0163426a
0x00000000
0x00000000
0x0163426c
0x00000000
0x0163426c
0x0164a8f0
0x00000000
0x0164a8f0
0x00000000
0x01661b03
0x01661aee
0x01661af0
0x01661af3
0x01661af6
0x00000000
0x01661af6
0x015f99f3
0x015f99f6
0x015f99f6
0x015f99f6
0x015f99f8
0x015f99f8
0x0164a8db
0x00000000
0x0164a8db
0x01634058
0x0163405c
0x01634062
0x01634062
0x01634065
0x01634065
0x0163406b
0x01634071
0x01634077
0x01634079
0x0163ddad
0x0163ddb3
0x0163ddb6
0x0163ddbc
0x0163ddc0
0x0163ddc0
0x0163407f
0x0163407f
0x01634082
0x01634082
0x0163408c
0x01634097
0x0163409e
0x016340a1
0x016340a3
0x00000000
0x00000000
0x016340a9
0x016340a9
0x016340ab
0x00000000
0x00000000
0x016340b4
0x016340b7
0x016340bb
0x016340bd
0x016340bd
0x016340bd
0x016340c0
0x016340c3
0x016340c8
0x016340ce
0x016340d7
0x016340d8
0x016340de
0x016340e0
0x016340e0
0x016340e0
0x016340e2
0x016340ea
0x016340f0
0x015fb8d3
0x015fb8d3
0x016340fb
0x01634101
0x01634103
0x01634105
0x01634107
0x01634107
0x0163410e
0x01634110
0x015df1bd
0x015df1bd
0x0163411c
0x01634124
0x01634126
0x01646a9a
0x01646a9a
0x0163412c
0x01634131
0x0163413e
0x0163413e
0x01634141
0x01649ebe
0x01649ebe
0x01634147
0x01634149
0x0163414c
0x01661ba4
0x01661ba4
0x01634155
0x01634156
0x01634160
0x01634162
0x01634164
0x0164a8f7
0x0164a8f7
0x00000000
0x0163416a
0x01634170
0x01634177
0x01634179
0x01661baa
0x01661baa
0x01634182
0x0163418b
0x0163418f
0x01634192
0x01634197
0x01634199
0x0163483d
0x01634844
0x01634846
0x01634848
0x00000000
0x00000000
0x0163484e
0x00000000
0x0163419f
0x0163419f
0x0163419f
0x016341a2
0x016341a2
0x016341a4
0x01661d06
0x01661d0c
0x00000000
0x01661d0c
0x016341ad
0x016341c7
0x016341cc
0x016341d3
0x016341d3
0x016341d6
0x016341d6
0x016341d8
0x016341da
0x00000000
0x00000000
0x016341e0
0x016341e3
0x00000000
0x00000000
0x016341f4
0x016341f8
0x016341fa
0x00000000
0x00000000
0x016341fc
0x016341fe
0x016341fe
0x01634200
0x01661c2e
0x01661c2e
0x01661c2e
0x01661c31
0x01661c33
0x01661c35
0x00000000
0x00000000
0x01661c37
0x01661c3a
0x00000000
0x00000000
0x01661c45
0x01661c49
0x01661c4b
0x00000000
0x00000000
0x01661c4d
0x00000000
0x01661c4d
0x01661ca6
0x01661ca6
0x00000000
0x01661ca6
0x01634206
0x01634209
0x0163420b
0x01661bb3
0x01661bb6
0x01661bb8
0x01661bba
0x01661bbc
0x01661bbc
0x01661bc2
0x01661bc5
0x01661bd7
0x01661bdc
0x00000000
0x00000000
0x00000000
0x00000000
0x01661bde
0x01661bde
0x01661bde
0x01661be0
0x01661be2
0x00000000
0x00000000
0x01661be4
0x01661be7
0x00000000
0x00000000
0x01661bf4
0x01661bf8
0x01661bfa
0x00000000
0x00000000
0x01661bfc
0x01661c02
0x01661c02
0x01661c04
0x00000000
0x00000000
0x01661c06
0x01661c08
0x01661c08
0x01661c08
0x01661c0c
0x01661c16
0x01661c1a
0x01661c1c
0x01661c1e
0x01661c51
0x01661c54
0x01661c57
0x00000000
0x00000000
0x01661c5f
0x01661c63
0x01661c65
0x01661c81
0x01661c82
0x01661c85
0x01661c87
0x01661c89
0x01661c8b
0x01661c8b
0x01661c91
0x01661c94
0x00000000
0x00000000
0x01661c98
0x01661c9b
0x01661c9e
0x01661ca1
0x01661c78
0x01661c78
0x00000000
0x01661c78
0x00000000
0x01661c65
0x01661c26
0x01661c2a
0x01661c2c
0x00000000
0x00000000
0x00000000
0x01661c67
0x01661c67
0x01661c6a
0x01661c6a
0x01661c72
0x01661c72
0x01661c75
0x01661c75
0x01661c75
0x00000000
0x01661c75
0x01661c00
0x01661c00
0x00000000
0x01661c00
0x01661bc9
0x01661bcc
0x01661bcf
0x00000000
0x01661bcf
0x00000000
0x0163420b
0x0164a8e9
0x00000000
0x0164a8e9
0x01634199
0x01634133
0x01634133
0x01634133
0x0163413a
0x0163413a
0x00000000
0x01634133
0x015ec851
0x015ec851
0x01634065
0x0163406b
0x01634071
0x01634077
0x01634079
0x0163ddad
0x0163ddb3
0x0163ddb6
0x0163ddbc
0x0163ddc0
0x0163ddc0
0x0163407f
0x0163407f
0x01634082
0x01634082
0x0163408c
0x01634097
0x0163409e
0x016340a1
0x016340a3
0x00000000
0x00000000
0x016340a3
0x01634065
0x01634039
0x01634039
0x01634039
0x0163403c
0x0163403e
0x01634043
0x01634045
0x00000000
0x00000000
0x015f01ce
0x015f01ce
0x015f01d3
0x015f01d4
0x015f01d7
0x015f01d9
0x015f01db
0x015f01dd
0x015f01dd
0x015f01e3
0x015f01e6
0x015e1677
0x015e167a
0x015e1680
0x00000000
0x015e1680
0x015f01ec
0x015f01f1
0x00000000
0x00000000
0x00000000
0x015f01f7
0x0163404b
0x0163404b
0x00000000
0x0163404b
0x0163402f
0x0163402f
0x00000000
0x0163402f
0x01634004
0x01633efe
0x01622b3e
0x01622b3e
0x01622b3e
0x01622b42
0x01622b42
0x01622b45
0x01622b47
0x01622b4a
0x01622b4d
0x01622b50
0x01622b53
0x00000000
0x00000000
0x01622b59
0x01622b5c
0x01622b5e
0x00000000
0x00000000
0x01622b64
0x01622b66
0x00000000
0x00000000
0x01622b78
0x01622b78
0x01622b7e
0x01622b87
0x01622b8a
0x01622b96
0x01622b99
0x01622b9f
0x01622baa
0x01622bae
0x01622bb1
0x015f018f
0x015f018f
0x015f0199
0x015f019f
0x015f01a2
0x015f01aa
0x015f01bc
0x015f01bc
0x015f01c3
0x015f01c3
0x015f01c3
0x015f01c6
0x00000000
0x015f01c6
0x01622bb7
0x01622bba
0x00000000
0x00000000
0x01622bc0
0x01622bc2
0x01622bc2
0x01622bc5
0x01622bcc
0x01622bce
0x0163b321
0x00000000
0x0163b321
0x01622bdd
0x01622be0
0x01622be6
0x01622be9
0x01622bec
0x015ffa8f
0x015ffa93
0x00000000
0x00000000
0x01661a7a
0x01661a7e
0x00000000
0x01661a80
0x01661a80
0x01661a82
0x00000000
0x01661a82
0x00000000
0x01661a7e
0x00000000
0x01622bec
0x0163b317
0x00000000
0x0163b317
0x015d8b4d
0x015d8b53
0x015d8b59
0x00000000
0x015d8b5b
0x00000000
0x015d8b5b

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f085a83210abb08fe119410863a0d432e1a2b91144178facb62aa12b4904a7be
Instruction ID: fd32031057ffbe9751d0b533b85a54a1c75a3cf946415fa74a4f40acb1441c1d
Opcode Fuzzy Hash: f085a83210abb08fe119410863a0d432e1a2b91144178facb62aa12b4904a7be
Instruction Fuzzy Hash: B672B231A006158FDB29CF5DCC80669B7F2BF85315F28816DD9569F396EB74D882CB80

Uniqueness

Uniqueness Score: 0.00%

Function 015D9F90, Relevance: .7, Instructions: 652
COMMONCrypto

C-Code - Quality: 43%

			E015D9F90(intOrPtr* _a4, intOrPtr* _a8) {
				intOrPtr* _t75;
				signed int _t242;
				signed int _t251;
				signed int _t260;
				intOrPtr* _t352;
				signed int _t359;
				signed int _t362;
				signed int _t365;
				signed int _t368;
				signed int _t371;
				signed int _t374;
				signed int _t377;
				signed int _t380;
				signed int _t383;
				signed int _t387;
				signed int _t391;
				signed int _t394;
				signed int _t397;
				signed int _t400;
				signed int _t403;
				signed int _t406;
				intOrPtr* _t408;
				signed int _t413;
				signed int _t416;
				signed int _t419;
				signed int _t422;
				signed int _t425;
				signed int _t428;
				signed int _t431;
				signed int _t434;
				signed int _t437;
				signed int _t441;
				signed int _t445;
				signed int _t449;
				signed int _t453;
				signed int _t457;
				signed int _t460;
				signed int _t463;
				signed int _t468;
				signed int _t471;
				signed int _t474;
				signed int _t477;
				signed int _t480;
				signed int _t483;
				signed int _t486;
				signed int _t489;
				signed int _t492;
				signed int _t495;
				signed int _t498;
				signed int _t501;
				signed int _t504;
				signed int _t507;
				signed int _t510;
				signed int _t513;
				signed int _t516;
				signed int _t518;
				signed int _t521;
				signed int _t524;
				signed int _t527;
				signed int _t530;
				signed int _t533;
				signed int _t536;
				signed int _t539;
				signed int _t542;
				signed int _t546;
				signed int _t550;
				signed int _t554;
				signed int _t558;
				signed int _t561;
				signed int _t564;
				signed int _t567;
				signed int _t570;

				_t75 = _a4;
				_t408 = _a8;
				_t413 =  *(_t75 + 4);
				_t518 =  *(_t75 + 8);
				_t468 =  *(_t75 + 0xc);
				asm("rol ebx, 0x7");
				_t359 =  *_t75 + ((_t468 ^ _t518) & _t413 ^ _t468) +  *_t408 - 0x28955b88 + _t413;
				asm("rol edi, 0xc");
				_t471 = _t468 +  *((intOrPtr*)(_t408 + 4)) + ((_t518 ^ _t413) & _t359 ^ _t518) + 0xe8c7b756 + _t359;
				asm("rol esi, 0x11");
				_t521 = _t518 +  *((intOrPtr*)(_t408 + 8)) + ((_t413 ^ _t359) & _t471 ^ _t413) + 0x242070db + _t471;
				asm("rol edx, 0x16");
				_t416 = _t413 +  *((intOrPtr*)(_t408 + 0xc)) + ((_t471 ^ _t359) & _t521 ^ _t359) + 0xc1bdceee + _t521;
				asm("rol ebx, 0x7");
				_t362 = _t359 +  *((intOrPtr*)(_t408 + 0x10)) + ((_t471 ^ _t521) & _t416 ^ _t471) + 0xf57c0faf + _t416;
				asm("rol edi, 0xc");
				_t474 = _t471 +  *((intOrPtr*)(_t408 + 0x14)) + ((_t521 ^ _t416) & _t362 ^ _t521) + 0x4787c62a + _t362;
				asm("rol esi, 0x11");
				_t524 = _t521 +  *((intOrPtr*)(_t408 + 0x18)) + ((_t416 ^ _t362) & _t474 ^ _t416) + 0xa8304613 + _t474;
				asm("rol edx, 0x16");
				_t419 = _t416 +  *((intOrPtr*)(_t408 + 0x1c)) + ((_t474 ^ _t362) & _t524 ^ _t362) + 0xfd469501 + _t524;
				asm("rol ebx, 0x7");
				_t365 = _t362 +  *((intOrPtr*)(_t408 + 0x20)) + ((_t474 ^ _t524) & _t419 ^ _t474) + 0x698098d8 + _t419;
				asm("rol edi, 0xc");
				_t477 = _t474 +  *((intOrPtr*)(_t408 + 0x24)) + ((_t524 ^ _t419) & _t365 ^ _t524) + 0x8b44f7af + _t365;
				asm("rol esi, 0x11");
				_t527 = _t524 +  *((intOrPtr*)(_t408 + 0x28)) + ((_t419 ^ _t365) & _t477 ^ _t419) + 0xffff5bb1 + _t477;
				asm("rol edx, 0x16");
				_t422 = _t419 +  *((intOrPtr*)(_t408 + 0x2c)) + ((_t477 ^ _t365) & _t527 ^ _t365) + 0x895cd7be + _t527;
				asm("rol ebx, 0x7");
				_t368 = _t365 +  *((intOrPtr*)(_t408 + 0x30)) + ((_t477 ^ _t527) & _t422 ^ _t477) + 0x6b901122 + _t422;
				asm("rol edi, 0xc");
				_t480 = _t477 +  *((intOrPtr*)(_t408 + 0x34)) + ((_t527 ^ _t422) & _t368 ^ _t527) + 0xfd987193 + _t368;
				asm("rol esi, 0x11");
				_t530 = _t527 +  *((intOrPtr*)(_t408 + 0x38)) + ((_t422 ^ _t368) & _t480 ^ _t422) + 0xa679438e + _t480;
				asm("rol edx, 0x16");
				_t425 = _t422 +  *((intOrPtr*)(_t408 + 0x3c)) + ((_t480 ^ _t368) & _t530 ^ _t368) + 0x49b40821 + _t530;
				asm("rol ebx, 0x5");
				_t371 = _t368 +  *((intOrPtr*)(_t408 + 4)) + ((_t530 ^ _t425) & _t480 ^ _t530) + 0xf61e2562 + _t425;
				asm("rol edi, 0x9");
				_t483 = _t480 +  *((intOrPtr*)(_t408 + 0x18)) + ((_t425 ^ _t371) & _t530 ^ _t425) + 0xc040b340 + _t371;
				asm("rol esi, 0xe");
				_t533 = _t530 +  *((intOrPtr*)(_t408 + 0x2c)) + ((_t483 ^ _t371) & _t425 ^ _t371) + 0x265e5a51 + _t483;
				asm("rol edx, 0x14");
				_t428 = _t425 +  *_t408 + ((_t483 ^ _t533) & _t371 ^ _t483) + 0xe9b6c7aa + _t533;
				asm("rol ebx, 0x5");
				_t374 = _t371 +  *((intOrPtr*)(_t408 + 0x14)) + ((_t533 ^ _t428) & _t483 ^ _t533) + 0xd62f105d + _t428;
				asm("rol edi, 0x9");
				_t486 = _t483 +  *((intOrPtr*)(_t408 + 0x28)) + ((_t428 ^ _t374) & _t533 ^ _t428) + 0x2441453 + _t374;
				asm("rol esi, 0xe");
				_t536 = _t533 +  *((intOrPtr*)(_t408 + 0x3c)) + ((_t486 ^ _t374) & _t428 ^ _t374) + 0xd8a1e681 + _t486;
				asm("rol edx, 0x14");
				_t431 = _t428 +  *((intOrPtr*)(_t408 + 0x10)) + ((_t486 ^ _t536) & _t374 ^ _t486) + 0xe7d3fbc8 + _t536;
				asm("rol ebx, 0x5");
				_t377 = _t374 +  *((intOrPtr*)(_t408 + 0x24)) + ((_t536 ^ _t431) & _t486 ^ _t536) + 0x21e1cde6 + _t431;
				asm("rol edi, 0x9");
				_t489 = _t486 +  *((intOrPtr*)(_t408 + 0x38)) + ((_t431 ^ _t377) & _t536 ^ _t431) + 0xc33707d6 + _t377;
				asm("rol esi, 0xe");
				_t539 = _t536 +  *((intOrPtr*)(_t408 + 0xc)) + ((_t489 ^ _t377) & _t431 ^ _t377) + 0xf4d50d87 + _t489;
				asm("rol edx, 0x14");
				_t434 = _t431 +  *((intOrPtr*)(_t408 + 0x20)) + ((_t489 ^ _t539) & _t377 ^ _t489) + 0x455a14ed + _t539;
				asm("rol ebx, 0x5");
				_t380 = _t377 +  *((intOrPtr*)(_t408 + 0x34)) + ((_t539 ^ _t434) & _t489 ^ _t539) + 0xa9e3e905 + _t434;
				asm("rol edi, 0x9");
				_t492 = _t489 +  *((intOrPtr*)(_t408 + 8)) + ((_t434 ^ _t380) & _t539 ^ _t434) + 0xfcefa3f8 + _t380;
				asm("rol esi, 0xe");
				_t542 = _t539 +  *((intOrPtr*)(_t408 + 0x1c)) + ((_t492 ^ _t380) & _t434 ^ _t380) + 0x676f02d9 + _t492;
				asm("rol edx, 0x14");
				_t437 = _t434 + ((_t492 ^ _t542) & _t380 ^ _t492) +  *((intOrPtr*)(_t408 + 0x30)) + 0x8d2a4c8a + _t542;
				asm("rol ebx, 0x4");
				_t383 = _t380 +  *((intOrPtr*)(_t408 + 0x14)) + (_t492 ^ _t542 ^ _t437) + 0xfffa3942 + _t437;
				asm("rol edi, 0xb");
				_t495 = _t492 +  *((intOrPtr*)(_t408 + 0x20)) + (_t542 ^ _t437 ^ _t383) + 0x8771f681 + _t383;
				asm("rol esi, 0x10");
				_t546 = _t542 +  *((intOrPtr*)(_t408 + 0x2c)) + 0x6d9d6122 + (_t495 ^ _t437 ^ _t383) + _t495;
				_t242 = _t495 ^ _t546;
				asm("rol edx, 0x17");
				_t441 = _t437 +  *((intOrPtr*)(_t408 + 0x38)) + 0xfde5380c + (_t383 ^ _t242) + _t546;
				asm("rol ebx, 0x4");
				_t387 = _t383 +  *((intOrPtr*)(_t408 + 4)) + 0xa4beea44 + (_t441 ^ _t242) + _t441;
				asm("rol edi, 0xb");
				_t498 = _t495 +  *((intOrPtr*)(_t408 + 0x10)) + (_t546 ^ _t441 ^ _t387) + 0x4bdecfa9 + _t387;
				asm("rol esi, 0x10");
				_t550 = _t546 +  *((intOrPtr*)(_t408 + 0x1c)) + 0xf6bb4b60 + (_t498 ^ _t441 ^ _t387) + _t498;
				_t251 = _t498 ^ _t550;
				asm("rol edx, 0x17");
				_t445 = _t441 +  *((intOrPtr*)(_t408 + 0x28)) + 0xbebfbc70 + (_t387 ^ _t251) + _t550;
				asm("rol ebx, 0x4");
				_t391 = _t387 +  *((intOrPtr*)(_t408 + 0x34)) + 0x289b7ec6 + (_t445 ^ _t251) + _t445;
				asm("rol edi, 0xb");
				_t501 = _t498 +  *_t408 + (_t550 ^ _t445 ^ _t391) + 0xeaa127fa + _t391;
				asm("rol esi, 0x10");
				_t554 = _t550 +  *((intOrPtr*)(_t408 + 0xc)) + 0xd4ef3085 + (_t501 ^ _t445 ^ _t391) + _t501;
				_t260 = _t501 ^ _t554;
				asm("rol edx, 0x17");
				_t449 = _t445 +  *((intOrPtr*)(_t408 + 0x18)) + 0x4881d05 + (_t391 ^ _t260) + _t554;
				asm("rol ebx, 0x4");
				_t394 = _t391 + (_t449 ^ _t260) +  *((intOrPtr*)(_t408 + 0x24)) + 0xd9d4d039 + _t449;
				asm("rol edi, 0xb");
				_t504 = _t501 +  *((intOrPtr*)(_t408 + 0x30)) + (_t554 ^ _t449 ^ _t394) + 0xe6db99e5 + _t394;
				asm("rol esi, 0x10");
				_t558 = _t554 +  *((intOrPtr*)(_t408 + 0x3c)) + 0x1fa27cf8 + (_t504 ^ _t449 ^ _t394) + _t504;
				asm("rol edx, 0x17");
				_t453 = _t449 +  *((intOrPtr*)(_t408 + 8)) + 0xc4ac5665 + (_t504 ^ _t558 ^ _t394) + _t558;
				asm("rol ebx, 0x6");
				_t397 = _t394 +  *_t408 + ((_t504 ^ 0xffffffff | _t453) ^ _t558) + 0xf4292244 + _t453;
				asm("rol edi, 0xa");
				_t507 = _t504 +  *((intOrPtr*)(_t408 + 0x1c)) + ((_t558 ^ 0xffffffff | _t397) ^ _t453) + 0x432aff97 + _t397;
				asm("rol esi, 0xf");
				_t561 = _t558 +  *((intOrPtr*)(_t408 + 0x38)) + ((_t453 ^ 0xffffffff | _t507) ^ _t397) + 0xab9423a7 + _t507;
				asm("rol edx, 0x15");
				_t457 = _t453 +  *((intOrPtr*)(_t408 + 0x14)) + 0xfc93a039 + ((_t397 ^ 0xffffffff | _t561) ^ _t507) + _t561;
				asm("rol ebx, 0x6");
				_t400 = _t397 +  *((intOrPtr*)(_t408 + 0x30)) + ((_t507 ^ 0xffffffff | _t457) ^ _t561) + 0x655b59c3 + _t457;
				asm("rol edi, 0xa");
				_t510 = _t507 +  *((intOrPtr*)(_t408 + 0xc)) + ((_t561 ^ 0xffffffff | _t400) ^ _t457) + 0x8f0ccc92 + _t400;
				asm("rol esi, 0xf");
				_t564 = _t561 +  *((intOrPtr*)(_t408 + 0x28)) + ((_t457 ^ 0xffffffff | _t510) ^ _t400) + 0xffeff47d + _t510;
				asm("rol edx, 0x15");
				_t460 = _t457 +  *((intOrPtr*)(_t408 + 4)) + ((_t400 ^ 0xffffffff | _t564) ^ _t510) + 0x85845dd1 + _t564;
				asm("rol ebx, 0x6");
				_t403 = _t400 +  *((intOrPtr*)(_t408 + 0x20)) + ((_t510 ^ 0xffffffff | _t460) ^ _t564) + 0x6fa87e4f + _t460;
				asm("rol edi, 0xa");
				_t513 = _t510 +  *((intOrPtr*)(_t408 + 0x3c)) + ((_t564 ^ 0xffffffff | _t403) ^ _t460) + 0xfe2ce6e0 + _t403;
				asm("rol esi, 0xf");
				_t567 = _t564 +  *((intOrPtr*)(_t408 + 0x18)) + ((_t460 ^ 0xffffffff | _t513) ^ _t403) + 0xa3014314 + _t513;
				asm("rol edx, 0x15");
				_t463 = _t460 +  *((intOrPtr*)(_t408 + 0x34)) + ((_t403 ^ 0xffffffff | _t567) ^ _t513) + 0x4e0811a1 + _t567;
				asm("rol ebx, 0x6");
				_t406 = _t403 +  *((intOrPtr*)(_t408 + 0x10)) + ((_t513 ^ 0xffffffff | _t463) ^ _t567) + 0xf7537e82 + _t463;
				asm("rol edi, 0xa");
				_t516 = _t513 +  *((intOrPtr*)(_t408 + 0x2c)) + ((_t567 ^ 0xffffffff | _t406) ^ _t463) + 0xbd3af235 + _t406;
				asm("rol esi, 0xf");
				_t570 = _t567 +  *((intOrPtr*)(_t408 + 8)) + ((_t463 ^ 0xffffffff | _t516) ^ _t406) + 0x2ad7d2bb + _t516;
				asm("rol edx, 0x15");
				_t352 = _a4;
				 *_t352 = _t406 +  *_t352;
				 *((intOrPtr*)(_t352 + 4)) = _t463 +  *((intOrPtr*)(_t408 + 0x24)) + ((_t406 ^ 0xffffffff | _t570) ^ _t516) + 0xeb86d391 + _t570 +  *((intOrPtr*)(_t352 + 4));
				 *((intOrPtr*)(_t352 + 8)) = _t570 +  *((intOrPtr*)(_t352 + 8));
				 *((intOrPtr*)(_t352 + 0xc)) = _t516 +  *((intOrPtr*)(_t352 + 0xc));
				return _t352;
			}

0x015d9f90
0x015d9f95
0x015d9f9b
0x015d9f9f
0x015d9fa2
0x015d9fba
0x015d9fbf
0x015d9fd3
0x015d9fd8
0x015d9fec
0x015d9ff1
0x015da005
0x015da00a
0x015da01e
0x015da023
0x015da037
0x015da03c
0x015da050
0x015da055
0x015da069
0x015da06e
0x015da082
0x015da087
0x015da09b
0x015da0a0
0x015da0b4
0x015da0b9
0x015da0cd
0x015da0d2
0x015da0e6
0x015da0eb
0x015da0ff
0x015da104
0x015da118
0x015da11d
0x015da131
0x015da136
0x015da14c
0x015da152
0x015da166
0x015da169
0x015da17e
0x015da183
0x015da196
0x015da19c
0x015da1af
0x015da1b5
0x015da1c6
0x015da1c9
0x015da1e1
0x015da1e7
0x015da1fa
0x015da200
0x015da213
0x015da219
0x015da22d
0x015da230
0x015da245
0x015da24b
0x015da25c
0x015da25f
0x015da277
0x015da27d
0x015da291
0x015da294
0x015da2a9
0x015da2ac
0x015da2c2
0x015da2c7
0x015da2d9
0x015da2de
0x015da2f0
0x015da2f8
0x015da308
0x015da30d
0x015da30f
0x015da322
0x015da32a
0x015da338
0x015da33d
0x015da34f
0x015da357
0x015da367
0x015da36c
0x015da375
0x015da381
0x015da389
0x015da397
0x015da39c
0x015da3ad
0x015da3b5
0x015da3c5
0x015da3ca
0x015da3d3
0x015da3df
0x015da3e2
0x015da3f4
0x015da3f9
0x015da40b
0x015da411
0x015da423
0x015da428
0x015da43b
0x015da443
0x015da454
0x015da45c
0x015da46e
0x015da476
0x015da488
0x015da490
0x015da4a3
0x015da4ab
0x015da4bd
0x015da4c5
0x015da4d7
0x015da4df
0x015da4f1
0x015da4f9
0x015da50b
0x015da513
0x015da525
0x015da52d
0x015da53f
0x015da547
0x015da559
0x015da561
0x015da573
0x015da57b
0x015da58d
0x015da595
0x015da5a7
0x015da5af
0x015da5c1
0x015da5c9
0x015da5db
0x015da5de
0x015da5ed
0x015da5f2
0x015da5fb
0x015da600
0x015da606

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf3aace0eee00dd7d8b9421bd2df7728fa7323d9af3e0e213de9131a621edcaa
Instruction ID: 8105c557ab85b7292f4c61937c43d24a40909692a6b6dd5c4a593eb44872254c
Opcode Fuzzy Hash: bf3aace0eee00dd7d8b9421bd2df7728fa7323d9af3e0e213de9131a621edcaa
Instruction Fuzzy Hash: 6C128273B716180BC344CD7DCC852C27293ABD452875FCA3CAD68CB706F66AED1A6684

Uniqueness

Uniqueness Score: 0.00%

Function 015DCBA7, Relevance: .6, Instructions: 646
COMMONCrypto

C-Code - Quality: 98%

			E015DCBA7(signed short __ecx, unsigned short* _a4, signed int _a8, signed int _a12, signed short* _a16, unsigned int _a20) {
				signed int _v8;
				signed int _v12;
				unsigned int _t381;
				intOrPtr* _t382;
				signed char _t387;
				signed int _t388;
				signed short _t389;
				intOrPtr _t390;
				unsigned short _t392;
				intOrPtr _t394;
				intOrPtr _t449;
				unsigned short _t451;
				intOrPtr _t452;
				signed short _t458;
				intOrPtr _t459;
				signed short _t465;
				intOrPtr _t466;
				signed short _t472;
				intOrPtr _t473;
				signed short _t479;
				intOrPtr _t480;
				signed short _t486;
				intOrPtr _t487;
				signed short _t493;
				intOrPtr _t494;
				signed short _t500;
				intOrPtr _t501;
				signed short _t507;
				intOrPtr _t508;
				signed short _t514;
				intOrPtr _t515;
				signed short _t521;
				intOrPtr _t522;
				signed short _t528;
				intOrPtr _t529;
				signed short _t535;
				intOrPtr _t536;
				signed short _t542;
				intOrPtr _t543;
				signed short _t549;
				intOrPtr _t550;
				signed short _t556;
				intOrPtr _t557;
				signed int _t561;
				signed int _t562;
				signed short* _t581;
				signed short _t585;
				intOrPtr _t586;
				unsigned short* _t593;
				signed short _t700;
				signed short _t701;
				intOrPtr _t705;
				intOrPtr _t709;
				intOrPtr _t713;
				intOrPtr _t717;
				intOrPtr _t721;
				intOrPtr _t725;
				intOrPtr _t729;
				intOrPtr _t733;
				intOrPtr _t737;
				intOrPtr _t741;
				intOrPtr _t745;
				intOrPtr _t749;
				intOrPtr _t753;
				intOrPtr _t757;
				intOrPtr _t761;
				intOrPtr _t765;

				_t448 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t381 = _a20 >> 1;
				_v12 = _t381;
				if( *0x16aec42 != 0) {
					_t593 = _a4;
					_v8 = _t593;
					if(_t381 == 0) {
						L46:
						_t382 = _a12;
						if(_t382 != 0) {
							 *_t382 = _t593 - _v8;
						}
						goto L71;
					}
					while(_a8 != 0) {
						_t449 =  *0x16a81f0; // 0x7ffc0646
						_t387 =  *(_t449 + ( *_a16 & 0x0000ffff) * 2) & 0x0000ffff;
						_a16 =  &(_a16[1]);
						_t585 =  *(0x16af660 + (_t387 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff;
						_t388 = _t387 & 0x000000ff;
						if(_t585 == 0) {
							_t586 =  *0x16a8200; // 0x7ffc0240
							_t389 =  *(_t586 + _t388 * 2) & 0x0000ffff;
						} else {
							_t394 =  *0x16aec80; // 0x0
							_t389 =  *(_t394 + ((_t585 & 0x0000ffff) + _t388) * 2) & 0x0000ffff;
						}
						_t700 = _t389;
						_a20 = _t389;
						if(_t700 >= 0x61) {
							if(_t700 > 0x7a) {
								_t390 =  *0x16a81fc; // 0x7ffd064c
								_t701 = _t700 +  *((intOrPtr*)(_t390 + (( *(_t390 + (( *(_t390 + ((_t700 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + ((_t700 & 0x0000ffff) >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t587 & 0x0000000f)) * 2));
								_t593 = _a4;
								goto L42;
							}
							_a20 = _a20 + 0xffe0;
							goto L40;
						} else {
							_a20 = _t700 & 0x0000ffff;
							L40:
							_t701 = _a20;
							L42:
							_t392 =  *(_t449 + (_t701 & 0x0000ffff) * 2) & 0x0000ffff;
							_t451 = _t392 >> 8;
							if(_t451 == 0) {
								L45:
								 *_t593 = _t392;
								_t593 =  &(_t593[0]);
								_a8 = _a8 - 1;
								_t193 =  &_v12;
								 *_t193 = _v12 - 1;
								_a4 = _t593;
								if( *_t193 != 0) {
									continue;
								}
								goto L46;
							}
							_a8 = _a8 - 1;
							if(_a8 < 2) {
								goto L46;
							}
							 *_t593 = _t451;
							_t593 =  &(_t593[0]);
							goto L45;
						}
					}
					goto L46;
				} else {
					__ecx = _a8;
					if(__eax >= __ecx) {
						_v8 = __ecx;
					} else {
						__ecx = __eax;
						_v8 = __eax;
					}
					__eax = _a12;
					if(__eax != 0) {
						 *__eax = __ecx;
					}
					__eax =  *0x16a81e4; // 0x7ffc0646
					__ecx = __ecx & 0x0000000f;
					_a4 = _a4 + __ecx;
					_a12 = __ecx;
					do {
						if(_t562 > 0xf) {
							_t765 =  *0x16a8200; // 0x7ffc0240
							_t448 =  *(_t765 + ( *(( *_t581 & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
							_a4 =  &(_a4[8]);
							_t581 =  &(_t581[0x10]);
							_a20 = _t448;
							if(_t448 >= 0x61) {
								if(_t448 > 0x7a) {
									_t702 = _t448 & 0x0000ffff;
									_t452 =  *0x16a81fc; // 0x7ffd064c
									_a20 = _a20 +  *((intOrPtr*)(_t452 + (( *(_t452 + (( *(_t452 + ((_t448 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t702 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t702 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							} else {
								_a20 = _t448 & 0x0000ffff;
							}
							 *((char*)(_a4 - 0x10)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
							L12:
							_t22 = _t581 - 0x1e; // 0x830f61f9
							_t705 =  *0x16a8200; // 0x7ffc0240
							_t458 =  *(_t705 + ( *(( *_t22 & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t458;
							if(_t458 >= 0x61) {
								if(_t458 > 0x7a) {
									_t706 = _t458 & 0x0000ffff;
									_t459 =  *0x16a81fc; // 0x7ffd064c
									_a20 = _a20 +  *((intOrPtr*)(_t459 + (( *(_t459 + (( *(_t459 + ((_t458 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t706 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t706 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							} else {
								_a20 = _t458 & 0x0000ffff;
							}
							 *((char*)(_a4 - 0xf)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
							L97:
							_t346 = _t581 - 0x1c; // 0x2b9830f
							_t709 =  *0x16a8200; // 0x7ffc0240
							_t465 =  *(_t709 + ( *(( *_t346 & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t465;
							if(_t465 >= 0x61) {
								if(_t465 > 0x7a) {
									_t710 = _t465 & 0x0000ffff;
									_t466 =  *0x16a81fc; // 0x7ffd064c
									_a20 = _a20 +  *((intOrPtr*)(_t466 + (( *(_t466 + (( *(_t466 + ((_t465 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t710 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t710 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							} else {
								_a20 = _t465 & 0x0000ffff;
							}
							 *((char*)(_a4 - 0xe)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
							L91:
							_t326 = _t581 - 0x1a; // 0x2b9
							_t713 =  *0x16a8200; // 0x7ffc0240
							_t472 =  *(_t713 + ( *(( *_t326 & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t472;
							if(_t472 >= 0x61) {
								if(_t472 > 0x7a) {
									_t714 = _t472 & 0x0000ffff;
									_t473 =  *0x16a81fc; // 0x7ffd064c
									_a20 = _a20 +  *((intOrPtr*)(_t473 + (( *(_t473 + (( *(_t473 + ((_t472 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t714 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t714 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							} else {
								_a20 = _t472 & 0x0000ffff;
							}
							 *((char*)(_a4 - 0xd)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
							L94:
							_t336 = _t581 - 0x18; // 0xb70f0000
							_t717 =  *0x16a8200; // 0x7ffc0240
							_t479 =  *(_t717 + ( *(( *_t336 & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t479;
							if(_t479 >= 0x61) {
								if(_t479 > 0x7a) {
									_t718 = _t479 & 0x0000ffff;
									_t480 =  *0x16a81fc; // 0x7ffd064c
									_a20 = _a20 +  *((intOrPtr*)(_t480 + (( *(_t480 + (( *(_t480 + ((_t479 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t718 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t718 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							} else {
								_a20 = _t479 & 0x0000ffff;
							}
							 *((char*)(_a4 - 0xc)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
							L88:
							_t721 =  *0x16a8200; // 0x7ffc0240
							_t486 =  *(_t721 + ( *(( *(_t581 - 0x16) & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t486;
							if(_t486 >= 0x61) {
								if(_t486 > 0x7a) {
									_t722 = _t486 & 0x0000ffff;
									_t487 =  *0x16a81fc; // 0x7ffd064c
									_a20 = _a20 +  *((intOrPtr*)(_t487 + (( *(_t487 + (( *(_t487 + ((_t486 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t722 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t722 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							} else {
								_a20 = _t486 & 0x0000ffff;
							}
							 *((char*)(_a4 - 0xb)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
							L85:
							_t725 =  *0x16a8200; // 0x7ffc0240
							_t493 =  *(_t725 + ( *(( *(_t581 - 0x14) & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t493;
							if(_t493 >= 0x61) {
								if(_t493 > 0x7a) {
									_t726 = _t493 & 0x0000ffff;
									_t494 =  *0x16a81fc; // 0x7ffd064c
									_a20 = _a20 +  *((intOrPtr*)(_t494 + (( *(_t494 + (( *(_t494 + ((_t493 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t726 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t726 & 0x0000000f)) * 2));
								} else {
									_a20 = _a20 + 0xffe0;
								}
							} else {
								_a20 = _t493 & 0x0000ffff;
							}
							 *((char*)(_a4 - 0xa)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
							L81:
							_t295 = _t581 - 0x12; // 0x16a5310
							_t729 =  *0x16a8200; // 0x7ffc0240
							_t500 =  *(_t729 + ( *(( *_t295 & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
							_a20 = _t500;
							if(_t500 >= 0x61) {
								if(_t500 <= 0x7a) {
									_a20 = _a20 + 0xffe0;
								} else {
									_t730 = _t500 & 0x0000ffff;
									_t501 =  *0x16a81fc; // 0x7ffd064c
									_a20 = _a20 +  *((intOrPtr*)(_t501 + (( *(_t501 + (( *(_t501 + ((_t500 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t730 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t730 & 0x0000000f)) * 2));
								}
								L83:
								 *((char*)(_a4 - 9)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
								L78:
								_t733 =  *0x16a8200; // 0x7ffc0240
								_t507 =  *(_t733 + ( *(( *(_t581 - 0x10) & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
								_a20 = _t507;
								if(_t507 >= 0x61) {
									if(_t507 > 0x7a) {
										_t734 = _t507 & 0x0000ffff;
										_t508 =  *0x16a81fc; // 0x7ffd064c
										_a20 = _a20 +  *((intOrPtr*)(_t508 + (( *(_t508 + (( *(_t508 + ((_t507 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t734 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t734 & 0x0000000f)) * 2));
									} else {
										_a20 = _a20 + 0xffe0;
									}
								} else {
									_a20 = _t507 & 0x0000ffff;
								}
								 *((char*)(_a4 - 8)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
								L75:
								_t737 =  *0x16a8200; // 0x7ffc0240
								_t514 =  *(_t737 + ( *(( *(_t581 - 0xe) & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
								_a20 = _t514;
								if(_t514 >= 0x61) {
									if(_t514 > 0x7a) {
										_t738 = _t514 & 0x0000ffff;
										_t515 =  *0x16a81fc; // 0x7ffd064c
										_a20 = _a20 +  *((intOrPtr*)(_t515 + (( *(_t515 + (( *(_t515 + ((_t514 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t738 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t738 & 0x0000000f)) * 2));
									} else {
										_a20 = _a20 + 0xffe0;
									}
								} else {
									_a20 = _t514 & 0x0000ffff;
								}
								 *((char*)(_a4 - 7)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
								L72:
								_t741 =  *0x16a8200; // 0x7ffc0240
								_t521 =  *(_t741 + ( *(( *(_t581 - 0xc) & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
								_a20 = _t521;
								if(_t521 >= 0x61) {
									if(_t521 > 0x7a) {
										_t742 = _t521 & 0x0000ffff;
										_t522 =  *0x16a81fc; // 0x7ffd064c
										_a20 = _a20 +  *((intOrPtr*)(_t522 + (( *(_t522 + (( *(_t522 + ((_t521 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t742 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t742 & 0x0000000f)) * 2));
									} else {
										_a20 = _a20 + 0xffe0;
									}
								} else {
									_a20 = _t521 & 0x0000ffff;
								}
								 *((char*)(_a4 - 6)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
								L55:
								_t745 =  *0x16a8200; // 0x7ffc0240
								_t528 =  *(_t745 + ( *(( *(_t581 - 0xa) & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
								_a20 = _t528;
								if(_t528 >= 0x61) {
									if(_t528 <= 0x7a) {
										_a20 = _a20 + 0xffe0;
									} else {
										_t746 = _t528 & 0x0000ffff;
										_t529 =  *0x16a81fc; // 0x7ffd064c
										_a20 = _a20 +  *((intOrPtr*)(_t529 + (( *(_t529 + (( *(_t529 + ((_t528 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t746 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t746 & 0x0000000f)) * 2));
									}
									L57:
									 *((char*)(_a4 - 5)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
									L58:
									_t749 =  *0x16a8200; // 0x7ffc0240
									_t535 =  *(_t749 + ( *(( *(_t581 - 8) & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
									_a20 = _t535;
									if(_t535 >= 0x61) {
										if(_t535 > 0x7a) {
											_t750 = _t535 & 0x0000ffff;
											_t536 =  *0x16a81fc; // 0x7ffd064c
											_a20 = _a20 +  *((intOrPtr*)(_t536 + (( *(_t536 + (( *(_t536 + ((_t535 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t750 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t750 & 0x0000000f)) * 2));
										} else {
											_a20 = _a20 + 0xffe0;
										}
									} else {
										_a20 = _t535 & 0x0000ffff;
									}
									 *((char*)(_a4 - 4)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
									L61:
									_t753 =  *0x16a8200; // 0x7ffc0240
									_t542 =  *(_t753 + ( *(( *(_t581 - 6) & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
									_a20 = _t542;
									if(_t542 >= 0x61) {
										if(_t542 > 0x7a) {
											_t754 = _t542 & 0x0000ffff;
											_t543 =  *0x16a81fc; // 0x7ffd064c
											_a20 = _a20 +  *((intOrPtr*)(_t543 + (( *(_t543 + (( *(_t543 + ((_t542 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t754 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t754 & 0x0000000f)) * 2));
										} else {
											_a20 = _a20 + 0xffe0;
										}
									} else {
										_a20 = _t542 & 0x0000ffff;
									}
									 *((char*)(_a4 - 3)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
									L64:
									_t757 =  *0x16a8200; // 0x7ffc0240
									_t549 =  *(_t757 + ( *(( *(_t581 - 4) & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
									_a20 = _t549;
									if(_t549 < 0x61) {
										_a20 = _t549 & 0x0000ffff;
									} else {
										if(_t549 > 0x7a) {
											_t758 = _t549 & 0x0000ffff;
											_t550 =  *0x16a81fc; // 0x7ffd064c
											_a20 = _a20 +  *((intOrPtr*)(_t550 + (( *(_t550 + (( *(_t550 + ((_t549 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t758 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t758 & 0x0000000f)) * 2));
										} else {
											_a20 = _a20 + 0xffe0;
										}
									}
									 *((char*)(_a4 - 2)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
									L67:
									_t761 =  *0x16a8200; // 0x7ffc0240
									_t556 =  *(_t761 + ( *(( *(_t581 - 2) & 0x0000ffff) + _t381) & 0x000000ff) * 2) & 0x0000ffff;
									_a20 = _t556;
									if(_t556 < 0x61) {
										_a20 = _t556 & 0x0000ffff;
									} else {
										if(_t556 > 0x7a) {
											_t762 = _t556 & 0x0000ffff;
											_t557 =  *0x16a81fc; // 0x7ffd064c
											_a20 = _a20 +  *((intOrPtr*)(_t557 + (( *(_t557 + (( *(_t557 + ((_t556 & 0x0000ffff) >> 8) * 2) & 0x0000ffff) + (_t762 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t762 & 0x0000000f)) * 2));
										} else {
											_a20 = _a20 + 0xffe0;
										}
									}
									 *((char*)(_a4 - 1)) =  *((intOrPtr*)((_a20 & 0x0000ffff) + _t381));
									_t561 = _a12;
									goto L70;
								}
								_a20 = _t528 & 0x0000ffff;
								goto L57;
							}
							_a20 = _t500 & 0x0000ffff;
							goto L83;
						}
						switch( *((intOrPtr*)(_t562 * 4 +  &M015DCB62))) {
							case 0:
								goto L70;
							case 1:
								goto L67;
							case 2:
								goto L64;
							case 3:
								goto L61;
							case 4:
								goto L58;
							case 5:
								goto L55;
							case 6:
								goto L72;
							case 7:
								goto L75;
							case 8:
								goto L78;
							case 9:
								goto L81;
							case 0xa:
								goto L85;
							case 0xb:
								goto L88;
							case 0xc:
								goto L94;
							case 0xd:
								goto L91;
							case 0xe:
								goto L97;
							case 0xf:
								goto L12;
						}
						L70:
						_t260 =  &_v8;
						 *_t260 = _v8 - _t561;
						_t562 = 0x10;
						_a12 = _t562;
					} while ( *_t260 != 0);
					L71:
					asm("sbb eax, eax");
					return _v12 & 0x80000005;
				}
			}

0x015dcba7
0x015dcbac
0x015dcbad
0x015dcbb2
0x015dcbbd
0x015dcbc0
0x015dca6a
0x015dca6d
0x015dca72
0x015dcb4c
0x015dcb4c
0x015dcb51
0x015dcb5a
0x015dcb5a
0x00000000
0x015dcb51
0x015dca78
0x015dca88
0x015dca8e
0x015dca92
0x015dca9e
0x015dcaa6
0x015dcaac
0x015dcabe
0x015dcac4
0x015dcaae
0x015dcab3
0x015dcab8
0x015dcab8
0x015dcac8
0x015dcacb
0x015dcad2
0x015dcae0
0x015dcaef
0x015dcb13
0x015dcb17
0x00000000
0x015dcb17
0x015dcae2
0x00000000
0x015dcad4
0x015dcad7
0x015dcae9
0x015dcae9
0x015dcb1a
0x015dcb1d
0x015dcb24
0x015dcb2a
0x015dcb3a
0x015dcb3a
0x015dcb3c
0x015dcb3d
0x015dcb40
0x015dcb40
0x015dcb43
0x015dcb46
0x00000000
0x00000000
0x00000000
0x015dcb46
0x015dcb2f
0x015dcb35
0x00000000
0x00000000
0x015dcb37
0x015dcb39
0x00000000
0x015dcb39
0x015dcad2
0x00000000
0x015dcbc6
0x015dcbc6
0x015dcbcb
0x015dcdf6
0x015dcbd1
0x015dcbd1
0x015dcbd3
0x015dcbd3
0x015dcbd6
0x015dcbdb
0x015dcbdd
0x015dcbdd
0x015dcbe2
0x015dcbe7
0x015dcbea
0x015dcbed
0x015dcbf3
0x015dcbf6
0x015dc0d6
0x015dc0dc
0x015dc0e0
0x015dc0e4
0x015dc0e7
0x015dc0ee
0x015da628
0x015dc74a
0x015dc74d
0x015dc773
0x015da62e
0x015da62e
0x015da62e
0x015dc0f4
0x015dc0f7
0x015dc0f7
0x015dc104
0x015dc107
0x015dc107
0x015dc10f
0x015dc115
0x015dc119
0x015dc120
0x015da63e
0x015dc77c
0x015dc77f
0x015dc7a5
0x015da644
0x015da644
0x015da644
0x015dc126
0x015dc129
0x015dc129
0x015dc136
0x015dd01e
0x015dd01e
0x015dd026
0x015dd02c
0x015dd030
0x015dd037
0x015dd2fa
0x015dc7ae
0x015dc7b1
0x015dc7d7
0x015dd300
0x015dd300
0x015dd300
0x015dd03d
0x015dd040
0x015dd040
0x015dd04d
0x015dcfb5
0x015dcfb5
0x015dcfbd
0x015dcfc3
0x015dcfc7
0x015dcfce
0x015dd1ad
0x015dc7e0
0x015dc7e3
0x015dc809
0x015dd1b3
0x015dd1b3
0x015dd1b3
0x015dcfd4
0x015dcfd7
0x015dcfd7
0x015dcfe4
0x015dcfe7
0x015dcfe7
0x015dcfef
0x015dcff5
0x015dcff9
0x015dd000
0x015dd1c3
0x015dc812
0x015dc815
0x015dc83b
0x015dd1c9
0x015dd1c9
0x015dd1c9
0x015dd006
0x015dd009
0x015dd009
0x015dd016
0x015dcf81
0x015dcf89
0x015dcf8f
0x015dcf93
0x015dcf9a
0x015dd16b
0x015dc844
0x015dc847
0x015dc86d
0x015dd171
0x015dd171
0x015dd171
0x015dcfa0
0x015dcfa3
0x015dcfa3
0x015dcfb0
0x015dcf4a
0x015dcf52
0x015dcf58
0x015dcf5c
0x015dcf63
0x015dd155
0x015dc876
0x015dc879
0x015dc89f
0x015dd15b
0x015dd15b
0x015dd15b
0x015dcf69
0x015dcf6c
0x015dcf6c
0x015dcf79
0x015dcdc2
0x015dcdc2
0x015dcdca
0x015dcdd0
0x015dcdd4
0x015dcddb
0x015dd113
0x015dd119
0x015dc8a8
0x015dc8a8
0x015dc8ab
0x015dc8d1
0x015dc8d1
0x015dcde7
0x015dcdf1
0x015dcd8e
0x015dcd96
0x015dcd9c
0x015dcda0
0x015dcda7
0x015dd129
0x015dc8da
0x015dc8dd
0x015dc903
0x015dd12f
0x015dd12f
0x015dd12f
0x015dcdad
0x015dcdb0
0x015dcdb0
0x015dcdbd
0x015dcd5a
0x015dcd62
0x015dcd68
0x015dcd6c
0x015dcd73
0x015dd13f
0x015dc90c
0x015dc90f
0x015dc935
0x015dd145
0x015dd145
0x015dd145
0x015dcd79
0x015dcd7c
0x015dcd7c
0x015dcd89
0x015dcd23
0x015dcd2b
0x015dcd31
0x015dcd35
0x015dcd3c
0x015dd1d9
0x015dc93e
0x015dc941
0x015dc967
0x015dd1df
0x015dd1df
0x015dd1df
0x015dcd42
0x015dcd45
0x015dcd45
0x015dcd52
0x015dcc03
0x015dcc0b
0x015dcc11
0x015dcc15
0x015dcc1c
0x015dd0fd
0x015dd103
0x015dc970
0x015dc970
0x015dc973
0x015dc999
0x015dc999
0x015dcc28
0x015dcc32
0x015dcc35
0x015dcc3d
0x015dcc43
0x015dcc47
0x015dcc4e
0x015dd181
0x015dc9a2
0x015dc9a5
0x015dc9cb
0x015dd187
0x015dd187
0x015dd187
0x015dcc54
0x015dcc57
0x015dcc57
0x015dcc64
0x015dcc67
0x015dcc6f
0x015dcc75
0x015dcc79
0x015dcc80
0x015dd197
0x015dc9d4
0x015dc9d7
0x015dc9fd
0x015dd19d
0x015dd19d
0x015dd19d
0x015dcc86
0x015dcc89
0x015dcc89
0x015dcc96
0x015dcc99
0x015dcca1
0x015dcca7
0x015dccab
0x015dccb2
0x015dccbb
0x015db12f
0x015db133
0x015dca06
0x015dca09
0x015dca2f
0x015db139
0x015db139
0x015db139
0x015db133
0x015dccc8
0x015dcccb
0x015dccd3
0x015dccd9
0x015dccdd
0x015dcce4
0x015dcced
0x015db145
0x015db149
0x015dca38
0x015dca3b
0x015dca61
0x015db14f
0x015db14f
0x015db14f
0x015db149
0x015dccfa
0x015dccfd
0x00000000
0x015dccfd
0x015dcc25
0x00000000
0x015dcc25
0x015dcde4
0x00000000
0x015dcde4
0x015dcbfc
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x015dcd00
0x015dcd00
0x015dcd00
0x015dcd05
0x015dcd06
0x015dcd06
0x015dcd0f
0x015dcd16
0x015dcd20
0x015dcd20

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0279a4c29b2b8c6b4a632697d86137e9053ea87cf727d8634ef41677ad530f53
Instruction ID: c2c3a15cdfe6cf5876c95a2e68010f51d3c439b93ec96e8ab89c0533fac4ff73
Opcode Fuzzy Hash: 0279a4c29b2b8c6b4a632697d86137e9053ea87cf727d8634ef41677ad530f53
Instruction Fuzzy Hash: 9042B5B6808236C7C7344F09C8A00B53BA1FF69755B6A446EEDC21F781E77499A2E7D0

Uniqueness

Uniqueness Score: 0.00%

Function 016A0404, Relevance: .5, Instructions: 529
COMMONCrypto

C-Code - Quality: 86%

			E016A0404(signed int __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t292;
				signed char _t296;
				signed char _t306;
				signed char _t308;
				signed int _t319;
				signed int _t329;
				signed short _t332;
				signed int _t334;
				intOrPtr _t339;
				signed char _t340;
				signed int _t342;
				signed int _t358;
				signed int _t361;
				signed int _t372;
				signed int _t375;
				signed int _t377;
				short _t379;
				signed int _t386;
				signed int _t387;
				signed int _t393;
				signed short _t396;
				signed int _t406;
				signed int _t416;
				signed int _t417;
				signed int _t419;
				intOrPtr _t426;
				signed short _t427;
				signed short _t429;
				void* _t430;
				short _t431;
				short _t432;
				signed int _t437;
				void* _t438;
				short _t441;
				signed char _t443;
				signed int _t445;
				signed short _t448;
				signed int _t451;
				short _t452;
				signed short* _t463;
				unsigned int _t464;
				signed int _t472;
				signed short* _t473;
				signed int _t474;
				signed int _t475;
				signed int _t476;
				void* _t479;
				signed int _t480;

				_t414 = __ebx;
				_push(0x268);
				_push(0x1621dc0);
				E01626F10(__ebx, __edi, __esi);
				_t455 = 0;
				 *(_t479 - 0x40) = 0;
				 *(_t479 - 0x48) = 0;
				 *(_t479 - 0x58) = 0;
				 *(_t479 - 0x60) = 0;
				 *(_t479 - 0x54) = 0;
				 *( *((intOrPtr*)(_t479 + 0x28)) + 0x40) = 0;
				if( *(_t479 + 0x20) <= 0x80) {
					__eflags =  *( *((intOrPtr*)(_t479 + 8)) + 0xc8) >> 0x00000002 & 0x00000001;
					if(__eflags != 0) {
						_push(0x374);
						_t406 = E016A0313(__ebx, 0, __esi, __eflags);
						__eflags = _t406;
						if(_t406 != 0) {
							 *((intOrPtr*)(_t479 - 4)) = 0;
							E01616F5C(0x310);
							 *(_t479 - 0x18) = _t480;
							 *(_t479 - 0x48) = _t480;
							 *((intOrPtr*)(_t479 - 4)) = 0xfffffffe;
							E016A036E(0, __eflags, _t479 - 0x48, _t479 - 0x58);
						}
					}
					 *(_t479 - 0x38) = _t455;
					_t463 =  *((intOrPtr*)(_t479 + 8)) + 0x68;
					 *(_t479 - 0x68) = _t463;
					while(1) {
						_t292 =  *((intOrPtr*)(_t479 + 0xc));
						 *(_t479 - 0x64) = _t455;
						 *(_t479 - 0x30) = _t455;
						_t416 = 0x50;
						 *(_t479 - 0x20) = _t416;
						 *(_t479 - 0x24) = _t416;
						 *((char*)(_t479 - 0x2b)) = 0;
						 *((char*)(_t479 - 0x2a)) = 0;
						 *((char*)(_t479 - 0x29)) = 0;
						 *(_t479 - 0x34) = _t455;
						 *(_t479 - 0x3c) = _t455;
						 *(_t479 - 0x44) = _t455;
						 *(_t479 - 0x50) = _t455;
						 *(_t479 - 0x4c) = _t455;
						_t417 =  *(_t292 + 8);
						_t451 =  *(_t292 + 0xc);
						__eflags = _t463[2];
						if(_t463[2] == 0) {
							goto L86;
						}
						_t414 = _t463[2];
						__eflags =  *((intOrPtr*)(_t292 + 4)) - _t414;
						if( *((intOrPtr*)(_t292 + 4)) <= _t414) {
							L10:
							_t296 =  *_t463 >> 6;
							__eflags = _t296 & 0x00000001;
							if((_t296 & 0x00000001) == 0) {
								L12:
								_t414 =  *(_t463 - 4) & _t451;
								__eflags =  *(_t463 - 8) & _t417 |  *(_t463 - 4) & _t451;
								if(( *(_t463 - 8) & _t417 |  *(_t463 - 4) & _t451) == 0) {
									goto L86;
								}
								_t414 =  *(_t463 - 0x10);
								_t419 =  *(_t463 - 0xc) & _t451;
								__eflags = (_t414 & _t417) - _t414;
								if((_t414 & _t417) != _t414) {
									goto L86;
								}
								__eflags = _t419 -  *(_t463 - 0xc);
								if(_t419 !=  *(_t463 - 0xc)) {
									goto L86;
								}
								L15:
								 *(_t479 - 0x6c) =  *(_t479 - 0x38) << 2;
								_t421 = 1;
								asm("lock xadd [eax], ecx");
								__eflags =  *(_t479 + 0x1c);
								if( *(_t479 + 0x1c) != 0) {
									 *(_t479 - 0x20) = 0x68;
								}
								__eflags =  *_t463 & 0x00000001;
								if(( *_t463 & 0x00000001) != 0) {
									_push(_t479 - 0x5c);
									_push(1);
									_t414 = 0x20008;
									_push(0x20008);
									_push(0xfffffffe);
									_t396 = E016159E0();
									 *(_t479 - 0x28) = _t396;
									__eflags = _t396 - 0xc000007c;
									if(_t396 == 0xc000007c) {
										_push(_t479 - 0x5c);
										_push(0x20008);
										_push(0xffffffff);
										 *(_t479 - 0x28) = E01615960();
									}
									__eflags =  *(_t479 - 0x28);
									if( *(_t479 - 0x28) >= 0) {
										_push(_t479 - 0x3c);
										_push(0x80);
										_push(_t479 - 0x278);
										_push(1);
										_push( *((intOrPtr*)(_t479 - 0x5c)));
										 *(_t479 - 0x28) = E01615C40();
										_push( *((intOrPtr*)(_t479 - 0x5c)));
										E01615090();
										 *(_t479 - 0x3c) =  *(_t479 - 0x3c) - 8;
										_t455 =  *(_t479 - 0x3c) + 0x0000000f & 0x0000fff8;
										 *(_t479 - 0x34) = _t455;
										__eflags =  *(_t479 - 0x28);
										if( *(_t479 - 0x28) >= 0) {
											 *((char*)(_t479 - 0x2a)) = 1;
											_t70 = _t479 - 0x20;
											 *_t70 =  *(_t479 - 0x20) + (_t455 & 0x0000ffff);
											__eflags =  *_t70;
										}
									}
								}
								_t464 =  *_t463;
								_t306 = _t464 >> 2;
								__eflags = _t306 & 0x00000001;
								if((_t306 & 0x00000001) != 0) {
									__eflags =  *(_t479 - 0x48);
									if( *(_t479 - 0x48) != 0) {
										 *((char*)(_t479 - 0x29)) = 1;
										_t77 = _t479 - 0x20;
										 *_t77 =  *(_t479 - 0x20) + ( *(_t479 - 0x58) & 0x0000ffff);
										__eflags =  *_t77;
									}
								}
								_t308 = _t464 >> 1;
								__eflags = _t308 & 0x00000001;
								if((_t308 & 0x00000001) != 0) {
									 *((char*)(_t479 - 0x2b)) = 1;
									_t82 = _t479 - 0x20;
									 *_t82 =  *(_t479 - 0x20) + 0x10;
									__eflags =  *_t82;
								}
								_t463 = ( *( *((intOrPtr*)(_t479 + 0x28)) + 0x40) << 4) +  *((intOrPtr*)(_t479 + 0x28));
								 *(_t479 - 0x28) =  *(_t479 - 0x28) & 0x00000000;
								__eflags =  *(_t479 + 0x20);
								if( *(_t479 + 0x20) <= 0) {
									L43:
									__eflags =  *(_t479 - 0x50);
									if( *(_t479 - 0x50) != 0) {
										_t111 = _t479 - 0x20;
										 *_t111 =  *(_t479 - 0x20) + (( *(_t479 - 0x44) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
										__eflags =  *_t111;
									}
									__eflags =  *(_t479 - 0x40);
									if( *(_t479 - 0x40) != 0) {
										L92:
										asm("lock xadd [eax], ecx");
										L93:
										goto L94;
									} else {
										_t463[6] =  *(_t479 - 0x20);
										_t455 =  *( *(_t479 - 0x6c) + 0x16af9e4);
										 *(_t479 - 0x28) = _t455;
										__eflags = _t455;
										if(_t455 == 0) {
											L91:
											 *(_t479 - 0x40) = 6;
											goto L92;
										}
										__eflags = _t455 - 0x16af9e4;
										if(_t455 == 0x16af9e4) {
											goto L91;
										}
										_t421 = _t479 - 0x78;
										_t414 = E016A018E( *(_t479 - 0x20), _t455,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t479 - 0x78, _t479 - 0x64);
										__eflags = _t414;
										if(_t414 == 0) {
											_t319 =  *(_t479 - 0x20) + 0x00000007 & 0xfffffff8;
											__eflags = _t319 - 0xffff;
											if(_t319 <= 0xffff) {
												_t421 =  *((intOrPtr*)(_t455 + 0x80)) - 0x48;
												__eflags =  *((intOrPtr*)(_t455 + 0x80)) - 0x48 - _t319;
												asm("sbb eax, eax");
												 *(_t479 - 0x40) = (_t319 & 0x000000e2) + 8;
											} else {
												 *(_t479 - 0x40) = 0x216;
											}
											goto L92;
										}
										 *_t463 = _t455;
										_t463[2] = _t414;
										_t463[4] =  *(_t479 - 0x64);
										 *( *((intOrPtr*)(_t479 + 0x28)) + 0x40) =  *( *((intOrPtr*)(_t479 + 0x28)) + 0x40) + 1;
										 *_t414 =  *(_t479 - 0x20);
										 *((short*)(_t414 + 2)) = 0xc012;
										 *(_t414 + 4) =  *((intOrPtr*)(_t479 + 0x14));
										 *((short*)(_t414 + 6)) =  *((intOrPtr*)(_t479 + 0x10));
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										_t140 = _t414 + 0x40; // 0x40
										_t455 = _t140;
										__eflags =  *(_t479 + 0x18);
										if( *(_t479 + 0x18) == 0) {
											__eflags =  *[fs:0x18] + 0xf50;
										}
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										__eflags =  *(_t479 + 0x1c);
										if( *(_t479 + 0x1c) != 0) {
											_t142 = _t414 + 0x50; // 0x50
											_t387 = _t142;
											_t438 = 0x18;
											 *_t387 = _t438;
											 *((short*)(_t387 + 2)) = 1;
											_t441 = 0x10;
											 *((short*)(_t387 + 6)) = _t441;
											 *((short*)(_t387 + 4)) = 0;
											_t146 = _t387 + 8; // 0x58
											_t455 = _t146;
											asm("movsd");
											asm("movsd");
											asm("movsd");
											asm("movsd");
											_t147 = _t414 + 4;
											 *_t147 =  *(_t414 + 4) | 0x00000001;
											__eflags =  *_t147;
											 *(_t479 - 0x24) = 0x68;
											 *(_t479 - 0x30) = _t387;
										}
										__eflags =  *((char*)(_t479 - 0x2a)) - 1;
										if( *((char*)(_t479 - 0x2a)) == 1) {
											_t476 =  *(_t479 - 0x24) + _t414;
											_t455 =  *(_t479 - 0x34);
											 *_t476 = _t455;
											_t379 = 2;
											 *((short*)(_t476 + 2)) = _t379;
											 *((short*)(_t476 + 6)) =  *(_t479 - 0x3c);
											 *((short*)(_t476 + 4)) = 0;
											_t161 = _t476 + 8; // 0x8
											E01604830(_t161, _t479 - 0x270,  *(_t479 - 0x3c));
											_t480 = _t480 + 0xc;
											 *(_t414 + 4) =  *(_t414 + 4) | 0x00000001;
											 *(_t479 - 0x24) =  *(_t479 - 0x24) + (_t455 & 0x0000ffff);
											_t386 =  *(_t479 - 0x30);
											__eflags = _t386;
											if(_t386 != 0) {
												_t167 = _t386 + 4;
												 *_t167 =  *(_t386 + 4) | 0x00000001;
												__eflags =  *_t167;
											}
											 *(_t479 - 0x30) = _t476;
										}
										__eflags =  *((char*)(_t479 - 0x2b)) - 1;
										if( *((char*)(_t479 - 0x2b)) == 1) {
											_t377 =  *(_t479 - 0x24) + _t414;
											_t430 = 0x10;
											 *_t377 = _t430;
											_t431 = 3;
											 *((short*)(_t377 + 2)) = _t431;
											_t432 = 4;
											 *((short*)(_t377 + 6)) = _t432;
											 *((short*)(_t377 + 4)) = 0;
											 *((intOrPtr*)(_t377 + 8)) =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x1d4));
											 *(_t414 + 4) =  *(_t414 + 4) | 0x00000001;
											 *(_t479 - 0x24) =  *(_t479 - 0x24) + 0x10;
											_t437 =  *(_t479 - 0x30);
											__eflags = _t437;
											if(_t437 != 0) {
												_t183 = _t437 + 4;
												 *_t183 =  *(_t437 + 4) | 0x00000001;
												__eflags =  *_t183;
											}
											 *(_t479 - 0x30) = _t377;
										}
										__eflags =  *((char*)(_t479 - 0x29)) - 1;
										if( *((char*)(_t479 - 0x29)) == 1) {
											_t455 = _t414 +  *(_t479 - 0x24);
											_t475 =  *(_t479 - 0x58) & 0x0000ffff;
											E01604830(_t455,  *(_t479 - 0x48), _t475);
											_t480 = _t480 + 0xc;
											 *(_t414 + 4) =  *(_t414 + 4) | 0x00000001;
											 *(_t479 - 0x24) =  *(_t479 - 0x24) + _t475;
											_t375 =  *(_t479 - 0x30);
											__eflags = _t375;
											if(_t375 != 0) {
												_t196 = _t375 + 4;
												 *_t196 =  *(_t375 + 4) | 0x00000001;
												__eflags =  *_t196;
											}
											 *(_t479 - 0x30) = _t455;
										}
										__eflags =  *(_t479 - 0x54);
										if( *(_t479 - 0x54) != 0) {
											_t474 =  *(_t479 - 0x24) + _t414;
											_t429 =  *(_t479 - 0x60);
											_t361 = _t429 + 0x0000000f & 0x0000fff8;
											 *_t474 = _t361;
											_t452 = 0xc;
											 *((short*)(_t474 + 2)) = _t452;
											 *(_t474 + 6) = _t429;
											_t451 = 0;
											 *((short*)(_t474 + 4)) = 0;
											 *(_t479 - 0x6c) = _t361 - _t429 - 0x00000008 & 0x0000ffff;
											_t208 = _t474 + 8; // 0x8
											_t455 = _t208;
											 *(_t479 - 0x34) = _t429 & 0x0000ffff;
											E01604830(_t208,  *(_t479 - 0x54), _t429 & 0x0000ffff);
											E01604EC0( *(_t479 - 0x34) + _t208, 0,  *(_t479 - 0x6c) & 0x0000ffff);
											_t480 = _t480 + 0x18;
											 *(_t414 + 4) =  *(_t414 + 4) | 0x00000001;
											 *(_t479 - 0x24) =  *(_t479 - 0x24) + ( *_t474 & 0x0000ffff);
											_t372 =  *(_t479 - 0x30);
											__eflags = _t372;
											if(_t372 != 0) {
												_t218 = _t372 + 4;
												 *_t218 =  *(_t372 + 4) | 0x00000001;
												__eflags =  *_t218;
											}
											 *(_t479 - 0x30) = _t474;
										}
										__eflags =  *(_t479 - 0x50);
										if( *(_t479 - 0x50) != 0) {
											_t473 =  *(_t479 - 0x24) + _t414;
											_t451 =  *(_t479 - 0x44);
											 *_t473 = _t451 + 0x0000000f & 0x0000fff8;
											_t427 = 0xb;
											_t473[1] = _t427;
											_t473[3] = _t451;
											_t473[2] = 0;
											_t229 =  &(_t473[4]); // 0x8
											_t455 = _t229;
											 *(_t479 - 0x4c) = _t229;
											E01604EC0((_t451 & 0x0000ffff) + _t229, 0, (_t451 + 0x0000000f & 0x0000fff8) - _t451 - 0x00000008 & 0x0000ffff);
											_t480 = _t480 + 0xc;
											 *(_t414 + 4) =  *(_t414 + 4) | 0x00000001;
											 *(_t479 - 0x24) =  *(_t479 - 0x24) + ( *_t473 & 0x0000ffff);
											_t358 =  *(_t479 - 0x30);
											__eflags = _t358;
											if(_t358 != 0) {
												_t236 = _t358 + 4;
												 *_t236 =  *(_t358 + 4) | 0x00000001;
												__eflags =  *_t236;
											}
										}
										_t329 =  *(_t479 + 0x20);
										__eflags = _t329;
										if(_t329 <= 0) {
											L82:
											 *((intOrPtr*)(_t414 + 0x10)) =  *(_t479 - 0x78);
											 *(_t414 + 0x14) =  *(_t479 - 0x74);
											_t332 =  *(_t479 - 0x28);
											__eflags =  *((intOrPtr*)(_t332 + 0x10)) - 3;
											if( *((intOrPtr*)(_t332 + 0x10)) != 3) {
												asm("rdtsc");
												 *(_t414 + 0x38) = _t332;
												 *(_t414 + 0x3c) = _t451;
											} else {
												 *(_t414 + 0x38) =  *(_t479 - 0x78);
												 *(_t414 + 0x3c) =  *(_t479 - 0x74);
											}
											_t334 =  *[fs:0x18] + 0x20;
											__eflags = _t334;
											 *((intOrPtr*)(_t414 + 8)) =  *((intOrPtr*)(_t334 + 4));
											 *((intOrPtr*)(_t414 + 0xc)) =  *_t334;
											_t463 =  *(_t479 - 0x68);
											goto L86;
										} else {
											_t472 =  *((intOrPtr*)(_t479 + 0x24)) + 0xc;
											__eflags = _t472;
											 *(_t479 - 0x34) = _t329;
											do {
												_t455 =  *(_t472 - 4);
												_t426 =  *((intOrPtr*)(_t472 - 0xc));
												 *(_t479 - 0x6c) =  *(_t472 - 8);
												_t339 =  *((intOrPtr*)(_t479 + 8));
												__eflags =  *(_t339 + 0x3c) & 0x80000000;
												if(( *(_t339 + 0x3c) & 0x80000000) != 0) {
													_t340 =  *_t472;
												} else {
													_t340 = 0;
												}
												_t342 = (_t340 & 0x000000ff) - 1;
												__eflags = _t342;
												if(_t342 == 0) {
													E01604830( *(_t479 - 0x4c), _t426, _t455);
													_t480 = _t480 + 0xc;
													_t253 = _t479 - 0x4c;
													 *_t253 =  *(_t479 - 0x4c) + _t455;
													__eflags =  *_t253;
												} else {
													__eflags = _t342 != 1;
													if(_t342 != 1) {
														 *(_t479 - 0x24) =  *(_t479 - 0x24) + _t455;
														E01604830( *(_t479 - 0x24) + _t414, _t426, _t455);
														_t480 = _t480 + 0xc;
													}
												}
												_t472 = _t472 + 0x10;
												_t255 = _t479 - 0x34;
												 *_t255 =  *(_t479 - 0x34) - 1;
												__eflags =  *_t255;
											} while ( *_t255 != 0);
											goto L82;
										}
									}
								} else {
									_t451 =  *( *((intOrPtr*)(_t479 + 8)) + 0x3c) >> 0x1f;
									_t393 =  *((intOrPtr*)(_t479 + 0x24)) + 8;
									__eflags = _t393;
									while(1) {
										_t455 =  *(_t479 - 0x20);
										__eflags = _t451;
										if(_t451 != 0) {
											_t443 =  *((intOrPtr*)(_t393 + 4));
										} else {
											_t443 = 0;
										}
										_t445 = (_t443 & 0x000000ff) - 1;
										__eflags = _t445;
										if(_t445 == 0) {
											_t421 =  *_t393;
											 *(_t479 - 0x44) =  *(_t479 - 0x44) +  *_t393;
											_t101 = _t479 - 0x50;
											 *_t101 =  *(_t479 - 0x50) + 1;
											__eflags =  *_t101;
										} else {
											__eflags = _t445 == 1;
											if(_t445 == 1) {
												 *(_t479 - 0x54) =  *(_t393 - 8);
												_t448 =  *_t393 & 0x0000ffff;
												 *(_t479 - 0x60) = _t448;
												_t421 = (_t448 & 0x0000ffff) + 0x0000000f & 0xfffffff8;
												__eflags = _t421;
											} else {
												_t421 =  *_t393;
											}
											 *(_t479 - 0x20) =  *(_t479 - 0x20) + _t421;
										}
										__eflags =  *(_t479 - 0x20) - _t455;
										if( *(_t479 - 0x20) < _t455) {
											break;
										}
										 *(_t479 - 0x28) =  *(_t479 - 0x28) + 1;
										_t393 = _t393 + 0x10;
										_t421 =  *(_t479 - 0x28);
										__eflags = _t421 -  *(_t479 + 0x20);
										if(_t421 >=  *(_t479 + 0x20)) {
											goto L43;
										}
									}
									 *(_t479 - 0x40) = 0x216;
									goto L43;
								}
							}
							__eflags = _t417 | _t451;
							if((_t417 | _t451) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t414;
						if(_t414 != 0) {
							goto L86;
						}
						goto L10;
						L86:
						 *(_t479 - 0x38) =  *(_t479 - 0x38) + 1;
						_t463 =  &(_t463[0xc]);
						 *(_t479 - 0x68) = _t463;
						__eflags =  *(_t479 - 0x38) - 4;
						if( *(_t479 - 0x38) >= 4) {
							goto L93;
						}
						_t455 = 0;
						__eflags = 0;
					}
				} else {
					_push(0x57);
					L94:
					return E01626F58(_t414, _t455, _t463);
				}
			}

0x016a0404
0x016a0404
0x016a0409
0x016a040e
0x016a0413
0x016a0415
0x016a0418
0x016a041b
0x016a041e
0x016a0421
0x016a0427
0x016a0431
0x016a0447
0x016a0449
0x016a044b
0x016a0450
0x016a0455
0x016a0457
0x016a0459
0x016a0461
0x016a0466
0x016a046b
0x016a046e
0x016a047d
0x016a047d
0x016a0457
0x016a04ad
0x016a04b3
0x016a04b6
0x016a04bd
0x016a04bd
0x016a04c0
0x016a04c3
0x016a04c8
0x016a04c9
0x016a04cc
0x016a04cf
0x016a04d3
0x016a04d7
0x016a04db
0x016a04de
0x016a04e1
0x016a04e4
0x016a04e7
0x016a04ea
0x016a04ed
0x016a04f0
0x016a04f4
0x00000000
0x00000000
0x016a04fa
0x016a04fd
0x016a0500
0x016a050a
0x016a050c
0x016a050f
0x016a0511
0x016a0519
0x016a0521
0x016a0523
0x016a0525
0x00000000
0x00000000
0x016a052b
0x016a0535
0x016a0537
0x016a0539
0x00000000
0x00000000
0x016a053f
0x016a0542
0x00000000
0x00000000
0x016a0548
0x016a054e
0x016a0559
0x016a055a
0x016a055e
0x016a0562
0x016a0564
0x016a0564
0x016a056b
0x016a056e
0x016a0573
0x016a0574
0x016a0576
0x016a057b
0x016a057c
0x016a057e
0x016a0583
0x016a0586
0x016a058b
0x016a0590
0x016a0591
0x016a0592
0x016a0599
0x016a0599
0x016a059c
0x016a05a0
0x016a05a5
0x016a05a6
0x016a05b1
0x016a05b2
0x016a05b4
0x016a05bc
0x016a05bf
0x016a05c2
0x016a05c7
0x016a05d1
0x016a05d7
0x016a05da
0x016a05de
0x016a05e0
0x016a05e7
0x016a05e7
0x016a05e7
0x016a05e7
0x016a05de
0x016a05a0
0x016a05ea
0x016a05ee
0x016a05f1
0x016a05f3
0x016a05f5
0x016a05f9
0x016a05fb
0x016a0603
0x016a0603
0x016a0603
0x016a0603
0x016a05f9
0x016a0608
0x016a060a
0x016a060c
0x016a060e
0x016a0612
0x016a0612
0x016a0612
0x016a0612
0x016a061f
0x016a0621
0x016a0625
0x016a0629
0x016a0695
0x016a0695
0x016a0699
0x016a06a5
0x016a06a5
0x016a06a5
0x016a06a5
0x016a06a8
0x016a06ac
0x016a0a48
0x016a0a55
0x016a0a59
0x00000000
0x016a06b2
0x016a06b5
0x016a06bb
0x016a06c1
0x016a06c4
0x016a06c6
0x016a0a41
0x016a0a41
0x00000000
0x016a0a41
0x016a06cc
0x016a06d2
0x00000000
0x00000000
0x016a06e2
0x016a06f7
0x016a06f9
0x016a06fb
0x016a0a14
0x016a0a17
0x016a0a1c
0x016a0a2d
0x016a0a30
0x016a0a32
0x016a0a3c
0x016a0a1e
0x016a0a1e
0x016a0a1e
0x00000000
0x016a0a1c
0x016a0703
0x016a0705
0x016a070b
0x016a0711
0x016a0718
0x016a0720
0x016a0728
0x016a0730
0x016a073a
0x016a073b
0x016a073c
0x016a073d
0x016a0744
0x016a0745
0x016a0746
0x016a0747
0x016a074b
0x016a074b
0x016a074e
0x016a0750
0x016a0759
0x016a0759
0x016a075f
0x016a0760
0x016a0761
0x016a0762
0x016a0766
0x016a0768
0x016a076a
0x016a076a
0x016a076f
0x016a0770
0x016a0776
0x016a077c
0x016a077d
0x016a0783
0x016a0787
0x016a0787
0x016a078a
0x016a078b
0x016a078c
0x016a078d
0x016a078e
0x016a078e
0x016a078e
0x016a0793
0x016a079a
0x016a079a
0x016a079d
0x016a07a1
0x016a07a6
0x016a07a9
0x016a07ac
0x016a07b1
0x016a07b2
0x016a07ba
0x016a07c0
0x016a07ce
0x016a07d2
0x016a07d7
0x016a07da
0x016a07e2
0x016a07e5
0x016a07e8
0x016a07ea
0x016a07ec
0x016a07ec
0x016a07ec
0x016a07ec
0x016a07f1
0x016a07f1
0x016a07f4
0x016a07f8
0x016a07fd
0x016a0801
0x016a0802
0x016a0807
0x016a0808
0x016a080e
0x016a080f
0x016a0815
0x016a0829
0x016a082c
0x016a0831
0x016a0835
0x016a0838
0x016a083a
0x016a083c
0x016a083c
0x016a083c
0x016a083c
0x016a0841
0x016a0841
0x016a0844
0x016a0848
0x016a084d
0x016a0850
0x016a0859
0x016a085e
0x016a0861
0x016a0866
0x016a0869
0x016a086c
0x016a086e
0x016a0870
0x016a0870
0x016a0870
0x016a0870
0x016a0875
0x016a0875
0x016a0878
0x016a087c
0x016a0881
0x016a0884
0x016a088a
0x016a088f
0x016a0894
0x016a0895
0x016a0899
0x016a089d
0x016a089f
0x016a08ab
0x016a08ae
0x016a08ae
0x016a08b4
0x016a08bc
0x016a08ce
0x016a08d3
0x016a08d6
0x016a08de
0x016a08e1
0x016a08e4
0x016a08e6
0x016a08e8
0x016a08e8
0x016a08e8
0x016a08e8
0x016a08ed
0x016a08ed
0x016a08f0
0x016a08f4
0x016a08f9
0x016a08fc
0x016a0907
0x016a090c
0x016a090d
0x016a0914
0x016a091a
0x016a091e
0x016a091e
0x016a0921
0x016a0935
0x016a093a
0x016a093d
0x016a0945
0x016a0948
0x016a094b
0x016a094d
0x016a094f
0x016a094f
0x016a094f
0x016a094f
0x016a094d
0x016a0954
0x016a0957
0x016a0959
0x016a09b8
0x016a09bb
0x016a09c1
0x016a09c4
0x016a09c7
0x016a09cb
0x016a09db
0x016a09dd
0x016a09e0
0x016a09cd
0x016a09d0
0x016a09d6
0x016a09d6
0x016a09e9
0x016a09e9
0x016a09ef
0x016a09f4
0x016a09f7
0x00000000
0x016a095b
0x016a095e
0x016a095e
0x016a0961
0x016a0964
0x016a0964
0x016a0967
0x016a096d
0x016a0970
0x016a0973
0x016a097a
0x016a0980
0x016a097c
0x016a097c
0x016a097c
0x016a0985
0x016a0985
0x016a0986
0x016a09a5
0x016a09aa
0x016a09ad
0x016a09ad
0x016a09ad
0x016a0988
0x016a0988
0x016a0989
0x016a0990
0x016a0996
0x016a099b
0x016a099b
0x016a0989
0x016a09b0
0x016a09b3
0x016a09b3
0x016a09b3
0x016a09b3
0x00000000
0x016a0964
0x016a0959
0x016a062b
0x016a0631
0x016a0637
0x016a0637
0x016a063a
0x016a063a
0x016a063d
0x016a063f
0x016a0645
0x016a0641
0x016a0641
0x016a0641
0x016a064b
0x016a064b
0x016a064c
0x016a066f
0x016a0672
0x016a0676
0x016a0676
0x016a0676
0x016a064e
0x016a064e
0x016a064f
0x016a0658
0x016a065b
0x016a065e
0x016a0667
0x016a0667
0x016a0651
0x016a0651
0x016a0651
0x016a066a
0x016a066a
0x016a0679
0x016a067c
0x00000000
0x00000000
0x016a067e
0x016a0681
0x016a0684
0x016a0687
0x016a068a
0x00000000
0x00000000
0x016a068c
0x016a068e
0x00000000
0x016a068e
0x016a0629
0x016a0515
0x016a0517
0x00000000
0x00000000
0x00000000
0x016a0517
0x016a0502
0x016a0504
0x00000000
0x00000000
0x00000000
0x016a09fa
0x016a09fa
0x016a09fd
0x016a0a00
0x016a0a03
0x016a0a07
0x00000000
0x00000000
0x016a04bb
0x016a04bb
0x016a04bb
0x016a0433
0x016a0433
0x016a0a5c
0x016a0a67
0x016a0a67

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: InformationQueryToken
String ID:
API String ID: 4239771691-0
Opcode ID: 1f5eebdc31fa21ca60abff8abe8b6bc23d09f007dc928a5544bf0e93e4c536ab
Instruction ID: e5cdf52f3769220b245f757da8fac86e709bb465005ff64089f2cb126303e535
Opcode Fuzzy Hash: 1f5eebdc31fa21ca60abff8abe8b6bc23d09f007dc928a5544bf0e93e4c536ab
Instruction Fuzzy Hash: AA227671900218CFDB21CF98C884AEDBBF1FF49314F59816AE949AB292D375AC85CF54

Uniqueness

Uniqueness Score: 0.00%

Function 016036AC, Relevance: .5, Instructions: 528
COMMONCrypto

C-Code - Quality: 99%

			E016036AC(signed int _a4, signed int _a8, intOrPtr _a12) {
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				intOrPtr _t984;
				void* _t986;
				void* _t989;
				signed char _t994;
				void* _t1075;
				void* _t1077;
				void* _t1078;
				void* _t1080;

				_t984 = _a12;
				if(_t984 == 0) {
					return 0;
				} else {
					__eax = __eax - 1;
					if(__eax == 0) {
						__eax = _a4;
						__ecx = _a8;
						__eax =  *_a4 & 0x000000ff;
						__ecx =  *_a8 & 0x000000ff;
						L393:
						__eax = __eax - __ecx;
						if(__eax == 0) {
							L434:
							return __eax;
						}
						0 = 0 | __eax > 0x00000000;
						__ecx = (__eax > 0) + (__eax > 0) - 1;
						__eax = __ecx;
						return __ecx;
					}
					__eax = __eax - 1;
					if(__eax == 0) {
						__ecx = _a4;
						__esi = _a8;
						__eax =  *__ecx & 0x000000ff;
						__edx =  *__esi & 0x000000ff;
						__eax = ( *__ecx & 0x000000ff) - ( *__esi & 0x000000ff);
						if(__eax == 0) {
							L402:
							__eax =  *(__ecx + 1) & 0x000000ff;
							__ecx =  *(__esi + 1) & 0x000000ff;
							goto L393;
						}
						0 = 0 | __eax > 0x00000000;
						__edx = (__eax > 0) + (__eax > 0) - 1;
						__eax = (__eax > 0) + (__eax > 0) - 1;
						if(__eax != 0) {
							goto L434;
						}
						goto L402;
					}
					__eax = __eax - 1;
					if(__eax == 0) {
						__ecx = _a4;
						__esi = _a8;
						__eax =  *__ecx & 0x000000ff;
						__edx =  *__esi & 0x000000ff;
						__eax = ( *__ecx & 0x000000ff) - ( *__esi & 0x000000ff);
						if(__eax == 0) {
							L397:
							__eax =  *(__ecx + 1) & 0x000000ff;
							__edx =  *(__esi + 1) & 0x000000ff;
							__eax = ( *(__ecx + 1) & 0x000000ff) - ( *(__esi + 1) & 0x000000ff);
							if(__eax == 0) {
								L399:
								__eax =  *(__ecx + 2) & 0x000000ff;
								__ecx =  *(__esi + 2) & 0x000000ff;
								goto L393;
							}
							0 = 0 | __eax > 0x00000000;
							__edx = (__eax > 0) + (__eax > 0) - 1;
							__eax = (__eax > 0) + (__eax > 0) - 1;
							if(__eax != 0) {
								goto L434;
							}
							goto L399;
						}
						0 = 0 | __eax > 0x00000000;
						__edx = (__eax > 0) + (__eax > 0) - 1;
						__eax = (__eax > 0) + (__eax > 0) - 1;
						if(__eax != 0) {
							goto L434;
						}
						goto L397;
					}
					if(__eax == 0) {
						__ecx = _a4;
						__esi = _a8;
						__eax =  *__ecx & 0x000000ff;
						__edx =  *__esi & 0x000000ff;
						__eax = ( *__ecx & 0x000000ff) - ( *__esi & 0x000000ff);
						if(__eax == 0) {
							L388:
							__eax =  *(__ecx + 1) & 0x000000ff;
							__edx =  *(__esi + 1) & 0x000000ff;
							__eax = ( *(__ecx + 1) & 0x000000ff) - ( *(__esi + 1) & 0x000000ff);
							if(__eax == 0) {
								L390:
								__eax =  *(__ecx + 2) & 0x000000ff;
								__edx =  *(__esi + 2) & 0x000000ff;
								__eax = ( *(__ecx + 2) & 0x000000ff) - ( *(__esi + 2) & 0x000000ff);
								if(__eax == 0) {
									L392:
									__eax =  *(__ecx + 3) & 0x000000ff;
									__ecx =  *(__esi + 3) & 0x000000ff;
									goto L393;
								}
								0 = 0 | __eax > 0x00000000;
								__edx = (__eax > 0) + (__eax > 0) - 1;
								__eax = (__eax > 0) + (__eax > 0) - 1;
								if(__eax != 0) {
									goto L434;
								}
								goto L392;
							}
							0 = 0 | __eax > 0x00000000;
							__edx = (__eax > 0) + (__eax > 0) - 1;
							__eax = (__eax > 0) + (__eax > 0) - 1;
							if(__eax != 0) {
								goto L434;
							}
							goto L390;
						}
						0 = 0 | __eax > 0x00000000;
						__edx = (__eax > 0) + (__eax > 0) - 1;
						__eax = (__eax > 0) + (__eax > 0) - 1;
						if(__eax != 0) {
							goto L434;
						}
						goto L388;
					}
					__ecx = _a8;
					__eax = _a4;
					_push(__ebx);
					__edx = 0x20;
					while(__edi >= __edx) {
						__esi =  *__eax;
						if( *__eax ==  *__ecx) {
							__esi = 0;
							L17:
							if(__esi != 0) {
								L432:
								_t986 = _t1078;
								L433:
								return _t986;
							}
							__esi =  *(__eax + 4);
							if( *(__eax + 4) ==  *(__ecx + 4)) {
								__esi = 0;
								L28:
								if(__esi != 0) {
									goto L432;
								}
								__esi =  *(__eax + 8);
								if( *(__eax + 8) ==  *(__ecx + 8)) {
									__esi = 0;
									L39:
									if(__esi != 0) {
										goto L432;
									}
									__esi =  *(__eax + 0xc);
									if( *(__eax + 0xc) ==  *(__ecx + 0xc)) {
										__esi = 0;
										L50:
										if(__esi != 0) {
											goto L432;
										}
										__esi =  *(__eax + 0x10);
										if( *(__eax + 0x10) ==  *(__ecx + 0x10)) {
											__esi = 0;
											L61:
											if(__esi != 0) {
												goto L432;
											}
											__esi =  *(__eax + 0x14);
											if( *(__eax + 0x14) ==  *(__ecx + 0x14)) {
												__esi = 0;
												L72:
												if(__esi != 0) {
													goto L432;
												}
												__esi =  *(__eax + 0x18);
												if( *(__eax + 0x18) ==  *(__ecx + 0x18)) {
													__esi = 0;
													L83:
													if(__esi != 0) {
														goto L432;
													}
													__esi =  *(__eax + 0x1c);
													if( *(__eax + 0x1c) ==  *(__ecx + 0x1c)) {
														__esi = 0;
														L94:
														if(__esi != 0) {
															goto L432;
														} else {
															__eax = __eax + __edx;
															__ecx = __ecx + __edx;
															__edi = __edi - __edx;
															continue;
														}
													}
													__esi =  *(__eax + 0x1c) & 0x000000ff;
													__ebx =  *(__ecx + 0x1c) & 0x000000ff;
													__esi = ( *(__eax + 0x1c) & 0x000000ff) - ( *(__ecx + 0x1c) & 0x000000ff);
													if(__esi == 0) {
														L87:
														__esi =  *(__eax + 0x1d) & 0x000000ff;
														__ebx =  *(__ecx + 0x1d) & 0x000000ff;
														__esi = ( *(__eax + 0x1d) & 0x000000ff) - ( *(__ecx + 0x1d) & 0x000000ff);
														if(__esi == 0) {
															L89:
															__esi =  *(__eax + 0x1e) & 0x000000ff;
															__ebx =  *(__ecx + 0x1e) & 0x000000ff;
															__esi = ( *(__eax + 0x1e) & 0x000000ff) - ( *(__ecx + 0x1e) & 0x000000ff);
															if(__esi == 0) {
																L91:
																__esi =  *(__eax + 0x1f) & 0x000000ff;
																__ebx =  *(__ecx + 0x1f) & 0x000000ff;
																__esi = ( *(__eax + 0x1f) & 0x000000ff) - ( *(__ecx + 0x1f) & 0x000000ff);
																if(__esi != 0) {
																	0 = 0 | __esi > 0x00000000;
																	__ebx = (__esi > 0) + (__esi > 0) - 1;
																	__esi = (__esi > 0) + (__esi > 0) - 1;
																}
																goto L94;
															}
															0 = 0 | __esi > 0x00000000;
															__ebx = (__esi > 0) + (__esi > 0) - 1;
															__esi = __ebx;
															if(__ebx != 0) {
																goto L432;
															}
															goto L91;
														}
														0 = 0 | __esi > 0x00000000;
														__ebx = (__esi > 0) + (__esi > 0) - 1;
														__esi = __ebx;
														if(__ebx != 0) {
															goto L432;
														}
														goto L89;
													}
													0 = 0 | __esi > 0x00000000;
													__ebx = (__esi > 0) + (__esi > 0) - 1;
													__esi = __ebx;
													if(__ebx != 0) {
														goto L432;
													}
													goto L87;
												}
												__esi =  *(__eax + 0x18) & 0x000000ff;
												__ebx =  *(__ecx + 0x18) & 0x000000ff;
												__esi = ( *(__eax + 0x18) & 0x000000ff) - ( *(__ecx + 0x18) & 0x000000ff);
												if(__esi == 0) {
													L76:
													__esi =  *(__eax + 0x19) & 0x000000ff;
													__ebx =  *(__ecx + 0x19) & 0x000000ff;
													__esi = ( *(__eax + 0x19) & 0x000000ff) - ( *(__ecx + 0x19) & 0x000000ff);
													if(__esi == 0) {
														L78:
														__esi =  *(__eax + 0x1a) & 0x000000ff;
														__ebx =  *(__ecx + 0x1a) & 0x000000ff;
														__esi = ( *(__eax + 0x1a) & 0x000000ff) - ( *(__ecx + 0x1a) & 0x000000ff);
														if(__esi == 0) {
															L80:
															__esi =  *(__eax + 0x1b) & 0x000000ff;
															__ebx =  *(__ecx + 0x1b) & 0x000000ff;
															__esi = ( *(__eax + 0x1b) & 0x000000ff) - ( *(__ecx + 0x1b) & 0x000000ff);
															if(__esi != 0) {
																0 = 0 | __esi > 0x00000000;
																__ebx = (__esi > 0) + (__esi > 0) - 1;
																__esi = (__esi > 0) + (__esi > 0) - 1;
															}
															goto L83;
														}
														0 = 0 | __esi > 0x00000000;
														__ebx = (__esi > 0) + (__esi > 0) - 1;
														__esi = __ebx;
														if(__ebx != 0) {
															goto L432;
														}
														goto L80;
													}
													0 = 0 | __esi > 0x00000000;
													__ebx = (__esi > 0) + (__esi > 0) - 1;
													__esi = __ebx;
													if(__ebx != 0) {
														goto L432;
													}
													goto L78;
												}
												0 = 0 | __esi > 0x00000000;
												__ebx = (__esi > 0) + (__esi > 0) - 1;
												__esi = __ebx;
												if(__ebx != 0) {
													goto L432;
												}
												goto L76;
											}
											__esi =  *(__eax + 0x14) & 0x000000ff;
											__ebx =  *(__ecx + 0x14) & 0x000000ff;
											__esi = ( *(__eax + 0x14) & 0x000000ff) - ( *(__ecx + 0x14) & 0x000000ff);
											if(__esi == 0) {
												L65:
												__esi =  *(__eax + 0x15) & 0x000000ff;
												__ebx =  *(__ecx + 0x15) & 0x000000ff;
												__esi = ( *(__eax + 0x15) & 0x000000ff) - ( *(__ecx + 0x15) & 0x000000ff);
												if(__esi == 0) {
													L67:
													__esi =  *(__eax + 0x16) & 0x000000ff;
													__ebx =  *(__ecx + 0x16) & 0x000000ff;
													__esi = ( *(__eax + 0x16) & 0x000000ff) - ( *(__ecx + 0x16) & 0x000000ff);
													if(__esi == 0) {
														L69:
														__esi =  *(__eax + 0x17) & 0x000000ff;
														__ebx =  *(__ecx + 0x17) & 0x000000ff;
														__esi = ( *(__eax + 0x17) & 0x000000ff) - ( *(__ecx + 0x17) & 0x000000ff);
														if(__esi != 0) {
															0 = 0 | __esi > 0x00000000;
															__ebx = (__esi > 0) + (__esi > 0) - 1;
															__esi = (__esi > 0) + (__esi > 0) - 1;
														}
														goto L72;
													}
													0 = 0 | __esi > 0x00000000;
													__ebx = (__esi > 0) + (__esi > 0) - 1;
													__esi = __ebx;
													if(__ebx != 0) {
														goto L432;
													}
													goto L69;
												}
												0 = 0 | __esi > 0x00000000;
												__ebx = (__esi > 0) + (__esi > 0) - 1;
												__esi = __ebx;
												if(__ebx != 0) {
													goto L432;
												}
												goto L67;
											}
											0 = 0 | __esi > 0x00000000;
											__ebx = (__esi > 0) + (__esi > 0) - 1;
											__esi = __ebx;
											if(__ebx != 0) {
												goto L432;
											}
											goto L65;
										}
										__ebx =  *(__ecx + 0x10) & 0x000000ff;
										__esi =  *(__eax + 0x10) & 0x000000ff;
										__esi = ( *(__eax + 0x10) & 0x000000ff) - ( *(__ecx + 0x10) & 0x000000ff);
										if(__esi == 0) {
											L54:
											__esi =  *(__eax + 0x11) & 0x000000ff;
											__ebx =  *(__ecx + 0x11) & 0x000000ff;
											__esi = ( *(__eax + 0x11) & 0x000000ff) - ( *(__ecx + 0x11) & 0x000000ff);
											if(__esi == 0) {
												L56:
												__esi =  *(__eax + 0x12) & 0x000000ff;
												__ebx =  *(__ecx + 0x12) & 0x000000ff;
												__esi = ( *(__eax + 0x12) & 0x000000ff) - ( *(__ecx + 0x12) & 0x000000ff);
												if(__esi == 0) {
													L58:
													__esi =  *(__eax + 0x13) & 0x000000ff;
													__ebx =  *(__ecx + 0x13) & 0x000000ff;
													__esi = ( *(__eax + 0x13) & 0x000000ff) - ( *(__ecx + 0x13) & 0x000000ff);
													if(__esi != 0) {
														0 = 0 | __esi > 0x00000000;
														__ebx = (__esi > 0) + (__esi > 0) - 1;
														__esi = (__esi > 0) + (__esi > 0) - 1;
													}
													goto L61;
												}
												0 = 0 | __esi > 0x00000000;
												__ebx = (__esi > 0) + (__esi > 0) - 1;
												__esi = __ebx;
												if(__ebx != 0) {
													goto L432;
												}
												goto L58;
											}
											0 = 0 | __esi > 0x00000000;
											__ebx = (__esi > 0) + (__esi > 0) - 1;
											__esi = __ebx;
											if(__ebx != 0) {
												goto L432;
											}
											goto L56;
										}
										0 = 0 | __esi > 0x00000000;
										__ebx = (__esi > 0) + (__esi > 0) - 1;
										__esi = __ebx;
										if(__ebx != 0) {
											goto L432;
										}
										goto L54;
									}
									__esi =  *(__eax + 0xc) & 0x000000ff;
									__ebx =  *(__ecx + 0xc) & 0x000000ff;
									__esi = ( *(__eax + 0xc) & 0x000000ff) - ( *(__ecx + 0xc) & 0x000000ff);
									if(__esi == 0) {
										L43:
										__esi =  *(__eax + 0xd) & 0x000000ff;
										__ebx =  *(__ecx + 0xd) & 0x000000ff;
										__esi = ( *(__eax + 0xd) & 0x000000ff) - ( *(__ecx + 0xd) & 0x000000ff);
										if(__esi == 0) {
											L45:
											__esi =  *(__eax + 0xe) & 0x000000ff;
											__ebx =  *(__ecx + 0xe) & 0x000000ff;
											__esi = ( *(__eax + 0xe) & 0x000000ff) - ( *(__ecx + 0xe) & 0x000000ff);
											if(__esi == 0) {
												L47:
												__esi =  *(__eax + 0xf) & 0x000000ff;
												__ebx =  *(__ecx + 0xf) & 0x000000ff;
												__esi = ( *(__eax + 0xf) & 0x000000ff) - ( *(__ecx + 0xf) & 0x000000ff);
												if(__esi != 0) {
													0 = 0 | __esi > 0x00000000;
													__ebx = (__esi > 0) + (__esi > 0) - 1;
													__esi = (__esi > 0) + (__esi > 0) - 1;
												}
												goto L50;
											}
											0 = 0 | __esi > 0x00000000;
											__ebx = (__esi > 0) + (__esi > 0) - 1;
											__esi = __ebx;
											if(__ebx != 0) {
												goto L432;
											}
											goto L47;
										}
										0 = 0 | __esi > 0x00000000;
										__ebx = (__esi > 0) + (__esi > 0) - 1;
										__esi = __ebx;
										if(__ebx != 0) {
											goto L432;
										}
										goto L45;
									}
									0 = 0 | __esi > 0x00000000;
									__ebx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __ebx;
									if(__ebx != 0) {
										goto L432;
									}
									goto L43;
								}
								__esi =  *(__eax + 8) & 0x000000ff;
								__ebx =  *(__ecx + 8) & 0x000000ff;
								__esi = ( *(__eax + 8) & 0x000000ff) - ( *(__ecx + 8) & 0x000000ff);
								if(__esi == 0) {
									L32:
									__esi =  *(__eax + 9) & 0x000000ff;
									__ebx =  *(__ecx + 9) & 0x000000ff;
									__esi = ( *(__eax + 9) & 0x000000ff) - ( *(__ecx + 9) & 0x000000ff);
									if(__esi == 0) {
										L34:
										__esi =  *(__eax + 0xa) & 0x000000ff;
										__ebx =  *(__ecx + 0xa) & 0x000000ff;
										__esi = ( *(__eax + 0xa) & 0x000000ff) - ( *(__ecx + 0xa) & 0x000000ff);
										if(__esi == 0) {
											L36:
											__esi =  *(__eax + 0xb) & 0x000000ff;
											__ebx =  *(__ecx + 0xb) & 0x000000ff;
											__esi = ( *(__eax + 0xb) & 0x000000ff) - ( *(__ecx + 0xb) & 0x000000ff);
											if(__esi != 0) {
												0 = 0 | __esi > 0x00000000;
												__ebx = (__esi > 0) + (__esi > 0) - 1;
												__esi = (__esi > 0) + (__esi > 0) - 1;
											}
											goto L39;
										}
										0 = 0 | __esi > 0x00000000;
										__ebx = (__esi > 0) + (__esi > 0) - 1;
										__esi = __ebx;
										if(__ebx != 0) {
											goto L432;
										}
										goto L36;
									}
									0 = 0 | __esi > 0x00000000;
									__ebx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __ebx;
									if(__ebx != 0) {
										goto L432;
									}
									goto L34;
								}
								0 = 0 | __esi > 0x00000000;
								__ebx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __ebx;
								if(__ebx != 0) {
									goto L432;
								}
								goto L32;
							}
							__esi =  *(__eax + 4) & 0x000000ff;
							__ebx =  *(__ecx + 4) & 0x000000ff;
							__esi = ( *(__eax + 4) & 0x000000ff) - ( *(__ecx + 4) & 0x000000ff);
							if(__esi == 0) {
								L21:
								__esi =  *(__eax + 5) & 0x000000ff;
								__ebx =  *(__ecx + 5) & 0x000000ff;
								__esi = ( *(__eax + 5) & 0x000000ff) - ( *(__ecx + 5) & 0x000000ff);
								if(__esi == 0) {
									L23:
									__esi =  *(__eax + 6) & 0x000000ff;
									__ebx =  *(__ecx + 6) & 0x000000ff;
									__esi = ( *(__eax + 6) & 0x000000ff) - ( *(__ecx + 6) & 0x000000ff);
									if(__esi == 0) {
										L25:
										__esi =  *(__eax + 7) & 0x000000ff;
										__ebx =  *(__ecx + 7) & 0x000000ff;
										__esi = ( *(__eax + 7) & 0x000000ff) - ( *(__ecx + 7) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__ebx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L28;
									}
									0 = 0 | __esi > 0x00000000;
									__ebx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __ebx;
									if(__ebx != 0) {
										goto L432;
									}
									goto L25;
								}
								0 = 0 | __esi > 0x00000000;
								__ebx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __ebx;
								if(__ebx != 0) {
									goto L432;
								}
								goto L23;
							}
							0 = 0 | __esi > 0x00000000;
							__ebx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __ebx;
							if(__ebx != 0) {
								goto L432;
							}
							goto L21;
						}
						__esi =  *__eax & 0x000000ff;
						__ebx =  *__ecx & 0x000000ff;
						__esi = ( *__eax & 0x000000ff) - ( *__ecx & 0x000000ff);
						if(__esi == 0) {
							L10:
							__esi =  *(__eax + 1) & 0x000000ff;
							__ebx =  *(__ecx + 1) & 0x000000ff;
							__esi = ( *(__eax + 1) & 0x000000ff) - ( *(__ecx + 1) & 0x000000ff);
							if(__esi == 0) {
								L12:
								__esi =  *(__eax + 2) & 0x000000ff;
								__ebx =  *(__ecx + 2) & 0x000000ff;
								__esi = ( *(__eax + 2) & 0x000000ff) - ( *(__ecx + 2) & 0x000000ff);
								if(__esi == 0) {
									L14:
									__esi =  *(__eax + 3) & 0x000000ff;
									__ebx =  *(__ecx + 3) & 0x000000ff;
									__esi = ( *(__eax + 3) & 0x000000ff) - ( *(__ecx + 3) & 0x000000ff);
									if(__esi != 0) {
										0 = 0 | __esi > 0x00000000;
										__ebx = (__esi > 0) + (__esi > 0) - 1;
										__esi = (__esi > 0) + (__esi > 0) - 1;
									}
									goto L17;
								}
								0 = 0 | __esi > 0x00000000;
								__ebx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __ebx;
								if(__ebx != 0) {
									goto L432;
								}
								goto L14;
							}
							0 = 0 | __esi > 0x00000000;
							__ebx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __ebx;
							if(__ebx != 0) {
								goto L432;
							}
							goto L12;
						}
						0 = 0 | __esi > 0x00000000;
						__ebx = (__esi > 0) + (__esi > 0) - 1;
						__esi = __ebx;
						if(__ebx != 0) {
							goto L432;
						}
						goto L10;
					}
					__eax = __eax + __edi;
					__ecx = __ecx + __edi;
					if(__edi > 0x1f) {
						L409:
						_t986 = 0;
						goto L433;
					}
					switch( *((intOrPtr*)(__edi * 4 +  &M01603600))) {
						case 0:
							goto L409;
						case 1:
							L223:
							__ecx =  *(__ecx - 1) & 0x000000ff;
							__eax =  *(__eax - 1) & 0x000000ff;
							__eax = __eax - __ecx;
							if(__eax != 0) {
								0 = 0 | __eax > 0x00000000;
								__ecx = (__eax > 0) + (__eax > 0) - 1;
								__eax = (__eax > 0) + (__eax > 0) - 1;
							}
							goto L433;
						case 2:
							L302:
							if( *(__eax - 2) ==  *(__ecx - 2)) {
								goto L409;
							}
							goto L303;
						case 3:
							L383:
							__esi =  *(__eax - 3) & 0x000000ff;
							__edx =  *(__ecx - 3) & 0x000000ff;
							__esi = ( *(__eax - 3) & 0x000000ff) - ( *(__ecx - 3) & 0x000000ff);
							if(__esi == 0) {
								L303:
								__edx =  *(__ecx - 2) & 0x000000ff;
								__esi =  *(__eax - 2) & 0x000000ff;
								__esi = ( *(__eax - 2) & 0x000000ff) - ( *(__ecx - 2) & 0x000000ff);
								if(__esi == 0) {
									goto L223;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								if(__edx == 0) {
									goto L223;
								}
								L385:
								__eax = __edx;
								goto L433;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							if(__edx == 0) {
								goto L303;
							}
							goto L385;
						case 4:
							L406:
							_t1019 =  *(_t984 - 4);
							if(_t1019 !=  *(_t989 - 4)) {
								_t1097 = (_t1019 & 0x000000ff) - ( *(_t989 - 4) & 0x000000ff);
								if(_t1097 == 0) {
									L139:
									_t1099 = ( *(_t984 - 3) & 0x000000ff) - ( *(_t989 - 3) & 0x000000ff);
									if(_t1099 == 0) {
										L141:
										_t1101 = ( *(_t984 - 2) & 0x000000ff) - ( *(_t989 - 2) & 0x000000ff);
										if(_t1101 == 0) {
											L144:
											_t986 = ( *(_t984 - 1) & 0x000000ff) - ( *(_t989 - 1) & 0x000000ff);
											if(_t986 != 0) {
												_t986 = (0 | _t986 > 0x00000000) + (0 | _t986 > 0x00000000) - 1;
											}
											L408:
											if(_t986 != 0) {
												goto L433;
											}
											goto L409;
										}
										_t1025 = (0 | _t1101 > 0x00000000) + (0 | _t1101 > 0x00000000) - 1;
										if(_t1025 == 0) {
											goto L144;
										}
										L143:
										_t986 = _t1025;
										goto L408;
									}
									_t1025 = (0 | _t1099 > 0x00000000) + (0 | _t1099 > 0x00000000) - 1;
									if(_t1025 != 0) {
										goto L143;
									}
									goto L141;
								}
								_t1025 = (0 | _t1097 > 0x00000000) + (0 | _t1097 > 0x00000000) - 1;
								if(_t1025 != 0) {
									goto L143;
								}
								goto L139;
							}
							_t986 = 0;
							goto L408;
						case 5:
							L212:
							__edx =  *(__eax - 5);
							if( *(__eax - 5) ==  *(__ecx - 5)) {
								__esi = 0;
								L222:
								if(__esi != 0) {
									goto L432;
								}
								goto L223;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 5) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 5) & 0x000000ff);
							if(__esi == 0) {
								L215:
								__esi =  *(__eax - 4) & 0x000000ff;
								__edx =  *(__ecx - 4) & 0x000000ff;
								__esi = ( *(__eax - 4) & 0x000000ff) - ( *(__ecx - 4) & 0x000000ff);
								if(__esi == 0) {
									L217:
									__esi =  *(__eax - 3) & 0x000000ff;
									__edx =  *(__ecx - 3) & 0x000000ff;
									__esi = ( *(__eax - 3) & 0x000000ff) - ( *(__ecx - 3) & 0x000000ff);
									if(__esi == 0) {
										L219:
										__esi =  *(__eax - 2) & 0x000000ff;
										__edx =  *(__ecx - 2) & 0x000000ff;
										__esi = ( *(__eax - 2) & 0x000000ff) - ( *(__ecx - 2) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L222;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L219;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L217;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L215;
						case 6:
							L291:
							__edx =  *(__eax - 6);
							if( *(__eax - 6) ==  *(__ecx - 6)) {
								__esi = 0;
								L301:
								if(__esi != 0) {
									goto L432;
								}
								goto L302;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 6) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 6) & 0x000000ff);
							if(__esi == 0) {
								L294:
								__esi =  *(__eax - 5) & 0x000000ff;
								__edx =  *(__ecx - 5) & 0x000000ff;
								__esi = ( *(__eax - 5) & 0x000000ff) - ( *(__ecx - 5) & 0x000000ff);
								if(__esi == 0) {
									L296:
									__esi =  *(__eax - 4) & 0x000000ff;
									__edx =  *(__ecx - 4) & 0x000000ff;
									__esi = ( *(__eax - 4) & 0x000000ff) - ( *(__ecx - 4) & 0x000000ff);
									if(__esi == 0) {
										L298:
										__esi =  *(__eax - 3) & 0x000000ff;
										__edx =  *(__ecx - 3) & 0x000000ff;
										__esi = ( *(__eax - 3) & 0x000000ff) - ( *(__ecx - 3) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L301;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L298;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L296;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L294;
						case 7:
							L372:
							__edx =  *(__eax - 7);
							if( *(__eax - 7) ==  *(__ecx - 7)) {
								__esi = 0;
								L382:
								if(__esi != 0) {
									goto L432;
								}
								goto L383;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 7) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 7) & 0x000000ff);
							if(__esi == 0) {
								L375:
								__esi =  *(__eax - 6) & 0x000000ff;
								__edx =  *(__ecx - 6) & 0x000000ff;
								__esi = ( *(__eax - 6) & 0x000000ff) - ( *(__ecx - 6) & 0x000000ff);
								if(__esi == 0) {
									L377:
									__esi =  *(__eax - 5) & 0x000000ff;
									__edx =  *(__ecx - 5) & 0x000000ff;
									__esi = ( *(__eax - 5) & 0x000000ff) - ( *(__ecx - 5) & 0x000000ff);
									if(__esi == 0) {
										L379:
										__esi =  *(__eax - 4) & 0x000000ff;
										__edx =  *(__ecx - 4) & 0x000000ff;
										__esi = ( *(__eax - 4) & 0x000000ff) - ( *(__ecx - 4) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L382;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L379;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L377;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L375;
						case 8:
							L427:
							_t1018 =  *(_t984 - 8);
							if(_t1018 ==  *(_t989 - 8)) {
								_t1078 = 0;
								L405:
								if(_t1078 != 0) {
									goto L432;
								}
								goto L406;
							}
							_t1103 = (_t1018 & 0x000000ff) - ( *(_t989 - 8) & 0x000000ff);
							if(_t1103 != 0) {
								_t1078 = (0 | _t1103 > 0x00000000) + (0 | _t1103 > 0x00000000) - 1;
								if(_t1078 != 0) {
									goto L432;
								}
							}
							_t1105 = ( *(_t984 - 7) & 0x000000ff) - ( *(_t989 - 7) & 0x000000ff);
							if(_t1105 != 0) {
								_t1078 = (0 | _t1105 > 0x00000000) + (0 | _t1105 > 0x00000000) - 1;
								if(_t1078 == 0) {
									goto L430;
								}
								goto L432;
							}
							L430:
							_t1107 = ( *(_t984 - 6) & 0x000000ff) - ( *(_t989 - 6) & 0x000000ff);
							if(_t1107 == 0) {
								L135:
								_t1078 = ( *(_t984 - 5) & 0x000000ff) - ( *(_t989 - 5) & 0x000000ff);
								if(_t1078 != 0) {
									_t1078 = (0 | _t1078 > 0x00000000) + (0 | _t1078 > 0x00000000) - 1;
								}
								goto L405;
							}
							_t1078 = (0 | _t1107 > 0x00000000) + (0 | _t1107 > 0x00000000) - 1;
							if(_t1078 == 0) {
								goto L135;
							}
							goto L432;
						case 9:
							L201:
							__edx =  *(__eax - 9);
							if( *(__eax - 9) ==  *(__ecx - 9)) {
								__esi = 0;
								L211:
								if(__esi != 0) {
									goto L432;
								}
								goto L212;
							}
							__edx =  *(__ecx - 9) & 0x000000ff;
							__esi =  *(__eax - 9) & 0x000000ff;
							__esi = ( *(__eax - 9) & 0x000000ff) - ( *(__ecx - 9) & 0x000000ff);
							if(__esi == 0) {
								L204:
								__esi =  *(__eax - 8) & 0x000000ff;
								__edx =  *(__ecx - 8) & 0x000000ff;
								__esi = ( *(__eax - 8) & 0x000000ff) - ( *(__ecx - 8) & 0x000000ff);
								if(__esi == 0) {
									L206:
									__esi =  *(__eax - 7) & 0x000000ff;
									__edx =  *(__ecx - 7) & 0x000000ff;
									__esi = ( *(__eax - 7) & 0x000000ff) - ( *(__ecx - 7) & 0x000000ff);
									if(__esi == 0) {
										L208:
										__esi =  *(__eax - 6) & 0x000000ff;
										__edx =  *(__ecx - 6) & 0x000000ff;
										__esi = ( *(__eax - 6) & 0x000000ff) - ( *(__ecx - 6) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L211;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L208;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L206;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L204;
						case 0xa:
							L280:
							__edx =  *(__eax - 0xa);
							if( *(__eax - 0xa) ==  *(__ecx - 0xa)) {
								__esi = 0;
								L290:
								if(__esi != 0) {
									goto L432;
								}
								goto L291;
							}
							__edx =  *(__ecx - 0xa) & 0x000000ff;
							__esi =  *(__eax - 0xa) & 0x000000ff;
							__esi = ( *(__eax - 0xa) & 0x000000ff) - ( *(__ecx - 0xa) & 0x000000ff);
							if(__esi == 0) {
								L283:
								__edx =  *(__ecx - 9) & 0x000000ff;
								__esi =  *(__eax - 9) & 0x000000ff;
								__esi = ( *(__eax - 9) & 0x000000ff) - ( *(__ecx - 9) & 0x000000ff);
								if(__esi == 0) {
									L285:
									__edx =  *(__ecx - 8) & 0x000000ff;
									__esi =  *(__eax - 8) & 0x000000ff;
									__esi = ( *(__eax - 8) & 0x000000ff) - ( *(__ecx - 8) & 0x000000ff);
									if(__esi == 0) {
										L287:
										__edx =  *(__ecx - 7) & 0x000000ff;
										__esi =  *(__eax - 7) & 0x000000ff;
										__esi = ( *(__eax - 7) & 0x000000ff) - ( *(__ecx - 7) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L290;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L287;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L285;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L283;
						case 0xb:
							L361:
							__edx =  *(__eax - 0xb);
							if( *(__eax - 0xb) ==  *(__ecx - 0xb)) {
								__esi = 0;
								L371:
								if(__esi != 0) {
									goto L432;
								}
								goto L372;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0xb) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0xb) & 0x000000ff);
							if(__esi == 0) {
								L364:
								__esi =  *(__eax - 0xa) & 0x000000ff;
								__edx =  *(__ecx - 0xa) & 0x000000ff;
								__esi = ( *(__eax - 0xa) & 0x000000ff) - ( *(__ecx - 0xa) & 0x000000ff);
								if(__esi == 0) {
									L366:
									__esi =  *(__eax - 9) & 0x000000ff;
									__edx =  *(__ecx - 9) & 0x000000ff;
									__esi = ( *(__eax - 9) & 0x000000ff) - ( *(__ecx - 9) & 0x000000ff);
									if(__esi == 0) {
										L368:
										__esi =  *(__eax - 8) & 0x000000ff;
										__edx =  *(__ecx - 8) & 0x000000ff;
										__esi = ( *(__eax - 8) & 0x000000ff) - ( *(__ecx - 8) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L371;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L368;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L366;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L364;
						case 0xc:
							L424:
							if( *(_t984 - 0xc) !=  *(_t989 - 0xc)) {
								_t1090 = ( *(_t984 - 0xc) & 0x000000ff) - ( *(_t989 - 0xc) & 0x000000ff);
								if(_t1090 == 0) {
									L127:
									_t1092 = ( *(_t984 - 0xb) & 0x000000ff) - ( *(_t989 - 0xb) & 0x000000ff);
									if(_t1092 == 0) {
										L129:
										_t1094 = ( *(_t984 - 0xa) & 0x000000ff) - ( *(_t989 - 0xa) & 0x000000ff);
										if(_t1094 == 0) {
											L131:
											_t1078 = ( *(_t984 - 9) & 0x000000ff) - ( *(_t989 - 9) & 0x000000ff);
											if(_t1078 != 0) {
												_t1078 = (0 | _t1078 > 0x00000000) + (0 | _t1078 > 0x00000000) - 1;
											}
											L426:
											if(_t1078 != 0) {
												goto L432;
											}
											goto L427;
										}
										_t1078 = (0 | _t1094 > 0x00000000) + (0 | _t1094 > 0x00000000) - 1;
										if(_t1078 != 0) {
											goto L432;
										}
										goto L131;
									}
									_t1078 = (0 | _t1092 > 0x00000000) + (0 | _t1092 > 0x00000000) - 1;
									if(_t1078 != 0) {
										goto L432;
									}
									goto L129;
								}
								_t1078 = (0 | _t1090 > 0x00000000) + (0 | _t1090 > 0x00000000) - 1;
								if(_t1078 != 0) {
									goto L432;
								}
								goto L127;
							}
							_t1078 = 0;
							goto L426;
						case 0xd:
							L190:
							__edx =  *(__eax - 0xd);
							if( *(__eax - 0xd) ==  *(__ecx - 0xd)) {
								__esi = 0;
								L200:
								if(__esi != 0) {
									goto L432;
								}
								goto L201;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0xd) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0xd) & 0x000000ff);
							if(__esi == 0) {
								L193:
								__esi =  *(__eax - 0xc) & 0x000000ff;
								__edx =  *(__ecx - 0xc) & 0x000000ff;
								__esi = ( *(__eax - 0xc) & 0x000000ff) - ( *(__ecx - 0xc) & 0x000000ff);
								if(__esi == 0) {
									L195:
									__esi =  *(__eax - 0xb) & 0x000000ff;
									__edx =  *(__ecx - 0xb) & 0x000000ff;
									__esi = ( *(__eax - 0xb) & 0x000000ff) - ( *(__ecx - 0xb) & 0x000000ff);
									if(__esi == 0) {
										L197:
										__esi =  *(__eax - 0xa) & 0x000000ff;
										__edx =  *(__ecx - 0xa) & 0x000000ff;
										__esi = ( *(__eax - 0xa) & 0x000000ff) - ( *(__ecx - 0xa) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L200;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L197;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L195;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L193;
						case 0xe:
							L269:
							__edx =  *(__eax - 0xe);
							if( *(__eax - 0xe) ==  *(__ecx - 0xe)) {
								__esi = 0;
								L279:
								if(__esi != 0) {
									goto L432;
								}
								goto L280;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0xe) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0xe) & 0x000000ff);
							if(__esi == 0) {
								L272:
								__esi =  *(__eax - 0xd) & 0x000000ff;
								__edx =  *(__ecx - 0xd) & 0x000000ff;
								__esi = ( *(__eax - 0xd) & 0x000000ff) - ( *(__ecx - 0xd) & 0x000000ff);
								if(__esi == 0) {
									L274:
									__esi =  *(__eax - 0xc) & 0x000000ff;
									__edx =  *(__ecx - 0xc) & 0x000000ff;
									__esi = ( *(__eax - 0xc) & 0x000000ff) - ( *(__ecx - 0xc) & 0x000000ff);
									if(__esi == 0) {
										L276:
										__esi =  *(__eax - 0xb) & 0x000000ff;
										__edx =  *(__ecx - 0xb) & 0x000000ff;
										__esi = ( *(__eax - 0xb) & 0x000000ff) - ( *(__ecx - 0xb) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L279;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L276;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L274;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L272;
						case 0xf:
							L350:
							__edx =  *(__eax - 0xf);
							if( *(__eax - 0xf) ==  *(__ecx - 0xf)) {
								__esi = 0;
								L360:
								if(__esi != 0) {
									goto L432;
								}
								goto L361;
							}
							__edx =  *(__ecx - 0xf) & 0x000000ff;
							__esi =  *(__eax - 0xf) & 0x000000ff;
							__esi = ( *(__eax - 0xf) & 0x000000ff) - ( *(__ecx - 0xf) & 0x000000ff);
							if(__esi == 0) {
								L353:
								__esi =  *(__eax - 0xe) & 0x000000ff;
								__edx =  *(__ecx - 0xe) & 0x000000ff;
								__esi = ( *(__eax - 0xe) & 0x000000ff) - ( *(__ecx - 0xe) & 0x000000ff);
								if(__esi == 0) {
									L355:
									__esi =  *(__eax - 0xd) & 0x000000ff;
									__edx =  *(__ecx - 0xd) & 0x000000ff;
									__esi = ( *(__eax - 0xd) & 0x000000ff) - ( *(__ecx - 0xd) & 0x000000ff);
									if(__esi == 0) {
										L357:
										__esi =  *(__eax - 0xc) & 0x000000ff;
										__edx =  *(__ecx - 0xc) & 0x000000ff;
										__esi = ( *(__eax - 0xc) & 0x000000ff) - ( *(__ecx - 0xc) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L360;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L357;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L355;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L353;
						case 0x10:
							L421:
							_t1002 =  *(_t984 - 0x10);
							if(_t1002 !=  *(_t989 - 0x10)) {
								_t1083 = (_t1002 & 0x000000ff) - ( *(_t989 - 0x10) & 0x000000ff);
								if(_t1083 != 0) {
									_t1078 = (0 | _t1083 > 0x00000000) + (0 | _t1083 > 0x00000000) - 1;
									if(_t1078 != 0) {
										goto L432;
									}
								}
								_t1085 = ( *(_t984 - 0xf) & 0x000000ff) - ( *(_t989 - 0xf) & 0x000000ff);
								if(_t1085 != 0) {
									_t1078 = (0 | _t1085 > 0x00000000) + (0 | _t1085 > 0x00000000) - 1;
									if(_t1078 == 0) {
										goto L439;
									} else {
										goto L432;
									}
								}
								L439:
								_t1087 = ( *(_t984 - 0xe) & 0x000000ff) - ( *(_t989 - 0xe) & 0x000000ff);
								if(_t1087 == 0) {
									L123:
									_t1078 = ( *(_t984 - 0xd) & 0x000000ff) - ( *(_t989 - 0xd) & 0x000000ff);
									if(_t1078 != 0) {
										_t1078 = (0 | _t1078 > 0x00000000) + (0 | _t1078 > 0x00000000) - 1;
									}
									L423:
									if(_t1078 != 0) {
										goto L432;
									}
									goto L424;
								}
								_t1078 = (0 | _t1087 > 0x00000000) + (0 | _t1087 > 0x00000000) - 1;
								if(_t1078 != 0) {
									goto L432;
								}
								goto L123;
							}
							_t1078 = 0;
							goto L423;
						case 0x11:
							L179:
							__edx =  *(__eax - 0x11);
							if( *(__eax - 0x11) ==  *(__ecx - 0x11)) {
								__esi = 0;
								L189:
								if(__esi != 0) {
									goto L432;
								}
								goto L190;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x11) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x11) & 0x000000ff);
							if(__esi == 0) {
								L182:
								__esi =  *(__eax - 0x10) & 0x000000ff;
								__edx =  *(__ecx - 0x10) & 0x000000ff;
								__esi = ( *(__eax - 0x10) & 0x000000ff) - ( *(__ecx - 0x10) & 0x000000ff);
								if(__esi == 0) {
									L184:
									__esi =  *(__eax - 0xf) & 0x000000ff;
									__edx =  *(__ecx - 0xf) & 0x000000ff;
									__esi = ( *(__eax - 0xf) & 0x000000ff) - ( *(__ecx - 0xf) & 0x000000ff);
									if(__esi == 0) {
										L186:
										__esi =  *(__eax - 0xe) & 0x000000ff;
										__edx =  *(__ecx - 0xe) & 0x000000ff;
										__esi = ( *(__eax - 0xe) & 0x000000ff) - ( *(__ecx - 0xe) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L189;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L186;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L184;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L182;
						case 0x12:
							L258:
							__edx =  *(__eax - 0x12);
							if( *(__eax - 0x12) ==  *(__ecx - 0x12)) {
								__esi = 0;
								L268:
								if(__esi != 0) {
									goto L432;
								}
								goto L269;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x12) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x12) & 0x000000ff);
							if(__esi == 0) {
								L261:
								__esi =  *(__eax - 0x11) & 0x000000ff;
								__edx =  *(__ecx - 0x11) & 0x000000ff;
								__esi = ( *(__eax - 0x11) & 0x000000ff) - ( *(__ecx - 0x11) & 0x000000ff);
								if(__esi == 0) {
									L263:
									__esi =  *(__eax - 0x10) & 0x000000ff;
									__edx =  *(__ecx - 0x10) & 0x000000ff;
									__esi = ( *(__eax - 0x10) & 0x000000ff) - ( *(__ecx - 0x10) & 0x000000ff);
									if(__esi == 0) {
										L265:
										__esi =  *(__eax - 0xf) & 0x000000ff;
										__edx =  *(__ecx - 0xf) & 0x000000ff;
										__esi = ( *(__eax - 0xf) & 0x000000ff) - ( *(__ecx - 0xf) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L268;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L265;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L263;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L261;
						case 0x13:
							L339:
							__edx =  *(__eax - 0x13);
							if( *(__eax - 0x13) ==  *(__ecx - 0x13)) {
								__esi = 0;
								L349:
								if(__esi != 0) {
									goto L432;
								}
								goto L350;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x13) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x13) & 0x000000ff);
							if(__esi == 0) {
								L342:
								__esi =  *(__eax - 0x12) & 0x000000ff;
								__edx =  *(__ecx - 0x12) & 0x000000ff;
								__esi = ( *(__eax - 0x12) & 0x000000ff) - ( *(__ecx - 0x12) & 0x000000ff);
								if(__esi == 0) {
									L344:
									__esi =  *(__eax - 0x11) & 0x000000ff;
									__edx =  *(__ecx - 0x11) & 0x000000ff;
									__esi = ( *(__eax - 0x11) & 0x000000ff) - ( *(__ecx - 0x11) & 0x000000ff);
									if(__esi == 0) {
										L346:
										__esi =  *(__eax - 0x10) & 0x000000ff;
										__edx =  *(__ecx - 0x10) & 0x000000ff;
										__esi = ( *(__eax - 0x10) & 0x000000ff) - ( *(__ecx - 0x10) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L349;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L346;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L344;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L342;
						case 0x14:
							L418:
							__edx =  *(__eax - 0x14);
							if( *(__eax - 0x14) !=  *(__ecx - 0x14)) {
								goto L1;
							}
							__esi = 0;
							L420:
							if(_t1078 != 0) {
								goto L432;
							}
							goto L421;
						case 0x15:
							L168:
							__edx =  *(__eax - 0x15);
							if( *(__eax - 0x15) ==  *(__ecx - 0x15)) {
								__esi = 0;
								L178:
								if(__esi != 0) {
									goto L432;
								}
								goto L179;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x15) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x15) & 0x000000ff);
							if(__esi == 0) {
								L171:
								__esi =  *(__eax - 0x14) & 0x000000ff;
								__edx =  *(__ecx - 0x14) & 0x000000ff;
								__esi = ( *(__eax - 0x14) & 0x000000ff) - ( *(__ecx - 0x14) & 0x000000ff);
								if(__esi == 0) {
									L173:
									__esi =  *(__eax - 0x13) & 0x000000ff;
									__edx =  *(__ecx - 0x13) & 0x000000ff;
									__esi = ( *(__eax - 0x13) & 0x000000ff) - ( *(__ecx - 0x13) & 0x000000ff);
									if(__esi == 0) {
										L175:
										__esi =  *(__eax - 0x12) & 0x000000ff;
										__edx =  *(__ecx - 0x12) & 0x000000ff;
										__esi = ( *(__eax - 0x12) & 0x000000ff) - ( *(__ecx - 0x12) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L178;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L175;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L173;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L171;
						case 0x16:
							L247:
							__edx =  *(__eax - 0x16);
							if( *(__eax - 0x16) ==  *(__ecx - 0x16)) {
								__esi = 0;
								L257:
								if(__esi != 0) {
									goto L432;
								}
								goto L258;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x16) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x16) & 0x000000ff);
							if(__esi == 0) {
								L250:
								__esi =  *(__eax - 0x15) & 0x000000ff;
								__edx =  *(__ecx - 0x15) & 0x000000ff;
								__esi = ( *(__eax - 0x15) & 0x000000ff) - ( *(__ecx - 0x15) & 0x000000ff);
								if(__esi == 0) {
									L252:
									__esi =  *(__eax - 0x14) & 0x000000ff;
									__edx =  *(__ecx - 0x14) & 0x000000ff;
									__esi = ( *(__eax - 0x14) & 0x000000ff) - ( *(__ecx - 0x14) & 0x000000ff);
									if(__esi == 0) {
										L254:
										__esi =  *(__eax - 0x13) & 0x000000ff;
										__edx =  *(__ecx - 0x13) & 0x000000ff;
										__esi = ( *(__eax - 0x13) & 0x000000ff) - ( *(__ecx - 0x13) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L257;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L254;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L252;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L250;
						case 0x17:
							L328:
							__edx =  *(__eax - 0x17);
							if( *(__eax - 0x17) ==  *(__ecx - 0x17)) {
								__esi = 0;
								L338:
								if(__esi != 0) {
									goto L432;
								}
								goto L339;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x17) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x17) & 0x000000ff);
							if(__esi == 0) {
								L331:
								__esi =  *(__eax - 0x16) & 0x000000ff;
								__edx =  *(__ecx - 0x16) & 0x000000ff;
								__esi = ( *(__eax - 0x16) & 0x000000ff) - ( *(__ecx - 0x16) & 0x000000ff);
								if(__esi == 0) {
									L333:
									__esi =  *(__eax - 0x15) & 0x000000ff;
									__edx =  *(__ecx - 0x15) & 0x000000ff;
									__esi = ( *(__eax - 0x15) & 0x000000ff) - ( *(__ecx - 0x15) & 0x000000ff);
									if(__esi == 0) {
										L335:
										__esi =  *(__eax - 0x14) & 0x000000ff;
										__edx =  *(__ecx - 0x14) & 0x000000ff;
										__esi = ( *(__eax - 0x14) & 0x000000ff) - ( *(__ecx - 0x14) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L338;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L335;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L333;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L331;
						case 0x18:
							L107:
							__edx =  *(__eax - 0x18);
							if( *(__eax - 0x18) ==  *(__ecx - 0x18)) {
								__esi = 0;
								L444:
								if(__esi == 0) {
									goto L418;
								}
								goto L432;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x18) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x18) & 0x000000ff);
							if(__esi == 0) {
								L110:
								__esi =  *(__eax - 0x17) & 0x000000ff;
								__edx =  *(__ecx - 0x17) & 0x000000ff;
								__esi = ( *(__eax - 0x17) & 0x000000ff) - ( *(__ecx - 0x17) & 0x000000ff);
								if(__esi == 0) {
									L112:
									__esi =  *(__eax - 0x16) & 0x000000ff;
									__edx =  *(__ecx - 0x16) & 0x000000ff;
									__esi = ( *(__eax - 0x16) & 0x000000ff) - ( *(__ecx - 0x16) & 0x000000ff);
									if(__esi == 0) {
										L114:
										__esi =  *(__eax - 0x15) & 0x000000ff;
										__edx =  *(__ecx - 0x15) & 0x000000ff;
										__esi = ( *(__eax - 0x15) & 0x000000ff) - ( *(__ecx - 0x15) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L444;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L114;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L112;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L110;
						case 0x19:
							L157:
							__edx =  *(__eax - 0x19);
							if( *(__eax - 0x19) ==  *(__ecx - 0x19)) {
								__esi = 0;
								L167:
								if(__esi != 0) {
									goto L432;
								}
								goto L168;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x19) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
							if(__esi == 0) {
								L160:
								__esi =  *(__eax - 0x18) & 0x000000ff;
								__edx =  *(__ecx - 0x18) & 0x000000ff;
								__esi = ( *(__eax - 0x18) & 0x000000ff) - ( *(__ecx - 0x18) & 0x000000ff);
								if(__esi == 0) {
									L162:
									__esi =  *(__eax - 0x17) & 0x000000ff;
									__edx =  *(__ecx - 0x17) & 0x000000ff;
									__esi = ( *(__eax - 0x17) & 0x000000ff) - ( *(__ecx - 0x17) & 0x000000ff);
									if(__esi == 0) {
										L164:
										__esi =  *(__eax - 0x16) & 0x000000ff;
										__edx =  *(__ecx - 0x16) & 0x000000ff;
										__esi = ( *(__eax - 0x16) & 0x000000ff) - ( *(__ecx - 0x16) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L167;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L164;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L162;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L160;
						case 0x1a:
							L236:
							__edx =  *(__eax - 0x1a);
							if( *(__eax - 0x1a) ==  *(__ecx - 0x1a)) {
								__esi = 0;
								L246:
								if(__esi != 0) {
									goto L432;
								}
								goto L247;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x1a) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
							if(__esi == 0) {
								L239:
								__esi =  *(__eax - 0x19) & 0x000000ff;
								__edx =  *(__ecx - 0x19) & 0x000000ff;
								__esi = ( *(__eax - 0x19) & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
								if(__esi == 0) {
									L241:
									__esi =  *(__eax - 0x18) & 0x000000ff;
									__edx =  *(__ecx - 0x18) & 0x000000ff;
									__esi = ( *(__eax - 0x18) & 0x000000ff) - ( *(__ecx - 0x18) & 0x000000ff);
									if(__esi == 0) {
										L243:
										__esi =  *(__eax - 0x17) & 0x000000ff;
										__edx =  *(__ecx - 0x17) & 0x000000ff;
										__esi = ( *(__eax - 0x17) & 0x000000ff) - ( *(__ecx - 0x17) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L246;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L243;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L241;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L239;
						case 0x1b:
							L317:
							__edx =  *(__eax - 0x1b);
							if( *(__eax - 0x1b) ==  *(__ecx - 0x1b)) {
								__esi = 0;
								L327:
								if(__esi != 0) {
									goto L432;
								}
								goto L328;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x1b) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
							if(__esi == 0) {
								L320:
								__esi =  *(__eax - 0x1a) & 0x000000ff;
								__edx =  *(__ecx - 0x1a) & 0x000000ff;
								__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
								if(__esi == 0) {
									L322:
									__esi =  *(__eax - 0x19) & 0x000000ff;
									__edx =  *(__ecx - 0x19) & 0x000000ff;
									__esi = ( *(__eax - 0x19) & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
									if(__esi == 0) {
										L324:
										__esi =  *(__eax - 0x18) & 0x000000ff;
										__edx =  *(__ecx - 0x18) & 0x000000ff;
										__esi = ( *(__eax - 0x18) & 0x000000ff) - ( *(__ecx - 0x18) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L327;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L324;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L322;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L320;
						case 0x1c:
							__edx =  *(__eax - 0x1c);
							if( *(__eax - 0x1c) ==  *(__ecx - 0x1c)) {
								__esi = 0;
								L106:
								if(__esi != 0) {
									goto L432;
								}
								goto L107;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x1c) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
							if(__esi == 0) {
								L99:
								__esi =  *(__eax - 0x1b) & 0x000000ff;
								__edx =  *(__ecx - 0x1b) & 0x000000ff;
								__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
								if(__esi == 0) {
									L101:
									__esi =  *(__eax - 0x1a) & 0x000000ff;
									__edx =  *(__ecx - 0x1a) & 0x000000ff;
									__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
									if(__esi == 0) {
										L103:
										__esi =  *(__eax - 0x19) & 0x000000ff;
										__edx =  *(__ecx - 0x19) & 0x000000ff;
										__esi = ( *(__eax - 0x19) & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L106;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L103;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L101;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L99;
						case 0x1d:
							__edx =  *(__eax - 0x1d);
							if( *(__eax - 0x1d) ==  *(__ecx - 0x1d)) {
								__esi = 0;
								L156:
								if(__esi != 0) {
									goto L432;
								}
								goto L157;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x1d) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
							if(__esi == 0) {
								L149:
								__esi =  *(__eax - 0x1c) & 0x000000ff;
								__edx =  *(__ecx - 0x1c) & 0x000000ff;
								__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
								if(__esi == 0) {
									L151:
									__esi =  *(__eax - 0x1b) & 0x000000ff;
									__edx =  *(__ecx - 0x1b) & 0x000000ff;
									__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
									if(__esi == 0) {
										L153:
										__esi =  *(__eax - 0x1a) & 0x000000ff;
										__edx =  *(__ecx - 0x1a) & 0x000000ff;
										__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L156;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L153;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L151;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L149;
						case 0x1e:
							__edx =  *(__eax - 0x1e);
							if( *(__eax - 0x1e) ==  *(__ecx - 0x1e)) {
								__esi = 0;
								L235:
								if(__esi != 0) {
									goto L432;
								}
								goto L236;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x1e) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1e) & 0x000000ff);
							if(__esi == 0) {
								L228:
								__esi =  *(__eax - 0x1d) & 0x000000ff;
								__edx =  *(__ecx - 0x1d) & 0x000000ff;
								__esi = ( *(__eax - 0x1d) & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
								if(__esi == 0) {
									L230:
									__esi =  *(__eax - 0x1c) & 0x000000ff;
									__edx =  *(__ecx - 0x1c) & 0x000000ff;
									__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
									if(__esi == 0) {
										L232:
										__esi =  *(__eax - 0x1b) & 0x000000ff;
										__edx =  *(__ecx - 0x1b) & 0x000000ff;
										__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L235;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L232;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L230;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L228;
						case 0x1f:
							__edx =  *(__eax - 0x1f);
							if( *(__eax - 0x1f) ==  *(__ecx - 0x1f)) {
								__esi = 0;
								L316:
								if(__esi != 0) {
									goto L432;
								}
								goto L317;
							}
							__edx =  *(__ecx - 0x1f) & 0x000000ff;
							__esi =  *(__eax - 0x1f) & 0x000000ff;
							__esi = ( *(__eax - 0x1f) & 0x000000ff) - ( *(__ecx - 0x1f) & 0x000000ff);
							if(__esi == 0) {
								L309:
								__esi =  *(__eax - 0x1e) & 0x000000ff;
								__edx =  *(__ecx - 0x1e) & 0x000000ff;
								__esi = ( *(__eax - 0x1e) & 0x000000ff) - ( *(__ecx - 0x1e) & 0x000000ff);
								if(__esi == 0) {
									L311:
									__esi =  *(__eax - 0x1d) & 0x000000ff;
									__edx =  *(__ecx - 0x1d) & 0x000000ff;
									__esi = ( *(__eax - 0x1d) & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
									if(__esi == 0) {
										L313:
										__esi =  *(__eax - 0x1c) & 0x000000ff;
										__edx =  *(__ecx - 0x1c) & 0x000000ff;
										__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L316;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L432;
									}
									goto L313;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L432;
								}
								goto L311;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L432;
							}
							goto L309;
					}
				}
				L1:
				_t1075 = (_t994 & 0x000000ff) - ( *(_t989 - 0x14) & 0x000000ff);
				if(_t1075 == 0) {
					L3:
					_t1077 = ( *(_t984 - 0x13) & 0x000000ff) - ( *(_t989 - 0x13) & 0x000000ff);
					if(_t1077 != 0) {
						_t1078 = (0 | _t1077 > 0x00000000) + (0 | _t1077 > 0x00000000) - 1;
						if(_t1078 == 0) {
							goto L4;
						} else {
							goto L432;
						}
					}
					L4:
					_t1080 = ( *(_t984 - 0x12) & 0x000000ff) - ( *(_t989 - 0x12) & 0x000000ff);
					if(_t1080 == 0) {
						L119:
						_t1078 = ( *(_t984 - 0x11) & 0x000000ff) - ( *(_t989 - 0x11) & 0x000000ff);
						if(_t1078 != 0) {
							_t1078 = (0 | _t1078 > 0x00000000) + (0 | _t1078 > 0x00000000) - 1;
						}
						goto L420;
					}
					_t1078 = (0 | _t1080 > 0x00000000) + (0 | _t1080 > 0x00000000) - 1;
					if(_t1078 != 0) {
						goto L432;
					} else {
						goto L119;
					}
				}
				_t1078 = (0 | _t1075 > 0x00000000) + (0 | _t1075 > 0x00000000) - 1;
				if(_t1078 != 0) {
					goto L432;
				}
				goto L3;
			}

0x016036b8
0x016036bb
0x00000000
0x016036c1
0x016036c1
0x016036c2
0x016035ef
0x016035f2
0x016035f5
0x016035f8
0x01603553
0x01603553
0x01603555
0x01603787
0x01603787
0x01603787
0x0160355f
0x01603562
0x01603566
0x00000000
0x01603566
0x016036c8
0x016036c9
0x016035bd
0x016035c0
0x016035c3
0x016035c6
0x016035c9
0x016035cb
0x016035e2
0x016035e2
0x016035e6
0x00000000
0x016035e6
0x016035d1
0x016035d4
0x016035d8
0x016035dc
0x00000000
0x00000000
0x00000000
0x016035dc
0x016036cf
0x016036d0
0x0160356d
0x01603570
0x01603573
0x01603576
0x01603579
0x0160357b
0x01603592
0x01603592
0x01603596
0x0160359a
0x0160359c
0x016035b3
0x016035b3
0x016035b7
0x00000000
0x016035b7
0x016035a2
0x016035a5
0x016035a9
0x016035ad
0x00000000
0x00000000
0x00000000
0x016035ad
0x01603581
0x01603584
0x01603588
0x0160358c
0x00000000
0x00000000
0x00000000
0x0160358c
0x016036d7
0x016034e4
0x016034e7
0x016034ea
0x016034ed
0x016034f0
0x016034f2
0x01603509
0x01603509
0x0160350d
0x01603511
0x01603513
0x0160352a
0x0160352a
0x0160352e
0x01603532
0x01603534
0x0160354b
0x0160354b
0x0160354f
0x00000000
0x0160354f
0x0160353a
0x0160353d
0x01603541
0x01603545
0x00000000
0x00000000
0x00000000
0x01603545
0x01603519
0x0160351c
0x01603520
0x01603524
0x00000000
0x00000000
0x00000000
0x01603524
0x016034f8
0x016034fb
0x016034ff
0x01603503
0x00000000
0x00000000
0x00000000
0x01603503
0x016036dd
0x016036e0
0x016036e3
0x016036e6
0x016036e7
0x01602144
0x01602148
0x016021c6
0x016021c8
0x016021ca
0x01603781
0x01603781
0x01603783
0x00000000
0x01603783
0x016021d0
0x016021d6
0x01602256
0x01602258
0x0160225a
0x00000000
0x00000000
0x01602260
0x01602266
0x016022e6
0x016022e8
0x016022ea
0x00000000
0x00000000
0x016022f0
0x016022f6
0x01602376
0x01602378
0x0160237a
0x00000000
0x00000000
0x01602380
0x01602386
0x01602406
0x01602408
0x0160240a
0x00000000
0x00000000
0x01602410
0x01602416
0x01602496
0x01602498
0x0160249a
0x00000000
0x00000000
0x016024a0
0x016024a6
0x01602526
0x01602528
0x0160252a
0x00000000
0x00000000
0x01602530
0x01602536
0x016025b6
0x016025b8
0x016025ba
0x00000000
0x016025c0
0x016025c0
0x016025c2
0x016025c4
0x00000000
0x016025c4
0x016025ba
0x01602538
0x0160253c
0x01602540
0x01602542
0x01602559
0x01602559
0x0160255d
0x01602561
0x01602563
0x0160257a
0x0160257a
0x0160257e
0x01602582
0x01602584
0x0160259b
0x0160259b
0x0160259f
0x016025a3
0x016025a5
0x016025ab
0x016025ae
0x016025b2
0x016025b2
0x00000000
0x016025a5
0x0160258a
0x0160258d
0x01602591
0x01602595
0x00000000
0x00000000
0x00000000
0x01602595
0x01602569
0x0160256c
0x01602570
0x01602574
0x00000000
0x00000000
0x00000000
0x01602574
0x01602548
0x0160254b
0x0160254f
0x01602553
0x00000000
0x00000000
0x00000000
0x01602553
0x016024a8
0x016024ac
0x016024b0
0x016024b2
0x016024c9
0x016024c9
0x016024cd
0x016024d1
0x016024d3
0x016024ea
0x016024ea
0x016024ee
0x016024f2
0x016024f4
0x0160250b
0x0160250b
0x0160250f
0x01602513
0x01602515
0x0160251b
0x0160251e
0x01602522
0x01602522
0x00000000
0x01602515
0x016024fa
0x016024fd
0x01602501
0x01602505
0x00000000
0x00000000
0x00000000
0x01602505
0x016024d9
0x016024dc
0x016024e0
0x016024e4
0x00000000
0x00000000
0x00000000
0x016024e4
0x016024b8
0x016024bb
0x016024bf
0x016024c3
0x00000000
0x00000000
0x00000000
0x016024c3
0x01602418
0x0160241c
0x01602420
0x01602422
0x01602439
0x01602439
0x0160243d
0x01602441
0x01602443
0x0160245a
0x0160245a
0x0160245e
0x01602462
0x01602464
0x0160247b
0x0160247b
0x0160247f
0x01602483
0x01602485
0x0160248b
0x0160248e
0x01602492
0x01602492
0x00000000
0x01602485
0x0160246a
0x0160246d
0x01602471
0x01602475
0x00000000
0x00000000
0x00000000
0x01602475
0x01602449
0x0160244c
0x01602450
0x01602454
0x00000000
0x00000000
0x00000000
0x01602454
0x01602428
0x0160242b
0x0160242f
0x01602433
0x00000000
0x00000000
0x00000000
0x01602433
0x01602388
0x0160238c
0x01602390
0x01602392
0x016023a9
0x016023a9
0x016023ad
0x016023b1
0x016023b3
0x016023ca
0x016023ca
0x016023ce
0x016023d2
0x016023d4
0x016023eb
0x016023eb
0x016023ef
0x016023f3
0x016023f5
0x016023fb
0x016023fe
0x01602402
0x01602402
0x00000000
0x016023f5
0x016023da
0x016023dd
0x016023e1
0x016023e5
0x00000000
0x00000000
0x00000000
0x016023e5
0x016023b9
0x016023bc
0x016023c0
0x016023c4
0x00000000
0x00000000
0x00000000
0x016023c4
0x01602398
0x0160239b
0x0160239f
0x016023a3
0x00000000
0x00000000
0x00000000
0x016023a3
0x016022f8
0x016022fc
0x01602300
0x01602302
0x01602319
0x01602319
0x0160231d
0x01602321
0x01602323
0x0160233a
0x0160233a
0x0160233e
0x01602342
0x01602344
0x0160235b
0x0160235b
0x0160235f
0x01602363
0x01602365
0x0160236b
0x0160236e
0x01602372
0x01602372
0x00000000
0x01602365
0x0160234a
0x0160234d
0x01602351
0x01602355
0x00000000
0x00000000
0x00000000
0x01602355
0x01602329
0x0160232c
0x01602330
0x01602334
0x00000000
0x00000000
0x00000000
0x01602334
0x01602308
0x0160230b
0x0160230f
0x01602313
0x00000000
0x00000000
0x00000000
0x01602313
0x01602268
0x0160226c
0x01602270
0x01602272
0x01602289
0x01602289
0x0160228d
0x01602291
0x01602293
0x016022aa
0x016022aa
0x016022ae
0x016022b2
0x016022b4
0x016022cb
0x016022cb
0x016022cf
0x016022d3
0x016022d5
0x016022db
0x016022de
0x016022e2
0x016022e2
0x00000000
0x016022d5
0x016022ba
0x016022bd
0x016022c1
0x016022c5
0x00000000
0x00000000
0x00000000
0x016022c5
0x01602299
0x0160229c
0x016022a0
0x016022a4
0x00000000
0x00000000
0x00000000
0x016022a4
0x01602278
0x0160227b
0x0160227f
0x01602283
0x00000000
0x00000000
0x00000000
0x01602283
0x016021d8
0x016021dc
0x016021e0
0x016021e2
0x016021f9
0x016021f9
0x016021fd
0x01602201
0x01602203
0x0160221a
0x0160221a
0x0160221e
0x01602222
0x01602224
0x0160223b
0x0160223b
0x0160223f
0x01602243
0x01602245
0x0160224b
0x0160224e
0x01602252
0x01602252
0x00000000
0x01602245
0x0160222a
0x0160222d
0x01602231
0x01602235
0x00000000
0x00000000
0x00000000
0x01602235
0x01602209
0x0160220c
0x01602210
0x01602214
0x00000000
0x00000000
0x00000000
0x01602214
0x016021e8
0x016021eb
0x016021ef
0x016021f3
0x00000000
0x00000000
0x00000000
0x016021f3
0x0160214a
0x0160214d
0x01602150
0x01602152
0x01602169
0x01602169
0x0160216d
0x01602171
0x01602173
0x0160218a
0x0160218a
0x0160218e
0x01602192
0x01602194
0x016021ab
0x016021ab
0x016021af
0x016021b3
0x016021b5
0x016021bb
0x016021be
0x016021c2
0x016021c2
0x00000000
0x016021b5
0x0160219a
0x0160219d
0x016021a1
0x016021a5
0x00000000
0x00000000
0x00000000
0x016021a5
0x01602179
0x0160217c
0x01602180
0x01602184
0x00000000
0x00000000
0x00000000
0x01602184
0x01602158
0x0160215b
0x0160215f
0x01602163
0x00000000
0x00000000
0x00000000
0x01602163
0x016036ef
0x016036f1
0x016036f6
0x016036a0
0x016036a0
0x00000000
0x016036a0
0x016036f8
0x00000000
0x00000000
0x00000000
0x01602c8d
0x01602c8d
0x01602c91
0x01602c95
0x01602c97
0x01602ca1
0x01602ca4
0x01602ca8
0x01602ca8
0x00000000
0x00000000
0x01603099
0x016030a1
0x00000000
0x00000000
0x00000000
0x00000000
0x016034ba
0x016034ba
0x016034be
0x016034c2
0x016034c4
0x016030a7
0x016030a7
0x016030ab
0x016030af
0x016030b1
0x00000000
0x00000000
0x016030bb
0x016030be
0x016030c4
0x00000000
0x00000000
0x016034dd
0x016034dd
0x00000000
0x016034dd
0x016034ce
0x016034d1
0x016034d7
0x00000000
0x00000000
0x00000000
0x00000000
0x0160368a
0x0160368a
0x01603690
0x01602831
0x01602833
0x01602844
0x0160284c
0x0160284e
0x0160285f
0x01602867
0x01602869
0x01602881
0x01602889
0x0160288b
0x0160289c
0x0160289c
0x01603698
0x0160369a
0x00000000
0x00000000
0x00000000
0x0160369a
0x01602872
0x01602878
0x00000000
0x00000000
0x0160287a
0x0160287a
0x00000000
0x0160287a
0x01602857
0x0160285d
0x00000000
0x00000000
0x00000000
0x0160285d
0x0160283c
0x01602842
0x00000000
0x00000000
0x00000000
0x01602842
0x01603696
0x00000000
0x00000000
0x01602bfe
0x01602bfe
0x01602c04
0x01602c83
0x01602c85
0x01602c87
0x00000000
0x00000000
0x00000000
0x01602c87
0x01602c06
0x01602c09
0x01602c0d
0x01602c0f
0x01602c26
0x01602c26
0x01602c2a
0x01602c2e
0x01602c30
0x01602c47
0x01602c47
0x01602c4b
0x01602c4f
0x01602c51
0x01602c68
0x01602c68
0x01602c6c
0x01602c70
0x01602c72
0x01602c78
0x01602c7b
0x01602c7f
0x01602c7f
0x00000000
0x01602c72
0x01602c57
0x01602c5a
0x01602c5e
0x01602c62
0x00000000
0x00000000
0x00000000
0x01602c62
0x01602c36
0x01602c39
0x01602c3d
0x01602c41
0x00000000
0x00000000
0x00000000
0x01602c41
0x01602c15
0x01602c18
0x01602c1c
0x01602c20
0x00000000
0x00000000
0x00000000
0x00000000
0x0160300a
0x0160300a
0x01603010
0x0160308f
0x01603091
0x01603093
0x00000000
0x00000000
0x00000000
0x01603093
0x01603012
0x01603015
0x01603019
0x0160301b
0x01603032
0x01603032
0x01603036
0x0160303a
0x0160303c
0x01603053
0x01603053
0x01603057
0x0160305b
0x0160305d
0x01603074
0x01603074
0x01603078
0x0160307c
0x0160307e
0x01603084
0x01603087
0x0160308b
0x0160308b
0x00000000
0x0160307e
0x01603063
0x01603066
0x0160306a
0x0160306e
0x00000000
0x00000000
0x00000000
0x0160306e
0x01603042
0x01603045
0x01603049
0x0160304d
0x00000000
0x00000000
0x00000000
0x0160304d
0x01603021
0x01603024
0x01603028
0x0160302c
0x00000000
0x00000000
0x00000000
0x00000000
0x0160342b
0x0160342b
0x01603431
0x016034b0
0x016034b2
0x016034b4
0x00000000
0x00000000
0x00000000
0x016034b4
0x01603433
0x01603436
0x0160343a
0x0160343c
0x01603453
0x01603453
0x01603457
0x0160345b
0x0160345d
0x01603474
0x01603474
0x01603478
0x0160347c
0x0160347e
0x01603495
0x01603495
0x01603499
0x0160349d
0x0160349f
0x016034a5
0x016034a8
0x016034ac
0x016034ac
0x00000000
0x0160349f
0x01603484
0x01603487
0x0160348b
0x0160348f
0x00000000
0x00000000
0x00000000
0x0160348f
0x01603463
0x01603466
0x0160346a
0x0160346e
0x00000000
0x00000000
0x00000000
0x0160346e
0x01603442
0x01603445
0x01603449
0x0160344d
0x00000000
0x00000000
0x00000000
0x00000000
0x01603735
0x01603735
0x0160373b
0x01603680
0x01603682
0x01603684
0x00000000
0x00000000
0x00000000
0x01603684
0x01603748
0x0160374a
0x01603793
0x01603797
0x00000000
0x00000000
0x01603799
0x01603754
0x01603756
0x016027f9
0x016027fd
0x00000000
0x00000000
0x00000000
0x01602803
0x0160375c
0x01603764
0x01603766
0x01602808
0x01602810
0x01602812
0x01602823
0x01602823
0x00000000
0x01602812
0x01603777
0x0160377b
0x00000000
0x00000000
0x00000000
0x00000000
0x01602b6e
0x01602b6e
0x01602b74
0x01602bf4
0x01602bf6
0x01602bf8
0x00000000
0x00000000
0x00000000
0x01602bf8
0x01602b76
0x01602b7a
0x01602b7e
0x01602b80
0x01602b97
0x01602b97
0x01602b9b
0x01602b9f
0x01602ba1
0x01602bb8
0x01602bb8
0x01602bbc
0x01602bc0
0x01602bc2
0x01602bd9
0x01602bd9
0x01602bdd
0x01602be1
0x01602be3
0x01602be9
0x01602bec
0x01602bf0
0x01602bf0
0x00000000
0x01602be3
0x01602bc8
0x01602bcb
0x01602bcf
0x01602bd3
0x00000000
0x00000000
0x00000000
0x01602bd3
0x01602ba7
0x01602baa
0x01602bae
0x01602bb2
0x00000000
0x00000000
0x00000000
0x01602bb2
0x01602b86
0x01602b89
0x01602b8d
0x01602b91
0x00000000
0x00000000
0x00000000
0x00000000
0x01602f7a
0x01602f7a
0x01602f80
0x01603000
0x01603002
0x01603004
0x00000000
0x00000000
0x00000000
0x01603004
0x01602f82
0x01602f86
0x01602f8a
0x01602f8c
0x01602fa3
0x01602fa3
0x01602fa7
0x01602fab
0x01602fad
0x01602fc4
0x01602fc4
0x01602fc8
0x01602fcc
0x01602fce
0x01602fe5
0x01602fe5
0x01602fe9
0x01602fed
0x01602fef
0x01602ff5
0x01602ff8
0x01602ffc
0x01602ffc
0x00000000
0x01602fef
0x01602fd4
0x01602fd7
0x01602fdb
0x01602fdf
0x00000000
0x00000000
0x00000000
0x01602fdf
0x01602fb3
0x01602fb6
0x01602fba
0x01602fbe
0x00000000
0x00000000
0x00000000
0x01602fbe
0x01602f92
0x01602f95
0x01602f99
0x01602f9d
0x00000000
0x00000000
0x00000000
0x00000000
0x0160339c
0x0160339c
0x016033a2
0x01603421
0x01603423
0x01603425
0x00000000
0x00000000
0x00000000
0x01603425
0x016033a4
0x016033a7
0x016033ab
0x016033ad
0x016033c4
0x016033c4
0x016033c8
0x016033cc
0x016033ce
0x016033e5
0x016033e5
0x016033e9
0x016033ed
0x016033ef
0x01603406
0x01603406
0x0160340a
0x0160340e
0x01603410
0x01603416
0x01603419
0x0160341d
0x0160341d
0x00000000
0x01603410
0x016033f5
0x016033f8
0x016033fc
0x01603400
0x00000000
0x00000000
0x00000000
0x01603400
0x016033d4
0x016033d7
0x016033db
0x016033df
0x00000000
0x00000000
0x00000000
0x016033df
0x016033b3
0x016033b6
0x016033ba
0x016033be
0x00000000
0x00000000
0x00000000
0x00000000
0x01603723
0x01603729
0x01602771
0x01602773
0x0160278a
0x01602792
0x01602794
0x016027ab
0x016027b3
0x016027b5
0x016027cc
0x016027d4
0x016027d6
0x016027e7
0x016027e7
0x01603731
0x01603733
0x00000000
0x00000000
0x00000000
0x01603733
0x016027c2
0x016027c6
0x00000000
0x00000000
0x00000000
0x016027c6
0x016027a1
0x016027a5
0x00000000
0x00000000
0x00000000
0x016027a5
0x01602780
0x01602784
0x00000000
0x00000000
0x00000000
0x01602784
0x0160372f
0x00000000
0x00000000
0x01602adf
0x01602adf
0x01602ae5
0x01602b64
0x01602b66
0x01602b68
0x00000000
0x00000000
0x00000000
0x01602b68
0x01602ae7
0x01602aea
0x01602aee
0x01602af0
0x01602b07
0x01602b07
0x01602b0b
0x01602b0f
0x01602b11
0x01602b28
0x01602b28
0x01602b2c
0x01602b30
0x01602b32
0x01602b49
0x01602b49
0x01602b4d
0x01602b51
0x01602b53
0x01602b59
0x01602b5c
0x01602b60
0x01602b60
0x00000000
0x01602b53
0x01602b38
0x01602b3b
0x01602b3f
0x01602b43
0x00000000
0x00000000
0x00000000
0x01602b43
0x01602b17
0x01602b1a
0x01602b1e
0x01602b22
0x00000000
0x00000000
0x00000000
0x01602b22
0x01602af6
0x01602af9
0x01602afd
0x01602b01
0x00000000
0x00000000
0x00000000
0x00000000
0x01602eeb
0x01602eeb
0x01602ef1
0x01602f70
0x01602f72
0x01602f74
0x00000000
0x00000000
0x00000000
0x01602f74
0x01602ef3
0x01602ef6
0x01602efa
0x01602efc
0x01602f13
0x01602f13
0x01602f17
0x01602f1b
0x01602f1d
0x01602f34
0x01602f34
0x01602f38
0x01602f3c
0x01602f3e
0x01602f55
0x01602f55
0x01602f59
0x01602f5d
0x01602f5f
0x01602f65
0x01602f68
0x01602f6c
0x01602f6c
0x00000000
0x01602f5f
0x01602f44
0x01602f47
0x01602f4b
0x01602f4f
0x00000000
0x00000000
0x00000000
0x01602f4f
0x01602f23
0x01602f26
0x01602f2a
0x01602f2e
0x00000000
0x00000000
0x00000000
0x01602f2e
0x01602f02
0x01602f05
0x01602f09
0x01602f0d
0x00000000
0x00000000
0x00000000
0x00000000
0x0160330c
0x0160330c
0x01603312
0x01603392
0x01603394
0x01603396
0x00000000
0x00000000
0x00000000
0x01603396
0x01603314
0x01603318
0x0160331c
0x0160331e
0x01603335
0x01603335
0x01603339
0x0160333d
0x0160333f
0x01603356
0x01603356
0x0160335a
0x0160335e
0x01603360
0x01603377
0x01603377
0x0160337b
0x0160337f
0x01603381
0x01603387
0x0160338a
0x0160338e
0x0160338e
0x00000000
0x01603381
0x01603366
0x01603369
0x0160336d
0x01603371
0x00000000
0x00000000
0x00000000
0x01603371
0x01603345
0x01603348
0x0160334c
0x01603350
0x00000000
0x00000000
0x00000000
0x01603350
0x01603324
0x01603327
0x0160332b
0x0160332f
0x00000000
0x00000000
0x00000000
0x00000000
0x01603711
0x01603711
0x01603717
0x01603820
0x01603822
0x016038f3
0x016038f7
0x00000000
0x00000000
0x016038fd
0x01603830
0x01603832
0x01602738
0x0160273c
0x00000000
0x01602742
0x00000000
0x01602742
0x0160273c
0x01603838
0x01603840
0x01603842
0x01602747
0x0160274f
0x01602751
0x01602762
0x01602762
0x0160371f
0x01603721
0x00000000
0x00000000
0x00000000
0x01603721
0x01603853
0x01603857
0x00000000
0x00000000
0x00000000
0x0160385d
0x0160371d
0x00000000
0x00000000
0x01602a50
0x01602a50
0x01602a56
0x01602ad5
0x01602ad7
0x01602ad9
0x00000000
0x00000000
0x00000000
0x01602ad9
0x01602a58
0x01602a5b
0x01602a5f
0x01602a61
0x01602a78
0x01602a78
0x01602a7c
0x01602a80
0x01602a82
0x01602a99
0x01602a99
0x01602a9d
0x01602aa1
0x01602aa3
0x01602aba
0x01602aba
0x01602abe
0x01602ac2
0x01602ac4
0x01602aca
0x01602acd
0x01602ad1
0x01602ad1
0x00000000
0x01602ac4
0x01602aa9
0x01602aac
0x01602ab0
0x01602ab4
0x00000000
0x00000000
0x00000000
0x01602ab4
0x01602a88
0x01602a8b
0x01602a8f
0x01602a93
0x00000000
0x00000000
0x00000000
0x01602a93
0x01602a67
0x01602a6a
0x01602a6e
0x01602a72
0x00000000
0x00000000
0x00000000
0x00000000
0x01602e5c
0x01602e5c
0x01602e62
0x01602ee1
0x01602ee3
0x01602ee5
0x00000000
0x00000000
0x00000000
0x01602ee5
0x01602e64
0x01602e67
0x01602e6b
0x01602e6d
0x01602e84
0x01602e84
0x01602e88
0x01602e8c
0x01602e8e
0x01602ea5
0x01602ea5
0x01602ea9
0x01602ead
0x01602eaf
0x01602ec6
0x01602ec6
0x01602eca
0x01602ece
0x01602ed0
0x01602ed6
0x01602ed9
0x01602edd
0x01602edd
0x00000000
0x01602ed0
0x01602eb5
0x01602eb8
0x01602ebc
0x01602ec0
0x00000000
0x00000000
0x00000000
0x01602ec0
0x01602e94
0x01602e97
0x01602e9b
0x01602e9f
0x00000000
0x00000000
0x00000000
0x01602e9f
0x01602e73
0x01602e76
0x01602e7a
0x01602e7e
0x00000000
0x00000000
0x00000000
0x00000000
0x0160327d
0x0160327d
0x01603283
0x01603302
0x01603304
0x01603306
0x00000000
0x00000000
0x00000000
0x01603306
0x01603285
0x01603288
0x0160328c
0x0160328e
0x016032a5
0x016032a5
0x016032a9
0x016032ad
0x016032af
0x016032c6
0x016032c6
0x016032ca
0x016032ce
0x016032d0
0x016032e7
0x016032e7
0x016032eb
0x016032ef
0x016032f1
0x016032f7
0x016032fa
0x016032fe
0x016032fe
0x00000000
0x016032f1
0x016032d6
0x016032d9
0x016032dd
0x016032e1
0x00000000
0x00000000
0x00000000
0x016032e1
0x016032b5
0x016032b8
0x016032bc
0x016032c0
0x00000000
0x00000000
0x00000000
0x016032c0
0x01603294
0x01603297
0x0160329b
0x0160329f
0x00000000
0x00000000
0x00000000
0x00000000
0x016036ff
0x016036ff
0x01603705
0x00000000
0x00000000
0x0160370b
0x0160370d
0x0160370f
0x00000000
0x00000000
0x00000000
0x00000000
0x016029c1
0x016029c1
0x016029c7
0x01602a46
0x01602a48
0x01602a4a
0x00000000
0x00000000
0x00000000
0x01602a4a
0x016029c9
0x016029cc
0x016029d0
0x016029d2
0x016029e9
0x016029e9
0x016029ed
0x016029f1
0x016029f3
0x01602a0a
0x01602a0a
0x01602a0e
0x01602a12
0x01602a14
0x01602a2b
0x01602a2b
0x01602a2f
0x01602a33
0x01602a35
0x01602a3b
0x01602a3e
0x01602a42
0x01602a42
0x00000000
0x01602a35
0x01602a1a
0x01602a1d
0x01602a21
0x01602a25
0x00000000
0x00000000
0x00000000
0x01602a25
0x016029f9
0x016029fc
0x01602a00
0x01602a04
0x00000000
0x00000000
0x00000000
0x01602a04
0x016029d8
0x016029db
0x016029df
0x016029e3
0x00000000
0x00000000
0x00000000
0x00000000
0x01602dcd
0x01602dcd
0x01602dd3
0x01602e52
0x01602e54
0x01602e56
0x00000000
0x00000000
0x00000000
0x01602e56
0x01602dd5
0x01602dd8
0x01602ddc
0x01602dde
0x01602df5
0x01602df5
0x01602df9
0x01602dfd
0x01602dff
0x01602e16
0x01602e16
0x01602e1a
0x01602e1e
0x01602e20
0x01602e37
0x01602e37
0x01602e3b
0x01602e3f
0x01602e41
0x01602e47
0x01602e4a
0x01602e4e
0x01602e4e
0x00000000
0x01602e41
0x01602e26
0x01602e29
0x01602e2d
0x01602e31
0x00000000
0x00000000
0x00000000
0x01602e31
0x01602e05
0x01602e08
0x01602e0c
0x01602e10
0x00000000
0x00000000
0x00000000
0x01602e10
0x01602de4
0x01602de7
0x01602deb
0x01602def
0x00000000
0x00000000
0x00000000
0x00000000
0x016031ee
0x016031ee
0x016031f4
0x01603273
0x01603275
0x01603277
0x00000000
0x00000000
0x00000000
0x01603277
0x016031f6
0x016031f9
0x016031fd
0x016031ff
0x01603216
0x01603216
0x0160321a
0x0160321e
0x01603220
0x01603237
0x01603237
0x0160323b
0x0160323f
0x01603241
0x01603258
0x01603258
0x0160325c
0x01603260
0x01603262
0x01603268
0x0160326b
0x0160326f
0x0160326f
0x00000000
0x01603262
0x01603247
0x0160324a
0x0160324e
0x01603252
0x00000000
0x00000000
0x00000000
0x01603252
0x01603226
0x01603229
0x0160322d
0x01603231
0x00000000
0x00000000
0x00000000
0x01603231
0x01603205
0x01603208
0x0160320c
0x01603210
0x00000000
0x00000000
0x00000000
0x00000000
0x0160265a
0x0160265a
0x01602660
0x016026ea
0x01603902
0x01603904
0x00000000
0x00000000
0x00000000
0x0160390a
0x01602666
0x01602669
0x0160266d
0x0160266f
0x01602686
0x01602686
0x0160268a
0x0160268e
0x01602690
0x016026a7
0x016026a7
0x016026ab
0x016026af
0x016026b1
0x016026c8
0x016026c8
0x016026cc
0x016026d0
0x016026d2
0x016026dc
0x016026df
0x016026e3
0x016026e3
0x00000000
0x016026d2
0x016026b7
0x016026ba
0x016026be
0x016026c2
0x00000000
0x00000000
0x00000000
0x016026c2
0x01602696
0x01602699
0x0160269d
0x016026a1
0x00000000
0x00000000
0x00000000
0x016026a1
0x01602675
0x01602678
0x0160267c
0x01602680
0x00000000
0x00000000
0x00000000
0x00000000
0x01602932
0x01602932
0x01602938
0x016029b7
0x016029b9
0x016029bb
0x00000000
0x00000000
0x00000000
0x016029bb
0x0160293a
0x0160293d
0x01602941
0x01602943
0x0160295a
0x0160295a
0x0160295e
0x01602962
0x01602964
0x0160297b
0x0160297b
0x0160297f
0x01602983
0x01602985
0x0160299c
0x0160299c
0x016029a0
0x016029a4
0x016029a6
0x016029ac
0x016029af
0x016029b3
0x016029b3
0x00000000
0x016029a6
0x0160298b
0x0160298e
0x01602992
0x01602996
0x00000000
0x00000000
0x00000000
0x01602996
0x0160296a
0x0160296d
0x01602971
0x01602975
0x00000000
0x00000000
0x00000000
0x01602975
0x01602949
0x0160294c
0x01602950
0x01602954
0x00000000
0x00000000
0x00000000
0x00000000
0x01602d3e
0x01602d3e
0x01602d44
0x01602dc3
0x01602dc5
0x01602dc7
0x00000000
0x00000000
0x00000000
0x01602dc7
0x01602d46
0x01602d49
0x01602d4d
0x01602d4f
0x01602d66
0x01602d66
0x01602d6a
0x01602d6e
0x01602d70
0x01602d87
0x01602d87
0x01602d8b
0x01602d8f
0x01602d91
0x01602da8
0x01602da8
0x01602dac
0x01602db0
0x01602db2
0x01602db8
0x01602dbb
0x01602dbf
0x01602dbf
0x00000000
0x01602db2
0x01602d97
0x01602d9a
0x01602d9e
0x01602da2
0x00000000
0x00000000
0x00000000
0x01602da2
0x01602d76
0x01602d79
0x01602d7d
0x01602d81
0x00000000
0x00000000
0x00000000
0x01602d81
0x01602d55
0x01602d58
0x01602d5c
0x01602d60
0x00000000
0x00000000
0x00000000
0x00000000
0x0160315f
0x0160315f
0x01603165
0x016031e4
0x016031e6
0x016031e8
0x00000000
0x00000000
0x00000000
0x016031e8
0x01603167
0x0160316a
0x0160316e
0x01603170
0x01603187
0x01603187
0x0160318b
0x0160318f
0x01603191
0x016031a8
0x016031a8
0x016031ac
0x016031b0
0x016031b2
0x016031c9
0x016031c9
0x016031cd
0x016031d1
0x016031d3
0x016031d9
0x016031dc
0x016031e0
0x016031e0
0x00000000
0x016031d3
0x016031b8
0x016031bb
0x016031bf
0x016031c3
0x00000000
0x00000000
0x00000000
0x016031c3
0x01603197
0x0160319a
0x0160319e
0x016031a2
0x00000000
0x00000000
0x00000000
0x016031a2
0x01603176
0x01603179
0x0160317d
0x01603181
0x00000000
0x00000000
0x00000000
0x00000000
0x016025cb
0x016025d1
0x01602650
0x01602652
0x01602654
0x00000000
0x00000000
0x00000000
0x01602654
0x016025d3
0x016025d6
0x016025da
0x016025dc
0x016025f3
0x016025f3
0x016025f7
0x016025fb
0x016025fd
0x01602614
0x01602614
0x01602618
0x0160261c
0x0160261e
0x01602635
0x01602635
0x01602639
0x0160263d
0x0160263f
0x01602645
0x01602648
0x0160264c
0x0160264c
0x00000000
0x0160263f
0x01602624
0x01602627
0x0160262b
0x0160262f
0x00000000
0x00000000
0x00000000
0x0160262f
0x01602603
0x01602606
0x0160260a
0x0160260e
0x00000000
0x00000000
0x00000000
0x0160260e
0x016025e2
0x016025e5
0x016025e9
0x016025ed
0x00000000
0x00000000
0x00000000
0x00000000
0x016028a3
0x016028a9
0x01602928
0x0160292a
0x0160292c
0x00000000
0x00000000
0x00000000
0x0160292c
0x016028ab
0x016028ae
0x016028b2
0x016028b4
0x016028cb
0x016028cb
0x016028cf
0x016028d3
0x016028d5
0x016028ec
0x016028ec
0x016028f0
0x016028f4
0x016028f6
0x0160290d
0x0160290d
0x01602911
0x01602915
0x01602917
0x0160291d
0x01602920
0x01602924
0x01602924
0x00000000
0x01602917
0x016028fc
0x016028ff
0x01602903
0x01602907
0x00000000
0x00000000
0x00000000
0x01602907
0x016028db
0x016028de
0x016028e2
0x016028e6
0x00000000
0x00000000
0x00000000
0x016028e6
0x016028ba
0x016028bd
0x016028c1
0x016028c5
0x00000000
0x00000000
0x00000000
0x00000000
0x01602caf
0x01602cb5
0x01602d34
0x01602d36
0x01602d38
0x00000000
0x00000000
0x00000000
0x01602d38
0x01602cb7
0x01602cba
0x01602cbe
0x01602cc0
0x01602cd7
0x01602cd7
0x01602cdb
0x01602cdf
0x01602ce1
0x01602cf8
0x01602cf8
0x01602cfc
0x01602d00
0x01602d02
0x01602d19
0x01602d19
0x01602d1d
0x01602d21
0x01602d23
0x01602d29
0x01602d2c
0x01602d30
0x01602d30
0x00000000
0x01602d23
0x01602d08
0x01602d0b
0x01602d0f
0x01602d13
0x00000000
0x00000000
0x00000000
0x01602d13
0x01602ce7
0x01602cea
0x01602cee
0x01602cf2
0x00000000
0x00000000
0x00000000
0x01602cf2
0x01602cc6
0x01602cc9
0x01602ccd
0x01602cd1
0x00000000
0x00000000
0x00000000
0x00000000
0x016030cf
0x016030d5
0x01603155
0x01603157
0x01603159
0x00000000
0x00000000
0x00000000
0x01603159
0x016030d7
0x016030db
0x016030df
0x016030e1
0x016030f8
0x016030f8
0x016030fc
0x01603100
0x01603102
0x01603119
0x01603119
0x0160311d
0x01603121
0x01603123
0x0160313a
0x0160313a
0x0160313e
0x01603142
0x01603144
0x0160314a
0x0160314d
0x01603151
0x01603151
0x00000000
0x01603144
0x01603129
0x0160312c
0x01603130
0x01603134
0x00000000
0x00000000
0x00000000
0x01603134
0x01603108
0x0160310b
0x0160310f
0x01603113
0x00000000
0x00000000
0x00000000
0x01603113
0x016030e7
0x016030ea
0x016030ee
0x016030f2
0x00000000
0x00000000
0x00000000
0x00000000
0x016036f8
0x016020ea
0x016020f1
0x016020f3
0x0160210a
0x01602112
0x01602114
0x016026fc
0x01602700
0x00000000
0x01602706
0x00000000
0x01602706
0x01602700
0x0160211a
0x01602122
0x01602124
0x0160270b
0x01602713
0x01602715
0x01602726
0x01602726
0x00000000
0x01602715
0x01602135
0x01602139
0x00000000
0x0160213f
0x00000000
0x0160213f
0x01602139
0x01602100
0x01602104
0x00000000
0x00000000
0x00000000

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7269491e273c38e6e6a0e5e47763b055620adcba19fec437e486cc656e3d423
Instruction ID: a3ebc12cc211461c3b6b6480052f1d302b1adca799515b687ad4cbcb1b35c590
Opcode Fuzzy Hash: a7269491e273c38e6e6a0e5e47763b055620adcba19fec437e486cc656e3d423
Instruction Fuzzy Hash: D9026B77D496B34B8B7B4EBD48E45377EA06E0159131F87A89DC02F3D6C216DD0A86E0

Uniqueness

Uniqueness Score: 0.00%

Function 015D44FC, Relevance: .5, Instructions: 506
COMMONCrypto

C-Code - Quality: 97%

			E015D44FC(signed int _a4, signed int _a8, signed short _a12) {
				signed int _v8;
				short _v34;
				char _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t237;
				signed int _t238;
				signed int _t239;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				intOrPtr _t244;
				signed int _t245;
				signed char _t250;
				signed int _t251;
				signed int _t254;
				signed char _t258;
				signed short _t260;
				signed short _t265;
				signed char _t266;
				signed int _t267;
				intOrPtr _t268;
				signed int _t270;
				signed int _t272;
				signed char _t273;
				signed int _t274;
				signed short _t275;
				signed char _t276;
				unsigned int _t279;
				signed short _t280;
				signed int _t282;
				unsigned int _t284;
				signed short _t285;
				signed int _t288;
				signed char _t289;
				signed short _t290;
				signed int _t292;
				signed char _t293;
				signed short _t294;
				signed int _t296;
				signed short _t299;
				signed short _t309;
				signed short _t319;
				signed int _t322;
				signed int _t325;
				signed int _t327;
				signed int _t332;
				intOrPtr* _t333;
				intOrPtr _t335;
				signed int _t337;
				intOrPtr _t339;
				signed int _t341;
				signed int _t342;
				void* _t343;
				signed char _t344;
				signed char _t345;
				signed int _t346;
				signed int _t347;
				signed int _t349;
				signed short _t359;
				signed char _t360;
				intOrPtr _t366;
				intOrPtr _t367;
				signed short _t368;
				signed int _t371;
				intOrPtr _t377;
				signed int _t378;
				signed short _t379;
				signed short _t380;
				signed short _t381;
				signed short _t389;
				signed int _t392;
				signed int* _t397;
				void* _t399;
				unsigned int _t401;

				_t342 = _a4;
				if(( *(_t342 + 0x44) & 0x01000000) != 0) {
					_push(_a8);
					_push(_t342);
					E01693A5A();
					return _t237;
				}
				_t238 =  *(_t342 + 0x40);
				_t397 = _a8;
				if((_t238 & 0x61000000) != 0) {
					__eflags = _t238 & 0x10000000;
					if(__eflags != 0) {
						goto L2;
					}
					_t341 = E016974A9(_t342, _t343, _t397, _t399, __eflags, _t342, _t397);
					__eflags = _t341;
					if(_t341 != 0) {
						goto L2;
					}
					_t245 = 0xc000000d;
					L15:
					return _t245;
				}
				L2:
				_t239 =  *_t397;
				_a8 = _a8 & 0x00000000;
				_push(_t399);
				if(_t239 != 0) {
					_t344 = _t397[2] & 0x0000ffff;
					__eflags = _t344 & 0x00000102;
					if((_t344 & 0x00000102) == 0) {
						goto L33;
					}
					__eflags = _a12;
					if(_a12 == 0) {
						L27:
						_t401 = _t397[1] + _t239;
						__eflags = _t344 & 0x00000100;
						if((_t344 & 0x00000100) != 0) {
							__eflags = _t239 + 0xffffffe8;
							_t239 = E016838DD(_t342, _t239 + 0xffffffe8);
						}
						__eflags = _a12;
						if(_a12 == 0) {
							L31:
							_t339 =  *((intOrPtr*)(_t239 + 0x10));
							__eflags = _t339 - _t342 + 0xa8;
							if(_t339 == _t342 + 0xa8) {
								goto L71;
							}
							_t332 = _t339 + 0xfffffff0;
							goto L4;
						} else {
							__eflags = _t401 -  *((intOrPtr*)(_t239 + 0x28));
							if(_t401 <  *((intOrPtr*)(_t239 + 0x28))) {
								goto L12;
							}
							goto L31;
						}
					}
					__eflags = _t344 & 0x00000002;
					if((_t344 & 0x00000002) == 0) {
						goto L27;
					}
					_t401 =  *(_t239 + 0x24);
					goto L12;
				} else {
					_t332 = _t342;
					L4:
					_t401 = 0;
					if(_t332 == 0) {
						_t333 = _t342 + 0xa0;
						_t367 =  *_t333;
						__eflags = _t367 - _t333;
						if(_t367 == _t333) {
							goto L101;
						}
						_t401 = _t367 + 0x18;
						goto L12;
					} else {
						 *_t397 = _t332;
						if( *(_t342 + 0x4c) == 0) {
							_t368 =  *_t332 & 0x0000ffff;
						} else {
							_t379 =  *_t332;
							if(( *(_t342 + 0x4c) & _t379) != 0) {
								_t379 = _t379 ^  *(_t342 + 0x50);
							}
							_t368 = _t379 & 0x0000ffff;
						}
						_t397[1] = (_t368 & 0x0000ffff) << 3;
						_t397[2] = 0;
						_t397[2] = 0;
						_t371 = 2;
						_t397[2] = _t371;
						_t397[3] =  *((intOrPtr*)(_t332 + 0x20)) -  *(_t332 + 0x2c) << 0xc;
						_t397[4] =  *(_t332 + 0x2c) << 0xc;
						_t377 =  *((intOrPtr*)(_t332 + 0x24));
						if(( *(_t377 + 2) & 0x00000001) == 0) {
							_t378 = _t377 + 0x10;
						} else {
							_t378 = _t377 + 8;
						}
						_t397[5] = _t378;
						_t397[6] =  *(_t332 + 0x28);
						L12:
						if(_t401 != 0) {
							_t250 =  *((intOrPtr*)(_t401 + 7));
							__eflags = _t250 & 0x00000040;
							if((_t250 & 0x00000040) == 0) {
								__eflags = _t250 - 4;
								if(_t250 != 4) {
									_t251 = _t401 + 8;
									L83:
									 *_t397 = _t251;
									_t397[2] = 1;
									__eflags =  *((char*)(_t342 + 0xda)) - 2;
									if( *((char*)(_t342 + 0xda)) != 2) {
										_t254 = 0;
										__eflags = 0;
									} else {
										_t254 =  *(_t342 + 0xd4);
									}
									__eflags = _t254;
									if(_t254 == 0) {
										L90:
										_t258 =  *(_t342 + 0x4c) >> 0x00000014 &  *(_t342 + 0x52) ^  *(_t401 + 2);
										__eflags = _t258 & 0x00000001;
										if((_t258 & 0x00000001) == 0) {
											 *_t397 = _t401 + 0x10;
											__eflags =  *(_t342 + 0x4c);
											if( *(_t342 + 0x4c) == 0) {
												_t260 =  *_t401 & 0x0000ffff;
											} else {
												_t265 =  *_t401;
												__eflags =  *(_t342 + 0x4c) & _t265;
												if(( *(_t342 + 0x4c) & _t265) != 0) {
													_t265 = _t265 ^  *(_t342 + 0x50);
													__eflags = _t265;
												}
												_t260 = _t265 & 0x0000ffff;
											}
											_t397[1] = (_t260 & 0x0000ffff) * 8 - 0x10;
											_t397[2] = 0x10;
											_t397[2] =  *(_t401 + 6);
											_t397[2] = 0;
											goto L13;
										}
										_t266 =  *((intOrPtr*)(_t401 + 7));
										__eflags = _t266 & 0x00000040;
										if((_t266 & 0x00000040) == 0) {
											__eflags = _t266 - 4;
											if(_t266 != 4) {
												_t267 = _t401 + 8;
												L97:
												 *_t397 = _t267;
												_t268 =  *((intOrPtr*)(_t401 + 7));
												__eflags = _t268 - 4;
												if(_t268 == 4) {
													_t397[1] = E015DEFDB(_t342, _t401);
													__eflags =  *(_t342 + 0x4c);
													if( *(_t342 + 0x4c) == 0) {
														_t270 =  *_t401 & 0x0000ffff;
													} else {
														_t285 =  *_t401;
														__eflags =  *(_t342 + 0x4c) & _t285;
														if(( *(_t342 + 0x4c) & _t285) != 0) {
															_t285 = _t285 ^  *(_t342 + 0x50);
															__eflags = _t285;
														}
														_t270 = _t285 & 0x0000ffff;
													}
													_t397[2] = _t270 + 0x20;
													_t397[2] = 0x40;
													_t272 = 0x401;
													L144:
													_t397[2] = _t272;
													__eflags =  *(_t342 + 0x4c);
													if( *(_t342 + 0x4c) == 0) {
														_t273 =  *(_t401 + 2);
													} else {
														_t284 =  *_t401;
														__eflags =  *(_t342 + 0x4c) & _t284;
														if(( *(_t342 + 0x4c) & _t284) != 0) {
															_t284 = _t284 ^  *(_t342 + 0x50);
															__eflags = _t284;
														}
														_t273 = _t284 >> 0x10;
													}
													__eflags = _t273 & 0x00000002;
													if((_t273 & 0x00000002) == 0) {
														_t274 = E016271D3();
														__eflags = _t274 & 0x00000800;
														if((_t274 & 0x00000800) != 0) {
															_t275 =  *(_t401 + 3) & 0x000000ff;
														} else {
															_t275 = 0;
														}
													} else {
														_t280 = E01683914(_t342, _t401);
														_a12 = _t280;
														_t397[3] =  *(_t280 + 4);
														_t397[4] =  *_t280;
														_t282 = E016271D3();
														__eflags = _t282 & 0x00000800;
														if((_t282 & 0x00000800) != 0) {
															_t275 =  *((intOrPtr*)(_a12 + 2));
														} else {
															_t275 = 0;
														}
														_t397[2] = _t397[2] | 0x00000010;
													}
													_t397[4] = _t275;
													__eflags =  *(_t342 + 0x4c);
													if( *(_t342 + 0x4c) == 0) {
														_t276 =  *(_t401 + 2);
													} else {
														_t279 =  *_t401;
														__eflags =  *(_t342 + 0x4c) & _t279;
														if(( *(_t342 + 0x4c) & _t279) != 0) {
															_t279 = _t279 ^  *(_t342 + 0x50);
															__eflags = _t279;
														}
														_t276 = _t279 >> 0x10;
													}
													_t397[2] = _t397[2] | _t276 & 0xe0;
													goto L13;
												}
												__eflags = _t268 - 3;
												if(_t268 == 3) {
													 *_t397 =  *(_t401 + 0x18);
													_t397[1] =  *(_t401 + 0x1c);
													_t397[2] = 0;
													_t397[2] = 0;
													_t272 = 0x100;
													goto L144;
												}
												__eflags = _t268 - 1;
												if(_t268 != 1) {
													_t349 =  *(_t342 + 0x4c);
													__eflags = _t349;
													if(_t349 == 0) {
														_t288 =  *_t401 & 0x0000ffff;
													} else {
														_t319 =  *_t401;
														_t349 =  *(_t342 + 0x4c);
														__eflags = _t349 & _t319;
														if((_t349 & _t319) != 0) {
															_t319 = _t319 ^  *(_t342 + 0x50);
															__eflags = _t319;
														}
														_t288 = _t319 & 0x0000ffff;
													}
													_a12 = _t288;
													_t289 =  *((intOrPtr*)(_t401 + 7));
													__eflags = _t289 - 5;
													if(_t289 != 5) {
														__eflags = _t289 & 0x00000040;
														if((_t289 & 0x00000040) == 0) {
															__eflags = (_t289 & 0x0000003f) - 0x3f;
															if((_t289 & 0x0000003f) == 0x3f) {
																__eflags = _t289;
																if(_t289 >= 0) {
																	__eflags = _t349;
																	if(_t349 == 0) {
																		_t290 =  *_t401 & 0x0000ffff;
																	} else {
																		_t309 =  *_t401;
																		__eflags =  *(_t342 + 0x4c) & _t309;
																		if(( *(_t342 + 0x4c) & _t309) != 0) {
																			_t309 = _t309 ^  *(_t342 + 0x50);
																			__eflags = _t309;
																		}
																		_t290 = _t309 & 0x0000ffff;
																	}
																} else {
																	_t290 =  *((intOrPtr*)((_t401 >> 0x00000003 ^  *_t401 ^  *0x16a81dc ^ _t342) + 0x10));
																}
																_t292 =  *(_t401 + (_t290 & 0x0000ffff) * 8 - 4);
															} else {
																_t292 = _t289 & 0x3f;
															}
														} else {
															_t292 =  *(_t401 + 4 + (_t289 & 0x3f) * 8) & 0x0000ffff;
														}
													} else {
														_t292 =  *(_t342 + 0x54) & 0x0000ffff ^  *(_t401 + 4) & 0x0000ffff;
													}
													_t397[1] = ((_a12 & 0x0000ffff) << 3) - _t292;
													_t293 =  *((intOrPtr*)(_t401 + 7));
													__eflags = _t293 - 5;
													if(_t293 != 5) {
														__eflags = _t293 & 0x00000040;
														if((_t293 & 0x00000040) == 0) {
															__eflags = (_t293 & 0x0000003f) - 0x3f;
															if((_t293 & 0x0000003f) == 0x3f) {
																__eflags = _t293;
																if(_t293 >= 0) {
																	__eflags =  *(_t342 + 0x4c);
																	if( *(_t342 + 0x4c) == 0) {
																		_t294 =  *_t401 & 0x0000ffff;
																	} else {
																		_t299 =  *_t401;
																		__eflags =  *(_t342 + 0x4c) & _t299;
																		if(( *(_t342 + 0x4c) & _t299) != 0) {
																			_t299 = _t299 ^  *(_t342 + 0x50);
																			__eflags = _t299;
																		}
																		_t294 = _t299 & 0x0000ffff;
																	}
																} else {
																	_t294 =  *((intOrPtr*)((_t401 >> 0x00000003 ^  *_t401 ^  *0x16a81dc ^ _t342) + 0x10));
																}
																_t296 =  *(_t401 + (_t294 & 0x0000ffff) * 8 - 4);
															} else {
																_t296 = _t293 & 0x3f;
															}
														} else {
															_t296 =  *(_t401 + 4 + (_t293 & 0x3f) * 8) & 0x0000ffff;
														}
													} else {
														_t296 =  *(_t342 + 0x54) & 0x0000ffff ^  *(_t401 + 4) & 0x0000ffff;
													}
													_t397[2] = _t296;
													_t397[2] =  *(_t401 + 6);
													_t272 = 1;
													__eflags = 1;
													goto L144;
												}
												_t397[2] = 1;
												goto L33;
											}
											_t322 =  *(_t401 + 6) & 0x000000ff;
											L93:
											_t267 = _t401 + 8 + _t322 * 8;
											goto L97;
										}
										_t322 = _t266 & 0x3f;
										__eflags = _t322;
										goto L93;
									} else {
										_push( &_a8);
										_t325 = E016978EA(_t342, _t397);
										__eflags = _t325;
										if(_t325 == 0) {
											goto L90;
										}
										__eflags = _t397[2] & 0x00000200;
										if((_t397[2] & 0x00000200) == 0) {
											L14:
											_t245 = _a8;
											goto L15;
										}
										L33:
										__eflags =  *((char*)(_t342 + 0xda)) - 2;
										if( *((char*)(_t342 + 0xda)) != 2) {
											_t240 = 0;
											__eflags = 0;
										} else {
											_t240 =  *(_t342 + 0xd4);
										}
										__eflags = _t240;
										if(_t240 == 0) {
											L39:
											__eflags = _t397[2] & 0x00000001;
											_t241 =  *_t397;
											if((_t397[2] & 0x00000001) == 0) {
												_t242 = _t241 - 0x10;
												__eflags =  *(_t342 + 0x4c);
												if( *(_t342 + 0x4c) == 0) {
													_t389 =  *_t242 & 0x0000ffff;
												} else {
													_t359 =  *_t242;
													__eflags =  *(_t342 + 0x4c) & _t359;
													if(( *(_t342 + 0x4c) & _t359) != 0) {
														_t359 = _t359 ^  *(_t342 + 0x50);
														__eflags = _t359;
													}
													_t389 = _t359 & 0x0000ffff;
												}
												_t345 =  *(_t242 + 6);
												__eflags = _t345;
												if(_t345 == 0) {
													_t346 = _t342;
												} else {
													_t346 = (_t242 & 0xffff0000) - ((_t345 & 0x000000ff) << 0x10) + 0x10000;
												}
												__eflags = _t346;
												if(_t346 == 0) {
													L102:
													_a8 = 0xc0000141;
													goto L13;
												} else {
													__eflags =  *((char*)(_t242 + 7)) - 3;
													if( *((char*)(_t242 + 7)) != 3) {
														_t347 = _t389 & 0x0000ffff;
														L76:
														_t401 = _t242 + _t347 * 8;
														goto L12;
													}
													L68:
													_t392 =  *(_t242 + 0x1c);
													__eflags = _t392 + _t242 + 0x20 -  *((intOrPtr*)(_t346 + 0x28));
													if(_t392 + _t242 + 0x20 <  *((intOrPtr*)(_t346 + 0x28))) {
														 *_t397 =  *(_t242 + 0x18);
														_t397[1] =  *(_t242 + 0x1c);
														_t397[2] = 0;
														_t397[2] = 0;
														_t397[2] = 0x100;
														_t401 = 0;
														goto L12;
													}
													_t366 =  *((intOrPtr*)(_t346 + 0x10));
													__eflags = _t366 - _t342 + 0xa8;
													if(_t366 == _t342 + 0xa8) {
														L71:
														_t332 = 0;
														goto L4;
													}
													_t332 = _t366 - 0x10;
													goto L4;
												}
											}
											_t242 = _t241 - 8;
											__eflags =  *((char*)(_t242 + 7)) - 5;
											if( *((char*)(_t242 + 7)) == 5) {
												_t242 = _t242 - (( *(_t242 + 6) & 0x000000ff) << 3);
												__eflags = _t242;
											}
											__eflags =  *((char*)(_t242 + 7)) - 4;
											if( *((char*)(_t242 + 7)) != 4) {
												__eflags =  *(_t342 + 0x4c);
												if( *(_t342 + 0x4c) != 0) {
												}
												_t360 =  *(_t242 + 6);
												__eflags = _t360;
												if(_t360 == 0) {
													_t346 = _t342;
												} else {
													_t346 = (_t242 & 0xffff0000) - ((_t360 & 0x000000ff) << 0x10) + 0x10000;
												}
												__eflags = _t346;
												if(_t346 == 0) {
													goto L102;
												} else {
													__eflags =  *((char*)(_t242 + 7)) - 3;
													if( *((char*)(_t242 + 7)) == 3) {
														goto L68;
													}
													__eflags =  *(_t342 + 0x4c);
													if( *(_t342 + 0x4c) == 0) {
														_t380 =  *_t242 & 0x0000ffff;
													} else {
														_t381 =  *_t242;
														__eflags =  *(_t342 + 0x4c) & _t381;
														if(( *(_t342 + 0x4c) & _t381) != 0) {
															_t381 = _t381 ^  *(_t342 + 0x50);
															__eflags = _t381;
														}
														_t380 = _t381 & 0x0000ffff;
													}
													_t347 = _t380 & 0x0000ffff;
													goto L76;
												}
											} else {
												_t335 =  *((intOrPtr*)(_t242 - 0x18));
												__eflags = _t335 - _t342 + 0xa0;
												if(_t335 == _t342 + 0xa0) {
													L101:
													_a8 = 0x8000001a;
													goto L13;
												}
												_t401 = _t335 + 0x18;
												goto L12;
											}
										} else {
											_push( &_a8);
											_t337 = E016978EA(_t342, _t397);
											__eflags = _t337;
											if(_t337 == 0) {
												goto L39;
											}
											__eflags = _t397[2] & 0x00000200;
											if((_t397[2] & 0x00000200) == 0) {
												goto L14;
											}
											goto L39;
										}
									}
								}
								_t327 =  *(_t401 + 6) & 0x000000ff;
								L79:
								_t251 = _t401 + 8 + _t327 * 8;
								goto L83;
							}
							_t327 = _t250 & 0x3f;
							__eflags = _t327;
							goto L79;
						}
						L13:
						if( *0x7ffe0380 != 0) {
							_t244 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *(_t244 + 0x240) & 0x00000001;
							if(( *(_t244 + 0x240) & 0x00000001) != 0) {
								_v34 = 0x102e;
								_push( &_v40);
								_v8 = _t342;
								_push(4);
								_push(0x402);
								_push( *0x7ffe0380 & 0x000000ff);
								E016164F0();
							}
						}
						goto L14;
					}
				}
			}

0x015d4505
0x015d450f
0x0165d0ff
0x0165d102
0x0165d103
0x00000000
0x0165d103
0x015d4515
0x015d4519
0x015d4521
0x0165d10d
0x0165d112
0x00000000
0x00000000
0x0165d11a
0x0165d11f
0x0165d121
0x00000000
0x00000000
0x0165d127
0x015d45b1
0x00000000
0x015d45b1
0x015d4527
0x015d4527
0x015d4529
0x015d452d
0x015d4530
0x0165d131
0x0165d135
0x0165d13b
0x00000000
0x00000000
0x0165d13d
0x0165d141
0x0165d150
0x0165d153
0x0165d155
0x0165d15b
0x0165d15d
0x0165d162
0x0165d162
0x0165d167
0x0165d16b
0x0165d176
0x0165d176
0x0165d17f
0x0165d181
0x00000000
0x00000000
0x0165d187
0x00000000
0x0165d16d
0x0165d16d
0x0165d170
0x00000000
0x00000000
0x00000000
0x0165d170
0x0165d16b
0x0165d143
0x0165d146
0x00000000
0x00000000
0x0165d148
0x00000000
0x015d4536
0x015d4536
0x015d4538
0x015d4538
0x015d453c
0x0165d2ca
0x0165d2d0
0x0165d2d2
0x0165d2d4
0x00000000
0x00000000
0x0165d2da
0x00000000
0x015d4542
0x015d4542
0x015d4547
0x015d45bc
0x015d4549
0x015d4549
0x015d454e
0x015d4550
0x015d4550
0x015d4553
0x015d4553
0x015d455c
0x015d455f
0x015d4565
0x015d4569
0x015d456a
0x015d4577
0x015d4580
0x015d4583
0x015d458a
0x015d45b7
0x015d458c
0x015d458c
0x015d458c
0x015d458f
0x015d4595
0x015d4598
0x015d459a
0x0165d310
0x0165d313
0x0165d315
0x0165d323
0x0165d325
0x0165d32d
0x0165d330
0x0165d330
0x0165d335
0x0165d339
0x0165d340
0x0165d34a
0x0165d34a
0x0165d342
0x0165d342
0x0165d342
0x0165d34c
0x0165d34e
0x0165d373
0x0165d37c
0x0165d37f
0x0165d381
0x0165d5da
0x0165d5dc
0x0165d5e0
0x0165d5f1
0x0165d5e2
0x0165d5e2
0x0165d5e4
0x0165d5e7
0x0165d5e9
0x0165d5e9
0x0165d5e9
0x0165d5ec
0x0165d5ec
0x0165d5fe
0x0165d601
0x0165d608
0x0165d60d
0x00000000
0x0165d60d
0x0165d387
0x0165d38a
0x0165d38c
0x0165d39a
0x0165d39c
0x0165d3a4
0x0165d3a7
0x0165d3a7
0x0165d3a9
0x0165d3ac
0x0165d3ae
0x0165d3e3
0x0165d3e6
0x0165d3ea
0x0165d3fb
0x0165d3ec
0x0165d3ec
0x0165d3ee
0x0165d3f1
0x0165d3f3
0x0165d3f3
0x0165d3f3
0x0165d3f6
0x0165d3f6
0x0165d400
0x0165d403
0x0165d407
0x0165d542
0x0165d542
0x0165d546
0x0165d54a
0x0165d55b
0x0165d54c
0x0165d54c
0x0165d54e
0x0165d551
0x0165d553
0x0165d553
0x0165d553
0x0165d556
0x0165d556
0x0165d55e
0x0165d560
0x0165d597
0x0165d59c
0x0165d5a1
0x0165d5a7
0x0165d5a3
0x0165d5a3
0x0165d5a3
0x0165d562
0x0165d564
0x0165d56c
0x0165d56f
0x0165d575
0x0165d579
0x0165d57e
0x0165d583
0x0165d58c
0x0165d585
0x0165d585
0x0165d585
0x0165d590
0x0165d590
0x0165d5ac
0x0165d5b0
0x0165d5b4
0x0165d5c5
0x0165d5b6
0x0165d5b6
0x0165d5b8
0x0165d5bb
0x0165d5bd
0x0165d5bd
0x0165d5bd
0x0165d5c0
0x0165d5c0
0x0165d5ce
0x00000000
0x0165d5ce
0x0165d3b0
0x0165d3b2
0x0165d414
0x0165d419
0x0165d41c
0x0165d420
0x0165d424
0x00000000
0x0165d424
0x0165d3b4
0x0165d3b6
0x0165d42e
0x0165d431
0x0165d433
0x0165d446
0x0165d435
0x0165d435
0x0165d437
0x0165d43a
0x0165d43c
0x0165d43e
0x0165d43e
0x0165d43e
0x0165d441
0x0165d441
0x0165d449
0x0165d44c
0x0165d44f
0x0165d451
0x0165d45f
0x0165d461
0x0165d475
0x0165d478
0x0165d482
0x0165d484
0x0165d49d
0x0165d49f
0x0165d4b0
0x0165d4a1
0x0165d4a1
0x0165d4a3
0x0165d4a6
0x0165d4a8
0x0165d4a8
0x0165d4a8
0x0165d4ab
0x0165d4ab
0x0165d486
0x0165d497
0x0165d497
0x0165d4b6
0x0165d47a
0x0165d47d
0x0165d47d
0x0165d463
0x0165d469
0x0165d469
0x0165d453
0x0165d45b
0x0165d45b
0x0165d4c3
0x0165d4c6
0x0165d4c9
0x0165d4cb
0x0165d4d9
0x0165d4db
0x0165d4ef
0x0165d4f2
0x0165d4fc
0x0165d4fe
0x0165d517
0x0165d51b
0x0165d52c
0x0165d51d
0x0165d51d
0x0165d51f
0x0165d522
0x0165d524
0x0165d524
0x0165d524
0x0165d527
0x0165d527
0x0165d500
0x0165d511
0x0165d511
0x0165d532
0x0165d4f4
0x0165d4f7
0x0165d4f7
0x0165d4dd
0x0165d4e3
0x0165d4e3
0x0165d4cd
0x0165d4d5
0x0165d4d5
0x0165d536
0x0165d53c
0x0165d541
0x0165d541
0x00000000
0x0165d541
0x0165d3bb
0x00000000
0x0165d3bb
0x0165d39e
0x0165d394
0x0165d394
0x00000000
0x0165d394
0x0165d391
0x0165d391
0x00000000
0x0165d350
0x0165d353
0x0165d356
0x0165d35b
0x0165d35d
0x00000000
0x00000000
0x0165d364
0x0165d368
0x015d45ad
0x015d45ad
0x00000000
0x015d45b0
0x0165d18f
0x0165d18f
0x0165d196
0x0165d1a0
0x0165d1a0
0x0165d198
0x0165d198
0x0165d198
0x0165d1a2
0x0165d1a4
0x0165d1c4
0x0165d1c4
0x0165d1c8
0x0165d1ca
0x0165d258
0x0165d25b
0x0165d25f
0x0165d270
0x0165d261
0x0165d261
0x0165d263
0x0165d266
0x0165d268
0x0165d268
0x0165d268
0x0165d26b
0x0165d26b
0x0165d273
0x0165d276
0x0165d278
0x0165d292
0x0165d27a
0x0165d28a
0x0165d28a
0x0165d294
0x0165d296
0x0165d3d0
0x0165d3d0
0x00000000
0x0165d29c
0x0165d29c
0x0165d2a0
0x0165d305
0x0165d308
0x0165d308
0x00000000
0x0165d308
0x0165d2a2
0x0165d2a2
0x0165d2a9
0x0165d2ac
0x0165d2e5
0x0165d2ea
0x0165d2f2
0x0165d2f6
0x0165d2fa
0x0165d2fe
0x00000000
0x0165d2fe
0x0165d2ae
0x0165d2b7
0x0165d2b9
0x0165d2c3
0x0165d2c3
0x00000000
0x0165d2c3
0x0165d2bb
0x00000000
0x0165d2bb
0x0165d296
0x0165d1d0
0x0165d1d3
0x0165d1d7
0x0165d1e0
0x0165d1e0
0x0165d1e0
0x0165d1e2
0x0165d1e6
0x0165d201
0x0165d205
0x0165d205
0x0165d209
0x0165d20c
0x0165d20e
0x0165d228
0x0165d210
0x0165d220
0x0165d220
0x0165d22a
0x0165d22c
0x00000000
0x0165d232
0x0165d232
0x0165d236
0x00000000
0x00000000
0x0165d238
0x0165d23c
0x0165d24d
0x0165d23e
0x0165d23e
0x0165d240
0x0165d243
0x0165d245
0x0165d245
0x0165d245
0x0165d248
0x0165d248
0x0165d250
0x00000000
0x0165d250
0x0165d1e8
0x0165d1e8
0x0165d1f1
0x0165d1f3
0x0165d3c4
0x0165d3c4
0x00000000
0x0165d3c4
0x0165d1f9
0x00000000
0x0165d1f9
0x0165d1a6
0x0165d1a9
0x0165d1ac
0x0165d1b1
0x0165d1b3
0x00000000
0x00000000
0x0165d1ba
0x0165d1be
0x00000000
0x00000000
0x00000000
0x0165d1be
0x0165d1a4
0x0165d34e
0x0165d327
0x0165d31d
0x0165d31d
0x00000000
0x0165d31d
0x0165d31a
0x0165d31a
0x00000000
0x0165d31a
0x015d45a0
0x015d45a7
0x0165d61c
0x0165d61f
0x0165d626
0x0165d631
0x0165d638
0x0165d639
0x0165d643
0x0165d645
0x0165d64a
0x0165d64b
0x0165d64b
0x0165d626
0x00000000
0x015d45a7
0x015d453c

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be730a784969cad1f2be13c40e95dd4a2eaa91ccf1df12fe9170a472965e21bc
Instruction ID: c03ea1b895bde60e481028e4a791d3a7503cca9b5db3aaf0ae344b90b629d76d
Opcode Fuzzy Hash: be730a784969cad1f2be13c40e95dd4a2eaa91ccf1df12fe9170a472965e21bc
Instruction Fuzzy Hash: F112CF70214251DBEBA9CFACC894776BBE0BF05304F448899ED968FAD2D334E455CB60

Uniqueness

Uniqueness Score: 0.00%

Function 016978EA, Relevance: .4, Instructions: 398
COMMONCrypto

C-Code - Quality: 100%

			E016978EA(signed int _a4, signed int _a8) {
				intOrPtr _t192;
				intOrPtr _t194;
				signed short _t195;
				unsigned int _t200;
				void* _t201;
				intOrPtr _t202;
				signed int _t205;
				unsigned int _t206;
				signed char _t209;
				intOrPtr _t211;
				unsigned int _t212;
				unsigned int _t213;
				unsigned int _t214;
				signed int _t216;
				signed int _t222;
				signed short _t223;
				void* _t225;
				signed int _t229;
				unsigned int _t234;
				signed char _t235;
				signed short _t236;
				signed int _t238;
				signed char _t239;
				signed short _t240;
				signed int _t242;
				signed short _t243;
				signed short _t253;
				signed int _t263;
				signed int _t266;
				unsigned int _t268;
				unsigned int _t271;
				signed int _t275;
				signed short _t281;
				unsigned char _t282;
				signed char _t284;
				unsigned int _t285;
				signed int _t286;
				signed short _t290;
				signed int _t292;
				signed char _t293;
				signed short _t294;
				signed int _t296;
				signed short _t297;
				signed short _t307;
				signed int _t315;
				signed int _t317;
				signed char _t322;
				signed int _t325;
				void* _t332;
				signed char _t341;
				signed int _t342;
				signed int _t360;
				unsigned int* _t363;
				unsigned int _t366;
				signed int _t368;
				unsigned int _t369;

				_t275 = _a4;
				if( *((char*)(_t275 + 0xda)) != 2) {
					_t268 = 0;
				} else {
					_t268 =  *((intOrPtr*)(_t275 + 0xd4));
				}
				if(_t268 == 0) {
					return 0;
				}
				_t363 = _a8;
				_t366 =  *_t363;
				if(_t363[2] != 0) {
					_t366 = _t366 - 8;
					if( *(_t366 + 7) != 5) {
						goto L10;
					} else {
						_t266 = ( *(_t366 + 6) & 0x000000ff) << 3;
						goto L9;
					}
				} else {
					_t266 = _t363[2] & 0x000000ff;
					L9:
					_t366 = _t366 - _t266;
					L10:
					if(( *(_t366 + 7) & 0x00000080) == 0) {
						_t192 =  *((intOrPtr*)(_t268 + 0x24));
						_t279 =  *(_t192 + 0x4c) >> 0x00000014 &  *(_t192 + 0x52) ^  *(_t366 + 2);
						if((( *(_t192 + 0x4c) >> 0x00000014 &  *(_t192 + 0x52) ^  *(_t366 + 2)) & 0x00000001) == 0) {
							L108:
							if(E016978A6(_t279, _t332, _t268, _t366) != 0 || _t268 ==  *_t363) {
								L113:
								_t363[2] = 8;
								_t194 =  *((intOrPtr*)(_t268 + 0x24));
								if( *(_t194 + 0x4c) == 0) {
									_t195 =  *_t366 & 0x0000ffff;
								} else {
									_t281 =  *_t366;
									if(( *(_t194 + 0x4c) & _t281) != 0) {
										_t281 = _t281 ^  *(_t194 + 0x50);
									}
									_t195 = _t281 & 0x0000ffff;
								}
								_t363[1] = ((_t195 & 0x0000ffff) << 3) - (_t363[2] & 0x000000ff);
								_t363[2] =  *(_t366 + 6);
								_t200 = 0x201;
								L119:
								_t363[2] = _t200;
								_t201 = 1;
								goto L120;
							} else {
								_t202 =  *((intOrPtr*)(_t268 + 0x24));
								_t282 =  *(_t366 + 2);
								if((( *(_t202 + 0x4c) >> 0x00000014 &  *(_t202 + 0x52) ^ _t282) & 0x00000001) == 0 || (( *(_t202 + 0x4c) >> 0x00000014 &  *(_t202 + 0x52) >> 0x00000003 ^ _t282 >> 0x00000003) & 0x00000001) == 0) {
									L112:
									_t201 = 0;
									L120:
									return _t201;
								} else {
									goto L113;
								}
							}
						}
						if( *(_t192 + 0x4c) == 0) {
							_t205 =  *_t366 & 0x0000ffff;
						} else {
							_t279 =  *_t366;
							if(( *(_t192 + 0x4c) & _t279) != 0) {
								_t279 = _t279 ^  *(_t192 + 0x50);
							}
							_t205 = _t279 & 0x0000ffff;
						}
						if(_t205 <= 3) {
							goto L108;
						} else {
							_t206 =  *_t363;
							if( *((intOrPtr*)(_t206 + 0xc)) != 0xf0e0d0c0) {
								goto L108;
							}
							_a8 =  *_t206;
							if(E016978A6(_t279, _t332, _t268,  *_t206) == 0) {
								goto L108;
							}
							_t209 =  *(_t366 + 7);
							if((_t209 & 0x00000040) == 0) {
								if(_t209 != 4) {
									_t279 = _t366 + 8;
									L69:
									_t211 =  *((intOrPtr*)(_a8 + 4));
									if(_t211 != _t279) {
										goto L108;
									}
									_t284 =  *((intOrPtr*)(_t211 + 0x17));
									_t212 = _t211 + 0x10;
									if((_t284 & 0x00000040) == 0) {
										if(_t284 != 4) {
											_t285 = _t212 + 8;
											L76:
											 *_t363 = _t285;
											_t341 =  *((intOrPtr*)(_t212 + 7));
											_t286 = _t341 & 0x000000ff;
											if((_t286 & 0xffffff3f) == 0) {
												_t363[2] = 8;
												_t363[1] = ( *(_a8 + 0x10) & 0x0000ffff) * 8 - 8;
												_t213 =  *(_t212 + 6);
												L53:
												_t363[2] = _t213;
												_t200 = 0;
												goto L119;
											}
											if(_t341 != 5) {
												if((_t341 & 0x00000040) == 0) {
													if((_t341 & 0x0000003f) == 0x3f) {
														if(_t341 >= 0) {
															_t342 = _a4;
															if( *(_t342 + 0x4c) == 0) {
																_t290 =  *_t212 & 0x0000ffff;
															} else {
																_t307 =  *_t212;
																if(( *(_t342 + 0x4c) & _t307) != 0) {
																	_t307 = _t307 ^  *(_t342 + 0x50);
																}
																_t290 = _t307 & 0x0000ffff;
															}
														} else {
															_t290 =  *((intOrPtr*)((_t212 >> 0x00000003 ^  *_t212 ^  *0x16a81dc ^ _a4) + 0x10));
														}
														_t292 =  *(_t212 + (_t290 & 0x0000ffff) * 8 - 4);
													} else {
														_t292 = _t286 & 0x0000003f;
													}
												} else {
													_t292 =  *(_t212 + 4 + (_t286 & 0x0000003f) * 8) & 0x0000ffff;
												}
												_t368 = _a4;
											} else {
												_t368 = _a4;
												_t292 =  *(_t368 + 0x54) & 0x0000ffff ^  *(_t212 + 4) & 0x0000ffff;
											}
											_t363[2] = _t292;
											_t293 =  *((intOrPtr*)(_t212 + 7));
											if(_t293 != 5) {
												if((_t293 & 0x00000040) == 0) {
													if((_t293 & 0x0000003f) == 0x3f) {
														if(_t293 >= 0) {
															if( *(_t368 + 0x4c) == 0) {
																_t294 =  *_t212 & 0x0000ffff;
															} else {
																_t297 =  *_t212;
																if(( *(_t368 + 0x4c) & _t297) != 0) {
																	_t297 = _t297 ^  *(_t368 + 0x50);
																}
																_t294 = _t297 & 0x0000ffff;
															}
														} else {
															_t294 =  *((intOrPtr*)((_t212 >> 0x00000003 ^  *_t212 ^  *0x16a81dc ^ _t368) + 0x10));
														}
														_t296 =  *(_t212 + (_t294 & 0x0000ffff) * 8 - 4);
													} else {
														_t296 = _t293 & 0x3f;
													}
												} else {
													_t296 =  *(_t212 + 4 + (_t293 & 0x3f) * 8) & 0x0000ffff;
												}
											} else {
												_t296 =  *(_t368 + 0x54) & 0x0000ffff ^  *(_t212 + 4) & 0x0000ffff;
											}
											_t363[1] = (( *(_a8 + 0x10) & 0x0000ffff) << 3) - _t296;
											_t214 =  *(_t212 + 6);
											L51:
											_t363[2] = _t214;
											_t200 = 1;
											goto L119;
										}
										_t315 =  *(_t212 + 6) & 0x000000ff;
										L72:
										_t285 = _t212 + 8 + _t315 * 8;
										goto L76;
									}
									_t315 = _t284 & 0x3f;
									goto L72;
								}
								_t216 =  *(_t366 + 6) & 0x000000ff;
								L65:
								_t279 = _t366 + 8 + _t216 * 8;
								goto L69;
							}
							_t216 = _t209 & 0x3f;
							goto L65;
						}
					}
					_t222 = _t366 >> 0x00000003 ^  *_t366 ^  *0x16a81dc ^ _t275;
					_a8 = _t222;
					if(_t222 == 0) {
						goto L112;
					}
					_t317 = _t222;
					_t223 = E016975D6(_t317);
					_t271 =  *(_t317 + 4);
					_t369 = _t366 + (_t223 & 0x0000ffff) * 8;
					_t225 = E01697588(_t317, _t271);
					if((_t369 - _t225 >> 3) / (E016975D6(_a8) & 0x0000ffff) < ( *(_a8 + 0x14) & 0x0000ffff)) {
						_t322 =  *((intOrPtr*)(_t369 + 7));
						_t229 = _t322 & 0x000000ff;
						if((_t229 & 0xffffff3f) == 0) {
							 *_t363 = _t369 + 8;
							_t363[2] = 8;
							_t363[1] = ( *(_a8 + 0x10) & 0x0000ffff) * 8 - 8;
							_t213 =  *(_t369 + 6);
							goto L53;
						}
						_t360 = 0x3f;
						if((_t322 & 0x00000040) == 0) {
							if(_t322 != 4) {
								_t234 = _t369 + 8;
								goto L21;
							} else {
								_t263 =  *(_t369 + 6) & 0x000000ff;
								goto L17;
							}
						} else {
							_t263 = _t229 & _t360;
							L17:
							_t234 = _t369 + 8 + _t263 * 8;
							L21:
							 *_t363 = _t234;
							_t235 =  *((intOrPtr*)(_t369 + 7));
							if(_t235 != 5) {
								if((_t235 & 0x00000040) == 0) {
									if((_t235 & _t360) == _t360) {
										if(_t235 >= 0) {
											_t325 = _a4;
											if( *(_t325 + 0x4c) == 0) {
												_t236 =  *_t369 & 0x0000ffff;
											} else {
												_t253 =  *_t369;
												if(( *(_t325 + 0x4c) & _t253) != 0) {
													_t253 = _t253 ^  *(_t325 + 0x50);
												}
												_t236 = _t253 & 0x0000ffff;
											}
										} else {
											_t325 = _a4;
											_t236 =  *((intOrPtr*)((_t369 >> 0x00000003 ^  *_t369 ^  *0x16a81dc ^ _t325) + 0x10));
										}
										_t238 =  *(_t369 + (_t236 & 0x0000ffff) * 8 - 4);
										L36:
										_t363[2] = _t238;
										_t239 =  *((intOrPtr*)(_t369 + 7));
										if(_t239 != 5) {
											if((_t239 & 0x00000040) == 0) {
												if((_t239 & _t360) == _t360) {
													if(_t239 >= 0) {
														if( *(_t325 + 0x4c) == 0) {
															_t240 =  *_t369 & 0x0000ffff;
														} else {
															_t243 =  *_t369;
															if(( *(_t325 + 0x4c) & _t243) != 0) {
																_t243 = _t243 ^  *(_t325 + 0x50);
															}
															_t240 = _t243 & 0x0000ffff;
														}
													} else {
														_t240 =  *((intOrPtr*)((_t369 >> 0x00000003 ^  *_t369 ^  *0x16a81dc ^ _t325) + 0x10));
													}
													_t242 =  *(_t369 + (_t240 & 0x0000ffff) * 8 - 4);
												} else {
													_t242 = _t239 & 0x000000ff & _t360;
												}
											} else {
												_t242 =  *(_t369 + 4 + (_t239 & 0x000000ff & _t360) * 8) & 0x0000ffff;
											}
										} else {
											_t242 =  *(_t325 + 0x54) & 0x0000ffff ^  *(_t369 + 4) & 0x0000ffff;
										}
										_t363[1] = (( *(_a8 + 0x10) & 0x0000ffff) << 3) - _t242;
										_t214 =  *(_t369 + 6);
										goto L51;
									}
									_t238 = _t235 & 0x000000ff & _t360;
									L25:
									_t325 = _a4;
									goto L36;
								}
								_t238 =  *(_t369 + 4 + (_t235 & 0x000000ff & _t360) * 8) & 0x0000ffff;
								goto L25;
							}
							_t325 = _a4;
							_t238 =  *(_t325 + 0x54) & 0x0000ffff ^  *(_t369 + 4) & 0x0000ffff;
							goto L36;
						}
					} else {
						 *_t363 = _t271;
						_t363[2] = 0x201;
						goto L112;
					}
				}
			}

0x016978ef
0x016978fa
0x01697904
0x016978fc
0x016978fc
0x016978fc
0x01697908
0x00000000
0x0169790a
0x01697913
0x0169791b
0x0169791d
0x01697925
0x0169792c
0x00000000
0x0169792e
0x01697932
0x00000000
0x01697932
0x0169791f
0x0169791f
0x01697935
0x01697935
0x01697937
0x0169793b
0x01697b01
0x01697b0d
0x01697b13
0x01697ce1
0x01697cea
0x01697d22
0x01697d22
0x01697d26
0x01697d2d
0x01697d3e
0x01697d2f
0x01697d2f
0x01697d34
0x01697d36
0x01697d36
0x01697d39
0x01697d39
0x01697d4d
0x01697d53
0x01697d56
0x01697d5b
0x01697d5b
0x01697d5f
0x00000000
0x01697cf0
0x01697cf0
0x01697cf6
0x01697d04
0x01697d1e
0x01697d1e
0x01697d61
0x00000000
0x00000000
0x00000000
0x00000000
0x01697d04
0x01697cea
0x01697b1d
0x01697b2e
0x01697b1f
0x01697b1f
0x01697b24
0x01697b26
0x01697b26
0x01697b29
0x01697b29
0x01697b35
0x00000000
0x01697b3b
0x01697b3b
0x01697b44
0x00000000
0x00000000
0x01697b4e
0x01697b58
0x00000000
0x00000000
0x01697b5e
0x01697b63
0x01697b73
0x01697b7b
0x01697b7e
0x01697b81
0x01697b86
0x00000000
0x00000000
0x01697b8c
0x01697b8f
0x01697b95
0x01697ba6
0x01697bae
0x01697bb1
0x01697bb1
0x01697bb3
0x01697bb6
0x01697bbf
0x01697cc7
0x01697cd6
0x01697cd9
0x01697af7
0x01697af7
0x01697afa
0x00000000
0x01697afa
0x01697bc8
0x01697bdc
0x01697bf0
0x01697bf9
0x01697c13
0x01697c1a
0x01697c2b
0x01697c1c
0x01697c1c
0x01697c21
0x01697c23
0x01697c23
0x01697c26
0x01697c26
0x01697bfb
0x01697c0d
0x01697c0d
0x01697c31
0x01697bf2
0x01697bf2
0x01697bf2
0x01697bde
0x01697be1
0x01697be1
0x01697c35
0x01697bca
0x01697bca
0x01697bd5
0x01697bd5
0x01697c38
0x01697c3b
0x01697c41
0x01697c52
0x01697c69
0x01697c75
0x01697c92
0x01697ca3
0x01697c94
0x01697c94
0x01697c99
0x01697c9b
0x01697c9b
0x01697c9e
0x01697c9e
0x01697c77
0x01697c88
0x01697c88
0x01697ca9
0x01697c6b
0x01697c6e
0x01697c6e
0x01697c54
0x01697c5a
0x01697c5a
0x01697c43
0x01697c4b
0x01697c4b
0x01697cb9
0x01697cbc
0x01697acf
0x01697acf
0x01697ad4
0x00000000
0x01697ad4
0x01697ba8
0x01697b9d
0x01697b9d
0x00000000
0x01697b9d
0x01697b9a
0x00000000
0x01697b9a
0x01697b75
0x01697b6b
0x01697b6b
0x00000000
0x01697b6b
0x01697b68
0x00000000
0x01697b68
0x01697b35
0x01697950
0x01697952
0x01697955
0x00000000
0x00000000
0x0169795b
0x0169795d
0x01697962
0x0169796a
0x0169796d
0x01697993
0x016979a5
0x016979a8
0x016979b0
0x01697add
0x01697ae2
0x01697af1
0x01697af4
0x00000000
0x01697af4
0x016979b8
0x016979bc
0x016979c9
0x016979d1
0x00000000
0x016979cb
0x016979cb
0x00000000
0x016979cb
0x016979be
0x016979be
0x016979c0
0x016979c0
0x016979d4
0x016979d4
0x016979d6
0x016979db
0x016979ee
0x01697a05
0x01697a10
0x01697a2c
0x01697a33
0x01697a44
0x01697a35
0x01697a35
0x01697a3a
0x01697a3c
0x01697a3c
0x01697a3f
0x01697a3f
0x01697a12
0x01697a21
0x01697a26
0x01697a26
0x01697a4a
0x01697a4e
0x01697a4e
0x01697a51
0x01697a56
0x01697a66
0x01697a7a
0x01697a85
0x01697aa2
0x01697ab3
0x01697aa4
0x01697aa4
0x01697aa9
0x01697aab
0x01697aab
0x01697aae
0x01697aae
0x01697a87
0x01697a98
0x01697a98
0x01697ab9
0x01697a7c
0x01697a7f
0x01697a7f
0x01697a68
0x01697a6d
0x01697a6d
0x01697a58
0x01697a60
0x01697a60
0x01697ac9
0x01697acc
0x00000000
0x01697acc
0x01697a0a
0x016979fa
0x016979fa
0x00000000
0x016979fa
0x016979f5
0x00000000
0x016979f5
0x016979dd
0x016979e8
0x00000000
0x016979e8
0x01697995
0x0169799a
0x0169799c
0x00000000
0x0169799c
0x01697993

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f7f803bb59781549aec68f612914bfc5f4d99c6592ef85cbb19a8f467fcc81a
Instruction ID: 743e090e0ace616e78657951e27aed9b6b959b5d3ec010fda2a8cbe45706305d
Opcode Fuzzy Hash: 8f7f803bb59781549aec68f612914bfc5f4d99c6592ef85cbb19a8f467fcc81a
Instruction Fuzzy Hash: F5E1E230224695CFDF28CF19C8906B2BBE9EF05311B14845EE9D68F292D335E956DF50

Uniqueness

Uniqueness Score: 0.00%

Function 0163FBA6, Relevance: .3, Instructions: 334
COMMONCrypto

C-Code - Quality: 71%

			E0163FBA6(signed int _a4, signed int _a8, signed int _a12, signed int _a16) {
				signed int _v8;
				signed int _v12;
				unsigned int _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				unsigned int __ebx;
				signed int __edi;
				unsigned int __esi;
				void* __ebp;
				unsigned int _t137;

				_t136 = _a12;
				_v12 = 0;
				_v8 = 0;
				if(_a12 == 0) {
					_t137 =  *[fs:0x18];
					_push(0);
					 *( *[fs:0x18] + 0xbf4) = 0;
					 *((intOrPtr*)(_t137 + 0x34)) = E016238B5(_t136, _t137, 0, __eflags);
				} else {
					__edi = _a4;
					__eflags =  *(__edi + 0x44) & 0x01000000;
					if(__eflags != 0) {
						return E01696500(__ebx, __edi, __esi, __eflags, __edi, _a8, __ebx, _a16);
					}
					__eflags =  *(__edi + 0x48) & 0x00000001;
					if(__eflags != 0) {
						__edx = __ebx;
						__ecx = __edi;
						__eax = E015FF136(__edi, __ebx, __esi, __eflags);
						L10:
						__esi = __eax;
						goto L11;
					} else {
						__eflags = __bl & 0x00000007;
						if(__eflags != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(__ebx);
							_push(__edi);
							_push(9);
							L22:
							__eax = E01694B0C(__ebx, __ecx, __edx, __edi, __esi, __eflags);
							L11:
							__eflags = __esi;
							if(__eflags == 0) {
								L23:
								__ecx =  *[fs:0x18];
								__esi =  *[fs:0x18];
								__eax = 0xc000000d;
								_push(0xc000000d);
								 *( *[fs:0x18] + 0xbf4) = 0xc000000d;
								 *((intOrPtr*)(__esi + 0x34)) = E016238B5(__ebx, __edi, __esi, __eflags);
								goto L1;
							}
							__eflags =  *(__ebx - 1) - 5;
							if(__eflags == 0) {
								__eflags = _a8 & 0x3c000102;
								__eax = __ebx - 8;
								__ecx =  *__eax;
								_v12 =  *__eax;
								if(__eflags != 0) {
									goto L13;
								}
								__cl =  *(__eax + 7);
								__eflags = __cl - 5;
								if(__cl != 5) {
									__eflags = __cl & 0x00000040;
									if((__cl & 0x00000040) == 0) {
										_t47 =  &_v8;
										 *_t47 = _v8 & 0x00000000;
										__eflags =  *_t47;
										L31:
										__ebx = _v8 & 0x0000ffff;
										__edx = _a16;
										__ecx = __ebx + __edx;
										__eflags = __ecx - __edx;
										if(__eflags < 0) {
											goto L23;
										}
										__eflags =  *(__eax + 7) - 5;
										_a16 = __ecx;
										if( *(__eax + 7) != 5) {
											__eax = 0;
											__eflags = 0;
										} else {
											 *(__eax + 6) & 0x000000ff = ( *(__eax + 6) & 0x000000ff) << 3;
											__eax = __eax - (( *(__eax + 6) & 0x000000ff) << 3);
											__eax = __eax + 8;
										}
										__edx = _v12;
										__eflags = __edx;
										if(__edx == 0) {
											L38:
											__ecx = 0;
											__eflags = 0;
											goto L39;
										} else {
											_t56 = __edx - 1; // -1
											__ecx = _t56;
											__ecx = __cx & 0x0000ffff;
											__eflags = __ecx -  *0x16afa38; // 0x3
											if(__eflags >= 0) {
												goto L38;
											}
											__ecx =  *(0x166db90 + __ecx * 4);
											L39:
											__eflags =  *__ecx(__edi, 5, __edx, __eax);
											if(__eflags < 0) {
												goto L23;
											}
											__al =  *(__esi + 7);
											__eflags = __al - 4;
											if(__al != 4) {
												__eflags = __al - 5;
												if(__al != 5) {
													__eflags = __al & 0x00000040;
													if((__al & 0x00000040) == 0) {
														__al = __al & 0x0000003f;
														__eflags = (__al & 0x0000003f) - 0x3f;
														if((__al & 0x0000003f) == 0x3f) {
															__eflags = __al;
															if(__al >= 0) {
																__eflags =  *(__edi + 0x4c);
																if( *(__edi + 0x4c) == 0) {
																	__eax =  *__esi & 0x0000ffff;
																} else {
																	__eax =  *__esi;
																	__eflags =  *(__edi + 0x4c) & __eax;
																	if(( *(__edi + 0x4c) & __eax) != 0) {
																		__eflags = __eax;
																	}
																	__eax = __ax & 0x0000ffff;
																}
															} else {
																__ecx =  *__esi;
																__esi = __esi >> 3;
																__esi >> 0x00000003 ^  *__esi = __esi >> 0x00000003 ^  *__esi ^  *0x16a81dc;
																__eax = __esi >> 0x00000003 ^  *__esi ^  *0x16a81dc ^ __edi;
																__ax =  *((intOrPtr*)((__esi >> 0x00000003 ^  *__esi ^  *0x16a81dc ^ __edi) + 0x10));
															}
															__eax = __ax & 0x0000ffff;
															__eax =  *(__esi + (__ax & 0x0000ffff) * 8 - 4);
														} else {
															__eax = __al & 0x000000ff;
															__eax = __al & 0x3f;
														}
													} else {
														__al & 0x000000ff = __al & 0x3f;
														__eax =  *(__esi + 4 + (__al & 0x3f) * 8) & 0x0000ffff;
													}
												} else {
													__eax =  *(__edi + 0x54) & 0x0000ffff;
													__ecx =  *(__esi + 4) & 0x0000ffff;
													__eax =  *(__edi + 0x54) & 0x0000ffff ^  *(__esi + 4) & 0x0000ffff;
												}
												__dl =  *(__esi + 7);
												__eax = __eax - __ebx;
												__dl =  *(__esi + 7) & 0x00000080;
												__eflags = __eax - 0x3f;
												if(__eflags >= 0) {
													__eflags = __dl;
													if(__dl == 0) {
														__eflags =  *(__edi + 0x4c);
														if( *(__edi + 0x4c) == 0) {
															__ecx =  *__esi & 0x0000ffff;
														} else {
															__ecx =  *__esi;
															__eflags =  *(__edi + 0x4c) & __ecx;
															if(( *(__edi + 0x4c) & __ecx) != 0) {
																__eflags = __ecx;
															}
															__ecx = __cx & 0x0000ffff;
														}
													} else {
														__ebx =  *__esi;
														__esi = __esi >> 3;
														__esi >> 0x00000003 ^  *__esi = __esi >> 0x00000003 ^  *__esi ^  *0x16a81dc;
														__ecx = __esi >> 0x00000003 ^  *__esi ^  *0x16a81dc ^ __edi;
														__cx =  *((intOrPtr*)((__esi >> 0x00000003 ^  *__esi ^  *0x16a81dc ^ __edi) + 0x10));
													}
													__ecx = __cx & 0x0000ffff;
													__dl = __dl | 0x0000003f;
													__eflags = __dl;
													 *(__esi + 7) = __dl;
													 *(__esi + (__cx & 0x0000ffff) * 8 - 4) = __eax;
												} else {
													 *(__esi + 7) = __al;
												}
											} else {
												__eax = _a8;
												__eax = _a8 & 0x00000001;
												__eflags = __eax;
												_a12 = __eax;
												if(__eax == 0) {
													__eflags =  *(__edi + 0x44) & 0x00000001;
													if(__eflags == 0) {
														__eax = E01617310(__eflags,  *((intOrPtr*)(__edi + 0xcc)));
													}
												}
												__ebx = 0;
												__eflags =  *(__edi + 0x4c);
												if( *(__edi + 0x4c) != 0) {
													__eax =  *(__edi + 0x50);
													 *__esi =  *__esi ^  *(__edi + 0x50);
													 *(__esi + 2) =  *(__esi + 2) ^  *(__esi + 1);
													__al =  *(__esi + 2) ^  *(__esi + 1) ^  *__esi;
													__eflags =  *(__esi + 3) - ( *(__esi + 2) ^  *(__esi + 1) ^  *__esi);
													if(__eflags != 0) {
														_push(0);
														_push(__esi);
														_push(__edi);
														__eax = E01694BBA(0, __edi, __esi, __eflags);
													}
												}
												__ax = _v8;
												 *__esi =  *__esi - __ax;
												__eflags =  *(__edi + 0x4c) - __ebx;
												if( *(__edi + 0x4c) != __ebx) {
													 *(__esi + 2) =  *(__esi + 2) ^  *(__esi + 1);
													__al =  *(__esi + 2) ^  *(__esi + 1) ^  *__esi;
													 *(__esi + 3) =  *(__esi + 2) ^  *(__esi + 1) ^  *__esi;
													__eax =  *(__edi + 0x50);
													 *__esi =  *__esi ^  *(__edi + 0x50);
													__eflags =  *__esi;
												}
												__eflags = _a12 - __ebx;
												if(__eflags == 0) {
													__eflags =  *(__edi + 0x44) & 0x00000001;
													if(__eflags == 0) {
														__eax = E016172D0( *((intOrPtr*)(__edi + 0xcc)));
													}
												}
											}
											__ebx = __esi + 8;
											goto L13;
										}
									}
									__cx = __cl & 0x000000ff;
									L27:
									__cx = __cx << 3;
									__ecx = __cx & 0x0000ffff;
									_v8 = __cx & 0x0000ffff;
									goto L31;
								}
								__cx =  *(__eax + 6) & 0x000000ff;
								goto L27;
							}
							L13:
							__esi = _a16;
							__edx = _a8;
							_push(__esi);
							_push(__ebx);
							__edx = _a8 | 0x00000002;
							__ecx = __edi;
							__eax = L0163FC46(__ebx, __edi, __edx, __edi, __esi, __eflags);
							_a16 = __eax;
							__eflags = __eax;
							if(__eax != 0) {
								__ebx = _v12;
								__eflags = __ebx;
								if(__ebx == 0) {
									return __eax;
								}
								_t111 = __ebx - 1; // -1
								__ecx = _t111;
								__ecx = __cx & 0x0000ffff;
								__eflags = __ecx -  *0x16afa38; // 0x3
								if(__eflags >= 0) {
									__ecx = 0;
									__eflags = 0;
								} else {
									__ecx =  *(0x166db90 + __ecx * 4);
								}
								 *__ecx(__edi, 6, __ebx >> 0x10, __eax) = _v8 & 0x0000ffff;
								__edx = _a8;
								__esi = __esi - (_v8 & 0x0000ffff);
								__ecx = __edi;
								return E0167DD51(__edi, _a8, _a16, __esi, _v8, __ebx);
							}
							__eax = _v8 & 0x0000ffff;
							__ecx = _v12;
							__esi = __esi - (_v8 & 0x0000ffff);
							__eflags = __ecx;
							if(__eflags != 0) {
								_t118 = __ecx - 1; // -1
								__eax = _t118;
								__eax = __ax & 0x0000ffff;
								__eflags = __eax -  *0x16afa38; // 0x3
								if(__eflags >= 0) {
									__eax = 0;
									__eflags = 0;
								} else {
									__eax =  *(0x166db90 + __eax * 4);
								}
								_push(__ebx);
								_push(__ecx);
								_push(6);
								_push(__edi);
								__eax = E01629A68(__edi, __edi, 0, __ebx);
								__edx = _a8;
								__ecx = __edi;
								__eax = E0167DD51(__edi, __edx, __ebx, __eax, _v8, _v12);
							}
							__eax =  *[fs:0x18];
							__ebx =  *[fs:0x18];
							__edi = 0xc0000017;
							_push(0xc0000017);
							 *( *[fs:0x18] + 0xbf4) = 0xc0000017;
							__eax = E016238B5(__ebx, 0xc0000017, __esi, __eflags);
							__eflags = _a8 & 0x00000004;
							 *(__ebx + 0x34) = __eax;
							if((_a8 & 0x00000004) != 0) {
								_v84 = _v84 & 0x00000000;
								_v88 = _v88 & 0x00000000;
								__eax =  &_v92;
								_push( &_v92);
								_v92 = 0xc0000017;
								_v76 = 1;
								_v72 = __esi;
								_v80 = E01616C88;
								__eax = E01616C88(__ecx, __edx, 0xc0000017, __esi);
							}
							goto L1;
						}
						__eax = __ebx - 8;
						__eflags =  *(__eax + 7) - 5;
						if( *(__eax + 7) == 5) {
							__ecx =  *(__eax + 6) & 0x000000ff;
							__ecx = ( *(__eax + 6) & 0x000000ff) << 3;
							__eax = __eax - __ecx;
						}
						__eflags =  *(__eax + 7) & 0x0000003f;
						if(__eflags == 0) {
							_push(__esi);
							_push(__esi);
							_push(__esi);
							_push(__eax);
							_push(__edi);
							_push(8);
							goto L22;
						} else {
							goto L10;
						}
					}
				}
				L1:
				return 0;
			}

0x0163fbaf
0x0163fbb6
0x0163fbb9
0x0163fbbe
0x0164712c
0x01647133
0x01647134
0x0164713f
0x0163fbc4
0x0163fbc4
0x0163fbc7
0x0163fbce
0x00000000
0x0165e22f
0x0163fbd4
0x0163fbd8
0x01647147
0x01647149
0x0164714b
0x0163fbfe
0x0163fbfe
0x00000000
0x0163fbde
0x0163fbde
0x0163fbe1
0x0165e250
0x0165e251
0x0165e252
0x0165e253
0x0165e254
0x0165e255
0x0165e257
0x0165e257
0x0163fc00
0x0163fc00
0x0163fc02
0x0165e261
0x0165e261
0x0165e268
0x0165e26f
0x0165e274
0x0165e275
0x0165e280
0x00000000
0x0165e280
0x0163fc08
0x0163fc0c
0x0165e288
0x0165e28f
0x0165e292
0x0165e294
0x0165e297
0x00000000
0x00000000
0x0165e29d
0x0165e2a0
0x0165e2a3
0x0165e2b6
0x0165e2b9
0x0165e2c4
0x0165e2c4
0x0165e2c4
0x0165e2c8
0x0165e2c8
0x0165e2cc
0x0165e2cf
0x0165e2d2
0x0165e2d4
0x00000000
0x00000000
0x0165e2d6
0x0165e2da
0x0165e2dd
0x0165e2ed
0x0165e2ed
0x0165e2df
0x0165e2e3
0x0165e2e6
0x0165e2e8
0x0165e2e8
0x0165e2ef
0x0165e2f2
0x0165e2f4
0x0165e30d
0x0165e30d
0x0165e30d
0x00000000
0x0165e2f6
0x0165e2f6
0x0165e2f6
0x0165e2f9
0x0165e2fc
0x0165e302
0x00000000
0x00000000
0x0165e304
0x0165e30f
0x0165e319
0x0165e31b
0x00000000
0x00000000
0x0165e321
0x0165e324
0x0165e326
0x0165e3a4
0x0165e3a6
0x0165e3b4
0x0165e3b6
0x0165e3c7
0x0165e3ca
0x0165e3cd
0x0165e3d7
0x0165e3d9
0x0165e3f2
0x0165e3f6
0x0165e407
0x0165e3f8
0x0165e3f8
0x0165e3fa
0x0165e3fd
0x0165e3ff
0x0165e3ff
0x0165e402
0x0165e402
0x0165e3db
0x0165e3db
0x0165e3df
0x0165e3e4
0x0165e3ea
0x0165e3ec
0x0165e3ec
0x0165e40a
0x0165e40d
0x0165e3cf
0x0165e3cf
0x0165e3d2
0x0165e3d2
0x0165e3b8
0x0165e3bb
0x0165e3be
0x0165e3be
0x0165e3a8
0x0165e3a8
0x0165e3ac
0x0165e3b0
0x0165e3b0
0x0165e411
0x0165e414
0x0165e416
0x0165e419
0x0165e41c
0x0165e425
0x0165e427
0x0165e440
0x0165e444
0x0165e455
0x0165e446
0x0165e446
0x0165e448
0x0165e44b
0x0165e44d
0x0165e44d
0x0165e450
0x0165e450
0x0165e429
0x0165e429
0x0165e42d
0x0165e432
0x0165e438
0x0165e43a
0x0165e43a
0x0165e458
0x0165e45b
0x0165e45b
0x0165e45e
0x0165e461
0x0165e41e
0x0165e420
0x0165e420
0x0165e328
0x0165e328
0x0165e32b
0x0165e32b
0x0165e32e
0x0165e331
0x0165e333
0x0165e337
0x0165e33f
0x0165e33f
0x0165e337
0x0165e344
0x0165e346
0x0165e349
0x0165e34b
0x0165e34e
0x0165e353
0x0165e356
0x0165e358
0x0165e35b
0x0165e35d
0x0165e35e
0x0165e35f
0x0165e360
0x0165e360
0x0165e35b
0x0165e365
0x0165e369
0x0165e36c
0x0165e36f
0x0165e374
0x0165e377
0x0165e379
0x0165e37c
0x0165e37f
0x0165e37f
0x0165e37f
0x0165e381
0x0165e384
0x0165e38a
0x0165e38e
0x0165e39a
0x0165e39a
0x0165e38e
0x0165e384
0x0165e465
0x00000000
0x0165e465
0x0165e2f4
0x0165e2be
0x0165e2aa
0x0165e2aa
0x0165e2ae
0x0165e2b1
0x00000000
0x0165e2b1
0x0165e2a5
0x00000000
0x0165e2a5
0x0163fc12
0x0163fc12
0x0163fc15
0x0163fc18
0x0163fc19
0x0163fc1a
0x0163fc1d
0x0163fc1f
0x0163fc24
0x0163fc27
0x0163fc29
0x0163fc2f
0x0163fc32
0x0163fc34
0x0163fc3e
0x0163fc3e
0x0165e46d
0x0165e46d
0x0165e470
0x0165e473
0x0165e479
0x0165e484
0x0165e484
0x0165e47b
0x0165e47b
0x0165e47b
0x0165e492
0x0165e496
0x0165e49d
0x0165e4a3
0x00000000
0x0165e4a5
0x015fc06f
0x015fc073
0x015fc076
0x015fc078
0x015fc07a
0x0165e4af
0x0165e4af
0x0165e4b2
0x0165e4b5
0x0165e4bb
0x0165e4c6
0x0165e4c6
0x0165e4bd
0x0165e4bd
0x0165e4bd
0x0165e4c8
0x0165e4cc
0x0165e4cd
0x0165e4cf
0x0165e4dc
0x0165e4e1
0x0165e4e6
0x0165e4e8
0x0165e4e8
0x015fc080
0x015fc086
0x015fc08d
0x015fc092
0x015fc093
0x015fc099
0x015fc09e
0x015fc0a2
0x015fc0a5
0x0165e4f2
0x0165e4f6
0x0165e4fa
0x0165e4fd
0x0165e4fe
0x0165e501
0x0165e508
0x0165e50b
0x0165e512
0x0165e512
0x00000000
0x015fc0a5
0x0163fbe7
0x0163fbea
0x0163fbee
0x0165e239
0x0165e23d
0x0165e240
0x0165e240
0x0163fbf4
0x0163fbf8
0x0165e247
0x0165e248
0x0165e249
0x0165e24a
0x0165e24b
0x0165e24c
0x00000000
0x00000000
0x00000000
0x00000000
0x0163fbf8
0x0163fbd8
0x015fc05f
0x00000000

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f984dd84d826340e4ea1a779d3a8f58ff390c1213b1578a7d0f059b88301b4d9
Instruction ID: 8be9b026972f23c3d114ce70c399ad8366d580becbefa37208c75e69e7d73753
Opcode Fuzzy Hash: f984dd84d826340e4ea1a779d3a8f58ff390c1213b1578a7d0f059b88301b4d9
Instruction Fuzzy Hash: A2C12470501256AFDF65CF28CC94BBAFBE5EF05300F04845DED868B646C73AAA52DB60

Uniqueness

Uniqueness Score: 0.00%

Function 01691907, Relevance: .3, Instructions: 281
COMMONCrypto

C-Code - Quality: 91%

			E01691907(signed int __ecx, void* __esi) {
				signed int _v8;
				char _v178;
				char _v180;
				void* _v188;
				void* _v196;
				short _v200;
				signed int _v202;
				short _v204;
				short _v206;
				char _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				char* _v236;
				short _v238;
				char _v240;
				intOrPtr _v244;
				char _v248;
				void* __ebx;
				void* __edi;
				signed int _t117;
				signed int _t122;
				signed short _t123;
				signed int _t128;
				intOrPtr _t129;
				signed int _t131;
				intOrPtr _t133;
				intOrPtr _t134;
				intOrPtr _t135;
				signed int _t142;
				signed char _t151;
				signed int _t164;
				signed int _t165;
				void* _t191;
				void* _t192;
				void* _t197;
				short _t203;
				void* _t210;
				signed int _t211;
				signed int _t212;
				signed int _t219;
				void* _t220;
				signed int _t221;

				_t220 = __esi;
				_t193 = __ecx;
				_t117 =  *0x16a81e8; // 0x77d4aa35
				_v8 = _t117 ^ _t221;
				_v220 = _v220 | 0xffffffff;
				_v232 = _v232 | 0xffffffff;
				_t211 = 0;
				_v180 = 0;
				_v224 = 0;
				_v216 = 0;
				_v228 = 0;
				E01604EC0( &_v178, 0, 0xa8);
				_t122 = E01615700();
				_t123 =  *(__esi + 4) & 0x0000ffff;
				asm("sbb bl, bl");
				_t191 =  ~_t122 + 1;
				if(_t123 <= 0) {
					_push( &_v224);
					if(E01615C80() < 0) {
						goto L51;
					}
					goto L3;
				} else {
					_v224 = _t123 & 0x0000ffff;
					L3:
					_t128 = E01628E06(_t220, _v224, _t211,  &_v232);
					if(_t128 == 0xc0000034 || _t128 == 0xc00000bb) {
						_v212 = _v212 | 0xffffffff;
						_t129 = E01629181(2, 0x55);
						_v228 = _t129;
						if(_t129 != _t211) {
							_t193 = _v224 & 0x0000ffff;
							_t128 = E01629229( &_v248, _t129, _v224 & 0x0000ffff);
							if(_t128 == 0) {
								goto L20;
							}
							_t164 = E0162AE88(_t220, _v244, 1,  &_v212);
							if(_t164 >= 0) {
								_t165 = _v212;
							} else {
								_t165 = _t164 | 0xffffffff;
							}
							_t203 = 0x31;
							_v208 = _t203;
							_v202 = _t165;
							_v206 = 0;
							_v204 = _v224;
							_v200 = 0;
							asm("stosd");
							asm("stosd");
							_t193 = 0 << 0x10;
							asm("stosd");
							asm("stosd");
							E0163BEFA(0 << 0x10, _t210, _t220,  &_v208, _v244);
							_t128 = E0169028F(_t220,  &_v208, 0);
							if(_t128 < 0) {
								goto L20;
							} else {
								_t128 = ( *( *((intOrPtr*)(_t220 + 0x14)) + 6) & 0x0000ffff) - 1;
								goto L15;
							}
						} else {
							_t125 = 0xc0000017;
							goto L51;
						}
					} else {
						if(_t128 < _t211) {
							L20:
							if(_t191 == 0) {
								_t131 = _t128 | 0xffffffff;
							} else {
								_t131 = _v220;
							}
							E01690535(_t193, _t220, _t131);
							_t133 =  *((intOrPtr*)(_t220 + 0x14));
							_t212 = 0;
							_v212 = 0;
							if(0 >=  *(_t133 + 6)) {
								L33:
								_t134 =  *((intOrPtr*)(_t220 + 0x14));
								_t197 = 0;
								_t210 = 0;
								if(0 >=  *(_t134 + 6)) {
									L43:
									_t135 =  *((intOrPtr*)(_t220 + 0x14));
									_t198 = 0;
									_t211 = 0;
									if(0 >=  *(_t135 + 6)) {
										L48:
										if(_v228 != 0) {
											E01622882(_t198,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v228);
										}
										_t125 = 0;
										L51:
										return E01622F0C(_t125, _t191, _v8 ^ _t221, _t210, _t211, _t220);
									}
									_t192 = 0;
									do {
										if(( *(_t192 +  *((intOrPtr*)(_t135 + 0xc))) & 0x00000004) != 0) {
											E0168F2F2(_t220, _t211);
										}
										_t135 =  *((intOrPtr*)(_t220 + 0x14));
										_t198 =  *(_t135 + 6) & 0x0000ffff;
										_t211 = _t211 + 1;
										_t192 = _t192 + 0x1c;
									} while (_t211 < ( *(_t135 + 6) & 0x0000ffff));
									goto L48;
								} else {
									goto L34;
								}
								do {
									L34:
									_t142 =  *(_t197 +  *((intOrPtr*)(_t134 + 0xc))) & 0x0000ffff;
									if((_t142 & 0x00000001) != 0 && (_t142 & 0x00000020) != 0) {
										if((_t142 & 0x00001000) == 0) {
											_v216 = _v216 + 1;
										}
										if(_t191 != 0 && _t210 != _v220 && _v216 >  *((intOrPtr*)(_t220 + 0x48))) {
											 *( *((intOrPtr*)( *((intOrPtr*)(_t220 + 0x14)) + 0xc)) + _t197) =  *( *((intOrPtr*)( *((intOrPtr*)(_t220 + 0x14)) + 0xc)) + _t197) & 0x0000ffdf;
											 *( *((intOrPtr*)( *((intOrPtr*)(_t220 + 0x14)) + 0xc)) + _t197) =  *( *((intOrPtr*)( *((intOrPtr*)(_t220 + 0x14)) + 0xc)) + _t197) | 0x00008000;
										}
									}
									_t134 =  *((intOrPtr*)(_t220 + 0x14));
									_t210 = _t210 + 1;
									_t197 = _t197 + 0x1c;
								} while (_t210 < ( *(_t134 + 6) & 0x0000ffff));
								goto L43;
							} else {
								do {
									_t151 =  *(_t212 +  *((intOrPtr*)(_t133 + 0xc))) & 0x0000ffff;
									if((_t151 & 0x00000002) != 0 && (_t151 & 0x00000020) != 0) {
										E0168F4E0(_t220, _v212);
										if(( *(_t212 +  *((intOrPtr*)( *((intOrPtr*)(_t220 + 0x14)) + 0xc))) & 0x00001000) == 0) {
											_v216 = _v216 + 1;
										}
										if(_t191 != 0 && _v212 != _v220 && _v216 >  *((intOrPtr*)(_t220 + 0x48))) {
											 *( *((intOrPtr*)( *((intOrPtr*)(_t220 + 0x14)) + 0xc)) + _t212) =  *( *((intOrPtr*)( *((intOrPtr*)(_t220 + 0x14)) + 0xc)) + _t212) & 0x0000ffdf;
											 *( *((intOrPtr*)( *((intOrPtr*)(_t220 + 0x14)) + 0xc)) + _t212) =  *( *((intOrPtr*)( *((intOrPtr*)(_t220 + 0x14)) + 0xc)) + _t212) | 0x00008000;
										}
									}
									_t133 =  *((intOrPtr*)(_t220 + 0x14));
									_v212 = _v212 + 1;
									_t212 = _t212 + 0x1c;
								} while (_v212 < ( *(_t133 + 6) & 0x0000ffff));
								goto L33;
							}
						} else {
							_t128 = _v232;
							L15:
							_v220 = _t128;
							if(_t128 != 0xffffffff) {
								_t219 = _v220 * 0x1c;
								_v236 =  &_v180;
								_v238 = 0xaa;
								_t128 = E015DA98B(_t193, _t220,  *((intOrPtr*)( *((intOrPtr*)(_t220 + 0x14)) + 0xc)) + _t219,  &_v240);
								if(_t128 >= 0) {
									_t128 = E0162C2CE(_t220, _v236);
									if(_t128 >= 0) {
										_v216 = 1;
									} else {
										 *( *((intOrPtr*)( *((intOrPtr*)(_t220 + 0x14)) + 0xc)) + _t219) =  *( *((intOrPtr*)( *((intOrPtr*)(_t220 + 0x14)) + 0xc)) + _t219) & 0x0000ffdf;
										_t128 =  *((intOrPtr*)( *((intOrPtr*)(_t220 + 0x14)) + 0xc)) + _t219;
										_t193 = 0x8000;
										 *_t128 =  *_t128 | 0x00008000;
									}
								}
							}
							goto L20;
						}
					}
				}
			}

0x01691907
0x01691907
0x01691912
0x01691919
0x0169191c
0x01691923
0x0169192c
0x01691935
0x01691944
0x0169194a
0x01691950
0x01691956
0x0169195e
0x01691965
0x0169196b
0x0169196d
0x01691972
0x01691985
0x0169198d
0x00000000
0x00000000
0x00000000
0x01691974
0x01691977
0x01691993
0x016919a2
0x016919ac
0x016919c9
0x016919d4
0x016919d9
0x016919e1
0x016919ed
0x016919fd
0x01691a04
0x00000000
0x00000000
0x01691a1a
0x01691a21
0x01691a28
0x01691a23
0x01691a23
0x01691a23
0x01691a30
0x01691a31
0x01691a38
0x01691a41
0x01691a51
0x01691a5b
0x01691a75
0x01691a76
0x01691a7e
0x01691a89
0x01691a8a
0x01691a93
0x01691aa2
0x01691aa9
0x00000000
0x01691aaf
0x01691ab6
0x00000000
0x01691ab6
0x016919e3
0x016919e3
0x00000000
0x016919e3
0x016919b5
0x016919b7
0x01691b39
0x01691b3b
0x01691b45
0x01691b3d
0x01691b3d
0x01691b3d
0x01691b4a
0x01691b4f
0x01691b52
0x01691b56
0x01691b60
0x01691bf1
0x01691bf1
0x01691bf4
0x01691bf6
0x01691bfc
0x01691c60
0x01691c60
0x01691c63
0x01691c65
0x01691c6b
0x01691c8e
0x01691c95
0x01691cab
0x01691cab
0x01691cb0
0x01691cb2
0x01691cbf
0x01691cbf
0x01691c6d
0x01691c6f
0x01691c76
0x01691c7a
0x01691c7a
0x01691c7f
0x01691c82
0x01691c86
0x01691c87
0x01691c8a
0x00000000
0x00000000
0x00000000
0x00000000
0x01691bfe
0x01691bfe
0x01691c01
0x01691c07
0x01691c12
0x01691c14
0x01691c14
0x01691c1c
0x01691c3e
0x01691c4e
0x01691c4e
0x01691c1c
0x01691c51
0x01691c58
0x01691c59
0x01691c5c
0x00000000
0x01691b66
0x01691b66
0x01691b69
0x01691b6f
0x01691b7c
0x01691b90
0x01691b92
0x01691b92
0x01691b9a
0x01691bc2
0x01691bd2
0x01691bd2
0x01691b9a
0x01691bd5
0x01691bdc
0x01691be2
0x01691be5
0x00000000
0x01691b66
0x016919bd
0x016919bd
0x01691ab7
0x01691ab7
0x01691ac0
0x01691ace
0x01691ad1
0x01691adc
0x01691af4
0x01691afb
0x01691b04
0x01691b0b
0x01691b2f
0x01691b0d
0x01691b1a
0x01691b23
0x01691b25
0x01691b2a
0x01691b2a
0x01691b0b
0x01691afb
0x00000000
0x01691ac0
0x016919b7
0x016919ac

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcf53b4968a789429eb034d213d63ef9221d9841ebaf7f6fc802c74188d9acd7
Instruction ID: a5cac9dbc9637977945c16a69af6ae450a2e82d64204e12200b2917fcee8d47c
Opcode Fuzzy Hash: dcf53b4968a789429eb034d213d63ef9221d9841ebaf7f6fc802c74188d9acd7
Instruction Fuzzy Hash: 8EB1C030600656CFEB35CF68CC44BA9B3FAEF06720F15459AE94AE7290D7349D85CB25

Uniqueness

Uniqueness Score: 0.00%

Function 01627015, Relevance: .3, Instructions: 254
COMMONCrypto

C-Code - Quality: 90%

			E01627015(signed char _a4, signed short* _a8, unsigned int* _a12, signed short _a16) {
				signed int _v8;
				char _v72;
				signed int _v76;
				signed short _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				unsigned short _v100;
				signed short _v104;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t113;
				signed short _t115;
				unsigned short _t118;
				signed short _t120;
				signed short _t135;
				signed int _t136;
				signed char _t143;
				void* _t144;
				signed int _t145;
				signed int _t146;
				void* _t148;
				signed short _t164;
				signed int _t165;
				signed int _t168;
				void* _t171;
				signed short* _t172;
				signed short _t173;
				short* _t174;
				signed int _t176;
				void* _t179;
				unsigned int* _t180;
				signed short* _t181;
				signed int _t183;

				_t113 =  *0x16a81e8; // 0x77d4aa35
				_v8 = _t113 ^ _t183;
				_t115 = _a16;
				_v104 = _t115;
				if(_t115 != 0) {
					__ecx = 0;
					 *__eax = __cx;
				}
				_t143 = _a4;
				if((_t143 & 0xfffffff8) != 0 || _t115 == 0) {
					_t116 = 0xc000000d;
				} else {
					_t172 = _a8;
					if(E01626F6C(0, _t172) >= 0) {
						_t180 = _a12;
						if(E01626F6C(0, _t180) >= 0) {
							_t118 =  *_t172 & 0x0000ffff;
							_t169 =  *_t180 >> 0x00000001 & 0x0000ffff;
							_v100 = _t118;
							_v84 = _t180[1];
							_t120 = _t118 >> 0x00000001 & 0x0000ffff;
							_v96 = _t143;
							_t16 =  &_v96;
							 *_t16 = _v96 & 1;
							_v80 = _t120;
							_v76 = _t169;
							if( *_t16 == 0) {
								_t181 = _t172[2];
								_v92 = 1;
							} else {
								_v92 = _v92 | 0xffffffff;
								_t181 = _t172[2] + (_t120 & 0x0000ffff) * 2 - 2;
							}
							if((_t143 & 0x00000004) != 0) {
								if(_t169 > 0x20) {
									if(_t120 == 0) {
										goto L21;
									} else {
										_v88 = _t143;
										_v88 = _v88 & 0x00000002;
										while(1) {
											_t145 = E0167E6D3( *_t181 & 0x0000ffff) & 0x0000ffff;
											_t173 = 0;
											if(_v88 == 0) {
												goto L58;
											}
											if(0 < _v76) {
												while(_t145 != E0167E6D3( *(_v84 + (_t173 & 0x0000ffff) * 2) & 0x0000ffff)) {
													_t173 = _t173 + 1;
													if(_t173 < _v76) {
														continue;
													}
													goto L56;
												}
											}
											L56:
											if(_t173 != _v76) {
												L62:
												_v80 = _v80 + 0xffff;
												_t181 =  &(_t181[_v92]);
												if(_v80 != 0) {
													continue;
												}
											} else {
											}
											goto L43;
											L58:
											if(0 < _v76) {
												while(_t145 != E0167E6D3( *(_v84 + (_t173 & 0x0000ffff) * 2) & 0x0000ffff)) {
													_t173 = _t173 + 1;
													if(_t173 < _v76) {
														continue;
													}
													goto L61;
												}
											}
											L61:
											if(_t173 == _v76) {
												goto L62;
											}
											goto L43;
										}
									}
								} else {
									if(0 < _t169) {
										_t174 =  &_v72;
										_t148 = _v84 - _t174;
										_v84 = _t169 & 0x0000ffff;
										do {
											 *_t174 = E0167E6D3( *(_t148 + _t174) & 0x0000ffff);
											_t174 = _t174 + 2;
											_t58 =  &_v84;
											 *_t58 = _v84 - 1;
										} while ( *_t58 != 0);
										_t143 = _a4;
										_t120 = _v80;
									}
									if(_t120 == 0) {
										goto L21;
									} else {
										_t146 = _t143 & 0x00000002;
										while(1) {
											_t135 = E0167E6D3( *_t181 & 0x0000ffff);
											_t164 = 0;
											_t169 = 0;
											_t136 = _t135 & 0x0000ffff;
											if(_t146 == 0) {
												goto L44;
											}
											if(0 < _v76) {
												while(1) {
													_t169 = _t164 & 0x0000ffff;
													if(_t136 ==  *((intOrPtr*)(_t183 + (_t164 & 0x0000ffff) * 2 - 0x44))) {
														goto L42;
													}
													_t164 = _t164 + 1;
													if(_t164 < _v76) {
														continue;
													}
													goto L42;
												}
											}
											L42:
											if(_t164 != _v76) {
												L48:
												_v80 = _v80 + 0xffff;
												_t181 =  &(_t181[_v92]);
												if(_v80 != 0) {
													continue;
												}
											}
											L43:
											_t120 = _v80;
											goto L17;
											L44:
											if(0 < _v76) {
												while(1) {
													_t169 = _t164 & 0x0000ffff;
													if(_t136 ==  *((intOrPtr*)(_t183 + (_t164 & 0x0000ffff) * 2 - 0x44))) {
														goto L47;
													}
													_t164 = _t164 + 1;
													if(_t164 < _v76) {
														continue;
													}
													goto L47;
												}
											}
											L47:
											if(_t164 == _v76) {
												goto L48;
											}
											goto L43;
										}
									}
								}
							} else {
								if(_t169 != 1) {
									if(_t120 == 0) {
										goto L21;
									} else {
										_t176 = _v84;
										_v88 = _t143;
										_v88 = _v88 & 0x00000002;
										do {
											_v76 = _v76 & 0x00000000;
											_t165 =  *_t181 & 0x0000ffff;
											if(_v88 != 0) {
												if(0 < _t169) {
													while(_t165 !=  *((intOrPtr*)(_t176 + (_v76 & 0x0000ffff) * 2))) {
														_v76 = _v76 + 1;
														if(_v76 < _t169) {
															continue;
														}
														goto L71;
													}
												}
												L71:
												if(_v76 != _t169) {
													goto L27;
												} else {
													goto L17;
												}
											} else {
												if(0 < _t169) {
													while(_t165 !=  *((intOrPtr*)(_t176 + (_v76 & 0x0000ffff) * 2))) {
														_v76 = _v76 + 1;
														if(_v76 < _t169) {
															continue;
														}
														goto L26;
													}
												} else {
												}
												L26:
												if(_v76 != _t169) {
													goto L17;
												} else {
													goto L27;
												}
											}
											goto L73;
											L27:
											_t120 = _t120 + 0xffff;
											_t181 =  &(_t181[_v92]);
										} while (_t120 != 0);
										goto L17;
									}
								} else {
									_t168 =  *_v84 & 0x0000ffff;
									if((_t143 & 0x00000002) != 0) {
										if(_t120 == 0) {
											goto L21;
										} else {
											while( *_t181 == _t168) {
												_t169 = _v92;
												_t120 = _t120 + 0xffff;
												_t181 =  &(_t181[_v92]);
												if(_t120 == 0) {
													goto L17;
												} else {
													continue;
												}
												L73:
											}
											goto L17;
										}
									} else {
										if(_t120 == 0) {
											L21:
											_t116 = 0xc0000225;
										} else {
											while( *_t181 != _t168) {
												_t169 = _v92;
												_t120 = _t120 + 0xffff;
												_t181 =  &(_t181[_v92]);
												if(_t120 != 0) {
													continue;
												}
												break;
											}
											L17:
											if(_t120 == 0) {
												goto L21;
											} else {
												_t115 = _t120 + 0xffff + _t120 + 0xffff;
												if(_v96 == 0) {
													_t115 = _v100 - _t115;
												}
												 *_v104 = _t115 & 0x0000ffff;
												_t116 = 0;
											}
										}
									}
								}
							}
						}
					}
				}
				_pop(_t171);
				_pop(_t179);
				_pop(_t144);
				return E01622F0C(_t116, _t144, _v8 ^ _t183, _t169, _t171, _t179);
				goto L73;
			}

0x0162701d
0x01627024
0x01627027
0x0162702a
0x0162702f
0x01627031
0x01627033
0x01627033
0x01627037
0x01627042
0x015d27b4
0x01627050
0x01627050
0x0162705d
0x01627063
0x01627070
0x01627079
0x0162707f
0x01627085
0x0162708b
0x01627090
0x01627093
0x01627097
0x01627097
0x0162709a
0x0162709d
0x016270a0
0x015dc46e
0x015dc471
0x016270a6
0x016270a9
0x016270b0
0x016270b0
0x016270b7
0x0165a8bf
0x0165a971
0x00000000
0x0165a977
0x0165a977
0x0165a97a
0x0165a97e
0x0165a987
0x0165a98a
0x0165a991
0x00000000
0x00000000
0x0165a997
0x0165a999
0x0165a9ae
0x0165a9b3
0x00000000
0x00000000
0x00000000
0x0165a9b3
0x0165a999
0x0165a9b5
0x0165a9b9
0x0165a9ec
0x0165a9ec
0x0165a9fb
0x0165a9fe
0x00000000
0x0165aa04
0x00000000
0x0165a9bb
0x00000000
0x0165a9c0
0x0165a9c4
0x0165a9c6
0x0165a9db
0x0165a9e0
0x00000000
0x00000000
0x00000000
0x0165a9e0
0x0165a9c6
0x0165a9e2
0x0165a9e6
0x00000000
0x00000000
0x00000000
0x0165a9e6
0x0165a97e
0x0165a8c5
0x0165a8ca
0x0165a8cf
0x0165a8d4
0x0165a8d9
0x0165a8dc
0x0165a8e6
0x0165a8ea
0x0165a8eb
0x0165a8eb
0x0165a8eb
0x0165a8f0
0x0165a8f3
0x0165a8f3
0x0165a8f9
0x00000000
0x0165a8ff
0x0165a8ff
0x0165a902
0x0165a906
0x0165a90b
0x0165a90d
0x0165a90f
0x0165a914
0x00000000
0x00000000
0x0165a91a
0x0165a91c
0x0165a91c
0x0165a924
0x00000000
0x00000000
0x0165a926
0x0165a92b
0x00000000
0x00000000
0x00000000
0x0165a92b
0x0165a91c
0x0165a92d
0x0165a931
0x0165a958
0x0165a958
0x0165a967
0x0165a96a
0x00000000
0x0165a96c
0x0165a96a
0x0165a933
0x0165a933
0x00000000
0x0165a93b
0x0165a93f
0x0165a941
0x0165a941
0x0165a949
0x00000000
0x00000000
0x0165a94b
0x0165a950
0x00000000
0x00000000
0x00000000
0x0165a950
0x0165a941
0x0165a952
0x0165a956
0x00000000
0x00000000
0x00000000
0x0165a956
0x0165a902
0x0165a8f9
0x016270bd
0x016270c0
0x01640309
0x00000000
0x0164030f
0x0164030f
0x01640312
0x01640315
0x0164034c
0x0164034c
0x01640350
0x01640358
0x0165aa34
0x0165aa36
0x0165aa40
0x0165aa47
0x00000000
0x00000000
0x00000000
0x0165aa47
0x0165aa36
0x0165aa49
0x0165aa4d
0x00000000
0x0165aa53
0x00000000
0x0165aa53
0x0164035e
0x01640361
0x0164031b
0x01640325
0x0164032c
0x00000000
0x00000000
0x00000000
0x0164032c
0x00000000
0x01640363
0x0164032e
0x01640332
0x00000000
0x00000000
0x00000000
0x00000000
0x01640332
0x00000000
0x01640338
0x0164033b
0x01640340
0x01640343
0x00000000
0x0164034c
0x016270c6
0x016270c9
0x016270cf
0x0165aa0c
0x00000000
0x0165aa12
0x0165aa12
0x0165aa1b
0x0165aa1e
0x0165aa23
0x0165aa29
0x00000000
0x0165aa2f
0x00000000
0x0165aa2f
0x00000000
0x0165aa29
0x00000000
0x0165aa12
0x016270d5
0x016270d8
0x0162a1f7
0x0162a1f7
0x016270de
0x016270de
0x016270e3
0x016270e6
0x016270eb
0x016270f1
0x00000000
0x00000000
0x00000000
0x016270f1
0x016270f3
0x016270f6
0x00000000
0x016270fc
0x01627101
0x01627107
0x015d27ad
0x015d27ad
0x01627113
0x01627116
0x01627116
0x016270f6
0x016270d8
0x016270cf
0x016270c0
0x016270b7
0x01627070
0x0162705d
0x0162711b
0x0162711c
0x0162711f
0x01627126
0x00000000

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20436639654851e96d6561bc8fed387eb8b2f30a4c15d20bb82dcd755f9eae94
Instruction ID: 9befc2407c1dd96185b79799484cfb2257caa8a132ca453bebe9659a45f92d19
Opcode Fuzzy Hash: 20436639654851e96d6561bc8fed387eb8b2f30a4c15d20bb82dcd755f9eae94
Instruction Fuzzy Hash: 8E918F79D0026A87DF259FD8C8006FDBBB1FF50711F99412ADD81A7284E7749886CB64

Uniqueness

Uniqueness Score: 0.00%

Function 015F3984, Relevance: .3, Instructions: 252
COMMONCrypto

C-Code - Quality: 98%

			E015F3984(signed int* __ecx, void* __edi, void* __esi, intOrPtr _a4, unsigned int _a8, intOrPtr* _a12, signed short* _a16, unsigned int _a20) {
				signed int _v8;
				void* __ebx;
				intOrPtr _t44;
				signed int _t45;
				signed int _t47;
				void* _t50;
				unsigned int _t51;
				signed char _t57;
				signed char _t61;
				signed int _t64;
				signed int _t65;
				signed short _t67;
				signed short* _t73;
				signed char _t76;
				signed int* _t84;
				signed short* _t85;
				signed int _t90;
				signed int _t92;
				signed int _t96;
				unsigned int _t97;
				signed int _t100;
				signed int _t106;
				void* _t120;

				_t120 = __esi;
				_t84 = __ecx;
				_push(__ecx);
				_t73 = _a16;
				_v8 = 0;
				if(_t73 == 0) {
					_t44 = 0xc00000f2;
					goto L31;
				} else {
					__ecx = _a4;
					if(__ecx == 0) {
						if(_a12 == 0) {
							__eax = 0xc000000d;
						} else {
							__eax = E015F3ADB(__ecx, __ebx, _a20, _a12);
						}
						L31:
						return _t44;
					}
					__eax = _a20;
					if((__al & 0x00000001) != 0) {
						__eax = 0xc00000f3;
						goto L31;
					}
					__eax = __eax >> 1;
					_a20 = __eax;
					__eax = _a8;
					_push(__esi);
					__eax = _a8 + __ecx;
					_a16 = _a8 + __ecx;
					while(1) {
						L15:
						L16:
						while(1) {
							L16:
							while(1) {
								L16:
								if(_t76 >= _a20) {
									if(_t92 <= 0) {
										L29:
										_t44 = _v8;
										L30:
										 *_a12 = _t84 - _a4;
										goto L31;
									}
									L20:
									_t25 = _t92 - 0xd800; // -55296
									if(_t25 <= 0x7ff) {
										_v8 = 0x107;
										_t92 = 0xfffd;
									}
									_t50 = 1;
									if(_t92 > 0x7f) {
										if(_t92 > 0x7ff) {
											if(_t92 > 0xffff) {
												_t50 = 2;
											}
											_t50 = _t50 + 1;
										}
										_t50 = _t50 + 1;
									}
									if(_t84 > _a16 - _t50) {
										_t44 = 0xc0000023;
										goto L30;
									} else {
										if(_t92 > 0x7f) {
											_t51 = _t92;
											if(_t92 > 0x7ff) {
												if(_t92 > 0xffff) {
													 *_t84 = _t51 >> 0x00000012 | 0x000000f0;
													_t84 =  &(_t84[0]);
													_t57 = _t92 >> 0x0000000c & 0x0000003f | 0x00000080;
												} else {
													_t57 = _t51 >> 0x0000000c | 0x000000e0;
												}
												 *_t84 = _t57;
												_t84 =  &(_t84[0]);
												_t61 = _t92 >> 0x00000006 & 0x0000003f | 0x00000080;
											} else {
												_t61 = _t51 >> 0x00000006 | 0x000000c0;
											}
											 *_t84 = _t61;
											_t84 =  &(_t84[0]);
											_t92 = _t92 & 0x0000003f | 0x00000080;
										}
										 *_t84 = _t92;
										_t84 =  &(_t84[0]);
										_t64 = _a20 - _t76 >> 1;
										_t96 = _a16 - _t84;
										if(_t64 > 0xd) {
											if(_t96 < _t64) {
												_t64 = _t96;
											}
											_t120 = _t76 + _t64 * 2 - 0xa;
											L7:
											while(_t76 < _t120) {
												_t45 =  *_t76 & 0x0000ffff;
												_t76 = _t76 + 2;
												if(_t45 > 0x7f) {
													L40:
													if(_t45 <= 0x7ff) {
														_t90 = _t45 | 0x00003000;
														L44:
														_t120 = _t120;
														 *_t84 = _t90 >> 6;
														_t85 =  &(_t84[0]);
														_t47 = _t45 & 0x0000003f | 0x00000080;
														L45:
														 *_t85 = _t47;
														_t84 =  &(_t85[0]);
														continue;
													}
													if(_t45 - 0xd800 <= 0x7ff) {
														if(_t45 > 0xdbff) {
															_t76 = _t76;
															break;
														}
														_t100 =  *_t76 & 0x0000ffff;
														_t41 = _t100 - 0xdc00; // -54273
														_t76 = _t76 + 2;
														if(_t41 > 0x3ff) {
															_t76 = _t76 - 4;
															break;
														}
														_t45 = (_t45 << 0xa) + _t100 - 0x35fdc00;
														 *_t84 = _t45 >> 0x00000012 | 0x000000f0;
														_t84 =  &(_t84[0]);
														_t106 = _t45 & 0x0003f000 | 0x00080000;
														L43:
														 *_t84 = _t106 >> 0xc;
														_t120 = _t120;
														_t84 =  &(_t84[0]);
														_t90 = _t45 & 0x00000fc0 | 0x00002000;
														goto L44;
													}
													_t106 = _t45 | 0x000e0000;
													goto L43;
												}
												 *_t84 = _t45;
												_t84 =  &(_t84[0]);
												if((_t76 & 0x00000002) != 0) {
													goto L1;
												}
												L10:
												if(_t76 < _t120) {
													while(1) {
														_t97 =  *(_t76 + 4);
														_t67 =  *_t76;
														if(((_t97 | _t67) & 0xff80ff80) != 0) {
															break;
														}
														 *_t85 = _t67;
														_t85[1] = _t97;
														_t85[0] = _t67 >> 0x10;
														_t76 = _t76 + 8;
														_t85[1] = _t97 >> 0x10;
														_t85 =  &(_t85[2]);
														if(_t76 < _t120) {
															continue;
														}
														goto L7;
													}
													_t47 = _t67 & 0x0000ffff;
													_t76 = _t76 + 2;
													if(_t47 <= 0x7f) {
														goto L45;
													}
													goto L40;
												}
												break;
											}
											_t92 = 0;
											goto L15;
										} else {
											if(_t96 < _t64) {
												_t92 = 0;
												continue;
											}
											while(_t76 < _a20) {
												_t92 =  *_t76 & 0x0000ffff;
												_t76 = _t76 + 2;
												if(_t92 > 0x7f) {
													L19:
													_t24 = _t92 - 0xd800; // -55296
													if(_t24 <= 0x3ff) {
														goto L16;
													}
													goto L20;
												}
												 *_t84 = _t92;
												_t84 =  &(_t84[0]);
											}
											goto L29;
										}
									}
								}
								if(_t92 > 0) {
									_t65 =  *_t76 & 0x0000ffff;
									if(_t65 - 0xdc00 <= 0x3ff) {
										_t92 = (_t92 << 0xa) + _t65 - 0x35fdc00;
										_t76 = _t76 + 2;
									}
									goto L20;
								}
								_t92 =  *_t76 & 0x0000ffff;
								_t76 = _t76 + 2;
								goto L19;
							}
						}
					}
				}
				L1:
				_t45 =  *_t73 & 0x0000ffff;
				_t76 =  &(_t73[1]);
				if(_t45 > 0x7f) {
					goto L40;
				} else {
					 *_t84 = _t45;
					_t85 =  &(_t84[0]);
					goto L10;
				}
			}

0x015f3984
0x015f3984
0x015f3989
0x015f398b
0x015f3990
0x015f3995
0x016606a5
0x00000000
0x015f399b
0x015f399b
0x015f39a0
0x015f3ac2
0x016606af
0x015f3ac8
0x015f3acf
0x015f3acf
0x015f3a5c
0x015f3a5e
0x015f3a5e
0x015f39a6
0x015f39ab
0x016606b9
0x00000000
0x016606b9
0x015f39b1
0x015f39b6
0x015f39b9
0x015f39bc
0x015f39bd
0x015f39c0
0x015f39c3
0x015f39c3
0x00000000
0x015f39c8
0x00000000
0x015f39c8
0x015f39c8
0x015f39cb
0x01648e6e
0x015f3a4f
0x015f3a4f
0x015f3a52
0x015f3a59
0x00000000
0x015f3a5b
0x015f39eb
0x015f39eb
0x015f39f3
0x016606e9
0x016606f0
0x016606f0
0x015f39fb
0x015f39ff
0x016606fc
0x01660704
0x01660708
0x01660708
0x01660709
0x01660709
0x0166070a
0x0166070a
0x015f3a0c
0x01648e80
0x00000000
0x015f3a12
0x015f3a15
0x01660710
0x01660714
0x01660723
0x01660731
0x0166073a
0x0166073b
0x01660725
0x01660728
0x01660728
0x0166073d
0x01660746
0x01660747
0x01660716
0x01660719
0x01660719
0x01660749
0x0166074e
0x0166074f
0x0166074f
0x015f3a1e
0x015f3a25
0x015f3a26
0x015f3a28
0x015f3a2d
0x015e482b
0x01660757
0x01660757
0x015e4831
0x00000000
0x015e4867
0x015e486b
0x015e486f
0x015e4873
0x01648e94
0x01648e9b
0x01648e64
0x01648ec9
0x01648ecd
0x01648ece
0x01648ed2
0x01648ed3
0x01648ed5
0x01648ed5
0x01648ed7
0x00000000
0x01648ed7
0x01648ea5
0x01660763
0x016607a1
0x00000000
0x016607a1
0x01660765
0x01660769
0x0166076f
0x01660776
0x016607a7
0x00000000
0x016607a7
0x0166077b
0x0166078a
0x01660794
0x01660795
0x01648eb3
0x01648eb6
0x01648ebb
0x01648ec2
0x01648ec3
0x00000000
0x01648ec3
0x01648ead
0x00000000
0x01648ead
0x015e4879
0x015e487b
0x015e487f
0x00000000
0x00000000
0x015e4885
0x015e4887
0x015e4837
0x015e4837
0x015e483a
0x015e4846
0x00000000
0x00000000
0x015e484c
0x015e484e
0x015e4857
0x015e485a
0x015e485d
0x015e4860
0x015e4865
0x00000000
0x00000000
0x00000000
0x015e4865
0x01648e8a
0x01648e8e
0x01648e92
0x00000000
0x00000000
0x00000000
0x01648e92
0x00000000
0x015e4887
0x015e4889
0x00000000
0x015f3a33
0x015f3a35
0x01648e79
0x00000000
0x01648e79
0x015f3a3b
0x015f3a40
0x015f3a44
0x015f3a48
0x015f39de
0x015f39de
0x015f39e9
0x00000000
0x00000000
0x00000000
0x015f39e9
0x015f3a4a
0x015f3a4c
0x015f3a4c
0x00000000
0x015f3a3b
0x015f3a2d
0x015f3a0c
0x015f39d3
0x016606c3
0x016606d2
0x016606dc
0x016606e3
0x016606e3
0x00000000
0x016606d2
0x015f39d9
0x015f39dd
0x00000000
0x015f39dd
0x015f39c8
0x015f39c8
0x015f39c3
0x015dc13e
0x015dc13e
0x015dc142
0x015dc146
0x00000000
0x015dc14c
0x015dc14c
0x015dc14e
0x00000000
0x015dc14e

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a4e099b249d255366ca591c774df4b4b5eaa90df1f876f61a60070d67a413c9
Instruction ID: d3fc6a7e91ea4dc30e213a8e824b248c38bd8112eb5f5bdc3733ca04b35d448d
Opcode Fuzzy Hash: 3a4e099b249d255366ca591c774df4b4b5eaa90df1f876f61a60070d67a413c9
Instruction Fuzzy Hash: 17716A35A09291CFE759896CC8C417D3B9AFB92304B2486BAE582CF349D774C847C791

Uniqueness

Uniqueness Score: 0.00%

Function 0169B0E7, Relevance: .2, Instructions: 233
COMMONCrypto

C-Code - Quality: 98%

			E0169B0E7(void* __ecx, unsigned int* _a4, signed int* _a8, signed char _a12, signed int _a16, signed int* _a20, signed int* _a24, intOrPtr _a28) {
				signed int _v8;
				signed char _t105;
				signed char _t131;
				signed int _t133;
				signed int _t135;
				signed int _t138;
				signed int _t143;
				signed int _t155;
				signed int _t159;
				signed int _t162;
				void* _t163;
				void* _t166;
				signed int _t169;
				void* _t170;
				signed int _t184;
				signed int* _t189;
				unsigned int* _t194;
				signed int* _t197;
				signed int* _t200;

				_t191 = __ecx;
				_push(__ecx);
				_t105 = _a12;
				_t200 = _a4;
				_t200[1] = 0;
				_t200[2] = 0;
				_v8 = 0;
				_t200[3] = 0;
				if((_t105 & 0x00000010) != 0) {
					_t200[1] = _t200[1] | 0x00000001;
					_v8 = 0xc000008f;
				}
				if((_t105 & 0x00000002) != 0) {
					_t200[1] = _t200[1] | 0x00000002;
					_v8 = 0xc0000093;
				}
				if((_t105 & 0x00000001) != 0) {
					_t200[1] = _t200[1] | 0x00000004;
					_v8 = 0xc0000091;
				}
				if((_t105 & 0x00000004) != 0) {
					_t200[1] = _t200[1] | 0x00000008;
					_v8 = 0xc000008e;
				}
				if((_t105 & 0x00000008) != 0) {
					_t200[1] = _t200[1] | 0x00000010;
					_v8 = 0xc0000090;
				}
				_t197 = _a8;
				_t200[2] = _t200[2] ^ ( !( *_t197 << 4) ^ _t200[2]) & 0x00000010;
				_t200[2] = _t200[2] ^ ( !( *_t197 +  *_t197) ^ _t200[2]) & 0x00000008;
				_t200[2] = _t200[2] ^ ( !( *_t197 >> 1) ^ _t200[2]) & 0x00000004;
				_t200[2] = _t200[2] ^ ( !( *_t197 >> 3) ^ _t200[2]) & 0x00000002;
				_t200[2] = _t200[2] ^ ( !( *_t197 >> 5) ^ _t200[2]) & 0x00000001;
				_t131 = E0169B908(_t191);
				if((_t131 & 0x00000001) != 0) {
					_t200[3] = _t200[3] | 0x00000010;
				}
				if((_t131 & 0x00000004) != 0) {
					_t200[3] = _t200[3] | 0x00000008;
				}
				if((_t131 & 0x00000008) != 0) {
					_t200[3] = _t200[3] | 0x00000004;
				}
				if((_t131 & 0x00000010) != 0) {
					_t200[3] = _t200[3] | 0x00000002;
				}
				if((_t131 & 0x00000020) != 0) {
					_t200[3] = _t200[3] | 0x00000001;
				}
				_t133 =  *_t197 & 0x00000c00;
				if(_t133 == 0) {
					 *_t200 =  *_t200 & 0xfffffffc;
				} else {
					if(_t133 == 0x400) {
						_t184 =  *_t200 & 0xfffffffd | 0x00000001;
						L26:
						 *_t200 = _t184;
						L29:
						_t135 =  *_t197 & 0x00000300;
						if(_t135 == 0) {
							_t138 =  *_t200 & 0xffffffeb | 0x00000008;
							L35:
							 *_t200 = _t138;
							L36:
							 *_t200 =  *_t200 ^ (_a16 << 0x00000005 ^  *_t200) & 0x0001ffe0;
							_t143 = _t200[8];
							_t189 = _a24;
							if(_a28 == 0) {
								_t200[8] = _t143 & 0xffffffe3 | 0x00000003;
								_t200[4] =  *_a20;
								_t200[0x18] = _t200[0x18] & 0xffffffe3 | 0x00000003;
								_t200[0x14] =  *_t189;
							} else {
								_t200[8] = _t143 & 0xffffffe1 | 0x00000001;
								_t200[4] =  *_a20;
								_t200[0x18] = _t200[0x18] & 0xffffffe1 | 0x00000001;
								_t200[0x14] =  *_t189;
							}
							E0169B91D(0x300);
							E0169B08B(_v8, 0, 1,  &_a4);
							_t194 = _a4;
							if((_t194[2] & 0x00000010) != 0) {
								 *_t197 =  *_t197 & 0xfffffffe;
							}
							if((_t194[2] & 0x00000008) != 0) {
								 *_t197 =  *_t197 & 0xfffffffb;
							}
							if((_t194[2] & 0x00000004) != 0) {
								 *_t197 =  *_t197 & 0xfffffff7;
							}
							if((_t194[2] & 0x00000002) != 0) {
								 *_t197 =  *_t197 & 0xffffffef;
							}
							if((_t194[2] & 0x00000001) != 0) {
								 *_t197 =  *_t197 & 0xffffffdf;
							}
							_t155 =  *_t194 & 0x00000003;
							if(_t155 == 0) {
								 *_t197 =  *_t197 & 0xfffff3ff;
							} else {
								_t166 = _t155 - 1;
								if(_t166 == 0) {
									_t169 =  *_t197 & 0xfffff7ff | 0x00000400;
									L55:
									 *_t197 = _t169;
									L58:
									_t159 =  *_t194 >> 0x00000002 & 0x00000007;
									if(_t159 == 0) {
										_t162 =  *_t197 & 0xfffff3ff | 0x00000300;
										L64:
										 *_t197 = _t162;
										L65:
										if(_a28 == 0) {
											 *_t189 = _t194[0x14];
										} else {
											 *_t189 = _t194[0x14];
										}
										return _t162;
									}
									_t163 = _t159 - 1;
									if(_t163 == 0) {
										_t162 =  *_t197 & 0xfffff3ff | 0x00000200;
										goto L64;
									}
									_t162 = _t163 - 1;
									if(_t162 == 0) {
										 *_t197 =  *_t197 & 0xfffff3ff;
									}
									goto L65;
								}
								_t170 = _t166 - 1;
								if(_t170 == 0) {
									_t169 =  *_t197 & 0xfffffbff | 0x00000800;
									goto L55;
								}
								if(_t170 == 1) {
									 *_t197 =  *_t197 | 0x00000c00;
								}
							}
							goto L58;
						}
						if(_t135 == 0x200) {
							_t138 =  *_t200 & 0xffffffe7 | 0x00000004;
							goto L35;
						}
						if(_t135 == 0x300) {
							 *_t200 =  *_t200 & 0xffffffe3;
						}
						goto L36;
					}
					if(_t133 == 0x800) {
						_t184 =  *_t200 & 0xfffffffe | 0x00000002;
						goto L26;
					}
					if(_t133 == 0xc00) {
						 *_t200 =  *_t200 | 0x00000003;
					}
				}
			}

0x0169b0e7
0x0169b0ec
0x0169b0ed
0x0169b0f4
0x0169b0f7
0x0169b0fa
0x0169b0fd
0x0169b100
0x0169b105
0x0169b107
0x0169b10b
0x0169b10b
0x0169b114
0x0169b116
0x0169b11a
0x0169b11a
0x0169b123
0x0169b125
0x0169b129
0x0169b129
0x0169b132
0x0169b134
0x0169b138
0x0169b138
0x0169b141
0x0169b143
0x0169b147
0x0169b147
0x0169b14f
0x0169b15f
0x0169b16e
0x0169b17d
0x0169b18d
0x0169b19d
0x0169b1a0
0x0169b1a7
0x0169b1a9
0x0169b1a9
0x0169b1af
0x0169b1b1
0x0169b1b1
0x0169b1b7
0x0169b1b9
0x0169b1b9
0x0169b1bf
0x0169b1c1
0x0169b1c1
0x0169b1c7
0x0169b1c9
0x0169b1c9
0x0169b1d4
0x0169b1d6
0x0169b205
0x0169b1d8
0x0169b1dd
0x0169b200
0x0169b1f7
0x0169b1f7
0x0169b208
0x0169b20f
0x0169b211
0x0169b232
0x0169b235
0x0169b235
0x0169b237
0x0169b244
0x0169b249
0x0169b24c
0x0169b24f
0x0169b27b
0x0169b283
0x0169b28f
0x0169b294
0x0169b251
0x0169b257
0x0169b25f
0x0169b26b
0x0169b270
0x0169b270
0x0169b297
0x0169b2a8
0x0169b2ad
0x0169b2b4
0x0169b2b6
0x0169b2b6
0x0169b2bd
0x0169b2bf
0x0169b2bf
0x0169b2c6
0x0169b2c8
0x0169b2c8
0x0169b2cf
0x0169b2d1
0x0169b2d1
0x0169b2d8
0x0169b2da
0x0169b2da
0x0169b2e2
0x0169b2e9
0x0169b31a
0x0169b2eb
0x0169b2eb
0x0169b2ec
0x0169b313
0x0169b308
0x0169b308
0x0169b31c
0x0169b324
0x0169b326
0x0169b341
0x0169b346
0x0169b346
0x0169b348
0x0169b34c
0x0169b358
0x0169b34e
0x0169b351
0x0169b351
0x0169b35d
0x0169b35d
0x0169b328
0x0169b329
0x0169b336
0x00000000
0x0169b336
0x0169b32b
0x0169b32c
0x0169b32e
0x0169b32e
0x00000000
0x0169b32c
0x0169b2ee
0x0169b2ef
0x0169b303
0x00000000
0x0169b303
0x0169b2f2
0x0169b2f4
0x0169b2f4
0x0169b2f2
0x00000000
0x0169b2e9
0x0169b218
0x0169b228
0x00000000
0x0169b228
0x0169b21c
0x0169b21e
0x0169b21e
0x00000000
0x0169b21c
0x0169b1e4
0x0169b1f4
0x00000000
0x0169b1f4
0x0169b1e8
0x0169b1ea
0x0169b1ea
0x0169b1e8

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9ea8a5cce64cf5c216998eda348521a406c0f5b5e816de941c4428d2ab67aee
Instruction ID: 02aa5d861f13e4ea725976362acc1557298e81e7c1aa1580674eed0ab3d56263
Opcode Fuzzy Hash: d9ea8a5cce64cf5c216998eda348521a406c0f5b5e816de941c4428d2ab67aee
Instruction Fuzzy Hash: 5C915C72520B068FEB25CF2CD885A66BFE4FF01365B288A5CD5E6DB6A0C334E551CB00

Uniqueness

Uniqueness Score: 0.00%

Function 016229EE, Relevance: .2, Instructions: 232
COMMONCrypto

C-Code - Quality: 70%

			E016229EE(unsigned int _a4, signed int _a8, signed int _a12) {
				char _v8;
				unsigned int _v12;
				unsigned int _v16;
				char _v20;
				signed int _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				signed int _v92;
				signed int _v96;
				char _v100;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t108;
				intOrPtr _t110;
				signed int _t113;
				signed int _t116;
				signed int _t119;
				signed int _t123;
				intOrPtr* _t124;
				signed int _t125;
				signed int _t130;
				unsigned int _t132;
				signed int* _t133;
				signed char _t135;
				void* _t136;
				signed int _t139;
				intOrPtr* _t140;
				intOrPtr _t145;
				intOrPtr _t146;
				unsigned int _t147;
				signed int _t149;
				signed char _t153;
				unsigned int _t156;
				unsigned int _t160;
				signed int _t162;
				signed int _t170;
				void* _t172;
				signed int _t174;
				unsigned int _t175;
				unsigned int _t177;

				_t175 = 0;
				_v12 = 0;
				if(_a12 > 0x7fffffff) {
					L33:
					_t174 = 0;
					__eflags = 0;
					L34:
					_t146 =  *[fs:0x18];
					_push(0xc0000017);
					 *((intOrPtr*)( *[fs:0x18] + 0xbf4)) = 0xc0000017;
					_t108 = E016238B5(_t146, _t174, 0xc0000017, __eflags);
					__eflags = _a8 & 0x00000004;
					 *((intOrPtr*)(_t146 + 0x34)) = _t108;
					if((_a8 & 0x00000004) != 0) {
						_t116 = _v12;
						_v92 = _v92 & 0x00000000;
						_v96 = _v96 & 0x00000000;
						_v100 = 0xc0000017;
						_v84 = 1;
						__eflags = _t116;
						if(_t116 == 0) {
							_t116 = _a12;
						}
						_v80 = _t116;
						_push( &_v100);
						_v88 = E01616C88;
						E01616C88(_t148, _t163, _t174, 0xc0000017);
					}
					_t147 = _a4;
					L16:
					if( *0x7ffe0380 != 0) {
						_t110 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t110 + 0x240) & 0x00000001;
						if(( *(_t110 + 0x240) & 0x00000001) == 0) {
							goto L17;
						}
						__eflags =  *(_t147 + 0x44) & 0x01000000;
						if(( *(_t147 + 0x44) & 0x01000000) != 0) {
							goto L17;
						}
						__eflags = _a8 & 0x61000000;
						if((_a8 & 0x61000000) == 0) {
							L43:
							__eflags = _t174;
							if(_t174 == 0) {
								L50:
								E01694653(_t147, _t174, _a12, _v20);
								goto L17;
							}
							_t79 = _t174 - 8; // -8
							_t113 = _t79;
							__eflags =  *((char*)(_t113 + 7)) - 5;
							_t149 = _t113;
							if( *((char*)(_t113 + 7)) == 5) {
								_t149 = _t149 - (( *(_t113 + 6) & 0x000000ff) << 3);
								__eflags = _t149;
							}
							__eflags =  *(_t149 + 7) & 0x00000080;
							if(( *(_t149 + 7) & 0x00000080) != 0) {
								goto L50;
							} else {
								__eflags =  *((char*)(_t113 + 7)) - 5;
								if( *((char*)(_t113 + 7)) == 5) {
									_t113 = _t113 - (( *(_t113 + 6) & 0x000000ff) << 3);
									__eflags = _t113;
								}
								_t153 =  *(_t147 + 0x4c) >> 0x00000014 &  *(_t147 + 0x52) >> 0x00000003 ^  *(_t113 + 2) >> 0x00000003;
								__eflags = _t153 & 0x00000001;
								if((_t153 & 0x00000001) != 0) {
									goto L17;
								} else {
									goto L50;
								}
							}
						}
						__eflags = _a8 & 0x10000000;
						if((_a8 & 0x10000000) == 0) {
							goto L17;
						}
						goto L43;
					}
					L17:
					return _t174;
				}
				_t147 = _a4;
				_t119 =  *(_t147 + 0x44);
				_t156 =  *(_t147 + 0x5c);
				_a8 = _a8 | _t119;
				_v16 = _t156;
				if(_t156 != 0) {
					__eflags = _a8 & 0x3c000102;
					if(__eflags != 0) {
						L52:
						_v16 = _t175;
						goto L2;
					}
					__eflags = _t119 & 0x01000000;
					if(__eflags != 0) {
						goto L52;
					}
					_t139 = _t156 - 0x00000001 & 0x0000ffff;
					_v8 = 0;
					__eflags = _t139 -  *0x16afa38; // 0x3
					if(__eflags >= 0) {
						_t140 = 0;
						__eflags = 0;
					} else {
						_t140 =  *((intOrPtr*)(0x166db90 + _t139 * 4));
					}
					_t163 =  &_v8;
					_t148 = _t156 >> 0x10;
					__eflags =  *_t140(_t147, 1, _t156 >> 0x10,  &_v8);
					if(__eflags >= 0) {
						_t145 = (_v8 + 0x00000007 & 0xfffffff8) + 8;
						_a12 = _a12 + _t145;
						_v8 = _t145;
						goto L2;
					} else {
						goto L33;
					}
				}
				L2:
				if((_a8 & 0x7d810f61) != 0) {
					L18:
					_t163 = _a8 | 0x00000002;
					_t148 = _t147;
					_t174 = E0162595C(_t147, _t147, _a8 | 0x00000002, _t173, _t175, __eflags, _a12, _v12, _t175,  &_v20);
					L14:
					if(_t174 == 0) {
						goto L34;
					}
					_t177 = _v16;
					if(_t177 != 0) {
						_t99 = _t177 - 1; // 0x7
						_t123 = _t99 & 0x0000ffff;
						__eflags = _t123 -  *0x16afa38; // 0x3
						if(__eflags >= 0) {
							_t124 = 0;
							__eflags = 0;
						} else {
							_t124 =  *((intOrPtr*)(0x166db90 + _t123 * 4));
						}
						_t148 = _t177 >> 0x10;
						_t125 =  *_t124(_t147, 2, _t177 >> 0x10, _t174);
						__eflags = _t125;
						if(_t125 >= 0) {
							_a12 = _a12 - _v8;
							_t174 = E0167DD51(_t147, _a8, _t174, _a12, _v8, _t177);
							goto L16;
						} else {
							_t174 = 0;
							E01622882(_t148, _t147, 0, 0);
							goto L34;
						}
					}
					goto L16;
				}
				if(_a12 == _t175) {
					_t130 = 1;
				} else {
					_t130 = _a12;
				}
				_t132 = _t130 + 0x0000000f & 0xfffffff8;
				_v12 = _t132;
				_t133 =  *(_t147 + 0xb8);
				_t160 = _t132 >> 3;
				while(_t160 >= _t133[1]) {
					_t170 =  *_t133;
					__eflags = _t170;
					if(__eflags == 0) {
						_t160 = _t133[1] - 1;
						break;
					}
					_t133 = _t170;
				}
				_t172 = _t133[1] - 1;
				if(_t160 >= _t172) {
					_t175 = 0;
					__eflags =  *_t133;
					if(__eflags == 0) {
						goto L18;
					}
					__eflags = _t160 - _t172;
					if(__eflags == 0) {
						goto L8;
					}
					goto L18;
				}
				L8:
				_t162 = _t160 - _t133[5];
				if(_t133[2] != 0) {
					_t162 = _t162 + _t162;
				}
				_t175 = _t133[8] + _t162 * 4;
				if(_t175 == 0) {
					goto L18;
				} else {
					_t135 =  *(_t175 + 4);
					_t190 = _t135 & 0x00000001;
					if((_t135 & 0x00000001) == 0) {
						goto L18;
					}
					_t163 = _a12;
					_t148 = _t135 - 1;
					_v20 = 2;
					_t136 = E01622ADC(_t147, _t135 - 1, _a12, _t173, _t175, _t190);
					_t173 = _t136;
					if(_t136 == 0) {
						goto L18;
					}
					if((_a8 & 0x00000008) != 0) {
						E01604EC0(_t173, 0, _a12);
					}
					goto L14;
				}
			}

0x016229f8
0x01622a02
0x01622a05
0x0164d711
0x0164d711
0x0164d711
0x0164d713
0x0164d719
0x0164d725
0x0164d726
0x0164d72c
0x0164d731
0x0164d735
0x0164d738
0x0164d73a
0x0164d73d
0x0164d741
0x0164d745
0x0164d748
0x0164d74f
0x0164d751
0x0164d753
0x0164d753
0x0164d756
0x0164d75c
0x0164d75d
0x0164d764
0x0164d764
0x0164d769
0x01622ac1
0x01622ac8
0x0164d777
0x0164d77a
0x0164d781
0x00000000
0x00000000
0x0164d787
0x0164d78e
0x00000000
0x00000000
0x0164d794
0x0164d79b
0x0164d7aa
0x0164d7aa
0x0164d7ac
0x0164d7f6
0x0164d7fe
0x00000000
0x0164d7fe
0x0164d7ae
0x0164d7ae
0x0164d7b1
0x0164d7b5
0x0164d7b7
0x0164d7c0
0x0164d7c0
0x0164d7c0
0x0164d7c2
0x0164d7c6
0x00000000
0x0164d7c8
0x0164d7c8
0x0164d7cc
0x0164d7d5
0x0164d7d5
0x0164d7d5
0x0164d7eb
0x0164d7ed
0x0164d7f0
0x00000000
0x00000000
0x00000000
0x00000000
0x0164d7f0
0x0164d7c6
0x0164d79d
0x0164d7a4
0x00000000
0x00000000
0x00000000
0x0164d7a4
0x01622ace
0x01622ad4
0x01622ad4
0x01622a0b
0x01622a0e
0x01622a11
0x01622a14
0x01622a17
0x01622a1c
0x0164d6c8
0x0164d6cf
0x0164d81f
0x0164d81f
0x00000000
0x0164d81f
0x0164d6d5
0x0164d6da
0x00000000
0x00000000
0x0164d6e3
0x0164d6e6
0x0164d6e9
0x0164d6ef
0x0164d6fa
0x0164d6fa
0x0164d6f1
0x0164d6f1
0x0164d6f1
0x0164d6fc
0x0164d700
0x0164d709
0x0164d70b
0x0164d811
0x0164d814
0x0164d817
0x00000000
0x00000000
0x00000000
0x00000000
0x0164d70b
0x01622a22
0x01622a29
0x01625938
0x01625943
0x01625949
0x01625950
0x01622aae
0x01622ab0
0x00000000
0x00000000
0x01622ab6
0x01622abb
0x0164d827
0x0164d82a
0x0164d82d
0x0164d833
0x0164d83e
0x0164d83e
0x0164d835
0x0164d835
0x0164d835
0x0164d843
0x0164d84a
0x0164d84c
0x0164d84e
0x0164d862
0x0164d875
0x00000000
0x0164d850
0x0164d851
0x0164d855
0x00000000
0x0164d855
0x0164d84e
0x00000000
0x01622abb
0x01622a32
0x01634e20
0x01622a38
0x01622a38
0x01622a38
0x01622a3e
0x01622a43
0x01622a46
0x01622a4c
0x01622a4f
0x016266ff
0x01626701
0x01626703
0x0162a1f1
0x00000000
0x0162a1f1
0x01626709
0x01626709
0x01622a5b
0x01622a5e
0x0162a1d7
0x0162a1d9
0x0162a1db
0x00000000
0x00000000
0x0162a1e1
0x0162a1e3
0x00000000
0x00000000
0x00000000
0x0162a1e9
0x01622a64
0x01622a64
0x01622a6b
0x01622a6d
0x01622a6d
0x01622a72
0x01622a77
0x00000000
0x01622a7d
0x01622a7d
0x01622a80
0x01622a82
0x00000000
0x00000000
0x01622a88
0x01622a8b
0x01622a8e
0x01622a95
0x01622a9a
0x01622a9e
0x00000000
0x00000000
0x01622aa8
0x0162e9e4
0x0162e9e9
0x00000000
0x01622aa8

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 531e53b5297b43dd738d3809e5ab92b754a83b48208b74daed22af24ce7a0dfa
Instruction ID: 5b7ea86bddec9ef1398169cf11b14a00c0415b780915af8b5dda33fd2d8a8407
Opcode Fuzzy Hash: 531e53b5297b43dd738d3809e5ab92b754a83b48208b74daed22af24ce7a0dfa
Instruction Fuzzy Hash: 5281CE71A006A99FDB26CF58CC94BBEBBA5AF51710F09815CEC1A9B786D730D901CF50

Uniqueness

Uniqueness Score: 0.00%

Function 01694BBA, Relevance: .2, Instructions: 188
COMMONCrypto

C-Code - Quality: 64%

			E01694BBA(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t81;
				intOrPtr _t83;
				signed int _t87;
				signed char _t92;
				intOrPtr _t93;
				signed short _t96;
				intOrPtr* _t97;
				signed short* _t100;
				signed int _t101;
				signed short _t102;
				intOrPtr* _t103;
				intOrPtr* _t104;
				intOrPtr _t120;
				void* _t132;

				_push(0x18);
				_push(0x16219b8);
				E01622824(__ebx, __edi, __esi);
				 *(_t132 - 0x1c) =  *(_t132 - 0x1c) & 0x00000000;
				if(E01635DD8() == 0) {
					 *(_t132 - 4) =  *(_t132 - 4) & 0x00000000;
					_t120 =  *((intOrPtr*)(_t132 + 8));
					_t81 =  *(_t132 + 0xc);
					if(( *_t81 &  *(_t120 + 0x4c)) != 0) {
						L33:
						_t83 =  *((intOrPtr*)(_t132 - 0x20));
					} else {
						 *(_t132 - 0x1c) = 0xa;
						if(( *(_t120 + 0x40) & 0x04000000) != 0 ||  *(_t81 + 3) == ( *(_t81 + 2) ^  *(_t81 + 1) ^  *_t81)) {
							 *(_t132 - 0x1c) = 1;
							_t92 =  *((intOrPtr*)(_t81 + 6));
							if(_t92 == 0) {
								_t83 = _t120;
							} else {
								_t83 = (_t81 & 0xffff0000) - ((_t92 & 0x000000ff) - 1 << 0x10);
							}
							 *((intOrPtr*)(_t132 - 0x20)) = _t83;
							if( *((intOrPtr*)(_t83 + 8)) == 0xffeeffee) {
								_t93 =  *((intOrPtr*)(_t81 + 7));
								if(_t93 == 4) {
									L12:
									 *(_t132 - 0x1c) = 3;
									if(_t93 != 3) {
										_t111 =  *_t81 & 0x0000ffff;
										 *(_t132 - 0x1c) = 6;
										__eflags = ( *(_t120 + 0x54) ^  *(_t81 + ( *_t81 & 0xffff) * 8 + 4)) - _t111;
										if(__eflags == 0) {
											goto L22;
										}
									} else {
										_t103 = _t81 + 8;
										_t111 =  *(_t103 + 0x10);
										if((_t111 & 0x00000fff) == 0 && _t111 >=  *((intOrPtr*)(_t83 + 0x1c)) &&  *((intOrPtr*)(_t103 + 0x14)) + _t111 <=  *((intOrPtr*)(_t83 + 0x28))) {
											 *(_t132 - 0x1c) = 4;
											_t111 =  *( *(_t103 + 4));
											if(_t111 ==  *((intOrPtr*)( *_t103 + 4)) && _t111 == _t103) {
												 *(_t132 - 0x1c) = 5;
												_t104 = _t103 + 8;
												_t111 =  *( *(_t104 + 4));
												if(_t111 ==  *((intOrPtr*)( *_t104 + 4)) && _t111 == _t104) {
													L22:
													 *(_t132 - 0x1c) = 7;
													_t96 =  *(_t120 + 0x54) & 0x0000ffff;
													_t111 =  *(_t81 + 4) & 0x0000ffff;
													if((_t111 ^ _t96) == 0) {
														L29:
														 *(_t132 - 0x1c) = 8;
														if(( *(_t81 + 2) & 0x00000001) != 0) {
															L32:
															 *(_t132 - 0x1c) = 9;
														} else {
															_t97 = _t81 + 8;
															_t111 =  *( *(_t97 + 4));
															if(_t111 ==  *((intOrPtr*)( *_t97 + 4)) && _t111 == _t97) {
																goto L32;
															}
														}
													} else {
														_t100 = _t81 - ((_t111 & 0x0000ffff ^ _t96 & 0x0000ffff) << 3);
														if( *(_t120 + 0x4c) == 0) {
															_t101 =  *_t100 & 0x0000ffff;
														} else {
															_t102 =  *_t100;
															 *(_t132 - 0x28) = _t102;
															if(( *(_t120 + 0x4c) & _t102) != 0) {
																_t102 = _t102 ^  *(_t120 + 0x50);
																 *(_t132 - 0x28) = _t102;
															}
															_t101 = _t102 & 0x0000ffff;
															_t83 =  *((intOrPtr*)(_t132 - 0x20));
														}
														_t111 =  *(_t120 + 0x54) ^  *(_t81 + 4);
														if(_t101 == ( *(_t120 + 0x54) ^  *(_t81 + 4))) {
															goto L29;
														}
													}
												}
											}
										}
									}
								} else {
									 *(_t132 - 0x1c) = 2;
									if(_t81 >=  *((intOrPtr*)(_t83 + 0x1c)) && _t81 <  *((intOrPtr*)(_t83 + 0x28)) &&  *((intOrPtr*)(_t83 + 0x18)) == _t120) {
										goto L12;
									}
								}
							}
						} else {
							goto L33;
						}
					}
					 *(_t132 - 4) = 0xfffffffe;
					if( *(_t120 + 0x4c) != 0) {
						 *(_t81 + 3) =  *(_t81 + 2) ^  *(_t81 + 1) ^  *_t81;
						 *_t81 =  *_t81 ^  *(_t120 + 0x50);
					}
					_t87 =  *(_t132 - 0x1c);
					_t162 = _t87 - 0xa;
					if(_t87 > 0xa) {
						L44:
						_push(0);
						_push(0);
						_push(_t87);
						_push(_t81);
						_push(_t120);
						_push(2);
					} else {
						_t74 = _t87 + 0x1694e36; // 0x2010000
						_t111 =  *_t74 & 0x000000ff;
						switch( *((intOrPtr*)(( *_t74 & 0x000000ff) * 4 +  &M01694E1E))) {
							case 0:
								_push(0);
								_push(0);
								_push(_t87);
								_push(_t81);
								_push(_t120);
								_push(3);
								goto L45;
							case 1:
								_push(__esi);
								_push(__esi);
								_push( *((intOrPtr*)(__ebx + 0x18)));
								_push(__eax);
								_push(__edi);
								_push(0xb);
								goto L45;
							case 2:
								_push(__esi);
								_push(__esi);
								_push(3);
								_push(__eax);
								_push(__edi);
								_push(__esi);
								goto L45;
							case 3:
								_push(__esi);
								_push(__esi);
								_push(__ecx);
								_push(__eax);
								_push(__edi);
								_push(0xd);
								goto L45;
							case 4:
								_push(__esi);
								_push(__esi);
								_push(8);
								_push(__eax);
								_push(__edi);
								_push(0xc);
								goto L45;
							case 5:
								goto L44;
						}
					}
					L45:
					_t79 = E01694B0C(_t83, _t87, _t111, _t120, 0, _t162);
				}
				return E01622869(_t79);
			}

0x01694bba
0x01694bbc
0x01694bc1
0x01694bc6
0x01694bd1
0x01694bd7
0x01694bdb
0x01694be1
0x01694be6
0x01694d81
0x01694d81
0x01694bec
0x01694bec
0x01694bfa
0x01694c0d
0x01694c14
0x01694c19
0x01694c2e
0x01694c1b
0x01694c2a
0x01694c2a
0x01694c30
0x01694c3a
0x01694c40
0x01694c46
0x01694c6a
0x01694c6a
0x01694c74
0x01694ce2
0x01694ceb
0x01694cfa
0x01694cfd
0x00000000
0x00000000
0x01694c76
0x01694c76
0x01694c79
0x01694c82
0x01694c9f
0x01694cab
0x01694cb0
0x01694cbe
0x01694cc5
0x01694ccd
0x01694cd2
0x01694d03
0x01694d03
0x01694d0a
0x01694d0e
0x01694d19
0x01694d58
0x01694d58
0x01694d63
0x01694d78
0x01694d78
0x01694d65
0x01694d65
0x01694d6d
0x01694d72
0x00000000
0x00000000
0x01694d72
0x01694d1b
0x01694d28
0x01694d2e
0x01694d48
0x01694d30
0x01694d30
0x01694d32
0x01694d38
0x01694d3a
0x01694d3d
0x01694d3d
0x01694d40
0x01694d43
0x01694d43
0x01694d4f
0x01694d56
0x00000000
0x00000000
0x01694d56
0x01694d19
0x01694cd2
0x01694cb0
0x01694c82
0x01694c48
0x01694c48
0x01694c52
0x00000000
0x00000000
0x01694c52
0x01694c46
0x00000000
0x00000000
0x00000000
0x01694bfa
0x01694d84
0x01694db2
0x01694dbc
0x01694dc2
0x01694dc2
0x01694dc4
0x01694dc7
0x01694dca
0x01694e0a
0x01694e0a
0x01694e0b
0x01694e0c
0x01694e0d
0x01694e0e
0x01694e0f
0x01694dcc
0x01694dcc
0x01694dcc
0x01694dd3
0x00000000
0x01694dda
0x01694ddb
0x01694ddc
0x01694ddd
0x01694dde
0x01694ddf
0x00000000
0x00000000
0x01694de3
0x01694de4
0x01694de5
0x01694de8
0x01694de9
0x01694dea
0x00000000
0x00000000
0x01694dee
0x01694def
0x01694df0
0x01694df2
0x01694df3
0x01694df4
0x00000000
0x00000000
0x01694df7
0x01694df8
0x01694df9
0x01694dfa
0x01694dfb
0x01694dfc
0x00000000
0x00000000
0x01694e00
0x01694e01
0x01694e02
0x01694e04
0x01694e05
0x01694e06
0x00000000
0x00000000
0x00000000
0x00000000
0x01694dd3
0x01694e11
0x01694e11
0x01694e11
0x01694e1b

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0186b09c7b7414d07f5eb417eeace456c0a687f619254057a379dfe39f93ff2
Instruction ID: 4f8a807b126e40229ccb61bd5e9cc2469bb3cd8a6255f76be12fd07df0a500c1
Opcode Fuzzy Hash: c0186b09c7b7414d07f5eb417eeace456c0a687f619254057a379dfe39f93ff2
Instruction Fuzzy Hash: 4C61BD759042619FDF29CF15CE94BBBBBB9EF45318F15808CE5441B386DB34A84ACBA0

Uniqueness

Uniqueness Score: 0.00%

Function 015F0BFB, Relevance: .2, Instructions: 175
COMMONCrypto

C-Code - Quality: 96%

			E015F0BFB(signed short* __ecx, intOrPtr _a4, intOrPtr _a8, signed int _a12, signed int _a16, signed int _a20) {
				signed int _v12;
				signed int _t79;
				unsigned int _t84;
				signed int _t85;
				signed short* _t88;
				intOrPtr* _t91;

				_t88 = __ecx;
				_push(__ecx);
				_push(__ecx);
				if(_a8 == 0) {
					L13:
					_t79 = _a12;
				} else {
					while(1) {
						L9:
						_t84 =  *_a12 & 0x0000ffff;
						_a8 = _a8 - 1;
						_t91 = (_t84 & 0x00000fff) + _a4;
						_t85 = _t84 >> 0xc;
						if(_t85 > 0xa) {
							break;
						}
						switch( *((intOrPtr*)(_t85 * 4 +  &M015F0BCA))) {
							case 0:
								L12:
								_a12 = _a12 + 2;
								if(_a8 != 0) {
									goto L9;
								} else {
									goto L13;
								}
								goto L14;
							case 1:
								_t82 = (( *_t88 & 0x0000ffff) << 0x10) + _t92;
								goto L2;
							case 2:
								 *__ecx =  *__ecx + __dx;
								goto L12;
							case 3:
								 *_t91 =  *_t91 + _t92;
								goto L12;
							case 4:
								__eax =  *__ecx & 0x0000ffff;
								__esi = __esi + 1;
								__esi = __esi + 1;
								_a8 = _a8 - 1;
								_a12 = __esi;
								__esi =  *__esi;
								__eax = ( *__ecx & 0x0000ffff) << 0x10;
								(( *__ecx & 0x0000ffff) << 0x10) + __edx = __esi + (( *__ecx & 0x0000ffff) << 0x10) + __edx + 0x8000;
								L2:
								 *_t88 = _t82 >> 0x10;
								goto L12;
							case 5:
								__eax =  *__ecx;
								__esi = 0x3ffffff;
								__edi = __eax;
								__edi = __eax & 0x03ffffff;
								__edi = __edx + (__eax & 0x03ffffff) * 4;
								__edi = __edx + (__eax & 0x03ffffff) * 4 >> 2;
								__edi = __edx + (__eax & 0x03ffffff) * 0x00000004 >> 0x00000002 ^ __eax;
								__edi = (__edx + (__eax & 0x03ffffff) * 0x00000004 >> 0x00000002 ^ __eax) & 0x03ffffff;
								__edi = (__edx + (__eax & 0x03ffffff) * 0x00000004 >> 0x00000002 ^ __eax) & 0x03ffffff ^ __eax;
								 *__ecx = (__edx + (__eax & 0x03ffffff) * 0x00000004 >> 0x00000002 ^ __eax) & 0x03ffffff ^ __eax;
								goto L12;
							case 6:
								goto L15;
							case 7:
								__edi = 0;
								__ecx = __ecx & 0xfffffff0;
								__eax =  *(__ecx + 0xc);
								__edx =  *(__ecx + 8);
								__esi = __eax;
								__esi = __eax >> 0x1b;
								__edi = (0 << 0x00000020 | __esi) << 0x17;
								_v12 = __edx;
								__esi = __esi << 0x17;
								__esi = __esi | __edx;
								 *(__ecx + 4) =  *(__ecx + 4) >> 0x18;
								__ebx = 0;
								__edi = (__edi << 0x00000020 | __esi) << 8;
								__esi = __esi << 8;
								__esi = __esi |  *(__ecx + 4) >> 0x00000018;
								__edx =  *(__ecx + 4);
								__edi = (__edi << 0x00000020 | __esi) << 0xa;
								 *(__ecx + 4) >> 0xe =  *(__ecx + 4) >> 0x0000000e & 0x000003ff;
								__esi = __esi << 0xa;
								__esi = __esi |  *(__ecx + 4) >> 0x0000000e & 0x000003ff;
								__edi = (__edi << 0x00000020 | __esi) << 1;
								__eax = __eax >> 0xc;
								__edx = __eax >> 0x0000000c & 0x00000001;
								__esi = __esi + __esi;
								__esi = __esi | __eax >> 0x0000000c & 0x00000001;
								__edi = (__edi << 0x00000020 | __esi) << 5;
								__eax = __eax >> 0xd;
								__edx = __eax >> 0x0000000d & 0x0000001f;
								__esi = __esi << 5;
								__esi = __esi | __eax >> 0x0000000d & 0x0000001f;
								__edi = (__edi << 0x00000020 | __esi) << 9;
								__edx = __eax;
								__edx = __eax >> 0x12;
								__eax = __eax >> 4;
								__edx = __edx & 0x000001ff;
								__eax = __eax & 0x0000007f;
								__esi = __esi << 9;
								__esi = __esi | __edx;
								__edx = __edi;
								__edx = (__edi << 0x00000020 | __esi) << 7;
								__edi = 0;
								__esi = __esi << 7;
								__esi = __esi | __eax;
								__esi = __esi + _a16;
								asm("adc edx, [ebp+0x18]");
								__eax = __esi;
								__edi = __edx;
								__eax = (__edi << 0x00000020 | __esi) >> 0x16;
								__eax = (__edi << 0x00000020 | __esi) >> 0x16 & 0x000003ff;
								__edx = __edx << 0xa;
								__eax = __eax | __edx << 0x0000000a;
								__edi =  *(__ecx + 4);
								__eax = __eax << 0xe;
								__edi =  *(__ecx + 4) & 0x00003fff;
								 *(__ecx + 4) = __eax;
								__edx = __edx >> 8;
								__eax = __edx >> 0x00000008 ^ _v12;
								__edi = __esi;
								(__edx >> 0x00000008 ^ _v12) & 0x007fffff = (__edx >> 0x00000008 ^ _v12) & 0x007fffff ^ _v12;
								 *(__ecx + 8) = (__edx >> 0x00000008 ^ _v12) & 0x007fffff ^ _v12;
								__edx = __edx >> 0x1f;
								__edx >> 0x0000001f & 0x00000001 = (__edx >> 0x0000001f & 0x00000001) << 9;
								__ebx = __edx;
								__edi = (__ebx << 0x00000020 | __esi) >> 7;
								__edi = (__ebx << 0x00000020 | __esi) >> 0x7 & 0x000001ff;
								__eax = (__edx >> 0x0000001f & 0x00000001) << 0x00000009 | (__ebx << 0x00000020 | __esi) >> 0x7 & 0x000001ff;
								__ebx = __ebx >> 7;
								__ebx = __edx;
								__edi = __esi;
								__edi = (__ebx << 0x00000020 | __esi) >> 0x10;
								__eax = __eax << 5;
								__edi = (__ebx << 0x00000020 | __esi) >> 0x10 & 0x0000001f;
								__eax = __eax | (__ebx << 0x00000020 | __esi) >> 0x10 & 0x0000001f;
								__edi = __esi;
								__edi = (__edx << 0x00000020 | __esi) >> 0x15;
								__eax = __eax + __eax;
								__edi = (__edx << 0x00000020 | __esi) >> 0x15 & 0x00000001;
								__eax = __eax | (__edx << 0x00000020 | __esi) >> 0x15 & 0x00000001;
								__edx =  *(__ecx + 0xc);
								__eax = __eax << 8;
								__esi = __esi & 0x0000007f;
								__eax = __eax | __esi;
								__edx =  *(__ecx + 0xc) & 0xf000080f;
								__eax = __eax << 4;
								__ebx = __ebx >> 0x10;
								__eax = __eax |  *(__ecx + 0xc) & 0xf000080f;
								__edx = _a16;
								 *(__ecx + 0xc) = __eax;
								goto L12;
							case 8:
								 *__ecx =  *__ecx + __edx;
								__eax = _a20;
								asm("adc [ecx+0x4], eax");
								goto L12;
						}
					}
					L15:
					_t79 = 0;
				}
				L14:
				return _t79;
			}

0x015f0bfb
0x015f0c00
0x015f0c01
0x015f0c09
0x015f0c3d
0x015f0c3d
0x015f0c0b
0x015f0c0e
0x015f0c0e
0x015f0c11
0x015f0c14
0x015f0c1f
0x015f0c22
0x015f0c28
0x00000000
0x00000000
0x015f0c2a
0x00000000
0x015f0c33
0x015f0c33
0x015f0c3b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x015f0a2f
0x00000000
0x00000000
0x015f0a58
0x00000000
0x00000000
0x015f0c31
0x00000000
0x00000000
0x015f0a3c
0x015f0a3f
0x015f0a40
0x015f0a41
0x015f0a44
0x015f0a47
0x015f0a4a
0x015f0a4f
0x015f0a31
0x015f0a34
0x00000000
0x00000000
0x015f0bae
0x015f0bb0
0x015f0bb5
0x015f0bb7
0x015f0bb9
0x015f0bbc
0x015f0bbf
0x015f0bc1
0x015f0bc3
0x015f0bc5
0x00000000
0x00000000
0x00000000
0x00000000
0x015f0a60
0x015f0a62
0x015f0a65
0x015f0a68
0x015f0a6b
0x015f0a6d
0x015f0a70
0x015f0a74
0x015f0a77
0x015f0a80
0x015f0a85
0x015f0a88
0x015f0a8c
0x015f0a90
0x015f0a93
0x015f0a95
0x015f0a9a
0x015f0aa1
0x015f0aa7
0x015f0aaa
0x015f0aae
0x015f0ab4
0x015f0ab7
0x015f0abc
0x015f0abe
0x015f0ac0
0x015f0ac6
0x015f0acb
0x015f0ace
0x015f0ad1
0x015f0ad3
0x015f0ad7
0x015f0adb
0x015f0ade
0x015f0ae1
0x015f0ae7
0x015f0aea
0x015f0aed
0x015f0aef
0x015f0af1
0x015f0af5
0x015f0af9
0x015f0afc
0x015f0afe
0x015f0b01
0x015f0b04
0x015f0b06
0x015f0b08
0x015f0b0c
0x015f0b16
0x015f0b19
0x015f0b1b
0x015f0b1e
0x015f0b21
0x015f0b29
0x015f0b2e
0x015f0b31
0x015f0b34
0x015f0b3b
0x015f0b3e
0x015f0b43
0x015f0b49
0x015f0b4c
0x015f0b4e
0x015f0b52
0x015f0b58
0x015f0b5a
0x015f0b5d
0x015f0b5f
0x015f0b61
0x015f0b65
0x015f0b68
0x015f0b6b
0x015f0b6d
0x015f0b6f
0x015f0b73
0x015f0b75
0x015f0b78
0x015f0b7d
0x015f0b80
0x015f0b83
0x015f0b86
0x015f0b88
0x015f0b8e
0x015f0b91
0x015f0b94
0x015f0b96
0x015f0b99
0x00000000
0x00000000
0x015f0ba1
0x015f0ba3
0x015f0ba6
0x00000000
0x00000000
0x015f0c2a
0x015f0c47
0x015f0c47
0x015f0c47
0x015f0c40
0x015f0c44

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adf2a18ae5404b6649f7cc9d4f6086cd7ebdad76ee6d8ab8b8fdc5ddfad94244
Instruction ID: d9a46fc5a22d48f730ccbbbf0081fc12a9f58aaceb4378182e092b061436c896
Opcode Fuzzy Hash: adf2a18ae5404b6649f7cc9d4f6086cd7ebdad76ee6d8ab8b8fdc5ddfad94244
Instruction Fuzzy Hash: AA51A373E11A299BE3508E19CC40359B693EBC4354F2FC679ED289F285DAB9D912C6C0

Uniqueness

Uniqueness Score: 0.00%

Function 015FDFD4, Relevance: .2, Instructions: 172
COMMONCrypto

C-Code - Quality: 92%

			E015FDFD4() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _t32;
				intOrPtr _t38;
				signed int _t40;
				unsigned int _t41;
				unsigned int _t42;
				signed int _t50;
				signed int _t85;
				signed int _t89;
				unsigned int _t90;
				signed int _t92;
				signed int _t94;
				signed int _t96;
				signed int _t97;
				signed int _t99;
				signed int _t101;
				signed int _t102;
				signed int _t106;
				signed int _t108;
				signed int _t109;
				signed int _t117;
				signed int _t118;
				signed int _t124;
				signed int _t125;
				signed int _t132;
				void* _t136;

				_t72 = 1;
				asm("lock xadd [eax], ecx");
				goto L6;
				do {
					do {
						L6:
						_t72 = 0xff;
						while(1) {
							_t109 =  *0x16a8580; // 0x0
							_t118 =  *0x16a8584; // 0x0
							__eflags = _t109 | _t118;
							_v16 = _t109;
							_v12 = _t118;
							if((_t109 | _t118) == 0) {
								goto L17;
							}
							L8:
							_t40 =  *0x16a8588; // 0x0
							_t89 =  *0x16a858c; // 0x0
							_t41 = _t40 & _t109;
							_t90 = _t89 & _t118;
							__eflags = _t41 | _t90;
							if((_t41 | _t90) == 0) {
								goto L17;
							}
							break;
							L17:
							_t38 =  *0x16a8590; // 0x8
							__eflags =  *0x16a8594 - _t38 - 1; // 0xffffffff
							if(__eflags < 0) {
								asm("lock xadd [edx], esi");
								_v8 = 1;
								_t136 = 2 -  *0x16a8590; // 0x8
								if(_t136 >= 0) {
									asm("lock xadd [eax], edx");
									goto L18;
								} else {
									_v16 = E01604180(1, 2, 0);
									_v12 = 0;
									goto L3;
									L16:
									return _t50;
									L3:
									_t132 =  *0x16a8588; // 0x0
									_t106 =  *0x16a858c; // 0x0
									_v20 = _t106;
									asm("lock cmpxchg8b [edi]");
									if(_t132 != _t132 || _t106 != _v20) {
										goto L3;
									} else {
										 *0x16a8580 =  !_v16;
										 *0x16a8584 =  !_v12;
										_t50 = _v8;
										 *((intOrPtr*)(0x16a8598 + _t50 * 4)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
										goto L16;
									}
								}
							}
							L18:
							_t32 =  *0x16a8588; // 0x0
							_t85 =  *0x16a858c; // 0x0
							_t117 =  *0x16a8580; // 0x0
							_t108 =  *0x16a8584; // 0x0
							__eflags = _t32 & _t117 | _t85 & _t108;
							if((_t32 & _t117 | _t85 & _t108) == 0) {
								 *0x16a8580 = 0xffffffff;
								 *0x16a8584 = 0xffffffff;
								asm("lock xadd [eax], edx");
							}
							asm("lock xadd [eax], edx");
							_t109 =  *0x16a8580; // 0x0
							_t118 =  *0x16a8584; // 0x0
							__eflags = _t109 | _t118;
							_v16 = _t109;
							_v12 = _t118;
							if((_t109 | _t118) == 0) {
								goto L17;
							}
							goto L8;
						}
						__eflags = _t41;
						if(_t41 == 0) {
							_t42 = _t90;
							__eflags = _t42 & 0x0000ffff;
							_t92 = _t42;
							if((_t42 & 0x0000ffff) == 0) {
								_t94 = _t92 >> 0x00000010 & _t72;
								__eflags = _t94;
								if(_t94 == 0) {
									_t29 = (_t42 >> 0x18) + 0x1625818; // 0x10008
									_t124 = ( *_t29 & 0x000000ff) + 0x18;
									__eflags = _t124;
								} else {
									_t28 = _t94 + 0x1625818; // 0x10008
									_t124 = ( *_t28 & 0x000000ff) + 0x10;
								}
							} else {
								_t97 = _t92 & _t72;
								__eflags = _t97;
								if(_t97 == 0) {
									_t27 = (_t42 >> 0x00000008 & _t72) + 0x1625818; // 0x10008
									_t124 = ( *_t27 & 0x000000ff) + 8;
								} else {
									_t26 = _t97 + 0x1625818; // 0x10008
									_t124 =  *_t26 & 0x000000ff;
								}
							}
							_t125 = _t124 + 0x20;
						} else {
							__eflags = _t41 & 0x0000ffff;
							_t99 = _t41;
							if((_t41 & 0x0000ffff) == 0) {
								_t101 = _t99 >> 0x00000010 & _t72;
								__eflags = _t101;
								if(_t101 == 0) {
									_t25 = (_t41 >> 0x18) + 0x1625818; // 0x10008
									_t125 = ( *_t25 & 0x000000ff) + 0x18;
								} else {
									_t24 = _t101 + 0x1625818; // 0x10008
									_t125 = ( *_t24 & 0x000000ff) + 0x10;
								}
							} else {
								_t102 = _t99 & _t72;
								__eflags = _t102;
								if(_t102 == 0) {
									_t23 = (_t41 >> 0x00000008 & _t72) + 0x1625818; // 0x10008
									_t125 = ( *_t23 & 0x000000ff) + 8;
								} else {
									_t16 = _t102 + 0x1625818; // 0x10008
									_t125 =  *_t16 & 0x000000ff;
								}
							}
						}
						E01604180(1, _t125, 0);
						_t96 = _v12;
						asm("lock cmpxchg8b [edi]");
						__eflags = _t109 - _v16;
					} while (_t109 != _v16);
					__eflags = _t96 - _v12;
				} while (_t96 != _v12);
				 *((intOrPtr*)(0x16a8598 + _t125 * 4)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
				_t50 = _t125;
				goto L16;
			}

0x015fdfe3
0x015fdfe4
0x015fdfea
0x015fdfeb
0x015fdfeb
0x015fdfeb
0x015fdfeb
0x015fdff0
0x015fdff0
0x015fdff6
0x015fdffe
0x015fe000
0x015fe003
0x015fe006
0x00000000
0x00000000
0x015fe00c
0x015fe00c
0x015fe011
0x015fe017
0x015fe019
0x015fe01d
0x015fe01f
0x00000000
0x00000000
0x00000000
0x015fe0cf
0x015fe0cf
0x015fe0d5
0x015fe0db
0x015e4fe3
0x015e4fe8
0x015e4feb
0x015e4ff1
0x01661890
0x00000000
0x015e4ff7
0x015e5003
0x015e5006
0x015e5006
0x015fe093
0x015fe097
0x015e5009
0x015e5009
0x015e500f
0x015e501b
0x015e5029
0x015e502f
0x00000000
0x015e5036
0x015e503e
0x015e5045
0x015e5054
0x015e5057
0x00000000
0x015e5057
0x015e502f
0x015e4ff1
0x015fe0e1
0x015fe0e1
0x015fe0e6
0x015fe0ec
0x015fe0f2
0x015fe0fc
0x015fe0fe
0x015fe102
0x015fe10c
0x015fe11c
0x015fe11c
0x015fe128
0x015fdff0
0x015fdff6
0x015fdffe
0x015fe000
0x015fe003
0x015fe006
0x00000000
0x00000000
0x00000000
0x015fe006
0x015fe025
0x015fe027
0x01661839
0x01661841
0x01661843
0x01661845
0x01661868
0x01661868
0x0166186a
0x0166187b
0x01661882
0x01661882
0x0166186c
0x0166186c
0x01661873
0x01661873
0x01661847
0x01661847
0x01661847
0x01661849
0x01661859
0x01661860
0x0166184b
0x0166184b
0x0166184b
0x0166184b
0x01661849
0x01661885
0x015fe02d
0x015fe030
0x015fe032
0x015fe034
0x01661812
0x01661812
0x01661814
0x01661828
0x0166182f
0x01661816
0x01661816
0x0166181d
0x0166181d
0x015fe03a
0x015fe03a
0x015fe03a
0x015fe03c
0x01661800
0x01661807
0x015fe042
0x015fe042
0x015fe042
0x015fe042
0x015fe03c
0x015fe034
0x015fe050
0x015fe059
0x015fe06b
0x015fe06f
0x015fe06f
0x015fe078
0x015fe078
0x015fe08a
0x015fe091
0x00000000

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ad5124e24de22b1be635666e9849c6a3c51d66c11b6039ed0c1c9ca7a622bbf
Instruction ID: 7712382726b9ba5030e3e450e3e7fe902e920e55d773218f760cd44039fe9707
Opcode Fuzzy Hash: 6ad5124e24de22b1be635666e9849c6a3c51d66c11b6039ed0c1c9ca7a622bbf
Instruction Fuzzy Hash: FC51D476E205208B9768CF5D8C00129BBEAFB8922234FC16ADD99D7359E674AC119FC0

Uniqueness

Uniqueness Score: 0.00%

Function 01629A68, Relevance: .1, Instructions: 140
COMMONCrypto

C-Code - Quality: 82%

			E01629A68(void* __edi, signed int _a4, signed int _a8, signed char _a12) {
				void* __ebx;
				void* __esi;
				void* __ebp;
				unsigned int _t48;
				signed int _t51;
				signed char _t55;
				void* _t57;
				void* _t59;
				signed int _t65;
				signed short _t66;
				signed char _t67;
				signed int _t69;
				signed short _t72;
				signed short _t74;
				signed int _t79;
				signed short _t81;
				signed int _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				intOrPtr _t98;

				_t94 = __edi;
				_t97 = _a4;
				_t48 = _a8 |  *(_t97 + 0x44);
				if((_t48 & 0x61000000) != 0) {
					__eflags = _t48 & 0x10000000;
					if(__eflags != 0) {
						goto L3;
					}
					return E01696FD2(_t59, _t62, __edi, _t97, __eflags, _t97, _t48, _a12);
				} else {
					L3:
					_push(_t59);
					__eflags =  *(_t97 + 0x48) & 0x00000001;
					if(__eflags != 0) {
						_t48 = E015FF136(_t97, _a12, _t97, __eflags);
						L7:
						__eflags = _t48;
						if(__eflags == 0) {
							_t98 =  *[fs:0x18];
							_push(0xc000000d);
							 *((intOrPtr*)( *[fs:0x18] + 0xbf4)) = 0xc000000d;
							 *((intOrPtr*)(_t98 + 0x34)) = E016238B5(0, _t94, _t98, __eflags);
							_t51 = 0;
							L16:
							return _t51;
						}
						_t16 = _t48 + 7; // 0x1e445c7
						_t65 =  *_t16;
						__eflags = _t65 - 4;
						if(_t65 != 4) {
							_push(_t94);
							__eflags = _t65;
							if(_t65 >= 0) {
								__eflags =  *(_t97 + 0x4c);
								if( *(_t97 + 0x4c) == 0) {
									_t66 =  *_t48 & 0x0000ffff;
								} else {
									_t81 =  *_t48;
									__eflags =  *(_t97 + 0x4c) & _t81;
									if(( *(_t97 + 0x4c) & _t81) != 0) {
										_t81 = _t81 ^  *(_t97 + 0x50);
										__eflags = _t81;
									}
									_t66 = _t81 & 0x0000ffff;
								}
							} else {
								_t86 = _t48 >> 0x00000003 ^  *_t48 ^  *0x16a81dc ^ _t97;
								__eflags = _t86;
								_t17 = _t86 + 0x10; // 0xff560277
								_t66 =  *_t17;
							}
							_t95 = _t66 & 0x0000ffff;
							_t18 = _t48 + 7; // 0x1e445c7
							_t67 =  *_t18;
							__eflags = _t67 - 5;
							if(_t67 == 5) {
								_t38 = _t48 + 4; // 0xc700fc65
								_t69 =  *(_t97 + 0x54) & 0x0000ffff ^  *_t38 & 0x0000ffff;
							} else {
								__eflags = _t67 & 0x00000040;
								if((_t67 & 0x00000040) != 0) {
									_t40 = (_t67 & 0x3f) * 8; // 0xc700fc65
									_t69 =  *(_t48 + _t40 + 4) & 0x0000ffff;
								} else {
									__eflags = (_t67 & 0x0000003f) - 0x3f;
									if((_t67 & 0x0000003f) == 0x3f) {
										__eflags = _t67;
										if(_t67 >= 0) {
											__eflags =  *(_t97 + 0x4c);
											if( *(_t97 + 0x4c) == 0) {
												_t72 =  *_t48 & 0x0000ffff;
											} else {
												_t74 =  *_t48;
												__eflags =  *(_t97 + 0x4c) & _t74;
												if(( *(_t97 + 0x4c) & _t74) != 0) {
													_t74 = _t74 ^  *(_t97 + 0x50);
													__eflags = _t74;
												}
												_t72 = _t74 & 0x0000ffff;
											}
										} else {
											_t79 = _t48 >> 0x00000003 ^  *_t48 ^  *0x16a81dc ^ _t97;
											__eflags = _t79;
											_t26 = _t79 + 0x10; // 0xff560277
											_t72 =  *_t26;
										}
										_t28 = (_t72 & 0x0000ffff) * 8; // 0x85044789
										_t69 =  *(_t48 + _t28 - 4);
									} else {
										_t69 = _t67 & 0x3f;
										__eflags = _t69;
									}
								}
							}
							_t51 = (_t95 << 3) - _t69;
							__eflags = _t51;
						} else {
							_t51 = E015DEFDB(_t97, _t48);
						}
						goto L16;
					}
					_t55 = _a12;
					__eflags = _t55 & 0x00000007;
					if(__eflags != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(_t55);
						_push(_t97);
						_push(9);
						L30:
						E01694B0C(0, _t62, _t88, _t94, _t97, __eflags);
						_t48 = 0;
						goto L7;
					}
					_t57 = _t55 + 0xfffffff8;
					__eflags =  *((char*)(_t57 + 7)) - 5;
					if( *((char*)(_t57 + 7)) == 5) {
						_t33 = _t57 + 6; // 0xe445c700
						_t62 = ( *_t33 & 0x000000ff) << 3;
						_t48 = _t57 - (( *_t33 & 0x000000ff) << 3);
					}
					__eflags =  *(_t48 + 7) & 0x0000003f;
					if(__eflags == 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(_t48);
						_push(_t97);
						_push(8);
						goto L30;
					} else {
						goto L7;
					}
				}
			}

0x01629a68
0x01629a71
0x01629a74
0x01629a7c
0x01659103
0x01659108
0x00000000
0x00000000
0x00000000
0x01629a82
0x01629a82
0x01629a82
0x01629a85
0x01629a89
0x0165914c
0x01629ab1
0x01629ab1
0x01629ab3
0x0165915d
0x01659169
0x0165916a
0x01659175
0x01659178
0x01629b13
0x00000000
0x01629b13
0x01629ab9
0x01629ab9
0x01629abc
0x01629abf
0x01629ac5
0x01629ac6
0x01629ac8
0x01629b3f
0x01629b42
0x015df016
0x01629b48
0x01629b48
0x01629b4a
0x01629b4d
0x01629b4f
0x01629b4f
0x01629b4f
0x01629b52
0x01629b52
0x01629aca
0x01629ad9
0x01629ad9
0x01629adb
0x01629adb
0x01629adb
0x01629adf
0x01629ae2
0x01629ae2
0x01629ae5
0x01629ae8
0x01659183
0x01659187
0x01629aee
0x01629aee
0x01629af1
0x01659194
0x01659194
0x01629af7
0x01629afc
0x01629aff
0x0164b8f2
0x0164b8f4
0x0165919e
0x016591a1
0x016591b5
0x016591a3
0x016591a3
0x016591a5
0x016591a8
0x016591aa
0x016591aa
0x016591aa
0x016591ad
0x016591ad
0x0164b8fa
0x0164b909
0x0164b909
0x0164b90b
0x0164b90b
0x0164b90b
0x0164b912
0x0164b912
0x01629b05
0x01629b08
0x01629b08
0x01629b08
0x01629aff
0x01629af1
0x01629b10
0x01629b10
0x015df00a
0x015df00c
0x015df00c
0x00000000
0x01629abf
0x01629a8f
0x01629a92
0x01629a94
0x01659134
0x01659135
0x01659136
0x01659137
0x01659138
0x01659139
0x0165913b
0x0165913b
0x01659140
0x00000000
0x01659140
0x01629a9a
0x01629a9d
0x01629aa1
0x0165911d
0x01659121
0x01659124
0x01659124
0x01629aa7
0x01629aab
0x0165912b
0x0165912c
0x0165912d
0x0165912e
0x0165912f
0x01659130
0x00000000
0x00000000
0x00000000
0x00000000
0x01629aab

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a612676469aca9b0d4b26c812144e55544a335fc66515e5d4450a3802f4d7c0
Instruction ID: 7b5ac6d90445e8d5b6cd0cd200c24f5ba7a3dd97d494cd0099fdda0f7734e7b9
Opcode Fuzzy Hash: 5a612676469aca9b0d4b26c812144e55544a335fc66515e5d4450a3802f4d7c0
Instruction Fuzzy Hash: 9141E471204A75DFEB788F29CCA4B7777EAEB4535AF04441EED874B681D724A802CB60

Uniqueness

Uniqueness Score: 0.00%

Function 0167DD51, Relevance: .1, Instructions: 125
COMMONCrypto

C-Code - Quality: 94%

			E0167DD51(signed int __ecx, signed int __edx, intOrPtr _a4, unsigned short _a6, unsigned int _a12, intOrPtr _a16) {
				intOrPtr* _v8;
				signed int _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t62;
				signed char _t63;
				signed short _t64;
				signed char _t67;
				signed short _t71;
				signed char _t81;
				unsigned short _t85;
				void* _t93;
				signed int _t94;
				intOrPtr* _t101;
				signed char _t108;
				unsigned int _t120;

				_push(__ecx);
				_push(__ecx);
				_t62 = _a4;
				_push(_t93);
				_t117 = __ecx;
				_t120 = _t62 - 8;
				_t101 = _t62 + (_a12 & 0x0000ffff) - 8;
				_t63 =  *(_t120 + 7);
				_v12 = __edx;
				_v8 = _t101;
				if(_t63 != 4) {
					__eflags = _t63 - 5;
					if(_t63 != 5) {
						__eflags = _t63 & 0x00000040;
						if((_t63 & 0x00000040) == 0) {
							__eflags = (_t63 & 0x0000003f) - 0x3f;
							if((_t63 & 0x0000003f) == 0x3f) {
								__eflags = _t63;
								if(_t63 >= 0) {
									__eflags =  *(__ecx + 0x4c);
									if( *(__ecx + 0x4c) == 0) {
										_t64 =  *_t120 & 0x0000ffff;
									} else {
										_t71 =  *_t120;
										__eflags =  *(__ecx + 0x4c) & _t71;
										if(( *(__ecx + 0x4c) & _t71) != 0) {
											_t71 = _t71 ^  *(__ecx + 0x50);
											__eflags = _t71;
										}
										_t64 = _t71 & 0x0000ffff;
									}
								} else {
									_t64 =  *((intOrPtr*)((_t120 >> 0x00000003 ^  *_t120 ^  *0x16a81dc ^ __ecx) + 0x10));
								}
								_t94 =  *(_t120 + (_t64 & 0x0000ffff) * 8 - 4);
							} else {
								_t94 = _t63 & 0x3f;
							}
						} else {
							_t94 =  *(_t120 + 4 + (_t63 & 0x3f) * 8) & 0x0000ffff;
						}
					} else {
						_t94 =  *(__ecx + 0x54) & 0x0000ffff ^  *(_t120 + 4) & 0x0000ffff;
					}
					_t67 = _a12 >> 3;
					 *(_t101 + 6) = _t67;
					_t108 =  *(_t120 + 7) & 0x000000c0 | _t67 | 0x00000040;
					__eflags = _t108;
					 *(_t120 + 7) = _t108;
					goto L26;
				} else {
					_t81 =  *(__ecx + 0x44) | __edx;
					_t123 = _t81 & 0x00000001;
					if((_t81 & 0x00000001) == 0) {
						E01617310(_t123,  *((intOrPtr*)(__ecx + 0xcc)));
						_t101 = _v8;
					}
					if( *((intOrPtr*)(_t117 + 0x4c)) != 0) {
						 *_t120 =  *_t120 ^  *(_t117 + 0x50);
						_t125 =  *(_t120 + 3) - ( *(_t120 + 2) ^  *(_t120 + 1) ^  *_t120);
						if( *(_t120 + 3) != ( *(_t120 + 2) ^  *(_t120 + 1) ^  *_t120)) {
							E01694BBA(_t93, _t117, _t120, _t125, _t117, _t120, 0);
							_t101 = _v8;
						}
					}
					 *_t120 =  *_t120 + _a12;
					_t94 =  *_t120 & 0xffff;
					_t85 = _a12 >> 3;
					 *(_t120 + 6) = _t85;
					_a6 = _t85;
					if( *((intOrPtr*)(_t117 + 0x4c)) != 0) {
						 *(_t120 + 3) =  *(_t120 + 2) ^  *(_t120 + 1) ^  *_t120;
						 *_t120 =  *_t120 ^  *(_t117 + 0x50);
					}
					if((( *(_t117 + 0x44) | _v12) & 0x00000001) == 0) {
						E016172D0( *((intOrPtr*)(_t117 + 0xcc)));
						_t101 = _v8;
						_t85 = _a6;
					}
					 *(_t101 + 6) = _t85;
					L26:
					 *((short*)(_t101 + 4)) = _t94 + _a12;
					 *_t101 = _a16;
					 *((char*)(_t101 + 7)) = 5;
					_t61 = _t101 + 8; // 0x8
					return _t61;
				}
			}

0x0167dd56
0x0167dd57
0x0167dd58
0x0167dd5b
0x0167dd5e
0x0167dd64
0x0167dd67
0x0167dd6b
0x0167dd6e
0x0167dd71
0x0167dd76
0x0167de0e
0x0167de10
0x0167de1e
0x0167de20
0x0167de34
0x0167de37
0x0167de41
0x0167de43
0x0167de5c
0x0167de60
0x0167de71
0x0167de62
0x0167de62
0x0167de64
0x0167de67
0x0167de69
0x0167de69
0x0167de69
0x0167de6c
0x0167de6c
0x0167de45
0x0167de56
0x0167de56
0x0167de77
0x0167de39
0x0167de3c
0x0167de3c
0x0167de22
0x0167de28
0x0167de28
0x0167de12
0x0167de1a
0x0167de1a
0x0167de7f
0x0167de83
0x0167de8e
0x0167de8e
0x0167de91
0x00000000
0x0167dd7c
0x0167dd7f
0x0167dd81
0x0167dd83
0x0167dd8b
0x0167dd90
0x0167dd90
0x0167dd97
0x0167dd9c
0x0167dda6
0x0167dda9
0x0167ddaf
0x0167ddb4
0x0167ddb4
0x0167dda9
0x0167ddbb
0x0167ddc1
0x0167ddc8
0x0167ddcc
0x0167ddd3
0x0167ddd7
0x0167dde1
0x0167dde7
0x0167dde7
0x0167ddf2
0x0167ddfa
0x0167ddff
0x0167de02
0x0167de02
0x0167de06
0x0167de94
0x0167de9e
0x0167dea2
0x0167dea4
0x0167dea8
0x0167dead
0x0167dead

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcb569566812ba2fe79e42c1e96fc15a24e21da2d6d4bc60d3a3dc88b12170fa
Instruction ID: 36240d9d093324176586c3eada2949de435c59e63538c72b9e65bccf89b8967e
Opcode Fuzzy Hash: dcb569566812ba2fe79e42c1e96fc15a24e21da2d6d4bc60d3a3dc88b12170fa
Instruction Fuzzy Hash: CD41B234104796EAD726CF69C8806F6BBF1FF29314F148C49E4D58B652D336E856CB60

Uniqueness

Uniqueness Score: 0.00%

Function 01615090, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 628acc19cbbe1b5b64821a636f53165c8564359b317a1195c70262171dd7a74e
Instruction ID: a72c4ac553f78e50193d0494e4e099deaad90054222e05684b5ec2d200454b7e
Opcode Fuzzy Hash: 628acc19cbbe1b5b64821a636f53165c8564359b317a1195c70262171dd7a74e
Instruction Fuzzy Hash: 34A022B020000003CB020A2CC008202B200FBE0302F8280A23200CA80AC0308AA2CA20

Uniqueness

Uniqueness Score: 0.00%

Function 01615270, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44756f7beac5501fc07b269dbeb2860fadea31eebdccd37258debd5a4f814526
Instruction ID: 4e2da1654160d5110a16c0c8896add68701ddb36bf8a9dd2ef90f598fa358eb7
Opcode Fuzzy Hash: 44756f7beac5501fc07b269dbeb2860fadea31eebdccd37258debd5a4f814526
Instruction Fuzzy Hash: 6BA0027161040197E7495AA4C42870B67E1EBD1302F158091A619CA54AD53589A58E71

Uniqueness

Uniqueness Score: 0.00%

Function 016155E0, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0d062d1301b61f15b5b2d8916d01be2a8516528f7e0ca7106b9ae189dbf86fb
Instruction ID: 814e2c143b31ad258c3c4520ff69ae10869a312fde509b6d0374b062a0ff953c
Opcode Fuzzy Hash: a0d062d1301b61f15b5b2d8916d01be2a8516528f7e0ca7106b9ae189dbf86fb
Instruction Fuzzy Hash: 94A022302000008BCB802AA0C008B02A230FBB2302F20C080A0C0CE80CC830C888C320

Uniqueness

Uniqueness Score: 0.00%

Function 01616580, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d20819ccfb01b21ab04a8f7754720caf8d02bd6f0ca6f528ec5e1c0066276ce2
Instruction ID: 41852391ef0e6922b2e6ac1ba5e95c1a13bc8bf3e594678c66fff2f5373577d2
Opcode Fuzzy Hash: d20819ccfb01b21ab04a8f7754720caf8d02bd6f0ca6f528ec5e1c0066276ce2
Instruction Fuzzy Hash: 24A002B6F0001177E7816A74C408546A615FBB1301B15C4916981CA5C9D9648A9AC761

Uniqueness

Uniqueness Score: 0.00%

Function 016154B0, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a540711cd9c6d304da15f0429b927b8e21459896ec0e9665849701a293dc689d
Instruction ID: 7822ed07c2522b350019c8f73ce289d89a224df6d1de4b707ef1af4b598d5daf
Opcode Fuzzy Hash: a540711cd9c6d304da15f0429b927b8e21459896ec0e9665849701a293dc689d
Instruction Fuzzy Hash: 2CA02238A00000C3EF80AE20C0083032280EB82300F0080802202CA00AC3388BA8CF30

Uniqueness

Uniqueness Score: 0.00%

Function 01616660, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f30b11db6786d76faba25328c651634696ef3449945aa37c5e1c7dc2915e7fb
Instruction ID: f7ce0eb4f21a9c7e91f07bb1c298602df24d33a79a5a5b82db68f2018a2dfa04
Opcode Fuzzy Hash: 1f30b11db6786d76faba25328c651634696ef3449945aa37c5e1c7dc2915e7fb
Instruction Fuzzy Hash: 96A00235B0000567D7556A64C408A5A6A17EB91301B15C4A96702CA55ADB348A969771

Uniqueness

Uniqueness Score: 0.00%

Function 01615960, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af432ca6098d0ee9b8953f7d7afa634181ad5a7b6dd34a245583af5f8796d4ae
Instruction ID: 186c47e426f108bb41cd89ccecb06254bf58983df82c6b135a0ebc251868dd50
Opcode Fuzzy Hash: af432ca6098d0ee9b8953f7d7afa634181ad5a7b6dd34a245583af5f8796d4ae
Instruction Fuzzy Hash: 13A002316001569BE7456B64C40CB1AB756EBA1301F1580A96601CB64AD72989D9C666

Uniqueness

Uniqueness Score: 0.00%

Function 01615950, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad556eb3d6fb01b2bb063e0f90df6f28479f28bdc3ef2c4f3e36030dee5cb4d6
Instruction ID: 4d99cb4e022f2ae71c51113855365abb1fef979e9875acebd69021ab2e33be89
Opcode Fuzzy Hash: ad556eb3d6fb01b2bb063e0f90df6f28479f28bdc3ef2c4f3e36030dee5cb4d6
Instruction Fuzzy Hash: 33A0223020008883C3000AA0C0083023220EB80300F288080A802CA28EC3E088C0C222

Uniqueness

Uniqueness Score: 0.00%

Function 016159D0, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66933a40434681852bab576b898a7bca33df46bbd5d1eba01f4620e7d7d79534
Instruction ID: 770f4d74218d9cab5150b6a20e53ba41e22396d266b3a57fe9813d4d473e9fd6
Opcode Fuzzy Hash: 66933a40434681852bab576b898a7bca33df46bbd5d1eba01f4620e7d7d79534
Instruction Fuzzy Hash: 55A002316120455BE7515BA4C108B076621EB91301F1589D1E542DB98AE66789A5DB21

Uniqueness

Uniqueness Score: 0.00%

Function 01615860, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d80b6c2617a3bfe693c52dd555ba2dcae9ea4865d7de2c9d99521539d56609d
Instruction ID: a76286c32a91ab7e7c818d0da5662f92446d6f8332af55b8d59e779581ed8eac
Opcode Fuzzy Hash: 3d80b6c2617a3bfe693c52dd555ba2dcae9ea4865d7de2c9d99521539d56609d
Instruction Fuzzy Hash: 19A00231710142A7DB456BA4C008B5AA716EBE2302F1580BD6651CA54ADA2589D5DA22

Uniqueness

Uniqueness Score: 0.00%

Function 01615BE0, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7c33b39783c568c35320ca3c7e62619444d33720e5f6fe0178de63aa6b0a87b
Instruction ID: 6aed5b98a9ca0652b43341c4f250a08315bdaa78178da3c8489c5cd9cccd5725
Opcode Fuzzy Hash: a7c33b39783c568c35320ca3c7e62619444d33720e5f6fe0178de63aa6b0a87b
Instruction Fuzzy Hash: 3FA0223020008083C3000A22C008B0AA220EB80300F20C0802303CAA2AC23088C0C232

Uniqueness

Uniqueness Score: 0.00%

Function 01615AE0, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31922a0ac12c01adbca73c22b30a4c36b66891b08a23122a9cb4c8ce63f435d9
Instruction ID: 32b258a130d3d8aa7af4b45840ea9780ac510058529d39b6386e20cc7addb0f2
Opcode Fuzzy Hash: 31922a0ac12c01adbca73c22b30a4c36b66891b08a23122a9cb4c8ce63f435d9
Instruction Fuzzy Hash: 5DA0223020000883C3000AA0C00AB02E220FB80300F0080C22302CB82AE23088C0C230

Uniqueness

Uniqueness Score: 0.00%

Function 01615D50, Relevance: .0, Instructions: 4COMMON

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8368c5d8f22aefb4bbd29ccfd1e28741032748a69bb633efd429898a9bbd839e
Instruction ID: 58c3d2e7d6b14a064e58ce1756ba518272e68d3de2927e80967ae1125401d548
Opcode Fuzzy Hash: 8368c5d8f22aefb4bbd29ccfd1e28741032748a69bb633efd429898a9bbd839e
Instruction Fuzzy Hash: ACA00231A5808657EBA25AB8C008A1A6621EB91342F1580A1A602CA97ED67589D5B635

Uniqueness

Uniqueness Score: 0.00%

Function 015DE32D, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 196
COMMON

C-Code - Quality: 38%

			E015DE32D(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 != 0) {
					L9:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L15:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L26:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E015F7ACB(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L18:
							L18:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E015F7ACB() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E015F7ACB(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E015F7ACB();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L26;
							}
							_t116 = 0;
							goto L18;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
								goto L14;
							}
							_v12 = _t108;
							L14:
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t31 =  &_v24;
							 *_t31 = _v24 - 1;
						} while ( *_t31 != 0);
						goto L15;
					}
				}
				if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
					goto L9;
				} else {
					_t96 =  *(_t129 + 8) & 0x0000ffff;
					if(_t96 != 0) {
						L42:
						if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
							goto L9;
						} else {
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_t86 = E015F7ACB(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
							goto L40;
						}
					} else {
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L37:
							_t115 = 0x1617756;
							L39:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E015F7ACB(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							L40:
							return _t128 + _t86 * 2;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L42;
						}
						if(_t114 != 0) {
							_t115 = 0x161e5d0;
							goto L39;
						}
						goto L37;
					}
				}
			}

0x015de337
0x015de33b
0x015de33e
0x015de340
0x015de343
0x015de34a
0x015de350
0x015de356
0x015de35b
0x015de35e
0x015de361
0x015de368
0x015dc2f5
0x015dc2fb
0x015dc2fb
0x015dc2f5
0x015de36e
0x015de373
0x015de397
0x015de3a0
0x015de3a2
0x015de3a5
0x015de3a5
0x015de3a8
0x015de3ad
0x015de40e
0x015de412
0x015dc30b
0x015dc310
0x015dc315
0x015dc32e
0x015dc32e
0x00000000
0x015de3af
0x00000000
0x015de3af
0x015de3b2
0x015de3bf
0x015de3c8
0x015de3cf
0x015de3d0
0x015de3d6
0x015de3d9
0x015de3dc
0x015de3dc
0x015de3f6
0x015de3fb
0x015de535
0x015de537
0x015de53e
0x015de53f
0x015de540
0x015de548
0x015de54b
0x015de54b
0x015de3fe
0x015de402
0x015de405
0x015de408
0x00000000
0x00000000
0x015de40a
0x00000000
0x015de40a
0x015de375
0x015de377
0x015de378
0x015de37b
0x015de37e
0x015de384
0x015de523
0x015de528
0x015de52b
0x015de52b
0x015de52e
0x00000000
0x015de52e
0x015de38a
0x015de38d
0x015de38d
0x015de391
0x015de392
0x015de392
0x015de392
0x00000000
0x015de37e
0x015de373
0x015d9d8a
0x00000000
0x015d9dae
0x0165ecab
0x0165ecb2
0x0165ed0c
0x0165ed14
0x00000000
0x0165ed24
0x0165ed28
0x0165ed2d
0x0165ed32
0x0165ed43
0x00000000
0x0165ed48
0x0165ecb4
0x0165ecb4
0x0165ecbb
0x0165ecce
0x0165ecce
0x0165ecda
0x0165ecde
0x0165ece3
0x0165ece8
0x0165eced
0x0165ecfa
0x0165ed02
0x00000000
0x0165ed02
0x0165ecc5
0x0165ed0a
0x00000000
0x0165ed0a
0x0165eccc
0x0165ecd5
0x00000000
0x0165ecd5
0x00000000
0x0165eccc
0x0165ecb2

APIs

___swprintf_l.LIBCMT ref: 015DC326
___swprintf_l.LIBCMT ref: 015DE3D1
___swprintf_l.LIBCMT ref: 015DE3F6
___swprintf_l.LIBCMT ref: 015DE540
___swprintf_l.LIBCMT ref: 0165ECFA
___swprintf_l.LIBCMT ref: 0165ED43

Strings

::%hs%u.%u.%u.%u, xrefs: 0165ECF1
:%u.%u.%u.%u, xrefs: 015DC31D
ffff:, xrefs: 0165ECD5
::ffff:0:%u.%u.%u.%u, xrefs: 0165ED3A

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: 5bf3330f600af5ac6e7b6d8056f1dd0d71231bae8107382513c13fe103be54c3
Instruction ID: 4dd5212450810d941f6fec98032d0ea57043549ced904a794709f4a345507819
Opcode Fuzzy Hash: 5bf3330f600af5ac6e7b6d8056f1dd0d71231bae8107382513c13fe103be54c3
Instruction Fuzzy Hash: 3D610671900656AACB35DF9DC8818BFBBB5FF94200B48C42DE9964F244EB75E740CB60

Uniqueness

Uniqueness Score: 0.11%

Function 015FBD8A, Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 127
UNIQUE

C-Code - Quality: 63%

			E015FBD8A(void* __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t70 = __edx;
				_t33 =  *0x16a81e8; // 0x77d4aa35
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E015FBDDC(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					L015F1ACE(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E01604EC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0x16a81b0( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					L015F1ACE(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E01638985( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						L015F1ACE(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E01627200(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							L015F1ACE(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E0166E7A0(_t69, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					L015F1ACE();
					_t38 = 1;
					L2:
					return E01622F0C(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}

0x015fbd8a
0x015fbd95
0x015fbd9c
0x015fbd9f
0x015fbda8
0x015fbdbe
0x0164b3b0
0x0164b3b7
0x00000000
0x00000000
0x0164b3bd
0x0164b3d0
0x0164b3d5
0x0164b3e4
0x0164b3ea
0x0164b3ef
0x0164b415
0x0164b41b
0x0164b41d
0x00000000
0x00000000
0x0164b423
0x0164b429
0x0164b42b
0x00000000
0x00000000
0x0164b431
0x0164b433
0x00000000
0x00000000
0x0164b43d
0x0164b43e
0x0164b456
0x0164b467
0x0164b46c
0x0164b46f
0x0164b470
0x0164b472
0x0164e16e
0x0164e179
0x0164e17f
0x0164e188
0x0164e18b
0x0164e191
0x0164e193
0x00000000
0x00000000
0x00000000
0x00000000
0x0164e199
0x0164e199
0x0164e1a1
0x0164e1a4
0x0164e1a5
0x0164e1a7
0x0164e1a9
0x0164e1ab
0x0164e1ab
0x0164e1b8
0x0164e1bd
0x0164e1c2
0x0164e1c7
0x0164e1c9
0x00000000
0x00000000
0x0164e1cf
0x0164e1cf
0x0164e1d2
0x0164e1d8
0x00000000
0x00000000
0x0164e1de
0x0164e199
0x0164b478
0x0164b47d
0x0164b47f
0x0164b481
0x0164b489
0x015fbdc6
0x015fbdd4
0x015fbdd4
0x015fbdc4
0x015fbdc4
0x00000000

APIs

BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 0164B415

Part of subcall function 0166E7A0: _wcstoul.LIBCMT ref: 0166E7C6

Strings

CLIENT(ntdll): Processing section info %ws..., xrefs: 0164E1AF
CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0164E165
CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 0164B3C7
CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 0164B44D
CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 0164B478
Execute=1, xrefs: 0164B461
ExecuteOptions, xrefs: 0164B407

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: BaseDataModuleQuery_wcstoul
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 3175100189-484625025
Opcode ID: 1490e4384a6d491b165b16bda3ac902130c0df28bcd142ef82e2f916f5c6f427
Instruction ID: ba521a88a4f7cc48a60c89cbff44f29c6883b59da0065b5641c44808ee9a8aff
Opcode Fuzzy Hash: 1490e4384a6d491b165b16bda3ac902130c0df28bcd142ef82e2f916f5c6f427
Instruction Fuzzy Hash: AF41267268060DAADB21EA98DC85FEE77FCBF64300F04049DE305E60C1EA70EA458F95

Uniqueness

Uniqueness Score: 100.00%

Function 015E3747, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 270
COMMON

C-Code - Quality: 100%

			E015E3747(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr* _v28;
				signed int _v32;
				void* _t115;
				char _t119;
				short _t120;
				intOrPtr* _t124;
				char _t126;
				short _t127;
				void* _t133;
				void* _t136;
				intOrPtr _t142;
				signed int _t154;
				signed int _t175;
				intOrPtr _t178;
				intOrPtr* _t180;
				intOrPtr _t181;
				void* _t184;

				_t180 = _a4;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if( *_t180 == 0) {
					L34:
					 *_a8 = _t180;
					_t181 = _v24;
					if(_t181 != 0) {
						if(_t181 != 3) {
							goto L62;
						}
						_v8 = _v8 + 1;
					}
					_t175 = _v32;
					if(_t175 == 0) {
						if(_v8 == 7) {
							goto L36;
						}
						goto L62;
					}
					L36:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L62;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L40:
						if(_t175 != 0) {
							E01604B80(_a12 + 0x10 + (_t175 - _v8) * 2, _a12 + _t175 * 2, _v8 - _t175 + _v8 - _t175);
							_t115 = 8;
							E01604EC0(_a12 + _t175 * 2, 0, _t115 - _v8 + _t115 - _v8);
						}
						return 0;
					}
					if(_t181 != 0) {
						if(_v12 > 3) {
							goto L62;
						}
						_t119 = E015E38EA(_v28, 0, 0xa);
						_t184 = _t184 + 0xc;
						if(_t119 > 0xff) {
							goto L62;
						}
						 *((char*)(_t181 + _v20 * 2 + _a12)) = _t119;
						goto L40;
					}
					if(_v12 > 4) {
						goto L62;
					}
					_t120 = E015E38EA(_v28, _t181, 0x10);
					_t184 = _t184 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t120;
					goto L40;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L22;
						}
						_t136 = _t123 - 1;
						if(_t136 != 0) {
							_t123 = _t136 == 1;
							if(_t136 == 1) {
								L23:
								if(_v8 > 7) {
									goto L34;
								}
								_t143 = _t142;
								if(E015E3490(_t123, _t142) == 0 || _t129 == 0) {
									if(E015E3490(_t129, _t143) == 0 || E015E3663(_t130, _t143) == 0 || _v24 > 0) {
										goto L34;
									} else {
										_t133 = 1;
										_a7 = 1;
										_v28 = _t180;
										_v16 = 1;
										_v12 = 1;
										L31:
										if(_v16 == _t133) {
											goto L20;
										}
										L8:
										if(_v28 == 0) {
											goto L20;
										}
										_t178 = _v24;
										if(_t178 != 0) {
											if(_v12 > 3) {
												L62:
												return 0xc000000d;
											}
											_t126 = E015E38EA(_v28, 0, 0xa);
											_t184 = _t184 + 0xc;
											if(_t126 > 0xff) {
												goto L62;
											}
											 *((char*)(_t178 + _v20 * 2 + _a12 - 1)) = _t126;
											goto L20;
										}
										if(_v12 > 4) {
											goto L62;
										}
										_t127 = E015E38EA(_v28, 0, 0x10);
										_t184 = _t184 + 0xc;
										_v20 = _v20 + 1;
										 *((short*)(_a12 + _v20 * 2)) = _t127;
										goto L20;
									}
								} else {
									_a7 = 0;
									_v28 = _t180;
									_v16 = 1;
									_v12 = 1;
									L20:
									_t180 = _t180 + 1;
									_t142 =  *_t180;
									if(_t142 == 0) {
										goto L34;
									}
									continue;
								}
							}
							_t133 = 1;
							goto L31;
						}
						_t179 = _t142;
						if(E015E3490(_t136, _t142) == 0 || _t138 == 0) {
							if(E015E3490(_t138, _t179) == 0 || E015E3663(_t139, _t179) == 0) {
								if(_t142 != 0x3a) {
									if(_t142 != 0x2e || _a7 != 0 || _v24 > 2 || _v8 > 6) {
										goto L34;
									} else {
										_v24 = _v24 + 1;
										L7:
										_v16 = _v16 & 0x00000000;
										goto L8;
									}
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L34;
								} else {
									_t124 = _t180 + 1;
									if( *_t124 == _t142) {
										if(_v32 == 0) {
											_v32 = _v8 + 1;
											_t154 = 2;
											_v8 = _v8 + _t154;
											L47:
											_t180 = _t124;
											_v16 = _t154;
											goto L8;
										}
										goto L34;
									}
									_v8 = _v8 + 1;
									goto L7;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L34;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							goto L1;
						}
						L22:
						if(_t142 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L34;
							} else {
								_t124 = _t180 + 1;
								if( *_t124 != _t142) {
									goto L34;
								}
								_v20 = _v20 + 1;
								_t154 = 2;
								_v32 = 1;
								_v8 = _t154;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L47;
							}
						}
						goto L23;
					}
				}
				L1:
				_v12 = _v12 + 1;
				goto L20;
			}

0x015e3753
0x015e3759
0x015e375c
0x015e375f
0x015e3762
0x015e3765
0x015e3768
0x015e376b
0x015e3770
0x015e3855
0x015e3858
0x015e385a
0x015e385f
0x01648353
0x00000000
0x00000000
0x01648359
0x01648359
0x015e3865
0x015e386a
0x01648457
0x00000000
0x00000000
0x00000000
0x01648457
0x015e3870
0x015e3874
0x0165edab
0x00000000
0x00000000
0x0165edb9
0x015e38a8
0x015e38aa
0x015e38c3
0x015e38ca
0x015e38d4
0x015e38d9
0x00000000
0x015e38dc
0x015e387c
0x01648365
0x00000000
0x00000000
0x01648372
0x01648377
0x0164837f
0x00000000
0x00000000
0x0164838e
0x00000000
0x0164838e
0x015e3886
0x00000000
0x00000000
0x015e3892
0x015e389c
0x015e38a4
0x00000000
0x00000000
0x015e3776
0x015e3779
0x015e377b
0x00000000
0x00000000
0x015e377d
0x015e377e
0x015e3926
0x015e3927
0x015e37e4
0x015e37e8
0x00000000
0x00000000
0x015e37ea
0x015e37f6
0x015e381e
0x00000000
0x015e3831
0x015e3833
0x015e3834
0x015e3838
0x015e383b
0x015e383e
0x015e3841
0x015e3844
0x00000000
0x00000000
0x015e36fe
0x015e3703
0x00000000
0x00000000
0x015e3709
0x015e370e
0x0164842a
0x0164845d
0x00000000
0x0164845d
0x01648432
0x01648437
0x0164843f
0x00000000
0x00000000
0x0164844a
0x00000000
0x0164844a
0x015e3718
0x00000000
0x00000000
0x015e3724
0x015e372e
0x015e3731
0x015e3739
0x00000000
0x015e3739
0x015e3803
0x015e3806
0x015e380a
0x015e380d
0x015e3810
0x015e37d0
0x015e37d0
0x015e37d1
0x015e37d5
0x00000000
0x00000000
0x00000000
0x015e37d7
0x015e37f6
0x0165ed63
0x00000000
0x0165ed63
0x015e3784
0x015e3790
0x015e37aa
0x015e36d2
0x01648324
0x00000000
0x01648348
0x01648348
0x015e36fa
0x015e36fa
0x00000000
0x015e36fa
0x01648324
0x015e36dc
0x00000000
0x015e36ec
0x015e36ec
0x015e36f1
0x015e384f
0x015e3938
0x015e393b
0x015e393c
0x015e393f
0x015e393f
0x015e3941
0x00000000
0x015e3941
0x00000000
0x015e384f
0x015e36f7
0x00000000
0x015e36f7
0x015e37bf
0x015e37bf
0x015e37c6
0x00000000
0x00000000
0x015e37cc
0x00000000
0x015e37cc
0x00000000
0x00000000
0x00000000
0x015e37db
0x015e37de
0x0165ed6c
0x00000000
0x0165ed7b
0x0165ed7b
0x0165ed80
0x00000000
0x00000000
0x0165ed90
0x0165ed93
0x0165ed94
0x0165ed9b
0x0165ed9e
0x00000000
0x0165ed9e
0x0165ed6c
0x00000000
0x015e37de
0x015e3776
0x015e362a
0x015e362a
0x00000000

APIs

__fassign.LIBCMT ref: 015E3724
__fassign.LIBCMT ref: 015E3892
__fassign.LIBCMT ref: 01648372

Part of subcall function 015E38EA: __cftof.LIBCMT ref: 015E38FA

__fassign.LIBCMT ref: 01648432

Strings

:, xrefs: 015E37DB
:, xrefs: 015E36CF
., xrefs: 01648321

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: __fassign$__cftof
String ID: .$:$:
API String ID: 719083814-2308638275
Opcode ID: ed0c4c3c8d53cf5604481f181fd10ba09e4b0497798efa1efc41dea83925a216
Instruction ID: 6ed9f694b7d84a2571d4ab7cf8d3849b5b094804165c4b454286dce31ac70633
Opcode Fuzzy Hash: ed0c4c3c8d53cf5604481f181fd10ba09e4b0497798efa1efc41dea83925a216
Instruction Fuzzy Hash: E2A1BE71D0920AEBDF69CFA8C8197BEBBF8BF05300F14886ED552AB241D7309A45CB51

Uniqueness

Uniqueness Score: 6.12%

Function 015FA160, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 196
UNIQUE

C-Code - Quality: 62%

			E015FA160(signed int _a4, char _a8) {
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t38;
				signed int* _t41;
				signed int _t43;
				void* _t44;
				void* _t50;
				void* _t55;
				void* _t56;
				void* _t57;
				void* _t58;
				void* _t59;
				intOrPtr _t60;
				void* _t62;
				signed int _t67;
				signed int _t74;
				signed int _t78;
				signed int _t81;
				intOrPtr _t90;
				signed int _t93;
				void* _t94;
				signed int _t98;
				void* _t102;
				void* _t103;
				signed int _t110;
				signed int _t124;
				void* _t137;
				void* _t138;
				void* _t139;
				signed int _t143;

				_t81 = _a4;
				_t98 =  *(_t81 + 0x28);
				_t38 = _t81 + 0x28;
				if(_t98 < 0) {
					_t90 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t81 + 0x2c)) -  *((intOrPtr*)(_t90 + 0x24));
					if( *((intOrPtr*)(_t81 + 0x2c)) !=  *((intOrPtr*)(_t90 + 0x24))) {
						goto L31;
					} else {
						__eflags = _t98 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L31:
					while(1) {
						L32:
						__eflags = _t98;
						if(_t98 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t81 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t81 + 0x34)) + 0x14)) + 1;
							_t41 = _t81 + 0x1c;
							asm("lock xadd [edx], ecx");
							_t98 =  *(_t81 + 0x28);
							__eflags = _t98;
							if(_t98 >= 0) {
								_t92 =  *_t41;
								__eflags = _t92;
								if(__eflags > 0) {
									while(1) {
										_t78 = _t92;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t78 - _t92;
										if(_t78 == _t92) {
											break;
										}
										_t92 = _t78;
										__eflags = _t78;
										if(_t78 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t92;
								}
								if(__eflags == 0) {
									goto L11;
								} else {
									continue;
								}
							} else {
								L11:
								_t110 = 0;
								__eflags = 0;
								while(1) {
									_t101 =  *(_t81 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t124 =  !( ~( *(_t81 + 0x30) & 1)) & 0x016a8318;
									_push(_t124);
									_push(0);
									_push( *((intOrPtr*)(_t81 + 0x18)));
									_t43 = E016165E0();
									__eflags = _t43 - 0x102;
									if(_t43 != 0x102) {
										break;
									}
									_t92 =  *(_t124 + 4);
									_t102 =  *_t124;
									_t44 = E01603EC0(_t102,  *(_t124 + 4), 0xff676980, 0xffffffff);
									_push(_t102);
									_push(_t44);
									L015F1ACE(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t110);
									L015F1ACE(0x65, 0, "RTL: Resource at %p\n", _t81);
									_t110 = _t110 + 1;
									_t138 = _t137 + 0x28;
									__eflags = _t110 - 2;
									if(_t110 > 2) {
										E016715D8(_t92, _t81);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									L015F1ACE();
									_t137 = _t138 + 0xc;
								}
								__eflags = _t43;
								if(_t43 < 0) {
									E01616CC5(_t92, _t101, _t110, _t124, _t43);
									asm("int3");
									while(1) {
										L45:
										_t93 =  *(_t124 + 4);
										_t103 =  *_t124;
										_t50 = E01603EC0(_t103, _t93, 0xff676980, 0xffffffff);
										_push(_t103);
										_push(_t50);
										L015F1ACE(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t110);
										L015F1ACE(0x65, 0, "RTL: Resource at %p\n", _t81);
										_t110 = _t110 + 1;
										_t139 = _t137 + 0x28;
										__eflags = _t110 - 2;
										if(_t110 > 2) {
											E016715D8(_t93, _t81);
										}
										_push("RTL: Re-Waiting\n");
										_push(0);
										_push(0x65);
										L015F1ACE();
										_t137 = _t139 + 0xc;
										while(1) {
											L18:
											_t105 =  *(_t81 + 0x30) & 0x00000001;
											asm("sbb esi, esi");
											_t124 =  !( ~( *(_t81 + 0x30) & 1)) & 0x016a8318;
											_push(_t124);
											_push(0);
											_push( *((intOrPtr*)(_t81 + 0x20)));
											_t55 = E016165E0();
											if(_t55 == 0x102) {
												goto L45;
											}
											if(_t55 < 0) {
												_t56 = E01616CC5(_t93, _t105, _t110, _t124, _t55);
												asm("int3");
												_t57 = E01616CC5(_t93, _t105, _t110, _t124, _t56);
												_t58 = E01616CC5(_t93, _t105, _t110, _t124, _t57);
												_t59 = E01616CC5(_t93, _t105, _t110, _t124, _t58);
												asm("int3");
												while(1) {
													_t94 = _t59;
													__eflags = _t59 - 1;
													if(_t59 != 1) {
														break;
													}
													_t110 = _t110 | 0xffffffff;
													_t59 = _t94;
													asm("lock cmpxchg [ebx], edi");
													__eflags = _t59 - _t94;
													if(_t59 != _t94) {
														continue;
													} else {
														_t60 =  *[fs:0x18];
														 *((intOrPtr*)(_t124 + 0x2c)) =  *((intOrPtr*)(_t60 + 0x24));
														return _t60;
													}
													goto L56;
												}
												E015F9485(_t94, _t110, _t124);
												_t62 = E015F9505(_t124, 1);
												return _t62;
											} else {
												_t38 =  *(_t81 + 0x28);
												L28:
												while(_t38 != 0) {
													__eflags = _a8;
													if(_a8 == 0) {
														__eflags = 0;
														return 0;
													} else {
														 *((intOrPtr*)( *((intOrPtr*)(_t81 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t81 + 0x34)) + 0x14)) + 1;
														_t98 = _t81 + 0x24;
														_t93 = 1;
														asm("lock xadd [eax], ecx");
														_t38 =  *(_t81 + 0x28);
														_a4 = _t38;
														__eflags = _t38;
														if(_t38 == 0) {
															_t93 =  *_t98;
															if(_t93 > 0) {
																while(1) {
																	_t67 = _t93;
																	asm("lock cmpxchg [edi], esi");
																	if(_t67 == _t93) {
																		break;
																	}
																	_t93 = _t67;
																	__eflags = _t67;
																	if(_t67 <= 0) {
																		break;
																	} else {
																		continue;
																	}
																	goto L56;
																}
																_t38 = _a4;
																_t143 = _t93;
															}
															if(_t143 != 0) {
																continue;
															} else {
																goto L17;
															}
														} else {
															L17:
															_t110 = 0;
															goto L18;
														}
													}
													goto L56;
												}
												_t93 = _t93 | 0xffffffff;
												_t38 = 0;
												asm("lock cmpxchg [edx], ecx");
												if(0 != 0) {
													goto L28;
												} else {
													 *((intOrPtr*)(_t81 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
													return 1;
												}
											}
											goto L56;
										}
									}
								} else {
									_t98 =  *(_t81 + 0x28);
									continue;
								}
							}
						}
						goto L56;
					}
					_t74 = _t98;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t74 - _t98;
					if(_t74 != _t98) {
						_t98 = _t74;
						goto L32;
					} else {
						return 1;
					}
				}
				L56:
			}

0x015fa166
0x015fa169
0x015fa16c
0x015fa172
0x015e24aa
0x015e24b4
0x015e24b7
0x00000000
0x015e24bd
0x015e24bd
0x015e24c0
0x015e24c9
0x015e24c9
0x015fa178
0x015fa178
0x015fa179
0x015fa179
0x015fa179
0x015fa17b
0x00000000
0x00000000
0x015d6ee9
0x015d6eed
0x01651a3b
0x01651a3f
0x015d6ef3
0x015d6ef6
0x015d6ef9
0x015d6f03
0x015d6f07
0x015d6f0a
0x015d6f0c
0x016519b4
0x016519b6
0x016519b8
0x016519c0
0x016519ca
0x016519cc
0x016519d0
0x016519d2
0x00000000
0x00000000
0x016519d4
0x016519d6
0x016519d8
0x00000000
0x00000000
0x00000000
0x016519d8
0x016519da
0x016519da
0x015d9951
0x00000000
0x015d9957
0x00000000
0x015d9957
0x015d6f12
0x015d6f12
0x015d6f12
0x015d6f12
0x015d6f14
0x015d6f1a
0x015d6f22
0x015d6f26
0x015d6f2c
0x015d6f2d
0x015d6f2f
0x015d6f30
0x015d6f35
0x015d6f3a
0x00000000
0x00000000
0x016519e1
0x016519e4
0x016519ef
0x016519f4
0x016519f5
0x01651a00
0x01651a0f
0x01651a14
0x01651a15
0x01651a18
0x01651a1b
0x01651a1e
0x01651a1e
0x01651a23
0x01651a28
0x01651a2a
0x01651a2c
0x01651a31
0x01651a31
0x015d6f40
0x015d6f42
0x01651a43
0x01651a48
0x01651a49
0x01651a49
0x01651a49
0x01651a4c
0x01651a57
0x01651a5c
0x01651a5d
0x01651a68
0x01651a77
0x01651a7c
0x01651a7d
0x01651a80
0x01651a83
0x01651a86
0x01651a86
0x01651a8b
0x01651a90
0x01651a92
0x01651a94
0x01651a99
0x015d98ed
0x015d98ed
0x015d98f3
0x015d98fb
0x015d98ff
0x015d9905
0x015d9906
0x015d9908
0x015d9909
0x015d9913
0x00000000
0x00000000
0x015d991b
0x01651aab
0x01651ab0
0x01651ab2
0x01651ab8
0x01651abe
0x01651ac3
0x01651ac4
0x01651ac4
0x01651ac6
0x01651ac9
0x00000000
0x00000000
0x015dc35f
0x015dc364
0x015dc366
0x015dc36a
0x015dc36c
0x00000000
0x015dc372
0x015dc372
0x015dc37d
0x015dc382
0x015dc382
0x00000000
0x015dc36c
0x01651ad0
0x01651ad8
0x01651ae1
0x015d9921
0x015d9921
0x00000000
0x015f951e
0x015d98bf
0x015d98c3
0x01651aa3
0x01651aa7
0x015d98c9
0x015d98cc
0x015d98cf
0x015d98d4
0x015d98d9
0x015d98dd
0x015d98e0
0x015d98e3
0x015d98e5
0x015d2f64
0x015d2f68
0x015d2f6d
0x015d2f74
0x015d2f76
0x015d2f7c
0x00000000
0x00000000
0x015d2f8e
0x015d2f90
0x015d2f92
0x00000000
0x015d2f94
0x00000000
0x015d2f94
0x00000000
0x015d2f92
0x015d2f7e
0x015d2f81
0x015d2f81
0x015d2f83
0x00000000
0x015d2f89
0x00000000
0x015d2f89
0x015d98eb
0x015d98eb
0x015d98eb
0x00000000
0x015d98eb
0x015d98e5
0x00000000
0x015d98c3
0x015f952b
0x015f952e
0x015f9530
0x015f9536
0x00000000
0x015f9538
0x015f9543
0x015f954a
0x015f954a
0x015f9536
0x00000000
0x015d991b
0x015d98ed
0x015d6f48
0x015d6f48
0x00000000
0x015d6f48
0x015d6f42
0x015d6f0c
0x00000000
0x015d6eed
0x015fa18b
0x015fa18d
0x015fa191
0x015fa193
0x015d994a
0x00000000
0x015fa199
0x015fa19f
0x015fa19f
0x015fa193
0x00000000

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 016519EF
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01651A57

Strings

RTL: Resource at %p, xrefs: 01651A06, 01651A6E
RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 016519F7
RTL: Re-Waiting, xrefs: 01651A23, 01651A8B
RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01651A5F

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 885266447-4236105082
Opcode ID: 9672766b1228bbadd6b9a635a223630c05d1d1ccfb8fb845d9197fe973e75ee5
Instruction ID: 84e8a15074408160998fad26dce3ad490ab3f10db9857bb0df14eec2855fdde9
Opcode Fuzzy Hash: 9672766b1228bbadd6b9a635a223630c05d1d1ccfb8fb845d9197fe973e75ee5
Instruction Fuzzy Hash: 8F517A717002039BEB159A19CCC1FA733EABF94724F28421EED559F389DA61EC45C7A4

Uniqueness

Uniqueness Score: 100.00%

Function 015DE426, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 88
COMMON

C-Code - Quality: 64%

			E015DE426(void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t39;
				signed int _t43;
				signed int _t44;
				intOrPtr _t45;
				void* _t50;
				intOrPtr* _t51;
				void* _t53;
				signed int _t56;
				void* _t57;

				_t50 = __edx;
				_t24 =  *0x16a81e8; // 0x77d4aa35
				_v8 = _t24 ^ _t56;
				_t45 = _a16;
				_t52 = _a4;
				_t51 = _a20;
				if(_a4 == 0 || _t51 == 0) {
					L12:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t51 == _t45) {
							goto L3;
						} else {
							goto L12;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t44 = E015F7ACB();
							_t57 = _t57 + 0xc;
							_t28 = _t56 + _t44 * 2 - 0x88;
						}
						_t53 = E015DE32D(_t52, _t28);
						if(_a8 != 0) {
							_t43 = E015F7ACB(_t53,  &_v10 - _t53 >> 1, L"%%%u", _a8);
							_t57 = _t57 + 0x10;
							_t53 = _t53 + _t43 * 2;
						}
						if(_a12 != 0) {
							_t39 = E015F7ACB(_t53,  &_v10 - _t53 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t57 = _t57 + 0x10;
							_t53 = _t53 + _t39 * 2;
						}
						_t52 = (_t53 -  &_v140 >> 1) + 1;
						 *_t51 = _t52;
						if( *_t51 < _t52) {
							goto L12;
						} else {
							E01604830(_t45,  &_v140, _t52 + _t52);
							_t26 = 0;
						}
					}
				}
				return E01622F0C(_t26, _t45, _v8 ^ _t56, _t50, _t51, _t52);
			}

0x015de426
0x015de431
0x015de438
0x015de43c
0x015de440
0x015de444
0x015de449
0x016469c0
0x016469c0
0x015de457
0x015de459
0x016469cc
0x00000000
0x016469d2
0x00000000
0x016469d2
0x015de45f
0x015de45f
0x015de464
0x015de46a
0x015de46c
0x015de471
0x015de473
0x015de474
0x015de479
0x015de47c
0x015de47c
0x015de48e
0x015de490
0x015de4a3
0x015de4a8
0x015de4ab
0x015de4ab
0x015de4b3
0x015de4cf
0x015de4d4
0x015de4d7
0x015de4d7
0x015de4e4
0x015de4e7
0x015de4e9
0x00000000
0x015de4ef
0x015de4fb
0x015de503
0x015de503
0x015de4e9
0x015de459
0x015de513

APIs

___swprintf_l.LIBCMT ref: 015DE474

Part of subcall function 015DE32D: ___swprintf_l.LIBCMT ref: 015DC326
Part of subcall function 015DE32D: ___swprintf_l.LIBCMT ref: 015DE3D1
Part of subcall function 015DE32D: ___swprintf_l.LIBCMT ref: 015DE3F6
Part of subcall function 015DE32D: ___swprintf_l.LIBCMT ref: 015DE540
Part of subcall function 015DE32D: ___swprintf_l.LIBCMT ref: 0165ECFA
Part of subcall function 015DE32D: ___swprintf_l.LIBCMT ref: 0165ED43

___swprintf_l.LIBCMT ref: 015DE4A3
___swprintf_l.LIBCMT ref: 015DE4CF

Strings

]:%u, xrefs: 015DE4C6
%%%u, xrefs: 015DE49A

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$]:%u
API String ID: 48624451-3050659472
Opcode ID: e402bf9fc32c4c5776df72408bf1cab96ed339d1aed4890b46aae6b9bc321fe9
Instruction ID: 5583fd771292a04798f46a5966b19cde4732fa9e08f5589d65f68d9908df9715
Opcode Fuzzy Hash: e402bf9fc32c4c5776df72408bf1cab96ed339d1aed4890b46aae6b9bc321fe9
Instruction Fuzzy Hash: 9921E97250022AABDB20DF5CDC41AEE77ACFB54300F894415EE45DB140DBB1EA59CBE0

Uniqueness

Uniqueness Score: 0.11%

Function 015F9505, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 150
UNIQUE

C-Code - Quality: 57%

			E015F9505(intOrPtr _a4, char _a8) {
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t24;
				void* _t29;
				void* _t30;
				void* _t35;
				void* _t36;
				void* _t37;
				void* _t38;
				intOrPtr _t39;
				void* _t41;
				signed int _t43;
				intOrPtr _t50;
				signed int _t58;
				void* _t60;
				signed int* _t62;
				void* _t67;
				signed int _t71;
				signed int _t82;
				void* _t87;
				void* _t88;
				signed int _t92;

				_t50 = _a4;
				_t24 =  *((intOrPtr*)(_t50 + 0x28));
				if(_t24 < 0) {
					if( *((intOrPtr*)(_t50 + 0x2c)) !=  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
						goto L19;
					} else {
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L19:
					L20:
					while(_t24 != 0) {
						if(_a8 == 0) {
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t50 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t50 + 0x34)) + 0x14)) + 1;
							_t62 = _t50 + 0x24;
							_t58 = 1;
							asm("lock xadd [eax], ecx");
							_t24 =  *((intOrPtr*)(_t50 + 0x28));
							_a4 = _t24;
							if(_t24 == 0) {
								_t58 =  *_t62;
								if(_t58 > 0) {
									while(1) {
										_t43 = _t58;
										asm("lock cmpxchg [edi], esi");
										if(_t43 == _t58) {
											break;
										}
										_t58 = _t43;
										if(_t43 <= 0) {
											break;
										} else {
											continue;
										}
										goto L34;
									}
									_t24 = _a4;
									_t92 = _t58;
								}
								if(_t92 != 0) {
									continue;
								} else {
									goto L11;
								}
							} else {
								L11:
								_t71 = 0;
								while(1) {
									_t66 =  *(_t50 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t82 =  !( ~( *(_t50 + 0x30) & 1)) & 0x016a8318;
									_push(_t82);
									_push(0);
									_push( *((intOrPtr*)(_t50 + 0x20)));
									_t29 = E016165E0();
									if(_t29 != 0x102) {
										break;
									}
									_t58 =  *(_t82 + 4);
									_t67 =  *_t82;
									_t30 = E01603EC0(_t67, _t58, 0xff676980, 0xffffffff);
									_push(_t67);
									_push(_t30);
									L015F1ACE(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t71);
									L015F1ACE(0x65, 0, "RTL: Resource at %p\n", _t50);
									_t71 = _t71 + 1;
									_t88 = _t87 + 0x28;
									if(_t71 > 2) {
										E016715D8(_t58, _t50);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									L015F1ACE();
									_t87 = _t88 + 0xc;
								}
								if(_t29 < 0) {
									_t35 = E01616CC5(_t58, _t66, _t71, _t82, _t29);
									asm("int3");
									_t36 = E01616CC5(_t58, _t66, _t71, _t82, _t35);
									_t37 = E01616CC5(_t58, _t66, _t71, _t82, _t36);
									_t38 = E01616CC5(_t58, _t66, _t71, _t82, _t37);
									asm("int3");
									while(1) {
										_t60 = _t38;
										if(_t38 != 1) {
											break;
										}
										_t71 = _t71 | 0xffffffff;
										_t38 = _t60;
										asm("lock cmpxchg [ebx], edi");
										if(_t38 != _t60) {
											continue;
										} else {
											_t39 =  *[fs:0x18];
											 *((intOrPtr*)(_t82 + 0x2c)) =  *((intOrPtr*)(_t39 + 0x24));
											return _t39;
										}
										goto L34;
									}
									E015F9485(_t60, _t71, _t82);
									_push(1);
									_t41 = E015F9505(_t82);
									return _t41;
								} else {
									_t24 =  *((intOrPtr*)(_t50 + 0x28));
									continue;
								}
							}
						}
						goto L34;
					}
					_t58 = _t58 | 0xffffffff;
					_t24 = 0;
					asm("lock cmpxchg [edx], ecx");
					if(0 != 0) {
						goto L20;
					} else {
						 *((intOrPtr*)(_t50 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L34:
			}

0x015f950b
0x015f950e
0x015f9517
0x015e2495
0x00000000
0x015e249b
0x015e249e
0x015e24a7
0x015e24a7
0x015f951d
0x015f951d
0x00000000
0x015f951e
0x015d98c3
0x01651aa7
0x015d98c9
0x015d98cc
0x015d98cf
0x015d98d4
0x015d98d9
0x015d98dd
0x015d98e0
0x015d98e5
0x015d2f64
0x015d2f68
0x015d2f6d
0x015d2f74
0x015d2f76
0x015d2f7c
0x00000000
0x00000000
0x015d2f8e
0x015d2f92
0x00000000
0x015d2f94
0x00000000
0x015d2f94
0x00000000
0x015d2f92
0x015d2f7e
0x015d2f81
0x015d2f81
0x015d2f83
0x00000000
0x015d2f89
0x00000000
0x015d2f89
0x015d98eb
0x015d98eb
0x015d98eb
0x015d98ed
0x015d98f3
0x015d98fb
0x015d98ff
0x015d9905
0x015d9906
0x015d9908
0x015d9909
0x015d9913
0x00000000
0x00000000
0x01651a49
0x01651a4c
0x01651a57
0x01651a5c
0x01651a5d
0x01651a68
0x01651a77
0x01651a7c
0x01651a7d
0x01651a83
0x01651a86
0x01651a86
0x01651a8b
0x01651a90
0x01651a92
0x01651a94
0x01651a99
0x01651a99
0x015d991b
0x01651aab
0x01651ab0
0x01651ab2
0x01651ab8
0x01651abe
0x01651ac3
0x01651ac4
0x01651ac4
0x01651ac9
0x00000000
0x00000000
0x015dc35f
0x015dc364
0x015dc366
0x015dc36c
0x00000000
0x015dc372
0x015dc372
0x015dc37d
0x015dc382
0x015dc382
0x00000000
0x015dc36c
0x01651ad0
0x01651ad5
0x01651ad8
0x01651ae1
0x015d9921
0x015d9921
0x00000000
0x015d9921
0x015d991b
0x015d98e5
0x00000000
0x015d98c3
0x015f952b
0x015f952e
0x015f9530
0x015f9536
0x00000000
0x015f9538
0x015f9543
0x015f954a
0x015f954a
0x015f9536
0x00000000

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01651A57

Strings

RTL: Resource at %p, xrefs: 01651A6E
RTL: Re-Waiting, xrefs: 01651A8B
RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01651A5F

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 885266447-871070163
Opcode ID: 02fac5c2126c7cf0c196f846dd0646c4fba4d6edd06574c3de0020c4f17dfe48
Instruction ID: e2ed786dec1e5586b242e5f0ad5c702eddffe849e6f912a858bbd8f046d523bb
Opcode Fuzzy Hash: 02fac5c2126c7cf0c196f846dd0646c4fba4d6edd06574c3de0020c4f17dfe48
Instruction Fuzzy Hash: 9F4168717002039BEB25AA2CCC80FAA77D9FF94724F24462DFD19DF284DA61D845C7A4

Uniqueness

Uniqueness Score: 100.00%

Function 015E3A42, Relevance: 6.3, APIs: 4, Instructions: 259
COMMON

C-Code - Quality: 90%

			E015E3A42(void* _a4, char _a7, signed short** _a8, signed short* _a12) {
				void* _v8;
				signed short* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int __ebx;
				signed short* __edi;
				signed int __esi;
				void* _t101;
				char _t103;
				signed int _t104;
				void* _t109;

				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				while(1) {
					__esi =  *__edi & 0x0000ffff;
					if(__si == __dx) {
						break;
					}
					__eax = _v20;
					__eax = _v20 - __edx;
					if(__eax == 0) {
						if(__si == 0x3a) {
							if(_v12 > __edx || _v8 > __edx) {
								break;
							} else {
								__eax =  &(__edi[1]);
								if( *__eax != __si) {
									break;
								}
								__edi = _a12;
								__esi = 0;
								__ecx = 2;
								_a12[__ebx] = __si;
								_v28 = 1;
								_v8 = __ecx;
								__ebx = __ebx + 1;
								L22:
								__edi = __eax;
								_v20 = __ecx;
								L50:
								if(_v24 == __edx) {
									L33:
									__edi =  &(__edi[0]);
									__edi =  &(__edi[0]);
									__edx = 0;
									continue;
								}
								if(_v12 != __edx) {
									if(_v16 > 3 || E015E19A9(_v24, __edx, 0xa) > 0xff) {
										L42:
										return 0xc000000d;
									} else {
										__ecx = _v12;
										__edx = _a12;
										__ecx = _v12 + __ebx * 2;
										 *((char*)(_v12 + __ebx * 2 + _a12 - 1)) = __al;
										goto L33;
									}
								}
								if(_v16 > 4) {
									goto L42;
								}
								E015E19A9(_v24, __edx, 0x10) = _a12;
								_a12[__ebx] = __cx;
								__ebx = __ebx + 1;
								goto L33;
							}
						}
						L35:
						if(_v8 > 7) {
							break;
						}
						__eax = 0x80;
						if(__si >= __ax) {
							break;
						}
						__eax = E01603B25(__esi, 4);
						_pop(__ecx);
						_pop(__ecx);
						if(__eax != 0) {
							0 = 1;
							_a7 = 0;
							_v24 = __edi;
							_v20 = 1;
							_v16 = 1;
							goto L33;
						}
						__eax = E01603B25(__esi, 0x80);
						_pop(__ecx);
						_pop(__ecx);
						if(__eax != 0) {
							if(_v12 > 0) {
								break;
							}
							__eax = 0;
							__eax = 1;
							_a7 = 1;
							_v24 = __edi;
							_v20 = 1;
							_v16 = 1;
							L56:
							if(_v20 == __eax) {
								goto L33;
							}
							__edx = 0;
							goto L50;
						}
						break;
					}
					__eax = __eax - 1;
					if(__eax != 0) {
						if(0 == 0) {
							goto L35;
						}
						__eax = 0;
						__eax = 1;
						goto L56;
					}
					__eax = 0x80;
					if(__si >= __ax) {
						L44:
						if(__si != 0x3a) {
							if(__si != 0x2e || _a7 != 0 || _v12 > 2 || _v8 > 6) {
								break;
							} else {
								_v12 = _v12 + 1;
								__edx = 0;
								L49:
								_v20 = __edx;
								goto L50;
							}
						}
						__edx = 0;
						if(_v12 > 0 || _v8 > 6) {
							break;
						} else {
							__eax =  &(__edi[1]);
							if( *__eax == __si) {
								if(_v28 != 0) {
									break;
								}
								_v8 = _v8 + 1;
								_v28 = _v8 + 1;
								__ecx = 2;
								_v8 = _v8 + __ecx;
								goto L22;
							}
							_v8 = _v8 + 1;
							goto L49;
						}
					}
					__eax = E01603B25(__esi, 4);
					_pop(__ecx);
					_pop(__ecx);
					if(__eax != 0) {
						_v16 = _v16 + 1;
						goto L33;
					}
					__eax = E01603B25(__esi, 0x80);
					_pop(__ecx);
					_pop(__ecx);
					if(__eax == 0) {
						goto L44;
					}
					_v16 = _v16 + 1;
					if(_v12 > 0) {
						break;
					}
					_a7 = 1;
					goto L33;
				}
				__eax = _a8;
				 *_a8 = __edi;
				__eax = 0;
				if(_v12 != 0) {
					if(_v12 != 3) {
						goto L42;
					}
					_v8 = _v8 + 1;
				}
				if(_v28 != __eax || _v8 == 7) {
					if(_v20 != 1) {
						if(_v20 != 2) {
							goto L42;
						}
						__ecx = _a12;
						__eax = 0;
						_a12[__ebx] = __ax;
						L17:
						_t104 = _v28;
						if(_t104 != 0) {
							_t50 = (_t104 - _v8) * 2; // 0x11
							E01604B80(_a12 + _t50 + 0x10,  &(_a12[_t104]), _v8 - _t104 + _v8 - _t104);
							_t109 = 8;
							E01604EC0( &(_a12[_t104]), 0, _t109 - _v8 + _t109 - _v8);
						}
						return 0;
					}
					if(_v12 != __eax) {
						if(_v16 > 3) {
							goto L42;
						}
						_t103 = E015E19A9(_v24, _t101, 0xa);
						if(_t103 > 0xff) {
							goto L42;
						}
						 *((char*)(_v12 + _a12)) = _t103;
						goto L17;
					}
					if(_v16 > 4) {
						goto L42;
					}
					0 = _a12;
					_a12[__ebx] = __cx;
					goto L17;
				} else {
					goto L42;
				}
			}

0x015e3a52
0x015e3a55
0x015e3a58
0x015e3a5b
0x015e3a5e
0x015e3a61
0x015e3a66
0x015e3a66
0x015e3a6c
0x00000000
0x00000000
0x015e3a72
0x015e3a75
0x015e3a77
0x015e3acc
0x016480fc
0x00000000
0x0164810b
0x0164810b
0x01648111
0x00000000
0x00000000
0x01648117
0x0164811c
0x0164811e
0x0164811f
0x01648123
0x0164812a
0x0164812d
0x015de6d3
0x015de6d3
0x015de6d5
0x015e3bf5
0x015e3bf8
0x015e3ac2
0x015e3ac2
0x015e3ac3
0x015e3ac4
0x00000000
0x015e3ac4
0x015e3c01
0x015dc2a9
0x015e3b2c
0x00000000
0x015dc2c8
0x015dc2c8
0x015dc2cb
0x015dc2ce
0x015dc2d1
0x00000000
0x015dc2d1
0x015dc2a9
0x015e3c0b
0x00000000
0x00000000
0x015e3c23
0x015e3c26
0x015e3c2a
0x00000000
0x015e3c2a
0x016480fc
0x015e3ad2
0x015e3ad6
0x00000000
0x00000000
0x015e3ad8
0x015e3ae0
0x00000000
0x00000000
0x015e3ae5
0x015e3aea
0x015e3aeb
0x015e3aee
0x015de553
0x015de554
0x015de558
0x015de55b
0x015de55e
0x00000000
0x015de55e
0x015e3afa
0x015e3aff
0x015e3b00
0x015e3b03
0x015e3c34
0x00000000
0x00000000
0x015e3c3a
0x015e3c3c
0x015e3c3d
0x015e3c41
0x015e3c44
0x015e3c47
0x015e3c4a
0x015e3c4d
0x00000000
0x00000000
0x0165f066
0x00000000
0x0165f066
0x00000000
0x015e3b03
0x015e3a79
0x015e3a7a
0x015de6c8
0x00000000
0x00000000
0x0165f05e
0x0165f060
0x00000000
0x0165f060
0x015e3a80
0x015e3a88
0x015e3bc4
0x015e3bc8
0x015e3c5c
0x00000000
0x015e3c80
0x015e3c80
0x015e3c83
0x015e3bf2
0x015e3bf2
0x00000000
0x015e3bf2
0x015e3c5c
0x015e3bce
0x015e3bd3
0x00000000
0x015e3be3
0x015e3be3
0x015e3be9
0x015de6e0
0x00000000
0x00000000
0x015de6e9
0x015de6ec
0x015de6ef
0x015de6f0
0x00000000
0x015de6f0
0x015e3bef
0x00000000
0x015e3bef
0x015e3bd3
0x015e3a91
0x015e3a96
0x015e3a97
0x015e3a9a
0x015de566
0x00000000
0x015de566
0x015e3aa6
0x015e3aab
0x015e3aac
0x015e3aaf
0x00000000
0x00000000
0x015e3ab5
0x015e3abc
0x00000000
0x00000000
0x015e3abe
0x00000000
0x015e3abe
0x015e3b09
0x015e3b0c
0x015e3b0e
0x015e3b13
0x015dc2de
0x00000000
0x00000000
0x015dc2e4
0x015dc2e4
0x015e3b1c
0x015de572
0x015d2a45
0x00000000
0x00000000
0x015d2a4b
0x015d2a4e
0x015d2a50
0x015de5a4
0x015de5a4
0x015de5a9
0x015de5bc
0x015de5c2
0x015de5c9
0x015de5d3
0x015de5d8
0x00000000
0x015de5db
0x015de57b
0x015d2a11
0x00000000
0x00000000
0x015d2a1d
0x015d2a2a
0x00000000
0x00000000
0x015d2a39
0x00000000
0x015d2a39
0x015de585
0x00000000
0x00000000
0x015de59d
0x015de5a0
0x00000000
0x00000000
0x00000000
0x00000000

APIs

__fassign.LIBCMT ref: 015D2A1D

Part of subcall function 015E19A9: __cftof.LIBCMT ref: 015E19B9

__fassign.LIBCMT ref: 015DC2B5
__fassign.LIBCMT ref: 015DE591
__fassign.LIBCMT ref: 015E3C17

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: __fassign$__cftof
String ID:
API String ID: 719083814-0
Opcode ID: 97089ec2d9eed9ff38387c584676944c76e598311b3aedfc03cb0252052939cb
Instruction ID: fa01087cc38dee81bf189064ef1915f6f7f835f6509877333f2bd896c963b5b5
Opcode Fuzzy Hash: 97089ec2d9eed9ff38387c584676944c76e598311b3aedfc03cb0252052939cb
Instruction Fuzzy Hash: 1991C730D0020AEFDF69DF98C8496AEBBF9FF40305F24846AD502AF251E7705A41CB41

Uniqueness

Uniqueness Score: 6.84%

Function 015D60BE, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 246
COMMON

C-Code - Quality: 94%

			E015D60BE(intOrPtr* _a4, signed int _a8, signed char _a12, signed int _a16) {
				signed int _v5;
				intOrPtr* _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				signed char _v36;
				signed char _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t117;
				signed int _t119;
				signed int _t120;
				void* _t121;
				signed int _t122;
				signed int _t123;
				intOrPtr _t124;
				intOrPtr _t126;
				void* _t128;
				signed int _t131;
				signed int _t133;
				signed int _t137;
				void* _t142;
				intOrPtr _t145;
				signed int _t148;
				signed int _t150;
				intOrPtr* _t151;
				signed char _t153;
				signed int _t160;
				void* _t162;
				signed char _t164;
				void* _t167;
				intOrPtr* _t168;
				intOrPtr* _t171;
				signed int _t173;
				signed int _t174;
				void* _t175;

				_t151 = _a8;
				_t117 = _a4;
				_t148 = 0;
				if(_t151 != 0) {
					 *_t151 = _t117;
				}
				if(_t117 == _t148 || _a12 != _t148 && (_a12 < 2 || _a12 > 0x24)) {
					_push(_t148);
					_push(_t148);
					_push(_t148);
					_push(_t148);
					_push(_t148);
					E01678D29(_t148, _t151, _t162, _t167, _t173);
					_t119 = 0;
					goto L33;
				} else {
					_push(_t173);
					_push(_t167);
					_v20 = _t148;
					_v16 = _t148;
					_v5 =  *_t117;
					_t9 = _t117 + 1; // 0x1
					_t168 = _t9;
					while(1) {
						_t120 = _v5 & 0x000000ff;
						_t173 = _t173 | 0xffffffff;
						if(_t120 != _t173) {
							_t173 = _t120;
						}
						_t121 = E015E3285();
						_t164 = 8;
						if(( *(_t121 + _t173 * 2) & _t164) != 0) {
							goto L36;
						} else {
							break;
						}
						do {
							L36:
							_t122 =  *_t168;
							_t168 = _t168 + 1;
							__eflags = _t122 - _v5;
						} while (_t122 == _v5);
						_v5 = _t122;
					}
					_v12 = _t168;
					if(_v5 == 0x2d) {
						_t66 =  &_a16;
						 *_t66 = _a16 | 0x00000002;
						__eflags =  *_t66;
						L39:
						_t123 =  *_t168;
						_t168 = _t168 + 1;
						_v12 = _t168;
						_v5 = _t123;
						L11:
						_t153 = 0x10;
						if(_a12 == _t148) {
							__eflags = _v5 - 0x30;
							if(_v5 == 0x30) {
								_t124 =  *_t168;
								__eflags = _t124 - 0x78;
								if(_t124 == 0x78) {
									L45:
									_a12 = _t153;
									goto L12;
								}
								__eflags = _t124 - 0x58;
								if(_t124 == 0x58) {
									goto L45;
								}
								_a12 = _t164;
								L13:
								asm("cdq");
								_t169 = _a12;
								_v40 = _t164;
								_t126 = E01604250(0xffffffff, 0xffffffff, _a12, _t164);
								_v36 = _t153;
								_v32 = _t148;
								_v28 = _t126;
								_v24 = _t164;
								while(1) {
									_t174 = _v5 & 0x000000ff;
									_t148 = _t148 | 0xffffffff;
									if(_t174 != _t148) {
										_t148 = _t174;
									}
									if(( *(E015E3285() + _t148 * 2) & 0x00000004) == 0) {
										goto L22;
									}
									_t175 = _v5 - 0x30;
									L18:
									if(_t175 >= _a12) {
										L24:
										_t150 = _a16;
										_v12 = _v12 - 1;
										__eflags = _t150 & 0x00000008;
										if((_t150 & 0x00000008) == 0) {
											__eflags = _a8;
											if(_a8 != 0) {
												_v12 = _a4;
											}
											_v20 = 0;
											_v16 = 0;
											L30:
											_t133 = _a8;
											__eflags = _t133;
											if(_t133 != 0) {
												 *_t133 = _v12;
											}
											__eflags = _t150 & 0x00000002;
											if((_t150 & 0x00000002) != 0) {
												asm("adc ecx, 0x0");
												_v20 =  ~_v20;
												_v16 =  ~_v16;
											}
											_t119 = _v20;
											L33:
											return _t119;
										}
										__eflags = _t150 & 0x00000004;
										if((_t150 & 0x00000004) != 0) {
											L72:
											 *0x16af864 = 0x22;
											__eflags = _t150 & 0x00000001;
											if((_t150 & 0x00000001) == 0) {
												__eflags = _t150 & 0x00000002;
												if((_t150 & 0x00000002) == 0) {
													_v20 = _v20 | 0xffffffff;
													_v16 = 0x7fffffff;
												} else {
													_v20 = _v20 & 0x00000000;
													_v16 = 0x80000000;
												}
											} else {
												_v20 = _v20 | 0xffffffff;
												_v16 = _v16 | 0xffffffff;
											}
											goto L30;
										}
										__eflags = _t150 & 0x00000001;
										if((_t150 & 0x00000001) != 0) {
											goto L30;
										}
										_t137 = _t150 & 0x00000002;
										__eflags = _t137;
										if(_t137 != 0) {
											__eflags = _v16 - 0x80000000;
											if(__eflags > 0) {
												goto L72;
											}
											if(__eflags < 0) {
												goto L28;
											}
											__eflags = _v20;
											if(_v20 <= 0) {
												goto L28;
											}
											goto L72;
										}
										L28:
										__eflags = _t137;
										if(_t137 != 0) {
											goto L30;
										}
										__eflags = _v16 - 0x7fffffff;
										if(__eflags >= 0) {
											if(__eflags > 0) {
												goto L72;
											}
											__eflags = _v20 - 0xffffffff;
											if(_v20 <= 0xffffffff) {
												goto L30;
											}
											goto L72;
										}
										goto L30;
									}
									_t160 = _v16;
									_a16 = _a16 | 0x00000008;
									if(_t160 >= _v24) {
										if(__eflags > 0) {
											L56:
											__eflags = _v20 - _v28;
											if(_v20 != _v28) {
												L61:
												_a16 = _a16 | 0x00000004;
												__eflags = _a8;
												if(__eflags == 0) {
													goto L24;
												}
												L21:
												_v12 = _v12 + 1;
												_v5 =  *_v12;
												continue;
											}
											__eflags = _t160 - _v24;
											if(_t160 != _v24) {
												goto L61;
											}
											__eflags = 0 - _v32;
											if(__eflags < 0) {
												goto L20;
											}
											if(__eflags > 0) {
												goto L61;
											}
											__eflags = _t175 - _v36;
											if(_t175 <= _v36) {
												goto L20;
											}
											goto L61;
										}
										__eflags = _v20 - _v28;
										if(_v20 < _v28) {
											goto L20;
										}
										goto L56;
									}
									L20:
									_t142 = E01604080(_t169, _v40, _v20, _t160);
									asm("adc edx, ecx");
									_v20 = _t142 + _t175;
									_v16 = _t164;
									goto L21;
									L22:
									__eflags = _t174 - 0xffffffff;
									if(_t174 == 0xffffffff) {
										_t174 = _t174;
									}
									_t128 = E015E3285();
									__eflags =  *(_t128 + _t174 * 2) & 0x00000103;
									if(( *(_t128 + _t174 * 2) & 0x00000103) != 0) {
										__eflags = _v5 - 0x61 - 0x19;
										_t131 = _v5;
										if(__eflags <= 0) {
											_t131 = _t131 - 0x20;
											__eflags = _t131;
										}
										_t79 = _t131 - 0x37; // -39
										_t175 = _t79;
										goto L18;
									} else {
										goto L24;
									}
								}
							}
							_a12 = 0xa;
							goto L13;
						}
						L12:
						if(_a12 == _t153) {
							__eflags = _v5 - 0x30;
							if(_v5 != 0x30) {
								goto L13;
							}
							_t145 =  *_t168;
							__eflags = _t145 - 0x78;
							if(_t145 == 0x78) {
								L49:
								_t171 = _t168 + 1;
								_v5 =  *_t171;
								_v12 = _t171 + 1;
								goto L13;
							}
							__eflags = _t145 - 0x58;
							if(_t145 != 0x58) {
								goto L13;
							}
							goto L49;
						}
						goto L13;
					}
					if(_v5 == 0x2b) {
						goto L39;
					}
					goto L11;
				}
			}

0x015d60c3
0x015d60c6
0x015d60cd
0x015d60d1
0x0166233b
0x0166233b
0x015d60d9
0x01662342
0x01662343
0x01662344
0x01662345
0x01662346
0x01662347
0x0166234f
0x00000000
0x015d60f8
0x015d60fa
0x015d60fb
0x015d60fc
0x015d60ff
0x015d6102
0x015d6105
0x015d6105
0x015d6108
0x015d6108
0x015d610c
0x015d6111
0x015d6113
0x015d6113
0x015d6115
0x015d611c
0x015d6120
0x00000000
0x00000000
0x00000000
0x00000000
0x01662358
0x01662358
0x01662358
0x0166235a
0x0166235b
0x0166235b
0x01662360
0x01662360
0x015d612a
0x015d612d
0x01662368
0x01662368
0x01662368
0x0166236c
0x0166236c
0x0166236e
0x0166236f
0x01662372
0x015d613d
0x015d613f
0x015d6143
0x0166237a
0x0166237e
0x0166238c
0x0166238e
0x01662390
0x0166239e
0x0166239e
0x00000000
0x0166239e
0x01662392
0x01662394
0x00000000
0x00000000
0x01662396
0x015d6152
0x015d6155
0x015d6157
0x015d615e
0x015d6161
0x015d6166
0x015d6169
0x015d616c
0x015d616f
0x015d6172
0x015d6172
0x015d6176
0x015d617b
0x015d617d
0x015d617d
0x015d6188
0x00000000
0x00000000
0x015d618e
0x015d6191
0x015d6194
0x015d61e9
0x015d61e9
0x015d61ec
0x015d61f1
0x015d61f4
0x01662432
0x01662435
0x0166243a
0x0166243a
0x0166243d
0x01662440
0x015d622a
0x015d622a
0x015d622d
0x015d622f
0x016624a7
0x016624a7
0x015d6235
0x015d6238
0x016624b6
0x016624bb
0x016624be
0x016624be
0x015d623e
0x015d6244
0x015d6246
0x015d6246
0x015d6204
0x015d6207
0x0166246b
0x0166246b
0x01662475
0x01662478
0x01662487
0x0166248a
0x01662498
0x0166249c
0x0166248c
0x0166248c
0x01662490
0x01662490
0x0166247a
0x0166247a
0x0166247e
0x0166247e
0x00000000
0x01662478
0x015d620d
0x015d6210
0x00000000
0x00000000
0x015d6214
0x015d6214
0x015d6217
0x01662448
0x0166244b
0x00000000
0x00000000
0x0166244d
0x00000000
0x00000000
0x01662453
0x01662457
0x00000000
0x00000000
0x00000000
0x0166245d
0x015d621d
0x015d621d
0x015d621f
0x00000000
0x00000000
0x015d6221
0x015d6224
0x0166245f
0x00000000
0x00000000
0x01662461
0x01662465
0x00000000
0x00000000
0x00000000
0x01662465
0x00000000
0x015d6224
0x015d6196
0x015d6199
0x015d61a0
0x016623ec
0x016623fa
0x016623fd
0x01662400
0x0166241d
0x0166241d
0x01662421
0x01662425
0x00000000
0x00000000
0x015d61bf
0x015d61c4
0x015d61c7
0x00000000
0x015d61c7
0x01662402
0x01662405
0x00000000
0x00000000
0x01662409
0x0166240c
0x00000000
0x00000000
0x01662412
0x00000000
0x00000000
0x01662414
0x01662417
0x00000000
0x00000000
0x00000000
0x01662417
0x016623f1
0x016623f4
0x00000000
0x00000000
0x00000000
0x016623f4
0x015d61a6
0x015d61ae
0x015d61b7
0x015d61b9
0x015d61bc
0x00000000
0x015d61cc
0x015d61cc
0x015d61cf
0x016623cd
0x016623cd
0x015d61d5
0x015d61df
0x015d61e3
0x016623d9
0x016623db
0x016623df
0x016623e1
0x016623e1
0x016623e1
0x016623e4
0x016623e4
0x00000000
0x00000000
0x00000000
0x00000000
0x015d61e3
0x015d6172
0x01662380
0x00000000
0x01662380
0x015d6149
0x015d614c
0x016623a6
0x016623aa
0x00000000
0x00000000
0x016623b0
0x016623b2
0x016623b4
0x016623be
0x016623be
0x016623c2
0x016623c5
0x00000000
0x016623c5
0x016623b6
0x016623b8
0x00000000
0x00000000
0x00000000
0x016623b8
0x00000000
0x015d614c
0x015d6137
0x00000000
0x00000000
0x00000000
0x015d6137

APIs

__aulldvrm.LIBCMT ref: 015D6161

Strings

0, xrefs: 016623A6
$, xrefs: 015D60EE

Memory Dump Source

Source File: 0000000F.00000002.1953106122.015D0000.00000040.sdmp, Offset: 015D0000, based on PE: true

Associated: 0000000F.00000002.1953214190.016AC000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953227195.016AE000.00000040.sdmp Download File
Associated: 0000000F.00000002.1953241117.016B2000.00000040.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_15d0000_msg.jbxd

Similarity

API ID: __aulldvrm
String ID: $$0
API String ID: 1302938615-389342756
Opcode ID: 487db55c2fc442bd04dabac8b4e44ce70f3b5ada4d10d2b717174b801e4722ac
Instruction ID: 9c41e06601a5e602f17ccf59266f0fbddaec9e17555544e394ac3030d418a350
Opcode Fuzzy Hash: 487db55c2fc442bd04dabac8b4e44ce70f3b5ada4d10d2b717174b801e4722ac
Instruction Fuzzy Hash: 1891BE30D0528AEBDF35CFACC8543ADBFB5BF45310F184AAED4A1AA292D7704646CB51

Uniqueness

Uniqueness Score: 0.03%

Description:	Command-line interfaces provide a way of interacting with computer systems and is a common feature across many types of operating system platforms. One example command-line interface on Windows systems is cmd , which can be used to perform a number of tasks including execution of other software. Command-line interfaces can be interacted with locally or remotely via a remote desktop application, reverse shell session, etc. Commands that are executed run with the current permission level of the command-line interface process unless the command includes process invocation that changes permissions context for that execution (e.g. Scheduled Task ).
Tactics:	Execution
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Per Apple’s documentation, startup items execute during the final phase of the boot process and contain shell scripts or other executable files along with configuration information used by the system to determine the execution order for all startup items . This is technically a deprecated version (superseded by Launch Daemons), and thus the appropriate folder, `/Library/StartupItems` isn’t guaranteed to exist on the system by default, but does appear to exist by default on macOS Sierra. A startup item is a directory whose executable and configuration property list (plist), `StartupParameters.plist` , reside in the top-level directory.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Process monitoring
Platforms:	macOS
Url:	Open detailed description by Mitre

Description:	Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security scanning or event reporting.
Tactics:	Defense Evasion
Data Sources:	API monitoring, Anti-virus, File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local file systems and remote file shares for files containing passwords. These can be files created by users to store their own credentials, shared credential stores for a group of individuals, configuration files containing passwords for a system or service, or source code/binary files containing embedded passwords.
Tactics:	Credential Access
Data Sources:	File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software running on systems within the network.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on the system. This may include things such as local firewall rules, anti-virus, and virtualization. These checks may be built into early-stage remote access tools.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries will likely attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for Lateral Movement from the current system. Functionality could exist within remote access tools to enable this, but utilities available on the operating system could also be used.
Tactics:	Discovery
Data Sources:	Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Sensitive data can be collected from local system sources, such as the file system or databases of information residing on the system prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may explicitly employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if necessary secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Use of a standard non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive. Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a common, standardized application layer protocol such as HTTP, HTTPS, SMTP, or DNS to avoid detection by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report image.exe

Overview

General Information

Detection

Confidence

Classification

Analysis Advice

Mitre Att&ck Matrix

Signature Overview

AV Detection:

Spreading:

Software Vulnerabilities:

Networking:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Stealing of Sensitive Information:

Signature Similarity

Similar Samples

Behavior Graph

Simulations

Behavior and APIs

Antivirus Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Yara Overview

Initial Sample

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Screenshots

Thumbnails

Startup

Created / dropped Files

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Code Manipulations

Statistics

CPU Usage